-
- # Install replacement server key + certificate
- # These are AGL specific versions generated using a tweaked
- # genCerts.sh script from the source tree that adds the now
- # required subjectAltName extension field to make python3-ssl
- # happy. This will be addressed with upstream and can hopefully
- # be dropped in the future.
- rm -f ${D}${sysconfdir}/kuksa-val/Server.key
- install ${WORKDIR}/Server.key ${D}${sysconfdir}/kuksa-val/
- rm -f ${D}${sysconfdir}/kuksa-val/Server.pem
- install ${WORKDIR}/Server.pem ${D}${sysconfdir}/kuksa-val/
-
- # Restrict server certificate access
- # NOTE: The client certificates are left alone here for client
- # development convenience for now, but this will need to
- # be revisited.
- chmod 640 ${D}${sysconfdir}/kuksa-val/Server.key
- chgrp 900 ${D}${sysconfdir}/kuksa-val/Server.key
- chmod 640 ${D}${sysconfdir}/kuksa-val/Server.pem
- chgrp 900 ${D}${sysconfdir}/kuksa-val/Server.pem