Release iotaupdt.php


#1

Hi Bob,

Would you be willing to upload the PHP code you use for the updater (iotaupdt.php) to github?

I was unable to locate it in the github source tree and want to run my own local updater (with own priv/pub key) for my hombrew IoTaWatt which would save me re-inventing the wheel and make pushing updates to my running device much easier than flashing via USB while it is in my meter box.


#2

Sure, not worth putting on Github, here you go:

<?PHP

function check_header($name, $value = false) {
    if(!isset($_SERVER[$name])) {
        return false;
    }
    if($value && $_SERVER[$name] != $value) {
        return false;
    }
    return true;
}

if( !check_header('HTTP_USER_AGENT', 'IotaWatt'))
		{
			header($_SERVER["SERVER_PROTOCOL"].' 403 Forbidden', true, 403);
			echo "only for IotaWatt update\n";
			exit();
		}
	
if( !check_header('HTTP_X_UPDATE_CLASS'))
		{
			header($_SERVER["SERVER_PROTOCOL"].' 403 Forbidden', true, 403);
			echo "update class not specified\n";
			exit();
		}	
		
if		(check_header('HTTP_X_UPDATE_CLASS', 'TEST')) $curversion = '02_02_29';
else if (check_header('HTTP_X_UPDATE_CLASS', 'ALPHA')) $curversion = '02_02_29';
else if (check_header('HTTP_X_UPDATE_CLASS', 'BETA')) $curversion = '02_02_29';
else if (check_header('HTTP_X_UPDATE_CLASS', 'MINOR')) $curversion = '02_02_29';
else if (check_header('HTTP_X_UPDATE_CLASS', 'MAJOR')) $curversion = '02_02_29';
else if (check_header('HTTP_X_UPDATE_CLASS', 'DEBUG')) $curversion = '02_02_20';
else    {
			header($_SERVER["SERVER_PROTOCOL"].' 403 Forbidden', true, 403);
			echo "update class invalid\n";
			exit();
		} 
		
header($_SERVER["SERVER_PROTOCOL"].' 200 OK', true, 200);
header('Content-Type: TEXT', true);
header('Content-Length: 8', true);
echo $curversion;
exit();
		
?>

I’m sure this is not what you expected. This returns the current release for the supplied auto-update class. IoTaWatt then downloads that release.

The release is encapsulated, firmware and associated SD files, into a single BLOB that is digitally signed offline. The private key has never been online and is not stored on the IoTaWatt server. In today’s world, that is the only viable definition of private.

The device that builds and signs the release BLOB is an ESP8266 based device that I built. The firmware that runs in them is not something that I want to publish on Github because I don’t want to document and support it in the public domain. It uses cryptography which is something that I struggle to use with confidence and I only work with when I have the time to come back up to speed.

For your purposes, I would suggest simply adding the ESP OTA software and invoke it in addition to or instead of the IoTaWatt update service.