Age | Commit message (Collapse) | Author | Files | Lines |
|
Update the server and client certificates with ones with a 2 year
validity period, per the discussion on last week's developer call.
Bug-AGL: SPEC-4763
Change-Id: Ib326631243cd267cc6542fdfc769cc5a3d6b67fe
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
|
Changes:
- Tweak the kuksa-val recipe to remove installing a newer server
certificate (since it will be done elsewhere), and to split the
certificates up into finer grained packages to ease installing
them piecemeal and replacing them with other packages.
- Remove the unused genCerts.sh certificate script patch form the
kuksa-val recipe, an updated patch will be added in the near
future.
- Added a patch in the kuksa-viss-client recipe that enables the
library to use certificates installed in /etc/kuksa-certificates or
/etc/kuksa-val instead of the default ones that are shipped.
- Add kuksa-certificates-agl recipe that installs AGL specific CA,
server, and client certificates plus the required server and client
keys to act as a replacement for the default ones shipped with
KUKSA.val. The kuksa-certificates-agl name is used to avoid needing
a rename with a future switch to kuksa-databroker. Note that the
RPROVIDES variable is used for the various certificate packages to
make them installable alternatives to the kuksa-val-certificates-*
ones. The certificates installed are valid for 1 year and have
AGL as the providing organization, longer validity ones will be
added in follow up commits for Octopus and Pike.
- Update the existing users of kuksa-val-*-certificates with the new
kuksa-val-certificates-* package names.
- Add PREFERRED_RPROVIDER definitions for the kuksa-val-certificates-*
packages to quiet the BitBake warnings coming from having multiple
providers.
Bug-AGL: SPEC-4763
Change-Id: Ic6f1ca8b54f637674cd5ae42df0bed6ca4e729aa
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
|
This avoids the issues seen with access rights changes on /home/agl-driver
and will replace https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl-demo/+/28587
Bug-AGL: SPEC-4599
Change-Id: If01ffc9623208edd7a7705739465fa8fca764b74
Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
|
|
The private nssdb introduced wrong access rights for /home/agl-driver through the package.
Fix it till we have it reworked.
Bug-AGL: SPEC-4599
Change-Id: I665b51f8473f64785c64c55359b5e0e702050e9a
Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
|
|
This change is needed by chromium to fix the ERR_CERT_AUTHORITY_INVALID
issued when trying to connect to kuksa.val server using a secure
connection.
chromium is shipped with a read-only database containing trusted
CA certs and also uses a local nss database (stored on the user home
directory) that can be managed by the nss command line tools.
This change adds the kuksa root CA to agl-driver's nssdb
that can be loaded by chromium and used to perform validation.
v2 (jsmoeller): Use separate package for pki db in agl-driver home.
Bug-AGL: SPEC-4599
Signed-off-by: Roger Zanoni <rzanoni@igalia.com>
Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
Change-Id: I074d48fedfadaddd9a894b478839e16fa4757b5e
|
|
Add a patch to KUKSA.val to add a missing dependency in its CMake
files to hopefully fix a build race that is seen on the AGL CI
builders.
Bug-AGL: SPEC-4717
Change-Id: I74f71236729e60ad0601fb1244b50279b2fc43e7
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
|
Remove recipes providing sllin configuration for the full demo,
as all LIN usage is being replaced with CAN. The recipes for the
sllin driver and associated lin_config utility are kept for now in
case there are external uses.
Bug-AGL: SPEC-4635
Change-Id: I67b7acf5a8c3801cb1890ee27486080255252385
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
|
Changes:
- Upgrade kuksa-val and kuksa-viss-client to a commit that includes
the 0.2.5 release tag and some fixes past it. The patches for each
have been updated against the newer version, with backported ones
dropped.
- The affected recipes have been updated to include some new gRPC
tooling dependencies, and a recipe for a new jsonpath-ng dependency
has been added.
- Rework the kuksa-dbc-feeder recipe for the splitting out of the
example feeders from the main kuksa-val repository.
- Rework our local kuksa-dbc-feeder patches against the newer version,
as upstream has made several improvements. Also drop the duplicate
filtering feature patch, as it seems likely we will not need it
going forward.
- Update the kuksa-dbc-feeder configuration files to work with the new
version. Notable is a change in the engine speed signal naming in
VSS 3.0, which is the new default for VSS schema.
- The kuksa-val and kuksa-val-feeders trees have changed their
licensing from EPL-1.0 to Apache-2.0, update the recipes
accordingly.
Bug-AGL: SPEC-4587
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Change-Id: Ibc990767219f79af95929e86361e66beda2d0c9e
|
|
Add a patch for kuksa-viss-client to fix the cmd2 Python module
usage to work with newer versions of cmd2.
Bug-AGL: SPEC-4552
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Change-Id: I7599f2e07b4ad3d57796a06677d5fda170240229
|
|
Add backported patch from upstream to support latest Python 3.10.x in
the kuksa-viss-client recipe, replacing my previous local change which
no longer seems sufficient with 3.10.4.
Bug-AGL: SPEC-4566
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Change-Id: Ibeddb507b620d6700f807c92f77d7ee392e6014a
|
|
After fixing the issue with the SSL context purpose in the Python
client library, client connections were still failing with the
error:
certificate verify failed: IP address mismatch, certificate is not valid for localhost
To fix this, the certificate generation script has been patched to
create the now required Subject Alt Name extension field, as that has
effectively replaced using the CN field in most SSL implementations.
Replacement Server.key and Server.pem files generated with the
updated script have been added to give us a working configuration
while this is worked with upstream so their default configuration is
usable with newer Python + OpenSSL versions.
Bug-AGL: SPEC-4467
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Change-Id: I9e8374fbbef6e8570b16d87f4e1800ceba8aacad
|
|
Add a patch that fixes the context purpose in the SSL context
creation done for the client connection. On a client, the
purpose needs to be set to server authentication to make newer
versions of Python happy.
Bug-AGL: SPEC-4467
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Change-Id: Ide640a79f450fd2c1b5c2cda847932b2fd4e35c7
|
|
In practice mapping multiple CAN signals from the LIN polling to a
smaller number of VIS signals does not work well with the behavior
of the CAN feeder from KUKSA.val when testing on the actual demo
hardware. To improve the behavior:
- update the VSS schema overlay and DBC feeder mapping configuration
to use new AGL custom steering wheel switch signals instead of the
previous signals and mappings.
- add a patch to the DBC feeder to add a per-target duplicate signal
filtering option, and enable it for all the steering wheel signals
in the mapping configuration.
The DBC feeder performance issues stemming from synchronous VIS server
updates will be discussed with upstream, but these changes should
yield behavior similar to the previous combination of the low-can and
signal-composer bindings. With respect to the switch signals, this
should be revisited if implementing a custom LIN signal feeder becomes
an option, as overall it would be better to leverage the standard VSS
schema signals if possible.
Bug-AGL: SPEC-4405
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Change-Id: Ifd62161f18303717ee279e23f46000324ab77dbc
|
|
Add kuksa-val-agl and kuksa-val-agl-demo-cluster recipes that install
extra configuration for KUKSA.val for the AGL demo platform.
Changes:
- Add kuksa-val-agl recipe to install AGL specific signals overlay
and uses a new environment variable hook in the kuksa-val systemd
unit to pass the required --overlays option to pick it up.
- Add kuksa-val-agl-demo-cluster recipe to install cluster support
specific kuksa-val environment file that makes kuksa-val-server
listen on all addresses. This is hopefully a stop gap approach
for the cluster demo until support for listening on multiple
addresses is added upstream.
- Add kuksa-val-agl to packagegroup-agl-ivi-services to enable the
AGL specific signals in the demo images.
- Add kuksa-val-agl-demo-cluster to packagegroup-agl-demo-cluster-support
to pick it up when the agl-demo-cluster-support feature is used
to build an image for the full AGL demo setup.
Bug-AGL: SPEC-4405
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Change-Id: I41e90829a40aebf7f29e7719334f37d639542e07
|
|
Split the certificates required by clients (so client and CA) into
a separate kuksa-val-client-certificates package so that they can
be reused in the cluster demo image without having the full KUKSA.val
server installed.
Bug-AGL: SPEC-4405
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Change-Id: I6b78b212ead395c8f731eab40ef0525a515bdb7c
|
|
Add kuksa-dbc-feeder-sllin recipe to install systemd unit and
configuration file to run a second copy of the KUKSA.val DBC
feeder against the demo setup's sllin0 interface. The systemd
unit will bring up the sllin0 interface by a call to the
can-dev-helper.sh script if run on hardware that lacks the
LIN adapter. Additionally, the DBC feeder mapping configuration
has been updated with the mappings for the steering wheel LIN
events, and kuksa-dbc-feeder-sllin has been added to the
agl-demo-preload packagegroup for the full AGL demo setup.
Bug-AGL: SPEC-4405
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Change-Id: Ief38c4dcccda899cdef24881b292928e607dda14
|
|
The initial check-in of agl-vcar.dbc used with the kuksa-dbc-feeder
recipe was a version with the steering wheel events incorrectly
defined, update it with a corrected copy.
Bug-AGL: SPEC-4405
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Change-Id: I5c84d381c2652a1b5e9f06614f52c6d02b1998c0
|
|
Add a kuksa-dbc-feeder recipe to build the sample CAN feeder for the
KUKSA.val Vehicle Information Service (VIS) server and add it to the
agl-demo-platform image by adding it to packagegroup-agl-ivi-services.
Local patches are applied to enable building with OpenEmbedded, make
installation into standard Linux FHS locations feasible, and improve
usability on target with respect to logging and error handling.
These will be discussed with upstream to hopefully get them
integrated.
Additional changes:
- Add a recipe for the required kuksa-viss-client Python module
included with the KUKSA.val source tree. The module is also
available via pypi.org, but keeping all the pieces in lockstep for
now seems better, so it is built out of a clone of the kuksa.val
repo using the same SRCREV as the server and kuksa-dbc-feeder.
- Add new recipes for required Python modules:
python3-argparse-addons, python3-can-j1939,
python3-py-expression-eval, python3-setuptools-git-versioning
These will be upstreamed to meta-python as time permits.
- Add bbappend for python3-cantools to add a missing runtime
dependencies discovered during testing. This will be addressed
upstream in meta-python as time permits.
- Add minimal DBC file and mapping configuration. At present the
agl-vcar.dbc file only contains the minimum message definitions
known to be required for the AGL demo platform, namely vehicle
and engine speeds and the steering wheel events.
- Add can-dev-helper recipe to install a systemd unit and script to
ensure a CAN interface is available for testing. This is a tweaked
version of what was previously used with agl-service-can-low-level.
Bug-AGL: SPEC-4405
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Change-Id: Ic48ea71761fe3767ca3c1711c60b47e0d329d9e7
|
|
Add a kuksa-val recipe to build the current post-0.2.1 release HEAD
of the Eclipse KUKSA.val Vehicle Information Service (VIS) server,
and add it to the agl-demo-platform image by adding it to
packagegroup-agl-ivi-services. Several local patches are applied to
enable building with OpenEmbedded and make installation into standard
Linux FHS locations feasible. These will be discussed with upstream
to hopefully get them integrated.
Additionally, meta-networking has been added as a layer dependency
in the agl-demo feature template. This is required due to kuksa-val
currently having mosquitto as a non-optional dependency.
Bug-AGL: SPEC-4405
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Change-Id: I1a2d9e9b49d5c8ad11821b89288d2dc9895d15ae
|