diff options
author | Ben Luck <ben+qa@advancedtelematic.com> | 2018-04-18 17:36:30 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-04-18 17:36:30 +0200 |
commit | 5477a9cba8d3881200927816f34ab63393bc2d4a (patch) | |
tree | 15863a11f49325edb21040eb46997bcd2da43452 | |
parent | 505a7c8570ab7182372bef66032eac4786d83595 (diff) | |
parent | 0ee32d9371f4c6041c503dbdfb0cf68fb1a50a0e (diff) | |
download | meta-updater-5477a9cba8d3881200927816f34ab63393bc2d4a.tar.gz |
Merge pull request #294 from advancedtelematic/bugfix/kRejectAll-pyro
Bugfix/k reject all pyro
-rw-r--r-- | CONTRIBUTING.adoc | 13 | ||||
-rw-r--r-- | README.adoc | 38 | ||||
-rw-r--r-- | classes/image_types_ostree.bbclass | 25 | ||||
-rw-r--r-- | lib/oeqa/selftest/updater.py | 261 | ||||
-rw-r--r-- | recipes-core/ovmf/files/0001-Compare-c-string-with-NULL-instead-of-a-literal.patch | 25 | ||||
-rw-r--r-- | recipes-core/ovmf/ovmf_%.bbappend | 3 | ||||
-rw-r--r-- | recipes-sota/aktualizr/aktualizr-hsm-prov.bb | 9 | ||||
-rw-r--r-- | recipes-sota/aktualizr/aktualizr-implicit-prov.bb | 6 | ||||
-rw-r--r-- | recipes-sota/aktualizr/aktualizr_git.bb | 11 | ||||
-rw-r--r-- | recipes-sota/aktualizr/environment.inc | 2 | ||||
-rw-r--r-- | recipes-sota/aktualizr/files/aktualizr.service | 1 | ||||
-rw-r--r-- | recipes-sota/asn1c/asn1c.bb | 17 | ||||
-rw-r--r-- | recipes-sota/asn1c/files/skeletons_dir_fix.patch | 44 | ||||
-rw-r--r-- | recipes-support/libp11/files/0001-Workaround-for-a-buggy-version-of-openssl-1.0.2m.patch | 42 | ||||
-rw-r--r-- | recipes-support/libp11/libp11_0.4.7.bb | 3 |
15 files changed, 366 insertions, 134 deletions
diff --git a/CONTRIBUTING.adoc b/CONTRIBUTING.adoc index 7255a72..df7a717 100644 --- a/CONTRIBUTING.adoc +++ b/CONTRIBUTING.adoc | |||
@@ -1,15 +1,4 @@ | |||
1 | = Contributing | 1 | = Contributing |
2 | 2 | ||
3 | We welcome pull requests from everyone. Here are some notes that are useful for people working on meta-updater (this repository) and https://github.com/advancedtelematic/aktualizr[aktualizr]. | 3 | We welcome pull requests from everyone. It may be helpful to read the README and other documentation for link:README.adoc[this repo], https://github.com/advancedtelematic/aktualizr[aktualizr], and the https://github.com/advancedtelematic/updater-repo/[updater-repo], particularly the sections and development and debugging. |
4 | |||
5 | == Options for local.conf/site.conf | ||
6 | |||
7 | [options="header"] | ||
8 | |====================== | ||
9 | | Option | Effect | ||
10 | | `require classes/sota_bleeding.inc` | Always build the latest master of Aktualizr | ||
11 | | `BRANCH_pn-aktualizr = "mybranch"` | ||
12 | `BRANCH_pn-aktualizr-native = "mybranch"` | Build `mybranch` of Aktualizr (note that both of these need to be set). This will normally be used with `require classes/sota_bleeding.inc` | ||
13 | | `TOOLCHAIN_HOST_TASK_append = " nativesdk-cmake "` | Use with `bitbake -c populate_sdk core-image-minimal` to build a SDK | ||
14 | |||
15 | 4 | ||
diff --git a/README.adoc b/README.adoc index e074913..65162fc 100644 --- a/README.adoc +++ b/README.adoc | |||
@@ -1,4 +1,6 @@ | |||
1 | = meta-updater | 1 | = meta-updater |
2 | :toc: macro | ||
3 | :toc-title: | ||
2 | 4 | ||
3 | This layer enables over-the-air updates (OTA) with https://github.com/ostreedev/ostree[OSTree] and https://github.com/advancedtelematic/aktualizr[Aktualizr]. | 5 | This layer enables over-the-air updates (OTA) with https://github.com/ostreedev/ostree[OSTree] and https://github.com/advancedtelematic/aktualizr[Aktualizr]. |
4 | 6 | ||
@@ -6,6 +8,11 @@ https://github.com/ostreedev/ostree[OSTree] is a tool for atomic full file syste | |||
6 | 8 | ||
7 | https://github.com/advancedtelematic/aktualizr[Aktualizr] (and https://github.com/advancedtelematic/rvi_sota_client[RVI SOTA client]) add authentication and provisioning capabilities to OTA and are integrated with OSTree. You can connect with the open-source https://github.com/advancedtelematic/rvi_sota_server[RVI SOTA server] or sign up for a free account at https://app.atsgarage.com[ATS Garage] to get started. | 9 | https://github.com/advancedtelematic/aktualizr[Aktualizr] (and https://github.com/advancedtelematic/rvi_sota_client[RVI SOTA client]) add authentication and provisioning capabilities to OTA and are integrated with OSTree. You can connect with the open-source https://github.com/advancedtelematic/rvi_sota_server[RVI SOTA server] or sign up for a free account at https://app.atsgarage.com[ATS Garage] to get started. |
8 | 10 | ||
11 | [discrete] | ||
12 | == Table of Contents | ||
13 | |||
14 | toc::[] | ||
15 | |||
9 | == Build | 16 | == Build |
10 | 17 | ||
11 | === Quickstart | 18 | === Quickstart |
@@ -20,7 +27,7 @@ If you already have a Yocto-based project and you want to add atomic filesystem | |||
20 | 2. Clone BSP integration layer (`meta-updater-$\{PLATFORM}`, e.g. https://github.com/advancedtelematic/meta-updater-raspberrypi[meta-updater-raspberrypi]) and add it to your `conf/bblayers.conf`. If your board isn't supported yet, you could write a BSP integration for it yourself. See the <<Adding support for your board>> section for the details. | 27 | 2. Clone BSP integration layer (`meta-updater-$\{PLATFORM}`, e.g. https://github.com/advancedtelematic/meta-updater-raspberrypi[meta-updater-raspberrypi]) and add it to your `conf/bblayers.conf`. If your board isn't supported yet, you could write a BSP integration for it yourself. See the <<Adding support for your board>> section for the details. |
21 | 3. Set up your https://www.yoctoproject.org/docs/2.1/ref-manual/ref-manual.html#var-DISTRO[distro]. If you are using "poky", the default distro in Yocto, you can change it in your `conf/local.conf` to "poky-sota". Alternatively, if you are using your own or third party distro configuration, you can add `INHERIT += " sota"` to it, thus combining capabilities of your distro with meta-updater features. | 28 | 3. Set up your https://www.yoctoproject.org/docs/2.1/ref-manual/ref-manual.html#var-DISTRO[distro]. If you are using "poky", the default distro in Yocto, you can change it in your `conf/local.conf` to "poky-sota". Alternatively, if you are using your own or third party distro configuration, you can add `INHERIT += " sota"` to it, thus combining capabilities of your distro with meta-updater features. |
22 | 29 | ||
23 | You can then build your image as usual, with bitbake. After building the root file system, bitbake will then create an https://ostree.readthedocs.io/en/latest/manual/adapting-existing/[OSTree-enabled version] of it, commit it to your local OSTree repo and (optionally) push it to a remote server. Additionally, a live disk image will be created (normally named `$\{IMAGE_NAME}.-sdimg-ota` e.g. `core-image-raspberrypi3.rpi-sdimg-ota`). You can control this behaviour through <<variables in your local.conf,OSTree-related variables in your local.conf>>. | 30 | You can then build your image as usual, with bitbake. After building the root file system, bitbake will then create an https://ostree.readthedocs.io/en/latest/manual/adapting-existing/[OSTree-enabled version] of it, commit it to your local OSTree repo and (optionally) push it to a remote server. Additionally, a live disk image will be created (normally named `$\{IMAGE_NAME}.-sdimg-ota` e.g. `core-image-raspberrypi3.rpi-sdimg-ota`). You can control this behaviour through <<sota-related-variables-in-localconf,variables in your local.conf>>. |
24 | 31 | ||
25 | === Build in AGL | 32 | === Build in AGL |
26 | 33 | ||
@@ -63,7 +70,7 @@ You may take a look into https://github.com/advancedtelematic/meta-updater-minno | |||
63 | 70 | ||
64 | Although we have used U-Boot so far, other boot loaders can be configured work with OSTree as well. | 71 | Although we have used U-Boot so far, other boot loaders can be configured work with OSTree as well. |
65 | 72 | ||
66 | == SOTA-related variables in `local.conf` | 73 | == SOTA-related variables in local.conf |
67 | 74 | ||
68 | * `OSTREE_REPO` - path to your OSTree repository. Defaults to `$\{DEPLOY_DIR_IMAGE}/ostree_repo` | 75 | * `OSTREE_REPO` - path to your OSTree repository. Defaults to `$\{DEPLOY_DIR_IMAGE}/ostree_repo` |
69 | * `OSTREE_OSNAME` - OS deployment name on your target device. For more information about deployments and osnames see the https://ostree.readthedocs.io/en/latest/manual/deployment/[OSTree documentation]. Defaults to "poky". | 76 | * `OSTREE_OSNAME` - OS deployment name on your target device. For more information about deployments and osnames see the https://ostree.readthedocs.io/en/latest/manual/deployment/[OSTree documentation]. Defaults to "poky". |
@@ -123,9 +130,26 @@ The https://github.com/advancedtelematic/aktualizr[aktualizr repo] contains a to | |||
123 | garage-push --repo=/path/to/ostree-repo --ref=mybranch --credentials=/path/to/credentials.zip | 130 | garage-push --repo=/path/to/ostree-repo --ref=mybranch --credentials=/path/to/credentials.zip |
124 | .... | 131 | .... |
125 | 132 | ||
126 | You can set SOTA_PACKED_CREDENTIALS in your local.conf to make your build results be automatically synchronized with a remote server. Credentials are stored in the JSON format described in the https://github.com/advancedtelematic/aktualizr/blob/master/README.sotatools.adoc[garage-push README]. This JSON file can be optionally stored inside a zip file, although if it is stored this way, the JSON file must be named treehub.json. | 133 | You can set `SOTA_PACKED_CREDENTIALS` in your `local.conf` to automatically synchronize your build results with a remote server. Credentials are stored in an archive as described in the https://github.com/advancedtelematic/aktualizr/blob/master/docs/credentials.adoc[aktualizr documentation]. |
134 | |||
135 | == Development configuration | ||
136 | |||
137 | There are a few settings that can be controlled in `local.conf` to simplify the development process: | ||
127 | 138 | ||
128 | == QA with `oe-selftest` | 139 | [options="header"] |
140 | |====================== | ||
141 | | Option | Effect | ||
142 | | `require classes/sota_bleeding.inc` | Build the latest head (by default, using the master branch) of Aktualizr | ||
143 | | `BRANCH_pn-aktualizr = "mybranch"` | ||
144 | |||
145 | `BRANCH_pn-aktualizr-native = "mybranch"` | Build `mybranch` of Aktualizr. Note that both of these need to be set. This is normally used in conjunction with `require classes/sota_bleeding.inc` | ||
146 | | `SRCREV_pn-aktualizr = "1004efa3f86cef90c012b34620992b5762b741e3"` | ||
147 | |||
148 | `SRCREV_pn-aktualizr-native = "1004efa3f86cef90c012b34620992b5762b741e3"` | Build the specified revision of Aktualizr. Note that both of these need to be set. This can be used in conjunction with `BRANCH_pn-aktualizr` and `BRANCH_pn-aktualizr-native` but will conflict with `require classes/sota_bleeding.inc` | ||
149 | | `TOOLCHAIN_HOST_TASK_append = " nativesdk-cmake "` | Use with `bitbake -c populate_sdk core-image-minimal` to build an SDK. See the https://github.com/advancedtelematic/aktualizr#developing-against-an-openembedded-system[aktualizr repo] for more information. | ||
150 | |====================== | ||
151 | |||
152 | == QA with oe-selftest | ||
129 | 153 | ||
130 | This layer relies on the test framework oe-selftest for quality assurance. Follow the steps below to run the tests: | 154 | This layer relies on the test framework oe-selftest for quality assurance. Follow the steps below to run the tests: |
131 | 155 | ||
@@ -141,13 +165,15 @@ SANITY_TESTED_DISTROS = "" | |||
141 | IMAGE_INSTALL_append = " dropbear " | 165 | IMAGE_INSTALL_append = " dropbear " |
142 | ``` | 166 | ``` |
143 | 167 | ||
144 | 3. To be able to build an image for the grub tests, you will need to install https://github.com/tianocore/tianocore.github.io/wiki/OVMF[TianoCore's ovmf] package on your host system. On Debian-like systems, you can do so with this command: | 168 | 3. Some tests require that `SOTA_PACKED_CREDENTIALS` is set in your `conf/local.conf`. See the <<sota-related-variables-in-localconf,SOTA-related variables in local.conf>> section. |
169 | |||
170 | 4. To be able to build an image for the grub tests, you will need to install https://github.com/tianocore/tianocore.github.io/wiki/OVMF[TianoCore's ovmf] package on your host system. On Debian-like systems, you can do so with this command: | ||
145 | + | 171 | + |
146 | ``` | 172 | ``` |
147 | sudo apt install ovmf | 173 | sudo apt install ovmf |
148 | ``` | 174 | ``` |
149 | 175 | ||
150 | 4. Run oe-selftest: | 176 | 5. Run oe-selftest: |
151 | + | 177 | + |
152 | ``` | 178 | ``` |
153 | oe-selftest --run-tests updater | 179 | oe-selftest --run-tests updater |
diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass index dcc376d..2d1fb25 100644 --- a/classes/image_types_ostree.bbclass +++ b/classes/image_types_ostree.bbclass | |||
@@ -11,7 +11,6 @@ IMAGE_DEPENDS_ostree = "ostree-native:do_populate_sysroot \ | |||
11 | 11 | ||
12 | export OSTREE_REPO | 12 | export OSTREE_REPO |
13 | export OSTREE_BRANCHNAME | 13 | export OSTREE_BRANCHNAME |
14 | |||
15 | export GARAGE_TARGET_NAME | 14 | export GARAGE_TARGET_NAME |
16 | 15 | ||
17 | RAMDISK_EXT ?= ".ext4.gz" | 16 | RAMDISK_EXT ?= ".ext4.gz" |
@@ -198,7 +197,9 @@ IMAGE_CMD_garagesign () { | |||
198 | fi | 197 | fi |
199 | 198 | ||
200 | rm -rf ${GARAGE_SIGN_REPO} | 199 | rm -rf ${GARAGE_SIGN_REPO} |
201 | garage-sign init --repo tufrepo --home-dir ${GARAGE_SIGN_REPO} --credentials ${SOTA_PACKED_CREDENTIALS} | 200 | garage-sign init --repo tufrepo \ |
201 | --home-dir ${GARAGE_SIGN_REPO} \ | ||
202 | --credentials ${SOTA_PACKED_CREDENTIALS} | ||
202 | 203 | ||
203 | ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME}) | 204 | ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME}) |
204 | 205 | ||
@@ -206,11 +207,23 @@ IMAGE_CMD_garagesign () { | |||
206 | # in which case targets.json should be pulled again and the whole procedure repeated | 207 | # in which case targets.json should be pulled again and the whole procedure repeated |
207 | push_success=0 | 208 | push_success=0 |
208 | for push_retries in $( seq 3 ); do | 209 | for push_retries in $( seq 3 ); do |
209 | garage-sign targets pull --repo tufrepo --home-dir ${GARAGE_SIGN_REPO} | 210 | garage-sign targets pull --repo tufrepo \ |
210 | garage-sign targets add --repo tufrepo --home-dir ${GARAGE_SIGN_REPO} --name ${GARAGE_TARGET_NAME} --format OSTREE --version ${ostree_target_hash} --length 0 --url "https://example.com/" --sha256 ${ostree_target_hash} --hardwareids ${MACHINE} | 211 | --home-dir ${GARAGE_SIGN_REPO} |
211 | garage-sign targets sign --repo tufrepo --home-dir ${GARAGE_SIGN_REPO} --key-name=targets | 212 | garage-sign targets add --repo tufrepo \ |
213 | --home-dir ${GARAGE_SIGN_REPO} \ | ||
214 | --name ${GARAGE_TARGET_NAME} \ | ||
215 | --format OSTREE \ | ||
216 | --version ${ostree_target_hash} \ | ||
217 | --length 0 \ | ||
218 | --url "https://example.com/" \ | ||
219 | --sha256 ${ostree_target_hash} \ | ||
220 | --hardwareids ${MACHINE} | ||
221 | garage-sign targets sign --repo tufrepo \ | ||
222 | --home-dir ${GARAGE_SIGN_REPO} \ | ||
223 | --key-name=targets | ||
212 | errcode=0 | 224 | errcode=0 |
213 | garage-sign targets push --repo tufrepo --home-dir ${GARAGE_SIGN_REPO} || errcode=$? | 225 | garage-sign targets push --repo tufrepo \ |
226 | --home-dir ${GARAGE_SIGN_REPO} || errcode=$? | ||
214 | if [ "$errcode" -eq "0" ]; then | 227 | if [ "$errcode" -eq "0" ]; then |
215 | push_success=1 | 228 | push_success=1 |
216 | break | 229 | break |
diff --git a/lib/oeqa/selftest/updater.py b/lib/oeqa/selftest/updater.py index 8fbc857..c114456 100644 --- a/lib/oeqa/selftest/updater.py +++ b/lib/oeqa/selftest/updater.py | |||
@@ -15,6 +15,7 @@ class SotaToolsTests(oeSelfTest): | |||
15 | 15 | ||
16 | @classmethod | 16 | @classmethod |
17 | def setUpClass(cls): | 17 | def setUpClass(cls): |
18 | super(SotaToolsTests, cls).setUpClass() | ||
18 | logger = logging.getLogger("selftest") | 19 | logger = logging.getLogger("selftest") |
19 | logger.info('Running bitbake to build aktualizr-native tools') | 20 | logger.info('Running bitbake to build aktualizr-native tools') |
20 | bitbake('aktualizr-native') | 21 | bitbake('aktualizr-native') |
@@ -63,7 +64,6 @@ class GeneralTests(oeSelfTest): | |||
63 | "Java not found. Do you have a JDK installed on your host machine?") | 64 | "Java not found. Do you have a JDK installed on your host machine?") |
64 | 65 | ||
65 | def test_add_package(self): | 66 | def test_add_package(self): |
66 | print('') | ||
67 | deploydir = get_bb_var('DEPLOY_DIR_IMAGE') | 67 | deploydir = get_bb_var('DEPLOY_DIR_IMAGE') |
68 | imagename = get_bb_var('IMAGE_LINK_NAME', 'core-image-minimal') | 68 | imagename = get_bb_var('IMAGE_LINK_NAME', 'core-image-minimal') |
69 | image_path = deploydir + '/' + imagename + '.otaimg' | 69 | image_path = deploydir + '/' + imagename + '.otaimg' |
@@ -97,6 +97,7 @@ class AktualizrToolsTests(oeSelfTest): | |||
97 | 97 | ||
98 | @classmethod | 98 | @classmethod |
99 | def setUpClass(cls): | 99 | def setUpClass(cls): |
100 | super(AktualizrToolsTests, cls).setUpClass() | ||
100 | logger = logging.getLogger("selftest") | 101 | logger = logging.getLogger("selftest") |
101 | logger.info('Running bitbake to build aktualizr-native tools') | 102 | logger.info('Running bitbake to build aktualizr-native tools') |
102 | bitbake('aktualizr-native') | 103 | bitbake('aktualizr-native') |
@@ -132,20 +133,34 @@ class AktualizrToolsTests(oeSelfTest): | |||
132 | self.assertTrue(os.path.getsize(ca_path) > 0, "Client certificate at %s is empty." % ca_path) | 133 | self.assertTrue(os.path.getsize(ca_path) > 0, "Client certificate at %s is empty." % ca_path) |
133 | 134 | ||
134 | 135 | ||
135 | class QemuTests(oeSelfTest): | 136 | class AutoProvTests(oeSelfTest): |
136 | 137 | ||
137 | @classmethod | 138 | def setUpLocal(self): |
138 | def setUpClass(cls): | 139 | layer = "meta-updater-qemux86-64" |
139 | cls.qemu, cls.s = qemu_launch(machine='qemux86-64') | 140 | result = runCmd('bitbake-layers show-layers') |
141 | if re.search(layer, result.output) is None: | ||
142 | # Assume the directory layout for finding other layers. We could also | ||
143 | # make assumptions by using 'show-layers', but either way, if the | ||
144 | # layers we need aren't where we expect them, we are out of like. | ||
145 | path = os.path.abspath(os.path.dirname(__file__)) | ||
146 | metadir = path + "/../../../../" | ||
147 | self.meta_qemu = metadir + layer | ||
148 | runCmd('bitbake-layers add-layer "%s"' % self.meta_qemu) | ||
149 | else: | ||
150 | self.meta_qemu = None | ||
151 | self.append_config('MACHINE = "qemux86-64"') | ||
152 | self.append_config('SOTA_CLIENT_PROV = " aktualizr-auto-prov "') | ||
153 | self.qemu, self.s = qemu_launch(machine='qemux86-64') | ||
140 | 154 | ||
141 | @classmethod | 155 | def tearDownLocal(self): |
142 | def tearDownClass(cls): | 156 | qemu_terminate(self.s) |
143 | qemu_terminate(cls.s) | 157 | if self.meta_qemu: |
158 | runCmd('bitbake-layers remove-layer "%s"' % self.meta_qemu, ignore_status=True) | ||
144 | 159 | ||
145 | def qemu_command(self, command): | 160 | def qemu_command(self, command): |
146 | return qemu_send_command(self.qemu.ssh_port, command) | 161 | return qemu_send_command(self.qemu.ssh_port, command) |
147 | 162 | ||
148 | def test_qemu(self): | 163 | def test_provisioning(self): |
149 | print('Checking machine name (hostname) of device:') | 164 | print('Checking machine name (hostname) of device:') |
150 | stdout, stderr, retcode = self.qemu_command('hostname') | 165 | stdout, stderr, retcode = self.qemu_command('hostname') |
151 | self.assertEqual(retcode, 0, "Unable to check hostname. " + | 166 | self.assertEqual(retcode, 0, "Unable to check hostname. " + |
@@ -153,10 +168,10 @@ class QemuTests(oeSelfTest): | |||
153 | machine = get_bb_var('MACHINE', 'core-image-minimal') | 168 | machine = get_bb_var('MACHINE', 'core-image-minimal') |
154 | self.assertEqual(stderr, b'', 'Error: ' + stderr.decode()) | 169 | self.assertEqual(stderr, b'', 'Error: ' + stderr.decode()) |
155 | # Strip off line ending. | 170 | # Strip off line ending. |
156 | value_str = stdout.decode()[:-1] | 171 | value = stdout.decode()[:-1] |
157 | self.assertEqual(value_str, machine, | 172 | self.assertEqual(value, machine, |
