From 87c9a19817c0b20b7c45a047cfc5c5a9a577dfd0 Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Mon, 21 Oct 2019 12:10:37 +0200 Subject: CI scripts: remove everything that only belongs in master. Signed-off-by: Patrick Vacek --- scripts/ci/Dockerfile.checkout | 13 -------- scripts/ci/checkout-oe.sh | 76 ------------------------------------------ scripts/ci/docker/setup_kvm.sh | 14 -------- scripts/ci/gitlab/checkout.yml | 16 --------- scripts/ci/gitlab/docker.yml | 37 -------------------- scripts/ci/gitlab/tests.yml | 35 ------------------- 6 files changed, 191 deletions(-) delete mode 100644 scripts/ci/Dockerfile.checkout delete mode 100755 scripts/ci/checkout-oe.sh delete mode 100755 scripts/ci/docker/setup_kvm.sh delete mode 100644 scripts/ci/gitlab/checkout.yml delete mode 100644 scripts/ci/gitlab/docker.yml delete mode 100644 scripts/ci/gitlab/tests.yml diff --git a/scripts/ci/Dockerfile.checkout b/scripts/ci/Dockerfile.checkout deleted file mode 100644 index 5210c6b..0000000 --- a/scripts/ci/Dockerfile.checkout +++ /dev/null @@ -1,13 +0,0 @@ -FROM debian:stretch-slim -LABEL Description="Image for checking out updater-repo" - -RUN sed -i 's#deb http://deb.debian.org/debian stretch main#deb http://deb.debian.org/debian stretch main contrib#g' /etc/apt/sources.list -RUN sed -i 's#deb http://deb.debian.org/debian stretch-updates main#deb http://deb.debian.org/debian stretch-updates main contrib#g' /etc/apt/sources.list -RUN apt-get update -q && apt-get install -qy \ - git \ - repo \ - xmlstarlet - -# checkout script -RUN mkdir /scripts -COPY checkout-oe.sh /scripts/ diff --git a/scripts/ci/checkout-oe.sh b/scripts/ci/checkout-oe.sh deleted file mode 100755 index fdc0e48..0000000 --- a/scripts/ci/checkout-oe.sh +++ /dev/null @@ -1,76 +0,0 @@ -#!/usr/bin/env bash - -set -euo pipefail - -set -x - -REMOTE_SOURCE=${REMOTE_SOURCE:-https://github.com/advancedtelematic} -MANIFEST=${MANIFEST:-master} -CURRENT_PROJECT=${CURRENT_PROJECT:-} - -# list of projects to pin to one version in the format: -# "project:rev;project2:rev2..." -PIN_LIST=${PIN_LIST:-} - -#CURRENT_REV=$(git rev-parse HEAD) -LOCAL_REPO=$PWD - -mkdir -p updater-repo - -cd updater-repo - -if [ -d .repo/manifests ]; then - git -C .repo/manifests reset --hard -fi - -repo init -m "${MANIFEST}.xml" -u "$REMOTE_SOURCE/updater-repo" - -# patch manifest: -# - add a new "ats" remote that points to "$REMOTE_SOURCE" -# - change projects that contain "advancedtelematic" to use the ats remote -MANIFEST_FILE=".repo/manifests/${MANIFEST}.xml" -xmlstarlet ed --omit-decl -L \ - -s "/manifest" -t elem -n "remote" -v "" \ - -i "/manifest/remote[last()]" -t attr -n "name" -v "ats" \ - -i "/manifest/remote[last()]" -t attr -n "fetch" -v "$REMOTE_SOURCE" \ - -d "/manifest/project[contains(@name, 'advancedtelematic')]/@remote" \ - -i "/manifest/project[contains(@name, 'advancedtelematic')]" -t attr -n "remote" -v "ats" \ - "$MANIFEST_FILE" - -# hack: sed on `advancedtelematic/` names, to remove this unwanted prefix -sed -i 's#name="advancedtelematic/#name="#g' "$MANIFEST_FILE" - -# pin projects from the list -( -IFS=";" -for pin in $PIN_LIST; do - IFS=":" - read -r project rev <<< "$pin" - xmlstarlet ed --omit-decl -L \ - -d "/manifest/project[@name=\"$project\"]/@revision" \ - -i "/manifest/project[@name=\"$project\"]/@revision" -t attr -n "revision" -v "$rev" \ - -i "/manifest/project[@name=\"$project\"]" -t attr -n "revision" -v "$rev" \ - "$MANIFEST_FILE" - IFS=";" -done -) - -# Remove the current project from the manifest if we have it checked out -if [ -n "$CURRENT_PROJECT" ]; then - xmlstarlet ed --omit-decl -L \ - -d "/manifest/project[@name=\"$CURRENT_PROJECT\"]" \ - "$MANIFEST_FILE" -fi - -repo manifest - -repo forall -c 'git reset --hard ; git clean -fdx' - -repo sync -d --force-sync - -if [ -n "$CURRENT_PROJECT" ]; then - rm -f "$CURRENT_PROJECT" - ln -s "$LOCAL_REPO" "$CURRENT_PROJECT" -fi - -repo manifest -r diff --git a/scripts/ci/docker/setup_kvm.sh b/scripts/ci/docker/setup_kvm.sh deleted file mode 100755 index 1ffbbf5..0000000 --- a/scripts/ci/docker/setup_kvm.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/usr/bin/env bash - -# This script makes the gid of the 'kvm' group to match the group -# owner of '/dev/kvm' -# -# These two are not guaranteed to match when a docker image starts -# with access to '/dev/kvm' that comes from the host - -set -euo pipefail - -kvm_gid=$(stat -c "%g" /dev/kvm) -groupmod -g "$kvm_gid" kvm -usermod -a -G kvm bitbake -ln -s /bin/true /usr/bin/kvm-ok diff --git a/scripts/ci/gitlab/checkout.yml b/scripts/ci/gitlab/checkout.yml deleted file mode 100644 index 28c9177..0000000 --- a/scripts/ci/gitlab/checkout.yml +++ /dev/null @@ -1,16 +0,0 @@ -.bb_checkout: - # parameters: - # - MANIFEST - # - REMOTE_SOURCE - # - CURRENT_PROJECT (will be symlinked instead of pulled) - - image: $BITBAKE_CHECKOUT_IMAGE - cache: - paths: - - updater-repo - artifacts: - expire_in: "1 day" - paths: - - updater-repo - script: - - /scripts/checkout-oe.sh diff --git a/scripts/ci/gitlab/docker.yml b/scripts/ci/gitlab/docker.yml deleted file mode 100644 index ba488c6..0000000 --- a/scripts/ci/gitlab/docker.yml +++ /dev/null @@ -1,37 +0,0 @@ -.bb_docker_local: - # intended to be run on meta-updater's master branch which contains the - # reference docker files - # parameters: - # - BITBAKE_IMAGE - # - BITBAKE_CHECKOUT_IMAGE - # - BITBKAE_IMAGE_MASTER - # - BITBAKE_CHECKOUT_IMAGE_MASTER - image: docker:18 - stage: docker - services: - - docker:18-dind - script: - - docker login -u gitlab-ci-token -p "$CI_JOB_TOKEN" "$CI_REGISTRY" - - - docker pull "$BITBAKE_IMAGE" || docker pull "$BITBKAE_IMAGE_MASTER" || true - - docker build --pull --cache-from "$BITBKAE_IMAGE_MASTER" --cache-from "$BITBAKE_IMAGE" -f ./scripts/ci/Dockerfile.bitbake -t "$BITBAKE_IMAGE" ./scripts/ci - - docker push "$BITBAKE_IMAGE" - - - docker pull "$BITBAKE_CHECKOUT_IMAGE" || docker pull "$BITBAKE_CHECKOUT_IMAGE_MASTER" || true - - docker build --pull --cache-from "$BITBAKE_CHECKOUT_IMAGE_MASTER" --cache-from "$BITBAKE_CHECKOUT_IMAGE" -f ./scripts/ci/Dockerfile.checkout -t "$BITBAKE_CHECKOUT_IMAGE" ./scripts/ci - - docker push "$BITBAKE_CHECKOUT_IMAGE" - -.bb_docker_remote: - # intended to be run on other branches and repos: just pulls the last master image - # parameters: - # - BITBAKE_IMAGE - # - BITBAKE_CHECKOUT_IMAGE - image: docker:18 - stage: docker - services: - - docker:18-dind - script: - - docker login -u gitlab-ci-token -p "$CI_JOB_TOKEN" "$CI_REGISTRY" - - - docker pull "$BITBAKE_IMAGE" - - docker pull "$BITBAKE_CHECKOUT_IMAGE" diff --git a/scripts/ci/gitlab/tests.yml b/scripts/ci/gitlab/tests.yml deleted file mode 100644 index 4175412..0000000 --- a/scripts/ci/gitlab/tests.yml +++ /dev/null @@ -1,35 +0,0 @@ -.bitbake: - # parameters: - # - TEST_BUILD_DIR - # - TEST_MACHINE (defaults to qemux86-64) - # - BITBAKE_TARGETS - image: $BITBAKE_IMAGE - dependencies: - - Checkout - tags: - - bitbake - script: - - /scripts/configure.sh - - /scripts/build.sh $BITBAKE_TARGETS - -.oe-selftest: - # parameters: - # - TEST_BUILD_DIR - # - TEST_MACHINE (defaults to qemux86-64) - # - OE_SELFTESTS - image: $BITBAKE_IMAGE - dependencies: - - Checkout - tags: - - bitbake - variables: - TEST_AKTUALIZR_CREDENTIALS: $CI_PROJECT_DIR/credentials.zip - script: - - aws s3 cp s3://ota-gitlab-ci/hereotaconnect_prod.zip credentials.zip - - sudo /usr/local/bin/setup_kvm.sh - - | - # sg is needed after adding bitbake to the kvm group (see setup_kvm.sh) - sg kvm << EOS - /scripts/configure.sh - /scripts/oe-selftest.sh $OE_SELFTESTS - EOS -- cgit v1.2.3-54-g00ecf From 77378436fcaa95b07c42d26a00fc021990004374 Mon Sep 17 00:00:00 2001 From: Laurent Bonnans Date: Thu, 5 Sep 2019 16:59:18 +0200 Subject: Raspberrypi4 initial support Signed-off-by: Laurent Bonnans --- classes/sota_raspberrypi.bbclass | 32 +++++++++++++++++++++++++- conf/include/bblayers/sota_raspberrypi4-64.inc | 3 +++ conf/include/bblayers/sota_raspberrypi4.inc | 3 +++ 3 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 conf/include/bblayers/sota_raspberrypi4-64.inc create mode 100644 conf/include/bblayers/sota_raspberrypi4.inc diff --git a/classes/sota_raspberrypi.bbclass b/classes/sota_raspberrypi.bbclass index 69f09fd..a7402ae 100644 --- a/classes/sota_raspberrypi.bbclass +++ b/classes/sota_raspberrypi.bbclass @@ -21,20 +21,50 @@ UBOOT_ENTRYPOINT_sota ?= "0x00008000" IMAGE_FSTYPES_remove_sota = "rpi-sdimg" OSTREE_BOOTLOADER ?= "u-boot" +def make_dtb_boot_files(d): + # Generate IMAGE_BOOT_FILES entries for device tree files listed in + # KERNEL_DEVICETREE. + # + # This function was taken from conf/machine/include/rpi-base.inc in + # meta-raspberrypi + alldtbs = d.getVar('KERNEL_DEVICETREE') + imgtyp = d.getVar('KERNEL_IMAGETYPE') + + def transform(dtb): + base = os.path.basename(dtb) + if dtb.endswith('dtb'): + return base + elif dtb.endswith('dtbo'): + return '{};{}'.format(base, dtb) + + return ' '.join([transform(dtb) for dtb in alldtbs.split(' ') if dtb]) + +IMAGE_BOOT_FILES_sota = "bcm2835-bootfiles/* \ + u-boot.bin;${SDIMG_KERNELIMAGE} \ + " + # OSTree puts its own boot.scr to bcm2835-bootfiles -IMAGE_BOOT_FILES_sota = "bcm2835-bootfiles/* u-boot.bin;${SDIMG_KERNELIMAGE}" +# raspberrypi4 needs dtb in /boot partition so that they can be read by the +# firmware +IMAGE_BOOT_FILES_append_sota_raspberrypi4 = "${@make_dtb_boot_files(d)}" # Just the overlays that will be used should be listed KERNEL_DEVICETREE_raspberrypi2_sota ?= " bcm2709-rpi-2-b.dtb " KERNEL_DEVICETREE_raspberrypi3_sota ?= " bcm2710-rpi-3-b.dtb overlays/vc4-kms-v3d.dtbo overlays/rpi-ft5406.dtbo" KERNEL_DEVICETREE_raspberrypi3-64_sota ?= " broadcom/bcm2710-rpi-3-b.dtb overlays/vc4-kms-v3d.dtbo overlays/vc4-fkms-v3d.dtbo overlays/rpi-ft5406.dtbo" +KERNEL_DEVICETREE_raspberrypi4_sota ?= " bcm2711-rpi-4-b.dtb overlays/vc4-fkms-v3d.dtbo overlays/uart0-rpi4.dtbo" +KERNEL_DEVICETREE_raspberrypi4-64_sota ?= " broadcom/bcm2711-rpi-4-b.dtb overlays/vc4-fkms-v3d.dtbo overlays/uart0-rpi4.dtbo" SOTA_MAIN_DTB_raspberrypi2 ?= "bcm2709-rpi-2-b.dtb" SOTA_MAIN_DTB_raspberrypi3 ?= "bcm2710-rpi-3-b.dtb" SOTA_MAIN_DTB_raspberrypi3-64 ?= "broadcom_bcm2710-rpi-3-b.dtb" +SOTA_MAIN_DTB_raspberrypi4_sota ?= "bcm2711-rpi-4-b.dtb" +SOTA_MAIN_DTB_raspberrypi4-64_sota ?= "broadcom_bcm2711-rpi-4-b.dtb" SOTA_DT_OVERLAYS_raspberrypi3 ?= "vc4-kms-v3d.dtbo rpi-ft5406.dtbo" SOTA_DT_OVERLAYS_raspberrypi3-64 ?= "vc4-kms-v3d.dtbo vc4-fkms-v3d.dtbo rpi-ft5406.dtbo" +SOTA_DT_OVERLAYS_raspberrypi4 ?= "vc4-fkms-v3d.dtbo uart0-rpi4.dtbo" +SOTA_DT_OVERLAYS_raspberrypi4-64 ?= "vc4-fkms-v3d.dtbo uart0-rpi4.dtbo" # Kernel args normally provided by RPi's internal bootloader. Non-updateable OSTREE_KERNEL_ARGS_sota ?= " 8250.nr_uarts=1 bcm2708_fb.fbwidth=656 bcm2708_fb.fbheight=614 bcm2708_fb.fbswap=1 vc_mem.mem_base=0x3ec00000 vc_mem.mem_size=0x40000000 dwc_otg.lpm_enable=0 console=ttyS0,115200 usbhid.mousepoll=0 " diff --git a/conf/include/bblayers/sota_raspberrypi4-64.inc b/conf/include/bblayers/sota_raspberrypi4-64.inc new file mode 100644 index 0000000..7e320af --- /dev/null +++ b/conf/include/bblayers/sota_raspberrypi4-64.inc @@ -0,0 +1,3 @@ +BBLAYERS += "${METADIR}/meta-updater-raspberrypi" +BBLAYERS += "${METADIR}/meta-raspberrypi" +BBLAYERS += "${METADIR}/meta-openembedded/meta-networking" diff --git a/conf/include/bblayers/sota_raspberrypi4.inc b/conf/include/bblayers/sota_raspberrypi4.inc new file mode 100644 index 0000000..7e320af --- /dev/null +++ b/conf/include/bblayers/sota_raspberrypi4.inc @@ -0,0 +1,3 @@ +BBLAYERS += "${METADIR}/meta-updater-raspberrypi" +BBLAYERS += "${METADIR}/meta-raspberrypi" +BBLAYERS += "${METADIR}/meta-openembedded/meta-networking" -- cgit v1.2.3-54-g00ecf From aaa329a0a3cfd2456be8fa26e1d53dd076da2fd9 Mon Sep 17 00:00:00 2001 From: Laurent Bonnans Date: Tue, 17 Sep 2019 18:00:34 +0200 Subject: Use the recommended kernel entry point on RPI 0x8000 does not work on raspberrypi4-64 whereas 0x80000 is the value recommended for all platforms on u-boot Signed-off-by: Laurent Bonnans --- classes/sota_raspberrypi.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/classes/sota_raspberrypi.bbclass b/classes/sota_raspberrypi.bbclass index a7402ae..c901a70 100644 --- a/classes/sota_raspberrypi.bbclass +++ b/classes/sota_raspberrypi.bbclass @@ -16,7 +16,7 @@ DEV_MATCH_DIRECTIVE_pn-networkd-dhcp-conf = "Driver=smsc95xx lan78xx" IMAGE_INSTALL_append_sota = " virtual/network-configuration " PREFERRED_PROVIDER_virtual/bootloader_sota ?= "u-boot" -UBOOT_ENTRYPOINT_sota ?= "0x00008000" +UBOOT_ENTRYPOINT_sota ?= "0x00080000" IMAGE_FSTYPES_remove_sota = "rpi-sdimg" OSTREE_BOOTLOADER ?= "u-boot" -- cgit v1.2.3-54-g00ecf From b525b5d980b9ed1b506ede29485261c5ec04074a Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Thu, 10 Oct 2019 13:49:50 +0200 Subject: Example config for a virtual secondary. Useful for updating an arbitrary file in /var. Signed-off-by: Patrick Vacek --- recipes-sota/config/aktualizr-virtualsec.bb | 27 +++++++++++++++++++++++++++ recipes-sota/config/files/30-virtualsec.toml | 3 +++ recipes-sota/config/files/virtualsec.json | 14 ++++++++++++++ 3 files changed, 44 insertions(+) create mode 100644 recipes-sota/config/aktualizr-virtualsec.bb create mode 100644 recipes-sota/config/files/30-virtualsec.toml create mode 100644 recipes-sota/config/files/virtualsec.json diff --git a/recipes-sota/config/aktualizr-virtualsec.bb b/recipes-sota/config/aktualizr-virtualsec.bb new file mode 100644 index 0000000..b7d55aa --- /dev/null +++ b/recipes-sota/config/aktualizr-virtualsec.bb @@ -0,0 +1,27 @@ +SUMMARY = "Example virtual secondary in aktualizr" +DESCRIPTION = "Creates an example virtual secondary to be used to update an arbitrary file on the primary" +HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" +SECTION = "base" +LICENSE = "MPL-2.0" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" + +inherit allarch + +SRC_URI = " \ + file://30-virtualsec.toml \ + file://virtualsec.json \ + " + +do_install_append () { + install -m 0700 -d ${D}${libdir}/sota/conf.d + install -m 0644 ${WORKDIR}/30-virtualsec.toml ${D}${libdir}/sota/conf.d/30-virtualsec.toml + install -m 0644 ${WORKDIR}/virtualsec.json ${D}${libdir}/sota/virtualsec.json +} + +FILES_${PN} = " \ + ${libdir}/sota/conf.d/30-virtualsec.toml \ + ${libdir}/sota/virtualsec.json \ + " + +# vim:set ts=4 sw=4 sts=4 expandtab: + diff --git a/recipes-sota/config/files/30-virtualsec.toml b/recipes-sota/config/files/30-virtualsec.toml new file mode 100644 index 0000000..987f692 --- /dev/null +++ b/recipes-sota/config/files/30-virtualsec.toml @@ -0,0 +1,3 @@ +[uptane] +secondary_config_file = "/usr/lib/sota/virtualsec.json" + diff --git a/recipes-sota/config/files/virtualsec.json b/recipes-sota/config/files/virtualsec.json new file mode 100644 index 0000000..dcdcdba --- /dev/null +++ b/recipes-sota/config/files/virtualsec.json @@ -0,0 +1,14 @@ +{ + "virtual": [ + { + "partial_verifying": "false", + "ecu_hardware_id": "external-config", + "full_client_dir": "/var/sota/external-config", + "ecu_private_key": "sec.private", + "ecu_public_key": "sec.public", + "firmware_path": "/var/sota/external-config/config.txt", + "target_name_path": "/var/sota/external-config/target_name", + "metadata_path": "/var/sota/external-config/metadata" + } + ] +} -- cgit v1.2.3-54-g00ecf From fa62e15a96fc1f6c2917c3c14bb7f84b8df1f619 Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Mon, 14 Oct 2019 17:19:01 +0200 Subject: README: update and restructure the links to the dev portal. Signed-off-by: Patrick Vacek --- README.adoc | 36 ++++++++++++++++++++---------------- 1 file changed, 20 insertions(+), 16 deletions(-) diff --git a/README.adoc b/README.adoc index 12e0446..8c39e4e 100644 --- a/README.adoc +++ b/README.adoc @@ -7,7 +7,7 @@ Meta-updater is a link:https://www.yoctoproject.org/software-overview/layers/[Yo https://github.com/ostreedev/ostree[OSTree] is a tool for atomic full file system upgrades with rollback capability. OSTree has several advantages over traditional dual-bank systems, but the most important one is that it minimizes network bandwidth and data storage footprint by sharing files with the same contents across file system deployments. -https://github.com/advancedtelematic/aktualizr[Aktualizr] (and https://github.com/advancedtelematic/rvi_sota_client[RVI SOTA client]) add authentication and provisioning capabilities to OTA and are integrated with OSTree. You can connect with these open-source applications or sign up for a free account at https://connect.ota.here.com/[HERE OTA Connect] to get started. +https://github.com/advancedtelematic/aktualizr[Aktualizr] implements https://uptane.github.io/uptane-standard/uptane-standard.html[Uptane], supports device authentication and provisioning, and is integrated with OSTree. You can connect aktualizr to your own server solution or sign up for a free account at https://connect.ota.here.com/[HERE OTA Connect] to get started. == Quickstart @@ -36,37 +36,41 @@ The following documentation focuses on tasks that involve the meta-updater layer The following links point to files in the aktualizr repository where the source of the developer guide is stored. ==== -* xref:{aktualizr-docsroot}meta-updater-build.adoc[Build] -+ -Learn how to use this layer to build a basic disk image and add it to your own Yocto project. -+ * xref:{aktualizr-docsroot}supported-boards.adoc[Supported boards] + Find out if your board is supported and learn about the minimum hardware requirements. + +* xref:{aktualizr-docsroot}build-agl.adoc[Build an Automotive Grade Linux image] ++ +Learn how to use this layer as part of AGL. ++ +* xref:{aktualizr-docsroot}add-ota-functonality-existing-yocto-project.adoc[Add OTA functionality to an existing Yocto project] ++ +Learn how to add this layer to your own Yocto project. ++ * xref:{aktualizr-docsroot}build-configuration.adoc[SOTA-related variables in local.conf] + -Learn how to configure OTA-related functionality when building disk images. +Learn how to configure OTA-related functionality when building images, including how to install custom versions of aktualizr. + -* xref:{aktualizr-docsroot}meta-updater-usage.adoc[Usage] +* xref:{aktualizr-docsroot}recommended-clientconfig.adoc[Recommended configuration] + -Learn about the `garage-push` and `garage-sign` utilities, aktualizr configuration and service resource control, and OSTree. +Learn how to optimize your build for development or production. + -* xref:{aktualizr-docsroot}meta-updater-dev-config.adoc[Development configuration] +* xref:{aktualizr-docsroot}client-provisioning-methods.adoc[Provisoning methods] + -Learn how to configure logging, install custom versions of aktualizr, and override the version indicator for sofware updates. +Learn more about the methods for provisioning devices. For more detail, you may also want to read about how to xref:{aktualizr-docsroot}enable-device-cred-provisioning.adoc[enable device credential provisioning] or how to xref:{aktualizr-docsroot}simulate-device-cred-provtest.adoc[simulate it for testing]. + -* xref:{aktualizr-docsroot}meta-updater-testing.adoc#_qa_with_oe_selftest[QA with oe-selftest] +* xref:{aktualizr-docsroot}meta-updater-usage.adoc[Advanced usage] + -Learn how to use the `oe-selftest` framework for quality assurance. +Learn about the `garage-push` and `garage-sign` utilities, aktualizr configuration recipes, and service resource control. + -* xref:{aktualizr-docsroot}meta-updater-testing.adoc#_aktualizr_test_suite_with_ptest[Aktualizr test suite with ptest] +* xref:{aktualizr-docsroot}meta-updater-testing.adoc[Testing with oe-selftest and ptest] + -Learn how to enable Yocto's package test functionality and run parts of the aktualizr test suite. +Learn how to use the `oe-selftest` framework for quality assurance and how to run the aktualizr test suite via ptest. + -* xref:{aktualizr-docsroot}meta-updater-provisioning-methods.adoc[Provisoning methods] +* xref:{aktualizr-docsroot}troubleshooting.adoc[Troubleshooting] + -Learn how to enable different methods for provisioning devices. +Get help on common problems. == License -- cgit v1.2.3-54-g00ecf From f37b074db89244022c6a5ebb328ef9fa5e65be9f Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Tue, 15 Oct 2019 14:55:24 +0200 Subject: README: fix a malformed link and add some more. Signed-off-by: Patrick Vacek --- README.adoc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.adoc b/README.adoc index 8c39e4e..e4ae3e6 100644 --- a/README.adoc +++ b/README.adoc @@ -2,6 +2,7 @@ :toc: macro :toc-title: :aktualizr-docsroot: https://github.com/advancedtelematic/aktualizr/tree/master/docs/ota-client-guide/modules/ROOT/pages/ +:getstarted-docsroot: https://docs.ota.here.com/getstarted/dev/ Meta-updater is a link:https://www.yoctoproject.org/software-overview/layers/[Yocto layer] that enables over-the-air updates (OTA) with https://github.com/ostreedev/ostree[OSTree] and https://github.com/advancedtelematic/aktualizr[Aktualizr] -- the default client for link:https://www.here.com/products/automotive/ota-technology[HERE OTA Connect]. @@ -11,7 +12,7 @@ https://github.com/advancedtelematic/aktualizr[Aktualizr] implements https://upt == Quickstart -If you don't already have a Yocto project that you want to add OTA to, you can use the xref:dev@getstarted::raspberry-pi.adoc[HERE OTA Connect Quickstart] project to rapidly get up and running on a Raspberry Pi. It takes a standard https://www.yoctoproject.org/tools-resources/projects/poky[poky] distribution, and adds OTA and OSTree capabilities. +If you don't already have a Yocto project that you want to add OTA to, you can use the xref:{getstarted-docsroot}get-started.html[HERE OTA Connect Quickstart] project to rapidly get up and running on a xref:{getstarted-docsroot}raspberry-pi.html[Raspberry Pi] or with xref:{getstarted-docsroot}qemuvirtualbox.html[QEMU]. It takes a standard https://www.yoctoproject.org/tools-resources/projects/poky[poky] distribution, and adds OTA and OSTree capabilities. == Dependencies -- cgit v1.2.3-54-g00ecf From 572f5bfeedb5d1269bdb6ef599c26148b21412e9 Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Wed, 16 Oct 2019 15:17:10 +0200 Subject: README: Point docs at the dev guide in the portal. As opposed to the source of the docs in the aktualizr repo. Signed-off-by: Patrick Vacek --- README.adoc | 28 ++++++++++++---------------- 1 file changed, 12 insertions(+), 16 deletions(-) diff --git a/README.adoc b/README.adoc index e4ae3e6..4cccc7b 100644 --- a/README.adoc +++ b/README.adoc @@ -1,7 +1,7 @@ = meta-updater :toc: macro :toc-title: -:aktualizr-docsroot: https://github.com/advancedtelematic/aktualizr/tree/master/docs/ota-client-guide/modules/ROOT/pages/ +:devguide-docsroot: https://docs.ota.here.com/ota-client/latest/ :getstarted-docsroot: https://docs.ota.here.com/getstarted/dev/ Meta-updater is a link:https://www.yoctoproject.org/software-overview/layers/[Yocto layer] that enables over-the-air updates (OTA) with https://github.com/ostreedev/ostree[OSTree] and https://github.com/advancedtelematic/aktualizr[Aktualizr] -- the default client for link:https://www.here.com/products/automotive/ota-technology[HERE OTA Connect]. @@ -31,45 +31,41 @@ sudo apt install ovmf [discrete] == Table of Contents -The following documentation focuses on tasks that involve the meta-updater layer. If you want to get an idea of the overall developer workflow in OTA Connect, see the link:https://docs.ota.here.com/ota-client/dev/index.html[OTA Connect Developer Guide]. -[NOTE] -==== -The following links point to files in the aktualizr repository where the source of the developer guide is stored. -==== +The following documentation focuses on tasks that involve the meta-updater layer. If you want to get an idea of the overall developer workflow in OTA Connect, see the link:{devguide-docsroot}index.html[OTA Connect Developer Guide]. -* xref:{aktualizr-docsroot}supported-boards.adoc[Supported boards] +* xref:{devguide-docsroot}supported-boards.html[Supported boards] + Find out if your board is supported and learn about the minimum hardware requirements. + -* xref:{aktualizr-docsroot}build-agl.adoc[Build an Automotive Grade Linux image] +* xref:{devguide-docsroot}build-agl.html[Build an Automotive Grade Linux image] + Learn how to use this layer as part of AGL. + -* xref:{aktualizr-docsroot}add-ota-functonality-existing-yocto-project.adoc[Add OTA functionality to an existing Yocto project] +* xref:{devguide-docsroot}add-ota-functonality-existing-yocto-project.html[Add OTA functionality to an existing Yocto project] + Learn how to add this layer to your own Yocto project. + -* xref:{aktualizr-docsroot}build-configuration.adoc[SOTA-related variables in local.conf] +* xref:{devguide-docsroot}build-configuration.html[SOTA-related variables in local.conf] + Learn how to configure OTA-related functionality when building images, including how to install custom versions of aktualizr. + -* xref:{aktualizr-docsroot}recommended-clientconfig.adoc[Recommended configuration] +* xref:{devguide-docsroot}recommended-clientconfig.html[Recommended configuration] + Learn how to optimize your build for development or production. + -* xref:{aktualizr-docsroot}client-provisioning-methods.adoc[Provisoning methods] +* xref:{devguide-docsroot}client-provisioning-methods.html[Provisoning methods] + -Learn more about the methods for provisioning devices. For more detail, you may also want to read about how to xref:{aktualizr-docsroot}enable-device-cred-provisioning.adoc[enable device credential provisioning] or how to xref:{aktualizr-docsroot}simulate-device-cred-provtest.adoc[simulate it for testing]. +Learn more about the methods for provisioning devices. For more detail, you may also want to read about how to xref:{devguide-docsroot}enable-device-cred-provisioning.html[enable device credential provisioning] or how to xref:{devguide-docsroot}simulate-device-cred-provtest.html[simulate it for testing]. + -* xref:{aktualizr-docsroot}meta-updater-usage.adoc[Advanced usage] +* xref:{devguide-docsroot}meta-updater-usage.html[Advanced usage] + Learn about the `garage-push` and `garage-sign` utilities, aktualizr configuration recipes, and service resource control. + -* xref:{aktualizr-docsroot}meta-updater-testing.adoc[Testing with oe-selftest and ptest] +* xref:{devguide-docsroot}meta-updater-testing.html[Testing with oe-selftest and ptest] + Learn how to use the `oe-selftest` framework for quality assurance and how to run the aktualizr test suite via ptest. + -* xref:{aktualizr-docsroot}troubleshooting.adoc[Troubleshooting] +* xref:{devguide-docsroot}troubleshooting.html[Troubleshooting] + Get help on common problems. -- cgit v1.2.3-54-g00ecf From ed47a4ba73fcbf82d532703a81531bd75f1da046 Mon Sep 17 00:00:00 2001 From: Laurent Bonnans Date: Wed, 16 Oct 2019 16:35:01 +0200 Subject: Give names to different SRC_URI in aktualizr recipe To make it self-documenting and extendable Signed-off-by: Laurent Bonnans --- recipes-sota/aktualizr/aktualizr_git.bb | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index d9f50c3..0947f07 100644 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -18,18 +18,17 @@ PR = "7" GARAGE_SIGN_PV = "0.7.0-33-g214dfb1" SRC_URI = " \ - gitsm://github.com/advancedtelematic/aktualizr;branch=${BRANCH} \ + gitsm://github.com/advancedtelematic/aktualizr;branch=${BRANCH};name=aktualizr \ file://run-ptest \ file://aktualizr.service \ file://aktualizr-secondary.service \ file://aktualizr-serialcan.service \ file://10-resource-control.conf \ - ${@ d.expand("https://ats-tuf-cli-releases.s3-eu-central-1.amazonaws.com/cli-${GARAGE_SIGN_PV}.tgz;unpack=0") if d.getVar('GARAGE_SIGN_AUTOVERSION') != '1' else ''} \ + ${@ d.expand("https://ats-tuf-cli-releases.s3-eu-central-1.amazonaws.com/cli-${GARAGE_SIGN_PV}.tgz;unpack=0;name=garagesign") if d.getVar('GARAGE_SIGN_AUTOVERSION') != '1' else ''} \ " -# for garage-sign archive -SRC_URI[md5sum] = "66ffe8dcd61d4c15646e1c4b7dde7401" -SRC_URI[sha256sum] = "7a7193ddf7e1a33ea60fbb20f98318a8bd78c325dab391d8c4ebd644a738abdc" +SRC_URI[garagesign.md5sum] = "66ffe8dcd61d4c15646e1c4b7dde7401" +SRC_URI[garagesign.sha256sum] = "7a7193ddf7e1a33ea60fbb20f98318a8bd78c325dab391d8c4ebd644a738abdc" SRCREV = "3bb9fe91b4c614a79373beadc721272fcf7acce2" BRANCH ?= "master" -- cgit v1.2.3-54-g00ecf From 766f1604c654b26d46f059bb8b89b3c2775e8d21 Mon Sep 17 00:00:00 2001 From: Laurent Bonnans Date: Wed, 16 Oct 2019 16:36:41 +0200 Subject: Fix aktualizr version reporting in yocto image Stop overriding AKTUALIZR_VERSION with the recipe version which is mostly bogus. And bump aktualizr to make sure we're using a version which fails at configure time if no version was specified. Signed-off-by: Laurent Bonnans --- recipes-sota/aktualizr/aktualizr_git.bb | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index 0947f07..d878d88 100644 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -3,7 +3,7 @@ DESCRIPTION = "SOTA Client application written in C++" HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" SECTION = "base" LICENSE = "MPL-2.0" -LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=9741c346eef56131163e13b9db1241b3" +LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=815ca599c9df247a0c7f619bab123dad" DEPENDS = "boost curl openssl libarchive libsodium sqlite3 asn1c-native" DEPENDS_append = "${@bb.utils.contains('PTEST_ENABLED', '1', ' coreutils-native net-tools-native ostree-native aktualizr-native ', '', d)}" @@ -30,7 +30,7 @@ SRC_URI = " \ SRC_URI[garagesign.md5sum] = "66ffe8dcd61d4c15646e1c4b7dde7401" SRC_URI[garagesign.sha256sum] = "7a7193ddf7e1a33ea60fbb20f98318a8bd78c325dab391d8c4ebd644a738abdc" -SRCREV = "3bb9fe91b4c614a79373beadc721272fcf7acce2" +SRCREV = "1592d4ab63d8851aca3440529701425612fbe903" BRANCH ?= "master" S = "${WORKDIR}/git" @@ -45,7 +45,7 @@ SYSTEMD_PACKAGES = "${PN} ${PN}-secondary" SYSTEMD_SERVICE_${PN} = "aktualizr.service" SYSTEMD_SERVICE_${PN}-secondary = "aktualizr-secondary.service" -EXTRA_OECMAKE = "-DCMAKE_BUILD_TYPE=Release -DAKTUALIZR_VERSION=${PV} ${@bb.utils.contains('PTEST_ENABLED', '1', '-DTESTSUITE_VALGRIND=on', '', d)}" +EXTRA_OECMAKE = "-DCMAKE_BUILD_TYPE=Release ${@bb.utils.contains('PTEST_ENABLED', '1', '-DTESTSUITE_VALGRIND=on', '', d)}" GARAGE_SIGN_OPS = "${@ d.expand('-DGARAGE_SIGN_ARCHIVE=${WORKDIR}/cli-${GARAGE_SIGN_PV}.tgz') if d.getVar('GARAGE_SIGN_AUTOVERSION') != '1' else ''}" @@ -69,8 +69,12 @@ RESOURCE_CPU_WEIGHT = "100" RESOURCE_MEMORY_HIGH = "100M" RESOURCE_MEMORY_MAX = "80%" -do_compile_ptest() { - cmake_runcmake_build --target build_tests "${PARALLEL_MAKE}" +do_configure_prepend() { + # CMake has trouble finding yocto's git when cross-compiling, let's do this step manually + cd ${S} + if [ ! -f VERSION ]; then + ./scripts/get_version.sh > VERSION + fi } do_install_ptest() { -- cgit v1.2.3-54-g00ecf From b25ae05c2cbcd6df0cf269ffe1f00ecab08e831d Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Fri, 11 Oct 2019 15:22:45 +0200 Subject: aktualizr: fix secondary recipes' dependencies. Most do not need to depend on aktualizr-native and do not need to be rebuilt if the credentials change. Signed-off-by: Patrick Vacek --- recipes-sota/aktualizr/aktualizr-device-prov-creds.bb | 6 ++++-- recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb | 6 +++--- recipes-sota/aktualizr/aktualizr-device-prov.bb | 6 +++--- recipes-sota/aktualizr/aktualizr-shared-prov-creds.bb | 2 +- recipes-sota/aktualizr/aktualizr-shared-prov.bb | 8 ++++---- recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb | 5 ++--- 6 files changed, 17 insertions(+), 16 deletions(-) diff --git a/recipes-sota/aktualizr/aktualizr-device-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-device-prov-creds.bb index 6e02a50..d8b29b4 100644 --- a/recipes-sota/aktualizr/aktualizr-device-prov-creds.bb +++ b/recipes-sota/aktualizr/aktualizr-device-prov-creds.bb @@ -6,11 +6,13 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7 inherit allarch -# WARNING: it is NOT a production solution. The secure way to provision devices +# WARNING: This is NOT an ideal solution. The secure way to provision devices # is to create certificate request directly on the device (either with HSM/TPM # or with software) and then sign it with a CA stored on a disconnected machine. -DEPENDS = "aktualizr aktualizr-native" +# We need to get the config files from the aktualizr-host-tools package built by +# the aktualizr (target) recipe. +DEPENDS = "aktualizr aktualizr-native openssl-native" ALLOW_EMPTY_${PN} = "1" SRC_URI = " \ diff --git a/recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb b/recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb index c3cd593..e8ef513 100644 --- a/recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb +++ b/recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb @@ -7,15 +7,15 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7 inherit allarch -DEPENDS = "aktualizr aktualizr-native" +# We need to get the config files from the aktualizr-host-tools package built by +# the aktualizr (target) recipe. +DEPENDS = "aktualizr" RDEPENDS_${PN}_append = "${@' aktualizr-device-prov-creds softhsm-testtoken' if d.getVar('SOTA_DEPLOY_CREDENTIALS') == '1' else ''}" SRC_URI = "" PV = "1.0" PR = "6" -require credentials.inc - do_install() { install -m 0700 -d ${D}${libdir}/sota/conf.d install -m 0644 ${STAGING_DIR_HOST}${libdir}/sota/sota-device-cred-hsm.toml \ diff --git a/recipes-sota/aktualizr/aktualizr-device-prov.bb b/recipes-sota/aktualizr/aktualizr-device-prov.bb index d579532..fbe29a1 100644 --- a/recipes-sota/aktualizr/aktualizr-device-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-device-prov.bb @@ -7,14 +7,14 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7 inherit allarch -DEPENDS = "aktualizr aktualizr-native openssl-native" +# We need to get the config files from the aktualizr-host-tools package built by +# the aktualizr (target) recipe. +DEPENDS = "aktualizr" RDEPENDS_${PN}_append = "${@' aktualizr-device-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS') == '1' else ''}" PV = "1.0" PR = "1" -require credentials.inc - do_install() { install -m 0700 -d ${D}${libdir}/sota/conf.d install -m 0644 ${STAGING_DIR_HOST}${libdir}/sota/sota-device-cred.toml \ diff --git a/recipes-sota/aktualizr/aktualizr-shared-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-shared-prov-creds.bb