summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPatrick Vacek <patrickvacek@gmail.com>2019-02-20 09:31:18 +0100
committerGitHub <noreply@github.com>2019-02-20 09:31:18 +0100
commitc4aeaff17deb41b03bc9572f82998ddec4e56513 (patch)
tree880a1f29a00cab7de8d1facf0b896ee9fa1d29de
parent63355f21704996e4a750235ec6f6b914c43f074a (diff)
parent8c2f92d905dc7ab0b903751d2ec5213d449d9c6c (diff)
downloadmeta-updater-c4aeaff17deb41b03bc9572f82998ddec4e56513.tar.gz
Merge pull request #480 from advancedtelematic/backport/sumo/garage-sign-lock-etc
Backport/sumo/garage sign lock etc
Diffstat
-rw-r--r--CONTRIBUTING.adoc6
-rw-r--r--classes/image_types_ostree.bbclass35
-rw-r--r--classes/image_types_ota.bbclass173
-rw-r--r--classes/sota.bbclass10
-rw-r--r--conf/distro/sota.conf.inc6
-rw-r--r--lib/oeqa/selftest/cases/updater.py8
-rw-r--r--recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb6
-rw-r--r--recipes-sota/ostree/ostree_git.bb5
-rw-r--r--recipes-support/libp11/libp11_git.bb (renamed from recipes-support/libp11/libp11_0.4.9.bb)4
-rw-r--r--recipes-support/sc-hsm-embedded/files/0001-Cross-compilation-tweaks.patch86
-rw-r--r--recipes-support/sc-hsm-embedded/sc-hsm-embedded_git.bb22
11 files changed, 130 insertions, 231 deletions
diff --git a/CONTRIBUTING.adoc b/CONTRIBUTING.adoc
index 4d9e8f6..0b40438 100644
--- a/CONTRIBUTING.adoc
+++ b/CONTRIBUTING.adoc
@@ -13,6 +13,12 @@ Previously, some older branches were also regularly supported, and while they sh
13 13
14If you are developing with meta-updater, it may be helpful to read the README and other documentation for link:README.adoc[this repo], https://github.com/advancedtelematic/aktualizr[aktualizr], and the https://github.com/advancedtelematic/updater-repo/[updater-repo], particularly the sections about development and debugging. 14If you are developing with meta-updater, it may be helpful to read the README and other documentation for link:README.adoc[this repo], https://github.com/advancedtelematic/aktualizr[aktualizr], and the https://github.com/advancedtelematic/updater-repo/[updater-repo], particularly the sections about development and debugging.
15 15
16== Developer Certificate of Origin (DCO)
17
18All commits in pull requests must contain a `Signed-off-by:` line to indicate that the developer has agreed to the terms of the https://developercertificate.org[Developer Certificate of Origin]. A simple way to achieve that is to use the `-s` flag of `git commit`.
19
20New pull requests will automatically be checked by the https://probot.github.io/apps/dco/[probot/dco].
21
16== Contributor checklist 22== Contributor checklist
17 23
18* OTA-enabled build succeeds for at least one platform, the resulting image boots, and an update can be installed. This check is absolutely necessary for every pull request unless it only touches documentation. 24* OTA-enabled build succeeds for at least one platform, the resulting image boots, and an update can be installed. This check is absolutely necessary for every pull request unless it only touches documentation.
diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass
index 0acc786..97290ac 100644
--- a/classes/image_types_ostree.bbclass
+++ b/classes/image_types_ostree.bbclass
@@ -1,26 +1,19 @@
1# OSTree deployment 1# OSTree deployment
2 2
3do_image_ostree[depends] += "ostree-native:do_populate_sysroot \ 3do_image_ostree[depends] += "ostree-native:do_populate_sysroot \
4 openssl-native:do_populate_sysroot \
5 coreutils-native:do_populate_sysroot \ 4 coreutils-native:do_populate_sysroot \
6 unzip-native:do_populate_sysroot \
7 virtual/kernel:do_deploy \ 5 virtual/kernel:do_deploy \
8 ${OSTREE_INITRAMFS_IMAGE}:do_image_complete" 6 ${OSTREE_INITRAMFS_IMAGE}:do_image_complete"
9do_image_ostree[lockfiles] += "${OSTREE_REPO}/ostree.lock" 7do_image_ostree[lockfiles] += "${OSTREE_REPO}/ostree.lock"
10 8
11export OSTREE_REPO
12export OSTREE_BRANCHNAME
13export GARAGE_TARGET_NAME
14
15RAMDISK_EXT ?= ".${OSTREE_INITRAMFS_FSTYPES}" 9RAMDISK_EXT ?= ".${OSTREE_INITRAMFS_FSTYPES}"
16 10
17OSTREE_KERNEL ??= "${KERNEL_IMAGETYPE}" 11OSTREE_KERNEL ??= "${KERNEL_IMAGETYPE}"
18
19OSTREE_COMMIT_SUBJECT ??= "Commit-id: ${IMAGE_NAME}" 12OSTREE_COMMIT_SUBJECT ??= "Commit-id: ${IMAGE_NAME}"
20OSTREE_COMMIT_BODY ??= "" 13OSTREE_COMMIT_BODY ??= ""
21OSTREE_UPDATE_SUMMARY ??= "0" 14OSTREE_UPDATE_SUMMARY ??= "0"
22 15
23export SYSTEMD_USED = "${@oe.utils.ifelse(d.getVar('VIRTUAL-RUNTIME_init_manager', True) == 'systemd', 'true', '')}" 16SYSTEMD_USED = "${@oe.utils.ifelse(d.getVar('VIRTUAL-RUNTIME_init_manager', True) == 'systemd', 'true', '')}"
24 17
25IMAGE_CMD_ostree () { 18IMAGE_CMD_ostree () {
26 if [ -z "$OSTREE_REPO" ]; then 19 if [ -z "$OSTREE_REPO" ]; then
@@ -65,7 +58,7 @@ IMAGE_CMD_ostree () {
65 fi 58 fi
66 done 59 done
67 60
68 if [ -n "$SYSTEMD_USED" ]; then 61 if [ -n "${SYSTEMD_USED}" ]; then
69 mkdir -p usr/etc/tmpfiles.d 62 mkdir -p usr/etc/tmpfiles.d
70 tmpfiles_conf=usr/etc/tmpfiles.d/00ostree-tmpfiles.conf 63 tmpfiles_conf=usr/etc/tmpfiles.d/00ostree-tmpfiles.conf
71 echo "d /var/rootdirs 0755 root root -" >>${tmpfiles_conf} 64 echo "d /var/rootdirs 0755 root root -" >>${tmpfiles_conf}
@@ -101,7 +94,7 @@ IMAGE_CMD_ostree () {
101 bbwarn "Data in /$dir directory is not preserved by OSTree. Consider moving it under /usr" 94 bbwarn "Data in /$dir directory is not preserved by OSTree. Consider moving it under /usr"
102 fi 95 fi
103 96
104 if [ -n "$SYSTEMD_USED" ]; then 97 if [ -n "${SYSTEMD_USED}" ]; then
105 echo "d /var/rootdirs/${dir} 0755 root root -" >>${tmpfiles_conf} 98 echo "d /var/rootdirs/${dir} 0755 root root -" >>${tmpfiles_conf}
106 else 99 else
107 echo "mkdir -p /var/rootdirs/${dir}; chown 755 /var/rootdirs/${dir}" >>${tmpfiles_conf} 100 echo "mkdir -p /var/rootdirs/${dir}; chown 755 /var/rootdirs/${dir}" >>${tmpfiles_conf}
@@ -113,11 +106,10 @@ IMAGE_CMD_ostree () {
113 106
114 if [ -d root ] && [ ! -L root ]; then 107 if [ -d root ] && [ ! -L root ]; then
115 if [ "$(ls -A root)" ]; then 108 if [ "$(ls -A root)" ]; then
116 bberror "Data in /root directory is not preserved by OSTree." 109 bbfatal "Data in /root directory is not preserved by OSTree."
117 exit 1
118 fi 110 fi
119 111
120 if [ -n "$SYSTEMD_USED" ]; then 112 if [ -n "${SYSTEMD_USED}" ]; then
121 echo "d /var/roothome 0755 root root -" >>${tmpfiles_conf} 113 echo "d /var/roothome 0755 root root -" >>${tmpfiles_conf}
122 else 114 else
123 echo "mkdir -p /var/roothome; chown 755 /var/roothome" >>${tmpfiles_conf} 115 echo "mkdir -p /var/roothome; chown 755 /var/roothome" >>${tmpfiles_conf}
@@ -189,7 +181,10 @@ IMAGE_CMD_ostreepush () {
189} 181}
190 182
191IMAGE_TYPEDEP_garagesign = "ostreepush" 183IMAGE_TYPEDEP_garagesign = "ostreepush"
192do_image_garagesign[depends] += "aktualizr-native:do_populate_sysroot" 184do_image_garagesign[depends] += "unzip-native:do_populate_sysroot"
185# This lock solves OTA-1866, which is that removing GARAGE_SIGN_REPO while using
186# garage-sign simultaneously for two images often causes problems.
