Age | Commit message (Collapse) | Author | Files | Lines |
|
Since the certificate manager can support multiple certificates
the CERTPATH for mode=authentication will be changed to directory.
This change depends on anothere review, see Depends-On tag.
Becase the TrustStore will be used by TLS authentication,
any operation on certificates should result in bmcweb restart, that
is why #Units to restart entry is added.
Since update procedure will not replace configuration file in /etc
all configuration files for the certificate-manager will be deployed
in /usr/share/phosphor-certificate-manager.
(From meta-phosphor rev: 0c09ff71d089c614b14d076d933e849f2f74281e)
Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>
Change-Id: Ib7f4ba60760ab8cd1ac647bc51dadf50af7fedc7
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
PHOSPHORBASE is only used for pointing at licenses...point at the
licenses in oe-core in meta/files/common-licenses instead. to match the
defacto convention used in other oe layers like meta-openembedded.
(From meta-phosphor rev: a1cee09419cb1467c3d2b7bf996b40089f0d06f4)
Change-Id: If136d24638a8022671988cf0a01620e7fffc545f
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
Since the config recipe packages will create symlinks to the certificate
manager template, RDEPEND rather than RRECOMMEND on the certificate
manager package (which provides the template).
Avoid obmc-phosphor-systemd. Enabling systemd units is the realm of
packaging scripts and the SYSTEMD_LINK feature in obmc-phosphor-systemd
implements this incorrectly. Just directly code install, pkg_postinst
and pkg_prerm here rather than trying to fix obmc-phosphor-systemd - the
extra indirection is more harmful to ease of comprehension for seasoned
Yocto developers than the couple of lines of code it saves.
(From meta-phosphor rev: 1a4e65e5847e299348b5f28ffa2b4b1837769deb)
Change-Id: Ideb12d62461b3b18ff5c92f3a76f1aa20c94a269
Tested: Built witherspoon image and verified rootfs unchanged.
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
Added new service to install CA certificate
To start/stop service use commands
systemctl start phosphor-certificate-manager@authority.service
systemctl status phosphor-certificate-manager@authority.service
Tested:
2$ curl -c cjar -b cjar -k -H "Content-Type: application/octet-stream" -X
PUT -T cert.pem https://$BMC_IP//xyz/openbmc_project/certs/authority/ldap
{
"data": null,
"message": "200 OK",
"status": "ok"
}
root@witherspoon-w5:/tmp# systemctl stop phosphor-certificate-manager@authority.service
root@witherspoon-w5:/tmp#
root@witherspoon-w5:/tmp# systemctl start phosphor-certificate-manager@authority.service
root@witherspoon-w5:/tmp#
(From meta-phosphor rev: 139b373080872a96f7c64dfdc46807ed993daff0)
Change-Id: I993f1d7db13212f04022fd562ea058f389b26da9
Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|