From 2ca5e74b17a01f5b0697382157241c595539b44f Mon Sep 17 00:00:00 2001 From: Anton Gerasimov Date: Tue, 21 Nov 2017 11:26:53 +0100 Subject: Check if the package and UPTANE target got to the backend --- classes/image_types_ostree.bbclass | 17 ++++++++++++++--- classes/sota.bbclass | 2 +- 2 files changed, 15 insertions(+), 4 deletions(-) (limited to 'classes') diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass index 172f2c8..db8cae6 100644 --- a/classes/image_types_ostree.bbclass +++ b/classes/image_types_ostree.bbclass @@ -183,7 +183,7 @@ IMAGE_DEPENDS_garagesign = "garage-sign-native:do_populate_sysroot" IMAGE_CMD_garagesign () { if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then # if credentials are issued by a server that doesn't support offline signing, exit silently - unzip -p ${SOTA_PACKED_CREDENTIALS} root.json targets.pub targets.sec 2>&1 >/dev/null || exit 0 + unzip -p ${SOTA_PACKED_CREDENTIALS} root.json targets.pub targets.sec repo.url 2>&1 >/dev/null || exit 0 java_version=$( java -version 2>&1 | awk -F '"' '/version/ {print $2}' ) if [ "${java_version}" = "" ]; then @@ -227,9 +227,20 @@ IMAGE_CMD_garagesign () { bberror "Couldn't push to garage repository" exit 1 fi - else - bbwarn "SOTA_PACKED_CREDENTIALS not set. Please add SOTA_PACKED_CREDENTIALS." fi } +IMAGE_TYPEDEP_garagecheck = "ostreepush garagesign" +IMAGE_DEPENDS_garagecheck = "aktualizr-native:do_populate_sysroot" +IMAGE_CMD_garagecheck () { + if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then + # if credentials are issued by a server that doesn't support offline signing, exit silently + unzip -p ${SOTA_PACKED_CREDENTIALS} root.json targets.pub targets.sec repo.url 2>&1 >/dev/null || exit 0 + ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME}) + + garage-check --ref=${ostree_target_hash} \ + --credentials=${SOTA_PACKED_CREDENTIALS} \ + --cacert=${STAGING_ETCDIR_NATIVE}/ssl/certs/ca-certificates.crt + fi +} # vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/classes/sota.bbclass b/classes/sota.bbclass index f5a42c1..0f42332 100644 --- a/classes/sota.bbclass +++ b/classes/sota.bbclass @@ -11,7 +11,7 @@ SOTA_CLIENT ??= "aktualizr" SOTA_CLIENT_PROV ??= "aktualizr-auto-prov" IMAGE_INSTALL_append_sota = " ostree os-release ${SOTA_CLIENT} ${SOTA_CLIENT_PROV}" IMAGE_CLASSES += " image_types_ostree image_types_ota" -IMAGE_FSTYPES += "${@bb.utils.contains('DISTRO_FEATURES', 'sota', 'ostreepush garagesign otaimg wic', ' ', d)}" +IMAGE_FSTYPES += "${@bb.utils.contains('DISTRO_FEATURES', 'sota', 'ostreepush garagesign garagecheck otaimg wic', ' ', d)}" PACKAGECONFIG_append_pn-curl = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', " ssl", " ", d)}" PACKAGECONFIG_remove_pn-curl = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', " gnutls", " ", d)}" -- cgit v1.2.3-54-g00ecf From 253ba5f803615dd0c9213a68886ba4250cc4e3e1 Mon Sep 17 00:00:00 2001 From: Anton Gerasimov Date: Wed, 22 Nov 2017 14:50:37 +0100 Subject: Rename repo.url -> tufrepo.url Also pass this URL to garage-sign --- classes/image_types_ostree.bbclass | 10 +++------- recipes-sota/aktualizr/aktualizr_git.bb | 2 +- 2 files changed, 4 insertions(+), 8 deletions(-) (limited to 'classes') diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass index db8cae6..ea3c7a2 100644 --- a/classes/image_types_ostree.bbclass +++ b/classes/image_types_ostree.bbclass @@ -183,7 +183,7 @@ IMAGE_DEPENDS_garagesign = "garage-sign-native:do_populate_sysroot" IMAGE_CMD_garagesign () { if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then # if credentials are issued by a server that doesn't support offline signing, exit silently - unzip -p ${SOTA_PACKED_CREDENTIALS} root.json targets.pub targets.sec repo.url 2>&1 >/dev/null || exit 0 + unzip -p ${SOTA_PACKED_CREDENTIALS} root.json targets.pub targets.sec tufrepo.url 2>&1 >/dev/null || exit 0 java_version=$( java -version 2>&1 | awk -F '"' '/version/ {print $2}' ) if [ "${java_version}" = "" ]; then @@ -198,11 +198,7 @@ IMAGE_CMD_garagesign () { garage-sign init --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --credentials ${SOTA_PACKED_CREDENTIALS} fi - if [ -n "${GARAGE_SIGN_REPOSERVER}" ]; then - reposerver_args="--reposerver ${GARAGE_SIGN_REPOSERVER}" - else - reposerver_args="" - fi + reposerver_args="--reposerver $( unzip -p ${SOTA_PACKED_CREDENTIALS} tufrepo.url )" ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME}) @@ -235,7 +231,7 @@ IMAGE_DEPENDS_garagecheck = "aktualizr-native:do_populate_sysroot" IMAGE_CMD_garagecheck () { if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then # if credentials are issued by a server that doesn't support offline signing, exit silently - unzip -p ${SOTA_PACKED_CREDENTIALS} root.json targets.pub targets.sec repo.url 2>&1 >/dev/null || exit 0 + unzip -p ${SOTA_PACKED_CREDENTIALS} root.json targets.pub targets.sec tufrepo.url 2>&1 >/dev/null || exit 0 ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME}) garage-check --ref=${ostree_target_hash} \ diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index 3cd8a64..6c4b57c 100644 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -18,7 +18,7 @@ PR = "7" SRC_URI = " \ git://github.com/advancedtelematic/aktualizr;branch=${BRANCH} \ " -SRCREV = "612da8cae6e72ce7250de2fb5333af0d7041de7b" +SRCREV = "5c871180bc3c1f845d0e95e6f4876a581ed0f919" BRANCH ?= "master" S = "${WORKDIR}/git" -- cgit v1.2.3-54-g00ecf From 6f13bd2461f88f9658a3d94bffe9550d05fa5da4 Mon Sep 17 00:00:00 2001 From: Phil Wise Date: Tue, 28 Nov 2017 08:22:26 +0100 Subject: Fix builds outside the .repo directory The repo tool searches up the directory tree to find the .repo directory. Cleanly handle the case where it can't find anything. --- classes/image_repo_manifest.bbclass | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'classes') diff --git a/classes/image_repo_manifest.bbclass b/classes/image_repo_manifest.bbclass index d508574..2012363 100644 --- a/classes/image_repo_manifest.bbclass +++ b/classes/image_repo_manifest.bbclass @@ -14,9 +14,9 @@ HOSTTOOLS_NONFATAL += " repo " # Write build information to target filesystem buildinfo () { if [ $(which repo) ]; then - repo manifest --revision-as-HEAD -o ${IMAGE_ROOTFS}${sysconfdir}/manifest.xml + repo manifest --revision-as-HEAD -o ${IMAGE_ROOTFS}${sysconfdir}/manifest.xml || echo "Android repo tool failed to run; manifest not copied" else - echo "Android repo tool not food; manifest not copied." + echo "Android repo tool not found; manifest not copied." fi } -- cgit v1.2.3-54-g00ecf From a212eae4a5878860917e93c9268a5e57d94d70f9 Mon Sep 17 00:00:00 2001 From: Anton Gerasimov Date: Tue, 28 Nov 2017 10:46:07 +0100 Subject: Remove sdimg-rpi from IMAGE_FSTYPES The image is incompatible with meta-updater and we have our own --- classes/sota_raspberrypi.bbclass | 1 + 1 file changed, 1 insertion(+) (limited to 'classes') diff --git a/classes/sota_raspberrypi.bbclass b/classes/sota_raspberrypi.bbclass index 51d07b2..f8e7347 100644 --- a/classes/sota_raspberrypi.bbclass +++ b/classes/sota_raspberrypi.bbclass @@ -3,6 +3,7 @@ PREFERRED_PROVIDER_virtual/bootloader_sota ?= "u-boot" UBOOT_MACHINE_raspberrypi2_sota ?= "rpi_2_defconfig" UBOOT_MACHINE_raspberrypi3_sota ?= "rpi_3_32b_defconfig" +IMAGE_FSTYPES_remove_sota = "rpi-sdimg" OSTREE_BOOTLOADER ?= "u-boot" # OSTree puts its own boot.scr to bcm2835-bootfiles -- cgit v1.2.3-54-g00ecf From c7cc719de50d16f7edd625c15d68a2938f93d1bf Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Tue, 5 Dec 2017 17:00:41 +0100 Subject: Fix garage-sign targets add. --- classes/image_types_ostree.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'classes') diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass index ea3c7a2..56a9720 100644 --- a/classes/image_types_ostree.bbclass +++ b/classes/image_types_ostree.bbclass @@ -207,7 +207,7 @@ IMAGE_CMD_garagesign () { push_success=0 for push_retries in $( seq 3 ); do garage-sign targets pull --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} ${reposerver_args} - garage-sign targets add --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --name ${OSTREE_BRANCHNAME} --format OSTREE --version ${OSTREE_BRANCHNAME} --length 0 --url "https://example.com/" --sha256 ${ostree_target_hash} --hardwareids ${MACHINE} + garage-sign targets add --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --name ${OSTREE_BRANCHNAME} --format OSTREE --version ${ostree_target_hash} --length 0 --url "https://example.com/" --sha256 ${ostree_target_hash} --hardwareids ${MACHINE} garage-sign targets sign --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --key-name=targets errcode=0 garage-sign targets push --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} ${reposerver_args} || errcode=$? -- cgit v1.2.3-54-g00ecf From 9ba47ed5058d525c575905caa937c1eca190f7b2 Mon Sep 17 00:00:00 2001 From: Anton Gerasimov Date: Thu, 7 Dec 2017 10:43:08 +0100 Subject: Deploy OSTree image without a branch name --- classes/image_types_ota.bbclass | 6 ++++-- recipes-sota/aktualizr/aktualizr_git.bb | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) (limited to 'classes') diff --git a/classes/image_types_ota.bbclass b/classes/image_types_ota.bbclass index 09c30ff..5dc4811 100644 --- a/classes/image_types_ota.bbclass +++ b/classes/image_types_ota.bbclass @@ -85,14 +85,16 @@ IMAGE_CMD_otaimg () { bberror "Invalid bootloader: ${OSTREE_BOOTLOADER}" fi; - ostree --repo=${PHYS_SYSROOT}/ostree/repo pull-local --remote=${OSTREE_OSNAME} ${OSTREE_REPO} ${OSTREE_BRANCHNAME} + ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME}) + + ostree --repo=${PHYS_SYSROOT}/ostree/repo pull-local --remote=${OSTREE_OSNAME} ${OSTREE_REPO} ${ostree_target_hash} export OSTREE_BOOT_PARTITION="/boot" kargs_list="" for arg in ${OSTREE_KERNEL_ARGS}; do kargs_list="${kargs_list} --karg-append=$arg" done - ostree admin --sysroot=${PHYS_SYSROOT} deploy ${kargs_list} --os=${OSTREE_OSNAME} ${OSTREE_BRANCHNAME} + ostree admin --sysroot=${PHYS_SYSROOT} deploy ${kargs_list} --os=${OSTREE_OSNAME} ${ostree_target_hash} # Copy deployment /home and /var/sota to sysroot HOME_TMP=`mktemp -d ${WORKDIR}/home-tmp-XXXXX` diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index e713571..44af1f6 100644 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -18,7 +18,7 @@ PR = "7" SRC_URI = " \ git://github.com/advancedtelematic/aktualizr;branch=${BRANCH} \ " -SRCREV = "1fb258b13547e229043113380e4a69d404756524" +SRCREV = "57e9cdb8aa1e8ee9e682628bd67031d9be7aaafa" BRANCH ?= "master" S = "${WORKDIR}/git" -- cgit v1.2.3-54-g00ecf From 037d091061bbb98ee41ee53270889ba0e9ebd8d1 Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Fri, 15 Dec 2017 12:07:17 +0100 Subject: Update documentation, specifically about variables to support secondaries. Also add a missing mkdir so that SOTA_SECONDARY_ECUS actually works. We can improve this in the future but for now it works and I'm using it. --- README.adoc | 21 ++++++++++++--------- classes/image_types_ostree.bbclass | 1 + 2 files changed, 13 insertions(+), 9 deletions(-) (limited to 'classes') diff --git a/README.adoc b/README.adoc index b4608d5..7b4cf2b 100644 --- a/README.adoc +++ b/README.adoc @@ -1,10 +1,10 @@ = meta-updater -This layer enables over-the-air updates (OTA) with https://github.com/ostreedev/ostree[OSTree] and https://github.com/advancedtelematic/rvi_sota_client[RVI SOTA client]. +This layer enables over-the-air updates (OTA) with https://github.com/ostreedev/ostree[OSTree] and https://github.com/advancedtelematic/aktualizr[Aktualizr]. https://github.com/ostreedev/ostree[OSTree] is a tool for atomic full file system upgrades with rollback capability. OSTree has several advantages over traditional dual-bank systems, but the most important one is that it minimizes network bandwidth and data storage footprint by sharing files with the same contents across file system deployments. -https://github.com/advancedtelematic/rvi_sota_client[RVI SOTA client] and/or https://github.com/advancedtelematic/aktualizr[aktualizr] add authentication and provisioning capabilities to OTA and are integrated with OSTree. You can connect with the open-source https://github.com/advancedtelematic/rvi_sota_server[RVI SOTA server] or sign up for a free account at https://app.atsgarage.com[ATS Garage] to get started. +https://github.com/advancedtelematic/aktualizr[Aktualizr] (and https://github.com/advancedtelematic/rvi_sota_client[RVI SOTA client]) add authentication and provisioning capabilities to OTA and are integrated with OSTree. You can connect with the open-source https://github.com/advancedtelematic/rvi_sota_server[RVI SOTA server] or sign up for a free account at https://app.atsgarage.com[ATS Garage] to get started. == Build @@ -22,8 +22,6 @@ If you already have a Yocto-based project and you want to add atomic filesystem You can then build your image as usual, with bitbake. After building the root file system, bitbake will then create an https://ostree.readthedocs.io/en/latest/manual/adapting-existing/[OSTree-enabled version] of it, commit it to your local OSTree repo and (optionally) push it to a remote server. Additionally, a live disk image will be created (normally named $\{IMAGE_NAME}.-sdimg-ota e.g. core-image-raspberrypi3.rpi-sdimg-ota). You can control this behaviour through <>. -=== Build with OpenIVI - === Build in AGL With AGL you can just add agl-sota feature while configuring your build environment: @@ -67,11 +65,16 @@ Although we have used U-Boot so far, other boot loaders can be configured work w == SOTA-related variables in local.conf -* OSTREE_REPO - path to your OSTree repository. Defaults to "$\{DEPLOY_DIR_IMAGE}/ostree_repo" -* OSTREE_BRANCHNAME - the branch your rootfs will be committed to. Defaults to "ota" -* OSTREE_OSNAME - OS deployment name on your target device. For more information about deployments and osnames see the https://ostree.readthedocs.io/en/latest/manual/deployment/[OSTree documentation]. Defaults to "poky". -* OSTREE_INITRAMFS_IMAGE - initramfs/initrd image that is used as a proxy while booting into OSTree deployment. Do not change this setting unless you are sure that your initramfs can serve as such a proxy. -* SOTA_PACKED_CREDENTIALS - when set, your ostree commit will be pushed to a remote repo as a bitbake step. This should be the path to a JSON credentials file in https://github.com/advancedtelematic/sota-tools#credentials[the format accepted by garage-push]. +* `OSTREE_REPO` - path to your OSTree repository. Defaults to `$\{DEPLOY_DIR_IMAGE}/ostree_repo` +* `OSTREE_BRANCHNAME` - the branch your rootfs will be committed to. Defaults to the same value as `MACHINE`. +* `OSTREE_OSNAME` - OS deployment name on your target device. For more information about deployments and osnames see the https://ostree.readthedocs.io/en/latest/manual/deployment/[OSTree documentation]. Defaults to "poky". +* `OSTREE_INITRAMFS_IMAGE` - initramfs/initrd image that is used as a proxy while booting into OSTree deployment. Do not change this setting unless you are sure that your initramfs can serve as such a proxy. +* `SOTA_PACKED_CREDENTIALS` - when set, your ostree commit will be pushed to a remote repo as a bitbake step. This should be the path to a zipped credentials file in https://github.com/advancedtelematic/aktualizr/blob/master/docs/credentials.adoc[the format accepted by garage-push]. +* `SOTA_CLIENT_PROV` - which provisioning method to use. Valid options are https://github.com/advancedtelematic/aktualizr/blob/master/docs/automatic-provisioning.adoc[`aktualizr-auto-prov`], https://github.com/advancedtelematic/aktualizr/blob/master/docs/implicit-provisioning.adoc[`aktualizr-implicit-prov`], and `aktualizr-hsm-test-prov`. The default is `aktualizr-auto-prov`. This can also be set to an empty string to avoid using a provisioning recipe. +* `SOTA_CLIENT_FEATURES` - extensions to aktualizr. Multiple can be specified if separated by spaces. Valid options are `hsm` (to build with HSM support) and `secondary-example` (to install an example https://github.com/advancedtelematic/aktualizr/blob/master/docs/legacysecondary.adoc[legacy secondary interface] in the image). +* `SOTA_LEGACY_SECONDARY_INTERFACE` - path to a legacy secondary interface installed on the device. To use the example interface from the Aktualizr repo, use `/usr/bin/example-interface` and make sure `SOTA_CLIENT_FEATURES = "secondary-example"`. +* `SOTA_SECONDARY_ECUS` - a list of paths separated by spaces of JSON configuration files for virtual secondaries on the host. These will be installed into `/var/sota/ecus` on the device. +* `SOTA_VIRTUAL_SECONDARIES` - a list of paths separated by spaces of JSON configuration files for virtual secondaries installed on the device. If `SOTA_SECONDARY_ECUS` is used to install them, then you can expect them to be installed in `/var/sota/ecus`. == Usage diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass index 56a9720..a20a135 100644 --- a/classes/image_types_ostree.bbclass +++ b/classes/image_types_ostree.bbclass @@ -119,6 +119,7 @@ IMAGE_CMD_ostree () { fi if [ -n "${SOTA_SECONDARY_ECUS}" ]; then + mkdir -p var/sota/ecus cp ${SOTA_SECONDARY_ECUS} var/sota/ecus fi -- cgit v1.2.3-54-g00ecf From 6630a83d1292bb96a531208b7c52aa1744c54f79 Mon Sep 17 00:00:00 2001 From: Anton Gerasimov Date: Wed, 13 Dec 2017 15:30:03 +0100 Subject: Fixes for Spekulatius - New garage-sign interface - Remove garage-sign recipe (now installed with aktualizr-native) - Small but critical bugfixes in aktualizr --- classes/image_repo_manifest.bbclass | 4 +-- classes/image_types_ostree.bbclass | 13 ++++----- classes/sota.bbclass | 4 +-- lib/oeqa/selftest/updater.py | 14 ++-------- recipes-sota/aktualizr/aktualizr-implicit-prov.bb | 2 +- recipes-sota/aktualizr/aktualizr_git.bb | 2 +- recipes-sota/garage-sign/garage-sign.bb | 33 ----------------------- 7 files changed, 13 insertions(+), 59 deletions(-) delete mode 100644 recipes-sota/garage-sign/garage-sign.bb (limited to 'classes') diff --git a/classes/image_repo_manifest.bbclass b/classes/image_repo_manifest.bbclass index 2012363..467fd9a 100644 --- a/classes/image_repo_manifest.bbclass +++ b/classes/image_repo_manifest.bbclass @@ -14,9 +14,9 @@ HOSTTOOLS_NONFATAL += " repo " # Write build information to target filesystem buildinfo () { if [ $(which repo) ]; then - repo manifest --revision-as-HEAD -o ${IMAGE_ROOTFS}${sysconfdir}/manifest.xml || echo "Android repo tool failed to run; manifest not copied" + repo manifest --revision-as-HEAD -o ${IMAGE_ROOTFS}${sysconfdir}/manifest.xml || bbwarn "Android repo tool failed to run; manifest not copied" else - echo "Android repo tool not found; manifest not copied." + bbwarn "Android repo tool not found; manifest not copied." fi } diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass index 56a9720..05db62a 100644 --- a/classes/image_types_ostree.bbclass +++ b/classes/image_types_ostree.bbclass @@ -179,7 +179,7 @@ IMAGE_CMD_ostreepush () { } IMAGE_TYPEDEP_garagesign = "ostreepush" -IMAGE_DEPENDS_garagesign = "garage-sign-native:do_populate_sysroot" +IMAGE_DEPENDS_garagesign = "aktualizr-native:do_populate_sysroot" IMAGE_CMD_garagesign () { if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then # if credentials are issued by a server that doesn't support offline signing, exit silently @@ -194,11 +194,8 @@ IMAGE_CMD_garagesign () { exit 1 fi - if [ ! -d "${GARAGE_SIGN_REPO}" ]; then - garage-sign init --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --credentials ${SOTA_PACKED_CREDENTIALS} - fi - - reposerver_args="--reposerver $( unzip -p ${SOTA_PACKED_CREDENTIALS} tufrepo.url )" + rm -rf ${GARAGE_SIGN_REPO} + garage-sign init --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --credentials ${SOTA_PACKED_CREDENTIALS} ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME}) @@ -206,11 +203,11 @@ IMAGE_CMD_garagesign () { # in which case targets.json should be pulled again and the whole procedure repeated push_success=0 for push_retries in $( seq 3 ); do - garage-sign targets pull --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} ${reposerver_args} + garage-sign targets pull --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} garage-sign targets add --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --name ${OSTREE_BRANCHNAME} --format OSTREE --version ${ostree_target_hash} --length 0 --url "https://example.com/" --sha256 ${ostree_target_hash} --hardwareids ${MACHINE} garage-sign targets sign --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --key-name=targets errcode=0 - garage-sign targets push --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} ${reposerver_args} || errcode=$? + garage-sign targets push --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} || errcode=$? if [ "$errcode" -eq "0" ]; then push_success=1 break diff --git a/classes/sota.bbclass b/classes/sota.bbclass index 0f42332..bbb9ac9 100644 --- a/classes/sota.bbclass +++ b/classes/sota.bbclass @@ -13,8 +13,8 @@ IMAGE_INSTALL_append_sota = " ostree os-release ${SOTA_CLIENT} ${SOTA_CLIENT_PRO IMAGE_CLASSES += " image_types_ostree image_types_ota" IMAGE_FSTYPES += "${@bb.utils.contains('DISTRO_FEATURES', 'sota', 'ostreepush garagesign garagecheck otaimg wic', ' ', d)}" -PACKAGECONFIG_append_pn-curl = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', " ssl", " ", d)}" -PACKAGECONFIG_remove_pn-curl = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', " gnutls", " ", d)}" +PACKAGECONFIG_append_pn-curl = " ssl" +PACKAGECONFIG_remove_pn-curl = "gnutls" WKS_FILE_sota ?= "sdimage-sota.wks" diff --git a/lib/oeqa/selftest/updater.py b/lib/oeqa/selftest/updater.py index c07b154..f28349f 100644 --- a/lib/oeqa/selftest/updater.py +++ b/lib/oeqa/selftest/updater.py @@ -31,23 +31,13 @@ class SotaToolsTests(oeSelfTest): result = runCmd('%s --help' % p, ignore_status=True) self.assertEqual(result.status, 0, "Status not equal to 0. output: %s" % result.output) - -class GarageSignTests(oeSelfTest): - - @classmethod - def setUpClass(cls): - logger = logging.getLogger("selftest") - logger.info('Running bitbake to build garage-sign-native') - bitbake('garage-sign-native') - - def test_help(self): - bb_vars = get_bb_vars(['SYSROOT_DESTDIR', 'bindir'], 'garage-sign-native') + def test_garagesign_help(self): + bb_vars = get_bb_vars(['SYSROOT_DESTDIR', 'bindir'], 'aktualizr-native') p = bb_vars['SYSROOT_DESTDIR'] + bb_vars['bindir'] + "/" + "garage-sign" self.assertTrue(os.path.isfile(p), msg = "No garage-sign found (%s)" % p) result = runCmd('%s --help' % p, ignore_status=True) self.assertEqual(result.status, 0, "Status not equal to 0. output: %s" % result.output) - class HsmTests(oeSelfTest): def test_hsm(self): diff --git a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb index 67bd2c2..e5d9c9b 100644 --- a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb @@ -27,7 +27,7 @@ do_install() { install -d ${D}${libdir}/sota if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} \ - -i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov.toml -o ${D}${libdir}/sota/sota.toml -p ${D} + -i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov.toml -o ${D}${libdir}/sota/sota.toml -p ${D} --no-root-ca fi } diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index e4ffc5a..08aa6c2 100644 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb @@ -18,7 +18,7 @@ PR = "7" SRC_URI = " \ git://github.com/advancedtelematic/aktualizr;branch=${BRANCH} \ " -SRCREV = "5bf2975aee4af667a1af17381bf68c34a00f03a3" +SRCREV = "eb6c0b43c2b8b32f66f228c1c3f590b5c16ad448" BRANCH ?= "master" S = "${WORKDIR}/git" diff --git a/recipes-sota/garage-sign/garage-sign.bb b/recipes-sota/garage-sign/garage-sign.bb deleted file mode 100644 index 32dda47..0000000 --- a/recipes-sota/garage-sign/garage-sign.bb +++ /dev/null @@ -1,33 +0,0 @@ -SUMMARY = "garage-sign" -DESCRIPTION = "Metadata signing tool for ATS Garage" -HOMEPAGE = "https://ats-tuf-cli-releases.s3-eu-central-1.amazonaws.com/index.html" -SECTION = "base" -LICENSE = "CLOSED" -LIC_FILES_CHKSUM = "file://${S}/docs/LICENSE;md5=3025e77db7bd3f1d616b3ffd11d54c94" -DEPENDS = "" - -PV = "0.2.0-57-g3f86c67" - -SRC_URI = " \ - https://ats-tuf-cli-releases.s3-eu-central-1.amazonaws.com/cli-${PV}.tgz \ - " - -SRC_URI[md5sum] = "5bbe080c0c3a80928b8856d2076dd49a" -SRC_URI[sha256sum] = "f653d24172ed245a6256b2f341a9b77bddf624cd6bbda574c1a85430e3155394" - -S = "${WORKDIR}/${BPN}" - -BBCLASSEXTEND =+ "native" - -do_install() { - install -d ${D}${bindir} - install -m "0755" -t ${D}${bindir} ${S}/bin/* - install -d ${D}${libdir} - install -m "0644" -t ${D}${libdir} ${S}/lib/* -} - -FILES_${PN} = " \ - ${bindir}/garage-sign.bat \ - ${bindir}/garage-sign \ - ${libdir}/* \ - " -- cgit v1.2.3-54-g00ecf From c1872be518040d03f8836cec92e7e0a80f9a43f3 Mon Sep 17 00:00:00 2001 From: Anton Gerasimov Date: Wed, 10 Jan 2018 16:33:56 +0100 Subject: Fix --repo parameter for garage-sign --- classes/image_types_ostree.bbclass | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'classes') diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass index 3edbc72..cf2e52f 100644 --- a/classes/image_types_ostree.bbclass +++ b/classes/image_types_ostree.bbclass @@ -196,7 +196,7 @@ IMAGE_CMD_garagesign () { fi rm -rf ${GARAGE_SIGN_REPO} - garage-sign init --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --credentials ${SOTA_PACKED_CREDENTIALS} + garage-sign init --repo tufrepo --home-dir ${GARAGE_SIGN_REPO} --credentials ${SOTA_PACKED_CREDENTIALS} ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME}) @@ -204,11 +204,11 @@ IMAGE_CMD_garagesign () { # in which case targets.json should be pulled again and the whole procedure repeated push_success=0 for push_retries in $( seq 3 ); do - garage-sign targets pull --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} - garage-sign targets add --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --name ${OSTREE_BRANCHNAME} --format OSTREE --version ${ostree_target_hash} --length 0 --url "https://example.com/" --sha256 ${ostree_target_hash} --hardwareids ${MACHINE} - garage-sign targets sign --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --key-name=targets + garage-sign targets pull --repo tufrepo --home-dir ${GARAGE_SIGN_REPO} + garage-sign targets add --repo tufrepo --home-dir ${GARAGE_SIGN_REPO} --name ${OSTREE_BRANCHNAME} --format OSTREE --version ${ostree_target_hash} --length 0 --url "https://example.com/" --sha256 ${ostree_target_hash} --hardwareids ${MACHINE} + garage-sign targets sign --repo tufrepo --home-dir ${GARAGE_SIGN_REPO} --key-name=targets errcode=0 - garage-sign targets push --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} || errcode=$? + garage-sign targets push --repo tufrepo --home-dir ${GARAGE_SIGN_REPO} || errcode=$? if [ "$errcode" -eq "0" ]; then push_success=1 break -- cgit v1.2.3-54-g00ecf