1 files changed, 56 insertions, 0 deletions
diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass
index dcc6fc9..172f2c8 100644
--- a/classes/image_types_ostree.bbclass
+++ b/classes/image_types_ostree.bbclass
@@ -5,6 +5,7 @@ inherit image
 IMAGE_DEPENDS_ostree = "ostree-native:do_populate_sysroot \
                        openssl-native:do_populate_sysroot \
                        coreutils-native:do_populate_sysroot \
+                        unzip-native:do_populate_sysroot \
                        virtual/kernel:do_deploy \
                        ${OSTREE_INITRAMFS_IMAGE}:do_image_complete"
@@ -104,6 +105,7 @@ IMAGE_CMD_ostree () {
    if [ -d root ] && [ ! -L root ]; then
        if [ "$(ls -A root)" ]; then
            bberror "Data in /root directory is not preserved by OSTree."
+            exit 1
        fi
        if [ -n "$SYSTEMD_USED" ]; then
@@ -176,4 +178,58 @@ IMAGE_CMD_ostreepush () {
    fi
 }
+IMAGE_TYPEDEP_garagesign = "ostreepush"
+IMAGE_DEPENDS_garagesign = "garage-sign-native:do_populate_sysroot"
+IMAGE_CMD_garagesign () {
+    if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
+        # if credentials are issued by a server that doesn't support offline signing, exit silently
+        unzip -p ${SOTA_PACKED_CREDENTIALS} root.json targets.pub targets.sec 2>&1 >/dev/null || exit 0
+        java_version=$( java -version 2>&1 | awk -F '"' '/version/ {print $2}' )
+        if [ "${java_version}" = "" ]; then
+            bberror "Java is required for synchronization with update backend, but is not installed on the host machine"
+            exit 1
+        elif [ "${java_version}" \< "1.8" ]; then
+            bberror "Java version >= 8 is required for synchronization with update backend"
+            exit 1
+        fi
+        if [ ! -d "${GARAGE_SIGN_REPO}" ]; then
+            garage-sign init --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --credentials ${SOTA_PACKED_CREDENTIALS}
+        fi
+        if [ -n "${GARAGE_SIGN_REPOSERVER}" ]; then
+            reposerver_args="--reposerver ${GARAGE_SIGN_REPOSERVER}"
+        else
+            reposerver_args=""
+        fi
+        ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME})
+        # Push may fail due to race condition when multiple build machines try to push simultaneously
+        #   in which case targets.json should be pulled again and the whole procedure repeated
+        push_success=0
+        for push_retries in $( seq 3 ); do
+            garage-sign targets pull --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} ${reposerver_args}
+            garage-sign targets add --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --name ${OSTREE_BRANCHNAME} --format OSTREE --version ${OSTREE_BRANCHNAME} --length 0 --url "https://example.com/" --sha256 ${ostree_target_hash} --hardwareids ${MACHINE}
+            garage-sign targets sign --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --key-name=targets
+            errcode=0
+            garage-sign targets push --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} ${reposerver_args} || errcode=$?
+            if [ "$errcode" -eq "0" ]; then
+                push_success=1
+                break
+            else
+                bbwarn "Push to garage repository has failed, retrying"
+            fi
+        done
+        if [ "$push_success" -ne "1" ]; then
+            bberror "Couldn't push to garage repository"
+            exit 1
+        fi
+    else
+        bbwarn "SOTA_PACKED_CREDENTIALS not set. Please add SOTA_PACKED_CREDENTIALS."
