1 files changed, 266 insertions, 0 deletions
diff --git a/external/meta-updater/classes/image_types_ostree.bbclass b/external/meta-updater/classes/image_types_ostree.bbclass
new file mode 100644
index 00000000..56d4d76c
--- /dev/null
+++ b/external/meta-updater/classes/image_types_ostree.bbclass
@@ -0,0 +1,266 @@
+# OSTree deployment
+inherit distro_features_check
+
+OSTREE_KERNEL ??= "${KERNEL_IMAGETYPE}"
+OSTREE_ROOTFS ??= "${WORKDIR}/ostree-rootfs"
+OSTREE_COMMIT_SUBJECT ??= "Commit-id: ${IMAGE_NAME}"
+OSTREE_COMMIT_BODY ??= ""
+OSTREE_UPDATE_SUMMARY ??= "0"
+OSTREE_DEPLOY_DEVICETREE ??= "0"
+
+BUILD_OSTREE_TARBALL ??= "1"
+
+SYSTEMD_USED = "${@oe.utils.ifelse(d.getVar('VIRTUAL-RUNTIME_init_manager') == 'systemd', 'true', '')}"
+
+IMAGE_CMD_TAR = "tar --xattrs --xattrs-include=*"
+CONVERSION_CMD_tar = "touch ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}; ${IMAGE_CMD_TAR} --numeric-owner -cf ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.tar -C ${OTA_IMAGE_ROOTFS} . || [ $? -eq 1 ]"
+CONVERSIONTYPES_append = " tar"
+
+REQUIRED_DISTRO_FEATURES = "usrmerge"
+OTA_IMAGE_ROOTFS_task-image-ostree = "${OSTREE_ROOTFS}"
+do_image_ostree[dirs] = "${OSTREE_ROOTFS}"
+do_image_ostree[cleandirs] = "${OSTREE_ROOTFS}"
+do_image_ostree[depends] = "coreutils-native:do_populate_sysroot virtual/kernel:do_deploy ${INITRAMFS_IMAGE}:do_image_complete"
+IMAGE_CMD_ostree () {
+    cp -a ${IMAGE_ROOTFS}/* ${OSTREE_ROOTFS}
+    chmod a+rx ${OSTREE_ROOTFS}
+    sync
+
+    for d in var/*; do
+      if [ "${d}" != "var/local" ]; then
+        rm -rf ${d}
+      fi
+    done
+
+    # Create sysroot directory to which physical sysroot will be mounted
+    mkdir sysroot
+    ln -sf sysroot/ostree ostree
+
+    rm -rf tmp/*
+    ln -sf sysroot/tmp tmp
+
+    mkdir -p usr/rootdirs
+
+    mv etc usr/
+
+    if [ -n "${SYSTEMD_USED}" ]; then
+        mkdir -p usr/etc/tmpfiles.d
+        tmpfiles_conf=usr/etc/tmpfiles.d/00ostree-tmpfiles.conf
+        echo "d /var/rootdirs 0755 root root -" >>${tmpfiles_conf}
+        echo "L /var/rootdirs/home - - - - /sysroot/home" >>${tmpfiles_conf}
+    else
+        mkdir -p usr/etc/init.d
+        tmpfiles_conf=usr/etc/init.d/tmpfiles.sh
+        echo '#!/bin/sh' > ${tmpfiles_conf}
+        echo "mkdir -p /var/rootdirs; chmod 755 /var/rootdirs" >> ${tmpfiles_conf}
+        echo "ln -sf /sysroot/home /var/rootdirs/home" >> ${tmpfiles_conf}
+
+        ln -s ../init.d/tmpfiles.sh usr/etc/rcS.d/S20tmpfiles.sh
+    fi
+
+    # Preserve OSTREE_BRANCHNAME for future information
+    mkdir -p usr/share/sota/
+    echo -n "${OSTREE_BRANCHNAME}" > usr/share/sota/branchname
+
+    # Preserve data in /home to be later copied to /sysroot/home by sysroot
+    # generating procedure
+    mkdir -p usr/homedirs
+    if [ -d "home" ] && [ ! -L "home" ]; then
+        mv home usr/homedirs/home
+        ln -sf var/rootdirs/home home
+    fi
+
+    # Move persistent directories to /var
+    dirs="opt mnt media srv"
+
+    for dir in ${dirs}; do
+        if [ -d ${dir} ] && [ ! -L ${dir} ]; then
+            if [ "$(ls -A $dir)" ]; then
+                bbwarn "Data in /$dir directory is not preserved by OSTree. Consider moving it under /usr"
+            fi
+
+            if [ -n "${SYSTEMD_USED}" ]; then
+                echo "d /var/rootdirs/${dir} 0755 root root -" >>${tmpfiles_conf}
+            else
+                echo "mkdir -p /var/rootdirs/${dir}; chown 755 /var/rootdirs/${dir}" >>${tmpfiles_conf}
+            fi
+            rm -rf ${dir}
+            ln -sf var/rootdirs/${dir} ${dir}
+        fi
+    done
+
+    if [ -d root ] && [ ! -L root ]; then
+        if [ "$(ls -A root)" ]; then
+            bbfatal "Data in /root directory is not preserved by OSTree."
