From mboxrd@z Thu Jan  1 00:00:00 1970
Delivery-date: Tue, 14 Jan 2025 21:47:04 +0100
Received: from metis.whiteo.stw.pengutronix.de ([2a0a:edc0:2:b01:1d::104])
	by lore.white.stw.pengutronix.de with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <rauc-bounces+lore=lore.pengutronix.de@pengutronix.de>)
	id 1tXnoW-001AD2-0O
	for lore@lore.pengutronix.de;
	Tue, 14 Jan 2025 21:47:04 +0100
Received: from localhost ([127.0.0.1] helo=metis.whiteo.stw.pengutronix.de)
	by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92)
	(envelope-from <rauc-bounces@pengutronix.de>)
	id 1tXnoV-000714-QW; Tue, 14 Jan 2025 21:47:03 +0100
Received: from mail-pj1-x102c.google.com ([2607:f8b0:4864:20::102c])
 by metis.whiteo.stw.pengutronix.de with esmtps
 (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92)
 (envelope-from <b.hutchman@gmail.com>)
 id 1tXnoJ-00070p-5B; Tue, 14 Jan 2025 21:46:52 +0100
Received: by mail-pj1-x102c.google.com with SMTP id
 98e67ed59e1d1-2ee51f8c47dso7955922a91.1; 
 Tue, 14 Jan 2025 12:46:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1736887609; x=1737492409; darn=pengutronix.de;
 h=content-transfer-encoding:cc:to:subject:message-id:date:from
 :in-reply-to:references:mime-version:from:to:cc:subject:date
 :message-id:reply-to;
 bh=nZTuQ4OwCbg8ZCCqTXD9C+tv9ZG9zQyqf9MH62XJ+gg=;
 b=jG+KNG2YKw40RbpREg+YcC3FBCHUALWcSCYD2zNVP4enuHDfosgcuA9UL9TKXgzUr3
 erBeky6zTSU3eaxkN6y+E9Slwsj7sG4rXRbCkl/b7v+NOs//LEx1mQmMfEKPjnD8hLuK
 z0N0UuFGopcG9foQWwv5u5t3wF8c+8O9w37841GdqVAU6oFZuZnDI02X4K/0o26z836L
 M2MHo1uPGVO96BHZoQRg8srHV4d0eVNrlPz6uE/d+EuZg7wQBF1hKDk5NQPrBJe8PEpF
 Ab1PXL3Hl8+iYxQwQwB86MNG22o/VkM/VAnszy7cCVOs3hjk7oF/1NbaBql/9fdU5CN0
 WC2w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1736887609; x=1737492409;
 h=content-transfer-encoding:cc:to:subject:message-id:date:from
 :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=nZTuQ4OwCbg8ZCCqTXD9C+tv9ZG9zQyqf9MH62XJ+gg=;
 b=fmI7TCHBB4hE7zMaIMtGXaXaVT+92Dei/23LIHV8o5PusvblFeo3vbUdezvzhro/Lz
 MOzHmu240rW+v7VVi1sMIs3znwkVBWAvUtSAu5bAM9AN/zy/bLunw4cBAzhcdUmVzsKX
 ndDdMMWw6Ymkz+NgloqjyXj9mNY0ozVJS5yxgP+np15t8paThW4GvJxwFcWbRkR6RXhu
 xssWG4z50QL1hK4zLuE6mubI1DZVi0XTwOljG/bYCLSm2kPS3brAxDVEcr3nVFTGUXBp
 8Z4sd5ep/YjccdqFLnBT04iku2ZeZWW3Z5GKqfCNkPwfhQMPrpHm9cLvIQ62p+bgGdNZ
 YRHg==
X-Gm-Message-State: AOJu0Yx2ZsboQe9GCxkkc8ghsl9zzN/XLiZ64vGwnhHWGcblm1nJX71R
 AC0SHBaNqNjJAJcRfH65PiFpMdeaoGu5B2IadTo0s1Ci+7cna8izdI+KnPbTEyX+Sf3D4VaU7gD
 waswB2udzSoDvoT/QnqQYU7Vb6YpNvg==
X-Gm-Gg: ASbGncsYgglp4i4Xo3PQQNnm/wbHxyGsnU9QbXHdv+UEq3ZkcsNwQmvWQKvoUMRScSx
 S2KzqkuA7Z/mnERmVceEn64Ug2ekuaLgJMDpN06s=
X-Google-Smtp-Source: AGHT+IFl3XG3ZAlBEOxMlTUCI6OBI5WYdpDrykrRbMXWCN3h9CjItDJ5WAFV44yvt0rSS/RS7vsUKiJL/YiSGcxJJOY=
X-Received: by 2002:a17:90a:c2c7:b0:2ee:e518:c1d8 with SMTP id
 98e67ed59e1d1-2f548f1c3f0mr37400902a91.30.1736887608832; Tue, 14 Jan 2025
 12:46:48 -0800 (PST)
MIME-Version: 1.0
References: <CAFZh4h9tu5WLxbAnA76iZ0+R5B1Oog89xeMN4-gWuBch7OPVSQ@mail.gmail.com>
 <dce5a82b6f1cd9a5b15908c3af216b83f88ca864.camel@pengutronix.de>
 <CAFZh4h-sA4hoPUobFyV3z9+G0JJYLCOQgkCJQpPA0dbRZKVN7A@mail.gmail.com>
 <d51b07990e6b3623d042adddc364ca57c322d475.camel@pengutronix.de>
 <CAFZh4h81NBRDsN=f7nuoU=dXQESG_uaH-PDtf-1RhbAk=RkwTA@mail.gmail.com>
In-Reply-To: <CAFZh4h81NBRDsN=f7nuoU=dXQESG_uaH-PDtf-1RhbAk=RkwTA@mail.gmail.com>
Date: Tue, 14 Jan 2025 15:46:37 -0500
X-Gm-Features: AbW1kvbEVGY1djEan8vkat62ObLh-Mg3NdqwTXzPoFU2cE_j0jNrCqQ0F-g3Dkg
Message-ID: <CAFZh4h-hXiXMqSGQKP-NA-PnDo_MgBC-4rqqkkZq5SHgSGh8Hg@mail.gmail.com>
To: =?UTF-8?Q?Jan_L=C3=BCbbe?= <jlu@pengutronix.de>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 metis.whiteo.stw.pengutronix.de
X-Spam-Level: 
X-Spam-Status: No, score=-2.4 required=4.0 tests=AWL,BAYES_00,DKIM_SIGNED,
 DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,
 RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham
 autolearn_force=no version=3.4.2
Subject: Re: [RAUC] Is it possible to change the [system]compatible= string
 after it has already been set/flashed?
X-BeenThere: rauc@pengutronix.de
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: RAUC Project - Discussion List <rauc.pengutronix.de>
List-Unsubscribe: <https://metis.pengutronix.de/mailman/options/rauc>,
 <mailto:rauc-request@pengutronix.de?subject=unsubscribe>
List-Archive: <https://metis.pengutronix.de/mailman/private/rauc/>
List-Post: <mailto:rauc@pengutronix.de>
List-Help: <mailto:rauc-request@pengutronix.de?subject=help>
List-Subscribe: <https://metis.pengutronix.de/mailman/listinfo/rauc>,
 <mailto:rauc-request@pengutronix.de?subject=subscribe>
From: Brian Hutchinson via RAUC <rauc@pengutronix.de>
Reply-To: Brian Hutchinson <b.hutchman@gmail.com>
Cc: rauc@pengutronix.de
Sender: "RAUC" <rauc-bounces@pengutronix.de>
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Mail-From: rauc-bounces@pengutronix.de
X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false

