7 files changed, 68 insertions, 43 deletions
diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov.bb b/recipes-sota/aktualizr/aktualizr-auto-prov.bb
index 07e5bb8..8deee7e 100644
--- a/recipes-sota/aktualizr/aktualizr-auto-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-auto-prov.bb
@@ -16,8 +16,6 @@ SRC_URI = " \
 require environment.inc
 require credentials.inc
-export SOTA_PACKED_CREDENTIALS
 do_install() {
    if [ -n "${SOTA_AUTOPROVISION_CREDENTIALS}" ]; then
        bbwarn "SOTA_AUTOPROVISION_CREDENTIALS are ignored. Please use SOTA_PACKED_CREDENTIALS"
@@ -32,12 +30,12 @@ do_install() {
        bbwarn "OSTREE_PUSH_CREDENTIALS is ignored. Please use SOTA_PACKED_CREDENTIALS"
    fi
-    install -d ${D}${libdir}/sota
+    install -m 0700 -d ${D}${libdir}/sota/conf.d
-    install -d ${D}${localstatedir}/sota
+    install -m 0700 -d ${D}${localstatedir}/sota
    if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
        aktualizr_toml=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-network', 'sota_autoprov_primary.toml', 'sota_autoprov.toml', d)}
-        install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/${aktualizr_toml} ${D}${libdir}/sota/sota.toml
+        install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/${aktualizr_toml} ${D}${libdir}/sota/conf.d/20-sota.toml
        # deploy SOTA credentials
        if [ -e ${SOTA_PACKED_CREDENTIALS} ]; then
@@ -49,7 +47,8 @@ do_install() {
 }
 FILES_${PN} = " \
-                ${libdir}/sota/sota.toml \
+                ${libdir}/sota/conf.d \
+                ${libdir}/sota/conf.d/20-sota.toml \
                ${localstatedir}/sota \
                ${localstatedir}/sota/sota_provisioning_credentials.zip \
                "
diff --git a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb
index 51e313d..319074e 100644
--- a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb
@@ -26,7 +26,7 @@ export SOTA_CACERT_PATH
 export SOTA_CAKEY_PATH
 do_install() {
-    install -d ${D}${libdir}/sota
+    install -m 0700 -d ${D}${libdir}/sota/conf.d
    if [ -z "${SOTA_PACKED_CREDENTIALS}" ]; then
        bberror "SOTA_PACKED_CREDENTIALS are required for implicit provisioning"
@@ -51,22 +51,22 @@ do_install() {
        bberror "SOTA_CAKEY_PATH should be set when using implicit provisioning"
    fi
-    install -d ${D}${libdir}/sota
+    install -m 0700 -d ${D}${localstatedir}/sota
-    install -d ${D}${localstatedir}/sota
+    install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov_ca.toml ${D}${libdir}/sota/conf.d/20-sota.toml
-    install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov_ca.toml ${D}${libdir}/sota/sota.toml
    aktualizr_cert_provider --credentials ${SOTA_PACKED_CREDENTIALS} \
                            --device-ca ${SOTA_CACERT_PATH} \
                            --device-ca-key ${SOTA_CAKEY_PATH} \
                            --root-ca \
                            --server-url \
                            --local ${D}${localstatedir}/sota \
-                            --config ${D}${libdir}/sota/sota.toml
+                            --config ${D}${libdir}/sota/conf.d/20-sota.toml
 }
 FILES_${PN} = " \
-                ${localstatedir}/sota/* \
+                ${libdir}/sota/conf.d \
-                ${libdir}/sota/sota.toml \
