summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlbonn <lbonn@users.noreply.github.com>2018-05-22 09:47:32 +0200
committerGitHub <noreply@github.com>2018-05-22 09:47:32 +0200
commit52e20c85e8a39f3d9bfc27448f235c34b31491e6 (patch)
tree1b5de20ce437b66e832e7d7e9b612862fb76434f
parentb7cc58bcbcc712d5403572d071c3139cd47d5d4c (diff)
parent05b971db716352d346744ebd2dd3f5b1de3f83b8 (diff)
downloadmeta-updater-52e20c85e8a39f3d9bfc27448f235c34b31491e6.tar.gz
Merge pull request #315 from advancedtelematic/sumo-candidate
Update master with recent fixes
-rw-r--r--CONTRIBUTING.adoc13
-rw-r--r--README.adoc49
-rw-r--r--classes/image_types_ota.bbclass4
-rw-r--r--classes/sota.bbclass2
-rw-r--r--classes/sota_minnowboard_uboot.inc8
-rw-r--r--classes/sota_qemux86-64.bbclass4
-rw-r--r--lib/oeqa/selftest/cases/updater.py27
-rw-r--r--recipes-sota/aktualizr/aktualizr-auto-prov.bb11
-rw-r--r--recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb14
-rw-r--r--recipes-sota/aktualizr/aktualizr-hsm-prov.bb7
-rw-r--r--recipes-sota/aktualizr/aktualizr-implicit-prov.bb7
-rwxr-xr-x[-rw-r--r--]recipes-sota/aktualizr/aktualizr_git.bb41
-rw-r--r--recipes-sota/aktualizr/environment.inc8
-rw-r--r--recipes-sota/aktualizr/garage-sign-version.inc23
-rw-r--r--recipes-sota/config/aktualizr-disable-send-ip.bb23
-rw-r--r--recipes-sota/config/aktualizr-example-interface.bb22
-rw-r--r--recipes-sota/config/aktualizr-log-debug.bb23
-rw-r--r--recipes-sota/config/files/05-log-debug.toml2
-rw-r--r--recipes-sota/config/files/30-disable-send-ip.toml2
-rw-r--r--recipes-sota/config/files/30-example-interface.toml2
-rw-r--r--recipes-sota/config/files/LICENSE373
-rw-r--r--recipes-support/libp11/files/0001-Workaround-for-a-buggy-version-of-openssl-1.0.2m.patch2
22 files changed, 583 insertions, 84 deletions
diff --git a/CONTRIBUTING.adoc b/CONTRIBUTING.adoc
index 69509c3..df7a717 100644
--- a/CONTRIBUTING.adoc
+++ b/CONTRIBUTING.adoc
@@ -1,15 +1,4 @@
1= Contributing 1= Contributing
2 2
3We welcome pull requests from everyone. Here are some notes that are useful for people working on meta-updater (this repository) and https://github.com/advancedtelematic/aktualizr[aktualizr]. 3We welcome pull requests from everyone. It may be helpful to read the README and other documentation for link:README.adoc[this repo], https://github.com/advancedtelematic/aktualizr[aktualizr], and the https://github.com/advancedtelematic/updater-repo/[updater-repo], particularly the sections and development and debugging.
4 4
5== Options for local.conf/site.conf
6
7[options="header"]
8|======================
9| Option | Effect
10| `require classes/sota_bleeding.inc` | Always build the latest master of Aktualizr
11| `BRANCH_pn-aktualizr = "mybranch"`
12`BRANCH_pn-aktualizr-native = "mybranch"` | Build `mybranch` of Aktualizr (note that both of these need to be set). This will normally be used with `require classes/sota_bleeding.inc`
13| `SRCREV_pn-aktualizr = "1004efa3f86cef90c012b34620992b5762b741e3"`
14`SRCREV_pn-aktualizr-native = "1004efa3f86cef90c012b34620992b5762b741e3"` | Build the specified revision of Aktualizr (note that both of these need to be set).
15| `TOOLCHAIN_HOST_TASK_append = " nativesdk-cmake "` | Use with `bitbake -c populate_sdk core-image-minimal` to build a SDK
diff --git a/README.adoc b/README.adoc
index 980fa81..c47dd1d 100644
--- a/README.adoc
+++ b/README.adoc
@@ -1,4 +1,6 @@
1= meta-updater 1= meta-updater
2:toc: macro
3:toc-title:
2 4
3This layer enables over-the-air updates (OTA) with https://github.com/ostreedev/ostree[OSTree] and https://github.com/advancedtelematic/aktualizr[Aktualizr]. 5This layer enables over-the-air updates (OTA) with https://github.com/ostreedev/ostree[OSTree] and https://github.com/advancedtelematic/aktualizr[Aktualizr].
4 6
@@ -6,6 +8,11 @@ https://github.com/ostreedev/ostree[OSTree] is a tool for atomic full file syste
6 8
7https://github.com/advancedtelematic/aktualizr[Aktualizr] (and https://github.com/advancedtelematic/rvi_sota_client[RVI SOTA client]) add authentication and provisioning capabilities to OTA and are integrated with OSTree. You can connect with the open-source https://github.com/advancedtelematic/rvi_sota_server[RVI SOTA server] or sign up for a free account at https://app.atsgarage.com[ATS Garage] to get started. 9https://github.com/advancedtelematic/aktualizr[Aktualizr] (and https://github.com/advancedtelematic/rvi_sota_client[RVI SOTA client]) add authentication and provisioning capabilities to OTA and are integrated with OSTree. You can connect with the open-source https://github.com/advancedtelematic/rvi_sota_server[RVI SOTA server] or sign up for a free account at https://app.atsgarage.com[ATS Garage] to get started.
8 10
11[discrete]
12== Table of Contents
13
14toc::[]
15
9== Build 16== Build
10 17
11=== Quickstart 18=== Quickstart
@@ -16,9 +23,9 @@ If you don't already have a Yocto project that you want to add OTA to, you can u
16 23
17If you already have a Yocto-based project and you want to add atomic filesystem updates to it, you just need to do three things: 24If you already have a Yocto-based project and you want to add atomic filesystem updates to it, you just need to do three things:
18 25
191. Clone the `meta-updater` layer and add it to your https://www.yoctoproject.org/docs/2.1/ref-manual/ref-manual.html#structure-build-conf-bblayers.conf[bblayers.conf]. 261. Clone the `meta-updater` layer and add it to your https://www.yoctoproject.org/docs/current/ref-manual/ref-manual.html#structure-build-conf-bblayers.conf[bblayers.conf].
202. Clone BSP integration layer (`meta-updater-$\{PLATFORM}`, e.g. https://github.com/advancedtelematic/meta-updater-raspberrypi[meta-updater-raspberrypi]) and add it to your `conf/bblayers.conf`. If your board isn't supported yet, you could write a BSP integration for it yourself. See the <<Adding support for your board>> section for the details. 272. Clone BSP integration layer (`meta-updater-$\{PLATFORM}`, e.g. https://github.com/advancedtelematic/meta-updater-raspberrypi[meta-updater-raspberrypi]) and add it to your `conf/bblayers.conf`. If your board isn't supported yet, you could write a BSP integration for it yourself. See the <<Adding support for your board>> section for the details.
213. Set up your https://www.yoctoproject.org/docs/2.1/ref-manual/ref-manual.html#var-DISTRO[distro]. If you are using "poky", the default distro in Yocto, you can change it in your `conf/local.conf` to "poky-sota". Alternatively, if you are using your own or third party distro configuration, you can add `INHERIT += " sota"` to it, thus combining capabilities of your distro with meta-updater features. 283. Set up your https://www.yoctoproject.org/docs/current/ref-manual/ref-manual.html#var-DISTRO[distro]. If you are using "poky", the default distro in Yocto, you can change it in your `conf/local.conf` to "poky-sota". Alternatively, if you are using your own or third party distro configuration, you can add `INHERIT += " sota"` to it, thus combining capabilities of your distro with meta-updater features.
22 29
23You can then build your image as usual, with bitbake. After building the root file system, bitbake will then create an https://ostree.readthedocs.io/en/latest/manual/adapting-existing/[OSTree-enabled version] of it, commit it to your local OSTree repo and (optionally) push it to a remote server. Additionally, a live disk image will be created (normally named `$\{IMAGE_NAME}.-sdimg-ota` e.g. `core-image-raspberrypi3.rpi-sdimg-ota`). You can control this behaviour through <<sota-related-variables-in-localconf,variables in your local.conf>>. 30You can then build your image as usual, with bitbake. After building the root file system, bitbake will then create an https://ostree.readthedocs.io/en/latest/manual/adapting-existing/[OSTree-enabled version] of it, commit it to your local OSTree repo and (optionally) push it to a remote server. Additionally, a live disk image will be created (normally named `$\{IMAGE_NAME}.-sdimg-ota` e.g. `core-image-raspberrypi3.rpi-sdimg-ota`). You can control this behaviour through <<sota-related-variables-in-localconf,variables in your local.conf>>.
24 31
@@ -40,7 +47,7 @@ and get as a result an `ostree_repo` folder in your images directory (`tmp/deplo
40 47
41* your OSTree repository, with the rootfs committed as an OSTree deployment, 48* your OSTree repository, with the rootfs committed as an OSTree deployment,
42* an `otaimg` bootstrap image, which is an OSTree physical sysroot as a burnable filesystem image, and optionally 49* an `otaimg` bootstrap image, which is an OSTree physical sysroot as a burnable filesystem image, and optionally
43* some machine-dependent live images (e.g. `.rpi-sdimg-ota` for Raspberry Pi or `.porter-sdimg-ota` Renesas Porter board). 50* some machine-dependent live images (e.g. `.wic` for Raspberry Pi or `.porter-sdimg-ota` Renesas Porter board).
44 51
45Although `aglsetup.sh` hooks provide reasonable defaults for SOTA-related variables, you may want to tune some of them. 52Although `aglsetup.sh` hooks provide reasonable defaults for SOTA-related variables, you may want to tune some of them.
46 53
@@ -79,9 +86,8 @@ Although we have used U-Boot so far, other boot loaders can be configured work w
79* `OSTREE_OSNAME` - OS deployment name on your target device. For more information about deployments and osnames see the https://ostree.readthedocs.io/en/latest/manual/deployment/[OSTree documentation]. Defaults to "poky". 86* `OSTREE_OSNAME` - OS deployment name on your target device. For more information about deployments and osnames see the https://ostree.readthedocs.io/en/latest/manual/deployment/[OSTree documentation]. Defaults to "poky".
80* `OSTREE_INITRAMFS_IMAGE` - initramfs/initrd image that is used as a proxy while booting into OSTree deployment. Do not change this setting unless you are sure that your initramfs can serve as such a proxy. 87* `OSTREE_INITRAMFS_IMAGE` - initramfs/initrd image that is used as a proxy while booting into OSTree deployment. Do not change this setting unless you are sure that your initramfs can serve as such a proxy.
81* `SOTA_PACKED_CREDENTIALS` - when set, your ostree commit will be pushed to a remote repo as a bitbake step. This should be the path to a zipped credentials file in https://github.com/advancedtelematic/aktualizr/blob/master/docs/credentials.adoc[the format accepted by garage-push]. 88* `SOTA_PACKED_CREDENTIALS` - when set, your ostree commit will be pushed to a remote repo as a bitbake step. This should be the path to a zipped credentials file in https://github.com/advancedtelematic/aktualizr/blob/master/docs/credentials.adoc[the format accepted by garage-push].
82* `SOTA_CLIENT_PROV` - which provisioning method to use. Valid options are https://github.com/advancedtelematic/aktualizr/blob/master/docs/automatic-provisioning.adoc[`aktualizr-auto-prov`], https://github.com/advancedtelematic/aktualizr/blob/master/docs/implicit-provisioning.adoc[`aktualizr-implicit-prov`], and `aktualizr-hsm-prov`. The default is `aktualizr-auto-prov`. This can also be set to an empty string to avoid using a provisioning recipe. 89* `SOTA_CLIENT_PROV` - which provisioning method to use. Valid options are https://github.com/advancedtelematic/aktualizr/blob/master/docs/automatic-provisioning.adoc[`aktualizr-auto-prov`], https://github.com/advancedtelematic/aktualizr/blob/master/docs/implicit-provisioning.adoc[`aktualizr-implicit-prov`], and https://github.com/advancedtelematic/aktualizr/blob/master/docs/hsm-provisioning.adoc[`aktualizr-hsm-prov`]. The default is `aktualizr-auto-prov`. This can also be set to an empty string to avoid using a provisioning recipe.
83* `SOTA_CLIENT_FEATURES` - extensions to aktualizr. The only valid option is `hsm` (to build with HSM support) 90* `SOTA_CLIENT_FEATURES` - extensions to aktualizr. The only valid option is `hsm` (to build with HSM support)
84* `SOTA_LEGACY_SECONDARY_INTERFACE` - path to a https://github.com/advancedtelematic/aktualizr/blob/master/docs/legacysecondary.adoc[legacy secondary interface] installed on the device. To use the example interface from the Aktualizr repo, use `/usr/bin/example-interface` and make sure `IMAGE_INSTALL_append` includes `aktualizr-examples`.
85* `SOTA_SECONDARY_ECUS` - a list of paths separated by spaces of JSON configuration files for virtual secondaries on the host. These will be installed into `/var/sota/ecus` on the device. 91* `SOTA_SECONDARY_ECUS` - a list of paths separated by spaces of JSON configuration files for virtual secondaries on the host. These will be installed into `/var/sota/ecus` on the device.
86* `SOTA_VIRTUAL_SECONDARIES` - a list of paths separated by spaces of JSON configuration files for virtual secondaries installed on the device. If `SOTA_SECONDARY_ECUS` is used to install them, then you can expect them to be installed in `/var/sota/ecus`. 92* `SOTA_VIRTUAL_SECONDARIES` - a list of paths separated by spaces of JSON configuration files for virtual secondaries installed on the device. If `SOTA_SECONDARY_ECUS` is used to install them, then you can expect them to be installed in `/var/sota/ecus`.
87 93
@@ -135,7 +141,38 @@ garage-push --repo=/path/to/ostree-repo --ref=mybranch --credentials=/path/to/cr
135 141
136You can set `SOTA_PACKED_CREDENTIALS` in your `local.conf` to automatically synchronize your build results with a remote server. Credentials are stored in an archive as described in the https://github.com/advancedtelematic/aktualizr/blob/master/docs/credentials.adoc[aktualizr documentation]. 142You can set `SOTA_PACKED_CREDENTIALS` in your `local.conf` to automatically synchronize your build results with a remote server. Credentials are stored in an archive as described in the https://github.com/advancedtelematic/aktualizr/blob/master/docs/credentials.adoc[aktualizr documentation].
137 143
138== QA with `oe-selftest` 144=== aktualizr configuration
145
146https://github.com/advancedtelematic/aktualizr[Aktualizr] supports a variety of https://github.com/advancedtelematic/aktualizr/blob/master/docs/configuration.adoc[configuration options via a configuration file and the command line]. There are two primary ways to control aktualizr's configuration from meta-updater.
147
148First, you can set `SOTA_CLIENT_PROV` to control which provisioning recipe is used. Each recipe installs an appropriate `sota.toml` file from aktualizr according to the provisioning needs. See the <<sota-related-variables-in-localconf,SOTA-related variables in local.conf>> section for more information.
149
150Second, you can write recipes to install additional config files with customized options. A few recipes already exist to address common needs and provide an example:
151
152* link:recipes-sota/config/aktualizr-example-interface.bb[aktualizr-example-interface.bb] will configure aktualizr to connect to an example interface for a legacy flasher. This is intended to be used in conjunction with the `aktualizr-examples` package. See https://github.com/advancedtelematic/aktualizr/blob/master/docs/legacysecondary.adoc[legacysecondary.adoc] in the aktualizr repo for more information.
153* link:recipes-sota/config/aktualizr-disable-send-ip.bb[aktualizr-disable-send-ip.bb] disables the reporting of networking information to the server. This is enabled by default and supported by https://app.atsgarage.com[ATS Garage]. However, if you are using a different server that does not support this feature, you may want to disable it in aktualizr.
154* link:recipes-sota/config/aktualizr-log-debug.bb[aktualizr-log-debug.bb] sets the log level of aktualizr to 0 (trace). The default is 2 (info). This recipe is intended for development and debugging purposes.
155
156To use these recipes, you will need to add them to your image with a line such as `IMAGE_INSTALL_append = " aktualizr-log-debug "` in your `local.conf`.
157
158== Development configuration
159
160There are a few settings that can be controlled in `local.conf` to simplify the development process:
161
162[options="header"]
163|======================
164| Option | Effect
165| `require classes/sota_bleeding.inc` | Build the latest head (by default, using the master branch) of Aktualizr
166| `BRANCH_pn-aktualizr = "mybranch"`
167
168`BRANCH_pn-aktualizr-native = "mybranch"` | Build `mybranch` of Aktualizr. Note that both of these need to be set. This is normally used in conjunction with `require classes/sota_bleeding.inc`
169| `SRCREV_pn-aktualizr = "1004efa3f86cef90c012b34620992b5762b741e3"`
170
171`SRCREV_pn-aktualizr-native = "1004efa3f86cef90c012b34620992b5762b741e3"` | Build the specified revision of Aktualizr. Note that both of these need to be set. This can be used in conjunction with `BRANCH_pn-aktualizr` and `BRANCH_pn-aktualizr-native` but will conflict with `require classes/sota_bleeding.inc`
172| `TOOLCHAIN_HOST_TASK_append = " nativesdk-cmake "` | Use with `bitbake -c populate_sdk core-image-minimal` to build an SDK. See the https://github.com/advancedtelematic/aktualizr#developing-against-an-openembedded-system[aktualizr repo] for more information.
173|======================
174
175== QA with oe-selftest
139 176
140This layer relies on the test framework oe-selftest for quality assurance. Follow the steps below to run the tests: 177This layer relies on the test framework oe-selftest for quality assurance. Follow the steps below to run the tests:
141 178
diff --git a/classes/image_types_ota.bbclass b/classes/image_types_ota.bbclass
index 6b93d57..9581971 100644
--- a/classes/image_types_ota.bbclass
+++ b/classes/image_types_ota.bbclass
@@ -7,8 +7,6 @@
7# boot scripts, kernel and initramfs images 7# boot scripts, kernel and initramfs images
8# 8#
9 9
10OSTREE_BOOTLOADER ??= 'u-boot'
11
12do_image_otaimg[depends] += "e2fsprogs-native:do_populate_sysroot \ 10do_image_otaimg[depends] += "e2fsprogs-native:do_populate_sysroot \
13 ${@'grub:do_populate_sysroot' if d.getVar('OSTREE_BOOTLOADER', True) == 'grub' else ''} \ 11 ${@'grub:do_populate_sysroot' if d.getVar('OSTREE_BOOTLOADER', True) == 'grub' else ''} \
14 ${@'virtual/bootloader:do_deploy' if d.getVar('OSTREE_BOOTLOADER', True) == 'u-boot' else ''}" 12 ${@'virtual/bootloader:do_deploy' if d.getVar('OSTREE_BOOTLOADER', True) == 'u-boot' else ''}"
@@ -103,6 +101,8 @@ IMAGE_CMD_otaimg () {
103 mv ${HOME_TMP}/var/local ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/ || true 101 mv ${HOME_TMP}/var/local ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/ || true
104 # Create /var/sota if it doesn't exist yet 102 # Create /var/sota if it doesn't exist yet
105 mkdir -p ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/sota || true 103 mkdir -p ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/sota || true
104 # Ensure the permissions are correctly set
105 chmod 700 ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/sota
106 mv ${HOME_TMP}/usr/homedirs/home ${PHYS_SYSROOT}/ || true 106 mv ${HOME_TMP}/usr/homedirs/home ${PHYS_SYSROOT}/ || true
107 # Ensure that /var/local exists (AGL symlinks /usr/local to /var/local) 107 # Ensure that /var/local exists (AGL symlinks /usr/local to /var/local)
108 install -d ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/local 108 install -d ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/local
diff --git a/classes/sota.bbclass b/classes/sota.bbclass
index 621db24..38d4ce5 100644
--- a/classes/sota.bbclass
+++ b/classes/sota.bbclass
@@ -20,7 +20,7 @@ WKS_FILE_sota ?= "sdimage-sota.wks"
20 20
21EXTRA_IMAGEDEPENDS_append_sota = " parted-native mtools-native dosfstools-native" 21EXTRA_IMAGEDEPENDS_append_sota = " parted-native mtools-native dosfstools-native"
22 22
23OSTREE_INITRAMFS_FSTYPES ?= "${@oe.utils.ifelse(d.getVar('OSTREE_BOOTLOADER', True) == 'u-boot', 'ext4.gz.u-boot', 'ext4.gz')}" 23OSTREE_INITRAMFS_FSTYPES ??= "${@oe.utils.ifelse(d.getVar('OSTREE_BOOTLOADER', True) == 'u-boot', 'ext4.gz.u-boot', 'ext4.gz')}"
24 24
25# Please redefine OSTREE_REPO in order to have a persistent OSTree repo 25# Please redefine OSTREE_REPO in order to have a persistent OSTree repo
26OSTREE_REPO ?= "${DEPLOY_DIR_IMAGE}/ostree_repo" 26OSTREE_REPO ?= "${DEPLOY_DIR_IMAGE}/ostree_repo"
diff --git a/classes/sota_minnowboard_uboot.inc b/classes/sota_minnowboard_uboot.inc
deleted file mode 100644
index 85d6a60..0000000
--- a/classes/sota_minnowboard_uboot.inc
+++ /dev/null
@@ -1,8 +0,0 @@
1PREFERRED_PROVIDER_virtual/bootloader_sota ?= "u-boot-ota"
2UBOOT_MACHINE_sota ?= "minnowmax_defconfig"
3
4EXTRA_IMAGEDEPENDS_append_sota = " minnowboard-bootfiles"
5IMAGE_BOOT_FILES_sota ?= "minnowboard-bootfiles/*"
6
7OSTREE_KERNEL_ARGS ?= "ramdisk_size=16384 rw rootfstype=ext4 rootwait rootdelay=2 ostree_root=/dev/hda console=ttyS0,115200 console=tty0"
8
diff --git a/classes/sota_qemux86-64.bbclass b/classes/sota_qemux86-64.bbclass
index 666ad6b..15b2043 100644
--- a/classes/sota_qemux86-64.bbclass
+++ b/classes/sota_qemux86-64.bbclass
@@ -1,12 +1,10 @@
1# See https://advancedtelematic.atlassian.net/browse/PRO-2693
2PREFERRED_VERSION_linux-yocto_qemux86-64_sota = "4.4%"
3
4IMAGE_FSTYPES_remove = "wic" 1IMAGE_FSTYPES_remove = "wic"
5 2
6# U-Boot support for SOTA 3# U-Boot support for SOTA
7PREFERRED_PROVIDER_virtual/bootloader_sota = "u-boot" 4PREFERRED_PROVIDER_virtual/bootloader_sota = "u-boot"
8UBOOT_MACHINE_sota = "qemu-x86_defconfig" 5UBOOT_MACHINE_sota = "qemu-x86_defconfig"
9OSTREE_BOOTLOADER ?= "u-boot" 6OSTREE_BOOTLOADER ?= "u-boot"
7OSTREE_INITRAMFS_FSTYPES ?= "ext4.gz"
10 8
11OSTREE_KERNEL_ARGS ?= "ramdisk_size=16384 rw rootfstype=ext4 rootwait rootdelay=2 ostree_root=/dev/hda" 9OSTREE_KERNEL_ARGS ?= "ramdisk_size=16384 rw rootfstype=ext4 rootwait rootdelay=2 ostree_root=/dev/hda"
12 10
diff --git a/lib/oeqa/selftest/cases/updater.py b/lib/oeqa/selftest/cases/updater.py
index e459ffb..2efef15 100644
--- a/lib/oeqa/selftest/cases/updater.py
+++ b/lib/oeqa/selftest/cases/updater.py
@@ -150,6 +150,8 @@ class AutoProvTests(OESelftestTestCase):
150 self.meta_qemu = None 150 self.meta_qemu = None
151 self.append_config('MACHINE = "qemux86-64"') 151 self.append_config('MACHINE = "qemux86-64"')
152 self.append_config('SOTA_CLIENT_PROV = " aktualizr-auto-prov "') 152 self.append_config('SOTA_CLIENT_PROV = " aktualizr-auto-prov "')
153 # Test aktualizr-example-interface package.
154 self.append_config('IMAGE_INSTALL_append = " aktualizr-examples aktualizr-example-interface "')
153 self.qemu, self.s = qemu_launch(machine='qemux86-64') 155 self.qemu, self.s = qemu_launch(machine='qemux86-64')
154 156
155 def tearDownLocal(self): 157 def tearDownLocal(self):
@@ -174,15 +176,21 @@ class AutoProvTests(OESelftestTestCase):
174 print(value) 176 print(value)
175 print('Checking output of aktualizr-info:') 177 print('Checking output of aktualizr-info:')
176 ran_ok = False 178 ran_ok = False
177 for delay in [0, 1, 2, 5, 10, 15]: 179 for delay in [1, 2, 5, 10, 15]:
178 sleep(delay)
179 stdout, stderr, retcode = self.qemu_command('aktualizr-info') 180 stdout, stderr, retcode = self.qemu_command('aktualizr-info')
180 if retcode == 0 and stderr == b'': 181 if retcode == 0 and stderr == b'':
181 ran_ok = True 182 ran_ok = True
182 break 183 break
184 sleep(delay)
183 self.assertTrue(ran_ok, 'aktualizr-info failed: ' + stderr.decode() + stdout.decode()) 185 self.assertTrue(ran_ok, 'aktualizr-info failed: ' + stderr.decode() + stdout.decode())
184 186
185 verifyProvisioned(self, machine) 187 verifyProvisioned(self, machine)
188 # Test aktualizr-example-interface package.
