From fdb58afacf2dff95cca48a772d653e45a1b577f3 Mon Sep 17 00:00:00 2001 From: Scott Murray Date: Mon, 24 Apr 2023 18:01:29 -0400 Subject: kuksa-val: Rework to support updated SSL certificates Changes: - Tweak the kuksa-val recipe to remove installing a newer server certificate (since it will be done elsewhere), and to split the certificates up into finer grained packages to ease installing them piecemeal and replacing them with other packages. - Remove the unused genCerts.sh certificate script patch form the kuksa-val recipe, an updated patch will be added in the near future. - Added a patch in the kuksa-viss-client recipe that enables the library to use certificates installed in /etc/kuksa-certificates or /etc/kuksa-val instead of the default ones that are shipped. - Add kuksa-certificates-agl recipe that installs AGL specific CA, server, and client certificates plus the required server and client keys to act as a replacement for the default ones shipped with KUKSA.val. The kuksa-certificates-agl name is used to avoid needing a rename with a future switch to kuksa-databroker. Note that the RPROVIDES variable is used for the various certificate packages to make them installable alternatives to the kuksa-val-certificates-* ones. The certificates installed are valid for 1 year and have AGL as the providing organization, longer validity ones will be added in follow up commits for Octopus and Pike. - Update the existing users of kuksa-val-*-certificates with the new kuksa-val-certificates-* package names. - Add PREFERRED_RPROVIDER definitions for the kuksa-val-certificates-* packages to quiet the BitBake warnings coming from having multiple providers. Bug-AGL: SPEC-4763 Change-Id: Ic6f1ca8b54f637674cd5ae42df0bed6ca4e729aa Signed-off-by: Scott Murray --- .../kuksa-val/kuksa-certificates-agl/Client.pem | 29 ++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 recipes-connectivity/kuksa-val/kuksa-certificates-agl/Client.pem (limited to 'recipes-connectivity/kuksa-val/kuksa-certificates-agl/Client.pem') diff --git a/recipes-connectivity/kuksa-val/kuksa-certificates-agl/Client.pem b/recipes-connectivity/kuksa-val/kuksa-certificates-agl/Client.pem new file mode 100644 index 00000000..f0134f15 --- /dev/null +++ b/recipes-connectivity/kuksa-val/kuksa-certificates-agl/Client.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE6jCCA9KgAwIBAgIUZsoE7a5zcY96l9fWgANt2eueQ+UwDQYJKoZIhvcNAQEL +BQAwgagxCzAJBgNVBAYTAkNBMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQH +DA1TYW4gRnJhbmNpc2NvMRkwFwYDVQQKDBBMaW51eCBGb3VuZGF0aW9uMRUwEwYD +VQQDDAxsb2NhbGhvc3QtY2ExOjA4BgkqhkiG9w0BCQEWK2FnbC1kZXYtY29tbXVu +aXR5QGxpc3RzLmF1dG9tb3RpdmVsaW51eC5vcmcwHhcNMjMwNDI0MjAzMDIzWhcN +MjQwNDIzMjAzMDIzWjCBojELMAkGA1UEBhMCQ0ExEzARBgNVBAgMCkNhbGlmb3Ju +aWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xGTAXBgNVBAoMEExpbnV4IEZvdW5k +YXRpb24xDzANBgNVBAMMBkNsaWVudDE6MDgGCSqGSIb3DQEJARYrYWdsLWRldi1j +b21tdW5pdHlAbGlzdHMuYXV0b21vdGl2ZWxpbnV4Lm9yZzCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBALfBlsJVO6y1lww01MQ/ZyUSbpZVBIlxg5T8DmAm +hdoo5HgvSMuwfqf1ERwRd8RCfVkiBWCxqy73zg8NBh7sVI6n09whv0e7GsI8lAnj +FdYztvosOBq0TZMEEfIx5wNOhavwkizLBn/SrZC5xsu5QI4foDnz4QEMBsymJwkU +HaXlErWZnAIZdpZzgv+Yy82NFfqg7hByhcNKdpJcrqfKYoGVlGEajRg3cUinEsuS +QrWqMIML9qxQAehTvDcBk2k3xXNe0h6oRcX7CW5GWOm31edVw0xoYht07Msl3IC3 +3vk7/KqWEmo8bZPg2fca3v4XuAC5mXbyZM7qVMIDutWJHDkCAwEAAaOCAQ4wggEK +MBQGA1UdEQQNMAuCCWxvY2FsaG9zdDAdBgNVHQ4EFgQUDzUw+UO3LXFmQE7IcO/c +JDjSXoowgdIGA1UdIwSByjCBx6GBrqSBqzCBqDELMAkGA1UEBhMCQ0ExEzARBgNV +BAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xGTAXBgNVBAoM +EExpbnV4IEZvdW5kYXRpb24xFTATBgNVBAMMDGxvY2FsaG9zdC1jYTE6MDgGCSqG +SIb3DQEJARYrYWdsLWRldi1jb21tdW5pdHlAbGlzdHMuYXV0b21vdGl2ZWxpbnV4 +Lm9yZ4IUXwVzT6Sucujisrq0PxlLklUZfeQwDQYJKoZIhvcNAQELBQADggEBAJIm +HInhtZUtYxt/Q3p1HtiH3GEIkc4DZMmEef4wq4/A210y9nwxrOaDXlVlz6WWRsAl +ZpEqbLvXOM/uvh1oyyfi5xMm2cm4VytLb+NtflmFvnQj3hD1O0XSf0Vwx844aQgb +5LYq2GLXXkW5afGTtGGOg8vmNg6kkjheySqRbyebkF46BGOmB/+XRD7pzfil4eTd +Qnweso2UkGnboKpwBYLubEmhJmmX4sHeJnzzjJXkeco5uGnXfSVzYzDgco4/6JSv +p1IjGNww5D1lPZfqTnSgRqoQyUXoMdSD5Q6y3FFjK38UvR7vjPcg2VmLIluMYIzH +XJOwagvtjGTA7sfbNTU= +-----END CERTIFICATE----- -- cgit 1.2.3-korg