diff options
author | Yi Zhao <yi.zhao@windriver.com> | 2021-08-04 10:52:40 +0800 |
---|---|---|
committer | Jia Zhang <zhang.jia@linux.alibaba.com> | 2021-08-09 18:51:13 +0800 |
commit | 40420437422f6a1fff187280547096366806aee6 (patch) | |
tree | ce08e8342ce6b212e4ecdc29bef50e7848ef356d | |
parent | 6768abc7d453ae854091aa0fe70ba2e215290f5b (diff) | |
download | meta-secure-core-40420437422f6a1fff187280547096366806aee6.tar.gz |
meta-secure-core: Convert to new override syntax
Converting the metadata to use ":" as the override character instead of "_".
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
56 files changed, 202 insertions, 202 deletions
@@ -77,10 +77,10 @@ The full features in meta-secure-core can be configured with these definitions | |||
77 | in local.conf: | 77 | in local.conf: |
78 | 78 | ||
79 | INITRAMFS_IMAGE = "secure-core-image-initramfs" | 79 | INITRAMFS_IMAGE = "secure-core-image-initramfs" |
80 | DISTRO_FEATURES_NATIVE_append += "systemd ima tpm tpm2 efi-secure-boot luks" | 80 | DISTRO_FEATURES_NATIVE:append = " systemd ima tpm tpm2 efi-secure-boot luks" |
81 | DISTRO_FEATURES_append += "systemd ima tpm tpm2 efi-secure-boot luks modsign" | 81 | DISTRO_FEATURES:append = " systemd ima tpm tpm2 efi-secure-boot luks modsign" |
82 | MACHINE_FEATURES_NATIVE_append += "efi" | 82 | MACHINE_FEATURES_NATIVE:append = " efi" |
83 | MACHINE_FEATURES_append += "efi" | 83 | MACHINE_FEATURES:append = " efi" |
84 | PACKAGE_CLASSES = "package_rpm" | 84 | PACKAGE_CLASSES = "package_rpm" |
85 | INHERIT += "sign_rpm_ext" | 85 | INHERIT += "sign_rpm_ext" |
86 | SECURE_CORE_IMAGE_EXTRA_INSTALL ?= "\ | 86 | SECURE_CORE_IMAGE_EXTRA_INSTALL ?= "\ |
@@ -90,9 +90,9 @@ SECURE_CORE_IMAGE_EXTRA_INSTALL ?= "\ | |||
90 | packagegroup-ima \ | 90 | packagegroup-ima \ |
91 | packagegroup-luks \ | 91 | packagegroup-luks \ |
92 | " | 92 | " |
93 | DEBUG_FLAGS_forcevariable = "" | 93 | DEBUG_FLAGS:forcevariable = "" |
94 | IMAGE_INSTALL += "kernel-image-bzimage" | 94 | IMAGE_INSTALL += "kernel-image-bzimage" |
95 | USER_CLASSES_remove = "image-prelink" | 95 | USER_CLASSES:remove = "image-prelink" |
96 | 96 | ||
97 | # Uncomment this line to modify the root parameter in boot command line if the default one | 97 | # Uncomment this line to modify the root parameter in boot command line if the default one |
98 | # is not working for you. It is helpful when secure boot is enabled. | 98 | # is not working for you. It is helpful when secure boot is enabled. |
diff --git a/meta-efi-secure-boot/recipes-base/packagegroups/packagegroup-efi-secure-boot.bb b/meta-efi-secure-boot/recipes-base/packagegroups/packagegroup-efi-secure-boot.bb index 341e767..61afc93 100644 --- a/meta-efi-secure-boot/recipes-base/packagegroups/packagegroup-efi-secure-boot.bb +++ b/meta-efi-secure-boot/recipes-base/packagegroups/packagegroup-efi-secure-boot.bb | |||
@@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "\ | |||
7 | S = "${WORKDIR}" | 7 | S = "${WORKDIR}" |
8 | 8 | ||
9 | SELOADER_PKG = "${@'seloader' if d.getVar('UEFI_SELOADER', True) == '1' else ''}" | 9 | SELOADER_PKG = "${@'seloader' if d.getVar('UEFI_SELOADER', True) == '1' else ''}" |
10 | ALLOW_EMPTY_${PN} = "1" | 10 | ALLOW_EMPTY:${PN} = "1" |
11 | 11 | ||
12 | pkgs = "\ | 12 | pkgs = "\ |
13 | grub-efi \ | 13 | grub-efi \ |
@@ -18,15 +18,15 @@ pkgs = "\ | |||
18 | shim \ | 18 | shim \ |
19 | " | 19 | " |
20 | 20 | ||
21 | RDEPENDS_${PN}_x86 = "${pkgs}" | 21 | RDEPENDS:${PN}:x86 = "${pkgs}" |
22 | RDEPENDS_${PN}_x86-64 = "${pkgs}" | 22 | RDEPENDS:${PN}:x86-64 = "${pkgs}" |
23 | 23 | ||
24 | kmods = "\ | 24 | kmods = "\ |
25 | kernel-module-efivarfs \ | 25 | kernel-module-efivarfs \ |
26 | kernel-module-efivars \ | 26 | kernel-module-efivars \ |
27 | " | 27 | " |
28 | 28 | ||
29 | RRECOMMENDS_${PN}_x86 += "${kmods}" | 29 | RRECOMMENDS:${PN}:x86 += "${kmods}" |
30 | RRECOMMENDS_${PN}_x86-64 += "${kmods}" | 30 | RRECOMMENDS:${PN}:x86-64 += "${kmods}" |
31 | 31 | ||
32 | IMAGE_INSTALL_remove += "grub" | 32 | IMAGE_INSTALL:remove += "grub" |
diff --git a/meta-efi-secure-boot/recipes-bsp/efitools/efitools-native_git.bb b/meta-efi-secure-boot/recipes-bsp/efitools/efitools-native_git.bb index 616e2fd..7b8cbc5 100644 --- a/meta-efi-secure-boot/recipes-bsp/efitools/efitools-native_git.bb +++ b/meta-efi-secure-boot/recipes-bsp/efitools/efitools-native_git.bb | |||
@@ -1,10 +1,10 @@ | |||
1 | require efitools.inc | 1 | require efitools.inc |
2 | 2 | ||
3 | DEPENDS_append = " gnu-efi-native" | 3 | DEPENDS:append = " gnu-efi-native" |
4 | 4 | ||
5 | inherit native | 5 | inherit native |
6 | 6 | ||
7 | EXTRA_OEMAKE_append = "\ | 7 | EXTRA_OEMAKE:append = " \ |
8 | INCDIR_PREFIX='${STAGING_DIR_NATIVE}' \ | 8 | INCDIR_PREFIX='${STAGING_DIR_NATIVE}' \ |
9 | CRTPATH_PREFIX='${STAGING_DIR_NATIVE}' \ | 9 | CRTPATH_PREFIX='${STAGING_DIR_NATIVE}' \ |
10 | " | 10 | " |
diff --git a/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc b/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc index 9f4bec4..6f2582a 100644 --- a/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc +++ b/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc | |||
@@ -10,7 +10,7 @@ in the Linux 3.8 kernel. \ | |||
10 | LICENSE = "GPLv2" | 10 | LICENSE = "GPLv2" |
11 | LIC_FILES_CHKSUM = "file://COPYING;md5=e28f66b16cb46be47b20a4cdfe6e99a1" | 11 | LIC_FILES_CHKSUM = "file://COPYING;md5=e28f66b16cb46be47b20a4cdfe6e99a1" |
12 | 12 | ||
13 | DEPENDS_append += "\ | 13 | DEPENDS:append = " \ |
14 | help2man-native openssl-native sbsigntool-native \ | 14 | help2man-native openssl-native sbsigntool-native \ |
15 | libfile-slurp-perl-native \ | 15 | libfile-slurp-perl-native \ |
16 | " | 16 | " |
@@ -47,12 +47,12 @@ EXTRA_OEMAKE = "\ | |||
47 | OPENSSL_LIB='${STAGING_LIBDIR_NATIVE}' \ | 47 | OPENSSL_LIB='${STAGING_LIBDIR_NATIVE}' \ |
48 | EXTRA_LDFLAGS='${LDFLAGS}' \ | 48 | EXTRA_LDFLAGS='${LDFLAGS}' \ |
49 | " | 49 | " |
50 | EXTRA_OEMAKE_append_x86 += " ARCH=ia32" | 50 | EXTRA_OEMAKE:append:x86 = " ARCH=ia32" |
51 | EXTRA_OEMAKE_append_x86-64 += " ARCH=x86_64" | 51 | EXTRA_OEMAKE:append:x86-64 = " ARCH=x86_64" |
52 | 52 | ||
53 | EFI_BOOT_PATH = "/boot/efi/EFI/BOOT" | 53 | EFI_BOOT_PATH = "/boot/efi/EFI/BOOT" |
54 | 54 | ||
55 | do_compile_prepend() { | 55 | do_compile:prepend() { |
56 | sed -i -e "1s:#!.*:#!/usr/bin/env nativeperl:" xxdi.pl | 56 | sed -i -e "1s:#!.*:#!/usr/bin/env nativeperl:" xxdi.pl |
57 | } | 57 | } |
58 | 58 | ||
@@ -60,7 +60,7 @@ do_install() { | |||
60 | oe_runmake install DESTDIR='${D}${base_prefix}' | 60 | oe_runmake install DESTDIR='${D}${base_prefix}' |
61 | } | 61 | } |
62 | 62 | ||
63 | fakeroot python do_sign_class-target() { | 63 | fakeroot python do_sign:class-target() { |
64 | if d.getVar('GRUB_SIGN_VERIFY', True) != '1': | 64 | if d.getVar('GRUB_SIGN_VERIFY', True) != '1': |
65 | return | 65 | return |
66 | 66 | ||
@@ -74,6 +74,6 @@ do_sign[prefuncs] += "${@'check_boot_public_key' if d.getVar('GRUB_SIGN_VERIFY', | |||
74 | fakeroot python do_sign() { | 74 | fakeroot python do_sign() { |
75 | } | 75 | } |
76 | 76 | ||
77 | FILES_${PN} += "${EFI_BOOT_PATH}" | 77 | FILES:${PN} += "${EFI_BOOT_PATH}" |
78 | 78 | ||
79 | SSTATE_DUPWHITELIST += "${DEPLOY_DIR_IMAGE}/LockDown.efi" | 79 | SSTATE_DUPWHITELIST += "${DEPLOY_DIR_IMAGE}/LockDown.efi" |
diff --git a/meta-efi-secure-boot/recipes-bsp/efitools/efitools_git.bb b/meta-efi-secure-boot/recipes-bsp/efitools/efitools_git.bb index ffc2dc8..9b484f1 100644 --- a/meta-efi-secure-boot/recipes-bsp/efitools/efitools_git.bb +++ b/meta-efi-secure-boot/recipes-bsp/efitools/efitools_git.bb | |||
@@ -3,7 +3,7 @@ require efitools.inc | |||
3 | # The generated native binaries are used during native and target build | 3 | # The generated native binaries are used during native and target build |
4 | DEPENDS += "${BPN}-native gnu-efi openssl" | 4 | DEPENDS += "${BPN}-native gnu-efi openssl" |
5 | 5 | ||
6 | SRC_URI_append += "\ | 6 | SRC_URI:append = " \ |
7 | file://LockDown-enable-the-enrollment-for-DBX.patch \ | 7 | file://LockDown-enable-the-enrollment-for-DBX.patch \ |
8 | file://LockDown-show-the-error-message-with-3-sec-timeout.patch \ | 8 | file://LockDown-show-the-error-message-with-3-sec-timeout.patch \ |
9 | file://Makefile-do-not-build-signed-efi-image.patch \ | 9 | file://Makefile-do-not-build-signed-efi-image.patch \ |
@@ -16,7 +16,7 @@ COMPATIBLE_HOST = '(i.86|x86_64).*-linux' | |||
16 | 16 | ||
17 | inherit user-key-store deploy | 17 | inherit user-key-store deploy |
18 | 18 | ||
19 | EXTRA_OEMAKE_append += "\ | 19 | EXTRA_OEMAKE:append = " \ |
20 | INCDIR_PREFIX='${STAGING_DIR_TARGET}' \ | 20 | INCDIR_PREFIX='${STAGING_DIR_TARGET}' \ |
21 | CRTPATH_PREFIX='${STAGING_DIR_TARGET}' \ | 21 | CRTPATH_PREFIX='${STAGING_DIR_TARGET}' \ |
22 | SIGN_EFI_SIG_LIST='${STAGING_BINDIR_NATIVE}/sign-efi-sig-list' \ | 22 | SIGN_EFI_SIG_LIST='${STAGING_BINDIR_NATIVE}/sign-efi-sig-list' \ |
@@ -67,7 +67,7 @@ python do_prepare_signing_keys() { | |||
67 | addtask prepare_signing_keys after do_configure before do_compile | 67 | addtask prepare_signing_keys after do_configure before do_compile |
68 | do_prepare_signing_keys[prefuncs] += "check_deploy_keys" | 68 | do_prepare_signing_keys[prefuncs] += "check_deploy_keys" |
69 | 69 | ||
70 | do_install_append() { | 70 | do_install:append() { |
71 | install -d ${D}${EFI_BOOT_PATH} | 71 | install -d ${D}${EFI_BOOT_PATH} |
72 | install -m 0755 ${D}${datadir}/efitools/efi/LockDown.efi ${D}${EFI_BOOT_PATH} | 72 | install -m 0755 ${D}${datadir}/efitools/efi/LockDown.efi ${D}${EFI_BOOT_PATH} |
73 | } | 73 | } |
@@ -82,6 +82,6 @@ do_deploy() { | |||
82 | } | 82 | } |
83 | addtask deploy after do_install before do_build | 83 | addtask deploy after do_install before do_build |
84 | 84 | ||
85 | RDEPENDS_${PN}_append += "\ | 85 | RDEPENDS:${PN}:append = " \ |
86 | parted mtools coreutils util-linux openssl libcrypto \ | 86 | parted mtools coreutils util-linux openssl libcrypto \ |
87 | " | 87 | " |
diff --git a/meta-efi-secure-boot/recipes-bsp/grub/grub-efi-efi-secure-boot.inc b/meta-efi-secure-boot/recipes-bsp/grub/grub-efi-efi-secure-boot.inc index 2c58687..4ce638a 100644 --- a/meta-efi-secure-boot/recipes-bsp/grub/grub-efi-efi-secure-boot.inc +++ b/meta-efi-secure-boot/recipes-bsp/grub/grub-efi-efi-secure-boot.inc | |||
@@ -1,5 +1,5 @@ | |||
1 | DEPENDS += "openssl-native" | 1 | DEPENDS += "openssl-native" |
2 | FILESEXTRAPATHS_prepend := "${THISDIR}/grub-efi:" | 2 | FILESEXTRAPATHS:prepend := "${THISDIR}/grub-efi:" |
3 | 3 | ||
4 | GRUB_SIGN_VERIFY_STRICT ?= "1" | 4 | GRUB_SIGN_VERIFY_STRICT ?= "1" |
5 | 5 | ||
@@ -13,7 +13,7 @@ GRUB_MOKVERIFY_PATCH = " \ | |||
13 | file://verify-all-buffiles.patch \ | 13 | file://verify-all-buffiles.patch \ |
14 | " | 14 | " |
15 | 15 | ||
16 | SRC_URI_append_class-target += "\ | 16 | SRC_URI:append:class-target = " \ |
17 | file://0001-pe32.h-add-header-structures-for-TE-and-DOS-executab.patch \ | 17 | file://0001-pe32.h-add-header-structures-for-TE-and-DOS-executab.patch \ |
18 | file://0002-shim-add-needed-data-structures.patch \ | 18 | file://0002-shim-add-needed-data-structures.patch \ |
19 | file://0003-efi-chainloader-implement-an-UEFI-Exit-service-for-s.patch \ | 19 | file://0003-efi-chainloader-implement-an-UEFI-Exit-service-for-s.patch \ |
@@ -36,7 +36,7 @@ SRC_URI_append_class-target += "\ | |||
36 | " | 36 | " |
37 | 37 | ||
38 | # functions efi_call_foo and efi_shim_exit are not implemented for arm64 yet | 38 | # functions efi_call_foo and efi_shim_exit are not implemented for arm64 yet |
39 | COMPATIBLE_HOST_aarch64 = 'null' | 39 | COMPATIBLE_HOST:aarch64 = 'null' |
40 | 40 | ||
41 | GRUB_PREFIX_DIR ?= "/EFI/BOOT" | 41 | GRUB_PREFIX_DIR ?= "/EFI/BOOT" |
42 | EFI_BOOT_PATH ?= "/boot/efi/EFI/BOOT" | 42 | EFI_BOOT_PATH ?= "/boot/efi/EFI/BOOT" |
@@ -48,14 +48,14 @@ GRUB_SIGNING_MODULES += "${@'pgp gcry_rsa gcry_sha256 gcry_sha512 --pubkey %s ' | |||
48 | 48 | ||
49 | GRUB_SELOADER_MODULES += "${@'mok2verify ' if d.getVar('UEFI_SELOADER', True) == '1' else ''}" | 49 | GRUB_SELOADER_MODULES += "${@'mok2verify ' if d.getVar('UEFI_SELOADER', True) == '1' else ''}" |
50 | 50 | ||
51 | GRUB_BUILDIN_append_class-target += "\ | 51 | GRUB_BUILDIN:append:class-target = " \ |
52 | tftp reboot chain \ | 52 | tftp reboot chain \ |
53 | ${GRUB_SECURE_BOOT_MODULES} \ | 53 | ${GRUB_SECURE_BOOT_MODULES} \ |
54 | ${GRUB_SIGNING_MODULES} \ | 54 | ${GRUB_SIGNING_MODULES} \ |
55 | ${GRUB_SELOADER_MODULES}" | 55 | ${GRUB_SELOADER_MODULES}" |
56 | 56 | ||
57 | # For efi_call_foo and efi_shim_exit | 57 | # For efi_call_foo and efi_shim_exit |
58 | CFLAGS_append_class-target = " -fno-toplevel-reorder" | 58 | CFLAGS:append:class-target = " -fno-toplevel-reorder" |
59 | 59 | ||
60 | # Set a default root specifier. | 60 | # Set a default root specifier. |
61 | inherit user-key-store | 61 | inherit user-key-store |
@@ -80,7 +80,7 @@ python __anonymous () { | |||
80 | d.setVar("GRUB_IMAGE", grubimage) | 80 | d.setVar("GRUB_IMAGE", grubimage) |
81 | } | 81 | } |
82 | 82 | ||
83 | do_compile_append_class-target() { | 83 | do_compile:append:class-target() { |
84 | if [ "${GRUB_SIGN_VERIFY}" = "1" -a "${GRUB_SIGN_VERIFY_STRICT}" = "1" ] ; then | 84 | if [ "${GRUB_SIGN_VERIFY}" = "1" -a "${GRUB_SIGN_VERIFY_STRICT}" = "1" ] ; then |
85 | cat<<EOF>${WORKDIR}/cfg | 85 | cat<<EOF>${WORKDIR}/cfg |
86 | set strict_security=1 | 86 | set strict_security=1 |
@@ -94,15 +94,15 @@ set prefix=(\$root)${GRUB_PREFIX_DIR} | |||
94 | EOF | 94 | EOF |
95 | } | 95 | } |
96 | 96 | ||
97 | do_compile_append_class-native() { | 97 | do_compile:append:class-native() { |
98 | make grub-editenv | 98 | make grub-editenv |
99 | } | 99 | } |
100 | 100 | ||
101 | do_install_append_class-native() { | 101 | do_install:append:class-native() { |
102 | install -m 0755 grub-editenv "${D}${bindir}" | 102 | install -m 0755 grub-editenv "${D}${bindir}" |
103 | } | 103 | } |
104 | 104 | ||
105 | do_install_append_class-target() { | 105 | do_install:append:class-target() { |
106 | local menu="${WORKDIR}/boot-menu.inc" | 106 | local menu="${WORKDIR}/boot-menu.inc" |
107 | 107 | ||
108 | # Enable the default IMA rules if IMA is enabled and luks is disabled. | 108 | # Enable the default IMA rules if IMA is enabled and luks is disabled. |
@@ -145,13 +145,13 @@ do_install_append_class-target() { | |||
145 | rm -f ${D}${EFI_BOOT_PATH}/${GRUB_TARGET}-efi/*.module | 145 | rm -f ${D}${EFI_BOOT_PATH}/${GRUB_TARGET}-efi/*.module |
146 | } | 146 | } |
147 | 147 | ||
148 | python do_sign_prepend_class-target() { | 148 | python do_sign:prepend:class-target() { |
149 | bb.build.exec_func("check_deploy_keys", d) | 149 | bb.build.exec_func("check_deploy_keys", d) |
150 | if d.getVar('GRUB_SIGN_VERIFY') == '1': | 150 | if d.getVar('GRUB_SIGN_VERIFY') == '1': |
151 | bb.build.exec_func("check_boot_public_key", d) | 151 | bb.build.exec_func("check_boot_public_key", d) |
152 | } | 152 | } |
153 | 153 | ||
154 | fakeroot python do_sign_class-target() { | 154 | fakeroot python do_sign:class-target() { |
155 | image_dir = d.getVar('D', True) | 155 | image_dir = d.getVar('D', True) |
156 | efi_boot_path = d.getVar('EFI_BOOT_PATH', True) | 156 | efi_boot_path = d.getVar('EFI_BOOT_PATH', True) |
157 | grub_image = d.getVar('GRUB_IMAGE', True) | 157 | grub_image = d.getVar('GRUB_IMAGE', True) |
@@ -181,7 +181,7 @@ fakeroot do_chownboot() { | |||
181 | addtask chownboot after do_deploy before do_package | 181 | addtask chownboot after do_deploy before do_package |
182 | 182 | ||
183 | # Append the do_deploy() in oe-core. | 183 | # Append the do_deploy() in oe-core. |
184 | do_deploy_append_class-target() { | 184 | do_deploy:append:class-target() { |
185 | install -m 0644 "${D}${EFI_BOOT_PATH}/${GRUB_IMAGE}" "${DEPLOYDIR}" | 185 | install -m 0644 "${D}${EFI_BOOT_PATH}/${GRUB_IMAGE}" "${DEPLOYDIR}" |
186 | 186 | ||
187 | # Deploy the stacked grub configs. | 187 | # Deploy the stacked grub configs. |
@@ -202,9 +202,9 @@ do_deploy_append_class-target() { | |||
202 | PSEUDO_DISABLED=1 cp -af "${D}${EFI_BOOT_PATH}/${GRUB_TARGET}-efi" "${DEPLOYDIR}/efi-unsigned" | 202 | PSEUDO_DISABLED=1 cp -af "${D}${EFI_BOOT_PATH}/${GRUB_TARGET}-efi" "${DEPLOYDIR}/efi-unsigned" |
203 | } | 203 | } |
204 | 204 | ||
205 | FILES_${PN} += "${EFI_BOOT_PATH}" | 205 | FILES:${PN} += "${EFI_BOOT_PATH}" |
206 | 206 | ||
207 | CONFFILES_${PN} += "\ | 207 | CONFFILES:${PN} += "\ |
208 | ${EFI_BOOT_PATH}/grub.cfg \ | 208 | ${EFI_BOOT_PATH}/grub.cfg \ |
209 | ${EFI_BOOT_PATH}/grubenv \ | 209 | ${EFI_BOOT_PATH}/grubenv \ |
210 | ${EFI_BOOT_PATH}/boot-menu.inc \ | 210 | ${EFI_BOOT_PATH}/boot-menu.inc \ |
diff --git a/meta-efi-secure-boot/recipes-bsp/seloader/seloader_git.bb b/meta-efi-secure-boot/recipes-bsp/seloader/seloader_git.bb index fee1504..f6cacc0 100644 --- a/meta-efi-secure-boot/recipes-bsp/seloader/seloader_git.bb +++ b/meta-efi-secure-boot/recipes-bsp/seloader/seloader_git.bb | |||
@@ -45,8 +45,8 @@ EXTRA_OEMAKE = "\ | |||
45 | LIB_GCC="`${CC} -print-libgcc-file-name`" \ | 45 | LIB_GCC="`${CC} -print-libgcc-file-name`" \ |
46 | " | 46 | " |
47 | 47 | ||
48 | EFI_ARCH_x86 = "ia32" | 48 | EFI_ARCH:x86 = "ia32" |
49 | EFI_ARCH_x86-64 = "x64" | 49 | EFI_ARCH:x86-64 = "x64" |
50 | 50 | ||
51 | EFI_TARGET = "/boot/efi/EFI/BOOT" | 51 | EFI_TARGET = "/boot/efi/EFI/BOOT" |
52 | 52 | ||
@@ -91,8 +91,8 @@ do_deploy() { | |||
91 | } | 91 | } |
92 | addtask deploy after do_install before do_build | 92 | addtask deploy after do_install before do_build |
93 | 93 | ||
94 | RDEPENDS_${PN} += "ovmf-pkcs7-efi" | 94 | RDEPENDS:${PN} += "ovmf-pkcs7-efi" |
95 | 95 | ||
96 | FILES_${PN} += "${EFI_TARGET}" | 96 | FILES:${PN} += "${EFI_TARGET}" |
97 | 97 | ||
98 | SSTATE_DUPWHITELIST += "${DEPLOY_DIR_IMAGE}/efi-unsigned" | 98 | SSTATE_DUPWHITELIST += "${DEPLOY_DIR_IMAGE}/efi-unsigned" |
diff --git a/meta-efi-secure-boot/recipes-bsp/shim/shim_git.bb b/meta-efi-secure-boot/recipes-bsp/shim/shim_git.bb index 489f1c3..3b71690 100644 --- a/meta-efi-secure-boot/recipes-bsp/shim/shim_git.bb +++ b/meta-efi-secure-boot/recipes-bsp/shim/shim_git.bb | |||
@@ -30,7 +30,7 @@ SRC_URI = "\ | |||
30 | file://0001-MokManager-Use-CompareMem-on-MokListNode.Type-instea.patch \ | 30 | file://0001-MokManager-Use-CompareMem-on-MokListNode.Type-instea.patch \ |
31 | file://0001-console.c-Fix-compilation-against-latest-usr-include.patch \ | 31 | file://0001-console.c-Fix-compilation-against-latest-usr-include.patch \ |
32 | " | 32 | " |
33 | SRC_URI_append_x86-64 = "\ | 33 | SRC_URI:append:x86-64 = " \ |
34 | ${@bb.utils.contains('DISTRO_FEATURES', 'msft', \ | 34 | ${@bb.utils.contains('DISTRO_FEATURES', 'msft', \ |
35 | 'file://shim' + d.expand('EFI_ARCH') + '.efi.signed file://LICENSE' \ | 35 | 'file://shim' + d.expand('EFI_ARCH') + '.efi.signed file://LICENSE' \ |
36 | if uks_signing_model(d) == 'sample' else '', '', d)} \ | 36 | if uks_signing_model(d) == 'sample' else '', '', d)} \ |
@@ -66,7 +66,7 @@ EXTRA_OEMAKE = "\ | |||
66 | ENABLE_SBSIGN=1 \ | 66 | ENABLE_SBSIGN=1 \ |
67 | " | 67 | " |
68 | 68 | ||
69 | EXTRA_OEMAKE_append_x86-64 = " OVERRIDE_SECURITY_POLICY=1" | 69 | EXTRA_OEMAKE:append:x86-64 = " OVERRIDE_SECURITY_POLICY=1" |
70 | 70 | ||
71 | PARALLEL_MAKE = "" | 71 | PARALLEL_MAKE = "" |
72 | COMPATIBLE_HOST = '(i.86|x86_64).*-linux' | 72 | COMPATIBLE_HOST = '(i.86|x86_64).*-linux' |
@@ -75,8 +75,8 @@ EFI_TARGET = "/boot/efi/EFI/BOOT" | |||
75 | 75 | ||
76 | MSFT = "${@bb.utils.contains('DISTRO_FEATURES', 'msft', '1', '0', d)}" | 76 | MSFT = "${@bb.utils.contains('DISTRO_FEATURES', 'msft', '1', '0', d)}" |
77 | 77 | ||
78 | EFI_ARCH_x86 = "ia32" | 78 | EFI_ARCH:x86 = "ia32" |
79 | EFI_ARCH_x86-64 = "x64" | 79 | EFI_ARCH:x86-64 = "x64" |
80 | 80 | ||
81 | # Prepare the signing certificate and keys | 81 | # Prepare the signing certificate and keys |
82 | python do_prepare_signing_keys() { | 82 | python do_prepare_signing_keys() { |
@@ -148,4 +148,4 @@ do_deploy() { | |||
148 | } | 148 | } |
149 | addtask deploy after do_install before do_build | 149 | addtask deploy after do_install before do_build |
150 | 150 | ||
151 | FILES_${PN} += "${EFI_TARGET}" | 151 | FILES:${PN} += "${EFI_TARGET}" |
diff --git a/meta-efi-secure-boot/recipes-core/images/kernel-initramfs-efi-secure-boot.inc b/meta-efi-secure-boot/recipes-core/images/kernel-initramfs-efi-secure-boot.inc index 2ac5e8c..9d92672 100644 --- a/meta-efi-secure-boot/recipes-core/images/kernel-initramfs-efi-secure-boot.inc +++ b/meta-efi-secure-boot/recipes-core/images/kernel-initramfs-efi-secure-boot.inc | |||
@@ -23,16 +23,16 @@ do_deploy() { | |||
23 | } | 23 | } |
24 | addtask deploy after do_install before do_package | 24 | addtask deploy after do_install before do_package |
25 | 25 | ||
26 | python do_package_prepend () { | 26 | python do_package:prepend () { |
27 | ext = d.expand('${SB_FILE_EXT}') | 27 | ext = d.expand('${SB_FILE_EXT}') |
28 | if d.getVar('BUNDLE') == '1': | 28 | if d.getVar('BUNDLE') == '1': |
29 | d.appendVar(d.expand('ALTERNATIVE_${PN}'), ' ' + d.expand('${KERNEL_IMAGETYPE}' + '-initramfs' + ext)) | 29 | d.appendVar(d.expand('ALTERNATIVE:${PN}'), ' ' + d.expand('${KERNEL_IMAGETYPE}' + '-initramfs' + ext)) |
30 | d.setVarFlag('ALTERNATIVE_LINK_NAME', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs' + ext, d.expand('/boot/${KERNEL_IMAGETYPE}-initramfs' + ext)) | 30 | d.setVarFlag('ALTERNATIVE_LINK_NAME', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs' + ext, d.expand('/boot/${KERNEL_IMAGETYPE}-initramfs' + ext)) |
