From 53307024e1845c4717be7eb8b8735e493ec4535d Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Wed, 19 Jul 2017 14:05:48 +0200 Subject: Call garage-push directly with zip file instead of sending unzipped contents. Warn if older credential environment variables are set. They are now ignored since the credentials aren't unpacked during building. --- classes/image_types_ostree.bbclass | 59 ++++++---------------- recipes-sota/aktualizr/aktualizr_git.bb | 6 +-- .../files/aktualizr-autoprovision.service | 3 +- recipes-sota/aktualizr/files/sota_autoprov.toml | 4 +- 4 files changed, 22 insertions(+), 50 deletions(-) diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass index ac7cb60..d01cb9f 100644 --- a/classes/image_types_ostree.bbclass +++ b/classes/image_types_ostree.bbclass @@ -17,36 +17,6 @@ OSTREE_KERNEL ??= "${KERNEL_IMAGETYPE}" export SYSTEMD_USED = "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', '', d)}" -python () { - if d.getVar("SOTA_PACKED_CREDENTIALS", True): - if d.getVar("SOTA_AUTOPROVISION_CREDENTIALS", True): - bb.warn("SOTA_AUTOPROVISION_CREDENTIALS are overriden by those in SOTA_PACKED_CREDENTIALS") - if d.getVar("SOTA_AUTOPROVISION_URL", True): - bb.warn("SOTA_AUTOPROVISION_URL is overriden by the one in SOTA_PACKED_CREDENTIALS") - - if d.getVar("SOTA_AUTOPROVISION_URL_FILE", True): - bb.warn("SOTA_AUTOPROVISION_URL_FILE is overriden by the one in SOTA_PACKED_CREDENTIALS") - - if d.getVar("OSTREE_PUSH_CREDENTIALS", True): - bb.warn("OSTREE_PUSH_CREDENTIALS are overriden by those in SOTA_PACKED_CREDENTIALS") - - d.setVar("SOTA_AUTOPROVISION_CREDENTIALS", "%s/sota_credentials/autoprov_credentials.p12" % d.getVar("DEPLOY_DIR_IMAGE", True)) - d.setVar("SOTA_AUTOPROVISION_URL_FILE", "%s/sota_credentials/autoprov.url" % d.getVar("DEPLOY_DIR_IMAGE", True)) - d.setVar("OSTREE_PUSH_CREDENTIALS", "%s/sota_credentials/treehub.json" % d.getVar("DEPLOY_DIR_IMAGE", True)) -} - -IMAGE_DEPENDS_ostreecredunpack = "unzip-native:do_populate_sysroot" - -IMAGE_CMD_ostreecredunpack () { - if [ ${SOTA_PACKED_CREDENTIALS} ]; then - rm -rf ${DEPLOY_DIR_IMAGE}/sota_credentials - - unzip ${SOTA_PACKED_CREDENTIALS} -d ${DEPLOY_DIR_IMAGE}/sota_credentials - fi -} - -IMAGE_TYPEDEP_ostree = "ostreecredunpack" - IMAGE_CMD_ostree () { if [ -z "$OSTREE_REPO" ]; then bbfatal "OSTREE_REPO should be set in your local.conf" @@ -145,21 +115,24 @@ IMAGE_CMD_ostree () { ln -sf var/roothome root fi - # deploy SOTA credentials mkdir -p var/sota if [ -n "${SOTA_AUTOPROVISION_CREDENTIALS}" ]; then - EXPDATE=`openssl pkcs12 -in ${SOTA_AUTOPROVISION_CREDENTIALS} -password "pass:" -nodes 2>/dev/null | openssl x509 -noout -enddate | cut -f2 -d "="` - - if [ `date +%s` -ge `date -d "${EXPDATE}" +%s` ]; then - bberror "Certificate ${SOTA_AUTOPROVISION_CREDENTIALS} has expired on ${EXPDATE}" - fi + bbwarn "SOTA_AUTOPROVISION_CREDENTIALS are ignored. Please use SOTA_PACKED_CREDENTIALS" + fi + if [ -n "${SOTA_AUTOPROVISION_URL}" ]; then + bbwarn "SOTA_AUTOPROVISION_URL is ignored. Please use SOTA_PACKED_CREDENTIALS" + fi + if [ -n "${SOTA_AUTOPROVISION_URL_FILE}" ]; then + bbwarn "SOTA_AUTOPROVISION_URL_FILE is ignored. Please use SOTA_PACKED_CREDENTIALS" + fi + if [ -n "${OSTREE_PUSH_CREDENTIALS}" ]; then + bbwarn "OSTREE_PUSH_CREDENTIALS is ignored. Please use SOTA_PACKED_CREDENTIALS" + fi - cp ${SOTA_AUTOPROVISION_CREDENTIALS} var/sota/sota_provisioning_credentials.p12 - if [ -n "${SOTA_AUTOPROVISION_URL_FILE}" ]; then - export SOTA_AUTOPROVISION_URL=`cat ${SOTA_AUTOPROVISION_URL_FILE}` - fi - echo "SOTA_GATEWAY_URI=${SOTA_AUTOPROVISION_URL}" > var/sota/sota_provisioning_url.env + # deploy SOTA credentials + if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then + cp ${SOTA_PACKED_CREDENTIALS} var/sota/sota_provisioning_credentials.zip fi if [ -n "${SOTA_SECONDARY_ECUS}" ]; then @@ -207,10 +180,10 @@ IMAGE_CMD_ostree () { IMAGE_TYPEDEP_ostreepush = "ostree" IMAGE_DEPENDS_ostreepush = "sota-tools-native:do_populate_sysroot" IMAGE_CMD_ostreepush () { - if [ -n "${OSTREE_PUSH_CREDENTIALS}" ]; then + if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then garage-push --repo=${OSTREE_REPO} \ --ref=${OSTREE_BRANCHNAME} \ - --credentials=${OSTREE_PUSH_CREDENTIALS} \ + --credentials=${SOTA_PACKED_CREDENTIALS} \ --cacert=${STAGING_ETCDIR_NATIVE}/ssl/certs/ca-certificates.crt fi } diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index 359c9fb..8bc580d 100644 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -13,8 +13,9 @@ SRC_URI = " \ file://aktualizr-autoprovision.service \ file://sota_autoprov.toml \ " -SRCREV = "c24f1fc9b600113cf9f2d3d7215e406cbbb70ac4" +SRCREV = "1004efa3f86cef90c012b34620992b5762b741e3" PV = "1.0+git${SRCPV}" +PR = "6" S = "${WORKDIR}/git" SYSTEMD_SERVICE_${PN} = "aktualizr.service" @@ -23,11 +24,10 @@ inherit cmake systemd EXTRA_OECMAKE = "-DWARNING_AS_ERROR=OFF -DCMAKE_BUILD_TYPE=Release -DBUILD_TESTS=OFF -DBUILD_OSTREE=ON -DAKTUALIZR_VERSION=${PV}" -export SOTA_AUTOPROVISION_CREDENTIALS export SOTA_PACKED_CREDENTIALS do_install_append() { - if [ -n "${SOTA_AUTOPROVISION_CREDENTIALS}" -o -n "${SOTA_PACKED_CREDENTIALS}" ]; then + if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then install -d ${D}/${systemd_unitdir}/system install -m 0644 ${WORKDIR}/aktualizr-autoprovision.service ${D}/${systemd_unitdir}/system/aktualizr.service install -d ${D}/usr/lib/sota diff --git a/recipes-sota/aktualizr/files/aktualizr-autoprovision.service b/recipes-sota/aktualizr/files/aktualizr-autoprovision.service index fd0ab09..4a595f0 100644 --- a/recipes-sota/aktualizr/files/aktualizr-autoprovision.service +++ b/recipes-sota/aktualizr/files/aktualizr-autoprovision.service @@ -7,8 +7,7 @@ Requires=network-online.target [Service] RestartSec=10 Restart=always -EnvironmentFile=/var/sota/sota_provisioning_url.env -ExecStart=/usr/bin/aktualizr --disable-keyid-validation --tls-server ${SOTA_GATEWAY_URI} --config /usr/lib/sota/sota.toml +ExecStart=/usr/bin/aktualizr --disable-keyid-validation --config /usr/lib/sota/sota.toml [Install] WantedBy=multi-user.target diff --git a/recipes-sota/aktualizr/files/sota_autoprov.toml b/recipes-sota/aktualizr/files/sota_autoprov.toml index 8799553..9d4ce3b 100644 --- a/recipes-sota/aktualizr/files/sota_autoprov.toml +++ b/recipes-sota/aktualizr/files/sota_autoprov.toml @@ -1,9 +1,9 @@ [device] packages_dir = "/tmp/packages_dir" -certificates_directory = "/var/sota" system_info = "system_info.sh" [tls] +certificates_directory = "/var/sota/" ca_file = "root.crt" client_certificate = "client.pem" pkey_file = "pkey.pem" @@ -14,5 +14,5 @@ private_key_path = "ecukey.der" public_key_path = "ecukey.pub" [provision] -p12_path = "sota_provisioning_credentials.p12" +provision_path = "/var/sota/sota_provisioning_credentials.zip" -- cgit v1.2.3-54-g00ecf From b376ae9e08c4695b95b02fbecfe55eb1bd05c603 Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Thu, 20 Jul 2017 12:00:00 +0200 Subject: Minor documentation typo/grammar fix. --- README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.adoc b/README.adoc index d625780..9615f65 100644 --- a/README.adoc +++ b/README.adoc @@ -115,7 +115,7 @@ ostree admin deploy --os=agl agl-snapshot:agl-ota === SOTA tools -SOTA tools now contains only one tool, garage-push that lets you push the changes in OSTree repository generated by bitbake process. It communicates with an http server capable of querying files with HEAD requests and uploading them with POST requests. In particular, this can be used with http://www.atsgarage.com/[ATS Garage]. garage-push is used as follws: +SOTA tools currently contains only one tool, garage-push, which lets you push the changes in OSTree repository generated by bitbake process. It communicates with an http server capable of querying files with HEAD requests and uploading them with POST requests. In particular, this can be used with http://www.atsgarage.com/[ATS Garage]. garage-push is used as follows: .... garage-push --repo=/path/to/ostree-repo --ref=mybranch --credentials=/path/to/credentials.json -- cgit v1.2.3-54-g00ecf From b20eb4aa872f00827d0c079d30a61bd86f68866e Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Wed, 2 Aug 2017 12:26:51 +0200 Subject: Prepare credentials correctly for rvi-sota-client. Unzip credentials archive and create files as appropriate, since none of that is necessary for aktualizr anymore. This is now done in the sota_provision script. It apparently does not work in the rvi-sota-client recipe, but this solution is perhaps even cleaner anyway. --- recipes-sota/rvi-sota-client/files/sota-client-autoprovision.service | 1 - recipes-sota/rvi-sota-client/rvi-sota-client.inc | 5 +++-- recipes-sota/rvi-sota-client/rvi-sota-client_git.bb | 5 ++--- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/recipes-sota/rvi-sota-client/files/sota-client-autoprovision.service b/recipes-sota/rvi-sota-client/files/sota-client-autoprovision.service index 0431455..11b1354 100644 --- a/recipes-sota/rvi-sota-client/files/sota-client-autoprovision.service +++ b/recipes-sota/rvi-sota-client/files/sota-client-autoprovision.service @@ -6,7 +6,6 @@ After=network-online.target [Service] Type=oneshot WorkingDirectory=/var/sota -EnvironmentFile=/var/sota/sota_provisioning_url.env Environment=SOTA_CERT_DIR=/var/sota ExecStart=/usr/bin/sota_provision.sh sota_provisioning_credentials RemainAfterExit=true diff --git a/recipes-sota/rvi-sota-client/rvi-sota-client.inc b/recipes-sota/rvi-sota-client/rvi-sota-client.inc index 2a27c9a..00709af 100644 --- a/recipes-sota/rvi-sota-client/rvi-sota-client.inc +++ b/recipes-sota/rvi-sota-client/rvi-sota-client.inc @@ -13,10 +13,11 @@ SRC_URI[index.md5sum] = "6a635e8a081b4d4ba4cebffd721c2d7d" SRC_URI[index.sha256sum] = "1913c41d4b8de89a931b6f9e418f83e70a083e12e6c247e8510ee932571ebae2" # also update PV and SRC_URI crates when updating SRCREV -SRCREV = "b9170dfd92981505c77f8f6e51d477eb1ec57071" +SRCREV = "5b335cd46c5848d8012ef03f06b50a63fdac4f7c" +PR = "1" # generate with: `make package-version` -PV = "0.2.33-61-gb9170df" +PV = "0.2.33-66-g5b335cd" # generate with: `make yocto-version` SRC_URI = " \ diff --git a/recipes-sota/rvi-sota-client/rvi-sota-client_git.bb b/recipes-sota/rvi-sota-client/rvi-sota-client_git.bb index 7ce3ab5..e286598 100644 --- a/recipes-sota/rvi-sota-client/rvi-sota-client_git.bb +++ b/recipes-sota/rvi-sota-client/rvi-sota-client_git.bb @@ -24,11 +24,10 @@ lshw \ jq \ python-petname \ sota-launcher \ +zip \ " export SOTA_PACKED_CREDENTIALS -export SOTA_AUTOPROVISION_CREDENTIALS -export SOTA_AUTOPROVISION_URL do_compile_prepend() { export SOTA_VERSION=$(make sota-version) @@ -50,7 +49,7 @@ do_install() { if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then install -d ${D}/${systemd_unitdir}/system - if [ -n "$SOTA_AUTOPROVISION_CREDENTIALS" -o -n "$SOTA_PACKED_CREDENTIALS" ]; then + if [ -n "$SOTA_PACKED_CREDENTIALS" ]; then install -m 0644 ${WORKDIR}/sota-client-uptane.service ${D}/${systemd_unitdir}/system/sota-client.service else install -m 0644 ${WORKDIR}/sota-client-ostree.service ${D}/${systemd_unitdir}/system/sota-client.service -- cgit v1.2.3-54-g00ecf From e59b7e959695a31b109b873e7de420cf947e22b8 Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Tue, 8 Aug 2017 17:36:20 +0200 Subject: Remove device section as it is no longer used. --- recipes-sota/aktualizr/files/sota_autoprov.toml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/recipes-sota/aktualizr/files/sota_autoprov.toml b/recipes-sota/aktualizr/files/sota_autoprov.toml index 9d4ce3b..9fbb093 100644 --- a/recipes-sota/aktualizr/files/sota_autoprov.toml +++ b/recipes-sota/aktualizr/files/sota_autoprov.toml @@ -1,7 +1,3 @@ -[device] -packages_dir = "/tmp/packages_dir" -system_info = "system_info.sh" - [tls] certificates_directory = "/var/sota/" ca_file = "root.crt" -- cgit v1.2.3-54-g00ecf