-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathindex.js
executable file
·308 lines (268 loc) · 8.51 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
'use strict';
const Path = require('path');
const Fs = require('fs');
const Crypto = require('crypto');
const streamifier = require('streamifier');
const toArray = require('stream-to-array');
const tar = require('tar-stream');
const request = require('request');
const requestp = require('request-promise');
const nodeUUID = require('node-uuid');
const config = require(Path.join(__dirname, 'config'));
const logger = require('winston');
logger.remove(logger.transports.Console);
logger.add(logger.transports.Console, {
level: config.logs.console_level ? config.logs.console_level: 'info',
colorize: true,
timestamp: true,
})
if (config.logs.file)
logger.add(logger.transports.File, {
level: config.logs.file_level ? config.logs.file_level : 'error',
filename: config.logs.file,
});
logger.info('Welcome to uLinux Device Updater Daemon, ' +
'we hope you have a productive day! :) ');
if (config.logs.file) logger.info('Logging to file: %s', config.logs.file);
// Take care of generating uuid
let uuid;
try {
uuid = Fs.readFileSync(
Path.join(config.image_path, '..', 'uuid'), { encoding: 'UTF-8' }
);
} catch (error) {
// File does not exist, generate
uuid = nodeUUID.v4();
Fs.writeFileSync(
Path.join(config.image_path, '..', 'uuid'), uuid, { encoding: 'UTF-8' }
);
}
let cert, key;
try {
cert = Fs.readFileSync(Path.resolve(__dirname, config.cert_path));
key = Fs.readFileSync(Path.resolve(__dirname, config.key_path));
} catch (err) {
// generate certs and keys
const exec = require('child_process').execSync;
exec('sh ' + __dirname + '/gen_certs.sh');
cert = Fs.readFileSync(Path.resolve(__dirname, config.cert_path));
key = Fs.readFileSync(Path.resolve(__dirname, config.key_path));
}
const ca = Fs.readFileSync(Path.resolve(__dirname, config.update_server_ca_cert));
const signing_key = Fs.readFileSync(Path.resolve(__dirname, config.signing_server_pubkey));
const sendImAlive = require('./imalive')(config, logger, uuid);
function checkForUpdates () {
logger.info('uLinux Device Updater Daemon: Checking for updates');
return new Promise((resolve, reject) => {
requestp.post({
url: 'https://' + config.update_server + '/newUpdate',
cert: cert,
key: key,
ca: ca,
form: {
timestamp: getLatestUpdateTimestamp(),
},
json: true
}).then((res) => {
if (res.message) {
resolve(res.updateId);
} else {
reject('No new update found!');
}
}).catch((err) => {
const wrapper = new Error('Got an error checking for updates');
wrapper.cause = err;
reject(wrapper);
});
});
}
function getLatestUpdateTimestamp() {
let timestamp;
try {
timestamp = parseInt(Fs.readFileSync(
Path.join(config.image_path, '..', 'last_update'), { encoding: 'UTF-8' }
));
} catch (error) {
// File does not exist (never updated before), use UNIX epoch
timestamp = 0;
}
return timestamp;
}
function downloadImage (updateId) {
logger.info('uLinux Device Updater Daemon: Downloading update with id ' + updateId);
Fs.writeFileSync(
Path.join(config.image_path, '..', 'firmware_version'),
updateId,
{ encoding: 'UTF-8' }
);
return new Promise((resolve, reject) => {
request.get({
url: 'https://' + config.update_server + '/updates/' + updateId,
cert: cert,
key: key,
ca: ca,
encoding: null,
}, (err, response, body) => {
if (err) {
const wrapper = new Error('Got an error retrieving the update image.');
wrapper.cause = err;
reject(wrapper);
}
else if (response.headers['content-type'].indexOf('application/json') != -1) {
// Some error message
const wrapper = new Error('Got an error retrieving the update image.');
try {
wrapper.cause = JSON.parse(new String(body, 'UTF-8'));
} catch (e) {
wrapper.cause =
new Error('Could not parse error message produced by the API');
}
reject(wrapper);
} else {
// We're actually getting the file
resolve(body);
}
});
});
