diff options
Diffstat (limited to 'meta-unit-core/dynamic-layers/virtualization-layer/recipes-core')
5 files changed, 0 insertions, 158 deletions
diff --git a/meta-unit-core/dynamic-layers/virtualization-layer/recipes-core/systemd/systemd-distribution-path.bb b/meta-unit-core/dynamic-layers/virtualization-layer/recipes-core/systemd/systemd-distribution-path.bb deleted file mode 100644 index ae47e27..0000000 --- a/meta-unit-core/dynamic-layers/virtualization-layer/recipes-core/systemd/systemd-distribution-path.bb +++ /dev/null @@ -1,30 +0,0 @@ -SUMMARY = "Systemd path unit to wait for TLS key and cert generation for distribution" -LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://${UNIT_CORE_LAYERDIR}/LICENSE;md5=38bf13be5d6979b28bd8adddb2f2f9b3" - -inherit systemd - -SRC_URI = "\ - file://distribution.path \ -" - -RDEPENDS:${PN}:append = " add-user-svc" -RDEPENDS:${PN}:append = " systemd-regkeygen" - -S = "${UNPACKDIR}" - -SYSTEMD_USER = "svc" -SYSTEMD_USER_UNITDIR = "/home/${SYSTEMD_USER}/.config/systemd/user" - -do_install() { - install -D -p -m0644 ${UNPACKDIR}/distribution.path ${D}${SYSTEMD_USER_UNITDIR}/distribution.path - - # Auto-enable systemd unit by creating the appropriate symlink - install -d ${D}${SYSTEMD_USER_UNITDIR}/default.target.wants - ln -sf ${SYSTEMD_USER_UNITDIR}/distribution.path ${D}${SYSTEMD_USER_UNITDIR}/default.target.wants/distribution.path -} - -FILES:${PN} = "\ - ${SYSTEMD_USER_UNITDIR}/distribution.path \ - ${SYSTEMD_USER_UNITDIR}/default.target.wants/distribution.path \ -" diff --git a/meta-unit-core/dynamic-layers/virtualization-layer/recipes-core/systemd/systemd-distribution-path/distribution.path b/meta-unit-core/dynamic-layers/virtualization-layer/recipes-core/systemd/systemd-distribution-path/distribution.path deleted file mode 100644 index d29fbd7..0000000 --- a/meta-unit-core/dynamic-layers/virtualization-layer/recipes-core/systemd/systemd-distribution-path/distribution.path +++ /dev/null @@ -1,8 +0,0 @@ -[Unit] -Description=Wait for TLS cert and key - -[Path] -PathExists=%h/.local/share/distribution/certs-ready-signal - -[Install] -WantedBy=default.target diff --git a/meta-unit-core/dynamic-layers/virtualization-layer/recipes-core/systemd/systemd-regkeygen.bb b/meta-unit-core/dynamic-layers/virtualization-layer/recipes-core/systemd/systemd-regkeygen.bb deleted file mode 100644 index dc925d7..0000000 --- a/meta-unit-core/dynamic-layers/virtualization-layer/recipes-core/systemd/systemd-regkeygen.bb +++ /dev/null @@ -1,31 +0,0 @@ -SUMMARY = "Systemd service for generating TLS key and cert for distribution" -LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://${UNIT_CORE_LAYERDIR}/LICENSE;md5=38bf13be5d6979b28bd8adddb2f2f9b3" - -SYSTEMD_SERVICE:${PN} = "regkeygen.service" - -SRC_URI = "\ - file://regkeygen.service \ - file://regkeygen.sh \ -" - -RDEPENDS:${PN}:append = " add-user-svc" - -S = "${UNPACKDIR}" - -do_install() { - install -D -p -m0644 ${UNPACKDIR}/regkeygen.service ${D}${systemd_system_unitdir}/regkeygen.service - install -D -p -m0755 ${UNPACKDIR}/regkeygen.sh ${D}${bindir}/regkeygen.sh -} - -inherit systemd - -FILES:${PN} = "\ - ${systemd_system_unitdir} \ - ${bindir} \ -" - -RDEPENDS:${PN} = "\ - openssl \ - ca-certificates \ -" diff --git a/meta-unit-core/dynamic-layers/virtualization-layer/recipes-core/systemd/systemd-regkeygen/regkeygen.service b/meta-unit-core/dynamic-layers/virtualization-layer/recipes-core/systemd/systemd-regkeygen/regkeygen.service deleted file mode 100644 index e5f2cab..0000000 --- a/meta-unit-core/dynamic-layers/virtualization-layer/recipes-core/systemd/systemd-regkeygen/regkeygen.service +++ /dev/null @@ -1,19 +0,0 @@ -[Unit] -Description=Generate registry TLS keys for device -ConditionPathExists=!/home/svc/.config/containers/distribution/certs/domain.crt -ConditionPathExists=!/home/svc/.config/containers/distribution/certs/domain.key -ConditionPathExists=!