diff options
author | Patrick Vacek <patrickvacek@gmail.com> | 2019-02-14 09:47:22 +0100 |
---|---|---|
committer | Patrick Vacek <patrickvacek@gmail.com> | 2019-02-14 09:47:22 +0100 |
commit | 20095e84004992a6b779c60e0e4b5db89797004d (patch) | |
tree | eca591462a381165f1db9911ff78529fd365d17b | |
parent | 62e26ec467116d25a1d5a887b7b43ae1144a7446 (diff) | |
parent | 29c3476c8286649210ab8d731bfa063c76907f3b (diff) | |
download | meta-updater-20095e84004992a6b779c60e0e4b5db89797004d.tar.gz |
Merge branch 'master' of https://github.com/advancedtelematic/meta-updater into backport/thud/garage-sign-lock-etcbackport/thud/garage-sign-lock-etc
22 files changed, 111 insertions, 280 deletions
diff --git a/CONTRIBUTING.adoc b/CONTRIBUTING.adoc index 4d9e8f6..0b40438 100644 --- a/CONTRIBUTING.adoc +++ b/CONTRIBUTING.adoc | |||
@@ -13,6 +13,12 @@ Previously, some older branches were also regularly supported, and while they sh | |||
13 | 13 | ||
14 | If you are developing with meta-updater, it may be helpful to read the README and other documentation for link:README.adoc[this repo], https://github.com/advancedtelematic/aktualizr[aktualizr], and the https://github.com/advancedtelematic/updater-repo/[updater-repo], particularly the sections about development and debugging. | 14 | If you are developing with meta-updater, it may be helpful to read the README and other documentation for link:README.adoc[this repo], https://github.com/advancedtelematic/aktualizr[aktualizr], and the https://github.com/advancedtelematic/updater-repo/[updater-repo], particularly the sections about development and debugging. |
15 | 15 | ||
16 | == Developer Certificate of Origin (DCO) | ||
17 | |||
18 | All commits in pull requests must contain a `Signed-off-by:` line to indicate that the developer has agreed to the terms of the https://developercertificate.org[Developer Certificate of Origin]. A simple way to achieve that is to use the `-s` flag of `git commit`. | ||
19 | |||
20 | New pull requests will automatically be checked by the https://probot.github.io/apps/dco/[probot/dco]. | ||
21 | |||
16 | == Contributor checklist | 22 | == Contributor checklist |
17 | 23 | ||
18 | * OTA-enabled build succeeds for at least one platform, the resulting image boots, and an update can be installed. This check is absolutely necessary for every pull request unless it only touches documentation. | 24 | * OTA-enabled build succeeds for at least one platform, the resulting image boots, and an update can be installed. This check is absolutely necessary for every pull request unless it only touches documentation. |
diff --git a/README.adoc b/README.adoc index 994ad67..27ecabf 100644 --- a/README.adoc +++ b/README.adoc | |||
@@ -81,6 +81,7 @@ Although we have used U-Boot so far, other boot loaders can be configured work w | |||
81 | * `OSTREE_COMMIT_BODY` - Message attached to OSTree commit. Empty by default. | 81 | * `OSTREE_COMMIT_BODY` - Message attached to OSTree commit. Empty by default. |
82 | * `OSTREE_COMMIT_SUBJECT` - Commit subject used by OSTree. Defaults to `Commit-id: ${IMAGE_NAME}` | 82 | * `OSTREE_COMMIT_SUBJECT` - Commit subject used by OSTree. Defaults to `Commit-id: ${IMAGE_NAME}` |
83 | * `OSTREE_UPDATE_SUMMARY` - Set this to '1' to update summary of OSTree repository on each commit. '0' by default. | 83 | * `OSTREE_UPDATE_SUMMARY` - Set this to '1' to update summary of OSTree repository on each commit. '0' by default. |
84 | * `OSTREE_DEPLOY_DEVICETREE` - Set this to '1' to include devicetree(s) to boot | ||
84 | * `INITRAMFS_IMAGE` - initramfs/initrd image that is used as a proxy while booting into OSTree deployment. Do not change this setting unless you are sure that your initramfs can serve as such a proxy. | 85 | * `INITRAMFS_IMAGE` - initramfs/initrd image that is used as a proxy while booting into OSTree deployment. Do not change this setting unless you are sure that your initramfs can serve as such a proxy. |
85 | * `SOTA_PACKED_CREDENTIALS` - when set, your ostree commit will be pushed to a remote repo as a bitbake step. This should be the path to a zipped credentials file in https://github.com/advancedtelematic/aktualizr/blob/master/docs/credentials.adoc[the format accepted by garage-push]. | 86 | * `SOTA_PACKED_CREDENTIALS` - when set, your ostree commit will be pushed to a remote repo as a bitbake step. This should be the path to a zipped credentials file in https://github.com/advancedtelematic/aktualizr/blob/master/docs/credentials.adoc[the format accepted by garage-push]. |
86 | * `SOTA_DEPLOY_CREDENTIALS` - when set to '1' (default value), deploys credentials to the built image. Override it in `local.conf` to built a generic image that can be provisioned manually after the build. | 87 | * `SOTA_DEPLOY_CREDENTIALS` - when set to '1' (default value), deploys credentials to the built image. Override it in `local.conf` to built a generic image that can be provisioned manually after the build. |
@@ -88,6 +89,9 @@ Although we have used U-Boot so far, other boot loaders can be configured work w | |||
