Fix for user and group of /home/agl-driver

[AGL/meta-agl-demo.git] / recipes-connectivity / kuksa-val / kuksa-val_git.bb

diff --git a/recipes-connectivity/kuksa-val/kuksa-val_git.bb b/recipes-connectivity/kuksa-val/kuksa-val_git.bb
index a8e2c31..48cda10 100644 (file)
--- a/recipes-connectivity/kuksa-val/kuksa-val_git.bb
+++ b/recipes-connectivity/kuksa-val/kuksa-val_git.bb
@@ -3,22 +3,30 @@ DESCRIPTION = "KUKSA.val provides a COVESA VSS data model describing data in a v
 HOMEPAGE = "https://github.com/eclipse/kuksa.val"
 BUGTRACKER = "https://github.com/eclipse/kuksa.val/issues"
 
-LICENSE = "EPL-2.0 & BSL-1.0 & MIT"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=d9fc0efef5228704e7f5b37f27192723 \
+LICENSE = "Apache-2.0 & BSL-1.0 & MIT"
+LIC_FILES_CHKSUM = "file://../LICENSE;md5=2b42edef8fa55315f34f2370b4715ca9 \
                     file://3rd-party-libs/jsoncons/LICENSE;md5=6ee7f7ed2001e4cde4679fdb8926f820 \
                     file://3rd-party-libs/turtle/LICENSE_1_0.txt;md5=e4224ccaecb14d942c71d31bef20d78c \
                     file://3rd-party-libs/jwt-cpp/LICENSE;md5=8325a5ce4414c65ffdda392e0d96a9ff"
 
-DEPENDS = "boost openssl mosquitto protobuf-native grpc-native grpc"
+DEPENDS = "boost openssl mosquitto nss protobuf-native grpc-native grpc"
 
 require kuksa-val.inc
 
 SRC_URI += "file://kuksa-val.service \
-            file://0001-Make-Boost-requirements-more-liberal.patch \
-            file://0002-Fix-gRPC-configuration-for-OE-cross-compiling.patch \
-            file://0003-Make-install-locations-configurable.patch \
-            file://0004-Disable-default-fetch-and-build-of-googletest.patch \
+            file://0001-Make-Boost-requirements-more-liberal.patch;striplevel=2 \
+            file://0002-Fix-gRPC-configuration-for-OE-cross-compiling.patch;striplevel=2 \
+            file://0003-Make-install-locations-configurable.patch;striplevel=2 \
+            file://0004-Disable-default-fetch-and-build-of-googletest.patch;striplevel=2 \
+            file://0005-kuksa-val-server-Add-missing-check_git-dependency.patch;striplevel=2 \
+            file://Server.key \
+            file://Server.pem \
 "
+# NOTE: Ideally this would be applied, but our S definition makes it problematic:
+#   file://0001-genCerts.sh-add-Subject-Alt-Name-extension-to-server.patch;striplevel=?
+#
+
+S = "${WORKDIR}/git/kuksa-val-server"
 
 inherit cmake pkgconfig systemd useradd
 
@@ -48,6 +56,17 @@ do_install:append() {
         install -m 0644 ${WORKDIR}/kuksa-val.service ${D}${systemd_system_unitdir}
     fi
 
+    # Install replacement server key + certificate
+    # These are AGL specific versions generated using a tweaked
+    # genCerts.sh script from the source tree that adds the now
+    # required subjectAltName extension field to make python3-ssl
+    # happy.  This will be addressed with upstream and can hopefully
+    # be dropped in the future.
+    rm -f ${D}${sysconfdir}/kuksa-val/Server.key
+    install ${WORKDIR}/Server.key ${D}${sysconfdir}/kuksa-val/
+    rm -f ${D}${sysconfdir}/kuksa-val/Server.pem
+    install ${WORKDIR}/Server.pem ${D}${sysconfdir}/kuksa-val/
+
     # Restrict server certificate access
     # NOTE: The client certificates are left alone here for client
     #       development convenience for now, but this will need to
@@ -58,6 +77,11 @@ do_install:append() {
     chgrp 900 ${D}${sysconfdir}/kuksa-val/Server.pem
 }
 
+pkg_postinst_ontarget:${PN}-client-certificates () {
+    certutil -A -d /home/agl-driver/.pki/nssdb -n "KuksaRootCA" -t "pC,," -i ${sysconfdir}/kuksa-val/CA.pem
+    chown agl-driver:agl-driver -R /home/agl-driver/
+}
+
 # Put client certificates into their own package so we can avoid
 # duplicates of them for e.g. cluster clients.  Longer term this
 # will need to be revisited.
@@ -71,4 +95,4 @@ FILES:${PN}-client-certificates = " \
 
 FILES:${PN} += "${systemd_system_unitdir} ${datadir}"
 
-RDEPENDS:${PN} += "${PN}-client-certificates"
+RDEPENDS:${PN} += "${PN}-client-certificates nss-agl-driver-db"