Add SOTA_DEPLOY_CREDENTIALS variable to control whether the built image should be provisioned

author: Anton Gerasimov <anton@advancedtelematic.com> 2018-09-05 16:22:07 +0200
committer: Patrick Vacek <patrickvacek@gmail.com> 2018-10-02 12:51:40 +0200
commit: 0e3423aa8e92a7846f55fbb530ddd1a67f262f6d (patch)
tree: 817da33213238df104cd2b4ba8f4a0c803fcdcd0 /recipes-sota/aktualizr
parent: 5033efdb67c1f18e63c65c23a1bf029123995928 (diff)
download: meta-updater-0e3423aa8e92a7846f55fbb530ddd1a67f262f6d.tar.gz
7 files changed, 87 insertions, 103 deletions
diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-auto-prov-creds.bb
new file mode 100644
index 0000000..d964a0a
--- /dev/null
+++ b/recipes-sota/aktualizr/aktualizr-auto-prov-creds.bb
@@ -0,0 +1,23 @@
+SUMMARY = "Credentials for autoprovisioning scenario"
+SECTION = "base"
+LICENSE = "MPL-2.0"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad"
+DEPENDS = "aktualizr-native zip-native"
+require credentials.inc
+do_install() {
+    if [ -n ${SOTA_PACKED_CREDENTIALS} ]; then
+        install -m 0700 -d ${D}${localstatedir}/sota
+        cp ${SOTA_PACKED_CREDENTIALS} ${D}${localstatedir}/sota/sota_provisioning_credentials.zip
+        # Device should not be able to push data to treehub
+        zip -d ${D}${localstatedir}/sota/sota_provisioning_credentials.zip treehub.json
+    fi
+}
+FILES_${PN} = " \
+                ${localstatedir}/sota/sota_provisioning_credentials.zip \
+                "
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov.bb b/recipes-sota/aktualizr/aktualizr-auto-prov.bb
index 9fa95ed..65e89bd 100644
--- a/recipes-sota/aktualizr/aktualizr-auto-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-auto-prov.bb
@@ -6,7 +6,8 @@ LICENSE = "MPL-2.0"
 LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad"
 DEPENDS = "aktualizr-native zip-native"
-RDEPENDS_${PN} = "aktualizr"
+RDEPENDS_${PN}_append = "${@' aktualizr-auto-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS', True) == '1' else ''}"
+RDEPENDS_${PN} = " aktualizr"
 PV = "1.0"
 PR = "6"
@@ -31,19 +32,10 @@ do_install() {
    install -m 0700 -d ${D}${libdir}/sota/conf.d
    install -m 0700 -d ${D}${localstatedir}/sota
-    if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
+    aktualizr_toml=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-network', 'sota_autoprov_primary.toml', 'sota_autoprov.toml', d)}
-        aktualizr_toml=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-network', 'sota_autoprov_primary.toml', 'sota_autoprov.toml', d)}
+    install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/${aktualizr_toml} \
-        install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/${aktualizr_toml} \
+        ${D}${libdir}/sota/conf.d/20-${aktualizr_toml}
-            ${D}${libdir}/sota/conf.d/20-${aktualizr_toml}
-        # deploy SOTA credentials
-        if [ -e ${SOTA_PACKED_CREDENTIALS} ]; then
-            cp ${SOTA_PACKED_CREDENTIALS} ${D}${localstatedir}/sota/sota_provisioning_credentials.zip
-            # Device should not be able to push data to treehub
-            zip -d ${D}${localstatedir}/sota/sota_provisioning_credentials.zip treehub.json
-        fi
-    fi
 }
 FILES_${PN} = " \
diff --git a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb
new file mode 100644
index 0000000..5debc19
--- /dev/null
+++ b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb
@@ -0,0 +1,50 @@
+SUMMARY = "Credentials for implicit provisioning with CA certificate"
+SECTION = "base"
+LICENSE = "MPL-2.0"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad"
