meta-integrity: Convert to new override syntax

Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Armin Kuster <akuster808@gmail.com> 2021-07-29 16:32:05 -0700
committer: Armin Kuster <akuster808@gmail.com> 2021-08-01 08:47:08 -0700
commit: b8554aae23cb66378866bff7d5ef6c6324fa486a (patch)
tree: 3cdbdbc9c1d52e0b4b0a4c7ed43789aba1b9aa4a
parent: c7632b927c4cb31d77caebe1390da21c630cfe0e (diff)
download: meta-security-b8554aae23cb66378866bff7d5ef6c6324fa486a.tar.gz
15 files changed, 28 insertions, 28 deletions
diff --git a/meta-integrity/README.md b/meta-integrity/README.md
index 8254b0d..eae1c57 100644
--- a/meta-integrity/README.md
+++ b/meta-integrity/README.md
@@ -6,7 +6,7 @@ The bbappend files for some recipes (e.g. linux-yocto) in this layer need
 to have 'integrity' in DISTRO_FEATURES to have effect.
 To enable them, add in configuration file the following line.
-  DISTRO_FEATURES_append = " integrity"
+  DISTRO_FEATURES:append = " integrity"
 If meta-integrity is included, but integrity is not enabled as a
 distro feature a warning is printed at parse time:
@@ -219,7 +219,7 @@ executing the file is no longer allowed:
 Enabling the audit kernel subsystem may help to debug appraisal
 issues. Enable it by adding the meta-security-framework layer and
 changing your local.conf:
-    SRC_URI_append_pn-linux-yocto = " file://audit.cfg"
+    SRC_URI:append:pn-linux-yocto = " file://audit.cfg"
    CORE_IMAGE_EXTRA_INSTALL += "auditd"
 Then boot with "ima_appraise=log ima_appraise_tcb".
diff --git a/meta-integrity/classes/ima-evm-rootfs.bbclass b/meta-integrity/classes/ima-evm-rootfs.bbclass
index 0acd6e7..57de2f6 100644
--- a/meta-integrity/classes/ima-evm-rootfs.bbclass
+++ b/meta-integrity/classes/ima-evm-rootfs.bbclass
@@ -29,7 +29,7 @@ IMA_EVM_ROOTFS_HASHED ?= ". -depth 0 -false"
 IMA_EVM_ROOTFS_IVERSION ?= ""
 # Avoid re-generating fstab when ima is enabled.
-WIC_CREATE_EXTRA_ARGS_append = "${@bb.utils.contains('DISTRO_FEATURES', 'ima', ' --no-fstab-update', '', d)}"
+WIC_CREATE_EXTRA_ARGS:append = "${@bb.utils.contains('DISTRO_FEATURES', 'ima', ' --no-fstab-update', '', d)}"
 ima_evm_sign_rootfs () {
    cd ${IMAGE_ROOTFS}
diff --git a/meta-integrity/classes/kernel-modsign.bbclass b/meta-integrity/classes/kernel-modsign.bbclass
index 09025ba..cf5d3eb 100644
--- a/meta-integrity/classes/kernel-modsign.bbclass
+++ b/meta-integrity/classes/kernel-modsign.bbclass
@@ -15,7 +15,7 @@ MODSIGN_X509 ?= "${MODSIGN_KEY_DIR}/x509_modsign.crt"
 # If this class is enabled, disable stripping signatures from modules
 INHIBIT_PACKAGE_STRIP = "1"
-kernel_do_configure_prepend() {
+kernel_do_configure:prepend() {
    if [ -f "${MODSIGN_PRIVKEY}" -a -f "${MODSIGN_X509}" ]; then
        cat "${MODSIGN_PRIVKEY}" "${MODSIGN_X509}" \
            > "${B}/modsign_key.pem"
@@ -24,6 +24,6 @@ kernel_do_configure_prepend() {
    fi
 }
-do_shared_workdir_append() {
+do_shared_workdir:append() {
    cp modsign_key.pem $kerneldir/
 }
diff --git a/meta-integrity/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-ima.inc b/meta-integrity/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-ima.inc
index a45182e..807075c 100644
--- a/meta-integrity/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-ima.inc
+++ b/meta-integrity/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-ima.inc
@@ -1,8 +1,8 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
 DEPENDS = "libtspi"
-SRC_URI_append = " file://0001-xfrmi-Only-build-if-libcharon-is-built.patch"
+SRC_URI:append = " file://0001-xfrmi-Only-build-if-libcharon-is-built.patch"
 PACKAGECONFIG += " \
    aikgen \
diff --git a/meta-integrity/recipes-core/base-files/base-files-ima.inc b/meta-integrity/recipes-core/base-files/base-files-ima.inc
index 7e9e210..cfa65a2 100644
--- a/meta-integrity/recipes-core/base-files/base-files-ima.inc
+++ b/meta-integrity/recipes-core/base-files/base-files-ima.inc
@@ -1,5 +1,5 @@
 # Append iversion option for auto types
-do_install_append() {
+do_install:append() {
    sed -i 's/\s*auto\s*defaults/&,iversion/' "${D}${sysconfdir}/fstab"
    echo 'securityfs  /sys/kernel/security  securityfs  defaults  0  0' >> "${D}${sysconfdir}/fstab"
 }
diff --git a/meta-integrity/recipes-core/images/integrity-image-minimal.bb b/meta-integrity/recipes-core/images/integrity-image-minimal.bb
index 1a3a30a..f40e867 100644
--- a/meta-integrity/recipes-core/images/integrity-image-minimal.bb
+++ b/meta-integrity/recipes-core/images/integrity-image-minimal.bb
@@ -18,4 +18,4 @@ export IMAGE_BASENAME = "integrity-image-minimal"
 INHERIT += "ima-evm-rootfs"
-QB_KERNEL_CMDLINE_APPEND_append = " ima_appraise=fix ima_policy=tcb ima_policy=appraise_tcb"
+QB_KERNEL_CMDLINE_APPEND:append = " ima_appraise=fix ima_policy=tcb ima_policy=appraise_tcb"
diff --git a/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb b/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb
index 6471c53..58cbe6e 100644
--- a/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb
+++ b/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb
@@ -30,7 +30,7 @@ do_install () {
    sed -i "s/@@FORCE_IMA@@/${IMA_FORCE}/g" ${D}/init.d/20-ima
 }
-FILES_${PN} = "/init.d ${sysconfdir}"
+FILES:${PN} = "/init.d ${sysconfdir}"
-RDEPENDS_${PN} = "keyutils ima-evm-keys ${IMA_POLICY}"
+RDEPENDS:${PN} = "keyutils ima-evm-keys ${IMA_POLICY}"
-RDEPENDS_${PN} += "initramfs-framework-base"
+RDEPENDS:${PN} += "initramfs-framework-base"
diff --git a/meta-integrity/recipes-core/packagegroups/packagegroup-ima-evm-utils.bb b/meta-integrity/recipes-core/packagegroups/packagegroup-ima-evm-utils.bb
index 8196edb..484859f 100644