189 stdout, stderr, retcode = self.qemu_command('aktualizr-info')
190 self.assertIn(b'hardware ID: example1', stdout,
191 'Legacy secondary initialization failed: ' + stderr.decode() + stdout.decode())
192 self.assertIn(b'hardware ID: example2', stdout,
193 'Legacy secondary initialization failed: ' + stderr.decode() + stdout.decode())
186 194
187 195
188class RpiTests(OESelftestTestCase): 196class RpiTests(OESelftestTestCase):
@@ -312,12 +320,12 @@ class GrubTests(OESelftestTestCase):
312 print(value) 320 print(value)
313 print('Checking output of aktualizr-info:') 321 print('Checking output of aktualizr-info:')
314 ran_ok = False 322 ran_ok = False
315 for delay in [0, 1, 2, 5, 10, 15]: 323 for delay in [1, 2, 5, 10, 15]:
316 sleep(delay)
317 stdout, stderr, retcode = self.qemu_command('aktualizr-info') 324 stdout, stderr, retcode = self.qemu_command('aktualizr-info')
318 if retcode == 0 and stderr == b'': 325 if retcode == 0 and stderr == b'':
319 ran_ok = True 326 ran_ok = True
320 break 327 break
328 sleep(delay)
321 self.assertTrue(ran_ok, 'aktualizr-info failed: ' + stderr.decode() + stdout.decode()) 329 self.assertTrue(ran_ok, 'aktualizr-info failed: ' + stderr.decode() + stdout.decode())
322 330
323 verifyProvisioned(self, machine) 331 verifyProvisioned(self, machine)
@@ -364,11 +372,12 @@ class ImplProvTests(OESelftestTestCase):
364 print(value) 372 print(value)
365 print('Checking output of aktualizr-info:') 373 print('Checking output of aktualizr-info:')
366 ran_ok = False 374 ran_ok = False
367 for delay in [0, 1, 2, 5, 10, 15]: 375 for delay in [1, 2, 5, 10, 15]:
368 stdout, stderr, retcode = self.qemu_command('aktualizr-info') 376 stdout, stderr, retcode = self.qemu_command('aktualizr-info')
369 if retcode == 0 and stderr == b'': 377 if retcode == 0 and stderr == b'':
370 ran_ok = True 378 ran_ok = True
371 break 379 break
380 sleep(delay)
372 self.assertTrue(ran_ok, 'aktualizr-info failed: ' + stderr.decode() + stdout.decode()) 381 self.assertTrue(ran_ok, 'aktualizr-info failed: ' + stderr.decode() + stdout.decode())
373 # Verify that device has NOT yet provisioned. 382 # Verify that device has NOT yet provisioned.
374 self.assertIn(b'Couldn\'t load device ID', stdout, 383 self.assertIn(b'Couldn\'t load device ID', stdout,
@@ -435,11 +444,12 @@ class HsmTests(OESelftestTestCase):
435 print(value) 444 print(value)
436 print('Checking output of aktualizr-info:') 445 print('Checking output of aktualizr-info:')
437 ran_ok = False 446 ran_ok = False
438 for delay in [0, 1, 2, 5, 10, 15]: 447 for delay in [1, 2, 5, 10, 15]:
439 stdout, stderr, retcode = self.qemu_command('aktualizr-info') 448 stdout, stderr, retcode = self.qemu_command('aktualizr-info')
440 if retcode == 0 and stderr == b'': 449 if retcode == 0 and stderr == b'':
441 ran_ok = True 450 ran_ok = True
442 break 451 break
452 sleep(delay)
443 self.assertTrue(ran_ok, 'aktualizr-info failed: ' + stderr.decode() + stdout.decode()) 453 self.assertTrue(ran_ok, 'aktualizr-info failed: ' + stderr.decode() + stdout.decode())
444 # Verify that device has NOT yet provisioned. 454 # Verify that device has NOT yet provisioned.
445 self.assertIn(b'Couldn\'t load device ID', stdout, 455 self.assertIn(b'Couldn\'t load device ID', stdout,
@@ -589,6 +599,7 @@ class PrimaryTests(OESelftestTestCase):
589 self.assertEqual(retcode, 0, "Unable to run aktualizr --help") 599 self.assertEqual(retcode, 0, "Unable to run aktualizr --help")
590 self.assertEqual(stderr, b'', 'Error: ' + stderr.decode()) 600 self.assertEqual(stderr, b'', 'Error: ' + stderr.decode())
591 601
602
592def qemu_launch(efi=False, machine=None, imagename=None): 603def qemu_launch(efi=False, machine=None, imagename=None):
593 logger = logging.getLogger("selftest") 604 logger = logging.getLogger("selftest")
594 logger.info('Running bitbake to build core-image-minimal') 605 logger.info('Running bitbake to build core-image-minimal')
@@ -660,12 +671,12 @@ def akt_native_run(testInst, cmd, **kwargs):
660def verifyProvisioned(testInst, machine): 671def verifyProvisioned(testInst, machine):
661 # Verify that device HAS provisioned. 672 # Verify that device HAS provisioned.
662 ran_ok = False 673 ran_ok = False
663 for delay in [5, 5, 5, 5, 10]: 674 for delay in [5, 5, 5, 5, 10, 10, 10, 10]:
664 sleep(delay)
665 stdout, stderr, retcode = testInst.qemu_command('aktualizr-info') 675 stdout, stderr, retcode = testInst.qemu_command('aktualizr-info')
666 if retcode == 0 and stderr == b'' and stdout.decode().find('Fetched metadata: yes') >= 0: 676 if retcode == 0 and stderr == b'' and stdout.decode().find('Fetched metadata: yes') >= 0:
667 ran_ok = True 677 ran_ok = True
668 break 678 break
679 sleep(delay)
669 testInst.assertIn(b'Device ID: ', stdout, 'Provisioning failed: ' + stderr.decode() + stdout.decode()) 680 testInst.assertIn(b'Device ID: ', stdout, 'Provisioning failed: ' + stderr.decode() + stdout.decode())
670 testInst.assertIn(b'Primary ecu hardware ID: ' + machine.encode(), stdout, 681 testInst.assertIn(b'Primary ecu hardware ID: ' + machine.encode(), stdout,
671 'Provisioning failed: ' + stderr.decode() + stdout.decode()) 682 'Provisioning failed: ' + stderr.decode() + stdout.decode())
diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov.bb b/recipes-sota/aktualizr/aktualizr-auto-prov.bb
index 07e5bb8..8deee7e 100644
--- a/recipes-sota/aktualizr/aktualizr-auto-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-auto-prov.bb
@@ -16,8 +16,6 @@ SRC_URI = " \
16require environment.inc 16require environment.inc
17require credentials.inc 17require credentials.inc
18 18
19export SOTA_PACKED_CREDENTIALS
20
21do_install() { 19do_install() {
22 if [ -n "${SOTA_AUTOPROVISION_CREDENTIALS}" ]; then 20 if [ -n "${SOTA_AUTOPROVISION_CREDENTIALS}" ]; then
23 bbwarn "SOTA_AUTOPROVISION_CREDENTIALS are ignored. Please use SOTA_PACKED_CREDENTIALS" 21 bbwarn "SOTA_AUTOPROVISION_CREDENTIALS are ignored. Please use SOTA_PACKED_CREDENTIALS"
@@ -32,12 +30,12 @@ do_install() {
32 bbwarn "OSTREE_PUSH_CREDENTIALS is ignored. Please use SOTA_PACKED_CREDENTIALS" 30 bbwarn "OSTREE_PUSH_CREDENTIALS is ignored. Please use SOTA_PACKED_CREDENTIALS"
33 fi 31 fi
34 32
35 install -d ${D}${libdir}/sota 33 install -m 0700 -d ${D}${libdir}/sota/conf.d
36 install -d ${D}${localstatedir}/sota 34 install -m 0700 -d ${D}${localstatedir}/sota
37 if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then 35 if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
38 aktualizr_toml=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-network', 'sota_autoprov_primary.toml', 'sota_autoprov.toml', d)} 36 aktualizr_toml=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-network', 'sota_autoprov_primary.toml', 'sota_autoprov.toml', d)}
39 37
40 install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/${aktualizr_toml} ${D}${libdir}/sota/sota.toml 38 install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/${aktualizr_toml} ${D}${libdir}/sota/conf.d/20-sota.toml
41 39
42 # deploy SOTA credentials 40 # deploy SOTA credentials
43 if [ -e ${SOTA_PACKED_CREDENTIALS} ]; then 41 if [ -e ${SOTA_PACKED_CREDENTIALS} ]; then
@@ -49,7 +47,8 @@ do_install() {
49} 47}
50 48
51FILES_${PN} = " \ 49FILES_${PN} = " \
52 ${libdir}/sota/sota.toml \ 50 ${libdir}/sota/conf.d \
51 ${libdir}/sota/conf.d/20-sota.toml \
53 ${localstatedir}/sota \ 52 ${localstatedir}/sota \
54 ${localstatedir}/sota/sota_provisioning_credentials.zip \ 53 ${localstatedir}/sota/sota_provisioning_credentials.zip \
55 " 54 "
diff --git a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb
index 51e313d..319074e 100644
