From ca566bb615b781283571653ef86fcd1d21a42f57 Mon Sep 17 00:00:00 2001 From: Yi Zhao Date: Fri, 30 Nov 2018 09:47:18 +0800 Subject: kernel-initramfs: only apply the bbappend if efi-secure-boot distro flag set When the meta-efi-secure-boot layer is included but feature efi-secure-boot is not set. We got the following error with kernel-initramfs building: ERROR: kernel-initramfs-1.0-r0 do_deploy: Function failed: do_deploy (log file is located at /buildarea/build/tmp/work/genericx86_64-poky-linux/kernel-initramfs/1.0-r0/temp/log.do_deploy.16995) ERROR: Logfile of failure stored in: /buildarea/build/tmp/work/genericx86_64-poky-linux/kernel-initramfs/1.0-r0/temp/log.do_deploy.16995 Log data follows: | DEBUG: Executing python function sstate_task_prefunc | DEBUG: Python function sstate_task_prefunc finished | DEBUG: Executing shell function do_deploy | install: cannot stat '/buildarea/build/tmp/work/genericx86_64-poky-linux/kernel-initramfs/1.0-r0/image/boot/*.p7b': No such file or directory | WARNING: /buildarea/build/tmp/work/genericx86_64-poky-linux/kernel-initramfs/1.0-r0/temp/run.do_deploy.16995:1 exit 1 from 'install -m 0644 ${SIG} /buildarea/build/tmp/work/genericx86_64-poky-linux/kernel-initramfs/1.0-r0/deploy-kernel-initramfs' | ERROR: Function failed: do_deploy (log file is located at /buildarea/build/tmp/work/genericx86_64-poky-linux/kernel-initramfs/1.0-r0/temp/log.do_deploy.16995) ERROR: Task (/buildarea/poky/meta-secure-core/meta/recipes-core/images/kernel-initramfs.bb:do_deploy) failed with exit code '1' Rename kernel-initramfs.bbappend to kernel-initramfs-efi-secure-boot.inc and add a new bbappend. Make sure this piece of code should be applied only if the efi-secure-boot feature is set. Signed-off-by: Yi Zhao --- .../images/kernel-initramfs-efi-secure-boot.inc | 37 +++++++++++++++++++++ .../recipes-core/images/kernel-initramfs.bbappend | 38 +--------------------- 2 files changed, 38 insertions(+), 37 deletions(-) create mode 100644 meta-efi-secure-boot/recipes-core/images/kernel-initramfs-efi-secure-boot.inc diff --git a/meta-efi-secure-boot/recipes-core/images/kernel-initramfs-efi-secure-boot.inc b/meta-efi-secure-boot/recipes-core/images/kernel-initramfs-efi-secure-boot.inc new file mode 100644 index 0000000..fb073a1 --- /dev/null +++ b/meta-efi-secure-boot/recipes-core/images/kernel-initramfs-efi-secure-boot.inc @@ -0,0 +1,37 @@ +DEPENDS += "openssl-native" +inherit user-key-store deploy + +# Always fetch the latest initramfs image +do_install[nostamp] = "1" + +fakeroot python do_sign() { + if d.getVar('BUNDLE', True) == '0': + for compr in d.getVar('INITRAMFS_FSTYPES').split(): + uks_sel_sign(d.expand('${D}/boot/${INITRAMFS_IMAGE}${INITRAMFS_EXT_NAME}.') + compr, d) + else: + uks_sel_sign(d.expand('${D}/boot/${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}'), d) +} +addtask sign after do_install before do_deploy do_package +do_sign[prefuncs] += "check_deploy_keys" + +do_deploy() { + install -d "${DEPLOYDIR}" + for SIG in ${D}/boot/*.p7b; do + install -m 0644 ${SIG} ${DEPLOYDIR} + done +} +addtask deploy after do_install before do_build + +python do_package_prepend () { + if d.getVar('BUNDLE') == '1': + d.appendVar(d.expand('ALTERNATIVE_${PN}'), ' ' + d.expand('${KERNEL_IMAGETYPE}' + '-initramfs.p7b')) + d.setVarFlag('ALTERNATIVE_LINK_NAME', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs.p7b', d.expand('/boot/${KERNEL_IMAGETYPE}-initramfs.p7b')) + d.setVarFlag('ALTERNATIVE_TARGET', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs.p7b', d.expand('/boot/${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}.p7b')) + d.setVarFlag('ALTERNATIVE_PRIORITY', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs.p7b', '50101') + else: + for compr in d.getVar('INITRAMFS_FSTYPES').split(): + d.appendVar(d.expand('ALTERNATIVE_${PN}'), ' ' + d.expand('${INITRAMFS_IMAGE}') + '.p7b') + d.setVarFlag('ALTERNATIVE_LINK_NAME', d.expand('${INITRAMFS_IMAGE}') + '.p7b', d.expand('/boot/${INITRAMFS_IMAGE}.p7b')) + d.setVarFlag('ALTERNATIVE_TARGET', d.expand('${INITRAMFS_IMAGE}') + '.p7b', d.expand('/boot/${INITRAMFS_IMAGE}${INITRAMFS_EXT_NAME}.' + compr + '.p7b')) + d.setVarFlag('ALTERNATIVE_PRIORITY', d.expand('${INITRAMFS_IMAGE}') + '.p7b', '50101') +} diff --git a/meta-efi-secure-boot/recipes-core/images/kernel-initramfs.bbappend b/meta-efi-secure-boot/recipes-core/images/kernel-initramfs.bbappend index fb073a1..dc782d7 100644 --- a/meta-efi-secure-boot/recipes-core/images/kernel-initramfs.bbappend +++ b/meta-efi-secure-boot/recipes-core/images/kernel-initramfs.bbappend @@ -1,37 +1 @@ -DEPENDS += "openssl-native" -inherit user-key-store deploy - -# Always fetch the latest initramfs image -do_install[nostamp] = "1" - -fakeroot python do_sign() { - if d.getVar('BUNDLE', True) == '0': - for compr in d.getVar('INITRAMFS_FSTYPES').split(): - uks_sel_sign(d.expand('${D}/boot/${INITRAMFS_IMAGE}${INITRAMFS_EXT_NAME}.') + compr, d) - else: - uks_sel_sign(d.expand('${D}/boot/${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}'), d) -} -addtask sign after do_install before do_deploy do_package -do_sign[prefuncs] += "check_deploy_keys" - -do_deploy() { - install -d "${DEPLOYDIR}" - for SIG in ${D}/boot/*.p7b; do - install -m 0644 ${SIG} ${DEPLOYDIR} - done -} -addtask deploy after do_install before do_build - -python do_package_prepend () { - if d.getVar('BUNDLE') == '1': - d.appendVar(d.expand('ALTERNATIVE_${PN}'), ' ' + d.expand('${KERNEL_IMAGETYPE}' + '-initramfs.p7b')) - d.setVarFlag('ALTERNATIVE_LINK_NAME', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs.p7b', d.expand('/boot/${KERNEL_IMAGETYPE}-initramfs.p7b')) - d.setVarFlag('ALTERNATIVE_TARGET', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs.p7b', d.expand('/boot/${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}.p7b')) - d.setVarFlag('ALTERNATIVE_PRIORITY', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs.p7b', '50101') - else: - for compr in d.getVar('INITRAMFS_FSTYPES').split(): - d.appendVar(d.expand('ALTERNATIVE_${PN}'), ' ' + d.expand('${INITRAMFS_IMAGE}') + '.p7b') - d.setVarFlag('ALTERNATIVE_LINK_NAME', d.expand('${INITRAMFS_IMAGE}') + '.p7b', d.expand('/boot/${INITRAMFS_IMAGE}.p7b')) - d.setVarFlag('ALTERNATIVE_TARGET', d.expand('${INITRAMFS_IMAGE}') + '.p7b', d.expand('/boot/${INITRAMFS_IMAGE}${INITRAMFS_EXT_NAME}.' + compr + '.p7b')) - d.setVarFlag('ALTERNATIVE_PRIORITY', d.expand('${INITRAMFS_IMAGE}') + '.p7b', '50101') -} +require ${@bb.utils.contains('DISTRO_FEATURES', 'efi-secure-boot', 'kernel-initramfs-efi-secure-boot.inc', '', d)} -- cgit v1.2.3-54-g00ecf