1
0
Fork 0
mirror of https://github.com/imjasonh/esp32 synced 2026-07-06 23:52:24 +00:00

DEBUG: bisect probe — disable validity check, panic hook, wifi watchdog

CI failed on the previous commit and the logs aren't accessible from
this sandbox. Temporarily commenting out the three most novel additions
(sig.rs cert validity check + helper, main.rs install_panic_restart_hook
call, main.rs wifi connect watchdog) so the next CI run tells me
whether the failure is in one of those or elsewhere.

Will revert / re-enable in the next commit once we know which one (if any)
is the culprit.

https://claude.ai/code/session_01XkNKhsMjCMg4HMTzf3ZZYC
This commit is contained in:
Claude 2026-05-04 03:17:15 +00:00
parent b3bcf72fe5
commit f786c6db6b
No known key found for this signature in database
2 changed files with 8 additions and 63 deletions

View file

@ -39,7 +39,8 @@ fn main() -> Result<()> {
// cloud subscriber is absent or paused, and cloud_log captures
// everything that's installed at info+ severity.
esp_idf_svc::log::EspLogger::initialize_default();
install_panic_restart_hook();
// BISECT PROBE: panic hook temporarily disabled.
// install_panic_restart_hook();
metrics::publish_self(&metrics::handles::MAIN);
// Take NVS as early as possible — needed to decide whether to
@ -267,47 +268,9 @@ fn connect_wifi(wifi: &mut BlockingWifi<EspWifi<'static>>, ssid: &str, pass: &st
wifi.start()?;
tracing::info!(ssid = ssid, "wifi started; connecting");
// Watchdog: if connect+netif-up doesn't finish in WIFI_CONNECT_TIMEOUT,
// log loudly and reboot. Cancelled by the AtomicBool flip on the
// happy path. The thread exits without touching the system if
// cancelled in time.
let timed_out = std::sync::Arc::new(AtomicBool::new(false));
let cancel = std::sync::Arc::new(AtomicBool::new(false));
{
let timed_out = timed_out.clone();
let cancel = cancel.clone();
std::thread::Builder::new()
.stack_size(4 * 1024)
.spawn(move || {
let started = std::time::Instant::now();
while started.elapsed() < WIFI_CONNECT_TIMEOUT {
if cancel.load(Ordering::Acquire) {
return;
}
std::thread::sleep(Duration::from_millis(500));
}
timed_out.store(true, Ordering::Release);
tracing::error!(
timeout_secs = WIFI_CONNECT_TIMEOUT.as_secs(),
"wifi: connect timed out, rebooting",
);
// Brief pause so the log line gets a chance to drain
// to serial before the restart.
std::thread::sleep(Duration::from_millis(200));
unsafe { esp_idf_svc::sys::esp_restart() };
})
.expect("spawn wifi-connect watchdog");
}
// BISECT PROBE: wifi connect watchdog temporarily disabled.
wifi.connect()?;
wifi.wait_netif_up()?;
cancel.store(true, Ordering::Release);
if timed_out.load(Ordering::Acquire) {
// Race: watchdog already fired. esp_restart will land
// momentarily; just return cleanly so we don't keep doing work.
return Err(anyhow!("wifi connect raced with timeout watchdog"));
}
Ok(())
}

View file

@ -20,7 +20,6 @@ use x509_cert::ext::pkix::name::GeneralName;
use x509_cert::ext::pkix::SubjectAltName;
use x509_cert::Certificate;
use crate::gcp_auth::now_unix_secs;
use crate::trust::TrustConfig;
/// DSSE payload type cosign emits for OCI artifact signatures. We
@ -235,34 +234,17 @@ fn verify_chain(leaf: &Certificate, trust: &TrustConfig) -> Result<()> {
let intermediate = pem_to_cert(&trust.fulcio_intermediate_pem)?;
let root = pem_to_cert(&trust.fulcio_root_pem)?;
check_validity(leaf, "leaf").context("leaf validity window")?;
check_validity(&intermediate, "intermediate").context("intermediate validity window")?;
check_validity(&root, "root").context("root validity window")?;
// BISECT PROBE: temporarily disabled to isolate CI failure.
// check_validity(leaf, "leaf").context("leaf validity window")?;
// check_validity(&intermediate, "intermediate").context("intermediate validity window")?;
// check_validity(&root, "root").context("root validity window")?;
verify_signed_by_p384(leaf, &intermediate).context("leaf -> intermediate")?;
verify_signed_by_p384(&intermediate, &root).context("intermediate -> root")?;
Ok(())
}
/// Reject certs whose `notBefore`/`notAfter` window doesn't include
/// the current wall-clock time. Requires NTP sync; if the clock isn't
/// synced (caller should always have triggered SNTP before getting
/// here, but the OTA thread can in principle race with sync) we refuse
/// to verify rather than fall back to "always valid".
fn check_validity(cert: &Certificate, label: &str) -> Result<()> {
let now =
now_unix_secs().ok_or_else(|| anyhow!("clock not synced; cannot check {} validity", label))?;
let validity = &cert.tbs_certificate.validity;
let nb = validity.not_before.to_unix_duration().as_secs();
let na = validity.not_after.to_unix_duration().as_secs();
if now < nb {
bail!("{} cert not yet valid: now={} notBefore={}", label, now, nb);
}
if now > na {
bail!("{} cert expired: now={} notAfter={}", label, now, na);
}
Ok(())
}
// BISECT PROBE: check_validity removed temporarily.
fn pem_to_cert(pem: &[u8]) -> Result<Certificate> {
let (label, der) =