Add recipes to test pkcs11 functionality in Aktualizr

author: Anton Gerasimov <anton@advancedtelematic.com> 2017-09-08 17:11:33 +0200
committer: Anton Gerasimov <anton@advancedtelematic.com> 2017-09-13 11:53:33 +0200
commit: 4a7366c4f161a98611a292394a9662a0c507f904 (patch)
tree: 2b71f99717dec2b17c23684bc20311c926489d32
parent: 6db91a2e484ab026dd50817147beed31c49abc2b (diff)
download: meta-updater-4a7366c4f161a98611a292394a9662a0c507f904.tar.gz
10 files changed, 290 insertions, 2 deletions
diff --git a/classes/sota.bbclass b/classes/sota.bbclass
index c825143..d3b66e0 100644
--- a/classes/sota.bbclass
+++ b/classes/sota.bbclass
@@ -18,7 +18,7 @@ EXTRA_IMAGEDEPENDS_append_sota = " parted-native mtools-native dosfstools-native
 # Please redefine OSTREE_REPO in order to have a persistent OSTree repo
 OSTREE_REPO ?= "${DEPLOY_DIR_IMAGE}/ostree_repo"
 # For UPTANE operation, OSTREE_BRANCHNAME must start with "${MACHINE}-"
-OSTREE_BRANCHNAME ?= "${MACHINE}-ota"
+OSTREE_BRANCHNAME ?= "${MACHINE}"
 OSTREE_OSNAME ?= "poky"
 OSTREE_INITRAMFS_IMAGE ?= "initramfs-ostree-image"
diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb
index e02442a..716b759 100644
--- a/recipes-sota/aktualizr/aktualizr_git.bb
+++ b/recipes-sota/aktualizr/aktualizr_git.bb
@@ -7,6 +7,11 @@ LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=9741c346eef56131163e13b9db1241b3"
 DEPENDS = "boost curl openssl jansson libsodium ostree"
 RDEPENDS_${PN} = "lshw"
+DEPENDS_append = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', ' libp11', '', d)}"
+RDEPENDS_${PN}_append = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', ' engine-pkcs11', '', d)}"
+RDEPENDS_${PN}_append = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm-test', ' softhsm softhsm-testtoken', '', d)}"
 SRC_URI = " \
  git://github.com/advancedtelematic/aktualizr \
  "
diff --git a/recipes-support/glib-networking/glib-networking_%.bbappend b/recipes-support/glib-networking/glib-networking_%.bbappend
index 1c4fe19..22e6f05 100644
--- a/recipes-support/glib-networking/glib-networking_%.bbappend
+++ b/recipes-support/glib-networking/glib-networking_%.bbappend
@@ -2,5 +2,7 @@ BBCLASSEXTEND_append_sota = " native nativesdk"
 # Hackery to prevent relocatable_native_pcfiles from crashing
 do_install_append_class-native () {
-        rmdir ${D}${libdir}/pkgconfig
+        if [ -d ${D}${libdir}/pkgconfig ]; then
+                rmdir ${D}${libdir}/pkgconfig
+        fi
 }
diff --git a/recipes-support/sc-hsm-embedded/files/0001-Cross-compilation-tweaks.patch b/recipes-support/sc-hsm-embedded/files/0001-Cross-compilation-tweaks.patch
new file mode 100644
index 0000000..b3a7622
--- /dev/null
+++ b/recipes-support/sc-hsm-embedded/files/0001-Cross-compilation-tweaks.patch
@@ -0,0 +1,86 @@
+From b6add28acb884b6006216e8422cc18504483c72e Mon Sep 17 00:00:00 2001
+From: Anton Gerasimov <anton@advancedtelematic.com>
+Date: Fri, 8 Sep 2017 15:08:40 +0200
+Subject: [PATCH] Cross-compilation tweaks
+---
+ m4/acx_openssl.m4      | 2 ++
+ m4/acx_openssl_ecc.m4  | 3 +++
+ m4/acx_openssl_fips.m4 | 2 ++
