diff options
| author | cajun-rat <phil@advancedtelematic.com> | 2017-11-13 16:55:21 +0100 | 
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-11-13 16:55:21 +0100 | 
| commit | 71410bd31ec76e55247807551e68a2061e277b08 (patch) | |
| tree | 0469c9a651d0ede7870c35d033f9008efa90501a | |
| parent | e622a08fc482718f9b221837844d4b7dee9fcf02 (diff) | |
| parent | e7d4fbf5cbe8f7b89df1a047ce891ecd4ecef55a (diff) | |
| download | meta-updater-71410bd31ec76e55247807551e68a2061e277b08.tar.gz | |
Merge pull request #173 from advancedtelematic/feat/PRO-4189/garage-sign
Add managing targets.json by garage-sign
| -rw-r--r-- | classes/image_types_ostree.bbclass | 56 | ||||
| -rw-r--r-- | classes/sota.bbclass | 9 | ||||
| -rw-r--r-- | recipes-sota/garage-sign/garage-sign.bb | 6 | 
3 files changed, 67 insertions, 4 deletions
| diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass index dcc6fc9..172f2c8 100644 --- a/classes/image_types_ostree.bbclass +++ b/classes/image_types_ostree.bbclass | |||
| @@ -5,6 +5,7 @@ inherit image | |||
| 5 | IMAGE_DEPENDS_ostree = "ostree-native:do_populate_sysroot \ | 5 | IMAGE_DEPENDS_ostree = "ostree-native:do_populate_sysroot \ | 
| 6 | openssl-native:do_populate_sysroot \ | 6 | openssl-native:do_populate_sysroot \ | 
| 7 | coreutils-native:do_populate_sysroot \ | 7 | coreutils-native:do_populate_sysroot \ | 
| 8 | unzip-native:do_populate_sysroot \ | ||
| 8 | virtual/kernel:do_deploy \ | 9 | virtual/kernel:do_deploy \ | 
| 9 | ${OSTREE_INITRAMFS_IMAGE}:do_image_complete" | 10 | ${OSTREE_INITRAMFS_IMAGE}:do_image_complete" | 
| 10 | 11 | ||
| @@ -104,6 +105,7 @@ IMAGE_CMD_ostree () { | |||
| 104 | if [ -d root ] && [ ! -L root ]; then | 105 | if [ -d root ] && [ ! -L root ]; then | 
| 105 | if [ "$(ls -A root)" ]; then | 106 | if [ "$(ls -A root)" ]; then | 
| 106 | bberror "Data in /root directory is not preserved by OSTree." | 107 | bberror "Data in /root directory is not preserved by OSTree." | 
| 108 | exit 1 | ||
| 107 | fi | 109 | fi | 
| 108 | 110 | ||
| 109 | if [ -n "$SYSTEMD_USED" ]; then | 111 | if [ -n "$SYSTEMD_USED" ]; then | 
| @@ -176,4 +178,58 @@ IMAGE_CMD_ostreepush () { | |||
| 176 | fi | 178 | fi | 
| 177 | } | 179 | } | 
| 178 | 180 | ||
| 181 | IMAGE_TYPEDEP_garagesign = "ostreepush" | ||
| 182 | IMAGE_DEPENDS_garagesign = "garage-sign-native:do_populate_sysroot" | ||
| 183 | IMAGE_CMD_garagesign () { | ||
| 184 | if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then | ||
| 185 | # if credentials are issued by a server that doesn't support offline signing, exit silently | ||
| 186 | unzip -p ${SOTA_PACKED_CREDENTIALS} root.json targets.pub targets.sec 2>&1 >/dev/null || exit 0 | ||
| 187 | |||
| 188 | java_version=$( java -version 2>&1 | awk -F '"' '/version/ {print $2}' ) | ||
| 189 | if [ "${java_version}" = "" ]; then | ||
| 190 | bberror "Java is required for synchronization with update backend, but is not installed on the host machine" | ||
| 191 | exit 1 | ||
| 192 | elif [ "${java_version}" \< "1.8" ]; then | ||
| 193 | bberror "Java version >= 8 is required for synchronization with update backend" | ||
| 194 | exit 1 | ||
| 195 | fi | ||
| 196 | |||
| 197 | if [ ! -d "${GARAGE_SIGN_REPO}" ]; then | ||
| 198 | garage-sign init --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --credentials ${SOTA_PACKED_CREDENTIALS} | ||
| 199 | fi | ||
| 200 | |||
| 201 | if [ -n "${GARAGE_SIGN_REPOSERVER}" ]; then | ||
| 202 | reposerver_args="--reposerver ${GARAGE_SIGN_REPOSERVER}" | ||
| 203 | else | ||
| 204 | reposerver_args="" | ||
| 205 | fi | ||
| 206 | |||
| 207 | ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME}) | ||
| 208 | |||
| 209 | # Push may fail due to race condition when multiple build machines try to push simultaneously | ||
| 210 | # in which case targets.json should be pulled again and the whole procedure repeated | ||
| 211 | push_success=0 | ||
| 212 | for push_retries in $( seq 3 ); do | ||
| 213 | garage-sign targets pull --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} ${reposerver_args} | ||
| 214 | garage-sign targets add --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --name ${OSTREE_BRANCHNAME} --format OSTREE --version ${OSTREE_BRANCHNAME} --length 0 --url "https://example.com/" --sha256 ${ostree_target_hash} --hardwareids ${MACHINE} | ||
| 215 | garage-sign targets sign --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --key-name=targets | ||
| 216 | errcode=0 | ||
| 217 | garage-sign targets push --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} ${reposerver_args} || errcode=$? | ||
| 218 | if [ "$errcode" -eq "0" ]; then | ||
| 219 | push_success=1 | ||
| 220 | break | ||
| 221 | else | ||
| 222 | bbwarn "Push to garage repository has failed, retrying" | ||
| 223 | fi | ||
| 224 | done | ||
| 225 | |||
| 226 | if [ "$push_success" -ne "1" ]; then | ||
| 227 | bberror "Couldn't push to garage repository" | ||
| 228 | exit 1 | ||
| 229 | fi | ||
| 230 | else | ||
| 231 | bbwarn "SOTA_PACKED_CREDENTIALS not set. Please add SOTA_PACKED_CREDENTIALS." | ||
| 232 | fi | ||
| 233 | } | ||
| 234 | |||
| 179 | # vim:set ts=4 sw=4 sts=4 expandtab: | 235 | # vim:set ts=4 sw=4 sts=4 expandtab: | 
| diff --git a/classes/sota.bbclass b/classes/sota.bbclass index 1865356..f5a42c1 100644 --- a/classes/sota.bbclass +++ b/classes/sota.bbclass | |||
| @@ -5,11 +5,13 @@ python __anonymous() { | |||
| 5 | 5 | ||
| 6 | OVERRIDES .= "${@bb.utils.contains('DISTRO_FEATURES', 'sota', ':sota', '', d)}" | 6 | OVERRIDES .= "${@bb.utils.contains('DISTRO_FEATURES', 'sota', ':sota', '', d)}" | 
| 7 | 7 | ||
| 8 | HOSTTOOLS_NONFATAL += "java" | ||
| 9 | |||
| 8 | SOTA_CLIENT ??= "aktualizr" | 10 | SOTA_CLIENT ??= "aktualizr" | 
| 9 | SOTA_CLIENT_PROV ??= "aktualizr-auto-prov" | 11 | SOTA_CLIENT_PROV ??= "aktualizr-auto-prov" | 
| 10 | IMAGE_INSTALL_append_sota = " ostree os-release ${SOTA_CLIENT} ${SOTA_CLIENT_PROV}" | 12 | IMAGE_INSTALL_append_sota = " ostree os-release ${SOTA_CLIENT} ${SOTA_CLIENT_PROV}" | 
| 11 | IMAGE_CLASSES += " image_types_ostree image_types_ota" | 13 | IMAGE_CLASSES += " image_types_ostree image_types_ota" | 
| 12 | IMAGE_FSTYPES += "${@bb.utils.contains('DISTRO_FEATURES', 'sota', 'ostreepush otaimg wic', ' ', d)}" | 14 | IMAGE_FSTYPES += "${@bb.utils.contains('DISTRO_FEATURES', 'sota', 'ostreepush garagesign otaimg wic', ' ', d)}" | 
| 13 | 15 | ||
| 14 | PACKAGECONFIG_append_pn-curl = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', " ssl", " ", d)}" | 16 | PACKAGECONFIG_append_pn-curl = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', " ssl", " ", d)}" | 
| 15 | PACKAGECONFIG_remove_pn-curl = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', " gnutls", " ", d)}" | 17 | PACKAGECONFIG_remove_pn-curl = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', " gnutls", " ", d)}" | 
| @@ -25,6 +27,11 @@ OSTREE_BRANCHNAME ?= "${MACHINE}" | |||
| 25 | OSTREE_OSNAME ?= "poky" | 27 | OSTREE_OSNAME ?= "poky" | 
| 26 | OSTREE_INITRAMFS_IMAGE ?= "initramfs-ostree-image" | 28 | OSTREE_INITRAMFS_IMAGE ?= "initramfs-ostree-image" | 
| 27 | 29 | ||
| 30 | |||
| 31 | GARAGE_SIGN_REPO ?= "${DEPLOY_DIR_IMAGE}/garage_sign_repo" | ||
| 32 | GARAGE_SIGN_KEYNAME ?= "garage-key" | ||
| 33 | GARAGE_TARGET_NAME ?= "${OSTREE_BRANCHNAME}" | ||
| 34 | |||
| 28 | SOTA_MACHINE ??="none" | 35 | SOTA_MACHINE ??="none" | 
| 29 | SOTA_MACHINE_raspberrypi2 ?= "raspberrypi" | 36 | SOTA_MACHINE_raspberrypi2 ?= "raspberrypi" | 
| 30 | SOTA_MACHINE_raspberrypi3 ?= "raspberrypi" | 37 | SOTA_MACHINE_raspberrypi3 ?= "raspberrypi" | 
| diff --git a/recipes-sota/garage-sign/garage-sign.bb b/recipes-sota/garage-sign/garage-sign.bb index 355a949..d5388bc 100644 --- a/recipes-sota/garage-sign/garage-sign.bb +++ b/recipes-sota/garage-sign/garage-sign.bb | |||
| @@ -6,14 +6,14 @@ LICENSE = "CLOSED" | |||
| 6 | LIC_FILES_CHKSUM = "file://${S}/docs/LICENSE;md5=3025e77db7bd3f1d616b3ffd11d54c94" | 6 | LIC_FILES_CHKSUM = "file://${S}/docs/LICENSE;md5=3025e77db7bd3f1d616b3ffd11d54c94" | 
| 7 | DEPENDS = "" | 7 | DEPENDS = "" | 
| 8 | 8 | ||
| 9 | PV = "0.2.0-29-gf6f095a" | 9 | PV = "0.2.0-35-g0544c33" | 
| 10 | 10 | ||
| 11 | SRC_URI = " \ | 11 | SRC_URI = " \ | 
| 12 | https://ats-tuf-cli-releases.s3-eu-central-1.amazonaws.com/cli-${PV}.tgz \ | 12 | https://ats-tuf-cli-releases.s3-eu-central-1.amazonaws.com/cli-${PV}.tgz \ | 
| 13 | " | 13 | " | 
| 14 | 14 | ||
| 15 | SRC_URI[md5sum] = "49ee4389570992f0cebb16d5943e4405" | 15 | SRC_URI[md5sum] = "1546e06d1e747f67aee5ed7096bf1c74" | 
| 16 | SRC_URI[sha256sum] = "59f902e6507adec3176bdf470fe5dea31996810a6300bd61583638d4ffe37ab3" | 16 | SRC_URI[sha256sum] = "1432348bca8ca5ad75df1218f348f480d429d7509d6454deb6e16ff31c5e08fc" | 
| 17 | 17 | ||
| 18 | S = "${WORKDIR}/${BPN}" | 18 | S = "${WORKDIR}/${BPN}" | 
| 19 | 19 | ||
