From 6506e91a577b9a666c8191a5d91570849df3e714 Mon Sep 17 00:00:00 2001 From: merltron <30755179+merltron@users.noreply.github.com> Date: Mon, 13 May 2019 12:50:54 +0200 Subject: OTA-2606: Renaming provisioning methods Updating links to documentation with proper terminology rather than aktualiz repo topics (aktualizr repo also now has a mirror of the same topic). Signed-off-by: Patrick Vacek --- README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.adoc b/README.adoc index 01f1c85..58e28a8 100644 --- a/README.adoc +++ b/README.adoc @@ -87,7 +87,7 @@ Your images will also need network connectivity to be able to reach an actual OT * `GARAGE_SIGN_AUTOVERSION` - Set this to '1' to automatically fetch the last version of the garage tools installed by the aktualizr-native. Otherwise use the fixed version specified in the recipe. * `SOTA_PACKED_CREDENTIALS` - when set, your ostree commit will be pushed to a remote repo as a bitbake step. This should be the path to a zipped credentials file in https://github.com/advancedtelematic/aktualizr/blob/master/docs/credentials.adoc[the format accepted by garage-push]. * `SOTA_DEPLOY_CREDENTIALS` - when set to '1' (default value), deploys credentials to the built image. Override it in `local.conf` to built a generic image that can be provisioned manually after the build. -* `SOTA_CLIENT_PROV` - which provisioning method to use. Valid options are https://github.com/advancedtelematic/aktualizr/blob/master/docs/automatic-provisioning.adoc[`aktualizr-auto-prov`], https://github.com/advancedtelematic/aktualizr/blob/master/docs/implicit-provisioning.adoc[`aktualizr-ca-implicit-prov`], and https://github.com/advancedtelematic/aktualizr/blob/master/docs/hsm-provisioning.adoc[`aktualizr-hsm-prov`]. The default is `aktualizr-auto-prov`. This can also be set to an empty string to avoid using a provisioning recipe. +* `SOTA_CLIENT_PROV` - which provisioning method to use. Valid options are [`aktualizr-auto-prov`], [`aktualizr-ca-implicit-prov`], and [`aktualizr-hsm-prov`]. For more information on these provisioning methods, see the https://docs.ota.here.com/client-config/client-provisioning-methods.html[OTA Connect documentation]. The default is `aktualizr-auto-prov`. This can also be set to an empty string to avoid using a provisioning recipe. * `SOTA_CLIENT_FEATURES` - extensions to aktualizr. The only valid options are `hsm` (to build with HSM support) and `secondary-network` (to set up a simulated 'in-vehicle' network with support for a primary node with a DHCP server and a secondary node with a DHCP client). * `SOTA_SECONDARY_CONFIG_DIR` - a directory containing JSON configuration files for virtual secondaries on the host. These will be installed into `/etc/sota/ecus` on the device and automatically provided to aktualizr. * `SOTA_HARDWARE_ID` - a custom hardware ID that will be written to the aktualizr config. Defaults to MACHINE if not set. -- cgit v1.2.3-54-g00ecf From 1158246987a49e07a02469dad4d4531ffb52d96d Mon Sep 17 00:00:00 2001 From: Merlin Carter Date: Mon, 20 May 2019 13:15:38 +0200 Subject: OTA-2606: Renaming provisioning methods Removing unnecessary square brackets Signed-off-by: Merlin Carter Signed-off-by: Patrick Vacek --- README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.adoc b/README.adoc index 58e28a8..1ca2bdd 100644 --- a/README.adoc +++ b/README.adoc @@ -87,7 +87,7 @@ Your images will also need network connectivity to be able to reach an actual OT * `GARAGE_SIGN_AUTOVERSION` - Set this to '1' to automatically fetch the last version of the garage tools installed by the aktualizr-native. Otherwise use the fixed version specified in the recipe. * `SOTA_PACKED_CREDENTIALS` - when set, your ostree commit will be pushed to a remote repo as a bitbake step. This should be the path to a zipped credentials file in https://github.com/advancedtelematic/aktualizr/blob/master/docs/credentials.adoc[the format accepted by garage-push]. * `SOTA_DEPLOY_CREDENTIALS` - when set to '1' (default value), deploys credentials to the built image. Override it in `local.conf` to built a generic image that can be provisioned manually after the build. -* `SOTA_CLIENT_PROV` - which provisioning method to use. Valid options are [`aktualizr-auto-prov`], [`aktualizr-ca-implicit-prov`], and [`aktualizr-hsm-prov`]. For more information on these provisioning methods, see the https://docs.ota.here.com/client-config/client-provisioning-methods.html[OTA Connect documentation]. The default is `aktualizr-auto-prov`. This can also be set to an empty string to avoid using a provisioning recipe. +* `SOTA_CLIENT_PROV` - which provisioning method to use. Valid options are `aktualizr-auto-prov`, `aktualizr-ca-implicit-prov`, and `aktualizr-hsm-prov`. For more information on these provisioning methods, see the https://docs.ota.here.com/client-config/client-provisioning-methods.html[OTA Connect documentation]. The default is `aktualizr-auto-prov`. This can also be set to an empty string to avoid using a provisioning recipe. * `SOTA_CLIENT_FEATURES` - extensions to aktualizr. The only valid options are `hsm` (to build with HSM support) and `secondary-network` (to set up a simulated 'in-vehicle' network with support for a primary node with a DHCP server and a secondary node with a DHCP client). * `SOTA_SECONDARY_CONFIG_DIR` - a directory containing JSON configuration files for virtual secondaries on the host. These will be installed into `/etc/sota/ecus` on the device and automatically provided to aktualizr. * `SOTA_HARDWARE_ID` - a custom hardware ID that will be written to the aktualizr config. Defaults to MACHINE if not set. -- cgit v1.2.3-54-g00ecf From 7efdaedc9bdd844087caf5a0c3d8c537e4cbbe10 Mon Sep 17 00:00:00 2001 From: Ming Liu Date: Mon, 20 May 2019 22:18:48 +0200 Subject: sota.bbclass: move sota to DISTROOVERRIDES Move sota to DISTROOVERRIDES from OVERRIDES, it should be a distro overrides. This change also let 'sota' to be in front of 'forcevariable' in OVERRIDES, since 'forcevariable' should always be the last overrides. Signed-off-by: Ming Liu Signed-off-by: Patrick Vacek --- classes/sota.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/classes/sota.bbclass b/classes/sota.bbclass index 9799a0a..a38ee0a 100644 --- a/classes/sota.bbclass +++ b/classes/sota.bbclass @@ -3,7 +3,7 @@ python __anonymous() { d.appendVarFlag("do_image_wic", "depends", " %s:do_image_otaimg" % d.getVar("IMAGE_BASENAME", True)) } -OVERRIDES .= "${@bb.utils.contains('DISTRO_FEATURES', 'sota', ':sota', '', d)}" +DISTROOVERRIDES .= "${@bb.utils.contains('DISTRO_FEATURES', 'sota', ':sota', '', d)}" HOSTTOOLS_NONFATAL += "java" -- cgit v1.2.3-54-g00ecf From 007d7371d9dc374a78493ad38fec865beee92514 Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Fri, 17 May 2019 12:22:23 +0200 Subject: aktualizr-polling-interval: new config fragment. Can be used for testing purposes after we increase the default polling interval in aktualizr. We no longer recommend anything less than an hour for production use cases, but it's still convenient to poll more frequently while testing. Signed-off-by: Patrick Vacek --- README.adoc | 1 + recipes-sota/config/aktualizr-polling-interval.bb | 29 ++++++++++++++++++++++ recipes-sota/config/files/60-polling-interval.toml | 2 ++ 3 files changed, 32 insertions(+) create mode 100644 recipes-sota/config/aktualizr-polling-interval.bb create mode 100644 recipes-sota/config/files/60-polling-interval.toml diff --git a/README.adoc b/README.adoc index 1ca2bdd..7e6fb43 100644 --- a/README.adoc +++ b/README.adoc @@ -92,6 +92,7 @@ Your images will also need network connectivity to be able to reach an actual OT * `SOTA_SECONDARY_CONFIG_DIR` - a directory containing JSON configuration files for virtual secondaries on the host. These will be installed into `/etc/sota/ecus` on the device and automatically provided to aktualizr. * `SOTA_HARDWARE_ID` - a custom hardware ID that will be written to the aktualizr config. Defaults to MACHINE if not set. * `RESOURCE_xxx_pn-aktualizr` - controls maximum resource usage of the aktualizr service, when `aktualizr-resource-control` is installed on the image. See <> for details. +* `SOTA_POLLING_SEC` - sets polling interval for aktualizr to check for updates if aktualizr-polling-sec is included in the image. == Usage diff --git a/recipes-sota/config/aktualizr-polling-interval.bb b/recipes-sota/config/aktualizr-polling-interval.bb new file mode 100644 index 0000000..53c008a --- /dev/null +++ b/recipes-sota/config/aktualizr-polling-interval.bb @@ -0,0 +1,29 @@ +SUMMARY = "Set polling interval in Aktualizr" +DESCRIPTION = "Configures aktualizr to poll at a custom frequency (suitable for testing or other purposes)" +HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" +SECTION = "base" +LICENSE = "MPL-2.0" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" + +inherit allarch + +SRC_URI = " \ + file://60-polling-interval.toml \ + " + +SOTA_POLLING_SEC ?= "30" + +do_install_append () { + install -m 0700 -d ${D}${libdir}/sota/conf.d + install -m 0644 ${WORKDIR}/60-polling-interval.toml ${D}${libdir}/sota/conf.d/60-polling-interval.toml + + sed -i -e 's|@POLLING_SEC@|${SOTA_POLLING_SEC}|g' \ + ${D}${libdir}/sota/conf.d/60-polling-interval.toml +} + +FILES_${PN} = " \ + ${libdir}/sota/conf.d/60-polling-interval.toml \ + " + +# vim:set ts=4 sw=4 sts=4 expandtab: + diff --git a/recipes-sota/config/files/60-polling-interval.toml b/recipes-sota/config/files/60-polling-interval.toml new file mode 100644 index 0000000..7d25d05 --- /dev/null +++ b/recipes-sota/config/files/60-polling-interval.toml @@ -0,0 +1,2 @@ +[uptane] +polling_sec = @POLLING_SEC@ -- cgit v1.2.3-54-g00ecf From ade40b37c17d2bf8c5f9ba18b6f49bf9de807f8d Mon Sep 17 00:00:00 2001 From: Mike Sul Date: Wed, 15 May 2019 11:17:41 +0300 Subject: OTA-2541: Network configuration on IP/Posix Secondary Signed-off-by: Mike Sul Signed-off-by: Patrick Vacek --- recipes-sota/aktualizr/aktualizr_git.bb | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index 3759c39..3d0bc91 100755 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -119,6 +119,14 @@ do_install_append () { fi fi + if [ -n "${SOTA_SECONDARY_NETWORK_CONFIG}" ]; then + if [ -f "${SOTA_SECONDARY_NETWORK_CONFIG}" ]; then + install -m 0644 ${SOTA_SECONDARY_NETWORK_CONFIG} ${D}/${libdir}/sota/conf.d/35-secondary-network-config.toml + else + bbwarn "SOTA_SECONDARY_NETWORK_CONFIG is set to a non-existent file (${SOTA_SECONDARY_NETWORK_CONFIG})" + fi + fi + install -m 0755 -d ${D}${systemd_unitdir}/system aktualizr_service=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'serialcan', '${WORKDIR}/aktualizr-serialcan.service', '${WORKDIR}/aktualizr.service', d)} install -m 0644 ${aktualizr_service} ${D}${systemd_unitdir}/system/aktualizr.service -- cgit v1.2.3-54-g00ecf From 6602a2a9ee4e7118ee208239eed429a60028c598 Mon Sep 17 00:00:00 2001 From: Mike Sul Date: Thu, 16 May 2019 22:47:12 +0300 Subject: OTA-2541: Static IP address on Primary's and Secondary's internal NIC Signed-off-by: Mike Sul Signed-off-by: Patrick Vacek --- .../files/26-static-client.network | 7 +++++++ .../demo-network-config/primary-network-config.bb | 13 ++++++++++--- .../demo-network-config/secondary-network-config.bb | 13 ++++++++++--- .../demo-network-config/static-network-config.inc | 16 ++++++++++++++++ .../demo-secondary-config/files/30-fake_pacman.toml | 2 ++ .../demo-secondary-config/secondary-config.bb | 20 ++++++++++++++++++++ recipes-test/images/primary-image.bb | 1 + recipes-test/images/secondary-image.bb | 1 + scripts/qemucommand.py | 4 ++-- 9 files changed, 69 insertions(+), 8 deletions(-) create mode 100644 recipes-test/demo-network-config/files/26-static-client.network create mode 100644 recipes-test/demo-network-config/static-network-config.inc create mode 100644 recipes-test/demo-secondary-config/files/30-fake_pacman.toml create mode 100644 recipes-test/demo-secondary-config/secondary-config.bb diff --git a/recipes-test/demo-network-config/files/26-static-client.network b/recipes-test/demo-network-config/files/26-static-client.network new file mode 100644 index 0000000..19a6b83 --- /dev/null +++ b/recipes-test/demo-network-config/files/26-static-client.network @@ -0,0 +1,7 @@ +[Match] +Name=@IFNAME@ + +[Network] +Description=Private internal network between aktualizr Primary and Secondary nodes +Address=@ADDR@ +DHCP=no diff --git a/recipes-test/demo-network-config/primary-network-config.bb b/recipes-test/demo-network-config/primary-network-config.bb index 78678a2..ce19f07 100644 --- a/recipes-test/demo-network-config/primary-network-config.bb +++ b/recipes-test/demo-network-config/primary-network-config.bb @@ -3,8 +3,9 @@ LICENSE = "CLOSED" inherit allarch -SRC_URI = "file://25-dhcp-server.network" - +SRC_URI = "\ + file://27-dhcp-client-external.network \ + " FILES_${PN} = "/usr/lib/systemd/network" @@ -12,5 +13,11 @@ PR = "1" do_install() { install -d ${D}/usr/lib/systemd/network - install -m 0644 ${WORKDIR}/25-dhcp-server.network ${D}/usr/lib/systemd/network/ + install -m 0644 ${WORKDIR}/27-dhcp-client-external.network ${D}/usr/lib/systemd/network/ } + +SECONDARY_NETWORK_IP_ADDR ?