Investigate Pocket/Supervisor Initiated Remote Updates

[MikaylaFischler]

Initiate either via the Supervisor front panel or the Pocket a remote routine on any device (that isn't the host device) that will perform an update. This will require changing how ccmsi executes or duplicating functionality (former is preferred). Providing functions the main apps can include from ccmsi would be beneficial, though ccmsi is currently treated as an optional stand-alone application to keep its size as small as possible.

The initiator, Pocket or Supervisor, could also have a page where it can trigger its own update without needing to run ccmsi manually.

Remote update commands must absolutely require MACs to be used, otherwise devices can effectively be remotely rebooted by unauthorized parties. However, denying update requests on devices already updated could possibly be enough of a security against that, assuming the user opt's-in to this feature.

Opt-in is preferred, as this will:

• Always update in single file mode if required
• Always delete unused files
• Allow remote reboot of safety-critical devices
• Leave devices non-functional if the update fails for any reason

In the case where a perfectly minimal amount of disk usage is present, even a single file mode update may fail and require user intervention. Automatic deletion of a log file followed by a retry could work, assuming it fails at a time where actions can still be taken. That would yet be another action that is not ideal without user confirmation.

Procedure would be:

1. Re-check for an update
2. Bring the system into a safe state (supervisor would close connections, PLC would SCRAM reactor)
3. Yield out of the main code, switching to solely running the update routine
4. Complete the update routine
5. Reboot with os.reboot()

Other Considerations

• Provide both a check for update and an update option
• Limit updating to while the system is in a safe state, similar to how alarm testing works