Merge pull request open-horizon#49 from naphelps/issue-48

Issue-48: Updated integration to use FIDO Device Onboard v1.1.6

.github/workflows/build-push.yml

@@ -90,10 +90,10 @@ jobs:
           path: go/src/github.com/${{ github.repository }}
 
       # Prepare the environment
-      - name: Set up golang 1.19
+      - name: Set up golang 1.21
         uses: actions/setup-go@v2
         with:
-          go-version: '1.19'
+          go-version: '1.21'
           check-latest: true
 
       # Configure version variables for later steps, stored in our workflow env. variables

CHANGELOG.md

@@ -1,6 +1,10 @@
 # Changelog
 
 All notable changes to this project will be documented in this file.
+## [1.3.0] - 2023-11.06
+- Issue 48: Updated FDO to support FDO Project's `1.1.6` release.
+- Updated Golang to version `1.21.3`.
+
 
 ## [1.2.0] - 2023-06-14
 - Issue 29: Completed sample-mfg/start-mfg.sh bash script.

Makefile

@@ -1,9 +1,9 @@
 SHELL ?= /bin/bash -e
 # Set this before building the ocs-api binary and FDO-owner-services (for now they use the samme version number)
-export VERSION ?= 1.2.0
-export FIDO_DEVICE_ONBOARD_REL_VER ?= 1.1.5
+export VERSION ?= 1.3.0
+export FIDO_DEVICE_ONBOARD_REL_VER ?= 1.1.6
 # used by sample-mfg/Makefile. Needs to match what is in fdo/supply-chain-tools-v<version>/docker_manufacturer/docker-compose.yml
-STABLE_VERSION ?= 1.2.0
+STABLE_VERSION ?= 1.3.0
 
 #todo: add BUILD_NUMBER like in anax/Makefile
 
@@ -39,6 +39,12 @@ fdo/pri-fidoiot-v$(FIDO_DEVICE_ONBOARD_REL_VER).tar.gz: fdo
 fdo/pri-fidoiot-v$(FIDO_DEVICE_ONBOARD_REL_VER): fdo/pri-fidoiot-v$(FIDO_DEVICE_ONBOARD_REL_VER).tar.gz
 	tar -zxf fdo/pri-fidoiot-v$(FIDO_DEVICE_ONBOARD_REL_VER).tar.gz -C fdo
 
+fdo/third-party-components.tar.gz: fdo
+	wget -P fdo https://github.com/fido-device-onboard/release-fidoiot/releases/download/v$(FIDO_DEVICE_ONBOARD_REL_VER)/third-party-components.tar.gz
+
+fdo/third-party-components: fdo/third-party-components.tar.gz
+	tar -zxf fdo/third-party-components.tar.gz -C fdo
+
 # Build the ocs rest api for linux for the FDO-owner-services container
 ocs-api/linux/ocs-api: ocs-api/*.go ocs-api/*/*.go Makefile
 	mkdir -p ocs-api/linux
@@ -53,7 +59,7 @@ run-ocs-api: ocs-api/ocs-api
 	tools/start-ocs-api.sh
 
 # Build the FDO services docker image - see the build environment requirements listed in docker/Dockerfile
-$(FDO_DOCKER_IMAGE): ocs-api/linux/ocs-api fdo/NOTICES-v$(FIDO_DEVICE_ONBOARD_REL_VER) fdo/pri-fidoiot-v$(FIDO_DEVICE_ONBOARD_REL_VER)
+$(FDO_DOCKER_IMAGE): ocs-api/linux/ocs-api fdo/NOTICES-v$(FIDO_DEVICE_ONBOARD_REL_VER) fdo/pri-fidoiot-v$(FIDO_DEVICE_ONBOARD_REL_VER) fdo/third-party-components
 	- docker rm -f $(FDO_DOCKER_IMAGE) 2> /dev/null || :
 	docker build --build-arg="fido_device_onboard_rel_ver=$(FIDO_DEVICE_ONBOARD_REL_VER)" -t $(DOCKER_REGISTRY)/$@:$(VERSION) $(FDO_IMAGE_LABELS) $(DOCKER_OPTS) -f docker/Dockerfile .
 

README.md

@@ -1,4 +1,4 @@
-# Open Horizon FDO 1.2.0
+# Open Horizon FDO
 
 ## Overview of the Open Horizon FDO Support
 
@@ -28,7 +28,7 @@ The FDO owner service are packaged as a single docker container that can be run
    # An all-in-1 environment example:
    export HZN_EXCHANGE_USER_AUTH=admin:password  # <identity>:<password>
    export HZN_ORG_ID=myorg  # <organization>
-   export FIDO_DEVICE_ONBOARD_REl_VER=1.1.5 # https://github.com/fido-device-onboard/release-fidoiot/releases
+   export FIDO_DEVICE_ONBOARD_REl_VER=1.1.6 # https://github.com/fido-device-onboard/release-fidoiot/releases
    export VERBOSE=true # optional, for debug
    ```
 
@@ -47,7 +47,7 @@ The FDO owner service are packaged as a single docker container that can be run
 5. Start the FDO owner service docker container and view the log:
 
    ```bash
-   ./docker/run-fdo-owner-service.sh 1.2.0
+   ./docker/run-fdo-owner-service.sh 1.3.0
    docker logs -f fdo-owner-service
    ```
 
@@ -115,7 +115,7 @@ The sample script called `start-mfg.sh` downloads and extracts all necessary com
  ```bash
 curl -sSLO https://raw.githubusercontent.com/open-horizon/FDO-support/main/sample-mfg/start-mfg.sh
 chmod +x start-mfg.sh
-export FIDO_DEVICE_ONBOARD_REL_VER=1.1.5 # https://github.com/fido-device-onboard/release-fidoiot/releases
+export FIDO_DEVICE_ONBOARD_REL_VER=1.1.6 # https://github.com/fido-device-onboard/release-fidoiot/releases
 export FDO_MFG_SVC_AUTH=apiUser:password # apiUser:<password>
 export FDO_MFG_PORT=8039
 export FDO_OWN_COMP_SVC_PORT=9008
@@ -340,7 +340,7 @@ DROP DATABASE fdo;
 
 #### <a name="troubleshooting"></a>Troubleshooting
 
-- If the edge device does not give a `[INFO ] TO2 completed successfully. [INFO ] Starting Fdo Completed`, check /fdo/pri-fidoiot-v1.1.5/owner/app-data/service.log or use command `docker logs -f fdo-owner-service` for error messages.
+- If the edge device does not give a `[INFO ] TO2 completed successfully. [INFO ] Starting Fdo Completed`, check /fdo/pri-fidoiot-v1.1.6/owner/app-data/service.log or use command `docker logs -f fdo-owner-service` for error messages.
 - If your Owner, RV or Manufacturer service does not respond, you can check the logs in the same location as above. If the logs never printed that it started the service, for example: "Started Owner Service", then make sure you have all dependencies installed and environment variables correctly exported.
 - If your Service Info Package fails during the process of getting onboarded to the edge device, make sure you posted the file correctly to the owner service DB. Also make sure that you posted the correct To2 address.
 

docker/Dockerfile

@@ -45,7 +45,7 @@ WORKDIR /root
 # Note: due to a bug in microdnf, using the --nodocs option causes an exit code of 141: https://github.com/rpm-software-management/microdnf/issues/50
 RUN mkdir -p /run/user/$UID && \
     microdnf update -y --nodocs 1>/dev/null 2>&1 && \
-    microdnf install -y --nodocs ca-certificates findutils gettext java-11-openjdk openssl procps shadow-utils tar && \
+    microdnf install -y --nodocs ca-certificates findutils gettext java-17-openjdk openssl procps shadow-utils tar && \
     microdnf clean all
 
 #RUN curl -sS -o epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
@@ -78,11 +78,12 @@ USER fdouser
 WORKDIR $WORKDIR
 
 ARG fido_device_onboard_rel_ver
-ENV FIDO_DEVICE_ONBOARD_REL_VER=${fido_device_onboard_rel_ver:-1.1.5}
+ENV FIDO_DEVICE_ONBOARD_REL_VER=${fido_device_onboard_rel_ver:-1.1.6}
 
 # Get the license file
 COPY LICENSE.txt /licenses/
-COPY fdo/NOTICES-v${FIDO_DEVICE_ONBOARD_REL_VER}/pri-fidoiot/* /licenses/FDOIotPlatformSDK/
+#${FIDO_DEVICE_ONBOARD_REL_VER} 1.1.6 uses 1.1.5.
+COPY fdo/NOTICES-v1.1.5/pri-fidoiot/* /licenses/FDOIotPlatformSDK/
 
 # Get owner db files. The owner subdir will be created automatically by COPY
 # Note: need to use uid and gid to be able to build on non-linux hosts

docker/run-fdo-owner-service.sh

@@ -6,7 +6,7 @@ if [[ "$1" == "-h" || "$1" == "--help" ]]; then
     cat << EndOfMessage
 Usage: ${0##*/} [<image-version>]
 Arguments:
-  <image-version>  The image tag to use. Defaults to '1.2.0'
+  <image-version>  The image tag to use. Defaults to '1.3.0'
 Required environment variables:
   HZN_MGMT_HUB_CERT: the base64 encoded content of the management hub cluster ingress self-signed certificate (can be set to 'N/A' if the mgmt hub does not require a cert). If set, this certificate is given to the edge nodes in the HZN_MGMT_HUB_CERT_PATH variable.
 
@@ -25,6 +25,7 @@ Optional environment variables (that do not usually need to be set):
   FDO_OWN_DB:                 Database name for the FDO Owner Service's database.
   FDO_OWN_DB_PASSWORD:        Database user's password for the FDO Owner Service's database. Default is generated.
   FDO_OWN_DB_PORT:            Docker external port number for the FDO Owner Service's database.
+  FDO_OWN_DB_SSL:             Database connection SSL toggle. Default is false.
   FDO_OWN_DB_USER:            Database username for the FDO Owner Service's database.
   FDO_OWN_SVC_AUTH:           FDO Owner Service API credentials. Default is generated. Format: apiUser:<password>
   FDO_OWN_SVC_CERT_PATH:      Path that the directory holding the certificate and key files is mounted to within the container. Default is /home/sdouser/ocs-api-dir/keys .
@@ -49,12 +50,13 @@ generateToken() { head -c 1024 /dev/urandom | base64 | tr -cd "[:alpha:][:digit:
 export CSS_PORT_EXTERNAL=${CSS_PORT_EXTERNAL:-9443}
 export EXCHANGE_INTERNAL_URL=${EXCHANGE_INTERNAL_URL:-http://exchange-api:8080/v1} # Internal docker network, for this container.
 export EXCHANGE_PORT_EXTERNAL=${EXCHANGE_PORT_EXTERNAL:-3090}
-export FIDO_DEVICE_ONBOARD_REL_VER=${FIDO_DEVICE_ONBOARD_REL_VER:-1.1.5}
+export FIDO_DEVICE_ONBOARD_REL_VER=${FIDO_DEVICE_ONBOARD_REL_VER:-1.1.6}
 export FDO_OWN_COMP_SVC_PORT=${FDO_OWN_COMP_SVC_PORT:-9008}
 export FDO_OWN_SVC_PORT=${FDO_OWN_SVC_PORT:-8042}
 export FDO_OWN_DB=${FDO_OWN_DB:-fdo}
 export FDO_OWN_DB_PASSWORD=${FDO_OWN_DB_PASSWORD:-$(generateToken 15)}
-export FDO_OWN_DB_PORT=${FDO_OWN_DB_PORT:5433}
+export FDO_OWN_DB_PORT=${FDO_OWN_DB_PORT:-5433}
+export FDO_OWN_DB_SSL=${FDO_OWN_DB_SSL:-false}
 export FDO_OWN_DB_USER=${FDO_OWN_DB_USER:-fdouser}
 export FDO_OWN_SVC_AUTH=${FDO_OWN_SVC_AUTH:-apiUser:$(generateToken 15)}
 export FDO_DB_URL=${FDO_DB_URL:-jdbc:postgresql://postgres-fdo-owner-service:5432/$FDO_OWN_DB}
@@ -71,7 +73,7 @@ export HZN_MGMT_HUB_CERT=${HZN_MGMT_HUB_CERT:-$(cat ./agent-install.crt | base64
 export VERBOSE=${VERBOSE:-false}
 
 EXCHANGE_INTERNAL_CERT="${HZN_MGMT_HUB_CERT:-N/A}"
-VERSION="${1:-1.2.0}"
+VERSION="${1:-1.3.0}"
 
 DOCKER_REGISTRY=${DOCKER_REGISTRY:-openhorizon}
 FDO_DOCKER_IMAGE=${FDO_DOCKER_IMAGE:-fdo-owner-services}
@@ -139,6 +141,7 @@ docker run -d \
 docker run -d \
            -e "FDO_DB_PASSWORD=$FDO_OWN_DB_PASSWORD" \
            -e "FDO_OPS_SVC_HOST=$HZN_LISTEN_IP:$FDO_OWN_SVC_PORT" \
+           -e "FDO_DB_SSL=$FDO_OWN_DB_SSL" \
            -e "FDO_DB_USER=$FDO_OWN_DB_USER" \
            -e "FDO_DB_URL=$FDO_DB_URL" \
            -e "HZN_FDO_API_URL=$HZN_TRANSPORT://$HZN_LISTEN_IP:$FDO_OWN_SVC_PORT" \

docker/start-fdo-owner-service.sh

@@ -10,7 +10,7 @@ ocsDbDir="${1:-"ocs-db/"}"
 ocsApiPort="${2:-${SDO_OCS_API_TLS_PORT:-${SDO_OCS_API_PORT:-$ocsApiPortDefault}}}"  # precedence: arg, or tls port, or non-tls port, or default
 
 workingDir='/home/fdouser'
-FIDO_DEVICE_ONBOARD_REL_VER=${FIDO_DEVICE_ONBOARD_REL_VER:-1.1.5} # https://github.com/fido-device-onboard/release-fidoiot/releases
+FIDO_DEVICE_ONBOARD_REL_VER=${FIDO_DEVICE_ONBOARD_REL_VER:-1.1.6} # https://github.com/fido-device-onboard/release-fidoiot/releases
 deviceBinaryDir="pri-fidoiot-v$FIDO_DEVICE_ONBOARD_REL_VER"
 # These can be passed in via CLI args or env vars
 tmp_pass=`head -c 15 /dev/random | base64`
@@ -21,6 +21,7 @@ ownerPort=${HZN_FDO_SVC_URL:-$ownerPortDefault}
 ownerExternalPort=${FDO_OWNER_EXTERNAL_PORT:-$ownerPort}
 FDO_DB_USER=${FDO_DB_USER:-}
 FDO_DB_PASSWORD=${FDO_DB_PASSWORD:-}
+FDO_DB_SSL=${FDO_DB_SSL:-false}
 HZN_LISTEN_IP=${HZN_LISTEN_IP:-127.0.0.1}
 HZN_FDO_API_URL=${HZN_FDO_API_URL:-"http://$HZN_LISTEN_IP:$ownerApiPort"}
 FDO_DB_URL=${FDO_DB_URL:-"jdbc:postgresql://postgres-fdo-owner-service:5432/fdo"}
@@ -125,6 +126,7 @@ done
 #override auto-generated DB username and password with variables
 sed -i -e "s/db_user=.*/db_user=$FDO_DB_USER/" $workingDir/$deviceBinaryDir/owner/service.env
 sed -i -e "s/db_password=.*/db_password=$FDO_DB_PASSWORD/" $workingDir/$deviceBinaryDir/owner/service.env
+sed -i -e "s/useSSL=.*/useSSL=$FDO_DB_SSL/" $workingDir/$deviceBinaryDir/owner/service.env
 
 ##configure hibernate.cfg.xml to use PostgreSQL database
 sed -i -e 's/org.mariadb.jdbc.Driver/org.postgresql.Driver/' $workingDir/$deviceBinaryDir/owner/hibernate.cfg.xml
@@ -153,13 +155,13 @@ sed -i -e '/- db_password/ s/./#&/' $workingDir/$deviceBinaryDir/owner/service.y
 chk $? 'sed owner/service.yml db_password'
 
 #need java installed in order to generate the SSL keystore for HTTPS
-# If java 11 isn't installed, do that
-if java -version 2>&1 | grep version | grep -q 11.; then
-    echo "Found java 11"
+# If java 17 isn't installed, do that
+if java -version 2>&1 | grep version | grep -q 17.; then
+    echo "Found java 17"
 else
-    echo "Java 11 not found, installing it..."
-    apt-get update && apt-get install -y openjdk-11-jre-headless
-    chk $? 'installing java 11'
+    echo "Java 17 not found, installing it..."
+    apt-get update && apt-get install -y openjdk-17-jre-headless
+    chk $? 'installing java 17'
 fi
 
 #    echo "Using local testing configuration, because FDO_DEV=$FDO_DEV"

docs/ocs-api-swagger.yml

@@ -13,7 +13,7 @@ info:
   license:
     name: Apache 2.0
     url: http://www.apache.org/licenses/LICENSE-2.0.html
-  version: 1.2.0
+  version: 1.3.0
 externalDocs:
   description: Find out more about Open Horizon Support for FDO
   url: https://github.com/open-horizon/FDO-support

getFDO.sh

@@ -14,31 +14,31 @@ chk() {
     exit $exitCode
 }
 
-echo "Retrieving FDO Release 1.1.5 dependencies..."
+echo "Retrieving FDO Release 1.1.6 dependencies..."
 mkdir -p ${SCRIPT_LOCATION}/fdo && cd ${SCRIPT_LOCATION}/fdo
 chk $? 'making fdo dir'
 
 echo "Getting client-sdk-fidoiot"
-curl --progress-bar -LO https://github.com/fido-device-onboard/release-fidoiot/releases/download/v1.1.5/client-sdk-fidoiot-v1.1.5.tar.gz
+curl --progress-bar -LO https://github.com/fido-device-onboard/release-fidoiot/releases/download/v1.1.6/client-sdk-fidoiot-v1.1.6.tar.gz
 chk $? 'downloading client-sdk-fidoiot'
-tar -zxf client-sdk-fidoiot-v1.1.5.tar.gz
+tar -zxf client-sdk-fidoiot-v1.1.6.tar.gz
 chk $? 'unpacking client-sdk-fidoiot'
 
 
 echo "Getting Protocol Reference Implementation"
-curl --progress-bar -LO https://github.com/fido-device-onboard/release-fidoiot/releases/download/v1.1.5/pri-fidoiot-v1.1.5.tar.gz
+curl --progress-bar -LO https://github.com/fido-device-onboard/release-fidoiot/releases/download/v1.1.6/pri-fidoiot-v1.1.6.tar.gz
 chk $? 'downloading pri'
-tar -zxf pri-fidoiot-v1.1.5.tar.gz
+tar -zxf pri-fidoiot-v1.1.6.tar.gz
 chk $? 'unpacking pri'
 
 echo "Getting NOTICES"
-curl --progress-bar -LO https://github.com/fido-device-onboard/release-fidoiot/releases/download/v1.1.5/NOTICES-v1.1.5.tar.gz
+curl --progress-bar -LO https://github.com/fido-device-onboard/release-fidoiot/releases/download/v1.1.6/NOTICES-v1.1.6.tar.gz
 chk $? 'downloading NOTICES'
-tar -zxf NOTICES-v1.1.5.tar.gz
+tar -zxf NOTICES-v1.1.6.tar.gz
 chk $? 'unpacking NOTICES'
 
 echo "Getting Third Party Components"
-curl --progress-bar -LO https://github.com/fido-device-onboard/release-fidoiot/releases/download/v1.1.5/third-party-components.tar.gz
