This avoids the issues seen with access rights changes on /home/agl-driver
and will replace https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl-demo/+/28587
Bug-AGL: SPEC-4599
Change-Id: If01ffc9623208edd7a7705739465fa8fca764b74
Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
(cherry picked from commit
11323fa1ed396e3e16f4df327911bc9c60cc6e01)
file://3rd-party-libs/turtle/LICENSE_1_0.txt;md5=e4224ccaecb14d942c71d31bef20d78c \
file://3rd-party-libs/jwt-cpp/LICENSE;md5=8325a5ce4414c65ffdda392e0d96a9ff"
-DEPENDS = "boost openssl mosquitto nss protobuf-native grpc-native grpc"
+DEPENDS = "boost openssl mosquitto protobuf-native grpc-native grpc"
require kuksa-val.inc
chgrp 900 ${D}${sysconfdir}/kuksa-val/Server.pem
}
-pkg_postinst_ontarget:${PN}-client-certificates () {
- certutil -A -d /home/agl-driver/.pki/nssdb -n "KuksaRootCA" -t "pC,," -i ${sysconfdir}/kuksa-val/CA.pem
- chown agl-driver:agl-driver -R /home/agl-driver/
-}
-
# Put client certificates into their own package so we can avoid
# duplicates of them for e.g. cluster clients. Longer term this
# will need to be revisited.
FILES:${PN} += "${systemd_system_unitdir} ${datadir}"
-RDEPENDS:${PN} += "${PN}-client-certificates nss-agl-driver-db"
+RDEPENDS:${PN} += "${PN}-client-certificates"
--- /dev/null
+[Unit]
+Description=Deploy Kuksa certificates to /home/agl-driver/.pki/
+After=local-fs.target
+Before=agl-session@agl-driver.service
+ConditionPathExists=!/home/agl-driver/.pki
+
+[Service]
+User=agl-driver
+ExecStart=/usr/sbin/nss-agl-driver-db.sh
+
+[Install]
+WantedBy=multi-user.target
--- /dev/null
+#!/bin/bash
+set -e
+
+# TLDR we need this file for chromium to connect back to kuksa.
+
+# check if directory already exists and bail out
+if test -d /home/agl-driver/.pki/nssdb ; then
+ echo "Directory already exists! Doing nothing."
+ exit 127
+fi
+
+# setup empty db in subfolder
+mkdir -p /home/agl-driver/.pki/nssdb
+certutil -N -d /home/agl-driver/.pki/nssdb --empty-password
+
+# deploy cert into local db
+certutil -A -d /home/agl-driver/.pki/nssdb -n "KuksaRootCA" -t "pC,," -i /etc/kuksa-val/CA.pem
+
+#chown -R agl-driver:agl-driver /home/agl-driver/.pki/nssdb
AUTHOR = "Jan-Simon Moeller <jsmoeller@linuxfoundation.org>"
HOMEPAGE = "https://git.automotivelinux.org"
LICENSE = "MIT"
-DEPENDS = " agl-session nss-native"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
+
PV = "0.1"
+SRC_URI = "file://${BPN}.service \
+ file://${BPN}.sh \
+ "
+
+inherit systemd
+
+SYSTEMD_SERVICE:${PN} = "${BPN}.service"
+
do_configure[noexec] = "1"
do_compile[noexec] = "1"
do_install() {
- mkdir -p ${D}/home/agl-driver/.pki/nssdb
- certutil -N -d ${D}/home/agl-driver/.pki/nssdb --empty-password
- chown -R 1001:1001 ${D}/home/agl-driver
+ if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+ install -d ${D}${systemd_system_unitdir}
+ install -d ${D}${sbindir}
+ install -m 0644 ${WORKDIR}/${BPN}.service ${D}${systemd_system_unitdir}
+ install -m 0755 ${WORKDIR}/${BPN}.sh ${D}${sbindir}
+ fi
}
-pkg_postinst_ontarget:${PN} () {
- chown agl-driver:agl-driver -R /home/agl-driver/
-}
+FILES:${PN} += "${systemd_system_unitdir} ${sbindir}"
-FILES:${PN} += "/home/agl-driver/.pki/*"
+RDEPENDS:${PN} += "nss agl-session kuksa-val-client-certificates bash"
qtquickcontrols2-agl-style \
${AGL_APPS} \
"
+
+# nss-agl-driver-db is required to connect to kuksa
+RDEPENDS:${PN}:append = " nss-agl-driver-db "
+
Code Review / AGL / meta-agl-demo.git / commitdiff