meta-secure-core: Convert to new override syntax

Converting the metadata to use ":" as the override character instead of "_". Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
2026-05-06 09:48:40 +00:00 · 2021-08-04 10:52:40 +08:00
parent 6768abc7d4
commit 4042043742
56 changed files with 202 additions and 202 deletions
--- a/meta-efi-secure-boot/recipes-base/packagegroups/packagegroup-efi-secure-boot.bb
+++ b/meta-efi-secure-boot/recipes-base/packagegroups/packagegroup-efi-secure-boot.bb
@@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "\
 S = "${WORKDIR}"

 SELOADER_PKG = "${@'seloader' if d.getVar('UEFI_SELOADER', True) == '1' else ''}"
-ALLOW_EMPTY_${PN} = "1"
+ALLOW_EMPTY:${PN} = "1"

 pkgs = "\
    grub-efi \
@@ -18,15 +18,15 @@ pkgs = "\
    shim \
 "

-RDEPENDS_${PN}_x86 = "${pkgs}"
-RDEPENDS_${PN}_x86-64 = "${pkgs}"
+RDEPENDS:${PN}:x86 = "${pkgs}"
+RDEPENDS:${PN}:x86-64 = "${pkgs}"

 kmods = "\
    kernel-module-efivarfs \
    kernel-module-efivars \
 "

-RRECOMMENDS_${PN}_x86 += "${kmods}"
-RRECOMMENDS_${PN}_x86-64 += "${kmods}"
+RRECOMMENDS:${PN}:x86 += "${kmods}"
+RRECOMMENDS:${PN}:x86-64 += "${kmods}"

-IMAGE_INSTALL_remove += "grub"
+IMAGE_INSTALL:remove += "grub"
--- a/meta-efi-secure-boot/recipes-bsp/efitools/efitools-native_git.bb
+++ b/meta-efi-secure-boot/recipes-bsp/efitools/efitools-native_git.bb
@@ -1,10 +1,10 @@
 require efitools.inc

-DEPENDS_append = " gnu-efi-native"
+DEPENDS:append = " gnu-efi-native"

 inherit native

-EXTRA_OEMAKE_append = "\
+EXTRA_OEMAKE:append = " \
    INCDIR_PREFIX='${STAGING_DIR_NATIVE}' \
    CRTPATH_PREFIX='${STAGING_DIR_NATIVE}' \
 "
--- a/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc
+++ b/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc
@@ -10,7 +10,7 @@ in the Linux 3.8 kernel. \
 LICENSE = "GPLv2"
 LIC_FILES_CHKSUM = "file://COPYING;md5=e28f66b16cb46be47b20a4cdfe6e99a1"

-DEPENDS_append += "\
+DEPENDS:append = " \
    help2man-native openssl-native sbsigntool-native \
    libfile-slurp-perl-native \
 "
@@ -47,12 +47,12 @@ EXTRA_OEMAKE = "\
    OPENSSL_LIB='${STAGING_LIBDIR_NATIVE}' \
    EXTRA_LDFLAGS='${LDFLAGS}' \
 "
-EXTRA_OEMAKE_append_x86 += " ARCH=ia32"
-EXTRA_OEMAKE_append_x86-64 += " ARCH=x86_64"
+EXTRA_OEMAKE:append:x86 = " ARCH=ia32"
+EXTRA_OEMAKE:append:x86-64 = " ARCH=x86_64"

 EFI_BOOT_PATH = "/boot/efi/EFI/BOOT"

-do_compile_prepend() {
+do_compile:prepend() {
    sed -i -e "1s:#!.*:#!/usr/bin/env nativeperl:" xxdi.pl 
 }

@@ -60,7 +60,7 @@ do_install() {
    oe_runmake install DESTDIR='${D}${base_prefix}'
 }

-fakeroot python do_sign_class-target() {
+fakeroot python do_sign:class-target() {
    if d.getVar('GRUB_SIGN_VERIFY', True) != '1':
        return

@@ -74,6 +74,6 @@ do_sign[prefuncs] += "${@'check_boot_public_key' if d.getVar('GRUB_SIGN_VERIFY',
 fakeroot python do_sign() {
 }

-FILES_${PN} += "${EFI_BOOT_PATH}"
+FILES:${PN} += "${EFI_BOOT_PATH}"

 SSTATE_DUPWHITELIST += "${DEPLOY_DIR_IMAGE}/LockDown.efi"
--- a/meta-efi-secure-boot/recipes-bsp/efitools/efitools_git.bb
+++ b/meta-efi-secure-boot/recipes-bsp/efitools/efitools_git.bb
@@ -3,7 +3,7 @@ require efitools.inc
 # The generated native binaries are used during native and target build
 DEPENDS += "${BPN}-native gnu-efi openssl"