+curl --progress-bar -LO https://github.com/fido-device-onboard/release-fidoiot/releases/download/v1.1.6/third-party-components.tar.gz
 chk $? 'downloading third-party-components'
 tar -zxf third-party-components.tar.gz
 chk $? 'unpacking third-party-components'

ocs-api/go.mod

@@ -1,5 +1,5 @@
 module github.com/open-horizon/FDO-support/ocs-api
 
-go 1.19
+go 1.21
 
 require github.com/Snawoot/go-http-digest-auth-client v1.1.3

sample-mfg/fdo_to.service

@@ -10,8 +10,8 @@ Before=user-sessions.service
 [Service]
 # For oneshot, systemd expects the command to NOT fork itself, and timeout is disabled by default
 Type=oneshot
-WorkingDirectory=/home/device/fdo/pri-fidoiot-v1.1.5/device
-ExecStart=/bin/java -jar /home/device/fdo/pri-fidoiot-v1.1.5/device/device.jar
+WorkingDirectory=/home/device/fdo/pri-fidoiot-v1.1.6/device
+ExecStart=/bin/java -jar /home/device/fdo/pri-fidoiot-v1.1.6/device/device.jar
 
 [Install]
 WantedBy=multi-user.target

sample-mfg/start-mfg.sh

@@ -23,18 +23,19 @@ Required Environment Variables:
   HZN_EXCHANGE_USER_AUTH: Exchange user's username and password.
 
 Optional Environment Variables:
-  FDO_MFG_DB: Database name for FDO's manufacturing services
-  FDO_MFG_DB_URL: Database path and protocol
-  FDO_MFG_DB_PASSWORD: Database user's password
-  FDO_MFG_DB_USER: Database user
-  FDO_RV_URL: Usually the development RV server running with the owner services. To use the production RV service, set to http://fdorv.com
+  FDO_MFG_DB:             Database name for FDO's manufacturing services
+  FDO_MFG_DB_URL:         Database path and protocol
+  FDO_MFG_DB_PASSWORD:    Database user's password
+  FDO_MFG_DB_SSL:         Database connection SSL toggle
+  FDO_MFG_DB_USER:        Database user
+  FDO_RV_URL:             Usually the development RV server running with the owner services. To use the production RV service, set to http://fdorv.com
   HZN_EXCHANGE_USER_AUTH: API password for service APIs
-  HZN_FDO_SVC_URL: Owner Service url.
-  HZN_LISTEN_IP: External address of Open Horizon's Management Hub.
-  HZN_ORG_ID: Exchange user's organization
-  HZN_TRANSPORT: http or https. Only http is currently supported.
-  rvHttpPort: Rendezvous server http port. If no http present, then set this as the https port
-  rvHttpsPort: Rendezvous server https port
+  HZN_FDO_SVC_URL:        Owner Service url.
+  HZN_LISTEN_IP:          External address of Open Horizon's Management Hub.
+  HZN_ORG_ID:             Exchange user's organization
+  HZN_TRANSPORT:          http or https. Only http is currently supported.
+  rvHttpPort:             Rendezvous server http port. If no http present, then set this as the https port
+  rvHttpsPort:            Rendezvous server https port
 
 
 ${0##*/} must be run in a directory where it has access to create a few files and directories.
@@ -55,13 +56,14 @@ generateToken() { head -c 1024 /dev/urandom | base64 | tr -cd "[:alpha:][:digit:
 export FDO_MFG_DB=${FDO_MFG_DB:-fdo_mfg}
 export FDO_MFG_DB_PASSWORD=${FDO_MFG_DB_PASSWORD:-$(generateToken 15)}
 export FDO_MFG_DB_PORT=${FDO_MFG_DB_PORT:-5434}
+export FDO_MFG_DB_SSL=${FDO_MFG_DB_SSL:-false}
 export FDO_MFG_DB_URL=${FDO_MFG_DB_URL:-jdbc:postgresql://postgres-fdo-mfg-service:5432/$FDO_MFG_DB}
 export FDO_MFG_DB_USER=${FDO_MFG_DB_USER:-fdouser}
 export FDO_MFG_PORT=${FDO_MFG_PORT:-8039}
 export FDO_MFG_SVC_AUTH=${FDO_MFG_SVC_AUTH:-apiUser:$(generateToken 15)}
 export FDO_OWN_COMP_SVC_PORT=${FDO_OWN_COMP_SVC_PORT:-9008}
 export FDO_RV_URL=${FDO_RV_URL:-http://test.fdorv.com} # set to the development domain by default
-export FIDO_DEVICE_ONBOARD_REL_VER=${FIDO_DEVICE_ONBOARD_REL_VER:-1.1.5} # https://github.com/fido-device-onboard/release-fidoiot/releases
+export FIDO_DEVICE_ONBOARD_REL_VER=${FIDO_DEVICE_ONBOARD_REL_VER:-1.1.6} # https://github.com/fido-device-onboard/release-fidoiot/releases
 export HZN_DOCK_NET=${HZN_DOCK_NET:-hzn_horizonnet}
 #export HZN_EXCHANGE_USER_AUTH=${HZN_EXCHANGE_USER_AUTH:-admin:} # Default to organization admin provided by all-in-1 environment
 export HZN_LISTEN_IP=${HZN_LISTEN_IP:-127.0.0.1}
@@ -245,14 +247,14 @@ confirmcmds grep curl ping   # these should be in the minimal ubuntu
 
 
 # If java 11 isn't installed, do that
-if java -version 2>&1 | grep version | grep -q '1[1-7]\.'; then
-  echo "Found java 11"
+if java -version 2>&1 | grep version | grep -q '1[7-7]\.'; then
+  echo "Found java 17"
 else
-  echo "Java 11 not found, installing it..."
+  echo "Java 17 not found, installing it..."
   if isUbuntu2x; then
-    apt-get update && apt-get install -y openjdk-11-jre-headless
+    apt-get update && apt-get install -y openjdk-17-jre-headless
   elif isFedora; then
-    dnf install -y java-11-openjdk
+    dnf install -y java-17-openjdk
   else
     echo "Unsupported distribution, exiting" && exit 1
   fi
@@ -348,6 +350,7 @@ cd ../../ || exit
 # override auto-generated DB username and password with variables
 sed -i -e "s/db_user=.*/db_user=$FDO_MFG_DB_USER/" $PWD/$deviceBinaryDir/owner/service.env
 sed -i -e "s/db_password=.*/db_password=$FDO_MFG_DB_PASSWORD/" $PWD/$deviceBinaryDir/owner/service.env
+sed -i -e "s/useSSL=.*/useSSL=$FDO_MFG_DB_SSL/" $PWD/$deviceBinaryDir/owner/service.env
 
 # device/service.yml configuration to point to local manufacturing port
 sed -i -e 's/di-url:.*/di-url: '$HZN_TRANSPORT':\/\/'$HZN_LISTEN_IP':'$FDO_MFG_PORT'/' $PWD/$deviceBinaryDir/device/service.yml

tools/grabCreds.sh

@@ -7,7 +7,7 @@ grabCreds() {
     for i in ${components[@]}; do
         if [[ "${components[@]}" =~ "$i" ]]; then
 
-            keypwd="$(grep -E '^ *api_password=' fdo/pri-fidoiot-v1.1.5/$i/service.env)"
+            keypwd="$(grep -E '^ *api_password=' fdo/pri-fidoiot-v1.1.6/$i/service.env)"
             API_PWD=${keypwd#api_password=}
 
 	    echo export "$i"=$API_PWD