diff options
Diffstat (limited to 'classes/image_types_ostree.bbclass')
| -rw-r--r-- | classes/image_types_ostree.bbclass | 39 |
1 files changed, 22 insertions, 17 deletions
diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass index e6bea76..f350449 100644 --- a/classes/image_types_ostree.bbclass +++ b/classes/image_types_ostree.bbclass | |||
| @@ -119,6 +119,7 @@ IMAGE_CMD_ostree () { | |||
| 119 | fi | 119 | fi |
| 120 | 120 | ||
| 121 | if [ -n "${SOTA_SECONDARY_ECUS}" ]; then | 121 | if [ -n "${SOTA_SECONDARY_ECUS}" ]; then |
| 122 | mkdir -p var/sota/ecus | ||
| 122 | cp ${SOTA_SECONDARY_ECUS} var/sota/ecus | 123 | cp ${SOTA_SECONDARY_ECUS} var/sota/ecus |
| 123 | fi | 124 | fi |
| 124 | 125 | ||
| @@ -179,11 +180,11 @@ IMAGE_CMD_ostreepush () { | |||
| 179 | } | 180 | } |
| 180 | 181 | ||
| 181 | IMAGE_TYPEDEP_garagesign = "ostreepush" | 182 | IMAGE_TYPEDEP_garagesign = "ostreepush" |
| 182 | do_image_ostreepush[depends] += "garage-sign-native:do_populate_sysroot" | 183 | do_image_garage_sign[depends] += "aktualizr-native:do_populate_sysroot" |
| 183 | IMAGE_CMD_garagesign () { | 184 | IMAGE_CMD_garagesign () { |
| 184 | if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then | 185 | if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then |
| 185 | # if credentials are issued by a server that doesn't support offline signing, exit silently | 186 | # if credentials are issued by a server that doesn't support offline signing, exit silently |
| 186 | unzip -p ${SOTA_PACKED_CREDENTIALS} root.json targets.pub targets.sec 2>&1 >/dev/null || exit 0 | 187 | unzip -p ${SOTA_PACKED_CREDENTIALS} root.json targets.pub targets.sec tufrepo.url 2>&1 >/dev/null || exit 0 |
| 187 | 188 | ||
| 188 | java_version=$( java -version 2>&1 | awk -F '"' '/version/ {print $2}' ) | 189 | java_version=$( java -version 2>&1 | awk -F '"' '/version/ {print $2}' ) |
| 189 | if [ "${java_version}" = "" ]; then | 190 | if [ "${java_version}" = "" ]; then |
| @@ -194,15 +195,8 @@ IMAGE_CMD_garagesign () { | |||
| 194 | exit 1 | 195 | exit 1 |
| 195 | fi | 196 | fi |
| 196 | 197 | ||
| 197 | if [ ! -d "${GARAGE_SIGN_REPO}" ]; then | 198 | rm -rf ${GARAGE_SIGN_REPO} |
| 198 | garage-sign init --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --credentials ${SOTA_PACKED_CREDENTIALS} | 199 | garage-sign init --repo tufrepo --home-dir ${GARAGE_SIGN_REPO} --credentials ${SOTA_PACKED_CREDENTIALS} |
| 199 | fi | ||
| 200 | |||
| 201 | if [ -n "${GARAGE_SIGN_REPOSERVER}" ]; then | ||
| 202 | reposerver_args="--reposerver ${GARAGE_SIGN_REPOSERVER}" | ||
| 203 | else | ||
| 204 | reposerver_args="" | ||
| 205 | fi | ||
| 206 | 200 | ||
| 207 | ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME}) | 201 | ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME}) |
| 208 | 202 | ||
| @@ -210,11 +204,11 @@ IMAGE_CMD_garagesign () { | |||
| 210 | # in which case targets.json should be pulled again and the whole procedure repeated | 204 | # in which case targets.json should be pulled again and the whole procedure repeated |
| 211 | push_success=0 | 205 | push_success=0 |
| 212 | for push_retries in $( seq 3 ); do | 206 | for push_retries in $( seq 3 ); do |
| 213 | garage-sign targets pull --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} ${reposerver_args} | 207 | garage-sign targets pull --repo tufrepo --home-dir ${GARAGE_SIGN_REPO} |
| 214 | garage-sign targets add --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --name ${OSTREE_BRANCHNAME} --format OSTREE --version ${OSTREE_BRANCHNAME} --length 0 --url "https://example.com/" --sha256 ${ostree_target_hash} --hardwareids ${MACHINE} | 208 | garage-sign targets add --repo tufrepo --home-dir ${GARAGE_SIGN_REPO} --name ${OSTREE_BRANCHNAME} --format OSTREE --version ${ostree_target_hash} --length 0 --url "https://example.com/" --sha256 ${ostree_target_hash} --hardwareids ${MACHINE} |
| 215 | garage-sign targets sign --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --key-name=targets | 209 | garage-sign targets sign --repo tufrepo --home-dir ${GARAGE_SIGN_REPO} --key-name=targets |
| 216 | errcode=0 | 210 | errcode=0 |
| 217 | garage-sign targets push --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} ${reposerver_args} || errcode=$? | 211 | garage-sign targets push --repo tufrepo --home-dir ${GARAGE_SIGN_REPO} || errcode=$? |
| 218 | if [ "$errcode" -eq "0" ]; then | 212 | if [ "$errcode" -eq "0" ]; then |
| 219 | push_success=1 | 213 | push_success=1 |
| 220 | break | 214 | break |
| @@ -227,9 +221,20 @@ IMAGE_CMD_garagesign () { | |||
| 227 | bberror "Couldn't push to garage repository" | 221 | bberror "Couldn't push to garage repository" |
| 228 | exit 1 | 222 | exit 1 |
| 229 | fi | 223 | fi |
| 230 | else | ||
| 231 | bbwarn "SOTA_PACKED_CREDENTIALS not set. Please add SOTA_PACKED_CREDENTIALS." | ||
| 232 | fi | 224 | fi |
| 233 | } | 225 | } |
| 234 | 226 | ||
| 227 | IMAGE_TYPEDEP_garagecheck = "ostreepush garagesign" | ||
| 228 | do_image_garagecheck[depends] += "aktualizr-native:do_populate_sysroot" | ||
| 229 | IMAGE_CMD_garagecheck () { | ||
| 230 | if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then | ||
| 231 | # if credentials are issued by a server that doesn't support offline signing, exit silently | ||
| 232 | unzip -p ${SOTA_PACKED_CREDENTIALS} root.json targets.pub targets.sec tufrepo.url 2>&1 >/dev/null || exit 0 | ||
| 233 | ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME}) | ||
| 234 | |||
| 235 | garage-check --ref=${ostree_target_hash} \ | ||
| 236 | --credentials=${SOTA_PACKED_CREDENTIALS} \ | ||
| 237 | --cacert=${STAGING_ETCDIR_NATIVE}/ssl/certs/ca-certificates.crt | ||
| 238 | fi | ||
| 239 | } | ||
| 235 | # vim:set ts=4 sw=4 sts=4 expandtab: | 240 | # vim:set ts=4 sw=4 sts=4 expandtab: |