From d2fea56d2d87ea38df99089a918a52a42ef817d9 Mon Sep 17 00:00:00 2001 From: chrisgalanis Date: Mon, 21 Jul 2025 21:00:18 +0200 Subject: [PATCH 1/2] fix: save persistent --- hil/src/commands/mod.rs | 2 ++ hil/src/flash.rs | 7 ++++++ hil/src/main.rs | 2 ++ scripts/upload-certs.sh | 51 +++++++++++++++++++++++++++++++++++++---- 4 files changed, 57 insertions(+), 5 deletions(-) diff --git a/hil/src/commands/mod.rs b/hil/src/commands/mod.rs index 09692f3c..a65bab9d 100644 --- a/hil/src/commands/mod.rs +++ b/hil/src/commands/mod.rs @@ -2,6 +2,7 @@ mod button_ctrl; mod cmd; +mod fetch_persistent; mod flash; mod login; mod mcu; @@ -9,6 +10,7 @@ mod reboot; pub use self::button_ctrl::ButtonCtrl; pub use self::cmd::Cmd; +pub use self::fetch_persistent::FetchPersistent; pub use self::flash::Flash; pub use self::login::Login; pub use self::mcu::Mcu; diff --git a/hil/src/flash.rs b/hil/src/flash.rs index 2d41b929..457bc22b 100644 --- a/hil/src/flash.rs +++ b/hil/src/flash.rs @@ -73,8 +73,15 @@ fn flash_cmd(variant: FlashVariant, extracted_dir: &Path) -> Result<()> { ); let cmd_file_name = variant.file_name(); + + // Remove the fetch persistent commands from flash script before executing + let flash_script_path = bootloader_dir.join(cmd_file_name); let result = run_cmd! { cd $bootloader_dir; + info "Removing fetch persistent commands from flash script"; + sed -i "/# This file should be templated to add a '--cmd' option/d" $flash_script_path; + sed -i "/--cmd.*read PERSISTENT.*reboot recovery/d" $flash_script_path; + sed -i "/wld-pre-flash-check.sh/d" $flash_script_path; info running $cmd_file_name; bash $cmd_file_name; info finished flashing!; diff --git a/hil/src/main.rs b/hil/src/main.rs index 6d7c6054..664f22a1 100644 --- a/hil/src/main.rs +++ b/hil/src/main.rs @@ -26,6 +26,7 @@ struct Cli { enum Commands { ButtonCtrl(crate::commands::ButtonCtrl), Cmd(crate::commands::Cmd), + FetchPersistent(crate::commands::FetchPersistent), Flash(crate::commands::Flash), Login(crate::commands::Login), Mcu(crate::commands::Mcu), @@ -62,6 +63,7 @@ async fn main() -> Result<()> { match args.commands { Commands::ButtonCtrl(c) => c.run().await, Commands::Cmd(c) => c.run().await, + Commands::FetchPersistent(c) => c.run().await, Commands::Flash(c) => c.run().await, Commands::Login(c) => c.run().await, Commands::Mcu(c) => c.run().await, diff --git a/scripts/upload-certs.sh b/scripts/upload-certs.sh index 54889c1b..e8d19e23 100755 --- a/scripts/upload-certs.sh +++ b/scripts/upload-certs.sh @@ -3,7 +3,7 @@ set -o errexit # abort on nonzero exit status set -o errtrace # pass ERR trap down to functions, substitutions, etc set -o nounset # abort on unbound variable -set -o pipefail # don’t hide errors within pipes +set -o pipefail # don't hide errors within pipes # Function to display usage information usage() { @@ -14,6 +14,7 @@ usage() { -t, --token Bearer token for authentication. -b, --backend (stage|prod) Targets the stage or prod backend. -s, --short Short upload (skip attestation cert). + -n, --dry-run Print key values without making curl requests. Environment variables (overriden by options): FM_CLI_ENV: Must be either 'stage' or 'prod'. @@ -36,6 +37,7 @@ main() { local backend="${FM_CLI_ENV:-""}" local positional_args=() local short=0 + local dry_run=0 local arg while [[ "$#" -gt 0 ]]; do arg="${1}"; shift @@ -48,6 +50,8 @@ main() { backend="${1}"; shift ;; -s|--short) short=1 ;; + -n|--dry-run) + dry_run=1 ;; -*) echo "Unknown option: ${arg}" usage; exit 1 ;; @@ -63,19 +67,19 @@ main() { exit 1 fi - if [[ -z "${bearer}" ]]; then + if [[ -z "${bearer}" ]] && [[ ${dry_run} -eq 0 ]]; then echo "Bearer token not found. Please export FM_CLI_ORB_MANAGER_INTERNAL_TOKEN, or pass it as an argument: -t " exit 1 fi - if [[ -z "${backend}" ]]; then + if [[ -z "${backend}" ]] && [[ ${dry_run} -eq 0 ]]; then echo "Environment not found. Please export FM_CLI_ENV, or pass it as an argument: -b (stage|prod)" exit 1 fi - if [[ "${backend}" != "prod" && "${backend}" != "stage" ]]; then + if [[ "${backend}" != "prod" && "${backend}" != "stage" ]] && [[ ${dry_run} -eq 0 ]]; then echo "Invalid environment: ${backend}. Must be either 'prod' or 'stage'." exit 1 fi @@ -97,6 +101,44 @@ main() { exit 1 fi + if [[ ${dry_run} -eq 1 ]]; then + echo "=== DRY RUN MODE - Key Values ===" + echo "Orb ID: ${orb_id}" + echo "Keypath: ${keypath}" + + # Print signup key values + echo "=== Signup Key ===" + local signup_pubkey + signup_pubkey=$(sed 's/$/\\n/' "${keypath}/sss_70000002_0002_0040.bin" | tr -d \\n) + echo "Key: ${signup_pubkey}" + echo "Signature: $(base64 -w 0 "${keypath}/70000002.signature.raw")" + echo "Extra Data: $(base64 -w 0 "${keypath}/70000002.extra.raw")" + + # Print attestation key values + echo "=== Attestation Key ===" + local attestation_pubkey + attestation_pubkey=$(sed 's/$/\\n/' "${keypath}/sss_70000001_0002_0040.bin" | tr -d \\n) + echo "Key: ${attestation_pubkey}" + echo "Signature: $(base64 -w 0 "${keypath}/70000001.signature.raw")" + echo "Extra Data: $(base64 -w 0 "${keypath}/70000001.extra.raw")" + + # Print chip ID values + echo "=== Chip ID ===" + echo "Key: $(base64 -w 0 "${keypath}/7fff0206.chip_id.raw")" + echo "Signature: $(base64 -w 0 "${keypath}/7fff0206.signature.raw")" + echo "Extra Data: $(base64 -w 0 "${keypath}/7fff0206.extra.raw")" + + # Print certificate if not short mode + if [[ ${short} -eq 0 ]]; then + echo "=== Certificate ===" + local certificate + certificate=$(sed 's/$/\\n/' "${keypath}/f0000013.cert" | tr -d \\n) + echo "Certificate: ${certificate}" + fi + + exit 0 + fi + echo "Getting Cloudflared access token..." local cf_token cf_token="$(get_cloudflared_token "${domain}")" @@ -163,4 +205,3 @@ main() { if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then main "$@" fi - From 9bfb80bb93e3cebde91c3897d1155c5d2c136404 Mon Sep 17 00:00:00 2001 From: chrisgalanis Date: Fri, 15 Aug 2025 17:10:07 +0200 Subject: [PATCH 2/2] fix: diamond default channel fix: restore uploa-certs.sh --- scripts/orb-registration/orb-registration.py | 5 +- scripts/upload-certs.sh | 51 ++------------------ 2 files changed, 9 insertions(+), 47 deletions(-) diff --git a/scripts/orb-registration/orb-registration.py b/scripts/orb-registration/orb-registration.py index 0e739cf7..e0713e39 100644 --- a/scripts/orb-registration/orb-registration.py +++ b/scripts/orb-registration/orb-registration.py @@ -97,7 +97,10 @@ def __init__(self, args): self.channel = "dev_diamond_channel" elif args.backend == "prod": self.domain = "https://management.internal.orb.worldcoin.dev" - self.channel = args.channel + if args.platform == "diamond" and args.channel == "general": + self.channel = "diamond-tier-ga" + else: + self.channel = args.channel else: raise ValueError(f"Invalid backend: {args.backend}") diff --git a/scripts/upload-certs.sh