I have a bit of NodeJS software that runs on a Pi via PM2. I’m pretty familiar with deploying Node-based APIs to cloud environments, and the concept of graceful fallbacks, etc, so I understand the basics. I’m needing an idea I have to be either: A) Validated, or B) Destroyed/Updated.
My idea for doing OTA updates is this:
- Pi pings server asking for latest software version once every 10 minutes via CRON.
- If there is an update, the Pi receives a URL to the latest software back from the call.
- The Pi verifies the package via a public key from the server (pre-installed) to ensure that it came from and was signed by the software server.
- If all is well, the software is unzipped into a /tmp folder, and tests are run.
- If tests pass, move current software into a diff folder (keep last 3 versions to be safe, may need to tell a device to switch back in case it is buggy, for instance) and move the new software to where it needs to be, restarting PM2 when done.
- If tests fail, do nothing with PM2 and send an error to the server to log that tests failed on that machine and it was not updated.
I feel like this is a pretty solid strategy but I’m still pretty new to the IOT space and am coming from a web dev background.
It seems like this should be pretty secure (since this is all done via HTTPS and the packages are verified as coming from the authoritative server), but those are famous last words.
submitted by /u/mattstoicbuddha
Original article: Raspberry Pi Nodejs OTA Updates