base-files: only apply the bbappend if ima distro flag setrocko

When the meta-integrity layer is included but feature ima is not set, we would get the following error when the system startup: qemux86-64 systemd-remount-fs[81]: mount: /sys/kernel/security: mount point does not exist. qemux86-64 systemd-remount-fs[81]: /bin/mount for /sys/kernel/security exited with exit status 32. Rename base-files_%.bbappend to base-files-integrity.inc and add a new bbappend. Make sure this piece of code should be applied only if the ima feature is set. Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
author: Yi Zhao <yi.zhao@windriver.com> 2017-10-13 08:56:06 +0800
committer: Jia Zhang <zhang.jia@linux.alibaba.com> 2018-12-08 09:42:41 +0800
commit: 5209d236d27253087a2cb7a1b66546092d3a13f9 (patch)
tree: 48ed4b99525f9d4d7cca35c83e965df8fcbe3d04
parent: eed5579529af727139c2c5166a4b5504b5cdb5c3 (diff)
download: meta-secure-core-rocko.tar.gz
2 files changed, 6 insertions, 5 deletions
diff --git a/meta-integrity/recipes-core/base-files/base-files-integrity.inc b/meta-integrity/recipes-core/base-files/base-files-integrity.inc
new file mode 100644
index 0000000..7e9e210
--- /dev/null
+++ b/meta-integrity/recipes-core/base-files/base-files-integrity.inc
@@ -0,0 +1,5 @@
+# Append iversion option for auto types
+do_install_append() {
+    sed -i 's/\s*auto\s*defaults/&,iversion/' "${D}${sysconfdir}/fstab"
+    echo 'securityfs  /sys/kernel/security  securityfs  defaults  0  0' >> "${D}${sysconfdir}/fstab"
+}
diff --git a/meta-integrity/recipes-core/base-files/base-files_%.bbappend b/meta-integrity/recipes-core/base-files/base-files_%.bbappend
index 7e9e210..49417fe 100644
--- a/meta-integrity/recipes-core/base-files/base-files_%.bbappend
+++ b/meta-integrity/recipes-core/base-files/base-files_%.bbappend
@@ -1,5 +1 @@
-# Append iversion option for auto types
+require ${@bb.utils.contains('DISTRO_FEATURES', 'ima', 'base-files-integrity.inc', '', d)}
-do_install_append() {
-    sed -i 's/\s*auto\s*defaults/&,iversion/' "${D}${sysconfdir}/fstab"
-    echo 'securityfs  /sys/kernel/security  securityfs  defaults  0  0' >> "${D}${sysconfdir}/fstab"
-}
author	Yi Zhao <yi.zhao@windriver.com>	2017-10-13 08:56:06 +0800
committer	Jia Zhang <zhang.jia@linux.alibaba.com>	2018-12-08 09:42:41 +0800
commit	5209d236d27253087a2cb7a1b66546092d3a13f9 (patch)
tree	48ed4b99525f9d4d7cca35c83e965df8fcbe3d04
parent	eed5579529af727139c2c5166a4b5504b5cdb5c3 (diff)
download	meta-secure-core-rocko.tar.gz

diff --git a/meta-integrity/recipes-core/base-files/base-files-integrity.inc b/meta-integrity/recipes-core/base-files/base-files-integrity.inc new file mode 100644 index 0000000..7e9e210 --- /dev/null +++ b/meta-integrity/recipes-core/base-files/base-files-integrity.inc
@@ -0,0 +1,5 @@
		1	# Append iversion option for auto types
		2	do_install_append() {
		3	sed -i 's/\sauto\sdefaults/&,iversion/' "${D}${sysconfdir}/fstab"
		4	echo 'securityfs /sys/kernel/security securityfs defaults 0 0' >> "${D}${sysconfdir}/fstab"
		5	}


diff --git a/meta-integrity/recipes-core/base-files/base-files_%.bbappend b/meta-integrity/recipes-core/base-files/base-files_%.bbappend index 7e9e210..49417fe 100644 --- a/meta-integrity/recipes-core/base-files/base-files_%.bbappend +++ b/meta-integrity/recipes-core/base-files/base-files_%.bbappend
@@ -1,5 +1 @@
1	# Append iversion option for auto types		require ${@bb.utils.contains('DISTRO_FEATURES', 'ima', 'base-files-integrity.inc', '', d)}
2	do_install_append() {
3	sed -i 's/\sauto\sdefaults/&,iversion/' "${D}${sysconfdir}/fstab"
4	echo 'securityfs /sys/kernel/security securityfs defaults 0 0' >> "${D}${sysconfdir}/fstab"
5	}