diff options
author | Anton Gerasimov <anton@advancedtelematic.com> | 2017-09-08 17:11:33 +0200 |
---|---|---|
committer | Anton Gerasimov <anton@advancedtelematic.com> | 2017-09-13 11:53:33 +0200 |
commit | 4a7366c4f161a98611a292394a9662a0c507f904 (patch) | |
tree | 2b71f99717dec2b17c23684bc20311c926489d32 | |
parent | 6db91a2e484ab026dd50817147beed31c49abc2b (diff) | |
download | meta-updater-4a7366c4f161a98611a292394a9662a0c507f904.tar.gz |
Add recipes to test pkcs11 functionality in Aktualizr
10 files changed, 290 insertions, 2 deletions
diff --git a/classes/sota.bbclass b/classes/sota.bbclass index c825143..d3b66e0 100644 --- a/classes/sota.bbclass +++ b/classes/sota.bbclass | |||
@@ -18,7 +18,7 @@ EXTRA_IMAGEDEPENDS_append_sota = " parted-native mtools-native dosfstools-native | |||
18 | # Please redefine OSTREE_REPO in order to have a persistent OSTree repo | 18 | # Please redefine OSTREE_REPO in order to have a persistent OSTree repo |
19 | OSTREE_REPO ?= "${DEPLOY_DIR_IMAGE}/ostree_repo" | 19 | OSTREE_REPO ?= "${DEPLOY_DIR_IMAGE}/ostree_repo" |
20 | # For UPTANE operation, OSTREE_BRANCHNAME must start with "${MACHINE}-" | 20 | # For UPTANE operation, OSTREE_BRANCHNAME must start with "${MACHINE}-" |
21 | OSTREE_BRANCHNAME ?= "${MACHINE}-ota" | 21 | OSTREE_BRANCHNAME ?= "${MACHINE}" |
22 | OSTREE_OSNAME ?= "poky" | 22 | OSTREE_OSNAME ?= "poky" |
23 | OSTREE_INITRAMFS_IMAGE ?= "initramfs-ostree-image" | 23 | OSTREE_INITRAMFS_IMAGE ?= "initramfs-ostree-image" |
24 | 24 | ||
diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index e02442a..716b759 100644 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb | |||
@@ -7,6 +7,11 @@ LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=9741c346eef56131163e13b9db1241b3" | |||
7 | DEPENDS = "boost curl openssl jansson libsodium ostree" | 7 | DEPENDS = "boost curl openssl jansson libsodium ostree" |
8 | RDEPENDS_${PN} = "lshw" | 8 | RDEPENDS_${PN} = "lshw" |
9 | 9 | ||
10 | DEPENDS_append = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', ' libp11', '', d)}" | ||
11 | |||
12 | RDEPENDS_${PN}_append = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', ' engine-pkcs11', '', d)}" | ||
13 | RDEPENDS_${PN}_append = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm-test', ' softhsm softhsm-testtoken', '', d)}" | ||
14 | |||
10 | SRC_URI = " \ | 15 | SRC_URI = " \ |
11 | git://github.com/advancedtelematic/aktualizr \ | 16 | git://github.com/advancedtelematic/aktualizr \ |
12 | " | 17 | " |
diff --git a/recipes-support/glib-networking/glib-networking_%.bbappend b/recipes-support/glib-networking/glib-networking_%.bbappend index 1c4fe19..22e6f05 100644 --- a/recipes-support/glib-networking/glib-networking_%.bbappend +++ b/recipes-support/glib-networking/glib-networking_%.bbappend | |||
@@ -2,5 +2,7 @@ BBCLASSEXTEND_append_sota = " native nativesdk" | |||
2 | 2 | ||
3 | # Hackery to prevent relocatable_native_pcfiles from crashing | 3 | # Hackery to prevent relocatable_native_pcfiles from crashing |
