Merge remote-tracking branch 'origin/rocko' into rocko-merge

Signed-off-by: Ricardo Salveti <ricardo@opensourcefoundries.com>
author: Ricardo Salveti <ricardo@opensourcefoundries.com> 2018-03-29 15:47:26 -0300
committer: Ricardo Salveti <ricardo@opensourcefoundries.com> 2018-03-29 15:47:26 -0300
commit: 82a9c20ffb045011b53f3188d04d79f440ee8b06 (patch)
tree: 8309cc593f59861ed4848dea09b09b3f04e18416 /recipes-sota
parent: 2619e3f3312713f4077d83b2f2e5f9c7de66d12b (diff)
parent: b1a114da280a05cfc2b7b099c97101bd20cc6b8f (diff)
download: meta-updater-82a9c20ffb045011b53f3188d04d79f440ee8b06.tar.gz
8 files changed, 147 insertions, 22 deletions
diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov.bb b/recipes-sota/aktualizr/aktualizr-auto-prov.bb
index 2190512..07e5bb8 100644
--- a/recipes-sota/aktualizr/aktualizr-auto-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-auto-prov.bb
@@ -35,7 +35,9 @@ do_install() {
    install -d ${D}${libdir}/sota
    install -d ${D}${localstatedir}/sota
    if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
-        install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_autoprov.toml ${D}${libdir}/sota/sota.toml
+        aktualizr_toml=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-network', 'sota_autoprov_primary.toml', 'sota_autoprov.toml', d)}
+        install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/${aktualizr_toml} ${D}${libdir}/sota/sota.toml
        # deploy SOTA credentials
        if [ -e ${SOTA_PACKED_CREDENTIALS} ]; then
diff --git a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb
new file mode 100644
index 0000000..51e313d
--- /dev/null
+++ b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb
@@ -0,0 +1,72 @@
+SUMMARY = "Aktualizr configuration for implicit provisioning with CA"
+DESCRIPTION = "Systemd service and configurations for implicitly provisioning Aktualizr using externally provided or generated CA"
+# WARNING: it is NOT a production solution. The secure way to provision devices is to create certificate request directly on the device
+#  (either with HSM/TPM or with software) and then sign it with a CA stored on a disconnected machine
+HOMEPAGE = "https://github.com/advancedtelematic/aktualizr"
+SECTION = "base"
+LICENSE = "MPL-2.0"
+LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE;md5=9741c346eef56131163e13b9db1241b3"
+DEPENDS = "aktualizr-native openssl-native"
+RDEPENDS_${PN} = "aktualizr"
+SRC_URI = " \
+  file://LICENSE \
+  file://ca.cnf \
+  "
+PV = "1.0"
+PR = "1"
+require environment.inc
+require credentials.inc
+export SOTA_CACERT_PATH
+export SOTA_CAKEY_PATH
+do_install() {
+    install -d ${D}${libdir}/sota
+    if [ -z "${SOTA_PACKED_CREDENTIALS}" ]; then
+        bberror "SOTA_PACKED_CREDENTIALS are required for implicit provisioning"
+    fi
+    if [ -z ${SOTA_CACERT_PATH} ]; then
+        SOTA_CACERT_PATH=${DEPLOY_DIR_IMAGE}/CA/cacert.pem
+        SOTA_CAKEY_PATH=${DEPLOY_DIR_IMAGE}/CA/ca.private.pem
+        mkdir -p ${DEPLOY_DIR_IMAGE}/CA
+        bbwarn "SOTA_CACERT_PATH is not specified, use default one at $SOTA_CACERT_PATH" 
+        if [ ! -f ${SOTA_CACERT_PATH} ]; then
+            bbwarn "${SOTA_CACERT_PATH} does not exist, generate a new CA"
+            SOTA_CACERT_DIR_PATH="$(dirname "$SOTA_CACERT_PATH")"
+            openssl genrsa -out ${SOTA_CACERT_DIR_PATH}/ca.private.pem 4096
+            openssl req -key ${SOTA_CACERT_DIR_PATH}/ca.private.pem -new -x509 -days 7300 -out ${SOTA_CACERT_PATH} -subj "/C=DE/ST=Berlin/O=Reis und Kichererbsen e.V/commonName=meta-updater" -batch -config ${WORKDIR}/ca.cnf -extensions cacert
+            bbwarn "${SOTA_CACERT_PATH} has been created, you'll need to upload it to the server"
+        fi
+    fi
+    if [ -z ${SOTA_CAKEY_PATH} ]; then
+        bberror "SOTA_CAKEY_PATH should be set when using implicit provisioning"
+    fi
+    install -d ${D}${libdir}/sota
+    install -d ${D}${localstatedir}/sota
+    install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov_ca.toml ${D}${libdir}/sota/sota.toml
+    aktualizr_cert_provider --credentials ${SOTA_PACKED_CREDENTIALS} \
+                            --device-ca ${SOTA_CACERT_PATH} \
+                            --device-ca-key ${SOTA_CAKEY_PATH} \
+                            --root-ca \
+                            --server-url \
+                            --local ${D}${localstatedir}/sota \
+                            --config ${D}${libdir}/sota/sota.toml
+}
+FILES_${PN} = " \
+                ${localstatedir}/sota/* \
+                ${libdir}/sota/sota.toml \
+                ${libdir}/sota/root.crt \
+                "
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb
index 768ec3d..2a803a8 100644
--- a/recipes-sota/aktualizr/aktualizr_git.bb
+++ b/recipes-sota/aktualizr/aktualizr_git.bb
@@ -6,11 +6,10 @@ LICENSE = "MPL-2.0"
 LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=9741c346eef56131163e13b9db1241b3"
 DEPENDS = "boost curl openssl libarchive libsodium asn1c-native "
-DEPENDS_append_class-target = "jansson ostree ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', ' libp11', '', d)} "
+DEPENDS_append_class-target = "ostree ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', ' libp11', '', d)} "
 DEPENDS_append_class-native = "glib-2.0-native "
 RDEPENDS_${PN}_class-target = "lshw "
-RDEPENDS_${PN}_append_class-target = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', ' engine-pkcs11', '', d)} "
 RDEPENDS_${PN}_append_class-target = " ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'serialcan', '  slcand-start', '', d)} "
 PV = "1.0+git${SRCPV}"
@@ -19,9 +18,11 @@ PR = "7"
 SRC_URI = " \
  gitsm://github.com/advancedtelematic/aktualizr;branch=${BRANCH} \
  file://aktualizr.service \
+  file://aktualizr-secondary.service \
+  file://aktualizr-secondary.socket \
  file://aktualizr-serialcan.service \
  "
-SRCREV = "d861896e7467e3e0cafdd7384ff87c62fe724640"
+SRCREV = "930d8eef6eb584686654601c056d7c9c6fca3048"
 BRANCH ?= "master"
 S = "${WORKDIR}/git"
@@ -29,56 +30,80 @@ S = "${WORKDIR}/git"
 inherit cmake
 inherit systemd
+SYSTEMD_PACKAGES = "${PN} ${PN}-secondary"
 SYSTEMD_SERVICE_${PN} = "aktualizr.service"
+SYSTEMD_SERVICE_${PN}-secondary = "aktualizr-secondary.socket"
 BBCLASSEXTEND =+ "native"
 EXTRA_OECMAKE = "-DWARNING_AS_ERROR=OFF -DCMAKE_BUILD_TYPE=Release -DAKTUALIZR_VERSION=${PV} "
 EXTRA_OECMAKE_append_class-target = " -DBUILD_OSTREE=ON -DBUILD_ISOTP=ON ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', '-DBUILD_P11=ON', '', d)} "
-EXTRA_OECMAKE_append_class-native = " -DBUILD_SOTA_TOOLS=ON -DBUILD_OSTREE=OFF "
+EXTRA_OECMAKE_append_class-native = " -DBUILD_SOTA_TOOLS=ON -DBUILD_OSTREE=OFF -DBUILD_SYSTEMD=OFF "
 do_install_append () {
-    rm -f ${D}${bindir}/aktualizr_cert_provider
+    rm -fr ${D}${libdir}/systemd
+    rm -f ${D}${libdir}/sota/sota.toml # Only needed for the Debian package
+    install -d ${D}${libdir}/sota
+    install -m 0644 ${S}/config/sota_secondary.toml ${D}/${libdir}/sota/sota_secondary.toml
+    install -d ${D}${systemd_unitdir}/system
+    install -m 0644 ${WORKDIR}/aktualizr-secondary.socket ${D}${systemd_unitdir}/system/aktualizr-secondary.socket
+    install -m 0644 ${WORKDIR}/aktualizr-secondary.service ${D}${systemd_unitdir}/system/aktualizr-secondary.service
 }
-do_install_append_class-target () {
-    rm -f ${D}${bindir}/aktualizr_implicit_writer
-    rm -f ${D}${libdir}/sota/sota.toml
-    ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-example', '', 'rm -f ${D}${bindir}/example-interface', d)}
-    ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-isotp-example', '', 'rm -f ${D}${bindir}/isotp-test-interface', d)}
+do_install_append_class-target () {
    install -d ${D}${systemd_unitdir}/system
    aktualizr_service=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'serialcan', '${WORKDIR}/aktualizr-serialcan.service', '${WORKDIR}/aktualizr.service', d)}
    install -m 0644 ${aktualizr_service} ${D}${systemd_unitdir}/system/aktualizr.service
 }
 do_install_append_class-native () {
-    rm -f ${D}${bindir}/aktualizr
-    rm -f ${D}${bindir}/aktualizr-info
-    rm -f ${D}${bindir}/example-interface
    install -d ${D}${libdir}/sota
    install -m 0644 ${S}/config/sota_autoprov.toml ${D}/${libdir}/sota/sota_autoprov.toml
+    install -m 0644 ${S}/config/sota_autoprov_primary.toml ${D}/${libdir}/sota/sota_autoprov_primary.toml
    install -m 0644 ${S}/config/sota_hsm_prov.toml ${D}/${libdir}/sota/sota_hsm_prov.toml
    install -m 0644 ${S}/config/sota_implicit_prov.toml ${D}/${libdir}/sota/sota_implicit_prov.toml
+    install -m 0644 ${S}/config/sota_implicit_prov_ca.toml ${D}/${libdir}/sota/sota_implicit_prov_ca.toml
    install -m 0755 ${B}/src/sota_tools/garage-sign-prefix/src/garage-sign/bin/* ${D}${bindir}
    install -m 0644 ${B}/src/sota_tools/garage-sign-prefix/src/garage-sign/lib/* ${D}${libdir}
 }
-FILES_${PN}_append = " \
+PACKAGES =+ " ${PN}-common ${PN}-examples ${PN}-host-tools ${PN}-secondary "
-                ${libdir}/sota \
-                "
-FILES_${PN}_class-target = " \
+FILES_${PN} = " \
                ${bindir}/aktualizr \
                ${bindir}/aktualizr-info \
+                ${bindir}/aktualizr-check-discovery \
                ${systemd_unitdir}/system/aktualizr.service \
                "
-FILES_${PN}_append_class-target = " ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-example', ' ${bindir}/example-interface', '', d)} "
+FILES_${PN}-common = " \
-FILES_${PN}_append_class-target = " ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-isotp-example', ' ${bindir}/isotp-test-interface', '', d)} "
+                ${libdir}/sota/schemas \
-FILES_${PN}_class-native = " \
+                "
+FILES_${PN}-examples = " \
+                ${libdir}/sota/demo_secondary.json \
+                ${bindir}/example-interface \
+                ${bindir}/isotp-test-interface \
+                "
+FILES_${PN}-host-tools = " \
+                ${bindir}/aktualizr_cert_provider \
                ${bindir}/aktualizr_implicit_writer \
                ${bindir}/garage-deploy \
                ${bindir}/garage-push \
                "
+FILES_${PN}-secondary = " \
+                ${bindir}/aktualizr-secondary \
+                ${libdir}/sota/sota_secondary.toml \
+                ${systemd_unitdir}/system/aktualizr-secondary.socket \
+                ${systemd_unitdir}/system/aktualizr-secondary.service \
+                "
+# Both primary and secondary need the SQL Schemas
+RDEPENDS_${PN}_class-target =+ "${PN}-common"
+RDEPENDS_${PN}-secondary_class-target =+ "${PN}-common"
 # vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/recipes-sota/aktualizr/environment.inc b/recipes-sota/aktualizr/environment.inc
index cba77e7..09da6b7 100644
--- a/recipes-sota/aktualizr/environment.inc
+++ b/recipes-sota/aktualizr/environment.inc
@@ -3,7 +3,7 @@ export SOTA_VIRTUAL_SECONDARIES
 do_install_append() {
  if [ -n "${SOTA_LEGACY_SECONDARY_INTERFACE}" ]; then
-    AKTUALIZR_PARAMETERS_LEGACYSEC="--legacy-interface ${SOTA_LEGACY_SECONDARY_INTERFACE}";
+    AKTUALIZR_PARAMETERS_LEGACYSEC="--legacy-interface ${SOTA_LEGACY_SECONDARY_INTERFACE}"
  fi
  AKTUALIZR_PARAMETERS_CONFIGFILE="--config /usr/lib/sota/sota.toml"
diff --git a/recipes-sota/aktualizr/files/aktualizr-secondary.service b/recipes-sota/aktualizr/files/aktualizr-secondary.service
new file mode 100644
index 0000000..a1e0e1b
--- /dev/null
+++ b/recipes-sota/aktualizr/files/aktualizr-secondary.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=Aktualizr SOTA Client (UPTANE Secondary)
+[Service]
+RestartSec=10
+Restart=always
+EnvironmentFile=-/etc/sota/sota.env
+ExecStart=/usr/bin/aktualizr-secondary --config /usr/lib/sota/sota_secondary.toml
diff --git a/recipes-sota/aktualizr/files/aktualizr-secondary.socket b/recipes-sota/aktualizr/files/aktualizr-secondary.socket
new file mode 100644
index 0000000..da0ee44
--- /dev/null
+++ b/recipes-sota/aktualizr/files/aktualizr-secondary.socket
@@ -0,0 +1,6 @@
+[Socket]
+ListenStream=9030
+ListenDatagram=9031
+[Install]
+WantedBy=sockets.target
+\ No newline at end of file
diff --git a/recipes-sota/aktualizr/files/aktualizr.service b/recipes-sota/aktualizr/files/aktualizr.service
index b6df9d7..1c2e1df 100644
--- a/recipes-sota/aktualizr/files/aktualizr.service
+++ b/recipes-sota/aktualizr/files/aktualizr.service
@@ -8,6 +8,7 @@ Requires=network-online.target
 RestartSec=10
 Restart=always
 EnvironmentFile=/usr/lib/sota/sota.env
+EnvironmentFile=-/etc/sota/sota.env
 ExecStart=/usr/bin/aktualizr $AKTUALIZR_CMDLINE_PARAMETERS
 [Install]
diff --git a/recipes-sota/aktualizr/files/ca.cnf b/recipes-sota/aktualizr/files/ca.cnf
new file mode 100644
index 0000000..352ec38
--- /dev/null
+++ b/recipes-sota/aktualizr/files/ca.cnf
@@ -0,0 +1,10 @@
+[req]
+req_extensions = cacert
+distinguished_name = req_distinguished_name
+[req_distinguished_name]
+[cacert]
+basicConstraints = critical,CA:true
+keyUsage = keyCertSign
author	Ricardo Salveti <ricardo@opensourcefoundries.com>	2018-03-29 15:47:26 -0300
committer	Ricardo Salveti <ricardo@opensourcefoundries.com>	2018-03-29 15:47:26 -0300
commit	82a9c20ffb045011b53f3188d04d79f440ee8b06 (patch)
tree	8309cc593f59861ed4848dea09b09b3f04e18416 /recipes-sota
parent	2619e3f3312713f4077d83b2f2e5f9c7de66d12b (diff)
parent	b1a114da280a05cfc2b7b099c97101bd20cc6b8f (diff)
download	meta-updater-82a9c20ffb045011b53f3188d04d79f440ee8b06.tar.gz

diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov.bb b/recipes-sota/aktualizr/aktualizr-auto-prov.bb index 2190512..07e5bb8 100644 --- a/recipes-sota/aktualizr/aktualizr-auto-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-auto-prov.bb
@@ -35,7 +35,9 @@ do_install() {
35	install -d ${D}${libdir}/sota	35	install -d ${D}${libdir}/sota
36	install -d ${D}${localstatedir}/sota	36	install -d ${D}${localstatedir}/sota
37	if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then	37	if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
38	install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_autoprov.toml ${D}${libdir}/sota/sota.toml	38	aktualizr_toml=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-network', 'sota_autoprov_primary.toml', 'sota_autoprov.toml', d)}
		39
		40	install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/${aktualizr_toml} ${D}${libdir}/sota/sota.toml
39		41
40	# deploy SOTA credentials	42	# deploy SOTA credentials
41	if [ -e ${SOTA_PACKED_CREDENTIALS} ]; then	43	if [ -e ${SOTA_PACKED_CREDENTIALS} ]; then


diff --git a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb new file mode 100644 index 0000000..51e313d --- /dev/null +++ b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb
@@ -0,0 +1,72 @@
		1	SUMMARY = "Aktualizr configuration for implicit provisioning with CA"
		2	DESCRIPTION = "Systemd service and configurations for implicitly provisioning Aktualizr using externally provided or generated CA"
		3
		4	# WARNING: it is NOT a production solution. The secure way to provision devices is to create certificate request directly on the device
		5	# (either with HSM/TPM or with software) and then sign it with a CA stored on a disconnected machine
		6
		7	HOMEPAGE = "https://github.com/advancedtelematic/aktualizr"
		8	SECTION = "base"
		9	LICENSE = "MPL-2.0"
		10	LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE;md5=9741c346eef56131163e13b9db1241b3"
		11
		12	DEPENDS = "aktualizr-native openssl-native"
		13	RDEPENDS_${PN} = "aktualizr"
		14
		15	SRC_URI = " \
		16	file://LICENSE \
		17	file://ca.cnf \
		18	"
		19	PV = "1.0"
		20	PR = "1"
		21
		22	require environment.inc
		23	require credentials.inc
		24
		25	export SOTA_CACERT_PATH
		26	export SOTA_CAKEY_PATH
		27
		28	do_install() {
		29	install -d ${D}${libdir}/sota
		30
		31	if [ -z "${SOTA_PACKED_CREDENTIALS}" ]; then
		32	bberror "SOTA_PACKED_CREDENTIALS are required for implicit provisioning"
		33	fi
		34
		35	if [ -z ${SOTA_CACERT_PATH} ]; then
		36	SOTA_CACERT_PATH=${DEPLOY_DIR_IMAGE}/CA/cacert.pem
		37	SOTA_CAKEY_PATH=${DEPLOY_DIR_IMAGE}/CA/ca.private.pem
		38	mkdir -p ${DEPLOY_DIR_IMAGE}/CA
		39	bbwarn "SOTA_CACERT_PATH is not specified, use default one at $SOTA_CACERT_PATH"
		40
		41	if [ ! -f ${SOTA_CACERT_PATH} ]; then
		42	bbwarn "${SOTA_CACERT_PATH} does not exist, generate a new CA"
		43	SOTA_CACERT_DIR_PATH="$(dirname "$SOTA_CACERT_PATH")"
		44	openssl genrsa -out ${SOTA_CACERT_DIR_PATH}/ca.private.pem 4096
		45	openssl req -key ${SOTA_CACERT_DIR_PATH}/ca.private.pem -new -x509 -days 7300 -out ${SOTA_CACERT_PATH} -subj "/C=DE/ST=Berlin/O=Reis und Kichererbsen e.V/commonName=meta-updater" -batch -config ${WORKDIR}/ca.cnf -extensions cacert
		46	bbwarn "${SOTA_CACERT_PATH} has been created, you'll need to upload it to the server"
		47	fi
		48	fi
		49
		50	if [ -z ${SOTA_CAKEY_PATH} ]; then
		51	bberror "SOTA_CAKEY_PATH should be set when using implicit provisioning"
		52	fi
		53
		54	install -d ${D}${libdir}/sota
		55	install -d ${D}${localstatedir}/sota
		56	install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov_ca.toml ${D}${libdir}/sota/sota.toml
		57	aktualizr_cert_provider --credentials ${SOTA_PACKED_CREDENTIALS} \
		58	--device-ca ${SOTA_CACERT_PATH} \
		59	--device-ca-key ${SOTA_CAKEY_PATH} \
		60	--root-ca \
		61	--server-url \
		62	--local ${D}${localstatedir}/sota \
		63	--config ${D}${libdir}/sota/sota.toml
		64	}
		65
		66	FILES_${PN} = " \
		67	${localstatedir}/sota/* \
		68	${libdir}/sota/sota.toml \
		69	${libdir}/sota/root.crt \
		70	"
		71
		72	# vim:set ts=4 sw=4 sts=4 expandtab:


diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index 768ec3d..2a803a8 100644 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb
@@ -6,11 +6,10 @@ LICENSE = "MPL-2.0"
6	LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=9741c346eef56131163e13b9db1241b3"	6	LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=9741c346eef56131163e13b9db1241b3"
7		7
8	DEPENDS = "boost curl openssl libarchive libsodium asn1c-native "	8	DEPENDS = "boost curl openssl libarchive libsodium asn1c-native "
9	DEPENDS_append_class-target = "jansson ostree ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', ' libp11', '', d)} "	9	DEPENDS_append_class-target = "ostree ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', ' libp11', '', d)} "
10	DEPENDS_append_class-native = "glib-2.0-native "	10	DEPENDS_append_class-native = "glib-2.0-native "
11		11
12	RDEPENDS_${PN}_class-target = "lshw "	12	RDEPENDS_${PN}_class-target = "lshw "
13	RDEPENDS_${PN}_append_class-target = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', ' engine-pkcs11', '', d)} "
14	RDEPENDS_${PN}_append_class-target = " ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'serialcan', ' slcand-start', '', d)} "	13	RDEPENDS_${PN}_append_class-target = " ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'serialcan', ' slcand-start', '', d)} "
15		14
16	PV = "1.0+git${SRCPV}"	15	PV = "1.0+git${SRCPV}"
@@ -19,9 +18,11 @@ PR = "7"
19	SRC_URI = " \	18	SRC_URI = " \
20	gitsm://github.com/advancedtelematic/aktualizr;branch=${BRANCH} \	19	gitsm://github.com/advancedtelematic/aktualizr;branch=${BRANCH} \
21	file://aktualizr.service \	20	file://aktualizr.service \
		21	file://aktualizr-secondary.service \
		22	file://aktualizr-secondary.socket \
22	file://aktualizr-serialcan.service \	23	file://aktualizr-serialcan.service \
23	"	24	"
24	SRCREV = "d861896e7467e3e0cafdd7384ff87c62fe724640"	25	SRCREV = "930d8eef6eb584686654601c056d7c9c6fca3048"
25	BRANCH ?= "master"	26	BRANCH ?= "master"
26		27
27	S = "${WORKDIR}/git"	28	S = "${WORKDIR}/git"
@@ -29,56 +30,80 @@ S = "${WORKDIR}/git"
29	inherit cmake	30	inherit cmake
30		31
31	inherit systemd	32	inherit systemd
		33
		34	SYSTEMD_PACKAGES = "${PN} ${PN}-secondary"
32	SYSTEMD_SERVICE_${PN} = "aktualizr.service"	35	SYSTEMD_SERVICE_${PN} = "aktualizr.service"
		36	SYSTEMD_SERVICE_${PN}-secondary = "aktualizr-secondary.socket"
33		37
34	BBCLASSEXTEND =+ "native"	38	BBCLASSEXTEND =+ "native"
35		39
36	EXTRA_OECMAKE = "-DWARNING_AS_ERROR=OFF -DCMAKE_BUILD_TYPE=Release -DAKTUALIZR_VERSION=${PV} "	40	EXTRA_OECMAKE = "-DWARNING_AS_ERROR=OFF -DCMAKE_BUILD_TYPE=Release -DAKTUALIZR_VERSION=${PV} "
37	EXTRA_OECMAKE_append_class-target = " -DBUILD_OSTREE=ON -DBUILD_ISOTP=ON ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', '-DBUILD_P11=ON', '', d)} "	41	EXTRA_OECMAKE_append_class-target = " -DBUILD_OSTREE=ON -DBUILD_ISOTP=ON ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', '-DBUILD_P11=ON', '', d)} "
38	EXTRA_OECMAKE_append_class-native = " -DBUILD_SOTA_TOOLS=ON -DBUILD_OSTREE=OFF "	42	EXTRA_OECMAKE_append_class-native = " -DBUILD_SOTA_TOOLS=ON -DBUILD_OSTREE=OFF -DBUILD_SYSTEMD=OFF "
39		43
40	do_install_append () {	44	do_install_append () {
41	rm -f ${D}${bindir}/aktualizr_cert_provider	45	rm -fr ${D}${libdir}/systemd
		46	rm -f ${D}${libdir}/sota/sota.toml # Only needed for the Debian package
		47	install -d ${D}${libdir}/sota
		48	install -m 0644 ${S}/config/sota_secondary.toml ${D}/${libdir}/sota/sota_secondary.toml
		49	install -d ${D}${systemd_unitdir}/system
		50	install -m 0644 ${WORKDIR}/aktualizr-secondary.socket ${D}${systemd_unitdir}/system/aktualizr-secondary.socket
		51	install -m 0644 ${WORKDIR}/aktualizr-secondary.service ${D}${systemd_unitdir}/system/aktualizr-secondary.service
42	}	52	}
43	do_install_append_class-target () {
44	rm -f ${D}${bindir}/aktualizr_implicit_writer
45	rm -f ${D}${libdir}/sota/sota.toml
46	${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-example', '', 'rm -f ${D}${bindir}/example-interface', d)}
47	${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-isotp-example', '', 'rm -f ${D}${bindir}/isotp-test-interface', d)}
48		53
		54	do_install_append_class-target () {
49	install -d ${D}${systemd_unitdir}/system	55	install -d ${D}${systemd_unitdir}/system
50	aktualizr_service=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'serialcan', '${WORKDIR}/aktualizr-serialcan.service', '${WORKDIR}/aktualizr.service', d)}	56	aktualizr_service=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'serialcan', '${WORKDIR}/aktualizr-serialcan.service', '${WORKDIR}/aktualizr.service', d)}
51	install -m 0644 ${aktualizr_service} ${D}${systemd_unitdir}/system/aktualizr.service	57	install -m 0644 ${aktualizr_service} ${D}${systemd_unitdir}/system/aktualizr.service
52	}	58	}
		59
53	do_install_append_class-native () {	60	do_install_append_class-native () {
54	rm -f ${D}${bindir}/aktualizr
55	rm -f ${D}${bindir}/aktualizr-info
56	rm -f ${D}${bindir}/example-interface
57	install -d ${D}${libdir}/sota	61	install -d ${D}${libdir}/sota
58	install -m 0644 ${S}/config/sota_autoprov.toml ${D}/${libdir}/sota/sota_autoprov.toml	62	install -m 0644 ${S}/config/sota_autoprov.toml ${D}/${libdir}/sota/sota_autoprov.toml
		63	install -m 0644 ${S}/config/sota_autoprov_primary.toml ${D}/${libdir}/sota/sota_autoprov_primary.toml
59	install -m 0644 ${S}/config/sota_hsm_prov.toml ${D}/${libdir}/sota/sota_hsm_prov.toml	64	install -m 0644 ${S}/config/sota_hsm_prov.toml ${D}/${libdir}/sota/sota_hsm_prov.toml
60	install -m 0644 ${S}/config/sota_implicit_prov.toml ${D}/${libdir}/sota/sota_implicit_prov.toml	65	install -m 0644 ${S}/config/sota_implicit_prov.toml ${D}/${libdir}/sota/sota_implicit_prov.toml
		66	install -m 0644 ${S}/config/sota_implicit_prov_ca.toml ${D}/${libdir}/sota/sota_implicit_prov_ca.toml
61		67
62	install -m 0755 ${B}/src/sota_tools/garage-sign-prefix/src/garage-sign/bin/* ${D}${bindir}	68	install -m 0755 ${B}/src/sota_tools/garage-sign-prefix/src/garage-sign/bin/* ${D}${bindir}
63	install -m 0644 ${B}/src/sota_tools/garage-sign-prefix/src/garage-sign/lib/* ${D}${libdir}	69	install -m 0644 ${B}/src/sota_tools/garage-sign-prefix/src/garage-sign/lib/* ${D}${libdir}
64	}	70	}
65		71
66	FILES_${PN}_append = " \	72	PACKAGES =+ " ${PN}-common ${PN}-examples ${PN}-host-tools ${PN}-secondary "
67	${libdir}/sota \
68	"
69		73
70	FILES_${PN}_class-target = " \	74	FILES_${PN} = " \
71	${bindir}/aktualizr \	75	${bindir}/aktualizr \
72	${bindir}/aktualizr-info \	76	${bindir}/aktualizr-info \
		77	${bindir}/aktualizr-check-discovery \
73	${systemd_unitdir}/system/aktualizr.service \	78	${systemd_unitdir}/system/aktualizr.service \
74	"	79	"
75		80
76	FILES_${PN}_append_class-target = " ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-example', ' ${bindir}/example-interface', '', d)} "	81	FILES_${PN}-common = " \
77	FILES_${PN}_append_class-target = " ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-isotp-example', ' ${bindir}/isotp-test-interface', '', d)} "	82	${libdir}/sota/schemas \
78	FILES_${PN}_class-native = " \	83	"
		84
		85	FILES_${PN}-examples = " \
		86	${libdir}/sota/demo_secondary.json \
		87	${bindir}/example-interface \
		88	${bindir}/isotp-test-interface \
		89	"
		90
		91	FILES_${PN}-host-tools = " \
		92	${bindir}/aktualizr_cert_provider \
79	${bindir}/aktualizr_implicit_writer \	93	${bindir}/aktualizr_implicit_writer \
80	${bindir}/garage-deploy \	94	${bindir}/garage-deploy \
81	${bindir}/garage-push \	95	${bindir}/garage-push \
82	"	96	"
83		97
		98	FILES_${PN}-secondary = " \
		99	${bindir}/aktualizr-secondary \
		100	${libdir}/sota/sota_secondary.toml \
		101	${systemd_unitdir}/system/aktualizr-secondary.socket \
		102	${systemd_unitdir}/system/aktualizr-secondary.service \
		103	"
		104
		105	# Both primary and secondary need the SQL Schemas
		106	RDEPENDS_${PN}_class-target =+ "${PN}-common"
		107	RDEPENDS_${PN}-secondary_class-target =+ "${PN}-common"
		108
84	# vim:set ts=4 sw=4 sts=4 expandtab:	109	# vim:set ts=4 sw=4 sts=4 expandtab:


diff --git a/recipes-sota/aktualizr/environment.inc b/recipes-sota/aktualizr/environment.inc index cba77e7..09da6b7 100644 --- a/recipes-sota/aktualizr/environment.inc +++ b/recipes-sota/aktualizr/environment.inc
@@ -3,7 +3,7 @@ export SOTA_VIRTUAL_SECONDARIES
3		3
4	do_install_append() {	4	do_install_append() {
5	if [ -n "${SOTA_LEGACY_SECONDARY_INTERFACE}" ]; then	5	if [ -n "${SOTA_LEGACY_SECONDARY_INTERFACE}" ]; then
6	AKTUALIZR_PARAMETERS_LEGACYSEC="--legacy-interface ${SOTA_LEGACY_SECONDARY_INTERFACE}";	6	AKTUALIZR_PARAMETERS_LEGACYSEC="--legacy-interface ${SOTA_LEGACY_SECONDARY_INTERFACE}"
7	fi	7	fi
8		8
9	AKTUALIZR_PARAMETERS_CONFIGFILE="--config /usr/lib/sota/sota.toml"	9	AKTUALIZR_PARAMETERS_CONFIGFILE="--config /usr/lib/sota/sota.toml"


diff --git a/recipes-sota/aktualizr/files/aktualizr-secondary.service b/recipes-sota/aktualizr/files/aktualizr-secondary.service new file mode 100644 index 0000000..a1e0e1b --- /dev/null +++ b/recipes-sota/aktualizr/files/aktualizr-secondary.service
@@ -0,0 +1,9 @@
		1	[Unit]
		2	Description=Aktualizr SOTA Client (UPTANE Secondary)
		3
		4	[Service]
		5	RestartSec=10
		6	Restart=always
		7	EnvironmentFile=-/etc/sota/sota.env
		8	ExecStart=/usr/bin/aktualizr-secondary --config /usr/lib/sota/sota_secondary.toml
		9


diff --git a/recipes-sota/aktualizr/files/aktualizr-secondary.socket b/recipes-sota/aktualizr/files/aktualizr-secondary.socket new file mode 100644 index 0000000..da0ee44 --- /dev/null +++ b/recipes-sota/aktualizr/files/aktualizr-secondary.socket
@@ -0,0 +1,6 @@
		1	[Socket]
		2	ListenStream=9030
		3	ListenDatagram=9031
		4
		5	[Install]
		6	WantedBy=sockets.target \ No newline at end of file


diff --git a/recipes-sota/aktualizr/files/aktualizr.service b/recipes-sota/aktualizr/files/aktualizr.service index b6df9d7..1c2e1df 100644 --- a/recipes-sota/aktualizr/files/aktualizr.service +++ b/recipes-sota/aktualizr/files/aktualizr.service
@@ -8,6 +8,7 @@ Requires=network-online.target
8	RestartSec=10	8	RestartSec=10
9	Restart=always	9	Restart=always
10	EnvironmentFile=/usr/lib/sota/sota.env	10	EnvironmentFile=/usr/lib/sota/sota.env
		11	EnvironmentFile=-/etc/sota/sota.env
11	ExecStart=/usr/bin/aktualizr $AKTUALIZR_CMDLINE_PARAMETERS	12	ExecStart=/usr/bin/aktualizr $AKTUALIZR_CMDLINE_PARAMETERS
12		13
13	[Install]	14	[Install]


diff --git a/recipes-sota/aktualizr/files/ca.cnf b/recipes-sota/aktualizr/files/ca.cnf new file mode 100644 index 0000000..352ec38 --- /dev/null +++ b/recipes-sota/aktualizr/files/ca.cnf
@@ -0,0 +1,10 @@
		1	[req]
		2	req_extensions = cacert
		3	distinguished_name = req_distinguished_name
		4
		5	[req_distinguished_name]
		6
		7	[cacert]
		8	basicConstraints = critical,CA:true
		9	keyUsage = keyCertSign
		10