Add provisioning with CAwip/cacert

author: Anton Gerasimov <anton@advancedtelematic.com> 2018-02-15 18:17:36 +0100
committer: Anton Gerasimov <anton@advancedtelematic.com> 2018-02-15 18:17:36 +0100
commit: c6876b9c0a3b5109b21ff6a7169471511f7c2200 (patch)
tree: 2995d17ee30ae763665bcf011abc08c4cd8759bb
parent: e9886a382edfe447880aec3a2ca4a08f65892181 (diff)
download: meta-updater-wip/cacert.tar.gz
2 files changed, 68 insertions, 4 deletions
diff --git a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
index cf3d22c..c8d0c7e 100644
--- a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
@@ -5,7 +5,7 @@ SECTION = "base"
 LICENSE = "MPL-2.0"
 LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE;md5=9741c346eef56131163e13b9db1241b3"
-DEPENDS = "aktualizr-native"
+DEPENDS = "aktualizr-native openssl-native"
 RDEPENDS_${PN} = "aktualizr"
 SRC_URI = " \
@@ -17,12 +17,43 @@ PR = "1"
 require environment.inc
 require credentials.inc
+export SOTA_CACERT_PATH
+export SOTA_CAKEY_PATH
 do_install() {
    install -d ${D}${libdir}/sota
-    if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
-        aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} \
+    if [ -z ${SOTA_CACERT_PATH} ]; then
-            -i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov.toml -o ${D}${libdir}/sota/sota.toml -p ${D}
+        SOTA_CACERT_PATH=${DEPLOY_DIR_IMAGE}/CA/cacert.pem
+        SOTA_CAKEY_PATH=${DEPLOY_DIR_IMAGE}/CA/ca.private.pem
+        mkdir -p ${DEPLOY_DIR_IMAGE}/CA
+        bbwarn "SOTA_CACERT_PATH is not specified, use default one at $SOTA_CACERT_PATH" 
+        if [ ! -f ${SOTA_CACERT_PATH} ]; then
+            bbwarn "${SOTA_CACERT_PATH} doesn't exist, generate a new CA"
+                SOTA_CACERT_DIR_PATH="$(dirname "$SOTA_CACERT_PATH")"
+            openssl genrsa -out ${SOTA_CERTCA_DIR_PATH}/ca.private.pem 4096
+            openssl req -key ${SOTA_CERTCA_DIR_PATH}/ca.private.pem -new -x509 -days 7300 -out ${SOTA_CACERT_PATH} -subj "/C=DE/ST=Berlin/O=Reis und Kichererbsen e.V/commonName=meta-updater" -batch
+            bbwarn "${SOTA_CACERT_PATH} has been created, you'll need to upload it to the server"
+        fi
+    fi
+    if [ -z ${SOTA_CAKEY_PATH} ]; then
+        bberror "SOTA_CAKEY_PATH should be set when using implicit provisioning"
    fi
+    if [ -z "${SOTA_PACKED_CREDENTIALS}" ]; then
+        bberror "SOTA_PACKED_CREDENTIALS are required for implicit provisioning"
+    fi
+    install -d ${D}${libdir}/sota
+    install -d ${D}${localstatedir}/sota
+    install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov.toml ${D}${libdir}/sota/sota.toml
+    aktualizr_cert_provider --credentials ${SOTA_PACKED_CREDENTIALS} \
+                            --device-ca ${SOTA_CACERT_PATH} \
+                            --device-ca-key ${SOTA_CAKEY_PATH} \
+                            -r \
+                            --local ${D}${localstatedir}/sota \
+                            --config ${D}{libdir}/sota/sota.toml
 }
 FILES_${PN} = " \
diff --git a/recipes-sota/aktualizr/aktualizr-mock-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-mock-implicit-prov.bb
new file mode 100644
index 0000000..cf3d22c
--- /dev/null
+++ b/recipes-sota/aktualizr/aktualizr-mock-implicit-prov.bb
@@ -0,0 +1,33 @@
+SUMMARY = "Aktualizr configuration for implicit provisioning"
+DESCRIPTION = "Systemd service and configurations for implicitly provisioning Aktualizr, the SOTA Client application written in C++"
+HOMEPAGE = "https://github.com/advancedtelematic/aktualizr"
+SECTION = "base"
+LICENSE = "MPL-2.0"
+LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE;md5=9741c346eef56131163e13b9db1241b3"
+DEPENDS = "aktualizr-native"
+RDEPENDS_${PN} = "aktualizr"
+SRC_URI = " \
+  file://LICENSE \
+  "
+PV = "1.0"
+PR = "1"
+require environment.inc
+require credentials.inc
+do_install() {
+    install -d ${D}${libdir}/sota
+    if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
+        aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} \
+            -i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov.toml -o ${D}${libdir}/sota/sota.toml -p ${D}
+    fi
+}
+FILES_${PN} = " \
+                ${libdir}/sota/sota.toml \
+                ${libdir}/sota/root.crt \
+                "
+# vim:set ts=4 sw=4 sts=4 expandtab:
author	Anton Gerasimov <anton@advancedtelematic.com>	2018-02-15 18:17:36 +0100
committer	Anton Gerasimov <anton@advancedtelematic.com>	2018-02-15 18:17:36 +0100
commit	c6876b9c0a3b5109b21ff6a7169471511f7c2200 (patch)
tree	2995d17ee30ae763665bcf011abc08c4cd8759bb
parent	e9886a382edfe447880aec3a2ca4a08f65892181 (diff)
download	meta-updater-wip/cacert.tar.gz

diff --git a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb index cf3d22c..c8d0c7e 100644 --- a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
@@ -5,7 +5,7 @@ SECTION = "base"
5	LICENSE = "MPL-2.0"	5	LICENSE = "MPL-2.0"
6	LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE;md5=9741c346eef56131163e13b9db1241b3"	6	LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE;md5=9741c346eef56131163e13b9db1241b3"
7		7
8	DEPENDS = "aktualizr-native"	8	DEPENDS = "aktualizr-native openssl-native"
9	RDEPENDS_${PN} = "aktualizr"	9	RDEPENDS_${PN} = "aktualizr"
10		10
11	SRC_URI = " \	11	SRC_URI = " \
@@ -17,12 +17,43 @@ PR = "1"
17	require environment.inc	17	require environment.inc
18	require credentials.inc	18	require credentials.inc
19		19
		20	export SOTA_CACERT_PATH
		21	export SOTA_CAKEY_PATH
20	do_install() {	22	do_install() {
21	install -d ${D}${libdir}/sota	23	install -d ${D}${libdir}/sota
22	if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then	24
23	aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} \	25	if [ -z ${SOTA_CACERT_PATH} ]; then
24	-i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov.toml -o ${D}${libdir}/sota/sota.toml -p ${D}	26	SOTA_CACERT_PATH=${DEPLOY_DIR_IMAGE}/CA/cacert.pem
		27	SOTA_CAKEY_PATH=${DEPLOY_DIR_IMAGE}/CA/ca.private.pem
		28	mkdir -p ${DEPLOY_DIR_IMAGE}/CA
		29	bbwarn "SOTA_CACERT_PATH is not specified, use default one at $SOTA_CACERT_PATH"
		30
		31	if [ ! -f ${SOTA_CACERT_PATH} ]; then
		32	bbwarn "${SOTA_CACERT_PATH} doesn't exist, generate a new CA"
		33	SOTA_CACERT_DIR_PATH="$(dirname "$SOTA_CACERT_PATH")"
		34	openssl genrsa -out ${SOTA_CERTCA_DIR_PATH}/ca.private.pem 4096
		35	openssl req -key ${SOTA_CERTCA_DIR_PATH}/ca.private.pem -new -x509 -days 7300 -out ${SOTA_CACERT_PATH} -subj "/C=DE/ST=Berlin/O=Reis und Kichererbsen e.V/commonName=meta-updater" -batch
		36	bbwarn "${SOTA_CACERT_PATH} has been created, you'll need to upload it to the server"
		37	fi
		38	fi
		39
		40	if [ -z ${SOTA_CAKEY_PATH} ]; then
		41	bberror "SOTA_CAKEY_PATH should be set when using implicit provisioning"
25	fi	42	fi
		43
		44	if [ -z "${SOTA_PACKED_CREDENTIALS}" ]; then
		45	bberror "SOTA_PACKED_CREDENTIALS are required for implicit provisioning"
		46	fi
		47
		48	install -d ${D}${libdir}/sota
		49	install -d ${D}${localstatedir}/sota
		50	install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov.toml ${D}${libdir}/sota/sota.toml
		51	aktualizr_cert_provider --credentials ${SOTA_PACKED_CREDENTIALS} \
		52	--device-ca ${SOTA_CACERT_PATH} \
		53	--device-ca-key ${SOTA_CAKEY_PATH} \
		54	-r \
		55	--local ${D}${localstatedir}/sota \
		56	--config ${D}{libdir}/sota/sota.toml
26	}	57	}
27		58
28	FILES_${PN} = " \	59	FILES_${PN} = " \


diff --git a/recipes-sota/aktualizr/aktualizr-mock-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-mock-implicit-prov.bb new file mode 100644 index 0000000..cf3d22c --- /dev/null +++ b/recipes-sota/aktualizr/aktualizr-mock-implicit-prov.bb
@@ -0,0 +1,33 @@
		1	SUMMARY = "Aktualizr configuration for implicit provisioning"
		2	DESCRIPTION = "Systemd service and configurations for implicitly provisioning Aktualizr, the SOTA Client application written in C++"
		3	HOMEPAGE = "https://github.com/advancedtelematic/aktualizr"
		4	SECTION = "base"
		5	LICENSE = "MPL-2.0"
		6	LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE;md5=9741c346eef56131163e13b9db1241b3"
		7
		8	DEPENDS = "aktualizr-native"
		9	RDEPENDS_${PN} = "aktualizr"
		10
		11	SRC_URI = " \
		12	file://LICENSE \
		13	"
		14	PV = "1.0"
		15	PR = "1"
		16
		17	require environment.inc
		18	require credentials.inc
		19
		20	do_install() {
		21	install -d ${D}${libdir}/sota
		22	if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
		23	aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} \
		24	-i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov.toml -o ${D}${libdir}/sota/sota.toml -p ${D}
		25	fi
		26	}
		27
		28	FILES_${PN} = " \
		29	${libdir}/sota/sota.toml \
		30	${libdir}/sota/root.crt \
		31	"
		32
		33	# vim:set ts=4 sw=4 sts=4 expandtab: