From ec29abc0c5ecff491a0932b6bd14bbaebee27e45 Mon Sep 17 00:00:00 2001 From: Laurent Bonnans Date: Tue, 23 Jul 2019 11:15:51 +0200 Subject: Remove Jenkins references in meta-updater Was killed for good Signed-off-by: Laurent Bonnans --- scripts/ci/Jenkinsfile.bleeding | 87 ------------------------------ scripts/ci/Jenkinsfile.bleeding-selftest | 91 -------------------------------- scripts/ci/README.adoc | 14 ----- 3 files changed, 192 deletions(-) delete mode 100644 scripts/ci/Jenkinsfile.bleeding delete mode 100644 scripts/ci/Jenkinsfile.bleeding-selftest delete mode 100644 scripts/ci/README.adoc diff --git a/scripts/ci/Jenkinsfile.bleeding b/scripts/ci/Jenkinsfile.bleeding deleted file mode 100644 index 6d340fd..0000000 --- a/scripts/ci/Jenkinsfile.bleeding +++ /dev/null @@ -1,87 +0,0 @@ -// This CI setup checks out aktualizr, meta-updater and updater-repo and builds -// master branches whenever a change is pushed to any of these - -// define these for docker image creation -node { - // might cause some problems: - // https://stackoverflow.com/questions/44805076/setting-build-args-for-dockerfile-agent-using-a-jenkins-declarative-pipeline - JENKINS_UID = sh(returnStdout: true, script: 'id -u').trim() - JENKINS_GID = sh(returnStdout: true, script: 'id -g').trim() -} - -pipeline { - agent any - environment { - TEST_AKTUALIZR_REMOTE = 'aktualizr' - TEST_AKTUALIZR_DIR = 'aktualizr' - TEST_AKTUALIZR_BRANCH = 'master' - TEST_BITBAKE_COMMON_DIR = "/opt/jenkins/bitbake-common" - } - stages { - stage('checkout') { - steps { - - checkout([$class: 'GitSCM', - userRemoteConfigs: [ - [url: 'https://github.com/advancedtelematic/aktualizr', name: 'aktualizr'] - ], - branches: [[name: 'refs/heads/master']], - extensions: [ - [$class: 'DisableRemotePoll'], - [$class: 'PruneStaleBranch'], - [$class: 'RelativeTargetDirectory', - relativeTargetDir: 'aktualizr' - ] - ], - ]) - - checkout([$class: 'RepoScm', - manifestRepositoryUrl: 'https://github.com/advancedtelematic/updater-repo', - manifestBranch: null, - manifestFile: 'master.xml', - manifestGroup: null, - mirrorDir: null, - jobs: 0, - depth: 0, - localManifest: null, - destinationDir: 'updater-repo', - repoUrl: null, - currentBranch: false, - resetFirst: true, - quiet: false, - trace: false, - showAllChanges: false, - ]) - - // ignore bitbake build directories in docker - sh 'echo \'build*\' > .dockerignore' - - // override meta-updater commit with currently tested branch - sh ''' - META_UPDATER_COMMIT=$(git rev-parse HEAD) - cd updater-repo/meta-updater - git checkout $META_UPDATER_COMMIT - ''' - } - } - stage('build-core-image-minimal') { - agent { - dockerfile { - filename 'scripts/ci/Dockerfile.bitbake' - args '-v /opt/jenkins/bitbake-common:/opt/jenkins/bitbake-common' - additionalBuildArgs "--build-arg uid=${JENKINS_UID} --build-arg gid=${JENKINS_GID}" - reuseNode true - } - } - environment { - TEST_AKTUALIZR_CREDENTIALS = credentials('garage-credentials') - } - steps { - sh 'scripts/ci/configure.sh' - - sh 'scripts/ci/build.sh core-image-minimal' - } - } - } -} -// vim: set ft=groovy tabstop=2 shiftwidth=2 expandtab: diff --git a/scripts/ci/Jenkinsfile.bleeding-selftest b/scripts/ci/Jenkinsfile.bleeding-selftest deleted file mode 100644 index 8c2d1de..0000000 --- a/scripts/ci/Jenkinsfile.bleeding-selftest +++ /dev/null @@ -1,91 +0,0 @@ -// This CI setup checks out aktualizr, meta-updater and updater-repo and builds -// master branches whenever a change is pushed to any of these - -// define these for docker image creation -node { - // might cause some problems: - // https://stackoverflow.com/questions/44805076/setting-build-args-for-dockerfile-agent-using-a-jenkins-declarative-pipeline - JENKINS_UID = sh(returnStdout: true, script: 'id -u').trim() - JENKINS_GID = sh(returnStdout: true, script: 'id -g').trim() -} - -pipeline { - agent { - node { label 'bitbake' } - } - environment { - TEST_AKTUALIZR_REMOTE = 'aktualizr' - TEST_AKTUALIZR_DIR = 'aktualizr' - TEST_AKTUALIZR_BRANCH = 'master' - TEST_BITBAKE_COMMON_DIR = "/opt/jenkins/bitbake-common" - } - stages { - stage('checkout') { - steps { - - checkout([$class: 'GitSCM', - userRemoteConfigs: [ - [url: 'https://github.com/advancedtelematic/aktualizr', name: 'aktualizr'] - ], - branches: [[name: 'refs/heads/master']], - extensions: [ - [$class: 'DisableRemotePoll'], - [$class: 'PruneStaleBranch'], - [$class: 'RelativeTargetDirectory', - relativeTargetDir: 'aktualizr' - ] - ], - ]) - - checkout([$class: 'RepoScm', - manifestRepositoryUrl: 'https://github.com/advancedtelematic/updater-repo', - manifestBranch: null, - manifestFile: 'master.xml', - manifestGroup: null, - mirrorDir: null, - jobs: 0, - depth: 0, - localManifest: null, - destinationDir: 'updater-repo', - repoUrl: null, - currentBranch: false, - resetFirst: true, - quiet: false, - trace: false, - showAllChanges: false, - ]) - - // ignore bitbake build directories in docker - sh 'echo \'build*\' > .dockerignore' - - // override meta-updater commit with currently tested branch - sh ''' - META_UPDATER_COMMIT=$(git rev-parse HEAD) - cd updater-repo/meta-updater - git checkout $META_UPDATER_COMMIT - ''' - } - } - stage('build-core-image-minimal+oe-selftest') { - agent { - dockerfile { - filename 'scripts/ci/Dockerfile.bitbake' - args '-v /opt/jenkins/bitbake-common:/opt/jenkins/bitbake-common' - additionalBuildArgs "--build-arg uid=${JENKINS_UID} --build-arg gid=${JENKINS_GID}" - reuseNode true - } - } - environment { - TEST_AKTUALIZR_CREDENTIALS = credentials('garage-credentials') - } - steps { - sh 'scripts/ci/configure.sh' - - sh 'scripts/ci/build.sh core-image-minimal' - - sh 'scripts/ci/oe-selftest.sh' - } - } - } -} -// vim: set ft=groovy tabstop=2 shiftwidth=2 expandtab: diff --git a/scripts/ci/README.adoc b/scripts/ci/README.adoc deleted file mode 100644 index 222982b..0000000 --- a/scripts/ci/README.adoc +++ /dev/null @@ -1,14 +0,0 @@ -= Jenkins setup for running meta-updater CI - -As bitbake is quite resource-hungry, there are some special steps that are -needed to run Jenkins CI tasks: - -- docker should be installed and the `jenkins` unix user should belong to - the `docker` group -- `/opt/jenkins` should exist and have `jenkins:jenkins` permissions, it - will be mapped as a volume on the same location in the docker build - container - -Note that for nodes running Jenkins slaves as a docker container, the -`/opt/jenkins` directory must exist on the host system as well, with -permissions matching the user and groupd ids in Jenkins' docker -- cgit v1.2.3-54-g00ecf From aeffb5fc5ea5aa27ff9eb12cb30ce9acff93e694 Mon Sep 17 00:00:00 2001 From: Laurent Bonnans Date: Thu, 5 Sep 2019 16:59:18 +0200 Subject: Raspberrypi4 initial support Signed-off-by: Laurent Bonnans --- classes/sota_raspberrypi.bbclass | 32 +++++++++++++++++++++++++- conf/include/bblayers/sota_raspberrypi4-64.inc | 3 +++ conf/include/bblayers/sota_raspberrypi4.inc | 3 +++ 3 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 conf/include/bblayers/sota_raspberrypi4-64.inc create mode 100644 conf/include/bblayers/sota_raspberrypi4.inc diff --git a/classes/sota_raspberrypi.bbclass b/classes/sota_raspberrypi.bbclass index 69f09fd..a7402ae 100644 --- a/classes/sota_raspberrypi.bbclass +++ b/classes/sota_raspberrypi.bbclass @@ -21,20 +21,50 @@ UBOOT_ENTRYPOINT_sota ?= "0x00008000" IMAGE_FSTYPES_remove_sota = "rpi-sdimg" OSTREE_BOOTLOADER ?= "u-boot" +def make_dtb_boot_files(d): + # Generate IMAGE_BOOT_FILES entries for device tree files listed in + # KERNEL_DEVICETREE. + # + # This function was taken from conf/machine/include/rpi-base.inc in + # meta-raspberrypi + alldtbs = d.getVar('KERNEL_DEVICETREE') + imgtyp = d.getVar('KERNEL_IMAGETYPE') + + def transform(dtb): + base = os.path.basename(dtb) + if dtb.endswith('dtb'): + return base + elif dtb.endswith('dtbo'): + return '{};{}'.format(base, dtb) + + return ' '.join([transform(dtb) for dtb in alldtbs.split(' ') if dtb]) + +IMAGE_BOOT_FILES_sota = "bcm2835-bootfiles/* \ + u-boot.bin;${SDIMG_KERNELIMAGE} \ + " + # OSTree puts its own boot.scr to bcm2835-bootfiles -IMAGE_BOOT_FILES_sota = "bcm2835-bootfiles/* u-boot.bin;${SDIMG_KERNELIMAGE}" +# raspberrypi4 needs dtb in /boot partition so that they can be read by the +# firmware +IMAGE_BOOT_FILES_append_sota_raspberrypi4 = "${@make_dtb_boot_files(d)}" # Just the overlays that will be used should be listed KERNEL_DEVICETREE_raspberrypi2_sota ?= " bcm2709-rpi-2-b.dtb " KERNEL_DEVICETREE_raspberrypi3_sota ?