Closed chen-sh-io closed 1 year ago
simao
commented
1 year ago Hi,
Which commands are you running? Can you show what commands are you running to create a device and the output of those commands?
What is the exact output of aktualizr when you try to run it?
chen-sh-io
commented
1 year ago cning@uptane2:~/ota-community-edition$ ./scripts/gen-server-certs.sh.original read EC key writing EC key read EC key writing EC key Certificate request self-signature ok subject=CN = ota-gateway read EC key writing EC key cning@uptane2:~/ota-community-edition$ ./scripts/gen-device.sh read EC key writing EC key Certificate request self-signature ok subject=CN = 733b2183-1a2f-44da-bd8e-dad31ff8d5d5 Certificate: Data: Version: 3 (0x2) Serial Number: 4f:ad:70:db:43:0a:14:8d:ac:06:67:4c:1a:99:41:27:da:82:01:0c Signature Algorithm: ecdsa-with-SHA256 Issuer: CN = ota-devices-CA Validity Not Before: Aug 10 13:23:41 2023 GMT Not After : Aug 9 13:23:41 2024 GMT Subject: CN = 733b2183-1a2f-44da-bd8e-dad31ff8d5d5 Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:fb:52:d1:76:a2:f4:c0:aa:2a:dc:b7:96:b7:97: 6c:9d:ec:74:3d:09:ef:2a:cf:d2:0f:9d:81:e8:0f: cc:ae:10:65:fb:43:0c:9c:c7:49:28:18:12:be:99: 5a:f4:3e:20:e9:f8:0e:44:a4:e5:2f:9f:fe:3e:bd: df:86:49:ef:e6 ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: critical TLS Web Client Authentication X509v3 Subject Key Identifier: 96:DC:3A:D7:EA:59:4F:51:A5:F5:79:56:5E:F3:C2:01:FD:B2:86:12 X509v3 Authority Key Identifier: 42:BD:48:74:86:AC:CF:16:8E:ED:EB:0A:36:10:A8:65:20:E7:FB:66 Signature Algorithm: ecdsa-with-SHA256 Signature Value: 30:44:02:20:42:b0:2b:bd:ec:ab:15:b6:ce:0a:97:d6:94:ed: f3:bc:e6:ff:cd:1a:3b:32:f0:a6:79:77:ec:ac:82:f1:5c:fe: 02:20:66:55:0a:b1:3f:71:df:ef:12:80:b2:d6:88:22:ef:94: 89:b7:2c:e7:54:99:1f:85:5c:32:f6:3f:58:ec:14:14
PUT /api/v1/devices HTTP/1.1 Host: deviceregistry.ota.ce User-Agent: curl/7.81.0 Content-Type: application/json Accept: application/json, / Content-Length: 851
cning@uptane2:~/ota-community-edition/ota-ce-gen/devices/733b2183-1a2f-44da-bd8e-dad31ff8d5d5$ sudo ~/aktualizr/build/src/aktualizr_primary/aktualizr --run-mode=check -c config.toml Aktualizr version 2020.10-288-gb2ee72ebf starting Reading config: "config.toml" Final configuration that will be used: [logger] loglevel = 0
[p11] module = "" pass = "" uptane_key_id = "" tls_ca_id = "" tls_pkey_id = "" tls_clientcert_id = ""
[tls] server = "https://ota.ce:30443" server_url_path = "gateway.url" ca_source = "file" pkey_source = "file" cert_source = "file"
[provision] server = "https://ota.ce:30443" p12_password = "" expiry_days = "36000" provision_path = "" device_id = "" primary_ecu_serial = "" primary_ecu_hardware_id = "ota-ce-device" ecu_registration_endpoint = "https://ota.ce:30443/director/ecus" mode = "DeviceCred"
[uptane] polling_sec = 10 director_server = "https://ota.ce:30443/director" repo_server = "https://ota.ce:30443/repo" key_source = "file" key_type = "RSA2048" force_install_completion = false secondary_config_file = "" secondary_preinstall_wait_sec = 600
[pacman] type = "none" os = "" sysroot = "" ostree_server = "https://ota.ce:30443/treehub" images_path = "storage/images" packages_file = "/usr/package.manifest" fake_need_reboot = false booted = "booted"
[storage] type = "sqlite" path = "storage" sqldb_path = "sql.db" uptane_metadata_path = "metadata" uptane_private_key_path = "ecukey.der" uptane_public_key_path = "ecukey.pub" tls_cacert_path = "root.crt" tls_pkey_path = "pkey.pem" tls_clientcert_path = "client.pem"
[import] base_path = "." uptane_private_key_path = "" uptane_public_key_path = "" tls_cacert_path = "ca.pem" tls_pkey_path = "pkey.pem" tls_clientcert_path = "client.pem"
[telemetry] report_network = true report_config = true
[bootloader] rollback_mode = "none" reboot_sentinel_dir = "/var/run/aktualizr-session" reboot_sentinel_name = "need_reboot" reboot_command = "/sbin/reboot"
Current directory: /home/cning/ota-community-edition/ota-ce-gen/devices/733b2183-1a2f-44da-bd8e-dad31ff8d5d5 Bootstrap empty SQL storage created: storage Bootstraping DB to version 25 Couldn`t import data: empty path received Client certificate not found in database Device ID key not found in database Unable to load previous device ID. Successfully imported client certificate from "./client.pem" Successfully imported server CA certificate from "./ca.pem" Successfully imported client TLS key from "./pkey.pem" No serial found in database for this ECU, defaulting to empty serial Root metadata not found in database Not importing "./repo/root.json" because it doesn't exist Root metadata not found in database Not importing "./director/root.json" because it doesn't exist Uptane public key not found in database No pending updates, continuing with initialization post request body:{ "ecus" : [ { "clientKey" : { "keytype" : "RSA", "keyval" : { "public" : "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqPHJ2SiIH0yNScbLDbRU\nD0gji3MVMYf5oNTkT7Csjc81tACMl0PhqFxzsjH9PcITTSQ8hVXrFQYvCTI7cgv9\nwOO+LE2VyMheboWTZX320aWqgbE2vGnyNNvHzbexCrsZC+J/2tEwgXlInVL8CDWQ\ncQdAiGXf25VW1vZP4RpVRuS8E1tkxxOughXiarqh5ViftcyhJMYEMC+LhhoTD/qD\ncWrQyg/Cd7DqukLsBAscFY3U9YXeE5OrcEU87xfKYPN5ozuuerAB+TMUey/E9XTT\n+iUVpSWu8XXwgBuHLWTrgKIUUjxFU2idU7Lb0BJ6twAm+VF9lOzA7xqWeYbjHfyq\nIQIDAQAB\n-----END PUBLIC KEY-----\n" } }, "ecu_serial" : "ae7f4c46e70fa9c4e1410dac7753e3feadc0811e98c6d348791de68c2a1afa75", "hardware_identifier" : "ota-ce-device" } ], "primary_ecu_serial" : "ae7f4c46e70fa9c4e1410dac7753e3feadc0811e98c6d348791de68c2a1afa75" }
Trying 0.0.0.0:30443...