31 | d.setVarFlag('ALTERNATIVE_TARGET', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs' + ext, d.expand('/boot/${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}' + ext)) | 31 | d.setVarFlag('ALTERNATIVE_TARGET', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs' + ext, d.expand('/boot/${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}' + ext)) |
32 | d.setVarFlag('ALTERNATIVE_PRIORITY', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs' + ext, '50101') | 32 | d.setVarFlag('ALTERNATIVE_PRIORITY', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs' + ext, '50101') |
33 | else: | 33 | else: |
34 | for compr in d.getVar('INITRAMFS_FSTYPES').split(): | 34 | for compr in d.getVar('INITRAMFS_FSTYPES').split(): |
35 | d.appendVar(d.expand('ALTERNATIVE_${PN}'), ' ' + d.expand('${INITRAMFS_IMAGE}') + ext) | 35 | d.appendVar(d.expand('ALTERNATIVE:${PN}'), ' ' + d.expand('${INITRAMFS_IMAGE}') + ext) |
36 | d.setVarFlag('ALTERNATIVE_LINK_NAME', d.expand('${INITRAMFS_IMAGE}') + ext, d.expand('/boot/${INITRAMFS_IMAGE}') + ext) | 36 | d.setVarFlag('ALTERNATIVE_LINK_NAME', d.expand('${INITRAMFS_IMAGE}') + ext, d.expand('/boot/${INITRAMFS_IMAGE}') + ext) |
37 | d.setVarFlag('ALTERNATIVE_TARGET', d.expand('${INITRAMFS_IMAGE}') + ext, d.expand('/boot/${INITRAMFS_IMAGE}${INITRAMFS_EXT_NAME}.' + compr + ext)) | 37 | d.setVarFlag('ALTERNATIVE_TARGET', d.expand('${INITRAMFS_IMAGE}') + ext, d.expand('/boot/${INITRAMFS_IMAGE}${INITRAMFS_EXT_NAME}.' + compr + ext)) |
38 | d.setVarFlag('ALTERNATIVE_PRIORITY', d.expand('${INITRAMFS_IMAGE}') + ext, '50101') | 38 | d.setVarFlag('ALTERNATIVE_PRIORITY', d.expand('${INITRAMFS_IMAGE}') + ext, '50101') |
diff --git a/meta-efi-secure-boot/recipes-core/ovmf/ovmf_%.bbappend b/meta-efi-secure-boot/recipes-core/ovmf/ovmf_%.bbappend index 01c7007..5d1a163 100644 --- a/meta-efi-secure-boot/recipes-core/ovmf/ovmf_%.bbappend +++ b/meta-efi-secure-boot/recipes-core/ovmf/ovmf_%.bbappend | |||
@@ -1,9 +1,9 @@ | |||
1 | inherit user-key-store | 1 | inherit user-key-store |
2 | 2 | ||
3 | PACKAGECONFIG_append = " secureboot" | 3 | PACKAGECONFIG:append = " secureboot" |
4 | 4 | ||
5 | # For SELoader | 5 | # For SELoader |
6 | do_compile_class-target_append() { | 6 | do_compile:class-target:append() { |
7 | if ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'true', 'false', d)}; then | 7 | if ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'true', 'false', d)}; then |
8 | secbuild_dir="${S}/Build/SecurityPkg/RELEASE_${FIXED_GCCVER}" | 8 | secbuild_dir="${S}/Build/SecurityPkg/RELEASE_${FIXED_GCCVER}" |
9 | ${S}/OvmfPkg/build.sh $PARALLEL_JOBS -a $OVMF_ARCH -b RELEASE -t ${FIXED_GCCVER} ${OVMF_SECURE_BOOT_FLAGS} -p SecurityPkg/SecurityPkg.dsc | 9 | ${S}/OvmfPkg/build.sh $PARALLEL_JOBS -a $OVMF_ARCH -b RELEASE -t ${FIXED_GCCVER} ${OVMF_SECURE_BOOT_FLAGS} -p SecurityPkg/SecurityPkg.dsc |
@@ -14,7 +14,7 @@ do_compile_class-target_append() { | |||
14 | 14 | ||
15 | EFI_TARGET = "/boot/efi/EFI/BOOT" | 15 | EFI_TARGET = "/boot/efi/EFI/BOOT" |
16 | 16 | ||
17 | do_install_class-target_append() { | 17 | do_install:class-target:append() { |
18 | if ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'true', 'false', d)}; then | 18 | if ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'true', 'false', d)}; then |
19 | mkdir -p ${D}${EFI_TARGET} | 19 | mkdir -p ${D}${EFI_TARGET} |
20 | if [ x"${UEFI_SB}" = x"1" ]; then | 20 | if [ x"${UEFI_SB}" = x"1" ]; then |
@@ -30,13 +30,13 @@ do_install_class-target_append() { | |||
30 | python do_sign() { | 30 | python do_sign() { |
31 | } | 31 | } |
32 | 32 | ||
33 | python do_sign_class-target() { | 33 | python do_sign:class-target() { |
34 | sb_sign(d.expand('${WORKDIR}/ovmf/Hash2DxeCrypto.efi'), d.expand('${WORKDIR}/ovmf/Hash2DxeCrypto.efi.signed'), d) | 34 | sb_sign(d.expand('${WORKDIR}/ovmf/Hash2DxeCrypto.efi'), d.expand('${WORKDIR}/ovmf/Hash2DxeCrypto.efi.signed'), d) |
35 | sb_sign(d.expand('${WORKDIR}/ovmf/Pkcs7VerifyDxe.efi'), d.expand('${WORKDIR}/ovmf/Pkcs7VerifyDxe.efi.signed'), d) | 35 | sb_sign(d.expand('${WORKDIR}/ovmf/Pkcs7VerifyDxe.efi'), d.expand('${WORKDIR}/ovmf/Pkcs7VerifyDxe.efi.signed'), d) |
36 | } | 36 | } |
37 | addtask sign after do_compile before do_install do_deploy | 37 | addtask sign after do_compile before do_install do_deploy |
38 | 38 | ||
39 | do_deploy_class-target_append() { | 39 | do_deploy:class-target:append() { |
40 | if [ x"${UEFI_SB}" = x"1" ]; then | 40 | if [ x"${UEFI_SB}" = x"1" ]; then |
41 | install -d ${DEPLOYDIR}/efi-unsigned | 41 | install -d ${DEPLOYDIR}/efi-unsigned |
42 | install ${WORKDIR}/ovmf/Pkcs7VerifyDxe.efi "${DEPLOYDIR}/efi-unsigned/Pkcs7VerifyDxe.efi" | 42 | install ${WORKDIR}/ovmf/Pkcs7VerifyDxe.efi "${DEPLOYDIR}/efi-unsigned/Pkcs7VerifyDxe.efi" |
@@ -53,7 +53,7 @@ PACKAGES += " \ | |||
53 | ovmf-pkcs7-efi \ | 53 | ovmf-pkcs7-efi \ |
54 | " | 54 | " |
55 | 55 | ||
56 | FILES_ovmf-pkcs7-efi += " \ | 56 | FILES:ovmf-pkcs7-efi += " \ |
57 | ${EFI_TARGET}/Hash2DxeCrypto.efi \ | 57 | ${EFI_TARGET}/Hash2DxeCrypto.efi \ |
58 | ${EFI_TARGET}/Pkcs7VerifyDxe.efi \ | 58 | ${EFI_TARGET}/Pkcs7VerifyDxe.efi \ |
59 | " | 59 | " |
diff --git a/meta-efi-secure-boot/recipes-core/systemd/systemd-efi-secure-boot.inc b/meta-efi-secure-boot/recipes-core/systemd/systemd-efi-secure-boot.inc index da6e27b..b7b631c 100644 --- a/meta-efi-secure-boot/recipes-core/systemd/systemd-efi-secure-boot.inc +++ b/meta-efi-secure-boot/recipes-core/systemd/systemd-efi-secure-boot.inc | |||
@@ -1,5 +1,5 @@ | |||
1 | DEPENDS += "gnu-efi" | 1 | DEPENDS += "gnu-efi" |
2 | PACKAGECONFIG_append = " efi" | 2 | PACKAGECONFIG:append = " efi" |
3 | EXTRA_OEMESON += "-Dgnu-efi=true \ | 3 | EXTRA_OEMESON += "-Dgnu-efi=true \ |
4 | -Defi-libdir=${STAGING_LIBDIR} \ | 4 | -Defi-libdir=${STAGING_LIBDIR} \ |
5 | -Defi-includedir=${STAGING_INCDIR}" | 5 | -Defi-includedir=${STAGING_INCDIR}" |
diff --git a/meta-efi-secure-boot/recipes-extended/mokutil/mokutil_git.bb b/meta-efi-secure-boot/recipes-extended/mokutil/mokutil_git.bb index b91790c..3c215fb 100644 --- a/meta-efi-secure-boot/recipes-extended/mokutil/mokutil_git.bb +++ b/meta-efi-secure-boot/recipes-extended/mokutil/mokutil_git.bb | |||
@@ -24,6 +24,6 @@ EXTRA_OEMAKE += "\ | |||
24 | 24 | ||
25 | COMPATIBLE_HOST = '(i.86|x86_64|arm|aarch64).*-linux' | 25 | COMPATIBLE_HOST = '(i.86|x86_64|arm|aarch64).*-linux' |
26 | 26 | ||
27 | FILES_${PN} += "${datadir}/bash-completion/*" | 27 | FILES:${PN} += "${datadir}/bash-completion/*" |
28 | 28 | ||
29 | RDEPENDS_${PN} += "openssl efivar" | 29 | RDEPENDS:${PN} += "openssl efivar" |
diff --git a/meta-efi-secure-boot/recipes-kernel/linux/linux-yocto-efi-secure-boot.inc b/meta-efi-secure-boot/recipes-kernel/linux/linux-yocto-efi-secure-boot.inc index 27bb3a2..28bd91b 100644 --- a/meta-efi-secure-boot/recipes-kernel/linux/linux-yocto-efi-secure-boot.inc +++ b/meta-efi-secure-boot/recipes-kernel/linux/linux-yocto-efi-secure-boot.inc | |||
@@ -4,8 +4,8 @@ efi_secure_boot_sccs = "\ | |||
4 | ${@bb.utils.contains('DISTRO_FEATURES', 'efi-secure-boot', \ | 4 | ${@bb.utils.contains('DISTRO_FEATURES', 'efi-secure-boot', \ |
5 | 'cfg/efi-ext.scc', '', d)} \ | 5 | 'cfg/efi-ext.scc', '', d)} \ |
6 | " | 6 | " |
7 | KERNEL_FEATURES_append_x86 += "${efi_secure_boot_sccs}" | 7 | KERNEL_FEATURES:append:x86 = " ${efi_secure_boot_sccs}" |
8 | KERNEL_FEATURES_append_x86-64 += "${efi_secure_boot_sccs}" | 8 | KERNEL_FEATURES:append:x86-64 = " ${efi_secure_boot_sccs}" |
9 | 9 | ||
10 | inherit user-key-store | 10 | inherit user-key-store |
11 | 11 | ||
@@ -75,7 +75,7 @@ fakeroot python do_sign_bundled_kernel() { | |||
75 | } | 75 | } |
76 | addtask sign_bundled_kernel after do_bundle_initramfs before do_deploy | 76 | addtask sign_bundled_kernel after do_bundle_initramfs before do_deploy |
77 | 77 | ||
78 | do_deploy_append() { | 78 | do_deploy:append() { |
79 | install -d "${DEPLOYDIR}/efi-unsigned" | 79 | install -d "${DEPLOYDIR}/efi-unsigned" |
80 | 80 | ||
81 | for imageType in ${KERNEL_IMAGETYPES}; do | 81 | for imageType in ${KERNEL_IMAGETYPES}; do |
@@ -102,9 +102,9 @@ do_deploy_append() { | |||
102 | } | 102 | } |
103 | 103 | ||
104 | # Ship *.p7b or *.sig files to related packages | 104 | # Ship *.p7b or *.sig files to related packages |
105 | python do_package_prepend() { | 105 | python do_package:prepend() { |
106 | for type in d.expand('${KERNEL_IMAGETYPES}').split(): | 106 | for type in d.expand('${KERNEL_IMAGETYPES}').split(): |
107 | typelower = type.lower() | 107 | typelower = type.lower() |
108 | d.appendVar('FILES_kernel-image-' + typelower, ' /boot/' + type + d.expand('-${KERNEL_VERSION_NAME}${SB_FILE_EXT}')) | 108 | d.appendVar('FILES:kernel-image-' + typelower, ' /boot/' + type + d.expand('-${KERNEL_VERSION_NAME}${SB_FILE_EXT}')) |
109 | d.appendVar('FILES_kernel-image-' + typelower, ' /boot/' + type + d.expand('${SB_FILE_EXT}')) | 109 | d.appendVar('FILES:kernel-image-' + typelower, ' /boot/' + type + d.expand('${SB_FILE_EXT}')) |
110 | } | 110 | } |
diff --git a/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-luks-initramfs.bb b/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-luks-initramfs.bb index 5a31477..bc6c90b 100644 --- a/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-luks-initramfs.bb +++ b/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-luks-initramfs.bb | |||
@@ -2,7 +2,7 @@ DESCRIPTION = "The packages used for luks in initramfs." | |||
2 | 2 | ||
3 | require packagegroup-luks.inc | 3 | require packagegroup-luks.inc |
4 | 4 | ||
5 | RDEPENDS_${PN} += "\ | 5 | RDEPENDS:${PN} += "\ |
6 | cryptfs-tpm2-initramfs \ | 6 | cryptfs-tpm2-initramfs \ |
7 | ${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', 'packagegroup-tpm2-initramfs', '', d)} \ | 7 | ${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', 'packagegroup-tpm2-initramfs', '', d)} \ |
8 | " | 8 | " |
diff --git a/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-luks.bb b/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-luks.bb index fd0c162..4297b54 100644 --- a/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-luks.bb +++ b/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-luks.bb | |||
@@ -6,7 +6,7 @@ require packagegroup-luks.inc | |||
6 | # The common packages shared between initramfs and rootfs | 6 | # The common packages shared between initramfs and rootfs |
7 | # are listed in the .inc. | 7 | # are listed in the .inc. |
8 | 8 | ||
9 | RDEPENDS_${PN} += "\ | 9 | RDEPENDS:${PN} += "\ |
10 | util-linux-fdisk \ | 10 | util-linux-fdisk \ |
11 | parted \ | 11 | parted \ |
12 | packagegroup-tpm2 \ | 12 | packagegroup-tpm2 \ |
diff --git a/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-luks.inc b/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-luks.inc index b6a520d..7d8a5eb 100644 --- a/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-luks.inc +++ b/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-luks.inc | |||
