dm-verity-img.bbclass: Stage verity.env file

Introduce new STAGING_VERITY_DIR variable specific to this bbclass which defines the directory where the verity.env file is stored during <DM_VERITY_IMAGE>:do_image_<DM_VERITY_IMAGE_TYPE> task and can consequtively be picked up into associated initramfs rootfs (which facilitates executing 'veritysetup' and related actions). By doing this we mitigate failures that were thus far associated to this facility, such as install: cannot stat '.../build/tmp/deploy/images/qemux86-64/core-image-minimal-qemux86-64.ext4.verity.env': No such file or directory and install: cannot stat '.../build/tmp/deploy/images/beaglebone-yocto/core-image-minimal-beaglebone-yocto.ext4.verity.env': No such file or directory Signed-off-by: Niko Mauno <niko.mauno@vaisala.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: niko.mauno@vaisala.com <niko.mauno@vaisala.com> 2020-09-10 16:17:53 +0000
committer: Armin Kuster <akuster808@gmail.com> 2020-09-12 08:55:28 -0700
commit: 170945ff9f8835ab7b0045b722c2a480b450ef90 (patch)
tree: c641978f33a83660a7656940dbb0a12772fb3871
parent: 6f40921308be358ffce1a4e51a76672ad4168c21 (diff)
download: meta-security-170945ff9f8835ab7b0045b722c2a480b450ef90.tar.gz
2 files changed, 8 insertions, 4 deletions
diff --git a/classes/dm-verity-img.bbclass b/classes/dm-verity-img.bbclass
index 6ad0f75..16d395b 100644
--- a/classes/dm-verity-img.bbclass
+++ b/classes/dm-verity-img.bbclass
@@ -18,12 +18,18 @@
 # The resulting image can then be used to implement the device mapper block
 # integrity checking on the target device.
+# Define the location where the DM_VERITY_IMAGE specific dm-verity root hash
+# is stored where it can be installed into associated initramfs rootfs.
+STAGING_VERITY_DIR ?= "${TMPDIR}/work-shared/${MACHINE}/dm-verity"
 # Process the output from veritysetup and generate the corresponding .env
 # file. The output from veritysetup is not very machine-friendly so we need to
 # convert it to some better format. Let's drop the first line (doesn't contain
 # any useful info) and feed the rest to a script.
 process_verity() {
-    local ENV="$OUTPUT.env"
+    local ENV="${STAGING_VERITY_DIR}/${IMAGE_BASENAME}.$TYPE.verity.env"
+    install -d ${STAGING_VERITY_DIR}
+    rm -f $ENV
    # Each line contains a key and a value string delimited by ':'. Read the
    # two parts into separate variables and process them separately. For the
@@ -39,8 +45,6 @@ process_verity() {
    # Add partition size
    echo "DATA_SIZE=$SIZE" >> $ENV
-    ln -sf $ENV ${IMAGE_BASENAME}-${MACHINE}.$TYPE.verity.env
 }
 verity_setup() {
diff --git a/recipes-core/images/dm-verity-image-initramfs.bb b/recipes-core/images/dm-verity-image-initramfs.bb
index 8dd8543..e791c19 100644
--- a/recipes-core/images/dm-verity-image-initramfs.bb
+++ b/recipes-core/images/dm-verity-image-initramfs.bb
@@ -24,6 +24,6 @@ IMAGE_FSTYPES = "${INITRAMFS_FSTYPES}"
 inherit core-image
 deploy_verity_hash() {
-    install -D -m 0644 ${DEPLOY_DIR_IMAGE}/${DM_VERITY_IMAGE}-${MACHINE}.${DM_VERITY_IMAGE_TYPE}.verity.env ${IMAGE_ROOTFS}/${datadir}/dm-verity.env
+    install -D -m 0644 ${STAGING_VERITY_DIR}/${DM_VERITY_IMAGE}.${DM_VERITY_IMAGE_TYPE}.verity.env ${IMAGE_ROOTFS}${datadir}/dm-verity.env
 }
 IMAGE_PREPROCESS_COMMAND += "deploy_verity_hash;"
author	niko.mauno@vaisala.com <niko.mauno@vaisala.com>	2020-09-10 16:17:53 +0000
committer	Armin Kuster <akuster808@gmail.com>	2020-09-12 08:55:28 -0700
commit	170945ff9f8835ab7b0045b722c2a480b450ef90 (patch)
tree	c641978f33a83660a7656940dbb0a12772fb3871
parent	6f40921308be358ffce1a4e51a76672ad4168c21 (diff)
download	meta-security-170945ff9f8835ab7b0045b722c2a480b450ef90.tar.gz