Connected to ota.ce (127.0.0.1) port 30443 (#0)
ALPN, offering h2
ALPN, offering http/1.1
CAfile: /tmp/aktualizr-d820-0576-fd0d-88e0/4f05-7c5e-tls-ca
CApath: /etc/ssl/certs
SSL connection using TLSv1.2 / ECDHE-ECDSA-AES256-GCM-SHA384
ALPN, server accepted to use http/1.1
Server certificate:
subject: CN=ota-gateway
start date: Aug 10 13:22:18 2023 GMT
expire date: Aug 7 13:22:18 2033 GMT
subjectAltName: host "ota.ce" matched cert's "ota.ce"
issuer: CN=ota-server-CA
SSL certificate verify ok.
POST /director/ecus HTTP/1.1 Host: ota.ce:30443 User-Agent: Aktualizr/2020.10-288-gb2ee72ebf Accept: / Content-Type: application/json Content-Length: 731
Mark bundle as not supporting multiuse < HTTP/1.1 403 Forbidden < Server: nginx/1.13.7 < Date: Thu, 10 Aug 2023 13:24:36 GMT < Content-Type: text/plain; charset=UTF-8 < Content-Length: 69 < Connection: keep-alive < X-Ats-Version: 3d60bb94256e58dfe0a42a9bec90ae58dea1d1ab-SNAPSHOT <
Connection #0 to host ota.ce left intact response http code: 403 response: The supplied authentication is not authorized to access this resource post request body:{ "ecus" : [ { "clientKey" : { "keytype" : "RSA", "keyval" : { "public" : "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqPHJ2SiIH0yNScbLDbRU\nD0gji3MVMYf5oNTkT7Csjc81tACMl0PhqFxzsjH9PcITTSQ8hVXrFQYvCTI7cgv9\nwOO+LE2VyMheboWTZX320aWqgbE2vGnyNNvHzbexCrsZC+J/2tEwgXlInVL8CDWQ\ncQdAiGXf25VW1vZP4RpVRuS8E1tkxxOughXiarqh5ViftcyhJMYEMC+LhhoTD/qD\ncWrQyg/Cd7DqukLsBAscFY3U9YXeE5OrcEU87xfKYPN5ozuuerAB+TMUey/E9XTT\n+iUVpSWu8XXwgBuHLWTrgKIUUjxFU2idU7Lb0BJ6twAm+VF9lOzA7xqWeYbjHfyq\nIQIDAQAB\n-----END PUBLIC KEY-----\n" } }, "ecu_serial" : "ae7f4c46e70fa9c4e1410dac7753e3feadc0811e98c6d348791de68c2a1afa75", "hardware_identifier" : "ota-ce-device" } ], "primary_ecu_serial" : "ae7f4c46e70fa9c4e1410dac7753e3feadc0811e98c6d348791de68c2a1afa75" }
Trying 0.0.0.0:30443...
Connected to ota.ce (127.0.0.1) port 30443 (#0)
ALPN, offering h2
ALPN, offering http/1.1
CAfile: /tmp/aktualizr-d820-0576-fd0d-88e0/eed6-65da-tls-ca
CApath: /etc/ssl/certs
SSL connection using TLSv1.2 / ECDHE-ECDSA-AES256-GCM-SHA384
ALPN, server accepted to use http/1.1
Server certificate:
subject: CN=ota-gateway
start date: Aug 10 13:22:18 2023 GMT
expire date: Aug 7 13:22:18 2033 GMT
subjectAltName: host "ota.ce" matched cert's "ota.ce"
issuer: CN=ota-server-CA
SSL certificate verify ok.
POST /director/ecus HTTP/1.1 Host: ota.ce:30443 User-Agent: Aktualizr/2020.10-288-gb2ee72ebf Accept: / Content-Type: application/json Content-Length: 731
Mark bundle as not supporting multiuse < HTTP/1.1 403 Forbidden < Server: nginx/1.13.7 < Date: Thu, 10 Aug 2023 13:24:36 GMT < Content-Type: text/plain; charset=UTF-8 < Content-Length: 69 < Connection: keep-alive < X-Ats-Version: 3d60bb94256e58dfe0a42a9bec90ae58dea1d1ab-SNAPSHOT <
and analyzed the code of aktualizr a bit. The error occured in the function "Provisioner::initEcuRegister" in line 353. It tried to POST following data "{\"ecus\":[{\"clientKey\":{\"keytype\":\"RSA\",\"keyval\":{\"public\":\"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqPHJ2SiIH0yNScbLDbRU\nD0gji3MVMYf5oNTkT7Csjc81tACMl0PhqFxzsjH9PcITTSQ8hVXrFQYvCTI7cgv9\nwOO+LE2VyMheboWTZX320aWqgbE2vGnyNNvHzbexCrsZC+J/2tEwgXlInVL8CDWQ\ncQdAiGXf25VW1vZP4RpVRuS8E1tkxxOughXiarqh5ViftcyhJMYEMC+LhhoTD/qD\ncWrQyg/Cd7DqukLsBAscFY3U9YXeE5OrcEU87xfKYPN5ozuuerAB+TMUey/E9XTT\n+iUVpSWu8XXwgBuHLWTrgKIUUjxFU2idU7Lb0BJ6twAm+VF9lOzA7xqWeYbjHfyq\nIQIDAQAB\n-----END PUBLIC KEY-----\n\"}},\"ecu_serial\":\"ae7f4c46e70fa9c4e1410dac7753e3feadc0811e98c6d348791de68c2a1afa75\",\"hardware_identifier\":\"ota-ce-device\"}],\"primary_ecu_serial\":\"ae7f4c46e70fa9c4e1410dac7753e3feadc0811e98c6d348791de68c2a1afa75\"}"
to "https://ota.ce:30443/director/ecus"
I don't know which part of code in director processes this request.
simao
commented
1 year ago Did you also run get-credentials.sh ? Could you show the output please.
