summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPatrick Vacek <patrickvacek@gmail.com>2018-06-05 10:51:37 +0200
committerGitHub <noreply@github.com>2018-06-05 10:51:37 +0200
commit515c54a370cfbe10b4fbc99d7861b8a6b892f6b6 (patch)
tree2607bad9d924ac0eb895f0eac61c44057fa489eb
parent4402b4164587ce84bfac3d2ded59b3f3f40b0d4d (diff)
parentc1895c1d89dc4cc91cfeb7630239e941e405b64f (diff)
downloadmeta-updater-515c54a370cfbe10b4fbc99d7861b8a6b892f6b6.tar.gz
Merge pull request #330 from advancedtelematic/bugfix/implicit-and-certs-sumo
Bugfix/implicit and certs sumo
Diffstat
-rw-r--r--README.adoc6
-rw-r--r--classes/sota_qemux86-64.bbclass3
-rw-r--r--lib/oeqa/selftest/cases/updater.py3
-rw-r--r--recipes-sota/aktualizr/aktualizr-auto-prov.bb7
-rw-r--r--recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb11
-rw-r--r--recipes-sota/aktualizr/aktualizr-hsm-prov.bb12
-rw-r--r--recipes-sota/aktualizr/aktualizr-implicit-prov.bb10
-rwxr-xr-xrecipes-sota/aktualizr/aktualizr_git.bb6
-rw-r--r--recipes-sota/ostree/ostree_git.bb6
-rw-r--r--recipes-support/ca-certificates/ca-certificates_%.bbappend1
10 files changed, 36 insertions, 29 deletions
diff --git a/README.adoc b/README.adoc
index c47dd1d..75ee9ae 100644
--- a/README.adoc
+++ b/README.adoc
@@ -53,12 +53,6 @@ Although `aglsetup.sh` hooks provide reasonable defaults for SOTA-related variab
53 53
54=== Build problems 54=== Build problems
55 55
56Multilib systems may require adding this line to `local.conf`:
57
58....
59HOSTTOOLS += "x86_64-linux-gnu-gcc"
60....
61
62Ubuntu users that encounter an error due to missing `Python.h` should install `libpython2.7-dev` on their host machine. 56Ubuntu users that encounter an error due to missing `Python.h` should install `libpython2.7-dev` on their host machine.
63 57
64== Supported boards 58== Supported boards
diff --git a/classes/sota_qemux86-64.bbclass b/classes/sota_qemux86-64.bbclass
index 15b2043..82efe52 100644
--- a/classes/sota_qemux86-64.bbclass
+++ b/classes/sota_qemux86-64.bbclass
@@ -9,3 +9,6 @@ OSTREE_INITRAMFS_FSTYPES ?= "ext4.gz"
9OSTREE_KERNEL_ARGS ?= "ramdisk_size=16384 rw rootfstype=ext4 rootwait rootdelay=2 ostree_root=/dev/hda" 9OSTREE_KERNEL_ARGS ?= "ramdisk_size=16384 rw rootfstype=ext4 rootwait rootdelay=2 ostree_root=/dev/hda"
10 10
11IMAGE_ROOTFS_EXTRA_SPACE = "${@bb.utils.contains('DISTRO_FEATURES', 'sota', '65536', '', d)}" 11IMAGE_ROOTFS_EXTRA_SPACE = "${@bb.utils.contains('DISTRO_FEATURES', 'sota', '65536', '', d)}"
12
13# fix for u-boot/swig build issue
14HOSTTOOLS_NONFATAL += "x86_64-linux-gnu-gcc"
diff --git a/lib/oeqa/selftest/cases/updater.py b/lib/oeqa/selftest/cases/updater.py
index dc3f3a2..0253a84 100644
--- a/lib/oeqa/selftest/cases/updater.py
+++ b/lib/oeqa/selftest/cases/updater.py
@@ -439,8 +439,7 @@ class HsmTests(OESelftestTestCase):
439 # Strip off line ending. 439 # Strip off line ending.
440 value = stdout.decode()[:-1] 440 value = stdout.decode()[:-1]
441 self.assertEqual(value, machine, 441 self.assertEqual(value, machine,
442 'MACHINE does not match hostname: ' + machine + ', ' + value + 442 'MACHINE does not match hostname: ' + machine + ', ' + value)
443 '\nIs tianocore ovmf installed?')
444 print(value) 443 print(value)
445 print('Checking output of aktualizr-info:') 444 print('Checking output of aktualizr-info:')
446 ran_ok = False 445 ran_ok = False
diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov.bb b/recipes-sota/aktualizr/aktualizr-auto-prov.bb
index 8deee7e..7f4f2e4 100644
--- a/recipes-sota/aktualizr/aktualizr-auto-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-auto-prov.bb
@@ -1,5 +1,5 @@
1SUMMARY = "Aktualizr configuration for autoprovisioning" 1SUMMARY = "Aktualizr configuration for autoprovisioning"
2DESCRIPTION = "Systemd service and configurations for autoprovisioning Aktualizr, the SOTA Client application written in C++" 2DESCRIPTION = "Configuration for automatically provisioning Aktualizr, the SOTA Client application written in C++"
3HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" 3HOMEPAGE = "https://github.com/advancedtelematic/aktualizr"
4SECTION = "base" 4SECTION = "base"
5LICENSE = "MPL-2.0" 5LICENSE = "MPL-2.0"
@@ -35,7 +35,8 @@ do_install() {
35 if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then 35 if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
36 aktualizr_toml=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-network', 'sota_autoprov_primary.toml', 'sota_autoprov.toml', d)} 36 aktualizr_toml=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-network', 'sota_autoprov_primary.toml', 'sota_autoprov.toml', d)}
37 37
38 install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/${aktualizr_toml} ${D}${libdir}/sota/conf.d/20-sota.toml 38 install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/${aktualizr_toml} \
39 ${D}${libdir}/sota/conf.d/20-${aktualizr_toml}.toml
39 40
40 # deploy SOTA credentials 41 # deploy SOTA credentials
41 if [ -e ${SOTA_PACKED_CREDENTIALS} ]; then 42 if [ -e ${SOTA_PACKED_CREDENTIALS} ]; then
@@ -48,7 +49,7 @@ do_install() {
48 49
49FILES_${PN} = " \ 50FILES_${PN} = " \
50 ${libdir}/sota/conf.d \ 51 ${libdir}/sota/conf.d \
51 ${libdir}/sota/conf.d/20-sota.toml \ 52 ${libdir}/sota/conf.d/20-${aktualizr_toml}.toml \
52 ${localstatedir}/sota \ 53 ${localstatedir}/sota \
53 ${localstatedir}/sota/sota_provisioning_credentials.zip \ 54 ${localstatedir}/sota/sota_provisioning_credentials.zip \
54 " 55 "
diff --git a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb
index 319074e..4d5ff79 100644
--- a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb
@@ -1,5 +1,5 @@
1SUMMARY = "Aktualizr configuration for implicit provisioning with CA" 1SUMMARY = "Aktualizr configuration for implicit provisioning with CA"
2DESCRIPTION = "Systemd service and configurations for implicitly provisioning Aktualizr using externally provided or generated CA" 2DESCRIPTION = "Configuration for implicitly provisioning Aktualizr using externally provided or generated CA"
3 3
4# WARNING: it is NOT a production solution. The secure way to provision devices is to create certificate request directly on the device 4# WARNING: it is NOT a production solution. The secure way to provision devices is to create certificate request directly on the device
