From be74b1ee32332c81d604550c1cf51d7c3eb5590f Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Tue, 3 Apr 2018 15:40:18 +0200 Subject: Move dev settings to main README. Add table of contents. --- CONTRIBUTING.adoc | 13 +------------ README.adoc | 26 +++++++++++++++++++++++++- 2 files changed, 26 insertions(+), 13 deletions(-) diff --git a/CONTRIBUTING.adoc b/CONTRIBUTING.adoc index 69509c3..df7a717 100644 --- a/CONTRIBUTING.adoc +++ b/CONTRIBUTING.adoc @@ -1,15 +1,4 @@ = Contributing -We welcome pull requests from everyone. Here are some notes that are useful for people working on meta-updater (this repository) and https://github.com/advancedtelematic/aktualizr[aktualizr]. +We welcome pull requests from everyone. It may be helpful to read the README and other documentation for link:README.adoc[this repo], https://github.com/advancedtelematic/aktualizr[aktualizr], and the https://github.com/advancedtelematic/updater-repo/[updater-repo], particularly the sections and development and debugging. -== Options for local.conf/site.conf - -[options="header"] -|====================== -| Option | Effect -| `require classes/sota_bleeding.inc` | Always build the latest master of Aktualizr -| `BRANCH_pn-aktualizr = "mybranch"` -`BRANCH_pn-aktualizr-native = "mybranch"` | Build `mybranch` of Aktualizr (note that both of these need to be set). This will normally be used with `require classes/sota_bleeding.inc` -| `SRCREV_pn-aktualizr = "1004efa3f86cef90c012b34620992b5762b741e3"` -`SRCREV_pn-aktualizr-native = "1004efa3f86cef90c012b34620992b5762b741e3"` | Build the specified revision of Aktualizr (note that both of these need to be set). -| `TOOLCHAIN_HOST_TASK_append = " nativesdk-cmake "` | Use with `bitbake -c populate_sdk core-image-minimal` to build a SDK diff --git a/README.adoc b/README.adoc index 980fa81..749bcf3 100644 --- a/README.adoc +++ b/README.adoc @@ -1,4 +1,6 @@ = meta-updater +:toc: macro +:toc-title: This layer enables over-the-air updates (OTA) with https://github.com/ostreedev/ostree[OSTree] and https://github.com/advancedtelematic/aktualizr[Aktualizr]. @@ -6,6 +8,11 @@ https://github.com/ostreedev/ostree[OSTree] is a tool for atomic full file syste https://github.com/advancedtelematic/aktualizr[Aktualizr] (and https://github.com/advancedtelematic/rvi_sota_client[RVI SOTA client]) add authentication and provisioning capabilities to OTA and are integrated with OSTree. You can connect with the open-source https://github.com/advancedtelematic/rvi_sota_server[RVI SOTA server] or sign up for a free account at https://app.atsgarage.com[ATS Garage] to get started. +[discrete] +== Table of Contents + +toc::[] + == Build === Quickstart @@ -135,7 +142,24 @@ garage-push --repo=/path/to/ostree-repo --ref=mybranch --credentials=/path/to/cr You can set `SOTA_PACKED_CREDENTIALS` in your `local.conf` to automatically synchronize your build results with a remote server. Credentials are stored in an archive as described in the https://github.com/advancedtelematic/aktualizr/blob/master/docs/credentials.adoc[aktualizr documentation]. -== QA with `oe-selftest` +== Development configuration + +There are a few settings that can be controlled in `local.conf` to simplify the development process: + +[options="header"] +|====================== +| Option | Effect +| `require classes/sota_bleeding.inc` | Build the latest head (by default, using the master branch) of Aktualizr +| `BRANCH_pn-aktualizr = "mybranch"` + +`BRANCH_pn-aktualizr-native = "mybranch"` | Build `mybranch` of Aktualizr. Note that both of these need to be set. This is normally used in conjunction with `require classes/sota_bleeding.inc` +| `SRCREV_pn-aktualizr = "1004efa3f86cef90c012b34620992b5762b741e3"` + +`SRCREV_pn-aktualizr-native = "1004efa3f86cef90c012b34620992b5762b741e3"` | Build the specified revision of Aktualizr. Note that both of these need to be set. This can be used in conjunction with `BRANCH_pn-aktualizr` and `BRANCH_pn-aktualizr-native` but will conflict with `require classes/sota_bleeding.inc` +| `TOOLCHAIN_HOST_TASK_append = " nativesdk-cmake "` | Use with `bitbake -c populate_sdk core-image-minimal` to build an SDK. See the https://github.com/advancedtelematic/aktualizr#developing-against-an-openembedded-system[aktualizr repo] for more information. +|====================== + +== QA with oe-selftest This layer relies on the test framework oe-selftest for quality assurance. Follow the steps below to run the tests: -- cgit v1.2.3-54-g00ecf From ca55e523b30669b0dc9a4146b1e2c7ebf902635a Mon Sep 17 00:00:00 2001 From: Laurent Bonnans Date: Fri, 6 Apr 2018 14:21:53 +0200 Subject: Stop forcing Linux 4.4 on qemux86-64 The mentioned issue doesn't seem to exist anymore --- classes/sota_qemux86-64.bbclass | 3 --- 1 file changed, 3 deletions(-) diff --git a/classes/sota_qemux86-64.bbclass b/classes/sota_qemux86-64.bbclass index 666ad6b..a5fd6a4 100644 --- a/classes/sota_qemux86-64.bbclass +++ b/classes/sota_qemux86-64.bbclass @@ -1,6 +1,3 @@ -# See https://advancedtelematic.atlassian.net/browse/PRO-2693 -PREFERRED_VERSION_linux-yocto_qemux86-64_sota = "4.4%" - IMAGE_FSTYPES_remove = "wic" # U-Boot support for SOTA -- cgit v1.2.3-54-g00ecf From dc8096010ebcb4b5110db50456a892fde12a9f4a Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Thu, 5 Apr 2018 11:12:01 +0200 Subject: Pass requested garage-sign version to aktualizr. Set GARAGE_SIGN_VERSION in local.conf to request a specific version, e.g.: GARAGE_SIGN_VERSION = "cli-0.3.0-5-g5908997.tgz" If unset, the default (latest version) will be used. Set GARAGE_SIGN_SHA256 in local.conf to specify a hash to check, e.g.: GARAGE_SIGN_SHA256 = "94f5db1accbbbaa279f7ac5a2e618f5448adeafbe32d6cbc90c8604054ab653e" If unset, the sha256 is not computed. --- recipes-sota/aktualizr/aktualizr_git.bb | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index 2a803a8..4305b2c 100644 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -37,9 +37,17 @@ SYSTEMD_SERVICE_${PN}-secondary = "aktualizr-secondary.socket" BBCLASSEXTEND =+ "native" -EXTRA_OECMAKE = "-DWARNING_AS_ERROR=OFF -DCMAKE_BUILD_TYPE=Release -DAKTUALIZR_VERSION=${PV} " -EXTRA_OECMAKE_append_class-target = " -DBUILD_OSTREE=ON -DBUILD_ISOTP=ON ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', '-DBUILD_P11=ON', '', d)} " -EXTRA_OECMAKE_append_class-native = " -DBUILD_SOTA_TOOLS=ON -DBUILD_OSTREE=OFF -DBUILD_SYSTEMD=OFF " +EXTRA_OECMAKE = "-DWARNING_AS_ERROR=OFF \ + -DCMAKE_BUILD_TYPE=Release \ + -DAKTUALIZR_VERSION=${PV} " +EXTRA_OECMAKE_append_class-target = " -DBUILD_OSTREE=ON \ + -DBUILD_ISOTP=ON \ + ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', '-DBUILD_P11=ON', '', d)} " +EXTRA_OECMAKE_append_class-native = " -DBUILD_SOTA_TOOLS=ON \ + -DBUILD_OSTREE=OFF \ + -DBUILD_SYSTEMD=OFF \ + -DGARAGE_SIGN_VERSION=${GARAGE_SIGN_VERSION} \ + -DGARAGE_SIGN_SHA256=${GARAGE_SIGN_SHA256}" do_install_append () { rm -fr ${D}${libdir}/systemd @@ -65,8 +73,8 @@ do_install_append_class-native () { install -m 0644 ${S}/config/sota_implicit_prov.toml ${D}/${libdir}/sota/sota_implicit_prov.toml install -m 0644 ${S}/config/sota_implicit_prov_ca.toml ${D}/${libdir}/sota/sota_implicit_prov_ca.toml - install -m 0755 ${B}/src/sota_tools/garage-sign-prefix/src/garage-sign/bin/* ${D}${bindir} - install -m 0644 ${B}/src/sota_tools/garage-sign-prefix/src/garage-sign/lib/* ${D}${libdir} + install -m 0755 ${B}/src/sota_tools/garage-sign/bin/* ${D}${bindir} + install -m 0644 ${B}/src/sota_tools/garage-sign/lib/* ${D}${libdir} } PACKAGES =+ " ${PN}-common ${PN}-examples ${PN}-host-tools ${PN}-secondary " -- cgit v1.2.3-54-g00ecf From e109b8cde37bd1d0bbefc37d39c169b57b7957d4 Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Fri, 6 Apr 2018 15:26:17 +0200 Subject: If GARAGE_SIGN_VERSION is not provided, ask the server for a version. Get the server URL out of the credentials and ask what version the server is using. --- recipes-sota/aktualizr/aktualizr_git.bb | 4 +++- recipes-sota/aktualizr/garage-sign-version.inc | 23 +++++++++++++++++++++++ 2 files changed, 26 insertions(+), 1 deletion(-) create mode 100644 recipes-sota/aktualizr/garage-sign-version.inc diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index 4305b2c..abe8f5b 100644 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -22,7 +22,7 @@ SRC_URI = " \ file://aktualizr-secondary.socket \ file://aktualizr-serialcan.service \ " -SRCREV = "930d8eef6eb584686654601c056d7c9c6fca3048" +SRCREV = "7ccfc5b4286b9a04915e74a7474a8d3451145e1c" BRANCH ?= "master" S = "${WORKDIR}/git" @@ -37,6 +37,8 @@ SYSTEMD_SERVICE_${PN}-secondary = "aktualizr-secondary.socket" BBCLASSEXTEND =+ "native" +require garage-sign-version.inc + EXTRA_OECMAKE = "-DWARNING_AS_ERROR=OFF \ -DCMAKE_BUILD_TYPE=Release \ -DAKTUALIZR_VERSION=${PV} " diff --git a/recipes-sota/aktualizr/garage-sign-version.inc b/recipes-sota/aktualizr/garage-sign-version.inc new file mode 100644 index 0000000..2d08cdf --- /dev/null +++ b/recipes-sota/aktualizr/garage-sign-version.inc @@ -0,0 +1,23 @@ + +python () { + if d.getVar("GARAGE_SIGN_VERSION", True) or not d.getVar("SOTA_PACKED_CREDENTIALS", True): + return + import json + import urllib.request + import zipfile + with zipfile.ZipFile(d.getVar("SOTA_PACKED_CREDENTIALS", True), 'r') as zip_ref: + try: + with zip_ref.open('tufrepo.url', mode='r') as url_file: + url = url_file.read().decode() + '/health/version' + except (KeyError, ValueError, RuntimeError): + return + r = urllib.request.urlopen(url) + if r.code != 200: + return + resp = r.read() + j = json.loads(resp) + version = 'cli-' + j['version'] + '.tgz' + d.setVar("GARAGE_SIGN_VERSION", version) +} + +# vim:set ts=4 sw=4 sts=4 expandtab: -- cgit v1.2.3-54-g00ecf From 672859353627c5647c8ef474ef38dc02a0a923f2 Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Fri, 13 Apr 2018 17:21:40 +0200 Subject: Decode bytes. --- recipes-sota/aktualizr/garage-sign-version.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes-sota/aktualizr/garage-sign-version.inc b/recipes-sota/aktualizr/garage-sign-version.inc index 2d08cdf..66e3ffd 100644 --- a/recipes-sota/aktualizr/garage-sign-version.inc +++ b/recipes-sota/aktualizr/garage-sign-version.inc @@ -14,7 +14,7 @@ python () { r = urllib.request.urlopen(url) if r.code != 200: return - resp = r.read() + resp = r.read().decode('utf-8') j = json.loads(resp) version = 'cli-' + j['version'] + '.tgz' d.setVar("GARAGE_SIGN_VERSION", version) -- cgit v1.2.3-54-g00ecf From 95253b75fbc75f78867f0f9b5708dd1799aeab9c Mon Sep 17 00:00:00 2001 From: Phil Wise Date: Mon, 23 Apr 2018 16:46:28 +0200 Subject: Bump Aktualizr to get PRO-5211 Report network info --- recipes-sota/aktualizr/aktualizr_git.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index abe8f5b..9e2dc3c 100644 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -22,7 +22,7 @@ SRC_URI = " \ file://aktualizr-secondary.socket \ file://aktualizr-serialcan.service \ " -SRCREV = "7ccfc5b4286b9a04915e74a7474a8d3451145e1c" +SRCREV = "9a813ab0857a2448ac2c2dbc5300e47164db7f01" BRANCH ?