From f163201918c44a3c3d5788c078981cdfd2b7618a Mon Sep 17 00:00:00 2001
From: José Bollo <jose.bollo@iot.bzh>
Date: Fri, 11 Oct 2019 14:47:24 +0200
Subject: af-main: Sign widgets when agl-devel
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This change introduce signature of widgets with
sample keys and certificates of app-framework-main
when the feature agl-devel is selected.

It also shows how to sign widgets in yocto build
environment, using WGTPKG_AUTOSIGN_X environment
variables.

v2: Use an own agl feature for the signing and not agl-devel
    This allows us to switch it on selectively.

Bug-AGL: SPEC-2840

Change-Id: I8f66c25a2ae62ad2365c7cdb995049c00b7c780a
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
---
 meta-agl-profile-core/conf/include/agl-sign-wgts.inc             | 3 +++
 meta-app-framework/classes/aglwgt.bbclass                        | 8 ++++++++
 meta-app-framework/recipes-core/af-main/af-main_git.bb           | 5 +++--
 meta-app-framework/recipes-core/af-main/af-main_git.inc          | 7 ++++++-
 meta-app-framework/recipes-core/af-main/nativesdk-af-main_git.bb | 1 +
 templates/feature/agl-sign-wgts/50_local.conf.inc                | 2 ++
 templates/feature/agl-sign-wgts/README_feature_agl-sign-wgts.md  | 8 ++++++++
 7 files changed, 31 insertions(+), 3 deletions(-)
 create mode 100644 meta-agl-profile-core/conf/include/agl-sign-wgts.inc
 create mode 100644 templates/feature/agl-sign-wgts/50_local.conf.inc
 create mode 100644 templates/feature/agl-sign-wgts/README_feature_agl-sign-wgts.md

diff --git a/meta-agl-profile-core/conf/include/agl-sign-wgts.inc b/meta-agl-profile-core/conf/include/agl-sign-wgts.inc
new file mode 100644
index 000000000..6e6674fd1
--- /dev/null
+++ b/meta-agl-profile-core/conf/include/agl-sign-wgts.inc
@@ -0,0 +1,3 @@
+# allows insertion of code or items specific to developement
+OVERRIDES .= ":agl-sign-wgts"
+DISTRO_FEATURES_append = " agl-sign-wgts"
diff --git a/meta-app-framework/classes/aglwgt.bbclass b/meta-app-framework/classes/aglwgt.bbclass
index 800b888f6..7420baefe 100644
--- a/meta-app-framework/classes/aglwgt.bbclass
+++ b/meta-app-framework/classes/aglwgt.bbclass
@@ -153,4 +153,12 @@ do_install() {
 addtask aglwgt_deploy  before do_package after do_install
 addtask aglwgt_package before do_aglwgt_deploy after do_compile
 
+# Signature keys
+# These are default keys for development purposes !
+# Change it for production.
+WGTPKG_AUTOSIGN_0_agl-sign-wgts ??= "${WORKDIR}/recipe-sysroot-native/usr/share/afm/keys/developer.key.pem:${WORKDIR}/recipe-sysroot-native/usr/share/afm/certs/developer.cert.pem"
+WGTPKG_AUTOSIGN_1_agl-sign-wgts ??= "${WORKDIR}/recipe-sysroot-native/usr/share/afm/keys/platform.key.pem:${WORKDIR}/recipe-sysroot-native/usr/share/afm/certs/platform.cert.pem"
+
+export WGTPKG_AUTOSIGN_0
+export WGTPKG_AUTOSIGN_1
 
diff --git a/meta-app-framework/recipes-core/af-main/af-main_git.bb b/meta-app-framework/recipes-core/af-main/af-main_git.bb
index 66b93db5d..e5a183a31 100644
--- a/meta-app-framework/recipes-core/af-main/af-main_git.bb
+++ b/meta-app-framework/recipes-core/af-main/af-main_git.bb
@@ -16,7 +16,7 @@ RDEPENDS_${PN}_class-target += "af-binder-tools nss-localuser cynagoauth"
 
 PACKAGE_WRITE_DEPS_append_with-lsm-smack = " smack-native libcap-native"
 
-EXTRA_OECMAKE_class-native  = "\
+EXTRA_OECMAKE_append_class-native  = "\
 	-DUSE_LIBZIP=1 \
 	-DUSE_SIMULATION=1 \
 	-DUSE_SDK=1 \
@@ -26,7 +26,7 @@ EXTRA_OECMAKE_class-native  = "\
 	-Dafm_datadir=${afm_datadir} \
 "
 
