weston: RDP: generate TLS keys during first boot

Signed-off-by: Michał Iwanicki <[email protected]>

meta-zarhus-distro/recipes-graphics/wayland/files/generate-rdp-tls-keys.service

@@ -0,0 +1,16 @@
+[Unit]
+Description=Generate TLS keys used for Weston RDP connection
+Before=weston.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/bin/mkdir -p /etc/freerdp/keys
+ExecStart=/usr/bin/openssl genrsa -out /etc/freerdp/keys/tls.key 2048
+ExecStart=/usr/bin/openssl req -new -key /etc/freerdp/keys/tls.key -out /etc/freerdp/keys/tls.csr -subj "/CN=rdp"
+ExecStart=/usr/bin/openssl x509 -req -days 365 -signkey /etc/freerdp/keys/tls.key -in /etc/freerdp/keys/tls.csr -out /etc/freerdp/keys/tls.crt
+ExecStart=/usr/bin/chmod 644 /etc/freerdp/keys/tls.key
+ExecStart=/usr/bin/systemctl disable generate-rdp-tls-keys.service
+
+[Install]
+WantedBy=weston.service

meta-zarhus-distro/recipes-graphics/wayland/weston-init.bbappend

@@ -1,15 +1,25 @@
-require tls-dir.inc
+FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
+
+SRC_URI += "file://generate-rdp-tls-keys.service"
 
 do_install:append() {
-    weston_ini="${D}${sysconfdir}/xdg/weston/weston.ini"
-    # remove top panel
-    sed -i 's/#\[shell\]/\[shell\]/' "${weston_ini}"
-    sed -i '/^\[shell\]/a panel-position=none' "${weston_ini}"
-}
+    if [ "${@bb.utils.contains('PACKAGECONFIG', 'rdp', 'yes', 'no', d)}" = "yes" ]; then
+        tls_dir="${sysconfdir}/freerdp/keys"
+        weston_ini="${D}${sysconfdir}/xdg/weston/weston.ini"
 
-do_install:append:dbg() {
-    # start screen share on startup
-    sed -i '/^\[screen-share\]/a start-on-startup=true' "${weston_ini}"
-    sed -ri "s|(--backend=rdp-backend.so)|\1 --rdp-tls-cert=${TLS_DIR}/tls.crt --rdp-tls-key=${TLS_DIR}/tls.key|" "${weston_ini}"
-    sed -ri "s|(^ExecStart=.*$)|\1,screen-share.so|" "${D}${systemd_system_unitdir}/weston.service"
+        # start screen share on startup
+        sed -i '/^\[screen-share\]/a start-on-startup=true' "${weston_ini}"
+        sed -ri "s|(--backend=rdp-backend.so)|\1 --rdp-tls-cert=${tls_dir}/tls.crt --rdp-tls-key=${tls_dir}/tls.key|" "${weston_ini}"
+        sed -ri "s|(^ExecStart=.*$)|\1,screen-share.so|" "${D}${systemd_system_unitdir}/weston.service"
+    fi
+    install -m 0644 "${WORKDIR}/generate-rdp-tls-keys.service" "${D}${systemd_system_unitdir}/"
 }
+
+SYSTEMD_PACKAGES += "${PACKAGES}"
+SYSTEMD_SERVICE:${PN}-rdp += "generate-rdp-tls-keys.service"
+
+PACKAGECONFIG:dbg += "rdp"
+PACKAGECONFIG[rdp] = ",,,, ${PN}-rdp"
+PACKAGES += "${PN}-rdp"
+
+FILES:${PN}-rdp += "${systemd_system_unitdir}/generate-rdp-tls-keys.service"

meta-zarhus-distro/recipes-graphics/wayland/weston_%.bbappend

@@ -1,14 +1 @@
-require tls-dir.inc
-
 PACKAGECONFIG:append:dbg = " rdp"
-
-do_install:append:dbg() {
-    openssl genrsa -out cakey.pem 2048
-    openssl req -new -x509 -nodes -days 365000 -key cakey.pem -out cacert.pem -subj "/CN=rdp"
-    openssl genrsa -out tls.key 2048
-    openssl req -new -key tls.key -out tls.csr -subj "/CN=rdp"
-    openssl x509 -req -days 365 -in tls.csr -out tls.crt -CA cacert.pem -CAkey cakey.pem
-    install -d "${D}${TLS_DIR}"
-    install -m 0644 tls.crt "${D}${TLS_DIR}/tls.crt"
-    install -m 0644 tls.key "${D}${TLS_DIR}/tls.key"
-}