Complete Yocto mirror with license table for TQMa6UL (2038-compliance)

- 264 license table entries with exact download URLs (224/264 resolved) - Complete sources/ directory with all BitBake recipes - Build configuration: tqma6ul-multi-mba6ulx, spaetzle (musl) - Full traceability for Softwarefreigabeantrag - GCC 13.4.0, Linux 6.6.102, U-Boot 2023.04, musl 1.2.4 - License distribution: GPL-2.0 (24), MIT (23), GPL-2.0+ (18), BSD-3 (16)
2026-03-01 20:58:18 +00:00
commit 16accb6b24
15086 changed files with 1292356 additions and 0 deletions
--- a/sources/meta-rauc/scripts/README
+++ b/sources/meta-rauc/scripts/README
@@ -0,0 +1,38 @@
+Generate Testing Certificate
+----------------------------
+
+The script `openssl-ca.sh` allows you to create a certificate and key that you
+can use for a test-setup of RAUC.
+
+To generate the required files, execute
+
+  ./openssl-ca.sh
+
+This will generate a folder `openssl-ca/` that contains the generated openssl
+configuration file and a development certificate and key.
+
+To use them in your BSP in order to sign and verify bundles, you have to:
+
+1) Make the target rauc package use the generated keyring file:
+
+   Copy the keyring file `dev/ca.cert.pem` into your projects meta layer under
+   `recipes-core/rauc/files` and add a simple .bbappend file
+   `recipes-core/rauc/rauc-conf.bbappend` that adds the keyring file to the rauc
+   config package search path:
+
+     FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
+
+2) Make your bundle recipe use the generated key and certificate:
+
+   Copy the key file `dev/private/development-1.key.pem` and the cert file
+   `dev/development-1.cert.pem` to your projects meta layer in a global `files`
+   folder.
+
+   In your bundle recipe, let the variables `RAUC_KEY_FILE` and `RAUC_CERT_FILE`
+   point to these key and cert files:
+
+     RAUC_KEY_FILE = "${COREBASE}/meta-<layername>/files/development-1.key.pem"
+     RAUC_CERT_FILE = "${COREBASE}/meta-<layername>/files/development-1.cert.pem"
+
+Now you are able to build and sign bundles that contain a rootfs that will
+allow RAUC to verify the content of further bundles.
--- a/sources/meta-rauc/scripts/openssl-ca.sh
+++ b/sources/meta-rauc/scripts/openssl-ca.sh
@@ -0,0 +1,93 @@
+#!/bin/bash
+
+set -xe
+
+ORG="Test Org"
+CA="rauc CA"
+
+# After the CRL expires, signatures cannot be verified anymore
+CRL="-crldays 5000"
+
+BASE="$(pwd)/openssl-ca"
+
+if [ -e $BASE ]; then
+  echo "$BASE already exists"
+  exit 1
+fi
+
+mkdir -p $BASE/dev/{private,certs}
+touch $BASE/dev/index.txt
+echo 01 > $BASE/dev/serial
+
+cat > $BASE/openssl.cnf <<EOF
+[ ca ]
+default_ca      = CA_default            # The default ca section
+
+[ CA_default ]
+
+dir            = .                     # top dir
+database       = \$dir/index.txt        # index file.
+new_certs_dir  = \$dir/certs            # new certs dir
+
+certificate    = \$dir/ca.cert.pem       # The CA cert
+serial         = \$dir/serial           # serial no file
+private_key    = \$dir/private/ca.key.pem# CA private key
+RANDFILE       = \$dir/private/.rand    # random number file
+
+default_startdate = 19700101000000Z
+default_enddate = 99991231235959Z
+default_crl_days= 30                   # how long before next CRL
+default_md     = sha256                # md to use
+
+policy         = policy_any            # default policy
+email_in_dn    = no                    # Don't add the email into cert DN
+
+name_opt       = ca_default            # Subject name display option
+cert_opt       = ca_default            # Certificate display option
+copy_extensions = none                 # Don't copy extensions from request
+
+[ policy_any ]
+organizationName       = match
+commonName             = supplied
+
+[ req ]
+default_bits           = 2048
+distinguished_name     = req_distinguished_name
+x509_extensions        = v3_leaf
+encrypt_key = no
+default_md = sha256
+
+[ req_distinguished_name ]
+commonName                     = Common Name (eg, YOUR name)
+commonName_max                 = 64
+
+[ v3_ca ]
+
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints = CA:TRUE
+
+[ v3_inter ]
+
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints = CA:TRUE,pathlen:0
+
+[ v3_leaf ]
+
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints = CA:FALSE
+EOF
+
+export OPENSSL_CONF=$BASE/openssl.cnf
+
+echo "Development CA"
+cd $BASE/dev
+openssl req -newkey rsa -keyout private/ca.key.pem -out ca.csr.pem -subj "/O=$ORG/CN=$ORG $CA Development"
+openssl ca -batch -selfsign -extensions v3_ca -in ca.csr.pem -out ca.cert.pem -keyfile private/ca.key.pem
+
+echo "Development Signing Keys 1"
+cd $BASE/dev
+openssl req -newkey rsa -keyout private/development-1.key.pem -out development-1.csr.pem -subj "/O=$ORG/CN=$ORG Development-1"
+openssl ca -batch -extensions v3_leaf -in development-1.csr.pem -out development-1.cert.pem