20180724_jeffrey - silenceuncrio/diary GitHub Wiki

0910

今天看看 52xxz 的 firmware upgrade 要怎麼作

0935

目前正在參考 web svn 上兩個 project: 579XMRouter

參考的 file 如下

  • 579X - branches/prosrc/proscend/prosrc/webcgi/web_util_upgrade.c
  • Mrouter - proscend/prosrc/webcgi/web_util_upgrade.c

先以 579X 為主

來看 int UtilUpgrade(char *imgfile)

int UtilUpgrade(char *imgfile) {
        char szImageMCSV[64];
        FILE *fp;
        int res;

        rename(imgfile, UPGRADE_FILE);
        /* Check FileFormat */
        res = SysCmd("/usr/sbin/icos/ChkUpgradeFile.sh > /dev/null 2>&1");
        switch (res)  {
                case 0:
                        WDBG("File Image Correct !\n");
                        break;
                case 1:
                        WDBG(" Error: File Image not Exist!\n");
                        JsonResponse(res, "Error: File Image not Exist!", res, NULL, NULL);
                        break;
                case 2:
                        WDBG(" Error: File CheckSum Error!\n");
                        JsonResponse(res, "Error: File CheckSum Error!", res, NULL, NULL);
                        break;
                case 9:
                        WDBG(" Error: MCSV mismatch!\n");
                        JsonResponse(res, "Error: MCSV mismatch!", res, NULL, NULL);
                        memset(szImageMCSV, 0, sizeof(szImageMCSV));
                        fp = fopen("/tmp/mcsv", "rb");
                        if (fp) {
                                fread(&szImageMCSV[0], 32, 1, fp);
                                fclose(fp);
                        }
                        memset(&gWebUnionConfig.systemInfo, 0, sizeof(sSystemInformation));
                        ICOS_GetStatus(MODULE_SYSTEM, 0, 0, &(gWebUnionConfig.systemInfo),
                                sizeof(sSystemInformation) );
                        fflush(stdout);
                        break;
                default:
                        WDBG("File Format Error, errcode:%d!", res);
                        JsonResponse(res, "Error: File Format Error!", res, NULL, NULL);
                        break;
        }
        fflush(stdout);// flush before call shell script
        if (res != 0) {
                ICOS_UnLockUpgradeFile();
                return ICOS_FAILURE;
        }
        WDBG("Update Flash. Please wait...");
        fflush(stdout);
        if (ICOS_SUCCESS == SysCmd("FwUpgrade.sh web")) {
                char *arg_list[] = { "/usr/sbin/icosconfig", "coldreboot",
                        "web", NULL };
                WebLib_Spawn("/usr/sbin/icosconfig", arg_list, 0);
                return redirect(TRUE, "Upgrade successfully!", WEBLOGIN_URL);
        }
        return redirect(FALSE, "Upgrade Fail!", NULL);
}

1100

PI 的同仁遠從印度來我們這邊

剛剛介紹了 M360 上的 BGP 功能

幫自己多了一個工作項目 - HTTPS

當初搞不起來就先把它關掉了

回頭看一下 M360 好了

先切回 develop branch build 一份最新的 code

➜  M360P git:(release/v0.05) git checkout develop
Switched to branch 'develop'
Your branch is behind 'origin/develop' by 61 commits, and can be fast-forwarded.
  (use "git pull" to update your local branch)
➜  M360P git:(develop) ✗ git pull
First, rewinding head to replay your work on top of it...
Fast-forwarded develop to 5c7c0e844cd7d2e13324b6216232f498c2c2d411.

1140

目前觀察到的現象是 key 有建起來

不過 iweb 啟動 HTTPS 失敗

紀錄如下

root@M360-P:~# ls /etc/icos/web/
iweb_cert.pem  iweb_key.pem
root@M360-P:~# iweb -p 443 -d /www -s
failed to load the session from binary
Error starting server on port 443: Invalid SSL cert

感覺是 key 有問題

目前建 key 的 shell script 如下 - /usr/sbin/icos/web_x509.sh

#!/bin/bash

openssl req -x509 -newkey rsa:2048 -keyout /etc/icos/web/iweb_key.pem -out /etc/icos/web/iweb_cert.pem -days 3650 -nodes -subj '/CN=localhost'

試著修改一下 openssl command 再建一次 key

openssl req -x509 -newkey rsa:1024 -keyout /etc/icos/web/iweb_key.pem -out /etc/icos/web/iweb_cert.pem -days 365 -nodes -subj '/CN=localhost'

重開機看看

結果還是一樣

1400

HTTPS 搞定

先不上 code

差異如下

diff --git a/proscend/prosrc/icos/icoslib/web/webcfg.c b/proscend/prosrc/icos/icoslib/web/webcfg.c
index 08f50b4..8093b96 100644
--- a/proscend/prosrc/icos/icoslib/web/webcfg.c
+++ b/proscend/prosrc/icos/icoslib/web/webcfg.c
@@ -29,8 +29,8 @@

 #define  WEB_DAEMON_KEYGEN_FILE "/usr/bin/openssl"

-#define  WEB_DAEMON_KEY_FILE    WEB_ETC_DIR"/iweb_key.pem"
-#define  WEB_DAEMON_CERT_FILE          WEB_ETC_DIR"/iweb_cert.pem"
+#define  WEB_DAEMON_KEY_FILE    WEB_TMP_DIR"/iweb_key.pem"
+#define  WEB_DAEMON_CERT_FILE          WEB_TMP_DIR"/iweb_cert.pem"



@@ -257,7 +257,7 @@ static int LoadDefault(sWebConfig *pCfg)
 {
     IDBG("\n");
     memset(pCfg, 0, sizeof(*pCfg));
-    pCfg->mode          = ATTVAL_WEBMODE_HTTPD;
+    pCfg->mode          = ATTVAL_WEBMODE_BOTH;
     pCfg->httpdPort     = 80;
     pCfg->httpsPort     = 443;
     pCfg->refreshPeriod = 2;
diff --git a/proscend/prosrc/icos/iweb/iweb.c b/proscend/prosrc/icos/iweb/iweb.c
index dac858c..e6606d7 100644
--- a/proscend/prosrc/icos/iweb/iweb.c
+++ b/proscend/prosrc/icos/iweb/iweb.c
@@ -14,8 +14,8 @@

 static const char *s_http_port = "8000";

-static const char *s_ssl_cert = "/etc/icos/web/iweb_cert.pem";
-static const char *s_ssl_key  = "/etc/icos/web/iweb_key.pem";
+static const char *s_ssl_cert = "/tmp/icos/web/iweb_cert.pem";
+static const char *s_ssl_key  = "/tmp/icos/web/iweb_key.pem";

 static struct mg_serve_http_opts s_http_server_opts;

diff --git a/proscend/prosrc/icos/script/web_x509.sh b/proscend/prosrc/icos/script/web_x509.sh
index 57dcd84..7173c05 100755
--- a/proscend/prosrc/icos/script/web_x509.sh
+++ b/proscend/prosrc/icos/script/web_x509.sh
@@ -1,3 +1,3 @@
 #!/bin/bash

-openssl req -x509 -newkey rsa:2048 -keyout /etc/icos/web/iweb_key.pem -out /etc/icos/web/iweb_cert.pem -days 3650 -nodes -subj '/CN=localhost'
+openssl req -x509 -newkey rsa:2048 -keyout /tmp/icos/web/iweb_key.pem -out /tmp/icos/web/iweb_cert.pem -days 3650 -nodes -subj '/CN=localhost'