summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAnton Gerasimov <anton@advancedtelematic.com>2017-09-08 17:11:33 +0200
committerAnton Gerasimov <anton@advancedtelematic.com>2017-09-13 11:53:33 +0200
commit4a7366c4f161a98611a292394a9662a0c507f904 (patch)
tree2b71f99717dec2b17c23684bc20311c926489d32
parent6db91a2e484ab026dd50817147beed31c49abc2b (diff)
downloadmeta-updater-4a7366c4f161a98611a292394a9662a0c507f904.tar.gz
Add recipes to test pkcs11 functionality in Aktualizr
-rw-r--r--classes/sota.bbclass2
-rw-r--r--recipes-sota/aktualizr/aktualizr_git.bb5
-rw-r--r--recipes-support/glib-networking/glib-networking_%.bbappend4
-rw-r--r--recipes-support/sc-hsm-embedded/files/0001-Cross-compilation-tweaks.patch86
-rw-r--r--recipes-support/sc-hsm-embedded/sc-hsm-embedded_git.bb22
-rw-r--r--recipes-support/softhsm-testtoken/files/createtoken.service12
-rw-r--r--recipes-support/softhsm-testtoken/files/createtoken.sh21
-rw-r--r--recipes-support/softhsm-testtoken/softhsm-testtoken.bb27
-rw-r--r--recipes-support/softhsm/files/0001-Cross-compilation-tweaks.patch86
-rw-r--r--recipes-support/softhsm/softhsm_git.bb27
10 files changed, 290 insertions, 2 deletions
diff --git a/classes/sota.bbclass b/classes/sota.bbclass
index c825143..d3b66e0 100644
--- a/classes/sota.bbclass
+++ b/classes/sota.bbclass
@@ -18,7 +18,7 @@ EXTRA_IMAGEDEPENDS_append_sota = " parted-native mtools-native dosfstools-native
18# Please redefine OSTREE_REPO in order to have a persistent OSTree repo 18# Please redefine OSTREE_REPO in order to have a persistent OSTree repo
19OSTREE_REPO ?= "${DEPLOY_DIR_IMAGE}/ostree_repo" 19OSTREE_REPO ?= "${DEPLOY_DIR_IMAGE}/ostree_repo"
20# For UPTANE operation, OSTREE_BRANCHNAME must start with "${MACHINE}-" 20# For UPTANE operation, OSTREE_BRANCHNAME must start with "${MACHINE}-"
21OSTREE_BRANCHNAME ?= "${MACHINE}-ota" 21OSTREE_BRANCHNAME ?= "${MACHINE}"
22OSTREE_OSNAME ?= "poky" 22OSTREE_OSNAME ?= "poky"
23OSTREE_INITRAMFS_IMAGE ?= "initramfs-ostree-image" 23OSTREE_INITRAMFS_IMAGE ?= "initramfs-ostree-image"
24 24
diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb
index e02442a..716b759 100644
--- a/recipes-sota/aktualizr/aktualizr_git.bb
+++ b/recipes-sota/aktualizr/aktualizr_git.bb
@@ -7,6 +7,11 @@ LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=9741c346eef56131163e13b9db1241b3"
7DEPENDS = "boost curl openssl jansson libsodium ostree" 7DEPENDS = "boost curl openssl jansson libsodium ostree"
8RDEPENDS_${PN} = "lshw" 8RDEPENDS_${PN} = "lshw"
9 9
10DEPENDS_append = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', ' libp11', '', d)}"
11
12RDEPENDS_${PN}_append = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', ' engine-pkcs11', '', d)}"
