Beta - Ezlo Linux v.2.0.11.1490.4 for Ezlo Plus, Ezlo Secure, Vera Edge controllers

We’ve release a new Beta update for Ezlo Linux firmware v.2.0.11.1490.4 for Ezlo Plus and Ezlo Secure controllers and Vera Edge running Ezlo Linux fw with the following:

Improvements:

• Improved logic of Device settings migration during Firmware upgrade

• Added support for both the CO and Smoke detector functionality for 2GIG-FF-345 Audio Detector

Fixes:

• Fixed the Issue with parameters not updating to defaults after the hub.device.setting.reset

• Fixed the issues with the Led behaviour in the devices exclusion process where the LED on the controller was flashing as if the controller is still in exclusion mode even after clicking the “Exit” button to exit from DPW.

• Fixed the issues on Cameras with controller not requesting cloud storage token before expiration

Known issues:

• Issue on devices that support Tamper where the broadcasts and notifications generated are opposite to the actual tamper state

• Issue on Z-Wave devices with “electric_meter_amper” that is updated only when the hub is restarted. Ampere meter not changing value instantly once pairing a device supporting it (for example pairing a switch and adding some load to it - e.g. connect a bulb)

• Issue on Vera Edge where after the first update from Vera FW to the new Linux FW the “Internet” LED is OFF

• Issues with some Door Locks, as Danalock V3, that are not added with S2 encryption

• Vera Edge Wifi connectifity issues:

  • Issues the Vera Edge controller not being able sometimes to connect to a Wifi network
  • Issus with disabling wifi interfaces not working on Vera Edge
  • Issues with hub.network.get method reporting AP interface as up, even if it is disabled

I tried rebooting my Vera Edge running Ezlo Linux several times but is stuck on firmware 2.0.8.1357.3. Can you guys take a look? Serial is 45006642.

This unit is the ezlo-hub-kit continuous integration test hub so it would be useful to run the latest firmware on it.

{
  "error": null,
  "id": "_ID_",
  "method": "hub.software.info.get",
  "result": {
    "addons": [
      {
        "id": "cameras",
        "version": "1.0.1357.3"
      },
      {
        "id": "lua",
        "version": "1.0.1357.3"
      },
      {
        "id": "zwave",
        "version": "1.0.1357.3"
      }
    ],
    "firmware": "2.0.8.1357.3",
    "plugins": [
      {
        "id": "ezviz",
        "version": "1.0.683"
      },
      {
        "id": "scene_blocks",
        "version": "1.0.682"
      },
      {
        "id": "zwave",
        "version": "1.0.670"
      }
    ]
  },
  "sender": {
    "conn_id": "9a74d285-3aa3-402a-95b8-bfb17c6f35f8",
    "type": "ui"
  }
}

Hello @blacey, please, try again.

Thanks @andryist but still no joy. Perhaps the root cause is the curl auth failure that causes a segmentation fault? I have enabled “Remote Access” and @Oleh also has a username and password that will work with this unit.

Please advise.

root@HUB45006642:/tmp/log/firmware# cat ha-update_manager.log 
**** update_manager Restarted at Tue Mar 30 07:37:00 EDT 2021

2021-03-30 07:37:02 INFO : update_manager: at-a6aa35036093391c85d82fbc [2021-02-03T14:15:29+0000]
2021-03-30 07:37:02 INFO : update_manager: Spread: connected to "4803" with private group "#update_man#localhost"
2021-03-30 07:37:40.526703 INFO : Got request to create update plan for sysupgrade hub-platform-firmware from http://dl.mios.com/linux_firmware/live from snapshot 87
2021-03-30 07:37:40.545018 INFO : Updating available packages list
2021-03-30 07:44:58.084922 WARN : Retry #1 in 10 seconds
2021-03-30 07:51:30.788498 WARN : Retry #2 in 10 seconds
2021-03-30 07:58:03.492730 ERROR: Failed to update available packages list
2021-03-30 07:58:03.493209 WARN : Update available packages failed
2021-03-30 07:58:03.502225 ERROR: Could not create an update plan

