Add support for zipped credentials

author: Anton Gerasimov <anton@advancedtelematic.com> 2017-05-17 17:16:00 +0200
committer: Anton Gerasimov <anton@advancedtelematic.com> 2017-05-24 15:29:55 +0200
commit: 5c36fff1607aa645f5f522d42dcd28d70d070f3b (patch)
tree: 1423ac87b509bdd8e1ad2445f9805fa4fa3cd21c
parent: 221a3753efeb67ea2c5e06dc7033c03385d37a00 (diff)
download: meta-updater-5c36fff1607aa645f5f522d42dcd28d70d070f3b.tar.gz
2 files changed, 50 insertions, 14 deletions
diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass
index 59d4510..03b9c68 100644
--- a/classes/image_types_ostree.bbclass
+++ b/classes/image_types_ostree.bbclass
@@ -3,6 +3,7 @@
 inherit image
 IMAGE_DEPENDS_ostree = "ostree-native:do_populate_sysroot \ 
+                        openssl-native:do_populate_sysroot \
                        virtual/kernel:do_deploy \
                        ${OSTREE_INITRAMFS_IMAGE}:do_image_complete"
@@ -16,6 +17,36 @@ OSTREE_KERNEL ??= "${KERNEL_IMAGETYPE}"
 export SYSTEMD_USED = "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', '', d)}"
+python () {
+    if d.getVar("SOTA_PACKED_CREDENTIALS", True):
+        if d.getVar("SOTA_AUTOPROVISION_CREDENTIALS", True):
+            bb.warn("SOTA_AUTOPROVISION_CREDENTIALS are overriden by those in SOTA_PACKED_CREDENTIALS")
+        if d.getVar("SOTA_AUTOPROVISION_URL", True):
+            bb.warn("SOTA_AUTOPROVISION_URL is overriden by one in SOTA_PACKED_CREDENTIALS")
+        if d.getVar("SOTA_AUTOPROVISION_URL_FILE", True):
+            bb.warn("SOTA_AUTOPROVISION_URL_FILE is overriden by one in SOTA_PACKED_CREDENTIALS")
+        if d.getVar("OSTREE_PUSH_CREDENTIALS", True):
+            bb.warn("OSTREE_PUSH_CREDENTIALS are overriden by those in SOTA_PACKED_CREDENTIALS")
+        d.setVar("SOTA_AUTOPROVISION_CREDENTIALS", "%s/sota_credentials/autoprov_credentials.p12" % d.getVar("DEPLOY_DIR_IMAGE", True))
+        d.setVar("SOTA_AUTOPROVISION_URL_FILE", "%s/sota_credentials/autoprov.url" % d.getVar("DEPLOY_DIR_IMAGE", True))
+        d.setVar("OSTREE_PUSH_CREDENTIALS", "%s/sota_credentials/treehub.json" % d.getVar("DEPLOY_DIR_IMAGE", True))
+}
+IMAGE_DEPENDS_osreecredunpack = "unzip-native:do_populate_sysroot"
+IMAGE_CMD_ostreecredunpack () {
+        if [ ${SOTA_PACKED_CREDENTIALS} ]; then
+                rm -rf ${DEPLOY_DIR_IMAGE}/sota_credentials
+                unzip ${SOTA_PACKED_CREDENTIALS} -d ${DEPLOY_DIR_IMAGE}/sota_credentials
+        fi
+}
+IMAGE_TYPEDEP_ostree = "ostreecredunpack"
 IMAGE_CMD_ostree () {
        if [ -z "$OSTREE_REPO" ]; then
                bbfatal "OSTREE_REPO should be set in your local.conf"
@@ -114,6 +145,23 @@ IMAGE_CMD_ostree () {
                ln -sf var/roothome root
        fi
+        # deploy SOTA credentials
+        if [ -n "${SOTA_AUTOPROVISION_CREDENTIALS}" ]; then
+                EXPDATE=`openssl pkcs12 -in ${SOTA_AUTOPROVISION_CREDENTIALS} -password "pass:" -nodes 2>/dev/null | openssl x509 -noout -enddate | cut -f2 -d "="`