+ m4/acx_openssl_gost.m4 | 2 ++
+ 4 files changed, 9 insertions(+)
+diff --git a/m4/acx_openssl.m4 b/m4/acx_openssl.m4
+index e90c78f..9de6055 100644
+--- a/m4/acx_openssl.m4
+++ b/m4/acx_openssl.m4
+@@ -25,6 +25,7 @@ AC_DEFUN([ACX_OPENSSL],[
+        AC_CHECK_HEADERS([openssl/ssl.h],,[AC_MSG_ERROR([Can't find OpenSSL headers])])
+        AC_CHECK_LIB(crypto, BN_new,,[AC_MSG_ERROR([Can't find OpenSSL library])])
+ 
+       if test "$cross_compiling" != yes; then
+        AC_MSG_CHECKING([for OpenSSL version])
+        CHECK_OPENSSL_VERSION=m4_format(0x%02x%02x%02x000L, $1, $2, $3)
+        AC_LANG_PUSH([C])
+@@ -51,6 +52,7 @@ AC_DEFUN([ACX_OPENSSL],[
+                AC_MSG_ERROR([OpenSSL library too old ($1.$2.$3 or later required)])
+        ],[])
+        AC_LANG_POP([C])
+       fi
+ 
+        CPPFLAGS=$tmp_CPPFLAGS
+        LIBS=$tmp_LIBS
+diff --git a/m4/acx_openssl_ecc.m4 b/m4/acx_openssl_ecc.m4
+index 612c505..ba2389d 100644
+--- a/m4/acx_openssl_ecc.m4
+++ b/m4/acx_openssl_ecc.m4
+@@ -1,4 +1,5 @@
+ AC_DEFUN([ACX_OPENSSL_ECC],[
+       if test "$cross_compiling" != yes; then
+        AC_MSG_CHECKING(for OpenSSL ECC support)
+ 
+        tmp_CPPFLAGS=$CPPFLAGS
+@@ -32,6 +33,8 @@ AC_DEFUN([ACX_OPENSSL_ECC],[
+        ],[])
+        AC_LANG_POP([C])
+ 
+       fi
+
+        CPPFLAGS=$tmp_CPPFLAGS
+        LIBS=$tmp_LIBS
+ ])
+diff --git a/m4/acx_openssl_fips.m4 b/m4/acx_openssl_fips.m4
+index 0491397..896cdbf 100644
+--- a/m4/acx_openssl_fips.m4
+++ b/m4/acx_openssl_fips.m4
+@@ -1,4 +1,5 @@
+ AC_DEFUN([ACX_OPENSSL_FIPS],[
+       if test "$cross_compiling" != yes; then
+        AC_MSG_CHECKING(for OpenSSL FIPS capable library)
+ 
+        tmp_CPPFLAGS=$CPPFLAGS
+@@ -47,4 +48,5 @@ AC_DEFUN([ACX_OPENSSL_FIPS],[
+ 
+        CPPFLAGS=$tmp_CPPFLAGS
+        LIBS=$tmp_LIBS
+       fi
+ ])
+diff --git a/m4/acx_openssl_gost.m4 b/m4/acx_openssl_gost.m4
+index dca489b..34c39d8 100644
+--- a/m4/acx_openssl_gost.m4
+++ b/m4/acx_openssl_gost.m4
+@@ -1,4 +1,5 @@
+ AC_DEFUN([ACX_OPENSSL_GOST],[
+       if test "$cross_compiling" != yes; then
+        AC_MSG_CHECKING(for OpenSSL GOST support)
+ 
+        tmp_CPPFLAGS=$CPPFLAGS
+@@ -62,4 +63,5 @@ AC_DEFUN([ACX_OPENSSL_GOST],[
+ 
+        CPPFLAGS=$tmp_CPPFLAGS
+        LIBS=$tmp_LIBS
+       fi
+ ])
+-- 
+2.7.4
diff --git a/recipes-support/sc-hsm-embedded/sc-hsm-embedded_git.bb b/recipes-support/sc-hsm-embedded/sc-hsm-embedded_git.bb
new file mode 100644
index 0000000..062d514
--- /dev/null
+++ b/recipes-support/sc-hsm-embedded/sc-hsm-embedded_git.bb
@@ -0,0 +1,22 @@
+SUMMARY = "Smartcard HSM driver"
+LICENSE = "BSD"
+LIC_FILES_CHKSUM = "file://COPYING;md5=55b854a477953696452f698a3af5de1c"
+inherit autotools-brokensep
+SRC_URI = "git://github.com/CardContact/sc-hsm-embedded.git;branch=master"
+SRCREV="a45155d4249575ebdfb16ff26fdedbc4c4813002"
+S = "${WORKDIR}/git"
+DEPENDS += " openssl pcsc-lite"
+do_configure() {
+ autoreconf -fi
+ oe_runconf
+}
+FILES_${PN} += "${libdir}"
+FILES_SOLIBSDEV = ""
diff --git a/recipes-support/softhsm-testtoken/files/createtoken.service b/recipes-support/softhsm-testtoken/files/createtoken.service
