Closed Bug 1008094 Opened 10 years ago Closed 10 years ago

Harden FOTA against target device and gonk version

Categories

(Firefox OS Graveyard :: GonkIntegration, defect)

ARM
Gonk (Firefox OS)
defect
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED
2.0 S2 (23may)

People

(Reporter: gerard-majax, Assigned: gerard-majax)

References

Details

(Whiteboard: [systemsfe])

Attachments

(2 files, 1 obsolete file)

Let's make sure the device on which we apply a FOTA is the correct one. Let's also make sure the gonk version is okay.
Attachment #8420011 - Flags: review?(gsvelto)
Attachment #8420012 - Flags: review?(gsvelto)
Attachment #8420015 - Flags: review?(gsvelto)
Comment on attachment 8420011 [details] [review]
Add MOZ_GONK_VERSION and ro.moz.gonk_version

No way. You need to check existing properties.
Attachment #8420011 - Flags: review?(gsvelto) → review-
Fine, but what property can we use then ?

Do we want to rely on Android's ro.build.id or similar stuff ?
The idea is that, in the past, we had ICS Chocolate and Strawberry. Both are ICS, but Gecko at some point depended on the later and was not supported anymore on the former.

As far as I know, we have no property storing this information. Relying on Android's buildid would not be discriminant enough, and relying on the fingerprint would be too much.

The usecase here is to be able to ship Gecko/Gaia recovery update packages, and making sure they get installed on correct/supported a base system.
After discussing on IRC, a solution based on checking the device and then checking sha1 of all libs we link against should be better.
Whiteboard: [systemsfe]
Target Milestone: --- → 2.0 S2 (23may)
Comment on attachment 8420011 [details] [review]
Add MOZ_GONK_VERSION and ro.moz.gonk_version

This part is not needed anymore.
Attachment #8420011 - Attachment is obsolete: true
Depends on: 1007566
Status: NEW → ASSIGNED
PR updated now that dependend bugs have been merged.
Comment on attachment 8420012 [details] [review]
Add --fota-check-device-name and --fota-check-gonk

This is excellent, I've just left a couple of minor nits regarding the new options' description.
Attachment #8420012 - Flags: review?(gsvelto) → review+
Comment on attachment 8420015 [details] [review]
Use --fota-check-device-name and --fota-check-gonk

The changes you made are straightforward though I don't understand why you went all this trouble to retrieve the device name from the build.prop file. Is there a reason why you can't you use the $(TARGET_DEVICE) variable that I might have missed?

I'm giving this a minus for now because I don't think the get-device-name rule is needed.
Attachment #8420015 - Flags: review?(gsvelto) → review-
(In reply to Gabriele Svelto [:gsvelto] from comment #11)
> Comment on attachment 8420015 [details] [review]
> Use --fota-check-device-name and --fota-check-gonk
> 
> The changes you made are straightforward though I don't understand why you
> went all this trouble to retrieve the device name from the build.prop file.
> Is there a reason why you can't you use the $(TARGET_DEVICE) variable that I
> might have missed?
> 
> I'm giving this a minus for now because I don't think the get-device-name
> rule is needed.

You're perfectly right. Seems like I got mislead during my testing, because at some point I was not able to get the device name properly, hence the new function added to the Makefile.

I re-checked after your feedback, and it turns out it works as expected with $(TARGET_DEVICE). PR updated.
Comment on attachment 8420015 [details] [review]
Use --fota-check-device-name and --fota-check-gonk

PR updated to use only $(TARGET_DEVICE), works as expected.
Attachment #8420015 - Flags: review- → review?(gsvelto)
Comment on attachment 8420015 [details] [review]
Use --fota-check-device-name and --fota-check-gonk

Good to go, thanks!
Attachment #8420015 - Flags: review?(gsvelto) → review+
Blocks: 1009753
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: