From d2d125de9231a9919f3b7f4be4b994336a2eced1 Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Wed, 19 Jun 2024 10:15:53 -0400 Subject: meta-integrity: Remove stale variables and documentation Signed-off-by: Stefan Berger Signed-off-by: Armin Kuster --- meta-integrity/README.md | 7 +------ meta-integrity/classes/ima-evm-rootfs.bbclass | 5 ----- 2 files changed, 1 insertion(+), 11 deletions(-) diff --git a/meta-integrity/README.md b/meta-integrity/README.md index c333a9f..75dadd4 100644 --- a/meta-integrity/README.md +++ b/meta-integrity/README.md @@ -153,12 +153,7 @@ ima-evm-rootfs.bbclass: IMA_EVM_KEY_DIR = "" IMA_EVM_PRIVKEY = "" -By default, the entire file system gets signed. When using a policy which -does not require that, the set of files to be labelled can be chosen -by overriding the default "find" expression, for example like this: - - IMA_EVM_ROOTFS_FILES = "usr sbin bin lib -type f" - +By default, the entire file system gets signed. 2. Usage ======== diff --git a/meta-integrity/classes/ima-evm-rootfs.bbclass b/meta-integrity/classes/ima-evm-rootfs.bbclass index 7b73373..bc07d58 100644 --- a/meta-integrity/classes/ima-evm-rootfs.bbclass +++ b/meta-integrity/classes/ima-evm-rootfs.bbclass @@ -19,11 +19,6 @@ IMA_EVM_X509 ?= "${IMA_EVM_KEY_DIR}/x509_ima.der" # ima-local-ca.x509 is what ima-gen-local-ca.sh creates. IMA_EVM_ROOT_CA ?= "${IMA_EVM_KEY_DIR}/ima-local-ca.pem" -# Sign all regular files by default. -IMA_EVM_ROOTFS_SIGNED ?= ". -type f" -# Hash nothing by default. -IMA_EVM_ROOTFS_HASHED ?= ". -depth 0 -false" - # Mount these file systems (identified via their mount point) with # the iversion flags (needed by IMA when allowing writing). IMA_EVM_ROOTFS_IVERSION ?= "" -- cgit v1.2.3-54-g00ecf