1#!/bin/bash
2# Copyright 2021 Google LLC
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8#      http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15
16[ -z "${gbmc_upgrade-}" ] || exit
17
18: "${GBMC_UPGRADE_SIG=/tmp/bmc.sig}"
19
20GBMC_UPGRADE_UNPACK_FILES=()
21# shellcheck disable=SC2034
22GBMC_UPGRADE_HOOKS=(gbmc_upgrade_internal)
23
24if machine="$(source /etc/os-release && echo "$GBMC_TARGET_MACHINE")"; then
25  GBMC_UPGRADE_UNPACK_FILES+=("*/firmware-gbmc/$machine")
26else
27  echo 'Failed to find GBMC machine type from /etc/os-release' >&2
28fi
29
30gbmc_upgrade_dl_unpack() {
31  echo "Fetching $bootfile_url" >&2
32
33  # We only support tarballs at the moment, our URLs will always denote
34  # this with a URI query param of `format=TAR`.
35  local tflags=()
36  if [[ "$bootfile_url" =~ [\&?]format=TAR(_GZIP)?(&|$) ]]; then
37    local t="${BASH_REMATCH[1]}"
38    [ "$t" = '_GZIP' ] && tflags+=('-z')
39  else
40    echo "Unknown upgrade unpack method: $bootfile_url" >&2
41    return 1
42  fi
43
44  # Ensure some sane output file limit
45  # Currently no BMC image is larger than 64M
46  # We want to allow 2 images and a small amount of metadata (2*64+2)M
47  local max_mb=$((2*64 + 2))
48  ulimit -f $((max_mb * 1024 * 1024 / 512)) || return
49  timeout=$((SECONDS + 300))
50  stime=5
51  while true; do
52    local st=()
53    curl -LSsk --max-time $((timeout - SECONDS)) "$bootfile_url" |
54      tar "${tflags[@]}" --wildcards -xC "$tmpdir" "${GBMC_UPGRADE_UNPACK_FILES[@]}" 2>"$tmpdir"/tarerr \
55      && st=("${PIPESTATUS[@]}") || st=("${PIPESTATUS[@]}")
56    # Curl failures should continue
57    if (( st[0] == 0 )); then
58      # Tar failures when curl succeeds are hard errors to start over.
59      # shellcheck disable=SC2143
60      if (( st[1] != 0 )) && [[ -n $(grep -v '\(Exiting with failure status\|Not found in archive\|Cannot hard link\)' "$tmpdir"/tarerr) ]]; then
61        echo 'Unpacking failed' >&2
62        return 1
63      fi
64      # Success should continue without retry
65      break
66    fi
67    if (( SECONDS + stime >= timeout )); then
68      echo 'Timed out fetching image' >&2
69      return 1
70    fi
71    (shopt -s nullglob dotglob; rm -rf -- "${tmpdir:?}"/*)
72    sleep $stime
73  done
74}
75
76gbmc_upgrade_hook() {
77  [ -n "${bootfile_url-}" ] || return 0
78
79  local tmpdir
80  tmpdir="$(mktemp -d)" || return
81  # shellcheck disable=SC2015
82  gbmc_upgrade_dl_unpack && gbmc_br_run_hooks GBMC_UPGRADE_HOOKS || true
83  # shellcheck disable=SC2153
84  rm -rf -- "$tmpdir" "$GBMC_UPGRADE_SIG" "$GBMC_UPGRADE_IMG"
85}
86
87gbmc_upgrade_fetch() (
88  local sig
89  sig="$(find "$tmpdir" -name 'image-*.sig' | head -n 1)" || return
90  local img="${sig%.sig}"
91  mv "$sig" "$GBMC_UPGRADE_SIG" || return
92  mv "$img" "$GBMC_UPGRADE_IMG" || return
93
94  # Regular packages have a VERSION file with the image
95  local imgdir="${sig%/*}"
96  if [ -f "$imgdir/VERSION" ]; then
97    cat "$imgdir/VERSION" || return
98    return 0
99  fi
100
101  # Staging packages have a directory named after the version
102  local vdir="${imgdir##*/}"
103  if [[ "$vdir" =~ ([0-9]+[.]){3}[0-9]+ ]]; then
104    echo "$vdir"
105    return 0
106  fi
107
108  return 1
109)
110
111GBMC_BR_DHCP_HOOKS+=(gbmc_upgrade_hook)
112
113gbmc_upgrade=1
114