Merge develop into main

.github/workflows/ci.yml

@@ -183,6 +183,11 @@ jobs:
       - name: Build AASDK for ${{ matrix.arch }} on ${{ matrix.distro }}
         run: |
           echo "Building AASDK for ${{ matrix.arch }} architecture"
+          RUN_TESTS=false
+          if [ "${{ github.event_name }}" = "pull_request" ] || [ "${{ github.ref }}" = "refs/heads/main" ] || [ "${{ github.ref }}" = "refs/heads/develop" ]; then
+            RUN_TESTS=true
+          fi
+          echo "RUN_TESTS=${RUN_TESTS} for this build"
           if [ "${{ github.ref }}" = "refs/heads/main" ]; then
             BUILD_TYPE="release"
             echo "Building release packages for main branch"
@@ -196,6 +201,7 @@ jobs:
             --build-arg TARGET_ARCH=${{ matrix.arch }} \
             --build-arg DEBIAN_VERSION=${{ matrix.distro }} \
             --build-arg BUILD_TYPE=${BUILD_TYPE} \
+            --build-arg RUN_TESTS=${RUN_TESTS} \
             --tag aasdk-build:${{ matrix.arch }} \
             --load \
             .

CMakeLists.txt

@@ -153,7 +153,7 @@ endif()
 # Paths
 set(sources_directory ${CMAKE_CURRENT_SOURCE_DIR}/src)
 set(include_directory ${CMAKE_CURRENT_SOURCE_DIR}/include)
-set(include_ut_directory ${CMAKE_CURRENT_SOURCE_DIR}/include_ut)
+set(include_ut_directory ${CMAKE_CURRENT_SOURCE_DIR}/unit_test)
 
 # Set output directories to build directory for proper packaging
 set(CMAKE_ARCHIVE_OUTPUT_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/lib)
@@ -344,12 +344,18 @@ install(FILES "${CMAKE_CURRENT_BINARY_DIR}/include/aasdk/Version.hpp"
 )
 
 # Install SSL certificate and key files
-install(FILES 
-        "${CMAKE_CURRENT_SOURCE_DIR}/cert/headunit.crt"
-        "${CMAKE_CURRENT_SOURCE_DIR}/cert/headunit.key"
-        DESTINATION /etc/openauto
-        PERMISSIONS OWNER_READ GROUP_READ
-        COMPONENT runtime
+install(FILES
+    "${CMAKE_CURRENT_SOURCE_DIR}/cert/headunit.crt"
+    DESTINATION /etc/aasdk
+    PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ
+    COMPONENT runtime
+)
+
+install(FILES
+    "${CMAKE_CURRENT_SOURCE_DIR}/cert/headunit.key"
+    DESTINATION /etc/aasdk
+    PERMISSIONS OWNER_READ OWNER_WRITE
+    COMPONENT runtime
 )
 
 # Export the targets to a script
@@ -390,6 +396,8 @@ install(FILES "${CMAKE_CURRENT_BINARY_DIR}/aasdk.pc"
         COMPONENT development)
 
 if(AASDK_TEST)
+    enable_testing()
+
     add_executable(aasdk_ut
             ${tests_source_files}
             ${tests_include_files})
@@ -400,6 +408,8 @@ if(AASDK_TEST)
             gtest_main
             gmock_main)
 
+    add_test(NAME aasdk_ut COMMAND aasdk_ut)
+
     if(AASDK_CODE_COVERAGE)
         include(CodeCoverage)
         append_coverage_compiler_flags()

Dockerfile

@@ -25,6 +25,7 @@ FROM debian:${DEBIAN_VERSION}-slim
 # Build arguments
 ARG TARGET_ARCH=amd64
 ARG BUILD_TYPE=release
+ARG RUN_TESTS=false
 ARG DEBIAN_FRONTEND=noninteractive
 ARG GIT_COMMIT_ID=unknown
 ARG GIT_BRANCH=unknown
@@ -102,8 +103,11 @@ RUN echo "=== Git environment variables before build ===" && \
     echo "  GIT_DESCRIBE=$GIT_DESCRIBE" && \
     echo "  GIT_COMMIT_TIMESTAMP=$GIT_COMMIT_TIMESTAMP" && \
     echo "  GIT_DIRTY=$GIT_DIRTY" && \
+    echo "  RUN_TESTS=$RUN_TESTS" && \
     echo "=============================================" && \
     export TARGET_ARCH=$(dpkg-architecture -qDEB_HOST_ARCH) && \
+        TEST_ARG="" && \
+        if [ "$RUN_TESTS" = "true" ]; then TEST_ARG="test"; fi && \
         echo "Building AASDK for architecture: $TARGET_ARCH (native compilation)" && \
         # Compute distro-specific release suffix for DEB packages
         DISTRO_DEB_RELEASE=$(bash /src/scripts/distro_release.sh) && \
@@ -112,7 +116,7 @@ RUN echo "=== Git environment variables before build ===" && \
         # Pass through to CMake via build.sh using CMAKE_ARGS
         env DISTRO_DEB_RELEASE="$CPACK_DEB_RELEASE" CMAKE_ARGS="$CMAKE_ARGS -DCPACK_DEBIAN_PACKAGE_RELEASE=$CPACK_DEB_RELEASE -DCPACK_PROJECT_CONFIG_FILE=/src/cmake_modules/CPackProjectConfig.cmake" \
             CROSS_COMPILE=${CROSS_COMPILE} \
-            ./build.sh ${BUILD_TYPE} clean package --skip-protobuf --skip-absl && \
+            ./build.sh ${BUILD_TYPE} clean ${TEST_ARG} package --skip-protobuf --skip-absl && \
     if [ -d "packages" ]; then \
         cp packages/*.deb /output/ 2>/dev/null || true && \
         echo "Packages built:" && \

QUICK_REFERENCE.md

@@ -135,11 +135,38 @@ export TARGET_ARCH=arm64           # Cross-compilation target
 export CMAKE_BUILD_PARALLEL_LEVEL=4 # Parallel build jobs
 export AASDK_LOG_LEVEL=DEBUG       # Logging level
 
+# Runtime tracing (no rebuild required)
+export AASDK_TRACE_CRYPTOR=1               # Enable Cryptor decrypt trace
+export AASDK_TRACE_CRYPTOR_SAMPLE_EVERY=8  # Log every Nth decrypt sample (1-1000)
+export AASDK_TRACE_MESSAGE=1               # Enable MessageInStream trace
+export AASDK_TRACE_MESSAGE_VIDEO_ONLY=1    # Restrict message trace to video channel
+export AASDK_TRACE_MESSAGE_SAMPLE_EVERY=2  # Log every Nth message sample (1-1000)
+
 # Library paths
 export PKG_CONFIG_PATH="/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH"
 export LD_LIBRARY_PATH="/usr/local/lib:$LD_LIBRARY_PATH"
 ```
 
+## Runtime Trace Toggles
+
+Use these toggles to inspect encrypted frame flow at runtime without rebuilding aasdk.
+
+```bash
+# Example: focused projection-path diagnostics
+export AASDK_TRACE_CRYPTOR=1
+export AASDK_TRACE_CRYPTOR_SAMPLE_EVERY=8
+export AASDK_TRACE_MESSAGE=1
+export AASDK_TRACE_MESSAGE_VIDEO_ONLY=1
+export AASDK_TRACE_MESSAGE_SAMPLE_EVERY=2
+```
+
+Expected tags in logs:
+- `[CryptorTrace] decrypt-read`
+- `[CryptorTrace] decrypt-drained`
+- `[MessageTrace] encrypted-pass-through`
+- `[MessageTrace] decrypt`
+- `[MessageTrace] resolve`
+
 ## 📦 Package Information
 
 ### Version Format

debian/postinst

@@ -6,6 +6,46 @@ export DEBIAN_FRONTEND=noninteractive
 
 case "$1" in
     configure)
+        cert_dir="/etc/aasdk"
+        legacy_dir="/etc/openauto"
+        cert_file="$cert_dir/headunit.crt"
+        key_file="$cert_dir/headunit.key"
+
+        # Ensure target cert directory exists.
+        mkdir -p "$cert_dir"
+        chmod 755 "$cert_dir" || true
+
+        # Migrate from the old location if needed.
+        if [ ! -f "$cert_file" ] && [ -f "$legacy_dir/headunit.crt" ]; then
+            cp -f "$legacy_dir/headunit.crt" "$cert_file"
+        fi
+
+        if [ ! -f "$key_file" ] && [ -f "$legacy_dir/headunit.key" ]; then
+            cp -f "$legacy_dir/headunit.key" "$key_file"
+        fi
+
+        # Prefer a dedicated service group when present.
+        cert_group="root"
+        if getent group aasdk >/dev/null 2>&1; then
+            cert_group="aasdk"
+        fi
+
+        if [ -f "$cert_file" ]; then
+            chown root:"$cert_group" "$cert_file" || true
+            chmod 644 "$cert_file" || true
+        fi
+
+        if [ -f "$key_file" ]; then
+            chown root:root "$key_file" || true
+            chmod 600 "$key_file" || true
+
+            # Optional compatibility mode for non-root runtimes in the aasdk group.
+            if [ "$cert_group" = "aasdk" ]; then
+                chown root:aasdk "$key_file" || true
+                chmod 640 "$key_file" || true
+            fi
+        fi
+
         # Update the dynamic linker cache
         if [ -x /sbin/ldconfig ]; then
             /sbin/ldconfig || true

src/Channel/Control/ControlServiceChannel.cpp

@@ -37,6 +37,8 @@ namespace aasdk {
 
       void ControlServiceChannel::sendVersionRequest(SendPromise::Pointer promise) {
         AASDK_LOG_CHANNEL_CONTROL(debug, "sendVersionRequest()");
+        AASDK_LOG(info) << "[ControlServiceChannel] sendVersionRequest major=" << AASDK_MAJOR
+                        << " minor=" << AASDK_MINOR;
 
         auto message(std::make_shared<messenger::Message>(channelId_, messenger::EncryptionType::PLAIN,
                                                           messenger::MessageType::SPECIFIC));
@@ -53,6 +55,7 @@ namespace aasdk {
 
       void ControlServiceChannel::sendHandshake(common::Data handshakeBuffer, SendPromise::Pointer promise) {
         AASDK_LOG_CHANNEL_CONTROL(debug, "sendHandshake()");
+        AASDK_LOG(info) << "[ControlServiceChannel] sendHandshake bytes=" << handshakeBuffer.size();
         auto message(std::make_shared<messenger::Message>(channelId_, messenger::EncryptionType::PLAIN,
                                                           messenger::MessageType::SPECIFIC));
         message->insertPayload(
@@ -193,7 +196,7 @@ namespace aasdk {
         messenger::MessageId messageId(message->getPayload());
         common::DataConstBuffer payload(message->getPayload(), messageId.getSizeOf());
 
-        AASDK_LOG(debug) << "[ControlServiceChannel] MessageId: " << messageId.getId();
+        AASDK_LOG(info) << "[ControlServiceChannel] MessageId: " << messageId.getId();
 
         switch (messageId.getId()) {
           case aap_protobuf::service::control::message::ControlMessageType::MESSAGE_VERSION_RESPONSE: