Merge branch 'master' into feat/thud/hardware-id-etc

12 files changed, 158 insertions, 168 deletions

diff --git a/CONTRIBUTING.adoc b/CONTRIBUTING.adoc
index f12b95d..4d9e8f6 100644
--- a/CONTRIBUTING.adoc
+++ b/CONTRIBUTING.adoc
@@ -17,7 +17,7 @@ If you are developing with meta-updater, it may be helpful to read the README an
 
 * OTA-enabled build succeeds for at least one platform, the resulting image boots, and an update can be installed. This check is absolutely necessary for every pull request unless it only touches documentation.
 * If your change touches platform code (like `classes/sota_<platform>.bbclass`), please check building and updating on this particular platform.
-* oe-selftest succeeds. To test meta-updater, run `oe-selftest -r updater` from a build directory with `MACHINE` set to `qemux86-64`.
+* oe-selftest succeeds. To test meta-updater, run `oe-selftest -r updater` from a build directory with `MACHINE` set to `qemux86-64`. See the link:README.adoc#qa-with-oe-selftest[relevant section of the README] for more details.
 * Updates are forwards- and backwards-compatible. You should be able to update an OTA-enabled build before the change is applied to the version with change applied and vice versa. One should pay double attention to the compatibility when bootloader code is affected.
 * The patch/branch should be based on the latest version of the target branch. This may mean that rebasing is necessary if other PRs are merged before yours is approved.
 
diff --git a/README.adoc b/README.adoc
index 6424a28..994ad67 100644
--- a/README.adoc
+++ b/README.adoc
@@ -87,6 +87,7 @@ Although we have used U-Boot so far, other boot loaders can be configured work w
 * `SOTA_CLIENT_PROV` - which provisioning method to use. Valid options are https://github.com/advancedtelematic/aktualizr/blob/master/docs/automatic-provisioning.adoc[`aktualizr-auto-prov`], https://github.com/advancedtelematic/aktualizr/blob/master/docs/implicit-provisioning.adoc[`aktualizr-ca-implicit-prov`], and https://github.com/advancedtelematic/aktualizr/blob/master/docs/hsm-provisioning.adoc[`aktualizr-hsm-prov`]. The default is `aktualizr-auto-prov`. This can also be set to an empty string to avoid using a provisioning recipe.
 * `SOTA_CLIENT_FEATURES` - extensions to aktualizr. The only valid options are `hsm` (to build with HSM support) and `secondary-network` (to set up a simulated 'in-vehicle' network with support for a primary node with a DHCP server and a secondary node with a DHCP client).
 * `SOTA_SECONDARY_CONFIG_DIR` - a directory containing JSON configuration files for virtual secondaries on the host. These will be installed into `/etc/sota/ecus` on the device and automatically provided to aktualizr.
+* `SOTA_HARDWARE_ID` - a custom hardware ID that will be written to the aktualizr config. Defaults to MACHINE if not set.
 
 == Usage
 
@@ -146,7 +147,6 @@ First, you can set `SOTA_CLIENT_PROV` to control which provisioning recipe is us
 
 Second, you can write recipes to install additional config files with customized options. A few recipes already exist to address common needs and provide an example:
 
-* link:recipes-sota/config/aktualizr-example-interface.bb[aktualizr-example-interface.bb] will configure aktualizr to connect to an example interface for a legacy flasher. This is intended to be used in conjunction with the `aktualizr-examples` package. See https://github.com/advancedtelematic/aktualizr/blob/master/docs/legacysecondary.adoc[legacysecondary.adoc] in the aktualizr repo for more information.
 * link:recipes-sota/config/aktualizr-disable-send-ip.bb[aktualizr-disable-send-ip.bb] disables the reporting of networking information to the server. This is enabled by default and supported by https://connect.ota.here.com/[HERE OTA Connect]. However, if you are using a different server that does not support this feature, you may want to disable it in aktualizr.
 * link:recipes-sota/config/aktualizr-log-debug.bb[aktualizr-log-debug.bb] sets the log level of aktualizr to 0 (trace). The default is 2 (info). This recipe is intended for development and debugging purposes.
 
@@ -181,7 +181,7 @@ Please note that [target name, target version] pairs are expected to be unique i
 
 == QA with oe-selftest
 
-This layer relies on the test framework oe-selftest for quality assurance. Follow the steps below to run the tests:
+This layer relies on the test framework oe-selftest for quality assurance. Currently, you will need to run this in a build directory with `MACHINE` set to `qemux86-64`. Follow the steps below to run the tests:
 
 1. Append the line below to `conf/local.conf` to disable the warning about supported operating systems:
 +
diff --git a/classes/image_repo_manifest.bbclass b/classes/image_repo_manifest.bbclass
index 467fd9a..c2e7056 100644
--- a/classes/image_repo_manifest.bbclass
+++ b/classes/image_repo_manifest.bbclass
@@ -12,7 +12,7 @@
 HOSTTOOLS_NONFATAL += " repo "
 
 # Write build information to target filesystem
-buildinfo () {
+buildinfo_manifest () {
   if [ $(which repo) ]; then
     repo manifest --revision-as-HEAD -o ${IMAGE_ROOTFS}${sysconfdir}/manifest.xml || bbwarn "Android repo tool failed to run; manifest not copied"
   else
@@ -20,4 +20,4 @@ buildinfo () {
   fi
 }
 
