From c8d5eede46a9a95e4fa2d48f956647d811e59def Mon Sep 17 00:00:00 2001
From: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
Date: Fri, 8 Dec 2023 03:15:56 +0100
Subject: Add initial templates for ec2-arm64 and ec2-x86-64 MACHINES

Support building images for ec2.

v2: Add meta-virt into the templates.
v3: workaround bug in cloud-init recipe leading to empty cloud-init-systemd package

Bug-AGL: SPEC-5006
Change-Id: I65563c19eec60a53693a17b316f965100e2339e5
Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/29511
ci-image-boot-test: Jenkins Job builder account
Tested-by: Jenkins Job builder account
ci-image-build: Jenkins Job builder account
---
 meta-agl-core/files/passwd                          |  1 +
 .../machine/aws-ec2-arm64/50_bblayers.conf.inc      |  8 ++++++++
 templates/machine/aws-ec2-arm64/50_local.conf.inc   | 21 +++++++++++++++++++++
 .../machine/aws-ec2-x86-64/50_bblayers.conf.inc     |  8 ++++++++
 templates/machine/aws-ec2-x86-64/50_local.conf.inc  | 21 +++++++++++++++++++++
 5 files changed, 59 insertions(+)
 create mode 100644 templates/machine/aws-ec2-arm64/50_bblayers.conf.inc
 create mode 100644 templates/machine/aws-ec2-arm64/50_local.conf.inc
 create mode 100644 templates/machine/aws-ec2-x86-64/50_bblayers.conf.inc
 create mode 100644 templates/machine/aws-ec2-x86-64/50_local.conf.inc

diff --git a/meta-agl-core/files/passwd b/meta-agl-core/files/passwd
index c34e707fc..3e6639d86 100644
--- a/meta-agl-core/files/passwd
+++ b/meta-agl-core/files/passwd
@@ -64,3 +64,4 @@ mosquitto::1007:1007:::
 pipewire::1008:1008:::
 kuksa::900:900:::
 qemu::901:901:::
+user::1004:100:::
diff --git a/templates/machine/aws-ec2-arm64/50_bblayers.conf.inc b/templates/machine/aws-ec2-arm64/50_bblayers.conf.inc
new file mode 100644
index 000000000..4e619cde0
--- /dev/null
+++ b/templates/machine/aws-ec2-arm64/50_bblayers.conf.inc
@@ -0,0 +1,8 @@
+AGL_META_PYTHON = "${METADIR}/external/meta-openembedded/meta-python"
+AGL_META_MULTIMEDIA = "${METADIR}/external/meta-openembedded/meta-multimedia"
+AGL_META_NETWORKING = "${METADIR}/external/meta-openembedded/meta-networking"
+AGL_META_VIRTUALIZATION = "${METADIR}/external/meta-virtualization"
+
+BBLAYERS =+ "\
+    ${METADIR}/bsp/meta-aws \
+    "
diff --git a/templates/machine/aws-ec2-arm64/50_local.conf.inc b/templates/machine/aws-ec2-arm64/50_local.conf.inc
new file mode 100644
index 000000000..ca20e0bf2
--- /dev/null
+++ b/templates/machine/aws-ec2-arm64/50_local.conf.inc
@@ -0,0 +1,21 @@
+MACHINE = "aws-ec2-arm64"
+
+VIRTUAL-RUNTIME_initscripts = "systemd-compat-units"
+IMAGE_INSTALL:append = " cloud-init"
+DISTRO_FEATURES:append = " virtualization"
+
+
+# can we shuffle this out so CI still works
+INHERIT += "extrausers"
+# Hardening: Locking the root password. Creating the user without password for ssh key-based login only
+EXTRA_USERS_PARAMS = "usermod -L root; useradd -p '*' user"
+
+EXTRA_IMAGE_FEATURES:append = " ssh-server-openssh"
+
+# Forcing removal of debug-tweakes as that leads to reversing some sshd_config hardening done in our bbappend when do_rootfs runs
+EXTRA_IMAGE_FEATURES:remove = "debug-tweaks"
+
+AGL_DEFAULT_IMAGE_FSTYPES := "wic.vhd"
+
+# workaround bug in cloud-init leading to empty cloud-init-systemd package
+PACKAGES:pn-cloud-init:forcevariable = "cloud-init-src cloud-init-dbg cloud-init-staticdev cloud-init-dev cloud-init-doc cloud-init-locale  cloud-init-systemd cloud-init"
diff --git a/templates/machine/aws-ec2-x86-64/50_bblayers.conf.inc b/templates/machine/aws-ec2-x86-64/50_bblayers.conf.inc
new file mode 100644
index 000000000..4e619cde0
--- /dev/null
+++ b/templates/machine/aws-ec2-x86-64/50_bblayers.conf.inc
@@ -0,0 +1,8 @@
+AGL_META_PYTHON = "${METADIR}/external/meta-openembedded/meta-python"
+AGL_META_MULTIMEDIA = "${METADIR}/external/meta-openembedded/meta-multimedia"
+AGL_META_NETWORKING = "${METADIR}/external/meta-openembedded/meta-networking"
+AGL_META_VIRTUALIZATION = "${METADIR}/external/meta-virtualization"
+
+BBLAYERS =+ "\
+    ${METADIR}/bsp/meta-aws \
+    "
diff --git a/templates/machine/aws-ec2-x86-64/50_local.conf.inc b/templates/machine/aws-ec2-x86-64/50_local.conf.inc
new file mode 100644
index 000000000..58b4b087d
--- /dev/null
+++ b/templates/machine/aws-ec2-x86-64/50_local.conf.inc
@@ -0,0 +1,21 @@
+MACHINE = "aws-ec2-x86-64"
+
+VIRTUAL-RUNTIME_initscripts = "systemd-compat-units"
+IMAGE_INSTALL:append = " cloud-init"
+DISTRO_FEATURES:append = " virtualization"
+
+
+# can we shuffle this out so CI still works
+INHERIT += "extrausers"
+# Hardening: Locking the root password. Creating the user without password for ssh key-based login only
+EXTRA_USERS_PARAMS = "usermod -L root; useradd -p '*' user"
+
+EXTRA_IMAGE_FEATURES:append = " ssh-server-openssh"
+
+# Forcing removal of debug-tweakes as that leads to reversing some sshd_config hardening done in our bbappend when do_rootfs runs
+EXTRA_IMAGE_FEATURES:remove = "debug-tweaks"
+
+AGL_DEFAULT_IMAGE_FSTYPES := "wic.vhd"
+
+# workaround bug in cloud-init leading to empty cloud-init-systemd package
+PACKAGES:pn-cloud-init:forcevariable = "cloud-init-src cloud-init-dbg cloud-init-staticdev cloud-init-dev cloud-init-doc cloud-init-locale  cloud-init-systemd cloud-init"
-- 
cgit 1.2.3-korg