classes: Backporting classes from Sumo

Backport SOTA specific classes needed for latest version of
Aktualizr from branch Sumo to Morty.

Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>

4 files changed, 313 insertions, 192 deletions

diff --git a/classes/image_repo_manifest.bbclass b/classes/image_repo_manifest.bbclass
new file mode 100644
index 0000000..c2e7056
--- /dev/null
+++ b/classes/image_repo_manifest.bbclass
@@ -0,0 +1,23 @@
+# Writes the repo manifest to the target filesystem in /etc/manifest.xml
+#
+# Author: Phil Wise <phil@advancedtelematic.com>
+# Usage: add "inherit image_repo_manifest" to your image file
+# To reproduce a build, copy the /etc/manifest.xml to .repo/manifests/yourname.xml
+# then run:
+# repo init -m yourname.xml
+# repo sync
+# For more information, see:
+# https://web.archive.org/web/20161224194009/https://wiki.cyanogenmod.org/w/Doc:_Using_manifests 
+
+HOSTTOOLS_NONFATAL += " repo "
+
+# Write build information to target filesystem
+buildinfo_manifest () {
+  if [ $(which repo) ]; then
+    repo manifest --revision-as-HEAD -o ${IMAGE_ROOTFS}${sysconfdir}/manifest.xml || bbwarn "Android repo tool failed to run; manifest not copied"
+  else
+    bbwarn "Android repo tool not found; manifest not copied."
+  fi
+}
+
+IMAGE_PREPROCESS_COMMAND += "buildinfo_manifest;"
diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass
index 29f267d..0acc786 100644
--- a/classes/image_types_ostree.bbclass
+++ b/classes/image_types_ostree.bbclass
@@ -1,207 +1,274 @@
 # OSTree deployment
 
-inherit image
-
-IMAGE_DEPENDS_ostree = "ostree-native:do_populate_sysroot \ 
-                        openssl-native:do_populate_sysroot \
-                        zip-native:do_populate_sysroot \
-                        virtual/kernel:do_deploy \
-                        ${OSTREE_INITRAMFS_IMAGE}:do_image_complete"
+do_image_ostree[depends] += "ostree-native:do_populate_sysroot \
+                        openssl-native:do_populate_sysroot \
+                        coreutils-native:do_populate_sysroot \
+                        unzip-native:do_populate_sysroot \
+                        virtual/kernel:do_deploy \
+                        ${OSTREE_INITRAMFS_IMAGE}:do_image_complete"
+do_image_ostree[lockfiles] += "${OSTREE_REPO}/ostree.lock"
 
 export OSTREE_REPO
 export OSTREE_BRANCHNAME
+export GARAGE_TARGET_NAME
 
-RAMDISK_EXT ?= ".ext4.gz"
-RAMDISK_EXT_arm ?= ".ext4.gz.u-boot"
+RAMDISK_EXT ?= ".${OSTREE_INITRAMFS_FSTYPES}"
 
 OSTREE_KERNEL ??= "${KERNEL_IMAGETYPE}"
 
-export SYSTEMD_USED = "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', '', d)}"
+OSTREE_COMMIT_SUBJECT ??= "Commit-id: ${IMAGE_NAME}"
+OSTREE_COMMIT_BODY ??= ""
+OSTREE_UPDATE_SUMMARY ??= "0"
+
+export SYSTEMD_USED = "${@oe.utils.ifelse(d.getVar('VIRTUAL-RUNTIME_init_manager', True) == 'systemd', 'true', '')}"
 
