certificates: add support for tar file based certificate storage

Fixes: WIFI-14694
Signed-off-by: John Crispin <john@phrozen.org>

feeds/tip/certificates/files/usr/bin/mount_certs

@@ -6,20 +6,17 @@ check_certificates() {
 
 check_certificates
 
+bootconfig_lookup() {
+	case "$(fw_printenv -n cert_part)" in
+	0)	echo "0:BOOTCONFIG"
+		;;
+	1)	echo "0:BOOTCONFIG1"
+		;;
+	esac
+}
+
 . /lib/functions.sh
 mkdir -p /certificates /etc/ucentral/
-mtd=$(find_mtd_index certificates)
-
-if [ "$(head -c 4 /dev/mtd$mtd)" == "hsqs" ]; then
-	mount -t squashfs /dev/mtdblock$mtd /certificates
-else
-	[ -n "$mtd" -a -f /sys/class/mtd/mtd$mtd/oobsize ] && ubiattach -p /dev/mtd$mtd
-	if [ -n "$(ubinfo -a | grep certificates)" ]; then
-		[ -e /dev/ubi0 ] && mount -t ubifs ubi0:certificates /certificates
-		[ -e /dev/ubi1 ] && mount -t ubifs ubi1:certificates /certificates
-	fi
-fi
-
 case "$(board_name)" in
 cig,wf660a)
 	mmc_dev=$(echo $(find_mmc_part "0:ETHPHYFW") | sed 's/^.\{5\}//')
@@ -31,8 +28,28 @@ cig,wf672)
 	;;
 sonicfi,rap7110c-341x)
 	mmc_dev=$(echo $(find_mmc_part "certificates") | sed 's/^.\{5\}//')
-	[ -n "$mmc_dev" ] && mount -t squashfs /dev/$mmc_dev /certificates
+	[ -n "$mmc_dev" ] && mount -t squashfs /dev/$mmc_dev /mnt
+	bootconfig=$(bootconfig_lookup)
+	if [ -n "$bootconfig" ]; then
+		mmc_dev=$(echo $(find_mmc_part "$bootconfig") | sed 's/^.\{5\}//')
+		[ -n "$mmc_dev" ] && tar xf /dev/$mmc_dev -C /certificates
+	else
+		cp /mnt/* /certificates/
+		umount /mnt
+	fi
 	;;
+*)
+	mtd=$(find_mtd_index certificates)
+
+	if [ "$(head -c 4 /dev/mtd$mtd)" == "hsqs" ]; then
+		mount -t squashfs /dev/mtdblock$mtd /certificates
+	else
+		[ -n "$mtd" -a -f /sys/class/mtd/mtd$mtd/oobsize ] && ubiattach -p /dev/mtd$mtd
+		if [ -n "$(ubinfo -a | grep certificates)" ]; then
+			[ -e /dev/ubi0 ] && mount -t ubifs ubi0:certificates /certificates
+			[ -e /dev/ubi1 ] && mount -t ubifs ubi1:certificates /certificates
+		fi
+	fi
 esac
 
 check_certificates

feeds/tip/certificates/files/usr/bin/store_certs

@@ -0,0 +1,25 @@
+#!/bin/sh
+
+bootconfig_lookup() {
+	bootconfig="$(fw_printenv -n cert_part)"
+	case "$(fw_printenv -n cert_part)" in
+	0)	echo "0:BOOTCONFIG1"
+		bootconfig=1
+		;;
+	*)	echo "0:BOOTCONFIG"
+		bootconfig=0
+		;;
+	esac
+	fw_setenv cert_part $bootconfig
+}
+
+. /lib/functions.sh
+case "$(board_name)" in
+sonicfi,rap7110c-341x)
+	cd /certificates
+	tar cf /tmp/certs.tar
+	bootconfig=$(bootconfig_lookup)
+	mmc_dev=$(echo $(find_mmc_part $bootconfig) | sed 's/^.\{5\}//')
+	dd if=/tmp/certs.tar of=/dev/$bootconfig
+	;;
+esac

feeds/tip/cloud_discovery/files/usr/bin/est_client

@@ -42,6 +42,7 @@ function generate_csr(cert) {
 function store_operational_cert(path, target) {
 	system('mount_certs');
 	system(`cp ${path} /certificates/${target}`);
+	system('store_certs');
 
 	ulog(LOG_INFO, `Persistently stored ${target}\n`);
 }