187do_image_garagesign[lockfiles] += "${DEPLOY_DIR_IMAGE}/garagesign.lock"
193IMAGE_CMD_garagesign () { 188IMAGE_CMD_garagesign () {
194 if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then 189 if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
195 # if credentials are issued by a server that doesn't support offline signing, exit silently 190 # if credentials are issued by a server that doesn't support offline signing, exit silently
@@ -197,11 +192,9 @@ IMAGE_CMD_garagesign () {
197 192
198 java_version=$( java -version 2>&1 | awk -F '"' '/version/ {print $2}' ) 193 java_version=$( java -version 2>&1 | awk -F '"' '/version/ {print $2}' )
199 if [ "${java_version}" = "" ]; then 194 if [ "${java_version}" = "" ]; then
200 bberror "Java is required for synchronization with update backend, but is not installed on the host machine" 195 bbfatal "Java is required for synchronization with update backend, but is not installed on the host machine"
201 exit 1
202 elif [ "${java_version}" \< "1.8" ]; then 196 elif [ "${java_version}" \< "1.8" ]; then
203 bberror "Java version >= 8 is required for synchronization with update backend" 197 bbfatal "Java version >= 8 is required for synchronization with update backend"
204 exit 1
205 fi 198 fi
206 199
207 rm -rf ${GARAGE_SIGN_REPO} 200 rm -rf ${GARAGE_SIGN_REPO}
@@ -252,14 +245,12 @@ IMAGE_CMD_garagesign () {
252 rm -rf ${GARAGE_SIGN_REPO} 245 rm -rf ${GARAGE_SIGN_REPO}
253 246
254 if [ "$push_success" -ne "1" ]; then 247 if [ "$push_success" -ne "1" ]; then
255 bberror "Couldn't push to garage repository" 248 bbfatal "Couldn't push to garage repository"
256 exit 1
257 fi 249 fi
258 fi 250 fi
259} 251}
260 252
261IMAGE_TYPEDEP_garagecheck = "ostreepush garagesign" 253IMAGE_TYPEDEP_garagecheck = "garagesign"
262do_image_garagecheck[depends] += "aktualizr-native:do_populate_sysroot"
263IMAGE_CMD_garagecheck () { 254IMAGE_CMD_garagecheck () {
264 if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then 255 if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
265 # if credentials are issued by a server that doesn't support offline signing, exit silently 256 # if credentials are issued by a server that doesn't support offline signing, exit silently
diff --git a/classes/image_types_ota.bbclass b/classes/image_types_ota.bbclass
index f677491..56ba726 100644
--- a/classes/image_types_ota.bbclass
+++ b/classes/image_types_ota.bbclass
@@ -44,106 +44,99 @@ calculate_size () {
44 echo "${SIZE}" 44 echo "${SIZE}"
45} 45}
46 46
47export OSTREE_OSNAME 47IMAGE_CMD_otaimg () {
48export OSTREE_BRANCHNAME 48 if ${@bb.utils.contains('IMAGE_FSTYPES', 'otaimg', 'false', 'true', d)}; then
49export OSTREE_REPO 49 return
50export OSTREE_BOOTLOADER 50 fi
51 if [ -z "$OSTREE_REPO" ]; then
52 bbfatal "OSTREE_REPO should be set in your local.conf"
53 fi
51 54
52export GARAGE_TARGET_NAME 55 if [ -z "$OSTREE_OSNAME" ]; then
56 bbfatal "OSTREE_OSNAME should be set in your local.conf"
57 fi
53 58
54IMAGE_CMD_otaimg () { 59 if [ -z "$OSTREE_BRANCHNAME" ]; then
55 if ${@bb.utils.contains('IMAGE_FSTYPES', 'otaimg', 'true', 'false', d)}; then 60 bbfatal "OSTREE_BRANCHNAME should be set in your local.conf"
56 if [ -z "$OSTREE_REPO" ]; then 61 fi
57 bbfatal "OSTREE_REPO should be set in your local.conf"
58 fi
59 62
60 if [ -z "$OSTREE_OSNAME" ]; then 63 PHYS_SYSROOT=`mktemp -d ${WORKDIR}/ota-sysroot-XXXXX`
61 bbfatal "OSTREE_OSNAME should be set in your local.conf"
62 fi
63 64
64 if [ -z "$OSTREE_BRANCHNAME" ]; then 65 ostree admin --sysroot=${PHYS_SYSROOT} init-fs ${PHYS_SYSROOT}
65 bbfatal "OSTREE_BRANCHNAME should be set in your local.conf" 66 ostree admin --sysroot=${PHYS_SYSROOT} os-init ${OSTREE_OSNAME}
66 fi
67 67
68 PHYS_SYSROOT=`mktemp -d ${WORKDIR}/ota-sysroot-XXXXX` 68 mkdir -p ${PHYS_SYSROOT}/boot/loader.0
69 69 ln -s loader.0 ${PHYS_SYSROOT}/boot/loader
70 ostree admin --sysroot=${PHYS_SYSROOT} init-fs ${PHYS_SYSROOT}
71 ostree admin --sysroot=${PHYS_SYSROOT} os-init ${OSTREE_OSNAME}
72
73 mkdir -p ${PHYS_SYSROOT}/boot/loader.0
74 ln -s loader.0 ${PHYS_SYSROOT}/boot/loader
75
76 if [ "${OSTREE_BOOTLOADER}" = "grub" ]; then
77 mkdir -p ${PHYS_SYSROOT}/boot/grub2
78 ln -s ../loader/grub.cfg ${PHYS_SYSROOT}/boot/grub2/grub.cfg
79 elif [ "${OSTREE_BOOTLOADER}" = "u-boot" ]; then