 IMAGE_CMD_ostree () {
-        if [ -z "$OSTREE_REPO" ]; then
-                bbfatal "OSTREE_REPO should be set in your local.conf"
-        fi
-
-        if [ -z "$OSTREE_BRANCHNAME" ]; then
-                bbfatal "OSTREE_BRANCHNAME should be set in your local.conf"
-        fi
-
-        OSTREE_ROOTFS=`mktemp -du ${WORKDIR}/ostree-root-XXXXX`
-        cp -a ${IMAGE_ROOTFS} ${OSTREE_ROOTFS}
-        chmod a+rx ${OSTREE_ROOTFS}
-        sync
-
-        cd ${OSTREE_ROOTFS}
-
-        # Create sysroot directory to which physical sysroot will be mounted
-        mkdir sysroot
-        ln -sf sysroot/ostree ostree
-
-        rm -rf tmp/*
-        ln -sf sysroot/tmp tmp
-
-        mkdir -p usr/rootdirs
-
-        mv etc usr/
-        # Implement UsrMove
-        dirs="bin sbin lib"
-
-        for dir in ${dirs} ; do
-                if [ -d ${dir} ] && [ ! -L ${dir} ] ; then 
-                        mv ${dir} usr/rootdirs/
-                        rm -rf ${dir}
-                        ln -sf usr/rootdirs/${dir} ${dir}
-                fi
-        done
-        
-        if [ -n "$SYSTEMD_USED" ]; then
-                mkdir -p usr/etc/tmpfiles.d
-                tmpfiles_conf=usr/etc/tmpfiles.d/00ostree-tmpfiles.conf
-                echo "d /var/rootdirs 0755 root root -" >>${tmpfiles_conf}
-                echo "L /var/rootdirs/home - - - - /sysroot/home" >>${tmpfiles_conf}
-        else
-                mkdir -p usr/etc/init.d
-                tmpfiles_conf=usr/etc/init.d/tmpfiles.sh
-                echo '#!/bin/sh' > ${tmpfiles_conf}
-                echo "mkdir -p /var/rootdirs; chmod 755 /var/rootdirs" >> ${tmpfiles_conf}
-                echo "ln -sf /sysroot/home /var/rootdirs/home" >> ${tmpfiles_conf}
-
-                ln -s ../init.d/tmpfiles.sh usr/etc/rcS.d/S20tmpfiles.sh
-        fi
-
-        # Preserve OSTREE_BRANCHNAME for future information
-        mkdir -p usr/share/sota/
-        echo -n "${OSTREE_BRANCHNAME}" > usr/share/sota/branchname
-
-        # Preserve data in /home to be later copied to /sysroot/home by
-        #   sysroot generating procedure
-        mkdir -p usr/homedirs
-        if [ -d "home" ] && [ ! -L "home" ]; then
-                mv home usr/homedirs/home
-                ln -sf var/rootdirs/home home
-        fi
-
-    # Move cron jobs if exist
-    if [ -d "var/spool/cron" ] && [ "$(ls -A var/spool/cron)" ] &&
-        [ -d "usr/share/cronie-spool" ] ; then
-        mv var/spool/cron/* usr/share/cronie-spool/
+    if [ -z "$OSTREE_REPO" ]; then
+        bbfatal "OSTREE_REPO should be set in your local.conf"
     fi
 