-SRC_URI_append += "\
+SRC_URI:append = " \
    file://LockDown-enable-the-enrollment-for-DBX.patch \
    file://LockDown-show-the-error-message-with-3-sec-timeout.patch \
    file://Makefile-do-not-build-signed-efi-image.patch \
@@ -16,7 +16,7 @@ COMPATIBLE_HOST = '(i.86|x86_64).*-linux'

 inherit user-key-store deploy

-EXTRA_OEMAKE_append += "\
+EXTRA_OEMAKE:append = " \
    INCDIR_PREFIX='${STAGING_DIR_TARGET}' \
    CRTPATH_PREFIX='${STAGING_DIR_TARGET}' \
    SIGN_EFI_SIG_LIST='${STAGING_BINDIR_NATIVE}/sign-efi-sig-list' \
@@ -67,7 +67,7 @@ python do_prepare_signing_keys() {
 addtask prepare_signing_keys after do_configure before do_compile
 do_prepare_signing_keys[prefuncs] += "check_deploy_keys"

-do_install_append() {
+do_install:append() {
    install -d ${D}${EFI_BOOT_PATH}
    install -m 0755 ${D}${datadir}/efitools/efi/LockDown.efi ${D}${EFI_BOOT_PATH}
 }
@@ -82,6 +82,6 @@ do_deploy() {
 }
 addtask deploy after do_install before do_build

-RDEPENDS_${PN}_append += "\
+RDEPENDS:${PN}:append = " \
    parted mtools coreutils util-linux openssl libcrypto \
 "
--- a/meta-efi-secure-boot/recipes-bsp/grub/grub-efi-efi-secure-boot.inc
+++ b/meta-efi-secure-boot/recipes-bsp/grub/grub-efi-efi-secure-boot.inc
@@ -1,5 +1,5 @@
 DEPENDS += "openssl-native"
-FILESEXTRAPATHS_prepend := "${THISDIR}/grub-efi:"
+FILESEXTRAPATHS:prepend := "${THISDIR}/grub-efi:"

 GRUB_SIGN_VERIFY_STRICT ?= "1"

@@ -13,7 +13,7 @@ GRUB_MOKVERIFY_PATCH = " \
   file://verify-all-buffiles.patch \
 "

-SRC_URI_append_class-target += "\
+SRC_URI:append:class-target = " \
    file://0001-pe32.h-add-header-structures-for-TE-and-DOS-executab.patch \
    file://0002-shim-add-needed-data-structures.patch \
    file://0003-efi-chainloader-implement-an-UEFI-Exit-service-for-s.patch \
@@ -36,7 +36,7 @@ SRC_URI_append_class-target += "\
 "

 # functions efi_call_foo and efi_shim_exit are not implemented for arm64 yet
-COMPATIBLE_HOST_aarch64 = 'null'
+COMPATIBLE_HOST:aarch64 = 'null'

 GRUB_PREFIX_DIR ?= "/EFI/BOOT"
 EFI_BOOT_PATH ?= "/boot/efi/EFI/BOOT"
@@ -48,14 +48,14 @@ GRUB_SIGNING_MODULES += "${@'pgp gcry_rsa gcry_sha256 gcry_sha512 --pubkey %s '

 GRUB_SELOADER_MODULES += "${@'mok2verify ' if d.getVar('UEFI_SELOADER', True) == '1' else ''}"

-GRUB_BUILDIN_append_class-target += "\
+GRUB_BUILDIN:append:class-target = " \
  tftp reboot chain \
  ${GRUB_SECURE_BOOT_MODULES} \
  ${GRUB_SIGNING_MODULES} \
  ${GRUB_SELOADER_MODULES}"

 # For efi_call_foo and efi_shim_exit
-CFLAGS_append_class-target = " -fno-toplevel-reorder"
+CFLAGS:append:class-target = " -fno-toplevel-reorder"

 # Set a default root specifier.
 inherit user-key-store
@@ -80,7 +80,7 @@ python __anonymous () {
    d.setVar("GRUB_IMAGE", grubimage)
 }

-do_compile_append_class-target() {
+do_compile:append:class-target() {
 	if [ "${GRUB_SIGN_VERIFY}" = "1" -a "${GRUB_SIGN_VERIFY_STRICT}" = "1" ] ; then
 		cat<<EOF>${WORKDIR}/cfg
 set strict_security=1
@@ -94,15 +94,15 @@ set prefix=(\$root)${GRUB_PREFIX_DIR}
 EOF
 }

-do_compile_append_class-native() {
+do_compile:append:class-native() {
    make grub-editenv
 }

-do_install_append_class-native() {
+do_install:append:class-native() {
    install -m 0755 grub-editenv "${D}${bindir}"
 }

-do_install_append_class-target() {
+do_install:append:class-target() {
    local menu="${WORKDIR}/boot-menu.inc"

    # Enable the default IMA rules if IMA is enabled and luks is disabled.
@@ -145,13 +145,13 @@ do_install_append_class-target() {
    rm -f ${D}${EFI_BOOT_PATH}/${GRUB_TARGET}-efi/*.module
 }

-python do_sign_prepend_class-target() {
+python do_sign:prepend:class-target() {
    bb.build.exec_func("check_deploy_keys", d)
    if d.getVar('GRUB_SIGN_VERIFY') == '1':
        bb.build.exec_func("check_boot_public_key", d)
 }

-fakeroot python do_sign_class-target() {
+fakeroot python do_sign:class-target() {
    image_dir = d.getVar('D', True)
    efi_boot_path = d.getVar('EFI_BOOT_PATH', True)
    grub_image = d.getVar('GRUB_IMAGE', True)
@@ -181,7 +181,7 @@ fakeroot do_chownboot() {
 addtask chownboot after do_deploy before do_package

 # Append the do_deploy() in oe-core.
-do_deploy_append_class-target() {
+do_deploy:append:class-target() {
    install -m 0644 "${D}${EFI_BOOT_PATH}/${GRUB_IMAGE}" "${DEPLOYDIR}"

    # Deploy the stacked grub configs.
@@ -202,9 +202,9 @@ do_deploy_append_class-target() {
    PSEUDO_DISABLED=1 cp -af "${D}${EFI_BOOT_PATH}/${GRUB_TARGET}-efi" "${DEPLOYDIR}/efi-unsigned"
 }

-FILES_${PN} += "${EFI_BOOT_PATH}"
+FILES:${PN} += "${EFI_BOOT_PATH}"

-CONFFILES_${PN} += "\
+CONFFILES:${PN} += "\
    ${EFI_BOOT_PATH}/grub.cfg \
    ${EFI_BOOT_PATH}/grubenv \
    ${EFI_BOOT_PATH}/boot-menu.inc \
--- a/meta-efi-secure-boot/recipes-bsp/seloader/seloader_git.bb
+++ b/meta-efi-secure-boot/recipes-bsp/seloader/seloader_git.bb
@@ -45,8 +45,8 @@ EXTRA_OEMAKE = "\
    LIB_GCC="`${CC} -print-libgcc-file-name`" \
 "

-EFI_ARCH_x86 = "ia32"
-EFI_ARCH_x86-64 = "x64"
+EFI_ARCH:x86 = "ia32"
+EFI_ARCH:x86-64 = "x64"

 EFI_TARGET = "/boot/efi/EFI/BOOT"

@@ -91,8 +91,8 @@ do_deploy() {
 }
 addtask deploy after do_install before do_build

-RDEPENDS_${PN} += "ovmf-pkcs7-efi"
+RDEPENDS:${PN} += "ovmf-pkcs7-efi"

-FILES_${PN} += "${EFI_TARGET}"
+FILES:${PN} += "${EFI_TARGET}"

 SSTATE_DUPWHITELIST += "${DEPLOY_DIR_IMAGE}/efi-unsigned"
--- a/meta-efi-secure-boot/recipes-bsp/shim/shim_git.bb
+++ b/meta-efi-secure-boot/recipes-bsp/shim/shim_git.bb
@@ -30,7 +30,7 @@ SRC_URI = "\
    file://0001-MokManager-Use-CompareMem-on-MokListNode.Type-instea.patch \
    file://0001-console.c-Fix-compilation-against-latest-usr-include.patch \
 "
-SRC_URI_append_x86-64 = "\
+SRC_URI:append:x86-64 = " \
    ${@bb.utils.contains('DISTRO_FEATURES', 'msft', \
                         'file://shim' + d.expand('EFI_ARCH') + '.efi.signed file://LICENSE' \
                         if uks_signing_model(d) == 'sample' else '', '', d)} \
@@ -66,7 +66,7 @@ EXTRA_OEMAKE = "\
    ENABLE_SBSIGN=1 \
 "

-EXTRA_OEMAKE_append_x86-64 = " OVERRIDE_SECURITY_POLICY=1"
+EXTRA_OEMAKE:append:x86-64 = " OVERRIDE_SECURITY_POLICY=1"