chen-sh-io
commented
1 year ago hi Simao, I didn't run it before. below is the output of get-credentials.sh
After I ran the get-credentials.sh, seems it is working now, below is the output. What is functionality of ge-credentials.sh? [sudo] password for cning: Aktualizr version 2020.10-288-gb2ee72ebf starting Reading config: "config.toml" Final configuration that will be used: [logger] loglevel = 0
[p11] module = "" pass = "" uptane_key_id = "" tls_ca_id = "" tls_pkey_id = "" tls_clientcert_id = ""
[tls] server = "https://ota.ce:30443" server_url_path = "gateway.url" ca_source = "file" pkey_source = "file" cert_source = "file"
[provision] server = "https://ota.ce:30443" p12_password = "" expiry_days = "36000" provision_path = "" device_id = "" primary_ecu_serial = "" primary_ecu_hardware_id = "ota-ce-device" ecu_registration_endpoint = "https://ota.ce:30443/director/ecus" mode = "DeviceCred"
[uptane] polling_sec = 10 director_server = "https://ota.ce:30443/director" repo_server = "https://ota.ce:30443/repo" key_source = "file" key_type = "RSA2048" force_install_completion = false secondary_config_file = "" secondary_preinstall_wait_sec = 600
[pacman] type = "none" os = "" sysroot = "" ostree_server = "https://ota.ce:30443/treehub" images_path = "storage/images" packages_file = "/usr/package.manifest" fake_need_reboot = false booted = "booted"
[storage] type = "sqlite" path = "storage" sqldb_path = "sql.db" uptane_metadata_path = "metadata" uptane_private_key_path = "ecukey.der" uptane_public_key_path = "ecukey.pub" tls_cacert_path = "root.crt" tls_pkey_path = "pkey.pem" tls_clientcert_path = "client.pem"
[import] base_path = "." uptane_private_key_path = "" uptane_public_key_path = "" tls_cacert_path = "ca.pem" tls_pkey_path = "pkey.pem" tls_clientcert_path = "client.pem"
[telemetry] report_network = true report_config = true
[bootloader] rollback_mode = "none" reboot_sentinel_dir = "/var/run/aktualizr-session" reboot_sentinel_name = "need_reboot" reboot_command = "/sbin/reboot"
Current directory: /home/cning/ota-community-edition/ota-ce-gen/devices/733b2183-1a2f-44da-bd8e-dad31ff8d5d5 Use existing SQL storage: "storage/sql.db" Couldn`t import data: empty path received No serial found in database for this ECU, defaulting to empty serial Root metadata not found in database Not importing "./repo/root.json" because it doesn't exist Root metadata not found in database Not importing "./director/root.json" because it doesn't exist No pending updates, continuing with initialization post request body:{ "ecus" : [ { "clientKey" : { "keytype" : "RSA", "keyval" : { "public" : "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqPHJ2SiIH0yNScbLDbRU\nD0gji3MVMYf5oNTkT7Csjc81tACMl0PhqFxzsjH9PcITTSQ8hVXrFQYvCTI7cgv9\nwOO+LE2VyMheboWTZX320aWqgbE2vGnyNNvHzbexCrsZC+J/2tEwgXlInVL8CDWQ\ncQdAiGXf25VW1vZP4RpVRuS8E1tkxxOughXiarqh5ViftcyhJMYEMC+LhhoTD/qD\ncWrQyg/Cd7DqukLsBAscFY3U9YXeE5OrcEU87xfKYPN5ozuuerAB+TMUey/E9XTT\n+iUVpSWu8XXwgBuHLWTrgKIUUjxFU2idU7Lb0BJ6twAm+VF9lOzA7xqWeYbjHfyq\nIQIDAQAB\n-----END PUBLIC KEY-----\n" } }, "ecu_serial" : "ae7f4c46e70fa9c4e1410dac7753e3feadc0811e98c6d348791de68c2a1afa75", "hardware_identifier" : "ota-ce-device" } ], "primary_ecu_serial" : "ae7f4c46e70fa9c4e1410dac7753e3feadc0811e98c6d348791de68c2a1afa75" }
Trying 0.0.0.0:30443...
Connected to ota.ce (127.0.0.1) port 30443 (#0)
ALPN, offering h2
ALPN, offering http/1.1
CAfile: /tmp/aktualizr-3ab0-152a-c16b-c607/490f-d7d2-tls-ca
CApath: /etc/ssl/certs
SSL connection using TLSv1.2 / ECDHE-ECDSA-AES256-GCM-SHA384
ALPN, server accepted to use http/1.1
Server certificate:
subject: CN=ota-gateway
start date: Aug 10 13:22:18 2023 GMT
expire date: Aug 7 13:22:18 2033 GMT
subjectAltName: host "ota.ce" matched cert's "ota.ce"
issuer: CN=ota-server-CA
SSL certificate verify ok.
POST /director/ecus HTTP/1.1 Host: ota.ce:30443 User-Agent: Aktualizr/2020.10-288-gb2ee72ebf Accept: / Content-Type: application/json Content-Length: 731
Mark bundle as not supporting multiuse < HTTP/1.1 201 Created < Server: nginx/1.13.7 < Date: Fri, 11 Aug 2023 06:55:05 GMT < Content-Type: text/plain; charset=UTF-8 < Content-Length: 76 < Connection: keep-alive < X-Ats-Version: 3d60bb94256e58dfe0a42a9bec90ae58dea1d1ab-SNAPSHOT <
Connection #0 to host ota.ce left intact response http code: 201 response: The request has been fulfilled and resulted in a new resource being created. Device ID key not found in database No device ID yet... device_id is empty... generating ECUs have been successfully registered with the server. Primary ECU serial: ae7f4c46e70fa9c4e1410dac7753e3feadc0811e98c6d348791de68c2a1afa75 with hardware ID: ota-ce-device Device ID: 733b2183-1a2f-44da-bd8e-dad31ff8d5d5 Device Gateway URL: https://ota.ce:30443 Certificate subject: CN=733b2183-1a2f-44da-bd8e-dad31ff8d5d5 Certificate issuer: CN=ota-devices-CA Certificate valid from: Aug 10 13:23:41 2023 GMT until: Aug 9 13:23:41 2024 GMT ... provisioned OK hardware_info hash not found in database Reporting default hardware information put request body:{ "capabilities" : { "cp15_barrier" : true, "setend" : true, "smp" : "Symmetric Multi-Processing", "swp" : true, "tagged_addr_disabled" : true }, "children" : [ { "children" : [ { "businfo" : "cpu@0", "capabilities" : { "asimd" : "Advanced SIMD", "cpufreq" : "CPU Frequency scaling", "cpuid" : true, "crc32" : "CRC extension", "evtstrm" : "Event stream", "fp" : "Floating point instructions" }, "capacity" : 1800000000, "children" : [ { "claimed" : true, "class" : "memory", "description" : "L1 Cache", "id" : "cache", "physid" : "0", "size" : 32768, "units" : "bytes" } ], "claimed" : true, "class" : "processor", "description" : "CPU", "id" : "cpu:0", "physid" : "1", "product" : "cpu", "size" : 1600000000, "units" : "Hz" }, { "businfo" : "cpu@1", "capabilities" : { "asimd" : "Advanced SIMD", "cpufreq" : "CPU