+                if [ `date +%s` -ge `date -d "${EXPDATE}" +%s` ]; then
+                        bberror "Certificate ${SOTA_AUTOPROVISION_CREDENTIALS} has expired on ${EXPDATE}"
+                fi
+                mkdir -p var/sota
+                cp ${SOTA_AUTOPROVISION_CREDENTIALS} var/sota/sota_provisioning_credentials.p12
+                if [ -n "${SOTA_AUTOPROVISION_URL_FILE}" ]; then
+                        export SOTA_AUTOPROVISION_URL=`cat ${SOTA_AUTOPROVISION_URL_FILE}`
+                fi
+                echo "SOTA_GATEWAY_URI=${SOTA_AUTOPROVISION_URL}" > var/sota/sota_provisioning_url.env
+        fi
        # Creating boot directories is required for "ostree admin deploy"
        mkdir -p boot/loader.0
diff --git a/recipes-sota/rvi-sota-client/rvi-sota-client_git.bb b/recipes-sota/rvi-sota-client/rvi-sota-client_git.bb
index 9a3dbf9..9ba11ea 100644
--- a/recipes-sota/rvi-sota-client/rvi-sota-client_git.bb
+++ b/recipes-sota/rvi-sota-client/rvi-sota-client_git.bb
@@ -153,6 +153,7 @@ RDEPENDS_${PN} = " libcrypto \
                   python-json \
                   "
+export SOTA_PACKED_CREDENTIALS
 export SOTA_AUTOPROVISION_CREDENTIALS
 export SOTA_AUTOPROVISION_URL
@@ -171,7 +172,7 @@ do_install() {
  if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
    install -d ${D}/${systemd_unitdir}/system
-    if [ -n "$SOTA_AUTOPROVISION_CREDENTIALS" ]; then
+    if [ -n "$SOTA_AUTOPROVISION_CREDENTIALS" -o -n "$SOTA_PACKED_CREDENTIALS" ]; then
      install -c ${S}/run/sota_client_uptane_auto.service ${D}${systemd_unitdir}/system/sota_client.service
    else
      install -c ${S}/run/sota_client_ostree.service ${D}${systemd_unitdir}/system/sota_client.service
@@ -184,17 +185,4 @@ do_install() {
  install -c ${S}/run/sota_certificates ${D}${sysconfdir}
  ln -fs /lib ${D}/lib64
-  if [ -n "$SOTA_AUTOPROVISION_CREDENTIALS" ]; then
-    EXPDATE=`openssl pkcs12 -in $SOTA_AUTOPROVISION_CREDENTIALS -password "pass:" -nodes 2>/dev/null | openssl x509 -noout -enddate | cut -f2 -d "="`
-    if [ `date +%s` -ge `date -d "${EXPDATE}" +%s` ]; then
-      bberror "Certificate ${SOTA_AUTOPROVISION_CREDENTIALS} has expired on ${EXPDATE}"
-    fi
-    install -d ${D}/var
-    install -d ${D}/var/sota
-    install -m 0655 $SOTA_AUTOPROVISION_CREDENTIALS ${D}/var/sota/sota_provisioning_credentials.p12
-    echo "SOTA_GATEWAY_URI=$SOTA_AUTOPROVISION_URL" > ${D}/var/sota/sota_provisioning_url.env
-  fi
 }
author	Anton Gerasimov <anton@advancedtelematic.com>	2017-05-17 17:16:00 +0200
committer	Anton Gerasimov <anton@advancedtelematic.com>	2017-05-24 15:29:55 +0200
commit	5c36fff1607aa645f5f522d42dcd28d70d070f3b (patch)
tree	1423ac87b509bdd8e1ad2445f9805fa4fa3cd21c
parent	221a3753efeb67ea2c5e06dc7033c03385d37a00 (diff)
download	meta-updater-5c36fff1607aa645f5f522d42dcd28d70d070f3b.tar.gz

diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass index 59d4510..03b9c68 100644 --- a/classes/image_types_ostree.bbclass +++ b/classes/image_types_ostree.bbclass
@@ -3,6 +3,7 @@
3	inherit image	3	inherit image
4		4
5	IMAGE_DEPENDS_ostree = "ostree-native:do_populate_sysroot \	5	IMAGE_DEPENDS_ostree = "ostree-native:do_populate_sysroot \
		6	openssl-native:do_populate_sysroot \
6	virtual/kernel:do_deploy \	7	virtual/kernel:do_deploy \
7	${OSTREE_INITRAMFS_IMAGE}:do_image_complete"	8	${OSTREE_INITRAMFS_IMAGE}:do_image_complete"
8		9
@@ -16,6 +17,36 @@ OSTREE_KERNEL ??= "${KERNEL_IMAGETYPE}"
16		17
17	export SYSTEMD_USED = "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', '', d)}"	18	export SYSTEMD_USED = "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', '', d)}"
18		19
		20	python () {
		21	if d.getVar("SOTA_PACKED_CREDENTIALS", True):
		22	if d.getVar("SOTA_AUTOPROVISION_CREDENTIALS", True):
		23	bb.warn("SOTA_AUTOPROVISION_CREDENTIALS are overriden by those in SOTA_PACKED_CREDENTIALS")
		24	if d.getVar("SOTA_AUTOPROVISION_URL", True):
		25	bb.warn("SOTA_AUTOPROVISION_URL is overriden by one in SOTA_PACKED_CREDENTIALS")
		26
		27	if d.getVar("SOTA_AUTOPROVISION_URL_FILE", True):
		28	bb.warn("SOTA_AUTOPROVISION_URL_FILE is overriden by one in SOTA_PACKED_CREDENTIALS")
		29
		30	if d.getVar("OSTREE_PUSH_CREDENTIALS", True):
		31	bb.warn("OSTREE_PUSH_CREDENTIALS are overriden by those in SOTA_PACKED_CREDENTIALS")
		32
		33	d.setVar("SOTA_AUTOPROVISION_CREDENTIALS", "%s/sota_credentials/autoprov_credentials.p12" % d.getVar("DEPLOY_DIR_IMAGE", True))
		34	d.setVar("SOTA_AUTOPROVISION_URL_FILE", "%s/sota_credentials/autoprov.url" % d.getVar("DEPLOY_DIR_IMAGE", True))
		35	d.setVar("OSTREE_PUSH_CREDENTIALS", "%s/sota_credentials/treehub.json" % d.getVar("DEPLOY_DIR_IMAGE", True))
		36	}
		37
		38	IMAGE_DEPENDS_osreecredunpack = "unzip-native:do_populate_sysroot"
		39
		40	IMAGE_CMD_ostreecredunpack () {
		41	if [ ${SOTA_PACKED_CREDENTIALS} ]; then
		42	rm -rf ${DEPLOY_DIR_IMAGE}/sota_credentials
		43
		44	unzip ${SOTA_PACKED_CREDENTIALS} -d ${DEPLOY_DIR_IMAGE}/sota_credentials
		45	fi
		46	}
		47
		48	IMAGE_TYPEDEP_ostree = "ostreecredunpack"
		49
19	IMAGE_CMD_ostree () {	50	IMAGE_CMD_ostree () {
20	if [ -z "$OSTREE_REPO" ]; then	51	if [ -z "$OSTREE_REPO" ]; then
21	bbfatal "OSTREE_REPO should be set in your local.conf"	52	bbfatal "OSTREE_REPO should be set in your local.conf"
@@ -114,6 +145,23 @@ IMAGE_CMD_ostree () {
114	ln -sf var/roothome root	145	ln -sf var/roothome root
115	fi	146	fi
116		147
		148	# deploy SOTA credentials
		149	if [ -n "${SOTA_AUTOPROVISION_CREDENTIALS}" ]; then
		150	EXPDATE=`openssl pkcs12 -in ${SOTA_AUTOPROVISION_CREDENTIALS} -password "pass:" -nodes 2>/dev/null \| openssl x509 -noout -enddate \| cut -f2 -d "="`
		151
		152	if [ `date +%s` -ge `date -d "${EXPDATE}" +%s` ]; then
