kuksa-val: Rework to support updated SSL certificates

Changes:
- Tweak the kuksa-val recipe to remove installing a newer server
  certificate (since it will be done elsewhere), and to split the
  certificates up into finer grained packages to ease installing
  them piecemeal and replacing them with other packages.
- Remove the unused genCerts.sh certificate script patch form the
  kuksa-val recipe, an updated patch will be added in the near
  future.
- Added a patch in the kuksa-viss-client recipe that enables the
  library to use certificates installed in /etc/kuksa-certificates or
  /etc/kuksa-val instead of the default ones that are shipped.
- Add kuksa-certificates-agl recipe that installs AGL specific CA,
  server, and client certificates plus the required server and client
  keys to act as a replacement for the default ones shipped with
  KUKSA.val.  The kuksa-certificates-agl name is used to avoid needing
  a rename with a future switch to kuksa-databroker.  Note that the
  RPROVIDES variable is used for the various certificate packages to
  make them installable alternatives to the kuksa-val-certificates-*
  ones.  The certificates installed are valid for 1 year and have
  AGL as the providing organization, longer validity ones will be
  added in follow up commits for Octopus and Pike.
- Update the existing users of kuksa-val-*-certificates with the new
  kuksa-val-certificates-* package names.
- Add PREFERRED_RPROVIDER definitions for the kuksa-val-certificates-*
  packages to quiet the BitBake warnings coming from having multiple
  providers.

Bug-AGL: SPEC-4763

Change-Id: Ic6f1ca8b54f637674cd5ae42df0bed6ca4e729aa
Signed-off-by: Scott Murray <scott.murray@konsulko.com>

1 files changed, 58 insertions, 0 deletions

diff --git a/recipes-connectivity/kuksa-val/kuksa-certificates-agl.bb b/recipes-connectivity/kuksa-val/kuksa-certificates-agl.bb
new file mode 100644
index 000000000..7caa2ebf2
--- /dev/null
+++ b/recipes-connectivity/kuksa-val/kuksa-certificates-agl.bb
@@ -0,0 +1,58 @@
+SUMMARY = "AGL certificates for KUKSA.val, the KUKSA Vehicle Abstraction Layer"
+HOMEPAGE = "https://github.com/eclipse/kuksa.val"
+BUGTRACKER = "https://github.com/eclipse/kuksa.val/issues"
+
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
+
+SRC_URI = "file://CA.pem \
+           file://Client.key \
+           file://Client.pem \
+           file://Server.key \
+           file://Server.pem \
+"
+
+inherit allarch useradd
+
+USERADD_PACKAGES = "${PN}-server"
+USERADDEXTENSION = "useradd-staticids"
+GROUPADD_PARAM:${PN}-server = "-g 900 kuksa ;"
+
+do_install() {
+    # Install replacement CA certificate, server key + certificate,
+    # and client key + certificate.
+    # These are AGL specific versions generated using a tweaked
+    # genCerts.sh script to have different expiry dates than the
+    # upstream defaults, and use AGL as the organization.
+    install -d ${D}${sysconfdir}/kuksa-val/
+    install -m 0644 ${WORKDIR}/CA.pem ${D}${sysconfdir}/kuksa-val/
+    install -m 0640 -g 900 ${WORKDIR}/Server.key ${D}${sysconfdir}/kuksa-val/
+    install -m 0640 -g 900 ${WORKDIR}/Server.pem ${D}${sysconfdir}/kuksa-val/
+    install -m 0644 ${WORKDIR}/Client.key ${D}${sysconfdir}/kuksa-val/
+    install -m 0644 ${WORKDIR}/Client.pem ${D}${sysconfdir}/kuksa-val/
+}
+
+PACKAGE_BEFORE_PN += "${PN}-ca ${PN}-server ${PN}-client"
+
+FILES:${PN}-ca = " \
+    ${sysconfdir}/kuksa-val/CA.pem \
+"
+RPROVIDES:${PN}-ca += "kuksa-val-certificates-ca"
+
+FILES:${PN}-server = " \
+    ${sysconfdir}/kuksa-val/Server.key \
+    ${sysconfdir}/kuksa-val/Server.pem \
+"
+RPROVIDES:${PN}-server += "kuksa-val-certificates-server"
+RDEPENDS:${PN}-server += "${PN}-ca"
+
+FILES:${PN}-client = " \
+    ${sysconfdir}/kuksa-val/Client.key \
+    ${sysconfdir}/kuksa-val/Client.pem \
+"
+RPROVIDES:${PN}-client += "kuksa-val-certificates-client"
+RDEPENDS:${PN}-client += "${PN}-ca"
+
+ALLOW_EMPTY:${PN} = "1"
+
+RDEPENDS:${PN} += "kuksa-val ${PN}-ca ${PN}-server ${PN}-client"