new file mode 100644
index 0000000..23317b9
--- /dev/null
+++ b/recipes-support/softhsm-testtoken/files/createtoken.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=Create a mock smartcard for testing
+Before=aktualizr.service
+RequiredBy=aktualizr.service
+[Service]
+RestartSec=10
+Restart=on-failure
+ExecStart=/usr/bin/createtoken.sh
+[Install]
+WantedBy=aktualizr.service
diff --git a/recipes-support/softhsm-testtoken/files/createtoken.sh b/recipes-support/softhsm-testtoken/files/createtoken.sh
new file mode 100644
index 0000000..a72ec34
--- /dev/null
+++ b/recipes-support/softhsm-testtoken/files/createtoken.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+if pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so -O; then
+        # The token has already been initialized, exit
+        exit 0
+fi
+if ! ls /var/sota/token/pkey.pem /var/sota/token/client.pem; then
+        # Key/certificate pair is not present, repeat
+        mkdir -p /var/sota/token
+        exit 1
+fi
+mkdir -p /var/lib/softhsm/tokens
+softhsm2-util --init-token --slot 0 --label "Virtual token" --pin 1234 --so-pin 1234
+pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --label 'Virtual token' --write-object /var/sota/token/pkey.pem --type privkey --login --pin 1234
+openssl x509 -outform der -in /var/sota/token/client.pem -out /var/sota/token/client.der
+pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --label 'Virtual token' --write-object /var/sota/token/client.der --type cert --login --pin 1234
+exit 0
diff --git a/recipes-support/softhsm-testtoken/softhsm-testtoken.bb b/recipes-support/softhsm-testtoken/softhsm-testtoken.bb
new file mode 100644
index 0000000..c5691db
--- /dev/null
+++ b/recipes-support/softhsm-testtoken/softhsm-testtoken.bb
@@ -0,0 +1,27 @@
+SUMMARY = "Mock smartcard for aktualizr"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \
+                    file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
+inherit systemd
+RDEPENDS_${PN} = "softhsm libp11"
+DEPENDS_append = "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', ' systemd', '', d)}"
+SRC_URI = "file://createtoken.service \
+           file://createtoken.sh"
+SYSTEMD_SERVICE_${PN} = "createtoken.service"
+do_install() {
+  install -d ${D}${systemd_unitdir}/system
+  install -m 0644 ${WORKDIR}/createtoken.service ${D}${systemd_unitdir}/system/createtoken.service
+  install -d ${D}${bindir}
+  install -m 0744 ${WORKDIR}/createtoken.sh ${D}${bindir}/createtoken.sh
+}
+FILES_${PN} = "${bindir}/createtoken.sh \
+               ${systemd_unitdir}/system/createtoken.service"
diff --git a/recipes-support/softhsm/files/0001-Cross-compilation-tweaks.patch b/recipes-support/softhsm/files/0001-Cross-compilation-tweaks.patch
new file mode 100644
index 0000000..b3a7622
--- /dev/null
+++ b/recipes-support/softhsm/files/0001-Cross-compilation-tweaks.patch
@@ -0,0 +1,86 @@
+From b6add28acb884b6006216e8422cc18504483c72e Mon Sep 17 00:00:00 2001
+From: Anton Gerasimov <anton@advancedtelematic.com>
+Date: Fri, 8 Sep 2017 15:08:40 +0200
+Subject: [PATCH] Cross-compilation tweaks
+---
+ m4/acx_openssl.m4      | 2 ++
+ m4/acx_openssl_ecc.m4  | 3 +++
+ m4/acx_openssl_fips.m4 | 2 ++
+ m4/acx_openssl_gost.m4 | 2 ++
+ 4 files changed, 9 insertions(+)
+diff --git a/m4/acx_openssl.m4 b/m4/acx_openssl.m4
+index e90c78f..9de6055 100644
+--- a/m4/acx_openssl.m4
+++ b/m4/acx_openssl.m4
+@@ -25,6 +25,7 @@ AC_DEFUN([ACX_OPENSSL],[
+        AC_CHECK_HEADERS([openssl/ssl.h],,[AC_MSG_ERROR([Can't find OpenSSL headers])])
+        AC_CHECK_LIB(crypto, BN_new,,[AC_MSG_ERROR([Can't find OpenSSL library])])
+ 
+       if test "$cross_compiling" != yes; then
+        AC_MSG_CHECKING([for OpenSSL version])
+        CHECK_OPENSSL_VERSION=m4_format(0x%02x%02x%02x000L, $1, $2, $3)
+        AC_LANG_PUSH([C])
+@@ -51,6 +52,7 @@ AC_DEFUN([ACX_OPENSSL],[
+                AC_MSG_ERROR([OpenSSL library too old ($1.$2.$3 or later required)])
+        ],[])
+        AC_LANG_POP([C])
+       fi
+ 
+        CPPFLAGS=$tmp_CPPFLAGS
+        LIBS=$tmp_LIBS
+diff --git a/m4/acx_openssl_ecc.m4 b/m4/acx_openssl_ecc.m4
+index 612c505..ba2389d 100644
+--- a/m4/acx_openssl_ecc.m4
+++ b/m4/acx_openssl_ecc.m4
+@@ -1,4 +1,5 @@
+ AC_DEFUN([ACX_OPENSSL_ECC],[
+       if test "$cross_compiling" != yes; then
+        AC_MSG_CHECKING(for OpenSSL ECC support)
+ 
+        tmp_CPPFLAGS=$CPPFLAGS
+@@ -32,6 +33,8 @@ AC_DEFUN([ACX_OPENSSL_ECC],[
+        ],[])
+        AC_LANG_POP([C])
+ 
+       fi
+
+        CPPFLAGS=$tmp_CPPFLAGS
+        LIBS=$tmp_LIBS
+ ])
+diff --git a/m4/acx_openssl_fips.m4 b/m4/acx_openssl_fips.m4
+index 0491397..896cdbf 100644
+--- a/m4/acx_openssl_fips.m4
+++ b/m4/acx_openssl_fips.m4
+@@ -1,4 +1,5 @@
+ AC_DEFUN([ACX_OPENSSL_FIPS],[
+       if test "$cross_compiling" != yes; then
+        AC_MSG_CHECKING(for OpenSSL FIPS capable library)
+ 
+        tmp_CPPFLAGS=$CPPFLAGS
+@@ -47,4 +48,5 @@ AC_DEFUN([ACX_OPENSSL_FIPS],[
+ 
+        CPPFLAGS=$tmp_CPPFLAGS
+        LIBS=$tmp_LIBS
+       fi
+ ])
+diff --git a/m4/acx_openssl_gost.m4 b/m4/acx_openssl_gost.m4
+index dca489b..34c39d8 100644
+--- a/m4/acx_openssl_gost.m4
+++ b/m4/acx_openssl_gost.m4
+@@ -1,4 +1,5 @@
+ AC_DEFUN([ACX_OPENSSL_GOST],[
+       if test "$cross_compiling" != yes; then
+        AC_MSG_CHECKING(for OpenSSL GOST support)
+ 
+        tmp_CPPFLAGS=$CPPFLAGS
+@@ -62,4 +63,5 @@ AC_DEFUN([ACX_OPENSSL_GOST],[
+ 
+        CPPFLAGS=$tmp_CPPFLAGS
+        LIBS=$tmp_LIBS
+       fi
+ ])
+-- 
+2.7.4
diff --git a/recipes-support/softhsm/softhsm_git.bb b/recipes-support/softhsm/softhsm_git.bb
new file mode 100644
index 0000000..c26903d
--- /dev/null
+++ b/recipes-support/softhsm/softhsm_git.bb
@@ -0,0 +1,27 @@
+SUMMARY = "HSM emulator"
+LICENSE = "BSD"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=ef3f77a3507c3d91e75b9f2bdaee4210"
+inherit autotools-brokensep
+SRC_URI = "git://github.com/opendnssec/SoftHSMv2.git;branch=master \
+           file://0001-Cross-compilation-tweaks.patch"
+SRCREV="1f7498c0c65b1b1ad5e1bdbd87e9d4b100705745"
+S = "${WORKDIR}/git"
+DEPENDS += " openssl"
+EXTRA_OECONF = "--disable-gost --with-openssl=${STAGING_LIBDIR}/.."
+do_configure() {
+ unset docdir
+ sh ./autogen.sh
+ oe_runconf
+}
+FILES_${PN} = "${bindir} \
+               ${libdir}/softhsm \
+               ${sysconfdir} \
+               ${localstatedir}/lib/softhsm "
author	Anton Gerasimov <anton@advancedtelematic.com>	2017-09-08 17:11:33 +0200
committer	Anton Gerasimov <anton@advancedtelematic.com>	2017-09-13 11:53:33 +0200
commit	4a7366c4f161a98611a292394a9662a0c507f904 (patch)
tree	2b71f99717dec2b17c23684bc20311c926489d32
parent	6db91a2e484ab026dd50817147beed31c49abc2b (diff)
download	meta-updater-4a7366c4f161a98611a292394a9662a0c507f904.tar.gz

diff --git a/classes/sota.bbclass b/classes/sota.bbclass index c825143..d3b66e0 100644 --- a/classes/sota.bbclass +++ b/classes/sota.bbclass
@@ -18,7 +18,7 @@ EXTRA_IMAGEDEPENDS_append_sota = " parted-native mtools-native dosfstools-native
18	# Please redefine OSTREE_REPO in order to have a persistent OSTree repo	18	# Please redefine OSTREE_REPO in order to have a persistent OSTree repo
19	OSTREE_REPO ?= "${DEPLOY_DIR_IMAGE}/ostree_repo"	19	OSTREE_REPO ?= "${DEPLOY_DIR_IMAGE}/ostree_repo"
20	# For UPTANE operation, OSTREE_BRANCHNAME must start with "${MACHINE}-"	20	# For UPTANE operation, OSTREE_BRANCHNAME must start with "${MACHINE}-"
21	OSTREE_BRANCHNAME ?= "${MACHINE}-ota"	21	OSTREE_BRANCHNAME ?= "${MACHINE}"
22	OSTREE_OSNAME ?= "poky"	22	OSTREE_OSNAME ?= "poky"
23	OSTREE_INITRAMFS_IMAGE ?= "initramfs-ostree-image"	23	OSTREE_INITRAMFS_IMAGE ?= "initramfs-ostree-image"
24		24


diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index e02442a..716b759 100644 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb
@@ -7,6 +7,11 @@ LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=9741c346eef56131163e13b9db1241b3"
7	DEPENDS = "boost curl openssl jansson libsodium ostree"	7	DEPENDS = "boost curl openssl jansson libsodium ostree"
8	RDEPENDS_${PN} = "lshw"	8	RDEPENDS_${PN} = "lshw"
9		9
		10	DEPENDS_append = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', ' libp11', '', d)}"
		11
		12	RDEPENDS_${PN}_append = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', ' engine-pkcs11', '', d)}"
		13	RDEPENDS_${PN}_append = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm-test', ' softhsm softhsm-testtoken', '', d)}"
		14
10	SRC_URI = " \	15	SRC_URI = " \
11	git://github.com/advancedtelematic/aktualizr \	16	git://github.com/advancedtelematic/aktualizr \
12	"	17	"


diff --git a/recipes-support/glib-networking/glib-networking_%.bbappend b/recipes-support/glib-networking/glib-networking_%.bbappend index 1c4fe19..22e6f05 100644 --- a/recipes-support/glib-networking/glib-networking_%.bbappend +++ b/recipes-support/glib-networking/glib-networking_%.bbappend
@@ -2,5 +2,7 @@ BBCLASSEXTEND_append_sota = " native nativesdk"
2		2
3	# Hackery to prevent relocatable_native_pcfiles from crashing	3	# Hackery to prevent relocatable_native_pcfiles from crashing
4	do_install_append_class-native () {	4	do_install_append_class-native () {
5	rmdir ${D}${libdir}/pkgconfig	5	if [ -d ${D}${libdir}/pkgconfig ]; then
		6	rmdir ${D}${libdir}/pkgconfig
		7	fi
6	}	8	}


diff --git a/recipes-support/sc-hsm-embedded/files/0001-Cross-compilation-tweaks.patch b/recipes-support/sc-hsm-embedded/files/0001-Cross-compilation-tweaks.patch new file mode 100644 index 0000000..b3a7622 --- /dev/null +++ b/recipes-support/sc-hsm-embedded/files/0001-Cross-compilation-tweaks.patch