--------
root@HUB45006642:/tmp/log/firmware# cat update.log 
2021-03-30 07:36:52 INFO : Starting update process
2021-03-30 07:36:52 WARN : Update journal is empty

--------
root@HUB45006642:/tmp/log/firmware# cat ha-uid.log 

**** uid Restarted at Tue Mar 30 07:36:59 EDT 2021

2021-03-30 07:37:08 INFO : ui_service: at-a6aa35036093391c85d82fbc [2021-02-03T14:15:29+0000]
2021-03-30 07:37:08 INFO : ui_service: Spread: connected to "4803" with private group "#ui_service#localhost"
2021-03-30 07:37:08.664302 INFO : Notice, cache-cloud-info from DB is ignored
2021-03-30 07:37:08.764477 INFO : Notice, cache-owner-info is not present in DB yet
2021-03-30 07:37:09.118680 INFO : NMA client instance is created
2021-03-30 07:37:09.920367 WARN : setAvahiService: avahi configuration write success
2021-03-30 07:37:10.452473 INFO : runMdns: avahi is restarted
2021-03-30 07:37:10.458287 INFO : Starting local server with certificate 0
2021-03-30 07:37:10.464747 INFO : Will start wss LocalNMA server on port 17000
2021-03-30 07:37:10.465547 INFO : Waiting for LocalNMA server open...
2021-03-30 07:37:10.821571 INFO : Done, LocalNMA server started
2021-03-30 07:37:10.822040 INFO : LocalNMA main loop will run in poll/reset mode
2021-03-30 07:37:11.043077 INFO : Done, LocalNMA server is running on port 17000
2021-03-30 07:37:11.044536 INFO : Request local mode credentials and certificates. Current are v25
2021-03-30 07:37:13.465020 INFO : [1/3] Getting controller information
2021-03-30 07:37:17.492317 ERROR: Failed to get controller information: curl send error: name lookup timed out(6)
2021-03-30 07:37:18.465270 INFO : [2/3] Getting controller information
2021-03-30 07:37:19.661025 ERROR: Failed to get controller information: curl send error: The requested URL returned error: 401 Unauthorized(22)
Segmentation fault (core dumped)

**** uid Restarted at Tue Mar 30 07:37:24 EDT 2021

2021-03-30 07:37:24 INFO : ui_service: at-a6aa35036093391c85d82fbc [2021-02-03T14:15:29+0000]
2021-03-30 07:37:24 INFO : ui_service: Spread: connected to "4803" with private group "#ui_service#localhost"
2021-03-30 07:37:24.546956 INFO : Notice, cache-cloud-info from DB is ignored
2021-03-30 07:37:24.560662 INFO : Notice, cache-owner-info is not present in DB yet
2021-03-30 07:37:24.618007 INFO : NMA client instance is created
2021-03-30 07:37:24.624019 WARN : setAvahiService: avahi configuration write success
2021-03-30 07:37:24.713562 INFO : runMdns: avahi is restarted
2021-03-30 07:37:24.722003 INFO : Starting local server with certificate 0
2021-03-30 07:37:24.723975 INFO : Will start wss LocalNMA server on port 17000
2021-03-30 07:37:24.724767 INFO : Waiting for LocalNMA server open...
2021-03-30 07:37:24.767727 INFO : Done, LocalNMA server started
2021-03-30 07:37:24.768215 INFO : LocalNMA main loop will run in poll/reset mode
2021-03-30 07:37:24.825503 INFO : Done, LocalNMA server is running on port 17000
2021-03-30 07:37:24.827089 INFO : Request local mode credentials and certificates. Current are v25
2021-03-30 07:37:27.731119 INFO : [1/3] Getting controller information
2021-03-30 07:37:28.183711 ERROR: Failed to get controller information: curl send error: The requested URL returned error: 401 Unauthorized(22)
2021-03-30 07:37:32.732058 INFO : [2/3] Getting controller information
2021-03-30 07:37:33.056561 ERROR: Failed to get controller information: curl send error: The requested URL returned error: 401 Unauthorized(22)
2021-03-30 07:37:37.731345 INFO : [3/3] Getting controller information
2021-03-30 07:37:38.017844 ERROR: Failed to get controller information: curl send error: The requested URL returned error: 401 Unauthorized(22)
2021-03-30 07:37:38.018846 INFO : [0/20] Connecting to cloud coordinator at https://cloud.ezlo.com:7000/getserver
2021-03-30 07:37:38.836249 INFO : [0/15] NmaClient will re-connect to: wss://nma-server8-cloud.ezlo.com:443
2021-03-30 07:37:39.999197 INFO : Connected to wss://nma-server8-cloud.ezlo.com:443/
2021-03-30 07:37:40.138010 INFO : Received new command: registered
2021-03-30 07:37:40.169698 INFO : Registered on wss://nma-server8-cloud.ezlo.com:443/
2021-03-30 07:37:40.196926 INFO : Received new command: hub.data.list
2021-03-30 07:37:40.368793 INFO : Received new command: hub.software.update.plan
2021-03-30 07:37:40.369748 INFO : Process COMMON command: hub
2021-03-30 07:37:40.640614 INFO : Received new command: cloud.access_keys_controller_sync
2021-03-30 07:37:40.641659 INFO : Current local mode credentials are up-to-date (v25)
2021-03-30 07:37:40.642753 INFO : Received new command: cloud.storage_controller_token
2021-03-30 07:37:40.645010 WARN : No handler was found for the command: cloud
2021-03-30 07:37:40.771558 INFO : Received new command: cloud.access_keys_controller_sync
2021-03-30 07:37:40.772520 INFO : Current local mode credentials are up-to-date (v25)
2021-03-30 07:37:40.773598 INFO : Received new command: cloud.storage_controller_token
2021-03-30 07:37:40.774052 WARN : No handler was found for the command: cloud
2021-03-30 07:37:45.808930 INFO : Received new command: cloud.tunnel_camera_coordinator
2021-03-30 07:37:45.809420 WARN : No handler was found for the command: cloud
2021-03-30 07:37:55.142774 INFO : Received new command: hub.devices.list
2021-03-30 07:37:55.187075 INFO : Received new command: hub.items.list
2021-03-30 07:37:55.265320 INFO : Received new command: hub.scenes.list
root@HUB45006642:/tmp/log/firmware# 

@blacey, thanks for additional logs, we are checking it now and will back with the answer asap.

@andryist and @Oleh,

Thanks for all your help but I hope that you didn’t waste too much time on this. Apologies but it turns out that this was a configuration mistake on my part. As I mentioned, this hub is used by GitHub to regress ezlo-hub-kit and as a result, it did not have access to port 80 (http). As I inspected the logs, I saw it and changed the configuration accordingly. When I first set the g150 up as a continuous integration test hub, there weren’t any firmware updates for it (limited to Plus and Secure) so I didn’t catch my mistake.

