From c251de1cd31641d60ff04d589374c4e17fc559b1 Mon Sep 17 00:00:00 2001
From: Pablo Carranza Velez <pablo@resin.io>
Date: Thu, 27 Apr 2017 13:20:20 -0700
Subject: [PATCH] Only delete the provisioning key if the supervisor is running
 on an OS that supports using the deviceApiKey

This avoids problems when updating the supervisor on an older OS, where the VPN and other
host services still require config.json to have an apiKey field to authenticate.

Change-Type: patch
Signed-off-by: Pablo Carranza Velez <pablo@resin.io>
---
 package.json         |  4 +++-
 src/bootstrap.coffee | 24 +++++++++++++++++-------
 2 files changed, 20 insertions(+), 8 deletions(-)

diff --git a/package.json b/package.json
index f8a2b309..d8c6809b 100644
--- a/package.json
+++ b/package.json
@@ -40,6 +40,8 @@
     "resin-register-device": "^3.0.0",
     "rimraf": "^2.5.4",
     "rwlock": "^5.0.0",
+    "semver": "^5.3.0",
+    "semver-regex": "^1.0.0",
     "sqlite3": "^3.1.0",
     "typed-error": "~0.1.0",
     "yamljs": "^0.2.7"
@@ -52,4 +54,4 @@
     "resin-lint": "^1.3.1",
     "versionist": "^2.8.0"
   }
-}
\ No newline at end of file
+}
diff --git a/src/bootstrap.coffee b/src/bootstrap.coffee
index b90aa2e9..bb7052c5 100644
--- a/src/bootstrap.coffee
+++ b/src/bootstrap.coffee
@@ -10,6 +10,10 @@ appsPath  = '/boot/apps.json'
 _ = require 'lodash'
 deviceConfig = require './device-config'
 TypedError = require 'typed-error'
+osRelease = require './lib/os-release'
+semver = require 'semver'
+semverRegex = require('semver-regex')()
+
 userConfig = {}
 
 DuplicateUuidError = message: '"uuid" must be unique.'
@@ -150,15 +154,21 @@ bootstrapper.done = new Promise (resolve) ->
 		resolve(userConfig)
 		# If we're still using an old api key we can try to exchange it for a valid device key
 		if userConfig.apiKey?
-			exchangeKey()
-			.then ->
-				delete userConfig.apiKey
-				knex('config').update(value: userConfig.deviceApiKey).where(key: 'apiKey')
-				.then ->
-					fs.writeFileAsync(configPath, JSON.stringify(userConfig))
+			Promise.join(
+				osRelease.getOSVersion(config.hostOSVersionPath)
+				exchangeKey()
+				(osVersion) ->
+					# Only delete the provisioning key if we're on a Resin OS version that supports using the deviceApiKey (2.0.2 and above)
+					# or if we're in a non-Resin OS (which is assumed to be updated enough).
+					# Otherwise VPN and other host services that use an API key will break.
+					hasDeviceApiKeySupport = !/^Resin OS /.test(osVersion) or semver.gte(semverRegex.test(osVersion), '2.0.2')
+					delete userConfig.apiKey if hasDeviceApiKeySupport
+					utils.setConfig('apiKey', userConfig.deviceApiKey)
+					.then ->
+						fs.writeFileAsync(configPath, JSON.stringify(userConfig))
+			)
 		return
 
-
 bootstrapper.bootstrapped = false
 bootstrapper.startBootstrapping = ->
 	# Load config file