summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAnton Gerasimov <anton@advancedtelematic.com>2017-05-17 17:16:00 +0200
committerAnton Gerasimov <anton@advancedtelematic.com>2017-05-24 15:29:55 +0200
commit5c36fff1607aa645f5f522d42dcd28d70d070f3b (patch)
tree1423ac87b509bdd8e1ad2445f9805fa4fa3cd21c
parent221a3753efeb67ea2c5e06dc7033c03385d37a00 (diff)
downloadmeta-updater-5c36fff1607aa645f5f522d42dcd28d70d070f3b.tar.gz
Add support for zipped credentials
-rw-r--r--classes/image_types_ostree.bbclass48
-rw-r--r--recipes-sota/rvi-sota-client/rvi-sota-client_git.bb16
2 files changed, 50 insertions, 14 deletions
diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass
index 59d4510..03b9c68 100644
--- a/classes/image_types_ostree.bbclass
+++ b/classes/image_types_ostree.bbclass
@@ -3,6 +3,7 @@
3inherit image 3inherit image
4 4
5IMAGE_DEPENDS_ostree = "ostree-native:do_populate_sysroot \ 5IMAGE_DEPENDS_ostree = "ostree-native:do_populate_sysroot \
6 openssl-native:do_populate_sysroot \
6 virtual/kernel:do_deploy \ 7 virtual/kernel:do_deploy \
7 ${OSTREE_INITRAMFS_IMAGE}:do_image_complete" 8 ${OSTREE_INITRAMFS_IMAGE}:do_image_complete"
8 9
@@ -16,6 +17,36 @@ OSTREE_KERNEL ??= "${KERNEL_IMAGETYPE}"
16 17
17export SYSTEMD_USED = "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', '', d)}" 18export SYSTEMD_USED = "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', '', d)}"
18 19
20python () {
21 if d.getVar("SOTA_PACKED_CREDENTIALS", True):
22 if d.getVar("SOTA_AUTOPROVISION_CREDENTIALS", True):
23 bb.warn("SOTA_AUTOPROVISION_CREDENTIALS are overriden by those in SOTA_PACKED_CREDENTIALS")
24 if d.getVar("SOTA_AUTOPROVISION_URL", True):
25 bb.warn("SOTA_AUTOPROVISION_URL is overriden by one in SOTA_PACKED_CREDENTIALS")
26
27 if d.getVar("SOTA_AUTOPROVISION_URL_FILE", True):
28 bb.warn("SOTA_AUTOPROVISION_URL_FILE is overriden by one in SOTA_PACKED_CREDENTIALS")
29
30 if d.getVar("OSTREE_PUSH_CREDENTIALS", True):
31 bb.warn("OSTREE_PUSH_CREDENTIALS are overriden by those in SOTA_PACKED_CREDENTIALS")
32
33 d.setVar("SOTA_AUTOPROVISION_CREDENTIALS", "%s/sota_credentials/autoprov_credentials.p12" % d.getVar("DEPLOY_DIR_IMAGE", True))
34 d.setVar("SOTA_AUTOPROVISION_URL_FILE", "%s/sota_credentials/autoprov.url" % d.getVar("DEPLOY_DIR_IMAGE", True))
35 d.setVar("OSTREE_PUSH_CREDENTIALS", "%s/sota_credentials/treehub.json" % d.getVar("DEPLOY_DIR_IMAGE", True))
36}
37
38IMAGE_DEPENDS_osreecredunpack = "unzip-native:do_populate_sysroot"
39
40IMAGE_CMD_ostreecredunpack () {
41 if [ ${SOTA_PACKED_CREDENTIALS} ]; then
42 rm -rf ${DEPLOY_DIR_IMAGE}/sota_credentials
43
44 unzip ${SOTA_PACKED_CREDENTIALS} -d ${DEPLOY_DIR_IMAGE}/sota_credentials
45 fi
46}
47
48IMAGE_TYPEDEP_ostree = "ostreecredunpack"
49
19IMAGE_CMD_ostree () { 50IMAGE_CMD_ostree () {
20 if [ -z "$OSTREE_REPO" ]; then 51 if [ -z "$OSTREE_REPO" ]; then
21 bbfatal "OSTREE_REPO should be set in your local.conf" 52 bbfatal "OSTREE_REPO should be set in your local.conf"
@@ -114,6 +145,23 @@ IMAGE_CMD_ostree () {
114 ln -sf var/roothome root 145 ln -sf var/roothome root
115 fi 146 fi
116 147
148 # deploy SOTA credentials
