diff options
Diffstat (limited to 'recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb')
-rw-r--r-- | recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb | 46 |
1 files changed, 3 insertions, 43 deletions
diff --git a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb index 1ad561c..2763185 100644 --- a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb | |||
@@ -9,64 +9,24 @@ SECTION = "base" | |||
9 | LICENSE = "MPL-2.0" | 9 | LICENSE = "MPL-2.0" |
10 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" | 10 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" |
11 | 11 | ||
12 | DEPENDS = "aktualizr-native openssl-native" | 12 | DEPENDS = "aktualizr aktualizr-native openssl-native" |
13 | RDEPENDS_${PN} = "aktualizr" | 13 | RDEPENDS_${PN}_append = "${@' aktualizr-ca-implicit-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS', True) == '1' else ''}" |
14 | 14 | ||
15 | SRC_URI = " \ | ||
16 | file://ca.cnf \ | ||
17 | " | ||
18 | PV = "1.0" | 15 | PV = "1.0" |
19 | PR = "1" | 16 | PR = "1" |
20 | 17 | ||
21 | require environment.inc | 18 | require environment.inc |
22 | require credentials.inc | 19 | require credentials.inc |
23 | 20 | ||
24 | export SOTA_CACERT_PATH | ||
25 | export SOTA_CAKEY_PATH | ||
26 | |||
27 | do_install() { | 21 | do_install() { |
28 | install -m 0700 -d ${D}${libdir}/sota/conf.d | 22 | install -m 0700 -d ${D}${libdir}/sota/conf.d |
29 | 23 | ||
30 | if [ -z "${SOTA_PACKED_CREDENTIALS}" ]; then | 24 | install -m 0644 ${STAGING_DIR_HOST}${libdir}/sota/sota_implicit_prov_ca.toml \ |
31 | bberror "SOTA_PACKED_CREDENTIALS are required for implicit provisioning" | ||
32 | fi | ||
33 | |||
34 | if [ -z ${SOTA_CACERT_PATH} ]; then | ||
35 | SOTA_CACERT_PATH=${DEPLOY_DIR_IMAGE}/CA/cacert.pem | ||
36 | SOTA_CAKEY_PATH=${DEPLOY_DIR_IMAGE}/CA/ca.private.pem | ||
37 | mkdir -p ${DEPLOY_DIR_IMAGE}/CA | ||
38 | bbwarn "SOTA_CACERT_PATH is not specified, use default one at $SOTA_CACERT_PATH" | ||
39 | |||
40 | if [ ! -f ${SOTA_CACERT_PATH} ]; then | ||
41 | bbwarn "${SOTA_CACERT_PATH} does not exist, generate a new CA" | ||
42 | SOTA_CACERT_DIR_PATH="$(dirname "$SOTA_CACERT_PATH")" | ||
43 | openssl genrsa -out ${SOTA_CACERT_DIR_PATH}/ca.private.pem 4096 | ||
44 | openssl req -key ${SOTA_CACERT_DIR_PATH}/ca.private.pem -new -x509 -days 7300 -out ${SOTA_CACERT_PATH} -subj "/C=DE/ST=Berlin/O=Reis und Kichererbsen e.V/commonName=meta-updater" -batch -config ${WORKDIR}/ca.cnf -extensions cacert | ||
45 | bbwarn "${SOTA_CACERT_PATH} has been created, you'll need to upload it to the server" | ||
46 | fi | ||
47 | fi | ||
48 | |||
49 | if [ -z ${SOTA_CAKEY_PATH} ]; then | ||
50 | bberror "SOTA_CAKEY_PATH should be set when using implicit provisioning" | ||
51 | fi | ||
52 | |||
53 | install -m 0700 -d ${D}${localstatedir}/sota | ||
54 | install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov_ca.toml \ | ||
55 | ${D}${libdir}/sota/conf.d/20-sota_implicit_prov_ca.toml | 25 | ${D}${libdir}/sota/conf.d/20-sota_implicit_prov_ca.toml |
56 | aktualizr_cert_provider --credentials ${SOTA_PACKED_CREDENTIALS} \ | ||
57 | --device-ca ${SOTA_CACERT_PATH} \ | ||
58 | --device-ca-key ${SOTA_CAKEY_PATH} \ | ||
59 | --root-ca \ | ||
60 | --server-url \ | ||
61 | --local ${D}${localstatedir}/sota \ | ||
62 | --config ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov_ca.toml | ||
63 | } | 26 | } |
64 | 27 | ||
65 | FILES_${PN} = " \ | 28 | FILES_${PN} = " \ |
66 | ${libdir}/sota/conf.d \ | ||
67 | ${libdir}/sota/conf.d/20-sota_implicit_prov_ca.toml \ | 29 | ${libdir}/sota/conf.d/20-sota_implicit_prov_ca.toml \ |
68 | ${libdir}/sota/root.crt \ | ||
69 | ${localstatedir}/sota/* \ | ||
70 | " | 30 | " |
71 | 31 | ||
72 | # vim:set ts=4 sw=4 sts=4 expandtab: | 32 | # vim:set ts=4 sw=4 sts=4 expandtab: |