From b1bfa635bbf3cf892e505b744df7249d21446771 Mon Sep 17 00:00:00 2001 From: Andrew Geissler Date: Mon, 27 Sep 2021 17:20:12 +0000 Subject: google-misc: srcrev bump d237c6cc59..b163a2c1ba Nan Zhou (1): libcr51sign: import from gBMC William A. Kennington III (2): ncsid: Stop targets when daemon stops ncsid: Support parsing unsolicited RA announcements Willy Tu (2): google-misc: libcr51sign: add feature to fetch image regions bios-key: import from gBMC Change-Id: I47cd3bd37ca6eeb647f61fab66994a4e224f982a Signed-off-by: Andrew Geissler --- meta-google/recipes-google/google-misc/google-misc.inc | 2 +- meta-google/recipes-google/ncsi/ncsid_git.bb | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'meta-google') diff --git a/meta-google/recipes-google/google-misc/google-misc.inc b/meta-google/recipes-google/google-misc/google-misc.inc index 36ad141de..f6caac1c0 100644 --- a/meta-google/recipes-google/google-misc/google-misc.inc +++ b/meta-google/recipes-google/google-misc/google-misc.inc @@ -6,7 +6,7 @@ LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://../../LICENSE;md5=34400b68072d710fecd0a2940a0d1658" SRC_URI += "git://github.com/openbmc/google-misc" -SRCREV = "d237c6cc59e731c2a8a3a1bdcd91ad39bd67e182" +SRCREV = "b163a2c1baca3112d420258f0e347e88afce5379" S = "${WORKDIR}/git/subprojects/${GOOGLE_MISC_PROJ}" inherit meson diff --git a/meta-google/recipes-google/ncsi/ncsid_git.bb b/meta-google/recipes-google/ncsi/ncsid_git.bb index a67a3104b..984b7d603 100644 --- a/meta-google/recipes-google/ncsi/ncsid_git.bb +++ b/meta-google/recipes-google/ncsi/ncsid_git.bb @@ -16,6 +16,8 @@ SYSTEMD_SERVICE:${PN} += " \ ncsid@.service \ nic-hostful@.target \ nic-hostless@.target \ + update-ra-neighbor@.service \ + update-ra-neighbor@.timer \ update-static-neighbors@.service \ update-static-neighbors@.timer \ " -- cgit v1.2.3 From 9674509e803564061f868f732d571f3ce0485756 Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Fri, 6 Aug 2021 00:06:42 -0700 Subject: meta-google: gbmc-ncsi-config: Add relay support for the bridge We may have multiple BMCs running on the internal gbmcbr network via USB links to attached trays. These BMCs do not have a direct connection to the network, and require the NCSI BMC to relay all of their traffic (including DHCP) out opf the machine. This patch enables dhcrelay to run on the NCSI interface and proxy all DHCP traffic from the bridge out of the machine. Change-Id: I60f97ae2d64289c7b706b3d0a6c8fb79a931e485 Signed-off-by: William A. Kennington III --- .../dhcp/dhcp-relay_%.bbappend | 4 ++++ .../ncsi/files/-bmc-gbmcbrncsidhcp.netdev | 5 +++++ .../ncsi/files/-bmc-gbmcbrncsidhcp.network | 4 ++++ .../ncsi/files/-bmc-gbmcncsidhcp.netdev | 5 +++++ .../ncsi/files/-bmc-gbmcncsidhcp.network | 9 ++++++++ .../ncsi/files/50-gbmc-ncsi.rules.in | 6 +++++ .../ncsi/files/gbmc-ncsi-dhcrelay.service.in | 13 +++++++++++ .../recipes-google/ncsi/gbmc-ncsi-config.bb | 26 ++++++++++++++++++++++ meta-google/recipes-kernel/linux/files/gbmc.cfg | 1 + 9 files changed, 73 insertions(+) create mode 100644 meta-google/recipes-connectivity/dhcp/dhcp-relay_%.bbappend create mode 100644 meta-google/recipes-google/ncsi/files/-bmc-gbmcbrncsidhcp.netdev create mode 100644 meta-google/recipes-google/ncsi/files/-bmc-gbmcbrncsidhcp.network create mode 100644 meta-google/recipes-google/ncsi/files/-bmc-gbmcncsidhcp.netdev create mode 100644 meta-google/recipes-google/ncsi/files/-bmc-gbmcncsidhcp.network create mode 100644 meta-google/recipes-google/ncsi/files/gbmc-ncsi-dhcrelay.service.in (limited to 'meta-google') diff --git a/meta-google/recipes-connectivity/dhcp/dhcp-relay_%.bbappend b/meta-google/recipes-connectivity/dhcp/dhcp-relay_%.bbappend new file mode 100644 index 000000000..4efa9f24c --- /dev/null +++ b/meta-google/recipes-connectivity/dhcp/dhcp-relay_%.bbappend @@ -0,0 +1,4 @@ +# LTO and static enabled to reduce image size, saves ~50% +CFLAGS:append:gbmc = " -flto" +EXTRA_OECONF:remove:gbmc = "--disable-static" +EXTRA_OECONF:append:gbmc = " --enable-relay-port --disable-shared" diff --git a/meta-google/recipes-google/ncsi/files/-bmc-gbmcbrncsidhcp.netdev b/meta-google/recipes-google/ncsi/files/-bmc-gbmcbrncsidhcp.netdev new file mode 100644 index 000000000..58f13bd46 --- /dev/null +++ b/meta-google/recipes-google/ncsi/files/-bmc-gbmcbrncsidhcp.netdev @@ -0,0 +1,5 @@ +[NetDev] +Name=gbmcbrncsidhcp +Kind=veth +[Peer] +Name=gbmcncsidhcp diff --git a/meta-google/recipes-google/ncsi/files/-bmc-gbmcbrncsidhcp.network b/meta-google/recipes-google/ncsi/files/-bmc-gbmcbrncsidhcp.network new file mode 100644 index 000000000..5474bffab --- /dev/null +++ b/meta-google/recipes-google/ncsi/files/-bmc-gbmcbrncsidhcp.network @@ -0,0 +1,4 @@ +[Match] +Name=gbmcbrncsidhcp +[Network] +Bridge=gbmcbr diff --git a/meta-google/recipes-google/ncsi/files/-bmc-gbmcncsidhcp.netdev b/meta-google/recipes-google/ncsi/files/-bmc-gbmcncsidhcp.netdev new file mode 100644 index 000000000..08235aac0 --- /dev/null +++ b/meta-google/recipes-google/ncsi/files/-bmc-gbmcncsidhcp.netdev @@ -0,0 +1,5 @@ +[NetDev] +Name=gbmcncsidhcp +Kind=veth +[Peer] +Name=gbmcbrncsidhcp diff --git a/meta-google/recipes-google/ncsi/files/-bmc-gbmcncsidhcp.network b/meta-google/recipes-google/ncsi/files/-bmc-gbmcncsidhcp.network new file mode 100644 index 000000000..868d24b7e --- /dev/null +++ b/meta-google/recipes-google/ncsi/files/-bmc-gbmcncsidhcp.network @@ -0,0 +1,9 @@ +[Match] +Name=gbmcncsidhcp +[Network] +DHCP=false +IPv6AcceptRA=false +LLMNR=false +MulticastDNS=false +LinkLocalAddressing=ipv6 +Address=fdb5:0481:10ce::1/64 diff --git a/meta-google/recipes-google/ncsi/files/50-gbmc-ncsi.rules.in b/meta-google/recipes-google/ncsi/files/50-gbmc-ncsi.rules.in index 938dca34b..f71272010 100644 --- a/meta-google/recipes-google/ncsi/files/50-gbmc-ncsi.rules.in +++ b/meta-google/recipes-google/ncsi/files/50-gbmc-ncsi.rules.in @@ -31,4 +31,10 @@ table inet filter { ip6 daddr fdb5:0481:10ce::/64 drop ip6 saddr fdb5:0481:10ce::/64 drop } + chain ncsi_dhcp_input { + type filter hook input priority 0; policy drop; + iifname != ncsigbmc accept + ip6 nexthdr icmpv6 accept + udp dport 547 accept + } } diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-dhcrelay.service.in b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-dhcrelay.service.in new file mode 100644 index 000000000..5e0345542 --- /dev/null +++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-dhcrelay.service.in @@ -0,0 +1,13 @@ +[Unit] +Description=gBMC DHCP Relay Agent Daemon +After=network.target +StartLimitIntervalSec=10 +StartLimitBurst=3 + +[Service] +Restart=always +RestartSec=5 +ExecStart=/usr/sbin/dhcrelay -d --no-pid -rp 3967 -l gbmcncsidhcp -u @NCSI_IF@ + +[Install] +WantedBy=multi-user.target diff --git a/meta-google/recipes-google/ncsi/gbmc-ncsi-config.bb b/meta-google/recipes-google/ncsi/gbmc-ncsi-config.bb index 6480be1da..0302ed836 100644 --- a/meta-google/recipes-google/ncsi/gbmc-ncsi-config.bb +++ b/meta-google/recipes-google/ncsi/gbmc-ncsi-config.bb @@ -6,7 +6,12 @@ LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/Apache-2.0;md5 inherit systemd SRC_URI += " \ + file://-bmc-gbmcbrncsidhcp.netdev \ + file://-bmc-gbmcbrncsidhcp.network \ + file://-bmc-gbmcncsidhcp.netdev \ + file://-bmc-gbmcncsidhcp.network \ file://50-gbmc-ncsi.rules.in \ + file://gbmc-ncsi-dhcrelay.service.in \ file://gbmc-ncsi-sslh.socket.in \ file://gbmc-ncsi-sslh.service \ file://gbmc-ncsi-nft.sh.in \ @@ -17,6 +22,7 @@ SRC_URI += " \ S = "${WORKDIR}" RDEPENDS:${PN} += " \ + dhcp-relay \ gbmc-ip-monitor \ ncsid \ nftables-systemd \ @@ -29,6 +35,7 @@ FILES:${PN} += " \ " SYSTEMD_SERVICE:${PN} += " \ + gbmc-ncsi-dhcrelay.service \ gbmc-ncsi-sslh.service \ gbmc-ncsi-sslh.socket \ gbmc-ncsi-set-nicenabled.service \ @@ -47,6 +54,16 @@ do_install:append() { echo "net.ipv6.conf.$if_name.dad_transmits=0" \ >>${D}${sysconfdir}/sysctl.d/25-gbmc-ncsi.conf + install -d -m0755 ${D}${systemd_unitdir}/network + install -m0644 ${WORKDIR}/-bmc-gbmcbrncsidhcp.netdev \ + ${D}${systemd_unitdir}/network/ + install -m0644 ${WORKDIR}/-bmc-gbmcbrncsidhcp.network \ + ${D}${systemd_unitdir}/network/ + install -m0644 ${WORKDIR}/-bmc-gbmcncsidhcp.netdev \ + ${D}${systemd_unitdir}/network/ + install -m0644 ${WORKDIR}/-bmc-gbmcncsidhcp.network \ + ${D}${systemd_unitdir}/network/ + netdir=${D}${systemd_unitdir}/network/00-bmc-$if_name.network.d install -d -m0755 "$netdir" echo '[Network]' >>"$netdir"/gbmc-ncsi.conf @@ -80,4 +97,13 @@ do_install:append() { sed "s,@NCSI_IF@,$if_name,g" ${WORKDIR}/gbmc-ncsi-set-nicenabled.service.in \ >${D}${systemd_system_unitdir}/gbmc-ncsi-set-nicenabled.service + + sed "s,@NCSI_IF@,$if_name,g" ${WORKDIR}/gbmc-ncsi-dhcrelay.service.in \ + >${D}${systemd_system_unitdir}/gbmc-ncsi-dhcrelay.service +} + +do_rm_work:prepend() { + # HACK: Work around broken do_rm_work not properly calling rm with `--` + # It doesn't like filenames that start with `-` + rm -rf -- ${WORKDIR}/-* } diff --git a/meta-google/recipes-kernel/linux/files/gbmc.cfg b/meta-google/recipes-kernel/linux/files/gbmc.cfg index 89e1ef9a7..056ee9161 100644 --- a/meta-google/recipes-kernel/linux/files/gbmc.cfg +++ b/meta-google/recipes-kernel/linux/files/gbmc.cfg @@ -36,6 +36,7 @@ CONFIG_DUMMY=y CONFIG_BRIDGE_NETFILTER=y CONFIG_NF_TABLES_BRIDGE=y CONFIG_BRIDGE_NF_EBTABLES=y +CONFIG_VETH=y # Remove features we won't use CONFIG_WLAN=n -- cgit v1.2.3 From c7454fb1c54ec6281a42b7cdb29e746b808eb271 Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Tue, 14 Sep 2021 16:01:37 -0700 Subject: meta-google: gbmc-ncsi-config: Derive IP from RA Our end2end DHCP solution is not yet working, but we need a way to derive addresses for a BMC from the smart NIC in front of it. This provides a mechanism for detecting the address from RA beacons the NIC is sending. Change-Id: I0cdc8c192974c0b00257ebe58e911e62636e4c81 Signed-off-by: William A. Kennington III --- .../ncsi/files/50-gbmc-ncsi.rules.in | 1 + .../ncsi/files/gbmc-ncsi-ip-from-ra.service.in | 15 +++ .../ncsi/files/gbmc-ncsi-ip-from-ra.sh.in | 113 +++++++++++++++++++++ .../recipes-google/ncsi/gbmc-ncsi-config.bb | 11 ++ 4 files changed, 140 insertions(+) create mode 100644 meta-google/recipes-google/ncsi/files/gbmc-ncsi-ip-from-ra.service.in create mode 100755 meta-google/recipes-google/ncsi/files/gbmc-ncsi-ip-from-ra.sh.in (limited to 'meta-google') diff --git a/meta-google/recipes-google/ncsi/files/50-gbmc-ncsi.rules.in b/meta-google/recipes-google/ncsi/files/50-gbmc-ncsi.rules.in index f71272010..e2ade6e5b 100644 --- a/meta-google/recipes-google/ncsi/files/50-gbmc-ncsi.rules.in +++ b/meta-google/recipes-google/ncsi/files/50-gbmc-ncsi.rules.in @@ -8,6 +8,7 @@ table inet filter { } chain ncsi_gbmc_br_pub_input { jump gbmc_br_pub_input + jump ncsi_legacy_input reject } chain gbmc_br_pub_input { diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-ip-from-ra.service.in b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-ip-from-ra.service.in new file mode 100644 index 000000000..82972fffc --- /dev/null +++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-ip-from-ra.service.in @@ -0,0 +1,15 @@ +[Unit] +Description=gBMC NCSI RA Discovery +After=network.target +StartLimitIntervalSec=10 +StartLimitBurst=3 +Conflicts=nic-hostless@@NCSI_IF@.target +Conflicts=nic-hostful@@NCSI_IF@.target + +[Service] +Restart=always +RestartSec=5 +ExecStart=/usr/libexec/gbmc-ncsi-ip-from-ra.sh + +[Install] +WantedBy=multi-user.target diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-ip-from-ra.sh.in b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-ip-from-ra.sh.in new file mode 100755 index 000000000..e4ee10d49 --- /dev/null +++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-ip-from-ra.sh.in @@ -0,0 +1,113 @@ +#!