diff options
| author | Patrick Vacek <patrickvacek@gmail.com> | 2019-08-20 16:59:49 +0200 |
|---|---|---|
| committer | Patrick Vacek <patrickvacek@gmail.com> | 2019-08-20 16:59:49 +0200 |
| commit | 8434da1a579dc15090cbd1dc57cd8d83c6de613e (patch) | |
| tree | 4907dd06e689269e4f241239ca53197a69354a21 | |
| parent | 3bc650084e9db3320c67b6e5abe36920080ff576 (diff) | |
| download | meta-updater-8434da1a579dc15090cbd1dc57cd8d83c6de613e.tar.gz | |
aktualizr: latest garage-sign with expiration support.
Use GARAGE_TARGET_EXPIRES or GARAGE_TARGET_EXPIRE_AFTER (but not both!)
to set the garage-sign parameters.
Signed-off-by: Patrick Vacek <patrickvacek@gmail.com>
| -rw-r--r-- | README.adoc | 3 | ||||
| -rw-r--r-- | classes/image_types_ostree.bbclass | 17 | ||||
| -rw-r--r-- | classes/sota.bbclass | 2 | ||||
| -rw-r--r-- | recipes-sota/aktualizr/aktualizr_git.bb | 6 |
4 files changed, 21 insertions, 7 deletions
diff --git a/README.adoc b/README.adoc index dd07425..455b5d9 100644 --- a/README.adoc +++ b/README.adoc | |||
| @@ -107,6 +107,9 @@ Your images will also need network connectivity to be able to reach an actual OT | |||
| 107 | * `OSTREE_UPDATE_SUMMARY` - Set this to '1' to update summary of OSTree repository on each commit. '0' by default. | 107 | * `OSTREE_UPDATE_SUMMARY` - Set this to '1' to update summary of OSTree repository on each commit. '0' by default. |
| 108 | * `OSTREE_DEPLOY_DEVICETREE` - Set this to '1' to include devicetree(s) to boot | 108 | * `OSTREE_DEPLOY_DEVICETREE` - Set this to '1' to include devicetree(s) to boot |
| 109 | * `GARAGE_SIGN_AUTOVERSION` - Set this to '1' to automatically fetch the last version of the garage tools installed by the aktualizr-native. Otherwise use the fixed version specified in the recipe. | 109 | * `GARAGE_SIGN_AUTOVERSION` - Set this to '1' to automatically fetch the last version of the garage tools installed by the aktualizr-native. Otherwise use the fixed version specified in the recipe. |
| 110 | * `GARAGE_TARGET_URL` - sets the `--url` parameter of `garage-sign targets add`, which sets a custom URL for the Image repository targets. | ||
| 111 | * `GARAGE_TARGET_EXPIRES` - sets the `--expires` parameter of `garage-sign targets sign`. Format is a UTC instant such as '2018-01-01T00:01:00Z'. | ||
| 112 | * `GARAGE_TARGET_EXPIRE_AFTER` - sets the `--expire-after` parameter of `garage-sign targets sign`. Format is in years, months, and days (each optional, but in that order), such as '1Y3M5D'. | ||
| 110 | * `INITRAMFS_IMAGE` - initramfs/initrd image that is used as a proxy while booting into OSTree deployment. Do not change this setting unless you are sure that your initramfs can serve as such a proxy. | 113 | * `INITRAMFS_IMAGE` - initramfs/initrd image that is used as a proxy while booting into OSTree deployment. Do not change this setting unless you are sure that your initramfs can serve as such a proxy. |
| 111 | * `SOTA_PACKED_CREDENTIALS` - when set, your ostree commit will be pushed to a remote repo as a bitbake step. This should be the path to a zipped credentials file in https://github.com/advancedtelematic/aktualizr/blob/master/docs/credentials.adoc[the format accepted by garage-push]. | 114 | * `SOTA_PACKED_CREDENTIALS` - when set, your ostree commit will be pushed to a remote repo as a bitbake step. This should be the path to a zipped credentials file in https://github.com/advancedtelematic/aktualizr/blob/master/docs/credentials.adoc[the format accepted by garage-push]. |
| 112 | * `SOTA_DEPLOY_CREDENTIALS` - when set to '1' (default value), deploys credentials to the built image. Override it in `local.conf` to built a generic image that can be provisioned manually after the build. | 115 | * `SOTA_DEPLOY_CREDENTIALS` - when set to '1' (default value), deploys credentials to the built image. Override it in `local.conf` to built a generic image that can be provisioned manually after the build. |
diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass index 2e8e8f5..fd67865 100644 --- a/classes/image_types_ostree.bbclass +++ b/classes/image_types_ostree.bbclass | |||
| @@ -237,10 +237,18 @@ IMAGE_CMD_garagesign () { | |||
| 237 | # Push may fail due to race condition when multiple build machines try to push simultaneously | 237 | # Push may fail due to race condition when multiple build machines try to push simultaneously |
| 238 | # in which case targets.json should be pulled again and the whole procedure repeated | 238 | # in which case targets.json should be pulled again and the whole procedure repeated |
| 239 | push_success=0 | 239 | push_success=0 |
| 240 | target_url="" | 240 | target_url="" |
| 241 | if [ -n "${GARAGE_TARGET_URL}" ]; then | 241 | if [ -n "${GARAGE_TARGET_URL}" ]; then |
| 242 | target_url='--url ${GARAGE_TARGET_URL}' | 242 | target_url="--url ${GARAGE_TARGET_URL}" |
| 243 | fi | 243 | fi |
| 244 | target_expiry="" | ||
| 245 | if [ -n "${GARAGE_TARGET_EXPIRES}" ] && [ -n "${GARAGE_TARGET_EXPIRE_AFTER}" ]; then | ||
| 246 | bbfatal "Both GARAGE_TARGET_EXPIRES and GARAGE_TARGET_EXPIRE_AFTER are set. Only one can be set at a time." | ||
| 247 | elif [ -n "${GARAGE_TARGET_EXPIRES}" ]; then | ||
| 248 | target_expiry="--expires ${GARAGE_TARGET_EXPIRES}" | ||
| 249 | elif [ -n "${GARAGE_TARGET_EXPIRE_AFTER}" ]; then | ||
| 250 | target_expiry="--expire-after ${GARAGE_TARGET_EXPIRE_AFTER}" | ||
| 251 | fi | ||
| 244 | 252 | ||
| 245 | for push_retries in $( seq 3 ); do | 253 | for push_retries in $( seq 3 ); do |
| 246 | garage-sign targets pull --repo tufrepo \ | 254 | garage-sign targets pull --repo tufrepo \ |
| @@ -262,6 +270,7 @@ IMAGE_CMD_garagesign () { | |||
| 262 | fi | 270 | fi |
| 263 | garage-sign targets sign --repo tufrepo \ | 271 | garage-sign targets sign --repo tufrepo \ |
| 264 | --home-dir ${GARAGE_SIGN_REPO} \ | 272 | --home-dir ${GARAGE_SIGN_REPO} \ |
| 273 | ${target_expiry} \ | ||
| 265 | --key-name=targets | 274 | --key-name=targets |
| 266 | errcode=0 | 275 | errcode=0 |
| 267 | garage-sign targets push --repo tufrepo \ | 276 | garage-sign targets push --repo tufrepo \ |
diff --git a/classes/sota.bbclass b/classes/sota.bbclass index 86863d9..5b06397 100644 --- a/classes/sota.bbclass +++ b/classes/sota.bbclass | |||
| @@ -51,6 +51,8 @@ GARAGE_SIGN_KEYNAME ?= "garage-key" | |||
| 51 | GARAGE_TARGET_NAME ?= "${OSTREE_BRANCHNAME}" | 51 | GARAGE_TARGET_NAME ?= "${OSTREE_BRANCHNAME}" |
| 52 | GARAGE_TARGET_VERSION ?= "" | 52 | GARAGE_TARGET_VERSION ?= "" |
| 53 | GARAGE_TARGET_URL ?= "" | 53 | GARAGE_TARGET_URL ?= "" |
| 54 | GARAGE_TARGET_EXPIRES ?= "" | ||
| 55 | GARAGE_TARGET_EXPIRE_AFTER ?= "" | ||
| 54 | GARAGE_CUSTOMIZE_TARGET ?= "" | 56 | GARAGE_CUSTOMIZE_TARGET ?= "" |
| 55 | 57 | ||
| 56 | SOTA_MACHINE ??="none" | 58 | SOTA_MACHINE ??="none" |
diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index 69fc1e9..03840ac 100644 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb | |||
| @@ -15,7 +15,7 @@ RDEPENDS_${PN}-ptest += "bash cmake curl net-tools python3-core python3-misc pyt | |||
| 15 | PV = "1.0+git${SRCPV}" | 15 | PV = "1.0+git${SRCPV}" |
| 16 | PR = "7" | 16 | PR = "7" |
| 17 | 17 | ||
| 18 | GARAGE_SIGN_PV = "0.7.0-19-g89ec974" | 18 | GARAGE_SIGN_PV = "0.7.0-25-ge74a964" |
| 19 | 19 | ||
| 20 | SRC_URI = " \ | 20 | SRC_URI = " \ |
| 21 | gitsm://github.com/advancedtelematic/aktualizr;branch=${BRANCH} \ | 21 | gitsm://github.com/advancedtelematic/aktualizr;branch=${BRANCH} \ |
| @@ -28,8 +28,8 @@ SRC_URI = " \ | |||
| 28 | " | 28 | " |
| 29 | 29 | ||
| 30 | # for garage-sign archive | 30 | # for garage-sign archive |
| 31 | SRC_URI[md5sum] = "3ed27c1142860cd9b4a2594067312b8b" | 31 | SRC_URI[md5sum] = "9601dd891abac754400852cf367e86a2" |
| 32 | SRC_URI[sha256sum] = "e54eef3863118f373c3ebd9e2877f9de5bab4950ed157a15fb4f4ec575bc2ece" | 32 | SRC_URI[sha256sum] = "1ebe2c9655b1fcc8d597dbda10c8a413eca12e5351582d916d0b088a84c33cd2" |
| 33 | 33 | ||
| 34 | SRCREV = "03778511cc937d07bf53a8092f8b268e65f5d9a6" | 34 | SRCREV = "03778511cc937d07bf53a8092f8b268e65f5d9a6" |
| 35 | BRANCH ?= "master" | 35 | BRANCH ?= "master" |