diff options
| author | Patrick Vacek <patrickvacek@gmail.com> | 2019-03-07 12:27:58 +0100 | 
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-03-07 12:27:58 +0100 | 
| commit | 7dde0813d67a3225f1dda0afc17f8925c5208f47 (patch) | |
| tree | b8583d6ea3069fa522db2d91a92e5f14484630c3 | |
| parent | 15e19a1f00f70595a39b7a816dc44a29e1472f05 (diff) | |
| parent | 03d67b276dd371f73e9ea4eab826d6ebb11c9703 (diff) | |
| download | meta-updater-7dde0813d67a3225f1dda0afc17f8925c5208f47.tar.gz | |
Merge pull request #501 from advancedtelematic/fix/garage-sign-caching
Simplify garage-sign fetching for aktualizr
| -rw-r--r-- | README.adoc | 1 | ||||
| -rwxr-xr-x | recipes-sota/aktualizr/aktualizr_git.bb | 14 | ||||
| -rw-r--r-- | recipes-sota/aktualizr/garage-sign-version.inc | 36 | 
3 files changed, 9 insertions, 42 deletions
| diff --git a/README.adoc b/README.adoc index d603ade..ed85f89 100644 --- a/README.adoc +++ b/README.adoc | |||
| @@ -82,6 +82,7 @@ Although we have used U-Boot so far, other boot loaders can be configured work w | |||
| 82 | * `OSTREE_COMMIT_SUBJECT` - Commit subject used by OSTree. Defaults to `Commit-id: ${IMAGE_NAME}` | 82 | * `OSTREE_COMMIT_SUBJECT` - Commit subject used by OSTree. Defaults to `Commit-id: ${IMAGE_NAME}` | 
| 83 | * `OSTREE_UPDATE_SUMMARY` - Set this to '1' to update summary of OSTree repository on each commit. '0' by default. | 83 | * `OSTREE_UPDATE_SUMMARY` - Set this to '1' to update summary of OSTree repository on each commit. '0' by default. | 
| 84 | * `OSTREE_DEPLOY_DEVICETREE` - Set this to '1' to include devicetree(s) to boot | 84 | * `OSTREE_DEPLOY_DEVICETREE` - Set this to '1' to include devicetree(s) to boot | 
| 85 | * `GARAGE_SIGN_AUTOVERSION` - Set this to '1' to automatically fetch the last version of the garage tools installed by the aktualizr-native. Otherwise use the fixed version specified in the recipe. | ||
| 85 | * `INITRAMFS_IMAGE` - initramfs/initrd image that is used as a proxy while booting into OSTree deployment. Do not change this setting unless you are sure that your initramfs can serve as such a proxy. | 86 | * `INITRAMFS_IMAGE` - initramfs/initrd image that is used as a proxy while booting into OSTree deployment. Do not change this setting unless you are sure that your initramfs can serve as such a proxy. | 
| 86 | * `SOTA_PACKED_CREDENTIALS` - when set, your ostree commit will be pushed to a remote repo as a bitbake step. This should be the path to a zipped credentials file in https://github.com/advancedtelematic/aktualizr/blob/master/docs/credentials.adoc[the format accepted by garage-push]. | 87 | * `SOTA_PACKED_CREDENTIALS` - when set, your ostree commit will be pushed to a remote repo as a bitbake step. This should be the path to a zipped credentials file in https://github.com/advancedtelematic/aktualizr/blob/master/docs/credentials.adoc[the format accepted by garage-push]. | 
| 87 | * `SOTA_DEPLOY_CREDENTIALS` - when set to '1' (default value), deploys credentials to the built image. Override it in `local.conf` to built a generic image that can be provisioned manually after the build. | 88 | * `SOTA_DEPLOY_CREDENTIALS` - when set to '1' (default value), deploys credentials to the built image. Override it in `local.conf` to built a generic image that can be provisioned manually after the build. | 
| diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index a69bd4d..0354fa0 100755 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb | |||
| @@ -5,8 +5,6 @@ SECTION = "base" | |||
| 5 | LICENSE = "MPL-2.0" | 5 | LICENSE = "MPL-2.0" | 
| 6 | LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=9741c346eef56131163e13b9db1241b3" | 6 | LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=9741c346eef56131163e13b9db1241b3" | 
| 7 | 7 | ||
| 8 | require garage-sign-version.inc | ||
| 9 | |||
| 10 | DEPENDS = "boost curl openssl libarchive libsodium sqlite3 asn1c-native" | 8 | DEPENDS = "boost curl openssl libarchive libsodium sqlite3 asn1c-native" | 
| 11 | RDEPENDS_${PN}_class-target = "aktualizr-check-discovery aktualizr-configs lshw" | 9 | RDEPENDS_${PN}_class-target = "aktualizr-check-discovery aktualizr-configs lshw" | 
| 12 | RDEPENDS_${PN}-secondary = "aktualizr-check-discovery" | 10 | RDEPENDS_${PN}-secondary = "aktualizr-check-discovery" | 
