aboutsummaryrefslogtreecommitdiffstats
path: root/recipes-core/nss
diff options
context:
space:
mode:
authorJan-Simon Moeller <jsmoeller@linuxfoundation.org>2023-03-31 15:36:25 +0200
committerJan-Simon Moeller <jsmoeller@linuxfoundation.org>2023-03-31 15:48:10 +0200
commit11323fa1ed396e3e16f4df327911bc9c60cc6e01 (patch)
tree15ea0fcf36e8be1603ff4685ebec89a2fa0170d4 /recipes-core/nss
parent1e62ea70abd523482e4a181737e7202280a30ce3 (diff)
Rework nss-agl-driver-db to be a systemd unit at runtime
This avoids the issues seen with access rights changes on /home/agl-driver and will replace https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl-demo/+/28587 Bug-AGL: SPEC-4599 Change-Id: If01ffc9623208edd7a7705739465fa8fca764b74 Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
Diffstat (limited to 'recipes-core/nss')
-rw-r--r--recipes-core/nss/nss-agl-driver-db/nss-agl-driver-db.service12
-rwxr-xr-xrecipes-core/nss/nss-agl-driver-db/nss-agl-driver-db.sh19
-rw-r--r--recipes-core/nss/nss-agl-driver-db_git.bb26
3 files changed, 49 insertions, 8 deletions
diff --git a/recipes-core/nss/nss-agl-driver-db/nss-agl-driver-db.service b/recipes-core/nss/nss-agl-driver-db/nss-agl-driver-db.service
new file mode 100644
index 000000000..48eca3921
--- /dev/null
+++ b/recipes-core/nss/nss-agl-driver-db/nss-agl-driver-db.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=Deploy Kuksa certificates to /home/agl-driver/.pki/
+After=local-fs.target
+Before=agl-session@agl-driver.service
+ConditionPathExists=!/home/agl-driver/.pki
+
+[Service]
+User=agl-driver
+ExecStart=/usr/sbin/nss-agl-driver-db.sh
+
+[Install]
+WantedBy=multi-user.target
diff --git a/recipes-core/nss/nss-agl-driver-db/nss-agl-driver-db.sh b/recipes-core/nss/nss-agl-driver-db/nss-agl-driver-db.sh
new file mode 100755
index 000000000..1a8351bf9
--- /dev/null
+++ b/recipes-core/nss/nss-agl-driver-db/nss-agl-driver-db.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+set -e
+
+# TLDR we need this file for chromium to connect back to kuksa.
+
+# check if directory already exists and bail out
+if test -d /home/agl-driver/.pki/nssdb ; then
+ echo "Directory already exists! Doing nothing."
+ exit 127
+fi
+
+# setup empty db in subfolder
+mkdir -p /home/agl-driver/.pki/nssdb
+certutil -N -d /home/agl-driver/.pki/nssdb --empty-password
+
+# deploy cert into local db
+certutil -A -d /home/agl-driver/.pki/nssdb -n "KuksaRootCA" -t "pC,," -i /etc/kuksa-val/CA.pem
+
+#chown -R agl-driver:agl-driver /home/agl-driver/.pki/nssdb
diff --git a/recipes-core/nss/nss-agl-driver-db_git.bb b/recipes-core/nss/nss-agl-driver-db_git.bb
index 3d8aa5f4b..c32ba71d2 100644
--- a/recipes-core/nss/nss-agl-driver-db_git.bb
+++ b/recipes-core/nss/nss-agl-driver-db_git.bb
@@ -3,20 +3,30 @@ DESCRIPTION = "Custom nss db hosting the kuksa certificates for chromium"
AUTHOR = "Jan-Simon Moeller <jsmoeller@linuxfoundation.org>"
HOMEPAGE = "https://git.automotivelinux.org"
LICENSE = "MIT"
-DEPENDS = " agl-session nss-native"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
+
PV = "0.1"
+SRC_URI = "file://${BPN}.service \
+ file://${BPN}.sh \
+ "
+
+inherit systemd
+
+SYSTEMD_SERVICE:${PN} = "${BPN}.service"
+
do_configure[noexec] = "1"
do_compile[noexec] = "1"
do_install() {
- mkdir -p ${D}/home/agl-driver/.pki/nssdb
- certutil -N -d ${D}/home/agl-driver/.pki/nssdb --empty-password
- chown -R 1001:1001 ${D}/home/agl-driver
+ if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+ install -d ${D}${systemd_system_unitdir}
+ install -d ${D}${sbindir}
+ install -m 0644 ${WORKDIR}/${BPN}.service ${D}${systemd_system_unitdir}
+ install -m 0755 ${WORKDIR}/${BPN}.sh ${D}${sbindir}
+ fi
}
-pkg_postinst_ontarget:${PN} () {
- chown agl-driver:agl-driver -R /home/agl-driver/
-}
+FILES:${PN} += "${systemd_system_unitdir} ${sbindir}"
-FILES:${PN} += "/home/agl-driver/.pki/*"
+RDEPENDS:${PN} += "nss agl-session kuksa-val-client-certificates bash"