diff options
Diffstat (limited to 'recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb')
| -rw-r--r-- | recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb index 319074e..4d5ff79 100644 --- a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb | |||
| @@ -1,5 +1,5 @@ | |||
| 1 | SUMMARY = "Aktualizr configuration for implicit provisioning with CA" | 1 | SUMMARY = "Aktualizr configuration for implicit provisioning with CA" |
| 2 | DESCRIPTION = "Systemd service and configurations for implicitly provisioning Aktualizr using externally provided or generated CA" | 2 | DESCRIPTION = "Configuration for implicitly provisioning Aktualizr using externally provided or generated CA" |
| 3 | 3 | ||
| 4 | # WARNING: it is NOT a production solution. The secure way to provision devices is to create certificate request directly on the device | 4 | # WARNING: it is NOT a production solution. The secure way to provision devices is to create certificate request directly on the device |
| 5 | # (either with HSM/TPM or with software) and then sign it with a CA stored on a disconnected machine | 5 | # (either with HSM/TPM or with software) and then sign it with a CA stored on a disconnected machine |
| @@ -36,7 +36,7 @@ do_install() { | |||
| 36 | SOTA_CACERT_PATH=${DEPLOY_DIR_IMAGE}/CA/cacert.pem | 36 | SOTA_CACERT_PATH=${DEPLOY_DIR_IMAGE}/CA/cacert.pem |
| 37 | SOTA_CAKEY_PATH=${DEPLOY_DIR_IMAGE}/CA/ca.private.pem | 37 | SOTA_CAKEY_PATH=${DEPLOY_DIR_IMAGE}/CA/ca.private.pem |
| 38 | mkdir -p ${DEPLOY_DIR_IMAGE}/CA | 38 | mkdir -p ${DEPLOY_DIR_IMAGE}/CA |
| 39 | bbwarn "SOTA_CACERT_PATH is not specified, use default one at $SOTA_CACERT_PATH" | 39 | bbwarn "SOTA_CACERT_PATH is not specified, use default one at $SOTA_CACERT_PATH" |
| 40 | 40 | ||
| 41 | if [ ! -f ${SOTA_CACERT_PATH} ]; then | 41 | if [ ! -f ${SOTA_CACERT_PATH} ]; then |
| 42 | bbwarn "${SOTA_CACERT_PATH} does not exist, generate a new CA" | 42 | bbwarn "${SOTA_CACERT_PATH} does not exist, generate a new CA" |
| @@ -52,19 +52,20 @@ do_install() { | |||
| 52 | fi | 52 | fi |
| 53 | 53 | ||
| 54 | install -m 0700 -d ${D}${localstatedir}/sota | 54 | install -m 0700 -d ${D}${localstatedir}/sota |
| 55 | install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov_ca.toml ${D}${libdir}/sota/conf.d/20-sota.toml | 55 | install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov_ca.toml \ |
| 56 | ${D}${libdir}/sota/conf.d/20-sota_implicit_prov_ca.toml | ||
| 56 | aktualizr_cert_provider --credentials ${SOTA_PACKED_CREDENTIALS} \ | 57 | aktualizr_cert_provider --credentials ${SOTA_PACKED_CREDENTIALS} \ |
| 57 | --device-ca ${SOTA_CACERT_PATH} \ | 58 | --device-ca ${SOTA_CACERT_PATH} \ |
| 58 | --device-ca-key ${SOTA_CAKEY_PATH} \ | 59 | --device-ca-key ${SOTA_CAKEY_PATH} \ |
| 59 | --root-ca \ | 60 | --root-ca \ |
| 60 | --server-url \ | 61 | --server-url \ |
| 61 | --local ${D}${localstatedir}/sota \ | 62 | --local ${D}${localstatedir}/sota \ |
| 62 | --config ${D}${libdir}/sota/conf.d/20-sota.toml | 63 | --config ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov_ca.toml |
| 63 | } | 64 | } |
| 64 | 65 | ||
| 65 | FILES_${PN} = " \ | 66 | FILES_${PN} = " \ |
| 66 | ${libdir}/sota/conf.d \ | 67 | ${libdir}/sota/conf.d \ |
| 67 | ${libdir}/sota/conf.d/20-sota.toml \ | 68 | ${libdir}/sota/conf.d/20-sota_implicit_prov_ca.toml \ |
| 68 | ${libdir}/sota/root.crt \ | 69 | ${libdir}/sota/root.crt \ |
| 69 | ${localstatedir}/sota/* \ | 70 | ${localstatedir}/sota/* \ |
| 70 | " | 71 | " |