-        # Move persistent directories to /var
-        dirs="opt mnt media srv"
-
-        for dir in ${dirs}; do
-                if [ -d ${dir} ] && [ ! -L ${dir} ]; then
-                        if [ "$(ls -A $dir)" ]; then
-                                bbwarn "Data in /$dir directory is not preserved by OSTree. Consider moving it under /usr"
-                        fi
-
-                        if [ -n "$SYSTEMD_USED" ]; then
-                                echo "d /var/rootdirs/${dir} 0755 root root -" >>${tmpfiles_conf}
-                        else
-                                echo "mkdir -p /var/rootdirs/${dir}; chown 755 /var/rootdirs/${dir}" >>${tmpfiles_conf}
-                        fi
-                        rm -rf ${dir}
-                        ln -sf var/rootdirs/${dir} ${dir}
-                fi
-        done
-
-        if [ -d root ] && [ ! -L root ]; then
-                if [ "$(ls -A root)" ]; then
-                        bberror "Data in /root directory is not preserved by OSTree."
-                fi
-
-                if [ -n "$SYSTEMD_USED" ]; then
-                        echo "d /var/roothome 0755 root root -" >>${tmpfiles_conf}
-                else
-                        echo "mkdir -p /var/roothome; chown 755 /var/roothome" >>${tmpfiles_conf}
-                fi
-
-                rm -rf root
-                ln -sf var/roothome root
-        fi
-
-        mkdir -p var/sota
-
-        if [ -n "${SOTA_AUTOPROVISION_CREDENTIALS}" ]; then
-        bbwarn "SOTA_AUTOPROVISION_CREDENTIALS are ignored. Please use SOTA_PACKED_CREDENTIALS"
+    if [ -z "$OSTREE_BRANCHNAME" ]; then
+        bbfatal "OSTREE_BRANCHNAME should be set in your local.conf"
     fi
-        if [ -n "${SOTA_AUTOPROVISION_URL}" ]; then
-        bbwarn "SOTA_AUTOPROVISION_URL is ignored. Please use SOTA_PACKED_CREDENTIALS"
+
+    OSTREE_ROOTFS=`mktemp -du ${WORKDIR}/ostree-root-XXXXX`
+    cp -a ${IMAGE_ROOTFS} ${OSTREE_ROOTFS}
+    chmod a+rx ${OSTREE_ROOTFS}
+    sync
+
+    cd ${OSTREE_ROOTFS}
+
+    for d in var/*; do
+      if [ "${d}" != "var/local" ]; then
+        rm -rf ${d}
+      fi
+    done
+
+    # Create sysroot directory to which physical sysroot will be mounted
+    mkdir sysroot
+    ln -sf sysroot/ostree ostree
+
+    rm -rf tmp/*
+    ln -sf sysroot/tmp tmp
+
+    mkdir -p usr/rootdirs
+
+    mv etc usr/
+    # Implement UsrMove
+    dirs="bin sbin lib"
+
+    for dir in ${dirs} ; do
+        if [ -d ${dir} ] && [ ! -L ${dir} ] ; then
+            mv ${dir} usr/rootdirs/
+            rm -rf ${dir}
+            ln -sf usr/rootdirs/${dir} ${dir}
+        fi
+    done
+
+    if [ -n "$SYSTEMD_USED" ]; then
+        mkdir -p usr/etc/tmpfiles.d
+        tmpfiles_conf=usr/etc/tmpfiles.d/00ostree-tmpfiles.conf
+        echo "d /var/rootdirs 0755 root root -" >>${tmpfiles_conf}
+        echo "L /var/rootdirs/home - - - - /sysroot/home" >>${tmpfiles_conf}
+    else
+        mkdir -p usr/etc/init.d
+        tmpfiles_conf=usr/etc/init.d/tmpfiles.sh
+        echo '#!/bin/sh' > ${tmpfiles_conf}
+        echo "mkdir -p /var/rootdirs; chmod 755 /var/rootdirs" >> ${tmpfiles_conf}
+        echo "ln -sf /sysroot/home /var/rootdirs/home" >> ${tmpfiles_conf}
+
+        ln -s ../init.d/tmpfiles.sh usr/etc/rcS.d/S20tmpfiles.sh
     fi
-        if [ -n "${SOTA_AUTOPROVISION_URL_FILE}" ]; then
-        bbwarn "SOTA_AUTOPROVISION_URL_FILE is ignored. Please use SOTA_PACKED_CREDENTIALS"
+
+    # Preserve OSTREE_BRANCHNAME for future information
+    mkdir -p usr/share/sota/
+    echo -n "${OSTREE_BRANCHNAME}" > usr/share/sota/branchname
+
+    # Preserve data in /home to be later copied to /sysroot/home by sysroot
+    # generating procedure
+    mkdir -p usr/homedirs
+    if [ -d "home" ] && [ ! -L "home" ]; then
+        mv home usr/homedirs/home
+        ln -sf var/rootdirs/home home
     fi
-        if [ -n "${OSTREE_PUSH_CREDENTIALS}" ]; then
-        bbwarn "OSTREE_PUSH_CREDENTIALS is ignored. Please use SOTA_PACKED_CREDENTIALS"
+
+    # Move persistent directories to /var
+    dirs="opt mnt media srv"
+
+    for dir in ${dirs}; do
+        if [ -d ${dir} ] && [ ! -L ${dir} ]; then
+            if [ "$(ls -A $dir)" ]; then
+                bbwarn "Data in /$dir directory is not preserved by OSTree. Consider moving it under /usr"
+            fi
+
+            if [ -n "$SYSTEMD_USED" ]; then
+                echo "d /var/rootdirs/${dir} 0755 root root -" >>${tmpfiles_conf}
+            else
+                echo "mkdir -p /var/rootdirs/${dir}; chown 755 /var/rootdirs/${dir}" >>${tmpfiles_conf}
+            fi
+            rm -rf ${dir}
+            ln -sf var/rootdirs/${dir} ${dir}
+        fi
+    done
+
+    if [ -d root ] && [ ! -L root ]; then
+        if [ "$(ls -A root)" ]; then
+            bberror "Data in /root directory is not preserved by OSTree."
+            exit 1
+        fi
+
+        if [ -n "$SYSTEMD_USED" ]; then
+            echo "d /var/roothome 0755 root root -" >>${tmpfiles_conf}
+        else
+            echo "mkdir -p /var/roothome; chown 755 /var/roothome" >>${tmpfiles_conf}
+        fi
+
+        rm -rf root
+        ln -sf var/roothome root
     fi
 