+DEPENDS = "aktualizr aktualizr-native"
+SRC_URI = " \
+  file://ca.cnf \
+  "
+require credentials.inc
+export SOTA_CACERT_PATH
+export SOTA_CAKEY_PATH
+do_install() {
+    if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
+        if [ -z ${SOTA_CACERT_PATH} ]; then
+            SOTA_CACERT_PATH=${DEPLOY_DIR_IMAGE}/CA/cacert.pem
+            SOTA_CAKEY_PATH=${DEPLOY_DIR_IMAGE}/CA/ca.private.pem
+            mkdir -p ${DEPLOY_DIR_IMAGE}/CA
+            bbwarn "SOTA_CACERT_PATH is not specified, use default one at $SOTA_CACERT_PATH"
+            if [ ! -f ${SOTA_CACERT_PATH} ]; then
+                bbwarn "${SOTA_CACERT_PATH} does not exist, generate a new CA"
+                SOTA_CACERT_DIR_PATH="$(dirname "$SOTA_CACERT_PATH")"
+                openssl genrsa -out ${SOTA_CACERT_DIR_PATH}/ca.private.pem 4096
+                openssl req -key ${SOTA_CACERT_DIR_PATH}/ca.private.pem -new -x509 -days 7300 -out ${SOTA_CACERT_PATH} -subj "/C=DE/ST=Berlin/O=Reis und Kichererbsen e.V/commonName=meta-updater" -batch -config ${WORKDIR}/ca.cnf -extensions cacert
+                bbwarn "${SOTA_CACERT_PATH} has been created, you'll need to upload it to the server"
+            fi
+        fi
+        if [ -z ${SOTA_CAKEY_PATH} ]; then
+            bberror "SOTA_CAKEY_PATH should be set when using implicit provisioning"
+        fi
+        install -m 0700 -d ${D}${localstatedir}/sota
+        aktualizr_cert_provider --credentials ${SOTA_PACKED_CREDENTIALS} \
+                                --device-ca ${SOTA_CACERT_PATH} \
+                                --device-ca-key ${SOTA_CAKEY_PATH} \
+                                --root-ca \
+                                --server-url \
+                                --local ${D} \
+                                --config ${STAGING_DIR_HOST}${libdir}/sota/sota_implicit_prov_ca.toml
+    fi
+}
+FILES_${PN} = " \
+                ${localstatedir}/sota/*"
diff --git a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb
index 1ad561c..2763185 100644
--- a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb
@@ -9,64 +9,24 @@ SECTION = "base"
 LICENSE = "MPL-2.0"
 LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad"
-DEPENDS = "aktualizr-native openssl-native"
+DEPENDS = "aktualizr aktualizr-native openssl-native"
-RDEPENDS_${PN} = "aktualizr"
+RDEPENDS_${PN}_append = "${@' aktualizr-ca-implicit-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS', True) == '1' else ''}"
-SRC_URI = " \
-  file://ca.cnf \
-  "
 PV = "1.0"
 PR = "1"
 require environment.inc
 require credentials.inc
-export SOTA_CACERT_PATH
-export SOTA_CAKEY_PATH
 do_install() {
    install -m 0700 -d ${D}${libdir}/sota/conf.d
-    if [ -z "${SOTA_PACKED_CREDENTIALS}" ]; then
+    install -m 0644 ${STAGING_DIR_HOST}${libdir}/sota/sota_implicit_prov_ca.toml \
-        bberror "SOTA_PACKED_CREDENTIALS are required for implicit provisioning"
-    fi
-    if [ -z ${SOTA_CACERT_PATH} ]; then
-        SOTA_CACERT_PATH=${DEPLOY_DIR_IMAGE}/CA/cacert.pem
-        SOTA_CAKEY_PATH=${DEPLOY_DIR_IMAGE}/CA/ca.private.pem
-        mkdir -p ${DEPLOY_DIR_IMAGE}/CA
-        bbwarn "SOTA_CACERT_PATH is not specified, use default one at $SOTA_CACERT_PATH"
-        if [ ! -f ${SOTA_CACERT_PATH} ]; then
-            bbwarn "${SOTA_CACERT_PATH} does not exist, generate a new CA"
-            SOTA_CACERT_DIR_PATH="$(dirname "$SOTA_CACERT_PATH")"
-            openssl genrsa -out ${SOTA_CACERT_DIR_PATH}/ca.private.pem 4096