13RDEPENDS_${PN}_append = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm-test', ' softhsm softhsm-testtoken', '', d)}"
14
10SRC_URI = " \ 15SRC_URI = " \
11 git://github.com/advancedtelematic/aktualizr \ 16 git://github.com/advancedtelematic/aktualizr \
12 " 17 "
diff --git a/recipes-support/glib-networking/glib-networking_%.bbappend b/recipes-support/glib-networking/glib-networking_%.bbappend
index 1c4fe19..22e6f05 100644
--- a/recipes-support/glib-networking/glib-networking_%.bbappend
+++ b/recipes-support/glib-networking/glib-networking_%.bbappend
@@ -2,5 +2,7 @@ BBCLASSEXTEND_append_sota = " native nativesdk"
2 2
3# Hackery to prevent relocatable_native_pcfiles from crashing 3# Hackery to prevent relocatable_native_pcfiles from crashing
4do_install_append_class-native () { 4do_install_append_class-native () {
5 rmdir ${D}${libdir}/pkgconfig 5 if [ -d ${D}${libdir}/pkgconfig ]; then
6 rmdir ${D}${libdir}/pkgconfig
7 fi
6} 8}
diff --git a/recipes-support/sc-hsm-embedded/files/0001-Cross-compilation-tweaks.patch b/recipes-support/sc-hsm-embedded/files/0001-Cross-compilation-tweaks.patch
new file mode 100644
index 0000000..b3a7622
--- /dev/null
+++ b/recipes-support/sc-hsm-embedded/files/0001-Cross-compilation-tweaks.patch
@@ -0,0 +1,86 @@
1From b6add28acb884b6006216e8422cc18504483c72e Mon Sep 17 00:00:00 2001
2From: Anton Gerasimov <anton@advancedtelematic.com>
3Date: Fri, 8 Sep 2017 15:08:40 +0200
4Subject: [PATCH] Cross-compilation tweaks
5
6---
7 m4/acx_openssl.m4 | 2 ++
8 m4/acx_openssl_ecc.m4 | 3 +++
9 m4/acx_openssl_fips.m4 | 2 ++
10 m4/acx_openssl_gost.m4 | 2 ++
11 4 files changed, 9 insertions(+)
12
13diff --git a/m4/acx_openssl.m4 b/m4/acx_openssl.m4
14index e90c78f..9de6055 100644
15--- a/m4/acx_openssl.m4
16+++ b/m4/acx_openssl.m4
17@@ -25,6 +25,7 @@ AC_DEFUN([ACX_OPENSSL],[
18 AC_CHECK_HEADERS([openssl/ssl.h],,[AC_MSG_ERROR([Can't find OpenSSL headers])])
19 AC_CHECK_LIB(crypto, BN_new,,[AC_MSG_ERROR([Can't find OpenSSL library])])
20
21+ if test "$cross_compiling" != yes; then
22 AC_MSG_CHECKING([for OpenSSL version])
23 CHECK_OPENSSL_VERSION=m4_format(0x%02x%02x%02x000L, $1, $2, $3)
24 AC_LANG_PUSH([C])
25@@ -51,6 +52,7 @@ AC_DEFUN([ACX_OPENSSL],[
26 AC_MSG_ERROR([OpenSSL library too old ($1.$2.$3 or later required)])
27 ],[])
28 AC_LANG_POP([C])
29+ fi
30
31 CPPFLAGS=$tmp_CPPFLAGS
32 LIBS=$tmp_LIBS
33diff --git a/m4/acx_openssl_ecc.m4 b/m4/acx_openssl_ecc.m4
34index 612c505..ba2389d 100644
35--- a/m4/acx_openssl_ecc.m4
36+++ b/m4/acx_openssl_ecc.m4
37@@ -1,4 +1,5 @@
38 AC_DEFUN([ACX_OPENSSL_ECC],[
39+ if test "$cross_compiling" != yes; then
40 AC_MSG_CHECKING(for OpenSSL ECC support)
41
42 tmp_CPPFLAGS=$CPPFLAGS
