From e9532f2dac7a4933e4d7e3f44875abcbdc0c17e1 Mon Sep 17 00:00:00 2001
From: Scott Murray <scott.murray@konsulko.com>
Date: Fri, 7 Mar 2025 00:17:22 -0500
Subject: [PATCH] Disable kuksa-databroker TLS

Update various configuration files to disable using TLS for access
to kuksa-databroker for now, since there is an unresolved issue
with the C++ clients running remotely.  To avoid creating even more
profileration of configuration files/packages, the disabling is
effectively across all demo image types.

NOTE: For Embedded World 2025, not intended to be pushed as is.

Change-Id: I3011d3a9d18081b81736dcd07034b3d06c44c43d
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
 .../kuksa-can-provider-conf-agl/config.ini         |  2 +-
 .../config.ini.gw-hardware                         |  2 +-
 .../kuksa-databroker.env                           |  3 ++-
 .../kuksa-val/kuksa-databroker-agl-demo-gateway.bb | 22 ++++++++++++++++++++++
 .../kuksa-databroker.env                           |  2 ++
 .../kuksa-databroker-agl/kuksa-databroker.env      |  3 ++-
 .../agl-vss-helper/files/agl-vss-helper.py         | 19 +++++++++++++------
 .../agl-vss-helper/files/agl-vss-helper.yaml       |  1 +
 .../files/cluster-dashboard.yaml                   |  2 +-
 .../files/cluster-dashboard.yaml.demo              |  2 +-
 .../files/cluster-dashboard.yaml.gateway-demo      |  2 +-
 .../files/cluster-dashboard.yaml.kvm-demo          |  2 +-
 .../cluster-dashboard.yaml.kvm-demo-preconfigured  |  2 +-
 .../files/ics-homescreen.yaml                      |  2 +-
 .../files/ics-homescreen.yaml.gateway-demo         |  2 +-
 .../files/ics-homescreen.yaml.kvm-demo             |  2 +-
 .../files/ics-homescreen.yaml.kvm-gateway-demo     |  2 +-
 recipes-platform/images/agl-gateway-demo.bb        |  1 +
 18 files changed, 54 insertions(+), 19 deletions(-)
 create mode 100644 recipes-connectivity/kuksa-val/kuksa-databroker-agl-demo-gateway.bb
 create mode 100644 recipes-connectivity/kuksa-val/kuksa-databroker-agl-demo-gateway/kuksa-databroker.env

diff --git a/recipes-connectivity/kuksa-val/kuksa-can-provider-conf-agl/config.ini b/recipes-connectivity/kuksa-val/kuksa-can-provider-conf-agl/config.ini
index b4f47a379..4a678e411 100644
--- a/recipes-connectivity/kuksa-val/kuksa-can-provider-conf-agl/config.ini
+++ b/recipes-connectivity/kuksa-val/kuksa-can-provider-conf-agl/config.ini
@@ -12,7 +12,7 @@ ip = localhost
 port = 55555
 
 # Shall TLS be used (default False for Databroker, True for KUKSA.val Server)
-tls = True
+tls = False
 
 # TLS-related settings
 # Path to root CA, needed if using TLS
diff --git a/recipes-connectivity/kuksa-val/kuksa-can-provider-conf-gw-hardware/config.ini.gw-hardware b/recipes-connectivity/kuksa-val/kuksa-can-provider-conf-gw-hardware/config.ini.gw-hardware
index 298512a6d..867685f10 100644
--- a/recipes-connectivity/kuksa-val/kuksa-can-provider-conf-gw-hardware/config.ini.gw-hardware
+++ b/recipes-connectivity/kuksa-val/kuksa-can-provider-conf-gw-hardware/config.ini.gw-hardware
@@ -12,7 +12,7 @@ ip = localhost
 port = 55555
 
