#### 4. Update the updater filesystem to 00.08
Code: Select all
touch /database/ENABLE_SSH
cp /root/.ssh/authorized_keys /database/authorized_keys
sed -i 's/reboot/#reboot/g' /root/platform/*.sh
cp /var/www/set_dev_value.php /database/set_dev_value.php # Save for later
Unblock the wink servers if they are looped to localhost in /etc/hosts
/root/platform/upgrade.sh
NOTE: As of this post, I have never seen the hub-updates.winkapp.com respond. It is normal for it to fail connecting to hub-updates.winkapp.com and continue on to the alternate url of wink-hub-images.s3.amazonaws.com
#### 5. root the 00.05 update partition
Code: Select all
ubiattach -p /dev/mtd2
mkdir /tmp/updater
mount -t ubifs ubi2:rootfs /tmp/updater
sed -i 's/reboot/#reboot/g' /tmp/updater/root/platform/*.sh
cp -r /root/.ssh /tmp/updater/root/
chmod 655 /tmp/updater/root/.ssh
chmod 644 /tmp/updater/root/.ssh/authorized_keys
rm -f /tmp/updater/etc/init.d/S99local
touch /tmp/updater/database_default/ENABLE_SSH
cp /database/authorized_keys /tmp/updater/database_default/
cp /database/set_dev_value.php /tmp/updater/var/www/set_dev_value.php # re-enables the http hack we first used to root
rm -f /tmp/updater/etc/default/dropbear # remove DROPBEAR_ARGS=-sg which disables password logins and for root too
cp /database/wpa_supplicant /database/wpa_supplicant.bak # because its annoying to lose this
echo 1 > /database/DO_UPDATE # so it boots to the updater / mtd2 partition
reboot
#### 6. Reboot ####
#Verify you are booted into the updater-rootfs by making sure mtd2 (not mtd5) is being attached to ubi0
Code: Select all
[root@flex-dvt ~]# dmesg | grep ubi0
Kernel command line: noinitrd console=ttyAM0,115200 rootfstype=ubifs ubi.mtd=2 root=ubi0:rootfs rw gpmi
UBI: attaching mtd2 to ubi0
UBI: attached mtd2 to ubi0
#Proceed with rooting the gpmi-nfc-general-use main filesystem
Code: Select all
sed -i 's/reboot/#reboot/g' /root/platform/*.sh # just to be safe, should already be done
/root/platform/upgrade.sh
This failed for me because of cf_cert and cf_url.
#### 6.1 Fix upgrade errors ####
This may not be the ideal way, but it works:
6.1.1: open /database/cf_url for editing
nano /database/cf_url
at the top add #!/bin/sh
under that, paste the contents of https://wink-hub-images.s3.amazonaws.com/00.01/upgrade_00.01.txt
6.1.2: open /root/platform/platform.config for editing.
under source /database/cf_url add:
sw_pkg_url="https://wink-hub-images.s3.amazonaws.com/00.01/upgrade_00.01.txt" # to override the package url based I observed it should be after looking at the scripts.
md5_manifest="64dc72a101c70522687cc2da0d48c576" # because the md5 to check upgrade_00.01.txt is missing for some reason.
and
at the bottom, modify the curl_args from
curl_args="--pinnedpubkey /database/cf_cert -k --retry 3 --retry-delay 10 --connect-timeout 30 --speed-limit 10"
to
curl_args="-k --retry 3 --retry-delay 10 --connect-timeout 30 --speed-limit 10" # to remove the SSL cert check and not have to worry about dealing with cf_cert.
Now your main gpmi-nfc-general-use filesystem is updated (00.56 in the case of the above), now to root it BEFORE we reboot.
Code: Select all
ubiattach -p /dev/mtd5
mkdir /tmp/rootfs
mount -t ubifs ubi2:rootfs /tmp/rootfs
touch /tmp/rootfs/database_default/ENABLE_SSH
touch /database/ENABLE_SSH #should already exist
touch /database_default/ENABLE_SSH #should already exist
cp /database/authorized_keys /tmp/rootfs/database_default/
cp -r /root/.ssh /tmp/rootfs/root/ # this is necessary
chmod 655 /tmp/rootfs/root/.ssh
chmod 644 /tmp/rootfs/root/.ssh/authorized_keys
sed -i 's/reboot/#reboot/g' /tmp/rootfs/root/platform/*.sh
sed -i 's/^#tty/tty/g' /tmp/rootfs/etc/inittab # this is necessary to re-enable the serial console
cp /database/set_dev_value.php /tmp/rootfs/var/www/set_dev_value.php # re-enables the http hack we first used to root
rm -f /tmp/rootfs/etc/default/dropbear # removes the "DROPBEAR_ARGS=-sg" arguments preventing logins with passwords and root logins
cp /database/wpa_supplicant.bak /database/wpa_supplicant # because its annoying to lose this
echo 0 > /database/DO_UPDATE # so it reboots back to the main / mtd5 partition.
nano /tmp/rootfs/etc/init.d/S31platform # and comment out the wpa_spplicant check as described here: https://github.com/wink-hub-root/demyst ... i-manually
While editing S31platform, you will notice there's code in there to remove cf_cert and cf_url which is why you don't see it when upgrading.
#### 7. Reboot ####
Cross fingers.
#### 7.1 - Clean up 6.1 ####
7.1.1 - nothing to do about cf_cert and cf_url as the init scripts likely deleted them
7.1.2 - revert changes to platform.config
ubiattach -p /dev/mtd2
mkdir /tmp/updater
mount -t ubifs ubi2:rootfs /tmp/updater
nano /tmp/updater/root/platform/platform.config
7.1.3
undo 6.1.1
undo 6.1.2
Reboot
#### 8. Local control! ####
8.1
nano /database/local_control_data/config.json #and add a token as shown here: https://www.reddit.com/r/winkhub/commen ... with_wink/
8.2
curl -i -k -X GET "https://localhost:8888/devices" -H "Authorization: Bearer 0123456789abcdef0123456789abcdef" # execute this on while ssh'd into the wink hub to test secure and authorized connectivity.
If you have no devices, you will see
HTTP/1.1 200 OK
content-type: application/json
content-length: 48
Date: Tue, 12 Jul 2016 07:41:35 GMT
Connection: keep-alive
{"data":[],"errors":[],"pagination":{"count":0}}
8.3
You can hit https://wink_host:8888 from any device, without needing to auth / curl to get basic information as provided by the local control API.
------
Hurrah for 2.49 with local control and root!

PS: If I get time and I'm motivated, I'll change the instructions into commands. For now, this upgrade has eaten too much of my time.