From 07837f53f0aedaedf388938ae623c86d5bf1337a Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Fri, 14 Sep 2018 11:58:20 +0200 Subject: libp11: Fix paths after switch to openssl 1.1. It should now accept paths in either format to accommodate openssl versions 1.0 and 1.1. --- recipes-support/libp11/libp11_0.4.7.bb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/recipes-support/libp11/libp11_0.4.7.bb b/recipes-support/libp11/libp11_0.4.7.bb index 02d9e50..00074e5 100644 --- a/recipes-support/libp11/libp11_0.4.7.bb +++ b/recipes-support/libp11/libp11_0.4.7.bb @@ -18,7 +18,7 @@ S = "${WORKDIR}/git" inherit autotools pkgconfig # Currently, Makefile dependencies are incorrectly defined which causes build errors -# The number of jobs is high +# if the number of jobs is high # See https://github.com/OpenSC/libp11/issues/94 PARALLEL_MAKE = "" EXTRA_OECONF = "--disable-static" @@ -28,12 +28,12 @@ do_install_append () { rm -rf ${D}${docdir}/${BPN} } -FILES_${PN} = "${libdir}/engines/pkcs11.so \ - ${libdir}/engines/libpkcs11${SOLIBS} \ +FILES_${PN} = "${libdir}/engines*/pkcs11.so \ + ${libdir}/engines*/libpkcs11${SOLIBS} \ ${libdir}/libp11${SOLIBS}" FILES_${PN}-dev = " \ - ${libdir}/engines/libpkcs11${SOLIBSDEV} \ + ${libdir}/engines*/libpkcs11${SOLIBSDEV} \ ${libdir}/libp11${SOLIBSDEV} \ ${libdir}/pkgconfig/libp11.pc \ /usr/include" -- cgit v1.2.3-54-g00ecf From 4f11914540c8f867db659a3d0cac12ceb7e22c7e Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Fri, 14 Sep 2018 14:15:05 +0200 Subject: softhsm-testtoken: Update paths for token import. And bump aktualizr recipe --- recipes-sota/aktualizr/aktualizr_git.bb | 2 +- recipes-support/softhsm-testtoken/files/createtoken.sh | 14 +++++++------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index 9369cbe..445f11e 100755 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -27,7 +27,7 @@ SRC_URI = " \ file://aktualizr-secondary.socket \ file://aktualizr-serialcan.service \ " -SRCREV = "062ab7756c375ee2c913d3197cafe4ee2f97ef2a" +SRCREV = "8083d4fa67046689d4bf784b908a048a58457d63" BRANCH ?= "master" S = "${WORKDIR}/git" diff --git a/recipes-support/softhsm-testtoken/files/createtoken.sh b/recipes-support/softhsm-testtoken/files/createtoken.sh index b01db47..b142945 100644 --- a/recipes-support/softhsm-testtoken/files/createtoken.sh +++ b/recipes-support/softhsm-testtoken/files/createtoken.sh @@ -5,7 +5,7 @@ if pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so -O; then exit 0 fi -if ! ls /var/sota/token/pkey.pem /var/sota/token/client.pem /var/sota/token/pkey.pem; then +if ! ls /var/sota/import/pkey.pem /var/sota/import/client.pem; then # Key/certificate pair is not present, repeat exit 1 fi @@ -13,14 +13,14 @@ fi mkdir -p /var/lib/softhsm/tokens softhsm2-util --init-token --slot 0 --label "Virtual token" --pin 1234 --so-pin 1234 -softhsm2-util --import /var/sota/token/pkey.pem --label "pkey" --id 02 --token 'Virtual token' --pin 1234 -openssl x509 -outform der -in /var/sota/token/client.pem -out /var/sota/token/client.der -pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --id 1 --write-object /var/sota/token/client.der --type cert --login --pin 1234 +softhsm2-util --import /var/sota/import/pkey.pem --label "pkey" --id 02 --token 'Virtual token' --pin 1234 +openssl x509 -outform der -in /var/sota/import/client.pem -out /var/sota/import/client.der +pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --id 1 --write-object /var/sota/import/client.der --type cert --login --pin 1234 # Import UPTANE keypair if it exists -if [ -f /var/sota/token/ecukey.pem ]; then - openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in /var/sota/token/ecukey.pem -out /var/sota/token/ecukey.p8 - softhsm2-util --import /var/sota/token/ecukey.p8 --label "uptanekey" --id 03 --token 'Virtual token' --pin 1234 +if [ -f /var/sota/import/ecukey.pem ]; then + openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in /var/sota/import/ecukey.pem -out /var/sota/import/ecukey.p8 + softhsm2-util --import /var/sota/import/ecukey.p8 --label "uptanekey" --id 03 --token 'Virtual token' --pin 1234 fi exit 0 -- cgit v1.2.3-54-g00ecf From ce01a745ed350cb79fdeabe0c4173ab7d30705d2 Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Fri, 14 Sep 2018 14:28:57 +0200 Subject: libp11: Bump to release 0.4.9. --- recipes-support/libp11/libp11_0.4.7.bb | 39 ---------------------------------- recipes-support/libp11/libp11_0.4.9.bb | 39 ++++++++++++++++++++++++++++++++++ 2 files changed, 39 insertions(+), 39 deletions(-) delete mode 100644 recipes-support/libp11/libp11_0.4.7.bb create mode 100644 recipes-support/libp11/libp11_0.4.9.bb diff --git a/recipes-support/libp11/libp11_0.4.7.bb b/recipes-support/libp11/libp11_0.4.7.bb deleted file mode 100644 index 00074e5..0000000 --- a/recipes-support/libp11/libp11_0.4.7.bb +++ /dev/null @@ -1,39 +0,0 @@ -SUMMARY = "Library for using PKCS" -DESCRIPTION = "\ -Libp11 is a library implementing a small layer on top of PKCS \ -make using PKCS" -HOMEPAGE = "http://www.opensc-project.org/libp11" -SECTION = "Development/Libraries" -LICENSE = "LGPLv2+" -LIC_FILES_CHKSUM = "file://COPYING;md5=fad9b3332be894bab9bc501572864b29" -DEPENDS = "libtool openssl" -RDEPENDS_${PN} += " opensc" - -SRC_URI = "git://github.com/OpenSC/libp11.git \ - file://0001-Workaround-for-a-buggy-version-of-openssl-1.0.2m.patch" -SRCREV = "da725ab727342083478150a203a3c80c4551feb4" - -S = "${WORKDIR}/git" - -inherit autotools pkgconfig - -# Currently, Makefile dependencies are incorrectly defined which causes build errors -# if the number of jobs is high -# See https://github.com/OpenSC/libp11/issues/94 -PARALLEL_MAKE = "" -EXTRA_OECONF = "--disable-static" - -do_install_append () { - rm -rf ${D}${libdir}/*.la - rm -rf ${D}${docdir}/${BPN} -} - -FILES_${PN} = "${libdir}/engines*/pkcs11.so \ - ${libdir}/engines*/libpkcs11${SOLIBS} \ - ${libdir}/libp11${SOLIBS}" - -FILES_${PN}-dev = " \ - ${libdir}/engines*/libpkcs11${SOLIBSDEV} \ - ${libdir}/libp11${SOLIBSDEV} \ - ${libdir}/pkgconfig/libp11.pc \ - /usr/include" diff --git a/recipes-support/libp11/libp11_0.4.9.bb b/recipes-support/libp11/libp11_0.4.9.bb new file mode 100644 index 0000000..6d0165f --- /dev/null +++ b/recipes-support/libp11/libp11_0.4.9.bb @@ -0,0 +1,39 @@ +SUMMARY = "Library for using PKCS" +DESCRIPTION = "\ +Libp11 is a library implementing a small layer on top of PKCS \ +make using PKCS" +HOMEPAGE = "http://www.opensc-project.org/libp11" +SECTION = "Development/Libraries" +LICENSE = "LGPLv2+" +LIC_FILES_CHKSUM = "file://COPYING;md5=fad9b3332be894bab9bc501572864b29" +DEPENDS = "libtool openssl" +RDEPENDS_${PN} += " opensc" + +SRC_URI = "git://github.com/OpenSC/libp11.git \ + file://0001-Workaround-for-a-buggy-version-of-openssl-1.0.2m.patch" +SRCREV = "e1210903291b1de9eabcad26e740a4b2fbcca692" + +S = "${WORKDIR}/git" + +inherit autotools pkgconfig + +# Currently, Makefile dependencies are incorrectly defined which causes build errors +# if the number of jobs is high +# See https://github.com/OpenSC/libp11/issues/94 +PARALLEL_MAKE = "" +EXTRA_OECONF = "--disable-static" + +do_install_append () { + rm -rf ${D}${libdir}/*.la + rm -rf ${D}${docdir}/${BPN} +} + +FILES_${PN} = "${libdir}/engines*/pkcs11.so \ + ${libdir}/engines*/libpkcs11${SOLIBS} \ + ${libdir}/libp11${SOLIBS}" + +FILES_${PN}-dev = " \ + ${libdir}/engines*/libpkcs11${SOLIBSDEV} \ + ${libdir}/libp11${SOLIBSDEV} \ + ${libdir}/pkgconfig/libp11.pc \ + /usr/include" -- cgit v1.2.3-54-g00ecf From 59c0347ac0731766f030de3df63f3792d6034a99 Mon Sep 17 00:00:00 2001 From: Laurent Bonnans Date: Fri, 14 Sep 2018 17:46:42 +0200 Subject: Update `installed_versions` passing to new location --- classes/image_types_ota.bbclass | 6 ++++-- recipes-sota/aktualizr/aktualizr_git.bb | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/classes/image_types_ota.bbclass b/classes/image_types_ota.bbclass index 360b746..4a51f24 100644 --- a/classes/image_types_ota.bbclass +++ b/classes/image_types_ota.bbclass @@ -99,7 +99,7 @@ IMAGE_CMD_otaimg () { cp -a ${IMAGE_ROOTFS}/var/sota ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/ || true # Create /var/sota if it doesn't exist yet - mkdir -p ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/sota || true + mkdir -p ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/sota # Ensure the permissions are correctly set chmod 700 ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/sota @@ -112,7 +112,9 @@ IMAGE_CMD_otaimg () { if [ -n "${GARAGE_TARGET_VERSION}" ]; then target_version=${GARAGE_TARGET_VERSION} fi - echo "{\"${ostree_target_hash}\":\"${GARAGE_TARGET_NAME}-${target_version}\"}" > ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/sota/installed_versions + mkdir -p ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/sota/import + echo "{\"${ostree_target_hash}\":\"${GARAGE_TARGET_NAME}-${target_version}\"}" > ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/sota/import/installed_versions + rm -rf ${HOME_TMP} # Calculate image type diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index 445f11e..16f4e41 100755 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -27,7 +27,7 @@ SRC_URI = " \ file://aktualizr-secondary.socket \ file://aktualizr-serialcan.service \ " -SRCREV = "8083d4fa67046689d4bf784b908a048a58457d63" +SRCREV = "090c463c6f1ec7a7ceae963cd7b4ba99aa74e1f5" BRANCH ?= "master" S = "${WORKDIR}/git" -- cgit v1.2.3-54-g00ecf From 607f8acaca28bfb166090bdfbcad292ef6e8c0d2 Mon Sep 17 00:00:00 2001 From: Laurent Bonnans Date: Mon, 17 Sep 2018 16:27:52 +0200 Subject: Do not run aktualizr-info --allow-migrate in tests --- lib/oeqa/selftest/cases/updater.