af-main: Sign widgets when agl-devel

This change introduce signature of widgets with
sample keys and certificates of app-framework-main
when the feature agl-devel is selected.

It also shows how to sign widgets in yocto build
environment, using WGTPKG_AUTOSIGN_X environment
variables.

v2: Use an own agl feature for the signing and not agl-devel
    This allows us to switch it on selectively.

Bug-AGL: SPEC-2840

Change-Id: I8f66c25a2ae62ad2365c7cdb995049c00b7c780a
Signed-off-by: José Bollo <jose.bollo@iot.bzh>

diff --git a/meta-agl-profile-core/conf/include/agl-sign-wgts.inc b/meta-agl-profile-core/conf/include/agl-sign-wgts.inc
new file mode 100644 (file)
index 0000000..6e6674f
--- /dev/null
+++ b/meta-agl-profile-core/conf/include/agl-sign-wgts.inc
@@ -0,0 +1,3 @@
+# allows insertion of code or items specific to developement
+OVERRIDES .= ":agl-sign-wgts"
+DISTRO_FEATURES_append = " agl-sign-wgts"

diff --git a/meta-app-framework/classes/aglwgt.bbclass b/meta-app-framework/classes/aglwgt.bbclass
index 800b888..7420bae 100644 (file)
--- a/meta-app-framework/classes/aglwgt.bbclass
+++ b/meta-app-framework/classes/aglwgt.bbclass
@@ -153,4 +153,12 @@ do_install() {
 addtask aglwgt_deploy  before do_package after do_install
 addtask aglwgt_package before do_aglwgt_deploy after do_compile
 
+# Signature keys
+# These are default keys for development purposes !
+# Change it for production.
+WGTPKG_AUTOSIGN_0_agl-sign-wgts ??= "${WORKDIR}/recipe-sysroot-native/usr/share/afm/keys/developer.key.pem:${WORKDIR}/recipe-sysroot-native/usr/share/afm/certs/developer.cert.pem"
+WGTPKG_AUTOSIGN_1_agl-sign-wgts ??= "${WORKDIR}/recipe-sysroot-native/usr/share/afm/keys/platform.key.pem:${WORKDIR}/recipe-sysroot-native/usr/share/afm/certs/platform.cert.pem"
+
+export WGTPKG_AUTOSIGN_0
+export WGTPKG_AUTOSIGN_1
 

diff --git a/meta-app-framework/recipes-core/af-main/af-main_git.bb b/meta-app-framework/recipes-core/af-main/af-main_git.bb
index 66b93db..e5a183a 100644 (file)
--- a/meta-app-framework/recipes-core/af-main/af-main_git.bb
+++ b/meta-app-framework/recipes-core/af-main/af-main_git.bb
@@ -16,7 +16,7 @@ RDEPENDS_${PN}_class-target += "af-binder-tools nss-localuser cynagoauth"
 
 PACKAGE_WRITE_DEPS_append_with-lsm-smack = " smack-native libcap-native"
 
-EXTRA_OECMAKE_class-native  = "\
+EXTRA_OECMAKE_append_class-native  = "\
        -DUSE_LIBZIP=1 \
        -DUSE_SIMULATION=1 \
        -DUSE_SDK=1 \
@@ -26,7 +26,7 @@ EXTRA_OECMAKE_class-native  = "\
        -Dafm_datadir=${afm_datadir} \
 "
 
-EXTRA_OECMAKE = "\
+EXTRA_OECMAKE_append_class-target = "\
        -DUSE_LIBZIP=1 \
        -DUSE_SIMULATION=0 \
        -DUSE_SDK=0 \
@@ -114,6 +114,7 @@ pkg_postinst_ontarget_${PN}_append_with-lsm-smack() {
     chsmack -a 'System::Shared' -t $D${afm_datadir}/icons
 }
 FILES_${PN} += "${systemd_units_root}/* ${systemd_system_unitdir} ${systemd_user_unitdir}"
+FILES_${PN}_append_agl-sign-wgts = " ${datadir}/afm"
 
 PACKAGES =+ "${PN}-binding ${PN}-binding-dbg"
 FILES_${PN}-binding = " ${afb_binding_dir}/afm-main-binding.so "

diff --git a/meta-app-framework/recipes-core/af-main/af-main_git.inc b/meta-app-framework/recipes-core/af-main/af-main_git.inc
index 9005774..99efc32 100644 (file)
--- a/meta-app-framework/recipes-core/af-main/af-main_git.inc
+++ b/meta-app-framework/recipes-core/af-main/af-main_git.inc
@@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=3b83ef96387f14655fc854ddc3c6bd57"
 
 SRC_URI = "git://gerrit.automotivelinux.org/gerrit/src/app-framework-main;protocol=https;branch=${AGL_BRANCH}"
 
-SRCREV = "4f888279f132faf35caf92d4828f134f6daeb9a1"
+SRCREV = "956e7c57d15bde67d7392aab01a9c0fc6906bbd4"
 PV = "${AGL_BRANCH}+git${SRCPV}"
 
 S = "${WORKDIR}/git"
@@ -22,4 +22,9 @@ afb_binding_dir = "${libdir}/afb"
 systemd_units_root = "/var/local/lib/systemd"
 
 CFLAGS_append_agl-devel = " -DAGL_DEVEL"
+# only install sample keys in agl-devel mode
+# for production you need to deploy real keys
+EXTRA_OECMAKE_append_agl-sign-wgts = " ${@bb.utils.contains('DISTRO_FEATURES', 'agl-devel', '-DINSTALL_SAMPLE_KEYS=ON', '-DINSTALL_SAMPLE_KEYS=OFF', d)}"
+
+
 

diff --git a/meta-app-framework/recipes-core/af-main/nativesdk-af-main_git.bb b/meta-app-framework/recipes-core/af-main/nativesdk-af-main_git.bb
index 759c893..88ab4ae 100644 (file)
--- a/meta-app-framework/recipes-core/af-main/nativesdk-af-main_git.bb
+++ b/meta-app-framework/recipes-core/af-main/nativesdk-af-main_git.bb
@@ -23,5 +23,6 @@ do_install_append() {
 
 PACKAGES = "${PN}-tools ${PN}-tools-dbg"
 FILES_${PN}-tools = "${bindir}/wgtpkg-* ${afm_confdir}/*"
+FILES_${PN}-tools_append_agl-sign-wgts = " ${datadir}/afm"
 FILES_${PN}-tools-dbg = "${bindir}/.debug/wgtpkg-*"
 

diff --git a/templates/feature/agl-sign-wgts/50_local.conf.inc b/templates/feature/agl-sign-wgts/50_local.conf.inc
new file mode 100644 (file)
index 0000000..fb1f6ab
--- /dev/null
+++ b/templates/feature/agl-sign-wgts/50_local.conf.inc
@@ -0,0 +1,2 @@
+#see meta-agl/meta-agl/conf/include/agl-sign-wgts.inc
+require conf/include/agl-sign-wgts.inc

diff --git a/templates/feature/agl-sign-wgts/README_feature_agl-sign-wgts.md b/templates/feature/agl-sign-wgts/README_feature_agl-sign-wgts.md
new file mode 100644 (file)
index 0000000..5e3b4b1
--- /dev/null
+++ b/templates/feature/agl-sign-wgts/README_feature_agl-sign-wgts.md
@@ -0,0 +1,8 @@
+---
+description: Feature agl-sign-wgts
+authors: José Bollo <jose.bollo@iot.bzh>, 
+---
+       
+### Feature agl-sign-wgts
+        
+Activation of the signature of wgt files