-        # deploy SOTA credentials
-        if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
-                if [ -e ${SOTA_PACKED_CREDENTIALS} ]; then
-                        cp ${SOTA_PACKED_CREDENTIALS} var/sota/sota_provisioning_credentials.zip
-                        # Device should not be able to push data to treehub
-                        zip -d var/sota/sota_provisioning_credentials.zip treehub.json
-                fi
-        fi
+    # Creating boot directories is required for "ostree admin deploy"
 
-        if [ -n "${SOTA_SECONDARY_ECUS}" ]; then
-                cp ${SOTA_SECONDARY_ECUS} var/sota/ecus
-        fi
+    mkdir -p boot/loader.0
+    mkdir -p boot/loader.1
+    ln -sf boot/loader.0 boot/loader
 
-        # Creating boot directories is required for "ostree admin deploy"
+    checksum=`sha256sum ${DEPLOY_DIR_IMAGE}/${OSTREE_KERNEL} | cut -f 1 -d " "`
 
-        mkdir -p boot/loader.0
-        mkdir -p boot/loader.1
-        ln -sf boot/loader.0 boot/loader
+    cp ${DEPLOY_DIR_IMAGE}/${OSTREE_KERNEL} boot/vmlinuz-${checksum}
+    cp ${DEPLOY_DIR_IMAGE}/${OSTREE_INITRAMFS_IMAGE}-${MACHINE}${RAMDISK_EXT} boot/initramfs-${checksum}
 
-        checksum=`sha256sum ${DEPLOY_DIR_IMAGE}/${OSTREE_KERNEL} | cut -f 1 -d " "`
+    # Copy image manifest
+    cat ${IMAGE_MANIFEST} | cut -d " " -f1,3 > usr/package.manifest
 
-        cp ${DEPLOY_DIR_IMAGE}/${OSTREE_KERNEL} boot/vmlinuz-${checksum}
-        cp ${DEPLOY_DIR_IMAGE}/${OSTREE_INITRAMFS_IMAGE}-${MACHINE}${RAMDISK_EXT} boot/initramfs-${checksum}
+    cd ${WORKDIR}
 
-        # Copy image manifest
-        cat ${IMAGE_MANIFEST} | cut -d " " -f1,3 > usr/package.manifest
+    # Create a tarball that can be then commited to OSTree repo
+    OSTREE_TAR=${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.rootfs.ostree.tar.bz2
+    tar -C ${OSTREE_ROOTFS} --xattrs --xattrs-include='*' -cjf ${OSTREE_TAR} .
+    sync
 
-        cd ${WORKDIR}
+    rm -f ${DEPLOY_DIR_IMAGE}/${IMAGE_LINK_NAME}.rootfs.ostree.tar.bz2
+    ln -s ${IMAGE_NAME}.rootfs.ostree.tar.bz2 ${DEPLOY_DIR_IMAGE}/${IMAGE_LINK_NAME}.rootfs.ostree.tar.bz2
 
-        # Create a tarball that can be then commited to OSTree repo
-        OSTREE_TAR=${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.rootfs.ostree.tar.bz2 
-        tar -C ${OSTREE_ROOTFS} --xattrs --xattrs-include='*' -cjf ${OSTREE_TAR} .
-        sync
+    if ! ostree --repo=${OSTREE_REPO} refs 2>&1 > /dev/null; then
+        ostree --repo=${OSTREE_REPO} init --mode=archive-z2
+    fi
 
-        rm -f ${DEPLOY_DIR_IMAGE}/${IMAGE_LINK_NAME}.rootfs.ostree.tar.bz2
-        ln -s ${IMAGE_NAME}.rootfs.ostree.tar.bz2 ${DEPLOY_DIR_IMAGE}/${IMAGE_LINK_NAME}.rootfs.ostree.tar.bz2
-        
-        if [ ! -d ${OSTREE_REPO} ]; then
-                ostree --repo=${OSTREE_REPO} init --mode=archive-z2
-        fi
+    # Commit the result
+    ostree --repo=${OSTREE_REPO} commit \
+           --tree=dir=${OSTREE_ROOTFS} \
+           --skip-if-unchanged \
+           --branch=${OSTREE_BRANCHNAME} \
+           --subject="${OSTREE_COMMIT_SUBJECT}" \
+           --body="${OSTREE_COMMIT_BODY}"
 
-        # Commit the result
-        ostree --repo=${OSTREE_REPO} commit \
-               --tree=dir=${OSTREE_ROOTFS} \
-               --skip-if-unchanged \
-               --branch=${OSTREE_BRANCHNAME} \
-               --subject="Commit-id: ${IMAGE_NAME}"
+    if [ "${OSTREE_UPDATE_SUMMARY}" = "1" ]; then
+        ostree --repo=${OSTREE_REPO} summary -u
+    fi
 
-        rm -rf ${OSTREE_ROOTFS}
+    rm -rf ${OSTREE_ROOTFS}
 }
 
 IMAGE_TYPEDEP_ostreepush = "ostree"
-IMAGE_DEPENDS_ostreepush = "sota-tools-native:do_populate_sysroot"
+do_image_ostreepush[depends] += "aktualizr-native:do_populate_sysroot ca-certificates-native:do_populate_sysroot"
 IMAGE_CMD_ostreepush () {
-        # Print warnings if credetials are not set or if the file has not been found.
-        if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
-                if [ -e ${SOTA_PACKED_CREDENTIALS} ]; then
-                        garage-push --repo=${OSTREE_REPO} \
-                                    --ref=${OSTREE_BRANCHNAME} \
-                                    --credentials=${SOTA_PACKED_CREDENTIALS} \
-                                    --cacert=${STAGING_ETCDIR_NATIVE}/ssl/certs/ca-certificates.crt
-                else
-                        bbwarn "SOTA_PACKED_CREDENTIALS file does not exist."
-                fi
+    # Print warnings if credetials are not set or if the file has not been found.
+    if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
+        if [ -e ${SOTA_PACKED_CREDENTIALS} ]; then
+            garage-push --repo=${OSTREE_REPO} \
+                        --ref=${OSTREE_BRANCHNAME} \
+                        --credentials=${SOTA_PACKED_CREDENTIALS} \
+                        --cacert=${STAGING_ETCDIR_NATIVE}/ssl/certs/ca-certificates.crt
         else
-                bbwarn "SOTA_PACKED_CREDENTIALS not set. Please add SOTA_PACKED_CREDENTIALS."
-        fi
+            bbwarn "SOTA_PACKED_CREDENTIALS file does not exist."
+        fi
+    else
+        bbwarn "SOTA_PACKED_CREDENTIALS not set. Please add SOTA_PACKED_CREDENTIALS."
+    fi
+}
+
+IMAGE_TYPEDEP_garagesign = "ostreepush"
+do_image_garagesign[depends] += "aktualizr-native:do_populate_sysroot"
+IMAGE_CMD_garagesign () {
+    if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
+        # if credentials are issued by a server that doesn't support offline signing, exit silently
+        unzip -p ${SOTA_PACKED_CREDENTIALS} root.json targets.pub targets.sec tufrepo.url 2>&1 >/dev/null || exit 0
+
+        java_version=$( java -version 2>&1 | awk -F '"' '/version/ {print $2}' )
+        if [ "${java_version}" = "" ]; then
+            bberror "Java is required for synchronization with update backend, but is not installed on the host machine"
+            exit 1
+        elif [ "${java_version}" \< "1.8" ]; then
+            bberror "Java version >= 8 is required for synchronization with update backend"
+            exit 1
+        fi
+
+        rm -rf ${GARAGE_SIGN_REPO}
+        garage-sign init --repo tufrepo \
+                         --home-dir ${GARAGE_SIGN_REPO} \
+                         --credentials ${SOTA_PACKED_CREDENTIALS}
+
+        ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME})
+
+        # Use OSTree target hash as version if none was provided by the user
+        target_version=${ostree_target_hash}
+        if [ -n "${GARAGE_TARGET_VERSION}" ]; then
+            target_version=${GARAGE_TARGET_VERSION}
+            bbwarn "Target version is overriden with GARAGE_TARGET_VERSION variable. It is a dangerous operation, make sure you've read the respective secion in meta-updater/README.adoc"
+        elif [ -e "${STAGING_DATADIR_NATIVE}/target_version" ]; then
+            target_version=$(cat "${STAGING_DATADIR_NATIVE}/target_version")
+            bbwarn "Target version is overriden with target_version file. It is a dangerous operation, make sure you've read the respective secion in meta-updater/README.adoc"
+        fi
+
+        # Push may fail due to race condition when multiple build machines try to push simultaneously
+        #   in which case targets.json should be pulled again and the whole procedure repeated
+        push_success=0
+        for push_retries in $( seq 3 ); do
+            garage-sign targets pull --repo tufrepo \
+                                     --home-dir ${GARAGE_SIGN_REPO}
+            garage-sign targets add --repo tufrepo \
+                                    --home-dir ${GARAGE_SIGN_REPO} \
+                                    --name ${GARAGE_TARGET_NAME} \
+                                    --format OSTREE \
+                                    --version ${target_version} \
+                                    --length 0 \
+                                    --url "${GARAGE_TARGET_URL}" \
+                                    --sha256 ${ostree_target_hash} \
+                                    --hardwareids ${SOTA_HARDWARE_ID}
+            garage-sign targets sign --repo tufrepo \
+                                     --home-dir ${GARAGE_SIGN_REPO} \
+                                     --key-name=targets
+            errcode=0
+            garage-sign targets push --repo tufrepo \
+                                     --home-dir ${GARAGE_SIGN_REPO} || errcode=$?
+            if [ "$errcode" -eq "0" ]; then
+                push_success=1
+                break
+            else
+                bbwarn "Push to garage repository has failed, retrying"
+            fi
+        done
+        rm -rf ${GARAGE_SIGN_REPO}
+
+        if [ "$push_success" -ne "1" ]; then
+            bberror "Couldn't push to garage repository"
+            exit 1
+        fi
+    fi
+}
+
+IMAGE_TYPEDEP_garagecheck = "ostreepush garagesign"
+do_image_garagecheck[depends] += "aktualizr-native:do_populate_sysroot"
+IMAGE_CMD_garagecheck () {
+    if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
+        # if credentials are issued by a server that doesn't support offline signing, exit silently
+        unzip -p ${SOTA_PACKED_CREDENTIALS} root.json targets.pub targets.sec tufrepo.url 2>&1 >/dev/null || exit 0
+        ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME})
+
+        garage-check --ref=${ostree_target_hash} \
+                     --credentials=${SOTA_PACKED_CREDENTIALS} \
+                     --cacert=${STAGING_ETCDIR_NATIVE}/ssl/certs/ca-certificates.crt
+    fi
 }
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/classes/image_types_ota.bbclass b/classes/image_types_ota.bbclass
index 09c30ff..df3bc7c 100644
--- a/classes/image_types_ota.bbclass
+++ b/classes/image_types_ota.bbclass
@@ -7,11 +7,7 @@
 # boot scripts, kernel and initramfs images
 #
 
-inherit image
-
-OSTREE_BOOTLOADER ??= 'u-boot'
-
-IMAGE_DEPENDS_otaimg = "e2fsprogs-native:do_populate_sysroot \
+do_image_otaimg[depends] += "e2fsprogs-native:do_populate_sysroot \
                         ${@'grub:do_populate_sysroot' if d.getVar('OSTREE_BOOTLOADER', True) == 'grub' else ''} \
                         ${@'virtual/bootloader:do_deploy' if d.getVar('OSTREE_BOOTLOADER', True) == 'u-boot' else ''}"
 
@@ -32,7 +28,7 @@ calculate_size () {
         fi
 
         if [ "$SIZE" -lt "$MIN" ]; then
-                $SIZE=$MIN
+                SIZE=$MIN
         fi
 