--- a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb
@@ -26,7 +26,7 @@ export SOTA_CACERT_PATH
26export SOTA_CAKEY_PATH 26export SOTA_CAKEY_PATH
27 27
28do_install() { 28do_install() {
29 install -d ${D}${libdir}/sota 29 install -m 0700 -d ${D}${libdir}/sota/conf.d
30 30
31 if [ -z "${SOTA_PACKED_CREDENTIALS}" ]; then 31 if [ -z "${SOTA_PACKED_CREDENTIALS}" ]; then
32 bberror "SOTA_PACKED_CREDENTIALS are required for implicit provisioning" 32 bberror "SOTA_PACKED_CREDENTIALS are required for implicit provisioning"
@@ -51,22 +51,22 @@ do_install() {
51 bberror "SOTA_CAKEY_PATH should be set when using implicit provisioning" 51 bberror "SOTA_CAKEY_PATH should be set when using implicit provisioning"
52 fi 52 fi
53 53
54 install -d ${D}${libdir}/sota 54 install -m 0700 -d ${D}${localstatedir}/sota
55 install -d ${D}${localstatedir}/sota 55 install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov_ca.toml ${D}${libdir}/sota/conf.d/20-sota.toml
56 install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov_ca.toml ${D}${libdir}/sota/sota.toml
57 aktualizr_cert_provider --credentials ${SOTA_PACKED_CREDENTIALS} \ 56 aktualizr_cert_provider --credentials ${SOTA_PACKED_CREDENTIALS} \
58 --device-ca ${SOTA_CACERT_PATH} \ 57 --device-ca ${SOTA_CACERT_PATH} \
59 --device-ca-key ${SOTA_CAKEY_PATH} \ 58 --device-ca-key ${SOTA_CAKEY_PATH} \
60 --root-ca \ 59 --root-ca \
61 --server-url \ 60 --server-url \
62 --local ${D}${localstatedir}/sota \ 61 --local ${D}${localstatedir}/sota \
63 --config ${D}${libdir}/sota/sota.toml 62 --config ${D}${libdir}/sota/conf.d/20-sota.toml
64} 63}
65 64
66FILES_${PN} = " \ 65FILES_${PN} = " \
67 ${localstatedir}/sota/* \ 66 ${libdir}/sota/conf.d \
68 ${libdir}/sota/sota.toml \ 67 ${libdir}/sota/conf.d/20-sota.toml \
69 ${libdir}/sota/root.crt \ 68 ${libdir}/sota/root.crt \
69 ${localstatedir}/sota/* \
70 " 70 "
71 71
72# vim:set ts=4 sw=4 sts=4 expandtab: 72# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/recipes-sota/aktualizr/aktualizr-hsm-prov.bb b/recipes-sota/aktualizr/aktualizr-hsm-prov.bb
index 5f8da3c..504f0d8 100644
--- a/recipes-sota/aktualizr/aktualizr-hsm-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-hsm-prov.bb
@@ -18,15 +18,16 @@ require environment.inc
18require credentials.inc 18require credentials.inc
19 19
20do_install() { 20do_install() {
21 install -d ${D}${libdir}/sota 21 install -m 0700 -d ${D}${libdir}/sota/conf.d
22 if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then 22 if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
23 aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} --no-root-ca \ 23 aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} --no-root-ca \
24 -i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_hsm_prov.toml -o ${D}${libdir}/sota/sota.toml -p ${D} 24 -i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_hsm_prov.toml -o ${D}${libdir}/sota/conf.d/20-sota.toml -p ${D}
25 fi 25 fi
26} 26}
27 27
28FILES_${PN} = " \ 28FILES_${PN} = " \
29 ${libdir}/sota/sota.toml \ 29 ${libdir}/sota/conf.d \
30 ${libdir}/sota/conf.d/20-sota.toml \
30 " 31 "
31 32
32# vim:set ts=4 sw=4 sts=4 expandtab: 33# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
index cf3d22c..dcfaffb 100644
--- a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
@@ -18,15 +18,16 @@ require environment.inc
18require credentials.inc 18require credentials.inc
19 19
20do_install() { 20do_install() {
21 install -d ${D}${libdir}/sota 21 install -m 0700 -d ${D}${libdir}/sota/conf.d
22 if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then 22 if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
23 aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} \ 23 aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} \
24 -i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov.toml -o ${D}${libdir}/sota/sota.toml -p ${D} 24 -i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov.toml -o ${D}${libdir}/sota/conf.d/20-sota.toml -p ${D}
25 fi 25 fi
26} 26}
27 27
28FILES_${PN} = " \ 28FILES_${PN} = " \
29 ${libdir}/sota/sota.toml \ 29 ${libdir}/sota/conf.d \
30 ${libdir}/sota/conf.d/20-sota.toml \
30 ${libdir}/sota/root.crt \ 31 ${libdir}/sota/root.crt \
31 " 32 "
32 33
diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb
index 94a610c..2c0d59f 100644..100755
--- a/recipes-sota/aktualizr/aktualizr_git.bb
+++ b/recipes-sota/aktualizr/aktualizr_git.bb
@@ -5,7 +5,7 @@ SECTION = "base"
5LICENSE = "MPL-2.0" 5LICENSE = "MPL-2.0"
6LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=9741c346eef56131163e13b9db1241b3" 6LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=9741c346eef56131163e13b9db1241b3"
7 7
8DEPENDS = "boost curl openssl libarchive libsodium asn1c-native " 8DEPENDS = "boost curl openssl libarchive libsodium asn1c-native sqlite3 "
9DEPENDS_append_class-target = "ostree ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', ' libp11', '', d)} " 9DEPENDS_append_class-target = "ostree ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', ' libp11', '', d)} "
10DEPENDS_append_class-native = "glib-2.0-native " 10DEPENDS_append_class-native = "glib-2.0-native "
11 11
@@ -22,7 +22,7 @@ SRC_URI = " \
22 file://aktualizr-secondary.socket \ 22 file://aktualizr-secondary.socket \
23 file://aktualizr-serialcan.service \ 23 file://aktualizr-serialcan.service \
24 " 24 "
25SRCREV = "930d8eef6eb584686654601c056d7c9c6fca3048" 25SRCREV = "3b89858cf8ce9a8331cc4e6a5d2b5783d2eb7ae9"
26BRANCH ?= "master" 26BRANCH ?= "master"
27 27
28S = "${WORKDIR}/git" 28S = "${WORKDIR}/git"
@@ -37,9 +37,20 @@ SYSTEMD_SERVICE_${PN}-secondary = "aktualizr-secondary.socket"
37 37
38BBCLASSEXTEND =+ "native" 38BBCLASSEXTEND =+ "native"
39 39
40EXTRA_OECMAKE = "-DWARNING_AS_ERROR=OFF -DCMAKE_BUILD_TYPE=Release -DAKTUALIZR_VERSION=${PV} " 40require garage-sign-version.inc
41EXTRA_OECMAKE_append_class-target = " -DBUILD_OSTREE=ON -DBUILD_ISOTP=ON ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', '-DBUILD_P11=ON', '', d)} " 41
42EXTRA_OECMAKE_append_class-native = " -DBUILD_SOTA_TOOLS=ON -DBUILD_OSTREE=OFF -DBUILD_SYSTEMD=OFF " 42EXTRA_OECMAKE = "-DWARNING_AS_ERROR=OFF \
43 -DCMAKE_BUILD_TYPE=Release \
44 -DAKTUALIZR_VERSION=${PV} \
45 -DBUILD_LOAD_TESTS=OFF"
46EXTRA_OECMAKE_append_class-target = " -DBUILD_OSTREE=ON \
47 -DBUILD_ISOTP=ON \
48 ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', '-DBUILD_P11=ON', '', d)} "
49EXTRA_OECMAKE_append_class-native = " -DBUILD_SOTA_TOOLS=ON \
50 -DBUILD_OSTREE=OFF \
51 -DBUILD_SYSTEMD=OFF \
52 -DGARAGE_SIGN_VERSION=${GARAGE_SIGN_VERSION} \
53 -DGARAGE_SIGN_SHA256=${GARAGE_SIGN_SHA256}"
43 54
44do_install_append () { 55do_install_append () {
45 rm -fr ${D}${libdir}/systemd 56 rm -fr ${D}${libdir}/systemd
@@ -54,30 +65,30 @@ do_install_append () {
54 install -d ${D}${systemd_unitdir}/system 65 install -d ${D}${systemd_unitdir}/system
55 install -m 0644 ${WORKDIR}/aktualizr-secondary.socket ${D}${systemd_unitdir}/system/aktualizr-secondary.socket 66 install -m 0644 ${WORKDIR}/aktualizr-secondary.socket ${D}${systemd_unitdir}/system/aktualizr-secondary.socket
56 install -m 0644 ${WORKDIR}/aktualizr-secondary.service ${D}${systemd_unitdir}/system/aktualizr-secondary.service 67 install -m 0644 ${WORKDIR}/aktualizr-secondary.service ${D}${systemd_unitdir}/system/aktualizr-secondary.service
68 install -m 0700 -d ${D}${libdir}/sota/conf.d
69 install -m 0700 -d ${D}${sysconfdir}/sota/conf.d
57} 70}
58 71
59do_install_append_class-target () { 72do_install_append_class-target () {
60 install -d ${D}${systemd_unitdir}/system 73 install -m 0755 -d ${D}${systemd_unitdir}/system
