base-files: only apply the bbappend if ima distro flag set

When the meta-integrity layer is included but feature ima is not set, we would get the following error when the system startup: qemux86-64 systemd-remount-fs[81]: mount: /sys/kernel/security: mount point does not exist. qemux86-64 systemd-remount-fs[81]: /bin/mount for /sys/kernel/security exited with exit status 32. Rename base-files_%.bbappend to base-files-integrity.inc and add a new bbappend. Make sure this piece of code should be applied only if the ima feature is set. Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
author: Yi Zhao <yi.zhao@windriver.com> 2017-10-13 08:56:06 +0800
committer: Jia Zhang <zhang.jia@linux.alibaba.com> 2018-12-08 09:42:55 +0800
commit: 1b35fd45a58ef015b52a3df4b39048f2ac1ffbe3 (patch)
tree: 32fc2c75087617120b0a2c2e54e64039d9da7855
parent: 41af20a81d06c1c582eb046cf4b85ded27be6dfb (diff)
download: meta-secure-core-1b35fd45a58ef015b52a3df4b39048f2ac1ffbe3.tar.gz
2 files changed, 6 insertions, 5 deletions
diff --git a/meta-integrity/recipes-core/base-files/base-files-integrity.inc b/meta-integrity/recipes-core/base-files/base-files-integrity.inc
new file mode 100644
index 0000000..7e9e210
--- /dev/null
+++ b/meta-integrity/recipes-core/base-files/base-files-integrity.inc
@@ -0,0 +1,5 @@
+# Append iversion option for auto types
+do_install_append() {
+    sed -i 's/\s*auto\s*defaults/&,iversion/' "${D}${sysconfdir}/fstab"
+    echo 'securityfs  /sys/kernel/security  securityfs  defaults  0  0' >> "${D}${sysconfdir}/fstab"
+}
diff --git a/meta-integrity/recipes-core/base-files/base-files_%.bbappend b/meta-integrity/recipes-core/base-files/base-files_%.bbappend
index 7e9e210..49417fe 100644
--- a/meta-integrity/recipes-core/base-files/base-files_%.bbappend
+++ b/meta-integrity/recipes-core/base-files/base-files_%.bbappend
@@ -1,5 +1 @@
-# Append iversion option for auto types
+require ${@bb.utils.contains('DISTRO_FEATURES', 'ima', 'base-files-integrity.inc', '', d)}
-do_install_append() {
-    sed -i 's/\s*auto\s*defaults/&,iversion/' "${D}${sysconfdir}/fstab"
-    echo 'securityfs  /sys/kernel/security  securityfs  defaults  0  0' >> "${D}${sysconfdir}/fstab"
-}
author	Yi Zhao <yi.zhao@windriver.com>	2017-10-13 08:56:06 +0800
committer	Jia Zhang <zhang.jia@linux.alibaba.com>	2018-12-08 09:42:55 +0800
commit	1b35fd45a58ef015b52a3df4b39048f2ac1ffbe3 (patch)
tree	32fc2c75087617120b0a2c2e54e64039d9da7855
parent	41af20a81d06c1c582eb046cf4b85ded27be6dfb (diff)
download	meta-secure-core-1b35fd45a58ef015b52a3df4b39048f2ac1ffbe3.tar.gz

diff --git a/meta-integrity/recipes-core/base-files/base-files-integrity.inc b/meta-integrity/recipes-core/base-files/base-files-integrity.inc new file mode 100644 index 0000000..7e9e210 --- /dev/null +++ b/meta-integrity/recipes-core/base-files/base-files-integrity.inc
@@ -0,0 +1,5 @@
		1	# Append iversion option for auto types
		2	do_install_append() {
		3	sed -i 's/\sauto\sdefaults/&,iversion/' "${D}${sysconfdir}/fstab"
		4	echo 'securityfs /sys/kernel/security securityfs defaults 0 0' >> "${D}${sysconfdir}/fstab"
		5	}


diff --git a/meta-integrity/recipes-core/base-files/base-files_%.bbappend b/meta-integrity/recipes-core/base-files/base-files_%.bbappend index 7e9e210..49417fe 100644 --- a/meta-integrity/recipes-core/base-files/base-files_%.bbappend +++ b/meta-integrity/recipes-core/base-files/base-files_%.bbappend
@@ -1,5 +1 @@
1	# Append iversion option for auto types		require ${@bb.utils.contains('DISTRO_FEATURES', 'ima', 'base-files-integrity.inc', '', d)}
2	do_install_append() {
3	sed -i 's/\sauto\sdefaults/&,iversion/' "${D}${sysconfdir}/fstab"
4	echo 'securityfs /sys/kernel/security securityfs defaults 0 0' >> "${D}${sysconfdir}/fstab"
5	}