From 0547cc4c492e6a4c42b710b98dc6ab414bf46c5d Mon Sep 17 00:00:00 2001 From: Brandon Kim Date: Tue, 20 Jul 2021 15:59:47 -0700 Subject: meta-google: flash: Import inplace-gbmc-update Google BMC inplace update script and bitbake recipe. Google-Bug-Id: 179618162 Upstream: 22e2c3dd5f610777dee173a09d8e82dc2509a975 Signed-off-by: Brandon Kim Change-Id: Ia1beded107382dacb9f2f7e3cb9bbd86ae99d8c1 --- .../recipes-phosphor/flash/inplace-gbmc-update.bb | 44 +++++++++++++++++ .../flash/inplace-gbmc-update/config-bmc.json | 33 +++++++++++++ .../inplace-gbmc-verify.service | 6 +++ .../inplace-gbmc-update/inplace-gbmc-verify.sh | 57 ++++++++++++++++++++++ .../inplace-gbmc-version.service | 9 ++++ .../inplace-gbmc-update/inplace-gbmc-version.sh | 16 ++++++ 6 files changed, 165 insertions(+) create mode 100644 meta-google/recipes-phosphor/flash/inplace-gbmc-update.bb create mode 100644 meta-google/recipes-phosphor/flash/inplace-gbmc-update/config-bmc.json create mode 100644 meta-google/recipes-phosphor/flash/inplace-gbmc-update/inplace-gbmc-verify.service create mode 100644 meta-google/recipes-phosphor/flash/inplace-gbmc-update/inplace-gbmc-verify.sh create mode 100644 meta-google/recipes-phosphor/flash/inplace-gbmc-update/inplace-gbmc-version.service create mode 100644 meta-google/recipes-phosphor/flash/inplace-gbmc-update/inplace-gbmc-version.sh (limited to 'meta-google/recipes-phosphor/flash') diff --git a/meta-google/recipes-phosphor/flash/inplace-gbmc-update.bb b/meta-google/recipes-phosphor/flash/inplace-gbmc-update.bb new file mode 100644 index 000000000..c71a579e1 --- /dev/null +++ b/meta-google/recipes-phosphor/flash/inplace-gbmc-update.bb @@ -0,0 +1,44 @@ +SUMMARY = "Google BMC Inplace Update Script" +DESCRIPTION = "Google BMC Inplace Update Script" +PR = "r1" + +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10" + +inherit obmc-phosphor-systemd + +PROVIDES += "virtual/bmc-update" +RPROVIDES_${PN} += "virtual/bmc-update" + +RDEPENDS_${PN} += "google-key" +RDEPENDS_${PN} += "bash" + +SRC_URI += " \ + file://config-bmc.json \ + file://inplace-gbmc-verify.service \ + file://inplace-gbmc-verify.sh \ + file://inplace-gbmc-version.service \ + file://inplace-gbmc-version.sh \ +" + +SYSTEMD_SERVICE_${PN} += "inplace-gbmc-verify.service" +SYSTEMD_SERVICE_${PN} += "inplace-gbmc-version.service" + +FILES_${PN} += "${datadir}/phosphor-ipmi-flash" + +do_install() { + sed -i 's,@ALLOW_DEV@,,' ${WORKDIR}/inplace-gbmc-verify.sh + + install -d ${D}${bindir} + install -m 0755 ${WORKDIR}/*.sh ${D}${bindir} + + install -d ${D}${systemd_system_unitdir} + install -m 0644 ${WORKDIR}/*.service ${D}${systemd_system_unitdir} + + install -d ${D}${datadir}/phosphor-ipmi-flash + install -m 0644 ${WORKDIR}/config-bmc.json ${D}${datadir}/phosphor-ipmi-flash +} + +do_install_prepend_dev() { + sed -i 's,@ALLOW_DEV@,--allow-dev,' ${WORKDIR}/inplace-gbmc-verify.sh +} diff --git a/meta-google/recipes-phosphor/flash/inplace-gbmc-update/config-bmc.json b/meta-google/recipes-phosphor/flash/inplace-gbmc-update/config-bmc.json new file mode 100644 index 000000000..8bd11f2e1 --- /dev/null +++ b/meta-google/recipes-phosphor/flash/inplace-gbmc-update/config-bmc.json @@ -0,0 +1,33 @@ +[{ + "blob": "/flash/image", + "version": { + "handler": { + "type": "file", + "path": "/run/inplace-gbmc-version" + }, + "actions":{ + "open": { + "type": "systemd", + "unit": "inplace-gbmc-version.service" + } + } + }, + "handler": { + "type": "file", + "path": "/run/initramfs/bmc-image" + }, + "actions": { + "preparation": { + "type": "skip" + }, + "verification": { + "type": "systemd", + "unit": "inplace-gbmc-verify.service" + }, + "update": { + "type": "systemd", + "unit": "reboot.target", + "mode": "replace-irreversibly" + } + } +}] diff --git a/meta-google/recipes-phosphor/flash/inplace-gbmc-update/inplace-gbmc-verify.service b/meta-google/recipes-phosphor/flash/inplace-gbmc-update/inplace-gbmc-verify.service new file mode 100644 index 000000000..4552780af --- /dev/null +++ b/meta-google/recipes-phosphor/flash/inplace-gbmc-update/inplace-gbmc-verify.service @@ -0,0 +1,6 @@ +[Unit] +Description=Verify the Flash Image File + +[Service] +Type=oneshot +ExecStart=/usr/bin/inplace-gbmc-verify.sh diff --git a/meta-google/recipes-phosphor/flash/inplace-gbmc-update/inplace-gbmc-verify.sh b/meta-google/recipes-phosphor/flash/inplace-gbmc-update/inplace-gbmc-verify.sh new file mode 100644 index 000000000..d5307d3d1 --- /dev/null +++ b/meta-google/recipes-phosphor/flash/inplace-gbmc-update/inplace-gbmc-verify.sh @@ -0,0 +1,57 @@ +#!/bin/bash +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +# This script will check the signature for the BMC image against +# the baked in keyring available. If any aspect of this fails, +# the scripts returns non-zero and this can be reported to the +# host. +# +# 1. Verify the image +# 2. Rename the image + +KEYRING=/etc/googlekeys/gbmc/gbmc.gpg +SIGNATURE_FILE=/tmp/bmc.sig +STATUS_FILE=/tmp/bmc.verify + +# Store in /run/initramfs because the behaviour of mv changes +# depending on whether the file is moving within a tree or not. +IMAGE_FILE=/run/initramfs/bmc-image +VERIFIED_FILE=/run/initramfs/image-bmc + +# Make sure we run ERR traps when a function returns an error +set -e + +# Write out the result of the script to a status file upon exiting +# normally or due to an error +exit_handler() { + local status="$?" + if (( status == 0 )); then + echo "success" >"${STATUS_FILE}" + else + echo "failed" >"${STATUS_FILE}" + fi + trap - EXIT ERR + exit "$status" +} +trap exit_handler EXIT ERR + +echo "running" > ${STATUS_FILE} + +# Verify the image. +verify-bmc-image.sh @ALLOW_DEV@ "$IMAGE_FILE" "$SIGNATURE_FILE" || exit + +# Rename the staged file for initramfs updates. +mv ${IMAGE_FILE} ${VERIFIED_FILE}#!/bin/bash diff --git a/meta-google/recipes-phosphor/flash/inplace-gbmc-update/inplace-gbmc-version.service b/meta-google/recipes-phosphor/flash/inplace-gbmc-update/inplace-gbmc-version.service new file mode 100644 index 000000000..3f6b67179 --- /dev/null +++ b/meta-google/recipes-phosphor/flash/inplace-gbmc-update/inplace-gbmc-version.service @@ -0,0 +1,9 @@ +[Unit] +Description=Version string for inplace BMC + +[Service] +Type=oneshot +StandardOutput=file:/run/inplace-gbmc-version +StandardError=journal +ExecStartPre=/bin/rm -f /run/inplace-gbmc-version +ExecStart=/usr/bin/inplace-gbmc-version.sh diff --git a/meta-google/recipes-phosphor/flash/inplace-gbmc-update/inplace-gbmc-version.sh b/meta-google/recipes-phosphor/flash/inplace-gbmc-update/inplace-gbmc-version.sh new file mode 100644 index 000000000..0c5c4e787 --- /dev/null +++ b/meta-google/recipes-phosphor/flash/inplace-gbmc-update/inplace-gbmc-version.sh @@ -0,0 +1,16 @@ +#!/bin/bash +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +grep '^VERSION_ID=' /etc/os-release | sed 's,.*-\([^-]*\),\1,g' | tr -d '\n'#!/bin/bash -- cgit v1.2.3