summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeon Anavi <leon.anavi@konsulko.com>2019-01-02 19:04:39 +0200
committerLeon Anavi <leon.anavi@konsulko.com>2019-01-02 19:04:39 +0200
commit023b75bf3f186752e88d617d7f72939dce374eb5 (patch)
tree7ffbfe2ad5c361a35381d0efaa57052b70ccc57d
parentdad9579e2c1333f3a72ff9a98e06705a61e546c1 (diff)
downloadmeta-updater-023b75bf3f186752e88d617d7f72939dce374eb5.tar.gz
aktualizr: Bump to d00d1a04cc2366d1a5f143b84b9f507f8bd32c44
Backport latest Aktualizr and use the same version as in branches Sumo and Thud. Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Diffstat
-rw-r--r--recipes-sota/aktualizr/aktualizr-auto-prov-creds.bb24
-rw-r--r--recipes-sota/aktualizr/aktualizr-auto-prov.bb43
-rw-r--r--recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb51
-rw-r--r--recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb31
-rw-r--r--recipes-sota/aktualizr/aktualizr-hsm-prov.bb28
-rw-r--r--recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb19
-rwxr-xr-x[-rw-r--r--]recipes-sota/aktualizr/aktualizr_git.bb135
-rw-r--r--recipes-sota/aktualizr/credentials.inc1
-rw-r--r--recipes-sota/aktualizr/files/aktualizr-autoprovision.service13
-rw-r--r--recipes-sota/aktualizr/files/aktualizr-manual-provision.service13
-rw-r--r--recipes-sota/aktualizr/files/aktualizr-secondary.service8
-rw-r--r--recipes-sota/aktualizr/files/aktualizr-secondary.socket6
-rw-r--r--recipes-sota/aktualizr/files/aktualizr-serialcan.service15
-rw-r--r--recipes-sota/aktualizr/files/aktualizr.service11
-rw-r--r--recipes-sota/aktualizr/files/ca.cnf10
-rw-r--r--recipes-sota/aktualizr/files/sota_autoprov.toml14
-rw-r--r--recipes-sota/aktualizr/garage-sign-version.inc36
17 files changed, 396 insertions, 62 deletions
diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-auto-prov-creds.bb
new file mode 100644
index 0000000..34460af
--- /dev/null
+++ b/recipes-sota/aktualizr/aktualizr-auto-prov-creds.bb
@@ -0,0 +1,24 @@
1SUMMARY = "Credentials for autoprovisioning scenario"
2SECTION = "base"
3LICENSE = "MPL-2.0"
4LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad"
5
6DEPENDS = "aktualizr-native zip-native"
7ALLOW_EMPTY_${PN} = "1"
8
9require credentials.inc
10
11do_install() {
12 if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
13 install -m 0700 -d ${D}${localstatedir}/sota
14 cp ${SOTA_PACKED_CREDENTIALS} ${D}${localstatedir}/sota/sota_provisioning_credentials.zip
15 # Device should not be able to push data to treehub
16 zip -d ${D}${localstatedir}/sota/sota_provisioning_credentials.zip treehub.json
17 fi
18}
19
20FILES_${PN} = " \
21 ${localstatedir}/sota/sota_provisioning_credentials.zip \
22 "
23
24# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov.bb b/recipes-sota/aktualizr/aktualizr-auto-prov.bb
new file mode 100644
index 0000000..f506cab
--- /dev/null
+++ b/recipes-sota/aktualizr/aktualizr-auto-prov.bb
@@ -0,0 +1,43 @@
1SUMMARY = "Aktualizr configuration for autoprovisioning"
2DESCRIPTION = "Configuration for automatically provisioning Aktualizr, the SOTA Client application written in C++"
3HOMEPAGE = "https://github.com/advancedtelematic/aktualizr"
4SECTION = "base"
5LICENSE = "MPL-2.0"
6LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad"
7
