summaryrefslogtreecommitdiffstats
path: root/recipes-core/nss
AgeCommit message (Collapse)AuthorFilesLines
2023-04-27kuksa-val: Rework to support updated SSL certificatesScott Murray1-1/+1
Changes: - Tweak the kuksa-val recipe to remove installing a newer server certificate (since it will be done elsewhere), and to split the certificates up into finer grained packages to ease installing them piecemeal and replacing them with other packages. - Remove the unused genCerts.sh certificate script patch form the kuksa-val recipe, an updated patch will be added in the near future. - Added a patch in the kuksa-viss-client recipe that enables the library to use certificates installed in /etc/kuksa-certificates or /etc/kuksa-val instead of the default ones that are shipped. - Add kuksa-certificates-agl recipe that installs AGL specific CA, server, and client certificates plus the required server and client keys to act as a replacement for the default ones shipped with KUKSA.val. The kuksa-certificates-agl name is used to avoid needing a rename with a future switch to kuksa-databroker. Note that the RPROVIDES variable is used for the various certificate packages to make them installable alternatives to the kuksa-val-certificates-* ones. The certificates installed are valid for 1 year and have AGL as the providing organization, longer validity ones will be added in follow up commits for Octopus and Pike. - Update the existing users of kuksa-val-*-certificates with the new kuksa-val-certificates-* package names. - Add PREFERRED_RPROVIDER definitions for the kuksa-val-certificates-* packages to quiet the BitBake warnings coming from having multiple providers. Bug-AGL: SPEC-4763 Change-Id: Ic6f1ca8b54f637674cd5ae42df0bed6ca4e729aa Signed-off-by: Scott Murray <scott.murray@konsulko.com>
2023-04-03Rework nss-agl-driver-db to be a systemd unit at runtimeoctopus_15.0.1octopus/15.0.115.0.1Jan-Simon Moeller3-8/+49
This avoids the issues seen with access rights changes on /home/agl-driver and will replace https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl-demo/+/28587 Bug-AGL: SPEC-4599 Change-Id: If01ffc9623208edd7a7705739465fa8fca764b74 Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org> (cherry picked from commit 11323fa1ed396e3e16f4df327911bc9c60cc6e01)
2023-03-30Fix for user and group of /home/agl-driverJan-Simon Moeller1-1/+2
The private nssdb introduced wrong access rights for /home/agl-driver through the package. Fix it till we have it reworked. Bug-AGL: SPEC-4599 Change-Id: I665b51f8473f64785c64c55359b5e0e702050e9a Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org> (cherry picked from commit 1e62ea70abd523482e4a181737e7202280a30ce3)
2023-03-23nss: Create a nss database for agl-driver userRoger Zanoni1-0/+21
The change creates an empty db and allows other recipes to add their own certificates when needed. It will be needed by kuksa-val recipe for adding its root CA certificate that will fix CA validation issues that are happening on chromium. v2 (jsmoeller): convert to own recipe to avoid modifying nss itself Bug-AGL: SPEC-4599 Signed-off-by: Roger Zanoni <rzanoni@igalia.com> Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org> Change-Id: I5a5e4ff24cb640580cff4c609ee6293acae64487 (cherry picked from commit f9004968a0e9f3e5fc075c4df474f9fa33225e6d)