Message ID | 1525384358-26211-1-git-send-email-angelo@amarulasolutions.com |
---|---|
State | Superseded |
Headers | show |
Series | [v2] package/mender: new package | expand |
Hello Angelo, Thanks for pushing this further. We definitely want to have Mender.io support in Buildroot, so it's great to see this make progress. On Thu, 3 May 2018 23:52:38 +0200, Angelo Compagnucci wrote: > package/mender/server.crt | 22 ++++++++++++++ Not a complete review by far, but I'm wondering if it makes sense to include server certificates in Buildroot. I would assume that one would want to generate his own certificate instead, no ? > diff --git a/package/mender/Config.in b/package/mender/Config.in > new file mode 100644 > index 0000000..b80ad4a > --- /dev/null > +++ b/package/mender/Config.in > @@ -0,0 +1,14 @@ > +config BR2_PACKAGE_MENDER > + bool "mender" > + depends on BR2_PACKAGE_HOST_GO_ARCH_SUPPORTS > + depends on BR2_PACKAGE_HOST_GO_CGO_LINKING_SUPPORTS > + depends on BR2_TOOLCHAIN_HAS_THREADS > + depends on BR2_INIT_SYSTEMD Is there anything that makes mender tied to systemd, other than the fact that you provide only a systemd mender.service, and no init script ? > + Unneeded empty new line. > +define MENDER_INSTALL_TARGET_CMDS > + $(INSTALL) -dm 0755 $(TARGET_DIR)/etc/mender/ > + $(INSTALL) -dm 0755 $(TARGET_DIR)/var/share/mender/identity/ > + $(INSTALL) -dm 0755 $(TARGET_DIR)/var/share/mender/inventory/ These commands are not needed: the $(INSTALL) -D below, with full destination paths, will create the intermediate directories if they don't already exist. > + $(INSTALL) -D -m 0644 package/mender/mender.conf \ > + $(TARGET_DIR)/etc/mender/mender.conf > + $(INSTALL) -D -m 0644 package/mender/tenant.conf \ > + $(TARGET_DIR)/etc/mender/mender.conf Are you sure that installing tenant.conf as mender.conf is what you want to do here ? > + $(INSTALL) -D -m 0644 package/mender/server.crt \ > + $(TARGET_DIR)/etc/mender/server.crt > + $(INSTALL) -D -m 0755 package/mender/mender-device-identity \ > + $(TARGET_DIR)/var/share/mender/identity/mender-device-identity > + $(INSTALL) -D -m 0755 package/mender/mender-inventory-network \ > + $(TARGET_DIR)/var/share/mender/inventory/mender-inventory-network > + $(INSTALL) -D -m 0755 package/mender/mender-inventory-hostinfo \ > + $(TARGET_DIR)/var/share/mender/inventory/mender-inventory-hostinfo > + $(INSTALL) -D -m 0644 package/mender/mender.service \ > + $(TARGET_DIR)/usr/lib/systemd/system/mender.service Is this enough to enable the systemd service ? In most packages, we do a dance like this: define OLSR_INSTALL_INIT_SYSTEMD $(INSTALL) -D -m 644 package/olsr/olsr.service \ $(TARGET_DIR)/usr/lib/systemd/system/olsr.service mkdir -p $(TARGET_DIR)/etc/systemd/system/multi-user.target.wants ln -sf ../../../../usr/lib/systemd/system/olsr.service \ $(TARGET_DIR)/etc/systemd/system/multi-user.target.wants/olsr.service endef Best regards, Thomas Petazzoni
Dear Thomas, On Fri, May 4, 2018 at 9:23 AM, Thomas Petazzoni <thomas.petazzoni@bootlin.com> wrote: > Hello Angelo, > > Thanks for pushing this further. We definitely want to have Mender.io > support in Buildroot, so it's great to see this make progress. > > On Thu, 3 May 2018 23:52:38 +0200, Angelo Compagnucci wrote: > >> package/mender/server.crt | 22 ++++++++++++++ > > Not a complete review by far, but I'm wondering if it makes sense to > include server certificates in Buildroot. I would assume that one would > want to generate his own certificate instead, no ? It's a test certificate just to starting up. The same file is included in the official yocto package so I thought it could useful to have here. > >> diff --git a/package/mender/Config.in b/package/mender/Config.in >> new file mode 100644 >> index 0000000..b80ad4a >> --- /dev/null >> +++ b/package/mender/Config.in >> @@ -0,0 +1,14 @@ >> +config BR2_PACKAGE_MENDER >> + bool "mender" >> + depends on BR2_PACKAGE_HOST_GO_ARCH_SUPPORTS >> + depends on BR2_PACKAGE_HOST_GO_CGO_LINKING_SUPPORTS >> + depends on BR2_TOOLCHAIN_HAS_THREADS >> + depends on BR2_INIT_SYSTEMD > > Is there anything that makes mender tied to systemd, other than the > fact that you provide only a systemd mender.service, and no init > script ? Mender depends on systemd stating to the requirements here https://docs.mender.io/1.4/devices/system-requirements > >> + > > Unneeded empty new line. > > >> +define MENDER_INSTALL_TARGET_CMDS >> + $(INSTALL) -dm 0755 $(TARGET_DIR)/etc/mender/ >> + $(INSTALL) -dm 0755 $(TARGET_DIR)/var/share/mender/identity/ >> + $(INSTALL) -dm 0755 $(TARGET_DIR)/var/share/mender/inventory/ > > These commands are not needed: the $(INSTALL) -D below, with full > destination paths, will create the intermediate directories if they > don't already exist. > >> + $(INSTALL) -D -m 0644 package/mender/mender.conf \ >> + $(TARGET_DIR)/etc/mender/mender.conf >> + $(INSTALL) -D -m 0644 package/mender/tenant.conf \ >> + $(TARGET_DIR)/etc/mender/mender.conf > > Are you sure that installing tenant.conf as mender.conf is what you > want to do here ? Ouch. > >> + $(INSTALL) -D -m 0644 package/mender/server.crt \ >> + $(TARGET_DIR)/etc/mender/server.crt >> + $(INSTALL) -D -m 0755 package/mender/mender-device-identity \ >> + $(TARGET_DIR)/var/share/mender/identity/mender-device-identity >> + $(INSTALL) -D -m 0755 package/mender/mender-inventory-network \ >> + $(TARGET_DIR)/var/share/mender/inventory/mender-inventory-network >> + $(INSTALL) -D -m 0755 package/mender/mender-inventory-hostinfo \ >> + $(TARGET_DIR)/var/share/mender/inventory/mender-inventory-hostinfo >> + $(INSTALL) -D -m 0644 package/mender/mender.service \ >> + $(TARGET_DIR)/usr/lib/systemd/system/mender.service > > Is this enough to enable the systemd service ? In most packages, we do > a dance like this: > > define OLSR_INSTALL_INIT_SYSTEMD > $(INSTALL) -D -m 644 package/olsr/olsr.service \ > $(TARGET_DIR)/usr/lib/systemd/system/olsr.service > mkdir -p $(TARGET_DIR)/etc/systemd/system/multi-user.target.wants > ln -sf ../../../../usr/lib/systemd/system/olsr.service \ > $(TARGET_DIR)/etc/systemd/system/multi-user.target.wants/olsr.service > endef > > Best regards, > > Thomas Petazzoni > -- > Thomas Petazzoni, CTO, Bootlin (formerly Free Electrons) > Embedded Linux and Kernel engineering > https://bootlin.com
Hello, On Fri, 4 May 2018 11:09:52 +0200, Angelo Compagnucci wrote: > > Not a complete review by far, but I'm wondering if it makes sense to > > include server certificates in Buildroot. I would assume that one would > > want to generate his own certificate instead, no ? > > It's a test certificate just to starting up. The same file is included > in the official yocto package so I thought it could useful to have > here. Ah, OK. Then perhaps it is fine to have this test certificate as well. > > Is there anything that makes mender tied to systemd, other than the > > fact that you provide only a systemd mender.service, and no init > > script ? > > Mender depends on systemd stating to the requirements here > https://docs.mender.io/1.4/devices/system-requirements I'm wondering whether this is a real dependency (i.e they are linked with systemd libraries), or whether it is just that they have only tested their integration with systemd. But OK, if they advertise this as a dependency, it's reasonable to have that as well in Buildroot. It can be relaxed later on if someone is interested in using Mender in a non-systemd system. Thanks! Thomas
Dear Thomas, On Fri, May 4, 2018 at 11:16 AM, Thomas Petazzoni <thomas.petazzoni@bootlin.com> wrote: > Hello, > > On Fri, 4 May 2018 11:09:52 +0200, Angelo Compagnucci wrote: > >> > Not a complete review by far, but I'm wondering if it makes sense to >> > include server certificates in Buildroot. I would assume that one would >> > want to generate his own certificate instead, no ? >> >> It's a test certificate just to starting up. The same file is included >> in the official yocto package so I thought it could useful to have >> here. > > Ah, OK. Then perhaps it is fine to have this test certificate as well. > >> > Is there anything that makes mender tied to systemd, other than the >> > fact that you provide only a systemd mender.service, and no init >> > script ? >> >> Mender depends on systemd stating to the requirements here >> https://docs.mender.io/1.4/devices/system-requirements > > I'm wondering whether this is a real dependency (i.e they are linked > with systemd libraries), or whether it is just that they have only > tested their integration with systemd. > > But OK, if they advertise this as a dependency, it's reasonable to have > that as well in Buildroot. It can be relaxed later on if someone is > interested in using Mender in a non-systemd system. Systemd is used to automate the workflow of download/install/reboot/verify operations of the mender daemon. This part can be disabled at compile time if a user is planning to use mender manually and don't want to relay on the mender daemon. I think this is fairly a not so common use case to justify the package changes. BTW, I will look into this if there is the requirement. > > Thanks! > > Thomas > -- > Thomas Petazzoni, CTO, Bootlin (formerly Free Electrons) > Embedded Linux and Kernel engineering > https://bootlin.com
diff --git a/package/Config.in b/package/Config.in index fe36d31..d87ccbd 100644 --- a/package/Config.in +++ b/package/Config.in @@ -2006,6 +2006,7 @@ menu "System tools" source "package/kvmtool/Config.in" source "package/libostree/Config.in" source "package/lxc/Config.in" + source "package/mender/Config.in" source "package/monit/Config.in" source "package/ncdu/Config.in" source "package/numactl/Config.in" diff --git a/package/mender/Config.in b/package/mender/Config.in new file mode 100644 index 0000000..b80ad4a --- /dev/null +++ b/package/mender/Config.in @@ -0,0 +1,14 @@ +config BR2_PACKAGE_MENDER + bool "mender" + depends on BR2_PACKAGE_HOST_GO_ARCH_SUPPORTS + depends on BR2_PACKAGE_HOST_GO_CGO_LINKING_SUPPORTS + depends on BR2_TOOLCHAIN_HAS_THREADS + depends on BR2_INIT_SYSTEMD + + help + Mender is an open source over-the-air (OTA) software updater for + embedded Linux devices. Mender comprises a client running at the + embedded device, as well as a server that manages deployments + across many devices. + + https://github.com/mendersoftware/mender diff --git a/package/mender/mender-device-identity b/package/mender/mender-device-identity new file mode 100644 index 0000000..d87f843 --- /dev/null +++ b/package/mender/mender-device-identity @@ -0,0 +1,52 @@ +#!/bin/sh + +# Example script called by Mender agent to collect device identity data. The +# script needs to be located at +# $(datadir)/mender/identity/mender-device-identity path for the agent to find +# it. The script shall exit with non-0 status on errors. In this case the agent +# will discard any output the script may have produced. +# +# The script shall output identity data in <key>=<value> format, one +# entry per line. Example +# +# $ ./mender-device-identity +# mac=de:ad:ca:fe:00:01 +# cpuid=1112233 +# +# The example script collects the MAC address of a network interface with the +# type ARPHRD_ETHER and it will pick the interface with the lowest ifindex +# number if there are multiple interfaces with that type. The identity data is +# output in the following format: +# +# mac=00:01:02:03:04:05 +# + +set -ue + +SCN=/sys/class/net +min=65535 +arphrd_ether=1 +ifdev= + +# find iface with lowest ifindex, skip non ARPHRD_ETHER types (lo, sit ...) +for dev in $SCN/*; do + iftype=$(cat $dev/type) + if [ $iftype -ne $arphrd_ether ]; then + continue + fi + + idx=$(cat $dev/ifindex) + if [ $idx -lt $min ]; then + min=$idx + ifdev=$dev + fi +done + +if [ -z "$ifdev" ]; then + echo "no suitable interfaces found" >&2 + exit 1 +else + echo "using interface $ifdev" >&2 + # grab MAC address + echo "mac=$(cat $ifdev/address)" +fi diff --git a/package/mender/mender-inventory-hostinfo b/package/mender/mender-inventory-hostinfo new file mode 100644 index 0000000..cf508fd --- /dev/null +++ b/package/mender/mender-inventory-hostinfo @@ -0,0 +1,21 @@ +#!/bin/sh +# +# The example script collects information about current host +# + +set -ue + +LC_ALL=C +export LC_ALL + +grep 'model name' /proc/cpuinfo | uniq | awk -F': ' ' + // { printf("cpu_model=%s\n", $2);} +' +echo "kernel=$(cat /proc/version)" + +cat /proc/meminfo | awk ' +/MemTotal/ {printf("mem_total_kB=%d\n", $2)} +' + +echo "hostname=$(cat /etc/hostname)" + diff --git a/package/mender/mender-inventory-network b/package/mender/mender-inventory-network new file mode 100644 index 0000000..b017c4e --- /dev/null +++ b/package/mender/mender-inventory-network @@ -0,0 +1,47 @@ +#!/bin/sh +# +# Example script called by Mender agent to collect inventory data for a +# particular devce. The script needs to be located in $(datadir)/mender and its +# name shall start with `mender-inventory-` prefix. The script shall exit with +# non-0 status on errors. In this case the agent will discard any output the +# script may have produced. +# +# The script shall output inventory data in <key>=<value> format, one entry per +# line. Entries appearing multiple times will be joined in a list under the same +# key. +# +# $ ./mender-inventory-network +# mac_br-fbfdad18c33c=02:42:7e:74:96:85 +# network_interfaces=br-fbfdad18c33c +# ipv4_br-fbfdad18c33c=172.21.0.1/16 +# mac_enp0s25=de:ad:be:ef:bb:05 +# network_interfaces=enp0s25 +# ipv4_enp0s25=123.22.0.197/16 +# ipv4_enp0s25=10.20.20.105/16 +# ipv6_enp0s25=fe80::2aad:beff:feef:bb05/64 +# +# +# The example script collects the list of network interfaces, as well as +# ethernet and IP addresses of each of the interfaces. +# + +set -ue + +SCN=/sys/class/net +min=65535 +ifdev= + +# find iface with lowest ifindex, except loopback +for devpath in $SCN/*; do + dev=$(basename $devpath) + if [ $dev = "lo" ]; then + continue + fi + echo "mac_$dev=$(cat $devpath/address)" + echo "network_interfaces=$dev" + + ip addr show dev $dev | awk -v dev=$dev ' + /inet / { printf("ipv4_%s=%s\n", dev, $2) } + /inet6 / {printf("ipv6_%s=%s\n", dev, $2) } + ' +done diff --git a/package/mender/mender.conf b/package/mender/mender.conf new file mode 100644 index 0000000..a5c7c54 --- /dev/null +++ b/package/mender/mender.conf @@ -0,0 +1,14 @@ +{ + "ClientProtocol": "http", + "HttpsClient": { + "Certificate": "", + "Key": "" + }, + "RootfsPartA": "@MENDER_ROOTFS_PART_A@", + "RootfsPartB": "@MENDER_ROOTFS_PART_B@", + "UpdatePollIntervalSeconds": @MENDER_UPDATE_POLL_INTERVAL_SECONDS@, + "InventoryPollIntervalSeconds": @MENDER_INVENTORY_POLL_INTERVAL_SECONDS@, + "RetryPollIntervalSeconds": @MENDER_RETRY_POLL_INTERVAL_SECONDS@, + "ServerURL": "@MENDER_SERVER_URL@", + "ServerCertificate": "@MENDER_CERT_LOCATION@" +} diff --git a/package/mender/mender.hash