summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorcajun-rat <phil@advancedtelematic.com>2017-11-13 16:55:21 +0100
committerGitHub <noreply@github.com>2017-11-13 16:55:21 +0100
commit71410bd31ec76e55247807551e68a2061e277b08 (patch)
tree0469c9a651d0ede7870c35d033f9008efa90501a
parente622a08fc482718f9b221837844d4b7dee9fcf02 (diff)
parente7d4fbf5cbe8f7b89df1a047ce891ecd4ecef55a (diff)
downloadmeta-updater-71410bd31ec76e55247807551e68a2061e277b08.tar.gz
Merge pull request #173 from advancedtelematic/feat/PRO-4189/garage-sign
Add managing targets.json by garage-sign
-rw-r--r--classes/image_types_ostree.bbclass56
-rw-r--r--classes/sota.bbclass9
-rw-r--r--recipes-sota/garage-sign/garage-sign.bb6
3 files changed, 67 insertions, 4 deletions
diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass
index dcc6fc9..172f2c8 100644
--- a/classes/image_types_ostree.bbclass
+++ b/classes/image_types_ostree.bbclass
@@ -5,6 +5,7 @@ inherit image
5IMAGE_DEPENDS_ostree = "ostree-native:do_populate_sysroot \ 5IMAGE_DEPENDS_ostree = "ostree-native:do_populate_sysroot \
6 openssl-native:do_populate_sysroot \ 6 openssl-native:do_populate_sysroot \
7 coreutils-native:do_populate_sysroot \ 7 coreutils-native:do_populate_sysroot \
8 unzip-native:do_populate_sysroot \
8 virtual/kernel:do_deploy \ 9 virtual/kernel:do_deploy \
9 ${OSTREE_INITRAMFS_IMAGE}:do_image_complete" 10 ${OSTREE_INITRAMFS_IMAGE}:do_image_complete"
10 11
@@ -104,6 +105,7 @@ IMAGE_CMD_ostree () {
104 if [ -d root ] && [ ! -L root ]; then 105 if [ -d root ] && [ ! -L root ]; then
105 if [ "$(ls -A root)" ]; then 106 if [ "$(ls -A root)" ]; then
106 bberror "Data in /root directory is not preserved by OSTree." 107 bberror "Data in /root directory is not preserved by OSTree."
108 exit 1
107 fi 109 fi
108 110
109 if [ -n "$SYSTEMD_USED" ]; then 111 if [ -n "$SYSTEMD_USED" ]; then
@@ -176,4 +178,58 @@ IMAGE_CMD_ostreepush () {
176 fi 178 fi
177} 179}
178 180
181IMAGE_TYPEDEP_garagesign = "ostreepush"
182IMAGE_DEPENDS_garagesign = "garage-sign-native:do_populate_sysroot"
183IMAGE_CMD_garagesign () {
184 if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
185 # if credentials are issued by a server that doesn't support offline signing, exit silently
186 unzip -p ${SOTA_PACKED_CREDENTIALS} root.json targets.pub targets.sec 2>&1 >/dev/null || exit 0
187
188 java_version=$( java -version 2>&1 | awk -F '"' '/version/ {print $2}' )
189 if [ "${java_version}" = "" ]; then
190 bberror "Java is required for synchronization with update backend, but is not installed on the host machine"
191 exit 1
192 elif [ "${java_version}" \< "1.8" ]; then
193 bberror "Java version >= 8 is required for synchronization with update backend"
194 exit 1
195 fi
196
197 if [ ! -d "${GARAGE_SIGN_REPO}" ]; then
198 garage-sign init --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --credentials ${SOTA_PACKED_CREDENTIALS}
199 fi
200
201 if [ -n "${GARAGE_SIGN_REPOSERVER}" ]; then
202 reposerver_args="--reposerver ${GARAGE_SIGN_REPOSERVER}"
203 else
204 reposerver_args=""
205 fi
206
207 ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME})
208
209 # Push may fail due to race condition when multiple build machines try to push simultaneously
210 # in which case targets.json should be pulled again and the whole procedure repeated
211 push_success=0
212 for push_retries in $( seq 3 ); do
213 garage-sign targets pull --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} ${reposerver_args}
214 garage-sign targets add --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --name ${OSTREE_BRANCHNAME} --format OSTREE --version ${OSTREE_BRANCHNAME} --length 0 --url "https://example.com/" --sha256 ${ostree_target_hash} --hardwareids ${MACHINE}
215 garage-sign targets sign --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --key-name=targets
216 errcode=0
217 garage-sign targets push --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} ${reposerver_args} || errcode=$?
218 if [ "$errcode" -eq "0" ]; then
219 push_success=1
220 break
221 else
222 bbwarn "Push to garage repository has failed, retrying"
223 fi
224 done
225
226 if [ "$push_success" -ne "1" ]; then
227 bberror "Couldn't push to garage repository"
228 exit 1
229 fi
230 else
231 bbwarn "SOTA_PACKED_CREDENTIALS not set. Please add SOTA_PACKED_CREDENTIALS."
232 fi
233}
234
179# vim:set ts=4 sw=4 sts=4 expandtab: 235# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/classes/sota.bbclass b/classes/sota.bbclass
index 1865356..f5a42c1 100644
--- a/classes/sota.bbclass
+++ b/classes/sota.bbclass
@@ -5,11 +5,13 @@ python __anonymous() {
5 5
6OVERRIDES .= "${@bb.utils.contains('DISTRO_FEATURES', 'sota', ':sota', '', d)}" 6OVERRIDES .= "${@bb.utils.contains('DISTRO_FEATURES', 'sota', ':sota', '', d)}"
7 7
8HOSTTOOLS_NONFATAL += "java"
9
8SOTA_CLIENT ??= "aktualizr" 10SOTA_CLIENT ??= "aktualizr"
9SOTA_CLIENT_PROV ??= "aktualizr-auto-prov" 11SOTA_CLIENT_PROV ??= "aktualizr-auto-prov"
10IMAGE_INSTALL_append_sota = " ostree os-release ${SOTA_CLIENT} ${SOTA_CLIENT_PROV}" 12IMAGE_INSTALL_append_sota = " ostree os-release ${SOTA_CLIENT} ${SOTA_CLIENT_PROV}"
11IMAGE_CLASSES += " image_types_ostree image_types_ota" 13IMAGE_CLASSES += " image_types_ostree image_types_ota"
12IMAGE_FSTYPES += "${@bb.utils.contains('DISTRO_FEATURES', 'sota', 'ostreepush otaimg wic', ' ', d)}" 14IMAGE_FSTYPES += "${@bb.utils.contains('DISTRO_FEATURES', 'sota', 'ostreepush garagesign otaimg wic', ' ', d)}"
13 15
14PACKAGECONFIG_append_pn-curl = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', " ssl", " ", d)}" 16PACKAGECONFIG_append_pn-curl = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', " ssl", " ", d)}"
15PACKAGECONFIG_remove_pn-curl = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', " gnutls", " ", d)}" 17PACKAGECONFIG_remove_pn-curl = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', " gnutls", " ", d)}"
@@ -25,6 +27,11 @@ OSTREE_BRANCHNAME ?= "${MACHINE}"
25OSTREE_OSNAME ?= "poky" 27OSTREE_OSNAME ?= "poky"
26OSTREE_INITRAMFS_IMAGE ?= "initramfs-ostree-image" 28OSTREE_INITRAMFS_IMAGE ?= "initramfs-ostree-image"
27 29
30
31GARAGE_SIGN_REPO ?= "${DEPLOY_DIR_IMAGE}/garage_sign_repo"
32GARAGE_SIGN_KEYNAME ?= "garage-key"
33GARAGE_TARGET_NAME ?= "${OSTREE_BRANCHNAME}"
34
28SOTA_MACHINE ??="none" 35SOTA_MACHINE ??="none"
29SOTA_MACHINE_raspberrypi2 ?= "raspberrypi" 36SOTA_MACHINE_raspberrypi2 ?= "raspberrypi"
30SOTA_MACHINE_raspberrypi3 ?= "raspberrypi" 37SOTA_MACHINE_raspberrypi3 ?= "raspberrypi"
diff --git a/recipes-sota/garage-sign/garage-sign.bb b/recipes-sota/garage-sign/garage-sign.bb
index 355a949..d5388bc 100644
--- a/recipes-sota/garage-sign/garage-sign.bb
+++ b/recipes-sota/garage-sign/garage-sign.bb
@@ -6,14 +6,14 @@ LICENSE = "CLOSED"
6LIC_FILES_CHKSUM = "file://${S}/docs/LICENSE;md5=3025e77db7bd3f1d616b3ffd11d54c94" 6LIC_FILES_CHKSUM = "file://${S}/docs/LICENSE;md5=3025e77db7bd3f1d616b3ffd11d54c94"
7DEPENDS = "" 7DEPENDS = ""
8 8
9PV = "0.2.0-29-gf6f095a" 9PV = "0.2.0-35-g0544c33"
10 10
11SRC_URI = " \ 11SRC_URI = " \
12 https://ats-tuf-cli-releases.s3-eu-central-1.amazonaws.com/cli-${PV}.tgz \ 12 https://ats-tuf-cli-releases.s3-eu-central-1.amazonaws.com/cli-${PV}.tgz \
13 " 13 "
14 14
15SRC_URI[md5sum] = "49ee4389570992f0cebb16d5943e4405" 15SRC_URI[md5sum] = "1546e06d1e747f67aee5ed7096bf1c74"
16SRC_URI[sha256sum] = "59f902e6507adec3176bdf470fe5dea31996810a6300bd61583638d4ffe37ab3" 16SRC_URI[sha256sum] = "1432348bca8ca5ad75df1218f348f480d429d7509d6454deb6e16ff31c5e08fc"
17 17
18S = "${WORKDIR}/${BPN}" 18S = "${WORKDIR}/${BPN}"
19 19