From 8401702b28725a9c52a203b2b0dc839679a63aa5 Mon Sep 17 00:00:00 2001
From: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>
Date: Thu, 10 Oct 2019 12:39:21 +0200
Subject: Support uploading multiple certificates per authority service

Since the certificate manager can support multiple certificates
the CERTPATH for mode=authentication will be changed to directory.

This change depends on anothere review, see Depends-On tag.

Becase the TrustStore will be used by TLS authentication,
any operation on certificates should result in bmcweb restart, that
is why #Units to restart entry is added.

Since update procedure will not replace configuration file in /etc
all configuration files for the certificate-manager will be deployed
in /usr/share/phosphor-certificate-manager.

(From meta-phosphor rev: 0c09ff71d089c614b14d076d933e849f2f74281e)

Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>
Change-Id: Ib7f4ba60760ab8cd1ac647bc51dadf50af7fedc7
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
---
 .../recipes-phosphor/certificate/phosphor-bmcweb-cert-config.bb      | 4 +++-
 .../phosphor-certificate-manager@.service                            | 2 +-
 .../certificate/phosphor-nslcd-authority-cert-config.bb              | 4 +++-
 .../certificate/phosphor-nslcd-authority-cert-config/env             | 5 ++++-
 .../recipes-phosphor/certificate/phosphor-nslcd-cert-config.bb       | 4 +++-
 5 files changed, 14 insertions(+), 5 deletions(-)

(limited to 'meta-phosphor/recipes-phosphor')

diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-bmcweb-cert-config.bb b/meta-phosphor/recipes-phosphor/certificate/phosphor-bmcweb-cert-config.bb
index cc1f0825f..9fa5f3a0f 100644
--- a/meta-phosphor/recipes-phosphor/certificate/phosphor-bmcweb-cert-config.bb
+++ b/meta-phosphor/recipes-phosphor/certificate/phosphor-bmcweb-cert-config.bb
@@ -11,8 +11,10 @@ inherit allarch
 
 SRC_URI = "file://env"
 
+FILES_${PN} = "${datadir}"
+
 do_install() {
-	install -D ${WORKDIR}/env ${D}/${sysconfdir}/default/obmc/cert/bmcweb
+	install -D ${WORKDIR}/env ${D}/${datadir}/phosphor-certificate-manager/bmcweb
 }
 
 pkg_postinst_${PN}() {
diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager/phosphor-certificate-manager@.service b/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager/phosphor-certificate-manager@.service
index a8215662e..255906fab 100644
--- a/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager/phosphor-certificate-manager@.service
+++ b/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager/phosphor-certificate-manager@.service
@@ -2,7 +2,7 @@
 Description=Phosphor certificate manager for %I
 
 [Service]
-EnvironmentFile={envfiledir}/obmc/cert/%I
+EnvironmentFile=/usr/share/phosphor-certificate-manager/%I
 ExecStart=/usr/bin/env phosphor-certificate-manager --endpoint=${{ENDPOINT}} --path=${{CERTPATH}} --unit=${{UNIT}} --type=${{TYPE}}
 SyslogIdentifier=phosphor-certificate-manager
 Restart=always
diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config.bb b/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config.bb
index f15fc73d3..07302d657 100644
--- a/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config.bb
+++ b/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config.bb
@@ -11,8 +11,10 @@ inherit allarch
 
 SRC_URI = "file://env"
 
+FILES_${PN} = "${datadir}"
+
 do_install() {
-	install -D ${WORKDIR}/env ${D}/${sysconfdir}/default/obmc/cert/authority
+	install -D ${WORKDIR}/env ${D}/${datadir}/phosphor-certificate-manager/authority
 }
 
 pkg_postinst_${PN}() {
diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config/env b/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config/env
index 849d695b5..d2e8814cb 100644
--- a/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config/env
+++ b/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config/env
@@ -3,7 +3,10 @@
 ENDPOINT=ldap
 
 #Path for the certificate file
-CERTPATH=/etc/ssl/certs/Root-CA.pem
+CERTPATH=/etc/ssl/certs/authority
+
+#Units to restart
+UNIT=bmcweb.service
 
 #Type of service
 TYPE=authority
diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-cert-config.bb b/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-cert-config.bb
index 0a53a3202..5b0c03a65 100644
--- a/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-cert-config.bb
+++ b/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-cert-config.bb
@@ -11,8 +11,10 @@ inherit allarch
 
 SRC_URI = "file://env"
 
+FILES_${PN} = "${datadir}"
+
 do_install() {
-	install -D ${WORKDIR}/env ${D}/${sysconfdir}/default/obmc/cert/nslcd
+	install -D ${WORKDIR}/env ${D}/${datadir}/phosphor-certificate-manager/nslcd
 }
 
 pkg_postinst_${PN}() {
-- 
cgit v1.2.3