certificate-manager: supply configs from the repo This change is a part of the privilege seperation work which is tracked in: https://github.com/openbmc/openbmc/issues/3383 This change should be merged after individual repo change: https://gerrit.openbmc-project.xyz/c/openbmc/phosphor-certificate-manager/+/41166 Signed-off-by: Anton D. Kachalov <gmouse@google.com> Change-Id: I72e4842e7aa6de2ae4bcbdbf00953b7a79a0f414

commit: 609d48731fd3758910ed5a68d5ce1d6e80c2dfd3 [log] [tgz]
author: Anton D. Kachalov <gmouse@google.com> Fri Mar 19 11:30:43 2021 +0100
committer: Anton D. Kachalov <gmouse@google.com> Sun Oct 03 17:40:03 2021 +0200
tree: 4373521611551a68a9fcf2d872565eb649eb6247
parent: 79eaf441714b61f6d8f89efc77544e1d7ca1a5d6 [diff]
diff --git a/meta-google/recipes-phosphor/packagegroups/packagegroup-obmc-apps.bbappend b/meta-google/recipes-phosphor/packagegroups/packagegroup-obmc-apps.bbappend
index 46135c3..76ec9a5 100644
--- a/meta-google/recipes-phosphor/packagegroups/packagegroup-obmc-apps.bbappend
+++ b/meta-google/recipes-phosphor/packagegroups/packagegroup-obmc-apps.bbappend

@@ -8,4 +8,4 @@
 RDEPENDS:${PN}-extrasdev:remove:gbmc = "rest-dbus"
 
 # Disable bmcweb for gbmc machines without redfish.
-RDEPENDS:${PN}-extras:remove:gbmc = '${@bb.utils.contains:any("MACHINE_FEATURES", ['redfish'], "", "bmcweb phosphor-bmcweb-cert-config", d)}'
+RDEPENDS:${PN}-extras:remove:gbmc = '${@bb.utils.contains:any("MACHINE_FEATURES", ['redfish'], "", "bmcweb", d)}'

diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-bmcweb-cert-config.bb b/meta-phosphor/recipes-phosphor/certificate/phosphor-bmcweb-cert-config.bb
deleted file mode 100644
index 1d9f5a3..0000000
--- a/meta-phosphor/recipes-phosphor/certificate/phosphor-bmcweb-cert-config.bb
+++ /dev/null

@@ -1,30 +0,0 @@
-SUMMARY = "Phosphor certificate manager configuration for a bmcweb service"
-
-PR = "r1"
-
-LICENSE = "Apache-2.0"
-LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10"
-
-RDEPENDS:${PN} = "phosphor-certificate-manager"
-
-inherit allarch
-
-SRC_URI = "file://env"
-
-FILES:${PN} = "${datadir}"
-
-do_install() {
-	install -D ${WORKDIR}/env ${D}/${datadir}/phosphor-certificate-manager/bmcweb
-}
-
-pkg_postinst:${PN}() {
-	LINK="$D$systemd_system_unitdir/multi-user.target.wants/phosphor-certificate-manager@bmcweb.service"
-	TARGET="../phosphor-certificate-manager@.service"
-	mkdir -p $D$systemd_system_unitdir/multi-user.target.wants
-	ln -s $TARGET $LINK
-}
-
-pkg_prerm:${PN}() {
-	LINK="$D$systemd_system_unitdir/multi-user.target.wants/phosphor-certificate-manager@bmcweb.service"
-	rm $LINK
-}

diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-bmcweb-cert-config/env b/meta-phosphor/recipes-phosphor/certificate/phosphor-bmcweb-cert-config/env
deleted file mode 100644
index af4899a..0000000
--- a/meta-phosphor/recipes-phosphor/certificate/phosphor-bmcweb-cert-config/env
+++ /dev/null

@@ -1,12 +0,0 @@
-#D-Bus object path
-#example: /xyz/openbmc_project/certs/server/https
-ENDPOINT=https
-
-#Path for the certificate file
-CERTPATH=/etc/ssl/certs/https/server.pem
-
-#Units to restart
-UNIT=bmcweb.service
-
-#Type of the service client/server
-TYPE=server

diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager/phosphor-certificate-manager@.service b/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager/phosphor-certificate-manager@.service
deleted file mode 100644
index 255906f..0000000
--- a/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager/phosphor-certificate-manager@.service
+++ /dev/null

@@ -1,11 +0,0 @@
-[Unit]
-Description=Phosphor certificate manager for %I
-
-[Service]
-EnvironmentFile=/usr/share/phosphor-certificate-manager/%I
-ExecStart=/usr/bin/env phosphor-certificate-manager --endpoint=${{ENDPOINT}} --path=${{CERTPATH}} --unit=${{UNIT}} --type=${{TYPE}}
-SyslogIdentifier=phosphor-certificate-manager
-Restart=always
-
-[Install]
-WantedBy=multi-user.target

diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager_git.bb b/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager_git.bb
index 30730a4..d2a7e4f 100644
--- a/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager_git.bb
+++ b/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager_git.bb

@@ -9,14 +9,15 @@
 LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327"
 
 SRC_URI = "git://github.com/openbmc/phosphor-certificate-manager"
-SRCREV = "811a29e1941db0157f49d2e05491be945f7b2f07"
+SRCREV = "6dd1c2ad86507202dd55c533559e253f846e99c8"
 
 inherit autotools \
         pkgconfig \
-        obmc-phosphor-systemd
+        systemd
 
 DEPENDS = " \
         autoconf-archive-native \
+        dbus \
         openssl \
         phosphor-dbus-interfaces \
         phosphor-logging \
@@ -28,9 +29,18 @@
 
 EXTRA_OECONF += "--disable-tests"
 
-CERT_TMPL = "phosphor-certificate-manager@.service"
-SYSTEMD_SERVICE:${PN} = "${CERT_TMPL}"
+SYSTEMD_SERVICE:${PN} = "phosphor-certificate-manager@.service"
 
-PACKAGECONFIG ??= ""
+PACKAGECONFIG ??= "bmcweb-cert nslcd-authority-cert"
 PACKAGECONFIG[ibm-hypervisor-cert] = "--enable-ca-cert-extension,,"
-SYSTEMD_SERVICE:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'ibm-hypervisor-cert', 'bmc-vmi-ca-manager.service', '', d)}"
+PACKAGECONFIG[bmcweb-cert] = "--enable-bmcweb-cert-config,,"
+PACKAGECONFIG[nslcd-authority-cert] = "--enable-nslcd-authority-cert-config,,"
+
+SYSTEMD_SERVICE:${PN} = " \
+        phosphor-certificate-manager@.service \
+        ${@bb.utils.contains('PACKAGECONFIG', 'ibm-hypervisor-cert', 'bmc-vmi-ca-manager.service', '', d)} \
+        ${@bb.utils.contains('PACKAGECONFIG', 'nslcd-authority-cert', 'phosphor-certificate-manager@authority.service', '', d)} \
+        ${@bb.utils.contains('PACKAGECONFIG', 'bmcweb', 'phosphor-certificate-manager@bmcweb.service', '', d)} \
+        "
+
+FILES:${PN}:append = " ${sysconfdir}/dbus-1 ${base_libdir} ${datadir} ${bindir}"

diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config.bb b/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config.bb
deleted file mode 100644
index c847b6d..0000000
--- a/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config.bb
+++ /dev/null