-IMAGE_PREPROCESS_COMMAND += "buildinfo;"
+IMAGE_PREPROCESS_COMMAND += "buildinfo_manifest;"
diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass
index 5286efc..4095de0 100644
--- a/classes/image_types_ostree.bbclass
+++ b/classes/image_types_ostree.bbclass
@@ -1,42 +1,30 @@
 # OSTree deployment
-
-do_image_ostree[depends] += "ostree-native:do_populate_sysroot \
-                        openssl-native:do_populate_sysroot \
-                        coreutils-native:do_populate_sysroot \
-                        unzip-native:do_populate_sysroot \
-                        virtual/kernel:do_deploy \
-                        ${INITRAMFS_IMAGE}:do_image_complete \
-"
-do_image_ostree[lockfiles] += "${OSTREE_REPO}/ostree.lock"
-
-export OSTREE_REPO
-export OSTREE_BRANCHNAME
-export GARAGE_TARGET_NAME
+inherit distro_features_check
 
 OSTREE_KERNEL ??= "${KERNEL_IMAGETYPE}"
-
+OSTREE_ROOTFS ??= "${WORKDIR}/ostree-rootfs"
 OSTREE_COMMIT_SUBJECT ??= "Commit-id: ${IMAGE_NAME}"
 OSTREE_COMMIT_BODY ??= ""
 OSTREE_UPDATE_SUMMARY ??= "0"
 
-export SYSTEMD_USED = "${@oe.utils.ifelse(d.getVar('VIRTUAL-RUNTIME_init_manager', True) == 'systemd', 'true', '')}"
+BUILD_OSTREE_TARBALL ??= "1"
 
-IMAGE_CMD_ostree () {
-    if [ -z "$OSTREE_REPO" ]; then
-        bbfatal "OSTREE_REPO should be set in your local.conf"
-    fi
+SYSTEMD_USED = "${@oe.utils.ifelse(d.getVar('VIRTUAL-RUNTIME_init_manager', True) == 'systemd', 'true', '')}"
 
-    if [ -z "$OSTREE_BRANCHNAME" ]; then
-        bbfatal "OSTREE_BRANCHNAME should be set in your local.conf"
-    fi
+IMAGE_CMD_TAR = "tar --xattrs --xattrs-include=*"
+CONVERSION_CMD_tar = "touch ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}; ${IMAGE_CMD_TAR} --numeric-owner -cf ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.tar -C ${OTA_IMAGE_ROOTFS} . || [ $? -eq 1 ]"
+CONVERSIONTYPES_append = " tar"
 
-    OSTREE_ROOTFS=`mktemp -du ${WORKDIR}/ostree-root-XXXXX`
-    cp -a ${IMAGE_ROOTFS} ${OSTREE_ROOTFS}
+REQUIRED_DISTRO_FEATURES = "usrmerge"
+OTA_IMAGE_ROOTFS_task-image-ostree = "${OSTREE_ROOTFS}"
+do_image_ostree[dirs] = "${OSTREE_ROOTFS}"
+do_image_ostree[cleandirs] = "${OSTREE_ROOTFS}"
+do_image_ostree[depends] = "coreutils-native:do_populate_sysroot virtual/kernel:do_deploy ${INITRAMFS_IMAGE}:do_image_complete"
+IMAGE_CMD_ostree () {
+    cp -a ${IMAGE_ROOTFS}/* ${OSTREE_ROOTFS}
     chmod a+rx ${OSTREE_ROOTFS}
     sync
 
-    cd ${OSTREE_ROOTFS}
-
     for d in var/*; do
       if [ "${d}" != "var/local" ]; then
         rm -rf ${d}
@@ -53,18 +41,8 @@ IMAGE_CMD_ostree () {
     mkdir -p usr/rootdirs
 
     mv etc usr/
-    # Implement UsrMove
-    dirs="bin sbin lib"
-
-    for dir in ${dirs} ; do
-        if [ -d ${dir} ] && [ ! -L ${dir} ] ; then
-            mv ${dir} usr/rootdirs/
-            rm -rf ${dir}
-            ln -sf usr/rootdirs/${dir} ${dir}
-        fi
-    done
 
-    if [ -n "$SYSTEMD_USED" ]; then
+    if [ -n "${SYSTEMD_USED}" ]; then
         mkdir -p usr/etc/tmpfiles.d
         tmpfiles_conf=usr/etc/tmpfiles.d/00ostree-tmpfiles.conf
         echo "d /var/rootdirs 0755 root root -" >>${tmpfiles_conf}
@@ -100,7 +78,7 @@ IMAGE_CMD_ostree () {
                 bbwarn "Data in /$dir directory is not preserved by OSTree. Consider moving it under /usr"
             fi
 
-            if [ -n "$SYSTEMD_USED" ]; then
+            if [ -n "${SYSTEMD_USED}" ]; then
                 echo "d /var/rootdirs/${dir} 0755 root root -" >>${tmpfiles_conf}
             else
                 echo "mkdir -p /var/rootdirs/${dir}; chown 755 /var/rootdirs/${dir}" >>${tmpfiles_conf}
@@ -112,11 +90,10 @@ IMAGE_CMD_ostree () {
 
     if [ -d root ] && [ ! -L root ]; then
         if [ "$(ls -A root)" ]; then
-            bberror "Data in /root directory is not preserved by OSTree."
-            exit 1
+            bbfatal "Data in /root directory is not preserved by OSTree."
         fi
 
-        if [ -n "$SYSTEMD_USED" ]; then
+        if [ -n "${SYSTEMD_USED}" ]; then
             echo "d /var/roothome 0755 root root -" >>${tmpfiles_conf}
         else
             echo "mkdir -p /var/roothome; chown 755 /var/roothome" >>${tmpfiles_conf}
@@ -140,17 +117,12 @@ IMAGE_CMD_ostree () {
 
     # Copy image manifest
     cat ${IMAGE_MANIFEST} | cut -d " " -f1,3 > usr/package.manifest
+}
 
-    cd ${WORKDIR}
-
-    # Create a tarball that can be then commited to OSTree repo
-    OSTREE_TAR=${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.rootfs.ostree.tar.bz2
-    tar -C ${OSTREE_ROOTFS} --xattrs --xattrs-include='*' -cjf ${OSTREE_TAR} .
-    sync
-
-    rm -f ${DEPLOY_DIR_IMAGE}/${IMAGE_LINK_NAME}.rootfs.ostree.tar.bz2
-    ln -s ${IMAGE_NAME}.rootfs.ostree.tar.bz2 ${DEPLOY_DIR_IMAGE}/${IMAGE_LINK_NAME}.rootfs.ostree.tar.bz2
-
+IMAGE_TYPEDEP_ostreecommit = "ostree"
+do_image_ostreecommit[depends] += "ostree-native:do_populate_sysroot"
+do_image_ostreecommit[lockfiles] += "${OSTREE_REPO}/ostree.lock"
+IMAGE_CMD_ostreecommit () {
     if ! ostree --repo=${OSTREE_REPO} refs 2>&1 > /dev/null; then
         ostree --repo=${OSTREE_REPO} init --mode=archive-z2
     fi
@@ -166,11 +138,9 @@ IMAGE_CMD_ostree () {
     if [ "${OSTREE_UPDATE_SUMMARY}" = "1" ]; then
         ostree --repo=${OSTREE_REPO} summary -u
     fi
-
-    rm -rf ${OSTREE_ROOTFS}
 }
 
-IMAGE_TYPEDEP_ostreepush = "ostree"
+IMAGE_TYPEDEP_ostreepush = "ostreecommit"
 do_image_ostreepush[depends] += "aktualizr-native:do_populate_sysroot ca-certificates-native:do_populate_sysroot"
 IMAGE_CMD_ostreepush () {
     # Print warnings if credetials are not set or if the file has not been found.
@@ -189,7 +159,7 @@ IMAGE_CMD_ostreepush () {
 }
 
 IMAGE_TYPEDEP_garagesign = "ostreepush"
-do_image_garagesign[depends] += "aktualizr-native:do_populate_sysroot"
+do_image_garagesign[depends] += "unzip-native:do_populate_sysroot"
 IMAGE_CMD_garagesign () {
     if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
         # if credentials are issued by a server that doesn't support offline signing, exit silently
@@ -197,11 +167,9 @@ IMAGE_CMD_garagesign () {
 
         java_version=$( java -version 2>&1 | awk -F '"' '/version/ {print $2}' )
         if [ "${java_version}" = "" ]; then
-            bberror "Java is required for synchronization with update backend, but is not installed on the host machine"
-            exit 1
+            bbfatal "Java is required for synchronization with update backend, but is not installed on the host machine"
         elif [ "${java_version}" \< "1.8" ]; then
-            bberror "Java version >= 8 is required for synchronization with update backend"
-            exit 1
+            bbfatal "Java version >= 8 is required for synchronization with update backend"
         fi
 
         rm -rf ${GARAGE_SIGN_REPO}
@@ -235,7 +203,7 @@ IMAGE_CMD_garagesign () {
                                     --length 0 \
                                     --url "${GARAGE_TARGET_URL}" \
                                     --sha256 ${ostree_target_hash} \
-                                    --hardwareids ${MACHINE}
+                                    --hardwareids ${SOTA_HARDWARE_ID}
             garage-sign targets sign --repo tufrepo \
                                      --home-dir ${GARAGE_SIGN_REPO} \
                                      --key-name=targets
@@ -252,14 +220,12 @@ IMAGE_CMD_garagesign () {
         rm -rf ${GARAGE_SIGN_REPO}
 
         if [ "$push_success" -ne "1" ]; then
-            bberror "Couldn't push to garage repository"
-            exit 1
+            bbfatal "Couldn't push to garage repository"
         fi
     fi
 }
 
-IMAGE_TYPEDEP_garagecheck = "ostreepush garagesign"
-do_image_garagecheck[depends] += "aktualizr-native:do_populate_sysroot"
+IMAGE_TYPEDEP_garagecheck = "garagesign"
 IMAGE_CMD_garagecheck () {
     if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
         # if credentials are issued by a server that doesn't support offline signing, exit silently
diff --git a/classes/image_types_ota.bbclass b/classes/image_types_ota.bbclass
index 03fe8d8..9883a68 100644
--- a/classes/image_types_ota.bbclass
+++ b/classes/image_types_ota.bbclass
@@ -1,15 +1,9 @@
 # Image to use with u-boot as BIOS and OSTree deployment system
 
-#inherit image_types
-
 # Boot filesystem size in MiB
 # OSTree updates may require some space on boot file system for
 # boot scripts, kernel and initramfs images
 #
-
-
-do_image_ota_ext4[depends] += "e2fsprogs-native:do_populate_sysroot"
-
 calculate_size () {
         BASE=$1
         SCALE=$2
@@ -43,34 +37,14 @@ calculate_size () {
         echo "${SIZE}"
 }
 
-export OSTREE_OSNAME
-export OSTREE_BRANCHNAME
-export OSTREE_REPO
-export OSTREE_BOOTLOADER
-
-export GARAGE_TARGET_NAME
-
-export OTA_SYSROOT="${WORKDIR}/ota-sysroot"
-
-## Common OTA image setup
-fakeroot do_otasetup () {
-        
-        if [ -z "$OSTREE_REPO" ]; then
-                bbfatal "OSTREE_REPO should be set in your local.conf"
-        fi
-
-        if [ -z "$OSTREE_OSNAME" ]; then
-                bbfatal "OSTREE_OSNAME should be set in your local.conf"
-        fi
-
-        if [ -z "$OSTREE_BRANCHNAME" ]; then
-                bbfatal "OSTREE_BRANCHNAME should be set in your local.conf"
-        fi
-
-        # HaX! Since we are using a peristent directory, we need to be sure to clean it on run.
-        mkdir -p ${OTA_SYSROOT}
-        rm -rf ${OTA_SYSROOT}/*
-
+OTA_SYSROOT = "${WORKDIR}/ota-sysroot"
+OTA_IMAGE_ROOTFS_task-image-ota = "${OTA_SYSROOT}"
+IMAGE_TYPEDEP_ota = "ostreecommit"
+do_image_ota[dirs] = "${OTA_SYSROOT}"
+do_image_ota[cleandirs] = "${OTA_SYSROOT}"
+do_image_ota[depends] = "${@'grub:do_populate_sysroot' if d.getVar('OSTREE_BOOTLOADER', True) == 'grub' else ''} \
+                         ${@'virtual/bootloader:do_deploy' if d.getVar('OSTREE_BOOTLOADER', True) == 'u-boot' else ''}"
+IMAGE_CMD_ota () {
         ostree admin --sysroot=${OTA_SYSROOT} init-fs ${OTA_SYSROOT}
         ostree admin --sysroot=${OTA_SYSROOT} os-init ${OSTREE_OSNAME}
         mkdir -p ${OTA_SYSROOT}/boot/loader.0
@@ -82,13 +56,12 @@ fakeroot do_otasetup () {
         elif [ "${OSTREE_BOOTLOADER}" = "u-boot" ]; then
                 touch ${OTA_SYSROOT}/boot/loader/uEnv.txt
         else
-                bberror "Invalid bootloader: ${OSTREE_BOOTLOADER}"
-        fi;
+                bbfatal "Invalid bootloader: ${OSTREE_BOOTLOADER}"
+        fi
 
         ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME})
 
         ostree --repo=${OTA_SYSROOT}/ostree/repo pull-local --remote=${OSTREE_OSNAME} ${OSTREE_REPO} ${ostree_target_hash}
-        export OSTREE_BOOT_PARTITION="/boot"
         kargs_list=""
         for arg in ${OSTREE_KERNEL_ARGS}; do
                 kargs_list="${kargs_list} --karg-append=$arg"
@@ -96,19 +69,14 @@ fakeroot do_otasetup () {
 
         ostree admin --sysroot=${OTA_SYSROOT} deploy ${kargs_list} --os=${OSTREE_OSNAME} ${ostree_target_hash}
 
-        # Copy deployment /home and /var/sota to sysroot
-        HOME_TMP=`mktemp -d ${WORKDIR}/home-tmp-XXXXX`
-
-        tar --xattrs --xattrs-include='*' -C ${HOME_TMP} -xf ${DEPLOY_DIR_IMAGE}/${IMAGE_LINK_NAME}.rootfs.ostree.tar.bz2 ./usr/homedirs ./var/local || true
-
         cp -a ${IMAGE_ROOTFS}/var/sota ${OTA_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/ || true
         # Create /var/sota if it doesn't exist yet
         mkdir -p ${OTA_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/sota
         # Ensure the permissions are correctly set
         chmod 700 ${OTA_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/sota
 
-        mv ${HOME_TMP}/var/local ${OTA_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/ || true
-        mv ${HOME_TMP}/usr/homedirs/home ${OTA_SYSROOT}/ || true
+        cp -a ${OSTREE_ROOTFS}/var/local ${OTA_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/ || true
+        cp -a ${OSTREE_ROOTFS}/usr/homedirs/home ${OTA_SYSROOT}/ || true
         # Ensure that /var/local exists (AGL symlinks /usr/local to /var/local)
         install -d ${OTA_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/local
         # Set package version for the first deployment
@@ -120,38 +88,26 @@ fakeroot do_otasetup () {
         fi
         mkdir -p ${OTA_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/sota/import
         echo "{\"${ostree_target_hash}\":\"${GARAGE_TARGET_NAME}-${target_version}\"}" > ${OTA_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/sota/import/installed_versions
-        echo "All done. Cleaning up dir: ${HOME_TMP}"
-        rm -rf ${HOME_TMP}
 }
 
+IMAGE_TYPEDEP_ota-ext4 = "ota"
+do_image_ota_ext4[depends] = "e2fsprogs-native:do_populate_sysroot"
 IMAGE_CMD_ota-ext4 () {
         # Calculate image type
-        OTA_ROOTFS_SIZE=$(calculate_size `du -ks $OTA_SYSROOT | cut -f 1`  "${IMAGE_OVERHEAD_FACTOR}" "${IMAGE_ROOTFS_SIZE}" "${IMAGE_ROOTFS_MAXSIZE}" `expr ${IMAGE_ROOTFS_EXTRA_SPACE}` "${IMAGE_ROOTFS_ALIGNMENT}")
+        OTA_ROOTFS_SIZE=$(calculate_size `du -ks ${OTA_SYSROOT} | cut -f 1`  "${IMAGE_OVERHEAD_FACTOR}" "${IMAGE_ROOTFS_SIZE}" "${IMAGE_ROOTFS_MAXSIZE}" `expr ${IMAGE_ROOTFS_EXTRA_SPACE}` "${IMAGE_ROOTFS_ALIGNMENT}")
 