80 touch ${PHYS_SYSROOT}/boot/loader/uEnv.txt
81 else
82 bberror "Invalid bootloader: ${OSTREE_BOOTLOADER}"
83 fi;
84
85 ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME})
86
87 ostree --repo=${PHYS_SYSROOT}/ostree/repo pull-local --remote=${OSTREE_OSNAME} ${OSTREE_REPO} ${ostree_target_hash}
88 export OSTREE_BOOT_PARTITION="/boot"
89 kargs_list=""
90 for arg in ${OSTREE_KERNEL_ARGS}; do
91 kargs_list="${kargs_list} --karg-append=$arg"
92 done
93
94 ostree admin --sysroot=${PHYS_SYSROOT} deploy ${kargs_list} --os=${OSTREE_OSNAME} ${ostree_target_hash}
95
96 # Copy deployment /home and /var/sota to sysroot
97 HOME_TMP=`mktemp -d ${WORKDIR}/home-tmp-XXXXX`
98 tar --xattrs --xattrs-include='*' -C ${HOME_TMP} -xf ${DEPLOY_DIR_IMAGE}/${IMAGE_LINK_NAME}.rootfs.ostree.tar.bz2 ./usr/homedirs ./var/local || true
99
100 cp -a ${IMAGE_ROOTFS}/var/sota ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/ || true
101 # Create /var/sota if it doesn't exist yet
102 mkdir -p ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/sota
103 # Ensure the permissions are correctly set
104 chmod 700 ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/sota
105
106 mv ${HOME_TMP}/var/local ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/ || true
107 mv ${HOME_TMP}/usr/homedirs/home ${PHYS_SYSROOT}/ || true
108 # Ensure that /var/local exists (AGL symlinks /usr/local to /var/local)
109 install -d ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/local
110 # Set package version for the first deployment
111 target_version=${ostree_target_hash}
112 if [ -n "${GARAGE_TARGET_VERSION}" ]; then
113 target_version=${GARAGE_TARGET_VERSION}
114 elif [ -e "${STAGING_DATADIR_NATIVE}/target_version" ]; then
115 target_version=$(cat "${STAGING_DATADIR_NATIVE}/target_version")
116 fi
117 mkdir -p ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/sota/import
118 echo "{\"${ostree_target_hash}\":\"${GARAGE_TARGET_NAME}-${target_version}\"}" > ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/sota/import/installed_versions
119 70
120 rm -rf ${HOME_TMP} 71 if [ "${OSTREE_BOOTLOADER}" = "grub" ]; then
72 mkdir -p ${PHYS_SYSROOT}/boot/grub2
73 ln -s ../loader/grub.cfg ${PHYS_SYSROOT}/boot/grub2/grub.cfg
74 elif [ "${OSTREE_BOOTLOADER}" = "u-boot" ]; then
75 touch ${PHYS_SYSROOT}/boot/loader/uEnv.txt
76 else
77 bbfatal "Invalid bootloader: ${OSTREE_BOOTLOADER}"
78 fi
121 79
122 # Calculate image type 80 ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME})
123 OTA_ROOTFS_SIZE=$(calculate_size `du -ks $PHYS_SYSROOT | cut -f 1` "${IMAGE_OVERHEAD_FACTOR}" "${IMAGE_ROOTFS_SIZE}" "${IMAGE_ROOTFS_MAXSIZE}" `expr ${IMAGE_ROOTFS_EXTRA_SPACE}` "${IMAGE_ROOTFS_ALIGNMENT}") 81
82 ostree --repo=${PHYS_SYSROOT}/ostree/repo pull-local --remote=${OSTREE_OSNAME} ${OSTREE_REPO} ${ostree_target_hash}
83 kargs_list=""
84 for arg in ${OSTREE_KERNEL_ARGS}; do
85 kargs_list="${kargs_list} --karg-append=$arg"
86 done
87
88 ostree admin --sysroot=${PHYS_SYSROOT} deploy ${kargs_list} --os=${OSTREE_OSNAME} ${ostree_target_hash}
89
90 # Copy deployment /home and /var/sota to sysroot
91 HOME_TMP=`mktemp -d ${WORKDIR}/home-tmp-XXXXX`
92 tar --xattrs --xattrs-include='*' -C ${HOME_TMP} -xf ${DEPLOY_DIR_IMAGE}/${IMAGE_LINK_NAME}.rootfs.ostree.tar.bz2 ./usr/homedirs ./var/local || true
93
94 cp -a ${IMAGE_ROOTFS}/var/sota ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/ || true
95 # Create /var/sota if it doesn't exist yet
96 mkdir -p ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/sota
97 # Ensure the permissions are correctly set
98 chmod 700 ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/sota
99
100 mv ${HOME_TMP}/var/local ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/ || true
101 mv ${HOME_TMP}/usr/homedirs/home ${PHYS_SYSROOT}/ || true
102 # Ensure that /var/local exists (AGL symlinks /usr/local to /var/local)
103 install -d ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/local
104 # Set package version for the first deployment
105 target_version=${ostree_target_hash}
106 if [ -n "${GARAGE_TARGET_VERSION}" ]; then
107 target_version=${GARAGE_TARGET_VERSION}
108 elif [ -e "${STAGING_DATADIR_NATIVE}/target_version" ]; then
109 target_version=$(cat "${STAGING_DATADIR_NATIVE}/target_version")
110 fi
111 mkdir -p ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/sota/import
112 echo "{\"${ostree_target_hash}\":\"${GARAGE_TARGET_NAME}-${target_version}\"}" > ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/sota/import/installed_versions
124 113
125 if [ $OTA_ROOTFS_SIZE -lt 0 ]; then 114 rm -rf ${HOME_TMP}
126 exit -1 115
127 fi 116 # Calculate image size
128 eval local COUNT=\"0\" 117 OTA_ROOTFS_SIZE=$(calculate_size `du -ks $PHYS_SYSROOT | cut -f 1` "${IMAGE_OVERHEAD_FACTOR}" "${IMAGE_ROOTFS_SIZE}" "${IMAGE_ROOTFS_MAXSIZE}" `expr ${IMAGE_ROOTFS_EXTRA_SPACE}` "${IMAGE_ROOTFS_ALIGNMENT}")
129 eval local MIN_COUNT=\"60\"
130 if [ $OTA_ROOTFS_SIZE -lt $MIN_COUNT ]; then
131 eval COUNT=\"$MIN_COUNT\"
132 fi
133 118
134 # create image 119 if [ ${OTA_ROOTFS_SIZE} -lt 0 ]; then
135 rm -rf ${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.otaimg 120 exit -1
136 sync
137 dd if=/dev/zero of=${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.otaimg seek=$OTA_ROOTFS_SIZE count=$COUNT bs=1024
138 mkfs.ext4 -O ^64bit ${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.otaimg -L otaroot -d ${PHYS_SYSROOT}
139 rm -rf ${PHYS_SYSROOT}
140
141 rm -f ${DEPLOY_DIR_IMAGE}/${IMAGE_LINK_NAME}.otaimg
142 ln -s ${IMAGE_NAME}.otaimg ${DEPLOY_DIR_IMAGE}/${IMAGE_LINK_NAME}.otaimg
143 # for forward compatibility
144 rm -f ${DEPLOY_DIR_IMAGE}/${IMAGE_LINK_NAME}.ota-ext4
145 ln -s ${IMAGE_NAME}.otaimg ${DEPLOY_DIR_IMAGE}/${IMAGE_LINK_NAME}.ota-ext4
146 fi 121 fi
122 eval local COUNT=\"0\"
123 eval local MIN_COUNT=\"60\"
124 if [ ${OTA_ROOTFS_SIZE} -lt ${MIN_COUNT} ]; then
125 eval COUNT=\"${MIN_COUNT}\"
126 fi
127
128 # create image
129 rm -rf ${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.otaimg
130 sync
131 dd if=/dev/zero of=${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.otaimg seek=${OTA_ROOTFS_SIZE} count=${COUNT} bs=1024
132 mkfs.ext4 -O ^64bit ${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.otaimg -L otaroot -d ${PHYS_SYSROOT}
133 rm -rf ${PHYS_SYSROOT}
134
135 rm -f ${DEPLOY_DIR_IMAGE}/${IMAGE_LINK_NAME}.otaimg
136 ln -s ${IMAGE_NAME}.otaimg ${DEPLOY_DIR_IMAGE}/${IMAGE_LINK_NAME}.otaimg
137 # for forward compatibility
138 rm -f ${DEPLOY_DIR_IMAGE}/${IMAGE_LINK_NAME}.ota-ext4
139 ln -s ${IMAGE_NAME}.otaimg ${DEPLOY_DIR_IMAGE}/${IMAGE_LINK_NAME}.ota-ext4
147} 140}
148 141
149IMAGE_TYPEDEP_otaimg = "ostree" 142IMAGE_TYPEDEP_otaimg = "ostree"
diff --git a/classes/sota.bbclass b/classes/sota.bbclass
index 1e149ea..4ee4191 100644
--- a/classes/sota.bbclass
+++ b/classes/sota.bbclass
@@ -26,11 +26,13 @@ EXTRA_IMAGEDEPENDS_append_sota = " parted-native mtools-native dosfstools-native
26OSTREE_INITRAMFS_FSTYPES ??= "${@oe.utils.ifelse(d.getVar('OSTREE_BOOTLOADER', True) == 'u-boot', 'ext4.gz.u-boot', 'ext4.gz')}" 26OSTREE_INITRAMFS_FSTYPES ??= "${@oe.utils.ifelse(d.getVar('OSTREE_BOOTLOADER', True) == 'u-boot', 'ext4.gz.u-boot', 'ext4.gz')}"
27 27
28# Please redefine OSTREE_REPO in order to have a persistent OSTree repo 28# Please redefine OSTREE_REPO in order to have a persistent OSTree repo
29OSTREE_REPO ?= "${DEPLOY_DIR_IMAGE}/ostree_repo" 29export OSTREE_REPO ?= "${DEPLOY_DIR_IMAGE}/ostree_repo"
30OSTREE_BRANCHNAME ?= "${SOTA_HARDWARE_ID}" 30export OSTREE_BRANCHNAME ?= "${SOTA_HARDWARE_ID}"
31OSTREE_OSNAME ?= "poky" 31export OSTREE_OSNAME ?= "poky"
32export OSTREE_BOOTLOADER ??= 'u-boot'
33export OSTREE_BOOT_PARTITION ??= "/boot"
34
32OSTREE_INITRAMFS_IMAGE ?= "initramfs-ostree-image" 35OSTREE_INITRAMFS_IMAGE ?= "initramfs-ostree-image"
33OSTREE_BOOTLOADER ??= 'u-boot'
34 36
35GARAGE_SIGN_REPO ?= "${DEPLOY_DIR_IMAGE}/garage_sign_repo" 37GARAGE_SIGN_REPO ?= "${DEPLOY_DIR_IMAGE}/garage_sign_repo"
36GARAGE_SIGN_KEYNAME ?= "garage-key" 38GARAGE_SIGN_KEYNAME ?= "garage-key"
diff --git a/conf/distro/sota.conf.inc b/conf/distro/sota.conf.inc
index ea1ca95..4f7547f 100644
--- a/conf/distro/sota.conf.inc
+++ b/conf/distro/sota.conf.inc
@@ -10,4 +10,10 @@ INHERIT += " sota"
10# Prelinking increases the size of downloads and causes build errors 10# Prelinking increases the size of downloads and causes build errors
11USER_CLASSES_remove = "image-prelink" 11USER_CLASSES_remove = "image-prelink"
12 12
13# Enable reproducible builds. Use 0 as mtime, the same as OSTree is using.