= " bcm2710-rpi-3-b.dtb overlays/vc4-kms-v3d.dtbo overlays/rpi-ft5406.dtbo" KERNEL_DEVICETREE_raspberrypi3-64_sota ?= " broadcom/bcm2710-rpi-3-b.dtb overlays/vc4-kms-v3d.dtbo overlays/vc4-fkms-v3d.dtbo overlays/rpi-ft5406.dtbo" +KERNEL_DEVICETREE_raspberrypi4_sota ?= " bcm2711-rpi-4-b.dtb overlays/vc4-fkms-v3d.dtbo overlays/uart0-rpi4.dtbo" +KERNEL_DEVICETREE_raspberrypi4-64_sota ?= " broadcom/bcm2711-rpi-4-b.dtb overlays/vc4-fkms-v3d.dtbo overlays/uart0-rpi4.dtbo" SOTA_MAIN_DTB_raspberrypi2 ?= "bcm2709-rpi-2-b.dtb" SOTA_MAIN_DTB_raspberrypi3 ?= "bcm2710-rpi-3-b.dtb" SOTA_MAIN_DTB_raspberrypi3-64 ?= "broadcom_bcm2710-rpi-3-b.dtb" +SOTA_MAIN_DTB_raspberrypi4_sota ?= "bcm2711-rpi-4-b.dtb" +SOTA_MAIN_DTB_raspberrypi4-64_sota ?= "broadcom_bcm2711-rpi-4-b.dtb" SOTA_DT_OVERLAYS_raspberrypi3 ?= "vc4-kms-v3d.dtbo rpi-ft5406.dtbo" SOTA_DT_OVERLAYS_raspberrypi3-64 ?= "vc4-kms-v3d.dtbo vc4-fkms-v3d.dtbo rpi-ft5406.dtbo" +SOTA_DT_OVERLAYS_raspberrypi4 ?= "vc4-fkms-v3d.dtbo uart0-rpi4.dtbo" +SOTA_DT_OVERLAYS_raspberrypi4-64 ?= "vc4-fkms-v3d.dtbo uart0-rpi4.dtbo" # Kernel args normally provided by RPi's internal bootloader. Non-updateable OSTREE_KERNEL_ARGS_sota ?= " 8250.nr_uarts=1 bcm2708_fb.fbwidth=656 bcm2708_fb.fbheight=614 bcm2708_fb.fbswap=1 vc_mem.mem_base=0x3ec00000 vc_mem.mem_size=0x40000000 dwc_otg.lpm_enable=0 console=ttyS0,115200 usbhid.mousepoll=0 " diff --git a/conf/include/bblayers/sota_raspberrypi4-64.inc b/conf/include/bblayers/sota_raspberrypi4-64.inc new file mode 100644 index 0000000..7e320af --- /dev/null +++ b/conf/include/bblayers/sota_raspberrypi4-64.inc @@ -0,0 +1,3 @@ +BBLAYERS += "${METADIR}/meta-updater-raspberrypi" +BBLAYERS += "${METADIR}/meta-raspberrypi" +BBLAYERS += "${METADIR}/meta-openembedded/meta-networking" diff --git a/conf/include/bblayers/sota_raspberrypi4.inc b/conf/include/bblayers/sota_raspberrypi4.inc new file mode 100644 index 0000000..7e320af --- /dev/null +++ b/conf/include/bblayers/sota_raspberrypi4.inc @@ -0,0 +1,3 @@ +BBLAYERS += "${METADIR}/meta-updater-raspberrypi" +BBLAYERS += "${METADIR}/meta-raspberrypi" +BBLAYERS += "${METADIR}/meta-openembedded/meta-networking" -- cgit v1.2.3-54-g00ecf From 8bf95a97e5605639e513321548ffab10cbca1684 Mon Sep 17 00:00:00 2001 From: Laurent Bonnans Date: Tue, 17 Sep 2019 18:00:34 +0200 Subject: Use the recommended kernel entry point on RPI 0x8000 does not work on raspberrypi4-64 whereas 0x80000 is the value recommended for all platforms on u-boot Signed-off-by: Laurent Bonnans --- classes/sota_raspberrypi.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/classes/sota_raspberrypi.bbclass b/classes/sota_raspberrypi.bbclass index a7402ae..c901a70 100644 --- a/classes/sota_raspberrypi.bbclass +++ b/classes/sota_raspberrypi.bbclass @@ -16,7 +16,7 @@ DEV_MATCH_DIRECTIVE_pn-networkd-dhcp-conf = "Driver=smsc95xx lan78xx" IMAGE_INSTALL_append_sota = " virtual/network-configuration " PREFERRED_PROVIDER_virtual/bootloader_sota ?= "u-boot" -UBOOT_ENTRYPOINT_sota ?= "0x00008000" +UBOOT_ENTRYPOINT_sota ?= "0x00080000" IMAGE_FSTYPES_remove_sota = "rpi-sdimg" OSTREE_BOOTLOADER ?= "u-boot" -- cgit v1.2.3-54-g00ecf From 44d375e35b3dba64c1309775c4738916c5e1135b Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Thu, 10 Oct 2019 13:49:50 +0200 Subject: Example config for a virtual secondary. Useful for updating an arbitrary file in /var. Signed-off-by: Patrick Vacek --- recipes-sota/config/aktualizr-virtualsec.bb | 27 +++++++++++++++++++++++++++ recipes-sota/config/files/30-virtualsec.toml | 3 +++ recipes-sota/config/files/virtualsec.json | 14 ++++++++++++++ 3 files changed, 44 insertions(+) create mode 100644 recipes-sota/config/aktualizr-virtualsec.bb create mode 100644 recipes-sota/config/files/30-virtualsec.toml create mode 100644 recipes-sota/config/files/virtualsec.json diff --git a/recipes-sota/config/aktualizr-virtualsec.bb b/recipes-sota/config/aktualizr-virtualsec.bb new file mode 100644 index 0000000..b7d55aa --- /dev/null +++ b/recipes-sota/config/aktualizr-virtualsec.bb @@ -0,0 +1,27 @@ +SUMMARY = "Example virtual secondary in aktualizr" +DESCRIPTION = "Creates an example virtual secondary to be used to update an arbitrary file on the primary" +HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" +SECTION = "base" +LICENSE = "MPL-2.0" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" + +inherit allarch + +SRC_URI = " \ + file://30-virtualsec.toml \ + file://virtualsec.json \ + " + +do_install_append () { + install -m 0700 -d ${D}${libdir}/sota/conf.d + install -m 0644 ${WORKDIR}/30-virtualsec.toml ${D}${libdir}/sota/conf.d/30-virtualsec.toml + install -m 0644 ${WORKDIR}/virtualsec.json ${D}${libdir}/sota/virtualsec.json +} + +FILES_${PN} = " \ + ${libdir}/sota/conf.d/30-virtualsec.toml \ + ${libdir}/sota/virtualsec.json \ + " + +# vim:set ts=4 sw=4 sts=4 expandtab: + diff --git a/recipes-sota/config/files/30-virtualsec.toml b/recipes-sota/config/files/30-virtualsec.toml new file mode 100644 index 0000000..987f692 --- /dev/null +++ b/recipes-sota/config/files/30-virtualsec.toml @@ -0,0 +1,3 @@ +[uptane] +secondary_config_file = "/usr/lib/sota/virtualsec.json" + diff --git a/recipes-sota/config/files/virtualsec.json b/recipes-sota/config/files/virtualsec.json new file mode 100644 index 0000000..dcdcdba --- /dev/null +++ b/recipes-sota/config/files/virtualsec.json @@ -0,0 +1,14 @@ +{ + "virtual": [ + { + "partial_verifying": "false", + "ecu_hardware_id": "external-config", + "full_client_dir": "/var/sota/external-config", + "ecu_private_key": "sec.private", + "ecu_public_key": "sec.public", + "firmware_path": "/var/sota/external-config/config.txt", + "target_name_path": "/var/sota/external-config/target_name", + "metadata_path": "/var/sota/external-config/metadata" + } + ] +} -- cgit v1.2.3-54-g00ecf From b6dfe52e53c36ec1913cc1fe251cb5d8386dd5bb Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Mon, 14 Oct 2019 17:19:01 +0200 Subject: README: update and restructure the links to the dev portal. Signed-off-by: Patrick Vacek --- README.adoc | 36 ++++++++++++++++++++---------------- 1 file changed, 20 insertions(+), 16 deletions(-) diff --git a/README.adoc b/README.adoc index 12e0446..8c39e4e 100644 --- a/README.adoc +++ b/README.adoc @@ -7,7 +7,7 @@ Meta-updater is a link:https://www.yoctoproject.org/software-overview/layers/[Yo https://github.com/ostreedev/ostree[OSTree] is a tool for atomic full file system upgrades with rollback capability. OSTree has several advantages over traditional dual-bank systems, but the most important one is that it minimizes network bandwidth and data storage footprint by sharing files with the same contents across file system deployments. -https://github.com/advancedtelematic/aktualizr[Aktualizr] (and https://github.com/advancedtelematic/rvi_sota_client[RVI SOTA client]) add authentication and provisioning capabilities to OTA and are integrated with OSTree. You can connect with these open-source applications or sign up for a free account at https://connect.ota.here.com/[HERE OTA Connect] to get started. +https://github.com/advancedtelematic/aktualizr[Aktualizr] implements https://uptane.github.io/uptane-standard/uptane-standard.html[Uptane], supports device authentication and provisioning, and is integrated with OSTree. You can connect aktualizr to your own server solution or sign up for a free account at https://connect.ota.here.com/[HERE OTA Connect] to get started. == Quickstart @@ -36,37 +36,41 @@ The following documentation focuses on tasks that involve the meta-updater layer The following links point to files in the aktualizr repository where the source of the developer guide is stored. ==== -* xref:{aktualizr-docsroot}meta-updater-build.adoc[Build] -+ -Learn how to use this layer to build a basic disk image and add it to your own Yocto project. -+ * xref:{aktualizr-docsroot}supported-boards.adoc[Supported boards] + Find out if your board is supported and learn about the minimum hardware requirements. + +* xref:{aktualizr-docsroot}build-agl.adoc[Build an Automotive Grade Linux image] ++ +Learn how to use this layer as part of AGL. ++ +* xref:{aktualizr-docsroot}add-ota-functonality-existing-yocto-project.adoc[Add OTA functionality to an existing Yocto project] ++ +Learn how to add this layer to your own Yocto project. ++ * xref:{aktualizr-docsroot}build-configuration.adoc[SOTA-related variables in local.conf] + -Learn how to configure OTA-related