-        if [ $OTA_ROOTFS_SIZE -lt 0 ]; then
+        if [ ${OTA_ROOTFS_SIZE} -lt 0 ]; then
                 bbfatal "create_ota failed to calculate OTA rootfs size!"
         fi
 
         eval local COUNT=\"0\"
         eval local MIN_COUNT=\"60\"
-        if [ $OTA_ROOTFS_SIZE -lt $MIN_COUNT ]; then
-                eval COUNT=\"$MIN_COUNT\"
+        if [ ${OTA_ROOTFS_SIZE} -lt ${MIN_COUNT} ]; then
+                eval COUNT=\"${MIN_COUNT}\"
         fi
 
-        dd if=/dev/zero of=${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.ota-ext4 seek=${OTA_ROOTFS_SIZE} count=$COUNT bs=1024
+        dd if=/dev/zero of=${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.ota-ext4 seek=${OTA_ROOTFS_SIZE} count=${COUNT} bs=1024
         mkfs.ext4 -O ^64bit ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.ota-ext4 -L otaroot -d ${OTA_SYSROOT}
 }
 
-IMAGE_CMD_ota-tar () {
-        tar -cf ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.ota-tar -C ${OTA_SYSROOT} .
-}
-
-do_otasetup[doc] = "Sets up the base ota rootfs used for subsequent image generation"
-do_otasetup[depends] += "virtual/fakeroot-native:do_populate_sysroot \
-                        ${@'grub:do_populate_sysroot' if d.getVar('OSTREE_BOOTLOADER', True) == 'grub' else ''} \
-                        ${@'virtual/bootloader:do_deploy' if d.getVar('OSTREE_BOOTLOADER', True) == 'u-boot' else ''}"
-
-addtask do_otasetup after do_image_ostree before do_image_ota_ext4 do_image_ota_tar
-
-IMAGE_TYPEDEP_ota-ext4 = "ostree"
-IMAGE_TYPEDEP_ota-tar = "ostree"
+do_image_wic[depends] += "${@bb.utils.contains('DISTRO_FEATURES', 'sota', '%s:do_image_ota_ext4' % d.getVar('IMAGE_BASENAME', True), '', d)}"
diff --git a/classes/sota.bbclass b/classes/sota.bbclass
index 98cc3de..93f59eb 100644
--- a/classes/sota.bbclass
+++ b/classes/sota.bbclass
@@ -1,9 +1,3 @@
-export BUILD_OTA_TARBALL
-python __anonymous() {
-    if bb.utils.contains('DISTRO_FEATURES', 'sota', True, False, d):
-        d.appendVarFlag("do_image_wic", "depends", " %s:do_image_ota_ext4" % d.getVar("IMAGE_BASENAME", True))
-}
-
 OVERRIDES .= "${@bb.utils.contains('DISTRO_FEATURES', 'sota', ':sota', '', d)}"
 
 HOSTTOOLS_NONFATAL += "java"
@@ -11,12 +5,14 @@ HOSTTOOLS_NONFATAL += "java"
 SOTA_CLIENT ??= "aktualizr"
 SOTA_CLIENT_PROV ??= "aktualizr-auto-prov"
 SOTA_DEPLOY_CREDENTIALS ?= "1"
+SOTA_HARDWARE_ID ??= "${MACHINE}"
 
 IMAGE_INSTALL_append_sota = " ostree os-release ${SOTA_CLIENT} ${SOTA_CLIENT_PROV}"
 IMAGE_CLASSES += " image_types_ostree image_types_ota"
 
 IMAGE_FSTYPES += "${@bb.utils.contains('DISTRO_FEATURES', 'sota', 'ostreepush garagesign garagecheck ota-ext4 wic', ' ', d)}"
-IMAGE_FSTYPES += "${@bb.utils.contains('BUILD_OTA_TARBALL', '1', 'ota-tar ota-tar.xz', ' ', d)}"
+IMAGE_FSTYPES += "${@bb.utils.contains('BUILD_OSTREE_TARBALL', '1', 'ostree.tar.bz2', ' ', d)}"
+IMAGE_FSTYPES += "${@bb.utils.contains('BUILD_OTA_TARBALL', '1', 'ota.tar.xz', ' ', d)}"
 
 PACKAGECONFIG_append_pn-curl = " ssl"
 PACKAGECONFIG_remove_pn-curl = "gnutls"
@@ -28,11 +24,13 @@ EXTRA_IMAGEDEPENDS_append_sota = " parted-native mtools-native dosfstools-native
 INITRAMFS_FSTYPES ??= "${@oe.utils.ifelse(d.getVar('OSTREE_BOOTLOADER', True) == 'u-boot', 'cpio.gz.u-boot', 'cpio.gz')}"
 
 # Please redefine OSTREE_REPO in order to have a persistent OSTree repo
-OSTREE_REPO ?= "${DEPLOY_DIR_IMAGE}/ostree_repo"
-OSTREE_BRANCHNAME ?= "${MACHINE}"
-OSTREE_OSNAME ?= "poky"
+export OSTREE_REPO ?= "${DEPLOY_DIR_IMAGE}/ostree_repo"
+export OSTREE_BRANCHNAME ?= "${SOTA_HARDWARE_ID}"
+export OSTREE_OSNAME ?= "poky"
+export OSTREE_BOOTLOADER ??= 'u-boot'
+export OSTREE_BOOT_PARTITION ??= "/boot"
+
 INITRAMFS_IMAGE ?= "initramfs-ostree-image"
-OSTREE_BOOTLOADER ??= 'u-boot'
 
