6 changed files with 38 additions and 89 deletions
--- a/layers/meta-belden-coreos-bsp/conf/machine/include/coreos-generic-features/partitions.inc
+++ b/layers/meta-belden-coreos-bsp/conf/machine/include/coreos-generic-features/partitions.inc
@ -4,13 +4,11 @@ WKS_PART_EFIBOOTGUARD_A ??= 'part --source efibootguard-boot --label ebg0 --part
 WKS_PART_EFIBOOTGUARD_B ??= 'part --source efibootguard-boot --label ebg1 --part-type=0700 --sourceparams "args=coreos.root=rootfs1,watchdog=${EFIBOOTGUARD_TIMEOUT},revision=1,kernel=${COREOS_KERNEL_FILENAME};KERNEL.EFI"'
 WKS_PART_ROOT_A ??= 'part / --source rootfs --fstype=ext4 --label rootfs0'
 WKS_PART_ROOT_B ??= 'part --fstype=ext4 --label rootfs1'
-WKS_PART_FACTORY ??= 'part --label factory'
 WKS_PART_USERDATA ??= 'part /usr/local/data --fstype=btrfs --label userdata'

 PART_EFI_SIZE ??= '64M'
 PART_ROOT_SIZE ??= '1G'
 PART_EFIBG_SIZE ??= '128M'
-PART_FACTORY_SIZE ??= '5M'
 PART_USERDATA_SIZE ??= '1G'

 # Variables used in SFDISK file
@ -19,5 +17,4 @@ SFDISK_PART_EFIBOOTGUARD_A ??= 'type=EBD0A0A2-B9E5-4433-87C0-68B6B72699C7, name=
 SFDISK_PART_EFIBOOTGUARD_B ??= 'type=EBD0A0A2-B9E5-4433-87C0-68B6B72699C7, name="ebg1"'
 SFDISK_PART_ROOT_A ??= 'type=0FC63DAF-8483-4772-8E79-3D69D8477DE4, name="rootfs0"'
 SFDISK_PART_ROOT_B ??= 'type=0FC63DAF-8483-4772-8E79-3D69D8477DE4, name="rootfs1"'
-SFDISK_PART_FACTORY ??= 'type=0FC63DAF-8483-4772-8E79-3D69D8477DE4, name="factory"'
 SFDISK_PART_USERDATA ??= 'type=0FC63DAF-8483-4772-8E79-3D69D8477DE4, name="userdata"'
--- a/layers/meta-belden-coreos-bsp/recipes-coreos/coreos-installer/coreos-installer-config/eagle40-03_1.0.sfdisk
+++ b/layers/meta-belden-coreos-bsp/recipes-coreos/coreos-installer/coreos-installer-config/eagle40-03_1.0.sfdisk
@ -10,5 +10,4 @@ sector-size: 512
 /dev/mmcblk2p3 : size= ${PART_ROOT_SIZE}, ${SFDISK_PART_ROOT_B}
 /dev/mmcblk2p4 : size= ${PART_EFIBG_SIZE}, ${SFDISK_PART_EFIBOOTGUARD_A}
 /dev/mmcblk2p5 : size= ${PART_EFIBG_SIZE}, ${SFDISK_PART_EFIBOOTGUARD_B}
-/dev/mmcblk2p6 : size= ${PART_FACTORY_SIZE}, ${SFDISK_PART_FACTORY}
-/dev/mmcblk2p7 : size= ${PART_USERDATA_SIZE}, ${SFDISK_PART_USERDATA}
+/dev/mmcblk2p6 : size= ${PART_USERDATA_SIZE}, ${SFDISK_PART_USERDATA}
--- a/layers/meta-belden-coreos-bsp/wic/generic-uefi.wks.in
+++ b/layers/meta-belden-coreos-bsp/wic/generic-uefi.wks.in
@ -6,7 +6,6 @@ ${WKS_PART_ROOT_A} --size ${PART_ROOT_SIZE} --extra-space 0 --overhead-factor 1
 ${WKS_PART_ROOT_B} --size ${PART_ROOT_SIZE} --extra-space 0 --overhead-factor 1
 ${WKS_PART_EFIBOOTGUARD_A} --align 1024 --size ${PART_EFIBG_SIZE} --extra-space 0 --overhead-factor 1
 ${WKS_PART_EFIBOOTGUARD_B} --align 1024 --size ${PART_EFIBG_SIZE} --extra-space 0 --overhead-factor 1
-${WKS_PART_FACTORY} --align 1024 --size ${PART_FACTORY_SIZE} --extra-space 0 --overhead-factor 1
 ${WKS_PART_USERDATA} --size ${PART_USERDATA_SIZE} --extra-space 0 --overhead-factor 1

 bootloader --ptable gpt
--- a/layers/meta-belden-coreos/recipes-support/swupdate/swupdate/25-sw-collections-config.sh
+++ b/layers/meta-belden-coreos/recipes-support/swupdate/swupdate/25-sw-collections-config.sh
@ -2,10 +2,6 @@
 # ==============================================================================

 ROOT_PART=$(swupdate -g)
-if [ "${ROOT_PART}" == "" ]; then
-  # In case we are running on a installer image
-  SWUPDATE_ARGS="${SWUPDATE_ARGS} -e stable,copy0"
-else
 echo "Root partition is ${ROOT_PART}"

 # Get the partition label of the root partition
@ -30,15 +26,17 @@ else
 case $ROOT_PARTLABEL in
    rootfs0 )
        echo "We are running copy0 -> Use copy1 in the SWU file"
-          SWUPDATE_ARGS="${SWUPDATE_ARGS} -q stable,copy1"
+        SWUPDATE_ARGS="${SWUPDATE_ARGS} -e stable,copy1"
    ;;
    rootfs1 )
        echo "We are running copy1 -> Use copy0 in the SWU file"
-          SWUPDATE_ARGS="${SWUPDATE_ARGS} -q stable,copy0"
+        SWUPDATE_ARGS="${SWUPDATE_ARGS} -e stable,copy0"
    ;;
    * )
        >&2 echo "Root partition label ${ROOT_PARTLABEL} is invalid"
        exit 1
        ;;
 esac
-fi
+
+echo "Public key used to verify software image is /usr/lib/swupdate/swupdate.crt"
+SWUPDATE_ARGS="${SWUPDATE_ARGS} -k /usr/lib/swupdate/swupdate.crt"
--- a/layers/meta-belden-coreos/recipes-support/swupdate/swupdate/26-multicert-config.sh
+++ b/layers/meta-belden-coreos/recipes-support/swupdate/swupdate/26-multicert-config.sh
@ -1,39 +0,0 @@
-
-touch /tmp/combinedcert.pem
-chmod 600 /tmp/combinedcert.pem
-
-# If we are running on a released device with a factory partition, add the five certs from PKI
-if [ -f /etc/certificates.sha256sum ] && [ -d /mnt/factory/ ]; then
-  if ! mountpoint -q /mnt/factory; then
-    fct_part_was_mounted=0
-    mount -o ro,noload /dev/disk/by-partlabel/factory /mnt/factory
-  else
-    fct_part_was_mounted=1
-  fi
-
-  if mountpoint -q /mnt/factory; then
-    numcerts_found=$(find /mnt/factory/certificates/*.pem -type f | wc -l)
-    numcerts_expected=$(wc -l < /etc/certificates.sha256sum)
-    if [ "$numcerts_found" -eq "$numcerts_expected" ]; then
-
-      numfails=$(sha256sum -c /etc/certificates.sha256sum | grep -c 'FAILED')
-      if [ "$numfails" -eq 0 ]; then
-
-        # in sha256sum file there are two spaces between hash and filename. Hence, the filename is the third word.
-        cut -f 3 -d " " < /etc/certificates.sha256sum | xargs cat > /tmp/combinedcert.pem
-      fi
-    fi
-  fi
-
-  if [ $fct_part_was_mounted -eq 0 ]; then
-    umount /mnt/factory
-  fi
-fi
-
-# If there is a developer or CI certificate, append it
-if [ -f /usr/lib/swupdate/swupdate.crt ]; then
-  echo "The developer public key used to verify software image is /usr/lib/swupdate/swupdate.crt"
-  cat /usr/lib/swupdate/swupdate.crt >> /tmp/combinedcert.pem
-fi
-
-SWUPDATE_ARGS="${SWUPDATE_ARGS} -k /tmp/combinedcert.pem"
--- a/layers/meta-belden-coreos/recipes-support/swupdate/swupdate_%.bbappend
+++ b/layers/meta-belden-coreos/recipes-support/swupdate/swupdate_%.bbappend
@ -10,7 +10,6 @@ DEPENDS += "cos-certificates-and-keys-native"
 SRC_URI += "\
    file://50-webserver-config.sh \
    file://25-sw-collections-config.sh \
-    file://26-multicert-config.sh \
 "

 PACKAGES =+ "${PN}-coreos-config ${PN}-coreos-installer-config"
@ -25,10 +24,7 @@ FILES:${PN} += "${sysconfdir}/hwrevision"
 # If we install the webserver package, it should be started automatically
 FILES:${PN}-www += "${libdir}/swupdate/conf.d/50-webserver-config.sh"

-FILES:${PN}-coreos-config += "\
-    ${libdir}/swupdate/conf.d/25-sw-collections-config.sh \
-    ${libdir}/swupdate/conf.d/26-multicert-config.sh \
-"
+FILES:${PN}-coreos-config += "${libdir}/swupdate/conf.d/25-sw-collections-config.sh"

 RDEPENDS:${PN}:append = " efibootguard"

@ -49,7 +45,6 @@ do_install:append() {
    # Probably replace revision with the value of the device tree
    install -m 755 ${WORKDIR}/50-webserver-config.sh ${D}${libdir}/swupdate/conf.d/
    install -m 755 ${WORKDIR}/25-sw-collections-config.sh ${D}${libdir}/swupdate/conf.d/
-    install -m 755 ${WORKDIR}/26-multicert-config.sh ${D}${libdir}/swupdate/conf.d/
    install -m 755 ${COREOS_EFI_SECUREBOOT_KEYDIR}/swupdate.crt ${D}${libdir}/swupdate/
    echo "${MACHINE} 1.0" > ${D}${sysconfdir}/hwrevision
 }