From 931ce0d24175f4cb9d0d115c553319d84a2a07a6 Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Fri, 1 Jun 2018 12:36:04 +0200 Subject: aktualizr_*.bb: Minor formatting and fixes. Move HSM dependencies to aktualizr recipe, since it's aktualizr that can depend on HSM support, not the provisioning prepartion. Remove references to systemd in provisioning recipes, since they have nothing to do with systemd. --- lib/oeqa/selftest/cases/updater.py | 3 +-- recipes-sota/aktualizr/aktualizr-auto-prov.bb | 2 +- recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb | 4 ++-- recipes-sota/aktualizr/aktualizr-hsm-prov.bb | 4 ++-- recipes-sota/aktualizr/aktualizr-implicit-prov.bb | 2 +- recipes-sota/aktualizr/aktualizr_git.bb | 3 ++- 6 files changed, 9 insertions(+), 9 deletions(-) diff --git a/lib/oeqa/selftest/cases/updater.py b/lib/oeqa/selftest/cases/updater.py index 2efef15..f55bc34 100644 --- a/lib/oeqa/selftest/cases/updater.py +++ b/lib/oeqa/selftest/cases/updater.py @@ -439,8 +439,7 @@ class HsmTests(OESelftestTestCase): # Strip off line ending. value = stdout.decode()[:-1] self.assertEqual(value, machine, - 'MACHINE does not match hostname: ' + machine + ', ' + value + - '\nIs tianocore ovmf installed?') + 'MACHINE does not match hostname: ' + machine + ', ' + value) print(value) print('Checking output of aktualizr-info:') ran_ok = False diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov.bb b/recipes-sota/aktualizr/aktualizr-auto-prov.bb index 8deee7e..c7f1240 100644 --- a/recipes-sota/aktualizr/aktualizr-auto-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-auto-prov.bb @@ -1,5 +1,5 @@ SUMMARY = "Aktualizr configuration for autoprovisioning" -DESCRIPTION = "Systemd service and configurations for autoprovisioning Aktualizr, the SOTA Client application written in C++" +DESCRIPTION = "Configuration for automatically provisioning Aktualizr, the SOTA Client application written in C++" HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" SECTION = "base" LICENSE = "MPL-2.0" diff --git a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb index 319074e..c4802ed 100644 --- a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb @@ -1,5 +1,5 @@ SUMMARY = "Aktualizr configuration for implicit provisioning with CA" -DESCRIPTION = "Systemd service and configurations for implicitly provisioning Aktualizr using externally provided or generated CA" +DESCRIPTION = "Configuration for implicitly provisioning Aktualizr using externally provided or generated CA" # WARNING: it is NOT a production solution. The secure way to provision devices is to create certificate request directly on the device # (either with HSM/TPM or with software) and then sign it with a CA stored on a disconnected machine @@ -36,7 +36,7 @@ do_install() { SOTA_CACERT_PATH=${DEPLOY_DIR_IMAGE}/CA/cacert.pem SOTA_CAKEY_PATH=${DEPLOY_DIR_IMAGE}/CA/ca.private.pem mkdir -p ${DEPLOY_DIR_IMAGE}/CA - bbwarn "SOTA_CACERT_PATH is not specified, use default one at $SOTA_CACERT_PATH" + bbwarn "SOTA_CACERT_PATH is not specified, use default one at $SOTA_CACERT_PATH" if [ ! -f ${SOTA_CACERT_PATH} ]; then bbwarn "${SOTA_CACERT_PATH} does not exist, generate a new CA" diff --git a/recipes-sota/aktualizr/aktualizr-hsm-prov.bb b/recipes-sota/aktualizr/aktualizr-hsm-prov.bb index 504f0d8..7e2d638 100644 --- a/recipes-sota/aktualizr/aktualizr-hsm-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-hsm-prov.bb @@ -1,12 +1,12 @@ SUMMARY = "Aktualizr configuration with HSM support" -DESCRIPTION = "Systemd service and configurations for HSM provisioning with Aktualizr, the SOTA Client application written in C++" +DESCRIPTION = "Configuration for HSM provisioning with Aktualizr, the SOTA Client application written in C++" HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" SECTION = "base" LICENSE = "MPL-2.0" LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE;md5=9741c346eef56131163e13b9db1241b3" DEPENDS = "aktualizr-native" -RDEPENDS_${PN} = "aktualizr softhsm softhsm-testtoken" +RDEPENDS_${PN} = "aktualizr" SRC_URI = " \ file://LICENSE \ diff --git a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb index dcfaffb..e5cd79e 100644 --- a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb @@ -1,5 +1,5 @@ SUMMARY = "Aktualizr configuration for implicit provisioning" -DESCRIPTION = "Systemd service and configurations for implicitly provisioning Aktualizr, the SOTA Client application written in C++" +DESCRIPTION = "Configuration for implicitly provisioning Aktualizr, the SOTA Client application written in C++" HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" SECTION = "base" LICENSE = "MPL-2.0" diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index f55eca8..ec7bb3c 100755 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -10,7 +10,8 @@ DEPENDS_append_class-target = "ostree ${@bb.utils.contains('SOTA_CLIENT_FEATURES DEPENDS_append_class-native = "glib-2.0-native " RDEPENDS_${PN}_class-target = "lshw " -RDEPENDS_${PN}_append_class-target = " ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'serialcan', ' slcand-start', '', d)} " +RDEPENDS_${PN}_append_class-target = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'serialcan', ' slcand-start', '', d)} " +RDEPENDS_${PN}_append_class-target = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', ' softhsm softhsm-testtoken', '', d)}" PV = "1.0+git${SRCPV}" PR = "7" -- cgit v1.2.3-54-g00ecf From 86ec5453165c8e9b12c0c874b011d470008792a1 Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Fri, 1 Jun 2018 14:42:27 +0200 Subject: aktualizr: Upgrade to use simplified implicit_writer config. There is no longer a need for dumping the whole config, now we can just add what we need to a new config file and use that in addition to the base config. This simplifies several things and fixes a few bugs. Also renamed the configs to make provenance a little clearer. --- recipes-sota/aktualizr/aktualizr-auto-prov.bb | 5 +++-- recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb | 7 ++++--- recipes-sota/aktualizr/aktualizr-hsm-prov.bb | 8 ++++++-- recipes-sota/aktualizr/aktualizr-implicit-prov.bb | 8 ++++++-- recipes-sota/aktualizr/aktualizr_git.bb | 2 +- 5 files changed, 20 insertions(+), 10 deletions(-) diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov.bb b/recipes-sota/aktualizr/aktualizr-auto-prov.bb index c7f1240..7f4f2e4 100644 --- a/recipes-sota/aktualizr/aktualizr-auto-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-auto-prov.bb @@ -35,7 +35,8 @@ do_install() { if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then aktualizr_toml=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-network', 'sota_autoprov_primary.toml', 'sota_autoprov.toml', d)} - install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/${aktualizr_toml} ${D}${libdir}/sota/conf.d/20-sota.toml + install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/${aktualizr_toml} \ + ${D}${libdir}/sota/conf.d/20-${aktualizr_toml}.toml # deploy SOTA credentials if [ -e ${SOTA_PACKED_CREDENTIALS} ]; then @@ -48,7 +49,7 @@ do_install() { FILES_${PN} = " \ ${libdir}/sota/conf.d \ - ${libdir}/sota/conf.d/20-sota.toml \ + ${libdir}/sota/conf.d/20-${aktualizr_toml}.toml \ ${localstatedir}/sota \ ${localstatedir}/sota/sota_provisioning_credentials.zip \ " diff --git a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb index c4802ed..4d5ff79 100644 --- a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb @@ -52,19 +52,20 @@ do_install() { fi install -m 0700 -d ${D}${localstatedir}/sota - install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov_ca.toml ${D}${libdir}/sota/conf.d/20-sota.toml + install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov_ca.toml \ + ${D}${libdir}/sota/conf.d/20-sota_implicit_prov_ca.toml aktualizr_cert_provider --credentials ${SOTA_PACKED_CREDENTIALS} \ --device-ca ${SOTA_CACERT_PATH} \ --device-ca-key ${SOTA_CAKEY_PATH} \ --root-ca \ --server-url \ --local ${D}${localstatedir}/sota \ - --config ${D}${libdir}/sota/conf.d/20-sota.toml + --config ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov_ca.toml } FILES_${PN} = " \ ${libdir}/sota/conf.d \ - ${libdir}/sota/conf.d/20-sota.toml \ + ${libdir}/sota/conf.d/20-sota_implicit_prov_ca.toml \ ${libdir}/sota/root.crt \ ${localstatedir}/sota/* \ " diff --git a/recipes-sota/aktualizr/aktualizr-hsm-prov.bb b/recipes-sota/aktualizr/aktualizr-hsm-prov.bb index 7e2d638..d526cd2 100644 --- a/recipes-sota/aktualizr/aktualizr-hsm-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-hsm-prov.bb @@ -19,15 +19,19 @@ require credentials.inc do_install() { install -m 0700 -d ${D}${libdir}/sota/conf.d + install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_hsm_prov.toml \ + ${D}${libdir}/sota/conf.d/20-sota_hsm_prov.toml if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} --no-root-ca \ - -i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_hsm_prov.toml -o ${D}${libdir}/sota/conf.d/20-sota.toml -p ${D} + -i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_hsm_prov.toml \ + -o ${D}${libdir}/sota/conf.d/30-implicit_server.toml -p ${D} fi } FILES_${PN} = " \ ${libdir}/sota/conf.d \ - ${libdir}/sota/conf.d/20-sota.toml \ + ${libdir}/sota/conf.d/20-sota_hsm_prov.toml \ + ${libdir}/sota/conf.d/30-implicit_server.toml \ " # vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb index e5cd79e..e08eeef 100644 --- a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb @@ -19,15 +19,19 @@ require credentials.inc do_install() { install -m 0700 -d ${D}${libdir}/sota/conf.d + install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov.toml \ + ${D}${libdir}/sota/conf.d/20-sota_implicit_prov.toml if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} \ - -i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov.toml -o ${D}${libdir}/sota/conf.d/20-sota.toml -p ${D} + -i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov.toml \ + -o ${D}${libdir}/sota/conf.d/30-implicit_server.toml -p ${D} fi } FILES_${PN} = " \ ${libdir}/sota/conf.d \ - ${libdir}/sota/conf.d/20-sota.toml \ + ${libdir}/sota/conf.d/20-implicit_prov.toml \ + ${libdir}/sota/conf.d/30-implicit_server.toml \ ${libdir}/sota/root.crt \ " diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index ec7bb3c..8dc4b31 100755 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -23,7 +23,7 @@ SRC_URI = " \ file://aktualizr-secondary.socket \ file://aktualizr-serialcan.service \ " -SRCREV = "3b89858cf8ce9a8331cc4e6a5d2b5783d2eb7ae9" +SRCREV = "114dc6c519ca9a605d73ad292821348607d0fa12" BRANCH ?= "master" S = "${WORKDIR}/git" -- cgit v1.2.3-54-g00ecf