summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAnton Gerasimov <anton@advancedtelematic.com>2017-09-27 10:14:32 +0200
committerAnton Gerasimov <anton@advancedtelematic.com>2017-10-16 12:42:37 +0200
commit9d9b6a8eb297e7e90a680730bfc5068deb19a138 (patch)
tree3735d77f600ff18d1219ad3f8ecc346188eadae7
parent36f1d8668a0ccdfe7f71f886a6829fb33be7cb48 (diff)
downloadmeta-updater-9d9b6a8eb297e7e90a680730bfc5068deb19a138.tar.gz
Support pkcs#11 in aktualizr and add softhsm token for testing
-rw-r--r--classes/sota.bbclass3
-rw-r--r--recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb34
-rw-r--r--recipes-sota/aktualizr/aktualizr_common.inc2
-rw-r--r--recipes-sota/aktualizr/aktualizr_git.bb2
-rw-r--r--recipes-sota/aktualizr/files/sota_hsm_test.toml17
-rw-r--r--recipes-sota/ostree/ostree_git.bb7
-rw-r--r--recipes-support/softhsm-testtoken/files/createtoken.sh13
7 files changed, 70 insertions, 8 deletions
diff --git a/classes/sota.bbclass b/classes/sota.bbclass
index d3b66e0..f191cee 100644
--- a/classes/sota.bbclass
+++ b/classes/sota.bbclass
@@ -11,6 +11,9 @@ IMAGE_INSTALL_append_sota = " ostree os-release ${SOTA_CLIENT} ${SOTA_CLIENT_PRO
11IMAGE_CLASSES += " image_types_ostree image_types_ota" 11IMAGE_CLASSES += " image_types_ostree image_types_ota"
12IMAGE_FSTYPES += "${@bb.utils.contains('DISTRO_FEATURES', 'sota', 'ostreepush otaimg wic', ' ', d)}" 12IMAGE_FSTYPES += "${@bb.utils.contains('DISTRO_FEATURES', 'sota', 'ostreepush otaimg wic', ' ', d)}"
13 13
14PACKAGECONFIG_append_pn-curl = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', " ssl", " ", d)}"
15PACKAGECONFIG_remove_pn-curl = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', " gnutls", " ", d)}"
16
14WKS_FILE_sota ?= "sdimage-sota.wks" 17WKS_FILE_sota ?= "sdimage-sota.wks"
15 18
16EXTRA_IMAGEDEPENDS_append_sota = " parted-native mtools-native dosfstools-native" 19EXTRA_IMAGEDEPENDS_append_sota = " parted-native mtools-native dosfstools-native"
diff --git a/recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb b/recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb
new file mode 100644
index 0000000..c77a5bc
--- /dev/null
+++ b/recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb
@@ -0,0 +1,34 @@
1SUMMARY = "Aktualizr systemd service and configuration with HSM support"
2DESCRIPTION = "Systemd service and configurations for Aktualizr, the SOTA Client application written in C++"
3HOMEPAGE = "https://github.com/advancedtelematic/aktualizr"
4SECTION = "base"
5LICENSE = "MPL-2.0"
6LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE;md5=9741c346eef56131163e13b9db1241b3"
7
8DEPENDS = "aktualizr-native"
9RDEPENDS_${PN} = "aktualizr"
10
11SRC_URI = " \
12 file://LICENSE \
13 file://aktualizr-autoprovision.service \
14 file://sota_hsm_test.toml \
15 "
16PV = "1.0"
17PR = "6"
18
19SYSTEMD_SERVICE_${PN} = "aktualizr.service"
20
21inherit systemd
22
23do_install() {
24 install -d ${D}/${systemd_unitdir}/system
25 install -m 0644 ${WORKDIR}/aktualizr-autoprovision.service ${D}/${systemd_unitdir}/system/aktualizr.service
26 install -d ${D}/usr/lib/sota
27 aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} --no-root-ca \
28 -i ${WORKDIR}/sota_hsm_test.toml -o ${D}/usr/lib/sota/sota.toml -p ${D}
29}
30
31FILES_${PN} = " \
32 ${systemd_unitdir}/system/aktualizr.service \
33 /usr/lib/sota/sota.toml \
34 "
diff --git a/recipes-sota/aktualizr/aktualizr_common.inc b/recipes-sota/aktualizr/aktualizr_common.inc
index b3f99cc..3f58157 100644
--- a/recipes-sota/aktualizr/aktualizr_common.inc
+++ b/recipes-sota/aktualizr/aktualizr_common.inc
@@ -11,7 +11,7 @@ PR = "7"
11SRC_URI = " \ 11SRC_URI = " \
12 git://github.com/advancedtelematic/aktualizr;branch=${BRANCH} \ 12 git://github.com/advancedtelematic/aktualizr;branch=${BRANCH} \
13 " 13 "
14SRCREV = "ed2c9684d3b7e605b41a3e7dda0afded1d4a084c" 14SRCREV = "c38a1fd990cf238de2912db4d7023ddd91e2131f"
15BRANCH ?= "master" 15BRANCH ?= "master"
16 16
17S = "${WORKDIR}/git" 17S = "${WORKDIR}/git"
diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb
index 4f6a175..f994852 100644
--- a/recipes-sota/aktualizr/aktualizr_git.bb
+++ b/recipes-sota/aktualizr/aktualizr_git.bb
@@ -9,7 +9,7 @@ RDEPENDS_${PN}_append = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm-test'
9 9