         SIZE=`expr $SIZE \+ $EXTRA`
@@ -53,6 +49,8 @@ export OSTREE_BRANCHNAME
 export OSTREE_REPO
 export OSTREE_BOOTLOADER
 
+export GARAGE_TARGET_NAME
+
 IMAGE_CMD_otaimg () {
         if ${@bb.utils.contains('IMAGE_FSTYPES', 'otaimg', 'true', 'false', d)}; then
                 if [ -z "$OSTREE_REPO" ]; then
@@ -67,7 +65,6 @@ IMAGE_CMD_otaimg () {
                         bbfatal "OSTREE_BRANCHNAME should be set in your local.conf"
                 fi
 
-
                 PHYS_SYSROOT=`mktemp -d ${WORKDIR}/ota-sysroot-XXXXX`
 
                 ostree admin --sysroot=${PHYS_SYSROOT} init-fs ${PHYS_SYSROOT}
@@ -78,32 +75,48 @@ IMAGE_CMD_otaimg () {
 
                 if [ "${OSTREE_BOOTLOADER}" = "grub" ]; then
                         mkdir -p ${PHYS_SYSROOT}/boot/grub2
-                        touch ${PHYS_SYSROOT}/boot/grub2/grub.cfg
+                        ln -s ../loader/grub.cfg ${PHYS_SYSROOT}/boot/grub2/grub.cfg
                 elif [ "${OSTREE_BOOTLOADER}" = "u-boot" ]; then
                         touch ${PHYS_SYSROOT}/boot/loader/uEnv.txt
                 else
                         bberror "Invalid bootloader: ${OSTREE_BOOTLOADER}"
                 fi;
 
-                ostree --repo=${PHYS_SYSROOT}/ostree/repo pull-local --remote=${OSTREE_OSNAME} ${OSTREE_REPO} ${OSTREE_BRANCHNAME}
+                ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME})
+
+                ostree --repo=${PHYS_SYSROOT}/ostree/repo pull-local --remote=${OSTREE_OSNAME} ${OSTREE_REPO} ${ostree_target_hash}
                 export OSTREE_BOOT_PARTITION="/boot"
                 kargs_list=""
                 for arg in ${OSTREE_KERNEL_ARGS}; do
                         kargs_list="${kargs_list} --karg-append=$arg"
                 done
 
-                ostree admin --sysroot=${PHYS_SYSROOT} deploy ${kargs_list} --os=${OSTREE_OSNAME} ${OSTREE_BRANCHNAME}
+                ostree admin --sysroot=${PHYS_SYSROOT} deploy ${kargs_list} --os=${OSTREE_OSNAME} ${ostree_target_hash}
 
                 # Copy deployment /home and /var/sota to sysroot
                 HOME_TMP=`mktemp -d ${WORKDIR}/home-tmp-XXXXX`
-                tar --xattrs --xattrs-include='*' -C ${HOME_TMP} -xf ${DEPLOY_DIR_IMAGE}/${IMAGE_LINK_NAME}.rootfs.ostree.tar.bz2 ./usr/homedirs ./var/sota ./var/local || true
-                mv ${HOME_TMP}/var/sota ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/ || true
-                mv ${HOME_TMP}/var/local ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/ || true
+                tar --xattrs --xattrs-include='*' -C ${HOME_TMP} -xf ${DEPLOY_DIR_IMAGE}/${IMAGE_LINK_NAME}.rootfs.ostree.tar.bz2 ./usr/homedirs ./var/local || true
+
+                cp -a ${IMAGE_ROOTFS}/var/sota ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/ || true
                 # Create /var/sota if it doesn't exist yet
-                mkdir -p ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/sota || true
+                mkdir -p ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/sota
+                # Ensure the permissions are correctly set
+                chmod 700 ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/sota
+
+                mv ${HOME_TMP}/var/local ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/ || true
                 mv ${HOME_TMP}/usr/homedirs/home ${PHYS_SYSROOT}/ || true
                 # Ensure that /var/local exists (AGL symlinks /usr/local to /var/local)
                 install -d ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/local
+                # Set package version for the first deployment
+                target_version=${ostree_target_hash}
+                if [ -n "${GARAGE_TARGET_VERSION}" ]; then
+                        target_version=${GARAGE_TARGET_VERSION}
+                elif [ -e "${STAGING_DATADIR_NATIVE}/target_version" ]; then
+                        target_version=$(cat "${STAGING_DATADIR_NATIVE}/target_version")
+                fi
+                mkdir -p ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/sota/import
+                echo "{\"${ostree_target_hash}\":\"${GARAGE_TARGET_NAME}-${target_version}\"}" > ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/sota/import/installed_versions
+
                 rm -rf ${HOME_TMP}
 
                 # Calculate image type
diff --git a/classes/sota.bbclass b/classes/sota.bbclass
index 5073e29..070fe72 100644
--- a/classes/sota.bbclass
+++ b/classes/sota.bbclass
@@ -5,25 +5,41 @@ python __anonymous() {
 
 OVERRIDES .= "${@bb.utils.contains('DISTRO_FEATURES', 'sota', ':sota', '', d)}"
 
+HOSTTOOLS_NONFATAL += "java"
+
 SOTA_CLIENT ??= "aktualizr"
-IMAGE_INSTALL_append_sota = " ostree os-release ${SOTA_CLIENT}"
+SOTA_CLIENT_PROV ??= "aktualizr-auto-prov"
+SOTA_DEPLOY_CREDENTIALS ?= "1"
+SOTA_HARDWARE_ID ??= "${MACHINE}"
+
+IMAGE_INSTALL_append_sota = " ostree os-release ${SOTA_CLIENT} ${SOTA_CLIENT_PROV}"
 IMAGE_CLASSES += " image_types_ostree image_types_ota"
-IMAGE_FSTYPES += "${@bb.utils.contains('DISTRO_FEATURES', 'sota', 'ostreepush otaimg wic', ' ', d)}"
+IMAGE_FSTYPES += "${@bb.utils.contains('DISTRO_FEATURES', 'sota', 'ostreepush garagesign garagecheck otaimg wic', ' ', d)}"
+
+PACKAGECONFIG_append_pn-curl = " ssl"
+PACKAGECONFIG_remove_pn-curl = "gnutls"
 
 WKS_FILE_sota ?= "sdimage-sota.wks"
 
 EXTRA_IMAGEDEPENDS_append_sota = " parted-native mtools-native dosfstools-native"
 
+OSTREE_INITRAMFS_FSTYPES ??= 'ext4.gz'
+
 # Please redefine OSTREE_REPO in order to have a persistent OSTree repo
 OSTREE_REPO ?= "${DEPLOY_DIR_IMAGE}/ostree_repo"
-# For UPTANE operation, OSTREE_BRANCHNAME must start with "${MACHINE}-"
-OSTREE_BRANCHNAME ?= "${MACHINE}-ota"
+OSTREE_BRANCHNAME ?= "${SOTA_HARDWARE_ID}"
 OSTREE_OSNAME ?= "poky"
 OSTREE_INITRAMFS_IMAGE ?= "initramfs-ostree-image"
+OSTREE_BOOTLOADER ??= 'u-boot'
+
+GARAGE_SIGN_REPO ?= "${DEPLOY_DIR_IMAGE}/garage_sign_repo"
+GARAGE_SIGN_KEYNAME ?= "garage-key"
+GARAGE_TARGET_NAME ?= "${OSTREE_BRANCHNAME}"
+GARAGE_TARGET_VERSION ?= ""
+GARAGE_TARGET_URL ?= "https://example.com/"
 
 SOTA_MACHINE ??="none"
-SOTA_MACHINE_raspberrypi2 ?= "raspberrypi"
-SOTA_MACHINE_raspberrypi3 ?= "raspberrypi"
+SOTA_MACHINE_rpi ?= "raspberrypi"
 SOTA_MACHINE_porter ?= "porter"
 SOTA_MACHINE_m3ulcb = "m3ulcb"
 SOTA_MACHINE_intel-corei7-64 ?= "minnowboard"
@@ -31,3 +47,5 @@ SOTA_MACHINE_qemux86-64 ?= "qemux86-64"
 SOTA_MACHINE_am335x-evm ?= "am335x-evm-wifi"
 
 inherit sota_${SOTA_MACHINE}
+
+inherit image_repo_manifest