61 aktualizr_service=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'serialcan', '${WORKDIR}/aktualizr-serialcan.service', '${WORKDIR}/aktualizr.service', d)} 74 aktualizr_service=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'serialcan', '${WORKDIR}/aktualizr-serialcan.service', '${WORKDIR}/aktualizr.service', d)}
62 install -m 0644 ${aktualizr_service} ${D}${systemd_unitdir}/system/aktualizr.service 75 install -m 0644 ${aktualizr_service} ${D}${systemd_unitdir}/system/aktualizr.service
63} 76}
64 77
65do_install_append_class-native () { 78do_install_append_class-native () {
66 install -m 0755 ${B}/src/sota_tools/garage-sign-prefix/src/garage-sign/bin/* ${D}${bindir} 79 install -m 0755 ${B}/src/sota_tools/garage-sign/bin/* ${D}${bindir}
67 install -m 0644 ${B}/src/sota_tools/garage-sign-prefix/src/garage-sign/lib/* ${D}${libdir} 80 install -m 0644 ${B}/src/sota_tools/garage-sign/lib/* ${D}${libdir}
68} 81}
69 82
70PACKAGES =+ " ${PN}-common ${PN}-examples ${PN}-host-tools ${PN}-secondary " 83PACKAGES =+ " ${PN}-examples ${PN}-host-tools ${PN}-secondary "
71 84
72FILES_${PN} = " \ 85FILES_${PN} = " \
73 ${bindir}/aktualizr \ 86 ${bindir}/aktualizr \
74 ${bindir}/aktualizr-info \ 87 ${bindir}/aktualizr-info \
75 ${bindir}/aktualizr-check-discovery \ 88 ${bindir}/aktualizr-check-discovery \
76 ${systemd_unitdir}/system/aktualizr.service \ 89 ${systemd_unitdir}/system/aktualizr.service \
77 " 90 ${libdir}/sota/conf.d \
78 91 ${sysconfdir}/sota/conf.d \
79FILES_${PN}-common = " \
80 ${libdir}/sota/schemas \
81 " 92 "
82 93
83FILES_${PN}-examples = " \ 94FILES_${PN}-examples = " \
@@ -105,8 +116,4 @@ FILES_${PN}-secondary = " \
105 ${systemd_unitdir}/system/aktualizr-secondary.service \ 116 ${systemd_unitdir}/system/aktualizr-secondary.service \
106 " 117 "
107 118
108# Both primary and secondary need the SQL Schemas
109RDEPENDS_${PN}_class-target =+ "${PN}-common"
110RDEPENDS_${PN}-secondary_class-target =+ "${PN}-common"
111
112# vim:set ts=4 sw=4 sts=4 expandtab: 119# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/recipes-sota/aktualizr/environment.inc b/recipes-sota/aktualizr/environment.inc
index 09da6b7..16e789e 100644
--- a/recipes-sota/aktualizr/environment.inc
+++ b/recipes-sota/aktualizr/environment.inc
@@ -1,17 +1,11 @@
1export SOTA_LEGACY_SECONDARY_INTERFACE
2export SOTA_VIRTUAL_SECONDARIES 1export SOTA_VIRTUAL_SECONDARIES
3 2
4do_install_append() { 3do_install_append() {
5 if [ -n "${SOTA_LEGACY_SECONDARY_INTERFACE}" ]; then
6 AKTUALIZR_PARAMETERS_LEGACYSEC="--legacy-interface ${SOTA_LEGACY_SECONDARY_INTERFACE}"
7 fi
8
9 AKTUALIZR_PARAMETERS_CONFIGFILE="--config /usr/lib/sota/sota.toml"
10 for sec in ${SOTA_VIRTUAL_SECONDARIES}; do 4 for sec in ${SOTA_VIRTUAL_SECONDARIES}; do
11 AKTUALIZR_PARAMETERS_VIRTUALSECS="${AKTUALIZR_PARAMETERS_VIRTUALSECS} --secondary-config $sec" 5 AKTUALIZR_PARAMETERS_VIRTUALSECS="${AKTUALIZR_PARAMETERS_VIRTUALSECS} --secondary-config $sec"
12 done 6 done
13 7
14 echo "AKTUALIZR_CMDLINE_PARAMETERS=${AKTUALIZR_PARAMETERS_CONFIGFILE} ${AKTUALIZR_PARAMETERS_LEGACYSEC} ${AKTUALIZR_PARAMETERS_VIRTUALSECS}" > ${D}${libdir}/sota/sota.env 8 echo "AKTUALIZR_CMDLINE_PARAMETERS=${AKTUALIZR_PARAMETERS_VIRTUALSECS}" > ${D}${libdir}/sota/sota.env
15} 9}
16 10
17FILES_${PN}_append = " ${libdir}/sota/sota.env" 11FILES_${PN}_append = " ${libdir}/sota/sota.env"
diff --git a/recipes-sota/aktualizr/garage-sign-version.inc b/recipes-sota/aktualizr/garage-sign-version.inc
new file mode 100644
index 0000000..66e3ffd
--- /dev/null
+++ b/recipes-sota/aktualizr/garage-sign-version.inc
@@ -0,0 +1,23 @@
1
2python () {
3 if d.getVar("GARAGE_SIGN_VERSION", True) or not d.getVar("SOTA_PACKED_CREDENTIALS", True):
4 return
5 import json
6 import urllib.request
7 import zipfile
8 with zipfile.ZipFile(d.getVar("SOTA_PACKED_CREDENTIALS", True), 'r') as zip_ref:
9 try:
10 with zip_ref.open('tufrepo.url', mode='r') as url_file:
11 url = url_file.read().decode() + '/health/version'
12 except (KeyError, ValueError, RuntimeError):
13 return
14 r = urllib.request.urlopen(url)
15 if r.code != 200:
16 return
17 resp = r.read().decode('utf-8')
18 j = json.loads(resp)
19 version = 'cli-' + j['version'] + '.tgz'
20 d.setVar("GARAGE_SIGN_VERSION", version)
21}
22
23# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/recipes-sota/config/aktualizr-disable-send-ip.bb b/recipes-sota/config/aktualizr-disable-send-ip.bb
new file mode 100644
index 0000000..cab7696
--- /dev/null
+++ b/recipes-sota/config/aktualizr-disable-send-ip.bb
@@ -0,0 +1,23 @@
1SUMMARY = "Disable IP reporting in Aktualizr"
2DESCRIPTION = "Configures aktualizr to disable IP reporting to the server"
3HOMEPAGE = "https://github.com/advancedtelematic/aktualizr"
4SECTION = "base"
5LICENSE = "MPL-2.0"
6LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE;md5=9741c346eef56131163e13b9db1241b3"
7
8SRC_URI = " \
9 file://LICENSE \
10 file://30-disable-send-ip.toml \
11 "
12
13do_install_append () {
14 install -m 0700 -d ${D}${libdir}/sota/conf.d
15 install -m 0644 ${WORKDIR}/30-disable-send-ip.toml ${D}${libdir}/sota/conf.d/30-disable-send-ip.toml
16}
17
18FILES_${PN} = " \
19 ${libdir}/sota/conf.d/30-disable-send-ip.toml \
20 "
21
22# vim:set ts=4 sw=4 sts=4 expandtab:
23
diff --git a/recipes-sota/config/aktualizr-example-interface.bb b/recipes-sota/config/aktualizr-example-interface.bb
new file mode 100644
index 0000000..37a9184
--- /dev/null
+++ b/recipes-sota/config/aktualizr-example-interface.bb
@@ -0,0 +1,22 @@
1SUMMARY = "Aktualizr example interface"
2DESCRIPTION = "Aktualizr example interface for legacy secondaries"
3HOMEPAGE = "https://github.com/advancedtelematic/aktualizr"
4SECTION = "base"
5LICENSE = "MPL-2.0"
6LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE;md5=9741c346eef56131163e13b9db1241b3"
7
8SRC_URI = " \
9 file://LICENSE \
10 file://30-example-interface.toml \
11 "
12
13do_install_append () {
14 install -m 0700 -d ${D}${libdir}/sota/conf.d
15 install -m 0644 ${WORKDIR}/30-example-interface.toml ${D}${libdir}/sota/conf.d/30-example-interface.toml
16}
17
18FILES_${PN} = " \
19 ${libdir}/sota/conf.d/30-example-interface.toml \
20 "
21
22# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/recipes-sota/config/aktualizr-log-debug.bb b/recipes-sota/config/aktualizr-log-debug.bb
new file mode 100644
index 0000000..e628616
--- /dev/null
+++ b/recipes-sota/config/aktualizr-log-debug.bb
@@ -0,0 +1,23 @@
1SUMMARY = "Set debug logging in Aktualizr"
2DESCRIPTION = "Configures aktualizr to log at a debugging level"
3HOMEPAGE = "https://github.com/advancedtelematic/aktualizr"
4SECTION = "base"
5LICENSE = "MPL-2.0"
6LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE;md5=9741c346eef56131163e13b9db1241b3"
7
8SRC_URI = " \
9 file://LICENSE \
10 file://05-log-debug.toml \
11 "
12
13do_install_append () {
14 install -m 0700 -d ${D}${libdir}/sota/conf.d
15 install -m 0644 ${WORKDIR}/05-log-debug.toml ${D}${libdir}/sota/conf.d/05-log-debug.toml
16}
17
18FILES_${PN} = " \
19 ${libdir}/sota/conf.d/05-log-debug.toml \
20 "
21
22# vim:set ts=4 sw=4 sts=4 expandtab:
23
diff --git a/recipes-sota/config/files/05-log-debug.toml b/recipes-sota/config/files/05-log-debug.toml
new file mode 100644
index 0000000..100a146
--- /dev/null
+++ b/recipes-sota/config/files/05-log-debug.toml
@@ -0,0 +1,2 @@
1[logger]
2loglevel = 0
diff --git a/recipes-sota/config/files/30-disable-send-ip.toml b/recipes-sota/config/files/30-disable-send-ip.toml
new file mode 100644
index 0000000..5cd5108
--- /dev/null
+++ b/recipes-sota/config/files/30-disable-send-ip.toml
@@ -0,0 +1,2 @@
1[telemetry]
2report_network = false
diff --git a/recipes-sota/config/files/30-example-interface.toml b/recipes-sota/config/files/30-example-interface.toml
new file mode 100644
index 0000000..fc4e9ec
--- /dev/null
+++ b/recipes-sota/config/files/30-example-interface.toml
@@ -0,0 +1,2 @@
1[uptane]
2legacy_interface = "/usr/bin/example-interface"
diff --git a/recipes-sota/config/files/LICENSE b/recipes-sota/config/files/LICENSE
new file mode 100644
index 0000000..a612ad9
--- /dev/null
+++ b/recipes-sota/config/files/LICENSE
@@ -0,0 +1,373 @@
1Mozilla Public License Version 2.0
2==================================
3
41. Definitions
5--------------
6
71.1. "Contributor"
8 means each individual or legal entity that creates, contributes to
9 the creation of, or owns Covered Software.
10
111.2. "Contributor Version"
12 means the combination of the Contributions of others (if any) used
13 by a Contributor and that particular Contributor's Contribution.
14
151.3. "Contribution"
16 means Covered Software of a particular Contributor.
17
181.4. "Covered Software"
19 means Source Code Form to which the initial Contributor has attached
20 the notice in Exhibit A, the Executable Form of such Source Code
21 Form, and Modifications of such Source Code Form, in each case
22 including portions thereof.
23
241.5. "Incompatible With Secondary Licenses"
25 means
26
27 (a) that the initial Contributor has attached the notice described
28 in Exhibit B to the Covered Software; or
29
30 (b) that the Covered Software was made available under the terms of
31 version 1.1 or earlier of the License, but not also under the
32 terms of a Secondary License.
33
341.6. "Executable Form"
35 means any form of the work other than Source Code Form.
36
371.7. "Larger Work"
38 means a work that combines Covered Software with other material, in
39 a separate file or files, that is not Covered Software.
40
411.8. "License"
42 means this document.
43
441.9. "Licensable"
45 means having the right to grant, to the maximum extent possible,
46 whether at the time of the initial grant or subsequently, any and
47 all of the rights conveyed by this License.
48
491.10. "Modifications"
50 means any of the following:
51
52 (a) any file in Source Code Form that results from an addition to,
53 deletion from, or modification of the contents of Covered
54 Software; or
55
56 (b) any new file in Source Code Form that contains any Covered
57 Software.
58
591.11. "Patent Claims" of a Contributor
60 means any patent claim(s), including without limitation, method,
61 process, and apparatus claims, in any patent Licensable by such
62 Contributor that would be infringed, but for the grant of the
63 License, by the making, using, selling, offering for sale, having
64 made, import, or transfer of either its Contributions or its
65 Contributor Version.
66
671.12. "Secondary License"
68 means either the GNU General Public License, Version 2.0, the GNU
69 Lesser General Public License, Version 2.1, the GNU Affero General
70 Public License, Version 3.0, or any later versions of those
71 licenses.
72
731.13. "Source Code Form"
74 means the form of the work preferred for making modifications.
75
761.14. "You" (or "Your")
77 means an individual or a legal entity exercising rights under this
78 License. For legal entities, "You" includes any entity that
79 controls, is controlled by, or is under common control with You. For
80 purposes of this definition, "control" means (a) the power, direct
81 or indirect, to cause the direction or management of such entity,
82 whether by contract or otherwise, or (b) ownership of more than
83 fifty percent (50%) of the outstanding shares or beneficial
84 ownership of such entity.
85
862. License Grants and Conditions
87--------------------------------
88
892.1. Grants
90
91Each Contributor hereby grants You a world-wide, royalty-free,
92non-exclusive license:
93
94(a) under intellectual property rights (other than patent or trademark)
95 Licensable by such Contributor to use, reproduce, make available,
96 modify, display, perform, distribute, and otherwise exploit its
97 Contributions, either on an unmodified basis, with Modifications, or
98 as part of a Larger Work; and
99
100(b) under Patent Claims of such Contributor to make, use, sell, offer
101 for sale, have made, import, and otherwise transfer either its
102 Contributions or its Contributor Version.
103
1042.2. Effective Date
105
106The licenses granted in Section 2.1 with respect to any Contribution
107become effective for each Contribution on the date the Contributor first
108distributes such Contribution.
109
1102.3. Limitations on Grant Scope
111
112The licenses granted in this Section 2 are the only rights granted under
113this License. No additional rights or licenses will be implied from the
114distribution or licensing of Covered Software under this License.
115Notwithstanding Section 2.1(b) above, no patent license is granted by a
116Contributor:
117
118(a) for any code that a Contributor has removed from Covered Software;
119 or
120
121(b) for infringements caused by: (i) Your and any other third party's
122 modifications of Covered Software, or (ii) the combination of its
123 Contributions with other software (except as part of its Contributor
124 Version); or
125
126(c) under Patent Claims infringed by Covered Software in the absence of
127 its Contributions.
128
129This License does not grant any rights in the trademarks, service marks,
130or logos of any Contributor (except as may be necessary to comply with
131the notice requirements in Section 3.4).
132
1332.4. Subsequent Licenses
134
135No Contributor makes additional grants as a result of Your choice to
136distribute the Covered Software under a subsequent version of this
137License (see Section 10.2) or under the terms of a Secondary License (if
138permitted under the terms of Section 3.3).
139
1402.5. Representation
141
142Each Contributor represents that the Contributor believes its
143Contributions are its original creation(s) or it has sufficient rights
144to grant the rights to its Contributions conveyed by this License.
145
1462.6. Fair Use
147
148This License is not intended to limit any rights You have under
149applicable copyright doctrines of fair use, fair dealing, or other
150equivalents.
151
1522.7. Conditions
153
154Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted
155in Section 2.1.
156
1573. Responsibilities
158-------------------
159
1603.1. Distribution of Source Form
161
162All distribution of Covered Software in Source Code Form, including any
163Modifications that You create or to which You contribute, must be under
164the terms of this License. You must inform recipients that the Source
165Code Form of the Covered Software is governed by the terms of this
166License, and how they can obtain a copy of this License. You may not
167attempt to alter or restrict the recipients' rights in the Source Code
168Form.
169
1703.2. Distribution of Executable Form
171
172If You distribute Covered Software in Executable Form then:
173
174(a) such Covered Software must also be made available in Source Code
175 Form, as described in Section 3.1, and You must inform recipients of
176 the Executable Form how they can obtain a copy of such Source Code
177 Form by reasonable means in a timely manner, at a charge no more
178 than the cost of distribution to the recipient; and
179
180(b) You may distribute such Executable Form under the terms of this
181 License, or sublicense it under different terms, provided that the
182 license for the Executable Form does not attempt to limit or alter
183 the recipients' rights in the Source Code Form under this License.