43@@ -32,6 +33,8 @@ AC_DEFUN([ACX_OPENSSL_ECC],[
44 ],[])
45 AC_LANG_POP([C])
46
47+ fi
48+
49 CPPFLAGS=$tmp_CPPFLAGS
50 LIBS=$tmp_LIBS
51 ])
52diff --git a/m4/acx_openssl_fips.m4 b/m4/acx_openssl_fips.m4
53index 0491397..896cdbf 100644
54--- a/m4/acx_openssl_fips.m4
55+++ b/m4/acx_openssl_fips.m4
56@@ -1,4 +1,5 @@
57 AC_DEFUN([ACX_OPENSSL_FIPS],[
58+ if test "$cross_compiling" != yes; then
59 AC_MSG_CHECKING(for OpenSSL FIPS capable library)
60
61 tmp_CPPFLAGS=$CPPFLAGS
62@@ -47,4 +48,5 @@ AC_DEFUN([ACX_OPENSSL_FIPS],[
63
64 CPPFLAGS=$tmp_CPPFLAGS
65 LIBS=$tmp_LIBS
66+ fi
67 ])
68diff --git a/m4/acx_openssl_gost.m4 b/m4/acx_openssl_gost.m4
69index dca489b..34c39d8 100644
70--- a/m4/acx_openssl_gost.m4
71+++ b/m4/acx_openssl_gost.m4
72@@ -1,4 +1,5 @@
73 AC_DEFUN([ACX_OPENSSL_GOST],[
74+ if test "$cross_compiling" != yes; then
75 AC_MSG_CHECKING(for OpenSSL GOST support)
76
77 tmp_CPPFLAGS=$CPPFLAGS
78@@ -62,4 +63,5 @@ AC_DEFUN([ACX_OPENSSL_GOST],[
79
80 CPPFLAGS=$tmp_CPPFLAGS
81 LIBS=$tmp_LIBS
82+ fi
83 ])
84--
852.7.4
86
diff --git a/recipes-support/sc-hsm-embedded/sc-hsm-embedded_git.bb b/recipes-support/sc-hsm-embedded/sc-hsm-embedded_git.bb
new file mode 100644
index 0000000..062d514
--- /dev/null
+++ b/recipes-support/sc-hsm-embedded/sc-hsm-embedded_git.bb
@@ -0,0 +1,22 @@
1SUMMARY = "Smartcard HSM driver"
2LICENSE = "BSD"
3LIC_FILES_CHKSUM = "file://COPYING;md5=55b854a477953696452f698a3af5de1c"
4
5inherit autotools-brokensep
6
7
8SRC_URI = "git://github.com/CardContact/sc-hsm-embedded.git;branch=master"
9SRCREV="a45155d4249575ebdfb16ff26fdedbc4c4813002"
10
11S = "${WORKDIR}/git"
12
13DEPENDS += " openssl pcsc-lite"
14
15do_configure() {
16 autoreconf -fi
17 oe_runconf
18}
19
20FILES_${PN} += "${libdir}"
21FILES_SOLIBSDEV = ""
22
diff --git a/recipes-support/softhsm-testtoken/files/createtoken.service b/recipes-support/softhsm-testtoken/files/createtoken.service
new file mode 100644
index 0000000..23317b9
--- /dev/null
+++ b/recipes-support/softhsm-testtoken/files/createtoken.service
@@ -0,0 +1,12 @@
1[Unit]
2Description=Create a mock smartcard for testing
3Before=aktualizr.service
4RequiredBy=aktualizr.service
5
6[Service]
7RestartSec=10
8Restart=on-failure
9ExecStart=/usr/bin/createtoken.sh
10
11[Install]
12WantedBy=aktualizr.service
diff --git a/recipes-support/softhsm-testtoken/files/createtoken.sh b/recipes-support/softhsm-testtoken/files/createtoken.sh
new file mode 100644
index 0000000..a72ec34
--- /dev/null
+++ b/recipes-support/softhsm-testtoken/files/createtoken.sh
@@ -0,0 +1,21 @@
1#!/bin/sh
2
3if pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so -O; then
4 # The token has already been initialized, exit
5 exit 0