 # Shall TLS be used (default False for Databroker, True for KUKSA.val Server)
-tls = True
+tls = False
 
 # TLS-related settings
 # Path to root CA, needed if using TLS
diff --git a/recipes-connectivity/kuksa-val/kuksa-databroker-agl-demo-cluster/kuksa-databroker.env b/recipes-connectivity/kuksa-val/kuksa-databroker-agl-demo-cluster/kuksa-databroker.env
index 47788338d..9dff37a27 100644
--- a/recipes-connectivity/kuksa-val/kuksa-databroker-agl-demo-cluster/kuksa-databroker.env
+++ b/recipes-connectivity/kuksa-val/kuksa-databroker-agl-demo-cluster/kuksa-databroker.env
@@ -1 +1,2 @@
-EXTRA_ARGS="--vss /usr/share/vss/vss.json --tls-cert /etc/kuksa-val/Server.pem --tls-private-key /etc/kuksa-val/Server.key --jwt-public-key /etc/kuksa-val/jwt.key.pub --address 0.0.0.0"
+#EXTRA_ARGS="--vss /usr/share/vss/vss.json --tls-cert /etc/kuksa-val/Server.pem --tls-private-key /etc/kuksa-val/Server.key --jwt-public-key /etc/kuksa-val/jwt.key.pub --address 0.0.0.0"
+EXTRA_ARGS="--vss /usr/share/vss/vss.json --jwt-public-key /etc/kuksa-val/jwt.key.pub --address 0.0.0.0"
diff --git a/recipes-connectivity/kuksa-val/kuksa-databroker-agl-demo-gateway.bb b/recipes-connectivity/kuksa-val/kuksa-databroker-agl-demo-gateway.bb
new file mode 100644
index 000000000..801888989
--- /dev/null
+++ b/recipes-connectivity/kuksa-val/kuksa-databroker-agl-demo-gateway.bb
@@ -0,0 +1,22 @@
+SUMMARY = "AGL gateway demo configuration for KUKSA.val databroker"
+HOMEPAGE = "https://github.com/eclipse/kuksa.val"
+BUGTRACKER = "https://github.com/eclipse/kuksa.val/issues"
+
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
+
+SRC_URI = "file://kuksa-databroker.env"
+
+inherit allarch update-alternatives
+
+do_install() {
+    install -d ${D}${sysconfdir}/default
+    install -m 0644 ${WORKDIR}/kuksa-databroker.env ${D}${sysconfdir}/default/kuksa-databroker.agl-demo-gateway
+}
+
+ALTERNATIVE:${PN} = "kuksa-databroker-env"
+ALTERNATIVE_LINK_NAME[kuksa-databroker-env] = "${sysconfdir}/default/kuksa-databroker"
+ALTERNATIVE_TARGET[kuksa-databroker-env] = "${sysconfdir}/default/kuksa-databroker.agl-demo-gateway"
+ALTERNATIVE_PRIORITY[kuksa-databroker-env] = "20"
+
+RDEPENDS:${PN} += "kuksa-certificates-agl-ca"
diff --git a/recipes-connectivity/kuksa-val/kuksa-databroker-agl-demo-gateway/kuksa-databroker.env b/recipes-connectivity/kuksa-val/kuksa-databroker-agl-demo-gateway/kuksa-databroker.env
new file mode 100644
index 000000000..9dff37a27
--- /dev/null
+++ b/recipes-connectivity/kuksa-val/kuksa-databroker-agl-demo-gateway/kuksa-databroker.env
@@ -0,0 +1,2 @@
+#EXTRA_ARGS="--vss /usr/share/vss/vss.json --tls-cert /etc/kuksa-val/Server.pem --tls-private-key /etc/kuksa-val/Server.key --jwt-public-key /etc/kuksa-val/jwt.key.pub --address 0.0.0.0"
+EXTRA_ARGS="--vss /usr/share/vss/vss.json --jwt-public-key /etc/kuksa-val/jwt.key.pub --address 0.0.0.0"
diff --git a/recipes-connectivity/kuksa-val/kuksa-databroker-agl/kuksa-databroker.env b/recipes-connectivity/kuksa-val/kuksa-databroker-agl/kuksa-databroker.env
index ff1370950..7d747d5f8 100644
--- a/recipes-connectivity/kuksa-val/kuksa-databroker-agl/kuksa-databroker.env
+++ b/recipes-connectivity/kuksa-val/kuksa-databroker-agl/kuksa-databroker.env
@@ -1 +1,2 @@
-EXTRA_ARGS="--vss /usr/share/vss/vss.json --tls-cert /etc/kuksa-val/Server.pem --tls-private-key /etc/kuksa-val/Server.key --jwt-public-key /etc/kuksa-val/jwt.key.pub"
+#EXTRA_ARGS="--vss /usr/share/vss/vss.json --tls-cert /etc/kuksa-val/Server.pem --tls-private-key /etc/kuksa-val/Server.key --jwt-public-key /etc/kuksa-val/jwt.key.pub"
+EXTRA_ARGS="--vss /usr/share/vss/vss.json --jwt-public-key /etc/kuksa-val/jwt.key.pub"
diff --git a/recipes-demo/agl-vss-helper/files/agl-vss-helper.py b/recipes-demo/agl-vss-helper/files/agl-vss-helper.py
index 73ac6b9df..22d55ab61 100644
--- a/recipes-demo/agl-vss-helper/files/agl-vss-helper.py
+++ b/recipes-demo/agl-vss-helper/files/agl-vss-helper.py
@@ -23,12 +23,19 @@ tls_server_name = "localhost"
 verbose = False
 
