Mender standalone stream artifact download

We’re currently trying to use mender in standalone mode (we got an update Server from our company that must be used).
We need to authenticate in order to get an update package.
Is it possible to pipe a byte stream to mender in order to install an artifact?
As an alternative: is it possible to encode authentication into the url provided to mender -install?

Hm, do not think this is possible. Or could you maybe elaborate what your intentions are, to make sure I am not misunderstanding.

As an alternative: is it possible to encode authentication into the url provided to mender -install?

Do not think that authentication data can be provided in the URL. But unsure.

Mender client operates in the following way when interacting with the Mender server, the authentication process is one (separate) thing, and if the device is authorized it can ask for update images and what the server will deliver are pre-signed URLs to the images that are valid for a certain period of time. These pre-signed URLs can then be used to download the image while the link is active.

I do not know if similar flow is applicable in your case.

The current problem we have is that our Server requires basic authentication in each and every request that is issued.

I can think of following solutions:

  1. Communicate with mender using a pipe. This can be either a named pipe or by passing the update package via stdin.
    –> Unfortunately I didn’t find any documentation on whether this is possible at all.
  2. Pass BasicAuth credentials to mender
    –> For this solution I also didn’t find any valuable information on how this could be acheived.
    –> Regarding the credentials in the URL: I tried the format https://username:password@url.com which didn’t work.
  3. Implement a local reverse proxy that redirects requests using the required basic authentication and provides the stream.
    –> This can be done - in fact I am currently using this method but I don’t really like it, as it involves a lot of complexity,

I hope I was able to properly explain the problems I currently encounter.

For 1)
You could use a named pipe instead of a file in standalone mode.
https://www.linuxjournal.com/article/2156

Thank you very much for your suggestion.

I just learned that .net Core creates a named socket when using NamedPipeServerStream.
This is the reason I was not able to use this as input to mender.

Still the most elegant solution (at least in my opinion) would be if mender allowed for passing Authentication as parameter.

I see. For the implications on the backend side, perhaps @mzedel has some ideas?

Though I am willing to implement authentication to mender standalone client. When Trying I failed. I just don’t see an elegant way to do so. Part of my problem is that I don’t know go language yet.

Does anybody have interrest to help me implementing this functionality?

https://tour.golang.org/welcome/1 is a good place to get started :slight_smile:

Go is not the hardest language to pick up, supposedly :wink:

I guess it’s not just the language that made me give up. For hte most time I struggled with the programming patterns that come with the language and also with the development environment.

I ended up using VS-Code in a linux environment and then struggled to get unit tests to run. Honerstly I gave up in order not to waste too much time getting the environment up and running.