Frequency scaling", "cpuid" : true, "crc32" : "CRC extension", "evtstrm" : "Event stream", "fp" : "Floating point instructions" }, "capacity" : 1800000000, "children" : [ { "claimed" : true, "class" : "memory", "description" : "L1 Cache", "id" : "cache", "physid" : "0", "size" : 32768, "units" : "bytes" } ], "claimed" : true, "class" : "processor", "description" : "CPU", "id" : "cpu:1", "physid" : "2", "product" : "cpu", "size" : 1600000000, "units" : "Hz" }, { "businfo" : "cpu@2", "capabilities" : { "asimd" : "Advanced SIMD", "cpufreq" : "CPU Frequency scaling", "cpuid" : true, "crc32" : "CRC extension", "evtstrm" : "Event stream", "fp" : "Floating point instructions" }, "capacity" : 1800000000, "children" : [ { "claimed" : true, "class" : "memory", "description" : "L1 Cache", "id" : "cache", "physid" : "0", "size" : 32768, "units" : "bytes" } ], "claimed" : true, "class" : "processor", "description" : "CPU", "id" : "cpu:2", "physid" : "3", "product" : "cpu", "size" : 1600000000, "units" : "Hz" }, { "businfo" : "cpu@3", "capabilities" : { "asimd" : "Advanced SIMD", "cpufreq" : "CPU Frequency scaling", "cpuid" : true, "crc32" : "CRC extension", "evtstrm" : "Event stream", "fp" : "Floating point instructions" }, "capacity" : 1800000000, "children" : [ { "claimed" : true, "class" : "memory", "description" : "L1 Cache", "id" : "cache", "physid" : "0", "size" : 32768, "units" : "bytes" } ], "claimed" : true, "class" : "processor", "description" : "CPU", "id" : "cpu:3", "physid" : "4", "product" : "cpu", "size" : 1600000000, "units" : "Hz" }, { "businfo" : "cpu@4", "claimed" : true, "class" : "processor", "description" : "CPU", "disabled" : true, "id" : "cpu:4", "physid" : "5", "product" : "l2-cache0" }, { "claimed" : true, "class" : "memory", "description" : "System memory", "id" : "memory", "physid" : "6", "size" : 8187367424, "units" : "bytes" }, { "businfo" : "pci@0000:00:00.0", "capabilities" : { "bus_master" : "bus mastering", "cap_list" : "PCI capabilities listing", "normal_decode" : true, "pci" : true, "pciexpress" : "PCI Express", "pm" : "Power Management" }, "children" : [ { "businfo" : "pci@0000:01:00.0", "capabilities" : { "bus_master" : "bus mastering", "cap_list" : "PCI capabilities listing", "msi" : "Message Signalled Interrupts", "pciexpress" : "PCI Express", "pm" : "Power Management", "xhci" : true }, "children" : [ { "businfo" : "usb@1", "capabilities" : { "usb-2.00" : "USB 2.0" }, "children" : [ { "businfo" : "usb@1:1", "capabilities" : { "usb-2.10" : true }, "children" : [ { "businfo" : "usb@1:1.1", "capabilities" : { "usb-2.00" : "USB 2.0" }, "children" : [ { "businfo" : "usb@1:1.1.1", "capabilities" : { "usb" : "USB", "usb-2.00" : "USB 2.0" }, "claimed" : true, "class" : "input", "configuration" : { "driver" : "usbhid", "maxpower" : "100mA", "speed" : "2Mbit/s" }, "description" : "Keyboard", "handle" : "USB:1:4", "id" : "usb:0", "logicalname" : [ "input0", "/dev/input/event0", "input0::capslock", "input0::numlock", "input0::scrolllock", "input1", "/dev/input/event1" ], "physid" : "1", "product" : "RPI Wired Keyboard 5", "version" : "1.50" }, { "businfo" : "usb@1:1.1.4", "capabilities" : { "usb" : "USB", "usb-1.10" : "USB 1.1" }, "claimed" : true, "class" : "input", "configuration" : { "driver" : "usbhid", "maxpower" : "100mA", "speed" : "2Mbit/s" }, "description" : "Mouse", "handle" : "USB:1:5", "id" : "usb:1", "logicalname" : [ "input2", "/dev/input/event2", "/dev/input/mouse0" ], "physid" : "4", "product" : "PixArt USB Optical Mouse", "vendor" : "PixArt", "version" : "1.00" } ], "claimed" : true, "class" : "bus", "configuration" : { "driver" : "hub", "maxpower" : "100mA", "slots" : "4", "speed" : "480Mbit/s" }, "description" : "USB hub", "handle" : "USB:1:3", "id" : "usb", "physid" : "1", "product" : "USB2.0 Hub", "vendor" : "Genesys Logic, Inc.", "version" : "32.98" } ], "claimed" : true, "class" : "bus", "configuration" : { "driver" : "hub", "maxpower" : "100mA", "slots" : "4", "speed" : "480Mbit/s" }, "description" : "USB hub", "handle" : "USB:1:2", "id" : "usb", "physid" : "1", "product" : "USB2.0 Hub", "vendor" : "VIA Labs, Inc.", "version" : "4.21" } ], "claimed" : true, "class" : "bus", "configuration" : { "driver" : "hub", "slots" : "1", "speed" : "480Mbit/s" }, "handle" : "USB:1:1", "id" : "usbhost:0", "logicalname" : "usb1", "physid" : "0", "product" : "xHCI Host Controller", "vendor" : "Linux 5.15.0-1034-raspi xhci-hcd", "version" : "5.15" }, { "businfo" : "usb@2", "capabilities" : { "usb-3.00" : true }, "claimed" : true, "class" : "bus", "configuration" : { "driver" : "hub", "slots" : "4", "speed" : "5000Mbit/s" }, "handle" : "USB:2:1", "id" : "usbhost:1", "logicalname" : "usb2", "physid" : "1", "product" : "xHCI Host Controller", "vendor" : "Linux 5.15.0-1034-raspi xhci-hcd", "version" : "5.15" } ], "claimed" : true, "class" : "bus", "clock" : 33000000, "configuration" : { "driver" : "xhci_hcd", "latency" : "0" }, "description" : "USB controller", "handle" : "PCI:0000:01:00.0", "id" : "usb", "physid" : "0", "product" : "VL805/806 xHCI USB 3.0 Controller", "vendor" : "VIA Technologies, Inc.", "version" : "01", "width" : 64 } ], "claimed" : true, "class" : "bridge", "clock" : 33000000, "configuration" : { "driver" : "pcieport" }, "description" : "PCI bridge", "handle" : "PCIBUS:0000:01", "id" : "pci", "physid" : "0", "product" : "BCM2711 PCIe Bridge", "vendor" : "Broadcom Inc. and subsidiaries", "version" : "10", "width" : 32 } ], "claimed" : true, "class" : "bus", "description" : "Motherboard", "id" : "core", "physid" : "0" }, { "businfo" : "usb@3", "capabilities" : { "usb-2.00" : "USB 2.0" }, "claimed" : true, "class" : "bus", "configuration" : { "driver" : "hub", "slots" : "1", "speed" : "480Mbit/s" }, "handle" : "USB:3:1", "id" : "usbhost", "logicalname" : "usb3", "physid" : "1", "product" : "DWC OTG Controller", "vendor" : "Linux 5.15.0-1034-raspi dwc2_hsotg", "version" : "5.15" }, { "children" : [ { "capabilities" : { "partitioned" : "Partitioned disk", "partitioned:dos" : "MS-DOS partition table", "sd" : true }, "children" : [ { "capabilities" : { "bootable" : "Bootable partition (active)", "fat" : "Windows FAT", "initialized" : "initialized volume", "primary" : "Primary partition" }, "capacity" : 268435456, "class" : "volume", "configuration" : { "FATs" : "2", "filesystem" : "fat", "label" : "system-boot" }, "description" : "Windows FAT volume", "id" : "volume:0", "physid" : "1", "serial" : "a65e-e247", "size" : 268419072, "vendor" : "mkfs.fat", "version" : "FAT32" }, { "capabilities" : { "64bit" : "64bit filesystem", "dir_nlink" : "directories with 65000+ subdirs", "ext2" : "EXT2/EXT3", "ext4" : true, "extended_attributes" : "Extended Attributes", "extents" : "extent-based allocation", "huge_files" : "16TB+ files", "initialized" : "initialized volume", "journaled" : true, "large_files" : "4GB+ files", "primary" : "Primary partition", "recover" : "needs recovery" }, "capacity" : 31449923072, "claimed" : true, "class" : "volume", "configuration" : { "created" : "2023-02-17 18:33:26", "filesystem" : "ext4", "label" : "writable", "lastmountpoint" : "/", "modified" : "2023-03-02 13:58:32", "mount.fstype" : "ext4", "mount.options" : "ro,noexec,noatime,discard", "mounted" : "2023-03-02 13:58:34", "state" : "mounted" }, "description" : "EXT4 volume", "dev" : "179:2", "id" : "volume:1", "logicalname" : [ "/dev/mmcblk0p2", "/", "/var/snap/firefox/common/host-hunspell" ], "physid" : "2", "serial" : "1fa6d9ec-04ea-4263-8500-03d010201152", "size" : 31449919488, "vendor" : "Linux", "version" : "1.0" } ], "claimed" : true, "class" : "disk", "configuration" : { "logicalsectorsize" : "512", "sectorsize" : "512", "signature" : "dea5321b" }, "date" : "02/2021", "description" : "SD Card", "id" : "device", "logicalname" : "/dev/mmcblk0", "physid" : "b368", "product" : "USD00", "serial" : "1755522069", "size" : 31719424000, "units" : "bytes", "vendor" : "Unknown (173)", "version" : "1.0" } ], "claimed" : true, "class" : "bus", "description" : "MMC Host", "id" : "mmc0", "logicalname" : "mmc0", "physid" : "2" }, { "children" : [ { "businfo" : "mmc@1:0001", "capabilities" : { "sdio" : true }, "children" : [ { "businfo" : "mmc@1:0001:1", "capabilities" : { "ethernet" : true, "physical" : "Physical interface", "wireless" : "Wireless-LAN" }, "claimed" : true, "class" : "network", "configuration" : { "broadcast" : "yes", "driver" : "brcmfmac", "driverversion" : "7.45.241", "firmware" : "01-703fd60", "multicast" : "yes", "wireless" : "IEEE 802.11" }, "description" : "Wireless interface", "id" : "interface:0", "logicalname" : [ "mmc1:0001:1", "wlan0" ], "physid" : "1", "product" : "43430", "serial" : "e4:5f:01:00:75:34", "vendor" : "Broadcom" }, { "businfo" : "mmc@1:0001:2", "claimed" : true, "class" : "generic", "id" : "interface:1", "logicalname" : "mmc1:0001:2", "physid" : "2", "product" : "43430", "vendor" : "Broadcom" }, { "businfo" : "mmc@1:0001:3", "capabilities" : { "bluetooth" : true, "wireless" : true }, "claimed" : true, "class" : "communication", "configuration" : { "wireless" : "BlueTooth" }, "description" : "BlueTooth interface", "id" : "bt", "logicalname" : "mmc1:0001:3", "physid" : "3", "product" : "43430", "vendor" : "Broadcom" } ], "claimed" : true, "class" : "generic", "description" : "SDIO Device", "id" : "device", "physid" : "1", "serial" : "0" } ], "claimed" : true, "class" : "bus", "description" : "MMC Host", "id" : "mmc1", "logicalname" : "mmc1", "physid" : "3" }, { "claimed" : true, "class" : "multimedia", "description" : "Headphones", "id" : "sound:0", "logicalname" : [ "card0", "/dev/snd/controlC0", "/dev/snd/pcmC0D0p" ], "physid" : "4" }, { "claimed" : true, "class" : "multimedia", "description" : "vc4hdmi0", "id" : "sound:1", "logicalname" : [ "card1", "/dev/snd/controlC1", "/dev/snd/pcmC1D0p" ], "physid" : "5" }, { "claimed" : true, "class" : "multimedia", "description" : "vc4hdmi1", "id" : "sound:2", "logicalname" : [ "card2", "/dev/snd/controlC2", "/dev/snd/pcmC2D0p" ], "physid" : "6" }, { "capabilities" : { "fb" : "framebuffer" }, "claimed" : true, "class" : "display", "configuration" : { "depth" : "16", "resolution" : "1920,1200" }, "id" : "graphics", "logicalname" : "/dev/fb0", "physid" : "7", "product" : "vc4drmfb" }, { "capabilities" : { "cec" : "CEC" }, "claimed" : true, "class" : "input", "id" : "input:0", "logicalname" : [ "input3", "/dev/input/event3" ], "physid" : "8", "product" : "vc4-hdmi-0" }, { "capabilities" : { "cec" : "CEC" }, "claimed" : true, "class" : "input", "id" : "input:1", "logicalname" : [ "input4", "/dev/input/event4" ], "physid" : "9", "product" : "vc4-hdmi-1" }, { "capabilities" : { "1000bt" : "1Gbit/s", "1000bt-fd" : "1Gbit/s (full duplex)", "100bt" : "100Mbit/s", "100bt-fd" : "100Mbit/s (full duplex)", "10bt" : "10Mbit/s", "10bt-fd" : "10Mbit/s (full duplex)", "autonegotiation" : "Auto-negotiation", "ethernet" : true, "mii" : "Media Independent Interface", "physical" : "Physical interface", "tp" : "twisted pair" }, "capacity" : 1000000000, "claimed" : true, "class" : "network", "configuration" : { "autonegotiation" : "on", "broadcast" : "yes", "driver" : "bcmgenet", "driverversion" : "5.15.0-1034-raspi", "duplex" : "full", "ip" : "192.168.2.38", "link" : "yes", "multicast" : "yes", "port" : "twisted pair", "speed" : "1Gbit/s" }, "description" : "Ethernet interface", "id" : "network", "logicalname" : "eth0", "physid" : "a", "serial" : "e4:5f:01:00:75:33", "size" : 1000000000, "units" : "bit/s" } ], "claimed" : true, "class" : "system", "description" : "Computer", "id" : "uptane2", "product" : "Raspberry Pi 4 Model B Rev 1.4", "serial" : "100000003253d017", "width" : 64 }
Trying 0.0.0.0:30443...
Connected to ota.ce (127.0.0.1) port 30443 (#0)
ALPN, offering h2
ALPN, offering http/1.1
CAfile: /tmp/aktualizr-3ab0-152a-c16b-c607/490f-d7d2-tls-ca
CApath: /etc/ssl/certs
SSL connection using TLSv1.2 / ECDHE-ECDSA-AES256-GCM-SHA384
ALPN, server accepted to use http/1.1
Server certificate:
subject: CN=ota-gateway
start date: Aug 10 13:22:18 2023 GMT
expire date: Aug 7 13:22:18 2033 GMT
subjectAltName: host "ota.ce" matched cert's "ota.ce"
issuer: CN=ota-server-CA
SSL certificate verify ok.
PUT /system_info HTTP/1.1 Host: ota.ce:30443 User-Agent: Aktualizr/2020.10-288-gb2ee72ebf Accept: / Content-Type: application/json Content-Length: 10752
Mark bundle as not supporting multiuse < HTTP/1.1 301 Moved Permanently < Server: nginx/1.13.7 < Date: Fri, 11 Aug 2023 06:55:07 GMT < Content-Type: text/html < Content-Length: 185 < Location: https://ota.ce:8443/system_info/ < Connection: keep-alive <
Ignoring the response-body
Connection #0 to host ota.ce left intact
Clear auth, redirects to port from 30443 to 8443
Issue another request to this URL: 'https://ota.ce:8443/system_info/'
Trying 0.0.0.0:8443...
connect to 0.0.0.0 port 8443 failed: Connection refused
Failed to connect to ota.ce port 8443 after 1 ms: Connection refused
Closing connection 1 curl error 7 (http code 301): Couldn't connect to server
Found bundle for host ota.ce: 0xffff70037e20 [serially]
Can not multiplex, even if we wanted to!
Re-using existing connection! (#0) with host ota.ce
Connected to ota.ce (127.0.0.1) port 30443 (#0)
PUT /system_info HTTP/1.1 Host: ota.ce:30443 User-Agent: Aktualizr/2020.10-288-gb2ee72ebf Accept: / Content-Type: application/json Content-Length: 10752
Mark bundle as not supporting multiuse < HTTP/1.1 301 Moved Permanently < Server: nginx/1.13.7 < Date: Fri, 11 Aug 2023 06:55:08 GMT < Content-Type: text/html < Content-Length: 185 < Location: https://ota.ce:8443/system_info/ < Connection: keep-alive <
Ignoring the response-body
Connection #0 to host ota.ce left intact
Clear auth, redirects to port from 30443 to 8443
Issue another request to this URL: 'https://ota.ce:8443/system_info/'
Hostname ota.ce was found in DNS cache
Trying 0.0.0.0:8443...
connect to 0.0.0.0 port 8443 failed: Connection refused
Failed to connect to ota.ce port 8443 after 0 ms: Connection refused
Closing connection 2 curl error 7 (http code 301): Couldn't connect to server
Found bundle for host ota.ce: 0xffff70037e20 [serially]
Can not multiplex, even if we wanted to!
Re-using existing connection! (#0) with host ota.ce
Connected to ota.ce (127.0.0.1) port 30443 (#0)
PUT /system_info HTTP/1.1 Host: ota.ce:30443 User-Agent: Aktualizr/2020.10-288-gb2ee72ebf Accept: / Content-Type: application/json Content-Length: 10752
Mark bundle as not supporting multiuse < HTTP/1.1 301 Moved Permanently < Server: nginx/1.13.7 < Date: Fri, 11 Aug 2023 06:55:09 GMT < Content-Type: text/html < Content-Length: 185 < Location: https://ota.ce:8443/system_info/ < Connection: keep-alive <
Ignoring the response-body
Connection #0 to host ota.ce left intact
Clear auth, redirects to port from 30443 to 8443
Issue another request to this URL: 'https://ota.ce:8443/system_info/'
Hostname ota.ce was found in DNS cache
Trying 0.0.0.0:8443...
connect to 0.0.0.0 port 8443 failed: Connection refused
Failed to connect to ota.ce port 8443 after 0 ms: Connection refused
Closing connection 3 curl error 7 (http code 301): Couldn't connect to server response http code: 301 response: response http code: 301 response: response http code: 301 response: installed_packages hash not found in database Reporting installed packages put request body:[ { "name" : "fake-package", "version" : "1.0" } ]
Trying 0.0.0.0:30443...
Connected to ota.ce (127.0.0.1) port 30443 (#0)
ALPN, offering h2
ALPN, offering http/1.1
CAfile: /tmp/aktualizr-3ab0-152a-c16b-c607/490f-d7d2-tls-ca
CApath: /etc/ssl/certs
SSL connection using TLSv1.2 / ECDHE-ECDSA-AES256-GCM-SHA384
ALPN, server accepted to use http/1.1
Server certificate:
subject: CN=ota-gateway
start date: Aug 10 13:22:18 2023 GMT
expire date: Aug 7 13:22:18 2033 GMT
subjectAltName: host "ota.ce" matched cert's "ota.ce"
issuer: CN=ota-server-CA
SSL certificate verify ok.
PUT /core/installed HTTP/1.1 Host: ota.ce:30443 User-Agent: Aktualizr/2020.10-288-gb2ee72ebf Accept: / Content-Type: application/json Content-Length: 41
Mark bundle as not supporting multiuse < HTTP/1.1 204 No Content < Server: nginx/1.13.7 < Date: Fri, 11 Aug 2023 06:55:10 GMT < Connection: keep-alive < x-ats-version: 3d60bb94256e58dfe0a42a9bec90ae58dea1d1ab-SNAPSHOT <
Connection #0 to host ota.ce left intact response http code: 204 response: network_info hash not found in database Reporting network information put request body:{ "hostname" : "uptane2", "local_ipv4" : "192.168.2.38", "mac" : "e4:5f:01:00:75:33" }
Trying 0.0.0.0:30443...
Connected to ota.ce (127.0.0.1) port 30443 (#0)
ALPN, offering h2
ALPN, offering http/1.1
CAfile: /tmp/aktualizr-3ab0-152a-c16b-c607/490f-d7d2-tls-ca
CApath: /etc/ssl/certs
SSL connection using TLSv1.2 / ECDHE-ECDSA-AES256-GCM-SHA384
ALPN, server accepted to use http/1.1
Server certificate:
subject: CN=ota-gateway
start date: Aug 10 13:22:18 2023 GMT
expire date: Aug 7 13:22:18 2033 GMT
subjectAltName: host "ota.ce" matched cert's "ota.ce"
issuer: CN=ota-server-CA
SSL certificate verify ok.
PUT /system_info/network HTTP/1.1 Host: ota.ce:30443 User-Agent: Aktualizr/2020.10-288-gb2ee72ebf Accept: / Content-Type: application/json Content-Length: 76
Mark bundle as not supporting multiuse < HTTP/1.1 204 No Content < Server: nginx/1.13.7 < Date: Fri, 11 Aug 2023 06:55:11 GMT < Connection: keep-alive < x-ats-version: 3d60bb94256e58dfe0a42a9bec90ae58dea1d1ab-SNAPSHOT <
Connection #0 to host ota.ce left intact response http code: 204 response: configuration hash not found in database Reporting libaktualizr configuration
Trying 0.0.0.0:30443...
Connected to ota.ce (127.0.0.1) port 30443 (#0)
ALPN, offering h2
ALPN, offering http/1.1
CAfile: /tmp/aktualizr-3ab0-152a-c16b-c607/490f-d7d2-tls-ca
CApath: /etc/ssl/certs
SSL connection using TLSv1.2 / ECDHE-ECDSA-AES256-GCM-SHA384
ALPN, server accepted to use http/1.1
Server certificate:
subject: CN=ota-gateway
start date: Aug 10 13:22:18 2023 GMT
expire date: Aug 7 13:22:18 2033 GMT
subjectAltName: host "ota.ce" matched cert's "ota.ce"
issuer: CN=ota-server-CA
SSL certificate verify ok.
POST /system_info/config HTTP/1.1 Host: ota.ce:30443 User-Agent: Aktualizr/2020.10-288-gb2ee72ebf Accept: / Content-Type: application/toml Content-Length: 1644
Mark bundle as not supporting multiuse < HTTP/1.1 204 No Content < Server: nginx/1.13.7 < Date: Fri, 11 Aug 2023 06:55:12 GMT < Connection: keep-alive < x-ats-version: 3d60bb94256e58dfe0a42a9bec90ae58dea1d1ab-SNAPSHOT <
Connection #0 to host ota.ce left intact response http code: 204 response: got SendDeviceDataComplete event Not reporting network information because it has not changed Failed to get current installed version: no more rows available Device installation result not found in database No installation result to report in manifest put request body:{ "signatures" : [ { "keyid" : "ae7f4c46e70fa9c4e1410dac7753e3feadc0811e98c6d348791de68c2a1afa75", "method" : "rsassa-pss", "sig" : "YR830p6s9ONM0WfRuoqknJXlyDRgdADbD0DQW5A9Pt9s7p4hPJDktWhoICX0BFDUGTErAuF3IBX24zYbowvwyeKQbt6neGW0UVz4VQ4Vs+PwV9LPedcjGmtBQVKLeQ3MZGtCFKhP0Q7DMdjWyzNyo5l/TkZv0+pZG40snVShvVlx4Ylu9EiUNjOd91hBinI+Ju0k3B7wTqoPTiJQv8aerlhtpPE0NZFcf3wPZAtuTTziaRIpdZmDbnOhSvDqsaHIZ4bUkBI2ooUDQA4NvbDdNwTEU2obInQnhpZunAdHuhQ0wSXq7Y0TGVXE5qwxURKOIRwgv8uPmunaVJ0+drl+yA==" } ], "signed" : { "ecu_version_manifests" : { "ae7f4c46e70fa9c4e1410dac7753e3feadc0811e98c6d348791de68c2a1afa75" : { "signatures" : [ { "keyid" : "ae7f4c46e70fa9c4e1410dac7753e3feadc0811e98c6d348791de68c2a1afa75", "method" : "rsassa-pss", "sig" : "PVBnr9oI0nFG/LH1ESLyT9kv3wnO8Ig+RN9TqJEgyLz9+jpJ/F+OuydoEOqfOt/2d+oSFtsMy+LLIUHhJHjbt7JchKAC3N7WQIt2oEMGfAilmPLj9Tnan/m8SVQoc/TtuhMwk09lramytDWDf8PhGFYhKPLW5Ehb35lEeEvAulIBhBMLBC2GeXk1e1K3D/PRi7CNzSbgzAjCzo7SCp1iHIIzdI7N5+NDNmxYSqh05joc7HGm+BBVppegN9gBRMW62L4Ms+fHUdFZnpbFECDfa25MujyNoQV52wzzoUW1eE2lHaneWl1VSpgZhSb5Ta/YSLYcIvDHJ+dIAH33gmox8g==" } ], "signed" : { "attacks_detected" : "", "ecu_serial" : "ae7f4c46e70fa9c4e1410dac7753e3feadc0811e98c6d348791de68c2a1afa75", "installed_image" : { "fileinfo" : { "hashes" : { "sha256" : "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" }, "length" : 0 }, "filepath" : "unknown" }, "previous_timeserver_time" : "1970-01-01T00:00:00Z", "report_counter" : "1", "timeserver_time" : "1970-01-01T00:00:00Z" } } }, "primary_ecu_serial" : "ae7f4c46e70fa9c4e1410dac7753e3feadc0811e98c6d348791de68c2a1afa75" } }
Trying 0.0.0.0:30443...
Connected to ota.ce (127.0.0.1) port 30443 (#0)
ALPN, offering h2
ALPN, offering http/1.1
CAfile: /tmp/aktualizr-3ab0-152a-c16b-c607/490f-d7d2-tls-ca
CApath: /etc/ssl/certs
SSL connection using TLSv1.2 / ECDHE-ECDSA-AES256-GCM-SHA384
ALPN, server accepted to use http/1.1
Server certificate:
subject: CN=ota-gateway
start date: Aug 10 13:22:18 2023 GMT
expire date: Aug 7 13:22:18 2033 GMT
subjectAltName: host "ota.ce" matched cert's "ota.ce"
issuer: CN=ota-server-CA
SSL certificate verify ok.
PUT /director/manifest HTTP/1.1 Host: ota.ce:30443 User-Agent: Aktualizr/2020.10-288-gb2ee72ebf Accept: / Content-Type: application/json Content-Length: 1506
Mark bundle as not supporting multiuse < HTTP/1.1 200 OK < Server: nginx/1.13.7 < Date: Fri, 11 Aug 2023 06:55:13 GMT < Content-Type: text/plain; charset=UTF-8 < Content-Length: 2 < Connection: keep-alive < X-Ats-Version: 3d60bb94256e58dfe0a42a9bec90ae58dea1d1ab-SNAPSHOT <
Connection #0 to host ota.ce left intact response http code: 200 response: OK Root metadata not found in database GET https://ota.ce:30443/director/1.root.json
Trying 0.0.0.0:30443...
Connected to ota.ce (127.0.0.1) port 30443 (#0)
ALPN, offering h2
ALPN, offering http/1.1
CAfile: /tmp/aktualizr-3ab0-152a-c16b-c607/490f-d7d2-tls-ca
CApath: /etc/ssl/certs
SSL connection using TLSv1.2 / ECDHE-ECDSA-AES256-GCM-SHA384
ALPN, server accepted to use http/1.1
Server certificate:
subject: CN=ota-gateway
start date: Aug 10 13:22:18 2023 GMT
expire date: Aug 7 13:22:18 2033 GMT
subjectAltName: host "ota.ce" matched cert's "ota.ce"
issuer: CN=ota-server-CA
SSL certificate verify ok.
GET /director/1.root.json HTTP/1.1 Host: ota.ce:30443 User-Agent: Aktualizr/2020.10-288-gb2ee72ebf Accept: /
Mark bundle as not supporting multiuse < HTTP/1.1 200 OK < Server: nginx/1.13.7 < Date: Fri, 11 Aug 2023 06:55:14 GMT < Content-Type: application/json < Content-Length: 1447 < Connection: keep-alive < X-Ats-Version: 3d60bb94256e58dfe0a42a9bec90ae58dea1d1ab-SNAPSHOT <
Connection #0 to host ota.ce left intact response http code: 200 response: {"signatures":[{"keyid":"bc8d400656c08c0029a9f7f194385db05d30bf1b64ca837ffec70fa5da10bfd7","method":"ed25519","sig":"Tn3FClfsRb11DPgjcsog6Tgzgstl/vQEsDGfwXNcASKHGALj6/+FZ5e27PzdHwUtg0yWr3nOOHkgvTNnJQJmBw=="}],"signed":{"keys":{"1f5ad457ec7021253a7f4f15ec5a5ff07086ea9f9588d0eaa186cb4a1004e6e4":{"keyval":{"public":"88b0bc934c6a896c33c0c540fce10cd6199a3a5cf71e68e01ca4f7c21036ea03"},"keytype":"ED25519"},"2832a851d7b33b9e59c97907e475be4220c5df3316debe34e0892f1135dc34ce":{"keyval":{"public":"22fcbc3b2746a51ee9cfa5a1664dfb275a2a70dbce8aeb37445086178b720aec"},"keytype":"ED25519"},"2eb4fef7b6006f16540c1299e70ef04feaf391503508c8ec7da272c992564747":{"keyval":{"public":"744cc1e3e6558905a7b0a91e9fbf07b75bbc2a74398c6b389e2ee2db90a2cdeb"},"keytype":"ED25519"},"bc8d400656c08c0029a9f7f194385db05d30bf1b64ca837ffec70fa5da10bfd7":{"keyval":{"public":"b93ae159746f2740a3b080e2828788cc51f33adc0680bbdc7c679f731df255fe"},"keytype":"ED25519"}},"roles":{"snapshot":{"keyids":["2eb4fef7b6006f16540c1299e70ef04feaf391503508c8ec7da272c992564747"],"threshold":1},"targets":{"keyids":["1f5ad457ec7021253a7f4f15ec5a5ff07086ea9f9588d0eaa186cb4a1004e6e4"],"threshold":1},"root":{"keyids":["bc8d400656c08c0029a9f7f194385db05d30bf1b64ca837ffec70fa5da10bfd7"],"threshold":1},"timestamp":{"keyids":["2832a851d7b33b9e59c97907e475be4220c5df3316debe34e0892f1135dc34ce"],"threshold":1}},"version":1,"expires":"2024-08-10T06:55:04Z","consistent_snapshot":false,"_type":"Root"}} GET https://ota.ce:30443/director/2.root.json
Trying 0.0.0.0:30443...
Connected to ota.ce (127.0.0.1) port 30443 (#0)
ALPN, offering h2
ALPN, offering http/1.1
CAfile: /tmp/aktualizr-3ab0-152a-c16b-c607/490f-d7d2-tls-ca
CApath: /etc/ssl/certs
SSL connection using TLSv1.2 / ECDHE-ECDSA-AES256-GCM-SHA384
ALPN, server accepted to use http/1.1
Server certificate:
subject: CN=ota-gateway
start date: Aug 10 13:22:18 2023 GMT
expire date: Aug 7 13:22:18 2033 GMT
subjectAltName: host "ota.ce" matched cert's "ota.ce"
issuer: CN=ota-server-CA
SSL certificate verify ok.
GET /director/2.root.json HTTP/1.1 Host: ota.ce:30443 User-Agent: Aktualizr/2020.10-288-gb2ee72ebf Accept: /
Mark bundle as not supporting multiuse < HTTP/1.1 424 Failed Dependency < Server: nginx/1.13.7 < Date: Fri, 11 Aug 2023 06:55:14 GMT < Content-Type: application/json < Content-Length: 154 < Connection: keep-alive < X-Ats-Version: 3d60bb94256e58dfe0a42a9bec90ae58dea1d1ab-SNAPSHOT <
Connection #0 to host ota.ce left intact response http code: 424 response: {"code":"root_role_not_found","description":"root role was not found in upstream key store","cause":null,"errorId":"006155b2-fa7b-4bbd-a47b-f06e523920a1"} GET https://ota.ce:30443/director/targets.json
Trying 0.0.0.0:30443...
Connected to ota.ce (127.0.0.1) port 30443 (#0)
ALPN, offering h2
ALPN, offering http/1.1
CAfile: /tmp/aktualizr-3ab0-152a-c16b-c607/490f-d7d2-tls-ca
CApath: /etc/ssl/certs
SSL connection using TLSv1.2 / ECDHE-ECDSA-AES256-GCM-SHA384
ALPN, server accepted to use http/1.1
Server certificate:
subject: CN=ota-gateway
start date: Aug 10 13:22:18 2023 GMT
expire date: Aug 7 13:22:18 2033 GMT
subjectAltName: host "ota.ce" matched cert's "ota.ce"
issuer: CN=ota-server-CA
SSL certificate verify ok.
GET /director/targets.json HTTP/1.1 Host: ota.ce:30443 User-Agent: Aktualizr/2020.10-288-gb2ee72ebf Accept: /
Mark bundle as not supporting multiuse < HTTP/1.1 200 OK < Server: nginx/1.13.7 < Date: Fri, 11 Aug 2023 06:55:14 GMT < Content-Type: application/json < Content-Length: 296 < Connection: keep-alive < X-Ats-Version: 3d60bb94256e58dfe0a42a9bec90ae58dea1d1ab-SNAPSHOT <
Connection #0 to host ota.ce left intact response http code: 200 response: {"signatures":[{"keyid":"1f5ad457ec7021253a7f4f15ec5a5ff07086ea9f9588d0eaa186cb4a1004e6e4","method":"ed25519","sig":"E1XBG59DCzPFIOVT40At9YNdWFxwpCU5ssoL8J2GD7M0x7Xk+j/4tEPe8IGFGvZcdT5+z9w6G9Z5R0Kb9AflBw=="}],"signed":{"expires":"2023-09-11T06:55:04Z","targets":{},"version":1,"_type":"Targets"}} targets metadata not found in database No new updates found in Uptane metadata. Flushing report queue
simao
commented
1 year ago get-credentials will create some required resources on the server side (uptane repo, image repo, keys, etc) and will build a credentials.zip file with your root.json and targets keys.
I use docker compose to run the server and use aktualizr as client. I followed the instruction of read me. But when I run the aktualizr with following command, I always got an http 403 error. do you have some hint? it seems there is no problem of the mutual TLS.