22 files changed, 431 insertions, 392 deletions
diff --git a/.gitignore b/.gitignore
index bee8a64..8d35cb3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 __pycache__
+*.pyc
diff --git a/README.adoc b/README.adoc
index 47c0a2b..b4608d5 100644
--- a/README.adoc
+++ b/README.adoc
@@ -122,3 +122,19 @@ garage-push --repo=/path/to/ostree-repo --ref=mybranch --credentials=/path/to/cr
 ....
 You can set SOTA_PACKED_CREDENTIALS in your local.conf to make your build results be automatically synchronized with a remote server. Credentials are stored in the JSON format described in the https://github.com/advancedtelematic/aktualizr/blob/master/README.sotatools.adoc[garage-push README]. This JSON file can be optionally stored inside a zip file, although if it is stored this way, the JSON file must be named treehub.json.
+=== QA
+This layer relies on the test framework oe-selftest for quality assurance. Follow the steps below to run the tests:
+* Append the line below to conf/local.conf
+```
+SANITY_TESTED_DISTROS=""
+```
+* Run oe-selftest:
+```
+oe-selftest --run-tests updater
+```
diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass
index 1f8e195..172f2c8 100644
--- a/classes/image_types_ostree.bbclass
+++ b/classes/image_types_ostree.bbclass
@@ -5,6 +5,7 @@ inherit image
 IMAGE_DEPENDS_ostree = "ostree-native:do_populate_sysroot \
                        openssl-native:do_populate_sysroot \
                        coreutils-native:do_populate_sysroot \
+                        unzip-native:do_populate_sysroot \
                        virtual/kernel:do_deploy \
                        ${OSTREE_INITRAMFS_IMAGE}:do_image_complete"
@@ -104,6 +105,7 @@ IMAGE_CMD_ostree () {
    if [ -d root ] && [ ! -L root ]; then
        if [ "$(ls -A root)" ]; then
            bberror "Data in /root directory is not preserved by OSTree."
+            exit 1
        fi
        if [ -n "$SYSTEMD_USED" ]; then
@@ -159,7 +161,7 @@ IMAGE_CMD_ostree () {
 }
 IMAGE_TYPEDEP_ostreepush = "ostree"
-IMAGE_DEPENDS_ostreepush = "aktualizr-native:do_populate_sysroot"
+IMAGE_DEPENDS_ostreepush = "aktualizr-native:do_populate_sysroot ca-certificates-native:do_populate_sysroot "
 IMAGE_CMD_ostreepush () {
    # Print warnings if credetials are not set or if the file has not been found.
    if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
@@ -176,4 +178,58 @@ IMAGE_CMD_ostreepush () {
    fi
 }
+IMAGE_TYPEDEP_garagesign = "ostreepush"
+IMAGE_DEPENDS_garagesign = "garage-sign-native:do_populate_sysroot"
+IMAGE_CMD_garagesign () {
+    if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
+        # if credentials are issued by a server that doesn't support offline signing, exit silently
+        unzip -p ${SOTA_PACKED_CREDENTIALS} root.json targets.pub targets.sec 2>&1 >/dev/null || exit 0
+        java_version=$( java -version 2>&1 | awk -F '"' '/version/ {print $2}' )
+        if [ "${java_version}" = "" ]; then
+            bberror "Java is required for synchronization with update backend, but is not installed on the host machine"
+            exit 1
+        elif [ "${java_version}" \< "1.8" ]; then
+            bberror "Java version >= 8 is required for synchronization with update backend"
+            exit 1
+        fi
+        if [ ! -d "${GARAGE_SIGN_REPO}" ]; then
+            garage-sign init --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --credentials ${SOTA_PACKED_CREDENTIALS}
+        fi
+        if [ -n "${GARAGE_SIGN_REPOSERVER}" ]; then
+            reposerver_args="--reposerver ${GARAGE_SIGN_REPOSERVER}"
+        else
+            reposerver_args=""
+        fi
+        ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME})
+        # Push may fail due to race condition when multiple build machines try to push simultaneously
+        #   in which case targets.json should be pulled again and the whole procedure repeated
+        push_success=0
+        for push_retries in $( seq 3 ); do
+            garage-sign targets pull --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} ${reposerver_args}
+            garage-sign targets add --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --name ${OSTREE_BRANCHNAME} --format OSTREE --version ${OSTREE_BRANCHNAME} --length 0 --url "https://example.com/" --sha256 ${ostree_target_hash} --hardwareids ${MACHINE}
+            garage-sign targets sign --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} --key-name=targets
+            errcode=0
+            garage-sign targets push --repo ${GARAGE_SIGN_REPO} --home-dir ${GARAGE_SIGN_REPO} ${reposerver_args} || errcode=$?
+            if [ "$errcode" -eq "0" ]; then
+                push_success=1
+                break
+            else
+                bbwarn "Push to garage repository has failed, retrying"
+            fi
+        done
+        if [ "$push_success" -ne "1" ]; then
+            bberror "Couldn't push to garage repository"
+            exit 1
+        fi
+    else
+        bbwarn "SOTA_PACKED_CREDENTIALS not set. Please add SOTA_PACKED_CREDENTIALS."
+    fi
+}
 # vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/classes/sdcard_image-rpi-ota.bbclass b/classes/sdcard_image-rpi-ota.bbclass
deleted file mode 100644
index 9c859fe..0000000
--- a/classes/sdcard_image-rpi-ota.bbclass
+++ /dev/null
@@ -1,190 +0,0 @@
-inherit image_types
-inherit linux-raspberrypi-base
-#
-# Create an image that can by written onto a SD card using dd.
-#
-# The disk layout used is:
-#
-#    0                      -> IMAGE_ROOTFS_ALIGNMENT         - reserved for other data
-#    IMAGE_ROOTFS_ALIGNMENT -> BOOT_SPACE                     - bootloader and kernel
-#    BOOT_SPACE             -> SDIMG_OTA_SIZE                 - rootfs
-#
-#                                                     Default Free space = 1.3x
-#                                                     Use IMAGE_OVERHEAD_FACTOR to add more space
-#                                                     <--------->
-#            4MiB              40MiB           SDIMG_OTA_ROOTFS
-# <-----------------------> <----------> <---------------------->
-#  ------------------------ ------------ ------------------------
-# | IMAGE_ROOTFS_ALIGNMENT | BOOT_SPACE | OTAROOT_SIZE           |
-#  ------------------------ ------------ ------------------------
-# ^                        ^            ^                        ^
-# |                        |            |                        |
-# 0                      4MiB     4MiB + 40MiB       4MiB + 40Mib + SDIMG_OTA_ROOTFS
-# This image depends on the rootfs image
-IMAGE_TYPEDEP_rpi-sdimg-ota = "${SDIMG_OTA_ROOTFS_TYPE}"
-# Set kernel and boot loader
-IMAGE_BOOTLOADER ?= "bcm2835-bootfiles"
-# Set initramfs extension
-KERNEL_INITRAMFS ?= ""
-# Kernel image name
-SDIMG_OTA_KERNELIMAGE_raspberrypi  ?= "kernel.img"
-SDIMG_OTA_KERNELIMAGE_raspberrypi2 ?= "kernel7.img"
-SDIMG_OTA_KERNELIMAGE_raspberrypi3 ?= "kernel7.img"
-# Boot partition volume id
-BOOTDD_VOLUME_ID ?= "${MACHINE}"
-# Boot partition size [in KiB] (will be rounded up to IMAGE_ROOTFS_ALIGNMENT)
-BOOT_SPACE ?= "40960"
-# Set alignment to 4MB [in KiB]
-IMAGE_ROOTFS_ALIGNMENT = "4096"
-# Use an uncompressed ext3 by default as rootfs
-SDIMG_OTA_ROOTFS_TYPE ?= "otaimg"
-SDIMG_OTA_ROOTFS = "${DEPLOY_DIR_IMAGE}/${IMAGE_LINK_NAME}.${SDIMG_OTA_ROOTFS_TYPE}"
-IMAGE_DEPENDS_rpi-sdimg-ota = " \
-                        parted-native \
-                        mtools-native \
-                        dosfstools-native \
-                        virtual/kernel:do_deploy \
-                        ${IMAGE_BOOTLOADER} \
-                        u-boot \
-                        "
-IMAGE_TYPEDEP_rpi-sdimg-ota = "otaimg"
-# SD card image name
-SDIMG_OTA = "${IMGDEPLOYDIR}/${IMAGE_NAME}.rootfs.rpi-sdimg-ota"
-# Compression method to apply to SDIMG_OTA after it has been created. Supported
-# compression formats are "gzip", "bzip2" or "xz". The original .rpi-sdimg-ota file
-# is kept and a new compressed file is created if one of these compression
-# formats is chosen. If SDIMG_OTA_COMPRESSION is set to any other value it is
-# silently ignored.
-#SDIMG_OTA_COMPRESSION ?= ""
-# Additional files and/or directories to be copied into the vfat partition from the IMAGE_ROOTFS.
-FATPAYLOAD ?= ""
-IMAGE_CMD_rpi-sdimg-ota () {
-        # Align partitions
-        OTAROOT_SIZE=`du -Lb ${SDIMG_OTA_ROOTFS} | cut -f1`
-        OTAROOT_SIZE=$(expr ${OTAROOT_SIZE} / 1024 + 1)
-        BOOT_SPACE_ALIGNED=$(expr ${BOOT_SPACE} + ${IMAGE_ROOTFS_ALIGNMENT} - 1)
-        BOOT_SPACE_ALIGNED=$(expr ${BOOT_SPACE_ALIGNED} - ${BOOT_SPACE_ALIGNED} % ${IMAGE_ROOTFS_ALIGNMENT})
-        SDIMG_OTA_SIZE=$(expr ${IMAGE_ROOTFS_ALIGNMENT} + ${BOOT_SPACE_ALIGNED} + $OTAROOT_SIZE)
-        echo "Creating filesystem with Boot partition ${BOOT_SPACE_ALIGNED} KiB and RootFS $OTAROOT_SIZE KiB"
-        # Check if we are building with device tree support
-        DTS="${@get_dts(d, None)}"
-        # Initialize sdcard image file
-        dd if=/dev/zero of=${SDIMG_OTA} bs=1024 count=0 seek=${SDIMG_OTA_SIZE}
-        # Create partition table
-        parted -s ${SDIMG_OTA} mklabel msdos
-        # Create boot partition and mark it as bootable
-        parted -s ${SDIMG_OTA} unit KiB mkpart primary fat32 ${IMAGE_ROOTFS_ALIGNMENT} $(expr ${BOOT_SPACE_ALIGNED} \+ ${IMAGE_ROOTFS_ALIGNMENT})
-        parted -s ${SDIMG_OTA} set 1 boot on
-        # Create rootfs partition to the end of disk
-        parted -s ${SDIMG_OTA} -- unit KiB mkpart primary ext2 $(expr ${BOOT_SPACE_ALIGNED} \+ ${IMAGE_ROOTFS_ALIGNMENT}) -1s
-        parted ${SDIMG_OTA} print
-        # Create a vfat image with boot files
-        BOOT_BLOCKS=$(LC_ALL=C parted -s ${SDIMG_OTA} unit b print | awk '/ 1 / { print substr($4, 1, length($4 -1)) / 512 /2 }')
-        rm -f ${WORKDIR}/boot.img
-        mkfs.vfat -n "${BOOTDD_VOLUME_ID}" -S 512 -C ${WORKDIR}/boot.img $BOOT_BLOCKS
-        sync
-        mcopy -i ${WORKDIR}/boot.img -s ${DEPLOY_DIR_IMAGE}/bcm2835-bootfiles/* ::/
-        
-        if test -n "${DTS}"; then
-                # Device Tree Overlays are assumed to be suffixed by '-overlay.dtb' string and will be put in a dedicated folder
-                DT_OVERLAYS="${@split_overlays(d, 0)}"
-                DT_ROOT="${@split_overlays(d, 1)}"
-                # Copy board device trees to root folder
-                for DTB in ${DT_ROOT}; do
-                        DTB_BASE_NAME=`basename ${DTB} .dtb`
-                        mcopy -i ${WORKDIR}/boot.img -s ${DEPLOY_DIR_IMAGE}/${KERNEL_IMAGETYPE}-${DTB_BASE_NAME}.dtb ::${DTB_BASE_NAME}.dtb
-                done
-                # Copy device tree overlays to dedicated folder
-                mmd -i ${WORKDIR}/boot.img overlays
-                for DTB in ${DT_OVERLAYS}; do
-                        DTB_EXT=${DTB##*.}
-                        DTB_BASE_NAME=`basename ${DTB} ."${DTB_EXT}"`
-                        mcopy -i ${WORKDIR}/boot.img -s ${DEPLOY_DIR_IMAGE}/${KERNEL_IMAGETYPE}-${DTB_BASE_NAME}.${DTB_EXT} ::overlays/${DTB_BASE_NAME}.${DTB_EXT}
-                done
-        fi
-        case "${KERNEL_IMAGETYPE}" in
-        "uImage")
-                mcopy -i ${WORKDIR}/boot.img -s ${DEPLOY_DIR_IMAGE}/u-boot.bin ::${SDIMG_OTA_KERNELIMAGE}
-                ;;
-        *)
-                bbfatal "Kernel uImage is required for OTA image. Please set KERNEL_IMAGETYPE to \"uImage\""
-                ;;
-        esac
-        if [ -n ${FATPAYLOAD} ] ; then
-                echo "Copying payload into VFAT"
-                for entry in ${FATPAYLOAD} ; do
-                                # add the || true to stop aborting on vfat issues like not supporting .~lock files
-                                mcopy -i ${WORKDIR}/boot.img -s -v ${IMAGE_ROOTFS}$entry :: || true
-                done
-        fi
-        # Add stamp file
-        echo "${IMAGE_NAME}" > ${WORKDIR}/image-version-info
-        mcopy -i ${WORKDIR}/boot.img -v ${WORKDIR}//image-version-info ::
-        # Burn Partitions
-        sync
-        dd if=${WORKDIR}/boot.img of=${SDIMG_OTA} conv=notrunc seek=1 bs=$(expr ${IMAGE_ROOTFS_ALIGNMENT} \* 1024) && sync && sync
-        # If SDIMG_OTA_ROOTFS_TYPE is a .xz file use xzcat
-        if echo "${SDIMG_OTA_ROOTFS_TYPE}" | egrep -q "*\.xz"
-        then
-                xzcat ${SDIMG_OTA_ROOTFS} | dd of=${SDIMG_OTA} conv=notrunc seek=1 bs=$(expr 1024 \* ${BOOT_SPACE_ALIGNED} + ${IMAGE_ROOTFS_ALIGNMENT} \* 1024) && sync && sync
-        else
-                dd if=${SDIMG_OTA_ROOTFS} of=${SDIMG_OTA} conv=notrunc seek=1 bs=$(expr 1024 \* ${BOOT_SPACE_ALIGNED} + ${IMAGE_ROOTFS_ALIGNMENT} \* 1024) && sync && sync
-        fi
-        # Optionally apply compression
-        case "${SDIMG_OTA_COMPRESSION}" in
-        "gzip")
-                gzip -k9 "${SDIMG_OTA}"
-                ;;
-        "bzip2")
-                bzip2 -k9 "${SDIMG_OTA}"
-                ;;
-        "xz")
-                xz -k "${SDIMG_OTA}"
-                ;;
-        esac
-}
-ROOTFS_POSTPROCESS_COMMAND += " rpi_generate_sysctl_config ; "
-rpi_generate_sysctl_config() {
-        # systemd sysctl config
-        test -d ${IMAGE_ROOTFS}${sysconfdir}/sysctl.d && \
-                echo "vm.min_free_kbytes = 8192" > ${IMAGE_ROOTFS}${sysconfdir}/sysctl.d/rpi-vm.conf
-        # sysv sysctl config
-        IMAGE_SYSCTL_CONF="${IMAGE_ROOTFS}${sysconfdir}/sysctl.conf"
-        test -e ${IMAGE_ROOTFS}${sysconfdir}/sysctl.conf && \
-                sed -e "/vm.min_free_kbytes/d" -i ${IMAGE_SYSCTL_CONF}
-        echo "" >> ${IMAGE_SYSCTL_CONF} && echo "vm.min_free_kbytes = 8192" >> ${IMAGE_SYSCTL_CONF}
-}
diff --git a/classes/sota.bbclass b/classes/sota.bbclass
index 1865356..f5a42c1 100644
--- a/classes/sota.bbclass
+++ b/classes/sota.bbclass
@@ -5,11 +5,13 @@ python __anonymous() {
 OVERRIDES .= "${@bb.utils.contains('DISTRO_FEATURES', 'sota', ':sota', '', d)}"
+HOSTTOOLS_NONFATAL += "java"
 SOTA_CLIENT ??= "aktualizr"
 SOTA_CLIENT_PROV ??= "aktualizr-auto-prov"
 IMAGE_INSTALL_append_sota = " ostree os-release ${SOTA_CLIENT} ${SOTA_CLIENT_PROV}"
 IMAGE_CLASSES += " image_types_ostree image_types_ota"
-IMAGE_FSTYPES += "${@bb.utils.contains('DISTRO_FEATURES', 'sota', 'ostreepush otaimg wic', ' ', d)}"
+IMAGE_FSTYPES += "${@bb.utils.contains('DISTRO_FEATURES', 'sota', 'ostreepush garagesign otaimg wic', ' ', d)}"
 PACKAGECONFIG_append_pn-curl = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', " ssl", " ", d)}"
 PACKAGECONFIG_remove_pn-curl = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', " gnutls", " ", d)}"
@@ -25,6 +27,11 @@ OSTREE_BRANCHNAME ?= "${MACHINE}"
 OSTREE_OSNAME ?= "poky"
 OSTREE_INITRAMFS_IMAGE ?= "initramfs-ostree-image"
+GARAGE_SIGN_REPO ?= "${DEPLOY_DIR_IMAGE}/garage_sign_repo"
+GARAGE_SIGN_KEYNAME ?= "garage-key"
+GARAGE_TARGET_NAME ?= "${OSTREE_BRANCHNAME}"
 SOTA_MACHINE ??="none"
 SOTA_MACHINE_raspberrypi2 ?= "raspberrypi"
 SOTA_MACHINE_raspberrypi3 ?= "raspberrypi"
diff --git a/classes/sota_am335x-evm-wifi.bbclass b/classes/sota_am335x-evm-wifi.bbclass
index 821e8fb..adefb47 100644
--- a/classes/sota_am335x-evm-wifi.bbclass
+++ b/classes/sota_am335x-evm-wifi.bbclass
@@ -1,5 +1,3 @@
-IMAGE_CLASSES += "image_types_uboot"
 KERNEL_IMAGETYPE_sota = "uImage"
 OSTREE_BOOTLOADER ?= "u-boot"
diff --git a/classes/sota_m3ulcb.bbclass b/classes/sota_m3ulcb.bbclass
index 21d04ba..6b63af4 100644
--- a/classes/sota_m3ulcb.bbclass
+++ b/classes/sota_m3ulcb.bbclass
@@ -2,7 +2,6 @@
 OSTREE_KERNEL = "Image"
 EXTRA_IMAGEDEPENDS_append_sota = " m3ulcb-ota-bootfiles"
-IMAGE_CLASSES_append_sota = " image_types_uboot "
 IMAGE_BOOT_FILES_sota += "m3ulcb-ota-bootfiles/*"
 OSTREE_BOOTLOADER ?= "u-boot"
diff --git a/classes/sota_porter.bbclass b/classes/sota_porter.bbclass
index a8f5ba1..75ae579 100644
--- a/classes/sota_porter.bbclass
+++ b/classes/sota_porter.bbclass
@@ -2,7 +2,6 @@
 OSTREE_KERNEL = "uImage+dtb"
 EXTRA_IMAGEDEPENDS_append_sota = " porter-bootfiles"
-IMAGE_CLASSES_append_sota = " image_types_uboot "
 IMAGE_BOOT_FILES_sota += "porter-bootfiles/*"
 OSTREE_BOOTLOADER ?= "u-boot"
diff --git a/classes/sota_raspberrypi.bbclass b/classes/sota_raspberrypi.bbclass
index cc6b666..51d07b2 100644
--- a/classes/sota_raspberrypi.bbclass
+++ b/classes/sota_raspberrypi.bbclass
@@ -1,11 +1,9 @@
-IMAGE_CLASSES += "${@bb.utils.contains('DISTRO_FEATURES', 'sota', 'image_types_uboot sdcard_image-rpi-ota', '', d)}"
-IMAGE_FSTYPES += "${@bb.utils.contains('DISTRO_FEATURES', 'sota', 'rpi-sdimg-ota.xz', 'rpi-sdimg.xz', d)}"
-IMAGE_FSTYPES_remove = "${@bb.utils.contains('DISTRO_FEATURES', 'sota', 'wic rpi-sdimg rpi-sdimg.xz', '', d)}"
 KERNEL_IMAGETYPE_sota = "uImage"
 PREFERRED_PROVIDER_virtual/bootloader_sota ?= "u-boot"
 UBOOT_MACHINE_raspberrypi2_sota ?= "rpi_2_defconfig"
 UBOOT_MACHINE_raspberrypi3_sota ?= "rpi_3_32b_defconfig"
 OSTREE_BOOTLOADER ?= "u-boot"
+# OSTree puts its own boot.scr to bcm2835-bootfiles
+IMAGE_BOOT_FILES_remove_sota += "boot.scr"
diff --git a/lib/oeqa/selftest/garage_push.py b/lib/oeqa/selftest/garage_push.py
deleted file mode 100644
index 3490de5..0000000
--- a/lib/oeqa/selftest/garage_push.py
+++ /dev/null
@@ -1,39 +0,0 @@
-import unittest
-import os
-import logging
-from oeqa.selftest.base import oeSelfTest
-from oeqa.utils.commands import runCmd, bitbake, get_bb_var
-class GaragePushTests(oeSelfTest):
-    @classmethod
-    def setUpClass(cls):
-        # Ensure we have the right data in pkgdata
-        logger = logging.getLogger("selftest")
-        logger.info('Running bitbake to build aktualizr-native tools')
-        bitbake('aktualizr-native garage-sign-native')
-    def test_help(self):
-        image_dir = get_bb_var("D", "aktualizr-native")
-        bin_dir = get_bb_var("bindir", "aktualizr-native")
-        gp_path = os.path.join(image_dir, bin_dir[1:], 'garage-push')
-        result = runCmd('%s --help' % gp_path, ignore_status=True)
-        self.assertEqual(result.status, 0, "Status not equal to 0. output: %s" % result.output)
-    def test_java(self):
-        result = runCmd('which java', ignore_status=True)
-        self.assertEqual(result.status, 0, "Java not found.")
-    def test_sign(self):
-        image_dir = get_bb_var("D", "garage-sign-native")
-        bin_dir = get_bb_var("bindir", "garage-sign-native")
-        gs_path = os.path.join(image_dir, bin_dir[1:], 'garage-sign')
-        result = runCmd('%s --help' % gs_path, ignore_status=True)
-        self.assertEqual(result.status, 0, "Status not equal to 0. output: %s" % result.output)
-    def test_push(self):
-        bitbake('core-image-minimal')
-        self.write_config('IMAGE_INSTALL_append = " man "')
-        bitbake('core-image-minimal')
diff --git a/lib/oeqa/selftest/qemucommand.py b/lib/oeqa/selftest/qemucommand.py
new file mode 120000
index 0000000..bc06dde
--- /dev/null
+++ b/lib/oeqa/selftest/qemucommand.py
@@ -0,0 +1 @@
+../../../scripts/qemucommand.py
+\ No newline at end of file
diff --git a/lib/oeqa/selftest/updater.py b/lib/oeqa/selftest/updater.py
new file mode 100644
index 0000000..2723b4a
--- /dev/null
+++ b/lib/oeqa/selftest/updater.py
@@ -0,0 +1,147 @@
+import unittest
+import os
+import logging
+import subprocess
+import time
+from oeqa.selftest.base import oeSelfTest
+from oeqa.utils.commands import runCmd, bitbake, get_bb_var, get_bb_vars
+from oeqa.selftest.qemucommand import QemuCommand
+class SotaToolsTests(oeSelfTest):
+    @classmethod
+    def setUpClass(cls):
+        logger = logging.getLogger("selftest")
+        logger.info('Running bitbake to build aktualizr-native tools')
+        bitbake('aktualizr-native')
+    def test_push_help(self):
+        bb_vars = get_bb_vars(['SYSROOT_DESTDIR', 'bindir'], 'aktualizr-native')
+        p = bb_vars['SYSROOT_DESTDIR'] + bb_vars['bindir'] + "/" + "garage-push"
+        self.assertTrue(os.path.isfile(p), msg = "No garage-push found (%s)" % p)
+        result = runCmd('%s --help' % p, ignore_status=True)
+        self.assertEqual(result.status, 0, "Status not equal to 0. output: %s" % result.output)
+    def test_deploy_help(self):
+        bb_vars = get_bb_vars(['SYSROOT_DESTDIR', 'bindir'], 'aktualizr-native')
+        p = bb_vars['SYSROOT_DESTDIR'] + bb_vars['bindir'] + "/" + "garage-deploy"
+        self.assertTrue(os.path.isfile(p), msg = "No garage-deploy found (%s)" % p)
+        result = runCmd('%s --help' % p, ignore_status=True)
+        self.assertEqual(result.status, 0, "Status not equal to 0. output: %s" % result.output)
+class GarageSignTests(oeSelfTest):
+    @classmethod
+    def setUpClass(cls):
+        logger = logging.getLogger("selftest")
+        logger.info('Running bitbake to build garage-sign-native')
+        bitbake('garage-sign-native')
+    def test_help(self):
+        bb_vars = get_bb_vars(['SYSROOT_DESTDIR', 'bindir'], 'garage-sign-native')
+        p = bb_vars['SYSROOT_DESTDIR'] + bb_vars['bindir'] + "/" + "garage-sign"
+        self.assertTrue(os.path.isfile(p), msg = "No garage-sign found (%s)" % p)
+        result = runCmd('%s --help' % p, ignore_status=True)
+        self.assertEqual(result.status, 0, "Status not equal to 0. output: %s" % result.output)
+class HsmTests(oeSelfTest):
+    def test_hsm(self):
+        self.write_config('SOTA_CLIENT_FEATURES="hsm hsm-test"')
+        bitbake('core-image-minimal')
+class GeneralTests(oeSelfTest):
+    def test_feature_sota(self):
+        result = get_bb_var('DISTRO_FEATURES').find('sota')
+        self.assertNotEqual(result, -1, 'Feature "sota" not set at DISTRO_FEATURES');
+    def test_feature_systemd(self):
+        result = get_bb_var('DISTRO_FEATURES').find('systemd')
+        self.assertNotEqual(result, -1, 'Feature "systemd" not set at DISTRO_FEATURES');
+    def test_credentials(self):
+        bitbake('core-image-minimal')
+        credentials = get_bb_var('SOTA_PACKED_CREDENTIALS')
+        # skip the test if the variable SOTA_PACKED_CREDENTIALS is not set
+        if credentials is None:
+            raise unittest.SkipTest("Variable 'SOTA_PACKED_CREDENTIALS' not set.")
+        # Check if the file exists
+        self.assertTrue(os.path.isfile(credentials), "File %s does not exist" % credentials)
+        deploydir = get_bb_var('DEPLOY_DIR_IMAGE')
+        imagename = get_bb_var('IMAGE_LINK_NAME', 'core-image-minimal')
+        # Check if the credentials are included in the output image
+        result = runCmd('tar -jtvf %s/%s.tar.bz2 | grep sota_provisioning_credentials.zip' % (deploydir, imagename), ignore_status=True)
+        self.assertEqual(result.status, 0, "Status not equal to 0. output: %s" % result.output)
+    def test_java(self):
+        result = runCmd('which java', ignore_status=True)
+        self.assertEqual(result.status, 0, "Java not found.")
+    def test_add_package(self):
+        print('')
+        deploydir = get_bb_var('DEPLOY_DIR_IMAGE')
+        imagename = get_bb_var('IMAGE_LINK_NAME', 'core-image-minimal')
+        image_path = deploydir + '/' + imagename + '.otaimg'
+        logger = logging.getLogger("selftest")
+        logger.info('Running bitbake with man in the image package list')
+        self.write_config('IMAGE_INSTALL_append = " man "')
+        bitbake('-c cleanall man')
+        bitbake('core-image-minimal')
+        result = runCmd('oe-pkgdata-util find-path /usr/bin/man')
+        self.assertEqual(result.output, 'man: /usr/bin/man')
+        path1 = os.path.realpath(image_path)
+        size1 = os.path.getsize(path1)
+        logger.info('First image %s has size %i' % (path1, size1))
+        logger.info('Running bitbake without man in the image package list')
+        self.write_config('IMAGE_INSTALL_remove = " man "')
+        bitbake('-c cleanall man')
+        bitbake('core-image-minimal')
+        result = runCmd('oe-pkgdata-util find-path /usr/bin/man', ignore_status=True)
+        self.assertEqual(result.status, 1, "Status different than 1. output: %s" % result.output)
+        self.assertEqual(result.output, 'ERROR: Unable to find any package producing path /usr/bin/man')
+        path2 = os.path.realpath(image_path)
+        size2 = os.path.getsize(path2)
+        logger.info('Second image %s has size %i' % (path2, size2))
+        self.assertNotEqual(path1, path2, "Image paths are identical; image was not rebuilt.")
+        self.assertNotEqual(size1, size2, "Image sizes are identical; image was not rebuilt.")
+    def test_qemu(self):
+        print('')
+        # Create empty object.
+        args = type('', (), {})()
+        args.imagename = 'core-image-minimal'
+        args.mac = None
+        # Could use DEPLOY_DIR_IMAGE here but it's already in the machine
+        # subdirectory.
+        args.dir = 'tmp/deploy/images'
+        args.efi = False
+        args.machine = None
+        args.kvm = None  # Autodetect
+        args.no_gui = True
+        args.gdb = False
+        args.pcap = None
+        args.overlay = None
+        args.dry_run = False
+        qemu_command = QemuCommand(args)
+        cmdline = qemu_command.command_line()
+        print('Booting image with run-qemu-ota...')
+        s = subprocess.Popen(cmdline)
+        time.sleep(10)
+        print('Machine name (hostname) of device is:')
+        ssh_cmd = ['ssh', '-q', '-o', 'UserKnownHostsFile=/dev/null', '-o', 'StrictHostKeyChecking=no', 'root@localhost', '-p', str(qemu_command.ssh_port), 'hostname']
+        s2 = subprocess.Popen(ssh_cmd)
+        time.sleep(5)
+        try:
+            s.terminate()
+        except KeyboardInterrupt:
+            pass
diff --git a/recipes-core/images/initramfs-ostree-image.bb b/recipes-core/images/initramfs-ostree-image.bb
index 4870579..4ab9da8 100644
--- a/recipes-core/images/initramfs-ostree-image.bb
+++ b/recipes-core/images/initramfs-ostree-image.bb
@@ -15,7 +15,6 @@ LICENSE = "MIT"
 IMAGE_FSTYPES = "ext4.gz"
 IMAGE_FSTYPES_append_arm = " ext4.gz.u-boot"
-IMAGE_CLASSES_append_arm = " image_types_uboot"
 inherit core-image
diff --git a/recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb b/recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb
index 276c17e..c443c56 100644
--- a/recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-hsm-test-prov.bb
@@ -23,12 +23,12 @@ inherit systemd
 do_install() {
    install -d ${D}/${systemd_unitdir}/system
    install -m 0644 ${WORKDIR}/aktualizr-autoprovision.service ${D}/${systemd_unitdir}/system/aktualizr.service
-    install -d ${D}/usr/lib/sota
+    install -d ${D}${libdir}/sota
    aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} --no-root-ca \
-        -i ${WORKDIR}/sota_hsm_test.toml -o ${D}/usr/lib/sota/sota.toml -p ${D}
+        -i ${WORKDIR}/sota_hsm_test.toml -o ${D}${libdir}/sota/sota.toml -p ${D}
 }
 FILES_${PN} = " \
                ${systemd_unitdir}/system/aktualizr.service \
-                /usr/lib/sota/sota.toml \
+                ${libdir}/sota/sota.toml \
                "
diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb
index 9a1a7a6..162065e 100644
--- a/recipes-sota/aktualizr/aktualizr_git.bb
+++ b/recipes-sota/aktualizr/aktualizr_git.bb
@@ -18,7 +18,7 @@ PR = "7"
 SRC_URI = " \
  git://github.com/advancedtelematic/aktualizr;branch=${BRANCH} \
  "
-SRCREV = "67c4f44c4136d16871726449502e3926098e8524"
+SRCREV = "f043191ae622a96cf2f4d48f9073d5cfa9f16e3f"
 BRANCH ?= "master"
 S = "${WORKDIR}/git"
@@ -33,7 +33,6 @@ EXTRA_OECMAKE_append_class-native = "-DBUILD_SOTA_TOOLS=ON -DBUILD_OSTREE=OFF "
 do_install_append () {
    rm -f ${D}${bindir}/aktualizr_cert_provider
-    rm -f ${D}${bindir}/garage-deploy
 }
 do_install_append_class-target () {
    rm -f ${D}${bindir}/aktualizr_implicit_writer
@@ -47,5 +46,6 @@ FILES_${PN}_class-target = " \
                "
 FILES_${PN}_class-native = " \
                ${bindir}/aktualizr_implicit_writer \
+                ${bindir}/garage-deploy \
                ${bindir}/garage-push \
                "
diff --git a/recipes-sota/aktualizr/files/sota_hsm_test.toml b/recipes-sota/aktualizr/files/sota_hsm_test.toml
index 1317914..28aefc2 100644
--- a/recipes-sota/aktualizr/files/sota_hsm_test.toml
+++ b/recipes-sota/aktualizr/files/sota_hsm_test.toml
@@ -12,6 +12,7 @@ pass = "1234"
 [uptane]
 metadata_path = "/var/sota/metadata"
-private_key_path = "ecukey.der"
+key_source = "pkcs11"
-public_key_path = "ecukey.pub"
+private_key_path = "03"
+public_key_path = "03"
diff --git a/recipes-sota/garage-sign/garage-sign.bb b/recipes-sota/garage-sign/garage-sign.bb
index ccd7299..d5388bc 100644
--- a/recipes-sota/garage-sign/garage-sign.bb
+++ b/recipes-sota/garage-sign/garage-sign.bb
@@ -6,14 +6,14 @@ LICENSE = "CLOSED"
 LIC_FILES_CHKSUM = "file://${S}/docs/LICENSE;md5=3025e77db7bd3f1d616b3ffd11d54c94"
 DEPENDS = ""
-PV = "0.2.0-6-g6af6ecd"
+PV = "0.2.0-35-g0544c33"
 SRC_URI = " \
  https://ats-tuf-cli-releases.s3-eu-central-1.amazonaws.com/cli-${PV}.tgz \
  "
-SRC_URI[md5sum] = "39941607ddef3a93476e267ad7bf6280"
+SRC_URI[md5sum] = "1546e06d1e747f67aee5ed7096bf1c74"
-SRC_URI[sha256sum] = "fbd2ea56f21341146844b02837377b08e63a3e361079e2c65142c2ed881c3b5d"
+SRC_URI[sha256sum] = "1432348bca8ca5ad75df1218f348f480d429d7509d6454deb6e16ff31c5e08fc"
 S = "${WORKDIR}/${BPN}"
diff --git a/recipes-support/ca-certificates/ca-certificates_%.bbappend b/recipes-support/ca-certificates/ca-certificates_%.bbappend
new file mode 100644
index 0000000..afaadfd
--- /dev/null
+++ b/recipes-support/ca-certificates/ca-certificates_%.bbappend
@@ -0,0 +1 @@
+SYSROOT_DIRS += "/etc"
diff --git a/recipes-support/libp11/libp11_0.4.7.bb b/recipes-support/libp11/libp11_0.4.7.bb
new file mode 100644
index 0000000..7d77e90
--- /dev/null
+++ b/recipes-support/libp11/libp11_0.4.7.bb
@@ -0,0 +1,37 @@
+SUMMARY = "Library for using PKCS"
+DESCRIPTION = "\
+Libp11 is a library implementing a small layer on top of PKCS \
+make using PKCS"
+HOMEPAGE = "http://www.opensc-project.org/libp11"
+SECTION = "Development/Libraries"
+LICENSE = "LGPLv2+"
+LIC_FILES_CHKSUM = "file://COPYING;md5=fad9b3332be894bab9bc501572864b29"
+DEPENDS = "libtool openssl"
+SRC_URI = "git://github.com/OpenSC/libp11.git"
+SRCREV = "da725ab727342083478150a203a3c80c4551feb4"
+S = "${WORKDIR}/git"
+inherit autotools pkgconfig
+# Currently, Makefile dependencies are incorrectly defined which causes build errors
+# The number of jobs is high
+# See https://github.com/OpenSC/libp11/issues/94
+PARALLEL_MAKE = ""
+EXTRA_OECONF = "--disable-static"
+do_install_append () {
+    rm -rf ${D}${libdir}/*.la
+    rm -rf ${D}${docdir}/${BPN}
+}
+FILES_${PN} = "${libdir}/engines/pkcs11.so \
+               ${libdir}/engines/libpkcs11${SOLIBS} \
+               ${libdir}/libp11${SOLIBS}"
+FILES_${PN}-dev = " \
+                   ${libdir}/engines/libpkcs11${SOLIBSDEV} \
+                   ${libdir}/libp11${SOLIBSDEV} \
+                   ${libdir}/pkgconfig/libp11.pc \
+                   /usr/include"
diff --git a/scripts/lib/wic/plugins/source/otaimage.py b/scripts/lib/wic/plugins/source/otaimage.py
index eef0bb4..26cfb10 100644
--- a/scripts/lib/wic/plugins/source/otaimage.py
+++ b/scripts/lib/wic/plugins/source/otaimage.py
@@ -19,10 +19,12 @@ import logging
 import os
 import sys
-from wic.pluginbase import SourcePlugin
+from wic.plugins.source.rawcopy import RawCopyPlugin
 from wic.utils.misc import get_bitbake_var
-class OTAImagePlugin(SourcePlugin):
+logger = logging.getLogger('wic')
+class OTAImagePlugin(RawCopyPlugin):
    """
    Add an already existing filesystem image to the partition layout.
    """
@@ -30,25 +32,6 @@ class OTAImagePlugin(SourcePlugin):
    name = 'otaimage'
    @classmethod
-    def do_install_disk(cls, disk, disk_name, cr, workdir, oe_builddir,
-                        bootimg_dir, kernel_dir, native_sysroot):
-        """
-        Called after all partitions have been prepared and assembled into a
-        disk image. Do nothing.
-        """
-        pass
-    @classmethod
-    def do_configure_partition(cls, part, source_params, cr, cr_workdir,
-                               oe_builddir, bootimg_dir, kernel_dir,
-                               native_sysroot):
-        """
-        Called before do_prepare_partition(). Possibly prepare
-        configuration files of some sort.
-        """
-        pass
-    @classmethod
    def do_prepare_partition(cls, part, source_params, cr, cr_workdir,
                             oe_builddir, bootimg_dir, kernel_dir,
                             rootfs_dir, native_sysroot):
@@ -65,5 +48,10 @@ class OTAImagePlugin(SourcePlugin):
        src = bootimg_dir + "/" + get_bitbake_var("IMAGE_LINK_NAME") + ".otaimg"
        logger.debug('Preparing partition using image %s' % (src))
-        part.prepare_rootfs_from_fs_image(cr_workdir, src, "")
+        source_params['file'] = src
+        super(OTAImagePlugin, cls).do_prepare_partition(part, source_params,
+                                                         cr, cr_workdir, oe_builddir,
+                                                         bootimg_dir, kernel_dir,
+                                                         rootfs_dir, native_sysroot)
diff --git a/scripts/qemucommand.py b/scripts/qemucommand.py
new file mode 100644
index 0000000..82a9540
--- /dev/null
+++ b/scripts/qemucommand.py
@@ -0,0 +1,127 @@
+from os.path import exists, join, realpath, abspath
+from os import listdir
+import random
+import socket
+from subprocess import check_output, CalledProcessError
+EXTENSIONS = {
+    'intel-corei7-64': 'wic',
+    'qemux86-64': 'otaimg'
+}
+def find_local_port(start_port):
+    """"
+    Find the next free TCP port after 'start_port'.
+    """
+    for port in range(start_port, start_port + 10):
+        try:
+            s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+            s.bind(('', port))
+            return port
+        except socket.error:
+            print("Skipping port %d" % port)
+        finally:
+            s.close()
+    raise Exception("Could not find a free TCP port")
+def random_mac():
+    """Return a random Ethernet MAC address
+    @link https://www.iana.org/assignments/ethernet-numbers/ethernet-numbers.xhtml#ethernet-numbers-2
+    """
+    head = "ca:fe:"
+    hex_digits = '0123456789abcdef'
+    tail = ':'.join([random.choice(hex_digits) + random.choice(hex_digits) for _ in range(4)])
+    return head + tail
+class QemuCommand(object):
+    def __init__(self, args):
+        if args.machine:
+            self.machine = args.machine
+        else:
+            machines = listdir(args.dir)
+            if len(machines) == 1:
+                self.machine = machines[0]
+            else:
+                raise ValueError("Could not autodetect machine type from %s" % args.dir)
+        if args.efi:
+            self.bios = 'OVMF.fd'
+        else:
+            uboot = abspath(join(args.dir, self.machine, 'u-boot-qemux86-64.rom'))
+            if not exists(uboot):
+                raise ValueError("U-Boot image %s does not exist" % uboot)
+            self.bios = uboot
+        if exists(args.imagename):
+            image = args.imagename
+        else:
+            ext = EXTENSIONS.get(self.machine, 'wic')
+            image = join(args.dir, self.machine, '%s-%s.%s' % (args.imagename, self.machine, ext))
+        self.image = realpath(image)
+        if not exists(self.image):
+            raise ValueError("OS image %s does not exist" % self.image)
+        if args.mac:
+            self.mac_address = args.mac
+        else:
+            self.mac_address = random_mac()
+        self.serial_port = find_local_port(8990)
+        self.ssh_port = find_local_port(2222)
+        if args.kvm is None:
+            # Autodetect KVM using 'kvm-ok'
+            try:
+                check_output(['kvm-ok'])
+                self.kvm = True
+            except CalledProcessError:
+                self.kvm = False
+        else:
+            self.kvm = args.kvm
+        self.gui = not args.no_gui
+        self.gdb = args.gdb
+        self.pcap = args.pcap
+        self.overlay = args.overlay
+    def command_line(self):
+        netuser = 'user,hostfwd=tcp:0.0.0.0:%d-:22,restrict=off' % self.ssh_port
+        if self.gdb:
+            netuser += ',hostfwd=tcp:0.0.0.0:2159-:2159'
+        cmdline = [
+            "qemu-system-x86_64",
+            "-bios", self.bios
+        ]
+        if not self.overlay:
+            cmdline += ["-drive", "file=%s,if=ide,format=raw,snapshot=on" % self.image]
+        cmdline += [
+            "-serial", "tcp:127.0.0.1:%d,server,nowait" % self.serial_port,
+            "-m", "1G",
+            "-usb",
+            "-usbdevice", "tablet",
+            "-show-cursor",
+            "-vga", "std",
+            "-net", netuser,
+            "-net", "nic,macaddr=%s" % self.mac_address
+        ]
+        if self.pcap:
+            cmdline += ['-net', 'dump,file=' + self.pcap]
+        if self.gui:
+            cmdline += ["-serial", "stdio"]
+        else:
+            cmdline.append('-nographic')
+        if self.kvm:
+            cmdline.append('-enable-kvm')
+        else:
+            cmdline += ['-cpu', 'Haswell']
+        if self.overlay:
+            cmdline.append(self.overlay)
+        return cmdline
+    def img_command_line(self):
+        cmdline = [
+        "qemu-img", "create",
+        "-o", "backing_file=%s" % self.image,
+        "-f", "qcow2",
+        self.overlay]
+        return cmdline
diff --git a/scripts/run-qemu-ota b/scripts/run-qemu-ota
index 5334814..56e4fbc 100755
--- a/scripts/run-qemu-ota
+++ b/scripts/run-qemu-ota
@@ -2,126 +2,12 @@
 from argparse import ArgumentParser
 from subprocess import Popen
-from os.path import exists, join, realpath
+from os.path import exists
-from os import listdir
-import random
 import sys
-import socket
+from qemucommand import QemuCommand
 DEFAULT_DIR = 'tmp/deploy/images'
-EXTENSIONS = {
-    'intel-corei7-64': 'wic',
-    'qemux86-64': 'otaimg'
-}
-def find_local_port(start_port):
-    """"
-    Find the next free TCP port after 'start_port'.