158 | 'MACHINE does not match hostname: ' + machine + ', ' + value_str) | 173 | 'MACHINE does not match hostname: ' + machine + ', ' + value) |
159 | print(value_str) | 174 | print(value) |
160 | print('Checking output of aktualizr-info:') | 175 | print('Checking output of aktualizr-info:') |
161 | ran_ok = False | 176 | ran_ok = False |
162 | for delay in [0, 1, 2, 5, 10, 15]: | 177 | for delay in [0, 1, 2, 5, 10, 15]: |
@@ -167,31 +182,122 @@ class QemuTests(oeSelfTest): | |||
167 | break | 182 | break |
168 | self.assertTrue(ran_ok, 'aktualizr-info failed: ' + stderr.decode() + stdout.decode()) | 183 | self.assertTrue(ran_ok, 'aktualizr-info failed: ' + stderr.decode() + stdout.decode()) |
169 | 184 | ||
185 | verifyProvisioned(self, machine) | ||
186 | |||
187 | |||
188 | class RpiTests(oeSelfTest): | ||
189 | |||
190 | def setUpLocal(self): | ||
191 | # Add layers before changing the machine type, otherwise the sanity | ||
192 | # checker complains loudly. | ||
193 | layer_python = "meta-openembedded/meta-python" | ||
194 | layer_rpi = "meta-raspberrypi" | ||
195 | layer_upd_rpi = "meta-updater-raspberrypi" | ||
196 | result = runCmd('bitbake-layers show-layers') | ||
197 | # Assume the directory layout for finding other layers. We could also | ||
198 | # make assumptions by using 'show-layers', but either way, if the | ||
199 | # layers we need aren't where we expect them, we are out of like. | ||
200 | path = os.path.abspath(os.path.dirname(__file__)) | ||
201 | metadir = path + "/../../../../" | ||
202 | if re.search(layer_python, result.output) is None: | ||
203 | self.meta_python = metadir + layer_python | ||
204 | runCmd('bitbake-layers add-layer "%s"' % self.meta_python) | ||
205 | else: | ||
206 | self.meta_python = None | ||
207 | if re.search(layer_rpi, result.output) is None: | ||
208 | self.meta_rpi = metadir + layer_rpi | ||
209 | runCmd('bitbake-layers add-layer "%s"' % self.meta_rpi) | ||
210 | else: | ||
211 | self.meta_rpi = None | ||
212 | if re.search(layer_upd_rpi, result.output) is None: | ||
213 | self.meta_upd_rpi = metadir + layer_upd_rpi | ||
214 | runCmd('bitbake-layers add-layer "%s"' % self.meta_upd_rpi) | ||
215 | else: | ||
216 | self.meta_upd_rpi = None | ||
217 | |||
218 | # This is trickier that I would've thought. The fundamental problem is | ||
219 | # that the qemu layer changes the u-boot file extension to .rom, but | ||
220 | # raspberrypi still expects .bin. To prevent this, the qemu layer must | ||
221 | # be temporarily removed if it is present. It has to be removed by name | ||
222 | # without the complete path, but to add it back when we are done, we | ||
223 | # need the full path. | ||
224 | p = re.compile(r'meta-updater-qemux86-64\s*(\S*meta-updater-qemux86-64)\s') | ||
225 | m = p.search(result.output) | ||
226 | if m and m.lastindex > 0: | ||
227 | self.meta_qemu = m.group(1) | ||
228 | runCmd('bitbake-layers remove-layer meta-updater-qemux86-64') | ||
229 | else: | ||
230 | self.meta_qemu = None | ||
231 | |||
232 | self.append_config('MACHINE = "raspberrypi3"') | ||
233 | self.append_config('SOTA_CLIENT_PROV = " aktualizr-auto-prov "') | ||
234 | |||
235 | def tearDownLocal(self): | ||
236 | if self.meta_qemu: | ||
237 | runCmd('bitbake-layers add-layer "%s"' % self.meta_qemu, ignore_status=True) | ||
238 | if self.meta_upd_rpi: | ||
239 | runCmd('bitbake-layers remove-layer "%s"' % self.meta_upd_rpi, ignore_status=True) | ||
240 | if self.meta_rpi: | ||
241 | runCmd('bitbake-layers remove-layer "%s"' % self.meta_rpi, ignore_status=True) | ||
242 | if self.meta_python: | ||
243 | runCmd('bitbake-layers remove-layer "%s"' % self.meta_python, ignore_status=True) | ||
244 | |||
245 | def test_rpi(self): | ||
246 | logger = logging.getLogger("selftest") | ||
247 | logger.info('Running bitbake to build rpi-basic-image') | ||
248 | self.append_config('SOTA_CLIENT_PROV = "aktualizr-auto-prov"') | ||
249 | bitbake('rpi-basic-image') | ||
250 | credentials = get_bb_var('SOTA_PACKED_CREDENTIALS') | ||
251 | # Skip the test if the variable SOTA_PACKED_CREDENTIALS is not set. | ||
252 | if credentials is None: | ||
253 | raise unittest.SkipTest("Variable 'SOTA_PACKED_CREDENTIALS' not set.") | ||
254 | # Check if the file exists. | ||
255 | self.assertTrue(os.path.isfile(credentials), "File %s does not exist" % credentials) | ||
256 | deploydir = get_bb_var('DEPLOY_DIR_IMAGE') | ||
257 | imagename = get_bb_var('IMAGE_LINK_NAME', 'rpi-basic-image') | ||
258 | # Check if the credentials are included in the output image. | ||
259 | result = runCmd('tar -jtvf %s/%s.tar.bz2 | grep sota_provisioning_credentials.zip' % | ||
260 | (deploydir, imagename), ignore_status=True) | ||
261 | self.assertEqual(result.status, 0, "Status not equal to 0. output: %s" % result.output) | ||
262 | |||
170 | 263 | ||
171 | class GrubTests(oeSelfTest): | 264 | class GrubTests(oeSelfTest): |
172 | 265 | ||
173 | def setUpLocal(self): | 266 | def setUpLocal(self): |
174 | # This is a bit of a hack but I can't see a better option. | 267 | layer_intel = "meta-intel" |
268 | layer_minnow = "meta-updater-minnowboard" | ||
269 | result = runCmd('bitbake-layers show-layers') | ||
270 | # Assume the directory layout for finding other layers. We could also | ||
271 | # make assumptions by using 'show-layers', but either way, if the | ||
272 | # layers we need aren't where we expect them, we are out of like. | ||
175 | path = os.path.abspath(os.path.dirname(__file__)) | 273 | path = os.path.abspath(os.path.dirname(__file__)) |
176 | metadir = path + "/../../../../" | 274 | metadir = path + "/../../../../" |
177 | grub_config = 'OSTREE_BOOTLOADER = "grub"\nMACHINE = "intel-corei7-64"' | 275 | if re.search(layer_intel, result.output) is None: |
178 | self.append_config(grub_config) | 276 | self.meta_intel = metadir + layer_intel |
179 | self.meta_intel = metadir + "meta-intel" | 277 | runCmd('bitbake-layers add-layer "%s"' % self.meta_intel) |
180 | self.meta_minnow = metadir + "meta-updater-minnowboard" | 278 | else: |
181 | runCmd('bitbake-layers add-layer "%s"' % self.meta_intel) | 279 | self.meta_intel = None |
182 | runCmd('bitbake-layers add-layer "%s"' % self.meta_minnow) | 280 | if re.search(layer_minnow, result.output) is None: |
281 | self.meta_minnow = metadir + layer_minnow | ||
282 | runCmd('bitbake-layers add-layer "%s"' % self.meta_minnow) | ||
283 | else: | ||
284 | self.meta_minnow = None | ||
285 | self.append_config('MACHINE = "intel-corei7-64"') | ||
286 | self.append_config('OSTREE_BOOTLOADER = "grub"') | ||
287 | self.append_config('SOTA_CLIENT_PROV = " aktualizr-auto-prov "') | ||
183 | self.qemu, self.s = qemu_launch(efi=True, machine='intel-corei7-64') | 288 | self.qemu, self.s = qemu_launch(efi=True, machine='intel-corei7-64') |
184 | 289 | ||
185 | def tearDownLocal(self): | 290 | def tearDownLocal(self): |
186 | qemu_terminate(self.s) | 291 | qemu_terminate(self.s) |
187 | runCmd('bitbake-layers remove-layer "%s"' % self.meta_intel, ignore_status=True) | 292 | if self.meta_intel: |
188 | runCmd('bitbake-layers remove-layer "%s"' % self.meta_minnow, ignore_status=True) | 293 | runCmd('bitbake-layers remove-layer "%s"' % self.meta_intel, ignore_status=True) |
294 | if self.meta_minnow: | ||
295 | runCmd('bitbake-layers remove-layer "%s"' % self.meta_minnow, ignore_status=True) | ||
189 | 296 | ||
190 | def qemu_command(self, command): | 297 | def qemu_command(self, command): |
191 | return qemu_send_command(self.qemu.ssh_port, command) | 298 | return qemu_send_command(self.qemu.ssh_port, command) |
192 | 299 | ||
193 | def test_grub(self): | 300 | def test_grub(self): |
194 | print('') | ||
195 | print('Checking machine name (hostname) of device:') | 301 | print('Checking machine name (hostname) of device:') |
196 | stdout, stderr, retcode = self.qemu_command('hostname') | 302 | stdout, stderr, retcode = self.qemu_command('hostname') |
197 | self.assertEqual(retcode, 0, "Unable to check hostname. " + | 303 | self.assertEqual(retcode, 0, "Unable to check hostname. " + |
@@ -214,16 +320,32 @@ class GrubTests(oeSelfTest): | |||
214 | break | 320 | break |
215 | self.assertTrue(ran_ok, 'aktualizr-info failed: ' + stderr.decode() + stdout.decode()) | 321 | self.assertTrue(ran_ok, 'aktualizr-info failed: ' + stderr.decode() + stdout.decode()) |
216 | 322 | ||
323 | verifyProvisioned(self, machine) | ||
324 | |||
217 | 325 | ||
218 | class ImplProvTests(oeSelfTest): | 326 | class ImplProvTests(oeSelfTest): |
219 | 327 | ||
220 | def setUpLocal(self): | 328 | def setUpLocal(self): |
329 | layer = "meta-updater-qemux86-64" | ||
330 | result = runCmd('bitbake-layers show-layers') | ||
331 | if re.search(layer, result.output) is None: | ||
332 | # Assume the directory layout for finding other layers. We could also | ||
333 | # make assumptions by using 'show-layers', but either way, if the | ||
334 | # layers we need aren't where we expect them, we are out of like. | ||
335 | path = os.path.abspath(os.path.dirname(__file__)) | ||
336 | metadir = path + "/../../../../" | ||
337 | self.meta_qemu = metadir + layer | ||
338 | runCmd('bitbake-layers add-layer "%s"' % self.meta_qemu) | ||
339 | else: | ||
340 | self.meta_qemu = None | ||
341 | self.append_config('MACHINE = "qemux86-64"') | ||
221 | self.append_config('SOTA_CLIENT_PROV = " aktualizr-implicit-prov "') | 342 | self.append_config('SOTA_CLIENT_PROV = " aktualizr-implicit-prov "') |
222 | # note: this will build aktualizr-native as a side-effect | ||
223 | self.qemu, self.s = qemu_launch(machine='qemux86-64') | 343 | self.qemu, self.s = qemu_launch(machine='qemux86-64') |
224 | 344 | ||
225 | def tearDownLocal(self): | 345 | def tearDownLocal(self): |
226 | qemu_terminate(self.s) | 346 | qemu_terminate(self.s) |
347 | if self.meta_qemu: | ||
348 | runCmd('bitbake-layers remove-layer "%s"' % self.meta_qemu, ignore_status=True) | ||
227 | 349 | ||
228 | def qemu_command(self, command): | 350 | def qemu_command(self, command): |
229 | return qemu_send_command(self.qemu.ssh_port, command) | 351 | return qemu_send_command(self.qemu.ssh_port, command) |
@@ -236,10 +358,10 @@ class ImplProvTests(oeSelfTest): | |||
236 | machine = get_bb_var('MACHINE', 'core-image-minimal') | 358 | machine = get_bb_var('MACHINE', 'core-image-minimal') |
237 | self.assertEqual(stderr, b'', 'Error: ' + stderr.decode()) | 359 | self.assertEqual(stderr, b'', 'Error: ' + stderr.decode()) |
238 | # Strip off line ending. | 360 | # Strip off line ending. |
239 | value_str = stdout.decode()[:-1] | 361 | value = stdout.decode()[:-1] |
240 | self.assertEqual(value_str, machine, | 362 | self.assertEqual(value, machine, |
241 | 'MACHINE does not match hostname: ' + machine + ', ' + value_str) | 363 | 'MACHINE does not match hostname: ' + machine + ', ' + value) |
242 | print(value_str) | 364 | print(value) |
243 | print('Checking output of aktualizr-info:') | 365 | print('Checking output of aktualizr-info:') |
244 | ran_ok = False | 366 | ran_ok = False |
245 | for delay in [0, 1, 2, 5, 10, 15]: | 367 | for delay in [0, 1, 2, 5, 10, 15]: |
@@ -267,36 +389,33 @@ class ImplProvTests(oeSelfTest): | |||
267 | akt_native_run(self, 'aktualizr_cert_provider -c {creds} -t root@localhost -p {port} -s -g {config}' | 389 | akt_native_run(self, 'aktualizr_cert_provider -c {creds} -t root@localhost -p {port} -s -g {config}' |
268 | .format(creds=creds, port=self.qemu.ssh_port, config=config)) | 390 | .format(creds=creds, port=self.qemu.ssh_port, config=config)) |
269 | 391 | ||
270 | # Verify that device HAS provisioned. | 392 | verifyProvisioned(self, machine) |
271 | ran_ok = False | ||
272 | for delay in [5, 5, 5, 5, 10]: | ||
273 | sleep(delay) | ||
274 | stdout, stderr, retcode = self.qemu_command('aktualizr-info') | ||
275 | if retcode == 0 and stderr == b'' and stdout.decode().find('Fetched metadata: yes') >= 0: | ||
276 | ran_ok = True | ||
277 | break | ||
278 | self.assertIn(b'Device ID: ', stdout, 'Provisioning failed: ' + stderr.decode() + stdout.decode()) | ||
279 | self.assertIn(b'Primary ecu hardware ID: qemux86-64', stdout, | ||
280 | 'Provisioning failed: ' + stderr.decode() + stdout.decode()) | ||
281 | self.assertIn(b'Fetched metadata: yes', stdout, 'Provisioning failed: ' + stderr.decode() + stdout.decode()) | ||
282 | p = re.compile(r'Device ID: ([a-z0-9-]*)\n') | ||
283 | m = p.search(stdout.decode()) | ||
284 | self.assertTrue(m, 'Device ID could not be read: ' + stderr.decode() + stdout.decode()) | ||
285 | self.assertGreater(m.lastindex, 0, 'Device ID could not be read: ' + stderr.decode() + stdout.decode()) | ||
286 | logger = logging.getLogger("selftest") | ||
287 | logger.info('Device successfully provisioned with ID: ' + m.group(1)) | ||
288 | 393 | ||
289 | 394 | ||
290 | class HsmTests(oeSelfTest): | 395 | class HsmTests(oeSelfTest): |
291 | 396 | ||
292 | def setUpLocal(self): | 397 | def setUpLocal(self): |
398 | layer = "meta-updater-qemux86-64" | ||
399 | result = runCmd('bitbake-layers show-layers') | ||
400 | if re.search(layer, result.output) is None: | ||
401 | # Assume the directory layout for finding other layers. We could also | ||
402 | # make assumptions by using 'show-layers', but either way, if the | ||
403 | # layers we need aren't where we expect them, we are out of like. | ||
404 | path = os.path.abspath(os.path.dirname(__file__)) | ||
405 | metadir = path + "/../../../../" | ||
406 | self.meta_qemu = metadir + layer | ||
407 | runCmd('bitbake-layers add-layer "%s"' % self.meta_qemu) | ||
408 | else: | ||
409 | self.meta_qemu = None | ||
410 | self.append_config('MACHINE = "qemux86-64"') | ||
293 | self.append_config('SOTA_CLIENT_PROV = "aktualizr-hsm-prov"') | 411 | self.append_config('SOTA_CLIENT_PROV = "aktualizr-hsm-prov"') |
294 | self.append_config('SOTA_CLIENT_FEATURES = "hsm"') | 412 | self.append_config('SOTA_CLIENT_FEATURES = "hsm"') |
295 | # note: this will build aktualizr-native as a side-effect | ||
296 | self.qemu, self.s = qemu_launch(machine='qemux86-64') | 413 | self.qemu, self.s = qemu_launch(machine='qemux86-64') |
297 | 414 | ||
298 | def tearDownLocal(self): | 415 | def tearDownLocal(self): |
299 | qemu_terminate(self.s) | 416 | qemu_terminate(self.s) |
417 | if self.meta_qemu: | ||
418 | runCmd('bitbake-layers remove-layer "%s"' % self.meta_qemu, ignore_status=True) | ||
300 | 419 | ||
301 | def qemu_command(self, command): | 420 | def qemu_command(self, command): |
302 | return qemu_send_command(self.qemu.ssh_port, command) | 421 | return qemu_send_command(self.qemu.ssh_port, command) |
@@ -309,10 +428,11 @@ class HsmTests(oeSelfTest): | |||
309 | machine = get_bb_var('MACHINE', 'core-image-minimal') | 428 | machine = get_bb_var('MACHINE', 'core-image-minimal') |
310 | self.assertEqual(stderr, b'', 'Error: ' + stderr.decode()) | 429 | self.assertEqual(stderr, b'', 'Error: ' + stderr.decode()) |
311 | # Strip off line ending. | 430 | # Strip off line ending. |
312 | value_str = stdout.decode()[:-1] | 431 | value = stdout.decode()[:-1] |
313 | self.assertEqual(value_str, machine, | 432 | self.assertEqual(value, machine, |
314 | 'MACHINE does not match hostname: ' + machine + ', ' + value_str) | 433 | 'MACHINE does not match hostname: ' + machine + ', ' + value + |
315 | print(value_str) | 434 | '\nIs tianocore ovmf installed?') |
435 | print(value) | ||
316 | print('Checking output of aktualizr-info:') | 436 | print('Checking output of aktualizr-info:') |
317 | ran_ok = False | 437 | ran_ok = False |
318 | for delay in [0, 1, 2, 5, 10, 15]: | 438 | for delay in [0, 1, 2, 5, 10, 15]: |
@@ -382,24 +502,7 @@ class HsmTests(oeSelfTest): | |||
382 | self.assertEqual(p11_m.group(1), hsm_m.group(1), 'Slot number does not match: ' + | 502 | self.assertEqual(p11_m.group(1), hsm_m.group(1), 'Slot number does not match: ' + |
383 | p11_err.decode() + p11_out.decode() + hsm_err.decode() + hsm_out.decode()) | 503 | p11_err.decode() + p11_out.decode() + hsm_err.decode() + hsm_out.decode()) |
384 | 504 | ||
385 | # Verify that device HAS provisioned. | 505 | verifyProvisioned(self, machine) |
386 | ran_ok = False | ||
387 | for delay in [5, 5, 5, 5, 10]: | ||
388 | sleep(delay) | ||
389 | stdout, stderr, retcode = self.qemu_command('aktualizr-info') | ||
390 | if retcode == 0 and stderr == b'' and stdout.decode().find('Fetched metadata: yes') >= 0: | ||
391 | ran_ok = True | ||
392 | break | ||
393 | self.assertIn(b'Device ID: ', stdout, 'Provisioning failed: ' + stderr.decode() + stdout.decode()) | ||
394 | self.assertIn(b'Primary ecu hardware ID: qemux86-64', stdout, | ||
395 | 'Provisioning failed: ' + stderr.decode() + stdout.decode()) | ||
396 | self.assertIn(b'Fetched metadata: yes', stdout, 'Provisioning failed: ' + stderr.decode() + stdout.decode()) | ||
397 | p = re.compile(r'Device ID: ([a-z0-9-]*)\n') | ||
398 | m = p.search(stdout.decode()) | ||
399 | self.assertTrue(m, 'Device ID could not be read: ' + stderr.decode() + stdout.decode()) | ||
400 | self.assertGreater(m.lastindex, 0, 'Device ID could not be read: ' + stderr.decode() + stdout.decode()) | ||
401 | logger = logging.getLogger("selftest") | ||
402 | logger.info('Device successfully provisioned with ID: ' + m.group(1)) | ||
403 | 506 | ||
404 | 507 | ||
405 | def qemu_launch(efi=False, machine=None): | 508 | def qemu_launch(efi=False, machine=None): |
@@ -466,5 +569,25 @@ def akt_native_run(testInst, cmd, **kwargs): | |||
466 | testInst.assertEqual(result.status, 0, "Status not equal to 0. output: %s" % result.output) | 569 | testInst.assertEqual(result.status, 0, "Status not equal to 0. output: %s" % result.output) |
467 | 570 | ||
468 | 571 | ||
572 | def verifyProvisioned(testInst, machine): | ||
573 | # Verify that device HAS provisioned. | ||
574 | ran_ok = False | ||
575 | for delay in [5, 5, 5, 5, 10]: | ||
576 | sleep(delay) | ||
577 | stdout, stderr, retcode = testInst.qemu_command('aktualizr-info') | ||
578 | if retcode == 0 and stderr == b'' and stdout.decode().find('Fetched metadata: yes') >= 0: | ||
579 | ran_ok = True | ||
580 | break | ||
581 | testInst.assertIn(b'Device ID: ', stdout, 'Provisioning failed: ' + stderr.decode() + stdout.decode()) | ||
582 | testInst.assertIn(b'Primary ecu hardware ID: ' + machine.encode(), stdout, | ||
583 | 'Provisioning failed: ' + stderr.decode() + stdout.decode()) | ||
584 | testInst.assertIn(b'Fetched metadata: yes', stdout, 'Provisioning failed: ' + stderr.decode() + stdout.decode()) | ||
585 | p = re.compile(r'Device ID: ([a-z0-9-]*)\n') | ||
586 | m = p.search(stdout.decode()) | ||
587 | testInst.assertTrue(m, 'Device ID could not be read: ' + stderr.decode() + stdout.decode()) | ||
588 | testInst.assertGreater(m.lastindex, 0, 'Device ID could not be read: ' + stderr.decode() + stdout.decode()) | ||
589 | logger = logging.getLogger("selftest") | ||
590 | logger.info('Device successfully provisioned with ID: ' + m.group(1)) | ||
591 | |||
469 | 592 | ||
470 | # vim:set ts=4 sw=4 sts=4 expandtab: | 593 | # vim:set ts=4 sw=4 sts=4 expandtab: |
diff --git a/recipes-core/ovmf/files/0001-Compare-c-string-with-NULL-instead-of-a-literal.patch b/recipes-core/ovmf/files/0001-Compare-c-string-with-NULL-instead-of-a-literal.patch deleted file mode 100644 index 6bdaf7e..0000000 --- a/recipes-core/ovmf/files/0001-Compare-c-string-with-NULL-instead-of-a-literal.patch +++ /dev/null | |||
@@ -1,25 +0,0 @@ | |||
1 | From 6c730f3da7490ffbba5ad17af29ca44ed167cbfc Mon Sep 17 00:00:00 2001 | ||
2 | From: Patrick Vacek <patrickvacek@gmail.com> | ||
3 | Date: Tue, 13 Feb 2018 16:38:15 +0100 | ||
4 | Subject: [PATCH] Compare c-string with NULL instead of a literal. | ||
5 | |||
6 | --- | ||
7 | BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp | 2 +- | ||
8 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
9 | |||
10 | diff --git a/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp b/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp | ||
11 | index 3ca57ed741..4fa066dd9f 100644 | ||
12 | --- a/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp | ||
13 | +++ b/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp | ||
14 | @@ -3372,7 +3372,7 @@ CVfrStringDB::GetVarStoreNameFormStringId ( | ||
15 | UINT8 BlockType; | ||
16 | EFI_HII_STRING_PACKAGE_HDR *PkgHeader; | ||
17 | |||
18 | - if (mStringFileName == '\0' ) { | ||
19 | + if (mStringFileName == NULL ) { | ||
20 | return NULL; | ||
21 | } | ||
22 | |||
23 | -- | ||
24 | 2.14.1 | ||
25 | |||
diff --git a/recipes-core/ovmf/ovmf_%.bbappend b/recipes-core/ovmf/ovmf_%.bbappend deleted file mode 100644 index 142fc53..0000000 --- a/recipes-core/ovmf/ovmf_%.bbappend +++ /dev/null | |||
@@ -1,3 +0,0 @@ | |||
1 | FILESEXTRAPATHS_prepend := "${THISDIR}/files:" | ||
2 | |||
3 | SRC_URI_append = "file://0001-Compare-c-string-with-NULL-instead-of-a-literal.patch" | ||
diff --git a/recipes-sota/aktualizr/aktualizr-hsm-prov.bb b/recipes-sota/aktualizr/aktualizr-hsm-prov.bb index 944607c..5f8da3c 100644 --- a/recipes-sota/aktualizr/aktualizr-hsm-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-hsm-prov.bb | |||
@@ -1,5 +1,5 @@ | |||
1 | SUMMARY = "Aktualizr configuration with HSM support" | 1 | SUMMARY = "Aktualizr configuration with HSM support" |
2 | DESCRIPTION = "Systemd service and configurations for Aktualizr, the SOTA Client application written in C++" | 2 | DESCRIPTION = "Systemd service and configurations for HSM provisioning with Aktualizr, the SOTA Client application written in C++" |
3 | HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" | 3 | HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" |
4 | SECTION = "base" | 4 | SECTION = "base" |
5 | LICENSE = "MPL-2.0" | 5 | LICENSE = "MPL-2.0" |
@@ -14,14 +14,15 @@ SRC_URI = " \ | |||
14 | PV = "1.0" | 14 | PV = "1.0" |
15 | PR = "6" | 15 | PR = "6" |
16 | 16 | ||
17 | |||
18 | require environment.inc | 17 | require environment.inc |
19 | require credentials.inc | 18 | require credentials.inc |
20 | 19 | ||
21 | do_install() { | 20 | do_install() { |
22 | install -d ${D}${libdir}/sota | 21 | install -d ${D}${libdir}/sota |
23 | aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} --no-root-ca \ | 22 | if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then |
24 | -i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_hsm_prov.toml -o ${D}${libdir}/sota/sota.toml -p ${D} | 23 | aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} --no-root-ca \ |
24 | -i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_hsm_prov.toml -o ${D}${libdir}/sota/sota.toml -p ${D} | ||
25 | fi | ||
25 | } | 26 | } |
26 | 27 | ||
27 | FILES_${PN} = " \ | 28 | FILES_${PN} = " \ |
diff --git a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb index b5bf420..cf3d22c 100644 --- a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb | |||
@@ -4,15 +4,15 @@ HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" | |||
4 | SECTION = "base" | 4 | SECTION = "base" |
5 | LICENSE = "MPL-2.0" | 5 | LICENSE = "MPL-2.0" |
6 | LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE;md5=9741c346eef56131163e13b9db1241b3" | 6 | LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE;md5=9741c346eef56131163e13b9db1241b3" |
7 | |||
7 | DEPENDS = "aktualizr-native" | 8 | DEPENDS = "aktualizr-native" |
8 | RDEPENDS_${PN} = "aktualizr" | 9 | RDEPENDS_${PN} = "aktualizr" |
9 | PV = "1.0" | ||
10 | PR = "1" | ||
11 | 10 | ||
12 | SRC_URI = " \ | 11 | SRC_URI = " \ |
13 | file://LICENSE \ | 12 | file://LICENSE \ |
14 | " | 13 | " |
15 | 14 | PV = "1.0" | |
15 | PR = "1" | ||
16 | 16 | ||
17 | require environment.inc | 17 | require environment.inc |
18 | require credentials.inc | 18 | require credentials.inc |
diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index cba5f87..3af9988 100644 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb | |||
@@ -5,8 +5,8 @@ SECTION = "base" | |||
5 | LICENSE = "MPL-2.0" | 5 | LICENSE = "MPL-2.0" |
6 | LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=9741c346eef56131163e13b9db1241b3" | 6 | LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=9741c346eef56131163e13b9db1241b3" |
7 | 7 | ||
8 | DEPENDS = "boost curl openssl libarchive libsodium " | 8 | DEPENDS = "boost curl openssl libarchive libsodium asn1c-native " |
9 | DEPENDS_append_class-target = "jansson ostree ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', ' libp11', '', d)} " | 9 | DEPENDS_append_class-target = "ostree ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', ' libp11', '', d)} " |
10 | DEPENDS_append_class-native = "glib-2.0-native " | 10 | DEPENDS_append_class-native = "glib-2.0-native " |
11 | 11 | ||
12 | RDEPENDS_${PN}_class-target = "lshw " | 12 | RDEPENDS_${PN}_class-target = "lshw " |
@@ -20,7 +20,7 @@ SRC_URI = " \ | |||
20 | file://aktualizr.service \ | 20 | file://aktualizr.service \ |
21 | file://aktualizr-serialcan.service \ | 21 | file://aktualizr-serialcan.service \ |
22 | " | 22 | " |
23 | SRCREV = "1a6432175b9fb7326173e8db35d326cc1a1011a1" | 23 | SRCREV = "6a2a0db0e557ef0ad95e19baee516a94b67aa566" |
24 | BRANCH ?= "master" | 24 | BRANCH ?= "master" |
25 | 25 | ||
26 | S = "${WORKDIR}/git" | 26 | S = "${WORKDIR}/git" |
@@ -34,11 +34,14 @@ BBCLASSEXTEND =+ "native" | |||
34 | 34 | ||
35 | EXTRA_OECMAKE = "-DWARNING_AS_ERROR=OFF -DCMAKE_BUILD_TYPE=Release -DAKTUALIZR_VERSION=${PV} " | 35 | EXTRA_OECMAKE = "-DWARNING_AS_ERROR=OFF -DCMAKE_BUILD_TYPE=Release -DAKTUALIZR_VERSION=${PV} " |
36 | EXTRA_OECMAKE_append_class-target = " -DBUILD_OSTREE=ON -DBUILD_ISOTP=ON ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', '-DBUILD_P11=ON', '', d)} " | 36 | EXTRA_OECMAKE_append_class-target = " -DBUILD_OSTREE=ON -DBUILD_ISOTP=ON ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', '-DBUILD_P11=ON', '', d)} " |
37 | EXTRA_OECMAKE_append_class-native = " -DBUILD_SOTA_TOOLS=ON -DBUILD_OSTREE=OFF " | 37 | EXTRA_OECMAKE_append_class-native = " -DBUILD_SOTA_TOOLS=ON -DBUILD_OSTREE=OFF -DBUILD_SYSTEMD=OFF " |
38 | 38 | ||
39 | do_install_append () { | 39 | do_install_append () { |
40 | rm -fr ${D}${libdir}/systemd | 40 | rm -fr ${D}${libdir}/systemd |
41 | rm -f ${D}${bindir}/aktualizr-secondary | ||
42 | rm -f ${D}${bindir}/aktualizr-check-discovery | ||
41 | } | 43 | } |
44 | |||
42 | do_install_append_class-target () { | 45 | do_install_append_class-target () { |
43 | rm -f ${D}${bindir}/aktualizr_cert_provider | 46 | rm -f ${D}${bindir}/aktualizr_cert_provider |
44 | rm -f ${D}${bindir}/aktualizr_implicit_writer | 47 | rm -f ${D}${bindir}/aktualizr_implicit_writer |
diff --git a/recipes-sota/aktualizr/environment.inc b/recipes-sota/aktualizr/environment.inc index cba77e7..09da6b7 100644 --- a/recipes-sota/aktualizr/environment.inc +++ b/recipes-sota/aktualizr/environment.inc | |||
@@ -3,7 +3,7 @@ export SOTA_VIRTUAL_SECONDARIES | |||
3 | 3 | ||
4 | do_install_append() { | 4 | do_install_append() { |
5 | if [ -n "${SOTA_LEGACY_SECONDARY_INTERFACE}" ]; then | 5 | if [ -n "${SOTA_LEGACY_SECONDARY_INTERFACE}" ]; then |
6 | AKTUALIZR_PARAMETERS_LEGACYSEC="--legacy-interface ${SOTA_LEGACY_SECONDARY_INTERFACE}"; | 6 | AKTUALIZR_PARAMETERS_LEGACYSEC="--legacy-interface ${SOTA_LEGACY_SECONDARY_INTERFACE}" |
7 | fi | 7 | fi |
8 | 8 | ||
9 | AKTUALIZR_PARAMETERS_CONFIGFILE="--config /usr/lib/sota/sota.toml" | 9 | AKTUALIZR_PARAMETERS_CONFIGFILE="--config /usr/lib/sota/sota.toml" |
diff --git a/recipes-sota/aktualizr/files/aktualizr.service b/recipes-sota/aktualizr/files/aktualizr.service index b6df9d7..1c2e1df 100644 --- a/recipes-sota/aktualizr/files/aktualizr.service +++ b/recipes-sota/aktualizr/files/aktualizr.service | |||
@@ -8,6 +8,7 @@ Requires=network-online.target | |||
8 | RestartSec=10 | 8 | RestartSec=10 |
9 | Restart=always | 9 | Restart=always |
10 | EnvironmentFile=/usr/lib/sota/sota.env | 10 | EnvironmentFile=/usr/lib/sota/sota.env |
11 | EnvironmentFile=-/etc/sota/sota.env | ||
11 | ExecStart=/usr/bin/aktualizr $AKTUALIZR_CMDLINE_PARAMETERS | 12 | ExecStart=/usr/bin/aktualizr $AKTUALIZR_CMDLINE_PARAMETERS |
12 | 13 | ||
13 | [Install] | 14 | [Install] |
diff --git a/recipes-sota/asn1c/asn1c.bb b/recipes-sota/asn1c/asn1c.bb new file mode 100644 index 0000000..9d1517d --- /dev/null +++ b/recipes-sota/asn1c/asn1c.bb | |||
@@ -0,0 +1,17 @@ | |||
1 | SUMMARY = "ASN.1 to C compiler" | ||
2 | DESCRIPTION = "Generates serialization routines from ASN.1 schemas" | ||
3 | HOMEPAGE = "http://lionet.info/asn1c" | ||
4 | SECTION = "base" | ||
5 | LICENSE = "BSD" | ||
6 | LIC_FILES_CHKSUM = "file://LICENSE;md5=ee8bfaaa7d71cf3edb079475e6716d4b" | ||
7 | |||
8 | inherit autotools native | ||
9 | |||
10 | PV = "0.9.28" | ||
11 | SRC_URI = "https://github.com/vlm/asn1c/releases/download/v${PV}/asn1c-${PV}.tar.gz \ | ||
12 | file://skeletons_dir_fix.patch" | ||
13 | SRC_URI[sha256sum] = "8007440b647ef2dd9fb73d931c33ac11764e6afb2437dbe638bb4e5fc82386b9" | ||
14 | |||
15 | BBCLASSEXTEND = "native nativesdk" | ||
16 | |||
17 | # vim:set ts=4 sw=4 sts=4 expandtab: | ||
diff --git a/recipes-sota/asn1c/files/skeletons_dir_fix.patch b/recipes-sota/asn1c/files/skeletons_dir_fix.patch new file mode 100644 index 0000000..f1caa2f --- /dev/null +++ b/recipes-sota/asn1c/files/skeletons_dir_fix.patch | |||
@@ -0,0 +1,44 @@ | |||
1 | From 1a1c2c94f700cf0f4dc5dba863950b16477fdc6d Mon Sep 17 00:00:00 2001 | ||
2 | From: Laurent Bonnans <laurent.bonnans@here.com> | ||
3 | Date: Thu, 25 Jan 2018 09:49:41 +0100 | ||
4 | Subject: [PATCH] Patch the skeletons directory detection | ||
5 | |||
6 | Detect `share/asn1c` from `bin/` if it exists | ||
7 | --- | ||
8 | asn1c/asn1c.c | 9 ++++----- | ||
9 | 1 file changed, 4 insertions(+), 5 deletions(-) | ||
10 | |||
11 | diff --git a/asn1c/asn1c.c b/asn1c/asn1c.c | ||
12 | index eb1eff7c..dd9fc832 100644 | ||
13 | --- a/asn1c/asn1c.c | ||
14 | +++ b/asn1c/asn1c.c | ||
15 | @@ -226,22 +226,21 @@ main(int ac, char **av) { | ||
16 | if(skeletons_dir == NULL) { | ||
17 | struct stat sb; | ||
18 | skeletons_dir = DATADIR; | ||
19 | - if((av[-optind][0] == '.' || av[-optind][1] == '/') | ||
20 | - && stat(skeletons_dir, &sb)) { | ||
21 | + if(stat(skeletons_dir, &sb)) { | ||
22 | /* | ||
23 | * The default skeletons directory does not exist, | ||
24 | * compute it from my file name: | ||
25 | - * ./asn1c/asn1c -> ./skeletons | ||
26 | + * ./asn1c/asn1c -> ./share/asn1c | ||
27 | */ | ||
28 | char *p; | ||
29 | size_t len; | ||
30 | |||
31 | p = a1c_dirname(av[-optind]); | ||
32 | |||
33 | - len = strlen(p) + sizeof("/../skeletons"); | ||
34 | + len = strlen(p) + sizeof("/../share/asn1c"); | ||
35 | skeletons_dir = malloc(len); | ||
36 | assert(skeletons_dir); | ||
37 | - snprintf(skeletons_dir, len, "%s/../skeletons", p); | ||
38 | + snprintf(skeletons_dir, len, "%s/../share/asn1c", p); | ||
39 | if(stat(skeletons_dir, &sb)) { | ||
40 | fprintf(stderr, | ||
41 | "WARNING: skeletons are neither in " | ||
42 | -- | ||
43 | 2.15.1 | ||
44 | |||
diff --git a/recipes-support/libp11/files/0001-Workaround-for-a-buggy-version-of-openssl-1.0.2m.patch b/recipes-support/libp11/files/0001-Workaround-for-a-buggy-version-of-openssl-1.0.2m.patch new file mode 100644 index 0000000..bd233ee --- /dev/null +++ b/recipes-support/libp11/files/0001-Workaround-for-a-buggy-version-of-openssl-1.0.2m.patch | |||
@@ -0,0 +1,42 @@ | |||
1 | From ccab5ce63dd5d3dbb4bd02998d21d34407e550f2 Mon Sep 17 00:00:00 2001 | ||
2 | From: Anton Gerasimov <anton.gerasimov@here.com> | ||
3 | Date: Fri, 19 Jan 2018 12:44:27 +0100 | ||
4 | Subject: [PATCH] Workaround for a buggy version of openssl (1.0.2m) | ||
5 | |||
6 | --- | ||
7 | src/p11_pkey.c | 12 +++++++++--- | ||
8 | 1 file changed, 9 insertions(+), 3 deletions(-) | ||
9 | |||
10 | diff --git a/src/p11_pkey.c b/src/p11_pkey.c | ||
11 | index 45d5ad3..75625e6 100644 | ||
12 | --- a/src/p11_pkey.c | ||
13 | +++ b/src/p11_pkey.c | ||
14 | @@ -139,8 +139,14 @@ static void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src) | ||
15 | |||
16 | #endif | ||
17 | |||
18 | -#if OPENSSL_VERSION_NUMBER < 0x100020d0L || defined(LIBRESSL_VERSION_NUMBER) | ||
19 | -static void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth, | ||
20 | +#if OPENSSL_VERSION_NUMBER < 0x100020f0L || defined(LIBRESSL_VERSION_NUMBER) | ||
21 | + | ||
22 | +# if (OPENSSL_VERSION_NUMBER & 0xFFFFFFF0) == 0x100020d0L | ||
23 | +# undef EVP_PKEY_meth_get_sign | ||
24 | +# undef EVP_PKEY_meth_get_decrypt | ||
25 | +# endif | ||
26 | + | ||
27 | +void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth, | ||
28 | int (**psign_init) (EVP_PKEY_CTX *ctx), | ||
29 | int (**psign) (EVP_PKEY_CTX *ctx, | ||
30 | unsigned char *sig, size_t *siglen, | ||
31 | @@ -152,7 +158,7 @@ static void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth, | ||
32 | *psign = pmeth->sign; | ||
33 | } | ||
34 | |||
35 | -static void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth, | ||
36 | +void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth, | ||
37 | int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), | ||
38 | int (**pdecrypt) (EVP_PKEY_CTX *ctx, | ||
39 | unsigned char *out, | ||
40 | -- | ||
41 | 2.15.1 | ||
42 | |||
diff --git a/recipes-support/libp11/libp11_0.4.7.bb b/recipes-support/libp11/libp11_0.4.7.bb index 877a57e..02d9e50 100644 --- a/recipes-support/libp11/libp11_0.4.7.bb +++ b/recipes-support/libp11/libp11_0.4.7.bb | |||
@@ -9,7 +9,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=fad9b3332be894bab9bc501572864b29" | |||
9 | DEPENDS = "libtool openssl" | 9 | DEPENDS = "libtool openssl" |
10 | RDEPENDS_${PN} += " opensc" | 10 | RDEPENDS_${PN} += " opensc" |
11 | 11 | ||
12 | SRC_URI = "git://github.com/OpenSC/libp11.git" | 12 | SRC_URI = "git://github.com/OpenSC/libp11.git \ |
13 | file://0001-Workaround-for-a-buggy-version-of-openssl-1.0.2m.patch" | ||
13 | SRCREV = "da725ab727342083478150a203a3c80c4551feb4" | 14 | SRCREV = "da725ab727342083478150a203a3c80c4551feb4" |
14 | 15 | ||
15 | S = "${WORKDIR}/git" | 16 | S = "${WORKDIR}/git" |