From 1fd481575873e66f0653608d835844d5b11c9f49 Mon Sep 17 00:00:00 2001 From: Scott Murray Date: Thu, 23 Nov 2023 21:54:46 -0500 Subject: [PATCH] Ensure KUKSA.val JWT certificate gets installed Recent changes accidentally resulted in the jwt.key.pub certificate file for KUKSA.val server / databroker authorization not getting installed, breaking databroker start up. Explicitly install it from our kuksa-certificates-server-agl package, and tweak the kuksa-val recipe to package it in its kuksa-certificates-server package. Bug-AGL: SPEC-4985 Change-Id: I94703da876718524da753b6b882b331b7f088431 Signed-off-by: Scott Murray Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl-demo/+/29469 Reviewed-by: Jan-Simon Moeller ci-image-boot-test: Jenkins Job builder account Tested-by: Jenkins Job builder account ci-image-build: Jenkins Job builder account --- recipes-connectivity/kuksa-val/kuksa-certificates-agl.bb | 3 +++ .../kuksa-val/kuksa-certificates-agl/jwt.key.pub | 14 ++++++++++++++ recipes-connectivity/kuksa-val/kuksa-val_git.bb | 1 + 3 files changed, 18 insertions(+) create mode 100644 recipes-connectivity/kuksa-val/kuksa-certificates-agl/jwt.key.pub diff --git a/recipes-connectivity/kuksa-val/kuksa-certificates-agl.bb b/recipes-connectivity/kuksa-val/kuksa-certificates-agl.bb index 870d2e398..0264ebbd7 100644 --- a/recipes-connectivity/kuksa-val/kuksa-certificates-agl.bb +++ b/recipes-connectivity/kuksa-val/kuksa-certificates-agl.bb @@ -10,6 +10,7 @@ SRC_URI = "file://CA.pem \ file://Client.pem \ file://Server.key \ file://Server.pem \ + file://jwt.key.pub \ " inherit allarch useradd @@ -28,6 +29,7 @@ do_install() { install -m 0644 ${WORKDIR}/CA.pem ${D}${sysconfdir}/kuksa-val/ install -m 0640 -g 900 ${WORKDIR}/Server.key ${D}${sysconfdir}/kuksa-val/ install -m 0640 -g 900 ${WORKDIR}/Server.pem ${D}${sysconfdir}/kuksa-val/ + install -m 0644 -g 900 ${WORKDIR}/jwt.key.pub ${D}${sysconfdir}/kuksa-val/ install -m 0644 ${WORKDIR}/Client.key ${D}${sysconfdir}/kuksa-val/ install -m 0644 ${WORKDIR}/Client.pem ${D}${sysconfdir}/kuksa-val/ } @@ -42,6 +44,7 @@ RPROVIDES:${PN}-ca += "kuksa-val-certificates-ca" FILES:${PN}-server = " \ ${sysconfdir}/kuksa-val/Server.key \ ${sysconfdir}/kuksa-val/Server.pem \ + ${sysconfdir}/kuksa-val/jwt.key.pub \ " RPROVIDES:${PN}-server += "kuksa-val-certificates-server" RDEPENDS:${PN}-server += "${PN}-ca" diff --git a/recipes-connectivity/kuksa-val/kuksa-certificates-agl/jwt.key.pub b/recipes-connectivity/kuksa-val/kuksa-certificates-agl/jwt.key.pub new file mode 100644 index 000000000..d9f785341 --- /dev/null +++ b/recipes-connectivity/kuksa-val/kuksa-certificates-agl/jwt.key.pub @@ -0,0 +1,14 @@ +-----BEGIN PUBLIC KEY----- +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6ScE9EKXEWVyYhzfhfvg ++LC8NseiuEjfrdFx3HKkb31bRw/SeS0Rye0KDP7uzffwreKf6wWYGxVUPYmyKC7j +Pji5MpDBGM9r3pIZSvPUFdpTE5TiRHFBxWbqPSYt954BTLq4rMu/W+oq5Pdfnugb +voYpLf0dclBl1g9KyszkDnItz3TYbWhGMbsUSfyeSPzH0IADzLoifxbc5mgiR73N +CA/4yNSpfLoqWgQ2vdTM1182sMSmxfqSgMzIMUX/tiaXGdkoKITF1sULlLyWfTo9 +79XRZ0hmUwvfzr3OjMZNoClpYSVbKY+vtxHyux9KOOtv9lPMsgYIaPXvisrsneDZ +fCS0afOfjgR96uHIe2UPSGAXru3yGziqEfpRZoxsgXaOe905ordLD5bSX14xkN7N +Cz7rxDLlxPQyxp4Vhog7p/QeUyydBpZjq2bAE5GAJtiu+XGvG8RypzJFKFQwMNsw +g1BoZVD0mb0MtU8KQmHcZIfY0FVer/CR0mUjfl1rHbtoJB+RY03lQvYNAD04ibAG +NI1RhlTziu35Xo6NDEgs9hVs9k3WrtF+ZUxhivWmP2VXhWruRakVkC1NzKGh54e5 +/KlluFbBNpWgvWZqzWo9Jr7/fzHtR0Q0IZwkxh+Vd/bUZya1uLKqP+sTcc+aTHbn +AEiqOjPq0D6X45wCzIwjILUCAwEAAQ== +-----END PUBLIC KEY----- diff --git a/recipes-connectivity/kuksa-val/kuksa-val_git.bb b/recipes-connectivity/kuksa-val/kuksa-val_git.bb index a894f0133..c564eabfc 100644 --- a/recipes-connectivity/kuksa-val/kuksa-val_git.bb +++ b/recipes-connectivity/kuksa-val/kuksa-val_git.bb @@ -73,6 +73,7 @@ FILES:${PN}-certificates-ca = " \ FILES:${PN}-certificates-server = " \ ${sysconfdir}/kuksa-val/Server.key \ ${sysconfdir}/kuksa-val/Server.pem \ + ${sysconfdir}/kuksa-val/jwt.key.pub \ " RDEPENDS:${PN}-certificates-server += "${PN}-certificates-ca" -- 2.16.6