8DEPENDS = "aktualizr-native zip-native"
9RDEPENDS_${PN}_append = "${@' aktualizr-auto-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS', True) == '1' else ''}"
10PV = "1.0"
11PR = "6"
12
13SRC_URI = ""
14
15require credentials.inc
16
17do_install() {
18 if [ -n "${SOTA_AUTOPROVISION_CREDENTIALS}" ]; then
19 bbwarn "SOTA_AUTOPROVISION_CREDENTIALS are ignored. Please use SOTA_PACKED_CREDENTIALS"
20 fi
21 if [ -n "${SOTA_AUTOPROVISION_URL}" ]; then
22 bbwarn "SOTA_AUTOPROVISION_URL is ignored. Please use SOTA_PACKED_CREDENTIALS"
23 fi
24 if [ -n "${SOTA_AUTOPROVISION_URL_FILE}" ]; then
25 bbwarn "SOTA_AUTOPROVISION_URL_FILE is ignored. Please use SOTA_PACKED_CREDENTIALS"
26 fi
27 if [ -n "${OSTREE_PUSH_CREDENTIALS}" ]; then
28 bbwarn "OSTREE_PUSH_CREDENTIALS is ignored. Please use SOTA_PACKED_CREDENTIALS"
29 fi
30
31 install -m 0700 -d ${D}${libdir}/sota/conf.d
32 aktualizr_toml=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-network', 'sota_autoprov_primary.toml', 'sota_autoprov.toml', d)}
33
34 install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/${aktualizr_toml} \
35 ${D}${libdir}/sota/conf.d/20-${aktualizr_toml}
36}
37
38FILES_${PN} = " \
39 ${libdir}/sota/conf.d \
40 ${libdir}/sota/conf.d/20-${aktualizr_toml} \
41 "
42
43# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb
new file mode 100644
index 0000000..a729e6b
--- /dev/null
+++ b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb
@@ -0,0 +1,51 @@
1SUMMARY = "Credentials for implicit provisioning with CA certificate"
2SECTION = "base"
3LICENSE = "MPL-2.0"
4LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad"
5
6DEPENDS = "aktualizr aktualizr-native"
7ALLOW_EMPTY_${PN} = "1"
8
9SRC_URI = " \
10 file://ca.cnf \
11 "
12
13require credentials.inc
14
15export SOTA_CACERT_PATH
16export SOTA_CAKEY_PATH
17
18do_install() {
19 if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
20 if [ -z ${SOTA_CACERT_PATH} ]; then
21 SOTA_CACERT_PATH=${DEPLOY_DIR_IMAGE}/CA/cacert.pem
22 SOTA_CAKEY_PATH=${DEPLOY_DIR_IMAGE}/CA/ca.private.pem
23 mkdir -p ${DEPLOY_DIR_IMAGE}/CA
24 bbwarn "SOTA_CACERT_PATH is not specified, use default one at $SOTA_CACERT_PATH"
25
26 if [ ! -f ${SOTA_CACERT_PATH} ]; then
27 bbwarn "${SOTA_CACERT_PATH} does not exist, generate a new CA"
28 SOTA_CACERT_DIR_PATH="$(dirname "$SOTA_CACERT_PATH")"
29 openssl genrsa -out ${SOTA_CACERT_DIR_PATH}/ca.private.pem 4096
30 openssl req -key ${SOTA_CACERT_DIR_PATH}/ca.private.pem -new -x509 -days 7300 -out ${SOTA_CACERT_PATH} -subj "/C=DE/ST=Berlin/O=Reis und Kichererbsen e.V/commonName=meta-updater" -batch -config ${WORKDIR}/ca.cnf -extensions cacert
31 bbwarn "${SOTA_CACERT_PATH} has been created, you'll need to upload it to the server"
32 fi
33 fi
34
35 if [ -z ${SOTA_CAKEY_PATH} ]; then
36 bberror "SOTA_CAKEY_PATH should be set when using implicit provisioning"
37 fi
38
39 install -m 0700 -d ${D}${localstatedir}/sota
40 aktualizr_cert_provider --credentials ${SOTA_PACKED_CREDENTIALS} \
41 --device-ca ${SOTA_CACERT_PATH} \
42 --device-ca-key ${SOTA_CAKEY_PATH} \
43 --root-ca \
44 --server-url \
45 --local ${D} \
46 --config ${STAGING_DIR_HOST}${libdir}/sota/sota_implicit_prov_ca.toml
47 fi
48}
49
50FILES_${PN} = " \
51 ${localstatedir}/sota/*"
