X-Git-Url: https://gerrit.automotivelinux.org/gerrit/gitweb?a=blobdiff_plain;f=recipes-connectivity%2Fkuksa-val%2Fkuksa-val_git.bb;h=04f6f4f646a63d1ab5465a89f3451227981248b0;hb=refs%2Fchanges%2F91%2F28591%2F1;hp=033e81e099dde575707e6920cfa49d64020155fb;hpb=785dae680241b989b92725a57255b1df77486d4a;p=AGL%2Fmeta-agl-demo.git diff --git a/recipes-connectivity/kuksa-val/kuksa-val_git.bb b/recipes-connectivity/kuksa-val/kuksa-val_git.bb index 033e81e09..04f6f4f64 100644 --- a/recipes-connectivity/kuksa-val/kuksa-val_git.bb +++ b/recipes-connectivity/kuksa-val/kuksa-val_git.bb @@ -3,8 +3,8 @@ DESCRIPTION = "KUKSA.val provides a COVESA VSS data model describing data in a v HOMEPAGE = "https://github.com/eclipse/kuksa.val" BUGTRACKER = "https://github.com/eclipse/kuksa.val/issues" -LICENSE = "EPL-2.0 & BSL-1.0 & MIT" -LIC_FILES_CHKSUM = "file://LICENSE;md5=d9fc0efef5228704e7f5b37f27192723 \ +LICENSE = "Apache-2.0 & BSL-1.0 & MIT" +LIC_FILES_CHKSUM = "file://../LICENSE;md5=2b42edef8fa55315f34f2370b4715ca9 \ file://3rd-party-libs/jsoncons/LICENSE;md5=6ee7f7ed2001e4cde4679fdb8926f820 \ file://3rd-party-libs/turtle/LICENSE_1_0.txt;md5=e4224ccaecb14d942c71d31bef20d78c \ file://3rd-party-libs/jwt-cpp/LICENSE;md5=8325a5ce4414c65ffdda392e0d96a9ff" @@ -14,11 +14,19 @@ DEPENDS = "boost openssl mosquitto protobuf-native grpc-native grpc" require kuksa-val.inc SRC_URI += "file://kuksa-val.service \ - file://0001-Make-Boost-requirements-more-liberal.patch \ - file://0002-Fix-gRPC-configuration-for-OE-cross-compiling.patch \ - file://0003-Make-install-locations-configurable.patch \ - file://0004-Disable-default-fetch-and-build-of-googletest.patch \ + file://0001-Make-Boost-requirements-more-liberal.patch;striplevel=2 \ + file://0002-Fix-gRPC-configuration-for-OE-cross-compiling.patch;striplevel=2 \ + file://0003-Make-install-locations-configurable.patch;striplevel=2 \ + file://0004-Disable-default-fetch-and-build-of-googletest.patch;striplevel=2 \ + file://0005-kuksa-val-server-Add-missing-check_git-dependency.patch;striplevel=2 \ + file://Server.key \ + file://Server.pem \ " +# NOTE: Ideally this would be applied, but our S definition makes it problematic: +# file://0001-genCerts.sh-add-Subject-Alt-Name-extension-to-server.patch;striplevel=? +# + +S = "${WORKDIR}/git/kuksa-val-server" inherit cmake pkgconfig systemd useradd @@ -40,7 +48,7 @@ EXTRA_OECMAKE = " \ do_install:append() { # Lower the logging level used in the installed config.ini from the upstream - # default of "ALL", which seems to cause performance issues at the moment. + # default of "ALL", which spams the logs. sed -i 's/^log-level = .*/log-level = WARNING/' ${D}/${sysconfdir}/kuksa-val/config.ini if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then @@ -48,6 +56,17 @@ do_install:append() { install -m 0644 ${WORKDIR}/kuksa-val.service ${D}${systemd_system_unitdir} fi + # Install replacement server key + certificate + # These are AGL specific versions generated using a tweaked + # genCerts.sh script from the source tree that adds the now + # required subjectAltName extension field to make python3-ssl + # happy. This will be addressed with upstream and can hopefully + # be dropped in the future. + rm -f ${D}${sysconfdir}/kuksa-val/Server.key + install ${WORKDIR}/Server.key ${D}${sysconfdir}/kuksa-val/ + rm -f ${D}${sysconfdir}/kuksa-val/Server.pem + install ${WORKDIR}/Server.pem ${D}${sysconfdir}/kuksa-val/ + # Restrict server certificate access # NOTE: The client certificates are left alone here for client # development convenience for now, but this will need to @@ -58,5 +77,17 @@ do_install:append() { chgrp 900 ${D}${sysconfdir}/kuksa-val/Server.pem } +# Put client certificates into their own package so we can avoid +# duplicates of them for e.g. cluster clients. Longer term this +# will need to be revisited. +PACKAGE_BEFORE_PN += "${PN}-client-certificates" + +FILES:${PN}-client-certificates = " \ + ${sysconfdir}/kuksa-val/Client.key \ + ${sysconfdir}/kuksa-val/Client.pem \ + ${sysconfdir}/kuksa-val/CA.pem \ +" + FILES:${PN} += "${systemd_system_unitdir} ${datadir}" +RDEPENDS:${PN} += "${PN}-client-certificates"