Merge pull request #68 from learmj/idp

Improve UUID integration

Author: learmj

bin/pmap

@@ -5,13 +5,94 @@
 import argparse
 import json
 import sys
+import uuid
+import re
 
 
-# Print slot mapping
+VALID_ROLES = ["boot", "system"]
+
+
+def pmap_version(data):
+    value = get_key(data, "attributes.PMAPversion")
+    if value is None:
+        # Try parsing as fully assembled image.json
+        value = get_key(data, "layout.provisionmap.attributes.PMAPversion")
+        if value is None:
+            sys.stderr.write("Error: No version\n")
+            sys.exit(1)
+
+    if isinstance(value, str):
+        pass
+    else:
+        sys.stderr.write("Error: Version is not a string\n")
+        sys.exit(1)
+
+    parts = value.split('.')
+    parts.extend(['0'] * (3 - len(parts)))
+
+    try:
+        # Return a tuple of the version components as integers
+        major = int(parts[0])
+        minor = int(parts[1])
+        patch = int(parts[2])
+        return major, minor, patch
+    except ValueError:
+        sys.stderr.write(f"Error: Invalid version format in '{value}'\n")
+        sys.exit(1)
+
+
+# Top level PMAP validator
+def validate(data):
+    major, minor, patch = pmap_version(data)
+    # TODO
+    return major, minor, patch
+
+
+# Validates a static object and returns mandatory keys
+def chk_static(data):
+    role = data.get("role")
+
+    # role: (mandatory, string)
+    if not role:
+        sys.stderr.write("Error: role is mandatory in a static object.\n")
+        sys.exit(1)
+
+    if role not in VALID_ROLES:
+        sys.stderr.write(f"Error: Invalid 'role': '{role}'. Must be one of {VALID_ROLES}.\n")
+        sys.exit(1)
+
+    # id: (optional, string)
+    if "id" in data:
+        id_val = data.get("id")
+        if not isinstance(id_val, str):
+            sys.stderr.write("Error: id is not a string.\n")
+            sys.exit(1)
+
+    # uuid: (optional, valid UUID string)
+    if "uuid" in data:
+        uuid_val = data.get("uuid")
+        if not isinstance(uuid_val, str):
+            sys.stderr.write("Error: uuid is not a string.\n")
+            sys.exit(1)
+        try:
+            uuid.UUID(uuid_val)
+        except ValueError:
+            if (re.match(r'^[0-9a-f]{8}$', uuid_val, re.IGNORECASE) or
+                re.match(r'^[0-9a-f]{4}-[0-9a-f]{4}$', uuid_val, re.IGNORECASE)):
+                pass  # Accept as valid VFAT UUID (label)
+            else:
+                sys.stderr.write(f"Error: uuid is invalid: '{uuid_val}'.\n")
+                sys.exit(1)
+
+    # Return mandatory
+    return role
+
+
+# Print slot mapping. This is retrieved from a partitions static object.
 def slotvars(data):
     # Check for slotted system_type
     if not any(e.get("attributes", {}).get("system_type") == "slotted" for e in data):
-        sys.stderr.write("Not slotted\n")
+        sys.stderr.write("Error: Not slotted\n")
         sys.exit(1)
 
     for entry in data:
@@ -21,10 +102,14 @@ def slotvars(data):
             slots = entry["encrypted"]["slots"]
             for slot, slotval in slots.items():
                 for part in slotval.get("partitions", []):
-                    role = part.get("role", "")
-                    id_ = part.get("id", "")
-                    print(f"{role.upper()}{slot.upper()}={mname}{id_}")
-                    print(f"{role.upper()}{slot.upper()}_ENCRYPTED=y")
+                    static = part.get("static")
+                    if static is not None:
+                        role = chk_static(static)
+                        if "id" in static:
+                            print(f"{role.upper()}{slot.upper()}_ID={mname}{static['id']}")
+                        if "uuid" in static:
+                            print(f"{role.upper()}{slot.upper()}_UUID={static['uuid']}")
+                        print(f"{role.upper()}{slot.upper()}_ENCRYPTED=y")
 
         # slots at the top level with encapsulated unencrypted/encrypted
         elif "slots" in entry:
@@ -34,19 +119,27 @@ def slotvars(data):
                 if "encrypted" in slotval:
                     mname = slotval["encrypted"]["luks2"]["mname"]
                     for part in slotval["encrypted"].get("partitions", []):
-                        role = part.get("role", "")
-                        id_ = part.get("id", "")
-                        print(f"{role.upper()}{slot.upper()}={mname}{id_}")
-                        print(f"{role.upper()}{slot.upper()}_ENCRYPTED=y")
+                        static = part.get("static")
+                        if static is not None:
+                            role = chk_static(static)
+                            if "id" in static:
+                                print(f"{role.upper()}{slot.upper()}_ID={mname}{static['id']}")
+                            if "uuid" in static:
+                                print(f"{role.upper()}{slot.upper()}_UUID={static['uuid']}")
+                            print(f"{role.upper()}{slot.upper()}_ENCRYPTED=y")
 
                 # Unencrypted
                 for part in slotval.get("partitions", []):
                     # Only print unencrypted if not also encrypted
                     if "encrypted" not in slotval:
-                        role = part.get("role", "")
-                        id_ = part.get("id", "")
-                        print(f"{role.upper()}{slot.upper()}={id_}")
-                        print(f"{role.upper()}{slot.upper()}_ENCRYPTED=n")
+                        static = part.get("static")
+                        if static is not None:
+                            role = chk_static(static)
+                            if "id" in static:
+                                print(f"{role.upper()}{slot.upper()}_ID={static['id']}")
+                            if "uuid" in static:
+                                print(f"{role.upper()}{slot.upper()}_UUID={static['uuid']}")
+                            print(f"{role.upper()}{slot.upper()}_ENCRYPTED=n")
 
 
 
@@ -99,9 +192,7 @@ if __name__ == '__main__':
     with open(args.file) as f:
         data = json.load(f)
 
-    if args.slotvars:
-        slotvars(data)
-        sys.exit(0);
+    major, minor, patch = validate(data)
 
     if args.get_key:
         value = get_key(data, args.get_key)
@@ -110,3 +201,9 @@ if __name__ == '__main__':
         else:
             print(value)
             sys.exit(0)
+
+    major, minor, patch = validate(data)
+
+    if args.slotvars:
+        slotvars(data)
+        sys.exit(0);

image/gpt/ab_userdata/bdebstrap/customize05-rootfs

@@ -5,16 +5,44 @@ set -eu
 # Install slot rules
 install -m 0644 -D ../device/slot.rules $1/etc/udev/rules.d/90-rpi-slot.rules
 
+
 # Install provision map
 if igconf isset image_pmap ; then
    cp ../device/provisionmap-${IGconf_image_pmap}.json ${IGconf_sys_outputdir}/provisionmap.json
 else
    die "No pmap. Unable to generate slot mapping."
 fi
 
+
+# Generate pre-defined UUIDs
+BOOTA_LABEL=$(uuidgen | sed 's/-.*//' | tr 'a-f' 'A-F')
+BOOTA_UUID=$(echo "$BOOTA_LABEL" | sed 's/^\(....\)\(....\)$/\1-\2/')
+BOOTB_LABEL=$(uuidgen | sed 's/-.*//' | tr 'a-f' 'A-F')
+BOOTB_UUID=$(echo "$BOOTB_LABEL" | sed 's/^\(....\)\(....\)$/\1-\2/')
+SYSTEMA_UUID=$(uuidgen)
+SYSTEMB_UUID=$(uuidgen)
+CRYPT_UUID=$(uuidgen)
+
+rm -f ${IGconf_sys_outputdir}/img_uuids
+for v in BOOTA_LABEL BOOTA_UUID BOOTB_LABEL BOOTB_UUID SYSTEMA_UUID SYSTEMB_UUID CRYPT_UUID; do
+    eval "val=\$$v"
+    echo "$v=$val" >> "${IGconf_sys_outputdir}/img_uuids"
+done
+
+
+# Populate PMAP UUIDs
+sed -i \
+   -e "s|<BOOTA_UUID>|$BOOTA_UUID|g" \
+   -e "s|<BOOTB_UUID>|$BOOTB_UUID|g" \
+   -e "s|<SYSTEMA_UUID>|$SYSTEMA_UUID|g" \
+   -e "s|<SYSTEMB_UUID>|$SYSTEMB_UUID|g" \
+   -e "s|<CRYPT_UUID>|$CRYPT_UUID|g" ${IGconf_sys_outputdir}/provisionmap.json
+
+
 # Generate slot helper
 mkslot-helper ${IGconf_sys_outputdir}/provisionmap.json > $1/usr/bin/rpi-slot
 chmod +x $1/usr/bin/rpi-slot
 