= "10.0.3.1" + +require static-network-config.inc + +# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/recipes-test/demo-network-config/secondary-network-config.bb b/recipes-test/demo-network-config/secondary-network-config.bb index 9091c65..6473e05 100644 --- a/recipes-test/demo-network-config/secondary-network-config.bb +++ b/recipes-test/demo-network-config/secondary-network-config.bb @@ -3,18 +3,25 @@ LICENSE = "CLOSED" inherit allarch +# TODO: It configures the 'user' interface in NAT mode and provides an access to public Inet via it +# which is not desired for Secondary. It cannot be just removed since we get SSH access to Secondary +# VM via this interface. So, the task is to configure the interface in such way that it does provide access +# via SSH from a host machine and forbids an access to Inet SRC_URI = "\ - file://26-dhcp-client.network \ file://27-dhcp-client-external.network \ " - FILES_${PN} = "/usr/lib/systemd/network" PR = "1" do_install() { install -d ${D}/usr/lib/systemd/network - install -m 0644 ${WORKDIR}/26-dhcp-client.network ${D}/usr/lib/systemd/network/ install -m 0644 ${WORKDIR}/27-dhcp-client-external.network ${D}/usr/lib/systemd/network/ } + +SECONDARY_NETWORK_IP_ADDR ?= "10.0.3.2" + +require static-network-config.inc + +# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/recipes-test/demo-network-config/static-network-config.inc b/recipes-test/demo-network-config/static-network-config.inc new file mode 100644 index 0000000..27d2a20 --- /dev/null +++ b/recipes-test/demo-network-config/static-network-config.inc @@ -0,0 +1,16 @@ +SRC_URI_append = "\ + file://26-static-client.network \ + " + +SECONDARY_NETWORK_INTERFACE_NAME ?= "enp0s5" + +do_install_append() { + install -d ${D}/usr/lib/systemd/network + install -m 0644 ${WORKDIR}/26-static-client.network ${D}/usr/lib/systemd/network/ + sed -i -e 's|@ADDR@|${SECONDARY_NETWORK_IP_ADDR}|g' \ + -e 's|@IFNAME@|${SECONDARY_NETWORK_INTERFACE_NAME}|g' \ + ${D}/usr/lib/systemd/network/26-static-client.network + +} + +# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/recipes-test/demo-secondary-config/files/30-fake_pacman.toml b/recipes-test/demo-secondary-config/files/30-fake_pacman.toml new file mode 100644 index 0000000..3fb5cf2 --- /dev/null +++ b/recipes-test/demo-secondary-config/files/30-fake_pacman.toml @@ -0,0 +1,2 @@ +[pacman] +type = "fake" diff --git a/recipes-test/demo-secondary-config/secondary-config.bb b/recipes-test/demo-secondary-config/secondary-config.bb new file mode 100644 index 0000000..3187ff0 --- /dev/null +++ b/recipes-test/demo-secondary-config/secondary-config.bb @@ -0,0 +1,20 @@ +DESCRIPTION = "Sample configuration for an Uptane Secondary" +LICENSE = "CLOSED" + +inherit allarch + +SRC_URI = "\ + file://30-fake_pacman.toml \ + " + +do_install () { + install -m 0700 -d ${D}${libdir}/sota/conf.d + install -m 0644 ${WORKDIR}/30-fake_pacman.toml ${D}/${libdir}/sota/conf.d/30-fake_pacman.toml +} + +FILES_${PN} = " \ + ${libdir}/sota/conf.d \ + ${libdir}/sota/conf.d/30-fake_pacman.toml \ + " + +# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/recipes-test/images/primary-image.bb b/recipes-test/images/primary-image.bb index 6d2df94..ac14233 100644 --- a/recipes-test/images/primary-image.bb +++ b/recipes-test/images/primary-image.bb @@ -5,6 +5,7 @@ SUMMARY = "A minimal Uptane Primary image running aktualizr, for testing with a LICENSE = "MIT" IMAGE_INSTALL_remove = " \ + virtual/network-configuration \ " IMAGE_INSTALL_append = " \ diff --git a/recipes-test/images/secondary-image.bb b/recipes-test/images/secondary-image.bb index 61df85b..46be3d1 100644 --- a/recipes-test/images/secondary-image.bb +++ b/recipes-test/images/secondary-image.bb @@ -21,6 +21,7 @@ IMAGE_INSTALL_remove = " \ IMAGE_INSTALL_append = " \ aktualizr-secondary \ secondary-network-config \ + secondary-config \ " # vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/scripts/qemucommand.py b/scripts/qemucommand.py index 9b21a66..532e331 100644 --- a/scripts/qemucommand.py +++ b/scripts/qemucommand.py @@ -109,8 +109,8 @@ class QemuCommand(object): cmdline += ['-net', 'dump,file=' + self.pcap] if self.secondary_network: cmdline += [ - '-net', 'nic,vlan=1,macaddr='+random_mac(), - '-net', 'socket,vlan=1,mcast=230.0.0.1:1234,localaddr=127.0.0.1', + '-netdev', 'socket,id=vlan1,mcast=230.0.0.1:1234,localaddr=127.0.0.1', + '-device', 'e1000,netdev=vlan1,mac='+random_mac(), ] if self.gui: cmdline += ["-serial", "stdio"] -- cgit v1.2.3-54-g00ecf From 1477c1dbc494d61c04d1fe99c76f3d57185141a4 Mon Sep 17 00:00:00 2001 From: Mike Sul Date: Fri, 17 May 2019 10:58:30 +0300 Subject: OTA-2541: Remove Secondary's socket service. Use a regular systemd service to start Seconadry daemon Signed-off-by: Mike Sul Signed-off-by: Patrick Vacek --- recipes-sota/aktualizr/aktualizr_git.bb | 5 +---- recipes-sota/aktualizr/files/aktualizr-secondary.service | 6 +++++- recipes-sota/aktualizr/files/aktualizr-secondary.socket | 6 ------ 3 files changed, 6 insertions(+), 11 deletions(-) delete mode 100644 recipes-sota/aktualizr/files/aktualizr-secondary.socket diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index 3d0bc91..1574879 100755 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -22,7 +22,6 @@ SRC_URI = " \ file://run-ptest \ file://aktualizr.service \ file://aktualizr-secondary.service \ - file://aktualizr-secondary.socket \ file://aktualizr-serialcan.service \ file://10-resource-control.conf \ ${@ d.expand("https://ats-tuf-cli-releases.s3-eu-central-1.amazonaws.com/cli-${GARAGE_SIGN_PV}.tgz;unpack=0") if d.getVar('GARAGE_SIGN_AUTOVERSION') != '1' else ''} \ @@ -45,7 +44,7 @@ PTEST_ENABLED = "0" SYSTEMD_PACKAGES = "${PN} ${PN}-secondary" SYSTEMD_SERVICE_${PN} = "aktualizr.service" -SYSTEMD_SERVICE_${PN}-secondary = "aktualizr-secondary.socket" +SYSTEMD_SERVICE_${PN}-secondary = "aktualizr-secondary.service" EXTRA_OECMAKE = "-DCMAKE_BUILD_TYPE=Release -DAKTUALIZR_VERSION=${PV} ${@bb.utils.contains('PTEST_ENABLED', '1', '-DTESTSUITE_VALGRIND=on', '', d)}" @@ -100,7 +99,6 @@ do_install_append () { install -m 0644 ${S}/config/sota_secondary.toml ${D}/${libdir}/sota/sota_secondary.toml install -m 0644 ${S}/config/sota_uboot_env.toml ${D}/${libdir}/sota/sota_uboot_env.toml install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/aktualizr-secondary.socket ${D}${systemd_unitdir}/system/aktualizr-secondary.socket install -m 0644 ${WORKDIR}/aktualizr-secondary.service ${D}${systemd_unitdir}/system/aktualizr-secondary.service install -m 0700 -d ${D}${libdir}/sota/conf.d install -m 0700 -d ${D}${sysconfdir}/sota/conf.d @@ -184,7 +182,6 @@ FILES_${PN}-examples = " \ FILES_${PN}-secondary = " \ ${bindir}/aktualizr-secondary \ ${libdir}/sota/sota_secondary.toml \ - ${systemd_unitdir}/system/aktualizr-secondary.socket \ ${systemd_unitdir}/system/aktualizr-secondary.service \ " diff --git a/recipes-sota/aktualizr/files/aktualizr-secondary.service b/recipes-sota/aktualizr/files/aktualizr-secondary.service index 9628ee3..b577ae8 100644 --- a/recipes-sota/aktualizr/files/aktualizr-secondary.service +++ b/recipes-sota/aktualizr/files/aktualizr-secondary.service @@ -1,8 +1,12 @@ [Unit] Description=Aktualizr SOTA Client (UPTANE Secondary) +After=network.target [Service] RestartSec=10 Restart=always -ExecStart=/usr/bin/aktualizr-secondary --config /usr/lib/sota/sota_secondary.toml +ExecStart=/usr/bin/aktualizr-secondary + +[Install] +WantedBy=multi-user.target diff --git a/recipes-sota/aktualizr/files/aktualizr-secondary.socket b/recipes-sota/aktualizr/files/aktualizr-secondary.socket deleted file mode 100644 index da0ee44..0000000 --- a/recipes-sota/aktualizr/files/aktualizr-secondary.socket +++ /dev/null @@ -1,6 +0,0 @@ -[Socket] -ListenStream=9030 -ListenDatagram=9031 - -[Install] -WantedBy=sockets.target \ No newline at end of file -- cgit v1.2.3-54-g00ecf From 5666ff7533a87b4b0533b9310aa3842d52068380 Mon Sep 17 00:00:00 2001 From: Mike Sul Date: Tue, 21 May 2019 08:04:44 +0300 Subject: OTA-2541: Add suffix '-sndry' to a default HW_ID for Secondary. Ability to define IP and Port in local.conf Signed-off-by: Mike Sul Signed-off-by: Patrick Vacek --- .../demo-network-config/primary-network-config.bb | 3 ++- .../secondary-network-config.bb | 3 ++- .../demo-network-config/static-network-config.inc | 6 ++--- .../files/35-network_config.toml | 4 ++++ .../demo-secondary-config/files/45-id_config.toml | 3 +++ .../demo-secondary-config/secondary-config.bb | 26 ++++++++++++++++++++-- recipes-test/images/secondary-image.bb | 2 ++ 7 files changed, 40 insertions(+), 7 deletions(-) create mode 100644 recipes-test/demo-secondary-config/files/35-network_config.toml create mode 100644 recipes-test/demo-secondary-config/files/45-id_config.toml diff --git a/recipes-test/demo-network-config/primary-network-config.bb b/recipes-test/demo-network-config/primary-network-config.bb index ce19f07..9725898 100644 --- a/recipes-test/demo-network-config/primary-network-config.bb +++ b/recipes-test/demo-network-config/primary-network-config.bb @@ -16,7 +16,8 @@ do_install() { install -m 0644 ${WORKDIR}/27-dhcp-client-external.network ${D}/usr/lib/systemd/network/ } -SECONDARY_NETWORK_IP_ADDR ?= "10.0.3.1" +PRIMARY_IP ?= "10.0.3.1" +IP_ADDR = "${PRIMARY_IP}" require static-network-config.inc diff --git a/recipes-test/demo-network-config/secondary-network-config.bb b/recipes-test/demo-network-config/secondary-network-config.bb index 6473e05..e33229d 100644 --- a/recipes-test/demo-network-config/secondary-network-config.bb +++ b/recipes-test/demo-network-config/secondary-network-config.bb @@ -20,7 +20,8 @@ do_install() { install -m 0644 ${WORKDIR}/27-dhcp-client-external.network ${D}/usr/lib/systemd/network/ } -SECONDARY_NETWORK_IP_ADDR ?= "10.0.3.2" +SECONDARY_IP ?= "10.0.3.2" +IP_ADDR = "${SECONDARY_IP}" require static-network-config.inc diff --git a/recipes-test/demo-network-config/static-network-config.inc b/recipes-test/demo-network-config/static-network-config.inc index 27d2a20..e64675e 100644 --- a/recipes-test/demo-network-config/static-network-config.inc +++ b/recipes-test/demo-network-config/static-network-config.inc @@ -2,13 +2,13 @@ SRC_URI_append = "\ file://26-static-client.network \ " -SECONDARY_NETWORK_INTERFACE_NAME ?= "enp0s5" +SECONDARY_INTERFACE ?= "enp0s5" do_install_append() { install -d ${D}/usr/lib/systemd/network install -m 0644 ${WORKDIR}/26-static-client.network ${D}/usr/lib/systemd/network/ - sed -i -e 's|@ADDR@|${SECONDARY_NETWORK_IP_ADDR}|g' \ - -e 's|@IFNAME@|${SECONDARY_NETWORK_INTERFACE_NAME}|g' \ + sed -i -e 's|@ADDR@|${IP_ADDR}|g' \ + -e 's|@IFNAME@|${SECONDARY_INTERFACE}|g' \ ${D}/usr/lib/systemd/network/26-static-client.network } diff --git a/recipes-test/demo-secondary-config/files/35-network_config.toml b/recipes-test/demo-secondary-config/files/35-network_config.toml new file mode 100644 index 0000000..db7a1bb --- /dev/null +++ b/recipes-test/demo-secondary-config/files/35-network_config.toml @@ -0,0 +1,4 @@ +[network] +port = @PORT@ +primary_ip = @PRIMARY_IP@ +primary_port = @PRIMARY_PORT@ diff --git a/recipes-test/demo-secondary-config/files/45-id_config.toml b/recipes-test/demo-secondary-config/files/45-id_config.toml new file mode 100644 index 0000000..6cbd77f --- /dev/null +++ b/recipes-test/demo-secondary-config/files/45-id_config.toml @@ -0,0 +1,3 @@ +[uptane] +ecu_serial = @SERIAL@ +ecu_hardware_id = @HWID@ diff --git a/recipes-test/demo-secondary-config/secondary-config.bb b/recipes-test/demo-secondary-config/secondary-config.bb index 3187ff0..b05ab8e 100644 --- a/recipes-test/demo-secondary-config/secondary-config.bb +++ b/recipes-test/demo-secondary-config/secondary-config.bb @@ -1,20 +1,42 @@ DESCRIPTION = "Sample configuration for an Uptane Secondary" LICENSE = "CLOSED" -inherit allarch +SECONDARY_SERIAL_ID ?