Merge pull request #383 from advancedtelematic/feat/OTA-719/nodeploy

Add SOTA_DEPLOY_CREDENTIALS variable to control whether the built image should be provisioned
author: Patrick Vacek <patrickvacek@gmail.com> 2018-10-01 16:49:31 +0200
committer: GitHub <noreply@github.com> 2018-10-01 16:49:31 +0200
commit: a9d43a87ed1cc6b61257299d534b7922644c6ecd (patch)
tree: 0dfbf98077d7701343bdda2f61532f5d4b27db43
parent: 9476fa542cc7bc7695c58b54398b104f8e7023b6 (diff)
parent: e689954dc9a07f1ceef65c797056f805daad90a9 (diff)
download: meta-updater-a9d43a87ed1cc6b61257299d534b7922644c6ecd.tar.gz
11 files changed, 119 insertions, 112 deletions
diff --git a/README.adoc b/README.adoc
index 7ffdde2..a2b0e3d 100644
--- a/README.adoc
+++ b/README.adoc
@@ -80,7 +80,8 @@ Although we have used U-Boot so far, other boot loaders can be configured work w
 * `OSTREE_OSNAME` - OS deployment name on your target device. For more information about deployments and osnames see the https://ostree.readthedocs.io/en/latest/manual/deployment/[OSTree documentation]. Defaults to "poky".
 * `INITRAMFS_IMAGE` - initramfs/initrd image that is used as a proxy while booting into OSTree deployment. Do not change this setting unless you are sure that your initramfs can serve as such a proxy.
 * `SOTA_PACKED_CREDENTIALS` - when set, your ostree commit will be pushed to a remote repo as a bitbake step. This should be the path to a zipped credentials file in https://github.com/advancedtelematic/aktualizr/blob/master/docs/credentials.adoc[the format accepted by garage-push].
-* `SOTA_CLIENT_PROV` - which provisioning method to use. Valid options are https://github.com/advancedtelematic/aktualizr/blob/master/docs/automatic-provisioning.adoc[`aktualizr-auto-prov`], https://github.com/advancedtelematic/aktualizr/blob/master/docs/implicit-provisioning.adoc[`aktualizr-implicit-prov`], and https://github.com/advancedtelematic/aktualizr/blob/master/docs/hsm-provisioning.adoc[`aktualizr-hsm-prov`]. The default is `aktualizr-auto-prov`. This can also be set to an empty string to avoid using a provisioning recipe.
+* `SOTA_DEPLOY_CREDENTIALS` - when set to '1' (default value), deploys credentials to the built image. Override it in `local.conf` to built a generic image that can be provisioned manually after the build.
+* `SOTA_CLIENT_PROV` - which provisioning method to use. Valid options are https://github.com/advancedtelematic/aktualizr/blob/master/docs/automatic-provisioning.adoc[`aktualizr-auto-prov`], https://github.com/advancedtelematic/aktualizr/blob/master/docs/implicit-provisioning.adoc[`aktualizr-ca-implicit-prov`], and https://github.com/advancedtelematic/aktualizr/blob/master/docs/hsm-provisioning.adoc[`aktualizr-hsm-prov`]. The default is `aktualizr-auto-prov`. This can also be set to an empty string to avoid using a provisioning recipe.
 * `SOTA_CLIENT_FEATURES` - extensions to aktualizr. The only valid options are `hsm` (to build with HSM support) and `secondary-network` (to set up a simulated 'in-vehicle' network with support for a primary node with a DHCP server and a secondary node with a DHCP client).
 * `SOTA_SECONDARY_ECUS` - a list of paths separated by spaces of JSON configuration files for virtual secondaries on the host. These will be installed into `/var/sota/ecus` on the device.
 * `SOTA_VIRTUAL_SECONDARIES` - a list of paths separated by spaces of JSON configuration files for virtual secondaries installed on the device. If `SOTA_SECONDARY_ECUS` is used to install them, then you can expect them to be installed in `/var/sota/ecus`.
@@ -197,3 +198,16 @@ oe-selftest --run-tests updater
 ```
 For more information about oe-selftest, including details about how to run individual test modules or classes, please refer to the https://wiki.yoctoproject.org/wiki/Oe-selftest[Yocto Project wiki].
+== Manual provisoning
+As described in <<sota-related-variables-in-localconf,SOTA-related variables in local.conf>> section you can set `SOTA_DEPLOY_CREDENTIALS` to `0` to prevent deploying credentials to the built `wic` image. In this case you get a generic image that you can use e.g. on a production line to flash a series of devices. The cost of this approach is that this image is half-baked and should be provisioned before it can connect to the backend.
+Provisioning procedure depends on your provisioning recipe, i.e. the value of `SOTA_CLIENT_PROV` (equal to `aktualizr-auto-prov` by default).
+* For `aktualizr-auto-prov` put your `credentials.zip` to `/var/sota/sota_provisioning_credentials.zip` on the filesystem of a running device. If you have the filesystem of our device mounted to your build machine, prefix all paths with `/ostree/deploy/poky` as in `/ostree/deploy/poky/var/sota/sota_provisioning_credentials.zip`.
+* For `aktualizr-ca-implicit-prov`
+** put URL to the used backend (together with protocol prefix and port number) to `/var/sota/gateway.url`. If you're using HERE OTA Connect, you can find the URL in `autoprov.url` file in your credentials archive.
+** put client certificate, private key and root CA certificate (for the *server*, not for the *device*) to `/var/sota/import/client.pem`, `/var/sota/import/pkey.pem` and `/var/sota/import/root.crt` respectively.
+* For  `aktualizr-hsm-prov`
+** put URL to the used backend (together with protocol prefix and port number) to `/var/sota/gateway.url`. If you're using HERE OTA Connect, you can find the URL in `autoprov.url` file in your credentials archive.
+** put root CA certificate (for the *server*, not for the *device*) to `/var/sota/import/root.crt`.
+** put client certificate and private key to slots 1 and 2 of the PKCS#11-compatible device.
diff --git a/classes/sota.bbclass b/classes/sota.bbclass
index f5c6247..98cc3de 100644
--- a/classes/sota.bbclass
+++ b/classes/sota.bbclass
@@ -10,6 +10,8 @@ HOSTTOOLS_NONFATAL += "java"
 SOTA_CLIENT ??= "aktualizr"
 SOTA_CLIENT_PROV ??= "aktualizr-auto-prov"
+SOTA_DEPLOY_CREDENTIALS ?= "1"
 IMAGE_INSTALL_append_sota = " ostree os-release ${SOTA_CLIENT} ${SOTA_CLIENT_PROV}"
 IMAGE_CLASSES += " image_types_ostree image_types_ota"
diff --git a/lib/oeqa/selftest/cases/updater.py b/lib/oeqa/selftest/cases/updater.py
index a3fe407..38bdcbf 100644
--- a/lib/oeqa/selftest/cases/updater.py
+++ b/lib/oeqa/selftest/cases/updater.py
@@ -110,25 +110,25 @@ class AktualizrToolsTests(OESelftestTestCase):
    def test_cert_provider_local_output(self):
        logger = logging.getLogger("selftest")
-        logger.info('Running bitbake to build aktualizr-implicit-prov')
+        logger.info('Running bitbake to build aktualizr-ca-implicit-prov')
-        bitbake('aktualizr-implicit-prov')
+        bitbake('aktualizr-ca-implicit-prov')
        bb_vars = get_bb_vars(['SOTA_PACKED_CREDENTIALS', 'T'], 'aktualizr-native')
        creds = bb_vars['SOTA_PACKED_CREDENTIALS']
        temp_dir = bb_vars['T']
-        bb_vars_prov = get_bb_vars(['STAGING_DIR_HOST', 'libdir'], 'aktualizr-implicit-prov')
+        bb_vars_prov = get_bb_vars(['STAGING_DIR_HOST', 'libdir'], 'aktualizr-ca-implicit-prov')
-        config = bb_vars_prov['STAGING_DIR_HOST'] + bb_vars_prov['libdir'] + '/sota/sota_implicit_prov.toml'
+        config = bb_vars_prov['STAGING_DIR_HOST'] + bb_vars_prov['libdir'] + '/sota/sota_implicit_prov_ca.toml'
        akt_native_run(self, 'aktualizr_cert_provider -c {creds} -r -l {temp} -g {config}'
                       .format(creds=creds, temp=temp_dir, config=config))
