# SWUpdate configuration file
#
# SPDX-FileCopyrightText: 2014-2021 Stefano Babic <sbabic@denx.de>
# SPDX-License-Identifier: CC0-1.0
#
# This is responsible to pass configuration and parameters
# to SWUpdate. Most of configuration can be overwritten
# with command line parameters.
#

# globals : general configuration for the installer
#
# verbose		: boolean
#			  set verbose mode (Default: false)
# loglevel 		: integer
#			  level for logging from 1 (no log) to 6
# syslog 		: boolean
#	 		  enable sending logs to syslog daemon
# public-key-file	: string
#			  file with public key for
#			  image verification
# mtd-blacklist		: list integers
#			  MTD devices where SWUpdate
#			  must not try to check for UBI filesystem.
# aes-key-file		: string
#			  file containing the symmetric key for
#			  image decryption
# preupdatecmd		: string
#			  command to be executed right before the update
#			  is installed
# postupdatecmd		: string
#			  command to be executed after a successful update
# ca-path		: string
#			  path to the Certificate Authority (PEM)
# no-downgrading	: string
#			  not install a release older as <version>
# no-reinstalling	: string
#			  not install a release same as <version>
# cert-purpose		: string
#			  set expected certificate purpose
#			  [emailProtection|codeSigning] (default: emailProtection)
# forced-signer-name	: string
#			  set expected common name of signer certificate
# select:		: string
#			  select software images set and source (<software>,<mode>)
# bootloader:		: string
#			  bootloader interface to use, overruling compile-time default.
#			  Possible values are ebg, grub, uboot, and none for
#			  EFI Boot Guard, U-Boot, GRUB, and the Environment in RAM bootloader,
#			  respectively, given the respective bootloader support is compiled-in.
globals :
{

	verbose = true;
	loglevel = 5;
	syslog = true;
	/* public-key-file = "test.pem";*/
	mtd-blacklist = "0 1 2 3 4 5 6";
};

# logcolors : set colors for output to stdout / stderr
#             color is set indivisually for each level
#             each entry is in the format
#             loglevel = color:attribute
# where loglevel is one of:
# 	"error","warning", "info", "debug", "trace"
# and color is one of:
# 	"black", "red", "green", "yellow", "blue", "magenta", "cyan", "white"
# and attribute is one of:
# 	"normal", "bright", "dim", "underline", "blink", "reverse", "hidden"
#
# Example :
# 	error = "red";
#
logcolors : {
	error = "red:blink";
	trace = "green:normal";
	debug = "magenta:normal";
	warning = "yellow:underline";
};

#
# download : setup for the downloader
#            It requires that SWUpdate is started with -d
#
# url			: string
#			  complete URL pointing to the SWU image of the update package
# retries		: integer
#			  Number of retries (0=forever)
# userid		: integer
#			  userID for Webserver process
# groupid		: integer
#			  groupId for Webserver process
# timeout		: integer
#			  it is the number of seconds that can be accepted without
#			  receiving any packets. If it elapses, the connection is
#			  considered broken.
# authentication	: string
#			  credentials needed to get software if server
#			  enables Basic Auth to allow this downloading
download :
{
	authentication = "user:password";
	retries = 3;
	timeout = 1800;
	url = "http://example.com/software.swu";
	userid		= 1000;
	groupid		= 1000;
};

#
# versions : list of installed artifacts
# they are used when install-if-different is set
versions : (
	{
		name = "uboot";
		version = "2016.03";
	},
	{
		name = "kernel";
		version = "4.4";
	}
);

#
# identify section : it is just used to inform a backend about the running target
# any entry is a copule of <key, vealue>. For example, MAC address, serial number,
# and so on.
identify : (
	{ name = "versionSpC"; value = "1.0"; },
	{ name = "hwId"; value = "ipse"; },
	{ name = "hwVersion"; value = "333"; },
	{ name = "serialNo"; value = "1234567890"; },
	{ name = "swCompatibility"; value = "unknown";}
);