functionality when building disk images. +Learn how to configure OTA-related functionality when building images, including how to install custom versions of aktualizr. + -* xref:{aktualizr-docsroot}meta-updater-usage.adoc[Usage] +* xref:{aktualizr-docsroot}recommended-clientconfig.adoc[Recommended configuration] + -Learn about the `garage-push` and `garage-sign` utilities, aktualizr configuration and service resource control, and OSTree. +Learn how to optimize your build for development or production. + -* xref:{aktualizr-docsroot}meta-updater-dev-config.adoc[Development configuration] +* xref:{aktualizr-docsroot}client-provisioning-methods.adoc[Provisoning methods] + -Learn how to configure logging, install custom versions of aktualizr, and override the version indicator for sofware updates. +Learn more about the methods for provisioning devices. For more detail, you may also want to read about how to xref:{aktualizr-docsroot}enable-device-cred-provisioning.adoc[enable device credential provisioning] or how to xref:{aktualizr-docsroot}simulate-device-cred-provtest.adoc[simulate it for testing]. + -* xref:{aktualizr-docsroot}meta-updater-testing.adoc#_qa_with_oe_selftest[QA with oe-selftest] +* xref:{aktualizr-docsroot}meta-updater-usage.adoc[Advanced usage] + -Learn how to use the `oe-selftest` framework for quality assurance. +Learn about the `garage-push` and `garage-sign` utilities, aktualizr configuration recipes, and service resource control. + -* xref:{aktualizr-docsroot}meta-updater-testing.adoc#_aktualizr_test_suite_with_ptest[Aktualizr test suite with ptest] +* xref:{aktualizr-docsroot}meta-updater-testing.adoc[Testing with oe-selftest and ptest] + -Learn how to enable Yocto's package test functionality and run parts of the aktualizr test suite. +Learn how to use the `oe-selftest` framework for quality assurance and how to run the aktualizr test suite via ptest. + -* xref:{aktualizr-docsroot}meta-updater-provisioning-methods.adoc[Provisoning methods] +* xref:{aktualizr-docsroot}troubleshooting.adoc[Troubleshooting] + -Learn how to enable different methods for provisioning devices. +Get help on common problems. == License -- cgit v1.2.3-54-g00ecf From 7727e1e03ed4b26a5b4af6a89ccb9fed63b33ed4 Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Tue, 15 Oct 2019 14:55:24 +0200 Subject: README: fix a malformed link and add some more. Signed-off-by: Patrick Vacek --- README.adoc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.adoc b/README.adoc index 8c39e4e..e4ae3e6 100644 --- a/README.adoc +++ b/README.adoc @@ -2,6 +2,7 @@ :toc: macro :toc-title: :aktualizr-docsroot: https://github.com/advancedtelematic/aktualizr/tree/master/docs/ota-client-guide/modules/ROOT/pages/ +:getstarted-docsroot: https://docs.ota.here.com/getstarted/dev/ Meta-updater is a link:https://www.yoctoproject.org/software-overview/layers/[Yocto layer] that enables over-the-air updates (OTA) with https://github.com/ostreedev/ostree[OSTree] and https://github.com/advancedtelematic/aktualizr[Aktualizr] -- the default client for link:https://www.here.com/products/automotive/ota-technology[HERE OTA Connect]. @@ -11,7 +12,7 @@ https://github.com/advancedtelematic/aktualizr[Aktualizr] implements https://upt == Quickstart -If you don't already have a Yocto project that you want to add OTA to, you can use the xref:dev@getstarted::raspberry-pi.adoc[HERE OTA Connect Quickstart] project to rapidly get up and running on a Raspberry Pi. It takes a standard https://www.yoctoproject.org/tools-resources/projects/poky[poky] distribution, and adds OTA and OSTree capabilities. +If you don't already have a Yocto project that you want to add OTA to, you can use the xref:{getstarted-docsroot}get-started.html[HERE OTA Connect Quickstart] project to rapidly get up and running on a xref:{getstarted-docsroot}raspberry-pi.html[Raspberry Pi] or with xref:{getstarted-docsroot}qemuvirtualbox.html[QEMU]. It takes a standard https://www.yoctoproject.org/tools-resources/projects/poky[poky] distribution, and adds OTA and OSTree capabilities. == Dependencies -- cgit v1.2.3-54-g00ecf From b207592b3b679f869857b9edea81b1925e62692b Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Wed, 16 Oct 2019 15:17:10 +0200 Subject: README: Point docs at the dev guide in the portal. As opposed to the source of the docs in the aktualizr repo. Signed-off-by: Patrick Vacek --- README.adoc | 28 ++++++++++++---------------- 1 file changed, 12 insertions(+), 16 deletions(-) diff --git a/README.adoc b/README.adoc index e4ae3e6..4cccc7b 100644 --- a/README.adoc +++ b/README.adoc @@ -1,7 +1,7 @@ = meta-updater :toc: macro :toc-title: -:aktualizr-docsroot: https://github.com/advancedtelematic/aktualizr/tree/master/docs/ota-client-guide/modules/ROOT/pages/ +:devguide-docsroot: https://docs.ota.here.com/ota-client/latest/ :getstarted-docsroot: https://docs.ota.here.com/getstarted/dev/ Meta-updater is a link:https://www.yoctoproject.org/software-overview/layers/[Yocto layer] that enables over-the-air updates (OTA) with https://github.com/ostreedev/ostree[OSTree] and https://github.com/advancedtelematic/aktualizr[Aktualizr] -- the default client for link:https://www.here.com/products/automotive/ota-technology[HERE OTA Connect]. @@ -31,45 +31,41 @@ sudo apt install ovmf [discrete] == Table of Contents -The following documentation focuses on tasks that involve the meta-updater layer. If you want to get an idea of the overall developer workflow in OTA Connect, see the link:https://docs.ota.here.com/ota-client/dev/index.html[OTA Connect Developer Guide]. -[NOTE] -==== -The following links point to files in the aktualizr repository where the source of the developer guide is stored. -==== +The following documentation focuses on tasks that involve the meta-updater layer. If you want to get an idea of the overall developer workflow in OTA Connect, see the link:{devguide-docsroot}index.html[OTA Connect Developer Guide]. -* xref:{aktualizr-docsroot}supported-boards.adoc[Supported boards] +* xref:{devguide-docsroot}supported-boards.html[Supported boards] + Find out if your board is supported and learn about the minimum hardware requirements. + -* xref:{aktualizr-docsroot}build-agl.adoc[Build an Automotive Grade Linux image] +* xref:{devguide-docsroot}build-agl.html[Build an Automotive Grade Linux image] + Learn how to use this layer as part of AGL. + -* xref:{aktualizr-docsroot}add-ota-functonality-existing-yocto-project.adoc[Add OTA functionality to an existing Yocto project] +* xref:{devguide-docsroot}add-ota-functonality-existing-yocto-project.html[Add OTA functionality to an existing Yocto project] + Learn how to add this layer to your own Yocto project. + -* xref:{aktualizr-docsroot}build-configuration.adoc[SOTA-related variables in local.conf] +* xref:{devguide-docsroot}build-configuration.html[SOTA-related variables in local.conf] + Learn how to configure OTA-related functionality when building images, including how to install custom versions of aktualizr. + -* xref:{aktualizr-docsroot}recommended-clientconfig.adoc[Recommended configuration] +* xref:{devguide-docsroot}recommended-clientconfig.html[Recommended configuration] + Learn how to optimize your build for development or production. + -* xref:{aktualizr-docsroot}client-provisioning-methods.adoc[Provisoning methods] +* xref:{devguide-docsroot}client-provisioning-methods.html[Provisoning methods] + -Learn more about the methods for provisioning devices. For more detail, you may also want to read about how to xref:{aktualizr-docsroot}enable-device-cred-provisioning.adoc[enable device credential provisioning] or how to xref:{aktualizr-docsroot}simulate-device-cred-provtest.adoc[simulate it for testing]. +Learn more about the methods for provisioning devices. For more detail, you may also want to read about how to xref:{devguide-docsroot}enable-device-cred-provisioning.html[enable device credential provisioning] or how to xref:{devguide-docsroot}simulate-device-cred-provtest.html[simulate it for testing]. + -* xref:{aktualizr-docsroot}meta-updater-usage.adoc[Advanced usage] +* xref:{devguide-docsroot}meta-updater-usage.html[Advanced usage] + Learn about the `garage-push` and `garage-sign` utilities, aktualizr configuration recipes, and service resource control. + -* xref:{aktualizr-docsroot}meta-updater-testing.adoc[Testing with oe-selftest and ptest] +* xref:{devguide-docsroot}meta-updater-testing.html[Testing with oe-selftest