From: Scott Murray Date: Fri, 24 Nov 2023 02:54:46 +0000 (-0500) Subject: Ensure KUKSA.val JWT certificate gets installed X-Git-Tag: 16.91.0~5 X-Git-Url: https://gerrit.automotivelinux.org/gerrit/gitweb?a=commitdiff_plain;h=refs%2Fchanges%2F69%2F29469%2F2;p=AGL%2Fmeta-agl-demo.git Ensure KUKSA.val JWT certificate gets installed Recent changes accidentally resulted in the jwt.key.pub certificate file for KUKSA.val server / databroker authorization not getting installed, breaking databroker start up. Explicitly install it from our kuksa-certificates-server-agl package, and tweak the kuksa-val recipe to package it in its kuksa-certificates-server package. Bug-AGL: SPEC-4985 Change-Id: I94703da876718524da753b6b882b331b7f088431 Signed-off-by: Scott Murray Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl-demo/+/29469 Reviewed-by: Jan-Simon Moeller ci-image-boot-test: Jenkins Job builder account Tested-by: Jenkins Job builder account ci-image-build: Jenkins Job builder account --- diff --git a/recipes-connectivity/kuksa-val/kuksa-certificates-agl.bb b/recipes-connectivity/kuksa-val/kuksa-certificates-agl.bb index 870d2e398..0264ebbd7 100644 --- a/recipes-connectivity/kuksa-val/kuksa-certificates-agl.bb +++ b/recipes-connectivity/kuksa-val/kuksa-certificates-agl.bb @@ -10,6 +10,7 @@ SRC_URI = "file://CA.pem \ file://Client.pem \ file://Server.key \ file://Server.pem \ + file://jwt.key.pub \ " inherit allarch useradd @@ -28,6 +29,7 @@ do_install() { install -m 0644 ${WORKDIR}/CA.pem ${D}${sysconfdir}/kuksa-val/ install -m 0640 -g 900 ${WORKDIR}/Server.key ${D}${sysconfdir}/kuksa-val/ install -m 0640 -g 900 ${WORKDIR}/Server.pem ${D}${sysconfdir}/kuksa-val/ + install -m 0644 -g 900 ${WORKDIR}/jwt.key.pub ${D}${sysconfdir}/kuksa-val/ install -m 0644 ${WORKDIR}/Client.key ${D}${sysconfdir}/kuksa-val/ install -m 0644 ${WORKDIR}/Client.pem ${D}${sysconfdir}/kuksa-val/ } @@ -42,6 +44,7 @@ RPROVIDES:${PN}-ca += "kuksa-val-certificates-ca" FILES:${PN}-server = " \ ${sysconfdir}/kuksa-val/Server.key \ ${sysconfdir}/kuksa-val/Server.pem \ + ${sysconfdir}/kuksa-val/jwt.key.pub \ " RPROVIDES:${PN}-server += "kuksa-val-certificates-server" RDEPENDS:${PN}-server += "${PN}-ca" diff --git a/recipes-connectivity/kuksa-val/kuksa-certificates-agl/jwt.key.pub b/recipes-connectivity/kuksa-val/kuksa-certificates-agl/jwt.key.pub new file mode 100644 index 000000000..d9f785341 --- /dev/null +++ b/recipes-connectivity/kuksa-val/kuksa-certificates-agl/jwt.key.pub @@ -0,0 +1,14 @@ +-----BEGIN PUBLIC KEY----- +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6ScE9EKXEWVyYhzfhfvg ++LC8NseiuEjfrdFx3HKkb31bRw/SeS0Rye0KDP7uzffwreKf6wWYGxVUPYmyKC7j +Pji5MpDBGM9r3pIZSvPUFdpTE5TiRHFBxWbqPSYt954BTLq4rMu/W+oq5Pdfnugb +voYpLf0dclBl1g9KyszkDnItz3TYbWhGMbsUSfyeSPzH0IADzLoifxbc5mgiR73N +CA/4yNSpfLoqWgQ2vdTM1182sMSmxfqSgMzIMUX/tiaXGdkoKITF1sULlLyWfTo9 +79XRZ0hmUwvfzr3OjMZNoClpYSVbKY+vtxHyux9KOOtv9lPMsgYIaPXvisrsneDZ +fCS0afOfjgR96uHIe2UPSGAXru3yGziqEfpRZoxsgXaOe905ordLD5bSX14xkN7N +Cz7rxDLlxPQyxp4Vhog7p/QeUyydBpZjq2bAE5GAJtiu+XGvG8RypzJFKFQwMNsw +g1BoZVD0mb0MtU8KQmHcZIfY0FVer/CR0mUjfl1rHbtoJB+RY03lQvYNAD04ibAG +NI1RhlTziu35Xo6NDEgs9hVs9k3WrtF+ZUxhivWmP2VXhWruRakVkC1NzKGh54e5 +/KlluFbBNpWgvWZqzWo9Jr7/fzHtR0Q0IZwkxh+Vd/bUZya1uLKqP+sTcc+aTHbn +AEiqOjPq0D6X45wCzIwjILUCAwEAAQ== +-----END PUBLIC KEY----- diff --git a/recipes-connectivity/kuksa-val/kuksa-val_git.bb b/recipes-connectivity/kuksa-val/kuksa-val_git.bb index a894f0133..c564eabfc 100644 --- a/recipes-connectivity/kuksa-val/kuksa-val_git.bb +++ b/recipes-connectivity/kuksa-val/kuksa-val_git.bb @@ -73,6 +73,7 @@ FILES:${PN}-certificates-ca = " \ FILES:${PN}-certificates-server = " \ ${sysconfdir}/kuksa-val/Server.key \ ${sysconfdir}/kuksa-val/Server.pem \ + ${sysconfdir}/kuksa-val/jwt.key.pub \ " RDEPENDS:${PN}-certificates-server += "${PN}-certificates-ca"