4 | do_install_append_class-native () { | 4 | do_install_append_class-native () { |
5 | rmdir ${D}${libdir}/pkgconfig | 5 | if [ -d ${D}${libdir}/pkgconfig ]; then |
6 | rmdir ${D}${libdir}/pkgconfig | ||
7 | fi | ||
6 | } | 8 | } |
diff --git a/recipes-support/sc-hsm-embedded/files/0001-Cross-compilation-tweaks.patch b/recipes-support/sc-hsm-embedded/files/0001-Cross-compilation-tweaks.patch new file mode 100644 index 0000000..b3a7622 --- /dev/null +++ b/recipes-support/sc-hsm-embedded/files/0001-Cross-compilation-tweaks.patch | |||
@@ -0,0 +1,86 @@ | |||
1 | From b6add28acb884b6006216e8422cc18504483c72e Mon Sep 17 00:00:00 2001 | ||
2 | From: Anton Gerasimov <anton@advancedtelematic.com> | ||
3 | Date: Fri, 8 Sep 2017 15:08:40 +0200 | ||
4 | Subject: [PATCH] Cross-compilation tweaks | ||
5 | |||
6 | --- | ||
7 | m4/acx_openssl.m4 | 2 ++ | ||
8 | m4/acx_openssl_ecc.m4 | 3 +++ | ||
9 | m4/acx_openssl_fips.m4 | 2 ++ | ||
10 | m4/acx_openssl_gost.m4 | 2 ++ | ||
11 | 4 files changed, 9 insertions(+) | ||
12 | |||
13 | diff --git a/m4/acx_openssl.m4 b/m4/acx_openssl.m4 | ||
14 | index e90c78f..9de6055 100644 | ||
15 | --- a/m4/acx_openssl.m4 | ||
16 | +++ b/m4/acx_openssl.m4 | ||
17 | @@ -25,6 +25,7 @@ AC_DEFUN([ACX_OPENSSL],[ | ||
18 | AC_CHECK_HEADERS([openssl/ssl.h],,[AC_MSG_ERROR([Can't find OpenSSL headers])]) | ||
19 | AC_CHECK_LIB(crypto, BN_new,,[AC_MSG_ERROR([Can't find OpenSSL library])]) | ||
20 | |||
21 | + if test "$cross_compiling" != yes; then | ||
22 | AC_MSG_CHECKING([for OpenSSL version]) | ||
23 | CHECK_OPENSSL_VERSION=m4_format(0x%02x%02x%02x000L, $1, $2, $3) | ||
24 | AC_LANG_PUSH([C]) | ||
25 | @@ -51,6 +52,7 @@ AC_DEFUN([ACX_OPENSSL],[ | ||
26 | AC_MSG_ERROR([OpenSSL library too old ($1.$2.$3 or later required)]) | ||
27 | ],[]) | ||
28 | AC_LANG_POP([C]) | ||
29 | + fi | ||
30 | |||
31 | CPPFLAGS=$tmp_CPPFLAGS | ||
32 | LIBS=$tmp_LIBS | ||
33 | diff --git a/m4/acx_openssl_ecc.m4 b/m4/acx_openssl_ecc.m4 | ||
34 | index 612c505..ba2389d 100644 | ||
35 | --- a/m4/acx_openssl_ecc.m4 | ||
36 | +++ b/m4/acx_openssl_ecc.m4 | ||
37 | @@ -1,4 +1,5 @@ | ||
38 | AC_DEFUN([ACX_OPENSSL_ECC],[ | ||
39 | + if test "$cross_compiling" != yes; then | ||
40 | AC_MSG_CHECKING(for OpenSSL ECC support) | ||
41 | |||
42 | tmp_CPPFLAGS=$CPPFLAGS | ||
43 | @@ -32,6 +33,8 @@ AC_DEFUN([ACX_OPENSSL_ECC],[ | ||
44 | ],[]) | ||
45 | AC_LANG_POP([C]) | ||
46 | |||
47 | + fi | ||
48 | + | ||
49 | CPPFLAGS=$tmp_CPPFLAGS | ||
50 | LIBS=$tmp_LIBS | ||
51 | ]) | ||
52 | diff --git a/m4/acx_openssl_fips.m4 b/m4/acx_openssl_fips.m4 | ||
53 | index 0491397..896cdbf 100644 | ||
54 | --- a/m4/acx_openssl_fips.m4 | ||
55 | +++ b/m4/acx_openssl_fips.m4 | ||
56 | @@ -1,4 +1,5 @@ | ||
57 | AC_DEFUN([ACX_OPENSSL_FIPS],[ | ||
58 | + if test "$cross_compiling" != yes; then | ||
59 | AC_MSG_CHECKING(for OpenSSL FIPS capable library) | ||
60 | |||
61 | tmp_CPPFLAGS=$CPPFLAGS | ||
62 | @@ -47,4 +48,5 @@ AC_DEFUN([ACX_OPENSSL_FIPS],[ | ||
63 | |||
64 | CPPFLAGS=$tmp_CPPFLAGS | ||
65 | LIBS=$tmp_LIBS | ||
66 | + fi | ||
67 | ]) | ||
68 | diff --git a/m4/acx_openssl_gost.m4 b/m4/acx_openssl_gost.m4 | ||
69 | index dca489b..34c39d8 100644 | ||
70 | --- a/m4/acx_openssl_gost.m4 | ||
71 | +++ b/m4/acx_openssl_gost.m4 | ||
72 | @@ -1,4 +1,5 @@ | ||
73 | AC_DEFUN([ACX_OPENSSL_GOST],[ | ||
74 | + if test "$cross_compiling" != yes; then | ||
75 | AC_MSG_CHECKING(for OpenSSL GOST support) | ||
76 | |||
77 | tmp_CPPFLAGS=$CPPFLAGS | ||
78 | @@ -62,4 +63,5 @@ AC_DEFUN([ACX_OPENSSL_GOST],[ | ||
79 | |||
80 | CPPFLAGS=$tmp_CPPFLAGS | ||
81 | LIBS=$tmp_LIBS | ||
82 | + fi | ||
83 | ]) | ||
84 | -- | ||
85 | 2.7.4 | ||
86 | |||
diff --git a/recipes-support/sc-hsm-embedded/sc-hsm-embedded_git.bb b/recipes-support/sc-hsm-embedded/sc-hsm-embedded_git.bb new file mode 100644 index 0000000..062d514 --- /dev/null +++ b/recipes-support/sc-hsm-embedded/sc-hsm-embedded_git.bb | |||
@@ -0,0 +1,22 @@ | |||
1 | SUMMARY = "Smartcard HSM driver" | ||
2 | LICENSE = "BSD" | ||
3 | LIC_FILES_CHKSUM = "file://COPYING;md5=55b854a477953696452f698a3af5de1c" | ||
4 | |||
5 | inherit autotools-brokensep | ||
6 | |||
7 | |||
8 | SRC_URI = "git://github.com/CardContact/sc-hsm-embedded.git;branch=master" | ||
9 | SRCREV="a45155d4249575ebdfb16ff26fdedbc4c4813002" | ||
10 | |||
11 | S = "${WORKDIR}/git" | ||
12 | |||
13 | DEPENDS += " openssl pcsc-lite" | ||
14 | |||
15 | do_configure() { | ||
16 | autoreconf -fi | ||
17 | oe_runconf | ||
18 | } | ||
19 | |||
20 | FILES_${PN} += "${libdir}" | ||
21 | FILES_SOLIBSDEV = "" | ||
22 | |||
diff --git a/recipes-support/softhsm-testtoken/files/createtoken.service b/recipes-support/softhsm-testtoken/files/createtoken.service new file mode 100644 index 0000000..23317b9 --- /dev/null +++ b/recipes-support/softhsm-testtoken/files/createtoken.service | |||
@@ -0,0 +1,12 @@ | |||
1 | [Unit] | ||
2 | Description=Create a mock smartcard for testing | ||
3 | Before=aktualizr.service | ||
4 | RequiredBy=aktualizr.service | ||
5 | |||
6 | [Service] | ||
7 | RestartSec=10 | ||
8 | Restart=on-failure | ||
9 | ExecStart=/usr/bin/createtoken.sh | ||
10 | |||
11 | [Install] | ||
12 | WantedBy=aktualizr.service | ||
diff --git a/recipes-support/softhsm-testtoken/files/createtoken.sh b/recipes-support/softhsm-testtoken/files/createtoken.sh new file mode 100644 index 0000000..a72ec34 --- /dev/null +++ b/recipes-support/softhsm-testtoken/files/createtoken.sh | |||
@@ -0,0 +1,21 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | if pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so -O; then | ||
4 | # The token has already been initialized, exit | ||
5 | exit 0 | ||
6 | fi | ||
7 | |||
8 | if ! ls /var/sota/token/pkey.pem /var/sota/token/client.pem; then | ||
9 | # Key/certificate pair is not present, repeat | ||
10 | mkdir -p /var/sota/token | ||
11 | exit 1 | ||
12 | fi | ||
13 | |||
14 | mkdir -p /var/lib/softhsm/tokens | ||
15 | softhsm2-util --init-token --slot 0 --label "Virtual token" --pin 1234 --so-pin 1234 | ||
16 | |||
17 | pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --label 'Virtual token' --write-object /var/sota/token/pkey.pem --type privkey --login --pin 1234 | ||
18 | openssl x509 -outform der -in /var/sota/token/client.pem -out /var/sota/token/client.der | ||
19 | pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --label 'Virtual token' --write-object /var/sota/token/client.der --type cert --login --pin 1234 | ||
20 | |||
21 | exit 0 | ||
diff --git a/recipes-support/softhsm-testtoken/softhsm-testtoken.bb b/recipes-support/softhsm-testtoken/softhsm-testtoken.bb new file mode 100644 index 0000000..c5691db --- /dev/null +++ b/recipes-support/softhsm-testtoken/softhsm-testtoken.bb | |||
@@ -0,0 +1,27 @@ | |||
1 | SUMMARY = "Mock smartcard for aktualizr" | ||
2 | LICENSE = "MIT" | ||
3 | LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \ | ||
4 | file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" | ||
5 | |||
6 | |||
7 | inherit systemd | ||
8 | |||
9 | RDEPENDS_${PN} = "softhsm libp11" | ||
10 | DEPENDS_append = "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', ' systemd', '', d)}" | ||
11 | |||
12 | |||
13 | SRC_URI = "file://createtoken.service \ | ||
14 | file://createtoken.sh" | ||
15 | |||
16 | SYSTEMD_SERVICE_${PN} = "createtoken.service" | ||
17 | |||
18 | do_install() { | ||
19 | install -d ${D}${systemd_unitdir}/system | ||
20 | install -m 0644 ${WORKDIR}/createtoken.service ${D}${systemd_unitdir}/system/createtoken.service | ||
21 | install -d ${D}${bindir} | ||
22 | install -m 0744 ${WORKDIR}/createtoken.sh ${D}${bindir}/createtoken.sh | ||
23 | } | ||
24 | |||
25 | FILES_${PN} = "${bindir}/createtoken.sh \ | ||
26 | ${systemd_unitdir}/system/createtoken.service" | ||
27 | |||
diff --git a/recipes-support/softhsm/files/0001-Cross-compilation-tweaks.patch b/recipes-support/softhsm/files/0001-Cross-compilation-tweaks.patch new file mode 100644 index 0000000..b3a7622 --- /dev/null +++ b/recipes-support/softhsm/files/0001-Cross-compilation-tweaks.patch | |||
@@ -0,0 +1,86 @@ | |||
1 | From b6add28acb884b6006216e8422cc18504483c72e Mon Sep 17 00:00:00 2001 | ||
2 | From: Anton Gerasimov <anton@advancedtelematic.com> | ||
3 | Date: Fri, 8 Sep 2017 15:08:40 +0200 | ||
4 | Subject: [PATCH] Cross-compilation tweaks | ||
5 | |||
6 | --- | ||
7 | m4/acx_openssl.m4 | 2 ++ | ||
8 | m4/acx_openssl_ecc.m4 | 3 +++ | ||
9 | m4/acx_openssl_fips.m4 | 2 ++ | ||
10 | m4/acx_openssl_gost.m4 | 2 ++ | ||
11 | 4 files changed, 9 insertions(+) | ||
12 | |||
13 | diff --git a/m4/acx_openssl.m4 b/m4/acx_openssl.m4 | ||
14 | index e90c78f..9de6055 100644 | ||
15 | --- a/m4/acx_openssl.m4 | ||
16 | +++ b/m4/acx_openssl.m4 | ||
17 | @@ -25,6 +25,7 @@ AC_DEFUN([ACX_OPENSSL],[ | ||
18 | AC_CHECK_HEADERS([openssl/ssl.h],,[AC_MSG_ERROR([Can't find OpenSSL headers])]) | ||
19 | AC_CHECK_LIB(crypto, BN_new,,[AC_MSG_ERROR([Can't find OpenSSL library])]) | ||
20 | |||
21 | + if test "$cross_compiling" != yes; then | ||
22 | AC_MSG_CHECKING([for OpenSSL version]) | ||
23 | CHECK_OPENSSL_VERSION=m4_format(0x%02x%02x%02x000L, $1, $2, $3) | ||
24 | AC_LANG_PUSH([C]) | ||
