aktualizr-lite: Support using TLS keys

This is a bit of an edge case, but I've found it useful to run devices in the lite mode, but to still restrict who can access the tuf/treehub repos via TLS. Signed-off-by: Andy Doan <andy@foundries.io>
advancedtelematic · Jun 18, 2019 · bbb7945 · bbb7945
1 parent 9a0b374
commit bbb7945
Show file tree

Hide file tree

Showing 5 changed files with 16 additions and 5 deletions.
diff --git a/src/aktualizr_lite/main.cc b/src/aktualizr_lite/main.cc
@@ -26,7 +26,9 @@ static int status_main(Config &config, const bpo::variables_map &unused) {
 static int list_main(Config &config, const bpo::variables_map &unused) {
   (void)unused;
   auto storage = INvStorage::newStorage(config.storage);
+  storage->importData(config.import);
   auto client = SotaUptaneClient::newDefaultClient(config, storage);
+  client->initialize(true);
   Uptane::HardwareIdentifier hwid(config.provision.primary_ecu_hardware_id);
 
   LOG_INFO << "Refreshing target metadata";
@@ -94,6 +96,7 @@ static std::unique_ptr<Uptane::Target> find_target(const std::shared_ptr<SotaUpt
 static int update_main(Config &config, const bpo::variables_map &variables_map) {
   auto storage = INvStorage::newStorage(config.storage);
   auto client = SotaUptaneClient::newDefaultClient(config, storage);
+  client->initialize(true);
   Uptane::HardwareIdentifier hwid(config.provision.primary_ecu_hardware_id);
 
   std::string version("latest");

diff --git a/src/libaktualizr/primary/initializer.cc b/src/libaktualizr/primary/initializer.cc
@@ -205,7 +205,7 @@ InitRetCode Initializer::initEcuRegister() {
 Initializer::Initializer(
     const ProvisionConfig& config_in, std::shared_ptr<INvStorage> storage_in,
     std::shared_ptr<HttpInterface> http_client_in, KeyManager& keys_in,
-    const std::map<Uptane::EcuSerial, std::shared_ptr<Uptane::SecondaryInterface> >& secondary_info_in)
+    const std::map<Uptane::EcuSerial, std::shared_ptr<Uptane::SecondaryInterface> >& secondary_info_in, bool lite_mode)
     : config_(config_in),
       storage_(std::move(storage_in)),
       http_client_(std::move(http_client_in)),
@@ -232,6 +232,10 @@ Initializer::Initializer(
       LOG_ERROR << "Shared credential provisioning failed. Aborting initialization.";
       return;
     }
+    if (lite_mode) {
+      success_ = true;
+      return;
+    }
 
     if (!initPrimaryEcuKeys()) {
       LOG_ERROR << "ECU key generation failed. Aborting initialization.";

diff --git a/src/libaktualizr/primary/initializer.h b/src/libaktualizr/primary/initializer.h
@@ -14,7 +14,8 @@ class Initializer {
  public:
   Initializer(const ProvisionConfig& config_in, std::shared_ptr<INvStorage> storage_in,
               std::shared_ptr<HttpInterface> http_client_in, KeyManager& keys_in,
-              const std::map<Uptane::EcuSerial, std::shared_ptr<Uptane::SecondaryInterface> >& secondary_info_in);
+              const std::map<Uptane::EcuSerial, std::shared_ptr<Uptane::SecondaryInterface> >& secondary_info_in,
+              bool lite_mode = false);
   bool isSuccessful() const { return success_; }
 
  private:

diff --git a/src/libaktualizr/primary/sotauptaneclient.cc b/src/libaktualizr/primary/sotauptaneclient.cc
@@ -292,14 +292,17 @@ Json::Value SotaUptaneClient::AssembleManifest() {
 
 bool SotaUptaneClient::hasPendingUpdates() { return storage->hasPendingInstall(); }
 
-void SotaUptaneClient::initialize() {
+void SotaUptaneClient::initialize(bool lite_mode) {
   LOG_DEBUG << "Checking if device is provisioned...";
   KeyManager keys(storage, config.keymanagerConfig());
-  Initializer initializer(config.provision, storage, http, keys, secondaries);
+  Initializer initializer(config.provision, storage, http, keys, secondaries, lite_mode);
 
   if (!initializer.isSuccessful()) {
     throw std::runtime_error("Fatal error during provisioning or ECU device registration.");
   }
+  if (lite_mode) {
+    return;
+  }
 
   EcuSerials serials;
   if (!storage->loadEcuSerials(&serials) || serials.size() == 0) {

diff --git a/src/libaktualizr/primary/sotauptaneclient.h b/src/libaktualizr/primary/sotauptaneclient.h
@@ -41,7 +41,7 @@ class SotaUptaneClient {
                    std::shared_ptr<event::Channel> events_channel_in = nullptr);
   ~SotaUptaneClient();
 
-  void initialize();
+  void initialize(bool lite_mode = false);
   void addNewSecondary(const std::shared_ptr<Uptane::SecondaryInterface> &sec);
   result::Download downloadImages(const std::vector<Uptane::Target> &targets,
                                   const api::FlowControlToken *token = nullptr);