Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>

Unlocking encrypted update can take a long time, preventing other DBus
method to respond in time, e.g. `MarkUpdateSuccessful` with logs like:
```
Nov 17 15:41:30 apertispro apertis-update-[236]: mount added : /media/1AB7-E289
Nov 17 15:41:31 apertispro application[159]: DEBUG [SystemInit.cpp:135] [operator()]: UpdateMgr is ready.
Nov 17 15:41:31 apertispro application[159]: DEBUG [SystemInit.cpp:207] [operator()]: Boot count before MarkUpdateSuccessful() is: 1
Nov 17 15:41:56 apertispro application[159]: ERROR [UpdateMgr.cpp:205] [OnMarkUpdateSuccessful]: Error while MarkUpdateSuccessful : Timeout was reached
Nov 17 15:41:57 apertispro application[159]: DEBUG [SystemInit.cpp:220] [operator()]: Boot count after MarkUpdateSuccessful() is: 1
Nov 17 15:41:57 apertispro application[159]: ERROR [SystemInit.cpp:223] [operator()]: Boot count reset failed!
Nov 17 15:44:29 apertispro apertis-update-[236]: Marked update as successful
Nov 17 15:44:32 apertispro apertis-update-[236]: mount added : /media/update
Nov 17 15:44:32 apertispro apertis-update-[236]: Ostree static delta starting
```

Mount event for the encrypted filesystem can occur before return of
`udisks_filesystem_call_mount_sync()` call in the task
`unlock_and_mount_encrypted_thread`. During call to mount, store mounted
path and process them when the task is completed.

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>

`g_file_peek_path()` should be used to display path from GFile variable.

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>

We are using the call of `updatectl --mark-update-successful` to inform
Apertis Update Manager about successful boot. Directive "Requires=" do
not set the boot order, so it is possible what call of `updatectl` will
be started before AUM and thus fail to mark update as successful.
In case if such behavior repeated 3 times in a row the bootloader will
rollback the system to previous state even for correctly updated device.
Set the dependency to AUM with "After=" directive in
apertis-update-complete.service to force systemd to start AUM first.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>

Signed-off-by: Tarun Baghmar <tarun.baghmar@in.bosch.com>

After successful booting of amd64, boot-state-efi is again renaming the .conf file.
aum_boot_state_efi_conf_file_save() is being called after marking the boot successful.

Fix: state->update_available is being updated now and is passed with get_update_available returning the state.

Apertis: T7240

Signed-off-by: Tarun Baghmar <tarun.baghmar@in.bosch.com>

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>

Upgrade process generates the following warning message from GLib:
GLib-GObject-CRITICAL **: 10:36:30.622: g_object_unref: assertion 'G_IS_OBJECT (object)' failed

GIO takes care of cleaning up the result and error information after the
GAsyncReadyCallback returns,
see https://developer.gnome.org/gio/stable/GAsyncResult.html

.

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>

Baghmar Tarun authored 4 years ago and Frederic Danis committed 4 years ago

Signed-off-by: Tarun Baghmar <tarun.baghmar@in.bosch.com>

Baghmar Tarun authored 4 years ago and Frederic Danis committed 4 years ago

boot-state-efi backend has been created for amd64 which will provide the bootcount if bootfails
and will rename the .conf file which is required for automatic boot assessment in AMD64.

Apertis: T7240

Signed-off-by: Tarun Baghmar <tarun.baghmar@in.bosch.com>

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>

For encrypted static delta upgrade, the upgrade task may not get errors
when accessing the decrypted upgrade file after USB flash drive has been
removed. This can prevent encrypted file to be locked, and loopback to be
released.

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>

During up-streaming of ostree, the API of `ostree_sign_commit_verify` and
`ostree_sign_data_verify` have changed compared to the downstream version,
by adding a new parameter to retrieve success message.
Due to this, AUM request this minimum version.

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>

`ostree_sign_commit_verify` and `ostree_sign_data_verify` APIs has changed
by adding a new parameter to retrieve success message.
Currently we don't use it.

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>

Current asserts on AumBootState object in aum_boot_state_*() functions
ends up when there is no boot state backend available, i.e. for UEFI AMD64
targets, by trying to rollback the OS.
Replacing those asserts by tests returning default values allows AUM to
handle this case gracefully and with better debug message.

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>

When we try to apply a delta file with an unsigned superblock, the
apertis-update-manager crash with SEGV.
g_autoptr variable need to be initialized to NULL, in case function exits
before the variable is assigned and used.

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>

The encrypted interface of the loop device object in udisks2 can take times
to appear, this occurs only after boot.
If after 2 seconds (20 tries with 0.1s delay) the interface is still not
available, it may be because there's no encrypted data in the file.

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>

If the `/usr/share/apertis-update-manager` directory exists and an
external device, USB or SDCard, has a `static-update.bundle.enc` in its
root directory, this file is decrypted (using loopback device and dm-crypt)
and mounted. This will trigger a new `mount-added` signal, which will be
able to found the `static-update.bundle` file and process with he update.

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>

All item returned by g_variant_iter_next_value() should be unrefed.

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>

The error needs to be de-referenced to get the real error pointer.

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>

Add `aum_get_target_metadata` to verify the superblock metadata, expect
signature and commits.

Add `aum_load_target_superblock` to load static delta superblock, used by
`aum_get_target_metadata` and `aum_target_superblock_verify_signature`.
This prevents 2 times read problem, i.e. a first read from the media device
to check signature and claim static delta as a "safe" file followed by a
second read to parse the superblock again. The special HW with USB media
"emulation" may substitute bits to others for the second read.

Add function to load keys, shared by `aum_check_signature` and
`aum_target_superblock_verify_signature`.

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>

Allow to use relative path including local directory for
ostree deltas for updatectl tool.
This help to avoid confusion with non-existion file for end users.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>

New `uboot.cnt` file format appears in u-boot 2019.01+dfsg-7co7.

AUM should be able to work with both legacy and new u-boot, and their
`uboot.cnt` respective file formats. Otherwise AUM consider the file is
corrupted and triggers a rollback.
This commit allows to update AUM in a first step, work with the current
u-boot before upgrading it.

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>