From 48dc7798377ef2e662aa0ba5faa6dec4345c40c7 Mon Sep 17 00:00:00 2001 From: Rayllll Date: Tue, 12 Aug 2025 10:42:40 +0800 Subject: [PATCH 1/5] Signed-off-by: Rayllll add code sign --- services/include/updater/updater_const.h | 1 - services/updater.cpp | 21 +++++++++++++-------- 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/services/include/updater/updater_const.h b/services/include/updater/updater_const.h index 0d327718..38cb92de 100644 --- a/services/include/updater/updater_const.h +++ b/services/include/updater/updater_const.h @@ -32,7 +32,6 @@ constexpr const char *UPDATER_STAGE_LOG = "/data/updater/log/updater_stage_log"; constexpr const char *UPDATER_LOG_FILE = "updater_log"; constexpr const char *UPDATER_STAGE_FILE = "updater_stage_log"; constexpr const char *UPDATER_PATH = "/data/updater"; -constexpr const char *SYS_INSTALLER_PATH = "/mnt/sys_installer"; constexpr const char *UPDATER_LOCALE_FILE = "locale"; constexpr const char *UPDATER_RESULT_FILE = "updater_result"; constexpr const char *MODULE_UPDATE_RESULT_FILE = "module_update_result"; diff --git a/services/updater.cpp b/services/updater.cpp index 85ccc6ba..8e3777ef 100644 --- a/services/updater.cpp +++ b/services/updater.cpp @@ -279,6 +279,12 @@ __attribute__((weak)) bool PreStartBinaryEntry([[maybe_unused]] const std::strin return true; } +__attribute__((weak)) bool EnableCodeSignForBinary([[maybe_unused]] const std::string &fullPath) +{ + LOG(INFO) << "enable code sign for binary"; + return true; +} + float g_progressRatio = 1.0; void SetTotalProgressRatio(float ratio) @@ -415,7 +421,7 @@ UpdaterStatus DoInstallUpdaterBinfile(PkgManager::PkgManagerPtr pkgManager, Upda } g_tmpProgressValue = 0; - // 从bin文件开启进程 + // 从bin文件开启进? UpdaterStatus updateRet = StartUpdaterProc(pkgManager, upParams); if (updateRet != UPDATE_SUCCESS) { UPDATER_UI_INSTANCE.ShowUpdInfo(TR(UPD_INSTALL_FAIL)); @@ -716,15 +722,17 @@ UpdaterStatus StartUpdaterProc(PkgManager::PkgManagerPtr pkgManager, UpdaterPara UPDATER_LAST_WORD(UPDATE_ERROR, "Create pipe failed"); return UPDATE_ERROR; } - int pipeRead = pfd[0]; int pipeWrite = pfd[1]; std::string fullPath = GetFullPath(pkgManager, upParams); - #ifdef WITH_SELINUX Restorecon(fullPath.c_str()); #endif // WITH_SELINUX - + if (!EnableCodeSignForBinary(fullPath)) { + LOG(ERROR) << "Failed to sign for binary"; + UPDATER_LAST_WORD(UPDATE_ERROR, "Failed to sign for binary"); + return UPDATE_ERROR; + } pid_t pid = fork(); if (pid < 0) { ERROR_CODE(CODE_FORK_FAIL); @@ -734,7 +742,6 @@ UpdaterStatus StartUpdaterProc(PkgManager::PkgManagerPtr pkgManager, UpdaterPara close(pipeWrite); return UPDATE_ERROR; } - if (pid == 0) { // child #ifdef WITH_SELINUX setcon("u:r:updater_binary:s0"); @@ -742,7 +749,6 @@ UpdaterStatus StartUpdaterProc(PkgManager::PkgManagerPtr pkgManager, UpdaterPara close(pipeRead); // close read endpoint ExcuteSubProc(upParams, fullPath, pipeWrite); } - upParams.binaryPid = pid; close(pipeWrite); // close write endpoint bool retryUpdate = false; @@ -750,7 +756,6 @@ UpdaterStatus StartUpdaterProc(PkgManager::PkgManagerPtr pkgManager, UpdaterPara UPDATER_LAST_WORD(UPDATE_ERROR, "HandlePipeMsg failed"); return UPDATE_ERROR; } - return CheckProcStatus(upParams, retryUpdate); } @@ -760,6 +765,6 @@ std::string GetWorkPath() return G_WORK_PATH; } - return std::string(SYS_INSTALLER_PATH) + "/"; + return std::string(UPDATER_PATH) + "/"; } } // namespace Updater -- Gitee From 303cd146c561f74622d64ea661ec4d0b45fefb50 Mon Sep 17 00:00:00 2001 From: Rayllll Date: Tue, 12 Aug 2025 04:04:09 +0000 Subject: [PATCH 2/5] update services/updater.cpp. Signed-off-by: Rayllll --- services/updater.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/updater.cpp b/services/updater.cpp index 8e3777ef..0bed9ba6 100644 --- a/services/updater.cpp +++ b/services/updater.cpp @@ -421,7 +421,7 @@ UpdaterStatus DoInstallUpdaterBinfile(PkgManager::PkgManagerPtr pkgManager, Upda } g_tmpProgressValue = 0; - // 从bin文件开启进? + // 从bin文件开启进程 UpdaterStatus updateRet = StartUpdaterProc(pkgManager, upParams); if (updateRet != UPDATE_SUCCESS) { UPDATER_UI_INSTANCE.ShowUpdInfo(TR(UPD_INSTALL_FAIL)); -- Gitee From 7ad59bfd864df00d9d7bb821062f33acf459221a Mon Sep 17 00:00:00 2001 From: Rayllll Date: Tue, 12 Aug 2025 10:42:40 +0800 Subject: [PATCH 3/5] Signed-off-by: Rayllll add code sign Signed-off-by: Rayllll --- services/include/updater/updater_const.h | 1 - services/updater.cpp | 21 +++++++++++++-------- services/updater_main.h | 1 + 3 files changed, 14 insertions(+), 9 deletions(-) diff --git a/services/include/updater/updater_const.h b/services/include/updater/updater_const.h index 0d327718..38cb92de 100644 --- a/services/include/updater/updater_const.h +++ b/services/include/updater/updater_const.h @@ -32,7 +32,6 @@ constexpr const char *UPDATER_STAGE_LOG = "/data/updater/log/updater_stage_log"; constexpr const char *UPDATER_LOG_FILE = "updater_log"; constexpr const char *UPDATER_STAGE_FILE = "updater_stage_log"; constexpr const char *UPDATER_PATH = "/data/updater"; -constexpr const char *SYS_INSTALLER_PATH = "/mnt/sys_installer"; constexpr const char *UPDATER_LOCALE_FILE = "locale"; constexpr const char *UPDATER_RESULT_FILE = "updater_result"; constexpr const char *MODULE_UPDATE_RESULT_FILE = "module_update_result"; diff --git a/services/updater.cpp b/services/updater.cpp index 85ccc6ba..8e3777ef 100644 --- a/services/updater.cpp +++ b/services/updater.cpp @@ -279,6 +279,12 @@ __attribute__((weak)) bool PreStartBinaryEntry([[maybe_unused]] const std::strin return true; } +__attribute__((weak)) bool EnableCodeSignForBinary([[maybe_unused]] const std::string &fullPath) +{ + LOG(INFO) << "enable code sign for binary"; + return true; +} + float g_progressRatio = 1.0; void SetTotalProgressRatio(float ratio) @@ -415,7 +421,7 @@ UpdaterStatus DoInstallUpdaterBinfile(PkgManager::PkgManagerPtr pkgManager, Upda } g_tmpProgressValue = 0; - // 从bin文件开启进程 + // 从bin文件开启进? UpdaterStatus updateRet = StartUpdaterProc(pkgManager, upParams); if (updateRet != UPDATE_SUCCESS) { UPDATER_UI_INSTANCE.ShowUpdInfo(TR(UPD_INSTALL_FAIL)); @@ -716,15 +722,17 @@ UpdaterStatus StartUpdaterProc(PkgManager::PkgManagerPtr pkgManager, UpdaterPara UPDATER_LAST_WORD(UPDATE_ERROR, "Create pipe failed"); return UPDATE_ERROR; } - int pipeRead = pfd[0]; int pipeWrite = pfd[1]; std::string fullPath = GetFullPath(pkgManager, upParams); - #ifdef WITH_SELINUX Restorecon(fullPath.c_str()); #endif // WITH_SELINUX - + if (!EnableCodeSignForBinary(fullPath)) { + LOG(ERROR) << "Failed to sign for binary"; + UPDATER_LAST_WORD(UPDATE_ERROR, "Failed to sign for binary"); + return UPDATE_ERROR; + } pid_t pid = fork(); if (pid < 0) { ERROR_CODE(CODE_FORK_FAIL); @@ -734,7 +742,6 @@ UpdaterStatus StartUpdaterProc(PkgManager::PkgManagerPtr pkgManager, UpdaterPara close(pipeWrite); return UPDATE_ERROR; } - if (pid == 0) { // child #ifdef WITH_SELINUX setcon("u:r:updater_binary:s0"); @@ -742,7 +749,6 @@ UpdaterStatus StartUpdaterProc(PkgManager::PkgManagerPtr pkgManager, UpdaterPara close(pipeRead); // close read endpoint ExcuteSubProc(upParams, fullPath, pipeWrite); } - upParams.binaryPid = pid; close(pipeWrite); // close write endpoint bool retryUpdate = false; @@ -750,7 +756,6 @@ UpdaterStatus StartUpdaterProc(PkgManager::PkgManagerPtr pkgManager, UpdaterPara UPDATER_LAST_WORD(UPDATE_ERROR, "HandlePipeMsg failed"); return UPDATE_ERROR; } - return CheckProcStatus(upParams, retryUpdate); } @@ -760,6 +765,6 @@ std::string GetWorkPath() return G_WORK_PATH; } - return std::string(SYS_INSTALLER_PATH) + "/"; + return std::string(UPDATER_PATH) + "/"; } } // namespace Updater diff --git a/services/updater_main.h b/services/updater_main.h index bd1cc22f..c8a430c9 100644 --- a/services/updater_main.h +++ b/services/updater_main.h @@ -94,6 +94,7 @@ UpdaterStatus NotifyActionResult(UpdaterParams &upParams, UpdaterStatus &status, const std::vector ¬ifyActionVec); UpdaterStatus UpdateSubPkg(UpdaterParams &upParams); void NotifyPreCheck(UpdaterStatus &status, UpdaterParams &upParams); +bool EnableCodeSignForBinary([[maybe_unused]] const std::string &fullPath); #ifdef __cplusplus #if __cplusplus } -- Gitee From 4c5ec209a73ca27dbd21fbd90760e922304a6aae Mon Sep 17 00:00:00 2001 From: Rayllll Date: Tue, 12 Aug 2025 04:09:11 +0000 Subject: [PATCH 4/5] update services/updater.cpp. Signed-off-by: Rayllll --- services/updater.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/updater.cpp b/services/updater.cpp index 8e3777ef..0bed9ba6 100644 --- a/services/updater.cpp +++ b/services/updater.cpp @@ -421,7 +421,7 @@ UpdaterStatus DoInstallUpdaterBinfile(PkgManager::PkgManagerPtr pkgManager, Upda } g_tmpProgressValue = 0; - // 从bin文件开启进? + // 从bin文件开启进程 UpdaterStatus updateRet = StartUpdaterProc(pkgManager, upParams); if (updateRet != UPDATE_SUCCESS) { UPDATER_UI_INSTANCE.ShowUpdInfo(TR(UPD_INSTALL_FAIL)); -- Gitee From a95a4fbfda527975187dab1a9b4bd2d4443a7ff3 Mon Sep 17 00:00:00 2001 From: Rayllll Date: Tue, 12 Aug 2025 07:26:48 +0000 Subject: [PATCH 5/5] update services/updater.cpp. Signed-off-by: Rayllll --- services/updater.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/updater.cpp b/services/updater.cpp index 0bed9ba6..fc32733c 100644 --- a/services/updater.cpp +++ b/services/updater.cpp @@ -281,7 +281,7 @@ __attribute__((weak)) bool PreStartBinaryEntry([[maybe_unused]] const std::strin __attribute__((weak)) bool EnableCodeSignForBinary([[maybe_unused]] const std::string &fullPath) { - LOG(INFO) << "enable code sign for binary"; + LOG(INFO) << "no need to enable code sign for binary"; return true; } -- Gitee