Software update integration.

service/OneService.cpp

@@ -52,6 +52,7 @@
 #include "ControlPlane.hpp"
 #include "ClusterGeoIpService.hpp"
 #include "ClusterDefinition.hpp"
+#include "SoftwareUpdater.hpp"
 
 #ifdef ZT_USE_SYSTEM_HTTP_PARSER
 #include <http_parser.h>
@@ -148,219 +149,6 @@ namespace ZeroTier {
 
 namespace {
 
-#if 0
-
-#ifdef ZT_AUTO_UPDATE
-#define ZT_AUTO_UPDATE_MAX_HTTP_RESPONSE_SIZE (1024 * 1024 * 64)
-#define ZT_AUTO_UPDATE_CHECK_PERIOD 21600000
-class BackgroundSoftwareUpdateChecker
-{
-public:
-	bool isValidSigningIdentity(const Identity &id)
-	{
-		return (
-			/* 0001 - 0004 : obsolete, used in old versions */
-		  /* 0005 */   (id == Identity("ba57ea350e:0:9d4be6d7f86c5660d5ee1951a3d759aa6e12a84fc0c0b74639500f1dbc1a8c566622e7d1c531967ebceb1e9d1761342f88324a8ba520c93c35f92f35080fa23f"))
-		  /* 0006 */ ||(id == Identity("5067b21b83:0:8af477730f5055c48135b84bed6720a35bca4c0e34be4060a4c636288b1ec22217eb22709d610c66ed464c643130c51411bbb0294eef12fbe8ecc1a1e2c63a7a"))
-		  /* 0007 */ ||(id == Identity("4f5e97a8f1:0:57880d056d7baeb04bbc057d6f16e6cb41388570e87f01492fce882485f65a798648595610a3ad49885604e7fb1db2dd3c2c534b75e42c3c0b110ad07b4bb138"))
-		  /* 0008 */ ||(id == Identity("580bbb8e15:0:ad5ef31155bebc6bc413991992387e083fed26d699997ef76e7c947781edd47d1997161fa56ba337b1a2b44b129fd7c7197ce5185382f06011bc88d1363b4ddd"))
-		);
-	}
-
-	void doUpdateCheck()
-	{
-		std::string url(OneService::autoUpdateUrl());
-		if ((url.length() <= 7)||(url.substr(0,7) != "http://"))
-			return;
-
-		std::string httpHost;
-		std::string httpPath;
-		{
-			std::size_t slashIdx = url.substr(7).find_first_of('/');
-			if (slashIdx == std::string::npos) {
-				httpHost = url.substr(7);
-				httpPath = "/";
-			} else {
-				httpHost = url.substr(7,slashIdx);
-				httpPath = url.substr(slashIdx + 7);
-			}
-		}
-		if (httpHost.length() == 0)
-			return;
-
-		std::vector<InetAddress> ips(OSUtils::resolve(httpHost.c_str()));
-		for(std::vector<InetAddress>::iterator ip(ips.begin());ip!=ips.end();++ip) {
-			if (!ip->port())
-				ip->setPort(80);
-			std::string nfoPath = httpPath + "LATEST.nfo";
-			std::map<std::string,std::string> requestHeaders,responseHeaders;
-			std::string body;
-			requestHeaders["Host"] = httpHost;
-			unsigned int scode = Http::GET(ZT_AUTO_UPDATE_MAX_HTTP_RESPONSE_SIZE,60000,reinterpret_cast<const struct sockaddr *>(&(*ip)),nfoPath.c_str(),requestHeaders,responseHeaders,body);
-			//fprintf(stderr,"UPDATE %s %s %u %lu\n",ip->toString().c_str(),nfoPath.c_str(),scode,body.length());
-			if ((scode == 200)&&(body.length() > 0)) {
-				/* NFO fields:
-				 *
-				 * file=<filename>
-				 * signedBy=<signing identity>
-				 * ed25519=<ed25519 ECC signature of archive in hex>
-				 * vMajor=<major version>
-				 * vMinor=<minor version>
-				 * vRevision=<revision> */
-				Dictionary<4096> nfo(body.c_str());
-				char tmp[2048];
-
-				if (nfo.get("vMajor",tmp,sizeof(tmp)) <= 0) return;
-				const unsigned int vMajor = Utils::strToUInt(tmp);
-				if (nfo.get("vMinor",tmp,sizeof(tmp)) <= 0) return;
-				const unsigned int vMinor = Utils::strToUInt(tmp);
-				if (nfo.get("vRevision",tmp,sizeof(tmp)) <= 0) return;
-				const unsigned int vRevision = Utils::strToUInt(tmp);
-				if (Utils::compareVersion(vMajor,vMinor,vRevision,ZEROTIER_ONE_VERSION_MAJOR,ZEROTIER_ONE_VERSION_MINOR,ZEROTIER_ONE_VERSION_REVISION) <= 0) {
-					//fprintf(stderr,"UPDATE %u.%u.%u is not newer than our version\n",vMajor,vMinor,vRevision);
-					return;
-				}
-
-				if (nfo.get("signedBy",tmp,sizeof(tmp)) <= 0) return;
-				Identity signedBy;
-				if ((!signedBy.fromString(tmp))||(!isValidSigningIdentity(signedBy))) {
-					//fprintf(stderr,"UPDATE invalid signedBy or not authorized signing identity.\n");
-					return;
-				}
-
-				if (nfo.get("file",tmp,sizeof(tmp)) <= 0) return;
-				std::string filePath(tmp);
-				if ((!filePath.length())||(filePath.find("..") != std::string::npos))
-					return;
-				filePath = httpPath + filePath;
-
-				std::string fileData;
-				if (Http::GET(ZT_AUTO_UPDATE_MAX_HTTP_RESPONSE_SIZE,60000,reinterpret_cast<const struct sockaddr *>(&(*ip)),filePath.c_str(),requestHeaders,responseHeaders,fileData) != 200) {
-					//fprintf(stderr,"UPDATE GET %s failed\n",filePath.c_str());
-					return;
-				}
-
-				if (nfo.get("ed25519",tmp,sizeof(tmp)) <= 0) return;
-				std::string ed25519(Utils::unhex(tmp));
-				if ((ed25519.length() == 0)||(!signedBy.verify(fileData.data(),(unsigned int)fileData.length(),ed25519.data(),(unsigned int)ed25519.length()))) {
-					//fprintf(stderr,"UPDATE %s failed signature check!\n",filePath.c_str());
-					return;
-				}
-
-				/* --------------------------------------------------------------- */
-				/* We made it! Begin OS-specific installation code. */
-
-#ifdef __APPLE__
-				/* OSX version is in the form of a MacOSX .pkg file, so we will
-				 * launch installer (normally in /usr/sbin) to install it. It will
-				 * then turn around and shut down the service, update files, and
-				 * relaunch. */
-				{
-					char bashp[128],pkgp[128];
-					Utils::snprintf(bashp,sizeof(bashp),"/tmp/ZeroTierOne-update-%u.%u.%u.sh",vMajor,vMinor,vRevision);
-					Utils::snprintf(pkgp,sizeof(pkgp),"/tmp/ZeroTierOne-update-%u.%u.%u.pkg",vMajor,vMinor,vRevision);
-					FILE *pkg = fopen(pkgp,"w");
-					if ((!pkg)||(fwrite(fileData.data(),fileData.length(),1,pkg) != 1)) {
-						fclose(pkg);
-						unlink(bashp);
-						unlink(pkgp);
-						fprintf(stderr,"UPDATE error writing %s\n",pkgp);
-						return;
-					}
-					fclose(pkg);
-					FILE *bash = fopen(bashp,"w");
-					if (!bash) {
-						fclose(pkg);
-						unlink(bashp);
-						unlink(pkgp);
-						fprintf(stderr,"UPDATE error writing %s\n",bashp);
-						return;
-					}
-					fprintf(bash,
-						"#!/bin/bash\n"
-						"export PATH=/bin:/usr/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/local/sbin\n"
-						"sleep 1\n"
-						"installer -pkg \"%s\" -target /\n"
-						"sleep 1\n"
-						"rm -f \"%s\" \"%s\"\n"
-						"exit 0\n",
-						pkgp,
-						pkgp,
-						bashp);
-					fclose(bash);
-					long pid = (long)vfork();
-					if (pid == 0) {
-						setsid(); // detach from parent so that shell isn't killed when parent is killed
-						signal(SIGHUP,SIG_IGN);
-						signal(SIGTERM,SIG_IGN);
-						signal(SIGQUIT,SIG_IGN);
-						execl("/bin/bash","/bin/bash",bashp,(char *)0);
-						exit(0);
-					}
-				}
-#endif // __APPLE__
-
-#ifdef __WINDOWS__
-				/* Windows version comes in the form of .MSI package that
-				 * takes care of everything. */
-				{
-					char tempp[512],batp[512],msip[512],cmdline[512];
-					if (GetTempPathA(sizeof(tempp),tempp) <= 0)
-						return;
-					CreateDirectoryA(tempp,(LPSECURITY_ATTRIBUTES)0);
-					Utils::snprintf(batp,sizeof(batp),"%s\\ZeroTierOne-update-%u.%u.%u.bat",tempp,vMajor,vMinor,vRevision);
-					Utils::snprintf(msip,sizeof(msip),"%s\\ZeroTierOne-update-%u.%u.%u.msi",tempp,vMajor,vMinor,vRevision);
-					FILE *msi = fopen(msip,"wb");
-					if ((!msi)||(fwrite(fileData.data(),(size_t)fileData.length(),1,msi) != 1)) {
-						fclose(msi);
-						return;
-					}
-					fclose(msi);
-					FILE *bat = fopen(batp,"wb");
-					if (!bat)
-						return;
-					fprintf(bat,
-						"TIMEOUT.EXE /T 1 /NOBREAK\r\n"
-						"NET.EXE STOP \"ZeroTierOneService\"\r\n"
-						"TIMEOUT.EXE /T 1 /NOBREAK\r\n"
-						"MSIEXEC.EXE /i \"%s\" /qn\r\n"
-						"TIMEOUT.EXE /T 1 /NOBREAK\r\n"
-						"NET.EXE START \"ZeroTierOneService\"\r\n"
-						"DEL \"%s\"\r\n"
-						"DEL \"%s\"\r\n",
-						msip,
-						msip,
-						batp);
-					fclose(bat);
-					STARTUPINFOA si;
-					PROCESS_INFORMATION pi;
-					memset(&si,0,sizeof(si));
-					memset(&pi,0,sizeof(pi));
-					Utils::snprintf(cmdline,sizeof(cmdline),"CMD.EXE /c \"%s\"",batp);
-					CreateProcessA(NULL,cmdline,NULL,NULL,FALSE,CREATE_NO_WINDOW|CREATE_NEW_PROCESS_GROUP,NULL,NULL,&si,&pi);
-				}
-#endif // __WINDOWS__
-
-				/* --------------------------------------------------------------- */
-
-				return;
-			} // else try to fetch from next IP address
-		}
-	}
-
-	void threadMain()
-		throw()
-	{
-		try {
-			this->doUpdateCheck();
-		} catch ( ... ) {}
-	}
-};
-static BackgroundSoftwareUpdateChecker backgroundSoftwareUpdateChecker;
-#endif // ZT_AUTO_UPDATE
-
-#endif
-
 static std::string _trimString(const std::string &s)
 {
 	unsigned long end = (unsigned long)s.length();
@@ -475,6 +263,7 @@ public:
 	EmbeddedNetworkController *_controller;
 	Phy<OneServiceImpl *> _phy;
 	Node *_node;
+	SoftwareUpdater *_updater;
 	unsigned int _primaryPort;
 
 	// Local configuration and memo-ized static path definitions
@@ -577,6 +366,7 @@ public:
 		,_controller((EmbeddedNetworkController *)0)
 		,_phy(this,false,true)
 		,_node((Node *)0)
+		,_updater((SoftwareUpdater *)0)
 		,_primaryPort(port)
 		,_controlPlane((ControlPlane *)0)
 		,_lastDirectReceiveFromGlobal(0)
@@ -664,6 +454,8 @@ public:
 				_node = new Node(this,&cb,OSUtils::now());
 			}
 
+			_updater = new SoftwareUpdater(*_node,_homePath);
+
 			// Read local configuration
 			{
 				uint64_t trustedPathIds[ZT_MAX_TRUSTED_PATHS];
@@ -904,6 +696,7 @@ public:
 			uint64_t lastTapMulticastGroupCheck = 0;
 			uint64_t lastTcpFallbackResolve = 0;
 			uint64_t lastBindRefresh = 0;
+			uint64_t lastUpdateCheck = clockShouldBe;
 			uint64_t lastLocalInterfaceAddressCheck = (OSUtils::now() - ZT_LOCAL_INTERFACE_CHECK_INTERVAL) + 15000; // do this in 15s to give portmapper time to configure and other things time to settle
 			for(;;) {
 				_run_m.lock();
@@ -926,6 +719,12 @@ public:
 					restarted = true;
 				}
 
+				// Check for updates (if enabled)
+				if ((_updater)&&((now - lastUpdateCheck) > 10000)) {
+					lastUpdateCheck = now;
+					_updater->check(now);
+				}
+
 				// Refresh bindings in case device's interfaces have changed, and also sync routes to update any shadow routes (e.g. shadow default)
 				if (((now - lastBindRefresh) >= ZT_BINDER_REFRESH_PERIOD)||(restarted)) {
 					lastBindRefresh = now;
@@ -1018,6 +817,8 @@ public:
 
 		delete _controlPlane;
 		_controlPlane = (ControlPlane *)0;
+		delete _updater;
+		_updater = (SoftwareUpdater *)0;
 		delete _node;
 		_node = (Node *)0;
 