5# (either with HSM/TPM or with software) and then sign it with a CA stored on a disconnected machine 5# (either with HSM/TPM or with software) and then sign it with a CA stored on a disconnected machine
@@ -36,7 +36,7 @@ do_install() {
36 SOTA_CACERT_PATH=${DEPLOY_DIR_IMAGE}/CA/cacert.pem 36 SOTA_CACERT_PATH=${DEPLOY_DIR_IMAGE}/CA/cacert.pem
37 SOTA_CAKEY_PATH=${DEPLOY_DIR_IMAGE}/CA/ca.private.pem 37 SOTA_CAKEY_PATH=${DEPLOY_DIR_IMAGE}/CA/ca.private.pem
38 mkdir -p ${DEPLOY_DIR_IMAGE}/CA 38 mkdir -p ${DEPLOY_DIR_IMAGE}/CA
39 bbwarn "SOTA_CACERT_PATH is not specified, use default one at $SOTA_CACERT_PATH" 39 bbwarn "SOTA_CACERT_PATH is not specified, use default one at $SOTA_CACERT_PATH"
40 40
41 if [ ! -f ${SOTA_CACERT_PATH} ]; then 41 if [ ! -f ${SOTA_CACERT_PATH} ]; then
42 bbwarn "${SOTA_CACERT_PATH} does not exist, generate a new CA" 42 bbwarn "${SOTA_CACERT_PATH} does not exist, generate a new CA"
@@ -52,19 +52,20 @@ do_install() {
52 fi 52 fi
53 53
54 install -m 0700 -d ${D}${localstatedir}/sota 54 install -m 0700 -d ${D}${localstatedir}/sota
55 install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov_ca.toml ${D}${libdir}/sota/conf.d/20-sota.toml 55 install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov_ca.toml \
56 ${D}${libdir}/sota/conf.d/20-sota_implicit_prov_ca.toml
56 aktualizr_cert_provider --credentials ${SOTA_PACKED_CREDENTIALS} \ 57 aktualizr_cert_provider --credentials ${SOTA_PACKED_CREDENTIALS} \
57 --device-ca ${SOTA_CACERT_PATH} \ 58 --device-ca ${SOTA_CACERT_PATH} \
58 --device-ca-key ${SOTA_CAKEY_PATH} \ 59 --device-ca-key ${SOTA_CAKEY_PATH} \
59 --root-ca \ 60 --root-ca \
60 --server-url \ 61 --server-url \
61 --local ${D}${localstatedir}/sota \ 62 --local ${D}${localstatedir}/sota \
62 --config ${D}${libdir}/sota/conf.d/20-sota.toml 63 --config ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov_ca.toml
63} 64}
64 65
65FILES_${PN} = " \ 66FILES_${PN} = " \
66 ${libdir}/sota/conf.d \ 67 ${libdir}/sota/conf.d \
67 ${libdir}/sota/conf.d/20-sota.toml \ 68 ${libdir}/sota/conf.d/20-sota_implicit_prov_ca.toml \
68 ${libdir}/sota/root.crt \ 69 ${libdir}/sota/root.crt \
69 ${localstatedir}/sota/* \ 70 ${localstatedir}/sota/* \
70 " 71 "
diff --git a/recipes-sota/aktualizr/aktualizr-hsm-prov.bb b/recipes-sota/aktualizr/aktualizr-hsm-prov.bb
index 504f0d8..d526cd2 100644
--- a/recipes-sota/aktualizr/aktualizr-hsm-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-hsm-prov.bb
@@ -1,12 +1,12 @@
1SUMMARY = "Aktualizr configuration with HSM support" 1SUMMARY = "Aktualizr configuration with HSM support"
2DESCRIPTION = "Systemd service and configurations for HSM provisioning with Aktualizr, the SOTA Client application written in C++" 2DESCRIPTION = "Configuration for HSM provisioning with Aktualizr, the SOTA Client application written in C++"
3HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" 3HOMEPAGE = "https://github.com/advancedtelematic/aktualizr"
4SECTION = "base" 4SECTION = "base"
5LICENSE = "MPL-2.0" 5LICENSE = "MPL-2.0"
6LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE;md5=9741c346eef56131163e13b9db1241b3" 6LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE;md5=9741c346eef56131163e13b9db1241b3"
7 7
8DEPENDS = "aktualizr-native" 8DEPENDS = "aktualizr-native"
9RDEPENDS_${PN} = "aktualizr softhsm softhsm-testtoken" 9RDEPENDS_${PN} = "aktualizr"
10 10
11SRC_URI = " \ 11SRC_URI = " \
12 file://LICENSE \ 12 file://LICENSE \
@@ -19,15 +19,19 @@ require credentials.inc
19 19
20do_install() { 20do_install() {
21 install -m 0700 -d ${D}${libdir}/sota/conf.d 21 install -m 0700 -d ${D}${libdir}/sota/conf.d
22 install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_hsm_prov.toml \
23 ${D}${libdir}/sota/conf.d/20-sota_hsm_prov.toml
22 if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then 24 if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
23 aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} --no-root-ca \ 25 aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} --no-root-ca \
24 -i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_hsm_prov.toml -o ${D}${libdir}/sota/conf.d/20-sota.toml -p ${D} 26 -i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_hsm_prov.toml \
27 -o ${D}${libdir}/sota/conf.d/30-implicit_server.toml -p ${D}
25 fi 28 fi
26} 29}
27 30
28FILES_${PN} = " \ 31FILES_${PN} = " \
29 ${libdir}/sota/conf.d \ 32 ${libdir}/sota/conf.d \
30 ${libdir}/sota/conf.d/20-sota.toml \ 33 ${libdir}/sota/conf.d/20-sota_hsm_prov.toml \
34 ${libdir}/sota/conf.d/30-implicit_server.toml \
31 " 35 "
32 36
33# vim:set ts=4 sw=4 sts=4 expandtab: 37# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
index dcfaffb..e08eeef 100644
--- a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
@@ -1,5 +1,5 @@
1SUMMARY = "Aktualizr configuration for implicit provisioning" 1SUMMARY = "Aktualizr configuration for implicit provisioning"
2DESCRIPTION = "Systemd service and configurations for implicitly provisioning Aktualizr, the SOTA Client application written in C++" 2DESCRIPTION = "Configuration for implicitly provisioning Aktualizr, the SOTA Client application written in C++"
3HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" 3HOMEPAGE = "https://github.com/advancedtelematic/aktualizr"
4SECTION = "base" 4SECTION = "base"
5LICENSE = "MPL-2.0" 5LICENSE = "MPL-2.0"
@@ -19,15 +19,19 @@ require credentials.inc
19 19
20do_install() { 20do_install() {
21 install -m 0700 -d ${D}${libdir}/sota/conf.d 21 install -m 0700 -d ${D}${libdir}/sota/conf.d
22 install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov.toml \
23 ${D}${libdir}/sota/conf.d/20-sota_implicit_prov.toml
22 if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then 24 if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
23 aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} \ 25 aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} \
24 -i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov.toml -o ${D}${libdir}/sota/conf.d/20-sota.toml -p ${D} 26 -i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov.toml \
27 -o ${D}${libdir}/sota/conf.d/30-implicit_server.toml -p ${D}
25 fi 28 fi
26} 29}
27 30
28FILES_${PN} = " \ 31FILES_${PN} = " \
29 ${libdir}/sota/conf.d \ 32 ${libdir}/sota/conf.d \
30 ${libdir}/sota/conf.d/20-sota.toml \ 33 ${libdir}/sota/conf.d/20-implicit_prov.toml \
34 ${libdir}/sota/conf.d/30-implicit_server.toml \
31 ${libdir}/sota/root.crt \ 35 ${libdir}/sota/root.crt \
32 " 36 "
33 37
diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb
index 2c0d59f..8dc4b31 100755
--- a/recipes-sota/aktualizr/aktualizr_git.bb
+++ b/recipes-sota/aktualizr/aktualizr_git.bb
@@ -10,7 +10,8 @@ DEPENDS_append_class-target = "ostree ${@bb.utils.contains('SOTA_CLIENT_FEATURES
10DEPENDS_append_class-native = "glib-2.0-native " 10DEPENDS_append_class-native = "glib-2.0-native "
11 11
12RDEPENDS_${PN}_class-target = "lshw " 12RDEPENDS_${PN}_class-target = "lshw "
13RDEPENDS_${PN}_append_class-target = " ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'serialcan', ' slcand-start', '', d)} " 13RDEPENDS_${PN}_append_class-target = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'serialcan', ' slcand-start', '', d)} "
14RDEPENDS_${PN}_append_class-target = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', ' softhsm softhsm-testtoken', '', d)}"
14 15
15PV = "1.0+git${SRCPV}" 16PV = "1.0+git${SRCPV}"
16PR = "7" 17PR = "7"
@@ -22,7 +23,7 @@ SRC_URI = " \
22 file://aktualizr-secondary.socket \ 23 file://aktualizr-secondary.socket \
23 file://aktualizr-serialcan.service \ 24 file://aktualizr-serialcan.service \
24 " 25 "
25SRCREV = "3b89858cf8ce9a8331cc4e6a5d2b5783d2eb7ae9" 26SRCREV = "114dc6c519ca9a605d73ad292821348607d0fa12"
26BRANCH ?= "master" 27BRANCH ?= "master"
27 28
28S = "${WORKDIR}/git" 29S = "${WORKDIR}/git"
@@ -98,6 +99,7 @@ FILES_${PN}-examples = " \
98 " 99 "
99 100
100FILES_${PN}-host-tools = " \ 101FILES_${PN}-host-tools = " \
102 ${bindir}/aktualizr-repo \
101 ${bindir}/aktualizr_cert_provider \ 103 ${bindir}/aktualizr_cert_provider \
102 ${bindir}/aktualizr_implicit_writer \ 104 ${bindir}/aktualizr_implicit_writer \
103 ${bindir}/garage-deploy \ 105 ${bindir}/garage-deploy \
diff --git a/recipes-sota/ostree/ostree_git.bb b/recipes-sota/ostree/ostree_git.bb
index cdcb485..afb767f 100644
--- a/recipes-sota/ostree/ostree_git.bb
+++ b/recipes-sota/ostree/ostree_git.bb
@@ -2,7 +2,7 @@ SUMMARY = "Tool for managing bootable, immutable, versioned filesystem trees"
2LICENSE = "GPLv2+" 2LICENSE = "GPLv2+"
3LIC_FILES_CHKSUM = "file://COPYING;md5=5f30f0716dfdd0d91eb439ebec522ec2" 3LIC_FILES_CHKSUM = "file://COPYING;md5=5f30f0716dfdd0d91eb439ebec522ec2"
4 4
5inherit autotools-brokensep pkgconfig systemd gobject-introspection 5inherit autotools pkgconfig systemd gobject-introspection
6 6
7INHERIT_remove_class-native = "systemd" 7INHERIT_remove_class-native = "systemd"
8 8
@@ -11,7 +11,7 @@ SRC_URI = "gitsm://github.com/ostreedev/ostree.git;branch=master"
11SRCREV="854a823e05d6fe8b610c02c2a71eaeb2bf1e98a6" 11SRCREV="854a823e05d6fe8b610c02c2a71eaeb2bf1e98a6"
12 12
13PV = "v2017.13" 13PV = "v2017.13"
14PR = "1" 14PR = "2"
15 15
16S = "${WORKDIR}/git" 16S = "${WORKDIR}/git"
17 17
@@ -49,7 +49,7 @@ export STAGING_LIBDIR
49 49
50do_configure() { 50do_configure() {
51 unset docdir 51 unset docdir
52 NOCONFIGURE=1 ./autogen.sh 52 NOCONFIGURE=1 "${S}/autogen.sh"
53 oe_runconf 53 oe_runconf
54} 54}
55 55
diff --git a/recipes-support/ca-certificates/ca-certificates_%.bbappend b/recipes-support/ca-certificates/ca-certificates_%.bbappend
deleted file mode 100644
index cc95a68..0000000
--- a/recipes-support/ca-certificates/ca-certificates_%.bbappend
+++ /dev/null
@@ -1 +0,0 @@
1SYSROOT_DIRS += "${sysconfdir}"
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-25 20:01:02 +0000