certificate-manager: supply configs from the repo
This change is a part of the privilege seperation work
which is tracked in:
https://github.com/openbmc/openbmc/issues/3383
This change should be merged after individual repo change:
https://gerrit.openbmc-project.xyz/c/openbmc/phosphor-certificate-manager/+/41166
Signed-off-by: Anton D. Kachalov <gmouse@google.com>
Change-Id: I72e4842e7aa6de2ae4bcbdbf00953b7a79a0f414
diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-bmcweb-cert-config.bb b/meta-phosphor/recipes-phosphor/certificate/phosphor-bmcweb-cert-config.bb
deleted file mode 100644
index 1d9f5a3..0000000
--- a/meta-phosphor/recipes-phosphor/certificate/phosphor-bmcweb-cert-config.bb
+++ /dev/null
@@ -1,30 +0,0 @@
-SUMMARY = "Phosphor certificate manager configuration for a bmcweb service"
-
-PR = "r1"
-
-LICENSE = "Apache-2.0"
-LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10"
-
-RDEPENDS:${PN} = "phosphor-certificate-manager"
-
-inherit allarch
-
-SRC_URI = "file://env"
-
-FILES:${PN} = "${datadir}"
-
-do_install() {
- install -D ${WORKDIR}/env ${D}/${datadir}/phosphor-certificate-manager/bmcweb
-}
-
-pkg_postinst:${PN}() {
- LINK="$D$systemd_system_unitdir/multi-user.target.wants/phosphor-certificate-manager@bmcweb.service"
- TARGET="../phosphor-certificate-manager@.service"
- mkdir -p $D$systemd_system_unitdir/multi-user.target.wants
- ln -s $TARGET $LINK
-}
-
-pkg_prerm:${PN}() {
- LINK="$D$systemd_system_unitdir/multi-user.target.wants/phosphor-certificate-manager@bmcweb.service"
- rm $LINK
-}
diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-bmcweb-cert-config/env b/meta-phosphor/recipes-phosphor/certificate/phosphor-bmcweb-cert-config/env
deleted file mode 100644
index af4899a..0000000
--- a/meta-phosphor/recipes-phosphor/certificate/phosphor-bmcweb-cert-config/env
+++ /dev/null
@@ -1,12 +0,0 @@
-#D-Bus object path
-#example: /xyz/openbmc_project/certs/server/https
-ENDPOINT=https
-
-#Path for the certificate file
-CERTPATH=/etc/ssl/certs/https/server.pem
-
-#Units to restart
-UNIT=bmcweb.service
-
-#Type of the service client/server
-TYPE=server
diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager/phosphor-certificate-manager@.service b/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager/phosphor-certificate-manager@.service
deleted file mode 100644
index 255906f..0000000
--- a/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager/phosphor-certificate-manager@.service
+++ /dev/null
@@ -1,11 +0,0 @@
-[Unit]
-Description=Phosphor certificate manager for %I
-
-[Service]
-EnvironmentFile=/usr/share/phosphor-certificate-manager/%I
-ExecStart=/usr/bin/env phosphor-certificate-manager --endpoint=${{ENDPOINT}} --path=${{CERTPATH}} --unit=${{UNIT}} --type=${{TYPE}}
-SyslogIdentifier=phosphor-certificate-manager
-Restart=always
-
-[Install]
-WantedBy=multi-user.target
diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager_git.bb b/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager_git.bb
index 30730a4..d2a7e4f 100644
--- a/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager_git.bb
+++ b/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager_git.bb
@@ -9,14 +9,15 @@
LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327"
SRC_URI = "git://github.com/openbmc/phosphor-certificate-manager"
-SRCREV = "811a29e1941db0157f49d2e05491be945f7b2f07"
+SRCREV = "6dd1c2ad86507202dd55c533559e253f846e99c8"
inherit autotools \
pkgconfig \
- obmc-phosphor-systemd
+ systemd
DEPENDS = " \
autoconf-archive-native \