+                ${libdir}/sota/conf.d/20-sota.toml \
                ${libdir}/sota/root.crt \
+                ${localstatedir}/sota/* \
                "
 # vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/recipes-sota/aktualizr/aktualizr-hsm-prov.bb b/recipes-sota/aktualizr/aktualizr-hsm-prov.bb
index 5f8da3c..504f0d8 100644
--- a/recipes-sota/aktualizr/aktualizr-hsm-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-hsm-prov.bb
@@ -18,15 +18,16 @@ require environment.inc
 require credentials.inc
 do_install() {
-    install -d ${D}${libdir}/sota
+    install -m 0700 -d ${D}${libdir}/sota/conf.d
    if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
        aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} --no-root-ca \
-            -i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_hsm_prov.toml -o ${D}${libdir}/sota/sota.toml -p ${D}
+            -i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_hsm_prov.toml -o ${D}${libdir}/sota/conf.d/20-sota.toml -p ${D}
    fi
 }
 FILES_${PN} = " \
-                ${libdir}/sota/sota.toml \
+                ${libdir}/sota/conf.d \
+                ${libdir}/sota/conf.d/20-sota.toml \
                "
 # vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
index cf3d22c..dcfaffb 100644
--- a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
@@ -18,15 +18,16 @@ require environment.inc
 require credentials.inc
 do_install() {
-    install -d ${D}${libdir}/sota
+    install -m 0700 -d ${D}${libdir}/sota/conf.d
    if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
        aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} \
-            -i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov.toml -o ${D}${libdir}/sota/sota.toml -p ${D}
+            -i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov.toml -o ${D}${libdir}/sota/conf.d/20-sota.toml -p ${D}
    fi
 }
 FILES_${PN} = " \
-                ${libdir}/sota/sota.toml \
+                ${libdir}/sota/conf.d \
+                ${libdir}/sota/conf.d/20-sota.toml \
                ${libdir}/sota/root.crt \
                "
diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb
index 94a610c..2c0d59f 100644..100755
--- a/recipes-sota/aktualizr/aktualizr_git.bb
+++ b/recipes-sota/aktualizr/aktualizr_git.bb
@@ -5,7 +5,7 @@ SECTION = "base"
 LICENSE = "MPL-2.0"
 LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=9741c346eef56131163e13b9db1241b3"
-DEPENDS = "boost curl openssl libarchive libsodium asn1c-native "
+DEPENDS = "boost curl openssl libarchive libsodium asn1c-native sqlite3 "
 DEPENDS_append_class-target = "ostree ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', ' libp11', '', d)} "
 DEPENDS_append_class-native = "glib-2.0-native "
@@ -22,7 +22,7 @@ SRC_URI = " \
  file://aktualizr-secondary.socket \
  file://aktualizr-serialcan.service \
  "
-SRCREV = "930d8eef6eb584686654601c056d7c9c6fca3048"
+SRCREV = "3b89858cf8ce9a8331cc4e6a5d2b5783d2eb7ae9"
 BRANCH ?= "master"
 S = "${WORKDIR}/git"
@@ -37,9 +37,20 @@ SYSTEMD_SERVICE_${PN}-secondary = "aktualizr-secondary.socket"
 BBCLASSEXTEND =+ "native"
-EXTRA_OECMAKE = "-DWARNING_AS_ERROR=OFF -DCMAKE_BUILD_TYPE=Release -DAKTUALIZR_VERSION=${PV} "
+require garage-sign-version.inc
-EXTRA_OECMAKE_append_class-target = " -DBUILD_OSTREE=ON -DBUILD_ISOTP=ON ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', '-DBUILD_P11=ON', '', d)} "
-EXTRA_OECMAKE_append_class-native = " -DBUILD_SOTA_TOOLS=ON -DBUILD_OSTREE=OFF -DBUILD_SYSTEMD=OFF "
+EXTRA_OECMAKE = "-DWARNING_AS_ERROR=OFF \
+                 -DCMAKE_BUILD_TYPE=Release \
+                 -DAKTUALIZR_VERSION=${PV} \
+                 -DBUILD_LOAD_TESTS=OFF"
+EXTRA_OECMAKE_append_class-target = " -DBUILD_OSTREE=ON \
+                                      -DBUILD_ISOTP=ON \
+                                      ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', '-DBUILD_P11=ON', '', d)} "
+EXTRA_OECMAKE_append_class-native = " -DBUILD_SOTA_TOOLS=ON \
+                                      -DBUILD_OSTREE=OFF \
+                                      -DBUILD_SYSTEMD=OFF \
+                                      -DGARAGE_SIGN_VERSION=${GARAGE_SIGN_VERSION} \
+                                      -DGARAGE_SIGN_SHA256=${GARAGE_SIGN_SHA256}"
 do_install_append () {
    rm -fr ${D}${libdir}/systemd
@@ -54,30 +65,30 @@ do_install_append () {
    install -d ${D}${systemd_unitdir}/system
    install -m 0644 ${WORKDIR}/aktualizr-secondary.socket ${D}${systemd_unitdir}/system/aktualizr-secondary.socket
    install -m 0644 ${WORKDIR}/aktualizr-secondary.service ${D}${systemd_unitdir}/system/aktualizr-secondary.service
+    install -m 0700 -d ${D}${libdir}/sota/conf.d
+    install -m 0700 -d ${D}${sysconfdir}/sota/conf.d
 }
 do_install_append_class-target () {
-    install -d ${D}${systemd_unitdir}/system
+    install -m 0755 -d ${D}${systemd_unitdir}/system
    aktualizr_service=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'serialcan', '${WORKDIR}/aktualizr-serialcan.service', '${WORKDIR}/aktualizr.service', d)}
    install -m 0644 ${aktualizr_service} ${D}${systemd_unitdir}/system/aktualizr.service
 }
 do_install_append_class-native () {
-    install -m 0755 ${B}/src/sota_tools/garage-sign-prefix/src/garage-sign/bin/* ${D}${bindir}
+    install -m 0755 ${B}/src/sota_tools/garage-sign/bin/* ${D}${bindir}
-    install -m 0644 ${B}/src/sota_tools/garage-sign-prefix/src/garage-sign/lib/* ${D}${libdir}
+    install -m 0644 ${B}/src/sota_tools/garage-sign/lib/* ${D}${libdir}
 }
-PACKAGES =+ " ${PN}-common ${PN}-examples ${PN}-host-tools ${PN}-secondary "
+PACKAGES =+ " ${PN}-examples ${PN}-host-tools ${PN}-secondary "
 FILES_${PN} = " \
                ${bindir}/aktualizr \
                ${bindir}/aktualizr-info \
                ${bindir}/aktualizr-check-discovery \
                ${systemd_unitdir}/system/aktualizr.service \
-                "
+                ${libdir}/sota/conf.d \
+                ${sysconfdir}/sota/conf.d \
-FILES_${PN}-common = " \
-                ${libdir}/sota/schemas \
                "
 FILES_${PN}-examples = " \
@@ -105,8 +116,4 @@ FILES_${PN}-secondary = " \
                ${systemd_unitdir}/system/aktualizr-secondary.service \
                "
-# Both primary and secondary need the SQL Schemas
-RDEPENDS_${PN}_class-target =+ "${PN}-common"
-RDEPENDS_${PN}-secondary_class-target =+ "${PN}-common"
 # vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/recipes-sota/aktualizr/environment.inc b/recipes-sota/aktualizr/environment.inc
index 09da6b7..16e789e 100644