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/oeqa/selftest/cases/updater.py b/lib/oeqa/selftest/cases/updater.py index 8686033..5f429a3 100644 --- a/lib/oeqa/selftest/cases/updater.py +++ b/lib/oeqa/selftest/cases/updater.py @@ -226,8 +226,8 @@ class ManualControlTests(OESelftestTestCase): Disable the systemd service then run aktualizr manually """ sleep(20) - stdout, stderr, retcode = self.qemu_command('aktualizr-info --allow-migrate') - self.assertIn(b'Fetched metadata: no', stdout, + stdout, stderr, retcode = self.qemu_command('aktualizr-info') + self.assertIn(b'Can\'t open database', stdout, 'Aktualizr should not have run yet' + stderr.decode() + stdout.decode()) stdout, stderr, retcode = self.qemu_command('aktualizr --running-mode=once') -- cgit v1.2.3-54-g00ecf From 2a12a28f9e3c5ecaae0fa21a66a32dcbfb4077fd Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Fri, 21 Sep 2018 13:58:16 +0200 Subject: aktualizr: bump to latest for campaign and test fixes. --- recipes-sota/aktualizr/aktualizr_git.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index 16f4e41..20008c9 100755 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -27,7 +27,7 @@ SRC_URI = " \ file://aktualizr-secondary.socket \ file://aktualizr-serialcan.service \ " -SRCREV = "090c463c6f1ec7a7ceae963cd7b4ba99aa74e1f5" +SRCREV = "487905ccb2a4b7e8b01becd051242fe504e85950" BRANCH ?= "master" S = "${WORKDIR}/git" -- cgit v1.2.3-54-g00ecf From 33306cbc2618b74040f3466ed1c652542ae6391c Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Tue, 3 Jul 2018 12:36:15 +0200 Subject: softhsm-testtoken: fix complaint about generic license location. --- recipes-support/softhsm-testtoken/softhsm-testtoken.bb | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/recipes-support/softhsm-testtoken/softhsm-testtoken.bb b/recipes-support/softhsm-testtoken/softhsm-testtoken.bb index c5691db..029fe1c 100644 --- a/recipes-support/softhsm-testtoken/softhsm-testtoken.bb +++ b/recipes-support/softhsm-testtoken/softhsm-testtoken.bb @@ -1,8 +1,6 @@ SUMMARY = "Mock smartcard for aktualizr" LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \ - file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" - +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302" inherit systemd -- cgit v1.2.3-54-g00ecf From b13161a489046d16c44d524a7774ba569f75f2b0 Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Tue, 3 Jul 2018 13:48:48 +0200 Subject: aktualizr tools: use generic MPL license instead of our own copy. --- recipes-sota/aktualizr/aktualizr-auto-prov.bb | 7 +- .../aktualizr/aktualizr-ca-implicit-prov.bb | 3 +- recipes-sota/aktualizr/aktualizr-hsm-prov.bb | 6 +- recipes-sota/aktualizr/aktualizr-implicit-prov.bb | 6 +- recipes-sota/aktualizr/files/LICENSE | 373 --------------------- recipes-sota/config/aktualizr-disable-send-ip.bb | 3 +- recipes-sota/config/aktualizr-example-interface.bb | 3 +- recipes-sota/config/aktualizr-log-debug.bb | 3 +- recipes-sota/config/files/LICENSE | 373 --------------------- 9 files changed, 11 insertions(+), 766 deletions(-) delete mode 100644 recipes-sota/aktualizr/files/LICENSE delete mode 100644 recipes-sota/config/files/LICENSE diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov.bb b/recipes-sota/aktualizr/aktualizr-auto-prov.bb index 77f8f22..9fa95ed 100644 --- a/recipes-sota/aktualizr/aktualizr-auto-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-auto-prov.bb @@ -3,15 +3,14 @@ DESCRIPTION = "Configuration for automatically provisioning Aktualizr, the SOTA HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" SECTION = "base" LICENSE = "MPL-2.0" -LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE;md5=9741c346eef56131163e13b9db1241b3" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" + DEPENDS = "aktualizr-native zip-native" RDEPENDS_${PN} = "aktualizr" PV = "1.0" PR = "6" -SRC_URI = " \ - file://LICENSE \ - " +SRC_URI = "" require environment.inc require credentials.inc diff --git a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb index 4d5ff79..1ad561c 100644 --- a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb @@ -7,13 +7,12 @@ DESCRIPTION = "Configuration for implicitly provisioning Aktualizr using externa HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" SECTION = "base" LICENSE = "MPL-2.0" -LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE;md5=9741c346eef56131163e13b9db1241b3" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" DEPENDS = "aktualizr-native openssl-native" RDEPENDS_${PN} = "aktualizr" SRC_URI = " \ - file://LICENSE \ file://ca.cnf \ " PV = "1.0" diff --git a/recipes-sota/aktualizr/aktualizr-hsm-prov.bb b/recipes-sota/aktualizr/aktualizr-hsm-prov.bb index a5ce3b0..e811424 100644 --- a/recipes-sota/aktualizr/aktualizr-hsm-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-hsm-prov.bb @@ -3,14 +3,12 @@ DESCRIPTION = "Configuration for HSM provisioning with Aktualizr, the SOTA Clien HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" SECTION = "base" LICENSE = "MPL-2.0" -LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE;md5=9741c346eef56131163e13b9db1241b3" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" DEPENDS = "aktualizr-native" RDEPENDS_${PN} = "aktualizr" -SRC_URI = " \ - file://LICENSE \ - " +SRC_URI = "" PV = "1.0" PR = "6" diff --git a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb index 544e83d..69ab03c 100644 --- a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb @@ -3,14 +3,12 @@ DESCRIPTION = "Configuration for implicitly provisioning Aktualizr, the SOTA Cli HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" SECTION = "base" LICENSE = "MPL-2.0" -LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE;md5=9741c346eef56131163e13b9db1241b3" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" DEPENDS = "aktualizr-native" RDEPENDS_${PN} = "aktualizr" -SRC_URI = " \ - file://LICENSE \ - " +SRC_URI = "" PV = "1.0" PR = "1" diff --git a/recipes-sota/aktualizr/files/LICENSE b/recipes-sota/aktualizr/files/LICENSE deleted file mode 100644 index a612ad9..0000000 --- a/recipes-sota/aktualizr/files/LICENSE +++ /dev/null @@ -1,373 +0,0 @@ -Mozilla Public License Version 2.0 -================================== - -1. Definitions --------------- - -1.1. "Contributor" - means each individual or legal entity that creates, contributes to - the creation of, or owns Covered Software. - -1.2. "Contributor Version" - means the combination of the Contributions of others (if any) used - by a Contributor and that particular Contributor's Contribution. - -1.3. "Contribution" - means Covered Software of a particular Contributor. - -1.4. "Covered Software" - means Source Code Form to which the initial Contributor has attached - the notice in Exhibit A, the Executable Form of such Source Code - Form, and Modifications of such Source Code Form, in each case - including portions thereof. - -1.5. "Incompatible With Secondary Licenses" - means - - (a) that the initial Contributor has attached the notice described - in Exhibit B to the Covered Software; or - - (b) that the Covered Software was made available under the terms of - version 1.1 or earlier of the License, but not also under the - terms of a Secondary License. - -1.6. "Executable Form" - means any form of the work other than Source Code Form. - -1.7. "Larger Work" - means a work that combines Covered Software with other material, in - a separate file or files, that is not Covered Software. - -1.8. "License" - means this document. - -1.9. "Licensable" - means having the right to grant, to the maximum extent possible, - whether at the time of the initial grant or subsequently, any and - all of the rights conveyed by this License. - -1.10. "Modifications" - means any of the following: - - (a) any file in Source Code Form that results from an addition to, - deletion from, or modification of the contents of Covered - Software; or - - (b) any new file in Source Code Form that contains any Covered - Software. - -1.11. "Patent Claims" of a Contributor - means any patent claim(s), including without limitation, method, - process, and apparatus claims, in any patent Licensable by such - Contributor that would be infringed, but for the grant of the - License, by the making, using, selling, offering for sale, having - made, import, or transfer of either its Contributions or its - Contributor Version. - -1.12. "Secondary License" - means either the GNU General Public License, Version 2.0, the GNU - Lesser General Public License, Version 2.1, the GNU Affero General - Public License, Version 3.0, or any later versions of those - licenses. - -1.13. "Source Code Form" - means the form of the work preferred for making modifications. - -1.14. "You" (or "Your") - means an individual or a legal entity exercising rights under this - License. For legal entities, "You" includes any entity that - controls, is controlled by, or is under common control with You. For - purposes of this definition, "control" means (a) the power, direct - or indirect, to cause the direction or management of such entity, - whether by contract or otherwise, or (b) ownership of more than - fifty percent (50%) of the outstanding shares or beneficial - ownership of such entity. - -2. License Grants and Conditions --------------------------------- - -2.1. Grants - -Each Contributor hereby grants You a world-wide, royalty-free, -non-exclusive license: - -(a) under intellectual property rights (other than patent or trademark) - Licensable by such Contributor to use, reproduce, make available, - modify, display, perform, distribute, and otherwise exploit its - Contributions, either on an unmodified basis, with Modifications, or - as part of a Larger Work; and - -(b) under Patent Claims of such Contributor to make, use, sell, offer - for sale, have made, import, and otherwise transfer either its - Contributions or its Contributor Version. - -2.2. Effective Date - -The licenses granted in Section 2.1 with respect to any Contribution -become effective for each Contribution on the date the Contributor first -distributes such Contribution. - -2.3. Limitations on Grant Scope - -The licenses granted in this Section 2 are the only rights granted under -this License. No additional rights or licenses will be implied from the -distribution or licensing of Covered Software under this License. -Notwithstanding Section 2.1(b) above, no patent license is granted by a -Contributor: - -(a) for any code that a Contributor has removed from Covered Software; - or - -(b) for infringements caused by: (i) Your and any other third party's - modifications of Covered Software, or (ii) the combination of its - Contributions with other software (except as part of its Contributor - Version); or - -(c) under Patent Claims infringed by Covered Software in the absence of - its Contributions. - -This License does not grant any rights in the trademarks, service marks, -or logos of any Contributor (except as may be necessary to comply with -the notice requirements in Section 3.4). - -2.4. Subsequent Licenses - -No Contributor makes additional grants as a result of Your choice to -distribute the Covered Software under a subsequent version of this -License (see Section 10.2) or under the terms of a Secondary License (if -permitted under the terms of Section 3.3). - -2.5. Representation - -Each Contributor represents that the Contributor believes its -Contributions are its original creation(s) or it has sufficient rights -to grant the rights to its Contributions conveyed by this License. - -2.6. Fair Use - -This License is not intended to limit any rights You have under -applicable copyright doctrines of fair use, fair dealing, or other -equivalents. - -2.7. Conditions - -Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted -in Section 2.1. - -3. Responsibilities -------------------- - -3.1. Distribution of Source Form - -All distribution of Covered Software in Source Code Form, including any -Modifications that You create or to which You contribute, must be under -the terms of this License. You must inform recipients that the Source -Code Form of the Covered Software is governed by the terms of this -License, and how they can obtain a copy of this License. You may not -attempt to alter or restrict the recipients' rights in the Source Code -Form. - -3.2. Distribution of Executable Form - -If You distribute Covered Software in Executable Form then: - -(a) such Covered Software must also be made available in Source Code - Form, as described in Section 3.1, and You must inform recipients of - the Executable Form how they can obtain a copy of such Source Code - Form by reasonable means in a timely manner, at a charge no more - than the cost of distribution to the recipient; and - -(b) You may distribute such Executable Form under the terms of this - License, or sublicense it under different terms, provided that the - license for the Executable Form does not attempt to limit or alter - the recipients' rights in the Source Code Form under this License. - -3.3. Distribution of a Larger Work - -You may create and distribute a Larger Work under terms of Your choice, -provided that You also comply with the requirements of this License for -the Covered Software. If the Larger Work is a combination of Covered -Software with a work governed by one or more Secondary Licenses, and the -Covered Software is not Incompatible With Secondary Licenses, this -License permits You to additionally distribute such Covered Software -under the terms of such Secondary License(s), so that the recipient of -the Larger Work may, at their option, further distribute the Covered -Software under the terms of either this License or such Secondary -License(s). - -3.4. Notices - -You may not remove or alter the substance of any license notices -(including copyright notices, patent notices, disclaimers of warranty, -or limitations of liability) contained within the Source Code Form of -the Covered Software, except that You may alter any license notices to -the extent required to remedy known factual inaccuracies. - -3.5. Application of Additional Terms - -You may choose to offer, and to charge a fee for, warranty, support, -indemnity or liability obligations to one or more recipients of Covered -Software. However, You may do so only on Your own behalf, and not on -behalf of any Contributor. You must make it absolutely clear that any -such warranty, support, indemnity, or liability obligation is offered by -You alone, and You hereby agree to indemnify every Contributor for any -liability incurred by such Contributor as a result of warranty, support, -indemnity or liability terms You offer. You may include additional -disclaimers of warranty and limitations of liability specific to any -jurisdiction. - -4. Inability to Comply Due to Statute or Regulation ---------------------------------------------------- - -If it is impossible for You to comply with any of the terms of this -License with respect to some or all of the Covered Software due to -statute, judicial order, or regulation then You must: (a) comply with -the terms of this License to the maximum extent possible; and (b) -describe the limitations and the code they affect. Such description must -be placed in a text file included with all distributions of the Covered -Software under this License. Except to the extent prohibited by statute -or regulation, such description must be sufficiently detailed for a -recipient of ordinary skill to be able to understand it. - -5. Termination --------------- - -5.1. The rights granted under this License will terminate automatically -if You fail to comply with any of its terms. However, if You become -compliant, then the rights granted under this License from a particular -Contributor are reinstated (a) provisionally, unless and until such -Contributor explicitly and finally terminates Your grants, and (b) on an -ongoing basis, if such Contributor fails to notify You of the -non-compliance by some reasonable means prior to 60 days after You have -come back into compliance. Moreover, Your grants from a particular -Contributor are reinstated on an ongoing basis if such Contributor -notifies You of the non-compliance by some reasonable means, this is the -first time You have received notice of non-compliance with this License -from such Contributor, and You become compliant prior to 30 days after -Your receipt of the notice. - -5.2. If You initiate litigation against any entity by asserting a patent -infringement claim (excluding declaratory judgment actions, -counter-claims, and cross-claims) alleging that a Contributor Version -directly or indirectly infringes any patent, then the rights granted to -You by any and all Contributors for the Covered Software under Section -2.1 of this License shall terminate. - -5.3. In the event of termination under Sections 5.1 or 5.2 above, all -end user license agreements (excluding distributors and resellers) which -have been validly granted by You or Your distributors under this License -prior to termination shall survive termination. - -************************************************************************ -* * -* 6. Disclaimer of Warranty * -* ------------------------- * -* * -* Covered Software is provided under this License on an "as is" * -* basis, without warranty of any kind, either expressed, implied, or * -* statutory, including, without limitation, warranties that the * -* Covered Software is free of defects, merchantable, fit for a * -* particular purpose or non-infringing. The entire risk as to the * -* quality and performance of the Covered Software is with You. * -* Should any Covered Software prove defective in any respect, You * -* (not any Contributor) assume the cost of any necessary servicing, * -* repair, or correction. This disclaimer of warranty constitutes an * -* essential part of this License. No use of any Covered Software is * -* authorized under this License except under this disclaimer. * -* * -************************************************************************ - -************************************************************************ -* * -* 7. Limitation of Liability * -* -------------------------- * -* * -* Under no circumstances and under no legal theory, whether tort * -* (including negligence), contract, or otherwise, shall any * -* Contributor, or anyone who distributes Covered Software as * -* permitted above, be liable to You for any direct, indirect, * -* special, incidental, or consequential damages of any character * -* including, without limitation, damages for lost profits, loss of * -* goodwill, work stoppage, computer failure or malfunction, or any * -* and all other commercial damages or losses, even if such party * -* shall have been informed of the possibility of such damages. This * -* limitation of liability shall not apply to liability for death or * -* personal injury resulting from such party's negligence to the * -* extent applicable law prohibits such limitation. Some * -* jurisdictions do not allow the exclusion or limitation of * -* incidental or consequential damages, so this exclusion and * -* limitation may not apply to You. * -* * -************************************************************************ - -8. Litigation -------------- - -Any litigation relating to this License may be brought only in the -courts of a jurisdiction where the defendant maintains its principal -place of business and such litigation shall be governed by laws of that -jurisdiction, without reference to its conflict-of-law provisions. -Nothing in this Section shall prevent a party's ability to bring -cross-claims or counter-claims. - -9. Miscellaneous ----------------- - -This License represents the complete agreement concerning the subject -matter hereof. If any provision of this License is held to be -unenforceable, such provision shall be reformed only to the extent -necessary to make it enforceable. Any law or regulation which provides -that the language of a contract shall be construed against the drafter -shall not be used to construe this License against a Contributor. - -10. Versions of the License ---------------------------- - -10.1. New Versions - -Mozilla Foundation is the license steward. Except as provided in Section -10.3, no one other than the license steward has the right to modify or -publish new versions of this License. Each version will be given a -distinguishing version number. - -10.2. Effect of New Versions - -You may distribute the Covered Software under the terms of the version -of the License under which You