diff options
author | Leo Tu <leotu@google.com> | 2022-08-18 08:17:39 +0300 |
---|---|---|
committer | Leo Tu <leotu@google.com> | 2022-09-02 03:33:45 +0300 |
commit | 9104c30f58dd7bd3d187dd47f2d11af2dde3c66d (patch) | |
tree | efa52339864ec57a7c6ce3bac259a34e666b3a53 /meta-google | |
parent | f19ea027280ea71573d4ba2e66c82c09c9982d54 (diff) | |
download | openbmc-9104c30f58dd7bd3d187dd47f2d11af2dde3c66d.tar.xz |
meta-google: Add glome-login and glome-config
We have to use glome-config since the sample config is removed in
glome recipe. As a result, now glome depends on glome-config.
The platform also needs to overwrite these variables in their
bbappend files:
- glome-login.bb
* GLOME_FALLBACK_SERV
* GLOME_FALLBACK_OBJ
* GLOME_HOSTNAME_SUFFIX
* GLOME_BOARDSN_KEY
- glome-config.bb
* GLOME_PUBLIC_KEY
* GLOME_KEY_VERSION
* GLOME_URL_PREFIX
Tested:
1) `bitbake obmc-phosphor-image` build passes
2) inplace update the image on a real machine
3) connect to it
The glome is enabled and login is successful
Signed-off-by: Leo Tu <leotu@google.com>
Change-Id: I21a48cbdcfea67772f143b4fc115f717e6d7cbc5
Diffstat (limited to 'meta-google')
5 files changed, 158 insertions, 3 deletions
diff --git a/meta-google/recipes-google/console/glome-config.bb b/meta-google/recipes-google/console/glome-config.bb new file mode 100644 index 0000000000..be3612d398 --- /dev/null +++ b/meta-google/recipes-google/console/glome-config.bb @@ -0,0 +1,39 @@ +SUMMARY = "Glome Config" +DESCRIPTION = "Glome config file provides a glome config file" +PR = "r1" + +# This is required to replace the glome/config that is removed in glome_git.bb + +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10" + +# Example Privkey: A0F1D0A0CB254839D04637F567325B850B5174850B129E811F5E203A42CC3B6C +GLOME_PUBLIC_KEY ?= "AC11D4582261F2D05CDDE1BD94383393D26C5C269642EE26D7EABD1EADC03C14" +GLOME_KEY_VERSION ?= "4" +GLOME_URL_PREFIX ?= "http://example-glome-service/" + +SRC_URI = "file://config.in" + +do_install:append() { + if [ -z '${GLOME_PUBLIC_KEY}' ]; then + echo 'Missing GLOME_PUBLIC_KEY' >&2 + exit 1 + fi + if [ -z '${GLOME_KEY_VERSION}' ]; then + echo 'Missing GLOME_KEY_VERSION' >&2 + exit 1 + fi + if [ -z '${GLOME_URL_PREFIX}' ]; then + echo 'Missing GLOME_URL_PREFIX' >&2 + exit 1 + fi + + sed ${WORKDIR}/config.in \ + -e 's#@PUBLIC_KEY@#${GLOME_PUBLIC_KEY}#' \ + -e 's#@KEY_VERSION@#${GLOME_KEY_VERSION}#' \ + -e 's#@URL_PREFIX@#${GLOME_URL_PREFIX}#' \ + > ${WORKDIR}/config + + install -d ${D}${sysconfdir}/glome + install -m 0644 ${WORKDIR}/config ${D}${sysconfdir}/glome +} diff --git a/meta-google/recipes-google/console/glome-config/config.in b/meta-google/recipes-google/console/glome-config/config.in new file mode 100644 index 0000000000..291f6a57fb --- /dev/null +++ b/meta-google/recipes-google/console/glome-config/config.in @@ -0,0 +1,8 @@ +# This is the configuration file for serial console authentication with glome. +# /usr/sbin/glome-login tries to read this file on startup at its canonical +# location /etc/glome/config. + +[service] +key = @PUBLIC_KEY@ +key-version = @KEY_VERSION@ +url-prefix = @URL_PREFIX@ diff --git a/meta-google/recipes-google/console/glome-login.bb b/meta-google/recipes-google/console/glome-login.bb new file mode 100644 index 0000000000..ea043d3a5e --- /dev/null +++ b/meta-google/recipes-google/console/glome-login.bb @@ -0,0 +1,59 @@ +SUMMARY = "Glome Login Scripts" +DESCRIPTION = "Glome Login Scripts" +PR = "r1" + +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10" + +GLOME_FALLBACK_SERV ?= "" +GLOME_FALLBACK_OBJ ?= "" +GLOME_HOSTNAME_SUFFIX ?= "" +GLOME_BOARDSN_KEY ?= "bmc-boardsn" + +RDEPENDS:${PN} += "bash" +RDEPENDS:${PN} += "glome" +RDEPENDS:${PN} += "jq" +RDEPENDS:${PN} += "obmc-console" + +SRC_URI += "file://glome-login.sh.in" + +do_install:append() { + if [ -z '${GLOME_FALLBACK_SERV}' ]; then + echo 'Missing GLOME_FALLBACK_SERV' >&2 + exit 1 + fi + + if [ -z '${GLOME_FALLBACK_OBJ}' ]; then + echo 'Missing GLOME_FALLBACK_OBJ' >&2 + exit 1 + fi + + if [ -z '${GLOME_HOSTNAME_SUFFIX}' ]; then + echo 'Missing GLOME_HOSTNAME_SUFFIX' >&2 + exit 1 + fi + + sed ${WORKDIR}/glome-login.sh.in \ + -e 's#@INV_SERV@#${GLOME_FALLBACK_SERV}#' \ + -e 's#@INV_OBJ@#${GLOME_FALLBACK_OBJ}#' \ + -e 's#@HOSTNAME_SUFFIX@#${GLOME_HOSTNAME_SUFFIX}#' \ + -e 's#@BOARDSN_KEY@#${GLOME_BOARDSN_KEY}#' \ + > ${WORKDIR}/glome-login.sh + + install -d ${D}${bindir} + install -m 0755 ${WORKDIR}/glome-login.sh ${D}${bindir} +} + +# This is an example to override the glome login service in the bbappend for 'prod' +# +#FILES:${PN}:append:prod = " \ +# ${systemd_system_unitdir}/serial-to-bmc@.service.d/bmc-login-glome-override.conf \ +# ${systemd_system_unitdir}/serial-getty@.service.d/bmc-login-glome-override.conf \ +# " +# +#do_install:append:prod() { +# install -D -m 0644 ${WORKDIR}/bmc-login-glome-override.conf \ +# ${D}${systemd_system_unitdir}/serial-to-bmc@.service.d/bmc-login-glome-override.conf +# install -D -m 0644 ${WORKDIR}/bmc-login-glome-override.conf \ +# ${D}${systemd_system_unitdir}/serial-getty@.service.d/bmc-login-glome-override.conf +#} diff --git a/meta-google/recipes-google/console/glome-login/glome-login.sh.in b/meta-google/recipes-google/console/glome-login/glome-login.sh.in new file mode 100644 index 0000000000..2d12e355d1 --- /dev/null +++ b/meta-google/recipes-google/console/glome-login/glome-login.sh.in @@ -0,0 +1,42 @@ +#!/bin/bash +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +set -eo pipefail + +HOSTNAME="$(hostname)" +USER="${1?Missing first param: USER (Usually passed by agetty via \\u)}" + +if [[ "$HOSTNAME" =~ ^([^-.]+)[^.]*(.*[.]corp[.]google[.]com)$ ]]; then + # for google corp address the suffix must be removed from the name + HOSTNAME="${BASH_REMATCH[1]}${BASH_REMATCH[2]}" +fi + +if [[ "${HOSTNAME}" == *"@HOSTNAME_SUFFIX@" ]]; then + # Valid hostname is already set, invoke normal glome + exec /usr/sbin/glome-login -M "${HOSTNAME}" "${USER}" +fi + +# Get the board serial number from the FRU EEPROM +# Service passed in as a parameter would be either inventory-manager or +# entity-manager depending on platforms +# Path to the FRU EEPROM object has to be passed in as a parameter +# If the target platform has neither of them, the fallback mechanism is useless +INT="xyz.openbmc_project.Inventory.Decorator.Asset" +PART="SerialNumber" +BOARDSN="$(busctl get-property -j "@INV_SERV@" "@INV_OBJ@" "${INT}" "${PART}" | jq -r '.data')" + +WARN_MSG="WARNING: Hostname is not set, using Board Serial Number" +echo "${WARN_MSG}" +echo "${WARN_MSG}" | systemd-cat -t gbmc-glome -p warning +exec /usr/sbin/glome-login -M "@BOARDSN_KEY@:${BOARDSN}" "${USER}" diff --git a/meta-google/recipes-google/console/glome_git.bb b/meta-google/recipes-google/console/glome_git.bb index 42dcbda25e..418179f050 100644 --- a/meta-google/recipes-google/console/glome_git.bb +++ b/meta-google/recipes-google/console/glome_git.bb @@ -8,16 +8,23 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" inherit meson pkgconfig -DEPENDS += "openssl" +DEPENDS += " \ + openssl \ + glome-config \ + " +RDEPENDS:${PN} += "glome-config" S = "${WORKDIR}/git" SRC_URI = "git://github.com/google/glome.git;branch=master;protocol=https" SRCREV = "978ad9fb165f1e382c875f2ce08a1fc4f2ddcf1b" -FILES_${PN} += "${libdir}/security" - PACKAGECONFIG ??= "" PACKAGECONFIG[glome-cli] = "-Dglome-cli=true,-Dglome-cli=false" PACKAGECONFIG[pam-glome] = "-Dpam-glome=true,-Dpam-glome=false,libpam" EXTRA_OEMESON = "-Dtests=false" + +# remove the default glome config so it can be overridden by `glome-config` +do_install:append() { + rm -f ${D}${sysconfdir}/glome/config +} |