summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJosé Bollo <jose.bollo@iot.bzh>2019-10-11 14:47:24 +0200
committerJan-Simon Moeller <jsmoeller@linuxfoundation.org>2020-04-10 14:26:21 +0000
commitf163201918c44a3c3d5788c078981cdfd2b7618a (patch)
treefa9cde6b87d3e50ba0cc2bbeb5123920ad8ac9d0
parentc935d161eef593b2d1b768126f614623c9276299 (diff)
af-main: Sign widgets when agl-devel
This change introduce signature of widgets with sample keys and certificates of app-framework-main when the feature agl-devel is selected. It also shows how to sign widgets in yocto build environment, using WGTPKG_AUTOSIGN_X environment variables. v2: Use an own agl feature for the signing and not agl-devel This allows us to switch it on selectively. Bug-AGL: SPEC-2840 Change-Id: I8f66c25a2ae62ad2365c7cdb995049c00b7c780a Signed-off-by: José Bollo <jose.bollo@iot.bzh>
-rw-r--r--meta-agl-profile-core/conf/include/agl-sign-wgts.inc3
-rw-r--r--meta-app-framework/classes/aglwgt.bbclass8
-rw-r--r--meta-app-framework/recipes-core/af-main/af-main_git.bb5
-rw-r--r--meta-app-framework/recipes-core/af-main/af-main_git.inc7
-rw-r--r--meta-app-framework/recipes-core/af-main/nativesdk-af-main_git.bb1
-rw-r--r--templates/feature/agl-sign-wgts/50_local.conf.inc2
-rw-r--r--templates/feature/agl-sign-wgts/README_feature_agl-sign-wgts.md8
7 files changed, 31 insertions, 3 deletions
diff --git a/meta-agl-profile-core/conf/include/agl-sign-wgts.inc b/meta-agl-profile-core/conf/include/agl-sign-wgts.inc
new file mode 100644
index 0000000..6e6674f
--- /dev/null
+++ b/meta-agl-profile-core/conf/include/agl-sign-wgts.inc
@@ -0,0 +1,3 @@
+# allows insertion of code or items specific to developement
+OVERRIDES .= ":agl-sign-wgts"
+DISTRO_FEATURES_append = " agl-sign-wgts"
diff --git a/meta-app-framework/classes/aglwgt.bbclass b/meta-app-framework/classes/aglwgt.bbclass
index 800b888..7420bae 100644
--- a/meta-app-framework/classes/aglwgt.bbclass
+++ b/meta-app-framework/classes/aglwgt.bbclass
@@ -153,4 +153,12 @@ do_install() {
addtask aglwgt_deploy before do_package after do_install
addtask aglwgt_package before do_aglwgt_deploy after do_compile
+# Signature keys
+# These are default keys for development purposes !
+# Change it for production.
+WGTPKG_AUTOSIGN_0_agl-sign-wgts ??= "${WORKDIR}/recipe-sysroot-native/usr/share/afm/keys/developer.key.pem:${WORKDIR}/recipe-sysroot-native/usr/share/afm/certs/developer.cert.pem"
+WGTPKG_AUTOSIGN_1_agl-sign-wgts ??= "${WORKDIR}/recipe-sysroot-native/usr/share/afm/keys/platform.key.pem:${WORKDIR}/recipe-sysroot-native/usr/share/afm/certs/platform.cert.pem"
+
+export WGTPKG_AUTOSIGN_0
+export WGTPKG_AUTOSIGN_1
diff --git a/meta-app-framework/recipes-core/af-main/af-main_git.bb b/meta-app-framework/recipes-core/af-main/af-main_git.bb
index 66b93db..e5a183a 100644
--- a/meta-app-framework/recipes-core/af-main/af-main_git.bb
+++ b/meta-app-framework/recipes-core/af-main/af-main_git.bb
@@ -16,7 +16,7 @@ RDEPENDS_${PN}_class-target += "af-binder-tools nss-localuser cynagoauth"
PACKAGE_WRITE_DEPS_append_with-lsm-smack = " smack-native libcap-native"
-EXTRA_OECMAKE_class-native = "\
+EXTRA_OECMAKE_append_class-native = "\
-DUSE_LIBZIP=1 \
-DUSE_SIMULATION=1 \
-DUSE_SDK=1 \
@@ -26,7 +26,7 @@ EXTRA_OECMAKE_class-native = "\
-Dafm_datadir=${afm_datadir} \
"
-EXTRA_OECMAKE = "\
+EXTRA_OECMAKE_append_class-target = "\
-DUSE_LIBZIP=1 \
-DUSE_SIMULATION=0 \
-DUSE_SDK=0 \
@@ -114,6 +114,7 @@ pkg_postinst_ontarget_${PN}_append_with-lsm-smack() {
chsmack -a 'System::Shared' -t $D${afm_datadir}/icons
}
FILES_${PN} += "${systemd_units_root}/* ${systemd_system_unitdir} ${systemd_user_unitdir}"
+FILES_${PN}_append_agl-sign-wgts = " ${datadir}/afm"
PACKAGES =+ "${PN}-binding ${PN}-binding-dbg"
FILES_${PN}-binding = " ${afb_binding_dir}/afm-main-binding.so "
diff --git a/meta-app-framework/recipes-core/af-main/af-main_git.inc b/meta-app-framework/recipes-core/af-main/af-main_git.inc
index 9005774..99efc32 100644
--- a/meta-app-framework/recipes-core/af-main/af-main_git.inc
+++ b/meta-app-framework/recipes-core/af-main/af-main_git.inc
@@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=3b83ef96387f14655fc854ddc3c6bd57"
SRC_URI = "git://gerrit.automotivelinux.org/gerrit/src/app-framework-main;protocol=https;branch=${AGL_BRANCH}"
-SRCREV = "4f888279f132faf35caf92d4828f134f6daeb9a1"
+SRCREV = "956e7c57d15bde67d7392aab01a9c0fc6906bbd4"
PV = "${AGL_BRANCH}+git${SRCPV}"
S = "${WORKDIR}/git"
@@ -22,4 +22,9 @@ afb_binding_dir = "${libdir}/afb"
systemd_units_root = "/var/local/lib/systemd"
CFLAGS_append_agl-devel = " -DAGL_DEVEL"
+# only install sample keys in agl-devel mode
+# for production you need to deploy real keys
+EXTRA_OECMAKE_append_agl-sign-wgts = " ${@bb.utils.contains('DISTRO_FEATURES', 'agl-devel', '-DINSTALL_SAMPLE_KEYS=ON', '-DINSTALL_SAMPLE_KEYS=OFF', d)}"
+
+
diff --git a/meta-app-framework/recipes-core/af-main/nativesdk-af-main_git.bb b/meta-app-framework/recipes-core/af-main/nativesdk-af-main_git.bb
index 759c893..88ab4ae 100644
--- a/meta-app-framework/recipes-core/af-main/nativesdk-af-main_git.bb
+++ b/meta-app-framework/recipes-core/af-main/nativesdk-af-main_git.bb
@@ -23,5 +23,6 @@ do_install_append() {
PACKAGES = "${PN}-tools ${PN}-tools-dbg"
FILES_${PN}-tools = "${bindir}/wgtpkg-* ${afm_confdir}/*"
+FILES_${PN}-tools_append_agl-sign-wgts = " ${datadir}/afm"
FILES_${PN}-tools-dbg = "${bindir}/.debug/wgtpkg-*"
diff --git a/templates/feature/agl-sign-wgts/50_local.conf.inc b/templates/feature/agl-sign-wgts/50_local.conf.inc
new file mode 100644
index 0000000..fb1f6ab
--- /dev/null
+++ b/templates/feature/agl-sign-wgts/50_local.conf.inc
@@ -0,0 +1,2 @@
+#see meta-agl/meta-agl/conf/include/agl-sign-wgts.inc
+require conf/include/agl-sign-wgts.inc
diff --git a/templates/feature/agl-sign-wgts/README_feature_agl-sign-wgts.md b/templates/feature/agl-sign-wgts/README_feature_agl-sign-wgts.md
new file mode 100644
index 0000000..5e3b4b1
--- /dev/null
+++ b/templates/feature/agl-sign-wgts/README_feature_agl-sign-wgts.md
@@ -0,0 +1,8 @@
+---
+description: Feature agl-sign-wgts
+authors: José Bollo <jose.bollo@iot.bzh>,
+---
+
+### Feature agl-sign-wgts
+
+Activation of the signature of wgt files