nerves-hub / nerves_hub_link

Connect devices to NervesHub via a Phoenix channel
https://hex.pm/packages/nerves_hub_link
Apache License 2.0
36 stars 18 forks source link

retry and fetch an updated firmware url if the first try 401s #194

Open joshk opened 5 months ago

joshk commented 5 months ago

this is a fix for #47

if the download returns a 401 it will retry once and then exit

I have also trapped Downloader exits and nil'd UpdateManager state where appropriate

joshk commented 5 months ago

@jjcarstens I'm wondering if maybe the better way to approach this issue is to have UpdateManager report back to the Socket on the status of the update (rescheduled, ignored, download error), and then Hub can decide if it sends the update again.

Thoughts?

lawik commented 5 months ago

For time being out of whack, one solution is to have the device include what they think the time is in join.

Then the server can tell whether the client is confused or has an expired thing. It can even pass down the current time. This could be an optional mechanism for getting the time (trust the server) which is helpful for a Pi for example. But mostly it lets one tell the difference between bad auth and being out of sync.

jjcarstens commented 5 months ago

A noble thought @lawik, but I don't think that will work. Time is a required component of the connect for a couple reasons:

However, the middle ground is a decent idea to just include the date header in the rejection always. Though I am unsure if we could get that early enough in the SSL stack. Though Frank is currently working on a time server solution that could be used for conditions like this too which might be the better play to keep the time concern separate

lawik commented 5 months ago

Shared secret has this issue. The SSL is not failing, it gets a 401 and if we knew what it thinks the time is we can detect it and give a better "why is NervesHubLink not up"-experience.

My PIs have this and log a ton of 401s on every restart. My guess is that they generate times at UTC until NervesTime syncs. Or something. Time is not 1977-01-01 :) SSL works it seems

joshk commented 5 months ago

@jjcarstens I've reworked the logic of this feature to now send updates from the UpdateManager to the pid that called it. These updates are then sent to Hub, which can then update the registry and decide if there are further actions to take, like sending a new update to the device.

I think this is a better setup, and there are options to improve it further.