diff options
| author | Anton Gerasimov <anton.gerasimov@here.com> | 2018-02-01 17:28:22 +0100 |
|---|---|---|
| committer | Anton Gerasimov <anton.gerasimov@here.com> | 2018-02-01 17:28:22 +0100 |
| commit | 296497365ed9fa11c752d51d1e71b25a054cd5d4 (patch) | |
| tree | d92477a7b4eb371f1f057e13059bd2e692fbf51e /classes/image_types_ostree.bbclass | |
| parent | 1ea77e2a98e77956d687cfa6c445518938a5e809 (diff) | |
| parent | e408922dccefca6cfe103be2dce18d7bcc004f1e (diff) | |
| download | meta-updater-296497365ed9fa11c752d51d1e71b25a054cd5d4.tar.gz | |
Merge branch 'rocko'
Diffstat (limited to 'classes/image_types_ostree.bbclass')
| -rw-r--r-- | classes/image_types_ostree.bbclass | 44 |
1 files changed, 25 insertions, 19 deletions
diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass index dc8474c..904db96 100644 --- a/classes/image_types_ostree.bbclass +++ b/classes/image_types_ostree.bbclass | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | # OSTree deployment | 1 | # OSTree deployment |
| 2 | 2 | ||
| 3 | IMAGE_DEPENDS_ostree = "ostree-native:do_populate_sysroot \ | 3 | do_image_ostree[depends] += "ostree-native:do_populate_sysroot \ |
| 4 | openssl-native:do_populate_sysroot \ | 4 | openssl-native:do_populate_sysroot \ |
| 5 | coreutils-native:do_populate_sysroot \ | 5 | coreutils-native:do_populate_sysroot \ |
| 6 | unzip-native:do_populate_sysroot \ | 6 | unzip-native:do_populate_sysroot \ |
| @@ -11,6 +11,7 @@ export OSTREE_REPO | |||
| 11 | export OSTREE_BRANCHNAME | 11 | export OSTREE_BRANCHNAME |
| 12 | 12 | ||
| 13 | RAMDISK_EXT ?= ".${INITRAMFS_FSTYPES}" | 13 | RAMDISK_EXT ?= ".${INITRAMFS_FSTYPES}" |
| 14 | export GARAGE_TARGET_NAME | ||
| 14 | 15 | ||
| 15 | OSTREE_KERNEL ??= "${KERNEL_IMAGETYPE}" | 16 | OSTREE_KERNEL ??= "${KERNEL_IMAGETYPE}" |
| 16 | 17 | ||
| @@ -116,6 +117,7 @@ IMAGE_CMD_ostree () { | |||
| 116 | fi | 117 | fi |
| 117 | 118 | ||
| 118 | if [ -n "${SOTA_SECONDARY_ECUS}" ]; then | 119 | if [ -n "${SOTA_SECONDARY_ECUS}" ]; then |
| 120 | mkdir -p var/sota/ecus | ||
| 119 | cp ${SOTA_SECONDARY_ECUS} var/sota/ecus | 121 | cp ${SOTA_SECONDARY_ECUS} var/sota/ecus |
| 120 | fi | 122 | fi |
| 121 | 123 | ||
| @@ -158,7 +160,7 @@ IMAGE_CMD_ostree () { | |||
| 158 | } | 160 | } |
| 159 | 161 | ||
| 160 | IMAGE_TYPEDEP_ostreepush = "ostree" | 162 | IMAGE_TYPEDEP_ostreepush = "ostree" |
| 161 | IMAGE_DEPENDS_ostreepush = "aktualizr-native:do_populate_sysroot ca-certificates-native:do_populate_sysroot " | 163 | do_image_ostreepush[depends] += "aktualizr-native:do_populate_sysroot ca-certificates-native:do_populate_sysroot" |
| 162 | IMAGE_CMD_ostreepush () { | 164 | IMAGE_CMD_ostreepush () { |
| 163 | # Print warnings if credetials are not set or if the file has not been found. | 165 | # Print warnings if credetials are not set or if the file has not been found. |
| 164 | if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then | 166 | if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then |
| @@ -176,11 +178,11 @@ IMAGE_CMD_ostreepush () { | |||
| 176 | } | 178 | } |
| 177 | 179 | ||
| 178 | IMAGE_TYPEDEP_garagesign = "ostreepush" | 180 | IMAGE_TYPEDEP_garagesign = "ostreepush" |
| 179 | IMAGE_DEPENDS_garagesign = "garage-sign-native:do_populate_sysroot" | 181 | do_image_garage_sign[depends] += "aktualizr-native:do_populate_sysroot" |
| 180 | IMAGE_CMD_garagesign () { | 182 | IMAGE_CMD_garagesign () { |
| 181 | if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then | 183 | if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then |
| 182 | # if credentials are issued by a server that doesn't support offline signing, exit silently | 184 | # if credentials are issued by a server that doesn't support offline signing, exit silently |
| 183 | unzip -p ${SOTA_PACKED_CREDENTIALS} root.json targets.pub targets.sec 2>&1 >/dev/null || exit 0 | 185 | unzip -p ${SOTA_PACKED_CREDENTIALS} root.json targets.pub targets.sec tufrepo.url 2>&1 >/dev/null || exit 0 |
| 184 | 186 | ||
| 185 | java_version=$( java -version 2>&1 | awk -F '"' '/version/ {print $2}' ) | 187 | java_version=$( java -version 2>&1 | awk -F '"' '/version/ {print $2}' ) |
| 186 | if [ "${java_version}" = "" ]; then | 188 | if [ "${java_version}" = "" ]; then |
| @@ -191,15 +193,8 @@ IMAGE_CMD_garagesign () { | |||
| 191 | exit 1 | 193 | exit 1 |
| 192 | fi | 194 | fi |
| 193 | 195 | ||
| 194 | if [ ! -d "${GARAGE_SIGN_REPO}" ]; then | 196 | rm -rf ${GARAGE_SIGN_REPO} |
| 195 | garage-sign init --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --credentials ${SOTA_PACKED_CREDENTIALS} | 197 | garage-sign init --repo tufrepo --home-dir ${GARAGE_SIGN_REPO} --credentials ${SOTA_PACKED_CREDENTIALS} |
| 196 | fi | ||
| 197 | |||
| 198 | if [ -n "${GARAGE_SIGN_REPOSERVER}" ]; then | ||
| 199 | reposerver_args="--reposerver ${GARAGE_SIGN_REPOSERVER}" | ||
| 200 | else | ||
| 201 | reposerver_args="" | ||
| 202 | fi | ||
| 203 | 198 | ||
| 204 | ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME}) | 199 | ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME}) |
| 205 | 200 | ||
| @@ -207,11 +202,11 @@ IMAGE_CMD_garagesign () { | |||
| 207 | # in which case targets.json should be pulled again and the whole procedure repeated | 202 | # in which case targets.json should be pulled again and the whole procedure repeated |
| 208 | push_success=0 | 203 | push_success=0 |
| 209 | for push_retries in $( seq 3 ); do | 204 | for push_retries in $( seq 3 ); do |
| 210 | garage-sign targets pull --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} ${reposerver_args} | 205 | garage-sign targets pull --repo tufrepo --home-dir ${GARAGE_SIGN_REPO} |
| 211 | garage-sign targets add --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --name ${OSTREE_BRANCHNAME} --format OSTREE --version ${OSTREE_BRANCHNAME} --length 0 --url "https://example.com/" --sha256 ${ostree_target_hash} --hardwareids ${MACHINE} | 206 | garage-sign targets add --repo tufrepo --home-dir ${GARAGE_SIGN_REPO} --name ${GARAGE_TARGET_NAME} --format OSTREE --version ${ostree_target_hash} --length 0 --url "https://example.com/" --sha256 ${ostree_target_hash} --hardwareids ${MACHINE} |
| 212 | garage-sign targets sign --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --key-name=targets | 207 | garage-sign targets sign --repo tufrepo --home-dir ${GARAGE_SIGN_REPO} --key-name=targets |
| 213 | errcode=0 | 208 | errcode=0 |
| 214 | garage-sign targets push --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} ${reposerver_args} || errcode=$? | 209 | garage-sign targets push --repo tufrepo --home-dir ${GARAGE_SIGN_REPO} || errcode=$? |
| 215 | if [ "$errcode" -eq "0" ]; then | 210 | if [ "$errcode" -eq "0" ]; then |
| 216 | push_success=1 | 211 | push_success=1 |
| 217 | break | 212 | break |
| @@ -224,9 +219,20 @@ IMAGE_CMD_garagesign () { | |||
| 224 | bberror "Couldn't push to garage repository" | 219 | bberror "Couldn't push to garage repository" |
| 225 | exit 1 | 220 | exit 1 |
| 226 | fi | 221 | fi |
| 227 | else | ||
| 228 | bbwarn "SOTA_PACKED_CREDENTIALS not set. Please add SOTA_PACKED_CREDENTIALS." | ||
| 229 | fi | 222 | fi |
| 230 | } | 223 | } |
| 231 | 224 | ||
| 225 | IMAGE_TYPEDEP_garagecheck = "ostreepush garagesign" | ||
| 226 | do_image_garagecheck[depends] += "aktualizr-native:do_populate_sysroot" | ||
| 227 | IMAGE_CMD_garagecheck () { | ||
| 228 | if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then | ||
| 229 | # if credentials are issued by a server that doesn't support offline signing, exit silently | ||
| 230 | unzip -p ${SOTA_PACKED_CREDENTIALS} root.json targets.pub targets.sec tufrepo.url 2>&1 >/dev/null || exit 0 | ||
| 231 | ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME}) | ||
| 232 | |||
| 233 | garage-check --ref=${ostree_target_hash} \ | ||
| 234 | --credentials=${SOTA_PACKED_CREDENTIALS} \ | ||
| 235 | --cacert=${STAGING_ETCDIR_NATIVE}/ssl/certs/ca-certificates.crt | ||
| 236 | fi | ||
| 237 | } | ||
| 232 | # vim:set ts=4 sw=4 sts=4 expandtab: | 238 | # vim:set ts=4 sw=4 sts=4 expandtab: |