Merge branch 'pyro' into bugfix/update-rocko

Bring over fixes from the last couple months from pyro in rocko.

27 files changed, 275 insertions, 243 deletions

diff --git a/COPYING.MIT b/COPYING.MIT
new file mode 100644
index 0000000..fb950dc
--- /dev/null
+++ b/COPYING.MIT
@@ -0,0 +1,17 @@
+Permission is hereby granted, free of charge, to any person obtaining a copy 
+of this software and associated documentation files (the "Software"), to deal 
+in the Software without restriction, including without limitation the rights 
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 
+copies of the Software, and to permit persons to whom the Software is 
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in 
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 
+THE SOFTWARE.
diff --git a/README.adoc b/README.adoc
index b4608d5..0917e45 100644
--- a/README.adoc
+++ b/README.adoc
@@ -1,10 +1,10 @@
 = meta-updater
 
-This layer enables over-the-air updates (OTA) with https://github.com/ostreedev/ostree[OSTree] and https://github.com/advancedtelematic/rvi_sota_client[RVI SOTA client].
+This layer enables over-the-air updates (OTA) with https://github.com/ostreedev/ostree[OSTree] and https://github.com/advancedtelematic/aktualizr[Aktualizr].
 
 https://github.com/ostreedev/ostree[OSTree] is a tool for atomic full file system upgrades with rollback capability. OSTree has several advantages over traditional dual-bank systems, but the most important one is that it minimizes network bandwidth and data storage footprint by sharing files with the same contents across file system deployments.
 
-https://github.com/advancedtelematic/rvi_sota_client[RVI SOTA client] and/or https://github.com/advancedtelematic/aktualizr[aktualizr] add authentication and provisioning capabilities to OTA and are integrated with OSTree. You can connect with the open-source https://github.com/advancedtelematic/rvi_sota_server[RVI SOTA server] or sign up for a free account at https://app.atsgarage.com[ATS Garage] to get started.
+https://github.com/advancedtelematic/aktualizr[Aktualizr] (and https://github.com/advancedtelematic/rvi_sota_client[RVI SOTA client]) add authentication and provisioning capabilities to OTA and are integrated with OSTree. You can connect with the open-source https://github.com/advancedtelematic/rvi_sota_server[RVI SOTA server] or sign up for a free account at https://app.atsgarage.com[ATS Garage] to get started.
 
 == Build
 
@@ -22,8 +22,6 @@ If you already have a Yocto-based project and you want to add atomic filesystem
 
 You can then build your image as usual, with bitbake. After building the root file system, bitbake will then create an https://ostree.readthedocs.io/en/latest/manual/adapting-existing/[OSTree-enabled version] of it, commit it to your local OSTree repo and (optionally) push it to a remote server. Additionally, a live disk image will be created (normally named $\{IMAGE_NAME}.-sdimg-ota e.g. core-image-raspberrypi3.rpi-sdimg-ota). You can control this behaviour through <<variables in your local.conf,OSTree-related variables in your local.conf>>.
 
-=== Build with OpenIVI
-
 === Build in AGL
 
 With AGL you can just add agl-sota feature while configuring your build environment:
@@ -67,11 +65,15 @@ Although we have used U-Boot so far, other boot loaders can be configured work w
 
 == SOTA-related variables in local.conf
 
-* OSTREE_REPO - path to your OSTree repository. Defaults to "$\{DEPLOY_DIR_IMAGE}/ostree_repo"
-* OSTREE_BRANCHNAME - the branch your rootfs will be committed to. Defaults to "ota"
-* OSTREE_OSNAME - OS deployment name on your target device. For more information about deployments and osnames see the https://ostree.readthedocs.io/en/latest/manual/deployment/[OSTree documentation]. Defaults to "poky".
-* OSTREE_INITRAMFS_IMAGE - initramfs/initrd image that is used as a proxy while booting into OSTree deployment. Do not change this setting unless you are sure that your initramfs can serve as such a proxy.
-* SOTA_PACKED_CREDENTIALS - when set, your ostree commit will be pushed to a remote repo as a bitbake step. This should be the path to a JSON credentials file in https://github.com/advancedtelematic/sota-tools#credentials[the format accepted by garage-push].
+* `OSTREE_REPO` - path to your OSTree repository. Defaults to `$\{DEPLOY_DIR_IMAGE}/ostree_repo`
+* `OSTREE_OSNAME` - OS deployment name on your target device. For more information about deployments and osnames see the https://ostree.readthedocs.io/en/latest/manual/deployment/[OSTree documentation]. Defaults to "poky".
+* `OSTREE_INITRAMFS_IMAGE` - initramfs/initrd image that is used as a proxy while booting into OSTree deployment. Do not change this setting unless you are sure that your initramfs can serve as such a proxy.
+* `SOTA_PACKED_CREDENTIALS` - when set, your ostree commit will be pushed to a remote repo as a bitbake step. This should be the path to a zipped credentials file in https://github.com/advancedtelematic/aktualizr/blob/master/docs/credentials.adoc[the format accepted by garage-push].
+* `SOTA_CLIENT_PROV` - which provisioning method to use. Valid options are https://github.com/advancedtelematic/aktualizr/blob/master/docs/automatic-provisioning.adoc[`aktualizr-auto-prov`], https://github.com/advancedtelematic/aktualizr/blob/master/docs/implicit-provisioning.adoc[`aktualizr-implicit-prov`], and `aktualizr-hsm-test-prov`. The default is `aktualizr-auto-prov`. This can also be set to an empty string to avoid using a provisioning recipe.
+* `SOTA_CLIENT_FEATURES` - extensions to aktualizr. Multiple can be specified if separated by spaces. Valid options are `hsm` (to build with HSM support) and `secondary-example` (to install an example https://github.com/advancedtelematic/aktualizr/blob/master/docs/legacysecondary.adoc[legacy secondary interface] in the image).
+* `SOTA_LEGACY_SECONDARY_INTERFACE` - path to a legacy secondary interface installed on the device. To use the example interface from the Aktualizr repo, use `/usr/bin/example-interface` and make sure `SOTA_CLIENT_FEATURES = "secondary-example"`.
+* `SOTA_SECONDARY_ECUS` - a list of paths separated by spaces of JSON configuration files for virtual secondaries on the host. These will be installed into `/var/sota/ecus` on the device.
+* `SOTA_VIRTUAL_SECONDARIES` - a list of paths separated by spaces of JSON configuration files for virtual secondaries installed on the device. If `SOTA_SECONDARY_ECUS` is used to install them, then you can expect them to be installed in `/var/sota/ecus`.
 