        # Might be nice if these names weren't hardcoded.
-        cert_path = temp_dir + '/client.pem'
+        cert_path = temp_dir + '/var/sota/import/client.pem'
        self.assertTrue(os.path.isfile(cert_path), "Client certificate not found at %s." % cert_path)
        self.assertTrue(os.path.getsize(cert_path) > 0, "Client certificate at %s is empty." % cert_path)
-        pkey_path = temp_dir + '/pkey.pem'
+        pkey_path = temp_dir + '/var/sota/import/pkey.pem'
        self.assertTrue(os.path.isfile(pkey_path), "Private key not found at %s." % pkey_path)
        self.assertTrue(os.path.getsize(pkey_path) > 0, "Private key at %s is empty." % pkey_path)
-        ca_path = temp_dir + '/root.crt'
+        ca_path = temp_dir + '/var/sota/import/root.crt'
        self.assertTrue(os.path.isfile(ca_path), "Client certificate not found at %s." % ca_path)
        self.assertTrue(os.path.getsize(ca_path) > 0, "Client certificate at %s is empty." % ca_path)
@@ -390,8 +390,9 @@ class ImplProvTests(OESelftestTestCase):
        else:
            self.meta_qemu = None
        self.append_config('MACHINE = "qemux86-64"')
-        self.append_config('SOTA_CLIENT_PROV = " aktualizr-implicit-prov "')
+        self.append_config('SOTA_CLIENT_PROV = " aktualizr-ca-implicit-prov "')
-        runCmd('bitbake -c cleanall aktualizr aktualizr-implicit-prov')
+        self.append_config('SOTA_DEPLOY_CREDENTIALS = "0"')
+        runCmd('bitbake -c cleanall aktualizr aktualizr-ca-implicit-prov')
        self.qemu, self.s = qemu_launch(machine='qemux86-64')
    def tearDownLocal(self):
@@ -436,10 +437,11 @@ class ImplProvTests(OESelftestTestCase):
        # Run cert_provider.
        bb_vars = get_bb_vars(['SOTA_PACKED_CREDENTIALS'], 'aktualizr-native')
        creds = bb_vars['SOTA_PACKED_CREDENTIALS']
-        bb_vars_prov = get_bb_vars(['STAGING_DIR_HOST', 'libdir'], 'aktualizr-implicit-prov')
+        bb_vars_prov = get_bb_vars(['STAGING_DIR_HOST', 'libdir'], 'aktualizr-ca-implicit-prov')
-        config = bb_vars_prov['STAGING_DIR_HOST'] + bb_vars_prov['libdir'] + '/sota/sota_implicit_prov.toml'
+        config = bb_vars_prov['STAGING_DIR_HOST'] + bb_vars_prov['libdir'] + '/sota/sota_implicit_prov_ca.toml'
-        akt_native_run(self, 'aktualizr_cert_provider -c {creds} -t root@localhost -p {port} -s -g {config}'
+        print('Provisining at root@localhost:%d' % self.qemu.ssh_port)
+        akt_native_run(self, 'aktualizr_cert_provider -c {creds} -t root@localhost -p {port} -s -u -r -g {config}'
                       .format(creds=creds, port=self.qemu.ssh_port, config=config))
        verifyProvisioned(self, machine)
@@ -462,7 +464,9 @@ class HsmTests(OESelftestTestCase):
            self.meta_qemu = None
        self.append_config('MACHINE = "qemux86-64"')
        self.append_config('SOTA_CLIENT_PROV = "aktualizr-hsm-prov"')
+        self.append_config('SOTA_DEPLOY_CREDENTIALS = "0"')
        self.append_config('SOTA_CLIENT_FEATURES = "hsm"')
+        self.append_config('IMAGE_INSTALL_append = " softhsm-testtoken"')
        runCmd('bitbake -c cleanall aktualizr aktualizr-hsm-prov')
        self.qemu, self.s = qemu_launch(machine='qemux86-64')
@@ -521,7 +525,7 @@ class HsmTests(OESelftestTestCase):
        bb_vars_prov = get_bb_vars(['STAGING_DIR_HOST', 'libdir'], 'aktualizr-hsm-prov')
        config = bb_vars_prov['STAGING_DIR_HOST'] + bb_vars_prov['libdir'] + '/sota/sota_hsm_prov.toml'
-        akt_native_run(self, 'aktualizr_cert_provider -c {creds} -t root@localhost -p {port} -r -s -g {config}'
+        akt_native_run(self, 'aktualizr_cert_provider -c {creds} -t root@localhost -p {port} -r -s -u -g {config}'
                       .format(creds=creds, port=self.qemu.ssh_port, config=config))
        # Verify that HSM is able to initialize.
diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-auto-prov-creds.bb
new file mode 100644
index 0000000..34460af
--- /dev/null
+++ b/recipes-sota/aktualizr/aktualizr-auto-prov-creds.bb
@@ -0,0 +1,24 @@
+SUMMARY = "Credentials for autoprovisioning scenario"
+SECTION = "base"
+LICENSE = "MPL-2.0"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad"
+DEPENDS = "aktualizr-native zip-native"
+ALLOW_EMPTY_${PN} = "1"
+require credentials.inc
+do_install() {
+    if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
+        install -m 0700 -d ${D}${localstatedir}/sota
+        cp ${SOTA_PACKED_CREDENTIALS} ${D}${localstatedir}/sota/sota_provisioning_credentials.zip
+        # Device should not be able to push data to treehub
+        zip -d ${D}${localstatedir}/sota/sota_provisioning_credentials.zip treehub.json
+    fi
+}
+FILES_${PN} = " \
+                ${localstatedir}/sota/sota_provisioning_credentials.zip \
+                "
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov.bb b/recipes-sota/aktualizr/aktualizr-auto-prov.bb
index 9fa95ed..01f21fa 100644
--- a/recipes-sota/aktualizr/aktualizr-auto-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-auto-prov.bb
@@ -6,7 +6,7 @@ LICENSE = "MPL-2.0"
 LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad"
 DEPENDS = "aktualizr-native zip-native"
-RDEPENDS_${PN} = "aktualizr"
+RDEPENDS_${PN}_append = "${@' aktualizr-auto-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS', True) == '1' else ''}"
 PV = "1.0"
 PR = "6"
@@ -31,19 +31,10 @@ do_install() {
    install -m 0700 -d ${D}${libdir}/sota/conf.d
    install -m 0700 -d ${D}${localstatedir}/sota
-    if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
+    aktualizr_toml=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-network', 'sota_autoprov_primary.toml', 'sota_autoprov.toml', d)}
-        aktualizr_toml=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-network', 'sota_autoprov_primary.toml', 'sota_autoprov.toml', d)}
+    install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/${aktualizr_toml} \
-        install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/${aktualizr_toml} \
+        ${D}${libdir}/sota/conf.d/20-${aktualizr_toml}
-            ${D}${libdir}/sota/conf.d/20-${aktualizr_toml}
-        # deploy SOTA credentials
-        if [ -e ${SOTA_PACKED_CREDENTIALS} ]; then
-            cp ${SOTA_PACKED_CREDENTIALS} ${D}${localstatedir}/sota/sota_provisioning_credentials.zip
-            # Device should not be able to push data to treehub
-            zip -d ${D}${localstatedir}/sota/sota_provisioning_credentials.zip treehub.json
-        fi
-    fi
 }
 FILES_${PN} = " \
diff --git a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb
new file mode 100644
index 0000000..a729e6b
--- /dev/null
+++ b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov-creds.bb
@@ -0,0 +1,51 @@
+SUMMARY = "Credentials for implicit provisioning with CA certificate"
+SECTION = "base"
+LICENSE = "MPL-2.0"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad"
+DEPENDS = "aktualizr aktualizr-native"
+ALLOW_EMPTY_${PN} = "1"
+SRC_URI = " \
+  file://ca.cnf \
+  "
+require credentials.inc
+export SOTA_CACERT_PATH
+export SOTA_CAKEY_PATH
+do_install() {
+    if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
+        if [ -z ${SOTA_CACERT_PATH} ]; then
+            SOTA_CACERT_PATH=${DEPLOY_DIR_IMAGE}/CA/cacert.pem
+            SOTA_CAKEY_PATH=${DEPLOY_DIR_IMAGE}/CA/ca.private.pem
+            mkdir -p ${DEPLOY_DIR_IMAGE}/CA
+            bbwarn "SOTA_CACERT_PATH is not specified, use default one at $SOTA_CACERT_PATH"
+            if [ ! -f ${SOTA_CACERT_PATH} ]; then
+                bbwarn "${SOTA_CACERT_PATH} does not exist, generate a new CA"
+                SOTA_CACERT_DIR_PATH="$(dirname "$SOTA_CACERT_PATH")"
+                openssl genrsa -out ${SOTA_CACERT_DIR_PATH}/ca.private.pem 4096
+                openssl req -key ${SOTA_CACERT_DIR_PATH}/ca.private.pem -new -x509 -days 7300 -out ${SOTA_CACERT_PATH} -subj "/C=DE/ST=Berlin/O=Reis und Kichererbsen e.V/commonName=meta-updater" -batch -config ${WORKDIR}/ca.cnf -extensions cacert
+                bbwarn "${SOTA_CACERT_PATH} has been created, you'll need to upload it to the server"
+            fi
+        fi
+        if [ -z ${SOTA_CAKEY_PATH} ]; then
+            bberror "SOTA_CAKEY_PATH should be set when using implicit provisioning"
+        fi
+        install -m 0700 -d ${D}${localstatedir}/sota
+        aktualizr_cert_provider --credentials ${SOTA_PACKED_CREDENTIALS} \
+                                --device-ca ${SOTA_CACERT_PATH} \
+                                --device-ca-key ${SOTA_CAKEY_PATH} \
+                                --root-ca \
+                                --server-url \
+                                --local ${D} \
+                                --config ${STAGING_DIR_HOST}${libdir}/sota/sota_implicit_prov_ca.toml
+    fi
+}
+FILES_${PN} = " \
+                ${localstatedir}/sota/*"
diff --git a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb
index 83504f1..2763185 100644
--- a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb
@@ -10,62 +10,23 @@ LICENSE = "MPL-2.0"
 LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad"
 DEPENDS = "aktualizr aktualizr-native openssl-native"
+RDEPENDS_${PN}_append = "${@' aktualizr-ca-implicit-prov-creds' if d.getVar('SOTA_DEPLOY_CREDENTIALS', True) == '1' else ''}"
-SRC_URI = " \
-  file://ca.cnf \
-  "
 PV = "1.0"
 PR = "1"
 require environment.inc
 require credentials.inc
-export SOTA_CACERT_PATH
-export SOTA_CAKEY_PATH
 do_install() {
    install -m 0700 -d ${D}${libdir}/sota/conf.d
-    if [ -z "${SOTA_PACKED_CREDENTIALS}" ]; then
-        bberror "SOTA_PACKED_CREDENTIALS are required for implicit provisioning"
-    fi
-    if [ -z ${SOTA_CACERT_PATH} ]; then
-        SOTA_CACERT_PATH=${DEPLOY_DIR_IMAGE}/CA/cacert.pem
-        SOTA_CAKEY_PATH=${DEPLOY_DIR_IMAGE}/CA/ca.private.pem
-        mkdir -p ${DEPLOY_DIR_IMAGE}/CA
-        bbwarn "SOTA_CACERT_PATH is not specified, use default one at $SOTA_CACERT_PATH"
-        if [ ! -f ${SOTA_CACERT_PATH} ]; then
-            bbwarn "${SOTA_CACERT_PATH} does not exist, generate a new CA"
-            SOTA_CACERT_DIR_PATH="$(dirname "$SOTA_CACERT_PATH")"
-            openssl genrsa -out ${SOTA_CACERT_DIR_PATH}/ca.private.pem 4096
-            openssl req -key ${SOTA_CACERT_DIR_PATH}/ca.private.pem -new -x509 -days 7300 -out ${SOTA_CACERT_PATH} -subj "/C=DE/ST=Berlin/O=Reis und Kichererbsen e.V/commonName=meta-updater" -batch -config ${WORKDIR}/ca.cnf -extensions cacert
-            bbwarn "${SOTA_CACERT_PATH} has been created, you'll need to upload it to the server"
-        fi
-    fi
-    if [ -z ${SOTA_CAKEY_PATH} ]; then
-        bberror "SOTA_CAKEY_PATH should be set when using implicit provisioning"
-    fi
-    install -m 0700 -d ${D}${localstatedir}/sota
    install -m 0644 ${STAGING_DIR_HOST}${libdir}/sota/sota_implicit_prov_ca.toml \
        ${D}${libdir}/sota/conf.d/20-sota_implicit_prov_ca.toml
-    aktualizr_cert_provider --credentials ${SOTA_PACKED_CREDENTIALS} \
-                            --device-ca ${SOTA_CACERT_PATH} \
-                            --device-ca-key ${SOTA_CAKEY_PATH} \
-                            --root-ca \
-                            --server-url \
-                            --local ${D}${localstatedir}/sota \
-                            --config ${STAGING_DIR_HOST}${libdir}/sota/sota_implicit_prov_ca.toml
 }
 FILES_${PN} = " \
-                ${libdir}/sota/conf.d \
                ${libdir}/sota/conf.d/20-sota_implicit_prov_ca.toml \
-                ${libdir}/sota/root.crt \
-                ${localstatedir}/sota/* \
                "
 # vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/recipes-sota/aktualizr/aktualizr-hsm-prov.bb b/recipes-sota/aktualizr/aktualizr-hsm-prov.bb
index 0450138..e915046 100644
--- a/recipes-sota/aktualizr/aktualizr-hsm-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-hsm-prov.bb
@@ -6,6 +6,7 @@ LICENSE = "MPL-2.0"
 LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad"
 DEPENDS = "aktualizr aktualizr-native"
+RDEPENDS_${PN}_append = "${@' aktualizr-ca-implicit-prov-creds softhsm-testtoken' if d.getVar('SOTA_DEPLOY_CREDENTIALS', True) == '1' else ''}"
 SRC_URI = ""
 PV = "1.0"
@@ -18,16 +19,11 @@ do_install() {
    install -m 0700 -d ${D}${libdir}/sota/conf.d
    install -m 0644 ${STAGING_DIR_HOST}${libdir}/sota/sota_hsm_prov.toml \
        ${D}${libdir}/sota/conf.d/20-sota_hsm_prov.toml
-    if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
-        aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} --no-root-ca \
-            -o ${D}${libdir}/sota/conf.d/30-implicit_server.toml -p ${D}
-    fi
 }
 FILES_${PN} = " \
                ${libdir}/sota/conf.d \
                ${libdir}/sota/conf.d/20-sota_hsm_prov.toml \
-                ${libdir}/sota/conf.d/30-implicit_server.toml \
                "
 # vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
deleted file mode 100644
index 5c54e8a..0000000
--- a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
+++ /dev/null
@@ -1,34 +0,0 @@
-SUMMARY = "Aktualizr configuration for implicit provisioning"
-DESCRIPTION = "Configuration for implicitly provisioning Aktualizr, the SOTA Client application written in C++"
-HOMEPAGE = "https://github.com/advancedtelematic/aktualizr"
-SECTION = "base"
-LICENSE = "MPL-2.0"
-LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad"
-DEPENDS = "aktualizr aktualizr-native"
-SRC_URI = ""
-PV = "1.0"
-PR = "1"
-require environment.inc
-require credentials.inc
-do_install() {
-    install -m 0700 -d ${D}${libdir}/sota/conf.d
-    install -m 0644 ${STAGING_DIR_HOST}${libdir}/sota/sota_implicit_prov.toml \
-        ${D}${libdir}/sota/conf.d/20-sota_implicit_prov.toml
-    if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
-        aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} \
-            -o ${D}${libdir}/sota/conf.d/30-implicit_server.toml -p ${D}
-    fi
-}
-FILES_${PN} = " \
-                ${libdir}/sota/conf.d \
-                ${libdir}/sota/conf.d/20-implicit_prov.toml \
-                ${libdir}/sota/conf.d/30-implicit_server.toml \
-                ${libdir}/sota/root.crt \
-                "
-# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb
index 7a0641d..ccaf475 100755
--- a/recipes-sota/aktualizr/aktualizr_git.bb
+++ b/recipes-sota/aktualizr/aktualizr_git.bb
@@ -11,7 +11,6 @@ DEPENDS_append_class-native = "glib-2.0-native "
 RDEPENDS_${PN}_class-target = "lshw "
 RDEPENDS_${PN}_append_class-target = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'serialcan', ' slcand-start', '', d)} "
-RDEPENDS_${PN}_append_class-target = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', ' softhsm softhsm-testtoken', '', d)}"
 RDEPENDS_${PN}_append_class-target = " ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'ubootenv', ' u-boot-fw-utils aktualizr-uboot-env-rollback', '', d)} "
 RDEPENDS_${PN}_append_class-target = " ${PN}-tools "
@@ -27,7 +26,7 @@ SRC_URI = " \
  file://aktualizr-secondary.socket \
  file://aktualizr-serialcan.service \
  "
-SRCREV = "090c463c6f1ec7a7ceae963cd7b4ba99aa74e1f5"
+SRCREV = "803fa9f75ed96993775dc0aa5e65e71920125157"
 BRANCH ?= "master"
 S = "${WORKDIR}/git"
@@ -64,7 +63,6 @@ do_install_append () {
    install -m 0644 ${S}/config/sota_autoprov.toml ${D}/${libdir}/sota/sota_autoprov.toml
    install -m 0644 ${S}/config/sota_autoprov_primary.toml ${D}/${libdir}/sota/sota_autoprov_primary.toml
    install -m 0644 ${S}/config/sota_hsm_prov.toml ${D}/${libdir}/sota/sota_hsm_prov.toml
-    install -m 0644 ${S}/config/sota_implicit_prov.toml ${D}/${libdir}/sota/sota_implicit_prov.toml
    install -m 0644 ${S}/config/sota_implicit_prov_ca.toml ${D}/${libdir}/sota/sota_implicit_prov_ca.toml
    install -m 0644 ${S}/config/sota_secondary.toml ${D}/${libdir}/sota/sota_secondary.toml
    install -m 0644 ${S}/config/sota_uboot_env.toml ${D}/${libdir}/sota/sota_uboot_env.toml
@@ -113,7 +111,6 @@ FILES_${PN}-host-tools = " \
                ${libdir}/sota/sota_autoprov.toml \
                ${libdir}/sota/sota_autoprov_primary.toml \
                ${libdir}/sota/sota_hsm_prov.toml \
-                ${libdir}/sota/sota_implicit_prov.toml \
                ${libdir}/sota/sota_implicit_prov_ca.toml \
                ${libdir}/sota/sota_uboot_env.toml \
                "
diff --git a/recipes-support/softhsm-testtoken/files/createtoken.sh b/recipes-support/softhsm-testtoken/files/createtoken.sh
index b142945..fa4569d 100644
--- a/recipes-support/softhsm-testtoken/files/createtoken.sh
+++ b/recipes-support/softhsm-testtoken/files/createtoken.sh
@@ -13,7 +13,8 @@ fi
 mkdir -p /var/lib/softhsm/tokens
 softhsm2-util --init-token --slot 0 --label "Virtual token" --pin 1234 --so-pin 1234
-softhsm2-util --import /var/sota/import/pkey.pem --label "pkey" --id 02 --token 'Virtual token' --pin 1234
+openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in /var/sota/import/pkey.pem -out /var/sota/import/pkey.p8
+softhsm2-util --import /var/sota/import/pkey.p8 --label "pkey" --id 02 --token 'Virtual token' --pin 1234
 openssl x509 -outform der -in /var/sota/import/client.pem -out /var/sota/import/client.der
 pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --id 1 --write-object /var/sota/import/client.der --type cert --login --pin 1234
author	Patrick Vacek <patrickvacek@gmail.com>	2018-10-01 16:49:31 +0200
committer	GitHub <noreply@github.com>	2018-10-01 16:49:31 +0200
commit	a9d43a87ed1cc6b61257299d534b7922644c6ecd (patch)
tree	0dfbf98077d7701343bdda2f61532f5d4b27db43
parent	9476fa542cc7bc7695c58b54398b104f8e7023b6 (diff)
parent	e689954dc9a07f1ceef65c797056f805daad90a9 (diff)
download	meta-updater-a9d43a87ed1cc6b61257299d534b7922644c6ecd.tar.gz