b/package/mender/mender.hash new file mode 100644 index 0000000..30a04fa --- /dev/null +++ b/package/mender/mender.hash @@ -0,0 +1,2 @@ +# Locally computed: +sha256 267fa73ad472b034248ee298593b5c52ea0b105fd73c91febb3587280c61bee2 mender-1.4.0.tar.gz diff --git a/package/mender/mender.mk b/package/mender/mender.mk new file mode 100644 index 0000000..c0c4aba --- /dev/null +++ b/package/mender/mender.mk @@ -0,0 +1,31 @@ +################################################################################ +# +# mender +# +################################################################################ + +MENDER_VERSION = 1.4.0 +MENDER_SOURCE = mender-$(MENDER_VERSION).tar.gz +MENDER_SITE = $(call github,mendersoftware,mender,$(MENDER_VERSION)) + +define MENDER_INSTALL_TARGET_CMDS + $(INSTALL) -dm 0755 $(TARGET_DIR)/etc/mender/ + $(INSTALL) -dm 0755 $(TARGET_DIR)/var/share/mender/identity/ + $(INSTALL) -dm 0755 $(TARGET_DIR)/var/share/mender/inventory/ + $(INSTALL) -D -m 0644 package/mender/mender.conf \ + $(TARGET_DIR)/etc/mender/mender.conf + $(INSTALL) -D -m 0644 package/mender/tenant.conf \ + $(TARGET_DIR)/etc/mender/mender.conf + $(INSTALL) -D -m 0644 package/mender/server.crt \ + $(TARGET_DIR)/etc/mender/server.crt + $(INSTALL) -D -m 0755 package/mender/mender-device-identity \ + $(TARGET_DIR)/var/share/mender/identity/mender-device-identity + $(INSTALL) -D -m 0755 package/mender/mender-inventory-network \ + $(TARGET_DIR)/var/share/mender/inventory/mender-inventory-network + $(INSTALL) -D -m 0755 package/mender/mender-inventory-hostinfo \ + $(TARGET_DIR)/var/share/mender/inventory/mender-inventory-hostinfo + $(INSTALL) -D -m 0644 package/mender/mender.service \ + $(TARGET_DIR)/usr/lib/systemd/system/mender.service +endef + +$(eval $(golang-package)) diff --git a/package/mender/mender.service b/package/mender/mender.service new file mode 100644 index 0000000..ec77fbc --- /dev/null +++ b/package/mender/mender.service @@ -0,0 +1,15 @@ +[Unit] +Description=Mender OTA update service +After=systemd-resolved.service + +[Service] +Type=idle +User=root +Group=root +ExecStartPre=/bin/mkdir -p -m 0700 /data/mender +ExecStartPre=/bin/ln -sf /etc/mender/tenant.conf /var/lib/mender/authtentoken +ExecStart=/usr/bin/mender -daemon +Restart=on-abort + +[Install] +WantedBy=multi-user.target diff --git a/package/mender/server.crt b/package/mender/server.crt new file mode 100644 index 0000000..79a57e1 --- /dev/null +++ b/package/mender/server.crt @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIBfTCCASOgAwIBAgIJAJOS76a0qWuZMAoGCCqGSM49BAMCMBsxGTAXBgNVBAMM +EGRvY2tlci5tZW5kZXIuaW8wHhcNMTYxMjE0MTk1MjQ2WhcNMjYxMjEyMTk1MjQ2 +WjAbMRkwFwYDVQQDDBBkb2NrZXIubWVuZGVyLmlvMFkwEwYHKoZIzj0CAQYIKoZI +zj0DAQcDQgAE7AVYis6MWGPGQYU1/tlLEnskRifDIhvkRb8Y4nQPekRkLkiBYYT3 +iJ46wHrnejbHaLstU9GRdKWOmOuU6HGdO6NQME4wHQYDVR0OBBYEFGOIU4q++Vz8 +9HuT1jg9V+wFeJcyMB8GA1UdIwQYMBaAFGOIU4q++Vz89HuT1jg9V+wFeJcyMAwG +A1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAPLnEeWPNeN7eDCEYRitBfyO +X1yf2kzOm4ohBE5GY9gzAiBCq7HOSkzQDkelmQCCCpGXf/UwYNgQJjSoeGfk0j1a +TQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBhDCCASmgAwIBAgIJALQrf4QDot4IMAoGCCqGSM49BAMCMB4xHDAaBgNVBAMM +E3MzLmRvY2tlci5tZW5kZXIuaW8wHhcNMTYxMjE0MTk1MjQ2WhcNMjYxMjEyMTk1 +MjQ2WjAeMRwwGgYDVQQDDBNzMy5kb2NrZXIubWVuZGVyLmlvMFkwEwYHKoZIzj0C +AQYIKoZIzj0DAQcDQgAEEc/Y3T+l3DvINePkpvVZORMIdHVs29jgsl48ia7z/NRX +HlKtKxVGJyFN5Y7sBZeLgBYH3F4Bo3KfmxI7ad0tI6NQME4wHQYDVR0OBBYEFIUm +cip00QZYpe4ULflbGNJan+Y9MB8GA1UdIwQYMBaAFIUmcip00QZYpe4ULflbGNJa +n+Y9MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhANHij9VZBDHOUPaC +pFiagnWnYL2HBR72W1xTKQbrLLTXAiEAvpwA4HzSnGmLd3010+jqQuMRHArN5WaX +h0fy7niBbIQ= +-----END CERTIFICATE-----