@@ -0,0 +1,86 @@
		1	From b6add28acb884b6006216e8422cc18504483c72e Mon Sep 17 00:00:00 2001
		2	From: Anton Gerasimov <anton@advancedtelematic.com>
		3	Date: Fri, 8 Sep 2017 15:08:40 +0200
		4	Subject: [PATCH] Cross-compilation tweaks
		5
		6	---
		7	m4/acx_openssl.m4 \| 2 ++
		8	m4/acx_openssl_ecc.m4 \| 3 +++
		9	m4/acx_openssl_fips.m4 \| 2 ++
		10	m4/acx_openssl_gost.m4 \| 2 ++
		11	4 files changed, 9 insertions(+)
		12
		13	diff --git a/m4/acx_openssl.m4 b/m4/acx_openssl.m4
		14	index e90c78f..9de6055 100644
		15	--- a/m4/acx_openssl.m4
		16	+++ b/m4/acx_openssl.m4
		17	@@ -25,6 +25,7 @@ AC_DEFUN([ACX_OPENSSL],[
		18	AC_CHECK_HEADERS([openssl/ssl.h],,[AC_MSG_ERROR([Can't find OpenSSL headers])])
		19	AC_CHECK_LIB(crypto, BN_new,,[AC_MSG_ERROR([Can't find OpenSSL library])])
		20
		21	+ if test "$cross_compiling" != yes; then
		22	AC_MSG_CHECKING([for OpenSSL version])
		23	CHECK_OPENSSL_VERSION=m4_format(0x%02x%02x%02x000L, $1, $2, $3)
		24	AC_LANG_PUSH([C])
		25	@@ -51,6 +52,7 @@ AC_DEFUN([ACX_OPENSSL],[
		26	AC_MSG_ERROR([OpenSSL library too old ($1.$2.$3 or later required)])
		27	],[])
		28	AC_LANG_POP([C])
		29	+ fi
		30
		31	CPPFLAGS=$tmp_CPPFLAGS
		32	LIBS=$tmp_LIBS
		33	diff --git a/m4/acx_openssl_ecc.m4 b/m4/acx_openssl_ecc.m4
		34	index 612c505..ba2389d 100644
		35	--- a/m4/acx_openssl_ecc.m4
		36	+++ b/m4/acx_openssl_ecc.m4
		37	@@ -1,4 +1,5 @@
		38	AC_DEFUN([ACX_OPENSSL_ECC],[
		39	+ if test "$cross_compiling" != yes; then
		40	AC_MSG_CHECKING(for OpenSSL ECC support)
		41
		42	tmp_CPPFLAGS=$CPPFLAGS
		43	@@ -32,6 +33,8 @@ AC_DEFUN([ACX_OPENSSL_ECC],[
		44	],[])
		45	AC_LANG_POP([C])
		46
		47	+ fi
		48	+
		49	CPPFLAGS=$tmp_CPPFLAGS
		50	LIBS=$tmp_LIBS
		51	])
		52	diff --git a/m4/acx_openssl_fips.m4 b/m4/acx_openssl_fips.m4
		53	index 0491397..896cdbf 100644
		54	--- a/m4/acx_openssl_fips.m4
		55	+++ b/m4/acx_openssl_fips.m4
		56	@@ -1,4 +1,5 @@
		57	AC_DEFUN([ACX_OPENSSL_FIPS],[
		58	+ if test "$cross_compiling" != yes; then
		59	AC_MSG_CHECKING(for OpenSSL FIPS capable library)
		60
		61	tmp_CPPFLAGS=$CPPFLAGS
		62	@@ -47,4 +48,5 @@ AC_DEFUN([ACX_OPENSSL_FIPS],[
		63
		64	CPPFLAGS=$tmp_CPPFLAGS
		65	LIBS=$tmp_LIBS
		66	+ fi
		67	])
		68	diff --git a/m4/acx_openssl_gost.m4 b/m4/acx_openssl_gost.m4
		69	index dca489b..34c39d8 100644
		70	--- a/m4/acx_openssl_gost.m4
		71	+++ b/m4/acx_openssl_gost.m4
		72	@@ -1,4 +1,5 @@
		73	AC_DEFUN([ACX_OPENSSL_GOST],[
		74	+ if test "$cross_compiling" != yes; then
		75	AC_MSG_CHECKING(for OpenSSL GOST support)
		76
		77	tmp_CPPFLAGS=$CPPFLAGS
		78	@@ -62,4 +63,5 @@ AC_DEFUN([ACX_OPENSSL_GOST],[
		79
		80	CPPFLAGS=$tmp_CPPFLAGS
		81	LIBS=$tmp_LIBS
		82	+ fi
		83	])
		84	--
		85	2.7.4
		86


diff --git a/recipes-support/sc-hsm-embedded/sc-hsm-embedded_git.bb b/recipes-support/sc-hsm-embedded/sc-hsm-embedded_git.bb new file mode 100644 index 0000000..062d514 --- /dev/null +++ b/recipes-support/sc-hsm-embedded/sc-hsm-embedded_git.bb
@@ -0,0 +1,22 @@
		1	SUMMARY = "Smartcard HSM driver"
		2	LICENSE = "BSD"
		3	LIC_FILES_CHKSUM = "file://COPYING;md5=55b854a477953696452f698a3af5de1c"
		4
		5	inherit autotools-brokensep
		6
		7
		8	SRC_URI = "git://github.com/CardContact/sc-hsm-embedded.git;branch=master"
		9	SRCREV="a45155d4249575ebdfb16ff26fdedbc4c4813002"
		10
		11	S = "${WORKDIR}/git"
		12
		13	DEPENDS += " openssl pcsc-lite"
		14
		15	do_configure() {
		16	autoreconf -fi
		17	oe_runconf
		18	}
		19