index 2701c07..b3b539d 100644 --- a/recipes-sota/aktualizr/aktualizr-shared-prov-creds.bb +++ b/recipes-sota/aktualizr/aktualizr-shared-prov-creds.bb @@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7 inherit allarch -DEPENDS = "aktualizr-native zip-native" +DEPENDS = "zip-native" ALLOW_EMPTY_${PN} = "1" require credentials.inc diff --git a/recipes-sota/aktualizr/aktualizr-shared-prov.bb b/recipes-sota/aktualizr/aktualizr-shared-prov.bb index d3d6f16..00588dc 100644 --- a/recipes-sota/aktualizr/aktualizr-shared-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-shared-prov.bb @@ -7,15 +7,15 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7 inherit allarch -DEPENDS = "aktualizr-native zip-native" +# We need to get the config files from the aktualizr-host-tools package built by +# the aktualizr (target) recipe. +DEPENDS = "aktualizr" RDEPENDS_${PN}_append = "${@' aktualizr-shared-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS') == '1' else ''}" PV = "1.0" PR = "6" SRC_URI = "" -require credentials.inc - do_install() { if [ -n "${SOTA_AUTOPROVISION_CREDENTIALS}" ]; then bbwarn "SOTA_AUTOPROVISION_CREDENTIALS are ignored. Please use SOTA_PACKED_CREDENTIALS" @@ -31,7 +31,7 @@ do_install() { fi install -m 0700 -d ${D}${libdir}/sota/conf.d - install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota-shared-cred.toml \ + install -m 0644 ${STAGING_DIR_HOST}${libdir}/sota/sota-shared-cred.toml \ ${D}${libdir}/sota/conf.d/20-sota-shared-cred.toml } diff --git a/recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb b/recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb index 860f225..5a49d16 100644 --- a/recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb +++ b/recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb @@ -6,14 +6,13 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7 inherit allarch -DEPENDS = "aktualizr-native" -RDEPENDS_${PN} = "aktualizr" +DEPENDS = "aktualizr" SRC_URI = "" do_install() { install -m 0700 -d ${D}${libdir}/sota/conf.d - install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota-uboot-env.toml ${D}${libdir}/sota/conf.d/30-rollback.toml + install -m 0644 ${STAGING_DIR_HOST}${libdir}/sota/sota-uboot-env.toml ${D}${libdir}/sota/conf.d/30-rollback.toml } FILES_${PN} = " \ -- cgit v1.2.3-54-g00ecf From baab9e027f01ba6445fbafe1b808e62f86c209e6 Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Fri, 11 Oct 2019 16:19:19 +0200 Subject: demo-network-config: use ${libdir} consistently. Signed-off-by: Patrick Vacek --- recipes-test/demo-network-config/network-config.inc | 6 +++--- recipes-test/demo-network-config/primary-network-config.bb | 6 +++--- recipes-test/demo-network-config/secondary-network-config.bb | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/recipes-test/demo-network-config/network-config.inc b/recipes-test/demo-network-config/network-config.inc index ed623d4..a231a24 100644 --- a/recipes-test/demo-network-config/network-config.inc +++ b/recipes-test/demo-network-config/network-config.inc @@ -6,11 +6,11 @@ SECONDARY_INTERFACE ?= "${@ 'eth0' if d.getVar('MACHINE') == 'raspberrypi3' else do_install_append() { bbnote "Network configuration type to be applied: ${CONF_TYPE}" - install -d ${D}/usr/lib/systemd/network - install -m 0644 ${WORKDIR}/26-${CONF_TYPE}-client.network ${D}/usr/lib/systemd/network/ + install -d ${D}${libdir}/systemd/network + install -m 0644 ${WORKDIR}/26-${CONF_TYPE}-client.network ${D}${libdir}/systemd/network/ sed -i -e 's|@ADDR@|${IP_ADDR}|g' \ -e 's|@IFNAME@|${SECONDARY_INTERFACE}|g' \ - ${D}/usr/lib/systemd/network/26-${CONF_TYPE}-client.network + ${D}${libdir}/systemd/network/26-${CONF_TYPE}-client.network } diff --git a/recipes-test/demo-network-config/primary-network-config.bb b/recipes-test/demo-network-config/primary-network-config.bb index d840a95..0b0119b 100644 --- a/recipes-test/demo-network-config/primary-network-config.bb +++ b/recipes-test/demo-network-config/primary-network-config.bb @@ -8,13 +8,13 @@ SRC_URI = "\ file://27-dhcp-client-external.network \ " -FILES_${PN} = "/usr/lib/systemd/network" +FILES_${PN} = "${libdir}/systemd/network" PR = "1" do_install() { - install -d ${D}/usr/lib/systemd/network - install -m 0644 ${WORKDIR}/27-dhcp-client-external.network ${D}/usr/lib/systemd/network/ + install -d ${D}${libdir}/systemd/network + install -m 0644 ${WORKDIR}/27-dhcp-client-external.network ${D}${libdir}/systemd/network/ } PRIMARY_IP ?= "10.0.3.1" diff --git a/recipes-test/demo-network-config/secondary-network-config.bb b/recipes-test/demo-network-config/secondary-network-config.bb index b1d70f1..cef8274 100644 --- a/recipes-test/demo-network-config/secondary-network-config.bb +++ b/recipes-test/demo-network-config/secondary-network-config.bb @@ -12,13 +12,13 @@ SRC_URI = "\ file://27-dhcp-client-external.network \ " -FILES_${PN} = "/usr/lib/systemd/network" +FILES_${PN} = "${libdir}/systemd/network" PR = "1" do_install() { - install -d ${D}/usr/lib/systemd/network - install -m 0644 ${WORKDIR}/27-dhcp-client-external.network ${D}/usr/lib/systemd/network/ + install -d ${D}${libdir}/systemd/network + install -m 0644 ${WORKDIR}/27-dhcp-client-external.network ${D}${libdir}/systemd/network/ } SECONDARY_IP ?= "10.0.3.2" -- cgit v1.2.3-54-g00ecf From a1a73c69c1e81dadf92a04fe7fb636ce73f48d27 Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Fri, 11 Oct 2019 16:20:04 +0200 Subject: demo-config: inherit allarch for config-only recipes. Signed-off-by: Patrick Vacek --- recipes-test/demo-config/primary-config.bb | 2 ++ recipes-test/demo-config/secondary-config.bb | 12 +++++++----- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/recipes-test/demo-config/primary-config.bb b/recipes-test/demo-config/primary-config.bb index 27cb553..b1964e2 100644 --- a/recipes-test/demo-config/primary-config.bb +++ b/recipes-test/demo-config/primary-config.bb @@ -4,6 +4,8 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7 require shared-conf.inc +inherit allarch + PRIMARY_SECONDARIES ?= "${SECONDARY_IP}:${SECONDARY_PORT}" SRC_URI = "\ diff --git a/recipes-test/demo-config/secondary-config.bb b/recipes-test/demo-config/secondary-config.bb index 9411646..b2b9547 100644 --- a/recipes-test/demo-config/secondary-config.bb +++ b/recipes-test/demo-config/secondary-config.bb @@ -4,6 +4,8 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7 require shared-conf.inc +inherit allarch + SECONDARY_SERIAL_ID ?= "" SOTA_HARDWARE_ID ?= "${MACHINE}-sndry" SECONDARY_HARDWARE_ID ?= "${SOTA_HARDWARE_ID}" @@ -16,18 +18,18 @@ SRC_URI = "\ do_install () { install -m 0700 -d ${D}${libdir}/sota/conf.d - install -m 0644 ${WORKDIR}/30-fake-pacman.toml ${D}/${libdir}/sota/conf.d/30-fake-pacman.toml + install -m 0644 ${WORKDIR}/30-fake-pacman.toml ${D}${libdir}/sota/conf.d/30-fake-pacman.toml - install -m 0644 ${WORKDIR}/35-network-config.toml ${D}/${libdir}/sota/conf.d/35-network-config.toml + install -m 0644 ${WORKDIR}/35-network-config.toml ${D}${libdir}/sota/conf.d/35-network-config.toml sed -i -e 's|@PORT@|${SECONDARY_PORT}|g' \ -e 's|@PRIMARY_IP@|${PRIMARY_IP}|g' \ -e 's|@PRIMARY_PORT@|${PRIMARY_PORT}|g' \ - ${D}/${libdir}/sota/conf.d/35-network-config.toml + ${D}${libdir}/sota/conf.d/35-network-config.toml - install -m 0644 ${WORKDIR}/45-id-config.toml ${D}/${libdir}/sota/conf.d/45-id-config.toml + install -m 0644 ${WORKDIR}/45-id-config.toml ${D}${libdir}/sota/conf.d/45-id-config.toml sed -i -e 's|@SERIAL@|${SECONDARY_SERIAL_ID}|g' \ -e 's|@HWID@|${SECONDARY_HARDWARE_ID}|g' \ - ${D}/${libdir}/sota/conf.d/45-id-config.toml + ${D}${libdir}/sota/conf.d/45-id-config.toml } -- cgit v1.2.3-54-g00ecf From 2b86c20024699aa4a0d464f25e9664bb169dded1 Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Mon, 14 Oct 2019 12:05:26 +0200 Subject: demo-config: recipes that depend on MACHINE cannot be allarch. Signed-off-by: Patrick Vacek --- recipes-test/demo-config/secondary-config.bb | 2 -- recipes-test/demo-network-config/primary-network-config.bb | 2 -- recipes-test/demo-network-config/secondary-network-config.bb | 2 -- 3 files changed, 6 deletions(-) diff --git a/recipes-test/demo-config/secondary-config.bb b/recipes-test/demo-config/secondary-config.bb index b2b9547..55358b7 100644 --- a/recipes-test/demo-config/secondary-config.bb +++ b/recipes-test/demo-config/secondary-config.bb @@ -4,8 +4,6 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7 require shared-conf.inc -inherit allarch - SECONDARY_SERIAL_ID ?= "" SOTA_HARDWARE_ID ?= "${MACHINE}-sndry" SECONDARY_HARDWARE_ID ?= "${SOTA_HARDWARE_ID}" diff --git a/recipes-test/demo-network-config/primary-network-config.bb b/recipes-test/demo-network-config/primary-network-config.bb index 0b0119b..544a5ec 100644 --- a/recipes-test/demo-network-config/primary-network-config.bb +++ b/recipes-test/demo-network-config/primary-network-config.bb @@ -2,8 +2,6 @@ DESCRIPTION = "Sample network configuration for an Uptane Primary" LICENSE = "MPL-2.0" LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" -inherit allarch - SRC_URI = "\ file://27-dhcp-client-external.network \ " diff --git a/recipes-test/demo-network-config/secondary-network-config.bb b/recipes-test/demo-network-config/secondary-network-config.bb index cef8274..ca83d53 100644 --- a/recipes-test/demo-network-config/secondary-network-config.bb +++ b/recipes-test/demo-network-config/secondary-network-config.bb @@ -2,8 +2,6 @@ DESCRIPTION = "Sample network configuration for an Uptane Secondary" LICENSE = "MPL-2.0" LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" -inherit allarch - # TODO: It configures the 'user' interface in NAT mode and provides an access to public Inet via it # which is not desired for Secondary. It cannot be just removed since we get SSH access to Secondary # VM via this interface. So, the task is to configure the interface in such way that it does provide access -- cgit v1.2.3-54-g00ecf From 29a1bd84bac8c273f5cec40560165df15f11638a Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Mon, 14 Oct 2019 12:06:23 +0200 Subject: aktualizr: use SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS for config recipes. This is a bit of a compromise. These recipes are allarch, since they do not depend on an architecture, but they depend on aktualizr, which is definitely not allarch. Therefore, we must tell bitbake not to treat the aktualizr architecture as a dependency of these recipes. However, this means that if one of the config files changes in the aktualizr repo, we need to bump the version of the recipe that uses it to make sure bitbake picks up that change. Signed-off-by: Patrick Vacek --- conf/layer.conf | 9 +++++++++ recipes-sota/aktualizr/aktualizr-device-prov-creds.bb | 5 +++++ recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb | 5 ++++- recipes-sota/aktualizr/aktualizr-device-prov.bb | 4 ++++ recipes-sota/aktualizr/aktualizr-shared-prov-creds.bb | 7 +++++++ recipes-sota/aktualizr/aktualizr-shared-prov.bb | 3 +++ recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb | 5 +++++ 7 files changed, 37 insertions(+), 1 deletion(-) diff --git a/conf/layer.conf b/conf/layer.conf index ec791bb..98fee2a 100644 --- a/conf/layer.conf +++ b/conf/layer.conf @@ -11,3 +11,12 @@ BBFILE_PRIORITY_sota = "7" LAYERDEPENDS_sota = "filesystems-layer" LAYERSERIES_COMPAT_sota = "thud warrior" + +SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \ + aktualizr-device-prov->aktualizr \ + aktualizr-device-prov-creds->aktualizr \ + aktualizr-device-prov-hsm->aktualizr \ + aktualizr-shared-prov->aktualizr \ + aktualizr-shared-prov-creds->aktualizr \ + aktualizr-uboot-env-rollback->aktualizr \ +" diff --git a/recipes-sota/aktualizr/aktualizr-device-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-device-prov-creds.bb index d8b29b4..a3c7d66 100644 --- a/recipes-sota/aktualizr/aktualizr-device-prov-creds.bb +++ b/recipes-sota/aktualizr/aktualizr-device-prov-creds.bb @@ -15,6 +15,11 @@ inherit allarch DEPENDS = "aktualizr aktualizr-native openssl-native" ALLOW_EMPTY_${PN} = "1" +# If the config file from aktualizr used here is changed, you will need to bump +# the version here because of SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS! +PV = "1.0" +PR = "1" + SRC_URI = " \ file://ca.cnf \ " diff --git a/recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb b/recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb index e8ef513..8d4bc9c 100644 --- a/recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb +++ b/recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb @@ -12,10 +12,13 @@ inherit allarch DEPENDS = "aktualizr" RDEPENDS_${PN}_append = "${@' aktualizr-device-prov-creds softhsm-testtoken' if d.getVar('SOTA_DEPLOY_CREDENTIALS') == '1' else ''}" -SRC_URI = "" +# If the config file from aktualizr used here is changed, you will need to bump +# the version here because of SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS! PV = "1.0" PR = "6" +SRC_URI = "" + do_install() { install -m 0700 -d ${D}${libdir}/sota/conf.d install -m 0644 ${STAGING_DIR_HOST}${libdir}/sota/sota-device-cred-hsm.toml \ diff --git a/recipes-sota/aktualizr/aktualizr-device-prov.bb b/recipes-sota/aktualizr/aktualizr-device-prov.bb index fbe29a1..e8c75bb 100644 --- a/recipes-sota/aktualizr/aktualizr-device-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-device-prov.bb @@ -12,9 +12,13 @@ inherit allarch DEPENDS = "aktualizr" RDEPENDS_${PN}_append = "${@' aktualizr-device-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS') == '1' else ''}" +# If the config file from aktualizr used here is changed, you will need to bump +# the version here because of SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS! PV = "1.0" PR = "1" +SRC_URI = "" + do_install() { install -m 0700 -d ${D}${libdir}/sota/conf.d install -m 0644 ${STAGING_DIR_HOST}${libdir}/sota/sota-device-cred.toml \ diff --git a/recipes-sota/aktualizr/aktualizr-shared-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-shared-prov-creds.bb index b3b539d..9c6f0dd 100644 --- a/recipes-sota/aktualizr/aktualizr-shared-prov-creds.bb +++ b/recipes-sota/aktualizr/aktualizr-shared-prov-creds.bb @@ -9,6 +9,13 @@ inherit allarch DEPENDS = "zip-native" ALLOW_EMPTY_${PN} = "1" +# If the config file from aktualizr used here is changed, you will need to bump +# the version here because of SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS! +PV = "1.0" +PR = "1" + +SRC_URI = "" + require credentials.inc do_install() { diff --git a/recipes-sota/aktualizr/aktualizr-shared-prov.bb b/recipes-sota/aktualizr/aktualizr-shared-prov.bb index 00588dc..2ee47a1 100644 --- a/recipes-sota/aktualizr/aktualizr-shared-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-shared-prov.bb @@ -11,6 +11,9 @@ inherit allarch # the aktualizr (target) recipe. DEPENDS = "aktualizr" RDEPENDS_${PN}_append = "${@' aktualizr-shared-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS') == '1' else ''}" + +# If the config file from aktualizr used here is changed, you will need to bump +# the version here because of SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS! PV = "1.0" PR = "6" diff --git a/recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb b/recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb index 5a49d16..2895e5c 100644 --- a/recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb +++ b/recipes-sota/aktualizr/aktualizr-uboot-env-rollback.bb @@ -8,6 +8,11 @@ inherit allarch DEPENDS = "aktualizr" +# If the config file from aktualizr used here is changed, you will need to bump +# the version here because of SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS! +PV = "1.0" +PR = "1" + SRC_URI = "" do_install() { -- cgit v1.2.3-54-g00ecf From c0cd8356834088b273e14a9da98ca445b4b5368b Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Mon, 14 Oct 2019 12:30:49 +0200 Subject: layer.conf: Update LAYERDEPENDS_sota. It was missing a few dependencies. Signed-off-by: Patrick Vacek --- conf/layer.conf | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/conf/layer.conf b/conf/layer.conf index 98fee2a..aeb33d8 100644 --- a/conf/layer.conf +++ b/conf/layer.conf @@ -9,7 +9,9 @@ BBFILE_COLLECTIONS += "sota" BBFILE_PATTERN_sota = "^${LAYERDIR}/" BBFILE_PRIORITY_sota = "7" -LAYERDEPENDS_sota = "filesystems-layer" +LAYERDEPENDS_sota = "openembedded-layer" +LAYERDEPENDS_sota += "meta-python" +LAYERDEPENDS_sota += "filesystems-layer" LAYERSERIES_COMPAT_sota = "thud warrior" SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \ -- cgit v1.2.3-54-g00ecf From 53b55b7d281171217b29731d293025cb7555995d Mon Sep 17 00:00:00 2001 From: Laurent Bonnans Date: Tue, 15 Oct 2019 18:58:24 +0200 Subject: Split aktualizr hwid config to another recipe So that we can fix the ${MACHINE} dependency issues Signed-off-by: Laurent Bonnans --- recipes-sota/aktualizr/aktualizr-hwid.bb | 23 +++++++++++++++++++++++ recipes-sota/aktualizr/aktualizr_git.bb | 6 +----- 2 files changed, 24 insertions(+), 5 deletions(-) create mode 100644 recipes-sota/aktualizr/aktualizr-hwid.bb diff --git a/recipes-sota/aktualizr/aktualizr-hwid.bb b/recipes-sota/aktualizr/aktualizr-hwid.bb new file mode 100644 index 0000000..64b1bda --- /dev/null +++ b/recipes-sota/aktualizr/aktualizr-hwid.bb @@ -0,0 +1,23 @@ +SUMMARY = "Aktualizr hwid configuration" +HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" +SECTION = "base" +LICENSE = "MPL-2.0" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" + +PACKAGE_ARCH = "${MACHINE_ARCH}" + +SRC_URI = "" + +do_install() { + install -m 0700 -d ${D}${libdir}/sota/conf.d + if [ -n "${SOTA_HARDWARE_ID}" ]; then + printf "[provision]\nprimary_ecu_hardware_id = ${SOTA_HARDWARE_ID}\n" > ${D}${libdir}/sota/conf.d/40-hardware-id.toml + fi +} + +FILES_${PN} = " \ + ${libdir}/sota/conf.d \ + ${libdir}/sota/conf.d/40-hardware-id.toml \ + " + +# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index d878d88..0de0866 100644 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=815ca599c9df247a0c7f619bab123dad" DEPENDS = "boost curl openssl libarchive libsodium sqlite3 asn1c-native" DEPENDS_append = "${@bb.utils.contains('PTEST_ENABLED', '1', ' coreutils-native net-tools-native ostree-native aktualizr-native ', '', d)}" -RDEPENDS_${PN}_class-target = "aktualizr-configs lshw" +RDEPENDS_${PN}_class-target = "aktualizr-configs aktualizr-hwid lshw" RDEPENDS_${PN}-host-tools = "aktualizr aktualizr-cert-provider ${@bb.utils.contains('PACKAGECONFIG', 'sota-tools', 'garage-deploy garage-push', '', d)}" RDEPENDS_${PN}-ptest += "bash cmake curl net-tools python3-core python3-misc python3-modules openssl-bin sqlite3 valgrind" @@ -105,10 +105,6 @@ do_install_append () { install -m 0700 -d ${D}${libdir}/sota/conf.d install -m 0700 -d ${D}${sysconfdir}/sota/conf.d - if [ -n "${SOTA_HARDWARE_ID}" ]; then - printf "[provision]\nprimary_ecu_hardware_id = ${SOTA_HARDWARE_ID}\n" > ${D}${libdir}/sota/conf.d/40-hardware-id.toml - fi - install -m 0755 -d ${D}${systemd_unitdir}/system aktualizr_service=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'serialcan', '${WORKDIR}/aktualizr-serialcan.service', '${WORKDIR}/aktualizr.service', d)} install -m 0644 ${aktualizr_service} ${D}${systemd_unitdir}/system/aktualizr.service -- cgit v1.2.3-54-g00ecf From 8ce94fd8c78d4836a429229a9842e917b30b39ae Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Wed, 16 Oct 2019 16:54:55 +0200 Subject: Specify more configs as MACHINE_ARCH. If they depend on MACHINE, that's what we gotta do. Still haven't sorted out aktualizr-device-prov-creds, though. Signed-off-by: Patrick Vacek --- recipes-sota/aktualizr/aktualizr-hwid.bb | 1 + recipes-test/demo-config/secondary-config.bb | 3 +++ recipes-test/demo-network-config/network-config.inc | 3 +++ 3 files changed, 7 insertions(+) diff --git a/recipes-sota/aktualizr/aktualizr-hwid.bb b/recipes-sota/aktualizr/aktualizr-hwid.bb index 64b1bda..fd3e395 100644 --- a/recipes-sota/aktualizr/aktualizr-hwid.bb +++ b/recipes-sota/aktualizr/aktualizr-hwid.bb @@ -4,6 +4,7 @@ SECTION = "base" LICENSE = "MPL-2.0" LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" +# Because of the dependency on MACHINE. PACKAGE_ARCH = "${MACHINE_ARCH}" SRC_URI = "" diff --git a/recipes-test/demo-config/secondary-config.bb b/recipes-test/demo-config/secondary-config.bb index 55358b7..ddbed89 100644 --- a/recipes-test/demo-config/secondary-config.bb +++ b/recipes-test/demo-config/secondary-config.bb @@ -4,6 +4,9 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7 require shared-conf.inc +# Because of the dependency on MACHINE. +PACKAGE_ARCH = "${MACHINE_ARCH}" + SECONDARY_SERIAL_ID ?= "" SOTA_HARDWARE_ID ?= "${MACHINE}-sndry" SECONDARY_HARDWARE_ID ?= "${SOTA_HARDWARE_ID}" diff --git a/recipes-test/demo-network-config/network-config.inc b/recipes-test/demo-network-config/network-config.inc index a231a24..b023f51 100644 --- a/recipes-test/demo-network-config/network-config.inc +++ b/recipes-test/demo-network-config/network-config.inc @@ -2,6 +2,9 @@ SRC_URI_append = "\ file://26-${CONF_TYPE}-client.network \ " +# Because of the dependency on MACHINE. +PACKAGE_ARCH = "${MACHINE_ARCH}" + SECONDARY_INTERFACE ?= "${@ 'eth0' if d.getVar('MACHINE') == 'raspberrypi3' else 'enp0s5'}" do_install_append() { -- cgit v1.2.3-54-g00ecf From d2c460685d6cc5373f7a98609521e6deb6e11d4e Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Thu, 17 Oct 2019 17:01:18 +0200 Subject: aktualizr-device-prov-creds: remove it. Originally I was just trying to remove the reference to DEPLOY_DIR_IMAGE because it depends on MACHINE, but then I realized that this recipe is just plain not worth keeping. It isn't viable for anything except the most limited testing, since it bakes device-specific credentials into an image, but we weren't even using it for testing. Signed-off-by: Patrick Vacek --- conf/layer.conf | 1 - .../aktualizr/aktualizr-device-prov-creds.bb | 67 ---------------------- .../aktualizr/aktualizr-device-prov-hsm.bb | 1 - recipes-sota/aktualizr/aktualizr-device-prov.bb | 1 - recipes-test/images/secondary-image.bb | 1 - scripts/find_aktualizr_dependencies.sh | 1 - 6 files changed, 72 deletions(-) delete mode 100644 recipes-sota/aktualizr/aktualizr-device-prov-creds.bb diff --git a/conf/layer.conf b/conf/layer.conf index aeb33d8..035a46b 100644 --- a/conf/layer.conf +++ b/conf/layer.conf @@ -16,7 +16,6 @@ LAYERSERIES_COMPAT_sota = "thud warrior" SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \ aktualizr-device-prov->aktualizr \ - aktualizr-device-prov-creds->aktualizr \ aktualizr-device-prov-hsm->aktualizr \ aktualizr-shared-prov->aktualizr \ aktualizr-shared-prov-creds->aktualizr \ diff --git a/recipes-sota/aktualizr/aktualizr-device-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-device-prov-creds.bb deleted file mode 100644 index a3c7d66..0000000 --- a/recipes-sota/aktualizr/aktualizr-device-prov-creds.bb +++ /dev/null @@ -1,67 +0,0 @@ -SUMMARY = "Credentials for device provisioning with fleet CA certificate" -HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" -SECTION = "base" -LICENSE = "MPL-2.0" -LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" - -inherit allarch - -# WARNING: This is NOT an ideal solution. The secure way to provision devices -# is to create certificate request directly on the device (either with HSM/TPM -# or with software) and then sign it with a CA stored on a disconnected machine. - -# We need to get the config files from the aktualizr-host-tools package built by -# the aktualizr (target) recipe. -DEPENDS = "aktualizr aktualizr-native openssl-native" -ALLOW_EMPTY_${PN} = "1" - -# If the config file from aktualizr used here is changed, you will need to bump -# the version here because of SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS! -PV = "1.0" -PR = "1" - -SRC_URI = " \ - file://ca.cnf \ - " - -require credentials.inc - -export SOTA_CACERT_PATH -export SOTA_CAKEY_PATH - -do_install() { - if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then - if [ -z ${SOTA_CACERT_PATH} ]; then - SOTA_CACERT_PATH=${DEPLOY_DIR_IMAGE}/CA/cacert.pem - SOTA_CAKEY_PATH=${DEPLOY_DIR_IMAGE}/CA/ca.private.pem - mkdir -p ${DEPLOY_DIR_IMAGE}/CA - bbwarn "SOTA_CACERT_PATH is not specified, use default one at ${SOTA_CACERT_PATH}" - - if [ ! -f ${SOTA_CACERT_PATH} ]; then - bbwarn "${SOTA_CACERT_PATH} does not exist, generate a new CA" - SOTA_CACERT_DIR_PATH="$(dirname "${SOTA_CACERT_PATH}")" - openssl genrsa -out ${SOTA_CACERT_DIR_PATH}/ca.private.pem 4096 - openssl req -key ${SOTA_CACERT_DIR_PATH}/ca.private.pem -new -x509 -days 7300 -out ${SOTA_CACERT_PATH} -subj "/C=DE/ST=Berlin/O=Reis und Kichererbsen e.V/commonName=meta-updater" -batch -config ${WORKDIR}/ca.cnf -extensions cacert - bbwarn "${SOTA_CACERT_PATH} has been created, you'll need to upload it to the server" - fi - fi - - if [ -z ${SOTA_CAKEY_PATH} ]; then - bbfatal "SOTA_CAKEY_PATH should be set when using device credential provisioning" - fi - - install -m 0700 -d ${D}${localstatedir}/sota - aktualizr-cert-provider --credentials ${SOTA_PACKED_CREDENTIALS} \ - --fleet-ca ${SOTA_CACERT_PATH} \ - --fleet-ca-key ${SOTA_CAKEY_PATH} \ - --root-ca \ - --server-url \ - --local ${D} \ - --config ${STAGING_DIR_HOST}${libdir}/sota/sota-device-cred.toml - fi -} - -FILES_${PN} = " \ - ${localstatedir}/sota/*" - -# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb b/recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb index 8d4bc9c..4eadb77 100644 --- a/recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb +++ b/recipes-sota/aktualizr/aktualizr-device-prov-hsm.bb @@ -10,7 +10,6 @@ inherit allarch # We need to get the config files from the aktualizr-host-tools package built by # the aktualizr (target) recipe. DEPENDS = "aktualizr" -RDEPENDS_${PN}_append = "${@' aktualizr-device-prov-creds softhsm-testtoken' if d.getVar('SOTA_DEPLOY_CREDENTIALS') == '1' else ''}" # If the config file from aktualizr used here is changed, you will need to bump # the version here because of SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS! diff --git a/recipes-sota/aktualizr/aktualizr-device-prov.bb b/recipes-sota/aktualizr/aktualizr-device-prov.bb index e8c75bb..55f398d 100644 --- a/recipes-sota/aktualizr/aktualizr-device-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-device-prov.bb @@ -10,7 +10,6 @@ inherit allarch # We need to get the config files from the aktualizr-host-tools package built by # the aktualizr (target) recipe. DEPENDS = "aktualizr" -RDEPENDS_${PN}_append = "${@' aktualizr-device-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS') == '1' else ''}" # If the config file from aktualizr used here is changed, you will need to bump # the version here because of SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS! diff --git a/recipes-test/images/secondary-image.bb b/recipes-test/images/secondary-image.bb index 27d1e3f..7db2c68 100644 --- a/recipes-test/images/secondary-image.bb +++ b/recipes-test/images/secondary-image.bb @@ -14,7 +14,6 @@ IMAGE_INSTALL_remove = " \ aktualizr-shared-prov \ aktualizr-shared-prov-creds \ aktualizr-device-prov \ - aktualizr-device-prov-creds \ aktualizr-device-prov-hsm \ aktualizr-uboot-env-rollback \ virtual/network-configuration \ diff --git a/scripts/find_aktualizr_dependencies.sh b/scripts/find_aktualizr_dependencies.sh index 493df80..fcb2f97 100755 --- a/scripts/find_aktualizr_dependencies.sh +++ b/scripts/find_aktualizr_dependencies.sh @@ -13,7 +13,6 @@ ${parentdir}/find_dependencies.py aktualizr ${parentdir}/find_dependencies.py aktualizr-shared-prov ${parentdir}/find_dependencies.py aktualizr-shared-prov-creds ${parentdir}/find_dependencies.py aktualizr-device-prov -${parentdir}/find_dependencies.py aktualizr-device-prov-creds ${parentdir}/find_dependencies.py aktualizr-device-prov-hsm ${parentdir}/find_dependencies.py aktualizr-auto-reboot ${parentdir}/find_dependencies.py aktualizr-disable-send-ip -- cgit v1.2.3-54-g00ecf From d6624c6897c1ae65433e8a949221590084a62e1e Mon Sep 17 00:00:00 2001 From: Jeremias Cordoba Date: Tue, 15 Oct 2019 16:21:42 -0700 Subject: image_types_ostree: Fix OSTree ref-bindings The command "ostree refs --create" creates a new ref that points to a pre-existing commit hash. This does not add this new ref to the ref-bindings metadata in OSTree. The missing metadata leads to OSTree verifcation failures when working with the new ref. Fix this by adding the "--bind-ref" option to "ostree commit" which adds the needed ref-binding metadata. Signed-off-by: Jeremias Cordoba --- classes/image_types_ostree.bbclass | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass index 795e01b..7ffe99d 100644 --- a/classes/image_types_ostree.bbclass +++ b/classes/image_types_ostree.bbclass @@ -168,7 +168,8 @@ IMAGE_CMD_ostreecommit () { --skip-if-unchanged \ --branch=${OSTREE_BRANCHNAME} \ --subject="${OSTREE_COMMIT_SUBJECT}" \ - --body="${OSTREE_COMMIT_BODY}" + --body="${OSTREE_COMMIT_BODY}" \ + --bind-ref="${OSTREE_BRANCHNAME}-${IMAGE_BASENAME}" if [ "${OSTREE_UPDATE_SUMMARY}" = "1" ]; then ostree --repo=${OSTREE_REPO} summary -u -- cgit v1.2.3-54-g00ecf From fe5a5ab1cbd144c0adab6a7e71f615af0572bb9c Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Mon, 21 Oct 2019 09:40:06 +0200 Subject: aktualizr: Bump to 2019.9 release and latest garage-sign. Signed-off-by: Patrick Vacek --- recipes-sota/aktualizr/aktualizr_git.bb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index 0de0866..379b563 100644 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -15,7 +15,7 @@ RDEPENDS_${PN}-ptest += "bash cmake curl net-tools python3-core python3-misc pyt PV = "1.0+git${SRCPV}" PR = "7" -GARAGE_SIGN_PV = "0.7.0-33-g214dfb1" +GARAGE_SIGN_PV = "0.7.0-49-g5ffd420" SRC_URI = " \ gitsm://github.com/advancedtelematic/aktualizr;branch=${BRANCH};name=aktualizr \ @@ -27,10 +27,10 @@ SRC_URI = " \ ${@ d.expand("https://ats-tuf-cli-releases.s3-eu-central-1.amazonaws.com/cli-${GARAGE_SIGN_PV}.tgz;unpack=0;name=garagesign") if d.getVar('GARAGE_SIGN_AUTOVERSION') != '1' else ''} \ " -SRC_URI[garagesign.md5sum] = "66ffe8dcd61d4c15646e1c4b7dde7401" -SRC_URI[garagesign.sha256sum] = "7a7193ddf7e1a33ea60fbb20f98318a8bd78c325dab391d8c4ebd644a738abdc" +SRC_URI[garagesign.md5sum] = "de0877ecb693fd48ec11052e51b0ff1a" +SRC_URI[garagesign.sha256sum] = "cf25759574c9c1206835daeaf6fc345f6db7b5ccdb95fb828c86d7451f78f0aa" -SRCREV = "1592d4ab63d8851aca3440529701425612fbe903" +SRCREV = "fa59e33208d3b1dc690a30ce8339b3b4162f8022" BRANCH ?= "master" S = "${WORKDIR}/git" -- cgit v1.2.3-54-g00ecf From 2785130f4ab9402abfb8cb60692c5f208fcd3566 Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Tue, 22 Oct 2019 16:22:10 +0200 Subject: aktualizr: remove systemd from PACKAGECONFIG. The systemd functionality in aktualizr is not currently used for anything, so there's no reason to use it. Signed-off-by: Patrick Vacek --- recipes-sota/aktualizr/aktualizr_git.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index 379b563..4b64803 100644 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -49,7 +49,7 @@ EXTRA_OECMAKE = "-DCMAKE_BUILD_TYPE=Release ${@bb.utils.contains('PTEST_ENABLED' GARAGE_SIGN_OPS = "${@ d.expand('-DGARAGE_SIGN_ARCHIVE=${WORKDIR}/cli-${GARAGE_SIGN_PV}.tgz') if d.getVar('GARAGE_SIGN_AUTOVERSION') != '1' else ''}" -PACKAGECONFIG ?= "ostree ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} ${@bb.utils.filter('SOTA_CLIENT_FEATURES', 'hsm serialcan ubootenv', d)}" +PACKAGECONFIG ?= "ostree ${@bb.utils.filter('SOTA_CLIENT_FEATURES', 'hsm serialcan ubootenv', d)}" PACKAGECONFIG_class-native = "sota-tools" PACKAGECONFIG[warning-as-error] = "-DWARNING_AS_ERROR=ON,-DWARNING_AS_ERROR=OFF," PACKAGECONFIG[ostree] = "-DBUILD_OSTREE=ON,-DBUILD_OSTREE=OFF,ostree," -- cgit v1.2.3-54-g00ecf From a2aaf6a5abead03fdba0c14a33ef9403aea13d88 Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Mon, 28 Oct 2019 09:57:11 +0100 Subject: networkd-dhcp-conf: Remove allarch. We were setting PACKAGE_ARCH to MACHINE_ARCH anyway, so this wasn't helping anything. Suggested-by: Martin Jansa Signed-off-by: Patrick Vacek --- recipes-connectivity/networkd-dhcp-conf/networkd-dhcp-conf.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes-connectivity/networkd-dhcp-conf/networkd-dhcp-conf.bb b/recipes-connectivity/networkd-dhcp-conf/networkd-dhcp-conf.bb index b6076cd..394531e 100644 --- a/recipes-connectivity/networkd-dhcp-conf/networkd-dhcp-conf.bb +++ b/recipes-connectivity/networkd-dhcp-conf/networkd-dhcp-conf.bb @@ -4,7 +4,7 @@ interfaces through systemd-networkd" LICENSE = "MPL-2.0" LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad" -inherit allarch systemd +inherit systemd RPROVIDES_${PN} = "virtual/network-configuration" -- cgit v1.2.3-54-g00ecf From 137a41871afdd1fdd6f730a4583f22551762c96d Mon Sep 17 00:00:00 2001 From: Laurent Bonnans Date: Mon, 28 Oct 2019 14:44:07 +0100 Subject: Fix aktualizr-ptest breakage The compile step was removed by mistake in ec1ac0617b120813d6450dffe1aa8d4868e37332! Signed-off-by: Laurent Bonnans --- recipes-sota/aktualizr/aktualizr_git.bb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index 4b64803..22cba07 100644 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -77,6 +77,10 @@ do_configure_prepend() { fi } +do_compile_ptest() { + cmake_runcmake_build --target build_tests "${PARALLEL_MAKE}" +} + do_install_ptest() { # copy the complete source directory (contains build) cp -r ${B}/ ${D}/${PTEST_PATH}/build -- cgit v1.2.3-54-g00ecf From 1e0015a2592bd9e4dee5de041b0fc4962de033df Mon Sep 17 00:00:00 2001 From: Laurent Bonnans Date: Tue, 29 Oct 2019 14:59:04 +0100 Subject: Add ethernet driver for rpi4 On master, it's using the default poky configuration. Signed-off-by: Laurent Bonnans --- classes/sota_raspberrypi.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/classes/sota_raspberrypi.bbclass b/classes/sota_raspberrypi.bbclass index c901a70..e158651 100644 --- a/classes/sota_raspberrypi.bbclass +++ b/classes/sota_raspberrypi.bbclass @@ -12,7 +12,7 @@ UBOOT_DTBO_LOADADDRESS = "0x06000000" # Deploy config fragment list to OSTree root fs IMAGE_INSTALL_append = " fit-conf" -DEV_MATCH_DIRECTIVE_pn-networkd-dhcp-conf = "Driver=smsc95xx lan78xx" +DEV_MATCH_DIRECTIVE_pn-networkd-dhcp-conf = "Driver=smsc95xx lan78xx bcmgenet" IMAGE_INSTALL_append_sota = " virtual/network-configuration " PREFERRED_PROVIDER_virtual/bootloader_sota ?= "u-boot" -- cgit v1.2.3-54-g00ecf