-            openssl req -key ${SOTA_CACERT_DIR_PATH}/ca.private.pem -new -x509 -days 7300 -out ${SOTA_CACERT_PATH} -subj "/C=DE/ST=Berlin/O=Reis und Kichererbsen e.V/commonName=meta-updater" -batch -config ${WORKDIR}/ca.cnf -extensions cacert
-            bbwarn "${SOTA_CACERT_PATH} has been created, you'll need to upload it to the server"
-        fi
-    fi
-    if [ -z ${SOTA_CAKEY_PATH} ]; then
-        bberror "SOTA_CAKEY_PATH should be set when using implicit provisioning"
-    fi
-    install -m 0700 -d ${D}${localstatedir}/sota
-    install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov_ca.toml \
        ${D}${libdir}/sota/conf.d/20-sota_implicit_prov_ca.toml
-    aktualizr_cert_provider --credentials ${SOTA_PACKED_CREDENTIALS} \
-                            --device-ca ${SOTA_CACERT_PATH} \
-                            --device-ca-key ${SOTA_CAKEY_PATH} \
-                            --root-ca \
-                            --server-url \
-                            --local ${D}${localstatedir}/sota \
-                            --config ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov_ca.toml
 }
 FILES_${PN} = " \
-                ${libdir}/sota/conf.d \
                ${libdir}/sota/conf.d/20-sota_implicit_prov_ca.toml \
-                ${libdir}/sota/root.crt \
-                ${localstatedir}/sota/* \
                "
 # vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/recipes-sota/aktualizr/aktualizr-hsm-prov.bb b/recipes-sota/aktualizr/aktualizr-hsm-prov.bb
index e811424..151b543 100644
--- a/recipes-sota/aktualizr/aktualizr-hsm-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-hsm-prov.bb
@@ -5,8 +5,8 @@ SECTION = "base"
 LICENSE = "MPL-2.0"
 LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad"
-DEPENDS = "aktualizr-native"
+DEPENDS = "aktualizr aktualizr-native"
-RDEPENDS_${PN} = "aktualizr"
+RDEPENDS_${PN}_append = "${@' aktualizr-ca-implicit-prov-creds softhsm-testtoken' if d.getVar('SOTA_DEPLOY_CREDENTIALS', True) == '1' else ''}"
 SRC_URI = ""
 PV = "1.0"
@@ -19,16 +19,11 @@ do_install() {
    install -m 0700 -d ${D}${libdir}/sota/conf.d
    install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_hsm_prov.toml \
        ${D}${libdir}/sota/conf.d/20-sota_hsm_prov.toml
-    if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
-        aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} --no-root-ca \
-            -o ${D}${libdir}/sota/conf.d/30-implicit_server.toml -p ${D}
-    fi
 }
 FILES_${PN} = " \
                ${libdir}/sota/conf.d \
                ${libdir}/sota/conf.d/20-sota_hsm_prov.toml \
-                ${libdir}/sota/conf.d/30-implicit_server.toml \
                "
 # vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
deleted file mode 100644
index 69ab03c..0000000
--- a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
+++ /dev/null
@@ -1,35 +0,0 @@
-SUMMARY = "Aktualizr configuration for implicit provisioning"
-DESCRIPTION = "Configuration for implicitly provisioning Aktualizr, the SOTA Client application written in C++"
-HOMEPAGE = "https://github.com/advancedtelematic/aktualizr"
-SECTION = "base"
-LICENSE = "MPL-2.0"
-LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad"
-DEPENDS = "aktualizr-native"
-RDEPENDS_${PN} = "aktualizr"
-SRC_URI = ""
-PV = "1.0"
-PR = "1"
-require environment.inc
-require credentials.inc
-do_install() {
-    install -m 0700 -d ${D}${libdir}/sota/conf.d
-    install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov.toml \
-        ${D}${libdir}/sota/conf.d/20-sota_implicit_prov.toml
-    if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
-        aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} \
