noverify-bmc-update: Add definition
This will be used by some platforms by default when enabling
phosphor-ipmi-flash so that the BMC image can be updated without any
signature verification checks in place.
(From meta-phosphor rev: e076ee3295c74be2de43f496d7e0f4934d21ec2a)
Change-Id: Ibe22f1189a3bda1dba535a8ade5043312c72a953
Signed-off-by: William A. Kennington III <wak@google.com>
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
diff --git a/meta-phosphor/recipes-phosphor/flash/noverify-bmc-update.bb b/meta-phosphor/recipes-phosphor/flash/noverify-bmc-update.bb
new file mode 100644
index 0000000..fb1480f
--- /dev/null
+++ b/meta-phosphor/recipes-phosphor/flash/noverify-bmc-update.bb
@@ -0,0 +1,19 @@
+DESCRIPTION = "phosphor-ipmi-flash config to update without verifying the image"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
+
+inherit systemd
+
+SRC_URI += "file://noverify-bmc-verify.service"
+SRC_URI += "file://config-bmc.json"
+
+SYSTEMD_SERVICE_${PN} += "noverify-bmc-verify.service"
+FILES_${PN} += "${datadir}/phosphor-ipmi-flash/config-bmc.json"
+
+do_install() {
+ install -d ${D}${datadir}/phosphor-ipmi-flash
+ install -m 0644 ${WORKDIR}/config-bmc.json ${D}${datadir}/phosphor-ipmi-flash
+
+ install -d ${D}${systemd_system_unitdir}
+ install -m 0644 ${WORKDIR}/noverify-bmc-verify.service ${D}${systemd_system_unitdir}
+}
diff --git a/meta-phosphor/recipes-phosphor/flash/noverify-bmc-update/config-bmc.json b/meta-phosphor/recipes-phosphor/flash/noverify-bmc-update/config-bmc.json
new file mode 100644
index 0000000..86afb3b
--- /dev/null
+++ b/meta-phosphor/recipes-phosphor/flash/noverify-bmc-update/config-bmc.json
@@ -0,0 +1,20 @@
+[{
+ "blob": "/flash/image",
+ "handler": {
+ "type": "file",
+ "path": "/run/initramfs/bmc-image"
+ },
+ "actions": {
+ "preparation": {
+ "type": "skip"
+ },
+ "verification": {
+ "type": "systemd",
+ "unit": "noverify-bmc-verify.service"
+ },
+ "update": {
+ "type": "systemd",
+ "unit": "reboot.target"
+ }
+ }
+}]
diff --git a/meta-phosphor/recipes-phosphor/flash/noverify-bmc-update/noverify-bmc-verify.service b/meta-phosphor/recipes-phosphor/flash/noverify-bmc-update/noverify-bmc-verify.service
new file mode 100644
index 0000000..50855b6
--- /dev/null
+++ b/meta-phosphor/recipes-phosphor/flash/noverify-bmc-update/noverify-bmc-verify.service
@@ -0,0 +1,6 @@
+[Unit]
+Description=Don't verify the image, just stage it for update
+
+[Service]
+Type=oneshot
+ExecStart=/bin/mv /run/initramfs/bmc-image /run/initramfs/image-bmc