openclaw/tqma6-yocto-mirror
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Complete Yocto mirror with license table for TQMa6UL (2038-compliance)

Browse Source 
- 264 license table entries with exact download URLs (224/264 resolved)
- Complete sources/ directory with all BitBake recipes
- Build configuration: tqma6ul-multi-mba6ulx, spaetzle (musl)
- Full traceability for Softwarefreigabeantrag
- GCC 13.4.0, Linux 6.6.102, U-Boot 2023.04, musl 1.2.4
- License distribution: GPL-2.0 (24), MIT (23), GPL-2.0+ (18), BSD-3 (16)
This commit is contained in:
Siggi (OpenClaw Agent)
2026-03-01 20:58:18 +00:00
commit 16accb6b24
15086 changed files with 1292356 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

81
sources/meta-rauc/.github/workflows/build.yml vendored Normal file
View File

@@ -0,0 +1,81 @@
name: build
on:
push: {}
pull_request: {}
# allow rebuilding without a push
workflow_dispatch: {}
jobs:
build:
name: meta-rauc Build
# run on self-hosted runner for the main repo or if vars.BUILD_RUNS_ON is set
runs-on: >-
${{
(vars.BUILD_RUNS_ON != '' && fromJSON(vars.BUILD_RUNS_ON)) ||
(github.repository == 'rauc/meta-rauc' && fromJSON('["self-hosted", "forrest", "build"]')) ||
'ubuntu-20.04'
}}
# abort if it seems that we're rebuilding too much
timeout-minutes: 120
steps:
- name: Install required packages
run: |
sudo apt-get -q -y --no-install-recommends install diffstat
- name: Checkout
uses: actions/checkout@v4
with:
path: meta-rauc
- name: Clone poky
run: git clone --shared --reference-if-able /srv/shared-git/poky.git -b scarthgap https://github.com/yoctoproject/poky.git
- name: Clone meta-openembedded
run: git clone --shared --reference-if-able /srv/shared-git/meta-openembedded.git -b scarthgap https://github.com/openembedded/meta-openembedded.git
- name: Initialize build directory
run: |
source poky/oe-init-build-env build
bitbake-layers add-layer ../meta-rauc
if [ -f ~/.yocto/auto.conf ]; then
cp ~/.yocto/auto.conf conf/
else
echo 'SSTATE_MIRRORS = "file://.* https://github-runner.pengutronix.de/sstate-cache/PATH"' >> conf/auto.conf
echo 'BB_SIGNATURE_HANDLER = "OEBasicHash"' >> conf/auto.conf
echo 'BB_HASHSERVE = ""' >> conf/auto.conf
echo 'OPKGBUILDCMD = "opkg-build -Z gzip -a -1n"' >> conf/auto.conf
echo 'INHERIT += "rm_work"' >> conf/auto.conf
fi
echo 'DISTRO_FEATURES:remove = "alsa bluetooth usbgadget usbhost wifi nfs zeroconf pci 3g nfc x11 opengl ptest wayland vulkan"' >> conf/local.conf
- name: Build rauc, rauc-native
run: |
source poky/oe-init-build-env build
bitbake rauc rauc-native
- name: Build rauc-hawkbit-updater
run: |
source poky/oe-init-build-env build
bitbake rauc-hawkbit-updater
- name: Build dt-utils
run: |
source poky/oe-init-build-env build
bitbake dt-utils
- name: Build casync, casync-native
run: |
source poky/oe-init-build-env build
bitbake-layers add-layer ../meta-openembedded/meta-oe
bitbake-layers add-layer ../meta-openembedded/meta-python
bitbake-layers add-layer ../meta-openembedded/meta-networking
bitbake-layers add-layer ../meta-openembedded/meta-filesystems
bitbake casync casync-native
- name: Build rauc-hawkbit
run: |
source poky/oe-init-build-env build
bitbake-layers add-layer ../meta-openembedded/meta-python
bitbake rauc-hawkbit
- name: Cache Data
env:
CACHE_KEY: ${{ secrets.YOCTO_CACHE_KEY }}
if: ${{ env.CACHE_KEY }}
run: |
mkdir -p ~/.ssh
echo "$CACHE_KEY" >> ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
rsync -rvx --ignore-existing build/downloads yocto-cache: || true
rsync -rvx --ignore-existing build/sstate-cache yocto-cache: || true

17
sources/meta-rauc/COPYING.MIT Normal file
View File

@@ -0,0 +1,17 @@
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.

41
sources/meta-rauc/DCO Normal file
View File

@@ -0,0 +1,41 @@
Developer's Certificate of Origin
---------------------------------
meta-rauc uses the `Developer's Certificate of Origin 1.1
<https://developercertificate.org/>`_ with the same `process
<https://www.kernel.org/doc/html/latest/process/submitting-patches.html#sign-your-work-the-developer-s-certificate-of-origin>`_
as used for the Linux kernel:
Developer's Certificate of Origin 1.1
By making a contribution to this project, I certify that:
(a) The contribution was created in whole or in part by me and I
have the right to submit it under the open source license
indicated in the file; or
(b) The contribution is based upon previous work that, to the best
of my knowledge, is covered under an appropriate open source
license and I have the right under that license to submit that
work with modifications, whether created in whole or in part
by me, under the same open source license (unless I am
permitted to submit under a different license), as indicated
in the file; or
(c) The contribution was provided directly to me by some other
person who certified (a), (b) or (c) and I have not modified
it.
(d) I understand and agree that this project and the contribution
are public and that a record of the contribution (including all
personal information I submit with it, including my sign-off) is
maintained indefinitely and may be redistributed consistent with
this project or the open source license(s) involved.
then you just add a line saying:
Signed-off-by: Random J Developer <random@developer.example.org>
using a known identity (sorry, no anonymous contributions.)
This will be done for you automatically if you use git commit -s.
Reverts should also include "Signed-off-by". git revert -s does that for you.

227
sources/meta-rauc/README.rst Normal file
View File

@@ -0,0 +1,227 @@
|MIT| |gh_action| |Matrix|
The meta-rauc layer provides support for integrating the RAUC update tool
into your device.
Please see the corresponding sections below for more information.
For a detailed description on steps necessary to integrate RAUC into your
project, refer https://rauc.readthedocs.io/en/latest/integration.html.
Dependencies
============
This layer depends on::
URI: https://github.com/openembedded/bitbake.git
branch: master
URI: https://github.com/openembedded/openembedded-core.git
layers: meta
branch: master
For rauc-hawkbit client::
URI: https://github.com/openembedded/meta-openembedded.git
layers: meta-python
branch: master
For fuse-support in casync (the default)::
URI: https://github.com/openembedded/meta-openembedded.git
layers: meta-filesystems
branch: master
Patches
=======
Please submit patches via GitHub pull request on https://github.com/rauc/meta-rauc
Maintainer: Enrico Joerns <ejo@pengutronix.de>
Migration Notes
===============
Since **scarthgap**, the platform configuration (system.conf, keyring, etc.) was
moved to a separate ``rauc-conf.bb`` recipe to allow building the rauc package
with ``TUNE_PKGARCH`` and have a clearer separation between the binary and the
configuration.
Thus when updating to scarthgap or newer, make sure to move all
configuration-specific adaptions from your ``rauc_%.bbappend`` to a
``rauc-conf.bbappend`` file.
I. Adding the rauc Layer to Your Build
======================================
In order to use this layer, you need to make the build system aware of
it.
Assuming the rauc layer exists at the top-level of your
yocto build tree, you can add it to the build system by adding the
location of the rauc layer to bblayers.conf, along with any
other layers needed. e.g.::
BBLAYERS ?= " \
/path/to/yocto/meta \
/path/to/yocto/meta-poky \
/path/to/yocto/meta-yocto-bsp \
/path/to/yocto/meta-rauc \
"
II. Building and Using RAUC Host Tool
=====================================
If you intend to build and use RAUC as a host tool from your BSP, e.g. for
calling ``rauc info`` on your built bundle, simply run::
bitbake rauc-native -caddto_recipe_sysroot
oe-run-native rauc-native rauc info --keyring=/path/to/keyring.pem tmp/deploy/images/<machine>/<bundle-name>.raucb
If you need to execute the ``casync`` host tool manually, you can do this by running::
bitbake casync-native -caddto_recipe_sysroot
oe-run-native casync-native casync --help
III. Adding the RAUC Update Service to Your Device
==================================================
To prepare your device for using RAUC as its update handler,
you have to follow at least the following steps:
1. Add `rauc` to `DISTRO_FEATURES` in your distro (or local) config::
DISTRO_FEATURES += "rauc"
2. Add a ``rauc-conf.bbappend`` in your device-specific (BSP) layer
that installs your RAUC system configuration file under
``/etc/rauc/system.conf``. For information on how to write the RAUC
update file, please refer to the RAUC user documentation [1]_::
FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
3. Create a bundle recipe for your device by adding a recipe
that inherits the `bundle` class and adds all desired
configuration::
inherit bundle
RAUC_BUNDLE_SLOTS = "rootfs"
RAUC_SLOT_rootfs = "my-rootfs-recipe"
RAUC_KEY_FILE = "path/to/development-1.key.pem"
RAUC_CERT_FILE = "path/to/development-1.cert.pem"
For information on how to generate and use the key and certificate files,
please refer to the RAUC user documentation [1]_.
For a more detailed explanation on the required and available variables,
read the notes in the bundle.bbclass file.
4. Build a bundle and the rootfs for your device::
bitbake my-bundle-recipe
Note: If you do not use packagegroup-base, you als need to manually add
the `rauc` package to your systems image recipe::
IMAGE_INSTALL:append = " rauc"
IV. Building The RAUC hawkBit Clients
=====================================
This layer offers support for two clients that interface between RAUC and the
hawkBit deployment server:
* rauc-hawkbit (python implementation)
* rauc-hawkbit-updater (C implementation)
To use ``rauc-hawkbit`` as a standalone service add to your systems image
recipe::
IMAGE_INSTALL:append = " rauc-hawkbit-service"
To use it as a python library in your demo application instead, simply add to
your recipe::
DEPENDS += "rauc-hawkbit"
To use ``rauc-hawkbit-updater`` in your system add to your image recipe::
IMAGE_INSTALL:append = " rauc-hawkbit-updater"
V. Configure Custom Kernel
==========================
In order to use RAUC on your system, the kernel must support SquashFS and loop
mounts. For the standard yocto kernel, the meta-rauc layer provides a kernel
configuration fragment that enables the config options required for this.
If you build your own kernel with a full custom ``defconfig`` file, you have to
make sure that the options in ``recipes-kernel/linux/linux-yocto/rauc.cfg`` are
enabled in your configuration, too.
VI. Build RAUC Development Version
==================================
Beside the standard release version recipes, the _git variants of RAUC recipes
allow to build RAUC from a master branch revision that is newer than the latest
release.
This is especially useful for early testing and adaption to upcoming features
in RAUC.
By default, the _git recipes are disabled. To enable them, you can set::
RAUC_USE_DEVEL_VERSION = "1"
in your local.conf. Note that this has the same effect as setting
``DEFAULT_PREFERENCE = "1"`` for each recipe (target/native/nativesdk)
individually.
VII. Contributing
=================
To report bugs, file a new `issue <https://github.com/rauc/meta-rauc/issues>`_
on GitHub.
For fixing bugs, bumping recipes or adding new features, open a `pull request
<https://github.com/rauc/meta-rauc/pulls>`_ on GitHub.
Add a ``Signed-off-by`` line to your commits according to the
`Developers Certificate of Origin
<https://github.com/rauc/meta-rauc/blob/master/DCO>`_.
Backporting
-----------
For backporting changes to a stable or LTS branch, two options exist:
a) drop a backport request in the original pull request
b) backport on your own and create a new pull request
When doing backports on your own, make sure to include a cherry-pick note and
the original commit-ish in a line below the original Signed-off-by and add your
own Signed-off-by below.
When using git, this can be done automatically with::
git cherry-pick -xs <commit-ish>
Note that backports will be acccepted for actively maintained `poky releases
<https://wiki.yoctoproject.org/wiki/Releases>`_ only!
VIII. References
================
.. [1] http://rauc.readthedocs.io/en/latest/
.. |MIT| image:: https://img.shields.io/badge/license-MIT-blue.svg
:target: https://raw.githubusercontent.com/rauc/meta-rauc/master/COPYING.MIT
.. |gh_action| image:: https://github.com/rauc/meta-rauc/workflows/meta-rauc%20CI/badge.svg
:target: https://github.com/rauc/meta-rauc/actions?query=workflow%3A%22meta-rauc+CI%22
.. |Matrix| image:: https://img.shields.io/matrix/rauc:matrix.org?label=matrix%20chat
:target: https://app.element.io/#/room/#rauc:matrix.org

11
sources/meta-rauc/classes-global/sanity-meta-rauc.bbclass Normal file
View File

@@ -0,0 +1,11 @@
addhandler rauc_bbappend_distrocheck
rauc_bbappend_distrocheck[eventmask] = "bb.event.SanityCheck"
python rauc_bbappend_distrocheck() {
skip_check = e.data.getVar('SKIP_META_RAUC_FEATURE_CHECK') == "1"
if 'rauc' not in e.data.getVar('DISTRO_FEATURES').split() and not skip_check:
bb.warn("You have included the meta-rauc layer, but \
'rauc' has not been enabled in your DISTRO_FEATURES. \
See the meta-rauc README.rst for details on enabling RAUC support for your \
platform.")
}

471
sources/meta-rauc/classes-recipe/bundle.bbclass Normal file
View File

@@ -0,0 +1,471 @@
# Class for creating rauc bundles
#
# Description:
#
# You have to set the slot images in your recipe file following this example:
#
# RAUC_BUNDLE_COMPATIBLE ?= "My Super Product"
# RAUC_BUNDLE_VERSION ?= "v2015-06-07-1"
#
# SRC_URI += "file://hook.sh"
#
# RAUC_BUNDLE_HOOKS[file] ?= "hook.sh"
# RAUC_BUNDLE_HOOKS[hooks] ?= "install-check"
#
# RAUC_BUNDLE_SLOTS ?= "rootfs kernel dtb bootloader"
#
# RAUC_SLOT_rootfs ?= "core-image-minimal"
# RAUC_SLOT_rootfs[fstype] = "ext4"
# RAUC_SLOT_rootfs[hooks] ?= "pre-install;post-install"
# RAUC_SLOT_rootfs[adaptive] ?= "block-hash-index"
#
# RAUC_SLOT_kernel ?= "linux-yocto"
# RAUC_SLOT_kernel[type] ?= "kernel"
#
# RAUC_SLOT_bootloader ?= "barebox"
# RAUC_SLOT_bootloader[type] ?= "boot"
# RAUC_SLOT_bootloader[file] ?= "barebox.img"
#
# RAUC_SLOT_dtb ?= linux-yocto
# RAUC_SLOT_dtb[type] ?= "file"
# RAUC_SLOT_dtb[file] ?= "${MACHINE}.dtb"
#
# To use a different image name, e.g. for variants
# RAUC_SLOT_dtb ?= linux-yocto
# RAUC_SLOT_dtb[name] ?= "dtb.my,compatible"
# RAUC_SLOT_dtb[type] ?= "file"
# RAUC_SLOT_dtb[file] ?= "${MACHINE}-variant1.dtb"
#
# To override the file name used in the bundle use 'rename'
# RAUC_SLOT_rootfs ?= "core-image-minimal"
# RAUC_SLOT_rootfs[rename] ?= "rootfs.ext4"
#
# To prepend an offset to a bootloader image, set the following parameter in bytes.
# Optionally you can use units allowed by 'dd' e.g. 'K','kB','MB'.
# If the offset is negative, bytes will not be added, but removed.
# RAUC_SLOT_bootloader[offset] ?= "0"
#
# Enable building verity format bundles with
#
# RAUC_BUNDLE_FORMAT = "verity"
#
# To add additional files to the bundle you can use RAUC_BUNDLE_EXTRA_FILES
# and RAUC_BUNDLE_EXTRA_DEPENDS.
# For files from the WORKDIR (fetched using SRC_URI) you can write:
#
# SRC_URI += "file://myfile"
# RAUC_BUNDLE_EXTRA_FILES += "myfile"
#
# For files from the DEPLOY_DIR_IMAGE (generated by another recipe) you can write:
#
# RAUC_BUNDLE_EXTRA_DEPENDS += "myfile-recipe-pn"
# RAUC_BUNDLE_EXTRA_FILES += "myfile.img"
#
# Extra arguments may be passed to the bundle command with BUNDLE_ARGS eg:
# BUNDLE_ARGS += ' --mksquashfs-args="-comp zstd -Xcompression-level 22" '
#
# Likewise, extra arguments can be passed to the convert command with
# CONVERT_ARGS.
#
# Additionally you need to provide a certificate and a key file
#
# RAUC_KEY_FILE ?= "development-1.key.pem"
# RAUC_CERT_FILE ?= "development-1.cert.pem"
#
# For bundle signature verification a keyring file must be provided
#
# RAUC_KEYRING_FILE ?= "ca.cert.pem"
#
# Enable building casync bundles with
#
# RAUC_CASYNC_BUNDLE = "1"
#
# To define custom manifest 'meta' sections, you may use
# 'RAUC_META_SECTIONS' as follows:
#
# RAUC_META_SECTIONS = "mydata foo"
#
# RAUC_META_mydata[release-type] = "beta"
# RAUC_META_mydata[release-notes] = "a few notes here"
#
# RAUC_META_foo[bar] = "baz"
#
# Adding any sort of additional lines to the manifest can be done with the
# RAUC_MANIFEST_EXTRA_LINES variable (using '\n' to indicate newlines):
#
# RAUC_MANIFEST_EXTRA_LINES = "[section]\nkey=value\n"
LICENSE ?= "MIT"
PACKAGE_ARCH = "${MACHINE_ARCH}"
inherit nopackages
PACKAGES = ""
INHIBIT_DEFAULT_DEPS = "1"
# [""] is added to avoid "list index out of range" error with empty IMAGE_FSTYPES
RAUC_IMAGE_FSTYPE ??= "${@(d.getVar('IMAGE_FSTYPES').split() + [""])[0]}"
RAUC_IMAGE_FSTYPE[doc] = "Specifies the default file name extension to expect for collecting images. Defaults to first element set in IMAGE_FSTYPES."
do_fetch[cleandirs] = "${S}"
do_patch[noexec] = "1"
do_compile[noexec] = "1"
do_install[noexec] = "1"
deltask do_populate_sysroot
RAUC_BUNDLE_COMPATIBLE ??= "${MACHINE}-${TARGET_VENDOR}"
RAUC_BUNDLE_VERSION ??= "${PV}"
RAUC_BUNDLE_DESCRIPTION ??= "${SUMMARY}"
RAUC_BUNDLE_BUILD ??= "${DATETIME}"
RAUC_BUNDLE_BUILD[vardepsexclude] = "DATETIME"
RAUC_BUNDLE_COMPATIBLE[doc] = "Specifies the mandatory bundle compatible string. See RAUC documentation for more details."
RAUC_BUNDLE_VERSION[doc] = "Specifies the bundle version string. See RAUC documentation for more details."
RAUC_BUNDLE_DESCRIPTION[doc] = "Specifies the bundle description string. See RAUC documentation for more details."
RAUC_BUNDLE_BUILD[doc] = "Specifies the bundle build stamp. See RAUC documentation for more details."
RAUC_BUNDLE_SLOTS[doc] = "Space-separated list of slot classes to include in bundle (manifest)"
RAUC_BUNDLE_HOOKS[doc] = "Allows to specify an additional hook executable and bundle hooks (via varflags '[file'] and ['hooks'])"
RAUC_BUNDLE_EXTRA_FILES[doc] = "Specifies list of additional files to add to bundle. Files must either be located in WORKDIR (added by SRC_URI) or DEPLOY_DIR_IMAGE (assured by RAUC_BUNDLE_EXTRA_DEPENDS)"
RAUC_BUNDLE_EXTRA_DEPENDS[doc] = "Specifies list of recipes that create files in DEPLOY_DIR_IMAGE. For recipes not depending on do_deploy task also <recipename>:do_<taskname> notation is supported"
RAUC_CASYNC_BUNDLE ??= "0"
RAUC_BUNDLE_FORMAT ??= ""
RAUC_BUNDLE_FORMAT[doc] = "Specifies the bundle format to be used (plain/verity)."
RAUC_VARFLAGS_SLOTS = "name type fstype file hooks adaptive rename offset depends"
RAUC_VARFLAGS_HOOKS = "file hooks"
# Create dependency list from images
python __anonymous() {
d.appendVarFlag('do_unpack', 'vardeps', ' RAUC_BUNDLE_HOOKS')
for slot in (d.getVar('RAUC_BUNDLE_SLOTS') or "").split():
slot_varflags = d.getVar('RAUC_VARFLAGS_SLOTS').split()
slotflags = d.getVarFlags('RAUC_SLOT_%s' % slot, expand=slot_varflags) or {}
imgtype = slotflags.get('type')
if not imgtype:
bb.debug(1, "No [type] given for slot '%s', defaulting to 'image'" % slot)
imgtype = 'image'
image = d.getVar('RAUC_SLOT_%s' % slot)
if not image:
bb.error("No image set for slot '%s'. Specify via 'RAUC_SLOT_%s = \"<recipe-name>\"'" % (slot, slot))
return
d.appendVarFlag('do_unpack', 'vardeps', ' RAUC_SLOT_%s' % slot)
depends = slotflags.get('depends')
if depends:
d.appendVarFlag('do_unpack', 'depends', ' ' + depends)
continue
if imgtype == 'image':
d.appendVarFlag('do_unpack', 'depends', ' ' + image + ':do_image_complete')
d.appendVarFlag('do_rm_work_all', 'depends', ' ' + image + ':do_rm_work_all')
else:
d.appendVarFlag('do_unpack', 'depends', ' ' + image + ':do_deploy')
for image in (d.getVar('RAUC_BUNDLE_EXTRA_DEPENDS') or "").split():
imagewithdep = image.split(':')
deptask = imagewithdep[1] if len(imagewithdep) > 1 else 'do_deploy'
d.appendVarFlag('do_unpack', 'depends', ' %s:%s' % (imagewithdep[0], deptask))
bb.note('adding extra dependency %s:%s' % (imagewithdep[0], deptask))
}
S = "${WORKDIR}"
B = "${WORKDIR}/build"
BUNDLE_DIR = "${S}/bundle"
RAUC_KEY_FILE ??= ""
RAUC_KEY_FILE[doc] = "Specifies the path to the RAUC key file used for signing. Use COREBASE to reference files located in any shared BSP folder."
RAUC_CERT_FILE ??= ""
RAUC_CERT_FILE[doc] = "Specifies the path to the RAUC cert file used for signing. Use COREBASE to reference files located in any shared BSP folder."
RAUC_KEYRING_FILE ??= ""
RAUC_KEYRING_FILE[doc] = "Specifies the path to the RAUC keyring file used for bundle signature verification. Use COREBASE to reference files located in any shared BSP folder."
BUNDLE_ARGS ??= ""
BUNDLE_ARGS[doc] = "Specifies any extra arguments to pass to the rauc bundle command."
CONVERT_ARGS ??= ""
CONVERT_ARGS[doc] = "Specifies any extra arguments to pass to the rauc convert command."
DEPENDS = "rauc-native squashfs-tools-native"
DEPENDS += "${@bb.utils.contains('RAUC_CASYNC_BUNDLE', '1', 'virtual/fakeroot-native casync-native', '', d)}"
inherit image-artifact-names
def write_manifest(d):
import shutil
import subprocess
from pathlib import PurePath
machine = d.getVar('MACHINE')
bundle_path = d.expand("${BUNDLE_DIR}")
bb.utils.mkdirhier(bundle_path)
try:
manifest = open('%s/manifest.raucm' % bundle_path, 'w')
except OSError:
bb.fatal('Unable to open manifest.raucm')
manifest.write('[update]\n')
manifest.write(d.expand('compatible=${RAUC_BUNDLE_COMPATIBLE}\n'))
manifest.write(d.expand('version=${RAUC_BUNDLE_VERSION}\n'))
manifest.write(d.expand('description=${RAUC_BUNDLE_DESCRIPTION}\n'))
manifest.write(d.expand('build=${RAUC_BUNDLE_BUILD}\n'))
manifest.write('\n')
bundle_format = d.getVar('RAUC_BUNDLE_FORMAT')
if not bundle_format:
bb.warn('No RAUC_BUNDLE_FORMAT set. This will default to using legacy \'plain\' format.'
'\nIf you are unsure, set RAUC_BUNDLE_FORMAT = "verity" for new projects.'
'\nRefer to https://rauc.readthedocs.io/en/latest/reference.html#sec-ref-formats for more information about RAUC bundle formats.')
elif bundle_format != "plain":
manifest.write('[bundle]\n')
manifest.write(d.expand('format=${RAUC_BUNDLE_FORMAT}\n'))
manifest.write('\n')
hooks_varflags = d.getVar('RAUC_VARFLAGS_HOOKS').split()
hooksflags = d.getVarFlags('RAUC_BUNDLE_HOOKS', expand=hooks_varflags) or {}
have_hookfile = False
if 'file' in hooksflags:
have_hookfile = True
manifest.write('[hooks]\n')
manifest.write("filename=%s\n" % hooksflags.get('file'))
if 'hooks' in hooksflags:
manifest.write("hooks=%s\n" % hooksflags.get('hooks'))
manifest.write('\n')
elif 'hooks' in hooksflags:
bb.warn("Suspicious use of RAUC_BUNDLE_HOOKS[hooks] without RAUC_BUNDLE_HOOKS[file]")
for slot in (d.getVar('RAUC_BUNDLE_SLOTS') or "").split():
slot_varflags = d.getVar('RAUC_VARFLAGS_SLOTS').split()
slotflags = d.getVarFlags('RAUC_SLOT_%s' % slot, expand=slot_varflags) or {}
slotname = slotflags.get('name', slot)
manifest.write('[image.%s]\n' % slotname)
imgtype = slotflags.get('type', 'image')
img_fstype = slotflags.get('fstype', d.getVar('RAUC_IMAGE_FSTYPE'))
if imgtype == 'image':
fallback = "%s%s%s.%s" % (d.getVar('RAUC_SLOT_%s' % slot), d.getVar('IMAGE_MACHINE_SUFFIX'), d.getVar('IMAGE_NAME_SUFFIX'), img_fstype)
imgname = imgsource = slotflags.get('file', fallback)
elif imgtype == 'kernel':
# TODO: Add image type support
fallback = "%s-%s.bin" % ("zImage", machine)
imgsource = slotflags.get('file', fallback)
imgname = "%s.%s" % (imgsource, "img")
elif imgtype == 'boot':
imgname = imgsource = slotflags.get('file', 'barebox.img')
elif imgtype == 'file':
imgsource = slotflags.get('file')
if not imgsource:
bb.fatal('Unknown file for slot: %s' % slot)
imgname = "%s.%s" % (imgsource, "img")
else:
bb.fatal('Unknown image type: %s' % imgtype)
imgname = slotflags.get('rename', imgname)
if 'offset' in slotflags:
padding = 'seek'
imgoffset = slotflags.get('offset')
if imgoffset:
sign, magnitude = imgoffset[:1], imgoffset[1:]
if sign == '+':
padding = 'seek'
imgoffset = magnitude
elif sign == '-':
padding = 'skip'
imgoffset = magnitude
if imgoffset == '':
imgoffset = '0'
# Keep only the image name in case the image is in a $DEPLOY_DIR_IMAGE subdirectory
imgname = PurePath(imgname).name
manifest.write("filename=%s\n" % imgname)
if 'hooks' in slotflags:
if not have_hookfile:
bb.warn("A hook is defined for slot %s, but RAUC_BUNDLE_HOOKS[file] is not defined" % slot)
manifest.write("hooks=%s\n" % slotflags.get('hooks'))
if 'adaptive' in slotflags:
manifest.write("adaptive=%s\n" % slotflags.get('adaptive'))
manifest.write("\n")
bundle_imgpath = "%s/%s" % (bundle_path, imgname)
bb.note("adding image to bundle dir: '%s'" % imgname)
searchpath = d.expand("${DEPLOY_DIR_IMAGE}/%s") % imgsource
if os.path.isfile(searchpath):
if imgtype == 'boot' and 'offset' in slotflags and imgoffset != '0':
subprocess.call(['dd', 'if=%s' % searchpath,
'of=%s' % bundle_imgpath,
'iflag=skip_bytes', 'oflag=seek_bytes',
'%s=%s' % (padding, imgoffset)])
else:
shutil.copy(searchpath, bundle_imgpath)
else:
searchpath = d.expand("${WORKDIR}/%s") % imgsource
if os.path.isfile(searchpath):
shutil.copy(searchpath, bundle_imgpath)
else:
raise bb.fatal('Failed to find source %s' % imgsource)
if not os.path.exists(bundle_imgpath):
raise bb.fatal("Failed adding image '%s' to bundle: not present in DEPLOY_DIR_IMAGE or WORKDIR" % imgsource)
for meta_section in (d.getVar('RAUC_META_SECTIONS') or "").split():
manifest.write("[meta.%s]\n" % meta_section)
for meta_key in d.getVarFlags('RAUC_META_%s' % meta_section):
meta_value = d.getVarFlag('RAUC_META_%s' % meta_section, meta_key)
manifest.write("%s=%s\n" % (meta_key, meta_value))
manifest.write("\n");
manifest.write((d.getVar('RAUC_MANIFEST_EXTRA_LINES') or "").replace(r'\n', '\n'))
manifest.close()
def try_searchpath(file, d):
searchpath = d.expand("${DEPLOY_DIR_IMAGE}/%s") % file
if os.path.isfile(searchpath):
bb.note("adding extra file from deploy dir to bundle dir: '%s'" % file)
return searchpath
elif os.path.isdir(searchpath):
bb.note("adding extra directory from deploy dir to bundle dir: '%s'" % file)
return searchpath
searchpath = d.expand("${WORKDIR}/%s") % file
if os.path.isfile(searchpath):
bb.note("adding extra file from workdir to bundle dir: '%s'" % file)
return searchpath
elif os.path.isdir(searchpath):
bb.note("adding extra directory from workdir to bundle dir: '%s'" % file)
return searchpath
return None
python do_configure() {
import shutil
import os
import stat
import subprocess
write_manifest(d)
hooks_varflags = d.getVar('RAUC_VARFLAGS_HOOKS').split()
hooksflags = d.getVarFlags('RAUC_BUNDLE_HOOKS', expand=hooks_varflags) or {}
if 'file' in hooksflags:
hf = hooksflags.get('file')
if not os.path.exists(d.expand("${WORKDIR}/%s" % hf)):
bb.error("hook file '%s' does not exist in WORKDIR" % hf)
return
dsthook = d.expand("${BUNDLE_DIR}/%s" % hf)
bb.note("adding hook file to bundle dir: '%s'" % hf)
shutil.copy(d.expand("${WORKDIR}/%s" % hf), dsthook)
st = os.stat(dsthook)
os.chmod(dsthook, st.st_mode | stat.S_IEXEC)
for file in (d.getVar('RAUC_BUNDLE_EXTRA_FILES') or "").split():
bundledir = d.getVar('BUNDLE_DIR')
destpath = d.expand("${BUNDLE_DIR}/%s") % file
searchpath = try_searchpath(file, d)
if not searchpath:
bb.error("extra file '%s' neither found in workdir nor in deploy dir!" % file)
destdir = '.'
# strip leading and trailing slashes to prevent installting into wrong location
file = file.rstrip('/').lstrip('/')
if file.find("/") != -1:
destdir = file.rsplit("/", 1)[0] + '/'
bb.utils.mkdirhier("%s/%s" % (bundledir, destdir))
bb.note("Unpacking %s to %s/" % (file, bundledir))
ret = subprocess.call('cp -fpPRH "%s" "%s"' % (searchpath, destdir), shell=True, cwd=bundledir)
}
do_configure[cleandirs] = "${BUNDLE_DIR}"
BUNDLE_BASENAME ??= "${PN}"
BUNDLE_BASENAME[doc] = "Specifies desired output base name of generated RAUC bundle."
BUNDLE_NAME ??= "${BUNDLE_BASENAME}-${MACHINE}-${DATETIME}"
BUNDLE_NAME[doc] = "Specifies desired full output name of generated RAUC bundle."
# Don't include the DATETIME variable in the sstate package sigantures
BUNDLE_NAME[vardepsexclude] = "DATETIME"
BUNDLE_LINK_NAME ??= "${BUNDLE_BASENAME}-${MACHINE}"
BUNDLE_EXTENSION ??= ".raucb"
BUNDLE_EXTENSION[doc] = "Specifies desired custom filename extension of generated RAUC bundle."
CASYNC_BUNDLE_BASENAME ??= "casync-${BUNDLE_BASENAME}"
CASYNC_BUNDLE_BASENAME[doc] = "Specifies desired output base name of generated RAUC casync bundle."
CASYNC_BUNDLE_NAME ??= "${CASYNC_BUNDLE_BASENAME}-${MACHINE}-${DATETIME}"
CASYNC_BUNDLE_NAME[doc] = "Specifies desired full output name of generated RAUC casync bundle."
# Don't include the DATETIME variable in the sstate package sigantures
CASYNC_BUNDLE_NAME[vardepsexclude] = "DATETIME"
CASYNC_BUNDLE_LINK_NAME ??= "${CASYNC_BUNDLE_BASENAME}-${MACHINE}"
CASYNC_BUNDLE_EXTENSION ??= "${BUNDLE_EXTENSION}"
CASYNC_BUNDLE_EXTENSION[doc] = "Specifies desired custom filename extension of generated RAUC casync bundle."
do_bundle() {
if [ -z "${RAUC_KEY_FILE}" ]; then
bbfatal "'RAUC_KEY_FILE' not set. Please set to a valid key file location."
fi
if [ -z "${RAUC_CERT_FILE}" ]; then
bbfatal "'RAUC_CERT_FILE' not set. Please set to a valid certificate file location."
fi
${STAGING_BINDIR_NATIVE}/rauc bundle \
--debug \
--cert="${RAUC_CERT_FILE}" \
--key="${RAUC_KEY_FILE}" \
${BUNDLE_ARGS} \
${BUNDLE_DIR} \
${B}/bundle.raucb
if [ ${RAUC_CASYNC_BUNDLE} -eq 1 ]; then
if [ -z "${RAUC_KEYRING_FILE}" ]; then
bbfatal "'RAUC_KEYRING_FILE' not set. Please set a valid keyring file location."
fi
# There is no package providing a binary named "fakeroot" but instead a
# replacement named "pseudo". But casync requires fakeroot to be
# installed, thus make a symlink.
if ! [ -x "$(command -v fakeroot)" ]; then
ln -sf ${STAGING_BINDIR_NATIVE}/pseudo ${STAGING_BINDIR_NATIVE}/fakeroot
fi
PSEUDO_PREFIX=${STAGING_DIR_NATIVE}/${prefix_native} PSEUDO_DISABLED=0 ${STAGING_BINDIR_NATIVE}/rauc convert \
--debug \
--trust-environment \
--cert=${RAUC_CERT_FILE} \
--key=${RAUC_KEY_FILE} \
--keyring=${RAUC_KEYRING_FILE} \
${CONVERT_ARGS} \
${B}/bundle.raucb \
${B}/casync-bundle.raucb
fi
}
do_bundle[dirs] = "${B}"
do_bundle[cleandirs] = "${B}"
do_bundle[file-checksums] += "${RAUC_CERT_FILE}:False ${RAUC_KEY_FILE}:False"
addtask bundle after do_configure
inherit deploy
SSTATE_SKIP_CREATION:task-deploy = '1'
do_deploy() {
install -d ${DEPLOYDIR}
install -m 0644 ${B}/bundle.raucb ${DEPLOYDIR}/${BUNDLE_NAME}${BUNDLE_EXTENSION}
ln -sf ${BUNDLE_NAME}${BUNDLE_EXTENSION} ${DEPLOYDIR}/${BUNDLE_LINK_NAME}${BUNDLE_EXTENSION}
if [ ${RAUC_CASYNC_BUNDLE} -eq 1 ]; then
install -m 0644 ${B}/casync-bundle.raucb ${DEPLOYDIR}/${CASYNC_BUNDLE_NAME}${CASYNC_BUNDLE_EXTENSION}
cp -r ${B}/casync-bundle.castr ${DEPLOYDIR}/${CASYNC_BUNDLE_NAME}.castr
ln -sf ${CASYNC_BUNDLE_NAME}${CASYNC_BUNDLE_EXTENSION} ${DEPLOYDIR}/${CASYNC_BUNDLE_LINK_NAME}${CASYNC_BUNDLE_EXTENSION}
ln -sf ${CASYNC_BUNDLE_NAME}.castr ${DEPLOYDIR}/${CASYNC_BUNDLE_LINK_NAME}.castr
fi
}
addtask deploy after do_bundle before do_build

24
sources/meta-rauc/conf/layer.conf Normal file
View File

@@ -0,0 +1,24 @@
# We have a conf and classes directory, add to BBPATH
BBPATH .= ":${LAYERDIR}"
# We have recipes-* directories, add to BBFILES
BBFILES += "${LAYERDIR}/recipes-*/*/*.bb \
${LAYERDIR}/recipes-*/*/*.bbappend"
BBFILE_COLLECTIONS += "rauc"
BBFILE_PATTERN_rauc = "^${LAYERDIR}/"
BBFILE_PRIORITY_rauc = "6"
LAYERDEPENDS_rauc = "core"
# meta-python is needed to build/run hawkbit-client
LAYERRECOMMENDS_rauc = "meta-python"
# meta-filesystems is needed to build cascync with fuse support (the default)
LAYERRECOMMENDS_rauc += "meta-filesystems"
LAYERSERIES_COMPAT_rauc = "nanbield scarthgap"
# Sanity check for meta-rauc layer.
# Setting SKIP_META_RAUC_FEATURE_CHECK to "1" would skip the bbappend files check.
INHERIT += "sanity-meta-rauc"

16
sources/meta-rauc/recipes-bsp/dt-utils/dt-utils.inc Normal file
View File

@@ -0,0 +1,16 @@
DESCRIPTION = "device-tree and barebox-related tools"
HOMEPAGE = "http://git.pengutronix.de/?p=tools/dt-utils.git"
SECTION = "base"
LICENSE = "GPL-2.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=18d902a0242c37a4604224b47d02f802"
DEPENDS = "udev"
SRC_URI = "http://www.pengutronix.de/software/dt-utils/download/${BPN}-${PV}.tar.xz"
inherit autotools pkgconfig gettext
PACKAGES =+ "${PN}-barebox-state ${PN}-fdtdump ${PN}-dtblint"
FILES:${PN}-barebox-state = "${bindir}/barebox-state"
FILES:${PN}-fdtdump = "${bindir}/fdtdump"
FILES:${PN}-dtblint = "${bindir}/dtblint"

3
sources/meta-rauc/recipes-bsp/dt-utils/dt-utils_2023.11.0.bb Normal file
View File

@@ -0,0 +1,3 @@
require dt-utils.inc
SRC_URI[sha256sum] = "d224d941c076c143f43d59cd7c6e1c522926064a31ac34a67720632ddecb6b53"

30
sources/meta-rauc/recipes-casync/casync/casync_git.bb Normal file
View File

@@ -0,0 +1,30 @@
SUMMARY = "Content-Addressable Data Synchronization Tool"
HOMEPAGE = "https://github.com/systemd/casync"
LICENSE = "LGPL-2.1-or-later"
LIC_FILES_CHKSUM = "file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c"
DEPENDS = "xz curl openssl acl zstd"
SRCREV = "0efa7abffe5fffbde8c457d3c8fafbdde0bb6e4f"
PV = "2+git${SRCPV}"
SRC_URI = " \
git://github.com/systemd/casync.git;protocol=https;branch=main \
"
S = "${WORKDIR}/git"
inherit meson pkgconfig
EXTRA_OEMESON += "-Dselinux=false -Dman=false -Dudevrulesdir=${nonarch_base_libdir}/udev/rules.d/"
BBCLASSEXTEND = "native nativesdk"
PACKAGECONFIG:class-native = ""
PACKAGECONFIG:class-nativesdk = ""
PACKAGECONFIG ?= "fuse udev"
PACKAGECONFIG[fuse] = "-Dfuse=true,-Dfuse=false,fuse"
PACKAGECONFIG[udev] = "-Dudev=true,-Dudev=false,udev"
FILES:${PN} += "${datadir}/bash-completion"

24
sources/meta-rauc/recipes-core/bundles/core-bundle-minimal.bb Normal file
View File

@@ -0,0 +1,24 @@
# A minimal demo bundle
#
# Note: The created bundle will not contain RAUC itself yet!
# To add this, properly configure it for your specific system and add it to
# your image recipe you intend to build a bundle from:
#
# IMAGE_INSTALL:append = " rauc"
#
# Also note that you need to configure RAUC_KEY_FILE and RAUC_CERT_FILE to
# point to contain the full path to your key and cert.
# Depending on you requirements you can either set them via global
# configuration or from a bundle recipe bbappend.
#
# For testing purpose, you may use the scripts/openssl-ca.sh to create some.
inherit bundle
RAUC_BUNDLE_FORMAT = "verity"
RAUC_BUNDLE_COMPATIBLE ?= "Demo Board"
RAUC_BUNDLE_SLOTS ?= "rootfs"
RAUC_SLOT_rootfs ?= "core-image-minimal"

1
sources/meta-rauc/recipes-core/busybox/busybox_%.bbappend Normal file
View File

@@ -0,0 +1 @@
require ${@bb.utils.contains('DISTRO_FEATURES', 'rauc', '${BPN}_rauc.inc', '', d)}

3
sources/meta-rauc/recipes-core/busybox/busybox_rauc.inc Normal file
View File

@@ -0,0 +1,3 @@
FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
SRC_URI += "file://rauc.cfg"

2
sources/meta-rauc/recipes-core/busybox/files/rauc.cfg Normal file
View File

@@ -0,0 +1,2 @@
CONFIG_FEATURE_TAR_LONG_OPTIONS=y
CONFIG_FEATURE_TAR_AUTODETECT=y

1
sources/meta-rauc/recipes-core/packagegroups/packagegroup-base.bbappend Normal file
View File

@@ -0,0 +1 @@
require ${@bb.utils.contains('DISTRO_FEATURES', 'rauc', '${BPN}_rauc.inc', '', d)}

6
sources/meta-rauc/recipes-core/packagegroups/packagegroup-base_rauc.inc Normal file
View File

@@ -0,0 +1,6 @@
PACKAGES += "packagegroup-base-rauc"
RDEPENDS:packagegroup-base += "packagegroup-base-rauc"
SUMMARY:packagegroup-base-rauc = "RAUC update framework support"
RDEPENDS:packagegroup-base-rauc = "\
rauc"

6
sources/meta-rauc/recipes-core/rauc/files/ca.cert.pem Normal file
View File

@@ -0,0 +1,6 @@
# This is a dummy keyring file. Please overwrite this with one that matches
# your X509 infrastructure if you intend to use RAUC for secure updates!
#
# If you really do not intend to actively use the security features or for
# testing you may create a self-signed development certificate by executing the
# script `openssl-ca.sh` from the `scripts` folder.

23
sources/meta-rauc/recipes-core/rauc/files/rauc-mark-good.init Normal file
View File

@@ -0,0 +1,23 @@
#!/bin/sh
### BEGIN INIT INFO
# Provides: rauc-mark-good
# Required-Start:
# Required-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Rauc Good-marking Service
### END INIT INFO
# Author: <ejo@pengutronix.de>
# Aktionen
case "$1" in
start)
rauc status mark-good
;;
stop)
;;
restart)
;;
esac
exit 0

15
sources/meta-rauc/recipes-core/rauc/files/rauc-mark-good.service Normal file
View File

@@ -0,0 +1,15 @@
[Unit]
Description=RAUC Good-marking Service
ConditionKernelCommandLine=|bootchooser.active
ConditionKernelCommandLine=|rauc.slot
After=boot-complete.target
Requires=boot-complete.target
DefaultDependencies=no
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=@BINDIR@/rauc status mark-good
[Install]
WantedBy=multi-user.target

36
sources/meta-rauc/recipes-core/rauc/files/system.conf Normal file
View File

@@ -0,0 +1,36 @@
## This is an example RAUC system configuration. This file will be installed
## into /etc/rauc/system.conf on your target and describes your system from the
## perspective of the RAUC update service.
##
## Adapt and extend the below configuration to your needs and place it in the
## BSP layer of you project. Create a rauc .bbappend file that adds this file
## to your build:
##
## FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
##
## ---
##
# [system]
# compatible=My Example System
# bootloader=<barebox|uboot|grub>
# bundle-formats=-plain
#
# [slot.rootfs.0]
# device=/dev/mmcblkXp1
# type=ext4
# bootname=system0
#
# [slot.rootfs.1]
# device=/dev/mmcblkXp2
# type=ext4
# bootname=system1
#
# [slot.appfs.0]
# device=/dev/mmcblkXp3
# type=ext4
# parent=rootfs.0
#
# [slot.appfs.1]
# device=/dev/mmcblkXp4
# type=ext4
# parent=rootfs.1

5
sources/meta-rauc/recipes-core/rauc/nativesdk-rauc.inc Normal file
View File

@@ -0,0 +1,5 @@
do_install:append() {
rm -rf ${D}${datadir}
}
inherit nativesdk

3
sources/meta-rauc/recipes-core/rauc/nativesdk-rauc_1.14.bb Normal file
View File

@@ -0,0 +1,3 @@
require rauc.inc
require rauc-1.14.inc
require nativesdk-rauc.inc

3
sources/meta-rauc/recipes-core/rauc/nativesdk-rauc_git.bb Normal file
View File

@@ -0,0 +1,3 @@
require rauc.inc
require rauc-git.inc
require nativesdk-rauc.inc

5
sources/meta-rauc/recipes-core/rauc/rauc-1.14.inc Normal file
View File

@@ -0,0 +1,5 @@
SRC_URI = "https://github.com/rauc/rauc/releases/download/v${PV}/rauc-${PV}.tar.xz"
SRC_URI[sha256sum] = "f48c85573d82bf9378e907f6eba0cbe4f2021839a1e9fe3f8431f61dd54ef42c"
UPSTREAM_CHECK_URI = "https://github.com/${BPN}/${BPN}/releases"

33
sources/meta-rauc/recipes-core/rauc/rauc-conf.bb Normal file
View File

@@ -0,0 +1,33 @@
SUMMARY = "RAUC system configuration & verification keyring"
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
RAUC_KEYRING_FILE ??= "ca.cert.pem"
RAUC_KEYRING_URI ??= "file://${RAUC_KEYRING_FILE}"
RPROVIDES:${PN} += "virtual-rauc-conf"
INHIBIT_DEFAULT_DEPS = "1"
do_compile[noexec] = "1"
SRC_URI = " \
file://system.conf \
${RAUC_KEYRING_URI} \
"
do_install () {
# Create rauc config dir
# Warn if system configuration was not overwritten
if ! grep -q "^[^#]" ${WORKDIR}/system.conf; then
bbwarn "Please overwrite example system.conf with a project specific one!"
fi
install -d ${D}${sysconfdir}/rauc
install -m 0644 ${WORKDIR}/system.conf ${D}${sysconfdir}/rauc/
# Warn if CA file was not overwritten
if ! grep -q "^[^#]" ${WORKDIR}/${RAUC_KEYRING_FILE}; then
bbwarn "Please overwrite example ca.cert.pem with a project specific one, or set the RAUC_KEYRING_FILE variable with your file!"
fi
install -d ${D}${sysconfdir}/rauc
install -m 0644 ${WORKDIR}/${RAUC_KEYRING_FILE} ${D}${sysconfdir}/rauc/
}

12
sources/meta-rauc/recipes-core/rauc/rauc-git.inc Normal file
View File

@@ -0,0 +1,12 @@
SRC_URI = " \
git://github.com/rauc/rauc.git;protocol=https;branch=master \
"
PV = "1.14+git${SRCPV}"
S = "${WORKDIR}/git"
SRCREV = "2c455f87b96400779b77a3f87ac3d655a4c80bcf"
RAUC_USE_DEVEL_VERSION[doc] = "Global switch to enable RAUC development (git) version."
RAUC_USE_DEVEL_VERSION ??= "-1"
DEFAULT_PREFERENCE ??= "${RAUC_USE_DEVEL_VERSION}"

4
sources/meta-rauc/recipes-core/rauc/rauc-native.inc Normal file
View File

@@ -0,0 +1,4 @@
inherit native
DEPENDS = "openssl-native glib-2.0-native"
RRECOMMENDS:${PN} = "squashfs-tools-native"

3
sources/meta-rauc/recipes-core/rauc/rauc-native_1.14.bb Normal file
View File

@@ -0,0 +1,3 @@
require rauc.inc
require rauc-native.inc
require rauc-1.14.inc

3
sources/meta-rauc/recipes-core/rauc/rauc-native_git.bb Normal file
View File

@@ -0,0 +1,3 @@
require rauc.inc
require rauc-native.inc
require rauc-git.inc

69
sources/meta-rauc/recipes-core/rauc/rauc-target.inc Normal file
View File

@@ -0,0 +1,69 @@
RAUC_KEYRING_FILE ??= "ca.cert.pem"
RAUC_KEYRING_URI ??= "file://${RAUC_KEYRING_FILE}"
RRECOMMENDS:${PN} += "virtual-rauc-conf"
RRECOMMENDS:${PN} += "squashfs-tools"
SRC_URI:append = " \
file://rauc-mark-good.service \
file://rauc-mark-good.init \
"
SYSTEMD_PACKAGES += "${PN}-mark-good"
SYSTEMD_SERVICE:${PN}-mark-good = "rauc-mark-good.service"
INITSCRIPT_PACKAGES = "${PN}-mark-good"
INITSCRIPT_NAME:${PN}-mark-good = "rauc-mark-good"
INITSCRIPT_PARAMS:${PN}-mark-good = "start 99 5 2 . stop 20 0 1 6 ."
inherit systemd update-rc.d
do_install () {
meson_do_install
install -d ${D}${systemd_unitdir}/system/
install -m 0644 ${WORKDIR}/rauc-mark-good.service ${D}${systemd_unitdir}/system/
sed -i -e 's!@BINDIR@!${bindir}!g' ${D}${systemd_unitdir}/system/*.service
install -d "${D}${sysconfdir}/init.d"
install -m 755 "${WORKDIR}/rauc-mark-good.init" "${D}${sysconfdir}/init.d/rauc-mark-good"
}
PACKAGES =+ "${PN}-mark-good"
# some magic to get the tool to interact with bootloader storage
python __anonymous () {
bootloader = d.getVar("PREFERRED_PROVIDER_virtual/bootloader")
if not bootloader:
return
if "barebox" in bootloader:
boothelper = " dt-utils-barebox-state"
elif "u-boot" in bootloader:
boothelper = " u-boot-fw-utils"
elif "grub" in bootloader:
boothelper = " grub-editenv"
else:
return
d.appendVar("RDEPENDS:%s" % d.getVar('PN'), boothelper)
}
RRECOMMENDS:${PN}:append = " ${PN}-mark-good"
FILES:${PN}-mark-good = "${systemd_unitdir}/system/rauc-mark-good.service ${sysconfdir}/init.d/rauc-mark-good"
PACKAGES =+ "${PN}-service"
SYSTEMD_SERVICE:${PN}-service = "${@bb.utils.contains('PACKAGECONFIG', 'service', 'rauc.service', '', d)}"
SYSTEMD_PACKAGES += "${PN}-service"
RDEPENDS:${PN}-service += "dbus"
FILES:${PN}-service = "\
${systemd_unitdir}/system/rauc.service \
${datadir}/dbus-1/system.d/de.pengutronix.rauc.conf \
${datadir}/dbus-1/system-services/de.pengutronix.rauc.service \
${nonarch_libdir}/systemd/catalog \
"
PACKAGECONFIG ??= "service network streaming json nocreate gpt"

26
sources/meta-rauc/recipes-core/rauc/rauc.inc Normal file
View File

@@ -0,0 +1,26 @@
DESCRIPTION = "RAUC update controller for host and target"
HOMEPAGE = "https://github.com/rauc/rauc"
LICENSE = "LGPL-2.1-or-later"
LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c"
DEPENDS = "openssl glib-2.0 glib-2.0-native"
inherit meson pkgconfig gettext
EXTRA_OEMESON += "\
-Dtests=false \
-Dsystemdunitdir=${systemd_system_unitdir} \
-Ddbuspolicydir=${datadir}/dbus-1/system.d \
-Ddbussystemservicedir=${datadir}/dbus-1/system-services \
-Ddbusinterfacesdir=${datadir}/dbus-1/interfaces \
"
PACKAGECONFIG[nocreate] = "-Dcreate=false,-Dcreate=true,"
PACKAGECONFIG[service] = "-Dservice=true,-Dservice=false,dbus,${PN}-service"
PACKAGECONFIG[streaming] = "-Dstreaming=true,-Dstreaming=false,libnl"
PACKAGECONFIG[network] = "-Dnetwork=true,-Dnetwork=false,curl"
PACKAGECONFIG[json] = "-Djson=enabled,-Djson=disabled,json-glib"
PACKAGECONFIG[gpt] = "-Dgpt=enabled,-Dgpt=disabled,util-linux"
FILES:${PN}-dev += "\
${datadir}/dbus-1/interfaces/de.pengutronix.rauc.Installer.xml \
"

3
sources/meta-rauc/recipes-core/rauc/rauc_1.14.bb Normal file
View File

@@ -0,0 +1,3 @@
require rauc.inc
require rauc-target.inc
require rauc-1.14.inc

3
sources/meta-rauc/recipes-core/rauc/rauc_git.bb Normal file
View File

@@ -0,0 +1,3 @@
require rauc.inc
require rauc-target.inc
require rauc-git.inc

13
sources/meta-rauc/recipes-devtools/python-gbulb/python3-gbulb_0.6.3.bb Normal file
View File

@@ -0,0 +1,13 @@
SUMMARY = "GLib implementation of PEP 3156"
HOMEPAGE = "http://github.com/beeware/gbulb"
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=edfe3d91d4b439ac8a8c23cebbf00501"
SRC_URI[sha256sum] = "da003c5b17d3a2ba15c7255bb174defaa0f6b77e8b23f229685eb2714ceaeeec"
PYPI_PACKAGE = "gbulb"
# python3-misc is needed for the signal module
RDEPENDS:${PN} = "python3-pygobject python3-asyncio python3-misc"
inherit pypi setuptools3

7
sources/meta-rauc/recipes-kernel/linux/linux-yocto/rauc.cfg Normal file
View File

@@ -0,0 +1,7 @@
CONFIG_BLK_DEV_LOOP=y
CONFIG_SQUASHFS=y
CONFIG_MD=y
CONFIG_BLK_DEV_DM=y
CONFIG_BLK_DEV_NBD=y
CONFIG_DM_VERITY=y
CONFIG_CRYPTO_SHA256=y

1
sources/meta-rauc/recipes-kernel/linux/linux-yocto_%.bbappend Normal file
View File

@@ -0,0 +1 @@
require ${@bb.utils.contains('DISTRO_FEATURES', 'rauc', '${BPN}_rauc.inc', '', d)}

3
sources/meta-rauc/recipes-kernel/linux/linux-yocto_rauc.inc Normal file
View File

@@ -0,0 +1,3 @@
FILESEXTRAPATHS:prepend := "${THISDIR}/linux-yocto:"
SRC_URI += "file://rauc.cfg"

1
sources/meta-rauc/recipes-support/curl/curl_%.bbappend Normal file
View File

@@ -0,0 +1 @@
require ${@bb.utils.contains('DISTRO_FEATURES', 'rauc', '${BPN}_rauc.inc', '', d)}

5
sources/meta-rauc/recipes-support/curl/curl_rauc.inc Normal file
View File

@@ -0,0 +1,5 @@
# HTTP/2 allows having multiple parallel (range-) requests in flight on the
# same connection without requiring multiple TCP and TLS handshakes.
# This speeds up adaptive updates a lot, since they work by making many
# range-requests for parts of the update bundle.
PACKAGECONFIG:append:class-target = " nghttp2"

25
sources/meta-rauc/recipes-support/rauc-hawkbit-updater/rauc-hawkbit-updater.inc Normal file
View File

@@ -0,0 +1,25 @@
SUMMARY = "The RAUC hawkBit updater operates as an interface between the RAUC D-Bus API and the hawkBit DDI API."
HOMEPAGE = "https://github.com/rauc/rauc-hawkbit-updater"
LICENSE = "LGPL-2.1-only"
LIC_FILES_CHKSUM = "file://LICENSE;md5=1a6d268fd218675ffea8be556788b780"
inherit meson pkgconfig systemd useradd
SYSTEMD_SERVICE:${PN} = "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'rauc-hawkbit-updater.service', '', d)}"
PACKAGECONFIG ??= " \
${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \
"
PACKAGECONFIG[systemd] = "-Dsystemd=enabled,-Dsystemd=disabled,systemd"
USERADD_PACKAGES = "${PN}"
USERADD_PARAM:${PN} = "--system --home-dir / --no-create-home --shell /bin/false rauc-hawkbit"
DEPENDS = "curl glib-2.0-native json-glib"
do_install:append () {
install -d ${D}${sysconfdir}/${PN}
install -m 644 ${S}/config.conf.example ${D}${sysconfdir}/${PN}/config.conf
}

4
sources/meta-rauc/recipes-support/rauc-hawkbit-updater/rauc-hawkbit-updater_1.3.bb Normal file
View File

@@ -0,0 +1,4 @@
include rauc-hawkbit-updater.inc
SRC_URI = "https://github.com/rauc/${BPN}/releases/download/v${PV}/${BPN}-${PV}.tar.xz"
SRC_URI[sha256sum] = "42318e96a464e6c716edb45c48bd3ec3b874462973db902fbe099a395e4acb4b"

8
sources/meta-rauc/recipes-support/rauc-hawkbit-updater/rauc-hawkbit-updater_git.bb Normal file
View File

@@ -0,0 +1,8 @@
include rauc-hawkbit-updater.inc
SRC_URI = "git://github.com/rauc/rauc-hawkbit-updater.git;protocol=https;branch=master"
SRCREV = "e19bc259a615ea31584c4056f365db46237d70f9"
S = "${WORKDIR}/git"
PV = "1.3+git${SRCPV}"
DEFAULT_PREFERENCE = "-1"

9
sources/meta-rauc/recipes-support/rauc-hawkbit/files/rauc-hawkbit.service Normal file
View File

@@ -0,0 +1,9 @@
[Unit]
Description=rauc-hawkbit client service
Requires=rauc.service
[Service]
ExecStart=@BINDIR@/rauc-hawkbit-client -c @SYSCONFDIR@/rauc-hawkbit/config.cfg
[Install]
WantedBy=multi-user.target

41
sources/meta-rauc/recipes-support/rauc-hawkbit/rauc-hawkbit_git.bb Normal file
View File

@@ -0,0 +1,41 @@
LICENSE = "LGPL-2.1-or-later"
LIC_FILES_CHKSUM = " \
file://COPYING;md5=4fbd65380cdd255951079008b364516c \
file://README.rst;beginline=114;endline=132;md5=aff2a45fabc5c8d959b72f97ffc77465 \
"
SUMMARY = "hawkBit client for RAUC"
DEPENDS = "python3-setuptools-scm-native"
SRC_URI = " \
git://github.com/rauc/rauc-hawkbit.git;protocol=https;branch=master \
file://rauc-hawkbit.service \
"
PV = "0.2.0+git${SRCPV}"
SRCREV = "47bebb4a011768817f13f7796ec1b4e67edaffc5"
S = "${WORKDIR}/git"
inherit setuptools3 systemd
PACKAGES =+ "${PN}-service"
SYSTEMD_SERVICE:${PN}-service = "rauc-hawkbit.service"
SYSTEMD_PACKAGES = "${PN}-service"
do_install:append() {
install -d ${D}${sysconfdir}/${BPN}/
install -m 0644 ${S}/rauc_hawkbit/config.cfg ${D}${sysconfdir}/${BPN}/config.cfg
install -d ${D}${systemd_unitdir}/system/
install -m 0644 ${WORKDIR}/rauc-hawkbit.service ${D}${systemd_unitdir}/system/
sed -i -e 's!@BINDIR@!${bindir}!g' -e 's!@SYSCONFDIR@!${sysconfdir}!g' \
${D}${systemd_unitdir}/system/rauc-hawkbit.service
}
RDEPENDS:${PN} += "python3-aiohttp python3-gbulb"
FILES:${PN}-service = " \
${bindir}/rauc-hawkbit-client \
${sysconfdir}/${BPN}/config.cfg \
${systemd_unitdir}/system/rauc-hawkbit.service \
"

38
sources/meta-rauc/scripts/README Normal file
View File

@@ -0,0 +1,38 @@
Generate Testing Certificate
----------------------------
The script `openssl-ca.sh` allows you to create a certificate and key that you
can use for a test-setup of RAUC.
To generate the required files, execute
./openssl-ca.sh
This will generate a folder `openssl-ca/` that contains the generated openssl
configuration file and a development certificate and key.
To use them in your BSP in order to sign and verify bundles, you have to:
1) Make the target rauc package use the generated keyring file:
Copy the keyring file `dev/ca.cert.pem` into your projects meta layer under
`recipes-core/rauc/files` and add a simple .bbappend file
`recipes-core/rauc/rauc-conf.bbappend` that adds the keyring file to the rauc
config package search path:
FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
2) Make your bundle recipe use the generated key and certificate:
Copy the key file `dev/private/development-1.key.pem` and the cert file
`dev/development-1.cert.pem` to your projects meta layer in a global `files`
folder.
In your bundle recipe, let the variables `RAUC_KEY_FILE` and `RAUC_CERT_FILE`
point to these key and cert files:
RAUC_KEY_FILE = "${COREBASE}/meta-<layername>/files/development-1.key.pem"
RAUC_CERT_FILE = "${COREBASE}/meta-<layername>/files/development-1.cert.pem"
Now you are able to build and sign bundles that contain a rootfs that will
allow RAUC to verify the content of further bundles.

93
sources/meta-rauc/scripts/openssl-ca.sh Executable file
View File

@@ -0,0 +1,93 @@
#!/bin/bash
set -xe
ORG="Test Org"
CA="rauc CA"
# After the CRL expires, signatures cannot be verified anymore
CRL="-crldays 5000"
BASE="$(pwd)/openssl-ca"
if [ -e $BASE ]; then
echo "$BASE already exists"
exit 1
fi
mkdir -p $BASE/dev/{private,certs}
touch $BASE/dev/index.txt
echo 01 > $BASE/dev/serial
cat > $BASE/openssl.cnf <<EOF
[ ca ]
default_ca = CA_default # The default ca section
[ CA_default ]
dir = . # top dir
database = \$dir/index.txt # index file.
new_certs_dir = \$dir/certs # new certs dir
certificate = \$dir/ca.cert.pem # The CA cert
serial = \$dir/serial # serial no file
private_key = \$dir/private/ca.key.pem# CA private key
RANDFILE = \$dir/private/.rand # random number file
default_startdate = 19700101000000Z
default_enddate = 99991231235959Z
default_crl_days= 30 # how long before next CRL
default_md = sha256 # md to use
policy = policy_any # default policy
email_in_dn = no # Don't add the email into cert DN
name_opt = ca_default # Subject name display option
cert_opt = ca_default # Certificate display option
copy_extensions = none # Don't copy extensions from request
[ policy_any ]
organizationName = match
commonName = supplied
[ req ]
default_bits = 2048
distinguished_name = req_distinguished_name
x509_extensions = v3_leaf
encrypt_key = no
default_md = sha256
[ req_distinguished_name ]
commonName = Common Name (eg, YOUR name)
commonName_max = 64
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:TRUE
[ v3_inter ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:TRUE,pathlen:0
[ v3_leaf ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:FALSE
EOF
export OPENSSL_CONF=$BASE/openssl.cnf
echo "Development CA"
cd $BASE/dev
openssl req -newkey rsa -keyout private/ca.key.pem -out ca.csr.pem -subj "/O=$ORG/CN=$ORG $CA Development"
openssl ca -batch -selfsign -extensions v3_ca -in ca.csr.pem -out ca.cert.pem -keyfile private/ca.key.pem
echo "Development Signing Keys 1"
cd $BASE/dev
openssl req -newkey rsa -keyout private/development-1.key.pem -out development-1.csr.pem -subj "/O=$ORG/CN=$ORG Development-1"
openssl ca -batch -extensions v3_leaf -in development-1.csr.pem -out development-1.cert.pem