update.log

root@HUB45006642:/tmp/log/firmware# cat update.log 
2021-03-30 20:39:59 INFO : Starting update process
2021-03-30 20:39:59 INFO : Finishing sysupgrade
2021-03-30 20:39:59 INFO : Checking if sysupgrade completed successfully...
2021-03-30 20:39:59 INFO : Firmware package has proper version, updating feeds...
2021-03-30 20:39:59 INFO : Sysupgrade completed successfully
2021-03-30 20:39:59 INFO : Executing: install firmware-addons-cameras 1.0.1490.4
2021-03-30 20:39:59 INFO : Updating available packages list
Downloading http://dl.mios.com/linux_firmware/live/bundle/g150/v2/snapshots/87/system/Packages.gz.
Updated list of available packages in /var/opkg-lists/system.
Downloading http://dl.mios.com/linux_firmware/live/bundle/g150/v2/snapshots/87/firmware/Packages.gz.
Updated list of available packages in /var/opkg-lists/firmware.
Downloading http://dl.mios.com/linux_firmware/live/bundle/g150/v2/snapshots/87/plugins/Packages.gz.
Updated list of available packages in /var/opkg-lists/plugins.
Package firmware-addons-cameras (1.0.1490.4) installed in root is up to date.
2021-03-30 20:40:00 INFO : Step completed successfully
2021-03-30 20:40:00 INFO : Executing: install firmware-addons-lua 1.0.1490.4
Package firmware-addons-lua (1.0.1490.4) installed in root is up to date.
2021-03-30 20:40:01 INFO : Step completed successfully
2021-03-30 20:40:01 INFO : Executing: install firmware-addons-zwave 1.0.1490.4
Package firmware-addons-zwave (1.0.1490.4) installed in root is up to date.
2021-03-30 20:40:01 INFO : Step completed successfully
2021-03-30 20:40:01 INFO : Executing: install firmware-plugins-ezviz 1.0.719
Package firmware-plugins-ezviz (1.0.719) installed in root is up to date.
2021-03-30 20:40:01 INFO : Step completed successfully
2021-03-30 20:40:01 INFO : Executing: install firmware-plugins-scene_blocks 1.0.719
Package firmware-plugins-scene_blocks (1.0.719) installed in root is up to date.
2021-03-30 20:40:02 INFO : Step completed successfully
2021-03-30 20:40:02 INFO : Executing: install firmware-plugins-zwave 1.0.728
Package firmware-plugins-zwave (1.0.728) installed in root is up to date.
2021-03-30 20:40:02 INFO : Step completed successfully
2021-03-30 20:40:02 INFO : All steps completed

apitool software info

{
  "error": null,
  "id": "_ID_",
  "method": "hub.software.info.get",
  "result": {
    "addons": [
      {
        "id": "cameras",
        "version": "1.0.1490.4"
      },
      {
        "id": "lua",
        "version": "1.0.1490.4"
      },
      {
        "id": "zwave",
        "version": "1.0.1490.4"
      }
    ],
    "firmware": "2.0.11.1490.4",
    "plugins": [
      {
        "id": "broadlink",
        "version": "1.0.2"
      },
      {
        "id": "ezviz",
        "version": "1.0.719"
      },
      {
        "id": "scene_blocks",
        "version": "1.0.719"
      },
      {
        "id": "zwave",
        "version": "1.0.728"
      }
    ]
  },
  "sender": {
    "conn_id": "db359bce-5198-42d8-9a91-744bca1edbef",
    "type": "ui"
  }
}

ezlo-hub-kit regression tests from GitHub pull request

And all the ezlo-hub-kit tests pass under the new firmware revision.

  EzloCredentials Test Suite
    FileResolver Tests
      ✓ hubs(): registered hubs
      ✓ credentials(): credentials from FileResolver for known hubs
      ✓ credentials(): throw for missing credentials file - invalid path
      ✓ credentials(): throw for missing or invalid hub entry
    EzloCloudResolver Tests
      ✓ hubs(): registered hubs (1541ms)
      ✓ hubs(): throw for non-existant MIOS user (285ms)
      ✓ credentials(): credentials from Cloud for known hubs
      ✓ credentials(): throw for missing or invalid hub entry

