util-linux: only apply the bbappend if ima distro flag set

Run yocto-check-layer-wrapper to check layer compliance of Yocto will report the signatures error: util-linux:do_compile: 9c04caa1d37ca0fa0caa2f48a01912d1b3d35de2ac668c4cddd6158bbac9c374 -> 53de68708253461d617177c02a60d0e798f5f7727c14cc8e6b9a8bbedc53de99 bitbake-diffsigs --task util-linux do_compile --signature 9c04caa1d37ca0fa0caa2f48a01912d1b3d35de2ac668c4cddd6158bbac9c374 53de68708253461d617177c02a60d0e798f5f7727c14cc8e6b9a8bbedc53de99 Rename util-linux_%.bbappend to util-linux-integrity.inc and add a new bbappend. Make sure this piece of code should be applied only if the ima feature is set. Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
author: Yi Zhao <yi.zhao@windriver.com> 2019-06-26 12:43:58 +0800
committer: Jia Zhang <zhang.jia@linux.alibaba.com> 2019-06-26 13:05:38 +0800
commit: 392371e4b0e9edd51d3b86edc988e543874be5ed (patch)
tree: 446349769140dc93095e48860af54dfcd1c8e10f
parent: 06f4d3eece142e41a45538ca9ea9c9d60cf4551a (diff)
download: meta-secure-core-392371e4b0e9edd51d3b86edc988e543874be5ed.tar.gz
2 files changed, 20 insertions, 19 deletions
diff --git a/meta-integrity/recipes-core/util-linux/util-linux-integrity.inc b/meta-integrity/recipes-core/util-linux/util-linux-integrity.inc
new file mode 100644
index 0000000..d3d498e
--- /dev/null
+++ b/meta-integrity/recipes-core/util-linux/util-linux-integrity.inc
@@ -0,0 +1,19 @@
+CFLAGS_remove += "-pie -fpie"
+# We need -no-pie in case the default is to generate pie code.
+#
+do_compile_append_class-target() {
+    ${CC} ${CFLAGS} ${LDFLAGS} -no-pie -static \
+        sys-utils/switch_root.o \
+        -o switch_root.static
+}
+do_install_append_class-target() {
+    install -d "${D}${sbindir}"
+    install -m 0700 "${B}/switch_root.static" \
+        "${D}${sbindir}/switch_root.static"
+}
+PACKAGES =+ "${PN}-switch-root.static"
+FILES_${PN}-switch-root.static = "${sbindir}/switch_root.static"
diff --git a/meta-integrity/recipes-core/util-linux/util-linux_%.bbappend b/meta-integrity/recipes-core/util-linux/util-linux_%.bbappend
index d3d498e..e6f8378 100644
--- a/meta-integrity/recipes-core/util-linux/util-linux_%.bbappend
+++ b/meta-integrity/recipes-core/util-linux/util-linux_%.bbappend
@@ -1,19 +1 @@
-CFLAGS_remove += "-pie -fpie"
+require ${@bb.utils.contains('DISTRO_FEATURES', 'ima', 'util-linux-integrity.inc', '', d)}
-# We need -no-pie in case the default is to generate pie code.
-#
-do_compile_append_class-target() {
-    ${CC} ${CFLAGS} ${LDFLAGS} -no-pie -static \
-        sys-utils/switch_root.o \
-        -o switch_root.static
-}
-do_install_append_class-target() {
-    install -d "${D}${sbindir}"
-    install -m 0700 "${B}/switch_root.static" \
-        "${D}${sbindir}/switch_root.static"
-}
-PACKAGES =+ "${PN}-switch-root.static"
-FILES_${PN}-switch-root.static = "${sbindir}/switch_root.static"
author	Yi Zhao <yi.zhao@windriver.com>	2019-06-26 12:43:58 +0800
committer	Jia Zhang <zhang.jia@linux.alibaba.com>	2019-06-26 13:05:38 +0800
commit	392371e4b0e9edd51d3b86edc988e543874be5ed (patch)
tree	446349769140dc93095e48860af54dfcd1c8e10f
parent	06f4d3eece142e41a45538ca9ea9c9d60cf4551a (diff)
download	meta-secure-core-392371e4b0e9edd51d3b86edc988e543874be5ed.tar.gz

diff --git a/meta-integrity/recipes-core/util-linux/util-linux-integrity.inc b/meta-integrity/recipes-core/util-linux/util-linux-integrity.inc new file mode 100644 index 0000000..d3d498e --- /dev/null +++ b/meta-integrity/recipes-core/util-linux/util-linux-integrity.inc
@@ -0,0 +1,19 @@
		1	CFLAGS_remove += "-pie -fpie"
		2
		3	# We need -no-pie in case the default is to generate pie code.
		4	#
		5	do_compile_append_class-target() {
		6	${CC} ${CFLAGS} ${LDFLAGS} -no-pie -static \
		7	sys-utils/switch_root.o \
		8	-o switch_root.static
		9	}
		10
		11	do_install_append_class-target() {
		12	install -d "${D}${sbindir}"
		13	install -m 0700 "${B}/switch_root.static" \
		14	"${D}${sbindir}/switch_root.static"
		15	}
		16
		17	PACKAGES =+ "${PN}-switch-root.static"
		18
		19	FILES_${PN}-switch-root.static = "${sbindir}/switch_root.static"


diff --git a/meta-integrity/recipes-core/util-linux/util-linux_%.bbappend b/meta-integrity/recipes-core/util-linux/util-linux_%.bbappend index d3d498e..e6f8378 100644 --- a/meta-integrity/recipes-core/util-linux/util-linux_%.bbappend +++ b/meta-integrity/recipes-core/util-linux/util-linux_%.bbappend
@@ -1,19 +1 @@
1	CFLAGS_remove += "-pie -fpie"		require ${@bb.utils.contains('DISTRO_FEATURES', 'ima', 'util-linux-integrity.inc', '', d)}
2
3	# We need -no-pie in case the default is to generate pie code.
4	#
5	do_compile_append_class-target() {
6	${CC} ${CFLAGS} ${LDFLAGS} -no-pie -static \
7	sys-utils/switch_root.o \
8	-o switch_root.static
9	}
10
11	do_install_append_class-target() {
12	install -d "${D}${sbindir}"
13	install -m 0700 "${B}/switch_root.static" \
14	"${D}${sbindir}/switch_root.static"
15	}
16
17	PACKAGES =+ "${PN}-switch-root.static"
18
19	FILES_${PN}-switch-root.static = "${sbindir}/switch_root.static"