diff options
| author | Armin Kuster <akuster808@gmail.com> | 2021-06-02 01:59:22 +0000 |
|---|---|---|
| committer | Armin Kuster <akuster808@gmail.com> | 2021-06-06 13:03:37 -0700 |
| commit | 6e75e751ff1a0e1c45545a032a598a9098fa75f2 (patch) | |
| tree | 1afe59574ec49fb07bf39743bac57fd329673e58 | |
| parent | 35e1b6175005334fab7a3714133c6e7b98e0a80f (diff) | |
| download | meta-security-6e75e751ff1a0e1c45545a032a598a9098fa75f2.tar.gz | |
meta-integrity: add sanity check
Signed-off-by: Armin Kuster <akuster808@gmail.com>
| -rw-r--r-- | meta-integrity/README.md | 18 | ||||
| -rw-r--r-- | meta-integrity/classes/sanity-meta-integrity.bbclass | 10 | ||||
| -rw-r--r-- | meta-integrity/conf/layer.conf | 4 |
3 files changed, 31 insertions, 1 deletions
diff --git a/meta-integrity/README.md b/meta-integrity/README.md index 5048fba..8254b0d 100644 --- a/meta-integrity/README.md +++ b/meta-integrity/README.md | |||
| @@ -1,8 +1,24 @@ | |||
| 1 | This README file contains information on the contents of the | 1 | This README file contains information on the contents of the |
| 2 | integrity layer. | 2 | integrity layer. |
| 3 | 3 | ||
| 4 | Please see the corresponding sections below for details. | ||
| 5 | 4 | ||
| 5 | The bbappend files for some recipes (e.g. linux-yocto) in this layer need | ||
| 6 | to have 'integrity' in DISTRO_FEATURES to have effect. | ||
| 7 | To enable them, add in configuration file the following line. | ||
| 8 | |||
| 9 | DISTRO_FEATURES_append = " integrity" | ||
| 10 | |||
| 11 | If meta-integrity is included, but integrity is not enabled as a | ||
| 12 | distro feature a warning is printed at parse time: | ||
| 13 | |||
| 14 | You have included the meta-integritry layer, but | ||
| 15 | 'integrity' has not been enabled in your DISTRO_FEATURES. Some bbappend files | ||
| 16 | and preferred version setting may not take effect. | ||
| 17 | |||
| 18 | If you know what you are doing, this warning can be disabled by setting the following | ||
| 19 | variable in your configuration: | ||
| 20 | |||
| 21 | SKIP_META_INTEGRITY_SANITY_CHECK = 1 | ||
| 6 | 22 | ||
| 7 | Dependencies | 23 | Dependencies |
| 8 | ============ | 24 | ============ |
diff --git a/meta-integrity/classes/sanity-meta-integrity.bbclass b/meta-integrity/classes/sanity-meta-integrity.bbclass new file mode 100644 index 0000000..6ba7e3f --- /dev/null +++ b/meta-integrity/classes/sanity-meta-integrity.bbclass | |||
| @@ -0,0 +1,10 @@ | |||
| 1 | addhandler integrity_bbappend_distrocheck | ||
| 2 | integrity_bbappend_distrocheck[eventmask] = "bb.event.SanityCheck" | ||
| 3 | python integrity_bbappend_distrocheck() { | ||
| 4 | skip_check = e.data.getVar('SKIP_META_INTEGRITY_SANITY_CHECK') == "1" | ||
| 5 | if 'integrity' not in e.data.getVar('DISTRO_FEATURES').split() and not skip_check: | ||
| 6 | bb.warn("You have included the meta-integrity layer, but \ | ||
| 7 | 'integrity' has not been enabled in your DISTRO_FEATURES. Some bbappend files \ | ||
| 8 | and preferred version setting may not take effect. See the meta-integrity README \ | ||
| 9 | for details on enabling integrity support.") | ||
| 10 | } | ||
diff --git a/meta-integrity/conf/layer.conf b/meta-integrity/conf/layer.conf index ba028da..37776f8 100644 --- a/meta-integrity/conf/layer.conf +++ b/meta-integrity/conf/layer.conf | |||
| @@ -26,6 +26,10 @@ LAYERDEPENDS_integrity = "core openembedded-layer" | |||
| 26 | 26 | ||
| 27 | BBLAYERS_LAYERINDEX_NAME_integrity = "meta-integrity" | 27 | BBLAYERS_LAYERINDEX_NAME_integrity = "meta-integrity" |
| 28 | 28 | ||
| 29 | # Sanity check for meta-integrity layer. | ||
| 30 | # Setting SKIP_META_INTEGRITY_SANITY_CHECK to "1" would skip the bbappend files check. | ||
| 31 | INHERIT += "sanity-meta-integrity" | ||
| 32 | |||
| 29 | BBFILES_DYNAMIC += " \ | 33 | BBFILES_DYNAMIC += " \ |
| 30 | networking-layer:${LAYERDIR}/dynamic-layers/meta-networking/recipes-*/*/*.bbappend \ | 34 | networking-layer:${LAYERDIR}/dynamic-layers/meta-networking/recipes-*/*/*.bbappend \ |
| 31 | " | 35 | " |