and ptest] + Learn how to use the `oe-selftest` framework for quality assurance and how to run the aktualizr test suite via ptest. + -* xref:{aktualizr-docsroot}troubleshooting.adoc[Troubleshooting] +* xref:{devguide-docsroot}troubleshooting.html[Troubleshooting] + Get help on common problems. -- cgit v1.2.3-54-g00ecf From 8985532a7d31992500b2b42312023d384a149d61 Mon Sep 17 00:00:00 2001 From: Laurent Bonnans Date: Wed, 16 Oct 2019 16:35:01 +0200 Subject: Give names to different SRC_URI in aktualizr recipe To make it self-documenting and extendable Signed-off-by: Laurent Bonnans --- recipes-sota/aktualizr/aktualizr_git.bb | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index 17aa15a..85a6412 100644 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -18,18 +18,17 @@ PR = "7" GARAGE_SIGN_PV = "0.7.0-33-g214dfb1" SRC_URI = " \ - gitsm://github.com/advancedtelematic/aktualizr;branch=${BRANCH} \ + gitsm://github.com/advancedtelematic/aktualizr;branch=${BRANCH};name=aktualizr \ file://run-ptest \ file://aktualizr.service \ file://aktualizr-secondary.service \ file://aktualizr-serialcan.service \ file://10-resource-control.conf \ - ${@ d.expand("https://ats-tuf-cli-releases.s3-eu-central-1.amazonaws.com/cli-${GARAGE_SIGN_PV}.tgz;unpack=0") if d.getVar('GARAGE_SIGN_AUTOVERSION') != '1' else ''} \ + ${@ d.expand("https://ats-tuf-cli-releases.s3-eu-central-1.amazonaws.com/cli-${GARAGE_SIGN_PV}.tgz;unpack=0;name=garagesign") if d.getVar('GARAGE_SIGN_AUTOVERSION') != '1' else ''} \ " -# for garage-sign archive -SRC_URI[md5sum] = "66ffe8dcd61d4c15646e1c4b7dde7401" -SRC_URI[sha256sum] = "7a7193ddf7e1a33ea60fbb20f98318a8bd78c325dab391d8c4ebd644a738abdc" +SRC_URI[garagesign.md5sum] = "66ffe8dcd61d4c15646e1c4b7dde7401" +SRC_URI[garagesign.sha256sum] = "7a7193ddf7e1a33ea60fbb20f98318a8bd78c325dab391d8c4ebd644a738abdc" SRCREV = "3bb9fe91b4c614a79373beadc721272fcf7acce2" BRANCH ?= "master" -- cgit v1.2.3-54-g00ecf From 11ce685d39f13ffd6d00150359aef28abb178fc6 Mon Sep 17 00:00:00 2001 From: Laurent Bonnans Date: Wed, 16 Oct 2019 16:36:41 +0200 Subject: Fix aktualizr version reporting in yocto image Stop overriding AKTUALIZR_VERSION with the recipe version which is mostly bogus. And bump aktualizr to make sure we're using a version which fails at configure time if no version was specified. Signed-off-by: Laurent Bonnans --- recipes-sota/aktualizr/aktualizr_git.bb | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index 85a6412..d799a62 100644 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -3,7 +3,7 @@ DESCRIPTION = "SOTA Client application written in C++" HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" SECTION = "base" LICENSE = "MPL-2.0" -LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=9741c346eef56131163e13b9db1241b3" +LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=815ca599c9df247a0c7f619bab123dad" DEPENDS = "boost curl openssl libarchive libsodium sqlite3 asn1c-native" DEPENDS_append = "${@bb.utils.contains('PTEST_ENABLED', '1', ' coreutils-native net-tools-native ostree-native aktualizr-native ', '', d)}" @@ -30,7 +30,7 @@ SRC_URI = " \ SRC_URI[garagesign.md5sum] = "66ffe8dcd61d4c15646e1c4b7dde7401" SRC_URI[garagesign.sha256sum] = "7a7193ddf7e1a33ea60fbb20f98318a8bd78c325dab391d8c4ebd644a738abdc" -SRCREV = "3bb9fe91b4c614a79373beadc721272fcf7acce2" +SRCREV = "1592d4ab63d8851aca3440529701425612fbe903" BRANCH ?= "master" S = "${WORKDIR}/git" @@ -45,7 +45,7 @@ SYSTEMD_PACKAGES = "${PN} ${PN}-secondary" SYSTEMD_SERVICE_${PN} = "aktualizr.service" SYSTEMD_SERVICE_${PN}-secondary = "aktualizr-secondary.service" -EXTRA_OECMAKE = "-DCMAKE_BUILD_TYPE=Release -DAKTUALIZR_VERSION=${PV} ${@bb.utils.contains('PTEST_ENABLED', '1', '-DTESTSUITE_VALGRIND=on', '', d)}" +EXTRA_OECMAKE = "-DCMAKE_BUILD_TYPE=Release ${@bb.utils.contains('PTEST_ENABLED', '1', '-DTESTSUITE_VALGRIND=on', '', d)}" GARAGE_SIGN_OPS = "${@ d.expand('-DGARAGE_SIGN_ARCHIVE=${WORKDIR}/cli-${GARAGE_SIGN_PV}.tgz') if d.getVar('GARAGE_SIGN_AUTOVERSION') != '1' else ''}" @@ -69,8 +69,12 @@ RESOURCE_CPU_WEIGHT = "100" RESOURCE_MEMORY_HIGH = "100M" RESOURCE_MEMORY_MAX = "80%" -do_compile_ptest() { - cmake_runcmake_build --target build_tests "${PARALLEL_MAKE}" +do_configure_prepend() { + # CMake has trouble finding yocto's git when cross-compiling, let's do this step manually + cd ${S} + if [ ! -f VERSION ]; then + ./scripts/get_version.sh > VERSION + fi } do_install_ptest() { -- cgit v1.2.3-54-g00ecf From f2b1527d5c41d7836b6162915f0a111f9e3586c7 Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Fri, 11 Oct 2019 15:22:45 +0200 Subject: aktualizr: fix secondary recipes' dependencies. Most do not need to depend on aktualizr-native and do not need to be rebuilt if the credentials change. Signed-off-by: Patrick Vacek --- recipes-sota/aktualizr/aktualizr-device-prov-creds.bb | 6 ++++-- recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb | 6 +++--- recipes-sota/aktualizr/aktualizr-device-prov.bb | 6 +++--- recipes-sota/aktualizr/aktualizr-shared-prov-creds.bb | 2 +- recipes-sota/aktualizr/aktualizr-shared-prov.bb | 8 ++++---- recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb | 5 ++--- 6 files changed, 17 insertions(+), 16 deletions(-) diff --git a/recipes-sota/aktualizr/aktualizr-device-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-device-prov-creds.bb index 6e02a50..d8b29b4 100644 --- a/recipes-sota/aktualizr/aktualizr-device-prov-creds.bb +++ b/recipes-sota/aktualizr/aktualizr-device-prov-creds.bb @@ -6,11 +6,13 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7 inherit allarch -# WARNING: it is NOT a production solution. The secure way to provision devices +# WARNING: This is NOT an ideal solution. The secure way to provision devices # is to create certificate request directly on the device (either with HSM/TPM # or with software) and then sign it with a CA stored on a disconnected machine. -DEPENDS = "aktualizr aktualizr-native" +# We need to get the config files from the aktualizr-host-tools package built by +# the aktualizr (target) recipe. +DEPENDS = "aktualizr aktualizr-native openssl-native" ALLOW_EMPTY_${PN} = "1" SRC_URI = " \ diff --git a/recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb b/recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb index c3cd593..e8ef513 100644 --- a/recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb +++ b/recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb @@ -7,15 +7,15 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7 inherit allarch -DEPENDS = "aktualizr aktualizr-native" +# We need to get the config files from the aktualizr-host-tools package built by +# the aktualizr (target) recipe. +DEPENDS = "aktualizr" RDEPENDS_${PN}_append = "${@' aktualizr-device-prov-creds softhsm-testtoken' if d.getVar('SOTA_DEPLOY_CREDENTIALS') == '1' else ''}" SRC_URI = "" PV = "1.0" PR = "6" -require credentials.inc - do_install() { install -m 0700 -d ${D}${libdir}/sota/conf.d install -m 0644 ${STAGING_DIR_HOST}${libdir}/sota/sota-device-cred-hsm.toml \ diff --git a/recipes-sota/aktualizr/aktualizr-device-prov.bb b/recipes-sota/aktualizr/aktualizr-device-prov.bb index d579532..fbe29a1 100644 --- a/recipes-sota/aktualizr/aktualizr-device-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-device-prov.bb @@ -7,14 +7,14 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7 inherit allarch -DEPENDS = "aktualizr aktualizr-native openssl-native" +# We need to get the config files from the aktualizr-host-tools package built by +# the aktualizr (target) recipe. +DEPENDS = "aktualizr" RDEPENDS_${PN}_append = "${@' aktualizr-device-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS') == '1' else ''}" PV = "1.0" PR = "1" -require credentials.inc - do_install() { install -m 0700 -d ${D}${libdir}/sota/conf.d install -m 0644 ${STAGING_DIR_HOST}${libdir}/sota/sota-device-cred.toml \ diff --git a/recipes-sota/aktualizr/aktualizr-shared-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-shared-prov-creds.bb index 2701c07..b3b539d 100644 --- a/recipes-sota/aktualizr/aktualizr-shared-prov-creds.bb +++ b/recipes-sota/aktualizr/aktualizr-shared-prov-creds.bb @@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7 inherit allarch -DEPENDS = "aktualizr-native zip-native" +DEPENDS = "zip-native" ALLOW_EMPTY_${PN} = "1" require credentials.inc diff --git a/recipes-sota/aktualizr/aktualizr-shared-prov.bb b/recipes-sota/aktualizr/aktualizr-shared-prov.bb index