b/scripts/upload-certs.sh index e8d19e23..54889c1b 100755 --- a/scripts/upload-certs.sh +++ b/scripts/upload-certs.sh @@ -3,7 +3,7 @@ set -o errexit # abort on nonzero exit status set -o errtrace # pass ERR trap down to functions, substitutions, etc set -o nounset # abort on unbound variable -set -o pipefail # don't hide errors within pipes +set -o pipefail # don’t hide errors within pipes # Function to display usage information usage() { @@ -14,7 +14,6 @@ usage() { -t, --token Bearer token for authentication. -b, --backend (stage|prod) Targets the stage or prod backend. -s, --short Short upload (skip attestation cert). - -n, --dry-run Print key values without making curl requests. Environment variables (overriden by options): FM_CLI_ENV: Must be either 'stage' or 'prod'. @@ -37,7 +36,6 @@ main() { local backend="${FM_CLI_ENV:-""}" local positional_args=() local short=0 - local dry_run=0 local arg while [[ "$#" -gt 0 ]]; do arg="${1}"; shift @@ -50,8 +48,6 @@ main() { backend="${1}"; shift ;; -s|--short) short=1 ;; - -n|--dry-run) - dry_run=1 ;; -*) echo "Unknown option: ${arg}" usage; exit 1 ;; @@ -67,19 +63,19 @@ main() { exit 1 fi - if [[ -z "${bearer}" ]] && [[ ${dry_run} -eq 0 ]]; then + if [[ -z "${bearer}" ]]; then echo "Bearer token not found. Please export FM_CLI_ORB_MANAGER_INTERNAL_TOKEN, or pass it as an argument: -t " exit 1 fi - if [[ -z "${backend}" ]] && [[ ${dry_run} -eq 0 ]]; then + if [[ -z "${backend}" ]]; then echo "Environment not found. Please export FM_CLI_ENV, or pass it as an argument: -b (stage|prod)" exit 1 fi - if [[ "${backend}" != "prod" && "${backend}" != "stage" ]] && [[ ${dry_run} -eq 0 ]]; then + if [[ "${backend}" != "prod" && "${backend}" != "stage" ]]; then echo "Invalid environment: ${backend}. Must be either 'prod' or 'stage'." exit 1 fi @@ -101,44 +97,6 @@ main() { exit 1 fi - if [[ ${dry_run} -eq 1 ]]; then - echo "=== DRY RUN MODE - Key Values ===" - echo "Orb ID: ${orb_id}" - echo "Keypath: ${keypath}" - - # Print signup key values - echo "=== Signup Key ===" - local signup_pubkey - signup_pubkey=$(sed 's/$/\\n/' "${keypath}/sss_70000002_0002_0040.bin" | tr -d \\n) - echo "Key: ${signup_pubkey}" - echo "Signature: $(base64 -w 0 "${keypath}/70000002.signature.raw")" - echo "Extra Data: $(base64 -w 0 "${keypath}/70000002.extra.raw")" - - # Print attestation key values - echo "=== Attestation Key ===" - local attestation_pubkey - attestation_pubkey=$(sed 's/$/\\n/' "${keypath}/sss_70000001_0002_0040.bin" | tr -d \\n) - echo "Key: ${attestation_pubkey}" - echo "Signature: $(base64 -w 0 "${keypath}/70000001.signature.raw")" - echo "Extra Data: $(base64 -w 0 "${keypath}/70000001.extra.raw")" - - # Print chip ID values - echo "=== Chip ID ===" - echo "Key: $(base64 -w 0 "${keypath}/7fff0206.chip_id.raw")" - echo "Signature: $(base64 -w 0 "${keypath}/7fff0206.signature.raw")" - echo "Extra Data: $(base64 -w 0 "${keypath}/7fff0206.extra.raw")" - - # Print certificate if not short mode - if [[ ${short} -eq 0 ]]; then - echo "=== Certificate ===" - local certificate - certificate=$(sed 's/$/\\n/' "${keypath}/f0000013.cert" | tr -d \\n) - echo "Certificate: ${certificate}" - fi - - exit 0 - fi - echo "Getting Cloudflared access token..." local cf_token cf_token="$(get_cloudflared_token "${domain}")" @@ -205,3 +163,4 @@ main() { if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then main "$@" fi +