1 files changed, 0 insertions, 67 deletions
diff --git a/recipes-sota/aktualizr/aktualizr-device-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-device-prov-creds.bb
deleted file mode 100644
index a3c7d66..0000000
--- a/recipes-sota/aktualizr/aktualizr-device-prov-creds.bb
+++ /dev/null
@@ -1,67 +0,0 @@
-SUMMARY = "Credentials for device provisioning with fleet CA certificate"
-HOMEPAGE = "https://github.com/advancedtelematic/aktualizr"
-SECTION = "base"
-LICENSE = "MPL-2.0"
-LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad"
-inherit allarch
-# WARNING: This is NOT an ideal solution. The secure way to provision devices
-# is to create certificate request directly on the device (either with HSM/TPM
-# or with software) and then sign it with a CA stored on a disconnected machine.
-# We need to get the config files from the aktualizr-host-tools package built by
-# the aktualizr (target) recipe.
-DEPENDS = "aktualizr aktualizr-native openssl-native"
-ALLOW_EMPTY_${PN} = "1"
-# If the config file from aktualizr used here is changed, you will need to bump
-# the version here because of SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS!
-PV = "1.0"
-PR = "1"
-SRC_URI = " \
-            file://ca.cnf \
-            "
-require credentials.inc
-export SOTA_CACERT_PATH
-export SOTA_CAKEY_PATH
-do_install() {
-    if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
-        if [ -z ${SOTA_CACERT_PATH} ]; then
-            SOTA_CACERT_PATH=${DEPLOY_DIR_IMAGE}/CA/cacert.pem
-            SOTA_CAKEY_PATH=${DEPLOY_DIR_IMAGE}/CA/ca.private.pem
-            mkdir -p ${DEPLOY_DIR_IMAGE}/CA
-            bbwarn "SOTA_CACERT_PATH is not specified, use default one at ${SOTA_CACERT_PATH}"
-            if [ ! -f ${SOTA_CACERT_PATH} ]; then
-                bbwarn "${SOTA_CACERT_PATH} does not exist, generate a new CA"
-                SOTA_CACERT_DIR_PATH="$(dirname "${SOTA_CACERT_PATH}")"
-                openssl genrsa -out ${SOTA_CACERT_DIR_PATH}/ca.private.pem 4096
-                openssl req -key ${SOTA_CACERT_DIR_PATH}/ca.private.pem -new -x509 -days 7300 -out ${SOTA_CACERT_PATH} -subj "/C=DE/ST=Berlin/O=Reis und Kichererbsen e.V/commonName=meta-updater" -batch -config ${WORKDIR}/ca.cnf -extensions cacert
-                bbwarn "${SOTA_CACERT_PATH} has been created, you'll need to upload it to the server"
-            fi
-        fi
-        if [ -z ${SOTA_CAKEY_PATH} ]; then
-            bbfatal "SOTA_CAKEY_PATH should be set when using device credential provisioning"
-        fi
-        install -m 0700 -d ${D}${localstatedir}/sota
-        aktualizr-cert-provider --credentials ${SOTA_PACKED_CREDENTIALS} \
-                                --fleet-ca ${SOTA_CACERT_PATH} \
-                                --fleet-ca-key ${SOTA_CAKEY_PATH} \
-                                --root-ca \
-                                --server-url \
-                                --local ${D} \
-                                --config ${STAGING_DIR_HOST}${libdir}/sota/sota-device-cred.toml
-    fi
-}
-FILES_${PN} = " \
-                ${localstatedir}/sota/*"
-# vim:set ts=4 sw=4 sts=4 expandtab:

diff --git a/recipes-sota/aktualizr/aktualizr-device-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-device-prov-creds.bb deleted file mode 100644 index a3c7d66..0000000 --- a/recipes-sota/aktualizr/aktualizr-device-prov-creds.bb +++ /dev/null
@@ -1,67 +0,0 @@
1	SUMMARY = "Credentials for device provisioning with fleet CA certificate"
2	HOMEPAGE = "https://github.com/advancedtelematic/aktualizr"
3	SECTION = "base"
4	LICENSE = "MPL-2.0"
5	LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad"
6
7	inherit allarch
8
9	# WARNING: This is NOT an ideal solution. The secure way to provision devices
10	# is to create certificate request directly on the device (either with HSM/TPM
11	# or with software) and then sign it with a CA stored on a disconnected machine.
12
13	# We need to get the config files from the aktualizr-host-tools package built by
14	# the aktualizr (target) recipe.
15	DEPENDS = "aktualizr aktualizr-native openssl-native"
16	ALLOW_EMPTY_${PN} = "1"
17
18	# If the config file from aktualizr used here is changed, you will need to bump
19	# the version here because of SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS!
20	PV = "1.0"
21	PR = "1"
22
23	SRC_URI = " \
24	file://ca.cnf \
25	"
26
27	require credentials.inc
28
29	export SOTA_CACERT_PATH
30	export SOTA_CAKEY_PATH
31
32	do_install() {
33	if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
34	if [ -z ${SOTA_CACERT_PATH} ]; then
35	SOTA_CACERT_PATH=${DEPLOY_DIR_IMAGE}/CA/cacert.pem
36	SOTA_CAKEY_PATH=${DEPLOY_DIR_IMAGE}/CA/ca.private.pem
37	mkdir -p ${DEPLOY_DIR_IMAGE}/CA
38	bbwarn "SOTA_CACERT_PATH is not specified, use default one at ${SOTA_CACERT_PATH}"
39
40	if [ ! -f ${SOTA_CACERT_PATH} ]; then
41	bbwarn "${SOTA_CACERT_PATH} does not exist, generate a new CA"
42	SOTA_CACERT_DIR_PATH="$(dirname "${SOTA_CACERT_PATH}")"
43	openssl genrsa -out ${SOTA_CACERT_DIR_PATH}/ca.private.pem 4096
44	openssl req -key ${SOTA_CACERT_DIR_PATH}/ca.private.pem -new -x509 -days 7300 -out ${SOTA_CACERT_PATH} -subj "/C=DE/ST=Berlin/O=Reis und Kichererbsen e.V/commonName=meta-updater" -batch -config ${WORKDIR}/ca.cnf -extensions cacert
45	bbwarn "${SOTA_CACERT_PATH} has been created, you'll need to upload it to the server"
46	fi
47	fi
48
49	if [ -z ${SOTA_CAKEY_PATH} ]; then
50	bbfatal "SOTA_CAKEY_PATH should be set when using device credential provisioning"
51	fi
52
53	install -m 0700 -d ${D}${localstatedir}/sota
54	aktualizr-cert-provider --credentials ${SOTA_PACKED_CREDENTIALS} \
55	--fleet-ca ${SOTA_CACERT_PATH} \
56	--fleet-ca-key ${SOTA_CAKEY_PATH} \
57	--root-ca \
58	--server-url \
59	--local ${D} \
60	--config ${STAGING_DIR_HOST}${libdir}/sota/sota-device-cred.toml
61	fi
62	}
63
64	FILES_${PN} = " \
65	${localstatedir}/sota/*"
66
67	# vim:set ts=4 sw=4 sts=4 expandtab: