From 6630a83d1292bb96a531208b7c52aa1744c54f79 Mon Sep 17 00:00:00 2001 From: Anton Gerasimov Date: Wed, 13 Dec 2017 15:30:03 +0100 Subject: Fixes for Spekulatius - New garage-sign interface - Remove garage-sign recipe (now installed with aktualizr-native) - Small but critical bugfixes in aktualizr --- classes/image_repo_manifest.bbclass | 4 +-- classes/image_types_ostree.bbclass | 13 ++++----- classes/sota.bbclass | 4 +-- lib/oeqa/selftest/updater.py | 14 ++-------- recipes-sota/aktualizr/aktualizr-implicit-prov.bb | 2 +- recipes-sota/aktualizr/aktualizr_git.bb | 2 +- recipes-sota/garage-sign/garage-sign.bb | 33 ----------------------- 7 files changed, 13 insertions(+), 59 deletions(-) delete mode 100644 recipes-sota/garage-sign/garage-sign.bb diff --git a/classes/image_repo_manifest.bbclass b/classes/image_repo_manifest.bbclass index 2012363..467fd9a 100644 --- a/classes/image_repo_manifest.bbclass +++ b/classes/image_repo_manifest.bbclass @@ -14,9 +14,9 @@ HOSTTOOLS_NONFATAL += " repo " # Write build information to target filesystem buildinfo () { if [ $(which repo) ]; then - repo manifest --revision-as-HEAD -o ${IMAGE_ROOTFS}${sysconfdir}/manifest.xml || echo "Android repo tool failed to run; manifest not copied" + repo manifest --revision-as-HEAD -o ${IMAGE_ROOTFS}${sysconfdir}/manifest.xml || bbwarn "Android repo tool failed to run; manifest not copied" else - echo "Android repo tool not found; manifest not copied." + bbwarn "Android repo tool not found; manifest not copied." fi } diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass index 56a9720..05db62a 100644 --- a/classes/image_types_ostree.bbclass +++ b/classes/image_types_ostree.bbclass @@ -179,7 +179,7 @@ IMAGE_CMD_ostreepush () { } IMAGE_TYPEDEP_garagesign = "ostreepush" -IMAGE_DEPENDS_garagesign = "garage-sign-native:do_populate_sysroot" +IMAGE_DEPENDS_garagesign = "aktualizr-native:do_populate_sysroot" IMAGE_CMD_garagesign () { if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then # if credentials are issued by a server that doesn't support offline signing, exit silently @@ -194,11 +194,8 @@ IMAGE_CMD_garagesign () { exit 1 fi - if [ ! -d "${GARAGE_SIGN_REPO}" ]; then - garage-sign init --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --credentials ${SOTA_PACKED_CREDENTIALS} - fi - - reposerver_args="--reposerver $( unzip -p ${SOTA_PACKED_CREDENTIALS} tufrepo.url )" + rm -rf ${GARAGE_SIGN_REPO} + garage-sign init --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --credentials ${SOTA_PACKED_CREDENTIALS} ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME}) @@ -206,11 +203,11 @@ IMAGE_CMD_garagesign () { # in which case targets.json should be pulled again and the whole procedure repeated push_success=0 for push_retries in $( seq 3 ); do - garage-sign targets pull --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} ${reposerver_args} + garage-sign targets pull --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} garage-sign targets add --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --name ${OSTREE_BRANCHNAME} --format OSTREE --version ${ostree_target_hash} --length 0 --url "https://example.com/" --sha256 ${ostree_target_hash} --hardwareids ${MACHINE} garage-sign targets sign --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --key-name=targets errcode=0 - garage-sign targets push --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} ${reposerver_args} || errcode=$? + garage-sign targets push --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} || errcode=$? if [ "$errcode" -eq "0" ]; then push_success=1 break diff --git a/classes/sota.bbclass b/classes/sota.bbclass index 0f42332..bbb9ac9 100644 --- a/classes/sota.bbclass +++ b/classes/sota.bbclass @@ -13,8 +13,8 @@ IMAGE_INSTALL_append_sota = " ostree os-release ${SOTA_CLIENT} ${SOTA_CLIENT_PRO IMAGE_CLASSES += " image_types_ostree image_types_ota" IMAGE_FSTYPES += "${@bb.utils.contains('DISTRO_FEATURES', 'sota', 'ostreepush garagesign garagecheck otaimg wic', ' ', d)}" -PACKAGECONFIG_append_pn-curl = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', " ssl", " ", d)}" -PACKAGECONFIG_remove_pn-curl = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', " gnutls", " ", d)}" +PACKAGECONFIG_append_pn-curl = " ssl" +PACKAGECONFIG_remove_pn-curl = "gnutls" WKS_FILE_sota ?= "sdimage-sota.wks" diff --git a/lib/oeqa/selftest/updater.py b/lib/oeqa/selftest/updater.py index c07b154..f28349f 100644 --- a/lib/oeqa/selftest/updater.py +++ b/lib/oeqa/selftest/updater.py @@ -31,23 +31,13 @@ class SotaToolsTests(oeSelfTest): result = runCmd('%s --help' % p, ignore_status=True) self.assertEqual(result.status, 0, "Status not equal to 0. output: %s" % result.output) - -class GarageSignTests(oeSelfTest): - - @classmethod - def setUpClass(cls): - logger = logging.getLogger("selftest") - logger.info('Running bitbake to build garage-sign-native') - bitbake('garage-sign-native') - - def test_help(self): - bb_vars = get_bb_vars(['SYSROOT_DESTDIR', 'bindir'], 'garage-sign-native') + def test_garagesign_help(self): + bb_vars = get_bb_vars(['SYSROOT_DESTDIR', 'bindir'], 'aktualizr-native') p = bb_vars['SYSROOT_DESTDIR'] + bb_vars['bindir'] + "/" + "garage-sign" self.assertTrue(os.path.isfile(p), msg = "No garage-sign found (%s)" % p) result = runCmd('%s --help' % p, ignore_status=True) self.assertEqual(result.status, 0, "Status not equal to 0. output: %s" % result.output) - class HsmTests(oeSelfTest): def test_hsm(self): diff --git a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb index 67bd2c2..e5d9c9b 100644 --- a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb @@ -27,7 +27,7 @@ do_install() { install -d ${D}${libdir}/sota if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} \ - -i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov.toml -o ${D}${libdir}/sota/sota.toml -p ${D} + -i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov.toml -o ${D}${libdir}/sota/sota.toml -p ${D} --no-root-ca fi } diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index e4ffc5a..08aa6c2 100644 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -18,7 +18,7 @@ PR = "7" SRC_URI = " \ git://github.com/advancedtelematic/aktualizr;branch=${BRANCH} \ " -SRCREV = "5bf2975aee4af667a1af17381bf68c34a00f03a3" +SRCREV = "eb6c0b43c2b8b32f66f228c1c3f590b5c16ad448" BRANCH ?= "master" S = "${WORKDIR}/git" diff --git a/recipes-sota/garage-sign/garage-sign.bb b/recipes-sota/garage-sign/garage-sign.bb deleted file mode 100644 index 32dda47..0000000 --- a/recipes-sota/garage-sign/garage-sign.bb +++ /dev/null @@ -1,33 +0,0 @@ -SUMMARY = "garage-sign" -DESCRIPTION = "Metadata signing tool for ATS Garage" -HOMEPAGE = "https://ats-tuf-cli-releases.s3-eu-central-1.amazonaws.com/index.html" -SECTION = "base" -LICENSE = "CLOSED" -LIC_FILES_CHKSUM = "file://${S}/docs/LICENSE;md5=3025e77db7bd3f1d616b3ffd11d54c94" -DEPENDS = "" - -PV = "0.2.0-57-g3f86c67" - -SRC_URI = " \ - https://ats-tuf-cli-releases.s3-eu-central-1.amazonaws.com/cli-${PV}.tgz \ - " - -SRC_URI[md5sum] = "5bbe080c0c3a80928b8856d2076dd49a" -SRC_URI[sha256sum] = "f653d24172ed245a6256b2f341a9b77bddf624cd6bbda574c1a85430e3155394" - -S = "${WORKDIR}/${BPN}" - -BBCLASSEXTEND =+ "native" - -do_install() { - install -d ${D}${bindir} - install -m "0755" -t ${D}${bindir} ${S}/bin/* - install -d ${D}${libdir} - install -m "0644" -t ${D}${libdir} ${S}/lib/* -} - -FILES_${PN} = " \ - ${bindir}/garage-sign.bat \ - ${bindir}/garage-sign \ - ${libdir}/* \ - " -- cgit v1.2.3-54-g00ecf