1 files changed, 51 insertions, 0 deletions
diff --git a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb
new file mode 100644
index 0000000..a729e6b
--- /dev/null
+++ b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb
@@ -0,0 +1,51 @@
+SUMMARY = "Credentials for implicit provisioning with CA certificate"
+SECTION = "base"
+LICENSE = "MPL-2.0"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad"
+DEPENDS = "aktualizr aktualizr-native"
+ALLOW_EMPTY_${PN} = "1"
+SRC_URI = " \
+  file://ca.cnf \
+  "
+require credentials.inc
+export SOTA_CACERT_PATH
+export SOTA_CAKEY_PATH
+do_install() {
+    if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
+        if [ -z ${SOTA_CACERT_PATH} ]; then
+            SOTA_CACERT_PATH=${DEPLOY_DIR_IMAGE}/CA/cacert.pem
+            SOTA_CAKEY_PATH=${DEPLOY_DIR_IMAGE}/CA/ca.private.pem
+            mkdir -p ${DEPLOY_DIR_IMAGE}/CA
+            bbwarn "SOTA_CACERT_PATH is not specified, use default one at $SOTA_CACERT_PATH"
+            if [ ! -f ${SOTA_CACERT_PATH} ]; then
+                bbwarn "${SOTA_CACERT_PATH} does not exist, generate a new CA"
+                SOTA_CACERT_DIR_PATH="$(dirname "$SOTA_CACERT_PATH")"
+                openssl genrsa -out ${SOTA_CACERT_DIR_PATH}/ca.private.pem 4096
+                openssl req -key ${SOTA_CACERT_DIR_PATH}/ca.private.pem -new -x509 -days 7300 -out ${SOTA_CACERT_PATH} -subj "/C=DE/ST=Berlin/O=Reis und Kichererbsen e.V/commonName=meta-updater" -batch -config ${WORKDIR}/ca.cnf -extensions cacert
+                bbwarn "${SOTA_CACERT_PATH} has been created, you'll need to upload it to the server"
+            fi
+        fi
+        if [ -z ${SOTA_CAKEY_PATH} ]; then
+            bberror "SOTA_CAKEY_PATH should be set when using implicit provisioning"
+        fi
+        install -m 0700 -d ${D}${localstatedir}/sota
+        aktualizr_cert_provider --credentials ${SOTA_PACKED_CREDENTIALS} \
+                                --device-ca ${SOTA_CACERT_PATH} \
+                                --device-ca-key ${SOTA_CAKEY_PATH} \
+                                --root-ca \
+                                --server-url \
+                                --local ${D} \
+                                --config ${STAGING_DIR_HOST}${libdir}/sota/sota_implicit_prov_ca.toml
+    fi
+}
+FILES_${PN} = " \
+                ${localstatedir}/sota/*"

diff --git a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb new file mode 100644 index 0000000..a729e6b --- /dev/null +++ b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb
@@ -0,0 +1,51 @@
	1	SUMMARY = "Credentials for implicit provisioning with CA certificate"
	2	SECTION = "base"
	3	LICENSE = "MPL-2.0"
	4	LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad"
	5
	6	DEPENDS = "aktualizr aktualizr-native"
	7	ALLOW_EMPTY_${PN} = "1"
	8
	9	SRC_URI = " \
	10	file://ca.cnf \
	11	"
	12
	13	require credentials.inc
	14
	15	export SOTA_CACERT_PATH
	16	export SOTA_CAKEY_PATH
	17
	18	do_install() {
	19	if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
	20	if [ -z ${SOTA_CACERT_PATH} ]; then
	21	SOTA_CACERT_PATH=${DEPLOY_DIR_IMAGE}/CA/cacert.pem
	22	SOTA_CAKEY_PATH=${DEPLOY_DIR_IMAGE}/CA/ca.private.pem
	23	mkdir -p ${DEPLOY_DIR_IMAGE}/CA
	24	bbwarn "SOTA_CACERT_PATH is not specified, use default one at $SOTA_CACERT_PATH"
	25
	26	if [ ! -f ${SOTA_CACERT_PATH} ]; then
	27	bbwarn "${SOTA_CACERT_PATH} does not exist, generate a new CA"
	28	SOTA_CACERT_DIR_PATH="$(dirname "$SOTA_CACERT_PATH")"
	29	openssl genrsa -out ${SOTA_CACERT_DIR_PATH}/ca.private.pem 4096
	30	openssl req -key ${SOTA_CACERT_DIR_PATH}/ca.private.pem -new -x509 -days 7300 -out ${SOTA_CACERT_PATH} -subj "/C=DE/ST=Berlin/O=Reis und Kichererbsen e.V/commonName=meta-updater" -batch -config ${WORKDIR}/ca.cnf -extensions cacert
	31	bbwarn "${SOTA_CACERT_PATH} has been created, you'll need to upload it to the server"
	32	fi
	33	fi
	34
	35	if [ -z ${SOTA_CAKEY_PATH} ]; then
	36	bberror "SOTA_CAKEY_PATH should be set when using implicit provisioning"
	37	fi
	38
	39	install -m 0700 -d ${D}${localstatedir}/sota
	40	aktualizr_cert_provider --credentials ${SOTA_PACKED_CREDENTIALS} \
	41	--device-ca ${SOTA_CACERT_PATH} \
	42	--device-ca-key ${SOTA_CAKEY_PATH} \
	43	--root-ca \
	44	--server-url \
	45	--local ${D} \
	46	--config ${STAGING_DIR_HOST}${libdir}/sota/sota_implicit_prov_ca.toml
	47	fi
	48	}
	49
	50	FILES_${PN} = " \
	51	${localstatedir}/sota/*"