Merge branch 'master' into dunfell

classes/swupdate-common.bbclass

@@ -18,6 +18,36 @@ def swupdate_get_sha256(s, filename):
             m.update(data)
     return m.hexdigest()
 
+def swupdate_extract_keys(keyfile):
+    try:
+        keys = open(keyfile)
+    except IOError:
+        bb.fatal("Failed to open file with keys %s" % (keyfile))
+    lines = keys.read()
+    keys.close()
+    lines = lines.splitlines(True)
+    for line in lines:
+        line = line.replace('\n', '')
+        kv = line.split('=')
+        if kv[0] == 'salt':
+            salt = kv[1]
+        if kv[0] == 'key':
+            key = kv[1]
+        if kv[0] == 'iv' or kv[0] == 'iv ':
+            iv = kv[1]
+    return key,iv,salt
+
+def swupdate_encrypt_file(f, out, key, ivt, salt):
+    cmd = "openssl enc -aes-256-cbc -in '%s' -out '%s' -K '%s' -iv '%s' -S '%s'" % (
+                f,
+                out,
+                key,
+                ivt,
+                salt)
+    if os.system(cmd) != 0:
+        bb.fatal("Failed to encrypt %s" % (f))
+
+
 def swupdate_write_sha256(s, filename, hash):
     write_lines = []
 
@@ -66,6 +96,7 @@ def swupdate_expand_bitbake_variables(d, s):
             f.write(line)
 
 def prepare_sw_description(d, s, list_for_cpio):
+    import shutil
 
     swupdate_expand_bitbake_variables(d, s)
 
@@ -74,6 +105,13 @@ def prepare_sw_description(d, s, list_for_cpio):
             hash = swupdate_get_sha256(s, file)
             swupdate_write_sha256(s, file, hash)
 
+    encrypt = d.getVar('SWUPDATE_ENCRYPT_SWDESC', True)
+    if encrypt:
+        bb.note("Encryption of sw-description")
+        shutil.copyfile(os.path.join(s, 'sw-description'), os.path.join(s, 'sw-description.plain'))
+        key,iv,salt = swupdate_extract_keys(d.getVar('SWUPDATE_AES_FILE', True))
+        swupdate_encrypt_file(os.path.join(s, 'sw-description.plain'), os.path.join(s, 'sw-description'), key, iv, salt)
+
     signing = d.getVar('SWUPDATE_SIGNING', True)
     if signing == "1":
         bb.warn('SWUPDATE_SIGNING = "1" is deprecated, falling back to "RSA". It is advised to set it to "RSA" if using RSA signing.')

classes/swupdate.bbclass

@@ -32,6 +32,7 @@
 #   image file with exactly the name as specified in SWUPDATE_IMAGES is searched for.
 
 inherit swupdate-common.bbclass
+inherit image-artifact-names
 
 S = "${WORKDIR}/${PN}"
 
@@ -99,16 +100,28 @@ python do_swuimage () {
         local = fetch.localpath(url)
         filename = os.path.basename(local)
         if (filename != 'sw-description') and (os.path.isfile(local)):
-            shutil.copyfile(local, os.path.join(s, "%s" % filename ))
+            encrypted = (d.getVarFlag("SWUPDATE_IMAGES_ENCRYPTED", filename, True) or "")
+            key,iv,salt = swupdate_extract_keys(d.getVar('SWUPDATE_AES_FILE', True))
+            dst = os.path.join(s, "%s" % filename )
+            if encrypted == '1':
+                bb.note("Encryption requested for %s" %(filename))
+                swupdate_encrypt_file(local, dst, key, iv, salt)
+            else:
+                shutil.copyfile(local, dst)
             list_for_cpio.append(filename)
 
-    def add_image_to_swu(deploydir, imagename, s):
+    def add_image_to_swu(deploydir, imagename, s, encrypt):
         src = os.path.join(deploydir, imagename)
         if not os.path.isfile(src):
             return False
         target_imagename = os.path.basename(imagename)  # allow images in subfolders of DEPLOY_DIR_IMAGE
         dst = os.path.join(s, target_imagename)
-        shutil.copyfile(src, dst)
+        if encrypt == '1':
+            key,iv,salt = swupdate_extract_keys(d.getVar('SWUPDATE_AES_FILE', True))
+            bb.note("Encryption requested for %s" %(imagename))
+            swupdate_encrypt_file(src, dst, key, iv, salt)
+        else:
+            shutil.copyfile(src, dst)
         list_for_cpio.append(target_imagename)
         return True
 
@@ -117,6 +130,7 @@ python do_swuimage () {
     imgdeploydir = d.getVar('IMGDEPLOYDIR', True)
     for image in images:
         fstypes = (d.getVarFlag("SWUPDATE_IMAGES_FSTYPES", image, True) or "").split()
+        encrypted = (d.getVarFlag("SWUPDATE_IMAGES_ENCRYPTED", image, True) or "")
         if fstypes:
             noappend_machine = d.getVarFlag("SWUPDATE_IMAGES_NOAPPEND_MACHINE", image, True)
             if noappend_machine == False:  # Search for a file explicitely with MACHINE
@@ -128,7 +142,7 @@ python do_swuimage () {
             for fstype in fstypes:
                 image_found = False
                 for imagebase in imagebases:
-                    image_found = add_image_to_swu(deploydir, imagebase + fstype, s)
+                    image_found = add_image_to_swu(deploydir, imagebase + fstype, s, encrypted)
                     if image_found:
                         break
                 if not image_found:

conf/layer.conf

@@ -9,6 +9,6 @@ BBFILE_COLLECTIONS += "swupdate"
 BBFILE_PATTERN_swupdate := "^${LAYERDIR}/"
 BBFILE_PRIORITY_swupdate = "6"
 
-LAYERSERIES_COMPAT_swupdate = "rocko sumo thud warrior zeus dunfell"
+LAYERSERIES_COMPAT_swupdate = "dunfell gatesgarth hardknott"
 
 LAYERDEPENDS_swupdate = "openembedded-layer"

recipes-devtools/mtd/files/0001-libubigen-remove-unnecessary-include.patch

@@ -1,29 +0,0 @@
-From 87809c4804d3355ecd2fd0bd3362526fa27bf953 Mon Sep 17 00:00:00 2001
-From: Bastian Germann <bastiangermann@fishpost.de>
-Date: Wed, 29 Jan 2020 19:50:12 +0100
-Subject: [PATCH 1/2] libubigen: remove unnecessary include
-
-libubigen.h does not use any symbol from mtd/ubi-media.h,
-so remove it from includes.
-
-Signed-off-by: Bastian Germann <bastiangermann@fishpost.de>
-Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
----
- include/libubigen.h | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/include/libubigen.h b/include/libubigen.h
-index c25ac20..48d2fad 100644
---- a/include/libubigen.h
-+++ b/include/libubigen.h
-@@ -26,7 +26,6 @@
- #define __LIBUBIGEN_H__
- 
- #include <stdint.h>
--#include <mtd/ubi-media.h>
- 
- #ifdef __cplusplus
- extern "C" {
--- 
-2.25.1
-

recipes-devtools/mtd/files/0002-libubi-remove-private-kernel-header-from-includes.patch

@@ -1,58 +0,0 @@
-From 42e051acd32c28c2f93c946d0c4bf6f9eada2aa4 Mon Sep 17 00:00:00 2001
-From: Bastian Germann <bastiangermann@fishpost.de>
-Date: Wed, 29 Jan 2020 19:50:13 +0100
-Subject: [PATCH 2/2] libubi: remove private kernel header from includes
-
-libubi.h includes ubi-media.h which was made private in the kernel a
-long time ago. There are users of libubi.h, e.g. swupdate, which have to
-have ubi-media.h available at build time with this inclusion.
-
-However, libubi.h uses only one symbol from ubi-media.h. Define that symbol
-in the header to enable using libubi.h without installing ubi-media.h.
-
-Make up for the transitive symbol use in ubiformat.c by including ubi-media.h.
-
-Signed-off-by: Bastian Germann <bastiangermann@fishpost.de>
-Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
----
- include/libubi.h      | 4 +++-
- ubi-utils/ubiformat.c | 1 +
- 2 files changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/include/libubi.h b/include/libubi.h
-index 46596a3..46c732a 100644
---- a/include/libubi.h
-+++ b/include/libubi.h
-@@ -26,7 +26,6 @@
- #include <ctype.h>
- #include <stdint.h>
- #include <mtd/ubi-user.h>
--#include <mtd/ubi-media.h>
- 
- #ifdef __cplusplus
- extern "C" {
-@@ -38,6 +37,9 @@ extern "C" {
- /* Maximum physical eraseblock size in bytes */
- #define UBI_MAX_PEB_SZ (2*1024*1024)
- 
-+/* The maximum volume name length (from Linux's ubi-media.h) */
-+#define UBI_VOL_NAME_MAX 127
-+
- /* UBI library descriptor */
- typedef void * libubi_t;
- 
-diff --git a/ubi-utils/ubiformat.c b/ubi-utils/ubiformat.c
-index be40e52..d1b12e4 100644
---- a/ubi-utils/ubiformat.c
-+++ b/ubi-utils/ubiformat.c
-@@ -38,6 +38,7 @@
- #include <getopt.h>
- #include <fcntl.h>
- 
-+#include <mtd/ubi-media.h>
- #include <libubi.h>
- #include <libmtd.h>
- #include <libscan.h>
--- 
-2.25.1
-

recipes-devtools/mtd/mtd-utils_%.bbappend

@@ -2,11 +2,6 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
 
 FILES_${PN}-staticdev += "ubi-utils/libubi.a ${libdir}/*.a"
 
-SRC_URI += " \
-	file://0001-libubigen-remove-unnecessary-include.patch \
-	file://0002-libubi-remove-private-kernel-header-from-includes.patch \
-"
-
 do_install_append () {
 	install -d ${D}${includedir}/mtd/
 	install -d ${D}${libdir}/

recipes-support/swupdate/swupdate.inc

@@ -1,9 +1,18 @@
 SUMMARY="Image updater for Yocto projects"
 DESCRIPTION = "Application for automatic software update from USB Pen"
 SECTION="swupdate"
-DEPENDS = "libconfig"
-LICENSE = "GPLv2+"
-LIC_FILES_CHKSUM = "file://COPYING;md5=0636e73ff0215e8d672dc4c32c317bb3"
+DEPENDS += "libconfig"
+
+# SWUpdate licensing is described in the following pages:
+# https://sbabic.github.io/swupdate/licensing.html
+# rst form: file://doc/source/licensing.rst
+LICENSE = "GPLv2+ & LGPLv2+ & MIT"
+LICENSE_${PN}-lua = "LGPLv2+"
+LICENSE_${PN}-www = "MIT"
+LIC_FILES_CHKSUM = "file://COPYING;md5=0636e73ff0215e8d672dc4c32c317bb3 \
+                    file://Licenses/lgpl-2.1.txt;md5=4fbd65380cdd255951079008b364516c \
+                    file://Licenses/mit.txt;md5=838c366f69b72c5df05c96dff79b35f2 \
+                    file://Licenses/Exceptions;md5=5f205fe7a7f2b056b4fa42603fe2d63a"
 
 inherit cml1 update-rc.d systemd pkgconfig
 
@@ -21,6 +30,8 @@ SRC_URI = "git://github.com/sbabic/swupdate.git;protocol=https \
     file://90-start-progress \
 "
 
+LTOEXTRA += "-flto-partition=none"
+
 PACKAGES =+ " \
     ${PN}-client \
     ${PN}-lua \
@@ -68,17 +79,13 @@ RDEPENDS_${PN}-tools += "${PN}-client ${PN}-progress ${PN}-tools-hawkbit \
     ${@bb.utils.contains('DISTRO_FEATURES','systemd','${PN}-usb','',d)} \
 "
 
-S = "${WORKDIR}/git/"
-B = "${WORKDIR}/build/"
+S = "${WORKDIR}/git"
+B = "${WORKDIR}/build"
 
 EXTRA_OEMAKE += " O=${B} HOSTCC="${BUILD_CC}" HOSTCXX="${BUILD_CXX}" LD="${CC}" DESTDIR="${D}" LIBDIR="${libdir}" V=1 ARCH=${TARGET_ARCH} CROSS_COMPILE=${TARGET_PREFIX} SKIP_STRIP=y"
 
 DEPENDS += "kern-tools-native"
 
-# returns all the elements from the src uri that are .cfg files
-def find_cfgs(d):
-    return [s for s in src_patches(d, True) if s.endswith('.cfg')]
-
 python () {
     import re
 
@@ -123,6 +130,8 @@ python () {
         depends += ' openssl'
     elif 'CONFIG_SSL_IMPL_MBEDTLS=y\n' in features:
         depends += ' mbedtls'
+    elif 'CONFIG_SSL_IMPL_WOLFSSL=y\n' in features:
+        depends += ' wolfssl'
 
     if 'CONFIG_JSON=y\n' in features:
         depends += ' json-c'
@@ -160,6 +169,9 @@ python () {
     if 'CONFIG_ZSTD=y\n' in features:
         depends += ' zstd'
 
+    if 'CONFIG_DISKPART=y\n' in features:
+        depends += ' util-linux'
+
     d.setVar('DEPENDS', depends)
 
     if 'CONFIG_MONGOOSE=y\n' in features:

recipes-support/swupdate/swupdate/swupdate-usb.rules

@@ -1,2 +1,2 @@
-ACTION=="add", KERNEL=="sd*", SUBSYSTEM=="block", ENV{ID_FS_USAGE}=="filesystem", TAG+="systemd", ENV{SYSTEMD_WANTS}+="swupdate-usb@%k.service"
+ACTION=="add", KERNEL=="sd*", SUBSYSTEM=="block", ENV{ID_BUS}=="usb", ENV{ID_FS_USAGE}=="filesystem", TAG+="systemd", ENV{SYSTEMD_WANTS}+="swupdate-usb@%k.service"
 

recipes-support/swupdate/swupdate_2019.11.bb

@@ -1,6 +0,0 @@
-require swupdate.inc
-
-SRCREV = "5de3bc30a203ee218f9ebbe256b42e26cf06c74f"
-
-# Building out of tree is broken in this version
-B = "${S}"

recipes-support/swupdate/swupdate_2020.11.bb

@@ -0,0 +1,3 @@
+require swupdate.inc
+
+SRCREV = "e0684ea4f491e4b87d5c0ce1c1418005b4158cb2"

recipes-support/swupdate/swupdate_git.bb

@@ -2,5 +2,5 @@ require swupdate.inc
 
 DEFAULT_PREFERENCE = "-1"
 
-SRCREV ?= "20c30531b6be6e379aafb1425d56481578f36c1b"
-PV = "2020.04+git${SRCPV}"
+SRCREV ?= "e0684ea4f491e4b87d5c0ce1c1418005b4158cb2"
+PV = "2020.11+git${SRCPV}"