| # Copyright 2019 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "Updates devices using fwupdtool" |
| author "chromium-os-dev@chromium.org" |
| |
| # This job is started by udev via custom events. |
| # Job duration is expected to be O(minutes) depending on the number of |
| # devices with pending updates. |
| start on fwupdtool-update |
| task |
| |
| # Device GUID to be updated by fwupdtool update invocation. |
| import GUID |
| # FWUPD plugin to be used by fwupdtool update invokation. |
| import PLUGIN |
| # Are we running at boot time. |
| import AT_BOOT |
| |
| env AT_BOOT="false" |
| env FILTER="usable-during-update" |
| env REGEX="^[0-9a-f]\{8\}-[0-9a-f]\{4\}-[0-9a-f]\{4\}-[0-9a-f]\{4\}-[0-9a-f]\{12\}$" |
| env MINIJAIL_ARGS="--uts -e -l -p -N \ |
| -v -P /mnt/empty -b / -b /proc -r -t -b /dev,,1 -k run,/run,tmpfs \ |
| -k /var,/var,tmpfs -b /var/cache/fwupd,,1 -b /var/lib/fwupd,,1 \ |
| -b /sys -u fwupd -g fwupd" |
| env PLUGIN_ARGS="" |
| |
| pre-start script |
| if [ $(expr "${GUID}" : "${REGEX}") -eq 0 ]; then |
| logger -p err -t "${UPSTART_JOB}" "Invalid GUID: ${GUID}" |
| exit 1 |
| fi |
| mkdir -p /var/cache/fwupd /var/lib/fwupd /var/lib/fwupd/pending/ |
| chown -R fwupd:fwupd /var/cache/fwupd /var/lib/fwupd /var/lib/fwupd/pending/ |
| for plugin in ${PLUGIN}; do |
| if ! minijail0 ${MINIJAIL_ARGS} -- /usr/bin/fwupdtool get-plugins \ |
| | grep -x -F "${plugin}:"; then |
| logger -p err -t "${UPSTART_JOB}" "Unsupported plugin: ${plugin}" |
| exit 1 |
| fi |
| done |
| end script |
| |
| script |
| for plugin in ${PLUGIN}; do |
| case "${plugin}" in |
| "ccgx"|"dell_dock"|"synaptics_cxaudio"|"vli") |
| MINIJAIL_ARGS="${MINIJAIL_ARGS} --add-suppl-group usb" |
| ;; |
| "flashrom_i2c") |
| MINIJAIL_ARGS="${MINIJAIL_ARGS} --add-suppl-group i2c" |
| ;; |
| "nvme") |
| # Grant cap_sys_admin for nvme plugin to issue admin ioctl commands. |
| MINIJAIL_ARGS="${MINIJAIL_ARGS} -c cap_dac_override,cap_sys_admin+e" |
| ;; |
| "synaptics_mst") |
| MINIJAIL_ARGS="${MINIJAIL_ARGS} --add-suppl-group drm_dp_aux" |
| ;; |
| "thunderbolt") |
| MINIJAIL_ARGS="${MINIJAIL_ARGS} -b /sys,,1" |
| ;; |
| esac |
| PLUGIN_ARGS="${PLUGIN_ARGS} --plugins=${plugin}" |
| done |
| |
| # Apply all updates at boot time since is the safest time to do so. |
| if [ "${AT_BOOT}" = "true" ]; then |
| FILTER= |
| fi |
| |
| minijail0 ${MINIJAIL_ARGS} -- /usr/bin/fwupdtool update "${GUID}" \ |
| ${PLUGIN_ARGS} --filter="${FILTER}" 2>&1 | logger -t "${UPSTART_JOB}" |
| |
| # If there is a pending update we will delay until next boot. |
| if [ "${AT_BOOT}" = "false" ]; then |
| if minijail0 ${MINIJAIL_ARGS} \ |
| -- /usr/bin/fwupdtool get-updates "${GUID}" ${PLUGIN_ARGS}; then |
| echo "${PLUGIN}" > /var/lib/fwupd/pending/"${GUID}" |
| fi |
| fi |
| end script |