Files
MeshCore-mqtt-observer/scripts/inject_git_hash.py
agessaman e85893c4db feat(mqtt): add secure remote command execution via MQTT
Implement JWT-authenticated remote serial command execution over MQTT
with comprehensive security measures:

- JWT verification with Ed25519 signatures for command authentication
- Nonce tracking for replay attack prevention
- Rate limiting per public key
- Command blacklist (get wifi.pwd, set mqtt.admin)
- ACL-based authorization using existing admin list
- Deferred command processing to avoid callback stack overflow
- Memory-pressure degraded mode: auto-disable one analyzer server
  when heap drops below 60KB, with IATA-based geographic preference

Also includes:
- Git commit hash injection in version string via build script
- Graceful settings migration for new preference fields
- CLI commands: mqtt.remote, mqtt.useacl, mqtt.admin

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-01 11:40:08 -08:00

17 lines
469 B
Python

Import("env")
import subprocess
def get_git_hash():
try:
result = subprocess.run(
["git", "rev-parse", "--short", "HEAD"],
capture_output=True, text=True, check=True
)
return result.stdout.strip()
except (subprocess.CalledProcessError, FileNotFoundError):
return "unknown"
git_hash = get_git_hash()
env.Append(CPPDEFINES=[("GIT_COMMIT_HASH", f'\\"{git_hash}\\"')])
print(f"Git commit hash: {git_hash}")