summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAnton Gerasimov <anton@advancedtelematic.com>2017-12-13 15:30:03 +0100
committerAnton Gerasimov <anton@advancedtelematic.com>2017-12-20 15:56:57 +0100
commit6630a83d1292bb96a531208b7c52aa1744c54f79 (patch)
treea4ef3b323c4ab688f4bd202c2b157625a336a88d
parent057fe7e802dd2bfbbe85f57bef99bbdf0f8c25a2 (diff)
downloadmeta-updater-6630a83d1292bb96a531208b7c52aa1744c54f79.tar.gz
Fixes for Spekulatius
- New garage-sign interface - Remove garage-sign recipe (now installed with aktualizr-native) - Small but critical bugfixes in aktualizr
-rw-r--r--classes/image_repo_manifest.bbclass4
-rw-r--r--classes/image_types_ostree.bbclass13
-rw-r--r--classes/sota.bbclass4
-rw-r--r--lib/oeqa/selftest/updater.py14
-rw-r--r--recipes-sota/aktualizr/aktualizr-implicit-prov.bb2
-rw-r--r--recipes-sota/aktualizr/aktualizr_git.bb2
-rw-r--r--recipes-sota/garage-sign/garage-sign.bb33
7 files changed, 13 insertions, 59 deletions
diff --git a/classes/image_repo_manifest.bbclass b/classes/image_repo_manifest.bbclass
index 2012363..467fd9a 100644
--- a/classes/image_repo_manifest.bbclass
+++ b/classes/image_repo_manifest.bbclass
@@ -14,9 +14,9 @@ HOSTTOOLS_NONFATAL += " repo "
14# Write build information to target filesystem 14# Write build information to target filesystem
15buildinfo () { 15buildinfo () {
16 if [ $(which repo) ]; then 16 if [ $(which repo) ]; then
17 repo manifest --revision-as-HEAD -o ${IMAGE_ROOTFS}${sysconfdir}/manifest.xml || echo "Android repo tool failed to run; manifest not copied" 17 repo manifest --revision-as-HEAD -o ${IMAGE_ROOTFS}${sysconfdir}/manifest.xml || bbwarn "Android repo tool failed to run; manifest not copied"
18 else 18 else
19 echo "Android repo tool not found; manifest not copied." 19 bbwarn "Android repo tool not found; manifest not copied."
20 fi 20 fi
21} 21}
22 22
diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass
index 56a9720..05db62a 100644
--- a/classes/image_types_ostree.bbclass
+++ b/classes/image_types_ostree.bbclass
@@ -179,7 +179,7 @@ IMAGE_CMD_ostreepush () {
179} 179}
180 180
181IMAGE_TYPEDEP_garagesign = "ostreepush" 181IMAGE_TYPEDEP_garagesign = "ostreepush"
182IMAGE_DEPENDS_garagesign = "garage-sign-native:do_populate_sysroot" 182IMAGE_DEPENDS_garagesign = "aktualizr-native:do_populate_sysroot"
183IMAGE_CMD_garagesign () { 183IMAGE_CMD_garagesign () {
184 if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then 184 if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
185 # if credentials are issued by a server that doesn't support offline signing, exit silently 185 # if credentials are issued by a server that doesn't support offline signing, exit silently
@@ -194,11 +194,8 @@ IMAGE_CMD_garagesign () {
194 exit 1 194 exit 1
195 fi 195 fi
196 196
197 if [ ! -d "${GARAGE_SIGN_REPO}" ]; then 197 rm -rf ${GARAGE_SIGN_REPO}
198 garage-sign init --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --credentials ${SOTA_PACKED_CREDENTIALS} 198 garage-sign init --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --credentials ${SOTA_PACKED_CREDENTIALS}
199 fi
200
201 reposerver_args="--reposerver $( unzip -p ${SOTA_PACKED_CREDENTIALS} tufrepo.url )"
202 199
203 ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME}) 200 ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME})
204 201
@@ -206,11 +203,11 @@ IMAGE_CMD_garagesign () {
206 # in which case targets.json should be pulled again and the whole procedure repeated 203 # in which case targets.json should be pulled again and the whole procedure repeated
207 push_success=0 204 push_success=0
208 for push_retries in $( seq 3 ); do 205 for push_retries in $( seq 3 ); do
209 garage-sign targets pull --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} ${reposerver_args} 206 garage-sign targets pull --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO}
210 garage-sign targets add --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --name ${OSTREE_BRANCHNAME} --format OSTREE --version ${ostree_target_hash} --length 0 --url "https://example.com/" --sha256 ${ostree_target_hash} --hardwareids ${MACHINE} 207 garage-sign targets add --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --name ${OSTREE_BRANCHNAME} --format OSTREE --version ${ostree_target_hash} --length 0 --url "https://example.com/" --sha256 ${ostree_target_hash} --hardwareids ${MACHINE}
211 garage-sign targets sign --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --key-name=targets 208 garage-sign targets sign --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --key-name=targets
212 errcode=0 209 errcode=0
213 garage-sign targets push --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} ${reposerver_args} || errcode=$? 210 garage-sign targets push --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} || errcode=$?
214 if [ "$errcode" -eq "0" ]; then 211 if [ "$errcode" -eq "0" ]; then
215 push_success=1 212 push_success=1
216 break 213 break
diff --git a/classes/sota.bbclass b/classes/sota.bbclass
index 0f42332..bbb9ac9 100644
--- a/classes/sota.bbclass
+++ b/classes/sota.bbclass
@@ -13,8 +13,8 @@ IMAGE_INSTALL_append_sota = " ostree os-release ${SOTA_CLIENT} ${SOTA_CLIENT_PRO
13IMAGE_CLASSES += " image_types_ostree image_types_ota" 13IMAGE_CLASSES += " image_types_ostree image_types_ota"
14IMAGE_FSTYPES += "${@bb.utils.contains('DISTRO_FEATURES', 'sota', 'ostreepush garagesign garagecheck otaimg wic', ' ', d)}" 14IMAGE_FSTYPES += "${@bb.utils.contains('DISTRO_FEATURES', 'sota', 'ostreepush garagesign garagecheck otaimg wic', ' ', d)}"
15 15
16PACKAGECONFIG_append_pn-curl = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', " ssl", " ", d)}" 16PACKAGECONFIG_append_pn-curl = " ssl"
17PACKAGECONFIG_remove_pn-curl = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', " gnutls", " ", d)}" 17PACKAGECONFIG_remove_pn-curl = "gnutls"
18 18
19WKS_FILE_sota ?= "sdimage-sota.wks" 19WKS_FILE_sota ?= "sdimage-sota.wks"
20 20
diff --git a/lib/oeqa/selftest/updater.py b/lib/oeqa/selftest/updater.py
index c07b154..f28349f 100644
--- a/lib/oeqa/selftest/updater.py
+++ b/lib/oeqa/selftest/updater.py
@@ -31,23 +31,13 @@ class SotaToolsTests(oeSelfTest):
31 result = runCmd('%s --help' % p, ignore_status=True) 31 result = runCmd('%s --help' % p, ignore_status=True)
32 self.assertEqual(result.status, 0, "Status not equal to 0. output: %s" % result.output) 32 self.assertEqual(result.status, 0, "Status not equal to 0. output: %s" % result.output)
33 33
34 34 def test_garagesign_help(self):
35class GarageSignTests(oeSelfTest): 35 bb_vars = get_bb_vars(['SYSROOT_DESTDIR', 'bindir'], 'aktualizr-native')
36
37 @classmethod
38 def setUpClass(cls):
39 logger = logging.getLogger("selftest")
40 logger.info('Running bitbake to build garage-sign-native')
41 bitbake('garage-sign-native')
42
43 def test_help(self):
44 bb_vars = get_bb_vars(['SYSROOT_DESTDIR', 'bindir'], 'garage-sign-native')
45 p = bb_vars['SYSROOT_DESTDIR'] + bb_vars['bindir'] + "/" + "garage-sign" 36 p = bb_vars['SYSROOT_DESTDIR'] + bb_vars['bindir'] + "/" + "garage-sign"
46 self.assertTrue(os.path.isfile(p), msg = "No garage-sign found (%s)" % p) 37 self.assertTrue(os.path.isfile(p), msg = "No garage-sign found (%s)" % p)
47 result = runCmd('%s --help' % p, ignore_status=True) 38 result = runCmd('%s --help' % p, ignore_status=True)
48 self.assertEqual(result.status, 0, "Status not equal to 0. output: %s" % result.output) 39 self.assertEqual(result.status, 0, "Status not equal to 0. output: %s" % result.output)
