retry and fetch an updated firmware url if the first try 401s #194
Conversation
joshk
force-pushed
the
firmware-update-401-retries
branch
2 times, most recently
from
ca5748b to
7b0414b
Compare
joshk
force-pushed
the
firmware-update-401-retries
branch
3 times, most recently
from
63e983b to
fcfd50f
Compare
|
@jjcarstens I'm wondering if maybe the better way to approach this issue is to have Thoughts? |
|
For time being out of whack, one solution is to have the device include what they think the time is in join. Then the server can tell whether the client is confused or has an expired thing. It can even pass down the current time. This could be an optional mechanism for getting the time (trust the server) which is helpful for a Pi for example. But mostly it lets one tell the difference between bad auth and being out of sync. |
|
A noble thought @lawik, but I don't think that will work. Time is a required component of the connect for a couple reasons:
However, the middle ground is a decent idea to just include the |
|
Shared secret has this issue. The SSL is not failing, it gets a 401 and if we knew what it thinks the time is we can detect it and give a better "why is NervesHubLink not up"-experience. My PIs have this and log a ton of 401s on every restart. My guess is that they generate times at UTC until NervesTime syncs. Or something. Time is not 1977-01-01 :) SSL works it seems |
|
@jjcarstens I've reworked the logic of this feature to now send updates from the I think this is a better setup, and there are options to improve it further. |
| %State{} = state | ||
| ) do | ||
| state = maybe_update_firmware(update, fwup_public_keys, state) | ||
| state = maybe_update_firmware(update, fwup_public_keys, elem(from, 0), state) |
There was a problem hiding this comment.
@jjcarstens is it ok to use elem(from, 0)? or is this bad practice?
joshk
force-pushed
the
firmware-update-401-retries
branch
from
0e54572 to
39df313
Compare
lib/nerves_hub_link/socket.ex
Outdated
| if is_atom(result) do | ||
| %{result: result} | ||
| else | ||
| %{result: elem(result, 0), reason: elem(result, 1)} |
There was a problem hiding this comment.
If we're not doing anything with the {:error portion of the tuple, why have it? We could just simplify and make it an atom return
There was a problem hiding this comment.
That or change the success condition to be {:ok, result} and we always return the same structure of %{result: :ok | :error, reason: reason}
There was a problem hiding this comment.
there are six events that can be sent from the UpdateManager to Socket are, the update ...
- started
- was ignored
- was rescheduled
- completed successfully
- failed due to a 401 error (
download_unauthorized) - failed due to a non fatal download error (
non_fatal)
I had modelled this as ...
:started:ignored{:rescheduled, ms, rescheduled_to(ms)}:completed{:error, :download_unauthorized}- and
{:error, :non_fatal}
I could change :completed to {:ok, :completed} to match the structure of the error cases, although the :ok is kinda superfluous information. It would also mean that :ignored and :started would need to change.
In Hub each of these cases would update registry in slightly different ways.
Thoughts?
I also realized that I hadn't accounted for {:rescheduled, ms, rescheduled_to(ms)}
this is a fix for #47
if the download returns a 401 it will retry once and then exit
I have also trapped
Downloaderexits and nil'dUpdateManagerstate where appropriate