summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZbigniew Kurzynski <zbigniew.kurzynski@intel.com>2019-10-10 13:39:21 +0300
committerBrad Bishop <bradleyb@fuzziesquirrel.com>2019-11-05 22:00:57 +0300
commit8401702b28725a9c52a203b2b0dc839679a63aa5 (patch)
treed8d8b6f3c35c9871db70d8b240fc2f189e2736f8
parent2b59705148feb8ca6aafd9cf050229b069284515 (diff)
downloadopenbmc-8401702b28725a9c52a203b2b0dc839679a63aa5.tar.xz
Support uploading multiple certificates per authority service
Since the certificate manager can support multiple certificates the CERTPATH for mode=authentication will be changed to directory. This change depends on anothere review, see Depends-On tag. Becase the TrustStore will be used by TLS authentication, any operation on certificates should result in bmcweb restart, that is why #Units to restart entry is added. Since update procedure will not replace configuration file in /etc all configuration files for the certificate-manager will be deployed in /usr/share/phosphor-certificate-manager. (From meta-phosphor rev: 0c09ff71d089c614b14d076d933e849f2f74281e) Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com> Change-Id: Ib7f4ba60760ab8cd1ac647bc51dadf50af7fedc7 Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat
-rw-r--r--meta-phosphor/recipes-phosphor/certificate/phosphor-bmcweb-cert-config.bb4
-rw-r--r--meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager/phosphor-certificate-manager@.service2
-rw-r--r--meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config.bb4
-rw-r--r--meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config/env5
-rw-r--r--meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-cert-config.bb4
5 files changed, 14 insertions, 5 deletions
diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-bmcweb-cert-config.bb b/meta-phosphor/recipes-phosphor/certificate/phosphor-bmcweb-cert-config.bb
index cc1f0825f..9fa5f3a0f 100644
--- a/meta-phosphor/recipes-phosphor/certificate/phosphor-bmcweb-cert-config.bb
+++ b/meta-phosphor/recipes-phosphor/certificate/phosphor-bmcweb-cert-config.bb
@@ -11,8 +11,10 @@ inherit allarch
SRC_URI = "file://env"
+FILES_${PN} = "${datadir}"
+
do_install() {
- install -D ${WORKDIR}/env ${D}/${sysconfdir}/default/obmc/cert/bmcweb
+ install -D ${WORKDIR}/env ${D}/${datadir}/phosphor-certificate-manager/bmcweb
}
pkg_postinst_${PN}() {
diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager/phosphor-certificate-manager@.service b/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager/phosphor-certificate-manager@.service
index a8215662e..255906fab 100644
--- a/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager/phosphor-certificate-manager@.service
+++ b/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager/phosphor-certificate-manager@.service
@@ -2,7 +2,7 @@
Description=Phosphor certificate manager for %I
[Service]
-EnvironmentFile={envfiledir}/obmc/cert/%I
+EnvironmentFile=/usr/share/phosphor-certificate-manager/%I
ExecStart=/usr/bin/env phosphor-certificate-manager --endpoint=${{ENDPOINT}} --path=${{CERTPATH}} --unit=${{UNIT}} --type=${{TYPE}}
SyslogIdentifier=phosphor-certificate-manager
Restart=always
diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config.bb b/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config.bb
index f15fc73d3..07302d657 100644
--- a/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config.bb
+++ b/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config.bb
@@ -11,8 +11,10 @@ inherit allarch
SRC_URI = "file://env"
+FILES_${PN} = "${datadir}"
+
do_install() {
- install -D ${WORKDIR}/env ${D}/${sysconfdir}/default/obmc/cert/authority
+ install -D ${WORKDIR}/env ${D}/${datadir}/phosphor-certificate-manager/authority
}
pkg_postinst_${PN}() {
diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config/env b/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config/env
index 849d695b5..d2e8814cb 100644
--- a/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config/env
+++ b/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config/env
@@ -3,7 +3,10 @@
ENDPOINT=ldap
#Path for the certificate file
-CERTPATH=/etc/ssl/certs/Root-CA.pem
+CERTPATH=/etc/ssl/certs/authority
+
+#Units to restart
+UNIT=bmcweb.service
#Type of service
TYPE=authority
diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-cert-config.bb b/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-cert-config.bb
index 0a53a3202..5b0c03a65 100644
--- a/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-cert-config.bb
+++ b/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-cert-config.bb
@@ -11,8 +11,10 @@ inherit allarch
SRC_URI = "file://env"
+FILES_${PN} = "${datadir}"
+
do_install() {
- install -D ${WORKDIR}/env ${D}/${sysconfdir}/default/obmc/cert/nslcd
+ install -D ${WORKDIR}/env ${D}/${datadir}/phosphor-certificate-manager/nslcd
}
pkg_postinst_${PN}() {
generated by cgit v1.2.3 (git 2.39.0) at 2024-06-24 15:26:20 +0300