From 8da7de18c9b5a84bd594220121d9ab324427d057 Mon Sep 17 00:00:00 2001
From: Patrick Vacek <patrickvacek@gmail.com>
Date: Fri, 17 Nov 2017 12:11:38 +0100
Subject: Refactor Qemu interaction into seperate functions.

This should make it easy to make new test classes that launch
independent qemu instances with different configurations.
---
 lib/oeqa/selftest/updater.py | 81 ++++++++++++++++++++++++--------------------
 1 file changed, 44 insertions(+), 37 deletions(-)

diff --git a/lib/oeqa/selftest/updater.py b/lib/oeqa/selftest/updater.py
index ad99964..408f2c3 100644
--- a/lib/oeqa/selftest/updater.py
+++ b/lib/oeqa/selftest/updater.py
@@ -118,49 +118,16 @@ class QemuTests(oeSelfTest):
 
     @classmethod
     def setUpClass(cls):
-        logger = logging.getLogger("selftest")
-        logger.info('Running bitbake to build core-image-minimal')
-        bitbake('core-image-minimal')
-        # Create empty object.
-        args = type('', (), {})()
-        args.imagename = 'core-image-minimal'
-        args.mac = None
-        # Could use DEPLOY_DIR_IMAGE here but it's already in the machine
-        # subdirectory.
-        args.dir = 'tmp/deploy/images'
-        args.efi = False
-        args.machine = None
-        args.kvm = None  # Autodetect
-        args.no_gui = True
-        args.gdb = False
-        args.pcap = None
-        args.overlay = None
-        args.dry_run = False
-
-        cls.qemu = QemuCommand(args)
-        cmdline = cls.qemu.command_line()
-        print('Booting image with run-qemu-ota...')
-        cls.s = subprocess.Popen(cmdline)
-        time.sleep(10)
+        cls.qemu, cls.s = qemu_launch()
 
     @classmethod
     def tearDownClass(cls):
-        try:
-            cls.s.terminate()
-        except KeyboardInterrupt:
-            pass
-
-    def run_test_qemu(self, command):
-        command = ['ssh -q -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no root@localhost -p ' +
-                   str(self.qemu.ssh_port) + ' "' + command + '"']
-        s2 = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
-        value, err = s2.communicate()
-        return value, err
+        qemu_terminate(cls.s)
 
     def test_hostname(self):
         print('')
         print('Checking machine name (hostname) of device:')
-        value, err = self.run_test_qemu('hostname')
+        value, err = qemu_send_command(self.qemu.ssh_port, 'hostname')
         machine = get_bb_var('MACHINE', 'core-image-minimal')
         self.assertEqual(err, b'', 'Error: ' + err.decode())
         # Strip off line ending.
@@ -172,8 +139,48 @@ class QemuTests(oeSelfTest):
     def test_var_sota(self):
         print('')
         print('Checking contents of /var/sota:')
-        value, err = self.run_test_qemu('ls /var/sota')
+        value, err = qemu_send_command(self.qemu.ssh_port, 'ls /var/sota')
         self.assertEqual(err, b'', 'Error: ' + err.decode())
         print(value.decode())
 
 
+def qemu_launch():
+    logger = logging.getLogger("selftest")
+    logger.info('Running bitbake to build core-image-minimal')
+    bitbake('core-image-minimal')
+    # Create empty object.
+    args = type('', (), {})()
+    args.imagename = 'core-image-minimal'
+    args.mac = None
+    # Could use DEPLOY_DIR_IMAGE here but it's already in the machine
+    # subdirectory.
+    args.dir = 'tmp/deploy/images'
+    args.efi = False
+    args.machine = None
+    args.kvm = None  # Autodetect
+    args.no_gui = True
+    args.gdb = False
+    args.pcap = None
+    args.overlay = None
+    args.dry_run = False
+
+    qemu = QemuCommand(args)
+    cmdline = qemu.command_line()
+    print('Booting image with run-qemu-ota...')
+    s = subprocess.Popen(cmdline)
+    time.sleep(10)
+    return qemu, s
+
+def qemu_terminate(s):
+    try:
+        s.terminate()
+    except KeyboardInterrupt:
+        pass
+
+def qemu_send_command(port, command):
+    command = ['ssh -q -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no root@localhost -p ' +
+               str(port) + ' "' + command + '"']
+    s2 = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+    value, err = s2.communicate()
+    return value, err
+
-- 
cgit v1.2.3-54-g00ecf


From 495a4a4ec6d540e1045852bc92ef46aa6a6bd9d9 Mon Sep 17 00:00:00 2001
From: Patrick Vacek <patrickvacek@gmail.com>
Date: Fri, 17 Nov 2017 14:11:10 +0100
Subject: Test booting with grub.

---
 lib/oeqa/selftest/updater.py | 39 +++++++++++++++++++++++++++++++++++----
 1 file changed, 35 insertions(+), 4 deletions(-)

diff --git a/lib/oeqa/selftest/updater.py b/lib/oeqa/selftest/updater.py
index 408f2c3..e3d4fc3 100644
--- a/lib/oeqa/selftest/updater.py
+++ b/lib/oeqa/selftest/updater.py
@@ -118,7 +118,7 @@ class QemuTests(oeSelfTest):
 
     @classmethod
     def setUpClass(cls):
-        cls.qemu, cls.s = qemu_launch()
+        cls.qemu, cls.s = qemu_launch(machine='qemux86-64')
 
     @classmethod
     def tearDownClass(cls):
@@ -143,8 +143,39 @@ class QemuTests(oeSelfTest):
         self.assertEqual(err, b'', 'Error: ' + err.decode())
         print(value.decode())
 
+class GrubTests(oeSelfTest):
+
+    def setUpLocal(self):
+        # This is a bit of a hack but I can't see a better option.
+        path = os.path.abspath(os.path.dirname(__file__))
+        metadir = path + "/../../../../"
+        grub_config = 'OSTREE_BOOTLOADER = "grub"\nMACHINE = "intel-corei7-64"'
+        self.append_config(grub_config)
+        self.meta_intel = metadir + "meta-intel"
+        self.meta_minnow = metadir + "meta-updater-minnowboard"
+        runCmd('bitbake-layers add-layer "%s"' % self.meta_intel)
+        runCmd('bitbake-layers add-layer "%s"' % self.meta_minnow)
+        self.qemu, self.s = qemu_launch(efi=True, machine='intel-corei7-64')
+
+    def tearDownLocal(self):
+        qemu_terminate(self.s)
+        runCmd('bitbake-layers remove-layer "%s"' % self.meta_intel, ignore_status=True)
+        runCmd('bitbake-layers remove-layer "%s"' % self.meta_minnow, ignore_status=True)
+
+    def test_grub(self):
+        print('')
+        print('Checking machine name (hostname) of device:')
+        value, err = qemu_send_command(self.qemu.ssh_port, 'hostname')
+        machine = get_bb_var('MACHINE', 'core-image-minimal')
+        self.assertEqual(err, b'', 'Error: ' + err.decode())
+        # Strip off line ending.
+        value_str = value.decode()[:-1]
+        self.assertEqual(value_str, machine,
+                         'MACHINE does not match hostname: ' + machine + ', ' + value_str)
+        print(value_str)
+
 
-def qemu_launch():
+def qemu_launch(efi=False, machine=None):
     logger = logging.getLogger("selftest")
     logger.info('Running bitbake to build core-image-minimal')
     bitbake('core-image-minimal')
@@ -155,8 +186,8 @@ def qemu_launch():
     # Could use DEPLOY_DIR_IMAGE here but it's already in the machine
     # subdirectory.
     args.dir = 'tmp/deploy/images'
-    args.efi = False
-    args.machine = None
+    args.efi = efi
+    args.machine = machine
     args.kvm = None  # Autodetect
     args.no_gui = True
     args.gdb = False
-- 
cgit v1.2.3-54-g00ecf


From 2ca5e74b17a01f5b0697382157241c595539b44f Mon Sep 17 00:00:00 2001
From: Anton Gerasimov <anton@advancedtelematic.com>
Date: Tue, 21 Nov 2017 11:26:53 +0100
Subject: Check if the package and UPTANE target got to the backend

---
 classes/image_types_ostree.bbclass      | 17 ++++++++++++++---
 classes/sota.bbclass                    |  2 +-
 recipes-sota/aktualizr/aktualizr_git.bb |  2 +-
 3 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass
index 172f2c8..db8cae6 100644
--- a/classes/image_types_ostree.bbclass
+++ b/classes/image_types_ostree.bbclass
@@ -183,7 +183,7 @@ IMAGE_DEPENDS_garagesign = "garage-sign-native:do_populate_sysroot"
 IMAGE_CMD_garagesign () {
     if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
         # if credentials are issued by a server that doesn't support offline signing, exit silently
-        unzip -p ${SOTA_PACKED_CREDENTIALS} root.json targets.pub targets.sec 2>&1 >/dev/null || exit 0
+        unzip -p ${SOTA_PACKED_CREDENTIALS} root.json targets.pub targets.sec repo.url 2>&1 >/dev/null || exit 0
 
         java_version=$( java -version 2>&1 | awk -F '"' '/version/ {print $2}' )
         if [ "${java_version}" = "" ]; then
@@ -227,9 +227,20 @@ IMAGE_CMD_garagesign () {
             bberror "Couldn't push to garage repository"
             exit 1
         fi
-    else
-        bbwarn "SOTA_PACKED_CREDENTIALS not set. Please add SOTA_PACKED_CREDENTIALS."
     fi
 }
 
+IMAGE_TYPEDEP_garagecheck = "ostreepush garagesign"
+IMAGE_DEPENDS_garagecheck = "aktualizr-native:do_populate_sysroot"
+IMAGE_CMD_garagecheck () {
+    if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
+        # if credentials are issued by a server that doesn't support offline signing, exit silently
+        unzip -p ${SOTA_PACKED_CREDENTIALS} root.json targets.pub targets.sec repo.url 2>&1 >/dev/null || exit 0
+        ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME})
+
+        garage-check --ref=${ostree_target_hash} \
+                     --credentials=${SOTA_PACKED_CREDENTIALS} \
+                     --cacert=${STAGING_ETCDIR_NATIVE}/ssl/certs/ca-certificates.crt
+    fi
+}
 # vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/classes/sota.bbclass b/classes/sota.bbclass
index f5a42c1..0f42332 100644
--- a/classes/sota.bbclass
+++ b/classes/sota.bbclass
@@ -11,7 +11,7 @@ SOTA_CLIENT ??= "aktualizr"
 SOTA_CLIENT_PROV ??= "aktualizr-auto-prov"
 IMAGE_INSTALL_append_sota = " ostree os-release ${SOTA_CLIENT} ${SOTA_CLIENT_PROV}"
 IMAGE_CLASSES += " image_types_ostree image_types_ota"
-IMAGE_FSTYPES += "${@bb.utils.contains('DISTRO_FEATURES', 'sota', 'ostreepush garagesign otaimg wic', ' ', d)}"
+IMAGE_FSTYPES += "${@bb.utils.contains('DISTRO_FEATURES', 'sota', 'ostreepush garagesign garagecheck otaimg wic', ' ', d)}"
 
 PACKAGECONFIG_append_pn-curl = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', " ssl", " ", d)}"
 PACKAGECONFIG_remove_pn-curl = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', " gnutls", " ", d)}"
diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb
index 162065e..3cd8a64 100644
--- a/recipes-sota/aktualizr/aktualizr_git.bb
+++ b/recipes-sota/aktualizr/aktualizr_git.bb
@@ -18,7 +18,7 @@ PR = "7"
 SRC_URI = " \
   git://github.com/advancedtelematic/aktualizr;branch=${BRANCH} \
   "
-SRCREV = "f043191ae622a96cf2f4d48f9073d5cfa9f16e3f"
+SRCREV = "612da8cae6e72ce7250de2fb5333af0d7041de7b"
 BRANCH ?= "master"
 
 S = "${WORKDIR}/git"
-- 
cgit v1.2.3-54-g00ecf


From 253ba5f803615dd0c9213a68886ba4250cc4e3e1 Mon Sep 17 00:00:00 2001
From: Anton Gerasimov <anton@advancedtelematic.com>
Date: Wed, 22 Nov 2017 14:50:37 +0100
Subject: Rename repo.url -> tufrepo.url

Also pass this URL to garage-sign
---
 classes/image_types_ostree.bbclass      | 10 +++-------
 recipes-sota/aktualizr/aktualizr_git.bb |  2 +-
 2 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass
index db8cae6..ea3c7a2 100644
--- a/classes/image_types_ostree.bbclass
+++ b/classes/image_types_ostree.bbclass
@@ -183,7 +183,7 @@ IMAGE_DEPENDS_garagesign = "garage-sign-native:do_populate_sysroot"
 IMAGE_CMD_garagesign () {
     if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
         # if credentials are issued by a server that doesn't support offline signing, exit silently
-        unzip -p ${SOTA_PACKED_CREDENTIALS} root.json targets.pub targets.sec repo.url 2>&1 >/dev/null || exit 0
+        unzip -p ${SOTA_PACKED_CREDENTIALS} root.json targets.pub targets.sec tufrepo.url 2>&1 >/dev/null || exit 0
 
         java_version=$( java -version 2>&1 | awk -F '"' '/version/ {print $2}' )
         if [ "${java_version}" = "" ]; then
@@ -198,11 +198,7 @@ IMAGE_CMD_garagesign () {
             garage-sign init --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --credentials ${SOTA_PACKED_CREDENTIALS}
         fi
 
-        if [ -n "${GARAGE_SIGN_REPOSERVER}" ]; then
-            reposerver_args="--reposerver ${GARAGE_SIGN_REPOSERVER}"
-        else
-            reposerver_args=""
-        fi
+        reposerver_args="--reposerver $( unzip -p ${SOTA_PACKED_CREDENTIALS} tufrepo.url )"
 
         ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME})
 
@@ -235,7 +231,7 @@ IMAGE_DEPENDS_garagecheck = "aktualizr-native:do_populate_sysroot"
 IMAGE_CMD_garagecheck () {
     if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
         # if credentials are issued by a server that doesn't support offline signing, exit silently
-        unzip -p ${SOTA_PACKED_CREDENTIALS} root.json targets.pub targets.sec repo.url 2>&1 >/dev/null || exit 0
+        unzip -p ${SOTA_PACKED_CREDENTIALS} root.json targets.pub targets.sec tufrepo.url 2>&1 >/dev/null || exit 0
         ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME})
 
         garage-check --ref=${ostree_target_hash} \
diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb
index 3cd8a64..6c4b57c 100644
--- a/recipes-sota/aktualizr/aktualizr_git.bb
+++ b/recipes-sota/aktualizr/aktualizr_git.bb
@@ -18,7 +18,7 @@ PR = "7"
 SRC_URI = " \
   git://github.com/advancedtelematic/aktualizr;branch=${BRANCH} \
   "
-SRCREV = "612da8cae6e72ce7250de2fb5333af0d7041de7b"
+SRCREV = "5c871180bc3c1f845d0e95e6f4876a581ed0f919"
 BRANCH ?= "master"
 
 S = "${WORKDIR}/git"
-- 
cgit v1.2.3-54-g00ecf


From d3d3460abd0bbe67cd17db88f2c529435a95c609 Mon Sep 17 00:00:00 2001
From: Anton Gerasimov <anton@advancedtelematic.com>
Date: Fri, 24 Nov 2017 14:54:24 +0100
Subject: Bump aktualizr version for good

Should fix PRO-4260
---
 recipes-sota/aktualizr/aktualizr_git.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb
index 6c4b57c..8b1b1ca 100644
--- a/recipes-sota/aktualizr/aktualizr_git.bb
+++ b/recipes-sota/aktualizr/aktualizr_git.bb
@@ -18,7 +18,7 @@ PR = "7"
 SRC_URI = " \
   git://github.com/advancedtelematic/aktualizr;branch=${BRANCH} \
   "
-SRCREV = "5c871180bc3c1f845d0e95e6f4876a581ed0f919"
+SRCREV = "31d5954aaa16d1e1a14a1872b136e94ec4f79479"
 BRANCH ?= "master"
 
 S = "${WORKDIR}/git"
-- 
cgit v1.2.3-54-g00ecf


From 261f3f8f22cc366626fabc8a51e9a53d7589dc5b Mon Sep 17 00:00:00 2001
From: Patrick Vacek <patrickvacek@gmail.com>
Date: Mon, 27 Nov 2017 12:23:38 +0100
Subject: Actually do something with aktualizr-info.

---
 recipes-sota/aktualizr/aktualizr_git.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb
index 8b1b1ca..de1c801 100644
--- a/recipes-sota/aktualizr/aktualizr_git.bb
+++ b/recipes-sota/aktualizr/aktualizr_git.bb
@@ -39,10 +39,12 @@ do_install_append_class-target () {
 }
 do_install_append_class-native () {
     rm -f ${D}${bindir}/aktualizr
+    rm -f ${D}${bindir}/aktualizr-info
 }
 
 FILES_${PN}_class-target = " \
                 ${bindir}/aktualizr \
+                ${bindir}/aktualizr-info \
                 "
 FILES_${PN}_class-native = " \
                 ${bindir}/aktualizr_implicit_writer \
-- 
cgit v1.2.3-54-g00ecf


From f110c624d682b50dfc40f64bf9973f2fad242dab Mon Sep 17 00:00:00 2001
From: Patrick Vacek <patrickvacek@gmail.com>
Date: Mon, 27 Nov 2017 12:24:52 +0100
Subject: Bump aktualizr version for C++98 standard fix.

---
 recipes-sota/aktualizr/aktualizr_git.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb
index de1c801..140a670 100644
--- a/recipes-sota/aktualizr/aktualizr_git.bb
+++ b/recipes-sota/aktualizr/aktualizr_git.bb
@@ -18,7 +18,7 @@ PR = "7"
 SRC_URI = " \
   git://github.com/advancedtelematic/aktualizr;branch=${BRANCH} \
   "
-SRCREV = "31d5954aaa16d1e1a14a1872b136e94ec4f79479"
+SRCREV = "860553a1c98513bf43f6ce98491bf65addcf7e48"
 BRANCH ?= "master"
 
 S = "${WORKDIR}/git"
-- 
cgit v1.2.3-54-g00ecf


From 6f13bd2461f88f9658a3d94bffe9550d05fa5da4 Mon Sep 17 00:00:00 2001
From: Phil Wise <phil@advancedtelematic.com>
Date: Tue, 28 Nov 2017 08:22:26 +0100
Subject: Fix builds outside the .repo directory

The repo tool searches up the directory tree to find the .repo directory.
Cleanly handle the case where it can't find anything.
---
 classes/image_repo_manifest.bbclass | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/classes/image_repo_manifest.bbclass b/classes/image_repo_manifest.bbclass
index d508574..2012363 100644
--- a/classes/image_repo_manifest.bbclass
+++ b/classes/image_repo_manifest.bbclass
@@ -14,9 +14,9 @@ HOSTTOOLS_NONFATAL += " repo "
 # Write build information to target filesystem
 buildinfo () {
   if [ $(which repo) ]; then
-    repo manifest --revision-as-HEAD -o ${IMAGE_ROOTFS}${sysconfdir}/manifest.xml
+    repo manifest --revision-as-HEAD -o ${IMAGE_ROOTFS}${sysconfdir}/manifest.xml || echo "Android repo tool failed to run; manifest not copied"
   else
-    echo "Android repo tool not food; manifest not copied."
+    echo "Android repo tool not found; manifest not copied."
   fi
 }
 
-- 
cgit v1.2.3-54-g00ecf


From a212eae4a5878860917e93c9268a5e57d94d70f9 Mon Sep 17 00:00:00 2001
From: Anton Gerasimov <anton@advancedtelematic.com>
Date: Tue, 28 Nov 2017 10:46:07 +0100
Subject: Remove sdimg-rpi from IMAGE_FSTYPES

The image is incompatible with meta-updater and we have our own
---
 classes/sota_raspberrypi.bbclass | 1 +
 1 file changed, 1 insertion(+)

diff --git a/classes/sota_raspberrypi.bbclass b/classes/sota_raspberrypi.bbclass
index 51d07b2..f8e7347 100644
--- a/classes/sota_raspberrypi.bbclass
+++ b/classes/sota_raspberrypi.bbclass
@@ -3,6 +3,7 @@ PREFERRED_PROVIDER_virtual/bootloader_sota ?= "u-boot"
 UBOOT_MACHINE_raspberrypi2_sota ?= "rpi_2_defconfig"
 UBOOT_MACHINE_raspberrypi3_sota ?= "rpi_3_32b_defconfig"
 
+IMAGE_FSTYPES_remove_sota = "rpi-sdimg"
 OSTREE_BOOTLOADER ?= "u-boot"
 
 # OSTree puts its own boot.scr to bcm2835-bootfiles
-- 
cgit v1.2.3-54-g00ecf


From 7a973cbc775e4f384eeba1613eef71c74c687004 Mon Sep 17 00:00:00 2001
From: Anton Gerasimov <anton@advancedtelematic.com>
Date: Thu, 30 Nov 2017 14:39:40 +0100
Subject: Remove aktualizr-manual-provision.service

We don't support this scenario any more and it makes testing more complicated.
---
 recipes-sota/aktualizr/aktualizr-auto-prov.bb               |  7 +++----
 recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb           |  4 ++--
 recipes-sota/aktualizr/aktualizr-implicit-prov.bb           |  4 ++--
 .../aktualizr/files/aktualizr-autoprovision.service         | 13 -------------
 .../aktualizr/files/aktualizr-manual-provision.service      | 13 -------------
 recipes-sota/aktualizr/files/aktualizr.service              | 13 +++++++++++++
 6 files changed, 20 insertions(+), 34 deletions(-)
 delete mode 100644 recipes-sota/aktualizr/files/aktualizr-autoprovision.service
 delete mode 100644 recipes-sota/aktualizr/files/aktualizr-manual-provision.service
 create mode 100644 recipes-sota/aktualizr/files/aktualizr.service

diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov.bb b/recipes-sota/aktualizr/aktualizr-auto-prov.bb
index 4f9fe4f..4436d48 100644
--- a/recipes-sota/aktualizr/aktualizr-auto-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-auto-prov.bb
@@ -11,8 +11,7 @@ PR = "6"
 
 SRC_URI = " \
   file://LICENSE \
-  file://aktualizr-manual-provision.service \
-  file://aktualizr-autoprovision.service \
+  file://aktualizr.service \
   file://sota_autoprov.toml \
   "
 
@@ -38,7 +37,7 @@ do_install_append() {
 
     if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
         install -d ${D}/${systemd_unitdir}/system
-        install -m 0644 ${WORKDIR}/aktualizr-autoprovision.service ${D}/${systemd_unitdir}/system/aktualizr.service
+        install -m 0644 ${WORKDIR}/aktualizr.service ${D}/${systemd_unitdir}/system/aktualizr.service
         install -d ${D}${libdir}/sota
         install -m "0644" ${WORKDIR}/sota_autoprov.toml ${D}${libdir}/sota/sota.toml
 
@@ -51,7 +50,7 @@ do_install_append() {
       fi
     else
         install -d ${D}/${systemd_unitdir}/system
-        install -m 0644 ${WORKDIR}/aktualizr-manual-provision.service ${D}/${systemd_unitdir}/system/aktualizr.service
+        install -m 0644 ${WORKDIR}/aktualizr.service ${D}/${systemd_unitdir}/system/aktualizr.service
     fi
 }
 
diff --git a/recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb b/recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb
index c443c56..33e472b 100644
--- a/recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb
@@ -10,7 +10,7 @@ RDEPENDS_${PN} = "aktualizr softhsm softhsm-testtoken"
 
 SRC_URI = " \
   file://LICENSE \
-  file://aktualizr-autoprovision.service \
+  file://aktualizr.service \
   file://sota_hsm_test.toml \
   "
 PV = "1.0"
@@ -22,7 +22,7 @@ inherit systemd
 
 do_install() {
     install -d ${D}/${systemd_unitdir}/system
-    install -m 0644 ${WORKDIR}/aktualizr-autoprovision.service ${D}/${systemd_unitdir}/system/aktualizr.service
+    install -m 0644 ${WORKDIR}/aktualizr.service ${D}/${systemd_unitdir}/system/aktualizr.service
     install -d ${D}${libdir}/sota
     aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} --no-root-ca \
         -i ${WORKDIR}/sota_hsm_test.toml -o ${D}${libdir}/sota/sota.toml -p ${D}
diff --git a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
index 21e38c9..a1db87f 100644
--- a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
@@ -11,7 +11,7 @@ PR = "1"
 
 SRC_URI = " \
   file://LICENSE \
-  file://aktualizr-autoprovision.service \
+  file://aktualizr.service \
   file://sota_implicit_prov.toml \
   "
 
@@ -21,7 +21,7 @@ inherit systemd
 
 do_install() {
     install -d ${D}/${systemd_unitdir}/system
-    install -m 0644 ${WORKDIR}/aktualizr-autoprovision.service ${D}/${systemd_unitdir}/system/aktualizr.service
+    install -m 0644 ${WORKDIR}/aktualizr.service ${D}/${systemd_unitdir}/system/aktualizr.service
     install -d ${D}${libdir}/sota
     aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} \
         -i ${WORKDIR}/sota_implicit_prov.toml -o ${D}${libdir}/sota/sota.toml -p ${D}
diff --git a/recipes-sota/aktualizr/files/aktualizr-autoprovision.service b/recipes-sota/aktualizr/files/aktualizr-autoprovision.service
deleted file mode 100644
index 8cb8d78..0000000
--- a/recipes-sota/aktualizr/files/aktualizr-autoprovision.service
+++ /dev/null
@@ -1,13 +0,0 @@
-[Unit]
-Description=Aktualizr SOTA Client
-Wants=network-online.target
-After=network.target network-online.target
-Requires=network-online.target
-
-[Service]
-RestartSec=10
-Restart=always
-ExecStart=/usr/bin/aktualizr --config /usr/lib/sota/sota.toml
-
-[Install]
-WantedBy=multi-user.target
diff --git a/recipes-sota/aktualizr/files/aktualizr-manual-provision.service b/recipes-sota/aktualizr/files/aktualizr-manual-provision.service
deleted file mode 100644
index a70f2f9..0000000
--- a/recipes-sota/aktualizr/files/aktualizr-manual-provision.service
+++ /dev/null
@@ -1,13 +0,0 @@
-[Unit]
-Description=Aktualizr SOTA Client
-Wants=network-online.target
-After=network.target network-online.target
-Requires=network-online.target
-
-[Service]
-RestartSec=10
-Restart=always
-ExecStart=/usr/bin/aktualizr --config /sysroot/boot/sota.toml --loglevel 2
-
-[Install]
-WantedBy=multi-user.target
diff --git a/recipes-sota/aktualizr/files/aktualizr.service b/recipes-sota/aktualizr/files/aktualizr.service
new file mode 100644
index 0000000..8cb8d78
--- /dev/null
+++ b/recipes-sota/aktualizr/files/aktualizr.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Aktualizr SOTA Client
+Wants=network-online.target
+After=network.target network-online.target
+Requires=network-online.target
+
+[Service]
+RestartSec=10
+Restart=always
+ExecStart=/usr/bin/aktualizr --config /usr/lib/sota/sota.toml
+
+[Install]
+WantedBy=multi-user.target
-- 
cgit v1.2.3-54-g00ecf


From fba014fd897e938a130d1229929839c7930bc671 Mon Sep 17 00:00:00 2001
From: Phil Wise <phil@advancedtelematic.com>
Date: Fri, 1 Dec 2017 11:04:56 +0100
Subject: Add a hint when machine autodetection fails

Also fix a pylint warning about indentation
---
 scripts/qemucommand.py | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/scripts/qemucommand.py b/scripts/qemucommand.py
index 82a9540..9a893d8 100644
--- a/scripts/qemucommand.py
+++ b/scripts/qemucommand.py
@@ -46,7 +46,7 @@ class QemuCommand(object):
             if len(machines) == 1:
                 self.machine = machines[0]
             else:
-                raise ValueError("Could not autodetect machine type from %s" % args.dir)
+                raise ValueError("Could not autodetect machine type. More than one entry in %s. Maybe --machine qemux86-64?" % args.dir)
         if args.efi:
             self.bios = 'OVMF.fd'
         else:
@@ -118,10 +118,9 @@ class QemuCommand(object):
 
     def img_command_line(self):
         cmdline = [
-        "qemu-img", "create",
-        "-o", "backing_file=%s" % self.image,
-        "-f", "qcow2",
-        self.overlay]
+            "qemu-img", "create",
+            "-o", "backing_file=%s" % self.image,
+            "-f", "qcow2",
+            self.overlay]
         return cmdline
 
-
-- 
cgit v1.2.3-54-g00ecf


From 4a8889661693ce23880c73c2e35e3112ea55f139 Mon Sep 17 00:00:00 2001
From: Anton Gerasimov <anton@advancedtelematic.com>
Date: Fri, 1 Dec 2017 16:29:24 +0100
Subject: Add spaces before "_append" clauses

Under some conditions missing space can lead to a corrupted environment variable
---
 recipes-sota/aktualizr/aktualizr_git.bb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb
index 140a670..d6beecb 100644
--- a/recipes-sota/aktualizr/aktualizr_git.bb
+++ b/recipes-sota/aktualizr/aktualizr_git.bb
@@ -28,8 +28,8 @@ inherit cmake
 BBCLASSEXTEND =+ "native"
 
 EXTRA_OECMAKE = "-DWARNING_AS_ERROR=OFF -DCMAKE_BUILD_TYPE=Release -DAKTUALIZR_VERSION=${PV} "
-EXTRA_OECMAKE_append_class-target = "-DBUILD_OSTREE=ON ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', '-DBUILD_P11=ON', '', d)} "
-EXTRA_OECMAKE_append_class-native = "-DBUILD_SOTA_TOOLS=ON -DBUILD_OSTREE=OFF "
+EXTRA_OECMAKE_append_class-target = " -DBUILD_OSTREE=ON ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', '-DBUILD_P11=ON', '', d)} "
+EXTRA_OECMAKE_append_class-native = " -DBUILD_SOTA_TOOLS=ON -DBUILD_OSTREE=OFF "
 
 do_install_append () {
     rm -f ${D}${bindir}/aktualizr_cert_provider
-- 
cgit v1.2.3-54-g00ecf


From 0643f7204cf0fa34e513563772431c0e293074bc Mon Sep 17 00:00:00 2001
From: Anton Gerasimov <anton@advancedtelematic.com>
Date: Mon, 4 Dec 2017 14:50:26 +0100
Subject: Provide user interface to add legacy secondary bridge

---
 recipes-sota/aktualizr/aktualizr-auto-prov.bb     |  2 ++
 recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb |  2 ++
 recipes-sota/aktualizr/aktualizr-implicit-prov.bb |  2 ++
 recipes-sota/aktualizr/environment.inc            | 10 ++++++++++
 recipes-sota/aktualizr/files/aktualizr.service    |  3 ++-
 5 files changed, 18 insertions(+), 1 deletion(-)
 create mode 100644 recipes-sota/aktualizr/environment.inc

diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov.bb b/recipes-sota/aktualizr/aktualizr-auto-prov.bb
index 4436d48..4a802f5 100644
--- a/recipes-sota/aktualizr/aktualizr-auto-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-auto-prov.bb
@@ -19,6 +19,8 @@ SYSTEMD_SERVICE_${PN} = "aktualizr.service"
 
 inherit systemd
 
+require environment.inc
+
 export SOTA_PACKED_CREDENTIALS
 
 do_install_append() {
diff --git a/recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb b/recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb
index 33e472b..4761f25 100644
--- a/recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb
@@ -20,6 +20,8 @@ SYSTEMD_SERVICE_${PN} = "aktualizr.service"
 
 inherit systemd
 
+require environment.inc
+
 do_install() {
     install -d ${D}/${systemd_unitdir}/system
     install -m 0644 ${WORKDIR}/aktualizr.service ${D}/${systemd_unitdir}/system/aktualizr.service
diff --git a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
index a1db87f..ba8a16b 100644
--- a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
@@ -19,6 +19,8 @@ SYSTEMD_SERVICE_${PN} = "aktualizr.service"
 
 inherit systemd
 
+require environment.inc
+
 do_install() {
     install -d ${D}/${systemd_unitdir}/system
     install -m 0644 ${WORKDIR}/aktualizr.service ${D}/${systemd_unitdir}/system/aktualizr.service
diff --git a/recipes-sota/aktualizr/environment.inc b/recipes-sota/aktualizr/environment.inc
new file mode 100644
index 0000000..a811508
--- /dev/null
+++ b/recipes-sota/aktualizr/environment.inc
@@ -0,0 +1,10 @@
+do_install_append() {
+  if [ -n "${SOTA_LEGACY_SECONDARY_INTERFACE}" ]; then
+    AKTUALIZR_PARAMETERS_LEGACYSEC="--legacy-interface ${SOTA_LEGACY_SECONDARY_INTERFACE}";
+  fi
+
+  AKTUALIZR_PARAMETERS_CONFIGFILE="--config /usr/lib/sota/sota.toml"
+  echo "AKTUALIZR_CMDLINE_PARAMETERS=${AKTUALIZR_PARAMETERS_CONFIGFILE} ${AKTUALIZR_PARAMETERS_LEGACYSEC}" > ${D}${libdir}/sota/sota.env
+}
+
+FILES_${PN}_append = " ${libdir}/sota/sota.env"
diff --git a/recipes-sota/aktualizr/files/aktualizr.service b/recipes-sota/aktualizr/files/aktualizr.service
index 8cb8d78..b6df9d7 100644
--- a/recipes-sota/aktualizr/files/aktualizr.service
+++ b/recipes-sota/aktualizr/files/aktualizr.service
@@ -7,7 +7,8 @@ Requires=network-online.target
 [Service]
 RestartSec=10
 Restart=always
-ExecStart=/usr/bin/aktualizr --config /usr/lib/sota/sota.toml
+EnvironmentFile=/usr/lib/sota/sota.env
+ExecStart=/usr/bin/aktualizr $AKTUALIZR_CMDLINE_PARAMETERS
 
 [Install]
 WantedBy=multi-user.target
-- 
cgit v1.2.3-54-g00ecf


From 3e2f51ec1a3af07064ebdcd522310c9623f78ff0 Mon Sep 17 00:00:00 2001
From: Anton Gerasimov <anton@advancedtelematic.com>
Date: Mon, 4 Dec 2017 16:14:31 +0100
Subject: Add support for virtual secondaries

---
 recipes-sota/aktualizr/environment.inc | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/recipes-sota/aktualizr/environment.inc b/recipes-sota/aktualizr/environment.inc
index a811508..cba77e7 100644
--- a/recipes-sota/aktualizr/environment.inc
+++ b/recipes-sota/aktualizr/environment.inc
@@ -1,10 +1,17 @@
+export SOTA_LEGACY_SECONDARY_INTERFACE
+export SOTA_VIRTUAL_SECONDARIES
+
 do_install_append() {
   if [ -n "${SOTA_LEGACY_SECONDARY_INTERFACE}" ]; then
     AKTUALIZR_PARAMETERS_LEGACYSEC="--legacy-interface ${SOTA_LEGACY_SECONDARY_INTERFACE}";
   fi
 
   AKTUALIZR_PARAMETERS_CONFIGFILE="--config /usr/lib/sota/sota.toml"
-  echo "AKTUALIZR_CMDLINE_PARAMETERS=${AKTUALIZR_PARAMETERS_CONFIGFILE} ${AKTUALIZR_PARAMETERS_LEGACYSEC}" > ${D}${libdir}/sota/sota.env
+  for sec in ${SOTA_VIRTUAL_SECONDARIES}; do
+    AKTUALIZR_PARAMETERS_VIRTUALSECS="${AKTUALIZR_PARAMETERS_VIRTUALSECS} --secondary-config $sec"
+  done
+
+  echo "AKTUALIZR_CMDLINE_PARAMETERS=${AKTUALIZR_PARAMETERS_CONFIGFILE} ${AKTUALIZR_PARAMETERS_LEGACYSEC} ${AKTUALIZR_PARAMETERS_VIRTUALSECS}" > ${D}${libdir}/sota/sota.env
 }
 
 FILES_${PN}_append = " ${libdir}/sota/sota.env"
-- 
cgit v1.2.3-54-g00ecf


From 85095e8dc9beda9a3c6e070bc303276ac02a7281 Mon Sep 17 00:00:00 2001
From: Anton Gerasimov <anton@advancedtelematic.com>
Date: Thu, 30 Nov 2017 10:41:38 +0100
Subject: Use *.toml files provided in aktualizr github repo

This enables backwards incompatible changes to configuration format
---
 recipes-sota/aktualizr/aktualizr-auto-prov.bb        |  5 ++---
 recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb    |  3 +--
 recipes-sota/aktualizr/aktualizr-implicit-prov.bb    |  3 +--
 recipes-sota/aktualizr/aktualizr_git.bb              |  7 ++++++-
 recipes-sota/aktualizr/files/sota_autoprov.toml      | 14 --------------
 recipes-sota/aktualizr/files/sota_hsm_test.toml      | 18 ------------------
 recipes-sota/aktualizr/files/sota_implicit_prov.toml | 11 -----------
 7 files changed, 10 insertions(+), 51 deletions(-)
 delete mode 100644 recipes-sota/aktualizr/files/sota_autoprov.toml
 delete mode 100644 recipes-sota/aktualizr/files/sota_hsm_test.toml
 delete mode 100644 recipes-sota/aktualizr/files/sota_implicit_prov.toml

diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov.bb b/recipes-sota/aktualizr/aktualizr-auto-prov.bb
index 4436d48..e44530a 100644
--- a/recipes-sota/aktualizr/aktualizr-auto-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-auto-prov.bb
@@ -4,7 +4,7 @@ HOMEPAGE = "https://github.com/advancedtelematic/aktualizr"
 SECTION = "base"
 LICENSE = "MPL-2.0"
 LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE;md5=9741c346eef56131163e13b9db1241b3"
-DEPENDS = "zip-native"
+DEPENDS = "aktualizr-native zip-native"
 RDEPENDS_${PN} = "aktualizr"
 PV = "1.0"
 PR = "6"
@@ -12,7 +12,6 @@ PR = "6"
 SRC_URI = " \
   file://LICENSE \
   file://aktualizr.service \
-  file://sota_autoprov.toml \
   "
 
 SYSTEMD_SERVICE_${PN} = "aktualizr.service"
@@ -39,7 +38,7 @@ do_install_append() {
         install -d ${D}/${systemd_unitdir}/system
         install -m 0644 ${WORKDIR}/aktualizr.service ${D}/${systemd_unitdir}/system/aktualizr.service
         install -d ${D}${libdir}/sota
-        install -m "0644" ${WORKDIR}/sota_autoprov.toml ${D}${libdir}/sota/sota.toml
+        install -m "0644" ${STAGING_DIR_NATIVE}/${libdir}/sota/sota_autoprov.toml ${D}${libdir}/sota/sota.toml
 
       # deploy SOTA credentials
       if [ -e ${SOTA_PACKED_CREDENTIALS} ]; then
diff --git a/recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb b/recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb
index 33e472b..cc34528 100644
--- a/recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb
@@ -11,7 +11,6 @@ RDEPENDS_${PN} = "aktualizr softhsm softhsm-testtoken"
 SRC_URI = " \
   file://LICENSE \
   file://aktualizr.service \
-  file://sota_hsm_test.toml \
   "
 PV = "1.0"
 PR = "6"
@@ -25,7 +24,7 @@ do_install() {
     install -m 0644 ${WORKDIR}/aktualizr.service ${D}/${systemd_unitdir}/system/aktualizr.service
     install -d ${D}${libdir}/sota
     aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} --no-root-ca \
-        -i ${WORKDIR}/sota_hsm_test.toml -o ${D}${libdir}/sota/sota.toml -p ${D}
+        -i ${STAGING_DIR_NATIVE}/${libdir}/sota/sota_hsm_test.toml -o ${D}${libdir}/sota/sota.toml -p ${D}
 }
 
 FILES_${PN} = " \
diff --git a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
index a1db87f..5688b95 100644
--- a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
@@ -12,7 +12,6 @@ PR = "1"
 SRC_URI = " \
   file://LICENSE \
   file://aktualizr.service \
-  file://sota_implicit_prov.toml \
   "
 
 SYSTEMD_SERVICE_${PN} = "aktualizr.service"
@@ -24,7 +23,7 @@ do_install() {
     install -m 0644 ${WORKDIR}/aktualizr.service ${D}/${systemd_unitdir}/system/aktualizr.service
     install -d ${D}${libdir}/sota
     aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} \
-        -i ${WORKDIR}/sota_implicit_prov.toml -o ${D}${libdir}/sota/sota.toml -p ${D}
+        -i ${STAGING_DIR_NATIVE}/${libdir}/sota/sota_implicit_prov.toml -o ${D}${libdir}/sota/sota.toml -p ${D}
 }
 
 FILES_${PN} = " \
diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb
index d6beecb..e713571 100644
--- a/recipes-sota/aktualizr/aktualizr_git.bb
+++ b/recipes-sota/aktualizr/aktualizr_git.bb
@@ -18,7 +18,7 @@ PR = "7"
 SRC_URI = " \
   git://github.com/advancedtelematic/aktualizr;branch=${BRANCH} \
   "
-SRCREV = "860553a1c98513bf43f6ce98491bf65addcf7e48"
+SRCREV = "1fb258b13547e229043113380e4a69d404756524"
 BRANCH ?= "master"
 
 S = "${WORKDIR}/git"
@@ -40,6 +40,10 @@ do_install_append_class-target () {
 do_install_append_class-native () {
     rm -f ${D}${bindir}/aktualizr
     rm -f ${D}${bindir}/aktualizr-info
+    install -d ${D}${libdir}/sota
+    install -m 0644 ${S}/config/sota_autoprov.toml ${D}/${libdir}/sota/sota_autoprov.toml
+    install -m 0644 ${S}/config/sota_hsm_test.toml ${D}/${libdir}/sota/sota_hsm_test.toml
+    install -m 0644 ${S}/config/sota_implicit_prov.toml ${D}/${libdir}/sota/sota_implicit_prov.toml
 }
 
 FILES_${PN}_class-target = " \
@@ -50,4 +54,5 @@ FILES_${PN}_class-native = " \
                 ${bindir}/aktualizr_implicit_writer \
                 ${bindir}/garage-deploy \
                 ${bindir}/garage-push \
+                ${libdir}/sota/* \
                 "
diff --git a/recipes-sota/aktualizr/files/sota_autoprov.toml b/recipes-sota/aktualizr/files/sota_autoprov.toml
deleted file mode 100644
index 9fbb093..0000000
--- a/recipes-sota/aktualizr/files/sota_autoprov.toml
+++ /dev/null
@@ -1,14 +0,0 @@
-[tls]
-certificates_directory = "/var/sota/"
-ca_file = "root.crt"
-client_certificate = "client.pem"
-pkey_file = "pkey.pem"
-
-[uptane]
-metadata_path = "/var/sota/metadata"
-private_key_path = "ecukey.der"
-public_key_path = "ecukey.pub"
-
-[provision]
-provision_path = "/var/sota/sota_provisioning_credentials.zip"
-
diff --git a/recipes-sota/aktualizr/files/sota_hsm_test.toml b/recipes-sota/aktualizr/files/sota_hsm_test.toml
deleted file mode 100644
index 28aefc2..0000000
--- a/recipes-sota/aktualizr/files/sota_hsm_test.toml
+++ /dev/null
@@ -1,18 +0,0 @@
-[tls]
-certificates_directory = "/var/sota/"
-ca_file = "/var/sota/token/root.crt"
-client_certificate = "01"
-cert_source = "pkcs11"
-pkey_file = "02"
-pkey_source = "pkcs11"
-
-[p11]
-module = "/usr/lib/softhsm/libsofthsm2.so"
-pass = "1234"
-
-[uptane]
-metadata_path = "/var/sota/metadata"
-key_source = "pkcs11"
-private_key_path = "03"
-public_key_path = "03"
-
diff --git a/recipes-sota/aktualizr/files/sota_implicit_prov.toml b/recipes-sota/aktualizr/files/sota_implicit_prov.toml
deleted file mode 100644
index 756c868..0000000
--- a/recipes-sota/aktualizr/files/sota_implicit_prov.toml
+++ /dev/null
@@ -1,11 +0,0 @@
-[tls]
-certificates_directory = "/var/sota/"
-ca_file = "/usr/lib/sota/root.crt"
-client_certificate = "client.pem"
-pkey_file = "pkey.pem"
-
-[uptane]
-metadata_path = "/var/sota/metadata"
-private_key_path = "ecukey.der"
-public_key_path = "ecukey.pub"
-
-- 
cgit v1.2.3-54-g00ecf


From 2475cbb2939568f36320d1a130ee1a7202351ad4 Mon Sep 17 00:00:00 2001
From: Patrick Vacek <patrickvacek@gmail.com>
Date: Tue, 5 Dec 2017 16:48:19 +0100
Subject: Fix erroneous do_install_append that should just be do_install.

---
 recipes-sota/aktualizr/aktualizr-auto-prov.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov.bb b/recipes-sota/aktualizr/aktualizr-auto-prov.bb
index 4a802f5..51c2873 100644
--- a/recipes-sota/aktualizr/aktualizr-auto-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-auto-prov.bb
@@ -23,7 +23,7 @@ require environment.inc
 
 export SOTA_PACKED_CREDENTIALS
 
-do_install_append() {
+do_install() {
     if [ -n "${SOTA_AUTOPROVISION_CREDENTIALS}" ]; then
         bbwarn "SOTA_AUTOPROVISION_CREDENTIALS are ignored. Please use SOTA_PACKED_CREDENTIALS"
     fi
-- 
cgit v1.2.3-54-g00ecf


From c7cc719de50d16f7edd625c15d68a2938f93d1bf Mon Sep 17 00:00:00 2001
From: Patrick Vacek <patrickvacek@gmail.com>
Date: Tue, 5 Dec 2017 17:00:41 +0100
Subject: Fix garage-sign targets add.

---
 classes/image_types_ostree.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass
index ea3c7a2..56a9720 100644
--- a/classes/image_types_ostree.bbclass
+++ b/classes/image_types_ostree.bbclass
@@ -207,7 +207,7 @@ IMAGE_CMD_garagesign () {
         push_success=0
         for push_retries in $( seq 3 ); do
             garage-sign targets pull --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} ${reposerver_args}
-            garage-sign targets add --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --name ${OSTREE_BRANCHNAME} --format OSTREE --version ${OSTREE_BRANCHNAME} --length 0 --url "https://example.com/" --sha256 ${ostree_target_hash} --hardwareids ${MACHINE}
+            garage-sign targets add --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --name ${OSTREE_BRANCHNAME} --format OSTREE --version ${ostree_target_hash} --length 0 --url "https://example.com/" --sha256 ${ostree_target_hash} --hardwareids ${MACHINE}
             garage-sign targets sign --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --key-name=targets
             errcode=0
             garage-sign targets push --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} ${reposerver_args} || errcode=$?
-- 
cgit v1.2.3-54-g00ecf


From 9948edf252ba57f7386d647884f9c50d4f31310e Mon Sep 17 00:00:00 2001
From: Anton Gerasimov <anton@advancedtelematic.com>
Date: Tue, 5 Dec 2017 18:42:23 +0100
Subject: Always create /usr/lib/sota in autoprov recipe

The directory is required by environment.inc
---
 recipes-sota/aktualizr/aktualizr-auto-prov.bb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov.bb b/recipes-sota/aktualizr/aktualizr-auto-prov.bb
index 6588c20..dd23c06 100644
--- a/recipes-sota/aktualizr/aktualizr-auto-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-auto-prov.bb
@@ -36,15 +36,15 @@ do_install() {
         bbwarn "OSTREE_PUSH_CREDENTIALS is ignored. Please use SOTA_PACKED_CREDENTIALS"
     fi
 
+    install -d ${D}${libdir}/sota
+    install -d ${D}${localstatedir}/sota
     if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
         install -d ${D}/${systemd_unitdir}/system
         install -m 0644 ${WORKDIR}/aktualizr.service ${D}/${systemd_unitdir}/system/aktualizr.service
-        install -d ${D}${libdir}/sota
         install -m "0644" ${STAGING_DIR_NATIVE}/${libdir}/sota/sota_autoprov.toml ${D}${libdir}/sota/sota.toml
 
       # deploy SOTA credentials
       if [ -e ${SOTA_PACKED_CREDENTIALS} ]; then
-          mkdir -p ${D}/var/sota
           cp ${SOTA_PACKED_CREDENTIALS} ${D}/var/sota/sota_provisioning_credentials.zip
           # Device should not be able to push data to treehub
           zip -d ${D}/var/sota/sota_provisioning_credentials.zip treehub.json
@@ -58,5 +58,5 @@ do_install() {
 FILES_${PN} = " \
                 ${systemd_unitdir}/system/aktualizr.service \
                 ${libdir}/sota/sota.toml \
-                /var/sota/sota_provisioning_credentials.zip \
+                ${localstatedir}/sota/sota_provisioning_credentials.zip \
                 "
-- 
cgit v1.2.3-54-g00ecf


From e8fac2d3727c9e7b4f554f359ab5704e785cb1ac Mon Sep 17 00:00:00 2001
From: Anton Gerasimov <anton@advancedtelematic.com>
Date: Wed, 6 Dec 2017 10:44:49 +0100
Subject: Bump garage-sign

---
 recipes-sota/garage-sign/garage-sign.bb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/recipes-sota/garage-sign/garage-sign.bb b/recipes-sota/garage-sign/garage-sign.bb
index d5388bc..61c4b5a 100644
--- a/recipes-sota/garage-sign/garage-sign.bb
+++ b/recipes-sota/garage-sign/garage-sign.bb
@@ -6,14 +6,14 @@ LICENSE = "CLOSED"
 LIC_FILES_CHKSUM = "file://${S}/docs/LICENSE;md5=3025e77db7bd3f1d616b3ffd11d54c94"
 DEPENDS = ""
 
-PV = "0.2.0-35-g0544c33"
+PV = "0.2.0-48-g7ee8146"
 
 SRC_URI = " \
   https://ats-tuf-cli-releases.s3-eu-central-1.amazonaws.com/cli-${PV}.tgz \
   "
 
-SRC_URI[md5sum] = "1546e06d1e747f67aee5ed7096bf1c74"
-SRC_URI[sha256sum] = "1432348bca8ca5ad75df1218f348f480d429d7509d6454deb6e16ff31c5e08fc"
+SRC_URI[md5sum] = "0691f36c5b58acc1ca9c23ffbfaae1f3"
+SRC_URI[sha256sum] = "9f230944643088a1e6a77663baa06dfa64d52885e66bd48a7cb1ed1c70936cfa"
 
 S = "${WORKDIR}/${BPN}"
 
-- 
cgit v1.2.3-54-g00ecf


From 061ac69fbfc8416ea7d4ce4833a84393daf8145d Mon Sep 17 00:00:00 2001
From: Patrick Vacek <patrickvacek@gmail.com>
Date: Wed, 6 Dec 2017 14:56:50 +0100
Subject: Install /var/sota.

If not using SOTA_PROVISIONING_CREDENTIALS, nothing is written to
/var/sota but it is still created. Quick fix: install it.
---
 recipes-sota/aktualizr/aktualizr-auto-prov.bb | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov.bb b/recipes-sota/aktualizr/aktualizr-auto-prov.bb
index dd23c06..cee5039 100644
--- a/recipes-sota/aktualizr/aktualizr-auto-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-auto-prov.bb
@@ -39,9 +39,7 @@ do_install() {
     install -d ${D}${libdir}/sota
     install -d ${D}${localstatedir}/sota
     if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
-        install -d ${D}/${systemd_unitdir}/system
-        install -m 0644 ${WORKDIR}/aktualizr.service ${D}/${systemd_unitdir}/system/aktualizr.service
-        install -m "0644" ${STAGING_DIR_NATIVE}/${libdir}/sota/sota_autoprov.toml ${D}${libdir}/sota/sota.toml
+      install -m 0644 ${STAGING_DIR_NATIVE}/${libdir}/sota/sota_autoprov.toml ${D}${libdir}/sota/sota.toml
 
       # deploy SOTA credentials
       if [ -e ${SOTA_PACKED_CREDENTIALS} ]; then
@@ -49,14 +47,14 @@ do_install() {
           # Device should not be able to push data to treehub
           zip -d ${D}/var/sota/sota_provisioning_credentials.zip treehub.json
       fi
-    else
-        install -d ${D}/${systemd_unitdir}/system
-        install -m 0644 ${WORKDIR}/aktualizr.service ${D}/${systemd_unitdir}/system/aktualizr.service
     fi
+    install -d ${D}/${systemd_unitdir}/system
+    install -m 0644 ${WORKDIR}/aktualizr.service ${D}/${systemd_unitdir}/system/aktualizr.service
 }
 
 FILES_${PN} = " \
                 ${systemd_unitdir}/system/aktualizr.service \
                 ${libdir}/sota/sota.toml \
+                ${localstatedir}/sota \
                 ${localstatedir}/sota/sota_provisioning_credentials.zip \
                 "
-- 
cgit v1.2.3-54-g00ecf


From 9ba47ed5058d525c575905caa937c1eca190f7b2 Mon Sep 17 00:00:00 2001
From: Anton Gerasimov <anton@advancedtelematic.com>
Date: Thu, 7 Dec 2017 10:43:08 +0100
Subject: Deploy OSTree image without a branch name

---
 classes/image_types_ota.bbclass         | 6 ++++--
 recipes-sota/aktualizr/aktualizr_git.bb | 2 +-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/classes/image_types_ota.bbclass b/classes/image_types_ota.bbclass
index 09c30ff..5dc4811 100644
--- a/classes/image_types_ota.bbclass
+++ b/classes/image_types_ota.bbclass
@@ -85,14 +85,16 @@ IMAGE_CMD_otaimg () {
 			bberror "Invalid bootloader: ${OSTREE_BOOTLOADER}"
 		fi;
 
-		ostree --repo=${PHYS_SYSROOT}/ostree/repo pull-local --remote=${OSTREE_OSNAME} ${OSTREE_REPO} ${OSTREE_BRANCHNAME}
+		ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME})
+
+		ostree --repo=${PHYS_SYSROOT}/ostree/repo pull-local --remote=${OSTREE_OSNAME} ${OSTREE_REPO} ${ostree_target_hash}
 		export OSTREE_BOOT_PARTITION="/boot"
 		kargs_list=""
 		for arg in ${OSTREE_KERNEL_ARGS}; do
 			kargs_list="${kargs_list} --karg-append=$arg"
 		done
 
-		ostree admin --sysroot=${PHYS_SYSROOT} deploy ${kargs_list} --os=${OSTREE_OSNAME} ${OSTREE_BRANCHNAME}
+		ostree admin --sysroot=${PHYS_SYSROOT} deploy ${kargs_list} --os=${OSTREE_OSNAME} ${ostree_target_hash}
 
 		# Copy deployment /home and /var/sota to sysroot
 		HOME_TMP=`mktemp -d ${WORKDIR}/home-tmp-XXXXX`
diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb
index e713571..44af1f6 100644
--- a/recipes-sota/aktualizr/aktualizr_git.bb
+++ b/recipes-sota/aktualizr/aktualizr_git.bb
@@ -18,7 +18,7 @@ PR = "7"
 SRC_URI = " \
   git://github.com/advancedtelematic/aktualizr;branch=${BRANCH} \
   "
-SRCREV = "1fb258b13547e229043113380e4a69d404756524"
+SRCREV = "57e9cdb8aa1e8ee9e682628bd67031d9be7aaafa"
 BRANCH ?= "master"
 
 S = "${WORKDIR}/git"
-- 
cgit v1.2.3-54-g00ecf


From c99f5e78eaddc41904ebd6e2b15214b4fd4e5a91 Mon Sep 17 00:00:00 2001
From: Patrick Vacek <patrickvacek@gmail.com>
Date: Wed, 6 Dec 2017 09:20:27 +0100
Subject: Minor fixes and cleanup.

* hsm-test is no longer used.
* Use Yocto variables where suitable.
* Eliminate redundant directory slashes.
---
 lib/oeqa/selftest/updater.py                               | 2 +-
 recipes-sota/aktualizr/aktualizr-auto-prov.bb              | 8 ++++----
 recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb          | 6 +++---
 recipes-sota/aktualizr/aktualizr-implicit-prov.bb          | 6 +++---
 recipes-sota/garage-sign/garage-sign.bb                    | 7 +++----
 recipes-support/ca-certificates/ca-certificates_%.bbappend | 2 +-
 6 files changed, 15 insertions(+), 16 deletions(-)

diff --git a/lib/oeqa/selftest/updater.py b/lib/oeqa/selftest/updater.py
index e3d4fc3..c07b154 100644
--- a/lib/oeqa/selftest/updater.py
+++ b/lib/oeqa/selftest/updater.py
@@ -51,7 +51,7 @@ class GarageSignTests(oeSelfTest):
 class HsmTests(oeSelfTest):
 
     def test_hsm(self):
-        self.write_config('SOTA_CLIENT_FEATURES="hsm hsm-test"')
+        self.write_config('SOTA_CLIENT_FEATURES="hsm"')
         bitbake('core-image-minimal')
 
 
diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov.bb b/recipes-sota/aktualizr/aktualizr-auto-prov.bb
index cee5039..f05bf75 100644
--- a/recipes-sota/aktualizr/aktualizr-auto-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-auto-prov.bb
@@ -43,13 +43,13 @@ do_install() {
 
       # deploy SOTA credentials
       if [ -e ${SOTA_PACKED_CREDENTIALS} ]; then
-          cp ${SOTA_PACKED_CREDENTIALS} ${D}/var/sota/sota_provisioning_credentials.zip
+          cp ${SOTA_PACKED_CREDENTIALS} ${D}${localstatedir}/sota/sota_provisioning_credentials.zip
           # Device should not be able to push data to treehub
-          zip -d ${D}/var/sota/sota_provisioning_credentials.zip treehub.json
+          zip -d ${D}${localstatedir}/sota/sota_provisioning_credentials.zip treehub.json
       fi
     fi
-    install -d ${D}/${systemd_unitdir}/system
-    install -m 0644 ${WORKDIR}/aktualizr.service ${D}/${systemd_unitdir}/system/aktualizr.service
+    install -d ${D}${systemd_unitdir}/system
+    install -m 0644 ${WORKDIR}/aktualizr.service ${D}${systemd_unitdir}/system/aktualizr.service
 }
 
 FILES_${PN} = " \
diff --git a/recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb b/recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb
index ddc8dbf..e0a8efe 100644
--- a/recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb
@@ -22,11 +22,11 @@ inherit systemd
 require environment.inc
 
 do_install() {
-    install -d ${D}/${systemd_unitdir}/system
-    install -m 0644 ${WORKDIR}/aktualizr.service ${D}/${systemd_unitdir}/system/aktualizr.service
+    install -d ${D}${systemd_unitdir}/system
+    install -m 0644 ${WORKDIR}/aktualizr.service ${D}${systemd_unitdir}/system/aktualizr.service
     install -d ${D}${libdir}/sota
     aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} --no-root-ca \
-        -i ${STAGING_DIR_NATIVE}/${libdir}/sota/sota_hsm_test.toml -o ${D}${libdir}/sota/sota.toml -p ${D}
+        -i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_hsm_test.toml -o ${D}${libdir}/sota/sota.toml -p ${D}
 }
 
 FILES_${PN} = " \
diff --git a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
index 37d0e91..5ce55e0 100644
--- a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
@@ -21,11 +21,11 @@ inherit systemd
 require environment.inc
 
 do_install() {
-    install -d ${D}/${systemd_unitdir}/system
-    install -m 0644 ${WORKDIR}/aktualizr.service ${D}/${systemd_unitdir}/system/aktualizr.service
+    install -d ${D}${systemd_unitdir}/system
+    install -m 0644 ${WORKDIR}/aktualizr.service ${D}${systemd_unitdir}/system/aktualizr.service
     install -d ${D}${libdir}/sota
     aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} \
-        -i ${STAGING_DIR_NATIVE}/${libdir}/sota/sota_implicit_prov.toml -o ${D}${libdir}/sota/sota.toml -p ${D}
+        -i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov.toml -o ${D}${libdir}/sota/sota.toml -p ${D}
 }
 
 FILES_${PN} = " \
diff --git a/recipes-sota/garage-sign/garage-sign.bb b/recipes-sota/garage-sign/garage-sign.bb
index 61c4b5a..7057a57 100644
--- a/recipes-sota/garage-sign/garage-sign.bb
+++ b/recipes-sota/garage-sign/garage-sign.bb
@@ -27,8 +27,7 @@ do_install() {
 }
 
 FILES_${PN} = " \
-  /usr/bin \
-  /usr/bin/garage-sign.bat \
-  /usr/bin/garage-sign \
-  /usr/lib/* \
+  ${bindir}/garage-sign.bat \
+  ${bindir}/garage-sign \
+  ${libdir}/* \
   "
diff --git a/recipes-support/ca-certificates/ca-certificates_%.bbappend b/recipes-support/ca-certificates/ca-certificates_%.bbappend
index afaadfd..cc95a68 100644
--- a/recipes-support/ca-certificates/ca-certificates_%.bbappend
+++ b/recipes-support/ca-certificates/ca-certificates_%.bbappend
@@ -1 +1 @@
-SYSROOT_DIRS += "/etc"
+SYSROOT_DIRS += "${sysconfdir}"
-- 
cgit v1.2.3-54-g00ecf


From 76c065bf34a767a5ca797d762735c0a980d5b35a Mon Sep 17 00:00:00 2001
From: Patrick Vacek <patrickvacek@gmail.com>
Date: Thu, 7 Dec 2017 14:02:17 +0100
Subject: Consistent indents.

OE standard is apparently four spaces.
---
 recipes-sota/aktualizr/aktualizr-auto-prov.bb     | 18 ++++++++++--------
 recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb |  2 ++
 recipes-sota/aktualizr/aktualizr-implicit-prov.bb |  2 ++
 recipes-sota/aktualizr/aktualizr_git.bb           |  2 ++
 4 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov.bb b/recipes-sota/aktualizr/aktualizr-auto-prov.bb
index f05bf75..43b23f9 100644
--- a/recipes-sota/aktualizr/aktualizr-auto-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-auto-prov.bb
@@ -39,14 +39,14 @@ do_install() {
     install -d ${D}${libdir}/sota
     install -d ${D}${localstatedir}/sota
     if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
-      install -m 0644 ${STAGING_DIR_NATIVE}/${libdir}/sota/sota_autoprov.toml ${D}${libdir}/sota/sota.toml
-
-      # deploy SOTA credentials
-      if [ -e ${SOTA_PACKED_CREDENTIALS} ]; then
-          cp ${SOTA_PACKED_CREDENTIALS} ${D}${localstatedir}/sota/sota_provisioning_credentials.zip
-          # Device should not be able to push data to treehub
-          zip -d ${D}${localstatedir}/sota/sota_provisioning_credentials.zip treehub.json
-      fi
+        install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_autoprov.toml ${D}${libdir}/sota/sota.toml
+
+        # deploy SOTA credentials
+        if [ -e ${SOTA_PACKED_CREDENTIALS} ]; then
+            cp ${SOTA_PACKED_CREDENTIALS} ${D}${localstatedir}/sota/sota_provisioning_credentials.zip
+            # Device should not be able to push data to treehub
+            zip -d ${D}${localstatedir}/sota/sota_provisioning_credentials.zip treehub.json
+        fi
     fi
     install -d ${D}${systemd_unitdir}/system
     install -m 0644 ${WORKDIR}/aktualizr.service ${D}${systemd_unitdir}/system/aktualizr.service
@@ -58,3 +58,5 @@ FILES_${PN} = " \
                 ${localstatedir}/sota \
                 ${localstatedir}/sota/sota_provisioning_credentials.zip \
                 "
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb b/recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb
index e0a8efe..b1b2bff 100644
--- a/recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb
@@ -33,3 +33,5 @@ FILES_${PN} = " \
                 ${systemd_unitdir}/system/aktualizr.service \
                 ${libdir}/sota/sota.toml \
                 "
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
index 5ce55e0..f73829d 100644
--- a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
@@ -33,3 +33,5 @@ FILES_${PN} = " \
                 ${libdir}/sota/sota.toml \
                 ${libdir}/sota/root.crt \
                 "
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb
index 44af1f6..457abfd 100644
--- a/recipes-sota/aktualizr/aktualizr_git.bb
+++ b/recipes-sota/aktualizr/aktualizr_git.bb
@@ -56,3 +56,5 @@ FILES_${PN}_class-native = " \
                 ${bindir}/garage-push \
                 ${libdir}/sota/* \
                 "
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
-- 
cgit v1.2.3-54-g00ecf


From d64e6f3f1367786c9c3cf77dc5a288259bfb28b6 Mon Sep 17 00:00:00 2001
From: Anton Gerasimov <anton@advancedtelematic.com>
Date: Mon, 11 Dec 2017 16:28:31 +0100
Subject: Rerun provisioning recipes when credentials have changed

Signed-off-by: Anton Gerasimov <anton@advancedtelematic.com>
---
 recipes-sota/aktualizr/aktualizr-auto-prov.bb     | 1 +
 recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb | 1 +
 recipes-sota/aktualizr/aktualizr-implicit-prov.bb | 1 +
 recipes-sota/aktualizr/credentials.inc            | 1 +
 4 files changed, 4 insertions(+)
 create mode 100644 recipes-sota/aktualizr/credentials.inc

diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov.bb b/recipes-sota/aktualizr/aktualizr-auto-prov.bb
index 43b23f9..c97cbb8 100644
--- a/recipes-sota/aktualizr/aktualizr-auto-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-auto-prov.bb
@@ -19,6 +19,7 @@ SYSTEMD_SERVICE_${PN} = "aktualizr.service"
 inherit systemd
 
 require environment.inc
+require credentials.inc
 
 export SOTA_PACKED_CREDENTIALS
 
diff --git a/recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb b/recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb
index b1b2bff..8779c67 100644
--- a/recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb
@@ -20,6 +20,7 @@ SYSTEMD_SERVICE_${PN} = "aktualizr.service"
 inherit systemd
 
 require environment.inc
+require credentials.inc
 
 do_install() {
     install -d ${D}${systemd_unitdir}/system
diff --git a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
index f73829d..c8f0741 100644
--- a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
@@ -19,6 +19,7 @@ SYSTEMD_SERVICE_${PN} = "aktualizr.service"
 inherit systemd
 
 require environment.inc
+require credentials.inc
 
 do_install() {
     install -d ${D}${systemd_unitdir}/system
diff --git a/recipes-sota/aktualizr/credentials.inc b/recipes-sota/aktualizr/credentials.inc
new file mode 100644
index 0000000..fe09550
--- /dev/null
+++ b/recipes-sota/aktualizr/credentials.inc
@@ -0,0 +1 @@
+SRC_URI_append = "${@'file://${SOTA_PACKED_CREDENTIALS}' if d.getVar('SOTA_PACKED_CREDENTIALS', True) else ' '}"
-- 
cgit v1.2.3-54-g00ecf


From 599c048c03d3cd454270dc729e8ad746497588b2 Mon Sep 17 00:00:00 2001
From: Patrick Vacek <patrickvacek@gmail.com>
Date: Thu, 7 Dec 2017 11:31:08 +0100
Subject: Properly install example-interface on target and remove it on host.

---
 recipes-sota/aktualizr/aktualizr_git.bb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb
index 457abfd..fc65c51 100644
--- a/recipes-sota/aktualizr/aktualizr_git.bb
+++ b/recipes-sota/aktualizr/aktualizr_git.bb
@@ -18,7 +18,7 @@ PR = "7"
 SRC_URI = " \
   git://github.com/advancedtelematic/aktualizr;branch=${BRANCH} \
   "
-SRCREV = "57e9cdb8aa1e8ee9e682628bd67031d9be7aaafa"
+SRCREV = "5bf2975aee4af667a1af17381bf68c34a00f03a3"
 BRANCH ?= "master"
 
 S = "${WORKDIR}/git"
@@ -40,6 +40,7 @@ do_install_append_class-target () {
 do_install_append_class-native () {
     rm -f ${D}${bindir}/aktualizr
     rm -f ${D}${bindir}/aktualizr-info
+    rm -f ${D}${bindir}/example-interface
     install -d ${D}${libdir}/sota
     install -m 0644 ${S}/config/sota_autoprov.toml ${D}/${libdir}/sota/sota_autoprov.toml
     install -m 0644 ${S}/config/sota_hsm_test.toml ${D}/${libdir}/sota/sota_hsm_test.toml
@@ -49,6 +50,7 @@ do_install_append_class-native () {
 FILES_${PN}_class-target = " \
                 ${bindir}/aktualizr \
                 ${bindir}/aktualizr-info \
+                ${bindir}/example-interface \
                 "
 FILES_${PN}_class-native = " \
                 ${bindir}/aktualizr_implicit_writer \
-- 
cgit v1.2.3-54-g00ecf


From 36c032b7972c42f6f31aeaf8c1dae6c9ce667194 Mon Sep 17 00:00:00 2001
From: Patrick Vacek <patrickvacek@gmail.com>
Date: Fri, 8 Dec 2017 12:08:11 +0100
Subject: Only install example-interface if explicitly asked for.

To do so, use this in local.conf:
SOTA_CLIENT_FEATURES = "secondary-example"
---
 recipes-sota/aktualizr/aktualizr_git.bb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb
index fc65c51..e4ffc5a 100644
--- a/recipes-sota/aktualizr/aktualizr_git.bb
+++ b/recipes-sota/aktualizr/aktualizr_git.bb
@@ -36,6 +36,7 @@ do_install_append () {
 }
 do_install_append_class-target () {
     rm -f ${D}${bindir}/aktualizr_implicit_writer
+    ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-example', '', 'rm -f ${D}${bindir}/example-interface', d)}
 }
 do_install_append_class-native () {
     rm -f ${D}${bindir}/aktualizr
@@ -50,8 +51,8 @@ do_install_append_class-native () {
 FILES_${PN}_class-target = " \
                 ${bindir}/aktualizr \
                 ${bindir}/aktualizr-info \
-                ${bindir}/example-interface \
                 "
+FILES_${PN}_append_class-target = " ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-example', '${bindir}/example-interface', '', d)} "
 FILES_${PN}_class-native = " \
                 ${bindir}/aktualizr_implicit_writer \
                 ${bindir}/garage-deploy \
-- 
cgit v1.2.3-54-g00ecf


From cbad4a92fd9f6a0de74085d588c01be48ea449a0 Mon Sep 17 00:00:00 2001
From: Patrick Vacek <patrickvacek@gmail.com>
Date: Wed, 13 Dec 2017 10:53:15 +0100
Subject: Bump to latest garage-sign.

---
 recipes-sota/garage-sign/garage-sign.bb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/recipes-sota/garage-sign/garage-sign.bb b/recipes-sota/garage-sign/garage-sign.bb
index 7057a57..32dda47 100644
--- a/recipes-sota/garage-sign/garage-sign.bb
+++ b/recipes-sota/garage-sign/garage-sign.bb
@@ -6,14 +6,14 @@ LICENSE = "CLOSED"
 LIC_FILES_CHKSUM = "file://${S}/docs/LICENSE;md5=3025e77db7bd3f1d616b3ffd11d54c94"
 DEPENDS = ""
 
-PV = "0.2.0-48-g7ee8146"
+PV = "0.2.0-57-g3f86c67"
 
 SRC_URI = " \
   https://ats-tuf-cli-releases.s3-eu-central-1.amazonaws.com/cli-${PV}.tgz \
   "
 
-SRC_URI[md5sum] = "0691f36c5b58acc1ca9c23ffbfaae1f3"
-SRC_URI[sha256sum] = "9f230944643088a1e6a77663baa06dfa64d52885e66bd48a7cb1ed1c70936cfa"
+SRC_URI[md5sum] = "5bbe080c0c3a80928b8856d2076dd49a"
+SRC_URI[sha256sum] = "f653d24172ed245a6256b2f341a9b77bddf624cd6bbda574c1a85430e3155394"
 
 S = "${WORKDIR}/${BPN}"
 
-- 
cgit v1.2.3-54-g00ecf


From 1838969e3b238baa1c2886a4f7f27163bc36b488 Mon Sep 17 00:00:00 2001
From: Patrick Vacek <patrickvacek@gmail.com>
Date: Wed, 13 Dec 2017 14:18:04 +0100
Subject: Fix variable expansion problem when SOTA_PACKED_CREDENTIALS is not
 set.

Reported by Stevan, traced to the problem by me, actually fixed by
Anton.
---
 recipes-sota/aktualizr/credentials.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-sota/aktualizr/credentials.inc b/recipes-sota/aktualizr/credentials.inc
index fe09550..256c8ff 100644
--- a/recipes-sota/aktualizr/credentials.inc
+++ b/recipes-sota/aktualizr/credentials.inc
@@ -1 +1 @@
-SRC_URI_append = "${@'file://${SOTA_PACKED_CREDENTIALS}' if d.getVar('SOTA_PACKED_CREDENTIALS', True) else ' '}"
+SRC_URI_append = "${@('file://' + d.getVar('SOTA_PACKED_CREDENTIALS', True)) if d.getVar('SOTA_PACKED_CREDENTIALS', True) else ''}"
-- 
cgit v1.2.3-54-g00ecf


From a2662b5ddfda86abfae19aec3aaf1a7c7614613f Mon Sep 17 00:00:00 2001
From: Patrick Vacek <patrickvacek@gmail.com>
Date: Wed, 13 Dec 2017 14:59:19 +0100
Subject: Don't run implicit_writer if SOTA_PACKED_CREDENTIALS is not set.

This basically cripples implicit provisioning but at least it bitbakes
without error.
---
 recipes-sota/aktualizr/aktualizr-implicit-prov.bb | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
index c8f0741..67bd2c2 100644
--- a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
@@ -25,8 +25,10 @@ do_install() {
     install -d ${D}${systemd_unitdir}/system
     install -m 0644 ${WORKDIR}/aktualizr.service ${D}${systemd_unitdir}/system/aktualizr.service
     install -d ${D}${libdir}/sota
-    aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} \
-        -i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov.toml -o ${D}${libdir}/sota/sota.toml -p ${D}
+    if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
+        aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} \
+            -i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov.toml -o ${D}${libdir}/sota/sota.toml -p ${D}
+    fi
 }
 
 FILES_${PN} = " \
-- 
cgit v1.2.3-54-g00ecf


From 037d091061bbb98ee41ee53270889ba0e9ebd8d1 Mon Sep 17 00:00:00 2001
From: Patrick Vacek <patrickvacek@gmail.com>
Date: Fri, 15 Dec 2017 12:07:17 +0100
Subject: Update documentation, specifically about variables to support
 secondaries.

Also add a missing mkdir so that SOTA_SECONDARY_ECUS actually works. We
can improve this in the future but for now it works and I'm using it.
---
 README.adoc                        | 21 ++++++++++++---------
 classes/image_types_ostree.bbclass |  1 +
 2 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/README.adoc b/README.adoc
index b4608d5..7b4cf2b 100644
--- a/README.adoc
+++ b/README.adoc
@@ -1,10 +1,10 @@
 = meta-updater
 
-This layer enables over-the-air updates (OTA) with https://github.com/ostreedev/ostree[OSTree] and https://github.com/advancedtelematic/rvi_sota_client[RVI SOTA client].
+This layer enables over-the-air updates (OTA) with https://github.com/ostreedev/ostree[OSTree] and https://github.com/advancedtelematic/aktualizr[Aktualizr].
 
 https://github.com/ostreedev/ostree[OSTree] is a tool for atomic full file system upgrades with rollback capability. OSTree has several advantages over traditional dual-bank systems, but the most important one is that it minimizes network bandwidth and data storage footprint by sharing files with the same contents across file system deployments.
 
-https://github.com/advancedtelematic/rvi_sota_client[RVI SOTA client] and/or https://github.com/advancedtelematic/aktualizr[aktualizr] add authentication and provisioning capabilities to OTA and are integrated with OSTree. You can connect with the open-source https://github.com/advancedtelematic/rvi_sota_server[RVI SOTA server] or sign up for a free account at https://app.atsgarage.com[ATS Garage] to get started.
+https://github.com/advancedtelematic/aktualizr[Aktualizr] (and https://github.com/advancedtelematic/rvi_sota_client[RVI SOTA client]) add authentication and provisioning capabilities to OTA and are integrated with OSTree. You can connect with the open-source https://github.com/advancedtelematic/rvi_sota_server[RVI SOTA server] or sign up for a free account at https://app.atsgarage.com[ATS Garage] to get started.
 
 == Build
 
@@ -22,8 +22,6 @@ If you already have a Yocto-based project and you want to add atomic filesystem
 
 You can then build your image as usual, with bitbake. After building the root file system, bitbake will then create an https://ostree.readthedocs.io/en/latest/manual/adapting-existing/[OSTree-enabled version] of it, commit it to your local OSTree repo and (optionally) push it to a remote server. Additionally, a live disk image will be created (normally named $\{IMAGE_NAME}.-sdimg-ota e.g. core-image-raspberrypi3.rpi-sdimg-ota). You can control this behaviour through <<variables in your local.conf,OSTree-related variables in your local.conf>>.
 
-=== Build with OpenIVI
-
 === Build in AGL
 
 With AGL you can just add agl-sota feature while configuring your build environment:
@@ -67,11 +65,16 @@ Although we have used U-Boot so far, other boot loaders can be configured work w
 
 == SOTA-related variables in local.conf
 
-* OSTREE_REPO - path to your OSTree repository. Defaults to "$\{DEPLOY_DIR_IMAGE}/ostree_repo"
-* OSTREE_BRANCHNAME - the branch your rootfs will be committed to. Defaults to "ota"
-* OSTREE_OSNAME - OS deployment name on your target device. For more information about deployments and osnames see the https://ostree.readthedocs.io/en/latest/manual/deployment/[OSTree documentation]. Defaults to "poky".
-* OSTREE_INITRAMFS_IMAGE - initramfs/initrd image that is used as a proxy while booting into OSTree deployment. Do not change this setting unless you are sure that your initramfs can serve as such a proxy.
-* SOTA_PACKED_CREDENTIALS - when set, your ostree commit will be pushed to a remote repo as a bitbake step. This should be the path to a JSON credentials file in https://github.com/advancedtelematic/sota-tools#credentials[the format accepted by garage-push].
+* `OSTREE_REPO` - path to your OSTree repository. Defaults to `$\{DEPLOY_DIR_IMAGE}/ostree_repo`
+* `OSTREE_BRANCHNAME` - the branch your rootfs will be committed to. Defaults to the same value as `MACHINE`.
+* `OSTREE_OSNAME` - OS deployment name on your target device. For more information about deployments and osnames see the https://ostree.readthedocs.io/en/latest/manual/deployment/[OSTree documentation]. Defaults to "poky".
+* `OSTREE_INITRAMFS_IMAGE` - initramfs/initrd image that is used as a proxy while booting into OSTree deployment. Do not change this setting unless you are sure that your initramfs can serve as such a proxy.
+* `SOTA_PACKED_CREDENTIALS` - when set, your ostree commit will be pushed to a remote repo as a bitbake step. This should be the path to a zipped credentials file in https://github.com/advancedtelematic/aktualizr/blob/master/docs/credentials.adoc[the format accepted by garage-push].
+* `SOTA_CLIENT_PROV` - which provisioning method to use. Valid options are https://github.com/advancedtelematic/aktualizr/blob/master/docs/automatic-provisioning.adoc[`aktualizr-auto-prov`], https://github.com/advancedtelematic/aktualizr/blob/master/docs/implicit-provisioning.adoc[`aktualizr-implicit-prov`], and `aktualizr-hsm-test-prov`. The default is `aktualizr-auto-prov`. This can also be set to an empty string to avoid using a provisioning recipe.
+* `SOTA_CLIENT_FEATURES` - extensions to aktualizr. Multiple can be specified if separated by spaces. Valid options are `hsm` (to build with HSM support) and `secondary-example` (to install an example https://github.com/advancedtelematic/aktualizr/blob/master/docs/legacysecondary.adoc[legacy secondary interface] in the image).
+* `SOTA_LEGACY_SECONDARY_INTERFACE` - path to a legacy secondary interface installed on the device. To use the example interface from the Aktualizr repo, use `/usr/bin/example-interface` and make sure `SOTA_CLIENT_FEATURES = "secondary-example"`.
+* `SOTA_SECONDARY_ECUS` - a list of paths separated by spaces of JSON configuration files for virtual secondaries on the host. These will be installed into `/var/sota/ecus` on the device.
+* `SOTA_VIRTUAL_SECONDARIES` - a list of paths separated by spaces of JSON configuration files for virtual secondaries installed on the device. If `SOTA_SECONDARY_ECUS` is used to install them, then you can expect them to be installed in `/var/sota/ecus`.
 
 == Usage
 
diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass
index 56a9720..a20a135 100644
--- a/classes/image_types_ostree.bbclass
+++ b/classes/image_types_ostree.bbclass
@@ -119,6 +119,7 @@ IMAGE_CMD_ostree () {
     fi
 
     if [ -n "${SOTA_SECONDARY_ECUS}" ]; then
+        mkdir -p var/sota/ecus
         cp ${SOTA_SECONDARY_ECUS} var/sota/ecus
     fi
 
-- 
cgit v1.2.3-54-g00ecf


From 1e3db15064a942144a87df7864f47317dea97482 Mon Sep 17 00:00:00 2001
From: Phil Wise <phil@advancedtelematic.com>
Date: Fri, 15 Dec 2017 16:54:29 +0100
Subject: Add MIT license to recipe metadata

Many other Yocto layers are alse under the MIT license, so this matches what
people will likely expect. For example meta-rust, meta-ti, meta-raspberrypi are
all MIT licensed.
---
 COPYING.MIT | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 COPYING.MIT

diff --git a/COPYING.MIT b/COPYING.MIT
new file mode 100644
index 0000000..fb950dc
--- /dev/null
+++ b/COPYING.MIT
@@ -0,0 +1,17 @@
+Permission is hereby granted, free of charge, to any person obtaining a copy 
+of this software and associated documentation files (the "Software"), to deal 
+in the Software without restriction, including without limitation the rights 
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 
+copies of the Software, and to permit persons to whom the Software is 
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in 
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 
+THE SOFTWARE.
-- 
cgit v1.2.3-54-g00ecf


From 6630a83d1292bb96a531208b7c52aa1744c54f79 Mon Sep 17 00:00:00 2001
From: Anton Gerasimov <anton@advancedtelematic.com>
Date: Wed, 13 Dec 2017 15:30:03 +0100
Subject: Fixes for Spekulatius

- New garage-sign interface
- Remove garage-sign recipe (now installed with aktualizr-native)
- Small but critical bugfixes in aktualizr
---
 classes/image_repo_manifest.bbclass               |  4 +--
 classes/image_types_ostree.bbclass                | 13 ++++-----
 classes/sota.bbclass                              |  4 +--
 lib/oeqa/selftest/updater.py                      | 14 ++--------
 recipes-sota/aktualizr/aktualizr-implicit-prov.bb |  2 +-
 recipes-sota/aktualizr/aktualizr_git.bb           |  2 +-
 recipes-sota/garage-sign/garage-sign.bb           | 33 -----------------------
 7 files changed, 13 insertions(+), 59 deletions(-)
 delete mode 100644 recipes-sota/garage-sign/garage-sign.bb

diff --git a/classes/image_repo_manifest.bbclass b/classes/image_repo_manifest.bbclass
index 2012363..467fd9a 100644
--- a/classes/image_repo_manifest.bbclass
+++ b/classes/image_repo_manifest.bbclass
@@ -14,9 +14,9 @@ HOSTTOOLS_NONFATAL += " repo "
 # Write build information to target filesystem
 buildinfo () {
   if [ $(which repo) ]; then
-    repo manifest --revision-as-HEAD -o ${IMAGE_ROOTFS}${sysconfdir}/manifest.xml || echo "Android repo tool failed to run; manifest not copied"
+    repo manifest --revision-as-HEAD -o ${IMAGE_ROOTFS}${sysconfdir}/manifest.xml || bbwarn "Android repo tool failed to run; manifest not copied"
   else
-    echo "Android repo tool not found; manifest not copied."
+    bbwarn "Android repo tool not found; manifest not copied."
   fi
 }
 
diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass
index 56a9720..05db62a 100644
--- a/classes/image_types_ostree.bbclass
+++ b/classes/image_types_ostree.bbclass
@@ -179,7 +179,7 @@ IMAGE_CMD_ostreepush () {
 }
 
 IMAGE_TYPEDEP_garagesign = "ostreepush"
-IMAGE_DEPENDS_garagesign = "garage-sign-native:do_populate_sysroot"
+IMAGE_DEPENDS_garagesign = "aktualizr-native:do_populate_sysroot"
 IMAGE_CMD_garagesign () {
     if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
         # if credentials are issued by a server that doesn't support offline signing, exit silently
@@ -194,11 +194,8 @@ IMAGE_CMD_garagesign () {
             exit 1
         fi
 
-	if [ ! -d "${GARAGE_SIGN_REPO}" ]; then
-            garage-sign init --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --credentials ${SOTA_PACKED_CREDENTIALS}
-        fi
-
-        reposerver_args="--reposerver $( unzip -p ${SOTA_PACKED_CREDENTIALS} tufrepo.url )"
+        rm -rf ${GARAGE_SIGN_REPO}
+        garage-sign init --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --credentials ${SOTA_PACKED_CREDENTIALS}
 
         ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME})
 
@@ -206,11 +203,11 @@ IMAGE_CMD_garagesign () {
         #   in which case targets.json should be pulled again and the whole procedure repeated
         push_success=0
         for push_retries in $( seq 3 ); do
-            garage-sign targets pull --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} ${reposerver_args}
+            garage-sign targets pull --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO}
             garage-sign targets add --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --name ${OSTREE_BRANCHNAME} --format OSTREE --version ${ostree_target_hash} --length 0 --url "https://example.com/" --sha256 ${ostree_target_hash} --hardwareids ${MACHINE}
             garage-sign targets sign --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --key-name=targets
             errcode=0
-            garage-sign targets push --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} ${reposerver_args} || errcode=$?
+            garage-sign targets push --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} || errcode=$?
             if [ "$errcode" -eq "0" ]; then
                 push_success=1
                 break
diff --git a/classes/sota.bbclass b/classes/sota.bbclass
index 0f42332..bbb9ac9 100644
--- a/classes/sota.bbclass
+++ b/classes/sota.bbclass
@@ -13,8 +13,8 @@ IMAGE_INSTALL_append_sota = " ostree os-release ${SOTA_CLIENT} ${SOTA_CLIENT_PRO
 IMAGE_CLASSES += " image_types_ostree image_types_ota"
 IMAGE_FSTYPES += "${@bb.utils.contains('DISTRO_FEATURES', 'sota', 'ostreepush garagesign garagecheck otaimg wic', ' ', d)}"
 
-PACKAGECONFIG_append_pn-curl = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', " ssl", " ", d)}"
-PACKAGECONFIG_remove_pn-curl = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', " gnutls", " ", d)}"
+PACKAGECONFIG_append_pn-curl = " ssl"
+PACKAGECONFIG_remove_pn-curl = "gnutls"
 
 WKS_FILE_sota ?= "sdimage-sota.wks"
 
diff --git a/lib/oeqa/selftest/updater.py b/lib/oeqa/selftest/updater.py
index c07b154..f28349f 100644
--- a/lib/oeqa/selftest/updater.py
+++ b/lib/oeqa/selftest/updater.py
@@ -31,23 +31,13 @@ class SotaToolsTests(oeSelfTest):
         result = runCmd('%s --help' % p, ignore_status=True)
         self.assertEqual(result.status, 0, "Status not equal to 0. output: %s" % result.output)
 
-
-class GarageSignTests(oeSelfTest):
-
-    @classmethod
-    def setUpClass(cls):
-        logger = logging.getLogger("selftest")
-        logger.info('Running bitbake to build garage-sign-native')
-        bitbake('garage-sign-native')
-
-    def test_help(self):
-        bb_vars = get_bb_vars(['SYSROOT_DESTDIR', 'bindir'], 'garage-sign-native')
+    def test_garagesign_help(self):
+        bb_vars = get_bb_vars(['SYSROOT_DESTDIR', 'bindir'], 'aktualizr-native')
         p = bb_vars['SYSROOT_DESTDIR'] + bb_vars['bindir'] + "/" + "garage-sign"
         self.assertTrue(os.path.isfile(p), msg = "No garage-sign found (%s)" % p)
         result = runCmd('%s --help' % p, ignore_status=True)
         self.assertEqual(result.status, 0, "Status not equal to 0. output: %s" % result.output)
 
-
 class HsmTests(oeSelfTest):
 
     def test_hsm(self):
diff --git a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
index 67bd2c2..e5d9c9b 100644
--- a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
@@ -27,7 +27,7 @@ do_install() {
     install -d ${D}${libdir}/sota
     if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
         aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} \
-            -i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov.toml -o ${D}${libdir}/sota/sota.toml -p ${D}
+            -i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov.toml -o ${D}${libdir}/sota/sota.toml -p ${D} --no-root-ca
     fi
 }
 
diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb
index e4ffc5a..08aa6c2 100644
--- a/recipes-sota/aktualizr/aktualizr_git.bb
+++ b/recipes-sota/aktualizr/aktualizr_git.bb
@@ -18,7 +18,7 @@ PR = "7"
 SRC_URI = " \
   git://github.com/advancedtelematic/aktualizr;branch=${BRANCH} \
   "
-SRCREV = "5bf2975aee4af667a1af17381bf68c34a00f03a3"
+SRCREV = "eb6c0b43c2b8b32f66f228c1c3f590b5c16ad448"
 BRANCH ?= "master"
 
 S = "${WORKDIR}/git"
diff --git a/recipes-sota/garage-sign/garage-sign.bb b/recipes-sota/garage-sign/garage-sign.bb
deleted file mode 100644
index 32dda47..0000000
--- a/recipes-sota/garage-sign/garage-sign.bb
+++ /dev/null
@@ -1,33 +0,0 @@
-SUMMARY = "garage-sign"
-DESCRIPTION = "Metadata signing tool for ATS Garage"
-HOMEPAGE = "https://ats-tuf-cli-releases.s3-eu-central-1.amazonaws.com/index.html"
-SECTION = "base"
-LICENSE = "CLOSED"
-LIC_FILES_CHKSUM = "file://${S}/docs/LICENSE;md5=3025e77db7bd3f1d616b3ffd11d54c94"
-DEPENDS = ""
-
-PV = "0.2.0-57-g3f86c67"
-
-SRC_URI = " \
-  https://ats-tuf-cli-releases.s3-eu-central-1.amazonaws.com/cli-${PV}.tgz \
-  "
-
-SRC_URI[md5sum] = "5bbe080c0c3a80928b8856d2076dd49a"
-SRC_URI[sha256sum] = "f653d24172ed245a6256b2f341a9b77bddf624cd6bbda574c1a85430e3155394"
-
-S = "${WORKDIR}/${BPN}"
-
-BBCLASSEXTEND =+ "native"
-
-do_install() {
-    install -d ${D}${bindir}
-    install -m "0755" -t ${D}${bindir} ${S}/bin/*
-    install -d ${D}${libdir}
-    install -m "0644" -t ${D}${libdir} ${S}/lib/*
-}
-
-FILES_${PN} = " \
-  ${bindir}/garage-sign.bat \
-  ${bindir}/garage-sign \
-  ${libdir}/* \
-  "
-- 
cgit v1.2.3-54-g00ecf


From aca234ac228c5a3a01f02cd1feea29ed4e552fe4 Mon Sep 17 00:00:00 2001
From: Laurent Bonnans <laurent@advancedtelematic.com>
Date: Thu, 4 Jan 2018 11:37:07 +0100
Subject: Remove OSTREE_BRANCHNAME mention in README

Not relevant to the user, as per PRO-4483
---
 README.adoc | 1 -
 1 file changed, 1 deletion(-)

diff --git a/README.adoc b/README.adoc
index 7b4cf2b..0917e45 100644
--- a/README.adoc
+++ b/README.adoc
@@ -66,7 +66,6 @@ Although we have used U-Boot so far, other boot loaders can be configured work w
 == SOTA-related variables in local.conf
 
 * `OSTREE_REPO` - path to your OSTree repository. Defaults to `$\{DEPLOY_DIR_IMAGE}/ostree_repo`
-* `OSTREE_BRANCHNAME` - the branch your rootfs will be committed to. Defaults to the same value as `MACHINE`.
 * `OSTREE_OSNAME` - OS deployment name on your target device. For more information about deployments and osnames see the https://ostree.readthedocs.io/en/latest/manual/deployment/[OSTree documentation]. Defaults to "poky".
 * `OSTREE_INITRAMFS_IMAGE` - initramfs/initrd image that is used as a proxy while booting into OSTree deployment. Do not change this setting unless you are sure that your initramfs can serve as such a proxy.
 * `SOTA_PACKED_CREDENTIALS` - when set, your ostree commit will be pushed to a remote repo as a bitbake step. This should be the path to a zipped credentials file in https://github.com/advancedtelematic/aktualizr/blob/master/docs/credentials.adoc[the format accepted by garage-push].
-- 
cgit v1.2.3-54-g00ecf


From 168203768ec831450f8df9c1b345d8b9a15506dd Mon Sep 17 00:00:00 2001
From: Patrick Vacek <patrickvacek@gmail.com>
Date: Thu, 4 Jan 2018 11:40:02 +0100
Subject: Bump aktualizr to get open source server CA fix.

Also remove --no-root-ca for implicit prov. It's still there for the HSM
case. If we really do need that flag for the implict recipe for
Spekulatius, then we need to do some thinking.
---
 recipes-sota/aktualizr/aktualizr-implicit-prov.bb | 2 +-
 recipes-sota/aktualizr/aktualizr_git.bb           | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
index e5d9c9b..67bd2c2 100644
--- a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
@@ -27,7 +27,7 @@ do_install() {
     install -d ${D}${libdir}/sota
     if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
         aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} \
-            -i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov.toml -o ${D}${libdir}/sota/sota.toml -p ${D} --no-root-ca
+            -i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov.toml -o ${D}${libdir}/sota/sota.toml -p ${D}
     fi
 }
 
diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb
index 08aa6c2..3aed745 100644
--- a/recipes-sota/aktualizr/aktualizr_git.bb
+++ b/recipes-sota/aktualizr/aktualizr_git.bb
@@ -18,7 +18,7 @@ PR = "7"
 SRC_URI = " \
   git://github.com/advancedtelematic/aktualizr;branch=${BRANCH} \
   "
-SRCREV = "eb6c0b43c2b8b32f66f228c1c3f590b5c16ad448"
+SRCREV = "6bd88e1de1f0216c0b411868af3a596d9974cd0c"
 BRANCH ?= "master"
 
 S = "${WORKDIR}/git"
-- 
cgit v1.2.3-54-g00ecf


From eed239d897045a93d69461b7c093c9c928518f5f Mon Sep 17 00:00:00 2001
From: Anton Gerasimov <anton.gerasimov@openmailbox.org>
Date: Mon, 8 Jan 2018 14:41:22 +0100
Subject: Delete dependency on libsoup

It makes supporting different platforms somewhat easier
---
 .../0001-Allow-building-without-libsoup.patch      | 26 ++++++++++++++++++++++
 recipes-sota/ostree/ostree_git.bb                  |  7 +++---
 .../glib-networking/glib-networking_%.bbappend     |  8 -------
 recipes-support/libsoup/libsoup-2.4_%.bbappend     |  3 ---
 4 files changed, 30 insertions(+), 14 deletions(-)
 create mode 100644 recipes-sota/ostree/files/0001-Allow-building-without-libsoup.patch
 delete mode 100644 recipes-support/glib-networking/glib-networking_%.bbappend
 delete mode 100644 recipes-support/libsoup/libsoup-2.4_%.bbappend

diff --git a/recipes-sota/ostree/files/0001-Allow-building-without-libsoup.patch b/recipes-sota/ostree/files/0001-Allow-building-without-libsoup.patch
new file mode 100644
index 0000000..f45bae4
--- /dev/null
+++ b/recipes-sota/ostree/files/0001-Allow-building-without-libsoup.patch
@@ -0,0 +1,26 @@
+From 666e80acda17680e20d363ddc6fcf0a63f9c1dde Mon Sep 17 00:00:00 2001
+From: Anton Gerasimov <anton.gerasimov@openmailbox.org>
+Date: Thu, 21 Dec 2017 22:36:06 +0100
+Subject: [PATCH] Allow building without libsoup
+
+---
+ configure.ac | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 92248af8..baf66e4f 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -182,9 +182,6 @@ AM_COND_IF(BUILDOPT_TRIVIAL_HTTPD,
+   [AC_DEFINE([BUILDOPT_ENABLE_TRIVIAL_HTTPD_CMDLINE], 1, [Define if we are enabling ostree trivial-httpd entrypoint])]
+ )
+ 
+-AS_IF([test x$with_curl = xyes && test x$with_soup = xno], [
+-  AC_MSG_ERROR([Curl enabled, but libsoup is not; libsoup is needed for tests])
+-])
+ AM_CONDITIONAL(USE_CURL_OR_SOUP, test x$with_curl != xno || test x$with_soup != xno)
+ AS_IF([test x$with_curl != xno || test x$with_soup != xno],
+             [AC_DEFINE([HAVE_LIBCURL_OR_LIBSOUP], 1, [Define if we have soup or curl])])
+-- 
+2.15.0
+
diff --git a/recipes-sota/ostree/ostree_git.bb b/recipes-sota/ostree/ostree_git.bb
index 724976a..9ef4478 100644
--- a/recipes-sota/ostree/ostree_git.bb
+++ b/recipes-sota/ostree/ostree_git.bb
@@ -6,7 +6,8 @@ inherit autotools-brokensep pkgconfig systemd gobject-introspection
 
 INHERIT_remove_class-native = "systemd"
 
-SRC_URI = "gitsm://github.com/ostreedev/ostree.git;branch=master"
+SRC_URI = "gitsm://github.com/ostreedev/ostree.git;branch=master \
+           file://0001-Allow-building-without-libsoup.patch"
 
 SRCREV="ae61321046ad7f4148a5884c8c6c8b2594ff840e"
 
@@ -16,14 +17,14 @@ S = "${WORKDIR}/git"
 
 BBCLASSEXTEND = "native"
 
-DEPENDS += "attr libarchive glib-2.0 pkgconfig gpgme libgsystem fuse libsoup-2.4 e2fsprogs gtk-doc-native curl xz"
+DEPENDS += "attr libarchive glib-2.0 pkgconfig gpgme libgsystem fuse e2fsprogs gtk-doc-native curl xz"
 DEPENDS_append = "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', ' systemd', '', d)}"
 DEPENDS_remove_class-native = "systemd-native"
 
 RDEPENDS_${PN} = "python util-linux-libuuid util-linux-libblkid util-linux-libmount libcap bash"
 RDEPENDS_${PN}_remove_class-native = "python-native"
 
-EXTRA_OECONF = "--with-libarchive --disable-gtk-doc --disable-gtk-doc-html --disable-gtk-doc-pdf --disable-man --with-smack --with-builtin-grub2-mkconfig --with-curl"
+EXTRA_OECONF = "CFLAGS='-Wno-error=missing-prototypes' --with-libarchive --disable-gtk-doc --disable-gtk-doc-html --disable-gtk-doc-pdf --disable-man --with-smack --with-builtin-grub2-mkconfig --with-curl --without-soup"
 EXTRA_OECONF_append_class-native = " --enable-wrpseudo-compat"
 
 # Path to ${prefix}/lib/ostree/ostree-grub-generator is hardcoded on the
diff --git a/recipes-support/glib-networking/glib-networking_%.bbappend b/recipes-support/glib-networking/glib-networking_%.bbappend
deleted file mode 100644
index 22e6f05..0000000
--- a/recipes-support/glib-networking/glib-networking_%.bbappend
+++ /dev/null
@@ -1,8 +0,0 @@
-BBCLASSEXTEND_append_sota = " native nativesdk"
-
-# Hackery to prevent relocatable_native_pcfiles from crashing
-do_install_append_class-native () {
-	if [ -d ${D}${libdir}/pkgconfig ]; then
-		rmdir ${D}${libdir}/pkgconfig
-	fi
-}
diff --git a/recipes-support/libsoup/libsoup-2.4_%.bbappend b/recipes-support/libsoup/libsoup-2.4_%.bbappend
deleted file mode 100644
index 18383f1..0000000
--- a/recipes-support/libsoup/libsoup-2.4_%.bbappend
+++ /dev/null
@@ -1,3 +0,0 @@
-BBCLASSEXTEND_append_sota = " native nativesdk"
-
-DEPENDS_append_class-native = "${@bb.utils.contains('DISTRO_FEATURES', 'sota', ' glib-networking-native', ' ', d)}"
-- 
cgit v1.2.3-54-g00ecf


From 537de14d5018f9525964e7d4c64d736e9186c696 Mon Sep 17 00:00:00 2001
From: Anton Gerasimov <anton@advancedtelematic.com>
Date: Fri, 22 Dec 2017 19:14:16 +0100
Subject: Add support of ISO/TP legacy secondaries and serial CAN

---
 recipes-sota/aktualizr/aktualizr-auto-prov.bb       | 10 +---------
 recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb   |  9 +--------
 recipes-sota/aktualizr/aktualizr-implicit-prov.bb   |  9 +--------
 recipes-sota/aktualizr/aktualizr_git.bb             | 20 ++++++++++++++++++--
 .../aktualizr/files/aktualizr-serialcan.service     | 15 +++++++++++++++
 recipes-support/slcand-start/files/slcand@.service  |  8 ++++++++
 recipes-support/slcand-start/slcand-start.bb        | 21 +++++++++++++++++++++
 7 files changed, 65 insertions(+), 27 deletions(-)
 create mode 100644 recipes-sota/aktualizr/files/aktualizr-serialcan.service
 create mode 100644 recipes-support/slcand-start/files/slcand@.service
 create mode 100644 recipes-support/slcand-start/slcand-start.bb

diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov.bb b/recipes-sota/aktualizr/aktualizr-auto-prov.bb
index c97cbb8..2190512 100644
--- a/recipes-sota/aktualizr/aktualizr-auto-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-auto-prov.bb
@@ -1,4 +1,4 @@
-SUMMARY = "Aktualizr systemd service and configurations"
+SUMMARY = "Aktualizr configuration for autoprovisioning"
 DESCRIPTION = "Systemd service and configurations for autoprovisioning Aktualizr, the SOTA Client application written in C++"
 HOMEPAGE = "https://github.com/advancedtelematic/aktualizr"
 SECTION = "base"
@@ -11,13 +11,8 @@ PR = "6"
 
 SRC_URI = " \
   file://LICENSE \
-  file://aktualizr.service \
   "
 
-SYSTEMD_SERVICE_${PN} = "aktualizr.service"
-
-inherit systemd
-
 require environment.inc
 require credentials.inc
 
@@ -49,12 +44,9 @@ do_install() {
             zip -d ${D}${localstatedir}/sota/sota_provisioning_credentials.zip treehub.json
         fi
     fi
-    install -d ${D}${systemd_unitdir}/system
-    install -m 0644 ${WORKDIR}/aktualizr.service ${D}${systemd_unitdir}/system/aktualizr.service
 }
 
 FILES_${PN} = " \
-                ${systemd_unitdir}/system/aktualizr.service \
                 ${libdir}/sota/sota.toml \
                 ${localstatedir}/sota \
                 ${localstatedir}/sota/sota_provisioning_credentials.zip \
diff --git a/recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb b/recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb
index 8779c67..1e893fa 100644
--- a/recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb
@@ -1,4 +1,4 @@
-SUMMARY = "Aktualizr systemd service and configuration with HSM support"
+SUMMARY = "Aktualizr configuration with HSM support"
 DESCRIPTION = "Systemd service and configurations for Aktualizr, the SOTA Client application written in C++"
 HOMEPAGE = "https://github.com/advancedtelematic/aktualizr"
 SECTION = "base"
@@ -10,28 +10,21 @@ RDEPENDS_${PN} = "aktualizr softhsm softhsm-testtoken"
 
 SRC_URI = " \
   file://LICENSE \
-  file://aktualizr.service \
   "
 PV = "1.0"
 PR = "6"
 
-SYSTEMD_SERVICE_${PN} = "aktualizr.service"
-
-inherit systemd
 
 require environment.inc
 require credentials.inc
 
 do_install() {
-    install -d ${D}${systemd_unitdir}/system
-    install -m 0644 ${WORKDIR}/aktualizr.service ${D}${systemd_unitdir}/system/aktualizr.service
     install -d ${D}${libdir}/sota
     aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} --no-root-ca \
         -i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_hsm_test.toml -o ${D}${libdir}/sota/sota.toml -p ${D}
 }
 
 FILES_${PN} = " \
-                ${systemd_unitdir}/system/aktualizr.service \
                 ${libdir}/sota/sota.toml \
                 "
 
diff --git a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
index 67bd2c2..b5bf420 100644
--- a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
@@ -1,4 +1,4 @@
-SUMMARY = "Aktualizr systemd service and configurations"
+SUMMARY = "Aktualizr configuration for implicit provisioning"
 DESCRIPTION = "Systemd service and configurations for implicitly provisioning Aktualizr, the SOTA Client application written in C++"
 HOMEPAGE = "https://github.com/advancedtelematic/aktualizr"
 SECTION = "base"
@@ -11,19 +11,13 @@ PR = "1"
 
 SRC_URI = " \
   file://LICENSE \
-  file://aktualizr.service \
   "
 
-SYSTEMD_SERVICE_${PN} = "aktualizr.service"
-
-inherit systemd
 
 require environment.inc
 require credentials.inc
 
 do_install() {
-    install -d ${D}${systemd_unitdir}/system
-    install -m 0644 ${WORKDIR}/aktualizr.service ${D}${systemd_unitdir}/system/aktualizr.service
     install -d ${D}${libdir}/sota
     if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
         aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} \
@@ -32,7 +26,6 @@ do_install() {
 }
 
 FILES_${PN} = " \
-                ${systemd_unitdir}/system/aktualizr.service \
                 ${libdir}/sota/sota.toml \
                 ${libdir}/sota/root.crt \
                 "
diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb
index 3aed745..d2e5477 100644
--- a/recipes-sota/aktualizr/aktualizr_git.bb
+++ b/recipes-sota/aktualizr/aktualizr_git.bb
@@ -11,12 +11,15 @@ DEPENDS_append_class-native = "glib-2.0-native "
 
 RDEPENDS_${PN}_class-target = "lshw "
 RDEPENDS_${PN}_append_class-target = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', ' engine-pkcs11', '', d)} "
+RDEPENDS_${PN}_append_class-target = " ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'serialcan', '  slcand-start', '', d)} "
 
 PV = "1.0+git${SRCPV}"
 PR = "7"
 
 SRC_URI = " \
-  git://github.com/advancedtelematic/aktualizr;branch=${BRANCH} \
+  gitsm://github.com/advancedtelematic/aktualizr;branch=${BRANCH} \
+  file://aktualizr.service \
+  file://aktualizr-serialcan.service \
   "
 SRCREV = "6bd88e1de1f0216c0b411868af3a596d9974cd0c"
 BRANCH ?= "master"
@@ -25,6 +28,9 @@ S = "${WORKDIR}/git"
 
 inherit cmake
 
+inherit systemd
+SYSTEMD_SERVICE_${PN} = "aktualizr.service"
+
 BBCLASSEXTEND =+ "native"
 
 EXTRA_OECMAKE = "-DWARNING_AS_ERROR=OFF -DCMAKE_BUILD_TYPE=Release -DAKTUALIZR_VERSION=${PV} "
@@ -37,6 +43,11 @@ do_install_append () {
 do_install_append_class-target () {
     rm -f ${D}${bindir}/aktualizr_implicit_writer
     ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-example', '', 'rm -f ${D}${bindir}/example-interface', d)}
+    ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-isotp-example', '', 'rm -f ${D}${bindir}/isotp-test-interface', d)}
+
+    install -d ${D}${systemd_unitdir}/system
+    aktualizr_service=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'serialcan', '${WORKDIR}/aktualizr-serialcan.service', '${WORKDIR}/aktualizr.service', d)}
+    install -m 0644 ${aktualizr_service} ${D}${systemd_unitdir}/system/aktualizr.service
 }
 do_install_append_class-native () {
     rm -f ${D}${bindir}/aktualizr
@@ -46,13 +57,18 @@ do_install_append_class-native () {
     install -m 0644 ${S}/config/sota_autoprov.toml ${D}/${libdir}/sota/sota_autoprov.toml
     install -m 0644 ${S}/config/sota_hsm_test.toml ${D}/${libdir}/sota/sota_hsm_test.toml
     install -m 0644 ${S}/config/sota_implicit_prov.toml ${D}/${libdir}/sota/sota_implicit_prov.toml
+
+    install -m 0755 ${B}/src/sota_tools/garage-sign-prefix/src/garage-sign/bin/* ${D}${bindir}
+    install -m 0644 ${B}/src/sota_tools/garage-sign-prefix/src/garage-sign/lib/* ${D}${libdir}
 }
 
 FILES_${PN}_class-target = " \
                 ${bindir}/aktualizr \
                 ${bindir}/aktualizr-info \
+                ${systemd_unitdir}/system/aktualizr.service \
                 "
-FILES_${PN}_append_class-target = " ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-example', '${bindir}/example-interface', '', d)} "
+FILES_${PN}_append_class-target = " ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-example', ' ${bindir}/example-interface', '', d)} "
+FILES_${PN}_append_class-target = " ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-isotp-example', ' ${bindir}/isotp-test-interface', '', d)} "
 FILES_${PN}_class-native = " \
                 ${bindir}/aktualizr_implicit_writer \
                 ${bindir}/garage-deploy \
diff --git a/recipes-sota/aktualizr/files/aktualizr-serialcan.service b/recipes-sota/aktualizr/files/aktualizr-serialcan.service
new file mode 100644
index 0000000..b42f348
--- /dev/null
+++ b/recipes-sota/aktualizr/files/aktualizr-serialcan.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Aktualizr SOTA Client
+Wants=network-online.target slcand@ttyACM0.service
+After=network.target network-online.target slcand@ttyACM0.service
+
+Requires=network-online.target
+
+[Service]
+RestartSec=10
+Restart=always
+EnvironmentFile=/usr/lib/sota/sota.env
+ExecStart=/bin/sh -c "(ip addr | grep can0) && /usr/bin/aktualizr $AKTUALIZR_CMDLINE_PARAMETERS"
+
+[Install]
+WantedBy=multi-user.target
diff --git a/recipes-support/slcand-start/files/slcand@.service b/recipes-support/slcand-start/files/slcand@.service
new file mode 100644
index 0000000..c539568
--- /dev/null
+++ b/recipes-support/slcand-start/files/slcand@.service
@@ -0,0 +1,8 @@
+[Unit]
+Description=Serial CAN daemon (can-utils)
+
+[Service]
+Type=forking
+ExecStart=/usr/bin/slcand -o -c -s4 %I can0
+ExecStartPost=/bin/sh -c '/bin/sleep 3; /sbin/ip link set can0 up'
+
diff --git a/recipes-support/slcand-start/slcand-start.bb b/recipes-support/slcand-start/slcand-start.bb
new file mode 100644
index 0000000..dfefaea
--- /dev/null
+++ b/recipes-support/slcand-start/slcand-start.bb
@@ -0,0 +1,21 @@
+SUMMARY = "Mock smartcard for aktualizr"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \
+                    file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
+
+
+inherit systemd
+
+RDEPENDS_${PN} = "can-utils"
+
+SRC_URI = "file://slcand@.service"
+
+SYSTEMD_SERVICE_${PN} = "slcand@.service"
+
+do_install() {
+  install -d ${D}${systemd_unitdir}/system
+  install -m 0644 ${WORKDIR}/slcand@.service ${D}${systemd_unitdir}/system/slcand@.service
+}
+
+FILES_${PN} = "${systemd_unitdir}/system/createtoken.service"
+
-- 
cgit v1.2.3-54-g00ecf


From 56678801b71069a6df4c181eef353ee52e8ad94d Mon Sep 17 00:00:00 2001
From: Anton Gerasimov <anton.gerasimov@openmailbox.org>
Date: Mon, 8 Jan 2018 12:09:46 +0100
Subject: Support for BUILD_ISOTP cmake variable

---
 recipes-sota/aktualizr/aktualizr_git.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb
index d2e5477..4ea5e55 100644
--- a/recipes-sota/aktualizr/aktualizr_git.bb
+++ b/recipes-sota/aktualizr/aktualizr_git.bb
@@ -34,7 +34,7 @@ SYSTEMD_SERVICE_${PN} = "aktualizr.service"
 BBCLASSEXTEND =+ "native"
 
 EXTRA_OECMAKE = "-DWARNING_AS_ERROR=OFF -DCMAKE_BUILD_TYPE=Release -DAKTUALIZR_VERSION=${PV} "
-EXTRA_OECMAKE_append_class-target = " -DBUILD_OSTREE=ON ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', '-DBUILD_P11=ON', '', d)} "
+EXTRA_OECMAKE_append_class-target = " -DBUILD_OSTREE=ON -DBUILD_ISOTP=ON ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', '-DBUILD_P11=ON', '', d)} "
 EXTRA_OECMAKE_append_class-native = " -DBUILD_SOTA_TOOLS=ON -DBUILD_OSTREE=OFF "
 
 do_install_append () {
-- 
cgit v1.2.3-54-g00ecf


From c1872be518040d03f8836cec92e7e0a80f9a43f3 Mon Sep 17 00:00:00 2001
From: Anton Gerasimov <anton@advancedtelematic.com>
Date: Wed, 10 Jan 2018 16:33:56 +0100
Subject: Fix --repo parameter for garage-sign

---
 classes/image_types_ostree.bbclass | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass
index 3edbc72..cf2e52f 100644
--- a/classes/image_types_ostree.bbclass
+++ b/classes/image_types_ostree.bbclass
@@ -196,7 +196,7 @@ IMAGE_CMD_garagesign () {
         fi
 
         rm -rf ${GARAGE_SIGN_REPO}
-        garage-sign init --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --credentials ${SOTA_PACKED_CREDENTIALS}
+        garage-sign init --repo tufrepo --home-dir ${GARAGE_SIGN_REPO} --credentials ${SOTA_PACKED_CREDENTIALS}
 
         ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME})
 
@@ -204,11 +204,11 @@ IMAGE_CMD_garagesign () {
         #   in which case targets.json should be pulled again and the whole procedure repeated
         push_success=0
         for push_retries in $( seq 3 ); do
-            garage-sign targets pull --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO}
-            garage-sign targets add --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --name ${OSTREE_BRANCHNAME} --format OSTREE --version ${ostree_target_hash} --length 0 --url "https://example.com/" --sha256 ${ostree_target_hash} --hardwareids ${MACHINE}
-            garage-sign targets sign --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --key-name=targets
+            garage-sign targets pull --repo tufrepo --home-dir ${GARAGE_SIGN_REPO}
+            garage-sign targets add --repo tufrepo --home-dir ${GARAGE_SIGN_REPO} --name ${OSTREE_BRANCHNAME} --format OSTREE --version ${ostree_target_hash} --length 0 --url "https://example.com/" --sha256 ${ostree_target_hash} --hardwareids ${MACHINE}
+            garage-sign targets sign --repo tufrepo --home-dir ${GARAGE_SIGN_REPO} --key-name=targets
             errcode=0
-            garage-sign targets push --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} || errcode=$?
+            garage-sign targets push --repo tufrepo --home-dir ${GARAGE_SIGN_REPO} || errcode=$?
             if [ "$errcode" -eq "0" ]; then
                 push_success=1
                 break
-- 
cgit v1.2.3-54-g00ecf


From 07a7774937dc617a7cf0ce6534b57d874e498277 Mon Sep 17 00:00:00 2001
From: Anton Gerasimov <anton@advancedtelematic.com>
Date: Wed, 10 Jan 2018 16:59:22 +0100
Subject: Bump aktualizr version to get fixed garage-sign

---
 recipes-sota/aktualizr/aktualizr_git.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb
index 4ea5e55..48ed652 100644
--- a/recipes-sota/aktualizr/aktualizr_git.bb
+++ b/recipes-sota/aktualizr/aktualizr_git.bb
@@ -21,7 +21,7 @@ SRC_URI = " \
   file://aktualizr.service \
   file://aktualizr-serialcan.service \
   "
-SRCREV = "6bd88e1de1f0216c0b411868af3a596d9974cd0c"
+SRCREV = "e53f2a5747bba3e4f40609aa27f3d89e80c2d784"
 BRANCH ?= "master"
 
 S = "${WORKDIR}/git"
-- 
cgit v1.2.3-54-g00ecf


From 13a294b1aeec9cc18efd4ac006d104c73dded658 Mon Sep 17 00:00:00 2001
From: Anton Gerasimov <anton.gerasimov@openmailbox.org>
Date: Thu, 11 Jan 2018 23:24:04 +0100
Subject: Bump OSTree version

Patched merged into upstream removed, Minnowboard boot failure fixed
---
 .../0001-Allow-building-without-libsoup.patch      | 26 ----------------------
 recipes-sota/ostree/ostree_git.bb                  |  5 ++---
 2 files changed, 2 insertions(+), 29 deletions(-)
 delete mode 100644 recipes-sota/ostree/files/0001-Allow-building-without-libsoup.patch

diff --git a/recipes-sota/ostree/files/0001-Allow-building-without-libsoup.patch b/recipes-sota/ostree/files/0001-Allow-building-without-libsoup.patch
deleted file mode 100644
index f45bae4..0000000
--- a/recipes-sota/ostree/files/0001-Allow-building-without-libsoup.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 666e80acda17680e20d363ddc6fcf0a63f9c1dde Mon Sep 17 00:00:00 2001
-From: Anton Gerasimov <anton.gerasimov@openmailbox.org>
-Date: Thu, 21 Dec 2017 22:36:06 +0100
-Subject: [PATCH] Allow building without libsoup
-
----
- configure.ac | 3 ---
- 1 file changed, 3 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 92248af8..baf66e4f 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -182,9 +182,6 @@ AM_COND_IF(BUILDOPT_TRIVIAL_HTTPD,
-   [AC_DEFINE([BUILDOPT_ENABLE_TRIVIAL_HTTPD_CMDLINE], 1, [Define if we are enabling ostree trivial-httpd entrypoint])]
- )
- 
--AS_IF([test x$with_curl = xyes && test x$with_soup = xno], [
--  AC_MSG_ERROR([Curl enabled, but libsoup is not; libsoup is needed for tests])
--])
- AM_CONDITIONAL(USE_CURL_OR_SOUP, test x$with_curl != xno || test x$with_soup != xno)
- AS_IF([test x$with_curl != xno || test x$with_soup != xno],
-             [AC_DEFINE([HAVE_LIBCURL_OR_LIBSOUP], 1, [Define if we have soup or curl])])
--- 
-2.15.0
-
diff --git a/recipes-sota/ostree/ostree_git.bb b/recipes-sota/ostree/ostree_git.bb
index 9ef4478..00559b6 100644
--- a/recipes-sota/ostree/ostree_git.bb
+++ b/recipes-sota/ostree/ostree_git.bb
@@ -6,10 +6,9 @@ inherit autotools-brokensep pkgconfig systemd gobject-introspection
 
 INHERIT_remove_class-native = "systemd"
 
-SRC_URI = "gitsm://github.com/ostreedev/ostree.git;branch=master \
-           file://0001-Allow-building-without-libsoup.patch"
+SRC_URI = "gitsm://github.com/ostreedev/ostree.git;branch=master"
 
-SRCREV="ae61321046ad7f4148a5884c8c6c8b2594ff840e"
+SRCREV="854a823e05d6fe8b610c02c2a71eaeb2bf1e98a6"
 
 PV = "v2017.13"
 
-- 
cgit v1.2.3-54-g00ecf