Upgrading to 2.49 with root.

duren
Posts: 2
Joined: Mon Jul 11, 2016 4:23 pm

Upgrading to 2.49 with root.

Postby duren » Tue Jul 12, 2016 3:59 am

I followed the main guide (viewtopic.php?t=4) with a few changes in bold.

#### 4. Update the updater filesystem to 00.08

Code: Select all
touch /database/ENABLE_SSH
cp /root/.ssh/authorized_keys /database/authorized_keys
sed -i 's/reboot/#reboot/g' /root/platform/*.sh
cp /var/www/set_dev_value.php /database/set_dev_value.php # Save for later
Unblock the wink servers if they are looped to localhost in /etc/hosts
/root/platform/upgrade.sh


NOTE: As of this post, I have never seen the hub-updates.winkapp.com respond. It is normal for it to fail connecting to hub-updates.winkapp.com and continue on to the alternate url of wink-hub-images.s3.amazonaws.com

#### 5. root the 00.05 update partition

Code: Select all
ubiattach -p /dev/mtd2
mkdir /tmp/updater
mount -t ubifs ubi2:rootfs /tmp/updater
sed -i 's/reboot/#reboot/g' /tmp/updater/root/platform/*.sh
cp -r /root/.ssh /tmp/updater/root/
chmod 655 /tmp/updater/root/.ssh
chmod 644 /tmp/updater/root/.ssh/authorized_keys
rm -f /tmp/updater/etc/init.d/S99local
touch /tmp/updater/database_default/ENABLE_SSH
cp /database/authorized_keys /tmp/updater/database_default/
cp /database/set_dev_value.php /tmp/updater/var/www/set_dev_value.php # re-enables the http hack we first used to root
rm -f /tmp/updater/etc/default/dropbear # remove DROPBEAR_ARGS=-sg which disables password logins and for root too
cp /database/wpa_supplicant /database/wpa_supplicant.bak # because its annoying to lose this
echo 1 > /database/DO_UPDATE # so it boots to the updater / mtd2 partition
reboot


#### 6. Reboot ####

#Verify you are booted into the updater-rootfs by making sure mtd2 (not mtd5) is being attached to ubi0

Code: Select all
[root@flex-dvt ~]# dmesg | grep ubi0
Kernel command line: noinitrd console=ttyAM0,115200 rootfstype=ubifs ubi.mtd=2 root=ubi0:rootfs rw gpmi
UBI: attaching mtd2 to ubi0
UBI: attached mtd2 to ubi0


#Proceed with rooting the gpmi-nfc-general-use main filesystem

Code: Select all
sed -i 's/reboot/#reboot/g' /root/platform/*.sh # just to be safe, should already be done
/root/platform/upgrade.sh

This failed for me because of cf_cert and cf_url.

#### 6.1 Fix upgrade errors ####

This may not be the ideal way, but it works:

6.1.1: open /database/cf_url for editing

nano /database/cf_url
at the top add #!/bin/sh
under that, paste the contents of https://wink-hub-images.s3.amazonaws.com/00.01/upgrade_00.01.txt

6.1.2: open /root/platform/platform.config for editing.

under source /database/cf_url add:
sw_pkg_url="https://wink-hub-images.s3.amazonaws.com/00.01/upgrade_00.01.txt" # to override the package url based I observed it should be after looking at the scripts.
md5_manifest="64dc72a101c70522687cc2da0d48c576" # because the md5 to check upgrade_00.01.txt is missing for some reason.

and

at the bottom, modify the curl_args from
curl_args="--pinnedpubkey /database/cf_cert -k --retry 3 --retry-delay 10 --connect-timeout 30 --speed-limit 10"
to
curl_args="-k --retry 3 --retry-delay 10 --connect-timeout 30 --speed-limit 10" # to remove the SSL cert check and not have to worry about dealing with cf_cert.

Now your main gpmi-nfc-general-use filesystem is updated (00.56 in the case of the above), now to root it BEFORE we reboot.

Code: Select all
ubiattach -p /dev/mtd5
mkdir /tmp/rootfs
mount -t ubifs ubi2:rootfs /tmp/rootfs

touch /tmp/rootfs/database_default/ENABLE_SSH
touch /database/ENABLE_SSH #should already exist
touch /database_default/ENABLE_SSH #should already exist
cp /database/authorized_keys /tmp/rootfs/database_default/
cp -r /root/.ssh /tmp/rootfs/root/ # this is necessary
chmod 655 /tmp/rootfs/root/.ssh
chmod 644 /tmp/rootfs/root/.ssh/authorized_keys
sed -i 's/reboot/#reboot/g' /tmp/rootfs/root/platform/*.sh
sed -i 's/^#tty/tty/g' /tmp/rootfs/etc/inittab # this is necessary to re-enable the serial console
cp /database/set_dev_value.php /tmp/rootfs/var/www/set_dev_value.php # re-enables the http hack we first used to root
rm -f /tmp/rootfs/etc/default/dropbear # removes the "DROPBEAR_ARGS=-sg" arguments preventing logins with passwords and root logins
cp /database/wpa_supplicant.bak /database/wpa_supplicant # because its annoying to lose this
echo 0 > /database/DO_UPDATE # so it reboots back to the main / mtd5 partition.
nano /tmp/rootfs/etc/init.d/S31platform # and comment out the wpa_spplicant check as described here: https://github.com/wink-hub-root/demyst ... i-manually

While editing S31platform, you will notice there's code in there to remove cf_cert and cf_url which is why you don't see it when upgrading.

#### 7. Reboot ####
Cross fingers.

#### 7.1 - Clean up 6.1 ####

7.1.1 - nothing to do about cf_cert and cf_url as the init scripts likely deleted them

7.1.2 - revert changes to platform.config
ubiattach -p /dev/mtd2
mkdir /tmp/updater
mount -t ubifs ubi2:rootfs /tmp/updater
nano /tmp/updater/root/platform/platform.config

7.1.3
undo 6.1.1
undo 6.1.2

Reboot

#### 8. Local control! ####

8.1
nano /database/local_control_data/config.json #and add a token as shown here: https://www.reddit.com/r/winkhub/commen ... with_wink/

8.2
curl -i -k -X GET "https://localhost:8888/devices" -H "Authorization: Bearer 0123456789abcdef0123456789abcdef" # execute this on while ssh'd into the wink hub to test secure and authorized connectivity.

If you have no devices, you will see

HTTP/1.1 200 OK
content-type: application/json
content-length: 48
Date: Tue, 12 Jul 2016 07:41:35 GMT
Connection: keep-alive

{"data":[],"errors":[],"pagination":{"count":0}}


8.3

You can hit https://wink_host:8888 from any device, without needing to auth / curl to get basic information as provided by the local control API.
------

Hurrah for 2.49 with local control and root! 8-)

PS: If I get time and I'm motivated, I'll change the instructions into commands. For now, this upgrade has eaten too much of my time.

Return to “Upgrade to current firmware maintaining root”

Who is online

Users browsing this forum: No registered users and 1 guest