more signing stuff. Moved into app init because :priv_dir(:farmbot)
parent
54820252d6
commit
bed7fea28d
|
@ -37,3 +37,6 @@ Makefile
|
||||||
release-*
|
release-*
|
||||||
dump.rdb
|
dump.rdb
|
||||||
#priv/firmware.hex
|
#priv/firmware.hex
|
||||||
|
|
||||||
|
# this file isnt stored here but just in case.
|
||||||
|
fwup-key.priv
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
use Mix.Config
|
use Mix.Config
|
||||||
config :farmbot,
|
config :farmbot,
|
||||||
path: "/tmp",
|
path: "/tmp",
|
||||||
config_file_name: System.get_env("CONFIG_FILE_NAME") || "default_config.json"
|
config_file_name: System.get_env("CONFIG_FILE_NAME") || "default_config.json",
|
||||||
|
configurator_port: System.get_env("CONFIGURATOR_PORT") || 5000
|
||||||
|
|
|
@ -32,7 +32,3 @@ config :logger, :ex_syslogger_info,
|
||||||
facility: :kern,
|
facility: :kern,
|
||||||
formatter: Farmbot.SysFormatter,
|
formatter: Farmbot.SysFormatter,
|
||||||
option: [:pid, :cons]
|
option: [:pid, :cons]
|
||||||
|
|
||||||
config :nerves_firmware,
|
|
||||||
priv_key_path: System.get_env("PRIV_KEY_PATH"),
|
|
||||||
pub_key_path: "/etc/fwup-key.pub"
|
|
||||||
|
|
|
@ -13,6 +13,7 @@ defmodule Farmbot do
|
||||||
def start(type, args)
|
def start(type, args)
|
||||||
def start(_, _args) do
|
def start(_, _args) do
|
||||||
Logger.info ">> init!"
|
Logger.info ">> init!"
|
||||||
|
:ok = setup_nerves_fw(Mix.env())
|
||||||
Amnesia.start
|
Amnesia.start
|
||||||
Database.create! Keyword.put([], :memory, [node()])
|
Database.create! Keyword.put([], :memory, [node()])
|
||||||
Database.wait(15_000)
|
Database.wait(15_000)
|
||||||
|
@ -47,4 +48,19 @@ defmodule Farmbot do
|
||||||
opts = [strategy: :one_for_one]
|
opts = [strategy: :one_for_one]
|
||||||
supervise(children, opts)
|
supervise(children, opts)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# This has to be at runtime because you cant access your own apps
|
||||||
|
# priv dir during Mix.Config.
|
||||||
|
defp setup_nerves_fw(:prod) do
|
||||||
|
Logger.info ">> Setting up firmware signing!"
|
||||||
|
file = "#{:code.priv_dir(:farmbot)}/fwup-key.pub"
|
||||||
|
Application.put_env(:nerves_firmware, :pub_key_path, file)
|
||||||
|
if File.exists?(file), do: :ok, else: {:error, :no_pub_file}
|
||||||
|
end
|
||||||
|
|
||||||
|
defp setup_nerves_fw(_) do
|
||||||
|
Logger.info ">> Disabling firmware signing!"
|
||||||
|
Application.put_env(:nerves_firmware, :pub_key_path, nil)
|
||||||
|
:ok
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -71,7 +71,7 @@ defmodule Farmbot.System.FS.ConfigStorage do
|
||||||
{:reply, read, state}
|
{:reply, read, state}
|
||||||
end
|
end
|
||||||
|
|
||||||
def handle_call({:replace_config_file, new_state}, _, old_state) do
|
def handle_call({:replace_config_file, new_state}, _, _old_state) do
|
||||||
write!(:ok, new_state)
|
write!(:ok, new_state)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,16 @@
|
||||||
|
defmodule Mix.Tasks.Farmbot.Sign do
|
||||||
|
@moduledoc false
|
||||||
|
use Mix.Task
|
||||||
|
@shortdoc "Signs a fw image"
|
||||||
|
|
||||||
|
def run([priv_key_path, out_file_path]) do
|
||||||
|
otp_app = Mix.Project.config[:app]
|
||||||
|
target = Mix.Project.config[:target]
|
||||||
|
fw_file = Path.join(["images", "#{Mix.env()}", "#{target}", "#{otp_app}.fw"])
|
||||||
|
Mix.shell.info [:green, "Signing: #{fw_file} with: #{priv_key_path} to: #{out_file_path}"]
|
||||||
|
unless File.exists?(fw_file) do
|
||||||
|
raise "Could not find Firmware!"
|
||||||
|
end
|
||||||
|
System.cmd("fwup", ["-S", "-s", priv_key_path, "-i", fw_file, "-o", out_file_path])
|
||||||
|
end
|
||||||
|
end
|
4
mix.exs
4
mix.exs
|
@ -185,7 +185,9 @@ defmodule Farmbot.Mixfile do
|
||||||
defp aliases(_system) do
|
defp aliases(_system) do
|
||||||
["deps.precompile": ["nerves.precompile", "deps.precompile"],
|
["deps.precompile": ["nerves.precompile", "deps.precompile"],
|
||||||
"deps.loadpaths": ["deps.loadpaths", "nerves.loadpaths"],
|
"deps.loadpaths": ["deps.loadpaths", "nerves.loadpaths"],
|
||||||
"firmware.upload": ["farmbot.upload"]]
|
"firmware.upload": ["farmbot.upload"],
|
||||||
|
"firmware.sign": ["farmbot.sign"]
|
||||||
|
]
|
||||||
end
|
end
|
||||||
|
|
||||||
# the nerves_system_* dir to use for this build.
|
# the nerves_system_* dir to use for this build.
|
||||||
|
|
|
@ -6,5 +6,7 @@ REL_DIR=release-$VERSION
|
||||||
FIRM_FILE_REL=$REL_DIR/farmbot-$SYSTEM-$VERSION.fw
|
FIRM_FILE_REL=$REL_DIR/farmbot-$SYSTEM-$VERSION.fw
|
||||||
SIGNED_FIRM_FILE_REL=$REL_DIR/farmbot-$SYSTEM-$VERSION-signed.fw
|
SIGNED_FIRM_FILE_REL=$REL_DIR/farmbot-$SYSTEM-$VERSION-signed.fw
|
||||||
|
|
||||||
fwup -S -s $PRIV_KEY_PATH -i $FIRM_FILE_REL -o $SIGNED_FIRM_FILE_REL
|
MIX_ENV=prod MIX_TARGET=$SYSTEM mix firmware.sign $PRIV_KEY_PATH $SIGNED_FIRM_FILE_REL
|
||||||
|
|
||||||
|
echo "Removing unsigned files!"
|
||||||
rm $FIRM_FILE_REL
|
rm $FIRM_FILE_REL
|
||||||
|
|
Loading…
Reference in New Issue