149 if [ -n "${SOTA_AUTOPROVISION_CREDENTIALS}" ]; then
150 EXPDATE=`openssl pkcs12 -in ${SOTA_AUTOPROVISION_CREDENTIALS} -password "pass:" -nodes 2>/dev/null | openssl x509 -noout -enddate | cut -f2 -d "="`
151
152 if [ `date +%s` -ge `date -d "${EXPDATE}" +%s` ]; then
153 bberror "Certificate ${SOTA_AUTOPROVISION_CREDENTIALS} has expired on ${EXPDATE}"
154 fi
155
156 mkdir -p var/sota
157 cp ${SOTA_AUTOPROVISION_CREDENTIALS} var/sota/sota_provisioning_credentials.p12
158 if [ -n "${SOTA_AUTOPROVISION_URL_FILE}" ]; then
159 export SOTA_AUTOPROVISION_URL=`cat ${SOTA_AUTOPROVISION_URL_FILE}`
160 fi
161 echo "SOTA_GATEWAY_URI=${SOTA_AUTOPROVISION_URL}" > var/sota/sota_provisioning_url.env
162 fi
163
164
117 # Creating boot directories is required for "ostree admin deploy" 165 # Creating boot directories is required for "ostree admin deploy"
118 166
119 mkdir -p boot/loader.0 167 mkdir -p boot/loader.0
diff --git a/recipes-sota/rvi-sota-client/rvi-sota-client_git.bb b/recipes-sota/rvi-sota-client/rvi-sota-client_git.bb
index 9a3dbf9..9ba11ea 100644
--- a/recipes-sota/rvi-sota-client/rvi-sota-client_git.bb
+++ b/recipes-sota/rvi-sota-client/rvi-sota-client_git.bb
@@ -153,6 +153,7 @@ RDEPENDS_${PN} = " libcrypto \
153 python-json \ 153 python-json \
154 " 154 "
155 155
156export SOTA_PACKED_CREDENTIALS
156export SOTA_AUTOPROVISION_CREDENTIALS 157export SOTA_AUTOPROVISION_CREDENTIALS
157export SOTA_AUTOPROVISION_URL 158export SOTA_AUTOPROVISION_URL
158 159
@@ -171,7 +172,7 @@ do_install() {
171 172
172 if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then 173 if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
173 install -d ${D}/${systemd_unitdir}/system 174 install -d ${D}/${systemd_unitdir}/system
174 if [ -n "$SOTA_AUTOPROVISION_CREDENTIALS" ]; then 175 if [ -n "$SOTA_AUTOPROVISION_CREDENTIALS" -o -n "$SOTA_PACKED_CREDENTIALS" ]; then
175 install -c ${S}/run/sota_client_uptane_auto.service ${D}${systemd_unitdir}/system/sota_client.service 176 install -c ${S}/run/sota_client_uptane_auto.service ${D}${systemd_unitdir}/system/sota_client.service
176 else 177 else
177 install -c ${S}/run/sota_client_ostree.service ${D}${systemd_unitdir}/system/sota_client.service 178 install -c ${S}/run/sota_client_ostree.service ${D}${systemd_unitdir}/system/sota_client.service
@@ -184,17 +185,4 @@ do_install() {
184 install -c ${S}/run/sota_certificates ${D}${sysconfdir} 185 install -c ${S}/run/sota_certificates ${D}${sysconfdir}
185 ln -fs /lib ${D}/lib64 186 ln -fs /lib ${D}/lib64
186 187
187 if [ -n "$SOTA_AUTOPROVISION_CREDENTIALS" ]; then
188 EXPDATE=`openssl pkcs12 -in $SOTA_AUTOPROVISION_CREDENTIALS -password "pass:" -nodes 2>/dev/null | openssl x509 -noout -enddate | cut -f2 -d "="`
189
190 if [ `date +%s` -ge `date -d "${EXPDATE}" +%s` ]; then
191 bberror "Certificate ${SOTA_AUTOPROVISION_CREDENTIALS} has expired on ${EXPDATE}"
192 fi
193
194 install -d ${D}/var
195 install -d ${D}/var/sota
196 install -m 0655 $SOTA_AUTOPROVISION_CREDENTIALS ${D}/var/sota/sota_provisioning_credentials.p12
197 echo "SOTA_GATEWAY_URI=$SOTA_AUTOPROVISION_URL" > ${D}/var/sota/sota_provisioning_url.env
198 fi
199
200} 188}