d3d6f16..00588dc 100644 --- a/recipes-sota/aktualizr/aktualizr-shared-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-shared-prov.bb @@ -7,15 +7,15 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7 inherit allarch -DEPENDS = "aktualizr-native zip-native" +# We need to get the config files from the aktualizr-host-tools package built by +# the aktualizr (target) recipe. +DEPENDS = "aktualizr" RDEPENDS_${PN}_append = "${@' aktualizr-shared-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS') == '1' else ''}" PV = "1.0" PR = "6" SRC_URI = "" -require credentials.inc - do_install() { if [ -n "${SOTA_AUTOPROVISION_CREDENTIALS}" ]; then bbwarn "SOTA_AUTOPROVISION_CREDENTIALS are ignored. Please use SOTA_PACKED_CREDENTIALS" @@ -31,7 +31,7 @@ do_install() { fi install -m 0700 -d ${D}${libdir}/sota/conf.d - install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota-shared-cred.toml \ + install -m 0644 ${STAGING_DIR_HOST}${libdir}/sota/sota-shared-cred.toml \ ${D}${libdir}/sota/conf.d/20-sota-shared-cred.toml } diff --git a/recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb b/recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb index 860f225..5a49d16 100644 --- a/recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb +++ b/recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb @@ -6,14 +6,13 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7 inherit allarch -DEPENDS = "aktualizr-native" -RDEPENDS_${PN} = "aktualizr" +DEPENDS = "aktualizr" SRC_URI = "" do_install() { install -m 0700 -d ${D}${libdir}/sota/conf.d - install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota-uboot-env.toml ${D}${libdir}/sota/conf.d/30-rollback.toml + install -m 0644 ${STAGING_DIR_HOST}${libdir}/sota/sota-uboot-env.toml ${D}${libdir}/sota/conf.d/30-rollback.toml } FILES_${PN} = " \ -- cgit v1.2.3-54-g00ecf From ce0e0fbca14a6cd93dc4ab474344a65917adf05c Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Fri, 11 Oct 2019 16:19:19 +0200 Subject: demo-network-config: use ${libdir} consistently. Signed-off-by: Patrick Vacek --- recipes-test/demo-network-config/network-config.inc | 6 +++--- recipes-test/demo-network-config/primary-network-config.bb | 6 +++--- recipes-test/demo-network-config/secondary-network-config.bb | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/recipes-test/demo-network-config/network-config.inc b/recipes-test/demo-network-config/network-config.inc index ed623d4..a231a24 100644 --- a/recipes-test/demo-network-config/network-config.inc +++ b/recipes-test/demo-network-config/network-config.inc @@ -6,11 +6,11 @@ SECONDARY_INTERFACE ?= "${@ 'eth0' if d.getVar('MACHINE') == 'raspberrypi3' else do_install_append() { bbnote "Network configuration type to be applied: ${CONF_TYPE}" - install -d ${D}/usr/lib/systemd/network - install -m 0644 ${WORKDIR}/26-${CONF_TYPE}-client.network ${D}/usr/lib/systemd/network/ + install -d ${D}${libdir}/systemd/network + install -m 0644 ${WORKDIR}/26-${CONF_TYPE}-client.network ${D}${libdir}/systemd/network/ sed -i -e 's|@ADDR@|${IP_ADDR}|g' \ -e 's|@IFNAME@|${SECONDARY_INTERFACE}|g' \ - ${D}/usr/lib/systemd/network/26-${CONF_TYPE}-client.network + ${D}${libdir}/systemd/network/26-${CONF_TYPE}-client.network } diff --git a/recipes-test/demo-network-config/primary-network-config.bb b/recipes-test/demo-network-config/primary-network-config.bb index d840a95..0b0119b 100644 --- a/recipes-test/demo-network-config/primary-network-config.bb +++ b/recipes-test/demo-network-config/primary-network-config.bb @@ -8,13 +8,13 @@ SRC_URI = "\ file://27-dhcp-client-external.network \ " -FILES_${PN} = "/usr/lib/systemd/network" +FILES_${PN} = "${libdir}/systemd/network" PR = "1" do_install() { - install -d ${D}/usr/lib/systemd/network - install -m 0644 ${WORKDIR}/27-dhcp-client-external.network ${D}/usr/lib/systemd/network/ + install -d ${D}${libdir}/systemd/network + install -m 0644 ${WORKDIR}/27-dhcp-client-external.network ${D}${libdir}/systemd/network/ } PRIMARY_IP ?= "10.0.3.1" diff --git a/recipes-test/demo-network-config/secondary-network-config.bb b/recipes-test/demo-network-config/secondary-network-config.bb index b1d70f1..cef8274 100644 --- a/recipes-test/demo-network-config/secondary-network-config.bb +++ b/recipes-test/demo-network-config/secondary-network-config.bb @@ -12,13 +12,13 @@ SRC_URI = "\ file://27-dhcp-client-external.network \ " -FILES_${PN} = "/usr/lib/systemd/network" +FILES_${PN} = "${libdir}/systemd/network" PR = "1" do_install() { - install -d ${D}/usr/lib/systemd/network - install -m 0644 ${WORKDIR}/27-dhcp-client-external.network ${D}/usr/lib/systemd/network/ + install -d ${D}${libdir}/systemd/network + install -m 0644 ${WORKDIR}/27-dhcp-client-external.network ${D}${libdir}/systemd/network/ } SECONDARY_IP ?= "10.0.3.2" -- cgit v1.2.3-54-g00ecf From b2cc2e04da9fb31a410a517a5bc78e3f2edd79a1 Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Fri, 11 Oct 2019 16:20:04 +0200 Subject: demo-config: inherit allarch for config-only recipes. Signed-off-by: Patrick Vacek --- recipes-test/demo-config/primary-config.bb | 2 ++ recipes-test/demo-config/secondary-config.bb | 12 +++++++----- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/recipes-test/demo-config/primary-config.bb b/recipes-test/demo-config/primary-config.bb index 27cb553..b1964e2 100644 --- a/recipes-test/demo-config/primary-config.bb +++ b/recipes-test/demo-config/primary-config.bb @@ -4,6 +4,8 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7 require shared-conf.inc +inherit allarch + PRIMARY_SECONDARIES ?= "${SECONDARY_IP}:${SECONDARY_PORT}" SRC_URI = "\ diff --git a/recipes-test/demo-config/secondary-config.bb b/recipes-test/demo-config/secondary-config.bb index 9411646..b2b9547 100644 --- a/recipes-test/demo-config/secondary-config.bb +++ b/recipes-test/demo-config/secondary-config.bb @@ -4,6 +4,8 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7 require shared-conf.inc +inherit allarch + SECONDARY_SERIAL_ID ?= "" SOTA_HARDWARE_ID ?= "${MACHINE}-sndry" SECONDARY_HARDWARE_ID ?= "${SOTA_HARDWARE_ID}" @@ -16,18 +18,18 @@ SRC_URI = "\ do_install () { install -m 0700 -d ${D}${libdir}/sota/conf.d - install -m 0644 ${WORKDIR}/30-fake-pacman.toml ${D}/${libdir}/sota/conf.d/30-fake-pacman.toml + install -m 0644 ${WORKDIR}/30-fake-pacman.toml ${D}${libdir}/sota/conf.d/30-fake-pacman.toml - install -m 0644 ${WORKDIR}/35-network-config.toml ${D}/${libdir}/sota/conf.d/35-network-config.toml + install -m 0644 ${WORKDIR}/35-network-config.toml ${D}${libdir}/sota/conf.d/35-network-config.toml sed -i -e 's|@PORT@|${SECONDARY_PORT}|g' \ -e 's|@PRIMARY_IP@|${PRIMARY_IP}|g' \ -e 's|@PRIMARY_PORT@|${PRIMARY_PORT}|g' \ - ${D}/${libdir}/sota/conf.d/35-network-config.toml + ${D}${libdir}/sota/conf.d/35-network-config.toml - install -m 0644 ${WORKDIR}/45-id-config.toml ${D}/${libdir}/sota/conf.d/45-id-config.toml + install -m 0644 ${WORKDIR}/45-id-config.toml ${D}${libdir}/sota/conf.d/45-id-config.toml sed -i -e 's|@SERIAL@|${SECONDARY_SERIAL_ID}|g' \ -e 's|@HWID@|${SECONDARY_HARDWARE_ID}|g' \ - ${D}/${libdir}/sota/conf.d/45-id-config.toml + ${D}${libdir}/sota/conf.d/45-id-config.toml } -- cgit v1.2.3-54-g00ecf From 1f7ff1fa5b72a20471eb9deb13d3ff5b06ec446d Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Mon, 14 Oct 2019 12:05:26 +0200 Subject: demo-config: recipes that depend on MACHINE cannot be allarch. Signed-off-by: Patrick Vacek --- recipes-test/demo-config/secondary-config.bb | 2 -- recipes-test/demo-network-config/primary-network-config.bb | 2 -- recipes-test/demo-network-config/secondary-network-config.bb | 2 -- 3 files changed, 6 deletions(-) diff --git a/recipes-test/demo-config/secondary-config.bb b/recipes-test/demo-config/secondary-config.bb index b2b9547..55358b7 100644 --- a/recipes-test/demo-config/secondary-config.bb +++ b/recipes-test/demo-config/secondary-config.bb @@ -4,8 +4,6 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7 require shared-conf.inc -inherit allarch - SECONDARY_SERIAL_ID ?= "" SOTA_HARDWARE_ID ?= "${MACHINE}-sndry" SECONDARY_HARDWARE_ID ?