--- a/meta-integrity/recipes-core/packagegroups/packagegroup-ima-evm-utils.bb
+++ b/meta-integrity/recipes-core/packagegroups/packagegroup-ima-evm-utils.bb
@@ -6,6 +6,6 @@ inherit packagegroup features_check
 REQUIRED_DISTRO_FEATURES = "ima"
 # Only one at the moment, but perhaps more will come in the future.
-RDEPENDS_${PN} = " \
+RDEPENDS:${PN} = " \
    ima-evm-utils \
 "
diff --git a/meta-integrity/recipes-core/systemd/systemd_%.bbappend b/meta-integrity/recipes-core/systemd/systemd_%.bbappend
index 3b45541..57b3684 100644
--- a/meta-integrity/recipes-core/systemd/systemd_%.bbappend
+++ b/meta-integrity/recipes-core/systemd/systemd_%.bbappend
@@ -1,11 +1,11 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
 SRC_URI += " \
    file://machine-id-commit-sync.conf \
    file://random-seed-sync.conf \
 "
-do_install_append () {
+do_install:append () {
    for i in machine-id-commit random-seed; do
        install -d ${D}/${systemd_system_unitdir}/systemd-$i.service.d
        install -m 0644 ${WORKDIR}/$i-sync.conf ${D}/${systemd_system_unitdir}/systemd-$i.service.d
diff --git a/meta-integrity/recipes-kernel/linux/linux_ima.inc b/meta-integrity/recipes-kernel/linux/linux_ima.inc
index f9a48cd..3ab53e5 100644
--- a/meta-integrity/recipes-kernel/linux/linux_ima.inc
+++ b/meta-integrity/recipes-kernel/linux/linux_ima.inc
@@ -1,5 +1,5 @@
-KERNEL_FEATURES_append = " ${@bb.utils.contains("DISTRO_FEATURES", "ima", " features/ima/ima.scc", "" ,d)}"
+KERNEL_FEATURES:append = " ${@bb.utils.contains("DISTRO_FEATURES", "ima", " features/ima/ima.scc", "" ,d)}"
-KERNEL_FEATURES_append = " ${@bb.utils.contains('DISTRO_FEATURES', 'modsign', ' features/ima/modsign.scc', '', d)}"
+KERNEL_FEATURES:append = " ${@bb.utils.contains('DISTRO_FEATURES', 'modsign', ' features/ima/modsign.scc', '', d)}"
 inherit ${@bb.utils.contains('DISTRO_FEATURES', 'modsign', 'kernel-modsign', '', d)}
diff --git a/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb b/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb
index 7708aef..dd32397 100644
--- a/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb
+++ b/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb
@@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384
 inherit features_check
 REQUIRED_DISTRO_FEATURES = "ima"
-ALLOW_EMPTY_${PN} = "1"
+ALLOW_EMPTY:${PN} = "1"
 do_install () {
    if [ -e "${IMA_EVM_X509}" ]; then
diff --git a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb
index bd85583..fc7a2d6 100644
--- a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb
+++ b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb
@@ -4,7 +4,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
 DEPENDS += "openssl attr keyutils"
-DEPENDS_class-native += "openssl-native keyutils-native"
+DEPENDS:class-native += "openssl-native keyutils-native"
 PV = "1.2.1+git${SRCPV}"
 SRCREV = "3eab1f93b634249c1720f65fcb495b1996f0256e"
@@ -26,13 +26,13 @@ S = "${WORKDIR}/git"
 inherit pkgconfig autotools features_check
 REQUIRED_DISTRO_FEATURES = "ima"
-REQUIRED_DISTRO_FEATURES_class-native = ""
+REQUIRED_DISTRO_FEATURES:class-native = ""
-EXTRA_OECONF_append_class-target = " --with-kernel-headers=${STAGING_KERNEL_BUILDDIR}"
+EXTRA_OECONF:append:class-target = " --with-kernel-headers=${STAGING_KERNEL_BUILDDIR}"
 # blkid is called by evmctl when creating evm checksums.
 # This is less useful when signing files on the build host,
 # so disable it when compiling on the host.
-RDEPENDS_${PN}_append_class-target = " util-linux-blkid libcrypto attr libattr keyutils"
+RDEPENDS:${PN}:append:class-target = " util-linux-blkid libcrypto attr libattr keyutils"
 BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb b/meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb
index 84ea161..5f2244e 100644
--- a/meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb
+++ b/meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb
@@ -12,5 +12,5 @@ do_install () {
    install ${WORKDIR}/ima_policy_appraise_all ${D}/${sysconfdir}/ima/ima-policy
 }
-FILES_${PN} = "${sysconfdir}/ima"
+FILES:${PN} = "${sysconfdir}/ima"
-RDEPENDS_${PN} = "ima-evm-utils"
+RDEPENDS:${PN} = "ima-evm-utils"
diff --git a/meta-integrity/recipes-security/ima_policy_hashed/ima-policy-hashed_1.0.bb b/meta-integrity/recipes-security/ima_policy_hashed/ima-policy-hashed_1.0.bb
index ff7169e..57c0640 100644
--- a/meta-integrity/recipes-security/ima_policy_hashed/ima-policy-hashed_1.0.bb
+++ b/meta-integrity/recipes-security/ima_policy_hashed/ima-policy-hashed_1.0.bb
@@ -14,5 +14,5 @@ do_install () {
    install ${WORKDIR}/ima_policy_hashed ${D}/${sysconfdir}/ima/ima-policy
 }
-FILES_${PN} = "${sysconfdir}/ima"
+FILES:${PN} = "${sysconfdir}/ima"
-RDEPENDS_${PN} = "ima-evm-utils"
+RDEPENDS:${PN} = "ima-evm-utils"
diff --git a/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb b/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb
index 0e56aec..8fed410 100644
--- a/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb
+++ b/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb
@@ -12,5 +12,5 @@ do_install () {
    install ${WORKDIR}/ima_policy_simple ${D}/${sysconfdir}/ima/ima-policy
 }
-FILES_${PN} = "${sysconfdir}/ima"
+FILES:${PN} = "${sysconfdir}/ima"
-RDEPENDS_${PN} = "ima-evm-utils"
+RDEPENDS:${PN} = "ima-evm-utils"
author	Armin Kuster <akuster808@gmail.com>	2021-07-29 16:32:05 -0700
committer	Armin Kuster <akuster808@gmail.com>	2021-08-01 08:47:08 -0700
commit	b8554aae23cb66378866bff7d5ef6c6324fa486a (patch)
tree	3cdbdbc9c1d52e0b4b0a4c7ed43789aba1b9aa4a
parent	c7632b927c4cb31d77caebe1390da21c630cfe0e (diff)
download	meta-security-b8554aae23cb66378866bff7d5ef6c6324fa486a.tar.gz

diff --git a/meta-integrity/README.md b/meta-integrity/README.md index 8254b0d..eae1c57 100644 --- a/meta-integrity/README.md +++ b/meta-integrity/README.md
@@ -6,7 +6,7 @@ The bbappend files for some recipes (e.g. linux-yocto) in this layer need
6	to have 'integrity' in DISTRO_FEATURES to have effect.	6	to have 'integrity' in DISTRO_FEATURES to have effect.
7	To enable them, add in configuration file the following line.	7	To enable them, add in configuration file the following line.
8		8
9	DISTRO_FEATURES_append = " integrity"	9	DISTRO_FEATURES:append = " integrity"
10		10
11	If meta-integrity is included, but integrity is not enabled as a	11	If meta-integrity is included, but integrity is not enabled as a
12	distro feature a warning is printed at parse time:	12	distro feature a warning is printed at parse time:
@@ -219,7 +219,7 @@ executing the file is no longer allowed:
219	Enabling the audit kernel subsystem may help to debug appraisal	219	Enabling the audit kernel subsystem may help to debug appraisal
220	issues. Enable it by adding the meta-security-framework layer and	220	issues. Enable it by adding the meta-security-framework layer and
221	changing your local.conf:	221	changing your local.conf:
222	SRC_URI_append_pn-linux-yocto = " file://audit.cfg"	222	SRC_URI:append:pn-linux-yocto = " file://audit.cfg"
223	CORE_IMAGE_EXTRA_INSTALL += "auditd"	223	CORE_IMAGE_EXTRA_INSTALL += "auditd"
224		224
225	Then boot with "ima_appraise=log ima_appraise_tcb".	225	Then boot with "ima_appraise=log ima_appraise_tcb".


diff --git a/meta-integrity/classes/ima-evm-rootfs.bbclass b/meta-integrity/classes/ima-evm-rootfs.bbclass index 0acd6e7..57de2f6 100644 --- a/meta-integrity/classes/ima-evm-rootfs.bbclass +++ b/meta-integrity/classes/ima-evm-rootfs.bbclass
@@ -29,7 +29,7 @@ IMA_EVM_ROOTFS_HASHED ?= ". -depth 0 -false"
29	IMA_EVM_ROOTFS_IVERSION ?= ""	29	IMA_EVM_ROOTFS_IVERSION ?= ""
30		30
31	# Avoid re-generating fstab when ima is enabled.	31	# Avoid re-generating fstab when ima is enabled.
32	WIC_CREATE_EXTRA_ARGS_append = "${@bb.utils.contains('DISTRO_FEATURES', 'ima', ' --no-fstab-update', '', d)}"	32	WIC_CREATE_EXTRA_ARGS:append = "${@bb.utils.contains('DISTRO_FEATURES', 'ima', ' --no-fstab-update', '', d)}"
33		33
34	ima_evm_sign_rootfs () {	34	ima_evm_sign_rootfs () {
35	cd ${IMAGE_ROOTFS}	35	cd ${IMAGE_ROOTFS}


diff --git a/meta-integrity/classes/kernel-modsign.bbclass b/meta-integrity/classes/kernel-modsign.bbclass index 09025ba..cf5d3eb 100644 --- a/meta-integrity/classes/kernel-modsign.bbclass +++ b/meta-integrity/classes/kernel-modsign.bbclass
@@ -15,7 +15,7 @@ MODSIGN_X509 ?= "${MODSIGN_KEY_DIR}/x509_modsign.crt"
15	# If this class is enabled, disable stripping signatures from modules	15	# If this class is enabled, disable stripping signatures from modules
16	INHIBIT_PACKAGE_STRIP = "1"	16	INHIBIT_PACKAGE_STRIP = "1"
17		17
18	kernel_do_configure_prepend() {	18	kernel_do_configure:prepend() {
19	if [ -f "${MODSIGN_PRIVKEY}" -a -f "${MODSIGN_X509}" ]; then	19	if [ -f "${MODSIGN_PRIVKEY}" -a -f "${MODSIGN_X509}" ]; then
20	cat "${MODSIGN_PRIVKEY}" "${MODSIGN_X509}" \	20	cat "${MODSIGN_PRIVKEY}" "${MODSIGN_X509}" \
21	> "${B}/modsign_key.pem"	21	> "${B}/modsign_key.pem"
@@ -24,6 +24,6 @@ kernel_do_configure_prepend() {
24	fi	24	fi
25	}	25	}
26		26
27	do_shared_workdir_append() {	27	do_shared_workdir:append() {
28	cp modsign_key.pem $kerneldir/	28	cp modsign_key.pem $kerneldir/
29	}	29	}


diff --git a/meta-integrity/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-ima.inc b/meta-integrity/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-ima.inc index a45182e..807075c 100644 --- a/meta-integrity/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-ima.inc +++ b/meta-integrity/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-ima.inc
@@ -1,8 +1,8 @@
1	FILESEXTRAPATHS_prepend := "${THISDIR}/files:"	1	FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
2		2
3	DEPENDS = "libtspi"	3	DEPENDS = "libtspi"
4		4
5	SRC_URI_append = " file://0001-xfrmi-Only-build-if-libcharon-is-built.patch"	5	SRC_URI:append = " file://0001-xfrmi-Only-build-if-libcharon-is-built.patch"
6		6
7	PACKAGECONFIG += " \	7	PACKAGECONFIG += " \
8	aikgen \	8	aikgen \


diff --git a/meta-integrity/recipes-core/base-files/base-files-ima.inc b/meta-integrity/recipes-core/base-files/base-files-ima.inc index 7e9e210..cfa65a2 100644 --- a/meta-integrity/recipes-core/base-files/base-files-ima.inc +++ b/meta-integrity/recipes-core/base-files/base-files-ima.inc
@@ -1,5 +1,5 @@
1	# Append iversion option for auto types	1	# Append iversion option for auto types
2	do_install_append() {	2	do_install:append() {
3	sed -i 's/\sauto\sdefaults/&,iversion/' "${D}${sysconfdir}/fstab"	3	sed -i 's/\sauto\sdefaults/&,iversion/' "${D}${sysconfdir}/fstab"
4	echo 'securityfs /sys/kernel/security securityfs defaults 0 0' >> "${D}${sysconfdir}/fstab"	4	echo 'securityfs /sys/kernel/security securityfs defaults 0 0' >> "${D}${sysconfdir}/fstab"
5	}	5	}


diff --git a/meta-integrity/recipes-core/images/integrity-image-minimal.bb b/meta-integrity/recipes-core/images/integrity-image-minimal.bb index 1a3a30a..f40e867 100644 --- a/meta-integrity/recipes-core/images/integrity-image-minimal.bb +++ b/meta-integrity/recipes-core/images/integrity-image-minimal.bb
@@ -18,4 +18,4 @@ export IMAGE_BASENAME = "integrity-image-minimal"
18		18
19	INHERIT += "ima-evm-rootfs"	19	INHERIT += "ima-evm-rootfs"
20		20
21	QB_KERNEL_CMDLINE_APPEND_append = " ima_appraise=fix ima_policy=tcb ima_policy=appraise_tcb"	21	QB_KERNEL_CMDLINE_APPEND:append = " ima_appraise=fix ima_policy=tcb ima_policy=appraise_tcb"


diff --git a/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb b/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb index 6471c53..58cbe6e 100644 --- a/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb +++ b/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb
@@ -30,7 +30,7 @@ do_install () {
30	sed -i "s/@@FORCE_IMA@@/${IMA_FORCE}/g" ${D}/init.d/20-ima	30	sed -i "s/@@FORCE_IMA@@/${IMA_FORCE}/g" ${D}/init.d/20-ima
31	}	31	}
32		32
33	FILES_${PN} = "/init.d ${sysconfdir}"	33	FILES:${PN} = "/init.d ${sysconfdir}"
34		34
35	RDEPENDS_${PN} = "keyutils ima-evm-keys ${IMA_POLICY}"	35	RDEPENDS:${PN} = "keyutils ima-evm-keys ${IMA_POLICY}"
36	RDEPENDS_${PN} += "initramfs-framework-base"	36	RDEPENDS:${PN} += "initramfs-framework-base"


diff --git a/meta-integrity/recipes-core/packagegroups/packagegroup-ima-evm-utils.bb b/meta-integrity/recipes-core/packagegroups/packagegroup-ima-evm-utils.bb index 8196edb..484859f 100644 --- a/meta-integrity/recipes-core/packagegroups/packagegroup-ima-evm-utils.bb +++ b/meta-integrity/recipes-core/packagegroups/packagegroup-ima-evm-utils.bb
@@ -6,6 +6,6 @@ inherit packagegroup features_check
6	REQUIRED_DISTRO_FEATURES = "ima"	6	REQUIRED_DISTRO_FEATURES = "ima"
7		7
8	# Only one at the moment, but perhaps more will come in the future.	8	# Only one at the moment, but perhaps more will come in the future.
9	RDEPENDS_${PN} = " \	9	RDEPENDS:${PN} = " \
10	ima-evm-utils \	10	ima-evm-utils \
11	"	11	"


diff --git a/meta-integrity/recipes-core/systemd/systemd_%.bbappend b/meta-integrity/recipes-core/systemd/systemd_%.bbappend index 3b45541..57b3684 100644 --- a/meta-integrity/recipes-core/systemd/systemd_%.bbappend +++ b/meta-integrity/recipes-core/systemd/systemd_%.bbappend
@@ -1,11 +1,11 @@
1	FILESEXTRAPATHS_prepend := "${THISDIR}/files:"	1	FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
2		2
3	SRC_URI += " \	3	SRC_URI += " \
4	file://machine-id-commit-sync.conf \	4	file://machine-id-commit-sync.conf \
5	file://random-seed-sync.conf \	5	file://random-seed-sync.conf \
6	"	6	"
7		7
8	do_install_append () {	8	do_install:append () {
9	for i in machine-id-commit random-seed; do	9	for i in machine-id-commit random-seed; do
10	install -d ${D}/${systemd_system_unitdir}/systemd-$i.service.d	10	install -d ${D}/${systemd_system_unitdir}/systemd-$i.service.d
11	install -m 0644 ${WORKDIR}/$i-sync.conf ${D}/${systemd_system_unitdir}/systemd-$i.service.d	11	install -m 0644 ${WORKDIR}/$i-sync.conf ${D}/${systemd_system_unitdir}/systemd-$i.service.d


diff --git a/meta-integrity/recipes-kernel/linux/linux_ima.inc b/meta-integrity/recipes-kernel/linux/linux_ima.inc index f9a48cd..3ab53e5 100644 --- a/meta-integrity/recipes-kernel/linux/linux_ima.inc +++ b/meta-integrity/recipes-kernel/linux/linux_ima.inc
@@ -1,5 +1,5 @@
1	KERNEL_FEATURES_append = " ${@bb.utils.contains("DISTRO_FEATURES", "ima", " features/ima/ima.scc", "" ,d)}"	1	KERNEL_FEATURES:append = " ${@bb.utils.contains("DISTRO_FEATURES", "ima", " features/ima/ima.scc", "" ,d)}"
2		2
3	KERNEL_FEATURES_append = " ${@bb.utils.contains('DISTRO_FEATURES', 'modsign', ' features/ima/modsign.scc', '', d)}"	3	KERNEL_FEATURES:append = " ${@bb.utils.contains('DISTRO_FEATURES', 'modsign', ' features/ima/modsign.scc', '', d)}"
4		4
5	inherit ${@bb.utils.contains('DISTRO_FEATURES', 'modsign', 'kernel-modsign', '', d)}	5	inherit ${@bb.utils.contains('DISTRO_FEATURES', 'modsign', 'kernel-modsign', '', d)}


diff --git a/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb b/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb index 7708aef..dd32397 100644 --- a/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb +++ b/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb
@@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384
5	inherit features_check	5	inherit features_check
6	REQUIRED_DISTRO_FEATURES = "ima"	6	REQUIRED_DISTRO_FEATURES = "ima"
7		7
8	ALLOW_EMPTY_${PN} = "1"	8	ALLOW_EMPTY:${PN} = "1"
9		9
10	do_install () {	10	do_install () {
11	if [ -e "${IMA_EVM_X509}" ]; then	11	if [ -e "${IMA_EVM_X509}" ]; then


diff --git a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb index bd85583..fc7a2d6 100644 --- a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb +++ b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb
@@ -4,7 +4,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
4		4
5	DEPENDS += "openssl attr keyutils"	5	DEPENDS += "openssl attr keyutils"
6		6
7	DEPENDS_class-native += "openssl-native keyutils-native"	7	DEPENDS:class-native += "openssl-native keyutils-native"
8		8
9	PV = "1.2.1+git${SRCPV}"	9	PV = "1.2.1+git${SRCPV}"
10	SRCREV = "3eab1f93b634249c1720f65fcb495b1996f0256e"	10	SRCREV = "3eab1f93b634249c1720f65fcb495b1996f0256e"
@@ -26,13 +26,13 @@ S = "${WORKDIR}/git"
26	inherit pkgconfig autotools features_check	26	inherit pkgconfig autotools features_check
27		27
28	REQUIRED_DISTRO_FEATURES = "ima"	28	REQUIRED_DISTRO_FEATURES = "ima"
29	REQUIRED_DISTRO_FEATURES_class-native = ""	29	REQUIRED_DISTRO_FEATURES:class-native = ""
30		30
31	EXTRA_OECONF_append_class-target = " --with-kernel-headers=${STAGING_KERNEL_BUILDDIR}"	31	EXTRA_OECONF:append:class-target = " --with-kernel-headers=${STAGING_KERNEL_BUILDDIR}"
32		32
33	# blkid is called by evmctl when creating evm checksums.	33	# blkid is called by evmctl when creating evm checksums.
34	# This is less useful when signing files on the build host,	34	# This is less useful when signing files on the build host,
35	# so disable it when compiling on the host.	35	# so disable it when compiling on the host.
36	RDEPENDS_${PN}_append_class-target = " util-linux-blkid libcrypto attr libattr keyutils"	36	RDEPENDS:${PN}:append:class-target = " util-linux-blkid libcrypto attr libattr keyutils"
37		37
38	BBCLASSEXTEND = "native nativesdk"	38	BBCLASSEXTEND = "native nativesdk"


diff --git a/meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb b/meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb index 84ea161..5f2244e 100644 --- a/meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb +++ b/meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb
@@ -12,5 +12,5 @@ do_install () {
12	install ${WORKDIR}/ima_policy_appraise_all ${D}/${sysconfdir}/ima/ima-policy	12	install ${WORKDIR}/ima_policy_appraise_all ${D}/${sysconfdir}/ima/ima-policy
13	}	13	}
14		14
15	FILES_${PN} = "${sysconfdir}/ima"	15	FILES:${PN} = "${sysconfdir}/ima"
16	RDEPENDS_${PN} = "ima-evm-utils"	16	RDEPENDS:${PN} = "ima-evm-utils"


diff --git a/meta-integrity/recipes-security/ima_policy_hashed/ima-policy-hashed_1.0.bb b/meta-integrity/recipes-security/ima_policy_hashed/ima-policy-hashed_1.0.bb index ff7169e..57c0640 100644 --- a/meta-integrity/recipes-security/ima_policy_hashed/ima-policy-hashed_1.0.bb +++ b/meta-integrity/recipes-security/ima_policy_hashed/ima-policy-hashed_1.0.bb
@@ -14,5 +14,5 @@ do_install () {
14	install ${WORKDIR}/ima_policy_hashed ${D}/${sysconfdir}/ima/ima-policy	14	install ${WORKDIR}/ima_policy_hashed ${D}/${sysconfdir}/ima/ima-policy
15	}	15	}
16		16
17	FILES_${PN} = "${sysconfdir}/ima"	17	FILES:${PN} = "${sysconfdir}/ima"
18	RDEPENDS_${PN} = "ima-evm-utils"	18	RDEPENDS:${PN} = "ima-evm-utils"


diff --git a/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb b/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb index 0e56aec..8fed410 100644 --- a/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb +++ b/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb
@@ -12,5 +12,5 @@ do_install () {
12	install ${WORKDIR}/ima_policy_simple ${D}/${sysconfdir}/ima/ima-policy	12	install ${WORKDIR}/ima_policy_simple ${D}/${sysconfdir}/ima/ima-policy
13	}	13	}
14		14
15	FILES_${PN} = "${sysconfdir}/ima"	15	FILES:${PN} = "${sysconfdir}/ima"
16	RDEPENDS_${PN} = "ima-evm-utils"	16	RDEPENDS:${PN} = "ima-evm-utils"