From 7ca1d9483e761f56dd50630c49b8365cca363e98 Mon Sep 17 00:00:00 2001 From: Laurent Bonnans Date: Mon, 4 Mar 2019 11:02:54 +0100 Subject: Bump aktualizr to last master Includes the new way of fetching garage-signa. Signed-off-by: Laurent Bonnans --- recipes-sota/aktualizr/aktualizr_git.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index a69bd4d..8fbe2f9 100755 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -24,7 +24,7 @@ SRC_URI = " \ " -SRCREV = "c71ec0a320d85a3e75ba37bff7dc40ad02e9d655" +SRCREV = "ea03a5cf57def6b8d368f783cb12b91255365a80" BRANCH ?= "master" S = "${WORKDIR}/git" -- cgit v1.2.3-54-g00ecf From 36dc9817f58d74b98194539dcb0cf1de1af8e340 Mon Sep 17 00:00:00 2001 From: Laurent Bonnans Date: Fri, 1 Mar 2019 12:49:38 +0100 Subject: Simplify garage-sign fetching for aktualizr Two modes: - `GARAGE_SIGN_AUTOVERSION=0`: use archive and version from aktualizr's recipe - `GARAGE_SIGN_AUTOVERSION=1`: let aktualizr fetching it automatically Signed-off-by: Laurent Bonnans --- recipes-sota/aktualizr/aktualizr_git.bb | 12 +++++---- recipes-sota/aktualizr/garage-sign-version.inc | 36 -------------------------- 2 files changed, 7 insertions(+), 41 deletions(-) delete mode 100644 recipes-sota/aktualizr/garage-sign-version.inc diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index 8fbe2f9..0354fa0 100755 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -5,8 +5,6 @@ SECTION = "base" LICENSE = "MPL-2.0" LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=9741c346eef56131163e13b9db1241b3" -require garage-sign-version.inc - DEPENDS = "boost curl openssl libarchive libsodium sqlite3 asn1c-native" RDEPENDS_${PN}_class-target = "aktualizr-check-discovery aktualizr-configs lshw" RDEPENDS_${PN}-secondary = "aktualizr-check-discovery" @@ -15,14 +13,20 @@ RDEPENDS_${PN}-host-tools = "aktualizr aktualizr-repo aktualizr-cert-provider ${ PV = "1.0+git${SRCPV}" PR = "7" +GARAGE_SIGN_PV = "0.6.0-3-gc38b9f3" + SRC_URI = " \ gitsm://github.com/advancedtelematic/aktualizr;branch=${BRANCH} \ file://aktualizr.service \ file://aktualizr-secondary.service \ file://aktualizr-secondary.socket \ file://aktualizr-serialcan.service \ + ${@ d.expand("https://ats-tuf-cli-releases.s3-eu-central-1.amazonaws.com/cli-${GARAGE_SIGN_PV}.tgz;unpack=0") if d.getVar('GARAGE_SIGN_AUTOVERSION') != '1' else ''} \ " +# for garage-sign archive +SRC_URI[md5sum] = "30d7f0931e2236954679e75d1bae174f" +SRC_URI[sha256sum] = "46d8c6448ce14cbb9af6a93eba7e29d38579e566dcd6518d22f723a8da16cad5" SRCREV = "ea03a5cf57def6b8d368f783cb12b91255365a80" BRANCH ?= "master" @@ -37,9 +41,7 @@ SYSTEMD_SERVICE_${PN}-secondary = "aktualizr-secondary.socket" EXTRA_OECMAKE = "-DCMAKE_BUILD_TYPE=Release -DAKTUALIZR_VERSION=${PV}" -GARAGE_SIGN_OPS = "${@ '-DGARAGE_SIGN_VERSION=%s' % d.getVar('GARAGE_SIGN_VERSION') if d.getVar('GARAGE_SIGN_VERSION') is not None else ''} \ - ${@ '-DGARAGE_SIGN_SHA256=%s' % d.getVar('GARAGE_SIGN_SHA256') if d.getVar('GARAGE_SIGN_SHA256') is not None else ''} \ - " +GARAGE_SIGN_OPS = "${@ d.expand('-DGARAGE_SIGN_ARCHIVE=${WORKDIR}/cli-${GARAGE_SIGN_PV}.tgz') if d.getVar('GARAGE_SIGN_AUTOVERSION') != '1' else ''}" PACKAGECONFIG ?= "ostree ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} ${@bb.utils.filter('SOTA_CLIENT_FEATURES', 'hsm serialcan ubootenv', d)}" PACKAGECONFIG_class-native = "sota-tools" diff --git a/recipes-sota/aktualizr/garage-sign-version.inc b/recipes-sota/aktualizr/garage-sign-version.inc deleted file mode 100644 index 2cea6c9..0000000 --- a/recipes-sota/aktualizr/garage-sign-version.inc +++ /dev/null @@ -1,36 +0,0 @@ - -python () { - if d.getVar("GARAGE_SIGN_VERSION") or not d.getVar("SOTA_PACKED_CREDENTIALS"): - return - import json - import urllib.request - import zipfile - with zipfile.ZipFile(d.getVar("SOTA_PACKED_CREDENTIALS"), 'r') as zip_ref: - try: - with zip_ref.open('tufrepo.url', mode='r') as url_file: - url = url_file.read().decode().strip(' \t\n') + '/health/version' - except (KeyError, ValueError, RuntimeError): - return - connected = False - tries = 3 - for i in range(tries): - try: - r = urllib.request.urlopen(url) - if r.code == 200: - connected = True - break - else: - print('Bad return code from server ' + url + ': ' + str(r.code) + - ' (attempt ' + str(i + 1) + ' of ' + str(tries) + ')') - except urllib.error.URLError as e: - print('Error connecting to server ' + url + ': ' + str(e) + - ' (attempt ' + str(i + 1) + ' of ' + str(tries) + ')') - if not connected: - return - resp = r.read().decode('utf-8') - j = json.loads(resp) - version = 'cli-' + j['version'] + '.tgz' - d.setVar("GARAGE_SIGN_VERSION", version) -} - -# vim:set ts=4 sw=4 sts=4 expandtab: -- cgit v1.2.3-54-g00ecf From 03d67b276dd371f73e9ea4eab826d6ebb11c9703 Mon Sep 17 00:00:00 2001 From: Laurent Bonnans Date: Thu, 7 Mar 2019 12:13:35 +0100 Subject: Document GARAGE_SIGN_AUTOVERSION Signed-off-by: Laurent Bonnans --- README.adoc | 1 + 1 file changed, 1 insertion(+) diff --git a/README.adoc b/README.adoc index d603ade..ed85f89 100644 --- a/README.adoc +++ b/README.adoc @@ -82,6 +82,7 @@ Although we have used U-Boot so far, other boot loaders can be configured work w * `OSTREE_COMMIT_SUBJECT` - Commit subject used by OSTree. Defaults to `Commit-id: ${IMAGE_NAME}` * `OSTREE_UPDATE_SUMMARY` - Set this to '1' to update summary of OSTree repository on each commit. '0' by default. * `OSTREE_DEPLOY_DEVICETREE` - Set this to '1' to include devicetree(s) to boot +* `GARAGE_SIGN_AUTOVERSION` - Set this to '1' to automatically fetch the last version of the garage tools installed by the aktualizr-native. Otherwise use the fixed version specified in the recipe. * `INITRAMFS_IMAGE` - initramfs/initrd image that is used as a proxy while booting into OSTree deployment. Do not change this setting unless you are sure that your initramfs can serve as such a proxy. * `SOTA_PACKED_CREDENTIALS` - when set, your ostree commit will be pushed to a remote repo as a bitbake step. This should be the path to a zipped credentials file in https://github.com/advancedtelematic/aktualizr/blob/master/docs/credentials.adoc[the format accepted by garage-push]. * `SOTA_DEPLOY_CREDENTIALS` - when set to '1' (default value), deploys credentials to the built image. Override it in `local.conf` to built a generic image that can be provisioned manually after the build. -- cgit v1.2.3-54-g00ecf