summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorScott Murray <scott.murray@konsulko.com>2023-11-23 21:54:46 -0500
committerJan-Simon Moeller <jsmoeller@linuxfoundation.org>2023-11-24 09:32:31 +0000
commit1fd481575873e66f0653608d835844d5b11c9f49 (patch)
tree45b708f90fc2d2648f63e3edb385b16effe5db4f
parent54cc3c843ca4477b23c86f2029039f413a2b31d1 (diff)
Ensure KUKSA.val JWT certificate gets installed
Recent changes accidentally resulted in the jwt.key.pub certificate file for KUKSA.val server / databroker authorization not getting installed, breaking databroker start up. Explicitly install it from our kuksa-certificates-server-agl package, and tweak the kuksa-val recipe to package it in its kuksa-certificates-server package. Bug-AGL: SPEC-4985 Change-Id: I94703da876718524da753b6b882b331b7f088431 Signed-off-by: Scott Murray <scott.murray@konsulko.com> Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl-demo/+/29469 Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org> ci-image-boot-test: Jenkins Job builder account Tested-by: Jenkins Job builder account ci-image-build: Jenkins Job builder account
-rw-r--r--recipes-connectivity/kuksa-val/kuksa-certificates-agl.bb3
-rw-r--r--recipes-connectivity/kuksa-val/kuksa-certificates-agl/jwt.key.pub14
-rw-r--r--recipes-connectivity/kuksa-val/kuksa-val_git.bb1
3 files changed, 18 insertions, 0 deletions
diff --git a/recipes-connectivity/kuksa-val/kuksa-certificates-agl.bb b/recipes-connectivity/kuksa-val/kuksa-certificates-agl.bb
index 870d2e398..0264ebbd7 100644
--- a/recipes-connectivity/kuksa-val/kuksa-certificates-agl.bb
+++ b/recipes-connectivity/kuksa-val/kuksa-certificates-agl.bb
@@ -10,6 +10,7 @@ SRC_URI = "file://CA.pem \
file://Client.pem \
file://Server.key \
file://Server.pem \
+ file://jwt.key.pub \
"
inherit allarch useradd
@@ -28,6 +29,7 @@ do_install() {
install -m 0644 ${WORKDIR}/CA.pem ${D}${sysconfdir}/kuksa-val/
install -m 0640 -g 900 ${WORKDIR}/Server.key ${D}${sysconfdir}/kuksa-val/
install -m 0640 -g 900 ${WORKDIR}/Server.pem ${D}${sysconfdir}/kuksa-val/
+ install -m 0644 -g 900 ${WORKDIR}/jwt.key.pub ${D}${sysconfdir}/kuksa-val/
install -m 0644 ${WORKDIR}/Client.key ${D}${sysconfdir}/kuksa-val/
install -m 0644 ${WORKDIR}/Client.pem ${D}${sysconfdir}/kuksa-val/
}
@@ -42,6 +44,7 @@ RPROVIDES:${PN}-ca += "kuksa-val-certificates-ca"
FILES:${PN}-server = " \
${sysconfdir}/kuksa-val/Server.key \
${sysconfdir}/kuksa-val/Server.pem \
+ ${sysconfdir}/kuksa-val/jwt.key.pub \
"
RPROVIDES:${PN}-server += "kuksa-val-certificates-server"
RDEPENDS:${PN}-server += "${PN}-ca"
diff --git a/recipes-connectivity/kuksa-val/kuksa-certificates-agl/jwt.key.pub b/recipes-connectivity/kuksa-val/kuksa-certificates-agl/jwt.key.pub
new file mode 100644
index 000000000..d9f785341
--- /dev/null
+++ b/recipes-connectivity/kuksa-val/kuksa-certificates-agl/jwt.key.pub
@@ -0,0 +1,14 @@
+-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6ScE9EKXEWVyYhzfhfvg
++LC8NseiuEjfrdFx3HKkb31bRw/SeS0Rye0KDP7uzffwreKf6wWYGxVUPYmyKC7j
+Pji5MpDBGM9r3pIZSvPUFdpTE5TiRHFBxWbqPSYt954BTLq4rMu/W+oq5Pdfnugb
+voYpLf0dclBl1g9KyszkDnItz3TYbWhGMbsUSfyeSPzH0IADzLoifxbc5mgiR73N
+CA/4yNSpfLoqWgQ2vdTM1182sMSmxfqSgMzIMUX/tiaXGdkoKITF1sULlLyWfTo9
+79XRZ0hmUwvfzr3OjMZNoClpYSVbKY+vtxHyux9KOOtv9lPMsgYIaPXvisrsneDZ
+fCS0afOfjgR96uHIe2UPSGAXru3yGziqEfpRZoxsgXaOe905ordLD5bSX14xkN7N
+Cz7rxDLlxPQyxp4Vhog7p/QeUyydBpZjq2bAE5GAJtiu+XGvG8RypzJFKFQwMNsw
+g1BoZVD0mb0MtU8KQmHcZIfY0FVer/CR0mUjfl1rHbtoJB+RY03lQvYNAD04ibAG
+NI1RhlTziu35Xo6NDEgs9hVs9k3WrtF+ZUxhivWmP2VXhWruRakVkC1NzKGh54e5
+/KlluFbBNpWgvWZqzWo9Jr7/fzHtR0Q0IZwkxh+Vd/bUZya1uLKqP+sTcc+aTHbn
+AEiqOjPq0D6X45wCzIwjILUCAwEAAQ==
+-----END PUBLIC KEY-----
diff --git a/recipes-connectivity/kuksa-val/kuksa-val_git.bb b/recipes-connectivity/kuksa-val/kuksa-val_git.bb
index a894f0133..c564eabfc 100644
--- a/recipes-connectivity/kuksa-val/kuksa-val_git.bb
+++ b/recipes-connectivity/kuksa-val/kuksa-val_git.bb
@@ -73,6 +73,7 @@ FILES:${PN}-certificates-ca = " \
FILES:${PN}-certificates-server = " \
${sysconfdir}/kuksa-val/Server.key \
${sysconfdir}/kuksa-val/Server.pem \
+ ${sysconfdir}/kuksa-val/jwt.key.pub \
"
RDEPENDS:${PN}-certificates-server += "${PN}-certificates-ca"