summaryrefslogtreecommitdiffstats
path: root/recipes-core/nss
AgeCommit message (Collapse)AuthorFilesLines
2023-06-07Remove systemd user session and clean up packagegroups and imagespike_15.91.0pike/15.91.015.91.0Scott Murray2-2/+2
Remove the use of systemd user session to align with how upstream runs Weston, and to allow using all systemd sandboxing features with the compositor and homescreen, launcher, etc. applications. The changes for this touched enough packagegroups and images that further rework was done to address some of the cleanup described in SPEC-4813, see below for details. Changes: - Rework systemd units and recipes of affected applications. - Rework images to pull in image .bb files instead of .inc files. - Pull in the new agl-image-compositor as a base image where appropriate. - Update weston-terminal-conf recipe to use new split out weston-terminal package. - Use new agl-crosssdk bbclass where appropriate. - Pull some local common cross-SDK additions into a new agl-ivi-crosssdk.inc include file and use as appropriate. Note that this does have a side effect of likely correcting the contents of agl-image-ivi-crosssdk for some recent additions. - Remove flutter-gallery bbappend that turned it into an app, as we are not using it in images, have other examples now, and it seems better to not affect the contents of agl-image-flutter. - Remove unused agl-image-graphical-html5. If a downstream user does desire an image with Chromium+WAM without applications, restoring it can be considered. - Remove unused agl-image-graphical-qt5-crosssdk. - Remove all packagegroup-agl-profile-* packagegroups, as they were either empty or not providing value at this point. Any future plans for defining profiles can start from a clean sheet. - Added new packagegroup-agl-ivi-multimedia-hardware to hold some rcar3 specific additions (via override) that were previously being appended onto packagegroup-agl-graphical-multimedia even though they are machine-specific and that packagegroup is not. This may be a stopgap solution if the agl-ivi-* packagegroups are reworked further. - Replace some :append usage with += to avoid creating problems for downstream users. Bug-AGL: SPEC-4714, SPEC-4813 Change-Id: I544b1495bed1e2e2412a8e46b7d20d7622ec28c9 Signed-off-by: Scott Murray <scott.murray@konsulko.com>
2023-04-27kuksa-val: Rework to support updated SSL certificatesScott Murray1-1/+1
Changes: - Tweak the kuksa-val recipe to remove installing a newer server certificate (since it will be done elsewhere), and to split the certificates up into finer grained packages to ease installing them piecemeal and replacing them with other packages. - Remove the unused genCerts.sh certificate script patch form the kuksa-val recipe, an updated patch will be added in the near future. - Added a patch in the kuksa-viss-client recipe that enables the library to use certificates installed in /etc/kuksa-certificates or /etc/kuksa-val instead of the default ones that are shipped. - Add kuksa-certificates-agl recipe that installs AGL specific CA, server, and client certificates plus the required server and client keys to act as a replacement for the default ones shipped with KUKSA.val. The kuksa-certificates-agl name is used to avoid needing a rename with a future switch to kuksa-databroker. Note that the RPROVIDES variable is used for the various certificate packages to make them installable alternatives to the kuksa-val-certificates-* ones. The certificates installed are valid for 1 year and have AGL as the providing organization, longer validity ones will be added in follow up commits for Octopus and Pike. - Update the existing users of kuksa-val-*-certificates with the new kuksa-val-certificates-* package names. - Add PREFERRED_RPROVIDER definitions for the kuksa-val-certificates-* packages to quiet the BitBake warnings coming from having multiple providers. Bug-AGL: SPEC-4763 Change-Id: Ic6f1ca8b54f637674cd5ae42df0bed6ca4e729aa Signed-off-by: Scott Murray <scott.murray@konsulko.com>
2023-03-31Rework nss-agl-driver-db to be a systemd unit at runtimeJan-Simon Moeller3-8/+49
This avoids the issues seen with access rights changes on /home/agl-driver and will replace https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl-demo/+/28587 Bug-AGL: SPEC-4599 Change-Id: If01ffc9623208edd7a7705739465fa8fca764b74 Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
2023-03-29Fix for user and group of /home/agl-driverJan-Simon Moeller1-1/+2
The private nssdb introduced wrong access rights for /home/agl-driver through the package. Fix it till we have it reworked. Bug-AGL: SPEC-4599 Change-Id: I665b51f8473f64785c64c55359b5e0e702050e9a Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
2023-03-23nss: Create a nss database for agl-driver userRoger Zanoni1-0/+21
The change creates an empty db and allows other recipes to add their own certificates when needed. It will be needed by kuksa-val recipe for adding its root CA certificate that will fix CA validation issues that are happening on chromium. v2 (jsmoeller): convert to own recipe to avoid modifying nss itself Bug-AGL: SPEC-4599 Signed-off-by: Roger Zanoni <rzanoni@igalia.com> Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org> Change-Id: I5a5e4ff24cb640580cff4c609ee6293acae64487