In oe-core commit 759df7395908f18b3b68f28d043ac9ebd42dd0c8, the
plaintext password setting function was dropped because of the security
issue. So the plaintext password setting method "usermod -P 'password'
user" is not available. Now we should pass the encrypted password to
usermod via -p option.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
oe-core commit fb064356af615d67d85b65942103bf943d84d290 removed the
packagegroup-core-lsb, so it must be removed from any other image
recipes which refernce the packagegroup-core-lsb.
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
...
|install: cannot stat 'tmp-glibc/deploy/images/intel-x86-64/secure-core-image-init
ramfs-intel-x86-64.cpio.gz': No such file or directory
...
Depends do_image_complete after required image generated
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Run yocto-check-layer to check layer compliance of Yocto will report the
following error:
$ yocto-check-layer ../meta-secure-core/meta
INFO: Detected layers:
[snip]
INFO: test_readme (common.CommonCheckLayer)
INFO: ... FAIL
INFO: Traceback (most recent call last):
File "/buildarea/poky/scripts/lib/checklayer/cases/common.py", line 15, in test_readme
msg="Layer doesn't contains README file.")
AssertionError: False is not true : Layer doesn't contains README file.
[snip]
There is no need to create a new README for this layer. We just create a
symbolic link of README from the top-level.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
The following failure is shown during secure-core-image-initramfs:do_rootfs():
Error: Transaction check error:
file /proc conflicts between attempted installs of initrdscripts-secure-core-1.0-r0.corei7_64 and base-files-3.0.14-r89.intel_x86_64
file /sys conflicts between attempted installs of initrdscripts-secure-core-1.0-r0.corei7_64 and base-files-3.0.14-r89.intel_x86_64
So remove /sys and /proc as base-files has already provided them.
Signed-off-by: Yunguo Wei <yunguo.wei@windriver.com>
Since `9ec5a8a layer.conf: Drop sumo from LAYERSERIES_CORENAMES' and
`9867924 layer.conf: Add thud to LAYERSERIES_CORENAMES' applied in oe-core,
update LAYERSERIES_COMPAT `sumo' -> `thud'
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
The following commits are reverted by the way:
- seloader: Fix building for rocko (bc6bbe2)
- meta-integrity: rpm: Add back in required patches for rocko (5fa9c85)
Because they are only applicable to rocko.
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
The *_BASE_NAME was renamed to *_NAME in oe-core commit
f952c8e08b4798aa0f8bf764cfd70bda0eae9b8b. So we also need to do the same
thing here.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
- All valid initramfs types will be listed in INITRAMFS_FSTYPES so use
that variable rather than open-coding a list of possibilities.
- Since we're using the list of things that must exist now we don't need
to test if the files exist anymore. And when signing, we can sign all
of them now.
- Add some python to do_package to update all of the ALTERNATIVES
variables dynamically based on how we're configured. This introduces
an alternative for the initramfs portion as well so there is a stable
name.
Signed-off-by: Tom Rini <trini@konsulko.com>
Our "init" script requires additional directories to exist and since we
don't pull in something like base-files that gives us a full layout we
must make these additional directories on our own.
Signed-off-by: Tom Rini <trini@konsulko.com>
base_read_file has been removed from oe-core so use the
replacement function oe.utils.read_file.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
* install 'packagegroup-tpm2-initramfs' of distro flag 'tpm2' is set
* install 'initrdscripts-ima' if distro flag 'ima' is set
* install 'cryptfs-tpm2-initramfs' if distro flag 'luks' is set
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
The "${S}" is not used for kernel-initramfs and it will
cleanup the kernel source codes if it is specified to
${STAGING_KERNEL_DIR}, thus remove this definition.
Signed-off-by: Fupan Li <fupan.li@windriver.com>
${COREBASE}/LICENSE is not a valid license file. So it is recommended
to use '${COMMON_LICENSE_DIR}/MIT' for a MIT License file in
LIC_FILES_CHKSUM. This will become an error in the future.
Signed-off-by: Jia Zhang <lans.zhang2008@gmail.com>
encrypted-storage layer will include more security features about encrypted
storage so the term "encrypted-storage" won't be used to specify a dedicated
technology term such as "LUKS".
Signed-off-by: Jia Zhang <lans.zhang2008@gmail.com>
