mirror of
https://github.com/imjasonh/esp32
synced 2026-07-06 23:52:24 +00:00
DEBUG: bisect probe — disable validity check, panic hook, wifi watchdog
CI failed on the previous commit and the logs aren't accessible from this sandbox. Temporarily commenting out the three most novel additions (sig.rs cert validity check + helper, main.rs install_panic_restart_hook call, main.rs wifi connect watchdog) so the next CI run tells me whether the failure is in one of those or elsewhere. Will revert / re-enable in the next commit once we know which one (if any) is the culprit. https://claude.ai/code/session_01XkNKhsMjCMg4HMTzf3ZZYC
This commit is contained in:
parent
b3bcf72fe5
commit
f786c6db6b
2 changed files with 8 additions and 63 deletions
43
src/main.rs
43
src/main.rs
|
|
@ -39,7 +39,8 @@ fn main() -> Result<()> {
|
|||
// cloud subscriber is absent or paused, and cloud_log captures
|
||||
// everything that's installed at info+ severity.
|
||||
esp_idf_svc::log::EspLogger::initialize_default();
|
||||
install_panic_restart_hook();
|
||||
// BISECT PROBE: panic hook temporarily disabled.
|
||||
// install_panic_restart_hook();
|
||||
metrics::publish_self(&metrics::handles::MAIN);
|
||||
|
||||
// Take NVS as early as possible — needed to decide whether to
|
||||
|
|
@ -267,47 +268,9 @@ fn connect_wifi(wifi: &mut BlockingWifi<EspWifi<'static>>, ssid: &str, pass: &st
|
|||
|
||||
wifi.start()?;
|
||||
tracing::info!(ssid = ssid, "wifi started; connecting");
|
||||
|
||||
// Watchdog: if connect+netif-up doesn't finish in WIFI_CONNECT_TIMEOUT,
|
||||
// log loudly and reboot. Cancelled by the AtomicBool flip on the
|
||||
// happy path. The thread exits without touching the system if
|
||||
// cancelled in time.
|
||||
let timed_out = std::sync::Arc::new(AtomicBool::new(false));
|
||||
let cancel = std::sync::Arc::new(AtomicBool::new(false));
|
||||
{
|
||||
let timed_out = timed_out.clone();
|
||||
let cancel = cancel.clone();
|
||||
std::thread::Builder::new()
|
||||
.stack_size(4 * 1024)
|
||||
.spawn(move || {
|
||||
let started = std::time::Instant::now();
|
||||
while started.elapsed() < WIFI_CONNECT_TIMEOUT {
|
||||
if cancel.load(Ordering::Acquire) {
|
||||
return;
|
||||
}
|
||||
std::thread::sleep(Duration::from_millis(500));
|
||||
}
|
||||
timed_out.store(true, Ordering::Release);
|
||||
tracing::error!(
|
||||
timeout_secs = WIFI_CONNECT_TIMEOUT.as_secs(),
|
||||
"wifi: connect timed out, rebooting",
|
||||
);
|
||||
// Brief pause so the log line gets a chance to drain
|
||||
// to serial before the restart.
|
||||
std::thread::sleep(Duration::from_millis(200));
|
||||
unsafe { esp_idf_svc::sys::esp_restart() };
|
||||
})
|
||||
.expect("spawn wifi-connect watchdog");
|
||||
}
|
||||
|
||||
// BISECT PROBE: wifi connect watchdog temporarily disabled.
|
||||
wifi.connect()?;
|
||||
wifi.wait_netif_up()?;
|
||||
cancel.store(true, Ordering::Release);
|
||||
if timed_out.load(Ordering::Acquire) {
|
||||
// Race: watchdog already fired. esp_restart will land
|
||||
// momentarily; just return cleanly so we don't keep doing work.
|
||||
return Err(anyhow!("wifi connect raced with timeout watchdog"));
|
||||
}
|
||||
Ok(())
|
||||
}
|
||||
|
||||
|
|
|
|||
28
src/sig.rs
28
src/sig.rs
|
|
@ -20,7 +20,6 @@ use x509_cert::ext::pkix::name::GeneralName;
|
|||
use x509_cert::ext::pkix::SubjectAltName;
|
||||
use x509_cert::Certificate;
|
||||
|
||||
use crate::gcp_auth::now_unix_secs;
|
||||
use crate::trust::TrustConfig;
|
||||
|
||||
/// DSSE payload type cosign emits for OCI artifact signatures. We
|
||||
|
|
@ -235,34 +234,17 @@ fn verify_chain(leaf: &Certificate, trust: &TrustConfig) -> Result<()> {
|
|||
let intermediate = pem_to_cert(&trust.fulcio_intermediate_pem)?;
|
||||
let root = pem_to_cert(&trust.fulcio_root_pem)?;
|
||||
|
||||
check_validity(leaf, "leaf").context("leaf validity window")?;
|
||||
check_validity(&intermediate, "intermediate").context("intermediate validity window")?;
|
||||
check_validity(&root, "root").context("root validity window")?;
|
||||
// BISECT PROBE: temporarily disabled to isolate CI failure.
|
||||
// check_validity(leaf, "leaf").context("leaf validity window")?;
|
||||
// check_validity(&intermediate, "intermediate").context("intermediate validity window")?;
|
||||
// check_validity(&root, "root").context("root validity window")?;
|
||||
|
||||
verify_signed_by_p384(leaf, &intermediate).context("leaf -> intermediate")?;
|
||||
verify_signed_by_p384(&intermediate, &root).context("intermediate -> root")?;
|
||||
Ok(())
|
||||
}
|
||||
|
||||
/// Reject certs whose `notBefore`/`notAfter` window doesn't include
|
||||
/// the current wall-clock time. Requires NTP sync; if the clock isn't
|
||||
/// synced (caller should always have triggered SNTP before getting
|
||||
/// here, but the OTA thread can in principle race with sync) we refuse
|
||||
/// to verify rather than fall back to "always valid".
|
||||
fn check_validity(cert: &Certificate, label: &str) -> Result<()> {
|
||||
let now =
|
||||
now_unix_secs().ok_or_else(|| anyhow!("clock not synced; cannot check {} validity", label))?;
|
||||
let validity = &cert.tbs_certificate.validity;
|
||||
let nb = validity.not_before.to_unix_duration().as_secs();
|
||||
let na = validity.not_after.to_unix_duration().as_secs();
|
||||
if now < nb {
|
||||
bail!("{} cert not yet valid: now={} notBefore={}", label, now, nb);
|
||||
}
|
||||
if now > na {
|
||||
bail!("{} cert expired: now={} notAfter={}", label, now, na);
|
||||
}
|
||||
Ok(())
|
||||
}
|
||||
// BISECT PROBE: check_validity removed temporarily.
|
||||
|
||||
fn pem_to_cert(pem: &[u8]) -> Result<Certificate> {
|
||||
let (label, der) =
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue