diff options
author | Anton Gerasimov <anton.gerasimov@here.com> | 2018-02-01 17:28:22 +0100 |
---|---|---|
committer | Anton Gerasimov <anton.gerasimov@here.com> | 2018-02-01 17:28:22 +0100 |
commit | 296497365ed9fa11c752d51d1e71b25a054cd5d4 (patch) | |
tree | d92477a7b4eb371f1f057e13059bd2e692fbf51e /classes/image_types_ostree.bbclass | |
parent | 1ea77e2a98e77956d687cfa6c445518938a5e809 (diff) | |
parent | e408922dccefca6cfe103be2dce18d7bcc004f1e (diff) | |
download | meta-updater-296497365ed9fa11c752d51d1e71b25a054cd5d4.tar.gz |
Merge branch 'rocko'
Diffstat (limited to 'classes/image_types_ostree.bbclass')
-rw-r--r-- | classes/image_types_ostree.bbclass | 44 |
1 files changed, 25 insertions, 19 deletions
diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass index dc8474c..904db96 100644 --- a/classes/image_types_ostree.bbclass +++ b/classes/image_types_ostree.bbclass | |||
@@ -1,6 +1,6 @@ | |||
1 | # OSTree deployment | 1 | # OSTree deployment |
2 | 2 | ||
3 | IMAGE_DEPENDS_ostree = "ostree-native:do_populate_sysroot \ | 3 | do_image_ostree[depends] += "ostree-native:do_populate_sysroot \ |
4 | openssl-native:do_populate_sysroot \ | 4 | openssl-native:do_populate_sysroot \ |
5 | coreutils-native:do_populate_sysroot \ | 5 | coreutils-native:do_populate_sysroot \ |
6 | unzip-native:do_populate_sysroot \ | 6 | unzip-native:do_populate_sysroot \ |
@@ -11,6 +11,7 @@ export OSTREE_REPO | |||
11 | export OSTREE_BRANCHNAME | 11 | export OSTREE_BRANCHNAME |
12 | 12 | ||
13 | RAMDISK_EXT ?= ".${INITRAMFS_FSTYPES}" | 13 | RAMDISK_EXT ?= ".${INITRAMFS_FSTYPES}" |
14 | export GARAGE_TARGET_NAME | ||
14 | 15 | ||
15 | OSTREE_KERNEL ??= "${KERNEL_IMAGETYPE}" | 16 | OSTREE_KERNEL ??= "${KERNEL_IMAGETYPE}" |
16 | 17 | ||
@@ -116,6 +117,7 @@ IMAGE_CMD_ostree () { | |||
116 | fi | 117 | fi |
117 | 118 | ||
118 | if [ -n "${SOTA_SECONDARY_ECUS}" ]; then | 119 | if [ -n "${SOTA_SECONDARY_ECUS}" ]; then |
120 | mkdir -p var/sota/ecus | ||
119 | cp ${SOTA_SECONDARY_ECUS} var/sota/ecus | 121 | cp ${SOTA_SECONDARY_ECUS} var/sota/ecus |
120 | fi | 122 | fi |
121 | 123 | ||
@@ -158,7 +160,7 @@ IMAGE_CMD_ostree () { | |||
158 | } | 160 | } |
159 | 161 | ||
160 | IMAGE_TYPEDEP_ostreepush = "ostree" | 162 | IMAGE_TYPEDEP_ostreepush = "ostree" |
161 | IMAGE_DEPENDS_ostreepush = "aktualizr-native:do_populate_sysroot ca-certificates-native:do_populate_sysroot " | 163 | do_image_ostreepush[depends] += "aktualizr-native:do_populate_sysroot ca-certificates-native:do_populate_sysroot" |
162 | IMAGE_CMD_ostreepush () { | 164 | IMAGE_CMD_ostreepush () { |
163 | # Print warnings if credetials are not set or if the file has not been found. | 165 | # Print warnings if credetials are not set or if the file has not been found. |
164 | if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then | 166 | if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then |
@@ -176,11 +178,11 @@ IMAGE_CMD_ostreepush () { | |||
176 | } | 178 | } |
177 | 179 | ||
178 | IMAGE_TYPEDEP_garagesign = "ostreepush" | 180 | IMAGE_TYPEDEP_garagesign = "ostreepush" |
179 | IMAGE_DEPENDS_garagesign = "garage-sign-native:do_populate_sysroot" | 181 | do_image_garage_sign[depends] += "aktualizr-native:do_populate_sysroot" |
180 | IMAGE_CMD_garagesign () { | 182 | IMAGE_CMD_garagesign () { |
181 | if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then | 183 | if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then |
182 | # if credentials are issued by a server that doesn't support offline signing, exit silently | 184 | # if credentials are issued by a server that doesn't support offline signing, exit silently |
183 | unzip -p ${SOTA_PACKED_CREDENTIALS} root.json targets.pub targets.sec 2>&1 >/dev/null || exit 0 | 185 | unzip -p ${SOTA_PACKED_CREDENTIALS} root.json targets.pub targets.sec tufrepo.url 2>&1 >/dev/null || exit 0 |
184 | 186 | ||
185 | java_version=$( java -version 2>&1 | awk -F '"' '/version/ {print $2}' ) | 187 | java_version=$( java -version 2>&1 | awk -F '"' '/version/ {print $2}' ) |
186 | if [ "${java_version}" = "" ]; then | 188 | if [ "${java_version}" = "" ]; then |
@@ -191,15 +193,8 @@ IMAGE_CMD_garagesign () { | |||
191 | exit 1 | 193 | exit 1 |
192 | fi | 194 | fi |
193 | 195 | ||
194 | if [ ! -d "${GARAGE_SIGN_REPO}" ]; then | 196 | rm -rf ${GARAGE_SIGN_REPO} |
195 | garage-sign init --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --credentials ${SOTA_PACKED_CREDENTIALS} | 197 | garage-sign init --repo tufrepo --home-dir ${GARAGE_SIGN_REPO} --credentials ${SOTA_PACKED_CREDENTIALS} |
196 | fi | ||
197 | |||
198 | if [ -n "${GARAGE_SIGN_REPOSERVER}" ]; then | ||
199 | reposerver_args="--reposerver ${GARAGE_SIGN_REPOSERVER}" | ||
200 | else | ||
201 | reposerver_args="" | ||
202 | fi | ||
203 | 198 | ||
204 | ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME}) | 199 | ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME}) |
205 | 200 | ||
@@ -207,11 +202,11 @@ IMAGE_CMD_garagesign () { | |||
207 | # in which case targets.json should be pulled again and the whole procedure repeated | 202 | # in which case targets.json should be pulled again and the whole procedure repeated |
208 | push_success=0 | 203 | push_success=0 |
209 | for push_retries in $( seq 3 ); do | 204 | for push_retries in $( seq 3 ); do |
210 | garage-sign targets pull --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} ${reposerver_args} | 205 | garage-sign targets pull --repo tufrepo --home-dir ${GARAGE_SIGN_REPO} |
211 | garage-sign targets add --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --name ${OSTREE_BRANCHNAME} --format OSTREE --version ${OSTREE_BRANCHNAME} --length 0 --url "https://example.com/" --sha256 ${ostree_target_hash} --hardwareids ${MACHINE} | 206 | garage-sign targets add --repo tufrepo --home-dir ${GARAGE_SIGN_REPO} --name ${GARAGE_TARGET_NAME} --format OSTREE --version ${ostree_target_hash} --length 0 --url "https://example.com/" --sha256 ${ostree_target_hash} --hardwareids ${MACHINE} |
212 | garage-sign targets sign --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --key-name=targets | 207 | garage-sign targets sign --repo tufrepo --home-dir ${GARAGE_SIGN_REPO} --key-name=targets |
213 | errcode=0 | 208 | errcode=0 |
214 | garage-sign targets push --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} ${reposerver_args} || errcode=$? | 209 | garage-sign targets push --repo tufrepo --home-dir ${GARAGE_SIGN_REPO} || errcode=$? |
215 | if [ "$errcode" -eq "0" ]; then | 210 | if [ "$errcode" -eq "0" ]; then |
216 | push_success=1 | 211 | push_success=1 |
217 | break | 212 | break |
@@ -224,9 +219,20 @@ IMAGE_CMD_garagesign () { | |||
224 | bberror "Couldn't push to garage repository" | 219 | bberror "Couldn't push to garage repository" |
225 | exit 1 | 220 | exit 1 |
226 | fi | 221 | fi |
227 | else | ||
228 | bbwarn "SOTA_PACKED_CREDENTIALS not set. Please add SOTA_PACKED_CREDENTIALS." | ||
229 | fi | 222 | fi |
230 | } | 223 | } |
231 | 224 | ||
225 | IMAGE_TYPEDEP_garagecheck = "ostreepush garagesign" | ||
226 | do_image_garagecheck[depends] += "aktualizr-native:do_populate_sysroot" | ||
227 | IMAGE_CMD_garagecheck () { | ||
228 | if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then | ||
229 | # if credentials are issued by a server that doesn't support offline signing, exit silently | ||
230 | unzip -p ${SOTA_PACKED_CREDENTIALS} root.json targets.pub targets.sec tufrepo.url 2>&1 >/dev/null || exit 0 | ||
231 | ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME}) | ||
232 | |||
233 | garage-check --ref=${ostree_target_hash} \ | ||
234 | --credentials=${SOTA_PACKED_CREDENTIALS} \ | ||
235 | --cacert=${STAGING_ETCDIR_NATIVE}/ssl/certs/ca-certificates.crt | ||
236 | fi | ||
237 | } | ||
232 | # vim:set ts=4 sw=4 sts=4 expandtab: | 238 | # vim:set ts=4 sw=4 sts=4 expandtab: |