-
Notifications
You must be signed in to change notification settings - Fork 28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve Nitrokey Start upgrade process #255
base: master
Are you sure you want to change the base?
Conversation
With this patch, we register a custom signal handler for the start update subcommand that asks the user for confirmation if they trigger a SIGINT signal, for example by pressing Ctrl+C.
This patch improves the error messages for the Nitrokey Start update process so that it no longer recommends device reinsertion. Instead, users should try to repeat the update if it fails. If they remove the device after an unsuccessful update, they risk bricking the device.
With this patch, we replace the /releases API endpoint with /releases/latest. This endpoint only returns proper releases, not pre-releases, so users are no longer offered firmware release candidates.
I’ve added checks for the udev rules (#232) and changed the release lookup to ignore pre-releases. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good!
Please check the note regarding the udev rules.
for d in dirs: | ||
if os.path.isdir(d): | ||
for name in os.listdir(d): | ||
if fnmatch.fnmatch(name, "??-nitrokey.rules"): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
AFAIR using anything starting with number over 70-
will probably not work. At some point we had a rule starting with 99-
, which brought a couple of issues.
I would change this to accept only the official name, which starts with 41-
, to avoid potential problems.
Ideally it would be really nice to check for the updates of the udev file and compare hashes to determine, whether it is up to date.
A couple of ideas more:
If that would not take significant effort, it would be great to have these two. What do you think @robin-nitrokey ? |
There’s already |
Ok, but there might be one problem with it. Once bootloader shows up, it can be still attached by pcscd due to automatic rerun by systemd. Is this rechecked during connection attempt with the bootloader? |
As far as I see, the exception handler that calls |
Alright. This is what I wanted to know. Looks good! |
bump |
From my point of view, this is ready to merge as soon it has been tested with an actual device. |
I have merged in the latest |
@robin-nitrokey This looks OK for merge. Anything against? |
I think this should be tested at least once due to consequences of an update failure, otherwise it is good to merge. |
tried killing |
Just tested this one (after rebasing onto current I'd suggest merging this one, these seem to be worthwhile updates and there are some other ones that could be added later (e.g., #298, #91, to name but a few). I also plan for proposing one for the issue I'm personally facing (Nitrokey/nitrokey-start-firmware#23). EDIT: noticed one small item about the udev message, please see a line comment below. |
): | ||
"""update device's firmware""" | ||
|
||
if not find_udev_rules(): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Noticed when testing my (unrelated) changes on top this PR - there is an udev-related advice in local_critical()
, which seems to be redundant now, so probably should be removed.
GH review functionality doesn't allow me to attach a comment to an unchanged line, so putting it here. The line I'm talking about is:
f"- Please check if you have udev rules installed: {UDEV_URL}"
Looks like I actually do observe the "ICC" error. I had an already-provisioned Start and with that the |
That error is also present on the At the end of the day, it looks like something is holding on to the token, and after some iteration of killing The Maybe this deserves a dedicated issue at this point. I'll continue debugging this later next week as this blocks me from updating my token. |
This PR improves the Nitrokey Start upgrade process with the goal to avoid bricked devices after failed updates.
Changes
Checklist
make check
ormake fix
for the formatting check