From 56557f3bad3b5e898964c4e64c7f1e508ab6bc87 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Aug 2025 07:20:43 +0200 Subject: [PATCH 01/66] meta-*: bump layers/sw/meta-virtualization from `a5449c0` to `151273b` (#205) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- layers/sw/meta-virtualization | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layers/sw/meta-virtualization b/layers/sw/meta-virtualization index a5449c0c..151273b1 160000 --- a/layers/sw/meta-virtualization +++ b/layers/sw/meta-virtualization @@ -1 +1 @@ -Subproject commit a5449c0c50aa07d02186f548fe6bb6c1ce8823dc +Subproject commit 151273b120117468e70733020b6db864d8180c0b From 701145fd31cb0e2c4216c231db7c4ff849cfd420 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Aug 2025 07:21:09 +0200 Subject: [PATCH 02/66] meta-*: bump layers/sw/meta-aws from `f2e0030` to `599c34f` (#206) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- layers/sw/meta-aws | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layers/sw/meta-aws b/layers/sw/meta-aws index f2e00308..599c34fd 160000 --- a/layers/sw/meta-aws +++ b/layers/sw/meta-aws @@ -1 +1 @@ -Subproject commit f2e00308c3e4a4b9606faf0f964f1523c703778c +Subproject commit 599c34fdea454fae1f08ec2498743cae2e7db79a From 0f6f163b5d44c5bfa406e62b410b406d0c725cd7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Aug 2025 21:59:57 +0200 Subject: [PATCH 03/66] meta-*: bump layers/bsp/meta-ti from `3e69ce3` to `0353868` (#207) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- layers/bsp/meta-ti | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layers/bsp/meta-ti b/layers/bsp/meta-ti index 3e69ce3a..0353868b 160000 --- a/layers/bsp/meta-ti +++ b/layers/bsp/meta-ti @@ -1 +1 @@ -Subproject commit 3e69ce3af0f2f3ba0b66de944f954274f6dc93f9 +Subproject commit 0353868b3f625ee43a671a211245cc14cddbda7d From 22f5a1345cf999c54806ea8579e0e37339ae62a5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Aug 2025 09:41:53 +0200 Subject: [PATCH 04/66] meta-*: bump poky from `e711b2f` to `6f7e929` in the layers group (#209) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- poky | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/poky b/poky index e711b2f3..6f7e929e 160000 --- a/poky +++ b/poky @@ -1 +1 @@ -Subproject commit e711b2f39a94879812e5d7f721018f911f25ce38 +Subproject commit 6f7e929ea6ea557f107c8ccffea69a7d73439591 From 554c0896fd3cb7faf3e53be2ebacc134960a8345 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Aug 2025 09:42:01 +0200 Subject: [PATCH 05/66] meta-*: bump layers/sw/meta-aws from `599c34f` to `bcc5564` (#208) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- layers/sw/meta-aws | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layers/sw/meta-aws b/layers/sw/meta-aws index 599c34fd..bcc5564c 160000 --- a/layers/sw/meta-aws +++ b/layers/sw/meta-aws @@ -1 +1 @@ -Subproject commit 599c34fdea454fae1f08ec2498743cae2e7db79a +Subproject commit bcc5564c351d0cb2ffb0bfb4b8044c26562d8ff8 From 97b204eced56bbed560ff177039279b97b7c6615 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 6 Aug 2025 22:42:29 +0200 Subject: [PATCH 06/66] meta-*: bump layers/bsp/meta-raspberrypi from `1f20453` to `fceeefa` (#211) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- layers/bsp/meta-raspberrypi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layers/bsp/meta-raspberrypi b/layers/bsp/meta-raspberrypi index 1f204532..fceeefa9 160000 --- a/layers/bsp/meta-raspberrypi +++ b/layers/bsp/meta-raspberrypi @@ -1 +1 @@ -Subproject commit 1f2045321afd6ef20b457266ac3e97c8577eb1c4 +Subproject commit fceeefa9f0a5a3064a034718f29cc253f53eebf6 From a54822e80eb7b03c73dc8ea72f1cd7f41963c36a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 10 Aug 2025 21:26:07 +0200 Subject: [PATCH 07/66] meta-*: bump layers/bsp/meta-freescale from `90cb4c1` to `56e1eaa` (#212) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- layers/bsp/meta-freescale | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layers/bsp/meta-freescale b/layers/bsp/meta-freescale index 90cb4c15..56e1eaaf 160000 --- a/layers/bsp/meta-freescale +++ b/layers/bsp/meta-freescale @@ -1 +1 @@ -Subproject commit 90cb4c15f033042376c38f90878459089cd10576 +Subproject commit 56e1eaaf2723b51633de5dd0314143764155e1b3 From e0b4c3902c3f4283e945d66feff9fe66431734fa Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 10 Aug 2025 21:26:27 +0200 Subject: [PATCH 08/66] meta-*: bump layers/bsp/meta-raspberrypi from `fceeefa` to `de443f6` (#214) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- layers/bsp/meta-raspberrypi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layers/bsp/meta-raspberrypi b/layers/bsp/meta-raspberrypi index fceeefa9..de443f69 160000 --- a/layers/bsp/meta-raspberrypi +++ b/layers/bsp/meta-raspberrypi @@ -1 +1 @@ -Subproject commit fceeefa9f0a5a3064a034718f29cc253f53eebf6 +Subproject commit de443f698641aa01b390821cb544b8fc68b20572 From 7cc32bf0c6c730a5507857dda099dc28df3ab887 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 10 Aug 2025 21:26:37 +0200 Subject: [PATCH 09/66] meta-*: bump layers/bsp/meta-ti from `0353868` to `b9cb033` (#213) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- layers/bsp/meta-ti | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layers/bsp/meta-ti b/layers/bsp/meta-ti index 0353868b..b9cb0333 160000 --- a/layers/bsp/meta-ti +++ b/layers/bsp/meta-ti @@ -1 +1 @@ -Subproject commit 0353868b3f625ee43a671a211245cc14cddbda7d +Subproject commit b9cb03337907388a84873b539e1a3bab1e02e271 From 3a608ef525fd5c7d2f2b089ef2b8e10ae8e29248 Mon Sep 17 00:00:00 2001 From: tro Date: Mon, 11 Aug 2025 19:15:40 +0200 Subject: [PATCH 10/66] Add nightly workflow with AUTOREV for greengrass-lite (#216) --- .github/workflows/nightly-autorev.yml | 53 +++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 .github/workflows/nightly-autorev.yml diff --git a/.github/workflows/nightly-autorev.yml b/.github/workflows/nightly-autorev.yml new file mode 100644 index 00000000..cd309d04 --- /dev/null +++ b/.github/workflows/nightly-autorev.yml @@ -0,0 +1,53 @@ +name: nightly-autorev +on: + schedule: + - cron: '0 2 * * *' # Run at 2 AM UTC daily + workflow_dispatch: + inputs: + clean: + description: 'Clean sstate + downloads dir, force download + rebuild of everything.' + type: boolean + required: false + default: false +jobs: + clean: + runs-on: codebuild-${{ vars.CODEBUILD_RUNNER_NAME }}-${{ github.run_id }}-${{ github.run_attempt }} + steps: + - name: clean sstate-cache + downloads + if: inputs.clean + shell: bash + run: + rm -rf /sstate-cache/* + rm -rf /downloads/* + build: + needs: clean + strategy: + fail-fast: false + matrix: + include: + - { device: qemuarm64, image: aws-iot-greengrass-lite-demo-simple-image } + - { device: raspberrypi-64, image: aws-iot-greengrass-lite-demo-image } + runs-on: codebuild-${{ vars.CODEBUILD_RUNNER_NAME }}-${{ github.run_id }}-${{ github.run_attempt }} + steps: + - name: checkout master branch + uses: actions/checkout@v4 + with: + ref: master + submodules: true + fetch-depth: 0 + - name: build with AUTOREV + shell: bash + run: | + chown yoctouser /sstate-cache + chown yoctouser /downloads + chown -R yoctouser . + sysctl vm.mmap_min_addr=65536 + sudo -u yoctouser bash -c '\ + . init-build-env && + export SSTATE_DIR=/sstate-cache && \ + export DL_DIR=/downloads && \ + export BB_ENV_PASSTHROUGH_ADDITIONS="$BB_ENV_PASSTHROUGH_ADDITIONS SSTATE_DIR DL_DIR" && \ + export DEVICE=${{ matrix.device }} && \ + export IMAGE=${{ matrix.image }} && \ + echo "SRCREV:pn-greengrass-lite = \"${AUTOREV}\"" >> conf/local.conf && \ + bitbake $IMAGE' From 9c6ca2b9eb78696fc4bc1fb0ef2952f3c2cc7c35 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Aug 2025 06:37:46 +0200 Subject: [PATCH 11/66] meta-*: bump layers/bsp/meta-ampliphy from `695f6b2` to `78f471a` (#217) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- layers/bsp/meta-ampliphy | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layers/bsp/meta-ampliphy b/layers/bsp/meta-ampliphy index 695f6b25..78f471a8 160000 --- a/layers/bsp/meta-ampliphy +++ b/layers/bsp/meta-ampliphy @@ -1 +1 @@ -Subproject commit 695f6b25fc5b49f5acc9ef4251d4ab06bb613f79 +Subproject commit 78f471a8efb09d9b7cad591c03f37b5dcf28550f From ca0e337aa7619be0cc4869823c4fe4f10a3fef36 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Aug 2025 06:38:18 +0200 Subject: [PATCH 12/66] meta-*: bump layers/bsp/meta-freescale from `56e1eaa` to `75aeffd` (#218) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- layers/bsp/meta-freescale | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layers/bsp/meta-freescale b/layers/bsp/meta-freescale index 56e1eaaf..75aeffd4 160000 --- a/layers/bsp/meta-freescale +++ b/layers/bsp/meta-freescale @@ -1 +1 @@ -Subproject commit 56e1eaaf2723b51633de5dd0314143764155e1b3 +Subproject commit 75aeffd4551d410de50f613efd065b578cbf543d From 54a62d84af0f3389bf1a21f16c181301b5807b21 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Aug 2025 06:41:48 +0200 Subject: [PATCH 13/66] meta-*: bump layers/bsp/meta-raspberrypi from `de443f6` to `3afc972` (#219) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- layers/bsp/meta-raspberrypi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layers/bsp/meta-raspberrypi b/layers/bsp/meta-raspberrypi index de443f69..3afc9728 160000 --- a/layers/bsp/meta-raspberrypi +++ b/layers/bsp/meta-raspberrypi @@ -1 +1 @@ -Subproject commit de443f698641aa01b390821cb544b8fc68b20572 +Subproject commit 3afc9728b1f4ba0f5be1af34883d6582966133a1 From cf0c22ed0e583d5dc96849ac5001277787b3f447 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Aug 2025 13:14:46 +0200 Subject: [PATCH 14/66] meta-*: bump layers/sw/meta-aws from `bcc5564` to `3926c46` (#220) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Thomas Roos --- layers/sw/meta-aws | 2 +- .../greengrass-bin/greengrass.service.template | 17 ----------------- .../greengrass-bin_%.bbappend | 14 +------------- 3 files changed, 2 insertions(+), 31 deletions(-) delete mode 100644 meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-bin/greengrass.service.template diff --git a/layers/sw/meta-aws b/layers/sw/meta-aws index bcc5564c..83554f40 160000 --- a/layers/sw/meta-aws +++ b/layers/sw/meta-aws @@ -1 +1 @@ -Subproject commit bcc5564c351d0cb2ffb0bfb4b8044c26562d8ff8 +Subproject commit 83554f40b4132efa591424d050a9de7bf5f51774 diff --git a/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-bin/greengrass.service.template b/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-bin/greengrass.service.template deleted file mode 100644 index 7cdcf2e2..00000000 --- a/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-bin/greengrass.service.template +++ /dev/null @@ -1,17 +0,0 @@ -[Unit] -Description=Greengrass Core -After=network.target -After=systemd-time-wait-sync.service - - -[Service] -Type=simple -PIDFile=/var/run/greengrass.pid -RemainAfterExit=no -Restart=on-failure -RestartSec=10 -ExecStart=/bin/sh /greengrass/v2/alts/current/distro/bin/loader -KillMode=mixed - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-bin_%.bbappend b/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-bin_%.bbappend index 574435f1..f94c1fe9 100644 --- a/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-bin_%.bbappend +++ b/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-bin_%.bbappend @@ -4,26 +4,14 @@ FILESEXTRAPATHS:prepend:rpi := "${THISDIR}/greengrass-bin:" SRC_URI:append:rpi = " \ file://greengrass-classic.yaml \ - file://greengrass.service.template \ " gg_workingdir = "/greengrass/v2" gg_user = "ggc_user" gg_group = "ggc_group" -# fix service file - add systemd-time-wait-sync.service do_install:append:rpi () { - install -m 0640 ${S}/greengrass.service.template ${GG_ROOT}/packages/artifacts-unarchived/aws.greengrass.Nucleus/${PV}/aws.greengrass.nucleus/bin/greengrass.service.template - # Install systemd service file - install -d ${D}${systemd_unitdir}/system/ - install -m 0644 ${S}/greengrass.service.template ${D}${systemd_unitdir}/system/greengrass.service - sed -i -e "s,REPLACE_WITH_GG_LOADER_FILE,/${GG_BASENAME}/alts/current/distro/bin/loader,g" ${D}${systemd_unitdir}/system/greengrass.service - sed -i -e "s,REPLACE_WITH_GG_LOADER_PID_FILE,/var/run/greengrass.pid,g" ${D}${systemd_unitdir}/system/greengrass.service - -} - -do_install:append:rpi () { - install -m 0640 ${S}/greengrass-classic.yaml ${GG_ROOT}/greengrass-classic.yaml.fragment + install -m 0640 ${WORKDIR}/greengrass-classic.yaml ${GG_ROOT}/greengrass-classic.yaml.fragment sed -i -e 's,@GG_WORKING_DIR@,${gg_workingdir},g' \ -e 's,@GG_USER@,${gg_user},g' \ -e 's,@GG_GROUP@,${gg_group},g' \ From d40b29f799d57111d6ba21a8d40b5bbafa5ce345 Mon Sep 17 00:00:00 2001 From: tro Date: Tue, 12 Aug 2025 19:43:06 +0200 Subject: [PATCH 15/66] =?UTF-8?q?aws-iot-greengrass-lite-demo-image:=20sup?= =?UTF-8?q?port=20local=20deployments,=20upgrad=E2=80=A6=20(#221)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- layers/sw/meta-aws | 2 +- .../aws-iot-greengrass-lite-demo-image.bb | 15 ++++++++++++--- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/layers/sw/meta-aws b/layers/sw/meta-aws index 83554f40..92455d15 160000 --- a/layers/sw/meta-aws +++ b/layers/sw/meta-aws @@ -1 +1 @@ -Subproject commit 83554f40b4132efa591424d050a9de7bf5f51774 +Subproject commit 92455d159b0c2cb02f38935f63e482ed50d98ed3 diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/aws-iot-greengrass-lite-demo-image.bb b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/aws-iot-greengrass-lite-demo-image.bb index fc4e2f57..cd855288 100644 --- a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/aws-iot-greengrass-lite-demo-image.bb +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/aws-iot-greengrass-lite-demo-image.bb @@ -91,17 +91,26 @@ install -d -m 0755 ${IMAGE_ROOTFS}/data # leave them empty as a mount point for the bind mount install -d ${IMAGE_ROOTFS}/data/etc/greengrass -mv -f ${IMAGE_ROOTFS}/etc/greengrass/* ${IMAGE_ROOTFS}/data/etc/greengrass/ +if [ -n "$(ls -A ${IMAGE_ROOTFS}/etc/greengrass 2>/dev/null)" ]; then + mv -f ${IMAGE_ROOTFS}/etc/greengrass/* ${IMAGE_ROOTFS}/data/etc/greengrass/ +fi install -d ${IMAGE_ROOTFS}/data/etc/wpa_supplicant install -d ${IMAGE_ROOTFS}/data/etc/systemd/network -mv -f ${IMAGE_ROOTFS}/etc/systemd/network/* ${IMAGE_ROOTFS}/data/etc/systemd/network +if [ -n "$(ls -A ${IMAGE_ROOTFS}/etc/systemd/network 2>/dev/null)" ]; then + mv -f ${IMAGE_ROOTFS}/etc/systemd/network/* ${IMAGE_ROOTFS}/data/etc/systemd/network +fi install -d ${IMAGE_ROOTFS}/data/etc/systemd/system -mv -f ${IMAGE_ROOTFS}/etc/systemd/system/* ${IMAGE_ROOTFS}/data/etc/systemd/system +if [ -n "$(ls -A ${IMAGE_ROOTFS}/etc/systemd/system 2>/dev/null)" ]; then + mv -f ${IMAGE_ROOTFS}/etc/systemd/system/* ${IMAGE_ROOTFS}/data/etc/systemd/system +fi install -d ${IMAGE_ROOTFS}/data/var/lib/greengrass +if [ -n "$(ls -A ${IMAGE_ROOTFS}/var/lib/greengrass 2>/dev/null)" ]; then + mv -f ${IMAGE_ROOTFS}/var/lib/greengrass/* ${IMAGE_ROOTFS}/data/var/lib/greengrass +fi # decided to do here instead of a bbappend of wpa:supplicant install -d ${IMAGE_ROOTFS}/${sysconfdir}/systemd/system/multi-user.target.wants/ From 2da4bd7a3ae125650dc8232b1f2fddea67e1fe41 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 14 Aug 2025 06:58:39 +0200 Subject: [PATCH 16/66] meta-*: bump layers/sw/meta-aws from `92455d1` to `ee15a57` (#223) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- layers/sw/meta-aws | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layers/sw/meta-aws b/layers/sw/meta-aws index 92455d15..ee15a57c 160000 --- a/layers/sw/meta-aws +++ b/layers/sw/meta-aws @@ -1 +1 @@ -Subproject commit 92455d159b0c2cb02f38935f63e482ed50d98ed3 +Subproject commit ee15a57cea8899e436c2c70ab8d2f18d07ad00b2 From a18fc57cfd4cceeb0b080ac6cf28443a9b021d5f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 14 Aug 2025 06:58:45 +0200 Subject: [PATCH 17/66] meta-*: bump layers/bsp/meta-freescale from `75aeffd` to `3460f6f` (#222) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- layers/bsp/meta-freescale | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layers/bsp/meta-freescale b/layers/bsp/meta-freescale index 75aeffd4..3460f6f0 160000 --- a/layers/bsp/meta-freescale +++ b/layers/bsp/meta-freescale @@ -1 +1 @@ -Subproject commit 75aeffd4551d410de50f613efd065b578cbf543d +Subproject commit 3460f6f0aef69d07b7beea1cfa252ea0b68a60ec From 474581d766d73d0d43e7527f8a02f3cd5a36e7aa Mon Sep 17 00:00:00 2001 From: tro Date: Thu, 14 Aug 2025 11:19:19 +0200 Subject: [PATCH 18/66] Adding meta-phytec, for phyboard-electra-am64xx-2 (#224) --- .gitmodules | 4 ++++ README.md | 1 + layers/bsp/meta-phytec | 1 + .../conf/devices/phyboard-electra-am64xx-2/README.md | 5 +++++ .../conf/devices/phyboard-electra-am64xx-2/config.conf | 3 +++ .../conf/devices/phyboard-electra-am64xx-2/layers.conf | 6 ++++++ 6 files changed, 20 insertions(+) create mode 160000 layers/bsp/meta-phytec create mode 100644 meta-aws-demos/conf/devices/phyboard-electra-am64xx-2/README.md create mode 100644 meta-aws-demos/conf/devices/phyboard-electra-am64xx-2/config.conf create mode 100644 meta-aws-demos/conf/devices/phyboard-electra-am64xx-2/layers.conf diff --git a/.gitmodules b/.gitmodules index 28b9f311..b2b5c65d 100644 --- a/.gitmodules +++ b/.gitmodules @@ -110,3 +110,7 @@ path = layers/sw/meta-browser url = https://github.com/OSSystems/meta-browser.git branch = scarthgap +[submodule "layers/bsp/meta-phytec"] + path = layers/bsp/meta-phytec + url = https://github.com/thomas-roos/meta-phytec.git + branch = fix-optee-file-paths diff --git a/README.md b/README.md index 322bb969..6f4210aa 100644 --- a/README.md +++ b/README.md @@ -29,6 +29,7 @@ alphabetical order for ease of selection, no preference should be inferred. - [`aws-ec2-arm64` / AWS EC2](meta-aws-demos/conf/devices/aws-ec2-arm64/README.md) - [`aws-ec2-x86-64` / AWS EC2](meta-aws-demos/conf/devices/aws-ec2-x86-64/README.md) - [`imx8m` / NXP](meta-aws-demos/conf/devices/imx8m/README.md) +- [`phyboard-electra-am64xx-2` / PHYTEC](meta-aws-demos/conf/devices/phyboard-electra-am64xx-2/README.md) - [`qemuarm`](meta-aws-demos/conf/devices/qemuarm/README.md) - [`qemuarm64`](meta-aws-demos/conf/devices/qemuarm64/README.md) - [`qemux86-64`](meta-aws-demos/conf/devices/qemux86-64/README.md) diff --git a/layers/bsp/meta-phytec b/layers/bsp/meta-phytec new file mode 160000 index 00000000..18dc90d0 --- /dev/null +++ b/layers/bsp/meta-phytec @@ -0,0 +1 @@ +Subproject commit 18dc90d0f7b597ed9a8e5cdda5eadbbc04179f72 diff --git a/meta-aws-demos/conf/devices/phyboard-electra-am64xx-2/README.md b/meta-aws-demos/conf/devices/phyboard-electra-am64xx-2/README.md new file mode 100644 index 00000000..f66ba087 --- /dev/null +++ b/meta-aws-demos/conf/devices/phyboard-electra-am64xx-2/README.md @@ -0,0 +1,5 @@ +# phyboard-electra-am64xx-2 + +See here: https://github.com/phytec/meta-phytec/blob/scarthgap/conf/machine/phyboard-electra-am64xx-2.conf + +Tested with: aws-iot-greengrass-lite-demo-simple-image \ No newline at end of file diff --git a/meta-aws-demos/conf/devices/phyboard-electra-am64xx-2/config.conf b/meta-aws-demos/conf/devices/phyboard-electra-am64xx-2/config.conf new file mode 100644 index 00000000..53b10b84 --- /dev/null +++ b/meta-aws-demos/conf/devices/phyboard-electra-am64xx-2/config.conf @@ -0,0 +1,3 @@ +MACHINE = "phyboard-electra-am64xx-2" + +IMAGE_FSTYPES ?= "wic wic.bz2" \ No newline at end of file diff --git a/meta-aws-demos/conf/devices/phyboard-electra-am64xx-2/layers.conf b/meta-aws-demos/conf/devices/phyboard-electra-am64xx-2/layers.conf new file mode 100644 index 00000000..39673b8c --- /dev/null +++ b/meta-aws-demos/conf/devices/phyboard-electra-am64xx-2/layers.conf @@ -0,0 +1,6 @@ +BBLAYERS += "\ + ${OEROOT}/../layers/bsp/meta-phytec \ + ${OEROOT}/../layers/bsp/meta-ti/meta-ti-bsp \ + ${OEROOT}/../layers/bsp/meta-arm/meta-arm \ + ${OEROOT}/../layers/bsp/meta-arm/meta-arm-toolchain \ +" \ No newline at end of file From f445bff606ba2e4f3d13507b2b9eb90d4ef237ed Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Sep 2025 12:02:45 +0200 Subject: [PATCH 19/66] meta-*: bump layers/sw/meta-openembedded from `e8fd97d` to `c29a18f` (#229) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- layers/sw/meta-openembedded | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layers/sw/meta-openembedded b/layers/sw/meta-openembedded index e8fd97d8..c29a18fa 160000 --- a/layers/sw/meta-openembedded +++ b/layers/sw/meta-openembedded @@ -1 +1 @@ -Subproject commit e8fd97d86af86cdcc5a6eb3f301cbaf6a2084943 +Subproject commit c29a18fa39ede952f3f6108ec007c1906e2d9a0d From 4089998f8a863d9c1c025c7b5079c6e0181e24f1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Sep 2025 12:02:59 +0200 Subject: [PATCH 20/66] meta-*: bump layers/bsp/meta-freescale from `3460f6f` to `4ea1005` (#228) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- layers/bsp/meta-freescale | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layers/bsp/meta-freescale b/layers/bsp/meta-freescale index 3460f6f0..4ea1005c 160000 --- a/layers/bsp/meta-freescale +++ b/layers/bsp/meta-freescale @@ -1 +1 @@ -Subproject commit 3460f6f0aef69d07b7beea1cfa252ea0b68a60ec +Subproject commit 4ea1005c570ce783bb0a4130159b6af8615ce273 From cff10ca67fd381570f9fce1e8d74a68ef8c2cb51 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Sep 2025 12:03:07 +0200 Subject: [PATCH 21/66] meta-*: bump layers/sw/meta-virtualization from `151273b` to `02f72c9` (#231) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- layers/sw/meta-virtualization | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layers/sw/meta-virtualization b/layers/sw/meta-virtualization index 151273b1..02f72c96 160000 --- a/layers/sw/meta-virtualization +++ b/layers/sw/meta-virtualization @@ -1 +1 @@ -Subproject commit 151273b120117468e70733020b6db864d8180c0b +Subproject commit 02f72c96bf9acd0bd3ae0463f482bce8feabe749 From e9b11dfc391450daa4da40469a6c7a255b75b9a7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Sep 2025 12:03:13 +0200 Subject: [PATCH 22/66] meta-*: bump layers/sw/meta-clang from `aef850f` to `6691e4b` (#233) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- layers/sw/meta-clang | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layers/sw/meta-clang b/layers/sw/meta-clang index aef850f7..6691e4bc 160000 --- a/layers/sw/meta-clang +++ b/layers/sw/meta-clang @@ -1 +1 @@ -Subproject commit aef850f7fa53121c74b244b7ae40d31fb9809ccf +Subproject commit 6691e4bc47e20b903dc3dd7684685086d2468b84 From 92030a406d1b568558fb9deafd0609ea35fe1f07 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Sep 2025 12:03:20 +0200 Subject: [PATCH 23/66] meta-*: bump layers/bsp/meta-ti from `b9cb033` to `11a6031` (#234) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- layers/bsp/meta-ti | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layers/bsp/meta-ti b/layers/bsp/meta-ti index b9cb0333..11a60314 160000 --- a/layers/bsp/meta-ti +++ b/layers/bsp/meta-ti @@ -1 +1 @@ -Subproject commit b9cb03337907388a84873b539e1a3bab1e02e271 +Subproject commit 11a60314cf00695f0131b6d955667d502a93165a From b08c035aaefaed4f4d1ca4ba762bf541d5c7f187 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 3 Sep 2025 15:11:59 +0200 Subject: [PATCH 24/66] meta-*: bump poky from `6f7e929` to `9ce8f26` in the layers group (#235) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- poky | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/poky b/poky index 6f7e929e..9ce8f26d 160000 --- a/poky +++ b/poky @@ -1 +1 @@ -Subproject commit 6f7e929ea6ea557f107c8ccffea69a7d73439591 +Subproject commit 9ce8f26d37c2e3e0030fd1f36f5c54209c269a05 From e5df722e6d841c28af8fa41668cebcccfc901668 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 3 Sep 2025 16:26:33 +0200 Subject: [PATCH 25/66] meta-*: bump layers/bsp/meta-st-stm32mp from `e42a7bb` to `a9bfa38` (#237) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: tro --- layers/bsp/meta-st-stm32mp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layers/bsp/meta-st-stm32mp b/layers/bsp/meta-st-stm32mp index e42a7bb4..a9bfa388 160000 --- a/layers/bsp/meta-st-stm32mp +++ b/layers/bsp/meta-st-stm32mp @@ -1 +1 @@ -Subproject commit e42a7bb4edd0dc7c29ebd5b20c5c874bc4cc52fb +Subproject commit a9bfa3888324998e5c7bf9c159833ae577983bb2 From 9f1fa9f28008e6b75eb8f3f6efe9d3e204d373e8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 3 Sep 2025 16:26:41 +0200 Subject: [PATCH 26/66] meta-*: bump layers/bsp/meta-ampliphy from `78f471a` to `75ad2ee` (#236) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- layers/bsp/meta-ampliphy | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layers/bsp/meta-ampliphy b/layers/bsp/meta-ampliphy index 78f471a8..75ad2ee7 160000 --- a/layers/bsp/meta-ampliphy +++ b/layers/bsp/meta-ampliphy @@ -1 +1 @@ -Subproject commit 78f471a8efb09d9b7cad591c03f37b5dcf28550f +Subproject commit 75ad2ee7e166ee88073eb3eb273a6f2bd96f8217 From 2ef28468cae71c1dfd479776796bdbe222b2d72a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 3 Sep 2025 17:08:00 +0200 Subject: [PATCH 27/66] meta-*: bump layers/bsp/meta-raspberrypi from `3afc972` to `aaf976a` (#238) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- layers/bsp/meta-raspberrypi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layers/bsp/meta-raspberrypi b/layers/bsp/meta-raspberrypi index 3afc9728..aaf976a6 160000 --- a/layers/bsp/meta-raspberrypi +++ b/layers/bsp/meta-raspberrypi @@ -1 +1 @@ -Subproject commit 3afc9728b1f4ba0f5be1af34883d6582966133a1 +Subproject commit aaf976a665daa7e520545908adef8a0e9410b57f From 49a675a37c16ea9123c67dd7dd47daf486bc614c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Sep 2025 07:07:49 +0200 Subject: [PATCH 28/66] meta-*: bump layers/sw/meta-aws from `ee15a57` to `45a5379` (#239) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- layers/sw/meta-aws | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layers/sw/meta-aws b/layers/sw/meta-aws index ee15a57c..45a5379f 160000 --- a/layers/sw/meta-aws +++ b/layers/sw/meta-aws @@ -1 +1 @@ -Subproject commit ee15a57cea8899e436c2c70ab8d2f18d07ad00b2 +Subproject commit 45a5379fa72e88b4dd9dcf5fcd1f65d1230c50af From aac235949601bdb5b90e3f9368e1d49cb6bc118f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Sep 2025 12:11:17 +0200 Subject: [PATCH 29/66] meta-*: bump layers/bsp/meta-freescale from `4ea1005` to `e9c4546` (#240) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- layers/bsp/meta-freescale | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layers/bsp/meta-freescale b/layers/bsp/meta-freescale index 4ea1005c..e9c4546c 160000 --- a/layers/bsp/meta-freescale +++ b/layers/bsp/meta-freescale @@ -1 +1 @@ -Subproject commit 4ea1005c570ce783bb0a4130159b6af8615ce273 +Subproject commit e9c4546c6dbb3039e282b6e2b2ea4a6de8e0a87d From c6fcbd8b84a629ffd7059d9c8975a28543b59720 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 5 Sep 2025 09:21:17 +0200 Subject: [PATCH 30/66] meta-*: bump layers/sw/meta-aws from `45a5379` to `114c02c` (#241) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- layers/sw/meta-aws | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layers/sw/meta-aws b/layers/sw/meta-aws index 45a5379f..114c02cd 160000 --- a/layers/sw/meta-aws +++ b/layers/sw/meta-aws @@ -1 +1 @@ -Subproject commit 45a5379fa72e88b4dd9dcf5fcd1f65d1230c50af +Subproject commit 114c02cd8d08991c6ccc94fcc7e49accbbeb0688 From b861ffdb9a37a60f928ea528d7f6f3e99ef02344 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 5 Sep 2025 09:21:24 +0200 Subject: [PATCH 31/66] meta-*: bump layers/sw/meta-virtualization from `02f72c9` to `af1db20` (#242) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- layers/sw/meta-virtualization | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layers/sw/meta-virtualization b/layers/sw/meta-virtualization index 02f72c96..af1db204 160000 --- a/layers/sw/meta-virtualization +++ b/layers/sw/meta-virtualization @@ -1 +1 @@ -Subproject commit 02f72c96bf9acd0bd3ae0463f482bce8feabe749 +Subproject commit af1db2042caf8021d767dce1b26c08b59b96f3d1 From ed6c14b5bb96e97a535fc3613dd11326212fe039 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 5 Sep 2025 09:21:31 +0200 Subject: [PATCH 32/66] meta-*: bump layers/sw/meta-qt5 from `554fc20` to `e197839` (#243) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- layers/sw/meta-qt5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layers/sw/meta-qt5 b/layers/sw/meta-qt5 index 554fc20c..e1978390 160000 --- a/layers/sw/meta-qt5 +++ b/layers/sw/meta-qt5 @@ -1 +1 @@ -Subproject commit 554fc20c326a9b205169331644f0cb471619e63c +Subproject commit e197839013fa2cfd59339508303bce91fef48928 From 3adac6d6fb16acf269f2eedc99ad500e44d5ca63 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 5 Sep 2025 09:21:38 +0200 Subject: [PATCH 33/66] meta-*: bump layers/bsp/meta-freescale from `e9c4546` to `7fbf266` (#244) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- layers/bsp/meta-freescale | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layers/bsp/meta-freescale b/layers/bsp/meta-freescale index e9c4546c..7fbf2668 160000 --- a/layers/bsp/meta-freescale +++ b/layers/bsp/meta-freescale @@ -1 +1 @@ -Subproject commit e9c4546c6dbb3039e282b6e2b2ea4a6de8e0a87d +Subproject commit 7fbf2668d7f37c7c7949cd52bf9f9bcb2fce5fb2 From 17f230db96483b8f6207123a52eab142973c23b0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Sep 2025 09:43:20 +0200 Subject: [PATCH 34/66] meta-*: bump layers/sw/meta-clang from `6691e4b` to `057ee56` (#245) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- layers/sw/meta-clang | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layers/sw/meta-clang b/layers/sw/meta-clang index 6691e4bc..057ee563 160000 --- a/layers/sw/meta-clang +++ b/layers/sw/meta-clang @@ -1 +1 @@ -Subproject commit 6691e4bc47e20b903dc3dd7684685086d2468b84 +Subproject commit 057ee563305e9484b29d02347aeafdadc5ea28ed From 2c8de6c63659c3ecec988f86162e45e4c4b02486 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Sep 2025 09:43:27 +0200 Subject: [PATCH 35/66] meta-*: bump layers/sw/meta-aws from `114c02c` to `e320c75` (#246) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- layers/sw/meta-aws | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layers/sw/meta-aws b/layers/sw/meta-aws index 114c02cd..e320c751 160000 --- a/layers/sw/meta-aws +++ b/layers/sw/meta-aws @@ -1 +1 @@ -Subproject commit 114c02cd8d08991c6ccc94fcc7e49accbbeb0688 +Subproject commit e320c751b139ad1142ac0dc4d5ed01e91eac2a7a From f37f07d34411e459657f3a2e7889c5b8c63c5039 Mon Sep 17 00:00:00 2001 From: Thomas Roos Date: Mon, 8 Sep 2025 12:42:33 +0000 Subject: [PATCH 36/66] aws-iot-greengrass-lite-demo-ec2-image: mv gg recipes into data partition if they exist --- .../aws-iot-greengrass-lite-demo-ec2-image.bb | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-ec2-image/aws-iot-greengrass-lite-demo-ec2-image.bb b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-ec2-image/aws-iot-greengrass-lite-demo-ec2-image.bb index 75357433..196594a4 100644 --- a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-ec2-image/aws-iot-greengrass-lite-demo-ec2-image.bb +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-ec2-image/aws-iot-greengrass-lite-demo-ec2-image.bb @@ -140,18 +140,29 @@ install -d ${IMAGE_ROOTFS}/grubenv install -d -m 0755 ${IMAGE_ROOTFS}/data install -d ${IMAGE_ROOTFS}/data/etc/greengrass -mv -f ${IMAGE_ROOTFS}/etc/greengrass/* ${IMAGE_ROOTFS}/data/etc/greengrass/ +if [ -n "$(ls -A ${IMAGE_ROOTFS}/etc/greengrass 2>/dev/null)" ]; then + mv -f ${IMAGE_ROOTFS}/etc/greengrass/* ${IMAGE_ROOTFS}/data/etc/greengrass/ +fi install -d -m 0700 ${IMAGE_ROOTFS}/data/root install -d ${IMAGE_ROOTFS}/data/etc/systemd/system +if [ -n "$(ls -A ${IMAGE_ROOTFS}/etc/systemd/system 2>/dev/null)" ]; then + mv -f ${IMAGE_ROOTFS}/etc/systemd/system/* ${IMAGE_ROOTFS}/data/etc/systemd/system +fi install -d ${IMAGE_ROOTFS}/data/var/lib/greengrass +if [ -n "$(ls -A ${IMAGE_ROOTFS}/var/lib/greengrass 2>/dev/null)" ]; then + mv -f ${IMAGE_ROOTFS}/var/lib/greengrass/* ${IMAGE_ROOTFS}/data/var/lib/greengrass +fi install -d ${IMAGE_ROOTFS}/data/home mv -f ${IMAGE_ROOTFS}/home/* ${IMAGE_ROOTFS}/data/home/ -install -d ${IMAGE_ROOTFS}/data/etc/systemd/network/ +install -d ${IMAGE_ROOTFS}/data/etc/systemd/network +if [ -n "$(ls -A ${IMAGE_ROOTFS}/etc/systemd/network 2>/dev/null)" ]; then + mv -f ${IMAGE_ROOTFS}/etc/systemd/network/* ${IMAGE_ROOTFS}/data/etc/systemd/network +fi install -d ${IMAGE_ROOTFS}/data/etc/ssh/ mv -f ${IMAGE_ROOTFS}/etc/ssh/* ${IMAGE_ROOTFS}/data/etc/ssh/ From c58ce6328f345725f3e1112713cc78d8ac82e916 Mon Sep 17 00:00:00 2001 From: Thomas Roos Date: Mon, 8 Sep 2025 12:43:40 +0000 Subject: [PATCH 37/66] fleet-provisioning-cfn.yaml: make names region independent This allows to deploy this in parallel into different regions --- .../fleetprovisioning/fleet-provisioning-cfn.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/scripts/fleetprovisioning/fleet-provisioning-cfn.yaml b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/scripts/fleetprovisioning/fleet-provisioning-cfn.yaml index 9643cb95..670fe5dd 100644 --- a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/scripts/fleetprovisioning/fleet-provisioning-cfn.yaml +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/scripts/fleetprovisioning/fleet-provisioning-cfn.yaml @@ -3,7 +3,7 @@ AWSTemplateFormatVersion: "2010-09-09" Parameters: ProvisioningTemplateName: Type: String - Default: "GreengrassFleetProvisioningTemplate" + Default: "GGFleetTemplate" GGTokenExchangeRoleName: Type: String Default: "GGTokenExchangeRole" @@ -28,7 +28,7 @@ Resources: GGTokenExchangeRole: Type: AWS::IAM::Role Properties: - RoleName: !Ref GGTokenExchangeRoleName + RoleName: !Sub "${GGTokenExchangeRoleName}-${AWS::Region}" AssumeRolePolicyDocument: Version: "2012-10-17" Statement: @@ -57,7 +57,7 @@ Resources: GGFleetProvisioningRole: Type: AWS::IAM::Role Properties: - RoleName: !Ref GGFleetProvisioningRoleName + RoleName: !Sub "${GGFleetProvisioningRoleName}-${AWS::Region}" AssumeRolePolicyDocument: Version: "2012-10-17" Statement: @@ -81,7 +81,7 @@ Resources: GGTokenExchangeRoleAlias: Type: AWS::IoT::RoleAlias Properties: - RoleAlias: !Sub "${GGTokenExchangeRoleAliasName}-${AWS::StackName}" + RoleAlias: !Sub "${GGTokenExchangeRoleAliasName}-${AWS::StackName}-${AWS::Region}" RoleArn: !GetAtt GGTokenExchangeRole.Arn CredentialDurationSeconds: 3600 @@ -219,7 +219,7 @@ Resources: FleetProvisioningTemplate: Type: AWS::IoT::ProvisioningTemplate Properties: - TemplateName: !Ref ProvisioningTemplateName + TemplateName: !Sub "${ProvisioningTemplateName}-${AWS::Region}" Description: "Fleet provisioning template for Greengrass devices" Enabled: true ProvisioningRoleArn: !GetAtt GGFleetProvisioningRole.Arn @@ -288,10 +288,10 @@ Resources: Outputs: ProvisioningTemplateName: Description: "Name of the provisioning template" - Value: !Ref ProvisioningTemplateName + Value: !Sub "${ProvisioningTemplateName}-${AWS::Region}" TokenExchangeRoleAlias: Description: "Role alias for token exchange" - Value: !Sub "${GGTokenExchangeRoleAliasName}-${AWS::StackName}" + Value: !Sub "${GGTokenExchangeRoleAliasName}-${AWS::StackName}-${AWS::Region}" ThingGroupName: Description: "Thing group for Greengrass devices" Value: !Ref GGThingGroupName From 2e9d2aedd13d100f2640c731d1196b4a55542034 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Sep 2025 23:23:30 +0200 Subject: [PATCH 38/66] meta-*: bump layers/sw/meta-aws from `e320c75` to `b222ef4` (#248) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- layers/sw/meta-aws | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layers/sw/meta-aws b/layers/sw/meta-aws index e320c751..b222ef40 160000 --- a/layers/sw/meta-aws +++ b/layers/sw/meta-aws @@ -1 +1 @@ -Subproject commit e320c751b139ad1142ac0dc4d5ed01e91eac2a7a +Subproject commit b222ef40d4ece66865ee3a286d9066541a99ee5c From 1e512422256f18334419cce22fa3bea1853332ea Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Sep 2025 23:23:38 +0200 Subject: [PATCH 39/66] meta-*: bump layers/bsp/meta-freescale from `7fbf266` to `212f4b3` (#247) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- layers/bsp/meta-freescale | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layers/bsp/meta-freescale b/layers/bsp/meta-freescale index 7fbf2668..212f4b3b 160000 --- a/layers/bsp/meta-freescale +++ b/layers/bsp/meta-freescale @@ -1 +1 @@ -Subproject commit 7fbf2668d7f37c7c7949cd52bf9f9bcb2fce5fb2 +Subproject commit 212f4b3b175f6d58c691192545454cd2d2e908d9 From 55197967be3850f2410b87b5d41693238983cfd3 Mon Sep 17 00:00:00 2001 From: Thomas Roos Date: Tue, 9 Sep 2025 07:17:53 +0000 Subject: [PATCH 40/66] ff-merge: use security best practics --- .github/workflows/ff-merge.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ff-merge.yml b/.github/workflows/ff-merge.yml index 4f3440f3..d63bd32a 100644 --- a/.github/workflows/ff-merge.yml +++ b/.github/workflows/ff-merge.yml @@ -22,13 +22,17 @@ jobs: - name: merge ${{ github.event.inputs.branch }}-next into ${{ github.event.inputs.branch }} working-directory: meta-aws-demos + env: + BRANCH_NAME: ${{ github.event.inputs.branch }} run: | git config --global user.name aws-iot-embedded-linux-ci git config --global user.email aws-iot-embedded-linux-ci@users.noreply.github.com - git merge --ff-only origin/${{ github.event.inputs.branch }}-next + git merge --ff-only origin/${BRANCH_NAME}-next - name: push ${{ github.event.inputs.branch }} working-directory: meta-aws-demos + env: + BRANCH_NAME: ${{ github.event.inputs.branch }} run: | - git push -u origin ${{ github.event.inputs.branch }} + git push -u origin ${BRANCH_NAME} From a11f65743a6805074c032a7181bf31197dd6649a Mon Sep 17 00:00:00 2001 From: Thomas Roos Date: Tue, 9 Sep 2025 07:52:38 +0000 Subject: [PATCH 41/66] aws-iot-greengrass-lite-demo-image: add comment about sqlite3 debugging --- .../aws-iot-greengrass-lite-demo-image.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/aws-iot-greengrass-lite-demo-image.bb b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/aws-iot-greengrass-lite-demo-image.bb index cd855288..01aca92a 100644 --- a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/aws-iot-greengrass-lite-demo-image.bb +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/aws-iot-greengrass-lite-demo-image.bb @@ -56,6 +56,9 @@ COPY_LIC_DIRS = "1" # IMAGE_INSTALL:append = " strace" # IMAGE_INSTALL:append = " lsof" +# IMAGE_INSTALL:append = " sqlite3" +# can be used to debug config db: /var/lib/greengrass# sqlite3 config.db + # this will install all src, dbg packages to allow proper debugging with gdb # EXTRA_IMAGE_FEATURES:append = " src-pkgs" # EXTRA_IMAGE_FEATURES:append = " dbg-pkgs" From f2c86ec65c8c2a9f4e31a26a1cad857746b4c959 Mon Sep 17 00:00:00 2001 From: Thomas Roos Date: Tue, 9 Sep 2025 13:26:11 +0000 Subject: [PATCH 42/66] aws-iot-fleetwise-test-image: add description and tools for perf --- .../aws-iot-fleetwise-test-image/README.md | 24 +++++++++++++++++++ .../aws-iot-fleetwise-test-image.bb | 6 +++++ .../aws-iot-fleetwise-test-image/config.conf | 22 +++++++++++++---- 3 files changed, 47 insertions(+), 5 deletions(-) diff --git a/meta-aws-demos/recipes-core/images/aws-iot-fleetwise-test-image/README.md b/meta-aws-demos/recipes-core/images/aws-iot-fleetwise-test-image/README.md index 7bbe5fb4..a96c5434 100644 --- a/meta-aws-demos/recipes-core/images/aws-iot-fleetwise-test-image/README.md +++ b/meta-aws-demos/recipes-core/images/aws-iot-fleetwise-test-image/README.md @@ -32,3 +32,27 @@ More information about AWS IoT FleetWise Edge Agent can be found [here](https:// ```bash runqemu slirp nographic ``` + +### perf testing + +Collecting data on the running target: +```bash +cd /usr/lib/aws-iot-fleetwise-edge/ptest +perf record -g -- tests/fwe-gtest --gtest_filter="*RisingEdgeTrigger*" --gtest_fail_fast +perf script > perf.out +``` + +Then copy local: +```bash +scp -O root@192.168.7.2:/usr/lib/aws-iot-fleetwise-edge/ptest/perf.out . +``` + +Then run Flamegraph commands on dev machine: + +```bash +cat perf.out | ~/git/FlameGraph/stackcollapse-perf.pl > perf.out.folded +~/git/FlameGraph/flamegraph.pl perf.out.folded > out.svg +``` +(download from here: `git clone https://github.com/brendangregg/FlameGraph`) + +View with e.g. firefox diff --git a/meta-aws-demos/recipes-core/images/aws-iot-fleetwise-test-image/aws-iot-fleetwise-test-image.bb b/meta-aws-demos/recipes-core/images/aws-iot-fleetwise-test-image/aws-iot-fleetwise-test-image.bb index bbfa6a19..e66f8784 100644 --- a/meta-aws-demos/recipes-core/images/aws-iot-fleetwise-test-image/aws-iot-fleetwise-test-image.bb +++ b/meta-aws-demos/recipes-core/images/aws-iot-fleetwise-test-image/aws-iot-fleetwise-test-image.bb @@ -9,3 +9,9 @@ TEST_SUITES = " ping aws-iot-fleetwise-edge " IMAGE_INSTALL:append = " aws-iot-fleetwise-edge \ can-utils " + +IMAGE_INSTALL:append = " perf" + +IMAGE_INSTALL:append = " ssh openssh-sshd openssh-sftp openssh-scp" + +IMAGE_INSTALL:append = " aws-iot-fleetwise-edge-ptest aws-iot-fleetwise-edge-dbg" diff --git a/meta-aws-demos/recipes-core/images/aws-iot-fleetwise-test-image/config.conf b/meta-aws-demos/recipes-core/images/aws-iot-fleetwise-test-image/config.conf index 090821ac..96a0b6fd 100644 --- a/meta-aws-demos/recipes-core/images/aws-iot-fleetwise-test-image/config.conf +++ b/meta-aws-demos/recipes-core/images/aws-iot-fleetwise-test-image/config.conf @@ -3,11 +3,6 @@ EXTRA_IMAGE_FEATURES ?= "debug-tweaks" SDKMACHINE = "x86_64" -TEST_SUITES = " ping aws-iot-fleetwise-edge " - -QEMU_USE_KVM = "" -QEMU_USE_SLIRP = "1" - IMAGE_INSTALL:append = " aws-iot-fleetwise-edge \ can-utils " @@ -24,3 +19,20 @@ VIRTUAL-RUNTIME_initscripts = "" VIRTUAL-RUNTIME_syslog = "" QB_MEM = "-m 2048" + +# use slirp networking instead of TAP interface (require root rights) +QEMU_USE_SLIRP = "1" +TEST_SERVER_IP = "127.0.0.1" + +# this will specify what test should run when running testimage cmd - oeqa layer tests + ptests: +# Ping and SSH are not required, but do help in debugging. ptest will discover all ptest packages. +TEST_SUITES = " ping ssh ptest parselogs" + +IMAGE_INSTALL:append = " ptest-runner ssh" + +# this will specify what test should run when running testimage cmd - oeqa layer tests + ptests: +# Ping and SSH are not required, but do help in debugging. ptest will discover all ptest packages. +TEST_SUITES = " ping ssh ptest parselogs" + +# this will allow - running testimage cmd: bitbake core-image-minimal -c testimage +IMAGE_CLASSES += "testimage" From d3b684bccece85e20dd51bceb0c3f0ceae9f9e8c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 9 Sep 2025 23:13:48 +0200 Subject: [PATCH 43/66] meta-*: bump layers/sw/meta-aws from `b222ef4` to `62be5af` (#250) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- layers/sw/meta-aws | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layers/sw/meta-aws b/layers/sw/meta-aws index b222ef40..62be5af1 160000 --- a/layers/sw/meta-aws +++ b/layers/sw/meta-aws @@ -1 +1 @@ -Subproject commit b222ef40d4ece66865ee3a286d9066541a99ee5c +Subproject commit 62be5af19c215fb24f128b13ecaf9369e1d99fce From be649f6272ca0de2e7a61e1114fccffdd8951c39 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 9 Sep 2025 23:13:55 +0200 Subject: [PATCH 44/66] meta-*: bump poky from `9ce8f26` to `6400741` in the layers group (#249) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- poky | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/poky b/poky index 9ce8f26d..6400741e 160000 --- a/poky +++ b/poky @@ -1 +1 @@ -Subproject commit 9ce8f26d37c2e3e0030fd1f36f5c54209c269a05 +Subproject commit 6400741e0c11d1620a5ebe394d24deec295236f9 From b6c7465a109945ac3381c4cc94b35e7850716bb2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 11 Sep 2025 09:21:55 +0200 Subject: [PATCH 45/66] meta-*: bump layers/bsp/meta-arm from `8e0f8af` to `0f1e7bf` (#253) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- layers/bsp/meta-arm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layers/bsp/meta-arm b/layers/bsp/meta-arm index 8e0f8af9..0f1e7bf9 160000 --- a/layers/bsp/meta-arm +++ b/layers/bsp/meta-arm @@ -1 +1 @@ -Subproject commit 8e0f8af90fefb03f08cd2228cde7a89902a6b37c +Subproject commit 0f1e7bf92c89759f0ab74cfa5be4ee47b092ad46 From 743d095a8652238621d7c8e89b5a388a0fd92166 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 11 Sep 2025 09:22:01 +0200 Subject: [PATCH 46/66] meta-*: bump layers/sw/meta-flutter from `25690be` to `545eda5` (#252) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- layers/sw/meta-flutter | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layers/sw/meta-flutter b/layers/sw/meta-flutter index 25690beb..545eda50 160000 --- a/layers/sw/meta-flutter +++ b/layers/sw/meta-flutter @@ -1 +1 @@ -Subproject commit 25690beb3a0d5fef485ef1741544ab6e8252b2d7 +Subproject commit 545eda504de8d9e7b7d2911898e891cb016b6693 From e6e0f7724443652006e587bdc538ff622735529e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 11 Sep 2025 09:22:07 +0200 Subject: [PATCH 47/66] meta-*: bump layers/bsp/meta-ampliphy from `75ad2ee` to `62da26d` (#254) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- layers/bsp/meta-ampliphy | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layers/bsp/meta-ampliphy b/layers/bsp/meta-ampliphy index 75ad2ee7..62da26dd 160000 --- a/layers/bsp/meta-ampliphy +++ b/layers/bsp/meta-ampliphy @@ -1 +1 @@ -Subproject commit 75ad2ee7e166ee88073eb3eb273a6f2bd96f8217 +Subproject commit 62da26dd90e41a57e785a9c5b1a61041887fb1f4 From 0da0e448260f2045d85179995bf4b8de7b7ec567 Mon Sep 17 00:00:00 2001 From: Thomas Roos Date: Thu, 11 Sep 2025 12:09:51 +0000 Subject: [PATCH 48/66] meta-phytec changed to scarthgap instead PR branch Closes: https://github.com/phytec/meta-phytec/pull/25 --- layers/bsp/meta-phytec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layers/bsp/meta-phytec b/layers/bsp/meta-phytec index 18dc90d0..9864fc05 160000 --- a/layers/bsp/meta-phytec +++ b/layers/bsp/meta-phytec @@ -1 +1 @@ -Subproject commit 18dc90d0f7b597ed9a8e5cdda5eadbbc04179f72 +Subproject commit 9864fc05235f5d6a359559e4c86a37ee9f8dc319 From f80e80d3dfe81f2f3671ce8932388ac0a496de1c Mon Sep 17 00:00:00 2001 From: Thomas Roos Date: Fri, 12 Sep 2025 08:23:40 +0000 Subject: [PATCH 49/66] .gitmodules: meta-phytec change to phytec, scarthgap --- .gitmodules | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitmodules b/.gitmodules index b2b5c65d..44ac75a3 100644 --- a/.gitmodules +++ b/.gitmodules @@ -112,5 +112,6 @@ branch = scarthgap [submodule "layers/bsp/meta-phytec"] path = layers/bsp/meta-phytec - url = https://github.com/thomas-roos/meta-phytec.git - branch = fix-optee-file-paths + url = https://github.com/phytec/meta-phytec.git + branch = scarthgap + From 13bf961acf362a2cfb847b64737eb51a6fde2ad0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 12 Sep 2025 19:17:50 +0000 Subject: [PATCH 50/66] meta-*: bump layers/bsp/meta-ti from `11a6031` to `0e2876e` Bumps layers/bsp/meta-ti from `11a6031` to `0e2876e`. --- updated-dependencies: - dependency-name: layers/bsp/meta-ti dependency-version: 0e2876e2ea7c28ddff5bc0052bdbc83dd07b7c98 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- layers/bsp/meta-ti | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layers/bsp/meta-ti b/layers/bsp/meta-ti index 11a60314..0e2876e2 160000 --- a/layers/bsp/meta-ti +++ b/layers/bsp/meta-ti @@ -1 +1 @@ -Subproject commit 11a60314cf00695f0131b6d955667d502a93165a +Subproject commit 0e2876e2ea7c28ddff5bc0052bdbc83dd07b7c98 From 53df7dcb376c14757b1631a04ac6f34a5828b622 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Sep 2025 19:18:09 +0000 Subject: [PATCH 51/66] meta-*: bump layers/sw/meta-aws from `62be5af` to `66a4a11` Bumps [layers/sw/meta-aws](https://github.com/aws4embeddedlinux/meta-aws) from `62be5af` to `66a4a11`. - [Commits](https://github.com/aws4embeddedlinux/meta-aws/compare/62be5af19c215fb24f128b13ecaf9369e1d99fce...66a4a1158373634e26ba52b5b5f3846047d86622) --- updated-dependencies: - dependency-name: layers/sw/meta-aws dependency-version: 66a4a1158373634e26ba52b5b5f3846047d86622 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- layers/sw/meta-aws | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layers/sw/meta-aws b/layers/sw/meta-aws index 62be5af1..66a4a115 160000 --- a/layers/sw/meta-aws +++ b/layers/sw/meta-aws @@ -1 +1 @@ -Subproject commit 62be5af19c215fb24f128b13ecaf9369e1d99fce +Subproject commit 66a4a1158373634e26ba52b5b5f3846047d86622 From 3ae8c165c2a441fb3e461d5ed3c23105c60c97de Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Sep 2025 19:18:03 +0000 Subject: [PATCH 52/66] meta-*: bump layers/sw/meta-openembedded from `c29a18f` to `b9fb655` Bumps [layers/sw/meta-openembedded](https://github.com/openembedded/meta-openembedded) from `c29a18f` to `b9fb655`. - [Commits](https://github.com/openembedded/meta-openembedded/compare/c29a18fa39ede952f3f6108ec007c1906e2d9a0d...b9fb6556a3c8a3e477dce334205b658cb79ad501) --- updated-dependencies: - dependency-name: layers/sw/meta-openembedded dependency-version: b9fb6556a3c8a3e477dce334205b658cb79ad501 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- layers/sw/meta-openembedded | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layers/sw/meta-openembedded b/layers/sw/meta-openembedded index c29a18fa..b9fb6556 160000 --- a/layers/sw/meta-openembedded +++ b/layers/sw/meta-openembedded @@ -1 +1 @@ -Subproject commit c29a18fa39ede952f3f6108ec007c1906e2d9a0d +Subproject commit b9fb6556a3c8a3e477dce334205b658cb79ad501 From 8337bf7d67141f1c3dfa9e75eb60ae4fb2e952ee Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 17 Sep 2025 19:16:36 +0000 Subject: [PATCH 53/66] meta-*: bump layers/bsp/meta-phytec from `9864fc0` to `9eeefee` Bumps [layers/bsp/meta-phytec](https://github.com/phytec/meta-phytec) from `9864fc0` to `9eeefee`. - [Commits](https://github.com/phytec/meta-phytec/compare/9864fc05235f5d6a359559e4c86a37ee9f8dc319...9eeefee598164974954e92e1da0f56c05893019c) --- updated-dependencies: - dependency-name: layers/bsp/meta-phytec dependency-version: 9eeefee598164974954e92e1da0f56c05893019c dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- layers/bsp/meta-phytec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layers/bsp/meta-phytec b/layers/bsp/meta-phytec index 