25 | @@ -51,6 +52,7 @@ AC_DEFUN([ACX_OPENSSL],[ | ||
26 | AC_MSG_ERROR([OpenSSL library too old ($1.$2.$3 or later required)]) | ||
27 | ],[]) | ||
28 | AC_LANG_POP([C]) | ||
29 | + fi | ||
30 | |||
31 | CPPFLAGS=$tmp_CPPFLAGS | ||
32 | LIBS=$tmp_LIBS | ||
33 | diff --git a/m4/acx_openssl_ecc.m4 b/m4/acx_openssl_ecc.m4 | ||
34 | index 612c505..ba2389d 100644 | ||
35 | --- a/m4/acx_openssl_ecc.m4 | ||
36 | +++ b/m4/acx_openssl_ecc.m4 | ||
37 | @@ -1,4 +1,5 @@ | ||
38 | AC_DEFUN([ACX_OPENSSL_ECC],[ | ||
39 | + if test "$cross_compiling" != yes; then | ||
40 | AC_MSG_CHECKING(for OpenSSL ECC support) | ||
41 | |||
42 | tmp_CPPFLAGS=$CPPFLAGS | ||
43 | @@ -32,6 +33,8 @@ AC_DEFUN([ACX_OPENSSL_ECC],[ | ||
44 | ],[]) | ||
45 | AC_LANG_POP([C]) | ||
46 | |||
47 | + fi | ||
48 | + | ||
49 | CPPFLAGS=$tmp_CPPFLAGS | ||
50 | LIBS=$tmp_LIBS | ||
51 | ]) | ||
52 | diff --git a/m4/acx_openssl_fips.m4 b/m4/acx_openssl_fips.m4 | ||
53 | index 0491397..896cdbf 100644 | ||
54 | --- a/m4/acx_openssl_fips.m4 | ||
55 | +++ b/m4/acx_openssl_fips.m4 | ||
56 | @@ -1,4 +1,5 @@ | ||
57 | AC_DEFUN([ACX_OPENSSL_FIPS],[ | ||
58 | + if test "$cross_compiling" != yes; then | ||
59 | AC_MSG_CHECKING(for OpenSSL FIPS capable library) | ||
60 | |||
61 | tmp_CPPFLAGS=$CPPFLAGS | ||
62 | @@ -47,4 +48,5 @@ AC_DEFUN([ACX_OPENSSL_FIPS],[ | ||
63 | |||
64 | CPPFLAGS=$tmp_CPPFLAGS | ||
65 | LIBS=$tmp_LIBS | ||
66 | + fi | ||
67 | ]) | ||
68 | diff --git a/m4/acx_openssl_gost.m4 b/m4/acx_openssl_gost.m4 | ||
69 | index dca489b..34c39d8 100644 | ||
70 | --- a/m4/acx_openssl_gost.m4 | ||
71 | +++ b/m4/acx_openssl_gost.m4 | ||
72 | @@ -1,4 +1,5 @@ | ||
73 | AC_DEFUN([ACX_OPENSSL_GOST],[ | ||
74 | + if test "$cross_compiling" != yes; then | ||
75 | AC_MSG_CHECKING(for OpenSSL GOST support) | ||
76 | |||
77 | tmp_CPPFLAGS=$CPPFLAGS | ||
78 | @@ -62,4 +63,5 @@ AC_DEFUN([ACX_OPENSSL_GOST],[ | ||
79 | |||
80 | CPPFLAGS=$tmp_CPPFLAGS | ||
81 | LIBS=$tmp_LIBS | ||
82 | + fi | ||
83 | ]) | ||
84 | -- | ||
85 | 2.7.4 | ||
86 | |||
diff --git a/recipes-support/softhsm/softhsm_git.bb b/recipes-support/softhsm/softhsm_git.bb new file mode 100644 index 0000000..c26903d --- /dev/null +++ b/recipes-support/softhsm/softhsm_git.bb | |||
@@ -0,0 +1,27 @@ | |||
1 | SUMMARY = "HSM emulator" | ||
2 | LICENSE = "BSD" | ||
3 | LIC_FILES_CHKSUM = "file://LICENSE;md5=ef3f77a3507c3d91e75b9f2bdaee4210" | ||
4 | |||
5 | inherit autotools-brokensep | ||
6 | |||
7 | |||
8 | SRC_URI = "git://github.com/opendnssec/SoftHSMv2.git;branch=master \ | ||
9 | file://0001-Cross-compilation-tweaks.patch" | ||
10 | SRCREV="1f7498c0c65b1b1ad5e1bdbd87e9d4b100705745" | ||
11 | |||
12 | S = "${WORKDIR}/git" | ||
13 | |||
14 | DEPENDS += " openssl" | ||
15 | |||
16 | EXTRA_OECONF = "--disable-gost --with-openssl=${STAGING_LIBDIR}/.." | ||
17 | |||
18 | do_configure() { | ||
19 | unset docdir | ||
20 | sh ./autogen.sh | ||
21 | oe_runconf | ||
22 | } | ||
23 | |||
24 | FILES_${PN} = "${bindir} \ | ||
25 | ${libdir}/softhsm \ | ||
26 | ${sysconfdir} \ | ||
27 | ${localstatedir}/lib/softhsm " | ||