 GARAGE_SIGN_REPO ?= "${DEPLOY_DIR_IMAGE}/garage_sign_repo"
 GARAGE_SIGN_KEYNAME ?= "garage-key"
@@ -48,6 +46,7 @@ SOTA_MACHINE_intel-corei7-64 ?= "minnowboard"
 SOTA_MACHINE_qemux86-64 ?= "qemux86-64"
 SOTA_MACHINE_am335x-evm ?= "am335x-evm-wifi"
 
-inherit sota_${SOTA_MACHINE}
+SOTA_OVERRIDES_BLACKLIST = "ostree ota"
+SOTA_REQUIRED_VARIABLES = "OSTREE_REPO OSTREE_BRANCHNAME OSTREE_OSNAME OSTREE_BOOTLOADER OSTREE_BOOT_PARTITION GARAGE_SIGN_REPO GARAGE_TARGET_NAME"
 
-inherit image_repo_manifest
+inherit sota_sanity sota_${SOTA_MACHINE} image_repo_manifest
diff --git a/classes/sota_sanity.bbclass b/classes/sota_sanity.bbclass
new file mode 100644
index 0000000..e47de19
--- /dev/null
+++ b/classes/sota_sanity.bbclass
@@ -0,0 +1,54 @@
+# Sanity check the sota setup for common misconfigurations
+
+def sota_check_overrides(status, d):
+    for var in (d.getVar('SOTA_OVERRIDES_BLACKLIST', True) or "").split():
+        if var in d.getVar('OVERRIDES', True).split(':'):
+            status.addresult("%s should not be a overrides, because it is a image fstype in updater layer, please check your OVERRIDES setting.\n" % var)
+
+def sota_check_required_variables(status, d):
+    for var in (d.getVar('SOTA_REQUIRED_VARIABLES', True) or "").split():
+        if not d.getVar(var, True):
+            status.addresult("%s should be set in your local.conf.\n" % var)
+
+def sota_raise_sanity_error(msg, d):
+    if d.getVar("SANITY_USE_EVENTS", True) == "1":
+        bb.event.fire(bb.event.SanityCheckFailed(msg), d)
+        return
+
+    bb.fatal("Sota's config sanity checker detected a potential misconfiguration.\n"
+             "Please fix the cause of this error then you can continue to build.\n"
+             "Following is the list of potential problems / advisories:\n"
+             "\n%s" % msg)
+
+def sota_check_sanity(sanity_data):
+    class SanityStatus(object):
+        def __init__(self):
+            self.messages = ""
+            self.reparse = False
+
+        def addresult(self, message):
+            if message:
+                self.messages = self.messages + message
+
+    status = SanityStatus()
+
+    sota_check_overrides(status, sanity_data)
+    sota_check_required_variables(status, sanity_data)
+
+    if status.messages != "":
+        sota_raise_sanity_error(sanity_data.expand(status.messages), sanity_data)
+
+addhandler sota_check_sanity_eventhandler
+sota_check_sanity_eventhandler[eventmask] = "bb.event.SanityCheck"
+
+python sota_check_sanity_eventhandler() {
+    if bb.event.getName(e) == "SanityCheck":
+        sanity_data = copy_data(e)
+        if e.generateevents:
+            sanity_data.setVar("SANITY_USE_EVENTS", "1")
+        reparse = sota_check_sanity(sanity_data)
+        e.data.setVar("BB_INVALIDCONF", reparse)
+        bb.event.fire(bb.event.SanityCheckPassed(), e.data)
+
+    return
+}
diff --git a/conf/distro/sota.conf.inc b/conf/distro/sota.conf.inc
index ea1ca95..8de9597 100644
--- a/conf/distro/sota.conf.inc
+++ b/conf/distro/sota.conf.inc
@@ -4,7 +4,7 @@
 #
 # require conf/distro/sota.conf.inc
 
-DISTRO_FEATURES_append = " sota"
+DISTRO_FEATURES_append = " sota usrmerge"
 DISTRO_FEATURES_NATIVE_append = " sota"
 INHERIT += " sota"
 # Prelinking increases the size of downloads and causes build errors
diff --git a/lib/oeqa/selftest/cases/updater.py b/lib/oeqa/selftest/cases/updater.py
index e4b2fa5..92bf6fc 100644
--- a/lib/oeqa/selftest/cases/updater.py
+++ b/lib/oeqa/selftest/cases/updater.py
@@ -36,6 +36,10 @@ class GeneralTests(OESelftestTestCase):
         result = get_bb_var('DISTRO_FEATURES').find('sota')
         self.assertNotEqual(result, -1, 'Feature "sota" not set at DISTRO_FEATURES')
 
+    def test_feature_usrmerge(self):
+        result = get_bb_var('DISTRO_FEATURES').find('usrmerge')
+        self.assertNotEqual(result, -1, 'Feature "sota" not set at DISTRO_FEATURES')
+
     def test_feature_systemd(self):
         result = get_bb_var('DISTRO_FEATURES').find('systemd')
         self.assertNotEqual(result, -1, 'Feature "systemd" not set at DISTRO_FEATURES')
@@ -103,7 +107,7 @@ class AktualizrToolsTests(OESelftestTestCase):
         bitbake('aktualizr-native')
 
     def test_cert_provider_help(self):
-        akt_native_run(self, 'aktualizr_cert_provider --help')
+        akt_native_run(self, 'aktualizr-cert-provider --help')
 
     def test_cert_provider_local_output(self):
         logger = logging.getLogger("selftest")
@@ -115,7 +119,7 @@ class AktualizrToolsTests(OESelftestTestCase):
         bb_vars_prov = get_bb_vars(['STAGING_DIR_HOST', 'libdir'], 'aktualizr-ca-implicit-prov')
         config = bb_vars_prov['STAGING_DIR_HOST'] + bb_vars_prov['libdir'] + '/sota/sota_implicit_prov_ca.toml'
 