= "" +SOTA_HARDWARE_ID ?= "${MACHINE}-sndry" +SECONDARY_HARDWARE_ID ?= "${SOTA_HARDWARE_ID}" + +SECONDARY_PORT ?= "9050" +PRIMARY_IP ?= "10.0.3.1" +PRIMARY_PORT ?= "9040" SRC_URI = "\ file://30-fake_pacman.toml \ + file://35-network_config.toml \ + file://45-id_config.toml \ " do_install () { - install -m 0700 -d ${D}${libdir}/sota/conf.d + install -m 0700 -d ${D}${libdir}/sota/conf.d install -m 0644 ${WORKDIR}/30-fake_pacman.toml ${D}/${libdir}/sota/conf.d/30-fake_pacman.toml + + install -m 0644 ${WORKDIR}/35-network_config.toml ${D}/${libdir}/sota/conf.d/35-network_config.toml + sed -i -e 's|@PORT@|${SECONDARY_PORT}|g' \ + -e 's|@PRIMARY_IP@|${PRIMARY_IP}|g' \ + -e 's|@PRIMARY_PORT@|${PRIMARY_PORT}|g' \ + ${D}/${libdir}/sota/conf.d/35-network_config.toml + + install -m 0644 ${WORKDIR}/45-id_config.toml ${D}/${libdir}/sota/conf.d/45-id_config.toml + sed -i -e 's|@SERIAL@|${SECONDARY_SERIAL_ID}|g' \ + -e 's|@HWID@|${SECONDARY_HARDWARE_ID}|g' \ + ${D}/${libdir}/sota/conf.d/45-id_config.toml + } FILES_${PN} = " \ ${libdir}/sota/conf.d \ ${libdir}/sota/conf.d/30-fake_pacman.toml \ + ${libdir}/sota/conf.d/35-network_config.toml \ + ${libdir}/sota/conf.d/45-id_config.toml \ " # vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/recipes-test/images/secondary-image.bb b/recipes-test/images/secondary-image.bb index 46be3d1..a688bbd 100644 --- a/recipes-test/images/secondary-image.bb +++ b/recipes-test/images/secondary-image.bb @@ -4,6 +4,8 @@ SUMMARY = "A minimal Uptane Secondary image running aktualizr-secondary" LICENSE = "MIT" +SECONDARY_SERIAL_ID ?= "" +SOTA_HARDWARE_ID ?= "${MACHINE}-sndry" # Remove default aktualizr primary, and the provisioning configuration (which # RDEPENDS on aktualizr) -- cgit v1.2.3-54-g00ecf From 274b3c7ed87a17ccc5aa5878736ba8759c528f8f Mon Sep 17 00:00:00 2001 From: Mike Sul Date: Tue, 21 May 2019 19:03:36 +0300 Subject: OTA-2541: Use MPL-2.0 license for recipes-test's recipes Signed-off-by: Mike Sul Signed-off-by: Patrick Vacek --- recipes-test/big-update/big-update_1.0.bb | 2 +- recipes-test/big-update/big-update_2.0.bb | 2 +- recipes-test/demo-network-config/primary-network-config.bb | 3 ++- recipes-test/demo-network-config/secondary-network-config.bb | 3 ++- recipes-test/demo-secondary-config/secondary-config.bb | 3 ++- recipes-test/images/primary-image.bb | 2 +- recipes-test/images/secondary-image.bb | 2 +- 7 files changed, 10 insertions(+), 7 deletions(-) diff --git a/recipes-test/big-update/big-update_1.0.bb b/recipes-test/big-update/big-update_1.0.bb index 68b9746..3b1d652 100644 --- a/recipes-test/big-update/big-update_1.0.bb +++ b/recipes-test/big-update/big-update_1.0.bb @@ -1,5 +1,5 @@ DESCRIPTION = "Example Package with 10MB of random, seeded content" -LICENSE = "CLOSED" +LICENSE = "MPL-2.0" SRC_URI = "file://rand_file.py" diff --git a/recipes-test/big-update/big-update_2.0.bb b/recipes-test/big-update/big-update_2.0.bb index 20c8138..7cb6e94 100644 --- a/recipes-test/big-update/big-update_2.0.bb +++ b/recipes-test/big-update/big-update_2.0.bb @@ -1,5 +1,5 @@ DESCRIPTION = "Example Package with 12MB of random, seeded content" -LICENSE = "CLOSED" +LICENSE = "MPL-2.0" SRC_URI = "file://rand_file.py" diff --git a/recipes-test/demo-network-config/primary-network-config.bb b/recipes-test/demo-network-config/primary-network-config.bb index 9725898..c7daa15 100644 --- a/recipes-test/demo-network-config/primary-network-config.bb +++ b/recipes-test/demo-network-config/primary-network-config.bb @@ -1,5 +1,6 @@ DESCRIPTION = "Sample network configuration for an Uptane Primary" -LICENSE = "CLOSED" +LICENSE = "MPL-2.0" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" inherit allarch diff --git a/recipes-test/demo-network-config/secondary-network-config.bb b/recipes-test/demo-network-config/secondary-network-config.bb index e33229d..c70d88a 100644 --- a/recipes-test/demo-network-config/secondary-network-config.bb +++ b/recipes-test/demo-network-config/secondary-network-config.bb @@ -1,5 +1,6 @@ DESCRIPTION = "Sample network configuration for an Uptane Secondary" -LICENSE = "CLOSED" +LICENSE = "MPL-2.0" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" inherit allarch diff --git a/recipes-test/demo-secondary-config/secondary-config.bb b/recipes-test/demo-secondary-config/secondary-config.bb index b05ab8e..25972d4 100644 --- a/recipes-test/demo-secondary-config/secondary-config.bb +++ b/recipes-test/demo-secondary-config/secondary-config.bb @@ -1,5 +1,6 @@ DESCRIPTION = "Sample configuration for an Uptane Secondary" -LICENSE = "CLOSED" +LICENSE = "MPL-2.0" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" SECONDARY_SERIAL_ID ?= "" SOTA_HARDWARE_ID ?= "${MACHINE}-sndry" diff --git a/recipes-test/images/primary-image.bb b/recipes-test/images/primary-image.bb index ac14233..935f7ac 100644 --- a/recipes-test/images/primary-image.bb +++ b/recipes-test/images/primary-image.bb @@ -2,7 +2,7 @@ include recipes-core/images/core-image-minimal.bb SUMMARY = "A minimal Uptane Primary image running aktualizr, for testing with a Linux secondary" -LICENSE = "MIT" +LICENSE = "MPL-2.0" IMAGE_INSTALL_remove = " \ virtual/network-configuration \ diff --git a/recipes-test/images/secondary-image.bb b/recipes-test/images/secondary-image.bb index a688bbd..4cae874 100644 --- a/recipes-test/images/secondary-image.bb +++ b/recipes-test/images/secondary-image.bb @@ -2,7 +2,7 @@ include recipes-core/images/core-image-minimal.bb SUMMARY = "A minimal Uptane Secondary image running aktualizr-secondary" -LICENSE = "MIT" +LICENSE = "MPL-2.0" SECONDARY_SERIAL_ID ?= "" SOTA_HARDWARE_ID ?= "${MACHINE}-sndry" -- cgit v1.2.3-54-g00ecf From 13c1c17394263a2a7230d5c0a671e1cf1656f2b4 Mon Sep 17 00:00:00 2001 From: Mike Sul Date: Wed, 22 May 2019 17:02:24 +0300 Subject: OTA-2541: Use local.conf's variables to configure Primary with Secondary(ies) and vice versa Signed-off-by: Mike Sul Signed-off-by: Patrick Vacek --- recipes-sota/aktualizr/aktualizr_git.bb | 8 --- recipes-test/demo-config/files/30-fake_pacman.toml | 2 + .../demo-config/files/30-secondary_config.toml | 2 + .../demo-config/files/35-network_config.toml | 4 ++ recipes-test/demo-config/files/45-id_config.toml | 3 + .../demo-config/files/ip_secondary_config.json | 7 +++ recipes-test/demo-config/primary-config.bb | 68 ++++++++++++++++++++++ recipes-test/demo-config/secondary-config.bb | 41 +++++++++++++ recipes-test/demo-config/shared-conf.inc | 5 ++ .../files/30-fake_pacman.toml | 2 - .../files/35-network_config.toml | 4 -- .../demo-secondary-config/files/45-id_config.toml | 3 - .../demo-secondary-config/secondary-config.bb | 43 -------------- recipes-test/images/primary-image.bb | 3 +- 14 files changed, 134 insertions(+), 61 deletions(-) create mode 100644 recipes-test/demo-config/files/30-fake_pacman.toml create mode 100644 recipes-test/demo-config/files/30-secondary_config.toml create mode 100644 recipes-test/demo-config/files/35-network_config.toml create mode 100644 recipes-test/demo-config/files/45-id_config.toml create mode 100644 recipes-test/demo-config/files/ip_secondary_config.json create mode 100644 recipes-test/demo-config/primary-config.bb create mode 100644 recipes-test/demo-config/secondary-config.bb create mode 100644 recipes-test/demo-config/shared-conf.inc delete mode 100644 recipes-test/demo-secondary-config/files/30-fake_pacman.toml delete mode 100644 recipes-test/demo-secondary-config/files/35-network_config.toml delete mode 100644 recipes-test/demo-secondary-config/files/45-id_config.toml delete mode 100644 recipes-test/demo-secondary-config/secondary-config.bb diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index 1574879..c1e0134 100755 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -117,14 +117,6 @@ do_install_append () { fi fi - if [ -n "${SOTA_SECONDARY_NETWORK_CONFIG}" ]; then - if [ -f "${SOTA_SECONDARY_NETWORK_CONFIG}" ]; then - install -m 0644 ${SOTA_SECONDARY_NETWORK_CONFIG} ${D}/${libdir}/sota/conf.d/35-secondary-network-config.toml - else - bbwarn "SOTA_SECONDARY_NETWORK_CONFIG is set to a non-existent file (${SOTA_SECONDARY_NETWORK_CONFIG})" - fi - fi - install -m 0755 -d ${D}${systemd_unitdir}/system aktualizr_service=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'serialcan', '${WORKDIR}/aktualizr-serialcan.service', '${WORKDIR}/aktualizr.service', d)} install -m 0644 ${aktualizr_service} ${D}${systemd_unitdir}/system/aktualizr.service diff --git a/recipes-test/demo-config/files/30-fake_pacman.toml b/recipes-test/demo-config/files/30-fake_pacman.toml new file mode 100644 index 0000000..3fb5cf2 --- /dev/null +++ b/recipes-test/demo-config/files/30-fake_pacman.toml @@ -0,0 +1,2 @@ +[pacman] +type = "fake" diff --git a/recipes-test/demo-config/files/30-secondary_config.toml b/recipes-test/demo-config/files/30-secondary_config.toml new file mode 100644 index 0000000..7714240 --- /dev/null +++ b/recipes-test/demo-config/files/30-secondary_config.toml @@ -0,0 +1,2 @@ +[uptane] +secondary_config_file = "@CFG_FILEPATH@" diff --git a/recipes-test/demo-config/files/35-network_config.toml b/recipes-test/demo-config/files/35-network_config.toml new file mode 100644 index 0000000..db7a1bb --- /dev/null +++ b/recipes-test/demo-config/files/35-network_config.toml @@ -0,0 +1,4 @@ +[network] +port = @PORT@ +primary_ip = @PRIMARY_IP@ +primary_port = @PRIMARY_PORT@ diff --git a/recipes-test/demo-config/files/45-id_config.toml b/recipes-test/demo-config/files/45-id_config.toml new file mode 100644 index 0000000..6cbd77f --- /dev/null +++ b/recipes-test/demo-config/files/45-id_config.toml @@ -0,0 +1,3 @@ +[uptane] +ecu_serial = @SERIAL@ +ecu_hardware_id = @HWID@ diff --git a/recipes-test/demo-config/files/ip_secondary_config.json b/recipes-test/demo-config/files/ip_secondary_config.json new file mode 100644 index 0000000..690cf2e --- /dev/null +++ b/recipes-test/demo-config/files/ip_secondary_config.json @@ -0,0 +1,7 @@ +{ + "IP": { + "secondaries_wait_port": @PORT@, + "secondaries_wait_timeout": @TIMEOUT@, + "secondaries": @ADDR_ARRAY@ + } +} diff --git a/recipes-test/demo-config/primary-config.bb b/recipes-test/demo-config/primary-config.bb new file mode 100644 index 0000000..0cd9180 --- /dev/null +++ b/recipes-test/demo-config/primary-config.bb @@ -0,0 +1,68 @@ +DESCRIPTION = "Sample configuration for an Uptane Primary to support IP/Posix Secondary" +LICENSE = "MPL-2.0" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" + +require shared-conf.inc + +PRIMARY_SECONDARIES ?= "${SECONDARY_IP}:${SECONDARY_PORT}" + +SRC_URI = "\ + file://30-secondary_config.toml \ + file://ip_secondary_config.json \ + " + +def get_secondary_addrs(d): + import json + + secondaries = d.getVar('PRIMARY_SECONDARIES') + sec_array = [] + for secondary in secondaries.split(): + sec_array.append({"addr": secondary}) + + return json.dumps(sec_array) + +do_install () { + + if [ ! -n "${SOTA_SECONDARY_CONFIG}" ]; then + bbwarn "SOTA_SECONDARY_CONFIG hasn't been specified in the local config, generate a default one" + + IP_SECONDARY_CONFIG_FILE=${WORKDIR}/ip_secondary_config.json + IP_SECONDARY_ADDRS='${@get_secondary_addrs(d)}' + else + bbwarn "SOTA_SECONDARY_CONFIG has been specified in the local config: ${SOTA_SECONDARY_CONFIG}" + + IP_SECONDARY_CONFIG_FILE=${SOTA_SECONDARY_CONFIG} + fi + + if [ ! -f $IP_SECONDARY_CONFIG_FILE ]; then + bbfatal "Secondary config file does not exist: $IP_SECONDARY_CONFIG_FILE" + fi + + SECONDARY_CONFIG_DEST_DIR="${D}${sysconfdir}/sota/ecus" + SECONDARY_CONFIG_DEST_FILEPATH=$SECONDARY_CONFIG_DEST_DIR/$(basename -- $IP_SECONDARY_CONFIG_FILE) + SECONDARY_CONFIG_FILEPATH_ON_IMAGE="${sysconfdir}/sota/ecus/$(basename -- $IP_SECONDARY_CONFIG_FILE)" + + # install the secondary configuration file (json) + install -m 0700 -d $SECONDARY_CONFIG_DEST_DIR + install -m 0644 $IP_SECONDARY_CONFIG_FILE $SECONDARY_CONFIG_DEST_DIR + + # if SOTA_SECONDARY_CONFIG/secondary config file is not defined in the local conf + # then a default template is used and filled with corresponding configuration variable values + if [ ! -n "${SOTA_SECONDARY_CONFIG}" ]; then + sed -i -e "s|@PORT@|${PRIMARY_PORT}|g" \ + -e "s|@TIMEOUT@|${PRIMARY_WAIT_TIMEOUT}|g" \ + -e "s|@ADDR_ARRAY@|$IP_SECONDARY_ADDRS|g" $SECONDARY_CONFIG_DEST_FILEPATH + fi + + # install aktualizr config file (toml) that points to the secondary config file, so aktualizr is aware about it + install -m 0700 -d ${D}${libdir}/sota/conf.d + install -m 0644 ${WORKDIR}/30-secondary_config.toml ${D}${libdir}/sota/conf.d + sed -i "s|@CFG_FILEPATH@|$SECONDARY_CONFIG_FILEPATH_ON_IMAGE|g" ${D}${libdir}/sota/conf.d/30-secondary_config.toml +} + +FILES_${PN} = " \ + ${libdir}/sota/conf.d/* \ + ${sysconfdir}/sota/ecus/* \ + " + +# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/recipes-test/demo-config/secondary-config.bb b/recipes-test/demo-config/secondary-config.bb new file mode 100644 index 0000000..5b213d1 --- /dev/null +++ b/recipes-test/demo-config/secondary-config.bb @@ -0,0 +1,41 @@ +DESCRIPTION = "Sample configuration for an Uptane Secondary" +LICENSE = "MPL-2.0" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" + +require shared-conf.inc + +SECONDARY_SERIAL_ID ?= "" +SOTA_HARDWARE_ID ?= "${MACHINE}-sndry" +SECONDARY_HARDWARE_ID ?= "${SOTA_HARDWARE_ID}" + +SRC_URI = "\ + file://30-fake_pacman.toml \ + file://35-network_config.toml \ + file://45-id_config.toml \ + " + +do_install () { + install -m 0700 -d ${D}${libdir}/sota/conf.d + install -m 0644 ${WORKDIR}/30-fake_pacman.toml ${D}/${libdir}/sota/conf.d/30-fake_pacman.toml + + install -m 0644 ${WORKDIR}/35-network_config.toml ${D}/${libdir}/sota/conf.d/35-network_config.toml + sed -i -e 's|@PORT@|${SECONDARY_PORT}|g' \ + -e 's|@PRIMARY_IP@|${PRIMARY_IP}|g' \ + -e 's|@PRIMARY_PORT@|${PRIMARY_PORT}|g' \ + ${D}/${libdir}/sota/conf.d/35-network_config.toml + + install -m 0644 ${WORKDIR}/45-id_config.toml ${D}/${libdir}/sota/conf.d/45-id_config.toml + sed -i -e 's|@SERIAL@|${SECONDARY_SERIAL_ID}|g' \ + -e 's|@HWID@|${SECONDARY_HARDWARE_ID}|g' \ + ${D}/${libdir}/sota/conf.d/45-id_config.toml + +} + +FILES_${PN} = " \ + ${libdir}/sota/conf.d \ + ${libdir}/sota/conf.d/30-fake_pacman.toml \ + ${libdir}/sota/conf.d/35-network_config.toml \ + ${libdir}/sota/conf.d/45-id_config.toml \ + " + +# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/recipes-test/demo-config/shared-conf.inc b/recipes-test/demo-config/shared-conf.inc new file mode 100644 index 0000000..ce2bb44 --- /dev/null +++ b/recipes-test/demo-config/shared-conf.inc @@ -0,0 +1,5 @@ +SECONDARY_IP ?= "10.0.3.2" +SECONDARY_PORT ?= "9050" +PRIMARY_IP ?= "10.0.3.1" +PRIMARY_PORT ?= "9040" +PRIMARY_WAIT_TIMEOUT ?= "120" diff --git a/recipes-test/demo-secondary-config/files/30-fake_pacman.toml b/recipes-test/demo-secondary-config/files/30-fake_pacman.toml deleted file mode 100644 index 3fb5cf2..0000000 --- a/recipes-test/demo-secondary-config/files/30-fake_pacman.toml +++ /dev/null @@ -1,2 +0,0 @@ -[pacman] -type = "fake" diff --git a/recipes-test/demo-secondary-config/files/35-network_config.toml b/recipes-test/demo-secondary-config/files/35-network_config.toml deleted file mode 100644 index db7a1bb..0000000 --- a/recipes-test/demo-secondary-config/files/35-network_config.toml +++ /dev/null @@ -1,4 +0,0 @@ -[network] -port = @PORT@ -primary_ip = @PRIMARY_IP@ -primary_port = @PRIMARY_PORT@ diff --git a/recipes-test/demo-secondary-config/files/45-id_config.toml b/recipes-test/demo-secondary-config/files/45-id_config.toml deleted file mode 100644 index 6cbd77f..0000000 --- a/recipes-test/demo-secondary-config/files/45-id_config.toml +++ /dev/null @@ -1,3 +0,0 @@ -[uptane] -ecu_serial = @SERIAL@ -ecu_hardware_id = @HWID@ diff --git a/recipes-test/demo-secondary-config/secondary-config.bb b/recipes-test/demo-secondary-config/secondary-config.bb deleted file mode 100644 index 25972d4..0000000 --- a/recipes-test/demo-secondary-config/secondary-config.bb +++ /dev/null @@ -1,43 +0,0 @@ -DESCRIPTION = "Sample configuration for an Uptane Secondary" -LICENSE = "MPL-2.0" -LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" - -SECONDARY_SERIAL_ID ?= "" -SOTA_HARDWARE_ID ?= "${MACHINE}-sndry" -SECONDARY_HARDWARE_ID ?= "${SOTA_HARDWARE_ID}" - -SECONDARY_PORT ?= "9050" -PRIMARY_IP ?= "10.0.3.1" -PRIMARY_PORT ?= "9040" - -SRC_URI = "\ - file://30-fake_pacman.toml \ - file://35-network_config.toml \ - file://45-id_config.toml \ - " - -do_install () { - install -m 0700 -d ${D}${libdir}/sota/conf.d - install -m 0644 ${WORKDIR}/30-fake_pacman.toml ${D}/${libdir}/sota/conf.d/30-fake_pacman.toml - - install -m 0644 ${WORKDIR}/35-network_config.toml ${D}/${libdir}/sota/conf.d/35-network_config.toml - sed -i -e 's|@PORT@|${SECONDARY_PORT}|g' \ - -e 's|@PRIMARY_IP@|${PRIMARY_IP}|g' \ - -e 's|@PRIMARY_PORT@|${PRIMARY_PORT}|g' \ - ${D}/${libdir}/sota/conf.d/35-network_config.toml - - install -m 0644 ${WORKDIR}/45-id_config.toml ${D}/${libdir}/sota/conf.d/45-id_config.toml - sed -i -e 's|@SERIAL@|${SECONDARY_SERIAL_ID}|g' \ - -e 's|@HWID@|${SECONDARY_HARDWARE_ID}|g' \ - ${D}/${libdir}/sota/conf.d/45-id_config.toml - -} - -FILES_${PN} = " \ - ${libdir}/sota/conf.d \ - ${libdir}/sota/conf.d/30-fake_pacman.toml \ - ${libdir}/sota/conf.d/35-network_config.toml \ - ${libdir}/sota/conf.d/45-id_config.toml \ - " - -# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/recipes-test/images/primary-image.bb b/recipes-test/images/primary-image.bb index 935f7ac..ba1dc1f 100644 --- a/recipes-test/images/primary-image.bb +++ b/recipes-test/images/primary-image.bb @@ -9,7 +9,8 @@ IMAGE_INSTALL_remove = " \ " IMAGE_INSTALL_append = " \ - primary-network-config \ + primary-network-config \ + primary-config \ " # vim:set ts=4 sw=4 sts=4 expandtab: -- cgit v1.2.3-54-g00ecf From 22539ccd7cf4d2f8b991844291f69a70a4d85bbd Mon Sep 17 00:00:00 2001 From: Mike Sul Date: Thu, 23 May 2019 15:38:42 +0300 Subject: OTA-2541: IP Secondary tests (oe-selftest) Signed-off-by: Mike Sul Signed-off-by: Patrick Vacek --- lib/oeqa/selftest/cases/testutils.py | 53 +++++---- lib/oeqa/selftest/cases/updater_qemux86_64.py | 151 ++++++++++++++++++-------- 2 files changed, 138 insertions(+), 66 deletions(-) diff --git a/lib/oeqa/selftest/cases/testutils.py b/lib/oeqa/selftest/cases/testutils.py index 2ad99ad..f8b1904 100644 --- a/lib/oeqa/selftest/cases/testutils.py +++ b/lib/oeqa/selftest/cases/testutils.py @@ -7,49 +7,57 @@ from time import sleep from oeqa.utils.commands import runCmd, bitbake, get_bb_var, get_bb_vars from qemucommand import QemuCommand +logger = logging.getLogger("selftest") -def qemu_launch(efi=False, machine=None, imagename=None): - logger = logging.getLogger("selftest") - if imagename is None: - imagename = 'core-image-minimal' - logger.info('Running bitbake to build {}'.format(imagename)) - bitbake(imagename) + +def qemu_launch(efi=False, machine=None, imagename='core-image-minimal', **kwargs): + qemu_bake_image(imagename) + return qemu_boot_image(efi=efi, machine=machine, imagename=imagename, **kwargs) + + +def qemu_terminate(s): + try: + s.terminate() + s.wait(timeout=10) + except KeyboardInterrupt: + pass + + +def qemu_boot_image(imagename, **kwargs): # Create empty object. args = type('', (), {})() args.imagename = imagename - args.mac = None + args.mac = kwargs.get('mac', None) # Could use DEPLOY_DIR_IMAGE here but it's already in the machine # subdirectory. args.dir = 'tmp/deploy/images' - args.efi = efi - args.machine = machine + args.efi = kwargs.get('efi', False) + args.machine = kwargs.get('machine', None) qemu_use_kvm = get_bb_var("QEMU_USE_KVM") if qemu_use_kvm and \ - (qemu_use_kvm == 'True' and 'x86' in machine or + (qemu_use_kvm == 'True' and 'x86' in args.machine or get_bb_var('MACHINE') in qemu_use_kvm.split()): args.kvm = True else: args.kvm = None # Autodetect - args.no_gui = True - args.gdb = False - args.pcap = None - args.overlay = None - args.dry_run = False - args.secondary_network = False + args.no_gui = kwargs.get('no_gui', True) + args.gdb = kwargs.get('gdb', False) + args.pcap = kwargs.get('pcap', None) + args.overlay = kwargs.get('overlay', None) + args.dry_run = kwargs.get('dry_run', False) + args.secondary_network = kwargs.get('secondary_network', False) qemu = QemuCommand(args) cmdline = qemu.command_line() print('Booting image with run-qemu-ota...') s = subprocess.Popen(cmdline) - sleep(10) + sleep(kwargs.get('wait_for_boot_time', 10)) return qemu, s -def qemu_terminate(s): - try: - s.terminate() - except KeyboardInterrupt: - pass +def qemu_bake_image(imagename): + logger.info('Running bitbake to build {}'.format(imagename)) + bitbake(imagename) def qemu_send_command(port, command, timeout=60): @@ -122,7 +130,6 @@ def verifyProvisioned(testInst, machine): m = p.search(stdout.decode()) testInst.assertTrue(m, 'Device ID could not be read: ' + stderr.decode() + stdout.decode()) testInst.assertGreater(m.lastindex, 0, 'Device ID could not be read: ' + stderr.decode() + stdout.decode()) - logger = logging.getLogger("selftest") logger.info('Device successfully provisioned with ID: ' + m.group(1)) # vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/lib/oeqa/selftest/cases/updater_qemux86_64.py b/lib/oeqa/selftest/cases/updater_qemux86_64.py index 9f32bcf..f951bc7 100644 --- a/lib/oeqa/selftest/cases/updater_qemux86_64.py +++ b/lib/oeqa/selftest/cases/updater_qemux86_64.py @@ -4,11 +4,12 @@ import logging import re import unittest from time import sleep +from uuid import uuid4 from oeqa.selftest.case import OESelftestTestCase from oeqa.utils.commands import runCmd, bitbake, get_bb_var, get_bb_vars from testutils import qemu_launch, qemu_send_command, qemu_terminate, \ - akt_native_run, verifyNotProvisioned, verifyProvisioned + akt_native_run, verifyNotProvisioned, verifyProvisioned, qemu_bake_image, qemu_boot_image class GeneralTests(OESelftestTestCase): @@ -309,7 +310,91 @@ class HsmTests(OESelftestTestCase): verifyProvisioned(self, machine) -class SecondaryTests(OESelftestTestCase): +class IpSecondaryTests(OESelftestTestCase): + + class Image: + def __init__(self, imagename, binaryname, machine='qemux86-64', bake=True, **kwargs): + self.machine = machine + self.imagename = imagename + self.boot_kwargs = kwargs + self.binaryname = binaryname + self.stdout = '' + self.stderr = '' + self.retcode = 0 + if bake: + self.bake() + + def bake(self): + self.configure() + qemu_bake_image(self.imagename) + + def send_command(self, cmd): + stdout, stderr, retcode = qemu_send_command(self.qemu.ssh_port, cmd, timeout=60) + return str(stdout), str(stderr), retcode + + def __enter__(self): + self.qemu, self.process = qemu_boot_image(machine=self.machine, imagename=self.imagename, + wait_for_boot_time=1, **self.boot_kwargs) + # wait until the VM is booted and is SSHable + self.wait_till_sshable() + + def __exit__(self, exc_type, exc_val, exc_tb): + qemu_terminate(self.process) + + def wait_till_sshable(self): + # qemu_send_command tries to ssh into the qemu VM and blocks until it gets there or timeout happens + # so it helps us to block q control flow until the VM is booted and a target binary/daemon is running there + self.stdout, self.stderr, self.retcode = self.send_command(self.binaryname + ' --help') + + def was_successfully_booted(self): + return self.retcode == 0 + + class Secondary(Image): + def __init__(self, test_ctx): + self._test_ctx = test_ctx + self.sndry_serial = str(uuid4()) + self.sndry_hw_id = 'qemux86-64-oeselftest-sndry' + self.id = (self.sndry_hw_id, self.sndry_serial) + super(IpSecondaryTests.Secondary, self).__init__('secondary-image', 'aktualizr-secondary', + secondary_network=True) + + def configure(self): + self._test_ctx.append_config('SECONDARY_SERIAL_ID = "{}"'.format(self.sndry_serial)) + self._test_ctx.append_config('SECONDARY_HARDWARE_ID = "{}"'.format(self.sndry_hw_id)) + + class Primary(Image): + def __init__(self, test_ctx): + self._test_ctx = test_ctx + super(IpSecondaryTests.Primary, self).__init__('primary-image', 'aktualizr', secondary_network=True) + + def configure(self): + self._test_ctx.append_config('MACHINE = "qemux86-64"') + self._test_ctx.append_config('SOTA_CLIENT_PROV = " aktualizr-auto-prov "') + + def is_ecu_registered(self, ecu_id): + max_number_of_tries = 20 + try_counter = 0 + + # aktualizr-info is not always able to load ECU serials from DB + # so, let's run it a few times until it actually succeeds + while try_counter < max_number_of_tries: + device_status = self.get_info() + try_counter += 1 + if device_status.find("load ECU serials") == -1: + break + sleep(1) + + if not ((device_status.find(ecu_id[0]) != -1) and (device_status.find(ecu_id[1]) != -1)): + return False + not_registered_field = "Removed or not registered ecus:" + not_reg_start = device_status.find(not_registered_field) + return not_reg_start == -1 or (device_status.find(ecu_id[1], not_reg_start) == -1) + + def get_info(self): + stdout, stderr, retcode = self.send_command('aktualizr-info') + self._test_ctx.assertEqual(retcode, 0, 'Unable to run aktualizr-info: {}'.format(stderr)) + return stdout + def setUpLocal(self): layer = "meta-updater-qemux86-64" result = runCmd('bitbake-layers show-layers') @@ -323,57 +408,37 @@ class SecondaryTests(OESelftestTestCase): runCmd('bitbake-layers add-layer "%s"' % self.meta_qemu) else: self.meta_qemu = None - self.append_config('MACHINE = "qemux86-64"') - self.append_config('SOTA_CLIENT_PROV = " aktualizr-auto-prov "') - self.qemu, self.s = qemu_launch(machine='qemux86-64', imagename='secondary-image') + + self.primary = IpSecondaryTests.Primary(self) + self.secondary = IpSecondaryTests.Secondary(self) def tearDownLocal(self): - qemu_terminate(self.s) if self.meta_qemu: runCmd('bitbake-layers remove-layer "%s"' % self.meta_qemu, ignore_status=True) - def qemu_command(self, command): - return qemu_send_command(self.qemu.ssh_port, command) + def test_ip_secondary_registration_if_secondary_starts_first(self): + with self.secondary: + self.assertTrue(self.secondary.was_successfully_booted(), + 'The secondary failed to boot: {}'.format(self.secondary.stderr)) - def test_secondary_present(self): - print('Checking aktualizr-secondary is present') - stdout, stderr, retcode = self.qemu_command('aktualizr-secondary --help') - self.assertEqual(retcode, 0, "Unable to run aktualizr-secondary --help") - self.assertEqual(stderr, b'', 'Error: ' + stderr.decode()) + with self.primary: + self.assertTrue(self.primary.was_successfully_booted(), + 'The primary failed to boot: {}'.format(self.primary.stderr)) + self.assertTrue(self.primary.is_ecu_registered(self.secondary.id), + "The secondary wasn't registered at the primary: {}".format(self.primary.get_info())) -class PrimaryTests(OESelftestTestCase): - def setUpLocal(self): - layer = "meta-updater-qemux86-64" - result = runCmd('bitbake-layers show-layers') - if re.search(layer, result.output) is None: - # Assume the directory layout for finding other layers. We could also - # make assumptions by using 'show-layers', but either way, if the - # layers we need aren't where we expect them, we are out of luck. - path = os.path.abspath(os.path.dirname(__file__)) - metadir = path + "/../../../../../" - self.meta_qemu = metadir + layer - runCmd('bitbake-layers add-layer "%s"' % self.meta_qemu) - else: - self.meta_qemu = None - self.append_config('MACHINE = "qemux86-64"') - self.append_config('SOTA_CLIENT_PROV = " aktualizr-auto-prov "') - self.append_config('SOTA_CLIENT_FEATURES = "secondary-network"') - self.qemu, self.s = qemu_launch(machine='qemux86-64', imagename='primary-image') + def test_ip_secondary_registration_if_primary_starts_first(self): + with self.primary: + self.assertTrue(self.primary.was_successfully_booted(), + 'The primary failed to boot: {}'.format(self.primary.stderr)) - def tearDownLocal(self): - qemu_terminate(self.s) - if self.meta_qemu: - runCmd('bitbake-layers remove-layer "%s"' % self.meta_qemu, ignore_status=True) + with self.secondary: + self.assertTrue(self.secondary.was_successfully_booted(), + 'The secondary failed to boot: {}'.format(self.secondary.stderr)) - def qemu_command(self, command): - return qemu_send_command(self.qemu.ssh_port, command) - - def test_aktualizr_present(self): - print('Checking aktualizr is present') - stdout, stderr, retcode = self.qemu_command('aktualizr --help') - self.assertEqual(retcode, 0, "Unable to run aktualizr --help") - self.assertEqual(stderr, b'', 'Error: ' + stderr.decode()) + self.assertTrue(self.primary.is_ecu_registered(self.secondary.id), + "The secondary wasn't registered at the primary: {}".format(self.primary.get_info())) class ResourceControlTests(OESelftestTestCase): -- cgit v1.2.3-54-g00ecf From 47f1ec2acfbbf2a5e37521c69b0a3fcc40f668f8 Mon Sep 17 00:00:00 2001 From: Mike Sul Date: Mon, 27 May 2019 10:38:48 +0300 Subject: OTA-2541: Switch to Aktualizr's version that supports IP Secondaries preconfig and its tests Signed-off-by: Mike Sul Signed-off-by: Patrick Vacek --- recipes-sota/aktualizr/aktualizr_git.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index c1e0134..abd69f5 100755 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -31,7 +31,7 @@ SRC_URI = " \ SRC_URI[md5sum] = "c5e9968dfe78a7264ab9a8338c11725d" SRC_URI[sha256sum] = "3a19258d7a1825a308aca0da82f7a337985bec05e8951355c4c95f0fcf2444f4" -SRCREV = "c50feb37034eceb1254429d3e3ed38e5b8a0dc60" +SRCREV = "8c523efc4c1f1e6d9dfd41b7e23a202ade4d9ff7" BRANCH ?= "master" S = "${WORKDIR}/git" -- cgit v1.2.3-54-g00ecf From 0531976f0b1a866c5119b935328d1722cef6a9fa Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Tue, 28 May 2019 17:05:01 +0200 Subject: aktualizr: bump garage sign to version 0.7.0-3-gf5ba640. Signed-off-by: Patrick Vacek --- recipes-sota/aktualizr/aktualizr_git.bb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index abd69f5..f7c4125 100755 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -15,7 +15,7 @@ RDEPENDS_${PN}-ptest += "bash cmake curl python3-misc python3-modules sqlite3 va PV = "1.0+git${SRCPV}" PR = "7" -GARAGE_SIGN_PV = "0.6.0-18-g5b8b259" +GARAGE_SIGN_PV = "0.7.0-3-gf5ba640" SRC_URI = " \ gitsm://github.com/advancedtelematic/aktualizr;branch=${BRANCH} \ @@ -28,8 +28,8 @@ SRC_URI = " \ " # for garage-sign archive -SRC_URI[md5sum] = "c5e9968dfe78a7264ab9a8338c11725d" -SRC_URI[sha256sum] = "3a19258d7a1825a308aca0da82f7a337985bec05e8951355c4c95f0fcf2444f4" +SRC_URI[md5sum] = "e104ccd4f32e52571a5fc0e5042db050" +SRC_URI[sha256sum] = "c590be1a57523bfe097af82279eda5c97cf40ae47fb27162cf33c469702c8a9b" SRCREV = "8c523efc4c1f1e6d9dfd41b7e23a202ade4d9ff7" BRANCH ?= "master" -- cgit v1.2.3-54-g00ecf From da25022e50c75aeb8e36452abf3ec7669f14e64e Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Tue, 28 May 2019 09:46:28 +0200 Subject: Rename provisioning methods. "Autoprovisioning" or "automatic provisioning" is now known as "shared credential provisioning". "Implicit provisioning" is now known as "device credential provisioning". "HSM provisioning" was always a misnomer, so it is now refered to as "device credential provisioning with an HSM". This includes a bump of the aktualizr version as well. Signed-off-by: Patrick Vacek --- README.adoc | 10 ++-- classes/sota.bbclass | 2 +- lib/oeqa/selftest/cases/updater_minnowboard.py | 2 +- lib/oeqa/selftest/cases/updater_qemux86_64.py | 40 +++++++-------- lib/oeqa/selftest/cases/updater_raspberrypi.py | 3 +- .../aktualizr/aktualizr-auto-prov-creds.bb | 31 ----------- recipes-sota/aktualizr/aktualizr-auto-prov.bb | 45 ---------------- .../aktualizr/aktualizr-ca-implicit-prov-creds.bb | 57 -------------------- .../aktualizr/aktualizr-ca-implicit-prov.bb | 30 ----------- .../aktualizr/aktualizr-device-prov-creds.bb | 60 ++++++++++++++++++++++ .../aktualizr/aktualizr-device-prov-hsm.bb | 30 +++++++++++ recipes-sota/aktualizr/aktualizr-device-prov.bb | 29 +++++++++++ recipes-sota/aktualizr/aktualizr-hsm-prov.bb | 30 ----------- .../aktualizr/aktualizr-shared-prov-creds.bb | 32 ++++++++++++ recipes-sota/aktualizr/aktualizr-shared-prov.bb | 43 ++++++++++++++++ .../aktualizr/aktualizr-uboot-env-rollback.bb | 2 +- recipes-sota/aktualizr/aktualizr_git.bb | 15 +++--- recipes-test/demo-config/files/30-fake-pacman.toml | 2 + recipes-test/demo-config/files/30-fake_pacman.toml | 2 - .../demo-config/files/30-secondary-config.toml | 2 + .../demo-config/files/30-secondary_config.toml | 2 - .../demo-config/files/35-network-config.toml | 4 ++ .../demo-config/files/35-network_config.toml | 4 -- recipes-test/demo-config/files/45-id-config.toml | 3 ++ recipes-test/demo-config/files/45-id_config.toml | 3 -- recipes-test/demo-config/primary-config.bb | 6 +-- recipes-test/demo-config/secondary-config.bb | 22 ++++---- recipes-test/images/secondary-image.bb | 10 ++-- 28 files changed, 260 insertions(+), 261 deletions(-) delete mode 100644 recipes-sota/aktualizr/aktualizr-auto-prov-creds.bb delete mode 100644 recipes-sota/aktualizr/aktualizr-auto-prov.bb delete mode 100644 recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb delete mode 100644 recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb create mode 100644 recipes-sota/aktualizr/aktualizr-device-prov-creds.bb create mode 100644 recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb create mode 100644 recipes-sota/aktualizr/aktualizr-device-prov.bb delete mode 100644 recipes-sota/aktualizr/aktualizr-hsm-prov.bb create mode 100644 recipes-sota/aktualizr/aktualizr-shared-prov-creds.bb create mode 100644 recipes-sota/aktualizr/aktualizr-shared-prov.bb create mode 100644 recipes-test/demo-config/files/30-fake-pacman.toml delete mode 100644 recipes-test/demo-config/files/30-fake_pacman.toml create mode 100644 recipes-test/demo-config/files/30-secondary-config.toml delete mode 100644 recipes-test/demo-config/files/30-secondary_config.toml create mode 100644 recipes-test/demo-config/files/35-network-config.toml delete mode 100644 recipes-test/demo-config/files/35-network_config.toml create mode 100644 recipes-test/demo-config/files/45-id-config.toml delete mode 100644 recipes-test/demo-config/files/45-id_config.toml diff --git a/README.adoc b/README.adoc index 7e6fb43..5c4e5bc 100644 --- a/README.adoc +++ b/README.adoc @@ -87,7 +87,7 @@ Your images will also need network connectivity to be able to reach an actual OT * `GARAGE_SIGN_AUTOVERSION` - Set this to '1' to automatically fetch the last version of the garage tools installed by the aktualizr-native. Otherwise use the fixed version specified in the recipe. * `SOTA_PACKED_CREDENTIALS` - when set, your ostree commit will be pushed to a remote repo as a bitbake step. This should be the path to a zipped credentials file in https://github.com/advancedtelematic/aktualizr/blob/master/docs/credentials.adoc[the format accepted by garage-push]. * `SOTA_DEPLOY_CREDENTIALS` - when set to '1' (default value), deploys credentials to the built image. Override it in `local.conf` to built a generic image that can be provisioned manually after the build. -* `SOTA_CLIENT_PROV` - which provisioning method to use. Valid options are `aktualizr-auto-prov`, `aktualizr-ca-implicit-prov`, and `aktualizr-hsm-prov`. For more information on these provisioning methods, see the https://docs.ota.here.com/client-config/client-provisioning-methods.html[OTA Connect documentation]. The default is `aktualizr-auto-prov`. This can also be set to an empty string to avoid using a provisioning recipe. +* `SOTA_CLIENT_PROV` - which provisioning method to use. Valid options are `aktualizr-shared-prov`, `aktualizr-device-prov`, and `aktualizr-device-prov-hsm`. For more information on these provisioning methods, see the https://docs.ota.here.com/client-config/client-provisioning-methods.html[OTA Connect documentation]. The default is `aktualizr-shared-prov`. This can also be set to an empty string to avoid using a provisioning recipe. * `SOTA_CLIENT_FEATURES` - extensions to aktualizr. The only valid options are `hsm` (to build with HSM support) and `secondary-network` (to set up a simulated 'in-vehicle' network with support for a primary node with a DHCP server and a secondary node with a DHCP client). * `SOTA_SECONDARY_CONFIG_DIR` - a directory containing JSON configuration files for virtual secondaries on the host. These will be installed into `/etc/sota/ecus` on the device and automatically provided to aktualizr. * `SOTA_HARDWARE_ID` - a custom hardware ID that will be written to the aktualizr config. Defaults to MACHINE if not set. @@ -249,13 +249,13 @@ The aktualizr ptests can be run via oe-selftest with `oe-selftest -r updater_qem As described in <> section you can set `SOTA_DEPLOY_CREDENTIALS` to `0` to prevent deploying credentials to the built `wic` image. In this case you get a generic image that you can use e.g. on a production line to flash a series of devices. The cost of this approach is that this image is half-baked and should be provisioned before it can connect to the backend. -Provisioning procedure depends on your provisioning recipe, i.e. the value of `SOTA_CLIENT_PROV` (equal