From 0cf02e05962c69a808d7bfeca33e5b9cf58f3a44 Mon Sep 17 00:00:00 2001
From: Patrick Vacek <patrickvacek@gmail.com>
Date: Tue, 28 May 2019 09:46:28 +0200
Subject: Rename provisioning methods.

"Autoprovisioning" or "automatic provisioning" is now known as "shared
credential provisioning". "Implicit provisioning" is now known as
"device credential provisioning". "HSM provisioning" was always a
misnomer, so it is now refered to as "device credential provisioning
with an HSM".

This includes a bump of the aktualizr version as well.

Signed-off-by: Patrick Vacek <patrickvacek@gmail.com>
---
 .../aktualizr/aktualizr-auto-prov-creds.bb         | 31 -----------
 recipes-sota/aktualizr/aktualizr-auto-prov.bb      | 45 ----------------
 .../aktualizr/aktualizr-ca-implicit-prov-creds.bb  | 57 --------------------
 .../aktualizr/aktualizr-ca-implicit-prov.bb        | 30 -----------
 .../aktualizr/aktualizr-device-prov-creds.bb       | 60 ++++++++++++++++++++++
 .../aktualizr/aktualizr-device-prov-hsm.bb         | 30 +++++++++++
 recipes-sota/aktualizr/aktualizr-device-prov.bb    | 29 +++++++++++
 recipes-sota/aktualizr/aktualizr-hsm-prov.bb       | 30 -----------
 .../aktualizr/aktualizr-shared-prov-creds.bb       | 32 ++++++++++++
 recipes-sota/aktualizr/aktualizr-shared-prov.bb    | 43 ++++++++++++++++
 .../aktualizr/aktualizr-uboot-env-rollback.bb      |  2 +-
 recipes-sota/aktualizr/aktualizr_git.bb            | 15 +++---
 12 files changed, 202 insertions(+), 202 deletions(-)
 delete mode 100644 recipes-sota/aktualizr/aktualizr-auto-prov-creds.bb
 delete mode 100644 recipes-sota/aktualizr/aktualizr-auto-prov.bb
 delete mode 100644 recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb
 delete mode 100644 recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb
 create mode 100644 recipes-sota/aktualizr/aktualizr-device-prov-creds.bb
 create mode 100644 recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb
 create mode 100644 recipes-sota/aktualizr/aktualizr-device-prov.bb
 delete mode 100644 recipes-sota/aktualizr/aktualizr-hsm-prov.bb
 create mode 100644 recipes-sota/aktualizr/aktualizr-shared-prov-creds.bb
 create mode 100644 recipes-sota/aktualizr/aktualizr-shared-prov.bb

(limited to 'recipes-sota/aktualizr')

diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-auto-prov-creds.bb
deleted file mode 100644
index 6b2dd27..0000000
--- a/recipes-sota/aktualizr/aktualizr-auto-prov-creds.bb
+++ /dev/null
@@ -1,31 +0,0 @@
-SUMMARY = "Credentials for autoprovisioning scenario"
-SECTION = "base"
-LICENSE = "MPL-2.0"
-LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad"
-
-inherit allarch
-
-DEPENDS = "aktualizr-native zip-native"
-ALLOW_EMPTY_${PN} = "1"
-
-require credentials.inc
-
-do_install() {
-    if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
-        install -m 0700 -d ${D}${localstatedir}/sota
-        cp "${SOTA_PACKED_CREDENTIALS}" ${D}${localstatedir}/sota/sota_provisioning_credentials.zip
-        # Device should not be able to push data to treehub
-        zip -d ${D}${localstatedir}/sota/sota_provisioning_credentials.zip treehub.json
-        # Device has no use for the API Gateway. Remove if present. See:
-        # https://github.com/advancedtelematic/ota-plus-server/pull/1913/
-        if unzip -l ${D}${localstatedir}/sota/sota_provisioning_credentials.zip api_gateway.url > /dev/null; then
-            zip -d ${D}${localstatedir}/sota/sota_provisioning_credentials.zip api_gateway.url 
-        fi
-    fi
-}
-
-FILES_${PN} = " \
-                ${localstatedir}/sota/sota_provisioning_credentials.zip \
-                "
-
-# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov.bb b/recipes-sota/aktualizr/aktualizr-auto-prov.bb
deleted file mode 100644
index 3e4c208..0000000
--- a/recipes-sota/aktualizr/aktualizr-auto-prov.bb
+++ /dev/null
@@ -1,45 +0,0 @@
-SUMMARY = "Aktualizr configuration for autoprovisioning"
-DESCRIPTION = "Configuration for automatically provisioning Aktualizr, the SOTA Client application written in C++"
-HOMEPAGE = "https://github.com/advancedtelematic/aktualizr"
-SECTION = "base"
-LICENSE = "MPL-2.0"
-LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad"
-
-inherit allarch
-
-DEPENDS = "aktualizr-native zip-native"
-RDEPENDS_${PN}_append = "${@' aktualizr-auto-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS', True) == '1' else ''}"
-PV = "1.0"
-PR = "6"
-
-SRC_URI = ""
-
-require credentials.inc
-
-do_install() {
-    if [ -n "${SOTA_AUTOPROVISION_CREDENTIALS}" ]; then
-        bbwarn "SOTA_AUTOPROVISION_CREDENTIALS are ignored. Please use SOTA_PACKED_CREDENTIALS"
-    fi
-    if [ -n "${SOTA_AUTOPROVISION_URL}" ]; then
-        bbwarn "SOTA_AUTOPROVISION_URL is ignored. Please use SOTA_PACKED_CREDENTIALS"
-    fi
-    if [ -n "${SOTA_AUTOPROVISION_URL_FILE}" ]; then
-        bbwarn "SOTA_AUTOPROVISION_URL_FILE is ignored. Please use SOTA_PACKED_CREDENTIALS"
-    fi
-    if [ -n "${OSTREE_PUSH_CREDENTIALS}" ]; then
-        bbwarn "OSTREE_PUSH_CREDENTIALS is ignored. Please use SOTA_PACKED_CREDENTIALS"
-    fi
-
-    install -m 0700 -d ${D}${libdir}/sota/conf.d
-    aktualizr_toml=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-network', 'sota_autoprov_primary.toml', 'sota_autoprov.toml', d)}
-
-    install -m 0644 ${STAGING_DIR_NATIVE}${libdir_native}/sota/${aktualizr_toml} \
-        ${D}${libdir}/sota/conf.d/20-${aktualizr_toml}
-}
-
-FILES_${PN} = " \
-                ${libdir}/sota/conf.d \
-                ${libdir}/sota/conf.d/20-${aktualizr_toml} \
-                "
-
-# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb
deleted file mode 100644
index da17d77..0000000
--- a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb
+++ /dev/null
@@ -1,57 +0,0 @@
-SUMMARY = "Credentials for implicit provisioning with CA certificate"
-SECTION = "base"
-LICENSE = "MPL-2.0"
-LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad"
-
-inherit allarch
-
-# WARNING: it is NOT a production solution. The secure way to provision devices
-# is to create certificate request directly on the device (either with HSM/TPM
-# or with software) and then sign it with a CA stored on a disconnected machine.
-
-DEPENDS = "aktualizr aktualizr-native"
-ALLOW_EMPTY_${PN} = "1"
-
-SRC_URI = " \
-  file://ca.cnf \
-  "
-
-require credentials.inc
-
-export SOTA_CACERT_PATH
-export SOTA_CAKEY_PATH
-
-do_install() {
-    if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
-        if [ -z ${SOTA_CACERT_PATH} ]; then
-            SOTA_CACERT_PATH=${DEPLOY_DIR_IMAGE}/CA/cacert.pem
-            SOTA_CAKEY_PATH=${DEPLOY_DIR_IMAGE}/CA/ca.private.pem
-            mkdir -p ${DEPLOY_DIR_IMAGE}/CA
-            bbwarn "SOTA_CACERT_PATH is not specified, use default one at ${SOTA_CACERT_PATH}"
-
-            if [ ! -f ${SOTA_CACERT_PATH} ]; then
-                bbwarn "${SOTA_CACERT_PATH} does not exist, generate a new CA"
-                SOTA_CACERT_DIR_PATH="$(dirname "${SOTA_CACERT_PATH}")"
-                openssl genrsa -out ${SOTA_CACERT_DIR_PATH}/ca.private.pem 4096
-                openssl req -key ${SOTA_CACERT_DIR_PATH}/ca.private.pem -new -x509 -days 7300 -out ${SOTA_CACERT_PATH} -subj "/C=DE/ST=Berlin/O=Reis und Kichererbsen e.V/commonName=meta-updater" -batch -config ${WORKDIR}/ca.cnf -extensions cacert
-                bbwarn "${SOTA_CACERT_PATH} has been created, you'll need to upload it to the server"
-            fi
-        fi
-
-        if [ -z ${SOTA_CAKEY_PATH} ]; then
-            bbfatal "SOTA_CAKEY_PATH should be set when using implicit provisioning"
-        fi
-
-        install -m 0700 -d ${D}${localstatedir}/sota
-        aktualizr-cert-provider --credentials ${SOTA_PACKED_CREDENTIALS} \
-                                --fleet-ca ${SOTA_CACERT_PATH} \
-                                --fleet-ca-key ${SOTA_CAKEY_PATH} \
-                                --root-ca \
-                                --server-url \
-                                --local ${D} \
-                                --config ${STAGING_DIR_HOST}${libdir}/sota/sota_implicit_prov_ca.toml
-    fi
-}
-
-FILES_${PN} = " \
-                ${localstatedir}/sota/*"
diff --git a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb
deleted file mode 100644
index 0d1c860..0000000
--- a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb
+++ /dev/null
@@ -1,30 +0,0 @@
-SUMMARY = "Aktualizr configuration for implicit provisioning with CA"
-DESCRIPTION = "Configuration for implicitly provisioning Aktualizr using externally provided or generated CA"
-
-HOMEPAGE = "https://github.com/advancedtelematic/aktualizr"
-SECTION = "base"
-LICENSE = "MPL-2.0"
-LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad"
-
-inherit allarch
-
-DEPENDS = "aktualizr aktualizr-native openssl-native"
-RDEPENDS_${PN}_append = "${@' aktualizr-ca-implicit-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS', True) == '1' else ''}"
-
-PV = "1.0"
-PR = "1"
-
-require credentials.inc
-
-do_install() {
-    install -m 0700 -d ${D}${libdir}/sota/conf.d
-
-    install -m 0644 ${STAGING_DIR_HOST}${libdir}/sota/sota_implicit_prov_ca.toml \
-        ${D}${libdir}/sota/conf.d/20-sota_implicit_prov_ca.toml
-}
-
-FILES_${PN} = " \
-                ${libdir}/sota/conf.d/20-sota_implicit_prov_ca.toml \
-                "
-
-# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/recipes-sota/aktualizr/aktualizr-device-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-device-prov-creds.bb
new file mode 100644
index 0000000..6e02a50
--- /dev/null
+++ b/recipes-sota/aktualizr/aktualizr-device-prov-creds.bb
@@ -0,0 +1,60 @@
+SUMMARY = "Credentials for device provisioning with fleet CA certificate"
+HOMEPAGE = "https://github.com/advancedtelematic/aktualizr"
+SECTION = "base"
+LICENSE = "MPL-2.0"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad"
+
+inherit allarch
+
+# WARNING: it is NOT a production solution. The secure way to provision devices
+# is to create certificate request directly on the device (either with HSM/TPM
+# or with software) and then sign it with a CA stored on a disconnected machine.
+
+DEPENDS = "aktualizr aktualizr-native"
+ALLOW_EMPTY_${PN} = "1"
+
+SRC_URI = " \
+            file://ca.cnf \
+            "
+
+require credentials.inc
+
+export SOTA_CACERT_PATH
+export SOTA_CAKEY_PATH
+
+do_install() {
+    if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
+        if [ -z ${SOTA_CACERT_PATH} ]; then
+            SOTA_CACERT_PATH=${DEPLOY_DIR_IMAGE}/CA/cacert.pem
+            SOTA_CAKEY_PATH=${DEPLOY_DIR_IMAGE}/CA/ca.private.pem
+            mkdir -p ${DEPLOY_DIR_IMAGE}/CA
+            bbwarn "SOTA_CACERT_PATH is not specified, use default one at ${SOTA_CACERT_PATH}"
+
+            if [ ! -f ${SOTA_CACERT_PATH} ]; then
+                bbwarn "${SOTA_CACERT_PATH} does not exist, generate a new CA"
+                SOTA_CACERT_DIR_PATH="$(dirname "${SOTA_CACERT_PATH}")"
+                openssl genrsa -out ${SOTA_CACERT_DIR_PATH}/ca.private.pem 4096
+                openssl req -key ${SOTA_CACERT_DIR_PATH}/ca.private.pem -new -x509 -days 7300 -out ${SOTA_CACERT_PATH} -subj "/C=DE/ST=Berlin/O=Reis und Kichererbsen e.V/commonName=meta-updater" -batch -config ${WORKDIR}/ca.cnf -extensions cacert
+                bbwarn "${SOTA_CACERT_PATH} has been created, you'll need to upload it to the server"
+            fi
+        fi
+
+        if [ -z ${SOTA_CAKEY_PATH} ]; then
+            bbfatal "SOTA_CAKEY_PATH should be set when using device credential provisioning"
+        fi
+
+        install -m 0700 -d ${D}${localstatedir}/sota
+        aktualizr-cert-provider --credentials ${SOTA_PACKED_CREDENTIALS} \
+                                --fleet-ca ${SOTA_CACERT_PATH} \
+                                --fleet-ca-key ${SOTA_CAKEY_PATH} \
+                                --root-ca \
+                                --server-url \
+                                --local ${D} \
+                                --config ${STAGING_DIR_HOST}${libdir}/sota/sota-device-cred.toml
+    fi
+}
+
+FILES_${PN} = " \
+                ${localstatedir}/sota/*"
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb b/recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb
new file mode 100644
index 0000000..83840e5
--- /dev/null
+++ b/recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb
@@ -0,0 +1,30 @@
+SUMMARY = "Aktualizr configuration for device credential provisioning with HSM support"
+DESCRIPTION = "Configuration for provisioning Aktualizr with device credentials using externally provided or generated CA with HSM support"
+HOMEPAGE = "https://github.com/advancedtelematic/aktualizr"
+SECTION = "base"
+LICENSE = "MPL-2.0"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad"
+
+inherit allarch
+
+DEPENDS = "aktualizr aktualizr-native"
+RDEPENDS_${PN}_append = "${@' aktualizr-device-prov-creds softhsm-testtoken' if d.getVar('SOTA_DEPLOY_CREDENTIALS', True) == '1' else ''}"
+
+SRC_URI = ""
+PV = "1.0"
+PR = "6"
+
+require credentials.inc
+
+do_install() {
+    install -m 0700 -d ${D}${libdir}/sota/conf.d
+    install -m 0644 ${STAGING_DIR_NATIVE}${libdir_native}/sota/sota-device-cred-hsm.toml \
+        ${D}${libdir}/sota/conf.d/20-sota-device-cred-hsm.toml
+}
+
+FILES_${PN} = " \
+                ${libdir}/sota/conf.d \
+                ${libdir}/sota/conf.d/20-sota-device-cred-hsm.toml \
+                "
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/recipes-sota/aktualizr/aktualizr-device-prov.bb b/recipes-sota/aktualizr/aktualizr-device-prov.bb
new file mode 100644
index 0000000..be0f5c8
--- /dev/null
+++ b/recipes-sota/aktualizr/aktualizr-device-prov.bb
@@ -0,0 +1,29 @@
+SUMMARY = "Aktualizr configuration for device credential provisioning"
+DESCRIPTION = "Configuration for provisioning Aktualizr with device credentials using externally provided or generated CA"
+HOMEPAGE = "https://github.com/advancedtelematic/aktualizr"
+SECTION = "base"
+LICENSE = "MPL-2.0"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad"
+
+inherit allarch
+
+DEPENDS = "aktualizr aktualizr-native openssl-native"
+RDEPENDS_${PN}_append = "${@' aktualizr-device-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS', True) == '1' else ''}"
+
+PV = "1.0"
+PR = "1"
+
+require credentials.inc
+
+do_install() {
+    install -m 0700 -d ${D}${libdir}/sota/conf.d
+    install -m 0644 ${STAGING_DIR_NATIVE}${libdir_native}/sota/sota-device-cred.toml \
+        ${D}${libdir}/sota/conf.d/20-sota-device-cred.toml
+}
+
+FILES_${PN} = " \
+                ${libdir}/sota/conf.d \
+                ${libdir}/sota/conf.d/20-sota-device-cred.toml \
+                "
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/recipes-sota/aktualizr/aktualizr-hsm-prov.bb b/recipes-sota/aktualizr/aktualizr-hsm-prov.bb
deleted file mode 100644
index f738f3e..0000000
--- a/recipes-sota/aktualizr/aktualizr-hsm-prov.bb
+++ /dev/null
@@ -1,30 +0,0 @@
-SUMMARY = "Aktualizr configuration with HSM support"
-DESCRIPTION = "Configuration for HSM provisioning with Aktualizr, the SOTA Client application written in C++"
-HOMEPAGE = "https://github.com/advancedtelematic/aktualizr"
-SECTION = "base"
-LICENSE = "MPL-2.0"
-LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad"
-
-inherit allarch
-
-DEPENDS = "aktualizr aktualizr-native"
-RDEPENDS_${PN}_append = "${@' aktualizr-ca-implicit-prov-creds softhsm-testtoken' if d.getVar('SOTA_DEPLOY_CREDENTIALS', True) == '1' else ''}"
-
-SRC_URI = ""
-PV = "1.0"
-PR = "6"
-
-require credentials.inc
-
-do_install() {
-    install -m 0700 -d ${D}${libdir}/sota/conf.d
-    install -m 0644 ${STAGING_DIR_NATIVE}${libdir_native}/sota/sota_hsm_prov.toml \
-        ${D}${libdir}/sota/conf.d/20-sota_hsm_prov.toml
-}
-
-FILES_${PN} = " \
-                ${libdir}/sota/conf.d \
-                ${libdir}/sota/conf.d/20-sota_hsm_prov.toml \
-                "
-
-# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/recipes-sota/aktualizr/aktualizr-shared-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-shared-prov-creds.bb
new file mode 100644
index 0000000..dbb5fde
--- /dev/null
+++ b/recipes-sota/aktualizr/aktualizr-shared-prov-creds.bb
@@ -0,0 +1,32 @@
+SUMMARY = "Credentials for shared provisioning"
+HOMEPAGE = "https://github.com/advancedtelematic/aktualizr"
+SECTION = "base"
+LICENSE = "MPL-2.0"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad"
+
+inherit allarch
+
+DEPENDS = "aktualizr-native zip-native"
+ALLOW_EMPTY_${PN} = "1"
+
+require credentials.inc
+
+do_install() {
+    if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
+        install -m 0700 -d ${D}${localstatedir}/sota
+        cp "${SOTA_PACKED_CREDENTIALS}" ${D}${localstatedir}/sota/sota_provisioning_credentials.zip
+        # Device should not be able to push data to treehub
+        zip -d ${D}${localstatedir}/sota/sota_provisioning_credentials.zip treehub.json
+        # Device has no use for the API Gateway. Remove if present. See:
+        # https://github.com/advancedtelematic/ota-plus-server/pull/1913/
+        if unzip -l ${D}${localstatedir}/sota/sota_provisioning_credentials.zip api_gateway.url > /dev/null; then
+            zip -d ${D}${localstatedir}/sota/sota_provisioning_credentials.zip api_gateway.url 
+        fi
+    fi
+}
+
+FILES_${PN} = " \
+                ${localstatedir}/sota/sota_provisioning_credentials.zip \
+                "
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/recipes-sota/aktualizr/aktualizr-shared-prov.bb b/recipes-sota/aktualizr/aktualizr-shared-prov.bb
new file mode 100644
index 0000000..c42546c
--- /dev/null
+++ b/recipes-sota/aktualizr/aktualizr-shared-prov.bb
@@ -0,0 +1,43 @@
+SUMMARY = "Aktualizr configuration for shared credential provisioning"
+DESCRIPTION = "Configuration for provisioning Aktualizr with shared credentials"
+HOMEPAGE = "https://github.com/advancedtelematic/aktualizr"
+SECTION = "base"
+LICENSE = "MPL-2.0"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad"
+
+inherit allarch
+
+DEPENDS = "aktualizr-native zip-native"
+RDEPENDS_${PN}_append = "${@' aktualizr-shared-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS', True) == '1' else ''}"
+PV = "1.0"
+PR = "6"
+
+SRC_URI = ""
+
+require credentials.inc
+
+do_install() {
+    if [ -n "${SOTA_AUTOPROVISION_CREDENTIALS}" ]; then
+        bbwarn "SOTA_AUTOPROVISION_CREDENTIALS are ignored. Please use SOTA_PACKED_CREDENTIALS"
+    fi
+    if [ -n "${SOTA_AUTOPROVISION_URL}" ]; then
+        bbwarn "SOTA_AUTOPROVISION_URL is ignored. Please use SOTA_PACKED_CREDENTIALS"
+    fi
+    if [ -n "${SOTA_AUTOPROVISION_URL_FILE}" ]; then
+        bbwarn "SOTA_AUTOPROVISION_URL_FILE is ignored. Please use SOTA_PACKED_CREDENTIALS"
+    fi
+    if [ -n "${OSTREE_PUSH_CREDENTIALS}" ]; then
+        bbwarn "OSTREE_PUSH_CREDENTIALS is ignored. Please use SOTA_PACKED_CREDENTIALS"
+    fi
+
+    install -m 0700 -d ${D}${libdir}/sota/conf.d
+    install -m 0644 ${STAGING_DIR_NATIVE}${libdir_native}/sota/sota-shared-cred.toml \
+        ${D}${libdir}/sota/conf.d/20-sota-shared-cred.toml
+}
+
+FILES_${PN} = " \
+                ${libdir}/sota/conf.d \
+                ${libdir}/sota/conf.d/20-sota-shared-cred.toml \
+                "
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb b/recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb
index ed1e3a8..2bc2e3f 100644
--- a/recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb
+++ b/recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb
@@ -11,7 +11,7 @@ RDEPENDS_${PN} = "aktualizr"
 
 do_install() {
     install -m 0700 -d ${D}${libdir}/sota/conf.d
-    install -m 0644 ${STAGING_DIR_NATIVE}${libdir_native}/sota/sota_uboot_env.toml ${D}${libdir}/sota/conf.d/30-rollback.toml
+    install -m 0644 ${STAGING_DIR_NATIVE}${libdir_native}/sota/sota-uboot-env.toml ${D}${libdir}/sota/conf.d/30-rollback.toml
 }
 
 FILES_${PN} = " \
diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb
index 145cf1a..4dbfb06 100755
--- a/recipes-sota/aktualizr/aktualizr_git.bb
+++ b/recipes-sota/aktualizr/aktualizr_git.bb
@@ -31,7 +31,7 @@ SRC_URI = " \
 SRC_URI[md5sum] = "e104ccd4f32e52571a5fc0e5042db050"
 SRC_URI[sha256sum] = "c590be1a57523bfe097af82279eda5c97cf40ae47fb27162cf33c469702c8a9b"
 
-SRCREV = "8c523efc4c1f1e6d9dfd41b7e23a202ade4d9ff7"
+SRCREV = "fce5854ff10e7efd52d69bbaf68dc2af990d5746"
 BRANCH ?= "master"
 
 S = "${WORKDIR}/git"
@@ -93,12 +93,11 @@ do_install_ptest() {
 
 do_install_append () {
     install -d ${D}${libdir}/sota
-    install -m 0644 ${S}/config/sota_autoprov.toml ${D}/${libdir}/sota/sota_autoprov.toml
-    install -m 0644 ${S}/config/sota_autoprov_primary.toml ${D}/${libdir}/sota/sota_autoprov_primary.toml
-    install -m 0644 ${S}/config/sota_hsm_prov.toml ${D}/${libdir}/sota/sota_hsm_prov.toml
-    install -m 0644 ${S}/config/sota_implicit_prov_ca.toml ${D}/${libdir}/sota/sota_implicit_prov_ca.toml
-    install -m 0644 ${S}/config/sota_secondary.toml ${D}/${libdir}/sota/sota_secondary.toml
-    install -m 0644 ${S}/config/sota_uboot_env.toml ${D}/${libdir}/sota/sota_uboot_env.toml
+    install -m 0644 ${S}/config/sota-shared-cred.toml ${D}/${libdir}/sota/sota-shared-cred.toml
+    install -m 0644 ${S}/config/sota-device-cred-hsm.toml ${D}/${libdir}/sota/sota-device-cred-hsm.toml
+    install -m 0644 ${S}/config/sota-device-cred.toml ${D}/${libdir}/sota/sota-device-cred.toml
+    install -m 0644 ${S}/config/sota-secondary.toml ${D}/${libdir}/sota/sota-secondary.toml
+    install -m 0644 ${S}/config/sota-uboot-env.toml ${D}/${libdir}/sota/sota-uboot-env.toml
     install -d ${D}${systemd_unitdir}/system
     install -m 0644 ${WORKDIR}/aktualizr-secondary.service ${D}${systemd_unitdir}/system/aktualizr-secondary.service
     install -m 0700 -d ${D}${libdir}/sota/conf.d
@@ -174,7 +173,7 @@ FILES_${PN}-examples = " \
 
 FILES_${PN}-secondary = " \
                 ${bindir}/aktualizr-secondary \
-                ${libdir}/sota/sota_secondary.toml \
+                ${libdir}/sota/sota-secondary.toml \
                 ${systemd_unitdir}/system/aktualizr-secondary.service \
                 "
 
-- 
cgit v1.2.3-54-g00ecf