search

nerves-hub / nerves_hub_link

Connect devices to NervesHub via a Phoenix channel
https://hex.pm/packages/nerves_hub_link
Apache License 2.0
36 stars 18 forks source link

Archive public key defaults #187

Closed joshk closed 5 months ago

joshk commented 5 months ago

This simplifies the setup of public keys for archive verification purposes.

If there are no public keys setup for archive verification defined...

  1. use the fwup_public_keys, if they exist
  2. ask NervesHub to send over the latest public keys

Also support the ability in the config to request the latest public keys from NervesHub even if fwup_public_keys are defined in the config.

Related: https://github.com/nerves-hub/nerves_hub_web/pull/1291

Please Note:

I made a significant change to UpdateManager and ArchiveManager where they don't store the public verification keys when they are started, but are instead passed them by the socket when an archive or update is ready to be downloaded.

This is because if the keys were updated, but then the process died, they would not have the most up to date keys.

joshk commented 5 months ago

@oestrich I've updated the PR based on our chat.