= "${SOTA_HARDWARE_ID}" diff --git a/recipes-test/demo-network-config/primary-network-config.bb b/recipes-test/demo-network-config/primary-network-config.bb index 0b0119b..544a5ec 100644 --- a/recipes-test/demo-network-config/primary-network-config.bb +++ b/recipes-test/demo-network-config/primary-network-config.bb @@ -2,8 +2,6 @@ DESCRIPTION = "Sample network configuration for an Uptane Primary" LICENSE = "MPL-2.0" LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" -inherit allarch - SRC_URI = "\ file://27-dhcp-client-external.network \ " diff --git a/recipes-test/demo-network-config/secondary-network-config.bb b/recipes-test/demo-network-config/secondary-network-config.bb index cef8274..ca83d53 100644 --- a/recipes-test/demo-network-config/secondary-network-config.bb +++ b/recipes-test/demo-network-config/secondary-network-config.bb @@ -2,8 +2,6 @@ DESCRIPTION = "Sample network configuration for an Uptane Secondary" LICENSE = "MPL-2.0" LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" -inherit allarch - # TODO: It configures the 'user' interface in NAT mode and provides an access to public Inet via it # which is not desired for Secondary. It cannot be just removed since we get SSH access to Secondary # VM via this interface. So, the task is to configure the interface in such way that it does provide access -- cgit v1.2.3-54-g00ecf From 0f25771be55a3c7daf9eded720bf2868b04becde Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Mon, 14 Oct 2019 12:06:23 +0200 Subject: aktualizr: use SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS for config recipes. This is a bit of a compromise. These recipes are allarch, since they do not depend on an architecture, but they depend on aktualizr, which is definitely not allarch. Therefore, we must tell bitbake not to treat the aktualizr architecture as a dependency of these recipes. However, this means that if one of the config files changes in the aktualizr repo, we need to bump the version of the recipe that uses it to make sure bitbake picks up that change. Signed-off-by: Patrick Vacek --- conf/layer.conf | 9 +++++++++ recipes-sota/aktualizr/aktualizr-device-prov-creds.bb | 5 +++++ recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb | 5 ++++- recipes-sota/aktualizr/aktualizr-device-prov.bb | 4 ++++ recipes-sota/aktualizr/aktualizr-shared-prov-creds.bb | 7 +++++++ recipes-sota/aktualizr/aktualizr-shared-prov.bb | 3 +++ recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb | 5 +++++ 7 files changed, 37 insertions(+), 1 deletion(-) diff --git a/conf/layer.conf b/conf/layer.conf index 627a1b8..27faa0f 100644 --- a/conf/layer.conf +++ b/conf/layer.conf @@ -11,3 +11,12 @@ BBFILE_PRIORITY_sota = "7" LAYERDEPENDS_sota = "filesystems-layer" LAYERSERIES_COMPAT_sota = "thud" + +SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \ + aktualizr-device-prov->aktualizr \ + aktualizr-device-prov-creds->aktualizr \ + aktualizr-device-prov-hsm->aktualizr \ + aktualizr-shared-prov->aktualizr \ + aktualizr-shared-prov-creds->aktualizr \ + aktualizr-uboot-env-rollback->aktualizr \ +" diff --git a/recipes-sota/aktualizr/aktualizr-device-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-device-prov-creds.bb index d8b29b4..a3c7d66 100644 --- a/recipes-sota/aktualizr/aktualizr-device-prov-creds.bb +++ b/recipes-sota/aktualizr/aktualizr-device-prov-creds.bb @@ -15,6 +15,11 @@ inherit allarch DEPENDS = "aktualizr aktualizr-native openssl-native" ALLOW_EMPTY_${PN} = "1" +# If the config file from aktualizr used here is changed, you will need to bump +# the version here because of SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS! +PV = "1.0" +PR = "1" + SRC_URI = " \ file://ca.cnf \ " diff --git a/recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb b/recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb index e8ef513..8d4bc9c 100644 --- a/recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb +++ b/recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb @@ -12,10 +12,13 @@ inherit allarch DEPENDS = "aktualizr" RDEPENDS_${PN}_append = "${@' aktualizr-device-prov-creds softhsm-testtoken' if d.getVar('SOTA_DEPLOY_CREDENTIALS') == '1' else ''}" -SRC_URI = "" +# If the config file from aktualizr used here is changed, you will need to bump +# the version here because of SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS! PV = "1.0" PR = "6" +SRC_URI = "" + do_install() { install -m 0700 -d ${D}${libdir}/sota/conf.d install -m 0644 ${STAGING_DIR_HOST}${libdir}/sota/sota-device-cred-hsm.toml \ diff --git a/recipes-sota/aktualizr/aktualizr-device-prov.bb b/recipes-sota/aktualizr/aktualizr-device-prov.bb index fbe29a1..e8c75bb 100644 --- a/recipes-sota/aktualizr/aktualizr-device-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-device-prov.bb @@ -12,9 +12,13 @@ inherit allarch DEPENDS = "aktualizr" RDEPENDS_${PN}_append = "${@' aktualizr-device-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS') == '1' else ''}" +# If the config file from aktualizr used here is changed, you will need to bump +# the version here because of SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS! PV = "1.0" PR = "1" +SRC_URI = "" + do_install() { install -m 0700 -d ${D}${libdir}/sota/conf.d install -m 0644 ${STAGING_DIR_HOST}${libdir}/sota/sota-device-cred.toml \ diff --git a/recipes-sota/aktualizr/aktualizr-shared-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-shared-prov-creds.bb index b3b539d..9c6f0dd 100644 --- a/recipes-sota/aktualizr/aktualizr-shared-prov-creds.bb +++ b/recipes-sota/aktualizr/aktualizr-shared-prov-creds.bb @@ -9,6 +9,13 @@ inherit allarch DEPENDS = "zip-native" ALLOW_EMPTY_${PN} = "1" +# If the config file from aktualizr used here is changed, you will need to bump +# the version here because of SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS! +PV = "1.0" +PR = "1" + +SRC_URI = "" + require credentials.inc do_install() { diff --git a/recipes-sota/aktualizr/aktualizr-shared-prov.bb b/recipes-sota/aktualizr/aktualizr-shared-prov.bb index 00588dc..2ee47a1 100644 --- a/recipes-sota/aktualizr/aktualizr-shared-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-shared-prov.bb @@ -11,6 +11,9 @@ inherit allarch # the aktualizr (target) recipe. DEPENDS = "aktualizr" RDEPENDS_${PN}_append = "${@' aktualizr-shared-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS') == '1' else ''}" + +# If the config file from aktualizr used here is changed, you will need to bump +# the version here because of SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS! PV = "1.0" PR = "6" diff --git a/recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb b/recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb index 5a49d16..2895e5c 100644 --- a/recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb +++ b/recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb @@ -8,6 +8,11 @@ inherit allarch DEPENDS = "aktualizr" +# If the config file from aktualizr used here is changed, you will need to bump +# the version here because of SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS! +PV = "1.0" +PR = "1" + SRC_URI = "" do_install() { -- cgit v1.2.3-54-g00ecf From 9c700dc94dcf1966dca94e1b0c11f7c20384f2b7 Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Mon, 14 Oct 2019 12:30:49 +0200 Subject: layer.conf: Update LAYERDEPENDS_sota. It was missing a few dependencies. Signed-off-by: Patrick Vacek --- conf/layer.conf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/conf/layer.conf b/conf/layer.conf index 27faa0f..8ff83d3 100644 --- a/conf/layer.conf +++ b/conf/layer.conf @@ -9,7 +9,8 @@ BBFILE_COLLECTIONS += "sota" BBFILE_PATTERN_sota = "^${LAYERDIR}/" BBFILE_PRIORITY_sota = "7" -LAYERDEPENDS_sota = "filesystems-layer" +LAYERDEPENDS_sota = "openembedded-layer" +LAYERDEPENDS_sota += "filesystems-layer" LAYERSERIES_COMPAT_sota = "thud" SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \ -- cgit v1.2.3-54-g00ecf From 3b2b6e485c4ade61296322f4e1efae09c04e396a Mon Sep 17 00:00:00 2001 From: Laurent Bonnans Date: Tue, 15 Oct 2019 18:58:24 +0200 Subject: Split aktualizr hwid config to another recipe So that we can fix the ${MACHINE} dependency issues Signed-off-by: Laurent Bonnans --- recipes-sota/aktualizr/aktualizr-hwid.bb | 23 +++++++++++++++++++++++ recipes-sota/aktualizr/aktualizr_git.bb | 6 +----- 2 files changed, 24 insertions(+), 5 deletions(-) create mode 100644 recipes-sota/aktualizr/aktualizr-hwid.bb diff --git a/recipes-sota/aktualizr/aktualizr-hwid.bb b/recipes-sota/aktualizr/aktualizr-hwid.bb new file mode 100644 index 0000000..64b1bda --- /dev/null +++ b/recipes-sota/aktualizr/aktualizr-hwid.bb @@ -0,0 +1,23 @@ +SUMMARY = "Aktualizr hwid configuration" +HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" +SECTION = "base" +LICENSE = "MPL-2.0" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" + +PACKAGE_ARCH = "${MACHINE_ARCH}" + +SRC_URI = "" + +do_install() { + install -m 0700 -d ${D}${libdir}/sota/conf.d + if [ -n "${SOTA_HARDWARE_ID}" ]; then + printf "[provision]\nprimary_ecu_hardware_id = ${SOTA_HARDWARE_ID}\n" > ${D}${libdir}/sota/conf.d/40-hardware-id.toml + fi +} + +FILES_${PN} = " \ + ${libdir}/sota/conf.d \ + ${libdir}/sota/conf.d/40-hardware-id.toml \ + " + +# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index d799a62..8d08c15 100644 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=815ca599c9df247a0c7f619bab123dad" DEPENDS = "boost curl openssl libarchive libsodium sqlite3 asn1c-native" DEPENDS_append = "${@bb.utils.contains('PTEST_ENABLED', '1', ' coreutils-native net-tools-native ostree-native aktualizr-native ', '', d)}" -RDEPENDS_${PN}_class-target = "aktualizr-configs lshw" +RDEPENDS_${PN}_class-target = "aktualizr-configs aktualizr-hwid lshw" RDEPENDS_${PN}-host-tools = "aktualizr aktualizr-cert-provider ${@bb.utils.contains('PACKAGECONFIG', 'sota-tools', 'garage-deploy garage-push', '', d)}" RDEPENDS_${PN}-ptest += "bash cmake curl python3-misc python3-modules openssl-bin sqlite3 valgrind" @@ -105,10 +105,6 @@ do_install_append () { install -m 0700 -d ${D}${libdir}/sota/conf.d install -m 0700 -d ${D}${sysconfdir}/sota/conf.d - if [ -n "${SOTA_HARDWARE_ID}" ]; then - printf "[provision]\nprimary_ecu_hardware_id = ${SOTA_HARDWARE_ID}\n" > ${D}${libdir}/sota/conf.d/40-hardware-id.toml - fi - install -m 0755 -d ${D}${systemd_unitdir}/system aktualizr_service=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'serialcan', '${WORKDIR}/aktualizr-serialcan.service', '${WORKDIR}/aktualizr.service', d)} install -m 0644 ${aktualizr_service} ${D}${systemd_unitdir}/system/aktualizr.service -- cgit v1.2.3-54-g00ecf From 4bcb164063a1a12f1cc12165934bcaeaa81732a7 Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Wed, 16 Oct 2019 16:54:55 +0200 Subject: Specify more configs as MACHINE_ARCH. If they depend on MACHINE, that's what we gotta do. Still haven't sorted out aktualizr-device-prov-creds, though. Signed-off-by: Patrick Vacek --- recipes-sota/aktualizr/aktualizr-hwid.bb | 1 + recipes-test/demo-config/secondary-config.bb | 3 +++ recipes-test/demo-network-config/network-config.inc | 3 +++ 3 files changed, 7 insertions(+) diff --git a/recipes-sota/aktualizr/aktualizr-hwid.bb b/recipes-sota/aktualizr/aktualizr-hwid.bb index 64b1bda..fd3e395 100644 --- a/recipes-sota/aktualizr/aktualizr-hwid.bb +++ b/recipes-sota/aktualizr/aktualizr-hwid.bb @@ -4,6 +4,7 @@ SECTION = "base" LICENSE = "MPL-2.0" LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" +# Because of the dependency on MACHINE. PACKAGE_ARCH = "${MACHINE_ARCH}" SRC_URI = "" diff --git a/recipes-test/demo-config/secondary-config.bb b/recipes-test/demo-config/secondary-config.bb index 55358b7..ddbed89 100644 --- a/recipes-test/demo-config/secondary-config.bb +++ b/recipes-test/demo-config/secondary-config.bb @@ -4,6 +4,9 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7 require shared-conf.inc +# Because of the dependency on MACHINE. +PACKAGE_ARCH = "${MACHINE_ARCH}" + SECONDARY_SERIAL_ID ?= "" SOTA_HARDWARE_ID ?= "${MACHINE}-sndry" SECONDARY_HARDWARE_ID ?= "${SOTA_HARDWARE_ID}" diff --git a/recipes-test/demo-network-config/network-config.inc b/recipes-test/demo-network-config/network-config.inc index a231a24..b023f51 100644 --- a/recipes-test/demo-network-config/network-config.inc +++ b/recipes-test/demo-network-config/network-config.inc @@ -2,6 +2,9 @@ SRC_URI_append = "\ file://26-${CONF_TYPE}-client.network \ " +# Because of the dependency on MACHINE. +PACKAGE_ARCH = "${MACHINE_ARCH}" + SECONDARY_INTERFACE ?= "${@ 'eth0' if d.getVar('MACHINE') == 'raspberrypi3' else 'enp0s5'}" do_install_append() { -- cgit v1.2.3-54-g00ecf From 0817c87667e67aa40a2e07ad8b15f17c74927e2b Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Thu, 17 Oct 2019 17:01:18 +0200 Subject: aktualizr-device-prov-creds: remove it. Originally I was just trying to remove the reference to DEPLOY_DIR_IMAGE because it depends on MACHINE, but then I realized that this recipe is just plain not worth keeping. It isn't viable for anything except the most limited testing, since it bakes device-specific credentials into an image, but we weren't even using it for testing. Signed-off-by: Patrick Vacek --- conf/layer.conf | 1 - .../aktualizr/aktualizr-device-prov-creds.bb | 67 ---------------------- .../aktualizr/aktualizr-device-prov-hsm.bb | 1 - recipes-sota/aktualizr/aktualizr-device-prov.bb | 1 - recipes-test/images/secondary-image.bb | 1 - scripts/find_aktualizr_dependencies.sh | 1 - 6 files changed, 72 deletions(-) delete mode 100644 recipes-sota/aktualizr/aktualizr-device-prov-creds.bb diff --git a/conf/layer.conf b/conf/layer.conf index 8ff83d3..39ea749 100644 --- a/conf/layer.conf +++ b/conf/layer.conf @@ -15,7 +15,6 @@ LAYERSERIES_COMPAT_sota = "thud" SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \ aktualizr-device-prov->aktualizr \ - aktualizr-device-prov-creds->aktualizr \ aktualizr-device-prov-hsm->aktualizr \ aktualizr-shared-prov->aktualizr \ aktualizr-shared-prov-creds->aktualizr \ diff --git a/recipes-sota/aktualizr/aktualizr-device-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-device-prov-creds.bb deleted file mode 100644 index a3c7d66..0000000 --- a/recipes-sota/aktualizr/aktualizr-device-prov-creds.bb +++ /dev/null @@ -1,67 +0,0 @@ -SUMMARY = "Credentials for device provisioning with fleet CA certificate" -HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" -SECTION = "base" -LICENSE = "MPL-2.0" -LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" - -inherit allarch - -# WARNING: This is NOT an ideal solution. The secure way to provision devices -# is to create certificate request directly on the device (either with HSM/TPM -# or with software) and then sign it with a CA stored on a disconnected machine. - -# We need to get the config files from the aktualizr-host-tools package built by -# the aktualizr (target) recipe. -DEPENDS = "aktualizr aktualizr-native openssl-native" -ALLOW_EMPTY_${PN} = "1" - -# If the config file from aktualizr used here is changed, you will need to bump -# the version here because of SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS! -PV = "1.0" -PR = "1" - -SRC_URI = " \ - file://ca.cnf \ - " - -require credentials.inc - -export SOTA_CACERT_PATH -export SOTA_CAKEY_PATH - -do_install() { - if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then - if [ -z ${SOTA_CACERT_PATH} ]; then - SOTA_CACERT_PATH=${DEPLOY_DIR_IMAGE}/CA/cacert.pem - SOTA_CAKEY_PATH=${DEPLOY_DIR_IMAGE}/CA/ca.private.pem - mkdir -p ${DEPLOY_DIR_IMAGE}/CA - bbwarn "SOTA_CACERT_PATH is not specified, use default one at ${SOTA_CACERT_PATH}" - - if [ ! -f ${SOTA_CACERT_PATH} ]; then - bbwarn "${SOTA_CACERT_PATH} does not exist, generate a new CA" - SOTA_CACERT_DIR_PATH="$(dirname "${SOTA_CACERT_PATH}")" - openssl genrsa -out ${SOTA_CACERT_DIR_PATH}/ca.private.pem 4096 - openssl req -key ${SOTA_CACERT_DIR_PATH}/ca.private.pem -new -x509 -days 7300 -out ${SOTA_CACERT_PATH} -subj "/C=DE/ST=Berlin/O=Reis und Kichererbsen e.V/commonName=meta-updater" -batch -config ${WORKDIR}/ca.cnf -extensions cacert - bbwarn "${SOTA_CACERT_PATH} has been created, you'll need to upload it to the server" - fi - fi - - if [ -z ${SOTA_CAKEY_PATH} ]; then - bbfatal "SOTA_CAKEY_PATH should be set when using device credential provisioning" - fi - - install -m 0700 -d ${D}${localstatedir}/sota - aktualizr-cert-provider --credentials ${SOTA_PACKED_CREDENTIALS} \ - --fleet-ca ${SOTA_CACERT_PATH} \ - --fleet-ca-key ${SOTA_CAKEY_PATH} \ - --root-ca \ - --server-url \ - --local ${D} \ - --config ${STAGING_DIR_HOST}${libdir}/sota/sota-device-cred.toml - fi -} - -FILES_${PN} = " \ - ${localstatedir}/sota/*" - -# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb b/recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb index 8d4bc9c..4eadb77 100644 --- a/recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb +++ b/recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb @@ -10,7 +10,6 @@ inherit allarch # We need to get the config files from the aktualizr-host-tools package built by # the aktualizr (target) recipe. DEPENDS = "aktualizr" -RDEPENDS_${PN}_append = "${@' aktualizr-device-prov-creds softhsm-testtoken' if d.getVar('SOTA_DEPLOY_CREDENTIALS') == '1' else ''}" # If the config file from aktualizr used