Cloud Connector configuration file sets:
* 'edp12.devicecloud.com' as the URL to connect to (this end point uses client
certificates)
* '/mnt/data' as the directory to store downloaded certificates, now that
this is also available in emmc platforms (see
62d937df42)
This commit:
* reverts a0842cbcfd to keep
'edp12.devicecloud.com' URL that uses certificates for ccimx8m platforms.
* reverts fd94f10c0b since now the cloud connector
configuration file sets '/mnt/data' as the place to store downloaded
certificates, so no need to modify it for ccmp1 platforms.
* It also configures '/etc/ssl/certs' as the certificates directory for cc6ul
devices. Although by default, these devices are connecting to
'remotemanager.digi.com' that not uses certificates, we prefer to use an
existing directory in that setting. See commit
063a946e7c.
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
'environment' partition is not available in the ccmp15.
The solution suggested is read the "/proc/mounts" and check if the 'rootfs' is
'ubifs' mounted.
Related to commits 7c07b15370 and
678eaaf0fc4ce74e67682387e3465eb29659bd47
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
This commit adds a new function to get the active system in a dualboot device
without using 'active_system' U-Boot variable.
This way the script always knows the real active system even when the variable
'active_system' has the value of the next boot active system, for example, after
performing a 'update-firmware --swap-active-system'.
https://onedigi.atlassian.net/browse/DEL-8399
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
This option combined with '-a' ('--active') only prints the active block: a or b
The purpose an output to be consumed by other scripts or programs.
https://onedigi.atlassian.net/browse/DEL-8399
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
Check the second ('/') and third ('ubifs') field of 'rootfs' entry in
'/proc/mounts' as the first one ('rootfs_a' or 'rootfs_b') may be changed by
custormers:
root@ccmp15-dvk:~# cat /proc/mounts
ubi0:rootfs_b / ubifs rw,relatime,assert=read-only,ubi=0,vol=5 0 0
[...]
https://onedigi.atlassian.net/browse/DEL-8399
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
This is required for the firmware update using Digi Remote Manager. The reboot
is commanded by the server, it that does not happen the update process is not
ended for DRM.
https://onedigi.atlassian.net/browse/DEL-8399
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
The stand-alone signing script 'trustfence-sign-artifact.sh' checks
if a valid PKI tree exists (by checking the existance of four SRK
files) and if they don't, it calls trustfence-gen-pki.sh (which is
a wrapper over different generators (for HAB or AHAB) to create one.
Recipes such as 'dualboot' or 'recovery-initramfs' may need to call
openssl functions over the PKI tree. These recipes do not currently
generate the PKI tree; they expect it to be already in place.
This might not be the case if the trustfence-sign-artifact.sh script
has not been called yet.
Originally, a fake dependency on virtual/kernel recipe was made to
force it, but it doesn't quite work since the calling only happens
on deploy() while regular DEPENDS doesn't wait for this task.
If the PKI does not exist, a recipe that requires the PKI tree will
fail.
The solution is to create a function on the trustfence.bbclass that
allows any recipe to check for the existance of a PKI tree and
generate it if it doesn't exist. This is repeated inside the
trustfence-sign-artifact.sh, but it needs to be in both places
because this script must work stand-alone.
The generation of the PKI tree takes some seconds so this commit
adds a lock dir to prevent race conditions when called from
different recipes.
It also removes the fake dependency on virtual/kernel and adds a
dependency on trustfence-cst-native (which is the recipe that
provides the PKI generation tool).
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-8430
(cherry picked from commit 6a8bf7afff)
The stand-alone signing script 'trustfence-sign-artifact.sh' checks
if a valid PKI tree exists (by checking the existance of four SRK
files) and if they don't, it calls trustfence-gen-pki.sh (which is
a wrapper over different generators (for HAB or AHAB) to create one.
Recipes such as 'dualboot' or 'recovery-initramfs' may need to call
openssl functions over the PKI tree. These recipes do not currently
generate the PKI tree; they expect it to be already in place.
This might not be the case if the trustfence-sign-artifact.sh script
has not been called yet.
Originally, a fake dependency on virtual/kernel recipe was made to
force it, but it doesn't quite work since the calling only happens
on deploy() while regular DEPENDS doesn't wait for this task.
If the PKI does not exist, a recipe that requires the PKI tree will
fail.
The solution is to create a function on the trustfence.bbclass that
allows any recipe to check for the existance of a PKI tree and
generate it if it doesn't exist. This is repeated inside the
trustfence-sign-artifact.sh, but it needs to be in both places
because this script must work stand-alone.
The generation of the PKI tree takes some seconds so this commit
adds a lock dir to prevent race conditions when called from
different recipes.
It also removes the fake dependency on virtual/kernel and adds a
dependency on trustfence-cst-native (which is the recipe that
provides the PKI generation tool).
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-8430
This commit modifies the cloud connector configuration to use
'remotemanager.digi.com' URL since it does not use certificates for the
connection.
'edp12.devicecloud.com' only allows connections with certificates.
The certificate is downloaded during the first device connection to DRM and
stored in '/etc/ssl/certs' directory inside the 'rootfs' partition.
Following connections must use this certificate.
After a firmware update 'rootfs' partition is re-programmed (standard boot)
or changed to use the corresponding partition of the other block (dual boot). In
any case the certificate downloaded is not available anymore, so the device is
not able to reconnect.
Currently there is no a 'immutable' partition to store the certificate, that is,
a place where the certificate is not removed during a firmware update and can
be used by the cloud connector (similar to the 'data' partition on a ccmp1)
Related to commit 063a946e7c.
https://onedigi.atlassian.net/browse/DEL-8400
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
By launching in system mode it is possible to play music from a shell using
pulseaudio. With change all platforms and images (with or without graphical
support) have pulseaudio working.
https://onedigi.atlassian.net/browse/DEL-8417
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
True is the default since long time ago, and thus not necessary. This
follows similar changes done in other layers.
Command used:
sed -e 's|\(d\.getVar \?\)( \?\([^,()]*\), \?True)|\1(\2)|g' -i $(git grep -E 'getVar ?\( ?([^,()]*), ?True\)' | cut -d':' -f1 | sort -u)
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Packages bluez5-init, cloudconnector, and connectcore-demo-example-webkit
provide a launcher script that is used regardless of the init system being
systemd or sysvinit. Those launcher scripts use the '/etc/init.d/functions'
file, which is provided by the 'initscripts-functions' runtime package,
so add that runtime dependence.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
On boot, ConnectCore 6UL was failing to start pulse audio since it was trying
to use journalctl as log target when systemd is not included.
Boot error:
Starting Dropbear SSH server: dropbear.
W: [pulseaudio] main.c: This program is not intended to be run as root (unless --system is specified).
E: [pulseaudio] log.c: Invalid log target.
E: [pulseaudio] cmdline.c: Invalid log target: use either 'syslog', 'stderr' or 'auto' or a valid file name 'file:<path>', 'newfile:<path>'.
E: [pulseaudio] main.c: Failed to parse command line.
Starting bluetooth: bluetoothd.
While on it change the 'connectcore-demo-server' priority to be launched after
pulseaudio when not using systemd.
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
Move 'video-examples' and 'webglsamples' recipes outside dynamic-layers/webkit
so platforms without 'webkit' support (such as ConnectCore 6UL) are able to
include and build successfully the complete 'connectcore-demo-example'
Related to 0b9b73afc8
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
This commit separates the original 'connectcore-demo-example' package in 3
packages:
1. 'server' package. It contains the 'demoserver.py' script and its
corresponding systemd service and init script.
This script is required for the local demo and to be used with the
Bluetooth application (during the get started process)
2. 'example' package. It contains the html and required resources (images,
javascript, etc.) to use the demo locally, except for the multimedia
resources.
This package depends (in runtime) on the 'server' package.
3. 'multimedia' package. It contains the multimedia html and required
resources (images, javascript, videos, etc.) to use the multimedia demo
features locally.
This package depends (in runtime) on the 'example' package and also on
'video-examples' and 'webglsamples' packages.
This split allows to select the required demo packages per platform and image
type.
By default, the 'multimedia' package is the one included in the webkit images,
but the 'example' package is the one included in the rest of images.
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
This commit is similar to those required to launch crank applications on top of
weston in ConnectCore MP 15 platform, it must wait for the socket
'/run/user/0/wayland-1' after weston is initialized.
See commits 7de8270beda64236cdd1c46857906315a37dc4fe and
1ec5cc172c.
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
Several fixes to the runtime dependences:
* Use new override syntax with ':'
* There is not "dualboot-init" package only "dualboot"
* Delete dependence on trustfence-tool
While on it, define do_configure and do_compile as noexec, because those
tasks do not need to execute, and remove the wrong PACKAGE_ARCH entry
(as this package is arch/machine agnostic)
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit removes unused platform images to reduce the final size in the
rootfs.
https://onedigi.atlassian.net/browse/DEL-8335
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit removes the on-target post installation function for read-only rootfs,
as it will fail trying to edit files.
https://onedigi.atlassian.net/browse/DEL-8221
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
These are just a verbatim copy of the ccimx8mm ones, so the project is
buildable. This file list should be revisited and adapted for the
ccimx93.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
There is a problem when building the SDK because two binaries
have the same name (update-firmware) and makes the compilation
to fail.
Change the name to update-firmware.recovery and create a wrapper
over the update-firmware to check if the system is not dual boot
to call it.
Rework the code to make it more reliable.
Remove the umount of the alternative linux partition, now it is
not needed because only the active linux partition is mounted now.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
All the dualboot logic will be checked in run time.
To do this:
* Include the altboot.src by default in all the images
* Create a post installation script to change the
firmware_download_path in the cloud connector
* Unify the swupdate file descriptor for dual and single boot
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
This commit modifies the cloud connector configuration to use
'remotemanager.digi.com' URL since it does not use certificates for the
connection.
'edp12.devicecloud.com' only allows connections with certificates.
The certificate is downloaded during the first device connection to DRM and
stored in '/etc/ssl/certs' directory inside the 'rootfs' partition.
Following connections must use this certificate.
After a firmware update 'rootfs' partition is re-programmed (standard boot)
or changed to use the corresponding partition of the other block (dual boot). In
any case the certificate downloaded is not available anymore, so the device is
not able to reconnect.
Currently there is no a 'immutable' partition to store the certificate, that is,
a place where the certificate is not removed during a firmware update and can
be used by the cloud connector (similar to the 'data' partition on a ccmp1)
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
The directory '/etc/ssl/certs' is in the 'rootfs_x' partition for dual boot or
'rootfs' for standard boot. In any case this certificate cannot be used after
updating because it is stored in the other block partition (for dual boot) or
because the whole partition has be re-programmed (for standard boot).
So, after a firmware update the device will not be able to reconnect to DRM
unless the user revokes the certificate.
This commit changes the certificate directory to be '/mnt/data' where 'data'
partition is mounted. This is not erased during a firmware update, so cloud
connector can use the already downloaded certificate and the device is able to
reconnect to DRM.
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
The partition "environment" is not available in the ccmp15.
The solution suggested is read the "/proc/mounts" and check if
the "rootfs" is "ubifs" mounted.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
This commit fixes the following build warning with the swupdate v2022.05:
WARNING: dey-image-qt-swu-1.0-r0 do_swuimage: Syntax for sha256 changed,
please use $swupdate_get_sha256(dey-image-qt-wayland-ccmp15-dvk.boot.ubifs)
WARNING: dey-image-qt-swu-1.0-r0 do_swuimage: Syntax for sha256 changed,
please use $swupdate_get_sha256(dey-image-qt-wayland-ccmp15-dvk.ubifs)
WARNING: dey-image-qt-swu-1.0-r0 do_swuimage: Syntax for sha256 changed,
please use $swupdate_get_sha256(dey-image-qt-wayland-ccmp15-dvk.boot.ubifs)
WARNING: dey-image-qt-swu-1.0-r0 do_swuimage: Syntax for sha256 changed,
please use $swupdate_get_sha256(dey-image-qt-wayland-ccmp15-dvk.ubifs)
WARNING: dey-image-qt-swu-1.0-r0 do_swuimage: Syntax for sha256 changed,
please use $swupdate_get_sha256(dey-image-qt-wayland-ccmp15-dvk.boot.ubifs)
WARNING: dey-image-qt-swu-1.0-r0 do_swuimage: Syntax for sha256 changed,
please use $swupdate_get_sha256(dey-image-qt-wayland-ccmp15-dvk.ubifs)
WARNING: dey-image-qt-swu-1.0-r0 do_swuimage: Syntax for sha256 changed,
please use $swupdate_get_sha256(dey-image-qt-wayland-ccmp15-dvk.boot.ubifs)
WARNING: dey-image-qt-swu-1.0-r0 do_swuimage: Syntax for sha256 changed,
please use $swupdate_get_sha256(dey-image-qt-wayland-ccmp15-dvk.ubifs)
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
According to the Yocto reference manual, we need to specify the package name
override to indicate the package to which the value applies.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Cloud Connector opens USER_BUTTON GPIO as an interrupt to listen for rising and
falling edge events and upload them to Remote Manager as data point values.
Having MCA_IO1 as user button and opened by the Cloud Connector (or any other
software) prevents the device to go to sleep when it is not connected (all
MCA GPIOs are wake-up sources when configured as interrupt)
https://onedigi.atlassian.net/browse/DEL-8155
Signed-off-by: Tatiana Leon <Tatiana.Leon@digi.com>
This commit exports the environment variable XDG_RUNTIME_DIR if does not exists
for services that require sharing a pulseaudio instance.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Now the cloud connector has all the logic to detect if its
running in a dual_boot system, so it is not needed this anymore.
We need to modify on the fly the path to save the image in a
dualboot system.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
Use the same name for both firmware update mechanism.
Add a dependency to only add recovery-utils used by the
non dual-boot firmware update system.
Adding this only one binary/script called update-firmware will
be added.
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
- create dualboot.bbclass that
- sets DUALBOOT_ENABLED variable
- defines partition names and function for changing the sw-description
for swupdate
- move files from layer into meta-digi
https://onedigi.atlassian.net/browse/DEL-7962
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
The new ConnectCore demo functionality makes use of some new Python libraries. Add these libraries
as a dependency in the demo recipe.
Signed-off-by: David Escalona <david.escalona@digi.com>
This commit improves the sysinfo script to skip error on platforms that don't
provide some variables.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The demo now has a "Play music" feature, which requires pulseaudio to be running in the device.
This commit checks if pulseaudio is running before starting the demo, and starts the service in
the case it is not.
Signed-off-by: David Escalona <david.escalona@digi.com>
The latest ConnectCore demo updates introduced support for audio controls that
use the mpg123 library to manage audio on the device. This commit adds a
runtime dependency for that package.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The start/stop script of the service was using "killproc" and "pidofproc" functions from
"/etc/init.d/functions" to find the process PID. These functions rely on "pidof", which does
not work very well with Python scripts. Instead, use "pkill" and "pgrep" which allow to
search the executable in the full command line to retrieve the correct PID with the -f modifier.
Signed-off-by: David Escalona <david.escalona@digi.com>
The library recently added support for Python bindings. This commit
adds support to compile and install these Python bindings using a
new package: 'libdigiapix-python3'.
Signed-off-by: David Escalona <david.escalona@digi.com>
The ConnectCore Demo is launched on startup and starts the web server. Demo can be accessed
by any computer in the LAN by just typing the IP address of the device in the web browser.
Signed-off-by: David Escalona <david.escalona@digi.com>
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Signed-off-by: David Escalona <david.escalona@digi.com>
(cherry picked from commit ccc9211d00dad7be6cb2c2d0cf179a62563e26c6)
Recent improvements in the cloudconnector core added a dependency with the
swupdate library, so this commit adds a build dependency with the
swupdate package.
https://onedigi.atlassian.net/browse/DEL-7903
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
(cherry picked from commit 654ef8686fd3916ae5ad257f72bd41ed2198d958)
This commit fixes the following build warning with the swupdate v2021.11:
WARNING: dey-image-qt-swu-1.0-r0 do_swuimage: Syntax for sha256 changed,
please use $swupdate_get_sha256(dey-image-qt-xxxxxx.boot.ubifs)
WARNING: dey-image-qt-swu-1.0-r0 do_swuimage: Syntax for sha256 changed,
please use $swupdate_get_sha256(dey-image-qt-xxxxxx.ubifs)
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Recent improvements in the cloudconnector core added a dependency with the
libdigiapix library, so this commit adds a build dependency with the
libdigiapix package.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
The common license file GPL-2.0 is now called GPL-2.0-only in poky, so we need
to reflect this name change to avoid errors
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Since commit 11558352 ("swu-images: add "installed-directly" flag to
sw-description") the swu package images are streamed into the target without
any temporary copy to support devices with low memory available, that forces a
different order according with the swupdate documentation because scripts
should packed before the rest. This means that all the pre, post and shell
scripts will be executed after the images will be installed. This behavior
breaks the current support to mount the cryptorootfs node before install an
encrypted rootfs.
This commit moves the shell script to mount the cryptorootfs node to the
recovery initramfs and modifies the swupdate command line to call the shell
script before the images installation.
https://onedigi.atlassian.net/browse/CC8X-320
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
swupdate has the necessary logic to handle compressed images, so take advantage
of this to save space and reduce update package transfer times.
https://onedigi.atlassian.net/browse/DEL-7582
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Tatiana Leon
Isaac Hermida
David Escalona
Hector Palacios
Javier Viguera
Francisco Gil
Arturo Buzarra
Mike Engel
Gabriel Valcazar
Gonzalo Ruiz