From 40420437422f6a1fff187280547096366806aee6 Mon Sep 17 00:00:00 2001 From: Yi Zhao Date: Wed, 4 Aug 2021 10:52:40 +0800 Subject: [PATCH] meta-secure-core: Convert to new override syntax Converting the metadata to use ":" as the override character instead of "_". Signed-off-by: Yi Zhao --- README | 12 ++++---- .../packagegroup-efi-secure-boot.bb | 12 ++++---- .../efitools/efitools-native_git.bb | 4 +-- .../recipes-bsp/efitools/efitools.inc | 12 ++++---- .../recipes-bsp/efitools/efitools_git.bb | 8 ++--- .../grub/grub-efi-efi-secure-boot.inc | 28 ++++++++--------- .../recipes-bsp/seloader/seloader_git.bb | 8 ++--- .../recipes-bsp/shim/shim_git.bb | 10 +++---- .../kernel-initramfs-efi-secure-boot.inc | 6 ++-- .../recipes-core/ovmf/ovmf_%.bbappend | 12 ++++---- .../systemd/systemd-efi-secure-boot.inc | 2 +- .../recipes-extended/mokutil/mokutil_git.bb | 4 +-- .../linux/linux-yocto-efi-secure-boot.inc | 12 ++++---- .../packagegroup-luks-initramfs.bb | 2 +- .../packagegroups/packagegroup-luks.bb | 2 +- .../packagegroups/packagegroup-luks.inc | 4 +-- .../recipes-core/systemd/systemd_%.bbappend | 2 +- .../recipes-kernel/linux/linux-yocto-luks.inc | 2 +- .../cryptsetup/cryptsetup_%.bbappend | 4 +-- .../recipes-support/lvm2/lvm2_%.bbappend | 2 +- .../cryptfs-tpm2/cryptfs-tpm2_git.bb | 10 +++---- .../packagegroups/packagegroup-ids.bb | 2 +- meta-integrity/classes/sign_rpm_ext.bbclass | 4 +-- meta-integrity/conf/layer.conf | 2 +- .../packagegroup-ima-initramfs.bb | 2 +- .../packagegroups/packagegroup-ima.bb | 4 +-- .../packagegroups/packagegroup-ima.inc | 4 +-- .../base-files/base-files-integrity.inc | 2 +- .../initrdscripts/initrdscripts-ima.bb | 8 ++--- .../recipes-core/systemd/systemd_%.bbappend | 2 +- .../util-linux/util-linux-integrity.inc | 8 ++--- .../recipes-devtools/rpm/rpm-integrity.inc | 12 ++++---- .../linux/linux-yocto-integrity.inc | 4 +-- .../ima-evm-utils/ima-evm-utils_git.bb | 4 +-- .../ima-policy/ima-policy_0.1.bb | 2 +- .../intel-sgx-driver/intel-sgx-driver_2.1.bb | 2 +- .../classes/user-key-store.bbclass | 2 +- meta-signing-key/conf/layer.conf | 2 +- .../recipes-devtools/libsign/libsign_git.bb | 8 ++--- .../sbsigntool/sbsigntool_git.bb | 2 +- .../key-store/key-store_0.1.bb | 28 ++++++++--------- .../packagegroups/packagegroup-tpm.bb | 4 +-- .../recipes-kernel/linux/linux-yocto-tpm.inc | 2 +- .../openssl-tpm-engine_0.5.0.bb | 20 ++++++------- .../recipes-tpm/tpm-tools/tpm-tools_git.bb | 6 ++-- meta-tpm/recipes-tpm/trousers/trousers_git.bb | 28 ++++++++--------- .../tss-testsuite/tss-testsuite_git.bb | 8 ++--- .../packagegroups/packagegroup-tpm2.bb | 4 +-- .../recipes-kernel/linux/linux-yocto-tpm2.inc | 2 +- .../tpm2-abrmd/tpm2-abrmd_2.3.2.bb | 14 ++++----- .../recipes-tpm/tpm2-tss/tpm2-tss_2.3.3.bb | 30 +++++++++---------- meta/recipes-core/images/kernel-initramfs.bb | 10 +++---- .../images/secure-core-image-initramfs.bb | 2 +- meta/recipes-core/images/secure-core-image.bb | 2 +- .../recipes-core/images/secure-core-image.inc | 4 +-- .../initrdscripts-secure-core.bb | 6 ++-- 56 files changed, 202 insertions(+), 202 deletions(-) diff --git a/README b/README index 5ae8533..79b19ad 100644 --- a/README +++ b/README @@ -77,10 +77,10 @@ The full features in meta-secure-core can be configured with these definitions in local.conf: INITRAMFS_IMAGE = "secure-core-image-initramfs" -DISTRO_FEATURES_NATIVE_append += "systemd ima tpm tpm2 efi-secure-boot luks" -DISTRO_FEATURES_append += "systemd ima tpm tpm2 efi-secure-boot luks modsign" -MACHINE_FEATURES_NATIVE_append += "efi" -MACHINE_FEATURES_append += "efi" +DISTRO_FEATURES_NATIVE:append = " systemd ima tpm tpm2 efi-secure-boot luks" +DISTRO_FEATURES:append = " systemd ima tpm tpm2 efi-secure-boot luks modsign" +MACHINE_FEATURES_NATIVE:append = " efi" +MACHINE_FEATURES:append = " efi" PACKAGE_CLASSES = "package_rpm" INHERIT += "sign_rpm_ext" SECURE_CORE_IMAGE_EXTRA_INSTALL ?= "\ @@ -90,9 +90,9 @@ SECURE_CORE_IMAGE_EXTRA_INSTALL ?= "\ packagegroup-ima \ packagegroup-luks \ " -DEBUG_FLAGS_forcevariable = "" +DEBUG_FLAGS:forcevariable = "" IMAGE_INSTALL += "kernel-image-bzimage" -USER_CLASSES_remove = "image-prelink" +USER_CLASSES:remove = "image-prelink" # Uncomment this line to modify the root parameter in boot command line if the default one # is not working for you. It is helpful when secure boot is enabled. diff --git a/meta-efi-secure-boot/recipes-base/packagegroups/packagegroup-efi-secure-boot.bb b/meta-efi-secure-boot/recipes-base/packagegroups/packagegroup-efi-secure-boot.bb index 341e767..61afc93 100644 --- a/meta-efi-secure-boot/recipes-base/packagegroups/packagegroup-efi-secure-boot.bb +++ b/meta-efi-secure-boot/recipes-base/packagegroups/packagegroup-efi-secure-boot.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "\ S = "${WORKDIR}" SELOADER_PKG = "${@'seloader' if d.getVar('UEFI_SELOADER', True) == '1' else ''}" -ALLOW_EMPTY_${PN} = "1" +ALLOW_EMPTY:${PN} = "1" pkgs = "\ grub-efi \ @@ -18,15 +18,15 @@ pkgs = "\ shim \ " -RDEPENDS_${PN}_x86 = "${pkgs}" -RDEPENDS_${PN}_x86-64 = "${pkgs}" +RDEPENDS:${PN}:x86 = "${pkgs}" +RDEPENDS:${PN}:x86-64 = "${pkgs}" kmods = "\ kernel-module-efivarfs \ kernel-module-efivars \ " -RRECOMMENDS_${PN}_x86 += "${kmods}" -RRECOMMENDS_${PN}_x86-64 += "${kmods}" +RRECOMMENDS:${PN}:x86 += "${kmods}" +RRECOMMENDS:${PN}:x86-64 += "${kmods}" -IMAGE_INSTALL_remove += "grub" +IMAGE_INSTALL:remove += "grub" diff --git a/meta-efi-secure-boot/recipes-bsp/efitools/efitools-native_git.bb b/meta-efi-secure-boot/recipes-bsp/efitools/efitools-native_git.bb index 616e2fd..7b8cbc5 100644 --- a/meta-efi-secure-boot/recipes-bsp/efitools/efitools-native_git.bb +++ b/meta-efi-secure-boot/recipes-bsp/efitools/efitools-native_git.bb @@ -1,10 +1,10 @@ require efitools.inc -DEPENDS_append = " gnu-efi-native" +DEPENDS:append = " gnu-efi-native" inherit native -EXTRA_OEMAKE_append = "\ +EXTRA_OEMAKE:append = " \ INCDIR_PREFIX='${STAGING_DIR_NATIVE}' \ CRTPATH_PREFIX='${STAGING_DIR_NATIVE}' \ " diff --git a/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc b/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc index 9f4bec4..6f2582a 100644 --- a/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc +++ b/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc @@ -10,7 +10,7 @@ in the Linux 3.8 kernel. \ LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=e28f66b16cb46be47b20a4cdfe6e99a1" -DEPENDS_append += "\ +DEPENDS:append = " \ help2man-native openssl-native sbsigntool-native \ libfile-slurp-perl-native \ " @@ -47,12 +47,12 @@ EXTRA_OEMAKE = "\ OPENSSL_LIB='${STAGING_LIBDIR_NATIVE}' \ EXTRA_LDFLAGS='${LDFLAGS}' \ " -EXTRA_OEMAKE_append_x86 += " ARCH=ia32" -EXTRA_OEMAKE_append_x86-64 += " ARCH=x86_64" +EXTRA_OEMAKE:append:x86 = " ARCH=ia32" +EXTRA_OEMAKE:append:x86-64 = " ARCH=x86_64" EFI_BOOT_PATH = "/boot/efi/EFI/BOOT" -do_compile_prepend() { +do_compile:prepend() { sed -i -e "1s:#!.*:#!/usr/bin/env nativeperl:" xxdi.pl } @@ -60,7 +60,7 @@ do_install() { oe_runmake install DESTDIR='${D}${base_prefix}' } -fakeroot python do_sign_class-target() { +fakeroot python do_sign:class-target() { if d.getVar('GRUB_SIGN_VERIFY', True) != '1': return @@ -74,6 +74,6 @@ do_sign[prefuncs] += "${@'check_boot_public_key' if d.getVar('GRUB_SIGN_VERIFY', fakeroot python do_sign() { } -FILES_${PN} += "${EFI_BOOT_PATH}" +FILES:${PN} += "${EFI_BOOT_PATH}" SSTATE_DUPWHITELIST += "${DEPLOY_DIR_IMAGE}/LockDown.efi" diff --git a/meta-efi-secure-boot/recipes-bsp/efitools/efitools_git.bb b/meta-efi-secure-boot/recipes-bsp/efitools/efitools_git.bb index ffc2dc8..9b484f1 100644 --- a/meta-efi-secure-boot/recipes-bsp/efitools/efitools_git.bb +++ b/meta-efi-secure-boot/recipes-bsp/efitools/efitools_git.bb @@ -3,7 +3,7 @@ require efitools.inc # The generated native binaries are used during native and target build DEPENDS += "${BPN}-native gnu-efi openssl" -SRC_URI_append += "\ +SRC_URI:append = " \ file://LockDown-enable-the-enrollment-for-DBX.patch \ file://LockDown-show-the-error-message-with-3-sec-timeout.patch \ file://Makefile-do-not-build-signed-efi-image.patch \ @@ -16,7 +16,7 @@ COMPATIBLE_HOST = '(i.86|x86_64).*-linux' inherit user-key-store deploy -EXTRA_OEMAKE_append += "\ +EXTRA_OEMAKE:append = " \ INCDIR_PREFIX='${STAGING_DIR_TARGET}' \ CRTPATH_PREFIX='${STAGING_DIR_TARGET}' \ SIGN_EFI_SIG_LIST='${STAGING_BINDIR_NATIVE}/sign-efi-sig-list' \ @@ -67,7 +67,7 @@ python do_prepare_signing_keys() { addtask prepare_signing_keys after do_configure before do_compile do_prepare_signing_keys[prefuncs] += "check_deploy_keys" -do_install_append() { +do_install:append() { install -d ${D}${EFI_BOOT_PATH} install -m 0755 ${D}${datadir}/efitools/efi/LockDown.efi ${D}${EFI_BOOT_PATH} } @@ -82,6 +82,6 @@ do_deploy() { } addtask deploy after do_install before do_build -RDEPENDS_${PN}_append += "\ +RDEPENDS:${PN}:append = " \ parted mtools coreutils util-linux openssl libcrypto \ " diff --git a/meta-efi-secure-boot/recipes-bsp/grub/grub-efi-efi-secure-boot.inc b/meta-efi-secure-boot/recipes-bsp/grub/grub-efi-efi-secure-boot.inc index 2c58687..4ce638a 100644 --- a/meta-efi-secure-boot/recipes-bsp/grub/grub-efi-efi-secure-boot.inc +++ b/meta-efi-secure-boot/recipes-bsp/grub/grub-efi-efi-secure-boot.inc @@ -1,5 +1,5 @@ DEPENDS += "openssl-native" -FILESEXTRAPATHS_prepend := "${THISDIR}/grub-efi:" +FILESEXTRAPATHS:prepend := "${THISDIR}/grub-efi:" GRUB_SIGN_VERIFY_STRICT ?= "1" @@ -13,7 +13,7 @@ GRUB_MOKVERIFY_PATCH = " \ file://verify-all-buffiles.patch \ " -SRC_URI_append_class-target += "\ +SRC_URI:append:class-target = " \ file://0001-pe32.h-add-header-structures-for-TE-and-DOS-executab.patch \ file://0002-shim-add-needed-data-structures.patch \ file://0003-efi-chainloader-implement-an-UEFI-Exit-service-for-s.patch \ @@ -36,7 +36,7 @@ SRC_URI_append_class-target += "\ " # functions efi_call_foo and efi_shim_exit are not implemented for arm64 yet -COMPATIBLE_HOST_aarch64 = 'null' +COMPATIBLE_HOST:aarch64 = 'null' GRUB_PREFIX_DIR ?= "/EFI/BOOT" EFI_BOOT_PATH ?= "/boot/efi/EFI/BOOT" @@ -48,14 +48,14 @@ GRUB_SIGNING_MODULES += "${@'pgp gcry_rsa gcry_sha256 gcry_sha512 --pubkey %s ' GRUB_SELOADER_MODULES += "${@'mok2verify ' if d.getVar('UEFI_SELOADER', True) == '1' else ''}" -GRUB_BUILDIN_append_class-target += "\ +GRUB_BUILDIN:append:class-target = " \ tftp reboot chain \ ${GRUB_SECURE_BOOT_MODULES} \ ${GRUB_SIGNING_MODULES} \ ${GRUB_SELOADER_MODULES}" # For efi_call_foo and efi_shim_exit -CFLAGS_append_class-target = " -fno-toplevel-reorder" +CFLAGS:append:class-target = " -fno-toplevel-reorder" # Set a default root specifier. inherit user-key-store @@ -80,7 +80,7 @@ python __anonymous () { d.setVar("GRUB_IMAGE", grubimage) } -do_compile_append_class-target() { +do_compile:append:class-target() { if [ "${GRUB_SIGN_VERIFY}" = "1" -a "${GRUB_SIGN_VERIFY_STRICT}" = "1" ] ; then cat<${WORKDIR}/cfg set strict_security=1 @@ -94,15 +94,15 @@ set prefix=(\$root)${GRUB_PREFIX_DIR} EOF } -do_compile_append_class-native() { +do_compile:append:class-native() { make grub-editenv } -do_install_append_class-native() { +do_install:append:class-native() { install -m 0755 grub-editenv "${D}${bindir}" } -do_install_append_class-target() { +do_install:append:class-target() { local menu="${WORKDIR}/boot-menu.inc" # Enable the default IMA rules if IMA is enabled and luks is disabled. @@ -145,13 +145,13 @@ do_install_append_class-target() { rm -f ${D}${EFI_BOOT_PATH}/${GRUB_TARGET}-efi/*.module } -python do_sign_prepend_class-target() { +python do_sign:prepend:class-target() { bb.build.exec_func("check_deploy_keys", d) if d.getVar('GRUB_SIGN_VERIFY') == '1': bb.build.exec_func("check_boot_public_key", d) } -fakeroot python do_sign_class-target() { +fakeroot python do_sign:class-target() { image_dir = d.getVar('D', True) efi_boot_path = d.getVar('EFI_BOOT_PATH', True) grub_image = d.getVar('GRUB_IMAGE', True) @@ -181,7 +181,7 @@ fakeroot do_chownboot() { addtask chownboot after do_deploy before do_package # Append the do_deploy() in oe-core. -do_deploy_append_class-target() { +do_deploy:append:class-target() { install -m 0644 "${D}${EFI_BOOT_PATH}/${GRUB_IMAGE}" "${DEPLOYDIR}" # Deploy the stacked grub configs. @@ -202,9 +202,9 @@ do_deploy_append_class-target() { PSEUDO_DISABLED=1 cp -af "${D}${EFI_BOOT_PATH}/${GRUB_TARGET}-efi" "${DEPLOYDIR}/efi-unsigned" } -FILES_${PN} += "${EFI_BOOT_PATH}" +FILES:${PN} += "${EFI_BOOT_PATH}" -CONFFILES_${PN} += "\ +CONFFILES:${PN} += "\ ${EFI_BOOT_PATH}/grub.cfg \ ${EFI_BOOT_PATH}/grubenv \ ${EFI_BOOT_PATH}/boot-menu.inc \ diff --git a/meta-efi-secure-boot/recipes-bsp/seloader/seloader_git.bb b/meta-efi-secure-boot/recipes-bsp/seloader/seloader_git.bb index fee1504..f6cacc0 100644 --- a/meta-efi-secure-boot/recipes-bsp/seloader/seloader_git.bb +++ b/meta-efi-secure-boot/recipes-bsp/seloader/seloader_git.bb @@ -45,8 +45,8 @@ EXTRA_OEMAKE = "\ LIB_GCC="`${CC} -print-libgcc-file-name`" \ " -EFI_ARCH_x86 = "ia32" -EFI_ARCH_x86-64 = "x64" +EFI_ARCH:x86 = "ia32" +EFI_ARCH:x86-64 = "x64" EFI_TARGET = "/boot/efi/EFI/BOOT" @@ -91,8 +91,8 @@ do_deploy() { } addtask deploy after do_install before do_build -RDEPENDS_${PN} += "ovmf-pkcs7-efi" +RDEPENDS:${PN} += "ovmf-pkcs7-efi" -FILES_${PN} += "${EFI_TARGET}" +FILES:${PN} += "${EFI_TARGET}" SSTATE_DUPWHITELIST += "${DEPLOY_DIR_IMAGE}/efi-unsigned" diff --git a/meta-efi-secure-boot/recipes-bsp/shim/shim_git.bb b/meta-efi-secure-boot/recipes-bsp/shim/shim_git.bb index 489f1c3..3b71690 100644 --- a/meta-efi-secure-boot/recipes-bsp/shim/shim_git.bb +++ b/meta-efi-secure-boot/recipes-bsp/shim/shim_git.bb @@ -30,7 +30,7 @@ SRC_URI = "\ file://0001-MokManager-Use-CompareMem-on-MokListNode.Type-instea.patch \ file://0001-console.c-Fix-compilation-against-latest-usr-include.patch \ " -SRC_URI_append_x86-64 = "\ +SRC_URI:append:x86-64 = " \ ${@bb.utils.contains('DISTRO_FEATURES', 'msft', \ 'file://shim' + d.expand('EFI_ARCH') + '.efi.signed file://LICENSE' \ if uks_signing_model(d) == 'sample' else '', '', d)} \ @@ -66,7 +66,7 @@ EXTRA_OEMAKE = "\ ENABLE_SBSIGN=1 \ " -EXTRA_OEMAKE_append_x86-64 = " OVERRIDE_SECURITY_POLICY=1" +EXTRA_OEMAKE:append:x86-64 = " OVERRIDE_SECURITY_POLICY=1" PARALLEL_MAKE = "" COMPATIBLE_HOST = '(i.86|x86_64).*-linux' @@ -75,8 +75,8 @@ EFI_TARGET = "/boot/efi/EFI/BOOT" MSFT = "${@bb.utils.contains('DISTRO_FEATURES', 'msft', '1', '0', d)}" -EFI_ARCH_x86 = "ia32" -EFI_ARCH_x86-64 = "x64" +EFI_ARCH:x86 = "ia32" +EFI_ARCH:x86-64 = "x64" # Prepare the signing certificate and keys python do_prepare_signing_keys() { @@ -148,4 +148,4 @@ do_deploy() { } addtask deploy after do_install before do_build -FILES_${PN} += "${EFI_TARGET}" +FILES:${PN} += "${EFI_TARGET}" diff --git a/meta-efi-secure-boot/recipes-core/images/kernel-initramfs-efi-secure-boot.inc b/meta-efi-secure-boot/recipes-core/images/kernel-initramfs-efi-secure-boot.inc index 2ac5e8c..9d92672 100644 --- a/meta-efi-secure-boot/recipes-core/images/kernel-initramfs-efi-secure-boot.inc +++ b/meta-efi-secure-boot/recipes-core/images/kernel-initramfs-efi-secure-boot.inc @@ -23,16 +23,16 @@ do_deploy() { } addtask deploy after do_install before do_package -python do_package_prepend () { +python do_package:prepend () { ext = d.expand('${SB_FILE_EXT}') if d.getVar('BUNDLE') == '1': - d.appendVar(d.expand('ALTERNATIVE_${PN}'), ' ' + d.expand('${KERNEL_IMAGETYPE}' + '-initramfs' + ext)) + d.appendVar(d.expand('ALTERNATIVE:${PN}'), ' ' + d.expand('${KERNEL_IMAGETYPE}' + '-initramfs' + ext)) d.setVarFlag('ALTERNATIVE_LINK_NAME', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs' + ext, d.expand('/boot/${KERNEL_IMAGETYPE}-initramfs' + ext)) d.setVarFlag('ALTERNATIVE_TARGET', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs' + ext, d.expand('/boot/${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}' + ext)) d.setVarFlag('ALTERNATIVE_PRIORITY', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs' + ext, '50101') else: for compr in d.getVar('INITRAMFS_FSTYPES').split(): - d.appendVar(d.expand('ALTERNATIVE_${PN}'), ' ' + d.expand('${INITRAMFS_IMAGE}') + ext) + d.appendVar(d.expand('ALTERNATIVE:${PN}'), ' ' + d.expand('${INITRAMFS_IMAGE}') + ext) d.setVarFlag('ALTERNATIVE_LINK_NAME', d.expand('${INITRAMFS_IMAGE}') + ext, d.expand('/boot/${INITRAMFS_IMAGE}') + ext) d.setVarFlag('ALTERNATIVE_TARGET', d.expand('${INITRAMFS_IMAGE}') + ext, d.expand('/boot/${INITRAMFS_IMAGE}${INITRAMFS_EXT_NAME}.' + compr + ext)) d.setVarFlag('ALTERNATIVE_PRIORITY', d.expand('${INITRAMFS_IMAGE}') + ext, '50101') diff --git a/meta-efi-secure-boot/recipes-core/ovmf/ovmf_%.bbappend b/meta-efi-secure-boot/recipes-core/ovmf/ovmf_%.bbappend index 01c7007..5d1a163 100644 --- a/meta-efi-secure-boot/recipes-core/ovmf/ovmf_%.bbappend +++ b/meta-efi-secure-boot/recipes-core/ovmf/ovmf_%.bbappend @@ -1,9 +1,9 @@ inherit user-key-store -PACKAGECONFIG_append = " secureboot" +PACKAGECONFIG:append = " secureboot" # For SELoader -do_compile_class-target_append() { +do_compile:class-target:append() { if ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'true', 'false', d)}; then secbuild_dir="${S}/Build/SecurityPkg/RELEASE_${FIXED_GCCVER}" ${S}/OvmfPkg/build.sh $PARALLEL_JOBS -a $OVMF_ARCH -b RELEASE -t ${FIXED_GCCVER} ${OVMF_SECURE_BOOT_FLAGS} -p SecurityPkg/SecurityPkg.dsc @@ -14,7 +14,7 @@ do_compile_class-target_append() { EFI_TARGET = "/boot/efi/EFI/BOOT" -do_install_class-target_append() { +do_install:class-target:append() { if ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'true', 'false', d)}; then mkdir -p ${D}${EFI_TARGET} if [ x"${UEFI_SB}" = x"1" ]; then @@ -30,13 +30,13 @@ do_install_class-target_append() { python do_sign() { } -python do_sign_class-target() { +python do_sign:class-target() { sb_sign(d.expand('${WORKDIR}/ovmf/Hash2DxeCrypto.efi'), d.expand('${WORKDIR}/ovmf/Hash2DxeCrypto.efi.signed'), d) sb_sign(d.expand('${WORKDIR}/ovmf/Pkcs7VerifyDxe.efi'), d.expand('${WORKDIR}/ovmf/Pkcs7VerifyDxe.efi.signed'), d) } addtask sign after do_compile before do_install do_deploy -do_deploy_class-target_append() { +do_deploy:class-target:append() { if [ x"${UEFI_SB}" = x"1" ]; then install -d ${DEPLOYDIR}/efi-unsigned install ${WORKDIR}/ovmf/Pkcs7VerifyDxe.efi "${DEPLOYDIR}/efi-unsigned/Pkcs7VerifyDxe.efi" @@ -53,7 +53,7 @@ PACKAGES += " \ ovmf-pkcs7-efi \ " -FILES_ovmf-pkcs7-efi += " \ +FILES:ovmf-pkcs7-efi += " \ ${EFI_TARGET}/Hash2DxeCrypto.efi \ ${EFI_TARGET}/Pkcs7VerifyDxe.efi \ " diff --git a/meta-efi-secure-boot/recipes-core/systemd/systemd-efi-secure-boot.inc b/meta-efi-secure-boot/recipes-core/systemd/systemd-efi-secure-boot.inc index da6e27b..b7b631c 100644 --- a/meta-efi-secure-boot/recipes-core/systemd/systemd-efi-secure-boot.inc +++ b/meta-efi-secure-boot/recipes-core/systemd/systemd-efi-secure-boot.inc @@ -1,5 +1,5 @@ DEPENDS += "gnu-efi" -PACKAGECONFIG_append = " efi" +PACKAGECONFIG:append = " efi" EXTRA_OEMESON += "-Dgnu-efi=true \ -Defi-libdir=${STAGING_LIBDIR} \ -Defi-includedir=${STAGING_INCDIR}" diff --git a/meta-efi-secure-boot/recipes-extended/mokutil/mokutil_git.bb b/meta-efi-secure-boot/recipes-extended/mokutil/mokutil_git.bb index b91790c..3c215fb 100644 --- a/meta-efi-secure-boot/recipes-extended/mokutil/mokutil_git.bb +++ b/meta-efi-secure-boot/recipes-extended/mokutil/mokutil_git.bb @@ -24,6 +24,6 @@ EXTRA_OEMAKE += "\ COMPATIBLE_HOST = '(i.86|x86_64|arm|aarch64).*-linux' -FILES_${PN} += "${datadir}/bash-completion/*" +FILES:${PN} += "${datadir}/bash-completion/*" -RDEPENDS_${PN} += "openssl efivar" +RDEPENDS:${PN} += "openssl efivar" diff --git a/meta-efi-secure-boot/recipes-kernel/linux/linux-yocto-efi-secure-boot.inc b/meta-efi-secure-boot/recipes-kernel/linux/linux-yocto-efi-secure-boot.inc index 27bb3a2..28bd91b 100644 --- a/meta-efi-secure-boot/recipes-kernel/linux/linux-yocto-efi-secure-boot.inc +++ b/meta-efi-secure-boot/recipes-kernel/linux/linux-yocto-efi-secure-boot.inc @@ -4,8 +4,8 @@ efi_secure_boot_sccs = "\ ${@bb.utils.contains('DISTRO_FEATURES', 'efi-secure-boot', \ 'cfg/efi-ext.scc', '', d)} \ " -KERNEL_FEATURES_append_x86 += "${efi_secure_boot_sccs}" -KERNEL_FEATURES_append_x86-64 += "${efi_secure_boot_sccs}" +KERNEL_FEATURES:append:x86 = " ${efi_secure_boot_sccs}" +KERNEL_FEATURES:append:x86-64 = " ${efi_secure_boot_sccs}" inherit user-key-store @@ -75,7 +75,7 @@ fakeroot python do_sign_bundled_kernel() { } addtask sign_bundled_kernel after do_bundle_initramfs before do_deploy -do_deploy_append() { +do_deploy:append() { install -d "${DEPLOYDIR}/efi-unsigned" for imageType in ${KERNEL_IMAGETYPES}; do @@ -102,9 +102,9 @@ do_deploy_append() { } # Ship *.p7b or *.sig files to related packages -python do_package_prepend() { +python do_package:prepend() { for type in d.expand('${KERNEL_IMAGETYPES}').split(): typelower = type.lower() - d.appendVar('FILES_kernel-image-' + typelower, ' /boot/' + type + d.expand('-${KERNEL_VERSION_NAME}${SB_FILE_EXT}')) - d.appendVar('FILES_kernel-image-' + typelower, ' /boot/' + type + d.expand('${SB_FILE_EXT}')) + d.appendVar('FILES:kernel-image-' + typelower, ' /boot/' + type + d.expand('-${KERNEL_VERSION_NAME}${SB_FILE_EXT}')) + d.appendVar('FILES:kernel-image-' + typelower, ' /boot/' + type + d.expand('${SB_FILE_EXT}')) } diff --git a/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-luks-initramfs.bb b/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-luks-initramfs.bb index 5a31477..bc6c90b 100644 --- a/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-luks-initramfs.bb +++ b/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-luks-initramfs.bb @@ -2,7 +2,7 @@ DESCRIPTION = "The packages used for luks in initramfs." require packagegroup-luks.inc -RDEPENDS_${PN} += "\ +RDEPENDS:${PN} += "\ cryptfs-tpm2-initramfs \ ${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', 'packagegroup-tpm2-initramfs', '', d)} \ " diff --git a/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-luks.bb b/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-luks.bb index fd0c162..4297b54 100644 --- a/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-luks.bb +++ b/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-luks.bb @@ -6,7 +6,7 @@ require packagegroup-luks.inc # The common packages shared between initramfs and rootfs # are listed in the .inc. -RDEPENDS_${PN} += "\ +RDEPENDS:${PN} += "\ util-linux-fdisk \ parted \ packagegroup-tpm2 \ diff --git a/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-luks.inc b/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-luks.inc index b6a520d..7d8a5eb 100644 --- a/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-luks.inc +++ b/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-luks.inc @@ -3,11 +3,11 @@ LIC_FILES_CHKSUM = "\ file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302 \ " -ALLOW_EMPTY_${PN} = "1" +ALLOW_EMPTY:${PN} = "1" S = "${WORKDIR}" -RDEPENDS_${PN} += "\ +RDEPENDS:${PN} += "\ cryptfs-tpm2 \ lvm2-udevrules \ " diff --git a/meta-encrypted-storage/recipes-core/systemd/systemd_%.bbappend b/meta-encrypted-storage/recipes-core/systemd/systemd_%.bbappend index 9bd4ee1..63b5076 100644 --- a/meta-encrypted-storage/recipes-core/systemd/systemd_%.bbappend +++ b/meta-encrypted-storage/recipes-core/systemd/systemd_%.bbappend @@ -1,4 +1,4 @@ -#PACKAGECONFIG_append += "\ +#PACKAGECONFIG:append = " \ # ${@bb.utils.contains('DISTRO_FEATURES', 'luks', \ # 'cryptsetup', '', d)} \ #" diff --git a/meta-encrypted-storage/recipes-kernel/linux/linux-yocto-luks.inc b/meta-encrypted-storage/recipes-kernel/linux/linux-yocto-luks.inc index 91dceb6..795ba48 100644 --- a/meta-encrypted-storage/recipes-kernel/linux/linux-yocto-luks.inc +++ b/meta-encrypted-storage/recipes-kernel/linux/linux-yocto-luks.inc @@ -1,4 +1,4 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/linux-yocto:" +FILESEXTRAPATHS:prepend := "${THISDIR}/linux-yocto:" SRC_URI += "\ ${@bb.utils.contains('DISTRO_FEATURES', 'luks', \ diff --git a/meta-encrypted-storage/recipes-support/cryptsetup/cryptsetup_%.bbappend b/meta-encrypted-storage/recipes-support/cryptsetup/cryptsetup_%.bbappend index 1798720..693a68b 100644 --- a/meta-encrypted-storage/recipes-support/cryptsetup/cryptsetup_%.bbappend +++ b/meta-encrypted-storage/recipes-support/cryptsetup/cryptsetup_%.bbappend @@ -1,2 +1,2 @@ -RDEPENDS_${PN} += "lvm2" -RRECOMMENDS_${PN}_append_class-target = " lvm2-udevrules" +RDEPENDS:${PN} += "lvm2" +RRECOMMENDS:${PN}:append:class-target = " lvm2-udevrules" diff --git a/meta-encrypted-storage/recipes-support/lvm2/lvm2_%.bbappend b/meta-encrypted-storage/recipes-support/lvm2/lvm2_%.bbappend index e2dd834..b7db196 100644 --- a/meta-encrypted-storage/recipes-support/lvm2/lvm2_%.bbappend +++ b/meta-encrypted-storage/recipes-support/lvm2/lvm2_%.bbappend @@ -2,6 +2,6 @@ # Copyright (C) 2019 Wind River Systems, Inc. # -FILESEXTRAPATHS_prepend := "${THISDIR}/lvm2:" +FILESEXTRAPATHS:prepend := "${THISDIR}/lvm2:" SRC_URI += "file://0001-10-dm.rules.in-Fix-dmcrypt-hanging-on-hand-over-from.patch" diff --git a/meta-encrypted-storage/recipes-tpm/cryptfs-tpm2/cryptfs-tpm2_git.bb b/meta-encrypted-storage/recipes-tpm/cryptfs-tpm2/cryptfs-tpm2_git.bb index 594e52f..d3b0869 100644 --- a/meta-encrypted-storage/recipes-tpm/cryptfs-tpm2/cryptfs-tpm2_git.bb +++ b/meta-encrypted-storage/recipes-tpm/cryptfs-tpm2/cryptfs-tpm2_git.bb @@ -44,7 +44,7 @@ EXTRA_OEMAKE = "\ EXTRA_CFLAGS="${CFLAGS}" \ EXTRA_LDFLAGS="${LDFLAGS}" \ " -SECURITY_LDFLAGS_remove_pn-${BPN} = "-fstack-protector-strong" +SECURITY_LDFLAGS:remove:pn-${BPN} = "-fstack-protector-strong" PARALLEL_MAKE = "" @@ -60,7 +60,7 @@ PACKAGES =+ "\ ${PN}-initramfs \ " -FILES_${PN}-initramfs = "\ +FILES:${PN}-initramfs = "\ /init.cryptfs \ " @@ -75,7 +75,7 @@ FILES_${PN}-initramfs = "\ # @cryptsetup: cryptsetup # @tpm2-tools: tpm2_* # @tpm2-abrmd: optional -RDEPENDS_${PN} += "\ +RDEPENDS:${PN} += "\ libtss2 \ libtss2-tcti-device \ libtss2-tcti-mssim \ @@ -98,7 +98,7 @@ RDEPENDS_${PN} += "\ # @cryptfs-tpm2: cryptfs-tpm2 # @net-tools: ifconfig # @util-linux: mount, umount, blkid -RDEPENDS_${PN}-initramfs += "\ +RDEPENDS:${PN}-initramfs += "\ bash \ coreutils \ grep \ @@ -113,7 +113,7 @@ RDEPENDS_${PN}-initramfs += "\ util-linux-blkid \ " -RRECOMMENDS_${PN}-initramfs += "\ +RRECOMMENDS:${PN}-initramfs += "\ kernel-module-tpm-crb \ kernel-module-tpm-tis \ " diff --git a/meta-ids/recipes-base/packagegroups/packagegroup-ids.bb b/meta-ids/recipes-base/packagegroups/packagegroup-ids.bb index 89623c3..04771a3 100644 --- a/meta-ids/recipes-base/packagegroups/packagegroup-ids.bb +++ b/meta-ids/recipes-base/packagegroups/packagegroup-ids.bb @@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "\ inherit packagegroup -RDEPENDS_${PN} += "\ +RDEPENDS:${PN} += "\ snort \ mtree \ " diff --git a/meta-integrity/classes/sign_rpm_ext.bbclass b/meta-integrity/classes/sign_rpm_ext.bbclass index 4da64bd..0adf172 100644 --- a/meta-integrity/classes/sign_rpm_ext.bbclass +++ b/meta-integrity/classes/sign_rpm_ext.bbclass @@ -21,11 +21,11 @@ check_rpm_public_key[prefuncs] += "check_deploy_keys" do_package_write_rpm[depends] += "${GPG_DEP}" do_rootfs[depends] += "${GPG_DEP}" -python do_package_write_rpm_prepend() { +python do_package_write_rpm:prepend() { bb.build.exec_func("check_rpm_public_key", d) } -python do_rootfs_prepend() { +python do_rootfs:prepend() { bb.build.exec_func("check_rpm_public_key", d) } diff --git a/meta-integrity/conf/layer.conf b/meta-integrity/conf/layer.conf index 9f68ce5..0b3c057 100644 --- a/meta-integrity/conf/layer.conf +++ b/meta-integrity/conf/layer.conf @@ -24,7 +24,7 @@ LAYERRECOMMENDS_integrity = "\ tpm \ " -BB_HASHBASE_WHITELIST_append += "\ +BB_HASHBASE_WHITELIST += "\ RPM_FSK_PATH \ " diff --git a/meta-integrity/recipes-base/packagegroups/packagegroup-ima-initramfs.bb b/meta-integrity/recipes-base/packagegroups/packagegroup-ima-initramfs.bb index ee80f3f..1c6a783 100644 --- a/meta-integrity/recipes-base/packagegroups/packagegroup-ima-initramfs.bb +++ b/meta-integrity/recipes-base/packagegroups/packagegroup-ima-initramfs.bb @@ -2,6 +2,6 @@ DESCRIPTION = "Linux Integrity Measurement Architecture (IMA) subsystem for init include packagegroup-ima.inc -RDEPENDS_${PN} += "\ +RDEPENDS:${PN} += "\ initrdscripts-ima \ " diff --git a/meta-integrity/recipes-base/packagegroups/packagegroup-ima.bb b/meta-integrity/recipes-base/packagegroups/packagegroup-ima.bb index 7755a87..8dcaaa8 100644 --- a/meta-integrity/recipes-base/packagegroups/packagegroup-ima.bb +++ b/meta-integrity/recipes-base/packagegroups/packagegroup-ima.bb @@ -7,14 +7,14 @@ DEPENDS += "\ attr-native \ " -RDEPENDS_${PN} += "\ +RDEPENDS:${PN} += "\ attr \ ima-inspect \ util-linux-switch-root.static \ " # Note any private key is not available if user key signing model used. -RRECOMMENDS_${PN} += "\ +RRECOMMENDS:${PN} += "\ key-store-ima-cert \ key-store-system-trusted-cert \ " diff --git a/meta-integrity/recipes-base/packagegroups/packagegroup-ima.inc