summaryrefslogtreecommitdiffstats
path: root/recipes-connectivity/kuksa-val/kuksa-val_git.bb
AgeCommit message (Collapse)AuthorFilesLines
2023-11-24Ensure KUKSA.val JWT certificate gets installedScott Murray1-0/+1
Recent changes accidentally resulted in the jwt.key.pub certificate file for KUKSA.val server / databroker authorization not getting installed, breaking databroker start up. Explicitly install it from our kuksa-certificates-server-agl package, and tweak the kuksa-val recipe to package it in its kuksa-certificates-server package. Bug-AGL: SPEC-4985 Change-Id: I94703da876718524da753b6b882b331b7f088431 Signed-off-by: Scott Murray <scott.murray@konsulko.com> Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl-demo/+/29469 Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org> ci-image-boot-test: Jenkins Job builder account Tested-by: Jenkins Job builder account ci-image-build: Jenkins Job builder account
2023-04-27kuksa-val: Rework to support updated SSL certificatesScott Murray1-38/+32
Changes: - Tweak the kuksa-val recipe to remove installing a newer server certificate (since it will be done elsewhere), and to split the certificates up into finer grained packages to ease installing them piecemeal and replacing them with other packages. - Remove the unused genCerts.sh certificate script patch form the kuksa-val recipe, an updated patch will be added in the near future. - Added a patch in the kuksa-viss-client recipe that enables the library to use certificates installed in /etc/kuksa-certificates or /etc/kuksa-val instead of the default ones that are shipped. - Add kuksa-certificates-agl recipe that installs AGL specific CA, server, and client certificates plus the required server and client keys to act as a replacement for the default ones shipped with KUKSA.val. The kuksa-certificates-agl name is used to avoid needing a rename with a future switch to kuksa-databroker. Note that the RPROVIDES variable is used for the various certificate packages to make them installable alternatives to the kuksa-val-certificates-* ones. The certificates installed are valid for 1 year and have AGL as the providing organization, longer validity ones will be added in follow up commits for Octopus and Pike. - Update the existing users of kuksa-val-*-certificates with the new kuksa-val-certificates-* package names. - Add PREFERRED_RPROVIDER definitions for the kuksa-val-certificates-* packages to quiet the BitBake warnings coming from having multiple providers. Bug-AGL: SPEC-4763 Change-Id: Ic6f1ca8b54f637674cd5ae42df0bed6ca4e729aa Signed-off-by: Scott Murray <scott.murray@konsulko.com>
2023-03-31Rework nss-agl-driver-db to be a systemd unit at runtimeJan-Simon Moeller1-7/+2
This avoids the issues seen with access rights changes on /home/agl-driver and will replace https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl-demo/+/28587 Bug-AGL: SPEC-4599 Change-Id: If01ffc9623208edd7a7705739465fa8fca764b74 Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
2023-03-29Fix for user and group of /home/agl-driverJan-Simon Moeller1-1/+1
The private nssdb introduced wrong access rights for /home/agl-driver through the package. Fix it till we have it reworked. Bug-AGL: SPEC-4599 Change-Id: I665b51f8473f64785c64c55359b5e0e702050e9a Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
2023-03-23kuksa-val: Add root CA certificate to agl-driver nssdbRoger Zanoni1-2/+7
This change is needed by chromium to fix the ERR_CERT_AUTHORITY_INVALID issued when trying to connect to kuksa.val server using a secure connection. chromium is shipped with a read-only database containing trusted CA certs and also uses a local nss database (stored on the user home directory) that can be managed by the nss command line tools. This change adds the kuksa root CA to agl-driver's nssdb that can be loaded by chromium and used to perform validation. v2 (jsmoeller): Use separate package for pki db in agl-driver home. Bug-AGL: SPEC-4599 Signed-off-by: Roger Zanoni <rzanoni@igalia.com> Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org> Change-Id: I074d48fedfadaddd9a894b478839e16fa4757b5e
2023-03-01kuksa-val: Add patch to fix intermittent build failuresScott Murray1-1/+3
Add a patch to KUKSA.val to add a missing dependency in its CMake files to hopefully fix a build race that is seen on the AGL CI builders. Bug-AGL: SPEC-4717 Change-Id: I74f71236729e60ad0601fb1244b50279b2fc43e7 Signed-off-by: Scott Murray <scott.murray@konsulko.com>
2022-10-18kuksa-val: Upgrade to latestScott Murray1-7/+10
Changes: - Upgrade kuksa-val and kuksa-viss-client to a commit that includes the 0.2.5 release tag and some fixes past it. The patches for each have been updated against the newer version, with backported ones dropped. - The affected recipes have been updated to include some new gRPC tooling dependencies, and a recipe for a new jsonpath-ng dependency has been added. - Rework the kuksa-dbc-feeder recipe for the splitting out of the example feeders from the main kuksa-val repository. - Rework our local kuksa-dbc-feeder patches against the newer version, as upstream has made several improvements. Also drop the duplicate filtering feature patch, as it seems likely we will not need it going forward. - Update the kuksa-dbc-feeder configuration files to work with the new version. Notable is a change in the engine speed signal naming in VSS 3.0, which is the new default for VSS schema. - The kuksa-val and kuksa-val-feeders trees have changed their licensing from EPL-1.0 to Apache-2.0, update the recipes accordingly. Bug-AGL: SPEC-4587 Signed-off-by: Scott Murray <scott.murray@konsulko.com> Change-Id: Ibc990767219f79af95929e86361e66beda2d0c9e
2022-07-13kuksa-val: add regenerated server certificateneedlefish_13.91.0needlefish/13.91.013.91.0Scott Murray1-0/+14
After fixing the issue with the SSL context purpose in the Python client library, client connections were still failing with the error: certificate verify failed: IP address mismatch, certificate is not valid for localhost To fix this, the certificate generation script has been patched to create the now required Subject Alt Name extension field, as that has effectively replaced using the CN field in most SSL implementations. Replacement Server.key and Server.pem files generated with the updated script have been added to give us a working configuration while this is worked with upstream so their default configuration is usable with newer Python + OpenSSL versions. Bug-AGL: SPEC-4467 Signed-off-by: Scott Murray <scott.murray@konsulko.com> Change-Id: I9e8374fbbef6e8570b16d87f4e1800ceba8aacad
2022-07-06kuksa-val: split client certificates into a separate packageScott Murray1-1/+13
Split the certificates required by clients (so client and CA) into a separate kuksa-val-client-certificates package so that they can be reused in the cluster demo image without having the full KUKSA.val server installed. Bug-AGL: SPEC-4405 Signed-off-by: Scott Murray <scott.murray@konsulko.com> Change-Id: I6b78b212ead395c8f731eab40ef0525a515bdb7c
2022-07-04kuksa-val: add recipeScott Murray1-0/+62
Add a kuksa-val recipe to build the current post-0.2.1 release HEAD of the Eclipse KUKSA.val Vehicle Information Service (VIS) server, and add it to the agl-demo-platform image by adding it to packagegroup-agl-ivi-services. Several local patches are applied to enable building with OpenEmbedded and make installation into standard Linux FHS locations feasible. These will be discussed with upstream to hopefully get them integrated. Additionally, meta-networking has been added as a layer dependency in the agl-demo feature template. This is required due to kuksa-val currently having mosquitto as a non-optional dependency. Bug-AGL: SPEC-4405 Signed-off-by: Scott Murray <scott.murray@konsulko.com> Change-Id: I1a2d9e9b49d5c8ad11821b89288d2dc9895d15ae