From 41159c3e6f6edbb8b896231120b78ef1e5834e98 Mon Sep 17 00:00:00 2001 From: Mike Sul Date: Wed, 15 May 2019 11:17:41 +0300 Subject: OTA-2541: Network configuration on IP/Posix Secondary Signed-off-by: Mike Sul Signed-off-by: Patrick Vacek --- recipes-sota/aktualizr/aktualizr_git.bb | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'recipes-sota/aktualizr') diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index 903f2de..db8cf38 100755 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -119,6 +119,14 @@ do_install_append () { fi fi + if [ -n "${SOTA_SECONDARY_NETWORK_CONFIG}" ]; then + if [ -f "${SOTA_SECONDARY_NETWORK_CONFIG}" ]; then + install -m 0644 ${SOTA_SECONDARY_NETWORK_CONFIG} ${D}/${libdir}/sota/conf.d/35-secondary-network-config.toml + else + bbwarn "SOTA_SECONDARY_NETWORK_CONFIG is set to a non-existent file (${SOTA_SECONDARY_NETWORK_CONFIG})" + fi + fi + install -m 0755 -d ${D}${systemd_unitdir}/system aktualizr_service=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'serialcan', '${WORKDIR}/aktualizr-serialcan.service', '${WORKDIR}/aktualizr.service', d)} install -m 0644 ${aktualizr_service} ${D}${systemd_unitdir}/system/aktualizr.service -- cgit v1.2.3-54-g00ecf From 6db7a38b4b188f35a68f0b507d9b96560081678c Mon Sep 17 00:00:00 2001 From: Mike Sul Date: Fri, 17 May 2019 10:58:30 +0300 Subject: OTA-2541: Remove Secondary's socket service. Use a regular systemd service to start Seconadry daemon Signed-off-by: Mike Sul Signed-off-by: Patrick Vacek --- recipes-sota/aktualizr/aktualizr_git.bb | 5 +---- recipes-sota/aktualizr/files/aktualizr-secondary.service | 6 +++++- recipes-sota/aktualizr/files/aktualizr-secondary.socket | 6 ------ 3 files changed, 6 insertions(+), 11 deletions(-) delete mode 100644 recipes-sota/aktualizr/files/aktualizr-secondary.socket (limited to 'recipes-sota/aktualizr') diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index db8cf38..d61b597 100755 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -22,7 +22,6 @@ SRC_URI = " \ file://run-ptest \ file://aktualizr.service \ file://aktualizr-secondary.service \ - file://aktualizr-secondary.socket \ file://aktualizr-serialcan.service \ file://10-resource-control.conf \ ${@ d.expand("https://ats-tuf-cli-releases.s3-eu-central-1.amazonaws.com/cli-${GARAGE_SIGN_PV}.tgz;unpack=0") if d.getVar('GARAGE_SIGN_AUTOVERSION') != '1' else ''} \ @@ -45,7 +44,7 @@ PTEST_ENABLED = "0" SYSTEMD_PACKAGES = "${PN} ${PN}-secondary" SYSTEMD_SERVICE_${PN} = "aktualizr.service" -SYSTEMD_SERVICE_${PN}-secondary = "aktualizr-secondary.socket" +SYSTEMD_SERVICE_${PN}-secondary = "aktualizr-secondary.service" EXTRA_OECMAKE = "-DCMAKE_BUILD_TYPE=Release -DAKTUALIZR_VERSION=${PV} ${@bb.utils.contains('PTEST_ENABLED', '1', '-DTESTSUITE_VALGRIND=on', '', d)}" @@ -100,7 +99,6 @@ do_install_append () { install -m 0644 ${S}/config/sota_secondary.toml ${D}/${libdir}/sota/sota_secondary.toml install -m 0644 ${S}/config/sota_uboot_env.toml ${D}/${libdir}/sota/sota_uboot_env.toml install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/aktualizr-secondary.socket ${D}${systemd_unitdir}/system/aktualizr-secondary.socket install -m 0644 ${WORKDIR}/aktualizr-secondary.service ${D}${systemd_unitdir}/system/aktualizr-secondary.service install -m 0700 -d ${D}${libdir}/sota/conf.d install -m 0700 -d ${D}${sysconfdir}/sota/conf.d @@ -184,7 +182,6 @@ FILES_${PN}-examples = " \ FILES_${PN}-secondary = " \ ${bindir}/aktualizr-secondary \ ${libdir}/sota/sota_secondary.toml \ - ${systemd_unitdir}/system/aktualizr-secondary.socket \ ${systemd_unitdir}/system/aktualizr-secondary.service \ " diff --git a/recipes-sota/aktualizr/files/aktualizr-secondary.service b/recipes-sota/aktualizr/files/aktualizr-secondary.service index 9628ee3..b577ae8 100644 --- a/recipes-sota/aktualizr/files/aktualizr-secondary.service +++ b/recipes-sota/aktualizr/files/aktualizr-secondary.service @@ -1,8 +1,12 @@ [Unit] Description=Aktualizr SOTA Client (UPTANE Secondary) +After=network.target [Service] RestartSec=10 Restart=always -ExecStart=/usr/bin/aktualizr-secondary --config /usr/lib/sota/sota_secondary.toml +ExecStart=/usr/bin/aktualizr-secondary + +[Install] +WantedBy=multi-user.target diff --git a/recipes-sota/aktualizr/files/aktualizr-secondary.socket b/recipes-sota/aktualizr/files/aktualizr-secondary.socket deleted file mode 100644 index da0ee44..0000000 --- a/recipes-sota/aktualizr/files/aktualizr-secondary.socket +++ /dev/null @@ -1,6 +0,0 @@ -[Socket] -ListenStream=9030 -ListenDatagram=9031 - -[Install] -WantedBy=sockets.target \ No newline at end of file -- cgit v1.2.3-54-g00ecf From 6f222fee48c4024d2f5f6ef097893073964204ef Mon Sep 17 00:00:00 2001 From: Mike Sul Date: Wed, 22 May 2019 17:02:24 +0300 Subject: OTA-2541: Use local.conf's variables to configure Primary with Secondary(ies) and vice versa Signed-off-by: Mike Sul Signed-off-by: Patrick Vacek --- recipes-sota/aktualizr/aktualizr_git.bb | 8 --- recipes-test/demo-config/files/30-fake_pacman.toml | 2 + .../demo-config/files/30-secondary_config.toml | 2 + .../demo-config/files/35-network_config.toml | 4 ++ recipes-test/demo-config/files/45-id_config.toml | 3 + .../demo-config/files/ip_secondary_config.json | 7 +++ recipes-test/demo-config/primary-config.bb | 68 ++++++++++++++++++++++ recipes-test/demo-config/secondary-config.bb | 41 +++++++++++++ recipes-test/demo-config/shared-conf.inc | 5 ++ .../files/30-fake_pacman.toml | 2 - .../files/35-network_config.toml | 4 -- .../demo-secondary-config/files/45-id_config.toml | 3 - .../demo-secondary-config/secondary-config.bb | 43 -------------- recipes-test/images/primary-image.bb | 3 +- 14 files changed, 134 insertions(+), 61 deletions(-) create mode 100644 recipes-test/demo-config/files/30-fake_pacman.toml create mode 100644 recipes-test/demo-config/files/30-secondary_config.toml create mode 100644 recipes-test/demo-config/files/35-network_config.toml create mode 100644 recipes-test/demo-config/files/45-id_config.toml create mode 100644 recipes-test/demo-config/files/ip_secondary_config.json create mode 100644 recipes-test/demo-config/primary-config.bb create mode 100644 recipes-test/demo-config/secondary-config.bb create mode 100644 recipes-test/demo-config/shared-conf.inc delete mode 100644 recipes-test/demo-secondary-config/files/30-fake_pacman.toml delete mode 100644 recipes-test/demo-secondary-config/files/35-network_config.toml delete mode 100644 recipes-test/demo-secondary-config/files/45-id_config.toml delete mode 100644 recipes-test/demo-secondary-config/secondary-config.bb (limited to 'recipes-sota/aktualizr') diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index d61b597..f4c9946 100755 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -117,14 +117,6 @@ do_install_append () { fi fi - if [ -n "${SOTA_SECONDARY_NETWORK_CONFIG}" ]; then - if [ -f "${SOTA_SECONDARY_NETWORK_CONFIG}" ]; then - install -m 0644 ${SOTA_SECONDARY_NETWORK_CONFIG} ${D}/${libdir}/sota/conf.d/35-secondary-network-config.toml - else - bbwarn "SOTA_SECONDARY_NETWORK_CONFIG is set to a non-existent file (${SOTA_SECONDARY_NETWORK_CONFIG})" - fi - fi - install -m 0755 -d ${D}${systemd_unitdir}/system aktualizr_service=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'serialcan', '${WORKDIR}/aktualizr-serialcan.service', '${WORKDIR}/aktualizr.service', d)} install -m 0644 ${aktualizr_service} ${D}${systemd_unitdir}/system/aktualizr.service diff --git a/recipes-test/demo-config/files/30-fake_pacman.toml b/recipes-test/demo-config/files/30-fake_pacman.toml new file mode 100644 index 0000000..3fb5cf2 --- /dev/null +++ b/recipes-test/demo-config/files/30-fake_pacman.toml @@ -0,0 +1,2 @@ +[pacman] +type = "fake" diff --git a/recipes-test/demo-config/files/30-secondary_config.toml b/recipes-test/demo-config/files/30-secondary_config.toml new file mode 100644 index 0000000..7714240 --- /dev/null +++ b/recipes-test/demo-config/files/30-secondary_config.toml @@ -0,0 +1,2 @@ +[uptane] +secondary_config_file = "@CFG_FILEPATH@" diff --git a/recipes-test/demo-config/files/35-network_config.toml b/recipes-test/demo-config/files/35-network_config.toml new file mode 100644 index 0000000..db7a1bb --- /dev/null +++ b/recipes-test/demo-config/files/35-network_config.toml @@ -0,0 +1,4 @@ +[network] +port = @PORT@ +primary_ip = @PRIMARY_IP@ +primary_port = @PRIMARY_PORT@ diff --git a/recipes-test/demo-config/files/45-id_config.toml b/recipes-test/demo-config/files/45-id_config.toml new file mode 100644 index 0000000..6cbd77f --- /dev/null +++ b/recipes-test/demo-config/files/45-id_config.toml @@ -0,0 +1,3 @@ +[uptane] +ecu_serial = @SERIAL@ +ecu_hardware_id = @HWID@ diff --git a/recipes-test/demo-config/files/ip_secondary_config.json b/recipes-test/demo-config/files/ip_secondary_config.json new file mode 100644 index 0000000..690cf2e --- /dev/null +++ b/recipes-test/demo-config/files/ip_secondary_config.json @@ -0,0 +1,7 @@ +{ + "IP": { + "secondaries_wait_port": @PORT@, + "secondaries_wait_timeout": @TIMEOUT@, + "secondaries": @ADDR_ARRAY@ + } +} diff --git a/recipes-test/demo-config/primary-config.bb b/recipes-test/demo-config/primary-config.bb new file mode 100644 index 0000000..0cd9180 --- /dev/null +++ b/recipes-test/demo-config/primary-config.bb @@ -0,0 +1,68 @@ +DESCRIPTION = "Sample configuration for an Uptane Primary to support IP/Posix Secondary" +LICENSE = "MPL-2.0" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" + +require shared-conf.inc + +PRIMARY_SECONDARIES ?= "${SECONDARY_IP}:${SECONDARY_PORT}" + +SRC_URI = "\ + file://30-secondary_config.toml \ + file://ip_secondary_config.json \ + " + +def get_secondary_addrs(d): + import json + + secondaries = d.getVar('PRIMARY_SECONDARIES') + sec_array = [] + for secondary in secondaries.split(): + sec_array.append({"addr": secondary}) + + return json.dumps(sec_array) + +do_install () { + + if [ ! -n "${SOTA_SECONDARY_CONFIG}" ]; then + bbwarn "SOTA_SECONDARY_CONFIG hasn't been specified in the local config, generate a default one" + + IP_SECONDARY_CONFIG_FILE=${WORKDIR}/ip_secondary_config.json + IP_SECONDARY_ADDRS='${@get_secondary_addrs(d)}' + else + bbwarn "SOTA_SECONDARY_CONFIG has been specified in the local config: ${SOTA_SECONDARY_CONFIG}" + + IP_SECONDARY_CONFIG_FILE=${SOTA_SECONDARY_CONFIG} + fi + + if [ ! -f $IP_SECONDARY_CONFIG_FILE ]; then + bbfatal "Secondary config file does not exist: $IP_SECONDARY_CONFIG_FILE" + fi + + SECONDARY_CONFIG_DEST_DIR="${D}${sysconfdir}/sota/ecus" + SECONDARY_CONFIG_DEST_FILEPATH=$SECONDARY_CONFIG_DEST_DIR/$(basename -- $IP_SECONDARY_CONFIG_FILE) + SECONDARY_CONFIG_FILEPATH_ON_IMAGE="${sysconfdir}/sota/ecus/$(basename -- $IP_SECONDARY_CONFIG_FILE)" + + # install the secondary configuration file (json) + install -m 0700 -d $SECONDARY_CONFIG_DEST_DIR + install -m 0644 $IP_SECONDARY_CONFIG_FILE $SECONDARY_CONFIG_DEST_DIR + + # if SOTA_SECONDARY_CONFIG/secondary config file is not defined in the local conf + # then a default template is used and filled with corresponding configuration variable values + if [ ! -n "${SOTA_SECONDARY_CONFIG}" ]; then + sed -i -e "s|@PORT@|${PRIMARY_PORT}|g" \ + -e "s|@TIMEOUT@|${PRIMARY_WAIT_TIMEOUT}|g" \ + -e "s|@ADDR_ARRAY@|$IP_SECONDARY_ADDRS|g" $SECONDARY_CONFIG_DEST_FILEPATH + fi + + # install aktualizr config file (toml) that points to the secondary config file, so aktualizr is aware about it + install -m 0700 -d ${D}${libdir}/sota/conf.d + install -m 0644 ${WORKDIR}/30-secondary_config.toml ${D}${libdir}/sota/conf.d + sed -i "s|@CFG_FILEPATH@|$SECONDARY_CONFIG_FILEPATH_ON_IMAGE|g" ${D}${libdir}/sota/conf.d/30-secondary_config.toml +} + +FILES_${PN} = " \ + ${libdir}/sota/conf.d/* \ + ${sysconfdir}/sota/ecus/* \ + " + +# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/recipes-test/demo-config/secondary-config.bb b/recipes-test/demo-config/secondary-config.bb new file mode 100644 index 0000000..5b213d1 --- /dev/null +++ b/recipes-test/demo-config/secondary-config.bb @@ -0,0 +1,41 @@ +DESCRIPTION = "Sample configuration for an Uptane Secondary" +LICENSE = "MPL-2.0" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" + +require shared-conf.inc + +SECONDARY_SERIAL_ID ?= "" +SOTA_HARDWARE_ID ?= "${MACHINE}-sndry" +SECONDARY_HARDWARE_ID ?= "${SOTA_HARDWARE_ID}" + +SRC_URI = "\ + file://30-fake_pacman.toml \ + file://35-network_config.toml \ + file://45-id_config.toml \ + " + +do_install () { + install -m 0700 -d ${D}${libdir}/sota/conf.d + install -m 0644 ${WORKDIR}/30-fake_pacman.toml ${D}/${libdir}/sota/conf.d/30-fake_pacman.toml + + install -m 0644 ${WORKDIR}/35-network_config.toml ${D}/${libdir}/sota/conf.d/35-network_config.toml + sed -i -e 's|@PORT@|${SECONDARY_PORT}|g' \ + -e 's|@PRIMARY_IP@|${PRIMARY_IP}|g' \ + -e 's|@PRIMARY_PORT@|${PRIMARY_PORT}|g' \ + ${D}/${libdir}/sota/conf.d/35-network_config.toml + + install -m 0644 ${WORKDIR}/45-id_config.toml ${D}/${libdir}/sota/conf.d/45-id_config.toml + sed -i -e 's|@SERIAL@|${SECONDARY_SERIAL_ID}|g' \ + -e 's|@HWID@|${SECONDARY_HARDWARE_ID}|g' \ + ${D}/${libdir}/sota/conf.d/45-id_config.toml + +} + +FILES_${PN} = " \ + ${libdir}/sota/conf.d \ + ${libdir}/sota/conf.d/30-fake_pacman.toml \ + ${libdir}/sota/conf.d/35-network_config.toml \ + ${libdir}/sota/conf.d/45-id_config.toml \ + " + +# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/recipes-test/demo-config/shared-conf.inc b/recipes-test/demo-config/shared-conf.inc new file mode 100644 index 0000000..ce2bb44 --- /dev/null +++ b/recipes-test/demo-config/shared-conf.inc @@ -0,0 +1,5 @@ +SECONDARY_IP ?= "10.0.3.2" +SECONDARY_PORT ?= "9050" +PRIMARY_IP ?= "10.0.3.1" +PRIMARY_PORT ?= "9040" +PRIMARY_WAIT_TIMEOUT ?= "120" diff --git a/recipes-test/demo-secondary-config/files/30-fake_pacman.toml b/recipes-test/demo-secondary-config/files/30-fake_pacman.toml deleted file mode 100644 index 3fb5cf2..0000000 --- a/recipes-test/demo-secondary-config/files/30-fake_pacman.toml +++ /dev/null @@ -1,2 +0,0 @@ -[pacman] -type = "fake" diff --git a/recipes-test/demo-secondary-config/files/35-network_config.toml b/recipes-test/demo-secondary-config/files/35-network_config.toml deleted file mode 100644 index db7a1bb..0000000 --- a/recipes-test/demo-secondary-config/files/35-network_config.toml +++ /dev/null @@ -1,4 +0,0 @@ -[network] -port = @PORT@ -primary_ip = @PRIMARY_IP@ -primary_port = @PRIMARY_PORT@ diff --git a/recipes-test/demo-secondary-config/files/45-id_config.toml b/recipes-test/demo-secondary-config/files/45-id_config.toml deleted file mode 100644 index 6cbd77f..0000000 --- a/recipes-test/demo-secondary-config/files/45-id_config.toml +++ /dev/null @@ -1,3 +0,0 @@ -[uptane] -ecu_serial = @SERIAL@ -ecu_hardware_id = @HWID@ diff --git a/recipes-test/demo-secondary-config/secondary-config.bb b/recipes-test/demo-secondary-config/secondary-config.bb deleted file mode 100644 index 25972d4..0000000 --- a/recipes-test/demo-secondary-config/secondary-config.bb +++ /dev/null @@ -1,43 +0,0 @@ -DESCRIPTION = "Sample configuration for an Uptane Secondary" -LICENSE = "MPL-2.0" -LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" - -SECONDARY_SERIAL_ID ?= "" -SOTA_HARDWARE_ID ?= "${MACHINE}-sndry" -SECONDARY_HARDWARE_ID ?= "${SOTA_HARDWARE_ID}" - -SECONDARY_PORT ?= "9050" -PRIMARY_IP ?= "10.0.3.1" -PRIMARY_PORT ?