diff options
Diffstat (limited to 'recipes-sota')
| -rw-r--r-- | recipes-sota/aktualizr/aktualizr-device-prov-creds.bb | 60 | ||||
| -rw-r--r-- | recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb | 10 | ||||
| -rw-r--r-- | recipes-sota/aktualizr/aktualizr-device-prov.bb | 9 | ||||
| -rw-r--r-- | recipes-sota/aktualizr/aktualizr-hwid.bb | 24 | ||||
| -rw-r--r-- | recipes-sota/aktualizr/aktualizr-shared-prov-creds.bb | 9 | ||||
| -rw-r--r-- | recipes-sota/aktualizr/aktualizr-shared-prov.bb | 11 | ||||
| -rw-r--r-- | recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb | 10 | ||||
| -rw-r--r-- | recipes-sota/aktualizr/aktualizr_git.bb | 6 |
8 files changed, 59 insertions, 80 deletions
diff --git a/recipes-sota/aktualizr/aktualizr-device-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-device-prov-creds.bb deleted file mode 100644 index 6e02a50..0000000 --- a/recipes-sota/aktualizr/aktualizr-device-prov-creds.bb +++ /dev/null | |||
| @@ -1,60 +0,0 @@ | |||
| 1 | SUMMARY = "Credentials for device provisioning with fleet CA certificate" | ||
| 2 | HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" | ||
| 3 | SECTION = "base" | ||
| 4 | LICENSE = "MPL-2.0" | ||
| 5 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" | ||
| 6 | |||
| 7 | inherit allarch | ||
| 8 | |||
| 9 | # WARNING: it is NOT a production solution. The secure way to provision devices | ||
| 10 | # is to create certificate request directly on the device (either with HSM/TPM | ||
| 11 | # or with software) and then sign it with a CA stored on a disconnected machine. | ||
| 12 | |||
| 13 | DEPENDS = "aktualizr aktualizr-native" | ||
| 14 | ALLOW_EMPTY_${PN} = "1" | ||
| 15 | |||
| 16 | SRC_URI = " \ | ||
| 17 | file://ca.cnf \ | ||
| 18 | " | ||
| 19 | |||
| 20 | require credentials.inc | ||
| 21 | |||
| 22 | export SOTA_CACERT_PATH | ||
| 23 | export SOTA_CAKEY_PATH | ||
| 24 | |||
| 25 | do_install() { | ||
| 26 | if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then | ||
| 27 | if [ -z ${SOTA_CACERT_PATH} ]; then | ||
| 28 | SOTA_CACERT_PATH=${DEPLOY_DIR_IMAGE}/CA/cacert.pem | ||
| 29 | SOTA_CAKEY_PATH=${DEPLOY_DIR_IMAGE}/CA/ca.private.pem | ||
| 30 | mkdir -p ${DEPLOY_DIR_IMAGE}/CA | ||
| 31 | bbwarn "SOTA_CACERT_PATH is not specified, use default one at ${SOTA_CACERT_PATH}" | ||
| 32 | |||
| 33 | if [ ! -f ${SOTA_CACERT_PATH} ]; then | ||
| 34 | bbwarn "${SOTA_CACERT_PATH} does not exist, generate a new CA" | ||
| 35 | SOTA_CACERT_DIR_PATH="$(dirname "${SOTA_CACERT_PATH}")" | ||
| 36 | openssl genrsa -out ${SOTA_CACERT_DIR_PATH}/ca.private.pem 4096 | ||
| 37 | openssl req -key ${SOTA_CACERT_DIR_PATH}/ca.private.pem -new -x509 -days 7300 -out ${SOTA_CACERT_PATH} -subj "/C=DE/ST=Berlin/O=Reis und Kichererbsen e.V/commonName=meta-updater" -batch -config ${WORKDIR}/ca.cnf -extensions cacert | ||
| 38 | bbwarn "${SOTA_CACERT_PATH} has been created, you'll need to upload it to the server" | ||
| 39 | fi | ||
| 40 | fi | ||
| 41 | |||
| 42 | if [ -z ${SOTA_CAKEY_PATH} ]; then | ||
| 43 | bbfatal "SOTA_CAKEY_PATH should be set when using device credential provisioning" | ||
| 44 | fi | ||
| 45 | |||
| 46 | install -m 0700 -d ${D}${localstatedir}/sota | ||
| 47 | aktualizr-cert-provider --credentials ${SOTA_PACKED_CREDENTIALS} \ | ||
| 48 | --fleet-ca ${SOTA_CACERT_PATH} \ | ||
| 49 | --fleet-ca-key ${SOTA_CAKEY_PATH} \ | ||
| 50 | --root-ca \ | ||
| 51 | --server-url \ | ||
| 52 | --local ${D} \ | ||
| 53 | --config ${STAGING_DIR_HOST}${libdir}/sota/sota-device-cred.toml | ||
| 54 | fi | ||
| 55 | } | ||
| 56 | |||
| 57 | FILES_${PN} = " \ | ||
| 58 | ${localstatedir}/sota/*" | ||
