Merge pull request #36 from grisp/sylane/cleanup

Cleanup, use grisp_cryptoauth TLS helper and start supporting grisp_updater

.github/workflows/ct.yml

@@ -27,7 +27,7 @@ jobs:
         run: |
           eval `ssh-agent -s`
           ssh-add - <<< '${{ secrets.STRITZINGER_BOT_SSH_KEY }}'
-          rebar3 compile
+          rebar3 as test compile
       - name: Run ct
         run: |
           eval `ssh-agent -s`

.gitignore

@@ -19,3 +19,7 @@ rebar3.crashdump
 *~
 .DS_Store
 doc
+.tool-versions
+eeprom_*.dat
+dummy.img
+priv/server/*

CHANGELOG.md

@@ -8,4 +8,9 @@ and this project adheres to
 
 ## [Unreleased]
 
+- Cleanup prod/dev/local profiles.
+- Use grisp_cryptoauth EMULATE_CRYPTOAUTH for tests and local shell.
+- Use grisp_cryptoauth TLS helper to generate TLS options.
+- Start integrating grisp updater.
+
 [Unreleased]: https://github.com/grisp/grisp/compare/6b59d16383b3e5154ef839bcf5c77a6b770aada5...HEAD

README.md

@@ -76,3 +76,43 @@ You can copy paste these settings. Here we both swap the default logger handler
     ]}
 ].
 ```
+
+## Local Development
+
+Add an entry in your local hosts file so the domain www.seawater.local points
+to your local development server.
+
+Start a local development shell:
+
+    rebar3 as local shell
+
+Run tests:
+
+    rebar3 ct
+
+
+## Development on GRiSP Hardware
+
+Add an entry in the grisp hosts file so the domain www.seawater.local points
+to your local development server.
+
+e.g. using `ifconfig` command (MacOS and older linux):
+
+    echo "$(ifconfig | grep 'inet ' | grep -v 127.0.0.1 | awk '{ print $2 }' | head -n 1) www.seawater.local" >> grisp/default/common/deploy/files/etc/hosts
+]
+e.g. using `ip` command (Newer linux):
+
+    echo "$(ip addr show | grep 'inet ' | grep -v 127.0.0.1 | awk '{print $2}' | cut -d/ -f1 | head -n 1) www.seawater.local" >> grisp/default/common/deploy/files/etc/hosts
+
+To deploy the release, configure rebar3_grisp's deploy configuration in
+rebar.config and then run:
+
+    rebar3 as dev grisp deploy
+
+
+## Production on GRiSP Hardware
+
+To deploy on GRiSP hardware for production, configure rebar3_grisp's deploy
+configuration in rebar.config and then run:
+
+    rebar3 as prod grisp deploy

config/dev.config

@@ -0,0 +1,26 @@
+[
+    {grisp_cryptoauth, [
+        {tls_server_trusted_certs, {priv, grisp_connect, "server"}}
+    ]},
+
+    {grisp_connect, [
+        {domain, "www.seawater.local"},
+        {port, 8443}
+    ]},
+
+    {kernel, [
+        {logger_level, info},
+        {logger, [
+            {handler, default, logger_std_h, #{
+                config => #{type => standard_io},
+                filters => [
+                    % Filter out supervisor progress reports so
+                    % TLS certificates are not swamping the console...
+                    {filter_out_progress, {
+                        fun grisp_connect_logger_bin:filter_out/2,
+                        {supervisor, report_progress}}}
+                ]
+            }}
+        ]}
+    ]}
+].

config/local.config

@@ -0,0 +1,29 @@
+[
+    {grisp, [
+        {emulation, {grisp2, grisp_emulation}}
+    ]},
+
+    {grisp_cryptoauth, [
+        {tls_server_trusted_certs, {priv, grisp_connect, "server"}},
+        {tls_client_truste_certs, {test, grisp_connect, "certs/CA.crt"}},
+        {client_certs, {test, grisp_connect, "certs/client.crt"}},
+        {client_key, {test, grisp_connect, "certs/client.key"}}
+    ]},
+
+    {grisp_updater, [
+        {system, {grisp_updater_dummy, #{}}},
+        {sources, [
+            {grisp_updater_tarball, #{}},
+            {grisp_updater_http, #{
+                backend => {grisp_updater_grisp2, #{}}
+            }}
+        ]}
+    ]},
+
+    {grisp_connect, [
+        {domain, "www.seawater.local"},
+        {port, 8443}