-            -o ${D}${libdir}/sota/conf.d/30-implicit_server.toml -p ${D}
-    fi
-}
-FILES_${PN} = " \
-                ${libdir}/sota/conf.d \
-                ${libdir}/sota/conf.d/20-implicit_prov.toml \
-                ${libdir}/sota/conf.d/30-implicit_server.toml \
-                ${libdir}/sota/root.crt \
-                "
-# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb
index 20008c9..c3a7420 100755
--- a/recipes-sota/aktualizr/aktualizr_git.bb
+++ b/recipes-sota/aktualizr/aktualizr_git.bb
@@ -11,12 +11,13 @@ DEPENDS_append_class-native = "glib-2.0-native "
 RDEPENDS_${PN}_class-target = "lshw "
 RDEPENDS_${PN}_append_class-target = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'serialcan', ' slcand-start', '', d)} "
-RDEPENDS_${PN}_append_class-target = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', ' softhsm softhsm-testtoken', '', d)}"
 RDEPENDS_${PN}_append_class-target = " ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'ubootenv', ' u-boot-fw-utils aktualizr-uboot-env-rollback', '', d)} "
 RDEPENDS_${PN}_append_class-target = " ${PN}-tools "
 RDEPENDS_${PN}-secondary_append_class-target = " ${PN}-tools "
+RDEPENDS_${PN}_class-target = " openssl-bin "
 PV = "1.0+git${SRCPV}"
 PR = "7"
@@ -27,7 +28,7 @@ SRC_URI = " \
  file://aktualizr-secondary.socket \
  file://aktualizr-serialcan.service \
  "
-SRCREV = "487905ccb2a4b7e8b01becd051242fe504e85950"
+SRCREV = "097c763ab4b4b057fa6bedfdac2049e53df93539"
 BRANCH ?= "master"
 S = "${WORKDIR}/git"
@@ -65,7 +66,6 @@ do_install_append () {
    install -m 0644 ${S}/config/sota_autoprov.toml ${D}/${libdir}/sota/sota_autoprov.toml
    install -m 0644 ${S}/config/sota_autoprov_primary.toml ${D}/${libdir}/sota/sota_autoprov_primary.toml
    install -m 0644 ${S}/config/sota_hsm_prov.toml ${D}/${libdir}/sota/sota_hsm_prov.toml
-    install -m 0644 ${S}/config/sota_implicit_prov.toml ${D}/${libdir}/sota/sota_implicit_prov.toml
    install -m 0644 ${S}/config/sota_implicit_prov_ca.toml ${D}/${libdir}/sota/sota_implicit_prov_ca.toml
    install -m 0644 ${S}/config/sota_secondary.toml ${D}/${libdir}/sota/sota_secondary.toml
    install -m 0644 ${S}/config/sota_uboot_env.toml ${D}/${libdir}/sota/sota_uboot_env.toml
@@ -114,7 +114,6 @@ FILES_${PN}-host-tools = " \
                ${libdir}/sota/sota_autoprov.toml \
                ${libdir}/sota/sota_autoprov_primary.toml \
                ${libdir}/sota/sota_hsm_prov.toml \
-                ${libdir}/sota/sota_implicit_prov.toml \
                ${libdir}/sota/sota_implicit_prov_ca.toml \
                ${libdir}/sota/sota_uboot_env.toml \
                "
author	Anton Gerasimov <anton@advancedtelematic.com>	2018-09-05 16:22:07 +0200
committer	Patrick Vacek <patrickvacek@gmail.com>	2018-10-02 12:51:40 +0200
commit	0e3423aa8e92a7846f55fbb530ddd1a67f262f6d (patch)
tree	817da33213238df104cd2b4ba8f4a0c803fcdcd0 /recipes-sota/aktualizr
parent	5033efdb67c1f18e63c65c23a1bf029123995928 (diff)
download	meta-updater-0e3423aa8e92a7846f55fbb530ddd1a67f262f6d.tar.gz

diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-auto-prov-creds.bb new file mode 100644 index 0000000..d964a0a --- /dev/null +++ b/recipes-sota/aktualizr/aktualizr-auto-prov-creds.bb
@@ -0,0 +1,23 @@
		1	SUMMARY = "Credentials for autoprovisioning scenario"
		2	SECTION = "base"
		3	LICENSE = "MPL-2.0"
		4	LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad"
		5
		6	DEPENDS = "aktualizr-native zip-native"
		7
		8	require credentials.inc
		9
		10	do_install() {
		11	if [ -n ${SOTA_PACKED_CREDENTIALS} ]; then
		12	install -m 0700 -d ${D}${localstatedir}/sota
		13	cp ${SOTA_PACKED_CREDENTIALS} ${D}${localstatedir}/sota/sota_provisioning_credentials.zip
		14	# Device should not be able to push data to treehub
		15	zip -d ${D}${localstatedir}/sota/sota_provisioning_credentials.zip treehub.json
		16	fi
		17	}
		18
		19	FILES_${PN} = " \
		20	${localstatedir}/sota/sota_provisioning_credentials.zip \
		21	"
		22
		23	# vim:set ts=4 sw=4 sts=4 expandtab:


diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov.bb b/recipes-sota/aktualizr/aktualizr-auto-prov.bb index 9fa95ed..65e89bd 100644 --- a/recipes-sota/aktualizr/aktualizr-auto-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-auto-prov.bb
@@ -6,7 +6,8 @@ LICENSE = "MPL-2.0"
6	LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad"	6	LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad"
7		7
8	DEPENDS = "aktualizr-native zip-native"	8	DEPENDS = "aktualizr-native zip-native"
9	RDEPENDS_${PN} = "aktualizr"	9	RDEPENDS_${PN}_append = "${@' aktualizr-auto-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS', True) == '1' else ''}"
		10	RDEPENDS_${PN} = " aktualizr"
10	PV = "1.0"	11	PV = "1.0"
11	PR = "6"	12	PR = "6"
12		13
@@ -31,19 +32,10 @@ do_install() {
31		32
32	install -m 0700 -d ${D}${libdir}/sota/conf.d	33	install -m 0700 -d ${D}${libdir}/sota/conf.d
33	install -m 0700 -d ${D}${localstatedir}/sota	34	install -m 0700 -d ${D}${localstatedir}/sota
34	if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then	35	aktualizr_toml=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-network', 'sota_autoprov_primary.toml', 'sota_autoprov.toml', d)}
35	aktualizr_toml=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-network', 'sota_autoprov_primary.toml', 'sota_autoprov.toml', d)}	36
36		37	install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/${aktualizr_toml} \
37	install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/${aktualizr_toml} \	38	${D}${libdir}/sota/conf.d/20-${aktualizr_toml}
38	${D}${libdir}/sota/conf.d/20-${aktualizr_toml}
39
40	# deploy SOTA credentials
41	if [ -e ${SOTA_PACKED_CREDENTIALS} ]; then
42	cp ${SOTA_PACKED_CREDENTIALS} ${D}${localstatedir}/sota/sota_provisioning_credentials.zip
43	# Device should not be able to push data to treehub
44	zip -d ${D}${localstatedir}/sota/sota_provisioning_credentials.zip treehub.json
45	fi
46	fi
47	}	39	}
48		40
49	FILES_${PN} = " \	41	FILES_${PN} = " \


diff --git a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb new file mode 100644 index 0000000..5debc19 --- /dev/null +++ b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb
@@ -0,0 +1,50 @@
		1	SUMMARY = "Credentials for implicit provisioning with CA certificate"
		2	SECTION = "base"
		3	LICENSE = "MPL-2.0"
		4	LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad"
		5
		6	DEPENDS = "aktualizr aktualizr-native"
		7
		8	SRC_URI = " \
		9	file://ca.cnf \
		10	"
		11
		12	require credentials.inc
		13
		14	export SOTA_CACERT_PATH
		15	export SOTA_CAKEY_PATH
		16
		17	do_install() {
		18	if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
		19	if [ -z ${SOTA_CACERT_PATH} ]; then
		20	SOTA_CACERT_PATH=${DEPLOY_DIR_IMAGE}/CA/cacert.pem
		21	SOTA_CAKEY_PATH=${DEPLOY_DIR_IMAGE}/CA/ca.private.pem
		22	mkdir -p ${DEPLOY_DIR_IMAGE}/CA
		23	bbwarn "SOTA_CACERT_PATH is not specified, use default one at $SOTA_CACERT_PATH"
		24
		25	if [ ! -f ${SOTA_CACERT_PATH} ]; then
		26	bbwarn "${SOTA_CACERT_PATH} does not exist, generate a new CA"
		27	SOTA_CACERT_DIR_PATH="$(dirname "$SOTA_CACERT_PATH")"
		28	openssl genrsa -out ${SOTA_CACERT_DIR_PATH}/ca.private.pem 4096
		29	openssl req -key ${SOTA_CACERT_DIR_PATH}/ca.private.pem -new -x509 -days 7300 -out ${SOTA_CACERT_PATH} -subj "/C=DE/ST=Berlin/O=Reis und Kichererbsen e.V/commonName=meta-updater" -batch -config ${WORKDIR}/ca.cnf -extensions cacert
		30	bbwarn "${SOTA_CACERT_PATH} has been created, you'll need to upload it to the server"
		31	fi
		32	fi
		33
		34	if [ -z ${SOTA_CAKEY_PATH} ]; then
		35	bberror "SOTA_CAKEY_PATH should be set when using implicit provisioning"
		36	fi
		37
		38	install -m 0700 -d ${D}${localstatedir}/sota
		39	aktualizr_cert_provider --credentials ${SOTA_PACKED_CREDENTIALS} \
		40	--device-ca ${SOTA_CACERT_PATH} \
		41	--device-ca-key ${SOTA_CAKEY_PATH} \
		42	--root-ca \
		43	--server-url \
		44	--local ${D} \
		45	--config ${STAGING_DIR_HOST}${libdir}/sota/sota_implicit_prov_ca.toml
		46	fi
		47	}
		48
		49	FILES_${PN} = " \
		50	${localstatedir}/sota/*"


diff --git a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb index 1ad561c..2763185 100644 --- a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb
@@ -9,64 +9,24 @@ SECTION = "base"
9	LICENSE = "MPL-2.0"	9	LICENSE = "MPL-2.0"
10	LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad"	10	LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad"
11		11
12	DEPENDS = "aktualizr-native openssl-native"	12	DEPENDS = "aktualizr aktualizr-native openssl-native"
13	RDEPENDS_${PN} = "aktualizr"	13	RDEPENDS_${PN}_append = "${@' aktualizr-ca-implicit-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS', True) == '1' else ''}"
14		14
15	SRC_URI = " \
16	file://ca.cnf \
17	"
18	PV = "1.0"	15	PV = "1.0"
19	PR = "1"	16	PR = "1"
20		17
21	require environment.inc	18	require environment.inc
22	require credentials.inc	19	require credentials.inc
23		20
24	export SOTA_CACERT_PATH
25	export SOTA_CAKEY_PATH
26
27	do_install() {	21	do_install() {
28	install -m 0700 -d ${D}${libdir}/sota/conf.d	22	install -m 0700 -d ${D}${libdir}/sota/conf.d
29		23
30	if [ -z "${SOTA_PACKED_CREDENTIALS}" ]; then	24	install -m 0644 ${STAGING_DIR_HOST}${libdir}/sota/sota_implicit_prov_ca.toml \
31	bberror "SOTA_PACKED_CREDENTIALS are required for implicit provisioning"
32	fi
33
34	if [ -z ${SOTA_CACERT_PATH} ]; then
35	SOTA_CACERT_PATH=${DEPLOY_DIR_IMAGE}/CA/cacert.pem
36	SOTA_CAKEY_PATH=${DEPLOY_DIR_IMAGE}/CA/ca.private.pem
37	mkdir -p ${DEPLOY_DIR_IMAGE}/CA
38	bbwarn "SOTA_CACERT_PATH is not specified, use default one at $SOTA_CACERT_PATH"
39
40	if [ ! -f ${SOTA_CACERT_PATH} ]; then
41	bbwarn "${SOTA_CACERT_PATH} does not exist, generate a new CA"
42	SOTA_CACERT_DIR_PATH="$(dirname "$SOTA_CACERT_PATH")"
43	openssl genrsa -out ${SOTA_CACERT_DIR_PATH}/ca.private.pem 4096
44	openssl req -key ${SOTA_CACERT_DIR_PATH}/ca.private.pem -new -x509 -days 7300 -out ${SOTA_CACERT_PATH} -subj "/C=DE/ST=Berlin/O=Reis und Kichererbsen e.V/commonName=meta-updater" -batch -config ${WORKDIR}/ca.cnf -extensions cacert
45	bbwarn "${SOTA_CACERT_PATH} has been created, you'll need to upload it to the server"
46	fi
47	fi
48
49	if [ -z ${SOTA_CAKEY_PATH} ]; then
50	bberror "SOTA_CAKEY_PATH should be set when using implicit provisioning"
51	fi
52
53	install -m 0700 -d ${D}${localstatedir}/sota
54	install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov_ca.toml \
55	${D}${libdir}/sota/conf.d/20-sota_implicit_prov_ca.toml	25	${D}${libdir}/sota/conf.d/20-sota_implicit_prov_ca.toml
56	aktualizr_cert_provider --credentials ${SOTA_PACKED_CREDENTIALS} \
57	--device-ca ${SOTA_CACERT_PATH} \
58	--device-ca-key ${SOTA_CAKEY_PATH} \
59	--root-ca \
60	--server-url \