88 | * `SOTA_CLIENT_FEATURES` - extensions to aktualizr. The only valid options are `hsm` (to build with HSM support) and `secondary-network` (to set up a simulated 'in-vehicle' network with support for a primary node with a DHCP server and a secondary node with a DHCP client). | 89 | * `SOTA_CLIENT_FEATURES` - extensions to aktualizr. The only valid options are `hsm` (to build with HSM support) and `secondary-network` (to set up a simulated 'in-vehicle' network with support for a primary node with a DHCP server and a secondary node with a DHCP client). |
89 | * `SOTA_SECONDARY_CONFIG_DIR` - a directory containing JSON configuration files for virtual secondaries on the host. These will be installed into `/etc/sota/ecus` on the device and automatically provided to aktualizr. | 90 | * `SOTA_SECONDARY_CONFIG_DIR` - a directory containing JSON configuration files for virtual secondaries on the host. These will be installed into `/etc/sota/ecus` on the device and automatically provided to aktualizr. |
90 | * `SOTA_HARDWARE_ID` - a custom hardware ID that will be written to the aktualizr config. Defaults to MACHINE if not set. | 91 | * `SOTA_HARDWARE_ID` - a custom hardware ID that will be written to the aktualizr config. Defaults to MACHINE if not set. |
92 | * `SOTA_MAIN_DTB` - base device tree to use with the kernel. Used together with FIT images. You can change it, and the device tree will also be changed after the update. | ||
93 | * `SOTA_DT_OVERLAYS` - whitespace-separated list of used device tree overlays for FIT image. This list is OSTree-updateable as well. | ||
94 | * `SOTA_EXTRA_CONF_FRAGS` - extra https://lxr.missinglinkelectronics.com/uboot/doc/uImage.FIT/overlay-fdt-boot.txt[configuration fragments] for FIT image. | ||
91 | 95 | ||
92 | == Usage | 96 | == Usage |
93 | 97 | ||
diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass index 4095de0..29da78e 100644 --- a/classes/image_types_ostree.bbclass +++ b/classes/image_types_ostree.bbclass | |||
@@ -6,10 +6,11 @@ OSTREE_ROOTFS ??= "${WORKDIR}/ostree-rootfs" | |||
6 | OSTREE_COMMIT_SUBJECT ??= "Commit-id: ${IMAGE_NAME}" | 6 | OSTREE_COMMIT_SUBJECT ??= "Commit-id: ${IMAGE_NAME}" |
7 | OSTREE_COMMIT_BODY ??= "" | 7 | OSTREE_COMMIT_BODY ??= "" |
8 | OSTREE_UPDATE_SUMMARY ??= "0" | 8 | OSTREE_UPDATE_SUMMARY ??= "0" |
9 | OSTREE_DEPLOY_DEVICETREE ??= "0" | ||
9 | 10 | ||
10 | BUILD_OSTREE_TARBALL ??= "1" | 11 | BUILD_OSTREE_TARBALL ??= "1" |
11 | 12 | ||
12 | SYSTEMD_USED = "${@oe.utils.ifelse(d.getVar('VIRTUAL-RUNTIME_init_manager', True) == 'systemd', 'true', '')}" | 13 | SYSTEMD_USED = "${@oe.utils.ifelse(d.getVar('VIRTUAL-RUNTIME_init_manager') == 'systemd', 'true', '')}" |
13 | 14 | ||
14 | IMAGE_CMD_TAR = "tar --xattrs --xattrs-include=*" | 15 | IMAGE_CMD_TAR = "tar --xattrs --xattrs-include=*" |
15 | CONVERSION_CMD_tar = "touch ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}; ${IMAGE_CMD_TAR} --numeric-owner -cf ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.tar -C ${OTA_IMAGE_ROOTFS} . || [ $? -eq 1 ]" | 16 | CONVERSION_CMD_tar = "touch ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}; ${IMAGE_CMD_TAR} --numeric-owner -cf ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.tar -C ${OTA_IMAGE_ROOTFS} . || [ $? -eq 1 ]" |
@@ -103,18 +104,27 @@ IMAGE_CMD_ostree () { | |||
103 | ln -sf var/roothome root | 104 | ln -sf var/roothome root |
104 | fi | 105 | fi |
105 | 106 | ||
106 | checksum=`sha256sum ${DEPLOY_DIR_IMAGE}/${OSTREE_KERNEL} | cut -f 1 -d " "` | ||
107 | |||
108 | cp ${DEPLOY_DIR_IMAGE}/${OSTREE_KERNEL} boot/vmlinuz-${checksum} | ||
109 | |||
110 | if [ "${KERNEL_IMAGETYPE}" = "fitImage" ]; then | 107 | if [ "${KERNEL_IMAGETYPE}" = "fitImage" ]; then |
111 | # this is a hack for ostree not to override init= in kernel cmdline - | 108 | # this is a hack for ostree not to override init= in kernel cmdline - |
112 | # make it think that the initramfs is present (while it is in FIT image) | 109 | # make it think that the initramfs is present (while it is in FIT image) |
110 | # since initramfs is fake file, it does not need to be included in checksum | ||
111 | checksum=$(sha256sum ${DEPLOY_DIR_IMAGE}/${OSTREE_KERNEL} | cut -f 1 -d " ") | ||
113 | touch boot/initramfs-${checksum} | 112 | touch boot/initramfs-${checksum} |
114 | else | 113 | else |
114 | if [ "${OSTREE_DEPLOY_DEVICETREE}" = "1" ] && [ -n "${KERNEL_DEVICETREE}" ]; then | ||
115 | checksum=$(cat ${DEPLOY_DIR_IMAGE}/${OSTREE_KERNEL} ${DEPLOY_DIR_IMAGE}/${INITRAMFS_IMAGE}-${MACHINE}.${INITRAMFS_FSTYPES} ${KERNEL_DEVICETREE} | sha256sum | cut -f 1 -d " ") | ||
116 | for DTS_FILE in ${KERNEL_DEVICETREE}; do | ||
117 | DTS_FILE_BASENAME=$(basename ${DTS_FILE}) | ||
118 | cp ${DEPLOY_DIR_IMAGE}/${DTS_FILE_BASENAME} boot/devicetree-${DTS_FILE_BASENAME}-${checksum} | ||
119 | done | ||
120 | else | ||
121 | checksum=$(cat ${DEPLOY_DIR_IMAGE}/${OSTREE_KERNEL} ${DEPLOY_DIR_IMAGE}/${INITRAMFS_IMAGE}-${MACHINE}.${INITRAMFS_FSTYPES} | sha256sum | cut -f 1 -d " ") | ||
122 | fi | ||