-    """
-    for port in range(start_port, start_port + 10):
-        try:
-            s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-            s.bind(('', port))
-            return port
-        except socket.error:
-            print("Skipping port %d" % port)
-        finally:
-            s.close()
-    raise Exception("Could not find a free TCP port")
-def random_mac():
-    """Return a random Ethernet MAC address
-    @link https://www.iana.org/assignments/ethernet-numbers/ethernet-numbers.xhtml#ethernet-numbers-2
-    """
-    head = "ca:fe:"
-    hex_digits = '0123456789abcdef'
-    tail = ':'.join([random.choice(hex_digits) + random.choice(hex_digits) for _ in range(4)])
-    return head + tail
-class QemuCommand(object):
-    def __init__(self, args):
-        if args.machine:
-            self.machine = args.machine
-        else:
-            machines = listdir(args.dir)
-            if len(machines) == 1:
-                self.machine = machines[0]
-            else:
-                raise ValueError("Could not autodetect machine type from %s" % args.dir)
-        if args.efi:
-            self.bios = 'OVMF.fd'
-        else:
-            uboot = join(args.dir, self.machine, 'u-boot-qemux86-64.rom')
-            if not exists(uboot):
-                raise ValueError("U-Boot image %s does not exist" % uboot)
-            self.bios = uboot
-        if exists(args.imagename):
-            image = args.imagename
-        else:
-            ext = EXTENSIONS.get(self.machine, 'wic')
-            image = join(args.dir, self.machine, '%s-%s.%s' % (args.imagename, self.machine, ext))
-        self.image = realpath(image)
-        if not exists(self.image):
-            raise ValueError("OS image %s does not exist" % self.image)
-        if args.mac:
-            self.mac_address = args.mac
-        else:
-            self.mac_address = random_mac()
-        self.serial_port = find_local_port(8990)
-        self.ssh_port = find_local_port(2222)
-        self.kvm = not args.no_kvm
-        self.gui = not args.no_gui
-        self.gdb = args.gdb
-        self.pcap = args.pcap
-        self.overlay = args.overlay
-    def command_line(self):
-        netuser = 'user,hostfwd=tcp:0.0.0.0:%d-:22,restrict=off' % self.ssh_port
-        if self.gdb:
-            netuser += ',hostfwd=tcp:0.0.0.0:2159-:2159'
-        cmdline = [
-            "qemu-system-x86_64",
-            "-bios", self.bios
-        ]
-        if not self.overlay:
-            cmdline += ["-drive", "file=%s,if=ide,format=raw,snapshot=on" % self.image]
-        cmdline += [
-            "-serial", "tcp:127.0.0.1:%d,server,nowait" % self.serial_port,
-            "-m", "1G",
-            "-usb",
-            "-usbdevice", "tablet",
-            "-show-cursor",
-            "-vga", "std",
-            "-net", netuser,
-            "-net", "nic,macaddr=%s" % self.mac_address
-        ]
-        if self.pcap:
-            cmdline += ['-net', 'dump,file=' + self.pcap]
-        if self.gui:
-            cmdline += ["-serial", "stdio"]
-        else:
-            cmdline.append('-nographic')
-        if self.kvm:
-            cmdline.append('-enable-kvm')
-        else:
-            cmdline += ['-cpu', 'Haswell']
-        if self.overlay:
-            cmdline.append(self.overlay)
-        return cmdline
-    def img_command_line(self):
-        cmdline = [
-        "qemu-img", "create",
-        "-o", "backing_file=%s" % self.image,
-        "-f", "qcow2",
-        self.overlay]
-        return cmdline
 def main():
    parser = ArgumentParser(description='Run meta-updater image in qemu')
@@ -135,11 +21,18 @@ def main():
                             'OSTREE_BOOTLOADER = "grub" and OVMF.fd firmware to be installed (try "apt install ovmf")',
                        action='store_true')
    parser.add_argument('--machine', default=None, help="Target MACHINE")
-    parser.add_argument('--no-kvm', help='Disable KVM in QEMU', action='store_true')
+    kvm_group = parser.add_argument_group()
+    kvm_group.add_argument('--force-kvm', help='Force use of KVM (default is to autodetect)',
+                           dest='kvm', action='store_true', default=None)
+    kvm_group.add_argument('--no-kvm', help='Disable KVM in QEMU',
+                           dest='kvm', action='store_false')
    parser.add_argument('--no-gui', help='Disable GUI', action='store_true')
    parser.add_argument('--gdb', help='Export gdbserver port 2159 from the image', action='store_true')
    parser.add_argument('--pcap', default=None, help='Dump all network traffic')
-    parser.add_argument('-o', '--overlay', type=str, metavar='file.cow', help='Use an overlay storage image file. Will be created if it does not exist. This option lets you have a persistent image without modifying the underlying image file, permitting multiple different persistent machines.')
+    parser.add_argument('-o', '--overlay', type=str, metavar='file.cow',
+                        help='Use an overlay storage image file. Will be created if it does not exist. ' +
+                             'This option lets you have a persistent image without modifying the underlying image ' +
+                             'file, permitting multiple different persistent machines.')
    parser.add_argument('-n', '--dry-run', help='Print qemu command line rather then run it', action='store_true')
    args = parser.parse_args()
    try:
@@ -161,7 +54,7 @@ def main():
        if args.dry_run:
            print(" ".join(img_cmdline))
        else:
-            Popen(img_cmdline)
+            Popen(img_cmdline).wait()
    if args.dry_run:
        print(" ".join(cmdline))