From e8916f0d63177548c088f183309f724cda0ca795 Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Mon, 25 Sep 2017 17:35:39 +0200 Subject: Formatting. According to https://www.openembedded.org/wiki/Styleguide --- classes/image_types_ostree.bbclass | 382 +++++++++++++++++++------------------ 1 file changed, 192 insertions(+), 190 deletions(-) diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass index 97da1db..cb520c2 100644 --- a/classes/image_types_ostree.bbclass +++ b/classes/image_types_ostree.bbclass @@ -2,13 +2,13 @@ inherit image -IMAGE_DEPENDS_ostree = "ostree-native:do_populate_sysroot \ - openssl-native:do_populate_sysroot \ - zip-native:do_populate_sysroot \ - coreutils-native:do_populate_sysroot \ - virtual/kernel:do_deploy \ - ${OSTREE_INITRAMFS_IMAGE}:do_image_complete \ - unzip-native" +IMAGE_DEPENDS_ostree = "ostree-native:do_populate_sysroot \ + openssl-native:do_populate_sysroot \ + zip-native:do_populate_sysroot \ + coreutils-native:do_populate_sysroot \ + virtual/kernel:do_deploy \ + ${OSTREE_INITRAMFS_IMAGE}:do_image_complete \ + unzip-native" export OSTREE_REPO export OSTREE_BRANCHNAME @@ -21,202 +21,204 @@ OSTREE_KERNEL ??= "${KERNEL_IMAGETYPE}" export SYSTEMD_USED = "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', '', d)}" IMAGE_CMD_ostree () { - if [ -z "$OSTREE_REPO" ]; then - bbfatal "OSTREE_REPO should be set in your local.conf" - fi - - if [ -z "$OSTREE_BRANCHNAME" ]; then - bbfatal "OSTREE_BRANCHNAME should be set in your local.conf" - fi - - OSTREE_ROOTFS=`mktemp -du ${WORKDIR}/ostree-root-XXXXX` - cp -a ${IMAGE_ROOTFS} ${OSTREE_ROOTFS} - chmod a+rx ${OSTREE_ROOTFS} - sync - - cd ${OSTREE_ROOTFS} - - # Create sysroot directory to which physical sysroot will be mounted - mkdir sysroot - ln -sf sysroot/ostree ostree - - rm -rf tmp/* - ln -sf sysroot/tmp tmp - - mkdir -p usr/rootdirs - - mv etc usr/ - # Implement UsrMove - dirs="bin sbin lib" - - for dir in ${dirs} ; do - if [ -d ${dir} ] && [ ! -L ${dir} ] ; then - mv ${dir} usr/rootdirs/ - rm -rf ${dir} - ln -sf usr/rootdirs/${dir} ${dir} - fi - done - - if [ -n "$SYSTEMD_USED" ]; then - mkdir -p usr/etc/tmpfiles.d - tmpfiles_conf=usr/etc/tmpfiles.d/00ostree-tmpfiles.conf - echo "d /var/rootdirs 0755 root root -" >>${tmpfiles_conf} - echo "L /var/rootdirs/home - - - - /sysroot/home" >>${tmpfiles_conf} - else - mkdir -p usr/etc/init.d - tmpfiles_conf=usr/etc/init.d/tmpfiles.sh - echo '#!/bin/sh' > ${tmpfiles_conf} - echo "mkdir -p /var/rootdirs; chmod 755 /var/rootdirs" >> ${tmpfiles_conf} - echo "ln -sf /sysroot/home /var/rootdirs/home" >> ${tmpfiles_conf} - - ln -s ../init.d/tmpfiles.sh usr/etc/rcS.d/S20tmpfiles.sh - fi - - # Preserve OSTREE_BRANCHNAME for future information - mkdir -p usr/share/sota/ - echo -n "${OSTREE_BRANCHNAME}" > usr/share/sota/branchname - - # Preserve data in /home to be later copied to /sysroot/home by - # sysroot generating procedure - mkdir -p usr/homedirs - if [ -d "home" ] && [ ! -L "home" ]; then - mv home usr/homedirs/home - ln -sf var/rootdirs/home home - fi - - # Move persistent directories to /var - dirs="opt mnt media srv" - - for dir in ${dirs}; do - if [ -d ${dir} ] && [ ! -L ${dir} ]; then - if [ "$(ls -A $dir)" ]; then - bbwarn "Data in /$dir directory is not preserved by OSTree. Consider moving it under /usr" - fi - - if [ -n "$SYSTEMD_USED" ]; then - echo "d /var/rootdirs/${dir} 0755 root root -" >>${tmpfiles_conf} - else - echo "mkdir -p /var/rootdirs/${dir}; chown 755 /var/rootdirs/${dir}" >>${tmpfiles_conf} - fi - rm -rf ${dir} - ln -sf var/rootdirs/${dir} ${dir} - fi - done - - if [ -d root ] && [ ! -L root ]; then - if [ "$(ls -A root)" ]; then - bberror "Data in /root directory is not preserved by OSTree." - fi - - if [ -n "$SYSTEMD_USED" ]; then - echo "d /var/roothome 0755 root root -" >>${tmpfiles_conf} - else - echo "mkdir -p /var/roothome; chown 755 /var/roothome" >>${tmpfiles_conf} - fi - - rm -rf root - ln -sf var/roothome root - fi - - mkdir -p var/sota - - if [ -n "${SOTA_AUTOPROVISION_CREDENTIALS}" ]; then + if [ -z "$OSTREE_REPO" ]; then + bbfatal "OSTREE_REPO should be set in your local.conf" + fi + + if [ -z "$OSTREE_BRANCHNAME" ]; then + bbfatal "OSTREE_BRANCHNAME should be set in your local.conf" + fi + + OSTREE_ROOTFS=`mktemp -du ${WORKDIR}/ostree-root-XXXXX` + cp -a ${IMAGE_ROOTFS} ${OSTREE_ROOTFS} + chmod a+rx ${OSTREE_ROOTFS} + sync + + cd ${OSTREE_ROOTFS} + + # Create sysroot directory to which physical sysroot will be mounted + mkdir sysroot + ln -sf sysroot/ostree ostree + + rm -rf tmp/* + ln -sf sysroot/tmp tmp + + mkdir -p usr/rootdirs + + mv etc usr/ + # Implement UsrMove + dirs="bin sbin lib" + + for dir in ${dirs} ; do + if [ -d ${dir} ] && [ ! -L ${dir} ] ; then + mv ${dir} usr/rootdirs/ + rm -rf ${dir} + ln -sf usr/rootdirs/${dir} ${dir} + fi + done + + if [ -n "$SYSTEMD_USED" ]; then + mkdir -p usr/etc/tmpfiles.d + tmpfiles_conf=usr/etc/tmpfiles.d/00ostree-tmpfiles.conf + echo "d /var/rootdirs 0755 root root -" >>${tmpfiles_conf} + echo "L /var/rootdirs/home - - - - /sysroot/home" >>${tmpfiles_conf} + else + mkdir -p usr/etc/init.d + tmpfiles_conf=usr/etc/init.d/tmpfiles.sh + echo '#!/bin/sh' > ${tmpfiles_conf} + echo "mkdir -p /var/rootdirs; chmod 755 /var/rootdirs" >> ${tmpfiles_conf} + echo "ln -sf /sysroot/home /var/rootdirs/home" >> ${tmpfiles_conf} + + ln -s ../init.d/tmpfiles.sh usr/etc/rcS.d/S20tmpfiles.sh + fi + + # Preserve OSTREE_BRANCHNAME for future information + mkdir -p usr/share/sota/ + echo -n "${OSTREE_BRANCHNAME}" > usr/share/sota/branchname + + # Preserve data in /home to be later copied to /sysroot/home by sysroot + # generating procedure + mkdir -p usr/homedirs + if [ -d "home" ] && [ ! -L "home" ]; then + mv home usr/homedirs/home + ln -sf var/rootdirs/home home + fi + + # Move persistent directories to /var + dirs="opt mnt media srv" + + for dir in ${dirs}; do + if [ -d ${dir} ] && [ ! -L ${dir} ]; then + if [ "$(ls -A $dir)" ]; then + bbwarn "Data in /$dir directory is not preserved by OSTree. Consider moving it under /usr" + fi + + if [ -n "$SYSTEMD_USED" ]; then + echo "d /var/rootdirs/${dir} 0755 root root -" >>${tmpfiles_conf} + else + echo "mkdir -p /var/rootdirs/${dir}; chown 755 /var/rootdirs/${dir}" >>${tmpfiles_conf} + fi + rm -rf ${dir} + ln -sf var/rootdirs/${dir} ${dir} + fi + done + + if [ -d root ] && [ ! -L root ]; then + if [ "$(ls -A root)" ]; then + bberror "Data in /root directory is not preserved by OSTree." + fi + + if [ -n "$SYSTEMD_USED" ]; then + echo "d /var/roothome 0755 root root -" >>${tmpfiles_conf} + else + echo "mkdir -p /var/roothome; chown 755 /var/roothome" >>${tmpfiles_conf} + fi + + rm -rf root + ln -sf var/roothome root + fi + + mkdir -p var/sota + + if [ -n "${SOTA_AUTOPROVISION_CREDENTIALS}" ]; then bbwarn "SOTA_AUTOPROVISION_CREDENTIALS are ignored. Please use SOTA_PACKED_CREDENTIALS" fi - if [ -n "${SOTA_AUTOPROVISION_URL}" ]; then + if [ -n "${SOTA_AUTOPROVISION_URL}" ]; then bbwarn "SOTA_AUTOPROVISION_URL is ignored. Please use SOTA_PACKED_CREDENTIALS" fi - if [ -n "${SOTA_AUTOPROVISION_URL_FILE}" ]; then + if [ -n "${SOTA_AUTOPROVISION_URL_FILE}" ]; then bbwarn "SOTA_AUTOPROVISION_URL_FILE is ignored. Please use SOTA_PACKED_CREDENTIALS" fi - if [ -n "${OSTREE_PUSH_CREDENTIALS}" ]; then + if [ -n "${OSTREE_PUSH_CREDENTIALS}" ]; then bbwarn "OSTREE_PUSH_CREDENTIALS is ignored. Please use SOTA_PACKED_CREDENTIALS" fi - # deploy SOTA credentials - if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then - if [ -e ${SOTA_PACKED_CREDENTIALS} ]; then - cp ${SOTA_PACKED_CREDENTIALS} var/sota/sota_provisioning_credentials.zip - # Device should not be able to push data to treehub - zip -d var/sota/sota_provisioning_credentials.zip treehub.json - fi - fi - - if [ -n "${SOTA_SECONDARY_ECUS}" ]; then - cp ${SOTA_SECONDARY_ECUS} var/sota/ecus - fi - - # Deploy client certificate and key. - if [ -n "${SOTA_CLIENT_CERTIFICATE}" ]; then - if [ -e ${SOTA_CLIENT_CERTIFICATE} ]; then - mkdir -p var/sota/token - cp ${SOTA_CLIENT_CERTIFICATE} var/sota/token/ - fi - fi - if [ -n "${SOTA_CLIENT_KEY}" ]; then - if [ -e ${SOTA_CLIENT_KEY} ]; then - mkdir -p var/sota/token - cp ${SOTA_CLIENT_KEY} var/sota/token/ - fi - fi - if [ -n "${SOTA_ROOT_CA}" ]; then - if [ -e ${SOTA_ROOT_CA} ]; then - cp ${SOTA_ROOT_CA} var/sota/ - fi - fi - - # Creating boot directories is required for "ostree admin deploy" - - mkdir -p boot/loader.0 - mkdir -p boot/loader.1 - ln -sf boot/loader.0 boot/loader - - checksum=`sha256sum ${DEPLOY_DIR_IMAGE}/${OSTREE_KERNEL} | cut -f 1 -d " "` - - cp ${DEPLOY_DIR_IMAGE}/${OSTREE_KERNEL} boot/vmlinuz-${checksum} - cp ${DEPLOY_DIR_IMAGE}/${OSTREE_INITRAMFS_IMAGE}-${MACHINE}${RAMDISK_EXT} boot/initramfs-${checksum} - - # Copy image manifest - cat ${IMAGE_MANIFEST} | cut -d " " -f1,3 > usr/package.manifest - - cd ${WORKDIR} - - # Create a tarball that can be then commited to OSTree repo - OSTREE_TAR=${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.rootfs.ostree.tar.bz2 - tar -C ${OSTREE_ROOTFS} --xattrs --xattrs-include='*' -cjf ${OSTREE_TAR} . - sync - - rm -f ${DEPLOY_DIR_IMAGE}/${IMAGE_LINK_NAME}.rootfs.ostree.tar.bz2 - ln -s ${IMAGE_NAME}.rootfs.ostree.tar.bz2 ${DEPLOY_DIR_IMAGE}/${IMAGE_LINK_NAME}.rootfs.ostree.tar.bz2 - - if [ ! -d ${OSTREE_REPO} ]; then - ostree --repo=${OSTREE_REPO} init --mode=archive-z2 - fi - - # Commit the result - ostree --repo=${OSTREE_REPO} commit \ - --tree=dir=${OSTREE_ROOTFS} \ - --skip-if-unchanged \ - --branch=${OSTREE_BRANCHNAME} \ - --subject="Commit-id: ${IMAGE_NAME}" - - rm -rf ${OSTREE_ROOTFS} + # deploy SOTA credentials + if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then + if [ -e ${SOTA_PACKED_CREDENTIALS} ]; then + cp ${SOTA_PACKED_CREDENTIALS} var/sota/sota_provisioning_credentials.zip + # Device should not be able to push data to treehub + zip -d var/sota/sota_provisioning_credentials.zip treehub.json + fi + fi + + if [ -n "${SOTA_SECONDARY_ECUS}" ]; then + cp ${SOTA_SECONDARY_ECUS} var/sota/ecus + fi + + # Deploy client certificate and key. + if [ -n "${SOTA_CLIENT_CERTIFICATE}" ]; then + if [ -e ${SOTA_CLIENT_CERTIFICATE} ]; then + mkdir -p var/sota/token + cp ${SOTA_CLIENT_CERTIFICATE} var/sota/token/ + fi + fi + if [ -n "${SOTA_CLIENT_KEY}" ]; then + if [ -e ${SOTA_CLIENT_KEY} ]; then + mkdir -p var/sota/token + cp ${SOTA_CLIENT_KEY} var/sota/token/ + fi + fi + if [ -n "${SOTA_ROOT_CA}" ]; then + if [ -e ${SOTA_ROOT_CA} ]; then + cp ${SOTA_ROOT_CA} var/sota/ + fi + fi + + # Creating boot directories is required for "ostree admin deploy" + + mkdir -p boot/loader.0 + mkdir -p boot/loader.1 + ln -sf boot/loader.0 boot/loader + + checksum=`sha256sum ${DEPLOY_DIR_IMAGE}/${OSTREE_KERNEL} | cut -f 1 -d " "` + + cp ${DEPLOY_DIR_IMAGE}/${OSTREE_KERNEL} boot/vmlinuz-${checksum} + cp ${DEPLOY_DIR_IMAGE}/${OSTREE_INITRAMFS_IMAGE}-${MACHINE}${RAMDISK_EXT} boot/initramfs-${checksum} + + # Copy image manifest + cat ${IMAGE_MANIFEST} | cut -d " " -f1,3 > usr/package.manifest + + cd ${WORKDIR} + + # Create a tarball that can be then commited to OSTree repo + OSTREE_TAR=${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.rootfs.ostree.tar.bz2 + tar -C ${OSTREE_ROOTFS} --xattrs --xattrs-include='*' -cjf ${OSTREE_TAR} . + sync + + rm -f ${DEPLOY_DIR_IMAGE}/${IMAGE_LINK_NAME}.rootfs.ostree.tar.bz2 + ln -s ${IMAGE_NAME}.rootfs.ostree.tar.bz2 ${DEPLOY_DIR_IMAGE}/${IMAGE_LINK_NAME}.rootfs.ostree.tar.bz2 + + if [ ! -d ${OSTREE_REPO} ]; then + ostree --repo=${OSTREE_REPO} init --mode=archive-z2 + fi + + # Commit the result + ostree --repo=${OSTREE_REPO} commit \ + --tree=dir=${OSTREE_ROOTFS} \ + --skip-if-unchanged \ + --branch=${OSTREE_BRANCHNAME} \ + --subject="Commit-id: ${IMAGE_NAME}" + + rm -rf ${OSTREE_ROOTFS} } IMAGE_TYPEDEP_ostreepush = "ostree" IMAGE_DEPENDS_ostreepush = "sota-tools-native:do_populate_sysroot" IMAGE_CMD_ostreepush () { - # Print warnings if credetials are not set or if the file has not been found. - if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then - if [ -e ${SOTA_PACKED_CREDENTIALS} ]; then - garage-push --repo=${OSTREE_REPO} \ - --ref=${OSTREE_BRANCHNAME} \ - --credentials=${SOTA_PACKED_CREDENTIALS} \ - --cacert=${STAGING_ETCDIR_NATIVE}/ssl/certs/ca-certificates.crt - else - bbwarn "SOTA_PACKED_CREDENTIALS file does not exist." - fi + # Print warnings if credetials are not set or if the file has not been found. + if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then + if [ -e ${SOTA_PACKED_CREDENTIALS} ]; then + garage-push --repo=${OSTREE_REPO} \ + --ref=${OSTREE_BRANCHNAME} \ + --credentials=${SOTA_PACKED_CREDENTIALS} \ + --cacert=${STAGING_ETCDIR_NATIVE}/ssl/certs/ca-certificates.crt else - bbwarn "SOTA_PACKED_CREDENTIALS not set. Please add SOTA_PACKED_CREDENTIALS." - fi + bbwarn "SOTA_PACKED_CREDENTIALS file does not exist." + fi + else + bbwarn "SOTA_PACKED_CREDENTIALS not set. Please add SOTA_PACKED_CREDENTIALS." + fi } + +# vim:set ts=4 sw=4 sts=4 expandtab: -- cgit v1.2.3-54-g00ecf From 0ab7fe36dacebd2ab9e79d57987af2205a5f9a09 Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Thu, 28 Sep 2017 14:24:19 +0200 Subject: Create recipe for implicit provisioning file shuffling. Split aktualizr into basic and native recipes by moving most of the work to an include file. Use aktualizr-implicit-writer (on host) to do the actual work of configuring sota.toml and installing files. Still not quite fully functional. --- classes/image_types_ostree.bbclass | 4 ++- classes/sota.bbclass | 2 +- classes/sota_bleeding.inc | 1 + recipes-sota/aktualizr/aktualizr-auto-prov.bb | 6 ++-- recipes-sota/aktualizr/aktualizr-implicit-prov.bb | 36 ++++++++++++++++++++++ recipes-sota/aktualizr/aktualizr-native_git.bb | 16 ++++++++++ recipes-sota/aktualizr/aktualizr_common.inc | 19 ++++++++++++ recipes-sota/aktualizr/aktualizr_git.bb | 29 ++++++----------- .../aktualizr/files/sota_implicit_prov.toml | 11 +++++++ 9 files changed, 99 insertions(+), 25 deletions(-) create mode 100644 recipes-sota/aktualizr/aktualizr-implicit-prov.bb create mode 100644 recipes-sota/aktualizr/aktualizr-native_git.bb create mode 100644 recipes-sota/aktualizr/aktualizr_common.inc create mode 100644 recipes-sota/aktualizr/files/sota_implicit_prov.toml diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass index cb520c2..26be7bf 100644 --- a/classes/image_types_ostree.bbclass +++ b/classes/image_types_ostree.bbclass @@ -20,6 +20,8 @@ OSTREE_KERNEL ??= "${KERNEL_IMAGETYPE}" export SYSTEMD_USED = "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', '', d)}" +SOTA_IMPLICIT_PROV = "${@bb.utils.contains('DISTRO_FEATURES', 'implicit-prov', 'true', '', d)}" + IMAGE_CMD_ostree () { if [ -z "$OSTREE_REPO" ]; then bbfatal "OSTREE_REPO should be set in your local.conf" @@ -134,7 +136,7 @@ IMAGE_CMD_ostree () { fi # deploy SOTA credentials - if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then + if [ -n "${SOTA_PACKED_CREDENTIALS}" -a -z "${SOTA_IMPLICIT_PROV}" ]; then if [ -e ${SOTA_PACKED_CREDENTIALS} ]; then cp ${SOTA_PACKED_CREDENTIALS} var/sota/sota_provisioning_credentials.zip # Device should not be able to push data to treehub diff --git a/classes/sota.bbclass b/classes/sota.bbclass index d3b66e0..357fefd 100644 --- a/classes/sota.bbclass +++ b/classes/sota.bbclass @@ -6,7 +6,7 @@ python __anonymous() { OVERRIDES .