diff options
| author |   Scott Murray <scott.murray@konsulko.com> | 2023-04-24 18:01:29 -0400 |
|---|---|---|
| committer |   Jan-Simon Moeller <jsmoeller@linuxfoundation.org> | 2023-04-27 09:56:18 +0000 |
| commit | fdb58afacf2dff95cca48a772d653e45a1b577f3 (patch) | |
| tree | 1617355cb79b7549ff84eb424dab6daee64a1343 /conf | |
| parent | 34fd1612e443164364287894f50bde3de693eeb1 (diff) | |
kuksa-val: Rework to support updated SSL certificates
Changes:
- Tweak the kuksa-val recipe to remove installing a newer server
certificate (since it will be done elsewhere), and to split the
certificates up into finer grained packages to ease installing
them piecemeal and replacing them with other packages.
- Remove the unused genCerts.sh certificate script patch form the
kuksa-val recipe, an updated patch will be added in the near
future.
- Added a patch in the kuksa-viss-client recipe that enables the
library to use certificates installed in /etc/kuksa-certificates or
/etc/kuksa-val instead of the default ones that are shipped.
- Add kuksa-certificates-agl recipe that installs AGL specific CA,
server, and client certificates plus the required server and client
keys to act as a replacement for the default ones shipped with
KUKSA.val. The kuksa-certificates-agl name is used to avoid needing
a rename with a future switch to kuksa-databroker. Note that the
RPROVIDES variable is used for the various certificate packages to
make them installable alternatives to the kuksa-val-certificates-*
ones. The certificates installed are valid for 1 year and have
AGL as the providing organization, longer validity ones will be
added in follow up commits for Octopus and Pike.
- Update the existing users of kuksa-val-*-certificates with the new
kuksa-val-certificates-* package names.
- Add PREFERRED_RPROVIDER definitions for the kuksa-val-certificates-*
packages to quiet the BitBake warnings coming from having multiple
providers.
Bug-AGL: SPEC-4763
Change-Id: Ic6f1ca8b54f637674cd5ae42df0bed6ca4e729aa
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Diffstat (limited to 'conf')
| -rw-r--r-- | conf/include/agl-demo.inc | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/conf/include/agl-demo.inc b/conf/include/agl-demo.inc index a47f41d7..caba58cc 100644 --- a/conf/include/agl-demo.inc +++ b/conf/include/agl-demo.inc @@ -17,3 +17,10 @@ AGL_FEATURES:append = " agldemo" # install virtualbox drivers for vmdk #IMAGE_INSTALL:append = "${@bb.utils.contains_any('IMAGE_FSTYPES', 'wic.vmdk wic.vmdk.xz', ' open-vm-tools vboxguestdrivers', '', d)}" + +# It is not clear these definitions affect image generation in a robust +# way, but define them to both show our intent and quiet the warnings +# that get spammed otherwise. +PREFERRED_RPROVIDER_kuksa-val-certificates-ca = "kuksa-certificates-agl" +PREFERRED_RPROVIDER_kuksa-val-certificates-server = "kuksa-certificates-agl" +PREFERRED_RPROVIDER_kuksa-val-certificates-client = "kuksa-certificates-agl" |