54a2c8d087
In collaboration with @dangowrt the server makes use of `ucert`. Active workers sign created firmware and clients check if the signature is valid. Certs of *hacked* or inactive workers can be revoked. Private CA key is **not** stored on the upgrade server. Only for devices already supporting ucert via firmware metadata. Signed-off-by: Paul Spooren <mail@aparcar.org>
17 lines
433 B
Bash
17 lines
433 B
Bash
#!/bin/sh
|
|
|
|
[ -e /etc/config/attendedsysupgrade ] && return 0
|
|
|
|
touch /etc/config/attendedsysupgrade
|
|
|
|
uci -q batch <<EOF
|
|
set attendedsysupgrade.server=server
|
|
set attendedsysupgrade.server.url='https://chef.libremesh.org'
|
|
|
|
set attendedsysupgrade.client=client
|
|
set attendedsysupgrade.client.upgrade_packages='1'
|
|
set attendedsysupgrade.client.auto_search='0'
|
|
set attendedsysupgrade.client.advanced_mode='0'
|
|
|
|
commit attendedsysupgrade
|
|
EOF
|