= "master" S = "${WORKDIR}/git" -- cgit v1.2.3-54-g00ecf From 3a012ec1d5d7f970c52022b7da5751449693640d Mon Sep 17 00:00:00 2001 From: Phil Wise Date: Fri, 27 Apr 2018 12:26:02 +0200 Subject: Fix permissions of /var/sota in image_types_ota We should also do this in the recipes --- classes/image_types_ota.bbclass | 2 ++ 1 file changed, 2 insertions(+) diff --git a/classes/image_types_ota.bbclass b/classes/image_types_ota.bbclass index d21441d..36e7059 100644 --- a/classes/image_types_ota.bbclass +++ b/classes/image_types_ota.bbclass @@ -105,6 +105,8 @@ IMAGE_CMD_otaimg () { mv ${HOME_TMP}/var/local ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/ || true # Create /var/sota if it doesn't exist yet mkdir -p ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/sota || true + # Ensure the permissions are correctly set + chmod 700 ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/sota mv ${HOME_TMP}/usr/homedirs/home ${PHYS_SYSROOT}/ || true # Ensure that /var/local exists (AGL symlinks /usr/local to /var/local) install -d ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/local -- cgit v1.2.3-54-g00ecf From 8e77dc5a9adacbca5a4b6e80534972370c000bfa Mon Sep 17 00:00:00 2001 From: Phil Wise Date: Fri, 27 Apr 2018 12:26:58 +0200 Subject: Add missing delay in loop. --- lib/oeqa/selftest/cases/updater.py | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/lib/oeqa/selftest/cases/updater.py b/lib/oeqa/selftest/cases/updater.py index e459ffb..2ef5a3b 100644 --- a/lib/oeqa/selftest/cases/updater.py +++ b/lib/oeqa/selftest/cases/updater.py @@ -174,12 +174,12 @@ class AutoProvTests(OESelftestTestCase): print(value) print('Checking output of aktualizr-info:') ran_ok = False - for delay in [0, 1, 2, 5, 10, 15]: - sleep(delay) + for delay in [1, 2, 5, 10, 15]: stdout, stderr, retcode = self.qemu_command('aktualizr-info') if retcode == 0 and stderr == b'': ran_ok = True break + sleep(delay) self.assertTrue(ran_ok, 'aktualizr-info failed: ' + stderr.decode() + stdout.decode()) verifyProvisioned(self, machine) @@ -312,12 +312,12 @@ class GrubTests(OESelftestTestCase): print(value) print('Checking output of aktualizr-info:') ran_ok = False - for delay in [0, 1, 2, 5, 10, 15]: - sleep(delay) + for delay in [1, 2, 5, 10, 15]: stdout, stderr, retcode = self.qemu_command('aktualizr-info') if retcode == 0 and stderr == b'': ran_ok = True break + sleep(delay) self.assertTrue(ran_ok, 'aktualizr-info failed: ' + stderr.decode() + stdout.decode()) verifyProvisioned(self, machine) @@ -364,11 +364,12 @@ class ImplProvTests(OESelftestTestCase): print(value) print('Checking output of aktualizr-info:') ran_ok = False - for delay in [0, 1, 2, 5, 10, 15]: + for delay in [1, 2, 5, 10, 15]: stdout, stderr, retcode = self.qemu_command('aktualizr-info') if retcode == 0 and stderr == b'': ran_ok = True break + sleep(delay) self.assertTrue(ran_ok, 'aktualizr-info failed: ' + stderr.decode() + stdout.decode()) # Verify that device has NOT yet provisioned. self.assertIn(b'Couldn\'t load device ID', stdout, @@ -435,11 +436,12 @@ class HsmTests(OESelftestTestCase): print(value) print('Checking output of aktualizr-info:') ran_ok = False - for delay in [0, 1, 2, 5, 10, 15]: + for delay in [1, 2, 5, 10, 15]: stdout, stderr, retcode = self.qemu_command('aktualizr-info') if retcode == 0 and stderr == b'': ran_ok = True break + sleep(delay) self.assertTrue(ran_ok, 'aktualizr-info failed: ' + stderr.decode() + stdout.decode()) # Verify that device has NOT yet provisioned. self.assertIn(b'Couldn\'t load device ID', stdout, -- cgit v1.2.3-54-g00ecf From c04e7bded7915e6bc9c70128d4a8be0cf7dec7cd Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Fri, 27 Apr 2018 10:05:39 +0200 Subject: Add sqlite3 to aktualizr dependencies. It's worked fine without it, but better to be explicit. --- recipes-sota/aktualizr/aktualizr_git.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index 9e2dc3c..cd2844c 100644 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -5,7 +5,7 @@ SECTION = "base" LICENSE = "MPL-2.0" LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=9741c346eef56131163e13b9db1241b3" -DEPENDS = "boost curl openssl libarchive libsodium asn1c-native " +DEPENDS = "boost curl openssl libarchive libsodium asn1c-native sqlite3 " DEPENDS_append_class-target = "ostree ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', ' libp11', '', d)} " DEPENDS_append_class-native = "glib-2.0-native " -- cgit v1.2.3-54-g00ecf From 1f3231cbc3257eaebbf100df10b2ac2e70dd6671 Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Fri, 27 Apr 2018 09:35:01 +0200 Subject: Move example-interface from sota.env to its own recipe. SOTA_LEGACY_SECONDARY_INTERFACE is now obsolete. Instead, include this: IMAGE_INSTALL_append = " aktualizr-examples aktualizr-example-interface " --- README.adoc | 1 - recipes-sota/aktualizr/aktualizr-auto-prov.bb | 2 - recipes-sota/aktualizr/aktualizr_git.bb | 2 +- recipes-sota/aktualizr/environment.inc | 7 +- recipes-sota/config/aktualizr-example-interface.bb | 22 ++ recipes-sota/config/files/LICENSE | 373 +++++++++++++++++++++ 6 files changed, 397 insertions(+), 10 deletions(-) create mode 100644 recipes-sota/config/aktualizr-example-interface.bb create mode 100644 recipes-sota/config/files/LICENSE diff --git a/README.adoc b/README.adoc index 749bcf3..4e74311 100644 --- a/README.adoc +++ b/README.adoc @@ -88,7 +88,6 @@ Although we have used U-Boot so far, other boot loaders can be configured work w * `SOTA_PACKED_CREDENTIALS` - when set, your ostree commit will be pushed to a remote repo as a bitbake step. This should be the path to a zipped credentials file in https://github.com/advancedtelematic/aktualizr/blob/master/docs/credentials.adoc[the format accepted by garage-push]. * `SOTA_CLIENT_PROV` - which provisioning method to use. Valid options are https://github.com/advancedtelematic/aktualizr/blob/master/docs/automatic-provisioning.adoc[`aktualizr-auto-prov`], https://github.com/advancedtelematic/aktualizr/blob/master/docs/implicit-provisioning.adoc[`aktualizr-implicit-prov`], and `aktualizr-hsm-prov`. The default is `aktualizr-auto-prov`. This can also be set to an empty string to avoid using a provisioning recipe. * `SOTA_CLIENT_FEATURES` - extensions to aktualizr. The only valid option is `hsm` (to build with HSM support) -* `SOTA_LEGACY_SECONDARY_INTERFACE` - path to a https://github.com/advancedtelematic/aktualizr/blob/master/docs/legacysecondary.adoc[legacy secondary interface] installed on the device. To use the example interface from the Aktualizr repo, use `/usr/bin/example-interface` and make sure `IMAGE_INSTALL_append` includes `aktualizr-examples`. * `SOTA_SECONDARY_ECUS` - a list of paths separated by spaces of JSON configuration files for virtual secondaries on the host. These will be installed into `/var/sota/ecus` on the device. * `SOTA_VIRTUAL_SECONDARIES` - a list of paths separated by spaces of JSON configuration files for virtual secondaries installed on the device. If `SOTA_SECONDARY_ECUS` is used to install them, then you can expect them to be installed in `/var/sota/ecus`. diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov.bb b/recipes-sota/aktualizr/aktualizr-auto-prov.bb index 07e5bb8..6b17114 100644 --- a/recipes-sota/aktualizr/aktualizr-auto-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-auto-prov.bb @@ -16,8 +16,6 @@ SRC_URI = " \ require environment.inc require credentials.inc -export SOTA_PACKED_CREDENTIALS - do_install() { if [ -n "${SOTA_AUTOPROVISION_CREDENTIALS}" ]; then bbwarn "SOTA_AUTOPROVISION_CREDENTIALS are ignored. Please use SOTA_PACKED_CREDENTIALS" diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index cd2844c..4c18355 100644 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -22,7 +22,7 @@ SRC_URI = " \ file://aktualizr-secondary.socket \ file://aktualizr-serialcan.service \ " -SRCREV = "9a813ab0857a2448ac2c2dbc5300e47164db7f01" +SRCREV = "cbb586efcd5f14a5c6a2c7cf71d75f575bf3d13f" BRANCH ?= "master" S = "${WORKDIR}/git" diff --git a/recipes-sota/aktualizr/environment.inc b/recipes-sota/aktualizr/environment.inc index 09da6b7..94806bd 100644 --- a/recipes-sota/aktualizr/environment.inc +++ b/recipes-sota/aktualizr/environment.inc @@ -1,17 +1,12 @@ -export SOTA_LEGACY_SECONDARY_INTERFACE export SOTA_VIRTUAL_SECONDARIES do_install_append() { - if [ -n "${SOTA_LEGACY_SECONDARY_INTERFACE}" ]; then - AKTUALIZR_PARAMETERS_LEGACYSEC="--legacy-interface ${SOTA_LEGACY_SECONDARY_INTERFACE}" - fi - AKTUALIZR_PARAMETERS_CONFIGFILE="--config /usr/lib/sota/sota.toml" for sec in ${SOTA_VIRTUAL_SECONDARIES}; do AKTUALIZR_PARAMETERS_VIRTUALSECS="${AKTUALIZR_PARAMETERS_VIRTUALSECS} --secondary-config $sec" done - echo "AKTUALIZR_CMDLINE_PARAMETERS=${AKTUALIZR_PARAMETERS_CONFIGFILE} ${AKTUALIZR_PARAMETERS_LEGACYSEC} ${AKTUALIZR_PARAMETERS_VIRTUALSECS}" > ${D}${libdir}/sota/sota.env + echo "AKTUALIZR_CMDLINE_PARAMETERS=${AKTUALIZR_PARAMETERS_CONFIGFILE} ${AKTUALIZR_PARAMETERS_VIRTUALSECS}" > ${D}${libdir}/sota/sota.env } FILES_${PN}_append = " ${libdir}/sota/sota.env" diff --git a/recipes-sota/config/aktualizr-example-interface.bb b/recipes-sota/config/aktualizr-example-interface.bb new file mode 100644 index 0000000..05f63bf --- /dev/null +++ b/recipes-sota/config/aktualizr-example-interface.bb @@ -0,0 +1,22 @@ +SUMMARY = "Aktualizr example interface" +DESCRIPTION = "Aktualizr example interface for legacy secondaries" +HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" +SECTION = "base" +LICENSE = "MPL-2.0" +LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE;md5=9741c346eef56131163e13b9db1241b3" + +DEPENDS = "aktualizr " +SRC_URI = " \ + file://LICENSE \ + " + +do_install_append () { + install -m 0700 -d ${D}${libdir}/sota/conf.d + echo "[uptane]\nlegacy_interface = \"/usr/bin/example-interface\"\n" > ${D}${libdir}/sota/conf.d/example-interface.toml +} + +FILES_${PN} = " \ + ${libdir}/sota/conf.d/example-interface.toml \ + " + +# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/recipes-sota/config/files/LICENSE b/recipes-sota/config/files/LICENSE new file mode 100644 index 0000000..a612ad9 --- /dev/null +++ b/recipes-sota/config/files/LICENSE @@ -0,0 +1,373 @@ +Mozilla Public License Version 2.0 +================================== + +1. Definitions +-------------- + +1.1. "Contributor" + means each individual or legal entity that creates, contributes to + the creation of, or owns Covered Software. + +1.2. "Contributor Version" + means the combination of the Contributions of others (if any) used + by a Contributor and that particular Contributor's Contribution. + +1.3. "Contribution" + means Covered Software of a particular Contributor. + +1.4. "Covered Software" + means Source Code Form to which the initial Contributor has attached + the notice in Exhibit A, the Executable Form of such Source Code + Form, and Modifications of such Source Code Form, in each case + including portions thereof. + +1.5. "Incompatible With Secondary Licenses" + means + + (a) that the initial Contributor has attached the notice described + in Exhibit B to the Covered Software; or + + (b) that the Covered Software was made available under the terms of + version 1.1 or earlier of the License, but not also under the + terms of a Secondary License. + +1.6. "Executable Form" + means any form of the work other than Source Code Form. + +1.7. "Larger Work" + means a work that combines Covered Software with other material, in + a separate file or files, that is not Covered Software. + +1.8. "License" + means this document. + +1.9. "Licensable" + means having the right to grant, to the maximum extent possible, + whether at the time of the initial grant or subsequently, any and + all of the rights conveyed by this License. + +1.10. "Modifications" + means any of the following: + + (a) any file in Source Code Form that results from an addition to, + deletion from, or modification of the contents of Covered + Software; or + + (b) any new file in Source Code Form that contains any Covered + Software. + +1.11. "Patent Claims" of a Contributor + means any patent claim(s), including without limitation, method, + process, and apparatus claims, in any patent Licensable by such + Contributor that would be infringed, but for the grant of the + License, by the making, using, selling, offering for sale, having + made, import, or transfer of either its Contributions or its + Contributor Version. + +1.12. "Secondary License" + means either the GNU General Public License, Version 2.0, the GNU + Lesser General Public License, Version 2.1, the GNU Affero General + Public License, Version 3.0, or any later versions of those + licenses. + +1.13. "Source Code Form" + means the form of the work preferred for making modifications. + +1.14. "You" (or "Your") + means an individual or a legal entity exercising rights under this + License. For legal entities, "You" includes any entity that + controls, is controlled by, or is under common control with You. For + purposes of this definition, "control" means (a) the power, direct + or indirect, to cause the direction or management of such entity, + whether by contract or otherwise, or (b) ownership of more than + fifty percent (50%) of the outstanding shares or beneficial + ownership of such entity. + +2. License Grants and Conditions +-------------------------------- + +2.1. Grants + +Each Contributor hereby grants You a world-wide, royalty-free, +non-exclusive license: + +(a) under intellectual property rights (other than patent or