Age | Commit message (Collapse) | Author | Files | Lines |
|
Recent changes accidentally resulted in the jwt.key.pub certificate
file for KUKSA.val server / databroker authorization not getting
installed, breaking databroker start up. Explicitly install it from
our kuksa-certificates-server-agl package, and tweak the kuksa-val
recipe to package it in its kuksa-certificates-server package.
Bug-AGL: SPEC-4985
Change-Id: I94703da876718524da753b6b882b331b7f088431
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl-demo/+/29469
Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
ci-image-boot-test: Jenkins Job builder account
Tested-by: Jenkins Job builder account
ci-image-build: Jenkins Job builder account
|
|
Changes:
- Tweak the kuksa-val recipe to remove installing a newer server
certificate (since it will be done elsewhere), and to split the
certificates up into finer grained packages to ease installing
them piecemeal and replacing them with other packages.
- Remove the unused genCerts.sh certificate script patch form the
kuksa-val recipe, an updated patch will be added in the near
future.
- Added a patch in the kuksa-viss-client recipe that enables the
library to use certificates installed in /etc/kuksa-certificates or
/etc/kuksa-val instead of the default ones that are shipped.
- Add kuksa-certificates-agl recipe that installs AGL specific CA,
server, and client certificates plus the required server and client
keys to act as a replacement for the default ones shipped with
KUKSA.val. The kuksa-certificates-agl name is used to avoid needing
a rename with a future switch to kuksa-databroker. Note that the
RPROVIDES variable is used for the various certificate packages to
make them installable alternatives to the kuksa-val-certificates-*
ones. The certificates installed are valid for 1 year and have
AGL as the providing organization, longer validity ones will be
added in follow up commits for Octopus and Pike.
- Update the existing users of kuksa-val-*-certificates with the new
kuksa-val-certificates-* package names.
- Add PREFERRED_RPROVIDER definitions for the kuksa-val-certificates-*
packages to quiet the BitBake warnings coming from having multiple
providers.
Bug-AGL: SPEC-4763
Change-Id: Ic6f1ca8b54f637674cd5ae42df0bed6ca4e729aa
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
|
This avoids the issues seen with access rights changes on /home/agl-driver
and will replace https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl-demo/+/28587
Bug-AGL: SPEC-4599
Change-Id: If01ffc9623208edd7a7705739465fa8fca764b74
Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
|
|
The private nssdb introduced wrong access rights for /home/agl-driver through the package.
Fix it till we have it reworked.
Bug-AGL: SPEC-4599
Change-Id: I665b51f8473f64785c64c55359b5e0e702050e9a
Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
|
|
This change is needed by chromium to fix the ERR_CERT_AUTHORITY_INVALID
issued when trying to connect to kuksa.val server using a secure
connection.
chromium is shipped with a read-only database containing trusted
CA certs and also uses a local nss database (stored on the user home
directory) that can be managed by the nss command line tools.
This change adds the kuksa root CA to agl-driver's nssdb
that can be loaded by chromium and used to perform validation.
v2 (jsmoeller): Use separate package for pki db in agl-driver home.
Bug-AGL: SPEC-4599
Signed-off-by: Roger Zanoni <rzanoni@igalia.com>
Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
Change-Id: I074d48fedfadaddd9a894b478839e16fa4757b5e
|
|
Add a patch to KUKSA.val to add a missing dependency in its CMake
files to hopefully fix a build race that is seen on the AGL CI
builders.
Bug-AGL: SPEC-4717
Change-Id: I74f71236729e60ad0601fb1244b50279b2fc43e7
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
|
Changes:
- Upgrade kuksa-val and kuksa-viss-client to a commit that includes
the 0.2.5 release tag and some fixes past it. The patches for each
have been updated against the newer version, with backported ones
dropped.
- The affected recipes have been updated to include some new gRPC
tooling dependencies, and a recipe for a new jsonpath-ng dependency
has been added.
- Rework the kuksa-dbc-feeder recipe for the splitting out of the
example feeders from the main kuksa-val repository.
- Rework our local kuksa-dbc-feeder patches against the newer version,
as upstream has made several improvements. Also drop the duplicate
filtering feature patch, as it seems likely we will not need it
going forward.
- Update the kuksa-dbc-feeder configuration files to work with the new
version. Notable is a change in the engine speed signal naming in
VSS 3.0, which is the new default for VSS schema.
- The kuksa-val and kuksa-val-feeders trees have changed their
licensing from EPL-1.0 to Apache-2.0, update the recipes
accordingly.
Bug-AGL: SPEC-4587
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Change-Id: Ibc990767219f79af95929e86361e66beda2d0c9e
|
|
After fixing the issue with the SSL context purpose in the Python
client library, client connections were still failing with the
error:
certificate verify failed: IP address mismatch, certificate is not valid for localhost
To fix this, the certificate generation script has been patched to
create the now required Subject Alt Name extension field, as that has
effectively replaced using the CN field in most SSL implementations.
Replacement Server.key and Server.pem files generated with the
updated script have been added to give us a working configuration
while this is worked with upstream so their default configuration is
usable with newer Python + OpenSSL versions.
Bug-AGL: SPEC-4467
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Change-Id: I9e8374fbbef6e8570b16d87f4e1800ceba8aacad
|
|
Split the certificates required by clients (so client and CA) into
a separate kuksa-val-client-certificates package so that they can
be reused in the cluster demo image without having the full KUKSA.val
server installed.
Bug-AGL: SPEC-4405
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Change-Id: I6b78b212ead395c8f731eab40ef0525a515bdb7c
|
|
Add a kuksa-val recipe to build the current post-0.2.1 release HEAD
of the Eclipse KUKSA.val Vehicle Information Service (VIS) server,
and add it to the agl-demo-platform image by adding it to
packagegroup-agl-ivi-services. Several local patches are applied to
enable building with OpenEmbedded and make installation into standard
Linux FHS locations feasible. These will be discussed with upstream
to hopefully get them integrated.
Additionally, meta-networking has been added as a layer dependency
in the agl-demo feature template. This is required due to kuksa-val
currently having mosquitto as a non-optional dependency.
Bug-AGL: SPEC-4405
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Change-Id: I1a2d9e9b49d5c8ad11821b89288d2dc9895d15ae
|