diff options
-rw-r--r-- | classes/image_types_ostree.bbclass | 59 | ||||
-rw-r--r-- | recipes-sota/aktualizr/aktualizr_git.bb | 6 | ||||
-rw-r--r-- | recipes-sota/aktualizr/files/aktualizr-autoprovision.service | 3 | ||||
-rw-r--r-- | recipes-sota/aktualizr/files/sota_autoprov.toml | 4 |
4 files changed, 22 insertions, 50 deletions
diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass index ac7cb60..d01cb9f 100644 --- a/classes/image_types_ostree.bbclass +++ b/classes/image_types_ostree.bbclass | |||
@@ -17,36 +17,6 @@ OSTREE_KERNEL ??= "${KERNEL_IMAGETYPE}" | |||
17 | 17 | ||
18 | export SYSTEMD_USED = "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', '', d)}" | 18 | export SYSTEMD_USED = "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', '', d)}" |
19 | 19 | ||
20 | python () { | ||
21 | if d.getVar("SOTA_PACKED_CREDENTIALS", True): | ||
22 | if d.getVar("SOTA_AUTOPROVISION_CREDENTIALS", True): | ||
23 | bb.warn("SOTA_AUTOPROVISION_CREDENTIALS are overriden by those in SOTA_PACKED_CREDENTIALS") | ||
24 | if d.getVar("SOTA_AUTOPROVISION_URL", True): | ||
25 | bb.warn("SOTA_AUTOPROVISION_URL is overriden by the one in SOTA_PACKED_CREDENTIALS") | ||
26 | |||
27 | if d.getVar("SOTA_AUTOPROVISION_URL_FILE", True): | ||
28 | bb.warn("SOTA_AUTOPROVISION_URL_FILE is overriden by the one in SOTA_PACKED_CREDENTIALS") | ||
29 | |||
30 | if d.getVar("OSTREE_PUSH_CREDENTIALS", True): | ||
31 | bb.warn("OSTREE_PUSH_CREDENTIALS are overriden by those in SOTA_PACKED_CREDENTIALS") | ||
32 | |||
33 | d.setVar("SOTA_AUTOPROVISION_CREDENTIALS", "%s/sota_credentials/autoprov_credentials.p12" % d.getVar("DEPLOY_DIR_IMAGE", True)) | ||
34 | d.setVar("SOTA_AUTOPROVISION_URL_FILE", "%s/sota_credentials/autoprov.url" % d.getVar("DEPLOY_DIR_IMAGE", True)) | ||
35 | d.setVar("OSTREE_PUSH_CREDENTIALS", "%s/sota_credentials/treehub.json" % d.getVar("DEPLOY_DIR_IMAGE", True)) | ||
36 | } | ||
37 | |||
38 | IMAGE_DEPENDS_ostreecredunpack = "unzip-native:do_populate_sysroot" | ||
39 | |||
40 | IMAGE_CMD_ostreecredunpack () { | ||
41 | if [ ${SOTA_PACKED_CREDENTIALS} ]; then | ||
42 | rm -rf ${DEPLOY_DIR_IMAGE}/sota_credentials | ||
43 | |||
44 | unzip ${SOTA_PACKED_CREDENTIALS} -d ${DEPLOY_DIR_IMAGE}/sota_credentials | ||
45 | fi | ||
46 | } | ||
47 | |||
48 | IMAGE_TYPEDEP_ostree = "ostreecredunpack" | ||
49 | |||
50 | IMAGE_CMD_ostree () { | 20 | IMAGE_CMD_ostree () { |
51 | if [ -z "$OSTREE_REPO" ]; then | 21 | if [ -z "$OSTREE_REPO" ]; then |
52 | bbfatal "OSTREE_REPO should be set in your local.conf" | 22 | bbfatal "OSTREE_REPO should be set in your local.conf" |
@@ -145,21 +115,24 @@ IMAGE_CMD_ostree () { | |||
145 | ln -sf var/roothome root | 115 | ln -sf var/roothome root |
146 | fi | 116 | fi |
147 | 117 | ||
148 | # deploy SOTA credentials | ||
149 | mkdir -p var/sota | 118 | mkdir -p var/sota |
150 | 119 | ||
151 | if [ -n "${SOTA_AUTOPROVISION_CREDENTIALS}" ]; then | 120 | if [ -n "${SOTA_AUTOPROVISION_CREDENTIALS}" ]; then |
152 | EXPDATE=`openssl pkcs12 -in ${SOTA_AUTOPROVISION_CREDENTIALS} -password "pass:" -nodes 2>/dev/null | openssl x509 -noout -enddate | cut -f2 -d "="` | 121 | bbwarn "SOTA_AUTOPROVISION_CREDENTIALS are ignored. Please use SOTA_PACKED_CREDENTIALS" |
153 | 122 | fi | |
154 | if [ `date +%s` -ge `date -d "${EXPDATE}" +%s` ]; then | 123 | if [ -n "${SOTA_AUTOPROVISION_URL}" ]; then |
155 | bberror "Certificate ${SOTA_AUTOPROVISION_CREDENTIALS} has expired on ${EXPDATE}" | 124 | bbwarn "SOTA_AUTOPROVISION_URL is ignored. Please use SOTA_PACKED_CREDENTIALS" |
156 | fi | 125 | fi |
126 | if [ -n "${SOTA_AUTOPROVISION_URL_FILE}" ]; then | ||
127 | bbwarn "SOTA_AUTOPROVISION_URL_FILE is ignored. Please use SOTA_PACKED_CREDENTIALS" | ||
128 | fi | ||
129 | if [ -n "${OSTREE_PUSH_CREDENTIALS}" ]; then | ||
130 | bbwarn "OSTREE_PUSH_CREDENTIALS is ignored. Please use SOTA_PACKED_CREDENTIALS" | ||
131 | fi | ||
157 | 132 | ||
158 | cp ${SOTA_AUTOPROVISION_CREDENTIALS} var/sota/sota_provisioning_credentials.p12 | 133 | # deploy SOTA credentials |
159 | if [ -n "${SOTA_AUTOPROVISION_URL_FILE}" ]; then | 134 | if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then |
160 | export SOTA_AUTOPROVISION_URL=`cat ${SOTA_AUTOPROVISION_URL_FILE}` | 135 | cp ${SOTA_PACKED_CREDENTIALS} var/sota/sota_provisioning_credentials.zip |
161 | fi | ||
162 | echo "SOTA_GATEWAY_URI=${SOTA_AUTOPROVISION_URL}" > var/sota/sota_provisioning_url.env | ||
163 | fi | 136 | fi |
164 | 137 | ||
165 | if [ -n "${SOTA_SECONDARY_ECUS}" ]; then | 138 | if [ -n "${SOTA_SECONDARY_ECUS}" ]; then |
@@ -207,10 +180,10 @@ IMAGE_CMD_ostree () { | |||
207 | IMAGE_TYPEDEP_ostreepush = "ostree" | 180 | IMAGE_TYPEDEP_ostreepush = "ostree" |
208 | IMAGE_DEPENDS_ostreepush = "sota-tools-native:do_populate_sysroot" | 181 | IMAGE_DEPENDS_ostreepush = "sota-tools-native:do_populate_sysroot" |
209 | IMAGE_CMD_ostreepush () { | 182 | IMAGE_CMD_ostreepush () { |
210 | if [ -n "${OSTREE_PUSH_CREDENTIALS}" ]; then | 183 | if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then |
211 | garage-push --repo=${OSTREE_REPO} \ | 184 | garage-push --repo=${OSTREE_REPO} \ |
212 | --ref=${OSTREE_BRANCHNAME} \ | 185 | --ref=${OSTREE_BRANCHNAME} \ |
213 | --credentials=${OSTREE_PUSH_CREDENTIALS} \ | 186 | --credentials=${SOTA_PACKED_CREDENTIALS} \ |
214 | --cacert=${STAGING_ETCDIR_NATIVE}/ssl/certs/ca-certificates.crt | 187 | --cacert=${STAGING_ETCDIR_NATIVE}/ssl/certs/ca-certificates.crt |
215 | fi | 188 | fi |
216 | } | 189 | } |
diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index 359c9fb..8bc580d 100644 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb | |||
@@ -13,8 +13,9 @@ SRC_URI = " \ | |||
13 | file://aktualizr-autoprovision.service \ | 13 | file://aktualizr-autoprovision.service \ |
14 | file://sota_autoprov.toml \ | 14 | file://sota_autoprov.toml \ |
15 | " | 15 | " |
16 | SRCREV = "c24f1fc9b600113cf9f2d3d7215e406cbbb70ac4" | 16 | SRCREV = "1004efa3f86cef90c012b34620992b5762b741e3" |
17 | PV = "1.0+git${SRCPV}" | 17 | PV = "1.0+git${SRCPV}" |
18 | PR = "6" | ||
18 | 19 | ||
19 | S = "${WORKDIR}/git" | 20 | S = "${WORKDIR}/git" |
20 | SYSTEMD_SERVICE_${PN} = "aktualizr.service" | 21 | SYSTEMD_SERVICE_${PN} = "aktualizr.service" |