115 | cp ${DEPLOY_DIR_IMAGE}/${INITRAMFS_IMAGE}-${MACHINE}.${INITRAMFS_FSTYPES} boot/initramfs-${checksum} | 123 | cp ${DEPLOY_DIR_IMAGE}/${INITRAMFS_IMAGE}-${MACHINE}.${INITRAMFS_FSTYPES} boot/initramfs-${checksum} |
116 | fi | 124 | fi |
117 | 125 | ||
126 | cp ${DEPLOY_DIR_IMAGE}/${OSTREE_KERNEL} boot/vmlinuz-${checksum} | ||
127 | |||
118 | # Copy image manifest | 128 | # Copy image manifest |
119 | cat ${IMAGE_MANIFEST} | cut -d " " -f1,3 > usr/package.manifest | 129 | cat ${IMAGE_MANIFEST} | cut -d " " -f1,3 > usr/package.manifest |
120 | } | 130 | } |
@@ -160,6 +170,9 @@ IMAGE_CMD_ostreepush () { | |||
160 | 170 | ||
161 | IMAGE_TYPEDEP_garagesign = "ostreepush" | 171 | IMAGE_TYPEDEP_garagesign = "ostreepush" |
162 | do_image_garagesign[depends] += "unzip-native:do_populate_sysroot" | 172 | do_image_garagesign[depends] += "unzip-native:do_populate_sysroot" |
173 | # This lock solves OTA-1866, which is that removing GARAGE_SIGN_REPO while using | ||
174 | # garage-sign simultaneously for two images often causes problems. | ||
175 | do_image_garagesign[lockfiles] += "${DEPLOY_DIR_IMAGE}/garagesign.lock" | ||
163 | IMAGE_CMD_garagesign () { | 176 | IMAGE_CMD_garagesign () { |
164 | if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then | 177 | if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then |
165 | # if credentials are issued by a server that doesn't support offline signing, exit silently | 178 | # if credentials are issued by a server that doesn't support offline signing, exit silently |
diff --git a/classes/image_types_ota.bbclass b/classes/image_types_ota.bbclass index 9883a68..a31cbd1 100644 --- a/classes/image_types_ota.bbclass +++ b/classes/image_types_ota.bbclass | |||
@@ -42,8 +42,8 @@ OTA_IMAGE_ROOTFS_task-image-ota = "${OTA_SYSROOT}" | |||
42 | IMAGE_TYPEDEP_ota = "ostreecommit" | 42 | IMAGE_TYPEDEP_ota = "ostreecommit" |
43 | do_image_ota[dirs] = "${OTA_SYSROOT}" | 43 | do_image_ota[dirs] = "${OTA_SYSROOT}" |
44 | do_image_ota[cleandirs] = "${OTA_SYSROOT}" | 44 | do_image_ota[cleandirs] = "${OTA_SYSROOT}" |
45 | do_image_ota[depends] = "${@'grub:do_populate_sysroot' if d.getVar('OSTREE_BOOTLOADER', True) == 'grub' else ''} \ | 45 | do_image_ota[depends] = "${@'grub:do_populate_sysroot' if d.getVar('OSTREE_BOOTLOADER') == 'grub' else ''} \ |
46 | ${@'virtual/bootloader:do_deploy' if d.getVar('OSTREE_BOOTLOADER', True) == 'u-boot' else ''}" | 46 | ${@'virtual/bootloader:do_deploy' if d.getVar('OSTREE_BOOTLOADER') == 'u-boot' else ''}" |
47 | IMAGE_CMD_ota () { | 47 | IMAGE_CMD_ota () { |
48 | ostree admin --sysroot=${OTA_SYSROOT} init-fs ${OTA_SYSROOT} | 48 | ostree admin --sysroot=${OTA_SYSROOT} init-fs ${OTA_SYSROOT} |
49 | ostree admin --sysroot=${OTA_SYSROOT} os-init ${OSTREE_OSNAME} | 49 | ostree admin --sysroot=${OTA_SYSROOT} os-init ${OSTREE_OSNAME} |
@@ -93,7 +93,7 @@ IMAGE_CMD_ota () { | |||
93 | IMAGE_TYPEDEP_ota-ext4 = "ota" | 93 | IMAGE_TYPEDEP_ota-ext4 = "ota" |
94 | do_image_ota_ext4[depends] = "e2fsprogs-native:do_populate_sysroot" | 94 | do_image_ota_ext4[depends] = "e2fsprogs-native:do_populate_sysroot" |
95 | IMAGE_CMD_ota-ext4 () { | 95 | IMAGE_CMD_ota-ext4 () { |
96 | # Calculate image type | 96 | # Calculate image size |
97 | OTA_ROOTFS_SIZE=$(calculate_size `du -ks ${OTA_SYSROOT} | cut -f 1` "${IMAGE_OVERHEAD_FACTOR}" "${IMAGE_ROOTFS_SIZE}" "${IMAGE_ROOTFS_MAXSIZE}" `expr ${IMAGE_ROOTFS_EXTRA_SPACE}` "${IMAGE_ROOTFS_ALIGNMENT}") | 97 | OTA_ROOTFS_SIZE=$(calculate_size `du -ks ${OTA_SYSROOT} | cut -f 1` "${IMAGE_OVERHEAD_FACTOR}" "${IMAGE_ROOTFS_SIZE}" "${IMAGE_ROOTFS_MAXSIZE}" `expr ${IMAGE_ROOTFS_EXTRA_SPACE}` "${IMAGE_ROOTFS_ALIGNMENT}") |
98 | 98 | ||
99 | if [ ${OTA_ROOTFS_SIZE} -lt 0 ]; then | 99 | if [ ${OTA_ROOTFS_SIZE} -lt 0 ]; then |
@@ -110,4 +110,4 @@ IMAGE_CMD_ota-ext4 () { | |||
110 | mkfs.ext4 -O ^64bit ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.ota-ext4 -L otaroot -d ${OTA_SYSROOT} | 110 | mkfs.ext4 -O ^64bit ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.ota-ext4 -L otaroot -d ${OTA_SYSROOT} |
111 | } | 111 | } |
112 | 112 | ||
113 | do_image_wic[depends] += "${@bb.utils.contains('DISTRO_FEATURES', 'sota', '%s:do_image_ota_ext4' % d.getVar('IMAGE_BASENAME', True), '', d)}" | 113 | do_image_wic[depends] += "${@bb.utils.contains('DISTRO_FEATURES', 'sota', '%s:do_image_ota_ext4' % d.getVar('IMAGE_BASENAME'), '', d)}" |
diff --git a/classes/sota.bbclass b/classes/sota.bbclass index 93f59eb..92b4c43 100644 --- a/classes/sota.bbclass +++ b/classes/sota.bbclass | |||
@@ -21,7 +21,7 @@ WKS_FILE_sota ?= "sdimage-sota.wks" | |||
21 | 21 | ||
22 | EXTRA_IMAGEDEPENDS_append_sota = " parted-native mtools-native dosfstools-native" | 22 | EXTRA_IMAGEDEPENDS_append_sota = " parted-native mtools-native dosfstools-native" |
23 | 23 | ||
24 | INITRAMFS_FSTYPES ??= "${@oe.utils.ifelse(d.getVar('OSTREE_BOOTLOADER', True) == 'u-boot', 'cpio.gz.u-boot', 'cpio.gz')}" | 24 | INITRAMFS_FSTYPES ?= "${@oe.utils.ifelse(d.getVar('OSTREE_BOOTLOADER') == 'u-boot', 'cpio.gz.u-boot', 'cpio.gz')}" |
25 | 25 | ||