6fi
7
8if ! ls /var/sota/token/pkey.pem /var/sota/token/client.pem; then
9 # Key/certificate pair is not present, repeat
10 mkdir -p /var/sota/token
11 exit 1
12fi
13
14mkdir -p /var/lib/softhsm/tokens
15softhsm2-util --init-token --slot 0 --label "Virtual token" --pin 1234 --so-pin 1234
16
17pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --label 'Virtual token' --write-object /var/sota/token/pkey.pem --type privkey --login --pin 1234
18openssl x509 -outform der -in /var/sota/token/client.pem -out /var/sota/token/client.der
19pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --label 'Virtual token' --write-object /var/sota/token/client.der --type cert --login --pin 1234
20
21exit 0
diff --git a/recipes-support/softhsm-testtoken/softhsm-testtoken.bb b/recipes-support/softhsm-testtoken/softhsm-testtoken.bb
new file mode 100644
index 0000000..c5691db
--- /dev/null
+++ b/recipes-support/softhsm-testtoken/softhsm-testtoken.bb
@@ -0,0 +1,27 @@
1SUMMARY = "Mock smartcard for aktualizr"
2LICENSE = "MIT"
3LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \
4 file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
5
6
7inherit systemd
8
9RDEPENDS_${PN} = "softhsm libp11"
10DEPENDS_append = "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', ' systemd', '', d)}"
11
12
13SRC_URI = "file://createtoken.service \
14 file://createtoken.sh"
15
16SYSTEMD_SERVICE_${PN} = "createtoken.service"
17
18do_install() {
19 install -d ${D}${systemd_unitdir}/system
20 install -m 0644 ${WORKDIR}/createtoken.service ${D}${systemd_unitdir}/system/createtoken.service
21 install -d ${D}${bindir}
22 install -m 0744 ${WORKDIR}/createtoken.sh ${D}${bindir}/createtoken.sh
23}
24
25FILES_${PN} = "${bindir}/createtoken.sh \
26 ${systemd_unitdir}/system/createtoken.service"
27
diff --git a/recipes-support/softhsm/files/0001-Cross-compilation-tweaks.patch b/recipes-support/softhsm/files/0001-Cross-compilation-tweaks.patch
new file mode 100644
index 0000000..b3a7622
--- /dev/null
+++ b/recipes-support/softhsm/files/0001-Cross-compilation-tweaks.patch
@@ -0,0 +1,86 @@
1From b6add28acb884b6006216e8422cc18504483c72e Mon Sep 17 00:00:00 2001
2From: Anton Gerasimov <anton@advancedtelematic.com>
3Date: Fri, 8 Sep 2017 15:08:40 +0200
4Subject: [PATCH] Cross-compilation tweaks
5
6---
7 m4/acx_openssl.m4 | 2 ++
8 m4/acx_openssl_ecc.m4 | 3 +++
9 m4/acx_openssl_fips.m4 | 2 ++
10 m4/acx_openssl_gost.m4 | 2 ++
11 4 files changed, 9 insertions(+)
12
13diff --git a/m4/acx_openssl.m4 b/m4/acx_openssl.m4
14index e90c78f..9de6055 100644
15--- a/m4/acx_openssl.m4
16+++ b/m4/acx_openssl.m4
17@@ -25,6 +25,7 @@ AC_DEFUN([ACX_OPENSSL],[
18 AC_CHECK_HEADERS([openssl/ssl.h],,[AC_MSG_ERROR([Can't find OpenSSL headers])])
19 AC_CHECK_LIB(crypto, BN_new,,[AC_MSG_ERROR([Can't find OpenSSL library])])
20
21+ if test "$cross_compiling" != yes; then
22 AC_MSG_CHECKING([for OpenSSL version])
23 CHECK_OPENSSL_VERSION=m4_format(0x%02x%02x%02x000L, $1, $2, $3)
24 AC_LANG_PUSH([C])
25@@ -51,6 +52,7 @@ AC_DEFUN([ACX_OPENSSL],[
26 AC_MSG_ERROR([OpenSSL library too old ($1.$2.$3 or later required)])
27 ],[])
28 AC_LANG_POP([C])
29+ fi
30
31 CPPFLAGS=$tmp_CPPFLAGS
32 LIBS=$tmp_LIBS
33diff --git a/m4/acx_openssl_ecc.m4 b/m4/acx_openssl_ecc.m4
34index 612c505..ba2389d 100644
35--- a/m4/acx_openssl_ecc.m4
36+++ b/m4/acx_openssl_ecc.m4
37@@ -1,4 +1,5 @@
38 AC_DEFUN([ACX_OPENSSL_ECC],[
39+ if test "$cross_compiling" != yes; then
40 AC_MSG_CHECKING(for OpenSSL ECC support)
41
42 tmp_CPPFLAGS=$CPPFLAGS
43@@ -32,6 +33,8 @@ AC_DEFUN([ACX_OPENSSL_ECC],[
44 ],[])
45 AC_LANG_POP([C])
46
47+ fi
48+
49 CPPFLAGS=$tmp_CPPFLAGS
50 LIBS=$tmp_LIBS
51 ])
52diff --git a/m4/acx_openssl_fips.m4 b/m4/acx_openssl_fips.m4
53index 0491397..896cdbf 100644
54--- a/m4/acx_openssl_fips.m4
55+++ b/m4/acx_openssl_fips.m4
56@@ -1,4 +1,5 @@
57 AC_DEFUN([ACX_OPENSSL_FIPS],[
58+ if test "$cross_compiling" != yes; then
59 AC_MSG_CHECKING(for OpenSSL FIPS capable library)
60
61 tmp_CPPFLAGS=$CPPFLAGS
62@@ -47,4 +48,5 @@ AC_DEFUN([ACX_OPENSSL_FIPS],[
63
64 CPPFLAGS=$tmp_CPPFLAGS
65 LIBS=$tmp_LIBS
66+ fi
67 ])
68diff --git a/m4/acx_openssl_gost.m4 b/m4/acx_openssl_gost.m4
69index dca489b..34c39d8 100644
70--- a/m4/acx_openssl_gost.m4
71+++ b/m4/acx_openssl_gost.m4
72@@ -1,4 +1,5 @@
73 AC_DEFUN([ACX_OPENSSL_GOST],[
74+ if test "$cross_compiling" != yes; then
75 AC_MSG_CHECKING(for OpenSSL GOST support)
76
77 tmp_CPPFLAGS=$CPPFLAGS
78@@ -62,4 +63,5 @@ AC_DEFUN([ACX_OPENSSL_GOST],[
79
80 CPPFLAGS=$tmp_CPPFLAGS
81 LIBS=$tmp_LIBS
82+ fi
83 ])
84--
852.7.4
86
diff --git a/recipes-support/softhsm/softhsm_git.bb b/recipes-support/softhsm/softhsm_git.bb
new file mode 100644
index 0000000..c26903d
--- /dev/null
+++ b/recipes-support/softhsm/softhsm_git.bb
@@ -0,0 +1,27 @@
1SUMMARY = "HSM emulator"
2LICENSE = "BSD"
3LIC_FILES_CHKSUM = "file://LICENSE;md5=ef3f77a3507c3d91e75b9f2bdaee4210"
4
5inherit autotools-brokensep
6
7
8SRC_URI = "git://github.com/opendnssec/SoftHSMv2.git;branch=master \
9 file://0001-Cross-compilation-tweaks.patch"
10SRCREV="1f7498c0c65b1b1ad5e1bdbd87e9d4b100705745"
11
12S = "${WORKDIR}/git"
13
14DEPENDS += " openssl"
15
16EXTRA_OECONF = "--disable-gost --with-openssl=${STAGING_LIBDIR}/.."
17
18do_configure() {
19 unset docdir
20 sh ./autogen.sh
21 oe_runconf
22}
23
24FILES_${PN} = "${bindir} \
25 ${libdir}/softhsm \
26 ${sysconfdir} \
27 ${localstatedir}/lib/softhsm "