+
 # Hint to initramfs-tools we have an ext4 rootfs
 sed -i "s|FSTYPE=\([^ ]*\)|FSTYPE=ext4|" $1/etc/initramfs-tools/initramfs.conf

image/gpt/ab_userdata/device/provisionmap-clear.json

@@ -1,7 +1,7 @@
 [
    {
       "attributes": {
-         "PMAPversion": "1.0.0",
+         "PMAPversion": "1.1.0",
          "system_type": "slotted"
       }
    },
@@ -18,8 +18,10 @@
             "partitions": [
                {
                   "image": "bootA",
-                  "id": "2",
-                  "role": "boot"
+                  "static": {
+                     "uuid": "<BOOTA_UUID>",
+                     "role": "boot"
+                  }
                }
             ]
          }
@@ -31,8 +33,10 @@
             "partitions": [
                {
                   "image": "bootB",
-                  "id": "3",
-                  "role": "boot"
+                  "static": {
+                     "uuid": "<BOOTB_UUID>",
+                     "role": "boot"
+                  }
                }
             ]
          }
@@ -44,8 +48,10 @@
             "partitions": [
                {
                   "image": "systemA",
-                  "id": "4",
-                  "role": "system"
+                  "static": {
+                     "uuid": "<SYSTEMA_UUID>",
+                     "role": "system"
+                  }
                }
             ]
          }
@@ -57,8 +63,10 @@
             "partitions": [
                {
                   "image": "systemB",
-                  "id": "5",
-                  "role": "system"
+                  "static": {
+                     "uuid": "<SYSTEMB_UUID>",
+                     "role": "system"
+                  }
                }
             ]
          }

image/gpt/ab_userdata/device/provisionmap-crypt.json

@@ -1,7 +1,7 @@
 [
    {
       "attributes": {
-         "PMAPversion": "1.0.0",
+         "PMAPversion": "1.2.0",
          "system_type": "slotted"
       }
    },
@@ -18,8 +18,10 @@
             "partitions": [
                {
                   "image": "bootA",
-                  "id": "2",
-                  "role": "boot"
+                  "static": {
+                     "uuid": "<BOOTA_UUID>",
+                     "role": "boot"
+                  }
                }
             ]
          }
@@ -31,8 +33,10 @@
             "partitions": [
                {
                   "image": "bootB",
-                  "id": "3",
-                  "role": "boot"
+                  "static": {
+                     "uuid": "<BOOTB_UUID>",
+                     "role": "boot"
+                  }
                }
             ]
          }
@@ -45,25 +49,30 @@
             "cipher": "aes-xts-plain64",
             "hash": "sha256",
             "label": "root",
+            "uuid": "<CRYPT_UUID>",
             "mname": "cryptroot",
             "etype": "partitioned"
          },
          "slots": {
             "A": {
                "partitions": [
                   {
-                     "id": "1",
                      "image": "systemA",
-                     "role": "system"
+                     "static": {
+                        "uuid": "<SYSTEMA_UUID>",
+                        "role": "system"
+                     }
                   }
                ]
             },
             "B": {
                "partitions": [
                   {
-                     "id": "2",
                      "image": "systemB",
-                     "role": "system"
+                     "static": {
+                        "uuid": "<SYSTEMB_UUID>",
+                        "role": "system"
+                     }
                   }
                ]
             }