14INHERIT += "reproducible_build_simple"
15
16export SOURCE_DATE_EPOCH ?= "0"
17REPRODUCIBLE_TIMESTAMP_ROOTFS ?= "0"
18
13HOSTTOOLS_append = " sync sha256sum" 19HOSTTOOLS_append = " sync sha256sum"
diff --git a/lib/oeqa/selftest/cases/updater.py b/lib/oeqa/selftest/cases/updater.py
index b857ab6..f269c1e 100644
--- a/lib/oeqa/selftest/cases/updater.py
+++ b/lib/oeqa/selftest/cases/updater.py
@@ -655,7 +655,13 @@ def qemu_launch(efi=False, machine=None, imagename=None):
655 args.dir = 'tmp/deploy/images' 655 args.dir = 'tmp/deploy/images'
656 args.efi = efi 656 args.efi = efi
657 args.machine = machine 657 args.machine = machine
658 args.kvm = None # Autodetect 658 qemu_use_kvm = get_bb_var("QEMU_USE_KVM")
659 if qemu_use_kvm and \
660 (qemu_use_kvm == 'True' and 'x86' in machine or \
661 get_bb_var('MACHINE') in qemu_use_kvm.split()):
662 args.kvm = True
663 else:
664 args.kvm = None # Autodetect
659 args.no_gui = True 665 args.no_gui = True
660 args.gdb = False 666 args.gdb = False
661 args.pcap = None 667 args.pcap = None
diff --git a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb
index 41af7c0..7420983 100644
--- a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb
+++ b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb
@@ -21,11 +21,11 @@ do_install() {
21 SOTA_CACERT_PATH=${DEPLOY_DIR_IMAGE}/CA/cacert.pem 21 SOTA_CACERT_PATH=${DEPLOY_DIR_IMAGE}/CA/cacert.pem
22 SOTA_CAKEY_PATH=${DEPLOY_DIR_IMAGE}/CA/ca.private.pem 22 SOTA_CAKEY_PATH=${DEPLOY_DIR_IMAGE}/CA/ca.private.pem
23 mkdir -p ${DEPLOY_DIR_IMAGE}/CA 23 mkdir -p ${DEPLOY_DIR_IMAGE}/CA
24 bbwarn "SOTA_CACERT_PATH is not specified, use default one at $SOTA_CACERT_PATH" 24 bbwarn "SOTA_CACERT_PATH is not specified, use default one at ${SOTA_CACERT_PATH}"
25 25
26 if [ ! -f ${SOTA_CACERT_PATH} ]; then 26 if [ ! -f ${SOTA_CACERT_PATH} ]; then
27 bbwarn "${SOTA_CACERT_PATH} does not exist, generate a new CA" 27 bbwarn "${SOTA_CACERT_PATH} does not exist, generate a new CA"
28 SOTA_CACERT_DIR_PATH="$(dirname "$SOTA_CACERT_PATH")" 28 SOTA_CACERT_DIR_PATH="$(dirname "${SOTA_CACERT_PATH}")"
29 openssl genrsa -out ${SOTA_CACERT_DIR_PATH}/ca.private.pem 4096 29 openssl genrsa -out ${SOTA_CACERT_DIR_PATH}/ca.private.pem 4096
30 openssl req -key ${SOTA_CACERT_DIR_PATH}/ca.private.pem -new -x509 -days 7300 -out ${SOTA_CACERT_PATH} -subj "/C=DE/ST=Berlin/O=Reis und Kichererbsen e.V/commonName=meta-updater" -batch -config ${WORKDIR}/ca.cnf -extensions cacert 30 openssl req -key ${SOTA_CACERT_DIR_PATH}/ca.private.pem -new -x509 -days 7300 -out ${SOTA_CACERT_PATH} -subj "/C=DE/ST=Berlin/O=Reis und Kichererbsen e.V/commonName=meta-updater" -batch -config ${WORKDIR}/ca.cnf -extensions cacert
31 bbwarn "${SOTA_CACERT_PATH} has been created, you'll need to upload it to the server" 31 bbwarn "${SOTA_CACERT_PATH} has been created, you'll need to upload it to the server"
@@ -33,7 +33,7 @@ do_install() {
33 fi 33 fi
34 34
35 if [ -z ${SOTA_CAKEY_PATH} ]; then 35 if [ -z ${SOTA_CAKEY_PATH} ]; then
36 bberror "SOTA_CAKEY_PATH should be set when using implicit provisioning" 36 bbfatal "SOTA_CAKEY_PATH should be set when using implicit provisioning"
37 fi 37 fi
38 38
39 install -m 0700 -d ${D}${localstatedir}/sota 39 install -m 0700 -d ${D}${localstatedir}/sota
diff --git a/recipes-sota/ostree/ostree_git.bb b/recipes-sota/ostree/ostree_git.bb
index 3e3c951..93ae6e7 100644
--- a/recipes-sota/ostree/ostree_git.bb
+++ b/recipes-sota/ostree/ostree_git.bb
@@ -7,9 +7,9 @@ inherit autotools pkgconfig systemd bash-completion gobject-introspection
7 7
8SRC_URI = "gitsm://github.com/ostreedev/ostree.git;branch=master" 8SRC_URI = "gitsm://github.com/ostreedev/ostree.git;branch=master"
9 9
10SRCREV="3e96ec9811b5cfc5481f8b6b06c8d34d9a35408e" 10SRCREV = "f3eba6bcec39c163eb831c02c148ffa483292906"
11 11
12PV = "v2018.7" 12PV = "v2018.9"
13 13
14S = "${WORKDIR}/git" 14S = "${WORKDIR}/git"
15 15
@@ -61,6 +61,7 @@ FILES_${PN} = "${bindir} \
61 ${libdir}/ostree/ostree-remount \ 61 ${libdir}/ostree/ostree-remount \
62 ${libdir}/girepository-1.0/* \ 62 ${libdir}/girepository-1.0/* \
63 ${@bb.utils.contains('DISTRO_FEATURES','systemd','${libdir}/tmpfiles.d', '', d)} \ 63 ${@bb.utils.contains('DISTRO_FEATURES','systemd','${libdir}/tmpfiles.d', '', d)} \
64 ${@bb.utils.contains('DISTRO_FEATURES','systemd','${systemd_unitdir}/system/*.path', '', d)} \
64 ${@bb.utils.contains('DISTRO_FEATURES','systemd','${systemd_unitdir}/system-generators', '', d)} \ 65 ${@bb.utils.contains('DISTRO_FEATURES','systemd','${systemd_unitdir}/system-generators', '', d)} \
65" 66"
66FILES_${PN}-dev += " ${datadir}/gir-1.0" 67FILES_${PN}-dev += " ${datadir}/gir-1.0"
diff --git a/recipes-support/libp11/libp11_0.4.9.bb b/recipes-support/libp11/libp11_git.bb
index 6d0165f..e51bcce 100644
--- a/recipes-support/libp11/libp11_0.4.9.bb
+++ b/recipes-support/libp11/libp11_git.bb
@@ -11,7 +11,9 @@ RDEPENDS_${PN} += " opensc"
11 11
12SRC_URI = "git://github.com/OpenSC/libp11.git \ 12SRC_URI = "git://github.com/OpenSC/libp11.git \
13 file://0001-Workaround-for-a-buggy-version-of-openssl-1.0.2m.patch" 13 file://0001-Workaround-for-a-buggy-version-of-openssl-1.0.2m.patch"
14SRCREV = "e1210903291b1de9eabcad26e740a4b2fbcca692" 14SRCREV = "57ca68ff67efa08e3be1f26dec6d23bf5bb977f2"
15
16PV = "0.4.9+git${SRCPV}"
15 17
16S = "${WORKDIR}/git" 18S = "${WORKDIR}/git"
17 19
diff --git a/recipes-support/sc-hsm-embedded/files/0001-Cross-compilation-tweaks.patch b/recipes-support/sc-hsm-embedded/files/0001-Cross-compilation-tweaks.patch
deleted file mode 100644
index b3a7622..0000000
--- a/recipes-support/sc-hsm-embedded/files/0001-Cross-compilation-tweaks.patch
+++ /dev/null
@@ -1,86 +0,0 @@
1From b6add28acb884b6006216e8422cc18504483c72e Mon Sep 17 00:00:00 2001
2From: Anton Gerasimov <anton@advancedtelematic.com>
3Date: Fri, 8 Sep 2017 15:08:40 +0200
4Subject: [PATCH] Cross-compilation tweaks
5
6---
7 m4/acx_openssl.m4 | 2 ++
8 m4/acx_openssl_ecc.m4 | 3 +++
