diff --git a/CHANGELOG.md b/CHANGELOG.md index 7b282b4..ec94b62 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,11 +2,12 @@ All notable changes to this project will be documented in this file. -## [1.2.0] - 2023-06-06 +## [1.2.0] - 2023-06-14 - Issue 29: Completed sample-mfg/start-mfg.sh bash script. - Converted swagger documentation to OpenAPI 3 - README updates -- Added `FIDO_DEVICE_ONBOARD_REL_VER` environment variable FDO Owner Service container and script. +- Added `fido_device_onboard_rel_ver` argument variable FDO Owner Service container and script. +- Makefile will now download needed FDO release resources from GitHub. ## [1.1.0] - 2023-05-24 - Issue 25: Updated FDO to support Intel's `1.1.5` release. diff --git a/Makefile b/Makefile index 8aa7ea4..7b396dd 100644 --- a/Makefile +++ b/Makefile @@ -1,8 +1,8 @@ SHELL ?= /bin/bash -e # Set this before building the ocs-api binary and FDO-owner-services (for now they use the samme version number) export VERSION ?= 1.2.0 +export FIDO_DEVICE_ONBOARD_REL_VER ?= 1.1.5 # used by sample-mfg/Makefile. Needs to match what is in fdo/supply-chain-tools-v/docker_manufacturer/docker-compose.yml -FDO_VERSION ?= 1.1.5 STABLE_VERSION ?= 1.2.0 #todo: add BUILD_NUMBER like in anax/Makefile @@ -24,10 +24,25 @@ GO_BUILD_LDFLAGS ?= -ldflags="-X 'main.OCS_API_VERSION=$(VERSION)'" default: $(FDO_DOCKER_IMAGE) +fdo: + mkdir fdo + +fdo/NOTICES-v$(FIDO_DEVICE_ONBOARD_REL_VER).tar.gz: fdo + wget -P fdo https://github.com/fido-device-onboard/release-fidoiot/releases/download/v$(FIDO_DEVICE_ONBOARD_REL_VER)/NOTICES-v$(FIDO_DEVICE_ONBOARD_REL_VER).tar.gz + +fdo/NOTICES-v$(FIDO_DEVICE_ONBOARD_REL_VER): fdo/NOTICES-v$(FIDO_DEVICE_ONBOARD_REL_VER).tar.gz + tar -zxf fdo/NOTICES-v$(FIDO_DEVICE_ONBOARD_REL_VER).tar.gz -C fdo + +fdo/pri-fidoiot-v$(FIDO_DEVICE_ONBOARD_REL_VER).tar.gz: fdo + wget -P fdo https://github.com/fido-device-onboard/release-fidoiot/releases/download/v$(FIDO_DEVICE_ONBOARD_REL_VER)/pri-fidoiot-v$(FIDO_DEVICE_ONBOARD_REL_VER).tar.gz + +fdo/pri-fidoiot-v$(FIDO_DEVICE_ONBOARD_REL_VER): fdo/pri-fidoiot-v$(FIDO_DEVICE_ONBOARD_REL_VER).tar.gz + tar -zxf fdo/pri-fidoiot-v$(FIDO_DEVICE_ONBOARD_REL_VER).tar.gz -C fdo + # Build the ocs rest api for linux for the FDO-owner-services container ocs-api/linux/ocs-api: ocs-api/*.go ocs-api/*/*.go Makefile mkdir -p ocs-api/linux - (cd ocs-api && GOOS=linux go build $(GO_BUILD_LDFLAGS) -o linux/ocs-api) + (cd ocs-api && GOOS=linux go build $(GO_BUILD_LDFLAGS) -o linux/ocs-api -buildvcs=false) # For building and running the ocs rest api on mac for debugging ocs-api/ocs-api: ocs-api/*.go ocs-api/*/*.go Makefile @@ -38,9 +53,9 @@ run-ocs-api: ocs-api/ocs-api tools/start-ocs-api.sh # Build the FDO services docker image - see the build environment requirements listed in docker/Dockerfile -$(FDO_DOCKER_IMAGE): ocs-api/linux/ocs-api +$(FDO_DOCKER_IMAGE): ocs-api/linux/ocs-api fdo/NOTICES-v$(FIDO_DEVICE_ONBOARD_REL_VER) fdo/pri-fidoiot-v$(FIDO_DEVICE_ONBOARD_REL_VER) - docker rm -f $(FDO_DOCKER_IMAGE) 2> /dev/null || : - docker build -t $(DOCKER_REGISTRY)/$@:$(VERSION) $(FDO_IMAGE_LABELS) $(DOCKER_OPTS) -f docker/Dockerfile . + docker build --build-arg="fido_device_onboard_rel_ver=$(FIDO_DEVICE_ONBOARD_REL_VER)" -t $(DOCKER_REGISTRY)/$@:$(VERSION) $(FDO_IMAGE_LABELS) $(DOCKER_OPTS) -f docker/Dockerfile . # Run the FDO services docker container # If you want to run the image w/o rebuilding: make -W FDO-owner-services -W ocs-api/linux/ocs-api run-FDO-owner-services @@ -73,7 +88,7 @@ pull-$(FDO_DOCKER_IMAGE): clean: go clean - rm -f ocs-api/ocs-api ocs-api/linux/ocs-api + rm -fr fdo ocs-api/ocs-api ocs-api/linux/ocs-api - docker rm -f $(FDO_DOCKER_IMAGE) 2> /dev/null || : - docker rmi $(DOCKER_REGISTRY)/$(FDO_DOCKER_IMAGE):{$(VERSION),latest,$(STABLE_VERSION)} 2> /dev/null || : diff --git a/README.md b/README.md index 8afef2e..25536f8 100644 --- a/README.md +++ b/README.md @@ -2,14 +2,14 @@ ## Overview of the Open Horizon FDO Support -Edge devices built with [Intel FDO](https://software.intel.com/en-us/secure-device-onboard) (FIDO Device Onboard) can be added to an Open Horizon instance by simply importing their associated ownership vouchers and then powering on the devices. +Edge devices built with [FDO](https://github.com/fido-device-onboard) (FIDO Device Onboard) can be added to an Open Horizon instance by simply importing their associated ownership vouchers and then powering on the devices. The software in this git repository provides integration between FDO and Open Horizon, making it easy to use FDO-enabled edge devices with Horizon. The Horizon FDO support consists of these components: 1. A docker image of of the FDO "Owner" service (those that run on the Horizon management hub). -1. An `hzn fdo voucher` sub-command to import one or more ownership vouchers into Owner service. (An ownership voucher is a file that the device manufacturer gives to the purchaser (owner) along with the physical device.) -1. A sample script called `start-mfg.sh` to start the development Manufacturing service so that the Ownership Voucher can be extended to the user to enable them to run through the FDO-enabling steps on a VM "device" that a device manufacturer would run on a physical device. This allows you to try out the FDO process with your Horizon instance before purchasing FDO-enabled devices. -1. A REST API that authneticates users through the Exchange and enables importing and querying ownership vouchers. +2. An `hzn fdo voucher` sub-command to import one or more ownership vouchers into Owner service. (An ownership voucher is a file that the device manufacturer gives to the purchaser (owner) along with the physical device.) +3. A sample script called `start-mfg.sh` to start the development Manufacturing service so that the Ownership Voucher can be extended to the user to enable them to run through the FDO-enabling steps on a VM "device" that a device manufacturer would run on a physical device. This allows you to try out the FDO process with your Horizon instance before purchasing FDO-enabled devices. +4. A REST API that authneticates users through the Exchange and enables importing and querying ownership vouchers. ## Using the FDO Support @@ -193,7 +193,6 @@ The ownership voucher created for the device in the previous step needs to be im All the following steps have been automated by the ocs-api to install the horizon agent on the target device. In this step you can also control what edge services should be run on the device, once it is booted and configured. To do this, you must: - 1. To0 will be automatically triggered, but if it has not been you can run the following call to initiate To0 of specific device guid from Owner Service. ```bash @@ -339,7 +338,6 @@ sudo -i -u postgres psql DROP DATABASE fdo; ``` - #### Troubleshooting - If the edge device does not give a `[INFO ] TO2 completed successfully. [INFO ] Starting Fdo Completed`, check /fdo/pri-fidoiot-v1.1.5/owner/app-data/service.log or use command `docker logs -f fdo-owner-service` for error messages. @@ -362,20 +360,20 @@ These steps only need to be performed by developers of this project What to modify in our FDO support code when Intel releases a new version of FDO: - Update `.gitignore` and `.dockerignore` -- `mv fdo fdo-` -- `mkdir fdo` + - `mv fdo fdo-` + - `mkdir fdo` - Update `getFDO.sh` to download/unpack new version - If new major or minor version, make copy of README. If a fix pack, just update the version numbers within the README. - Search for previous version number in rest of repo. Should find hits to change in: - - `docker/start-fdo-owner-service.sh` - - `docker/Dockerfile` - - `docs/README.md` - - `start-mfg.sh` + - `docker/start-fdo-owner-service.sh` + - `docker/Dockerfile` + - `docs/README.md` + - `start-mfg.sh` - If new major or minor version: - - update `.gitignore` - - create a new release in https://github.com/open-horizon/FDO-support/releases/ , and upload all device-related files/scripts. + - update `.gitignore` + - create a new release in https://github.com/open-horizon/FDO-support/releases/ , and upload all device-related files/scripts. - If a fix pack: - - Update the device binary tar file and `start-mfg.sh` in the current release in https://github.com/open-horizon/FDO-support/releases/ - - Update the title and description to indicate the new fix pack version + - Update the device binary tar file and `start-mfg.sh` in the current release in https://github.com/open-horizon/FDO-support/releases/ + - Update the title and description to indicate the new fix pack version - When testing, copy new versions of scripts to the test machines \ No newline at end of file diff --git a/docker/Dockerfile b/docker/Dockerfile index 8ac7587..eaaec44 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -30,7 +30,7 @@ ENV WORKDIR=/home/fdouser ENV FDO_OCS_DB_PATH=$WORKDIR/ocs/config/db # These env vars are only used at runtime (by start-fdo-owner-services.sh), so can be overridden by docker run # https://github.com/fido-device-onboard/release-fidoiot/releases -ENV FDO_OPS_PORT=8042 FDO_OCS_SVC_PORT=9008 FIDO_DEVICE_ONBOARD_REL_VER=1.1.5 VERBOSE=true +ENV FDO_OPS_PORT=8042 FDO_OCS_SVC_PORT=9008 VERBOSE=true ENV FDO_OPS_EXTERNAL_PORT=$FDO_OPS_PORT ENV FDO_OCS_SVC_TLS_PORT=$FDO_OCS_SVC_PORT @@ -77,21 +77,24 @@ RUN useradd -r -u 1000 -g root fdouser \ USER fdouser WORKDIR $WORKDIR +ARG fido_device_onboard_rel_ver +ENV FIDO_DEVICE_ONBOARD_REL_VER=${fido_device_onboard_rel_ver:-1.1.5} + # Get the license file COPY LICENSE.txt /licenses/ -COPY fdo/NOTICES-v$FIDO_DEVICE_ONBOARD_REL_VER/pri-fidoiot/* /licenses/FDOIotPlatformSDK/ +COPY fdo/NOTICES-v${FIDO_DEVICE_ONBOARD_REL_VER}/pri-fidoiot/* /licenses/FDOIotPlatformSDK/ # Get owner db files. The owner subdir will be created automatically by COPY # Note: need to use uid and gid to be able to build on non-linux hosts -COPY --chown=1000:0 fdo/pri-fidoiot-v$FIDO_DEVICE_ONBOARD_REL_VER/db $WORKDIR/pri-fidoiot-v$FIDO_DEVICE_ONBOARD_REL_VER/db/ +COPY --chown=1000:0 fdo/pri-fidoiot-v${FIDO_DEVICE_ONBOARD_REL_VER}/db $WORKDIR/pri-fidoiot-v${FIDO_DEVICE_ONBOARD_REL_VER}/db/ # Get owner service files. The owner subdir will be created automatically by COPY # Note: need to use uid and gid to be able to build on non-linux hosts -COPY --chown=1000:0 fdo/pri-fidoiot-v$FIDO_DEVICE_ONBOARD_REL_VER/owner $WORKDIR/pri-fidoiot-v$FIDO_DEVICE_ONBOARD_REL_VER/owner/ +COPY --chown=1000:0 fdo/pri-fidoiot-v${FIDO_DEVICE_ONBOARD_REL_VER}/owner $WORKDIR/pri-fidoiot-v${FIDO_DEVICE_ONBOARD_REL_VER}/owner/ # Get script files. The owner subdir will be created automatically by COPY # Note: need to use uid and gid to be able to build on non-linux hosts -COPY --chown=1000:0 fdo/pri-fidoiot-v$FIDO_DEVICE_ONBOARD_REL_VER/scripts $WORKDIR/pri-fidoiot-v$FIDO_DEVICE_ONBOARD_REL_VER/scripts/ +COPY --chown=1000:0 fdo/pri-fidoiot-v${FIDO_DEVICE_ONBOARD_REL_VER}/scripts $WORKDIR/pri-fidoiot-v${FIDO_DEVICE_ONBOARD_REL_VER}/scripts/ # Get OCS files @@ -117,4 +120,4 @@ COPY --chown=1000:0 ocs-api/scripts/*.sh $WORKDIR/scripts/ # Pass db path and ocs-api port in as env vars, so they can be set via docker run if desired CMD $WORKDIR/start-fdo-owner-service.sh -#CMD ["bash"] \ No newline at end of file +#CMD ["bash"] diff --git a/docker/run-fdo-owner-service.sh b/docker/run-fdo-owner-service.sh index 43f9b57..1f619c4 100755 --- a/docker/run-fdo-owner-service.sh +++ b/docker/run-fdo-owner-service.sh @@ -6,7 +6,7 @@ if [[ "$1" == "-h" || "$1" == "--help" ]]; then cat << EndOfMessage Usage: ${0##*/} [] Arguments: - The image tag to use. Defaults to '1.1.0' + The image tag to use. Defaults to '1.2.0' Required environment variables: HZN_MGMT_HUB_CERT: the base64 encoded content of the management hub cluster ingress self-signed certificate (can be set to 'N/A' if the mgmt hub does not require a cert). If set, this certificate is given to the edge nodes in the HZN_MGMT_HUB_CERT_PATH variable.