diff options
| author | Bruce Ashfield <bruce.ashfield@gmail.com> | 2024-11-06 21:29:08 -0500 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2024-11-07 13:31:26 +0000 |
| commit | 5ed4e3558e771c0191edff04598b7e2fe49ace91 (patch) | |
| tree | 1cafdaa9301cac19b8ace3df60464c17ec8842c6 | |
| parent | 772c998f8440a7f5595aeea7c0e46933de8128b0 (diff) | |
| download | poky-5ed4e3558e771c0191edff04598b7e2fe49ace91.tar.gz | |
kernel-yocto: allow cfg fragments to be specified as required
When .scc files are used, a configuration fragment can be declared
as "hardware" (required) or "non-hardware" (optional).
By default the configuration audit only warns about hardware
options. We can extend that default level of auditing to configuration
fragments that are on the SRC_URI or in KERNEL_FEATURES by
adding the ability to put a specifier after the fragment.
i.e. KERNEL_FEATURES:append = 'hardening.config:required'
This is particular useful for fragments that are outside of
the kernel-cache (in a layer, in a kernel tree, etc)
(From OE-Core rev: 0a84a3dd00543adffdef4fcf5381faab2984541e)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/classes-recipe/kernel-yocto.bbclass | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/meta/classes-recipe/kernel-yocto.bbclass b/meta/classes-recipe/kernel-yocto.bbclass index 66602d3594..e73adcc725 100644 --- a/meta/classes-recipe/kernel-yocto.bbclass +++ b/meta/classes-recipe/kernel-yocto.bbclass | |||
| @@ -271,6 +271,9 @@ do_kernel_metadata() { | |||
| 271 | KERNEL_FEATURES_FINAL="" | 271 | KERNEL_FEATURES_FINAL="" |
| 272 | if [ -n "${KERNEL_FEATURES}" ]; then | 272 | if [ -n "${KERNEL_FEATURES}" ]; then |
| 273 | for feature in ${KERNEL_FEATURES}; do | 273 | for feature in ${KERNEL_FEATURES}; do |
| 274 | feature_as_specified="$feature" | ||
| 275 | feature="$(echo $feature_as_specified | cut -d: -f1)" | ||
| 276 | feature_specifier="$(echo $feature_as_specified | cut -d: -f2)" | ||
| 274 | feature_found=f | 277 | feature_found=f |
| 275 | for d in $includes; do | 278 | for d in $includes; do |
| 276 | path_to_check=$(echo $d | sed 's/^-I//') | 279 | path_to_check=$(echo $d | sed 's/^-I//') |
| @@ -288,7 +291,7 @@ do_kernel_metadata() { | |||
| 288 | bbfatal_log "Set KERNEL_DANGLING_FEATURES_WARN_ONLY to ignore this issue" | 291 | bbfatal_log "Set KERNEL_DANGLING_FEATURES_WARN_ONLY to ignore this issue" |
| 289 | fi | 292 | fi |
| 290 | else | 293 | else |
| 291 | KERNEL_FEATURES_FINAL="$KERNEL_FEATURES_FINAL $feature" | 294 | KERNEL_FEATURES_FINAL="$KERNEL_FEATURES_FINAL $feature_as_specified" |
| 292 | fi | 295 | fi |
| 293 | done | 296 | done |
| 294 | fi | 297 | fi |