orb-software icon indicating copy to clipboard operation
orb-software copied to clipboard
Published 1 month ago verified publisher icon worldcoin

feat: update agent loader

Open alekseifedotov opened this issue 8 months ago • 1 comments

This is a tool which downloads an ELF file from an URL, checks its signature and runs that ELF file. That is basically wget && openssl dgst && exec in a form of one rust package.

The advantage of this rust binary over a script is in tighter security, this implementation does not store the file on the disk and downloads & checks the signature & runs the file in memory. Which mitigates the risk of the file being tampered with while on the disk.

The use for the tool is the follows: we release a base orb-platform version, where instead of update-agent we run this loader which tries to download the latest version of update-agent from github. That will allow us to change the update-agent version without doing a full OTA update. and maybe even hot-fix some bugs which otherwise break the OTA.

A short demo of the tool running on an orb is here:

update-agent-loader

https://asciinema.org/a/aLkV2hKNPcX9Dd0eUHbBSWuK4

--

That same tool will work for orb-core too. In case if we need to release it often, we could, instead update the orb-core version on github releases and let orbs to download it.

-- P.S. the whole thing except for the test is vibe-coded while waiting for RTS & OTA on pearl.

alekseifedotov avatar Apr 17 '25 14:04 alekseifedotov

discussed on call with @alekseifedotov we will seek to merge ASAP as soon as CI passes

TheButlah avatar Apr 22 '25 20:04 TheButlah