  EzloHub Test Suite
    Setup - identify locally testable hubs
      ✓ Registered hubs: 45006642
      ✓ Hub 45006642 is available for test execution
      ✓ Hub 45006642 selected for test execution
    Hub Discovery
      ✓ Discovered hubs: 45006642
      ✓ discoverEzloHubs() (548ms)
    Secure Login (for each locally available ezlo hub)
      ✓ Securely connected to local hub 45006642, model: g150, architecture: mips, firmware: 2.0.11.1490.4
      ✓ Connect to each available hub (1999ms)
    Hub Properties
      ✓ info(): hub.info.get
      ✓ data(): hub.data.list
      ✓ devices(): hub.devices.list
      ✓ device(): device with name
      ✓ items(): hub.items.list
      ✓ items(): hub.items.list (for specific device) (39ms)
      ✓ items(): hub.items.list (for non-existant device)
      ✓ item(): item with name for device (62ms)
      ✓ scenes(): hub.scenes.list
      ✓ scene(): scene with name
      ✓ scene(): scene with name - non-existant
      ✓ rooms(): hub.room.list
      ✓ room(): room with name
      ✓ houseModes(): hub.modes.get
      ✓ houseMode(): house mode with name
      ✓ houseMode(): invalid mode name (type)
      ✓ currentHouseMode(): valid mode id
      ✓ currentHouseMode(): valid mode name
    Hub Event Observations
      ✓ addObserver(): hub.offline.login.ui
    Hub Actions
      ✓ setHouseMode(): hub.modes.switch to current mode (56ms)
      ✓ setHouseMode(): hub.modes.switch to new mode (1137ms)
      ✓ setHouseMode(): hub.modes.switch to invalid mode (60ms)
        ➔ running scene "Test:6017135afcbac705f59d137d"
      ✓ runScene() (84ms)
      - setItemValue()
    Keep-alive test
      - connection-interrupt test
  
33 passing (8s)
  2 pending

All looks good and thanks again.

Best,
Bruce

I discovered one firmware-upgrade bug. Here is what I just filed under ECS-515.

Ezlo Linux v.2.0.11.1490.4 on g150 re-enables AP on first boot after firmware upgrade

My Vera Edge is connected to Ethernet and I disabled WiFi and AP using the iOS Vera app. However, yesterday I upgraded to Ezlo Linux v.2.0.11.1490.4 and noticed that the mios_45006642 AP was visible. I checked that the settings were disabled so I rebooted the Vera Edge and the AP disappeared. It seems that first boot after a firmware upgrade enables the AP even if WiFi and AP are disabled on the hub.

It would be good to fix this ASAP because the Vera Edge AP causes significant interference with my main WiFi because it is physically very close to my main WiFi AP.

Hi guys,

why, after a firmware update, does my Ezlo Plus loose connection with my zigbee devices? It takes a power cycle, and a manual turn on/off of a plug adapter for the device to be reconnected. Should this be happening?

Mios App Android Version: 1.67.1.72
Controller: 90000348
Firmware: 2.0.11.1490.4

Thanks
Tony

@Oleh, @andryist, @alecs - I was reflecting upon the recent installation failure that I experienced and it brought to light a serious security issue.

While the download failure was due to the fact that my Edge only had https access to the Internet, in today’s IT ecosystem, it is considered poor practice to use non-secure http vs secure https, especially for escalated privilege operations like upgrading the firmware.

Using http leaves Ezlo vulnerable to someone spoofing DNS to point to a rogue server that vends exploited firmware, that if installed, would compromise not only the user’s Hub, but also the user’s entire network. This is even a larger risk for Ezlo Secure that is marketed as a “SECURE” Security System. Furthermore, using https (443) only provides greater compatibility with enterprise and home networks.

I have filed issue ECS-516 accordingly. I do not think this is a lot of work and the risk-reward benefit is significant.

I reported that my Vera Edge could not upgrade to the latest Linux Firmware release and that curl was crashing with a segmentation fault. The root cause was that the Vera Edge did not have access to non-secure http, only https.

Thinking about this further, from a security and compatibility standpoint, all firmware download/upgrade transactions should use ssl to prevent spoofing/attacks/exploits.

curl supports https so it should be trivial to change the upgrade/download scripts to use https to eliminate the ability for someone to spoof dns to point to a rogue firmware that could be loaded on the hubs and compromise user’s entire network.

I’d be interested in your thoughts and plan… I will be happy to remove port 80 access for my Edge to help verify the implementation.