--- a/recipes-sota/aktualizr/environment.inc
+++ b/recipes-sota/aktualizr/environment.inc
@@ -1,17 +1,11 @@
-export SOTA_LEGACY_SECONDARY_INTERFACE
 export SOTA_VIRTUAL_SECONDARIES
 do_install_append() {
-  if [ -n "${SOTA_LEGACY_SECONDARY_INTERFACE}" ]; then
-    AKTUALIZR_PARAMETERS_LEGACYSEC="--legacy-interface ${SOTA_LEGACY_SECONDARY_INTERFACE}"
-  fi
-  AKTUALIZR_PARAMETERS_CONFIGFILE="--config /usr/lib/sota/sota.toml"
  for sec in ${SOTA_VIRTUAL_SECONDARIES}; do
    AKTUALIZR_PARAMETERS_VIRTUALSECS="${AKTUALIZR_PARAMETERS_VIRTUALSECS} --secondary-config $sec"
  done
-  echo "AKTUALIZR_CMDLINE_PARAMETERS=${AKTUALIZR_PARAMETERS_CONFIGFILE} ${AKTUALIZR_PARAMETERS_LEGACYSEC} ${AKTUALIZR_PARAMETERS_VIRTUALSECS}" > ${D}${libdir}/sota/sota.env
+  echo "AKTUALIZR_CMDLINE_PARAMETERS=${AKTUALIZR_PARAMETERS_VIRTUALSECS}" > ${D}${libdir}/sota/sota.env
 }
 FILES_${PN}_append = " ${libdir}/sota/sota.env"
diff --git a/recipes-sota/aktualizr/garage-sign-version.inc b/recipes-sota/aktualizr/garage-sign-version.inc
new file mode 100644
index 0000000..66e3ffd
--- /dev/null
+++ b/recipes-sota/aktualizr/garage-sign-version.inc
@@ -0,0 +1,23 @@
+python () {
+    if d.getVar("GARAGE_SIGN_VERSION", True) or not d.getVar("SOTA_PACKED_CREDENTIALS", True):
+        return
+    import json
+    import urllib.request
+    import zipfile
+    with zipfile.ZipFile(d.getVar("SOTA_PACKED_CREDENTIALS", True), 'r') as zip_ref:
+        try:
+            with zip_ref.open('tufrepo.url', mode='r') as url_file:
+                url = url_file.read().decode() + '/health/version'
+        except (KeyError, ValueError, RuntimeError):
+            return
+    r = urllib.request.urlopen(url)
+    if r.code != 200:
+        return
+    resp = r.read().decode('utf-8')
+    j = json.loads(resp)
+    version = 'cli-' + j['version'] + '.tgz'
+    d.setVar("GARAGE_SIGN_VERSION", version)
+}
+# vim:set ts=4 sw=4 sts=4 expandtab:

diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov.bb b/recipes-sota/aktualizr/aktualizr-auto-prov.bb index 07e5bb8..8deee7e 100644 --- a/recipes-sota/aktualizr/aktualizr-auto-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-auto-prov.bb
@@ -16,8 +16,6 @@ SRC_URI = " \
16	require environment.inc	16	require environment.inc
17	require credentials.inc	17	require credentials.inc
18		18
19	export SOTA_PACKED_CREDENTIALS
20
21	do_install() {	19	do_install() {
22	if [ -n "${SOTA_AUTOPROVISION_CREDENTIALS}" ]; then	20	if [ -n "${SOTA_AUTOPROVISION_CREDENTIALS}" ]; then
23	bbwarn "SOTA_AUTOPROVISION_CREDENTIALS are ignored. Please use SOTA_PACKED_CREDENTIALS"	21	bbwarn "SOTA_AUTOPROVISION_CREDENTIALS are ignored. Please use SOTA_PACKED_CREDENTIALS"
@@ -32,12 +30,12 @@ do_install() {
32	bbwarn "OSTREE_PUSH_CREDENTIALS is ignored. Please use SOTA_PACKED_CREDENTIALS"	30	bbwarn "OSTREE_PUSH_CREDENTIALS is ignored. Please use SOTA_PACKED_CREDENTIALS"
33	fi	31	fi
34		32
35	install -d ${D}${libdir}/sota	33	install -m 0700 -d ${D}${libdir}/sota/conf.d
36	install -d ${D}${localstatedir}/sota	34	install -m 0700 -d ${D}${localstatedir}/sota
37	if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then	35	if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
38	aktualizr_toml=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-network', 'sota_autoprov_primary.toml', 'sota_autoprov.toml', d)}	36	aktualizr_toml=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-network', 'sota_autoprov_primary.toml', 'sota_autoprov.toml', d)}
39		37
40	install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/${aktualizr_toml} ${D}${libdir}/sota/sota.toml	38	install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/${aktualizr_toml} ${D}${libdir}/sota/conf.d/20-sota.toml
41		39
42	# deploy SOTA credentials	40	# deploy SOTA credentials
43	if [ -e ${SOTA_PACKED_CREDENTIALS} ]; then	41	if [ -e ${SOTA_PACKED_CREDENTIALS} ]; then
@@ -49,7 +47,8 @@ do_install() {
49	}	47	}
50		48
51	FILES_${PN} = " \	49	FILES_${PN} = " \
52	${libdir}/sota/sota.toml \	50	${libdir}/sota/conf.d \
		51	${libdir}/sota/conf.d/20-sota.toml \
53	${localstatedir}/sota \	52	${localstatedir}/sota \
54	${localstatedir}/sota/sota_provisioning_credentials.zip \	53	${localstatedir}/sota/sota_provisioning_credentials.zip \
55	"	54	"


diff --git a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb index 51e313d..319074e 100644 --- a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb
@@ -26,7 +26,7 @@ export SOTA_CACERT_PATH
26	export SOTA_CAKEY_PATH	26	export SOTA_CAKEY_PATH
27		27
28	do_install() {	28	do_install() {
29	install -d ${D}${libdir}/sota	29	install -m 0700 -d ${D}${libdir}/sota/conf.d
30		30
31	if [ -z "${SOTA_PACKED_CREDENTIALS}" ]; then	31	if [ -z "${SOTA_PACKED_CREDENTIALS}" ]; then
32	bberror "SOTA_PACKED_CREDENTIALS are required for implicit provisioning"	32	bberror "SOTA_PACKED_CREDENTIALS are required for implicit provisioning"
@@ -51,22 +51,22 @@ do_install() {
51	bberror "SOTA_CAKEY_PATH should be set when using implicit provisioning"	51	bberror "SOTA_CAKEY_PATH should be set when using implicit provisioning"
52	fi	52	fi
53		53
54	install -d ${D}${libdir}/sota	54	install -m 0700 -d ${D}${localstatedir}/sota
55	install -d ${D}${localstatedir}/sota	55	install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov_ca.toml ${D}${libdir}/sota/conf.d/20-sota.toml
56	install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov_ca.toml ${D}${libdir}/sota/sota.toml
57	aktualizr_cert_provider --credentials ${SOTA_PACKED_CREDENTIALS} \	56	aktualizr_cert_provider --credentials ${SOTA_PACKED_CREDENTIALS} \
58	--device-ca ${SOTA_CACERT_PATH} \	57	--device-ca ${SOTA_CACERT_PATH} \
59	--device-ca-key ${SOTA_CAKEY_PATH} \	58	--device-ca-key ${SOTA_CAKEY_PATH} \
60	--root-ca \	59	--root-ca \
61	--server-url \	60	--server-url \
62	--local ${D}${localstatedir}/sota \	61	--local ${D}${localstatedir}/sota \
63	--config ${D}${libdir}/sota/sota.toml	62	--config ${D}${libdir}/sota/conf.d/20-sota.toml
64	}	63	}
65		64
66	FILES_${PN} = " \	65	FILES_${PN} = " \
67	${localstatedir}/sota/* \	66	${libdir}/sota/conf.d \
68	${libdir}/sota/sota.toml \	67	${libdir}/sota/conf.d/20-sota.toml \
69	${libdir}/sota/root.crt \	68	${libdir}/sota/root.crt \
		69	${localstatedir}/sota/* \
70	"	70	"
71		71
72	# vim:set ts=4 sw=4 sts=4 expandtab:	72	# vim:set ts=4 sw=4 sts=4 expandtab:


diff --git a/recipes-sota/aktualizr/aktualizr-hsm-prov.bb b/recipes-sota/aktualizr/aktualizr-hsm-prov.bb index 5f8da3c..504f0d8 100644 --- a/recipes-sota/aktualizr/aktualizr-hsm-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-hsm-prov.bb
