diff options
author | Scott Murray <scott.murray@konsulko.com> | 2023-04-24 18:01:29 -0400 |
---|---|---|
committer | Jan-Simon Moeller <jsmoeller@linuxfoundation.org> | 2023-04-27 09:55:35 +0000 |
commit | 0df051c31b1c8687441d06e66750804c115db0bd (patch) | |
tree | 17405e2e6c2eb1c07333a89508bfec1562cd44e4 /recipes-connectivity/kuksa-val/kuksa-certificates-agl | |
parent | e8aae0c2439c4e060149ffba014fd76e99fad5a1 (diff) |
kuksa-val: Rework to support updated SSL certificates
Changes:
- Tweak the kuksa-val recipe to remove installing a newer server
certificate (since it will be done elsewhere), and to split the
certificates up into finer grained packages to ease installing
them piecemeal and replacing them with other packages.
- Remove the unused genCerts.sh certificate script patch form the
kuksa-val recipe, an updated patch will be added in the near
future.
- Added a patch in the kuksa-viss-client recipe that enables the
library to use certificates installed in /etc/kuksa-certificates or
/etc/kuksa-val instead of the default ones that are shipped.
- Add kuksa-certificates-agl recipe that installs AGL specific CA,
server, and client certificates plus the required server and client
keys to act as a replacement for the default ones shipped with
KUKSA.val. The kuksa-certificates-agl name is used to avoid needing
a rename with a future switch to kuksa-databroker. Note that the
RPROVIDES variable is used for the various certificate packages to
make them installable alternatives to the kuksa-val-certificates-*
ones. The certificates installed are valid for 1 year and have
AGL as the providing organization, longer validity ones will be
added in follow up commits for Octopus and Pike.
- Update the existing users of kuksa-val-*-certificates with the new
kuksa-val-certificates-* package names.
- Add PREFERRED_RPROVIDER definitions for the kuksa-val-certificates-*
packages to quiet the BitBake warnings coming from having multiple
providers.
Bug-AGL: SPEC-4763
Change-Id: I00031ada2401cd5b92419de5c7b1af8944c34e9d
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Diffstat (limited to 'recipes-connectivity/kuksa-val/kuksa-certificates-agl')
5 files changed, 137 insertions, 0 deletions
diff --git a/recipes-connectivity/kuksa-val/kuksa-certificates-agl/CA.pem b/recipes-connectivity/kuksa-val/kuksa-certificates-agl/CA.pem new file mode 100644 index 000000000..55e344094 --- /dev/null +++ b/recipes-connectivity/kuksa-val/kuksa-certificates-agl/CA.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID2TCCAsECFF8Fc0+krnLo4rK6tD8ZS5JVGX3kMA0GCSqGSIb3DQEBCwUAMIGo +MQswCQYDVQQGEwJDQTETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2Fu +IEZyYW5jaXNjbzEZMBcGA1UECgwQTGludXggRm91bmRhdGlvbjEVMBMGA1UEAwwM +bG9jYWxob3N0LWNhMTowOAYJKoZIhvcNAQkBFithZ2wtZGV2LWNvbW11bml0eUBs +aXN0cy5hdXRvbW90aXZlbGludXgub3JnMB4XDTIzMDQyNDIwMzAyMloXDTMzMDQy +MTIwMzAyMlowgagxCzAJBgNVBAYTAkNBMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYw +FAYDVQQHDA1TYW4gRnJhbmNpc2NvMRkwFwYDVQQKDBBMaW51eCBGb3VuZGF0aW9u +MRUwEwYDVQQDDAxsb2NhbGhvc3QtY2ExOjA4BgkqhkiG9w0BCQEWK2FnbC1kZXYt +Y29tbXVuaXR5QGxpc3RzLmF1dG9tb3RpdmVsaW51eC5vcmcwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDmBHNxOpBfmYo8bc0omNuKDnnZuhB4JTbgmblN +XCiPECdgVgSAD99YAaY/+LFKsUfwv0hMU45HcRPTN8CmijGFPMP9dmP6xZ6aCwPw +gwCE8lTwiFp/L0BNySVhXwakCqhqssCNvmBXpJf+J+7MYXYInieBotetlAEPMV6B +fcfJZxC00YVKlQX6vKQsxQB8LlSj57UwyjS0zYIhm3G5rAYLaEokgttbBDB5XKL2 +6D0yvqsdUoJygAeouq6PME8SiAY91ZwIwfL3BJyNoNnxxyJ7iRj28dmoetvtNQCl +DrU82GG/hUeFF5KnLj65yHOrLiRlquHKgIG+XOvfp7WfXbstAgMBAAEwDQYJKoZI +hvcNAQELBQADggEBAN+rVHBSJDYk6soCcd6a+zonWOiHJxw5JRbdWE56F1wvS5fv +CFLlJ01JeaXdVdISh4/zk1sFnsGQ1NRv8C/LffciNpDpKugJgKcA1BYWECj0J9h9 +yR6Nw/Ifx3ovTJi9Rm6uYoH2shNbfX0H1HUZjLzMDZJUVdwI2bkekbYmJXI6XIAP +3p4PFs0rH37z+ioIw10ubKdFjGMIW6vYcfWV6L/ybrh+dZ5GDkNncSaspMzf79PC +7sAs9/RQkp92bmvygKkXO7zNBGjPF8osoY1rv9D201Ux1gJtfn3qde0LgdvOMoq8 +scN3iO1TU2pFNhxgcCkFkLmUHSceWK4l/Bxj1kM= +-----END CERTIFICATE----- diff --git a/recipes-connectivity/kuksa-val/kuksa-certificates-agl/Client.key b/recipes-connectivity/kuksa-val/kuksa-certificates-agl/Client.key new file mode 100644 index 000000000..769502a6b --- /dev/null +++ b/recipes-connectivity/kuksa-val/kuksa-certificates-agl/Client.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC3wZbCVTustZcM +NNTEP2clEm6WVQSJcYOU/A5gJoXaKOR4L0jLsH6n9REcEXfEQn1ZIgVgsasu984P +DQYe7FSOp9PcIb9HuxrCPJQJ4xXWM7b6LDgatE2TBBHyMecDToWr8JIsywZ/0q2Q +ucbLuUCOH6A58+EBDAbMpicJFB2l5RK1mZwCGXaWc4L/mMvNjRX6oO4QcoXDSnaS +XK6nymKBlZRhGo0YN3FIpxLLkkK1qjCDC/asUAHoU7w3AZNpN8VzXtIeqEXF+wlu +Rljpt9XnVcNMaGIbdOzLJdyAt975O/yqlhJqPG2T4Nn3Gt7+F7gAuZl28mTO6lTC +A7rViRw5AgMBAAECggEAERwGO6i4PlXnnyg1peKx6cigMaDvo9UFD4yTEZaQqL4d +PMgJTwbrWhvmSI7jUAuxVGjnp4fPdLd30RyxNNSkMGa1wiXFw8nq/Uoq7gs9+6Rz +zXIr1Ke0X+OVgK+vDvajGV30XFWYkLMG/GZh2VLxzPHqpy67JO/v26L+WDjuZEVq +OxIWJVfVqNFGPoL7EdyneUF3PHtKsCnaoz2Q0X0HbgKodItrYbxeXjgu0NQNXRw3 +fN675z0lR1dMeqR4YqO66Hsdchn64DzSP3MUj8RAXaJsoj4PtFcFCzbqTendaHQi +1xymao72MFrBUTmzC0hkhi8H4h9ztdGe3fEL5aiTEQKBgQDSuNh+GGxbZrMSFRr2 +BHGGpNRSmCTc9apn8mBkz8BerLnolYxraipsYSlToUZkTQzj7lAx8RtlbAGu3DAY +I8k2DURK/Bw7heN8Rd90X8/xn/9hj/A8U6rKGLxKyY3soy0MWdFbyiihVttuMLf7 +bw+SdGoGFkfWv/B5knJMBHlpaQKBgQDfPW/smxAmo3GsKCL+awOqEA+TEN44jkEJ +n5VrEBbFoT4CaIP/c1aSzMv17GKWqwsC9gXRr242IeDBmJh6Llu8tutJfgRt4O9r +SmwVekKWchXfp7nfsThdmVpILK0tNWFz0OW1OhR4Gtpm4g7+TeMoZyTOtTZ+q+gj +n/Z2JP5yUQKBgQCWYv1+4IdUo/Lg0NcxBPLQmQo+9/43A8zd6okI6YvtBXCYoUJZ +1qb4Ok94M/080BCHCymIuv5GX9LDrLlWQRP003sN2Od9Q4yawHM9ZrPNSdbFFijp +pPyaxxR6e2YioEIiMmfMDnb4zjhEZ9imRRjj+NlCBty2Ur2Yxf90aS0NIQKBgGiw +mSJufZ6BG7fOgsqpSOih64veZzhCjgGDU0EIJIW93iSm+u/7GOhzHltP5dQelmVn +FseE67x7GrnvY+I4h1Dyv1iRvmYBDIZWOmXAFiYTjmp6b9KVe4d5eTtLqFMBK5hy +qKbae+rvPOjurnVX9WVnKX2+wbWZzJ2YUK6LHsBhAoGBAIyJNNkybkZfXJ/nv03h +Z33paK80nptjTI/aXVg6tsRQK0Sz0jucQVI9/zhsMpUnDkwRNvfLoU6hwN+lSbmd +27/pjztXGcT9UdWoeA6YMxSfZAzzoq3Q4XJ2g7QwNjH89JwV3uoLxvy5LTzMgFDY +TaY6xdM2TvEPN13mqTbs9Olg +-----END PRIVATE KEY----- diff --git a/recipes-connectivity/kuksa-val/kuksa-certificates-agl/Client.pem b/recipes-connectivity/kuksa-val/kuksa-certificates-agl/Client.pem new file mode 100644 index 000000000..f0134f152 --- /dev/null +++ b/recipes-connectivity/kuksa-val/kuksa-certificates-agl/Client.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE6jCCA9KgAwIBAgIUZsoE7a5zcY96l9fWgANt2eueQ+UwDQYJKoZIhvcNAQEL +BQAwgagxCzAJBgNVBAYTAkNBMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQH +DA1TYW4gRnJhbmNpc2NvMRkwFwYDVQQKDBBMaW51eCBGb3VuZGF0aW9uMRUwEwYD +VQQDDAxsb2NhbGhvc3QtY2ExOjA4BgkqhkiG9w0BCQEWK2FnbC1kZXYtY29tbXVu +aXR5QGxpc3RzLmF1dG9tb3RpdmVsaW51eC5vcmcwHhcNMjMwNDI0MjAzMDIzWhcN +MjQwNDIzMjAzMDIzWjCBojELMAkGA1UEBhMCQ0ExEzARBgNVBAgMCkNhbGlmb3Ju +aWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xGTAXBgNVBAoMEExpbnV4IEZvdW5k +YXRpb24xDzANBgNVBAMMBkNsaWVudDE6MDgGCSqGSIb3DQEJARYrYWdsLWRldi1j +b21tdW5pdHlAbGlzdHMuYXV0b21vdGl2ZWxpbnV4Lm9yZzCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBALfBlsJVO6y1lww01MQ/ZyUSbpZVBIlxg5T8DmAm +hdoo5HgvSMuwfqf1ERwRd8RCfVkiBWCxqy73zg8NBh7sVI6n09whv0e7GsI8lAnj +FdYztvosOBq0TZMEEfIx5wNOhavwkizLBn/SrZC5xsu5QI4foDnz4QEMBsymJwkU +HaXlErWZnAIZdpZzgv+Yy82NFfqg7hByhcNKdpJcrqfKYoGVlGEajRg3cUinEsuS +QrWqMIML9qxQAehTvDcBk2k3xXNe0h6oRcX7CW5GWOm31edVw0xoYht07Msl3IC3 +3vk7/KqWEmo8bZPg2fca3v4XuAC5mXbyZM7qVMIDutWJHDkCAwEAAaOCAQ4wggEK +MBQGA1UdEQQNMAuCCWxvY2FsaG9zdDAdBgNVHQ4EFgQUDzUw+UO3LXFmQE7IcO/c +JDjSXoowgdIGA1UdIwSByjCBx6GBrqSBqzCBqDELMAkGA1UEBhMCQ0ExEzARBgNV +BAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xGTAXBgNVBAoM +EExpbnV4IEZvdW5kYXRpb24xFTATBgNVBAMMDGxvY2FsaG9zdC1jYTE6MDgGCSqG +SIb3DQEJARYrYWdsLWRldi1jb21tdW5pdHlAbGlzdHMuYXV0b21vdGl2ZWxpbnV4 +Lm9yZ4IUXwVzT6Sucujisrq0PxlLklUZfeQwDQYJKoZIhvcNAQELBQADggEBAJIm +HInhtZUtYxt/Q3p1HtiH3GEIkc4DZMmEef4wq4/A210y9nwxrOaDXlVlz6WWRsAl +ZpEqbLvXOM/uvh1oyyfi5xMm2cm4VytLb+NtflmFvnQj3hD1O0XSf0Vwx844aQgb +5LYq2GLXXkW5afGTtGGOg8vmNg6kkjheySqRbyebkF46BGOmB/+XRD7pzfil4eTd +Qnweso2UkGnboKpwBYLubEmhJmmX4sHeJnzzjJXkeco5uGnXfSVzYzDgco4/6JSv +p1IjGNww5D1lPZfqTnSgRqoQyUXoMdSD5Q6y3FFjK38UvR7vjPcg2VmLIluMYIzH +XJOwagvtjGTA7sfbNTU= +-----END CERTIFICATE----- diff --git a/recipes-connectivity/kuksa-val/kuksa-certificates-agl/Server.key b/recipes-connectivity/kuksa-val/kuksa-certificates-agl/Server.key new file mode 100644 index 000000000..602a8e0d8 --- /dev/null +++ b/recipes-connectivity/kuksa-val/kuksa-certificates-agl/Server.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCnttOu8pXFbell +1xm2OKOCQUjTYdwACMXgkQm0pkCPdcZGdCJD6gaJfgVIhbbpu2eBbsXXedFfC+v/ +/iEsqW8tOonERtPxAjz1FjFZ1YumkxKUKs6VLsQPIZkd96GT6kRXLa8EzgwXV9L6 +nlb3n6HXXctLwzJhm6H1onWli3ZHrpl2ez5t/cIiZOKglh/jD+eJmEPglNZYBbBx +61FZZ9LsGSyLD8fIgIOlB6RDjXFGv9aKR98e/8O9QhnIVWHJ4x8B4VR6srmEWApV +qoccLS+HxVNqmjEVDfyavYudhCAk0PYuo0/vIcyANZkH6DxXlYrDlKxjSOZQkA55 +hB95LXdTAgMBAAECggEADFHDruAm3D+8mzx3qQj0Ccdd4BkaHe6HCn3c5qYnq+IM +1HQHaFGydTsKjE82Jmkbq0hFxBQwqvinN0ClkzBG+F2KbR5+xv9RFvewXFbxUSUQ +gk26qv6qbCodozPjbIgSyQyUBJhWDwjmeH5VCQ9yxe0f18rY0o6qEO8EEUrzP0SX +efugez1n3pUJi7s04ktmfDTeJNKkTKVNaMJ/LZdz53hgeNzRu9nFDJhKwElTC/A6 ++q4zRABvzZDh8omcOWn4Of0KEaZO4N8b7Bg3ti0SogtV3O1uU5YtslJ56Yo4dpPl +KDfu07DXjoFVD3BQ+E5PClR13kPxo+4QVy/hEYWM0QKBgQDg8tSUJndBWlb6tTiP +vT20tm6gXOY5Epb/URDs5cTjYNB4m3pj2FN8PA3kJ1NaYqQPD4PoHm6FHHcJXl3X +/bm5SUA+y+rpgOHet+vddatbV9X7Ucf1MMBdzmushEhGSXJppPdjCc7GqnbSfTDY +6qxDq/ecD98IEd3M8MyQnWu4xQKBgQC+3Xasd3+H6HHfy6GZNu3qhft2Hdtv5Rg4 +n4dU0AbUzK2jYnx4pF7Bg7TChpRQrosV7BQpFdq/UbvhiqRTtsYUXFnSpDsuZTQv +6a0EkHMbz+WQc6/rpRnBqAsGjlM/z3A33zsGjDcXT+bJ534KXzrIEZPoFaFkJ4a9 +55NG4xABNwKBgQCx3O9e0Odcgjzh8OZvKPegatsf6zSSDfPcntGeLrM2Ajf0FSN5 +zPN9+NIXA00x22rTCbaHk4BZub8ZZkcXYGQ4cAXfYUc2KBTwEEbsDX1XNSVZmTlc +0pZX1b5nYxTulmZjx+9fnMKlbOWU2y4DZdKdk1yuRhJYhB/3SrLE6ePh7QKBgDiZ +3naY3XYFZbezYJHaK0XwQ7ksc4XET6GDFZP+OPhkVl3sd/Mi84K5tyI03Mjsagyv +PO9OLterumbRQZgdzLH/DRgdYfuJQaevyYJf//LQfUiQNixQgsneNp7UGDYFI0c+ +aPexHylHpa5cexFCWmE4bT9XIsxbuGaaxR8xeO6TAoGAU/LkR6Ncvx8djtT5RpuK +BtmLXDvhaTswXq6WVqf3ihl0PfPyoyFqt0vD5gKd7ShG7jU+vHSW7UAlEVoiawTb +L+p9g/Y+0CS8+7xtbiWQZhwvdlBTYO4Ddgs/YsCEWZG3rB2p20Hj7KwrHiNFGMry +Ju6j+QZ4Go0nO/hFmWiRgdk= +-----END PRIVATE KEY----- diff --git a/recipes-connectivity/kuksa-val/kuksa-certificates-agl/Server.pem b/recipes-connectivity/kuksa-val/kuksa-certificates-agl/Server.pem new file mode 100644 index 000000000..d7e9571aa --- /dev/null +++ b/recipes-connectivity/kuksa-val/kuksa-certificates-agl/Server.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE6jCCA9KgAwIBAgIUZsoE7a5zcY96l9fWgANt2eueQ+QwDQYJKoZIhvcNAQEL +BQAwgagxCzAJBgNVBAYTAkNBMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQH +DA1TYW4gRnJhbmNpc2NvMRkwFwYDVQQKDBBMaW51eCBGb3VuZGF0aW9uMRUwEwYD +VQQDDAxsb2NhbGhvc3QtY2ExOjA4BgkqhkiG9w0BCQEWK2FnbC1kZXYtY29tbXVu +aXR5QGxpc3RzLmF1dG9tb3RpdmVsaW51eC5vcmcwHhcNMjMwNDI0MjAzMDIzWhcN +MjQwNDIzMjAzMDIzWjCBojELMAkGA1UEBhMCQ0ExEzARBgNVBAgMCkNhbGlmb3Ju +aWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xGTAXBgNVBAoMEExpbnV4IEZvdW5k +YXRpb24xDzANBgNVBAMMBlNlcnZlcjE6MDgGCSqGSIb3DQEJARYrYWdsLWRldi1j +b21tdW5pdHlAbGlzdHMuYXV0b21vdGl2ZWxpbnV4Lm9yZzCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAKe2067ylcVt6WXXGbY4o4JBSNNh3AAIxeCRCbSm +QI91xkZ0IkPqBol+BUiFtum7Z4Fuxdd50V8L6//+ISypby06icRG0/ECPPUWMVnV +i6aTEpQqzpUuxA8hmR33oZPqRFctrwTODBdX0vqeVvefodddy0vDMmGbofWidaWL +dkeumXZ7Pm39wiJk4qCWH+MP54mYQ+CU1lgFsHHrUVln0uwZLIsPx8iAg6UHpEON +cUa/1opH3x7/w71CGchVYcnjHwHhVHqyuYRYClWqhxwtL4fFU2qaMRUN/Jq9i52E +ICTQ9i6jT+8hzIA1mQfoPFeVisOUrGNI5lCQDnmEH3ktd1MCAwEAAaOCAQ4wggEK +MBQGA1UdEQQNMAuCCWxvY2FsaG9zdDAdBgNVHQ4EFgQUA1ZxK520N3pMPVYrUk1o +2K5tEzEwgdIGA1UdIwSByjCBx6GBrqSBqzCBqDELMAkGA1UEBhMCQ0ExEzARBgNV +BAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xGTAXBgNVBAoM +EExpbnV4IEZvdW5kYXRpb24xFTATBgNVBAMMDGxvY2FsaG9zdC1jYTE6MDgGCSqG +SIb3DQEJARYrYWdsLWRldi1jb21tdW5pdHlAbGlzdHMuYXV0b21vdGl2ZWxpbnV4 +Lm9yZ4IUXwVzT6Sucujisrq0PxlLklUZfeQwDQYJKoZIhvcNAQELBQADggEBAARb +sfPoqFk2ApNUz8PMhnk1W9XG9Z9as8Nasd39Khxq/ecyAH0eMllsK5u5z6ms9Kcu +FETd8l+t4ITpV3ST57p83/UtWiabNg39J4ChB8YfvzNAG6qew5BfnQG/4mb0xHJE +3Mnk7+4PnlDSkSXnmq0wnnavhrt4DIHuKyU3fFsYDr6rSIscVlmYPtjSlpqu+ZTP +FKrDamXPDsCiIK8dY2oN8oAjcylkPc/vD1PefBFSeCDb0isxujjgwRzCeSSAXKOi +wnYdgfH/gpkIgaZyCrm46ifkm7ckX1i5qVwUoA4ilv5AU9o1TCzijFd6505OzlO+ +8RPI4uaCYgGPCWBjMsw= +-----END CERTIFICATE----- |