 async def main():
-    client = VSSClient(hostname,
-                       port,
-                       root_certificates=Path(ca_cert_filename),
-                       tls_server_name=tls_server_name,
-                       token=token,
-                       ensure_startup_connection=True)
+    client = None
+    if use_tls:
+        client = VSSClient(hostname,
+                           port,
+                           root_certificates=Path(ca_cert_filename),
+                           tls_server_name=tls_server_name,
+                           token=token,
+                           ensure_startup_connection=True)
+    else:
+        client = VSSClient(hostname,
+                           port,
+                           token=token,
+                           ensure_startup_connection=True)
     await client.connect()
     print(f"Connected to KUKSA.val databroker at {hostname}:{port}")
     if "initialize" in config and isinstance(config["initialize"], list):
diff --git a/recipes-demo/agl-vss-helper/files/agl-vss-helper.yaml b/recipes-demo/agl-vss-helper/files/agl-vss-helper.yaml
index 22d77e303..dca3b008a 100644
--- a/recipes-demo/agl-vss-helper/files/agl-vss-helper.yaml
+++ b/recipes-demo/agl-vss-helper/files/agl-vss-helper.yaml
@@ -1,3 +1,4 @@
+use-tls: false
 initialize:
 - signal: Vehicle.Speed
   value: 0
diff --git a/recipes-demo/flutter-cluster-dashboard/files/cluster-dashboard.yaml b/recipes-demo/flutter-cluster-dashboard/files/cluster-dashboard.yaml
index 0a1156455..40000f568 100644
--- a/recipes-demo/flutter-cluster-dashboard/files/cluster-dashboard.yaml
+++ b/recipes-demo/flutter-cluster-dashboard/files/cluster-dashboard.yaml
@@ -1,2 +1,2 @@
 authorization : "/etc/xdg/AGL/cluster-dashboard/cluster-dashboard.token"
-use-tls : true
+use-tls : false
diff --git a/recipes-demo/flutter-cluster-dashboard/files/cluster-dashboard.yaml.demo b/recipes-demo/flutter-cluster-dashboard/files/cluster-dashboard.yaml.demo
index 32545c2bf..642ef2dfc 100644
--- a/recipes-demo/flutter-cluster-dashboard/files/cluster-dashboard.yaml.demo
+++ b/recipes-demo/flutter-cluster-dashboard/files/cluster-dashboard.yaml.demo
@@ -1,4 +1,4 @@
 hostname: 192.168.10.2
 authorization : "/etc/xdg/AGL/cluster-dashboard/cluster-dashboard.token"
-use-tls : true
+use-tls : false
 tls-server-name : "localhost"
diff --git a/recipes-demo/flutter-cluster-dashboard/files/cluster-dashboard.yaml.gateway-demo b/recipes-demo/flutter-cluster-dashboard/files/cluster-dashboard.yaml.gateway-demo
index 662a350f1..1d8ec8428 100644
--- a/recipes-demo/flutter-cluster-dashboard/files/cluster-dashboard.yaml.gateway-demo
+++ b/recipes-demo/flutter-cluster-dashboard/files/cluster-dashboard.yaml.gateway-demo
@@ -1,4 +1,4 @@
 hostname: 192.168.10.4
 authorization : "/etc/xdg/AGL/cluster-dashboard/cluster-dashboard.token"
-use-tls : true
+use-tls : false
 tls-server-name : "localhost"
diff --git a/recipes-demo/flutter-cluster-dashboard/files/cluster-dashboard.yaml.kvm-demo b/recipes-demo/flutter-cluster-dashboard/files/cluster-dashboard.yaml.kvm-demo
index 17e5888e8..79d06bee0 100644
--- a/recipes-demo/flutter-cluster-dashboard/files/cluster-dashboard.yaml.kvm-demo
+++ b/recipes-demo/flutter-cluster-dashboard/files/cluster-dashboard.yaml.kvm-demo
@@ -1,4 +1,4 @@
 hostname: 172.16.10.2
 authorization : "/etc/xdg/AGL/cluster-dashboard/cluster-dashboard.token"
