HOMEPAGE = "https://github.com/eclipse/kuksa.val"
BUGTRACKER = "https://github.com/eclipse/kuksa.val/issues"
-LICENSE = "EPL-2.0 & BSL-1.0 & MIT"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=d9fc0efef5228704e7f5b37f27192723 \
+LICENSE = "Apache-2.0 & BSL-1.0 & MIT"
+LIC_FILES_CHKSUM = "file://../LICENSE;md5=2b42edef8fa55315f34f2370b4715ca9 \
file://3rd-party-libs/jsoncons/LICENSE;md5=6ee7f7ed2001e4cde4679fdb8926f820 \
file://3rd-party-libs/turtle/LICENSE_1_0.txt;md5=e4224ccaecb14d942c71d31bef20d78c \
file://3rd-party-libs/jwt-cpp/LICENSE;md5=8325a5ce4414c65ffdda392e0d96a9ff"
require kuksa-val.inc
SRC_URI += "file://kuksa-val.service \
- file://0001-Make-Boost-requirements-more-liberal.patch \
- file://0002-Fix-gRPC-configuration-for-OE-cross-compiling.patch \
- file://0003-Make-install-locations-configurable.patch \
- file://0004-Disable-default-fetch-and-build-of-googletest.patch \
+ file://0001-Make-Boost-requirements-more-liberal.patch;striplevel=2 \
+ file://0002-Fix-gRPC-configuration-for-OE-cross-compiling.patch;striplevel=2 \
+ file://0003-Make-install-locations-configurable.patch;striplevel=2 \
+ file://0004-Disable-default-fetch-and-build-of-googletest.patch;striplevel=2 \
+ file://Server.key \
+ file://Server.pem \
"
+# file://0001-genCerts.sh-add-Subject-Alt-Name-extension-to-server.patch;striplevel=? \
+#
+
+S = "${WORKDIR}/git/kuksa-val-server"
inherit cmake pkgconfig systemd useradd
install -m 0644 ${WORKDIR}/kuksa-val.service ${D}${systemd_system_unitdir}
fi
+ # Install replacement server key + certificate
+ # These are AGL specific versions generated using a tweaked
+ # genCerts.sh script from the source tree that adds the now
+ # required subjectAltName extension field to make python3-ssl
+ # happy. This will be addressed with upstream and can hopefully
+ # be dropped in the future.
+ rm -f ${D}${sysconfdir}/kuksa-val/Server.key
+ install ${WORKDIR}/Server.key ${D}${sysconfdir}/kuksa-val/
+ rm -f ${D}${sysconfdir}/kuksa-val/Server.pem
+ install ${WORKDIR}/Server.pem ${D}${sysconfdir}/kuksa-val/
+
# Restrict server certificate access
# NOTE: The client certificates are left alone here for client
# development convenience for now, but this will need to