@@ -18,15 +18,16 @@ require environment.inc
18	require credentials.inc	18	require credentials.inc
19		19
20	do_install() {	20	do_install() {
21	install -d ${D}${libdir}/sota	21	install -m 0700 -d ${D}${libdir}/sota/conf.d
22	if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then	22	if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
23	aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} --no-root-ca \	23	aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} --no-root-ca \
24	-i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_hsm_prov.toml -o ${D}${libdir}/sota/sota.toml -p ${D}	24	-i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_hsm_prov.toml -o ${D}${libdir}/sota/conf.d/20-sota.toml -p ${D}
25	fi	25	fi
26	}	26	}
27		27
28	FILES_${PN} = " \	28	FILES_${PN} = " \
29	${libdir}/sota/sota.toml \	29	${libdir}/sota/conf.d \
		30	${libdir}/sota/conf.d/20-sota.toml \
30	"	31	"
31		32
32	# vim:set ts=4 sw=4 sts=4 expandtab:	33	# vim:set ts=4 sw=4 sts=4 expandtab:


diff --git a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb index cf3d22c..dcfaffb 100644 --- a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
@@ -18,15 +18,16 @@ require environment.inc
18	require credentials.inc	18	require credentials.inc
19		19
20	do_install() {	20	do_install() {
21	install -d ${D}${libdir}/sota	21	install -m 0700 -d ${D}${libdir}/sota/conf.d
22	if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then	22	if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
23	aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} \	23	aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} \
24	-i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov.toml -o ${D}${libdir}/sota/sota.toml -p ${D}	24	-i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov.toml -o ${D}${libdir}/sota/conf.d/20-sota.toml -p ${D}
25	fi	25	fi
26	}	26	}
27		27
28	FILES_${PN} = " \	28	FILES_${PN} = " \
29	${libdir}/sota/sota.toml \	29	${libdir}/sota/conf.d \
		30	${libdir}/sota/conf.d/20-sota.toml \
30	${libdir}/sota/root.crt \	31	${libdir}/sota/root.crt \
31	"	32	"
32		33


diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index 94a610c..2c0d59f 100644..100755 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb
@@ -5,7 +5,7 @@ SECTION = "base"
5	LICENSE = "MPL-2.0"	5	LICENSE = "MPL-2.0"
6	LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=9741c346eef56131163e13b9db1241b3"	6	LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=9741c346eef56131163e13b9db1241b3"
7		7
8	DEPENDS = "boost curl openssl libarchive libsodium asn1c-native "	8	DEPENDS = "boost curl openssl libarchive libsodium asn1c-native sqlite3 "
9	DEPENDS_append_class-target = "ostree ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', ' libp11', '', d)} "	9	DEPENDS_append_class-target = "ostree ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', ' libp11', '', d)} "
10	DEPENDS_append_class-native = "glib-2.0-native "	10	DEPENDS_append_class-native = "glib-2.0-native "
11		11
@@ -22,7 +22,7 @@ SRC_URI = " \
22	file://aktualizr-secondary.socket \	22	file://aktualizr-secondary.socket \
23	file://aktualizr-serialcan.service \	23	file://aktualizr-serialcan.service \
24	"	24	"
25	SRCREV = "930d8eef6eb584686654601c056d7c9c6fca3048"	25	SRCREV = "3b89858cf8ce9a8331cc4e6a5d2b5783d2eb7ae9"