}
function verifyImage (buffer) {
logger.debug('uLinux Device Updater Daemon: Verifying image');
const pack = streamifier.createReadStream(buffer);
const extract = tar.extract();
let image, signature;
return new Promise((resolve, reject) => {
extract.on('entry', (header, stream, callback) => {
// header is the tar header
// stream is the content body (might be an empty stream)
// call next when you are done with this entry
toArray(stream)
.then((parts) => {
// concatenate all the array entries into the same buffer
const buffers = [];
for (let i = 0, l = parts.length; i < l ; ++i) {
const part = parts[i];
buffers.push((part instanceof Buffer) ? part : new Buffer(part));
}
const resBuffer = Buffer.concat(buffers);
if (header.name === 'signature.txt') {
signature = resBuffer.toString();
}
if (header.name === 'image.img') {
image = resBuffer;
}
callback(); // tar-stream requires calling this to begin nexy entry
});
});
const verify = Crypto.createVerify('RSA-SHA512');
extract.on('finish', () => {
if (!signature || !image) {
reject(new Error('Signature or image is missing from downloaded tar file.'));
} else {
verify.write(image);
verify.end();
if(verify.verify(signing_key, signature, 'base64')){
resolve(image);
} else {
reject(new Error('Image signature was not successfully verified.'));
}
}
});
pack.pipe(extract);
});
}
function writeImageToDisk (buffer) {
logger.debug('uLinux Device Updater Daemon: Writing image to disk');
Fs.writeFile(config.image_path, buffer, (err) => {
if (err) {
logger.error('Got an error writing the image file to disk', err);
}
});
// Save the timestamp for this update
Fs.writeFile(Path.join(config.image_path, '..', 'last_update'), Math.round(Date.now()/1000), (err) => {
if (err) {
logger.error('Got an error writing the last update timestamp to disk',
err);
}
});
}
function reboot () {
logger.info('uLinux Device Updater Daemon: Rebooting device');
const spawn = require('child_process').spawn;
const reboot = spawn('reboot');
}
let working = false;
function performUpdate() {
if (!working) {
working = true;
checkForUpdates()
.then(downloadImage)
.then(verifyImage)
.then(writeImageToDisk)
.then(reboot)
.catch((err) => {
working = false;
logger.error('uLinux Device Updater Daemon:', err);
});
}
}
performUpdate();
// Update notification server
const Hapi = require('hapi');
const server = new Hapi.Server();
server.connection({
port: config.api_port,
tls: {
key: Fs.readFileSync(Path.resolve(__dirname, 'server.key')),
cert: Fs.readFileSync(Path.resolve(__dirname, 'server.crt')),
// Authenticate update server's client cert
ca: [
ca,
],
requestCert: true,
rejectUnauthorized: true
}
});
server.route({
method: 'POST',
path: '/newUpdate',
handler: function (request, reply) {
let sentTimestamp = new Date(request.payload.timestamp);
if (sentTimestamp.getTime() > getLatestUpdateTimestamp()) {
reply();
downloadImage(request.payload.id)
.then(verifyImage)
.then(writeImageToDisk)
.then(reboot)
.catch((err) => {
working = false;
logger.error('uLinux Device Updater Daemon:', err);
});
} else {
logger.info('uLinux Device Updater Daemon: update server sent a old timestamp');
logger.debug(`Sent timestamp: ${request.payload.timestamp}, current update timestamp: ${getLatestUpdateTimestamp()}`);
reply();
}
}
});
function setPortMap() {
const client = require('nnupnp').createClient();
client.portMapping({
description: 'uLinux Device Updater Daemon',
public: config.api_port,
private: config.api_port,
ttl: 0
}, (err) => {
if (err) logger.error('uLinux Device Updater Daemon: failed setting upnp port map', err);
else logger.debug('uLinux Device Updater Daemon: set upnp port map succesfully');
});
}
server.start((err) => {
if (err) {
Logger.error('uLinux Device Updater Daemon: Got an error starting ' +
' API Server', err);
} else {
setPortMap();
}
});
setInterval(sendImAlive, config.imalive_interval * 60 * 1000);
sendImAlive();