Initial commit
This commit is contained in:
Your Name
@@ -0,0 +1,16 @@
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAPvSDLu6slkP1gri
|
||||
PaeQXL9ysD69J/HjbBCIQ0RPfeWBb75US1tRTjPP0Ub8CtH8ExVf8iF1ulsZA78B
|
||||
zIjBYZVp9pyD6LbpZ/hjV7rIH6dTNhoVpdA+F8LzmQ7cyhHG8l2JMvdunwF2uX5k
|
||||
D4WDcZt/ITKZNQNavPtmIyD5HprdAgMBAAECgYEAuQkTSi5ZNpAoWz76xtGRFSwU
|
||||
zUT4wQi3Mz6tDtjKTYXasiQGa0dHC1M9F8fDu6BZ9W7W4Dc9hArRcdzEighuxoI/
|
||||
nZI/0uL89iUEywnDEIHuS6D5JlZaj86/nx9YvQnO8F/seM+MX0EAWVrd5wC7aAF1
|
||||
h6Fu7ykZB4ggUjQAWwECQQD+AUiDOEO+8btLJ135dQfSGc5VFcZiequnKWVm6uXt
|
||||
rX771hEYjYMjLqWGFg9G4gE3GuABM5chMINuQQUivy8tAkEA/cxfy19XkjtqcMgE
|
||||
x/UDt6Nr+Ky/tk+4Y65WxPRDas0uxFOPk/vEjgVmz1k/TAy9G4giisluTvtmltr5
|
||||
DCLocQJBAJnRHx9PiD7uVhRJz6/L/iNuOzPtTsi+Loq5F83+O6T15qsM1CeBMsOw
|
||||
cM5FN5UeMcwz+yjfHAsePMkcmMaU7jUCQHlg9+N8upXuIo7Dqj2zOU7nMmkgvSNE
|
||||
5yuNImRZabC3ZolwaTdd7nf5r1y1Eyec5Ag5yENV6JKPe1Xkbb1XKJECQDngA0h4
|
||||
6ATvfP1Vrx4CbP11eKXbCsZ9OGPHSgyvVjn68oY5ZP3uPsIattoN7dE2BRfuJm7m
|
||||
F0nIdUAhR0yTfKM=
|
||||
-----END PRIVATE KEY-----
|
||||
@@ -0,0 +1,22 @@
|
||||
DESCRIPTION = "phosphor-ipmi-flash config to update without verifying the image"
|
||||
LICENSE = "MIT"
|
||||
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
|
||||
|
||||
SRC_URI += "file://noverify-bmc-update.service"
|
||||
SRC_URI += "file://noverify-bmc-verify.service"
|
||||
SRC_URI += "file://config-bmc.json"
|
||||
|
||||
SYSTEMD_SERVICE:${PN} += "noverify-bmc-update.service"
|
||||
SYSTEMD_SERVICE:${PN} += "noverify-bmc-verify.service"
|
||||
|
||||
inherit systemd
|
||||
|
||||
do_install() {
|
||||
install -d ${D}${datadir}/phosphor-ipmi-flash
|
||||
install -m 0644 ${WORKDIR}/config-bmc.json ${D}${datadir}/phosphor-ipmi-flash
|
||||
install -d ${D}${systemd_system_unitdir}
|
||||
install -m 0644 ${WORKDIR}/noverify-bmc-update.service ${D}${systemd_system_unitdir}
|
||||
install -m 0644 ${WORKDIR}/noverify-bmc-verify.service ${D}${systemd_system_unitdir}
|
||||
}
|
||||
|
||||
FILES:${PN} += "${datadir}/phosphor-ipmi-flash/config-bmc.json"
|
||||
@@ -0,0 +1,20 @@
|
||||
[{
|
||||
"blob": "/flash/image",
|
||||
"handler": {
|
||||
"type": "file",
|
||||
"path": "/run/initramfs/bmc-image"
|
||||
},
|
||||
"actions": {
|
||||
"preparation": {
|
||||
"type": "skip"
|
||||
},
|
||||
"verification": {
|
||||
"type": "systemd",
|
||||
"unit": "noverify-bmc-verify.service"
|
||||
},
|
||||
"update": {
|
||||
"type": "systemd",
|
||||
"unit": "noverify-bmc-update.service"
|
||||
}
|
||||
}
|
||||
}]
|
||||
@@ -0,0 +1,9 @@
|
||||
[Unit]
|
||||
Description=Commit image for update and reboot
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/bin/mv /run/initramfs/bmc-image-verified /run/initramfs/image-bmc
|
||||
# This command is intentionally blocking to ensure this unit doesn't complete
|
||||
# before the BMC reboots.
|
||||
ExecStart=/usr/bin/systemctl start --job-mode=replace-irreversibly reboot.target
|
||||
@@ -0,0 +1,6 @@
|
||||
[Unit]
|
||||
Description=Don't verify the image, just stage it for update
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/bin/mv /run/initramfs/bmc-image /run/initramfs/bmc-image-verified
|
||||
@@ -0,0 +1,28 @@
|
||||
SUMMARY = "Provides a host firmware image"
|
||||
DESCRIPTION = "Use a bbappend to add the image files"
|
||||
LICENSE = "${HOSTFW_LICENSE}"
|
||||
LIC_FILES_CHKSUM = "${HOSTFW_LIC_FILES_CHKSUM}"
|
||||
PR = "r1"
|
||||
|
||||
inherit allarch
|
||||
inherit deploy
|
||||
|
||||
do_compile() {
|
||||
# The image directory can be used as the source to create a filesystem to
|
||||
# add to the BMC image.
|
||||
install -d ${B}/image
|
||||
# Install an image-hostfw file in the update directory to be included in
|
||||
# the code update tarball.
|
||||
install -d ${B}/update
|
||||
}
|
||||
|
||||
addtask deploy before do_build after do_compile
|
||||
|
||||
HOSTFW_LICENSE ?= "Apache-2.0"
|
||||
HOSTFW_LIC_FILES_CHKSUM ?= "file://${COREBASE}/meta/files/common-licenses/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10"
|
||||
do_deploy() {
|
||||
install -d ${DEPLOYDIR}/hostfw/image
|
||||
install -d ${DEPLOYDIR}/hostfw/update
|
||||
cp -R --no-dereference --preserve=mode,links ${B}/image/ ${DEPLOYDIR}/hostfw/
|
||||
cp -R --no-dereference --preserve=mode,links ${B}/update/ ${DEPLOYDIR}/hostfw/
|
||||
}
|
||||
@@ -0,0 +1,45 @@
|
||||
SUMMARY = "OpenBMC image signing public key"
|
||||
DESCRIPTION = "Public key information to be included in images for image verification."
|
||||
LICENSE = "Apache-2.0"
|
||||
LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10"
|
||||
DEPENDS += "openssl-native"
|
||||
DEPENDS += "${@oe.utils.conditional('INSECURE_KEY', 'True', 'phosphor-insecure-signing-key-native', '', d)}"
|
||||
PR = "r1"
|
||||
|
||||
SIGNING_PUBLIC_KEY ?= ""
|
||||
SIGNING_PUBLIC_KEY_TYPE = "${@os.path.splitext(os.path.basename('${SIGNING_PUBLIC_KEY}'))[0]}"
|
||||
SIGNING_KEY ?= "${STAGING_DIR_NATIVE}${datadir}/OpenBMC.priv"
|
||||
SIGNING_KEY_TYPE = "${@os.path.splitext(os.path.basename('${SIGNING_KEY}'))[0]}"
|
||||
SYSROOT_DIRS:append = " ${sysconfdir}"
|
||||
|
||||
inherit allarch
|
||||
|
||||
do_install() {
|
||||
signing_key="${SIGNING_KEY}"
|
||||
if [ "${INSECURE_KEY}" = "True" ] && [ -n "${SIGNING_PUBLIC_KEY}" ]; then
|
||||
echo "Using SIGNING_PUBLIC_KEY"
|
||||
signing_key=""
|
||||
fi
|
||||
if [ -n "${signing_key}" ] && [ -n "${SIGNING_PUBLIC_KEY}" ]; then
|
||||
echo "Both SIGNING_KEY and SIGNING_PUBLIC_KEY are defined, expecting only one"
|
||||
exit 1
|
||||
fi
|
||||
if [ -n "${signing_key}" ]; then
|
||||
openssl pkey -in "${signing_key}" -pubout -out ${WORKDIR}/publickey
|
||||
idir="${D}${sysconfdir}/activationdata/${SIGNING_KEY_TYPE}"
|
||||
elif [ -n "${SIGNING_PUBLIC_KEY}" ]; then
|
||||
cp "${SIGNING_PUBLIC_KEY}" ${WORKDIR}/publickey
|
||||
idir="${D}${sysconfdir}/activationdata/${SIGNING_PUBLIC_KEY_TYPE}"
|
||||
else
|
||||
echo "No SIGNING_KEY or SIGNING_PUBLIC_KEY defined, expecting one"
|
||||
exit 1
|
||||
fi
|
||||
echo HashType=RSA-SHA256 > "${WORKDIR}/hashfunc"
|
||||
install -d ${idir}
|
||||
install -m 644 ${WORKDIR}/publickey ${idir}
|
||||
install -m 644 ${WORKDIR}/hashfunc ${idir}
|
||||
}
|
||||
|
||||
FILES:${PN} += "${sysconfdir}/activationdata/"
|
||||
|
||||
INSECURE_KEY = "${@'${SIGNING_KEY}' == '${STAGING_DIR_NATIVE}${datadir}/OpenBMC.priv'}"
|
||||
@@ -0,0 +1,16 @@
|
||||
SUMMARY = "Insecure private key for testing and development"
|
||||
DESCRIPTION = "Do not use this key to sign images."
|
||||
LICENSE = "Apache-2.0"
|
||||
LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10"
|
||||
PR = "r1"
|
||||
|
||||
SRC_URI += "file://OpenBMC.priv"
|
||||
|
||||
inherit allarch
|
||||
inherit native
|
||||
|
||||
do_install() {
|
||||
bbplain "Using an insecure image signing key!"
|
||||
install -d ${D}${datadir}
|
||||
install -m 400 ${WORKDIR}/OpenBMC.priv ${D}${datadir}
|
||||
}
|
||||
@@ -0,0 +1,11 @@
|
||||
SUMMARY = "phosphor-software-manager: install phosphor-logging yaml"
|
||||
LICENSE = "Apache-2.0"
|
||||
LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10"
|
||||
PV = "1.0+git${SRCPV}"
|
||||
PR = "r1"
|
||||
|
||||
S = "${WORKDIR}/git"
|
||||
|
||||
inherit phosphor-logging-yaml-provider
|
||||
|
||||
require phosphor-software-manager.inc
|
||||
@@ -0,0 +1,5 @@
|
||||
HOMEPAGE = "https://github.com/openbmc/phosphor-bmc-code-mgmt"
|
||||
LICENSE = "Apache-2.0"
|
||||
LIC_FILES_CHKSUM = "file://LICENSE;md5=e3fc50a88d0a364313df4b21ef20c29e"
|
||||
SRC_URI += "git://github.com/openbmc/phosphor-bmc-code-mgmt;branch=master;protocol=https"
|
||||
SRCREV = "b9ecb2bcda1292649968c15d227c32dc4209b844"
|
||||
@@ -0,0 +1,121 @@
|
||||
SUMMARY = "Phosphor Software Management"
|
||||
DESCRIPTION = "Phosphor Software Manager provides a set of system software \
|
||||
management daemons. It is suitable for use on a wide variety of OpenBMC \
|
||||
platforms."
|
||||
DEPENDS += " \
|
||||
openssl \
|
||||
phosphor-dbus-interfaces \
|
||||
phosphor-logging \
|
||||
${PYTHON_PN}-sdbus++-native \
|
||||
sdbusplus \
|
||||
"
|
||||
PACKAGECONFIG[verify_signature] = " \
|
||||
-Dverify-full-signature=enabled, \
|
||||
-Dverify-full-signature=disabled"
|
||||
PACKAGECONFIG[sync_bmc_files] = "-Dsync-bmc-files=enabled, -Dsync-bmc-files=disabled"
|
||||
PACKAGECONFIG[usb_code_update] = "-Dusb-code-update=enabled, -Dusb-code-update=disabled, cli11"
|
||||
PACKAGECONFIG[side_switch_on_boot] = "-Dside-switch-on-boot=enabled, -Dside-switch-on-boot=disabled, cli11"
|
||||
PACKAGECONFIG[ubifs_layout] = "-Dbmc-layout=ubi"
|
||||
PACKAGECONFIG[mmc_layout] = "-Dbmc-layout=mmc"
|
||||
PACKAGECONFIG[flash_bios] = "-Dhost-bios-upgrade=enabled, -Dhost-bios-upgrade=disabled"
|
||||
PACKAGECONFIG[static-dual-image] = "-Dbmc-static-dual-image=enabled, -Dbmc-static-dual-image=disabled"
|
||||
PV = "1.0+git${SRCPV}"
|
||||
PR = "r1"
|
||||
|
||||
SOFTWARE_MGR_PACKAGES = " \
|
||||
${PN}-version \
|
||||
${PN}-download-mgr \
|
||||
${PN}-updater \
|
||||
${PN}-updater-ubi \
|
||||
${PN}-updater-mmc \
|
||||
${PN}-sync \
|
||||
${PN}-usb \
|
||||
${PN}-side-switch \
|
||||
"
|
||||
# Set SYSTEMD_PACKAGES to empty because we do not want ${PN} and DBUS_PACKAGES
|
||||
# handles the rest.
|
||||
SYSTEMD_PACKAGES = ""
|
||||
SYSTEMD_SERVICE:${PN}-updater += " \
|
||||
force-reboot.service \
|
||||
obmc-flash-bmc-setenv@.service \
|
||||
reboot-guard-disable.service \
|
||||
reboot-guard-enable.service \
|
||||
usr-local.mount \
|
||||
"
|
||||
SYSTEMD_SERVICE:${PN}-updater += "${@bb.utils.contains('PACKAGECONFIG', 'flash_bios', 'obmc-flash-host-bios@.service', '', d)}"
|
||||
SYSTEMD_SERVICE:${PN}-usb += "${@bb.utils.contains('PACKAGECONFIG', 'usb_code_update', 'usb-code-update@.service', '', d)}"
|
||||
SYSTEMD_SERVICE:${PN}-side-switch += "${@bb.utils.contains('PACKAGECONFIG', 'side_switch_on_boot', 'phosphor-bmc-side-switch.service', '', d)}"
|
||||
SYSTEMD_SERVICE:${PN}-updater += "${@bb.utils.contains('PACKAGECONFIG', 'static-dual-image', 'obmc-flash-bmc-alt@.service', '', d)}"
|
||||
SYSTEMD_SERVICE:${PN}-updater += "${@bb.utils.contains('PACKAGECONFIG', 'static-dual-image', 'obmc-flash-bmc-static-mount-alt.service', '', d)}"
|
||||
SYSTEMD_SERVICE:${PN}-updater += "${@bb.utils.contains('PACKAGECONFIG', 'static-dual-image', 'obmc-flash-bmc-prepare-for-sync.service', '', d)}"
|
||||
S = "${WORKDIR}/git"
|
||||
|
||||
inherit meson pkgconfig
|
||||
inherit obmc-phosphor-dbus-service
|
||||
inherit python3native
|
||||
inherit ${@bb.utils.contains('DISTRO_FEATURES', 'obmc-ubi-fs', 'phosphor-software-manager-ubi-fs', '', d)}
|
||||
inherit ${@bb.utils.contains('DISTRO_FEATURES', 'phosphor-mmc', 'phosphor-software-manager-mmc', '', d)}
|
||||
|
||||
EXTRA_OEMESON:append = " -Dtests=disabled"
|
||||
|
||||
do_install:append() {
|
||||
install -d ${D}/usr/local
|
||||
}
|
||||
|
||||
# The repo installs several scripts that depends on bash
|
||||
RDEPENDS:${PN} += " bash"
|
||||
RDEPENDS:${PN}-updater += " \
|
||||
bash \
|
||||
virtual-obmc-image-manager \
|
||||
${@bb.utils.contains('PACKAGECONFIG', 'verify_signature', 'phosphor-image-signing', '', d)} \
|
||||
${@bb.utils.contains('PACKAGECONFIG', 'mmc_layout', 'e2fsprogs-e2fsck', '', d)} \
|
||||
"
|
||||
|
||||
RPROVIDES:${PN}-version += " \
|
||||
virtual-obmc-image-manager \
|
||||
"
|
||||
|
||||
FILES:${PN}-version += "${bindir}/phosphor-version-software-manager ${exec_prefix}/lib/tmpfiles.d/software.conf"
|
||||
FILES:${PN}-download-mgr += "${bindir}/phosphor-download-manager"
|
||||
FILES:${PN}-updater += " \
|
||||
${bindir}/phosphor-image-updater \
|
||||
${bindir}/obmc-flash-bmc \
|
||||
/usr/local \
|
||||
"
|
||||
FILES:${PN}-sync += " \
|
||||
${bindir}/phosphor-sync-software-manager \
|
||||
${sysconfdir}/synclist \
|
||||
"
|
||||
FILES:${PN}-usb += "\
|
||||
${base_libdir}/udev/rules.d/70-bmc-usb.rules \
|
||||
${bindir}/phosphor-usb-code-update \
|
||||
"
|
||||
FILES:${PN}-side-switch += "\
|
||||
${bindir}/phosphor-bmc-side-switch \
|
||||
"
|
||||
|
||||
require ${BPN}.inc
|
||||
|
||||
ALLOW_EMPTY:${PN} = "1"
|
||||
|
||||
PACKAGE_BEFORE_PN += "${SOFTWARE_MGR_PACKAGES}"
|
||||
DBUS_PACKAGES = "${SOFTWARE_MGR_PACKAGES}"
|
||||
DBUS_SERVICE:${PN}-version += "xyz.openbmc_project.Software.Version.service"
|
||||
DBUS_SERVICE:${PN}-download-mgr += "xyz.openbmc_project.Software.Download.service"
|
||||
DBUS_SERVICE:${PN}-updater += "xyz.openbmc_project.Software.BMC.Updater.service"
|
||||
DBUS_SERVICE:${PN}-sync += "xyz.openbmc_project.Software.Sync.service"
|
||||
|
||||
pkg_postinst:${PN}-side-switch() {
|
||||
if ${@bb.utils.contains('PACKAGECONFIG', 'side_switch_on_boot', 'true', 'false', d)} ; then
|
||||
mkdir -p $D$systemd_system_unitdir/obmc-host-startmin@0.target.wants
|
||||
LINK="$D$systemd_system_unitdir/obmc-host-startmin@0.target.wants/phosphor-bmc-side-switch.service"
|
||||
TARGET="../phosphor-bmc-side-switch.service"
|
||||
ln -s $TARGET $LINK
|
||||
fi
|
||||
}
|
||||
pkg_prerm:${PN}-side-switch() {
|
||||
if ${@bb.utils.contains('PACKAGECONFIG', 'side_switch_on_boot', 'true', 'false', d)} ; then
|
||||
LINK="$D$systemd_system_unitdir/obmc-host-startmin@0.target.wants/phosphor-bmc-side-switch.service"
|
||||
rm $LINK
|
||||
fi
|
||||
}
|
||||
Reference in New Issue
Block a user