From 3248d5a3c140043207eeda6af7c916aa31d78618 Mon Sep 17 00:00:00 2001
From: Jose Manuel Diez <j.diezlopez@tu-berlin.de>
Date: Wed, 7 Aug 2024 09:32:36 +0000
Subject: [PATCH 1/3] aktualizr: bump SRCREV

f88fb5fae (HEAD -> master, origin/master, origin/HEAD) Merge pull request #112 from uptane/fix/garage-cli
cf48737d1 Fetch garage-sign from a new location
3662ed09e Merge pull request #108 from cajun-rat/correlation-id
45047239d Add default to load installed version with correlation id
146d347d8 Move CorrelationID up a level out of Target
dad1cbe27 Merge pull request #109 from cajun-rat/various-tidy
cdc604ba1 Merge pull request #110 from uptane/header-fix
13e9eb4f0 Merge pull request #111 from uptane/docs/contributing
febb95cce Docs: Update CONTRIBUTING to reflect new policies
c0bf7314f Add missing include
cc33025e1 Various tidy-ups
513aadfaf Merge pull request #107 from cajun-rat/more-flow-control
91ead679b Introduce finer-grained cancellation of operations

Signed-off-by: Jose Manuel Diez <j.diezlopez@tu-berlin.de>
(cherry picked from commit 2a835378480467219145e1f0035695ad4be63cff)
Signed-off-by: Eduardo Ferreira <eduardo.barbosa@toradex.com>
---
 recipes-sota/aktualizr/aktualizr_git.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb
index 224b5c8..228fded 100644
--- a/recipes-sota/aktualizr/aktualizr_git.bb
+++ b/recipes-sota/aktualizr/aktualizr_git.bb
@@ -33,7 +33,7 @@ SRC_URI = " \
 SRC_URI[garagesign.md5sum] = "584cd16aa7824e34b593dae63796466b"
 SRC_URI[garagesign.sha256sum] = "c7d5fdceef3e815363e3aa398c38643ca213f9b7f66d50f55c76a66cb74565d2"
 
-SRCREV = "c90723717a4a196cfb9d923dbcd48c5d6031d2c4"
+SRCREV = "f88fb5fae020b0aa10d9cefc836e47a38161469f"
 BRANCH ?= "master"
 
 S = "${WORKDIR}/git"

From 1d9e746ea47ed17f1554c462f086550e8a064b6b Mon Sep 17 00:00:00 2001
From: Jose Manuel Diez <j.diezlopez@tu-berlin.de>
Date: Wed, 7 Aug 2024 09:33:37 +0000
Subject: [PATCH 2/3] aktualizr: bump garage-sign version and fetch it from a
 new location

See uptane/aktualizr#112.

Signed-off-by: Jose Manuel Diez <j.diezlopez@tu-berlin.de>
(cherry picked from commit b1d76360e9ba18ee502be6f3880de26b4d68cf69)
Signed-off-by: Eduardo Ferreira <eduardo.barbosa@toradex.com>
---
 recipes-sota/aktualizr/aktualizr_git.bb | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb
index 228fded..8ba164a 100644
--- a/recipes-sota/aktualizr/aktualizr_git.bb
+++ b/recipes-sota/aktualizr/aktualizr_git.bb
@@ -17,7 +17,7 @@ PRIVATE_LIBS:${PN}-ptest = "libaktualizr.so libaktualizr_secondary.so"
 PV = "1.0+git${SRCPV}"
 PR = "7"
 
-GARAGE_SIGN_PV = "0.7.4-25-g7cfca74"
+GARAGE_SIGN_PV = "0.7.7"
 
 SRC_URI = " \
   gitsm://github.com/uptane/aktualizr;branch=${BRANCH};name=aktualizr;protocol=https \
@@ -27,11 +27,11 @@ SRC_URI = " \
   file://aktualizr-serialcan.service \
   file://aktualizr-tmpfiles.conf \
   file://run-ptest \
-  ${@ d.expand("https://tuf-cli-releases.ota.here.com/cli-${GARAGE_SIGN_PV}.tgz;unpack=0;name=garagesign") if not oe.types.boolean(d.getVar('GARAGE_SIGN_AUTOVERSION')) else ''} \
+  ${@ d.expand("https://garage-sign.s3.eu-west-1.amazonaws.com/cli-${GARAGE_SIGN_PV}.tgz;unpack=0;name=garagesign") if not oe.types.boolean(d.getVar('GARAGE_SIGN_AUTOVERSION')) else ''} \
   "
 
-SRC_URI[garagesign.md5sum] = "584cd16aa7824e34b593dae63796466b"
-SRC_URI[garagesign.sha256sum] = "c7d5fdceef3e815363e3aa398c38643ca213f9b7f66d50f55c76a66cb74565d2"
+SRC_URI[garagesign.md5sum] = "138fc97c7130258efa80865a83290ad1"
+SRC_URI[garagesign.sha256sum] = "16d9eef5a3144fbddf74ec206714ce2c526f4b68d8259da7fb5004f284848d59"
 
 SRCREV = "f88fb5fae020b0aa10d9cefc836e47a38161469f"
 BRANCH ?= "master"

From 86336eed822e7f3cfc3e55cf6e6485530e8fdb4c Mon Sep 17 00:00:00 2001
From: Eduardo Ferreira <eduardo.barbosa@toradex.com>
Date: Thu, 1 Aug 2024 11:05:37 -0300
Subject: [PATCH 3/3] image_types_ostree: refactor garagesign task

To enable usage of the Uptane's 'ota-tuf' repository for uptane-sign, we
need to change this task. Since in more recent releases there, the tool
name has changed from 'garage-sign' to 'uptane-sign'.

This way, we set the name of the tool used in a customizable variable,
defaulting to 'garage-sign', and if anyone wants to use the latest
version of this tool (given Aktualizr was also refactored), they just
need to set this new variable with the tool name.

Signed-off-by: Eduardo Ferreira <eduardo.barbosa@toradex.com>
(cherry picked from commit 397c3ab0ab41a4918aec1ba67474940bfb1cb923)
Signed-off-by: Eduardo Ferreira <eduardo.barbosa@toradex.com>
---
 classes/image_types_ostree.bbclass | 10 +++++-----
 classes/sota.bbclass               |  1 +
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass
index cfde6b8..15832a6 100644
--- a/classes/image_types_ostree.bbclass
+++ b/classes/image_types_ostree.bbclass
@@ -201,7 +201,7 @@ IMAGE_CMD:garagesign () {
         fi
 
         rm -rf ${GARAGE_SIGN_REPO}
-        garage-sign init --repo tufrepo \
+        ${GARAGE_SIGN_TOOL} init --repo tufrepo \
                          --home-dir ${GARAGE_SIGN_REPO} \
                          --credentials ${SOTA_PACKED_CREDENTIALS}
 
@@ -236,9 +236,9 @@ IMAGE_CMD:garagesign () {
         fi
 
         for push_retries in $( seq ${GARAGE_PUSH_RETRIES} ); do
-            garage-sign targets pull --repo tufrepo \
+            ${GARAGE_SIGN_TOOL} targets pull --repo tufrepo \
                                      --home-dir ${GARAGE_SIGN_REPO}
-            garage-sign targets add --repo tufrepo \
+            ${GARAGE_SIGN_TOOL} targets add --repo tufrepo \
                                     --home-dir ${GARAGE_SIGN_REPO} \
                                     --name ${GARAGE_TARGET_NAME} \
                                     --format OSTREE \
@@ -253,12 +253,12 @@ IMAGE_CMD:garagesign () {
                     ${GARAGE_SIGN_REPO}/tufrepo/roles/unsigned/targets.json \
                     ${GARAGE_TARGET_NAME}-${target_version}
             fi
-            garage-sign targets sign --repo tufrepo \
+            ${GARAGE_SIGN_TOOL} targets sign --repo tufrepo \
                                      --home-dir ${GARAGE_SIGN_REPO} \
                                      ${target_expiry} \
                                      --key-name=targets
             errcode=0
-            garage-sign targets push --repo tufrepo \
+            ${GARAGE_SIGN_TOOL} targets push --repo tufrepo \
                                      --home-dir ${GARAGE_SIGN_REPO} || errcode=$?
             if [ "$errcode" -eq "0" ]; then
                 push_success=1
diff --git a/classes/sota.bbclass b/classes/sota.bbclass
index f7c8746..99278be 100644
--- a/classes/sota.bbclass
+++ b/classes/sota.bbclass
@@ -35,6 +35,7 @@ OSTREE_OTA_REPO_CONFIG ?= ""
 
 INITRAMFS_IMAGE ?= "initramfs-ostree-image"
 
+GARAGE_SIGN_TOOL ?= "garage-sign"
 GARAGE_SIGN_REPO ?= "${DEPLOY_DIR_IMAGE}/garage_sign_repo"
 GARAGE_SIGN_KEYNAME ?= "garage-key"
 GARAGE_TARGET_NAME ?= "${OSTREE_BRANCHNAME}"