Merge pull request #631 from advancedtelematic/feat/ota-3202/Add-sanity-checks-for-SOTA-variables-in-meta-updater

Add sanity checks for user-defined SOTA variables
author: Patrick Vacek <patrickvacek@gmail.com> 2019-11-27 15:13:52 +0100
committer: GitHub <noreply@github.com> 2019-11-27 15:13:52 +0100
commit: 8693fdc15e8c7accd9c5082b1acc309b4762dea7 (patch)
tree: bbefcb467d8c6bd7e5d7f13ecce810d71f2270e9
parent: 71ed2523ea915bbd4c3e9be53429c79084fcb3ea (diff)
parent: bd3e0f2a1d9793aebc6a57d143c67919600ae71c (diff)
download: meta-updater-8693fdc15e8c7accd9c5082b1acc309b4762dea7.tar.gz
2 files changed, 47 insertions, 14 deletions
diff --git a/classes/sota.bbclass b/classes/sota.bbclass
index 5b06397..4422741 100644
--- a/classes/sota.bbclass
+++ b/classes/sota.bbclass
@@ -7,20 +7,6 @@ SOTA_CLIENT_PROV ??= "aktualizr-shared-prov"
 SOTA_DEPLOY_CREDENTIALS ?= "1"
 SOTA_HARDWARE_ID ??= "${MACHINE}"
-# Translate old provisioning recipe names into the new versions.
-python () {
-    prov = d.getVar("SOTA_CLIENT_PROV")
-    if prov == "aktualizr-auto-prov":
-        bb.warn('aktualizr-auto-prov is deprecated. Please use aktualizr-shared-prov instead.')
-        d.setVar("SOTA_CLIENT_PROV", "aktualizr-shared-prov")
-    elif prov == "aktualizr-ca-implicit-prov":
-        bb.warn('aktualizr-ca-implicit-prov is deprecated. Please use aktualizr-device-prov instead.')
-        d.setVar("SOTA_CLIENT_PROV", "aktualizr-device-prov")
-    elif prov == "aktualizr-hsm-prov":
-        bb.warn('aktualizr-hsm-prov is deprecated. Please use aktualizr-device-prov-hsm instead.')
-        d.setVar("SOTA_CLIENT_PROV", "aktualizr-device-prov-hsm")
-}
 IMAGE_INSTALL_append_sota = " ostree os-release ${SOTA_CLIENT} ${SOTA_CLIENT_PROV}"
 IMAGE_CLASSES += " image_types_ostree image_types_ota"
diff --git a/classes/sota_sanity.bbclass b/classes/sota_sanity.bbclass
index 8e80acb..1339fb3 100644
--- a/classes/sota_sanity.bbclass
+++ b/classes/sota_sanity.bbclass
@@ -10,6 +10,52 @@ def sota_check_required_variables(status, d):
        if not d.getVar(var):
            status.addresult("%s should be set in your local.conf.\n" % var)
+def sota_check_variables_validity(status, d):
+    import re
+    import os.path
+    if d.getVar("OSTREE_BRANCHNAME") and re.match("^[a-zA-Z0-9_-]*$", d.getVar("OSTREE_BRANCHNAME")) is None:
+        status.addresult("OSTREE_BRANCHNAME Should only contain characters from the character set [a-zA-Z0-9_-].\n")
+    if d.getVar("SOTA_HARDWARE_ID") and re.match("^[a-zA-Z0-9_-]*$", d.getVar("SOTA_HARDWARE_ID")) is None:
+        status.addresult("SOTA_HARDWARE_ID Should only contain characters from the character set [a-zA-Z0-9_-].\n")
+    if d.getVar("SOTA_CLIENT_FEATURES") is not None:
+        for feat in d.getVar("SOTA_CLIENT_FEATURES").split(' '):
+            if feat not in ("hsm", "serialcan", "ubootenv", ""):
+                status.addresult("SOTA_CLIENT_FEATURES should only include hsm, serialcan and bootenv.\n")
+                break
+    if d.getVar("SOTA_CLIENT_PROV") is not None:
+        prov = d.getVar("SOTA_CLIENT_PROV").strip()
+        if prov not in ("aktualizr-shared-prov", "aktualizr-device-prov", "aktualizr-device-prov-hsm", ""):
+            status.addresult("Valid options for SOTA_CLIENT_PROV are aktualizr-shared-prov, aktualizr-device-prov and aktualizr-device-prov-hsm.\n")
+            if prov == "aktualizr-auto-prov":
+                bb.warn('aktualizr-auto-prov is deprecated. Please use aktualizr-shared-prov instead.')
+            elif prov == "aktualizr-ca-implicit-prov":
+                bb.warn('aktualizr-ca-implicit-prov is deprecated. Please use aktualizr-device-prov instead.')
+            elif prov == "aktualizr-hsm-prov":
+                bb.warn('aktualizr-hsm-prov is deprecated. Please use aktualizr-device-prov-hsm instead.')
+    if d.getVar("GARAGE_TARGET_URL") and re.match("^(https?|ftp|file)://.+$", d.getVar("GARAGE_TARGET_URL")) is None:
+        status.addresult("GARAGE_TARGET_URL is set to a bad url.\n")
+    if d.getVar("SOTA_POLLING_SEC") and re.match("^[1-9]\d*|0$", d.getVar("SOTA_POLLING_SEC")) is None:
+        status.addresult("SOTA_POLLING_SEC should be an integer.\n")
+    config = d.getVar("SOTA_SECONDARY_CONFIG")
+    if config is not None and config != "":
+        path = os.path.abspath(config)
+        if not os.path.exists(path):
+            status.addresult("SOTA_SECONDARY_CONFIG is not set correctly. The file containing JSON configuration for secondaries does not exist.\n")
+    credentials = d.getVar("SOTA_PACKED_CREDENTIALS")
+    if credentials is not None and credentials != "":
+        path = os.path.abspath(credentials)
+        if not os.path.exists(path):
+            status.addresult("SOTA_PACKED_CREDENTIALS is not set correctly. The zipped credentials file does not exist.\n")
+    if d.getVar("OSTREE_UPDATE_SUMMARY") and d.getVar("OSTREE_UPDATE_SUMMARY") not in ("0", "1", ""):
+        status.addresult("OSTREE_UPDATE_SUMMARY should be set to 0 or 1.\n")
+    if d.getVar("OSTREE_DEPLOY_DEVICETREE") and d.getVar("OSTREE_DEPLOY_DEVICETREE") not in ("0", "1", ""):
+        status.addresult("OSTREE_DEPLOY_DEVICETREE should be set to 0 or 1.\n")
+    if d.getVar("GARAGE_SIGN_AUTOVERSION") and d.getVar("GARAGE_SIGN_AUTOVERSION") not in ("0", "1", ""):
+        status.addresult("GARAGE_SIGN_AUTOVERSION should be set to 0 or 1.\n")
+    if d.getVar("SOTA_DEPLOY_CREDENTIALS") and d.getVar("SOTA_DEPLOY_CREDENTIALS") not in ("0", "1", ""):
+        status.addresult("SOTA_DEPLOY_CREDENTIALS should be set to 0 or 1.\n")
+    
 def sota_raise_sanity_error(msg, d):
    if d.getVar("SANITY_USE_EVENTS") == "1":
        bb.event.fire(bb.event.SanityCheckFailed(msg), d)
@@ -34,6 +80,7 @@ def sota_check_sanity(sanity_data):
    sota_check_overrides(status, sanity_data)
    sota_check_required_variables(status, sanity_data)
+    sota_check_variables_validity(status, sanity_data)
    if status.messages != "":
        sota_raise_sanity_error(sanity_data.expand(status.messages), sanity_data)
author	Patrick Vacek <patrickvacek@gmail.com>	2019-11-27 15:13:52 +0100
committer	GitHub <noreply@github.com>	2019-11-27 15:13:52 +0100
commit	8693fdc15e8c7accd9c5082b1acc309b4762dea7 (patch)
tree	bbefcb467d8c6bd7e5d7f13ecce810d71f2270e9
parent	71ed2523ea915bbd4c3e9be53429c79084fcb3ea (diff)
parent	bd3e0f2a1d9793aebc6a57d143c67919600ae71c (diff)
download	meta-updater-8693fdc15e8c7accd9c5082b1acc309b4762dea7.tar.gz

diff --git a/classes/sota.bbclass b/classes/sota.bbclass index 5b06397..4422741 100644 --- a/classes/sota.bbclass +++ b/classes/sota.bbclass
@@ -7,20 +7,6 @@ SOTA_CLIENT_PROV ??= "aktualizr-shared-prov"
7	SOTA_DEPLOY_CREDENTIALS ?= "1"	7	SOTA_DEPLOY_CREDENTIALS ?= "1"
8	SOTA_HARDWARE_ID ??= "${MACHINE}"	8	SOTA_HARDWARE_ID ??= "${MACHINE}"
9		9
10	# Translate old provisioning recipe names into the new versions.
11	python () {
12	prov = d.getVar("SOTA_CLIENT_PROV")
13	if prov == "aktualizr-auto-prov":
14	bb.warn('aktualizr-auto-prov is deprecated. Please use aktualizr-shared-prov instead.')
15	d.setVar("SOTA_CLIENT_PROV", "aktualizr-shared-prov")
16	elif prov == "aktualizr-ca-implicit-prov":
17	bb.warn('aktualizr-ca-implicit-prov is deprecated. Please use aktualizr-device-prov instead.')
18	d.setVar("SOTA_CLIENT_PROV", "aktualizr-device-prov")
19	elif prov == "aktualizr-hsm-prov":
20	bb.warn('aktualizr-hsm-prov is deprecated. Please use aktualizr-device-prov-hsm instead.')
21	d.setVar("SOTA_CLIENT_PROV", "aktualizr-device-prov-hsm")
22	}
23
24	IMAGE_INSTALL_append_sota = " ostree os-release ${SOTA_CLIENT} ${SOTA_CLIENT_PROV}"	10	IMAGE_INSTALL_append_sota = " ostree os-release ${SOTA_CLIENT} ${SOTA_CLIENT_PROV}"
25	IMAGE_CLASSES += " image_types_ostree image_types_ota"	11	IMAGE_CLASSES += " image_types_ostree image_types_ota"
26		12


diff --git a/classes/sota_sanity.bbclass b/classes/sota_sanity.bbclass index 8e80acb..1339fb3 100644 --- a/classes/sota_sanity.bbclass +++ b/classes/sota_sanity.bbclass
@@ -10,6 +10,52 @@ def sota_check_required_variables(status, d):
10	if not d.getVar(var):	10	if not d.getVar(var):
11	status.addresult("%s should be set in your local.conf.\n" % var)	11	status.addresult("%s should be set in your local.conf.\n" % var)
12		12
		13	def sota_check_variables_validity(status, d):
		14	import re
		15	import os.path
		16
		17	if d.getVar("OSTREE_BRANCHNAME") and re.match("^[a-zA-Z0-9_-]*$", d.getVar("OSTREE_BRANCHNAME")) is None:
		18	status.addresult("OSTREE_BRANCHNAME Should only contain characters from the character set [a-zA-Z0-9_-].\n")
		19	if d.getVar("SOTA_HARDWARE_ID") and re.match("^[a-zA-Z0-9_-]*$", d.getVar("SOTA_HARDWARE_ID")) is None:
		20	status.addresult("SOTA_HARDWARE_ID Should only contain characters from the character set [a-zA-Z0-9_-].\n")
		21	if d.getVar("SOTA_CLIENT_FEATURES") is not None:
		22	for feat in d.getVar("SOTA_CLIENT_FEATURES").split(' '):
		23	if feat not in ("hsm", "serialcan", "ubootenv", ""):
		24	status.addresult("SOTA_CLIENT_FEATURES should only include hsm, serialcan and bootenv.\n")
		25	break
		26	if d.getVar("SOTA_CLIENT_PROV") is not None:
		27	prov = d.getVar("SOTA_CLIENT_PROV").strip()
		28	if prov not in ("aktualizr-shared-prov", "aktualizr-device-prov", "aktualizr-device-prov-hsm", ""):
		29	status.addresult("Valid options for SOTA_CLIENT_PROV are aktualizr-shared-prov, aktualizr-device-prov and aktualizr-device-prov-hsm.\n")
		30	if prov == "aktualizr-auto-prov":
		31	bb.warn('aktualizr-auto-prov is deprecated. Please use aktualizr-shared-prov instead.')
		32	elif prov == "aktualizr-ca-implicit-prov":
		33	bb.warn('aktualizr-ca-implicit-prov is deprecated. Please use aktualizr-device-prov instead.')
		34	elif prov == "aktualizr-hsm-prov":
		35	bb.warn('aktualizr-hsm-prov is deprecated. Please use aktualizr-device-prov-hsm instead.')
		36	if d.getVar("GARAGE_TARGET_URL") and re.match("^(https?\|ftp\|file)://.+$", d.getVar("GARAGE_TARGET_URL")) is None:
		37	status.addresult("GARAGE_TARGET_URL is set to a bad url.\n")
		38	if d.getVar("SOTA_POLLING_SEC") and re.match("^[1-9]\d*\|0$", d.getVar("SOTA_POLLING_SEC")) is None:
		39	status.addresult("SOTA_POLLING_SEC should be an integer.\n")
		40	config = d.getVar("SOTA_SECONDARY_CONFIG")
		41	if config is not None and config != "":
		42	path = os.path.abspath(config)
		43	if not os.path.exists(path):
		44	status.addresult("SOTA_SECONDARY_CONFIG is not set correctly. The file containing JSON configuration for secondaries does not exist.\n")
		45	credentials = d.getVar("SOTA_PACKED_CREDENTIALS")
		46	if credentials is not None and credentials != "":
		47	path = os.path.abspath(credentials)
		48	if not os.path.exists(path):
		49	status.addresult("SOTA_PACKED_CREDENTIALS is not set correctly. The zipped credentials file does not exist.\n")
		50	if d.getVar("OSTREE_UPDATE_SUMMARY") and d.getVar("OSTREE_UPDATE_SUMMARY") not in ("0", "1", ""):
		51	status.addresult("OSTREE_UPDATE_SUMMARY should be set to 0 or 1.\n")
		52	if d.getVar("OSTREE_DEPLOY_DEVICETREE") and d.getVar("OSTREE_DEPLOY_DEVICETREE") not in ("0", "1", ""):
		53	status.addresult("OSTREE_DEPLOY_DEVICETREE should be set to 0 or 1.\n")
		54	if d.getVar("GARAGE_SIGN_AUTOVERSION") and d.getVar("GARAGE_SIGN_AUTOVERSION") not in ("0", "1", ""):
		55	status.addresult("GARAGE_SIGN_AUTOVERSION should be set to 0 or 1.\n")
		56	if d.getVar("SOTA_DEPLOY_CREDENTIALS") and d.getVar("SOTA_DEPLOY_CREDENTIALS") not in ("0", "1", ""):
		57	status.addresult("SOTA_DEPLOY_CREDENTIALS should be set to 0 or 1.\n")
		58
13	def sota_raise_sanity_error(msg, d):	59	def sota_raise_sanity_error(msg, d):
14	if d.getVar("SANITY_USE_EVENTS") == "1":	60	if d.getVar("SANITY_USE_EVENTS") == "1":
15	bb.event.fire(bb.event.SanityCheckFailed(msg), d)	61	bb.event.fire(bb.event.SanityCheckFailed(msg), d)
@@ -34,6 +80,7 @@ def sota_check_sanity(sanity_data):
34		80
35	sota_check_overrides(status, sanity_data)	81	sota_check_overrides(status, sanity_data)
36	sota_check_required_variables(status, sanity_data)	82	sota_check_required_variables(status, sanity_data)
		83	sota_check_variables_validity(status, sanity_data)
37		84
38	if status.messages != "":	85	if status.messages != "":
39	sota_raise_sanity_error(sanity_data.expand(status.messages), sanity_data)	86	sota_raise_sanity_error(sanity_data.expand(status.messages), sanity_data)