originally received the Covered Software, -or under the terms of any subsequent version published by the license -steward. - -10.3. Modified Versions - -If you create software not governed by this License, and you want to -create a new license for such software, you may create and use a -modified version of this License if you rename the license and remove -any references to the name of the license steward (except to note that -such modified license differs from this License). - -10.4. Distributing Source Code Form that is Incompatible With Secondary -Licenses - -If You choose to distribute Source Code Form that is Incompatible With -Secondary Licenses under the terms of this version of the License, the -notice described in Exhibit B of this License must be attached. - -Exhibit A - Source Code Form License Notice -------------------------------------------- - - This Source Code Form is subject to the terms of the Mozilla Public - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. - -If it is not possible or desirable to put the notice in a particular -file, then You may include the notice in a location (such as a LICENSE -file in a relevant directory) where a recipient would be likely to look -for such a notice. - -You may add additional accurate notices of copyright ownership. - -Exhibit B - "Incompatible With Secondary Licenses" Notice ---------------------------------------------------------- - - This Source Code Form is "Incompatible With Secondary Licenses", as - defined by the Mozilla Public License, v. 2.0. diff --git a/recipes-sota/config/aktualizr-disable-send-ip.bb b/recipes-sota/config/aktualizr-disable-send-ip.bb index cab7696..8dd2647 100644 --- a/recipes-sota/config/aktualizr-disable-send-ip.bb +++ b/recipes-sota/config/aktualizr-disable-send-ip.bb @@ -3,10 +3,9 @@ DESCRIPTION = "Configures aktualizr to disable IP reporting to the server" HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" SECTION = "base" LICENSE = "MPL-2.0" -LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE;md5=9741c346eef56131163e13b9db1241b3" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" SRC_URI = " \ - file://LICENSE \ file://30-disable-send-ip.toml \ " diff --git a/recipes-sota/config/aktualizr-example-interface.bb b/recipes-sota/config/aktualizr-example-interface.bb index 37a9184..ac75352 100644 --- a/recipes-sota/config/aktualizr-example-interface.bb +++ b/recipes-sota/config/aktualizr-example-interface.bb @@ -3,10 +3,9 @@ DESCRIPTION = "Aktualizr example interface for legacy secondaries" HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" SECTION = "base" LICENSE = "MPL-2.0" -LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE;md5=9741c346eef56131163e13b9db1241b3" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" SRC_URI = " \ - file://LICENSE \ file://30-example-interface.toml \ " diff --git a/recipes-sota/config/aktualizr-log-debug.bb b/recipes-sota/config/aktualizr-log-debug.bb index e628616..098faf4 100644 --- a/recipes-sota/config/aktualizr-log-debug.bb +++ b/recipes-sota/config/aktualizr-log-debug.bb @@ -3,10 +3,9 @@ DESCRIPTION = "Configures aktualizr to log at a debugging level" HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" SECTION = "base" LICENSE = "MPL-2.0" -LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE;md5=9741c346eef56131163e13b9db1241b3" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" SRC_URI = " \ - file://LICENSE \ file://05-log-debug.toml \ " diff --git a/recipes-sota/config/files/LICENSE b/recipes-sota/config/files/LICENSE deleted file mode 100644 index a612ad9..0000000 --- a/recipes-sota/config/files/LICENSE +++ /dev/null @@ -1,373 +0,0 @@ -Mozilla Public License Version 2.0 -================================== - -1. Definitions --------------- - -1.1. "Contributor" - means each individual or legal entity that creates, contributes to - the creation of, or owns Covered Software. - -1.2. "Contributor Version" - means the combination of the Contributions of others (if any) used - by a Contributor and that particular Contributor's Contribution. - -1.3. "Contribution" - means Covered Software of a particular Contributor. - -1.4. "Covered Software" - means Source Code Form to which the initial Contributor has attached - the notice in Exhibit A, the Executable Form of such Source Code - Form, and Modifications of such Source Code Form, in each case - including portions thereof. - -1.5. "Incompatible With Secondary Licenses" - means - - (a) that the initial Contributor has attached the notice described - in Exhibit B to the Covered Software; or - - (b) that the Covered Software was made available under the terms of - version 1.1 or earlier of the License, but not also under the - terms of a Secondary License. - -1.6. "Executable Form" - means any form of the work other than Source Code Form. - -1.7. "Larger Work" - means a work that combines Covered Software with other material, in - a separate file or files, that is not Covered Software. - -1.8. "License" - means this document. - -1.9. "Licensable" - means having the right to grant, to the maximum extent possible, - whether at the time of the initial grant or subsequently, any and - all of the rights conveyed by this License. - -1.10. "Modifications" - means any of the following: - - (a) any file in Source Code Form that results from an addition to, - deletion from, or modification of the contents of Covered - Software; or - - (b) any new file in Source Code Form that contains any Covered - Software. - -1.11. "Patent Claims" of a Contributor - means any patent claim(s), including without limitation, method, - process, and apparatus claims, in any patent Licensable by such - Contributor that would be infringed, but for the grant of the - License, by the making, using, selling, offering for sale, having - made, import, or transfer of either its Contributions or its - Contributor Version. - -1.12. "Secondary License" - means either the GNU General Public License, Version 2.0, the GNU - Lesser General Public License, Version 2.1, the GNU Affero General - Public License, Version 3.0, or any later versions of those - licenses. - -1.13. "Source Code Form" - means the form of the work preferred for making modifications. - -1.14. "You" (or "Your") - means an individual or a legal entity exercising rights under this - License. For legal entities, "You" includes any entity that - controls, is controlled by, or is under common control with You. For - purposes of this definition, "control" means (a) the power, direct - or indirect, to cause the direction or management of such entity, - whether by contract or otherwise, or (b) ownership of more than - fifty percent (50%) of the outstanding shares or beneficial - ownership of such entity. - -2. License Grants and Conditions --------------------------------- - -2.1. Grants - -Each Contributor hereby grants You a world-wide, royalty-free, -non-exclusive license: - -(a) under intellectual property rights (other than patent or trademark) - Licensable by such Contributor to use, reproduce, make available, - modify, display, perform, distribute, and otherwise exploit its - Contributions, either on an unmodified basis, with Modifications, or - as part of a Larger Work; and - -(b) under Patent Claims of such Contributor to make, use, sell, offer - for sale, have made, import, and otherwise transfer either its - Contributions or its Contributor Version. - -2.2. Effective Date - -The licenses granted in Section 2.1 with respect to any Contribution -become effective for each Contribution on the date the Contributor first -distributes such Contribution. - -2.3. Limitations on Grant Scope - -The licenses granted in this Section 2 are the only rights granted under -this License. No additional rights or licenses will be implied from the -distribution or licensing of Covered Software under this License. -Notwithstanding Section 2.1(b) above, no patent license is granted by a -Contributor: - -(a) for any code that a Contributor has removed from Covered Software; - or - -(b) for infringements caused by: (i) Your and any other third party's - modifications of Covered Software, or (ii) the combination of its - Contributions with other software (except as part of its Contributor - Version); or - -(c) under Patent Claims infringed by Covered Software in the absence of - its Contributions. - -This License does not grant any rights in the trademarks, service marks, -or logos of any Contributor (except as may be necessary to comply with -the notice requirements in Section 3.4). - -2.4. Subsequent Licenses - -No Contributor makes additional grants as a result of Your choice to -distribute the Covered Software under a subsequent version of this -License (see Section 10.2) or under the terms of a Secondary License (if -permitted under the terms of Section 3.3). - -2.5. Representation - -Each Contributor represents that the Contributor believes its -Contributions are its original creation(s) or it has sufficient rights -to grant the rights to its Contributions conveyed by this License. - -2.6. Fair Use - -This License is not intended to limit any rights You have under -applicable copyright doctrines of fair use, fair dealing, or other -equivalents. - -2.7. Conditions - -Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted -in Section 2.1. - -3. Responsibilities -------------------- - -3.1. Distribution of Source Form - -All distribution of Covered Software in Source Code Form, including any -Modifications that You create or to which You contribute, must be under -the terms of this License. You must inform recipients that the Source -Code Form of the Covered Software is governed by the terms of this -License, and how they can obtain a copy of this License. You may not -attempt to alter or restrict the recipients' rights in the Source Code -Form. - -3.2. Distribution of Executable Form - -If You distribute Covered Software in Executable Form then: - -(a) such Covered Software must also be made available in Source Code - Form, as described in Section 3.1, and You must inform recipients of - the Executable Form how they can obtain a copy of such Source Code - Form by reasonable means in a timely manner, at a charge no more - than the cost of distribution to the recipient; and - -(b) You may distribute such Executable Form under the terms of this - License, or sublicense it under different terms, provided that the - license for the Executable Form does not attempt to limit or alter - the recipients' rights in the Source Code Form under this License. - -3.3. Distribution of a Larger Work - -You may create and distribute a Larger Work under terms of Your choice, -provided that You also comply with the requirements of this License for -the Covered Software. If the Larger Work is a combination of Covered -Software with a work governed by one or more Secondary Licenses, and the -Covered Software is not Incompatible With Secondary Licenses, this -License permits You to additionally distribute such Covered Software -under the terms of such Secondary License(s), so that the recipient of -the Larger Work may, at their option, further distribute the Covered -Software under the terms of either this License or such Secondary -License(s). - -3.4. Notices - -You may not remove or alter the substance of any license notices -(including copyright notices, patent notices, disclaimers of warranty, -or limitations of liability) contained within the Source Code Form of -the Covered Software, except that You may alter any license notices to -the extent required to remedy known factual inaccuracies. - -3.5. Application of Additional Terms - -You may choose to offer, and to charge a fee for, warranty, support, -indemnity or liability obligations to one or more recipients of Covered -Software. However, You may do so only on Your own behalf, and not on -behalf of any Contributor. You must make it absolutely clear that any -such warranty, support, indemnity, or liability obligation is offered by -You alone, and You hereby agree to indemnify every Contributor for any -liability incurred by such Contributor as a result of warranty, support, -indemnity or liability terms You offer. You may include additional -disclaimers of warranty and limitations of liability specific to any -jurisdiction. - -4. Inability to Comply Due to Statute or Regulation ---------------------------------------------------- - -If it is impossible for You to comply with any of the terms of this -License with respect to some or all of the Covered Software due to -statute, judicial order, or regulation then You must: (a) comply with -the terms of this License to the maximum extent possible; and (b) -describe the limitations and the code they affect. Such description must -be placed in a text file included with all distributions of the Covered -Software under this License. Except to the extent prohibited by statute -or regulation, such description must be sufficiently detailed for a -recipient of ordinary skill to be able to understand it. - -5. Termination --------------- - -5.1. The rights granted under this License will terminate automatically -if You fail to comply with any of its terms. However, if You become -compliant, then the rights granted under this License from a particular -Contributor are reinstated (a) provisionally, unless and until such -Contributor explicitly and finally terminates Your grants, and (b) on an -ongoing basis, if such Contributor fails to notify You of the -non-compliance by some reasonable means prior to 60 days after You have -come back into compliance. Moreover, Your grants from a particular -Contributor are reinstated on an ongoing basis if such Contributor -notifies You of the non-compliance by some reasonable means, this is the -first time You have received notice of non-compliance with this License -from such Contributor, and You become compliant prior to 30 days after -Your receipt of the notice. - -5.2. If You initiate litigation against any entity by asserting a patent -infringement claim (excluding declaratory judgment actions, -counter-claims, and cross-claims) alleging that a Contributor Version -directly or indirectly infringes any patent, then the rights granted to -You by any and all Contributors for the Covered Software under Section -2.1 of this License shall terminate. - -5.3. In the event of termination under Sections 5.1 or 5.2 above, all -end user license agreements (excluding distributors and resellers) which -have been validly granted by You or Your distributors under this License -prior to termination shall survive termination. - -************************************************************************ -* * -* 6. Disclaimer of Warranty * -* ------------------------- * -* * -* Covered Software is provided under this License on an "as is" * -* basis, without warranty of any kind, either expressed, implied, or * -* statutory, including, without limitation, warranties that the * -* Covered Software is free of defects, merchantable, fit for a * -* particular purpose or non-infringing. The entire risk as to the * -* quality and performance of the Covered Software is with You. * -* Should any Covered Software prove defective in any respect, You * -* (not any Contributor) assume the cost of any necessary servicing, * -* repair, or correction. This disclaimer of warranty constitutes an * -* essential part of this License. No use of any Covered Software is * -* authorized under this License except under this disclaimer. * -* * -************************************************************************ - -************************************************************************ -* * -* 7. Limitation of Liability * -* -------------------------- * -* * -* Under no circumstances and under no legal theory, whether tort * -* (including negligence), contract, or otherwise, shall any * -* Contributor, or anyone who distributes Covered Software as * -* permitted above, be liable to You for any direct, indirect, * -* special, incidental, or consequential damages of any character * -* including, without limitation, damages for lost profits, loss of * -* goodwill, work stoppage, computer failure or malfunction, or any * -* and all other commercial damages or losses, even if such party * -* shall have been informed of the possibility of such damages. This * -* limitation of liability shall not apply to liability for death or * -* personal injury resulting from such party's negligence to the * -* extent applicable law prohibits such limitation. Some * -* jurisdictions do not allow the exclusion or limitation of * -* incidental or consequential damages, so this exclusion and * -* limitation may not apply to You. * -* * -************************************************************************ - -8. Litigation -------------- - -Any litigation relating to this License may be brought only in the -courts of a jurisdiction where the defendant maintains its principal -place of business and such litigation shall be governed by laws of that -jurisdiction, without reference to its conflict-of-law provisions. -Nothing in this Section shall prevent a party's ability to bring -cross-claims or counter-claims. - -9. Miscellaneous ----------------- - -This License represents the complete agreement concerning the subject -matter hereof. If any provision of this License is held to be -unenforceable, such provision shall be reformed only to the extent -necessary to make it enforceable. Any law or regulation which provides -that the language of a contract shall be construed against the drafter -shall not be used to construe this License against a Contributor. - -10. Versions of the License ---------------------------- - -10.1. New Versions - -Mozilla Foundation is the license steward. Except as provided in Section -10.3, no one other than the license steward has the right to modify or -publish new versions of this License. Each version will be given a -distinguishing version number. - -10.2. Effect of New Versions - -You may distribute the Covered Software under the terms of the version -of the License under which You originally received the Covered Software, -or under the terms of any subsequent version published by the license -steward. - -10.3. Modified Versions - -If you create software not governed by this License, and you want to -create a new license for such software, you may create and use a -modified version of this License if you rename the license and remove -any references to the name of the license steward (except to note that -such modified license differs from this License). - -10.4. Distributing Source Code Form that is Incompatible With Secondary -Licenses - -If You choose to distribute Source Code Form that is Incompatible With -Secondary Licenses under the terms of this version of the License, the -notice described in Exhibit B of this License must be attached. - -Exhibit A - Source Code Form License Notice -------------------------------------------- - - This Source Code Form is subject to the terms of the Mozilla Public - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. - -If it is not possible or desirable to put the notice in a particular -file, then You may include the notice in a location (such as a LICENSE -file in a relevant directory) where a recipient would be likely to look -for such a notice. - -You may add additional accurate notices of copyright ownership. - -Exhibit B - "Incompatible With Secondary Licenses" Notice ---------------------------------------------------------- - - This Source Code Form is "Incompatible With Secondary Licenses", as - defined by the Mozilla Public License, v. 2.0. -- cgit v1.2.3-54-g00ecf From 5033efdb67c1f18e63c65c23a1bf029123995928 Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Tue, 2 Oct 2018 12:43:15 +0200 Subject: aktualizr-uboot-env-rollback: Use generic MPL-2.0 license. --- recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb b/recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb index c9753e4..cf75e79 100644 --- a/recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb +++ b/recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb @@ -2,14 +2,10 @@ SUMMARY = "Aktualizr configuration snippet to enable uboot bootcount function" HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" SECTION = "base" LICENSE = "MPL-2.0" -LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE;md5=9741c346eef56131163e13b9db1241b3" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" DEPENDS = "aktualizr-native" RDEPENDS_${PN} = "aktualizr" -SRC_URI = " \ - file://LICENSE \ - " - do_install() { install -m 0700 -d ${D}${libdir}/sota/conf.d install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_uboot_env.toml ${D}${libdir}/sota/conf.d/30-rollback.toml -- cgit v1.2.3-54-g00ecf From 0e3423aa8e92a7846f55fbb530ddd1a67f262f6d Mon Sep 17 00:00:00 2001 From: Anton Gerasimov Date: Wed, 5 Sep 2018 16:22:07 +0200 Subject: Add SOTA_DEPLOY_CREDENTIALS variable to control whether the built image should be provisioned --- README.adoc | 1 + classes/sota.bbclass | 2 + .../aktualizr/aktualizr-auto-prov-creds.bb | 23 ++++++++++ recipes-sota/aktualizr/aktualizr-auto-prov.bb | 20 +++------ .../aktualizr/aktualizr-ca-implicit-prov-creds.bb | 50 ++++++++++++++++++++++ .../aktualizr/aktualizr-ca-implicit-prov.bb | 46 ++------------------ recipes-sota/aktualizr/aktualizr-hsm-prov.bb | 9 +--- recipes-sota/aktualizr/aktualizr-implicit-prov.bb | 35 --------------- recipes-sota/aktualizr/aktualizr_git.bb | 7 ++- 9 files changed, 90 insertions(+), 103 deletions(-) create mode 100644 recipes-sota/aktualizr/aktualizr-auto-prov-creds.bb create mode 100644 recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb delete mode 100644 recipes-sota/aktualizr/aktualizr-implicit-prov.bb diff --git a/README.adoc b/README.adoc index d2bd4b5..d8e5f4d 100644 --- a/README.adoc +++ b/README.adoc @@ -80,6 +80,7 @@ Although we have used U-Boot so far, other boot loaders can be configured work w * `OSTREE_OSNAME` - OS deployment name on your target device. For more information about deployments and osnames see the https://ostree.readthedocs.io/en/latest/manual/deployment/[OSTree documentation]. Defaults to "poky". * `OSTREE_INITRAMFS_IMAGE` - initramfs/initrd image that is used as a proxy while booting into OSTree deployment. Do not change this setting unless you are sure that your initramfs can serve as such a proxy. * `SOTA_PACKED_CREDENTIALS` - when set, your ostree commit will be pushed to a remote repo as a bitbake step. This should be the path to a zipped credentials file in https://github.com/advancedtelematic/aktualizr/blob/master/docs/credentials.adoc[the format accepted by garage-push]. +* `SOTA_DEPLOY_CREDENTIALS` - when set to '1' (default value), deploys credentials to the built image. Override it in `local.conf` to built a generic image that can be provisioned manually after the build. * `SOTA_CLIENT_PROV` - which provisioning method to use. Valid options are https://github.com/advancedtelematic/aktualizr/blob/master/docs/automatic-provisioning.adoc[`aktualizr-auto-prov`], https://github.com/advancedtelematic/aktualizr/blob/master/docs/implicit-provisioning.adoc[`aktualizr-implicit-prov`], and https://github.com/advancedtelematic/aktualizr/blob/master/docs/hsm-provisioning.adoc[`aktualizr-hsm-prov`]. The default is `aktualizr-auto-prov`. This can also be set to an empty string to avoid using a provisioning recipe. * `SOTA_CLIENT_FEATURES` - extensions to aktualizr. The only valid options are `hsm` (to build with HSM support) and `secondary-network` (to set up a simulated 'in-vehicle' network with support for a primary node with a DHCP server and a secondary node with a DHCP client). * `SOTA_SECONDARY_ECUS` - a list of paths separated by spaces of JSON configuration files for virtual secondaries on the host. These will be installed into `/var/sota/ecus` on the device. diff --git a/classes/sota.bbclass b/classes/sota.bbclass index fbd8534..657fbc2 100644 --- a/classes/sota.bbclass +++ b/classes/sota.bbclass @@ -9,6 +9,8 @@ HOSTTOOLS_NONFATAL += "java" SOTA_CLIENT ??= "aktualizr" SOTA_CLIENT_PROV ??= "aktualizr-auto-prov" +SOTA_DEPLOY_CREDENTIALS ?= "1" + IMAGE_INSTALL_append_sota = " ostree os-release ${SOTA_CLIENT} ${SOTA_CLIENT_PROV}" IMAGE_CLASSES += " image_types_ostree image_types_ota" IMAGE_FSTYPES += "${@bb.utils.contains('DISTRO_FEATURES', 'sota', 'ostreepush garagesign garagecheck otaimg wic', ' ', d)}" diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-auto-prov-creds.bb new file mode 100644 index 0000000..d964a0a --- /dev/null +++ b/recipes-sota/aktualizr/aktualizr-auto-prov-creds.bb @@ -0,0 +1,23 @@ +SUMMARY = "Credentials for autoprovisioning scenario" +SECTION = "base" +LICENSE = "MPL-2.0" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" + +DEPENDS = "aktualizr-native zip-native" + +require credentials.inc + +do_install() { + if [ -n ${SOTA_PACKED_CREDENTIALS} ]; then + install -m 0700 -d ${D}${localstatedir}/sota + cp ${SOTA_PACKED_CREDENTIALS} ${D}${localstatedir}/sota/sota_provisioning_credentials.zip + # Device should not be able to push data to treehub + zip -d ${D}${localstatedir}/sota/sota_provisioning_credentials.zip treehub.json + fi +} + +FILES_${PN} = " \ + ${localstatedir}/sota/sota_provisioning_credentials.zip \ + " + +# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov.bb b/recipes-sota/aktualizr/aktualizr-auto-prov.bb index 9fa95ed..65e89bd 100644 --- a/recipes-sota/aktualizr/aktualizr-auto-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-auto-prov.bb @@ -6,7 +6,8 @@ LICENSE = "MPL-2.0" LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" DEPENDS = "aktualizr-native zip-native" -RDEPENDS_${PN} = "aktualizr" +RDEPENDS_${PN}_append = "${@' aktualizr-auto-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS', True) == '1' else ''}" +RDEPENDS_${PN} = " aktualizr" PV = "1.0" PR = "6" @@ -31,19 +32,10 @@ do_install() { install -m 0700 -d ${D}${libdir}/sota/conf.d install -m 0700 -d ${D}${localstatedir}/sota - if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then - aktualizr_toml=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-network', 'sota_autoprov_primary.toml', 'sota_autoprov.toml', d)} - - install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/${aktualizr_toml} \ - ${D}${libdir}/sota/conf.d/20-${aktualizr_toml} - - # deploy SOTA credentials - if [ -e ${SOTA_PACKED_CREDENTIALS} ]; then - cp ${SOTA_PACKED_CREDENTIALS} ${D}${localstatedir}/sota/sota_provisioning_credentials.zip - # Device should not be able to push data to treehub - zip -d ${D}${localstatedir}/sota/sota_provisioning_credentials.zip treehub.json - fi - fi + aktualizr_toml=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-network', 'sota_autoprov_primary.toml', 'sota_autoprov.toml', d)} + + install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/${aktualizr_toml} \ + ${D}${libdir}/sota/conf.d/20-${aktualizr_toml} } FILES_${PN} = " \ diff --git a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb new file mode 100644 index 0000000..5debc19 --- /dev/null +++ b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb @@ -0,0 +1,50 @@ +SUMMARY = "Credentials for implicit provisioning with CA certificate" +SECTION = "base" +LICENSE = "MPL-2.0" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" + +DEPENDS = "aktualizr aktualizr-native" + +SRC_URI = " \ + file://ca.cnf \ + " + +require credentials.inc + +export SOTA_CACERT_PATH +export SOTA_CAKEY_PATH + +do_install() { + if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then + if [ -z ${SOTA_CACERT_PATH} ]; then + SOTA_CACERT_PATH=${DEPLOY_DIR_IMAGE}/CA/cacert.pem + SOTA_CAKEY_PATH=${DEPLOY_DIR_IMAGE}/CA/ca.private.pem + mkdir -p ${DEPLOY_DIR_IMAGE}/CA + bbwarn "SOTA_CACERT_PATH is not specified, use default one at $SOTA_CACERT_PATH" + + if [ ! -f ${SOTA_CACERT_PATH} ]; then + bbwarn "${SOTA_CACERT_PATH} does not exist, generate a new CA" + SOTA_CACERT_DIR_PATH="$(dirname "$SOTA_CACERT_PATH")" + openssl genrsa -out ${SOTA_CACERT_DIR_PATH}/ca.private.pem 4096 + openssl req -key ${SOTA_CACERT_DIR_PATH}/ca.private.pem -new -x509 -days 7300 -out ${SOTA_CACERT_PATH} -subj "/C=DE/ST=Berlin/O=Reis und Kichererbsen e.V/commonName=meta-updater" -batch -config ${WORKDIR}/ca.cnf -extensions cacert + bbwarn "${SOTA_CACERT_PATH} has been created, you'll need to upload it to the server" + fi + fi + + if [ -z ${SOTA_CAKEY_PATH} ]; then + bberror "SOTA_CAKEY_PATH should be set when using implicit provisioning" + fi + + install -m 0700 -d ${D}${localstatedir}/sota + aktualizr_cert_provider --credentials ${SOTA_PACKED_CREDENTIALS} \ + --device-ca ${SOTA_CACERT_PATH} \ + --device-ca-key ${SOTA_CAKEY_PATH} \ + --root-ca \ + --server-url \ + --local ${D} \ + --config ${STAGING_DIR_HOST}${libdir}/sota/sota_implicit_prov_ca.toml + fi +} + +FILES_${PN} = " \ + ${localstatedir}/sota/*" diff --git a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb index 1ad561c..2763185 100644 --- a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb @@ -9,64 +9,24 @@ SECTION = "base" LICENSE = "MPL-2.0" LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" -DEPENDS = "aktualizr-native openssl-native" -RDEPENDS_${PN} = "aktualizr" +DEPENDS = "aktualizr aktualizr-native openssl-native" +RDEPENDS_${PN}_append = "${@' aktualizr-ca-implicit-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS', True) == '1' else ''}" -SRC_URI = " \ - file://ca.cnf \ - " PV = "1.0" PR = "1" require environment.inc require credentials.inc -export SOTA_CACERT_PATH -export SOTA_CAKEY_PATH - do_install() { install -m 0700 -d ${D}${libdir}/sota/conf.d - if [ -z "${SOTA_PACKED_CREDENTIALS}" ]; then - bberror "SOTA_PACKED_CREDENTIALS are required for implicit provisioning" - fi - - if [ -z ${SOTA_CACERT_PATH} ]; then - SOTA_CACERT_PATH=${DEPLOY_DIR_IMAGE}/CA/cacert.pem - SOTA_CAKEY_PATH=${DEPLOY_DIR_IMAGE}/CA/ca.private.pem - mkdir -p ${DEPLOY_DIR_IMAGE}/CA - bbwarn "SOTA_CACERT_PATH is not specified, use default one at $SOTA_CACERT_PATH" - - if [ ! -f ${SOTA_CACERT_PATH} ]; then - bbwarn "${SOTA_CACERT_PATH} does not exist, generate a new CA" - SOTA_CACERT_DIR_PATH="$(dirname "$SOTA_CACERT_PATH")" - openssl