This change is needed by chromium to fix the ERR_CERT_AUTHORITY_INVALID
issued when trying to connect to kuksa.val server using a secure
connection.
chromium is shipped with a read-only database containing trusted
CA certs and also uses a local nss database (stored on the user home
directory) that can be managed by the nss command line tools.
This change adds the kuksa root CA to agl-driver's nssdb
that can be loaded by chromium and used to perform validation.
v2 (jsmoeller): Use separate package for pki db in agl-driver home.
Bug-AGL: SPEC-4599
Signed-off-by: Roger Zanoni <rzanoni@igalia.com>
Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
Change-Id: I074d48fedfadaddd9a894b478839e16fa4757b5e
(cherry picked from commit
99356a43e5ee3ae662af83e4ae6e0e11ef1aa39e)
file://3rd-party-libs/turtle/LICENSE_1_0.txt;md5=e4224ccaecb14d942c71d31bef20d78c \
file://3rd-party-libs/jwt-cpp/LICENSE;md5=8325a5ce4414c65ffdda392e0d96a9ff"
file://3rd-party-libs/turtle/LICENSE_1_0.txt;md5=e4224ccaecb14d942c71d31bef20d78c \
file://3rd-party-libs/jwt-cpp/LICENSE;md5=8325a5ce4414c65ffdda392e0d96a9ff"
-DEPENDS = "boost openssl mosquitto protobuf-native grpc-native grpc"
+DEPENDS = "boost openssl mosquitto nss protobuf-native grpc-native grpc"
chgrp 900 ${D}${sysconfdir}/kuksa-val/Server.pem
}
chgrp 900 ${D}${sysconfdir}/kuksa-val/Server.pem
}
+pkg_postinst_ontarget:${PN}-client-certificates () {
+ certutil -A -d /home/agl-driver/.pki/nssdb -n "KuksaRootCA" -t "pC,," -i ${sysconfdir}/kuksa-val/CA.pem
+ chown agl-driver:agl-driver -R /home/agl-driver/.pki/
+}
+
# Put client certificates into their own package so we can avoid
# duplicates of them for e.g. cluster clients. Longer term this
# will need to be revisited.
# Put client certificates into their own package so we can avoid
# duplicates of them for e.g. cluster clients. Longer term this
# will need to be revisited.
FILES:${PN} += "${systemd_system_unitdir} ${datadir}"
FILES:${PN} += "${systemd_system_unitdir} ${datadir}"
-RDEPENDS:${PN} += "${PN}-client-certificates"
+RDEPENDS:${PN} += "${PN}-client-certificates nss-agl-driver-db"