		153	bberror "Certificate ${SOTA_AUTOPROVISION_CREDENTIALS} has expired on ${EXPDATE}"
		154	fi
		155
		156	mkdir -p var/sota
		157	cp ${SOTA_AUTOPROVISION_CREDENTIALS} var/sota/sota_provisioning_credentials.p12
		158	if [ -n "${SOTA_AUTOPROVISION_URL_FILE}" ]; then
		159	export SOTA_AUTOPROVISION_URL=`cat ${SOTA_AUTOPROVISION_URL_FILE}`
		160	fi
		161	echo "SOTA_GATEWAY_URI=${SOTA_AUTOPROVISION_URL}" > var/sota/sota_provisioning_url.env
		162	fi
		163
		164
117	# Creating boot directories is required for "ostree admin deploy"	165	# Creating boot directories is required for "ostree admin deploy"
118		166
119	mkdir -p boot/loader.0	167	mkdir -p boot/loader.0


diff --git a/recipes-sota/rvi-sota-client/rvi-sota-client_git.bb b/recipes-sota/rvi-sota-client/rvi-sota-client_git.bb index 9a3dbf9..9ba11ea 100644 --- a/recipes-sota/rvi-sota-client/rvi-sota-client_git.bb +++ b/recipes-sota/rvi-sota-client/rvi-sota-client_git.bb
@@ -153,6 +153,7 @@ RDEPENDS_${PN} = " libcrypto \
153	python-json \	153	python-json \
154	"	154	"
155		155
		156	export SOTA_PACKED_CREDENTIALS
156	export SOTA_AUTOPROVISION_CREDENTIALS	157	export SOTA_AUTOPROVISION_CREDENTIALS
157	export SOTA_AUTOPROVISION_URL	158	export SOTA_AUTOPROVISION_URL
158		159
@@ -171,7 +172,7 @@ do_install() {
171		172
172	if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then	173	if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
173	install -d ${D}/${systemd_unitdir}/system	174	install -d ${D}/${systemd_unitdir}/system
174	if [ -n "$SOTA_AUTOPROVISION_CREDENTIALS" ]; then	175	if [ -n "$SOTA_AUTOPROVISION_CREDENTIALS" -o -n "$SOTA_PACKED_CREDENTIALS" ]; then
175	install -c ${S}/run/sota_client_uptane_auto.service ${D}${systemd_unitdir}/system/sota_client.service	176	install -c ${S}/run/sota_client_uptane_auto.service ${D}${systemd_unitdir}/system/sota_client.service
176	else	177	else
177	install -c ${S}/run/sota_client_ostree.service ${D}${systemd_unitdir}/system/sota_client.service	178	install -c ${S}/run/sota_client_ostree.service ${D}${systemd_unitdir}/system/sota_client.service
@@ -184,17 +185,4 @@ do_install() {
184	install -c ${S}/run/sota_certificates ${D}${sysconfdir}	185	install -c ${S}/run/sota_certificates ${D}${sysconfdir}
185	ln -fs /lib ${D}/lib64	186	ln -fs /lib ${D}/lib64
186		187
187	if [ -n "$SOTA_AUTOPROVISION_CREDENTIALS" ]; then
188	EXPDATE=`openssl pkcs12 -in $SOTA_AUTOPROVISION_CREDENTIALS -password "pass:" -nodes 2>/dev/null \| openssl x509 -noout -enddate \| cut -f2 -d "="`
189
190	if [ `date +%s` -ge `date -d "${EXPDATE}" +%s` ]; then
191	bberror "Certificate ${SOTA_AUTOPROVISION_CREDENTIALS} has expired on ${EXPDATE}"
192	fi
193
194	install -d ${D}/var
195	install -d ${D}/var/sota
196	install -m 0655 $SOTA_AUTOPROVISION_CREDENTIALS ${D}/var/sota/sota_provisioning_credentials.p12
197	echo "SOTA_GATEWAY_URI=$SOTA_AUTOPROVISION_URL" > ${D}/var/sota/sota_provisioning_url.env
198	fi
199
200	}	188	}