genrsa -out ${SOTA_CACERT_DIR_PATH}/ca.private.pem 4096 - openssl req -key ${SOTA_CACERT_DIR_PATH}/ca.private.pem -new -x509 -days 7300 -out ${SOTA_CACERT_PATH} -subj "/C=DE/ST=Berlin/O=Reis und Kichererbsen e.V/commonName=meta-updater" -batch -config ${WORKDIR}/ca.cnf -extensions cacert - bbwarn "${SOTA_CACERT_PATH} has been created, you'll need to upload it to the server" - fi - fi - - if [ -z ${SOTA_CAKEY_PATH} ]; then - bberror "SOTA_CAKEY_PATH should be set when using implicit provisioning" - fi - - install -m 0700 -d ${D}${localstatedir}/sota - install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov_ca.toml \ + install -m 0644 ${STAGING_DIR_HOST}${libdir}/sota/sota_implicit_prov_ca.toml \ ${D}${libdir}/sota/conf.d/20-sota_implicit_prov_ca.toml - aktualizr_cert_provider --credentials ${SOTA_PACKED_CREDENTIALS} \ - --device-ca ${SOTA_CACERT_PATH} \ - --device-ca-key ${SOTA_CAKEY_PATH} \ - --root-ca \ - --server-url \ - --local ${D}${localstatedir}/sota \ - --config ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov_ca.toml } FILES_${PN} = " \ - ${libdir}/sota/conf.d \ ${libdir}/sota/conf.d/20-sota_implicit_prov_ca.toml \ - ${libdir}/sota/root.crt \ - ${localstatedir}/sota/* \ " # vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/recipes-sota/aktualizr/aktualizr-hsm-prov.bb b/recipes-sota/aktualizr/aktualizr-hsm-prov.bb index e811424..151b543 100644 --- a/recipes-sota/aktualizr/aktualizr-hsm-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-hsm-prov.bb @@ -5,8 +5,8 @@ SECTION = "base" LICENSE = "MPL-2.0" LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" -DEPENDS = "aktualizr-native" -RDEPENDS_${PN} = "aktualizr" +DEPENDS = "aktualizr aktualizr-native" +RDEPENDS_${PN}_append = "${@' aktualizr-ca-implicit-prov-creds softhsm-testtoken' if d.getVar('SOTA_DEPLOY_CREDENTIALS', True) == '1' else ''}" SRC_URI = "" PV = "1.0" @@ -19,16 +19,11 @@ do_install() { install -m 0700 -d ${D}${libdir}/sota/conf.d install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_hsm_prov.toml \ ${D}${libdir}/sota/conf.d/20-sota_hsm_prov.toml - if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then - aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} --no-root-ca \ - -o ${D}${libdir}/sota/conf.d/30-implicit_server.toml -p ${D} - fi } FILES_${PN} = " \ ${libdir}/sota/conf.d \ ${libdir}/sota/conf.d/20-sota_hsm_prov.toml \ - ${libdir}/sota/conf.d/30-implicit_server.toml \ " # vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb deleted file mode 100644 index 69ab03c..0000000 --- a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb +++ /dev/null @@ -1,35 +0,0 @@ -SUMMARY = "Aktualizr configuration for implicit provisioning" -DESCRIPTION = "Configuration for implicitly provisioning Aktualizr, the SOTA Client application written in C++" -HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" -SECTION = "base" -LICENSE = "MPL-2.0" -LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" - -DEPENDS = "aktualizr-native" -RDEPENDS_${PN} = "aktualizr" - -SRC_URI = "" -PV = "1.0" -PR = "1" - -require environment.inc -require credentials.inc - -do_install() { - install -m 0700 -d ${D}${libdir}/sota/conf.d - install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov.toml \ - ${D}${libdir}/sota/conf.d/20-sota_implicit_prov.toml - if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then - aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} \ - -o ${D}${libdir}/sota/conf.d/30-implicit_server.toml -p ${D} - fi -} - -FILES_${PN} = " \ - ${libdir}/sota/conf.d \ - ${libdir}/sota/conf.d/20-implicit_prov.toml \ - ${libdir}/sota/conf.d/30-implicit_server.toml \ - ${libdir}/sota/root.crt \ - " - -# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index 20008c9..c3a7420 100755 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -11,12 +11,13 @@ DEPENDS_append_class-native = "glib-2.0-native " RDEPENDS_${PN}_class-target = "lshw " RDEPENDS_${PN}_append_class-target = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'serialcan', ' slcand-start', '', d)} " -RDEPENDS_${PN}_append_class-target = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', ' softhsm softhsm-testtoken', '', d)}" RDEPENDS_${PN}_append_class-target = " ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'ubootenv', ' u-boot-fw-utils aktualizr-uboot-env-rollback', '', d)} " RDEPENDS_${PN}_append_class-target = " ${PN}-tools " RDEPENDS_${PN}-secondary_append_class-target = " ${PN}-tools " +RDEPENDS_${PN}_class-target = " openssl-bin " + PV = "1.0+git${SRCPV}" PR = "7" @@ -27,7 +28,7 @@ SRC_URI = " \ file://aktualizr-secondary.socket \ file://aktualizr-serialcan.service \ " -SRCREV = "487905ccb2a4b7e8b01becd051242fe504e85950" +SRCREV = "097c763ab4b4b057fa6bedfdac2049e53df93539" BRANCH ?= "master" S = "${WORKDIR}/git" @@ -65,7 +66,6 @@ do_install_append () { install -m 0644 ${S}/config/sota_autoprov.toml ${D}/${libdir}/sota/sota_autoprov.toml install -m 0644 ${S}/config/sota_autoprov_primary.toml ${D}/${libdir}/sota/sota_autoprov_primary.toml install -m 0644 ${S}/config/sota_hsm_prov.toml ${D}/${libdir}/sota/sota_hsm_prov.toml - install -m 0644 ${S}/config/sota_implicit_prov.toml ${D}/${libdir}/sota/sota_implicit_prov.toml install -m 0644 ${S}/config/sota_implicit_prov_ca.toml ${D}/${libdir}/sota/sota_implicit_prov_ca.toml install -m 0644 ${S}/config/sota_secondary.toml ${D}/${libdir}/sota/sota_secondary.toml install -m 0644 ${S}/config/sota_uboot_env.toml ${D}/${libdir}/sota/sota_uboot_env.toml @@ -114,7 +114,6 @@ FILES_${PN}-host-tools = " \ ${libdir}/sota/sota_autoprov.toml \ ${libdir}/sota/sota_autoprov_primary.toml \ ${libdir}/sota/sota_hsm_prov.toml \ - ${libdir}/sota/sota_implicit_prov.toml \ ${libdir}/sota/sota_implicit_prov_ca.toml \ ${libdir}/sota/sota_uboot_env.toml \ " -- cgit v1.2.3-54-g00ecf From afe5416d364ac449f3e80db487fde806ac06c4f3 Mon Sep 17 00:00:00 2001 From: Anton Gerasimov Date: Fri, 21 Sep 2018 18:41:25 +0200 Subject: Fix creating SoftHSM token --- recipes-support/softhsm-testtoken/files/createtoken.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/recipes-support/softhsm-testtoken/files/createtoken.sh b/recipes-support/softhsm-testtoken/files/createtoken.sh index b142945..fa4569d 100644 --- a/recipes-support/softhsm-testtoken/files/createtoken.sh +++ b/recipes-support/softhsm-testtoken/files/createtoken.sh @@ -13,7 +13,8 @@ fi mkdir -p /var/lib/softhsm/tokens softhsm2-util --init-token --slot 0 --label "Virtual token" --pin 1234 --so-pin 1234 -softhsm2-util --import /var/sota/import/pkey.pem --label "pkey" --id 02 --token 'Virtual token' --pin 1234 +openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in /var/sota/import/pkey.pem -out /var/sota/import/pkey.p8 +softhsm2-util --import /var/sota/import/pkey.p8 --label "pkey" --id 02 --token 'Virtual token' --pin 1234 openssl x509 -outform der -in /var/sota/import/client.pem -out /var/sota/import/client.der pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --id 1 --write-object /var/sota/import/client.der --type cert --login --pin 1234 -- cgit v1.2.3-54-g00ecf From 9a1a68a5dd94e10d969f9e692965e29683d9b836 Mon Sep 17 00:00:00 2001 From: Anton Gerasimov Date: Fri, 21 Sep 2018 18:44:42 +0200 Subject: Document delayed provisioning --- README.adoc | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/README.adoc b/README.adoc index d8e5f4d..8b761b6 100644 --- a/README.adoc +++ b/README.adoc @@ -81,7 +81,7 @@ Although we have used U-Boot so far, other boot loaders can be configured work w * `OSTREE_INITRAMFS_IMAGE` - initramfs/initrd image that is used as a proxy while booting into OSTree deployment. Do not change this setting unless you are sure that your initramfs can serve as such a proxy. * `SOTA_PACKED_CREDENTIALS` - when set, your ostree commit will be pushed to a remote repo as a bitbake step. This should be the path to a zipped credentials file in https://github.com/advancedtelematic/aktualizr/blob/master/docs/credentials.adoc[the format accepted by garage-push]. * `SOTA_DEPLOY_CREDENTIALS` - when set to '1' (default value), deploys credentials to the built image. Override it in `local.conf` to built a generic image that can be provisioned manually after the build. -* `SOTA_CLIENT_PROV` - which provisioning method to use. Valid options are https://github.com/advancedtelematic/aktualizr/blob/master/docs/automatic-provisioning.adoc[`aktualizr-auto-prov`], https://github.com/advancedtelematic/aktualizr/blob/master/docs/implicit-provisioning.adoc[`aktualizr-implicit-prov`], and https://github.com/advancedtelematic/aktualizr/blob/master/docs/hsm-provisioning.adoc[`aktualizr-hsm-prov`]. The default is `aktualizr-auto-prov`. This can also be set to an empty string to avoid using a provisioning recipe. +* `SOTA_CLIENT_PROV` - which provisioning method to use. Valid options are https://github.com/advancedtelematic/aktualizr/blob/master/docs/automatic-provisioning.adoc[`aktualizr-auto-prov`], https://github.com/advancedtelematic/aktualizr/blob/master/docs/implicit-provisioning.adoc[`aktualizr-ca-implicit-prov`], and https://github.com/advancedtelematic/aktualizr/blob/master/docs/hsm-provisioning.adoc[`aktualizr-hsm-prov`]. The default is `aktualizr-auto-prov`. This can also be set to an empty string to avoid using a provisioning recipe. * `SOTA_CLIENT_FEATURES` - extensions to aktualizr. The only valid options are `hsm` (to build with HSM support) and `secondary-network` (to set up a simulated 'in-vehicle' network with support for a primary node with a DHCP server and a secondary node with a DHCP client). * `SOTA_SECONDARY_ECUS` - a list of paths separated by spaces of JSON configuration files for virtual secondaries on the host. These will be installed into `/var/sota/ecus` on the device. * `SOTA_VIRTUAL_SECONDARIES` - a list of paths separated by spaces of JSON configuration files for virtual secondaries installed on the device. If `SOTA_SECONDARY_ECUS` is used to install them, then you can expect them to be installed in `/var/sota/ecus`. @@ -198,3 +198,16 @@ oe-selftest --run-tests updater ``` For more information