From 2abc36aa3020a5e9fc1597ffdc1749eda2121036 Mon Sep 17 00:00:00 2001
From: Scott Murray <scott.murray@konsulko.com>
Date: Mon, 24 Apr 2023 18:01:29 -0400
Subject: kuksa-val: Rework to support updated SSL certificates

Changes:
- Tweak the kuksa-val recipe to remove installing a newer server
  certificate (since it will be done elsewhere), and to split the
  certificates up into finer grained packages to ease installing
  them piecemeal and replacing them with other packages.
- Remove the unused genCerts.sh certificate script patch form the
  kuksa-val recipe, an updated patch will be added in the near
  future.
- Added a patch in the kuksa-viss-client recipe that enables the
  library to use certificates installed in /etc/kuksa-certificates or
  /etc/kuksa-val instead of the default ones that are shipped.
- Add kuksa-certificates-agl recipe that installs AGL specific CA,
  server, and client certificates plus the required server and client
  keys to act as a replacement for the default ones shipped with
  KUKSA.val.  The kuksa-certificates-agl name is used to avoid needing
  a rename with a future switch to kuksa-databroker.  Note that the
  RPROVIDES variable is used for the various certificate packages to
  make them installable alternatives to the kuksa-val-certificates-*
  ones.  The certificates installed are valid for 1 year and have
  AGL as the providing organization, longer validity ones will be
  added in follow up commits for Octopus and Pike.
- Update the existing users of kuksa-val-*-certificates with the new
  kuksa-val-certificates-* package names.
- Add PREFERRED_RPROVIDER definitions for the kuksa-val-certificates-*
  packages to quiet the BitBake warnings coming from having multiple
  providers.

Bug-AGL: SPEC-4763

Change-Id: Ic6f1ca8b54f637674cd5ae42df0bed6ca4e729aa
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
 .../kuksa-val/kuksa-certificates-agl/CA.pem        | 23 ++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 recipes-connectivity/kuksa-val/kuksa-certificates-agl/CA.pem

(limited to 'recipes-connectivity/kuksa-val/kuksa-certificates-agl/CA.pem')

diff --git a/recipes-connectivity/kuksa-val/kuksa-certificates-agl/CA.pem b/recipes-connectivity/kuksa-val/kuksa-certificates-agl/CA.pem
new file mode 100644
index 00000000..55e34409
--- /dev/null
+++ b/recipes-connectivity/kuksa-val/kuksa-certificates-agl/CA.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID2TCCAsECFF8Fc0+krnLo4rK6tD8ZS5JVGX3kMA0GCSqGSIb3DQEBCwUAMIGo
+MQswCQYDVQQGEwJDQTETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2Fu
+IEZyYW5jaXNjbzEZMBcGA1UECgwQTGludXggRm91bmRhdGlvbjEVMBMGA1UEAwwM
+bG9jYWxob3N0LWNhMTowOAYJKoZIhvcNAQkBFithZ2wtZGV2LWNvbW11bml0eUBs
+aXN0cy5hdXRvbW90aXZlbGludXgub3JnMB4XDTIzMDQyNDIwMzAyMloXDTMzMDQy
+MTIwMzAyMlowgagxCzAJBgNVBAYTAkNBMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYw
+FAYDVQQHDA1TYW4gRnJhbmNpc2NvMRkwFwYDVQQKDBBMaW51eCBGb3VuZGF0aW9u
+MRUwEwYDVQQDDAxsb2NhbGhvc3QtY2ExOjA4BgkqhkiG9w0BCQEWK2FnbC1kZXYt
+Y29tbXVuaXR5QGxpc3RzLmF1dG9tb3RpdmVsaW51eC5vcmcwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDmBHNxOpBfmYo8bc0omNuKDnnZuhB4JTbgmblN
+XCiPECdgVgSAD99YAaY/+LFKsUfwv0hMU45HcRPTN8CmijGFPMP9dmP6xZ6aCwPw
+gwCE8lTwiFp/L0BNySVhXwakCqhqssCNvmBXpJf+J+7MYXYInieBotetlAEPMV6B
+fcfJZxC00YVKlQX6vKQsxQB8LlSj57UwyjS0zYIhm3G5rAYLaEokgttbBDB5XKL2
+6D0yvqsdUoJygAeouq6PME8SiAY91ZwIwfL3BJyNoNnxxyJ7iRj28dmoetvtNQCl
+DrU82GG/hUeFF5KnLj65yHOrLiRlquHKgIG+XOvfp7WfXbstAgMBAAEwDQYJKoZI
+hvcNAQELBQADggEBAN+rVHBSJDYk6soCcd6a+zonWOiHJxw5JRbdWE56F1wvS5fv
+CFLlJ01JeaXdVdISh4/zk1sFnsGQ1NRv8C/LffciNpDpKugJgKcA1BYWECj0J9h9
+yR6Nw/Ifx3ovTJi9Rm6uYoH2shNbfX0H1HUZjLzMDZJUVdwI2bkekbYmJXI6XIAP
+3p4PFs0rH37z+ioIw10ubKdFjGMIW6vYcfWV6L/ybrh+dZ5GDkNncSaspMzf79PC
+7sAs9/RQkp92bmvygKkXO7zNBGjPF8osoY1rv9D201Ux1gJtfn3qde0LgdvOMoq8
+scN3iO1TU2pFNhxgcCkFkLmUHSceWK4l/Bxj1kM=
+-----END CERTIFICATE-----
-- 
cgit 1.2.3-korg