diff --git a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb
new file mode 100644
index 0000000..5893ed2
--- /dev/null
+++ b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb
@@ -0,0 +1,31 @@
1SUMMARY = "Aktualizr configuration for implicit provisioning with CA"
2DESCRIPTION = "Configuration for implicitly provisioning Aktualizr using externally provided or generated CA"
3
4# WARNING: it is NOT a production solution. The secure way to provision devices is to create certificate request directly on the device
5# (either with HSM/TPM or with software) and then sign it with a CA stored on a disconnected machine
6
7HOMEPAGE = "https://github.com/advancedtelematic/aktualizr"
8SECTION = "base"
9LICENSE = "MPL-2.0"
10LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad"
11
12DEPENDS = "aktualizr aktualizr-native openssl-native"
13RDEPENDS_${PN}_append = "${@' aktualizr-ca-implicit-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS', True) == '1' else ''}"
14
15PV = "1.0"
16PR = "1"
17
18require credentials.inc
19
20do_install() {
21 install -m 0700 -d ${D}${libdir}/sota/conf.d
22
23 install -m 0644 ${STAGING_DIR_HOST}${libdir}/sota/sota_implicit_prov_ca.toml \
24 ${D}${libdir}/sota/conf.d/20-sota_implicit_prov_ca.toml
25}
26
27FILES_${PN} = " \
28 ${libdir}/sota/conf.d/20-sota_implicit_prov_ca.toml \
29 "
30
31# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/recipes-sota/aktualizr/aktualizr-hsm-prov.bb b/recipes-sota/aktualizr/aktualizr-hsm-prov.bb
new file mode 100644
index 0000000..08fffe9
--- /dev/null
+++ b/recipes-sota/aktualizr/aktualizr-hsm-prov.bb
@@ -0,0 +1,28 @@
1SUMMARY = "Aktualizr configuration with HSM support"
2DESCRIPTION = "Configuration for HSM provisioning with Aktualizr, the SOTA Client application written in C++"
3HOMEPAGE = "https://github.com/advancedtelematic/aktualizr"
4SECTION = "base"
5LICENSE = "MPL-2.0"
6LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad"
7
8DEPENDS = "aktualizr aktualizr-native"
9RDEPENDS_${PN}_append = "${@' aktualizr-ca-implicit-prov-creds softhsm-testtoken' if d.getVar('SOTA_DEPLOY_CREDENTIALS', True) == '1' else ''}"
10
11SRC_URI = ""
12PV = "1.0"
13PR = "6"
14
15require credentials.inc
16
17do_install() {
18 install -m 0700 -d ${D}${libdir}/sota/conf.d
19 install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_hsm_prov.toml \
20 ${D}${libdir}/sota/conf.d/20-sota_hsm_prov.toml
21}
22
23FILES_${PN} = " \
24 ${libdir}/sota/conf.d \
25 ${libdir}/sota/conf.d/20-sota_hsm_prov.toml \
26 "
27
28# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb b/recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb
new file mode 100644
index 0000000..cf75e79
--- /dev/null
+++ b/recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb
@@ -0,0 +1,19 @@
1SUMMARY = "Aktualizr configuration snippet to enable uboot bootcount function"
2HOMEPAGE = "https://github.com/advancedtelematic/aktualizr"
3SECTION = "base"
4LICENSE = "MPL-2.0"
5LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad"
6DEPENDS = "aktualizr-native"
7RDEPENDS_${PN} = "aktualizr"
8
9do_install() {
10 install -m 0700 -d ${D}${libdir}/sota/conf.d
11 install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_uboot_env.toml ${D}${libdir}/sota/conf.d/30-rollback.toml
12}
13
14FILES_${PN} = " \
15 ${libdir}/sota/conf.d \
16 ${libdir}/sota/conf.d/30-rollback.toml \
17 "
18
19# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb
index 8bc580d..e62bdf1 100644..100755
--- a/recipes-sota/aktualizr/aktualizr_git.bb
+++ b/recipes-sota/aktualizr/aktualizr_git.bb
@@ -4,42 +4,133 @@ HOMEPAGE = "https://github.com/advancedtelematic/aktualizr"
4SECTION = "base" 4SECTION = "base"
5LICENSE = "MPL-2.0" 5LICENSE = "MPL-2.0"
6LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=9741c346eef56131163e13b9db1241b3" 6LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=9741c346eef56131163e13b9db1241b3"
7DEPENDS = "boost curl openssl jansson libsodium ostree" 7
8RDEPENDS_${PN} = "lshw" 8DEPENDS = "boost curl openssl libarchive libsodium asn1c-native sqlite3 "
9DEPENDS_append_class-target = "ostree ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', ' libp11', '', d)} "
10DEPENDS_append_class-native = "glib-2.0-native "
11
12RDEPENDS_${PN}_class-target = "lshw "
13RDEPENDS_${PN}_append_class-target = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'serialcan', ' slcand-start', '', d)} "
14RDEPENDS_${PN}_append_class-target = " ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'ubootenv', ' u-boot-fw-utils aktualizr-uboot-env-rollback', '', d)} "
15
16RDEPENDS_${PN}_append_class-target = " ${PN}-tools "
17RDEPENDS_${PN}-secondary_append_class-target = " ${PN}-tools "
18
19PV = "1.0+git${SRCPV}"
20PR = "7"
9 21
10SRC_URI = " \ 22SRC_URI = " \
11 git://github.com/advancedtelematic/aktualizr \ 23 gitsm://github.com/advancedtelematic/aktualizr;branch=${BRANCH} \
12 file://aktualizr-manual-provision.service \ 24 file://aktualizr.service \
13 file://aktualizr-autoprovision.service \ 25 file://aktualizr-secondary.service \
14 file://sota_autoprov.toml \ 26 file://aktualizr-secondary.socket \
27 file://aktualizr-serialcan.service \
15 " 28 "
16SRCREV = "1004efa3f86cef90c012b34620992b5762b741e3" 29
17PV = "1.0+git${SRCPV}" 30SRCREV = "d00d1a04cc2366d1a5f143b84b9f507f8bd32c44"
18PR = "6" 31BRANCH ?= "master"
19 32
20S = "${WORKDIR}/git" 33S = "${WORKDIR}/git"
34
35inherit cmake
36
37inherit systemd
38
39SYSTEMD_PACKAGES = "${PN} ${PN}-secondary"
21SYSTEMD_SERVICE_${PN} = "aktualizr.service" 40SYSTEMD_SERVICE_${PN} = "aktualizr.service"
41SYSTEMD_SERVICE_${PN}-secondary = "aktualizr-secondary.socket"
22 42
23inherit cmake systemd 43BBCLASSEXTEND =+ "native"
24 44
25EXTRA_OECMAKE = "-DWARNING_AS_ERROR=OFF -DCMAKE_BUILD_TYPE=Release -DBUILD_TESTS=OFF -DBUILD_OSTREE=ON -DAKTUALIZR_VERSION=${PV}" 45require garage-sign-version.inc
26 46
27export SOTA_PACKED_CREDENTIALS 47EXTRA_OECMAKE = "-DWARNING_AS_ERROR=OFF \
48 -DCMAKE_BUILD_TYPE=Release \
49 -DAKTUALIZR_VERSION=${PV} \
50 -DBUILD_LOAD_TESTS=OFF \
51 -Dgtest_disable_pthreads=ON"
52EXTRA_OECMAKE_append_class-target = " -DBUILD_OSTREE=ON \
53 ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', '-DBUILD_P11=ON', '', d)} "
54EXTRA_OECMAKE_append_class-native = " -DBUILD_SOTA_TOOLS=ON \
55 -DBUILD_OSTREE=OFF \
56 -DBUILD_SYSTEMD=OFF \
57 -DGARAGE_SIGN_VERSION=${GARAGE_SIGN_VERSION} \
58 -DGARAGE_SIGN_SHA256=${GARAGE_SIGN_SHA256}"
28 59
29do_install_append() { 60do_install_append () {
30 if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then 61 install -d ${D}${libdir}/sota
31 install -d ${D}/${systemd_unitdir}/system 62 install -m 0644 ${S}/config/sota_autoprov.toml ${D}/${libdir}/sota/sota_autoprov.toml
32 install -m 0644 ${WORKDIR}/aktualizr-autoprovision.service ${D}/${systemd_unitdir}/system/aktualizr.service 63 install -m 0644 ${S}/config/sota_autoprov_primary.toml ${D}/${libdir}/sota/sota_autoprov_primary.toml
33 install -d ${D}/usr/lib/sota 64 install -m 0644 ${S}/config/sota_hsm_prov.toml ${D}/${libdir}/sota/sota_hsm_prov.toml
34 install -m "0644" ${WORKDIR}/sota_autoprov.toml ${D}/usr/lib/sota/sota.toml 65 install -m 0644 ${S}/config/sota_implicit_prov_ca.toml ${D}/${libdir}/sota/sota_implicit_prov_ca.toml
35 else 66 install -m 0644 ${S}/config/sota_secondary.toml ${D}/${libdir}/sota/sota_secondary.toml
36 install -d ${D}/${systemd_unitdir}/system 67 install -m 0644 ${S}/config/sota_uboot_env.toml ${D}/${libdir}/sota/sota_uboot_env.toml
37 install -m 0644 ${WORKDIR}/aktualizr-manual-provision.service ${D}/${systemd_unitdir}/system/aktualizr.service 68 install -d ${D}${systemd_unitdir}/system
69 install -m 0644 ${WORKDIR}/aktualizr-secondary.socket ${D}${systemd_unitdir}/system/aktualizr-secondary.socket
70 install -m 0644 ${WORKDIR}/aktualizr-secondary.service ${D}${systemd_unitdir}/system/aktualizr-secondary.service
71 install -m 0700 -d ${D}${libdir}/sota/conf.d
72 install -m 0700 -d ${D}${sysconfdir}/sota/conf.d
73
74 if [ -n "${SOTA_SECONDARY_CONFIG_DIR}" ]; then
75 if [ -d "${SOTA_SECONDARY_CONFIG_DIR}" ]; then
76 install -m 0700 -d ${D}${sysconfdir}/sota/ecus
77 install -m 0644 "${SOTA_SECONDARY_CONFIG_DIR}"/* ${D}${sysconfdir}/sota/ecus/
78 echo "[uptane]\nsecondary_configs_dir = /etc/sota/ecus/\n" > ${D}${libdir}/sota/conf.d/30-secondary-configs-dir.toml
79 else
80 bbwarn "SOTA_SECONDARY_CONFIG_DIR is set to an invalid directory (${SOTA_SECONDARY_CONFIG_DIR})"
81 fi
38 fi 82 fi
83
84}
85
86do_install_append_class-target () {
87 install -m 0755 -d ${D}${systemd_unitdir}/system
88 aktualizr_service=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'serialcan', '${WORKDIR}/aktualizr-serialcan.service', '${WORKDIR}/aktualizr.service', d)}
89 install -m 0644 ${aktualizr_service} ${D}${systemd_unitdir}/system/aktualizr.service
90}
91
92do_install_append_class-native () {
93 install -m 0755 ${B}/src/sota_tools/garage-sign/bin/* ${D}${bindir}
94 install -m 0644 ${B}/src/sota_tools/garage-sign/lib/* ${D}${libdir}
39} 95}
40 96
97PACKAGES =+ " ${PN}-examples ${PN}-host-tools ${PN}-tools ${PN}-secondary "
98
41FILES_${PN} = " \ 99FILES_${PN} = " \
42 ${bindir}/aktualizr \ 100 ${bindir}/aktualizr \
101 ${bindir}/aktualizr-info \
102 ${bindir}/aktualizr-check-discovery \
43 ${systemd_unitdir}/system/aktualizr.service \ 103 ${systemd_unitdir}/system/aktualizr.service \
44 /usr/lib/sota/sota.toml \ 104 ${libdir}/sota/conf.d \
105 ${sysconfdir}/sota/conf.d \
106 ${sysconfdir}/sota/ecus/* \
45 " 107 "
108
109FILES_${PN}-examples = " \
110 ${bindir}/hmi-stub \
111 "
112
113FILES_${PN}-host-tools = " \
114 ${bindir}/aktualizr-repo \
115 ${bindir}/aktualizr-cert-provider \
116 ${bindir}/garage-deploy \
117 ${bindir}/garage-push \
118 ${libdir}/sota/sota_autoprov.toml \
119 ${libdir}/sota/sota_autoprov_primary.toml \
120 ${libdir}/sota/sota_hsm_prov.toml \
121 ${libdir}/sota/sota_implicit_prov_ca.toml \
122 ${libdir}/sota/sota_uboot_env.toml \
123 "
124
125FILES_${PN}-tools = " \
126 ${bindir}/aktualizr-check-discovery \
127 "
128
129FILES_${PN}-secondary = " \
130 ${bindir}/aktualizr-secondary \
131 ${libdir}/sota/sota_secondary.toml \
132 ${systemd_unitdir}/system/aktualizr-secondary.socket \
133 ${systemd_unitdir}/system/aktualizr-secondary.service \
134 "
135
136# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/recipes-sota/aktualizr/credentials.inc b/recipes-sota/aktualizr/credentials.inc
new file mode 100644
index 0000000..256c8ff
--- /dev/null
+++ b/recipes-sota/aktualizr/credentials.inc
@@ -0,0 +1 @@
SRC_URI_append = "${@('file://' + d.getVar('SOTA_PACKED_CREDENTIALS', True)) if d.getVar('SOTA_PACKED_CREDENTIALS', True) else ''}"
diff --git a/recipes-sota/aktualizr/files/aktualizr-autoprovision.service b/recipes-sota/aktualizr/files/aktualizr-autoprovision.service
deleted file mode 100644
index 4a595f0..0000000
--- a/recipes-sota/aktualizr/files/aktualizr-autoprovision.service
+++ /dev/null
@@ -1,13 +0,0 @@
1[Unit]
2Description=Aktualizr SOTA Client
3Wants=network-online.target
4After=network.target network-online.target
5Requires=network-online.target
6
7[Service]
8RestartSec=10
9Restart=always
10ExecStart=/usr/bin/aktualizr --disable-keyid-validation --config /usr/lib/sota/sota.toml
11
12[Install]
13WantedBy=multi-user.target
diff --git a/recipes-sota/aktualizr/files/aktualizr-manual-provision.service b/recipes-sota/aktualizr/files/aktualizr-manual-provision.service
deleted file mode 100644
index a70f2f9..0000000
--- a/recipes-sota/aktualizr/files/aktualizr-manual-provision.service
+++ /dev/null
@@ -1,13 +0,0 @@
1[Unit]
2Description=Aktualizr SOTA Client
3Wants=network-online.target
4After=network.target network-online.target
5Requires=network-online.target
6
7[Service]
8RestartSec=10
9Restart=always
10ExecStart=/usr/bin/aktualizr --config /sysroot/boot/sota.toml --loglevel 2
11
12[Install]
13WantedBy=multi-user.target
diff --git a/recipes-sota/aktualizr/files/aktualizr-secondary.service b/recipes-sota/aktualizr/files/aktualizr-secondary.service
new file mode 100644
index 0000000..9628ee3
--- /dev/null
+++ b/recipes-sota/aktualizr/files/aktualizr-secondary.service
@@ -0,0 +1,8 @@
1[Unit]
2Description=Aktualizr SOTA Client (UPTANE Secondary)
3
4[Service]
5RestartSec=10
6Restart=always
7ExecStart=/usr/bin/aktualizr-secondary --config /usr/lib/sota/sota_secondary.toml
8
diff --git a/recipes-sota/aktualizr/files/aktualizr-secondary.socket b/recipes-sota/aktualizr/files/aktualizr-secondary.socket
new file mode 100644
index 0000000..da0ee44
--- /dev/null
+++ b/recipes-sota/aktualizr/files/aktualizr-secondary.socket
@@ -0,0 +1,6 @@
1[Socket]
2ListenStream=9030
3ListenDatagram=9031
4
5[Install]
6WantedBy=sockets.target \ No newline at end of file
diff --git a/recipes-sota/aktualizr/files/aktualizr-serialcan.service b/recipes-sota/aktualizr/files/aktualizr-serialcan.service
new file mode 100644
index 0000000..b42f348
--- /dev/null
+++ b/recipes-sota/aktualizr/files/aktualizr-serialcan.service
@@ -0,0 +1,15 @@
1[Unit]
2Description=Aktualizr SOTA Client
3Wants=network-online.target slcand@ttyACM0.service
4After=network.target network-online.target slcand@ttyACM0.service
5
6Requires=network-online.target
7
8[Service]
9RestartSec=10
10Restart=always
11EnvironmentFile=/usr/lib/sota/sota.env
12ExecStart=/bin/sh -c "(ip addr | grep can0) && /usr/bin/aktualizr $AKTUALIZR_CMDLINE_PARAMETERS"
13
14[Install]
15WantedBy=multi-user.target
diff --git a/recipes-sota/aktualizr/files/aktualizr.service b/recipes-sota/aktualizr/files/aktualizr.service
new file mode 100644
index 0000000..726809e
--- /dev/null
+++ b/recipes-sota/aktualizr/files/aktualizr.service
@@ -0,0 +1,11 @@
1[Unit]
2Description=Aktualizr SOTA Client
3After=network.target
4
5[Service]
6RestartSec=10
7Restart=always
8ExecStart=/usr/bin/aktualizr $AKTUALIZR_CMDLINE_PARAMETERS
9
10[Install]
11WantedBy=multi-user.target
diff --git a/recipes-sota/aktualizr/files/ca.cnf b/recipes-sota/aktualizr/files/ca.cnf
new file mode 100644
index 0000000..352ec38
--- /dev/null
+++ b/recipes-sota/aktualizr/files/ca.cnf
@@ -0,0 +1,10 @@
1[req]
2req_extensions = cacert
3distinguished_name = req_distinguished_name
4
5[req_distinguished_name]
6
7[cacert]
8basicConstraints = critical,CA:true
9keyUsage = keyCertSign
10
diff --git a/recipes-sota/aktualizr/files/sota_autoprov.toml b/recipes-sota/aktualizr/files/sota_autoprov.toml
deleted file mode 100644
index 9fbb093..0000000
--- a/recipes-sota/aktualizr/files/sota_autoprov.toml
+++ /dev/null
@@ -1,14 +0,0 @@
1[tls]
2certificates_directory = "/var/sota/"
3ca_file = "root.crt"
4client_certificate = "client.pem"
5pkey_file = "pkey.pem"
6
7[uptane]
8metadata_path = "/var/sota/metadata"
9private_key_path = "ecukey.der"
10public_key_path = "ecukey.pub"
11
12[provision]
13provision_path = "/var/sota/sota_provisioning_credentials.zip"
14
diff --git a/recipes-sota/aktualizr/garage-sign-version.inc b/recipes-sota/aktualizr/garage-sign-version.inc
new file mode 100644
index 0000000..1b89a3d
--- /dev/null
+++ b/recipes-sota/aktualizr/garage-sign-version.inc
@@ -0,0 +1,36 @@
1
2python () {
3 if d.getVar("GARAGE_SIGN_VERSION", True) or not d.getVar("SOTA_PACKED_CREDENTIALS", True):
4 return
5 import json
6 import urllib.request
7 import zipfile
8 with zipfile.ZipFile(d.getVar("SOTA_PACKED_CREDENTIALS", True), 'r') as zip_ref:
9 try:
10 with zip_ref.open('tufrepo.url', mode='r') as url_file:
11 url = url_file.read().decode().strip(' \t\n') + '/health/version'
12 except (KeyError, ValueError, RuntimeError):
13 return
14 connected = False
15 tries = 3
16 for i in range(tries):
17 try:
18 r = urllib.request.urlopen(url)
19 if r.code == 200:
20 connected = True
21 break
22 else:
23 print('Bad return code from server ' + url + ': ' + str(r.code) +
24 ' (attempt ' + str(i + 1) + ' of ' + str(tries) + ')')
25 except urllib.error.URLError as e:
26 print('Error connecting to server ' + url + ': ' + str(e) +
27 ' (attempt ' + str(i + 1) + ' of ' + str(tries) + ')')
28 if not connected:
29 return
30 resp = r.read().decode('utf-8')
31 j = json.loads(resp)
32 version = 'cli-' + j['version'] + '.tgz'
33 d.setVar("GARAGE_SIGN_VERSION", version)
34}
35
36# vim:set ts=4 sw=4 sts=4 expandtab:
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-24 16:31:42 +0000