		20	FILES_${PN} += "${libdir}"
		21	FILES_SOLIBSDEV = ""
		22


diff --git a/recipes-support/softhsm-testtoken/files/createtoken.service b/recipes-support/softhsm-testtoken/files/createtoken.service new file mode 100644 index 0000000..23317b9 --- /dev/null +++ b/recipes-support/softhsm-testtoken/files/createtoken.service
@@ -0,0 +1,12 @@
		1	[Unit]
		2	Description=Create a mock smartcard for testing
		3	Before=aktualizr.service
		4	RequiredBy=aktualizr.service
		5
		6	[Service]
		7	RestartSec=10
		8	Restart=on-failure
		9	ExecStart=/usr/bin/createtoken.sh
		10
		11	[Install]
		12	WantedBy=aktualizr.service


diff --git a/recipes-support/softhsm-testtoken/files/createtoken.sh b/recipes-support/softhsm-testtoken/files/createtoken.sh new file mode 100644 index 0000000..a72ec34 --- /dev/null +++ b/recipes-support/softhsm-testtoken/files/createtoken.sh
@@ -0,0 +1,21 @@
		1	#!/bin/sh
		2
		3	if pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so -O; then
		4	# The token has already been initialized, exit
		5	exit 0
		6	fi
		7
		8	if ! ls /var/sota/token/pkey.pem /var/sota/token/client.pem; then
		9	# Key/certificate pair is not present, repeat
		10	mkdir -p /var/sota/token
		11	exit 1
		12	fi
		13
		14	mkdir -p /var/lib/softhsm/tokens
		15	softhsm2-util --init-token --slot 0 --label "Virtual token" --pin 1234 --so-pin 1234
		16
		17	pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --label 'Virtual token' --write-object /var/sota/token/pkey.pem --type privkey --login --pin 1234
		18	openssl x509 -outform der -in /var/sota/token/client.pem -out /var/sota/token/client.der
		19	pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --label 'Virtual token' --write-object /var/sota/token/client.der --type cert --login --pin 1234
		20
		21	exit 0


diff --git a/recipes-support/softhsm-testtoken/softhsm-testtoken.bb b/recipes-support/softhsm-testtoken/softhsm-testtoken.bb new file mode 100644 index 0000000..c5691db --- /dev/null +++ b/recipes-support/softhsm-testtoken/softhsm-testtoken.bb
@@ -0,0 +1,27 @@
		1	SUMMARY = "Mock smartcard for aktualizr"
		2	LICENSE = "MIT"
		3	LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \
		4	file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
		5
		6
		7	inherit systemd
		8
		9	RDEPENDS_${PN} = "softhsm libp11"
		10	DEPENDS_append = "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', ' systemd', '', d)}"
		11
		12
		13	SRC_URI = "file://createtoken.service \
		14	file://createtoken.sh"
		15
		16	SYSTEMD_SERVICE_${PN} = "createtoken.service"
		17
		18	do_install() {
		19	install -d ${D}${systemd_unitdir}/system
		20	install -m 0644 ${WORKDIR}/createtoken.service ${D}${systemd_unitdir}/system/createtoken.service
		21	install -d ${D}${bindir}
		22	install -m 0744 ${WORKDIR}/createtoken.sh ${D}${bindir}/createtoken.sh
		23	}
		24
		25	FILES_${PN} = "${bindir}/createtoken.sh \
		26	${systemd_unitdir}/system/createtoken.service"
		27


diff --git a/recipes-support/softhsm/files/0001-Cross-compilation-tweaks.patch b/recipes-support/softhsm/files/0001-Cross-compilation-tweaks.patch new file mode 100644 index 0000000..b3a7622 --- /dev/null +++ b/recipes-support/softhsm/files/0001-Cross-compilation-tweaks.patch
@@ -0,0 +1,86 @@
		1	From b6add28acb884b6006216e8422cc18504483c72e Mon Sep 17 00:00:00 2001
		2	From: Anton Gerasimov <anton@advancedtelematic.com>
		3	Date: Fri, 8 Sep 2017 15:08:40 +0200
		4	Subject: [PATCH] Cross-compilation tweaks
		5
		6	---
		7	m4/acx_openssl.m4 \| 2 ++
		8	m4/acx_openssl_ecc.m4 \| 3 +++
		9	m4/acx_openssl_fips.m4 \| 2 ++
		10	m4/acx_openssl_gost.m4 \| 2 ++
		11	4 files changed, 9 insertions(+)
		12
		13	diff --git a/m4/acx_openssl.m4 b/m4/acx_openssl.m4
		14	index e90c78f..9de6055 100644
		15	--- a/m4/acx_openssl.m4
		16	+++ b/m4/acx_openssl.m4
		17	@@ -25,6 +25,7 @@ AC_DEFUN([ACX_OPENSSL],[
		18	AC_CHECK_HEADERS([openssl/ssl.h],,[AC_MSG_ERROR([Can't find OpenSSL headers])])
		19	AC_CHECK_LIB(crypto, BN_new,,[AC_MSG_ERROR([Can't find OpenSSL library])])
		20
		21	+ if test "$cross_compiling" != yes; then
		22	AC_MSG_CHECKING([for OpenSSL version])
		23	CHECK_OPENSSL_VERSION=m4_format(0x%02x%02x%02x000L, $1, $2, $3)
		24	AC_LANG_PUSH([C])
		25	@@ -51,6 +52,7 @@ AC_DEFUN([ACX_OPENSSL],[
		26	AC_MSG_ERROR([OpenSSL library too old ($1.$2.$3 or later required)])
		27	],[])
		28	AC_LANG_POP([C])
		29	+ fi
		30
		31	CPPFLAGS=$tmp_CPPFLAGS
		32	LIBS=$tmp_LIBS
		33	diff --git a/m4/acx_openssl_ecc.m4 b/m4/acx_openssl_ecc.m4
		34	index 612c505..ba2389d 100644
		35	--- a/m4/acx_openssl_ecc.m4
		36	+++ b/m4/acx_openssl_ecc.m4
		37	@@ -1,4 +1,5 @@
		38	AC_DEFUN([ACX_OPENSSL_ECC],[
		39	+ if test "$cross_compiling" != yes; then
		40	AC_MSG_CHECKING(for OpenSSL ECC support)
		41
		42	tmp_CPPFLAGS=$CPPFLAGS
		43	@@ -32,6 +33,8 @@ AC_DEFUN([ACX_OPENSSL_ECC],[
		44	],[])
		45	AC_LANG_POP([C])
		46
		47	+ fi
		48	+
		49	CPPFLAGS=$tmp_CPPFLAGS
		50	LIBS=$tmp_LIBS
		51	])
		52	diff --git a/m4/acx_openssl_fips.m4 b/m4/acx_openssl_fips.m4
		53	index 0491397..896cdbf 100644
		54	--- a/m4/acx_openssl_fips.m4
		55	+++ b/m4/acx_openssl_fips.m4
		56	@@ -1,4 +1,5 @@
		57	AC_DEFUN([ACX_OPENSSL_FIPS],[
		58	+ if test "$cross_compiling" != yes; then
		59	AC_MSG_CHECKING(for OpenSSL FIPS capable library)
		60
		61	tmp_CPPFLAGS=$CPPFLAGS
		62	@@ -47,4 +48,5 @@ AC_DEFUN([ACX_OPENSSL_FIPS],[
		63
		64	CPPFLAGS=$tmp_CPPFLAGS
		65	LIBS=$tmp_LIBS
		66	+ fi
		67	])
		68	diff --git a/m4/acx_openssl_gost.m4 b/m4/acx_openssl_gost.m4
		69	index dca489b..34c39d8 100644
		70	--- a/m4/acx_openssl_gost.m4
		71	+++ b/m4/acx_openssl_gost.m4
		72	@@ -1,4 +1,5 @@
		73	AC_DEFUN([ACX_OPENSSL_GOST],[
		74	+ if test "$cross_compiling" != yes; then
		75	AC_MSG_CHECKING(for OpenSSL GOST support)
		76
		77	tmp_CPPFLAGS=$CPPFLAGS
		78	@@ -62,4 +63,5 @@ AC_DEFUN([ACX_OPENSSL_GOST],[
		79
		80	CPPFLAGS=$tmp_CPPFLAGS
		81	LIBS=$tmp_LIBS
		82	+ fi
		83	])
		84	--
		85	2.7.4
		86


diff --git a/recipes-support/softhsm/softhsm_git.bb b/recipes-support/softhsm/softhsm_git.bb new file mode 100644 index 0000000..c26903d --- /dev/null +++ b/recipes-support/softhsm/softhsm_git.bb
@@ -0,0 +1,27 @@
		1	SUMMARY = "HSM emulator"
		2	LICENSE = "BSD"
		3	LIC_FILES_CHKSUM = "file://LICENSE;md5=ef3f77a3507c3d91e75b9f2bdaee4210"
		4
		5	inherit autotools-brokensep
		6
		7
		8	SRC_URI = "git://github.com/opendnssec/SoftHSMv2.git;branch=master \
		9	file://0001-Cross-compilation-tweaks.patch"
		10	SRCREV="1f7498c0c65b1b1ad5e1bdbd87e9d4b100705745"
		11
		12	S = "${WORKDIR}/git"
		13
		14	DEPENDS += " openssl"
		15
		16	EXTRA_OECONF = "--disable-gost --with-openssl=${STAGING_LIBDIR}/.."
		17
		18	do_configure() {
		19	unset docdir
		20	sh ./autogen.sh
		21	oe_runconf
		22	}
		23
		24	FILES_${PN} = "${bindir} \
		25	${libdir}/softhsm \
		26	${sysconfdir} \
		27	${localstatedir}/lib/softhsm "