/usr/local/share/ca-certificates/registry.crt -ConditionPathExists=!/etc/containers/certs.d/localhost:5000/ca.crt -ConditionPathExists=!/home/svc/.config/containers/certs.d/localhost:5000/ca.crt -ConditionPathExists=!/home/svc/.local/share/distribution/certs-ready-signal -After=time-sync.target -Wants=time-sync.target systemd-time-wait-sync.service - -[Service] -Type=oneshot -ExecStart=/usr/bin/regkeygen.sh -Environment="TARGET_USR=svc" -Environment="DISTRIBUTION_REGISTRY_URL=localhost:5000" - -[Install] -WantedBy=multi-user.target diff --git a/meta-unit-core/dynamic-layers/virtualization-layer/recipes-core/systemd/systemd-regkeygen/regkeygen.sh b/meta-unit-core/dynamic-layers/virtualization-layer/recipes-core/systemd/systemd-regkeygen/regkeygen.sh deleted file mode 100644 index f1286dd..0000000 --- a/meta-unit-core/dynamic-layers/virtualization-layer/recipes-core/systemd/systemd-regkeygen/regkeygen.sh +++ /dev/null @@ -1,70 +0,0 @@ -#!/bin/sh - -XDG_LOCAL_HOME="/home/$TARGET_USR/.local" -XDG_CONFIG_HOME="/home/$TARGET_USR/.config" - -set -e - -echo "Cleaning up any previous artifacts..." - -rm -f "$XDG_CONFIG_HOME/containers/distribution/certs/domain.key" -rm -f "$XDG_CONFIG_HOME/containers/distribution/certs/domain.crt" -rm -f /usr/local/share/ca-certificates/registry.crt -rm -f "/etc/containers/certs.d/$DISTRIBUTION_REGISTRY_URL/ca.crt" -rm -f "$XDG_CONFIG_HOME/containers/certs.d/$DISTRIBUTION_REGISTRY_URL/ca.crt" -rm -f "$XDG_LOCAL_HOME/share/distribution/certs-ready-signal" - -echo "Creating necessary system directories..." - -mkdir -p "/etc/containers/certs.d/$DISTRIBUTION_REGISTRY_URL/" -mkdir -p /usr/local/share/ca-certificates - -echo "Creating necessary user directories..." - -mkdir -p "$XDG_CONFIG_HOME/containers/distribution/certs" -mkdir -p "$XDG_CONFIG_HOME/containers/certs.d/$DISTRIBUTION_REGISTRY_URL" -mkdir -p "$XDG_LOCAL_HOME/share/distribution" - -echo "Generating TLS certificate and key for local registry..." - -openssl req -x509 -newkey ec \ - -pkeyopt ec_paramgen_curve:P-256 \ - -keyout "$XDG_CONFIG_HOME/containers/distribution/certs/domain.key" \ - -out "$XDG_CONFIG_HOME/containers/distribution/certs/domain.crt" \ - -days 365 \ - -nodes \ - -subj '/C=US/ST=Minnesota/L=St. Paul/O=Closed Circuit Consulting/OU=R&D/CN=localhost/emailAddress=unitexe70@gmail.com' \ - -addext 'subjectAltName=DNS:localhost,IP:127.0.0.1,IP:::1' - -echo "Setting permissions on generated artifacts..." - -chown $TARGET_USR:$TARGET_USR "$XDG_CONFIG_HOME/containers/distribution/certs/domain.key" -chown $TARGET_USR:$TARGET_USR "$XDG_CONFIG_HOME/containers/distribution/certs/domain.crt" -chmod 640 "$XDG_CONFIG_HOME/containers/distribution/certs/domain.key" -chmod 644 "$XDG_CONFIG_HOME/containers/distribution/certs/domain.crt" - -echo "Adding CA to system trust store..." - -cp -f "$XDG_CONFIG_HOME/containers/distribution/certs/domain.crt" /usr/local/share/ca-certificates/registry.crt -update-ca-certificates - -echo "Adding CA to containers trust store..." - -cp -f "$XDG_CONFIG_HOME/containers/distribution/certs/domain.crt" "/etc/containers/certs.d/$DISTRIBUTION_REGISTRY_URL/ca.crt" - -echo "Adding CA to user containers trust store..." - -chown -R $TARGET_USR:$TARGET_USR "$XDG_CONFIG_HOME/containers/certs.d" -chmod 755 "$XDG_CONFIG_HOME/containers/certs.d/$DISTRIBUTION_REGISTRY_URL" - -cp -f "$XDG_CONFIG_HOME/containers/distribution/certs/domain.crt" "$XDG_CONFIG_HOME/containers/certs.d/$DISTRIBUTION_REGISTRY_URL/ca.crt" -chown $TARGET_USR:$TARGET_USR "$XDG_CONFIG_HOME/containers/certs.d/$DISTRIBUTION_REGISTRY_URL/ca.crt" -chmod 644 "$XDG_CONFIG_HOME/containers/certs.d/$DISTRIBUTION_REGISTRY_URL/ca.crt" - -echo "Creating signal file..." - -chown -R $TARGET_USR:$TARGET_USR "$XDG_LOCAL_HOME/share/distribution" -touch "$XDG_LOCAL_HOME/share/distribution/certs-ready-signal" -chmod 644 "$XDG_LOCAL_HOME/share/distribution/certs-ready-signal" - -echo "Registry TLS configuration created and ready for use" |