-EXTRA_OECMAKE = "\
+EXTRA_OECMAKE_append_class-target = "\
 	-DUSE_LIBZIP=1 \
 	-DUSE_SIMULATION=0 \
 	-DUSE_SDK=0 \
@@ -114,6 +114,7 @@ pkg_postinst_ontarget_${PN}_append_with-lsm-smack() {
     chsmack -a 'System::Shared' -t $D${afm_datadir}/icons
 }
 FILES_${PN} += "${systemd_units_root}/* ${systemd_system_unitdir} ${systemd_user_unitdir}"
+FILES_${PN}_append_agl-sign-wgts = " ${datadir}/afm"
 
 PACKAGES =+ "${PN}-binding ${PN}-binding-dbg"
 FILES_${PN}-binding = " ${afb_binding_dir}/afm-main-binding.so "
diff --git a/meta-app-framework/recipes-core/af-main/af-main_git.inc b/meta-app-framework/recipes-core/af-main/af-main_git.inc
index 90057741c..99efc32df 100644
--- a/meta-app-framework/recipes-core/af-main/af-main_git.inc
+++ b/meta-app-framework/recipes-core/af-main/af-main_git.inc
@@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=3b83ef96387f14655fc854ddc3c6bd57"
 
 SRC_URI = "git://gerrit.automotivelinux.org/gerrit/src/app-framework-main;protocol=https;branch=${AGL_BRANCH}"
 
-SRCREV = "4f888279f132faf35caf92d4828f134f6daeb9a1"
+SRCREV = "956e7c57d15bde67d7392aab01a9c0fc6906bbd4"
 PV = "${AGL_BRANCH}+git${SRCPV}"
 
 S = "${WORKDIR}/git"
@@ -22,4 +22,9 @@ afb_binding_dir = "${libdir}/afb"
 systemd_units_root = "/var/local/lib/systemd"
 
 CFLAGS_append_agl-devel = " -DAGL_DEVEL"
+# only install sample keys in agl-devel mode
+# for production you need to deploy real keys
+EXTRA_OECMAKE_append_agl-sign-wgts = " ${@bb.utils.contains('DISTRO_FEATURES', 'agl-devel', '-DINSTALL_SAMPLE_KEYS=ON', '-DINSTALL_SAMPLE_KEYS=OFF', d)}"
+
+
 
diff --git a/meta-app-framework/recipes-core/af-main/nativesdk-af-main_git.bb b/meta-app-framework/recipes-core/af-main/nativesdk-af-main_git.bb
index 759c893c7..88ab4ae68 100644
--- a/meta-app-framework/recipes-core/af-main/nativesdk-af-main_git.bb
+++ b/meta-app-framework/recipes-core/af-main/nativesdk-af-main_git.bb
@@ -23,5 +23,6 @@ do_install_append() {
 
 PACKAGES = "${PN}-tools ${PN}-tools-dbg"
 FILES_${PN}-tools = "${bindir}/wgtpkg-* ${afm_confdir}/*"
+FILES_${PN}-tools_append_agl-sign-wgts = " ${datadir}/afm"
 FILES_${PN}-tools-dbg = "${bindir}/.debug/wgtpkg-*"
 
diff --git a/templates/feature/agl-sign-wgts/50_local.conf.inc b/templates/feature/agl-sign-wgts/50_local.conf.inc
new file mode 100644
index 000000000..fb1f6ab1a
--- /dev/null
+++ b/templates/feature/agl-sign-wgts/50_local.conf.inc
@@ -0,0 +1,2 @@
+#see meta-agl/meta-agl/conf/include/agl-sign-wgts.inc
+require conf/include/agl-sign-wgts.inc
diff --git a/templates/feature/agl-sign-wgts/README_feature_agl-sign-wgts.md b/templates/feature/agl-sign-wgts/README_feature_agl-sign-wgts.md
new file mode 100644
index 000000000..5e3b4b12c
--- /dev/null
+++ b/templates/feature/agl-sign-wgts/README_feature_agl-sign-wgts.md
@@ -0,0 +1,8 @@
+---
+description: Feature agl-sign-wgts
+authors: José Bollo <jose.bollo@iot.bzh>, 
+---
+	
+### Feature agl-sign-wgts
+	 
+Activation of the signature of wgt files
-- 
cgit 1.2.3-korg