184
1853.3. Distribution of a Larger Work
186
187You may create and distribute a Larger Work under terms of Your choice,
188provided that You also comply with the requirements of this License for
189the Covered Software. If the Larger Work is a combination of Covered
190Software with a work governed by one or more Secondary Licenses, and the
191Covered Software is not Incompatible With Secondary Licenses, this
192License permits You to additionally distribute such Covered Software
193under the terms of such Secondary License(s), so that the recipient of
194the Larger Work may, at their option, further distribute the Covered
195Software under the terms of either this License or such Secondary
196License(s).
197
1983.4. Notices
199
200You may not remove or alter the substance of any license notices
201(including copyright notices, patent notices, disclaimers of warranty,
202or limitations of liability) contained within the Source Code Form of
203the Covered Software, except that You may alter any license notices to
204the extent required to remedy known factual inaccuracies.
205
2063.5. Application of Additional Terms
207
208You may choose to offer, and to charge a fee for, warranty, support,
209indemnity or liability obligations to one or more recipients of Covered
210Software. However, You may do so only on Your own behalf, and not on
211behalf of any Contributor. You must make it absolutely clear that any
212such warranty, support, indemnity, or liability obligation is offered by
213You alone, and You hereby agree to indemnify every Contributor for any
214liability incurred by such Contributor as a result of warranty, support,
215indemnity or liability terms You offer. You may include additional
216disclaimers of warranty and limitations of liability specific to any
217jurisdiction.
218
2194. Inability to Comply Due to Statute or Regulation
220---------------------------------------------------
221
222If it is impossible for You to comply with any of the terms of this
223License with respect to some or all of the Covered Software due to
224statute, judicial order, or regulation then You must: (a) comply with
225the terms of this License to the maximum extent possible; and (b)
226describe the limitations and the code they affect. Such description must
227be placed in a text file included with all distributions of the Covered
228Software under this License. Except to the extent prohibited by statute
229or regulation, such description must be sufficiently detailed for a
230recipient of ordinary skill to be able to understand it.
231
2325. Termination
233--------------
234
2355.1. The rights granted under this License will terminate automatically
236if You fail to comply with any of its terms. However, if You become
237compliant, then the rights granted under this License from a particular
238Contributor are reinstated (a) provisionally, unless and until such
239Contributor explicitly and finally terminates Your grants, and (b) on an
240ongoing basis, if such Contributor fails to notify You of the
241non-compliance by some reasonable means prior to 60 days after You have
242come back into compliance. Moreover, Your grants from a particular
243Contributor are reinstated on an ongoing basis if such Contributor
244notifies You of the non-compliance by some reasonable means, this is the
245first time You have received notice of non-compliance with this License
246from such Contributor, and You become compliant prior to 30 days after
247Your receipt of the notice.
248
2495.2. If You initiate litigation against any entity by asserting a patent
250infringement claim (excluding declaratory judgment actions,
251counter-claims, and cross-claims) alleging that a Contributor Version
252directly or indirectly infringes any patent, then the rights granted to
253You by any and all Contributors for the Covered Software under Section
2542.1 of this License shall terminate.
255
2565.3. In the event of termination under Sections 5.1 or 5.2 above, all
257end user license agreements (excluding distributors and resellers) which
258have been validly granted by You or Your distributors under this License
259prior to termination shall survive termination.
260
261************************************************************************
262* *
263* 6. Disclaimer of Warranty *
264* ------------------------- *
265* *
266* Covered Software is provided under this License on an "as is" *
267* basis, without warranty of any kind, either expressed, implied, or *
268* statutory, including, without limitation, warranties that the *
269* Covered Software is free of defects, merchantable, fit for a *
270* particular purpose or non-infringing. The entire risk as to the *
271* quality and performance of the Covered Software is with You. *
272* Should any Covered Software prove defective in any respect, You *
273* (not any Contributor) assume the cost of any necessary servicing, *
274* repair, or correction. This disclaimer of warranty constitutes an *
275* essential part of this License. No use of any Covered Software is *
276* authorized under this License except under this disclaimer. *
277* *
278************************************************************************
279
280************************************************************************
281* *
282* 7. Limitation of Liability *
283* -------------------------- *
284* *
285* Under no circumstances and under no legal theory, whether tort *
286* (including negligence), contract, or otherwise, shall any *
287* Contributor, or anyone who distributes Covered Software as *
288* permitted above, be liable to You for any direct, indirect, *
289* special, incidental, or consequential damages of any character *
290* including, without limitation, damages for lost profits, loss of *
291* goodwill, work stoppage, computer failure or malfunction, or any *
292* and all other commercial damages or losses, even if such party *
293* shall have been informed of the possibility of such damages. This *
294* limitation of liability shall not apply to liability for death or *
295* personal injury resulting from such party's negligence to the *
296* extent applicable law prohibits such limitation. Some *
297* jurisdictions do not allow the exclusion or limitation of *
298* incidental or consequential damages, so this exclusion and *
299* limitation may not apply to You. *
300* *
301************************************************************************
302
3038. Litigation
304-------------
305
306Any litigation relating to this License may be brought only in the
307courts of a jurisdiction where the defendant maintains its principal
308place of business and such litigation shall be governed by laws of that
309jurisdiction, without reference to its conflict-of-law provisions.
310Nothing in this Section shall prevent a party's ability to bring
311cross-claims or counter-claims.
312
3139. Miscellaneous
314----------------
315
316This License represents the complete agreement concerning the subject
317matter hereof. If any provision of this License is held to be
318unenforceable, such provision shall be reformed only to the extent
319necessary to make it enforceable. Any law or regulation which provides
320that the language of a contract shall be construed against the drafter
321shall not be used to construe this License against a Contributor.
322
32310. Versions of the License
324---------------------------
325
32610.1. New Versions
327
328Mozilla Foundation is the license steward. Except as provided in Section
32910.3, no one other than the license steward has the right to modify or
330publish new versions of this License. Each version will be given a
331distinguishing version number.
332
33310.2. Effect of New Versions
334
335You may distribute the Covered Software under the terms of the version
336of the License under which You originally received the Covered Software,
337or under the terms of any subsequent version published by the license
338steward.
339
34010.3. Modified Versions
341
342If you create software not governed by this License, and you want to
343create a new license for such software, you may create and use a
344modified version of this License if you rename the license and remove
345any references to the name of the license steward (except to note that
346such modified license differs from this License).
347
34810.4. Distributing Source Code Form that is Incompatible With Secondary
349Licenses
350
351If You choose to distribute Source Code Form that is Incompatible With
352Secondary Licenses under the terms of this version of the License, the
353notice described in Exhibit B of this License must be attached.
354
355Exhibit A - Source Code Form License Notice
356-------------------------------------------
357
358 This Source Code Form is subject to the terms of the Mozilla Public
359 License, v. 2.0. If a copy of the MPL was not distributed with this
360 file, You can obtain one at http://mozilla.org/MPL/2.0/.
361
362If it is not possible or desirable to put the notice in a particular
363file, then You may include the notice in a location (such as a LICENSE
364file in a relevant directory) where a recipient would be likely to look
365for such a notice.
366
367You may add additional accurate notices of copyright ownership.
368
369Exhibit B - "Incompatible With Secondary Licenses" Notice
370---------------------------------------------------------
371
372 This Source Code Form is "Incompatible With Secondary Licenses", as
373 defined by the Mozilla Public License, v. 2.0.
diff --git a/recipes-support/libp11/files/0001-Workaround-for-a-buggy-version-of-openssl-1.0.2m.patch b/recipes-support/libp11/files/0001-Workaround-for-a-buggy-version-of-openssl-1.0.2m.patch
index bd233ee..902352c 100644
--- a/recipes-support/libp11/files/0001-Workaround-for-a-buggy-version-of-openssl-1.0.2m.patch
+++ b/recipes-support/libp11/files/0001-Workaround-for-a-buggy-version-of-openssl-1.0.2m.patch
@@ -17,7 +17,7 @@ index 45d5ad3..75625e6 100644
17 17
18-#if OPENSSL_VERSION_NUMBER < 0x100020d0L || defined(LIBRESSL_VERSION_NUMBER) 18-#if OPENSSL_VERSION_NUMBER < 0x100020d0L || defined(LIBRESSL_VERSION_NUMBER)
19-static void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth, 19-static void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth,
20+#if OPENSSL_VERSION_NUMBER < 0x100020f0L || defined(LIBRESSL_VERSION_NUMBER) 20+#if OPENSSL_VERSION_NUMBER < 0x10002100L || defined(LIBRESSL_VERSION_NUMBER)
21+ 21+
22+# if (OPENSSL_VERSION_NUMBER & 0xFFFFFFF0) == 0x100020d0L 22+# if (OPENSSL_VERSION_NUMBER & 0xFFFFFFF0) == 0x100020d0L
23+# undef EVP_PKEY_meth_get_sign 23+# undef EVP_PKEY_meth_get_sign