lf-edge · europaul · Nov 16, 2023 · Nov 28, 2023 · Jan 12, 2024
diff --git a/Makefile b/Makefile
@@ -5,7 +5,7 @@
 
 IMG ?= lfedge/adam
 HASH ?= $(shell git show --format=%T -s)
-GOVER ?= 1.16.3-alpine3.13
+GOVER ?= 1.20.10-alpine3.18
 
 
 # check if we should append a dirty tag
@@ -68,7 +68,7 @@ $(LOCALBIN):
 $(LOCALLINK):
 	@if [ "$(OS)" = "$(BUILDOS)" -a "$(ARCH)" = "$(BUILDARCH)" -a ! -L "$@" -a ! -e "$@" ]; then ln -s $(notdir $(LOCALBIN)) $@; fi
 
-build-docker: 
+build-docker:
 	docker build -t $(IMG) .
 
 build-docker-local: build

diff --git a/cmd/admin.go b/cmd/admin.go
@@ -6,10 +6,10 @@ package cmd
 import (
 	"crypto/tls"
 	"crypto/x509"
-	"io/ioutil"
 	"log"
 	"net/http"
 	"net/url"
+	"os"
 	"path"
 	"time"
 
@@ -69,7 +69,7 @@ func getStreamingClient() *http.Client {
 func getClientStreamingOption(stream bool) *http.Client {
 	tlsConfig := &tls.Config{}
 	if serverCA != "" {
-		caCert, err := ioutil.ReadFile(serverCA)
+		caCert, err := os.ReadFile(serverCA)
 		if err != nil {
 			log.Fatalf("unable to read server CA file at %s: %v", serverCA, err)
 		}

diff --git a/cmd/device.go b/cmd/device.go
@@ -8,7 +8,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"log"
 	"net/http"
 	"os"
@@ -44,7 +43,7 @@ var deviceListCmd = &cobra.Command{
 		if err != nil {
 			log.Fatalf("error reading URL %s: %v", u, err)
 		}
-		buf, err := ioutil.ReadAll(response.Body)
+		buf, err := io.ReadAll(response.Body)
 		if err != nil {
 			log.Fatalf("unable to read data from URL %s: %v", u, err)
 		}
@@ -66,7 +65,7 @@ var deviceGetCmd = &cobra.Command{
 		if err != nil {
 			log.Fatalf("error reading URL %s: %v", u, err)
 		}
-		buf, err := ioutil.ReadAll(response.Body)
+		buf, err := io.ReadAll(response.Body)
 		if err != nil {
 			log.Fatalf("unable to read data from URL %s: %v", u, err)
 		}
@@ -81,7 +80,7 @@ var deviceAddCmd = &cobra.Command{
 	Short: "add new device",
 	Long:  `Add new device and retrieve the UUID`,
 	Run: func(cmd *cobra.Command, args []string) {
-		b, err := ioutil.ReadFile(certPath)
+		b, err := os.ReadFile(certPath)
 		switch {
 		case err != nil && os.IsNotExist(err):
 			log.Fatalf("cert file %s does not exist", certPath)
@@ -172,7 +171,7 @@ var deviceConfigGetCmd = &cobra.Command{
 		if err != nil {
 			log.Fatalf("error reading URL %s: %v", u, err)
 		}
-		buf, err := ioutil.ReadAll(response.Body)
+		buf, err := io.ReadAll(response.Body)
 		if err != nil {
 			log.Fatalf("unable to read data from URL %s: %v", u, err)
 		}
@@ -192,12 +191,12 @@ var deviceConfigSetCmd = &cobra.Command{
 			err error
 		)
 		if configPath == "-" {
-			b, err = ioutil.ReadAll(os.Stdin)
+			b, err = io.ReadAll(os.Stdin)
 			if err != nil && err != io.EOF {
 				log.Fatalf("Error reading stdin: %v", err)
 			}
 		} else {
-			b, err = ioutil.ReadFile(configPath)
+			b, err = os.ReadFile(configPath)
 			switch {
 			case err != nil && os.IsNotExist(err):
 				log.Fatalf("config file %s does not exist", configPath)
@@ -219,7 +218,7 @@ var deviceConfigSetCmd = &cobra.Command{
 			log.Fatalf("error PUT URL %s: %v", u, err)
 		}
 		if res.StatusCode != 200 {
-			b, _ := ioutil.ReadAll(res.Body)
+			b, _ := io.ReadAll(res.Body)
 			log.Fatalf("error PUT URL %s: %d %s", u, res.StatusCode, string(b))
 		}
 	},

diff --git a/cmd/onboard.go b/cmd/onboard.go
@@ -7,7 +7,7 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"log"
 	"net/http"
 	"os"
@@ -42,7 +42,7 @@ var onboardListCmd = &cobra.Command{
 		if err != nil {
 			log.Fatalf("error reading URL %s: %v", u, err)
 		}
-		buf, err := ioutil.ReadAll(response.Body)
+		buf, err := io.ReadAll(response.Body)
 		if err != nil {
 			log.Fatalf("unable to read data from URL %s: %v", u, err)
 		}
@@ -55,7 +55,7 @@ var onboardAddCmd = &cobra.Command{
 	Short: "add new onboarding certificate",
 	Long:  `Add new onboarding certificate, as well as the valid serials. If the certificate already exists, its serials are replaced by the provided list`,
 	Run: func(cmd *cobra.Command, args []string) {
-		b, err := ioutil.ReadFile(certPath)
+		b, err := os.ReadFile(certPath)
 		switch {
 		case err != nil && os.IsNotExist(err):
 			log.Fatalf("cert file %s does not exist", certPath)
@@ -95,7 +95,7 @@ var onboardGetCmd = &cobra.Command{
 		if err != nil {
 			log.Fatalf("error reading URL %s: %v", u, err)
 		}
-		buf, err := ioutil.ReadAll(response.Body)
+		buf, err := io.ReadAll(response.Body)
 		if err != nil {
 			log.Fatalf("unable to read data from URL %s: %v", u, err)
 		}

diff --git a/cmd/server.go b/cmd/server.go
@@ -7,7 +7,6 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"fmt"
-	"io/ioutil"
 	"log"
 	"os"
 	"path"
@@ -115,11 +114,19 @@ var serverCmd = &cobra.Command{
 			if err != nil {
 				log.Fatalf("error loading server cert and key from environment variables: %v", err)
 			}
-			if err = ioutil.WriteFile(serverCert, []byte(serverENVCert), 0644); err != nil {
-				log.Fatal(err)
-			}
-			if err = ioutil.WriteFile(serverKey, []byte(serverENVKey), 0600); err != nil {
-				log.Fatal(err)
+
+			// only create new certs and keys if the files do not exist
+			_, err = os.Stat(serverCert)
+			serverCertNotExist := os.IsNotExist(err)
+			_, err = os.Stat(serverKey)
+			serverKeyNotExist := os.IsNotExist(err)
+			if serverCertNotExist && serverKeyNotExist {
+				if err = os.WriteFile(serverCert, []byte(serverENVCert), 0644); err != nil {
+					log.Fatal(err)
+				}
+				if err = os.WriteFile(serverKey, []byte(serverENVKey), 0600); err != nil {
+					log.Fatal(err)
+				}
 			}
 		} else {
 			// if we were asked to autoCert, then we do it
@@ -145,34 +152,42 @@ var serverCmd = &cobra.Command{
 			log.Fatalf("error parsing server cert: %v", err)
 		}
 
-		err = ioutil.WriteFile(path.Join(configDir, "server"), []byte(ca.Subject.CommonName+":"+port), 0644)
+		err = os.WriteFile(path.Join(configDir, "server"), []byte(ca.Subject.CommonName+":"+port), 0644)
 		if err != nil {
 			log.Fatalf("error writing to server file: %v", err)
 		}
 
-		err = ioutil.WriteFile(path.Join(configDir, "hosts"), []byte(hostIP+" "+ca.Subject.CommonName), 0644)
+		err = os.WriteFile(path.Join(configDir, "hosts"), []byte(hostIP+" "+ca.Subject.CommonName), 0644)
 		if err != nil {
 			log.Fatalf("error writing hosts file: %v", err)
 		}
 
