diff options
| author |   Roger Zanoni <rzanoni@igalia.com> | 2023-02-13 21:29:09 +0100 |
|---|---|---|
| committer |   Jan-Simon Moeller <jsmoeller@linuxfoundation.org> | 2023-03-23 10:19:35 +0000 |
| commit | 99356a43e5ee3ae662af83e4ae6e0e11ef1aa39e (patch) | |
| tree | e161c57cf450b91eda90c0b9c33de0468831fc77 /recipes-connectivity/kuksa-val/kuksa-val_git.bb | |
| parent | f9004968a0e9f3e5fc075c4df474f9fa33225e6d (diff) | |
kuksa-val: Add root CA certificate to agl-driver nssdb
This change is needed by chromium to fix the ERR_CERT_AUTHORITY_INVALID
issued when trying to connect to kuksa.val server using a secure
connection.
chromium is shipped with a read-only database containing trusted
CA certs and also uses a local nss database (stored on the user home
directory) that can be managed by the nss command line tools.
This change adds the kuksa root CA to agl-driver's nssdb
that can be loaded by chromium and used to perform validation.
v2 (jsmoeller): Use separate package for pki db in agl-driver home.
Bug-AGL: SPEC-4599
Signed-off-by: Roger Zanoni <rzanoni@igalia.com>
Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
Change-Id: I074d48fedfadaddd9a894b478839e16fa4757b5e
Diffstat (limited to 'recipes-connectivity/kuksa-val/kuksa-val_git.bb')
| -rw-r--r-- | recipes-connectivity/kuksa-val/kuksa-val_git.bb | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/recipes-connectivity/kuksa-val/kuksa-val_git.bb b/recipes-connectivity/kuksa-val/kuksa-val_git.bb index 04f6f4f64..2c1966ff6 100644 --- a/recipes-connectivity/kuksa-val/kuksa-val_git.bb +++ b/recipes-connectivity/kuksa-val/kuksa-val_git.bb @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://../LICENSE;md5=2b42edef8fa55315f34f2370b4715ca9 \ file://3rd-party-libs/turtle/LICENSE_1_0.txt;md5=e4224ccaecb14d942c71d31bef20d78c \ file://3rd-party-libs/jwt-cpp/LICENSE;md5=8325a5ce4414c65ffdda392e0d96a9ff" -DEPENDS = "boost openssl mosquitto protobuf-native grpc-native grpc" +DEPENDS = "boost openssl mosquitto nss protobuf-native grpc-native grpc" require kuksa-val.inc @@ -77,6 +77,11 @@ do_install:append() { chgrp 900 ${D}${sysconfdir}/kuksa-val/Server.pem } +pkg_postinst_ontarget:${PN}-client-certificates () { + certutil -A -d /home/agl-driver/.pki/nssdb -n "KuksaRootCA" -t "pC,," -i ${sysconfdir}/kuksa-val/CA.pem + chown agl-driver:agl-driver -R /home/agl-driver/.pki/ +} + # Put client certificates into their own package so we can avoid # duplicates of them for e.g. cluster clients. Longer term this # will need to be revisited. @@ -90,4 +95,4 @@ FILES:${PN}-client-certificates = " \ FILES:${PN} += "${systemd_system_unitdir} ${datadir}" -RDEPENDS:${PN} += "${PN}-client-certificates" +RDEPENDS:${PN} += "${PN}-client-certificates nss-agl-driver-db" |