Ensure KUKSA.val JWT certificate gets installed 69/29469/2
authorScott Murray <scott.murray@konsulko.com>
Fri, 24 Nov 2023 02:54:46 +0000 (21:54 -0500)
committerJan-Simon Moeller <jsmoeller@linuxfoundation.org>
Fri, 24 Nov 2023 09:32:31 +0000 (09:32 +0000)
Recent changes accidentally resulted in the jwt.key.pub certificate
file for KUKSA.val server / databroker authorization not getting
installed, breaking databroker start up.  Explicitly install it from
our kuksa-certificates-server-agl package, and tweak the kuksa-val
recipe to package it in its kuksa-certificates-server package.

Bug-AGL: SPEC-4985

Change-Id: I94703da876718524da753b6b882b331b7f088431
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl-demo/+/29469
Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
ci-image-boot-test: Jenkins Job builder account
Tested-by: Jenkins Job builder account
ci-image-build: Jenkins Job builder account

recipes-connectivity/kuksa-val/kuksa-certificates-agl.bb
recipes-connectivity/kuksa-val/kuksa-certificates-agl/jwt.key.pub [new file with mode: 0644]
recipes-connectivity/kuksa-val/kuksa-val_git.bb

index 870d2e3..0264ebb 100644 (file)
@@ -10,6 +10,7 @@ SRC_URI = "file://CA.pem \
            file://Client.pem \
            file://Server.key \
            file://Server.pem \
            file://Client.pem \
            file://Server.key \
            file://Server.pem \
+          file://jwt.key.pub \
 "
 
 inherit allarch useradd
 "
 
 inherit allarch useradd
@@ -28,6 +29,7 @@ do_install() {
     install -m 0644 ${WORKDIR}/CA.pem ${D}${sysconfdir}/kuksa-val/
     install -m 0640 -g 900 ${WORKDIR}/Server.key ${D}${sysconfdir}/kuksa-val/
     install -m 0640 -g 900 ${WORKDIR}/Server.pem ${D}${sysconfdir}/kuksa-val/
     install -m 0644 ${WORKDIR}/CA.pem ${D}${sysconfdir}/kuksa-val/
     install -m 0640 -g 900 ${WORKDIR}/Server.key ${D}${sysconfdir}/kuksa-val/
     install -m 0640 -g 900 ${WORKDIR}/Server.pem ${D}${sysconfdir}/kuksa-val/
+    install -m 0644 -g 900 ${WORKDIR}/jwt.key.pub ${D}${sysconfdir}/kuksa-val/
     install -m 0644 ${WORKDIR}/Client.key ${D}${sysconfdir}/kuksa-val/
     install -m 0644 ${WORKDIR}/Client.pem ${D}${sysconfdir}/kuksa-val/
 }
     install -m 0644 ${WORKDIR}/Client.key ${D}${sysconfdir}/kuksa-val/
     install -m 0644 ${WORKDIR}/Client.pem ${D}${sysconfdir}/kuksa-val/
 }
@@ -42,6 +44,7 @@ RPROVIDES:${PN}-ca += "kuksa-val-certificates-ca"
 FILES:${PN}-server = " \
     ${sysconfdir}/kuksa-val/Server.key \
     ${sysconfdir}/kuksa-val/Server.pem \
 FILES:${PN}-server = " \
     ${sysconfdir}/kuksa-val/Server.key \
     ${sysconfdir}/kuksa-val/Server.pem \
+    ${sysconfdir}/kuksa-val/jwt.key.pub \
 "
 RPROVIDES:${PN}-server += "kuksa-val-certificates-server"
 RDEPENDS:${PN}-server += "${PN}-ca"
 "
 RPROVIDES:${PN}-server += "kuksa-val-certificates-server"
 RDEPENDS:${PN}-server += "${PN}-ca"
diff --git a/recipes-connectivity/kuksa-val/kuksa-certificates-agl/jwt.key.pub b/recipes-connectivity/kuksa-val/kuksa-certificates-agl/jwt.key.pub
new file mode 100644 (file)
index 0000000..d9f7853
--- /dev/null
@@ -0,0 +1,14 @@
+-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6ScE9EKXEWVyYhzfhfvg
++LC8NseiuEjfrdFx3HKkb31bRw/SeS0Rye0KDP7uzffwreKf6wWYGxVUPYmyKC7j
+Pji5MpDBGM9r3pIZSvPUFdpTE5TiRHFBxWbqPSYt954BTLq4rMu/W+oq5Pdfnugb
+voYpLf0dclBl1g9KyszkDnItz3TYbWhGMbsUSfyeSPzH0IADzLoifxbc5mgiR73N
+CA/4yNSpfLoqWgQ2vdTM1182sMSmxfqSgMzIMUX/tiaXGdkoKITF1sULlLyWfTo9
+79XRZ0hmUwvfzr3OjMZNoClpYSVbKY+vtxHyux9KOOtv9lPMsgYIaPXvisrsneDZ
+fCS0afOfjgR96uHIe2UPSGAXru3yGziqEfpRZoxsgXaOe905ordLD5bSX14xkN7N
+Cz7rxDLlxPQyxp4Vhog7p/QeUyydBpZjq2bAE5GAJtiu+XGvG8RypzJFKFQwMNsw
+g1BoZVD0mb0MtU8KQmHcZIfY0FVer/CR0mUjfl1rHbtoJB+RY03lQvYNAD04ibAG
+NI1RhlTziu35Xo6NDEgs9hVs9k3WrtF+ZUxhivWmP2VXhWruRakVkC1NzKGh54e5
+/KlluFbBNpWgvWZqzWo9Jr7/fzHtR0Q0IZwkxh+Vd/bUZya1uLKqP+sTcc+aTHbn
+AEiqOjPq0D6X45wCzIwjILUCAwEAAQ==
+-----END PUBLIC KEY-----
index a894f01..c564eab 100644 (file)
@@ -73,6 +73,7 @@ FILES:${PN}-certificates-ca = " \
 FILES:${PN}-certificates-server = " \
     ${sysconfdir}/kuksa-val/Server.key \
     ${sysconfdir}/kuksa-val/Server.pem \
 FILES:${PN}-certificates-server = " \
     ${sysconfdir}/kuksa-val/Server.key \
     ${sysconfdir}/kuksa-val/Server.pem \
+    ${sysconfdir}/kuksa-val/jwt.key.pub \
 "
 RDEPENDS:${PN}-certificates-server += "${PN}-certificates-ca"
 
 "
 RDEPENDS:${PN}-certificates-server += "${PN}-certificates-ca"