diff options
17 files changed, 396 insertions, 62 deletions
diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-auto-prov-creds.bb new file mode 100644 index 0000000..34460af --- /dev/null +++ b/recipes-sota/aktualizr/aktualizr-auto-prov-creds.bb | |||
@@ -0,0 +1,24 @@ | |||
1 | SUMMARY = "Credentials for autoprovisioning scenario" | ||
2 | SECTION = "base" | ||
3 | LICENSE = "MPL-2.0" | ||
4 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" | ||
5 | |||
6 | DEPENDS = "aktualizr-native zip-native" | ||
7 | ALLOW_EMPTY_${PN} = "1" | ||
8 | |||
9 | require credentials.inc | ||
10 | |||
11 | do_install() { | ||
12 | if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then | ||
13 | install -m 0700 -d ${D}${localstatedir}/sota | ||
14 | cp ${SOTA_PACKED_CREDENTIALS} ${D}${localstatedir}/sota/sota_provisioning_credentials.zip | ||
15 | # Device should not be able to push data to treehub | ||
16 | zip -d ${D}${localstatedir}/sota/sota_provisioning_credentials.zip treehub.json | ||
17 | fi | ||
18 | } | ||
19 | |||
20 | FILES_${PN} = " \ | ||
21 | ${localstatedir}/sota/sota_provisioning_credentials.zip \ | ||
22 | " | ||
23 | |||
24 | # vim:set ts=4 sw=4 sts=4 expandtab: | ||
diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov.bb b/recipes-sota/aktualizr/aktualizr-auto-prov.bb new file mode 100644 index 0000000..f506cab --- /dev/null +++ b/recipes-sota/aktualizr/aktualizr-auto-prov.bb | |||
@@ -0,0 +1,43 @@ | |||
1 | SUMMARY = "Aktualizr configuration for autoprovisioning" | ||
2 | DESCRIPTION = "Configuration for automatically provisioning Aktualizr, the SOTA Client application written in C++" | ||
3 | HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" | ||
4 | SECTION = "base" | ||
5 | LICENSE = "MPL-2.0" | ||
6 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" | ||
7 | |||
8 | DEPENDS = "aktualizr-native zip-native" | ||
9 | RDEPENDS_${PN}_append = "${@' aktualizr-auto-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS', True) == '1' else ''}" | ||
10 | PV = "1.0" | ||
11 | PR = "6" | ||
12 | |||
13 | SRC_URI = "" | ||
14 | |||
15 | require credentials.inc | ||
16 | |||
17 | do_install() { | ||
18 | if [ -n "${SOTA_AUTOPROVISION_CREDENTIALS}" ]; then | ||
19 | bbwarn "SOTA_AUTOPROVISION_CREDENTIALS are ignored. Please use SOTA_PACKED_CREDENTIALS" | ||
20 | fi | ||
21 | if [ -n "${SOTA_AUTOPROVISION_URL}" ]; then | ||
22 | bbwarn "SOTA_AUTOPROVISION_URL is ignored. Please use SOTA_PACKED_CREDENTIALS" | ||
23 | fi | ||
24 | if [ -n "${SOTA_AUTOPROVISION_URL_FILE}" ]; then | ||
25 | bbwarn "SOTA_AUTOPROVISION_URL_FILE is ignored. Please use SOTA_PACKED_CREDENTIALS" | ||
26 | fi | ||
27 | if [ -n "${OSTREE_PUSH_CREDENTIALS}" ]; then | ||
28 | bbwarn "OSTREE_PUSH_CREDENTIALS is ignored. Please use SOTA_PACKED_CREDENTIALS" | ||
29 | fi | ||
30 | |||
31 | install -m 0700 -d ${D}${libdir}/sota/conf.d | ||
32 | aktualizr_toml=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-network', 'sota_autoprov_primary.toml', 'sota_autoprov.toml', d)} | ||
33 | |||