9 m4/acx_openssl_fips.m4 | 2 ++
10 m4/acx_openssl_gost.m4 | 2 ++
11 4 files changed, 9 insertions(+)
12
13diff --git a/m4/acx_openssl.m4 b/m4/acx_openssl.m4
14index e90c78f..9de6055 100644
15--- a/m4/acx_openssl.m4
16+++ b/m4/acx_openssl.m4
17@@ -25,6 +25,7 @@ AC_DEFUN([ACX_OPENSSL],[
18 AC_CHECK_HEADERS([openssl/ssl.h],,[AC_MSG_ERROR([Can't find OpenSSL headers])])
19 AC_CHECK_LIB(crypto, BN_new,,[AC_MSG_ERROR([Can't find OpenSSL library])])
20
21+ if test "$cross_compiling" != yes; then
22 AC_MSG_CHECKING([for OpenSSL version])
23 CHECK_OPENSSL_VERSION=m4_format(0x%02x%02x%02x000L, $1, $2, $3)
24 AC_LANG_PUSH([C])
25@@ -51,6 +52,7 @@ AC_DEFUN([ACX_OPENSSL],[
26 AC_MSG_ERROR([OpenSSL library too old ($1.$2.$3 or later required)])
27 ],[])
28 AC_LANG_POP([C])
29+ fi
30
31 CPPFLAGS=$tmp_CPPFLAGS
32 LIBS=$tmp_LIBS
33diff --git a/m4/acx_openssl_ecc.m4 b/m4/acx_openssl_ecc.m4
34index 612c505..ba2389d 100644
35--- a/m4/acx_openssl_ecc.m4
36+++ b/m4/acx_openssl_ecc.m4
37@@ -1,4 +1,5 @@
38 AC_DEFUN([ACX_OPENSSL_ECC],[
39+ if test "$cross_compiling" != yes; then
40 AC_MSG_CHECKING(for OpenSSL ECC support)
41
42 tmp_CPPFLAGS=$CPPFLAGS
43@@ -32,6 +33,8 @@ AC_DEFUN([ACX_OPENSSL_ECC],[
44 ],[])
45 AC_LANG_POP([C])
46
47+ fi
48+
49 CPPFLAGS=$tmp_CPPFLAGS
50 LIBS=$tmp_LIBS
51 ])
52diff --git a/m4/acx_openssl_fips.m4 b/m4/acx_openssl_fips.m4
53index 0491397..896cdbf 100644
54--- a/m4/acx_openssl_fips.m4
55+++ b/m4/acx_openssl_fips.m4
56@@ -1,4 +1,5 @@
57 AC_DEFUN([ACX_OPENSSL_FIPS],[
58+ if test "$cross_compiling" != yes; then
59 AC_MSG_CHECKING(for OpenSSL FIPS capable library)
60
61 tmp_CPPFLAGS=$CPPFLAGS
62@@ -47,4 +48,5 @@ AC_DEFUN([ACX_OPENSSL_FIPS],[
63
64 CPPFLAGS=$tmp_CPPFLAGS
65 LIBS=$tmp_LIBS
66+ fi
67 ])
68diff --git a/m4/acx_openssl_gost.m4 b/m4/acx_openssl_gost.m4
69index dca489b..34c39d8 100644
70--- a/m4/acx_openssl_gost.m4
71+++ b/m4/acx_openssl_gost.m4
72@@ -1,4 +1,5 @@
73 AC_DEFUN([ACX_OPENSSL_GOST],[
74+ if test "$cross_compiling" != yes; then
75 AC_MSG_CHECKING(for OpenSSL GOST support)
76
77 tmp_CPPFLAGS=$CPPFLAGS
78@@ -62,4 +63,5 @@ AC_DEFUN([ACX_OPENSSL_GOST],[
79
80 CPPFLAGS=$tmp_CPPFLAGS
81 LIBS=$tmp_LIBS
82+ fi
83 ])
84--
852.7.4
86
diff --git a/recipes-support/sc-hsm-embedded/sc-hsm-embedded_git.bb b/recipes-support/sc-hsm-embedded/sc-hsm-embedded_git.bb
deleted file mode 100644
index 062d514..0000000
--- a/recipes-support/sc-hsm-embedded/sc-hsm-embedded_git.bb
+++ /dev/null
@@ -1,22 +0,0 @@
1SUMMARY = "Smartcard HSM driver"
2LICENSE = "BSD"
3LIC_FILES_CHKSUM = "file://COPYING;md5=55b854a477953696452f698a3af5de1c"
4
5inherit autotools-brokensep
6
7
8SRC_URI = "git://github.com/CardContact/sc-hsm-embedded.git;branch=master"
9SRCREV="a45155d4249575ebdfb16ff26fdedbc4c4813002"
10
11S = "${WORKDIR}/git"
12
13DEPENDS += " openssl pcsc-lite"
14
15do_configure() {
16 autoreconf -fi
17 oe_runconf
18}
19
20FILES_${PN} += "${libdir}"
21FILES_SOLIBSDEV = ""
22
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-26 00:42:25 +0000