Message ID | 8f3f7455-3a9d-a47a-4dce-906b5487bb24@gmail.com |
---|---|
State | Changes Requested |
Headers | show |
Series | Add support for downloading delta updates with ssl | expand |
Hi Matt, On 24.02.23 22:15, Matt Wood wrote: > Create an optional delta section in the swupdate config file and > add certificate and key paths to use ssl with the delta downloader. > > Signed-off-by: Matt Wood <matt.wood@microchip.com> > --- > examples/configuration/swupdate.cfg | 17 ++++++++++++++++- > handlers/delta_downloader.c | 28 ++++++++++++++++++++++++++++ > 2 files changed, 44 insertions(+), 1 deletion(-) > > diff --git a/examples/configuration/swupdate.cfg b/examples/configuration/swupdate.cfg > index d8677a5..4b913f0 100644 > --- a/examples/configuration/swupdate.cfg > +++ b/examples/configuration/swupdate.cfg > @@ -165,7 +165,7 @@ identify : ( > # (ex. "pkcs11:model=ATECC608B;token=0ABC;serial=0123456789abcdef;object=device;type=private") > # sslcert : string > # path of the file containing the certificate for SSL connection or pkcs11 URI > - (ex. "pkcs11:model=ATECC608B;token=0ABC;serial=0123456789abcdef;object=device;type=cert") > +# (ex. "pkcs11:model=ATECC608B;token=0ABC;serial=0123456789abcdef;object=device;type=cert") > # targettoken : string > # hawkBit target security token > # gatewaytoken : string > @@ -261,3 +261,18 @@ webserver : > groupid = 1000; > timeout = 20; > }; > + > +# > +# delta update section > +# > +# sslkey : string > +# path of the file containing the key for SSL connection or pkcs11 URI > +# (ex. "pkcs11:model=ATECC608B;token=0ABC;serial=0123456789abcdef;object=device;type=private") > +# sslcert : string > +# path of the file containing the certificate for SSL connection or pkcs11 URI > +# (ex. "pkcs11:model=ATECC608B;token=0ABC;serial=0123456789abcdef;object=device;type=cert") > +delta : > +{ > + sslkey = "/etc/ssl/sslkey"; > + sslcert = "/etc/ssl/sslcert"; > +}; > diff --git a/handlers/delta_downloader.c b/handlers/delta_downloader.c > index 8bd07ac..4f19bb6 100644 > --- a/handlers/delta_downloader.c > +++ b/handlers/delta_downloader.c > @@ -33,6 +33,7 @@ > #include <channel_curl.h> > #include "delta_handler.h" > #include "delta_process.h" > +#include "parselib.h" > > /* > * Structure used in curl callbacks > @@ -129,6 +130,23 @@ static size_t delta_callback_headers(char *buffer, size_t size, size_t nitems, v > return nitems * size; > } > > +/* Parse delta ssl options from configuration file */ > +static int delta_channel_ssl_settings(void *elem, void *data) > +{ > + channel_data_t *chan = (channel_data_t *)data; > + char tmp[128]; > + > + GET_FIELD_STRING_RESET(LIBCFG_PARSER, elem, "sslkey", tmp); > + if (strlen(tmp)) > + SETSTRING(chan->sslkey, tmp); > + > + GET_FIELD_STRING_RESET(LIBCFG_PARSER, elem, "sslcert", tmp); > + if (strlen(tmp)) > + SETSTRING(chan->sslcert, tmp); > + > + return 0; > +} I really dislike to duplicate code. I fully agree that delta is stored on a different section, but there is already code to get the common part of a connection setup. See suricatta/common.c - code needs to be moved and put in generic place that can be included by handlers, too, and suricatta_channel_settings() should be renamed, but code should be reused. > + > /* > * Process that is spawned by the handler to download the missing chunks. > * Downloading should be done in a separate process to not break > @@ -197,6 +215,16 @@ int start_delta_downloader(const char __attribute__ ((__unused__)) *fname, > channel_data.range = &req->data[req->urllen + 1]; > channel_data.user = &priv; > > + swupdate_cfg_handle handle; > + swupdate_cfg_init(&handle); > + > + /* look in config file for delta ssl options */ > + if (swupdate_cfg_read_file(&handle, fname) == 0) { > + read_module_settings(&handle, "delta", delta_channel_ssl_settings, &channel_data); > + } > + > + swupdate_cfg_destroy(&handle); > + > if (channel->open(channel, &channel_data) == CHANNEL_OK) { > transfer = channel->get_file(channel, (void *)&channel_data); > } else { Best regards, Stefano Babic
diff --git a/examples/configuration/swupdate.cfg b/examples/configuration/swupdate.cfg index d8677a5..4b913f0 100644 --- a/examples/configuration/swupdate.cfg +++ b/examples/configuration/swupdate.cfg @@ -165,7 +165,7 @@ identify : ( # (ex. "pkcs11:model=ATECC608B;token=0ABC;serial=0123456789abcdef;object=device;type=private") # sslcert : string # path of the file containing the certificate for SSL connection or pkcs11 URI - (ex. "pkcs11:model=ATECC608B;token=0ABC;serial=0123456789abcdef;object=device;type=cert") +# (ex. "pkcs11:model=ATECC608B;token=0ABC;serial=0123456789abcdef;object=device;type=cert") # targettoken : string # hawkBit target security token # gatewaytoken : string @@ -261,3 +261,18 @@ webserver : groupid = 1000; timeout = 20; }; + +# +# delta update section +# +# sslkey : string +# path of the file containing the key for SSL connection or pkcs11 URI +# (ex. "pkcs11:model=ATECC608B;token=0ABC;serial=0123456789abcdef;object=device;type=private") +# sslcert : string +# path of the file containing the certificate for SSL connection or pkcs11 URI +# (ex. "pkcs11:model=ATECC608B;token=0ABC;serial=0123456789abcdef;object=device;type=cert") +delta : +{ + sslkey = "/etc/ssl/sslkey"; + sslcert = "/etc/ssl/sslcert"; +}; diff --git a/handlers/delta_downloader.c b/handlers/delta_downloader.c index 8bd07ac..4f19bb6 100644 --- a/handlers/delta_downloader.c +++ b/handlers/delta_downloader.c @@ -33,6 +33,7 @@ #include <channel_curl.h> #include "delta_handler.h" #include "delta_process.h" +#include "parselib.h" /* * Structure used in curl callbacks @@ -129,6 +130,23 @@ static size_t delta_callback_headers(char *buffer, size_t size, size_t nitems, v return nitems * size; } +/* Parse delta ssl options from configuration file */ +static int delta_channel_ssl_settings(void *elem, void *data) +{ + channel_data_t *chan = (channel_data_t *)data; + char tmp[128]; + + GET_FIELD_STRING_RESET(LIBCFG_PARSER, elem, "sslkey", tmp); + if (strlen(tmp)) + SETSTRING(chan->sslkey, tmp); + + GET_FIELD_STRING_RESET(LIBCFG_PARSER, elem, "sslcert", tmp); + if (strlen(tmp)) + SETSTRING(chan->sslcert, tmp); + + return 0; +} + /* * Process that is spawned by the handler to download the missing chunks. * Downloading should be done in a separate process to not break @@ -197,6 +215,16 @@ int start_delta_downloader(const char __attribute__ ((__unused__)) *fname, channel_data.range = &req->data[req->urllen + 1]; channel_data.user = &priv; + swupdate_cfg_handle handle; + swupdate_cfg_init(&handle); + + /* look in config file for delta ssl options */ + if (swupdate_cfg_read_file(&handle, fname) == 0) { + read_module_settings(&handle, "delta", delta_channel_ssl_settings, &channel_data); + } + + swupdate_cfg_destroy(&handle); + if (channel->open(channel, &channel_data) == CHANNEL_OK) { transfer = channel->get_file(channel, (void *)&channel_data); } else {
Create an optional delta section in the swupdate config file and add certificate and key paths to use ssl with the delta downloader. Signed-off-by: Matt Wood <matt.wood@microchip.com> --- examples/configuration/swupdate.cfg | 17 ++++++++++++++++- handlers/delta_downloader.c | 28 ++++++++++++++++++++++++++++ 2 files changed, 44 insertions(+), 1 deletion(-)