@@ -23,11 +24,10 @@ inherit cmake systemd | |||
23 | 24 | ||
24 | EXTRA_OECMAKE = "-DWARNING_AS_ERROR=OFF -DCMAKE_BUILD_TYPE=Release -DBUILD_TESTS=OFF -DBUILD_OSTREE=ON -DAKTUALIZR_VERSION=${PV}" | 25 | EXTRA_OECMAKE = "-DWARNING_AS_ERROR=OFF -DCMAKE_BUILD_TYPE=Release -DBUILD_TESTS=OFF -DBUILD_OSTREE=ON -DAKTUALIZR_VERSION=${PV}" |
25 | 26 | ||
26 | export SOTA_AUTOPROVISION_CREDENTIALS | ||
27 | export SOTA_PACKED_CREDENTIALS | 27 | export SOTA_PACKED_CREDENTIALS |
28 | 28 | ||
29 | do_install_append() { | 29 | do_install_append() { |
30 | if [ -n "${SOTA_AUTOPROVISION_CREDENTIALS}" -o -n "${SOTA_PACKED_CREDENTIALS}" ]; then | 30 | if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then |
31 | install -d ${D}/${systemd_unitdir}/system | 31 | install -d ${D}/${systemd_unitdir}/system |
32 | install -m 0644 ${WORKDIR}/aktualizr-autoprovision.service ${D}/${systemd_unitdir}/system/aktualizr.service | 32 | install -m 0644 ${WORKDIR}/aktualizr-autoprovision.service ${D}/${systemd_unitdir}/system/aktualizr.service |
33 | install -d ${D}/usr/lib/sota | 33 | install -d ${D}/usr/lib/sota |
diff --git a/recipes-sota/aktualizr/files/aktualizr-autoprovision.service b/recipes-sota/aktualizr/files/aktualizr-autoprovision.service index fd0ab09..4a595f0 100644 --- a/recipes-sota/aktualizr/files/aktualizr-autoprovision.service +++ b/recipes-sota/aktualizr/files/aktualizr-autoprovision.service | |||
@@ -7,8 +7,7 @@ Requires=network-online.target | |||
7 | [Service] | 7 | [Service] |
8 | RestartSec=10 | 8 | RestartSec=10 |
9 | Restart=always | 9 | Restart=always |
10 | EnvironmentFile=/var/sota/sota_provisioning_url.env | 10 | ExecStart=/usr/bin/aktualizr --disable-keyid-validation --config /usr/lib/sota/sota.toml |
11 | ExecStart=/usr/bin/aktualizr --disable-keyid-validation --tls-server ${SOTA_GATEWAY_URI} --config /usr/lib/sota/sota.toml | ||
12 | 11 | ||
13 | [Install] | 12 | [Install] |
14 | WantedBy=multi-user.target | 13 | WantedBy=multi-user.target |
diff --git a/recipes-sota/aktualizr/files/sota_autoprov.toml b/recipes-sota/aktualizr/files/sota_autoprov.toml index 8799553..9d4ce3b 100644 --- a/recipes-sota/aktualizr/files/sota_autoprov.toml +++ b/recipes-sota/aktualizr/files/sota_autoprov.toml | |||
@@ -1,9 +1,9 @@ | |||
1 | [device] | 1 | [device] |
2 | packages_dir = "/tmp/packages_dir" | 2 | packages_dir = "/tmp/packages_dir" |
3 | certificates_directory = "/var/sota" | ||
4 | system_info = "system_info.sh" | 3 | system_info = "system_info.sh" |
5 | 4 | ||
6 | [tls] | 5 | [tls] |
6 | certificates_directory = "/var/sota/" | ||
7 | ca_file = "root.crt" | 7 | ca_file = "root.crt" |
8 | client_certificate = "client.pem" | 8 | client_certificate = "client.pem" |
9 | pkey_file = "pkey.pem" | 9 | pkey_file = "pkey.pem" |
@@ -14,5 +14,5 @@ private_key_path = "ecukey.der" | |||
14 | public_key_path = "ecukey.pub" | 14 | public_key_path = "ecukey.pub" |
15 | 15 | ||
16 | [provision] | 16 | [provision] |
17 | p12_path = "sota_provisioning_credentials.p12" | 17 | provision_path = "/var/sota/sota_provisioning_credentials.zip" |
18 | 18 | ||