diff options
Diffstat (limited to 'recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb')
| -rw-r--r-- | recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb | 41 |
1 files changed, 1 insertions, 40 deletions
diff --git a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb index 83504f1..2763185 100644 --- a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb | |||
| @@ -10,62 +10,23 @@ LICENSE = "MPL-2.0" | |||
| 10 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" | 10 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" |
| 11 | 11 | ||
| 12 | DEPENDS = "aktualizr aktualizr-native openssl-native" | 12 | DEPENDS = "aktualizr aktualizr-native openssl-native" |
| 13 | RDEPENDS_${PN}_append = "${@' aktualizr-ca-implicit-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS', True) == '1' else ''}" | ||
| 13 | 14 | ||
| 14 | SRC_URI = " \ | ||
| 15 | file://ca.cnf \ | ||
| 16 | " | ||
| 17 | PV = "1.0" | 15 | PV = "1.0" |
| 18 | PR = "1" | 16 | PR = "1" |
| 19 | 17 | ||
| 20 | require environment.inc | 18 | require environment.inc |
| 21 | require credentials.inc | 19 | require credentials.inc |
| 22 | 20 | ||
| 23 | export SOTA_CACERT_PATH | ||
| 24 | export SOTA_CAKEY_PATH | ||
| 25 | |||
| 26 | do_install() { | 21 | do_install() { |
| 27 | install -m 0700 -d ${D}${libdir}/sota/conf.d | 22 | install -m 0700 -d ${D}${libdir}/sota/conf.d |
| 28 | 23 | ||
| 29 | if [ -z "${SOTA_PACKED_CREDENTIALS}" ]; then | ||
| 30 | bberror "SOTA_PACKED_CREDENTIALS are required for implicit provisioning" | ||
| 31 | fi | ||
| 32 | |||
| 33 | if [ -z ${SOTA_CACERT_PATH} ]; then | ||
| 34 | SOTA_CACERT_PATH=${DEPLOY_DIR_IMAGE}/CA/cacert.pem | ||
| 35 | SOTA_CAKEY_PATH=${DEPLOY_DIR_IMAGE}/CA/ca.private.pem | ||
| 36 | mkdir -p ${DEPLOY_DIR_IMAGE}/CA | ||
| 37 | bbwarn "SOTA_CACERT_PATH is not specified, use default one at $SOTA_CACERT_PATH" | ||
| 38 | |||
| 39 | if [ ! -f ${SOTA_CACERT_PATH} ]; then | ||
| 40 | bbwarn "${SOTA_CACERT_PATH} does not exist, generate a new CA" | ||
| 41 | SOTA_CACERT_DIR_PATH="$(dirname "$SOTA_CACERT_PATH")" | ||
| 42 | openssl genrsa -out ${SOTA_CACERT_DIR_PATH}/ca.private.pem 4096 | ||
| 43 | openssl req -key ${SOTA_CACERT_DIR_PATH}/ca.private.pem -new -x509 -days 7300 -out ${SOTA_CACERT_PATH} -subj "/C=DE/ST=Berlin/O=Reis und Kichererbsen e.V/commonName=meta-updater" -batch -config ${WORKDIR}/ca.cnf -extensions cacert | ||
| 44 | bbwarn "${SOTA_CACERT_PATH} has been created, you'll need to upload it to the server" | ||
| 45 | fi | ||
| 46 | fi | ||
| 47 | |||
| 48 | if [ -z ${SOTA_CAKEY_PATH} ]; then | ||
| 49 | bberror "SOTA_CAKEY_PATH should be set when using implicit provisioning" | ||
| 50 | fi | ||
| 51 | |||
| 52 | install -m 0700 -d ${D}${localstatedir}/sota | ||
| 53 | install -m 0644 ${STAGING_DIR_HOST}${libdir}/sota/sota_implicit_prov_ca.toml \ | 24 | install -m 0644 ${STAGING_DIR_HOST}${libdir}/sota/sota_implicit_prov_ca.toml \ |
| 54 | ${D}${libdir}/sota/conf.d/20-sota_implicit_prov_ca.toml | 25 | ${D}${libdir}/sota/conf.d/20-sota_implicit_prov_ca.toml |
| 55 | aktualizr_cert_provider --credentials ${SOTA_PACKED_CREDENTIALS} \ | ||
| 56 | --device-ca ${SOTA_CACERT_PATH} \ | ||
| 57 | --device-ca-key ${SOTA_CAKEY_PATH} \ | ||
| 58 | --root-ca \ | ||
| 59 | --server-url \ | ||
| 60 | --local ${D}${localstatedir}/sota \ | ||
| 61 | --config ${STAGING_DIR_HOST}${libdir}/sota/sota_implicit_prov_ca.toml | ||
| 62 | } | 26 | } |
| 63 | 27 | ||
| 64 | FILES_${PN} = " \ | 28 | FILES_${PN} = " \ |
| 65 | ${libdir}/sota/conf.d \ | ||
| 66 | ${libdir}/sota/conf.d/20-sota_implicit_prov_ca.toml \ | 29 | ${libdir}/sota/conf.d/20-sota_implicit_prov_ca.toml \ |
| 67 | ${libdir}/sota/root.crt \ | ||
| 68 | ${localstatedir}/sota/* \ | ||
| 69 | " | 30 | " |
| 70 | 31 | ||
| 71 | # vim:set ts=4 sw=4 sts=4 expandtab: | 32 | # vim:set ts=4 sw=4 sts=4 expandtab: |