b/meta-integrity/recipes-base/packagegroups/packagegroup-ima.inc index b84cf68..518419b 100644 --- a/meta-integrity/recipes-base/packagegroups/packagegroup-ima.inc +++ b/meta-integrity/recipes-base/packagegroups/packagegroup-ima.inc @@ -5,8 +5,8 @@ LIC_FILES_CHKSUM = "\ S = "${WORKDIR}" -ALLOW_EMPTY_${PN} = "1" +ALLOW_EMPTY:${PN} = "1" -RDEPENDS_${PN} = "\ +RDEPENDS:${PN} = "\ ima-evm-utils \ " diff --git a/meta-integrity/recipes-core/base-files/base-files-integrity.inc b/meta-integrity/recipes-core/base-files/base-files-integrity.inc index 7e9e210..cfa65a2 100644 --- a/meta-integrity/recipes-core/base-files/base-files-integrity.inc +++ b/meta-integrity/recipes-core/base-files/base-files-integrity.inc @@ -1,5 +1,5 @@ # Append iversion option for auto types -do_install_append() { +do_install:append() { sed -i 's/\s*auto\s*defaults/&,iversion/' "${D}${sysconfdir}/fstab" echo 'securityfs /sys/kernel/security securityfs defaults 0 0' >> "${D}${sysconfdir}/fstab" } diff --git a/meta-integrity/recipes-core/initrdscripts/initrdscripts-ima.bb b/meta-integrity/recipes-core/initrdscripts/initrdscripts-ima.bb index b261e9e..36d2770 100644 --- a/meta-integrity/recipes-core/initrdscripts/initrdscripts-ima.bb +++ b/meta-integrity/recipes-core/initrdscripts/initrdscripts-ima.bb @@ -10,13 +10,13 @@ SRC_URI = "\ S = "${WORKDIR}" -ALLOW_EMPTY_${PN} = "1" +ALLOW_EMPTY:${PN} = "1" do_install() { install -m 0500 "${WORKDIR}/init.ima" "${D}" } -FILES_${PN} += "\ +FILES:${PN} += "\ /init.ima \ " @@ -28,7 +28,7 @@ FILES_${PN} += "\ # @gawk: awk # @util-linux: mount, umount # @ima-evm-utils: evmctl -RDEPENDS_${PN} += "\ +RDEPENDS:${PN} += "\ coreutils \ grep \ gawk \ @@ -38,6 +38,6 @@ RDEPENDS_${PN} += "\ ima-policy \ " -RRECOMMENDS_${PN} += "\ +RRECOMMENDS:${PN} += "\ key-store-ima-cert \ " diff --git a/meta-integrity/recipes-core/systemd/systemd_%.bbappend b/meta-integrity/recipes-core/systemd/systemd_%.bbappend index ff3464a..259ac07 100644 --- a/meta-integrity/recipes-core/systemd/systemd_%.bbappend +++ b/meta-integrity/recipes-core/systemd/systemd_%.bbappend @@ -1,4 +1,4 @@ -PACKAGECONFIG_append += "\ +PACKAGECONFIG:append = " \ ${@bb.utils.contains('DISTRO_FEATURES', 'ima', \ 'ima', '', d)} \ " diff --git a/meta-integrity/recipes-core/util-linux/util-linux-integrity.inc b/meta-integrity/recipes-core/util-linux/util-linux-integrity.inc index d3d498e..59cca65 100644 --- a/meta-integrity/recipes-core/util-linux/util-linux-integrity.inc +++ b/meta-integrity/recipes-core/util-linux/util-linux-integrity.inc @@ -1,14 +1,14 @@ -CFLAGS_remove += "-pie -fpie" +CFLAGS:remove += "-pie -fpie" # We need -no-pie in case the default is to generate pie code. # -do_compile_append_class-target() { +do_compile:append:class-target() { ${CC} ${CFLAGS} ${LDFLAGS} -no-pie -static \ sys-utils/switch_root.o \ -o switch_root.static } -do_install_append_class-target() { +do_install:append:class-target() { install -d "${D}${sbindir}" install -m 0700 "${B}/switch_root.static" \ "${D}${sbindir}/switch_root.static" @@ -16,4 +16,4 @@ do_install_append_class-target() { PACKAGES =+ "${PN}-switch-root.static" -FILES_${PN}-switch-root.static = "${sbindir}/switch_root.static" +FILES:${PN}-switch-root.static = "${sbindir}/switch_root.static" diff --git a/meta-integrity/recipes-devtools/rpm/rpm-integrity.inc b/meta-integrity/recipes-devtools/rpm/rpm-integrity.inc index 8b9c378..b957bc6 100644 --- a/meta-integrity/recipes-devtools/rpm/rpm-integrity.inc +++ b/meta-integrity/recipes-devtools/rpm/rpm-integrity.inc @@ -1,20 +1,20 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/rpm:" +FILESEXTRAPATHS:prepend := "${THISDIR}/rpm:" -PACKAGECONFIG_append = " \ +PACKAGECONFIG:append = " \ ${@bb.utils.contains('DISTRO_FEATURES', 'ima', 'imaevm', '', d)} \ " # IMA signing support is provided by RPM plugin. -EXTRA_OECONF_remove += "\ +EXTRA_OECONF:remove += "\ --disable-plugins \ " -EXTRA_OECONF_append_class-native = " --disable-inhibit-plugin" +EXTRA_OECONF:append:class-native = " --disable-inhibit-plugin" -SRC_URI_append = " \ +SRC_URI:append = " \ file://macros.ima \ " -do_install_append () { +do_install:append () { install -d ${D}${sysconfdir}/rpm install -m 0644 ${WORKDIR}/macros.ima ${D}${sysconfdir}/rpm/ } diff --git a/meta-integrity/recipes-kernel/linux/linux-yocto-integrity.inc b/meta-integrity/recipes-kernel/linux/linux-yocto-integrity.inc index 295b97d..83a2b8b 100644 --- a/meta-integrity/recipes-kernel/linux/linux-yocto-integrity.inc +++ b/meta-integrity/recipes-kernel/linux/linux-yocto-integrity.inc @@ -1,4 +1,4 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/linux-yocto:" +FILESEXTRAPATHS:prepend := "${THISDIR}/linux-yocto:" IMA_ENABLED = "${@bb.utils.contains('DISTRO_FEATURES', 'ima', '1', '0', d)}" MODSIGN_ENABLED = "${@bb.utils.contains('DISTRO_FEATURES', 'modsign', '1', '0', d)}" @@ -19,7 +19,7 @@ INHIBIT_PACKAGE_STRIP = "${@'1' if d.getVar('MODSIGN_ENABLED', True) == '1' else inherit user-key-store -do_configure_prepend() { +do_configure:prepend() { sys_cert="${STAGING_DIR_TARGET}${sysconfdir}/keys/system_trusted_key.crt" if [ ${MODSIGN_ENABLED} = "1" ]; then modsign_key="${@uks_modsign_keys_dir(d)}/modsign_key.key" diff --git a/meta-integrity/recipes-support/ima-evm-utils/ima-evm-utils_git.bb b/meta-integrity/recipes-support/ima-evm-utils/ima-evm-utils_git.bb index 46722b8..852632f 100644 --- a/meta-integrity/recipes-support/ima-evm-utils/ima-evm-utils_git.bb +++ b/meta-integrity/recipes-support/ima-evm-utils/ima-evm-utils_git.bb @@ -21,8 +21,8 @@ inherit pkgconfig autotools # Specify any options you want to pass to the configure script using EXTRA_OECONF: EXTRA_OECONF = "" -FILES_${PN}-dev += "${includedir}" +FILES:${PN}-dev += "${includedir}" -RDEPENDS_${PN}_class-target += "libcrypto libattr keyutils" +RDEPENDS:${PN}:class-target += "libcrypto libattr keyutils" BBCLASSEXTEND = "native nativesdk" diff --git a/meta-integrity/recipes-support/ima-policy/ima-policy_0.1.bb b/meta-integrity/recipes-support/ima-policy/ima-policy_0.1.bb index cfab5be..2254ead 100644 --- a/meta-integrity/recipes-support/ima-policy/ima-policy_0.1.bb +++ b/meta-integrity/recipes-support/ima-policy/ima-policy_0.1.bb @@ -16,4 +16,4 @@ do_install() { "${D}${sysconfdir}/ima" } -FILES_${PN} = "${sysconfdir}" +FILES:${PN} = "${sysconfdir}" diff --git a/meta-intel-sgx/recipes-kernel/intel-sgx-driver/intel-sgx-driver_2.1.bb b/meta-intel-sgx/recipes-kernel/intel-sgx-driver/intel-sgx-driver_2.1.bb index b1abcd5..a95ba8e 100644 --- a/meta-intel-sgx/recipes-kernel/intel-sgx-driver/intel-sgx-driver_2.1.bb +++ b/meta-intel-sgx/recipes-kernel/intel-sgx-driver/intel-sgx-driver_2.1.bb @@ -31,4 +31,4 @@ do_install () { install -m 0644 "${MODULE_NAME}.ko" "$dir" } -RPROVIDES_${PN} += "kernel-module-${MODULE_NAME}" +RPROVIDES:${PN} += "kernel-module-${MODULE_NAME}" diff --git a/meta-signing-key/classes/user-key-store.bbclass b/meta-signing-key/classes/user-key-store.bbclass index f89a810..5180427 100644 --- a/meta-signing-key/classes/user-key-store.bbclass +++ b/meta-signing-key/classes/user-key-store.bbclass @@ -1,4 +1,4 @@ -DEPENDS_append_class-target += "\ +DEPENDS:append:class-target = " \ ${@bb.utils.contains("DISTRO_FEATURES", "efi-secure-boot", "sbsigntool-native", "", d)} \ ${@bb.utils.contains("DISTRO_FEATURES", "efi-secure-boot", "libsign-native", "", d)} \ openssl-native \ diff --git a/meta-signing-key/conf/layer.conf b/meta-signing-key/conf/layer.conf index 9176709..89e8b58 100644 --- a/meta-signing-key/conf/layer.conf +++ b/meta-signing-key/conf/layer.conf @@ -64,7 +64,7 @@ RPM_GPG_PASSPHRASE ??