here is changed, you will need to bump # the version here because of SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS! diff --git a/recipes-sota/aktualizr/aktualizr-device-prov.bb b/recipes-sota/aktualizr/aktualizr-device-prov.bb index e8c75bb..55f398d 100644 --- a/recipes-sota/aktualizr/aktualizr-device-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-device-prov.bb @@ -10,7 +10,6 @@ inherit allarch # We need to get the config files from the aktualizr-host-tools package built by # the aktualizr (target) recipe. DEPENDS = "aktualizr" -RDEPENDS_${PN}_append = "${@' aktualizr-device-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS') == '1' else ''}" # If the config file from aktualizr used here is changed, you will need to bump # the version here because of SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS! diff --git a/recipes-test/images/secondary-image.bb b/recipes-test/images/secondary-image.bb index 27d1e3f..7db2c68 100644 --- a/recipes-test/images/secondary-image.bb +++ b/recipes-test/images/secondary-image.bb @@ -14,7 +14,6 @@ IMAGE_INSTALL_remove = " \ aktualizr-shared-prov \ aktualizr-shared-prov-creds \ aktualizr-device-prov \ - aktualizr-device-prov-creds \ aktualizr-device-prov-hsm \ aktualizr-uboot-env-rollback \ virtual/network-configuration \ diff --git a/scripts/find_aktualizr_dependencies.sh b/scripts/find_aktualizr_dependencies.sh index 493df80..fcb2f97 100755 --- a/scripts/find_aktualizr_dependencies.sh +++ b/scripts/find_aktualizr_dependencies.sh @@ -13,7 +13,6 @@ ${parentdir}/find_dependencies.py aktualizr ${parentdir}/find_dependencies.py aktualizr-shared-prov ${parentdir}/find_dependencies.py aktualizr-shared-prov-creds ${parentdir}/find_dependencies.py aktualizr-device-prov -${parentdir}/find_dependencies.py aktualizr-device-prov-creds ${parentdir}/find_dependencies.py aktualizr-device-prov-hsm ${parentdir}/find_dependencies.py aktualizr-auto-reboot ${parentdir}/find_dependencies.py aktualizr-disable-send-ip -- cgit v1.2.3-54-g00ecf From b1ee116da9eb279991ce61d8114fa0354b45b35d Mon Sep 17 00:00:00 2001 From: Jeremias Cordoba Date: Tue, 15 Oct 2019 16:21:42 -0700 Subject: image_types_ostree: Fix OSTree ref-bindings The command "ostree refs --create" creates a new ref that points to a pre-existing commit hash. This does not add this new ref to the ref-bindings metadata in OSTree. The missing metadata leads to OSTree verifcation failures when working with the new ref. Fix this by adding the "--bind-ref" option to "ostree commit" which adds the needed ref-binding metadata. Signed-off-by: Jeremias Cordoba --- classes/image_types_ostree.bbclass | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass index 795e01b..7ffe99d 100644 --- a/classes/image_types_ostree.bbclass +++ b/classes/image_types_ostree.bbclass @@ -168,7 +168,8 @@ IMAGE_CMD_ostreecommit () { --skip-if-unchanged \ --branch=${OSTREE_BRANCHNAME} \ --subject="${OSTREE_COMMIT_SUBJECT}" \ - --body="${OSTREE_COMMIT_BODY}" + --body="${OSTREE_COMMIT_BODY}" \ + --bind-ref="${OSTREE_BRANCHNAME}-${IMAGE_BASENAME}" if [ "${OSTREE_UPDATE_SUMMARY}" = "1" ]; then ostree --repo=${OSTREE_REPO} summary -u -- cgit v1.2.3-54-g00ecf From aa8d68a6defb4676ade11ad5ebc610557d8d4cce Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Mon, 21 Oct 2019 09:40:06 +0200 Subject: aktualizr: Bump to 2019.9 release and latest garage-sign. Signed-off-by: Patrick Vacek --- recipes-sota/aktualizr/aktualizr_git.bb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index 8d08c15..c354b82 100644 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -15,7 +15,7 @@ RDEPENDS_${PN}-ptest += "bash cmake curl python3-misc python3-modules openssl-bi PV = "1.0+git${SRCPV}" PR = "7" -GARAGE_SIGN_PV = "0.7.0-33-g214dfb1" +GARAGE_SIGN_PV = "0.7.0-49-g5ffd420" SRC_URI = " \ gitsm://github.com/advancedtelematic/aktualizr;branch=${BRANCH};name=aktualizr \ @@ -27,10 +27,10 @@ SRC_URI = " \ ${@ d.expand("https://ats-tuf-cli-releases.s3-eu-central-1.amazonaws.com/cli-${GARAGE_SIGN_PV}.tgz;unpack=0;name=garagesign") if d.getVar('GARAGE_SIGN_AUTOVERSION') != '1' else ''} \ " -SRC_URI[garagesign.md5sum] = "66ffe8dcd61d4c15646e1c4b7dde7401" -SRC_URI[garagesign.sha256sum] = "7a7193ddf7e1a33ea60fbb20f98318a8bd78c325dab391d8c4ebd644a738abdc" +SRC_URI[garagesign.md5sum] = "de0877ecb693fd48ec11052e51b0ff1a" +SRC_URI[garagesign.sha256sum] = "cf25759574c9c1206835daeaf6fc345f6db7b5ccdb95fb828c86d7451f78f0aa" -SRCREV = "1592d4ab63d8851aca3440529701425612fbe903" +SRCREV = "fa59e33208d3b1dc690a30ce8339b3b4162f8022" BRANCH ?= "master" S = "${WORKDIR}/git" -- cgit v1.2.3-54-g00ecf From f22f8651f741c76d087a431f5aa334515b12a34b Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Mon, 21 Oct 2019 13:25:07 +0200 Subject: Default bblayers.conf for rpi3-64 also requires meta-python. In warrior and newer branches, meta-python is required by everything, but for thud and earlier, it's only necessary for RPi. That said, I'm not sure why rpi2 has never used it. Signed-off-by: Patrick Vacek --- conf/include/bblayers/sota_raspberrypi3-64.inc | 1 + 1 file changed, 1 insertion(+) diff --git a/conf/include/bblayers/sota_raspberrypi3-64.inc b/conf/include/bblayers/sota_raspberrypi3-64.inc index ea420ba..03f8f44 100644 --- a/conf/include/bblayers/sota_raspberrypi3-64.inc +++ b/conf/include/bblayers/sota_raspberrypi3-64.inc @@ -1,2 +1,3 @@ +BBLAYERS += "${METADIR}/meta-openembedded/meta-python" BBLAYERS += "${METADIR}/meta-updater-raspberrypi" BBLAYERS += "${METADIR}/meta-raspberrypi" -- cgit v1.2.3-54-g00ecf From dbc841d33a9ffc10a5a7ddc2baacb41aa9282129 Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Tue, 22 Oct 2019 16:22:10 +0200 Subject: aktualizr: remove systemd from PACKAGECONFIG. The systemd functionality in aktualizr is not currently used for anything, so there's no reason to use it. Signed-off-by: Patrick Vacek --- recipes-sota/aktualizr/aktualizr_git.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index c354b82..cecd527 100644 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -49,7 +49,7 @@ EXTRA_OECMAKE = "-DCMAKE_BUILD_TYPE=Release ${@bb.utils.contains('PTEST_ENABLED' GARAGE_SIGN_OPS = "${@ d.expand('-DGARAGE_SIGN_ARCHIVE=${WORKDIR}/cli-${GARAGE_SIGN_PV}.tgz') if d.getVar('GARAGE_SIGN_AUTOVERSION') != '1' else ''}" -PACKAGECONFIG ?= "ostree ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} ${@bb.utils.filter('SOTA_CLIENT_FEATURES', 'hsm serialcan ubootenv', d)}" +PACKAGECONFIG ?= "ostree ${@bb.utils.filter('SOTA_CLIENT_FEATURES', 'hsm serialcan ubootenv', d)}" PACKAGECONFIG_class-native = "sota-tools" PACKAGECONFIG[warning-as-error] = "-DWARNING_AS_ERROR=ON,-DWARNING_AS_ERROR=OFF," PACKAGECONFIG[ostree] = "-DBUILD_OSTREE=ON,-DBUILD_OSTREE=OFF,ostree," -- cgit v1.2.3-54-g00ecf From 2207fe9f85cbf998948a5645178cd673ac5647c2 Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Mon, 28 Oct 2019 09:57:11 +0100 Subject: networkd-dhcp-conf: Remove allarch. We were setting PACKAGE_ARCH to MACHINE_ARCH anyway, so this wasn't helping anything. Suggested-by: Martin Jansa Signed-off-by: Patrick Vacek --- recipes-connectivity/networkd-dhcp-conf/networkd-dhcp-conf.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes-connectivity/networkd-dhcp-conf/networkd-dhcp-conf.bb b/recipes-connectivity/networkd-dhcp-conf/networkd-dhcp-conf.bb index b6076cd..394531e 100644 --- a/recipes-connectivity/networkd-dhcp-conf/networkd-dhcp-conf.bb +++ b/recipes-connectivity/networkd-dhcp-conf/networkd-dhcp-conf.bb @@ -4,7 +4,7 @@ interfaces through systemd-networkd" LICENSE = "MPL-2.0" LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" -inherit allarch systemd +inherit systemd RPROVIDES_${PN} = "virtual/network-configuration" -- cgit v1.2.3-54-g00ecf From c1766d6b3e4d7aa514dca098f49aaee8e33e08de Mon Sep 17 00:00:00 2001 From: Laurent Bonnans Date: Mon, 28 Oct 2019 14:44:07 +0100 Subject: Fix aktualizr-ptest breakage The compile step was removed by mistake in ec1ac0617b120813d6450dffe1aa8d4868e37332! Signed-off-by: Laurent Bonnans --- recipes-sota/aktualizr/aktualizr_git.bb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index cecd527..0427c3c 100644 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -77,6 +77,10 @@ do_configure_prepend() { fi } +do_compile_ptest() { + cmake_runcmake_build --target build_tests "${PARALLEL_MAKE}" +} + do_install_ptest() { # copy the complete source directory (contains build) cp -r ${B}/ ${D}/${PTEST_PATH}/build -- cgit v1.2.3-54-g00ecf