add wifi password infra

Northeastern-Electric-Racing · Mar 28, 2024 · 403a74a · 403a74a
1 parent 49e0d2d
commit 403a74a
Show file tree

Hide file tree

Showing 11 changed files with 27 additions and 11 deletions.
diff --git a/.github/workflows/build_image.yml b/.github/workflows/build_image.yml
@@ -7,6 +7,7 @@ on:
     paths:
         - 'odysseus/Dockerfile'
         - 'odysseus/docker_scripts/**'
+        - '.github/workflows/build_image.yml'
   workflow_dispatch:
 
 # Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds.
@@ -48,7 +49,7 @@ jobs:
             ODY_TPU_ROOT_PASSWORD: ${{ secrets.ODY_TPU_ROOT_PASSWORD }}
             ODY_IROH_ROOT_PASSWORD: ${{ secrets.ODY_IROH_ROOT_PASSWORD }}
             MASTER_PASSWORD: ${{ secrets.ODY_MASTER_PASSWORD }}
-        run:  for i in ODY_AP_ROOT_PASSWORD  ODY_TPU_ROOT_PASSWORD ODY_IROH_ROOT_PASSWORD; do echo "$i=${!i}" >> SECRETS.env; done && gpg --batch --symmetric --passphrase "$MASTER_PASSWORD" --no-symkey-cache --cipher-algo AES256 SECRETS.env
+        run:  for i in ODY_AP_ROOT_PASSWORD  ODY_TPU_ROOT_PASSWORD ODY_IROH_ROOT_PASSWORD ODY_BASE_WIFI_PASSWORD; do echo "$i=${!i}" >> SECRETS.env; done && gpg --batch --symmetric --passphrase "$MASTER_PASSWORD" --no-symkey-cache --cipher-algo AES256 SECRETS.env
       # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages.
       # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository.
       # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step.

diff --git a/odysseus/Dockerfile b/odysseus/Dockerfile
@@ -5,7 +5,7 @@ RUN apt-get update && \
     apt-get -y install tzdata
 
 
-RUN apt-get install -y \
+RUN apt-get update && apt-get install -y \
     make \
     binutils \
     build-essential \
@@ -31,10 +31,11 @@ RUN apt-get install -y \
     python3-matplotlib \
     graphviz \
     git-lfs \
-    util-linux
+    util-linux \ 
+    wpasupplicant
 
 # just for calypso require ruamel.yaml
-RUN apt-get install -y python3-pip && pip install "ruamel.yaml<0.18.0"
+RUN apt-get update && apt-get install -y python3-pip && pip install "ruamel.yaml<0.18.0"
 
 # add all buildroot files there
 WORKDIR /home/odysseus/build

diff --git a/odysseus/compose-compat.yml b/odysseus/compose-compat.yml
@@ -17,6 +17,11 @@ services:
         environment:
             - BR2_DL_DIR=/home/odysseus/shared_data/dl 
             - BR2_CCACHE_DIR=/home/odysseus/shared_data/ccache
+            - ODY_TPU_ROOT_PASSWORD=password
+            - ODY_IROH_ROOT_PASSWORD=password
+            - ODY_AP_ROOT_PASSWORD=password
+            - ODY_BASE_WIFI_PASSWORD=password
+
 volumes:
     # required for mac as no hard linking:(
     outputs:

diff --git a/odysseus/compose.yml b/odysseus/compose.yml
@@ -23,6 +23,7 @@ services:
             - ODY_TPU_ROOT_PASSWORD=password
             - ODY_IROH_ROOT_PASSWORD=password
             - ODY_AP_ROOT_PASSWORD=password
+            - ODY_BASE_WIFI_PASSWORD=password
 
 volumes:
     shared_data:

diff --git a/odysseus/odysseus_tree/configs/raspberrypi3_64_iroh_defconfig b/odysseus/odysseus_tree/configs/raspberrypi3_64_iroh_defconfig
@@ -11,7 +11,7 @@ BR2_TARGET_GENERIC_ROOT_PASSWD="$(ODY_IROH_ROOT_PASSWORD)"
 BR2_TARGET_TZ_INFO=y
 BR2_TARGET_LOCALTIME="America/New_York"
 BR2_ROOTFS_OVERLAY="$(BR2_EXTERNAL_ODY_TREE_PATH)/overlays/rootfs_overlay_iroh"
-BR2_ROOTFS_POST_BUILD_SCRIPT="$(BR2_EXTERNAL_ODY_TREE_PATH)/post-build-os-release.sh board/raspberrypi3-64/post-build.sh"
+BR2_ROOTFS_POST_BUILD_SCRIPT="$(BR2_EXTERNAL_ODY_TREE_PATH)/post-build-os-release.sh $(BR2_EXTERNAL_ODY_TREE_PATH)/post-build-base-connect.sh board/raspberrypi3-64/post-build.sh"
 BR2_ROOTFS_POST_IMAGE_SCRIPT="board/raspberrypi3-64/post-image.sh"
 BR2_ROOTFS_POST_SCRIPT_ARGS="IROH"
 BR2_LINUX_KERNEL=y

diff --git a/odysseus/odysseus_tree/configs/raspberrypi4_64_tpu_defconfig b/odysseus/odysseus_tree/configs/raspberrypi4_64_tpu_defconfig
@@ -12,7 +12,7 @@ BR2_TARGET_GENERIC_ROOT_PASSWD="$(ODY_TPU_ROOT_PASSWORD)"
 BR2_TARGET_TZ_INFO=y
 BR2_TARGET_LOCALTIME="America/New_York"
 BR2_ROOTFS_OVERLAY="$(BR2_EXTERNAL_ODY_TREE_PATH)/overlays/rootfs_overlay_common $(BR2_EXTERNAL_ODY_TREE_PATH)/overlays/rootfs_overlay_nrc_common $(BR2_EXTERNAL_ODY_TREE_PATH)/overlays/rootfs_overlay_tpu"
-BR2_ROOTFS_POST_BUILD_SCRIPT="$(BR2_EXTERNAL_ODY_TREE_PATH)/post-build-sta.sh $(BR2_EXTERNAL_ODY_TREE_PATH)/post-build-os-release.sh board/raspberrypi4-64/post-build.sh"
+BR2_ROOTFS_POST_BUILD_SCRIPT="$(BR2_EXTERNAL_ODY_TREE_PATH)/post-build-sta.sh $(BR2_EXTERNAL_ODY_TREE_PATH)/post-build-os-release.sh $(BR2_EXTERNAL_ODY_TREE_PATH)/post-build-base-connect.sh board/raspberrypi4-64/post-build.sh"
 BR2_ROOTFS_POST_IMAGE_SCRIPT="board/raspberrypi4-64/post-image.sh"
 BR2_ROOTFS_POST_SCRIPT_ARGS="TPU"
 BR2_LINUX_KERNEL=y

diff --git a/odysseus/odysseus_tree/overlays/rootfs_overlay_iroh/etc/wpa_supplicant_base.conf b/odysseus/odysseus_tree/overlays/rootfs_overlay_iroh/etc/wpa_supplicant_base.conf
@@ -4,7 +4,7 @@ ctrl_interface=/var/run/wpa_supplicant_base
 country=US
 network={
     ssid="H68K"
-    scan_ssid=1
-    key_mgmt=NONE
+    key_mgmt=WPA-PSK
+    psk="password"
 }
 ignore_old_scan_res=1
diff --git a/odysseus/odysseus_tree/overlays/rootfs_overlay_tpu/etc/wpa_supplicant_base.conf b/odysseus/odysseus_tree/overlays/rootfs_overlay_tpu/etc/wpa_supplicant_base.conf
@@ -4,7 +4,7 @@ ctrl_interface=/var/run/wpa_supplicant_base
 country=US
 network={
     ssid="H68K"
-    scan_ssid=1
-    key_mgmt=NONE
+    key_mgmt=WPA-PSK
+    psk="password"
 }
 ignore_old_scan_res=1
diff --git a/odysseus/odysseus_tree/overlays/rootfs_overlay_tpu/etc/wpa_supplicant_halow.conf b/odysseus/odysseus_tree/overlays/rootfs_overlay_tpu/etc/wpa_supplicant_halow.conf
@@ -4,7 +4,6 @@ ctrl_interface=/var/run/wpa_supplicant_halow
 country=US
 network={
     ssid="NER_Halow"
-    scan_ssid=1
     key_mgmt=NONE
     scan_freq= 2412
     freq_list= 2412

diff --git a/odysseus/odysseus_tree/post-build-base-connect.sh b/odysseus/odysseus_tree/post-build-base-connect.sh
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+# hashes the password so it cannot be read in a dsitributed image (does not secure wifi!)
+# this regex extras the part after psk=
+hashed_block=$(wpa_passphrase "H68K" "$ODY_BASE_WIFI_PASSWORD" | sed  -n -e 's/^.*[[:space:]]psk=//p')
+
+# this replaces the psk in the target directory with the hashed block found above
+sed -i "s/\(psk=\)\(.*\)/\1$hashed_block/" "$TARGET_DIR"/etc/wpa_supplicant_base.conf
diff --git a/odysseus/odysseus_tree/post-build-sta.sh b/odysseus/odysseus_tree/post-build-sta.sh
@@ -1,3 +1,4 @@
 #!/bin/sh
 
+# add nrc modprobe based on ini config
 python3 "$BR2_EXTERNAL_ODY_TREE_PATH"/overlays/rootfs_overlay_nrc_common/usr/bin/build_nrc_params.py 0 "$BR2_EXTERNAL_ODY_TREE_PATH"/overlays/rootfs_overlay_tpu/etc/nrc_opts_sta.ini "$TARGET_DIR"/etc/modprobe.d/nrc.conf