about oe-selftest, including details about how to run individual test modules or classes, please refer to the https://wiki.yoctoproject.org/wiki/Oe-selftest[Yocto Project wiki]. + +== Manual provisoning +As described in <> section you can set `SOTA_DEPLOY_CREDENTIALS` to `0` to prevent deploying credentials to the built `wic` image. In this case you get a generic image that you can use e.g. on a production line to flash a series of devices. The cost of this approach is that this image is half-baked and should be provisioned before it can connect to the backend. + +Provisioning procedure depends on your provisioning recipe, i.e. the value of `SOTA_CLIENT_PROV` (equal to `aktualizr-auto-prov` by default). +* For `aktualizr-auto-prov` put your `credentials.zip` to `/var/sota/sota_provisioning_credentials.zip` on the filesystem of a running device. If you have the filesystem of our device mounted to your build machine, prefix all paths with `/ostree/deploy/poky` as in `/ostree/deploy/poky/var/sota/sota_provisioning_credentials.zip`. +* For `aktualizr-ca-implicit-prov` +** put URL to the used backend (together with protocol prefix and port number) to `/var/sota/gateway.url`. If you're using HERE OTA Connect, you can find the URL in `autoprov.url` file in your credentials archive. +** put client certificate, private key and root CA certificate (for the *server*, not for the *device*) to `/var/sota/import/client.pem`, `/var/sota/import/pkey.pem` and `/var/sota/import/root.crt` respectively. +* For `aktualizr-hsm-prov` +** put URL to the used backend (together with protocol prefix and port number) to `/var/sota/gateway.url`. If you're using HERE OTA Connect, you can find the URL in `autoprov.url` file in your credentials archive. +** put root CA certificate (for the *server*, not for the *device*) to `/var/sota/import/root.crt`. +** put client certificate and private key to slots 1 and 2 of the PKCS#11-compatible device. -- cgit v1.2.3-54-g00ecf From 3de1da03ce374166db6245486ec22839e260c6f6 Mon Sep 17 00:00:00 2001 From: Anton Gerasimov Date: Mon, 24 Sep 2018 18:02:30 +0200 Subject: Fixes for oe-selftest --- lib/oeqa/selftest/cases/updater.py | 30 +++++++++++++--------- .../aktualizr/aktualizr-auto-prov-creds.bb | 3 ++- recipes-sota/aktualizr/aktualizr-auto-prov.bb | 1 - .../aktualizr/aktualizr-ca-implicit-prov-creds.bb | 1 + recipes-sota/aktualizr/aktualizr_git.bb | 4 +-- 5 files changed, 22 insertions(+), 17 deletions(-) diff --git a/lib/oeqa/selftest/cases/updater.py b/lib/oeqa/selftest/cases/updater.py index 5f429a3..7ef834e 100644 --- a/lib/oeqa/selftest/cases/updater.py +++ b/lib/oeqa/selftest/cases/updater.py @@ -110,25 +110,25 @@ class AktualizrToolsTests(OESelftestTestCase): def test_cert_provider_local_output(self): logger = logging.getLogger("selftest") - logger.info('Running bitbake to build aktualizr-implicit-prov') - bitbake('aktualizr-implicit-prov') + logger.info('Running bitbake to build aktualizr-ca-implicit-prov') + bitbake('aktualizr-ca-implicit-prov') bb_vars = get_bb_vars(['SOTA_PACKED_CREDENTIALS', 'T'], 'aktualizr-native') creds = bb_vars['SOTA_PACKED_CREDENTIALS'] temp_dir = bb_vars['T'] - bb_vars_prov = get_bb_vars(['STAGING_DIR_NATIVE', 'libdir'], 'aktualizr-implicit-prov') - config = bb_vars_prov['STAGING_DIR_NATIVE'] + bb_vars_prov['libdir'] + '/sota/sota_implicit_prov.toml' + bb_vars_prov = get_bb_vars(['STAGING_DIR_HOST', 'libdir'], 'aktualizr-ca-implicit-prov') + config = bb_vars_prov['STAGING_DIR_HOST'] + bb_vars_prov['libdir'] + '/sota/sota_implicit_prov_ca.toml' akt_native_run(self, 'aktualizr_cert_provider -c {creds} -r -l {temp} -g {config}' .format(creds=creds, temp=temp_dir, config=config)) # Might be nice if these names weren't hardcoded. - cert_path = temp_dir + '/client.pem' + cert_path = temp_dir + '/var/sota/import/client.pem' self.assertTrue(os.path.isfile(cert_path), "Client certificate not found at %s." % cert_path) self.assertTrue(os.path.getsize(cert_path) > 0, "Client certificate at %s is empty." % cert_path) - pkey_path = temp_dir + '/pkey.pem' + pkey_path = temp_dir + '/var/sota/import/pkey.pem' self.assertTrue(os.path.isfile(pkey_path), "Private key not found at %s." % pkey_path) self.assertTrue(os.path.getsize(pkey_path) > 0, "Private key at %s is empty." % pkey_path) - ca_path = temp_dir + '/root.crt' + ca_path = temp_dir + '/var/sota/import/root.crt' self.assertTrue(os.path.isfile(ca_path), "Client certificate not found at %s." % ca_path) self.assertTrue(os.path.getsize(ca_path) > 0, "Client certificate at %s is empty." % ca_path) @@ -390,7 +390,9 @@ class ImplProvTests(OESelftestTestCase): else: self.meta_qemu = None self.append_config('MACHINE = "qemux86-64"') - self.append_config('SOTA_CLIENT_PROV = " aktualizr-implicit-prov "') + self.append_config('SOTA_CLIENT_PROV = " aktualizr-ca-implicit-prov "') + self.append_config('SOTA_DEPLOY_CREDENTIALS = "0"') + runCmd('bitbake -c cleanall aktualizr aktualizr-ca-implicit-prov') self.qemu, self.s = qemu_launch(machine='qemux86-64') def tearDownLocal(self): @@ -435,10 +437,11 @@ class ImplProvTests(OESelftestTestCase): # Run cert_provider. bb_vars = get_bb_vars(['SOTA_PACKED_CREDENTIALS'], 'aktualizr-native') creds = bb_vars['SOTA_PACKED_CREDENTIALS'] - bb_vars_prov = get_bb_vars(['STAGING_DIR_NATIVE', 'libdir'], 'aktualizr-implicit-prov') - config = bb_vars_prov['STAGING_DIR_NATIVE'] + bb_vars_prov['libdir'] + '/sota/sota_implicit_prov.toml' + bb_vars_prov = get_bb_vars(['STAGING_DIR_HOST', 'libdir'], 'aktualizr-ca-implicit-prov') + config = bb_vars_prov['STAGING_DIR_HOST'] + bb_vars_prov['libdir'] + '/sota/sota_implicit_prov_ca.toml' - akt_native_run(self, 'aktualizr_cert_provider -c {creds} -t root@localhost -p {port} -s -g {config}' + print('Provisining at root@localhost:%d' % self.qemu.ssh_port) + akt_native_run(self, 'aktualizr_cert_provider -c {creds} -t root@localhost -p {port} -s -u -r -g {config}' .format(creds=creds, port=self.qemu.ssh_port, config=config)) verifyProvisioned(self, machine) @@ -461,7 +464,10 @@ class HsmTests(OESelftestTestCase): self.meta_qemu = None self.append_config('MACHINE = "qemux86-64"') self.append_config('SOTA_CLIENT_PROV = "aktualizr-hsm-prov"') + self.append_config('SOTA_DEPLOY_CREDENTIALS = "0"') self.append_config('SOTA_CLIENT_FEATURES = "hsm"') + self.append_config('IMAGE_INSTALL_append = " softhsm-testtoken"') + runCmd('bitbake -c cleanall aktualizr aktualizr-hsm-prov') self.qemu, self.s = qemu_launch(machine='qemux86-64') def tearDownLocal(self): @@ -519,7 +525,7 @@ class HsmTests(OESelftestTestCase): bb_vars_prov = get_bb_vars(['STAGING_DIR_NATIVE', 'libdir'], 'aktualizr-hsm-prov') config = bb_vars_prov['STAGING_DIR_NATIVE'] + bb_vars_prov['libdir'] + '/sota/sota_hsm_prov.toml' - akt_native_run(self, 'aktualizr_cert_provider -c {creds} -t root@localhost -p {port} -r -s -g {config}' + akt_native_run(self, 'aktualizr_cert_provider -c {creds} -t root@localhost -p {port} -r -s -u -g {config}' .format(creds=creds, port=self.qemu.ssh_port, config=config)) # Verify that HSM is able to initialize. diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-auto-prov-creds.bb index d964a0a..34460af 100644 --- a/recipes-sota/aktualizr/aktualizr-auto-prov-creds.bb +++ b/recipes-sota/aktualizr/aktualizr-auto-prov-creds.bb @@ -4,11 +4,12 @@ LICENSE = "MPL-2.0" LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" DEPENDS = "aktualizr-native zip-native" +ALLOW_EMPTY_${PN} = "1" require credentials.inc do_install() { - if [ -n ${SOTA_PACKED_CREDENTIALS} ]; then + if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then install -m 0700 -d ${D}${localstatedir}/sota cp ${SOTA_PACKED_CREDENTIALS} ${D}${localstatedir}/sota/sota_provisioning_credentials.zip # Device should not be able to push data to treehub diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov.bb b/recipes-sota/aktualizr/aktualizr-auto-prov.bb index 65e89bd..01f21fa 100644 --- a/recipes-sota/aktualizr/aktualizr-auto-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-auto-prov.bb @@ -7,7 +7,6 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7 DEPENDS = "aktualizr-native zip-native" RDEPENDS_${PN}_append = "${@' aktualizr-auto-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS', True) == '1' else ''}" -RDEPENDS_${PN} = " aktualizr" PV = "1.0" PR = "6" diff --git a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb index 5debc19..a729e6b 100644 --- a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb +++ b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb @@ -4,6 +4,7 @@ LICENSE = "MPL-2.0" LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" DEPENDS = "aktualizr aktualizr-native" +ALLOW_EMPTY_${PN} = "1" SRC_URI = " \ file://ca.cnf \ diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index c3a7420..838a5d6 100755 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -16,8 +16,6 @@ RDEPENDS_${PN}_append_class-target = " ${@bb.utils.contains('SOTA_CLIENT_FEATURE RDEPENDS_${PN}_append_class-target = " ${PN}-tools " RDEPENDS_${PN}-secondary_append_class-target = " ${PN}-tools " -RDEPENDS_${PN}_class-target = " openssl-bin " - PV = "1.0+git${SRCPV}" PR = "7" @@ -28,7 +26,7 @@ SRC_URI = " \ file://aktualizr-secondary.socket \ file://aktualizr-serialcan.service \ " -SRCREV = "097c763ab4b4b057fa6bedfdac2049e53df93539" +SRCREV = "803fa9f75ed96993775dc0aa5e65e71920125157" BRANCH ?= "master" S = "${WORKDIR}/git" -- cgit v1.2.3-54-g00ecf From ca33a287d8ed9161feb066720314aa7e2f1f6fec Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Tue, 2 Oct 2018 12:48:41 +0200 Subject: aktualizr: bump to latest. Includes test fixes and async downloads. --- recipes-sota/aktualizr/aktualizr_git.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index 838a5d6..8e4b8f5 100755 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -26,7 +26,7 @@ SRC_URI = " \ file://aktualizr-secondary.socket \ file://aktualizr-serialcan.service \ " -SRCREV = "803fa9f75ed96993775dc0aa5e65e71920125157" +SRCREV = "512ad74c0b5339ca7775d8c9461b565a9e6ff5b3" BRANCH ?= "master" S = "${WORKDIR}/git" -- cgit v1.2.3-54-g00ecf