+    ]},
+
+    {kernel, [{logger_level, debug}]}
+].

config/sys.config

@@ -1,5 +1,11 @@
 [
+    {grisp_cryptoauth, [
+        {tls_server_trusted_certs_cb, {certifi, cacerts, []}}
+    ]},
+
     {grisp_connect, [
         {device_linking_token, <<"...">>}
-    ]}
+    ]},
+
+    {kernel, [{logger_level, notice}]}
 ].

config/test.config

@@ -2,6 +2,14 @@
     {grisp, [
         {emulation, {grisp2, grisp_emulation}}
     ]},
+
+    {grisp_cryptoauth, [
+        {tls_client_trusted_certs, {test, grisp_connect, "certs/CA.crt"}},
+        {client_certs, {test, grisp_connect, "certs/client.crt"}},
+        {client_key, {test, grisp_connect, "certs/client.key"}},
+        {tls_verify, verify_none}
+    ]},
+
     {grisp_connect, [
         {domain, localhost},
         {port, 3030}

grisp/grisp2/common/deploy/files/etc/hosts

@@ -0,0 +1,3 @@
+149.248.205.211 devices.grisp.io
+37.16.30.91 devices.stage.grisp.io
+212.25.1.1 0.europe.pool.ntp.org

rebar.config

@@ -1,14 +1,9 @@
 {erl_opts, [debug_info]}.
 {deps, [
-  grisp,
-  certifi,
+  {grisp, "~> 2.5"},
   {gun, "2.1.0"},
-  jsx
-]}.
-
-{shell, [
-    {config, "config/sys.config"},
-    {apps, [grisp_connect]}
+  jsx,
+  {grisp_cryptoauth, "~> 2.4"}
 ]}.
 
 {plugins, [rebar3_grisp, rebar3_ex_doc]}.
@@ -24,11 +19,6 @@
     ]}
 ]}.
 
-{relx, [
-    {sys_config, "config/sys.config"},
-    {release, {grisp_connect, "0.1.0"}, [grisp_connect]}
-]}.
-
 {hex, [{doc, #{provider => ex_doc}}]}.
 
 {ex_doc, [
@@ -45,30 +35,41 @@
 ]}.
 
 {profiles, [
-    {grisp, [
-        {deps, [
-            {grisp_cryptoauth, "2.3.0"}
+    {prod, [
+        {deps, [certifi]},
+        {relx, [
+            {release, {grisp_connect, "0.1.0"}, [certifi, grisp_connect]},
+            {sys_config, "config/sys.config"}
         ]}
     ]},
-    {prod, [
+    {dev, [
+        {relx, [
+            {release, {grisp_connect, "0.1.0"}, [grisp_connect]},
+            {sys_config, "config/dev.config"}
+        ]}
+    ]},
+    {local, [
         {deps, [
-            {grisp_cryptoauth, "2.3.0"}
+            {grisp_emulation, "0.2.2"},
+            {grisp_updater_grisp2, {git, "https://github.com/grisp/grisp_updater_grisp2.git", {branch, "main"}}}
+        ]},
+        {overrides, [
+            {add, grisp_cryptoauth, [{erl_opts, [{d, 'EMULATE_CRYPTOAUTH'}]}]}
+        ]},
+        {shell, [
+            {apps, [grisp_emulation, grisp_updater_grisp2, grisp_connect]},
+            {config, "./config/local.config"}
         ]}
     ]},
     {test, [
-        {overrides,
-            [{add, eresu, [
-                {erl_opts, [{d,'TEST'}]}]
-            }]
-        },
         {deps, [
-            {grisp_emulation, "0.2.0"},
+            {grisp_emulation, "0.2.2"},
             {grisp_manager, {git, "[email protected]:stritzinger/grisp_manager", {branch, "main"}}}
         ]},
-        {ct_opts, [{sys_config, "./config/test.config"}]},
-        {shell, [
-            {apps, [grisp_emulation, grisp_connect]},
-            {config, "config/test.config"}
-        ]}
+        {overrides, [
+            {add, eresu, [{erl_opts, [{d, 'TEST'}]}]},
+            {add, grisp_cryptoauth, [{erl_opts, [{d, 'EMULATE_CRYPTOAUTH'}]}]}
+        ]},
+        {ct_opts, [{sys_config, "./config/test.config"}]}
     ]}
 ]}.

rebar.lock

@@ -1,22 +1,22 @@
 {"1.2.0",
-[{<<"certifi">>,{pkg,<<"certifi">>,<<"2.13.0">>},0},
- {<<"cowlib">>,{pkg,<<"cowlib">>,<<"2.13.0">>},1},
- {<<"grisp">>,{pkg,<<"grisp">>,<<"2.5.0">>},0},
+[{<<"cowlib">>,{pkg,<<"cowlib">>,<<"2.13.0">>},1},
+ {<<"grisp">>,{pkg,<<"grisp">>,<<"2.6.0">>},0},
+ {<<"grisp_cryptoauth">>,{pkg,<<"grisp_cryptoauth">>,<<"2.4.0">>},0},
  {<<"gun">>,{pkg,<<"gun">>,<<"2.1.0">>},0},
  {<<"jsx">>,{pkg,<<"jsx">>,<<"3.1.0">>},0},
  {<<"mapz">>,{pkg,<<"mapz">>,<<"2.4.0">>},1}]}.
 [
 {pkg_hash,[
- {<<"certifi">>, <<"E52BE248590050B2DD33B0BB274B56678F9068E67805DCA8AA8B1CCDB016BBF6">>},
  {<<"cowlib">>, <<"DB8F7505D8332D98EF50A3EF34B34C1AFDDEC7506E4EE4DD4A3A266285D282CA">>},
- {<<"grisp">>, <<"DBC40DDA075F9ED7A68B112AFBC7C2B122EB5CE2DDF4C029E952B3D7492EA90B">>},
+ {<<"grisp">>, <<"9B6521555B15D54D232160B6AA843CB9D09555EF4EB9991C6C367A38D6DCAEA2">>},
+ {<<"grisp_cryptoauth">>, <<"60773DFCB597893A1E98BFE2974A74C277D9FF6CE16BD918BFD906D43AAB86C0">>},
  {<<"gun">>, <<"B4E4CBBF3026D21981C447E9E7CA856766046EFF693720BA43114D7F5DE36E87">>},
  {<<"jsx">>, <<"D12516BAA0BB23A59BB35DCCAF02A1BD08243FCBB9EFE24F2D9D056CCFF71268">>},
  {<<"mapz">>, <<"77A8E38B69BAB16C5D3EBD44E6C619F8AF1F1598B0CAAE301D266605A0865756">>}]},
 {pkg_hash_ext,[
- {<<"certifi">>, <<"8F3D9533A0F06070AFDFD5D596B32E21C6580667A492891851B0E2737BC507A1">>},
  {<<"cowlib">>, <<"E1E1284DC3FC030A64B1AD0D8382AE7E99DA46C3246B815318A4B848873800A4">>},
- {<<"grisp">>, <<"EC298EB0B26598B6D843A342AE7498801FDF46625D9E58AF6D73C7F5C3C15391">>},
+ {<<"grisp">>, <<"71E9DDEF2236F731C0F9998E07AB9B4F0F657C774552555B7572EA9F47711405">>},
+ {<<"grisp_cryptoauth">>, <<"D9BD51BC877986404FCF6DB1E3DF196C919BD6F55398FA03262D1C4323410AB9">>},
  {<<"gun">>, <<"52FC7FC246BFC3B00E01AEA1C2854C70A366348574AB50C57DFE796D24A0101D">>},
  {<<"jsx">>, <<"0C5CC8FDC11B53CC25CF65AC6705AD39E54ECC56D1C22E4ADB8F5A53FB9427F3">>},
  {<<"mapz">>, <<"4B68DF5CF0522E0D6545DF7B681BC052865CDB78405AD4CC9C55FE45EE7B25BE">>}]}

src/grisp_connect.app.src

@@ -9,12 +9,11 @@
         stdlib,
         grisp,
         grisp_cryptoauth,
-        certifi,
         gun,
         jsx
     ]},
     {optional_applications, [
-        grisp_cryptoauth
+        grisp_updater_grisp2
     ]},
     {env, [
         {domain, "devices.grisp.io"},
@@ -31,7 +30,16 @@
           {handler,
            grisp_connect_log_handler,
            grisp_connect_logger_bin,
-           #{formatter => {grisp_connect_logger_bin, #{}}}}
+           #{formatter => {grisp_connect_logger_bin, #{}},
+             % Filter out supervisor progress reports to prevent the ones
+             % from tls_dyn_connection_sup that logs all the certificates
+             % to crash the connection...
+             filters => [
+                {filter_out_progress,
+                  {fun grisp_connect_logger_bin:filter_out/2,
+                    {supervisor, report_progress}}}
+             ]
+           }}
         ]}
     ]},
     {modules, []},

src/grisp_connect_client.erl

@@ -87,7 +87,7 @@ waiting_ip(state_timeout, retry, Data) ->
             ?LOG_INFO(#{event => checked_ip, ip => IP}),
             {next_state, connecting, Data};
         invalid ->
-            ?LOG_INFO(#{event => waiting_ip}),
+            ?LOG_DEBUG(#{event => waiting_ip}),
             {next_state, waiting_ip, Data, [{state_timeout, ?STD_TIMEOUT, retry}]}
     end;
 ?HANDLE_COMMON.
@@ -104,7 +104,7 @@ connecting(state_timeout, wait, Data) ->
             ?LOG_NOTICE(#{event => connected}),
             {next_state, connected, Data};
         false ->
-            ?LOG_INFO(#{event => waiting_ws_connection}),
+            ?LOG_DEBUG(#{event => waiting_ws_connection}),
             {keep_state_and_data, [{state_timeout, ?STD_TIMEOUT, wait}]}
     end;
 connecting(cast, disconnected, _Data) ->
@@ -147,7 +147,7 @@ connected({call, From}, {request, Method, Type, Params},
 handle_common(cast, connect, State, _Data) when State =/= idle ->
     keep_state_and_data;
 handle_common({call, From}, is_connected, State, _) when State =/= connected ->
-        {keep_state_and_data, [{reply, From, false}]};
+    {keep_state_and_data, [{reply, From, false}]};
 handle_common({call, From}, {request, _, _, _}, State, _Data)
 when State =/= connected ->
     {keep_state_and_data, [{reply, From, {error, disconnected}}]};