diff options
Diffstat (limited to 'recipes-sota')
-rw-r--r-- | recipes-sota/aktualizr/aktualizr-device-prov-creds.bb | 60 | ||||
-rw-r--r-- | recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb | 10 | ||||
-rw-r--r-- | recipes-sota/aktualizr/aktualizr-device-prov.bb | 9 | ||||
-rw-r--r-- | recipes-sota/aktualizr/aktualizr-hwid.bb | 24 | ||||
-rw-r--r-- | recipes-sota/aktualizr/aktualizr-shared-prov-creds.bb | 9 | ||||
-rw-r--r-- | recipes-sota/aktualizr/aktualizr-shared-prov.bb | 11 | ||||
-rw-r--r-- | recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb | 10 | ||||
-rw-r--r-- | recipes-sota/aktualizr/aktualizr_git.bb | 6 |
8 files changed, 59 insertions, 80 deletions
diff --git a/recipes-sota/aktualizr/aktualizr-device-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-device-prov-creds.bb deleted file mode 100644 index 6e02a50..0000000 --- a/recipes-sota/aktualizr/aktualizr-device-prov-creds.bb +++ /dev/null | |||
@@ -1,60 +0,0 @@ | |||
1 | SUMMARY = "Credentials for device provisioning with fleet CA certificate" | ||
2 | HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" | ||
3 | SECTION = "base" | ||
4 | LICENSE = "MPL-2.0" | ||
5 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" | ||
6 | |||
7 | inherit allarch | ||
8 | |||
9 | # WARNING: it is NOT a production solution. The secure way to provision devices | ||
10 | # is to create certificate request directly on the device (either with HSM/TPM | ||
11 | # or with software) and then sign it with a CA stored on a disconnected machine. | ||
12 | |||
13 | DEPENDS = "aktualizr aktualizr-native" | ||
14 | ALLOW_EMPTY_${PN} = "1" | ||
15 | |||
16 | SRC_URI = " \ | ||
17 | file://ca.cnf \ | ||
18 | " | ||
19 | |||
20 | require credentials.inc | ||
21 | |||
22 | export SOTA_CACERT_PATH | ||
23 | export SOTA_CAKEY_PATH | ||
24 | |||
25 | do_install() { | ||
26 | if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then | ||
27 | if [ -z ${SOTA_CACERT_PATH} ]; then | ||
28 | SOTA_CACERT_PATH=${DEPLOY_DIR_IMAGE}/CA/cacert.pem | ||
29 | SOTA_CAKEY_PATH=${DEPLOY_DIR_IMAGE}/CA/ca.private.pem | ||
30 | mkdir -p ${DEPLOY_DIR_IMAGE}/CA | ||
31 | bbwarn "SOTA_CACERT_PATH is not specified, use default one at ${SOTA_CACERT_PATH}" | ||
32 | |||
33 | if [ ! -f ${SOTA_CACERT_PATH} ]; then | ||
34 | bbwarn "${SOTA_CACERT_PATH} does not exist, generate a new CA" | ||
35 | SOTA_CACERT_DIR_PATH="$(dirname "${SOTA_CACERT_PATH}")" | ||
36 | openssl genrsa -out ${SOTA_CACERT_DIR_PATH}/ca.private.pem 4096 | ||
37 | openssl req -key ${SOTA_CACERT_DIR_PATH}/ca.private.pem -new -x509 -days 7300 -out ${SOTA_CACERT_PATH} -subj "/C=DE/ST=Berlin/O=Reis und Kichererbsen e.V/commonName=meta-updater" -batch -config ${WORKDIR}/ca.cnf -extensions cacert | ||
38 | bbwarn "${SOTA_CACERT_PATH} has been created, you'll need to upload it to the server" | ||
39 | fi | ||
40 | fi | ||
41 | |||
42 | if [ -z ${SOTA_CAKEY_PATH} ]; then | ||
43 | bbfatal "SOTA_CAKEY_PATH should be set when using device credential provisioning" | ||
44 | fi | ||
45 | |||
46 | install -m 0700 -d ${D}${localstatedir}/sota | ||
47 | aktualizr-cert-provider --credentials ${SOTA_PACKED_CREDENTIALS} \ | ||
48 | --fleet-ca ${SOTA_CACERT_PATH} \ | ||
49 | --fleet-ca-key ${SOTA_CAKEY_PATH} \ | ||
50 | --root-ca \ | ||
51 | --server-url \ | ||
52 | --local ${D} \ | ||
53 | --config ${STAGING_DIR_HOST}${libdir}/sota/sota-device-cred.toml | ||
54 | fi | ||
55 | } | ||
56 | |||
57 | FILES_${PN} = " \ | ||
58 | ${localstatedir}/sota/*" | ||
59 | |||
