Support uploading multiple certificates per authority service
Since the certificate manager can support multiple certificates
the CERTPATH for mode=authentication will be changed to directory.
This change depends on anothere review, see Depends-On tag.
Becase the TrustStore will be used by TLS authentication,
any operation on certificates should result in bmcweb restart, that
is why #Units to restart entry is added.
Since update procedure will not replace configuration file in /etc
all configuration files for the certificate-manager will be deployed
in /usr/share/phosphor-certificate-manager.
(From meta-phosphor rev: 0c09ff71d089c614b14d076d933e849f2f74281e)
Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>
Change-Id: Ib7f4ba60760ab8cd1ac647bc51dadf50af7fedc7
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-bmcweb-cert-config.bb b/meta-phosphor/recipes-phosphor/certificate/phosphor-bmcweb-cert-config.bb
index cc1f082..9fa5f3a 100644
--- a/meta-phosphor/recipes-phosphor/certificate/phosphor-bmcweb-cert-config.bb
+++ b/meta-phosphor/recipes-phosphor/certificate/phosphor-bmcweb-cert-config.bb
@@ -11,8 +11,10 @@
SRC_URI = "file://env"
+FILES_${PN} = "${datadir}"
+
do_install() {
- install -D ${WORKDIR}/env ${D}/${sysconfdir}/default/obmc/cert/bmcweb
+ install -D ${WORKDIR}/env ${D}/${datadir}/phosphor-certificate-manager/bmcweb
}
pkg_postinst_${PN}() {
diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager/phosphor-certificate-manager@.service b/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager/phosphor-certificate-manager@.service
index a821566..255906f 100644
--- a/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager/phosphor-certificate-manager@.service
+++ b/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager/phosphor-certificate-manager@.service
@@ -2,7 +2,7 @@
Description=Phosphor certificate manager for %I
[Service]
-EnvironmentFile={envfiledir}/obmc/cert/%I
+EnvironmentFile=/usr/share/phosphor-certificate-manager/%I
ExecStart=/usr/bin/env phosphor-certificate-manager --endpoint=${{ENDPOINT}} --path=${{CERTPATH}} --unit=${{UNIT}} --type=${{TYPE}}
SyslogIdentifier=phosphor-certificate-manager
Restart=always
diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config.bb b/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config.bb
index f15fc73..07302d6 100644
--- a/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config.bb
+++ b/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config.bb
@@ -11,8 +11,10 @@
SRC_URI = "file://env"
+FILES_${PN} = "${datadir}"
+
do_install() {
- install -D ${WORKDIR}/env ${D}/${sysconfdir}/default/obmc/cert/authority
+ install -D ${WORKDIR}/env ${D}/${datadir}/phosphor-certificate-manager/authority
}
pkg_postinst_${PN}() {
diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config/env b/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config/env
index 849d695..d2e8814 100644
--- a/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config/env
+++ b/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-authority-cert-config/env
@@ -3,7 +3,10 @@
ENDPOINT=ldap
#Path for the certificate file
-CERTPATH=/etc/ssl/certs/Root-CA.pem
+CERTPATH=/etc/ssl/certs/authority
+
+#Units to restart
+UNIT=bmcweb.service
#Type of service
TYPE=authority
diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-cert-config.bb b/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-cert-config.bb
index 0a53a32..5b0c03a 100644
--- a/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-cert-config.bb
+++ b/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-cert-config.bb
@@ -11,8 +11,10 @@
SRC_URI = "file://env"
+FILES_${PN} = "${datadir}"
+
do_install() {
- install -D ${WORKDIR}/env ${D}/${sysconfdir}/default/obmc/cert/nslcd
+ install -D ${WORKDIR}/env ${D}/${datadir}/phosphor-certificate-manager/nslcd
}
pkg_postinst_${PN}() {