Call garage-push directly with zip file instead of sending unzipped contents.

Warn if older credential environment variables are set. They are now ignored since the credentials aren't unpacked during building.
author: Patrick Vacek <patrickvacek@gmail.com> 2017-07-19 14:05:48 +0200
committer: Patrick Vacek <patrickvacek@gmail.com> 2017-08-07 17:01:39 +0200
commit: 53307024e1845c4717be7eb8b8735e493ec4535d (patch)
tree: e1baf988680d73c92635756b2c35f8b1a78e3dd3
parent: 34d5f757a86a7e8e1db3e19f2fb33e90e3f33584 (diff)
download: meta-updater-53307024e1845c4717be7eb8b8735e493ec4535d.tar.gz
4 files changed, 22 insertions, 50 deletions
diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass
index ac7cb60..d01cb9f 100644
--- a/classes/image_types_ostree.bbclass
+++ b/classes/image_types_ostree.bbclass
@@ -17,36 +17,6 @@ OSTREE_KERNEL ??= "${KERNEL_IMAGETYPE}"
 export SYSTEMD_USED = "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', '', d)}"
-python () {
-    if d.getVar("SOTA_PACKED_CREDENTIALS", True):
-        if d.getVar("SOTA_AUTOPROVISION_CREDENTIALS", True):
-            bb.warn("SOTA_AUTOPROVISION_CREDENTIALS are overriden by those in SOTA_PACKED_CREDENTIALS")
-        if d.getVar("SOTA_AUTOPROVISION_URL", True):
-            bb.warn("SOTA_AUTOPROVISION_URL is overriden by the one in SOTA_PACKED_CREDENTIALS")
-        if d.getVar("SOTA_AUTOPROVISION_URL_FILE", True):
-            bb.warn("SOTA_AUTOPROVISION_URL_FILE is overriden by the one in SOTA_PACKED_CREDENTIALS")
-        if d.getVar("OSTREE_PUSH_CREDENTIALS", True):
-            bb.warn("OSTREE_PUSH_CREDENTIALS are overriden by those in SOTA_PACKED_CREDENTIALS")
-        d.setVar("SOTA_AUTOPROVISION_CREDENTIALS", "%s/sota_credentials/autoprov_credentials.p12" % d.getVar("DEPLOY_DIR_IMAGE", True))
-        d.setVar("SOTA_AUTOPROVISION_URL_FILE", "%s/sota_credentials/autoprov.url" % d.getVar("DEPLOY_DIR_IMAGE", True))
-        d.setVar("OSTREE_PUSH_CREDENTIALS", "%s/sota_credentials/treehub.json" % d.getVar("DEPLOY_DIR_IMAGE", True))
-}
-IMAGE_DEPENDS_ostreecredunpack = "unzip-native:do_populate_sysroot"
-IMAGE_CMD_ostreecredunpack () {
-        if [ ${SOTA_PACKED_CREDENTIALS} ]; then
-                rm -rf ${DEPLOY_DIR_IMAGE}/sota_credentials
-                unzip ${SOTA_PACKED_CREDENTIALS} -d ${DEPLOY_DIR_IMAGE}/sota_credentials
-        fi
-}
-IMAGE_TYPEDEP_ostree = "ostreecredunpack"
 IMAGE_CMD_ostree () {
        if [ -z "$OSTREE_REPO" ]; then
                bbfatal "OSTREE_REPO should be set in your local.conf"
@@ -145,21 +115,24 @@ IMAGE_CMD_ostree () {
                ln -sf var/roothome root
        fi
-        # deploy SOTA credentials
        mkdir -p var/sota
        if [ -n "${SOTA_AUTOPROVISION_CREDENTIALS}" ]; then
-                EXPDATE=`openssl pkcs12 -in ${SOTA_AUTOPROVISION_CREDENTIALS} -password "pass:" -nodes 2>/dev/null | openssl x509 -noout -enddate | cut -f2 -d "="`
+        bbwarn "SOTA_AUTOPROVISION_CREDENTIALS are ignored. Please use SOTA_PACKED_CREDENTIALS"
+    fi
-                if [ `date +%s` -ge `date -d "${EXPDATE}" +%s` ]; then
+        if [ -n "${SOTA_AUTOPROVISION_URL}" ]; then
-                        bberror "Certificate ${SOTA_AUTOPROVISION_CREDENTIALS} has expired on ${EXPDATE}"
+        bbwarn "SOTA_AUTOPROVISION_URL is ignored. Please use SOTA_PACKED_CREDENTIALS"
-                fi
+    fi
+        if [ -n "${SOTA_AUTOPROVISION_URL_FILE}" ]; then
+        bbwarn "SOTA_AUTOPROVISION_URL_FILE is ignored. Please use SOTA_PACKED_CREDENTIALS"
+    fi
+        if [ -n "${OSTREE_PUSH_CREDENTIALS}" ]; then
+        bbwarn "OSTREE_PUSH_CREDENTIALS is ignored. Please use SOTA_PACKED_CREDENTIALS"
+    fi
-                cp ${SOTA_AUTOPROVISION_CREDENTIALS} var/sota/sota_provisioning_credentials.p12
+        # deploy SOTA credentials
-                if [ -n "${SOTA_AUTOPROVISION_URL_FILE}" ]; then
+        if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
-                        export SOTA_AUTOPROVISION_URL=`cat ${SOTA_AUTOPROVISION_URL_FILE}`
+                cp ${SOTA_PACKED_CREDENTIALS} var/sota/sota_provisioning_credentials.zip
-                fi
-                echo "SOTA_GATEWAY_URI=${SOTA_AUTOPROVISION_URL}" > var/sota/sota_provisioning_url.env
        fi
        if [ -n "${SOTA_SECONDARY_ECUS}" ]; then
@@ -207,10 +180,10 @@ IMAGE_CMD_ostree () {
 IMAGE_TYPEDEP_ostreepush = "ostree"
 IMAGE_DEPENDS_ostreepush = "sota-tools-native:do_populate_sysroot"
 IMAGE_CMD_ostreepush () {
-        if [ -n "${OSTREE_PUSH_CREDENTIALS}" ]; then
+        if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
                garage-push --repo=${OSTREE_REPO} \
                            --ref=${OSTREE_BRANCHNAME} \
-                            --credentials=${OSTREE_PUSH_CREDENTIALS} \
+                            --credentials=${SOTA_PACKED_CREDENTIALS} \
                            --cacert=${STAGING_ETCDIR_NATIVE}/ssl/certs/ca-certificates.crt
        fi
 }
diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb
index 359c9fb..8bc580d 100644
--- a/recipes-sota/aktualizr/aktualizr_git.bb
+++ b/recipes-sota/aktualizr/aktualizr_git.bb
@@ -13,8 +13,9 @@ SRC_URI = " \
  file://aktualizr-autoprovision.service \
  file://sota_autoprov.toml \
  "
-SRCREV = "c24f1fc9b600113cf9f2d3d7215e406cbbb70ac4"
+SRCREV = "1004efa3f86cef90c012b34620992b5762b741e3"
 PV = "1.0+git${SRCPV}"
+PR = "6"
 S = "${WORKDIR}/git"
 SYSTEMD_SERVICE_${PN} = "aktualizr.service"
@@ -23,11 +24,10 @@ inherit cmake systemd
 EXTRA_OECMAKE = "-DWARNING_AS_ERROR=OFF -DCMAKE_BUILD_TYPE=Release -DBUILD_TESTS=OFF -DBUILD_OSTREE=ON -DAKTUALIZR_VERSION=${PV}"
-export SOTA_AUTOPROVISION_CREDENTIALS
 export SOTA_PACKED_CREDENTIALS
 do_install_append() {
-    if [ -n "${SOTA_AUTOPROVISION_CREDENTIALS}" -o -n "${SOTA_PACKED_CREDENTIALS}" ]; then
+    if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
      install -d ${D}/${systemd_unitdir}/system
      install -m 0644 ${WORKDIR}/aktualizr-autoprovision.service ${D}/${systemd_unitdir}/system/aktualizr.service
      install -d ${D}/usr/lib/sota
diff --git a/recipes-sota/aktualizr/files/aktualizr-autoprovision.service b/recipes-sota/aktualizr/files/aktualizr-autoprovision.service
index fd0ab09..4a595f0 100644
--- a/recipes-sota/aktualizr/files/aktualizr-autoprovision.service
+++ b/recipes-sota/aktualizr/files/aktualizr-autoprovision.service