@@ -3,11 +3,11 @@ LIC_FILES_CHKSUM = "\ | |||
3 | file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302 \ | 3 | file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302 \ |
4 | " | 4 | " |
5 | 5 | ||
6 | ALLOW_EMPTY_${PN} = "1" | 6 | ALLOW_EMPTY:${PN} = "1" |
7 | 7 | ||
8 | S = "${WORKDIR}" | 8 | S = "${WORKDIR}" |
9 | 9 | ||
10 | RDEPENDS_${PN} += "\ | 10 | RDEPENDS:${PN} += "\ |
11 | cryptfs-tpm2 \ | 11 | cryptfs-tpm2 \ |
12 | lvm2-udevrules \ | 12 | lvm2-udevrules \ |
13 | " | 13 | " |
diff --git a/meta-encrypted-storage/recipes-core/systemd/systemd_%.bbappend b/meta-encrypted-storage/recipes-core/systemd/systemd_%.bbappend index 9bd4ee1..63b5076 100644 --- a/meta-encrypted-storage/recipes-core/systemd/systemd_%.bbappend +++ b/meta-encrypted-storage/recipes-core/systemd/systemd_%.bbappend | |||
@@ -1,4 +1,4 @@ | |||
1 | #PACKAGECONFIG_append += "\ | 1 | #PACKAGECONFIG:append = " \ |
2 | # ${@bb.utils.contains('DISTRO_FEATURES', 'luks', \ | 2 | # ${@bb.utils.contains('DISTRO_FEATURES', 'luks', \ |
3 | # 'cryptsetup', '', d)} \ | 3 | # 'cryptsetup', '', d)} \ |
4 | #" | 4 | #" |
diff --git a/meta-encrypted-storage/recipes-kernel/linux/linux-yocto-luks.inc b/meta-encrypted-storage/recipes-kernel/linux/linux-yocto-luks.inc index 91dceb6..795ba48 100644 --- a/meta-encrypted-storage/recipes-kernel/linux/linux-yocto-luks.inc +++ b/meta-encrypted-storage/recipes-kernel/linux/linux-yocto-luks.inc | |||
@@ -1,4 +1,4 @@ | |||
1 | FILESEXTRAPATHS_prepend := "${THISDIR}/linux-yocto:" | 1 | FILESEXTRAPATHS:prepend := "${THISDIR}/linux-yocto:" |
2 | 2 | ||
3 | SRC_URI += "\ | 3 | SRC_URI += "\ |
4 | ${@bb.utils.contains('DISTRO_FEATURES', 'luks', \ | 4 | ${@bb.utils.contains('DISTRO_FEATURES', 'luks', \ |
diff --git a/meta-encrypted-storage/recipes-support/cryptsetup/cryptsetup_%.bbappend b/meta-encrypted-storage/recipes-support/cryptsetup/cryptsetup_%.bbappend index 1798720..693a68b 100644 --- a/meta-encrypted-storage/recipes-support/cryptsetup/cryptsetup_%.bbappend +++ b/meta-encrypted-storage/recipes-support/cryptsetup/cryptsetup_%.bbappend | |||
@@ -1,2 +1,2 @@ | |||
1 | RDEPENDS_${PN} += "lvm2" | 1 | RDEPENDS:${PN} += "lvm2" |
2 | RRECOMMENDS_${PN}_append_class-target = " lvm2-udevrules" | 2 | RRECOMMENDS:${PN}:append:class-target = " lvm2-udevrules" |
diff --git a/meta-encrypted-storage/recipes-support/lvm2/lvm2_%.bbappend b/meta-encrypted-storage/recipes-support/lvm2/lvm2_%.bbappend index e2dd834..b7db196 100644 --- a/meta-encrypted-storage/recipes-support/lvm2/lvm2_%.bbappend +++ b/meta-encrypted-storage/recipes-support/lvm2/lvm2_%.bbappend | |||
@@ -2,6 +2,6 @@ | |||
2 | # Copyright (C) 2019 Wind River Systems, Inc. | 2 | # Copyright (C) 2019 Wind River Systems, Inc. |
3 | # | 3 | # |
4 | 4 | ||
5 | FILESEXTRAPATHS_prepend := "${THISDIR}/lvm2:" | 5 | FILESEXTRAPATHS:prepend := "${THISDIR}/lvm2:" |
6 | 6 | ||
7 | SRC_URI += "file://0001-10-dm.rules.in-Fix-dmcrypt-hanging-on-hand-over-from.patch" | 7 | SRC_URI += "file://0001-10-dm.rules.in-Fix-dmcrypt-hanging-on-hand-over-from.patch" |
diff --git a/meta-encrypted-storage/recipes-tpm/cryptfs-tpm2/cryptfs-tpm2_git.bb b/meta-encrypted-storage/recipes-tpm/cryptfs-tpm2/cryptfs-tpm2_git.bb index 594e52f..d3b0869 100644 --- a/meta-encrypted-storage/recipes-tpm/cryptfs-tpm2/cryptfs-tpm2_git.bb +++ b/meta-encrypted-storage/recipes-tpm/cryptfs-tpm2/cryptfs-tpm2_git.bb | |||
@@ -44,7 +44,7 @@ EXTRA_OEMAKE = "\ | |||
44 | EXTRA_CFLAGS="${CFLAGS}" \ | 44 | EXTRA_CFLAGS="${CFLAGS}" \ |
45 | EXTRA_LDFLAGS="${LDFLAGS}" \ | 45 | EXTRA_LDFLAGS="${LDFLAGS}" \ |
46 | " | 46 | " |
47 | SECURITY_LDFLAGS_remove_pn-${BPN} = "-fstack-protector-strong" | 47 | SECURITY_LDFLAGS:remove:pn-${BPN} = "-fstack-protector-strong" |
48 | 48 | ||
49 | PARALLEL_MAKE = "" | 49 | PARALLEL_MAKE = "" |
50 | 50 | ||
@@ -60,7 +60,7 @@ PACKAGES =+ "\ | |||
60 | ${PN}-initramfs \ | 60 | ${PN}-initramfs \ |
61 | " | 61 | " |
62 | 62 | ||
63 | FILES_${PN}-initramfs = "\ | 63 | FILES:${PN}-initramfs = "\ |
64 | /init.cryptfs \ | 64 | /init.cryptfs \ |
65 | " | 65 | " |
66 | 66 | ||
@@ -75,7 +75,7 @@ FILES_${PN}-initramfs = "\ | |||
75 | # @cryptsetup: cryptsetup | 75 | # @cryptsetup: cryptsetup |
76 | # @tpm2-tools: tpm2_* | 76 | # @tpm2-tools: tpm2_* |
77 | # @tpm2-abrmd: optional | 77 | # @tpm2-abrmd: optional |
78 | RDEPENDS_${PN} += "\ | 78 | RDEPENDS:${PN} += "\ |
79 | libtss2 \ | 79 | libtss2 \ |
80 | libtss2-tcti-device \ | 80 | libtss2-tcti-device \ |
81 | libtss2-tcti-mssim \ | 81 | libtss2-tcti-mssim \ |
@@ -98,7 +98,7 @@ RDEPENDS_${PN} += "\ | |||
98 | # @cryptfs-tpm2: cryptfs-tpm2 | 98 | # @cryptfs-tpm2: cryptfs-tpm2 |
99 | # @net-tools: ifconfig | 99 | # @net-tools: ifconfig |
100 | # @util-linux: mount, umount, blkid | 100 | # @util-linux: mount, umount, blkid |
101 | RDEPENDS_${PN}-initramfs += "\ | 101 | RDEPENDS:${PN}-initramfs += "\ |
102 | bash \ | 102 | bash \ |
103 | coreutils \ | 103 | coreutils \ |
104 | grep \ | 104 | grep \ |
@@ -113,7 +113,7 @@ RDEPENDS_${PN}-initramfs += "\ | |||
113 | util-linux-blkid \ | 113 | util-linux-blkid \ |
114 | " | 114 | " |
115 | 115 | ||
116 | RRECOMMENDS_${PN}-initramfs += "\ | 116 | RRECOMMENDS:${PN}-initramfs += "\ |
117 | kernel-module-tpm-crb \ | 117 | kernel-module-tpm-crb \ |
118 | kernel-module-tpm-tis \ | 118 | kernel-module-tpm-tis \ |
119 | " | 119 | " |
diff --git a/meta-ids/recipes-base/packagegroups/packagegroup-ids.bb b/meta-ids/recipes-base/packagegroups/packagegroup-ids.bb index 89623c3..04771a3 100644 --- a/meta-ids/recipes-base/packagegroups/packagegroup-ids.bb +++ b/meta-ids/recipes-base/packagegroups/packagegroup-ids.bb | |||
@@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "\ | |||
6 | 6 | ||
7 | inherit packagegroup | 7 | inherit packagegroup |
8 | 8 | ||
9 | RDEPENDS_${PN} += "\ | 9 | RDEPENDS:${PN} += "\ |
10 | snort \ | 10 | snort \ |
11 | mtree \ | 11 | mtree \ |
12 | " | 12 | " |
diff --git a/meta-integrity/classes/sign_rpm_ext.bbclass b/meta-integrity/classes/sign_rpm_ext.bbclass index 4da64bd..0adf172 100644 --- a/meta-integrity/classes/sign_rpm_ext.bbclass +++ b/meta-integrity/classes/sign_rpm_ext.bbclass | |||
@@ -21,11 +21,11 @@ check_rpm_public_key[prefuncs] += "check_deploy_keys" | |||
21 | do_package_write_rpm[depends] += "${GPG_DEP}" | 21 | do_package_write_rpm[depends] += "${GPG_DEP}" |
22 | do_rootfs[depends] += "${GPG_DEP}" | 22 | do_rootfs[depends] += "${GPG_DEP}" |
23 | 23 | ||
24 | python do_package_write_rpm_prepend() { | 24 | python do_package_write_rpm:prepend() { |
25 | bb.build.exec_func("check_rpm_public_key", d) | 25 | bb.build.exec_func("check_rpm_public_key", d) |
26 | } | 26 | } |
27 | 27 | ||
28 | python do_rootfs_prepend() { | 28 | python do_rootfs:prepend() { |
29 | bb.build.exec_func("check_rpm_public_key", d) | 29 | bb.build.exec_func("check_rpm_public_key", d) |
30 | } | 30 | } |
31 | 31 | ||
diff --git a/meta-integrity/conf/layer.conf b/meta-integrity/conf/layer.conf index 9f68ce5..0b3c057 100644 --- a/meta-integrity/conf/layer.conf +++ b/meta-integrity/conf/layer.conf | |||
@@ -24,7 +24,7 @@ LAYERRECOMMENDS_integrity = "\ | |||
24 | tpm \ | 24 | tpm \ |
25 | " | 25 | " |
26 | 26 | ||
27 | BB_HASHBASE_WHITELIST_append += "\ | 27 | BB_HASHBASE_WHITELIST += "\ |
28 | RPM_FSK_PATH \ | 28 | RPM_FSK_PATH \ |
29 | " | 29 | " |
30 | 30 | ||
diff --git a/meta-integrity/recipes-base/packagegroups/packagegroup-ima-initramfs.bb b/meta-integrity/recipes-base/packagegroups/packagegroup-ima-initramfs.bb index ee80f3f..1c6a783 100644 --- a/meta-integrity/recipes-base/packagegroups/packagegroup-ima-initramfs.bb +++ b/meta-integrity/recipes-base/packagegroups/packagegroup-ima-initramfs.bb | |||
@@ -2,6 +2,6 @@ DESCRIPTION = "Linux Integrity Measurement Architecture (IMA) subsystem for init | |||
2 | 2 | ||
3 | include packagegroup-ima.inc | 3 | include packagegroup-ima.inc |
4 | 4 | ||
5 | RDEPENDS_${PN} += "\ | 5 | RDEPENDS:${PN} += "\ |
6 | initrdscripts-ima \ | 6 | initrdscripts-ima \ |
7 | " | 7 | " |
diff --git a/meta-integrity/recipes-base/packagegroups/packagegroup-ima.bb b/meta-integrity/recipes-base/packagegroups/packagegroup-ima.bb index 7755a87..8dcaaa8 100644 --- a/meta-integrity/recipes-base/packagegroups/packagegroup-ima.bb +++ b/meta-integrity/recipes-base/packagegroups/packagegroup-ima.bb | |||
@@ -7,14 +7,14 @@ DEPENDS += "\ | |||
7 | attr-native \ | 7 | attr-native \ |
8 | " | 8 | " |
9 | 9 | ||
10 | RDEPENDS_${PN} += "\ | 10 | RDEPENDS:${PN} += "\ |
11 | attr \ | 11 | attr \ |
12 | ima-inspect \ | 12 | ima-inspect \ |
13 | util-linux-switch-root.static \ | 13 | util-linux-switch-root.static \ |
14 | " | 14 | " |
15 | 15 | ||
16 | # Note any private key is not available if user key signing model used. | 16 | # Note any private key is not available if user key signing model used. |
17 | RRECOMMENDS_${PN} += "\ | 17 | RRECOMMENDS:${PN} += "\ |
18 | key-store-ima-cert \ | 18 | key-store-ima-cert \ |
19 | key-store-system-trusted-cert \ | 19 | key-store-system-trusted-cert \ |
20 | " | 20 | " |
diff --git a/meta-integrity/recipes-base/packagegroups/packagegroup-ima.inc b/meta-integrity/recipes-base/packagegroups/packagegroup-ima.inc index b84cf68..518419b 100644 --- a/meta-integrity/recipes-base/packagegroups/packagegroup-ima.inc +++ b/meta-integrity/recipes-base/packagegroups/packagegroup-ima.inc | |||
@@ -5,8 +5,8 @@ LIC_FILES_CHKSUM = "\ | |||
5 | 5 | ||
6 | S = "${WORKDIR}" | 6 | S = "${WORKDIR}" |
7 | 7 | ||
8 | ALLOW_EMPTY_${PN} = "1" | 8 | ALLOW_EMPTY:${PN} = "1" |
9 | 9 | ||
10 | RDEPENDS_${PN} = "\ | 10 | RDEPENDS:${PN} = "\ |
11 | ima-evm-utils \ | 11 | ima-evm-utils \ |
12 | " | 12 | " |
diff --git a/meta-integrity/recipes-core/base-files/base-files-integrity.inc b/meta-integrity/recipes-core/base-files/base-files-integrity.inc index 7e9e210..cfa65a2 100644 --- a/meta-integrity/recipes-core/base-files/base-files-integrity.inc +++ b/meta-integrity/recipes-core/base-files/base-files-integrity.inc | |||
@@ -1,5 +1,5 @@ | |||
1 | # Append iversion option for auto types | 1 | # Append iversion option for auto types |
2 | do_install_append() { | 2 | do_install:append() { |
3 | sed -i 's/\s*auto\s*defaults/&,iversion/' "${D}${sysconfdir}/fstab" | 3 | sed -i 's/\s*auto\s*defaults/&,iversion/' "${D}${sysconfdir}/fstab" |
4 | echo 'securityfs /sys/kernel/security securityfs defaults 0 0' >> "${D}${sysconfdir}/fstab" | 4 | echo 'securityfs /sys/kernel/security securityfs defaults 0 0' >> "${D}${sysconfdir}/fstab" |
5 | } | 5 | } |
diff --git a/meta-integrity/recipes-core/initrdscripts/initrdscripts-ima.bb b/meta-integrity/recipes-core/initrdscripts/initrdscripts-ima.bb index b261e9e..36d2770 100644 --- a/meta-integrity/recipes-core/initrdscripts/initrdscripts-ima.bb +++ b/meta-integrity/recipes-core/initrdscripts/initrdscripts-ima.bb | |||
@@ -10,13 +10,13 @@ SRC_URI = "\ | |||
10 | 10 | ||
11 | S = "${WORKDIR}" | 11 | S = "${WORKDIR}" |
12 | 12 | ||
13 | ALLOW_EMPTY_${PN} = "1" | 13 | ALLOW_EMPTY:${PN} = "1" |
14 | 14 | ||
15 | do_install() { | 15 | do_install() { |
16 | install -m 0500 "${WORKDIR}/init.ima" "${D}" | 16 | install -m 0500 "${WORKDIR}/init.ima" "${D}" |
17 | } | 17 | } |
18 | 18 | ||
19 | FILES_${PN} += "\ | 19 | FILES:${PN} += "\ |
20 | /init.ima \ | 20 | /init.ima \ |
21 | " | 21 | " |
22 | 22 | ||
@@ -28,7 +28,7 @@ FILES_${PN} += "\ | |||
28 | # @gawk: awk | 28 | # @gawk: awk |
29 | # @util-linux: mount, umount | 29 | # @util-linux: mount, umount |
30 | # @ima-evm-utils: evmctl | 30 | # @ima-evm-utils: evmctl |
31 | RDEPENDS_${PN} += "\ | 31 | RDEPENDS:${PN} += "\ |
32 | coreutils \ | 32 | coreutils \ |
33 | grep \ | 33 | grep \ |
34 | gawk \ | 34 | gawk \ |
@@ -38,6 +38,6 @@ RDEPENDS_${PN} += "\ | |||
38 | ima-policy \ | 38 | ima-policy \ |
39 | " | 39 | " |
40 | 40 | ||
41 | RRECOMMENDS_${PN} += "\ | 41 | RRECOMMENDS:${PN} += "\ |
42 | key-store-ima-cert \ | 42 | key-store-ima-cert \ |
43 | " | 43 | " |
diff --git a/meta-integrity/recipes-core/systemd/systemd_%.bbappend b/meta-integrity/recipes-core/systemd/systemd_%.bbappend index ff3464a..259ac07 100644 --- a/meta-integrity/recipes-core/systemd/systemd_%.bbappend +++ b/meta-integrity/recipes-core/systemd/systemd_%.bbappend | |||
@@ -1,4 +1,4 @@ | |||
1 | PACKAGECONFIG_append += "\ | 1 | PACKAGECONFIG:append = " \ |
2 | ${@bb.utils.contains('DISTRO_FEATURES', 'ima', \ | 2 | ${@bb.utils.contains('DISTRO_FEATURES', 'ima', \ |
3 | 'ima', '', d)} \ | 3 | 'ima', '', d)} \ |
4 | " | 4 | " |
diff --git a/meta-integrity/recipes-core/util-linux/util-linux-integrity.inc b/meta-integrity/recipes-core/util-linux/util-linux-integrity.inc index d3d498e..59cca65 100644 --- a/meta-integrity/recipes-core/util-linux/util-linux-integrity.inc +++ b/meta-integrity/recipes-core/util-linux/util-linux-integrity.inc | |||
@@ -1,14 +1,14 @@ | |||
1 | CFLAGS_remove += "-pie -fpie" | 1 | CFLAGS:remove += "-pie -fpie" |
2 | 2 | ||
3 | # We need -no-pie in case the default is to generate pie code. | 3 | # We need -no-pie in case the default is to generate pie code. |
4 | # | 4 | # |
5 | do_compile_append_class-target() { | 5 | do_compile:append:class-target() { |
6 | ${CC} ${CFLAGS} ${LDFLAGS} -no-pie -static \ | 6 | ${CC} ${CFLAGS} ${LDFLAGS} -no-pie -static \ |
7 | sys-utils/switch_root.o \ | 7 | sys-utils/switch_root.o \ |
8 | -o switch_root.static | 8 | -o switch_root.static |
9 | } | 9 | } |
10 | 10 | ||
11 | do_install_append_class-target() { | 11 | do_install:append:class-target() { |
12 | install -d "${D}${sbindir}" | 12 | install -d "${D}${sbindir}" |
13 | install -m 0700 "${B}/switch_root.static" \ | 13 | install -m 0700 "${B}/switch_root.static" \ |
14 | "${D}${sbindir}/switch_root.static" | 14 | "${D}${sbindir}/switch_root.static" |
@@ -16,4 +16,4 @@ do_install_append_class-target() { | |||
16 | 16 | ||
17 | PACKAGES =+ "${PN}-switch-root.static" | 17 | PACKAGES =+ "${PN}-switch-root.static" |
18 | 18 | ||
19 | FILES_${PN}-switch-root.static = "${sbindir}/switch_root.static" | 19 | FILES:${PN}-switch-root.static = "${sbindir}/switch_root.static" |
diff --git a/meta-integrity/recipes-devtools/rpm/rpm-integrity.inc b/meta-integrity/recipes-devtools/rpm/rpm-integrity.inc index 8b9c378..b957bc6 100644 --- a/meta-integrity/recipes-devtools/rpm/rpm-integrity.inc +++ b/meta-integrity/recipes-devtools/rpm/rpm-integrity.inc | |||
@@ -1,20 +1,20 @@ | |||
1 | FILESEXTRAPATHS_prepend := "${THISDIR}/rpm:" | 1 | FILESEXTRAPATHS:prepend := "${THISDIR}/rpm:" |
2 | 2 | ||
3 | PACKAGECONFIG_append = " \ | 3 | PACKAGECONFIG:append = " \ |
4 | ${@bb.utils.contains('DISTRO_FEATURES', 'ima', 'imaevm', '', d)} \ | 4 | ${@bb.utils.contains('DISTRO_FEATURES', 'ima', 'imaevm', '', d)} \ |
5 | " | 5 | " |
6 | 6 | ||
7 | # IMA signing support is provided by RPM plugin. | 7 | # IMA signing support is provided by RPM plugin. |
8 | EXTRA_OECONF_remove += "\ | 8 | EXTRA_OECONF:remove += "\ |
9 | --disable-plugins \ | 9 | --disable-plugins \ |
10 | " | 10 | " |
11 | EXTRA_OECONF_append_class-native = " --disable-inhibit-plugin" | 11 | EXTRA_OECONF:append:class-native = " --disable-inhibit-plugin" |
12 | 12 | ||
13 | SRC_URI_append = " \ | 13 | SRC_URI:append = " \ |
14 | file://macros.ima \ | 14 | file://macros.ima \ |
15 | " | 15 | " |
16 | 16 | ||
17 | do_install_append () { | 17 | do_install:append () { |
18 | install -d ${D}${sysconfdir}/rpm | 18 | install -d ${D}${sysconfdir}/rpm |
19 | install -m 0644 ${WORKDIR}/macros.ima ${D}${sysconfdir}/rpm/ | 19 | install -m 0644 ${WORKDIR}/macros.ima ${D}${sysconfdir}/rpm/ |
20 | } | 20 | } |
diff --git a/meta-integrity/recipes-kernel/linux/linux-yocto-integrity.inc b/meta-integrity/recipes-kernel/linux/linux-yocto-integrity.inc index 295b97d..83a2b8b 100644 --- a/meta-integrity/recipes-kernel/linux/linux-yocto-integrity.inc +++ b/meta-integrity/recipes-kernel/linux/linux-yocto-integrity.inc | |||
@@ -1,4 +1,4 @@ | |||
1 | FILESEXTRAPATHS_prepend := "${THISDIR}/linux-yocto:" | 1 | FILESEXTRAPATHS:prepend := "${THISDIR}/linux-yocto:" |
2 | 2 | ||
3 | IMA_ENABLED = "${@bb.utils.contains('DISTRO_FEATURES', 'ima', '1', '0', d)}" | 3 | IMA_ENABLED = "${@bb.utils.contains('DISTRO_FEATURES', 'ima', '1', '0', d)}" |
4 | MODSIGN_ENABLED = "${@bb.utils.contains('DISTRO_FEATURES', 'modsign', '1', '0', d)}" | 4 | MODSIGN_ENABLED = "${@bb.utils.contains('DISTRO_FEATURES', 'modsign', '1', '0', d)}" |
@@ -19,7 +19,7 @@ INHIBIT_PACKAGE_STRIP = "${@'1' if d.getVar('MODSIGN_ENABLED', True) == '1' else | |||
19 | 19 | ||
20 | inherit user-key-store | 20 | inherit user-key-store |
21 | 21 | ||
22 | do_configure_prepend() { | 22 | do_configure:prepend() { |
23 | sys_cert="${STAGING_DIR_TARGET}${sysconfdir}/keys/system_trusted_key.crt" | 23 | sys_cert="${STAGING_DIR_TARGET}${sysconfdir}/keys/system_trusted_key.crt" |
24 | if [ ${MODSIGN_ENABLED} = "1" ]; then | 24 | if [ ${MODSIGN_ENABLED} = "1" ]; then |
25 | modsign_key="${@uks_modsign_keys_dir(d)}/modsign_key.key" | 25 | modsign_key="${@uks_modsign_keys_dir(d)}/modsign_key.key" |
diff --git a/meta-integrity/recipes-support/ima-evm-utils/ima-evm-utils_git.bb b/meta-integrity/recipes-support/ima-evm-utils/ima-evm-utils_git.bb index 46722b8..852632f 100644 --- a/meta-integrity/recipes-support/ima-evm-utils/ima-evm-utils_git.bb +++ b/meta-integrity/recipes-support/ima-evm-utils/ima-evm-utils_git.bb | |||
@@ -21,8 +21,8 @@ inherit pkgconfig autotools | |||
21 | # Specify any options you want to pass to the configure script using EXTRA_OECONF: | 21 | # Specify any options you want to pass to the configure script using EXTRA_OECONF: |
22 | EXTRA_OECONF = "" | 22 | EXTRA_OECONF = "" |
23 | 23 | ||
24 | FILES_${PN}-dev += "${includedir}" | 24 | FILES:${PN}-dev += "${includedir}" |
25 | 25 | ||
26 | RDEPENDS_${PN}_class-target += "libcrypto libattr keyutils" | 26 | RDEPENDS:${PN}:class-target += "libcrypto libattr keyutils" |
27 | 27 | ||
28 | BBCLASSEXTEND = "native nativesdk" | 28 | BBCLASSEXTEND = "native nativesdk" |
diff --git a/meta-integrity/recipes-support/ima-policy/ima-policy_0.1.bb b/meta-integrity/recipes-support/ima-policy/ima-policy_0.1.bb index cfab5be..2254ead 100644 --- a/meta-integrity/recipes-support/ima-policy/ima-policy_0.1.bb +++ b/meta-integrity/recipes-support/ima-policy/ima-policy_0.1.bb | |||
@@ -16,4 +16,4 @@ do_install() { | |||
16 | "${D}${sysconfdir}/ima" | 16 | "${D}${sysconfdir}/ima" |
17 | } | 17 | } |
18 | 18 | ||
19 | FILES_${PN} = "${sysconfdir}" | 19 | FILES:${PN} = "${sysconfdir}" |
diff --git a/meta-intel-sgx/recipes-kernel/intel-sgx-driver/intel-sgx-driver_2.1.bb b/meta-intel-sgx/recipes-kernel/intel-sgx-driver/intel-sgx-driver_2.1.bb index b1abcd5..a95ba8e 100644 --- a/meta-intel-sgx/recipes-kernel/intel-sgx-driver/intel-sgx-driver_2.1.bb +++ b/meta-intel-sgx/recipes-kernel/intel-sgx-driver/intel-sgx-driver_2.1.bb | |||
@@ -31,4 +31,4 @@ do_install () { | |||
31 | install -m 0644 "${MODULE_NAME}.ko" "$dir" | 31 | install -m 0644 "${MODULE_NAME}.ko" "$dir" |
32 | } | 32 | } |
33 | 33 | ||
34 | RPROVIDES_${PN} += "kernel-module-${MODULE_NAME}" | 34 | RPROVIDES:${PN} += "kernel-module-${MODULE_NAME}" |
diff --git a/meta-signing-key/classes/user-key-store.bbclass b/meta-signing-key/classes/user-key-store.bbclass index f89a810..5180427 100644 --- a/meta-signing-key/classes/user-key-store.bbclass +++ b/meta-signing-key/classes/user-key-store.bbclass | |||
@@ -1,4 +1,4 @@ | |||
1 | DEPENDS_append_class-target += "\ | 1 | DEPENDS:append:class-target = " \ |
2 | ${@bb.utils.contains("DISTRO_FEATURES", "efi-secure-boot", "sbsigntool-native", "", d)} \ | 2 | ${@bb.utils.contains("DISTRO_FEATURES", "efi-secure-boot", "sbsigntool-native", "", d)} \ |
3 | ${@bb.utils.contains("DISTRO_FEATURES", "efi-secure-boot", "libsign-native", "", d)} \ | 3 | ${@bb.utils.contains("DISTRO_FEATURES", "efi-secure-boot", "libsign-native", "", d)} \ |
4 | openssl-native \ | 4 | openssl-native \ |
diff --git a/meta-signing-key/conf/layer.conf b/meta-signing-key/conf/layer.conf index 9176709..89e8b58 100644 --- a/meta-signing-key/conf/layer.conf +++ b/meta-signing-key/conf/layer.conf | |||
@@ -64,7 +64,7 @@ RPM_GPG_PASSPHRASE ??= "SecureCore" | |||
64 | BOOT_GPG_NAME ??= "SecureBootCore" | 64 | BOOT_GPG_NAME ??= "SecureBootCore" |
65 | BOOT_GPG_PASSPHRASE ??= "SecureCore" | 65 | BOOT_GPG_PASSPHRASE ??= "SecureCore" |
66 | 66 | ||
67 | BB_HASHBASE_WHITELIST_append += "\ | 67 | BB_HASHBASE_WHITELIST += "\ |
68 | SYSTEM_TRUSTED_KEYS_DIR \ | 68 | SYSTEM_TRUSTED_KEYS_DIR \ |
69 | SECONDARY_TRUSTED_KEYS_DIR \ | 69 | SECONDARY_TRUSTED_KEYS_DIR \ |
70 | MODSIGN_KEYS_DIR \ | 70 | MODSIGN_KEYS_DIR \ |
diff --git a/meta-signing-key/recipes-devtools/libsign/libsign_git.bb b/meta-signing-key/recipes-devtools/libsign/libsign_git.bb index 7964e03..79eb347 100644 --- a/meta-signing-key/recipes-devtools/libsign/libsign_git.bb +++ b/meta-signing-key/recipes-devtools/libsign/libsign_git.bb | |||
@@ -39,17 +39,17 @@ EXTRA_OEMAKE = "\ | |||
39 | BINDIR="${bindir}" \ | 39 | BINDIR="${bindir}" \ |
40 | LIBDIR="${libdir}" \ | 40 | LIBDIR="${libdir}" \ |
41 | " | 41 | " |
42 | SECURITY_LDFLAGS_remove_pn-${BPN} = "-fstack-protector-strong" | 42 | SECURITY_LDFLAGS:remove:pn-${BPN} = "-fstack-protector-strong" |
43 | 43 | ||
44 | do_install() { | 44 | do_install() { |
45 | oe_runmake install DESTDIR="${D}" | 45 | oe_runmake install DESTDIR="${D}" |
46 | } | 46 | } |
47 | 47 | ||
48 | FILES_${PN} += "\ | 48 | FILES:${PN} += "\ |
49 | ${libdir}/signaturelet \ | 49 | ${libdir}/signaturelet \ |
50 | " | 50 | " |
51 | 51 | ||
52 | RDEPENDS_${PN}_class-target += "libcrypto" | 52 | RDEPENDS:${PN}:class-target += "libcrypto" |
53 | RDEPENDS_${PN}_class-native += "openssl-native" | 53 | RDEPENDS:${PN}:class-native += "openssl-native" |
54 | 54 | ||
55 | BBCLASSEXTEND = "native nativesdk" | 55 | BBCLASSEXTEND = "native nativesdk" |
diff --git a/meta-signing-key/recipes-devtools/sbsigntool/sbsigntool_git.bb b/meta-signing-key/recipes-devtools/sbsigntool/sbsigntool_git.bb index 408eb8a..f84108e 100644 --- a/meta-signing-key/recipes-devtools/sbsigntool/sbsigntool_git.bb +++ b/meta-signing-key/recipes-devtools/sbsigntool/sbsigntool_git.bb | |||
@@ -55,7 +55,7 @@ EXTRA_OEMAKE += "\ | |||
55 | -I${STAGING_INCDIR}/efi/${@efi_arch(d)}' \ | 55 | -I${STAGING_INCDIR}/efi/${@efi_arch(d)}' \ |
56 | " | 56 | " |
57 | 57 | ||
58 | do_configure_prepend() { | 58 | do_configure:prepend() { |
59 | cd ${S} | 59 | cd ${S} |
60 | 60 | ||
61 | if [ ! -e lib/ccan ]; then | 61 | if [ ! -e lib/ccan ]; then |
diff --git a/meta-signing-key/recipes-support/key-store/key-store_0.1.bb b/meta-signing-key/recipes-support/key-store/key-store_0.1.bb index 4f117d4..2ecd415 100644 --- a/meta-signing-key/recipes-support/key-store/key-store_0.1.bb +++ b/meta-signing-key/recipes-support/key-store/key-store_0.1.bb | |||
@@ -8,7 +8,7 @@ S = "${WORKDIR}" | |||
8 | 8 | ||
9 | inherit user-key-store | 9 | inherit user-key-store |
10 | 10 | ||
11 | ALLOW_EMPTY_${PN} = "1" | 11 | ALLOW_EMPTY:${PN} = "1" |
12 | 12 | ||
13 | KEY_DIR = "${sysconfdir}/keys" | 13 | KEY_DIR = "${sysconfdir}/keys" |
14 | # For RPM verification | 14 | # For RPM verification |
@@ -32,11 +32,11 @@ python () { | |||
32 | return | 32 | return |
33 | 33 | ||
34 | pn = d.getVar('PN', True) + '-rpm-pubkey' | 34 | pn = d.getVar('PN', True) + '-rpm-pubkey' |
35 | d.setVar('PACKAGES_prepend', pn + ' ') | 35 | d.setVar('PACKAGES:prepend', pn + ' ') |
36 | d.setVar('FILES_' + pn, d.getVar('RPM_KEY_DIR', True) + '/RPM-GPG-KEY-' + d.getVar('RPM_GPG_NAME', True)) | 36 | d.setVar('FILES:' + pn, d.getVar('RPM_KEY_DIR', True) + '/RPM-GPG-KEY-' + d.getVar('RPM_GPG_NAME', True)) |
37 | d.setVar('CONFFILES_' + pn, d.getVar('RPM_KEY_DIR', True) + '/RPM-GPG-KEY-' + d.getVar('RPM_GPG_NAME', True)) | 37 | d.setVar('CONFFILES:' + pn, d.getVar('RPM_KEY_DIR', True) + '/RPM-GPG-KEY-' + d.getVar('RPM_GPG_NAME', True)) |
38 | mlprefix = d.getVar('MLPREFIX') | 38 | mlprefix = d.getVar('MLPREFIX') |
39 | d.appendVar('RDEPENDS_' + pn, ' %srpm' % mlprefix) | 39 | d.appendVar('RDEPENDS:' + pn, ' %srpm' % mlprefix) |
40 | } | 40 | } |
41 | 41 | ||
42 | do_install() { | 42 | do_install() { |
@@ -84,7 +84,7 @@ key_store_sysroot_preprocess() { | |||
84 | sysroot_stage_dir "${D}${sysconfdir}" "${SYSROOT_DESTDIR}${sysconfdir}" | 84 | sysroot_stage_dir "${D}${sysconfdir}" "${SYSROOT_DESTDIR}${sysconfdir}" |
85 | } | 85 | } |
86 | 86 | ||
87 | pkg_postinst_ontarget_${PN}-rpm-pubkey() { | 87 | pkg_postinst_ontarget:${PN}-rpm-pubkey() { |
88 | keydir="${RPM_KEY_DIR}" | 88 | keydir="${RPM_KEY_DIR}" |
89 | 89 | ||
90 | [ ! -d "$keydir" ] && mkdir -p "$keydir" | 90 | [ ! -d "$keydir" ] && mkdir -p "$keydir" |
@@ -112,20 +112,20 @@ PACKAGES_DYNAMIC = "\ | |||
112 | ${PN}-rpm-pubkey \ | 112 | ${PN}-rpm-pubkey \ |
113 | " | 113 | " |
114 | 114 | ||
115 | FILES_${PN}-system-trusted-cert = "${SYSTEM_CERT}" | 115 | FILES:${PN}-system-trusted-cert = "${SYSTEM_CERT}" |
116 | CONFFILES_${PN}-system-trusted-cert = "${SYSTEM_CERT}" | 116 | CONFFILES:${PN}-system-trusted-cert = "${SYSTEM_CERT}" |
117 | 117 | ||
118 | FILES_${PN}-secondary-trusted-cert = "\ | 118 | FILES:${PN}-secondary-trusted-cert = "\ |
119 | ${SECONDARY_TRUSTED_CERT} \ | 119 | ${SECONDARY_TRUSTED_CERT} \ |
120 | ${SECONDARY_TRUSTED_DER_ENC_CERT} \ | 120 | ${SECONDARY_TRUSTED_DER_ENC_CERT} \ |
121 | " | 121 | " |
122 | CONFFILES_${PN}-secondary-trusted-cert = "\ | 122 | CONFFILES:${PN}-secondary-trusted-cert = "\ |
123 | ${SECONDARY_TRUSTED_CERT} \ | 123 | ${SECONDARY_TRUSTED_CERT} \ |
124 | ${SECONDARY_TRUSTED_DER_ENC_CERT} \ | 124 | ${SECONDARY_TRUSTED_DER_ENC_CERT} \ |
125 | " | 125 | " |
126 | 126 | ||
127 | FILES_${PN}-modsign-cert = "${MODSIGN_CERT}" | 127 | FILES:${PN}-modsign-cert = "${MODSIGN_CERT}" |
128 | CONFFILES_${PN}-modsign-cert = "${MODSIGN_CERT}" | 128 | CONFFILES:${PN}-modsign-cert = "${MODSIGN_CERT}" |
129 | 129 | ||
130 | FILES_${PN}-ima-cert = "${IMA_CERT}" | 130 | FILES:${PN}-ima-cert = "${IMA_CERT}" |
131 | CONFFILES_${PN}-ima-cert = "${IMA_CERT}" | 131 | CONFFILES:${PN}-ima-cert = "${IMA_CERT}" |
diff --git a/meta-tpm/recipes-base/packagegroups/packagegroup-tpm.bb b/meta-tpm/recipes-base/packagegroups/packagegroup-tpm.bb index 8a501a5..ee70eaa 100644 --- a/meta-tpm/recipes-base/packagegroups/packagegroup-tpm.bb +++ b/meta-tpm/recipes-base/packagegroups/packagegroup-tpm.bb | |||
@@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "\ | |||
6 | 6 | ||
7 | inherit packagegroup | 7 | inherit packagegroup |
8 | 8 | ||
9 | RDEPENDS_${PN} = "\ | 9 | RDEPENDS:${PN} = "\ |
10 | trousers \ | 10 | trousers \ |
11 | tpm-tools \ | 11 | tpm-tools \ |
12 | tpm-quote-tools \ | 12 | tpm-quote-tools \ |
@@ -14,7 +14,7 @@ RDEPENDS_${PN} = "\ | |||
14 | rng-tools \ | 14 | rng-tools \ |
15 | " | 15 | " |
16 | 16 | ||
17 | RRECOMMENDS_${PN} = "\ | 17 | RRECOMMENDS:${PN} = "\ |
18 | kernel-module-tpm-rng \ | 18 | kernel-module-tpm-rng \ |
19 | kernel-module-tpm-tis \ | 19 | kernel-module-tpm-tis \ |
20 | kernel-module-tpm-atmel \ | 20 | kernel-module-tpm-atmel \ |
diff --git a/meta-tpm/recipes-kernel/linux/linux-yocto-tpm.inc b/meta-tpm/recipes-kernel/linux/linux-yocto-tpm.inc index 4285531..0fa0338 100644 --- a/meta-tpm/recipes-kernel/linux/linux-yocto-tpm.inc +++ b/meta-tpm/recipes-kernel/linux/linux-yocto-tpm.inc | |||
@@ -1,4 +1,4 @@ | |||
1 | FILESEXTRAPATHS_prepend := "${THISDIR}/linux-yocto:" | 1 | FILESEXTRAPATHS:prepend := "${THISDIR}/linux-yocto:" |
2 | 2 | ||
3 | SRC_URI += "\ | 3 | SRC_URI += "\ |
4 | ${@bb.utils.contains('DISTRO_FEATURES', 'tpm', \ | 4 | ${@bb.utils.contains('DISTRO_FEATURES', 'tpm', \ |
diff --git a/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb b/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb index 3d7bd05..b652b4c 100644 --- a/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb +++ b/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb | |||
@@ -32,7 +32,7 @@ inherit autotools-brokensep pkgconfig | |||
32 | # The definitions below are used to decrypt the passwords of both srk and loaded key. | 32 | # The definitions below are used to decrypt the passwords of both srk and loaded key. |
33 | dec_pw ?= "\\"\\\x1\\"\\"nc\\"\\"\\\x3\\"\\"nd\\"\\"\\\x1\\"\\"a\\"" | 33 | dec_pw ?= "\\"\\\x1\\"\\"nc\\"\\"\\\x3\\"\\"nd\\"\\"\\\x1\\"\\"a\\"" |
34 | dec_salt ?= "\\"r\\"\\"\\\x00\\\x00\\"\\"t\\"" | 34 | dec_salt ?= "\\"r\\"\\"\\\x00\\\x00\\"\\"t\\"" |
35 | CFLAGS_append += "-DDEC_PW=${dec_pw} -DDEC_SALT=${dec_salt}" | 35 | CFLAGS:append = " -DDEC_PW=${dec_pw} -DDEC_SALT=${dec_salt}" |
36 | 36 | ||
37 | # Due to the limit of escape character, the hybrid must be written in | 37 | # Due to the limit of escape character, the hybrid must be written in |
38 | # above style. The actual values defined below in C code style are: | 38 | # above style. The actual values defined below in C code style are: |
@@ -40,31 +40,31 @@ CFLAGS_append += "-DDEC_PW=${dec_pw} -DDEC_SALT=${dec_salt}" | |||
40 | # dec_salt[] = {'r', 0x00, 0x00, 't'}; | 40 | # dec_salt[] = {'r', 0x00, 0x00, 't'}; |
41 | 41 | ||
42 | # Uncomment below line if using the plain srk password for development | 42 | # Uncomment below line if using the plain srk password for development |
43 | #CFLAGS_append += "-DTPM_SRK_PLAIN_PW" | 43 | #CFLAGS:append = " -DTPM_SRK_PLAIN_PW" |
44 | 44 | ||
45 | # Uncomment below line if using the plain tpm key password for development | 45 | # Uncomment below line if using the plain tpm key password for development |
46 | #CFLAGS_append += "-DTPM_KEY_PLAIN_PW" | 46 | #CFLAGS:append = " -DTPM_KEY_PLAIN_PW" |
47 | 47 | ||
48 | do_configure_prepend() { | 48 | do_configure:prepend() { |
49 | cd ${B} | 49 | cd ${B} |
50 | cp LICENSE COPYING | 50 | cp LICENSE COPYING |
51 | touch NEWS AUTHORS ChangeLog README | 51 | touch NEWS AUTHORS ChangeLog README |
52 | } | 52 | } |
53 | 53 | ||
54 | FILES_${PN}-staticdev += "${libdir}/ssl/engines-1.1/tpm.la" | 54 | FILES:${PN}-staticdev += "${libdir}/ssl/engines-1.1/tpm.la" |
55 | FILES_${PN}-dbg += "\ | 55 | FILES:${PN}-dbg += "\ |
56 | ${libdir}/ssl/engines-1.1/.debug \ | 56 | ${libdir}/ssl/engines-1.1/.debug \ |
57 | ${libdir}/engines-1.1/.debug \ | 57 | ${libdir}/engines-1.1/.debug \ |
58 | ${prefix}/local/ssl/lib/engines-1.1/.debug \ | 58 | ${prefix}/local/ssl/lib/engines-1.1/.debug \ |
59 | " | 59 | " |
60 | FILES_${PN} += "\ | 60 | FILES:${PN} += "\ |
61 | ${libdir}/ssl/engines-1.1/tpm.so* \ | 61 | ${libdir}/ssl/engines-1.1/tpm.so* \ |
62 | ${libdir}/engines-1.1/tpm.so* \ | 62 | ${libdir}/engines-1.1/tpm.so* \ |
63 | ${libdir}/libtpm.so* \ | 63 | ${libdir}/libtpm.so* \ |
64 | ${prefix}/local/ssl/lib/engines-1.1/tpm.so* \ | 64 | ${prefix}/local/ssl/lib/engines-1.1/tpm.so* \ |
65 | " | 65 | " |
66 | 66 | ||
67 | RDEPENDS_${PN} += "libcrypto libtspi" | 67 | RDEPENDS:${PN} += "libcrypto libtspi" |
68 | 68 | ||
69 | INSANE_SKIP_${PN} = "libdir" | 69 | INSANE_SKIP:${PN} = "libdir" |
70 | INSANE_SKIP_${PN}-dbg = "libdir" | 70 | INSANE_SKIP:${PN}-dbg = "libdir" |
diff --git a/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_git.bb b/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_git.bb index 04e4880..40fc14a 100644 --- a/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_git.bb +++ b/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_git.bb | |||
@@ -11,7 +11,7 @@ LICENSE = "CPL-1.0" | |||
11 | LIC_FILES_CHKSUM = "file://LICENSE;md5=059e8cd6165cb4c31e351f2b69388fd9" | 11 | LIC_FILES_CHKSUM = "file://LICENSE;md5=059e8cd6165cb4c31e351f2b69388fd9" |
12 | 12 | ||
13 | DEPENDS = "libtspi openssl" | 13 | DEPENDS = "libtspi openssl" |
14 | DEPENDS_class-native = "trousers-native" | 14 | DEPENDS:class-native = "trousers-native" |
15 | 15 | ||
16 | PV = "1.3.9.1+git${SRCPV}" | 16 | PV = "1.3.9.1+git${SRCPV}" |
17 | 17 | ||
@@ -26,7 +26,7 @@ S = "${WORKDIR}/git" | |||
26 | 26 | ||
27 | inherit autotools-brokensep gettext perlnative | 27 | inherit autotools-brokensep gettext perlnative |
28 | 28 | ||
29 | do_configure_prepend() { | 29 | do_configure:prepend() { |
30 | mkdir -p po | 30 | mkdir -p po |
31 | mkdir -p m4 | 31 | mkdir -p m4 |
32 | cp -R po_/* po/ | 32 | cp -R po_/* po/ |
@@ -34,7 +34,7 @@ do_configure_prepend() { | |||
34 | touch m4/Makefile.am | 34 | touch m4/Makefile.am |
35 | } | 35 | } |
36 | 36 | ||
37 | do_install_append() { | 37 | do_install:append() { |