9864fc05..9eeefee5 160000 --- a/layers/bsp/meta-phytec +++ b/layers/bsp/meta-phytec @@ -1 +1 @@ -Subproject commit 9864fc05235f5d6a359559e4c86a37ee9f8dc319 +Subproject commit 9eeefee598164974954e92e1da0f56c05893019c From 710d4e47f5d64175b5aa0081035881bd6229ca9f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 17 Sep 2025 19:16:32 +0000 Subject: [PATCH 54/66] meta-*: bump layers/bsp/meta-freescale from `212f4b3` to `aba4a65` Bumps [layers/bsp/meta-freescale](https://github.com/Freescale/meta-freescale) from `212f4b3` to `aba4a65`. - [Commits](https://github.com/Freescale/meta-freescale/compare/212f4b3b175f6d58c691192545454cd2d2e908d9...aba4a65809d3a2cce977f1b8b673fd6b434120e1) --- updated-dependencies: - dependency-name: layers/bsp/meta-freescale dependency-version: aba4a65809d3a2cce977f1b8b673fd6b434120e1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- layers/bsp/meta-freescale | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layers/bsp/meta-freescale b/layers/bsp/meta-freescale index 212f4b3b..aba4a658 160000 --- a/layers/bsp/meta-freescale +++ b/layers/bsp/meta-freescale @@ -1 +1 @@ -Subproject commit 212f4b3b175f6d58c691192545454cd2d2e908d9 +Subproject commit aba4a65809d3a2cce977f1b8b673fd6b434120e1 From 11bd2b8a891562609de5136a28142fe6acb07abc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 17 Sep 2025 19:16:29 +0000 Subject: [PATCH 55/66] meta-*: bump layers/bsp/meta-ampliphy from `62da26d` to `8cf3bce` Bumps [layers/bsp/meta-ampliphy](https://github.com/phytec/meta-ampliphy) from `62da26d` to `8cf3bce`. - [Commits](https://github.com/phytec/meta-ampliphy/compare/62da26dd90e41a57e785a9c5b1a61041887fb1f4...8cf3bce91a43062bdf71853000ba74920d671932) --- updated-dependencies: - dependency-name: layers/bsp/meta-ampliphy dependency-version: 8cf3bce91a43062bdf71853000ba74920d671932 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- layers/bsp/meta-ampliphy | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layers/bsp/meta-ampliphy b/layers/bsp/meta-ampliphy index 62da26dd..8cf3bce9 160000 --- a/layers/bsp/meta-ampliphy +++ b/layers/bsp/meta-ampliphy @@ -1 +1 @@ -Subproject commit 62da26dd90e41a57e785a9c5b1a61041887fb1f4 +Subproject commit 8cf3bce91a43062bdf71853000ba74920d671932 From 1c7a2dbc16514b9c7a939f84682a4bc0d64fe66a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 16 Sep 2025 19:16:00 +0000 Subject: [PATCH 56/66] meta-*: bump layers/sw/meta-browser from `2dabbb1` to `1240b0a` Bumps [layers/sw/meta-browser](https://github.com/OSSystems/meta-browser) from `2dabbb1` to `1240b0a`. - [Commits](https://github.com/OSSystems/meta-browser/compare/2dabbb1bc1488f244bf66674fe7268a44dcc0d79...1240b0a0b68ccac096e37b5b619c55a5b439c128) --- updated-dependencies: - dependency-name: layers/sw/meta-browser dependency-version: 1240b0a0b68ccac096e37b5b619c55a5b439c128 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- layers/sw/meta-browser | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layers/sw/meta-browser b/layers/sw/meta-browser index 2dabbb1b..1240b0a0 160000 --- a/layers/sw/meta-browser +++ b/layers/sw/meta-browser @@ -1 +1 @@ -Subproject commit 2dabbb1bc1488f244bf66674fe7268a44dcc0d79 +Subproject commit 1240b0a0b68ccac096e37b5b619c55a5b439c128 From e4af42aa339cecc513149970f99ddd506cf9a89c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 18 Sep 2025 19:31:27 +0000 Subject: [PATCH 57/66] meta-*: bump poky from `6400741` to `31b2c45` in the layers group Bumps the layers group with 1 update: poky. Updates `poky` from `6400741` to `31b2c45` --- updated-dependencies: - dependency-name: poky dependency-version: 31b2c45764702e0dfac4661db686f48374cee787 dependency-type: direct:production dependency-group: layers ... Signed-off-by: dependabot[bot] --- poky | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/poky b/poky index 6400741e..31b2c457 160000 --- a/poky +++ b/poky @@ -1 +1 @@ -Subproject commit 6400741e0c11d1620a5ebe394d24deec295236f9 +Subproject commit 31b2c45764702e0dfac4661db686f48374cee787 From 2d46f6d485d210fb63359094f5203f702cbc1f9b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 18 Sep 2025 19:31:43 +0000 Subject: [PATCH 58/66] meta-*: bump layers/bsp/meta-freescale from `aba4a65` to `145c001` Bumps [layers/bsp/meta-freescale](https://github.com/Freescale/meta-freescale) from `aba4a65` to `145c001`. - [Commits](https://github.com/Freescale/meta-freescale/compare/aba4a65809d3a2cce977f1b8b673fd6b434120e1...145c001471e96d2897294785d9f1faed9d7056cc) --- updated-dependencies: - dependency-name: layers/bsp/meta-freescale dependency-version: 145c001471e96d2897294785d9f1faed9d7056cc dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- layers/bsp/meta-freescale | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layers/bsp/meta-freescale b/layers/bsp/meta-freescale index aba4a658..145c0014 160000 --- a/layers/bsp/meta-freescale +++ b/layers/bsp/meta-freescale @@ -1 +1 @@ -Subproject commit aba4a65809d3a2cce977f1b8b673fd6b434120e1 +Subproject commit 145c001471e96d2897294785d9f1faed9d7056cc From 438e013e1091b6eeb775cc0d320a0827eec36da9 Mon Sep 17 00:00:00 2001 From: Thomas Roos Date: Thu, 18 Sep 2025 15:16:15 +0000 Subject: [PATCH 59/66] add a tpm demo for gg-lite see aws-iot-greengrass-lite-demo-simple-image-tpm --- .gitmodules | 13 ++- README.md | 2 + layers/bsp/meta-slb9670-rpi | 1 + layers/sw/meta-security | 1 + .../conf/devices/aws-ec2-arm64/README.md | 3 +- .../conf/devices/aws-ec2-arm64/config.conf | 6 +- .../conf/devices/aws-ec2-x86-64/README.md | 3 +- .../conf/devices/aws-ec2-x86-64/config.conf | 7 ++ .../conf/devices/raspberrypi-64/config.conf | 3 +- .../conf/devices/raspberrypi4-tpm/README.md | 16 ++++ .../conf/devices/raspberrypi4-tpm/config.conf | 21 +++++ .../conf/devices/raspberrypi4-tpm/layers.conf | 4 + .../README.md | 83 +++++++++++++++++++ ...t-greengrass-lite-demo-simple-image-tpm.bb | 67 +++++++++++++++ .../config.conf | 43 ++++++++++ .../layers.conf | 13 +++ 16 files changed, 278 insertions(+), 8 deletions(-) create mode 160000 layers/bsp/meta-slb9670-rpi create mode 160000 layers/sw/meta-security create mode 100644 meta-aws-demos/conf/devices/raspberrypi4-tpm/README.md create mode 100644 meta-aws-demos/conf/devices/raspberrypi4-tpm/config.conf create mode 100644 meta-aws-demos/conf/devices/raspberrypi4-tpm/layers.conf create mode 100644 meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-simple-image-tpm/README.md create mode 100644 meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-simple-image-tpm/aws-iot-greengrass-lite-demo-simple-image-tpm.bb create mode 100644 meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-simple-image-tpm/config.conf create mode 100644 meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-simple-image-tpm/layers.conf diff --git a/.gitmodules b/.gitmodules index 44ac75a3..360657fd 100644 --- a/.gitmodules +++ b/.gitmodules @@ -114,4 +114,15 @@ path = layers/bsp/meta-phytec url = https://github.com/phytec/meta-phytec.git branch = scarthgap - +[submodule "layers/sw/scarthgap-rust-mixin"] + path = layers/sw/scarthgap-rust-mixin + url = https://git.yoctoproject.org/meta-lts-mixins + branch = scarthgap/rust +[submodule "layers/sw/meta-security"] + path = layers/sw/meta-security + url = https://github.com/thomas-roos/meta-security + branch = scarthgap +[submodule "layers/bsp/meta-slb9670-rpi"] + path = layers/bsp/meta-slb9670-rpi + url = https://github.com/ejaaskel/meta-slb9670-rpi.git + branch = scarthgap diff --git a/README.md b/README.md index 6f4210aa..10a72571 100644 --- a/README.md +++ b/README.md @@ -34,6 +34,7 @@ alphabetical order for ease of selection, no preference should be inferred. - [`qemuarm64`](meta-aws-demos/conf/devices/qemuarm64/README.md) - [`qemux86-64`](meta-aws-demos/conf/devices/qemux86-64/README.md) - [`raspberrypi-64` / Raspberry Pi Foundation](meta-aws-demos/conf/devices/raspberrypi-64/README.md) +- [`raspberrypi4-tpm` / Raspberry Pi Foundation](meta-aws-demos/conf/devices/raspberrypi4-tpm/README.md) - [`raspberrypi2` / Raspberry Pi Foundation](meta-aws-demos/conf/devices/raspberrypi2/README.md) - [`raspberrypi0-wifi` / Raspberry Pi Foundation](meta-aws-demos/conf/devices/raspberrypi0-wifi/README.md) - [`rockchip-rv1106`](meta-aws-demos/conf/devices/rockchip-rv1106/README.md) @@ -55,6 +56,7 @@ Generally you can build all images for all "Devices", but some combinations do n - [aws-iot-greengrass-lite-demo-image](meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/README.md) - [aws-iot-greengrass-lite-demo-ec2-image](meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-ec2-image/README.md) - [aws-iot-greengrass-lite-demo-simple-image](meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-simple-image/README.md) +- [aws-iot-greengrass-lite-demo-simple-imag-tpm](meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-simple-image-tpm/README.md) - [aws-iot-greengrass-lite-demo-tiny-image](meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-tiny-image/README.md) - [aws-iot-greengrass-lite-webrtc-demo-image](meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-webrtc-demo-image/README.md) - [aws-webrtc-demo-image](meta-aws-demos/recipes-core/images/aws-webrtc-demo-image/README.md) diff --git a/layers/bsp/meta-slb9670-rpi b/layers/bsp/meta-slb9670-rpi new file mode 160000 index 00000000..b2e614da --- /dev/null +++ b/layers/bsp/meta-slb9670-rpi @@ -0,0 +1 @@ +Subproject commit b2e614da8f49b6e7cb536b1cf946460d5c1f6484 diff --git a/layers/sw/meta-security b/layers/sw/meta-security new file mode 160000 index 00000000..31d28eb9 --- /dev/null +++ b/layers/sw/meta-security @@ -0,0 +1 @@ +Subproject commit 31d28eb97d82697f388ed60ce92de8eb02c802ce diff --git a/meta-aws-demos/conf/devices/aws-ec2-arm64/README.md b/meta-aws-demos/conf/devices/aws-ec2-arm64/README.md index 9939803f..0e98dbb5 100644 --- a/meta-aws-demos/conf/devices/aws-ec2-arm64/README.md +++ b/meta-aws-demos/conf/devices/aws-ec2-arm64/README.md @@ -21,6 +21,5 @@ bitbake $IMAGE ### Upload this image to your ec2 account (follow instructions to setup this up before!) ```bash -cd .. -meta-aws-demos$ layers/sw/meta-aws/scripts/ec2-ami/create-ec2-ami.sh amitest-bucket 16 aws-demo-image aws-ec2-arm64 +../layers/sw/meta-aws/scripts/ec2-ami/create-ec2-ami.sh amitest-bucket 16 $IAMGE aws-ec2-arm64 ``` diff --git a/meta-aws-demos/conf/devices/aws-ec2-arm64/config.conf b/meta-aws-demos/conf/devices/aws-ec2-arm64/config.conf index d5dbe981..08026222 100644 --- a/meta-aws-demos/conf/devices/aws-ec2-arm64/config.conf +++ b/meta-aws-demos/conf/devices/aws-ec2-arm64/config.conf @@ -5,4 +5,8 @@ INHERIT += "aws-ec2-image" SDKMACHINE = "x86_64" -QB_MEM = "-m 2048" \ No newline at end of file +QB_MEM = "-m 2048" + +# for correct PVRE reporting +IMAGE_INSTALL:append = " curl amazon-ssm-agent util-linux ca-certificates" +IMAGE_FEATURES:append = " package-management" \ No newline at end of file diff --git a/meta-aws-demos/conf/devices/aws-ec2-x86-64/README.md b/meta-aws-demos/conf/devices/aws-ec2-x86-64/README.md index a7efb30f..df3dfb16 100644 --- a/meta-aws-demos/conf/devices/aws-ec2-x86-64/README.md +++ b/meta-aws-demos/conf/devices/aws-ec2-x86-64/README.md @@ -21,6 +21,5 @@ bitbake $IMAGE ### Upload this image to your ec2 account (follow instructions to setup this up before!) ```bash -cd .. -meta-aws-demos$ layers/sw/meta-aws/scripts/ec2-ami/create-ec2-ami.sh amitest-bucket 16 aws-demo-image aws-ec2-x86-64 +../layers/sw/meta-aws/scripts/ec2-ami/create-ec2-ami.sh amitest-bucket 16 $IMAGE aws-ec2-x86-64 ``` diff --git a/meta-aws-demos/conf/devices/aws-ec2-x86-64/config.conf b/meta-aws-demos/conf/devices/aws-ec2-x86-64/config.conf index 89cc4ea3..e32a4680 100644 --- a/meta-aws-demos/conf/devices/aws-ec2-x86-64/config.conf +++ b/meta-aws-demos/conf/devices/aws-ec2-x86-64/config.conf @@ -2,3 +2,10 @@ DISTRO ?= "poky" MACHINE ?= "aws-ec2-x86-64" INHERIT += "aws-ec2-image" + +# for ec2 nitro tpm (see aws-iot-greengrass-lite-demo-simple-image-tpm) +MACHINE_FEATURES:append = " tpm2" + +# for correct PVRE reporting +IMAGE_INSTALL:append = " curl amazon-ssm-agent util-linux ca-certificates" +IMAGE_FEATURES:append = " package-management" diff --git a/meta-aws-demos/conf/devices/raspberrypi-64/config.conf b/meta-aws-demos/conf/devices/raspberrypi-64/config.conf index 00b13608..95958d4a 100644 --- a/meta-aws-demos/conf/devices/raspberrypi-64/config.conf +++ b/meta-aws-demos/conf/devices/raspberrypi-64/config.conf @@ -11,5 +11,4 @@ ENABLE_UART = "1" # https://meta-raspberrypi.readthedocs.io/en/latest/ipcompliance.html LICENSE_FLAGS_ACCEPTED = "synaptics-killswitch" -# necessary as long as this PR is not merged: https://github.com/agherzan/meta-raspberrypi/pull/1460 -RPI_KERNEL_DEVICETREE_OVERLAYS:append = " overlays/bcm2712d0.dtbo" +MACHINE_FEATURES:append = " tpm2" \ No newline at end of file diff --git a/meta-aws-demos/conf/devices/raspberrypi4-tpm/README.md b/meta-aws-demos/conf/devices/raspberrypi4-tpm/README.md new file mode 100644 index 00000000..f901f38f --- /dev/null +++ b/meta-aws-demos/conf/devices/raspberrypi4-tpm/README.md @@ -0,0 +1,16 @@ +# raspberrypi-4 - Raspberry Pi 4 64bit with TPM support + +With this TPM module https://letstrust.de/ + +See here: https://github.com/agherzan/meta-raspberrypi + +and here: https://github.com/ejaaskel/meta-slb9670-rpi + +https://ejaaskel.dev/raspberry-pi-4-letstrust-tpm-and-yocto/ + + +helpful to reset the TPM module: + +```bash +tpm2_clear -c p +``` diff --git a/meta-aws-demos/conf/devices/raspberrypi4-tpm/config.conf b/meta-aws-demos/conf/devices/raspberrypi4-tpm/config.conf new file mode 100644 index 00000000..90fe43a0 --- /dev/null +++ b/meta-aws-demos/conf/devices/raspberrypi4-tpm/config.conf @@ -0,0 +1,21 @@ +MACHINE = "raspberrypi4-64" + +IMAGE_FSTYPES ?= "wic wic.bz2" + +# WIFI +DISTRO_FEATURES:append = " wifi" + +# ENABLE DEBUG OVER USB +ENABLE_UART = "1" + +# https://meta-raspberrypi.readthedocs.io/en/latest/ipcompliance.html +LICENSE_FLAGS_ACCEPTED = "synaptics-killswitch" + +MACHINE_FEATURES:append = " tpm2" + +ENABLE_SPI_BUS = "1" +RPI_EXTRA_CONFIG = "dtoverlay=letstrust-tpm" +IMAGE_INSTALL:append = " kernel-image kernel-devicetree" + +# add device tree overlay for the LetsTrust TPM +KERNEL_DEVICETREE:append = " overlays/letstrust-tpm.dtbo" diff --git a/meta-aws-demos/conf/devices/raspberrypi4-tpm/layers.conf b/meta-aws-demos/conf/devices/raspberrypi4-tpm/layers.conf new file mode 100644 index 00000000..615122d4 --- /dev/null +++ b/meta-aws-demos/conf/devices/raspberrypi4-tpm/layers.conf @@ -0,0 +1,4 @@ +BBLAYERS += "\ + ${OEROOT}/../layers/bsp/meta-raspberrypi \ + ${OEROOT}/../layers/bsp/meta-slb9670-rpi \ +" \ No newline at end of file diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-simple-image-tpm/README.md b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-simple-image-tpm/README.md new file mode 100644 index 00000000..b69d0221 --- /dev/null +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-simple-image-tpm/README.md @@ -0,0 +1,83 @@ +# aws-iot-greengrass-lite-demo-simple-image-tpm + +This image is similar to [aws-iot-greengrass-lite-demo-simple-image](../aws-iot-greengrass-lite-demo-simple-image/README.md) + +The main difference it is supporting a TPM module. + +Tested with `aws-ec2-x86-64` and `raspberrypi4-tpm` + + + +Note: for aws-ec2-x86-64 you need to upload the snapshot with tpm support and start with a nitro instance that suppors tpm (e.g. m5n.large). + + +Modify / Create a new ami after upload +``` +aws ec2 register-image \ + --name my-tpm-image \ + --boot-mode uefi \ + --architecture x86_64 \ + --root-device-name /dev/sda1 \ + --block-device-mappings DeviceName=/dev/sda1,Ebs={SnapshotId=snap-xxxxxxxxxxxxxx} \ + --tpm-support v2.0 +``` + + +More information here: https://github.com/aws-greengrass/aws-greengrass-lite/blob/main/docs/TPM_SUPPORT.md + + +Add the following configuration here: /etc/ssl/openssl.cnf + +```bash +[openssl_init] +providers = provider_sect + +[provider_sect] +default = default_sect +tpm2 = tpm2_sect + +[default_sect] +activate = 1 + +[tpm2_sect] +identity = tpm2 +module = /usr/lib/ossl-modules/tpm2.so +activate = 1 +``` + + +example config.yaml +``` +--- +system: + rootPath: "/var/lib/greengrass" + privateKeyPath: "handle:0x81000002" + certificateFilePath: "/etc/greengrass/ggcredentials/device.pem" + rootCaPath: "/etc/greengrass/ggcredentials/AmazonRootCA1.pem" + rootPath: "/var/lib/greengrass" + thingName: "TPMThing" +services: + aws.greengrass.NucleusLite: + componentType: "NUCLEUS" + configuration: + runWithDefault: + posixUser: "ggcore:ggcore" + greengrassDataPlanePort: "8443" + platformOverride: {} + awsRegion: "eu-central-1" + iotRoleAlias: "GreengrassV2TokenExchangeCoreDeviceRoleAlias" + iotDataEndpoint: "a20mxm1jboggkj-ats.iot.eu-central-1.amazonaws.com" + iotCredEndpoint: "c2cw693ei5usp5.credentials.iot.eu-central-1.amazonaws.com" +``` + + + + + + + + +Sep 18 14:40:21 raspberrypi4-64 iotcored[667]: E[iotcored] tls.c:255: Failed TLS handshake. +Sep 18 14:40:21 raspberrypi4-64 iotcored[667]: E[iotcored] tls.c:50: [openssl]: A0F15DB47F000000:error:0800007D:elliptic curve routines:ossl_ecdsa_simple_sign_sig:missing private key:/usr/src/debug/openssl/3.2.4/crypto/ec/ecdsa_ossl.c:291: +Sep 18 14:40:21 raspberrypi4-64 iotcored[667]: E[iotcored] tls.c:50: [openssl]: A0F15DB47F000000:error:0A080006:SSL routines:tls_construct_cert_verify:EVP lib:/usr/src/debug/openssl/3.2.4/ssl/statem/statem_lib.c:406: +Sep 18 14:40:21 raspberrypi4-64 iotcored[667]: E[iotcored] mqtt.c:284: Failed to create TLS connection. diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-simple-image-tpm/aws-iot-greengrass-lite-demo-simple-image-tpm.bb b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-simple-image-tpm/aws-iot-greengrass-lite-demo-simple-image-tpm.bb new file mode 100644 index 00000000..fb60f759 --- /dev/null +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-simple-image-tpm/aws-iot-greengrass-lite-demo-simple-image-tpm.bb @@ -0,0 +1,67 @@ +SUMMARY = "A demo image for aws-iot-greengrass-lite" +HOMEPAGE = "https://github.com/aws4embeddedlinux/meta-aws-demos" + +LICENSE = "MIT" + +# this needs to be done before installing the (dynamic) packagegroups +inherit core-image + +IMAGE_INSTALL += "\ + ${CORE_IMAGE_EXTRA_INSTALL} \ + packagegroup-base \ + packagegroup-core-boot \ + " + +### AWS ### +IMAGE_INSTALL:append = " greengrass-lite" + +# only adding if device is rpi, as others might have a different partition layout +IMAGE_INSTALL:append:rpi = " greengrass-config-init" + +### tmux ### +IMAGE_INSTALL:append = " tmux" +GLIBC_GENERATE_LOCALES = "en_US.UTF-8 UTF-8" +IMAGE_INSTALL:append = " glibc-utils localedef " +IMAGE_INSTALL:append = " ssh openssh-sshd openssh-sftp" +IMAGE_INSTALL:append = " python3-misc python3-venv python3-tomllib python3-ensurepip libcgroup python3-pip" + +### aws-iot-device-client ### +# IMAGE_INSTALL:append = " aws-iot-device-client" + +### amazon-cloudwatch-publisher ### +# IMAGE_INSTALL:append = " amazon-cloudwatch-publisher" + +### misc ### +IMAGE_INSTALL:append = " sudo" + +# this will disable root password - be warned! +EXTRA_IMAGE_FEATURES ?= "allow-empty-password allow-root-login empty-root-password" + +### license compliance ### +COPY_LIC_MANIFEST = "1" + +COPY_LIC_DIRS = "1" + +### debug tools ### +# IMAGE_INSTALL:append = " ldd gdb" +# IMAGE_INSTALL:append = " valgrind" +# IMAGE_INSTALL:append = " strace" + +# this will install all src, dbg packages to allow proper debugging with gdb +# EXTRA_IMAGE_FEATURES:append = " src-pkgs dbg-pkgs" + +# this should be equal to sdimage-aws-iot-greengrass-lite-demo-ab_partition.wks.in file, +# for rauc bundle generation wic file is not used! +ROOTFS_POSTINSTALL_COMMAND += "extra_files_common" +ROOTFS_POSTINSTALL_COMMAND:rpi += "extra_files_rpi" + +extra_files_common () { + # enable systemd-time-wait-sync as this is important for greengrass to have a correct clock + ln -sf /${libdir}/systemd/system/systemd-time-wait-sync.service ${IMAGE_ROOTFS}/${sysconfdir}/systemd/system/multi-user.target.wants/ +} + +extra_files_rpi () { + # decided to do here instead of a bbappend of wpa:supplicant + install -d ${IMAGE_ROOTFS}/${sysconfdir}/systemd/system/multi-user.target.wants/ + ln -sf /${libdir}/systemd/system/wpa_supplicant@.service ${IMAGE_ROOTFS}/${sysconfdir}/systemd/system/multi-user.target.wants/wpa_supplicant@wlan0.service +} diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-simple-image-tpm/config.conf b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-simple-image-tpm/config.conf new file mode 100644 index 00000000..97177c32 --- /dev/null +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-simple-image-tpm/config.conf @@ -0,0 +1,43 @@ +DISTRO = "poky-altcfg" + +QB_MEM = "-m 2048" +BOOT_SPACE = "69152" + +IMAGE_OVERHEAD_FACTOR = "2.0" + +# just necessary if aws-iot-device-client is installed +PACKAGECONFIG:pn-aws-iot-device-client = "st" + +COPY_LIC_MANIFEST = "1" + +COPY_LIC_DIRS = "1" + +BB_GENERATE_MIRROR_TARBALLS = "1" + +BB_GIT_SHALLOW = "1" + +BB_GENERATE_SHALLOW_TARBALLS = "1" + +INHERIT += "create-spdx" + +# tests + +# use slirp networking instead of TAP interface (require root rights) +#QEMU_USE_SLIRP = "1" +#TEST_SERVER_IP = "127.0.0.1" + +# this will specify what test should run when running testimage cmd - oeqa layer tests + ptests: +# Ping and SSH are not required, but do help in debugging. ptest will discover all ptest packages. +# TEST_SUITES = " ping ssh ptest" + +# this will allow - running testimage cmd: bitbake core-image-minimal -c testimage +# IMAGE_CLASSES += "testimage" + +# PUT = package under test / this is set in auto.conf +# PUT = "greengrass-lite-ptest" +# IMAGE_INSTALL:append = " ptest-runner ssh ${PUT}" + +# tpm support +IMAGE_INSTALL:append = " packagegroup-security-tpm2" + +DISTRO_FEATURES:append = " tpm" diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-simple-image-tpm/layers.conf b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-simple-image-tpm/layers.conf new file mode 100644 index 00000000..de60948b --- /dev/null +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-simple-image-tpm/layers.conf @@ -0,0 +1,13 @@ +BBLAYERS += "\ + ${OEROOT}/meta \ + ${OEROOT}/meta-poky \ + ${OEROOT}/../meta-aws-demos \ + ${OEROOT}/../layers/sw/meta-aws \ + ${OEROOT}/../layers/sw/meta-clang \ + ${OEROOT}/../layers/sw/meta-openembedded/meta-oe \ + ${OEROOT}/../layers/sw/meta-openembedded/meta-python \ + ${OEROOT}/../layers/sw/meta-openembedded/meta-multimedia \ + ${OEROOT}/../layers/sw/meta-openembedded/meta-networking \ + ${OEROOT}/../layers/sw/meta-openembedded/meta-filesystems \ + ${OEROOT}/../layers/sw/meta-security/meta-tpm \ +" From 7aff22b0c8f81c77e2b05b5c0148b32711f5d564 Mon Sep 17 00:00:00 2001 From: Thomas Roos Date: Tue, 23 Sep 2025 10:12:44 +0000 Subject: [PATCH 60/66] aws-ec2-arm64, aws-ec2-x86-64: add packages, config defaults to support PVRE reporting --- meta-aws-demos/conf/devices/aws-ec2-arm64/config.conf | 5 +++-- meta-aws-demos/conf/devices/aws-ec2-x86-64/config.conf | 3 ++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/meta-aws-demos/conf/devices/aws-ec2-arm64/config.conf b/meta-aws-demos/conf/devices/aws-ec2-arm64/config.conf index 08026222..f708597e 100644 --- a/meta-aws-demos/conf/devices/aws-ec2-arm64/config.conf +++ b/meta-aws-demos/conf/devices/aws-ec2-arm64/config.conf @@ -8,5 +8,6 @@ SDKMACHINE = "x86_64" QB_MEM = "-m 2048" # for correct PVRE reporting -IMAGE_INSTALL:append = " curl amazon-ssm-agent util-linux ca-certificates" -IMAGE_FEATURES:append = " package-management" \ No newline at end of file +IMAGE_INSTALL:append = " curl amazon-ssm-agent util-linux ca-certificates coreutils" +IMAGE_FEATURES:append = " package-management" +PACKAGE_CLASSES ?= "package_rpm" \ No newline at end of file diff --git a/meta-aws-demos/conf/devices/aws-ec2-x86-64/config.conf b/meta-aws-demos/conf/devices/aws-ec2-x86-64/config.conf index e32a4680..252fe0da 100644 --- a/meta-aws-demos/conf/devices/aws-ec2-x86-64/config.conf +++ b/meta-aws-demos/conf/devices/aws-ec2-x86-64/config.conf @@ -7,5 +7,6 @@ INHERIT += "aws-ec2-image" MACHINE_FEATURES:append = " tpm2" # for correct PVRE reporting -IMAGE_INSTALL:append = " curl amazon-ssm-agent util-linux ca-certificates" +IMAGE_INSTALL:append = " curl amazon-ssm-agent util-linux ca-certificates coreutils" IMAGE_FEATURES:append = " package-management" +PACKAGE_CLASSES ?= "package_rpm" From cb3bb16042f30a4de18d5d5746b8367515ba254d Mon Sep 17 00:00:00 2001 From: Thomas Roos Date: Tue, 23 Sep 2025 10:13:42 +0000 Subject: [PATCH 61/66] aws-iot-greengrass-lite-demo-simple-image-tpm: support LetsTrust-TPM2Go --- .../README.md | 47 ++++++++----------- .../config.conf | 7 +++ 2 files changed, 27 insertions(+), 27 deletions(-) diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-simple-image-tpm/README.md b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-simple-image-tpm/README.md index b69d0221..6afbeba7 100644 --- a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-simple-image-tpm/README.md +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-simple-image-tpm/README.md @@ -2,31 +2,14 @@ This image is similar to [aws-iot-greengrass-lite-demo-simple-image](../aws-iot-greengrass-lite-demo-simple-image/README.md) -The main difference it is supporting a TPM module. +The main difference it is supporting a TPM module to test [Greengrass Lite TPM support](https://github.com/aws-greengrass/aws-greengrass-lite/blob/main/docs/TPM_SUPPORT.md) Tested with `aws-ec2-x86-64` and `raspberrypi4-tpm` +Using LetsTrust-TPM (RaspberryPi 4) and LetsTrust-TPM2Go (any device) -Note: for aws-ec2-x86-64 you need to upload the snapshot with tpm support and start with a nitro instance that suppors tpm (e.g. m5n.large). - - -Modify / Create a new ami after upload -``` -aws ec2 register-image \ - --name my-tpm-image \ - --boot-mode uefi \ - --architecture x86_64 \ - --root-device-name /dev/sda1 \ - --block-device-mappings DeviceName=/dev/sda1,Ebs={SnapshotId=snap-xxxxxxxxxxxxxx} \ - --tpm-support v2.0 -``` - - -More information here: https://github.com/aws-greengrass/aws-greengrass-lite/blob/main/docs/TPM_SUPPORT.md - - -Add the following configuration here: /etc/ssl/openssl.cnf +Add the following configuration here: `/etc/ssl/openssl.cnf` ```bash [openssl_init] @@ -46,7 +29,8 @@ activate = 1 ``` -example config.yaml +example Greengrass lite `config.yaml` + ``` --- system: @@ -72,12 +56,21 @@ services: +## aws-ec2-x86-64 +Note: for aws-ec2-x86-64 you need to upload the snapshot with tpm support and start with a nitro instance that suppors tpm (e.g. m5n.large). +Modify / Create a new ami after upload +``` +aws ec2 register-image \ + --name my-tpm-image \ + --boot-mode uefi \ + --architecture x86_64 \ + --root-device-name /dev/sda1 \ + --block-device-mappings DeviceName=/dev/sda1,Ebs={SnapshotId=snap-xxxxxxxxxxxxxx} \ + --tpm-support v2.0 +``` - - -Sep 18 14:40:21 raspberrypi4-64 iotcored[667]: E[iotcored] tls.c:255: Failed TLS handshake. -Sep 18 14:40:21 raspberrypi4-64 iotcored[667]: E[iotcored] tls.c:50: [openssl]: A0F15DB47F000000:error:0800007D:elliptic curve routines:ossl_ecdsa_simple_sign_sig:missing private key:/usr/src/debug/openssl/3.2.4/crypto/ec/ecdsa_ossl.c:291: -Sep 18 14:40:21 raspberrypi4-64 iotcored[667]: E[iotcored] tls.c:50: [openssl]: A0F15DB47F000000:error:0A080006:SSL routines:tls_construct_cert_verify:EVP lib:/usr/src/debug/openssl/3.2.4/ssl/statem/statem_lib.c:406: -Sep 18 14:40:21 raspberrypi4-64 iotcored[667]: E[iotcored] mqtt.c:284: Failed to create TLS connection. +## LetsTrust-TPM2Go +https://github.com/tpm2-software/tpm2-tss/blob/master/doc/tcti-spi-ltt2go.md +additional steps required: https://github.com/tpm2-software/tpm2-tss/blob/master/doc/tcti-spi-ltt2go.md#abrmd-udev--systemd-service diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-simple-image-tpm/config.conf b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-simple-image-tpm/config.conf index 97177c32..a06164e1 100644 --- a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-simple-image-tpm/config.conf +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-simple-image-tpm/config.conf @@ -41,3 +41,10 @@ INHERIT += "create-spdx" IMAGE_INSTALL:append = " packagegroup-security-tpm2" DISTRO_FEATURES:append = " tpm" + +# LetsTrust-TPM2Go +# https://github.com/tpm2-software/tpm2-tss/blob/master/doc/tcti-spi-ltt2go.md +# if libusb1 is available ltt2go support will be enabled automatically +# additional steps required: https://github.com/tpm2-software/tpm2-tss/blob/master/doc/tcti-spi-ltt2go.md#abrmd-udev--systemd-service +DEPENDS:append:pn-tpm2-tss = " libusb1" +DEPENDS:append:pn-tpm2-tss-engine = " libusb1" From 125ed50cb78f9236c463bc4fb04ebb89e59f3cc3 Mon Sep 17 00:00:00 2001 From: Thomas Roos Date: Fri, 26 Sep 2025 15:03:17 +0000 Subject: [PATCH 62/66] wip: adding streaming examples --- .gitmodules | 8 + layers/bsp/meta-swupdate-boards | 1 + layers/sw/meta-swupdate | 1 + meta-aws-demos/conf/layer.conf | 2 + .../README.md | 41 +++ .../aws-iot-greengrass-lite-demo-bundle.bb | 4 + .../aws-iot-greengrass-lite-demo-image.bb | 11 + .../README.md | 131 ++++++++ ...-iot-greengrass-lite-demo-swupdate-file.bb | 18 ++ ...iot-greengrass-lite-demo-swupdate-image.bb | 140 ++++++++ .../config.conf | 47 +++ .../files/development-1.cert.pem | 80 +++++ .../files/development-1.key.pem | 28 ++ .../files/emmcsetup.lua | 0 .../files/sw-description | 52 +++ .../layers.conf | 15 + .../scripts/fleetprovisioning/README.md | 70 ++++ ...eate-fleet-provisioning-stack-and-certs.sh | 135 ++++++++ .../fleet-provisioning-cfn.yaml | 300 ++++++++++++++++++ ...-iot-greengrass-lite-demo_partition.wks.in | 4 + .../swupdate/swupdate_%.bbappend | 6 + 21 files changed, 1094 insertions(+) create mode 160000 layers/bsp/meta-swupdate-boards create mode 160000 layers/sw/meta-swupdate create mode 100644 meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/README.md create mode 100644 meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/aws-iot-greengrass-lite-demo-swupdate-file.bb create mode 100644 meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/aws-iot-greengrass-lite-demo-swupdate-image.bb create mode 100644 meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/config.conf create mode 100644 meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/files/development-1.cert.pem create mode 100644 meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/files/development-1.key.pem create mode 100644 meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/files/emmcsetup.lua create mode 100644 meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/files/sw-description create mode 100644 meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/layers.conf create mode 100644 meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/scripts/fleetprovisioning/README.md create mode 100755 meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/scripts/fleetprovisioning/create-fleet-provisioning-stack-and-certs.sh create mode 100644 meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/scripts/fleetprovisioning/fleet-provisioning-cfn.yaml create mode 100644 meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/wic/sdimage-aws-iot-greengrass-lite-demo_partition.wks.in create mode 100644 meta-aws-demos/recipes-support/swupdate/swupdate_%.bbappend diff --git a/.gitmodules b/.gitmodules index 360657fd..e9430df0 100644 --- a/.gitmodules +++ b/.gitmodules @@ -126,3 +126,11 @@ path = layers/bsp/meta-slb9670-rpi url = https://github.com/ejaaskel/meta-slb9670-rpi.git branch = scarthgap +[submodule "layers/sw/meta-swupdate"] + path = layers/sw/meta-swupdate + url = https://github.com/sbabic/meta-swupdate.git + branch = scarthgap +[submodule "layers/bsp/meta-swupdate-boards"] + path = layers/bsp/meta-swupdate-boards + url = https://github.com/sbabic/meta-swupdate-boards.git + branch = scarthgap diff --git a/layers/bsp/meta-swupdate-boards b/layers/bsp/meta-swupdate-boards new file mode 160000 index 00000000..fbc9c61e --- /dev/null +++ b/layers/bsp/meta-swupdate-boards @@ -0,0 +1 @@ +Subproject commit fbc9c61e298f6bd186942837437a340e6d18b79c diff --git a/layers/sw/meta-swupdate b/layers/sw/meta-swupdate new file mode 160000 index 00000000..43ef322c --- /dev/null +++ b/layers/sw/meta-swupdate @@ -0,0 +1 @@ +Subproject commit 43ef322cbf5b91d84b007c343cf73e9b01699594 diff --git a/meta-aws-demos/conf/layer.conf b/meta-aws-demos/conf/layer.conf index 12d0b344..56f032f1 100644 --- a/meta-aws-demos/conf/layer.conf +++ b/meta-aws-demos/conf/layer.conf @@ -24,3 +24,5 @@ BBMASK += "${@bb.utils.contains('BBFILE_COLLECTIONS', 'virtualization-layer', '' # Ignore other images than the selected IMAGE, this is necessary if an image use a layer global class that is not present in other images it will give error otherwise. BBMASK += "/meta-aws-demos/recipes-core/images/(?!${IMAGE}/)" + +BB_DANGLINGAPPENDS_WARNONLY = "1" \ No newline at end of file diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/README.md b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/README.md index 7069050f..89f2ab8f 100644 --- a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/README.md +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/README.md @@ -239,3 +239,44 @@ Manifests: - URI: 's3://2024-11-27-us-east-1ab-update/update.raucb' Unarchive: 'NONE' ``` + +## Configuration for streaming updates + +The update file (`update.raucb`) is stored in an S3 bucket. But not downloaded as before from the Greengrass component, instead a signed url is generated and passed into rauc. +This allows (streaming)[https://rauc.readthedocs.io/en/latest/advanced.html#http-streaming] and (adaptive)[https://rauc.readthedocs.io/en/latest/advanced.html#adaptive-updates] updates. + +```yaml +--- +RecipeFormatVersion: '2020-01-25' +ComponentName: 'com.example.AbUpdateRaucStreaming' +ComponentVersion: '1.0.1' +ComponentDescription: 'Manages A/B system updates using RAUC streaming' +ComponentPublisher: 'Example Corp' +ComponentType: 'aws.greengrass.generic' +ComponentDependencies: + aws.greengrass.TokenExchangeService: + VersionRequirement: ">=2.0.0" + DependencyType: HARD +Manifests: + - Platform: + os: 'linux' + runtime: "*" + Lifecycle: + bootstrap: + Script: | + echo Bootstrap + echo AWS_CONTAINER_AUTHORIZATION_TOKEN: $AWS_CONTAINER_AUTHORIZATION_TOKEN + echo AWS_CONTAINER_CREDENTIALS_FULL_URI: $AWS_CONTAINER_CREDENTIALS_FULL_URI + BUCKET=rauc-yocto-test-bucket + UPDATEFILE=aws-iot-greengrass-lite-demo-swupdate-file-raspberrypi-armv8.rootfs.swu + REGION=$(aws s3api get-bucket-location --bucket "$BUCKET" --query LocationConstraint --output text) + echo $REGION + BUNDLE_URL=$(aws s3 presign "s3://$BUCKET/$UPDATEFILE" --expires-in 3600 --endpoint-url "https://s3.$REGION.amazonaws.com") + echo $BUNDLE_URL + sudo rauc install $BUNDLE_URL + RequiresPrivilege: true + startup: + Script: | + echo Startup + rauc status +``` diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/aws-iot-greengrass-lite-demo-bundle.bb b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/aws-iot-greengrass-lite-demo-bundle.bb index 046420e4..dd2baf51 100644 --- a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/aws-iot-greengrass-lite-demo-bundle.bb +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/aws-iot-greengrass-lite-demo-bundle.bb @@ -15,3 +15,7 @@ RAUC_BUNDLE_FORMAT ?= "verity" # they are intended for demo purpose only RAUC_KEY_FILE ?= "${THISDIR}/files/development-1.key.pem" RAUC_CERT_FILE ?= "${THISDIR}/files/development-1.cert.pem" + +# uncomment for enabling adaptive update method 'block-hash-index' +RAUC_SLOT_rootfs[fstype] = "ext4" +RAUC_SLOT_rootfs[adaptive] = "block-hash-index" diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/aws-iot-greengrass-lite-demo-image.bb b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/aws-iot-greengrass-lite-demo-image.bb index 01aca92a..114e4d40 100644 --- a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/aws-iot-greengrass-lite-demo-image.bb +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/aws-iot-greengrass-lite-demo-image.bb @@ -124,3 +124,14 @@ ln -sf /${libdir}/systemd/system/systemd-time-wait-sync.service ${IMAGE_ROOTFS}/ install -d ${IMAGE_ROOTFS}/data/home } + +IMAGE_INSTALL:append = " aws-cli" + +# Optimizations for RAUC adaptive method 'block-hash-index' +# rootfs image size must to be 4K-aligned +IMAGE_ROOTFS_ALIGNMENT = "4" + +# TODO +# ext4 block size should be set to 4K and use a fixed directory hash seed to +# reduce the image delta size (keep oe-core's 4K bytes-per-inode) +# EXTRA_IMAGECMD:ext4 = "-i 4096 -b 4096 -E hash_seed=86ca73ff-7379-40bd-a098-fcb03a6e719d" \ No newline at end of file diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/README.md b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/README.md new file mode 100644 index 00000000..0fcc99e0 --- /dev/null +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/README.md @@ -0,0 +1,131 @@ +# aws-iot-greengrass-lite-demo-swupdate-image +Similar to +But demo for (swupdate[])https://sbabic.github.io/swupdate/index.html] + +Tested with: `raspberrypi-64` + +```bash +export MACHINE=raspberrypi-64 +export IMAGE=aws-iot-greengrass-lite-demo-swupdate-image + +bitbake aws-iot-greengrass-lite-demo-swupdate-image +bitbake aws-iot-greengrass-lite-demo-swupdate-file +``` + +Flash `aws-iot-greengrass-lite-demo-swupdate-image-raspberrypi-armv8.rootfs.wic.bz2` onto the sdcard. +(`sudo bzcat aws-iot-greengrass-lite-demo-swupdate-image-raspberrypi-armv8.rootfs.wic.bz2 | sudo dcfldd of=/dev/sdXXX`) + +Use `aws-iot-greengrass-lite-demo-swupdate-file-raspberrypi-armv8.rootfs.swu` as an update file for sw-update + +Eg. +```bash +scp aws-iot-greengrass-lite-demo-swupdate-file-raspberrypi-armv8.rootfs.swu root@192.168.0.192:/tmp/ + +# to install on rootfs_A +swupdate -i /tmp/aws-iot-greengrass-lite-demo-swupdate-file-raspberrypi-armv8.rootfs.swu -H raspberrypi-armv8:1.0 -e stable,copy2 + +# to install on rootfs_B +swupdate -i /tmp/aws-iot-greengrass-lite-demo-swupdate-file-raspberrypi-armv8.rootfs.swu -H raspberrypi-armv8:1.0 -e stable,copy1 + +``` + + +## How to use in a gg component + +The component operates in two main phases: + +1. **Bootstrap**: Installs the RAUC bundle update. +2. **Startup**: Verifies the installation by comparing the hash of the installed bundle with the currently running slot. + +## Configuration + +The update file (`aws-iot-greengrass-lite-demo-swupdate-file-raspberrypi-armv8.rootfs.swu`) is stored in an S3 bucket. Ensure the S3 URI in the component recipe is updated to point to your specific update file location. +Do modify the bucket name, version etc. + +```yaml +--- +RecipeFormatVersion: '2020-01-25' +ComponentName: 'com.example.AbUpdateSwUpdate' +ComponentVersion: '1.0.1' +ComponentDescription: 'Manages A/B system updates using swupdate' +ComponentPublisher: 'Example Corp' +ComponentType: 'aws.greengrass.generic' +ComponentDependencies: + aws.greengrass.TokenExchangeService: + VersionRequirement: ">=2.0.0" + DependencyType: HARD +Manifests: + - Platform: + os: 'linux' + runtime: "*" + Lifecycle: + bootstrap: + Script: | + echo Bootstrap + rootfs=`swupdate -g` + if [ $rootfs == '/dev/mmcblk0p2' ];then + selection="-e stable,copy2" + else + selection="-e stable,copy1" + fi + sudo swupdate -i {artifacts:path}/aws-iot-greengrass-lite-demo-swupdate-file-raspberrypi-armv8.rootfs.swu -H raspberrypi-armv8:1.0 ${selection} + RequiresPrivilege: true + startup: + Script: | + echo Startup + rauc status + current_booted_slot_bundle_hash=$(rauc status --detailed --output-format=json-pretty | jq -r '.slots[] | select(.[].state == "booted") | .[].slot_status.bundle.hash') + bundle_hash=$(rauc info --output-format=json-pretty {artifacts:path}/aws-iot-greengrass-lite-demo-swupdate-file-raspberrypi-armv8.rootfs.swu | jq -r '.hash') + if [ "$current_booted_slot_bundle_hash" == "$bundle_hash" ]; then + echo "Bundle image hash matches the current running slot" + else + echo "Bundle image hash differs from the current running slot" + exit 1 + fi + Artifacts: + - URI: 's3://2024-11-27-us-east-1ab-update/aws-iot-greengrass-lite-demo-swupdate-file-raspberrypi-armv8.rootfs.swu' + Unarchive: 'NONE' +``` + + +## Configuration for streaming updates + +The update file (`aws-iot-greengrass-lite-demo-swupdate-file-raspberrypi-armv8.rootfs.swu`) is stored in an S3 bucket. Ensure the S3 URI in the component recipe is updated to point to your specific update file location. +Do modify the bucket name, version etc. + +```yaml +--- +RecipeFormatVersion: '2020-01-25' +ComponentName: 'com.example.AbUpdateSwUpdateStreaming' +ComponentVersion: '1.0.1' +ComponentDescription: 'Manages A/B system updates using swupdate streaming' +ComponentPublisher: 'Example Corp' +ComponentType: 'aws.greengrass.generic' +Manifests: + - Platform: + os: 'linux' + runtime: "*" + Lifecycle: + bootstrap: + Script: | + echo Bootstrap + echo AWS_CONTAINER_AUTHORIZATION_TOKEN: $AWS_CONTAINER_AUTHORIZATION_TOKEN + echo AWS_CONTAINER_CREDENTIALS_FULL_URI: $AWS_CONTAINER_CREDENTIALS_FULL_URI + BUCKET=swupdate-yocto-test-bucket + UPDATEFILE=aws-iot-greengrass-lite-demo-swupdate-file-raspberrypi-armv8.rootfs.swu + REGION=$(aws s3api get-bucket-location --bucket "$BUCKET" --query LocationConstraint --output text) + echo $REGION + BUNDLE_URL=$(aws s3 presign "s3://$BUCKET/$UPDATEFILE" --expires-in 3600 --endpoint-url "https://s3.$REGION.amazonaws.com") + echo $BUNDLE_URL + rootfs=`swupdate -g` + if [ $rootfs == '/dev/mmcblk0p2' ];then + selection="-e stable,copy2" + else + selection="-e stable,copy1" + fi + sudo swupdate -d -u"$BUNDLE_URL" -H raspberrypi-armv8:1.0 ${selection} + RequiresPrivilege: true + startup: + Script: | + echo Startup +``` diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/aws-iot-greengrass-lite-demo-swupdate-file.bb b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/aws-iot-greengrass-lite-demo-swupdate-file.bb new file mode 100644 index 00000000..949d08c1 --- /dev/null +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/aws-iot-greengrass-lite-demo-swupdate-file.bb @@ -0,0 +1,18 @@ +DESCRIPTION = "A swupdate image for aws-iot-greengrass-lite-demo-image" + +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302" + +inherit swupdate + +SRC_URI = "\ + file://emmcsetup.lua \ + file://sw-description \ +" + +# images to build before building swupdate image +IMAGE_DEPENDS = "aws-iot-greengrass-lite-demo-swupdate-image" + +# images and files that will be included in the .swu image +SWUPDATE_IMAGES = "aws-iot-greengrass-lite-demo-swupdate-image-raspberrypi-armv8" +SWUPDATE_IMAGES_FSTYPES[aws-iot-greengrass-lite-demo-swupdate-image-raspberrypi-armv8] = ".rootfs.ext4.gz" diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/aws-iot-greengrass-lite-demo-swupdate-image.bb b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/aws-iot-greengrass-lite-demo-swupdate-image.bb new file mode 100644 index 00000000..12eb6d03 --- /dev/null +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/aws-iot-greengrass-lite-demo-swupdate-image.bb @@ -0,0 +1,140 @@ +SUMMARY = "A demo image for aws-iot-greengrass-lite with A/B updates" +HOMEPAGE = "https://github.com/aws4embeddedlinux/meta-aws-demos" + +LICENSE = "MIT" + +# this needs to be done before installing the (dynamic) packagegroups +inherit core-image + +IMAGE_INSTALL += "\ + ${CORE_IMAGE_EXTRA_INSTALL} \ + packagegroup-base \ + packagegroup-core-boot \ + " + +### AWS ### +IMAGE_INSTALL:append = " greengrass-lite" +IMAGE_INSTALL:append = " aws-iot-device-sdk-python-v2" +IMAGE_INSTALL:append = " jq" +IMAGE_INSTALL:append = " python3-misc python3-venv python3-tomllib python3-ensurepip libcgroup python3-pip" + +### rauc ### +# CORE_IMAGE_EXTRA_INSTALL:append = " rauc-grow-data-part" + +# only adding if device is rpi, as others might have a different partition layout +IMAGE_INSTALL:append:rpi = " greengrass-config-init" + +# this will allow kernel updates with rauc +IMAGE_INSTALL:append = " kernel-image kernel-modules" + +### tmux ### +IMAGE_INSTALL:append = " tmux" +GLIBC_GENERATE_LOCALES = "en_US.UTF-8 UTF-8" +IMAGE_INSTALL:append = " glibc-utils localedef " +IMAGE_INSTALL:append = " ssh openssh-sshd openssh-sftp openssh-scp" + +### aws-iot-device-client ### +# IMAGE_INSTALL:append = " aws-iot-device-client" + +### amazon-cloudwatch-publisher ### +# IMAGE_INSTALL:append = " amazon-cloudwatch-publisher" + +### misc ### +IMAGE_INSTALL:append = " sudo" + +# this will disable root password - be warned! +EXTRA_IMAGE_FEATURES ?= "allow-empty-password allow-root-login empty-root-password" + +### license compliance ### +COPY_LIC_MANIFEST = "1" + +COPY_LIC_DIRS = "1" + +### debug tools ### +# IMAGE_INSTALL:append = " ldd gdb" +# IMAGE_INSTALL:append = " valgrind" +# IMAGE_INSTALL:append = " strace" +# IMAGE_INSTALL:append = " lsof" + +# IMAGE_INSTALL:append = " sqlite3" +# can be used to debug config db: /var/lib/greengrass# sqlite3 config.db + +# this will install all src, dbg packages to allow proper debugging with gdb +# EXTRA_IMAGE_FEATURES:append = " src-pkgs" +# EXTRA_IMAGE_FEATURES:append = " dbg-pkgs" + +IMAGE_FEATURES += "read-only-rootfs" + +# this should be equal to sdimage-aws-iot-greengrass-lite-demo-ab_partition.wks.in file, +# for rauc bundle generation wic file is not used! +ROOTFS_POSTPROCESS_COMMAND += "rootfs_user_fstab" + +rootfs_user_fstab () { + +# overwrite the default fstab, adding customization for this image +cat << EOF > ${IMAGE_ROOTFS}/${sysconfdir}/fstab +/dev/root / auto defaults 1 1 +proc /proc proc defaults 0 0 +devpts /dev/pts devpts mode=0620,ptmxmode=0666,gid=5 0 0 +tmpfs /run tmpfs mode=0755,nodev,nosuid,strictatime 0 0 +tmpfs /var/volatile tmpfs defaults 0 0 +LABEL=boot /boot vfat defaults 0 0 +LABEL=data /data ext4 x-systemd.growfs 0 0 +/data/etc/wpa_supplicant /etc/wpa_supplicant none bind 0 0 +/data/etc/greengrass /etc/greengrass none bind 0 0 +/data/etc/systemd/network /etc/systemd/network none bind 0 0 +/data/etc/systemd/system /etc/systemd/system none bind 0 0 +/data/var/lib/greengrass /var/lib/greengrass none bind 0 0 +/data/home /home none bind 0 0 +EOF + +install -d -m 0755 ${IMAGE_ROOTFS}/data + +# copy those directories that should be present at the data partition to /data and just +# leave them empty as a mount point for the bind mount + +install -d ${IMAGE_ROOTFS}/data/etc/greengrass +if [ -n "$(ls -A ${IMAGE_ROOTFS}/etc/greengrass 2>/dev/null)" ]; then + mv -f ${IMAGE_ROOTFS}/etc/greengrass/* ${IMAGE_ROOTFS}/data/etc/greengrass/ +fi + +install -d ${IMAGE_ROOTFS}/data/etc/wpa_supplicant + +install -d ${IMAGE_ROOTFS}/data/etc/systemd/network +if [ -n "$(ls -A ${IMAGE_ROOTFS}/etc/systemd/network 2>/dev/null)" ]; then + mv -f ${IMAGE_ROOTFS}/etc/systemd/network/* ${IMAGE_ROOTFS}/data/etc/systemd/network +fi + +install -d ${IMAGE_ROOTFS}/data/etc/systemd/system +if [ -n "$(ls -A ${IMAGE_ROOTFS}/etc/systemd/system 2>/dev/null)" ]; then + mv -f ${IMAGE_ROOTFS}/etc/systemd/system/* ${IMAGE_ROOTFS}/data/etc/systemd/system +fi + +install -d ${IMAGE_ROOTFS}/data/var/lib/greengrass +if [ -n "$(ls -A ${IMAGE_ROOTFS}/var/lib/greengrass 2>/dev/null)" ]; then + mv -f ${IMAGE_ROOTFS}/var/lib/greengrass/* ${IMAGE_ROOTFS}/data/var/lib/greengrass +fi + +# decided to do here instead of a bbappend of wpa:supplicant +install -d ${IMAGE_ROOTFS}/${sysconfdir}/systemd/system/multi-user.target.wants/ +ln -sf /${libdir}/systemd/system/wpa_supplicant@.service ${IMAGE_ROOTFS}/${sysconfdir}/systemd/system/multi-user.target.wants/wpa_supplicant@wlan0.service + +# enable systemd-time-wait-sync as this is important for greengrass to have a correct clock +ln -sf /${libdir}/systemd/system/systemd-time-wait-sync.service ${IMAGE_ROOTFS}/${sysconfdir}/systemd/system/multi-user.target.wants/ + +install -d ${IMAGE_ROOTFS}/data/home + +#### swupdate +echo ${MACHINE}:1.0 > ${IMAGE_ROOTFS}/etc/hwrevision + +} + + +#### swupdate + +IMAGE_INSTALL += "\ + swupdate \ + util-linux-sfdisk \ + " + +IMAGE_INSTALL:append = " aws-cli" \ No newline at end of file diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/config.conf b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/config.conf new file mode 100644 index 00000000..1db43940 --- /dev/null +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/config.conf @@ -0,0 +1,47 @@ +DISTRO = "poky-altcfg" + +QB_MEM = "-m 2048" +BOOT_SPACE = "69152" + +# we are read only, no addition space necessary +IMAGE_OVERHEAD_FACTOR = "1" + +BOOT_SPACE = "69152" + +# DISTRO_FEATURES:append = " rauc" + +# we do not use bluetooth at the moment +DISTRO_FEATURES:remove = " bluetooth" + +ENABLE_UART = "1" + +RPI_USE_U_BOOT = "1" + +# PREFERRED_PROVIDER_virtual/bootloader = "u-boot" +WKS_FILE = "${THISDIR}/wic/sdimage-aws-iot-greengrass-lite-demo_partition.wks.in" + +# Settings for meta-rauc-raspberry-pi +IMAGE_FSTYPES = "ext4 ext4.gz wic wic.bz2 " +# IMAGE_INSTALL:append = " rauc" + +# just necessary if aws-iot-device-client is installed +PACKAGECONFIG:pn-aws-iot-device-client = "st" + +COPY_LIC_MANIFEST = "1" + +COPY_LIC_DIRS = "1" + +BB_GENERATE_MIRROR_TARBALLS = "1" + +BB_GIT_SHALLOW = "1" + +BB_GENERATE_SHALLOW_TARBALLS = "1" + +INHERIT += "create-spdx" + +# add build info to the image +INHERIT += "image-buildinfo" + +# if not set, you will have to take care of mount points at two places, with this set image +# partition layout is done in wic file and fstab settings in aws-iot-greengrass-lite-demo-ab-image.bb +WIC_CREATE_EXTRA_ARGS = "--no-fstab-update" diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/files/development-1.cert.pem b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/files/development-1.cert.pem new file mode 100644 index 00000000..987a2319 --- /dev/null +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/files/development-1.cert.pem @@ -0,0 +1,80 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: O=Test Org, CN=Test Org rauc CA Development + Validity + Not Before: Jan 1 00:00:00 1970 GMT + Not After : Dec 31 23:59:59 9999 GMT + Subject: O=Test Org, CN=Test Org Development-1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:ac:2b:0f:05:02:d0:bb:b0:47:05:36:71:3c:20: + 0e:a7:76:8d:75:c1:23:5e:6c:7a:2d:94:ff:3c:17: + d8:0b:44:48:2a:82:03:92:c5:fd:33:76:0c:42:cf: + 4d:8a:c9:47:7f:af:52:7c:15:6c:3b:e7:60:d1:04: + 97:24:7b:07:1f:56:7d:6c:3f:31:e8:f9:36:7b:33: + 5b:cf:54:ea:37:98:a6:b1:9a:1d:da:96:a1:07:14: + 9c:15:80:4d:db:0c:03:86:ce:c7:3d:72:57:a2:da: + a0:c0:8c:b2:9a:a0:6a:e5:b8:5f:52:d2:f6:27:ca: + 48:f4:e3:86:eb:be:24:93:6a:af:60:68:7f:09:3b: + 81:96:ce:85:0c:63:93:d8:fa:91:dc:50:2e:77:bb: + bc:38:42:e9:86:d8:ac:33:dd:e6:d4:37:69:e3:01: + 8d:21:8f:a9:4a:7f:15:a5:aa:a9:be:fc:36:93:a4: + 10:0c:18:33:30:06:7f:1c:13:b3:a9:c6:57:d7:6b: + 96:45:15:e7:f5:8f:3d:48:e0:08:46:4f:7f:ef:14: + 77:95:25:25:9b:14:21:84:25:eb:37:0b:01:48:e6: + f5:c1:8b:61:c6:cb:8c:6b:a7:d8:d2:f9:31:e3:80: + 3f:78:ea:6a:41:6c:5d:4d:83:a6:54:0d:5b:c2:0e: + f6:ef + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 89:4C:FE:8A:60:4D:C9:6D:F7:A8:C0:04:49:7F:AA:05:92:29:17:FB + X509v3 Authority Key Identifier: + keyid:44:0C:AF:4A:74:B4:C7:65:02:B2:95:F1:91:7C:A3:CC:E6:3E:99:E8 + DirName:/O=Test Org/CN=Test Org rauc CA Development + serial:01 + + X509v3 Basic Constraints: + CA:FALSE + Signature Algorithm: sha256WithRSAEncryption + 2c:d2:30:68:f5:84:52:1e:cf:ed:0d:fc:e7:02:69:0b:3b:f6: + c3:77:00:12:1d:2d:d0:8f:49:9e:5c:f1:00:7b:1d:4f:d5:a9: + 46:a5:df:54:90:50:b4:8f:8e:ba:4b:2d:82:74:eb:5b:a8:f5: + 45:7b:77:73:b1:9b:32:93:15:c0:5c:02:2a:ed:b0:1e:bb:d8: + 4e:41:17:20:af:04:46:21:20:7b:86:9f:32:ab:54:71:26:e8: + 0b:75:12:9c:63:53:4f:54:db:a7:f9:b2:fa:e9:ee:4a:9d:80: + ba:ae:3f:eb:ef:10:11:2d:4f:5a:34:fb:8b:45:10:63:0b:f8: + af:f3:8b:24:21:2a:e0:0b:44:38:44:b5:9d:6e:8a:ff:1f:bf: + 6e:44:21:22:ec:8a:8d:73:63:e5:df:1a:ec:2a:64:1f:97:f9: + 5c:3a:25:7f:03:80:4c:db:99:5e:f9:7d:2b:f1:d0:97:4d:95: + 6f:29:47:7b:3f:29:e3:96:25:b0:1c:f1:0b:8b:8b:ba:de:3b: + 3f:40:2e:bd:31:68:ea:a9:8f:dc:c9:09:22:df:76:69:08:5d: + 5d:a4:09:62:80:20:83:9e:bd:d4:a6:35:ee:97:50:66:39:62: + 66:1b:2e:75:f2:6d:e7:06:ae:67:5f:4b:63:5c:52:e7:5d:dd: + c9:0c:86:2b +-----BEGIN CERTIFICATE----- +MIIDfTCCAmWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADA6MREwDwYDVQQKDAhUZXN0 +IE9yZzElMCMGA1UEAwwcVGVzdCBPcmcgcmF1YyBDQSBEZXZlbG9wbWVudDAgFw03 +MDAxMDEwMDAwMDBaGA85OTk5MTIzMTIzNTk1OVowNDERMA8GA1UECgwIVGVzdCBP +cmcxHzAdBgNVBAMMFlRlc3QgT3JnIERldmVsb3BtZW50LTEwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCsKw8FAtC7sEcFNnE8IA6ndo11wSNebHotlP88 +F9gLREgqggOSxf0zdgxCz02KyUd/r1J8FWw752DRBJckewcfVn1sPzHo+TZ7M1vP +VOo3mKaxmh3alqEHFJwVgE3bDAOGzsc9clei2qDAjLKaoGrluF9S0vYnykj044br +viSTaq9gaH8JO4GWzoUMY5PY+pHcUC53u7w4QumG2Kwz3ebUN2njAY0hj6lKfxWl +qqm+/DaTpBAMGDMwBn8cE7OpxlfXa5ZFFef1jz1I4AhGT3/vFHeVJSWbFCGEJes3 +CwFI5vXBi2HGy4xrp9jS+THjgD946mpBbF1Ng6ZUDVvCDvbvAgMBAAGjgZEwgY4w +HQYDVR0OBBYEFIlM/opgTclt96jABEl/qgWSKRf7MGIGA1UdIwRbMFmAFEQMr0p0 +tMdlArKV8ZF8o8zmPpnooT6kPDA6MREwDwYDVQQKDAhUZXN0IE9yZzElMCMGA1UE +AwwcVGVzdCBPcmcgcmF1YyBDQSBEZXZlbG9wbWVudIIBATAJBgNVHRMEAjAAMA0G +CSqGSIb3DQEBCwUAA4IBAQAs0jBo9YRSHs/tDfznAmkLO/bDdwASHS3Qj0meXPEA +ex1P1alGpd9UkFC0j466Sy2CdOtbqPVFe3dzsZsykxXAXAIq7bAeu9hOQRcgrwRG +ISB7hp8yq1RxJugLdRKcY1NPVNun+bL66e5KnYC6rj/r7xARLU9aNPuLRRBjC/iv +84skISrgC0Q4RLWdbor/H79uRCEi7IqNc2Pl3xrsKmQfl/lcOiV/A4BM25le+X0r +8dCXTZVvKUd7PynjliWwHPELi4u63js/QC69MWjqqY/cyQki33ZpCF1dpAligCCD +nr3UpjXul1BmOWJmGy518m3nBq5nX0tjXFLnXd3JDIYr +-----END CERTIFICATE----- diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/files/development-1.key.pem b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/files/development-1.key.pem new file mode 100644 index 00000000..80305f82 --- /dev/null +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/files/development-1.key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCsKw8FAtC7sEcF +NnE8IA6ndo11wSNebHotlP88F9gLREgqggOSxf0zdgxCz02KyUd/r1J8FWw752DR +BJckewcfVn1sPzHo+TZ7M1vPVOo3mKaxmh3alqEHFJwVgE3bDAOGzsc9clei2qDA +jLKaoGrluF9S0vYnykj044brviSTaq9gaH8JO4GWzoUMY5PY+pHcUC53u7w4QumG +2Kwz3ebUN2njAY0hj6lKfxWlqqm+/DaTpBAMGDMwBn8cE7OpxlfXa5ZFFef1jz1I +4AhGT3/vFHeVJSWbFCGEJes3CwFI5vXBi2HGy4xrp9jS+THjgD946mpBbF1Ng6ZU +DVvCDvbvAgMBAAECggEASphBYq9sltVyf/ytpRpSnxYLhmiPFXs0mIlE6Nl/3qnQ +BrLcL3yfDuvntg6xjx9UXistNtvlUDMYzJcLkV/InzhPEVZ0HnfTth9zeOpWrI30 +M2EN7EZ1MGcqlVpI4U5cPM1cn+/proLBQYv0WnCEwFFY477JrkXDxG7MZ1mz6TaL +IGcCCIUu1BxECngQ344eaKrSR5F2MtlxAl19Pt5QSPfmuMdmElrK6RtBjnKrDu1K +fe6DCfObZ3nbG2fhFV4uTxhlTC9lUmfTQMKR79rLmHNKnbMx74kFNvy3XlT2l35I +ZVfRMLPWph7yMom9v/Im3Q70uhJ1lxyqbbl/DFZVmQKBgQDVo19SqR/QeDIxPIPn +XvVWzo5ml3KO/dVxA8sok6twr+G7yUeIUnuauYFA/tX/FS32azFRa/7GjUfoTx3q +GHK43TBCMyEt0we6WwZb+FkWa/b/RBoyD/audrpmgDDi1+fXPs8bBvoO8/oju20D +I6wOjSovcIMaeLo/+u3U6ShNQwKBgQDOTpoGMsQzXchZfDmxL61h3j4Gtjrl4BpU +WhAkJ9U2BRpL8NSZLErn5ik8MwgK2ut+YdU7aogI0D6Gc+4zZoJDEbhhmPD9cprv +LMyfAKoisR01OyU57mMSGQq0dfjmK6PfYJdX5sQJGkMFptNAJLTDoYtmXItSICoY +1j5KTvwe5QKBgGytxmErjfakHoxzh3pdERuOylwgMPPS5xCt6FyE+pLBtmisFQqh +QyXLtpgUy1IPOSmBED6mXJ4u4uSn0sTymPG3+8PBdOB12RmREqQYq2E/nQ/wWg8b +ldbcqShZkATl5pfV6M+L9gtDS/1/bA5LyExCvbISX29I+R5xDSnhTlI3AoGBAJRK +VVXtOa/+UhtYOpPMxGCbgZQLemxvWB2XmxCR/SRWKJ+7XOU4vCLSAoO93qMG1szB +/6Y0ndFP9hFo1SfnH+ybmR+18ksLDKisV+xWavSCwI7Zk5l/a4C/tT0fqyeu6JyQ +bliFjBVK5i/yyNfLSo9v16ZdENuYOQofPSjmezytAoGBALhwvtzgqvqGSXID2w5N +ullK8ny3WRa1o5DLXuMV19CvknmrN/zmmjQLblKkdp9VBb7uo8czon+qL1ZZyywC +W2BmHfGMPUyQHux4btsdJhlWcS7z7aYXM9QWiKlI+EKLHLILYk+LPIEf85sUcOZV +eCBpViT7fv2iv/0L+mzjWtLA +-----END PRIVATE KEY----- diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/files/emmcsetup.lua b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/files/emmcsetup.lua new file mode 100644 index 00000000..e69de29b diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/files/sw-description b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/files/sw-description new file mode 100644 index 00000000..0b53341c --- /dev/null +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/files/sw-description @@ -0,0 +1,52 @@ +software = +{ + version = "0.1.0"; + + raspberrypi-armv8 = { + hardware-compatibility: [ "1.0"]; + stable : { + copy1 : { + images: ( + { + filename = "aws-iot-greengrass-lite-demo-swupdate-image-raspberrypi-armv8.rootfs.ext4.gz"; + type = "raw"; + compressed = "zlib"; + device = "/dev/mmcblk0p2"; + sha256 = "$swupdate_get_sha256(aws-iot-greengrass-lite-demo-swupdate-image-raspberrypi-armv8.rootfs.ext4.gz)"; + } + ); + bootenv: ( + { + name = "rpipart"; + value = "2"; + }, + { + name = "ustate"; + value = "1"; + } + ); + }; + copy2 : { + images: ( + { + filename = "aws-iot-greengrass-lite-demo-swupdate-image-raspberrypi-armv8.rootfs.ext4.gz"; + type = "raw"; + compressed = "zlib"; + device = "/dev/mmcblk0p3"; + sha256 = "$swupdate_get_sha256(aws-iot-greengrass-lite-demo-swupdate-image-raspberrypi-armv8.rootfs.ext4.gz)"; + } + ); + bootenv: ( + { + name = "rpipart"; + value = "3"; + }, + { + name = "ustate"; + value = "1"; + } + ); + }; + }; + } +} diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/layers.conf b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/layers.conf new file mode 100644 index 00000000..033560ee --- /dev/null +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/layers.conf @@ -0,0 +1,15 @@ +BBLAYERS += "\ + ${OEROOT}/meta \ + ${OEROOT}/meta-poky \ + ${OEROOT}/../meta-aws-demos \ + ${OEROOT}/../layers/sw/meta-aws \ + ${OEROOT}/../layers/sw/meta-clang \ + ${OEROOT}/../layers/sw/meta-swupdate \ + ${OEROOT}/../layers/bsp/meta-lts-mixins \ + ${OEROOT}/../layers/bsp/meta-swupdate-boards \ + ${OEROOT}/../layers/sw/meta-openembedded/meta-oe \ + ${OEROOT}/../layers/sw/meta-openembedded/meta-python \ + ${OEROOT}/../layers/sw/meta-openembedded/meta-multimedia \ + ${OEROOT}/../layers/sw/meta-openembedded/meta-networking \ + ${OEROOT}/../layers/sw/meta-openembedded/meta-filesystems \ +" diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/scripts/fleetprovisioning/README.md b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/scripts/fleetprovisioning/README.md new file mode 100644 index 00000000..46b86bfb --- /dev/null +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/scripts/fleetprovisioning/README.md @@ -0,0 +1,70 @@ +# Fleet Provisioning for AWS IoT Greengrass + +This directory contains scripts and templates for setting up fleet provisioning for AWS IoT Greengrass devices. + +## Overview + +Fleet provisioning allows you to securely provision IoT devices at scale without hardcoding device certificates. The process works as follows: + +1. A CloudFormation stack is deployed to set up all necessary AWS resources +2. A claim certificate is generated and used for initial device authentication +3. When a device boots for the first time, it uses the claim certificate to: + - Generate a unique device certificate + - Register itself as an IoT thing + - Join the specified thing group + - Obtain the necessary policies for Greengrass operation + +## Files + +- `create-fleet-provisioning-stack-and-certs.sh`: Main script to set up fleet provisioning infrastructure +- `fleet-provisioning-cfn.yaml`: CloudFormation template that creates all required AWS resources (used by the script above) + +## Usage + +1. Run the create-fleet-provisioning-stack-and-certs.sh script to set up the AWS infrastructure: + ``` + ./create-fleet-provisioning-stack-and-certs.sh + ``` + +2. Copy the generated local.conf snippet to your Yocto build's local.conf: + ``` + cat build/fleetprovisioning/local.conf.sample >> build/conf/local.conf + ``` + +3. Build your image with fleet provisioning enabled: + ``` + bitbake aws-iot-greengrass-lite-demo-image + ``` +(This also works with every other demo image where greengrass lite is installed) + +4. When the device boots for the first time, the `ggl.gg_pre-fleetprovisioning.service` will: + - Generate a unique device ID based on MAC address + - Update the fleet provisioning configuration with this unique ID + +5. When the device boots for the first time, the `ggl.gg_fleetprovisioning.service` will: + - Use the claim certificates to authenticate with AWS IoT + - Register the device using the fleet provisioning template + - Store the new device certificates + - Configure Greengrass to use the new certificates + +## Unique Device ID Generation + +The fleet provisioning service automatically generates a unique device ID using the MAC address of the first network interface + +## Resources Created + +The CloudFormation stack creates the following resources: + +- IAM roles for token exchange and fleet provisioning +- IoT policies for claim certificates and device certificates +- IoT role alias for token exchange +- IoT thing group for Greengrass devices +- Fleet provisioning template +- Lambda Function for MAC Address Validation + +## Reference + +This implementation is based on the approach described in the article, adapted to Greengrass lite: +[Fleet Provisioning for Embedded Linux Devices with AWS IoT Greengrass](https://dev.to/iotbuilders/fleet-provisioning-for-embedded-linux-devices-with-aws-iot-greengrass-4h8b) + +More information [here](https://github.com/aws-greengrass/aws-greengrass-lite/blob/main/docs/fleet_provisioning/fleet_provisioning.md) diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/scripts/fleetprovisioning/create-fleet-provisioning-stack-and-certs.sh b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/scripts/fleetprovisioning/create-fleet-provisioning-stack-and-certs.sh new file mode 100755 index 00000000..f94e8292 --- /dev/null +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/scripts/fleetprovisioning/create-fleet-provisioning-stack-and-certs.sh @@ -0,0 +1,135 @@ +#!/bin/bash +set -e + +# Variables - modify these as needed +REGION=$(aws ec2 describe-availability-zones --output text --query 'AvailabilityZones[0].[RegionName]') +ACCOUNT_ID=$(aws sts get-caller-identity --query "Account" --output text) +STACK_NAME="GreengrassFleetProvisioning" + +# Calculate directories relative to script location +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +PROJECT_ROOT="$(cd "${SCRIPT_DIR}/../../../../../.." && pwd)" +TEMP_DIR="${PROJECT_ROOT}/build/fleetprovisioning" + +# Create build directory +mkdir -p ${TEMP_DIR} + +echo "=== Setting up AWS IoT Fleet Provisioning for Greengrass ===" +echo "Region: ${REGION}" +echo "Account ID: ${ACCOUNT_ID}" +echo "Stack Name: ${STACK_NAME}" +echo "Temporary Directory: ${TEMP_DIR}" + +# Deploy CloudFormation stack +echo -e "\n=== Deploying CloudFormation stack ===" +STACK_STATUS=$(aws cloudformation describe-stacks --stack-name ${STACK_NAME} --region ${REGION} --query "Stacks[0].StackStatus" --output text 2>/dev/null || echo "DOES_NOT_EXIST") + +if [ "$STACK_STATUS" == "ROLLBACK_COMPLETE" ] || [ "$STACK_STATUS" == "CREATE_FAILED" ] || [ "$STACK_STATUS" == "UPDATE_FAILED" ] || [ "$STACK_STATUS" == "UPDATE_ROLLBACK_COMPLETE" ]; then + echo "Stack is in ${STACK_STATUS} state. Deleting it first..." + aws cloudformation delete-stack --stack-name ${STACK_NAME} --region ${REGION} + echo "Waiting for stack deletion to complete..." + aws cloudformation wait stack-delete-complete --stack-name ${STACK_NAME} --region ${REGION} + STACK_STATUS="DOES_NOT_EXIST" +fi + +if [ "$STACK_STATUS" == "DOES_NOT_EXIST" ]; then + echo "Creating new CloudFormation stack: ${STACK_NAME}" + aws cloudformation create-stack \ + --stack-name ${STACK_NAME} \ + --template-body file://${SCRIPT_DIR}/fleet-provisioning-cfn.yaml \ + --capabilities CAPABILITY_NAMED_IAM \ + --region ${REGION} + + echo "Waiting for stack creation to complete..." + aws cloudformation wait stack-create-complete --stack-name ${STACK_NAME} --region ${REGION} +else + echo "Updating existing CloudFormation stack: ${STACK_NAME}" + aws cloudformation update-stack \ + --stack-name ${STACK_NAME} \ + --template-body file://${SCRIPT_DIR}/fleet-provisioning-cfn.yaml \ + --capabilities CAPABILITY_NAMED_IAM \ + --region ${REGION} || echo "No updates are to be performed." +fi + +# Get outputs from CloudFormation stack +echo -e "\n=== Getting CloudFormation stack outputs ===" +PROVISIONING_TEMPLATE_NAME=$(aws cloudformation describe-stacks --stack-name ${STACK_NAME} --query "Stacks[0].Outputs[?OutputKey=='ProvisioningTemplateName'].OutputValue" --output text --region ${REGION}) +TOKEN_EXCHANGE_ROLE_ALIAS=$(aws cloudformation describe-stacks --stack-name ${STACK_NAME} --query "Stacks[0].Outputs[?OutputKey=='TokenExchangeRoleAlias'].OutputValue" --output text --region ${REGION}) +THING_GROUP_NAME=$(aws cloudformation describe-stacks --stack-name ${STACK_NAME} --query "Stacks[0].Outputs[?OutputKey=='ThingGroupName'].OutputValue" --output text --region ${REGION}) +MAC_VALIDATION_LAMBDA_ARN=$(aws cloudformation describe-stacks --stack-name ${STACK_NAME} --query "Stacks[0].Outputs[?OutputKey=='MacValidationLambdaArn'].OutputValue" --output text --region ${REGION}) + +echo "Provisioning Template Name: ${PROVISIONING_TEMPLATE_NAME}" +echo "Token Exchange Role Alias: ${TOKEN_EXCHANGE_ROLE_ALIAS}" +echo "Thing Group Name: ${THING_GROUP_NAME}" +echo "MAC Validation Lambda ARN: ${MAC_VALIDATION_LAMBDA_ARN}" + +# Always create a new claim certificate +echo -e "\n=== Creating claim certificate ===" +echo "Creating new claim certificate..." +aws iot create-keys-and-certificate \ + --set-as-active \ + --certificate-pem-outfile "${TEMP_DIR}/certificate.pem.crt" \ + --private-key-outfile "${TEMP_DIR}/private.pem.key" \ + --region ${REGION} > ${TEMP_DIR}/cert-details.json + +# Attach the fleet provisioning policy to the claim certificate +echo "Attaching FleetProvisioningPolicy to certificate..." +CERT_ARN=$(jq -r '.certificateArn' ${TEMP_DIR}/cert-details.json) +CERT_ID=$(jq -r '.certificateId' ${TEMP_DIR}/cert-details.json) +echo "Certificate ID: ${CERT_ID}" +aws iot attach-policy \ + --policy-name "FleetProvisioningPolicy-${STACK_NAME}" \ + --target "${CERT_ARN}" \ + --region ${REGION} + +# Download the Amazon root CA certificate +echo -e "\n=== Downloading Amazon root CA certificate ===" +curl -s -o ${TEMP_DIR}/AmazonRootCA1.pem https://www.amazontrust.com/repository/AmazonRootCA1.pem + +# Get IoT endpoints +echo -e "\n=== Getting IoT endpoints ===" +IOT_DATA_ENDPOINT=$(aws iot describe-endpoint --endpoint-type iot:Data-ATS --region ${REGION} --output text) +IOT_CRED_ENDPOINT=$(aws iot describe-endpoint --endpoint-type iot:CredentialProvider --region ${REGION} --output text) + +echo "IoT Data Endpoint: ${IOT_DATA_ENDPOINT}" +echo "IoT Credential Endpoint: ${IOT_CRED_ENDPOINT}" + +# Create local.conf snippet +echo -e "\n=== Creating local.conf snippet ===" +cat > ${TEMP_DIR}/local.conf.sample << EOF +# Fleet provisioning configuration +PACKAGECONFIG:append:pn-greengrass-lite = " fleetprovisioning" +AWS_REGION:pn-greengrass-lite = "${REGION}" +IOT_DATA_ENDPOINT:pn-greengrass-lite = "${IOT_DATA_ENDPOINT}" +IOT_CRED_ENDPOINT:pn-greengrass-lite = "${IOT_CRED_ENDPOINT}" +IOT_ROLE_ALIAS:pn-greengrass-lite = "${TOKEN_EXCHANGE_ROLE_ALIAS}" +FLEET_PROVISIONING_TEMPLATE:pn-greengrass-lite = "${PROVISIONING_TEMPLATE_NAME}" +CLAIM_CERT_PATH:pn-greengrass-lite = "\${TOPDIR}/../build/fleetprovisioning/certificate.pem.crt" +CLAIM_KEY_PATH:pn-greengrass-lite = "\${TOPDIR}/../build/fleetprovisioning/private.pem.key" +ROOT_CA_PATH:pn-greengrass-lite = "\${TOPDIR}/../build/fleetprovisioning/AmazonRootCA1.pem" +EOF + +echo -e "\n=== Fleet provisioning setup complete ===" +echo "Files generated in: ${TEMP_DIR}" +echo " - local.conf.sample" +echo " - certificate.pem.crt" +echo " - private.pem.key" +echo " - AmazonRootCA1.pem" +echo "" +# Display certificate ID if available +if [ -f "${TEMP_DIR}/cert-details.json" ]; then + CERT_ID=$(jq -r '.certificateId' ${TEMP_DIR}/cert-details.json) + echo "Claim Certificate ID: ${CERT_ID}" +fi +echo "" +echo "To use fleet provisioning in your build:" +echo "1. Copy the contents of ${TEMP_DIR}/local.conf.sample to your local.conf" +echo "2. Build your image with fleet provisioning enabled" +echo "" +echo "The device will use the claim certificates to provision itself" +echo "and will be added to the ${THING_GROUP_NAME} thing group." +echo "" +echo "MAC Address Validation:" +echo "A pre-provisioning Lambda function has been configured to validate MAC addresses." +echo "When provisioning, use the device's MAC address as the SerialNumber." +echo "Valid MAC address formats: XX:XX:XX:XX:XX:XX, XX-XX-XX-XX-XX-XX, XX_XX_XX_XX_XX_XX or XXXXXXXXXXXX" diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/scripts/fleetprovisioning/fleet-provisioning-cfn.yaml b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/scripts/fleetprovisioning/fleet-provisioning-cfn.yaml new file mode 100644 index 00000000..670fe5dd --- /dev/null +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/scripts/fleetprovisioning/fleet-provisioning-cfn.yaml @@ -0,0 +1,300 @@ +AWSTemplateFormatVersion: "2010-09-09" + +Parameters: + ProvisioningTemplateName: + Type: String + Default: "GGFleetTemplate" + GGTokenExchangeRoleName: + Type: String + Default: "GGTokenExchangeRole" + GGFleetProvisioningRoleName: + Type: String + Default: "GGFleetProvisioningRole" + GGTokenExchangeRoleAliasName: + Type: String + Default: "GreengrassV2TokenExchangeRoleAlias" + GGThingGroupName: + Type: String + Default: "GreengrassDevices" + GGThingNamePrefix: + Type: String + Default: "gg_" + MacValidationLambdaName: + Type: String + Default: "MacAddressValidator" + +Resources: + # IAM Role for Greengrass Token Exchange + GGTokenExchangeRole: + Type: AWS::IAM::Role + Properties: + RoleName: !Sub "${GGTokenExchangeRoleName}-${AWS::Region}" + AssumeRolePolicyDocument: + Version: "2012-10-17" + Statement: + - Effect: Allow + Principal: + Service: credentials.iot.amazonaws.com + Action: sts:AssumeRole + ManagedPolicyArns: + - arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess + Policies: + - PolicyName: GreengrassTokenExchangeAccess + PolicyDocument: + Version: "2012-10-17" + Statement: + - Effect: Allow + Action: + - "s3:*" + - "s3-object-lambda:*" + - "logs:CreateLogStream" + - "logs:PutLogEvents" + - "logs:CreateLogGroup" + - "logs:DescribeLogStreams" + Resource: "*" + + # IAM Role for Fleet Provisioning + GGFleetProvisioningRole: + Type: AWS::IAM::Role + Properties: + RoleName: !Sub "${GGFleetProvisioningRoleName}-${AWS::Region}" + AssumeRolePolicyDocument: + Version: "2012-10-17" + Statement: + - Effect: Allow + Principal: + Service: iot.amazonaws.com + Action: sts:AssumeRole + ManagedPolicyArns: + - arn:aws:iam::aws:policy/service-role/AWSIoTThingsRegistration + Policies: + - PolicyName: FleetProvisioningLambdaAccess + PolicyDocument: + Version: "2012-10-17" + Statement: + - Effect: Allow + Action: + - "lambda:InvokeFunction" + Resource: !GetAtt MacValidationLambda.Arn + + # IoT Role Alias for Greengrass Token Exchange + GGTokenExchangeRoleAlias: + Type: AWS::IoT::RoleAlias + Properties: + RoleAlias: !Sub "${GGTokenExchangeRoleAliasName}-${AWS::StackName}-${AWS::Region}" + RoleArn: !GetAtt GGTokenExchangeRole.Arn + CredentialDurationSeconds: 3600 + + # IoT Thing Group for Greengrass Devices + GGThingGroup: + Type: AWS::IoT::ThingGroup + Properties: + ThingGroupName: !Ref GGThingGroupName + + # IoT Policy for Fleet Provisioning Claim Certificates + FleetProvisioningPolicy: + Type: AWS::IoT::Policy + Properties: + PolicyName: !Sub "FleetProvisioningPolicy-${AWS::StackName}" + PolicyDocument: + Version: "2012-10-17" + Statement: + - Effect: Allow + Action: + - "iot:Connect" + Resource: "*" + - Effect: Allow + Action: + - "iot:Publish" + - "iot:Receive" + Resource: "*" + - Effect: Allow + Action: "iot:Subscribe" + Resource: "*" + + # IoT Policy for Greengrass Core Devices + GreengrassV2IoTThingPolicy: + Type: AWS::IoT::Policy + Properties: + PolicyName: !Sub "GreengrassV2IoTThingPolicy-${AWS::StackName}" + PolicyDocument: + Version: "2012-10-17" + Statement: + - Effect: Allow + Action: + - "iot:Connect" + - "iot:Publish" + - "iot:Subscribe" + - "iot:Receive" + - "greengrass:*" + Resource: "*" + + # IoT Policy for Token Exchange Role Alias + GreengrassV2TokenExchangeRoleAliasPolicy: + Type: AWS::IoT::Policy + Properties: + PolicyName: !Sub "GreengrassV2TokenExchangeRoleAliasPolicy-${AWS::StackName}" + PolicyDocument: + Version: "2012-10-17" + Statement: + - Effect: Allow + Action: "iot:AssumeRoleWithCertificate" + Resource: !GetAtt GGTokenExchangeRoleAlias.RoleAliasArn + + # Lambda Role for MAC Address Validation + MacValidationLambdaRole: + Type: AWS::IAM::Role + Properties: + AssumeRolePolicyDocument: + Version: "2012-10-17" + Statement: + - Effect: Allow + Principal: + Service: lambda.amazonaws.com + Action: sts:AssumeRole + ManagedPolicyArns: + - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole + Policies: + - PolicyName: MacValidationPolicy + PolicyDocument: + Version: "2012-10-17" + Statement: + - Effect: Allow + Action: + - "logs:CreateLogGroup" + - "logs:CreateLogStream" + - "logs:PutLogEvents" + Resource: "*" + - Effect: Allow + Action: + - "iot:*" + Resource: "*" + + # Lambda Function for MAC Address Validation + MacValidationLambda: + Type: AWS::Lambda::Function + Properties: + FunctionName: !Ref MacValidationLambdaName + Handler: index.handler + Role: !GetAtt MacValidationLambdaRole.Arn + Runtime: nodejs18.x + Timeout: 30 + Code: + ZipFile: | + exports.handler = async (event) => { + console.log('Received event:', JSON.stringify(event, null, 2)); + + // Extract the serial number from the event (which should be a MAC address) + const serialNumber = event.parameters.SerialNumber; + console.log(`Validating MAC address: ${serialNumber}`); + + // Regular expression for validating MAC address format + // Accepts formats: XX:XX:XX:XX:XX:XX, XX-XX-XX-XX-XX-XX, XXXXXXXXXXXX + const macRegex = /^([0-9A-Fa-f]{2}[:-_]?){5}([0-9A-Fa-f]{2})$/; + + if (!serialNumber || !macRegex.test(serialNumber)) { + console.log(`Invalid MAC address format: ${serialNumber}`); + throw new Error('Invalid MAC address format. Expected format: XX:XX:XX:XX:XX:XX, XX-XX-XX-XX-XX-XX, XX_XX_XX_XX_XX_XX or XXXXXXXXXXXX'); + } + + // Optional: Add additional validation logic here + // For example, check against a database of allowed MAC addresses + + console.log(`MAC address validation successful: ${serialNumber}`); + return { + allowProvisioning: true + }; + }; + + # Permission for AWS IoT to invoke the Lambda function + MacValidationLambdaPermission: + Type: AWS::Lambda::Permission + Properties: + Action: lambda:InvokeFunction + FunctionName: !Ref MacValidationLambda + Principal: iot.amazonaws.com + SourceAccount: !Ref AWS::AccountId + + # Fleet Provisioning Template + FleetProvisioningTemplate: + Type: AWS::IoT::ProvisioningTemplate + Properties: + TemplateName: !Sub "${ProvisioningTemplateName}-${AWS::Region}" + Description: "Fleet provisioning template for Greengrass devices" + Enabled: true + ProvisioningRoleArn: !GetAtt GGFleetProvisioningRole.Arn + PreProvisioningHook: + TargetArn: !GetAtt MacValidationLambda.Arn + TemplateBody: !Sub | + { + "Parameters": { + "SerialNumber": { + "Type": "String" + }, + "AWS::IoT::Certificate::Id": { + "Type": "String" + } + }, + "Resources": { + "certificate": { + "Type": "AWS::IoT::Certificate", + "Properties": { + "CertificateId": { + "Ref": "AWS::IoT::Certificate::Id" + }, + "Status": "ACTIVE" + } + }, + "thing": { + "Type": "AWS::IoT::Thing", + "OverrideSettings": { + "AttributePayload": "MERGE", + "ThingGroups": "DO_NOTHING", + "ThingTypeName": "REPLACE" + }, + "Properties": { + "AttributePayload": {}, + "ThingName": { + "Fn::Join": [ + "", + [ + "${GGThingNamePrefix}", + { + "Ref": "SerialNumber" + } + ] + ] + }, + "ThingGroups": [ + "${GGThingGroupName}" + ] + } + }, + "policy": { + "Type": "AWS::IoT::Policy", + "Properties": { + "PolicyName": "GreengrassV2IoTThingPolicy-${AWS::StackName}" + } + }, + "policy_tokenexchange": { + "Type": "AWS::IoT::Policy", + "Properties": { + "PolicyName": "GreengrassV2TokenExchangeRoleAliasPolicy-${AWS::StackName}" + } + } + } + } + +Outputs: + ProvisioningTemplateName: + Description: "Name of the provisioning template" + Value: !Sub "${ProvisioningTemplateName}-${AWS::Region}" + TokenExchangeRoleAlias: + Description: "Role alias for token exchange" + Value: !Sub "${GGTokenExchangeRoleAliasName}-${AWS::StackName}-${AWS::Region}" + ThingGroupName: + Description: "Thing group for Greengrass devices" + Value: !Ref GGThingGroupName + MacValidationLambdaArn: + Description: "ARN of the MAC address validation Lambda function" + Value: !GetAtt MacValidationLambda.Arn \ No newline at end of file diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/wic/sdimage-aws-iot-greengrass-lite-demo_partition.wks.in b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/wic/sdimage-aws-iot-greengrass-lite-demo_partition.wks.in new file mode 100644 index 00000000..2d5eabee --- /dev/null +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/wic/sdimage-aws-iot-greengrass-lite-demo_partition.wks.in @@ -0,0 +1,4 @@ +part /boot --source bootimg-partition --ondisk mmcblk0 --fstype=vfat --label boot --fixed-size 500M --active --align 4096 +part / --source rootfs --ondisk mmcblk0 --fstype=ext4 --fixed-size 2000M --label rootfs_A --align 4096 +part / --ondisk mmcblk0 --fstype=ext4 --fixed-size 2000M --label rootfs_B --align 4096 +part /data --source rootfs --rootfs-dir=${IMAGE_ROOTFS}/data --size 500M --ondisk mmcblk0 --fstype=ext4 --label data --align 4096 --fsoptions "x-systemd.growfs" \ No newline at end of file diff --git a/meta-aws-demos/recipes-support/swupdate/swupdate_%.bbappend b/meta-aws-demos/recipes-support/swupdate/swupdate_%.bbappend new file mode 100644 index 00000000..a5bdf940 --- /dev/null +++ b/meta-aws-demos/recipes-support/swupdate/swupdate_%.bbappend @@ -0,0 +1,6 @@ +do_install:append() { + sed -i "s#raspberryPI#${MACHINE}#g" ${D}${sysconfdir}/swupdate.cfg +} + +# we do not use swupdate.sh +SYSTEMD_AUTO_ENABLE = "disable" \ No newline at end of file From a3a1effc9c6a0b8a784a2eed1da83e958bda8d38 Mon Sep 17 00:00:00 2001 From: Thomas Roos Date: Mon, 29 Sep 2025 14:59:25 +0000 Subject: [PATCH 63/66] README: add swupdate image --- README.md | 3 ++- .../images/aws-iot-greengrass-lite-demo-image/README.md | 2 -- .../aws-iot-greengrass-lite-demo-swupdate-image/README.md | 2 -- 3 files changed, 2 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 10a72571..21770a5f 100644 --- a/README.md +++ b/README.md @@ -56,7 +56,8 @@ Generally you can build all images for all "Devices", but some combinations do n - [aws-iot-greengrass-lite-demo-image](meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/README.md) - [aws-iot-greengrass-lite-demo-ec2-image](meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-ec2-image/README.md) - [aws-iot-greengrass-lite-demo-simple-image](meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-simple-image/README.md) -- [aws-iot-greengrass-lite-demo-simple-imag-tpm](meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-simple-image-tpm/README.md) +- [aws-iot-greengrass-lite-demo-simple-image-tpm](meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-simple-image-tpm/README.md) +- [aws-iot-greengrass-lite-demo-swupdate-image](meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/README.md) - [aws-iot-greengrass-lite-demo-tiny-image](meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-tiny-image/README.md) - [aws-iot-greengrass-lite-webrtc-demo-image](meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-webrtc-demo-image/README.md) - [aws-webrtc-demo-image](meta-aws-demos/recipes-core/images/aws-webrtc-demo-image/README.md) diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/README.md b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/README.md index 89f2ab8f..c2fab70f 100644 --- a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/README.md +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/README.md @@ -265,8 +265,6 @@ Manifests: bootstrap: Script: | echo Bootstrap - echo AWS_CONTAINER_AUTHORIZATION_TOKEN: $AWS_CONTAINER_AUTHORIZATION_TOKEN - echo AWS_CONTAINER_CREDENTIALS_FULL_URI: $AWS_CONTAINER_CREDENTIALS_FULL_URI BUCKET=rauc-yocto-test-bucket UPDATEFILE=aws-iot-greengrass-lite-demo-swupdate-file-raspberrypi-armv8.rootfs.swu REGION=$(aws s3api get-bucket-location --bucket "$BUCKET" --query LocationConstraint --output text) diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/README.md b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/README.md index 0fcc99e0..97e68d7b 100644 --- a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/README.md +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/README.md @@ -109,8 +109,6 @@ Manifests: bootstrap: Script: | echo Bootstrap - echo AWS_CONTAINER_AUTHORIZATION_TOKEN: $AWS_CONTAINER_AUTHORIZATION_TOKEN - echo AWS_CONTAINER_CREDENTIALS_FULL_URI: $AWS_CONTAINER_CREDENTIALS_FULL_URI BUCKET=swupdate-yocto-test-bucket UPDATEFILE=aws-iot-greengrass-lite-demo-swupdate-file-raspberrypi-armv8.rootfs.swu REGION=$(aws s3api get-bucket-location --bucket "$BUCKET" --query LocationConstraint --output text) From 2359777bf7873dc86b8a08f8d8c1061b0396fbbb Mon Sep 17 00:00:00 2001 From: Thomas Roos Date: Mon, 29 Sep 2025 15:00:35 +0000 Subject: [PATCH 64/66] add greengrass-lite git version: c116286afaee26736dbcf3ed0a7a897c3bb2f921 As there are known issues with version 2.2.2 we want to have fixed --- .../greengrass-lite/001-disable_strip.patch | 4 +- ...eet-provisioning-circular-dependency.patch | 55 +++ .../ggl-deploy-image-components | 361 ++++++++++++++++++ .../ggl.gg_fleetprovisioning.service | 26 ++ .../ggl.gg_pre-fleetprovisioning.service | 26 ++ .../ggl.local-deployment.service | 29 ++ .../aws-iot-greengrass/greengrass-lite_git.bb | 247 ++++++++++++ 7 files changed, 746 insertions(+), 2 deletions(-) create mode 100644 meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite/004-fix-fleet-provisioning-circular-dependency.patch create mode 100644 meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite/ggl-deploy-image-components create mode 100644 meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite/ggl.gg_fleetprovisioning.service create mode 100644 meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite/ggl.gg_pre-fleetprovisioning.service create mode 100644 meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite/ggl.local-deployment.service create mode 100644 meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite_git.bb diff --git a/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite/001-disable_strip.patch b/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite/001-disable_strip.patch index d072608c..22f073dc 100644 --- a/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite/001-disable_strip.patch +++ b/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite/001-disable_strip.patch @@ -4,12 +4,12 @@ Index: git/CMakeLists.txt =================================================================== --- git.orig/CMakeLists.txt +++ git/CMakeLists.txt -@@ -185,7 +185,8 @@ try_add_link_option(compress-debug-secti +@@ -200,7 +200,8 @@ try_add_link_option(compress-debug-secti # try_add_link_option_if(gc-sections $> # LINKER:--gc-sections) -try_add_link_option_if(strip-all $ LINKER:-s) -+# Yocto will stip and create debug packages ++# Yocto will strip and create debug packages +# try_add_link_option_if(strip-all $ LINKER:-s) set(CMAKE_INTERPROCEDURAL_OPTIMIZATION_DEBUG FALSE) diff --git a/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite/004-fix-fleet-provisioning-circular-dependency.patch b/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite/004-fix-fleet-provisioning-circular-dependency.patch new file mode 100644 index 00000000..517893f6 --- /dev/null +++ b/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite/004-fix-fleet-provisioning-circular-dependency.patch @@ -0,0 +1,55 @@ +Fix fleet provisioning circular dependency by removing service restart + +Fleet provisioning was trying to restart greengrass-lite.target after +completing provisioning, which created a circular dependency: + +Fleet Provisioning -> Start greengrass-lite.target -> Start local-deployment +-> Wait for certificate -> Fleet provisioning still running + +This patch removes the service restart logic from fleet provisioning. +Instead, fleet provisioning will complete and exit cleanly, allowing +systemd's natural dependency system to handle service startup order. + +The local-deployment service will start automatically when: +1. Fleet provisioning completes and exits +2. Certificate file exists (ConditionPathExists) +3. Required services are running + +Upstream-Status: Pending +Signed-off-by: Amazon Q + +Index: greengrass-lite-2.2.1/modules/fleet-provisioning/src/entry.c +=================================================================== +--- greengrass-lite-2.2.1.orig/modules/fleet-provisioning/src/entry.c ++++ greengrass-lite-2.2.1/modules/fleet-provisioning/src/entry.c +@@ -277,28 +277,8 @@ static GglError cleanup_actions(void) { + return ret; + } + +- GGL_LOGI("Restarting all greengrass services to apply changes"); +- +- const char *args_stop[] +- = { "systemctl", "stop", "greengrass-lite.target", NULL }; +- ret = ggl_exec_command(args_stop); +- if (ret != GGL_ERR_OK) { +- GGL_LOGE("Failed to stop greengrass service"); +- return ret; +- } +- const char *args_reset[] = { "systemctl", "reset-failed", NULL }; +- ret = ggl_exec_command(args_reset); +- if (ret != GGL_ERR_OK) { +- GGL_LOGE("Failed to reset services run counter"); +- return ret; +- } +- const char *args_start[] +- = { "systemctl", "start", "greengrass-lite.target", NULL }; +- ret = ggl_exec_command(args_start); +- if (ret != GGL_ERR_OK) { +- GGL_LOGE("Failed to restart greengrass service"); +- return ret; +- } ++ GGL_LOGI("Fleet provisioning completed successfully. Systemd will handle service dependencies."); ++ GGL_LOGI("Certificate created at /var/lib/greengrass/provisioned-cert/certificate.pem.crt"); + + return GGL_ERR_OK; + } diff --git a/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite/ggl-deploy-image-components b/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite/ggl-deploy-image-components new file mode 100644 index 00000000..b04d01c8 --- /dev/null +++ b/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite/ggl-deploy-image-components @@ -0,0 +1,361 @@ +#!/bin/bash +# +# Greengrass Lite Image-Provided Component Deployment Script +# This script deploys components that were built into the image during the build process +# Supports both zero-copy (direct placement) and traditional (copy-based) deployment modes +# Runs after fleet provisioning to ensure the device is fully configured before component deployment +# + +set -e + +# Configuration +PACKAGES_DIR="/var/lib/greengrass/packages" +IMAGE_COMPONENTS_ROOT="/usr/share/greengrass-image-components" +SERVICE_NAME="ggl.local-deployment.service" + +# Detect deployment mode based on directory structure +if [ -d "${PACKAGES_DIR}/recipes" ] && [ "$(ls -A "${PACKAGES_DIR}/recipes" 2>/dev/null)" ]; then + # Zero-copy mode: components are directly in packages directory + DEPLOYMENT_MODE="zero-copy" + RECIPES_DIR="${PACKAGES_DIR}/recipes" + ARTIFACTS_DIR="${PACKAGES_DIR}/artifacts" +elif [ -d "${IMAGE_COMPONENTS_ROOT}/recipes" ] && [ "$(ls -A "${IMAGE_COMPONENTS_ROOT}/recipes" 2>/dev/null)" ]; then + # Traditional mode: components need to be copied from image-components + DEPLOYMENT_MODE="traditional" + RECIPES_DIR="${IMAGE_COMPONENTS_ROOT}/recipes" + ARTIFACTS_DIR="${IMAGE_COMPONENTS_ROOT}/artifacts" +else + # No components found + DEPLOYMENT_MODE="none" + RECIPES_DIR="" + ARTIFACTS_DIR="" +fi + +# Logging functions +log_info() { + echo "INFO: $1" +} + +log_warn() { + echo "WARN: $1" +} + +log_error() { + echo "ERROR: $1" >&2 +} + +# Wait for Greengrass Lite daemon to be ready +wait_for_daemon() { + log_info "Waiting for Greengrass Lite daemon to be ready..." + sleep ${INITIAL_DELAY} + + log_info "Checking for Greengrass daemon socket..." + local timeout=${DAEMON_WAIT_TIMEOUT} + + while [ $timeout -gt 0 ] && [ ! -S "${GREENGRASS_SOCKET}" ]; do + log_info "Waiting for socket ${GREENGRASS_SOCKET}... (${timeout} seconds remaining)" + sleep 2 + timeout=$((timeout-2)) + done + + if [ ! -S "${GREENGRASS_SOCKET}" ]; then + log_error "Greengrass daemon socket not available after waiting ${DAEMON_WAIT_TIMEOUT} seconds" + return 1 + fi + + log_info "Greengrass daemon socket is ready" + return 0 +} + +# Parse component name and version from recipe filename +parse_component_info() { + local recipe_file="$1" + local component_file=$(basename "$recipe_file" .yaml) + + # Extract component name (everything except the last dash-separated part) + local component_name=$(echo "$component_file" | sed 's/-[^-]*$//') + # Extract version (the last dash-separated part) + local component_version=$(echo "$component_file" | sed 's/.*-//') + + echo "${component_name}:${component_version}" +} + +# Verify that a component actually exists (has both recipe and artifacts) +verify_component_exists() { + local component_name="$1" + local component_version="$2" + local recipe_file="$3" + + # Check if recipe file exists and is readable + if [ ! -f "$recipe_file" ] || [ ! -r "$recipe_file" ]; then + log_warn "Recipe file $recipe_file does not exist or is not readable" + return 1 + fi + + # For zero-copy mode, check if artifacts directory exists + if [ "$DEPLOYMENT_MODE" = "zero-copy" ]; then + local artifacts_path="${ARTIFACTS_DIR}/${component_name}/${component_version}" + if [ ! -d "$artifacts_path" ]; then + log_warn "Artifacts directory $artifacts_path does not exist for component ${component_name}" + return 1 + fi + fi + + # Additional validation: check if recipe file is valid YAML + # This is a basic check - we just ensure it's not empty and has some YAML-like content + if ! grep -q "^RecipeFormatVersion:" "$recipe_file" 2>/dev/null; then + log_warn "Recipe file $recipe_file does not appear to be a valid Greengrass recipe" + return 1 + fi + + return 0 +} + +# Get the expected systemd service name for a component +get_component_service_name() { + local component_name="$1" + echo "ggl.${component_name}.service" +} + +# Deploy all image components in a single multi-component deployment +deploy_image_components() { + if [ "$DEPLOYMENT_MODE" = "none" ]; then + log_info "No image-provided components found for auto-deployment" + return 0 + fi + + log_info "Scanning for valid image-provided components (${DEPLOYMENT_MODE} mode)..." + + local valid_count=0 + local invalid_count=0 + local -a valid_components=() + + # First pass: verify all components and collect valid ones + for recipe in "${RECIPES_DIR}"/*.yaml; do + [ -f "$recipe" ] || continue + + local component_info=$(parse_component_info "$recipe") + local component_name=$(echo "$component_info" | cut -d: -f1) + local component_version=$(echo "$component_info" | cut -d: -f2) + + log_info "Checking component: ${component_name}=${component_version}" + + if verify_component_exists "$component_name" "$component_version" "$recipe"; then + log_info "✓ Component ${component_name} verified successfully" + valid_components+=("${component_name}=${component_version}") + valid_count=$((valid_count + 1)) + else + log_warn "✗ Component ${component_name} verification failed, skipping" + invalid_count=$((invalid_count + 1)) + fi + done + + # Check if we have any valid components to deploy + if [ $valid_count -eq 0 ]; then + if [ $invalid_count -gt 0 ]; then + log_error "No valid components found for deployment ($invalid_count invalid components)" + return 1 + else + log_info "No components found for deployment" + return 0 + fi + fi + + log_info "Found $valid_count valid components to deploy in a single multi-component deployment..." + + # Build command arguments for multi-component deployment + local -a deploy_cmd_args=() + deploy_cmd_args+=("ggl-cli" "deploy") + + # Add directory parameters for traditional mode + if [ "$DEPLOYMENT_MODE" = "traditional" ]; then + deploy_cmd_args+=("--recipe-dir" "${RECIPES_DIR}") + deploy_cmd_args+=("--artifacts-dir" "${ARTIFACTS_DIR}") + fi + + # Add all components to the single deployment using multiple --add-component flags + for component_spec in "${valid_components[@]}"; do + deploy_cmd_args+=("--add-component" "$component_spec") + done + + log_info "Deploying all $valid_count components in a single multi-component deployment..." + log_info "Command: ${deploy_cmd_args[*]}" + + # Execute the multi-component deployment command + local deployment_output + if deployment_output=$("${deploy_cmd_args[@]}" 2>&1); then + # Extract deployment ID from output + local deployment_id=$(echo "$deployment_output" | grep -o "Deployment id: [^.]*" | cut -d' ' -f3 || echo "unknown") + log_info "✓ Multi-component deployment queued successfully (ID: $deployment_id)" + log_info "Components in deployment: ${valid_components[*]}" + + if [ $invalid_count -gt 0 ]; then + log_warn "Deployment queued but $invalid_count components were skipped due to validation failures" + fi + + log_info "All $valid_count components deployed in single efficient deployment" + return 0 + else + log_error "✗ Failed to queue multi-component deployment" + log_error "Output: $deployment_output" + return 1 + fi +} + +# Deploy a single component and wait for completion +deploy_single_component() { + local component_name="$1" + local component_version="$2" + + # Build command arguments for single component deployment + local -a deploy_cmd_args=() + deploy_cmd_args+=("ggl-cli" "deploy") + + # Add directory parameters for traditional mode + if [ "$DEPLOYMENT_MODE" = "traditional" ]; then + deploy_cmd_args+=("--recipe-dir" "${RECIPES_DIR}") + deploy_cmd_args+=("--artifacts-dir" "${ARTIFACTS_DIR}") + fi + + # Add the single component + deploy_cmd_args+=("--add-component" "${component_name}=${component_version}") + + log_info "Deploying component ${component_name}=${component_version}..." + log_info "Command: ${deploy_cmd_args[*]}" + + # Execute the deployment command for this component + local deployment_output + if deployment_output=$("${deploy_cmd_args[@]}" 2>&1); then + # Extract deployment ID from output + local deployment_id=$(echo "$deployment_output" | grep -o "Deployment id: [^.]*" | cut -d' ' -f3 || echo "unknown") + log_info "✓ Component ${component_name}=${component_version} deployment queued (ID: $deployment_id)" + + # Wait for the deployment to complete + if wait_for_deployment_completion "$component_name" "$deployment_id"; then + log_info "✓ Component ${component_name}=${component_version} deployed and service is active" + return 0 + else + log_error "✗ Component ${component_name}=${component_version} deployment failed or timed out" + return 1 + fi + else + log_error "✗ Failed to queue deployment for component ${component_name}=${component_version}" + log_error "Output: $deployment_output" + return 1 + fi +} + +# Deploy all image components in a single multi-component deployment +deploy_image_components() { + if [ "$DEPLOYMENT_MODE" = "none" ]; then + log_info "No image-provided components found for auto-deployment" + return 0 + fi + + log_info "Scanning for valid image-provided components (${DEPLOYMENT_MODE} mode)..." + + local valid_count=0 + local invalid_count=0 + local -a valid_components=() + + # First pass: verify all components and collect valid ones + for recipe in "${RECIPES_DIR}"/*.yaml; do + [ -f "$recipe" ] || continue + + local component_info=$(parse_component_info "$recipe") + local component_name=$(echo "$component_info" | cut -d: -f1) + local component_version=$(echo "$component_info" | cut -d: -f2) + + log_info "Checking component: ${component_name}=${component_version}" + + if verify_component_exists "$component_name" "$component_version" "$recipe"; then + log_info "✓ Component ${component_name} verified successfully" + valid_components+=("${component_name}=${component_version}") + valid_count=$((valid_count + 1)) + else + log_warn "✗ Component ${component_name} verification failed, skipping" + invalid_count=$((invalid_count + 1)) + fi + done + + # Check if we have any valid components to deploy + if [ $valid_count -eq 0 ]; then + if [ $invalid_count -gt 0 ]; then + log_error "No valid components found for deployment ($invalid_count invalid components)" + return 1 + else + log_info "No components found for deployment" + return 0 + fi + fi + + log_info "Found $valid_count valid components to deploy in a single multi-component deployment..." + + # Build command arguments for multi-component deployment + local -a deploy_cmd_args=() + deploy_cmd_args+=("ggl-cli" "deploy") + + # Add directory parameters for traditional mode + if [ "$DEPLOYMENT_MODE" = "traditional" ]; then + deploy_cmd_args+=("--recipe-dir" "${RECIPES_DIR}") + deploy_cmd_args+=("--artifacts-dir" "${ARTIFACTS_DIR}") + fi + + # Add all components to the single deployment using multiple --add-component flags + for component_spec in "${valid_components[@]}"; do + deploy_cmd_args+=("--add-component" "$component_spec") + done + + log_info "Deploying all $valid_count components in a single multi-component deployment..." + log_info "Command: ${deploy_cmd_args[*]}" + + # Execute the multi-component deployment command + local deployment_output + if deployment_output=$("${deploy_cmd_args[@]}" 2>&1); then + # Extract deployment ID from output + local deployment_id=$(echo "$deployment_output" | grep -o "Deployment id: [^.]*" | cut -d' ' -f3 || echo "unknown") + log_info "✓ Multi-component deployment queued successfully (ID: $deployment_id)" + log_info "Components in deployment: ${valid_components[*]}" + + if [ $invalid_count -gt 0 ]; then + log_warn "Deployment queued but $invalid_count components were skipped due to validation failures" + fi + + log_info "All $valid_count components deployed in single efficient deployment" + return 0 + else + log_error "✗ Failed to queue multi-component deployment" + log_error "Output: $deployment_output" + return 1 + fi +} + +# Main execution +main() { + log_info "Starting Greengrass Lite image-provided component deployment (${DEPLOYMENT_MODE} mode, post-fleet-provisioning)" + log_info "Using efficient multi-component deployment for optimal performance" + + # Deploy all image-provided components + if deploy_image_components; then + log_info "All components deployed successfully" + log_info "Deployment process completed successfully after fleet provisioning" + + # Disable the service to prevent future runs + log_info "Disabling ${SERVICE_NAME} to prevent future runs" + if systemctl disable "${SERVICE_NAME}" 2>/dev/null; then + log_info "Service ${SERVICE_NAME} disabled successfully" + else + log_warn "Failed to disable service ${SERVICE_NAME}, but deployment was successful" + fi + + return 0 + else + log_error "Component deployment failed" + log_warn "Service remains enabled for retry on next boot" + log_error "Deployment process completed with errors" + return 1 + fi +} + +# Run main deployment process +main diff --git a/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite/ggl.gg_fleetprovisioning.service b/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite/ggl.gg_fleetprovisioning.service new file mode 100644 index 00000000..2a49e87c --- /dev/null +++ b/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite/ggl.gg_fleetprovisioning.service @@ -0,0 +1,26 @@ +[Unit] +Description=Greengrass Lite Fleet Provisioning Service +After=ggl.core.ggconfigd.service +Before=ggl.core.iotcored.service +After=systemd-time-wait-sync.service +# Only run if device is not already provisioned +ConditionPathExists=!/var/lib/greengrass/provisioned-cert/certificate.pem.crt +StartLimitBurst=3 + +[Service] +Type=oneshot +ExecStartPre=/bin/sh -c '\ + sleep 10; \ + mkdir -p /var/lib/greengrass/provisioned-cert' +ExecStart=/usr/bin/fleet-provisioning +Restart=on-failure +RestartSec=10s +TimeoutSec=300 +# Consider exit codes 0, 1 as successful completion +SuccessExitStatus=0 1 +User=root +Group=root +RemainAfterExit=true + +[Install] +WantedBy=greengrass-lite.target diff --git a/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite/ggl.gg_pre-fleetprovisioning.service b/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite/ggl.gg_pre-fleetprovisioning.service new file mode 100644 index 00000000..17eaa7c6 --- /dev/null +++ b/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite/ggl.gg_pre-fleetprovisioning.service @@ -0,0 +1,26 @@ +[Unit] +Description=Greengrass Lite pre Fleet Provisioning Service +After=systemd-time-wait-sync.service +After=network-online.target +Wants=network-online.target +Before=ggl.core.ggconfigd.service +Before=ggl.gg_fleetprovisioning.service +ConditionPathExists=!/var/lib/greengrass/provisioned-cert + +[Service] +Type=oneshot +ExecStart=/bin/sh -c '\ + default_iface=$(ip route | grep default | awk "{print \$5}" | head -n1); \ + mac_address=$(cat /sys/class/net/"$default_iface"/address | tr ":" "_"); \ + sed -i "s//$mac_address/g" "/etc/greengrass/config.d/fleetprovisioning.yaml";' +Restart=on-failure +RestartSec=10s +StartLimitBurst=3 +TimeoutSec=300 +SuccessExitStatus=0 1 15 +User=root +Group=root +RemainAfterExit=true + +[Install] +WantedBy=greengrass-lite.target diff --git a/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite/ggl.local-deployment.service b/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite/ggl.local-deployment.service new file mode 100644 index 00000000..743ff471 --- /dev/null +++ b/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite/ggl.local-deployment.service @@ -0,0 +1,29 @@ +[Unit] +Description=Greengrass Lite Image-Provided Component Auto-Deployment +After=greengrass-lite.target ggl.gg_post-fleetprovisioning.service + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStartPre=/bin/sh -c 'sleep 10' +ExecStart=/usr/bin/ggl-deploy-image-components +# Disable service after successful deployment to prevent future runs +ExecStopPost=/bin/sh -c '\ + if [ "$SERVICE_RESULT" = "success" ]; then \ + echo "Local deployment completed successfully"; \ + echo "Disabling ggl.local-deployment.service to prevent future runs"; \ + if systemctl disable ggl.local-deployment.service 2>/dev/null; then \ + echo "Service ggl.local-deployment.service disabled successfully"; \ + else \ + echo "Warning: Failed to disable service ggl.local-deployment.service, but deployment was successful"; \ + fi; \ + else \ + echo "Local deployment failed, service remains enabled for retry"; \ + fi' +User=root +Group=ggcore +StandardOutput=journal +StandardError=journal + +[Install] +WantedBy=multi-user.target diff --git a/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite_git.bb b/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite_git.bb new file mode 100644 index 00000000..8d08293b --- /dev/null +++ b/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite_git.bb @@ -0,0 +1,247 @@ +SUMMARY = "AWS IoT Greengrass lite" +DESCRIPTION = "AWS IoT Greengrass runtime for constrained devices" +HOMEPAGE = "https://github.com/aws-greengrass/aws-greengrass-lite" +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://LICENSE;md5=34400b68072d710fecd0a2940a0d1658" + +DEPENDS += "\ + curl \ + libevent \ + libyaml \ + openssl \ + sdbus-c++-libsystemd \ + sqlite3 \ + util-linux-libuuid \ + uriparser \ + libzip \ + " + +DEPENDS:append:libc-musl = " argp-standalone" +LDFLAGS:append:libc-musl = " -largp" + +### enable CLANG instead of GCC +#TOOLCHAIN = "clang" + +### +# Use this for development to specify a local folder as source dir (cloned repo) +# inherit externalsrc +# EXTERNALSRC = "${TOPDIR}/../../aws-greengrass-lite" +# EXTERNALSRC_BUILD = "${EXTERNALSRC}/build/${DEVICE}_${IMAGE}" +### + +# THIS IS DISABLED IF exernalsrc is enabled +SRC_URI = "\ + git://github.com/aws-greengrass/aws-greengrass-lite.git;protocol=https;branch=main;name=ggl \ + git://github.com/FreeRTOS/coreMQTT.git;protocol=https;branch=main;name=mqtt;destsuffix=${S}/thirdparty/core_mqtt \ + git://github.com/FreeRTOS/backoffAlgorithm.git;protocol=https;branch=main;name=backoff;destsuffix=${S}/thirdparty/backoff_algorithm \ + git://github.com/aws/SigV4-for-AWS-IoT-embedded-sdk.git;protocol=https;branch=main;name=sigv4;destsuffix=${S}/thirdparty/aws_sigv4 \ + git://github.com/aws-greengrass/aws-greengrass-sdk-lite.git;protocol=https;branch=main;name=sdk;destsuffix=${S}/thirdparty/ggl_sdk \ + file://001-disable_strip.patch \ + ${@bb.utils.contains('PACKAGECONFIG','fleetprovisioning','file://004-fix-fleet-provisioning-circular-dependency.patch','',d)} \ + file://greengrass-lite.yaml \ + file://run-ptest \ + ${@bb.utils.contains('PACKAGECONFIG','localdeployment','file://ggl.local-deployment.service','',d)} \ + ${@bb.utils.contains('PACKAGECONFIG','localdeployment','file://ggl-deploy-image-components','',d)} \ + ${@bb.utils.contains('PACKAGECONFIG','fleetprovisioning','file://ggl.gg_pre-fleetprovisioning.service','',d)} \ + ${@bb.utils.contains('PACKAGECONFIG','fleetprovisioning','file://ggl.gg_fleetprovisioning.service','',d)} \ +" + +SRCREV_ggl = "c116286afaee26736dbcf3ed0a7a897c3bb2f921" + +# must match fc_deps.json +SRCREV_mqtt = "f1827d8b46703f1c5ff05d21b34692d3122c9a04" +SRCREV_backoff = "f2f3bb2d8310f7cb48baa3ee64b635a5d66f838b" +SRCREV_sigv4 = "f0409ced6c2c9430f0e972019b7e8f20bbf58f4e" +SRCREV_sdk = "dbef3a9cefe34469a213a7d0614d2716d5b10d75" + +EXTRA_OECMAKE:append = " \ + -DFETCHCONTENT_SOURCE_DIR_CORE_MQTT=${S}/thirdparty/core_mqtt \ + -DFETCHCONTENT_SOURCE_DIR_BACKOFF_ALGORITHM=${S}/thirdparty/backoff_algorithm \ + -DFETCHCONTENT_SOURCE_DIR_AWS_SIGV4=${S}/thirdparty/aws_sigv4 \ + -DFETCHCONTENT_SOURCE_DIR_GGL_SDK=${S}/thirdparty/ggl_sdk \ + " + +SRCREV_FORMAT .= "_ggl_core_mqtt_backoff_aws_sigv4_ggl_sdk" + +do_configure:prepend() { + # verify that all dependencies have correct version + grep -q ${SRCREV_mqtt} ${S}/fc_deps.json || bbfatal "ERROR: dependency version mismatch, please update 'SRCREV_mqtt'!" + grep -q ${SRCREV_backoff} ${S}/fc_deps.json || bbfatal "ERROR: dependency version mismatch, please update 'SRCREV_backoff'!" + grep -q ${SRCREV_sigv4} ${S}/fc_deps.json || bbfatal "ERROR: dependency version mismatch, please update 'SRCREV_sigv4'!" + grep -q ${SRCREV_sdk} ${S}/fc_deps.json || bbfatal "ERROR: dependency version mismatch, please update 'SRCREV_sdk'!" +} + +S = "${WORKDIR}/git" + +# Fleet provisioning configuration - overwrite in your local config, e.g. IOT_DATA_ENDPOINT:pn-greengrass-lite = "xxx" +IOT_DATA_ENDPOINT ?= "" +IOT_CRED_ENDPOINT ?= "" +FLEET_PROVISIONING_TEMPLATE ?= "" +CLAIM_CERT_PATH ?= "" +CLAIM_KEY_PATH ?= "" +ROOT_CA_PATH ?= "" +IOT_ROLE_ALIAS ?= "" +AWS_REGION ?= "" + +FILES:${PN}:append = " \ + ${systemd_unitdir}/system/greengrass-lite.service \ + ${@bb.utils.contains('PACKAGECONFIG','localdeployment','${systemd_unitdir}/system/ggl.local-deployment.service','',d)} \ + ${@bb.utils.contains('PACKAGECONFIG','localdeployment','${bindir}/ggl-deploy-image-components','',d)} \ + ${@bb.utils.contains('PACKAGECONFIG','fleetprovisioning','${systemd_unitdir}/system/ggl.gg_fleetprovisioning.service','',d)} \ + ${@bb.utils.contains('PACKAGECONFIG','fleetprovisioning','${systemd_unitdir}/system/ggl.gg_pre-fleetprovisioning.service','',d)} \ + /usr/components/* \ + /usr/share/greengrass-image-components/* \ + ${sysconfdir}/sudoers.d/${BPN} \ + /usr/lib/* \ + ${gg_workingdir} \ + ${sysconfdir}/greengrass/certs/* \ + " + +# Runtime dependencies +RDEPENDS:${PN} += "bash" + +REQUIRED_DISTRO_FEATURES = "systemd" + +# enable fleetprovisioning for testing by default to get test coverage +PACKAGECONFIG ?= "\ + ${@bb.utils.contains('PTEST_ENABLED', '1', 'with-tests', '', d)} \ + ${@bb.utils.contains('PTEST_ENABLED', '1', 'fleetprovisioning', '', d)} \ + " + +# this is to make the PACKAGECONFIG QA check happy +PACKAGECONFIG[fleetprovisioning] = "" +PACKAGECONFIG[localdeployment] = "" + +PACKAGECONFIG[with-tests] = "-DBUILD_TESTING=ON -DBUILD_EXAMPLES=ON,-DBUILD_TESTING=OFF," + +# default is stripped, we wanna do this by yocto +EXTRA_OECMAKE:append = " -DCMAKE_BUILD_TYPE=RelWithDebInfo" +# EXTRA_OECMAKE:append = " -DCMAKE_BUILD_TYPE=MinSizeRel" + +# EXTRA_OECMAKE:append = " -DGGL_LOG_LEVEL=DEBUG" + +# No warnings should be in commited code, not enabled yet +# CFLAGS:append = " -Werror" + +SYSTEMD_SERVICE:${PN} = "\ + ggl.aws_iot_mqtt.socket \ + ggl.aws_iot_tes.socket \ + ggl.aws.greengrass.TokenExchangeService.service \ + ggl.core.gg-fleet-statusd.service \ + ggl.core.ggconfigd.service \ + ggl.core.ggdeploymentd.service \ + ggl.core.gghealthd.service \ + ggl.core.ggipcd.service \ + ggl.core.ggpubsubd.service \ + ggl.core.iotcored.service \ + ggl.core.tesd.service \ + ggl.gg_config.socket \ + ggl.gg_deployment.socket \ + ggl.gg_fleet_status.socket \ + ggl.gg_health.socket \ + ggl.gg_pubsub.socket \ + ggl.gg-ipc.socket.socket \ + ggl.ipc_component.socket \ + ${@bb.utils.contains('PACKAGECONFIG','localdeployment','ggl.local-deployment.service','',d)} \ + ${@bb.utils.contains('PACKAGECONFIG','fleetprovisioning','ggl.gg_fleetprovisioning.service ','',d)} \ + ${@bb.utils.contains('PACKAGECONFIG','fleetprovisioning','ggl.gg_pre-fleetprovisioning.service ','',d)} \ + greengrass-lite.target \ +" + +inherit systemd cmake pkgconfig useradd features_check ptest + +gg_workingdir ?= "${localstatedir}/lib/greengrass" + +# https://github.com/aws-greengrass/aws-greengrass-lite/blob/main/docs/INSTALL.md#usergroup +# user and group for greengrass itself +gg_user = "ggcore" +gg_group = "ggcore" + +# default user and group for greengrass components +ggc_user = "gg_component" +ggc_group = "gg_component" + +# set user and group for greengrass-lite itself +EXTRA_OECMAKE:append = " -DGGL_SYSTEMD_SYSTEM_USER=${gg_user}" +EXTRA_OECMAKE:append = " -DGGL_SYSTEMD_SYSTEM_GROUP=${gg_group}" +EXTRA_OECMAKE:append = " -DGGL_SYSTEMD_SYSTEM_DIR=${systemd_system_unitdir}" + +do_install:append() { + + install -d ${D}/${sysconfdir}/greengrass + install -d -m 0755 ${D}/${sysconfdir}/greengrass/config.d + + install -m 0644 ${WORKDIR}/greengrass-lite.yaml ${D}/${sysconfdir}/greengrass/config.d + sed -i -e 's,@GG_WORKING_DIR@,${gg_workingdir},g' \ + -e 's,@GG_USER@,${gg_user},g' \ + -e 's,@GG_GROUP@,${gg_group},g' \ + ${D}/${sysconfdir}/greengrass/config.d/greengrass-lite.yaml + + install -d ${D}/${gg_workingdir} + chown ${gg_user}:${gg_group} ${D}/${gg_workingdir} + + # Local deployment service and script are installed conditionally via PACKAGECONFIG + if ${@bb.utils.contains('PACKAGECONFIG','localdeployment','true','false',d)}; then + install -m 0644 ${WORKDIR}/ggl.local-deployment.service ${D}${systemd_unitdir}/system/ + install -m 0755 ${WORKDIR}/ggl-deploy-image-components ${D}${bindir}/ + fi + + if ${@bb.utils.contains('PACKAGECONFIG','fleetprovisioning','true','false',d)}; then + # Create ggcredentials directory for fleet provisioning + install -m 0644 ${WORKDIR}/ggl.gg_pre-fleetprovisioning.service ${D}${systemd_unitdir}/system/ + install -m 0644 ${WORKDIR}/ggl.gg_fleetprovisioning.service ${D}${systemd_unitdir}/system/ + + # Replace variables in the config file using a temporary file to ensure proper expansion + cat > ${D}/${sysconfdir}/greengrass/config.d/fleetprovisioning.yaml << EOF +--- +system: + thingName: "" + privateKeyPath: "" + certificateFilePath: "" +services: + aws.greengrass.NucleusLite: + componentType: "NUCLEUS" + configuration: + awsRegion: "${AWS_REGION}" + iotCredEndpoint: "" + iotDataEndpoint: "" + iotRoleAlias: "${IOT_ROLE_ALIAS}" + runWithDefault: + posixUser: "${gg_user}:${gg_group}" + greengrassDataPlanePort: "8443" + aws.greengrass.fleet_provisioning: + configuration: + iotDataEndpoint: "${IOT_DATA_ENDPOINT}" + iotCredEndpoint: "${IOT_CRED_ENDPOINT}" + claimCertPath: "/etc/greengrass/certs/claim.cert.pem" + claimKeyPath: "/etc/greengrass/certs/claim.key.pem" + rootCaPath: "/etc/greengrass/certs/AmazonRootCA1.pem" + templateName: "${FLEET_PROVISIONING_TEMPLATE}" + templateParams: '{"SerialNumber": ""}' +EOF + # Create certificates directory + install -d ${D}/${sysconfdir}/greengrass/certs + + # Install certificates only if CLAIM_CERT_PATH is set + if [ "${CLAIM_CERT_PATH}" != "" ]; then + # Install claim certificates from specified path + install -m 0644 ${CLAIM_CERT_PATH} ${D}/${sysconfdir}/greengrass/certs/claim.cert.pem + install -m 0600 ${CLAIM_KEY_PATH} ${D}/${sysconfdir}/greengrass/certs/claim.key.pem + install -m 0644 ${ROOT_CA_PATH} ${D}/${sysconfdir}/greengrass/certs/AmazonRootCA1.pem + + # Ensure correct ownership + chown -R ${gg_user}:${gg_group} ${D}/${sysconfdir}/greengrass/certs + else + bbwarn "CLAIM_CERT_PATH is not set. Fleet provisioning certificates will not be installed." + bbwarn "You will need to provide the certificates manually at /etc/greengrass/certs/" + fi + fi + +} + +# watch for changed fleetprovisioning files to rebuild if they are changed +SSTATE_SCAN_FILES:append = " ${@' ${CLAIM_CERT_PATH} ${CLAIM_KEY_PATH} ${ROOT_CA_PATH}' if (bb.utils.contains('PACKAGECONFIG', 'fleetprovisioning', True, False, d)) else ''}" + +USERADD_PACKAGES = "${PN}" +GROUPADD_PARAM:${PN} = "-r ${gg_group}; -r ${ggc_group}" +USERADD_PARAM:${PN} = "-r -M -N -g ${gg_group} -s /bin/false ${gg_user}; -r -M -N -g ${ggc_group} -s /bin/false ${ggc_user}" From 38470348264543ea8acc61e02b6662173df051cd Mon Sep 17 00:00:00 2001 From: tro Date: Tue, 30 Sep 2025 12:57:31 +0200 Subject: [PATCH 65/66] 2025 09 30 master next finish streaming --- layers/sw/meta-aws | 2 +- layers/sw/scarthgap-rust-mixin | 1 + .../aws-iot-greengrass-demo-image/config.conf | 21 +++---------------- .../aws-iot-greengrass-demo-simple-image.bb | 2 +- .../config.conf | 18 ++-------------- ...ot-greengrass-lite-container-demo-image.bb | 3 +++ .../config.conf | 5 ++++- .../aws-iot-greengrass-lite-demo-ec2-image.bb | 3 +++ .../config.conf | 3 +++ .../README.md | 11 ++++++---- .../aws-iot-greengrass-lite-demo-bundle.bb | 3 +-- .../aws-iot-greengrass-lite-demo-image.bb | 6 ++++-- .../config.conf | 7 +++++-- ...t-greengrass-lite-demo-simple-image-tpm.bb | 3 +++ .../config.conf | 20 +++--------------- ...s-iot-greengrass-lite-demo-simple-image.bb | 3 +++ .../config.conf | 18 ++-------------- .../README.md | 16 +++----------- ...iot-greengrass-lite-demo-swupdate-image.bb | 5 ++++- .../config.conf | 7 ++++--- ...aws-iot-greengrass-lite-demo-tiny-image.bb | 6 ++++++ ...t-greengrass-lite-walltablet-demo-image.bb | 3 +++ .../config.conf | 9 ++++---- ...s-iot-greengrass-lite-webrtc-demo-image.bb | 3 +++ .../config.conf | 3 +++ .../images/aws-webrtc-demo-image/config.conf | 3 +++ .../files/rauc-grow-data-partition.service | 12 +++++++++++ .../rauc/files/rauc.service.d/override.conf | 3 +++ .../recipes-core/rauc/rauc_%.bbappend | 11 ++++++++++ .../aws-iot-greengrass/greengrass-lite_git.bb | 2 +- poky | 2 +- 31 files changed, 111 insertions(+), 103 deletions(-) create mode 160000 layers/sw/scarthgap-rust-mixin create mode 100644 meta-aws-demos/recipes-core/rauc/files/rauc-grow-data-partition.service create mode 100644 meta-aws-demos/recipes-core/rauc/files/rauc.service.d/override.conf create mode 100644 meta-aws-demos/recipes-core/rauc/rauc_%.bbappend diff --git a/layers/sw/meta-aws b/layers/sw/meta-aws index 66a4a115..cc89a369 160000 --- a/layers/sw/meta-aws +++ b/layers/sw/meta-aws @@ -1 +1 @@ -Subproject commit 66a4a1158373634e26ba52b5b5f3846047d86622 +Subproject commit cc89a369f14e2543fe357fdb6735c997766bd6d3 diff --git a/layers/sw/scarthgap-rust-mixin b/layers/sw/scarthgap-rust-mixin new file mode 160000 index 00000000..a0705b87 --- /dev/null +++ b/layers/sw/scarthgap-rust-mixin @@ -0,0 +1 @@ +Subproject commit a0705b87e7c1a257dafb089063f3302ed49c87d3 diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-demo-image/config.conf b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-demo-image/config.conf index 4b01ca55..f18042c4 100644 --- a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-demo-image/config.conf +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-demo-image/config.conf @@ -42,24 +42,9 @@ INHERIT += "create-spdx" # add build info to the image INHERIT += "image-buildinfo" - -# tests - -# use slirp networking instead of TAP interface (require root rights) -#QEMU_USE_SLIRP = "1" -#TEST_SERVER_IP = "127.0.0.1" - -# this will specify what test should run when running testimage cmd - oeqa layer tests + ptests: -# Ping and SSH are not required, but do help in debugging. ptest will discover all ptest packages. -# TEST_SUITES = " ping ssh ptest" - -# this will allow - running testimage cmd: bitbake core-image-minimal -c testimage -# IMAGE_CLASSES += "testimage" - -# PUT = package under test / this is set in auto.conf -# PUT = "greengrass-lite-ptest" -# IMAGE_INSTALL:append = " ptest-runner ssh ${PUT}" - # if not set, you will have to take care of mount points at two places, with this set image # partition layout is done in wic file and fstab settings in aws-iot-greengrass-lite-demo-ab-image.bb WIC_CREATE_EXTRA_ARGS = "--no-fstab-update" + +# we do not want to have ptests in demo images enabled +DISTRO_FEATURES:remove = " ptest" diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-demo-simple-image/aws-iot-greengrass-demo-simple-image.bb b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-demo-simple-image/aws-iot-greengrass-demo-simple-image.bb index 2b021960..0453ea48 100644 --- a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-demo-simple-image/aws-iot-greengrass-demo-simple-image.bb +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-demo-simple-image/aws-iot-greengrass-demo-simple-image.bb @@ -62,4 +62,4 @@ extra_files () { # enable systemd-time-wait-sync as this is important for greengrass to have a correct clock ln -sf /${libdir}/systemd/system/systemd-time-wait-sync.service ${IMAGE_ROOTFS}/${sysconfdir}/systemd/system/multi-user.target.wants/ -} \ No newline at end of file +} diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-demo-simple-image/config.conf b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-demo-simple-image/config.conf index ec4acf8b..fad7204c 100644 --- a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-demo-simple-image/config.conf +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-demo-simple-image/config.conf @@ -20,19 +20,5 @@ BB_GENERATE_SHALLOW_TARBALLS = "1" INHERIT += "create-spdx" -# tests - -# use slirp networking instead of TAP interface (require root rights) -#QEMU_USE_SLIRP = "1" -#TEST_SERVER_IP = "127.0.0.1" - -# this will specify what test should run when running testimage cmd - oeqa layer tests + ptests: -# Ping and SSH are not required, but do help in debugging. ptest will discover all ptest packages. -# TEST_SUITES = " ping ssh ptest" - -# this will allow - running testimage cmd: bitbake core-image-minimal -c testimage -# IMAGE_CLASSES += "testimage" - -# PUT = package under test / this is set in auto.conf -# PUT = "greengrass-lite-ptest" -# IMAGE_INSTALL:append = " ptest-runner ssh ${PUT}" +# we do not want to have ptests in demo images enabled +DISTRO_FEATURES:remove = " ptest" diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-container-demo-image/aws-iot-greengrass-lite-container-demo-image.bb b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-container-demo-image/aws-iot-greengrass-lite-container-demo-image.bb index 380db636..e58a827d 100644 --- a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-container-demo-image/aws-iot-greengrass-lite-container-demo-image.bb +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-container-demo-image/aws-iot-greengrass-lite-container-demo-image.bb @@ -33,3 +33,6 @@ DISTRO_FEATURES:remove = "sysvinit" ### AWS ### IMAGE_INSTALL:append = " greengrass-lite" + +# disable fleetprovisioning +PACKAGECONFIG:pn-greengrass-lite = "" diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-container-demo-image/config.conf b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-container-demo-image/config.conf index 98068053..911d66c3 100644 --- a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-container-demo-image/config.conf +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-container-demo-image/config.conf @@ -1,3 +1,6 @@ DISTRO = "poky-altcfg" -DISTRO_FEATURES:append = " virtualization" \ No newline at end of file +DISTRO_FEATURES:append = " virtualization" + +# we do not want to have ptests in demo images enabled +DISTRO_FEATURES:remove = " ptest" diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-ec2-image/aws-iot-greengrass-lite-demo-ec2-image.bb b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-ec2-image/aws-iot-greengrass-lite-demo-ec2-image.bb index 196594a4..a41cffbd 100644 --- a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-ec2-image/aws-iot-greengrass-lite-demo-ec2-image.bb +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-ec2-image/aws-iot-greengrass-lite-demo-ec2-image.bb @@ -198,3 +198,6 @@ IMAGE_INSTALL:append = " systemd-extra-utils" # this will install the rauc configuration file IMAGE_INSTALL:append = " virtual-rauc-conf" + +# disable fleetprovisioning +PACKAGECONFIG:pn-greengrass-lite = "" diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-ec2-image/config.conf b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-ec2-image/config.conf index c6f8eaac..a4f12124 100644 --- a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-ec2-image/config.conf +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-ec2-image/config.conf @@ -43,3 +43,6 @@ EFI_PROVIDER = "grub-efi" MACHINE_FEATURES += "efi" PREFERRED_RPROVIDER_virtual-grub-bootconf = "rauc-qemu-grubconf" + +# we do not want to have ptests in demo images enabled +DISTRO_FEATURES:remove = " ptest" diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/README.md b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/README.md index c2fab70f..73db18a0 100644 --- a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/README.md +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/README.md @@ -120,7 +120,7 @@ systemctl status --with-dependencies greengrass-lite.target ## Fleetprovisioning example -Follow instructiongs [here](scripts/fleetprovisioning/README.md) +Follow instructions [here](scripts/fleetprovisioning/README.md) ## A/B update example made with [meta-rauc](https://github.com/rauc/meta-rauc-community) @@ -240,7 +240,7 @@ Manifests: Unarchive: 'NONE' ``` -## Configuration for streaming updates +## Configuration for streaming / adaptive updates The update file (`update.raucb`) is stored in an S3 bucket. But not downloaded as before from the Greengrass component, instead a signed url is generated and passed into rauc. This allows (streaming)[https://rauc.readthedocs.io/en/latest/advanced.html#http-streaming] and (adaptive)[https://rauc.readthedocs.io/en/latest/advanced.html#adaptive-updates] updates. @@ -265,14 +265,17 @@ Manifests: bootstrap: Script: | echo Bootstrap - BUCKET=rauc-yocto-test-bucket - UPDATEFILE=aws-iot-greengrass-lite-demo-swupdate-file-raspberrypi-armv8.rootfs.swu + BUCKET=rauc-adaptive-test + UPDATEFILE=aws-iot-greengrass-lite-demo-bundle-raspberrypi-armv8.raucb + REGION=$(aws s3api get-bucket-location --bucket "$BUCKET" --query LocationConstraint --output text) echo $REGION BUNDLE_URL=$(aws s3 presign "s3://$BUCKET/$UPDATEFILE" --expires-in 3600 --endpoint-url "https://s3.$REGION.amazonaws.com") echo $BUNDLE_URL sudo rauc install $BUNDLE_URL + sleep 5 RequiresPrivilege: true + Timeout: '600' startup: Script: | echo Startup diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/aws-iot-greengrass-lite-demo-bundle.bb b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/aws-iot-greengrass-lite-demo-bundle.bb index dd2baf51..8e45fa2a 100644 --- a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/aws-iot-greengrass-lite-demo-bundle.bb +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/aws-iot-greengrass-lite-demo-bundle.bb @@ -2,8 +2,7 @@ DESCRIPTION = "A update bundle for aws-iot-greengrass-lite-demo-image" inherit bundle -# RAUC_BUNDLE_VERSION = "v20200703" -# RAUC_BUNDLE_DESCRIPTION = "RAUC Demo Bundle" +RAUC_BUNDLE_DESCRIPTION = "aws-iot-greengrass-lite-demo-bundle" RAUC_BUNDLE_SLOTS = "rootfs" RAUC_SLOT_rootfs = "aws-iot-greengrass-lite-demo-image" diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/aws-iot-greengrass-lite-demo-image.bb b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/aws-iot-greengrass-lite-demo-image.bb index 114e4d40..84c1bb43 100644 --- a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/aws-iot-greengrass-lite-demo-image.bb +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/aws-iot-greengrass-lite-demo-image.bb @@ -131,7 +131,9 @@ IMAGE_INSTALL:append = " aws-cli" # rootfs image size must to be 4K-aligned IMAGE_ROOTFS_ALIGNMENT = "4" -# TODO # ext4 block size should be set to 4K and use a fixed directory hash seed to # reduce the image delta size (keep oe-core's 4K bytes-per-inode) -# EXTRA_IMAGECMD:ext4 = "-i 4096 -b 4096 -E hash_seed=86ca73ff-7379-40bd-a098-fcb03a6e719d" \ No newline at end of file +EXTRA_IMAGECMD:ext4 = "-i 4096 -b 4096 -E hash_seed=86ca73ff-7379-40bd-a098-fcb03a6e719d" + +# disable fleetprovisioning (default on) +PACKAGECONFIG:pn-greengrass-lite = "" diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/config.conf b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/config.conf index b7c30f31..278f55b1 100644 --- a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/config.conf +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/config.conf @@ -3,8 +3,8 @@ DISTRO = "poky-altcfg" QB_MEM = "-m 2048" BOOT_SPACE = "69152" -# we are read only, no addition space necessary -IMAGE_OVERHEAD_FACTOR = "1" +# we are read only, no addition space necessary, except for rauc +IMAGE_OVERHEAD_FACTOR = "1.1" BOOT_SPACE = "69152" @@ -45,3 +45,6 @@ INHERIT += "image-buildinfo" # if not set, you will have to take care of mount points at two places, with this set image # partition layout is done in wic file and fstab settings in aws-iot-greengrass-lite-demo-ab-image.bb WIC_CREATE_EXTRA_ARGS = "--no-fstab-update" + +# we do not want to have ptests in demo images enabled +DISTRO_FEATURES:remove = "ptest" \ No newline at end of file diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-simple-image-tpm/aws-iot-greengrass-lite-demo-simple-image-tpm.bb b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-simple-image-tpm/aws-iot-greengrass-lite-demo-simple-image-tpm.bb index fb60f759..0dc23b48 100644 --- a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-simple-image-tpm/aws-iot-greengrass-lite-demo-simple-image-tpm.bb +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-simple-image-tpm/aws-iot-greengrass-lite-demo-simple-image-tpm.bb @@ -65,3 +65,6 @@ extra_files_rpi () { install -d ${IMAGE_ROOTFS}/${sysconfdir}/systemd/system/multi-user.target.wants/ ln -sf /${libdir}/systemd/system/wpa_supplicant@.service ${IMAGE_ROOTFS}/${sysconfdir}/systemd/system/multi-user.target.wants/wpa_supplicant@wlan0.service } + +# disable fleetprovisioning +PACKAGECONFIG:pn-greengrass-lite = "" diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-simple-image-tpm/config.conf b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-simple-image-tpm/config.conf index a06164e1..710be82c 100644 --- a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-simple-image-tpm/config.conf +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-simple-image-tpm/config.conf @@ -20,23 +20,6 @@ BB_GENERATE_SHALLOW_TARBALLS = "1" INHERIT += "create-spdx" -# tests - -# use slirp networking instead of TAP interface (require root rights) -#QEMU_USE_SLIRP = "1" -#TEST_SERVER_IP = "127.0.0.1" - -# this will specify what test should run when running testimage cmd - oeqa layer tests + ptests: -# Ping and SSH are not required, but do help in debugging. ptest will discover all ptest packages. -# TEST_SUITES = " ping ssh ptest" - -# this will allow - running testimage cmd: bitbake core-image-minimal -c testimage -# IMAGE_CLASSES += "testimage" - -# PUT = package under test / this is set in auto.conf -# PUT = "greengrass-lite-ptest" -# IMAGE_INSTALL:append = " ptest-runner ssh ${PUT}" - # tpm support IMAGE_INSTALL:append = " packagegroup-security-tpm2" @@ -48,3 +31,6 @@ DISTRO_FEATURES:append = " tpm" # additional steps required: https://github.com/tpm2-software/tpm2-tss/blob/master/doc/tcti-spi-ltt2go.md#abrmd-udev--systemd-service DEPENDS:append:pn-tpm2-tss = " libusb1" DEPENDS:append:pn-tpm2-tss-engine = " libusb1" + +# we do not want to have ptests in demo images enabled +DISTRO_FEATURES:remove = " ptest" diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-simple-image/aws-iot-greengrass-lite-demo-simple-image.bb b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-simple-image/aws-iot-greengrass-lite-demo-simple-image.bb index fb60f759..0dc23b48 100644 --- a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-simple-image/aws-iot-greengrass-lite-demo-simple-image.bb +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-simple-image/aws-iot-greengrass-lite-demo-simple-image.bb @@ -65,3 +65,6 @@ extra_files_rpi () { install -d ${IMAGE_ROOTFS}/${sysconfdir}/systemd/system/multi-user.target.wants/ ln -sf /${libdir}/systemd/system/wpa_supplicant@.service ${IMAGE_ROOTFS}/${sysconfdir}/systemd/system/multi-user.target.wants/wpa_supplicant@wlan0.service } + +# disable fleetprovisioning +PACKAGECONFIG:pn-greengrass-lite = "" diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-simple-image/config.conf b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-simple-image/config.conf index 5da606df..ddfd0cc6 100644 --- a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-simple-image/config.conf +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-simple-image/config.conf @@ -20,19 +20,5 @@ BB_GENERATE_SHALLOW_TARBALLS = "1" INHERIT += "create-spdx" -# tests - -# use slirp networking instead of TAP interface (require root rights) -#QEMU_USE_SLIRP = "1" -#TEST_SERVER_IP = "127.0.0.1" - -# this will specify what test should run when running testimage cmd - oeqa layer tests + ptests: -# Ping and SSH are not required, but do help in debugging. ptest will discover all ptest packages. -# TEST_SUITES = " ping ssh ptest" - -# this will allow - running testimage cmd: bitbake core-image-minimal -c testimage -# IMAGE_CLASSES += "testimage" - -# PUT = package under test / this is set in auto.conf -# PUT = "greengrass-lite-ptest" -# IMAGE_INSTALL:append = " ptest-runner ssh ${PUT}" +# we do not want to have ptests in demo images enabled +DISTRO_FEATURES:remove = " ptest" diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/README.md b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/README.md index 97e68d7b..20ad3278 100644 --- a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/README.md +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/README.md @@ -1,6 +1,6 @@ # aws-iot-greengrass-lite-demo-swupdate-image -Similar to -But demo for (swupdate[])https://sbabic.github.io/swupdate/index.html] +Similar to [aws-iot-greengrass-lite-demo-image](../aws-iot-greengrass-lite-demo-image/README.md) +But demo for (swupdate[https://sbabic.github.io/swupdate/index.html] Tested with: `raspberrypi-64` @@ -29,8 +29,7 @@ swupdate -i /tmp/aws-iot-greengrass-lite-demo-swupdate-file-raspberrypi-armv8.r ``` - -## How to use in a gg component +## How to use this in a gg component The component operates in two main phases: @@ -73,15 +72,6 @@ Manifests: startup: Script: | echo Startup - rauc status - current_booted_slot_bundle_hash=$(rauc status --detailed --output-format=json-pretty | jq -r '.slots[] | select(.[].state == "booted") | .[].slot_status.bundle.hash') - bundle_hash=$(rauc info --output-format=json-pretty {artifacts:path}/aws-iot-greengrass-lite-demo-swupdate-file-raspberrypi-armv8.rootfs.swu | jq -r '.hash') - if [ "$current_booted_slot_bundle_hash" == "$bundle_hash" ]; then - echo "Bundle image hash matches the current running slot" - else - echo "Bundle image hash differs from the current running slot" - exit 1 - fi Artifacts: - URI: 's3://2024-11-27-us-east-1ab-update/aws-iot-greengrass-lite-demo-swupdate-file-raspberrypi-armv8.rootfs.swu' Unarchive: 'NONE' diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/aws-iot-greengrass-lite-demo-swupdate-image.bb b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/aws-iot-greengrass-lite-demo-swupdate-image.bb index 12eb6d03..cbed3652 100644 --- a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/aws-iot-greengrass-lite-demo-swupdate-image.bb +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/aws-iot-greengrass-lite-demo-swupdate-image.bb @@ -137,4 +137,7 @@ IMAGE_INSTALL += "\ util-linux-sfdisk \ " -IMAGE_INSTALL:append = " aws-cli" \ No newline at end of file +IMAGE_INSTALL:append = " aws-cli" + +# disable fleetprovisioning +PACKAGECONFIG:pn-greengrass-lite = "" diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/config.conf b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/config.conf index 1db43940..086adf3f 100644 --- a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/config.conf +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-swupdate-image/config.conf @@ -24,9 +24,6 @@ WKS_FILE = "${THISDIR}/wic/sdimage-aws-iot-greengrass-lite-demo_partition.wks.in IMAGE_FSTYPES = "ext4 ext4.gz wic wic.bz2 " # IMAGE_INSTALL:append = " rauc" -# just necessary if aws-iot-device-client is installed -PACKAGECONFIG:pn-aws-iot-device-client = "st" - COPY_LIC_MANIFEST = "1" COPY_LIC_DIRS = "1" @@ -45,3 +42,7 @@ INHERIT += "image-buildinfo" # if not set, you will have to take care of mount points at two places, with this set image # partition layout is done in wic file and fstab settings in aws-iot-greengrass-lite-demo-ab-image.bb WIC_CREATE_EXTRA_ARGS = "--no-fstab-update" + + +# we do not want to have ptests in demo images enabled +DISTRO_FEATURES:remove = " ptest" diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-tiny-image/aws-iot-greengrass-lite-demo-tiny-image.bb b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-tiny-image/aws-iot-greengrass-lite-demo-tiny-image.bb index 08f7da10..8f11ec5a 100644 --- a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-tiny-image/aws-iot-greengrass-lite-demo-tiny-image.bb +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-tiny-image/aws-iot-greengrass-lite-demo-tiny-image.bb @@ -33,3 +33,9 @@ extra_files () { # enable systemd-time-wait-sync as this is important for greengrass to have a correct clock ln -sf /${libdir}/systemd/system/systemd-time-wait-sync.service ${IMAGE_ROOTFS}/${sysconfdir}/systemd/system/multi-user.target.wants/ } + +# we do not want to have ptests in demo images enabled +DISTRO_FEATURES:remove = " ptest" + +# disable fleetprovisioning +PACKAGECONFIG:pn-greengrass-lite = "" diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-walltablet-demo-image/aws-iot-greengrass-lite-walltablet-demo-image.bb b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-walltablet-demo-image/aws-iot-greengrass-lite-walltablet-demo-image.bb index 279416a6..18882fb2 100644 --- a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-walltablet-demo-image/aws-iot-greengrass-lite-walltablet-demo-image.bb +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-walltablet-demo-image/aws-iot-greengrass-lite-walltablet-demo-image.bb @@ -124,3 +124,6 @@ CORE_IMAGE_BASE_INSTALL += "gtk+3-demo" CORE_IMAGE_BASE_INSTALL += "${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'weston-xwayland matchbox-terminal', '', d)}" QB_MEM = "-m 512" + +# disable fleetprovisioning +PACKAGECONFIG:pn-greengrass-lite = "" diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-walltablet-demo-image/config.conf b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-walltablet-demo-image/config.conf index 9ac8ea86..16843309 100644 --- a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-walltablet-demo-image/config.conf +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-walltablet-demo-image/config.conf @@ -17,9 +17,6 @@ WKS_FILE = "${THISDIR}/wic/sdimage-aws-iot-greengrass-lite-demo_partition.wks.in IMAGE_FSTYPES="ext4 wic.bz2 wic" IMAGE_INSTALL:append = " rauc" -# just necessary if aws-iot-device-client is installed -PACKAGECONFIG:pn-aws-iot-device-client = "st" - COPY_LIC_MANIFEST = "1" COPY_LIC_DIRS = "1" @@ -56,4 +53,8 @@ MACHINE_FEATURES:append = " vc4graphics" DISTRO_FEATURES:append = " pulseaudio" -PACKAGECONFIG:pn-chromium-ozone-wayland += "proprietary-codecs" \ No newline at end of file +PACKAGECONFIG:pn-chromium-ozone-wayland += "proprietary-codecs" + + +# we do not want to have ptests in demo images enabled +DISTRO_FEATURES:remove = " ptest" diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-webrtc-demo-image/aws-iot-greengrass-lite-webrtc-demo-image.bb b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-webrtc-demo-image/aws-iot-greengrass-lite-webrtc-demo-image.bb index 145d1bcc..75167e24 100644 --- a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-webrtc-demo-image/aws-iot-greengrass-lite-webrtc-demo-image.bb +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-webrtc-demo-image/aws-iot-greengrass-lite-webrtc-demo-image.bb @@ -147,3 +147,6 @@ ln -sf /${libdir}/systemd/system/webrtc.service ${IMAGE_ROOTFS}/${sysconfdir}/sy # webrtc IMAGE_INSTALL:append = " amazon-kvs-webrtc-sdk" IMAGE_INSTALL:append = " gstreamer1.0 gstreamer1.0-plugins-base gstreamer1.0-plugins-good gstreamer1.0-plugins-base-apps gstreamer1.0-plugins-bad gstreamer1.0-plugins-ugly v4l-utils libcamera libcamera-apps libcamera-gst" + +# disable fleetprovisioning +PACKAGECONFIG:pn-greengrass-lite = "" diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-webrtc-demo-image/config.conf b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-webrtc-demo-image/config.conf index d572ccba..010e6c2c 100644 --- a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-webrtc-demo-image/config.conf +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-webrtc-demo-image/config.conf @@ -67,3 +67,6 @@ EXTRA_OECMAKE:append:pn-amazon-kvs-webrtc-sdk = " -DIOT_CORE_ENABLE_CREDENTIALS= # adding the webrtc reference for amazon kinesis video streams (still beta) IMAGE_INSTALL:append = " linux-webrtc-reference-for-amazon-kinesis-video-streams" + +# we do not want to have ptests in demo images enabled +DISTRO_FEATURES:remove = " ptest" diff --git a/meta-aws-demos/recipes-core/images/aws-webrtc-demo-image/config.conf b/meta-aws-demos/recipes-core/images/aws-webrtc-demo-image/config.conf index ad79fe14..12de4c43 100644 --- a/meta-aws-demos/recipes-core/images/aws-webrtc-demo-image/config.conf +++ b/meta-aws-demos/recipes-core/images/aws-webrtc-demo-image/config.conf @@ -8,3 +8,6 @@ PACKAGECONFIG:append:pn-gstreamer1.0-plugins-ugly = "x264" # opus needs to be enabled PACKAGECONFIG:append:pn-gstreamer1.0-plugins-base = "opus" + +# we do not want to have ptests in demo images enabled +DISTRO_FEATURES:remove = " ptest" diff --git a/meta-aws-demos/recipes-core/rauc/files/rauc-grow-data-partition.service b/meta-aws-demos/recipes-core/rauc/files/rauc-grow-data-partition.service new file mode 100644 index 00000000..bcba29bd --- /dev/null +++ b/meta-aws-demos/recipes-core/rauc/files/rauc-grow-data-partition.service @@ -0,0 +1,12 @@ +[Unit] +Description=Service to grow data partition size +DefaultDependencies=no +Before=home.mount + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/sbin/parted --script /dev/mmcblk0 resizepart 4 100% + +[Install] +WantedBy=home.mount diff --git a/meta-aws-demos/recipes-core/rauc/files/rauc.service.d/override.conf b/meta-aws-demos/recipes-core/rauc/files/rauc.service.d/override.conf new file mode 100644 index 00000000..08e2e8aa --- /dev/null +++ b/meta-aws-demos/recipes-core/rauc/files/rauc.service.d/override.conf @@ -0,0 +1,3 @@ +[Service] +ExecStart= +ExecStart=/usr/bin/rauc --mount=/run/rauc/mnt -d service diff --git a/meta-aws-demos/recipes-core/rauc/rauc_%.bbappend b/meta-aws-demos/recipes-core/rauc/rauc_%.bbappend new file mode 100644 index 00000000..2838a5d9 --- /dev/null +++ b/meta-aws-demos/recipes-core/rauc/rauc_%.bbappend @@ -0,0 +1,11 @@ +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" + +SRC_URI += "file://rauc.service.d/override.conf" + +do_install:append() { + install -d ${D}${systemd_system_unitdir}/rauc.service.d + install -m 0644 ${WORKDIR}/rauc.service.d/override.conf ${D}${systemd_system_unitdir}/rauc.service.d/ +} + +# enable debug logs for rauc to see stats of adaptive updates +FILES:${PN} += "${systemd_system_unitdir}/rauc.service.d/override.conf" diff --git a/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite_git.bb b/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite_git.bb index 8d08293b..07d43ff4 100644 --- a/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite_git.bb +++ b/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite_git.bb @@ -118,7 +118,7 @@ PACKAGECONFIG[with-tests] = "-DBUILD_TESTING=ON -DBUILD_EXAMPLES=ON,-DBUILD_TEST EXTRA_OECMAKE:append = " -DCMAKE_BUILD_TYPE=RelWithDebInfo" # EXTRA_OECMAKE:append = " -DCMAKE_BUILD_TYPE=MinSizeRel" -# EXTRA_OECMAKE:append = " -DGGL_LOG_LEVEL=DEBUG" +EXTRA_OECMAKE:append = " -DGGL_LOG_LEVEL=INFO" # No warnings should be in commited code, not enabled yet # CFLAGS:append = " -Werror" diff --git a/poky b/poky index 31b2c457..e3ce8932 160000 --- a/poky +++ b/poky @@ -1 +1 @@ -Subproject commit 31b2c45764702e0dfac4661db686f48374cee787 +Subproject commit e3ce89324da1e33c17c9180ef846f41d92616254 From a0bd1a00046f1708f20ec75c1a5b4bc5d9ceafa2 Mon Sep 17 00:00:00 2001 From: tro Date: Tue, 30 Sep 2025 17:59:00 +0200 Subject: [PATCH 66/66] 2025 09 30 master next improvements (#277) --- .../aws-iot-greengrass-lite-demo-image/README.md | 1 - .../aws-iot-greengrass/greengrass-config-init.bb | 6 ++++++ ...-networkd-wait-online.service.d-override.conf | 3 +++ ...angeService.service.d-fleet-provisioning.conf | 2 ++ ...l.core.tesd.service.d-fleet-provisioning.conf | 2 ++ .../ggl.gg_fleetprovisioning.service | 4 ++-- .../ggl.gg_pre-fleetprovisioning.service | 2 +- .../aws-iot-greengrass/greengrass-lite_git.bb | 16 ++++++++++++++++ 8 files changed, 32 insertions(+), 4 deletions(-) create mode 100644 meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-config-init/systemd-networkd-wait-online.service.d-override.conf create mode 100644 meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite/ggl.aws.greengrass.TokenExchangeService.service.d-fleet-provisioning.conf create mode 100644 meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite/ggl.core.tesd.service.d-fleet-provisioning.conf diff --git a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/README.md b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/README.md index 73db18a0..52960976 100644 --- a/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/README.md +++ b/meta-aws-demos/recipes-core/images/aws-iot-greengrass-lite-demo-image/README.md @@ -267,7 +267,6 @@ Manifests: echo Bootstrap BUCKET=rauc-adaptive-test UPDATEFILE=aws-iot-greengrass-lite-demo-bundle-raspberrypi-armv8.raucb - REGION=$(aws s3api get-bucket-location --bucket "$BUCKET" --query LocationConstraint --output text) echo $REGION BUNDLE_URL=$(aws s3 presign "s3://$BUCKET/$UPDATEFILE" --expires-in 3600 --endpoint-url "https://s3.$REGION.amazonaws.com") diff --git a/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-config-init.bb b/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-config-init.bb index 8e1ee09b..cb56717d 100644 --- a/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-config-init.bb +++ b/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-config-init.bb @@ -7,11 +7,13 @@ SRC_URI = "\ file://greengrass-config-init.service \ file://greengrass-config-init.sh \ file://wlan.network \ + file://systemd-networkd-wait-online.service.d-override.conf \ " FILES:${PN} += "\ ${systemd_unitdir}/system/greengrass-config-init.service \ ${sysconfdir}/systemd/network/wlan.network \ + ${systemd_unitdir}/system/systemd-networkd-wait-online.service.d/override.conf \ " RDEPENDS:${PN} += "\ @@ -39,5 +41,9 @@ do_install() { install -d -m 0755 ${D}${sysconfdir}/systemd/network install -m 0644 ${WORKDIR}/wlan.network ${D}${sysconfdir}/systemd/network/ + # Install systemd override for networkd-wait-online + install -d ${D}${systemd_unitdir}/system/systemd-networkd-wait-online.service.d/ + install -m 0644 ${WORKDIR}/systemd-networkd-wait-online.service.d-override.conf ${D}${systemd_unitdir}/system/systemd-networkd-wait-online.service.d/override.conf + install -d ${D}${sysconfdir}/wpa_supplicant } diff --git a/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-config-init/systemd-networkd-wait-online.service.d-override.conf b/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-config-init/systemd-networkd-wait-online.service.d-override.conf new file mode 100644 index 00000000..1ef5a03a --- /dev/null +++ b/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-config-init/systemd-networkd-wait-online.service.d-override.conf @@ -0,0 +1,3 @@ +[Service] +ExecStart= +ExecStart=/lib/systemd/systemd-networkd-wait-online --any diff --git a/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite/ggl.aws.greengrass.TokenExchangeService.service.d-fleet-provisioning.conf b/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite/ggl.aws.greengrass.TokenExchangeService.service.d-fleet-provisioning.conf new file mode 100644 index 00000000..a0da3c5b --- /dev/null +++ b/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite/ggl.aws.greengrass.TokenExchangeService.service.d-fleet-provisioning.conf @@ -0,0 +1,2 @@ +[Unit] +After=ggl.gg_fleetprovisioning.service diff --git a/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite/ggl.core.tesd.service.d-fleet-provisioning.conf b/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite/ggl.core.tesd.service.d-fleet-provisioning.conf new file mode 100644 index 00000000..a0da3c5b --- /dev/null +++ b/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite/ggl.core.tesd.service.d-fleet-provisioning.conf @@ -0,0 +1,2 @@ +[Unit] +After=ggl.gg_fleetprovisioning.service diff --git a/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite/ggl.gg_fleetprovisioning.service b/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite/ggl.gg_fleetprovisioning.service index 2a49e87c..fa68ac3e 100644 --- a/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite/ggl.gg_fleetprovisioning.service +++ b/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite/ggl.gg_fleetprovisioning.service @@ -5,7 +5,6 @@ Before=ggl.core.iotcored.service After=systemd-time-wait-sync.service # Only run if device is not already provisioned ConditionPathExists=!/var/lib/greengrass/provisioned-cert/certificate.pem.crt -StartLimitBurst=3 [Service] Type=oneshot @@ -15,7 +14,8 @@ ExecStartPre=/bin/sh -c '\ ExecStart=/usr/bin/fleet-provisioning Restart=on-failure RestartSec=10s -TimeoutSec=300 +# try forever +TimeoutSec=0 # Consider exit codes 0, 1 as successful completion SuccessExitStatus=0 1 User=root diff --git a/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite/ggl.gg_pre-fleetprovisioning.service b/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite/ggl.gg_pre-fleetprovisioning.service index 17eaa7c6..3a97eb4a 100644 --- a/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite/ggl.gg_pre-fleetprovisioning.service +++ b/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite/ggl.gg_pre-fleetprovisioning.service @@ -10,7 +10,7 @@ ConditionPathExists=!/var/lib/greengrass/provisioned-cert [Service] Type=oneshot ExecStart=/bin/sh -c '\ - default_iface=$(ip route | grep default | awk "{print \$5}" | head -n1); \ + default_iface=$(ip route | grep default | cut -d" " -f5 | head -n1); \ mac_address=$(cat /sys/class/net/"$default_iface"/address | tr ":" "_"); \ sed -i "s//$mac_address/g" "/etc/greengrass/config.d/fleetprovisioning.yaml";' Restart=on-failure diff --git a/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite_git.bb b/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite_git.bb index 07d43ff4..f51afc5d 100644 --- a/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite_git.bb +++ b/meta-aws-demos/recipes-iot/aws-iot-greengrass/greengrass-lite_git.bb @@ -44,6 +44,8 @@ SRC_URI = "\ ${@bb.utils.contains('PACKAGECONFIG','localdeployment','file://ggl-deploy-image-components','',d)} \ ${@bb.utils.contains('PACKAGECONFIG','fleetprovisioning','file://ggl.gg_pre-fleetprovisioning.service','',d)} \ ${@bb.utils.contains('PACKAGECONFIG','fleetprovisioning','file://ggl.gg_fleetprovisioning.service','',d)} \ + ${@bb.utils.contains('PACKAGECONFIG','fleetprovisioning','file://ggl.core.tesd.service.d-fleet-provisioning.conf','',d)} \ + ${@bb.utils.contains('PACKAGECONFIG','fleetprovisioning','file://ggl.aws.greengrass.TokenExchangeService.service.d-fleet-provisioning.conf','',d)} \ " SRCREV_ggl = "c116286afaee26736dbcf3ed0a7a897c3bb2f921" @@ -89,6 +91,8 @@ FILES:${PN}:append = " \ ${@bb.utils.contains('PACKAGECONFIG','localdeployment','${bindir}/ggl-deploy-image-components','',d)} \ ${@bb.utils.contains('PACKAGECONFIG','fleetprovisioning','${systemd_unitdir}/system/ggl.gg_fleetprovisioning.service','',d)} \ ${@bb.utils.contains('PACKAGECONFIG','fleetprovisioning','${systemd_unitdir}/system/ggl.gg_pre-fleetprovisioning.service','',d)} \ + ${@bb.utils.contains('PACKAGECONFIG','fleetprovisioning','${systemd_unitdir}/system/ggl.core.tesd.service.d/fleet-provisioning.conf','',d)} \ + ${@bb.utils.contains('PACKAGECONFIG','fleetprovisioning','${systemd_unitdir}/system/ggl.aws.greengrass.TokenExchangeService.service.d/fleet-provisioning.conf','',d)} \ /usr/components/* \ /usr/share/greengrass-image-components/* \ ${sysconfdir}/sudoers.d/${BPN} \ @@ -123,6 +127,10 @@ EXTRA_OECMAKE:append = " -DGGL_LOG_LEVEL=INFO" # No warnings should be in commited code, not enabled yet # CFLAGS:append = " -Werror" +# Disable -D_FORTIFY_SOURCE=2 as we set it to -D_FORTIFY_SOURCE=3 +TARGET_CFLAGS:remove = "-D_FORTIFY_SOURCE=2" +OECMAKE_C_FLAGS:remove = "-D_FORTIFY_SOURCE=2" + SYSTEMD_SERVICE:${PN} = "\ ggl.aws_iot_mqtt.socket \ ggl.aws_iot_tes.socket \ @@ -191,6 +199,14 @@ do_install:append() { install -m 0644 ${WORKDIR}/ggl.gg_pre-fleetprovisioning.service ${D}${systemd_unitdir}/system/ install -m 0644 ${WORKDIR}/ggl.gg_fleetprovisioning.service ${D}${systemd_unitdir}/system/ + # Install systemd override for tesd service + install -d ${D}${systemd_unitdir}/system/ggl.core.tesd.service.d/ + install -m 0644 ${WORKDIR}/ggl.core.tesd.service.d-fleet-provisioning.conf ${D}${systemd_unitdir}/system/ggl.core.tesd.service.d/fleet-provisioning.conf + + # Install systemd override for TokenExchangeService + install -d ${D}${systemd_unitdir}/system/ggl.aws.greengrass.TokenExchangeService.service.d/ + install -m 0644 ${WORKDIR}/ggl.aws.greengrass.TokenExchangeService.service.d-fleet-provisioning.conf ${D}${systemd_unitdir}/system/ggl.aws.greengrass.TokenExchangeService.service.d/fleet-provisioning.conf + # Replace variables in the config file using a temporary file to ensure proper expansion cat > ${D}/${sysconfdir}/greengrass/config.d/fleetprovisioning.yaml << EOF ---