diff options
Diffstat (limited to 'recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb')
-rw-r--r-- | recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb index 319074e..4d5ff79 100644 --- a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb | |||
@@ -1,5 +1,5 @@ | |||
1 | SUMMARY = "Aktualizr configuration for implicit provisioning with CA" | 1 | SUMMARY = "Aktualizr configuration for implicit provisioning with CA" |
2 | DESCRIPTION = "Systemd service and configurations for implicitly provisioning Aktualizr using externally provided or generated CA" | 2 | DESCRIPTION = "Configuration for implicitly provisioning Aktualizr using externally provided or generated CA" |
3 | 3 | ||
4 | # WARNING: it is NOT a production solution. The secure way to provision devices is to create certificate request directly on the device | 4 | # WARNING: it is NOT a production solution. The secure way to provision devices is to create certificate request directly on the device |
5 | # (either with HSM/TPM or with software) and then sign it with a CA stored on a disconnected machine | 5 | # (either with HSM/TPM or with software) and then sign it with a CA stored on a disconnected machine |
@@ -36,7 +36,7 @@ do_install() { | |||
36 | SOTA_CACERT_PATH=${DEPLOY_DIR_IMAGE}/CA/cacert.pem | 36 | SOTA_CACERT_PATH=${DEPLOY_DIR_IMAGE}/CA/cacert.pem |
37 | SOTA_CAKEY_PATH=${DEPLOY_DIR_IMAGE}/CA/ca.private.pem | 37 | SOTA_CAKEY_PATH=${DEPLOY_DIR_IMAGE}/CA/ca.private.pem |
38 | mkdir -p ${DEPLOY_DIR_IMAGE}/CA | 38 | mkdir -p ${DEPLOY_DIR_IMAGE}/CA |
39 | bbwarn "SOTA_CACERT_PATH is not specified, use default one at $SOTA_CACERT_PATH" | 39 | bbwarn "SOTA_CACERT_PATH is not specified, use default one at $SOTA_CACERT_PATH" |
40 | 40 | ||
41 | if [ ! -f ${SOTA_CACERT_PATH} ]; then | 41 | if [ ! -f ${SOTA_CACERT_PATH} ]; then |
42 | bbwarn "${SOTA_CACERT_PATH} does not exist, generate a new CA" | 42 | bbwarn "${SOTA_CACERT_PATH} does not exist, generate a new CA" |
@@ -52,19 +52,20 @@ do_install() { | |||
52 | fi | 52 | fi |
53 | 53 | ||
54 | install -m 0700 -d ${D}${localstatedir}/sota | 54 | install -m 0700 -d ${D}${localstatedir}/sota |
55 | install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov_ca.toml ${D}${libdir}/sota/conf.d/20-sota.toml | 55 | install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov_ca.toml \ |
56 | ${D}${libdir}/sota/conf.d/20-sota_implicit_prov_ca.toml | ||
56 | aktualizr_cert_provider --credentials ${SOTA_PACKED_CREDENTIALS} \ | 57 | aktualizr_cert_provider --credentials ${SOTA_PACKED_CREDENTIALS} \ |
57 | --device-ca ${SOTA_CACERT_PATH} \ | 58 | --device-ca ${SOTA_CACERT_PATH} \ |
58 | --device-ca-key ${SOTA_CAKEY_PATH} \ | 59 | --device-ca-key ${SOTA_CAKEY_PATH} \ |
59 | --root-ca \ | 60 | --root-ca \ |
60 | --server-url \ | 61 | --server-url \ |
61 | --local ${D}${localstatedir}/sota \ | 62 | --local ${D}${localstatedir}/sota \ |
62 | --config ${D}${libdir}/sota/conf.d/20-sota.toml | 63 | --config ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov_ca.toml |
63 | } | 64 | } |
64 | 65 | ||
65 | FILES_${PN} = " \ | 66 | FILES_${PN} = " \ |
66 | ${libdir}/sota/conf.d \ | 67 | ${libdir}/sota/conf.d \ |
67 | ${libdir}/sota/conf.d/20-sota.toml \ | 68 | ${libdir}/sota/conf.d/20-sota_implicit_prov_ca.toml \ |
68 | ${libdir}/sota/root.crt \ | 69 | ${libdir}/sota/root.crt \ |
69 | ${localstatedir}/sota/* \ | 70 | ${localstatedir}/sota/* \ |
70 | " | 71 | " |