34 | install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/${aktualizr_toml} \ | ||
35 | ${D}${libdir}/sota/conf.d/20-${aktualizr_toml} | ||
36 | } | ||
37 | |||
38 | FILES_${PN} = " \ | ||
39 | ${libdir}/sota/conf.d \ | ||
40 | ${libdir}/sota/conf.d/20-${aktualizr_toml} \ | ||
41 | " | ||
42 | |||
43 | # vim:set ts=4 sw=4 sts=4 expandtab: | ||
diff --git a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb new file mode 100644 index 0000000..a729e6b --- /dev/null +++ b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb | |||
@@ -0,0 +1,51 @@ | |||
1 | SUMMARY = "Credentials for implicit provisioning with CA certificate" | ||
2 | SECTION = "base" | ||
3 | LICENSE = "MPL-2.0" | ||
4 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" | ||
5 | |||
6 | DEPENDS = "aktualizr aktualizr-native" | ||
7 | ALLOW_EMPTY_${PN} = "1" | ||
8 | |||
9 | SRC_URI = " \ | ||
10 | file://ca.cnf \ | ||
11 | " | ||
12 | |||
13 | require credentials.inc | ||
14 | |||
15 | export SOTA_CACERT_PATH | ||
16 | export SOTA_CAKEY_PATH | ||
17 | |||
18 | do_install() { | ||
19 | if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then | ||
20 | if [ -z ${SOTA_CACERT_PATH} ]; then | ||
21 | SOTA_CACERT_PATH=${DEPLOY_DIR_IMAGE}/CA/cacert.pem | ||
22 | SOTA_CAKEY_PATH=${DEPLOY_DIR_IMAGE}/CA/ca.private.pem | ||
23 | mkdir -p ${DEPLOY_DIR_IMAGE}/CA | ||
24 | bbwarn "SOTA_CACERT_PATH is not specified, use default one at $SOTA_CACERT_PATH" | ||
25 | |||
26 | if [ ! -f ${SOTA_CACERT_PATH} ]; then | ||
27 | bbwarn "${SOTA_CACERT_PATH} does not exist, generate a new CA" | ||
28 | SOTA_CACERT_DIR_PATH="$(dirname "$SOTA_CACERT_PATH")" | ||
29 | openssl genrsa -out ${SOTA_CACERT_DIR_PATH}/ca.private.pem 4096 | ||
30 | openssl req -key ${SOTA_CACERT_DIR_PATH}/ca.private.pem -new -x509 -days 7300 -out ${SOTA_CACERT_PATH} -subj "/C=DE/ST=Berlin/O=Reis und Kichererbsen e.V/commonName=meta-updater" -batch -config ${WORKDIR}/ca.cnf -extensions cacert | ||
31 | bbwarn "${SOTA_CACERT_PATH} has been created, you'll need to upload it to the server" | ||
32 | fi | ||
33 | fi | ||
34 | |||
35 | if [ -z ${SOTA_CAKEY_PATH} ]; then | ||
36 | bberror "SOTA_CAKEY_PATH should be set when using implicit provisioning" | ||
37 | fi | ||
38 | |||
39 | install -m 0700 -d ${D}${localstatedir}/sota | ||
40 | aktualizr_cert_provider --credentials ${SOTA_PACKED_CREDENTIALS} \ | ||
41 | --device-ca ${SOTA_CACERT_PATH} \ | ||
42 | --device-ca-key ${SOTA_CAKEY_PATH} \ | ||
43 | --root-ca \ | ||
44 | --server-url \ | ||
45 | --local ${D} \ | ||
46 | --config ${STAGING_DIR_HOST}${libdir}/sota/sota_implicit_prov_ca.toml | ||
47 | fi | ||
48 | } | ||
49 | |||
50 | FILES_${PN} = " \ | ||
51 | ${localstatedir}/sota/*" | ||
diff --git a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb new file mode 100644 index 0000000..5893ed2 --- /dev/null +++ b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb | |||
@@ -0,0 +1,31 @@ | |||
1 | SUMMARY = "Aktualizr configuration for implicit provisioning with CA" | ||
2 | DESCRIPTION = "Configuration for implicitly provisioning Aktualizr using externally provided or generated CA" | ||
3 | |||
4 | # WARNING: it is NOT a production solution. The secure way to provision devices is to create certificate request directly on the device | ||
5 | # (either with HSM/TPM or with software) and then sign it with a CA stored on a disconnected machine | ||
6 | |||
7 | HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" | ||
8 | SECTION = "base" | ||
9 | LICENSE = "MPL-2.0" | ||
10 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" | ||
11 | |||
12 | DEPENDS = "aktualizr aktualizr-native openssl-native" | ||
13 | RDEPENDS_${PN}_append = "${@' aktualizr-ca-implicit-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS', True) == '1' else ''}" | ||
14 | |||
15 | PV = "1.0" | ||
16 | PR = "1" | ||
17 | |||
18 | require credentials.inc | ||
19 | |||
20 | do_install() { | ||
21 | install -m 0700 -d ${D}${libdir}/sota/conf.d | ||
22 | |||
23 | install -m 0644 ${STAGING_DIR_HOST}${libdir}/sota/sota_implicit_prov_ca.toml \ | ||
24 | ${D}${libdir}/sota/conf.d/20-sota_implicit_prov_ca.toml | ||
25 | } | ||
26 | |||
27 | FILES_${PN} = " \ | ||
28 | ${libdir}/sota/conf.d/20-sota_implicit_prov_ca.toml \ | ||
29 | " | ||
30 | |||
31 | # vim:set ts=4 sw=4 sts=4 expandtab: | ||
diff --git a/recipes-sota/aktualizr/aktualizr-hsm-prov.bb b/recipes-sota/aktualizr/aktualizr-hsm-prov.bb new file mode 100644 index 0000000..08fffe9 --- /dev/null +++ b/recipes-sota/aktualizr/aktualizr-hsm-prov.bb | |||
@@ -0,0 +1,28 @@ | |||
1 | SUMMARY = "Aktualizr configuration with HSM support" | ||
2 | DESCRIPTION = "Configuration for HSM provisioning with Aktualizr, the SOTA Client application written in C++" | ||
3 | HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" | ||
4 | SECTION = "base" | ||
5 | LICENSE = "MPL-2.0" | ||
6 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" | ||
7 | |||
8 | DEPENDS = "aktualizr aktualizr-native" | ||
9 | RDEPENDS_${PN}_append = "${@' aktualizr-ca-implicit-prov-creds softhsm-testtoken' if d.getVar('SOTA_DEPLOY_CREDENTIALS', True) == '1' else ''}" | ||
10 | |||
11 | SRC_URI = "" | ||
12 | PV = "1.0" | ||
13 | PR = "6" | ||
14 | |||
15 | require credentials.inc | ||
16 | |||
17 | do_install() { | ||
18 | install -m 0700 -d ${D}${libdir}/sota/conf.d | ||
19 | install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_hsm_prov.toml \ | ||
20 | ${D}${libdir}/sota/conf.d/20-sota_hsm_prov.toml | ||
21 | } | ||
22 | |||
23 | FILES_${PN} = " \ | ||
24 | ${libdir}/sota/conf.d \ | ||
25 | ${libdir}/sota/conf.d/20-sota_hsm_prov.toml \ | ||
26 | " | ||
27 | |||
28 | # vim:set ts=4 sw=4 sts=4 expandtab: | ||
diff --git a/recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb b/recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb new file mode 100644 index 0000000..cf75e79 --- /dev/null +++ b/recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb | |||
@@ -0,0 +1,19 @@ | |||
1 | SUMMARY = "Aktualizr configuration snippet to enable uboot bootcount function" | ||
2 | HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" | ||
3 | SECTION = "base" | ||
4 | LICENSE = "MPL-2.0" | ||
5 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" | ||
6 | DEPENDS = "aktualizr-native" | ||
7 | RDEPENDS_${PN} = "aktualizr" | ||
8 | |||
9 | do_install() { | ||
10 | install -m 0700 -d ${D}${libdir}/sota/conf.d | ||
11 | install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_uboot_env.toml ${D}${libdir}/sota/conf.d/30-rollback.toml | ||
12 | } | ||
13 | |||
14 | FILES_${PN} = " \ | ||
15 | ${libdir}/sota/conf.d \ | ||
16 | ${libdir}/sota/conf.d/30-rollback.toml \ | ||
17 | " | ||
18 | |||
19 | # vim:set ts=4 sw=4 sts=4 expandtab: | ||
diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index 8bc580d..e62bdf1 100644..100755 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb | |||
@@ -4,42 +4,133 @@ HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" | |||
4 | SECTION = "base" | 4 | SECTION = "base" |
5 | LICENSE = "MPL-2.0" | 5 | LICENSE = "MPL-2.0" |
6 | LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=9741c346eef56131163e13b9db1241b3" | 6 | LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=9741c346eef56131163e13b9db1241b3" |
7 | DEPENDS = "boost curl openssl jansson libsodium ostree" | 7 | |
8 | RDEPENDS_${PN} = "lshw" | 8 | DEPENDS = "boost curl openssl libarchive libsodium asn1c-native sqlite3 " |
9 | DEPENDS_append_class-target = "ostree ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', ' libp11', '', d)} " | ||
10 | DEPENDS_append_class-native = "glib-2.0-native " | ||
11 | |||
12 | RDEPENDS_${PN}_class-target = "lshw " | ||
13 | RDEPENDS_${PN}_append_class-target = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'serialcan', ' slcand-start', '', d)} " | ||
14 | RDEPENDS_${PN}_append_class-target = " ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'ubootenv', ' u-boot-fw-utils aktualizr-uboot-env-rollback', '', d)} " | ||
15 | |||
16 | RDEPENDS_${PN}_append_class-target = " ${PN}-tools " | ||
17 | RDEPENDS_${PN}-secondary_append_class-target = " ${PN}-tools " | ||
18 | |||
19 | PV = "1.0+git${SRCPV}" | ||
20 | PR = "7" | ||
9 | 21 | ||
10 | SRC_URI = " \ | 22 | SRC_URI = " \ |
11 | git://github.com/advancedtelematic/aktualizr \ | 23 | gitsm://github.com/advancedtelematic/aktualizr;branch=${BRANCH} \ |
12 | file://aktualizr-manual-provision.service \ | 24 | file://aktualizr.service \ |
13 | file://aktualizr-autoprovision.service \ | 25 | file://aktualizr-secondary.service \ |
14 | file://sota_autoprov.toml \ | 26 | file://aktualizr-secondary.socket \ |
27 | file://aktualizr-serialcan.service \ | ||
15 | " | 28 | " |
16 | SRCREV = "1004efa3f86cef90c012b34620992b5762b741e3" | 29 | |
17 | PV = "1.0+git${SRCPV}" | 30 | SRCREV = "d00d1a04cc2366d1a5f143b84b9f507f8bd32c44" |
18 | PR = "6" | 31 | BRANCH ?= "master" |
19 | 32 | ||
20 | S = "${WORKDIR}/git" | 33 | S = "${WORKDIR}/git" |
34 | |||
35 | inherit cmake | ||
36 | |||
37 | inherit systemd | ||
38 | |||
39 | SYSTEMD_PACKAGES = "${PN} ${PN}-secondary" | ||
21 | SYSTEMD_SERVICE_${PN} = "aktualizr.service" | 40 | SYSTEMD_SERVICE_${PN} = "aktualizr.service" |
41 | SYSTEMD_SERVICE_${PN}-secondary = "aktualizr-secondary.socket" | ||
22 | 42 | ||
23 | inherit cmake systemd | 43 | BBCLASSEXTEND =+ "native" |
24 | 44 | ||
25 | EXTRA_OECMAKE = "-DWARNING_AS_ERROR=OFF -DCMAKE_BUILD_TYPE=Release -DBUILD_TESTS=OFF -DBUILD_OSTREE=ON -DAKTUALIZR_VERSION=${PV}" | 45 | require garage-sign-version.inc |
26 | 46 | ||
27 | export SOTA_PACKED_CREDENTIALS | 47 | EXTRA_OECMAKE = "-DWARNING_AS_ERROR=OFF \ |
48 | -DCMAKE_BUILD_TYPE=Release \ | ||
49 | -DAKTUALIZR_VERSION=${PV} \ | ||
50 | -DBUILD_LOAD_TESTS=OFF \ | ||
51 | -Dgtest_disable_pthreads=ON" | ||
52 | EXTRA_OECMAKE_append_class-target = " -DBUILD_OSTREE=ON \ | ||
53 | ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', '-DBUILD_P11=ON', '', d)} " | ||
54 | EXTRA_OECMAKE_append_class-native = " -DBUILD_SOTA_TOOLS=ON \ | ||
55 | -DBUILD_OSTREE=OFF \ | ||
56 | -DBUILD_SYSTEMD=OFF \ | ||
57 | -DGARAGE_SIGN_VERSION=${GARAGE_SIGN_VERSION} \ | ||
58 | -DGARAGE_SIGN_SHA256=${GARAGE_SIGN_SHA256}" | ||
28 | 59 | ||
29 | do_install_append() { | 60 | do_install_append () { |
30 | if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then | 61 | install -d ${D}${libdir}/sota |
31 | install -d ${D}/${systemd_unitdir}/system | 62 | install -m 0644 ${S}/config/sota_autoprov.toml ${D}/${libdir}/sota/sota_autoprov.toml |
32 | install -m 0644 ${WORKDIR}/aktualizr-autoprovision.service ${D}/${systemd_unitdir}/system/aktualizr.service | 63 | install -m 0644 ${S}/config/sota_autoprov_primary.toml ${D}/${libdir}/sota/sota_autoprov_primary.toml |
33 | install -d ${D}/usr/lib/sota | 64 | install -m 0644 ${S}/config/sota_hsm_prov.toml ${D}/${libdir}/sota/sota_hsm_prov.toml |
34 | install -m "0644" ${WORKDIR}/sota_autoprov.toml ${D}/usr/lib/sota/sota.toml | 65 | install -m 0644 ${S}/config/sota_implicit_prov_ca.toml ${D}/${libdir}/sota/sota_implicit_prov_ca.toml |
35 | else | 66 | install -m 0644 ${S}/config/sota_secondary.toml ${D}/${libdir}/sota/sota_secondary.toml |
36 | install -d ${D}/${systemd_unitdir}/system | 67 | install -m 0644 ${S}/config/sota_uboot_env.toml ${D}/${libdir}/sota/sota_uboot_env.toml |
37 | install -m 0644 ${WORKDIR}/aktualizr-manual-provision.service ${D}/${systemd_unitdir}/system/aktualizr.service | 68 | install -d ${D}${systemd_unitdir}/system |
69 | install -m 0644 ${WORKDIR}/aktualizr-secondary.socket ${D}${systemd_unitdir}/system/aktualizr-secondary.socket | ||
70 | install -m 0644 ${WORKDIR}/aktualizr-secondary.service ${D}${systemd_unitdir}/system/aktualizr-secondary.service | ||
71 | install -m 0700 -d ${D}${libdir}/sota/conf.d | ||
72 | install -m 0700 -d ${D}${sysconfdir}/sota/conf.d | ||
73 | |||
74 | if [ -n "${SOTA_SECONDARY_CONFIG_DIR}" ]; then | ||
75 | if [ -d "${SOTA_SECONDARY_CONFIG_DIR}" ]; then | ||
76 | install -m 0700 -d ${D}${sysconfdir}/sota/ecus | ||
77 | install -m 0644 "${SOTA_SECONDARY_CONFIG_DIR}"/* ${D}${sysconfdir}/sota/ecus/ | ||
78 | echo "[uptane]\nsecondary_configs_dir = /etc/sota/ecus/\n" > ${D}${libdir}/sota/conf.d/30-secondary-configs-dir.toml | ||
79 | else | ||
80 | bbwarn "SOTA_SECONDARY_CONFIG_DIR is set to an invalid directory (${SOTA_SECONDARY_CONFIG_DIR})" | ||