= "9040" - -SRC_URI = "\ - file://30-fake_pacman.toml \ - file://35-network_config.toml \ - file://45-id_config.toml \ - " - -do_install () { - install -m 0700 -d ${D}${libdir}/sota/conf.d - install -m 0644 ${WORKDIR}/30-fake_pacman.toml ${D}/${libdir}/sota/conf.d/30-fake_pacman.toml - - install -m 0644 ${WORKDIR}/35-network_config.toml ${D}/${libdir}/sota/conf.d/35-network_config.toml - sed -i -e 's|@PORT@|${SECONDARY_PORT}|g' \ - -e 's|@PRIMARY_IP@|${PRIMARY_IP}|g' \ - -e 's|@PRIMARY_PORT@|${PRIMARY_PORT}|g' \ - ${D}/${libdir}/sota/conf.d/35-network_config.toml - - install -m 0644 ${WORKDIR}/45-id_config.toml ${D}/${libdir}/sota/conf.d/45-id_config.toml - sed -i -e 's|@SERIAL@|${SECONDARY_SERIAL_ID}|g' \ - -e 's|@HWID@|${SECONDARY_HARDWARE_ID}|g' \ - ${D}/${libdir}/sota/conf.d/45-id_config.toml - -} - -FILES_${PN} = " \ - ${libdir}/sota/conf.d \ - ${libdir}/sota/conf.d/30-fake_pacman.toml \ - ${libdir}/sota/conf.d/35-network_config.toml \ - ${libdir}/sota/conf.d/45-id_config.toml \ - " - -# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/recipes-test/images/primary-image.bb b/recipes-test/images/primary-image.bb index 935f7ac..ba1dc1f 100644 --- a/recipes-test/images/primary-image.bb +++ b/recipes-test/images/primary-image.bb @@ -9,7 +9,8 @@ IMAGE_INSTALL_remove = " \ " IMAGE_INSTALL_append = " \ - primary-network-config \ + primary-network-config \ + primary-config \ " # vim:set ts=4 sw=4 sts=4 expandtab: -- cgit v1.2.3-54-g00ecf From b0ddbf7847ccc1eb69ba330fc68231c6df84f57b Mon Sep 17 00:00:00 2001 From: Mike Sul Date: Mon, 27 May 2019 10:38:48 +0300 Subject: OTA-2541: Switch to Aktualizr's version that supports IP Secondaries preconfig and its tests Signed-off-by: Mike Sul Signed-off-by: Patrick Vacek --- recipes-sota/aktualizr/aktualizr_git.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'recipes-sota/aktualizr') diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index f4c9946..a97939e 100755 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -31,7 +31,7 @@ SRC_URI = " \ SRC_URI[md5sum] = "c5e9968dfe78a7264ab9a8338c11725d" SRC_URI[sha256sum] = "3a19258d7a1825a308aca0da82f7a337985bec05e8951355c4c95f0fcf2444f4" -SRCREV = "c50feb37034eceb1254429d3e3ed38e5b8a0dc60" +SRCREV = "8c523efc4c1f1e6d9dfd41b7e23a202ade4d9ff7" BRANCH ?= "master" S = "${WORKDIR}/git" -- cgit v1.2.3-54-g00ecf From 0754230f4759c4c68f6992b7fa3cf5f6806e12d9 Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Tue, 28 May 2019 17:05:01 +0200 Subject: aktualizr: bump garage sign to version 0.7.0-3-gf5ba640. Signed-off-by: Patrick Vacek --- recipes-sota/aktualizr/aktualizr_git.bb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'recipes-sota/aktualizr') diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index a97939e..edacdb1 100755 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -15,7 +15,7 @@ RDEPENDS_${PN}-ptest += "bash cmake curl python3-misc python3-modules openssl-bi PV = "1.0+git${SRCPV}" PR = "7" -GARAGE_SIGN_PV = "0.6.0-18-g5b8b259" +GARAGE_SIGN_PV = "0.7.0-3-gf5ba640" SRC_URI = " \ gitsm://github.com/advancedtelematic/aktualizr;branch=${BRANCH} \ @@ -28,8 +28,8 @@ SRC_URI = " \ " # for garage-sign archive -SRC_URI[md5sum] = "c5e9968dfe78a7264ab9a8338c11725d" -SRC_URI[sha256sum] = "3a19258d7a1825a308aca0da82f7a337985bec05e8951355c4c95f0fcf2444f4" +SRC_URI[md5sum] = "e104ccd4f32e52571a5fc0e5042db050" +SRC_URI[sha256sum] = "c590be1a57523bfe097af82279eda5c97cf40ae47fb27162cf33c469702c8a9b" SRCREV = "8c523efc4c1f1e6d9dfd41b7e23a202ade4d9ff7" BRANCH ?= "master" -- cgit v1.2.3-54-g00ecf From 0b9caa66a90e0a0ea673ffcc37a00818e4806dac Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Tue, 28 May 2019 09:46:28 +0200 Subject: Rename provisioning methods. "Autoprovisioning" or "automatic provisioning" is now known as "shared credential provisioning". "Implicit provisioning" is now known as "device credential provisioning". "HSM provisioning" was always a misnomer, so it is now refered to as "device credential provisioning with an HSM". This includes a bump of the aktualizr version as well. Signed-off-by: Patrick Vacek --- README.adoc | 12 ++--- classes/sota.bbclass | 2 +- lib/oeqa/selftest/cases/updater_minnowboard.py | 2 +- lib/oeqa/selftest/cases/updater_qemux86_64.py | 40 +++++++-------- lib/oeqa/selftest/cases/updater_raspberrypi.py | 3 +- .../aktualizr/aktualizr-auto-prov-creds.bb | 31 ----------- recipes-sota/aktualizr/aktualizr-auto-prov.bb | 45 ---------------- .../aktualizr/aktualizr-ca-implicit-prov-creds.bb | 57 -------------------- .../aktualizr/aktualizr-ca-implicit-prov.bb | 30 ----------- .../aktualizr/aktualizr-device-prov-creds.bb | 60 ++++++++++++++++++++++ .../aktualizr/aktualizr-device-prov-hsm.bb | 30 +++++++++++ recipes-sota/aktualizr/aktualizr-device-prov.bb | 29 +++++++++++ recipes-sota/aktualizr/aktualizr-hsm-prov.bb | 30 ----------- .../aktualizr/aktualizr-shared-prov-creds.bb | 32 ++++++++++++ recipes-sota/aktualizr/aktualizr-shared-prov.bb | 43 ++++++++++++++++ .../aktualizr/aktualizr-uboot-env-rollback.bb | 2 +- recipes-sota/aktualizr/aktualizr_git.bb | 15 +++--- recipes-test/demo-config/files/30-fake-pacman.toml | 2 + recipes-test/demo-config/files/30-fake_pacman.toml | 2 - .../demo-config/files/30-secondary-config.toml | 2 + .../demo-config/files/30-secondary_config.toml | 2 - .../demo-config/files/35-network-config.toml | 4 ++ .../demo-config/files/35-network_config.toml | 4 -- recipes-test/demo-config/files/45-id-config.toml | 3 ++ recipes-test/demo-config/files/45-id_config.toml | 3 -- recipes-test/demo-config/primary-config.bb | 6 +-- recipes-test/demo-config/secondary-config.bb | 22 ++++---- recipes-test/images/secondary-image.bb | 10 ++-- scripts/find_aktualizr_dependencies.sh | 13 ++--- 29 files changed, 268 insertions(+), 268 deletions(-) delete mode 100644 recipes-sota/aktualizr/aktualizr-auto-prov-creds.bb delete mode 100644 recipes-sota/aktualizr/aktualizr-auto-prov.bb delete mode 100644 recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb delete mode 100644 recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb create mode 100644 recipes-sota/aktualizr/aktualizr-device-prov-creds.bb create mode 100644 recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb create mode 100644 recipes-sota/aktualizr/aktualizr-device-prov.bb delete mode 100644 recipes-sota/aktualizr/aktualizr-hsm-prov.bb create mode 100644 recipes-sota/aktualizr/aktualizr-shared-prov-creds.bb create mode 100644 recipes-sota/aktualizr/aktualizr-shared-prov.bb create mode 100644 recipes-test/demo-config/files/30-fake-pacman.toml delete mode 100644 recipes-test/demo-config/files/30-fake_pacman.toml create mode 100644 recipes-test/demo-config/files/30-secondary-config.toml delete mode 100644 recipes-test/demo-config/files/30-secondary_config.toml create mode 100644 recipes-test/demo-config/files/35-network-config.toml delete mode 100644 recipes-test/demo-config/files/35-network_config.toml create mode 100644 recipes-test/demo-config/files/45-id-config.toml delete mode 100644 recipes-test/demo-config/files/45-id_config.toml (limited to 'recipes-sota/aktualizr') diff --git a/README.adoc b/README.adoc index b447a2f..41d8e96 100644 --- a/README.adoc +++ b/README.adoc @@ -80,7 +80,7 @@ Your images will also need network connectivity to be able to reach an actual OT * `OSTREE_REPO` - path to your OSTree repository. Defaults to `$\{DEPLOY_DIR_IMAGE}/ostree_repo` * `OSTREE_OSNAME` - OS deployment name on your target device. For more information about deployments and osnames see the https://ostree.readthedocs.io/en/latest/manual/deployment/[OSTree documentation]. Defaults to "poky". -* `OSTREE_COMMIT_BODY` - Message attached to OSTree commit. Empty by default. +* `OSTREE_COMMIT_BODY` - Message attached to OSTree commit. Empty by default. * `OSTREE_COMMIT_SUBJECT` - Commit subject used by OSTree. Defaults to `Commit-id: ${IMAGE_NAME}` * `OSTREE_UPDATE_SUMMARY` - Set this to '1' to update summary of OSTree repository on each commit. '0' by default. * `OSTREE_DEPLOY_DEVICETREE` - Set this to '1' to include devicetree(s) to boot @@ -88,7 +88,7 @@ Your images will also need network connectivity to be able to reach an actual OT * `INITRAMFS_IMAGE` - initramfs/initrd image that is used as a proxy while booting into OSTree deployment. Do not change this setting unless you are sure that your initramfs can serve as such a proxy. * `SOTA_PACKED_CREDENTIALS` - when set, your ostree commit will be pushed to a remote repo as a bitbake step. This should be the path to a zipped credentials file in https://github.com/advancedtelematic/aktualizr/blob/master/docs/credentials.adoc[the format accepted by garage-push]. * `SOTA_DEPLOY_CREDENTIALS` - when set to '1' (default value), deploys credentials to the built image. Override it in `local.conf` to built a generic image that can be provisioned manually after the build. -* `SOTA_CLIENT_PROV` - which provisioning method to use. Valid options are `aktualizr-auto-prov`, `aktualizr-ca-implicit-prov`, and `aktualizr-hsm-prov`. For more information on these provisioning methods, see the https://docs.ota.here.com/client-config/client-provisioning-methods.html[OTA Connect documentation]. The default is `aktualizr-auto-prov`. This can also be set to an empty string to avoid using a provisioning recipe. +* `SOTA_CLIENT_PROV` - which provisioning method to use. Valid options are `aktualizr-shared-prov`, `aktualizr-device-prov`, and `aktualizr-device-prov-hsm`. For more information on these provisioning methods, see the https://docs.ota.here.com/client-config/client-provisioning-methods.html[OTA Connect documentation]. The default is `aktualizr-shared-prov`. This can also be set to an empty string to avoid using a provisioning recipe. * `SOTA_CLIENT_FEATURES` - extensions to aktualizr. The only valid options are `hsm` (to build with HSM support) and `secondary-network` (to set up a simulated 'in-vehicle' network with support for a primary node with a DHCP server and a secondary node with a DHCP client). * `SOTA_SECONDARY_CONFIG_DIR` - a directory containing JSON configuration files for virtual secondaries on the host. These will be installed into `/etc/sota/ecus` on the device and automatically provided to aktualizr. * `SOTA_HARDWARE_ID` - a custom hardware ID that will be written to the aktualizr config. Defaults to MACHINE if not set. @@ -251,13 +251,13 @@ The aktualizr tests will now be part of the deployed ptest suite, which can be r As described in <> section you can set `SOTA_DEPLOY_CREDENTIALS` to `0` to prevent deploying credentials to the built `wic` image. In this case you get a generic image that you can use e.g. on a production line to flash a series of devices. The cost of this approach is that this image is half-baked and should be provisioned before it can connect to the backend. -Provisioning procedure depends on your provisioning recipe, i.e. the value of `SOTA_CLIENT_PROV` (equal to `aktualizr-auto-prov` by default): +Provisioning procedure depends on your provisioning recipe, i.e. the value of `SOTA_CLIENT_PROV` (equal to `aktualizr-shared-prov` by default): -* For `aktualizr-auto-prov` put your `credentials.zip` to `/var/sota/sota_provisioning_credentials.zip` on the filesystem of a running device. If you have the filesystem of our device mounted to your build machine, prefix all paths with `/ostree/deploy/poky` as in `/ostree/deploy/poky/var/sota/sota_provisioning_credentials.zip`. -* For `aktualizr-ca-implicit-prov` +* For `aktualizr-shared-prov` put your `credentials.zip` to `/var/sota/sota_provisioning_credentials.zip` on the filesystem of a running device. If you have the filesystem of our device mounted to your build machine, prefix all paths with `/ostree/deploy/poky` as in `/ostree/deploy/poky/var/sota/sota_provisioning_credentials.zip`. +* For `aktualizr-device-prov` ** put URL to the backend server (together with protocol prefix and port number) at `/var/sota/gateway.url`. If you're using HERE OTA Connect, you can find the URL in the `autoprov.url` file in your credentials archive. ** put client certificate, private key and root CA certificate (for the *server*, not for the *device*) at `/var/sota/import/client.pem`, `/var/sota/import/pkey.pem` and `/var/sota/import/root.crt` respectively. -* For `aktualizr-hsm-prov` +* For `aktualizr-device-prov-hsm` ** put URL to the server backend (together with protocol prefix and port number) at `/var/sota/gateway.url`. If you're using HERE OTA Connect, you can find the URL in the `autoprov.url` file in your credentials archive. ** put root CA certificate (for the *server*, not for the *device*) at `/var/sota/import/root.crt`. ** put client certificate and private key to slots 1 and 2 of the PKCS#11-compatible device. diff --git a/classes/sota.bbclass b/classes/sota.bbclass index 56b9a8e..26c1b85 100644 --- a/classes/sota.bbclass +++ b/classes/sota.bbclass @@ -3,7 +3,7 @@ DISTROOVERRIDES .= "${@bb.utils.contains('DISTRO_FEATURES', 'sota', ':sota', '', HOSTTOOLS_NONFATAL += "java" SOTA_CLIENT ??= "aktualizr" -SOTA_CLIENT_PROV ??= "aktualizr-auto-prov" +SOTA_CLIENT_PROV ??= "aktualizr-shared-prov" SOTA_DEPLOY_CREDENTIALS ?= "1" SOTA_HARDWARE_ID ??= "${MACHINE}" diff --git a/lib/oeqa/selftest/cases/updater_minnowboard.py b/lib/oeqa/selftest/cases/updater_minnowboard.py index f5df584..267445b 100644 --- a/lib/oeqa/selftest/cases/updater_minnowboard.py +++ b/lib/oeqa/selftest/cases/updater_minnowboard.py @@ -29,7 +29,7 @@ class MinnowTests(OESelftestTestCase): self.meta_minnow = None self.append_config('MACHINE = "intel-corei7-64"') self.append_config('OSTREE_BOOTLOADER = "grub"') - self.append_config('SOTA_CLIENT_PROV = " aktualizr-auto-prov "') + self.append_config('SOTA_CLIENT_PROV = " aktualizr-shared-prov "') self.qemu, self.s = qemu_launch(efi=True, machine='intel-corei7-64') def tearDownLocal(self): diff --git a/lib/oeqa/selftest/cases/updater_qemux86_64.py b/lib/oeqa/selftest/cases/updater_qemux86_64.py index f951bc7..e26a022 100644 --- a/lib/oeqa/selftest/cases/updater_qemux86_64.py +++ b/lib/oeqa/selftest/cases/updater_qemux86_64.py @@ -16,7 +16,7 @@ class GeneralTests(OESelftestTestCase): def test_credentials(self): logger = logging.getLogger("selftest") logger.info('Running bitbake to build core-image-minimal') - self.append_config('SOTA_CLIENT_PROV = "aktualizr-auto-prov"') + self.append_config('SOTA_CLIENT_PROV = "aktualizr-shared-prov"') bitbake('core-image-minimal') credentials = get_bb_var('SOTA_PACKED_CREDENTIALS') # skip the test if the variable SOTA_PACKED_CREDENTIALS is not set @@ -46,13 +46,13 @@ class AktualizrToolsTests(OESelftestTestCase): def test_cert_provider_local_output(self): logger = logging.getLogger("selftest") - logger.info('Running bitbake to build aktualizr-ca-implicit-prov') - bitbake('aktualizr-ca-implicit-prov') + logger.info('Running bitbake to build aktualizr-device-prov') + bitbake('aktualizr-device-prov') bb_vars = get_bb_vars(['SOTA_PACKED_CREDENTIALS', 'T'], 'aktualizr-native') creds = bb_vars['SOTA_PACKED_CREDENTIALS'] temp_dir = bb_vars['T'] - bb_vars_prov = get_bb_vars(['STAGING_DIR_HOST', 'libdir'], 'aktualizr-ca-implicit-prov') - config = bb_vars_prov['STAGING_DIR_HOST'] + bb_vars_prov['libdir'] + '/sota/sota_implicit_prov_ca.toml' + bb_vars_prov = get_bb_vars(['STAGING_DIR_HOST', 'libdir'], 'aktualizr-device-prov') + config = bb_vars_prov['STAGING_DIR_HOST'] + bb_vars_prov['libdir'] + '/sota/sota-device-cred.toml' akt_native_run(self, 'aktualizr-cert-provider -c {creds} -r -l {temp} -g {config}' .format(creds=creds, temp=temp_dir, config=config)) @@ -69,7 +69,7 @@ class AktualizrToolsTests(OESelftestTestCase): self.assertTrue(os.path.getsize(ca_path) > 0, "Client certificate at %s is empty." % ca_path) -class AutoProvTests(OESelftestTestCase): +class SharedCredProvTests(OESelftestTestCase): def setUpLocal(self): layer = "meta-updater-qemux86-64" @@ -85,7 +85,7 @@ class AutoProvTests(OESelftestTestCase): else: self.meta_qemu = None self.append_config('MACHINE = "qemux86-64"') - self.append_config('SOTA_CLIENT_PROV = " aktualizr-auto-prov "') + self.append_config('SOTA_CLIENT_PROV = " aktualizr-shared-prov "') self.qemu, self.s = qemu_launch(machine='qemux86-64') def tearDownLocal(self): @@ -127,7 +127,7 @@ class ManualControlTests(OESelftestTestCase): else: self.meta_qemu = None self.append_config('MACHINE = "qemux86-64"') - self.append_config('SOTA_CLIENT_PROV = " aktualizr-auto-prov "') + self.append_config('SOTA_CLIENT_PROV = " aktualizr-shared-prov "') self.append_config('SYSTEMD_AUTO_ENABLE_aktualizr = "disable"') self.qemu, self.s = qemu_launch(machine='qemux86-64') @@ -155,7 +155,7 @@ class ManualControlTests(OESelftestTestCase): 'Aktualizr should have run' + stderr.decode() + stdout.decode()) -class ImplProvTests(OESelftestTestCase): +class DeviceCredProvTests(OESelftestTestCase): def setUpLocal(self): layer = "meta-updater-qemux86-64" @@ -171,9 +171,9 @@ class ImplProvTests(OESelftestTestCase): else: self.meta_qemu = None self.append_config('MACHINE = "qemux86-64"') - self.append_config('SOTA_CLIENT_PROV = " aktualizr-ca-implicit-prov "') + self.append_config('SOTA_CLIENT_PROV = " aktualizr-device-prov "') self.append_config('SOTA_DEPLOY_CREDENTIALS = "0"') - runCmd('bitbake -c cleanall aktualizr aktualizr-ca-implicit-prov') + runCmd('bitbake -c cleanall aktualizr aktualizr-device-prov') self.qemu, self.s = qemu_launch(machine='qemux86-64') def tearDownLocal(self): @@ -201,8 +201,8 @@ class ImplProvTests(OESelftestTestCase): # Run aktualizr-cert-provider. bb_vars = get_bb_vars(['SOTA_PACKED_CREDENTIALS'], 'aktualizr-native') creds = bb_vars['SOTA_PACKED_CREDENTIALS'] - bb_vars_prov = get_bb_vars(['STAGING_DIR_HOST', 'libdir'], 'aktualizr-ca-implicit-prov') - config = bb_vars_prov['STAGING_DIR_HOST'] + bb_vars_prov['libdir'] + '/sota/sota_implicit_prov_ca.toml' + bb_vars_prov = get_bb_vars(['STAGING_DIR_HOST', 'libdir'], 'aktualizr-device-prov') + config = bb_vars_prov['STAGING_DIR_HOST'] + bb_vars_prov['libdir'] + '/sota/sota-device-cred.toml' print('Provisining at root@localhost:%d' % self.qemu.ssh_port) akt_native_run(self, 'aktualizr-cert-provider -c {creds} -t root@localhost -p {port} -s -u -r -g {config}' @@ -211,7 +211,7 @@ class ImplProvTests(OESelftestTestCase): verifyProvisioned(self, machine) -class HsmTests(OESelftestTestCase): +class DeviceCredProvHsmTests(OESelftestTestCase): def setUpLocal(self): layer = "meta-updater-qemux86-64" @@ -227,11 +227,11 @@ class HsmTests(OESelftestTestCase): else: self.meta_qemu = None self.append_config('MACHINE = "qemux86-64"') - self.append_config('SOTA_CLIENT_PROV = "aktualizr-hsm-prov"') + self.append_config('SOTA_CLIENT_PROV = "aktualizr-device-prov-hsm"') self.append_config('SOTA_DEPLOY_CREDENTIALS = "0"') self.append_config('SOTA_CLIENT_FEATURES = "hsm"') self.append_config('IMAGE_INSTALL_append = " softhsm-testtoken"') - runCmd('bitbake -c cleanall aktualizr aktualizr-hsm-prov') + runCmd('bitbake -c cleanall aktualizr aktualizr-device-prov-hsm') self.qemu, self.s = qemu_launch(machine='qemux86-64') def tearDownLocal(self): @@ -269,8 +269,8 @@ class HsmTests(OESelftestTestCase): # Run aktualizr-cert-provider. bb_vars = get_bb_vars(['SOTA_PACKED_CREDENTIALS'], 'aktualizr-native') creds = bb_vars['SOTA_PACKED_CREDENTIALS'] - bb_vars_prov = get_bb_vars(['STAGING_DIR_HOST', 'libdir'], 'aktualizr-hsm-prov') - config = bb_vars_prov['STAGING_DIR_HOST'] + bb_vars_prov['libdir'] + '/sota/sota_hsm_prov.toml' + bb_vars_prov = get_bb_vars(['STAGING_DIR_HOST', 'libdir'], 'aktualizr-device-prov-hsm') + config = bb_vars_prov['STAGING_DIR_HOST'] + bb_vars_prov['libdir'] + '/sota/sota-device-cred-hsm.toml' akt_native_run(self, 'aktualizr-cert-provider -c {creds} -t root@localhost -p {port} -r -s -u -g {config}' .format(creds=creds, port=self.qemu.ssh_port, config=config)) @@ -369,7 +369,7 @@ class IpSecondaryTests(OESelftestTestCase): def configure(self): self._test_ctx.append_config('MACHINE = "qemux86-64"') - self._test_ctx.append_config('SOTA_CLIENT_PROV = " aktualizr-auto-prov "') + self._test_ctx.append_config('SOTA_CLIENT_PROV = " aktualizr-shared-prov "') def is_ecu_registered(self, ecu_id): max_number_of_tries = 20 @@ -456,7 +456,7 @@ class ResourceControlTests(OESelftestTestCase): else: self.meta_qemu = None self.append_config('MACHINE = "qemux86-64"') - self.append_config('SOTA_CLIENT_PROV = " aktualizr-auto-prov "') + self.append_config('SOTA_CLIENT_PROV = " aktualizr-shared-prov "') self.append_config('IMAGE_INSTALL_append += " aktualizr-resource-control "') self.append_config('RESOURCE_CPU_WEIGHT_pn-aktualizr = "1000"') self.append_config('RESOURCE_MEMORY_HIGH_pn-aktualizr = "50M"') diff --git a/lib/oeqa/selftest/cases/updater_raspberrypi.py b/lib/oeqa/selftest/cases/updater_raspberrypi.py index 785d703..f6ae903 100644 --- a/lib/oeqa/selftest/cases/updater_raspberrypi.py +++ b/lib/oeqa/selftest/cases/updater_raspberrypi.py @@ -53,7 +53,7 @@ class RpiTests(OESelftestTestCase): self.meta_qemu = None self.append_config('MACHINE = "raspberrypi3"') - self.append_config('SOTA_CLIENT_PROV = " aktualizr-auto-prov "') + self.append_config('SOTA_CLIENT_PROV = " aktualizr-shared-prov "') def tearDownLocal(self): if self.meta_qemu: @@ -68,7 +68,6 @@ class RpiTests(OESelftestTestCase): def test_build(self): logger = logging.getLogger("selftest") logger.info('Running bitbake to build core-image-minimal') - self.append_config('SOTA_CLIENT_PROV = "aktualizr-auto-prov"') bitbake('core-image-minimal') credentials = get_bb_var('SOTA_PACKED_CREDENTIALS') # Skip the test if the variable SOTA_PACKED_CREDENTIALS is not set. diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-auto-prov-creds.bb deleted file mode 100644 index 6b2dd27..0000000 --- a/recipes-sota/aktualizr/aktualizr-auto-prov-creds.bb +++ /dev/null @@ -1,31 +0,0 @@ -SUMMARY = "Credentials for autoprovisioning scenario" -SECTION = "base" -LICENSE = "MPL-2.0" -LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" - -inherit allarch - -DEPENDS = "aktualizr-native zip-native" -ALLOW_EMPTY_${PN} = "1" - -require credentials.inc - -do_install() { - if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then - install -m 0700 -d ${D}${localstatedir}/sota - cp "${SOTA_PACKED_CREDENTIALS}" ${D}${localstatedir}/sota/sota_provisioning_credentials.zip - # Device should not be able to push data to treehub - zip -d ${D}${localstatedir}/sota/sota_provisioning_credentials.zip treehub.json - # Device has no use for the API Gateway. Remove if present. See: - # https://github.com/advancedtelematic/ota-plus-server/pull/1913/ - if unzip -l ${D}${localstatedir}/sota/sota_provisioning_credentials.zip api_gateway.url > /dev/null; then - zip -d ${D}${localstatedir}/sota/sota_provisioning_credentials.zip api_gateway.url - fi - fi -} - -FILES_${PN} = " \ - ${localstatedir}/sota/sota_provisioning_credentials.zip \ - " - -# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov.bb b/recipes-sota/aktualizr/aktualizr-auto-prov.bb deleted file mode 100644 index 4b68491..0000000 --- a/recipes-sota/aktualizr/aktualizr-auto-prov.bb +++ /dev/null @@ -1,45 +0,0 @@ -SUMMARY = "Aktualizr configuration for autoprovisioning" -DESCRIPTION = "Configuration for automatically provisioning Aktualizr, the SOTA Client application written in C++" -HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" -SECTION = "base" -LICENSE = "MPL-2.0" -LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" - -inherit allarch - -DEPENDS = "aktualizr-native zip-native" -RDEPENDS_${PN}_append = "${@' aktualizr-auto-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS') == '1' else ''}" -PV = "1.0" -PR = "6" - -SRC_URI = "" - -require credentials.inc - -do_install() { - if [ -n "${SOTA_AUTOPROVISION_CREDENTIALS}" ]; then - bbwarn "SOTA_AUTOPROVISION_CREDENTIALS are ignored. Please use SOTA_PACKED_CREDENTIALS" - fi - if [ -n "${SOTA_AUTOPROVISION_URL}" ]; then - bbwarn "SOTA_AUTOPROVISION_URL is ignored. Please use SOTA_PACKED_CREDENTIALS" - fi - if [ -n "${SOTA_AUTOPROVISION_URL_FILE}" ]; then - bbwarn "SOTA_AUTOPROVISION_URL_FILE is ignored. Please use SOTA_PACKED_CREDENTIALS" - fi - if [ -n "${OSTREE_PUSH_CREDENTIALS}" ]; then - bbwarn "OSTREE_PUSH_CREDENTIALS is ignored. Please use SOTA_PACKED_CREDENTIALS" - fi - - install -m 0700 -d ${D}${libdir}/sota/conf.d - aktualizr_toml=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-network', 'sota_autoprov_primary.toml', 'sota_autoprov.toml', d)} - - install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/${aktualizr_toml} \ - ${D}${libdir}/sota/conf.d/20-${aktualizr_toml} -} - -FILES_${PN} = " \ - ${libdir}/sota/conf.d \ - ${libdir}/sota/conf.d/20-${aktualizr_toml} \ - " - -# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb deleted file mode 100644 index da17d77..0000000 --- a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb +++ /dev/null @@ -1,57 +0,0 @@ -SUMMARY = "Credentials for implicit provisioning with CA certificate" -SECTION = "base" -LICENSE = "MPL-2.0" -LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" - -inherit allarch - -# WARNING: it is NOT a production solution. The secure way to provision devices -# is to create certificate request directly on the device (either with HSM/TPM -# or with software) and then sign it with a CA stored on a disconnected machine. - -DEPENDS = "aktualizr aktualizr-native" -ALLOW_EMPTY_${PN} = "1" - -SRC_URI = " \ - file://ca.cnf \ - " - -require credentials.inc - -export SOTA_CACERT_PATH -export SOTA_CAKEY_PATH - -do_install() { - if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then - if [ -z ${SOTA_CACERT_PATH} ]; then - SOTA_CACERT_PATH=${DEPLOY_DIR_IMAGE}/CA/cacert.pem - SOTA_CAKEY_PATH=${DEPLOY_DIR_IMAGE}/CA/ca.private.pem - mkdir -p ${DEPLOY_DIR_IMAGE}/CA - bbwarn "SOTA_CACERT_PATH is not specified, use default one at ${SOTA_CACERT_PATH}" - - if [ ! -f ${SOTA_CACERT_PATH} ]; then - bbwarn "${SOTA_CACERT_PATH} does not exist, generate a new CA" - SOTA_CACERT_DIR_PATH="$(dirname "${SOTA_CACERT_PATH}")" - openssl genrsa -out ${SOTA_CACERT_DIR_PATH}/ca.private.pem 4096 - openssl req -key ${SOTA_CACERT_DIR_PATH}/ca.private.pem -new -x509 -days 7300 -out ${SOTA_CACERT_PATH} -subj "/C=DE/ST=Berlin/O=Reis und Kichererbsen e.V/commonName=meta-updater" -batch -config ${WORKDIR}/ca.cnf -extensions cacert - bbwarn "${SOTA_CACERT_PATH} has been created, you'll need to upload it to the server" - fi - fi - - if [ -z ${SOTA_CAKEY_PATH} ]; then - bbfatal "SOTA_CAKEY_PATH should be set when using implicit provisioning" - fi - - install -m 0700 -d ${D}${localstatedir}/sota - aktualizr-cert-provider --credentials ${SOTA_PACKED_CREDENTIALS} \ - --fleet-ca ${SOTA_CACERT_PATH} \ - --fleet-ca-key ${SOTA_CAKEY_PATH} \ - --root-ca \ - --server-url \ - --local ${D} \ - --config ${STAGING_DIR_HOST}${libdir}/sota/sota_implicit_prov_ca.toml - fi -} - -FILES_${PN} = " \ - ${localstatedir}/sota/*" diff --git a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb deleted file mode 100644 index 414cb5e..0000000 --- a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb +++ /dev/null @@ -1,30 +0,0 @@ -SUMMARY = "Aktualizr configuration for implicit provisioning with CA" -DESCRIPTION = "Configuration for implicitly provisioning Aktualizr using externally provided or generated CA" - -HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" -SECTION = "base" -LICENSE = "MPL-2.0" -LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" - -inherit allarch - -DEPENDS = "aktualizr aktualizr-native openssl-native" -RDEPENDS_${PN}_append = "${@' aktualizr-ca-implicit-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS') == '1' else ''}" - -PV = "1.0" -PR = "1" - -require credentials.inc - -do_install() { - install -m 0700 -d ${D}${libdir}/sota/conf.d - - install -m 0644 ${STAGING_DIR_HOST}${libdir}/sota/sota_implicit_prov_ca.toml \ - ${D}${libdir}/sota/conf.d/20-sota_implicit_prov_ca.toml -} - -FILES_${PN} = " \ - ${libdir}/sota/conf.d/20-sota_implicit_prov_ca.toml \ - " - -# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/recipes-sota/aktualizr/aktualizr-device-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-device-prov-creds.bb new file mode 100644 index 0000000..6e02a50 --- /dev/null +++ b/recipes-sota/aktualizr/aktualizr-device-prov-creds.bb @@ -0,0 +1,60 @@ +SUMMARY = "Credentials for device provisioning with fleet CA certificate" +HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" +SECTION = "base" +LICENSE = "MPL-2.0" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" + +inherit allarch + +# WARNING: it is NOT a production solution. The secure way to provision devices +# is to create certificate request directly on the device (either with HSM/TPM +# or with software) and then sign it with a CA stored on a disconnected machine. + +DEPENDS = "aktualizr aktualizr-native" +ALLOW_EMPTY_${PN} = "1" + +SRC_URI = " \ + file://ca.cnf \ + " + +require credentials.inc + +export SOTA_CACERT_PATH +export SOTA_CAKEY_PATH + +do_install() { + if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then + if [ -z ${SOTA_CACERT_PATH} ]; then + SOTA_CACERT_PATH=${DEPLOY_DIR_IMAGE}/CA/cacert.pem + SOTA_CAKEY_PATH=${DEPLOY_DIR_IMAGE}/CA/ca.private.pem + mkdir -p ${DEPLOY_DIR_IMAGE}/CA + bbwarn "SOTA_CACERT_PATH is not specified, use default one at ${SOTA_CACERT_PATH}" + + if [ ! -f ${SOTA_CACERT_PATH} ]; then + bbwarn "${SOTA_CACERT_PATH} does not exist, generate a new CA" + SOTA_CACERT_DIR_PATH="$(dirname "${SOTA_CACERT_PATH}")" + openssl genrsa -out ${SOTA_CACERT_DIR_PATH}/ca.private.pem 4096 + openssl req -key ${SOTA_CACERT_DIR_PATH}/ca.private.pem -new -x509 -days 7300 -out ${SOTA_CACERT_PATH} -subj "/C=DE/ST=Berlin/O=Reis und Kichererbsen e.V/commonName=meta-updater" -batch -config ${WORKDIR}/ca.cnf -extensions cacert + bbwarn "${SOTA_CACERT_PATH} has been created, you'll need to upload it to the server" + fi + fi + + if [ -z ${SOTA_CAKEY_PATH} ]; then + bbfatal "SOTA_CAKEY_PATH should be set when using device credential provisioning" + fi + + install -m 0700 -d ${D}${localstatedir}/sota + aktualizr-cert-provider --credentials ${SOTA_PACKED_CREDENTIALS} \ + --fleet-ca ${SOTA_CACERT_PATH} \ + --fleet-ca-key ${SOTA_CAKEY_PATH} \ + --root-ca \ + --server-url \ + --local ${D} \ + --config ${STAGING_DIR_HOST}${libdir}/sota/sota-device-cred.toml + fi +} + +FILES_${PN} = " \ + ${localstatedir}/sota/*" + +# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb b/recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb new file mode 100644 index 0000000..c3cd593 --- /dev/null +++ b/recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb @@ -0,0 +1,30 @@ +SUMMARY = "Aktualizr configuration for device credential provisioning with HSM support" +DESCRIPTION = "Configuration for provisioning Aktualizr with device credentials using externally provided or generated CA with HSM support" +HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" +SECTION = "base" +LICENSE = "MPL-2.0" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" + +inherit allarch + +DEPENDS = "aktualizr aktualizr-native" +RDEPENDS_${PN}_append = "${@' aktualizr-device-prov-creds softhsm-testtoken' if d.getVar('SOTA_DEPLOY_CREDENTIALS') == '1' else ''}" + +SRC_URI = "" +PV = "1.0" +PR = "6" + +require credentials.inc + +do_install() { + install -m 0700 -d ${D}${libdir}/sota/conf.d + install -m 0644 ${STAGING_DIR_HOST}${libdir}/sota/sota-device-cred-hsm.toml \ + ${D}${libdir}/sota/conf.d/20-sota-device-cred-hsm.toml +} + +FILES_${PN} = " \ + ${libdir}/sota/conf.d \ + ${libdir}/sota/conf.d/20-sota-device-cred-hsm.toml \ + " + +# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/recipes-sota/aktualizr/aktualizr-device-prov.bb b/recipes-sota/aktualizr/aktualizr-device-prov.bb new file mode 100644 index 0000000..d579532 --- /dev/null +++ b/recipes-sota/aktualizr/aktualizr-device-prov.bb @@ -0,0 +1,29 @@ +SUMMARY = "Aktualizr configuration for device credential provisioning" +DESCRIPTION = "Configuration for provisioning Aktualizr with device credentials using externally provided or generated CA" +HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" +SECTION = "base" +LICENSE = "MPL-2.0" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" + +inherit allarch + +DEPENDS = "aktualizr aktualizr-native openssl-native" +RDEPENDS_${PN}_append = "${@' aktualizr-device-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS') == '1' else ''}" + +PV = "1.0" +PR = "1" + +require credentials.inc + +do_install() { + install -m 0700 -d ${D}${libdir}/sota/conf.d + install -m 0644 ${STAGING_DIR_HOST}${libdir}/sota/sota-device-cred.toml \ + ${D}${libdir}/sota/conf.d/20-sota-device-cred.toml +} + +FILES_${PN} = " \ + ${libdir}/sota/conf.d \ + ${libdir}/sota/conf.d/20-sota-device-cred.toml \ + " + +# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/recipes-sota/aktualizr/aktualizr-hsm-prov.bb b/recipes-sota/aktualizr/aktualizr-hsm-prov.bb deleted file mode 100644 index 77c6720..0000000 --- a/recipes-sota/aktualizr/aktualizr-hsm-prov.bb +++ /dev/null @@ -1,30 +0,0 @@ -SUMMARY = "Aktualizr configuration with HSM support" -DESCRIPTION = "Configuration for HSM provisioning with Aktualizr, the SOTA Client application written in C++" -HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" -SECTION = "base" -LICENSE = "MPL-2.0" -LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" - -inherit allarch - -DEPENDS = "aktualizr aktualizr-native" -RDEPENDS_${PN}_append = "${@' aktualizr-ca-implicit-prov-creds softhsm-testtoken' if d.getVar('SOTA_DEPLOY_CREDENTIALS') == '1' else ''}" - -SRC_URI = "" -PV = "1.0" -PR = "6" - -require credentials.inc - -do_install() { - install -m 0700 -d ${D}${libdir}/sota/conf.d - install -m 0644 ${STAGING_DIR_HOST}${libdir}/sota/sota_hsm_prov.toml \ - ${D}${libdir}/sota/conf.d/20-sota_hsm_prov.toml -} - -FILES_${PN} = " \ - ${libdir}/sota/conf.d \ - ${libdir}/sota/conf.d/20-sota_hsm_prov.toml \ - " - -# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/recipes-sota/aktualizr/aktualizr-shared-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-shared-prov-creds.bb new file mode 100644 index 0000000..dbb5fde --- /dev/null +++ b/recipes-sota/aktualizr/aktualizr-shared-prov-creds.bb @@ -0,0 +1,32 @@ +SUMMARY = "Credentials for shared provisioning" +HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" +SECTION = "base" +LICENSE = "MPL-2.0" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" + +inherit allarch + +DEPENDS = "aktualizr-native zip-native" +ALLOW_EMPTY_${PN} = "1" + +require credentials.inc + +do_install() { + if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then + install -m 0700 -d ${D}${localstatedir}/sota + cp "${SOTA_PACKED_CREDENTIALS}" ${D}${localstatedir}/sota/sota_provisioning_credentials.zip + # Device should not be able to push data to treehub + zip -d ${D}${localstatedir}/sota/sota_provisioning_credentials.zip treehub.json + # Device has no use for the API Gateway. Remove if present. See: + # https://github.com/advancedtelematic/ota-plus-server/pull/1913/ + if unzip -l ${D}${localstatedir}/sota/sota_provisioning_credentials.zip api_gateway.url > /dev/null; then + zip -d ${D}${localstatedir}/sota/sota_provisioning_credentials.zip api_gateway.url + fi + fi +} + +FILES_${PN} = " \ + ${localstatedir}/sota/sota_provisioning_credentials.zip \ + " + +# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/recipes-sota/aktualizr/aktualizr-shared-prov.bb b/recipes-sota/aktualizr/aktualizr-shared-prov.bb new file mode 100644 index 0000000..d3d6f16 --- /dev/null +++ b/recipes-sota/aktualizr/aktualizr-shared-prov.bb @@ -0,0 +1,43 @@ +SUMMARY = "Aktualizr configuration for shared credential provisioning" +DESCRIPTION = "Configuration for provisioning Aktualizr with shared credentials" +HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" +SECTION = "base" +LICENSE = "MPL-2.0" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" + +inherit allarch + +DEPENDS = "aktualizr-native zip-native" +RDEPENDS_${PN}_append = "${@' aktualizr-shared-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS') == '1' else ''}" +PV = "1.0" +PR = "6" + +SRC_URI = "" + +require credentials.inc + +do_install() { + if [ -n "${SOTA_AUTOPROVISION_CREDENTIALS}" ]; then + bbwarn "SOTA_AUTOPROVISION_CREDENTIALS are ignored. Please use SOTA_PACKED_CREDENTIALS" + fi + if [ -n "${SOTA_AUTOPROVISION_URL}" ]; then + bbwarn "SOTA_AUTOPROVISION_URL is ignored. Please use SOTA_PACKED_CREDENTIALS" + fi + if [ -n "${SOTA_AUTOPROVISION_URL_FILE}" ]; then + bbwarn "SOTA_AUTOPROVISION_URL_FILE is ignored. Please use SOTA_PACKED_CREDENTIALS" + fi + if [ -n "${OSTREE_PUSH_CREDENTIALS}" ]; then + bbwarn "OSTREE_PUSH_CREDENTIALS is ignored. Please use SOTA_PACKED_CREDENTIALS" + fi + + install -m 0700 -d ${D}${libdir}/sota/conf.d + install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota-shared-cred.toml \ + ${D}${libdir}/sota/conf.d/20-sota-shared-cred.toml +} + +FILES_${PN} = " \ + ${libdir}/sota/conf.d \ + ${libdir}/sota/conf.d/20-sota-shared-cred.toml \ + " + +# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb b/recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb index d962876..860f225 100644 --- a/recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb +++ b/recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb @@ -13,7 +13,7 @@ SRC_URI = "" do_install() { install -m 0700 -d ${D}${libdir}/sota/conf.d - install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_uboot_env.toml ${D}${libdir}/sota/conf.d/30-rollback.toml + install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota-uboot-env.toml ${D}${libdir}/sota/conf.d/30-rollback.toml } FILES_${PN} = " \ diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index edacdb1..75d5bd9 100755 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -31,7 +31,7 @@ SRC_URI = " \ SRC_URI[md5sum] = "e104ccd4f32e52571a5fc0e5042db050" SRC_URI[sha256sum] = "c590be1a57523bfe097af82279eda5c97cf40ae47fb27162cf33c469702c8a9b" -SRCREV = "8c523efc4c1f1e6d9dfd41b7e23a202ade4d9ff7" +SRCREV = "fce5854ff10e7efd52d69bbaf68dc2af990d5746" BRANCH ?= "master" S = "${WORKDIR}/git" @@ -92,12 +92,11 @@ do_install_ptest() { do_install_append () { install -d ${D}${libdir}/sota - install -m 0644 ${S}/config/sota_autoprov.toml ${D}/${libdir}/sota/sota_autoprov.toml - install -m 0644 ${S}/config/sota_autoprov_primary.toml ${D}/${libdir}/sota/sota_autoprov_primary.toml - install -m 0644 ${S}/config/sota_hsm_prov.toml ${D}/${libdir}/sota/sota_hsm_prov.toml - install -m 0644 ${S}/config/sota_implicit_prov_ca.toml ${D}/${libdir}/sota/sota_implicit_prov_ca.toml - install -m 0644 ${S}/config/sota_secondary.toml ${D}/${libdir}/sota/sota_secondary.toml - install -m 0644 ${S}/config/sota_uboot_env.toml ${D}/${libdir}/sota/sota_uboot_env.toml + install -m 0644 ${S}/config/sota-shared-cred.toml ${D}/${libdir}/sota/sota-shared-cred.toml + install -m 0644 ${S}/config/sota-device-cred-hsm.toml ${D}/${libdir}/sota/sota-device-cred-hsm.toml + install -m 0644 ${S}/config/sota-device-cred.toml ${D}/${libdir}/sota/sota-device-cred.toml + install -m 0644 ${S}/config/sota-secondary.toml ${D}/${libdir}/sota/sota-secondary.toml + install -m 0644 ${S}/config/sota-uboot-env.toml ${D}/${libdir}/sota/sota-uboot-env.toml install -d ${D}${systemd_unitdir}/system install -m 0644 ${WORKDIR}/aktualizr-secondary.service ${D}${systemd_unitdir}/system/aktualizr-secondary.service install -m 0700 -d ${D}${libdir}/sota/conf.d @@ -173,7 +172,7 @@ FILES_${PN}-examples = " \ FILES_${PN}-secondary = " \ ${bindir}/aktualizr-secondary \ - ${libdir}/sota/sota_secondary.toml \ + ${libdir}/sota/sota-secondary.toml \ ${systemd_unitdir}/system/aktualizr-secondary.service \ " diff --git a/recipes-test/demo-config/files/30-fake-pacman.toml b/recipes-test/demo-config/files/30-fake-pacman.toml new file mode 100644 index 0000000..3fb5cf2 --- /dev/null +++ b/recipes-test/demo-config/files/30-fake-pacman.toml @@ -0,0 +1,2 @@ +[pacman] +type = "fake" diff --git a/recipes-test/demo-config/files/30-fake_pacman.toml b/recipes-test/demo-config/files/30-fake_pacman.toml deleted file mode 100644 index 3fb5cf2..0000000 --- a/recipes-test/demo-config/files/30-fake_pacman.toml +++ /dev/null @@ -1,2 +0,0 @@ -[pacman] -type = "fake" diff --git a/recipes-test/demo-config/files/30-secondary-config.toml b/recipes-test/demo-config/files/30-secondary-config.toml new file mode 100644 index 0000000..7714240 --- /dev/null +++ b/recipes-test/demo-config/files/30-secondary-config.toml @@ -0,0 +1,2 @@ +[uptane] +secondary_config_file = "@CFG_FILEPATH@" diff --git a/recipes-test/demo-config/files/30-secondary_config.toml b/recipes-test/demo-config/files/30-secondary_config.toml deleted file mode 100644 index 7714240..0000000 --- a/recipes-test/demo-config/files/30-secondary_config.toml +++ /dev/null @@ -1,2 +0,0 @@ -[uptane] -secondary_config_file = "@CFG_FILEPATH@" diff --git a/recipes-test/demo-config/files/35-network-config.toml b/recipes-test/demo-config/files/35-network-config.toml new file mode 100644 index 0000000..db7a1bb --- /dev/null +++ b/recipes-test/demo-config/files/35-network-config.toml @@ -0,0 +1,4 @@ +[network] +port = @PORT@ +primary_ip = @PRIMARY_IP@ +primary_port = @PRIMARY_PORT@ diff --git a/recipes-test/demo-config/files/35-network_config.toml b/recipes-test/demo-config/files/35-network_config.toml deleted file mode 100644 index db7a1bb..0000000 --- a/recipes-test/demo-config/files/35-network_config.toml +++ /dev/null @@ -1,4 +0,0 @@ -[network] -port = @PORT@ -primary_ip = @PRIMARY_IP@ -primary_port = @PRIMARY_PORT@ diff --git a/recipes-test/demo-config/files/45-id-config.toml b/recipes-test/demo-config/files/45-id-config.toml new file mode 100644 index 0000000..6cbd77f --- /dev/null +++ b/recipes-test/demo-config/files/45-id-config.toml @@ -0,0 +1,3 @@ +[uptane] +ecu_serial = @SERIAL@ +ecu_hardware_id = @HWID@ diff --git a/recipes-test/demo-config/files/45-id_config.toml b/recipes-test/demo-config/files/45-id_config.toml deleted file mode 100644 index 6cbd77f..0000000 --- a/recipes-test/demo-config/files/45-id_config.toml +++ /dev/null @@ -1,3 +0,0 @@ -[uptane] -ecu_serial = @SERIAL@ -ecu_hardware_id = @HWID@ diff --git a/recipes-test/demo-config/primary-config.bb b/recipes-test/demo-config/primary-config.bb index 0cd9180..27cb553 100644 --- a/recipes-test/demo-config/primary-config.bb +++ b/recipes-test/demo-config/primary-config.bb @@ -7,7 +7,7 @@ require shared-conf.inc PRIMARY_SECONDARIES ?= "${SECONDARY_IP}:${SECONDARY_PORT}" SRC_URI = "\ - file://30-secondary_config.toml \ + file://30-secondary-config.toml \ file://ip_secondary_config.json \ " @@ -56,8 +56,8 @@ do_install () { # install aktualizr config file (toml) that points to the secondary config file, so aktualizr is aware about it install -m 0700 -d ${D}${libdir}/sota/conf.d - install -m 0644 ${WORKDIR}/30-secondary_config.toml ${D}${libdir}/sota/conf.d - sed -i "s|@CFG_FILEPATH@|$SECONDARY_CONFIG_FILEPATH_ON_IMAGE|g" ${D}${libdir}/sota/conf.d/30-secondary_config.toml + install -m 0644 ${WORKDIR}/30-secondary-config.toml ${D}${libdir}/sota/conf.d + sed -i "s|@CFG_FILEPATH@|$SECONDARY_CONFIG_FILEPATH_ON_IMAGE|g" ${D}${libdir}/sota/conf.d/30-secondary-config.toml } FILES_${PN} = " \ diff --git a/recipes-test/demo-config/secondary-config.bb b/recipes-test/demo-config/secondary-config.bb index 5b213d1..9411646 100644 --- a/recipes-test/demo-config/secondary-config.bb +++ b/recipes-test/demo-config/secondary-config.bb @@ -9,33 +9,33 @@ SOTA_HARDWARE_ID ?= "${MACHINE}-sndry" SECONDARY_HARDWARE_ID ?= "${SOTA_HARDWARE_ID}" SRC_URI = "\ - file://30-fake_pacman.toml \ - file://35-network_config.toml \ - file://45-id_config.toml \ + file://30-fake-pacman.toml \ + file://35-network-config.toml \ + file://45-id-config.toml \ " do_install () { install -m 0700 -d ${D}${libdir}/sota/conf.d - install -m 0644 ${WORKDIR}/30-fake_pacman.toml ${D}/${libdir}/sota/conf.d/30-fake_pacman.toml + install -m 0644 ${WORKDIR}/30-fake-pacman.toml ${D}/${libdir}/sota/conf.d/30-fake-pacman.toml - install -m 0644 ${WORKDIR}/35-network_config.toml ${D}/${libdir}/sota/conf.d/35-network_config.toml + install -m 0644 ${WORKDIR}/35-network-config.toml ${D}/${libdir}/sota/conf.d/35-network-config.toml sed -i -e 's|@PORT@|${SECONDARY_PORT}|g' \ -e 's|@PRIMARY_IP@|${PRIMARY_IP}|g' \ -e 's|@PRIMARY_PORT@|${PRIMARY_PORT}|g' \ - ${D}/${libdir}/sota/conf.d/35-network_config.toml + ${D}/${libdir}/sota/conf.d/35-network-config.toml - install -m 0644 ${WORKDIR}/45-id_config.toml ${D}/${libdir}/sota/conf.d/45-id_config.toml + install -m 0644 ${WORKDIR}/45-id-config.toml ${D}/${libdir}/sota/conf.d/45-id-config.toml sed -i -e 's|@SERIAL@|${SECONDARY_SERIAL_ID}|g' \ -e 's|@HWID@|${SECONDARY_HARDWARE_ID}|g' \ - ${D}/${libdir}/sota/conf.d/45-id_config.toml + ${D}/${libdir}/sota/conf.d/45-id-config.toml } FILES_${PN} = " \ ${libdir}/sota/conf.d \ - ${libdir}/sota/conf.d/30-fake_pacman.toml \ - ${libdir}/sota/conf.d/35-network_config.toml \ - ${libdir}/sota/conf.d/45-id_config.toml \ + ${libdir}/sota/conf.d/30-fake-pacman.toml \ + ${libdir}/sota/conf.d/35-network-config.toml \ + ${libdir}/sota/conf.d/45-id-config.toml \ " # vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/recipes-test/images/secondary-image.bb b/recipes-test/images/secondary-image.bb index 4cae874..27d1e3f 100644 --- a/recipes-test/images/secondary-image.bb +++ b/recipes-test/images/secondary-image.bb @@ -11,11 +11,11 @@ SOTA_HARDWARE_ID ?= "${MACHINE}-sndry" # RDEPENDS on aktualizr) IMAGE_INSTALL_remove = " \ aktualizr \ - aktualizr-auto-prov \ - aktualizr-auto-prov-creds \ - aktualizr-ca-implicit-prov \ - aktualizr-ca-implicit-prov-creds \ - aktualizr-hsm-prov \ + aktualizr-shared-prov \ + aktualizr-shared-prov-creds \ + aktualizr-device-prov \ + aktualizr-device-prov-creds \ + aktualizr-device-prov-hsm \ aktualizr-uboot-env-rollback \ virtual/network-configuration \ " diff --git a/scripts/find_aktualizr_dependencies.sh b/scripts/find_aktualizr_dependencies.sh index 986b541..493df80 100755 --- a/scripts/find_aktualizr_dependencies.sh +++ b/scripts/find_aktualizr_dependencies.sh @@ -10,14 +10,15 @@ parentdir="$(dirname "$0")" # (jsoncpp, open62541, picojson). Also check libp11, dpkg, and systemd since # those are common dependencies not enabled by default. ${parentdir}/find_dependencies.py aktualizr -${parentdir}/find_dependencies.py aktualizr-auto-prov -${parentdir}/find_dependencies.py aktualizr-auto-prov-creds -${parentdir}/find_dependencies.py aktualizr-ca-implicit-prov -${parentdir}/find_dependencies.py aktualizr-ca-implicit-prov-creds -${parentdir}/find_dependencies.py aktualizr-hsm-prov -${parentdir}/find_dependencies.py aktualizr-hsm-prov-creds +${parentdir}/find_dependencies.py aktualizr-shared-prov +${parentdir}/find_dependencies.py aktualizr-shared-prov-creds +${parentdir}/find_dependencies.py aktualizr-device-prov +${parentdir}/find_dependencies.py aktualizr-device-prov-creds +${parentdir}/find_dependencies.py aktualizr-device-prov-hsm +${parentdir}/find_dependencies.py aktualizr-auto-reboot ${parentdir}/find_dependencies.py aktualizr-disable-send-ip ${parentdir}/find_dependencies.py aktualizr-log-debug +${parentdir}/find_dependencies.py aktualizr-polling-interval ${parentdir}/find_dependencies.py libp11 ${parentdir}/find_dependencies.py dpkg ${parentdir}/find_dependencies.py systemd -- cgit v1.2.3-54-g00ecf From ecfd173e01f8a0a34d312ae635c9fee2b36a3629 Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Tue, 28 May 2019 09:52:28 +0200 Subject: Remove executable access control bits from aktualizr recipe. Signed-off-by: Patrick Vacek --- recipes-sota/aktualizr/aktualizr_git.bb | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 recipes-sota/aktualizr/aktualizr_git.bb (limited to 'recipes-sota/aktualizr') diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb old mode 100755 new mode 100644 -- cgit v1.2.3-54-g00ecf