meta/recipes-core/initrdscripts/initrdscripts-secure-core.bb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52

SUMMARY = "Basic init for initramfs to mount and pivot root"
LICENSE = "MIT"
LIC_FILES_CHKSUM = "\
    file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302 \
"

SRC_URI = "\
    file://init \
"

do_install() {
    install -m 0755 "${WORKDIR}/init" "${D}/init"

    if [ "${FULL_DISK_ENCRYPTION}" = "1" ] && [ ${@bb.utils.contains("DISTRO_FEATURES", "luks", 'true', '', d)} ]; then
        sed -i '0,/is_encrypted=0/s//is_encrypted=1/' ${D}/init
    fi

    # Create device nodes expected by kernel in initramfs
    # before executing /init.
    install -d "${D}/dev"
    install -d "${D}/run"
    mknod -m 0600 "${D}/dev/console" c 5 1
}

FILES:${PN} = "\
    /init \
    /dev \
    /run \
"

# Install the minimal stuffs only, and don't care how the external
# environment is configured.

# @coreutils: echo, cat, sleep, switch_root, expr, mkdir
# @util-linux: mount
# @grep: grep
# @gawk: awk
# @eudev or udev: udevd, udevadm
RDEPENDS:${PN} += "\
    coreutils \
    util-linux-mount \
    grep \
    gawk \
    ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'udev', 'eudev', d)} \
"

# @initrdscripts-ima: init.ima
# @cryptfs-tpm2-initramfs: init.cryptfs
RRECOMMENDS:${PN} += "\
    ${@bb.utils.contains('DISTRO_FEATURES', 'ima', 'initrdscripts-ima', '', d)} \
    ${@bb.utils.contains('DISTRO_FEATURES', 'luks', 'cryptfs-tpm2-initramfs', '', d)} \
"