#
# suricatta section: setup for backend
#
# Currently, they refer to the Hawkbit agent.
#
# tenant		: string
#			  Hawkbit tenant
# id			: string
#			  target identifier
# url			: string
#			  URL of the Hawkbit server
# polldelay		: integer
#			  polling cycle (seconds)
# retry			: integer
#			  number of retries to connect to server
# retrywait		: integer
# userid		: integer
#			  userID for Webserver process
# groupid		: integer
#			  groupId for Webserver process
# enable		: bool
# 			  default=true
# 			  If set to false, suricatta do not try to connect to the server
# 			  Enable can be done then via IPC
# cafile		: string
# 			  File with Public Certificate Authority
# sslkey		: string
#			  path of the file containing the key for ssl connection
# sslcert		: string
#			  path of the file containing the certificate for SSL connection
# targettoken	: string
#			  hawkBit target security token
# gatewaytoken	: string
#			  hawkBit gateway security token
# usetokentodwl :bool
# 			  send authentication token also to download the artefacts
# 			  Hawkbit server checks for the token, but if a SWU is stored on a different server
# 			  the token can be rejected if a different authentication mechanism is used. Default on.
# proxy			: string
#			  in case the server is reached via a proxy
# ciphers		: string in the format used by CURL to set the allowed ciphers suite
#			  This allows to disable some ciphers, for example
#			  ciphers = "!eNULL:!aNULL:!EXP:!LOW:!MEDIUM:!ADH:!AECDH:!IDEA:!SEED:!MD5:!SHA:!RC4:HIGH+EECDH:HIGH+EDH";
# interface		: string
#			  interface name (e.g. "eth0") or IP address to bind communication channel to.
#			  This allows to select source interface/address for outgoing traffic, if needed.
# initial-report-resend-period  : integer
#             Specify period between re-tryint to send initial state, specified with "-c" option,
#             when connection to Hawkbit is not available. Default value is 10 seconds.
# connection-timeout : integer
#			  Specify server connection timeout. If no connection has been established in this
#			  period, libcurl will consider connection unsuccessful.
#			  Default value is determined by underlying libcurl implementation (300s).
# max-download-speed : string
#			  Specify maximum download speed to use. Value can be expressed as
#			  B/s, kB/s, M/s, G/s. Example: 512k

suricatta :
{
	tenant		= "default";
	id		= "123456";
	url 		= "http://papero.fritz.box:8080";
	polldelay	= 20;
	nocheckcert	= true;
	retry		= 4;
	retrywait	= 200;
	loglevel	= 10;
	userid		= 1000;
	groupid		= 1000;
	enable		= true;
	initial-report-resend-period = 30;
	connection-timeout = 10;
	max-download-speed = "1M";
/*
	cafile		= "/etc/ssl/cafile";
	sslkey		= "/etc/ssl/sslkey";
	sslcert		= "/etc/ssl/sslcert";
	targettoken 	= "3bc13b476cb3962a0c63a5c92beacfh7";
	gatewaytoken 	= "99616d4fae39167deddf21cd90047861";
	usetokentodwl   = false;
*/
};

#
# webserver : setup for the embedded webserver
# see ./swupdate -h for details
#
# document_root		: string
#			  directory to the website
# userid		: integer
#			  userID for Webserver process
# groupid		: integer
#			  groupId for Webserver process
# listening_ports	: integer
#			  Webserver listening ports
# enable_directory_listing : boolean
#			  true to list directories
# ssl_certificate	: string
#			  path to SSL certificat
# ssl_certificate_key	: string
#			  path to SSL private key
# api			: integer
#			  1 = simple REST API for M2M communication
#			  2 = WebApp with Websockets support
# global-auth-file	: string
#			  path to the global authorization file, if any
#			  default = none
# auth-domain		: string
#			  path to auth-domain, if any
#			  default = none
# run-postupdate	: boolean (default true)
#			  run the postupdate command automatically after
#			  a successful update
# timeout		: timeout in seconds to monitor the connection
#			  when an update is started. If no data is received
#			  during this time, connection is closed by the Webserver
#			  and update is aborted.

webserver :
{
	document_root	= "/usr/share/swupdate/www";
	userid		= 1000;
	groupid		= 1000;
	timeout		= 20;
};