From cff02a044c6aef347cff8551b156dbc8a5d403d7 Mon Sep 17 00:00:00 2001
From: mulhern <mulhern@yoctoproject.org>
Date: Wed, 11 Sep 2013 09:07:30 -0400
Subject: meta-security: Add a new .bbclass for meta-security layer.

Inheriting the class will cause the check_security function to run on the
ROOTFS image. Currently the check_security function just invokes
buck-security-native on the root filesystem of the image.
---
 classes/check_security.bbclass | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 classes/check_security.bbclass

(limited to 'classes')

diff --git a/classes/check_security.bbclass b/classes/check_security.bbclass
new file mode 100644
index 0000000..6d6682e
--- /dev/null
+++ b/classes/check_security.bbclass
@@ -0,0 +1,7 @@
+check_security () {
+    ${STAGING_BINDIR_NATIVE}/buck-security -sysroot ${IMAGE_ROOTFS} -log ${T}/log.do_checksecurity.${PID} -disable-checks "checksum,firewall,packages_problematic,services,sshd,usermask" -no-sudo > /dev/null
+}
+
+EXTRA_IMAGEDEPENDS += "buck-security-native"
+
+ROOTFS_POSTPROCESS_COMMAND += "check_security;"
-- 
cgit v1.2.3-54-g00ecf