Hi,

On Tue, Jan 14, 2025 at 11:04=E2=80=AFAM Brian Hutchinson <b.hutchman@gmail=
.com> wrote:
>
> Hey Jan,
>
> On Tue, Jan 14, 2025 at 10:52=E2=80=AFAM Jan L=C3=BCbbe <jlu@pengutronix.=
de> wrote:
> >
> > On Tue, 2025-01-14 at 10:38 -0500, Brian Hutchinson via RAUC wrote:
> > > On Mon, Dec 9, 2024 at 3:43=E2=80=AFAM Jan L=C3=BCbbe <jlu@pengutroni=
x.de> wrote:
> > > >
> > > > Hi again,
> > > >
> > > > On Thu, 2024-12-05 at 22:38 -0500, Brian Hutchinson via RAUC wrote:
> > > > > This almost feels like the intermediate update that's necessary w=
ith
> > > > > changing rauc versions ...
> > > >
> > > > Enrico pointed me to this part.
> > > >
> > > > Updating RAUC versions normally does *not* require an intermediate
> > > > update. An intermediate update is only needed if you explicitly cre=
ate
> > > > bundles which use new features:
> > > > https://rauc.readthedocs.io/en/latest/basic.html#forward-and-backwa=
rd-compatibility
> > >
> > > Thanks!
> > >
> > > I should probably start another thread, but now I'm running into a
> > > chicken & egg problem.
> > >
> > > I need to add downgrade protection due to newer hardware
> >
> > Just to clarify: You want to prevent installation of an old bundle on t=
he new
> > hardware, as the old software would not work on the new hardware?
>
> Yes, but not based on version alone, version and some hardware checks.
>
> >
> > > and I
> > > discovered pre-install handler doesn't have access to bundle version
> > > (RAUC_MF_VERSION), only a hook has that environment variable.  Well,
> > > if I create a hook that can compare bundle version to current version
> > > to do some hardware checks ... that hook won't be in older bundles, s=
o
> > > wondering how pre-install handler (which lives in the current version
> > > file system) can figure out the bundle version attempting to be
> > > installed if it can't see RAUC_MF_VERSION to implement downgrade
> > > protection if that makes any sense.
> >
> > Take a look at the "min-bundle-version" option in the system.conf:
> > https://rauc.readthedocs.io/en/latest/reference.html#system-section
> >
> > You'd set that in the factory image of your new hardware. That way, old=
 bundles
> > cannot be installed.
>
> Yeah, looked at that and won't help me.  If pre-install handler can
> get to the bundle version attempting to be installed I'd be ok.
> Currently looking at RAUC_META_.  Looks like pre-install hook can
> access the bundle manifest.
>
> So I might allow a downgrade if the hardware is compatible, but if the
> hardware is not compatible then I have to deny the downgrade.  So it's
> got to be pre-install handler since that lives in current version
> rootfs ... but I need to figure out how to access the version of
> bundle attempting to be installed.  That's where I'm stuck.

I made my pre-install handler get the rauc bundle version thru brute
force using $RAUC_BUNDLE_MOUNT_POINT/manifest.raucm.

If there's a more elegant way for a handler to get the bundle version
from bundle manifest, please let me know so I'm not a bull in a china
shop ;).

Regards,

Brian