= "SecureCore" BOOT_GPG_NAME ??= "SecureBootCore" BOOT_GPG_PASSPHRASE ??= "SecureCore" -BB_HASHBASE_WHITELIST_append += "\ +BB_HASHBASE_WHITELIST += "\ SYSTEM_TRUSTED_KEYS_DIR \ SECONDARY_TRUSTED_KEYS_DIR \ MODSIGN_KEYS_DIR \ diff --git a/meta-signing-key/recipes-devtools/libsign/libsign_git.bb b/meta-signing-key/recipes-devtools/libsign/libsign_git.bb index 7964e03..79eb347 100644 --- a/meta-signing-key/recipes-devtools/libsign/libsign_git.bb +++ b/meta-signing-key/recipes-devtools/libsign/libsign_git.bb @@ -39,17 +39,17 @@ EXTRA_OEMAKE = "\ BINDIR="${bindir}" \ LIBDIR="${libdir}" \ " -SECURITY_LDFLAGS_remove_pn-${BPN} = "-fstack-protector-strong" +SECURITY_LDFLAGS:remove:pn-${BPN} = "-fstack-protector-strong" do_install() { oe_runmake install DESTDIR="${D}" } -FILES_${PN} += "\ +FILES:${PN} += "\ ${libdir}/signaturelet \ " -RDEPENDS_${PN}_class-target += "libcrypto" -RDEPENDS_${PN}_class-native += "openssl-native" +RDEPENDS:${PN}:class-target += "libcrypto" +RDEPENDS:${PN}:class-native += "openssl-native" BBCLASSEXTEND = "native nativesdk" diff --git a/meta-signing-key/recipes-devtools/sbsigntool/sbsigntool_git.bb b/meta-signing-key/recipes-devtools/sbsigntool/sbsigntool_git.bb index 408eb8a..f84108e 100644 --- a/meta-signing-key/recipes-devtools/sbsigntool/sbsigntool_git.bb +++ b/meta-signing-key/recipes-devtools/sbsigntool/sbsigntool_git.bb @@ -55,7 +55,7 @@ EXTRA_OEMAKE += "\ -I${STAGING_INCDIR}/efi/${@efi_arch(d)}' \ " -do_configure_prepend() { +do_configure:prepend() { cd ${S} if [ ! -e lib/ccan ]; then diff --git a/meta-signing-key/recipes-support/key-store/key-store_0.1.bb b/meta-signing-key/recipes-support/key-store/key-store_0.1.bb index 4f117d4..2ecd415 100644 --- a/meta-signing-key/recipes-support/key-store/key-store_0.1.bb +++ b/meta-signing-key/recipes-support/key-store/key-store_0.1.bb @@ -8,7 +8,7 @@ S = "${WORKDIR}" inherit user-key-store -ALLOW_EMPTY_${PN} = "1" +ALLOW_EMPTY:${PN} = "1" KEY_DIR = "${sysconfdir}/keys" # For RPM verification @@ -32,11 +32,11 @@ python () { return pn = d.getVar('PN', True) + '-rpm-pubkey' - d.setVar('PACKAGES_prepend', pn + ' ') - d.setVar('FILES_' + pn, d.getVar('RPM_KEY_DIR', True) + '/RPM-GPG-KEY-' + d.getVar('RPM_GPG_NAME', True)) - d.setVar('CONFFILES_' + pn, d.getVar('RPM_KEY_DIR', True) + '/RPM-GPG-KEY-' + d.getVar('RPM_GPG_NAME', True)) + d.setVar('PACKAGES:prepend', pn + ' ') + d.setVar('FILES:' + pn, d.getVar('RPM_KEY_DIR', True) + '/RPM-GPG-KEY-' + d.getVar('RPM_GPG_NAME', True)) + d.setVar('CONFFILES:' + pn, d.getVar('RPM_KEY_DIR', True) + '/RPM-GPG-KEY-' + d.getVar('RPM_GPG_NAME', True)) mlprefix = d.getVar('MLPREFIX') - d.appendVar('RDEPENDS_' + pn, ' %srpm' % mlprefix) + d.appendVar('RDEPENDS:' + pn, ' %srpm' % mlprefix) } do_install() { @@ -84,7 +84,7 @@ key_store_sysroot_preprocess() { sysroot_stage_dir "${D}${sysconfdir}" "${SYSROOT_DESTDIR}${sysconfdir}" } -pkg_postinst_ontarget_${PN}-rpm-pubkey() { +pkg_postinst_ontarget:${PN}-rpm-pubkey() { keydir="${RPM_KEY_DIR}" [ ! -d "$keydir" ] && mkdir -p "$keydir" @@ -112,20 +112,20 @@ PACKAGES_DYNAMIC = "\ ${PN}-rpm-pubkey \ " -FILES_${PN}-system-trusted-cert = "${SYSTEM_CERT}" -CONFFILES_${PN}-system-trusted-cert = "${SYSTEM_CERT}" +FILES:${PN}-system-trusted-cert = "${SYSTEM_CERT}" +CONFFILES:${PN}-system-trusted-cert = "${SYSTEM_CERT}" -FILES_${PN}-secondary-trusted-cert = "\ +FILES:${PN}-secondary-trusted-cert = "\ ${SECONDARY_TRUSTED_CERT} \ ${SECONDARY_TRUSTED_DER_ENC_CERT} \ " -CONFFILES_${PN}-secondary-trusted-cert = "\ +CONFFILES:${PN}-secondary-trusted-cert = "\ ${SECONDARY_TRUSTED_CERT} \ ${SECONDARY_TRUSTED_DER_ENC_CERT} \ " -FILES_${PN}-modsign-cert = "${MODSIGN_CERT}" -CONFFILES_${PN}-modsign-cert = "${MODSIGN_CERT}" +FILES:${PN}-modsign-cert = "${MODSIGN_CERT}" +CONFFILES:${PN}-modsign-cert = "${MODSIGN_CERT}" -FILES_${PN}-ima-cert = "${IMA_CERT}" -CONFFILES_${PN}-ima-cert = "${IMA_CERT}" +FILES:${PN}-ima-cert = "${IMA_CERT}" +CONFFILES:${PN}-ima-cert = "${IMA_CERT}" diff --git a/meta-tpm/recipes-base/packagegroups/packagegroup-tpm.bb b/meta-tpm/recipes-base/packagegroups/packagegroup-tpm.bb index 8a501a5..ee70eaa 100644 --- a/meta-tpm/recipes-base/packagegroups/packagegroup-tpm.bb +++ b/meta-tpm/recipes-base/packagegroups/packagegroup-tpm.bb @@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "\ inherit packagegroup -RDEPENDS_${PN} = "\ +RDEPENDS:${PN} = "\ trousers \ tpm-tools \ tpm-quote-tools \ @@ -14,7 +14,7 @@ RDEPENDS_${PN} = "\ rng-tools \ " -RRECOMMENDS_${PN} = "\ +RRECOMMENDS:${PN} = "\ kernel-module-tpm-rng \ kernel-module-tpm-tis \ kernel-module-tpm-atmel \ diff --git a/meta-tpm/recipes-kernel/linux/linux-yocto-tpm.inc b/meta-tpm/recipes-kernel/linux/linux-yocto-tpm.inc index 4285531..0fa0338 100644 --- a/meta-tpm/recipes-kernel/linux/linux-yocto-tpm.inc +++ b/meta-tpm/recipes-kernel/linux/linux-yocto-tpm.inc @@ -1,4 +1,4 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/linux-yocto:" +FILESEXTRAPATHS:prepend := "${THISDIR}/linux-yocto:" SRC_URI += "\ ${@bb.utils.contains('DISTRO_FEATURES', 'tpm', \ diff --git a/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb b/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb index 3d7bd05..b652b4c 100644 --- a/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb +++ b/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb @@ -32,7 +32,7 @@ inherit autotools-brokensep pkgconfig # The definitions below are used to decrypt the passwords of both srk and loaded key. dec_pw ?= "\\"\\\x1\\"\\"nc\\"\\"\\\x3\\"\\"nd\\"\\"\\\x1\\"\\"a\\"" dec_salt ?= "\\"r\\"\\"\\\x00\\\x00\\"\\"t\\"" -CFLAGS_append += "-DDEC_PW=${dec_pw} -DDEC_SALT=${dec_salt}" +CFLAGS:append = " -DDEC_PW=${dec_pw} -DDEC_SALT=${dec_salt}" # Due to the limit of escape character, the hybrid must be written in # above style. The actual values defined below in C code style are: @@ -40,31 +40,31 @@ CFLAGS_append += "-DDEC_PW=${dec_pw} -DDEC_SALT=${dec_salt}" # dec_salt[] = {'r', 0x00, 0x00, 't'}; # Uncomment below line if using the plain srk password for development -#CFLAGS_append += "-DTPM_SRK_PLAIN_PW" +#CFLAGS:append = " -DTPM_SRK_PLAIN_PW" # Uncomment below line if using the plain tpm key password for development -#CFLAGS_append += "-DTPM_KEY_PLAIN_PW" +#CFLAGS:append = " -DTPM_KEY_PLAIN_PW" -do_configure_prepend() { +do_configure:prepend() { cd ${B} cp LICENSE COPYING touch NEWS AUTHORS ChangeLog README } -FILES_${PN}-staticdev += "${libdir}/ssl/engines-1.1/tpm.la" -FILES_${PN}-dbg += "\ +FILES:${PN}-staticdev += "${libdir}/ssl/engines-1.1/tpm.la" +FILES:${PN}-dbg += "\ ${libdir}/ssl/engines-1.1/.debug \ ${libdir}/engines-1.1/.debug \ ${prefix}/local/ssl/lib/engines-1.1/.debug \ " -FILES_${PN} += "\ +FILES:${PN} += "\ ${libdir}/ssl/engines-1.1/tpm.so* \ ${libdir}/engines-1.1/tpm.so* \ ${libdir}/libtpm.so* \ ${prefix}/local/ssl/lib/engines-1.1/tpm.so* \ " -RDEPENDS_${PN} += "libcrypto libtspi" +RDEPENDS:${PN} += "libcrypto libtspi" -INSANE_SKIP_${PN} = "libdir" -INSANE_SKIP_${PN}-dbg = "libdir" +INSANE_SKIP:${PN} = "libdir" +INSANE_SKIP:${PN}-dbg = "libdir" diff --git a/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_git.bb b/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_git.bb index 04e4880..40fc14a 100644 --- a/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_git.bb +++ b/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_git.bb @@ -11,7 +11,7 @@ LICENSE = "CPL-1.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=059e8cd6165cb4c31e351f2b69388fd9" DEPENDS = "libtspi openssl" -DEPENDS_class-native = "trousers-native" +DEPENDS:class-native = "trousers-native" PV = "1.3.9.1+git${SRCPV}" @@ -26,7 +26,7 @@ S = "${WORKDIR}/git" inherit autotools-brokensep gettext perlnative -do_configure_prepend() { +do_configure:prepend() { mkdir -p po mkdir -p m4 cp -R po_/* po/ @@ -34,7 +34,7 @@ do_configure_prepend() { touch m4/Makefile.am } -do_install_append() { +do_install:append() { #install -m 0755 "src/tpm_mgmt/tpm_startup" "${D}${sbindir}/tpm_startup" #install -m 0744 "src/tpm_mgmt/tpm_reset" "${D}${sbindir}/tpm_reset" #install -m 0744 "../tpm_integrationtest" "${D}${bindir}/tpm_integrationtest" diff --git a/meta-tpm/recipes-tpm/trousers/trousers_git.bb b/meta-tpm/recipes-tpm/trousers/trousers_git.bb index 601d35d..545c2a7 100644 --- a/meta-tpm/recipes-tpm/trousers/trousers_git.bb +++ b/meta-tpm/recipes-tpm/trousers/trousers_git.bb @@ -39,7 +39,7 @@ inherit autotools pkgconfig useradd update-rc.d \ EXTRA_OECONF="--with-gui=none" # Fix build failure for gcc-10 -CFLAGS_append = " -fcommon" +CFLAGS:append = " -fcommon" PACKAGECONFIG ?= "gmp " PACKAGECONFIG[gmp] = "--with-gmp, --with-gmp=no, gmp" @@ -49,14 +49,14 @@ INITSCRIPT_NAME = "trousers" INITSCRIPT_PARAMS = "start 99 2 3 4 5 . stop 19 0 1 6 ." USERADD_PACKAGES = "${PN}" -GROUPADD_PARAM_${PN} = "--system tss" -USERADD_PARAM_${PN} = "--system -M -d /var/lib/tpm -s /bin/false -g tss tss" +GROUPADD_PARAM:${PN} = "--system tss" +USERADD_PARAM:${PN} = "--system -M -d /var/lib/tpm -s /bin/false -g tss tss" SYSTEMD_PACKAGES = "${PN}" -SYSTEMD_SERVICE_${PN} = "tcsd.service" +SYSTEMD_SERVICE:${PN} = "tcsd.service" SYSTEMD_AUTO_ENABLE = "enable" -do_install_append() { +do_install:append() { install -d "${D}${sysconfdir}/init.d" install -m 0755 "${WORKDIR}/trousers.init.sh" "${D}${sysconfdir}/init.d/trousers" @@ -82,28 +82,28 @@ PACKAGES =+ "\ libtspi-staticdev \ " -FILES_libtspi = "\ +FILES:libtspi = "\ ${libdir}/libtspi.so.* \ " -FILES_libtspi-dbg = "\ +FILES:libtspi-dbg = "\ ${libdir}/.debug \ ${prefix}/src/debug/${PN}/${PV}-${PR}/${PN}-${PV}/src/tspi \ ${prefix}/src/debug/${PN}/${PV}-${PR}/${PN}-${PV}/src/trspi \ ${prefix}/src/debug/${PN}/${PV}-${PR}/${PN}-${PV}/src/include/*.h \ ${prefix}/src/debug/${PN}/${PV}-${PR}/${PN}-${PV}/src/include/tss \ " -FILES_libtspi-dev = "\ +FILES:libtspi-dev = "\ ${includedir} \ ${libdir}/*.so \ " -FILES_libtspi-doc = "\ +FILES:libtspi-doc = "\ ${mandir}/man3 \ " -FILES_libtspi-staticdev = "\ +FILES:libtspi-staticdev = "\ ${libdir}/*.la \ ${libdir}/*.a \ " -FILES_${PN}-dbg += "\ +FILES:${PN}-dbg += "\ ${sbindir}/.debug \ ${prefix}/src/debug/${PN}/${PV}-${PR}/${PN}-${PV}/src/tcs \ ${prefix}/src/debug/${PN}/${PV}-${PR}/${PN}-${PV}/src/tcsd \ @@ -111,9 +111,9 @@ FILES_${PN}-dbg += "\ ${prefix}/src/debug/${PN}/${PV}-${PR}/${PN}-${PV}/src/trousers \ ${prefix}/src/debug/${PN}/${PV}-${PR}/${PN}-${PV}/src/include/trousers \ " -FILES_${PN}-dev += "${libdir}/trousers" -FILES_${PN} += "${systemd_unitdir}/system/tcsd.service" +FILES:${PN}-dev += "${libdir}/trousers" +FILES:${PN} += "${systemd_unitdir}/system/tcsd.service" -CONFFILES_${PN} += "${sysconfig}/tcsd.conf" +CONFFILES:${PN} += "${sysconfig}/tcsd.conf" BBCLASSEXTEND = "native" diff --git a/meta-tpm/recipes-tpm/tss-testsuite/tss-testsuite_git.bb b/meta-tpm/recipes-tpm/tss-testsuite/tss-testsuite_git.bb index 2034370..ae68f4f 100644 --- a/meta-tpm/recipes-tpm/tss-testsuite/tss-testsuite_git.bb +++ b/meta-tpm/recipes-tpm/tss-testsuite/tss-testsuite_git.bb @@ -41,7 +41,7 @@ testsuite_SUBDIRS = "\ CFLAGS += "-DOPENSSL_NO_DES" LDFLAGS += "-L${STAGING_LIBDIR} -lcrypto -lpthread" -do_configure_prepend() { +do_configure:prepend() { cp -f "${S}/tcg/Makefile" "${S}" cp -f "${S}/tcg/init/makefile" "${S}/tcg/init/Makefile" # remove test case about DES @@ -57,10 +57,10 @@ do_install() { install -m 0755 tsstests.sh "${D}/opt/tss-testsuite" } -FILES_${PN} += "/opt/*" -FILES_${PN}-dbg += "\ +FILES:${PN} += "/opt/*" +FILES:${PN}-dbg += "\ /opt/tss-testsuite/tcg/*/.debug \ /opt/tss-testsuite/tcg/*/*/.debug \ " -RDEPENDS_${PN} += "tpm-tools openssl bash" +RDEPENDS:${PN} += "tpm-tools openssl bash" diff --git a/meta-tpm2/recipes-base/packagegroups/packagegroup-tpm2.bb b/meta-tpm2/recipes-base/packagegroups/packagegroup-tpm2.bb index eb096e0..8e5223e 100644 --- a/meta-tpm2/recipes-base/packagegroups/packagegroup-tpm2.bb +++ b/meta-tpm2/recipes-base/packagegroups/packagegroup-tpm2.bb @@ -1,11 +1,11 @@ require packagegroup-tpm2.inc -RDEPENDS_${PN} += "\ +RDEPENDS:${PN} += "\ tpm2-abrmd \ tpm2-tools \ rng-tools \ " -RRECOMMENDS_${PN} += "\ +RRECOMMENDS:${PN} += "\ kernel-module-tpm-rng \ " diff --git a/meta-tpm2/recipes-kernel/linux/linux-yocto-tpm2.inc b/meta-tpm2/recipes-kernel/linux/linux-yocto-tpm2.inc index 51ab57e..a0cdf49 100644 --- a/meta-tpm2/recipes-kernel/linux/linux-yocto-tpm2.inc +++ b/meta-tpm2/recipes-kernel/linux/linux-yocto-tpm2.inc @@ -1,4 +1,4 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/linux-yocto:" +FILESEXTRAPATHS:prepend := "${THISDIR}/linux-yocto:" SRC_URI += "\ ${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', \ diff --git a/meta-tpm2/recipes-tpm/tpm2-abrmd/tpm2-abrmd_2.3.2.bb b/meta-tpm2/recipes-tpm/tpm2-abrmd/tpm2-abrmd_2.3.2.bb index b092549..51bcaf0 100644 --- a/meta-tpm2/recipes-tpm/tpm2-abrmd/tpm2-abrmd_2.3.2.bb +++ b/meta-tpm2/recipes-tpm/tpm2-abrmd/tpm2-abrmd_2.3.2.bb @@ -26,20 +26,20 @@ S = "${WORKDIR}/git" inherit autotools pkgconfig systemd update-rc.d useradd SYSTEMD_PACKAGES += "${PN}" -SYSTEMD_SERVICE_${PN} = "tpm2-abrmd.service" -SYSTEMD_AUTO_ENABLE_${PN} = "disable" +SYSTEMD_SERVICE:${PN} = "tpm2-abrmd.service" +SYSTEMD_AUTO_ENABLE:${PN} = "disable" INITSCRIPT_NAME = "${PN}" INITSCRIPT_PARAMS = "start 99 2 3 4 5 . stop 19 0 1 6 ." USERADD_PACKAGES = "${PN}" -GROUPADD_PARAM_${PN} = "tss" -USERADD_PARAM_${PN} = "--system -M -d /var/lib/tpm -s /bin/false -g tss tss" +GROUPADD_PARAM:${PN} = "tss" +USERADD_PARAM:${PN} = "--system -M -d /var/lib/tpm -s /bin/false -g tss tss" PACKAGECONFIG ?="${@bb.utils.contains('DISTRO_FEATURES','systemd','systemd', '', d)}" PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir}, --with-systemdsystemunitdir=no" -do_install_append() { +do_install:append() { install -d "${D}${sysconfdir}/init.d" install -m 0755 "${WORKDIR}/tpm2-abrmd-init.sh" "${D}${sysconfdir}/init.d/tpm2-abrmd" @@ -47,9 +47,9 @@ do_install_append() { install -m 0644 "${WORKDIR}/tpm2-abrmd.default" "${D}${sysconfdir}/default/tpm2-abrmd" } -FILES_${PN} += "${libdir}/systemd/system-preset \ +FILES:${PN} += "${libdir}/systemd/system-preset \ ${datadir}/dbus-1" -RDEPENDS_${PN} += "tpm2-tss libtss2-tcti-device libtss2-tcti-mssim" +RDEPENDS:${PN} += "tpm2-tss libtss2-tcti-device libtss2-tcti-mssim" BBCLASSEXTEND = "native" diff --git a/meta-tpm2/recipes-tpm/tpm2-tss/tpm2-tss_2.3.3.bb b/meta-tpm2/recipes-tpm/tpm2-tss/tpm2-tss_2.3.3.bb index 89b7452..099c788 100644 --- a/meta-tpm2/recipes-tpm/tpm2-tss/tpm2-tss_2.3.3.bb +++ b/meta-tpm2/recipes-tpm/tpm2-tss/tpm2-tss_2.3.3.bb @@ -16,7 +16,7 @@ PACKAGECONFIG ??= "" PACKAGECONFIG[oxygen] = ",--disable-doxygen-doc, " EXTRA_OECONF += "--enable-static --with-udevrulesdir=${nonarch_base_libdir}/udev/rules.d/" -EXTRA_OECONF_remove = " --disable-static" +EXTRA_OECONF:remove = " --disable-static" EXTRA_USERS_PARAMS = "\ @@ -43,34 +43,34 @@ PACKAGES = " \ libtss2-staticdev \ " -FILES_libtss2-tcti-device = "${libdir}/libtss2-tcti-device.so.*" -FILES_libtss2-tcti-device-dev = " \ +FILES:libtss2-tcti-device = "${libdir}/libtss2-tcti-device.so.*" +FILES:libtss2-tcti-device-dev = " \ ${includedir}/tss2/tss2_tcti_device.h \ ${libdir}/pkgconfig/tss2-tcti-device.pc \ ${libdir}/libtss2-tcti-device.so" -FILES_libtss2-tcti-device-staticdev = "${libdir}/libtss2-tcti-device.*a" +FILES:libtss2-tcti-device-staticdev = "${libdir}/libtss2-tcti-device.*a" -FILES_libtss2-tcti-mssim = "${libdir}/libtss2-tcti-mssim.so.*" -FILES_libtss2-tcti-mssim-dev = " \ +FILES:libtss2-tcti-mssim = "${libdir}/libtss2-tcti-mssim.so.*" +FILES:libtss2-tcti-mssim-dev = " \ ${includedir}/tss2/tss2_tcti_mssim.h \ ${libdir}/pkgconfig/tss2-tcti-mssim.pc \ ${libdir}/libtss2-tcti-mssim.so" -FILES_libtss2-tcti-mssim-staticdev = "${libdir}/libtss2-tcti-mssim.*a" +FILES:libtss2-tcti-mssim-staticdev = "${libdir}/libtss2-tcti-mssim.*a" -FILES_libtss2-mu = "${libdir}/libtss2-mu.so.*" -FILES_libtss2-mu-dev = " \ +FILES:libtss2-mu = "${libdir}/libtss2-mu.so.*" +FILES:libtss2-mu-dev = " \ ${includedir}/tss2/tss2_mu.h \ ${libdir}/pkgconfig/tss2-mu.pc \ ${libdir}/libtss2-mu.so" -FILES_libtss2-mu-staticdev = "${libdir}/libtss2-mu.*a" +FILES:libtss2-mu-staticdev = "${libdir}/libtss2-mu.*a" -FILES_libtss2 = "${libdir}/libtss2*so.*" -FILES_libtss2-dev = " \ +FILES:libtss2 = "${libdir}/libtss2*so.*" +FILES:libtss2-dev = " \ ${includedir} \ ${libdir}/pkgconfig \ ${libdir}/libtss2*so" -FILES_libtss2-staticdev = "${libdir}/libtss*a" +FILES:libtss2-staticdev = "${libdir}/libtss*a" -FILES_${PN} = "${libdir}/udev ${nonarch_base_libdir}/udev" +FILES:${PN} = "${libdir}/udev ${nonarch_base_libdir}/udev" -RDEPENDS_libtss2 = "libgcrypt" +RDEPENDS:libtss2 = "libgcrypt" diff --git a/meta/recipes-core/images/kernel-initramfs.bb b/meta/recipes-core/images/kernel-initramfs.bb index 2a3a1cd..9dad7b2 100644 --- a/meta/recipes-core/images/kernel-initramfs.bb +++ b/meta/recipes-core/images/kernel-initramfs.bb @@ -9,7 +9,7 @@ DEPENDS = "virtual/kernel" PROVIDES = "virtual/kernel-initramfs" -ALLOW_EMPTY_${PN} = "1" +ALLOW_EMPTY:${PN} = "1" B = "${WORKDIR}/${BPN}-${PV}" @@ -55,15 +55,15 @@ inherit update-alternatives ALTERNATIVES_${PN} = "" -python do_package_prepend () { +python do_package:prepend () { if d.getVar('BUNDLE') == '1': - d.appendVar(d.expand('ALTERNATIVE_${PN}'), ' ' + d.expand('${KERNEL_IMAGETYPE}' + '-initramfs')) + d.appendVar(d.expand('ALTERNATIVE:${PN}'), ' ' + d.expand('${KERNEL_IMAGETYPE}' + '-initramfs')) d.setVarFlag('ALTERNATIVE_LINK_NAME', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs', d.expand('/boot/${KERNEL_IMAGETYPE}-initramfs')) d.setVarFlag('ALTERNATIVE_TARGET', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs', d.expand('/boot/${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}')) d.setVarFlag('ALTERNATIVE_PRIORITY', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs', '50101') else: for compr in d.getVar('INITRAMFS_FSTYPES').split(): - d.appendVar(d.expand('ALTERNATIVE_${PN}'), ' ' + d.expand('${INITRAMFS_IMAGE}')) + d.appendVar(d.expand('ALTERNATIVE:${PN}'), ' ' + d.expand('${INITRAMFS_IMAGE}')) d.setVarFlag('ALTERNATIVE_LINK_NAME', d.expand('${INITRAMFS_IMAGE}'), d.expand('/boot/${INITRAMFS_IMAGE}')) d.setVarFlag('ALTERNATIVE_TARGET', d.expand('${INITRAMFS_IMAGE}'), d.expand('/boot/${INITRAMFS_IMAGE}${INITRAMFS_EXT_NAME}.' + compr)) d.setVarFlag('ALTERNATIVE_PRIORITY', d.expand('${INITRAMFS_IMAGE}'), '50101') @@ -71,4 +71,4 @@ python do_package_prepend () { PACKAGE_ARCH = "${MACHINE_ARCH}" -FILES_${PN} = "/boot/*" +FILES:${PN} = "/boot/*" diff --git a/meta/recipes-core/images/secure-core-image-initramfs.bb b/meta/recipes-core/images/secure-core-image-initramfs.bb index 1a50036..d868600 100644 --- a/meta/recipes-core/images/secure-core-image-initramfs.bb +++ b/meta/recipes-core/images/secure-core-image-initramfs.bb @@ -3,7 +3,7 @@ the Minimal RAM-based Initial Root Filesystem (initramfs), which finds the \ first 'init' program more efficiently." LICENSE = "MIT" -ROOTFS_BOOTSTRAP_INSTALL_append += "\ +ROOTFS_BOOTSTRAP_INSTALL:append = " \ ${@bb.utils.contains("DISTRO_FEATURES", "tpm2", \ "packagegroup-tpm2-initramfs", "", d)} \ ${@bb.utils.contains("DISTRO_FEATURES", "ima", \ diff --git a/meta/recipes-core/images/secure-core-image.bb b/meta/recipes-core/images/secure-core-image.bb index 05db5f4..3621b2d 100644 --- a/meta/recipes-core/images/secure-core-image.bb +++ b/meta/recipes-core/images/secure-core-image.bb @@ -5,4 +5,4 @@ IMAGE_INSTALL += "\ " inherit extrausers -EXTRA_USERS_PARAMS_prepend += " usermod -P toor root;" +EXTRA_USERS_PARAMS += "usermod -P toor root;" diff --git a/meta/recipes-core/images/secure-core-image.inc b/meta/recipes-core/images/secure-core-image.inc index 52cf672..5ed3eda 100644 --- a/meta/recipes-core/images/secure-core-image.inc +++ b/meta/recipes-core/images/secure-core-image.inc @@ -1,7 +1,7 @@ SUMMARY = "The root image of SecureCore." LICENSE = "MIT" -SECURE_CORE_IMAGE_EXTRA_INSTALL_append += "\ +SECURE_CORE_IMAGE_EXTRA_INSTALL:append = " \ ${@bb.utils.contains("DISTRO_FEATURES", "efi-secure-boot", \ "packagegroup-efi-secure-boot", "", d)} \ ${@bb.utils.contains("DISTRO_FEATURES", "tpm", \ @@ -30,6 +30,6 @@ INITRAMFS_IMAGE ?= "secure-core-image-initramfs" inherit core-image IMAGE_ROOTFS_SIZE ?= "8192" -IMAGE_ROOTFS_EXTRA_SPACE_append = "\ +IMAGE_ROOTFS_EXTRA_SPACE:append = " \ ${@bb.utils.contains("DISTRO_FEATURES", "systemd", " + 4096", "" ,d)} \ " diff --git a/meta/recipes-core/initrdscripts/initrdscripts-secure-core.bb b/meta/recipes-core/initrdscripts/initrdscripts-secure-core.bb index a2e994d..188681b 100644 --- a/meta/recipes-core/initrdscripts/initrdscripts-secure-core.bb +++ b/meta/recipes-core/initrdscripts/initrdscripts-secure-core.bb @@ -18,7 +18,7 @@ do_install() { mknod -m 0600 "${D}/dev/console" c 5 1 } -FILES_${PN} = "\ +FILES:${PN} = "\ /init \ /dev \ /run \ @@ -32,7 +32,7 @@ FILES_${PN} = "\ # @grep: grep # @gawk: awk # @eudev or udev: udevd, udevadm -RDEPENDS_${PN} += "\ +RDEPENDS:${PN} += "\ coreutils \ util-linux-mount \ grep \ @@ -42,7 +42,7 @@ RDEPENDS_${PN} += "\ # @initrdscripts-ima: init.ima # @cryptfs-tpm2-initramfs: init.cryptfs -RRECOMMENDS_${PN} += "\ +RRECOMMENDS:${PN} += "\ ${@bb.utils.contains('DISTRO_FEATURES', 'ima', 'initrdscripts-ima', '', d)} \ ${@bb.utils.contains('DISTRO_FEATURES', 'luks', 'cryptfs-tpm2-initramfs', '', d)} \ "