26	BRANCH ?= "master"	26	BRANCH ?= "master"
27		27
28	S = "${WORKDIR}/git"	28	S = "${WORKDIR}/git"
@@ -37,9 +37,20 @@ SYSTEMD_SERVICE_${PN}-secondary = "aktualizr-secondary.socket"
37		37
38	BBCLASSEXTEND =+ "native"	38	BBCLASSEXTEND =+ "native"
39		39
40	EXTRA_OECMAKE = "-DWARNING_AS_ERROR=OFF -DCMAKE_BUILD_TYPE=Release -DAKTUALIZR_VERSION=${PV} "	40	require garage-sign-version.inc
41	EXTRA_OECMAKE_append_class-target = " -DBUILD_OSTREE=ON -DBUILD_ISOTP=ON ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', '-DBUILD_P11=ON', '', d)} "	41
42	EXTRA_OECMAKE_append_class-native = " -DBUILD_SOTA_TOOLS=ON -DBUILD_OSTREE=OFF -DBUILD_SYSTEMD=OFF "	42	EXTRA_OECMAKE = "-DWARNING_AS_ERROR=OFF \
		43	-DCMAKE_BUILD_TYPE=Release \
		44	-DAKTUALIZR_VERSION=${PV} \
		45	-DBUILD_LOAD_TESTS=OFF"
		46	EXTRA_OECMAKE_append_class-target = " -DBUILD_OSTREE=ON \
		47	-DBUILD_ISOTP=ON \
		48	${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', '-DBUILD_P11=ON', '', d)} "
		49	EXTRA_OECMAKE_append_class-native = " -DBUILD_SOTA_TOOLS=ON \
		50	-DBUILD_OSTREE=OFF \
		51	-DBUILD_SYSTEMD=OFF \
		52	-DGARAGE_SIGN_VERSION=${GARAGE_SIGN_VERSION} \
		53	-DGARAGE_SIGN_SHA256=${GARAGE_SIGN_SHA256}"
43		54
44	do_install_append () {	55	do_install_append () {
45	rm -fr ${D}${libdir}/systemd	56	rm -fr ${D}${libdir}/systemd
@@ -54,30 +65,30 @@ do_install_append () {
54	install -d ${D}${systemd_unitdir}/system	65	install -d ${D}${systemd_unitdir}/system
55	install -m 0644 ${WORKDIR}/aktualizr-secondary.socket ${D}${systemd_unitdir}/system/aktualizr-secondary.socket	66	install -m 0644 ${WORKDIR}/aktualizr-secondary.socket ${D}${systemd_unitdir}/system/aktualizr-secondary.socket
56	install -m 0644 ${WORKDIR}/aktualizr-secondary.service ${D}${systemd_unitdir}/system/aktualizr-secondary.service	67	install -m 0644 ${WORKDIR}/aktualizr-secondary.service ${D}${systemd_unitdir}/system/aktualizr-secondary.service
		68	install -m 0700 -d ${D}${libdir}/sota/conf.d
		69	install -m 0700 -d ${D}${sysconfdir}/sota/conf.d
57	}	70	}
58		71
59	do_install_append_class-target () {	72	do_install_append_class-target () {
60	install -d ${D}${systemd_unitdir}/system	73	install -m 0755 -d ${D}${systemd_unitdir}/system
61	aktualizr_service=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'serialcan', '${WORKDIR}/aktualizr-serialcan.service', '${WORKDIR}/aktualizr.service', d)}	74	aktualizr_service=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'serialcan', '${WORKDIR}/aktualizr-serialcan.service', '${WORKDIR}/aktualizr.service', d)}
62	install -m 0644 ${aktualizr_service} ${D}${systemd_unitdir}/system/aktualizr.service	75	install -m 0644 ${aktualizr_service} ${D}${systemd_unitdir}/system/aktualizr.service
63	}	76	}
64		77
65	do_install_append_class-native () {	78	do_install_append_class-native () {
66	install -m 0755 ${B}/src/sota_tools/garage-sign-prefix/src/garage-sign/bin/* ${D}${bindir}	79	install -m 0755 ${B}/src/sota_tools/garage-sign/bin/* ${D}${bindir}
67	install -m 0644 ${B}/src/sota_tools/garage-sign-prefix/src/garage-sign/lib/* ${D}${libdir}	80	install -m 0644 ${B}/src/sota_tools/garage-sign/lib/* ${D}${libdir}
68	}	81	}
69		82
70	PACKAGES =+ " ${PN}-common ${PN}-examples ${PN}-host-tools ${PN}-secondary "	83	PACKAGES =+ " ${PN}-examples ${PN}-host-tools ${PN}-secondary "
