swupdate: install a default config file with optional public-key-file

The swupdate recipe installs by default a systemd service
and a socket to listen for updates coming from a web server.
DEY only makes use of such service during on-the-fly updates from Cloud
Connector web service.

The default swupdate service fails on images with TrustFence because it's
called with no arguments and there doesn't exist a configuration file.
This commit installs a default configuration file and, if TrustFence is
enabled, sets the parameter 'public-key-file' to point to the public
certificate to use to authenticate SWU packages.

While on it, it removes the same file from the recovery-initramfs recipe
that was the only recipe that was adding such config file for recovery
images only.

Signed-off-by: Hector Palacios <hector.palacios@digi.com>

meta-digi-dey/recipes-core/recovery/recovery-initramfs.bb

@@ -14,7 +14,6 @@ DEPENDS += "${@oe.utils.conditional('TRUSTFENCE_SIGN', '1', \
 
 SRC_URI = " \
     file://recovery-initramfs-init \
-    file://swupdate.cfg \
     file://automount_block.sh \
     file://automount_mtd.sh \
     file://automount_ubi.sh \
@@ -27,7 +26,6 @@ S = "${WORKDIR}"
 do_install() {
 	install -d ${D}${sysconfdir}
 	install -m 0755 ${WORKDIR}/recovery-initramfs-init ${D}/init
-	install -m 0644 ${WORKDIR}/swupdate.cfg ${D}${sysconfdir}
 	if [ "${STORAGE_MEDIA}" = "mmc" ]; then
 		install -m 0755 ${WORKDIR}/mount_cryptrootfs.sh ${D}${sysconfdir}
 	fi

meta-digi-dey/recipes-core/recovery/recovery-initramfs/swupdate.cfg

@@ -1,7 +0,0 @@
-globals :
-{
-	verbose = true;
-	loglevel = 5;
-	syslog = true;
-	mtd-blacklist = "0 1 2";
-};

meta-digi-dey/recipes-support/swupdate/swupdate/swupdate.cfg

@@ -0,0 +1,38 @@
+# SWUpdate configuration file
+#
+# SPDX-FileCopyrightText: 2014-2021 Stefano Babic <sbabic@denx.de>
+# SPDX-License-Identifier: CC0-1.0
+#
+# This is responsible to pass configuration and parameters
+# to SWUpdate. Most of configuration can be overwritten
+# with command line parameters.
+#
+
+globals : {
+	verbose = true;
+	loglevel = 5;
+	syslog = true;
+	mtd-blacklist = "0 1 2";
+	#public-key-file
+};
+
+# logcolors : set colors for output to stdout / stderr
+#             color is set indivisually for each level
+#             each entry is in the format
+#             loglevel = color:attribute
+# where loglevel is one of:
+# 	"error","warning", "info", "debug", "trace"
+# and color is one of:
+# 	"black", "red", "green", "yellow", "blue", "magenta", "cyan", "white"
+# and attribute is one of:
+# 	"normal", "bright", "dim", "underline", "blink", "reverse", "hidden"
+#
+# Example :
+# 	error = "red";
+#
+logcolors : {
+	error = "red:blink";
+	trace = "green:normal";
+	debug = "magenta:normal";
+	warning = "yellow:underline";
+};

meta-digi-dey/recipes-support/swupdate/swupdate_%.bbappend

@@ -12,12 +12,22 @@ SRC_URI += " \
     ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'file://systemd.cfg', '', d)} \
     ${@bb.utils.contains('STORAGE_MEDIA', 'mtd', 'file://mtd.cfg', '', d)} \
     ${@oe.utils.conditional('TRUSTFENCE_SIGN', '1', 'file://signed_images.cfg', '', d)} \
+    file://swupdate.cfg \
 "
 
 do_install:append() {
 	# Copy the 'progress' binary.
 	install -d ${D}${bindir}/
 	install -m 0755 tools/swupdate-progress ${D}${bindir}/progress
+
+	# Copy config file
+	install -d ${D}${sysconfdir}/
+	install -m 0755 ${WORKDIR}/swupdate.cfg ${D}${sysconfdir}
+
+	# Add public-key-file setting to config file if TrustFence is enabled
+	if ${@oe.utils.conditional('TRUSTFENCE_ENABLED', '1', 'true', 'false', d)}; then
+		sed -i "s,\(^\s*\)#public-key-file,\1public-key-file = \"${sysconfdir}/ssl/certs/key.pub\",g" ${D}${sysconfdir}/swupdate.cfg
+	fi
 }
 
 pkg_postinst_ontarget:${PN}() {