noverify-bmc-update: Only commit payload on update

We don't want to allow indirect updates via users issuing `mc reboot
cold` commands after verifying but without peforming the update step.

(From meta-phosphor rev: 892e90b3ea1eb39994af943a8686bb96c1473ad9)

Change-Id: Ia846efafef6bdf64f102d6e0511d5e8ed874e966
Signed-off-by: William A. Kennington III <wak@google.com>
Fixed misspelling of command
Signed-off-by: Brad Bishop<bradleyb@fuzziesquirrel.com>
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
diff --git a/meta-phosphor/recipes-phosphor/flash/noverify-bmc-update.bb b/meta-phosphor/recipes-phosphor/flash/noverify-bmc-update.bb
index fb1480f..503e836 100644
--- a/meta-phosphor/recipes-phosphor/flash/noverify-bmc-update.bb
+++ b/meta-phosphor/recipes-phosphor/flash/noverify-bmc-update.bb
@@ -4,9 +4,11 @@
 
 inherit systemd
 
+SRC_URI += "file://noverify-bmc-update.service"
 SRC_URI += "file://noverify-bmc-verify.service"
 SRC_URI += "file://config-bmc.json"
 
+SYSTEMD_SERVICE_${PN} += "noverify-bmc-update.service"
 SYSTEMD_SERVICE_${PN} += "noverify-bmc-verify.service"
 FILES_${PN} += "${datadir}/phosphor-ipmi-flash/config-bmc.json"
 
@@ -15,5 +17,6 @@
   install -m 0644 ${WORKDIR}/config-bmc.json ${D}${datadir}/phosphor-ipmi-flash
 
   install -d ${D}${systemd_system_unitdir}
+  install -m 0644 ${WORKDIR}/noverify-bmc-update.service ${D}${systemd_system_unitdir}
   install -m 0644 ${WORKDIR}/noverify-bmc-verify.service ${D}${systemd_system_unitdir}
 }
diff --git a/meta-phosphor/recipes-phosphor/flash/noverify-bmc-update/config-bmc.json b/meta-phosphor/recipes-phosphor/flash/noverify-bmc-update/config-bmc.json
index 86afb3b..31df4a1 100644
--- a/meta-phosphor/recipes-phosphor/flash/noverify-bmc-update/config-bmc.json
+++ b/meta-phosphor/recipes-phosphor/flash/noverify-bmc-update/config-bmc.json
@@ -14,7 +14,7 @@
 		},
 		"update": {
 			"type": "systemd",
-			"unit": "reboot.target"
+			"unit": "noverify-bmc-update.service"
 		}
 	}
 }]
diff --git a/meta-phosphor/recipes-phosphor/flash/noverify-bmc-update/noverify-bmc-update.service b/meta-phosphor/recipes-phosphor/flash/noverify-bmc-update/noverify-bmc-update.service
new file mode 100644
index 0000000..e30d647
--- /dev/null
+++ b/meta-phosphor/recipes-phosphor/flash/noverify-bmc-update/noverify-bmc-update.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=Commit image for update and reboot
+
+[Service]
+Type=oneshot
+ExecStart=/bin/mv /run/initramfs/bmc-image-verified /run/initramfs/image-bmc
+# This command is intentionally blocking to ensure this unit doesn't complete
+# before the BMC reboots.
+ExecStart=/usr/bin/systemctl start --job-mode=replace-irreversibly reboot.target
diff --git a/meta-phosphor/recipes-phosphor/flash/noverify-bmc-update/noverify-bmc-verify.service b/meta-phosphor/recipes-phosphor/flash/noverify-bmc-update/noverify-bmc-verify.service
index 50855b6..a535329 100644
--- a/meta-phosphor/recipes-phosphor/flash/noverify-bmc-update/noverify-bmc-verify.service
+++ b/meta-phosphor/recipes-phosphor/flash/noverify-bmc-update/noverify-bmc-verify.service
@@ -3,4 +3,4 @@
 
 [Service]
 Type=oneshot
-ExecStart=/bin/mv /run/initramfs/bmc-image /run/initramfs/image-bmc
+ExecStart=/bin/mv /run/initramfs/bmc-image /run/initramfs/bmc-image-verified