diff options
Diffstat (limited to 'classes/image_types_ostree.bbclass')
-rw-r--r-- | classes/image_types_ostree.bbclass | 39 |
1 files changed, 22 insertions, 17 deletions
diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass index e6bea76..f350449 100644 --- a/classes/image_types_ostree.bbclass +++ b/classes/image_types_ostree.bbclass | |||
@@ -119,6 +119,7 @@ IMAGE_CMD_ostree () { | |||
119 | fi | 119 | fi |
120 | 120 | ||
121 | if [ -n "${SOTA_SECONDARY_ECUS}" ]; then | 121 | if [ -n "${SOTA_SECONDARY_ECUS}" ]; then |
122 | mkdir -p var/sota/ecus | ||
122 | cp ${SOTA_SECONDARY_ECUS} var/sota/ecus | 123 | cp ${SOTA_SECONDARY_ECUS} var/sota/ecus |
123 | fi | 124 | fi |
124 | 125 | ||
@@ -179,11 +180,11 @@ IMAGE_CMD_ostreepush () { | |||
179 | } | 180 | } |
180 | 181 | ||
181 | IMAGE_TYPEDEP_garagesign = "ostreepush" | 182 | IMAGE_TYPEDEP_garagesign = "ostreepush" |
182 | do_image_ostreepush[depends] += "garage-sign-native:do_populate_sysroot" | 183 | do_image_garage_sign[depends] += "aktualizr-native:do_populate_sysroot" |
183 | IMAGE_CMD_garagesign () { | 184 | IMAGE_CMD_garagesign () { |
184 | if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then | 185 | if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then |
185 | # if credentials are issued by a server that doesn't support offline signing, exit silently | 186 | # if credentials are issued by a server that doesn't support offline signing, exit silently |
186 | unzip -p ${SOTA_PACKED_CREDENTIALS} root.json targets.pub targets.sec 2>&1 >/dev/null || exit 0 | 187 | unzip -p ${SOTA_PACKED_CREDENTIALS} root.json targets.pub targets.sec tufrepo.url 2>&1 >/dev/null || exit 0 |
187 | 188 | ||
188 | java_version=$( java -version 2>&1 | awk -F '"' '/version/ {print $2}' ) | 189 | java_version=$( java -version 2>&1 | awk -F '"' '/version/ {print $2}' ) |
189 | if [ "${java_version}" = "" ]; then | 190 | if [ "${java_version}" = "" ]; then |
@@ -194,15 +195,8 @@ IMAGE_CMD_garagesign () { | |||
194 | exit 1 | 195 | exit 1 |
195 | fi | 196 | fi |
196 | 197 | ||
197 | if [ ! -d "${GARAGE_SIGN_REPO}" ]; then | 198 | rm -rf ${GARAGE_SIGN_REPO} |
198 | garage-sign init --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --credentials ${SOTA_PACKED_CREDENTIALS} | 199 | garage-sign init --repo tufrepo --home-dir ${GARAGE_SIGN_REPO} --credentials ${SOTA_PACKED_CREDENTIALS} |
199 | fi | ||
200 | |||
201 | if [ -n "${GARAGE_SIGN_REPOSERVER}" ]; then | ||
202 | reposerver_args="--reposerver ${GARAGE_SIGN_REPOSERVER}" | ||
203 | else | ||
204 | reposerver_args="" | ||
205 | fi | ||
206 | 200 | ||
207 | ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME}) | 201 | ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME}) |
208 | 202 | ||
@@ -210,11 +204,11 @@ IMAGE_CMD_garagesign () { | |||
210 | # in which case targets.json should be pulled again and the whole procedure repeated | 204 | # in which case targets.json should be pulled again and the whole procedure repeated |
211 | push_success=0 | 205 | push_success=0 |
212 | for push_retries in $( seq 3 ); do | 206 | for push_retries in $( seq 3 ); do |
213 | garage-sign targets pull --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} ${reposerver_args} | 207 | garage-sign targets pull --repo tufrepo --home-dir ${GARAGE_SIGN_REPO} |
214 | garage-sign targets add --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --name ${OSTREE_BRANCHNAME} --format OSTREE --version ${OSTREE_BRANCHNAME} --length 0 --url "https://example.com/" --sha256 ${ostree_target_hash} --hardwareids ${MACHINE} | 208 | garage-sign targets add --repo tufrepo --home-dir ${GARAGE_SIGN_REPO} --name ${OSTREE_BRANCHNAME} --format OSTREE --version ${ostree_target_hash} --length 0 --url "https://example.com/" --sha256 ${ostree_target_hash} --hardwareids ${MACHINE} |
215 | garage-sign targets sign --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --key-name=targets | 209 | garage-sign targets sign --repo tufrepo --home-dir ${GARAGE_SIGN_REPO} --key-name=targets |
216 | errcode=0 | 210 | errcode=0 |
217 | garage-sign targets push --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} ${reposerver_args} || errcode=$? | 211 | garage-sign targets push --repo tufrepo --home-dir ${GARAGE_SIGN_REPO} || errcode=$? |
218 | if [ "$errcode" -eq "0" ]; then | 212 | if [ "$errcode" -eq "0" ]; then |
219 | push_success=1 | 213 | push_success=1 |
220 | break | 214 | break |
@@ -227,9 +221,20 @@ IMAGE_CMD_garagesign () { | |||
227 | bberror "Couldn't push to garage repository" | 221 | bberror "Couldn't push to garage repository" |
228 | exit 1 | 222 | exit 1 |
229 | fi | 223 | fi |
230 | else | ||
231 | bbwarn "SOTA_PACKED_CREDENTIALS not set. Please add SOTA_PACKED_CREDENTIALS." | ||
232 | fi | 224 | fi |
233 | } | 225 | } |
234 | 226 | ||
227 | IMAGE_TYPEDEP_garagecheck = "ostreepush garagesign" | ||
228 | do_image_garagecheck[depends] += "aktualizr-native:do_populate_sysroot" | ||
229 | IMAGE_CMD_garagecheck () { | ||
230 | if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then | ||
231 | # if credentials are issued by a server that doesn't support offline signing, exit silently | ||
232 | unzip -p ${SOTA_PACKED_CREDENTIALS} root.json targets.pub targets.sec tufrepo.url 2>&1 >/dev/null || exit 0 | ||
233 | ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME}) | ||
234 | |||
235 | garage-check --ref=${ostree_target_hash} \ | ||
236 | --credentials=${SOTA_PACKED_CREDENTIALS} \ | ||
237 | --cacert=${STAGING_ETCDIR_NATIVE}/ssl/certs/ca-certificates.crt | ||
238 | fi | ||
239 | } | ||
235 | # vim:set ts=4 sw=4 sts=4 expandtab: | 240 | # vim:set ts=4 sw=4 sts=4 expandtab: |