diff options
author | Zbigniew Kurzynski <zbigniew.kurzynski@intel.com> | 2019-10-10 13:39:21 +0300 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-11-05 22:00:57 +0300 |
commit | 8401702b28725a9c52a203b2b0dc839679a63aa5 (patch) | |
tree | d8d8b6f3c35c9871db70d8b240fc2f189e2736f8 /meta-phosphor/recipes-phosphor/certificate | |
parent | 2b59705148feb8ca6aafd9cf050229b069284515 (diff) | |
download | openbmc-8401702b28725a9c52a203b2b0dc839679a63aa5.tar.xz |
Support uploading multiple certificates per authority service
Since the certificate manager can support multiple certificates
the CERTPATH for mode=authentication will be changed to directory.
This change depends on anothere review, see Depends-On tag.
Becase the TrustStore will be used by TLS authentication,
any operation on certificates should result in bmcweb restart, that
is why #Units to restart entry is added.
Since update procedure will not replace configuration file in /etc
all configuration files for the certificate-manager will be deployed
in /usr/share/phosphor-certificate-manager.
(From meta-phosphor rev: 0c09ff71d089c614b14d076d933e849f2f74281e)
Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>
Change-Id: Ib7f4ba60760ab8cd1ac647bc51dadf50af7fedc7
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'meta-phosphor/recipes-phosphor/certificate')
5 files changed, 14 insertions, 5 deletions
diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-bmcweb-cert-config.bb b/meta-phosphor/recipes-phosphor/certificate/phosphor-bmcweb-cert-config.bb index cc1f0825f..9fa5f3a0f 100644 --- a/meta-phosphor/recipes-phosphor/certificate/phosphor-bmcweb-cert-config.bb +++ b/meta-phosphor/recipes-phosphor/certificate/phosphor-bmcweb-cert-config.bb @@ -11,8 +11,10 @@ inherit allarch SRC_URI = "file://env" +FILES_${PN} = "${datadir}" + do_install() { - install -D ${WORKDIR}/env ${D}/${sysconfdir}/default/obmc/cert/bmcweb + install -D ${WORKDIR}/env ${D}/${datadir}/phosphor-certificate-manager/bmcweb } pkg_postinst_${PN}() { diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager/phosphor-certificate-manager@.service b/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager/phosphor-certificate-manager@.service index a8215662e..255906fab 100644 --- a/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager/phosphor-certificate-manager@.service +++ b/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager/phosphor-certificate-manager@.service @@ -2,7 +2,7 @@ Description=Phosphor certificate manager for %I [Service] -EnvironmentFile={envfiledir}/obmc/cert/%I +EnvironmentFile=/usr/share/phosphor-certificate-manager/%I ExecStart=/usr/bin/env phosphor-certificate-manager --endpoint=${{ENDPOINT}} --path=${{CERTPATH}} --unit=${{UNIT}} --type=${{TYPE}} SyslogIdentifier=phosphor-certificate-manager Restart=always diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config.bb b/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config.bb index f15fc73d3..07302d657 100644 --- a/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config.bb +++ b/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config.bb @@ -11,8 +11,10 @@ inherit allarch SRC_URI = "file://env" +FILES_${PN} = "${datadir}" + do_install() { - install -D ${WORKDIR}/env ${D}/${sysconfdir}/default/obmc/cert/authority + install -D ${WORKDIR}/env ${D}/${datadir}/phosphor-certificate-manager/authority } pkg_postinst_${PN}() { diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config/env b/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config/env index 849d695b5..d2e8814cb 100644 --- a/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config/env +++ b/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config/env @@ -3,7 +3,10 @@ ENDPOINT=ldap #Path for the certificate file -CERTPATH=/etc/ssl/certs/Root-CA.pem +CERTPATH=/etc/ssl/certs/authority + +#Units to restart +UNIT=bmcweb.service #Type of service TYPE=authority diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-cert-config.bb b/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-cert-config.bb index 0a53a3202..5b0c03a65 100644 --- a/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-cert-config.bb +++ b/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-cert-config.bb @@ -11,8 +11,10 @@ inherit allarch SRC_URI = "file://env" +FILES_${PN} = "${datadir}" + do_install() { - install -D ${WORKDIR}/env ${D}/${sysconfdir}/default/obmc/cert/nslcd + install -D ${WORKDIR}/env ${D}/${datadir}/phosphor-certificate-manager/nslcd } pkg_postinst_${PN}() { |