26 | # Please redefine OSTREE_REPO in order to have a persistent OSTree repo | 26 | # Please redefine OSTREE_REPO in order to have a persistent OSTree repo |
27 | export OSTREE_REPO ?= "${DEPLOY_DIR_IMAGE}/ostree_repo" | 27 | export OSTREE_REPO ?= "${DEPLOY_DIR_IMAGE}/ostree_repo" |
diff --git a/classes/sota_raspberrypi.bbclass b/classes/sota_raspberrypi.bbclass index 600f9e9..e1c0054 100644 --- a/classes/sota_raspberrypi.bbclass +++ b/classes/sota_raspberrypi.bbclass | |||
@@ -5,6 +5,13 @@ KERNEL_IMAGETYPE_sota = "fitImage" | |||
5 | INITRAMFS_FSTYPES = "cpio.gz" | 5 | INITRAMFS_FSTYPES = "cpio.gz" |
6 | OSTREE_KERNEL = "${KERNEL_IMAGETYPE}-${INITRAMFS_IMAGE}-${MACHINE}-${KERNEL_FIT_LINK_NAME}" | 6 | OSTREE_KERNEL = "${KERNEL_IMAGETYPE}-${INITRAMFS_IMAGE}-${MACHINE}-${KERNEL_FIT_LINK_NAME}" |
7 | 7 | ||
8 | # DTB needs to be relocated to apply overlays | ||
9 | UBOOT_DTB_LOADADDRESS = "0x05000000" | ||
10 | UBOOT_DTBO_LOADADDRESS = "0x06000000" | ||
11 | |||
12 | # Deploy config fragment list to OSTree root fs | ||
13 | IMAGE_INSTALL_append = " fit-conf" | ||
14 | |||
8 | PREFERRED_PROVIDER_virtual/bootloader_sota ?= "u-boot" | 15 | PREFERRED_PROVIDER_virtual/bootloader_sota ?= "u-boot" |
9 | UBOOT_ENTRYPOINT_sota ?= "0x00008000" | 16 | UBOOT_ENTRYPOINT_sota ?= "0x00008000" |
10 | 17 | ||
@@ -18,7 +25,13 @@ IMAGE_BOOT_FILES_sota = "bcm2835-bootfiles/* u-boot.bin;${SDIMG_KERNELIMAGE}" | |||
18 | KERNEL_DEVICETREE_raspberrypi2_sota ?= " bcm2709-rpi-2-b.dtb " | 25 | KERNEL_DEVICETREE_raspberrypi2_sota ?= " bcm2709-rpi-2-b.dtb " |
19 | KERNEL_DEVICETREE_raspberrypi3_sota ?= " bcm2710-rpi-3-b.dtb overlays/vc4-kms-v3d.dtbo overlays/rpi-ft5406.dtbo" | 26 | KERNEL_DEVICETREE_raspberrypi3_sota ?= " bcm2710-rpi-3-b.dtb overlays/vc4-kms-v3d.dtbo overlays/rpi-ft5406.dtbo" |
20 | 27 | ||
28 | SOTA_MAIN_DTB_raspberrypi2 ?= "bcm2709-rpi-2-b.dtb" | ||
29 | SOTA_MAIN_DTB_raspberrypi3 ?= "bcm2710-rpi-3-b.dtb" | ||
30 | |||
31 | SOTA_DT_OVERLAYS_raspberrypi3 ?= "vc4-kms-v3d.dtbo rpi-ft5406.dtbo" | ||
32 | |||
21 | # Kernel args normally provided by RPi's internal bootloader. Non-updateable | 33 | # Kernel args normally provided by RPi's internal bootloader. Non-updateable |
22 | OSTREE_KERNEL_ARGS_sota ?= " 8250.nr_uarts=1 bcm2708_fb.fbwidth=720 bcm2708_fb.fbheight=480 bcm2708_fb.fbswap=1 vc_mem.mem_base=0x3ec00000 vc_mem.mem_size=0x40000000 dwc_otg.lpm_enable=0 console=ttyS0,115200 usbhid.mousepoll=0 " | 34 | OSTREE_KERNEL_ARGS_sota ?= " 8250.nr_uarts=1 bcm2708_fb.fbwidth=656 bcm2708_fb.fbheight=614 bcm2708_fb.fbswap=1 vc_mem.mem_base=0x3ec00000 vc_mem.mem_size=0x40000000 dwc_otg.lpm_enable=0 console=ttyS0,115200 usbhid.mousepoll=0 " |
23 | 35 | ||
24 | SOTA_CLIENT_FEATURES_append = " ubootenv" | 36 | SOTA_CLIENT_FEATURES_append = " ubootenv" |
37 | |||
diff --git a/classes/sota_sanity.bbclass b/classes/sota_sanity.bbclass index e47de19..8e80acb 100644 --- a/classes/sota_sanity.bbclass +++ b/classes/sota_sanity.bbclass | |||
@@ -1,17 +1,17 @@ | |||
1 | # Sanity check the sota setup for common misconfigurations | 1 | # Sanity check the sota setup for common misconfigurations |
2 | 2 | ||
3 | def sota_check_overrides(status, d): | 3 | def sota_check_overrides(status, d): |
4 | for var in (d.getVar('SOTA_OVERRIDES_BLACKLIST', True) or "").split(): | 4 | for var in (d.getVar('SOTA_OVERRIDES_BLACKLIST') or "").split(): |
5 | if var in d.getVar('OVERRIDES', True).split(':'): | 5 | if var in d.getVar('OVERRIDES').split(':'): |
6 | status.addresult("%s should not be a overrides, because it is a image fstype in updater layer, please check your OVERRIDES setting.\n" % var) | 6 | status.addresult("%s should not be a overrides, because it is a image fstype in updater layer, please check your OVERRIDES setting.\n" % var) |
7 | 7 | ||
8 | def sota_check_required_variables(status, d): | 8 | def sota_check_required_variables(status, d): |
9 | for var in (d.getVar('SOTA_REQUIRED_VARIABLES', True) or "").split(): | 9 | for var in (d.getVar('SOTA_REQUIRED_VARIABLES') or "").split(): |
10 | if not d.getVar(var, True): | 10 | if not d.getVar(var): |
11 | status.addresult("%s should be set in your local.conf.\n" % var) | 11 | status.addresult("%s should be set in your local.conf.\n" % var) |
12 | 12 | ||
13 | def sota_raise_sanity_error(msg, d): | 13 | def sota_raise_sanity_error(msg, d): |
14 | if d.getVar("SANITY_USE_EVENTS", True) == "1": | 14 | if d.getVar("SANITY_USE_EVENTS") == "1": |
15 | bb.event.fire(bb.event.SanityCheckFailed(msg), d) | 15 | bb.event.fire(bb.event.SanityCheckFailed(msg), d) |
16 | return | 16 | return |
17 | 17 | ||
diff --git a/conf/distro/sota.conf.inc b/conf/distro/sota.conf.inc index 8de9597..f6111bf 100644 --- a/conf/distro/sota.conf.inc +++ b/conf/distro/sota.conf.inc | |||
@@ -10,4 +10,10 @@ INHERIT += " sota" | |||
10 | # Prelinking increases the size of downloads and causes build errors | 10 | # Prelinking increases the size of downloads and causes build errors |
11 | USER_CLASSES_remove = "image-prelink" | 11 | USER_CLASSES_remove = "image-prelink" |
12 | 12 | ||
13 | # Enable reproducible builds. Use 0 as mtime, the same as OSTree is using. | ||
14 | INHERIT += "reproducible_build_simple" | ||
15 | |||
16 | export SOURCE_DATE_EPOCH ?= "0" | ||
17 | REPRODUCIBLE_TIMESTAMP_ROOTFS ?= "0" | ||
18 | |||
13 | HOSTTOOLS_append = " sync sha256sum" | 19 | HOSTTOOLS_append = " sync sha256sum" |
diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov.bb b/recipes-sota/aktualizr/aktualizr-auto-prov.bb index f506cab..308f552 100644 --- a/recipes-sota/aktualizr/aktualizr-auto-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-auto-prov.bb | |||
@@ -6,7 +6,7 @@ LICENSE = "MPL-2.0" | |||
6 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" | 6 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" |
7 | 7 | ||
8 | DEPENDS = "aktualizr-native zip-native" | 8 | DEPENDS = "aktualizr-native zip-native" |
9 | RDEPENDS_${PN}_append = "${@' aktualizr-auto-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS', True) == '1' else ''}" | 9 | RDEPENDS_${PN}_append = "${@' aktualizr-auto-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS') == '1' else ''}" |
10 | PV = "1.0" | 10 | PV = "1.0" |
11 | PR = "6" | 11 | PR = "6" |
12 | 12 | ||
diff --git a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb index 5893ed2..8dcda99 100644 --- a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb | |||
@@ -10,7 +10,7 @@ LICENSE = "MPL-2.0" | |||
10 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" | 10 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" |
11 | 11 | ||
12 | DEPENDS = "aktualizr aktualizr-native openssl-native" | 12 | DEPENDS = "aktualizr aktualizr-native openssl-native" |
13 | RDEPENDS_${PN}_append = "${@' aktualizr-ca-implicit-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS', True) == '1' else ''}" | 13 | RDEPENDS_${PN}_append = "${@' aktualizr-ca-implicit-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS') == '1' else ''}" |
14 | 14 | ||
15 | PV = "1.0" | 15 | PV = "1.0" |
16 | PR = "1" | 16 | PR = "1" |
diff --git a/recipes-sota/aktualizr/aktualizr-hsm-prov.bb b/recipes-sota/aktualizr/aktualizr-hsm-prov.bb index 7947edd..27aba0f 100644 --- a/recipes-sota/aktualizr/aktualizr-hsm-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-hsm-prov.bb | |||
@@ -6,7 +6,7 @@ LICENSE = "MPL-2.0" | |||
6 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" | 6 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" |
7 | 7 | ||
8 | DEPENDS = "aktualizr aktualizr-native" | 8 | DEPENDS = "aktualizr aktualizr-native" |
9 | RDEPENDS_${PN}_append = "${@' aktualizr-ca-implicit-prov-creds softhsm-testtoken' if d.getVar('SOTA_DEPLOY_CREDENTIALS', True) == '1' else ''}" | 9 | RDEPENDS_${PN}_append = "${@' aktualizr-ca-implicit-prov-creds softhsm-testtoken' if d.getVar('SOTA_DEPLOY_CREDENTIALS') == '1' else ''}" |
10 | 10 | ||
11 | SRC_URI = "" | 11 | SRC_URI = "" |
12 | PV = "1.0" | 12 | PV = "1.0" |
diff --git a/recipes-sota/aktualizr/credentials.inc b/recipes-sota/aktualizr/credentials.inc index 256c8ff..7c44257 100644 --- a/recipes-sota/aktualizr/credentials.inc +++ b/recipes-sota/aktualizr/credentials.inc | |||
@@ -1 +1 @@ | |||
SRC_URI_append = "${@('file://' + d.getVar('SOTA_PACKED_CREDENTIALS', True)) if d.getVar('SOTA_PACKED_CREDENTIALS', True) else ''}" | SRC_URI_append = "${@('file://' + d.getVar('SOTA_PACKED_CREDENTIALS')) if d.getVar('SOTA_PACKED_CREDENTIALS') else ''}" | ||
diff --git a/recipes-sota/aktualizr/garage-sign-version.inc b/recipes-sota/aktualizr/garage-sign-version.inc index 1b89a3d..2cea6c9 100644 --- a/recipes-sota/aktualizr/garage-sign-version.inc +++ b/recipes-sota/aktualizr/garage-sign-version.inc | |||
@@ -1,11 +1,11 @@ | |||
1 | 1 | ||
2 | python () { | 2 | python () { |
3 | if d.getVar("GARAGE_SIGN_VERSION", True) or not d.getVar("SOTA_PACKED_CREDENTIALS", True): | 3 | if d.getVar("GARAGE_SIGN_VERSION") or not d.getVar("SOTA_PACKED_CREDENTIALS"): |
4 | return | 4 | return |
5 | import json | 5 | import json |
6 | import urllib.request | 6 | import urllib.request |
7 | import zipfile | 7 | import zipfile |
8 | with zipfile.ZipFile(d.getVar("SOTA_PACKED_CREDENTIALS", True), 'r') as zip_ref: | 8 | with zipfile.ZipFile(d.getVar("SOTA_PACKED_CREDENTIALS"), 'r') as zip_ref: |
9 | try: | 9 | try: |
10 | with zip_ref.open('tufrepo.url', mode='r') as url_file: | 10 | with zip_ref.open('tufrepo.url', mode='r') as url_file: |
11 | url = url_file.read().decode().strip(' \t\n') + '/health/version' | 11 | url = url_file.read().decode().strip(' \t\n') + '/health/version' |
diff --git a/recipes-sota/fit-conf/fit-conf.bb b/recipes-sota/fit-conf/fit-conf.bb new file mode 100644 index 0000000..c6cecec --- /dev/null +++ b/recipes-sota/fit-conf/fit-conf.bb | |||
@@ -0,0 +1,22 @@ | |||
1 | SUMMARY = "FIT image configuration for u-boot to use" | ||
2 | LICENSE = "MIT" | ||
3 | LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" | ||
4 | |||
5 | do_install() { | ||
6 | mkdir -p ${D}${libdir} | ||
7 | echo -n "fit_conf=" >${D}${libdir}/fit_conf | ||
8 | |||
9 | if [ -n ${SOTA_MAIN_DTB} ]; then | ||
10 | echo -n "#conf@${SOTA_MAIN_DTB}" >> ${D}${libdir}/fit_conf | ||
11 | fi | ||
12 | |||
13 | for ovrl in ${SOTA_DT_OVERLAYS}; do | ||
14 | echo -n "#conf@overlays_${ovrl}" >> ${D}${libdir}/fit_conf | ||
15 | done | ||
16 | |||
17 | for conf_frag in ${SOTA_EXTRA_CONF_FRAGS}; do | ||
18 | echo -n "#${conf_frag}" >> ${D}${libdir}/fit_conf | ||
19 | done | ||
20 | } | ||
21 | |||
22 | FILES_${PN} += "${libdir}/fit_conf" | ||
diff --git a/recipes-sota/ostree/ostree_git.bb b/recipes-sota/ostree/ostree_git.bb index 3e3c951..93ae6e7 100644 --- a/recipes-sota/ostree/ostree_git.bb +++ b/recipes-sota/ostree/ostree_git.bb | |||
@@ -7,9 +7,9 @@ inherit autotools pkgconfig systemd bash-completion gobject-introspection | |||
7 | 7 | ||
8 | SRC_URI = "gitsm://github.com/ostreedev/ostree.git;branch=master" | 8 | SRC_URI = "gitsm://github.com/ostreedev/ostree.git;branch=master" |
9 | 9 | ||
10 | SRCREV="3e96ec9811b5cfc5481f8b6b06c8d34d9a35408e" | 10 | SRCREV = "f3eba6bcec39c163eb831c02c148ffa483292906" |
11 | 11 | ||
12 | PV = "v2018.7" | 12 | PV = "v2018.9" |
13 | 13 | ||
14 | S = "${WORKDIR}/git" | 14 | S = "${WORKDIR}/git" |
15 | 15 | ||
@@ -61,6 +61,7 @@ FILES_${PN} = "${bindir} \ | |||
61 | ${libdir}/ostree/ostree-remount \ | 61 | ${libdir}/ostree/ostree-remount \ |
62 | ${libdir}/girepository-1.0/* \ | 62 | ${libdir}/girepository-1.0/* \ |
63 | ${@bb.utils.contains('DISTRO_FEATURES','systemd','${libdir}/tmpfiles.d', '', d)} \ | 63 | ${@bb.utils.contains('DISTRO_FEATURES','systemd','${libdir}/tmpfiles.d', '', d)} \ |
64 | ${@bb.utils.contains('DISTRO_FEATURES','systemd','${systemd_unitdir}/system/*.path', '', d)} \ | ||
64 | ${@bb.utils.contains('DISTRO_FEATURES','systemd','${systemd_unitdir}/system-generators', '', d)} \ | 65 | ${@bb.utils.contains('DISTRO_FEATURES','systemd','${systemd_unitdir}/system-generators', '', d)} \ |
65 | " | 66 | " |
66 | FILES_${PN}-dev += " ${datadir}/gir-1.0" | 67 | FILES_${PN}-dev += " ${datadir}/gir-1.0" |
diff --git a/recipes-support/libp11/files/0001-Workaround-for-a-buggy-version-of-openssl-1.0.2m.patch b/recipes-support/libp11/files/0001-Workaround-for-a-buggy-version-of-openssl-1.0.2m.patch deleted file mode 100644 index 55f2ed3..0000000 --- a/recipes-support/libp11/files/0001-Workaround-for-a-buggy-version-of-openssl-1.0.2m.patch +++ /dev/null | |||
@@ -1,42 +0,0 @@ | |||
1 | From ccab5ce63dd5d3dbb4bd02998d21d34407e550f2 Mon Sep 17 00:00:00 2001 | ||
2 | From: Anton Gerasimov <anton.gerasimov@here.com> | ||
3 | Date: Fri, 19 Jan 2018 12:44:27 +0100 | ||
4 | Subject: [PATCH] Workaround for a buggy version of openssl (1.0.2m) | ||
5 | |||
6 | --- | ||
7 | src/p11_pkey.c | 12 +++++++++--- | ||
8 | 1 file changed, 9 insertions(+), 3 deletions(-) | ||
9 | |||
10 | diff --git a/src/p11_pkey.c b/src/p11_pkey.c | ||
11 | index 45d5ad3..75625e6 100644 | ||
12 | --- a/src/p11_pkey.c | ||
13 | +++ b/src/p11_pkey.c | ||
14 | @@ -139,8 +139,14 @@ static void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src) | ||
15 | |||
16 | #endif | ||
17 | |||
18 | -#if OPENSSL_VERSION_NUMBER < 0x100020d0L || defined(LIBRESSL_VERSION_NUMBER) | ||
19 | -static void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth, | ||
20 | +#if OPENSSL_VERSION_NUMBER < 0x10002110L || defined(LIBRESSL_VERSION_NUMBER) | ||
21 | + | ||
22 | +# if (OPENSSL_VERSION_NUMBER & 0xFFFFFFF0) == 0x100020d0L | ||
23 | +# undef EVP_PKEY_meth_get_sign | ||
24 | +# undef EVP_PKEY_meth_get_decrypt | ||
25 | +# endif | ||
26 | + | ||
27 | +void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth, | ||
28 | int (**psign_init) (EVP_PKEY_CTX *ctx), | ||
29 | int (**psign) (EVP_PKEY_CTX *ctx, | ||
30 | unsigned char *sig, size_t *siglen, | ||
31 | @@ -152,7 +158,7 @@ static void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth, | ||
32 | *psign = pmeth->sign; | ||
33 | } | ||
34 | |||
35 | -static void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth, | ||
36 | +void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth, | ||
37 | int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), | ||
38 | int (**pdecrypt) (EVP_PKEY_CTX *ctx, | ||
39 | unsigned char *out, | ||
40 | -- | ||
41 | 2.15.1 | ||
42 | |||
diff --git a/recipes-support/libp11/libp11_0.4.9.bb b/recipes-support/libp11/libp11_git.bb index 6d0165f..bedcdc8 100644 --- a/recipes-support/libp11/libp11_0.4.9.bb +++ b/recipes-support/libp11/libp11_git.bb | |||
@@ -9,9 +9,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=fad9b3332be894bab9bc501572864b29" | |||
9 | DEPENDS = "libtool openssl" | 9 | DEPENDS = "libtool openssl" |
10 | RDEPENDS_${PN} += " opensc" | 10 | RDEPENDS_${PN} += " opensc" |
11 | 11 | ||
12 | SRC_URI = "git://github.com/OpenSC/libp11.git \ | 12 | SRC_URI = "git://github.com/OpenSC/libp11.git" |
13 | file://0001-Workaround-for-a-buggy-version-of-openssl-1.0.2m.patch" | 13 | SRCREV = "57ca68ff67efa08e3be1f26dec6d23bf5bb977f2" |
14 | SRCREV = "e1210903291b1de9eabcad26e740a4b2fbcca692" | 14 | |
15 | PV = "0.4.9+git${SRCPV}" | ||
15 | 16 | ||
16 | S = "${WORKDIR}/git" | 17 | S = "${WORKDIR}/git" |
17 | 18 | ||
diff --git a/recipes-support/sc-hsm-embedded/files/0001-Cross-compilation-tweaks.patch b/recipes-support/sc-hsm-embedded/files/0001-Cross-compilation-tweaks.patch deleted file mode 100644 index b3a7622..0000000 --- a/recipes-support/sc-hsm-embedded/files/0001-Cross-compilation-tweaks.patch +++ /dev/null | |||
@@ -1,86 +0,0 @@ | |||
1 | From b6add28acb884b6006216e8422cc18504483c72e Mon Sep 17 00:00:00 2001 | ||
2 | From: Anton Gerasimov <anton@advancedtelematic.com> | ||
3 | Date: Fri, 8 Sep 2017 15:08:40 +0200 | ||
4 | Subject: [PATCH] Cross-compilation tweaks | ||
5 | |||
6 | --- | ||
7 | m4/acx_openssl.m4 | 2 ++ | ||
8 | m4/acx_openssl_ecc.m4 | 3 +++ | ||
9 | m4/acx_openssl_fips.m4 | 2 ++ | ||
10 | m4/acx_openssl_gost.m4 | 2 ++ | ||
11 | 4 files changed, 9 insertions(+) | ||
12 | |||
13 | diff --git a/m4/acx_openssl.m4 b/m4/acx_openssl.m4 | ||
14 | index e90c78f..9de6055 100644 | ||
15 | --- a/m4/acx_openssl.m4 | ||
16 | +++ b/m4/acx_openssl.m4 | ||
17 | @@ -25,6 +25,7 @@ AC_DEFUN([ACX_OPENSSL],[ | ||
18 | AC_CHECK_HEADERS([openssl/ssl.h],,[AC_MSG_ERROR([Can't find OpenSSL headers])]) | ||
19 | AC_CHECK_LIB(crypto, BN_new,,[AC_MSG_ERROR([Can't find OpenSSL library])]) | ||
20 | |||
21 | + if test "$cross_compiling" != yes; then | ||
22 | AC_MSG_CHECKING([for OpenSSL version]) | ||
23 | CHECK_OPENSSL_VERSION=m4_format(0x%02x%02x%02x000L, $1, $2, $3) | ||
24 | AC_LANG_PUSH([C]) | ||
25 | @@ -51,6 +52,7 @@ AC_DEFUN([ACX_OPENSSL],[ | ||
26 | AC_MSG_ERROR([OpenSSL library too old ($1.$2.$3 or later required)]) | ||
27 | ],[]) | ||
28 | AC_LANG_POP([C]) | ||
29 | + fi | ||
30 | |||
31 | CPPFLAGS=$tmp_CPPFLAGS | ||
32 | LIBS=$tmp_LIBS | ||
33 | diff --git a/m4/acx_openssl_ecc.m4 b/m4/acx_openssl_ecc.m4 | ||
34 | index 612c505..ba2389d 100644 | ||
35 | --- a/m4/acx_openssl_ecc.m4 | ||
36 | +++ b/m4/acx_openssl_ecc.m4 | ||
37 | @@ -1,4 +1,5 @@ | ||
38 | AC_DEFUN([ACX_OPENSSL_ECC],[ | ||
39 | + if test "$cross_compiling" != yes; then | ||
40 | AC_MSG_CHECKING(for OpenSSL ECC support) | ||
41 | |||
42 | tmp_CPPFLAGS=$CPPFLAGS | ||
43 | @@ -32,6 +33,8 @@ AC_DEFUN([ACX_OPENSSL_ECC],[ | ||
44 | ],[]) | ||
45 | AC_LANG_POP([C]) | ||
46 | |||
47 | + fi | ||
48 | + | ||
49 | CPPFLAGS=$tmp_CPPFLAGS | ||
50 | LIBS=$tmp_LIBS | ||
51 | ]) | ||
52 | diff --git a/m4/acx_openssl_fips.m4 b/m4/acx_openssl_fips.m4 | ||
53 | index 0491397..896cdbf 100644 | ||
54 | --- a/m4/acx_openssl_fips.m4 | ||
55 | +++ b/m4/acx_openssl_fips.m4 | ||
56 | @@ -1,4 +1,5 @@ | ||
57 | AC_DEFUN([ACX_OPENSSL_FIPS],[ | ||
58 | + if test "$cross_compiling" != yes; then | ||
59 | AC_MSG_CHECKING(for OpenSSL FIPS capable library) | ||
60 | |||
61 | tmp_CPPFLAGS=$CPPFLAGS | ||
62 | @@ -47,4 +48,5 @@ AC_DEFUN([ACX_OPENSSL_FIPS],[ | ||
63 | |||
64 | CPPFLAGS=$tmp_CPPFLAGS | ||
65 | LIBS=$tmp_LIBS | ||
66 | + fi | ||
67 | ]) | ||
68 | diff --git a/m4/acx_openssl_gost.m4 b/m4/acx_openssl_gost.m4 | ||
69 | index dca489b..34c39d8 100644 | ||
70 | --- a/m4/acx_openssl_gost.m4 | ||
71 | +++ b/m4/acx_openssl_gost.m4 | ||
72 | @@ -1,4 +1,5 @@ | ||
73 | AC_DEFUN([ACX_OPENSSL_GOST],[ | ||
74 | + if test "$cross_compiling" != yes; then | ||
75 | AC_MSG_CHECKING(for OpenSSL GOST support) | ||
76 | |||
77 | tmp_CPPFLAGS=$CPPFLAGS | ||
78 | @@ -62,4 +63,5 @@ AC_DEFUN([ACX_OPENSSL_GOST],[ | ||
79 | |||
80 | CPPFLAGS=$tmp_CPPFLAGS | ||
81 | LIBS=$tmp_LIBS | ||
82 | + fi | ||
83 | ]) | ||
84 | -- | ||
85 | 2.7.4 | ||
86 | |||
diff --git a/recipes-support/sc-hsm-embedded/sc-hsm-embedded_git.bb b/recipes-support/sc-hsm-embedded/sc-hsm-embedded_git.bb deleted file mode 100644 index 062d514..0000000 --- a/recipes-support/sc-hsm-embedded/sc-hsm-embedded_git.bb +++ /dev/null | |||
@@ -1,22 +0,0 @@ | |||
1 | SUMMARY = "Smartcard HSM driver" | ||
2 | LICENSE = "BSD" | ||
3 | LIC_FILES_CHKSUM = "file://COPYING;md5=55b854a477953696452f698a3af5de1c" | ||
4 | |||
5 | inherit autotools-brokensep | ||
6 | |||
7 | |||
8 | SRC_URI = "git://github.com/CardContact/sc-hsm-embedded.git;branch=master" | ||
9 | SRCREV="a45155d4249575ebdfb16ff26fdedbc4c4813002" | ||
10 | |||
11 | S = "${WORKDIR}/git" | ||
12 | |||
13 | DEPENDS += " openssl pcsc-lite" | ||
14 | |||
15 | do_configure() { | ||
16 | autoreconf -fi | ||
17 | oe_runconf | ||
18 | } | ||
19 | |||
20 | FILES_${PN} += "${libdir}" | ||
21 | FILES_SOLIBSDEV = "" | ||
22 | |||
diff --git a/recipes-support/softhsm/files/0001-Cross-compilation-tweaks.patch b/recipes-support/softhsm/files/0001-Cross-compilation-tweaks.patch deleted file mode 100644 index b3a7622..0000000 --- a/recipes-support/softhsm/files/0001-Cross-compilation-tweaks.patch +++ /dev/null | |||
@@ -1,86 +0,0 @@ | |||
1 | From b6add28acb884b6006216e8422cc18504483c72e Mon Sep 17 00:00:00 2001 | ||
2 | From: Anton Gerasimov <anton@advancedtelematic.com> | ||
3 | Date: Fri, 8 Sep 2017 15:08:40 +0200 | ||
4 | Subject: [PATCH] Cross-compilation tweaks | ||
5 | |||
6 | --- | ||
7 | m4/acx_openssl.m4 | 2 ++ | ||
8 | m4/acx_openssl_ecc.m4 | 3 +++ | ||
9 | m4/acx_openssl_fips.m4 | 2 ++ | ||
10 | m4/acx_openssl_gost.m4 | 2 ++ | ||
11 | 4 files changed, 9 insertions(+) | ||
12 | |||
13 | diff --git a/m4/acx_openssl.m4 b/m4/acx_openssl.m4 | ||
14 | index e90c78f..9de6055 100644 | ||
15 | --- a/m4/acx_openssl.m4 | ||
16 | +++ b/m4/acx_openssl.m4 | ||
17 | @@ -25,6 +25,7 @@ AC_DEFUN([ACX_OPENSSL],[ | ||
18 | AC_CHECK_HEADERS([openssl/ssl.h],,[AC_MSG_ERROR([Can't find OpenSSL headers])]) | ||
19 | AC_CHECK_LIB(crypto, BN_new,,[AC_MSG_ERROR([Can't find OpenSSL library])]) | ||
20 | |||
21 | + if test "$cross_compiling" != yes; then | ||
22 | AC_MSG_CHECKING([for OpenSSL version]) | ||
23 | CHECK_OPENSSL_VERSION=m4_format(0x%02x%02x%02x000L, $1, $2, $3) | ||
24 | AC_LANG_PUSH([C]) | ||
25 | @@ -51,6 +52,7 @@ AC_DEFUN([ACX_OPENSSL],[ | ||
26 | AC_MSG_ERROR([OpenSSL library too old ($1.$2.$3 or later required)]) | ||
27 | ],[]) | ||
28 | AC_LANG_POP([C]) | ||
29 | + fi | ||
30 | |||
31 | CPPFLAGS=$tmp_CPPFLAGS | ||
32 | LIBS=$tmp_LIBS | ||
33 | diff --git a/m4/acx_openssl_ecc.m4 b/m4/acx_openssl_ecc.m4 | ||
34 | index 612c505..ba2389d 100644 | ||
35 | --- a/m4/acx_openssl_ecc.m4 | ||
36 | +++ b/m4/acx_openssl_ecc.m4 | ||
37 | @@ -1,4 +1,5 @@ | ||
38 | AC_DEFUN([ACX_OPENSSL_ECC],[ | ||
39 | + if test "$cross_compiling" != yes; then | ||
40 | AC_MSG_CHECKING(for OpenSSL ECC support) | ||
41 | |||
42 | tmp_CPPFLAGS=$CPPFLAGS | ||
43 | @@ -32,6 +33,8 @@ AC_DEFUN([ACX_OPENSSL_ECC],[ | ||
44 | ],[]) | ||
45 | AC_LANG_POP([C]) | ||
46 | |||
47 | + fi | ||
48 | + | ||
49 | CPPFLAGS=$tmp_CPPFLAGS | ||
50 | LIBS=$tmp_LIBS | ||
51 | ]) | ||
52 | diff --git a/m4/acx_openssl_fips.m4 b/m4/acx_openssl_fips.m4 | ||
53 | index 0491397..896cdbf 100644 | ||
54 | --- a/m4/acx_openssl_fips.m4 | ||
55 | +++ b/m4/acx_openssl_fips.m4 | ||
56 | @@ -1,4 +1,5 @@ | ||
57 | AC_DEFUN([ACX_OPENSSL_FIPS],[ | ||
58 | + if test "$cross_compiling" != yes; then | ||
59 | AC_MSG_CHECKING(for OpenSSL FIPS capable library) | ||
60 | |||
61 | tmp_CPPFLAGS=$CPPFLAGS | ||
62 | @@ -47,4 +48,5 @@ AC_DEFUN([ACX_OPENSSL_FIPS],[ | ||
63 | |||
64 | CPPFLAGS=$tmp_CPPFLAGS | ||
65 | LIBS=$tmp_LIBS | ||
66 | + fi | ||
67 | ]) | ||
68 | diff --git a/m4/acx_openssl_gost.m4 b/m4/acx_openssl_gost.m4 | ||
69 | index dca489b..34c39d8 100644 | ||
70 | --- a/m4/acx_openssl_gost.m4 | ||
71 | +++ b/m4/acx_openssl_gost.m4 | ||
72 | @@ -1,4 +1,5 @@ | ||
73 | AC_DEFUN([ACX_OPENSSL_GOST],[ | ||
74 | + if test "$cross_compiling" != yes; then | ||
75 | AC_MSG_CHECKING(for OpenSSL GOST support) | ||
76 | |||
77 | tmp_CPPFLAGS=$CPPFLAGS | ||
78 | @@ -62,4 +63,5 @@ AC_DEFUN([ACX_OPENSSL_GOST],[ | ||
79 | |||
80 | CPPFLAGS=$tmp_CPPFLAGS | ||
81 | LIBS=$tmp_LIBS | ||
82 | + fi | ||
83 | ]) | ||
84 | -- | ||
85 | 2.7.4 | ||
86 | |||
diff --git a/recipes-support/softhsm/softhsm_git.bb b/recipes-support/softhsm/softhsm_git.bb index c26903d..4dcfe7d 100644 --- a/recipes-support/softhsm/softhsm_git.bb +++ b/recipes-support/softhsm/softhsm_git.bb | |||
@@ -1,27 +1,26 @@ | |||
1 | SUMMARY = "HSM emulator" | 1 | SUMMARY = "HSM emulator" |
2 | LICENSE = "BSD" | 2 | HOMEPAGE = "https://www.opendnssec.org/softhsm/" |
3 | LICENSE = "BSD-2-Clause & ISC" | ||
3 | LIC_FILES_CHKSUM = "file://LICENSE;md5=ef3f77a3507c3d91e75b9f2bdaee4210" | 4 | LIC_FILES_CHKSUM = "file://LICENSE;md5=ef3f77a3507c3d91e75b9f2bdaee4210" |
4 | 5 | ||
5 | inherit autotools-brokensep | 6 | DEPENDS = "openssl" |
6 | 7 | ||
8 | SRC_URI = "git://github.com/opendnssec/SoftHSMv2.git;branch=master" | ||
9 | SRCREV = "369df0383d101bc8952692c2a368ac8bc887d1b4" | ||
7 | 10 | ||
8 | SRC_URI = "git://github.com/opendnssec/SoftHSMv2.git;branch=master \ | 11 | PV = "2.5.0" |
9 | file://0001-Cross-compilation-tweaks.patch" | ||
10 | SRCREV="1f7498c0c65b1b1ad5e1bdbd87e9d4b100705745" | ||
11 | 12 | ||
12 | S = "${WORKDIR}/git" | 13 | S = "${WORKDIR}/git" |
13 | 14 | ||
14 | DEPENDS += " openssl" | 15 | inherit autotools pkgconfig |
15 | 16 | ||
16 | EXTRA_OECONF = "--disable-gost --with-openssl=${STAGING_LIBDIR}/.." | 17 | # EdDSA requires OpenSSL >= 1.1.1 |
18 | EXTRA_OECONF = "--enable-eddsa --disable-gost" | ||
17 | 19 | ||
18 | do_configure() { | 20 | do_configure_prepend() { |
19 | unset docdir | 21 | ( |
20 | sh ./autogen.sh | 22 | cd ${S} |
21 | oe_runconf | 23 | unset docdir |
24 | sh ./autogen.sh | ||
25 | ) | ||
22 | } | 26 | } |
23 | |||
24 | FILES_${PN} = "${bindir} \ | ||
25 | ${libdir}/softhsm \ | ||
26 | ${sysconfdir} \ | ||
27 | ${localstatedir}/lib/softhsm " | ||
diff --git a/scripts/ci/Jenkinsfile.bleeding-selftest b/scripts/ci/Jenkinsfile.bleeding-selftest index e50b4b6..8c2d1de 100644 --- a/scripts/ci/Jenkinsfile.bleeding-selftest +++ b/scripts/ci/Jenkinsfile.bleeding-selftest | |||
@@ -10,7 +10,9 @@ node { | |||
10 | } | 10 | } |
11 | 11 | ||
12 | pipeline { | 12 | pipeline { |
13 | agent any | 13 | agent { |
14 | node { label 'bitbake' } | ||
15 | } | ||
14 | environment { | 16 | environment { |
15 | TEST_AKTUALIZR_REMOTE = 'aktualizr' | 17 | TEST_AKTUALIZR_REMOTE = 'aktualizr' |
16 | TEST_AKTUALIZR_DIR = 'aktualizr' | 18 | TEST_AKTUALIZR_DIR = 'aktualizr' |