61	--local ${D}${localstatedir}/sota \
62	--config ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov_ca.toml
63	}	26	}
64		27
65	FILES_${PN} = " \	28	FILES_${PN} = " \
66	${libdir}/sota/conf.d \
67	${libdir}/sota/conf.d/20-sota_implicit_prov_ca.toml \	29	${libdir}/sota/conf.d/20-sota_implicit_prov_ca.toml \
68	${libdir}/sota/root.crt \
69	${localstatedir}/sota/* \
70	"	30	"
71		31
72	# vim:set ts=4 sw=4 sts=4 expandtab:	32	# vim:set ts=4 sw=4 sts=4 expandtab:


diff --git a/recipes-sota/aktualizr/aktualizr-hsm-prov.bb b/recipes-sota/aktualizr/aktualizr-hsm-prov.bb index e811424..151b543 100644 --- a/recipes-sota/aktualizr/aktualizr-hsm-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-hsm-prov.bb
@@ -5,8 +5,8 @@ SECTION = "base"
5	LICENSE = "MPL-2.0"	5	LICENSE = "MPL-2.0"
6	LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad"	6	LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad"
7		7
8	DEPENDS = "aktualizr-native"	8	DEPENDS = "aktualizr aktualizr-native"
9	RDEPENDS_${PN} = "aktualizr"	9	RDEPENDS_${PN}_append = "${@' aktualizr-ca-implicit-prov-creds softhsm-testtoken' if d.getVar('SOTA_DEPLOY_CREDENTIALS', True) == '1' else ''}"
10		10
11	SRC_URI = ""	11	SRC_URI = ""
12	PV = "1.0"	12	PV = "1.0"
@@ -19,16 +19,11 @@ do_install() {
19	install -m 0700 -d ${D}${libdir}/sota/conf.d	19	install -m 0700 -d ${D}${libdir}/sota/conf.d
20	install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_hsm_prov.toml \	20	install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_hsm_prov.toml \
21	${D}${libdir}/sota/conf.d/20-sota_hsm_prov.toml	21	${D}${libdir}/sota/conf.d/20-sota_hsm_prov.toml
22	if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
23	aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} --no-root-ca \
24	-o ${D}${libdir}/sota/conf.d/30-implicit_server.toml -p ${D}
25	fi
26	}	22	}
27		23
28	FILES_${PN} = " \	24	FILES_${PN} = " \
29	${libdir}/sota/conf.d \	25	${libdir}/sota/conf.d \
30	${libdir}/sota/conf.d/20-sota_hsm_prov.toml \	26	${libdir}/sota/conf.d/20-sota_hsm_prov.toml \
31	${libdir}/sota/conf.d/30-implicit_server.toml \
32	"	27	"
33		28
34	# vim:set ts=4 sw=4 sts=4 expandtab:	29	# vim:set ts=4 sw=4 sts=4 expandtab:


diff --git a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb deleted file mode 100644 index 69ab03c..0000000 --- a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb +++ /dev/null
@@ -1,35 +0,0 @@
1	SUMMARY = "Aktualizr configuration for implicit provisioning"
2	DESCRIPTION = "Configuration for implicitly provisioning Aktualizr, the SOTA Client application written in C++"
3	HOMEPAGE = "https://github.com/advancedtelematic/aktualizr"
4	SECTION = "base"
5	LICENSE = "MPL-2.0"
6	LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad"
7
8	DEPENDS = "aktualizr-native"
9	RDEPENDS_${PN} = "aktualizr"
10
11	SRC_URI = ""
12	PV = "1.0"
13	PR = "1"
14
15	require environment.inc
16	require credentials.inc
17
18	do_install() {
19	install -m 0700 -d ${D}${libdir}/sota/conf.d
20	install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov.toml \
21	${D}${libdir}/sota/conf.d/20-sota_implicit_prov.toml
22	if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
23	aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} \
24	-o ${D}${libdir}/sota/conf.d/30-implicit_server.toml -p ${D}
25	fi
26	}
27
28	FILES_${PN} = " \
29	${libdir}/sota/conf.d \
30	${libdir}/sota/conf.d/20-implicit_prov.toml \
31	${libdir}/sota/conf.d/30-implicit_server.toml \
32	${libdir}/sota/root.crt \
33	"
34
35	# vim:set ts=4 sw=4 sts=4 expandtab:


diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index 20008c9..c3a7420 100755 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb
@@ -11,12 +11,13 @@ DEPENDS_append_class-native = "glib-2.0-native "
11		11
12	RDEPENDS_${PN}_class-target = "lshw "	12	RDEPENDS_${PN}_class-target = "lshw "
13	RDEPENDS_${PN}_append_class-target = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'serialcan', ' slcand-start', '', d)} "	13	RDEPENDS_${PN}_append_class-target = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'serialcan', ' slcand-start', '', d)} "
14	RDEPENDS_${PN}_append_class-target = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', ' softhsm softhsm-testtoken', '', d)}"
15	RDEPENDS_${PN}_append_class-target = " ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'ubootenv', ' u-boot-fw-utils aktualizr-uboot-env-rollback', '', d)} "	14	RDEPENDS_${PN}_append_class-target = " ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'ubootenv', ' u-boot-fw-utils aktualizr-uboot-env-rollback', '', d)} "
16		15
17	RDEPENDS_${PN}_append_class-target = " ${PN}-tools "	16	RDEPENDS_${PN}_append_class-target = " ${PN}-tools "
18	RDEPENDS_${PN}-secondary_append_class-target = " ${PN}-tools "	17	RDEPENDS_${PN}-secondary_append_class-target = " ${PN}-tools "
19		18
		19	RDEPENDS_${PN}_class-target = " openssl-bin "
		20
20	PV = "1.0+git${SRCPV}"	21	PV = "1.0+git${SRCPV}"
21	PR = "7"	22	PR = "7"
22		23
@@ -27,7 +28,7 @@ SRC_URI = " \
27	file://aktualizr-secondary.socket \	28	file://aktualizr-secondary.socket \
28	file://aktualizr-serialcan.service \	29	file://aktualizr-serialcan.service \
29	"	30	"
30	SRCREV = "487905ccb2a4b7e8b01becd051242fe504e85950"	31	SRCREV = "097c763ab4b4b057fa6bedfdac2049e53df93539"
31	BRANCH ?= "master"	32	BRANCH ?= "master"
32		33
33	S = "${WORKDIR}/git"	34	S = "${WORKDIR}/git"
@@ -65,7 +66,6 @@ do_install_append () {
65	install -m 0644 ${S}/config/sota_autoprov.toml ${D}/${libdir}/sota/sota_autoprov.toml	66	install -m 0644 ${S}/config/sota_autoprov.toml ${D}/${libdir}/sota/sota_autoprov.toml
66	install -m 0644 ${S}/config/sota_autoprov_primary.toml ${D}/${libdir}/sota/sota_autoprov_primary.toml	67	install -m 0644 ${S}/config/sota_autoprov_primary.toml ${D}/${libdir}/sota/sota_autoprov_primary.toml
67	install -m 0644 ${S}/config/sota_hsm_prov.toml ${D}/${libdir}/sota/sota_hsm_prov.toml	68	install -m 0644 ${S}/config/sota_hsm_prov.toml ${D}/${libdir}/sota/sota_hsm_prov.toml
68	install -m 0644 ${S}/config/sota_implicit_prov.toml ${D}/${libdir}/sota/sota_implicit_prov.toml
69	install -m 0644 ${S}/config/sota_implicit_prov_ca.toml ${D}/${libdir}/sota/sota_implicit_prov_ca.toml	69	install -m 0644 ${S}/config/sota_implicit_prov_ca.toml ${D}/${libdir}/sota/sota_implicit_prov_ca.toml
70	install -m 0644 ${S}/config/sota_secondary.toml ${D}/${libdir}/sota/sota_secondary.toml	70	install -m 0644 ${S}/config/sota_secondary.toml ${D}/${libdir}/sota/sota_secondary.toml
71	install -m 0644 ${S}/config/sota_uboot_env.toml ${D}/${libdir}/sota/sota_uboot_env.toml	71	install -m 0644 ${S}/config/sota_uboot_env.toml ${D}/${libdir}/sota/sota_uboot_env.toml
@@ -114,7 +114,6 @@ FILES_${PN}-host-tools = " \
114	${libdir}/sota/sota_autoprov.toml \	114	${libdir}/sota/sota_autoprov.toml \
115	${libdir}/sota/sota_autoprov_primary.toml \	115	${libdir}/sota/sota_autoprov_primary.toml \
116	${libdir}/sota/sota_hsm_prov.toml \	116	${libdir}/sota/sota_hsm_prov.toml \
117	${libdir}/sota/sota_implicit_prov.toml \
118	${libdir}/sota/sota_implicit_prov_ca.toml \	117	${libdir}/sota/sota_implicit_prov_ca.toml \
119	${libdir}/sota/sota_uboot_env.toml \	118	${libdir}/sota/sota_uboot_env.toml \
120	"	119	"