kernel-initramfs: only apply the bbappend if efi-secure-boot distro flag set

When the meta-efi-secure-boot layer is included but feature efi-secure-boot is not set. We got the following error with kernel-initramfs building: ERROR: kernel-initramfs-1.0-r0 do_deploy: Function failed: do_deploy (log file is located at /buildarea/build/tmp/work/genericx86_64-poky-linux/kernel-initramfs/1.0-r0/temp/log.do_deploy.16995) ERROR: Logfile of failure stored in: /buildarea/build/tmp/work/genericx86_64-poky-linux/kernel-initramfs/1.0-r0/temp/log.do_deploy.16995 Log data follows: | DEBUG: Executing python function sstate_task_prefunc | DEBUG: Python function sstate_task_prefunc finished | DEBUG: Executing shell function do_deploy | install: cannot stat '/buildarea/build/tmp/work/genericx86_64-poky-linux/kernel-initramfs/1.0-r0/image/boot/*.p7b': No such file or directory | WARNING: /buildarea/build/tmp/work/genericx86_64-poky-linux/kernel-initramfs/1.0-r0/temp/run.do_deploy.16995:1 exit 1 from 'install -m 0644 ${SIG} /buildarea/build/tmp/work/genericx86_64-poky-linux/kernel-initramfs/1.0-r0/deploy-kernel-initramfs' | ERROR: Function failed: do_deploy (log file is located at /buildarea/build/tmp/work/genericx86_64-poky-linux/kernel-initramfs/1.0-r0/temp/log.do_deploy.16995) ERROR: Task (/buildarea/poky/meta-secure-core/meta/recipes-core/images/kernel-initramfs.bb:do_deploy) failed with exit code '1' Rename kernel-initramfs.bbappend to kernel-initramfs-efi-secure-boot.inc and add a new bbappend. Make sure this piece of code should be applied only if the efi-secure-boot feature is set. Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
author: Yi Zhao <yi.zhao@windriver.com> 2018-11-30 09:47:18 +0800
committer: Jia Zhang <zhang.jia@linux.alibaba.com> 2018-11-30 13:46:35 +0800
commit: ca566bb615b781283571653ef86fcd1d21a42f57 (patch)
tree: b1f2064d263093132b21843ea3a773773cc2f5b6
parent: deed416dd82fb85da5a89d80990431fe87fae97b (diff)
download: meta-secure-core-ca566bb615b781283571653ef86fcd1d21a42f57.tar.gz
2 files changed, 38 insertions, 37 deletions
diff --git a/meta-efi-secure-boot/recipes-core/images/kernel-initramfs-efi-secure-boot.inc b/meta-efi-secure-boot/recipes-core/images/kernel-initramfs-efi-secure-boot.inc
new file mode 100644
index 0000000..fb073a1
--- /dev/null
+++ b/meta-efi-secure-boot/recipes-core/images/kernel-initramfs-efi-secure-boot.inc
@@ -0,0 +1,37 @@
+DEPENDS += "openssl-native"
+inherit user-key-store deploy
+# Always fetch the latest initramfs image
+do_install[nostamp] = "1"
+fakeroot python do_sign() {
+    if d.getVar('BUNDLE', True) == '0':
+        for compr in d.getVar('INITRAMFS_FSTYPES').split():
+            uks_sel_sign(d.expand('${D}/boot/${INITRAMFS_IMAGE}${INITRAMFS_EXT_NAME}.') + compr, d)
+    else:
+        uks_sel_sign(d.expand('${D}/boot/${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}'), d)
+}
+addtask sign after do_install before do_deploy do_package
+do_sign[prefuncs] += "check_deploy_keys"
+do_deploy() {
+    install -d "${DEPLOYDIR}"
+    for SIG in ${D}/boot/*.p7b; do
+        install -m 0644 ${SIG} ${DEPLOYDIR}
+    done
+}
+addtask deploy after do_install before do_build
+python do_package_prepend () {
+    if d.getVar('BUNDLE') == '1':
+        d.appendVar(d.expand('ALTERNATIVE_${PN}'), ' ' + d.expand('${KERNEL_IMAGETYPE}' + '-initramfs.p7b'))
+        d.setVarFlag('ALTERNATIVE_LINK_NAME', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs.p7b', d.expand('/boot/${KERNEL_IMAGETYPE}-initramfs.p7b'))
+        d.setVarFlag('ALTERNATIVE_TARGET', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs.p7b', d.expand('/boot/${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}.p7b'))
+        d.setVarFlag('ALTERNATIVE_PRIORITY', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs.p7b', '50101')
+    else:
+        for compr in d.getVar('INITRAMFS_FSTYPES').split():
+            d.appendVar(d.expand('ALTERNATIVE_${PN}'), ' ' + d.expand('${INITRAMFS_IMAGE}') + '.p7b')
+            d.setVarFlag('ALTERNATIVE_LINK_NAME', d.expand('${INITRAMFS_IMAGE}') + '.p7b', d.expand('/boot/${INITRAMFS_IMAGE}.p7b'))
+            d.setVarFlag('ALTERNATIVE_TARGET', d.expand('${INITRAMFS_IMAGE}') + '.p7b', d.expand('/boot/${INITRAMFS_IMAGE}${INITRAMFS_EXT_NAME}.' + compr + '.p7b'))
+            d.setVarFlag('ALTERNATIVE_PRIORITY', d.expand('${INITRAMFS_IMAGE}') + '.p7b', '50101')
+}
diff --git a/meta-efi-secure-boot/recipes-core/images/kernel-initramfs.bbappend b/meta-efi-secure-boot/recipes-core/images/kernel-initramfs.bbappend
index fb073a1..dc782d7 100644
--- a/meta-efi-secure-boot/recipes-core/images/kernel-initramfs.bbappend
+++ b/meta-efi-secure-boot/recipes-core/images/kernel-initramfs.bbappend
@@ -1,37 +1 @@
-DEPENDS += "openssl-native"
+require ${@bb.utils.contains('DISTRO_FEATURES', 'efi-secure-boot', 'kernel-initramfs-efi-secure-boot.inc', '', d)}
-inherit user-key-store deploy
-# Always fetch the latest initramfs image
-do_install[nostamp] = "1"
-fakeroot python do_sign() {
-    if d.getVar('BUNDLE', True) == '0':
-        for compr in d.getVar('INITRAMFS_FSTYPES').split():
-            uks_sel_sign(d.expand('${D}/boot/${INITRAMFS_IMAGE}${INITRAMFS_EXT_NAME}.') + compr, d)
-    else:
-        uks_sel_sign(d.expand('${D}/boot/${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}'), d)
-}
-addtask sign after do_install before do_deploy do_package
-do_sign[prefuncs] += "check_deploy_keys"
-do_deploy() {
-    install -d "${DEPLOYDIR}"
-    for SIG in ${D}/boot/*.p7b; do
-        install -m 0644 ${SIG} ${DEPLOYDIR}
-    done
-}
-addtask deploy after do_install before do_build
-python do_package_prepend () {
-    if d.getVar('BUNDLE') == '1':
-        d.appendVar(d.expand('ALTERNATIVE_${PN}'), ' ' + d.expand('${KERNEL_IMAGETYPE}' + '-initramfs.p7b'))
-        d.setVarFlag('ALTERNATIVE_LINK_NAME', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs.p7b', d.expand('/boot/${KERNEL_IMAGETYPE}-initramfs.p7b'))
-        d.setVarFlag('ALTERNATIVE_TARGET', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs.p7b', d.expand('/boot/${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}.p7b'))
-        d.setVarFlag('ALTERNATIVE_PRIORITY', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs.p7b', '50101')
-    else:
-        for compr in d.getVar('INITRAMFS_FSTYPES').split():
-            d.appendVar(d.expand('ALTERNATIVE_${PN}'), ' ' + d.expand('${INITRAMFS_IMAGE}') + '.p7b')
-            d.setVarFlag('ALTERNATIVE_LINK_NAME', d.expand('${INITRAMFS_IMAGE}') + '.p7b', d.expand('/boot/${INITRAMFS_IMAGE}.p7b'))
-            d.setVarFlag('ALTERNATIVE_TARGET', d.expand('${INITRAMFS_IMAGE}') + '.p7b', d.expand('/boot/${INITRAMFS_IMAGE}${INITRAMFS_EXT_NAME}.' + compr + '.p7b'))
-            d.setVarFlag('ALTERNATIVE_PRIORITY', d.expand('${INITRAMFS_IMAGE}') + '.p7b', '50101')
-}
author	Yi Zhao <yi.zhao@windriver.com>	2018-11-30 09:47:18 +0800
committer	Jia Zhang <zhang.jia@linux.alibaba.com>	2018-11-30 13:46:35 +0800
commit	ca566bb615b781283571653ef86fcd1d21a42f57 (patch)
tree	b1f2064d263093132b21843ea3a773773cc2f5b6
parent	deed416dd82fb85da5a89d80990431fe87fae97b (diff)
download	meta-secure-core-ca566bb615b781283571653ef86fcd1d21a42f57.tar.gz

diff --git a/meta-efi-secure-boot/recipes-core/images/kernel-initramfs-efi-secure-boot.inc b/meta-efi-secure-boot/recipes-core/images/kernel-initramfs-efi-secure-boot.inc new file mode 100644 index 0000000..fb073a1 --- /dev/null +++ b/meta-efi-secure-boot/recipes-core/images/kernel-initramfs-efi-secure-boot.inc
@@ -0,0 +1,37 @@
		1	DEPENDS += "openssl-native"
		2	inherit user-key-store deploy
		3
		4	# Always fetch the latest initramfs image
		5	do_install[nostamp] = "1"
		6
		7	fakeroot python do_sign() {
		8	if d.getVar('BUNDLE', True) == '0':
		9	for compr in d.getVar('INITRAMFS_FSTYPES').split():
		10	uks_sel_sign(d.expand('${D}/boot/${INITRAMFS_IMAGE}${INITRAMFS_EXT_NAME}.') + compr, d)
		11	else:
		12	uks_sel_sign(d.expand('${D}/boot/${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}'), d)
		13	}
		14	addtask sign after do_install before do_deploy do_package
		15	do_sign[prefuncs] += "check_deploy_keys"
		16
		17	do_deploy() {
		18	install -d "${DEPLOYDIR}"
		19	for SIG in ${D}/boot/*.p7b; do
		20	install -m 0644 ${SIG} ${DEPLOYDIR}
		21	done
		22	}
		23	addtask deploy after do_install before do_build
		24
		25	python do_package_prepend () {
		26	if d.getVar('BUNDLE') == '1':
		27	d.appendVar(d.expand('ALTERNATIVE_${PN}'), ' ' + d.expand('${KERNEL_IMAGETYPE}' + '-initramfs.p7b'))
		28	d.setVarFlag('ALTERNATIVE_LINK_NAME', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs.p7b', d.expand('/boot/${KERNEL_IMAGETYPE}-initramfs.p7b'))
		29	d.setVarFlag('ALTERNATIVE_TARGET', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs.p7b', d.expand('/boot/${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}.p7b'))
		30	d.setVarFlag('ALTERNATIVE_PRIORITY', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs.p7b', '50101')
		31	else:
		32	for compr in d.getVar('INITRAMFS_FSTYPES').split():
		33	d.appendVar(d.expand('ALTERNATIVE_${PN}'), ' ' + d.expand('${INITRAMFS_IMAGE}') + '.p7b')
		34	d.setVarFlag('ALTERNATIVE_LINK_NAME', d.expand('${INITRAMFS_IMAGE}') + '.p7b', d.expand('/boot/${INITRAMFS_IMAGE}.p7b'))
		35	d.setVarFlag('ALTERNATIVE_TARGET', d.expand('${INITRAMFS_IMAGE}') + '.p7b', d.expand('/boot/${INITRAMFS_IMAGE}${INITRAMFS_EXT_NAME}.' + compr + '.p7b'))
		36	d.setVarFlag('ALTERNATIVE_PRIORITY', d.expand('${INITRAMFS_IMAGE}') + '.p7b', '50101')
		37	}


diff --git a/meta-efi-secure-boot/recipes-core/images/kernel-initramfs.bbappend b/meta-efi-secure-boot/recipes-core/images/kernel-initramfs.bbappend index fb073a1..dc782d7 100644 --- a/meta-efi-secure-boot/recipes-core/images/kernel-initramfs.bbappend +++ b/meta-efi-secure-boot/recipes-core/images/kernel-initramfs.bbappend
@@ -1,37 +1 @@
1	DEPENDS += "openssl-native"		require ${@bb.utils.contains('DISTRO_FEATURES', 'efi-secure-boot', 'kernel-initramfs-efi-secure-boot.inc', '', d)}
2	inherit user-key-store deploy
3
4	# Always fetch the latest initramfs image
5	do_install[nostamp] = "1"
6
7	fakeroot python do_sign() {
8	if d.getVar('BUNDLE', True) == '0':
9	for compr in d.getVar('INITRAMFS_FSTYPES').split():
10	uks_sel_sign(d.expand('${D}/boot/${INITRAMFS_IMAGE}${INITRAMFS_EXT_NAME}.') + compr, d)
11	else:
12	uks_sel_sign(d.expand('${D}/boot/${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}'), d)
13	}
14	addtask sign after do_install before do_deploy do_package
15	do_sign[prefuncs] += "check_deploy_keys"
16
17	do_deploy() {
18	install -d "${DEPLOYDIR}"
19	for SIG in ${D}/boot/*.p7b; do
20	install -m 0644 ${SIG} ${DEPLOYDIR}
21	done
22	}
23	addtask deploy after do_install before do_build
24
25	python do_package_prepend () {
26	if d.getVar('BUNDLE') == '1':
27	d.appendVar(d.expand('ALTERNATIVE_${PN}'), ' ' + d.expand('${KERNEL_IMAGETYPE}' + '-initramfs.p7b'))
28	d.setVarFlag('ALTERNATIVE_LINK_NAME', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs.p7b', d.expand('/boot/${KERNEL_IMAGETYPE}-initramfs.p7b'))
29	d.setVarFlag('ALTERNATIVE_TARGET', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs.p7b', d.expand('/boot/${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}.p7b'))
30	d.setVarFlag('ALTERNATIVE_PRIORITY', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs.p7b', '50101')
31	else:
32	for compr in d.getVar('INITRAMFS_FSTYPES').split():
33	d.appendVar(d.expand('ALTERNATIVE_${PN}'), ' ' + d.expand('${INITRAMFS_IMAGE}') + '.p7b')
34	d.setVarFlag('ALTERNATIVE_LINK_NAME', d.expand('${INITRAMFS_IMAGE}') + '.p7b', d.expand('/boot/${INITRAMFS_IMAGE}.p7b'))
35	d.setVarFlag('ALTERNATIVE_TARGET', d.expand('${INITRAMFS_IMAGE}') + '.p7b', d.expand('/boot/${INITRAMFS_IMAGE}${INITRAMFS_EXT_NAME}.' + compr + '.p7b'))
36	d.setVarFlag('ALTERNATIVE_PRIORITY', d.expand('${INITRAMFS_IMAGE}') + '.p7b', '50101')
37	}