@@ -7,8 +7,7 @@ Requires=network-online.target
 [Service]
 RestartSec=10
 Restart=always
-EnvironmentFile=/var/sota/sota_provisioning_url.env
+ExecStart=/usr/bin/aktualizr --disable-keyid-validation --config /usr/lib/sota/sota.toml
-ExecStart=/usr/bin/aktualizr --disable-keyid-validation --tls-server ${SOTA_GATEWAY_URI} --config /usr/lib/sota/sota.toml
 [Install]
 WantedBy=multi-user.target
diff --git a/recipes-sota/aktualizr/files/sota_autoprov.toml b/recipes-sota/aktualizr/files/sota_autoprov.toml
index 8799553..9d4ce3b 100644
--- a/recipes-sota/aktualizr/files/sota_autoprov.toml
+++ b/recipes-sota/aktualizr/files/sota_autoprov.toml
@@ -1,9 +1,9 @@
 [device]
 packages_dir = "/tmp/packages_dir"
-certificates_directory = "/var/sota"
 system_info = "system_info.sh"
 [tls]
+certificates_directory = "/var/sota/"
 ca_file = "root.crt"
 client_certificate = "client.pem"
 pkey_file = "pkey.pem"
@@ -14,5 +14,5 @@ private_key_path = "ecukey.der"
 public_key_path = "ecukey.pub"
 [provision]
-p12_path = "sota_provisioning_credentials.p12"
+provision_path = "/var/sota/sota_provisioning_credentials.zip"
author	Patrick Vacek <patrickvacek@gmail.com>	2017-07-19 14:05:48 +0200
committer	Patrick Vacek <patrickvacek@gmail.com>	2017-08-07 17:01:39 +0200
commit	53307024e1845c4717be7eb8b8735e493ec4535d (patch)
tree	e1baf988680d73c92635756b2c35f8b1a78e3dd3
parent	34d5f757a86a7e8e1db3e19f2fb33e90e3f33584 (diff)
download	meta-updater-53307024e1845c4717be7eb8b8735e493ec4535d.tar.gz

diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass index ac7cb60..d01cb9f 100644 --- a/classes/image_types_ostree.bbclass +++ b/classes/image_types_ostree.bbclass
@@ -17,36 +17,6 @@ OSTREE_KERNEL ??= "${KERNEL_IMAGETYPE}"
17		17
18	export SYSTEMD_USED = "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', '', d)}"	18	export SYSTEMD_USED = "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', '', d)}"
19		19
20	python () {
21	if d.getVar("SOTA_PACKED_CREDENTIALS", True):
22	if d.getVar("SOTA_AUTOPROVISION_CREDENTIALS", True):
23	bb.warn("SOTA_AUTOPROVISION_CREDENTIALS are overriden by those in SOTA_PACKED_CREDENTIALS")
24	if d.getVar("SOTA_AUTOPROVISION_URL", True):
25	bb.warn("SOTA_AUTOPROVISION_URL is overriden by the one in SOTA_PACKED_CREDENTIALS")
26
27	if d.getVar("SOTA_AUTOPROVISION_URL_FILE", True):
28	bb.warn("SOTA_AUTOPROVISION_URL_FILE is overriden by the one in SOTA_PACKED_CREDENTIALS")
29
30	if d.getVar("OSTREE_PUSH_CREDENTIALS", True):
31	bb.warn("OSTREE_PUSH_CREDENTIALS are overriden by those in SOTA_PACKED_CREDENTIALS")
32
33	d.setVar("SOTA_AUTOPROVISION_CREDENTIALS", "%s/sota_credentials/autoprov_credentials.p12" % d.getVar("DEPLOY_DIR_IMAGE", True))
34	d.setVar("SOTA_AUTOPROVISION_URL_FILE", "%s/sota_credentials/autoprov.url" % d.getVar("DEPLOY_DIR_IMAGE", True))
35	d.setVar("OSTREE_PUSH_CREDENTIALS", "%s/sota_credentials/treehub.json" % d.getVar("DEPLOY_DIR_IMAGE", True))
36	}
37
38	IMAGE_DEPENDS_ostreecredunpack = "unzip-native:do_populate_sysroot"
39
40	IMAGE_CMD_ostreecredunpack () {
41	if [ ${SOTA_PACKED_CREDENTIALS} ]; then
42	rm -rf ${DEPLOY_DIR_IMAGE}/sota_credentials
43
44	unzip ${SOTA_PACKED_CREDENTIALS} -d ${DEPLOY_DIR_IMAGE}/sota_credentials
45	fi
46	}
47
48	IMAGE_TYPEDEP_ostree = "ostreecredunpack"
49
50	IMAGE_CMD_ostree () {	20	IMAGE_CMD_ostree () {
51	if [ -z "$OSTREE_REPO" ]; then	21	if [ -z "$OSTREE_REPO" ]; then
52	bbfatal "OSTREE_REPO should be set in your local.conf"	22	bbfatal "OSTREE_REPO should be set in your local.conf"
@@ -145,21 +115,24 @@ IMAGE_CMD_ostree () {
145	ln -sf var/roothome root	115	ln -sf var/roothome root
146	fi	116	fi
147		117
148	# deploy SOTA credentials
149	mkdir -p var/sota	118	mkdir -p var/sota
150		119
151	if [ -n "${SOTA_AUTOPROVISION_CREDENTIALS}" ]; then	120	if [ -n "${SOTA_AUTOPROVISION_CREDENTIALS}" ]; then
152	EXPDATE=`openssl pkcs12 -in ${SOTA_AUTOPROVISION_CREDENTIALS} -password "pass:" -nodes 2>/dev/null \| openssl x509 -noout -enddate \| cut -f2 -d "="`	121	bbwarn "SOTA_AUTOPROVISION_CREDENTIALS are ignored. Please use SOTA_PACKED_CREDENTIALS"
153		122	fi
154	if [ `date +%s` -ge `date -d "${EXPDATE}" +%s` ]; then	123	if [ -n "${SOTA_AUTOPROVISION_URL}" ]; then
155	bberror "Certificate ${SOTA_AUTOPROVISION_CREDENTIALS} has expired on ${EXPDATE}"	124	bbwarn "SOTA_AUTOPROVISION_URL is ignored. Please use SOTA_PACKED_CREDENTIALS"
156	fi	125	fi
		126	if [ -n "${SOTA_AUTOPROVISION_URL_FILE}" ]; then
		127	bbwarn "SOTA_AUTOPROVISION_URL_FILE is ignored. Please use SOTA_PACKED_CREDENTIALS"
		128	fi
		129	if [ -n "${OSTREE_PUSH_CREDENTIALS}" ]; then
		130	bbwarn "OSTREE_PUSH_CREDENTIALS is ignored. Please use SOTA_PACKED_CREDENTIALS"
		131	fi
157		132
158	cp ${SOTA_AUTOPROVISION_CREDENTIALS} var/sota/sota_provisioning_credentials.p12	133	# deploy SOTA credentials
159	if [ -n "${SOTA_AUTOPROVISION_URL_FILE}" ]; then	134	if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
160	export SOTA_AUTOPROVISION_URL=`cat ${SOTA_AUTOPROVISION_URL_FILE}`	135	cp ${SOTA_PACKED_CREDENTIALS} var/sota/sota_provisioning_credentials.zip
161	fi
162	echo "SOTA_GATEWAY_URI=${SOTA_AUTOPROVISION_URL}" > var/sota/sota_provisioning_url.env
163	fi	136	fi
164		137
165	if [ -n "${SOTA_SECONDARY_ECUS}" ]; then	138	if [ -n "${SOTA_SECONDARY_ECUS}" ]; then
@@ -207,10 +180,10 @@ IMAGE_CMD_ostree () {
207	IMAGE_TYPEDEP_ostreepush = "ostree"	180	IMAGE_TYPEDEP_ostreepush = "ostree"
208	IMAGE_DEPENDS_ostreepush = "sota-tools-native:do_populate_sysroot"	181	IMAGE_DEPENDS_ostreepush = "sota-tools-native:do_populate_sysroot"
209	IMAGE_CMD_ostreepush () {	182	IMAGE_CMD_ostreepush () {
210	if [ -n "${OSTREE_PUSH_CREDENTIALS}" ]; then	183	if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
211	garage-push --repo=${OSTREE_REPO} \	184	garage-push --repo=${OSTREE_REPO} \
212	--ref=${OSTREE_BRANCHNAME} \	185	--ref=${OSTREE_BRANCHNAME} \
213	--credentials=${OSTREE_PUSH_CREDENTIALS} \	186	--credentials=${SOTA_PACKED_CREDENTIALS} \
214	--cacert=${STAGING_ETCDIR_NATIVE}/ssl/certs/ca-certificates.crt	187	--cacert=${STAGING_ETCDIR_NATIVE}/ssl/certs/ca-certificates.crt
215	fi	188	fi
216	}	189	}


diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index 359c9fb..8bc580d 100644 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb
@@ -13,8 +13,9 @@ SRC_URI = " \
13	file://aktualizr-autoprovision.service \	13	file://aktualizr-autoprovision.service \
14	file://sota_autoprov.toml \	14	file://sota_autoprov.toml \
15	"	15	"
16	SRCREV = "c24f1fc9b600113cf9f2d3d7215e406cbbb70ac4"	16	SRCREV = "1004efa3f86cef90c012b34620992b5762b741e3"
17	PV = "1.0+git${SRCPV}"	17	PV = "1.0+git${SRCPV}"
		18	PR = "6"
18		19
19	S = "${WORKDIR}/git"	20	S = "${WORKDIR}/git"
20	SYSTEMD_SERVICE_${PN} = "aktualizr.service"	21	SYSTEMD_SERVICE_${PN} = "aktualizr.service"
@@ -23,11 +24,10 @@ inherit cmake systemd
23		24
24	EXTRA_OECMAKE = "-DWARNING_AS_ERROR=OFF -DCMAKE_BUILD_TYPE=Release -DBUILD_TESTS=OFF -DBUILD_OSTREE=ON -DAKTUALIZR_VERSION=${PV}"	25	EXTRA_OECMAKE = "-DWARNING_AS_ERROR=OFF -DCMAKE_BUILD_TYPE=Release -DBUILD_TESTS=OFF -DBUILD_OSTREE=ON -DAKTUALIZR_VERSION=${PV}"
25		26
26	export SOTA_AUTOPROVISION_CREDENTIALS
27	export SOTA_PACKED_CREDENTIALS	27	export SOTA_PACKED_CREDENTIALS
28		28
29	do_install_append() {	29	do_install_append() {
30	if [ -n "${SOTA_AUTOPROVISION_CREDENTIALS}" -o -n "${SOTA_PACKED_CREDENTIALS}" ]; then	30	if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
31	install -d ${D}/${systemd_unitdir}/system	31	install -d ${D}/${systemd_unitdir}/system
32	install -m 0644 ${WORKDIR}/aktualizr-autoprovision.service ${D}/${systemd_unitdir}/system/aktualizr.service	32	install -m 0644 ${WORKDIR}/aktualizr-autoprovision.service ${D}/${systemd_unitdir}/system/aktualizr.service
33	install -d ${D}/usr/lib/sota	33	install -d ${D}/usr/lib/sota


diff --git a/recipes-sota/aktualizr/files/aktualizr-autoprovision.service b/recipes-sota/aktualizr/files/aktualizr-autoprovision.service index fd0ab09..4a595f0 100644 --- a/recipes-sota/aktualizr/files/aktualizr-autoprovision.service +++ b/recipes-sota/aktualizr/files/aktualizr-autoprovision.service
@@ -7,8 +7,7 @@ Requires=network-online.target
7	[Service]	7	[Service]
8	RestartSec=10	8	RestartSec=10
9	Restart=always	9	Restart=always
10	EnvironmentFile=/var/sota/sota_provisioning_url.env	10	ExecStart=/usr/bin/aktualizr --disable-keyid-validation --config /usr/lib/sota/sota.toml
11	ExecStart=/usr/bin/aktualizr --disable-keyid-validation --tls-server ${SOTA_GATEWAY_URI} --config /usr/lib/sota/sota.toml
12		11
13	[Install]	12	[Install]
14	WantedBy=multi-user.target	13	WantedBy=multi-user.target


diff --git a/recipes-sota/aktualizr/files/sota_autoprov.toml b/recipes-sota/aktualizr/files/sota_autoprov.toml index 8799553..9d4ce3b 100644 --- a/recipes-sota/aktualizr/files/sota_autoprov.toml +++ b/recipes-sota/aktualizr/files/sota_autoprov.toml
@@ -1,9 +1,9 @@
1	[device]	1	[device]
2	packages_dir = "/tmp/packages_dir"	2	packages_dir = "/tmp/packages_dir"
3	certificates_directory = "/var/sota"
4	system_info = "system_info.sh"	3	system_info = "system_info.sh"
5		4
6	[tls]	5	[tls]
		6	certificates_directory = "/var/sota/"
7	ca_file = "root.crt"	7	ca_file = "root.crt"
8	client_certificate = "client.pem"	8	client_certificate = "client.pem"
9	pkey_file = "pkey.pem"	9	pkey_file = "pkey.pem"
@@ -14,5 +14,5 @@ private_key_path = "ecukey.der"
14	public_key_path = "ecukey.pub"	14	public_key_path = "ecukey.pub"
15		15
16	[provision]	16	[provision]
17	p12_path = "sota_provisioning_credentials.p12"	17	provision_path = "/var/sota/sota_provisioning_credentials.zip"
18		18