+        fi
+
+        if [ -n "${SYSTEMD_USED}" ]; then
+            echo "d /var/roothome 0755 root root -" >>${tmpfiles_conf}
+        else
+            echo "mkdir -p /var/roothome; chown 755 /var/roothome" >>${tmpfiles_conf}
+        fi
+
+        rm -rf root
+        ln -sf var/roothome root
+    fi
+
+    if [ "${KERNEL_IMAGETYPE}" = "fitImage" ]; then
+        # this is a hack for ostree not to override init= in kernel cmdline -
+        # make it think that the initramfs is present (while it is in FIT image)
+        # since initramfs is fake file, it does not need to be included in checksum
+        checksum=$(sha256sum ${DEPLOY_DIR_IMAGE}/${OSTREE_KERNEL} | cut -f 1 -d " ")
+        touch boot/initramfs-${checksum}
+    else
+        if [ "${OSTREE_DEPLOY_DEVICETREE}" = "1"  ] && [ -n "${KERNEL_DEVICETREE}" ]; then
+            checksum=$(cat ${DEPLOY_DIR_IMAGE}/${OSTREE_KERNEL} ${DEPLOY_DIR_IMAGE}/${INITRAMFS_IMAGE}-${MACHINE}.${INITRAMFS_FSTYPES} ${KERNEL_DEVICETREE} | sha256sum | cut -f 1 -d " ")
+            for DTS_FILE in ${KERNEL_DEVICETREE}; do
+                DTS_FILE_BASENAME=$(basename ${DTS_FILE})
+                cp ${DEPLOY_DIR_IMAGE}/${DTS_FILE_BASENAME} boot/devicetree-${DTS_FILE_BASENAME}-${checksum}
+            done
+        else
+            checksum=$(cat ${DEPLOY_DIR_IMAGE}/${OSTREE_KERNEL} ${DEPLOY_DIR_IMAGE}/${INITRAMFS_IMAGE}-${MACHINE}.${INITRAMFS_FSTYPES} | sha256sum | cut -f 1 -d " ")
+        fi
+        cp ${DEPLOY_DIR_IMAGE}/${INITRAMFS_IMAGE}-${MACHINE}.${INITRAMFS_FSTYPES} boot/initramfs-${checksum}
+    fi
+
+    cp ${DEPLOY_DIR_IMAGE}/${OSTREE_KERNEL} boot/vmlinuz-${checksum}
+
+    # Copy image manifest
+    cat ${IMAGE_MANIFEST} | cut -d " " -f1,3 > usr/package.manifest
+}
+
+IMAGE_TYPEDEP_ostreecommit = "ostree"
+do_image_ostreecommit[depends] += "ostree-native:do_populate_sysroot"
+do_image_ostreecommit[lockfiles] += "${OSTREE_REPO}/ostree.lock"
+IMAGE_CMD_ostreecommit () {
+    if ! ostree --repo=${OSTREE_REPO} refs 2>&1 > /dev/null; then
+        ostree --repo=${OSTREE_REPO} init --mode=archive-z2
+    fi
+
+    # Commit the result
+    ostree --repo=${OSTREE_REPO} commit \
+           --tree=dir=${OSTREE_ROOTFS} \
+           --skip-if-unchanged \
+           --branch=${OSTREE_BRANCHNAME} \
+           --subject="${OSTREE_COMMIT_SUBJECT}" \
+           --body="${OSTREE_COMMIT_BODY}"
+
+    if [ "${OSTREE_UPDATE_SUMMARY}" = "1" ]; then
+        ostree --repo=${OSTREE_REPO} summary -u
+    fi
+
+    # To enable simultaneous bitbaking of two images with the same branch name,
+    # create a new ref in the repo using the basename of the image. (This first
+    # requires deleting it if it already exists.) Fixes OTA-2211.
+    ostree --repo=${OSTREE_REPO} refs --delete ${OSTREE_BRANCHNAME}-${IMAGE_BASENAME}
+    ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME})
+    ostree --repo=${OSTREE_REPO} refs --create=${OSTREE_BRANCHNAME}-${IMAGE_BASENAME} ${ostree_target_hash}
+}
+
+IMAGE_TYPEDEP_ostreepush = "ostreecommit"
+do_image_ostreepush[depends] += "aktualizr-native:do_populate_sysroot ca-certificates-native:do_populate_sysroot"
+IMAGE_CMD_ostreepush () {
+    # Print warnings if credetials are not set or if the file has not been found.
+    if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
+        if [ -e ${SOTA_PACKED_CREDENTIALS} ]; then
+            garage-push -vv --repo=${OSTREE_REPO} \
+                        --ref=${OSTREE_BRANCHNAME} \
+                        --credentials=${SOTA_PACKED_CREDENTIALS} \
+                        --cacert=${STAGING_ETCDIR_NATIVE}/ssl/certs/ca-certificates.crt
+        else
+            bbwarn "SOTA_PACKED_CREDENTIALS file does not exist."
+        fi
+    else
+        bbwarn "SOTA_PACKED_CREDENTIALS not set. Please add SOTA_PACKED_CREDENTIALS."
+    fi
+}
+
+IMAGE_TYPEDEP_garagesign = "ostreepush"
+do_image_garagesign[depends] += "unzip-native:do_populate_sysroot"
+# This lock solves OTA-1866, which is that removing GARAGE_SIGN_REPO while using
+# garage-sign simultaneously for two images often causes problems.
+do_image_garagesign[lockfiles] += "${DEPLOY_DIR_IMAGE}/garagesign.lock"
+IMAGE_CMD_garagesign () {
+    if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
+        # if credentials are issued by a server that doesn't support offline signing, exit silently
+        unzip -p ${SOTA_PACKED_CREDENTIALS} root.json targets.pub targets.sec tufrepo.url 2>&1 >/dev/null || exit 0
+
+        java_version=$( java -version 2>&1 | awk -F '"' '/version/ {print $2}' )
+        if [ "${java_version}" = "" ]; then
+            bbfatal "Java is required for synchronization with update backend, but is not installed on the host machine"
+        elif [ "${java_version}" \< "1.8" ]; then
+            bbfatal "Java version >= 8 is required for synchronization with update backend"
+        fi
+
+        rm -rf ${GARAGE_SIGN_REPO}
+        garage-sign init --repo tufrepo \
+                         --home-dir ${GARAGE_SIGN_REPO} \
+                         --credentials ${SOTA_PACKED_CREDENTIALS}
+
+        ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME}-${IMAGE_BASENAME})
+
+        # Use OSTree target hash as version if none was provided by the user
+        target_version=${ostree_target_hash}
+        if [ -n "${GARAGE_TARGET_VERSION}" ]; then
+            target_version=${GARAGE_TARGET_VERSION}
+            bbwarn "Target version is overriden with GARAGE_TARGET_VERSION variable. It is a dangerous operation, make sure you've read the respective secion in meta-updater/README.adoc"
+        elif [ -e "${STAGING_DATADIR_NATIVE}/target_version" ]; then
+            target_version=$(cat "${STAGING_DATADIR_NATIVE}/target_version")
+            bbwarn "Target version is overriden with target_version file. It is a dangerous operation, make sure you've read the respective secion in meta-updater/README.adoc"
+        fi
+
+        # Push may fail due to race condition when multiple build machines try to push simultaneously
+        #   in which case targets.json should be pulled again and the whole procedure repeated
+        push_success=0
+	target_url=""
+	if [ -n "${GARAGE_TARGET_URL}" ]; then
+		target_url='--url ${GARAGE_TARGET_URL}'
+	fi
+
+        for push_retries in $( seq 3 ); do
+            garage-sign targets pull --repo tufrepo \
+                                     --home-dir ${GARAGE_SIGN_REPO}
+            garage-sign targets add --repo tufrepo \
+                                    --home-dir ${GARAGE_SIGN_REPO} \
+                                    --name ${GARAGE_TARGET_NAME} \
+                                    --format OSTREE \
+                                    --version ${target_version} \
+                                    --length 0 \
+                                    ${target_url} \
+                                    --sha256 ${ostree_target_hash} \
+                                    --hardwareids ${SOTA_HARDWARE_ID}
+            garage-sign targets sign --repo tufrepo \
+                                     --home-dir ${GARAGE_SIGN_REPO} \
+                                     --key-name=targets
+            errcode=0
+            garage-sign targets push --repo tufrepo \
+                                     --home-dir ${GARAGE_SIGN_REPO} || errcode=$?
+            if [ "$errcode" -eq "0" ]; then
+                push_success=1
+                break
+            else
+                bbwarn "Push to garage repository has failed, retrying"
+            fi
+        done
+        rm -rf ${GARAGE_SIGN_REPO}
+
+        if [ "$push_success" -ne "1" ]; then
+            bbfatal "Couldn't push to garage repository"
+        fi
+    fi
+}
+
+IMAGE_TYPEDEP_garagecheck = "garagesign"
+IMAGE_CMD_garagecheck () {
+    if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
+        # if credentials are issued by a server that doesn't support offline signing, exit silently
+        unzip -p ${SOTA_PACKED_CREDENTIALS} root.json targets.pub targets.sec tufrepo.url 2>&1 >/dev/null || exit 0
+
+        ostree_target_hash=$(cat ${OSTREE_REPO}/refs/heads/${OSTREE_BRANCHNAME}-${IMAGE_BASENAME})
+
+        garage-check --ref=${ostree_target_hash} \
+                     --credentials=${SOTA_PACKED_CREDENTIALS} \
+                     --cacert=${STAGING_ETCDIR_NATIVE}/ssl/certs/ca-certificates.crt
+    fi
+}
+# vim:set ts=4 sw=4 sts=4 expandtab: