Search code examples
githubesp8266arduino-esp8266

How I do an ESP8266 HTTPupdate via private Github repository?

I try to do an update firmeware via Git repo from an ESP8266. But I don't know how. The repo is private, that mean I need a password, I read that I can use HTTPclient library for authentication. How Github's authentication works?

Also, do I need some extra code for Update library? HTTPclient supports HTTPS?

EDIT: Here some example of my code, but is for a public repo:

update.cpp (I have it in a separate header file)

//#define repo "https://github.com/username/reponame/branch/path/to/file?raw=true"
#define repo "https://raw.githubusercontent.com/username/reponame/branch/path/to/file"

t_httpUpdate_return ret = ESPhttpUpdate.update(client, repo);
// Or:
//t_httpUpdate_return ret = ESPhttpUpdate.update(client, "server", 80, "file.bin");

I have configured httpUpdate error message, it show the next error:

CALLBACK:  HTTP update fatal error code -5
HTTP_UPDATE_FAILD Error (-5): HTTP error: connection lost
Solution

  • There is a different way to do an update from GitHub, first GitHub use a HTTPS connection, that mean you need configure before a TLS/SSL setting, Also, port 80 is for insecure connections, 443 is designed for secure connections.

    Public repository (insecure)

    This is the easier way, just add .setInsecure() to the wifi client from WiFiClientSecure.h library, this allow you to stablish a connection ignoring all alerts from http connection.

    WiFiClientSecure client;
client.setInsecure();

    Is insecure, only do this for testing, not for production.

    You must use https://raw.githubusercontent.com, this is for download raw data from GitHub's public repos, just the file. Your full link to the file must be:

    #define repo "https://raw.githubusercontent.com/<user>/<repo>/master/<path to the .bin>"
t_httpUpdate_return ret = ESPhttpUpdate.update(client, repo);

    Replace <user> with your user name, and <repo> with your repository's name. <path to the .bin> is something like "folder/folder/firmware.bin"

    Public repository (secure):

    There is an example in the official GitHub repository of ESP8266/Arduino. https://github.com/esp8266/Arduino/blob/master/libraries/ESP8266httpUpdate/examples/httpUpdateSecure/httpUpdateSecure.ino

    You can follow this example for a secure connection with httpUpdate. Also you will need to download the certs, this can do by executing the next script in the same folder of your project: https://github.com/esp8266/Arduino/blob/master/libraries/ESP8266WiFi/examples/BearSSL_CertStore/certs-from-mozilla.py

    If you are using windows, to run this script, you will need add "OpenSSL.exe" to the path, Git comes with it, you add the Git's bin folder to the path. Also, you will need one more file "ar.exe", this come with the ESP8266 core. You can also put this two .exe files in the same folder of the script.

    For Arduino IDE is something like:

    %userprofile%\AppData\Local\Arduino15\packages\esp8266\tools\xtensa-lx106-elf-gcc\2.5.0-4-b40a506\xtensa-lx106-elf\bin

    For PlaformIO is:

    %userprofile%\.platformio\packages\toolchain-xtensa\xtensa-lx106-elf\bin

    When the script finish, this will create a folder named data with certs.ar inside. Upload this file system image to ESP8266 with LittleFS.

    Private repository:

    This is the same as the previous one, just couple of things to change, and we will make change to the ESP8266httpUpdate library. We use the same example to httpupdatesecure and you will need to configure a token in your GitHub account.

    Follow the instructions of the help page of GitHub for create a token: https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line

    You only need this option selected Git image

    Copy the token and save it, you only able see one time.

    You can't use raw.githubusercontent.com, will give you error 404, this only work for public repos. You need: api.github.com. You full link looks like:

    https://api.github.com/repos/<user>/<repo>/contents/<path to the .bin>

    And you need to add the headers to the http request, in the ESP8266httpUpdate.cpp, you must put it in the function HTTPUpdateResult ESP8266HTTPUpdate::handleUpdate in the part where start add headers:

    http.addHeader(F("Accept"), "application/vnd.github.v3.raw");
http.addHeader(F("authorization"), "Bearer <your token>");

    Replace <your token> with the one that you created and saved before.

    Remember, edit this library will affect all your future projects, so, when you are done revert or comment the two headers that you added to the library.

    NOTE: Using a token will allow your application access to all your repos, even if your token is read-only. Currently, is not possible generate a token for a specific repo on GitHub. Be careful if you share your code. Better use a dummy account with only one repo for this.