+    fi
+}
 # vim:set ts=4 sw=4 sts=4 expandtab:

diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass index dcc6fc9..172f2c8 100644 --- a/classes/image_types_ostree.bbclass +++ b/classes/image_types_ostree.bbclass
@@ -5,6 +5,7 @@ inherit image
5	IMAGE_DEPENDS_ostree = "ostree-native:do_populate_sysroot \	5	IMAGE_DEPENDS_ostree = "ostree-native:do_populate_sysroot \
6	openssl-native:do_populate_sysroot \	6	openssl-native:do_populate_sysroot \
7	coreutils-native:do_populate_sysroot \	7	coreutils-native:do_populate_sysroot \
		8	unzip-native:do_populate_sysroot \
8	virtual/kernel:do_deploy \	9	virtual/kernel:do_deploy \
9	${OSTREE_INITRAMFS_IMAGE}:do_image_complete"	10	${OSTREE_INITRAMFS_IMAGE}:do_image_complete"
10		11
@@ -104,6 +105,7 @@ IMAGE_CMD_ostree () {
104	if [ -d root ] && [ ! -L root ]; then	105	if [ -d root ] && [ ! -L root ]; then
105	if [ "$(ls -A root)" ]; then	106	if [ "$(ls -A root)" ]; then
106	bberror "Data in /root directory is not preserved by OSTree."	107	bberror "Data in /root directory is not preserved by OSTree."
		108	exit 1
107	fi	109	fi
108		110
109	if [ -n "$SYSTEMD_USED" ]; then	111	if [ -n "$SYSTEMD_USED" ]; then
@@ -176,4 +178,58 @@ IMAGE_CMD_ostreepush () {
176	fi	178	fi
177	}	179	}
178		180
		181	IMAGE_TYPEDEP_garagesign = "ostreepush"
		182	IMAGE_DEPENDS_garagesign = "garage-sign-native:do_populate_sysroot"
		183	IMAGE_CMD_garagesign () {
		184	if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
		185	# if credentials are issued by a server that doesn't support offline signing, exit silently
		186	unzip -p ${SOTA_PACKED_CREDENTIALS} root.json targets.pub targets.sec 2>&1 >/dev/null \|\| exit 0
		187
		188	java_version=$( java -version 2>&1 \| awk -F '"' '/version/ {print $2}' )
		189	if [ "${java_version}" = "" ]; then
		190	bberror "Java is required for synchronization with update backend, but is not installed on the host machine"
		191	exit 1
		192	elif [ "${java_version}" \< "1.8" ]; then
		193	bberror "Java version >= 8 is required for synchronization with update backend"
		194	exit 1
		195	fi
		196
		197	if [ ! -d "${GARAGE_SIGN_REPO}" ]; then
		198	garage-sign init --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --credentials ${SOTA_PACKED_CREDENTIALS}
		199	fi
		200
		201	if [ -n "${GARAGE_SIGN_REPOSERVER}" ]; then
		202	reposerver_args="--reposerver ${GARAGE_SIGN_REPOSERVER}"
		203	else
		204	reposerver_args=""
		205	fi
		206
		207	ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME})
		208
		209	# Push may fail due to race condition when multiple build machines try to push simultaneously
		210	# in which case targets.json should be pulled again and the whole procedure repeated
		211	push_success=0
		212	for push_retries in $( seq 3 ); do
		213	garage-sign targets pull --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} ${reposerver_args}
		214	garage-sign targets add --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --name ${OSTREE_BRANCHNAME} --format OSTREE --version ${OSTREE_BRANCHNAME} --length 0 --url "https://example.com/" --sha256 ${ostree_target_hash} --hardwareids ${MACHINE}
		215	garage-sign targets sign --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --key-name=targets
		216	errcode=0
		217	garage-sign targets push --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} ${reposerver_args} \|\| errcode=$?
		218	if [ "$errcode" -eq "0" ]; then
		219	push_success=1
		220	break
		221	else
		222	bbwarn "Push to garage repository has failed, retrying"
		223	fi
		224	done
		225
		226	if [ "$push_success" -ne "1" ]; then
		227	bberror "Couldn't push to garage repository"
		228	exit 1
		229	fi
		230	else
		231	bbwarn "SOTA_PACKED_CREDENTIALS not set. Please add SOTA_PACKED_CREDENTIALS."
		232	fi
		233	}
		234
179	# vim:set ts=4 sw=4 sts=4 expandtab:	235	# vim:set ts=4 sw=4 sts=4 expandtab: