From 673a4b91d1794b7c89265ba3dd62febf8826e14f Mon Sep 17 00:00:00 2001 From: Anton Gerasimov Date: Wed, 5 Sep 2018 16:22:07 +0200 Subject: Add SOTA_DEPLOY_CREDENTIALS variable to control whether the built image should be provisioned --- .../aktualizr/aktualizr-auto-prov-creds.bb | 23 ++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 recipes-sota/aktualizr/aktualizr-auto-prov-creds.bb (limited to 'recipes-sota/aktualizr/aktualizr-auto-prov-creds.bb') diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-auto-prov-creds.bb new file mode 100644 index 0000000..d964a0a --- /dev/null +++ b/recipes-sota/aktualizr/aktualizr-auto-prov-creds.bb @@ -0,0 +1,23 @@ +SUMMARY = "Credentials for autoprovisioning scenario" +SECTION = "base" +LICENSE = "MPL-2.0" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" + +DEPENDS = "aktualizr-native zip-native" + +require credentials.inc + +do_install() { + if [ -n ${SOTA_PACKED_CREDENTIALS} ]; then + install -m 0700 -d ${D}${localstatedir}/sota + cp ${SOTA_PACKED_CREDENTIALS} ${D}${localstatedir}/sota/sota_provisioning_credentials.zip + # Device should not be able to push data to treehub + zip -d ${D}${localstatedir}/sota/sota_provisioning_credentials.zip treehub.json + fi +} + +FILES_${PN} = " \ + ${localstatedir}/sota/sota_provisioning_credentials.zip \ + " + +# vim:set ts=4 sw=4 sts=4 expandtab: -- cgit v1.2.3-54-g00ecf From e689954dc9a07f1ceef65c797056f805daad90a9 Mon Sep 17 00:00:00 2001 From: Anton Gerasimov Date: Mon, 24 Sep 2018 18:02:30 +0200 Subject: Fixes for oe-selftest --- lib/oeqa/selftest/cases/updater.py | 30 ++++++++++++---------- .../aktualizr/aktualizr-auto-prov-creds.bb | 3 ++- recipes-sota/aktualizr/aktualizr-auto-prov.bb | 1 - .../aktualizr/aktualizr-ca-implicit-prov-creds.bb | 1 + recipes-sota/aktualizr/aktualizr_git.bb | 6 ++--- 5 files changed, 22 insertions(+), 19 deletions(-) (limited to 'recipes-sota/aktualizr/aktualizr-auto-prov-creds.bb') diff --git a/lib/oeqa/selftest/cases/updater.py b/lib/oeqa/selftest/cases/updater.py index a3fe407..38bdcbf 100644 --- a/lib/oeqa/selftest/cases/updater.py +++ b/lib/oeqa/selftest/cases/updater.py @@ -110,25 +110,25 @@ class AktualizrToolsTests(OESelftestTestCase): def test_cert_provider_local_output(self): logger = logging.getLogger("selftest") - logger.info('Running bitbake to build aktualizr-implicit-prov') - bitbake('aktualizr-implicit-prov') + logger.info('Running bitbake to build aktualizr-ca-implicit-prov') + bitbake('aktualizr-ca-implicit-prov') bb_vars = get_bb_vars(['SOTA_PACKED_CREDENTIALS', 'T'], 'aktualizr-native') creds = bb_vars['SOTA_PACKED_CREDENTIALS'] temp_dir = bb_vars['T'] - bb_vars_prov = get_bb_vars(['STAGING_DIR_HOST', 'libdir'], 'aktualizr-implicit-prov') - config = bb_vars_prov['STAGING_DIR_HOST'] + bb_vars_prov['libdir'] + '/sota/sota_implicit_prov.toml' + bb_vars_prov = get_bb_vars(['STAGING_DIR_HOST', 'libdir'], 'aktualizr-ca-implicit-prov') + config = bb_vars_prov['STAGING_DIR_HOST'] + bb_vars_prov['libdir'] + '/sota/sota_implicit_prov_ca.toml' akt_native_run(self, 'aktualizr_cert_provider -c {creds} -r -l {temp} -g {config}' .format(creds=creds, temp=temp_dir, config=config)) # Might be nice if these names weren't hardcoded. - cert_path = temp_dir + '/client.pem' + cert_path = temp_dir + '/var/sota/import/client.pem' self.assertTrue(os.path.isfile(cert_path), "Client certificate not found at %s." % cert_path) self.assertTrue(os.path.getsize(cert_path) > 0, "Client certificate at %s is empty." % cert_path) - pkey_path = temp_dir + '/pkey.pem' + pkey_path = temp_dir + '/var/sota/import/pkey.pem' self.assertTrue(os.path.isfile(pkey_path), "Private key not found at %s." % pkey_path) self.assertTrue(os.path.getsize(pkey_path) > 0, "Private key at %s is empty." % pkey_path) - ca_path = temp_dir + '/root.crt' + ca_path = temp_dir + '/var/sota/import/root.crt' self.assertTrue(os.path.isfile(ca_path), "Client certificate not found at %s." % ca_path) self.assertTrue(os.path.getsize(ca_path) > 0, "Client certificate at %s is empty." % ca_path) @@ -390,8 +390,9 @@ class ImplProvTests(OESelftestTestCase): else: self.meta_qemu = None self.append_config('MACHINE = "qemux86-64"') - self.append_config('SOTA_CLIENT_PROV = " aktualizr-implicit-prov "') - runCmd('bitbake -c cleanall aktualizr aktualizr-implicit-prov') + self.append_config('SOTA_CLIENT_PROV = " aktualizr-ca-implicit-prov "') + self.append_config('SOTA_DEPLOY_CREDENTIALS = "0"') + runCmd('bitbake -c cleanall aktualizr aktualizr-ca-implicit-prov') self.qemu, self.s = qemu_launch(machine='qemux86-64') def tearDownLocal(self): @@ -436,10 +437,11 @@ class ImplProvTests(OESelftestTestCase): # Run cert_provider. bb_vars = get_bb_vars(['SOTA_PACKED_CREDENTIALS'], 'aktualizr-native') creds = bb_vars['SOTA_PACKED_CREDENTIALS'] - bb_vars_prov = get_bb_vars(['STAGING_DIR_HOST', 'libdir'], 'aktualizr-implicit-prov') - config = bb_vars_prov['STAGING_DIR_HOST'] + bb_vars_prov['libdir'] + '/sota/sota_implicit_prov.toml' + bb_vars_prov = get_bb_vars(['STAGING_DIR_HOST', 'libdir'], 'aktualizr-ca-implicit-prov') + config = bb_vars_prov['STAGING_DIR_HOST'] + bb_vars_prov['libdir'] + '/sota/sota_implicit_prov_ca.toml' - akt_native_run(self, 'aktualizr_cert_provider -c {creds} -t root@localhost -p {port} -s -g {config}' + print('Provisining at root@localhost:%d' % self.qemu.ssh_port) + akt_native_run(self, 'aktualizr_cert_provider -c {creds} -t root@localhost -p {port} -s -u -r -g {config}' .format(creds=creds, port=self.qemu.ssh_port, config=config)) verifyProvisioned(self, machine) @@ -462,7 +464,9 @@ class HsmTests(OESelftestTestCase): self.meta_qemu = None self.append_config('MACHINE = "qemux86-64"') self.append_config('SOTA_CLIENT_PROV = "aktualizr-hsm-prov"') + self.append_config('SOTA_DEPLOY_CREDENTIALS = "0"') self.append_config('SOTA_CLIENT_FEATURES = "hsm"') + self.append_config('IMAGE_INSTALL_append = " softhsm-testtoken"') runCmd('bitbake -c cleanall aktualizr aktualizr-hsm-prov') self.qemu, self.s = qemu_launch(machine='qemux86-64') @@ -521,7 +525,7 @@ class HsmTests(OESelftestTestCase): bb_vars_prov = get_bb_vars(['STAGING_DIR_HOST', 'libdir'], 'aktualizr-hsm-prov') config = bb_vars_prov['STAGING_DIR_HOST'] + bb_vars_prov['libdir'] + '/sota/sota_hsm_prov.toml' - akt_native_run(self, 'aktualizr_cert_provider -c {creds} -t root@localhost -p {port} -r -s -g {config}' + akt_native_run(self, 'aktualizr_cert_provider -c {creds} -t root@localhost -p {port} -r -s -u -g {config}' .format(creds=creds, port=self.qemu.ssh_port, config=config)) # Verify that HSM is able to initialize. diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-auto-prov-creds.bb index d964a0a..34460af 100644 --- a/recipes-sota/aktualizr/aktualizr-auto-prov-creds.bb +++ b/recipes-sota/aktualizr/aktualizr-auto-prov-creds.bb @@ -4,11 +4,12 @@ LICENSE = "MPL-2.0" LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" DEPENDS = "aktualizr-native zip-native" +ALLOW_EMPTY_${PN} = "1" require credentials.inc do_install() { - if [ -n ${SOTA_PACKED_CREDENTIALS} ]; then + if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then install -m 0700 -d ${D}${localstatedir}/sota cp ${SOTA_PACKED_CREDENTIALS} ${D}${localstatedir}/sota/sota_provisioning_credentials.zip # Device should not be able to push data to treehub diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov.bb b/recipes-sota/aktualizr/aktualizr-auto-prov.bb index 65e89bd..01f21fa 100644 --- a/recipes-sota/aktualizr/aktualizr-auto-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-auto-prov.bb @@ -7,7 +7,6 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7 DEPENDS = "aktualizr-native zip-native" RDEPENDS_${PN}_append = "${@' aktualizr-auto-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS', True) == '1' else ''}" -RDEPENDS_${PN} = " aktualizr" PV = "1.0" PR = "6" diff --git a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb index 5debc19..a729e6b 100644 --- a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb +++ b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb @@ -4,6 +4,7 @@ LICENSE = "MPL-2.0" LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" DEPENDS = "aktualizr aktualizr-native" +ALLOW_EMPTY_${PN} = "1" SRC_URI = " \ file://ca.cnf \ diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index 3c91386..ccaf475 100755 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -16,8 +16,6 @@ RDEPENDS_${PN}_append_class-target = " ${@bb.utils.contains('SOTA_CLIENT_FEATURE RDEPENDS_${PN}_append_class-target = " ${PN}-tools " RDEPENDS_${PN}-secondary_append_class-target = " ${PN}-tools " -RDEPENDS_${PN}_class-target = " openssl-bin " - PV = "1.0+git${SRCPV}" PR = "7" @@ -28,8 +26,8 @@ SRC_URI = " \ file://aktualizr-secondary.socket \ file://aktualizr-serialcan.service \ " -SRCREV = "097c763ab4b4b057fa6bedfdac2049e53df93539" -BRANCH ?= "feat/OTA-719/split-provision" +SRCREV = "803fa9f75ed96993775dc0aa5e65e71920125157" +BRANCH ?= "master" S = "${WORKDIR}/git" -- cgit v1.2.3-54-g00ecf