diff options
| author | Anton D. Kachalov <gmouse@google.com> | 2021-03-19 13:30:43 +0300 |
|---|---|---|
| committer | Anton D. Kachalov <gmouse@google.com> | 2021-10-03 18:40:03 +0300 |
| commit | 609d48731fd3758910ed5a68d5ce1d6e80c2dfd3 (patch) | |
| tree | 4373521611551a68a9fcf2d872565eb649eb6247 | |
| parent | 79eaf441714b61f6d8f89efc77544e1d7ca1a5d6 (diff) | |
| download | openbmc-609d48731fd3758910ed5a68d5ce1d6e80c2dfd3.tar.xz | |
certificate-manager: supply configs from the repo
This change is a part of the privilege seperation work
which is tracked in:
https://github.com/openbmc/openbmc/issues/3383
This change should be merged after individual repo change:
https://gerrit.openbmc-project.xyz/c/openbmc/phosphor-certificate-manager/+/41166
Signed-off-by: Anton D. Kachalov <gmouse@google.com>
Change-Id: I72e4842e7aa6de2ae4bcbdbf00953b7a79a0f414
9 files changed, 19 insertions, 106 deletions
diff --git a/meta-google/recipes-phosphor/packagegroups/packagegroup-obmc-apps.bbappend b/meta-google/recipes-phosphor/packagegroups/packagegroup-obmc-apps.bbappend index 46135c3d5..76ec9a53c 100644 --- a/meta-google/recipes-phosphor/packagegroups/packagegroup-obmc-apps.bbappend +++ b/meta-google/recipes-phosphor/packagegroups/packagegroup-obmc-apps.bbappend @@ -8,4 +8,4 @@ RDEPENDS:${PN}-extras:remove:gbmc = "phosphor-nslcd-authority-cert-config" RDEPENDS:${PN}-extrasdev:remove:gbmc = "rest-dbus" # Disable bmcweb for gbmc machines without redfish. -RDEPENDS:${PN}-extras:remove:gbmc = '${@bb.utils.contains:any("MACHINE_FEATURES", ['redfish'], "", "bmcweb phosphor-bmcweb-cert-config", d)}' +RDEPENDS:${PN}-extras:remove:gbmc = '${@bb.utils.contains:any("MACHINE_FEATURES", ['redfish'], "", "bmcweb", d)}' diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-bmcweb-cert-config.bb b/meta-phosphor/recipes-phosphor/certificate/phosphor-bmcweb-cert-config.bb deleted file mode 100644 index 1d9f5a3b1..000000000 --- a/meta-phosphor/recipes-phosphor/certificate/phosphor-bmcweb-cert-config.bb +++ /dev/null @@ -1,30 +0,0 @@ -SUMMARY = "Phosphor certificate manager configuration for a bmcweb service" - -PR = "r1" - -LICENSE = "Apache-2.0" -LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10" - -RDEPENDS:${PN} = "phosphor-certificate-manager" - -inherit allarch - -SRC_URI = "file://env" - -FILES:${PN} = "${datadir}" - -do_install() { - install -D ${WORKDIR}/env ${D}/${datadir}/phosphor-certificate-manager/bmcweb -} - -pkg_postinst:${PN}() { - LINK="$D$systemd_system_unitdir/multi-user.target.wants/phosphor-certificate-manager@bmcweb.service" - TARGET="../phosphor-certificate-manager@.service" - mkdir -p $D$systemd_system_unitdir/multi-user.target.wants - ln -s $TARGET $LINK -} - -pkg_prerm:${PN}() { - LINK="$D$systemd_system_unitdir/multi-user.target.wants/phosphor-certificate-manager@bmcweb.service" - rm $LINK -} diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-bmcweb-cert-config/env b/meta-phosphor/recipes-phosphor/certificate/phosphor-bmcweb-cert-config/env deleted file mode 100644 index af4899a30..000000000 --- a/meta-phosphor/recipes-phosphor/certificate/phosphor-bmcweb-cert-config/env +++ /dev/null @@ -1,12 +0,0 @@ -#D-Bus object path -#example: /xyz/openbmc_project/certs/server/https -ENDPOINT=https - -#Path for the certificate file -CERTPATH=/etc/ssl/certs/https/server.pem - -#Units to restart -UNIT=bmcweb.service - -#Type of the service client/server -TYPE=server diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager/phosphor-certificate-manager@.service b/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager/phosphor-certificate-manager@.service deleted file mode 100644 index 255906fab..000000000 --- a/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager/phosphor-certificate-manager@.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=Phosphor certificate manager for %I - -[Service] -EnvironmentFile=/usr/share/phosphor-certificate-manager/%I -ExecStart=/usr/bin/env phosphor-certificate-manager --endpoint=${{ENDPOINT}} --path=${{CERTPATH}} --unit=${{UNIT}} --type=${{TYPE}} -SyslogIdentifier=phosphor-certificate-manager -Restart=always - -[Install] -WantedBy=multi-user.target diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager_git.bb b/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager_git.bb index 30730a4e3..d2a7e4fc4 100644 --- a/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager_git.bb +++ b/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager_git.bb @@ -9,14 +9,15 @@ LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327" SRC_URI = "git://github.com/openbmc/phosphor-certificate-manager" -SRCREV = "811a29e1941db0157f49d2e05491be945f7b2f07" +SRCREV = "6dd1c2ad86507202dd55c533559e253f846e99c8" inherit autotools \ pkgconfig \ - obmc-phosphor-systemd + systemd DEPENDS = " \ autoconf-archive-native \ + dbus \ openssl \ phosphor-dbus-interfaces \ phosphor-logging \ @@ -28,9 +29,18 @@ S = "${WORKDIR}/git" EXTRA_OECONF += "--disable-tests" -CERT_TMPL = "phosphor-certificate-manager@.service" -SYSTEMD_SERVICE:${PN} = "${CERT_TMPL}" +SYSTEMD_SERVICE:${PN} = "phosphor-certificate-manager@.service" -PACKAGECONFIG ??= "" +PACKAGECONFIG ??= "bmcweb-cert nslcd-authority-cert" PACKAGECONFIG[ibm-hypervisor-cert] = "--enable-ca-cert-extension,," -SYSTEMD_SERVICE:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'ibm-hypervisor-cert', 'bmc-vmi-ca-manager.service', '', d)}" +PACKAGECONFIG[bmcweb-cert] = "--enable-bmcweb-cert-config,," +PACKAGECONFIG[nslcd-authority-cert] = "--enable-nslcd-authority-cert-config,," + +SYSTEMD_SERVICE:${PN} = " \ + phosphor-certificate-manager@.service \ + ${@bb.utils.contains('PACKAGECONFIG', 'ibm-hypervisor-cert', 'bmc-vmi-ca-manager.service', '', d)} \ + ${@bb.utils.contains('PACKAGECONFIG', 'nslcd-authority-cert', 'phosphor-certificate-manager@authority.service', '', d)} \ + ${@bb.utils.contains('PACKAGECONFIG', 'bmcweb', 'phosphor-certificate-manager@bmcweb.service', '', d)} \ + " + +FILES:${PN}:append = " ${sysconfdir}/dbus-1 ${base_libdir} ${datadir} ${bindir}" diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config.bb b/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config.bb deleted file mode 100644 index c847b6d7b..000000000 --- a/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config.bb +++ /dev/null @@ -1,30 +0,0 @@ -SUMMARY = "Phosphor certificate manager configuration for an nslcd authority service" - -PR = "r1" - -LICENSE = "Apache-2.0" -LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10" - -RDEPENDS:${PN} = "phosphor-certificate-manager" - -inherit allarch - -SRC_URI = "file://env" - -FILES:${PN} = "${datadir}" - -do_install() { - install -D ${WORKDIR}/env ${D}/${datadir}/phosphor-certificate-manager/authority -} - -pkg_postinst:${PN}() { - LINK="$D$systemd_system_unitdir/multi-user.target.wants/phosphor-certificate-manager@authority.service" - TARGET="../phosphor-certificate-manager@.service" - mkdir -p $D$systemd_system_unitdir/multi-user.target.wants - ln -s $TARGET $LINK -} - -pkg_prerm:${PN}() { - LINK="$D$systemd_system_unitdir/multi-user.target.wants/phosphor-certificate-manager@authority.service" - rm $LINK -} diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config/env b/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config/env deleted file mode 100644 index d2e8814cb..000000000 --- a/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config/env +++ /dev/null @@ -1,12 +0,0 @@ -#REST URI endpoint -#example: /xyz/openbmc_project/certs/authority/ldap -ENDPOINT=ldap - -#Path for the certificate file -CERTPATH=/etc/ssl/certs/authority - -#Units to restart -UNIT=bmcweb.service - -#Type of service -TYPE=authority diff --git a/meta-phosphor/recipes-phosphor/packagegroups/packagegroup-obmc-apps.bb b/meta-phosphor/recipes-phosphor/packagegroups/packagegroup-obmc-apps.bb index e6c223e7a..c035c6dcb 100644 --- a/meta-phosphor/recipes-phosphor/packagegroups/packagegroup-obmc-apps.bb +++ b/meta-phosphor/recipes-phosphor/packagegroups/packagegroup-obmc-apps.bb @@ -43,7 +43,7 @@ RDEPENDS:${PN}-bmc-state-mgmt = " \ SUMMARY:${PN}-bmcweb = "bmcweb support" RDEPENDS:${PN}-bmcweb = " \ bmcweb \ - phosphor-bmcweb-cert-config \ + phosphor-certificate-manager \ " SUMMARY:${PN}-chassis-state-mgmt = "Chassis state management" @@ -196,5 +196,4 @@ RDEPENDS:${PN}-user-mgmt-ldap = " \ nss-pam-ldapd \ phosphor-ldap \ phosphor-nslcd-cert-config \ - phosphor-nslcd-authority-cert-config \ " diff --git a/meta-quanta/meta-gbs/recipes-phosphor/images/obmc-phosphor-image.bbappend b/meta-quanta/meta-gbs/recipes-phosphor/images/obmc-phosphor-image.bbappend index 9860495ea..505390146 100644 --- a/meta-quanta/meta-gbs/recipes-phosphor/images/obmc-phosphor-image.bbappend +++ b/meta-quanta/meta-gbs/recipes-phosphor/images/obmc-phosphor-image.bbappend @@ -28,8 +28,7 @@ OBMC_IMAGE_EXTRA_INSTALL:append:gbs = " phosphor-hwmon" OBMC_IMAGE_EXTRA_INSTALL:append:gbs = " phosphor-inventory-manager" # Required for obmc-bmcweb OBMC_IMAGE_EXTRA_INSTALL:append:gbs = " bmcweb" -OBMC_IMAGE_EXTRA_INSTALL:append:gbs = " phosphor-bmcweb-cert-config" -OBMC_IMAGE_EXTRA_INSTALL:append:gbs = " phosphor-nslcd-authority-cert-config" +OBMC_IMAGE_EXTRA_INSTALL:append:gbs = " phosphor-certificate-manager" OBMC_IMAGE_EXTRA_INSTALL:append:gbs = " phosphor-user-manager" # Required for LEDs. Part of obmc-leds OBMC_IMAGE_EXTRA_INSTALL:append:gbs = " ${VIRTUAL-RUNTIME_obmc-leds-manager}" |