| 59 | |||
| 60 | # vim:set ts=4 sw=4 sts=4 expandtab: | ||
diff --git a/recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb b/recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb index c3cd593..4eadb77 100644 --- a/recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb +++ b/recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb | |||
| @@ -7,14 +7,16 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7 | |||
| 7 | 7 | ||
| 8 | inherit allarch | 8 | inherit allarch |
| 9 | 9 | ||
| 10 | DEPENDS = "aktualizr aktualizr-native" | 10 | # We need to get the config files from the aktualizr-host-tools package built by |
| 11 | RDEPENDS_${PN}_append = "${@' aktualizr-device-prov-creds softhsm-testtoken' if d.getVar('SOTA_DEPLOY_CREDENTIALS') == '1' else ''}" | 11 | # the aktualizr (target) recipe. |
| 12 | DEPENDS = "aktualizr" | ||
| 12 | 13 | ||
| 13 | SRC_URI = "" | 14 | # If the config file from aktualizr used here is changed, you will need to bump |
| 15 | # the version here because of SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS! | ||
| 14 | PV = "1.0" | 16 | PV = "1.0" |
| 15 | PR = "6" | 17 | PR = "6" |
| 16 | 18 | ||
| 17 | require credentials.inc | 19 | SRC_URI = "" |
| 18 | 20 | ||
| 19 | do_install() { | 21 | do_install() { |
| 20 | install -m 0700 -d ${D}${libdir}/sota/conf.d | 22 | install -m 0700 -d ${D}${libdir}/sota/conf.d |
diff --git a/recipes-sota/aktualizr/aktualizr-device-prov.bb b/recipes-sota/aktualizr/aktualizr-device-prov.bb index d579532..55f398d 100644 --- a/recipes-sota/aktualizr/aktualizr-device-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-device-prov.bb | |||
| @@ -7,13 +7,16 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7 | |||
| 7 | 7 | ||
| 8 | inherit allarch | 8 | inherit allarch |
| 9 | 9 | ||
| 10 | DEPENDS = "aktualizr aktualizr-native openssl-native" | 10 | # We need to get the config files from the aktualizr-host-tools package built by |
| 11 | RDEPENDS_${PN}_append = "${@' aktualizr-device-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS') == '1' else ''}" | 11 | # the aktualizr (target) recipe. |
| 12 | DEPENDS = "aktualizr" | ||
| 12 | 13 | ||
| 14 | # If the config file from aktualizr used here is changed, you will need to bump | ||
| 15 | # the version here because of SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS! | ||
| 13 | PV = "1.0" | 16 | PV = "1.0" |
| 14 | PR = "1" | 17 | PR = "1" |
| 15 | 18 | ||
| 16 | require credentials.inc | 19 | SRC_URI = "" |
| 17 | 20 | ||
| 18 | do_install() { | 21 | do_install() { |
| 19 | install -m 0700 -d ${D}${libdir}/sota/conf.d | 22 | install -m 0700 -d ${D}${libdir}/sota/conf.d |
diff --git a/recipes-sota/aktualizr/aktualizr-hwid.bb b/recipes-sota/aktualizr/aktualizr-hwid.bb new file mode 100644 index 0000000..fd3e395 --- /dev/null +++ b/recipes-sota/aktualizr/aktualizr-hwid.bb | |||
| @@ -0,0 +1,24 @@ | |||
| 1 | SUMMARY = "Aktualizr hwid configuration" | ||
| 2 | HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" | ||
| 3 | SECTION = "base" | ||
| 4 | LICENSE = "MPL-2.0" | ||
| 5 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" | ||
| 6 | |||
| 7 | # Because of the dependency on MACHINE. | ||
| 8 | PACKAGE_ARCH = "${MACHINE_ARCH}" | ||
| 9 | |||
| 10 | SRC_URI = "" | ||
| 11 | |||
| 12 | do_install() { | ||
| 13 | install -m 0700 -d ${D}${libdir}/sota/conf.d | ||
| 14 | if [ -n "${SOTA_HARDWARE_ID}" ]; then | ||
| 15 | printf "[provision]\nprimary_ecu_hardware_id = ${SOTA_HARDWARE_ID}\n" > ${D}${libdir}/sota/conf.d/40-hardware-id.toml | ||
| 16 | fi | ||
| 17 | } | ||
| 18 | |||
| 19 | FILES_${PN} = " \ | ||