49 40
50
51class HsmTests(oeSelfTest): 41class HsmTests(oeSelfTest):
52 42
53 def test_hsm(self): 43 def test_hsm(self):
diff --git a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
index 67bd2c2..e5d9c9b 100644
--- a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
@@ -27,7 +27,7 @@ do_install() {
27 install -d ${D}${libdir}/sota 27 install -d ${D}${libdir}/sota
28 if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then 28 if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
29 aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} \ 29 aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} \
30 -i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov.toml -o ${D}${libdir}/sota/sota.toml -p ${D} 30 -i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov.toml -o ${D}${libdir}/sota/sota.toml -p ${D} --no-root-ca
31 fi 31 fi
32} 32}
33 33
diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb
index e4ffc5a..08aa6c2 100644
--- a/recipes-sota/aktualizr/aktualizr_git.bb
+++ b/recipes-sota/aktualizr/aktualizr_git.bb
@@ -18,7 +18,7 @@ PR = "7"
18SRC_URI = " \ 18SRC_URI = " \
19 git://github.com/advancedtelematic/aktualizr;branch=${BRANCH} \ 19 git://github.com/advancedtelematic/aktualizr;branch=${BRANCH} \
20 " 20 "
21SRCREV = "5bf2975aee4af667a1af17381bf68c34a00f03a3" 21SRCREV = "eb6c0b43c2b8b32f66f228c1c3f590b5c16ad448"
22BRANCH ?= "master" 22BRANCH ?= "master"
23 23
24S = "${WORKDIR}/git" 24S = "${WORKDIR}/git"
diff --git a/recipes-sota/garage-sign/garage-sign.bb b/recipes-sota/garage-sign/garage-sign.bb
deleted file mode 100644
index 32dda47..0000000
--- a/recipes-sota/garage-sign/garage-sign.bb
+++ /dev/null
@@ -1,33 +0,0 @@
1SUMMARY = "garage-sign"
2DESCRIPTION = "Metadata signing tool for ATS Garage"
3HOMEPAGE = "https://ats-tuf-cli-releases.s3-eu-central-1.amazonaws.com/index.html"
4SECTION = "base"
5LICENSE = "CLOSED"
6LIC_FILES_CHKSUM = "file://${S}/docs/LICENSE;md5=3025e77db7bd3f1d616b3ffd11d54c94"
7DEPENDS = ""
8
9PV = "0.2.0-57-g3f86c67"
10
11SRC_URI = " \
12 https://ats-tuf-cli-releases.s3-eu-central-1.amazonaws.com/cli-${PV}.tgz \
13 "
14
15SRC_URI[md5sum] = "5bbe080c0c3a80928b8856d2076dd49a"
16SRC_URI[sha256sum] = "f653d24172ed245a6256b2f341a9b77bddf624cd6bbda574c1a85430e3155394"
17
18S = "${WORKDIR}/${BPN}"
19
20BBCLASSEXTEND =+ "native"
21
22do_install() {
23 install -d ${D}${bindir}
24 install -m "0755" -t ${D}${bindir} ${S}/bin/*
25 install -d ${D}${libdir}
26 install -m "0644" -t ${D}${libdir} ${S}/lib/*
27}
28
29FILES_${PN} = " \
30 ${bindir}/garage-sign.bat \
31 ${bindir}/garage-sign \
32 ${libdir}/* \
33 "