feat(firmware,sensing-server): pull-based OTA — client + registry#488
Open
schwarztim wants to merge 2 commits intoruvnet:mainfrom
Open
feat(firmware,sensing-server): pull-based OTA — client + registry#488schwarztim wants to merge 2 commits intoruvnet:mainfrom
schwarztim wants to merge 2 commits intoruvnet:mainfrom
Conversation
added 2 commits
April 28, 2026 14:08
ESP32 nodes poll GET /api/v1/firmware/latest and self-upgrade when the server advertises a newer version. SHA-256 verified; ESP-IDF rollback failsafe reverts on crash in the first boot window. Server side: new firmware_registry module (in-memory manifest holder, set_current, is_update_available, sha256_bytes/sha256_file helpers, 11 unit tests). Three HTTP endpoints wired into sensing-server: GET /api/v1/firmware/latest GET /api/v1/firmware/download POST /api/v1/firmware/upload?version=X[&sha256=HEX] Startup scan of --firmware-dir seeds the registry from the newest .bin. Firmware client (ota_pull.c, +413 LOC): polling task, SHA-256 verify, OTA partition write, BLE stop guard, uptime guard, graceful retry on error. Includes ADR-094 design record and CHANGELOG entry.
…racking PR PR ruvnet#487 (body tracking platform) was filed first and claims ADR-094. Rename docs/adr/ADR-094-pull-based-ota.md → ADR-095-pull-based-ota.md and update all references in CHANGELOG.md, Cargo.toml, and main.rs comments.
Author
|
Renumbered the ADR from 094 to 095 to avoid collision with PR #487 (body tracking platform), which was filed first. Force-pushed an updated commit with the rename: docs/adr/ADR-094-pull-based-ota.md → ADR-095-pull-based-ota.md, plus all comment references in main.rs and Cargo.toml updated. |
schwarztim
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
firmware/esp32-csi-node/main/ota_pull.c, +412 LOC): sensing nodes pollGET /api/v1/firmware/latestevery 5 min, download + SHA-256 verify a newer binary viaGET /api/v1/firmware/download, write it to the ESP-IDF OTA partition, and restart. Includes BLE stop guard, 5-min uptime gate before first check, and relies on the existingota_update.ccanary task for ESP-IDF rollback.v2/crates/wifi-densepose-sensing-server/src/firmware_registry.rs, +452 LOC): pure-Rust, transport-agnostic in-memory registry with SHA-256 integrity, sidecar manifest support, version parsing from filename, and 11 unit tests.main.rs:GET /api/v1/firmware/latest,GET /api/v1/firmware/download,POST /api/v1/firmware/upload?version=X.docs/adr/ADR-095-pull-based-ota.md): design record documenting the pull model, architecture, and tradeoffs.[Unreleased].Motivation
Push-based OTA requires operators to enumerate every node IP. Nodes that come online intermittently or are behind NAT/CGNAT get missed entirely. The pull model has zero operator action for routine upgrades — nodes catch up on their next poll cycle regardless of network topology.
Files changed
firmware/esp32-csi-node/main/ota_pull.cfirmware/esp32-csi-node/main/ota_pull.hfirmware/esp32-csi-node/main/CMakeLists.txtota_pull.cto SRCSfirmware/esp32-csi-node/main/main.cota_pull_init()on network-up pathv2/crates/wifi-densepose-sensing-server/src/firmware_registry.rsv2/crates/wifi-densepose-sensing-server/src/main.rsv2/crates/wifi-densepose-sensing-server/Cargo.tomlsha2,thiserrordepsdocs/adr/ADR-095-pull-based-ota.mdCHANGELOG.mdTest plan
cargo test --workspace --no-default-features— 1642 tests pass (includes 11firmware_registryunit tests)CONFIG_CSI_MOCK_ENABLED=n(real WiFi mode) —ota_pull.ccompiles withoutheartbeat.hdepGET /api/v1/firmware/latestwith no firmware staged returns{"available":false}latestreturns{"available":true, "version":"...", "sha256":"..."}→ download and verify SHA-256 matchesesp_app_desc.versionpolls and self-upgrades; node with matching version skips