60 | # vim:set ts=4 sw=4 sts=4 expandtab: | ||
diff --git a/recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb b/recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb index c3cd593..4eadb77 100644 --- a/recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb +++ b/recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb | |||
@@ -7,14 +7,16 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7 | |||
7 | 7 | ||
8 | inherit allarch | 8 | inherit allarch |
9 | 9 | ||
10 | DEPENDS = "aktualizr aktualizr-native" | 10 | # We need to get the config files from the aktualizr-host-tools package built by |
11 | RDEPENDS_${PN}_append = "${@' aktualizr-device-prov-creds softhsm-testtoken' if d.getVar('SOTA_DEPLOY_CREDENTIALS') == '1' else ''}" | 11 | # the aktualizr (target) recipe. |
12 | DEPENDS = "aktualizr" | ||
12 | 13 | ||
13 | SRC_URI = "" | 14 | # If the config file from aktualizr used here is changed, you will need to bump |
15 | # the version here because of SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS! | ||
14 | PV = "1.0" | 16 | PV = "1.0" |
15 | PR = "6" | 17 | PR = "6" |
16 | 18 | ||
17 | require credentials.inc | 19 | SRC_URI = "" |
18 | 20 | ||
19 | do_install() { | 21 | do_install() { |
20 | install -m 0700 -d ${D}${libdir}/sota/conf.d | 22 | install -m 0700 -d ${D}${libdir}/sota/conf.d |
diff --git a/recipes-sota/aktualizr/aktualizr-device-prov.bb b/recipes-sota/aktualizr/aktualizr-device-prov.bb index d579532..55f398d 100644 --- a/recipes-sota/aktualizr/aktualizr-device-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-device-prov.bb | |||
@@ -7,13 +7,16 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7 | |||
7 | 7 | ||
8 | inherit allarch | 8 | inherit allarch |
9 | 9 | ||
10 | DEPENDS = "aktualizr aktualizr-native openssl-native" | 10 | # We need to get the config files from the aktualizr-host-tools package built by |
11 | RDEPENDS_${PN}_append = "${@' aktualizr-device-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS') == '1' else ''}" | 11 | # the aktualizr (target) recipe. |
12 | DEPENDS = "aktualizr" | ||
12 | 13 | ||
14 | # If the config file from aktualizr used here is changed, you will need to bump | ||
15 | # the version here because of SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS! | ||
13 | PV = "1.0" | 16 | PV = "1.0" |
14 | PR = "1" | 17 | PR = "1" |
15 | 18 | ||
16 | require credentials.inc | 19 | SRC_URI = "" |
17 | 20 | ||
18 | do_install() { | 21 | do_install() { |
19 | install -m 0700 -d ${D}${libdir}/sota/conf.d | 22 | install -m 0700 -d ${D}${libdir}/sota/conf.d |
diff --git a/recipes-sota/aktualizr/aktualizr-hwid.bb b/recipes-sota/aktualizr/aktualizr-hwid.bb new file mode 100644 index 0000000..fd3e395 --- /dev/null +++ b/recipes-sota/aktualizr/aktualizr-hwid.bb | |||
@@ -0,0 +1,24 @@ | |||
1 | SUMMARY = "Aktualizr hwid configuration" | ||
2 | HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" | ||
3 | SECTION = "base" | ||
4 | LICENSE = "MPL-2.0" | ||
5 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" | ||
6 | |||
7 | # Because of the dependency on MACHINE. | ||
8 | PACKAGE_ARCH = "${MACHINE_ARCH}" | ||
9 | |||
10 | SRC_URI = "" | ||
11 | |||
12 | do_install() { | ||
13 | install -m 0700 -d ${D}${libdir}/sota/conf.d | ||
14 | if [ -n "${SOTA_HARDWARE_ID}" ]; then | ||
15 | printf "[provision]\nprimary_ecu_hardware_id = ${SOTA_HARDWARE_ID}\n" > ${D}${libdir}/sota/conf.d/40-hardware-id.toml | ||
16 | fi | ||
17 | } | ||
18 | |||
19 | FILES_${PN} = " \ | ||
20 | ${libdir}/sota/conf.d \ | ||
21 | ${libdir}/sota/conf.d/40-hardware-id.toml \ | ||
22 | " | ||
23 | |||
24 | # vim:set ts=4 sw=4 sts=4 expandtab: | ||
diff --git a/recipes-sota/aktualizr/aktualizr-shared-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-shared-prov-creds.bb index 2701c07..9c6f0dd 100644 --- a/recipes-sota/aktualizr/aktualizr-shared-prov-creds.bb +++ b/recipes-sota/aktualizr/aktualizr-shared-prov-creds.bb | |||
@@ -6,9 +6,16 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7 | |||
6 | 6 | ||
7 | inherit allarch | 7 | inherit allarch |
8 | 8 | ||
9 | DEPENDS = "aktualizr-native zip-native" | 9 | DEPENDS = "zip-native" |
10 | ALLOW_EMPTY_${PN} = "1" | 10 | ALLOW_EMPTY_${PN} = "1" |
11 | 11 | ||
12 | # If the config file from aktualizr used here is changed, you will need to bump | ||
13 | # the version here because of SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS! | ||
14 | PV = "1.0" | ||
15 | PR = "1" | ||
16 | |||
17 | SRC_URI = "" | ||
18 | |||
12 | require credentials.inc | 19 | require credentials.inc |
13 | 20 | ||
14 | do_install() { | 21 | do_install() { |
diff --git a/recipes-sota/aktualizr/aktualizr-shared-prov.bb b/recipes-sota/aktualizr/aktualizr-shared-prov.bb index d3d6f16..2ee47a1 100644 --- a/recipes-sota/aktualizr/aktualizr-shared-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-shared-prov.bb | |||
@@ -7,15 +7,18 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7 | |||
7 | 7 | ||
8 | inherit allarch | 8 | inherit allarch |
9 | 9 | ||
10 | DEPENDS = "aktualizr-native zip-native" | 10 | # We need to get the config files from the aktualizr-host-tools package built by |
11 | # the aktualizr (target) recipe. | ||
12 | DEPENDS = "aktualizr" | ||
11 | RDEPENDS_${PN}_append = "${@' aktualizr-shared-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS') == '1' else ''}" | 13 | RDEPENDS_${PN}_append = "${@' aktualizr-shared-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS') == '1' else ''}" |
14 | |||
15 | # If the config file from aktualizr used here is changed, you will need to bump | ||
16 | # the version here because of SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS! | ||
12 | PV = "1.0" | 17 | PV = "1.0" |
13 | PR = "6" | 18 | PR = "6" |
14 | 19 | ||
15 | SRC_URI = "" | 20 | SRC_URI = "" |
16 | 21 | ||
17 | require credentials.inc | ||
18 | |||
19 | do_install() { | 22 | do_install() { |
20 | if [ -n "${SOTA_AUTOPROVISION_CREDENTIALS}" ]; then | 23 | if [ -n "${SOTA_AUTOPROVISION_CREDENTIALS}" ]; then |
21 | bbwarn "SOTA_AUTOPROVISION_CREDENTIALS are ignored. Please use SOTA_PACKED_CREDENTIALS" | 24 | bbwarn "SOTA_AUTOPROVISION_CREDENTIALS are ignored. Please use SOTA_PACKED_CREDENTIALS" |
@@ -31,7 +34,7 @@ do_install() { | |||
31 | fi | 34 | fi |
32 | 35 | ||
33 | install -m 0700 -d ${D}${libdir}/sota/conf.d | 36 | install -m 0700 -d ${D}${libdir}/sota/conf.d |
34 | install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota-shared-cred.toml \ | 37 | install -m 0644 ${STAGING_DIR_HOST}${libdir}/sota/sota-shared-cred.toml \ |
35 | ${D}${libdir}/sota/conf.d/20-sota-shared-cred.toml | 38 | ${D}${libdir}/sota/conf.d/20-sota-shared-cred.toml |
36 | } | 39 | } |
37 | 40 | ||
diff --git a/recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb b/recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb index 860f225..2895e5c 100644 --- a/recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb +++ b/recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb | |||
@@ -6,14 +6,18 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7 | |||
6 | 6 | ||
7 | inherit allarch | 7 | inherit allarch |
8 | 8 | ||
9 | DEPENDS = "aktualizr-native" | 9 | DEPENDS = "aktualizr" |
10 | RDEPENDS_${PN} = "aktualizr" | 10 | |
11 | # If the config file from aktualizr used here is changed, you will need to bump | ||
12 | # the version here because of SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS! | ||
13 | PV = "1.0" | ||
14 | PR = "1" | ||
11 | 15 | ||
12 | SRC_URI = "" | 16 | SRC_URI = "" |
13 | 17 | ||
14 | do_install() { | 18 | do_install() { |
15 | install -m 0700 -d ${D}${libdir}/sota/conf.d | 19 | install -m 0700 -d ${D}${libdir}/sota/conf.d |
16 | install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota-uboot-env.toml ${D}${libdir}/sota/conf.d/30-rollback.toml | 20 | install -m 0644 ${STAGING_DIR_HOST}${libdir}/sota/sota-uboot-env.toml ${D}${libdir}/sota/conf.d/30-rollback.toml |
17 | } | 21 | } |
18 | 22 | ||
19 | FILES_${PN} = " \ | 23 | FILES_${PN} = " \ |
diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index d878d88..0de0866 100644 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb | |||
@@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=815ca599c9df247a0c7f619bab123dad" | |||
7 | 7 | ||
8 | DEPENDS = "boost curl openssl libarchive libsodium sqlite3 asn1c-native" | 8 | DEPENDS = "boost curl openssl libarchive libsodium sqlite3 asn1c-native" |
9 | DEPENDS_append = "${@bb.utils.contains('PTEST_ENABLED', '1', ' coreutils-native net-tools-native ostree-native aktualizr-native ', '', d)}" | 9 | DEPENDS_append = "${@bb.utils.contains('PTEST_ENABLED', '1', ' coreutils-native net-tools-native ostree-native aktualizr-native ', '', d)}" |
10 | RDEPENDS_${PN}_class-target = "aktualizr-configs lshw" | 10 | RDEPENDS_${PN}_class-target = "aktualizr-configs aktualizr-hwid lshw" |
11 | RDEPENDS_${PN}-host-tools = "aktualizr aktualizr-cert-provider ${@bb.utils.contains('PACKAGECONFIG', 'sota-tools', 'garage-deploy garage-push', '', d)}" | 11 | RDEPENDS_${PN}-host-tools = "aktualizr aktualizr-cert-provider ${@bb.utils.contains('PACKAGECONFIG', 'sota-tools', 'garage-deploy garage-push', '', d)}" |
12 | 12 | ||
13 | RDEPENDS_${PN}-ptest += "bash cmake curl net-tools python3-core python3-misc python3-modules openssl-bin sqlite3 valgrind" | 13 | RDEPENDS_${PN}-ptest += "bash cmake curl net-tools python3-core python3-misc python3-modules openssl-bin sqlite3 valgrind" |
@@ -105,10 +105,6 @@ do_install_append () { | |||
105 | install -m 0700 -d ${D}${libdir}/sota/conf.d | 105 | install -m 0700 -d ${D}${libdir}/sota/conf.d |
106 | install -m 0700 -d ${D}${sysconfdir}/sota/conf.d | 106 | install -m 0700 -d ${D}${sysconfdir}/sota/conf.d |
107 | 107 | ||
108 | if [ -n "${SOTA_HARDWARE_ID}" ]; then | ||
109 | printf "[provision]\nprimary_ecu_hardware_id = ${SOTA_HARDWARE_ID}\n" > ${D}${libdir}/sota/conf.d/40-hardware-id.toml | ||
110 | fi | ||
111 | |||
112 | install -m 0755 -d ${D}${systemd_unitdir}/system | 108 | install -m 0755 -d ${D}${systemd_unitdir}/system |
113 | aktualizr_service=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'serialcan', '${WORKDIR}/aktualizr-serialcan.service', '${WORKDIR}/aktualizr.service', d)} | 109 | aktualizr_service=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'serialcan', '${WORKDIR}/aktualizr-serialcan.service', '${WORKDIR}/aktualizr.service', d)} |
114 | install -m 0644 ${aktualizr_service} ${D}${systemd_unitdir}/system/aktualizr.service | 110 | install -m 0644 ${aktualizr_service} ${D}${systemd_unitdir}/system/aktualizr.service |