@@ -1,30 +0,0 @@
-SUMMARY = "Phosphor certificate manager configuration for an nslcd authority service"
-
-PR = "r1"
-
-LICENSE = "Apache-2.0"
-LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10"
-
-RDEPENDS:${PN} = "phosphor-certificate-manager"
-
-inherit allarch
-
-SRC_URI = "file://env"
-
-FILES:${PN} = "${datadir}"
-
-do_install() {
-	install -D ${WORKDIR}/env ${D}/${datadir}/phosphor-certificate-manager/authority
-}
-
-pkg_postinst:${PN}() {
-	LINK="$D$systemd_system_unitdir/multi-user.target.wants/phosphor-certificate-manager@authority.service"
-	TARGET="../phosphor-certificate-manager@.service"
-	mkdir -p $D$systemd_system_unitdir/multi-user.target.wants
-	ln -s $TARGET $LINK
-}
-
-pkg_prerm:${PN}() {
-	LINK="$D$systemd_system_unitdir/multi-user.target.wants/phosphor-certificate-manager@authority.service"
-	rm $LINK
-}

diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config/env b/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config/env
deleted file mode 100644
index d2e8814..0000000
--- a/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config/env
+++ /dev/null

@@ -1,12 +0,0 @@
-#REST URI endpoint
-#example: /xyz/openbmc_project/certs/authority/ldap
-ENDPOINT=ldap
-
-#Path for the certificate file
-CERTPATH=/etc/ssl/certs/authority
-
-#Units to restart
-UNIT=bmcweb.service
-
-#Type of service
-TYPE=authority

diff --git a/meta-phosphor/recipes-phosphor/packagegroups/packagegroup-obmc-apps.bb b/meta-phosphor/recipes-phosphor/packagegroups/packagegroup-obmc-apps.bb
index e6c223e..c035c6d 100644
--- a/meta-phosphor/recipes-phosphor/packagegroups/packagegroup-obmc-apps.bb
+++ b/meta-phosphor/recipes-phosphor/packagegroups/packagegroup-obmc-apps.bb

@@ -43,7 +43,7 @@
 SUMMARY:${PN}-bmcweb = "bmcweb support"
 RDEPENDS:${PN}-bmcweb = " \
         bmcweb \
-        phosphor-bmcweb-cert-config \
+        phosphor-certificate-manager \
         "
 
 SUMMARY:${PN}-chassis-state-mgmt = "Chassis state management"
@@ -196,5 +196,4 @@
         nss-pam-ldapd \
         phosphor-ldap \
         phosphor-nslcd-cert-config \
-        phosphor-nslcd-authority-cert-config \
         "

diff --git a/meta-quanta/meta-gbs/recipes-phosphor/images/obmc-phosphor-image.bbappend b/meta-quanta/meta-gbs/recipes-phosphor/images/obmc-phosphor-image.bbappend
index 9860495..5053901 100644
--- a/meta-quanta/meta-gbs/recipes-phosphor/images/obmc-phosphor-image.bbappend
+++ b/meta-quanta/meta-gbs/recipes-phosphor/images/obmc-phosphor-image.bbappend

@@ -28,8 +28,7 @@
 OBMC_IMAGE_EXTRA_INSTALL:append:gbs = " phosphor-inventory-manager"
 # Required for obmc-bmcweb
 OBMC_IMAGE_EXTRA_INSTALL:append:gbs = " bmcweb"
-OBMC_IMAGE_EXTRA_INSTALL:append:gbs = " phosphor-bmcweb-cert-config"
-OBMC_IMAGE_EXTRA_INSTALL:append:gbs = " phosphor-nslcd-authority-cert-config"
+OBMC_IMAGE_EXTRA_INSTALL:append:gbs = " phosphor-certificate-manager"
 OBMC_IMAGE_EXTRA_INSTALL:append:gbs = " phosphor-user-manager"
 # Required for LEDs. Part of obmc-leds
 OBMC_IMAGE_EXTRA_INSTALL:append:gbs = " ${VIRTUAL-RUNTIME_obmc-leds-manager}"
commit	609d48731fd3758910ed5a68d5ce1d6e80c2dfd3	[log] [tgz]
author	Anton D. Kachalov <gmouse@google.com>	Fri Mar 19 11:30:43 2021 +0100
committer	Anton D. Kachalov <gmouse@google.com>	Sun Oct 03 17:40:03 2021 +0200
tree	4373521611551a68a9fcf2d872565eb649eb6247
parent	79eaf441714b61f6d8f89efc77544e1d7ca1a5d6 [diff]