10inherit systemd 10inherit systemd
11 11
12EXTRA_OECMAKE = "-DWARNING_AS_ERROR=OFF -DCMAKE_BUILD_TYPE=Release -DBUILD_OSTREE=ON -DAKTUALIZR_VERSION=${PV}" 12EXTRA_OECMAKE = "-DWARNING_AS_ERROR=OFF -DCMAKE_BUILD_TYPE=Release -DBUILD_OSTREE=ON ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', '-DBUILD_P11=ON', '', d)} -DAKTUALIZR_VERSION=${PV}"
13 13
14do_install_append () { 14do_install_append () {
15 rm ${D}${bindir}/aktualizr_cert_provider 15 rm ${D}${bindir}/aktualizr_cert_provider
diff --git a/recipes-sota/aktualizr/files/sota_hsm_test.toml b/recipes-sota/aktualizr/files/sota_hsm_test.toml
new file mode 100644
index 0000000..1317914
--- /dev/null
+++ b/recipes-sota/aktualizr/files/sota_hsm_test.toml
@@ -0,0 +1,17 @@
1[tls]
2certificates_directory = "/var/sota/"
3ca_file = "/var/sota/token/root.crt"
4client_certificate = "01"
5cert_source = "pkcs11"
6pkey_file = "02"
7pkey_source = "pkcs11"
8
9[p11]
10module = "/usr/lib/softhsm/libsofthsm2.so"
11pass = "1234"
12
13[uptane]
14metadata_path = "/var/sota/metadata"
15private_key_path = "ecukey.der"
16public_key_path = "ecukey.pub"
17
diff --git a/recipes-sota/ostree/ostree_git.bb b/recipes-sota/ostree/ostree_git.bb
index 8937e5e..7a0320e 100644
--- a/recipes-sota/ostree/ostree_git.bb
+++ b/recipes-sota/ostree/ostree_git.bb
@@ -8,9 +8,9 @@ INHERIT_remove_class-native = "systemd"
8 8
9SRC_URI = "gitsm://github.com/ostreedev/ostree.git;branch=master" 9SRC_URI = "gitsm://github.com/ostreedev/ostree.git;branch=master"
10 10
11SRCREV="3b09620c2738bce4ed45e099cf2e4c5df7671d39" 11SRCREV="e3c3ec5dd91492e82c79223052443d038c60f41c"
12 12
13PV = "2017.3-31-g3b09620c" 13PV = "v2017.11-20-ge3c3ec5d"
14 14
15S = "${WORKDIR}/git" 15S = "${WORKDIR}/git"
16 16
@@ -79,6 +79,9 @@ FILES_${PN} += " \
79 ${datadir}/gir-1.0/OSTree-1.0.gir \ 79 ${datadir}/gir-1.0/OSTree-1.0.gir \
80 ${libdir}/girepository-1.0 \ 80 ${libdir}/girepository-1.0 \
81 ${libdir}/girepository-1.0/OSTree-1.0.typelib \ 81 ${libdir}/girepository-1.0/OSTree-1.0.typelib \
82 ${libdir}/tmpfiles.d/ostree-tmpfiles.conf \
83 ${datadir}/bash-completion/completions/ostree \
84 ${systemd_unitdir}/system-generators/ostree-system-generator \
82" 85"
83 86
84PACKAGES =+ "${PN}-switchroot" 87PACKAGES =+ "${PN}-switchroot"
diff --git a/recipes-support/softhsm-testtoken/files/createtoken.sh b/recipes-support/softhsm-testtoken/files/createtoken.sh
index a72ec34..b01db47 100644
--- a/recipes-support/softhsm-testtoken/files/createtoken.sh
+++ b/recipes-support/softhsm-testtoken/files/createtoken.sh
@@ -5,17 +5,22 @@ if pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so -O; then
5 exit 0 5 exit 0
6fi 6fi
7 7
8if ! ls /var/sota/token/pkey.pem /var/sota/token/client.pem; then 8if ! ls /var/sota/token/pkey.pem /var/sota/token/client.pem /var/sota/token/pkey.pem; then
9 # Key/certificate pair is not present, repeat 9 # Key/certificate pair is not present, repeat
10 mkdir -p /var/sota/token
11 exit 1 10 exit 1
12fi 11fi
13 12
14mkdir -p /var/lib/softhsm/tokens 13mkdir -p /var/lib/softhsm/tokens
15softhsm2-util --init-token --slot 0 --label "Virtual token" --pin 1234 --so-pin 1234 14softhsm2-util --init-token --slot 0 --label "Virtual token" --pin 1234 --so-pin 1234
16 15
17pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --label 'Virtual token' --write-object /var/sota/token/pkey.pem --type privkey --login --pin 1234 16softhsm2-util --import /var/sota/token/pkey.pem --label "pkey" --id 02 --token 'Virtual token' --pin 1234
18openssl x509 -outform der -in /var/sota/token/client.pem -out /var/sota/token/client.der 17openssl x509 -outform der -in /var/sota/token/client.pem -out /var/sota/token/client.der
19pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --label 'Virtual token' --write-object /var/sota/token/client.der --type cert --login --pin 1234 18pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --id 1 --write-object /var/sota/token/client.der --type cert --login --pin 1234
19
20# Import UPTANE keypair if it exists
21if [ -f /var/sota/token/ecukey.pem ]; then
22 openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in /var/sota/token/ecukey.pem -out /var/sota/token/ecukey.p8
23 softhsm2-util --import /var/sota/token/ecukey.p8 --label "uptanekey" --id 03 --token 'Virtual token' --pin 1234
24fi
20 25
21exit 0 26exit 0