/bin/bash +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +source /usr/share/network/lib.sh || exit +source /usr/libexec/ncsid_lib.sh || exit + +old_pfx= +old_rtr= + +w=60 +while true; do + start=$SECONDS + while read line; do + if [ -z "$line" ]; then + pfx= + elif [[ "$line" =~ ^Prefix' '*:' '*(.*)/([0-9]+)$ ]]; then + t_pfx="${BASH_REMATCH[1]}" + t_pfx_len="${BASH_REMATCH[2]}" + ip_to_bytes t_pfx_b "$t_pfx" || continue + (( t_pfx_len == 76 && t_pfx_b[8] & 0xfd == 0xfd )) || continue + (( t_pfx_b[9] |= 1 )) + pfx="$(ip_bytes_to_str t_pfx_b)" + (( t_pfx_b[9] &= 0xf0 )) + stateless_pfx="$(ip_bytes_to_str t_pfx_b)" + elif [[ "$line" =~ ^from' '(.*)$ ]]; then + rtr="${BASH_REMATCH[1]}" + (( "${#pfx}" != 0 )) || continue + [[ "$pfx" != "$old_pfx" || "$old_rtr" != "$rtr" ]] || continue + + echo "Found prefix $pfx from $rtr" >&2 + + # Delete any stale IP Addresses from the primary interface as we won't use them + UpdateIP xyz.openbmc_project.Network @NCSI_IF@ '0.0.0.0' '0' + UpdateIP xyz.openbmc_project.Network @NCSI_IF@ '::' '0' + + read -r -d '' contents <"$file" + done + + contents='[Network]'$'\n' + contents+="Address=$pfx/128"$'\n' + contents+="Gateway=$rtr"$'\n' + for file in /run/systemd/network/{00,}-bmc-@NCSI_IF@.network.d/49-public-ra.conf; do + mkdir -p -m 755 "$(dirname "$file")" + printf '%s' "$contents" >"$file" + done + + # Ensure that systemd-networkd performs a reconfiguration as it doesn't + # currently check the mtime of drop-in files. + touch -c /lib/systemd/network/*-bmc-gbmcbr.network + touch -c /etc/systemd/network/*-bmc-@NCSI_IF@.network + + if [ "$(systemctl is-active systemd-networkd)" != 'inactive' ]; then + networkctl reload + networkctl reconfigure gbmcbr + fi + + read -r -d '' contents <"$rfile" + systemctl reset-failed nftables + systemctl --no-block restart nftables + + old_pfx="$pfx" + old_rtr="$rtr" + fi + done < <(rdisc6 -d -m @NCSI_IF@ -w $(( w * 1000 )) 2>/dev/null) + # If rdisc6 exits early we still want to wait the full `w` time before + # starting again. + (( timeout = start + w - SECONDS )) + sleep $(( timeout < 0 ? 0 : timeout )) +done diff --git a/meta-google/recipes-google/ncsi/gbmc-ncsi-config.bb b/meta-google/recipes-google/ncsi/gbmc-ncsi-config.bb index 0302ed836..29cf9c3f0 100644 --- a/meta-google/recipes-google/ncsi/gbmc-ncsi-config.bb +++ b/meta-google/recipes-google/ncsi/gbmc-ncsi-config.bb @@ -12,6 +12,8 @@ SRC_URI += " \ file://-bmc-gbmcncsidhcp.network \ file://50-gbmc-ncsi.rules.in \ file://gbmc-ncsi-dhcrelay.service.in \ + file://gbmc-ncsi-ip-from-ra.service.in \ + file://gbmc-ncsi-ip-from-ra.sh.in \ file://gbmc-ncsi-sslh.socket.in \ file://gbmc-ncsi-sslh.service \ file://gbmc-ncsi-nft.sh.in \ @@ -39,6 +41,7 @@ SYSTEMD_SERVICE:${PN} += " \ gbmc-ncsi-sslh.service \ gbmc-ncsi-sslh.socket \ gbmc-ncsi-set-nicenabled.service \ + gbmc-ncsi-ip-from-ra.service \ " do_install:append() { @@ -100,6 +103,14 @@ do_install:append() { sed "s,@NCSI_IF@,$if_name,g" ${WORKDIR}/gbmc-ncsi-dhcrelay.service.in \ >${D}${systemd_system_unitdir}/gbmc-ncsi-dhcrelay.service + + sed "s,@NCSI_IF@,$if_name,g" ${WORKDIR}/gbmc-ncsi-ip-from-ra.service.in \ + >${WORKDIR}/gbmc-ncsi-ip-from-ra.service + install -m0644 ${WORKDIR}/gbmc-ncsi-ip-from-ra.service ${D}${systemd_system_unitdir} + sed "s,@NCSI_IF@,$if_name,g" ${WORKDIR}/gbmc-ncsi-ip-from-ra.sh.in \ + >${WORKDIR}/gbmc-ncsi-ip-from-ra.sh + install -d -m0755 ${D}${libexecdir} + install -m0755 ${WORKDIR}/gbmc-ncsi-ip-from-ra.sh ${D}${libexecdir}/ } do_rm_work:prepend() { -- cgit v1.2.3 From bb9fb95ffc2dcd537ff0a948441700e8812af60b Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Mon, 27 Sep 2021 18:10:27 -0700 Subject: meta-google: gbmc-ncsi-config: Parse hostnames from RA We need the hostname to be properly configured in order to login with GLOME. This derives the hostname from the FQDN that is passed via the DNS list in the RA messages from the smart NIC. Change-Id: I4e7a414b6b75bfb227df5763917e9e5d09579d7d Signed-off-by: William A. Kennington III --- .../recipes-google/ncsi/files/gbmc-ncsi-ip-from-ra.sh.in | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'meta-google') diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-ip-from-ra.sh.in b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-ip-from-ra.sh.in index e4ee10d49..7ba159fcf 100755 --- a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-ip-from-ra.sh.in +++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-ip-from-ra.sh.in @@ -25,15 +25,20 @@ while true; do while read line; do if [ -z "$line" ]; then pfx= + host= elif [[ "$line" =~ ^Prefix' '*:' '*(.*)/([0-9]+)$ ]]; then t_pfx="${BASH_REMATCH[1]}" t_pfx_len="${BASH_REMATCH[2]}" ip_to_bytes t_pfx_b "$t_pfx" || continue (( t_pfx_len == 76 && t_pfx_b[8] & 0xfd == 0xfd )) || continue (( t_pfx_b[9] |= 1 )) + hextet="fd$(printf '%02x' ${t_pfx_b[9]})" pfx="$(ip_bytes_to_str t_pfx_b)" (( t_pfx_b[9] &= 0xf0 )) stateless_pfx="$(ip_bytes_to_str t_pfx_b)" + elif [[ "$line" =~ ^'DNS search list'' '*:' '*([^.-]*)[^.]*[.](.*.google.com)$ ]]; then + host="${BASH_REMATCH[1]}" + domain="${BASH_REMATCH[2]}" elif [[ "$line" =~ ^from' '(.*)$ ]]; then rtr="${BASH_REMATCH[1]}" (( "${#pfx}" != 0 )) || continue @@ -102,6 +107,11 @@ EOF systemctl reset-failed nftables systemctl --no-block restart nftables + # Set the machine hostname if discovered + if [ -n "$host" ]; then + hostnamectl set-hostname "$host-n$hextet.$domain" + fi + old_pfx="$pfx" old_rtr="$rtr" fi -- cgit v1.2.3 From e0599f220c5c9aacab2f37667d455082f72666fc Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Wed, 29 Sep 2021 13:15:35 -0700 Subject: meta-google: glome: Bump b7084b5c..02f7d272 Copybara-Service (1): Merge pull request #96 from l9i:go-presubmit Piotr Lewandowski (3): Print the ouptut of `gofmt -d` (if any) Print the output of `gofmt -d` (if any) Merge branch 'go-presubmit' of github.com:l9i/glome into go-presubmit William A. Kennington III (1): login/login: Remove glib url escap Change-Id: Ief099a8ebec5d78ce256e32dacb5cf90173bcfc9 Signed-off-by: William A. Kennington III --- meta-google/recipes-google/console/glome_git.bb | 26 +++++++++++++++++++++++ meta-google/recipes-phosphor/console/glome_git.bb | 26 ----------------------- 2 files changed, 26 insertions(+), 26 deletions(-) create mode 100644 meta-google/recipes-google/console/glome_git.bb delete mode 100644 meta-google/recipes-phosphor/console/glome_git.bb (limited to 'meta-google') diff --git a/meta-google/recipes-google/console/glome_git.bb b/meta-google/recipes-google/console/glome_git.bb new file mode 100644 index 000000000..b302e72ef --- /dev/null +++ b/meta-google/recipes-google/console/glome_git.bb @@ -0,0 +1,26 @@ +SUMMARY = "GLOME Login Client" +DESCRIPTION = "GLOME login is first application of the GLOME protocol. It is used to authorize serial console access to Linux machines" +PR = "r1" +PV = "0.1+git${SRCPV}" + +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +inherit meson pkgconfig + +DEPENDS += " \ + openssl \ + glib-2.0 \ + " + +S = "${WORKDIR}/git" +SRC_URI = "git://github.com/google/glome.git" +SRCREV = "02f7d2722a2eb303f1f02d0c2ce97a65f8273662" + +FILES_${PN} += "${libdir}/security" + +PACKAGECONFIG ??= "" +PACKAGECONFIG[glome-cli] = "-Dglome-cli=true,-Dglome-cli=false" +PACKAGECONFIG[pam-glome] = "-Dpam-glome=true,-Dpam-glome=false,libpam" + +EXTRA_OEMESON = "-Dtests=disabled" diff --git a/meta-google/recipes-phosphor/console/glome_git.bb b/meta-google/recipes-phosphor/console/glome_git.bb deleted file mode 100644 index 4750de8be..000000000 --- a/meta-google/recipes-phosphor/console/glome_git.bb +++ /dev/null @@ -1,26 +0,0 @@ -SUMMARY = "GLOME Login Client" -DESCRIPTION = "GLOME login is first application of the GLOME protocol. It is used to authorize serial console access to Linux machines" -PR = "r1" -PV = "0.1+git${SRCPV}" - -LICENSE = "Apache-2.0" -LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" - -inherit meson pkgconfig - -DEPENDS += " \ - openssl \ - glib-2.0 \ - " - -S = "${WORKDIR}/git" -SRC_URI = "git://github.com/google/glome.git" -SRCREV = "b7084b5c60682a0b4f4ae3f2ec6048e65212c377" - -FILES_${PN} += "${libdir}/security" - -PACKAGECONFIG ??= "" -PACKAGECONFIG[glome-cli] = "-Dglome-cli=true,-Dglome-cli=false" -PACKAGECONFIG[pam-glome] = "-Dpam-glome=true,-Dpam-glome=false,libpam" - -EXTRA_OEMESON = "-Dtests=disabled" -- cgit v1.2.3 From b4b990987266b46a93ed1df969057278af1a1f88 Mon Sep 17 00:00:00 2001 From: Willy Tu Date: Mon, 27 Sep 2021 14:25:55 -0700 Subject: Revert "Revert "meta-google: Add libcr51sign bitbake file"" This reverts commit f10df3ffeb8d695167c95530ab2c1022e3d02103. https://gerrit.openbmc-project.xyz/c/openbmc/openbmc/+/47253 is submitted and libcr51sign is ready for use. Change-Id: I646dcf872d495d4baf18b9c4dc6149f576e6761d Signed-off-by: Willy Tu --- meta-google/recipes-google/libcr51sign/libcr51sign_git.bb | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 meta-google/recipes-google/libcr51sign/libcr51sign_git.bb (limited to 'meta-google') diff --git a/meta-google/recipes-google/libcr51sign/libcr51sign_git.bb b/meta-google/recipes-google/libcr51sign/libcr51sign_git.bb new file mode 100644 index 000000000..c4fd78ca0 --- /dev/null +++ b/meta-google/recipes-google/libcr51sign/libcr51sign_git.bb @@ -0,0 +1,11 @@ +SUMMARY = "Google libcr51sign" +DESCRIPTION = "Google libcr51sign" +GOOGLE_MISC_PROJ = "libcr51sign" + +require ../google-misc/google-misc.inc + +inherit pkgconfig + +DEPENDS += " \ + openssl \ +" -- cgit v1.2.3 From 59574596499bcf503efbeb74e379d86c76fca90b Mon Sep 17 00:00:00 2001 From: Willy Tu Date: Mon, 27 Sep 2021 14:32:15 -0700 Subject: meta-google: Add google-bios-key bitbake file Add the public Google BIOS keys for gBMC Change-Id: Id60b5f2d5bf9f6b7491959ad17c79698ade570ad Signed-off-by: Willy Tu --- .../google-bios-key/google-bios-key/platforms_bringup.pem | 14 ++++++++++++++ .../google-bios-key/google-bios-key/platforms_secure.pem | 14 ++++++++++++++ .../recipes-google/google-bios-key/google-bios-key_git.bb | 14 ++++++++++++++ 3 files changed, 42 insertions(+) create mode 100644 meta-google/recipes-google/google-bios-key/google-bios-key/platforms_bringup.pem create mode 100644 meta-google/recipes-google/google-bios-key/google-bios-key/platforms_secure.pem create mode 100644 meta-google/recipes-google/google-bios-key/google-bios-key_git.bb (limited to 'meta-google') diff --git a/meta-google/recipes-google/google-bios-key/google-bios-key/platforms_bringup.pem b/meta-google/recipes-google/google-bios-key/google-bios-key/platforms_bringup.pem new file mode 100644 index 000000000..85fbd5b54 --- /dev/null +++ b/meta-google/recipes-google/google-bios-key/google-bios-key/platforms_bringup.pem @@ -0,0 +1,14 @@ +-----BEGIN PUBLIC KEY----- +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq1licj5L+p5orm2eQsjW +7z1L5As2q0ZbyFtE/xeH/8NAbKfTA1LSKiqElcPTM47oFDixGtCm7bubcClWT8Uq +Ol6t4CITlgRLFPP06z63mnE83EKj1ZBTATgtO+PN1P/RrQXp0pCPy0AFYtWZPT4J +GzxACBwVI/XEuUnCOG4ErXLfgfPZadOMUmP9X5pXeyBgN/al0vThIVpQ7DUix6jd +awYd2AwM1TG9qRX1Fmlsut9zUGDoqEOCAdIgx5z9GOTfwzbIg1NWk12iLQyufJ4P +FAa4a5QVZYTKcDUNYadx7Qwg/gNspiAIdtB/1ORz1ew1d1csCHqUZcgkCwtaqMYg +ZiQ6+7tpJY0vnWyaNXcylOvmZjOlovV3i5NUJ/r74bDC8U+5XKH3ZSmhA6AsnA54 +QnNHLgsnG89JvfBP2c9UJqb49sw6VkEE3Y8lc134QBaLU3N3LmRVmM4zzPRGbbEK ++nmZtBztbKiSHTqMoYGCY5aN1peQdzgNYk5P8mnVWzAIh5y1MzxkEVeu82/zCj+/ +T54D3jS+a/jxAGnUUmTMYsOYXNqJsPKz36qvrFLstSjrjHVEZjniaetjAuWtVGsO +DziPDyywN14iIeR5HdNpqeJ6mCZnY2rLtBzIZRK/JK0LpCvqdEmqg2u/J2Vx2ClE +DnNnPSr8XSpsFkaxGYyFjEUCAwEAAQ== +-----END PUBLIC KEY----- diff --git a/meta-google/recipes-google/google-bios-key/google-bios-key/platforms_secure.pem b/meta-google/recipes-google/google-bios-key/google-bios-key/platforms_secure.pem new file mode 100644 index 000000000..6519411e9 --- /dev/null +++ b/meta-google/recipes-google/google-bios-key/google-bios-key/platforms_secure.pem @@ -0,0 +1,14 @@ +-----BEGIN PUBLIC KEY----- +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzCYi0R3IiNenOlVNlpOC +mIZ/0nq6OGS5Dt1Yex5nr7/bIr+Phk7mct+V7gMJzfdyCOI3n2S2sGDWADUNfvDJ +LQgV4xOfoUwhzQ292cp2UFUrPblfZaz0C5x7BRVtj7yfBp8FRFVSpZTNI6QjEQ6m +JxVh5C8CYjdQQJLz+wayVZTk72z0iaSBdua+eZYrAc3+ckTvTWJ9V7yO40iyJOXQ +ixxHo/p49oHoNp4+q0a6DYYmjka6MESeFbbkND5PkyNV4+vAbgtzkoGnnutk+zQ3 +K374d9+aOqXlbLBXAUaNkfnF1XjUYQFLrNkFbvOqYura1mBxWuz/OIAfbWxQltzo +6cYl0YNw7zbHzSwiTPvt31wxg9EqqIV7QD4hXLAgoclJIK5vhUqIbn3kjSwOv2Rv +MQ17wLeCkYaxL4Ovscx6lDnOw+Y76KGia5zky0GvidjaDgzUZTt46/uOtjxxXy5k +KhDwqs1QoU0LKBvJL8O7bYj6t0LLQTsI2UW9szVGGsiKB3l0SfIzfvz6eNNng7Uf +T9zLPW9jq0BGG61KiYK+Dy/0JwauPub3WzcZwSXnl1OCMLD90HIA2/YsFtfE+mm/ +Wlta+cR3REHd//DiRlkT59K0H5H8JBrJKhkAVi/gzqoAYhLAOj9irWzsZ2Assm74 +oa3/lWlmVsKQTAGOCQFeAHsCAwEAAQ== +-----END PUBLIC KEY----- diff --git a/meta-google/recipes-google/google-bios-key/google-bios-key_git.bb b/meta-google/recipes-google/google-bios-key/google-bios-key_git.bb new file mode 100644 index 000000000..b57fe1515 --- /dev/null +++ b/meta-google/recipes-google/google-bios-key/google-bios-key_git.bb @@ -0,0 +1,14 @@ +SUMMARY = "Google BIOS Public Keys" +DESCRIPTION = "Google BIOS Public Keys" +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10" + +FILESEXTRAPATHS:prepend:gbmc := "${THISDIR}/${PN}:" + +SRC_URI:append:gbmc = " \ + file://platforms_secure.pem \ + file://platforms_bringup.pem \ +" + +FILES:${PN} += "${WORKDIR}/platforms_secure.pem" +FILES:${PN} += "${WORKDIR}/platforms_bringup.pem" -- cgit v1.2.3 From d853cae6ef17df15656e8194b7cc4022a5533bd4 Mon Sep 17 00:00:00 2001 From: Andrew Geissler Date: Thu, 30 Sep 2021 00:20:17 +0000 Subject: google-misc: srcrev bump b163a2c1ba..700edceeed Willy Tu (1): Revert "bios-key: import from gBMC" Change-Id: Ie654c5507bd94633f65fe9f1a3ecac4a1e465d00 Signed-off-by: Andrew Geissler --- meta-google/recipes-google/google-misc/google-misc.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'meta-google') diff --git a/meta-google/recipes-google/google-misc/google-misc.inc b/meta-google/recipes-google/google-misc/google-misc.inc index f6caac1c0..07421d40a 100644 --- a/meta-google/recipes-google/google-misc/google-misc.inc +++ b/meta-google/recipes-google/google-misc/google-misc.inc @@ -6,7 +6,7 @@ LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://../../LICENSE;md5=34400b68072d710fecd0a2940a0d1658" SRC_URI += "git://github.com/openbmc/google-misc" -SRCREV = "b163a2c1baca3112d420258f0e347e88afce5379" +SRCREV = "700edceeed28ee35ab1701a72d8e2f522d170bc4" S = "${WORKDIR}/git/subprojects/${GOOGLE_MISC_PROJ}" inherit meson -- cgit v1.2.3 From b03ef8c7e2a7b53d2bcab0c0bfb4c97aaa8509b9 Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Fri, 1 Oct 2021 01:16:24 -0700 Subject: meta-google: gbmc-ncsi-config: Fix missing bash rdep The scripts distributed with this recipe depend on bash at runtime, causing sanity check failures without proper specification. Change-Id: I32e4ad135ca94c3f0f707ca7d48f5c3fa29d2441 Signed-off-by: William A. Kennington III --- meta-google/recipes-google/ncsi/gbmc-ncsi-config.bb | 1 + 1 file changed, 1 insertion(+) (limited to 'meta-google') diff --git a/meta-google/recipes-google/ncsi/gbmc-ncsi-config.bb b/meta-google/recipes-google/ncsi/gbmc-ncsi-config.bb index 29cf9c3f0..4ae9d1994 100644 --- a/meta-google/recipes-google/ncsi/gbmc-ncsi-config.bb +++ b/meta-google/recipes-google/ncsi/gbmc-ncsi-config.bb @@ -24,6 +24,7 @@ SRC_URI += " \ S = "${WORKDIR}" RDEPENDS:${PN} += " \ + bash \ dhcp-relay \ gbmc-ip-monitor \ ncsid \ -- cgit v1.2.3 From a971dac04754ba3ddf6f6c20a0fc2ecfe46127de Mon Sep 17 00:00:00 2001 From: Willy Tu Date: Fri, 1 Oct 2021 16:56:41 -0700 Subject: meta-google: os-release: Add dev/prod image type Add dev/prod image type to /etc/os-release. Tested: Built with GBMC_CONFIG=dev bitbake obmc-phosphor-image ``` cat /etc/os-release ID=gbmc NAME="gBMC (OpenBMC + Google customizations)" VERSION="gbmc-release" VERSION_ID=gbmc-release-0.5.0.0 PRETTY_NAME="gBMC (OpenBMC + Google customizations) gbmc-release" BUILD_ID="2.11.0-dev" IMAGE_TYPE="dev" ``` Change-Id: I355e6069b08107717fb406b6b603ce4ce5264ff3 Signed-off-by: Willy Tu --- meta-google/recipes-core/os-release/os-release.bbappend | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'meta-google') diff --git a/meta-google/recipes-core/os-release/os-release.bbappend b/meta-google/recipes-core/os-release/os-release.bbappend index 8c61bbccf..f6b7cc152 100644 --- a/meta-google/recipes-core/os-release/os-release.bbappend +++ b/meta-google/recipes-core/os-release/os-release.bbappend @@ -7,4 +7,5 @@ python() { d.setVar("BUILD_MEMO", memo) } -OS_RELEASE_FIELDS:append = " BUILD_MEMO" +IMAGE_TYPE = "${GBMC_CONFIG}" +OS_RELEASE_FIELDS:append = " BUILD_MEMO IMAGE_TYPE" -- cgit v1.2.3 From 609d48731fd3758910ed5a68d5ce1d6e80c2dfd3 Mon Sep 17 00:00:00 2001 From: "Anton D. Kachalov" Date: Fri, 19 Mar 2021 11:30:43 +0100 Subject: certificate-manager: supply configs from the repo This change is a part of the privilege seperation work which is tracked in: https://github.com/openbmc/openbmc/issues/3383 This change should be merged after individual repo change: https://gerrit.openbmc-project.xyz/c/openbmc/phosphor-certificate-manager/+/41166 Signed-off-by: Anton D. Kachalov Change-Id: I72e4842e7aa6de2ae4bcbdbf00953b7a79a0f414 --- .../packagegroups/packagegroup-obmc-apps.bbappend | 2 +- .../certificate/phosphor-bmcweb-cert-config.bb | 30 ---------------------- .../certificate/phosphor-bmcweb-cert-config/env | 12 --------- .../phosphor-certificate-manager@.service | 11 -------- .../phosphor-certificate-manager_git.bb | 22 +++++++++++----- .../phosphor-nslcd-authority-cert-config.bb | 30 ---------------------- .../phosphor-nslcd-authority-cert-config/env | 12 --------- .../packagegroups/packagegroup-obmc-apps.bb | 3 +-- .../images/obmc-phosphor-image.bbappend | 3 +-- 9 files changed, 19 insertions(+), 106 deletions(-) delete mode 100644 meta-phosphor/recipes-phosphor/certificate/phosphor-bmcweb-cert-config.bb delete mode 100644 meta-phosphor/recipes-phosphor/certificate/phosphor-bmcweb-cert-config/env delete mode 100644 meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager/phosphor-certificate-manager@.service delete mode 100644 meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config.bb delete mode 100644 meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config/env (limited to 'meta-google') diff --git a/meta-google/recipes-phosphor/packagegroups/packagegroup-obmc-apps.bbappend b/meta-google/recipes-phosphor/packagegroups/packagegroup-obmc-apps.bbappend index 46135c3d5..76ec9a53c 100644 --- a/meta-google/recipes-phosphor/packagegroups/packagegroup-obmc-apps.bbappend +++ b/meta-google/recipes-phosphor/packagegroups/packagegroup-obmc-apps.bbappend @@ -8,4 +8,4 @@ RDEPENDS:${PN}-extras:remove:gbmc = "phosphor-nslcd-authority-cert-config" RDEPENDS:${PN}-extrasdev:remove:gbmc = "rest-dbus" # Disable bmcweb for gbmc machines without redfish. -RDEPENDS:${PN}-extras:remove:gbmc = '${@bb.utils.contains:any("MACHINE_FEATURES", ['redfish'], "", "bmcweb phosphor-bmcweb-cert-config", d)}' +RDEPENDS:${PN}-extras:remove:gbmc = '${@bb.utils.contains:any("MACHINE_FEATURES", ['redfish'], "", "bmcweb", d)}' diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-bmcweb-cert-config.bb b/meta-phosphor/recipes-phosphor/certificate/phosphor-bmcweb-cert-config.bb deleted file mode 100644 index 1d9f5a3b1..000000000 --- a/meta-phosphor/recipes-phosphor/certificate/phosphor-bmcweb-cert-config.bb +++ /dev/null @@ -1,30 +0,0 @@ -SUMMARY = "Phosphor certificate manager configuration for a bmcweb service" - -PR = "r1" - -LICENSE = "Apache-2.0" -LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10" - -RDEPENDS:${PN} = "phosphor-certificate-manager" - -inherit allarch - -SRC_URI = "file://env" - -FILES:${PN} = "${datadir}" - -do_install() { - install -D ${WORKDIR}/env ${D}/${datadir}/phosphor-certificate-manager/bmcweb -} - -pkg_postinst:${PN}() { - LINK="$D$systemd_system_unitdir/multi-user.target.wants/phosphor-certificate-manager@bmcweb.service" - TARGET="../phosphor-certificate-manager@.service" - mkdir -p $D$systemd_system_unitdir/multi-user.target.wants - ln -s $TARGET $LINK -} - -pkg_prerm:${PN}() { - LINK="$D$systemd_system_unitdir/multi-user.target.wants/phosphor-certificate-manager@bmcweb.service" - rm $LINK -} diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-bmcweb-cert-config/env b/meta-phosphor/recipes-phosphor/certificate/phosphor-bmcweb-cert-config/env deleted file mode 100644 index af4899a30..000000000 --- a/meta-phosphor/recipes-phosphor/certificate/phosphor-bmcweb-cert-config/env +++ /dev/null @@ -1,12 +0,0 @@ -#D-Bus object path -#example: /xyz/openbmc_project/certs/server/https -ENDPOINT=https - -#Path for the certificate file -CERTPATH=/etc/ssl/certs/https/server.pem - -#Units to restart -UNIT=bmcweb.service - -#Type of the service client/server -TYPE=server diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager/phosphor-certificate-manager@.service b/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager/phosphor-certificate-manager@.service deleted file mode 100644 index 255906fab..000000000 --- a/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager/phosphor-certificate-manager@.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=Phosphor certificate manager for %I - -[Service] -EnvironmentFile=/usr/share/phosphor-certificate-manager/%I -ExecStart=/usr/bin/env phosphor-certificate-manager --endpoint=${{ENDPOINT}} --path=${{CERTPATH}} --unit=${{UNIT}} --type=${{TYPE}} -SyslogIdentifier=phosphor-certificate-manager -Restart=always - -[Install] -WantedBy=multi-user.target diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager_git.bb b/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager_git.bb index 30730a4e3..d2a7e4fc4 100644 --- a/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager_git.bb +++ b/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager_git.bb @@ -9,14 +9,15 @@ LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327" SRC_URI = "git://github.com/openbmc/phosphor-certificate-manager" -SRCREV = "811a29e1941db0157f49d2e05491be945f7b2f07" +SRCREV = "6dd1c2ad86507202dd55c533559e253f846e99c8" inherit autotools \ pkgconfig \ - obmc-phosphor-systemd + systemd DEPENDS = " \ autoconf-archive-native \ + dbus \ openssl \ phosphor-dbus-interfaces \ phosphor-logging \ @@ -28,9 +29,18 @@ S = "${WORKDIR}/git" EXTRA_OECONF += "--disable-tests" -CERT_TMPL = "phosphor-certificate-manager@.service" -SYSTEMD_SERVICE:${PN} = "${CERT_TMPL}" +SYSTEMD_SERVICE:${PN} = "phosphor-certificate-manager@.service" -PACKAGECONFIG ??= "" +PACKAGECONFIG ??= "bmcweb-cert nslcd-authority-cert" PACKAGECONFIG[ibm-hypervisor-cert] = "--enable-ca-cert-extension,," -SYSTEMD_SERVICE:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'ibm-hypervisor-cert', 'bmc-vmi-ca-manager.service', '', d)}" +PACKAGECONFIG[bmcweb-cert] = "--enable-bmcweb-cert-config,," +PACKAGECONFIG[nslcd-authority-cert] = "--enable-nslcd-authority-cert-config,," + +SYSTEMD_SERVICE:${PN} = " \ + phosphor-certificate-manager@.service \ + ${@bb.utils.contains('PACKAGECONFIG', 'ibm-hypervisor-cert', 'bmc-vmi-ca-manager.service', '', d)} \ + ${@bb.utils.contains('PACKAGECONFIG', 'nslcd-authority-cert', 'phosphor-certificate-manager@authority.service', '', d)} \ + ${@bb.utils.contains('PACKAGECONFIG', 'bmcweb', 'phosphor-certificate-manager@bmcweb.service', '', d)} \ + " + +FILES:${PN}:append = " ${sysconfdir}/dbus-1 ${base_libdir} ${datadir} ${bindir}" diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config.bb b/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config.bb deleted file mode 100644 index c847b6d7b..000000000 --- a/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config.bb +++ /dev/null @@ -1,30 +0,0 @@ -SUMMARY = "Phosphor certificate manager configuration for an nslcd authority service" - -PR = "r1" - -LICENSE = "Apache-2.0" -LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10" - -RDEPENDS:${PN} = "phosphor-certificate-manager" - -inherit allarch - -SRC_URI = "file://env" - -FILES:${PN} = "${datadir}" - -do_install() { - install -D ${WORKDIR}/env ${D}/${datadir}/phosphor-certificate-manager/authority -} - -pkg_postinst:${PN}() { - LINK="$D$systemd_system_unitdir/multi-user.target.wants/phosphor-certificate-manager@authority.service" - TARGET="../phosphor-certificate-manager@.service" - mkdir -p $D$systemd_system_unitdir/multi-user.target.wants - ln -s $TARGET $LINK -} - -pkg_prerm:${PN}() { - LINK="$D$systemd_system_unitdir/multi-user.target.wants/phosphor-certificate-manager@authority.service" - rm $LINK -} diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config/env b/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config/env deleted file mode 100644 index d2e8814cb..000000000 --- a/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config/env +++ /dev/null @@ -1,12 +0,0 @@ -#REST URI endpoint -#example: /xyz/openbmc_project/certs/authority/ldap -ENDPOINT=ldap - -#Path for the certificate file -CERTPATH=/etc/ssl/certs/authority - -#Units to restart -UNIT=bmcweb.service - -#Type of service -TYPE=authority diff --git a/meta-phosphor/recipes-phosphor/packagegroups/packagegroup-obmc-apps.bb b/meta-phosphor/recipes-phosphor/packagegroups/packagegroup-obmc-apps.bb index e6c223e7a..c035c6dcb 100644 --- a/meta-phosphor/recipes-phosphor/packagegroups/packagegroup-obmc-apps.bb +++ b/meta-phosphor/recipes-phosphor/packagegroups/packagegroup-obmc-apps.bb @@ -43,7 +43,7 @@ RDEPENDS:${PN}-bmc-state-mgmt = " \ SUMMARY:${PN}-bmcweb = "bmcweb support" RDEPENDS:${PN}-bmcweb = " \ bmcweb \ - phosphor-bmcweb-cert-config \ + phosphor-certificate-manager \ " SUMMARY:${PN}-chassis-state-mgmt = "Chassis state management" @@ -196,5 +196,4 @@ RDEPENDS:${PN}-user-mgmt-ldap = " \ nss-pam-ldapd \ phosphor-ldap \ phosphor-nslcd-cert-config \ - phosphor-nslcd-authority-cert-config \ " diff --git a/meta-quanta/meta-gbs/recipes-phosphor/images/obmc-phosphor-image.bbappend b/meta-quanta/meta-gbs/recipes-phosphor/images/obmc-phosphor-image.bbappend index 9860495ea..505390146 100644 --- a/meta-quanta/meta-gbs/recipes-phosphor/images/obmc-phosphor-image.bbappend +++ b/meta-quanta/meta-gbs/recipes-phosphor/images/obmc-phosphor-image.bbappend @@ -28,8 +28,7 @@ OBMC_IMAGE_EXTRA_INSTALL:append:gbs = " phosphor-hwmon" OBMC_IMAGE_EXTRA_INSTALL:append:gbs = " phosphor-inventory-manager" # Required for obmc-bmcweb OBMC_IMAGE_EXTRA_INSTALL:append:gbs = " bmcweb" -OBMC_IMAGE_EXTRA_INSTALL:append:gbs = " phosphor-bmcweb-cert-config" -OBMC_IMAGE_EXTRA_INSTALL:append:gbs = " phosphor-nslcd-authority-cert-config" +OBMC_IMAGE_EXTRA_INSTALL:append:gbs = " phosphor-certificate-manager" OBMC_IMAGE_EXTRA_INSTALL:append:gbs = " phosphor-user-manager" # Required for LEDs. Part of obmc-leds OBMC_IMAGE_EXTRA_INSTALL:append:gbs = " ${VIRTUAL-RUNTIME_obmc-leds-manager}" -- cgit v1.2.3 From d434d427128cc61136ac4ce4d15a5ab37293cd08 Mon Sep 17 00:00:00 2001 From: Willy Tu Date: Sun, 10 Oct 2021 13:39:51 -0700 Subject: meta-google: Remove ztai from MAINTAINERS list Change-Id: I0012555a65b0d9f67c62e14a5890a21cdff31ee5 Signed-off-by: Willy Tu --- meta-google/MAINTAINERS | 1 - 1 file changed, 1 deletion(-) (limited to 'meta-google') diff --git a/meta-google/MAINTAINERS b/meta-google/MAINTAINERS index 52bbc037e..27ea1b5e9 100644 --- a/meta-google/MAINTAINERS +++ b/meta-google/MAINTAINERS @@ -48,5 +48,4 @@ M: Benjamin Fair M: Ed Tanous M: Brandon Kim M: Willy Tu -M: Zhenfei Tai M: Nan Zhou -- cgit v1.2.3 From 50702e118976f4030d25f94975454c7ee92c7621 Mon Sep 17 00:00:00 2001 From: Willy Tu Date: Tue, 12 Oct 2021 18:13:59 -0700 Subject: google-bios-key: Install public bios key Tested: ``` $ find -name platforms_secure.pem ./tmp/sysroots-components/armv7a/google-bios-key/usr/share/google-bios-key/platforms_secure.pem ./tmp/sysroots-components/armv7a/google-bios-key/usr/share/platforms_secure.pem $ ls -l ./tmp/sysroots-components/armv7a/google-bios-key/usr/share/platforms_secure.pem lrwxrwxrwx 2 build build 36 Oct 13 08:09 ./tmp/sysroots-components/armv7a/google-bios-key/usr/share/platforms_secure.pem -> google-bios-key/platforms_secure.pem $ find -name platforms_bringup.pem ./tmp/sysroots-components/armv7a/google-bios-key/usr/share/platforms_bringup.pem ./tmp/sysroots-components/armv7a/google-bios-key/usr/share/google-bios-key/platforms_bringup.pem $ ls -l ./tmp/sysroots-components/armv7a/google-bios-key/usr/share/platforms_bringup.pem lrwxrwxrwx 2 build build 37 Oct 13 08:09 ./tmp/sysroots-components/armv7a/google-bios-key/usr/share/platforms_bringup.pem -> google-bios-key/platforms_bringup.pem ``` Change-Id: I38a4dcb5daa77bc2acf28ac19cdde07f22d8ba44 Signed-off-by: Willy Tu --- .../google-bios-key/google-bios-key_git.bb | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) (limited to 'meta-google') diff --git a/meta-google/recipes-google/google-bios-key/google-bios-key_git.bb b/meta-google/recipes-google/google-bios-key/google-bios-key_git.bb index b57fe1515..5e41a7977 100644 --- a/meta-google/recipes-google/google-bios-key/google-bios-key_git.bb +++ b/meta-google/recipes-google/google-bios-key/google-bios-key_git.bb @@ -10,5 +10,17 @@ SRC_URI:append:gbmc = " \ file://platforms_bringup.pem \ " -FILES:${PN} += "${WORKDIR}/platforms_secure.pem" -FILES:${PN} += "${WORKDIR}/platforms_bringup.pem" + +FILES:${PN} += "${datadir}/google-bios-key/platforms_secure.pem" +FILES:${PN} += "${datadir}/google-bios-key/platforms_bringup.pem" +FILES:${PN} += "${datadir}/platforms_secure.pem" +FILES:${PN} += "${datadir}/platforms_bringup.pem" + +do_install() { + install -d ${D}${datadir}/google-bios-key + install -m 0644 ${WORKDIR}/platforms_secure.pem ${D}${datadir}/google-bios-key + install -m 0644 ${WORKDIR}/platforms_bringup.pem ${D}${datadir}/google-bios-key + + ln -s -r ${D}${datadir}/google-bios-key/platforms_secure.pem ${D}${datadir}/platforms_secure.pem + ln -s -r ${D}${datadir}/google-bios-key/platforms_bringup.pem ${D}${datadir}/platforms_bringup.pem +} -- cgit v1.2.3 From 7f254da9c971251065581a7480818f9ba33bbc26 Mon Sep 17 00:00:00 2001 From: Willy Tu Date: Tue, 12 Oct 2021 20:06:45 -0700 Subject: google-bios-key: remove _git from bb file name Change-Id: Ieaa81c38a107ea17f6901dded3583f93f48a4e98 Signed-off-by: Willy Tu --- .../google-bios-key/google-bios-key.bb | 26 ++++++++++++++++++++++ .../google-bios-key/google-bios-key_git.bb | 26 ---------------------- 2 files changed, 26 insertions(+), 26 deletions(-) create mode 100644 meta-google/recipes-google/google-bios-key/google-bios-key.bb delete mode 100644 meta-google/recipes-google/google-bios-key/google-bios-key_git.bb (limited to 'meta-google') diff --git a/meta-google/recipes-google/google-bios-key/google-bios-key.bb b/meta-google/recipes-google/google-bios-key/google-bios-key.bb new file mode 100644 index 000000000..5e41a7977 --- /dev/null +++ b/meta-google/recipes-google/google-bios-key/google-bios-key.bb @@ -0,0 +1,26 @@ +SUMMARY = "Google BIOS Public Keys" +DESCRIPTION = "Google BIOS Public Keys" +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10" + +FILESEXTRAPATHS:prepend:gbmc := "${THISDIR}/${PN}:" + +SRC_URI:append:gbmc = " \ + file://platforms_secure.pem \ + file://platforms_bringup.pem \ +" + + +FILES:${PN} += "${datadir}/google-bios-key/platforms_secure.pem" +FILES:${PN} += "${datadir}/google-bios-key/platforms_bringup.pem" +FILES:${PN} += "${datadir}/platforms_secure.pem" +FILES:${PN} += "${datadir}/platforms_bringup.pem" + +do_install() { + install -d ${D}${datadir}/google-bios-key + install -m 0644 ${WORKDIR}/platforms_secure.pem ${D}${datadir}/google-bios-key + install -m 0644 ${WORKDIR}/platforms_bringup.pem ${D}${datadir}/google-bios-key + + ln -s -r ${D}${datadir}/google-bios-key/platforms_secure.pem ${D}${datadir}/platforms_secure.pem + ln -s -r ${D}${datadir}/google-bios-key/platforms_bringup.pem ${D}${datadir}/platforms_bringup.pem +} diff --git a/meta-google/recipes-google/google-bios-key/google-bios-key_git.bb b/meta-google/recipes-google/google-bios-key/google-bios-key_git.bb deleted file mode 100644 index 5e41a7977..000000000 --- a/meta-google/recipes-google/google-bios-key/google-bios-key_git.bb +++ /dev/null @@ -1,26 +0,0 @@ -SUMMARY = "Google BIOS Public Keys" -DESCRIPTION = "Google BIOS Public Keys" -LICENSE = "Apache-2.0" -LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10" - -FILESEXTRAPATHS:prepend:gbmc := "${THISDIR}/${PN}:" - -SRC_URI:append:gbmc = " \ - file://platforms_secure.pem \ - file://platforms_bringup.pem \ -" - - -FILES:${PN} += "${datadir}/google-bios-key/platforms_secure.pem" -FILES:${PN} += "${datadir}/google-bios-key/platforms_bringup.pem" -FILES:${PN} += "${datadir}/platforms_secure.pem" -FILES:${PN} += "${datadir}/platforms_bringup.pem" - -do_install() { - install -d ${D}${datadir}/google-bios-key - install -m 0644 ${WORKDIR}/platforms_secure.pem ${D}${datadir}/google-bios-key - install -m 0644 ${WORKDIR}/platforms_bringup.pem ${D}${datadir}/google-bios-key - - ln -s -r ${D}${datadir}/google-bios-key/platforms_secure.pem ${D}${datadir}/platforms_secure.pem - ln -s -r ${D}${datadir}/google-bios-key/platforms_bringup.pem ${D}${datadir}/platforms_bringup.pem -} -- cgit v1.2.3 From a3a8ca972abf4f66788b14cf65bcbc62d6f6af0c Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Tue, 12 Oct 2021 23:18:52 -0700 Subject: meta-google: ipmi-fru-sh: Add method for initializing eeproms This makes it possible to create new specifications besides the default mapping of OF name to eeprom path. Right now this provides backward compatability with anything that uses of_name_to_eeprom and only provides a new explicit specifier for that specification. Change-Id: If02d9cb392a48e0698b10644d7ade3220bde3eb5 Signed-off-by: William A. Kennington III --- meta-google/recipes-google/ipmi/ipmi-fru-sh/lib.sh | 30 ++++++++++++++++++++-- 1 file changed, 28 insertions(+), 2 deletions(-) (limited to 'meta-google') diff --git a/meta-google/recipes-google/ipmi/ipmi-fru-sh/lib.sh b/meta-google/recipes-google/ipmi/ipmi-fru-sh/lib.sh index 335e0b21c..3ae0f0864 100644 --- a/meta-google/recipes-google/ipmi/ipmi-fru-sh/lib.sh +++ b/meta-google/recipes-google/ipmi/ipmi-fru-sh/lib.sh @@ -42,6 +42,32 @@ of_name_to_eeprom() { echo "$eeproms" } +declare -A IPMI_FRU_EEPROM_FILE=() + +ipmi_fru_alloc() { + local name="$1" + local -n ret="$2" + + # Pick the first free index to return as the allocated entry + for (( ret = 0; ret < "${#IPMI_FRU_EEPROM_FILE[@]}"; ++ret )); do + [ -n "${IPMI_FRU_EEPROM_FILE[@]+1}" ] || break + done + + if [[ "$name" =~ ^of-name:(.*)$ || "$name" =~ ^([^:]*)$ ]]; then + local ofn="${BASH_REMATCH[1]}" + local file + file="$(of_name_to_eeprom "$ofn")" || return + IPMI_FRU_EEPROM_FILE["$ret"]="$file" + else + echo "Invalid IPMI FRU eeprom specification: $name" >&2 + return 1 + fi +} + +ipmi_fru_free() { + unset 'IPMI_FRU_EEPROM_FILE[$1]' +} + checksum() { local -n checksum_arr="$1" local checksum=0 @@ -61,7 +87,7 @@ fix_checksum() { } read_bytes() { - local file="$1" + local file="${IPMI_FRU_EEPROM_FILE["$1"]-$1}" local offset="$2" local size="$3" @@ -71,7 +97,7 @@ read_bytes() { } write_bytes() { - local file="$1" + local file="${IPMI_FRU_EEPROM_FILE["$1"]-$1}" local offset="$2" local -n bytes_arr="$3" -- cgit v1.2.3 From 8924a621dbc7cadf57e882db6583cdc20af2b1dc Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Tue, 12 Oct 2021 23:23:33 -0700 Subject: meta-google: gbmc-mac-config: Use ipmi_fru_alloc This will allow us to implement other types of FRU path lookup mechanisms beyond the OF name one that is currently in use. This change is fully backward compatible. Change-Id: Icedecedc9fcaad75fa32c23142a0fd3dfa7f6c0d Signed-off-by: William A. Kennington III --- meta-google/recipes-google/networking/files/gbmc-mac-config.sh.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'meta-google') diff --git a/meta-google/recipes-google/networking/files/gbmc-mac-config.sh.in b/meta-google/recipes-google/networking/files/gbmc-mac-config.sh.in index a3430a65e..fa2f4bffe 100644 --- a/meta-google/recipes-google/networking/files/gbmc-mac-config.sh.in +++ b/meta-google/recipes-google/networking/files/gbmc-mac-config.sh.in @@ -15,7 +15,7 @@ source /usr/share/ipmi-fru/lib.sh || exit -eeprom="$(of_name_to_eeprom '@EEPROM@')" || exit +ipmi_fru_alloc '@EEPROM@' eeprom || exit header=() read_header "$eeprom" header || exit -- cgit v1.2.3 From a810614ad3f15e006f40f5214f9e85f93ccee37b Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Tue, 12 Oct 2021 23:25:05 -0700 Subject: meta-google: ipmi-fru-sh: Add lookup for FruDevice names This makes it possible to specify a FRU lookup by a dynamically discovered FRUs from entity manager. Change-Id: Icf83aa3eff1cbc08a8fa3f99754e5c10e3e583fc Signed-off-by: William A. Kennington III --- meta-google/recipes-google/ipmi/ipmi-fru-sh/lib.sh | 40 ++++++++++++++++++++++ 1 file changed, 40 insertions(+) (limited to 'meta-google') diff --git a/meta-google/recipes-google/ipmi/ipmi-fru-sh/lib.sh b/meta-google/recipes-google/ipmi/ipmi-fru-sh/lib.sh index 3ae0f0864..940be7fb0 100644 --- a/meta-google/recipes-google/ipmi/ipmi-fru-sh/lib.sh +++ b/meta-google/recipes-google/ipmi/ipmi-fru-sh/lib.sh @@ -44,6 +44,33 @@ of_name_to_eeprom() { declare -A IPMI_FRU_EEPROM_FILE=() +ipmi_fru_device_to_file() { + local fdn="$1" + + local json + json="$(busctl -j call xyz.openbmc_project.FruDevice \ + /xyz/openbmc_project/FruDevice/"$fdn" org.freedesktop.DBus.Properties \ + GetAll s xyz.openbmc_project.FruDevice)" || return 80 + + local jqq='.data[0] | (.BUS.data | tostring) + " " + (.ADDRESS.data | tostring)' + local busaddr + busaddr="$(echo "$json" | jq -r "$jqq")" || return + + # FRU 0 is hardcoded and FruDevice does not report the correct bus for it + # Hardcode a workaround for this specifically known bus + if [ "$busaddr" = '0 0' ]; then + echo "/etc/fru/baseboard.fru.bin" + else + local dev="$(printf '%d-%04x' $busaddr)" + local efile="/sys/bus/i2c/devices/$dev/eeprom" + # The at24 eeprom driver is not guaranteed to be bound + if [ ! -e "$efile" ]; then + echo "$dev" >/sys/bus/i2c/drivers/at24/bind || return + fi + echo "$efile" + fi +} + ipmi_fru_alloc() { local name="$1" local -n ret="$2" @@ -58,6 +85,19 @@ ipmi_fru_alloc() { local file file="$(of_name_to_eeprom "$ofn")" || return IPMI_FRU_EEPROM_FILE["$ret"]="$file" + elif [[ "$name" =~ ^frudev-name:(.*)$ ]]; then + local fdn="${BASH_REMATCH[1]}" + local start=$SECONDS + local file + while (( SECONDS - start < 60 )); do + local rc=0 + file="$(ipmi_fru_device_to_file "$fdn")" || rc=$? + (( rc == 0 )) && break + # Immediately return any errors, 80 is special to signify retry + (( rc != 80 )) && return $rc + sleep 1 + done + IPMI_FRU_EEPROM_FILE["$ret"]="$file" else echo "Invalid IPMI FRU eeprom specification: $name" >&2 return 1 -- cgit v1.2.3 From c71203f0567feac56a56d116f7a952cf4256eb45 Mon Sep 17 00:00:00 2001 From: Andrew Geissler Date: Thu, 14 Oct 2021 18:50:18 +0000 Subject: google-ipmi-sys: srcrev bump b69209b498..b4e3704c17 Willy Tu (5): build: Update to c++20 and meson >= 0.57.0 Add Google Copyright 2021 test: Replace the C++ MOCK_METHOD macros with the new MOCK_METHOD google-ipmi-sys: Refactor to use new version of OEM IPMI Handler google-ipmi-sys: Convert input to use std::span Change-Id: I4a4d3416bcc48ca1e4c902969d669a1a4aca6d2f Signed-off-by: Andrew Geissler --- meta-google/recipes-google/ipmi/google-ipmi-sys_git.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'meta-google') diff --git a/meta-google/recipes-google/ipmi/google-ipmi-sys_git.bb b/meta-google/recipes-google/ipmi/google-ipmi-sys_git.bb index 1310f7e00..727d57f59 100644 --- a/meta-google/recipes-google/ipmi/google-ipmi-sys_git.bb +++ b/meta-google/recipes-google/ipmi/google-ipmi-sys_git.bb @@ -19,7 +19,7 @@ DEPENDS += " \ S = "${WORKDIR}/git" SRC_URI = "git://github.com/openbmc/google-ipmi-sys" -SRCREV = "b69209b498bf9b1c009c528e40280d13e68f8dbd" +SRCREV = "b4e3704c17be6a081e3c713b8173edc973bf87d7" FILES:${PN} += "${libdir}/ipmid-providers" -- cgit v1.2.3 From a718f49a55d35b9a46851e42080e53e714a4bbb6 Mon Sep 17 00:00:00 2001 From: Andrew Geissler Date: Fri, 1 Oct 2021 08:00:28 +0000 Subject: google-misc: srcrev bump 700edceeed..9a76b6fbfb William A. Kennington III (1): ncsid: Fix update_ra_neighbor.sh license Change-Id: I337b95f18b2cbea64d4512ab15122fe0b694ac5a Signed-off-by: Andrew Geissler --- meta-google/recipes-google/google-misc/google-misc.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'meta-google') diff --git a/meta-google/recipes-google/google-misc/google-misc.inc b/meta-google/recipes-google/google-misc/google-misc.inc index 07421d40a..408c731ab 100644 --- a/meta-google/recipes-google/google-misc/google-misc.inc +++ b/meta-google/recipes-google/google-misc/google-misc.inc @@ -6,7 +6,7 @@ LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://../../LICENSE;md5=34400b68072d710fecd0a2940a0d1658" SRC_URI += "git://github.com/openbmc/google-misc" -SRCREV = "700edceeed28ee35ab1701a72d8e2f522d170bc4" +SRCREV = "9a76b6fbfbec70fa5d3cf7874599542692cc98f6" S = "${WORKDIR}/git/subprojects/${GOOGLE_MISC_PROJ}" inherit meson -- cgit v1.2.3 From a7532a6b3629e7b8e1690769f70d4d9dcc3f7056 Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Fri, 15 Oct 2021 15:55:39 -0700 Subject: meta-google: ipmi-fru: Direct read support We can't dynamically bind to the at24 driver if the eeprom is not in the kernel's device tree. Since this support was intended to be used for dynamic FRUs, it is broken when the kernel has the entries removed. Change-Id: I99c774191c22d67e518fe9435b1446b80efb5600 Signed-off-by: William A. Kennington III --- meta-google/recipes-google/ipmi/ipmi-fru-sh/lib.sh | 72 ++++++++++++++++------ 1 file changed, 52 insertions(+), 20 deletions(-) (limited to 'meta-google') diff --git a/meta-google/recipes-google/ipmi/ipmi-fru-sh/lib.sh b/meta-google/recipes-google/ipmi/ipmi-fru-sh/lib.sh index 940be7fb0..d02eeab47 100644 --- a/meta-google/recipes-google/ipmi/ipmi-fru-sh/lib.sh +++ b/meta-google/recipes-google/ipmi/ipmi-fru-sh/lib.sh @@ -23,6 +23,20 @@ IPMI_FRU_COMMON_HEADER_MULTI_RECORD_OFFSET_IDX=5 IPMI_FRU_AREA_HEADER_SIZE_IDX=1 IPMI_FRU_CHECKSUM_IDX=-1 +offset_1bw() { + local addr="$1" + local off="$2" + local extra="${3-0}" + echo w$((1+extra))@$addr $(( off & 0xff )) +} + +offset_2bw() { + local addr="$1" + local off="$2" + local extra="${3-0}" + echo w$((2+extra))@$addr $(( (off >> 8) & 0xff )) $(( off & 0xff )) +} + of_name_to_eeproms() { local names if ! names="$(grep -xl "$1" /sys/bus/i2c/devices/*/of_node/name)"; then @@ -42,10 +56,14 @@ of_name_to_eeprom() { echo "$eeproms" } +# Each element is a `filename` declare -A IPMI_FRU_EEPROM_FILE=() +# Each element is a `bus` + `addr` + `offset_bytes_func` +declare -A IPMI_FRU_EEPROM_BUSADDR=() -ipmi_fru_device_to_file() { +ipmi_fru_device_alloc() { local fdn="$1" + local idx="$2" local json json="$(busctl -j call xyz.openbmc_project.FruDevice \ @@ -54,20 +72,21 @@ ipmi_fru_device_to_file() { local jqq='.data[0] | (.BUS.data | tostring) + " " + (.ADDRESS.data | tostring)' local busaddr - busaddr="$(echo "$json" | jq -r "$jqq")" || return + busaddr=($(echo "$json" | jq -r "$jqq")) || return # FRU 0 is hardcoded and FruDevice does not report the correct bus for it # Hardcode a workaround for this specifically known bus - if [ "$busaddr" = '0 0' ]; then - echo "/etc/fru/baseboard.fru.bin" + if (( busaddr[0] == 0 && busaddr[1] == 0 )); then + IPMI_FRU_EEPROM_FILE["$idx"]=/etc/fru/baseboard.fru.bin else - local dev="$(printf '%d-%04x' $busaddr)" - local efile="/sys/bus/i2c/devices/$dev/eeprom" - # The at24 eeprom driver is not guaranteed to be bound - if [ ! -e "$efile" ]; then - echo "$dev" >/sys/bus/i2c/drivers/at24/bind || return + local offset_bw=offset_2bw + local rsp + rsp=$(i2ctransfer -f -y ${busaddr[0]} $(offset_1bw ${busaddr[1]} 0) r1) || return + # FRUs never start with 0xff bytes, so we can figure out addressing mode + if (( rsp != 0xff )); then + offset_bw=offset_1bw fi - echo "$efile" + IPMI_FRU_EEPROM_BUSADDR["$idx"]="${busaddr[*]} $offset_bw" fi } @@ -77,7 +96,8 @@ ipmi_fru_alloc() { # Pick the first free index to return as the allocated entry for (( ret = 0; ret < "${#IPMI_FRU_EEPROM_FILE[@]}"; ++ret )); do - [ -n "${IPMI_FRU_EEPROM_FILE[@]+1}" ] || break + [ -n "${IPMI_FRU_EEPROM_FILE[@]+1}" ] || \ + [ -n "${IPMI_FRU_EEPROM_BUSADDR[@]+1}" ]|| break done if [[ "$name" =~ ^of-name:(.*)$ || "$name" =~ ^([^:]*)$ ]]; then @@ -91,13 +111,12 @@ ipmi_fru_alloc() { local file while (( SECONDS - start < 60 )); do local rc=0 - file="$(ipmi_fru_device_to_file "$fdn")" || rc=$? + ipmi_fru_device_alloc "$fdn" "$ret" || rc=$? (( rc == 0 )) && break # Immediately return any errors, 80 is special to signify retry (( rc != 80 )) && return $rc sleep 1 done - IPMI_FRU_EEPROM_FILE["$ret"]="$file" else echo "Invalid IPMI FRU eeprom specification: $name" >&2 return 1 @@ -106,6 +125,7 @@ ipmi_fru_alloc() { ipmi_fru_free() { unset 'IPMI_FRU_EEPROM_FILE[$1]' + unset 'IPMI_FRU_EEPROM_BUSADDR[$1]' } checksum() { @@ -127,24 +147,36 @@ fix_checksum() { } read_bytes() { + local busaddr=(${IPMI_FRU_EEPROM_BUSADDR["$1"]-}) local file="${IPMI_FRU_EEPROM_FILE["$1"]-$1}" local offset="$2" local size="$3" - echo "Reading $file at $offset for $size" >&2 - dd if="$file" bs=1 count="$size" skip="$offset" 2>/dev/null | \ - hexdump -v -e '1/1 "%d "' + if (( "${#busaddr[@]}" > 0)); then + echo "Reading ${busaddr[*]} at $offset for $size" >&2 + i2ctransfer -f -y ${busaddr[0]} $(${busaddr[2]} ${busaddr[1]} $offset) r$size + else + echo "Reading $file at $offset for $size" >&2 + dd if="$file" bs=1 count="$size" skip="$offset" 2>/dev/null | \ + hexdump -v -e '1/1 "%d "' + fi } write_bytes() { + local busaddr=(${IPMI_FRU_EEPROM_BUSADDR["$1"]-}) local file="${IPMI_FRU_EEPROM_FILE["$1"]-$1}" local offset="$2" local -n bytes_arr="$3" - local hexstr - hexstr="$(printf '\\x%x' "${bytes_arr[@]}")" || return - echo "Writing $file at $offset for ${#bytes_arr[@]}" >&2 - printf "$hexstr" | dd of="$file" bs=1 seek=$offset 2>/dev/null + if (( "${#busaddr[@]}" > 0)); then + echo "Writing ${busaddr[*]} at $offset for ${#bytes_arr[@]}" >&2 + i2ctransfer -f -y ${busaddr[0]} $(${busaddr[2]} ${busaddr[1]} $offset ${#bytes_arr[@]}) ${bytes_arr[@]} + else + local hexstr + hexstr="$(printf '\\x%x' "${bytes_arr[@]}")" || return + echo "Writing $file at $offset for ${#bytes_arr[@]}" >&2 + printf "$hexstr" | dd of="$file" bs=1 seek=$offset 2>/dev/null + fi } read_header() { -- cgit v1.2.3 From 5b4b4f8529e4b919702f8fb08142d100b2310bbc Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Fri, 15 Oct 2021 12:22:08 -0700 Subject: meta-google: gbmc-ncsi-config: Re-organize RA code This make it possible for the hostname or IP information to change independently, in case a mistake is made in a development environment and just the hostname or just the prefix need to be updated. Change-Id: I66169dc6cdee681f77bad4b8638dc6a2c72fca5f Signed-off-by: William A. Kennington III --- .../ncsi/files/gbmc-ncsi-ip-from-ra.sh.in | 136 +++++++++++---------- 1 file changed, 73 insertions(+), 63 deletions(-) (limited to 'meta-google') diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-ip-from-ra.sh.in b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-ip-from-ra.sh.in index 7ba159fcf..80bd34f04 100755 --- a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-ip-from-ra.sh.in +++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-ip-from-ra.sh.in @@ -16,41 +16,36 @@ source /usr/share/network/lib.sh || exit source /usr/libexec/ncsid_lib.sh || exit +NCSI_IF='@NCSI_IF@' + old_pfx= +old_fqdn= old_rtr= -w=60 -while true; do - start=$SECONDS - while read line; do - if [ -z "$line" ]; then - pfx= - host= - elif [[ "$line" =~ ^Prefix' '*:' '*(.*)/([0-9]+)$ ]]; then - t_pfx="${BASH_REMATCH[1]}" - t_pfx_len="${BASH_REMATCH[2]}" - ip_to_bytes t_pfx_b "$t_pfx" || continue - (( t_pfx_len == 76 && t_pfx_b[8] & 0xfd == 0xfd )) || continue - (( t_pfx_b[9] |= 1 )) - hextet="fd$(printf '%02x' ${t_pfx_b[9]})" - pfx="$(ip_bytes_to_str t_pfx_b)" - (( t_pfx_b[9] &= 0xf0 )) - stateless_pfx="$(ip_bytes_to_str t_pfx_b)" - elif [[ "$line" =~ ^'DNS search list'' '*:' '*([^.-]*)[^.]*[.](.*.google.com)$ ]]; then - host="${BASH_REMATCH[1]}" - domain="${BASH_REMATCH[2]}" - elif [[ "$line" =~ ^from' '(.*)$ ]]; then - rtr="${BASH_REMATCH[1]}" - (( "${#pfx}" != 0 )) || continue - [[ "$pfx" != "$old_pfx" || "$old_rtr" != "$rtr" ]] || continue +set_host() { + [ -n "$host" -a -n "$domain" -a -n "$hextet" ] || return + + local fqdn="$host-n$hextet.$domain" + [ "$fqdn" != "$old_fqdn" ] || return + old_fqdn="$fqdn" + + echo "Found hostname $fqdn" >&2 + hostnamectl set-hostname "$fqdn" || true +} - echo "Found prefix $pfx from $rtr" >&2 +set_net() { + [ -n "$pfx" -a -n "$rtr" ] || return + [[ "$pfx" != "$old_pfx" || "$rtr" != "$old_rtr" ]] || return + old_pfx="$pfx" + old_rtr="$rtr" - # Delete any stale IP Addresses from the primary interface as we won't use them - UpdateIP xyz.openbmc_project.Network @NCSI_IF@ '0.0.0.0' '0' - UpdateIP xyz.openbmc_project.Network @NCSI_IF@ '::' '0' + echo "Found prefix $pfx from $rtr" >&2 - read -r -d '' contents <"$file" - done - - contents='[Network]'$'\n' - contents+="Address=$pfx/128"$'\n' - contents+="Gateway=$rtr"$'\n' - for file in /run/systemd/network/{00,}-bmc-@NCSI_IF@.network.d/49-public-ra.conf; do - mkdir -p -m 755 "$(dirname "$file")" - printf '%s' "$contents" >"$file" - done + for file in /run/systemd/network/{00,}-bmc-gbmcbr.network.d/49-public-ra.conf; do + mkdir -p -m 755 "$(dirname "$file")" + printf '%s' "$contents" >"$file" + done + touch -c /lib/systemd/network/*-bmc-gbmcbr.network || true - # Ensure that systemd-networkd performs a reconfiguration as it doesn't - # currently check the mtime of drop-in files. - touch -c /lib/systemd/network/*-bmc-gbmcbr.network - touch -c /etc/systemd/network/*-bmc-@NCSI_IF@.network + contents='[Network]'$'\n' + contents+="Address=$pfx/128"$'\n' + contents+="Gateway=$rtr"$'\n' + for file in /run/systemd/network/{00,}-bmc-"$NCSI_IF".network.d/49-public-ra.conf; do + mkdir -p -m 755 "$(dirname "$file")" + printf '%s' "$contents" >"$file" + done + touch -c /etc/systemd/network/*-bmc-"$NCSI_IF".network || true - if [ "$(systemctl is-active systemd-networkd)" != 'inactive' ]; then - networkctl reload - networkctl reconfigure gbmcbr - fi + if [ "$(systemctl is-active systemd-networkd)" != 'inactive' ]; then + networkctl reload && networkctl reconfigure gbmcbr "$NCSI_IF" || true + fi - read -r -d '' contents <"$rfile" - systemctl reset-failed nftables - systemctl --no-block restart nftables - - # Set the machine hostname if discovered - if [ -n "$host" ]; then - hostnamectl set-hostname "$host-n$hextet.$domain" - fi + rfile=/run/nftables/40-gbmc-ncsi-ra.rules + mkdir -p -m 755 "$(dirname "$rfile")" + printf '%s' "$contents" >"$rfile" + systemctl reset-failed nftables && systemctl --no-block restart nftables || true +} - old_pfx="$pfx" - old_rtr="$rtr" +w=60 +while true; do + start=$SECONDS + while read line; do + if [ -z "$line" ]; then + hextet= + pfx= + host= + domain= + elif [[ "$line" =~ ^Prefix' '*:' '*(.*)/([0-9]+)$ ]]; then + t_pfx="${BASH_REMATCH[1]}" + t_pfx_len="${BASH_REMATCH[2]}" + ip_to_bytes t_pfx_b "$t_pfx" || continue + (( t_pfx_len == 76 && t_pfx_b[8] & 0xfd == 0xfd )) || continue + (( t_pfx_b[9] |= 1 )) + hextet="fd$(printf '%02x' ${t_pfx_b[9]})" + pfx="$(ip_bytes_to_str t_pfx_b)" + (( t_pfx_b[9] &= 0xf0 )) + stateless_pfx="$(ip_bytes_to_str t_pfx_b)" + elif [[ "$line" =~ ^'DNS search list'' '*:' '*([^.-]*)[^.]*[.](.*.google.com)$ ]]; then + host="${BASH_REMATCH[1]}" + domain="${BASH_REMATCH[2]}" + elif [[ "$line" =~ ^from' '(.*)$ ]]; then + rtr="${BASH_REMATCH[1]}" + set_net || true + set_host || true fi - done < <(rdisc6 -d -m @NCSI_IF@ -w $(( w * 1000 )) 2>/dev/null) + done < <(rdisc6 -d -m "$NCSI_IF" -w $(( w * 1000 )) 2>/dev/null) # If rdisc6 exits early we still want to wait the full `w` time before # starting again. (( timeout = start + w - SECONDS )) -- cgit v1.2.3 From 75e1bca164b17e90eb5f886f80cbf5e5d62341f3 Mon Sep 17 00:00:00 2001 From: Michael Shen Date: Tue, 19 Oct 2021 17:35:57 +0800 Subject: meta-google: Add `hoth` support for Aspeed Aspeed `hoth` used the same layout as Nuvoton. No need to change it. Signed-off-by: Michael Shen Change-Id: I21dd347164d19487c76db26d1cc9426559b2094f --- meta-google/classes/image_types_hoth.bbclass | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'meta-google') diff --git a/meta-google/classes/image_types_hoth.bbclass b/meta-google/classes/image_types_hoth.bbclass index 0db4183a1..78d339142 100644 --- a/meta-google/classes/image_types_hoth.bbclass +++ b/meta-google/classes/image_types_hoth.bbclass @@ -1,8 +1,13 @@ # The offsets of the partitions that change when Hoth is enabled # From the device tree, in kB +# Nuvoton NPCM7XX family FLASH_IMAGE_DESC_OFFSET:npcm7xx:hoth = "${@960 if FLASH_SIZE == '65536' else 7232}" FLASH_HOTH_UPDATE_OFFSET:npcm7xx:hoth = "${@1024 if FLASH_SIZE == '65536' else 31744}" FLASH_HOTH_MAILBOX_OFFSET:npcm7xx:hoth = "${@65472 if FLASH_SIZE == '65536' else 7168}" +# Aspeed 26XX family +FLASH_IMAGE_DESC_OFFSET:aspeed-g6:hoth = "${@960 if FLASH_SIZE == '65536' else 7232}" +FLASH_HOTH_UPDATE_OFFSET:aspeed-g6:hoth = "${@1024 if FLASH_SIZE == '65536' else 31744}" +FLASH_HOTH_MAILBOX_OFFSET:aspeed-g6:hoth = "${@65472 if FLASH_SIZE == '65536' else 7168}" unset FLASH_UBOOT_ENV_OFFSET python do_generate_static:append() { -- cgit v1.2.3 From b91ac25af1c93ec709885ba6aa0204442a91be4d Mon Sep 17 00:00:00 2001 From: Andrew Geissler Date: Mon, 25 Oct 2021 03:50:13 +0000 Subject: google-misc: srcrev bump 9a76b6fbfb..382d628dd0 William A. Kennington III (1): Temporarily ignore eslint validation Willy Tu (1): build: Update to c++20, c18, and meson >= 0.57.0 Change-Id: I8fa3f7206951f9b73834e9d6488d1de26b8957c1 Signed-off-by: Andrew Geissler --- meta-google/recipes-google/google-misc/google-misc.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'meta-google') diff --git a/meta-google/recipes-google/google-misc/google-misc.inc b/meta-google/recipes-google/google-misc/google-misc.inc index 408c731ab..7ec161caf 100644 --- a/meta-google/recipes-google/google-misc/google-misc.inc +++ b/meta-google/recipes-google/google-misc/google-misc.inc @@ -6,7 +6,7 @@ LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://../../LICENSE;md5=34400b68072d710fecd0a2940a0d1658" SRC_URI += "git://github.com/openbmc/google-misc" -SRCREV = "9a76b6fbfbec70fa5d3cf7874599542692cc98f6" +SRCREV = "382d628dd00d832455f88da8e8f1097984349fd2" S = "${WORKDIR}/git/subprojects/${GOOGLE_MISC_PROJ}" inherit meson -- cgit v1.2.3 From 3039e73523b6e72db600e66090115bfc8b3bc913 Mon Sep 17 00:00:00 2001 From: Andrew Geissler Date: Mon, 25 Oct 2021 08:50:15 +0000 Subject: google-ipmi-i2c: srcrev bump b7d431199a..d78cbec9ef Manojkiran Eda (1): Add OWNERS file Change-Id: I6229b878254f752a54faf2054cd27ee362799e3c Signed-off-by: Andrew Geissler --- meta-google/recipes-google/ipmi/google-ipmi-i2c_git.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'meta-google') diff --git a/meta-google/recipes-google/ipmi/google-ipmi-i2c_git.bb b/meta-google/recipes-google/ipmi/google-ipmi-i2c_git.bb index 3d5504ea1..c58382ab6 100644 --- a/meta-google/recipes-google/ipmi/google-ipmi-i2c_git.bb +++ b/meta-google/recipes-google/ipmi/google-ipmi-i2c_git.bb @@ -14,7 +14,7 @@ DEPENDS += "phosphor-ipmi-host" S = "${WORKDIR}/git" SRC_URI = "git://github.com/openbmc/google-ipmi-i2c" -SRCREV = "b7d431199ac519e7c3cd5f3341d67f2ff0e09e10" +SRCREV = "d78cbec9efb29526d913cc02d61e0b9bf5cff5ae" FILES:${PN}:append = " ${libdir}/ipmid-providers/lib*${SOLIBS}" FILES:${PN}:append = " ${libdir}/host-ipmid/lib*${SOLIBS}" -- cgit v1.2.3 From 367ca4f62f11ffa62e0caec9c2cf7e095ee21048 Mon Sep 17 00:00:00 2001 From: Andrew Geissler Date: Mon, 25 Oct 2021 08:50:25 +0000 Subject: google-ipmi-sys: srcrev bump b4e3704c17..f647e99165 Manojkiran Eda (1): Add OWNERS file Change-Id: I3c5adab1a8a560e174a2823a37d907f92a90df73 Signed-off-by: Andrew Geissler --- meta-google/recipes-google/ipmi/google-ipmi-sys_git.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'meta-google') diff --git a/meta-google/recipes-google/ipmi/google-ipmi-sys_git.bb b/meta-google/recipes-google/ipmi/google-ipmi-sys_git.bb index 727d57f59..e84884028 100644 --- a/meta-google/recipes-google/ipmi/google-ipmi-sys_git.bb +++ b/meta-google/recipes-google/ipmi/google-ipmi-sys_git.bb @@ -19,7 +19,7 @@ DEPENDS += " \ S = "${WORKDIR}/git" SRC_URI = "git://github.com/openbmc/google-ipmi-sys" -SRCREV = "b4e3704c17be6a081e3c713b8173edc973bf87d7" +SRCREV = "f647e99165065feabb35aa744059cf6a2af46f1e" FILES:${PN} += "${libdir}/ipmid-providers" -- cgit v1.2.3 From 21514827d8fcb5c3a6edcf302dee483670eb3dfe Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Sun, 24 Oct 2021 00:04:56 -0700 Subject: meta-google: gbmc-bridge: Don't enable DHCPv6 Just turning DHCP off via the DHCP= option is not enough. If you use IPv6AcceptRA=true you need to also disable the DHCPv6Client= in the IPv6AcceptRA section. Change-Id: I6e2e6e3f9b9395bd690f3d1a8915fac5061a0b25 Signed-off-by: William A. Kennington III --- .../recipes-google/networking/gbmc-bridge/-bmc-gbmcbr.network.in | 2 ++ 1 file changed, 2 insertions(+) (limited to 'meta-google') diff --git a/meta-google/recipes-google/networking/gbmc-bridge/-bmc-gbmcbr.network.in b/meta-google/recipes-google/networking/gbmc-bridge/-bmc-gbmcbr.network.in index c6097bbdb..afea5cca7 100644 --- a/meta-google/recipes-google/networking/gbmc-bridge/-bmc-gbmcbr.network.in +++ b/meta-google/recipes-google/networking/gbmc-bridge/-bmc-gbmcbr.network.in @@ -7,3 +7,5 @@ IPv6AcceptRA=true LLMNR=true MulticastDNS=true LinkLocalAddressing=ipv6 +[IPv6AcceptRA] +DHCPv6Client=false -- cgit v1.2.3 From e12e5e91b429329a405a93cb76730df9d47c9c6d Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Sun, 24 Oct 2021 04:10:28 -0700 Subject: meta-google: mstpd: Lower log level The current log level is too noisy and polluting the journal with lots of unhelpful debugging messages. Drop the level down to 2 in order to only produce error messages. Change-Id: I9d892b80e0d1ba7516614944c4ad74502c6c1aad Signed-off-by: William A. Kennington III --- meta-google/recipes-extended/networking/files/mstpd.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'meta-google') diff --git a/meta-google/recipes-extended/networking/files/mstpd.service b/meta-google/recipes-extended/networking/files/mstpd.service index ef8303416..a7b1fc8a8 100644 --- a/meta-google/recipes-extended/networking/files/mstpd.service +++ b/meta-google/recipes-extended/networking/files/mstpd.service @@ -6,7 +6,7 @@ Wants=network-pre.target [Service] Restart=always Type=simple -ExecStart=/usr/sbin/mstpd -d -v 3 +ExecStart=/usr/sbin/mstpd -d -v 2 [Install] WantedBy=multi-user.target -- cgit v1.2.3 From 22331e1696b2382c10a24bd5f67776ff905f9e01 Mon Sep 17 00:00:00 2001 From: Willy Tu Date: Mon, 25 Oct 2021 14:51:35 -0700 Subject: meta-google: Remove ztai from OWNER list Change-Id: I351d8bfc8ac46b3317677d0893eabe2522f1c840 Signed-off-by: Willy Tu --- meta-google/OWNERS | 1 - 1 file changed, 1 deletion(-) (limited to 'meta-google') diff --git a/meta-google/OWNERS b/meta-google/OWNERS index 44cdb497d..1972513e6 100644 --- a/meta-google/OWNERS +++ b/meta-google/OWNERS @@ -5,5 +5,4 @@ owners: - edtanous@google.com - brandonkim@google.com - wltu@google.com -- ztai@google.com - nanzhoumails@gmail.com -- cgit v1.2.3 From 3fb89bc6650d0f27d1417ce8a7f2d5fe5cb3d177 Mon Sep 17 00:00:00 2001 From: Andrew Geissler Date: Wed, 3 Nov 2021 04:30:13 +0000 Subject: google-misc: srcrev bump 382d628dd0..ba30c10ac4 William A. Kennington III (5): libcr51sign: build: Refactor for subproject use libcr51sign: Fixes for compiler warnings build: Make it possible to use as a subproject libcr51sign: Fix struct size warning libcr51sign: Ensure OMIT_VARIABLE_ARRAYS passed to pkgconfig Willy Tu (1): Fixed prod_to_dev_downgrade_allowed logic in validate_transition Change-Id: I5d2dc218310600b2bcc50541857516f1f4801428 Signed-off-by: Andrew Geissler --- meta-google/recipes-google/google-misc/google-misc.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'meta-google') diff --git a/meta-google/recipes-google/google-misc/google-misc.inc b/meta-google/recipes-google/google-misc/google-misc.inc index 7ec161caf..a66d3416b 100644 --- a/meta-google/recipes-google/google-misc/google-misc.inc +++ b/meta-google/recipes-google/google-misc/google-misc.inc @@ -6,7 +6,7 @@ LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://../../LICENSE;md5=34400b68072d710fecd0a2940a0d1658" SRC_URI += "git://github.com/openbmc/google-misc" -SRCREV = "382d628dd00d832455f88da8e8f1097984349fd2" +SRCREV = "ba30c10ac4a9055b5b94d387be4a710255c51482" S = "${WORKDIR}/git/subprojects/${GOOGLE_MISC_PROJ}" inherit meson -- cgit v1.2.3 From cb3197635912c1f49357838d9cd59f927b1af23b Mon Sep 17 00:00:00 2001 From: Jie Yang Date: Thu, 4 Nov 2021 10:56:37 -0700 Subject: meta-google: update obmc-phosphor-initfs whitelist Add SMBIOS data sent by LinuxBoot to the initfs whitelist Signed-off-by: Jie Yang Change-Id: I70e8cedabc8c7a2dc0df581b38695709e047bf96 --- .../recipes-phosphor/initrdscripts/obmc-phosphor-initfs/whitelist | 1 + 1 file changed, 1 insertion(+) (limited to 'meta-google') diff --git a/meta-google/recipes-phosphor/initrdscripts/obmc-phosphor-initfs/whitelist b/meta-google/recipes-phosphor/initrdscripts/obmc-phosphor-initfs/whitelist index a2244cca8..f91495077 100644 --- a/meta-google/recipes-phosphor/initrdscripts/obmc-phosphor-initfs/whitelist +++ b/meta-google/recipes-phosphor/initrdscripts/obmc-phosphor-initfs/whitelist @@ -4,3 +4,4 @@ /etc/systemd/network /var/google /var/lib/phosphor-inventory-manager +/var/lib/smbios/smbios2 -- cgit v1.2.3 From a22b4458fe6d64b5dcd60e00acaa0ff083f6f056 Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Thu, 4 Nov 2021 22:57:43 -0700 Subject: meta-google: gbmc-bridge: Restrict network from /72 to /76 We can have multiple gBMC networks within one "machine". This allows us to have multiple address sets. Change-Id: I5b18b7822f50bb0570e1aa5a70ac47036694d922 Signed-off-by: William A. Kennington III --- meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in | 2 +- meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in | 6 +++--- meta-google/recipes-google/networking/gbmc-bridge/gbmc-br-nft.sh | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) (limited to 'meta-google') diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in index 961da5095..b04f2aa8f 100644 --- a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in +++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in @@ -56,7 +56,7 @@ ValidLifetimeSec=60 Route=$ncsi_pfx/80 LifetimeSec=60 [Route] -Destination=$stateless_pfx/72 +Destination=$stateless_pfx/76 Type=unreachable Metric=1024 EOF diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in index d07b9e2f0..fc8e8198a 100644 --- a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in +++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in @@ -54,15 +54,15 @@ gbmc_ncsi_nft_update() { if (( ${#ip_bytes[@]} != 0 )); then ip_bytes[8]=0xfd pfx="$(ip_bytes_to_str ip_bytes)" - contents+=" ip6 saddr != $pfx/72 ip6 daddr" - contents+=" $pfx/72 goto ncsi_gbmc_br_pub_input"$'\n' + contents+=" ip6 saddr != $pfx/76 ip6 daddr" + contents+=" $pfx/76 goto ncsi_gbmc_br_pub_input"$'\n' fi fi contents+=' }'$'\n' contents+=' chain ncsi_forward {'$'\n' if [ -n "$pfx" ]; then - contents+=" ip6 saddr != $pfx/72 ip6 daddr $pfx/72 accept"$'\n' + contents+=" ip6 saddr != $pfx/76 ip6 daddr $pfx/76 accept"$'\n' fi contents+=' }'$'\n' contents+='}'$'\n' diff --git a/meta-google/recipes-google/networking/gbmc-bridge/gbmc-br-nft.sh b/meta-google/recipes-google/networking/gbmc-bridge/gbmc-br-nft.sh index 19b8f64a1..980f7b6d6 100644 --- a/meta-google/recipes-google/networking/gbmc-bridge/gbmc-br-nft.sh +++ b/meta-google/recipes-google/networking/gbmc-bridge/gbmc-br-nft.sh @@ -48,7 +48,7 @@ gbmc_br_nft_hook() { gbmc_br_nft_update # Match only global IP addresses on the bridge that match the BMC prefix # (:fdxx:). So 2002:af4:3480:2248:fd02:6345:3069:9186 would become - # a 2002:af4:3480:2248:fd00/72 rule. + # a 2002:af4:3480:2248:fd00/76 rule. elif [ "$change" = 'addr' -a "$intf" = 'gbmcbr' -a "$scope" = 'global' ] && [[ "$fam" == 'inet6' && "$flags" != *tentative* ]]; then local ip_bytes=() @@ -63,7 +63,7 @@ gbmc_br_nft_hook() { for (( i=9; i<16; i++ )); do ip_bytes[$i]=0 done - pfx="$(ip_bytes_to_str ip_bytes)/72" + pfx="$(ip_bytes_to_str ip_bytes)/76" if [ "$action" = "add" -a "$pfx" != "$gbmc_br_nft_pfx" ]; then gbmc_br_nft_pfx="$pfx" gbmc_br_nft_update -- cgit v1.2.3 From 031785343fcf91f53857678970db1f3ba4437ce0 Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Thu, 4 Nov 2021 22:49:39 -0700 Subject: meta-google: gbmc-ncsi-config: Remove override if empty Currently this will make no difference in configuration, but it will be useful once we implement our DHCP process and need to contend with multiple configurations. Change-Id: Ia93530e67cdb88fcbe90ef2b6dfbd5a239469ff7 Signed-off-by: William A. Kennington III --- .../recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) (limited to 'meta-google') diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in index b04f2aa8f..78af419c5 100644 --- a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in +++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in @@ -36,14 +36,14 @@ gbmc_ncsi_br_pub_addr_update() { done fi - local contents='[Network]'$'\n' + local contents= if (( ${#pfx_bytes[@]} != 0 )); then pfx_bytes[8]=0xfd local stateless_pfx="$(ip_bytes_to_str pfx_bytes)" pfx_bytes[9]=0x01 local ncsi_pfx="$(ip_bytes_to_str pfx_bytes)" - local here= - read -r -d '' here <"$file" + if [ -z "$contents" ]; then + rm -f "$file" + else + printf '%s' "$contents" >"$file" + fi done # Ensure that systemd-networkd performs a reconfiguration as it doesn't -- cgit v1.2.3 From cbd9ef029b2134af941a801715cf3b7281d21e95 Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Thu, 4 Nov 2021 20:52:17 -0700 Subject: meta-google: gbmc-ncsi-config: Ignore deprecated addresses We plan to use deprecated addresses to allow for neighbor discovery, but they will be ignored by networkd and this script as to prevent misconfiguration. Change-Id: Ibc0bee71c19add79f05b5ce58b34d3175e2f6fbd Signed-off-by: William A. Kennington III --- meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in | 3 ++- meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) (limited to 'meta-google') diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in index 78af419c5..ce53b8efb 100644 --- a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in +++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in @@ -87,7 +87,8 @@ gbmc_ncsi_br_pub_addr_hook() { gbmc_ncsi_br_pub_addr_init=1 gbmc_ncsi_br_pub_addr_update elif [ "$change" = 'addr' -a "$intf" = '@NCSI_IF@' ] && - [ "$scope" = 'global' -a "$fam" = 'inet6' ]; then + [ "$scope" = 'global' -a "$fam" = 'inet6' ] && + [[ "$flags" != *deprecated* ]]; then if [ "$action" = 'add' -a "$ip" != "$gbmc_ncsi_br_pub_addr_lastip" ]; then gbmc_ncsi_br_pub_addr_lastip="$ip" gbmc_ncsi_br_pub_addr_update diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in index fc8e8198a..7a630f5fe 100644 --- a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in +++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in @@ -80,7 +80,8 @@ gbmc_ncsi_nft_hook() { if [ "$change" = 'init' ]; then gbmc_ncsi_nft_init=1 gbmc_ncsi_nft_update - elif [ "$change" = 'addr' -a "$intf" = '@NCSI_IF@' -a "$scope" = 'global' ]; then + elif [ "$change" = 'addr' -a "$intf" = '@NCSI_IF@' -a "$scope" = 'global' ] && + [[ "$flags" != *deprecated* ]]; then if [ "$fam" = 'inet6' ]; then local -n lastip='gbmc_ncsi_nft_lastip6' else -- cgit v1.2.3 From cefbd1cf61ec037f62b7f5cfe93c727ed234226a Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Fri, 5 Nov 2021 03:52:53 -0700 Subject: meta-google: gbmc-ip-monitor: Add deferred actions This makes it possible to defer actions for a future time in order to let networking events settle out before triggering a reconfiguration. Change-Id: I0b2372ba6b114a6b6548ccac3944af912482d68a Signed-off-by: William A. Kennington III --- .../networking/files/gbmc-ip-monitor.sh | 23 ++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) (limited to 'meta-google') diff --git a/meta-google/recipes-google/networking/files/gbmc-ip-monitor.sh b/meta-google/recipes-google/networking/files/gbmc-ip-monitor.sh index e64c8675e..9da090f47 100755 --- a/meta-google/recipes-google/networking/files/gbmc-ip-monitor.sh +++ b/meta-google/recipes-google/networking/files/gbmc-ip-monitor.sh @@ -44,6 +44,17 @@ gbmc_ip_monitor_generate_init() { echo '[INIT]' } +GBMC_IP_MONITOR_DEFER_OUTSTANDING= +gbmc_ip_monitor_defer_() { + sleep 1 + printf '[DEFER]\n' >&$GBMC_IP_MONITOR_DEFER +} +gbmc_ip_monitor_defer() { + [ -z "$GBMC_IP_MONITOR_DEFER_OUTSTANDING" ] || return 0 + gbmc_ip_monitor_defer_ & + GBMC_IP_MONITOR_DEFER_OUTSTANDING=1 +} + gbmc_ip_monitor_parse_line() { local line="$1" if [[ "$line" == '[INIT]'* ]]; then @@ -98,11 +109,16 @@ gbmc_ip_monitor_parse_line() { read line || break data=($line) mac="${data[1]}" + elif [[ "$line" == '[DEFER]'* ]]; then + GBMC_IP_MONITOR_DEFER_OUTSTANDING= + change=defer else return 2 fi } +return 0 2>/dev/null + cleanup() { local st="$?" trap - HUP INT QUIT ABRT TERM EXIT @@ -111,7 +127,10 @@ cleanup() { } trap cleanup HUP INT QUIT ABRT TERM EXIT -return 0 2>/dev/null +FIFODIR="$(mktemp -d)" +mkfifo "$FIFODIR"/fifo +exec {GBMC_IP_MONITOR_DEFER}<>"$FIFODIR"/fifo +rm -rf "$FIFODIR" while read line; do gbmc_ip_monitor_parse_line "$line" || continue @@ -119,4 +138,4 @@ while read line; do if [ "$change" = 'init' ]; then systemd-notify --ready fi -done < <(gbmc_ip_monitor_generate_init; exec ip monitor link addr route label) +done < <(gbmc_ip_monitor_generate_init; ip monitor link addr route label & cat <&$GBMC_IP_MONITOR_DEFER) -- cgit v1.2.3 From 58ac4343a47e69e6c23f7f3128b6da1b9d922a91 Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Fri, 5 Nov 2021 04:15:36 -0700 Subject: meta-google: gbmc-bridge: Defer address reconfiguration Reconfiguring network interfaces immediately after detecting changes may not allow them enough time to settle. Without waiting, we might pre-emptively assume the configuration is changing even though networkd is just flushing and resetting the interface with the same config. Change-Id: I6a6858578d0499305fe2a3d3592dc73533bb02f1 Signed-off-by: William A. Kennington III --- .../recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in | 9 +++++++-- .../recipes-google/networking/gbmc-bridge/gbmc-br-from-ra.sh | 10 ++++++---- 2 files changed, 13 insertions(+), 6 deletions(-) (limited to 'meta-google') diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in index ce53b8efb..5adc41328 100644 --- a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in +++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in @@ -16,9 +16,12 @@ gbmc_ncsi_br_pub_addr_init= gbmc_ncsi_br_pub_addr_lastip= +gbmc_ncsi_br_pub_addr_confip= gbmc_ncsi_br_pub_addr_update() { [ -n "$gbmc_ncsi_br_pub_addr_init" ] || return + [ "$gbmc_ncsi_br_pub_addr_confip" != "$gbmc_ncsi_br_pub_addr_lastip" ] || return + gbmc_ncsi_br_pub_addr_confip="$gbmc_ncsi_br_pub_addr_lastip" printf 'gBMC Bridge Pub Addr from NCSI: %s\n' \ "${gbmc_ncsi_br_pub_addr_lastip:-(deleted)}" >&2 @@ -85,17 +88,19 @@ EOF gbmc_ncsi_br_pub_addr_hook() { if [ "$change" = 'init' ]; then gbmc_ncsi_br_pub_addr_init=1 + gbmc_ip_monitor_defer + elif [ "$change" = 'defer' ]; then gbmc_ncsi_br_pub_addr_update elif [ "$change" = 'addr' -a "$intf" = '@NCSI_IF@' ] && [ "$scope" = 'global' -a "$fam" = 'inet6' ] && [[ "$flags" != *deprecated* ]]; then if [ "$action" = 'add' -a "$ip" != "$gbmc_ncsi_br_pub_addr_lastip" ]; then gbmc_ncsi_br_pub_addr_lastip="$ip" - gbmc_ncsi_br_pub_addr_update + gbmc_ip_monitor_defer fi if [ "$action" = 'del' -a "$ip" = "$gbmc_ncsi_br_pub_addr_lastip" ]; then gbmc_ncsi_br_pub_addr_lastip= - gbmc_ncsi_br_pub_addr_update + gbmc_ip_monitor_defer fi fi } diff --git a/meta-google/recipes-google/networking/gbmc-bridge/gbmc-br-from-ra.sh b/meta-google/recipes-google/networking/gbmc-bridge/gbmc-br-from-ra.sh index 18341fefb..a9bfd74af 100644 --- a/meta-google/recipes-google/networking/gbmc-bridge/gbmc-br-from-ra.sh +++ b/meta-google/recipes-google/networking/gbmc-bridge/gbmc-br-from-ra.sh @@ -67,26 +67,28 @@ gbmc_br_from_ra_update() { gbmc_br_from_ra_hook() { if [ "$change" = 'init' ]; then gbmc_br_from_ra_init=1 + gbmc_ip_monitor_defer + elif [ "$change" = 'defer' ]; then gbmc_br_from_ra_update elif [[ "$change" == 'route' && "$route" != *' via '* ]] && [[ "$route" =~ ^(.* dev gbmcbr proto ra .*)( +expires +([^ ]+)sec).*$ ]]; then pfx="${route%% *}" if [ "$action" = 'add' ]; then gbmc_br_from_ra_pfxs["$pfx"]="${BASH_REMATCH[3]}" - gbmc_br_from_ra_update + gbmc_ip_monitor_defer elif [ "$action" = 'del' ]; then gbmc_br_from_ra_pfxs["$pfx"]=0 - gbmc_br_from_ra_update + gbmc_ip_monitor_defer fi elif [ "$change" = 'link' -a "$intf" = 'gbmcbr' ]; then rdisc6 -m gbmcbr -r 1 -w 100 >/dev/null 2>&1 if [ "$action" = 'add' -a "$mac" != "$gbmc_br_from_ra_mac" ]; then gbmc_br_from_ra_mac="$mac" - gbmc_br_from_ra_update + gbmc_ip_monitor_defer fi if [ "$action" = 'del' -a "$mac" = "$gbmc_br_from_ra_mac" ]; then gbmc_br_from_ra_mac= - gbmc_br_from_ra_update + gbmc_ip_monitor_defer fi fi } -- cgit v1.2.3 From 4ef23bcb5847031eadf4cc1eb33107ea3783baf4 Mon Sep 17 00:00:00 2001 From: Andrew Geissler Date: Tue, 9 Nov 2021 03:40:13 +0000 Subject: google-misc: srcrev bump ba30c10ac4..2be0536c62 William A. Kennington III (1): ncsid: Ignore delete failures Change-Id: Iace51a7c54bbe316e17fc13dba0757d2d09090c2 Signed-off-by: Andrew Geissler --- meta-google/recipes-google/google-misc/google-misc.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'meta-google') diff --git a/meta-google/recipes-google/google-misc/google-misc.inc b/meta-google/recipes-google/google-misc/google-misc.inc index a66d3416b..d108dc5d8 100644 --- a/meta-google/recipes-google/google-misc/google-misc.inc +++ b/meta-google/recipes-google/google-misc/google-misc.inc @@ -6,7 +6,7 @@ LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://../../LICENSE;md5=34400b68072d710fecd0a2940a0d1658" SRC_URI += "git://github.com/openbmc/google-misc" -SRCREV = "ba30c10ac4a9055b5b94d387be4a710255c51482" +SRCREV = "2be0536c62cdb489a6e4aa54aa71e165038f0813" S = "${WORKDIR}/git/subprojects/${GOOGLE_MISC_PROJ}" inherit meson -- cgit v1.2.3 From 200e8ca29afb46d10989210532bb2dccc76b4959 Mon Sep 17 00:00:00 2001 From: Andrew Geissler Date: Wed, 10 Nov 2021 20:40:13 +0000 Subject: google-misc: srcrev bump 2be0536c62..379b061ffd William A. Kennington III (1): ncsid: Add service for discovering routers Change-Id: I6691e682cff2785f7ac7a7be89abb234375c167f Signed-off-by: Andrew Geissler --- meta-google/recipes-google/google-misc/google-misc.inc | 2 +- meta-google/recipes-google/ncsi/ncsid_git.bb | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'meta-google') diff --git a/meta-google/recipes-google/google-misc/google-misc.inc b/meta-google/recipes-google/google-misc/google-misc.inc index d108dc5d8..49535873b 100644 --- a/meta-google/recipes-google/google-misc/google-misc.inc +++ b/meta-google/recipes-google/google-misc/google-misc.inc @@ -6,7 +6,7 @@ LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://../../LICENSE;md5=34400b68072d710fecd0a2940a0d1658" SRC_URI += "git://github.com/openbmc/google-misc" -SRCREV = "2be0536c62cdb489a6e4aa54aa71e165038f0813" +SRCREV = "379b061ffdd797d00c07acf0b5cb81e1f6513bca" S = "${WORKDIR}/git/subprojects/${GOOGLE_MISC_PROJ}" inherit meson diff --git a/meta-google/recipes-google/ncsi/ncsid_git.bb b/meta-google/recipes-google/ncsi/ncsid_git.bb index 984b7d603..967f45f79 100644 --- a/meta-google/recipes-google/ncsi/ncsid_git.bb +++ b/meta-google/recipes-google/ncsi/ncsid_git.bb @@ -16,6 +16,7 @@ SYSTEMD_SERVICE:${PN} += " \ ncsid@.service \ nic-hostful@.target \ nic-hostless@.target \ + update-ra-gw@.service \ update-ra-neighbor@.service \ update-ra-neighbor@.timer \ update-static-neighbors@.service \ -- cgit v1.2.3 From 297f9830330e159653953c439c5a09750ebb1b2d Mon Sep 17 00:00:00 2001 From: Andrew Geissler Date: Thu, 11 Nov 2021 17:30:13 +0000 Subject: google-ipmi-sys: srcrev bump f647e99165..40fe522255 Willy Tu (1): copyright: Add Google Copyright to test helper.cpp Change-Id: I9465595985668960370f746830a21e3fef246ac8 Signed-off-by: Andrew Geissler --- meta-google/recipes-google/ipmi/google-ipmi-sys_git.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'meta-google') diff --git a/meta-google/recipes-google/ipmi/google-ipmi-sys_git.bb b/meta-google/recipes-google/ipmi/google-ipmi-sys_git.bb index e84884028..d136eb245 100644 --- a/meta-google/recipes-google/ipmi/google-ipmi-sys_git.bb +++ b/meta-google/recipes-google/ipmi/google-ipmi-sys_git.bb @@ -19,7 +19,7 @@ DEPENDS += " \ S = "${WORKDIR}/git" SRC_URI = "git://github.com/openbmc/google-ipmi-sys" -SRCREV = "f647e99165065feabb35aa744059cf6a2af46f1e" +SRCREV = "40fe52225515f6ec82858795638add0b4c8e94af" FILES:${PN} += "${libdir}/ipmid-providers" -- cgit v1.2.3 From 5aa84b53392b9edde1dddd5bee74878b280febc3 Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Mon, 15 Nov 2021 15:20:13 -0800 Subject: meta-google: gbmc-ncsi-config: Add missing dependencies The gbmc-ncsi-ip-from-ra script was missing these. Change-Id: Id379632a814519d6623588905273b3e8e3b70528 Signed-off-by: William A. Kennington III --- meta-google/recipes-google/ncsi/gbmc-ncsi-config.bb | 2 ++ 1 file changed, 2 insertions(+) (limited to 'meta-google') diff --git a/meta-google/recipes-google/ncsi/gbmc-ncsi-config.bb b/meta-google/recipes-google/ncsi/gbmc-ncsi-config.bb index 4ae9d1994..10ef56a76 100644 --- a/meta-google/recipes-google/ncsi/gbmc-ncsi-config.bb +++ b/meta-google/recipes-google/ncsi/gbmc-ncsi-config.bb @@ -28,8 +28,10 @@ RDEPENDS:${PN} += " \ dhcp-relay \ gbmc-ip-monitor \ ncsid \ + network-sh \ nftables-systemd \ sslh \ + ndisc6-rdisc6 \ " FILES:${PN} += " \ -- cgit v1.2.3 From 1b437c26859fcd29e6b8443f4c776b19b889570e Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Tue, 16 Nov 2021 17:32:12 -0800 Subject: meta-google: distro: Relax FIT_HASH_ALG u-boot hashing does not confer any additional security in gBMC (we don't sign the kernel and hashes live with the image). We can use a much faster, but bus verifying algorithm instead. Ideally this would be xxhash, but our u-boot is currently too old. Change-Id: I796a4ed2db380eb86a9acbeae1f8a5e56cc8cb62 Signed-off-by: William A. Kennington III --- meta-google/conf/distro/gbmc.conf | 3 +++ 1 file changed, 3 insertions(+) (limited to 'meta-google') diff --git a/meta-google/conf/distro/gbmc.conf b/meta-google/conf/distro/gbmc.conf index bbba7efed..69fdda421 100644 --- a/meta-google/conf/distro/gbmc.conf +++ b/meta-google/conf/distro/gbmc.conf @@ -25,3 +25,6 @@ WATCHDOG_PKG ?= "watchdog" SANITY_TESTED_DISTROS:append = " Debian-rodete \n debian-rodete \n " PREFERRED_PROVIDER_virtual/bmc-update ?= "inplace-gbmc-update" + +# Provides reasonable data integrity and faster than sha* +FIT_HASH_ALG = "crc32" -- cgit v1.2.3 From 69e0d4c46fa36b10577731977d706a1832e75fa2 Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Wed, 17 Nov 2021 14:05:49 -0800 Subject: meta-google: Depend on phosphor-layer This makes our override ordering explicit with respect to layers we append to. Change-Id: If6048bcbd0199e730dc5a9bb52667a94887578cd Signed-off-by: William A. Kennington III --- meta-google/conf/layer.conf | 1 + 1 file changed, 1 insertion(+) (limited to 'meta-google') diff --git a/meta-google/conf/layer.conf b/meta-google/conf/layer.conf index 47379e427..80486584d 100644 --- a/meta-google/conf/layer.conf +++ b/meta-google/conf/layer.conf @@ -15,3 +15,4 @@ BBFILE_COLLECTIONS += "google-layer" BBFILE_PATTERN_google-layer := "^${LAYERDIR}/" LAYERVERSION_google-layer = "1" LAYERSERIES_COMPAT_google-layer = "hardknott honister" +LAYERDEPENDS_google-layer += "core phosphor-layer" -- cgit v1.2.3