-        akt_native_run(self, 'aktualizr_cert_provider -c {creds} -r -l {temp} -g {config}'
+        akt_native_run(self, 'aktualizr-cert-provider -c {creds} -r -l {temp} -g {config}'
                        .format(creds=creds, temp=temp_dir, config=config))
 
         # Might be nice if these names weren't hardcoded.
@@ -285,9 +289,9 @@ class RpiTests(OESelftestTestCase):
 
     def test_rpi(self):
         logger = logging.getLogger("selftest")
-        logger.info('Running bitbake to build rpi-basic-image')
+        logger.info('Running bitbake to build core-image-minimal')
         self.append_config('SOTA_CLIENT_PROV = "aktualizr-auto-prov"')
-        bitbake('rpi-basic-image')
+        bitbake('core-image-minimal')
         credentials = get_bb_var('SOTA_PACKED_CREDENTIALS')
         # Skip the test if the variable SOTA_PACKED_CREDENTIALS is not set.
         if credentials is None:
@@ -295,7 +299,7 @@ class RpiTests(OESelftestTestCase):
         # Check if the file exists.
         self.assertTrue(os.path.isfile(credentials), "File %s does not exist" % credentials)
         deploydir = get_bb_var('DEPLOY_DIR_IMAGE')
-        imagename = get_bb_var('IMAGE_LINK_NAME', 'rpi-basic-image')
+        imagename = get_bb_var('IMAGE_LINK_NAME', 'core-image-minimal')
         # Check if the credentials are included in the output image.
         result = runCmd('tar -jtvf %s/%s.tar.bz2 | grep sota_provisioning_credentials.zip' %
                         (deploydir, imagename), ignore_status=True)
@@ -424,14 +428,14 @@ class ImplProvTests(OESelftestTestCase):
         self.assertIn(b'Fetched metadata: no', stdout,
                       'Device already provisioned!? ' + stderr.decode() + stdout.decode())
 
-        # Run cert_provider.
+        # Run aktualizr-cert-provider.
         bb_vars = get_bb_vars(['SOTA_PACKED_CREDENTIALS'], 'aktualizr-native')
         creds = bb_vars['SOTA_PACKED_CREDENTIALS']
         bb_vars_prov = get_bb_vars(['STAGING_DIR_HOST', 'libdir'], 'aktualizr-ca-implicit-prov')
         config = bb_vars_prov['STAGING_DIR_HOST'] + bb_vars_prov['libdir'] + '/sota/sota_implicit_prov_ca.toml'
 
         print('Provisining at root@localhost:%d' % self.qemu.ssh_port)
-        akt_native_run(self, 'aktualizr_cert_provider -c {creds} -t root@localhost -p {port} -s -u -r -g {config}'
+        akt_native_run(self, 'aktualizr-cert-provider -c {creds} -t root@localhost -p {port} -s -u -r -g {config}'
                        .format(creds=creds, port=self.qemu.ssh_port, config=config))
 
         verifyProvisioned(self, machine)
@@ -509,13 +513,13 @@ class HsmTests(OESelftestTestCase):
         self.assertNotEqual(retcode, 0, 'softhsm2-tool succeeded before initialization: ' +
                         stdout.decode() + stderr.decode())
 
-        # Run cert_provider.
+        # Run aktualizr-cert-provider.
         bb_vars = get_bb_vars(['SOTA_PACKED_CREDENTIALS'], 'aktualizr-native')
         creds = bb_vars['SOTA_PACKED_CREDENTIALS']
         bb_vars_prov = get_bb_vars(['STAGING_DIR_HOST', 'libdir'], 'aktualizr-hsm-prov')
         config = bb_vars_prov['STAGING_DIR_HOST'] + bb_vars_prov['libdir'] + '/sota/sota_hsm_prov.toml'
 
-        akt_native_run(self, 'aktualizr_cert_provider -c {creds} -t root@localhost -p {port} -r -s -u -g {config}'
+        akt_native_run(self, 'aktualizr-cert-provider -c {creds} -t root@localhost -p {port} -r -s -u -g {config}'
                        .format(creds=creds, port=self.qemu.ssh_port, config=config))
 
         # Verify that HSM is able to initialize.
@@ -655,7 +659,13 @@ def qemu_launch(efi=False, machine=None, imagename=None):
     args.dir = 'tmp/deploy/images'
     args.efi = efi
     args.machine = machine
-    args.kvm = None  # Autodetect
+    qemu_use_kvm = get_bb_var("QEMU_USE_KVM")
+    if qemu_use_kvm and \
+       (qemu_use_kvm == 'True' and 'x86' in machine or \
+        get_bb_var('MACHINE') in qemu_use_kvm.split()):
+        args.kvm = True
+    else:
+        args.kvm = None  # Autodetect
     args.no_gui = True
     args.gdb = False
     args.pcap = None
diff --git a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb
index a729e6b..7420983 100644
--- a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb
+++ b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb
@@ -21,11 +21,11 @@ do_install() {
             SOTA_CACERT_PATH=${DEPLOY_DIR_IMAGE}/CA/cacert.pem
             SOTA_CAKEY_PATH=${DEPLOY_DIR_IMAGE}/CA/ca.private.pem
             mkdir -p ${DEPLOY_DIR_IMAGE}/CA
-            bbwarn "SOTA_CACERT_PATH is not specified, use default one at $SOTA_CACERT_PATH"
+            bbwarn "SOTA_CACERT_PATH is not specified, use default one at ${SOTA_CACERT_PATH}"
 
