Assets OTA

[avtolstoy]

Description

Assets OTA

TODO

1. Automated test for assets OTA
2. system describe communication unit tests are broken due to migration from JSON to protobuf

Steps to Test

P2 / Photon 2

1. Update device to latest available Device OS (5.4.1)
   1.1. The easiest is device-os-flash --all-devices 5.4.1
2. Build/flash bootloader
   2.2. (bootloader) $ make PLATFORM=p2 COMPILE_LTO=n clean all
   2.3. Flash bootloader device-os-flash --all-devices $DEVICE_OS_DIR/build/target/bootloader/platform-32-m/bootloader.bin
3. Build/flash Device OS and application in whichever convenient way (e.g. Workbench with deviceOS@source)

Gen 3 (nRF52840 platforms)

1. Update device to latest available Device OS (5.4.1)
   1.1. The easiest is device-os-flash --all-devices 5.4.1
2. Build/flash bootloader
   2.2. (bootloader) $ make PLATFORM=boron COMPILE_LTO=n clean all
   2.3. Flash bootloader device-os-flash --all-devices $DEVICE_OS_DIR/build/target/bootloader/platform-13-m/bootloader.bin
3. Build/flash Device OS and application in whichever convenient way (e.g. Workbench with deviceOS@source)

Example App

See app/assets.

References

N/A

---

Completeness

• User is totes amazing for contributing!
• Contributor has signed CLA (Info here)
• Problem and Solution clearly stated
• Run unit/integration/application tests on device
• Added documentation
• Added to CHANGELOG.md after merging (add links to docs and issues)

[monkbroc]

Is this a breaking change for customer applications using printf?

[avtolstoy]

Yes, but I have a workaround for this.

[monkbroc]

Can you elaborate on the workaround? I tried Serial.printlnf("pi=%f", M_PI); on a Tracker with 5.4.1 and I got the expected pi=3.141593 but with this branch, I get pi=

[eberseth]

What is the workaround because Tracker Edge/Monitor Edge uses a lot of floats and doubles

[eberseth]

Mostly in the jsmn JSON writer but also logging of various sensor data and GPS

[avtolstoy]

Just to re-iterate: this is a temporary change and will be resolved (restored and some other stuff thrown away) before this PR is merged. This is failing a lot of our automated tests, so won't be unnoticed.

[eberseth]

'A'

[eberseth]

For convenience, can we add an uint8_t overload virtual int read(uint8_t* buffer, size_t size);?

[XuGuohui]

Great job 👍 ! This is a huge PR and I just had a brief review. The main problem I found is we use memory allocation in many places without checking the result. This is a potential risk. I'll go though the asset OTA process as well.

[eberseth]

doxygen comments please for public methods here

[eberseth]

doxygen comments for public methods please

[eberseth]

Can we get these values from the linker script?

[eberseth]

Please comment these cases about what the do or represent

[eberseth]

"Compression"

[technobly]

Works great!

[sergeuz]

Posting the comments I have so far. Will continue looking into this tomorrow.

[sergeuz]

The context will be leaked if inflate_reset fails.

[sergeuz]

The case when HAL_PLATFORM_INFLATE_USE_FILESYSTEM is 1 but the entire buffer is allocated in RAM doesn't seem to be handled by this function.

[sergeuz]

👍

[sergeuz]

Why is EXTERNAL_FLASH_RESERVED1_XIP_ADDRESS and not EXTERNAL_FLASH_RESERVED1_ADDRESS used here?

[sergeuz]

Consider making the constructor explicit and removing implicit conversion operators to avoid unintended conversions.

[sergeuz]

The way it's implemented now, the operator will return false if both buffers are empty.

[sergeuz]

We shouldn't be overriding the logging settings in header files.

[sergeuz]

Consider only providing a default constructor and exposing the open() method so that the possible error when opening the file can be properly handled by the calling code.

[avtolstoy]

I will leave this one as-is just for simplicity of not having to carry around filename (see AssetReader usage as well). UGH Fixed 😄

[sergeuz]

Make sure CHECK_FS is used with LittleFS functions here and in other places in this PR.

[sergeuz]

Good job. I don't think I found anything major, although I must admit I don't fully follow the logic where a file is used to store the decompression buffer. Hopefully that is well covered by tests.

[sergeuz]

This approach to error handling is tedious and prone to bugs. In this class specifically, error_ is only checked in rewind() so the calling code will highly likely miss the error occurred when creating a decompressor context in the constructor. Consider separating the initialization logic in a checkable method such as init().

[sergeuz]

It's pretty cool that this class doesn't require an intermediate buffer.

[sergeuz]

This header file seems to be internal to the system. If so, consider moving it to system/src as e.g. asset_manager_internal.h.

[avtolstoy]

Also required by hal unfortunately (ota_flash_hal.cpp)

[sergeuz]

Just in case, there's a safer alternative that always null-terminates the output buffer.

[sergeuz]

Let's use void as the return type of destructor-like functions where possible as it's often not straightforward to handle errors during deinitialization in the calling code. If it does make sense to return an error from such a function, it should be documented what happens to the instance being deinitialized when an error occurs.

Same here.

[sergeuz]

Let's add a comment that sizeof(uint32_t) is the CRC.

[sergeuz]

We also have NAMED_SCOPE_GUARD that can be dismissed.

[sergeuz]

free() is used to free the memory allocated with new.

Same here.

[sergeuz]

This internal info doesn't seem to be used by any of the API calls. If so, let's remove it and save on memory.

[avtolstoy]

That's the storage for at the very least hash and name.

[sergeuz]

Ah, didn't notice that 👍

[sergeuz]

Is it intentional that the asset name is not taken into account here? It's worth adding a comment if so. Oops, this class is just an asset's hash.