From 65a3cb16677f2794929aab367a1ac65167e87384 Mon Sep 17 00:00:00 2001 From: Tatiana Leon Date: Thu, 23 Nov 2017 14:46:56 +0100 Subject: [PATCH] AWS Greengrass: add new recipe for AWS Greengrass core 1.1.0 https://jira.digi.com/browse/DEL-5368 Signed-off-by: Tatiana Leon --- ...ve-bashisms-in-launcher-shell-script.patch | 114 ++++++++++ .../greengrass/greengrass_1.1.0.bb | 203 ++++++++++++++++++ 2 files changed, 317 insertions(+) create mode 100644 meta-digi-dey/recipes-aws/greengrass/greengrass-1.1.0/0001-greengrassd-remove-bashisms-in-launcher-shell-script.patch create mode 100644 meta-digi-dey/recipes-aws/greengrass/greengrass_1.1.0.bb diff --git a/meta-digi-dey/recipes-aws/greengrass/greengrass-1.1.0/0001-greengrassd-remove-bashisms-in-launcher-shell-script.patch b/meta-digi-dey/recipes-aws/greengrass/greengrass-1.1.0/0001-greengrassd-remove-bashisms-in-launcher-shell-script.patch new file mode 100644 index 000000000..adcdea806 --- /dev/null +++ b/meta-digi-dey/recipes-aws/greengrass/greengrass-1.1.0/0001-greengrassd-remove-bashisms-in-launcher-shell-script.patch @@ -0,0 +1,114 @@ +From: Tatiana Leon +Date: Mon, 13 Nov 2017 20:01:59 +0100 +Subject: [PATCH] greengrassd: remove bashisms in launcher shell script + +So it runs properly in other Posix shells (like the one in Busybox) + +Signed-off-by: Tatiana Leon +--- + .../ggc/packages/1.1.0/greengrassd | 27 +++++++++++----------- + 1 file changed, 14 insertions(+), 13 deletions(-) + +diff --git a/ggc/packages/1.1.0/greengrassd +index 9bece0c..4d68477 100755 +--- a/ggc/packages/1.1.0/greengrassd ++++ b/ggc/packages/1.1.0/greengrassd +@@ -1,4 +1,4 @@ +-#!/usr/bin/env bash ++#!/bin/sh + + ##########Environment Requirement for Greengrass Daemon########## + # by default, the daemon assumes it's going to be launched from a directory +@@ -42,20 +42,21 @@ setup() { + mkdir -p $GGC_ROOT_FS + + # Mask greengrass directory for containers +- mknod $GGC_ROOT_FS/greengrass c 1 3 &>/dev/null || true ++ mknod $GGC_ROOT_FS/greengrass c 1 3 >/dev/null 2>&1 || true + + mkdir -p $(dirname "$CRASH_LOG") + } + + validatePlatformSecurity() { + +- if [[ -f $FS_SETTINGS/protected_hardlinks && +- -f $FS_SETTINGS/protected_symlinks ]]; then ++ if [ -f $FS_SETTINGS/protected_hardlinks ] && ++ [ -f $FS_SETTINGS/protected_symlinks ]; then ++ + + PROT_HARDLINK_VAL=$(cat $FS_SETTINGS/protected_hardlinks) + PROT_SOFTLINK_VAL=$(cat $FS_SETTINGS/protected_symlinks) + +- if [[ "$PROT_HARDLINK_VAL" -ne 1 || "$PROT_SOFTLINK_VAL" -ne 1 ]]; then ++ if [ "$PROT_HARDLINK_VAL" -ne 1 ] || [ "$PROT_SOFTLINK_VAL" -ne 1 ]; then + echo "AWS Greengrass detected insecure OS configuration: No hardlink/softlink protection enabled." | tee -a $CRASH_LOG + exit 1 + fi +@@ -134,13 +135,13 @@ finish() { + pid=$1 + echo "$pid" > $PID_FILE + echo "" +- echo -e "\e[0;32mGreengrass successfully started with PID: $pid\e[0m" ++ printf "\e[0;32mGreengrass successfully started with PID: $pid\e[0m\n" + exit 0 + } + + start() { + setup +- if [[ $INSECURE -ne 1 ]]; then ++ if [ "${INSECURE}" != "1" ]; then + validatePlatformSecurity + fi + +@@ -159,7 +160,7 @@ start() { + + echo "" + echo "Greengrass daemon $pid failed to start" +- echo -e "\e[0;31m$(cat $CRASH_LOG)\e[0m" ++ printf "\e[0;31m$(cat $CRASH_LOG)\e[0m\n" + exit 1 + else + echo "Failed to start Greengrass daemon" +@@ -191,7 +192,7 @@ stop() { + # If the pid no longer exists, we're done, remove the pid file and exit. Otherwise, just increment the loop counter + if [ ! -e "/proc/$PID" ]; then + rm $PID_FILE +- echo -e "\nStopped greengrass daemon, exiting with success" ++ printf "\nStopped greengrass daemon, exiting with success\n" + break + else + total_sleep_seconds=$(($total_sleep_seconds+1)) +@@ -207,7 +208,7 @@ stop() { + if [ $total_sleep_seconds -ge $MAX_DAEMON_KILL_WAIT_SECONDS ] && [ -e "/proc/$PID" ]; then + # If we are here, we never exited in the previous loop and the pid still exists. Exit with failure. + kill -9 "$PID" > /dev/null 2>&1 +- echo -e "\nProcess with pid $PID still alive after timeout of $MAX_DAEMON_KILL_WAIT_SECONDS seconds. Forced kill process, exiting with failure." ++ printf "\nProcess with pid $PID still alive after timeout of $MAX_DAEMON_KILL_WAIT_SECONDS seconds. Unable to kill process, exiting with failure.\n" + exit 1 + fi + fi +@@ -217,12 +218,12 @@ usage() { + echo "" + echo "Usage: $0 [FLAGS] {start|stop|restart}" + echo "" +- echo -e "[FLAGS]: \n -i, --insecure \t Run GGC in insecure mode without hardlink/softlink protection, (highly discouraged for production use) \n -v, --version \t\t Outputs the version of GGC." ++ printf "[FLAGS]: \n -i, --insecure \t Run GGC in insecure mode without hardlink/softlink protection, (highly discouraged for production use) \n -v, --version \t\t Outputs the version of GGC.\n" + echo "" + exit 1 + } + +-if [[ $# -eq 0 ]]; then ++if [ $# -eq 0 ]; then + usage + fi + +@@ -236,7 +237,7 @@ do + esac + done + +-while [[ $# -gt 0 ]] ++while [ $# -gt 0 ] + do + key="$1" + case $key in diff --git a/meta-digi-dey/recipes-aws/greengrass/greengrass_1.1.0.bb b/meta-digi-dey/recipes-aws/greengrass/greengrass_1.1.0.bb new file mode 100644 index 000000000..a43a586cd --- /dev/null +++ b/meta-digi-dey/recipes-aws/greengrass/greengrass_1.1.0.bb @@ -0,0 +1,203 @@ +# Copyright (C) 2017, Digi International Inc. + +SUMMARY = "AWS IoT Greengrass core" +HOMEPAGE = "https://aws.amazon.com/greengrass/" +# +# The package includes different licenses: +# +# [Apache-2.0] +# ggc/core/LICENSE/attributions/github_aws_aws_sdk_go_License.txt +# ggc/core/LICENSE/attributions/github_coreos_go_systemd_License.txt +# ggc/core/LICENSE/attributions/github_docker_docker_License.txt +# ggc/core/LICENSE/attributions/github_docker_go_units_License.txt +# ggc/core/LICENSE/attributions/github_go_ini_ini_License.txt +# ggc/core/LICENSE/attributions/github_jmespath_go_jmespath_License.txt +# ggc/core/LICENSE/attributions/github_opencontainers_runc_License.txt +# ggc/core/LICENSE/attributions/github_opencontainers_runtime_spec_License.txt +# ggc/core/LICENSE/attributions/github_pquerna_ffjson_License.txt +# ggc/core/LICENSE/attributions/github_vishvananda_netlink_License.txt +# [BSD-2-Clause] +# ggc/core/LICENSE/attributions/github_godbus_dbus_License.txt +# ggc/core/LICENSE/attributions/github_huin_gobinarytest_License.txt +# ggc/core/LICENSE/attributions/github_seccomp_libseccomp_golang_License.txt +# ggc/core/LICENSE/attributions/github_syndtr_gocapability_License.txt +# [BSD-3-Clause] +# ggc/core/LICENSE/attributions/github_fsnotify_fsnotify_License.txt +# ggc/core/LICENSE/attributions/github_golang_protobuf_License.txt +# ggc/core/LICENSE/attributions/github_jeffallen_mqtt_License.txt +# ggc/core/LICENSE/attributions/Golang_License.txt +# [MIT] +# ggc/core/LICENSE/attributions/github_huin_mqtt_License.txt +# ggc/core/LICENSE/attributions/github_mattn_go_sqlite3_License.txt +# ggc/core/LICENSE/attributions/github_nu7hatch_gouuid_License.txt +# ggc/core/LICENSE/attributions/github_Sirupsen_logrus_License.txt +# ggc/core/LICENSE/attributions/github_urfave_cli_License.txt +# ggc/core/LICENSE/attributions/github_yosssi_gmq_License.txt +# [PD] +# ggc/core/LICENSE/attributions/sqlite_org_License.txt +# [Proprietary] +# ggc/core/LICENSE/Greengrass AWS SW License (IoT additiona) vr6.txt +# +LICENSE = "Apache-2.0 | BSD-2-Clause | BSD-3-Clause | MIT | PD | Proprietary" +LIC_FILES_CHKSUM = " \ + file://ggc/core/LICENSE/attributions/github_aws_aws_sdk_go_License.txt;md5=d273d63619c9aeaf15cdaf76422c4f87 \ + file://ggc/core/LICENSE/attributions/github_coreos_go_systemd_License.txt;md5=715f3348ed8b9bf4fac3b08133384a4d \ + file://ggc/core/LICENSE/attributions/github_docker_docker_License.txt;md5=bba4ee48af378e39b452d742d29c710b \ + file://ggc/core/LICENSE/attributions/github_docker_go_units_License.txt;md5=bb99db20f1c48c2c4952c27c72855e36 \ + file://ggc/core/LICENSE/attributions/github_fsnotify_fsnotify_License.txt;md5=c38914c9a7ab03bb2b96d4baaee10769 \ + file://ggc/core/LICENSE/attributions/github_godbus_dbus_License.txt;md5=b03a62440372a9acf9692ad365932c87 \ + file://ggc/core/LICENSE/attributions/github_go_ini_ini_License.txt;md5=715f3348ed8b9bf4fac3b08133384a4d \ + file://ggc/core/LICENSE/attributions/github_golang_protobuf_License.txt;md5=16fe162f7848190010b6ec7bfaac030a \ + file://ggc/core/LICENSE/attributions/github_huin_gobinarytest_License.txt;md5=f2b3138d9d314bccf5297dea7e3e6d14 \ + file://ggc/core/LICENSE/attributions/github_huin_mqtt_License.txt;md5=12fd125064676697934b7d8c09bed0e8 \ + file://ggc/core/LICENSE/attributions/github_jeffallen_mqtt_License.txt;md5=b7269d52765d477e10f319c19d8a9d33 \ + file://ggc/core/LICENSE/attributions/github_jmespath_go_jmespath_License.txt;md5=640d33f0070c9dc3a194d2ed7db02974 \ + file://ggc/core/LICENSE/attributions/github_mattn_go_sqlite3_License.txt;md5=948f36a2300ac729e60416063190f664 \ + file://ggc/core/LICENSE/attributions/github_nu7hatch_gouuid_License.txt;md5=6b18748dcc29fda05fa5aaef44d517fd \ + file://ggc/core/LICENSE/attributions/github_opencontainers_runc_License.txt;md5=587c01b2dcc5dc3b4bed51b918c64731 \ + file://ggc/core/LICENSE/attributions/github_opencontainers_runtime_spec_License.txt;md5=ef95ed297310c3d09ba16c06d5e161a5 \ + file://ggc/core/LICENSE/attributions/github_pquerna_ffjson_License.txt;md5=d273d63619c9aeaf15cdaf76422c4f87 \ + file://ggc/core/LICENSE/attributions/github_seccomp_libseccomp_golang_License.txt;md5=9205c4c469bfb9d3a63f346539ee445b \ + file://ggc/core/LICENSE/attributions/github_Sirupsen_logrus_License.txt;md5=29baae91637760ae68feb57ca93e5a0a \ + file://ggc/core/LICENSE/attributions/github_syndtr_gocapability_License.txt;md5=321f58fa53a0b1bb9a887f14660d436b \ + file://ggc/core/LICENSE/attributions/github_urfave_cli_License.txt;md5=f1f14a2449300559aed90bedc36a71ed \ + file://ggc/core/LICENSE/attributions/github_vishvananda_netlink_License.txt;md5=c95fd0efd62139c155e956a448df8fd6 \ + file://ggc/core/LICENSE/attributions/github_yosssi_gmq_License.txt;md5=2509f45544da1ecce869ce2de1aa44dd \ + file://ggc/core/LICENSE/attributions/Golang_License.txt;md5=3d7ed06383c65a3161b36c6a0b0b98f5 \ + file://ggc/core/LICENSE/attributions/sqlite_org_License.txt;md5=380e2694a297aa32879ca2ae9c6c029b \ +" + +# Bitbake does not support spaces in filenames, but GG License does have spaces, +# so workaround the problem by renaming the file before using it. +GG_LIC_FILENAME = "Greengrass AWS SW License (IoT additiona) vr6.txt" +GG_LIC_FILENAME_NOSPACES = "${@d.getVar('GG_LIC_FILENAME', True).replace(' ','_')}" +LIC_FILES_CHKSUM += "file://ggc/core/LICENSE/${GG_LIC_FILENAME_NOSPACES};md5=7df5bf535d02b2f83c260250fe330b6c" + +SRC_URI = " \ + http:///not/exist/greengrass-linux-armv7l-${PV}.tar.gz \ + file://greengrass-init \ + file://0001-greengrassd-remove-bashisms-in-launcher-shell-script.patch \ +" +SRC_URI[md5sum] = "6a13664c6a36e495e773f43ab92b8bdf" +SRC_URI[sha256sum] = "13c2637188eaf01049d875c99dc6929e8e206e4b4c98a4194a0cea827dca306d" + +GG_TARBALL_LOCAL_PATH ?= "" + +# The tarball is only available for downloading after registration, so provide +# a PREMIRROR to a local directory that can be configured in the project's +# local.conf file using GG_TARBALL_LOCAL_PATH variable. +python() { + gg_tarball_local_path = d.getVar('GG_TARBALL_LOCAL_PATH', True) + if gg_tarball_local_path: + premirrors = d.getVar('PREMIRRORS', True) + d.setVar('PREMIRRORS', "http:///not/exist/greengrass.* file://%s \\n %s" % (gg_tarball_local_path, premirrors)) +} + +S = "${WORKDIR}/${BPN}" + +inherit aws-iot update-rc.d useradd + +GG_USESYSTEMD = "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'yes', 'no', d)}" + +# Rename GG license file +do_unpack[postfuncs] += "rename_license" +rename_license() { + cd ${S}/ggc/core/LICENSE/ + mv "${GG_LIC_FILENAME}" "${GG_LIC_FILENAME_NOSPACES}" +} + +# Disable tasks not needed for the binary package +do_configure[noexec] = "1" +do_compile[noexec] = "1" + +do_install() { + install -d ${D}/${BPN} + tar --no-same-owner --exclude='./patches' --exclude='./.pc' -cpf - -C ${S} . \ + | tar --no-same-owner -xpf - -C ${D}/${BPN} + + # Install wrapper bootscript to launch Greengrass core on boot + install -d ${D}${sysconfdir}/init.d + install -m 0755 ${WORKDIR}/greengrass-init ${D}${sysconfdir}/init.d/greengrass + sed -i -e "s,##GG_INSTALL_DIR##,/${BPN},g" ${D}${sysconfdir}/init.d/greengrass + + # If certificates do exist, install them and update the config file + if [ -f "${AWS_IOT_CERTS_DIR}/${AWS_GGCORE_ROOT_CA}" ] && \ + [ -f "${AWS_IOT_CERTS_DIR}/${AWS_GGCORE_CERTIFICATE}" ] && \ + [ -f "${AWS_IOT_CERTS_DIR}/${AWS_GGCORE_PRIVATE_KEY}" ]; then + install -m 0644 "${AWS_IOT_CERTS_DIR}/${AWS_GGCORE_ROOT_CA}" \ + "${AWS_IOT_CERTS_DIR}/${AWS_GGCORE_CERTIFICATE}" \ + "${AWS_IOT_CERTS_DIR}/${AWS_GGCORE_PRIVATE_KEY}" \ + ${D}/${BPN}/certs/ + sed -i -e "s,\[ROOT_CA_PEM_HERE],${AWS_GGCORE_ROOT_CA},g" \ + -e "s,\[CLOUD_PEM_CRT_HERE],${AWS_GGCORE_CERTIFICATE},g" \ + -e "s,\[CLOUD_PEM_KEY_HERE],${AWS_GGCORE_PRIVATE_KEY},g" \ + ${D}/${BPN}/config/config.json + fi + + # Configure the rest of GG Core parameters + [ -n "${AWS_GGCORE_THING_ARN}" ] && sed -i -e "s,\[THING_ARN_HERE],${AWS_GGCORE_THING_ARN},g" ${D}/${BPN}/config/config.json + if [ -n "${AWS_GGCORE_IOT_HOST}" ]; then + AWS_GGCORE_HOST_PREFIX="$(echo ${AWS_GGCORE_IOT_HOST} | sed -e 's,\([^.]\+\)\.iot.*,\1,g')" + AWS_GGCORE_REGION="$(echo ${AWS_GGCORE_IOT_HOST} | sed -e 's,.*.iot\.\([^.]\+\)\..*,\1,g')" + [ -n "${AWS_GGCORE_HOST_PREFIX}" ] && sed -i -e "s,\[HOST_PREFIX_HERE],${AWS_GGCORE_HOST_PREFIX},g" ${D}/${BPN}/config/config.json + [ -n "${AWS_GGCORE_REGION}" ] && sed -i -e "s,\[AWS_REGION_HERE],${AWS_GGCORE_REGION},g" ${D}/${BPN}/config/config.json + fi + + # Configure whether to use systemd or not + sed -i -e "/useSystemd/{s,\[yes|no],${GG_USESYSTEMD},g}" ${D}/${BPN}/config/config.json +} + +pkg_postinst_${PN}() { + # Enable protection for hardlinks and symlinks + if ! grep -qs 'protected_.*links' $D${sysconfdir}/sysctl.conf; then + cat >> $D${sysconfdir}/sysctl.conf <<-_EOF_ + # Greengrass: protect hardlinks/symlinks + fs.protected_hardlinks = 1 + fs.protected_symlinks = 1 + _EOF_ + fi + + # Customize '/etc/fstab' + if [ -f "$D${sysconfdir}/fstab" ]; then + # Disable TMPFS /var/volatile + sed -i -e '\#^tmpfs[[:blank:]]\+/var/volatile#s,^,#,g' $D${sysconfdir}/fstab + + # Mount a cgroup hierarchy with all available subsystems + if ! grep -qs '^cgroup' $D${sysconfdir}/fstab; then + cat >> $D${sysconfdir}/fstab <<-_EOF_ + # Greengrass: mount cgroups + cgroup /sys/fs/cgroup cgroup defaults 0 0 + _EOF_ + fi + fi + + # Disable '/etc/resolv.conf' symlink + if [ -f "$D${sysconfdir}/default/volatiles/00_core" ]; then + sed -i -e '/resolv.conf/d' $D${sysconfdir}/default/volatiles/00_core + cat >> $D${sysconfdir}/default/volatiles/00_core <<-_EOF_ + # Greengrass: create a real (no symlink) resolv.conf + f root root 0644 /etc/resolv.conf none + _EOF_ + fi +} + +FILES_${PN} = "/${BPN} ${sysconfdir}" + +CONFFILES_${PN} += "/${BPN}/config/config.json" + +INITSCRIPT_NAME = "greengrass" +INITSCRIPT_PARAMS = "defaults 80 20" + +USERADD_PACKAGES = "${PN}" +GROUPADD_PARAM_${PN} = "-r ggc_group" +USERADD_PARAM_${PN} = "-r -M -N -g ggc_group -s /bin/false ggc_user" + +# +# Disable failing QA checks: +# +# Binary was already stripped +# No GNU_HASH in the elf binary +# +INSANE_SKIP_${PN} += "already-stripped ldflags" + +RDEPENDS_${PN} += "ca-certificates python-argparse python-json python-numbers sqlite3"