| 20 | ${libdir}/sota/conf.d \ | ||
| 21 | ${libdir}/sota/conf.d/40-hardware-id.toml \ | ||
| 22 | " | ||
| 23 | |||
| 24 | # vim:set ts=4 sw=4 sts=4 expandtab: | ||
diff --git a/recipes-sota/aktualizr/aktualizr-shared-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-shared-prov-creds.bb index 2701c07..9c6f0dd 100644 --- a/recipes-sota/aktualizr/aktualizr-shared-prov-creds.bb +++ b/recipes-sota/aktualizr/aktualizr-shared-prov-creds.bb | |||
| @@ -6,9 +6,16 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7 | |||
| 6 | 6 | ||
| 7 | inherit allarch | 7 | inherit allarch |
| 8 | 8 | ||
| 9 | DEPENDS = "aktualizr-native zip-native" | 9 | DEPENDS = "zip-native" |
| 10 | ALLOW_EMPTY_${PN} = "1" | 10 | ALLOW_EMPTY_${PN} = "1" |
| 11 | 11 | ||
| 12 | # If the config file from aktualizr used here is changed, you will need to bump | ||
| 13 | # the version here because of SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS! | ||
| 14 | PV = "1.0" | ||
| 15 | PR = "1" | ||
| 16 | |||
| 17 | SRC_URI = "" | ||
| 18 | |||
| 12 | require credentials.inc | 19 | require credentials.inc |
| 13 | 20 | ||
| 14 | do_install() { | 21 | do_install() { |
diff --git a/recipes-sota/aktualizr/aktualizr-shared-prov.bb b/recipes-sota/aktualizr/aktualizr-shared-prov.bb index d3d6f16..2ee47a1 100644 --- a/recipes-sota/aktualizr/aktualizr-shared-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-shared-prov.bb | |||
| @@ -7,15 +7,18 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7 | |||
| 7 | 7 | ||
| 8 | inherit allarch | 8 | inherit allarch |
| 9 | 9 | ||
| 10 | DEPENDS = "aktualizr-native zip-native" | 10 | # We need to get the config files from the aktualizr-host-tools package built by |
| 11 | # the aktualizr (target) recipe. | ||
| 12 | DEPENDS = "aktualizr" | ||
| 11 | RDEPENDS_${PN}_append = "${@' aktualizr-shared-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS') == '1' else ''}" | 13 | RDEPENDS_${PN}_append = "${@' aktualizr-shared-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS') == '1' else ''}" |
| 14 | |||
| 15 | # If the config file from aktualizr used here is changed, you will need to bump | ||
| 16 | # the version here because of SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS! | ||
| 12 | PV = "1.0" | 17 | PV = "1.0" |
| 13 | PR = "6" | 18 | PR = "6" |
| 14 | 19 | ||
| 15 | SRC_URI = "" | 20 | SRC_URI = "" |
| 16 | 21 | ||
| 17 | require credentials.inc | ||
| 18 | |||
| 19 | do_install() { | 22 | do_install() { |
| 20 | if [ -n "${SOTA_AUTOPROVISION_CREDENTIALS}" ]; then | 23 | if [ -n "${SOTA_AUTOPROVISION_CREDENTIALS}" ]; then |
| 21 | bbwarn "SOTA_AUTOPROVISION_CREDENTIALS are ignored. Please use SOTA_PACKED_CREDENTIALS" | 24 | bbwarn "SOTA_AUTOPROVISION_CREDENTIALS are ignored. Please use SOTA_PACKED_CREDENTIALS" |
| @@ -31,7 +34,7 @@ do_install() { | |||
| 31 | fi | 34 | fi |
| 32 | 35 | ||
| 33 | install -m 0700 -d ${D}${libdir}/sota/conf.d | 36 | install -m 0700 -d ${D}${libdir}/sota/conf.d |
| 34 | install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota-shared-cred.toml \ | 37 | install -m 0644 ${STAGING_DIR_HOST}${libdir}/sota/sota-shared-cred.toml \ |
| 35 | ${D}${libdir}/sota/conf.d/20-sota-shared-cred.toml | 38 | ${D}${libdir}/sota/conf.d/20-sota-shared-cred.toml |
| 36 | } | 39 | } |
| 37 | 40 | ||
diff --git a/recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb b/recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb index 860f225..2895e5c 100644 --- a/recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb +++ b/recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb | |||
| @@ -6,14 +6,18 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7 | |||
| 6 | 6 | ||
| 7 | inherit allarch | 7 | inherit allarch |
| 8 | 8 | ||
| 9 | DEPENDS = "aktualizr-native" | 9 | DEPENDS = "aktualizr" |
| 10 | RDEPENDS_${PN} = "aktualizr" | 10 | |
| 11 | # If the config file from aktualizr used here is changed, you will need to bump | ||
| 12 | # the version here because of SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS! | ||
| 13 | PV = "1.0" | ||
| 14 | PR = "1" | ||
| 11 | 15 | ||
| 12 | SRC_URI = "" | 16 | SRC_URI = "" |
| 13 | 17 | ||
| 14 | do_install() { | 18 | do_install() { |
| 15 | install -m 0700 -d ${D}${libdir}/sota/conf.d | 19 | install -m 0700 -d ${D}${libdir}/sota/conf.d |
| 16 | install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota-uboot-env.toml ${D}${libdir}/sota/conf.d/30-rollback.toml | 20 | install -m 0644 ${STAGING_DIR_HOST}${libdir}/sota/sota-uboot-env.toml ${D}${libdir}/sota/conf.d/30-rollback.toml |
| 17 | } | 21 | } |
| 18 | 22 | ||
| 19 | FILES_${PN} = " \ | 23 | FILES_${PN} = " \ |
diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index d878d88..0de0866 100644 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb | |||
| @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=815ca599c9df247a0c7f619bab123dad" | |||
| 7 | 7 | ||
| 8 | DEPENDS = "boost curl openssl libarchive libsodium sqlite3 asn1c-native" | 8 | DEPENDS = "boost curl openssl libarchive libsodium sqlite3 asn1c-native" |
| 9 | DEPENDS_append = "${@bb.utils.contains('PTEST_ENABLED', '1', ' coreutils-native net-tools-native ostree-native aktualizr-native ', '', d)}" | 9 | DEPENDS_append = "${@bb.utils.contains('PTEST_ENABLED', '1', ' coreutils-native net-tools-native ostree-native aktualizr-native ', '', d)}" |
| 10 | RDEPENDS_${PN}_class-target = "aktualizr-configs lshw" | 10 | RDEPENDS_${PN}_class-target = "aktualizr-configs aktualizr-hwid lshw" |
| 11 | RDEPENDS_${PN}-host-tools = "aktualizr aktualizr-cert-provider ${@bb.utils.contains('PACKAGECONFIG', 'sota-tools', 'garage-deploy garage-push', '', d)}" | 11 | RDEPENDS_${PN}-host-tools = "aktualizr aktualizr-cert-provider ${@bb.utils.contains('PACKAGECONFIG', 'sota-tools', 'garage-deploy garage-push', '', d)}" |
| 12 | 12 | ||
| 13 | RDEPENDS_${PN}-ptest += "bash cmake curl net-tools python3-core python3-misc python3-modules openssl-bin sqlite3 valgrind" | 13 | RDEPENDS_${PN}-ptest += "bash cmake curl net-tools python3-core python3-misc python3-modules openssl-bin sqlite3 valgrind" |
| @@ -105,10 +105,6 @@ do_install_append () { | |||
| 105 | install -m 0700 -d ${D}${libdir}/sota/conf.d | 105 | install -m 0700 -d ${D}${libdir}/sota/conf.d |
| 106 | install -m 0700 -d ${D}${sysconfdir}/sota/conf.d | 106 | install -m 0700 -d ${D}${sysconfdir}/sota/conf.d |
| 107 | 107 | ||
| 108 | if [ -n "${SOTA_HARDWARE_ID}" ]; then | ||
| 109 | printf "[provision]\nprimary_ecu_hardware_id = ${SOTA_HARDWARE_ID}\n" > ${D}${libdir}/sota/conf.d/40-hardware-id.toml | ||
| 110 | fi | ||
| 111 | |||
| 112 | install -m 0755 -d ${D}${systemd_unitdir}/system | 108 | install -m 0755 -d ${D}${systemd_unitdir}/system |
| 113 | aktualizr_service=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'serialcan', '${WORKDIR}/aktualizr-serialcan.service', '${WORKDIR}/aktualizr.service', d)} | 109 | aktualizr_service=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'serialcan', '${WORKDIR}/aktualizr-serialcan.service', '${WORKDIR}/aktualizr.service', d)} |
| 114 | install -m 0644 ${aktualizr_service} ${D}${systemd_unitdir}/system/aktualizr.service | 110 | install -m 0644 ${aktualizr_service} ${D}${systemd_unitdir}/system/aktualizr.service |