[cip-dev][isar-cip-core][RFC 0/5] SWUpdate abort on installing indentical image

[cip-dev][isar-cip-core][RFC 0/5] SWUpdate abort on installing indentical image

[Quirin Gylstorff]

From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

Use a pre/post function of the SWUpdate handler round robin to check if the given uuid
is already in the current root file system and abort if the uuid matches.

This fixes https://gitlab.com/cip-project/cip-core/isar-cip-core/-/issues/43

Quirin Gylstorff (5):
  core/images/swupdate.inc: Move image_uuid to swupdate.inc
  swupdate-handler-roundrobin: Increase revision
  swupdate-handler-roundrobin: add uuidcheck patch
  image_uuid: read target_image_uuid
  recipe-core/images: Integrate uuidcheck into sw-description

 classes/image_uuid.bbclass                    | 19 ++++++++
 kas/opt/ebg-swu.yml                           |  2 +-
 recipes-core/images/files/sw-description.tmpl |  1 +
 recipes-core/images/image-uuid.inc            | 12 ------
 recipes-core/images/swupdate.inc              |  6 ++-
 ...-add-uuidcheck-to-roundrobin-handler.patch | 43 +++++++++++++++++++
 .../swupdate-handler-roundrobin_0.1.bb        |  5 ++-
 7 files changed, 73 insertions(+), 15 deletions(-)
 delete mode 100644 recipes-core/images/image-uuid.inc
 create mode 100644 recipes-core/swupdate-handler-roundrobin/files/0001-add-uuidcheck-to-roundrobin-handler.patch

-- 
2.35.1

[cip-dev][isar-cip-core][RFC 1/5] core/images/swupdate.inc: Move image_uuid to swupdate.inc

[Quirin Gylstorff]

From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

Prerequisite for the changes to check the uuid.

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
 kas/opt/ebg-swu.yml                |  2 +-
 recipes-core/images/image-uuid.inc | 12 ------------
 recipes-core/images/swupdate.inc   |  1 +
 3 files changed, 2 insertions(+), 13 deletions(-)
 delete mode 100644 recipes-core/images/image-uuid.inc

diff --git a/kas/opt/ebg-swu.yml b/kas/opt/ebg-swu.yml
index ce37c36..6aa411b 100644
--- a/kas/opt/ebg-swu.yml
+++ b/kas/opt/ebg-swu.yml
@@ -20,7 +20,7 @@ local_conf_header:
     SWUPDATE_BOOTLOADER = "efibootguard"
     IMAGE_INSTALL_remove = "u-boot-script"
   ebg_swu_image_options: |
-    CIP_IMAGE_OPTIONS_append = " efibootguard.inc image-uuid.inc"
+    CIP_IMAGE_OPTIONS_append = " efibootguard.inc"
   initramfs: |
     INITRAMFS_INSTALL_append = " initramfs-abrootfs-hook"
   firmware-binaries: |
diff --git a/recipes-core/images/image-uuid.inc b/recipes-core/images/image-uuid.inc
deleted file mode 100644
index 5e5a727..0000000
--- a/recipes-core/images/image-uuid.inc
+++ /dev/null
@@ -1,12 +0,0 @@
-#
-# CIP Core, generic profile
-#
-# Copyright (c) Siemens AG, 2022
-#
-# Authors:
-#  Jan Kiszka <jan.kiszka@siemens.com>
-#
-# SPDX-License-Identifier: MIT
-#
-
-inherit image_uuid
diff --git a/recipes-core/images/swupdate.inc b/recipes-core/images/swupdate.inc
index edc41a0..6cf9bb1 100644
--- a/recipes-core/images/swupdate.inc
+++ b/recipes-core/images/swupdate.inc
@@ -9,6 +9,7 @@
 # SPDX-License-Identifier: MIT
 #
 
+inherit image_uuid
 inherit swupdate
 inherit read-only-rootfs
 
-- 
2.35.1

[cip-dev][isar-cip-core][RFC 2/5] swupdate-handler-roundrobin: Increase revision

[Quirin Gylstorff]

From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
 .../swupdate-handler-roundrobin_0.1.bb                          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-core/swupdate-handler-roundrobin/swupdate-handler-roundrobin_0.1.bb b/recipes-core/swupdate-handler-roundrobin/swupdate-handler-roundrobin_0.1.bb
index 5801113..65cd652 100644
--- a/recipes-core/swupdate-handler-roundrobin/swupdate-handler-roundrobin_0.1.bb
+++ b/recipes-core/swupdate-handler-roundrobin/swupdate-handler-roundrobin_0.1.bb
@@ -13,7 +13,7 @@ inherit dpkg-raw
 PROVIDES = "swupdate-handlers"
 
 SRC_URI += "git://gitlab.com/cip-project/cip-sw-updates/swupdate-handler-roundrobin.git;protocol=https;destsuffix=swupdate-handler-roundrobin;name=swupdate-handler-roundrobin;nobranch=1"
-SRCREV_swupdate-handler-roundrobin ?= "bf73f04b1eec0b8714d3a1b56bfcd1431c58ba10"
+SRCREV_swupdate-handler-roundrobin ?= "fbc8d8a7e4ae8c381198cab81ae3fb13398a028e"
 
 SWUPDATE_LUASCRIPT = "swupdate-handler-roundrobin/swupdate_handlers_roundrobin.lua"
 
-- 
2.35.1

[cip-dev][isar-cip-core][RFC 3/5] swupdate-handler-roundrobin: add uuidcheck patch

[Quirin Gylstorff]

From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

This patch adds a pre/post function to the swupdate-handler
roundrobin to compare the uuid parameter from the sw-description
with the uuid of the current system to avoid a updating with
the same image and breaking the update cycle.

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
 ...-add-uuidcheck-to-roundrobin-handler.patch | 43 +++++++++++++++++++
 .../swupdate-handler-roundrobin_0.1.bb        |  3 ++
 2 files changed, 46 insertions(+)
 create mode 100644 recipes-core/swupdate-handler-roundrobin/files/0001-add-uuidcheck-to-roundrobin-handler.patch

diff --git a/recipes-core/swupdate-handler-roundrobin/files/0001-add-uuidcheck-to-roundrobin-handler.patch b/recipes-core/swupdate-handler-roundrobin/files/0001-add-uuidcheck-to-roundrobin-handler.patch
new file mode 100644
index 0000000..f2392f4
--- /dev/null
+++ b/recipes-core/swupdate-handler-roundrobin/files/0001-add-uuidcheck-to-roundrobin-handler.patch
@@ -0,0 +1,43 @@
+From f093a3a097e518ef9f74ff88eafa9259ba50626f Mon Sep 17 00:00:00 2001
+From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
+Date: Tue, 8 Nov 2022 16:08:25 +0100
+Subject: [PATCH] add uuidcheck to roundrobin handler
+
+Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
+---
+ swupdate_handlers_roundrobin.lua | 22 ++++++++++++++++++++++
+ 1 file changed, 22 insertions(+)
+
+diff --git a/swupdate_handlers_roundrobin.lua b/swupdate_handlers_roundrobin.lua
+index bf9c997..bb24fc7 100644
+--- a/swupdate_handlers_roundrobin.lua
++++ b/swupdate_handlers_roundrobin.lua
+@@ -726,3 +726,25 @@ function pp_mmclock(when, device, image)
+     swupdate.info("%s: %s MMC device %s", logprefix, when == WHEN.PRE and "Unlocked" or "Locked", device)
+     return true
+ end
++
++function pp_uuidcheck(when, uuid, image)
++    local filename = "/etc/os-release"
++    local filehandle = io.open(filename, "rb")
++    if not filehandle then
++      swupdate.error("%s: Cannot open file %s", logprefix, filename)
++      return false
++    end
++    osrelease = filehandle:read("*a")
++    filehandle:close()
++    image_uuid = string.match(osrelease, "IMAGE_UUID.*")
++    if not image_uuid then
++      swupdate.error("%s: Cannot find IMAGE_UUID in %s", logprefix, filename)
++      return false
++    end
++    swupdate.debug("%s: %s", logprefix, image_uuid, uuid)
++    if string.find(image_uuid, uuid, 1, true) then
++      swupdate.error("%s: Update already installed.", logprefix)
++      return false
++    end
++    return true
++end
+-- 
+2.35.1
+
diff --git a/recipes-core/swupdate-handler-roundrobin/swupdate-handler-roundrobin_0.1.bb b/recipes-core/swupdate-handler-roundrobin/swupdate-handler-roundrobin_0.1.bb
index 65cd652..447a093 100644
--- a/recipes-core/swupdate-handler-roundrobin/swupdate-handler-roundrobin_0.1.bb
+++ b/recipes-core/swupdate-handler-roundrobin/swupdate-handler-roundrobin_0.1.bb
@@ -13,8 +13,11 @@ inherit dpkg-raw
 PROVIDES = "swupdate-handlers"
 
