[UNSTABLE] initial pass at firmware signing. Waiting for prs and what.

2017-04-10 11:45:18 -07:00 · 2017-04-10 11:45:18 -07:00 · 54820252d6
parent 6c48395c84
commit 54820252d6
7 changed files with 33 additions and 2 deletions
--- a/config/hardware/rpi3/rootfs-additions-prod/etc/fwup-key.pub
+++ b/config/hardware/rpi3/rootfs-additions-prod/etc/fwup-key.pub
@ -0,0 +1 @@
+d©IЖбйэe М┤Ё{Ьт╛eя9└в░─F0)8g
kW
--- a/config/prod.exs
+++ b/config/prod.exs
@ -32,3 +32,7 @@ config :logger, :ex_syslogger_info,
  facility: :kern,
  formatter: Farmbot.SysFormatter,
  option: [:pid, :cons]
+
+config :nerves_firmware,
+  priv_key_path: System.get_env("PRIV_KEY_PATH"),
+  pub_key_path: "/etc/fwup-key.pub"
--- a/lib/farmbot/auth.ex
+++ b/lib/farmbot/auth.ex
@ -304,6 +304,7 @@ defmodule Farmbot.Auth do
  end

  defp do_callbacks(token) do
+    Logger.debug ">> Successfully got a token!"
    spawn fn() ->
      for module <- @modules, do: send(module, {:authorization, token})
    end
--- a/lib/farmbot/transport/gen_mqtt/gen_mqtt_client.ex
+++ b/lib/farmbot/transport/gen_mqtt/gen_mqtt_client.ex
@ -12,7 +12,10 @@ defmodule Farmbot.Transport.GenMqtt.Client do
  @type ok :: {:ok, Token.t}

  @spec init(Token.t) :: ok
-  def init(%Token{} = token), do: {:ok, token}
+  def init(%Token{} = token) do
+    Logger.debug ">> Starting mqtt!"
+    {:ok, token}
+  end

  @doc """
    Starts a mqtt client.
--- a/mix.exs
+++ b/mix.exs
@ -205,7 +205,8 @@ defmodule Farmbot.Mixfile do
        {:nerves_interim_wifi, path: "../nerves_interim_wifi"},
        # {:nerves_firmware_http, github: "nerves-project/nerves_firmware_http"},
        {:nerves_firmware_http, "~> 0.3.1"},
-        {:nerves_firmware, "~> 0.3"},
+        # {:nerves_firmware, "~> 0.3"},
+        {:nerves_firmware, path: "../nerves_firmware", override: true},
        {:nerves_ssdp_server, "~> 0.2.1"},
        ],
      else: Mix.raise("There is no existing system package for #{sys}")
--- a/scripts/generate_makefile.exs
+++ b/scripts/generate_makefile.exs
@ -3,6 +3,16 @@ IO.puts version

 {commitish, _} = System.cmd("git", ["log", "--pretty=format:%hQQ%adQQ%f", "-1"])
 thing = String.split(commitish, "QQ")
+
+IO.puts "Finding private key."
+priv_key_path = System.get_env("PRIV_KEY_PATH") || nil
+
+if priv_key_path do
+  IO.puts "Found private key!"
+else
+  IO.puts "Could not find private key!"
+end
+
 IO.puts "Building default portions"
 initial = "# THIS FILE WAS GENERATED BY `build_makefile.exs`
 # #{Enum.join(thing, "\n# ")}
@ -72,6 +82,7 @@ firmware-#{sys}:

 release-#{sys}: #{sys}
 \tscripts/build_release_images.sh #{sys} #{version}
+#{if priv_key_path, do: "\tscripts/sign_release.sh #{sys} #{version} #{priv_key_path}"}

 ## end #{sys} portion."
 end
--- a/scripts/sign_release.sh
+++ b/scripts/sign_release.sh
@ -0,0 +1,10 @@
+#!/bin/bash
+SYSTEM=$1
+VERSION=$2
+PRIV_KEY_PATH=$3
+REL_DIR=release-$VERSION
+FIRM_FILE_REL=$REL_DIR/farmbot-$SYSTEM-$VERSION.fw
+SIGNED_FIRM_FILE_REL=$REL_DIR/farmbot-$SYSTEM-$VERSION-signed.fw
+
+fwup -S -s $PRIV_KEY_PATH -i $FIRM_FILE_REL -o $SIGNED_FIRM_FILE_REL
+rm $FIRM_FILE_REL
				`@ -0,0 +1 @@`
				`d©IЖбйэe М┤Ё{Ьт╛eя9└в░─F0)8g kW`