+ dbus \
openssl \
phosphor-dbus-interfaces \
phosphor-logging \
@@ -28,9 +29,18 @@
EXTRA_OECONF += "--disable-tests"
-CERT_TMPL = "phosphor-certificate-manager@.service"
-SYSTEMD_SERVICE:${PN} = "${CERT_TMPL}"
+SYSTEMD_SERVICE:${PN} = "phosphor-certificate-manager@.service"
-PACKAGECONFIG ??= ""
+PACKAGECONFIG ??= "bmcweb-cert nslcd-authority-cert"
PACKAGECONFIG[ibm-hypervisor-cert] = "--enable-ca-cert-extension,,"
-SYSTEMD_SERVICE:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'ibm-hypervisor-cert', 'bmc-vmi-ca-manager.service', '', d)}"
+PACKAGECONFIG[bmcweb-cert] = "--enable-bmcweb-cert-config,,"
+PACKAGECONFIG[nslcd-authority-cert] = "--enable-nslcd-authority-cert-config,,"
+
+SYSTEMD_SERVICE:${PN} = " \
+ phosphor-certificate-manager@.service \
+ ${@bb.utils.contains('PACKAGECONFIG', 'ibm-hypervisor-cert', 'bmc-vmi-ca-manager.service', '', d)} \
+ ${@bb.utils.contains('PACKAGECONFIG', 'nslcd-authority-cert', 'phosphor-certificate-manager@authority.service', '', d)} \
+ ${@bb.utils.contains('PACKAGECONFIG', 'bmcweb', 'phosphor-certificate-manager@bmcweb.service', '', d)} \
+ "
+
+FILES:${PN}:append = " ${sysconfdir}/dbus-1 ${base_libdir} ${datadir} ${bindir}"
diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config.bb b/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config.bb
deleted file mode 100644
index c847b6d..0000000
--- a/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config.bb
+++ /dev/null
@@ -1,30 +0,0 @@
-SUMMARY = "Phosphor certificate manager configuration for an nslcd authority service"
-
-PR = "r1"
-
-LICENSE = "Apache-2.0"
-LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10"
-
-RDEPENDS:${PN} = "phosphor-certificate-manager"
-
-inherit allarch
-
-SRC_URI = "file://env"
-
-FILES:${PN} = "${datadir}"
-
-do_install() {
- install -D ${WORKDIR}/env ${D}/${datadir}/phosphor-certificate-manager/authority
-}
-
-pkg_postinst:${PN}() {
- LINK="$D$systemd_system_unitdir/multi-user.target.wants/phosphor-certificate-manager@authority.service"
- TARGET="../phosphor-certificate-manager@.service"
- mkdir -p $D$systemd_system_unitdir/multi-user.target.wants
- ln -s $TARGET $LINK
-}
-
-pkg_prerm:${PN}() {
- LINK="$D$systemd_system_unitdir/multi-user.target.wants/phosphor-certificate-manager@authority.service"
- rm $LINK
-}
diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config/env b/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config/env
deleted file mode 100644
index d2e8814..0000000
--- a/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config/env
+++ /dev/null
@@ -1,12 +0,0 @@
-#REST URI endpoint
-#example: /xyz/openbmc_project/certs/authority/ldap
-ENDPOINT=ldap
-
-#Path for the certificate file
-CERTPATH=/etc/ssl/certs/authority
-
-#Units to restart
-UNIT=bmcweb.service
-
-#Type of service
-TYPE=authority
diff --git a/meta-phosphor/recipes-phosphor/packagegroups/packagegroup-obmc-apps.bb b/meta-phosphor/recipes-phosphor/packagegroups/packagegroup-obmc-apps.bb
index e6c223e..c035c6d 100644
--- a/meta-phosphor/recipes-phosphor/packagegroups/packagegroup-obmc-apps.bb
+++ b/meta-phosphor/recipes-phosphor/packagegroups/packagegroup-obmc-apps.bb
@@ -43,7 +43,7 @@
SUMMARY:${PN}-bmcweb = "bmcweb support"
RDEPENDS:${PN}-bmcweb = " \
bmcweb \
- phosphor-bmcweb-cert-config \
+ phosphor-certificate-manager \
"
SUMMARY:${PN}-chassis-state-mgmt = "Chassis state management"
@@ -196,5 +196,4 @@
nss-pam-ldapd \
phosphor-ldap \
phosphor-nslcd-cert-config \
- phosphor-nslcd-authority-cert-config \
"