to `aktualizr-auto-prov` by default): +Provisioning procedure depends on your provisioning recipe, i.e. the value of `SOTA_CLIENT_PROV` (equal to `aktualizr-shared-prov` by default): -* For `aktualizr-auto-prov` put your `credentials.zip` to `/var/sota/sota_provisioning_credentials.zip` on the filesystem of a running device. If you have the filesystem of our device mounted to your build machine, prefix all paths with `/ostree/deploy/poky` as in `/ostree/deploy/poky/var/sota/sota_provisioning_credentials.zip`. -* For `aktualizr-ca-implicit-prov` +* For `aktualizr-shared-prov` put your `credentials.zip` to `/var/sota/sota_provisioning_credentials.zip` on the filesystem of a running device. If you have the filesystem of our device mounted to your build machine, prefix all paths with `/ostree/deploy/poky` as in `/ostree/deploy/poky/var/sota/sota_provisioning_credentials.zip`. +* For `aktualizr-device-prov` ** put URL to the backend server (together with protocol prefix and port number) at `/var/sota/gateway.url`. If you're using HERE OTA Connect, you can find the URL in the `autoprov.url` file in your credentials archive. ** put client certificate, private key and root CA certificate (for the *server*, not for the *device*) at `/var/sota/import/client.pem`, `/var/sota/import/pkey.pem` and `/var/sota/import/root.crt` respectively. -* For `aktualizr-hsm-prov` +* For `aktualizr-device-prov-hsm` ** put URL to the server backend (together with protocol prefix and port number) at `/var/sota/gateway.url`. If you're using HERE OTA Connect, you can find the URL in the `autoprov.url` file in your credentials archive. ** put root CA certificate (for the *server*, not for the *device*) at `/var/sota/import/root.crt`. ** put client certificate and private key to slots 1 and 2 of the PKCS#11-compatible device. diff --git a/classes/sota.bbclass b/classes/sota.bbclass index a38ee0a..c6bda29 100644 --- a/classes/sota.bbclass +++ b/classes/sota.bbclass @@ -8,7 +8,7 @@ DISTROOVERRIDES .= "${@bb.utils.contains('DISTRO_FEATURES', 'sota', ':sota', '', HOSTTOOLS_NONFATAL += "java" SOTA_CLIENT ??= "aktualizr" -SOTA_CLIENT_PROV ??= "aktualizr-auto-prov" +SOTA_CLIENT_PROV ??= "aktualizr-shared-prov" SOTA_DEPLOY_CREDENTIALS ?= "1" SOTA_HARDWARE_ID ??= "${MACHINE}" diff --git a/lib/oeqa/selftest/cases/updater_minnowboard.py b/lib/oeqa/selftest/cases/updater_minnowboard.py index f5df584..267445b 100644 --- a/lib/oeqa/selftest/cases/updater_minnowboard.py +++ b/lib/oeqa/selftest/cases/updater_minnowboard.py @@ -29,7 +29,7 @@ class MinnowTests(OESelftestTestCase): self.meta_minnow = None self.append_config('MACHINE = "intel-corei7-64"') self.append_config('OSTREE_BOOTLOADER = "grub"') - self.append_config('SOTA_CLIENT_PROV = " aktualizr-auto-prov "') + self.append_config('SOTA_CLIENT_PROV = " aktualizr-shared-prov "') self.qemu, self.s = qemu_launch(efi=True, machine='intel-corei7-64') def tearDownLocal(self): diff --git a/lib/oeqa/selftest/cases/updater_qemux86_64.py b/lib/oeqa/selftest/cases/updater_qemux86_64.py index f951bc7..e26a022 100644 --- a/lib/oeqa/selftest/cases/updater_qemux86_64.py +++ b/lib/oeqa/selftest/cases/updater_qemux86_64.py @@ -16,7 +16,7 @@ class GeneralTests(OESelftestTestCase): def test_credentials(self): logger = logging.getLogger("selftest") logger.info('Running bitbake to build core-image-minimal') - self.append_config('SOTA_CLIENT_PROV = "aktualizr-auto-prov"') + self.append_config('SOTA_CLIENT_PROV = "aktualizr-shared-prov"') bitbake('core-image-minimal') credentials = get_bb_var('SOTA_PACKED_CREDENTIALS') # skip the test if the variable SOTA_PACKED_CREDENTIALS is not set @@ -46,13 +46,13 @@ class AktualizrToolsTests(OESelftestTestCase): def test_cert_provider_local_output(self): logger = logging.getLogger("selftest") - logger.info('Running bitbake to build aktualizr-ca-implicit-prov') - bitbake('aktualizr-ca-implicit-prov') + logger.info('Running bitbake to build aktualizr-device-prov') + bitbake('aktualizr-device-prov') bb_vars = get_bb_vars(['SOTA_PACKED_CREDENTIALS', 'T'], 'aktualizr-native') creds = bb_vars['SOTA_PACKED_CREDENTIALS'] temp_dir = bb_vars['T'] - bb_vars_prov = get_bb_vars(['STAGING_DIR_HOST', 'libdir'], 'aktualizr-ca-implicit-prov') - config = bb_vars_prov['STAGING_DIR_HOST'] + bb_vars_prov['libdir'] + '/sota/sota_implicit_prov_ca.toml' + bb_vars_prov = get_bb_vars(['STAGING_DIR_HOST', 'libdir'], 'aktualizr-device-prov') + config = bb_vars_prov['STAGING_DIR_HOST'] + bb_vars_prov['libdir'] + '/sota/sota-device-cred.toml' akt_native_run(self, 'aktualizr-cert-provider -c {creds} -r -l {temp} -g {config}' .format(creds=creds, temp=temp_dir, config=config)) @@ -69,7 +69,7 @@ class AktualizrToolsTests(OESelftestTestCase): self.assertTrue(os.path.getsize(ca_path) > 0, "Client certificate at %s is empty." % ca_path) -class AutoProvTests(OESelftestTestCase): +class SharedCredProvTests(OESelftestTestCase): def setUpLocal(self): layer = "meta-updater-qemux86-64" @@ -85,7 +85,7 @@ class AutoProvTests(OESelftestTestCase): else: self.meta_qemu = None self.append_config('MACHINE = "qemux86-64"') - self.append_config('SOTA_CLIENT_PROV = " aktualizr-auto-prov "') + self.append_config('SOTA_CLIENT_PROV = " aktualizr-shared-prov "') self.qemu, self.s = qemu_launch(machine='qemux86-64') def tearDownLocal(self): @@ -127,7 +127,7 @@ class ManualControlTests(OESelftestTestCase): else: self.meta_qemu = None self.append_config('MACHINE = "qemux86-64"') - self.append_config('SOTA_CLIENT_PROV = " aktualizr-auto-prov "') + self.append_config('SOTA_CLIENT_PROV = " aktualizr-shared-prov "') self.append_config('SYSTEMD_AUTO_ENABLE_aktualizr = "disable"') self.qemu, self.s = qemu_launch(machine='qemux86-64') @@ -155,7 +155,7 @@ class ManualControlTests(OESelftestTestCase): 'Aktualizr should have run' + stderr.decode() + stdout.decode()) -class ImplProvTests(OESelftestTestCase): +class DeviceCredProvTests(OESelftestTestCase): def setUpLocal(self): layer = "meta-updater-qemux86-64" @@ -171,9 +171,9 @@ class ImplProvTests(OESelftestTestCase): else: self.meta_qemu = None self.append_config('MACHINE = "qemux86-64"') - self.append_config('SOTA_CLIENT_PROV = " aktualizr-ca-implicit-prov "') + self.append_config('SOTA_CLIENT_PROV = " aktualizr-device-prov "') self.append_config('SOTA_DEPLOY_CREDENTIALS = "0"') - runCmd('bitbake -c cleanall aktualizr aktualizr-ca-implicit-prov') + runCmd('bitbake -c cleanall aktualizr aktualizr-device-prov') self.qemu, self.s = qemu_launch(machine='qemux86-64') def tearDownLocal(self): @@ -201,8 +201,8 @@ class ImplProvTests(OESelftestTestCase): # Run aktualizr-cert-provider. bb_vars = get_bb_vars(['SOTA_PACKED_CREDENTIALS'], 'aktualizr-native') creds = bb_vars['SOTA_PACKED_CREDENTIALS'] - bb_vars_prov = get_bb_vars(['STAGING_DIR_HOST', 'libdir'], 'aktualizr-ca-implicit-prov') - config = bb_vars_prov['STAGING_DIR_HOST'] + bb_vars_prov['libdir'] + '/sota/sota_implicit_prov_ca.toml' + bb_vars_prov = get_bb_vars(['STAGING_DIR_HOST', 'libdir'], 'aktualizr-device-prov') + config = bb_vars_prov['STAGING_DIR_HOST'] + bb_vars_prov['libdir'] + '/sota/sota-device-cred.toml' print('Provisining at root@localhost:%d' % self.qemu.ssh_port) akt_native_run(self, 'aktualizr-cert-provider -c {creds} -t root@localhost -p {port} -s -u -r -g {config}' @@ -211,7 +211,7 @@ class ImplProvTests(OESelftestTestCase): verifyProvisioned(self, machine) -class HsmTests(OESelftestTestCase): +class DeviceCredProvHsmTests(OESelftestTestCase): def setUpLocal(self): layer = "meta-updater-qemux86-64" @@ -227,11 +227,11 @@ class HsmTests(OESelftestTestCase): else: self.meta_qemu = None self.append_config('MACHINE = "qemux86-64"') - self.append_config('SOTA_CLIENT_PROV = "aktualizr-hsm-prov"') + self.append_config('SOTA_CLIENT_PROV = "aktualizr-device-prov-hsm"') self.append_config('SOTA_DEPLOY_CREDENTIALS = "0"') self.append_config('SOTA_CLIENT_FEATURES = "hsm"') self.append_config('IMAGE_INSTALL_append = " softhsm-testtoken"') - runCmd('bitbake -c cleanall aktualizr aktualizr-hsm-prov') + runCmd('bitbake -c cleanall aktualizr aktualizr-device-prov-hsm') self.qemu, self.s = qemu_launch(machine='qemux86-64') def tearDownLocal(self): @@ -269,8 +269,8 @@ class HsmTests(OESelftestTestCase): # Run aktualizr-cert-provider. bb_vars = get_bb_vars(['SOTA_PACKED_CREDENTIALS'], 'aktualizr-native') creds = bb_vars['SOTA_PACKED_CREDENTIALS'] - bb_vars_prov = get_bb_vars(['STAGING_DIR_HOST', 'libdir'], 'aktualizr-hsm-prov') - config = bb_vars_prov['STAGING_DIR_HOST'] + bb_vars_prov['libdir'] + '/sota/sota_hsm_prov.toml' + bb_vars_prov = get_bb_vars(['STAGING_DIR_HOST', 'libdir'], 'aktualizr-device-prov-hsm') + config = bb_vars_prov['STAGING_DIR_HOST'] + bb_vars_prov['libdir'] + '/sota/sota-device-cred-hsm.toml' akt_native_run(self, 'aktualizr-cert-provider -c {creds} -t root@localhost -p {port} -r -s -u -g {config}' .format(creds=creds, port=self.qemu.ssh_port, config=config)) @@ -369,7 +369,7 @@ class IpSecondaryTests(OESelftestTestCase): def configure(self): self._test_ctx.append_config('MACHINE = "qemux86-64"') - self._test_ctx.append_config('SOTA_CLIENT_PROV = " aktualizr-auto-prov "') + self._test_ctx.append_config('SOTA_CLIENT_PROV = " aktualizr-shared-prov "') def is_ecu_registered(self, ecu_id): max_number_of_tries = 20 @@ -456,7 +456,7 @@ class ResourceControlTests(OESelftestTestCase): else: self.meta_qemu = None self.append_config('MACHINE = "qemux86-64"') - self.append_config('SOTA_CLIENT_PROV = " aktualizr-auto-prov "') + self.append_config('SOTA_CLIENT_PROV = " aktualizr-shared-prov "') self.append_config('IMAGE_INSTALL_append += " aktualizr-resource-control "') self.append_config('RESOURCE_CPU_WEIGHT_pn-aktualizr = "1000"') self.append_config('RESOURCE_MEMORY_HIGH_pn-aktualizr = "50M"') diff --git a/lib/oeqa/selftest/cases/updater_raspberrypi.py b/lib/oeqa/selftest/cases/updater_raspberrypi.py index 785d703..f6ae903 100644 --- a/lib/oeqa/selftest/cases/updater_raspberrypi.py +++ b/lib/oeqa/selftest/cases/updater_raspberrypi.py @@ -53,7 +53,7 @@ class RpiTests(OESelftestTestCase): self.meta_qemu = None self.append_config('MACHINE = "raspberrypi3"') - self.append_config('SOTA_CLIENT_PROV = " aktualizr-auto-prov "') + self.append_config('SOTA_CLIENT_PROV = " aktualizr-shared-prov "') def tearDownLocal(self): if self.meta_qemu: @@ -68,7 +68,6 @@ class RpiTests(OESelftestTestCase): def test_build(self): logger = logging.getLogger("selftest") logger.info('Running bitbake to build core-image-minimal') - self.append_config('SOTA_CLIENT_PROV = "aktualizr-auto-prov"') bitbake('core-image-minimal') credentials = get_bb_var('SOTA_PACKED_CREDENTIALS') # Skip the test if the variable SOTA_PACKED_CREDENTIALS is not set. diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-auto-prov-creds.bb deleted file mode 100644 index 6b2dd27..0000000 --- a/recipes-sota/aktualizr/aktualizr-auto-prov-creds.bb +++ /dev/null @@ -1,31 +0,0 @@ -SUMMARY = "Credentials for autoprovisioning scenario" -SECTION = "base" -LICENSE = "MPL-2.0" -LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" - -inherit allarch - -DEPENDS = "aktualizr-native zip-native" -ALLOW_EMPTY_${PN} = "1" - -require credentials.inc - -do_install() { - if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then - install -m 0700 -d ${D}${localstatedir}/sota - cp "${SOTA_PACKED_CREDENTIALS}" ${D}${localstatedir}/sota/sota_provisioning_credentials.zip - # Device should not be able to push data to treehub - zip -d ${D}${localstatedir}/sota/sota_provisioning_credentials.zip treehub.json - # Device has no use for the API Gateway. Remove if present. See: - # https://github.com/advancedtelematic/ota-plus-server/pull/1913/ - if unzip -l ${D}${localstatedir}/sota/sota_provisioning_credentials.zip api_gateway.url > /dev/null; then - zip -d ${D}${localstatedir}/sota/sota_provisioning_credentials.zip api_gateway.url - fi - fi -} - -FILES_${PN} = " \ - ${localstatedir}/sota/sota_provisioning_credentials.zip \ - " - -# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov.bb b/recipes-sota/aktualizr/aktualizr-auto-prov.bb deleted file mode 100644 index 585fe71..0000000 --- a/recipes-sota/aktualizr/aktualizr-auto-prov.bb +++ /dev/null @@ -1,45 +0,0 @@ -SUMMARY = "Aktualizr configuration for autoprovisioning" -DESCRIPTION = "Configuration for automatically provisioning Aktualizr, the SOTA Client application written in C++" -HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" -SECTION = "base" -LICENSE = "MPL-2.0" -LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" - -inherit allarch - -DEPENDS = "aktualizr-native zip-native" -RDEPENDS_${PN}_append = "${@' aktualizr-auto-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS', True) == '1' else ''}" -PV = "1.0" -PR = "6" - -SRC_URI = "" - -require credentials.inc - -do_install() { - if [ -n "${SOTA_AUTOPROVISION_CREDENTIALS}" ]; then - bbwarn "SOTA_AUTOPROVISION_CREDENTIALS are ignored. Please use SOTA_PACKED_CREDENTIALS" - fi - if [ -n "${SOTA_AUTOPROVISION_URL}" ]; then - bbwarn "SOTA_AUTOPROVISION_URL is ignored. Please use SOTA_PACKED_CREDENTIALS" - fi - if [ -n "${SOTA_AUTOPROVISION_URL_FILE}" ]; then - bbwarn "SOTA_AUTOPROVISION_URL_FILE is ignored. Please use SOTA_PACKED_CREDENTIALS" - fi - if [ -n "${OSTREE_PUSH_CREDENTIALS}" ]; then - bbwarn "OSTREE_PUSH_CREDENTIALS is ignored. Please use SOTA_PACKED_CREDENTIALS" - fi - - install -m 0700 -d ${D}${libdir}/sota/conf.d - aktualizr_toml=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-network', 'sota_autoprov_primary.toml', 'sota_autoprov.toml', d)} - - install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/${aktualizr_toml} \ - ${D}${libdir}/sota/conf.d/20-${aktualizr_toml} -} - -FILES_${PN} = " \ - ${libdir}/sota/conf.d \ - ${libdir}/sota/conf.d/20-${aktualizr_toml} \ - " - -# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb deleted file mode 100644 index da17d77..0000000 --- a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb +++ /dev/null @@ -1,57 +0,0 @@ -SUMMARY = "Credentials for implicit provisioning with CA certificate" -SECTION = "base" -LICENSE = "MPL-2.0" -LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" - -inherit allarch - -# WARNING: it is NOT a production solution. The secure way to provision devices -# is to create certificate request directly on the device (either with HSM/TPM -# or with software) and then sign it with a CA stored on a disconnected machine. - -DEPENDS = "aktualizr aktualizr-native" -ALLOW_EMPTY_${PN} = "1" - -SRC_URI = " \ - file://ca.cnf \ - " - -require credentials.inc - -export SOTA_CACERT_PATH -export SOTA_CAKEY_PATH - -do_install() { - if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then - if [ -z ${SOTA_CACERT_PATH} ]; then - SOTA_CACERT_PATH=${DEPLOY_DIR_IMAGE}/CA/cacert.pem - SOTA_CAKEY_PATH=${DEPLOY_DIR_IMAGE}/CA/ca.private.pem - mkdir -p ${DEPLOY_DIR_IMAGE}/CA - bbwarn "SOTA_CACERT_PATH is not specified, use default one at ${SOTA_CACERT_PATH}" - - if [ ! -f ${SOTA_CACERT_PATH} ]; then - bbwarn "${SOTA_CACERT_PATH} does not exist, generate a new CA" - SOTA_CACERT_DIR_PATH="$(dirname "${SOTA_CACERT_PATH}")" - openssl genrsa -out ${SOTA_CACERT_DIR_PATH}/ca.private.pem 4096 - openssl req -key ${SOTA_CACERT_DIR_PATH}/ca.private.pem -new -x509 -days 7300 -out ${SOTA_CACERT_PATH} -subj "/C=DE/ST=Berlin/O=Reis und Kichererbsen e.V/commonName=meta-updater" -batch -config ${WORKDIR}/ca.cnf -extensions cacert - bbwarn "${SOTA_CACERT_PATH} has been created, you'll need to upload it to the server" - fi - fi - - if [ -z ${SOTA_CAKEY_PATH} ]; then - bbfatal "SOTA_CAKEY_PATH should be set when using implicit provisioning" - fi - - install -m 0700 -d ${D}${localstatedir}/sota - aktualizr-cert-provider --credentials ${SOTA_PACKED_CREDENTIALS} \ - --fleet-ca ${SOTA_CACERT_PATH} \ - --fleet-ca-key ${SOTA_CAKEY_PATH} \ - --root-ca \ - --server-url \ - --local ${D} \ - --config ${STAGING_DIR_HOST}${libdir}/sota/sota_implicit_prov_ca.toml - fi -} - -FILES_${PN} = " \ - ${localstatedir}/sota/*" diff --git a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb deleted file mode 100644 index 0d1c860..0000000 --- a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb +++ /dev/null @@ -1,30 +0,0 @@ -SUMMARY = "Aktualizr configuration for implicit provisioning with CA" -DESCRIPTION = "Configuration for implicitly provisioning Aktualizr using externally provided or generated CA" - -HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" -SECTION = "base" -LICENSE = "MPL-2.0" -LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" - -inherit allarch - -DEPENDS = "aktualizr aktualizr-native openssl-native" -RDEPENDS_${PN}_append = "${@' aktualizr-ca-implicit-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS', True) == '1' else ''}" - -PV = "1.0" -PR = "1" - -require credentials.inc - -do_install() { - install -m 0700 -d ${D}${libdir}/sota/conf.d - - install -m 0644 ${STAGING_DIR_HOST}${libdir}/sota/sota_implicit_prov_ca.toml \ - ${D}${libdir}/sota/conf.d/20-sota_implicit_prov_ca.toml -} - -FILES_${PN} = " \ - ${libdir}/sota/conf.d/20-sota_implicit_prov_ca.toml \ - " - -# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/recipes-sota/aktualizr/aktualizr-device-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-device-prov-creds.bb new file mode 100644 index 0000000..6e02a50 --- /dev/null +++ b/recipes-sota/aktualizr/aktualizr-device-prov-creds.bb @@ -0,0 +1,60 @@ +SUMMARY = "Credentials for device provisioning with fleet CA certificate" +HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" +SECTION = "base" +LICENSE = "MPL-2.0" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" + +inherit allarch + +# WARNING: it is NOT a production solution. The secure way to provision devices +# is to create certificate request directly on the device (either with HSM/TPM +# or with software) and then sign it with a CA stored on a disconnected machine. + +DEPENDS = "aktualizr aktualizr-native" +ALLOW_EMPTY_${PN} = "1" + +SRC_URI = " \ + file://ca.cnf \ + " + +require credentials.inc + +export SOTA_CACERT_PATH +export SOTA_CAKEY_PATH + +do_install() { + if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then + if [ -z ${SOTA_CACERT_PATH} ]; then + SOTA_CACERT_PATH=${DEPLOY_DIR_IMAGE}/CA/cacert.pem + SOTA_CAKEY_PATH=${DEPLOY_DIR_IMAGE}/CA/ca.private.pem + mkdir -p ${DEPLOY_DIR_IMAGE}/CA + bbwarn "SOTA_CACERT_PATH is not specified, use default one at ${SOTA_CACERT_PATH}" + + if [ ! -f ${SOTA_CACERT_PATH} ]; then + bbwarn "${SOTA_CACERT_PATH} does not exist, generate a new CA" + SOTA_CACERT_DIR_PATH="$(dirname "${SOTA_CACERT_PATH}")" + openssl genrsa -out ${SOTA_CACERT_DIR_PATH}/ca.private.pem 4096 + openssl req -key ${SOTA_CACERT_DIR_PATH}/ca.private.pem -new -x509 -days 7300 -out ${SOTA_CACERT_PATH} -subj "/C=DE/ST=Berlin/O=Reis und Kichererbsen e.V/commonName=meta-updater" -batch -config ${WORKDIR}/ca.cnf -extensions cacert + bbwarn "${SOTA_CACERT_PATH} has been created, you'll need to upload it to the server" + fi + fi + + if [ -z ${SOTA_CAKEY_PATH} ]; then + bbfatal "SOTA_CAKEY_PATH should be set when using device credential provisioning" + fi + + install -m 0700 -d ${D}${localstatedir}/sota + aktualizr-cert-provider --credentials ${SOTA_PACKED_CREDENTIALS} \ + --fleet-ca ${SOTA_CACERT_PATH} \ + --fleet-ca-key ${SOTA_CAKEY_PATH} \ + --root-ca \ + --server-url \ + --local ${D} \ + --config ${STAGING_DIR_HOST}${libdir}/sota/sota-device-cred.toml + fi +} + +FILES_${PN} = " \ + ${localstatedir}/sota/*" + +# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb b/recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb new file mode 100644 index 0000000..6736a96 --- /dev/null +++ b/recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb @@ -0,0 +1,30 @@ +SUMMARY = "Aktualizr configuration for device credential provisioning with HSM support" +DESCRIPTION = "Configuration for provisioning Aktualizr with device credentials using externally provided or generated CA with HSM support" +HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" +SECTION = "base" +LICENSE = "MPL-2.0" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" + +inherit allarch + +DEPENDS = "aktualizr aktualizr-native" +RDEPENDS_${PN}_append = "${@' aktualizr-device-prov-creds softhsm-testtoken' if d.getVar('SOTA_DEPLOY_CREDENTIALS', True) == '1' else ''}" + +SRC_URI = "" +PV = "1.0" +PR = "6" + +require credentials.inc + +do_install() { + install -m 0700 -d ${D}${libdir}/sota/conf.d + install -m 0644 ${STAGING_DIR_HOST}${libdir}/sota/sota-device-cred-hsm.toml \ + ${D}${libdir}/sota/conf.d/20-sota-device-cred-hsm.toml +} + +FILES_${PN} = " \ + ${libdir}/sota/conf.d \ + ${libdir}/sota/conf.d/20-sota-device-cred-hsm.toml \ + " + +# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/recipes-sota/aktualizr/aktualizr-device-prov.bb b/recipes-sota/aktualizr/aktualizr-device-prov.bb new file mode 100644 index 0000000..0fadc26 --- /dev/null +++ b/recipes-sota/aktualizr/aktualizr-device-prov.bb @@ -0,0 +1,29 @@ +SUMMARY = "Aktualizr configuration for device credential provisioning" +DESCRIPTION = "Configuration for provisioning Aktualizr with device credentials using externally provided or generated CA" +HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" +SECTION = "base" +LICENSE = "MPL-2.0" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" + +inherit allarch + +DEPENDS = "aktualizr aktualizr-native openssl-native" +RDEPENDS_${PN}_append = "${@' aktualizr-device-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS', True) == '1' else ''}" + +PV = "1.0" +PR = "1" + +require credentials.inc + +do_install() { + install -m 0700 -d ${D}${libdir}/sota/conf.d + install -m 0644 ${STAGING_DIR_HOST}${libdir}/sota/sota-device-cred.toml \ + ${D}${libdir}/sota/conf.d/20-sota-device-cred.toml +} + +FILES_${PN} = " \ + ${libdir}/sota/conf.d \ + ${libdir}/sota/conf.d/20-sota-device-cred.toml \ + " + +# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/recipes-sota/aktualizr/aktualizr-hsm-prov.bb b/recipes-sota/aktualizr/aktualizr-hsm-prov.bb deleted file mode 100644 index 465b280..0000000 --- a/recipes-sota/aktualizr/aktualizr-hsm-prov.bb +++ /dev/null @@ -1,30 +0,0 @@ -SUMMARY = "Aktualizr configuration with HSM support" -DESCRIPTION = "Configuration for HSM provisioning with Aktualizr, the SOTA Client application written in C++" -HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" -SECTION = "base" -LICENSE = "MPL-2.0" -LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" - -inherit allarch - -DEPENDS = "aktualizr aktualizr-native" -RDEPENDS_${PN}_append = "${@' aktualizr-ca-implicit-prov-creds softhsm-testtoken' if d.getVar('SOTA_DEPLOY_CREDENTIALS', True) == '1' else ''}" - -SRC_URI = "" -PV = "1.0" -PR = "6" - -require credentials.inc - -do_install() { - install -m 0700 -d ${D}${libdir}/sota/conf.d - install -m 0644 ${STAGING_DIR_HOST}${libdir}/sota/sota_hsm_prov.toml \ - ${D}${libdir}/sota/conf.d/20-sota_hsm_prov.toml -} - -FILES_${PN} = " \ - ${libdir}/sota/conf.d \ - ${libdir}/sota/conf.d/20-sota_hsm_prov.toml \ - " - -# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/recipes-sota/aktualizr/aktualizr-shared-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-shared-prov-creds.bb new file mode 100644 index 0000000..dbb5fde --- /dev/null +++ b/recipes-sota/aktualizr/aktualizr-shared-prov-creds.bb @@ -0,0 +1,32 @@ +SUMMARY = "Credentials for shared provisioning" +HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" +SECTION = "base" +LICENSE = "MPL-2.0" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" + +inherit allarch + +DEPENDS = "aktualizr-native zip-native" +ALLOW_EMPTY_${PN} = "1" + +require credentials.inc + +do_install() { + if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then + install -m 0700 -d ${D}${localstatedir}/sota + cp "${SOTA_PACKED_CREDENTIALS}" ${D}${localstatedir}/sota/sota_provisioning_credentials.zip + # Device should not be able to push data to treehub + zip -d ${D}${localstatedir}/sota/sota_provisioning_credentials.zip treehub.json + # Device has no use for the API Gateway. Remove if present. See: + # https://github.com/advancedtelematic/ota-plus-server/pull/1913/ + if unzip -l ${D}${localstatedir}/sota/sota_provisioning_credentials.zip api_gateway.url > /dev/null; then + zip -d ${D}${localstatedir}/sota/sota_provisioning_credentials.zip api_gateway.url + fi + fi +} + +FILES_${PN} = " \ + ${localstatedir}/sota/sota_provisioning_credentials.zip \ + " + +# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/recipes-sota/aktualizr/aktualizr-shared-prov.bb b/recipes-sota/aktualizr/aktualizr-shared-prov.bb new file mode 100644 index 0000000..2184fb3 --- /dev/null +++ b/recipes-sota/aktualizr/aktualizr-shared-prov.bb @@ -0,0 +1,43 @@ +SUMMARY = "Aktualizr configuration for shared credential provisioning" +DESCRIPTION = "Configuration for provisioning Aktualizr with shared credentials" +HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" +SECTION = "base" +LICENSE = "MPL-2.0" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" + +inherit allarch + +DEPENDS = "aktualizr-native zip-native" +RDEPENDS_${PN}_append = "${@' aktualizr-shared-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS', True) == '1' else ''}" +PV = "1.0" +PR = "6" + +SRC_URI = "" + +require credentials.inc + +do_install() { + if [ -n "${SOTA_AUTOPROVISION_CREDENTIALS}" ]; then + bbwarn "SOTA_AUTOPROVISION_CREDENTIALS are ignored. Please use SOTA_PACKED_CREDENTIALS" + fi + if [ -n "${SOTA_AUTOPROVISION_URL}" ]; then + bbwarn "SOTA_AUTOPROVISION_URL is ignored. Please use SOTA_PACKED_CREDENTIALS" + fi + if [ -n "${SOTA_AUTOPROVISION_URL_FILE}" ]; then + bbwarn "SOTA_AUTOPROVISION_URL_FILE is ignored. Please use SOTA_PACKED_CREDENTIALS" + fi + if [ -n "${OSTREE_PUSH_CREDENTIALS}" ]; then + bbwarn "OSTREE_PUSH_CREDENTIALS is ignored. Please use SOTA_PACKED_CREDENTIALS" + fi + + install -m 0700 -d ${D}${libdir}/sota/conf.d + install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota-shared-cred.toml \ + ${D}${libdir}/sota/conf.d/20-sota-shared-cred.toml +} + +FILES_${PN} = " \ + ${libdir}/sota/conf.d \ + ${libdir}/sota/conf.d/20-sota-shared-cred.toml \ + " + +# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb b/recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb index d962876..860f225 100644 --- a/recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb +++ b/recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb @@ -13,7 +13,7 @@ SRC_URI = "" do_install() { install -m 0700 -d ${D}${libdir}/sota/conf.d - install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_uboot_env.toml ${D}${libdir}/sota/conf.d/30-rollback.toml + install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota-uboot-env.toml ${D}${libdir}/sota/conf.d/30-rollback.toml } FILES_${PN} = " \ diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index f7c4125..28c51d9 100755 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -31,7 +31,7 @@ SRC_URI = " \ SRC_URI[md5sum] = "e104ccd4f32e52571a5fc0e5042db050" SRC_URI[sha256sum] = "c590be1a57523bfe097af82279eda5c97cf40ae47fb27162cf33c469702c8a9b" -SRCREV = "8c523efc4c1f1e6d9dfd41b7e23a202ade4d9ff7" +SRCREV = "fce5854ff10e7efd52d69bbaf68dc2af990d5746" BRANCH ?= "master" S = "${WORKDIR}/git" @@ -92,12 +92,11 @@ do_install_ptest() { do_install_append () { install -d ${D}${libdir}/sota - install -m 0644 ${S}/config/sota_autoprov.toml ${D}/${libdir}/sota/sota_autoprov.toml - install -m 0644 ${S}/config/sota_autoprov_primary.toml ${D}/${libdir}/sota/sota_autoprov_primary.toml - install -m 0644 ${S}/config/sota_hsm_prov.toml ${D}/${libdir}/sota/sota_hsm_prov.toml - install -m 0644 ${S}/config/sota_implicit_prov_ca.toml ${D}/${libdir}/sota/sota_implicit_prov_ca.toml - install -m 0644 ${S}/config/sota_secondary.toml ${D}/${libdir}/sota/sota_secondary.toml - install -m 0644 ${S}/config/sota_uboot_env.toml ${D}/${libdir}/sota/sota_uboot_env.toml + install -m 0644 ${S}/config/sota-shared-cred.toml ${D}/${libdir}/sota/sota-shared-cred.toml + install -m 0644 ${S}/config/sota-device-cred-hsm.toml ${D}/${libdir}/sota/sota-device-cred-hsm.toml + install -m 0644 ${S}/config/sota-device-cred.toml ${D}/${libdir}/sota/sota-device-cred.toml + install -m 0644 ${S}/config/sota-secondary.toml ${D}/${libdir}/sota/sota-secondary.toml + install -m 0644 ${S}/config/sota-uboot-env.toml ${D}/${libdir}/sota/sota-uboot-env.toml install -d ${D}${systemd_unitdir}/system install -m 0644 ${WORKDIR}/aktualizr-secondary.service ${D}${systemd_unitdir}/system/aktualizr-secondary.service install -m 0700 -d ${D}${libdir}/sota/conf.d @@ -173,7 +172,7 @@ FILES_${PN}-examples = " \ FILES_${PN}-secondary = " \ ${bindir}/aktualizr-secondary \ - ${libdir}/sota/sota_secondary.toml \ + ${libdir}/sota/sota-secondary.toml \ ${systemd_unitdir}/system/aktualizr-secondary.service \ " diff --git a/recipes-test/demo-config/files/30-fake-pacman.toml b/recipes-test/demo-config/files/30-fake-pacman.toml new file mode 100644 index 0000000..3fb5cf2 --- /dev/null +++ b/recipes-test/demo-config/files/30-fake-pacman.toml @@ -0,0 +1,2 @@ +[pacman] +type = "fake" diff --git a/recipes-test/demo-config/files/30-fake_pacman.toml b/recipes-test/demo-config/files/30-fake_pacman.toml deleted file mode 100644 index 3fb5cf2..0000000 --- a/recipes-test/demo-config/files/30-fake_pacman.toml +++ /dev/null @@ -1,2 +0,0 @@ -[pacman] -type = "fake" diff --git a/recipes-test/demo-config/files/30-secondary-config.toml b/recipes-test/demo-config/files/30-secondary-config.toml new file mode 100644 index 0000000..7714240 --- /dev/null +++ b/recipes-test/demo-config/files/30-secondary-config.toml @@ -0,0 +1,2 @@ +[uptane] +secondary_config_file = "@CFG_FILEPATH@" diff --git a/recipes-test/demo-config/files/30-secondary_config.toml b/recipes-test/demo-config/files/30-secondary_config.toml deleted file mode 100644 index 7714240..0000000 --- a/recipes-test/demo-config/files/30-secondary_config.toml +++ /dev/null @@ -1,2 +0,0 @@ -[uptane] -secondary_config_file = "@CFG_FILEPATH@" diff --git a/recipes-test/demo-config/files/35-network-config.toml b/recipes-test/demo-config/files/35-network-config.toml new file mode 100644 index 0000000..db7a1bb --- /dev/null +++ b/recipes-test/demo-config/files/35-network-config.toml @@ -0,0 +1,4 @@ +[network] +port = @PORT@ +primary_ip = @PRIMARY_IP@ +primary_port = @PRIMARY_PORT@ diff --git a/recipes-test/demo-config/files/35-network_config.toml b/recipes-test/demo-config/files/35-network_config.toml deleted file mode 100644 index db7a1bb..0000000 --- a/recipes-test/demo-config/files/35-network_config.toml +++ /dev/null @@ -1,4 +0,0 @@ -[network] -port = @PORT@ -primary_ip = @PRIMARY_IP@ -primary_port = @PRIMARY_PORT@ diff --git a/recipes-test/demo-config/files/45-id-config.toml b/recipes-test/demo-config/files/45-id-config.toml new file mode 100644 index 0000000..6cbd77f --- /dev/null +++ b/recipes-test/demo-config/files/45-id-config.toml @@ -0,0 +1,3 @@ +[uptane] +ecu_serial = @SERIAL@ +ecu_hardware_id = @HWID@ diff --git a/recipes-test/demo-config/files/45-id_config.toml b/recipes-test/demo-config/files/45-id_config.toml deleted file mode 100644 index 6cbd77f..0000000 --- a/recipes-test/demo-config/files/45-id_config.toml +++ /dev/null @@ -1,3 +0,0 @@ -[uptane] -ecu_serial = @SERIAL@ -ecu_hardware_id = @HWID@ diff --git a/recipes-test/demo-config/primary-config.bb b/recipes-test/demo-config/primary-config.bb index 0cd9180..27cb553 100644 --- a/recipes-test/demo-config/primary-config.bb +++ b/recipes-test/demo-config/primary-config.bb @@ -7,7 +7,7 @@ require shared-conf.inc PRIMARY_SECONDARIES ?= "${SECONDARY_IP}:${SECONDARY_PORT}" SRC_URI = "\ - file://30-secondary_config.toml \ + file://30-secondary-config.toml \ file://ip_secondary_config.json \ " @@ -56,8 +56,8 @@ do_install () { # install aktualizr config file (toml) that points to the secondary config file, so aktualizr is aware about it install -m 0700 -d ${D}${libdir}/sota/conf.d - install -m 0644 ${WORKDIR}/30-secondary_config.toml ${D}${libdir}/sota/conf.d - sed -i "s|@CFG_FILEPATH@|$SECONDARY_CONFIG_FILEPATH_ON_IMAGE|g" ${D}${libdir}/sota/conf.d/30-secondary_config.toml + install -m 0644 ${WORKDIR}/30-secondary-config.toml ${D}${libdir}/sota/conf.d + sed -i "s|@CFG_FILEPATH@|$SECONDARY_CONFIG_FILEPATH_ON_IMAGE|g" ${D}${libdir}/sota/conf.d/30-secondary-config.toml } FILES_${PN} = " \ diff --git a/recipes-test/demo-config/secondary-config.bb b/recipes-test/demo-config/secondary-config.bb index 5b213d1..9411646 100644 --- a/recipes-test/demo-config/secondary-config.bb +++ b/recipes-test/demo-config/secondary-config.bb @@ -9,33 +9,33 @@ SOTA_HARDWARE_ID ?= "${MACHINE}-sndry" SECONDARY_HARDWARE_ID ?= "${SOTA_HARDWARE_ID}" SRC_URI = "\ - file://30-fake_pacman.toml \ - file://35-network_config.toml \ - file://45-id_config.toml \ + file://30-fake-pacman.toml \ + file://35-network-config.toml \ + file://45-id-config.toml \ " do_install () { install -m 0700 -d ${D}${libdir}/sota/conf.d - install -m 0644 ${WORKDIR}/30-fake_pacman.toml ${D}/${libdir}/sota/conf.d/30-fake_pacman.toml + install -m 0644 ${WORKDIR}/30-fake-pacman.toml ${D}/${libdir}/sota/conf.d/30-fake-pacman.toml - install -m 0644 ${WORKDIR}/35-network_config.toml ${D}/${libdir}/sota/conf.d/35-network_config.toml + install -m 0644 ${WORKDIR}/35-network-config.toml ${D}/${libdir}/sota/conf.d/35-network-config.toml sed -i -e 's|@PORT@|${SECONDARY_PORT}|g' \ -e 's|@PRIMARY_IP@|${PRIMARY_IP}|g' \ -e 's|@PRIMARY_PORT@|${PRIMARY_PORT}|g' \ - ${D}/${libdir}/sota/conf.d/35-network_config.toml + ${D}/${libdir}/sota/conf.d/35-network-config.toml - install -m 0644 ${WORKDIR}/45-id_config.toml ${D}/${libdir}/sota/conf.d/45-id_config.toml + install -m 0644 ${WORKDIR}/45-id-config.toml ${D}/${libdir}/sota/conf.d/45-id-config.toml sed -i -e 's|@SERIAL@|${SECONDARY_SERIAL_ID}|g' \ -e 's|@HWID@|${SECONDARY_HARDWARE_ID}|g' \ - ${D}/${libdir}/sota/conf.d/45-id_config.toml + ${D}/${libdir}/sota/conf.d/45-id-config.toml } FILES_${PN} = " \ ${libdir}/sota/conf.d \ - ${libdir}/sota/conf.d/30-fake_pacman.toml \ - ${libdir}/sota/conf.d/35-network_config.toml \ - ${libdir}/sota/conf.d/45-id_config.toml \ + ${libdir}/sota/conf.d/30-fake-pacman.toml \ + ${libdir}/sota/conf.d/35-network-config.toml \ + ${libdir}/sota/conf.d/45-id-config.toml \ " # vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/recipes-test/images/secondary-image.bb b/recipes-test/images/secondary-image.bb index 4cae874..27d1e3f 100644 --- a/recipes-test/images/secondary-image.bb +++ b/recipes-test/images/secondary-image.bb @@ -11,11 +11,11 @@ SOTA_HARDWARE_ID ?= "${MACHINE}-sndry" # RDEPENDS on aktualizr) IMAGE_INSTALL_remove = " \ aktualizr \ - aktualizr-auto-prov \ - aktualizr-auto-prov-creds \ - aktualizr-ca-implicit-prov \ - aktualizr-ca-implicit-prov-creds \ - aktualizr-hsm-prov \ + aktualizr-shared-prov \ + aktualizr-shared-prov-creds \ + aktualizr-device-prov \ + aktualizr-device-prov-creds \ + aktualizr-device-prov-hsm \ aktualizr-uboot-env-rollback \ virtual/network-configuration \ " -- cgit v1.2.3-54-g00ecf From 5a5cab4b64df1d57c4573b3e51e6648ad687552d Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Tue, 28 May 2019 09:52:28 +0200 Subject: Remove executable access control bits from aktualizr recipe. Signed-off-by: Patrick Vacek --- recipes-sota/aktualizr/aktualizr_git.bb | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 recipes-sota/aktualizr/aktualizr_git.bb diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb old mode 100755 new mode 100644 -- cgit v1.2.3-54-g00ecf From 70fc854d599e58959e98647a8bc25ea519c5b700 Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Tue, 28 May 2019 15:29:17 +0200 Subject: sota.bbclass: Translate old prov recipe names into the new versions. This should help ease the transition so that no one is surprised when their provisioning suddenly stops working. Signed-off-by: Patrick Vacek --- classes/sota.bbclass | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/classes/sota.bbclass b/classes/sota.bbclass index c6bda29..4465e6c 100644 --- a/classes/sota.bbclass +++ b/classes/sota.bbclass @@ -12,6 +12,20 @@ SOTA_CLIENT_PROV ??= "aktualizr-shared-prov" SOTA_DEPLOY_CREDENTIALS ?= "1" SOTA_HARDWARE_ID ??= "${MACHINE}" +# Translate old provisioning recipe names into the new versions. +python () { + prov = d.getVar("SOTA_CLIENT_PROV") + if prov == "aktualizr-auto-prov": + bb.warn('aktualizr-auto-prov is deprecated. Please use aktualizr-shared-prov instead.') + d.setVar("SOTA_CLIENT_PROV", "aktualizr-shared-prov") + elif prov == "aktualizr-ca-implicit-prov": + bb.warn('aktualizr-ca-implicit-prov is deprecated. Please use aktualizr-device-prov instead.') + d.setVar("SOTA_CLIENT_PROV", "aktualizr-device-prov") + elif prov == "aktualizr-hsm-prov": + bb.warn('aktualizr-hsm-prov is deprecated. Please use aktualizr-device-prov-hsm instead.') + d.setVar("SOTA_CLIENT_PROV", "aktualizr-device-prov-hsm") +} + IMAGE_INSTALL_append_sota = " ostree os-release ${SOTA_CLIENT} ${SOTA_CLIENT_PROV}" IMAGE_CLASSES += " image_types_ostree image_types_ota" IMAGE_FSTYPES += "${@bb.utils.contains('DISTRO_FEATURES', 'sota', 'ostreepush garagesign garagecheck otaimg wic', ' ', d)}" -- cgit v1.2.3-54-g00ecf