meta-security: Add a new .bbclass for meta-security layer.

Inheriting the class will cause the check_security function to run on the
ROOTFS image. Currently the check_security function just invokes
buck-security-native on the root filesystem of the image.

1 files changed, 7 insertions, 0 deletions

diff --git a/classes/check_security.bbclass b/classes/check_security.bbclass
new file mode 100644
index 0000000..6d6682e
--- /dev/null
+++ b/classes/check_security.bbclass
@@ -0,0 +1,7 @@
+check_security () {
+    ${STAGING_BINDIR_NATIVE}/buck-security -sysroot ${IMAGE_ROOTFS} -log ${T}/log.do_checksecurity.${PID} -disable-checks "checksum,firewall,packages_problematic,services,sshd,usermask" -no-sudo > /dev/null
+}
+
+EXTRA_IMAGEDEPENDS += "buck-security-native"
+
+ROOTFS_POSTPROCESS_COMMAND += "check_security;"