diff options
author | cajun-rat <phil@advancedtelematic.com> | 2017-11-13 16:55:21 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-11-13 16:55:21 +0100 |
commit | 71410bd31ec76e55247807551e68a2061e277b08 (patch) | |
tree | 0469c9a651d0ede7870c35d033f9008efa90501a | |
parent | e622a08fc482718f9b221837844d4b7dee9fcf02 (diff) | |
parent | e7d4fbf5cbe8f7b89df1a047ce891ecd4ecef55a (diff) | |
download | meta-updater-71410bd31ec76e55247807551e68a2061e277b08.tar.gz |
Merge pull request #173 from advancedtelematic/feat/PRO-4189/garage-sign
Add managing targets.json by garage-sign
-rw-r--r-- | classes/image_types_ostree.bbclass | 56 | ||||
-rw-r--r-- | classes/sota.bbclass | 9 | ||||
-rw-r--r-- | recipes-sota/garage-sign/garage-sign.bb | 6 |
3 files changed, 67 insertions, 4 deletions
diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass index dcc6fc9..172f2c8 100644 --- a/classes/image_types_ostree.bbclass +++ b/classes/image_types_ostree.bbclass | |||
@@ -5,6 +5,7 @@ inherit image | |||
5 | IMAGE_DEPENDS_ostree = "ostree-native:do_populate_sysroot \ | 5 | IMAGE_DEPENDS_ostree = "ostree-native:do_populate_sysroot \ |
6 | openssl-native:do_populate_sysroot \ | 6 | openssl-native:do_populate_sysroot \ |
7 | coreutils-native:do_populate_sysroot \ | 7 | coreutils-native:do_populate_sysroot \ |
8 | unzip-native:do_populate_sysroot \ | ||
8 | virtual/kernel:do_deploy \ | 9 | virtual/kernel:do_deploy \ |
9 | ${OSTREE_INITRAMFS_IMAGE}:do_image_complete" | 10 | ${OSTREE_INITRAMFS_IMAGE}:do_image_complete" |
10 | 11 | ||
@@ -104,6 +105,7 @@ IMAGE_CMD_ostree () { | |||
104 | if [ -d root ] && [ ! -L root ]; then | 105 | if [ -d root ] && [ ! -L root ]; then |
105 | if [ "$(ls -A root)" ]; then | 106 | if [ "$(ls -A root)" ]; then |
106 | bberror "Data in /root directory is not preserved by OSTree." | 107 | bberror "Data in /root directory is not preserved by OSTree." |
108 | exit 1 | ||
107 | fi | 109 | fi |
108 | 110 | ||
109 | if [ -n "$SYSTEMD_USED" ]; then | 111 | if [ -n "$SYSTEMD_USED" ]; then |
@@ -176,4 +178,58 @@ IMAGE_CMD_ostreepush () { | |||
176 | fi | 178 | fi |
177 | } | 179 | } |
178 | 180 | ||
181 | IMAGE_TYPEDEP_garagesign = "ostreepush" | ||
182 | IMAGE_DEPENDS_garagesign = "garage-sign-native:do_populate_sysroot" | ||
183 | IMAGE_CMD_garagesign () { | ||
184 | if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then | ||
185 | # if credentials are issued by a server that doesn't support offline signing, exit silently | ||
186 | unzip -p ${SOTA_PACKED_CREDENTIALS} root.json targets.pub targets.sec 2>&1 >/dev/null || exit 0 | ||
187 | |||
188 | java_version=$( java -version 2>&1 | awk -F '"' '/version/ {print $2}' ) | ||
189 | if [ "${java_version}" = "" ]; then | ||
190 | bberror "Java is required for synchronization with update backend, but is not installed on the host machine" | ||
191 | exit 1 | ||
192 | elif [ "${java_version}" \< "1.8" ]; then | ||
193 | bberror "Java version >= 8 is required for synchronization with update backend" | ||
194 | exit 1 | ||
195 | fi | ||
196 | |||
197 | if [ ! -d "${GARAGE_SIGN_REPO}" ]; then | ||
198 | garage-sign init --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --credentials ${SOTA_PACKED_CREDENTIALS} | ||
199 | fi | ||
200 | |||
201 | if [ -n "${GARAGE_SIGN_REPOSERVER}" ]; then | ||
202 | reposerver_args="--reposerver ${GARAGE_SIGN_REPOSERVER}" | ||
203 | else | ||
204 | reposerver_args="" | ||
205 | fi | ||
206 | |||
207 | ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME}) | ||
208 | |||
209 | # Push may fail due to race condition when multiple build machines try to push simultaneously | ||
210 | # in which case targets.json should be pulled again and the whole procedure repeated | ||
211 | push_success=0 | ||
212 | for push_retries in $( seq 3 ); do | ||
213 | garage-sign targets pull --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} ${reposerver_args} | ||
214 | garage-sign targets add --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --name ${OSTREE_BRANCHNAME} --format OSTREE --version ${OSTREE_BRANCHNAME} --length 0 --url "https://example.com/" --sha256 ${ostree_target_hash} --hardwareids ${MACHINE} | ||
215 | garage-sign targets sign --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --key-name=targets | ||
216 | errcode=0 | ||
217 | garage-sign targets push --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} ${reposerver_args} || errcode=$? | ||
218 | if [ "$errcode" -eq "0" ]; then | ||
219 | push_success=1 | ||
220 | break | ||
221 | else | ||
222 | bbwarn "Push to garage repository has failed, retrying" | ||
223 | fi | ||
224 | done | ||
225 | |||
226 | if [ "$push_success" -ne "1" ]; then | ||
227 | bberror "Couldn't push to garage repository" | ||
228 | exit 1 | ||
229 | fi | ||
230 | else | ||
231 | bbwarn "SOTA_PACKED_CREDENTIALS not set. Please add SOTA_PACKED_CREDENTIALS." | ||
232 | fi | ||
233 | } | ||
234 | |||
179 | # vim:set ts=4 sw=4 sts=4 expandtab: | 235 | # vim:set ts=4 sw=4 sts=4 expandtab: |
diff --git a/classes/sota.bbclass b/classes/sota.bbclass index 1865356..f5a42c1 100644 --- a/classes/sota.bbclass +++ b/classes/sota.bbclass | |||
@@ -5,11 +5,13 @@ python __anonymous() { | |||
5 | 5 | ||
6 | OVERRIDES .= "${@bb.utils.contains('DISTRO_FEATURES', 'sota', ':sota', '', d)}" | 6 | OVERRIDES .= "${@bb.utils.contains('DISTRO_FEATURES', 'sota', ':sota', '', d)}" |
7 | 7 | ||
8 | HOSTTOOLS_NONFATAL += "java" | ||
9 | |||
8 | SOTA_CLIENT ??= "aktualizr" | 10 | SOTA_CLIENT ??= "aktualizr" |
9 | SOTA_CLIENT_PROV ??= "aktualizr-auto-prov" | 11 | SOTA_CLIENT_PROV ??= "aktualizr-auto-prov" |
10 | IMAGE_INSTALL_append_sota = " ostree os-release ${SOTA_CLIENT} ${SOTA_CLIENT_PROV}" | 12 | IMAGE_INSTALL_append_sota = " ostree os-release ${SOTA_CLIENT} ${SOTA_CLIENT_PROV}" |
11 | IMAGE_CLASSES += " image_types_ostree image_types_ota" | 13 | IMAGE_CLASSES += " image_types_ostree image_types_ota" |
12 | IMAGE_FSTYPES += "${@bb.utils.contains('DISTRO_FEATURES', 'sota', 'ostreepush otaimg wic', ' ', d)}" | 14 | IMAGE_FSTYPES += "${@bb.utils.contains('DISTRO_FEATURES', 'sota', 'ostreepush garagesign otaimg wic', ' ', d)}" |
13 | 15 | ||
14 | PACKAGECONFIG_append_pn-curl = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', " ssl", " ", d)}" | 16 | PACKAGECONFIG_append_pn-curl = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', " ssl", " ", d)}" |
15 | PACKAGECONFIG_remove_pn-curl = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', " gnutls", " ", d)}" | 17 | PACKAGECONFIG_remove_pn-curl = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', " gnutls", " ", d)}" |
@@ -25,6 +27,11 @@ OSTREE_BRANCHNAME ?= "${MACHINE}" | |||
25 | OSTREE_OSNAME ?= "poky" | 27 | OSTREE_OSNAME ?= "poky" |
26 | OSTREE_INITRAMFS_IMAGE ?= "initramfs-ostree-image" | 28 | OSTREE_INITRAMFS_IMAGE ?= "initramfs-ostree-image" |
27 | 29 | ||
30 | |||
31 | GARAGE_SIGN_REPO ?= "${DEPLOY_DIR_IMAGE}/garage_sign_repo" | ||
32 | GARAGE_SIGN_KEYNAME ?= "garage-key" | ||
33 | GARAGE_TARGET_NAME ?= "${OSTREE_BRANCHNAME}" | ||
34 | |||
28 | SOTA_MACHINE ??="none" | 35 | SOTA_MACHINE ??="none" |
29 | SOTA_MACHINE_raspberrypi2 ?= "raspberrypi" | 36 | SOTA_MACHINE_raspberrypi2 ?= "raspberrypi" |
30 | SOTA_MACHINE_raspberrypi3 ?= "raspberrypi" | 37 | SOTA_MACHINE_raspberrypi3 ?= "raspberrypi" |
diff --git a/recipes-sota/garage-sign/garage-sign.bb b/recipes-sota/garage-sign/garage-sign.bb index 355a949..d5388bc 100644 --- a/recipes-sota/garage-sign/garage-sign.bb +++ b/recipes-sota/garage-sign/garage-sign.bb | |||
@@ -6,14 +6,14 @@ LICENSE = "CLOSED" | |||
6 | LIC_FILES_CHKSUM = "file://${S}/docs/LICENSE;md5=3025e77db7bd3f1d616b3ffd11d54c94" | 6 | LIC_FILES_CHKSUM = "file://${S}/docs/LICENSE;md5=3025e77db7bd3f1d616b3ffd11d54c94" |
7 | DEPENDS = "" | 7 | DEPENDS = "" |
8 | 8 | ||
9 | PV = "0.2.0-29-gf6f095a" | 9 | PV = "0.2.0-35-g0544c33" |
10 | 10 | ||
11 | SRC_URI = " \ | 11 | SRC_URI = " \ |
12 | https://ats-tuf-cli-releases.s3-eu-central-1.amazonaws.com/cli-${PV}.tgz \ | 12 | https://ats-tuf-cli-releases.s3-eu-central-1.amazonaws.com/cli-${PV}.tgz \ |
13 | " | 13 | " |
14 | 14 | ||
15 | SRC_URI[md5sum] = "49ee4389570992f0cebb16d5943e4405" | 15 | SRC_URI[md5sum] = "1546e06d1e747f67aee5ed7096bf1c74" |
16 | SRC_URI[sha256sum] = "59f902e6507adec3176bdf470fe5dea31996810a6300bd61583638d4ffe37ab3" | 16 | SRC_URI[sha256sum] = "1432348bca8ca5ad75df1218f348f480d429d7509d6454deb6e16ff31c5e08fc" |
17 | 17 | ||
18 | S = "${WORKDIR}/${BPN}" | 18 | S = "${WORKDIR}/${BPN}" |
19 | 19 | ||