Fix problem where signed_at time was often expired (#225)

When rebooting a device NervesTime will try to restore a reasonable time from the RTC or the FileTime simulated RTC. This then sets OS time. The shared secret signing code was pulling System.system_time/1 which can lag behind System.os_time/1 for many minutes and can often start on a time that is wildly out of whack. This changes to use os_time meaning devices should reboot and connect much faster by default.
nerves-hub · Aug 6, 2024 · fad7bd0 · fad7bd0
1 parent 72745c2
commit fad7bd0
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/lib/nerves_hub_link/configurators/shared_secret.ex b/lib/nerves_hub_link/configurators/shared_secret.ex
@@ -29,7 +29,9 @@ defmodule NervesHubLink.Configurator.SharedSecret do
       |> Keyword.put_new(:key_length, 32)
       |> Keyword.put_new(:signature_version, "NH1")
       |> Keyword.put_new(:identifier, Nerves.Runtime.serial_number())
-      |> Keyword.put(:signed_at, System.system_time(:second))
+      # Important to use os_time as system_time is not updated by Erlang as
+      # quickly. See https://www.erlang.org/doc/apps/erts/time_correction#erlang-system-time
+      |> Keyword.put(:signed_at, System.os_time(:second))
 
     alg =
       "#{opts[:signature_version]}-HMAC-#{opts[:key_digest]}-#{opts[:key_iterations]}-#{opts[:key_length]}"