 == Usage
 
diff --git a/classes/image_repo_manifest.bbclass b/classes/image_repo_manifest.bbclass
index 7f41a97..467fd9a 100644
--- a/classes/image_repo_manifest.bbclass
+++ b/classes/image_repo_manifest.bbclass
@@ -16,7 +16,7 @@ buildinfo () {
   if [ $(which repo) ]; then
     repo manifest --revision-as-HEAD -o ${IMAGE_ROOTFS}${sysconfdir}/manifest.xml || bbwarn "Android repo tool failed to run; manifest not copied"
   else
-    bbwarn "Android repo tool not food; manifest not copied."
+    bbwarn "Android repo tool not found; manifest not copied."
   fi
 }
 
diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass
index e6bea76..f350449 100644
--- a/classes/image_types_ostree.bbclass
+++ b/classes/image_types_ostree.bbclass
@@ -119,6 +119,7 @@ IMAGE_CMD_ostree () {
     fi
 
     if [ -n "${SOTA_SECONDARY_ECUS}" ]; then
+        mkdir -p var/sota/ecus
         cp ${SOTA_SECONDARY_ECUS} var/sota/ecus
     fi
 
@@ -179,11 +180,11 @@ IMAGE_CMD_ostreepush () {
 }
 
 IMAGE_TYPEDEP_garagesign = "ostreepush"
-do_image_ostreepush[depends] += "garage-sign-native:do_populate_sysroot"
+do_image_garage_sign[depends] += "aktualizr-native:do_populate_sysroot"
 IMAGE_CMD_garagesign () {
     if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
         # if credentials are issued by a server that doesn't support offline signing, exit silently
-        unzip -p ${SOTA_PACKED_CREDENTIALS} root.json targets.pub targets.sec 2>&1 >/dev/null || exit 0
+        unzip -p ${SOTA_PACKED_CREDENTIALS} root.json targets.pub targets.sec tufrepo.url 2>&1 >/dev/null || exit 0
 
         java_version=$( java -version 2>&1 | awk -F '"' '/version/ {print $2}' )
         if [ "${java_version}" = "" ]; then
@@ -194,15 +195,8 @@ IMAGE_CMD_garagesign () {
             exit 1
         fi
 
-        if [ ! -d "${GARAGE_SIGN_REPO}" ]; then
-            garage-sign init --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --credentials ${SOTA_PACKED_CREDENTIALS}
-        fi
-
-        if [ -n "${GARAGE_SIGN_REPOSERVER}" ]; then
-            reposerver_args="--reposerver ${GARAGE_SIGN_REPOSERVER}"
-        else
-            reposerver_args=""
-        fi
+        rm -rf ${GARAGE_SIGN_REPO}
+        garage-sign init --repo tufrepo --home-dir ${GARAGE_SIGN_REPO} --credentials ${SOTA_PACKED_CREDENTIALS}
 
         ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME})
 
@@ -210,11 +204,11 @@ IMAGE_CMD_garagesign () {
         #   in which case targets.json should be pulled again and the whole procedure repeated
         push_success=0
         for push_retries in $( seq 3 ); do
-            garage-sign targets pull --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} ${reposerver_args}
-            garage-sign targets add --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --name ${OSTREE_BRANCHNAME} --format OSTREE --version ${OSTREE_BRANCHNAME} --length 0 --url "https://example.com/" --sha256 ${ostree_target_hash} --hardwareids ${MACHINE}
-            garage-sign targets sign --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --key-name=targets
+            garage-sign targets pull --repo tufrepo --home-dir ${GARAGE_SIGN_REPO}
+            garage-sign targets add --repo tufrepo --home-dir ${GARAGE_SIGN_REPO} --name ${OSTREE_BRANCHNAME} --format OSTREE --version ${ostree_target_hash} --length 0 --url "https://example.com/" --sha256 ${ostree_target_hash} --hardwareids ${MACHINE}
+            garage-sign targets sign --repo tufrepo --home-dir ${GARAGE_SIGN_REPO} --key-name=targets
             errcode=0
-            garage-sign targets push --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} ${reposerver_args} || errcode=$?
+            garage-sign targets push --repo tufrepo --home-dir ${GARAGE_SIGN_REPO} || errcode=$?
             if [ "$errcode" -eq "0" ]; then
                 push_success=1
                 break
@@ -227,9 +221,20 @@ IMAGE_CMD_garagesign () {
             bberror "Couldn't push to garage repository"
             exit 1
         fi
-    else
-        bbwarn "SOTA_PACKED_CREDENTIALS not set. Please add SOTA_PACKED_CREDENTIALS."
     fi
 }
 
+IMAGE_TYPEDEP_garagecheck = "ostreepush garagesign"
+do_image_garagecheck[depends] += "aktualizr-native:do_populate_sysroot"
+IMAGE_CMD_garagecheck () {
+    if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
+        # if credentials are issued by a server that doesn't support offline signing, exit silently
+        unzip -p ${SOTA_PACKED_CREDENTIALS} root.json targets.pub targets.sec tufrepo.url 2>&1 >/dev/null || exit 0
+        ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME})
+
+        garage-check --ref=${ostree_target_hash} \
+                     --credentials=${SOTA_PACKED_CREDENTIALS} \
+                     --cacert=${STAGING_ETCDIR_NATIVE}/ssl/certs/ca-certificates.crt
+    fi
+}
 # vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/classes/image_types_ota.bbclass b/classes/image_types_ota.bbclass
index b15178a..b827444 100644
--- a/classes/image_types_ota.bbclass
+++ b/classes/image_types_ota.bbclass
@@ -85,14 +85,16 @@ IMAGE_CMD_otaimg () {
                         bberror "Invalid bootloader: ${OSTREE_BOOTLOADER}"
                 fi;
 
-                ostree --repo=${PHYS_SYSROOT}/ostree/repo pull-local --remote=${OSTREE_OSNAME} ${OSTREE_REPO} ${OSTREE_BRANCHNAME}
+                ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME})
+
+                ostree --repo=${PHYS_SYSROOT}/ostree/repo pull-local --remote=${OSTREE_OSNAME} ${OSTREE_REPO} ${ostree_target_hash}
                 export OSTREE_BOOT_PARTITION="/boot"
                 kargs_list=""
                 for arg in ${OSTREE_KERNEL_ARGS}; do
                         kargs_list="${kargs_list} --karg-append=$arg"
                 done
 
-                ostree admin --sysroot=${PHYS_SYSROOT} deploy ${kargs_list} --os=${OSTREE_OSNAME} ${OSTREE_BRANCHNAME}
+                ostree admin --sysroot=${PHYS_SYSROOT} deploy ${kargs_list} --os=${OSTREE_OSNAME} ${ostree_target_hash}
 
                 # Copy deployment /home and /var/sota to sysroot
                 HOME_TMP=`mktemp -d ${WORKDIR}/home-tmp-XXXXX`
diff --git a/classes/sota.bbclass b/classes/sota.bbclass
index f5a42c1..bbb9ac9 100644
--- a/classes/sota.bbclass
+++ b/classes/sota.bbclass
@@ -11,10 +11,10 @@ SOTA_CLIENT ??= "aktualizr"
 SOTA_CLIENT_PROV ??= "aktualizr-auto-prov"
 IMAGE_INSTALL_append_sota = " ostree os-release ${SOTA_CLIENT} ${SOTA_CLIENT_PROV}"
 IMAGE_CLASSES += " image_types_ostree image_types_ota"
-IMAGE_FSTYPES += "${@bb.utils.contains('DISTRO_FEATURES', 'sota', 'ostreepush garagesign otaimg wic', ' ', d)}"
+IMAGE_FSTYPES += "${@bb.utils.contains('DISTRO_FEATURES', 'sota', 'ostreepush garagesign garagecheck otaimg wic', ' ', d)}"
 
-PACKAGECONFIG_append_pn-curl = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', " ssl", " ", d)}"
-PACKAGECONFIG_remove_pn-curl = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', " gnutls", " ", d)}"
+PACKAGECONFIG_append_pn-curl = " ssl"
+PACKAGECONFIG_remove_pn-curl = "gnutls"
 
 WKS_FILE_sota ?= "sdimage-sota.wks"
 
diff --git a/lib/oeqa/selftest/updater.py b/lib/oeqa/selftest/updater.py
index ad99964..f28349f 100644
--- a/lib/oeqa/selftest/updater.py
+++ b/lib/oeqa/selftest/updater.py
@@ -31,27 +31,17 @@ class SotaToolsTests(oeSelfTest):
         result = runCmd('%s --help' % p, ignore_status=True)
         self.assertEqual(result.status, 0, "Status not equal to 0. output: %s" % result.output)
 
-
-class GarageSignTests(oeSelfTest):
-
-    @classmethod
-    def setUpClass(cls):
-        logger = logging.getLogger("selftest")
-        logger.info('Running bitbake to build garage-sign-native')
-        bitbake('garage-sign-native')
-
-    def test_help(self):
-        bb_vars = get_bb_vars(['SYSROOT_DESTDIR', 'bindir'], 'garage-sign-native')
+    def test_garagesign_help(self):
+        bb_vars = get_bb_vars(['SYSROOT_DESTDIR', 'bindir'], 'aktualizr-native')
         p = bb_vars['SYSROOT_DESTDIR'] + bb_vars['bindir'] + "/" + "garage-sign"
         self.assertTrue(os.path.isfile(p), msg = "No garage-sign found (%s)" % p)
         result = runCmd('%s --help' % p, ignore_status=True)
         self.assertEqual(result.status, 0, "Status not equal to 0. output: %s" % result.output)
 
-
 class HsmTests(oeSelfTest):
 
     def test_hsm(self):
-        self.write_config('SOTA_CLIENT_FEATURES="hsm hsm-test"')
+        self.write_config('SOTA_CLIENT_FEATURES="hsm"')
         bitbake('core-image-minimal')
 
 
@@ -118,49 +108,16 @@ class QemuTests(oeSelfTest):
 
     @classmethod
     def setUpClass(cls):
-        logger = logging.getLogger("selftest")
-        logger.info('Running bitbake to build core-image-minimal')
-        bitbake('core-image-minimal')
-        # Create empty object.
-        args = type('', (), {})()
-        args.imagename = 'core-image-minimal'
-        args.mac = None
-        # Could use DEPLOY_DIR_IMAGE here but it's already in the machine
-        # subdirectory.
-        args.dir = 'tmp/deploy/images'
-        args.efi = False
-        args.machine = None
-        args.kvm = None  # Autodetect
-        args.no_gui = True
-        args.gdb = False
-        args.pcap = None
-        args.overlay = None
-        args.dry_run = False
-
-        cls.qemu = QemuCommand(args)
-        cmdline = cls.qemu.command_line()
-        print('Booting image with run-qemu-ota...')
-        cls.s = subprocess.Popen(cmdline)
-        time.sleep(10)
+        cls.qemu, cls.s = qemu_launch(machine='qemux86-64')
 
     @classmethod
     def tearDownClass(cls):
-        try:
-            cls.s.terminate()
-        except KeyboardInterrupt:
-            pass
-
-    def run_test_qemu(self, command):
-        command = ['ssh -q -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no root@localhost -p ' +
-                   str(self.qemu.ssh_port) + ' "' + command + '"']
-        s2 = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
-        value, err = s2.communicate()
-        return value, err
+        qemu_terminate(cls.s)
 
     def test_hostname(self):
         print('')
         print('Checking machine name (hostname) of device:')
-        value, err = self.run_test_qemu('hostname')
+        value, err = qemu_send_command(self.qemu.ssh_port, 'hostname')
         machine = get_bb_var('MACHINE', 'core-image-minimal')
         self.assertEqual(err, b'', 'Error: ' + err.decode())
         # Strip off line ending.
@@ -172,8 +129,79 @@ class QemuTests(oeSelfTest):
     def test_var_sota(self):
         print('')
         print('Checking contents of /var/sota:')
-        value, err = self.run_test_qemu('ls /var/sota')
+        value, err = qemu_send_command(self.qemu.ssh_port, 'ls /var/sota')
         self.assertEqual(err, b'', 'Error: ' + err.decode())
         print(value.decode())
 
+class GrubTests(oeSelfTest):
+
+    def setUpLocal(self):
+        # This is a bit of a hack but I can't see a better option.
+        path = os.path.abspath(os.path.dirname(__file__))
+        metadir = path + "/../../../../"
+        grub_config = 'OSTREE_BOOTLOADER = "grub"\nMACHINE = "intel-corei7-64"'
+        self.append_config(grub_config)
+        self.meta_intel = metadir + "meta-intel"
+        self.meta_minnow = metadir + "meta-updater-minnowboard"
+        runCmd('bitbake-layers add-layer "%s"' % self.meta_intel)
+        runCmd('bitbake-layers add-layer "%s"' % self.meta_minnow)
+        self.qemu, self.s = qemu_launch(efi=True, machine='intel-corei7-64')
+
+    def tearDownLocal(self):
+        qemu_terminate(self.s)
+        runCmd('bitbake-layers remove-layer "%s"' % self.meta_intel, ignore_status=True)
+        runCmd('bitbake-layers remove-layer "%s"' % self.meta_minnow, ignore_status=True)
+
+    def test_grub(self):
+        print('')
+        print('Checking machine name (hostname) of device:')
+        value, err = qemu_send_command(self.qemu.ssh_port, 'hostname')
+        machine = get_bb_var('MACHINE', 'core-image-minimal')
+        self.assertEqual(err, b'', 'Error: ' + err.decode())
+        # Strip off line ending.
+        value_str = value.decode()[:-1]
+        self.assertEqual(value_str, machine,
+                         'MACHINE does not match hostname: ' + machine + ', ' + value_str)
+        print(value_str)
+
+
+def qemu_launch(efi=False, machine=None):
+    logger = logging.getLogger("selftest")
+    logger.info('Running bitbake to build core-image-minimal')
+    bitbake('core-image-minimal')
+    # Create empty object.
+    args = type('', (), {})()
+    args.imagename = 'core-image-minimal'
+    args.mac = None
+    # Could use DEPLOY_DIR_IMAGE here but it's already in the machine
+    # subdirectory.
+    args.dir = 'tmp/deploy/images'
+    args.efi = efi
+    args.machine = machine
+    args.kvm = None  # Autodetect
+    args.no_gui = True
+    args.gdb = False
+    args.pcap = None
+    args.overlay = None
+    args.dry_run = False
+
+    qemu = QemuCommand(args)
+    cmdline = qemu.command_line()
+    print('Booting image with run-qemu-ota...')
+    s = subprocess.Popen(cmdline)
+    time.sleep(10)
+    return qemu, s
+
+def qemu_terminate(s):
+    try:
+        s.terminate()
+    except KeyboardInterrupt:
+        pass
+
+def qemu_send_command(port, command):
+    command = ['ssh -q -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no root@localhost -p ' +
+               str(port) + ' "' + command + '"']
+    s2 = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+    value, err = s2.communicate()
+    return value, err
 
diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov.bb b/recipes-sota/aktualizr/aktualizr-auto-prov.bb
index 4f9fe4f..2190512 100644
--- a/recipes-sota/aktualizr/aktualizr-auto-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-auto-prov.bb
@@ -1,28 +1,24 @@
-SUMMARY = "Aktualizr systemd service and configurations"
+SUMMARY = "Aktualizr configuration for autoprovisioning"
 DESCRIPTION = "Systemd service and configurations for autoprovisioning Aktualizr, the SOTA Client application written in C++"
 HOMEPAGE = "https://github.com/advancedtelematic/aktualizr"
 SECTION = "base"
 LICENSE = "MPL-2.0"
 LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE;md5=9741c346eef56131163e13b9db1241b3"
-DEPENDS = "zip-native"
+DEPENDS = "aktualizr-native zip-native"
 RDEPENDS_${PN} = "aktualizr"
 PV = "1.0"
 PR = "6"
 
 SRC_URI = " \
   file://LICENSE \
-  file://aktualizr-manual-provision.service \
-  file://aktualizr-autoprovision.service \
-  file://sota_autoprov.toml \
   "
 
-SYSTEMD_SERVICE_${PN} = "aktualizr.service"
-
-inherit systemd
+require environment.inc
+require credentials.inc
 
 export SOTA_PACKED_CREDENTIALS
 
-do_install_append() {
+do_install() {
     if [ -n "${SOTA_AUTOPROVISION_CREDENTIALS}" ]; then
         bbwarn "SOTA_AUTOPROVISION_CREDENTIALS are ignored. Please use SOTA_PACKED_CREDENTIALS"
     fi
@@ -36,27 +32,24 @@ do_install_append() {
         bbwarn "OSTREE_PUSH_CREDENTIALS is ignored. Please use SOTA_PACKED_CREDENTIALS"
     fi
 
+    install -d ${D}${libdir}/sota
+    install -d ${D}${localstatedir}/sota
     if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
-        install -d ${D}/${systemd_unitdir}/system
-        install -m 0644 ${WORKDIR}/aktualizr-autoprovision.service ${D}/${systemd_unitdir}/system/aktualizr.service
-        install -d ${D}${libdir}/sota
-        install -m "0644" ${WORKDIR}/sota_autoprov.toml ${D}${libdir}/sota/sota.toml
-
-      # deploy SOTA credentials
-      if [ -e ${SOTA_PACKED_CREDENTIALS} ]; then
-          mkdir -p ${D}/var/sota
-          cp ${SOTA_PACKED_CREDENTIALS} ${D}/var/sota/sota_provisioning_credentials.zip
-          # Device should not be able to push data to treehub
-          zip -d ${D}/var/sota/sota_provisioning_credentials.zip treehub.json
-      fi
-    else
-        install -d ${D}/${systemd_unitdir}/system
-        install -m 0644 ${WORKDIR}/aktualizr-manual-provision.service ${D}/${systemd_unitdir}/system/aktualizr.service
+        install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_autoprov.toml ${D}${libdir}/sota/sota.toml
+
+        # deploy SOTA credentials
+        if [ -e ${SOTA_PACKED_CREDENTIALS} ]; then
+            cp ${SOTA_PACKED_CREDENTIALS} ${D}${localstatedir}/sota/sota_provisioning_credentials.zip
+            # Device should not be able to push data to treehub
+            zip -d ${D}${localstatedir}/sota/sota_provisioning_credentials.zip treehub.json
+        fi
     fi
 }
 
 FILES_${PN} = " \
-                ${systemd_unitdir}/system/aktualizr.service \
                 ${libdir}/sota/sota.toml \
-                /var/sota/sota_provisioning_credentials.zip \
+                ${localstatedir}/sota \
+                ${localstatedir}/sota/sota_provisioning_credentials.zip \
                 "
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb b/recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb
index c443c56..1e893fa 100644
--- a/recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb
@@ -1,4 +1,4 @@
-SUMMARY = "Aktualizr systemd service and configuration with HSM support"
+SUMMARY = "Aktualizr configuration with HSM support"
 DESCRIPTION = "Systemd service and configurations for Aktualizr, the SOTA Client application written in C++"
 HOMEPAGE = "https://github.com/advancedtelematic/aktualizr"
 SECTION = "base"
@@ -10,25 +10,22 @@ RDEPENDS_${PN} = "aktualizr softhsm softhsm-testtoken"
 
 SRC_URI = " \
   file://LICENSE \
-  file://aktualizr-autoprovision.service \
-  file://sota_hsm_test.toml \
   "
 PV = "1.0"
 PR = "6"
 
-SYSTEMD_SERVICE_${PN} = "aktualizr.service"
 
-inherit systemd
+require environment.inc
+require credentials.inc
 
 do_install() {
-    install -d ${D}/${systemd_unitdir}/system
-    install -m 0644 ${WORKDIR}/aktualizr-autoprovision.service ${D}/${systemd_unitdir}/system/aktualizr.service
     install -d ${D}${libdir}/sota
     aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} --no-root-ca \
-        -i ${WORKDIR}/sota_hsm_test.toml -o ${D}${libdir}/sota/sota.toml -p ${D}
+        -i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_hsm_test.toml -o ${D}${libdir}/sota/sota.toml -p ${D}
 }
 
 FILES_${PN} = " \
-                ${systemd_unitdir}/system/aktualizr.service \
                 ${libdir}/sota/sota.toml \
                 "
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
index 21e38c9..b5bf420 100644
--- a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
@@ -1,4 +1,4 @@
-SUMMARY = "Aktualizr systemd service and configurations"
+SUMMARY = "Aktualizr configuration for implicit provisioning"
 DESCRIPTION = "Systemd service and configurations for implicitly provisioning Aktualizr, the SOTA Client application written in C++"
 HOMEPAGE = "https://github.com/advancedtelematic/aktualizr"
 SECTION = "base"
@@ -11,24 +11,23 @@ PR = "1"
 
 SRC_URI = " \
   file://LICENSE \
-  file://aktualizr-autoprovision.service \
-  file://sota_implicit_prov.toml \
   "
 
-SYSTEMD_SERVICE_${PN} = "aktualizr.service"
 
-inherit systemd
+require environment.inc
+require credentials.inc
 
 do_install() {
-    install -d ${D}/${systemd_unitdir}/system
-    install -m 0644 ${WORKDIR}/aktualizr-autoprovision.service ${D}/${systemd_unitdir}/system/aktualizr.service
     install -d ${D}${libdir}/sota
-    aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} \
-        -i ${WORKDIR}/sota_implicit_prov.toml -o ${D}${libdir}/sota/sota.toml -p ${D}
+    if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
+        aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} \
+            -i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov.toml -o ${D}${libdir}/sota/sota.toml -p ${D}
+    fi
 }
 
 FILES_${PN} = " \
-                ${systemd_unitdir}/system/aktualizr.service \
                 ${libdir}/sota/sota.toml \
                 ${libdir}/sota/root.crt \
                 "
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb
index 162065e..48ed652 100644
--- a/recipes-sota/aktualizr/aktualizr_git.bb
+++ b/recipes-sota/aktualizr/aktualizr_git.bb
@@ -11,41 +11,69 @@ DEPENDS_append_class-native = "glib-2.0-native "
 
 RDEPENDS_${PN}_class-target = "lshw "
 RDEPENDS_${PN}_append_class-target = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', ' engine-pkcs11', '', d)} "
+RDEPENDS_${PN}_append_class-target = " ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'serialcan', '  slcand-start', '', d)} "
 
 PV = "1.0+git${SRCPV}"
 PR = "7"
 
 SRC_URI = " \
-  git://github.com/advancedtelematic/aktualizr;branch=${BRANCH} \
+  gitsm://github.com/advancedtelematic/aktualizr;branch=${BRANCH} \
+  file://aktualizr.service \
+  file://aktualizr-serialcan.service \
   "
-SRCREV = "f043191ae622a96cf2f4d48f9073d5cfa9f16e3f"
+SRCREV = "e53f2a5747bba3e4f40609aa27f3d89e80c2d784"
 BRANCH ?= "master"
 
 S = "${WORKDIR}/git"
 
 inherit cmake
 
+inherit systemd
+SYSTEMD_SERVICE_${PN} = "aktualizr.service"
+
 BBCLASSEXTEND =+ "native"
 
 EXTRA_OECMAKE = "-DWARNING_AS_ERROR=OFF -DCMAKE_BUILD_TYPE=Release -DAKTUALIZR_VERSION=${PV} "
-EXTRA_OECMAKE_append_class-target = "-DBUILD_OSTREE=ON ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', '-DBUILD_P11=ON', '', d)} "
-EXTRA_OECMAKE_append_class-native = "-DBUILD_SOTA_TOOLS=ON -DBUILD_OSTREE=OFF "
+EXTRA_OECMAKE_append_class-target = " -DBUILD_OSTREE=ON -DBUILD_ISOTP=ON ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', '-DBUILD_P11=ON', '', d)} "
+EXTRA_OECMAKE_append_class-native = " -DBUILD_SOTA_TOOLS=ON -DBUILD_OSTREE=OFF "
 
 do_install_append () {
     rm -f ${D}${bindir}/aktualizr_cert_provider
 }
 do_install_append_class-target () {
     rm -f ${D}${bindir}/aktualizr_implicit_writer
+    ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-example', '', 'rm -f ${D}${bindir}/example-interface', d)}
+    ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-isotp-example', '', 'rm -f ${D}${bindir}/isotp-test-interface', d)}
+
+    install -d ${D}${systemd_unitdir}/system
+    aktualizr_service=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'serialcan', '${WORKDIR}/aktualizr-serialcan.service', '${WORKDIR}/aktualizr.service', d)}
+    install -m 0644 ${aktualizr_service} ${D}${systemd_unitdir}/system/aktualizr.service
 }
 do_install_append_class-native () {
     rm -f ${D}${bindir}/aktualizr
+    rm -f ${D}${bindir}/aktualizr-info
+    rm -f ${D}${bindir}/example-interface
+    install -d ${D}${libdir}/sota
+    install -m 0644 ${S}/config/sota_autoprov.toml ${D}/${libdir}/sota/sota_autoprov.toml
+    install -m 0644 ${S}/config/sota_hsm_test.toml ${D}/${libdir}/sota/sota_hsm_test.toml
+    install -m 0644 ${S}/config/sota_implicit_prov.toml ${D}/${libdir}/sota/sota_implicit_prov.toml
+
+    install -m 0755 ${B}/src/sota_tools/garage-sign-prefix/src/garage-sign/bin/* ${D}${bindir}
+    install -m 0644 ${B}/src/sota_tools/garage-sign-prefix/src/garage-sign/lib/* ${D}${libdir}
 }
 
 FILES_${PN}_class-target = " \
                 ${bindir}/aktualizr \
+                ${bindir}/aktualizr-info \
+                ${systemd_unitdir}/system/aktualizr.service \
                 "
+FILES_${PN}_append_class-target = " ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-example', ' ${bindir}/example-interface', '', d)} "
+FILES_${PN}_append_class-target = " ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-isotp-example', ' ${bindir}/isotp-test-interface', '', d)} "
 FILES_${PN}_class-native = " \
                 ${bindir}/aktualizr_implicit_writer \
                 ${bindir}/garage-deploy \
                 ${bindir}/garage-push \
+                ${libdir}/sota/* \
                 "
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/recipes-sota/aktualizr/credentials.inc b/recipes-sota/aktualizr/credentials.inc
new file mode 100644
index 0000000..256c8ff
--- /dev/null
+++ b/recipes-sota/aktualizr/credentials.inc
@@ -0,0 +1 @@
+SRC_URI_append = "${@('file://' + d.getVar('SOTA_PACKED_CREDENTIALS', True)) if d.getVar('SOTA_PACKED_CREDENTIALS', True) else ''}"
diff --git a/recipes-sota/aktualizr/environment.inc b/recipes-sota/aktualizr/environment.inc
new file mode 100644
index 0000000..cba77e7
--- /dev/null
+++ b/recipes-sota/aktualizr/environment.inc
@@ -0,0 +1,17 @@
+export SOTA_LEGACY_SECONDARY_INTERFACE
+export SOTA_VIRTUAL_SECONDARIES
+
+do_install_append() {
+  if [ -n "${SOTA_LEGACY_SECONDARY_INTERFACE}" ]; then
+    AKTUALIZR_PARAMETERS_LEGACYSEC="--legacy-interface ${SOTA_LEGACY_SECONDARY_INTERFACE}";
+  fi
+
+  AKTUALIZR_PARAMETERS_CONFIGFILE="--config /usr/lib/sota/sota.toml"
+  for sec in ${SOTA_VIRTUAL_SECONDARIES}; do
+    AKTUALIZR_PARAMETERS_VIRTUALSECS="${AKTUALIZR_PARAMETERS_VIRTUALSECS} --secondary-config $sec"
+  done
+
+  echo "AKTUALIZR_CMDLINE_PARAMETERS=${AKTUALIZR_PARAMETERS_CONFIGFILE} ${AKTUALIZR_PARAMETERS_LEGACYSEC} ${AKTUALIZR_PARAMETERS_VIRTUALSECS}" > ${D}${libdir}/sota/sota.env
+}
+
+FILES_${PN}_append = " ${libdir}/sota/sota.env"
diff --git a/recipes-sota/aktualizr/files/aktualizr-manual-provision.service b/recipes-sota/aktualizr/files/aktualizr-manual-provision.service
deleted file mode 100644
index a70f2f9..0000000
--- a/recipes-sota/aktualizr/files/aktualizr-manual-provision.service
+++ /dev/null
@@ -1,13 +0,0 @@
-[Unit]
-Description=Aktualizr SOTA Client
-Wants=network-online.target
-After=network.target network-online.target
-Requires=network-online.target
-
-[Service]
-RestartSec=10
-Restart=always
-ExecStart=/usr/bin/aktualizr --config /sysroot/boot/sota.toml --loglevel 2
-
-[Install]
-WantedBy=multi-user.target
diff --git a/recipes-sota/aktualizr/files/aktualizr-serialcan.service b/recipes-sota/aktualizr/files/aktualizr-serialcan.service
new file mode 100644
index 0000000..b42f348
--- /dev/null
+++ b/recipes-sota/aktualizr/files/aktualizr-serialcan.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Aktualizr SOTA Client
+Wants=network-online.target slcand@ttyACM0.service
+After=network.target network-online.target slcand@ttyACM0.service
+
+Requires=network-online.target
+
+[Service]
+RestartSec=10
+Restart=always
+EnvironmentFile=/usr/lib/sota/sota.env
+ExecStart=/bin/sh -c "(ip addr | grep can0) && /usr/bin/aktualizr $AKTUALIZR_CMDLINE_PARAMETERS"
+
+[Install]
+WantedBy=multi-user.target
diff --git a/recipes-sota/aktualizr/files/aktualizr-autoprovision.service b/recipes-sota/aktualizr/files/aktualizr.service
index 8cb8d78..b6df9d7 100644
--- a/recipes-sota/aktualizr/files/aktualizr-autoprovision.service
+++ b/recipes-sota/aktualizr/files/aktualizr.service
@@ -7,7 +7,8 @@ Requires=network-online.target
 [Service]
 RestartSec=10
 Restart=always
-ExecStart=/usr/bin/aktualizr --config /usr/lib/sota/sota.toml
+EnvironmentFile=/usr/lib/sota/sota.env
+ExecStart=/usr/bin/aktualizr $AKTUALIZR_CMDLINE_PARAMETERS
 
 [Install]
 WantedBy=multi-user.target
diff --git a/recipes-sota/aktualizr/files/sota_autoprov.toml b/recipes-sota/aktualizr/files/sota_autoprov.toml
deleted file mode 100644
index 9fbb093..0000000
--- a/recipes-sota/aktualizr/files/sota_autoprov.toml
+++ /dev/null
@@ -1,14 +0,0 @@
-[tls]
-certificates_directory = "/var/sota/"
-ca_file = "root.crt"
-client_certificate = "client.pem"
-pkey_file = "pkey.pem"
-
-[uptane]
-metadata_path = "/var/sota/metadata"
-private_key_path = "ecukey.der"
-public_key_path = "ecukey.pub"
-
-[provision]
-provision_path = "/var/sota/sota_provisioning_credentials.zip"
-
diff --git a/recipes-sota/aktualizr/files/sota_hsm_test.toml b/recipes-sota/aktualizr/files/sota_hsm_test.toml
deleted file mode 100644
index 28aefc2..0000000
--- a/recipes-sota/aktualizr/files/sota_hsm_test.toml
+++ /dev/null
@@ -1,18 +0,0 @@
-[tls]
-certificates_directory = "/var/sota/"
-ca_file = "/var/sota/token/root.crt"
-client_certificate = "01"
-cert_source = "pkcs11"
-pkey_file = "02"
-pkey_source = "pkcs11"
-
-[p11]
-module = "/usr/lib/softhsm/libsofthsm2.so"
-pass = "1234"
-
-[uptane]
-metadata_path = "/var/sota/metadata"
-key_source = "pkcs11"
-private_key_path = "03"
-public_key_path = "03"
-
diff --git a/recipes-sota/aktualizr/files/sota_implicit_prov.toml b/recipes-sota/aktualizr/files/sota_implicit_prov.toml
deleted file mode 100644
index 756c868..0000000
--- a/recipes-sota/aktualizr/files/sota_implicit_prov.toml
+++ /dev/null
@@ -1,11 +0,0 @@
-[tls]
-certificates_directory = "/var/sota/"
-ca_file = "/usr/lib/sota/root.crt"
-client_certificate = "client.pem"
-pkey_file = "pkey.pem"
-
-[uptane]
-metadata_path = "/var/sota/metadata"
-private_key_path = "ecukey.der"
-public_key_path = "ecukey.pub"
-
diff --git a/recipes-sota/garage-sign/garage-sign.bb b/recipes-sota/garage-sign/garage-sign.bb
deleted file mode 100644
index d5388bc..0000000
--- a/recipes-sota/garage-sign/garage-sign.bb
+++ /dev/null
@@ -1,34 +0,0 @@
-SUMMARY = "garage-sign"
-DESCRIPTION = "Metadata signing tool for ATS Garage"
-HOMEPAGE = "https://ats-tuf-cli-releases.s3-eu-central-1.amazonaws.com/index.html"
-SECTION = "base"
-LICENSE = "CLOSED"
-LIC_FILES_CHKSUM = "file://${S}/docs/LICENSE;md5=3025e77db7bd3f1d616b3ffd11d54c94"
-DEPENDS = ""
-
-PV = "0.2.0-35-g0544c33"
-
-SRC_URI = " \
-  https://ats-tuf-cli-releases.s3-eu-central-1.amazonaws.com/cli-${PV}.tgz \
-  "
-
-SRC_URI[md5sum] = "1546e06d1e747f67aee5ed7096bf1c74"
-SRC_URI[sha256sum] = "1432348bca8ca5ad75df1218f348f480d429d7509d6454deb6e16ff31c5e08fc"
-
-S = "${WORKDIR}/${BPN}"
-
-BBCLASSEXTEND =+ "native"
-
-do_install() {
-    install -d ${D}${bindir}
-    install -m "0755" -t ${D}${bindir} ${S}/bin/*
-    install -d ${D}${libdir}
-    install -m "0644" -t ${D}${libdir} ${S}/lib/*
-}
-
-FILES_${PN} = " \
-  /usr/bin \
-  /usr/bin/garage-sign.bat \
-  /usr/bin/garage-sign \
-  /usr/lib/* \
-  "
diff --git a/recipes-sota/ostree/ostree_git.bb b/recipes-sota/ostree/ostree_git.bb
index 724976a..00559b6 100644
--- a/recipes-sota/ostree/ostree_git.bb
+++ b/recipes-sota/ostree/ostree_git.bb
@@ -8,7 +8,7 @@ INHERIT_remove_class-native = "systemd"
 
 SRC_URI = "gitsm://github.com/ostreedev/ostree.git;branch=master"
 
-SRCREV="ae61321046ad7f4148a5884c8c6c8b2594ff840e"
+SRCREV="854a823e05d6fe8b610c02c2a71eaeb2bf1e98a6"
 
 PV = "v2017.13"
 
@@ -16,14 +16,14 @@ S = "${WORKDIR}/git"
 
 BBCLASSEXTEND = "native"
 
-DEPENDS += "attr libarchive glib-2.0 pkgconfig gpgme libgsystem fuse libsoup-2.4 e2fsprogs gtk-doc-native curl xz"
+DEPENDS += "attr libarchive glib-2.0 pkgconfig gpgme libgsystem fuse e2fsprogs gtk-doc-native curl xz"
 DEPENDS_append = "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', ' systemd', '', d)}"
 DEPENDS_remove_class-native = "systemd-native"
 
 RDEPENDS_${PN} = "python util-linux-libuuid util-linux-libblkid util-linux-libmount libcap bash"
 RDEPENDS_${PN}_remove_class-native = "python-native"
 
-EXTRA_OECONF = "--with-libarchive --disable-gtk-doc --disable-gtk-doc-html --disable-gtk-doc-pdf --disable-man --with-smack --with-builtin-grub2-mkconfig --with-curl"
+EXTRA_OECONF = "CFLAGS='-Wno-error=missing-prototypes' --with-libarchive --disable-gtk-doc --disable-gtk-doc-html --disable-gtk-doc-pdf --disable-man --with-smack --with-builtin-grub2-mkconfig --with-curl --without-soup"
 EXTRA_OECONF_append_class-native = " --enable-wrpseudo-compat"
 
 # Path to ${prefix}/lib/ostree/ostree-grub-generator is hardcoded on the
diff --git a/recipes-support/ca-certificates/ca-certificates_%.bbappend b/recipes-support/ca-certificates/ca-certificates_%.bbappend
index afaadfd..cc95a68 100644
--- a/recipes-support/ca-certificates/ca-certificates_%.bbappend
+++ b/recipes-support/ca-certificates/ca-certificates_%.bbappend
@@ -1 +1 @@
-SYSROOT_DIRS += "/etc"
+SYSROOT_DIRS += "${sysconfdir}"
diff --git a/recipes-support/glib-networking/glib-networking_%.bbappend b/recipes-support/glib-networking/glib-networking_%.bbappend
deleted file mode 100644
index 22e6f05..0000000
--- a/recipes-support/glib-networking/glib-networking_%.bbappend
+++ /dev/null
@@ -1,8 +0,0 @@
-BBCLASSEXTEND_append_sota = " native nativesdk"
-
-# Hackery to prevent relocatable_native_pcfiles from crashing
-do_install_append_class-native () {
-        if [ -d ${D}${libdir}/pkgconfig ]; then
-                rmdir ${D}${libdir}/pkgconfig
-        fi
-}
diff --git a/recipes-support/libsoup/libsoup-2.4_%.bbappend b/recipes-support/libsoup/libsoup-2.4_%.bbappend
deleted file mode 100644
index 18383f1..0000000
--- a/recipes-support/libsoup/libsoup-2.4_%.bbappend
+++ /dev/null
@@ -1,3 +0,0 @@
-BBCLASSEXTEND_append_sota = " native nativesdk"
-
-DEPENDS_append_class-native = "${@bb.utils.contains('DISTRO_FEATURES', 'sota', ' glib-networking-native', ' ', d)}"
diff --git a/recipes-support/slcand-start/files/slcand@.service b/recipes-support/slcand-start/files/slcand@.service
new file mode 100644
index 0000000..c539568
--- /dev/null
+++ b/recipes-support/slcand-start/files/slcand@.service
@@ -0,0 +1,8 @@
+[Unit]
+Description=Serial CAN daemon (can-utils)
+
+[Service]
+Type=forking
+ExecStart=/usr/bin/slcand -o -c -s4 %I can0
+ExecStartPost=/bin/sh -c '/bin/sleep 3; /sbin/ip link set can0 up'
+
diff --git a/recipes-support/slcand-start/slcand-start.bb b/recipes-support/slcand-start/slcand-start.bb
new file mode 100644
index 0000000..dfefaea
--- /dev/null
+++ b/recipes-support/slcand-start/slcand-start.bb
@@ -0,0 +1,21 @@
+SUMMARY = "Mock smartcard for aktualizr"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \
+                    file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
+
+
+inherit systemd
+
+RDEPENDS_${PN} = "can-utils"
+
+SRC_URI = "file://slcand@.service"
+
+SYSTEMD_SERVICE_${PN} = "slcand@.service"
+
+do_install() {
+  install -d ${D}${systemd_unitdir}/system
+  install -m 0644 ${WORKDIR}/slcand@.service ${D}${systemd_unitdir}/system/slcand@.service
+}
+
+FILES_${PN} = "${systemd_unitdir}/system/createtoken.service"
+
diff --git a/scripts/qemucommand.py b/scripts/qemucommand.py
index 82a9540..9a893d8 100644
--- a/scripts/qemucommand.py
+++ b/scripts/qemucommand.py
@@ -46,7 +46,7 @@ class QemuCommand(object):
             if len(machines) == 1:
                 self.machine = machines[0]
             else:
-                raise ValueError("Could not autodetect machine type from %s" % args.dir)
+                raise ValueError("Could not autodetect machine type. More than one entry in %s. Maybe --machine qemux86-64?" % args.dir)
         if args.efi:
             self.bios = 'OVMF.fd'
         else:
@@ -118,10 +118,9 @@ class QemuCommand(object):
 
     def img_command_line(self):
         cmdline = [
-        "qemu-img", "create",
-        "-o", "backing_file=%s" % self.image,
-        "-f", "qcow2",
-        self.overlay]
+            "qemu-img", "create",
+            "-o", "backing_file=%s" % self.image,
+            "-f", "qcow2",
+            self.overlay]
         return cmdline
 
-