 PARALLEL_MAKE = ""
 COMPATIBLE_HOST = '(i.86|x86_64).*-linux'
@@ -75,8 +75,8 @@ EFI_TARGET = "/boot/efi/EFI/BOOT"

 MSFT = "${@bb.utils.contains('DISTRO_FEATURES', 'msft', '1', '0', d)}"

-EFI_ARCH_x86 = "ia32"
-EFI_ARCH_x86-64 = "x64"
+EFI_ARCH:x86 = "ia32"
+EFI_ARCH:x86-64 = "x64"

 # Prepare the signing certificate and keys
 python do_prepare_signing_keys() {
@@ -148,4 +148,4 @@ do_deploy() {
 }
 addtask deploy after do_install before do_build

-FILES_${PN} += "${EFI_TARGET}"
+FILES:${PN} += "${EFI_TARGET}"
--- a/meta-efi-secure-boot/recipes-core/images/kernel-initramfs-efi-secure-boot.inc
+++ b/meta-efi-secure-boot/recipes-core/images/kernel-initramfs-efi-secure-boot.inc
@@ -23,16 +23,16 @@ do_deploy() {
 }
 addtask deploy after do_install before do_package

-python do_package_prepend () {
+python do_package:prepend () {
    ext = d.expand('${SB_FILE_EXT}')
    if d.getVar('BUNDLE') == '1':
-        d.appendVar(d.expand('ALTERNATIVE_${PN}'), ' ' + d.expand('${KERNEL_IMAGETYPE}' + '-initramfs' + ext))
+        d.appendVar(d.expand('ALTERNATIVE:${PN}'), ' ' + d.expand('${KERNEL_IMAGETYPE}' + '-initramfs' + ext))
        d.setVarFlag('ALTERNATIVE_LINK_NAME', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs' + ext, d.expand('/boot/${KERNEL_IMAGETYPE}-initramfs' + ext))
        d.setVarFlag('ALTERNATIVE_TARGET', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs' + ext, d.expand('/boot/${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}' + ext))
        d.setVarFlag('ALTERNATIVE_PRIORITY', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs' + ext, '50101')
    else:
        for compr in d.getVar('INITRAMFS_FSTYPES').split():
-            d.appendVar(d.expand('ALTERNATIVE_${PN}'), ' ' + d.expand('${INITRAMFS_IMAGE}') + ext)
+            d.appendVar(d.expand('ALTERNATIVE:${PN}'), ' ' + d.expand('${INITRAMFS_IMAGE}') + ext)
            d.setVarFlag('ALTERNATIVE_LINK_NAME', d.expand('${INITRAMFS_IMAGE}') + ext, d.expand('/boot/${INITRAMFS_IMAGE}') + ext)
            d.setVarFlag('ALTERNATIVE_TARGET', d.expand('${INITRAMFS_IMAGE}') + ext, d.expand('/boot/${INITRAMFS_IMAGE}${INITRAMFS_EXT_NAME}.' + compr + ext))
            d.setVarFlag('ALTERNATIVE_PRIORITY', d.expand('${INITRAMFS_IMAGE}') + ext, '50101')
--- a/meta-efi-secure-boot/recipes-core/ovmf/ovmf_%.bbappend
+++ b/meta-efi-secure-boot/recipes-core/ovmf/ovmf_%.bbappend
@@ -1,9 +1,9 @@
 inherit user-key-store

-PACKAGECONFIG_append = " secureboot"
+PACKAGECONFIG:append = " secureboot"

 # For SELoader
-do_compile_class-target_append() {
+do_compile:class-target:append() {
    if ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'true', 'false', d)}; then
 	secbuild_dir="${S}/Build/SecurityPkg/RELEASE_${FIXED_GCCVER}"
        ${S}/OvmfPkg/build.sh $PARALLEL_JOBS -a $OVMF_ARCH -b RELEASE -t ${FIXED_GCCVER} ${OVMF_SECURE_BOOT_FLAGS} -p SecurityPkg/SecurityPkg.dsc
@@ -14,7 +14,7 @@ do_compile_class-target_append() {

 EFI_TARGET = "/boot/efi/EFI/BOOT"

-do_install_class-target_append() {
+do_install:class-target:append() {
    if ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'true', 'false', d)}; then
        mkdir -p ${D}${EFI_TARGET}
        if [ x"${UEFI_SB}" = x"1" ]; then
@@ -30,13 +30,13 @@ do_install_class-target_append() {
 python do_sign() {
 }

-python do_sign_class-target() {
+python do_sign:class-target() {
    sb_sign(d.expand('${WORKDIR}/ovmf/Hash2DxeCrypto.efi'), d.expand('${WORKDIR}/ovmf/Hash2DxeCrypto.efi.signed'), d)
    sb_sign(d.expand('${WORKDIR}/ovmf/Pkcs7VerifyDxe.efi'), d.expand('${WORKDIR}/ovmf/Pkcs7VerifyDxe.efi.signed'), d)
 }
 addtask sign after do_compile before do_install do_deploy

-do_deploy_class-target_append() {
+do_deploy:class-target:append() {
    if [ x"${UEFI_SB}" = x"1" ]; then
        install -d ${DEPLOYDIR}/efi-unsigned
        install ${WORKDIR}/ovmf/Pkcs7VerifyDxe.efi "${DEPLOYDIR}/efi-unsigned/Pkcs7VerifyDxe.efi"
@@ -53,7 +53,7 @@ PACKAGES += " \
   ovmf-pkcs7-efi \
 "

-FILES_ovmf-pkcs7-efi += " \
+FILES:ovmf-pkcs7-efi += " \
    ${EFI_TARGET}/Hash2DxeCrypto.efi \
    ${EFI_TARGET}/Pkcs7VerifyDxe.efi \
 "
--- a/meta-efi-secure-boot/recipes-core/systemd/systemd-efi-secure-boot.inc
+++ b/meta-efi-secure-boot/recipes-core/systemd/systemd-efi-secure-boot.inc
@@ -1,5 +1,5 @@
 DEPENDS += "gnu-efi"
-PACKAGECONFIG_append = " efi"
+PACKAGECONFIG:append = " efi"
 EXTRA_OEMESON += "-Dgnu-efi=true \
                  -Defi-libdir=${STAGING_LIBDIR} \
                  -Defi-includedir=${STAGING_INCDIR}"
--- a/meta-efi-secure-boot/recipes-extended/mokutil/mokutil_git.bb
+++ b/meta-efi-secure-boot/recipes-extended/mokutil/mokutil_git.bb
@@ -24,6 +24,6 @@ EXTRA_OEMAKE += "\

 COMPATIBLE_HOST = '(i.86|x86_64|arm|aarch64).*-linux'

-FILES_${PN} += "${datadir}/bash-completion/*"
+FILES:${PN} += "${datadir}/bash-completion/*"

-RDEPENDS_${PN} += "openssl efivar"
+RDEPENDS:${PN} += "openssl efivar"
--- a/meta-efi-secure-boot/recipes-kernel/linux/linux-yocto-efi-secure-boot.inc
+++ b/meta-efi-secure-boot/recipes-kernel/linux/linux-yocto-efi-secure-boot.inc
@@ -4,8 +4,8 @@ efi_secure_boot_sccs = "\
    ${@bb.utils.contains('DISTRO_FEATURES', 'efi-secure-boot', \
                         'cfg/efi-ext.scc', '', d)} \
 "
-KERNEL_FEATURES_append_x86 += "${efi_secure_boot_sccs}"
-KERNEL_FEATURES_append_x86-64 += "${efi_secure_boot_sccs}"
+KERNEL_FEATURES:append:x86 = " ${efi_secure_boot_sccs}"
+KERNEL_FEATURES:append:x86-64 = " ${efi_secure_boot_sccs}"

 inherit user-key-store

@@ -75,7 +75,7 @@ fakeroot python do_sign_bundled_kernel() {
 }
 addtask sign_bundled_kernel after do_bundle_initramfs before do_deploy

-do_deploy_append() {
+do_deploy:append() {
    install -d "${DEPLOYDIR}/efi-unsigned"

    for imageType in ${KERNEL_IMAGETYPES}; do
@@ -102,9 +102,9 @@ do_deploy_append() {
 }

 # Ship *.p7b or *.sig files to related packages
-python do_package_prepend() {
+python do_package:prepend() {
    for type in d.expand('${KERNEL_IMAGETYPES}').split():
        typelower = type.lower()
-        d.appendVar('FILES_kernel-image-' + typelower, ' /boot/' + type + d.expand('-${KERNEL_VERSION_NAME}${SB_FILE_EXT}'))
-        d.appendVar('FILES_kernel-image-' + typelower, ' /boot/' + type + d.expand('${SB_FILE_EXT}'))
+        d.appendVar('FILES:kernel-image-' + typelower, ' /boot/' + type + d.expand('-${KERNEL_VERSION_NAME}${SB_FILE_EXT}'))
+        d.appendVar('FILES:kernel-image-' + typelower, ' /boot/' + type + d.expand('${SB_FILE_EXT}'))
 }