             if [ ! -f ${SOTA_CACERT_PATH} ]; then
                 bbwarn "${SOTA_CACERT_PATH} does not exist, generate a new CA"
-                SOTA_CACERT_DIR_PATH="$(dirname "$SOTA_CACERT_PATH")"
+                SOTA_CACERT_DIR_PATH="$(dirname "${SOTA_CACERT_PATH}")"
                 openssl genrsa -out ${SOTA_CACERT_DIR_PATH}/ca.private.pem 4096
                 openssl req -key ${SOTA_CACERT_DIR_PATH}/ca.private.pem -new -x509 -days 7300 -out ${SOTA_CACERT_PATH} -subj "/C=DE/ST=Berlin/O=Reis und Kichererbsen e.V/commonName=meta-updater" -batch -config ${WORKDIR}/ca.cnf -extensions cacert
                 bbwarn "${SOTA_CACERT_PATH} has been created, you'll need to upload it to the server"
@@ -33,13 +33,13 @@ do_install() {
         fi
 
         if [ -z ${SOTA_CAKEY_PATH} ]; then
-            bberror "SOTA_CAKEY_PATH should be set when using implicit provisioning"
+            bbfatal "SOTA_CAKEY_PATH should be set when using implicit provisioning"
         fi
 
         install -m 0700 -d ${D}${localstatedir}/sota
-        aktualizr_cert_provider --credentials ${SOTA_PACKED_CREDENTIALS} \
-                                --device-ca ${SOTA_CACERT_PATH} \
-                                --device-ca-key ${SOTA_CAKEY_PATH} \
+        aktualizr-cert-provider --credentials ${SOTA_PACKED_CREDENTIALS} \
+                                --fleet-ca ${SOTA_CACERT_PATH} \
+                                --fleet-ca-key ${SOTA_CAKEY_PATH} \
                                 --root-ca \
                                 --server-url \
                                 --local ${D} \
diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb
index 14de9fa..82449f0 100755
--- a/recipes-sota/aktualizr/aktualizr_git.bb
+++ b/recipes-sota/aktualizr/aktualizr_git.bb
@@ -27,7 +27,7 @@ SRC_URI = " \
   file://aktualizr-serialcan.service \
   "
 
-SRCREV = "4621a15779db38531fb386478232a9e8593e53f4"
+SRCREV = "348822d914f422a8d7b34a1e98cfdd1fa3cf816c"
 BRANCH ?= "master"
 
 S = "${WORKDIR}/git"
@@ -70,6 +70,10 @@ do_install_append () {
     install -m 0700 -d ${D}${libdir}/sota/conf.d
     install -m 0700 -d ${D}${sysconfdir}/sota/conf.d
 
+    if [ -n "${SOTA_HARDWARE_ID}" ]; then
+        echo "[provision]\nprimary_ecu_hardware_id = ${SOTA_HARDWARE_ID}\n" > ${D}${libdir}/sota/conf.d/40-hardware-id.toml
+    fi
+
     if [ -n "${SOTA_SECONDARY_CONFIG_DIR}" ]; then
         if [ -d "${SOTA_SECONDARY_CONFIG_DIR}" ]; then
             install -m 0700 -d ${D}${sysconfdir}/sota/ecus
@@ -106,12 +110,12 @@ FILES_${PN} = " \
                 "
 
 FILES_${PN}-examples = " \
-                ${bindir}/hmi_stub \
+                ${bindir}/hmi-stub \
                 "
 
 FILES_${PN}-host-tools = " \
                 ${bindir}/aktualizr-repo \
-                ${bindir}/aktualizr_cert_provider \
+                ${bindir}/aktualizr-cert-provider \
                 ${bindir}/garage-deploy \
                 ${bindir}/garage-push \
                 ${libdir}/sota/sota_autoprov.toml \
diff --git a/scripts/find_aktualizr_dependencies.sh b/scripts/find_aktualizr_dependencies.sh
index 786d8a9..986b541 100755
--- a/scripts/find_aktualizr_dependencies.sh
+++ b/scripts/find_aktualizr_dependencies.sh
@@ -11,11 +11,12 @@ parentdir="$(dirname "$0")"
 # those are common dependencies not enabled by default.
 ${parentdir}/find_dependencies.py aktualizr
 ${parentdir}/find_dependencies.py aktualizr-auto-prov
-${parentdir}/find_dependencies.py aktualizr-implicit-prov
+${parentdir}/find_dependencies.py aktualizr-auto-prov-creds
 ${parentdir}/find_dependencies.py aktualizr-ca-implicit-prov
+${parentdir}/find_dependencies.py aktualizr-ca-implicit-prov-creds
 ${parentdir}/find_dependencies.py aktualizr-hsm-prov
+${parentdir}/find_dependencies.py aktualizr-hsm-prov-creds
 ${parentdir}/find_dependencies.py aktualizr-disable-send-ip
-${parentdir}/find_dependencies.py aktualizr-example-interface
 ${parentdir}/find_dependencies.py aktualizr-log-debug
 ${parentdir}/find_dependencies.py libp11
 ${parentdir}/find_dependencies.py dpkg