diff options
| author |   Scott Murray <scott.murray@konsulko.com> | 2023-11-23 21:54:46 -0500 |
|---|---|---|
| committer |   Jan-Simon Moeller <jsmoeller@linuxfoundation.org> | 2023-11-24 09:32:31 +0000 |
| commit | 1fd481575873e66f0653608d835844d5b11c9f49 (patch) | |
| tree | 45b708f90fc2d2648f63e3edb385b16effe5db4f | |
| parent | 54cc3c843ca4477b23c86f2029039f413a2b31d1 (diff) | |
Ensure KUKSA.val JWT certificate gets installed
Recent changes accidentally resulted in the jwt.key.pub certificate
file for KUKSA.val server / databroker authorization not getting
installed, breaking databroker start up. Explicitly install it from
our kuksa-certificates-server-agl package, and tweak the kuksa-val
recipe to package it in its kuksa-certificates-server package.
Bug-AGL: SPEC-4985
Change-Id: I94703da876718524da753b6b882b331b7f088431
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl-demo/+/29469
Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
ci-image-boot-test: Jenkins Job builder account
Tested-by: Jenkins Job builder account
ci-image-build: Jenkins Job builder account
3 files changed, 18 insertions, 0 deletions
diff --git a/recipes-connectivity/kuksa-val/kuksa-certificates-agl.bb b/recipes-connectivity/kuksa-val/kuksa-certificates-agl.bb index 870d2e398..0264ebbd7 100644 --- a/recipes-connectivity/kuksa-val/kuksa-certificates-agl.bb +++ b/recipes-connectivity/kuksa-val/kuksa-certificates-agl.bb @@ -10,6 +10,7 @@ SRC_URI = "file://CA.pem \ file://Client.pem \ file://Server.key \ file://Server.pem \ + file://jwt.key.pub \ " inherit allarch useradd @@ -28,6 +29,7 @@ do_install() { install -m 0644 ${WORKDIR}/CA.pem ${D}${sysconfdir}/kuksa-val/ install -m 0640 -g 900 ${WORKDIR}/Server.key ${D}${sysconfdir}/kuksa-val/ install -m 0640 -g 900 ${WORKDIR}/Server.pem ${D}${sysconfdir}/kuksa-val/ + install -m 0644 -g 900 ${WORKDIR}/jwt.key.pub ${D}${sysconfdir}/kuksa-val/ install -m 0644 ${WORKDIR}/Client.key ${D}${sysconfdir}/kuksa-val/ install -m 0644 ${WORKDIR}/Client.pem ${D}${sysconfdir}/kuksa-val/ } @@ -42,6 +44,7 @@ RPROVIDES:${PN}-ca += "kuksa-val-certificates-ca" FILES:${PN}-server = " \ ${sysconfdir}/kuksa-val/Server.key \ ${sysconfdir}/kuksa-val/Server.pem \ + ${sysconfdir}/kuksa-val/jwt.key.pub \ " RPROVIDES:${PN}-server += "kuksa-val-certificates-server" RDEPENDS:${PN}-server += "${PN}-ca" diff --git a/recipes-connectivity/kuksa-val/kuksa-certificates-agl/jwt.key.pub b/recipes-connectivity/kuksa-val/kuksa-certificates-agl/jwt.key.pub new file mode 100644 index 000000000..d9f785341 --- /dev/null +++ b/recipes-connectivity/kuksa-val/kuksa-certificates-agl/jwt.key.pub @@ -0,0 +1,14 @@ +-----BEGIN PUBLIC KEY----- +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6ScE9EKXEWVyYhzfhfvg ++LC8NseiuEjfrdFx3HKkb31bRw/SeS0Rye0KDP7uzffwreKf6wWYGxVUPYmyKC7j +Pji5MpDBGM9r3pIZSvPUFdpTE5TiRHFBxWbqPSYt954BTLq4rMu/W+oq5Pdfnugb +voYpLf0dclBl1g9KyszkDnItz3TYbWhGMbsUSfyeSPzH0IADzLoifxbc5mgiR73N +CA/4yNSpfLoqWgQ2vdTM1182sMSmxfqSgMzIMUX/tiaXGdkoKITF1sULlLyWfTo9 +79XRZ0hmUwvfzr3OjMZNoClpYSVbKY+vtxHyux9KOOtv9lPMsgYIaPXvisrsneDZ +fCS0afOfjgR96uHIe2UPSGAXru3yGziqEfpRZoxsgXaOe905ordLD5bSX14xkN7N +Cz7rxDLlxPQyxp4Vhog7p/QeUyydBpZjq2bAE5GAJtiu+XGvG8RypzJFKFQwMNsw +g1BoZVD0mb0MtU8KQmHcZIfY0FVer/CR0mUjfl1rHbtoJB+RY03lQvYNAD04ibAG +NI1RhlTziu35Xo6NDEgs9hVs9k3WrtF+ZUxhivWmP2VXhWruRakVkC1NzKGh54e5 +/KlluFbBNpWgvWZqzWo9Jr7/fzHtR0Q0IZwkxh+Vd/bUZya1uLKqP+sTcc+aTHbn +AEiqOjPq0D6X45wCzIwjILUCAwEAAQ== +-----END PUBLIC KEY----- diff --git a/recipes-connectivity/kuksa-val/kuksa-val_git.bb b/recipes-connectivity/kuksa-val/kuksa-val_git.bb index a894f0133..c564eabfc 100644 --- a/recipes-connectivity/kuksa-val/kuksa-val_git.bb +++ b/recipes-connectivity/kuksa-val/kuksa-val_git.bb @@ -73,6 +73,7 @@ FILES:${PN}-certificates-ca = " \ FILES:${PN}-certificates-server = " \ ${sysconfdir}/kuksa-val/Server.key \ ${sysconfdir}/kuksa-val/Server.pem \ + ${sysconfdir}/kuksa-val/jwt.key.pub \ " RDEPENDS:${PN}-certificates-server += "${PN}-certificates-ca" |