71		84
72	FILES_${PN} = " \	85	FILES_${PN} = " \
73	${bindir}/aktualizr \	86	${bindir}/aktualizr \
74	${bindir}/aktualizr-info \	87	${bindir}/aktualizr-info \
75	${bindir}/aktualizr-check-discovery \	88	${bindir}/aktualizr-check-discovery \
76	${systemd_unitdir}/system/aktualizr.service \	89	${systemd_unitdir}/system/aktualizr.service \
77	"	90	${libdir}/sota/conf.d \
78		91	${sysconfdir}/sota/conf.d \
79	FILES_${PN}-common = " \
80	${libdir}/sota/schemas \
81	"	92	"
82		93
83	FILES_${PN}-examples = " \	94	FILES_${PN}-examples = " \
@@ -105,8 +116,4 @@ FILES_${PN}-secondary = " \
105	${systemd_unitdir}/system/aktualizr-secondary.service \	116	${systemd_unitdir}/system/aktualizr-secondary.service \
106	"	117	"
107		118
108	# Both primary and secondary need the SQL Schemas
109	RDEPENDS_${PN}_class-target =+ "${PN}-common"
110	RDEPENDS_${PN}-secondary_class-target =+ "${PN}-common"
111
112	# vim:set ts=4 sw=4 sts=4 expandtab:	119	# vim:set ts=4 sw=4 sts=4 expandtab:


diff --git a/recipes-sota/aktualizr/environment.inc b/recipes-sota/aktualizr/environment.inc index 09da6b7..16e789e 100644 --- a/recipes-sota/aktualizr/environment.inc +++ b/recipes-sota/aktualizr/environment.inc
@@ -1,17 +1,11 @@
1	export SOTA_LEGACY_SECONDARY_INTERFACE
2	export SOTA_VIRTUAL_SECONDARIES	1	export SOTA_VIRTUAL_SECONDARIES
3		2
4	do_install_append() {	3	do_install_append() {
5	if [ -n "${SOTA_LEGACY_SECONDARY_INTERFACE}" ]; then
6	AKTUALIZR_PARAMETERS_LEGACYSEC="--legacy-interface ${SOTA_LEGACY_SECONDARY_INTERFACE}"
7	fi
8
9	AKTUALIZR_PARAMETERS_CONFIGFILE="--config /usr/lib/sota/sota.toml"
10	for sec in ${SOTA_VIRTUAL_SECONDARIES}; do	4	for sec in ${SOTA_VIRTUAL_SECONDARIES}; do
11	AKTUALIZR_PARAMETERS_VIRTUALSECS="${AKTUALIZR_PARAMETERS_VIRTUALSECS} --secondary-config $sec"	5	AKTUALIZR_PARAMETERS_VIRTUALSECS="${AKTUALIZR_PARAMETERS_VIRTUALSECS} --secondary-config $sec"
12	done	6	done
13		7
14	echo "AKTUALIZR_CMDLINE_PARAMETERS=${AKTUALIZR_PARAMETERS_CONFIGFILE} ${AKTUALIZR_PARAMETERS_LEGACYSEC} ${AKTUALIZR_PARAMETERS_VIRTUALSECS}" > ${D}${libdir}/sota/sota.env	8	echo "AKTUALIZR_CMDLINE_PARAMETERS=${AKTUALIZR_PARAMETERS_VIRTUALSECS}" > ${D}${libdir}/sota/sota.env
15	}	9	}
16		10
17	FILES_${PN}_append = " ${libdir}/sota/sota.env"	11	FILES_${PN}_append = " ${libdir}/sota/sota.env"


diff --git a/recipes-sota/aktualizr/garage-sign-version.inc b/recipes-sota/aktualizr/garage-sign-version.inc new file mode 100644 index 0000000..66e3ffd --- /dev/null +++ b/recipes-sota/aktualizr/garage-sign-version.inc
@@ -0,0 +1,23 @@
		1
		2	python () {
		3	if d.getVar("GARAGE_SIGN_VERSION", True) or not d.getVar("SOTA_PACKED_CREDENTIALS", True):
		4	return
		5	import json
		6	import urllib.request
		7	import zipfile
		8	with zipfile.ZipFile(d.getVar("SOTA_PACKED_CREDENTIALS", True), 'r') as zip_ref:
		9	try:
		10	with zip_ref.open('tufrepo.url', mode='r') as url_file:
		11	url = url_file.read().decode() + '/health/version'
		12	except (KeyError, ValueError, RuntimeError):
		13	return
		14	r = urllib.request.urlopen(url)
		15	if r.code != 200:
		16	return
		17	resp = r.read().decode('utf-8')
		18	j = json.loads(resp)
		19	version = 'cli-' + j['version'] + '.tgz'
		20	d.setVar("GARAGE_SIGN_VERSION", version)
		21	}
		22
		23	# vim:set ts=4 sw=4 sts=4 expandtab: