summaryrefslogtreecommitdiffstats
path: root/meta-integrity/recipes-devtools
Commit message (Collapse)AuthorAgeFilesLines
* meta-secure-core: fix wrong operator combinationYi Zhao2021-11-181-1/+1
| | | | | | | | Operations like XXX:append += "YYY" are almost always wrong and this is a common mistake made in the metadata. Improve them to use the standard format. Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* rpm-native: disable audit pluginChangqing Li2021-11-121-1/+1
| | | | | | | enable this plugin will cause undeterministic build. whether to build audit plugin depends on whether libaudit exists on the host Signed-off-by: Changqing Li <changqing.li@windriver.com>
* meta-secure-core: Convert to new override syntaxYi Zhao2021-08-091-6/+6
| | | | | | Converting the metadata to use ":" as the override character instead of "_". Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* rpm: apply signatures to config filesYi Zhao2020-12-082-0/+10
| | | | | | | | | Since rpm 4.15, the users can control over the installation of signatures on config files through a variable named %_ima_sign_config_files. But this is disabled by default. Add a macro configuration file to enable it. Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* rpm-integrity: Use _append for PACKAGECONFIGOvidiu Panait2019-12-131-1/+3
| | | | | | | | | | Currently, the PACKAGECONFIG assignment in rpm-integrity might overwrite the previous contents of the variable. Similar to systemd_%.bbappend and ovmf_%.bbappend, use _append to add "imaevm" to PACKAGECONFIG when distro feature ima is enabled. Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
* Revert "rpm: always include rpm-integrity.inc for RPM signing"Yi Zhao2019-06-261-1/+1
| | | | | | | | | | | | | | | | This reverts commit 0477a93cf98bd2946320d90cadb54a0fc2c2c0df. Run yocto-check-layer-wrapper to check layer compliance of Yocto will report the signatures error: rpm-native:do_configure: c2221ee127ea61f99a6062ffadb1fe05ca44b9200e38a91521a5a28d4f13140b -> d955da8ce20c8dbc0c5bc9b7569dd459484b0e24ba1e4c66828a84e919025eca bitbake-diffsigs --task rpm-native do_configure --signature c2221ee127ea61f99a6062ffadb1fe05ca44b9200e38a91521a5a28d4f13140b d955da8ce20c8dbc0c5bc9b7569dd459484b0e24ba1e4c66828a84e919025eca Revert the patch to fix it. Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* rpm: disable inhibit plugin for rpm-nativeChen Qi2018-10-171-0/+1
| | | | | | | | | | | | | | | We have a bbappend file which enables plugins for rpm. We need to ensure to also disable the inhibit plugin for rpm-native. Otherwise, we get the following warning at rootfs time. Unable to get systemd shutdown inhibition lock: Socket name too long The inhibit plugin tries to inhibit shutdown during rpm operation. It obviously makes no sense for rpm-native, as 1) we may not build on a systemd based host and 2) the build process does not affect the package management on host. Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
* Clean up the stuffs for stable branchesJia Zhang2018-09-2012-797/+0
| | | | | | | | | | | The following commits are reverted by the way: - seloader: Fix building for rocko (bc6bbe2) - meta-integrity: rpm: Add back in required patches for rocko (5fa9c85) Because they are only applicable to rocko. Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
* meta-integrity: rpm: Add back in required patches for rockoTom Rini2018-07-3112-0/+797
| | | | | | | | | | In 59a9f43b899c ("meta-integrity: Drop RPM patches that are upstream now") we removed patches to RPM that were not required with a move up to 4.14.0 as they are upstream. However, rocko ships with an older version of RPM and still needs these patches. Add conditional logic to apply these patches only for rocko. Signed-off-by: Tom Rini <trini@konsulko.com>
* meta-integrity: Drop RPM patches that are upstream nowTom Rini2018-02-1412-796/+0
| | | | | | | | As of OE-Core rev b4613b6ce07c295c5d6de6861acf19315acaccb2 we are using rpm-4.14.0 as the base version. This includes all of the patches we had been applying. Signed-off-by: Tom Rini <trini@konsulko.com>
* rpm: always include rpm-integrity.inc for RPM signingJia Zhang2017-10-271-1/+1
| | | | | | rpm-integrity is required for RPM signing which is enabled by default. Signed-off-by: Jia Zhang <qianyue.zj@alibaba-inc.com>
* meta-integrity: fix build failure caused by 6aa83f98bJia Zhang2017-10-271-1/+1
| | | | Signed-off-by: Jia Zhang <qianyue.zj@alibaba-inc.com>
* rpm: only apply bbappend file when ima in DISTRO_FEATURES (#27)Kai2017-10-272-22/+23
| | | | | | | | | | Rename bbappend file of rpm and only include it when image in DISTRO_FEATURES. Plugin 'systemd' of rpm-native causes warning during do rootfs: | WARNING: wrlinux-image-glibc-std-1.0-r5 do_rootfs: [log_check] wrlinux-image-glibc-std: found 1 warning message in the logfile: | [log_check] warning: Unable to get systemd shutdown inhibition lock: Socket name too long Signed-off-by: Kai Kang <kai.kang@windriver.com>
* rpm: remove PACKAGECONFIG[imaevm]Lans Zhang2017-07-281-1/+0
| | | | | | This setting is already merged to oe-core. Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* rpm: allow to enable IMA signingLans Zhang2017-07-1812-0/+805
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-08-05 19:24:11 +0000