81 | fi | ||
38 | fi | 82 | fi |
83 | |||
84 | } | ||
85 | |||
86 | do_install_append_class-target () { | ||
87 | install -m 0755 -d ${D}${systemd_unitdir}/system | ||
88 | aktualizr_service=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'serialcan', '${WORKDIR}/aktualizr-serialcan.service', '${WORKDIR}/aktualizr.service', d)} | ||
89 | install -m 0644 ${aktualizr_service} ${D}${systemd_unitdir}/system/aktualizr.service | ||
90 | } | ||
91 | |||
92 | do_install_append_class-native () { | ||
93 | install -m 0755 ${B}/src/sota_tools/garage-sign/bin/* ${D}${bindir} | ||
94 | install -m 0644 ${B}/src/sota_tools/garage-sign/lib/* ${D}${libdir} | ||
39 | } | 95 | } |
40 | 96 | ||
97 | PACKAGES =+ " ${PN}-examples ${PN}-host-tools ${PN}-tools ${PN}-secondary " | ||
98 | |||
41 | FILES_${PN} = " \ | 99 | FILES_${PN} = " \ |
42 | ${bindir}/aktualizr \ | 100 | ${bindir}/aktualizr \ |
101 | ${bindir}/aktualizr-info \ | ||
102 | ${bindir}/aktualizr-check-discovery \ | ||
43 | ${systemd_unitdir}/system/aktualizr.service \ | 103 | ${systemd_unitdir}/system/aktualizr.service \ |
44 | /usr/lib/sota/sota.toml \ | 104 | ${libdir}/sota/conf.d \ |
105 | ${sysconfdir}/sota/conf.d \ | ||
106 | ${sysconfdir}/sota/ecus/* \ | ||
45 | " | 107 | " |
108 | |||
109 | FILES_${PN}-examples = " \ | ||
110 | ${bindir}/hmi-stub \ | ||
111 | " | ||
112 | |||
113 | FILES_${PN}-host-tools = " \ | ||
114 | ${bindir}/aktualizr-repo \ | ||
115 | ${bindir}/aktualizr-cert-provider \ | ||
116 | ${bindir}/garage-deploy \ | ||
117 | ${bindir}/garage-push \ | ||
118 | ${libdir}/sota/sota_autoprov.toml \ | ||
119 | ${libdir}/sota/sota_autoprov_primary.toml \ | ||
120 | ${libdir}/sota/sota_hsm_prov.toml \ | ||
121 | ${libdir}/sota/sota_implicit_prov_ca.toml \ | ||
122 | ${libdir}/sota/sota_uboot_env.toml \ | ||
123 | " | ||
124 | |||
125 | FILES_${PN}-tools = " \ | ||
126 | ${bindir}/aktualizr-check-discovery \ | ||
127 | " | ||
128 | |||
129 | FILES_${PN}-secondary = " \ | ||
130 | ${bindir}/aktualizr-secondary \ | ||
131 | ${libdir}/sota/sota_secondary.toml \ | ||
132 | ${systemd_unitdir}/system/aktualizr-secondary.socket \ | ||
133 | ${systemd_unitdir}/system/aktualizr-secondary.service \ | ||
134 | " | ||
135 | |||
136 | # vim:set ts=4 sw=4 sts=4 expandtab: | ||
diff --git a/recipes-sota/aktualizr/credentials.inc b/recipes-sota/aktualizr/credentials.inc new file mode 100644 index 0000000..256c8ff --- /dev/null +++ b/recipes-sota/aktualizr/credentials.inc | |||
@@ -0,0 +1 @@ | |||
SRC_URI_append = "${@('file://' + d.getVar('SOTA_PACKED_CREDENTIALS', True)) if d.getVar('SOTA_PACKED_CREDENTIALS', True) else ''}" | |||
diff --git a/recipes-sota/aktualizr/files/aktualizr-autoprovision.service b/recipes-sota/aktualizr/files/aktualizr-autoprovision.service deleted file mode 100644 index 4a595f0..0000000 --- a/recipes-sota/aktualizr/files/aktualizr-autoprovision.service +++ /dev/null | |||
@@ -1,13 +0,0 @@ | |||
1 | [Unit] | ||
2 | Description=Aktualizr SOTA Client | ||
3 | Wants=network-online.target | ||
4 | After=network.target network-online.target | ||
5 | Requires=network-online.target | ||
6 | |||
7 | [Service] | ||
8 | RestartSec=10 | ||
9 | Restart=always | ||
10 | ExecStart=/usr/bin/aktualizr --disable-keyid-validation --config /usr/lib/sota/sota.toml | ||
11 | |||
12 | [Install] | ||
13 | WantedBy=multi-user.target | ||
diff --git a/recipes-sota/aktualizr/files/aktualizr-manual-provision.service b/recipes-sota/aktualizr/files/aktualizr-manual-provision.service deleted file mode 100644 index a70f2f9..0000000 --- a/recipes-sota/aktualizr/files/aktualizr-manual-provision.service +++ /dev/null | |||
@@ -1,13 +0,0 @@ | |||
1 | [Unit] | ||
2 | Description=Aktualizr SOTA Client | ||
3 | Wants=network-online.target | ||
4 | After=network.target network-online.target | ||
5 | Requires=network-online.target | ||
6 | |||
7 | [Service] | ||
8 | RestartSec=10 | ||
9 | Restart=always | ||
10 | ExecStart=/usr/bin/aktualizr --config /sysroot/boot/sota.toml --loglevel 2 | ||
11 | |||
12 | [Install] | ||
13 | WantedBy=multi-user.target | ||
diff --git a/recipes-sota/aktualizr/files/aktualizr-secondary.service b/recipes-sota/aktualizr/files/aktualizr-secondary.service new file mode 100644 index 0000000..9628ee3 --- /dev/null +++ b/recipes-sota/aktualizr/files/aktualizr-secondary.service | |||
@@ -0,0 +1,8 @@ | |||
1 | [Unit] | ||
2 | Description=Aktualizr SOTA Client (UPTANE Secondary) | ||
3 | |||
4 | [Service] | ||
5 | RestartSec=10 | ||
6 | Restart=always | ||
7 | ExecStart=/usr/bin/aktualizr-secondary --config /usr/lib/sota/sota_secondary.toml | ||
8 | |||
diff --git a/recipes-sota/aktualizr/files/aktualizr-secondary.socket b/recipes-sota/aktualizr/files/aktualizr-secondary.socket new file mode 100644 index 0000000..da0ee44 --- /dev/null +++ b/recipes-sota/aktualizr/files/aktualizr-secondary.socket | |||
@@ -0,0 +1,6 @@ | |||
1 | [Socket] | ||
2 | ListenStream=9030 | ||
3 | ListenDatagram=9031 | ||
4 | |||
5 | [Install] | ||
6 | WantedBy=sockets.target \ No newline at end of file | ||
diff --git a/recipes-sota/aktualizr/files/aktualizr-serialcan.service b/recipes-sota/aktualizr/files/aktualizr-serialcan.service new file mode 100644 index 0000000..b42f348 --- /dev/null +++ b/recipes-sota/aktualizr/files/aktualizr-serialcan.service | |||
@@ -0,0 +1,15 @@ | |||
1 | [Unit] | ||
2 | Description=Aktualizr SOTA Client | ||
3 | Wants=network-online.target slcand@ttyACM0.service | ||
4 | After=network.target network-online.target slcand@ttyACM0.service | ||
5 | |||
6 | Requires=network-online.target | ||
7 | |||
8 | [Service] | ||
9 | RestartSec=10 | ||
10 | Restart=always | ||
11 | EnvironmentFile=/usr/lib/sota/sota.env | ||
12 | ExecStart=/bin/sh -c "(ip addr | grep can0) && /usr/bin/aktualizr $AKTUALIZR_CMDLINE_PARAMETERS" | ||
13 | |||
14 | [Install] | ||
15 | WantedBy=multi-user.target | ||
diff --git a/recipes-sota/aktualizr/files/aktualizr.service b/recipes-sota/aktualizr/files/aktualizr.service new file mode 100644 index 0000000..726809e --- /dev/null +++ b/recipes-sota/aktualizr/files/aktualizr.service | |||
@@ -0,0 +1,11 @@ | |||
1 | [Unit] | ||
2 | Description=Aktualizr SOTA Client | ||
3 | After=network.target | ||
4 | |||
5 | [Service] | ||
6 | RestartSec=10 | ||
7 | Restart=always | ||
8 | ExecStart=/usr/bin/aktualizr $AKTUALIZR_CMDLINE_PARAMETERS | ||
9 | |||
10 | [Install] | ||
11 | WantedBy=multi-user.target | ||
diff --git a/recipes-sota/aktualizr/files/ca.cnf b/recipes-sota/aktualizr/files/ca.cnf new file mode 100644 index 0000000..352ec38 --- /dev/null +++ b/recipes-sota/aktualizr/files/ca.cnf | |||
@@ -0,0 +1,10 @@ | |||
1 | [req] | ||
2 | req_extensions = cacert | ||
3 | distinguished_name = req_distinguished_name | ||
4 | |||
5 | [req_distinguished_name] | ||
6 | |||
7 | [cacert] | ||
8 | basicConstraints = critical,CA:true | ||
9 | keyUsage = keyCertSign | ||
10 | |||
diff --git a/recipes-sota/aktualizr/files/sota_autoprov.toml b/recipes-sota/aktualizr/files/sota_autoprov.toml deleted file mode 100644 index 9fbb093..0000000 --- a/recipes-sota/aktualizr/files/sota_autoprov.toml +++ /dev/null | |||
@@ -1,14 +0,0 @@ | |||
1 | [tls] | ||
2 | certificates_directory = "/var/sota/" | ||
3 | ca_file = "root.crt" | ||
4 | client_certificate = "client.pem" | ||
5 | pkey_file = "pkey.pem" | ||
6 | |||
7 | [uptane] | ||
8 | metadata_path = "/var/sota/metadata" | ||
9 | private_key_path = "ecukey.der" | ||
10 | public_key_path = "ecukey.pub" | ||
11 | |||
12 | [provision] | ||
13 | provision_path = "/var/sota/sota_provisioning_credentials.zip" | ||
14 | |||
diff --git a/recipes-sota/aktualizr/garage-sign-version.inc b/recipes-sota/aktualizr/garage-sign-version.inc new file mode 100644 index 0000000..1b89a3d --- /dev/null +++ b/recipes-sota/aktualizr/garage-sign-version.inc | |||
@@ -0,0 +1,36 @@ | |||
1 | |||
2 | python () { | ||
3 | if d.getVar("GARAGE_SIGN_VERSION", True) or not d.getVar("SOTA_PACKED_CREDENTIALS", True): | ||
4 | return | ||
5 | import json | ||
6 | import urllib.request | ||
7 | import zipfile | ||
8 | with zipfile.ZipFile(d.getVar("SOTA_PACKED_CREDENTIALS", True), 'r') as zip_ref: | ||
9 | try: | ||
10 | with zip_ref.open('tufrepo.url', mode='r') as url_file: | ||
11 | url = url_file.read().decode().strip(' \t\n') + '/health/version' | ||
12 | except (KeyError, ValueError, RuntimeError): | ||
13 | return | ||
14 | connected = False | ||
15 | tries = 3 | ||
16 | for i in range(tries): | ||
17 | try: | ||
18 | r = urllib.request.urlopen(url) | ||
19 | if r.code == 200: | ||
20 | connected = True | ||
21 | break | ||
22 | else: | ||
23 | print('Bad return code from server ' + url + ': ' + str(r.code) + | ||
24 | ' (attempt ' + str(i + 1) + ' of ' + str(tries) + ')') | ||
25 | except urllib.error.URLError as e: | ||
26 | print('Error connecting to server ' + url + ': ' + str(e) + | ||
27 | ' (attempt ' + str(i + 1) + ' of ' + str(tries) + ')') | ||
28 | if not connected: | ||
29 | return | ||
30 | resp = r.read().decode('utf-8') | ||
31 | j = json.loads(resp) | ||
32 | version = 'cli-' + j['version'] + '.tgz' | ||
33 | d.setVar("GARAGE_SIGN_VERSION", version) | ||
34 | } | ||
35 | |||
36 | # vim:set ts=4 sw=4 sts=4 expandtab: | ||