From 5c36fff1607aa645f5f522d42dcd28d70d070f3b Mon Sep 17 00:00:00 2001
From: Anton Gerasimov <anton@advancedtelematic.com>
Date: Wed, 17 May 2017 17:16:00 +0200
Subject: Add support for zipped credentials

---
 classes/image_types_ostree.bbclass                 | 48 ++++++++++++++++++++++
 .../rvi-sota-client/rvi-sota-client_git.bb         | 16 +-------
 2 files changed, 50 insertions(+), 14 deletions(-)

diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass
index 59d4510..03b9c68 100644
--- a/classes/image_types_ostree.bbclass
+++ b/classes/image_types_ostree.bbclass
@@ -3,6 +3,7 @@
 inherit image
 
 IMAGE_DEPENDS_ostree = "ostree-native:do_populate_sysroot \ 
+			openssl-native:do_populate_sysroot \
 			virtual/kernel:do_deploy \
 			${OSTREE_INITRAMFS_IMAGE}:do_image_complete"
 
@@ -16,6 +17,36 @@ OSTREE_KERNEL ??= "${KERNEL_IMAGETYPE}"
 
 export SYSTEMD_USED = "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', '', d)}"
 
+python () {
+    if d.getVar("SOTA_PACKED_CREDENTIALS", True):
+        if d.getVar("SOTA_AUTOPROVISION_CREDENTIALS", True):
+            bb.warn("SOTA_AUTOPROVISION_CREDENTIALS are overriden by those in SOTA_PACKED_CREDENTIALS")
+        if d.getVar("SOTA_AUTOPROVISION_URL", True):
+            bb.warn("SOTA_AUTOPROVISION_URL is overriden by one in SOTA_PACKED_CREDENTIALS")
+
+        if d.getVar("SOTA_AUTOPROVISION_URL_FILE", True):
+            bb.warn("SOTA_AUTOPROVISION_URL_FILE is overriden by one in SOTA_PACKED_CREDENTIALS")
+
+        if d.getVar("OSTREE_PUSH_CREDENTIALS", True):
+            bb.warn("OSTREE_PUSH_CREDENTIALS are overriden by those in SOTA_PACKED_CREDENTIALS")
+
+        d.setVar("SOTA_AUTOPROVISION_CREDENTIALS", "%s/sota_credentials/autoprov_credentials.p12" % d.getVar("DEPLOY_DIR_IMAGE", True))
+        d.setVar("SOTA_AUTOPROVISION_URL_FILE", "%s/sota_credentials/autoprov.url" % d.getVar("DEPLOY_DIR_IMAGE", True))
+        d.setVar("OSTREE_PUSH_CREDENTIALS", "%s/sota_credentials/treehub.json" % d.getVar("DEPLOY_DIR_IMAGE", True))
+}
+
+IMAGE_DEPENDS_osreecredunpack = "unzip-native:do_populate_sysroot"
+
+IMAGE_CMD_ostreecredunpack () {
+	if [ ${SOTA_PACKED_CREDENTIALS} ]; then
+		rm -rf ${DEPLOY_DIR_IMAGE}/sota_credentials
+
+		unzip ${SOTA_PACKED_CREDENTIALS} -d ${DEPLOY_DIR_IMAGE}/sota_credentials
+	fi
+}
+
+IMAGE_TYPEDEP_ostree = "ostreecredunpack"
+
 IMAGE_CMD_ostree () {
 	if [ -z "$OSTREE_REPO" ]; then
 		bbfatal "OSTREE_REPO should be set in your local.conf"
@@ -114,6 +145,23 @@ IMAGE_CMD_ostree () {
 		ln -sf var/roothome root
 	fi
 
+	# deploy SOTA credentials
+	if [ -n "${SOTA_AUTOPROVISION_CREDENTIALS}" ]; then
+		EXPDATE=`openssl pkcs12 -in ${SOTA_AUTOPROVISION_CREDENTIALS} -password "pass:" -nodes 2>/dev/null | openssl x509 -noout -enddate | cut -f2 -d "="`
+
+		if [ `date +%s` -ge `date -d "${EXPDATE}" +%s` ]; then
+			bberror "Certificate ${SOTA_AUTOPROVISION_CREDENTIALS} has expired on ${EXPDATE}"
+		fi
+
+		mkdir -p var/sota
+		cp ${SOTA_AUTOPROVISION_CREDENTIALS} var/sota/sota_provisioning_credentials.p12
+		if [ -n "${SOTA_AUTOPROVISION_URL_FILE}" ]; then
+			export SOTA_AUTOPROVISION_URL=`cat ${SOTA_AUTOPROVISION_URL_FILE}`
+		fi
+		echo "SOTA_GATEWAY_URI=${SOTA_AUTOPROVISION_URL}" > var/sota/sota_provisioning_url.env
+	fi
+
+
 	# Creating boot directories is required for "ostree admin deploy"
 
 	mkdir -p boot/loader.0
diff --git a/recipes-sota/rvi-sota-client/rvi-sota-client_git.bb b/recipes-sota/rvi-sota-client/rvi-sota-client_git.bb
index 9a3dbf9..9ba11ea 100644
--- a/recipes-sota/rvi-sota-client/rvi-sota-client_git.bb
+++ b/recipes-sota/rvi-sota-client/rvi-sota-client_git.bb
@@ -153,6 +153,7 @@ RDEPENDS_${PN} = " libcrypto \
                    python-json \
                    "
 
+export SOTA_PACKED_CREDENTIALS
 export SOTA_AUTOPROVISION_CREDENTIALS
 export SOTA_AUTOPROVISION_URL
 
@@ -171,7 +172,7 @@ do_install() {
 
   if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
     install -d ${D}/${systemd_unitdir}/system
-    if [ -n "$SOTA_AUTOPROVISION_CREDENTIALS" ]; then
+    if [ -n "$SOTA_AUTOPROVISION_CREDENTIALS" -o -n "$SOTA_PACKED_CREDENTIALS" ]; then
       install -c ${S}/run/sota_client_uptane_auto.service ${D}${systemd_unitdir}/system/sota_client.service
     else
       install -c ${S}/run/sota_client_ostree.service ${D}${systemd_unitdir}/system/sota_client.service
@@ -184,17 +185,4 @@ do_install() {
   install -c ${S}/run/sota_certificates ${D}${sysconfdir}
   ln -fs /lib ${D}/lib64
 
-  if [ -n "$SOTA_AUTOPROVISION_CREDENTIALS" ]; then
-    EXPDATE=`openssl pkcs12 -in $SOTA_AUTOPROVISION_CREDENTIALS -password "pass:" -nodes 2>/dev/null | openssl x509 -noout -enddate | cut -f2 -d "="`
-
-    if [ `date +%s` -ge `date -d "${EXPDATE}" +%s` ]; then
-      bberror "Certificate ${SOTA_AUTOPROVISION_CREDENTIALS} has expired on ${EXPDATE}"
-    fi
-
-    install -d ${D}/var
-    install -d ${D}/var/sota
-    install -m 0655 $SOTA_AUTOPROVISION_CREDENTIALS ${D}/var/sota/sota_provisioning_credentials.p12
-    echo "SOTA_GATEWAY_URI=$SOTA_AUTOPROVISION_URL" > ${D}/var/sota/sota_provisioning_url.env
-  fi
-
 }
-- 
cgit v1.2.3-54-g00ecf