38 | #install -m 0755 "src/tpm_mgmt/tpm_startup" "${D}${sbindir}/tpm_startup" | 38 | #install -m 0755 "src/tpm_mgmt/tpm_startup" "${D}${sbindir}/tpm_startup" |
39 | #install -m 0744 "src/tpm_mgmt/tpm_reset" "${D}${sbindir}/tpm_reset" | 39 | #install -m 0744 "src/tpm_mgmt/tpm_reset" "${D}${sbindir}/tpm_reset" |
40 | #install -m 0744 "../tpm_integrationtest" "${D}${bindir}/tpm_integrationtest" | 40 | #install -m 0744 "../tpm_integrationtest" "${D}${bindir}/tpm_integrationtest" |
diff --git a/meta-tpm/recipes-tpm/trousers/trousers_git.bb b/meta-tpm/recipes-tpm/trousers/trousers_git.bb index 601d35d..545c2a7 100644 --- a/meta-tpm/recipes-tpm/trousers/trousers_git.bb +++ b/meta-tpm/recipes-tpm/trousers/trousers_git.bb | |||
@@ -39,7 +39,7 @@ inherit autotools pkgconfig useradd update-rc.d \ | |||
39 | EXTRA_OECONF="--with-gui=none" | 39 | EXTRA_OECONF="--with-gui=none" |
40 | 40 | ||
41 | # Fix build failure for gcc-10 | 41 | # Fix build failure for gcc-10 |
42 | CFLAGS_append = " -fcommon" | 42 | CFLAGS:append = " -fcommon" |
43 | 43 | ||
44 | PACKAGECONFIG ?= "gmp " | 44 | PACKAGECONFIG ?= "gmp " |
45 | PACKAGECONFIG[gmp] = "--with-gmp, --with-gmp=no, gmp" | 45 | PACKAGECONFIG[gmp] = "--with-gmp, --with-gmp=no, gmp" |
@@ -49,14 +49,14 @@ INITSCRIPT_NAME = "trousers" | |||
49 | INITSCRIPT_PARAMS = "start 99 2 3 4 5 . stop 19 0 1 6 ." | 49 | INITSCRIPT_PARAMS = "start 99 2 3 4 5 . stop 19 0 1 6 ." |
50 | 50 | ||
51 | USERADD_PACKAGES = "${PN}" | 51 | USERADD_PACKAGES = "${PN}" |
52 | GROUPADD_PARAM_${PN} = "--system tss" | 52 | GROUPADD_PARAM:${PN} = "--system tss" |
53 | USERADD_PARAM_${PN} = "--system -M -d /var/lib/tpm -s /bin/false -g tss tss" | 53 | USERADD_PARAM:${PN} = "--system -M -d /var/lib/tpm -s /bin/false -g tss tss" |
54 | 54 | ||
55 | SYSTEMD_PACKAGES = "${PN}" | 55 | SYSTEMD_PACKAGES = "${PN}" |
56 | SYSTEMD_SERVICE_${PN} = "tcsd.service" | 56 | SYSTEMD_SERVICE:${PN} = "tcsd.service" |
57 | SYSTEMD_AUTO_ENABLE = "enable" | 57 | SYSTEMD_AUTO_ENABLE = "enable" |
58 | 58 | ||
59 | do_install_append() { | 59 | do_install:append() { |
60 | install -d "${D}${sysconfdir}/init.d" | 60 | install -d "${D}${sysconfdir}/init.d" |
61 | install -m 0755 "${WORKDIR}/trousers.init.sh" "${D}${sysconfdir}/init.d/trousers" | 61 | install -m 0755 "${WORKDIR}/trousers.init.sh" "${D}${sysconfdir}/init.d/trousers" |
62 | 62 | ||
@@ -82,28 +82,28 @@ PACKAGES =+ "\ | |||
82 | libtspi-staticdev \ | 82 | libtspi-staticdev \ |
83 | " | 83 | " |
84 | 84 | ||
85 | FILES_libtspi = "\ | 85 | FILES:libtspi = "\ |
86 | ${libdir}/libtspi.so.* \ | 86 | ${libdir}/libtspi.so.* \ |
87 | " | 87 | " |
88 | FILES_libtspi-dbg = "\ | 88 | FILES:libtspi-dbg = "\ |
89 | ${libdir}/.debug \ | 89 | ${libdir}/.debug \ |
90 | ${prefix}/src/debug/${PN}/${PV}-${PR}/${PN}-${PV}/src/tspi \ | 90 | ${prefix}/src/debug/${PN}/${PV}-${PR}/${PN}-${PV}/src/tspi \ |
91 | ${prefix}/src/debug/${PN}/${PV}-${PR}/${PN}-${PV}/src/trspi \ | 91 | ${prefix}/src/debug/${PN}/${PV}-${PR}/${PN}-${PV}/src/trspi \ |
92 | ${prefix}/src/debug/${PN}/${PV}-${PR}/${PN}-${PV}/src/include/*.h \ | 92 | ${prefix}/src/debug/${PN}/${PV}-${PR}/${PN}-${PV}/src/include/*.h \ |
93 | ${prefix}/src/debug/${PN}/${PV}-${PR}/${PN}-${PV}/src/include/tss \ | 93 | ${prefix}/src/debug/${PN}/${PV}-${PR}/${PN}-${PV}/src/include/tss \ |
94 | " | 94 | " |
95 | FILES_libtspi-dev = "\ | 95 | FILES:libtspi-dev = "\ |
96 | ${includedir} \ | 96 | ${includedir} \ |
97 | ${libdir}/*.so \ | 97 | ${libdir}/*.so \ |
98 | " | 98 | " |
99 | FILES_libtspi-doc = "\ | 99 | FILES:libtspi-doc = "\ |
100 | ${mandir}/man3 \ | 100 | ${mandir}/man3 \ |
101 | " | 101 | " |
102 | FILES_libtspi-staticdev = "\ | 102 | FILES:libtspi-staticdev = "\ |
103 | ${libdir}/*.la \ | 103 | ${libdir}/*.la \ |
104 | ${libdir}/*.a \ | 104 | ${libdir}/*.a \ |
105 | " | 105 | " |
106 | FILES_${PN}-dbg += "\ | 106 | FILES:${PN}-dbg += "\ |
107 | ${sbindir}/.debug \ | 107 | ${sbindir}/.debug \ |
108 | ${prefix}/src/debug/${PN}/${PV}-${PR}/${PN}-${PV}/src/tcs \ | 108 | ${prefix}/src/debug/${PN}/${PV}-${PR}/${PN}-${PV}/src/tcs \ |
109 | ${prefix}/src/debug/${PN}/${PV}-${PR}/${PN}-${PV}/src/tcsd \ | 109 | ${prefix}/src/debug/${PN}/${PV}-${PR}/${PN}-${PV}/src/tcsd \ |
@@ -111,9 +111,9 @@ FILES_${PN}-dbg += "\ | |||
111 | ${prefix}/src/debug/${PN}/${PV}-${PR}/${PN}-${PV}/src/trousers \ | 111 | ${prefix}/src/debug/${PN}/${PV}-${PR}/${PN}-${PV}/src/trousers \ |
112 | ${prefix}/src/debug/${PN}/${PV}-${PR}/${PN}-${PV}/src/include/trousers \ | 112 | ${prefix}/src/debug/${PN}/${PV}-${PR}/${PN}-${PV}/src/include/trousers \ |
113 | " | 113 | " |
114 | FILES_${PN}-dev += "${libdir}/trousers" | 114 | FILES:${PN}-dev += "${libdir}/trousers" |
115 | FILES_${PN} += "${systemd_unitdir}/system/tcsd.service" | 115 | FILES:${PN} += "${systemd_unitdir}/system/tcsd.service" |
116 | 116 | ||
117 | CONFFILES_${PN} += "${sysconfig}/tcsd.conf" | 117 | CONFFILES:${PN} += "${sysconfig}/tcsd.conf" |
118 | 118 | ||
119 | BBCLASSEXTEND = "native" | 119 | BBCLASSEXTEND = "native" |
diff --git a/meta-tpm/recipes-tpm/tss-testsuite/tss-testsuite_git.bb b/meta-tpm/recipes-tpm/tss-testsuite/tss-testsuite_git.bb index 2034370..ae68f4f 100644 --- a/meta-tpm/recipes-tpm/tss-testsuite/tss-testsuite_git.bb +++ b/meta-tpm/recipes-tpm/tss-testsuite/tss-testsuite_git.bb | |||
@@ -41,7 +41,7 @@ testsuite_SUBDIRS = "\ | |||
41 | CFLAGS += "-DOPENSSL_NO_DES" | 41 | CFLAGS += "-DOPENSSL_NO_DES" |
42 | LDFLAGS += "-L${STAGING_LIBDIR} -lcrypto -lpthread" | 42 | LDFLAGS += "-L${STAGING_LIBDIR} -lcrypto -lpthread" |
43 | 43 | ||
44 | do_configure_prepend() { | 44 | do_configure:prepend() { |
45 | cp -f "${S}/tcg/Makefile" "${S}" | 45 | cp -f "${S}/tcg/Makefile" "${S}" |
46 | cp -f "${S}/tcg/init/makefile" "${S}/tcg/init/Makefile" | 46 | cp -f "${S}/tcg/init/makefile" "${S}/tcg/init/Makefile" |
47 | # remove test case about DES | 47 | # remove test case about DES |
@@ -57,10 +57,10 @@ do_install() { | |||
57 | install -m 0755 tsstests.sh "${D}/opt/tss-testsuite" | 57 | install -m 0755 tsstests.sh "${D}/opt/tss-testsuite" |
58 | } | 58 | } |
59 | 59 | ||
60 | FILES_${PN} += "/opt/*" | 60 | FILES:${PN} += "/opt/*" |
61 | FILES_${PN}-dbg += "\ | 61 | FILES:${PN}-dbg += "\ |
62 | /opt/tss-testsuite/tcg/*/.debug \ | 62 | /opt/tss-testsuite/tcg/*/.debug \ |
63 | /opt/tss-testsuite/tcg/*/*/.debug \ | 63 | /opt/tss-testsuite/tcg/*/*/.debug \ |
64 | " | 64 | " |
65 | 65 | ||
66 | RDEPENDS_${PN} += "tpm-tools openssl bash" | 66 | RDEPENDS:${PN} += "tpm-tools openssl bash" |
diff --git a/meta-tpm2/recipes-base/packagegroups/packagegroup-tpm2.bb b/meta-tpm2/recipes-base/packagegroups/packagegroup-tpm2.bb index eb096e0..8e5223e 100644 --- a/meta-tpm2/recipes-base/packagegroups/packagegroup-tpm2.bb +++ b/meta-tpm2/recipes-base/packagegroups/packagegroup-tpm2.bb | |||
@@ -1,11 +1,11 @@ | |||
1 | require packagegroup-tpm2.inc | 1 | require packagegroup-tpm2.inc |
2 | 2 | ||
3 | RDEPENDS_${PN} += "\ | 3 | RDEPENDS:${PN} += "\ |
4 | tpm2-abrmd \ | 4 | tpm2-abrmd \ |
5 | tpm2-tools \ | 5 | tpm2-tools \ |
6 | rng-tools \ | 6 | rng-tools \ |
7 | " | 7 | " |
8 | 8 | ||
9 | RRECOMMENDS_${PN} += "\ | 9 | RRECOMMENDS:${PN} += "\ |
10 | kernel-module-tpm-rng \ | 10 | kernel-module-tpm-rng \ |
11 | " | 11 | " |
diff --git a/meta-tpm2/recipes-kernel/linux/linux-yocto-tpm2.inc b/meta-tpm2/recipes-kernel/linux/linux-yocto-tpm2.inc index 51ab57e..a0cdf49 100644 --- a/meta-tpm2/recipes-kernel/linux/linux-yocto-tpm2.inc +++ b/meta-tpm2/recipes-kernel/linux/linux-yocto-tpm2.inc | |||
@@ -1,4 +1,4 @@ | |||
1 | FILESEXTRAPATHS_prepend := "${THISDIR}/linux-yocto:" | 1 | FILESEXTRAPATHS:prepend := "${THISDIR}/linux-yocto:" |
2 | 2 | ||
3 | SRC_URI += "\ | 3 | SRC_URI += "\ |
4 | ${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', \ | 4 | ${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', \ |
diff --git a/meta-tpm2/recipes-tpm/tpm2-abrmd/tpm2-abrmd_2.3.2.bb b/meta-tpm2/recipes-tpm/tpm2-abrmd/tpm2-abrmd_2.3.2.bb index b092549..51bcaf0 100644 --- a/meta-tpm2/recipes-tpm/tpm2-abrmd/tpm2-abrmd_2.3.2.bb +++ b/meta-tpm2/recipes-tpm/tpm2-abrmd/tpm2-abrmd_2.3.2.bb | |||
@@ -26,20 +26,20 @@ S = "${WORKDIR}/git" | |||
26 | inherit autotools pkgconfig systemd update-rc.d useradd | 26 | inherit autotools pkgconfig systemd update-rc.d useradd |
27 | 27 | ||
28 | SYSTEMD_PACKAGES += "${PN}" | 28 | SYSTEMD_PACKAGES += "${PN}" |
29 | SYSTEMD_SERVICE_${PN} = "tpm2-abrmd.service" | 29 | SYSTEMD_SERVICE:${PN} = "tpm2-abrmd.service" |
30 | SYSTEMD_AUTO_ENABLE_${PN} = "disable" | 30 | SYSTEMD_AUTO_ENABLE:${PN} = "disable" |
31 | 31 | ||
32 | INITSCRIPT_NAME = "${PN}" | 32 | INITSCRIPT_NAME = "${PN}" |
33 | INITSCRIPT_PARAMS = "start 99 2 3 4 5 . stop 19 0 1 6 ." | 33 | INITSCRIPT_PARAMS = "start 99 2 3 4 5 . stop 19 0 1 6 ." |
34 | 34 | ||
35 | USERADD_PACKAGES = "${PN}" | 35 | USERADD_PACKAGES = "${PN}" |
36 | GROUPADD_PARAM_${PN} = "tss" | 36 | GROUPADD_PARAM:${PN} = "tss" |
37 | USERADD_PARAM_${PN} = "--system -M -d /var/lib/tpm -s /bin/false -g tss tss" | 37 | USERADD_PARAM:${PN} = "--system -M -d /var/lib/tpm -s /bin/false -g tss tss" |
38 | 38 | ||
39 | PACKAGECONFIG ?="${@bb.utils.contains('DISTRO_FEATURES','systemd','systemd', '', d)}" | 39 | PACKAGECONFIG ?="${@bb.utils.contains('DISTRO_FEATURES','systemd','systemd', '', d)}" |
40 | PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir}, --with-systemdsystemunitdir=no" | 40 | PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir}, --with-systemdsystemunitdir=no" |
41 | 41 | ||
42 | do_install_append() { | 42 | do_install:append() { |
43 | install -d "${D}${sysconfdir}/init.d" | 43 | install -d "${D}${sysconfdir}/init.d" |
44 | install -m 0755 "${WORKDIR}/tpm2-abrmd-init.sh" "${D}${sysconfdir}/init.d/tpm2-abrmd" | 44 | install -m 0755 "${WORKDIR}/tpm2-abrmd-init.sh" "${D}${sysconfdir}/init.d/tpm2-abrmd" |
45 | 45 | ||
@@ -47,9 +47,9 @@ do_install_append() { | |||
47 | install -m 0644 "${WORKDIR}/tpm2-abrmd.default" "${D}${sysconfdir}/default/tpm2-abrmd" | 47 | install -m 0644 "${WORKDIR}/tpm2-abrmd.default" "${D}${sysconfdir}/default/tpm2-abrmd" |
48 | } | 48 | } |
49 | 49 | ||
50 | FILES_${PN} += "${libdir}/systemd/system-preset \ | 50 | FILES:${PN} += "${libdir}/systemd/system-preset \ |
51 | ${datadir}/dbus-1" | 51 | ${datadir}/dbus-1" |
52 | 52 | ||
53 | RDEPENDS_${PN} += "tpm2-tss libtss2-tcti-device libtss2-tcti-mssim" | 53 | RDEPENDS:${PN} += "tpm2-tss libtss2-tcti-device libtss2-tcti-mssim" |
54 | 54 | ||
55 | BBCLASSEXTEND = "native" | 55 | BBCLASSEXTEND = "native" |
diff --git a/meta-tpm2/recipes-tpm/tpm2-tss/tpm2-tss_2.3.3.bb b/meta-tpm2/recipes-tpm/tpm2-tss/tpm2-tss_2.3.3.bb index 89b7452..099c788 100644 --- a/meta-tpm2/recipes-tpm/tpm2-tss/tpm2-tss_2.3.3.bb +++ b/meta-tpm2/recipes-tpm/tpm2-tss/tpm2-tss_2.3.3.bb | |||
@@ -16,7 +16,7 @@ PACKAGECONFIG ??= "" | |||
16 | PACKAGECONFIG[oxygen] = ",--disable-doxygen-doc, " | 16 | PACKAGECONFIG[oxygen] = ",--disable-doxygen-doc, " |
17 | 17 | ||
18 | EXTRA_OECONF += "--enable-static --with-udevrulesdir=${nonarch_base_libdir}/udev/rules.d/" | 18 | EXTRA_OECONF += "--enable-static --with-udevrulesdir=${nonarch_base_libdir}/udev/rules.d/" |
19 | EXTRA_OECONF_remove = " --disable-static" | 19 | EXTRA_OECONF:remove = " --disable-static" |
20 | 20 | ||
21 | 21 | ||
22 | EXTRA_USERS_PARAMS = "\ | 22 | EXTRA_USERS_PARAMS = "\ |
@@ -43,34 +43,34 @@ PACKAGES = " \ | |||
43 | libtss2-staticdev \ | 43 | libtss2-staticdev \ |
44 | " | 44 | " |
45 | 45 | ||
46 | FILES_libtss2-tcti-device = "${libdir}/libtss2-tcti-device.so.*" | 46 | FILES:libtss2-tcti-device = "${libdir}/libtss2-tcti-device.so.*" |
47 | FILES_libtss2-tcti-device-dev = " \ | 47 | FILES:libtss2-tcti-device-dev = " \ |
48 | ${includedir}/tss2/tss2_tcti_device.h \ | 48 | ${includedir}/tss2/tss2_tcti_device.h \ |
49 | ${libdir}/pkgconfig/tss2-tcti-device.pc \ | 49 | ${libdir}/pkgconfig/tss2-tcti-device.pc \ |
50 | ${libdir}/libtss2-tcti-device.so" | 50 | ${libdir}/libtss2-tcti-device.so" |
51 | FILES_libtss2-tcti-device-staticdev = "${libdir}/libtss2-tcti-device.*a" | 51 | FILES:libtss2-tcti-device-staticdev = "${libdir}/libtss2-tcti-device.*a" |
52 | 52 | ||
53 | FILES_libtss2-tcti-mssim = "${libdir}/libtss2-tcti-mssim.so.*" | 53 | FILES:libtss2-tcti-mssim = "${libdir}/libtss2-tcti-mssim.so.*" |
54 | FILES_libtss2-tcti-mssim-dev = " \ | 54 | FILES:libtss2-tcti-mssim-dev = " \ |
55 | ${includedir}/tss2/tss2_tcti_mssim.h \ | 55 | ${includedir}/tss2/tss2_tcti_mssim.h \ |
56 | ${libdir}/pkgconfig/tss2-tcti-mssim.pc \ | 56 | ${libdir}/pkgconfig/tss2-tcti-mssim.pc \ |
57 | ${libdir}/libtss2-tcti-mssim.so" | 57 | ${libdir}/libtss2-tcti-mssim.so" |
58 | FILES_libtss2-tcti-mssim-staticdev = "${libdir}/libtss2-tcti-mssim.*a" | 58 | FILES:libtss2-tcti-mssim-staticdev = "${libdir}/libtss2-tcti-mssim.*a" |
59 | 59 | ||
60 | FILES_libtss2-mu = "${libdir}/libtss2-mu.so.*" | 60 | FILES:libtss2-mu = "${libdir}/libtss2-mu.so.*" |
61 | FILES_libtss2-mu-dev = " \ | 61 | FILES:libtss2-mu-dev = " \ |
62 | ${includedir}/tss2/tss2_mu.h \ | 62 | ${includedir}/tss2/tss2_mu.h \ |
63 | ${libdir}/pkgconfig/tss2-mu.pc \ | 63 | ${libdir}/pkgconfig/tss2-mu.pc \ |
64 | ${libdir}/libtss2-mu.so" | 64 | ${libdir}/libtss2-mu.so" |
65 | FILES_libtss2-mu-staticdev = "${libdir}/libtss2-mu.*a" | 65 | FILES:libtss2-mu-staticdev = "${libdir}/libtss2-mu.*a" |
66 | 66 | ||
67 | FILES_libtss2 = "${libdir}/libtss2*so.*" | 67 | FILES:libtss2 = "${libdir}/libtss2*so.*" |
68 | FILES_libtss2-dev = " \ | 68 | FILES:libtss2-dev = " \ |
69 | ${includedir} \ | 69 | ${includedir} \ |
70 | ${libdir}/pkgconfig \ | 70 | ${libdir}/pkgconfig \ |
71 | ${libdir}/libtss2*so" | 71 | ${libdir}/libtss2*so" |
72 | FILES_libtss2-staticdev = "${libdir}/libtss*a" | 72 | FILES:libtss2-staticdev = "${libdir}/libtss*a" |
73 | 73 | ||
74 | FILES_${PN} = "${libdir}/udev ${nonarch_base_libdir}/udev" | 74 | FILES:${PN} = "${libdir}/udev ${nonarch_base_libdir}/udev" |
75 | 75 | ||
76 | RDEPENDS_libtss2 = "libgcrypt" | 76 | RDEPENDS:libtss2 = "libgcrypt" |
diff --git a/meta/recipes-core/images/kernel-initramfs.bb b/meta/recipes-core/images/kernel-initramfs.bb index 2a3a1cd..9dad7b2 100644 --- a/meta/recipes-core/images/kernel-initramfs.bb +++ b/meta/recipes-core/images/kernel-initramfs.bb | |||
@@ -9,7 +9,7 @@ DEPENDS = "virtual/kernel" | |||
9 | 9 | ||
10 | PROVIDES = "virtual/kernel-initramfs" | 10 | PROVIDES = "virtual/kernel-initramfs" |
11 | 11 | ||
12 | ALLOW_EMPTY_${PN} = "1" | 12 | ALLOW_EMPTY:${PN} = "1" |
13 | 13 | ||
14 | B = "${WORKDIR}/${BPN}-${PV}" | 14 | B = "${WORKDIR}/${BPN}-${PV}" |
15 | 15 | ||
@@ -55,15 +55,15 @@ inherit update-alternatives | |||
55 | 55 | ||
56 | ALTERNATIVES_${PN} = "" | 56 | ALTERNATIVES_${PN} = "" |
57 | 57 | ||
58 | python do_package_prepend () { | 58 | python do_package:prepend () { |
59 | if d.getVar('BUNDLE') == '1': | 59 | if d.getVar('BUNDLE') == '1': |
60 | d.appendVar(d.expand('ALTERNATIVE_${PN}'), ' ' + d.expand('${KERNEL_IMAGETYPE}' + '-initramfs')) | 60 | d.appendVar(d.expand('ALTERNATIVE:${PN}'), ' ' + d.expand('${KERNEL_IMAGETYPE}' + '-initramfs')) |
61 | d.setVarFlag('ALTERNATIVE_LINK_NAME', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs', d.expand('/boot/${KERNEL_IMAGETYPE}-initramfs')) | 61 | d.setVarFlag('ALTERNATIVE_LINK_NAME', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs', d.expand('/boot/${KERNEL_IMAGETYPE}-initramfs')) |
62 | d.setVarFlag('ALTERNATIVE_TARGET', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs', d.expand('/boot/${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}')) | 62 | d.setVarFlag('ALTERNATIVE_TARGET', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs', d.expand('/boot/${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}')) |
63 | d.setVarFlag('ALTERNATIVE_PRIORITY', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs', '50101') | 63 | d.setVarFlag('ALTERNATIVE_PRIORITY', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs', '50101') |
64 | else: | 64 | else: |
65 | for compr in d.getVar('INITRAMFS_FSTYPES').split(): | 65 | for compr in d.getVar('INITRAMFS_FSTYPES').split(): |
66 | d.appendVar(d.expand('ALTERNATIVE_${PN}'), ' ' + d.expand('${INITRAMFS_IMAGE}')) | 66 | d.appendVar(d.expand('ALTERNATIVE:${PN}'), ' ' + d.expand('${INITRAMFS_IMAGE}')) |
67 | d.setVarFlag('ALTERNATIVE_LINK_NAME', d.expand('${INITRAMFS_IMAGE}'), d.expand('/boot/${INITRAMFS_IMAGE}')) | 67 | d.setVarFlag('ALTERNATIVE_LINK_NAME', d.expand('${INITRAMFS_IMAGE}'), d.expand('/boot/${INITRAMFS_IMAGE}')) |
68 | d.setVarFlag('ALTERNATIVE_TARGET', d.expand('${INITRAMFS_IMAGE}'), d.expand('/boot/${INITRAMFS_IMAGE}${INITRAMFS_EXT_NAME}.' + compr)) | 68 | d.setVarFlag('ALTERNATIVE_TARGET', d.expand('${INITRAMFS_IMAGE}'), d.expand('/boot/${INITRAMFS_IMAGE}${INITRAMFS_EXT_NAME}.' + compr)) |
69 | d.setVarFlag('ALTERNATIVE_PRIORITY', d.expand('${INITRAMFS_IMAGE}'), '50101') | 69 | d.setVarFlag('ALTERNATIVE_PRIORITY', d.expand('${INITRAMFS_IMAGE}'), '50101') |
@@ -71,4 +71,4 @@ python do_package_prepend () { | |||
71 | 71 | ||
72 | PACKAGE_ARCH = "${MACHINE_ARCH}" | 72 | PACKAGE_ARCH = "${MACHINE_ARCH}" |
73 | 73 | ||
74 | FILES_${PN} = "/boot/*" | 74 | FILES:${PN} = "/boot/*" |
diff --git a/meta/recipes-core/images/secure-core-image-initramfs.bb b/meta/recipes-core/images/secure-core-image-initramfs.bb index 1a50036..d868600 100644 --- a/meta/recipes-core/images/secure-core-image-initramfs.bb +++ b/meta/recipes-core/images/secure-core-image-initramfs.bb | |||
@@ -3,7 +3,7 @@ the Minimal RAM-based Initial Root Filesystem (initramfs), which finds the \ | |||
3 | first 'init' program more efficiently." | 3 | first 'init' program more efficiently." |
4 | LICENSE = "MIT" | 4 | LICENSE = "MIT" |
5 | 5 | ||
6 | ROOTFS_BOOTSTRAP_INSTALL_append += "\ | 6 | ROOTFS_BOOTSTRAP_INSTALL:append = " \ |
7 | ${@bb.utils.contains("DISTRO_FEATURES", "tpm2", \ | 7 | ${@bb.utils.contains("DISTRO_FEATURES", "tpm2", \ |
8 | "packagegroup-tpm2-initramfs", "", d)} \ | 8 | "packagegroup-tpm2-initramfs", "", d)} \ |
9 | ${@bb.utils.contains("DISTRO_FEATURES", "ima", \ | 9 | ${@bb.utils.contains("DISTRO_FEATURES", "ima", \ |
diff --git a/meta/recipes-core/images/secure-core-image.bb b/meta/recipes-core/images/secure-core-image.bb index 05db5f4..3621b2d 100644 --- a/meta/recipes-core/images/secure-core-image.bb +++ b/meta/recipes-core/images/secure-core-image.bb | |||
@@ -5,4 +5,4 @@ IMAGE_INSTALL += "\ | |||
5 | " | 5 | " |
6 | 6 | ||
7 | inherit extrausers | 7 | inherit extrausers |
8 | EXTRA_USERS_PARAMS_prepend += " usermod -P toor root;" | 8 | EXTRA_USERS_PARAMS += "usermod -P toor root;" |
diff --git a/meta/recipes-core/images/secure-core-image.inc b/meta/recipes-core/images/secure-core-image.inc index 52cf672..5ed3eda 100644 --- a/meta/recipes-core/images/secure-core-image.inc +++ b/meta/recipes-core/images/secure-core-image.inc | |||
@@ -1,7 +1,7 @@ | |||
1 | SUMMARY = "The root image of SecureCore." | 1 | SUMMARY = "The root image of SecureCore." |
2 | LICENSE = "MIT" | 2 | LICENSE = "MIT" |
3 | 3 | ||
4 | SECURE_CORE_IMAGE_EXTRA_INSTALL_append += "\ | 4 | SECURE_CORE_IMAGE_EXTRA_INSTALL:append = " \ |
5 | ${@bb.utils.contains("DISTRO_FEATURES", "efi-secure-boot", \ | 5 | ${@bb.utils.contains("DISTRO_FEATURES", "efi-secure-boot", \ |
6 | "packagegroup-efi-secure-boot", "", d)} \ | 6 | "packagegroup-efi-secure-boot", "", d)} \ |
7 | ${@bb.utils.contains("DISTRO_FEATURES", "tpm", \ | 7 | ${@bb.utils.contains("DISTRO_FEATURES", "tpm", \ |
@@ -30,6 +30,6 @@ INITRAMFS_IMAGE ?= "secure-core-image-initramfs" | |||
30 | inherit core-image | 30 | inherit core-image |
31 | 31 | ||
32 | IMAGE_ROOTFS_SIZE ?= "8192" | 32 | IMAGE_ROOTFS_SIZE ?= "8192" |
33 | IMAGE_ROOTFS_EXTRA_SPACE_append = "\ | 33 | IMAGE_ROOTFS_EXTRA_SPACE:append = " \ |
34 | ${@bb.utils.contains("DISTRO_FEATURES", "systemd", " + 4096", "" ,d)} \ | 34 | ${@bb.utils.contains("DISTRO_FEATURES", "systemd", " + 4096", "" ,d)} \ |
35 | " | 35 | " |
diff --git a/meta/recipes-core/initrdscripts/initrdscripts-secure-core.bb b/meta/recipes-core/initrdscripts/initrdscripts-secure-core.bb index a2e994d..188681b 100644 --- a/meta/recipes-core/initrdscripts/initrdscripts-secure-core.bb +++ b/meta/recipes-core/initrdscripts/initrdscripts-secure-core.bb | |||
@@ -18,7 +18,7 @@ do_install() { | |||
18 | mknod -m 0600 "${D}/dev/console" c 5 1 | 18 | mknod -m 0600 "${D}/dev/console" c 5 1 |
19 | } | 19 | } |
20 | 20 | ||
21 | FILES_${PN} = "\ | 21 | FILES:${PN} = "\ |
22 | /init \ | 22 | /init \ |
23 | /dev \ | 23 | /dev \ |
24 | /run \ | 24 | /run \ |
@@ -32,7 +32,7 @@ FILES_${PN} = "\ | |||
32 | # @grep: grep | 32 | # @grep: grep |
33 | # @gawk: awk | 33 | # @gawk: awk |
34 | # @eudev or udev: udevd, udevadm | 34 | # @eudev or udev: udevd, udevadm |
35 | RDEPENDS_${PN} += "\ | 35 | RDEPENDS:${PN} += "\ |
36 | coreutils \ | 36 | coreutils \ |
37 | util-linux-mount \ | 37 | util-linux-mount \ |
38 | grep \ | 38 | grep \ |
@@ -42,7 +42,7 @@ RDEPENDS_${PN} += "\ | |||
42 | 42 | ||
43 | # @initrdscripts-ima: init.ima | 43 | # @initrdscripts-ima: init.ima |
44 | # @cryptfs-tpm2-initramfs: init.cryptfs | 44 | # @cryptfs-tpm2-initramfs: init.cryptfs |
45 | RRECOMMENDS_${PN} += "\ | 45 | RRECOMMENDS:${PN} += "\ |
46 | ${@bb.utils.contains('DISTRO_FEATURES', 'ima', 'initrdscripts-ima', '', d)} \ | 46 | ${@bb.utils.contains('DISTRO_FEATURES', 'ima', 'initrdscripts-ima', '', d)} \ |
47 | ${@bb.utils.contains('DISTRO_FEATURES', 'luks', 'cryptfs-tpm2-initramfs', '', d)} \ | 47 | ${@bb.utils.contains('DISTRO_FEATURES', 'luks', 'cryptfs-tpm2-initramfs', '', d)} \ |
48 | " | 48 | " |