| @@ -15,16 +13,22 @@ RDEPENDS_${PN}-host-tools = "aktualizr aktualizr-repo aktualizr-cert-provider ${ | |||
| 15 | PV = "1.0+git${SRCPV}" | 13 | PV = "1.0+git${SRCPV}" | 
| 16 | PR = "7" | 14 | PR = "7" | 
| 17 | 15 | ||
| 16 | GARAGE_SIGN_PV = "0.6.0-3-gc38b9f3" | ||
| 17 | |||
| 18 | SRC_URI = " \ | 18 | SRC_URI = " \ | 
| 19 | gitsm://github.com/advancedtelematic/aktualizr;branch=${BRANCH} \ | 19 | gitsm://github.com/advancedtelematic/aktualizr;branch=${BRANCH} \ | 
| 20 | file://aktualizr.service \ | 20 | file://aktualizr.service \ | 
| 21 | file://aktualizr-secondary.service \ | 21 | file://aktualizr-secondary.service \ | 
| 22 | file://aktualizr-secondary.socket \ | 22 | file://aktualizr-secondary.socket \ | 
| 23 | file://aktualizr-serialcan.service \ | 23 | file://aktualizr-serialcan.service \ | 
| 24 | ${@ d.expand("https://ats-tuf-cli-releases.s3-eu-central-1.amazonaws.com/cli-${GARAGE_SIGN_PV}.tgz;unpack=0") if d.getVar('GARAGE_SIGN_AUTOVERSION') != '1' else ''} \ | ||
| 24 | " | 25 | " | 
| 25 | 26 | ||
| 27 | # for garage-sign archive | ||
| 28 | SRC_URI[md5sum] = "30d7f0931e2236954679e75d1bae174f" | ||
| 29 | SRC_URI[sha256sum] = "46d8c6448ce14cbb9af6a93eba7e29d38579e566dcd6518d22f723a8da16cad5" | ||
| 26 | 30 | ||
| 27 | SRCREV = "c71ec0a320d85a3e75ba37bff7dc40ad02e9d655" | 31 | SRCREV = "ea03a5cf57def6b8d368f783cb12b91255365a80" | 
| 28 | BRANCH ?= "master" | 32 | BRANCH ?= "master" | 
| 29 | 33 | ||
| 30 | S = "${WORKDIR}/git" | 34 | S = "${WORKDIR}/git" | 
| @@ -37,9 +41,7 @@ SYSTEMD_SERVICE_${PN}-secondary = "aktualizr-secondary.socket" | |||
| 37 | 41 | ||
| 38 | EXTRA_OECMAKE = "-DCMAKE_BUILD_TYPE=Release -DAKTUALIZR_VERSION=${PV}" | 42 | EXTRA_OECMAKE = "-DCMAKE_BUILD_TYPE=Release -DAKTUALIZR_VERSION=${PV}" | 
| 39 | 43 | ||
| 40 | GARAGE_SIGN_OPS = "${@ '-DGARAGE_SIGN_VERSION=%s' % d.getVar('GARAGE_SIGN_VERSION') if d.getVar('GARAGE_SIGN_VERSION') is not None else ''} \ | 44 | GARAGE_SIGN_OPS = "${@ d.expand('-DGARAGE_SIGN_ARCHIVE=${WORKDIR}/cli-${GARAGE_SIGN_PV}.tgz') if d.getVar('GARAGE_SIGN_AUTOVERSION') != '1' else ''}" | 
| 41 | ${@ '-DGARAGE_SIGN_SHA256=%s' % d.getVar('GARAGE_SIGN_SHA256') if d.getVar('GARAGE_SIGN_SHA256') is not None else ''} \ | ||
| 42 | " | ||
| 43 | 45 | ||
| 44 | PACKAGECONFIG ?= "ostree ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} ${@bb.utils.filter('SOTA_CLIENT_FEATURES', 'hsm serialcan ubootenv', d)}" | 46 | PACKAGECONFIG ?= "ostree ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} ${@bb.utils.filter('SOTA_CLIENT_FEATURES', 'hsm serialcan ubootenv', d)}" | 
| 45 | PACKAGECONFIG_class-native = "sota-tools" | 47 | PACKAGECONFIG_class-native = "sota-tools" | 
| diff --git a/recipes-sota/aktualizr/garage-sign-version.inc b/recipes-sota/aktualizr/garage-sign-version.inc deleted file mode 100644 index 2cea6c9..0000000 --- a/recipes-sota/aktualizr/garage-sign-version.inc +++ /dev/null | |||
| @@ -1,36 +0,0 @@ | |||
| 1 | |||
| 2 | python () { | ||
| 3 | if d.getVar("GARAGE_SIGN_VERSION") or not d.getVar("SOTA_PACKED_CREDENTIALS"): | ||
| 4 | return | ||
| 5 | import json | ||
| 6 | import urllib.request | ||
| 7 | import zipfile | ||
| 8 | with zipfile.ZipFile(d.getVar("SOTA_PACKED_CREDENTIALS"), 'r') as zip_ref: | ||
| 9 | try: | ||
| 10 | with zip_ref.open('tufrepo.url', mode='r') as url_file: | ||
| 11 | url = url_file.read().decode().strip(' \t\n') + '/health/version' | ||
| 12 | except (KeyError, ValueError, RuntimeError): | ||
| 13 | return | ||
| 14 | connected = False | ||
| 15 | tries = 3 | ||
| 16 | for i in range(tries): | ||
| 17 | try: | ||
| 18 | r = urllib.request.urlopen(url) | ||
| 19 | if r.code == 200: | ||
| 20 | connected = True | ||
| 21 | break | ||
| 22 | else: | ||
| 23 | print('Bad return code from server ' + url + ': ' + str(r.code) + | ||
| 24 | ' (attempt ' + str(i + 1) + ' of ' + str(tries) + ')') | ||
| 25 | except urllib.error.URLError as e: | ||
| 26 | print('Error connecting to server ' + url + ': ' + str(e) + | ||
| 27 | ' (attempt ' + str(i + 1) + ' of ' + str(tries) + ')') | ||
| 28 | if not connected: | ||
| 29 | return | ||
| 30 | resp = r.read().decode('utf-8') | ||
| 31 | j = json.loads(resp) | ||
| 32 | version = 'cli-' + j['version'] + '.tgz' | ||
| 33 | d.setVar("GARAGE_SIGN_VERSION", version) | ||
| 34 | } | ||
| 35 | |||
| 36 | # vim:set ts=4 sw=4 sts=4 expandtab: | ||