 SRC_URI += "git://gitlab.com/cip-project/cip-sw-updates/swupdate-handler-roundrobin.git;protocol=https;destsuffix=swupdate-handler-roundrobin;name=swupdate-handler-roundrobin;nobranch=1"
+SRC_URI += "file://0001-add-uuidcheck-to-roundrobin-handler.patch"
 SRCREV_swupdate-handler-roundrobin ?= "fbc8d8a7e4ae8c381198cab81ae3fb13398a028e"
 
+S="${WORKDIR}/${PN}"
+
 SWUPDATE_LUASCRIPT = "swupdate-handler-roundrobin/swupdate_handlers_roundrobin.lua"
 
 SWUPDATE_ROUND_ROBIN_HANDLER_CONFIG ?= "swupdate.handler.${SWUPDATE_BOOTLOADER}.ini"
-- 
2.35.1

[cip-dev][isar-cip-core][RFC 4/5] image_uuid: read target_image_uuid

[Quirin Gylstorff]

From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

This writes the target_image_uuid to the Variable TARGET_IMAGE_UUID
which can be used to validate a update against the root file system.

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
 classes/image_uuid.bbclass | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/classes/image_uuid.bbclass b/classes/image_uuid.bbclass
index 277941b..3e2e3de 100644
--- a/classes/image_uuid.bbclass
+++ b/classes/image_uuid.bbclass
@@ -13,6 +13,8 @@
 inherit rootfs
 inherit image
 
+# Generate the uuid from BB_TASKHASH to ensure a new
+# hash on each rebuild
 def generate_image_uuid(d):
     import uuid
 
@@ -23,6 +25,23 @@ def generate_image_uuid(d):
 
 IMAGE_UUID ?= "${@generate_image_uuid(d)}"
 
+def read_target_image_uuid(d):
+    import os.path
+
+    deploy_dir = d.getVar("DEPLOY_DIR_IMAGE")
+    image_full_name = d.getVar("IMAGE_FULLNAME")
+    uuid_file = f"{deploy_dir}/{image_full_name}.uuid.env"
+    if not os.path.isfile(uuid_file):
+        return None
+
+    target_image_uuid = None
+    with open(uuid_file, "r") as f:
+       uuid_file_content = f.read()
+       target_image_uuid = uuid_file_content.split('=')[1].strip(' \t\n\r').strip('\"')
+    return target_image_uuid
+
+TARGET_IMAGE_UUID = "${@read_target_image_uuid(d)}"
+
 do_generate_image_uuid[vardeps] += "IMAGE_UUID"
 do_generate_image_uuid[depends] = "buildchroot-target:do_build"
 do_generate_image_uuid[dirs] = "${DEPLOY_DIR_IMAGE}"
-- 
2.35.1

[cip-dev][isar-cip-core][RFC 5/5] recipe-core/images: Integrate uuidcheck into sw-description

[Quirin Gylstorff]

From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
 recipes-core/images/files/sw-description.tmpl | 1 +
 recipes-core/images/swupdate.inc              | 5 ++++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/recipes-core/images/files/sw-description.tmpl b/recipes-core/images/files/sw-description.tmpl
index 1c0db02..a9a6069 100644
--- a/recipes-core/images/files/sw-description.tmpl
+++ b/recipes-core/images/files/sw-description.tmpl
@@ -20,6 +20,7 @@ software =
             filesystem = "ext4";
             properties: {
                         subtype = "image";
+                        uuidcheck = "${TARGET_IMAGE_UUID}";
             };
             sha256 = "${ROOTFS_PARTITION_NAME}-sha256";
     });
diff --git a/recipes-core/images/swupdate.inc b/recipes-core/images/swupdate.inc
index 6cf9bb1..0ba3a0e 100644
--- a/recipes-core/images/swupdate.inc
+++ b/recipes-core/images/swupdate.inc
@@ -23,6 +23,9 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
 SRC_URI += "file://sw-description.tmpl"
 TEMPLATE_FILES += "sw-description.tmpl"
 
-TEMPLATE_VARS += "ROOTFS_PARTITION_NAME"
+do_transform_template[vardeps] += "TARGET_IMAGE_UUID"
+addtask do_transform_template before do_swupdate_binary after do_generate_image_uuid
+
+TEMPLATE_VARS += "ROOTFS_PARTITION_NAME TARGET_IMAGE_UUID"
 
 SWU_ADDITIONAL_FILES += "linux.efi ${ROOTFS_PARTITION_NAME}"
-- 
2.35.1

Re: [cip-dev][isar-cip-core][RFC 2/5] swupdate-handler-roundrobin: Increase revision

[Jan Kiszka]

On 10.11.22 13:45, Quirin Gylstorff wrote:
> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
> 

What does the update mean for us?

Jan

> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
> ---
>  .../swupdate-handler-roundrobin_0.1.bb                          | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/recipes-core/swupdate-handler-roundrobin/swupdate-handler-roundrobin_0.1.bb b/recipes-core/swupdate-handler-roundrobin/swupdate-handler-roundrobin_0.1.bb
> index 5801113..65cd652 100644
> --- a/recipes-core/swupdate-handler-roundrobin/swupdate-handler-roundrobin_0.1.bb
> +++ b/recipes-core/swupdate-handler-roundrobin/swupdate-handler-roundrobin_0.1.bb
> @@ -13,7 +13,7 @@ inherit dpkg-raw
>  PROVIDES = "swupdate-handlers"
>  
>  SRC_URI += "git://gitlab.com/cip-project/cip-sw-updates/swupdate-handler-roundrobin.git;protocol=https;destsuffix=swupdate-handler-roundrobin;name=swupdate-handler-roundrobin;nobranch=1"
> -SRCREV_swupdate-handler-roundrobin ?= "bf73f04b1eec0b8714d3a1b56bfcd1431c58ba10"
> +SRCREV_swupdate-handler-roundrobin ?= "fbc8d8a7e4ae8c381198cab81ae3fb13398a028e"
>  
>  SWUPDATE_LUASCRIPT = "swupdate-handler-roundrobin/swupdate_handlers_roundrobin.lua"
>  

-- 
Siemens AG, Technology
Competence Center Embedded Linux

Re: [cip-dev][isar-cip-core][RFC 3/5] swupdate-handler-roundrobin: add uuidcheck patch

[Jan Kiszka]

On 10.11.22 13:45, Quirin Gylstorff wrote:
> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
> 
> This patch adds a pre/post function to the swupdate-handler
> roundrobin to compare the uuid parameter from the sw-description
> with the uuid of the current system to avoid a updating with
> the same image and breaking the update cycle.
> 
> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
> ---
>  ...-add-uuidcheck-to-roundrobin-handler.patch | 43 +++++++++++++++++++
>  .../swupdate-handler-roundrobin_0.1.bb        |  3 ++
>  2 files changed, 46 insertions(+)
>  create mode 100644 recipes-core/swupdate-handler-roundrobin/files/0001-add-uuidcheck-to-roundrobin-handler.patch
> 
> diff --git a/recipes-core/swupdate-handler-roundrobin/files/0001-add-uuidcheck-to-roundrobin-handler.patch b/recipes-core/swupdate-handler-roundrobin/files/0001-add-uuidcheck-to-roundrobin-handler.patch
> new file mode 100644
> index 0000000..f2392f4
> --- /dev/null
> +++ b/recipes-core/swupdate-handler-roundrobin/files/0001-add-uuidcheck-to-roundrobin-handler.patch
> @@ -0,0 +1,43 @@
> +From f093a3a097e518ef9f74ff88eafa9259ba50626f Mon Sep 17 00:00:00 2001
> +From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
> +Date: Tue, 8 Nov 2022 16:08:25 +0100
> +Subject: [PATCH] add uuidcheck to roundrobin handler
> +
> +Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
> +---
> + swupdate_handlers_roundrobin.lua | 22 ++++++++++++++++++++++
> + 1 file changed, 22 insertions(+)
> +
> +diff --git a/swupdate_handlers_roundrobin.lua b/swupdate_handlers_roundrobin.lua
> +index bf9c997..bb24fc7 100644
> +--- a/swupdate_handlers_roundrobin.lua
> ++++ b/swupdate_handlers_roundrobin.lua
> +@@ -726,3 +726,25 @@ function pp_mmclock(when, device, image)
> +     swupdate.info("%s: %s MMC device %s", logprefix, when == WHEN.PRE and "Unlocked" or "Locked", device)
> +     return true
> + end
> ++
> ++function pp_uuidcheck(when, uuid, image)
> ++    local filename = "/etc/os-release"
> ++    local filehandle = io.open(filename, "rb")
> ++    if not filehandle then
> ++      swupdate.error("%s: Cannot open file %s", logprefix, filename)
> ++      return false
> ++    end
> ++    osrelease = filehandle:read("*a")
> ++    filehandle:close()
> ++    image_uuid = string.match(osrelease, "IMAGE_UUID.*")
> ++    if not image_uuid then
> ++      swupdate.error("%s: Cannot find IMAGE_UUID in %s", logprefix, filename)
> ++      return false
> ++    end
> ++    swupdate.debug("%s: %s", logprefix, image_uuid, uuid)
> ++    if string.find(image_uuid, uuid, 1, true) then
> ++      swupdate.error("%s: Update already installed.", logprefix)
> ++      return false
> ++    end
> ++    return true
> ++end
> +-- 
> +2.35.1
> +
> diff --git a/recipes-core/swupdate-handler-roundrobin/swupdate-handler-roundrobin_0.1.bb b/recipes-core/swupdate-handler-roundrobin/swupdate-handler-roundrobin_0.1.bb
> index 65cd652..447a093 100644
> --- a/recipes-core/swupdate-handler-roundrobin/swupdate-handler-roundrobin_0.1.bb
> +++ b/recipes-core/swupdate-handler-roundrobin/swupdate-handler-roundrobin_0.1.bb
> @@ -13,8 +13,11 @@ inherit dpkg-raw
>  PROVIDES = "swupdate-handlers"
>  
>  SRC_URI += "git://gitlab.com/cip-project/cip-sw-updates/swupdate-handler-roundrobin.git;protocol=https;destsuffix=swupdate-handler-roundrobin;name=swupdate-handler-roundrobin;nobranch=1"
> +SRC_URI += "file://0001-add-uuidcheck-to-roundrobin-handler.patch"

Can we upstream that directly? It's a CIP sub-project - should be doable. ;)

>  SRCREV_swupdate-handler-roundrobin ?= "fbc8d8a7e4ae8c381198cab81ae3fb13398a028e"
>  
> +S="${WORKDIR}/${PN}"

Unrelated or even unneeded change?

> +
>  SWUPDATE_LUASCRIPT = "swupdate-handler-roundrobin/swupdate_handlers_roundrobin.lua"
>  
>  SWUPDATE_ROUND_ROBIN_HANDLER_CONFIG ?= "swupdate.handler.${SWUPDATE_BOOTLOADER}.ini"

Jan

-- 
Siemens AG, Technology
Competence Center Embedded Linux

Re: [cip-dev][isar-cip-core][RFC 4/5] image_uuid: read target_image_uuid

[Jan Kiszka]

On 10.11.22 13:45, Quirin Gylstorff wrote:
> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
> 
> This writes the target_image_uuid to the Variable TARGET_IMAGE_UUID
> which can be used to validate a update against the root file system.
> 
> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
> ---
>  classes/image_uuid.bbclass | 19 +++++++++++++++++++
>  1 file changed, 19 insertions(+)
> 
> diff --git a/classes/image_uuid.bbclass b/classes/image_uuid.bbclass
> index 277941b..3e2e3de 100644
> --- a/classes/image_uuid.bbclass
> +++ b/classes/image_uuid.bbclass
> @@ -13,6 +13,8 @@
>  inherit rootfs
>  inherit image
>  
> +# Generate the uuid from BB_TASKHASH to ensure a new
> +# hash on each rebuild
>  def generate_image_uuid(d):
>      import uuid
>  
> @@ -23,6 +25,23 @@ def generate_image_uuid(d):
>  
>  IMAGE_UUID ?= "${@generate_image_uuid(d)}"
>  
> +def read_target_image_uuid(d):
> +    import os.path
> +
> +    deploy_dir = d.getVar("DEPLOY_DIR_IMAGE")
> +    image_full_name = d.getVar("IMAGE_FULLNAME")
> +    uuid_file = f"{deploy_dir}/{image_full_name}.uuid.env"
> +    if not os.path.isfile(uuid_file):
> +        return None
> +
> +    target_image_uuid = None
> +    with open(uuid_file, "r") as f:
> +       uuid_file_content = f.read()
> +       target_image_uuid = uuid_file_content.split('=')[1].strip(' \t\n\r').strip('\"')
> +    return target_image_uuid
> +
> +TARGET_IMAGE_UUID = "${@read_target_image_uuid(d)}"

When is this evaluated by bitbake? Only on every access, inside a task
context? Because the file it reads from only exists after
do_generate_image_uuid, obviously.

Jan

> +
>  do_generate_image_uuid[vardeps] += "IMAGE_UUID"
>  do_generate_image_uuid[depends] = "buildchroot-target:do_build"
>  do_generate_image_uuid[dirs] = "${DEPLOY_DIR_IMAGE}"

-- 
Siemens AG, Technology
Competence Center Embedded Linux

Re: [cip-dev][isar-cip-core][RFC 5/5] recipe-core/images: Integrate uuidcheck into sw-description

[Jan Kiszka]

On 10.11.22 13:45, Quirin Gylstorff wrote:
> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
> 
> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
> ---
>  recipes-core/images/files/sw-description.tmpl | 1 +
>  recipes-core/images/swupdate.inc              | 5 ++++-
>  2 files changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/recipes-core/images/files/sw-description.tmpl b/recipes-core/images/files/sw-description.tmpl
> index 1c0db02..a9a6069 100644
> --- a/recipes-core/images/files/sw-description.tmpl
> +++ b/recipes-core/images/files/sw-description.tmpl
> @@ -20,6 +20,7 @@ software =
>              filesystem = "ext4";
>              properties: {
>                          subtype = "image";
> +                        uuidcheck = "${TARGET_IMAGE_UUID}";
>              };
>              sha256 = "${ROOTFS_PARTITION_NAME}-sha256";
>      });
> diff --git a/recipes-core/images/swupdate.inc b/recipes-core/images/swupdate.inc
> index 6cf9bb1..0ba3a0e 100644
> --- a/recipes-core/images/swupdate.inc
> +++ b/recipes-core/images/swupdate.inc
> @@ -23,6 +23,9 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
>  SRC_URI += "file://sw-description.tmpl"
>  TEMPLATE_FILES += "sw-description.tmpl"
>  
> -TEMPLATE_VARS += "ROOTFS_PARTITION_NAME"
> +do_transform_template[vardeps] += "TARGET_IMAGE_UUID"

This continues my question on patch 4: Does that work as one would
expect, ie. TARGET_IMAGE_UUID is executed again, right before
do_transform_template is supposed to be run (or skipped)?

Jan

> +addtask do_transform_template before do_swupdate_binary after do_generate_image_uuid
> +
> +TEMPLATE_VARS += "ROOTFS_PARTITION_NAME TARGET_IMAGE_UUID"
>  
>  SWU_ADDITIONAL_FILES += "linux.efi ${ROOTFS_PARTITION_NAME}"

-- 
Siemens AG, Technology
Competence Center Embedded Linux

Re: [cip-dev][isar-cip-core][RFC 3/5] swupdate-handler-roundrobin: add uuidcheck patch

[Gylstorff Quirin]

On 11/10/22 14:52, Jan Kiszka wrote:
> On 10.11.22 13:45, Quirin Gylstorff wrote:
>> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>
>> This patch adds a pre/post function to the swupdate-handler
>> roundrobin to compare the uuid parameter from the sw-description
>> with the uuid of the current system to avoid a updating with
>> the same image and breaking the update cycle.
>>
>> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>> ---
>>   ...-add-uuidcheck-to-roundrobin-handler.patch | 43 +++++++++++++++++++
>>   .../swupdate-handler-roundrobin_0.1.bb        |  3 ++
>>   2 files changed, 46 insertions(+)
>>   create mode 100644 recipes-core/swupdate-handler-roundrobin/files/0001-add-uuidcheck-to-roundrobin-handler.patch
>>
>> diff --git a/recipes-core/swupdate-handler-roundrobin/files/0001-add-uuidcheck-to-roundrobin-handler.patch b/recipes-core/swupdate-handler-roundrobin/files/0001-add-uuidcheck-to-roundrobin-handler.patch
>> new file mode 100644
>> index 0000000..f2392f4
>> --- /dev/null
>> +++ b/recipes-core/swupdate-handler-roundrobin/files/0001-add-uuidcheck-to-roundrobin-handler.patch
>> @@ -0,0 +1,43 @@
>> +From f093a3a097e518ef9f74ff88eafa9259ba50626f Mon Sep 17 00:00:00 2001
>> +From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>> +Date: Tue, 8 Nov 2022 16:08:25 +0100
>> +Subject: [PATCH] add uuidcheck to roundrobin handler
>> +
>> +Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>> +---
>> + swupdate_handlers_roundrobin.lua | 22 ++++++++++++++++++++++
>> + 1 file changed, 22 insertions(+)
>> +
>> +diff --git a/swupdate_handlers_roundrobin.lua b/swupdate_handlers_roundrobin.lua
>> +index bf9c997..bb24fc7 100644
>> +--- a/swupdate_handlers_roundrobin.lua
>> ++++ b/swupdate_handlers_roundrobin.lua
>> +@@ -726,3 +726,25 @@ function pp_mmclock(when, device, image)
>> +     swupdate.info("%s: %s MMC device %s", logprefix, when == WHEN.PRE and "Unlocked" or "Locked", device)
>> +     return true
>> + end
>> ++
>> ++function pp_uuidcheck(when, uuid, image)
>> ++    local filename = "/etc/os-release"
>> ++    local filehandle = io.open(filename, "rb")
>> ++    if not filehandle then
>> ++      swupdate.error("%s: Cannot open file %s", logprefix, filename)
>> ++      return false
>> ++    end
>> ++    osrelease = filehandle:read("*a")
>> ++    filehandle:close()
>> ++    image_uuid = string.match(osrelease, "IMAGE_UUID.*")
>> ++    if not image_uuid then
>> ++      swupdate.error("%s: Cannot find IMAGE_UUID in %s", logprefix, filename)
>> ++      return false
>> ++    end
>> ++    swupdate.debug("%s: %s", logprefix, image_uuid, uuid)
>> ++    if string.find(image_uuid, uuid, 1, true) then
>> ++      swupdate.error("%s: Update already installed.", logprefix)
>> ++      return false
>> ++    end
>> ++    return true
>> ++end
>> +--
>> +2.35.1
>> +
>> diff --git a/recipes-core/swupdate-handler-roundrobin/swupdate-handler-roundrobin_0.1.bb b/recipes-core/swupdate-handler-roundrobin/swupdate-handler-roundrobin_0.1.bb
>> index 65cd652..447a093 100644
>> --- a/recipes-core/swupdate-handler-roundrobin/swupdate-handler-roundrobin_0.1.bb
>> +++ b/recipes-core/swupdate-handler-roundrobin/swupdate-handler-roundrobin_0.1.bb
>> @@ -13,8 +13,11 @@ inherit dpkg-raw
>>   PROVIDES = "swupdate-handlers"
>>   
>>   SRC_URI += "git://gitlab.com/cip-project/cip-sw-updates/swupdate-handler-roundrobin.git;protocol=https;destsuffix=swupdate-handler-roundrobin;name=swupdate-handler-roundrobin;nobranch=1"
>> +SRC_URI += "file://0001-add-uuidcheck-to-roundrobin-handler.patch"
> 
> Can we upstream that directly? It's a CIP sub-project - should be doable. ;)

I will do that soon.
> 
>>   SRCREV_swupdate-handler-roundrobin ?= "fbc8d8a7e4ae8c381198cab81ae3fb13398a028e"
>>   
>> +S="${WORKDIR}/${PN}"
> 
> Unrelated or even unneeded change?

It is necessary for the quilt patching as without it the patch is 
applied wrong.

> 
>> +
>>   SWUPDATE_LUASCRIPT = "swupdate-handler-roundrobin/swupdate_handlers_roundrobin.lua"
>>   
>>   SWUPDATE_ROUND_ROBIN_HANDLER_CONFIG ?= "swupdate.handler.${SWUPDATE_BOOTLOADER}.ini"
> 
> Jan
> 

Quirin

Re: [cip-dev][isar-cip-core][RFC 4/5] image_uuid: read target_image_uuid

[Gylstorff Quirin]

On 11/10/22 14:56, Jan Kiszka wrote:
> On 10.11.22 13:45, Quirin Gylstorff wrote:
>> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>
>> This writes the target_image_uuid to the Variable TARGET_IMAGE_UUID
>> which can be used to validate a update against the root file system.
>>
>> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>> ---
>>   classes/image_uuid.bbclass | 19 +++++++++++++++++++
>>   1 file changed, 19 insertions(+)
>>
>> diff --git a/classes/image_uuid.bbclass b/classes/image_uuid.bbclass
>> index 277941b..3e2e3de 100644
>> --- a/classes/image_uuid.bbclass
>> +++ b/classes/image_uuid.bbclass
>> @@ -13,6 +13,8 @@
>>   inherit rootfs
>>   inherit image
>>   
>> +# Generate the uuid from BB_TASKHASH to ensure a new
>> +# hash on each rebuild
>>   def generate_image_uuid(d):
>>       import uuid
>>   
>> @@ -23,6 +25,23 @@ def generate_image_uuid(d):
>>   
>>   IMAGE_UUID ?= "${@generate_image_uuid(d)}"
>>   
>> +def read_target_image_uuid(d):
>> +    import os.path
>> +
>> +    deploy_dir = d.getVar("DEPLOY_DIR_IMAGE")
>> +    image_full_name = d.getVar("IMAGE_FULLNAME")
>> +    uuid_file = f"{deploy_dir}/{image_full_name}.uuid.env"
>> +    if not os.path.isfile(uuid_file):
>> +        return None
>> +
>> +    target_image_uuid = None
>> +    with open(uuid_file, "r") as f:
>> +       uuid_file_content = f.read()
>> +       target_image_uuid = uuid_file_content.split('=')[1].strip(' \t\n\r').strip('\"')
>> +    return target_image_uuid
>> +
>> +TARGET_IMAGE_UUID = "${@read_target_image_uuid(d)}"
> 
> When is this evaluated by bitbake? Only on every access, inside a task
> context? Because the file it reads from only exists after
> do_generate_image_uuid, obviously.
> 
> Jan

The variable will be evaluated on access from my testing.

I tried to set the variable during do_generate_image_uuid which let to a 
empty variable in the followup tasks.


Quirin
> 
>> +
>>   do_generate_image_uuid[vardeps] += "IMAGE_UUID"
>>   do_generate_image_uuid[depends] = "buildchroot-target:do_build"
>>   do_generate_image_uuid[dirs] = "${DEPLOY_DIR_IMAGE}"
> 

Re: [cip-dev][isar-cip-core][RFC 5/5] recipe-core/images: Integrate uuidcheck into sw-description

[Gylstorff Quirin]

On 11/10/22 14:58, Jan Kiszka wrote:
> On 10.11.22 13:45, Quirin Gylstorff wrote:
>> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>
>> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>> ---
>>   recipes-core/images/files/sw-description.tmpl | 1 +
>>   recipes-core/images/swupdate.inc              | 5 ++++-
>>   2 files changed, 5 insertions(+), 1 deletion(-)
>>
>> diff --git a/recipes-core/images/files/sw-description.tmpl b/recipes-core/images/files/sw-description.tmpl
>> index 1c0db02..a9a6069 100644
>> --- a/recipes-core/images/files/sw-description.tmpl
>> +++ b/recipes-core/images/files/sw-description.tmpl
>> @@ -20,6 +20,7 @@ software =
>>               filesystem = "ext4";
>>               properties: {
>>                           subtype = "image";
>> +                        uuidcheck = "${TARGET_IMAGE_UUID}";
>>               };
>>               sha256 = "${ROOTFS_PARTITION_NAME}-sha256";
>>       });
>> diff --git a/recipes-core/images/swupdate.inc b/recipes-core/images/swupdate.inc
>> index 6cf9bb1..0ba3a0e 100644
>> --- a/recipes-core/images/swupdate.inc
>> +++ b/recipes-core/images/swupdate.inc
>> @@ -23,6 +23,9 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
>>   SRC_URI += "file://sw-description.tmpl"
>>   TEMPLATE_FILES += "sw-description.tmpl"
>>   
>> -TEMPLATE_VARS += "ROOTFS_PARTITION_NAME"
>> +do_transform_template[vardeps] += "TARGET_IMAGE_UUID"
> 
> This continues my question on patch 4: Does that work as one would
> expect, ie. TARGET_IMAGE_UUID is executed again, right before
> do_transform_template is supposed to be run (or skipped)?

The TARGET_IMAGE_UUID is executed right before do_transform_template.

Quirin
> 
> Jan
> 
>> +addtask do_transform_template before do_swupdate_binary after do_generate_image_uuid
>> +
>> +TEMPLATE_VARS += "ROOTFS_PARTITION_NAME TARGET_IMAGE_UUID"
>>   
>>   SWU_ADDITIONAL_FILES += "linux.efi ${ROOTFS_PARTITION_NAME}"
> 

-- 




With best regards,
Quirin Gylstorff

Siemens AG
Technology
Research in Digitalization and Automation
Smart Embedded Systems
T RDA IOT SES-DE
Otto-Hahn-Ring 6
81739 Muenchen, Germany
Mobile: +49 173 3746683
mailto:quirin.gylstorff@siemens.com <mailto:quirin.gylstorff@siemens.com>
www.siemens.com <https://siemens.com>

Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Jim
Hagemann Snabe; Managing Board: Roland Busch, Chairman, President and
Chief Executive Officer; Cedrik Neike, Matthias Rebellius, Ralf P.
Thomas, Judith Wiese; Registered offices: Berlin and Munich, Germany;
Commercial registries: Berlin-Charlottenburg, HRB 12300, Munich, HRB
6684; WEEE-Reg.-No. DE 23691322

Important notice: This e-mail and any attachment thereof contain
corporate proprietary information. If you have received it by mistake,
please notify us immediately by reply e-mail and delete this e-mail and
its attachments from your system. Thank you.