-use-tls : true
+use-tls : false
 tls-server-name : "localhost"
diff --git a/recipes-demo/flutter-cluster-dashboard/files/cluster-dashboard.yaml.kvm-demo-preconfigured b/recipes-demo/flutter-cluster-dashboard/files/cluster-dashboard.yaml.kvm-demo-preconfigured
index 9267b4d40..5a225390d 100644
--- a/recipes-demo/flutter-cluster-dashboard/files/cluster-dashboard.yaml.kvm-demo-preconfigured
+++ b/recipes-demo/flutter-cluster-dashboard/files/cluster-dashboard.yaml.kvm-demo-preconfigured
@@ -1,4 +1,4 @@
 hostname: 172.16.10.1
 authorization : "/etc/xdg/AGL/cluster-dashboard/cluster-dashboard.token"
-use-tls : true
+use-tls : false
 tls-server-name : "localhost"
diff --git a/recipes-demo/flutter-ics-homescreen/files/ics-homescreen.yaml b/recipes-demo/flutter-ics-homescreen/files/ics-homescreen.yaml
index f8e400b39..b0d761ad0 100644
--- a/recipes-demo/flutter-ics-homescreen/files/ics-homescreen.yaml
+++ b/recipes-demo/flutter-ics-homescreen/files/ics-homescreen.yaml
@@ -1,4 +1,4 @@
 kuksa:
   port : 55555
   authorization : "/etc/xdg/AGL/ics-homescreen/ics-homescreen.token"
-  use-tls : true
+  use-tls : false
diff --git a/recipes-demo/flutter-ics-homescreen/files/ics-homescreen.yaml.gateway-demo b/recipes-demo/flutter-ics-homescreen/files/ics-homescreen.yaml.gateway-demo
index e9346bc41..b899780e3 100644
--- a/recipes-demo/flutter-ics-homescreen/files/ics-homescreen.yaml.gateway-demo
+++ b/recipes-demo/flutter-ics-homescreen/files/ics-homescreen.yaml.gateway-demo
@@ -2,5 +2,5 @@ kuksa:
   hostname : 192.168.10.4
   port : 55555
   authorization : "/etc/xdg/AGL/ics-homescreen/ics-homescreen.token"
-  use-tls : true
+  use-tls : false
   tls-server-name : localhost
diff --git a/recipes-demo/flutter-ics-homescreen/files/ics-homescreen.yaml.kvm-demo b/recipes-demo/flutter-ics-homescreen/files/ics-homescreen.yaml.kvm-demo
index 22e7e3908..d7327d6d8 100644
--- a/recipes-demo/flutter-ics-homescreen/files/ics-homescreen.yaml.kvm-demo
+++ b/recipes-demo/flutter-ics-homescreen/files/ics-homescreen.yaml.kvm-demo
@@ -2,7 +2,7 @@ kuksa:
   hostname : 172.16.10.1
   port : 55555
   authorization : "/etc/xdg/AGL/ics-homescreen/ics-homescreen.token"
-  use-tls : true
+  use-tls : false
   tls-server-name : localhost
 radio:
   hostname : 172.16.10.1
diff --git a/recipes-demo/flutter-ics-homescreen/files/ics-homescreen.yaml.kvm-gateway-demo b/recipes-demo/flutter-ics-homescreen/files/ics-homescreen.yaml.kvm-gateway-demo
index 5d6e73b32..d8773e23e 100644
--- a/recipes-demo/flutter-ics-homescreen/files/ics-homescreen.yaml.kvm-gateway-demo
+++ b/recipes-demo/flutter-ics-homescreen/files/ics-homescreen.yaml.kvm-gateway-demo
@@ -2,7 +2,7 @@ kuksa:
   hostname : 192.168.10.4
   port : 55555
   authorization : "/etc/xdg/AGL/ics-homescreen/ics-homescreen.token"
-  use-tls : true
+  use-tls : false
   tls-server-name : localhost
 radio:
   hostname : 172.16.10.1
diff --git a/recipes-platform/images/agl-gateway-demo.bb b/recipes-platform/images/agl-gateway-demo.bb
index 32bf2f2f6..8e466e412 100644
--- a/recipes-platform/images/agl-gateway-demo.bb
+++ b/recipes-platform/images/agl-gateway-demo.bb
@@ -17,6 +17,7 @@ AGL_DEVEL_INSTALL = " \
 "
 
 IMAGE_INSTALL += " \
+    kuksa-databroker-agl-demo-gateway \
     agl-vss-proxy \
     kuksa-can-provider-conf-gw-control-panel \
     vss-agl-gw-control-panel \
-- 
2.16.6