trademark) + Licensable by such Contributor to use, reproduce, make available, + modify, display, perform, distribute, and otherwise exploit its + Contributions, either on an unmodified basis, with Modifications, or + as part of a Larger Work; and + +(b) under Patent Claims of such Contributor to make, use, sell, offer + for sale, have made, import, and otherwise transfer either its + Contributions or its Contributor Version. + +2.2. Effective Date + +The licenses granted in Section 2.1 with respect to any Contribution +become effective for each Contribution on the date the Contributor first +distributes such Contribution. + +2.3. Limitations on Grant Scope + +The licenses granted in this Section 2 are the only rights granted under +this License. No additional rights or licenses will be implied from the +distribution or licensing of Covered Software under this License. +Notwithstanding Section 2.1(b) above, no patent license is granted by a +Contributor: + +(a) for any code that a Contributor has removed from Covered Software; + or + +(b) for infringements caused by: (i) Your and any other third party's + modifications of Covered Software, or (ii) the combination of its + Contributions with other software (except as part of its Contributor + Version); or + +(c) under Patent Claims infringed by Covered Software in the absence of + its Contributions. + +This License does not grant any rights in the trademarks, service marks, +or logos of any Contributor (except as may be necessary to comply with +the notice requirements in Section 3.4). + +2.4. Subsequent Licenses + +No Contributor makes additional grants as a result of Your choice to +distribute the Covered Software under a subsequent version of this +License (see Section 10.2) or under the terms of a Secondary License (if +permitted under the terms of Section 3.3). + +2.5. Representation + +Each Contributor represents that the Contributor believes its +Contributions are its original creation(s) or it has sufficient rights +to grant the rights to its Contributions conveyed by this License. + +2.6. Fair Use + +This License is not intended to limit any rights You have under +applicable copyright doctrines of fair use, fair dealing, or other +equivalents. + +2.7. Conditions + +Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted +in Section 2.1. + +3. Responsibilities +------------------- + +3.1. Distribution of Source Form + +All distribution of Covered Software in Source Code Form, including any +Modifications that You create or to which You contribute, must be under +the terms of this License. You must inform recipients that the Source +Code Form of the Covered Software is governed by the terms of this +License, and how they can obtain a copy of this License. You may not +attempt to alter or restrict the recipients' rights in the Source Code +Form. + +3.2. Distribution of Executable Form + +If You distribute Covered Software in Executable Form then: + +(a) such Covered Software must also be made available in Source Code + Form, as described in Section 3.1, and You must inform recipients of + the Executable Form how they can obtain a copy of such Source Code + Form by reasonable means in a timely manner, at a charge no more + than the cost of distribution to the recipient; and + +(b) You may distribute such Executable Form under the terms of this + License, or sublicense it under different terms, provided that the + license for the Executable Form does not attempt to limit or alter + the recipients' rights in the Source Code Form under this License. + +3.3. Distribution of a Larger Work + +You may create and distribute a Larger Work under terms of Your choice, +provided that You also comply with the requirements of this License for +the Covered Software. If the Larger Work is a combination of Covered +Software with a work governed by one or more Secondary Licenses, and the +Covered Software is not Incompatible With Secondary Licenses, this +License permits You to additionally distribute such Covered Software +under the terms of such Secondary License(s), so that the recipient of +the Larger Work may, at their option, further distribute the Covered +Software under the terms of either this License or such Secondary +License(s). + +3.4. Notices + +You may not remove or alter the substance of any license notices +(including copyright notices, patent notices, disclaimers of warranty, +or limitations of liability) contained within the Source Code Form of +the Covered Software, except that You may alter any license notices to +the extent required to remedy known factual inaccuracies. + +3.5. Application of Additional Terms + +You may choose to offer, and to charge a fee for, warranty, support, +indemnity or liability obligations to one or more recipients of Covered +Software. However, You may do so only on Your own behalf, and not on +behalf of any Contributor. You must make it absolutely clear that any +such warranty, support, indemnity, or liability obligation is offered by +You alone, and You hereby agree to indemnify every Contributor for any +liability incurred by such Contributor as a result of warranty, support, +indemnity or liability terms You offer. You may include additional +disclaimers of warranty and limitations of liability specific to any +jurisdiction. + +4. Inability to Comply Due to Statute or Regulation +--------------------------------------------------- + +If it is impossible for You to comply with any of the terms of this +License with respect to some or all of the Covered Software due to +statute, judicial order, or regulation then You must: (a) comply with +the terms of this License to the maximum extent possible; and (b) +describe the limitations and the code they affect. Such description must +be placed in a text file included with all distributions of the Covered +Software under this License. Except to the extent prohibited by statute +or regulation, such description must be sufficiently detailed for a +recipient of ordinary skill to be able to understand it. + +5. Termination +-------------- + +5.1. The rights granted under this License will terminate automatically +if You fail to comply with any of its terms. However, if You become +compliant, then the rights granted under this License from a particular +Contributor are reinstated (a) provisionally, unless and until such +Contributor explicitly and finally terminates Your grants, and (b) on an +ongoing basis, if such Contributor fails to notify You of the +non-compliance by some reasonable means prior to 60 days after You have +come back into compliance. Moreover, Your grants from a particular +Contributor are reinstated on an ongoing basis if such Contributor +notifies You of the non-compliance by some reasonable means, this is the +first time You have received notice of non-compliance with this License +from such Contributor, and You become compliant prior to 30 days after +Your receipt of the notice. + +5.2. If You initiate litigation against any entity by asserting a patent +infringement claim (excluding declaratory judgment actions, +counter-claims, and cross-claims) alleging that a Contributor Version +directly or indirectly infringes any patent, then the rights granted to +You by any and all Contributors for the Covered Software under Section +2.1 of this License shall terminate. + +5.3. In the event of termination under Sections 5.1 or 5.2 above, all +end user license agreements (excluding distributors and resellers) which +have been validly granted by You or Your distributors under this License +prior to termination shall survive termination. + +************************************************************************ +* * +* 6. Disclaimer of Warranty * +* ------------------------- * +* * +* Covered Software is provided under this License on an "as is" * +* basis, without warranty of any kind, either expressed, implied, or * +* statutory, including, without limitation, warranties that the * +* Covered Software is free of defects, merchantable, fit for a * +* particular purpose or non-infringing. The entire risk as to the * +* quality and performance of the Covered Software is with You. * +* Should any Covered Software prove defective in any respect, You * +* (not any Contributor) assume the cost of any necessary servicing, * +* repair, or correction. This disclaimer of warranty constitutes an * +* essential part of this License. No use of any Covered Software is * +* authorized under this License except under this disclaimer. * +* * +************************************************************************ + +************************************************************************ +* * +* 7. Limitation of Liability * +* -------------------------- * +* * +* Under no circumstances and under no legal theory, whether tort * +* (including negligence), contract, or otherwise, shall any * +* Contributor, or anyone who distributes Covered Software as * +* permitted above, be liable to You for any direct, indirect, * +* special, incidental, or consequential damages of any character * +* including, without limitation, damages for lost profits, loss of * +* goodwill, work stoppage, computer failure or malfunction, or any * +* and all other commercial damages or losses, even if such party * +* shall have been informed of the possibility of such damages. This * +* limitation of liability shall not apply to liability for death or * +* personal injury resulting from such party's negligence to the * +* extent applicable law prohibits such limitation. Some * +* jurisdictions do not allow the exclusion or limitation of * +* incidental or consequential damages, so this exclusion and * +* limitation may not apply to You. * +* * +************************************************************************ + +8. Litigation +------------- + +Any litigation relating to this License may be brought only in the +courts of a jurisdiction where the defendant maintains its principal +place of business and such litigation shall be governed by laws of that +jurisdiction, without reference to its conflict-of-law provisions. +Nothing in this Section shall prevent a party's ability to bring +cross-claims or counter-claims. + +9. Miscellaneous +---------------- + +This License represents the complete agreement concerning the subject +matter hereof. If any provision of this License is held to be +unenforceable, such provision shall be reformed only to the extent +necessary to make it enforceable. Any law or regulation which provides +that the language of a contract shall be construed against the drafter +shall not be used to construe this License against a Contributor. + +10. Versions of the License +--------------------------- + +10.1. New Versions + +Mozilla Foundation is the license steward. Except as provided in Section +10.3, no one other than the license steward has the right to modify or +publish new versions of this License. Each version will be given a +distinguishing version number. + +10.2. Effect of New Versions + +You may distribute the Covered Software under the terms of the version +of the License under which You originally received the Covered Software, +or under the terms of any subsequent version published by the license +steward. + +10.3. Modified Versions + +If you create software not governed by this License, and you want to +create a new license for such software, you may create and use a +modified version of this License if you rename the license and remove +any references to the name of the license steward (except to note that +such modified license differs from this License). + +10.4. Distributing Source Code Form that is Incompatible With Secondary +Licenses + +If You choose to distribute Source Code Form that is Incompatible With +Secondary Licenses under the terms of this version of the License, the +notice described in Exhibit B of this License must be attached. + +Exhibit A - Source Code Form License Notice +------------------------------------------- + + This Source Code Form is subject to the terms of the Mozilla Public + License, v. 2.0. If a copy of the MPL was not distributed with this + file, You can obtain one at http://mozilla.org/MPL/2.0/. + +If it is not possible or desirable to put the notice in a particular +file, then You may include the notice in a location (such as a LICENSE +file in a relevant directory) where a recipient would be likely to look +for such a notice. + +You may add additional accurate notices of copyright ownership. + +Exhibit B - "Incompatible With Secondary Licenses" Notice +--------------------------------------------------------- + + This Source Code Form is "Incompatible With Secondary Licenses", as + defined by the Mozilla Public License, v. 2.0. -- cgit v1.2.3-54-g00ecf From 3f4856c1aabdc04935020f51fa18dd510f84a69c Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Fri, 27 Apr 2018 12:08:25 +0200 Subject: Provide recipe to disable sending ip (PRO-5297). Obviates the need for SOTA_CLIENT_FEATURES = "disable_send_ip". --- recipes-sota/config/aktualizr-disable-send-ip.bb | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 recipes-sota/config/aktualizr-disable-send-ip.bb diff --git a/recipes-sota/config/aktualizr-disable-send-ip.bb b/recipes-sota/config/aktualizr-disable-send-ip.bb new file mode 100644 index 0000000..32c55f3 --- /dev/null +++ b/recipes-sota/config/aktualizr-disable-send-ip.bb @@ -0,0 +1,23 @@ +SUMMARY = "Disable IP reporting in Aktualizr" +DESCRIPTION = "Configures aktualizr to disable IP reporting to the server" +HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" +SECTION = "base" +LICENSE = "MPL-2.0" +LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE;md5=9741c346eef56131163e13b9db1241b3" + +DEPENDS = "aktualizr " +SRC_URI = " \ + file://LICENSE \ + " + +do_install_append () { + install -m 0700 -d ${D}${libdir}/sota/conf.d + echo "[telemetry]\nreport_network = false\n" > ${D}${libdir}/sota/conf.d/disable-send-ip.toml +} + +FILES_${PN} = " \ + ${libdir}/sota/conf.d/disable-send-ip.toml \ + " + +# vim:set ts=4 sw=4 sts=4 expandtab: + -- cgit v1.2.3-54-g00ecf From af5e0c48c7311bd53267539ef544deb4d647eda0 Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Mon, 30 Apr 2018 14:24:51 +0200 Subject: Create aktualizr-log-debug recipe as an example (and debugging aid). --- recipes-sota/config/aktualizr-log-debug.bb | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 recipes-sota/config/aktualizr-log-debug.bb diff --git a/recipes-sota/config/aktualizr-log-debug.bb b/recipes-sota/config/aktualizr-log-debug.bb new file mode 100644 index 0000000..512599f --- /dev/null +++ b/recipes-sota/config/aktualizr-log-debug.bb @@ -0,0 +1,23 @@ +SUMMARY = "Set debug logging in Aktualizr" +DESCRIPTION = "Configures aktualizr to log at a debugging level" +HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" +SECTION = "base" +LICENSE = "MPL-2.0" +LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE;md5=9741c346eef56131163e13b9db1241b3" + +DEPENDS = "aktualizr " +SRC_URI = " \ + file://LICENSE \ + " + +do_install_append () { + install -m 0700 -d ${D}${libdir}/sota/conf.d + echo "[logger]\nloglevel = 0\n" > ${D}${libdir}/sota/conf.d/log-debug.toml +} + +FILES_${PN} = " \ + ${libdir}/sota/conf.d/log-debug.toml \ + " + +# vim:set ts=4 sw=4 sts=4 expandtab: + -- cgit v1.2.3-54-g00ecf From 0c40c88798b9b36eae8af28424899d76ed321758 Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Wed, 2 May 2018 14:00:54 +0200 Subject: Update README with aktualizr config management (PRO-5329). --- README.adoc | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/README.adoc b/README.adoc index 4e74311..c47dd1d 100644 --- a/README.adoc +++ b/README.adoc @@ -23,9 +23,9 @@ If you don't already have a Yocto project that you want to add OTA to, you can u If you already have a Yocto-based project and you want to add atomic filesystem updates to it, you just need to do three things: -1. Clone the `meta-updater` layer and add it to your https://www.yoctoproject.org/docs/2.1/ref-manual/ref-manual.html#structure-build-conf-bblayers.conf[bblayers.conf]. +1. Clone the `meta-updater` layer and add it to your https://www.yoctoproject.org/docs/current/ref-manual/ref-manual.html#structure-build-conf-bblayers.conf[bblayers.conf]. 2. Clone BSP integration layer (`meta-updater-$\{PLATFORM}`, e.g. https://github.com/advancedtelematic/meta-updater-raspberrypi[meta-updater-raspberrypi]) and add it to your `conf/bblayers.conf`. If your board isn't supported yet, you could write a BSP integration for it yourself. See the <> section for the details. -3. Set up your https://www.yoctoproject.org/docs/2.1/ref-manual/ref-manual.html#var-DISTRO[distro]. If you are using "poky", the default distro in Yocto, you can change it in your `conf/local.conf` to "poky-sota". Alternatively, if you are using your own or third party distro configuration, you can add `INHERIT += " sota"` to it, thus combining capabilities of your distro with meta-updater features. +3. Set up your https://www.yoctoproject.org/docs/current/ref-manual/ref-manual.html#var-DISTRO[distro]. If you are using "poky", the default distro in Yocto, you can change it in your `conf/local.conf` to "poky-sota". Alternatively, if you are using your own or third party distro configuration, you can add `INHERIT += " sota"` to it, thus combining capabilities of your distro with meta-updater features. You can then build your image as usual, with bitbake. After building the root file system, bitbake will then create an https://ostree.readthedocs.io/en/latest/manual/adapting-existing/[OSTree-enabled version] of it, commit it to your local OSTree repo and (optionally) push it to a remote server. Additionally, a live disk image will be created (normally named `$\{IMAGE_NAME}.-sdimg-ota` e.g. `core-image-raspberrypi3.rpi-sdimg-ota`). You can control this behaviour through <>. @@ -47,7 +47,7 @@ and get as a result an `ostree_repo` folder in your images directory (`tmp/deplo * your OSTree repository, with the rootfs committed as an OSTree deployment, * an `otaimg` bootstrap image, which is an OSTree physical sysroot as a burnable filesystem image, and optionally -* some machine-dependent live images (e.g. `.rpi-sdimg-ota` for Raspberry Pi or `.porter-sdimg-ota` Renesas Porter board). +* some machine-dependent live images (e.g. `.wic` for Raspberry Pi or `.porter-sdimg-ota` Renesas Porter board). Although `aglsetup.sh` hooks provide reasonable defaults for SOTA-related variables, you may want to tune some of them. @@ -86,7 +86,7 @@ Although we have used U-Boot so far, other boot loaders can be configured work w * `OSTREE_OSNAME` - OS deployment name on your target device. For more information about deployments and osnames see the https://ostree.readthedocs.io/en/latest/manual/deployment/[OSTree documentation]. Defaults to "poky". * `OSTREE_INITRAMFS_IMAGE` - initramfs/initrd image that is used as a proxy while booting into OSTree deployment. Do not change this setting unless you are sure that your initramfs can serve as such a proxy. * `SOTA_PACKED_CREDENTIALS` - when set, your ostree commit will be pushed to a remote repo as a bitbake step. This should be the path to a zipped credentials file in https://github.com/advancedtelematic/aktualizr/blob/master/docs/credentials.adoc[the format accepted by garage-push]. -* `SOTA_CLIENT_PROV` - which provisioning method to use. Valid options are https://github.com/advancedtelematic/aktualizr/blob/master/docs/automatic-provisioning.adoc[`aktualizr-auto-prov`], https://github.com/advancedtelematic/aktualizr/blob/master/docs/implicit-provisioning.adoc[`aktualizr-implicit-prov`], and `aktualizr-hsm-prov`. The default is `aktualizr-auto-prov`. This can also be set to an empty string to avoid using a provisioning recipe. +* `SOTA_CLIENT_PROV` - which provisioning method to use. Valid options are https://github.com/advancedtelematic/aktualizr/blob/master/docs/automatic-provisioning.adoc[`aktualizr-auto-prov`], https://github.com/advancedtelematic/aktualizr/blob/master/docs/implicit-provisioning.adoc[`aktualizr-implicit-prov`], and https://github.com/advancedtelematic/aktualizr/blob/master/docs/hsm-provisioning.adoc[`aktualizr-hsm-prov`]. The default is `aktualizr-auto-prov`. This can also be set to an empty string to avoid using a provisioning recipe. * `SOTA_CLIENT_FEATURES` - extensions to aktualizr. The only valid option is `hsm` (to build with HSM support) * `SOTA_SECONDARY_ECUS` - a list of paths separated by spaces of JSON configuration files for virtual secondaries on the host. These will be installed into `/var/sota/ecus` on the device. * `SOTA_VIRTUAL_SECONDARIES` - a list of paths separated by spaces of JSON configuration files for virtual secondaries installed on the device. If `SOTA_SECONDARY_ECUS` is used to install them, then you can expect them to be installed in `/var/sota/ecus`. @@ -141,6 +141,20 @@ garage-push --repo=/path/to/ostree-repo --ref=mybranch --credentials=/path/to/cr You can set `SOTA_PACKED_CREDENTIALS` in your `local.conf` to automatically synchronize your build results with a remote server. Credentials are stored in an archive as described in the https://github.com/advancedtelematic/aktualizr/blob/master/docs/credentials.adoc[aktualizr documentation]. +=== aktualizr configuration + +https://github.com/advancedtelematic/aktualizr[Aktualizr] supports a variety of https://github.com/advancedtelematic/aktualizr/blob/master/docs/configuration.adoc[configuration options via a configuration file and the command line]. There are two primary ways to control aktualizr's configuration from meta-updater. + +First, you can set `SOTA_CLIENT_PROV` to control which provisioning recipe is used. Each recipe installs an appropriate `sota.toml` file from aktualizr according to the provisioning needs. See the <> section for more information. + +Second, you can write recipes to install additional config files with customized options. A few recipes already exist to address common needs and provide an example: + +* link:recipes-sota/config/aktualizr-example-interface.bb[aktualizr-example-interface.bb] will configure aktualizr to connect to an example interface for a legacy flasher. This is intended to be used in conjunction with the `aktualizr-examples` package. See https://github.com/advancedtelematic/aktualizr/blob/master/docs/legacysecondary.adoc[legacysecondary.adoc] in the aktualizr repo for more information. +* link:recipes-sota/config/aktualizr-disable-send-ip.bb[aktualizr-disable-send-ip.bb] disables the reporting of networking information to the server. This is enabled by default and supported by https://app.atsgarage.com[ATS Garage]. However, if you are using a different server that does not support this feature, you may want to disable it in aktualizr. +* link:recipes-sota/config/aktualizr-log-debug.bb[aktualizr-log-debug.bb] sets the log level of aktualizr to 0 (trace). The default is 2 (info). This recipe is intended for development and debugging purposes. + +To use these recipes, you will need to add them to your image with a line such as `IMAGE_INSTALL_append = " aktualizr-log-debug "` in your `local.conf`. + == Development configuration There are a few settings that can be controlled in `local.conf` to simplify the development process: -- cgit v1.2.3-54-g00ecf From f01b2b06c6fb76cd5d83f5e23643a399d7f41606 Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Thu, 3 May 2018 12:22:52 +0200 Subject: Update aktualizr config to use default locations. Fix permissions, drop explicit aktualizr dependency, put everything in /usr/lib/sota/conf.d, rename with numeric prefixes to make precedence more clear. --- recipes-sota/aktualizr/aktualizr-auto-prov.bb | 8 ++++---- recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb | 11 +++++------ recipes-sota/aktualizr/aktualizr-hsm-prov.bb | 6 +++--- recipes-sota/aktualizr/aktualizr-implicit-prov.bb | 6 +++--- recipes-sota/aktualizr/aktualizr_git.bb | 10 ++++++---- recipes-sota/aktualizr/environment.inc | 3 +-- recipes-sota/config/aktualizr-disable-send-ip.bb | 5 ++--- recipes-sota/config/aktualizr-example-interface.bb | 5 ++--- recipes-sota/config/aktualizr-log-debug.bb | 5 ++--- 9 files changed, 28 insertions(+), 31 deletions(-) diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov.bb b/recipes-sota/aktualizr/aktualizr-auto-prov.bb index 6b17114..1a42184 100644 --- a/recipes-sota/aktualizr/aktualizr-auto-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-auto-prov.bb @@ -30,12 +30,12 @@ do_install() { bbwarn "OSTREE_PUSH_CREDENTIALS is ignored. Please use SOTA_PACKED_CREDENTIALS" fi - install -d ${D}${libdir}/sota - install -d ${D}${localstatedir}/sota + install -m 0700 -d ${D}${libdir}/sota/conf.d + install -m 0700 -d ${D}${localstatedir}/sota if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then aktualizr_toml=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-network', 'sota_autoprov_primary.toml', 'sota_autoprov.toml', d)} - install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/${aktualizr_toml} ${D}${libdir}/sota/sota.toml + install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/${aktualizr_toml} ${D}${libdir}/sota/conf.d/20-sota.toml # deploy SOTA credentials if [ -e ${SOTA_PACKED_CREDENTIALS} ]; then @@ -47,7 +47,7 @@ do_install() { } FILES_${PN} = " \ - ${libdir}/sota/sota.toml \ + ${libdir}/sota/conf.d/20-sota.toml \ ${localstatedir}/sota \ ${localstatedir}/sota/sota_provisioning_credentials.zip \ " diff --git a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb index 51e313d..a118dfd 100644 --- a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb @@ -26,7 +26,7 @@ export SOTA_CACERT_PATH export SOTA_CAKEY_PATH do_install() { - install -d ${D}${libdir}/sota + install -m 0700 -d ${D}${libdir}/sota/conf.d if [ -z "${SOTA_PACKED_CREDENTIALS}" ]; then bberror "SOTA_PACKED_CREDENTIALS are required for implicit provisioning" @@ -51,21 +51,20 @@ do_install() { bberror "SOTA_CAKEY_PATH should be set when using implicit provisioning" fi - install -d ${D}${libdir}/sota - install -d ${D}${localstatedir}/sota - install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov_ca.toml ${D}${libdir}/sota/sota.toml + install -m 0700 -d ${D}${localstatedir}/sota + install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov_ca.toml ${D}${libdir}/sota/conf.d/20-sota.toml aktualizr_cert_provider --credentials ${SOTA_PACKED_CREDENTIALS} \ --device-ca ${SOTA_CACERT_PATH} \ --device-ca-key ${SOTA_CAKEY_PATH} \ --root-ca \ --server-url \ --local ${D}${localstatedir}/sota \ - --config ${D}${libdir}/sota/sota.toml + --config ${D}${libdir}/sota/conf.d/20-sota.toml } FILES_${PN} = " \ ${localstatedir}/sota/* \ - ${libdir}/sota/sota.toml \ + ${libdir}/sota/conf.d/20-sota.toml \ ${libdir}/sota/root.crt \ " diff --git a/recipes-sota/aktualizr/aktualizr-hsm-prov.bb b/recipes-sota/aktualizr/aktualizr-hsm-prov.bb index 5f8da3c..290167f 100644 --- a/recipes-sota/aktualizr/aktualizr-hsm-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-hsm-prov.bb @@ -18,15 +18,15 @@ require environment.inc require credentials.inc do_install() { - install -d ${D}${libdir}/sota + install -m 0700 -d ${D}${libdir}/sota/conf.d if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} --no-root-ca \ - -i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_hsm_prov.toml -o ${D}${libdir}/sota/sota.toml -p ${D} + -i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_hsm_prov.toml -o ${D}${libdir}/sota/conf.d/20-sota.toml -p ${D} fi } FILES_${PN} = " \ - ${libdir}/sota/sota.toml \ + ${libdir}/sota/conf.d/20-sota.toml \ " # vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb index cf3d22c..2f9980a 100644 --- a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb @@ -18,15 +18,15 @@ require environment.inc require credentials.inc do_install() { - install -d ${D}${libdir}/sota + install -m 0700 -d ${D}${libdir}/sota/conf.d if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} \ - -i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov.toml -o ${D}${libdir}/sota/sota.toml -p ${D} + -i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov.toml -o ${D}${libdir}/sota/conf.d/20-sota.toml -p ${D} fi } FILES_${PN} = " \ - ${libdir}/sota/sota.toml \ + ${libdir}/sota/conf.d/20-sota.toml \ ${libdir}/sota/root.crt \ " diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index 4c18355..f455013 100644 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -22,7 +22,7 @@ SRC_URI = " \ file://aktualizr-secondary.socket \ file://aktualizr-serialcan.service \ " -SRCREV = "cbb586efcd5f14a5c6a2c7cf71d75f575bf3d13f" +SRCREV = "5fa9a79f1fb29266c862a9a6cb32082bb77844a5" BRANCH ?= "master" S = "${WORKDIR}/git" @@ -54,21 +54,21 @@ EXTRA_OECMAKE_append_class-native = " -DBUILD_SOTA_TOOLS=ON \ do_install_append () { rm -fr ${D}${libdir}/systemd rm -f ${D}${libdir}/sota/sota.toml # Only needed for the Debian package - install -d ${D}${libdir}/sota + install -m 0700 -d ${D}${libdir}/sota/conf.d install -m 0644 ${S}/config/sota_secondary.toml ${D}/${libdir}/sota/sota_secondary.toml install -d ${D}${systemd_unitdir}/system install -m 0644 ${WORKDIR}/aktualizr-secondary.socket ${D}${systemd_unitdir}/system/aktualizr-secondary.socket install -m 0644 ${WORKDIR}/aktualizr-secondary.service ${D}${systemd_unitdir}/system/aktualizr-secondary.service + install -m 0700 -d ${D}${sysconfdir}/sota/conf.d } do_install_append_class-target () { - install -d ${D}${systemd_unitdir}/system + install -m 0755 -d ${D}${systemd_unitdir}/system aktualizr_service=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'serialcan', '${WORKDIR}/aktualizr-serialcan.service', '${WORKDIR}/aktualizr.service', d)} install -m 0644 ${aktualizr_service} ${D}${systemd_unitdir}/system/aktualizr.service } do_install_append_class-native () { - install -d ${D}${libdir}/sota install -m 0644 ${S}/config/sota_autoprov.toml ${D}/${libdir}/sota/sota_autoprov.toml install -m 0644 ${S}/config/sota_autoprov_primary.toml ${D}/${libdir}/sota/sota_autoprov_primary.toml install -m 0644 ${S}/config/sota_hsm_prov.toml ${D}/${libdir}/sota/sota_hsm_prov.toml @@ -85,7 +85,9 @@ FILES_${PN} = " \ ${bindir}/aktualizr \ ${bindir}/aktualizr-info \ ${bindir}/aktualizr-check-discovery \ + ${libdir}/sota/conf.d \ ${systemd_unitdir}/system/aktualizr.service \ + ${sysconfdir}/sota/conf.d \ " FILES_${PN}-common = " \ diff --git a/recipes-sota/aktualizr/environment.inc b/recipes-sota/aktualizr/environment.inc index 94806bd..16e789e 100644 --- a/recipes-sota/aktualizr/environment.inc +++ b/recipes-sota/aktualizr/environment.inc @@ -1,12 +1,11 @@ export SOTA_VIRTUAL_SECONDARIES do_install_append() { - AKTUALIZR_PARAMETERS_CONFIGFILE="--config /usr/lib/sota/sota.toml" for sec in ${SOTA_VIRTUAL_SECONDARIES}; do AKTUALIZR_PARAMETERS_VIRTUALSECS="${AKTUALIZR_PARAMETERS_VIRTUALSECS} --secondary-config $sec" done - echo "AKTUALIZR_CMDLINE_PARAMETERS=${AKTUALIZR_PARAMETERS_CONFIGFILE} ${AKTUALIZR_PARAMETERS_VIRTUALSECS}" > ${D}${libdir}/sota/sota.env + echo "AKTUALIZR_CMDLINE_PARAMETERS=${AKTUALIZR_PARAMETERS_VIRTUALSECS}" > ${D}${libdir}/sota/sota.env } FILES_${PN}_append = " ${libdir}/sota/sota.env" diff --git a/recipes-sota/config/aktualizr-disable-send-ip.bb b/recipes-sota/config/aktualizr-disable-send-ip.bb index 32c55f3..ce492e9 100644 --- a/recipes-sota/config/aktualizr-disable-send-ip.bb +++ b/recipes-sota/config/aktualizr-disable-send-ip.bb @@ -5,18 +5,17 @@ SECTION = "base" LICENSE = "MPL-2.0" LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE;md5=9741c346eef56131163e13b9db1241b3" -DEPENDS = "aktualizr " SRC_URI = " \ file://LICENSE \ " do_install_append () { install -m 0700 -d ${D}${libdir}/sota/conf.d - echo "[telemetry]\nreport_network = false\n" > ${D}${libdir}/sota/conf.d/disable-send-ip.toml + echo "[telemetry]\nreport_network = false\n" > ${D}${libdir}/sota/conf.d/30-disable-send-ip.toml } FILES_${PN} = " \ - ${libdir}/sota/conf.d/disable-send-ip.toml \ + ${libdir}/sota/conf.d/30-disable-send-ip.toml \ " # vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/recipes-sota/config/aktualizr-example-interface.bb b/recipes-sota/config/aktualizr-example-interface.bb index 05f63bf..52ebe1c 100644 --- a/recipes-sota/config/aktualizr-example-interface.bb +++ b/recipes-sota/config/aktualizr-example-interface.bb @@ -5,18 +5,17 @@ SECTION = "base" LICENSE = "MPL-2.0" LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE;md5=9741c346eef56131163e13b9db1241b3" -DEPENDS = "aktualizr " SRC_URI = " \ file://LICENSE \ " do_install_append () { install -m 0700 -d ${D}${libdir}/sota/conf.d - echo "[uptane]\nlegacy_interface = \"/usr/bin/example-interface\"\n" > ${D}${libdir}/sota/conf.d/example-interface.toml + echo "[uptane]\nlegacy_interface = \"/usr/bin/example-interface\"\n" > ${D}${libdir}/sota/conf.d/30-example-interface.toml } FILES_${PN} = " \ - ${libdir}/sota/conf.d/example-interface.toml \ + ${libdir}/sota/conf.d/30-example-interface.toml \ " # vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/recipes-sota/config/aktualizr-log-debug.bb b/recipes-sota/config/aktualizr-log-debug.bb index 512599f..e32a414 100644 --- a/recipes-sota/config/aktualizr-log-debug.bb +++ b/recipes-sota/config/aktualizr-log-debug.bb @@ -5,18 +5,17 @@ SECTION = "base" LICENSE = "MPL-2.0" LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE;md5=9741c346eef56131163e13b9db1241b3" -DEPENDS = "aktualizr " SRC_URI = " \ file://LICENSE \ " do_install_append () { install -m 0700 -d ${D}${libdir}/sota/conf.d - echo "[logger]\nloglevel = 0\n" > ${D}${libdir}/sota/conf.d/log-debug.toml + echo "[logger]\nloglevel = 0\n" > ${D}${libdir}/sota/conf.d/90-log-debug.toml } FILES_${PN} = " \ - ${libdir}/sota/conf.d/log-debug.toml \ + ${libdir}/sota/conf.d/90-log-debug.toml \ " # vim:set ts=4 sw=4 sts=4 expandtab: -- cgit v1.2.3-54-g00ecf From f4e53220276ff9cf3caa7c997e32f6f5a91e3128 Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Thu, 3 May 2018 09:34:00 +0200 Subject: Test aktualizr-example-interface package (PRO-5336). Not much else from the example configs that is easy to test with oe-selftest. --- lib/oeqa/selftest/cases/updater.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/lib/oeqa/selftest/cases/updater.py b/lib/oeqa/selftest/cases/updater.py index 2ef5a3b..6dcc8df 100644 --- a/lib/oeqa/selftest/cases/updater.py +++ b/lib/oeqa/selftest/cases/updater.py @@ -150,6 +150,8 @@ class AutoProvTests(OESelftestTestCase): self.meta_qemu = None self.append_config('MACHINE = "qemux86-64"') self.append_config('SOTA_CLIENT_PROV = " aktualizr-auto-prov "') + # Test aktualizr-example-interface package. + self.append_config('IMAGE_INSTALL_append = " aktualizr-examples aktualizr-example-interface "') self.qemu, self.s = qemu_launch(machine='qemux86-64') def tearDownLocal(self): @@ -183,6 +185,12 @@ class AutoProvTests(OESelftestTestCase): self.assertTrue(ran_ok, 'aktualizr-info failed: ' + stderr.decode() + stdout.decode()) verifyProvisioned(self, machine) + # Test aktualizr-example-interface package. + stdout, stderr, retcode = self.qemu_command('aktualizr-info') + self.assertIn(b'hardware ID: example1', stdout, + 'Legacy secondary initialization failed: ' + stderr.decode() + stdout.decode()) + self.assertIn(b'hardware ID: example2', stdout, + 'Legacy secondary initialization failed: ' + stderr.decode() + stdout.decode()) class RpiTests(OESelftestTestCase): @@ -591,6 +599,7 @@ class PrimaryTests(OESelftestTestCase): self.assertEqual(retcode, 0, "Unable to run aktualizr --help") self.assertEqual(stderr, b'', 'Error: ' + stderr.decode()) + def qemu_launch(efi=False, machine=None, imagename=None): logger = logging.getLogger("selftest") logger.info('Running bitbake to build core-image-minimal') -- cgit v1.2.3-54-g00ecf From 98b1cb7a2c90a203d885663ed2b6cc1bae08f5b3 Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Mon, 7 May 2018 11:24:45 +0200 Subject: Give some more time for checking for successful provisioning. --- lib/oeqa/selftest/cases/updater.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/oeqa/selftest/cases/updater.py b/lib/oeqa/selftest/cases/updater.py index 6dcc8df..2efef15 100644 --- a/lib/oeqa/selftest/cases/updater.py +++ b/lib/oeqa/selftest/cases/updater.py @@ -671,12 +671,12 @@ def akt_native_run(testInst, cmd, **kwargs): def verifyProvisioned(testInst, machine): # Verify that device HAS provisioned. ran_ok = False - for delay in [5, 5, 5, 5, 10]: - sleep(delay) + for delay in [5, 5, 5, 5, 10, 10, 10, 10]: stdout, stderr, retcode = testInst.qemu_command('aktualizr-info') if retcode == 0 and stderr == b'' and stdout.decode().find('Fetched metadata: yes') >= 0: ran_ok = True break + sleep(delay) testInst.assertIn(b'Device ID: ', stdout, 'Provisioning failed: ' + stderr.decode() + stdout.decode()) testInst.assertIn(b'Primary ecu hardware ID: ' + machine.encode(), stdout, 'Provisioning failed: ' + stderr.decode() + stdout.decode()) -- cgit v1.2.3-54-g00ecf From a8c4f54b7adbe0169b2ee62a9c8f8911ca9b0bf6 Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Mon, 7 May 2018 11:25:03 +0200 Subject: Bump aktualizr. Don't build load tests. --- recipes-sota/aktualizr/aktualizr_git.bb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index f455013..083f5cc 100644 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -22,7 +22,7 @@ SRC_URI = " \ file://aktualizr-secondary.socket \ file://aktualizr-serialcan.service \ " -SRCREV = "5fa9a79f1fb29266c862a9a6cb32082bb77844a5" +SRCREV = "617d6d9242239a5719296f18e207ac4d8d94b7b2" BRANCH ?= "master" S = "${WORKDIR}/git" @@ -41,7 +41,8 @@ require garage-sign-version.inc EXTRA_OECMAKE = "-DWARNING_AS_ERROR=OFF \ -DCMAKE_BUILD_TYPE=Release \ - -DAKTUALIZR_VERSION=${PV} " + -DAKTUALIZR_VERSION=${PV} \ + -DBUILD_LOAD_TESTS=OFF" EXTRA_OECMAKE_append_class-target = " -DBUILD_OSTREE=ON \ -DBUILD_ISOTP=ON \ ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', '-DBUILD_P11=ON', '', d)} " -- cgit v1.2.3-54-g00ecf From fe16efa983b8cd542bbe84a24cfce13597ead726 Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Tue, 8 May 2018 13:57:16 +0200 Subject: Update patch to fix openssl-1.0.o. --- .../files/0001-Workaround-for-a-buggy-version-of-openssl-1.0.2m.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes-support/libp11/files/0001-Workaround-for-a-buggy-version-of-openssl-1.0.2m.patch b/recipes-support/libp11/files/0001-Workaround-for-a-buggy-version-of-openssl-1.0.2m.patch index bd233ee..902352c 100644 --- a/recipes-support/libp11/files/0001-Workaround-for-a-buggy-version-of-openssl-1.0.2m.patch +++ b/recipes-support/libp11/files/0001-Workaround-for-a-buggy-version-of-openssl-1.0.2m.patch @@ -17,7 +17,7 @@ index 45d5ad3..75625e6 100644 -#if OPENSSL_VERSION_NUMBER < 0x100020d0L || defined(LIBRESSL_VERSION_NUMBER) -static void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth, -+#if OPENSSL_VERSION_NUMBER < 0x100020f0L || defined(LIBRESSL_VERSION_NUMBER) ++#if OPENSSL_VERSION_NUMBER < 0x10002100L || defined(LIBRESSL_VERSION_NUMBER) + +# if (OPENSSL_VERSION_NUMBER & 0xFFFFFFF0) == 0x100020d0L +# undef EVP_PKEY_meth_get_sign -- cgit v1.2.3-54-g00ecf From 9c610430a3b94d3f881458b7b01133c9705d8d6b Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Wed, 9 May 2018 11:57:42 +0200 Subject: Put extra configs in their own files. This is more reliable and readable than just dumping things with echo. Plus it is easier for setting permissions, and it fixes some obscure problem with line endings that only happens on shovel. --- recipes-sota/config/aktualizr-disable-send-ip.bb | 3 ++- recipes-sota/config/aktualizr-example-interface.bb | 3 ++- recipes-sota/config/aktualizr-log-debug.bb | 3 ++- recipes-sota/config/files/30-disable-send-ip.toml | 2 ++ recipes-sota/config/files/30-example-interface.toml | 2 ++ recipes-sota/config/files/90-log-debug.toml | 2 ++ 6 files changed, 12 insertions(+), 3 deletions(-) create mode 100644 recipes-sota/config/files/30-disable-send-ip.toml create mode 100644 recipes-sota/config/files/30-example-interface.toml create mode 100644 recipes-sota/config/files/90-log-debug.toml diff --git a/recipes-sota/config/aktualizr-disable-send-ip.bb b/recipes-sota/config/aktualizr-disable-send-ip.bb index ce492e9..cab7696 100644 --- a/recipes-sota/config/aktualizr-disable-send-ip.bb +++ b/recipes-sota/config/aktualizr-disable-send-ip.bb @@ -7,11 +7,12 @@ LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE;md5=9741c346eef56131163e13b9db1241 SRC_URI = " \ file://LICENSE \ + file://30-disable-send-ip.toml \ " do_install_append () { install -m 0700 -d ${D}${libdir}/sota/conf.d - echo "[telemetry]\nreport_network = false\n" > ${D}${libdir}/sota/conf.d/30-disable-send-ip.toml + install -m 0644 ${WORKDIR}/30-disable-send-ip.toml ${D}${libdir}/sota/conf.d/30-disable-send-ip.toml } FILES_${PN} = " \ diff --git a/recipes-sota/config/aktualizr-example-interface.bb b/recipes-sota/config/aktualizr-example-interface.bb index 52ebe1c..37a9184 100644 --- a/recipes-sota/config/aktualizr-example-interface.bb +++ b/recipes-sota/config/aktualizr-example-interface.bb @@ -7,11 +7,12 @@ LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE;md5=9741c346eef56131163e13b9db1241 SRC_URI = " \ file://LICENSE \ + file://30-example-interface.toml \ " do_install_append () { install -m 0700 -d ${D}${libdir}/sota/conf.d - echo "[uptane]\nlegacy_interface = \"/usr/bin/example-interface\"\n" > ${D}${libdir}/sota/conf.d/30-example-interface.toml + install -m 0644 ${WORKDIR}/30-example-interface.toml ${D}${libdir}/sota/conf.d/30-example-interface.toml } FILES_${PN} = " \ diff --git a/recipes-sota/config/aktualizr-log-debug.bb b/recipes-sota/config/aktualizr-log-debug.bb index e32a414..5cfd198 100644 --- a/recipes-sota/config/aktualizr-log-debug.bb +++ b/recipes-sota/config/aktualizr-log-debug.bb @@ -7,11 +7,12 @@ LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE;md5=9741c346eef56131163e13b9db1241 SRC_URI = " \ file://LICENSE \ + file://90-log-debug.toml \ " do_install_append () { install -m 0700 -d ${D}${libdir}/sota/conf.d - echo "[logger]\nloglevel = 0\n" > ${D}${libdir}/sota/conf.d/90-log-debug.toml + install -m 0644 ${WORKDIR}/90-log-debug.toml ${D}${libdir}/sota/conf.d/90-log-debug.toml } FILES_${PN} = " \ diff --git a/recipes-sota/config/files/30-disable-send-ip.toml b/recipes-sota/config/files/30-disable-send-ip.toml new file mode 100644 index 0000000..5cd5108 --- /dev/null +++ b/recipes-sota/config/files/30-disable-send-ip.toml @@ -0,0 +1,2 @@ +[telemetry] +report_network = false diff --git a/recipes-sota/config/files/30-example-interface.toml b/recipes-sota/config/files/30-example-interface.toml new file mode 100644 index 0000000..fc4e9ec --- /dev/null +++ b/recipes-sota/config/files/30-example-interface.toml @@ -0,0 +1,2 @@ +[uptane] +legacy_interface = "/usr/bin/example-interface" diff --git a/recipes-sota/config/files/90-log-debug.toml b/recipes-sota/config/files/90-log-debug.toml new file mode 100644 index 0000000..100a146 --- /dev/null +++ b/recipes-sota/config/files/90-log-debug.toml @@ -0,0 +1,2 @@ +[logger] +loglevel = 0 -- cgit v1.2.3-54-g00ecf From 6ca6d8e9b66cef6a2ed1caa8b3cde45d4367926e Mon Sep 17 00:00:00 2001 From: Phil Wise Date: Fri, 11 May 2018 11:10:11 +0200 Subject: Bump Aktualizr version to get P11 fixes --- recipes-sota/aktualizr/aktualizr_git.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index 083f5cc..c146268 100644 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -22,7 +22,7 @@ SRC_URI = " \ file://aktualizr-secondary.socket \ file://aktualizr-serialcan.service \ " -SRCREV = "617d6d9242239a5719296f18e207ac4d8d94b7b2" +SRCREV = "fe766d1b9fb42f74394aa3abd9ac80221669f67c" BRANCH ?= "master" S = "${WORKDIR}/git" -- cgit v1.2.3-54-g00ecf From 1198bf38017d62f67356df9651a009947f402280 Mon Sep 17 00:00:00 2001 From: Ming Liu Date: Sat, 11 Nov 2017 15:25:03 +0800 Subject: image_types_ota.bbclass: do not inherit image As a image_types_* bbclass, it does not have to inherit image class, it is sort of redundant code. Signed-off-by: Ming Liu --- classes/image_types_ota.bbclass | 2 -- 1 file changed, 2 deletions(-) diff --git a/classes/image_types_ota.bbclass b/classes/image_types_ota.bbclass index 36e7059..17fe4e8 100644 --- a/classes/image_types_ota.bbclass +++ b/classes/image_types_ota.bbclass @@ -7,8 +7,6 @@ # boot scripts, kernel and initramfs images # -inherit image - OSTREE_BOOTLOADER ??= 'u-boot' do_image_otaimg[depends] += "e2fsprogs-native:do_populate_sysroot \ -- cgit v1.2.3-54-g00ecf From 5d478c9f25ee387c0a9f3a644caca037fbe60512 Mon Sep 17 00:00:00 2001 From: Ming Liu Date: Fri, 17 Nov 2017 09:53:05 +0800 Subject: image_types_ostree.bbclass: do not inherit image As a image_types_* bbclass, it does not have to inherit image class, it is sort of redundant code. Signed-off-by: Ming Liu --- classes/image_types_ostree.bbclass | 2 -- 1 file changed, 2 deletions(-) diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass index dc14e4a..46b31b5 100644 --- a/classes/image_types_ostree.bbclass +++ b/classes/image_types_ostree.bbclass @@ -1,7 +1,5 @@ # OSTree deployment -inherit image - do_image_ostree[depends] += "ostree-native:do_populate_sysroot \ openssl-native:do_populate_sysroot \ coreutils-native:do_populate_sysroot \ -- cgit v1.2.3-54-g00ecf From 2bb77315b00a4e31287cefd43c5ff42b0698f5b6 Mon Sep 17 00:00:00 2001 From: Ricardo Salveti Date: Tue, 20 Feb 2018 23:00:40 -0300 Subject: sota.bbclass: use common rpi override for raspberrypi sota_raspberrypi can handle the rpi differences if required. Signed-off-by: Ricardo Salveti --- classes/sota.bbclass | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/classes/sota.bbclass b/classes/sota.bbclass index bbb9ac9..4e525e2 100644 --- a/classes/sota.bbclass +++ b/classes/sota.bbclass @@ -33,8 +33,7 @@ GARAGE_SIGN_KEYNAME ?= "garage-key" GARAGE_TARGET_NAME ?= "${OSTREE_BRANCHNAME}" SOTA_MACHINE ??="none" -SOTA_MACHINE_raspberrypi2 ?= "raspberrypi" -SOTA_MACHINE_raspberrypi3 ?= "raspberrypi" +SOTA_MACHINE_rpi ?= "raspberrypi" SOTA_MACHINE_porter ?= "porter" SOTA_MACHINE_m3ulcb = "m3ulcb" SOTA_MACHINE_intel-corei7-64 ?= "minnowboard" -- cgit v1.2.3-54-g00ecf From 28f18be41d4b01dc5208159fd569f3820264b16e Mon Sep 17 00:00:00 2001 From: Ricardo Salveti Date: Mon, 2 Apr 2018 13:16:34 -0300 Subject: aktualizr: include default configs as part of host-tools Provide the default sota configs as part of host-tools so they can be used by aktualizr_cert_provider and aktualizr_implicit_writer. Signed-off-by: Ricardo Salveti --- recipes-sota/aktualizr/aktualizr_git.bb | 10 ++++++++++ 1 file changed, 10 insertions(+) mode change 100644 => 100755 recipes-sota/aktualizr/aktualizr_git.bb diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb old mode 100644 new mode 100755 index c146268..95c36fa --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -56,6 +56,11 @@ do_install_append () { rm -fr ${D}${libdir}/systemd rm -f ${D}${libdir}/sota/sota.toml # Only needed for the Debian package install -m 0700 -d ${D}${libdir}/sota/conf.d + install -m 0644 ${S}/config/sota_autoprov.toml ${D}/${libdir}/sota/sota_autoprov.toml + install -m 0644 ${S}/config/sota_autoprov_primary.toml ${D}/${libdir}/sota/sota_autoprov_primary.toml + install -m 0644 ${S}/config/sota_hsm_prov.toml ${D}/${libdir}/sota/sota_hsm_prov.toml + install -m 0644 ${S}/config/sota_implicit_prov.toml ${D}/${libdir}/sota/sota_implicit_prov.toml + install -m 0644 ${S}/config/sota_implicit_prov_ca.toml ${D}/${libdir}/sota/sota_implicit_prov_ca.toml install -m 0644 ${S}/config/sota_secondary.toml ${D}/${libdir}/sota/sota_secondary.toml install -d ${D}${systemd_unitdir}/system install -m 0644 ${WORKDIR}/aktualizr-secondary.socket ${D}${systemd_unitdir}/system/aktualizr-secondary.socket @@ -106,6 +111,11 @@ FILES_${PN}-host-tools = " \ ${bindir}/aktualizr_implicit_writer \ ${bindir}/garage-deploy \ ${bindir}/garage-push \ + ${libdir}/sota/sota_autoprov.toml \ + ${libdir}/sota/sota_autoprov_primary.toml \ + ${libdir}/sota/sota_hsm_prov.toml \ + ${libdir}/sota/sota_implicit_prov.toml \ + ${libdir}/sota/sota_implicit_prov_ca.toml \ " FILES_${PN}-secondary = " \ -- cgit v1.2.3-54-g00ecf From 9ef1f5b379e7b80d91f77ae99b6c07c07987f753 Mon Sep 17 00:00:00 2001 From: Ricardo Salveti Date: Wed, 11 Apr 2018 14:11:30 -0300 Subject: Add support for custom garage target version and url Both values can be defined by the user, allowing a custom version id and URL, which is specially useful for CI builds. Signed-off-by: Ricardo Salveti --- classes/image_types_ostree.bbclass | 10 ++++++++-- classes/sota.bbclass | 2 ++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass index 46b31b5..bc27c09 100644 --- a/classes/image_types_ostree.bbclass +++ b/classes/image_types_ostree.bbclass @@ -201,6 +201,12 @@ IMAGE_CMD_garagesign () { ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME}) + # Use OSTree target hash as version if none was provided by the user + target_version=${ostree_target_hash} + if [ -n "${GARAGE_TARGET_VERSION}" ]; then + target_version=${GARAGE_TARGET_VERSION} + fi + # Push may fail due to race condition when multiple build machines try to push simultaneously # in which case targets.json should be pulled again and the whole procedure repeated push_success=0 @@ -211,9 +217,9 @@ IMAGE_CMD_garagesign () { --home-dir ${GARAGE_SIGN_REPO} \ --name ${GARAGE_TARGET_NAME} \ --format OSTREE \ - --version ${ostree_target_hash} \ + --version ${target_version} \ --length 0 \ - --url "https://example.com/" \ + --url "${GARAGE_TARGET_URL}" \ --sha256 ${ostree_target_hash} \ --hardwareids ${MACHINE} garage-sign targets sign --repo tufrepo \ diff --git a/classes/sota.bbclass b/classes/sota.bbclass index 4e525e2..1e765f0 100644 --- a/classes/sota.bbclass +++ b/classes/sota.bbclass @@ -31,6 +31,8 @@ OSTREE_INITRAMFS_IMAGE ?= "initramfs-ostree-image" GARAGE_SIGN_REPO ?= "${DEPLOY_DIR_IMAGE}/garage_sign_repo" GARAGE_SIGN_KEYNAME ?= "garage-key" GARAGE_TARGET_NAME ?= "${OSTREE_BRANCHNAME}" +GARAGE_TARGET_VERSION ?= "" +GARAGE_TARGET_URL ?= "https://example.com/" SOTA_MACHINE ??="none" SOTA_MACHINE_rpi ?= "raspberrypi" -- cgit v1.2.3-54-g00ecf From a2cdaee8502a8b1abe71ca6294af60628bc65a2b Mon Sep 17 00:00:00 2001 From: Ricardo Salveti Date: Fri, 23 Feb 2018 17:20:02 -0300 Subject: image_types_ostree.bbclass: clean up GARAGE_SIGN_REPO after push Avoid exposing the sign repo after the build is completed. Signed-off-by: Ricardo Salveti --- classes/image_types_ostree.bbclass | 1 + 1 file changed, 1 insertion(+) diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass index bc27c09..9e3bc6f 100644 --- a/classes/image_types_ostree.bbclass +++ b/classes/image_types_ostree.bbclass @@ -235,6 +235,7 @@ IMAGE_CMD_garagesign () { bbwarn "Push to garage repository has failed, retrying" fi done + rm -rf ${GARAGE_SIGN_REPO} if [ "$push_success" -ne "1" ]; then bberror "Couldn't push to garage repository" -- cgit v1.2.3-54-g00ecf From b11ddfbc56721ccc2836c6994678acb3e1b5ca74 Mon Sep 17 00:00:00 2001 From: Ming Liu Date: Mon, 20 Nov 2017 15:37:31 +0800 Subject: image_types_ostree.bbclass: change the systemd detecting logic It can not determine the init manager is systemd by checking if DISTRO_FEATURES contains 'systemd', change it to check VIRTUAL-RUNTIME_init_manager instead. Signed-off-by: Ming Liu --- classes/image_types_ostree.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass index 9e3bc6f..777360f 100644 --- a/classes/image_types_ostree.bbclass +++ b/classes/image_types_ostree.bbclass @@ -16,7 +16,7 @@ RAMDISK_EXT_arm ?= ".ext4.gz.u-boot" OSTREE_KERNEL ??= "${KERNEL_IMAGETYPE}" -export SYSTEMD_USED = "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', '', d)}" +export SYSTEMD_USED = "${@oe.utils.ifelse(d.getVar('VIRTUAL-RUNTIME_init_manager', True) == 'systemd', 'true', '')}" IMAGE_CMD_ostree () { if [ -z "$OSTREE_REPO" ]; then -- cgit v1.2.3-54-g00ecf From 3af1b32743b245be8c4e199c6a3785bc92e93ab1 Mon Sep 17 00:00:00 2001 From: Ming Liu Date: Mon, 20 Nov 2017 16:45:32 +0800 Subject: sota: introduce INITRAMFS_FSTYPES RAMDISK_EXT and IMAGE_FSTYPES of initramfs-ostree-image should not be defined separately, because they are representing the same fstype of a same initramfs image, or else, they turn out to be inconsistent if the users change one of them. So we use INITRAMFS_FSTYPES already defined in bitbake.conf, to be able to set fstype for initramfs. And it should default to ext4.gz.u-boot or ext4.gz depending on what OSTREE_BOOTLOADER is being set. Signed-off-by: Ming Liu --- classes/image_types_ostree.bbclass | 3 +-- classes/image_types_ota.bbclass | 2 -- classes/sota.bbclass | 4 +++- recipes-core/images/initramfs-ostree-image.bb | 3 +-- 4 files changed, 5 insertions(+), 7 deletions(-) diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass index 777360f..349d8fb 100644 --- a/classes/image_types_ostree.bbclass +++ b/classes/image_types_ostree.bbclass @@ -11,8 +11,7 @@ export OSTREE_REPO export OSTREE_BRANCHNAME export GARAGE_TARGET_NAME -RAMDISK_EXT ?= ".ext4.gz" -RAMDISK_EXT_arm ?= ".ext4.gz.u-boot" +RAMDISK_EXT ?= ".${INITRAMFS_FSTYPES}" OSTREE_KERNEL ??= "${KERNEL_IMAGETYPE}" diff --git a/classes/image_types_ota.bbclass b/classes/image_types_ota.bbclass index 17fe4e8..362c1bd 100644 --- a/classes/image_types_ota.bbclass +++ b/classes/image_types_ota.bbclass @@ -7,8 +7,6 @@ # boot scripts, kernel and initramfs images # -OSTREE_BOOTLOADER ??= 'u-boot' - do_image_otaimg[depends] += "e2fsprogs-native:do_populate_sysroot \ ${@'grub:do_populate_sysroot' if d.getVar('OSTREE_BOOTLOADER', True) == 'grub' else ''} \ ${@'virtual/bootloader:do_deploy' if d.getVar('OSTREE_BOOTLOADER', True) == 'u-boot' else ''}" diff --git a/classes/sota.bbclass b/classes/sota.bbclass index 1e765f0..7ff4bf1 100644 --- a/classes/sota.bbclass +++ b/classes/sota.bbclass @@ -20,13 +20,15 @@ WKS_FILE_sota ?= "sdimage-sota.wks" EXTRA_IMAGEDEPENDS_append_sota = " parted-native mtools-native dosfstools-native" +INITRAMFS_FSTYPES = "${@oe.utils.ifelse(d.getVar('OSTREE_BOOTLOADER', True) == 'u-boot', 'ext4.gz.u-boot', 'ext4.gz')}" + # Please redefine OSTREE_REPO in order to have a persistent OSTree repo OSTREE_REPO ?= "${DEPLOY_DIR_IMAGE}/ostree_repo" # For UPTANE operation, OSTREE_BRANCHNAME must start with "${MACHINE}-" OSTREE_BRANCHNAME ?= "${MACHINE}" OSTREE_OSNAME ?= "poky" OSTREE_INITRAMFS_IMAGE ?= "initramfs-ostree-image" - +OSTREE_BOOTLOADER ??= 'u-boot' GARAGE_SIGN_REPO ?= "${DEPLOY_DIR_IMAGE}/garage_sign_repo" GARAGE_SIGN_KEYNAME ?= "garage-key" diff --git a/recipes-core/images/initramfs-ostree-image.bb b/recipes-core/images/initramfs-ostree-image.bb index 4ab9da8..e77499e 100644 --- a/recipes-core/images/initramfs-ostree-image.bb +++ b/recipes-core/images/initramfs-ostree-image.bb @@ -13,8 +13,7 @@ IMAGE_LINGUAS = "" LICENSE = "MIT" -IMAGE_FSTYPES = "ext4.gz" -IMAGE_FSTYPES_append_arm = " ext4.gz.u-boot" +IMAGE_FSTYPES = "${INITRAMFS_FSTYPES}" inherit core-image -- cgit v1.2.3-54-g00ecf From 6ce668bc1ca33ae88ba6b51dee1e680212247539 Mon Sep 17 00:00:00 2001 From: Ricardo Salveti Date: Fri, 9 Feb 2018 00:54:15 -0200 Subject: ostree: fix systemd service files permission Fix the following boot warning: systemd[1]: Configuration file /usr/lib/systemd/system/ostree-remount.service is marked executable. Please remove executable permission bits. Proceeding anyway. Signed-off-by: Ricardo Salveti --- recipes-sota/ostree/ostree_git.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/recipes-sota/ostree/ostree_git.bb b/recipes-sota/ostree/ostree_git.bb index ad85775..2db96e4 100644 --- a/recipes-sota/ostree/ostree_git.bb +++ b/recipes-sota/ostree/ostree_git.bb @@ -63,8 +63,8 @@ export SYSTEMD_REQUIRED do_install_append() { if [ -n ${SYSTEMD_REQUIRED} ]; then - install -p -D ${S}/src/boot/ostree-prepare-root.service ${D}${systemd_unitdir}/system/ostree-prepare-root.service - install -p -D ${S}/src/boot/ostree-remount.service ${D}${systemd_unitdir}/system/ostree-remount.service + install -m 0644 -D ${S}/src/boot/ostree-prepare-root.service ${D}${systemd_unitdir}/system/ostree-prepare-root.service + install -m 0644 -D ${S}/src/boot/ostree-remount.service ${D}${systemd_unitdir}/system/ostree-remount.service fi } -- cgit v1.2.3-54-g00ecf From 340c0b07b79dce7bc3081f1212c3f82f660f6b81 Mon Sep 17 00:00:00 2001 From: Ricardo Salveti Date: Thu, 8 Feb 2018 18:47:27 -0200 Subject: Replace INITRAMFS_FSTYPES with OSTREE_INITRAMFS_FSTYPES User is able to customize the init script via OSTREE_INITRAMFS_IMAGE but there is no way to set INITRAMFS_FSTYPES as it gets defined by sota.bbclass. Create a new variable called OSTREE_INITRAMFS_IMAGE to handle the INITRAMFS_FSTYPES update, and also allow the user to override it. Signed-off-by: Ricardo Salveti --- classes/image_types_ostree.bbclass | 2 +- classes/sota.bbclass | 2 +- recipes-core/images/initramfs-ostree-image.bb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass index 349d8fb..bc44e33 100644 --- a/classes/image_types_ostree.bbclass +++ b/classes/image_types_ostree.bbclass @@ -11,7 +11,7 @@ export OSTREE_REPO export OSTREE_BRANCHNAME export GARAGE_TARGET_NAME -RAMDISK_EXT ?= ".${INITRAMFS_FSTYPES}" +RAMDISK_EXT ?= ".${OSTREE_INITRAMFS_FSTYPES}" OSTREE_KERNEL ??= "${KERNEL_IMAGETYPE}" diff --git a/classes/sota.bbclass b/classes/sota.bbclass index 7ff4bf1..621db24 100644 --- a/classes/sota.bbclass +++ b/classes/sota.bbclass @@ -20,7 +20,7 @@ WKS_FILE_sota ?= "sdimage-sota.wks" EXTRA_IMAGEDEPENDS_append_sota = " parted-native mtools-native dosfstools-native" -INITRAMFS_FSTYPES = "${@oe.utils.ifelse(d.getVar('OSTREE_BOOTLOADER', True) == 'u-boot', 'ext4.gz.u-boot', 'ext4.gz')}" +OSTREE_INITRAMFS_FSTYPES ?= "${@oe.utils.ifelse(d.getVar('OSTREE_BOOTLOADER', True) == 'u-boot', 'ext4.gz.u-boot', 'ext4.gz')}" # Please redefine OSTREE_REPO in order to have a persistent OSTree repo OSTREE_REPO ?= "${DEPLOY_DIR_IMAGE}/ostree_repo" diff --git a/recipes-core/images/initramfs-ostree-image.bb b/recipes-core/images/initramfs-ostree-image.bb index e77499e..b2d9e27 100644 --- a/recipes-core/images/initramfs-ostree-image.bb +++ b/recipes-core/images/initramfs-ostree-image.bb @@ -13,7 +13,7 @@ IMAGE_LINGUAS = "" LICENSE = "MIT" -IMAGE_FSTYPES = "${INITRAMFS_FSTYPES}" +IMAGE_FSTYPES = "${OSTREE_INITRAMFS_FSTYPES}" inherit core-image -- cgit v1.2.3-54-g00ecf From c7076bfe1e4fc7c134ffbc2f9d1ea800ac93b601 Mon Sep 17 00:00:00 2001 From: Ricardo Salveti Date: Fri, 9 Feb 2018 19:09:30 -0200 Subject: image_types_ota: make default grub.cfg a link to loader/grub.cfg /boot/grub2/grub.cfg should reflect the grub.cfg used by the boot process instead of being an empty file. Signed-off-by: Ricardo Salveti --- classes/image_types_ota.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/classes/image_types_ota.bbclass b/classes/image_types_ota.bbclass index 362c1bd..b2643a7 100644 --- a/classes/image_types_ota.bbclass +++ b/classes/image_types_ota.bbclass @@ -76,7 +76,7 @@ IMAGE_CMD_otaimg () { if [ "${OSTREE_BOOTLOADER}" = "grub" ]; then mkdir -p ${PHYS_SYSROOT}/boot/grub2 - touch ${PHYS_SYSROOT}/boot/grub2/grub.cfg + ln -s ../loader/grub.cfg ${PHYS_SYSROOT}/boot/grub2/grub.cfg elif [ "${OSTREE_BOOTLOADER}" = "u-boot" ]; then touch ${PHYS_SYSROOT}/boot/loader/uEnv.txt else -- cgit v1.2.3-54-g00ecf From 324fa1a4ae46561e19e787216927f8bf67a6a862 Mon Sep 17 00:00:00 2001 From: Ricardo Salveti Date: Thu, 22 Feb 2018 13:30:17 -0300 Subject: sdimage-sota.wks: remove label as it gets set by image_types_ota image_types_ota already defines the rootfs label when creating the ota image, so drop label overwrite when creating the sdcard partition. Signed-off-by: Ricardo Salveti --- scripts/lib/wic/canned-wks/sdimage-sota.wks | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/lib/wic/canned-wks/sdimage-sota.wks b/scripts/lib/wic/canned-wks/sdimage-sota.wks index c31c3a5..f396526 100644 --- a/scripts/lib/wic/canned-wks/sdimage-sota.wks +++ b/scripts/lib/wic/canned-wks/sdimage-sota.wks @@ -4,4 +4,4 @@ # first vfat partition. part /boot --source bootimg-partition --ondisk mmcblk --fstype=vfat --label boot --active --align 4096 --size 20 -part / --source otaimage --ondisk mmcblk --fstype=ext4 --label root --align 4096 +part / --source otaimage --ondisk mmcblk --fstype=ext4 --align 4096 -- cgit v1.2.3-54-g00ecf From 2d17b5661df26393654aee32b54e63cc0cf0a48e Mon Sep 17 00:00:00 2001 From: Ricardo Salveti Date: Tue, 17 Apr 2018 23:50:47 -0300 Subject: ostree: remove python from rdepends Python is not needed by ostree itself (no script or utility using python), so remove it from the rdepends list. Signed-off-by: Ricardo Salveti --- recipes-sota/ostree/ostree_git.bb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/recipes-sota/ostree/ostree_git.bb b/recipes-sota/ostree/ostree_git.bb index 2db96e4..cdcb485 100644 --- a/recipes-sota/ostree/ostree_git.bb +++ b/recipes-sota/ostree/ostree_git.bb @@ -21,8 +21,7 @@ DEPENDS += "attr libarchive glib-2.0 pkgconfig gpgme libgsystem fuse e2fsprogs g DEPENDS_append = "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', ' systemd', '', d)}" DEPENDS_remove_class-native = "systemd-native" -RDEPENDS_${PN} = "python util-linux-libuuid util-linux-libblkid util-linux-libmount libcap bash" -RDEPENDS_${PN}_remove_class-native = "python-native" +RDEPENDS_${PN} = "util-linux-libuuid util-linux-libblkid util-linux-libmount libcap bash" EXTRA_OECONF = "CFLAGS='-Wno-error=missing-prototypes' --with-libarchive --disable-gtk-doc --disable-gtk-doc-html --disable-gtk-doc-pdf --disable-man --with-smack --with-builtin-grub2-mkconfig --with-curl --without-soup" EXTRA_OECONF_append_class-native = " --enable-wrpseudo-compat" -- cgit v1.2.3-54-g00ecf From bbbf1fa8d4fb4c806f08ffc09c9b2c57053d456b Mon Sep 17 00:00:00 2001 From: Ricardo Salveti Date: Thu, 12 Apr 2018 15:31:24 -0300 Subject: Check for custom target version for installed_versions Make sure to use the custom target version when creating installed_versions if defined by the user. Signed-off-by: Ricardo Salveti --- classes/image_types_ota.bbclass | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/classes/image_types_ota.bbclass b/classes/image_types_ota.bbclass index b2643a7..9581971 100644 --- a/classes/image_types_ota.bbclass +++ b/classes/image_types_ota.bbclass @@ -107,7 +107,11 @@ IMAGE_CMD_otaimg () { # Ensure that /var/local exists (AGL symlinks /usr/local to /var/local) install -d ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/local # Set package version for the first deployment - echo "{\"${ostree_target_hash}\":\"${GARAGE_TARGET_NAME}-${ostree_target_hash}\"}" > ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/sota/installed_versions + target_version=${ostree_target_hash} + if [ -n "${GARAGE_TARGET_VERSION}" ]; then + target_version=${GARAGE_TARGET_VERSION} + fi + echo "{\"${ostree_target_hash}\":\"${GARAGE_TARGET_NAME}-${target_version}\"}" > ${PHYS_SYSROOT}/ostree/deploy/${OSTREE_OSNAME}/var/sota/installed_versions rm -rf ${HOME_TMP} -- cgit v1.2.3-54-g00ecf From 6cc92819f88ecf79fa9a54b3b21446da61dbab48 Mon Sep 17 00:00:00 2001 From: Laurent Bonnans Date: Wed, 16 May 2018 11:16:51 +0200 Subject: aktualizr_git: remove duplicate installs If it's in `do_install_append`, no need to also put it in `do_install_append_class-native` --- recipes-sota/aktualizr/aktualizr_git.bb | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index 95c36fa..452a128 100755 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -55,7 +55,7 @@ EXTRA_OECMAKE_append_class-native = " -DBUILD_SOTA_TOOLS=ON \ do_install_append () { rm -fr ${D}${libdir}/systemd rm -f ${D}${libdir}/sota/sota.toml # Only needed for the Debian package - install -m 0700 -d ${D}${libdir}/sota/conf.d + install -d ${D}${libdir}/sota install -m 0644 ${S}/config/sota_autoprov.toml ${D}/${libdir}/sota/sota_autoprov.toml install -m 0644 ${S}/config/sota_autoprov_primary.toml ${D}/${libdir}/sota/sota_autoprov_primary.toml install -m 0644 ${S}/config/sota_hsm_prov.toml ${D}/${libdir}/sota/sota_hsm_prov.toml @@ -65,6 +65,7 @@ do_install_append () { install -d ${D}${systemd_unitdir}/system install -m 0644 ${WORKDIR}/aktualizr-secondary.socket ${D}${systemd_unitdir}/system/aktualizr-secondary.socket install -m 0644 ${WORKDIR}/aktualizr-secondary.service ${D}${systemd_unitdir}/system/aktualizr-secondary.service + install -m 0700 -d ${D}${libdir}/sota/conf.d install -m 0700 -d ${D}${sysconfdir}/sota/conf.d } @@ -75,12 +76,6 @@ do_install_append_class-target () { } do_install_append_class-native () { - install -m 0644 ${S}/config/sota_autoprov.toml ${D}/${libdir}/sota/sota_autoprov.toml - install -m 0644 ${S}/config/sota_autoprov_primary.toml ${D}/${libdir}/sota/sota_autoprov_primary.toml - install -m 0644 ${S}/config/sota_hsm_prov.toml ${D}/${libdir}/sota/sota_hsm_prov.toml - install -m 0644 ${S}/config/sota_implicit_prov.toml ${D}/${libdir}/sota/sota_implicit_prov.toml - install -m 0644 ${S}/config/sota_implicit_prov_ca.toml ${D}/${libdir}/sota/sota_implicit_prov_ca.toml - install -m 0755 ${B}/src/sota_tools/garage-sign/bin/* ${D}${bindir} install -m 0644 ${B}/src/sota_tools/garage-sign/lib/* ${D}${libdir} } -- cgit v1.2.3-54-g00ecf From 7e6ffbce3f8717d91142d1e80d7cda279f24145a Mon Sep 17 00:00:00 2001 From: Laurent Bonnans Date: Tue, 15 May 2018 15:42:26 +0200 Subject: Fix boot on qemux86-64 It needs a plain compressed file system and not an u-boot legacy image --- classes/sota.bbclass | 2 +- classes/sota_qemux86-64.bbclass | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/classes/sota.bbclass b/classes/sota.bbclass index 621db24..38d4ce5 100644 --- a/classes/sota.bbclass +++ b/classes/sota.bbclass @@ -20,7 +20,7 @@ WKS_FILE_sota ?= "sdimage-sota.wks" EXTRA_IMAGEDEPENDS_append_sota = " parted-native mtools-native dosfstools-native" -OSTREE_INITRAMFS_FSTYPES ?= "${@oe.utils.ifelse(d.getVar('OSTREE_BOOTLOADER', True) == 'u-boot', 'ext4.gz.u-boot', 'ext4.gz')}" +OSTREE_INITRAMFS_FSTYPES ??= "${@oe.utils.ifelse(d.getVar('OSTREE_BOOTLOADER', True) == 'u-boot', 'ext4.gz.u-boot', 'ext4.gz')}" # Please redefine OSTREE_REPO in order to have a persistent OSTree repo OSTREE_REPO ?= "${DEPLOY_DIR_IMAGE}/ostree_repo" diff --git a/classes/sota_qemux86-64.bbclass b/classes/sota_qemux86-64.bbclass index a5fd6a4..15b2043 100644 --- a/classes/sota_qemux86-64.bbclass +++ b/classes/sota_qemux86-64.bbclass @@ -4,6 +4,7 @@ IMAGE_FSTYPES_remove = "wic" PREFERRED_PROVIDER_virtual/bootloader_sota = "u-boot" UBOOT_MACHINE_sota = "qemu-x86_defconfig" OSTREE_BOOTLOADER ?= "u-boot" +OSTREE_INITRAMFS_FSTYPES ?= "ext4.gz" OSTREE_KERNEL_ARGS ?= "ramdisk_size=16384 rw rootfstype=ext4 rootwait rootdelay=2 ostree_root=/dev/hda" -- cgit v1.2.3-54-g00ecf From d67f28b66f5a26c2c68f985159823b3b9b5f0ea6 Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Thu, 17 May 2018 10:50:50 +0200 Subject: Move log-debug from 90 to 05. This way it will probably the first config read, meaning it will be applied earlier in the config processing flow. It still means that at the moment, no message about reading the log-debug.toml appears, though. --- recipes-sota/config/aktualizr-log-debug.bb | 6 +++--- recipes-sota/config/files/05-log-debug.toml | 2 ++ recipes-sota/config/files/90-log-debug.toml | 2 -- 3 files changed, 5 insertions(+), 5 deletions(-) create mode 100644 recipes-sota/config/files/05-log-debug.toml delete mode 100644 recipes-sota/config/files/90-log-debug.toml diff --git a/recipes-sota/config/aktualizr-log-debug.bb b/recipes-sota/config/aktualizr-log-debug.bb index 5cfd198..e628616 100644 --- a/recipes-sota/config/aktualizr-log-debug.bb +++ b/recipes-sota/config/aktualizr-log-debug.bb @@ -7,16 +7,16 @@ LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE;md5=9741c346eef56131163e13b9db1241 SRC_URI = " \ file://LICENSE \ - file://90-log-debug.toml \ + file://05-log-debug.toml \ " do_install_append () { install -m 0700 -d ${D}${libdir}/sota/conf.d - install -m 0644 ${WORKDIR}/90-log-debug.toml ${D}${libdir}/sota/conf.d/90-log-debug.toml + install -m 0644 ${WORKDIR}/05-log-debug.toml ${D}${libdir}/sota/conf.d/05-log-debug.toml } FILES_${PN} = " \ - ${libdir}/sota/conf.d/90-log-debug.toml \ + ${libdir}/sota/conf.d/05-log-debug.toml \ " # vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/recipes-sota/config/files/05-log-debug.toml b/recipes-sota/config/files/05-log-debug.toml new file mode 100644 index 0000000..100a146 --- /dev/null +++ b/recipes-sota/config/files/05-log-debug.toml @@ -0,0 +1,2 @@ +[logger] +loglevel = 0 diff --git a/recipes-sota/config/files/90-log-debug.toml b/recipes-sota/config/files/90-log-debug.toml deleted file mode 100644 index 100a146..0000000 --- a/recipes-sota/config/files/90-log-debug.toml +++ /dev/null @@ -1,2 +0,0 @@ -[logger] -loglevel = 0 -- cgit v1.2.3-54-g00ecf From e827d33de0135b3c924061aa3fa05ac52e88fe89 Mon Sep 17 00:00:00 2001 From: Laurent Bonnans Date: Thu, 17 May 2018 11:30:18 +0200 Subject: Review shipped directories in aktualizr recipes Missing directories in FILES_xx were causing bitbake QA errors on sumo --- recipes-sota/aktualizr/aktualizr-auto-prov.bb | 1 + recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb | 3 ++- recipes-sota/aktualizr/aktualizr-hsm-prov.bb | 1 + recipes-sota/aktualizr/aktualizr-implicit-prov.bb | 1 + recipes-sota/aktualizr/aktualizr_git.bb | 2 +- 5 files changed, 6 insertions(+), 2 deletions(-) diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov.bb b/recipes-sota/aktualizr/aktualizr-auto-prov.bb index 1a42184..8deee7e 100644 --- a/recipes-sota/aktualizr/aktualizr-auto-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-auto-prov.bb @@ -47,6 +47,7 @@ do_install() { } FILES_${PN} = " \ + ${libdir}/sota/conf.d \ ${libdir}/sota/conf.d/20-sota.toml \ ${localstatedir}/sota \ ${localstatedir}/sota/sota_provisioning_credentials.zip \ diff --git a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb index a118dfd..319074e 100644 --- a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb @@ -63,9 +63,10 @@ do_install() { } FILES_${PN} = " \ - ${localstatedir}/sota/* \ + ${libdir}/sota/conf.d \ ${libdir}/sota/conf.d/20-sota.toml \ ${libdir}/sota/root.crt \ + ${localstatedir}/sota/* \ " # vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/recipes-sota/aktualizr/aktualizr-hsm-prov.bb b/recipes-sota/aktualizr/aktualizr-hsm-prov.bb index 290167f..504f0d8 100644 --- a/recipes-sota/aktualizr/aktualizr-hsm-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-hsm-prov.bb @@ -26,6 +26,7 @@ do_install() { } FILES_${PN} = " \ + ${libdir}/sota/conf.d \ ${libdir}/sota/conf.d/20-sota.toml \ " diff --git a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb index 2f9980a..dcfaffb 100644 --- a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb @@ -26,6 +26,7 @@ do_install() { } FILES_${PN} = " \ + ${libdir}/sota/conf.d \ ${libdir}/sota/conf.d/20-sota.toml \ ${libdir}/sota/root.crt \ " diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index 452a128..8ea1e63 100755 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -86,8 +86,8 @@ FILES_${PN} = " \ ${bindir}/aktualizr \ ${bindir}/aktualizr-info \ ${bindir}/aktualizr-check-discovery \ - ${libdir}/sota/conf.d \ ${systemd_unitdir}/system/aktualizr.service \ + ${libdir}/sota/conf.d \ ${sysconfdir}/sota/conf.d \ " -- cgit v1.2.3-54-g00ecf From d073dd4243405e4d1cda2264f810cb863dd0fbb8 Mon Sep 17 00:00:00 2001 From: Phil Wise Date: Thu, 17 May 2018 15:53:30 +0200 Subject: Remove aktualizr-common because schemas are embedded --- recipes-sota/aktualizr/aktualizr_git.bb | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index 452a128..58f2fd5 100755 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -22,7 +22,7 @@ SRC_URI = " \ file://aktualizr-secondary.socket \ file://aktualizr-serialcan.service \ " -SRCREV = "fe766d1b9fb42f74394aa3abd9ac80221669f67c" +SRCREV = "3b89858cf8ce9a8331cc4e6a5d2b5783d2eb7ae9" BRANCH ?= "master" S = "${WORKDIR}/git" @@ -80,7 +80,7 @@ do_install_append_class-native () { install -m 0644 ${B}/src/sota_tools/garage-sign/lib/* ${D}${libdir} } -PACKAGES =+ " ${PN}-common ${PN}-examples ${PN}-host-tools ${PN}-secondary " +PACKAGES =+ " ${PN}-examples ${PN}-host-tools ${PN}-secondary " FILES_${PN} = " \ ${bindir}/aktualizr \ @@ -91,10 +91,6 @@ FILES_${PN} = " \ ${sysconfdir}/sota/conf.d \ " -FILES_${PN}-common = " \ - ${libdir}/sota/schemas \ - " - FILES_${PN}-examples = " \ ${libdir}/sota/demo_secondary.json \ ${bindir}/example-interface \ @@ -120,8 +116,4 @@ FILES_${PN}-secondary = " \ ${systemd_unitdir}/system/aktualizr-secondary.service \ " -# Both primary and secondary need the SQL Schemas -RDEPENDS_${PN}_class-target =+ "${PN}-common" -RDEPENDS_${PN}-secondary_class-target =+ "${PN}-common" - # vim:set ts=4 sw=4 sts=4 expandtab: -- cgit v1.2.3-54-g00ecf From 10f1c7706cf2ad012dac46f36f93387b71f28ee7 Mon Sep 17 00:00:00 2001 From: Laurent Bonnans Date: Fri, 18 May 2018 15:41:47 +0200 Subject: Remove support for u-boot on minnowboard See https://github.com/advancedtelematic/meta-updater-minnowboard/pull/6 --- classes/sota_minnowboard_uboot.inc | 8 -------- 1 file changed, 8 deletions(-) delete mode 100644 classes/sota_minnowboard_uboot.inc diff --git a/classes/sota_minnowboard_uboot.inc b/classes/sota_minnowboard_uboot.inc deleted file mode 100644 index 85d6a60..0000000 --- a/classes/sota_minnowboard_uboot.inc +++ /dev/null @@ -1,8 +0,0 @@ -PREFERRED_PROVIDER_virtual/bootloader_sota ?= "u-boot-ota" -UBOOT_MACHINE_sota ?= "minnowmax_defconfig" - -EXTRA_IMAGEDEPENDS_append_sota = " minnowboard-bootfiles" -IMAGE_BOOT_FILES_sota ?= "minnowboard-bootfiles/*" - -OSTREE_KERNEL_ARGS ?= "ramdisk_size=16384 rw rootfstype=ext4 rootwait rootdelay=2 ostree_root=/dev/hda console=ttyS0,115200 console=tty0" - -- cgit v1.2.3-54-g00ecf