= "${@bb.utils.contains('DISTRO_FEATURES', 'sota', ':sota', '', d)}" SOTA_CLIENT ??= "aktualizr" -SOTA_CLIENT_PROV ??= "aktualizr-auto-prov" +SOTA_CLIENT_PROV ??= "${@bb.utils.contains('DISTRO_FEATURES', 'implicit-prov', 'aktualizr-implicit-prov', 'aktualizr-auto-prov', d)}" IMAGE_INSTALL_append_sota = " ostree os-release ${SOTA_CLIENT} ${SOTA_CLIENT_PROV}" IMAGE_CLASSES += " image_types_ostree image_types_ota" IMAGE_FSTYPES += "${@bb.utils.contains('DISTRO_FEATURES', 'sota', 'ostreepush otaimg wic', ' ', d)}" diff --git a/classes/sota_bleeding.inc b/classes/sota_bleeding.inc index fc5947d..77d004b 100644 --- a/classes/sota_bleeding.inc +++ b/classes/sota_bleeding.inc @@ -1 +1,2 @@ SRCREV_pn-aktualizr ?= "${AUTOREV}" +SRCREV_pn-aktualizr-native ?= "${AUTOREV}" diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov.bb b/recipes-sota/aktualizr/aktualizr-auto-prov.bb index 054b5cd..b30e884 100644 --- a/recipes-sota/aktualizr/aktualizr-auto-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-auto-prov.bb @@ -1,10 +1,12 @@ SUMMARY = "Aktualizr systemd service and configurations" -DESCRIPTION = "Systemd service and configurations for Aktualizr, the SOTA Client application written in C++" +DESCRIPTION = "Systemd service and configurations for autoprovisioning Aktualizr, the SOTA Client application written in C++" HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" SECTION = "base" LICENSE = "MPL-2.0" LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE;md5=9741c346eef56131163e13b9db1241b3" RDEPENDS_${PN} = "aktualizr" +PV = "1.0" +PR = "6" SRC_URI = " \ file://LICENSE \ @@ -12,8 +14,6 @@ SRC_URI = " \ file://aktualizr-autoprovision.service \ file://sota_autoprov.toml \ " -PV = "1.0" -PR = "6" SYSTEMD_SERVICE_${PN} = "aktualizr.service" diff --git a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb new file mode 100644 index 0000000..edec409 --- /dev/null +++ b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb @@ -0,0 +1,36 @@ +SUMMARY = "Aktualizr systemd service and configurations" +DESCRIPTION = "Systemd service and configurations for implicitly provisioning Aktualizr, the SOTA Client application written in C++" +HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" +SECTION = "base" +LICENSE = "MPL-2.0" +LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE;md5=9741c346eef56131163e13b9db1241b3" +DEPENDS = "aktualizr-native" +RDEPENDS_${PN} = "aktualizr" +PV = "1.0" +PR = "1" + +SRC_URI = " \ + file://LICENSE \ + file://aktualizr-autoprovision.service \ + file://sota_implicit_prov.toml \ + " + +SYSTEMD_SERVICE_${PN} = "aktualizr.service" + +inherit systemd + +export SOTA_PACKED_CREDENTIALS + +do_install() { + install -d ${D}/${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/aktualizr-autoprovision.service ${D}/${systemd_unitdir}/system/aktualizr.service + install -d ${D}/usr/lib/sota + aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} \ + -i ${WORKDIR}/sota_implicit_prov.toml -o ${D}/usr/lib/sota/sota.toml -p ${D} +} + +FILES_${PN} = " \ + ${systemd_unitdir}/system/aktualizr.service \ + /usr/lib/sota/sota.toml \ + /var/sota/root.crt \ + " diff --git a/recipes-sota/aktualizr/aktualizr-native_git.bb b/recipes-sota/aktualizr/aktualizr-native_git.bb new file mode 100644 index 0000000..59479fd --- /dev/null +++ b/recipes-sota/aktualizr/aktualizr-native_git.bb @@ -0,0 +1,16 @@ +require aktualizr_common.inc + +DEPENDS = "boost-native openssl-native libarchive-native libsodium-native" + +inherit native + +EXTRA_OECMAKE = "-DWARNING_AS_ERROR=OFF -DCMAKE_BUILD_TYPE=Release -DBUILD_OSTREE=OFF -DAKTUALIZR_VERSION=${PV}" + +do_install_append () { + rm ${D}${bindir}/aktualizr + rm ${D}${bindir}/aktualizr_cert_provider +} + +FILES_${PN} = " \ + ${bindir}/aktualizr_implicit_writer \ + " diff --git a/recipes-sota/aktualizr/aktualizr_common.inc b/recipes-sota/aktualizr/aktualizr_common.inc new file mode 100644 index 0000000..61854ea --- /dev/null +++ b/recipes-sota/aktualizr/aktualizr_common.inc @@ -0,0 +1,19 @@ +SUMMARY = "Aktualizr SOTA Client" +DESCRIPTION = "SOTA Client application written in C++" +HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" +SECTION = "base" +LICENSE = "MPL-2.0" +LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=9741c346eef56131163e13b9db1241b3" + +PV = "1.0+git${SRCPV}" +PR = "7" + +SRC_URI = " \ + git://github.com/advancedtelematic/aktualizr;branch=${BRANCH} \ + " +SRCREV = "1004efa3f86cef90c012b34620992b5762b741e3" +BRANCH ?= "master" + +S = "${WORKDIR}/git" + +inherit cmake diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index 2d0dadc..4f6a175 100644 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -1,32 +1,21 @@ -SUMMARY = "Aktualizr SOTA Client" -DESCRIPTION = "SOTA Client application written in C++" -HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" -SECTION = "base" -LICENSE = "MPL-2.0" -LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=9741c346eef56131163e13b9db1241b3" -DEPENDS = "boost curl openssl jansson libsodium ostree" +require aktualizr_common.inc + +DEPENDS = "boost curl jansson openssl libarchive libsodium ostree" RDEPENDS_${PN} = "lshw" DEPENDS_append = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', ' libp11', '', d)}" - RDEPENDS_${PN}_append = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', ' engine-pkcs11', '', d)}" RDEPENDS_${PN}_append = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm-test', ' softhsm softhsm-testtoken', '', d)}" -SRC_URI = " \ - git://github.com/advancedtelematic/aktualizr;branch=${BRANCH} \ - " -SRCREV = "1004efa3f86cef90c012b34620992b5762b741e3" -BRANCH ?= "master" - -PV = "1.0+git${SRCPV}" -PR = "7" - -S = "${WORKDIR}/git" - -inherit cmake systemd +inherit systemd EXTRA_OECMAKE = "-DWARNING_AS_ERROR=OFF -DCMAKE_BUILD_TYPE=Release -DBUILD_OSTREE=ON -DAKTUALIZR_VERSION=${PV}" +do_install_append () { + rm ${D}${bindir}/aktualizr_cert_provider + rm ${D}${bindir}/aktualizr_implicit_writer +} + FILES_${PN} = " \ ${bindir}/aktualizr \ " diff --git a/recipes-sota/aktualizr/files/sota_implicit_prov.toml b/recipes-sota/aktualizr/files/sota_implicit_prov.toml new file mode 100644 index 0000000..31e2946 --- /dev/null +++ b/recipes-sota/aktualizr/files/sota_implicit_prov.toml @@ -0,0 +1,11 @@ +[tls] +certificates_directory = "/var/sota/" +ca_file = "root.crt" +client_certificate = "client.pem" +pkey_file = "pkey.pem" + +[uptane] +metadata_path = "/var/sota/metadata" +private_key_path = "ecukey.der" +public_key_path = "ecukey.pub" + -- cgit v1.2.3-54-g00ecf From 672706273326597ed942b9a8d05e9ca315cc6130 Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Wed, 4 Oct 2017 11:25:17 +0200 Subject: Move implicit root CA to /usr/lib/sota. It should be able to be updated. --- recipes-sota/aktualizr/aktualizr-implicit-prov.bb | 2 +- recipes-sota/aktualizr/files/sota_implicit_prov.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb index edec409..792d5ba 100644 --- a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb @@ -32,5 +32,5 @@ do_install() { FILES_${PN} = " \ ${systemd_unitdir}/system/aktualizr.service \ /usr/lib/sota/sota.toml \ - /var/sota/root.crt \ + /usr/lib/sota/root.crt \ " diff --git a/recipes-sota/aktualizr/files/sota_implicit_prov.toml b/recipes-sota/aktualizr/files/sota_implicit_prov.toml index 31e2946..756c868 100644 --- a/recipes-sota/aktualizr/files/sota_implicit_prov.toml +++ b/recipes-sota/aktualizr/files/sota_implicit_prov.toml @@ -1,6 +1,6 @@ [tls] certificates_directory = "/var/sota/" -ca_file = "root.crt" +ca_file = "/usr/lib/sota/root.crt" client_certificate = "client.pem" pkey_file = "pkey.pem" -- cgit v1.2.3-54-g00ecf From 098f69acc074d1905cb3e9aa6374fec427a63df7 Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Thu, 5 Oct 2017 14:18:06 +0200 Subject: Move provisioning out of ostree bbclass into autoprov recipe. Also remove implicit-prov from DISTRO_FEATURES. Just specify SOTA_CLIENT_PROV directly. --- classes/image_types_ostree.bbclass | 49 +---------------------- classes/sota.bbclass | 2 +- recipes-sota/aktualizr/aktualizr-auto-prov.bb | 35 +++++++++++++--- recipes-sota/aktualizr/aktualizr-implicit-prov.bb | 2 - 4 files changed, 31 insertions(+), 57 deletions(-) diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass index 26be7bf..adcafe3 100644 --- a/classes/image_types_ostree.bbclass +++ b/classes/image_types_ostree.bbclass @@ -4,11 +4,9 @@ inherit image IMAGE_DEPENDS_ostree = "ostree-native:do_populate_sysroot \ openssl-native:do_populate_sysroot \ - zip-native:do_populate_sysroot \ coreutils-native:do_populate_sysroot \ virtual/kernel:do_deploy \ - ${OSTREE_INITRAMFS_IMAGE}:do_image_complete \ - unzip-native" + ${OSTREE_INITRAMFS_IMAGE}:do_image_complete" export OSTREE_REPO export OSTREE_BRANCHNAME @@ -20,8 +18,6 @@ OSTREE_KERNEL ??= "${KERNEL_IMAGETYPE}" export SYSTEMD_USED = "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', '', d)}" -SOTA_IMPLICIT_PROV = "${@bb.utils.contains('DISTRO_FEATURES', 'implicit-prov', 'true', '', d)}" - IMAGE_CMD_ostree () { if [ -z "$OSTREE_REPO" ]; then bbfatal "OSTREE_REPO should be set in your local.conf" @@ -120,53 +116,10 @@ IMAGE_CMD_ostree () { ln -sf var/roothome root fi - mkdir -p var/sota - - if [ -n "${SOTA_AUTOPROVISION_CREDENTIALS}" ]; then - bbwarn "SOTA_AUTOPROVISION_CREDENTIALS are ignored. Please use SOTA_PACKED_CREDENTIALS" - fi - if [ -n "${SOTA_AUTOPROVISION_URL}" ]; then - bbwarn "SOTA_AUTOPROVISION_URL is ignored. Please use SOTA_PACKED_CREDENTIALS" - fi - if [ -n "${SOTA_AUTOPROVISION_URL_FILE}" ]; then - bbwarn "SOTA_AUTOPROVISION_URL_FILE is ignored. Please use SOTA_PACKED_CREDENTIALS" - fi - if [ -n "${OSTREE_PUSH_CREDENTIALS}" ]; then - bbwarn "OSTREE_PUSH_CREDENTIALS is ignored. Please use SOTA_PACKED_CREDENTIALS" - fi - - # deploy SOTA credentials - if [ -n "${SOTA_PACKED_CREDENTIALS}" -a -z "${SOTA_IMPLICIT_PROV}" ]; then - if [ -e ${SOTA_PACKED_CREDENTIALS} ]; then - cp ${SOTA_PACKED_CREDENTIALS} var/sota/sota_provisioning_credentials.zip - # Device should not be able to push data to treehub - zip -d var/sota/sota_provisioning_credentials.zip treehub.json - fi - fi - if [ -n "${SOTA_SECONDARY_ECUS}" ]; then cp ${SOTA_SECONDARY_ECUS} var/sota/ecus fi - # Deploy client certificate and key. - if [ -n "${SOTA_CLIENT_CERTIFICATE}" ]; then - if [ -e ${SOTA_CLIENT_CERTIFICATE} ]; then - mkdir -p var/sota/token - cp ${SOTA_CLIENT_CERTIFICATE} var/sota/token/ - fi - fi - if [ -n "${SOTA_CLIENT_KEY}" ]; then - if [ -e ${SOTA_CLIENT_KEY} ]; then - mkdir -p var/sota/token - cp ${SOTA_CLIENT_KEY} var/sota/token/ - fi - fi - if [ -n "${SOTA_ROOT_CA}" ]; then - if [ -e ${SOTA_ROOT_CA} ]; then - cp ${SOTA_ROOT_CA} var/sota/ - fi - fi - # Creating boot directories is required for "ostree admin deploy" mkdir -p boot/loader.0 diff --git a/classes/sota.bbclass b/classes/sota.bbclass index 357fefd..d3b66e0 100644 --- a/classes/sota.bbclass +++ b/classes/sota.bbclass @@ -6,7 +6,7 @@ python __anonymous() { OVERRIDES .= "${@bb.utils.contains('DISTRO_FEATURES', 'sota', ':sota', '', d)}" SOTA_CLIENT ??= "aktualizr" -SOTA_CLIENT_PROV ??= "${@bb.utils.contains('DISTRO_FEATURES', 'implicit-prov', 'aktualizr-implicit-prov', 'aktualizr-auto-prov', d)}" +SOTA_CLIENT_PROV ??= "aktualizr-auto-prov" IMAGE_INSTALL_append_sota = " ostree os-release ${SOTA_CLIENT} ${SOTA_CLIENT_PROV}" IMAGE_CLASSES += " image_types_ostree image_types_ota" IMAGE_FSTYPES += "${@bb.utils.contains('DISTRO_FEATURES', 'sota', 'ostreepush otaimg wic', ' ', d)}" diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov.bb b/recipes-sota/aktualizr/aktualizr-auto-prov.bb index b30e884..48777b2 100644 --- a/recipes-sota/aktualizr/aktualizr-auto-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-auto-prov.bb @@ -4,6 +4,7 @@ HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" SECTION = "base" LICENSE = "MPL-2.0" LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE;md5=9741c346eef56131163e13b9db1241b3" +DEPENDS = "zip-native" RDEPENDS_${PN} = "aktualizr" PV = "1.0" PR = "6" @@ -22,18 +23,40 @@ inherit systemd export SOTA_PACKED_CREDENTIALS do_install_append() { + if [ -n "${SOTA_AUTOPROVISION_CREDENTIALS}" ]; then + bbwarn "SOTA_AUTOPROVISION_CREDENTIALS are ignored. Please use SOTA_PACKED_CREDENTIALS" + fi + if [ -n "${SOTA_AUTOPROVISION_URL}" ]; then + bbwarn "SOTA_AUTOPROVISION_URL is ignored. Please use SOTA_PACKED_CREDENTIALS" + fi + if [ -n "${SOTA_AUTOPROVISION_URL_FILE}" ]; then + bbwarn "SOTA_AUTOPROVISION_URL_FILE is ignored. Please use SOTA_PACKED_CREDENTIALS" + fi + if [ -n "${OSTREE_PUSH_CREDENTIALS}" ]; then + bbwarn "OSTREE_PUSH_CREDENTIALS is ignored. Please use SOTA_PACKED_CREDENTIALS" + fi + if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then - install -d ${D}/${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/aktualizr-autoprovision.service ${D}/${systemd_unitdir}/system/aktualizr.service - install -d ${D}/usr/lib/sota - install -m "0644" ${WORKDIR}/sota_autoprov.toml ${D}/usr/lib/sota/sota.toml + install -d ${D}/${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/aktualizr-autoprovision.service ${D}/${systemd_unitdir}/system/aktualizr.service + install -d ${D}/usr/lib/sota + install -m "0644" ${WORKDIR}/sota_autoprov.toml ${D}/usr/lib/sota/sota.toml + + # deploy SOTA credentials + if [ -e ${SOTA_PACKED_CREDENTIALS} ]; then + mkdir -p ${D}/var/sota + cp ${SOTA_PACKED_CREDENTIALS} ${D}/var/sota/sota_provisioning_credentials.zip + # Device should not be able to push data to treehub + zip -d ${D}/var/sota/sota_provisioning_credentials.zip treehub.json + fi else - install -d ${D}/${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/aktualizr-manual-provision.service ${D}/${systemd_unitdir}/system/aktualizr.service + install -d ${D}/${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/aktualizr-manual-provision.service ${D}/${systemd_unitdir}/system/aktualizr.service fi } FILES_${PN} = " \ ${systemd_unitdir}/system/aktualizr.service \ /usr/lib/sota/sota.toml \ + /var/sota/sota_provisioning_credentials.zip \ " diff --git a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb index 792d5ba..a01ef48 100644 --- a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb @@ -19,8 +19,6 @@ SYSTEMD_SERVICE_${PN} = "aktualizr.service" inherit systemd -export SOTA_PACKED_CREDENTIALS - do_install() { install -d ${D}/${systemd_unitdir}/system install -m 0644 ${WORKDIR}/aktualizr-autoprovision.service ${D}/${systemd_unitdir}/system/aktualizr.service -- cgit v1.2.3-54-g00ecf From 2bce8708ca8be6931d9f524df735694d3c77a984 Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Fri, 6 Oct 2017 15:33:42 +0200 Subject: Bump aktualizr version for implict_writer support. --- recipes-sota/aktualizr/aktualizr_common.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes-sota/aktualizr/aktualizr_common.inc b/recipes-sota/aktualizr/aktualizr_common.inc index 61854ea..b3f99cc 100644 --- a/recipes-sota/aktualizr/aktualizr_common.inc +++ b/recipes-sota/aktualizr/aktualizr_common.inc @@ -11,7 +11,7 @@ PR = "7" SRC_URI = " \ git://github.com/advancedtelematic/aktualizr;branch=${BRANCH} \ " -SRCREV = "1004efa3f86cef90c012b34620992b5762b741e3" +SRCREV = "ed2c9684d3b7e605b41a3e7dda0afded1d4a084c" BRANCH ?= "master" S = "${WORKDIR}/git" -- cgit v1.2.3-54-g00ecf