diff options
author | Kevin Hao <kexin.hao@windriver.com> | 2024-02-22 09:21:54 +0800 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2024-03-27 12:36:58 -0400 |
commit | d80cd2ba6a3ef850cef12578671a5b17d86d3e7c (patch) | |
tree | 8c2581fa23799f15d841b2c9337bd5d628c01315 | |
parent | 7b951e3900943b5f4a05a0c06cdff6bd29b4fa00 (diff) | |
download | meta-security-d80cd2ba6a3ef850cef12578671a5b17d86d3e7c.tar.gz |
dm-verity: Set the IMAGE_FSTYPES correctly when dm-verity is enabled
After the using inherit_defer for the image classes in oe-core commit
451363438d38 ("classes/recipes: Switch to use inherit_defer"),
the using of anonymous python function in dm-verity-img.bbclass to
set the IMAGE_FSTYPES doesn't work anymore. The reason is that
image.bbclass also use anonymous python function to add the do_image_xxx
task for the corresponding filesystem type. The anonymous function in
dm-verity-img.bbclass is evaluated much later than the one in
image.bbclass. Then the task such as do_image_vhash will not be added
as we expect. So we choose to use "+=" to set the IMAGE_FSTYPES.
The populate_sdk_ext.bbclass may generate a dependency list like below:
core-image-minimal.do_sdk_depends -> lib32-core-image-minimal.do_image_vhash
So we also need to make sure the do_image_vhash task for the multilib
filesystem is added.
Signed-off-by: Kevin Hao <kexin.hao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r-- | classes/dm-verity-img.bbclass | 24 |
1 files changed, 19 insertions, 5 deletions
diff --git a/classes/dm-verity-img.bbclass b/classes/dm-verity-img.bbclass index 62c3069..7f79548 100644 --- a/classes/dm-verity-img.bbclass +++ b/classes/dm-verity-img.bbclass | |||
@@ -177,6 +177,24 @@ CONVERSION_CMD:verity = "verity_setup ${type}" | |||
177 | CONVERSION_DEPENDS_verity = "cryptsetup-native" | 177 | CONVERSION_DEPENDS_verity = "cryptsetup-native" |
178 | IMAGE_CMD:vhash = "verity_hash" | 178 | IMAGE_CMD:vhash = "verity_hash" |
179 | 179 | ||
180 | def get_verity_fstypes(d): | ||
181 | verity_image = d.getVar('DM_VERITY_IMAGE') | ||
182 | verity_type = d.getVar('DM_VERITY_IMAGE_TYPE') | ||
183 | verity_hash = d.getVar('DM_VERITY_SEPARATE_HASH') | ||
184 | pn = d.getVar('PN') | ||
185 | |||
186 | fstypes = "" | ||
187 | if not pn.endswith(verity_image): | ||
188 | return fstypes # This doesn't concern this image | ||
189 | |||
190 | fstypes = verity_type + ".verity" | ||
191 | if verity_hash == "1": | ||
192 | fstypes += " vhash" | ||
193 | |||
194 | return fstypes | ||
195 | |||
196 | IMAGE_FSTYPES += "${@get_verity_fstypes(d)}" | ||
197 | |||
180 | python __anonymous() { | 198 | python __anonymous() { |
181 | verity_image = d.getVar('DM_VERITY_IMAGE') | 199 | verity_image = d.getVar('DM_VERITY_IMAGE') |
182 | verity_type = d.getVar('DM_VERITY_IMAGE_TYPE') | 200 | verity_type = d.getVar('DM_VERITY_IMAGE_TYPE') |
@@ -188,16 +206,12 @@ python __anonymous() { | |||
188 | bb.warn('dm-verity-img class inherited but not used') | 206 | bb.warn('dm-verity-img class inherited but not used') |
189 | return | 207 | return |
190 | 208 | ||
191 | if verity_image != pn: | 209 | if not pn.endswith(verity_image): |
192 | return # This doesn't concern this image | 210 | return # This doesn't concern this image |
193 | 211 | ||
194 | if len(verity_type.split()) != 1: | 212 | if len(verity_type.split()) != 1: |
195 | bb.fatal('DM_VERITY_IMAGE_TYPE must contain exactly one type') | 213 | bb.fatal('DM_VERITY_IMAGE_TYPE must contain exactly one type') |
196 | 214 | ||
197 | d.appendVar('IMAGE_FSTYPES', ' %s.verity' % verity_type) | ||
198 | if verity_hash == "1": | ||
199 | d.appendVar('IMAGE_FSTYPES', ' vhash') | ||
200 | |||
201 | # If we're using wic: we'll have to use partition images and not the rootfs | 215 | # If we're using wic: we'll have to use partition images and not the rootfs |
202 | # source plugin so add the appropriate dependency. | 216 | # source plugin so add the appropriate dependency. |
203 | if 'wic' in image_fstypes: | 217 | if 'wic' in image_fstypes: |