-		rootCert, err := ioutil.ReadFile(serverCert)
+		rootCert, err := os.ReadFile(serverCert)
 		if err != nil {
 			log.Fatalf("error reading %s file: %v", serverCert, err)
 		}
-		err = ioutil.WriteFile(path.Join(configDir, "root-certificate.pem"), rootCert, 0644)
+		err = os.WriteFile(path.Join(configDir, "root-certificate.pem"), rootCert, 0644)
 		if err != nil {
 			log.Fatalf("error writing root-certificate.pem file: %v", err)
 		}
+
 		if signingENVCertProvided && signingENVKeyProvided {
-			_, err = tls.X509KeyPair([]byte(signingENVCert), []byte(signingENVKey))
-			if err != nil {
-				log.Fatalf("error loading signing cert and key from environment variables: %v", err)
-			}
-			if err = ioutil.WriteFile(signingCert, []byte(signingENVCert), 0644); err != nil {
-				log.Fatal(err)
-			}
-			if err = ioutil.WriteFile(signingKey, []byte(signingENVKey), 0600); err != nil {
-				log.Fatal(err)
+			// only create new certs and keys if the files do not exist
+			_, err = os.Stat(signingCert)
+			signingCertNotExist := os.IsNotExist(err)
+			_, err = os.Stat(signingKey)
+			signingKeyNotExist := os.IsNotExist(err)
+			if signingCertNotExist && signingKeyNotExist {
+				_, err = tls.X509KeyPair([]byte(signingENVCert), []byte(signingENVKey))
+				if err != nil {
+					log.Fatalf("error loading signing cert and key from environment variables: %v", err)
+				}
+				if err = os.WriteFile(signingCert, []byte(signingENVCert), 0644); err != nil {
+					log.Fatal(err)
+				}
+				if err = os.WriteFile(signingKey, []byte(signingENVKey), 0600); err != nil {
+					log.Fatal(err)
+				}
 			}
 		} else {
 			// if we were asked to autoCert, then we do it
@@ -193,16 +208,24 @@ var serverCmd = &cobra.Command{
 				log.Printf("Will use APIv1: error loading signing cert %s and signing key %s: %v", signingCert, signingKey, err)
 			}
 		}
+
 		if encryptENVCertProvided && encryptENVKeyProvided {
-			_, err = tls.X509KeyPair([]byte(encryptENVCert), []byte(encryptENVKey))
-			if err != nil {
-				log.Fatalf("error loading encrypt cert and key from environment variables: %v", err)
-			}
-			if err = ioutil.WriteFile(encryptCert, []byte(encryptENVCert), 0644); err != nil {
-				log.Fatal(err)
-			}
-			if err = ioutil.WriteFile(encryptKey, []byte(encryptENVKey), 0600); err != nil {
-				log.Fatal(err)
+			// only create new certs and keys if the files do not exist
+			_, err = os.Stat(encryptCert)
+			encryptCertNotExist := os.IsNotExist(err)
+			_, err = os.Stat(encryptKey)
+			encryptKeyNotExist := os.IsNotExist(err)
+			if encryptCertNotExist && encryptKeyNotExist {
+				_, err = tls.X509KeyPair([]byte(encryptENVCert), []byte(encryptENVKey))
+				if err != nil {
+					log.Fatalf("error loading encrypt cert and key from environment variables: %v", err)
+				}
+				if err = os.WriteFile(encryptCert, []byte(encryptENVCert), 0644); err != nil {
+					log.Fatal(err)
+				}
+				if err = os.WriteFile(encryptKey, []byte(encryptENVKey), 0600); err != nil {
+					log.Fatal(err)
+				}
 			}
 		} else {
 			// if we were asked to autoCert, then we do it

diff --git a/docs/admin.md b/docs/admin.md
@@ -29,6 +29,7 @@ The following are the admin endpoints:
 * `PUT /device/{uuid}/options` - update options for one device
 * `GET /options` - set global options
 * `PUT /options` - update global options
+* `POST /certs` - update signing certificate
 
 ## Adam Admin
 

diff --git a/pkg/driver/device_managers_test.go b/pkg/driver/device_managers_test.go
@@ -1,7 +1,6 @@
 package driver_test
 
 import (
-	"io/ioutil"
 	"os"
 	"path"
 	"testing"
@@ -27,7 +26,7 @@ func TestURLs(t *testing.T) {
 	}
 
 	// create a temporary working dir, because the file driver actually creates the directories
-	tmpdir, err := ioutil.TempDir("", "adam-driver-test")
+	tmpdir, err := os.MkdirTemp("", "adam-driver-test")
 	if err != nil {
 		t.Fatalf("could not create temporary directory: %v", err)
 	}