Age | Commit message (Collapse) | Author | Files | Lines |
|
Changes:
- Tweak the kuksa-val recipe to remove installing a newer server
certificate (since it will be done elsewhere), and to split the
certificates up into finer grained packages to ease installing
them piecemeal and replacing them with other packages.
- Remove the unused genCerts.sh certificate script patch form the
kuksa-val recipe, an updated patch will be added in the near
future.
- Added a patch in the kuksa-viss-client recipe that enables the
library to use certificates installed in /etc/kuksa-certificates or
/etc/kuksa-val instead of the default ones that are shipped.
- Add kuksa-certificates-agl recipe that installs AGL specific CA,
server, and client certificates plus the required server and client
keys to act as a replacement for the default ones shipped with
KUKSA.val. The kuksa-certificates-agl name is used to avoid needing
a rename with a future switch to kuksa-databroker. Note that the
RPROVIDES variable is used for the various certificate packages to
make them installable alternatives to the kuksa-val-certificates-*
ones. The certificates installed are valid for 1 year and have
AGL as the providing organization, longer validity ones will be
added in follow up commits for Octopus and Pike.
- Update the existing users of kuksa-val-*-certificates with the new
kuksa-val-certificates-* package names.
- Add PREFERRED_RPROVIDER definitions for the kuksa-val-certificates-*
packages to quiet the BitBake warnings coming from having multiple
providers.
Bug-AGL: SPEC-4763
Change-Id: Ic6f1ca8b54f637674cd5ae42df0bed6ca4e729aa
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
|
This avoids the issues seen with access rights changes on /home/agl-driver
and will replace https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl-demo/+/28587
Bug-AGL: SPEC-4599
Change-Id: If01ffc9623208edd7a7705739465fa8fca764b74
Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
(cherry picked from commit 11323fa1ed396e3e16f4df327911bc9c60cc6e01)
|
|
The private nssdb introduced wrong access rights for /home/agl-driver through the package.
Fix it till we have it reworked.
Bug-AGL: SPEC-4599
Change-Id: I665b51f8473f64785c64c55359b5e0e702050e9a
Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
(cherry picked from commit 1e62ea70abd523482e4a181737e7202280a30ce3)
|
|
The change creates an empty db and allows other recipes
to add their own certificates when needed.
It will be needed by kuksa-val recipe for adding its root
CA certificate that will fix CA validation issues that are
happening on chromium.
v2 (jsmoeller): convert to own recipe to avoid modifying nss itself
Bug-AGL: SPEC-4599
Signed-off-by: Roger Zanoni <rzanoni@igalia.com>
Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
Change-Id: I5a5e4ff24cb640580cff4c609ee6293acae64487
(cherry picked from commit f9004968a0e9f3e5fc075c4df474f9fa33225e6d)
|