grub-efi: fix uid contamination by host QA warning

Fix the following QA issue: WARNING: grub-efi-2.04-r0 do_package_qa: QA Issue: grub-efi: /boot/efi/EFI/BOOT/grub.cfg.p7b is owned by uid 19183 chown to root for p7b file to fix uid contamination by host. Signed-off-by: Liwei Song <liwei.song@windriver.com>
author: Liwei Song <liwei.song@windriver.com> 2019-08-21 04:27:13 -0400
committer: Liwei Song <liwei.song@windriver.com> 2019-08-26 22:47:38 -0400
commit: c624ea284308aaf64754b5cfb0f312d9e447fb3e (patch)
tree: 84350ffcc4d069776f4597c1cac408b851a7933b
parent: 51b5089a605b09d72a68060c5a42fcc5a818a630 (diff)
download: meta-secure-core-c624ea284308aaf64754b5cfb0f312d9e447fb3e.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/meta-efi-secure-boot/recipes-bsp/grub/grub-efi-efi-secure-boot.inc b/meta-efi-secure-boot/recipes-bsp/grub/grub-efi-efi-secure-boot.inc
index da3fda9..32da43a 100644
--- a/meta-efi-secure-boot/recipes-bsp/grub/grub-efi-efi-secure-boot.inc
+++ b/meta-efi-secure-boot/recipes-bsp/grub/grub-efi-efi-secure-boot.inc
@@ -129,6 +129,16 @@ python do_sign() {
 addtask sign after do_install before do_deploy do_package
 do_sign[prefuncs] += "check_deploy_keys"
+fakeroot do_chownp7b() {
+    chown root:root -R "${D}${EFI_BOOT_PATH}/grub.cfg.p7b"
+    chown root:root -R "${D}${EFI_BOOT_PATH}/boot-menu.inc.p7b"
+    [ x"${UEFI_SB}" = x"1" ] && {
+        chown root:root -R "${D}${EFI_BOOT_PATH}/efi-secure-boot.inc.p7b"
+        chown root:root -R "${D}${EFI_BOOT_PATH}/password.inc.p7b"
+    }
+}
+addtask chownp7b after do_deploy before do_package
 # Override the do_deploy() in oe-core.
 do_deploy_class-target() {
    install -m 0644 "${D}${EFI_BOOT_PATH}/${GRUB_IMAGE}" "${DEPLOYDIR}"
author	Liwei Song <liwei.song@windriver.com>	2019-08-21 04:27:13 -0400
committer	Liwei Song <liwei.song@windriver.com>	2019-08-26 22:47:38 -0400
commit	c624ea284308aaf64754b5cfb0f312d9e447fb3e (patch)
tree	84350ffcc4d069776f4597c1cac408b851a7933b
parent	51b5089a605b09d72a68060c5a42fcc5a818a630 (diff)
download	meta-secure-core-c624ea284308aaf64754b5cfb0f312d9e447fb3e.tar.gz

diff --git a/meta-efi-secure-boot/recipes-bsp/grub/grub-efi-efi-secure-boot.inc b/meta-efi-secure-boot/recipes-bsp/grub/grub-efi-efi-secure-boot.inc index da3fda9..32da43a 100644 --- a/meta-efi-secure-boot/recipes-bsp/grub/grub-efi-efi-secure-boot.inc +++ b/meta-efi-secure-boot/recipes-bsp/grub/grub-efi-efi-secure-boot.inc
@@ -129,6 +129,16 @@ python do_sign() {
129	addtask sign after do_install before do_deploy do_package	129	addtask sign after do_install before do_deploy do_package
130	do_sign[prefuncs] += "check_deploy_keys"	130	do_sign[prefuncs] += "check_deploy_keys"
131		131
		132	fakeroot do_chownp7b() {
		133	chown root:root -R "${D}${EFI_BOOT_PATH}/grub.cfg.p7b"
		134	chown root:root -R "${D}${EFI_BOOT_PATH}/boot-menu.inc.p7b"
		135	[ x"${UEFI_SB}" = x"1" ] && {
		136	chown root:root -R "${D}${EFI_BOOT_PATH}/efi-secure-boot.inc.p7b"
		137	chown root:root -R "${D}${EFI_BOOT_PATH}/password.inc.p7b"
		138	}
		139	}
		140	addtask chownp7b after do_deploy before do_package
		141
132	# Override the do_deploy() in oe-core.	142	# Override the do_deploy() in oe-core.
133	do_deploy_class-target() {	143	do_deploy_class-target() {
134	install -m 0644 "${D}${EFI_BOOT_PATH}/${GRUB_IMAGE}" "${DEPLOYDIR}"	144	install -m 0644 "${D}${EFI_BOOT_PATH}/${GRUB_IMAGE}" "${DEPLOYDIR}"