service/SoftwareUpdater.cpp

@@ -42,42 +42,254 @@
 
 namespace ZeroTier {
 
-SoftwareUpdater::SoftwareUpdater(Node &node,const char *homePath,bool updateDistributor) :
-	_node(node),
-	_lastCheckTime(OSUtils::now()), // check in the future in case we just started, in which case we're probably offline
-	_homePath(homePath)
+#if 0
+#ifdef ZT_AUTO_UPDATE
+#define ZT_AUTO_UPDATE_MAX_HTTP_RESPONSE_SIZE (1024 * 1024 * 64)
+#define ZT_AUTO_UPDATE_CHECK_PERIOD 21600000
+class BackgroundSoftwareUpdateChecker
 {
-	// Load all updates we are distributing if we are an update distributor and have an update-dist.d folder
-	if (updateDistributor) {
-		std::string udd(_homePath + ZT_PATH_SEPARATOR_S + "update-dist.d");
-		std::vector<std::string> ud(OSUtils::listDirectory(udd.c_str()));
-		for(std::vector<std::string>::iterator u(ud.begin());u!=ud.end();++u) {
-			// Each update has a companion .json file describing it. Other files are ignored.
-			if ((u->length() > 5)&&(u->substr(u->length() - 5,5) == ".json")) {
-				std::string buf;
-				if (OSUtils::readFile((udd + ZT_PATH_SEPARATOR_S + *u).c_str(),buf)) {
-					try {
-						_D d;
-						d.meta = OSUtils::jsonParse(buf);
-						std::string metaHash = OSUtils::jsonBinFromHex(d.meta[ZT_SOFTWARE_UPDATE_JSON_UPDATE_HASH]);
-						if ((metaHash.length() == ZT_SHA512_DIGEST_LEN)&&(OSUtils::readFile((udd + ZT_PATH_SEPARATOR_S + u->substr(0,u->length() - 5)).c_str(),d.bin))) {
-							uint8_t sha512[ZT_SHA512_DIGEST_LEN];
-							SHA512::hash(sha512,d.bin.data(),(unsigned int)d.bin.length());
-							if (!memcmp(sha512,metaHash.data(),ZT_SHA512_DIGEST_LEN)) { // double check that hash in JSON is correct
-								_dist[Array<uint8_t,16>(sha512)] = d;
-							}
-						}
-					} catch ( ... ) {} // ignore bad meta JSON, etc.
-				}
+public:
+	bool isValidSigningIdentity(const Identity &id)
+	{
+		return (
+			/* 0001 - 0004 : obsolete, used in old versions */
+		  /* 0005 */   (id == Identity("ba57ea350e:0:9d4be6d7f86c5660d5ee1951a3d759aa6e12a84fc0c0b74639500f1dbc1a8c566622e7d1c531967ebceb1e9d1761342f88324a8ba520c93c35f92f35080fa23f"))
+		  /* 0006 */ ||(id == Identity("5067b21b83:0:8af477730f5055c48135b84bed6720a35bca4c0e34be4060a4c636288b1ec22217eb22709d610c66ed464c643130c51411bbb0294eef12fbe8ecc1a1e2c63a7a"))
+		  /* 0007 */ ||(id == Identity("4f5e97a8f1:0:57880d056d7baeb04bbc057d6f16e6cb41388570e87f01492fce882485f65a798648595610a3ad49885604e7fb1db2dd3c2c534b75e42c3c0b110ad07b4bb138"))
+		  /* 0008 */ ||(id == Identity("580bbb8e15:0:ad5ef31155bebc6bc413991992387e083fed26d699997ef76e7c947781edd47d1997161fa56ba337b1a2b44b129fd7c7197ce5185382f06011bc88d1363b4ddd"))
+		);
+	}
+
+	void doUpdateCheck()
+	{
+		std::string url(OneService::autoUpdateUrl());
+		if ((url.length() <= 7)||(url.substr(0,7) != "http://"))
+			return;
+
+		std::string httpHost;
+		std::string httpPath;
+		{
+			std::size_t slashIdx = url.substr(7).find_first_of('/');
+			if (slashIdx == std::string::npos) {
+				httpHost = url.substr(7);
+				httpPath = "/";
+			} else {
+				httpHost = url.substr(7,slashIdx);
+				httpPath = url.substr(slashIdx + 7);
 			}
 		}
+		if (httpHost.length() == 0)
+			return;
+
+		std::vector<InetAddress> ips(OSUtils::resolve(httpHost.c_str()));
+		for(std::vector<InetAddress>::iterator ip(ips.begin());ip!=ips.end();++ip) {
+			if (!ip->port())
+				ip->setPort(80);
+			std::string nfoPath = httpPath + "LATEST.nfo";
+			std::map<std::string,std::string> requestHeaders,responseHeaders;
+			std::string body;
+			requestHeaders["Host"] = httpHost;
+			unsigned int scode = Http::GET(ZT_AUTO_UPDATE_MAX_HTTP_RESPONSE_SIZE,60000,reinterpret_cast<const struct sockaddr *>(&(*ip)),nfoPath.c_str(),requestHeaders,responseHeaders,body);
+			//fprintf(stderr,"UPDATE %s %s %u %lu\n",ip->toString().c_str(),nfoPath.c_str(),scode,body.length());
+			if ((scode == 200)&&(body.length() > 0)) {
+				/* NFO fields:
+				 *
+				 * file=<filename>
+				 * signedBy=<signing identity>
+				 * ed25519=<ed25519 ECC signature of archive in hex>
+				 * vMajor=<major version>
+				 * vMinor=<minor version>
+				 * vRevision=<revision> */
+				Dictionary<4096> nfo(body.c_str());
+				char tmp[2048];
+
+				if (nfo.get("vMajor",tmp,sizeof(tmp)) <= 0) return;
+				const unsigned int vMajor = Utils::strToUInt(tmp);
+				if (nfo.get("vMinor",tmp,sizeof(tmp)) <= 0) return;
+				const unsigned int vMinor = Utils::strToUInt(tmp);
+				if (nfo.get("vRevision",tmp,sizeof(tmp)) <= 0) return;
+				const unsigned int vRevision = Utils::strToUInt(tmp);
+				if (Utils::compareVersion(vMajor,vMinor,vRevision,ZEROTIER_ONE_VERSION_MAJOR,ZEROTIER_ONE_VERSION_MINOR,ZEROTIER_ONE_VERSION_REVISION) <= 0) {
+					//fprintf(stderr,"UPDATE %u.%u.%u is not newer than our version\n",vMajor,vMinor,vRevision);
+					return;
+				}
+
+				if (nfo.get("signedBy",tmp,sizeof(tmp)) <= 0) return;
+				Identity signedBy;
+				if ((!signedBy.fromString(tmp))||(!isValidSigningIdentity(signedBy))) {
+					//fprintf(stderr,"UPDATE invalid signedBy or not authorized signing identity.\n");
+					return;
+				}
+
+				if (nfo.get("file",tmp,sizeof(tmp)) <= 0) return;
+				std::string filePath(tmp);
+				if ((!filePath.length())||(filePath.find("..") != std::string::npos))
+					return;
+				filePath = httpPath + filePath;
+
+				std::string fileData;
+				if (Http::GET(ZT_AUTO_UPDATE_MAX_HTTP_RESPONSE_SIZE,60000,reinterpret_cast<const struct sockaddr *>(&(*ip)),filePath.c_str(),requestHeaders,responseHeaders,fileData) != 200) {
+					//fprintf(stderr,"UPDATE GET %s failed\n",filePath.c_str());
+					return;
+				}
+
+				if (nfo.get("ed25519",tmp,sizeof(tmp)) <= 0) return;
+				std::string ed25519(Utils::unhex(tmp));
+				if ((ed25519.length() == 0)||(!signedBy.verify(fileData.data(),(unsigned int)fileData.length(),ed25519.data(),(unsigned int)ed25519.length()))) {
+					//fprintf(stderr,"UPDATE %s failed signature check!\n",filePath.c_str());
+					return;
+				}
+
+				/* --------------------------------------------------------------- */
+				/* We made it! Begin OS-specific installation code. */
+
+#ifdef __APPLE__
+				/* OSX version is in the form of a MacOSX .pkg file, so we will
+				 * launch installer (normally in /usr/sbin) to install it. It will
+				 * then turn around and shut down the service, update files, and
+				 * relaunch. */
+				{
+					char bashp[128],pkgp[128];
+					Utils::snprintf(bashp,sizeof(bashp),"/tmp/ZeroTierOne-update-%u.%u.%u.sh",vMajor,vMinor,vRevision);
+					Utils::snprintf(pkgp,sizeof(pkgp),"/tmp/ZeroTierOne-update-%u.%u.%u.pkg",vMajor,vMinor,vRevision);
+					FILE *pkg = fopen(pkgp,"w");
+					if ((!pkg)||(fwrite(fileData.data(),fileData.length(),1,pkg) != 1)) {
+						fclose(pkg);
+						unlink(bashp);
+						unlink(pkgp);
+						fprintf(stderr,"UPDATE error writing %s\n",pkgp);
+						return;
+					}
+					fclose(pkg);
+					FILE *bash = fopen(bashp,"w");
+					if (!bash) {
+						fclose(pkg);
+						unlink(bashp);
+						unlink(pkgp);
+						fprintf(stderr,"UPDATE error writing %s\n",bashp);
+						return;
+					}
+					fprintf(bash,
+						"#!/bin/bash\n"
+						"export PATH=/bin:/usr/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/local/sbin\n"
+						"sleep 1\n"
+						"installer -pkg \"%s\" -target /\n"
+						"sleep 1\n"
+						"rm -f \"%s\" \"%s\"\n"
+						"exit 0\n",
+						pkgp,
+						pkgp,
+						bashp);
+					fclose(bash);
+					long pid = (long)vfork();
+					if (pid == 0) {
+						setsid(); // detach from parent so that shell isn't killed when parent is killed
+						signal(SIGHUP,SIG_IGN);
+						signal(SIGTERM,SIG_IGN);
+						signal(SIGQUIT,SIG_IGN);
+						execl("/bin/bash","/bin/bash",bashp,(char *)0);
+						exit(0);
+					}
+				}
+#endif // __APPLE__
+
+#ifdef __WINDOWS__
+				/* Windows version comes in the form of .MSI package that
+				 * takes care of everything. */
+				{
+					char tempp[512],batp[512],msip[512],cmdline[512];
+					if (GetTempPathA(sizeof(tempp),tempp) <= 0)
+						return;
+					CreateDirectoryA(tempp,(LPSECURITY_ATTRIBUTES)0);
+					Utils::snprintf(batp,sizeof(batp),"%s\\ZeroTierOne-update-%u.%u.%u.bat",tempp,vMajor,vMinor,vRevision);
+					Utils::snprintf(msip,sizeof(msip),"%s\\ZeroTierOne-update-%u.%u.%u.msi",tempp,vMajor,vMinor,vRevision);
+					FILE *msi = fopen(msip,"wb");
+					if ((!msi)||(fwrite(fileData.data(),(size_t)fileData.length(),1,msi) != 1)) {
+						fclose(msi);
+						return;
+					}
+					fclose(msi);
+					FILE *bat = fopen(batp,"wb");
+					if (!bat)
+						return;
+					fprintf(bat,
+						"TIMEOUT.EXE /T 1 /NOBREAK\r\n"
+						"NET.EXE STOP \"ZeroTierOneService\"\r\n"
+						"TIMEOUT.EXE /T 1 /NOBREAK\r\n"
+						"MSIEXEC.EXE /i \"%s\" /qn\r\n"
+						"TIMEOUT.EXE /T 1 /NOBREAK\r\n"
+						"NET.EXE START \"ZeroTierOneService\"\r\n"
+						"DEL \"%s\"\r\n"
+						"DEL \"%s\"\r\n",
+						msip,
+						msip,
+						batp);
+					fclose(bat);
+					STARTUPINFOA si;
+					PROCESS_INFORMATION pi;
+					memset(&si,0,sizeof(si));
+					memset(&pi,0,sizeof(pi));
+					Utils::snprintf(cmdline,sizeof(cmdline),"CMD.EXE /c \"%s\"",batp);
+					CreateProcessA(NULL,cmdline,NULL,NULL,FALSE,CREATE_NO_WINDOW|CREATE_NEW_PROCESS_GROUP,NULL,NULL,&si,&pi);
+				}
+#endif // __WINDOWS__
+
+				/* --------------------------------------------------------------- */
+
+				return;
+			} // else try to fetch from next IP address
+		}
+	}
+
+	void threadMain()
+		throw()
+	{
+		try {
+			this->doUpdateCheck();
+		} catch ( ... ) {}
 	}
+};
+static BackgroundSoftwareUpdateChecker backgroundSoftwareUpdateChecker;
+#endif // ZT_AUTO_UPDATE
+#endif
+
+SoftwareUpdater::SoftwareUpdater(Node &node,const std::string &homePath) :
+	_node(node),
+	_lastCheckTime(0),
+	_homePath(homePath)
+{
 }
 
 SoftwareUpdater::~SoftwareUpdater()
 {
 }
 
+void SoftwareUpdater::loadUpdatesToDistribute()
+{
+	std::string udd(_homePath + ZT_PATH_SEPARATOR_S + "update-dist.d");
+	std::vector<std::string> ud(OSUtils::listDirectory(udd.c_str()));
+	for(std::vector<std::string>::iterator u(ud.begin());u!=ud.end();++u) {
+		// Each update has a companion .json file describing it. Other files are ignored.
+		if ((u->length() > 5)&&(u->substr(u->length() - 5,5) == ".json")) {
+			std::string buf;
+			if (OSUtils::readFile((udd + ZT_PATH_SEPARATOR_S + *u).c_str(),buf)) {
+				try {
+					_D d;
+					d.meta = OSUtils::jsonParse(buf);
+					std::string metaHash = OSUtils::jsonBinFromHex(d.meta[ZT_SOFTWARE_UPDATE_JSON_UPDATE_HASH]);
+					if ((metaHash.length() == ZT_SHA512_DIGEST_LEN)&&(OSUtils::readFile((udd + ZT_PATH_SEPARATOR_S + u->substr(0,u->length() - 5)).c_str(),d.bin))) {
+						uint8_t sha512[ZT_SHA512_DIGEST_LEN];
+						SHA512::hash(sha512,d.bin.data(),(unsigned int)d.bin.length());
+						if (!memcmp(sha512,metaHash.data(),ZT_SHA512_DIGEST_LEN)) { // double check that hash in JSON is correct
+							_dist[Array<uint8_t,16>(sha512)] = d;
+						}
+					}
+				} catch ( ... ) {} // ignore bad meta JSON, etc.
+			}
+		}
+	}
+}
+
 void SoftwareUpdater::handleSoftwareUpdateUserMessage(uint64_t origin,const void *data,unsigned int len)
 {
 	if (!len) return;
@@ -197,7 +409,7 @@ void SoftwareUpdater::handleSoftwareUpdateUserMessage(uint64_t origin,const void
 	}
 }
 
-nlohmann::json SoftwareUpdater::check()
+nlohmann::json SoftwareUpdater::check(const uint64_t now)
 {
 	if (_latestBinLength > 0) {
 		if (_latestBin.length() >= _latestBinLength) {
@@ -236,7 +448,6 @@ nlohmann::json SoftwareUpdater::check()
 		}
 	}
 
-	const uint64_t now = OSUtils::now();
 	if ((now - _lastCheckTime) >= ZT_SOFTWARE_UPDATE_CHECK_PERIOD) {
 		_lastCheckTime = now;
 		char tmp[512];

service/SoftwareUpdater.hpp

@@ -34,17 +34,17 @@
 /**
  * VERB_USER_MESSAGE type ID for software update messages
  */
-#define ZT_SOFTWARE_UPDATE_USER_MESSAGE_TYPE 1000
+#define ZT_SOFTWARE_UPDATE_USER_MESSAGE_TYPE 100
 
 /**
  * ZeroTier address of node that provides software updates
  */
-#define ZT_SOFTWARE_UPDATE_SERVICE 0xc1243d3869ULL
+#define ZT_SOFTWARE_UPDATE_SERVICE 0xb1d366e81fULL
 
 /**
  * ZeroTier identity that must be used to sign software updates
  */
-#define ZT_SOFTWARE_UPDATE_SIGNING_AUTHORITY ""
+#define ZT_SOFTWARE_UPDATE_SIGNING_AUTHORITY "a60ed7a9eb:0:740fd482e02eabd28f69c83ad4353d44c9514627bc0656b5d194e2f34715745b62297120d47d7f0c728424c33297ea499dea4ce006ee3d7c0d802a6fb199d909"
 
 /**
  * Chunk size for in-band downloads (can be changed, designed to always fit in one UDP packet easily)
@@ -117,9 +117,14 @@ public:
 		VERB_DATA = 4
 	};
 
-	SoftwareUpdater(Node &node,const char *homePath,bool updateDistributor);
+	SoftwareUpdater(Node &node,const std::string &homePath);
 	~SoftwareUpdater();
 
+	/**
+	 * Load update-dist.d if it exists
+	 */
+	void loadUpdatesToDistribute();
+
 	/**
 	 * Handle a software update user message
 	 *
@@ -136,7 +141,7 @@ public:
 	 *
 	 * @return Null JSON object or update information if there is an update downloaded and ready
 	 */
-	nlohmann::json check();
+	nlohmann::json check(const uint64_t now);
 
 	/**
 	 * Apply any ready update now