mirrors/meta-security
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-security synced 2026-05-30 12:30:36 +00:00
Code Issues Projects Releases Wiki Activity

meta-integrity: add sanity check

Browse Source 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
Armin Kuster
2021-06-02 01:59:22 +00:00
parent 35e1b61750
commit 6e75e751ff
3 changed files with 31 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-integrity/README.md
+17 -1
View File
@@ -1,8 +1,24 @@
This README file contains information on the contents of the This README file contains information on the contents of the
integrity layer. integrity layer.
Please see the corresponding sections below for details.
The bbappend files for some recipes (e.g. linux-yocto) in this layer need
to have 'integrity' in DISTRO_FEATURES to have effect.
To enable them, add in configuration file the following line.
DISTRO_FEATURES_append = " integrity"
If meta-integrity is included, but integrity is not enabled as a
distro feature a warning is printed at parse time:
You have included the meta-integritry layer, but
'integrity' has not been enabled in your DISTRO_FEATURES. Some bbappend files
and preferred version setting may not take effect.
If you know what you are doing, this warning can be disabled by setting the following
variable in your configuration:
SKIP_META_INTEGRITY_SANITY_CHECK = 1
Dependencies Dependencies
============ ============
meta-integrity/classes/sanity-meta-integrity.bbclass
+10
View File
@@ -0,0 +1,10 @@
addhandler integrity_bbappend_distrocheck
integrity_bbappend_distrocheck[eventmask] = "bb.event.SanityCheck"
python integrity_bbappend_distrocheck() {
skip_check = e.data.getVar('SKIP_META_INTEGRITY_SANITY_CHECK') == "1"
if 'integrity' not in e.data.getVar('DISTRO_FEATURES').split() and not skip_check:
bb.warn("You have included the meta-integrity layer, but \
'integrity' has not been enabled in your DISTRO_FEATURES. Some bbappend files \
and preferred version setting may not take effect. See the meta-integrity README \
for details on enabling integrity support.")
}
meta-integrity/conf/layer.conf
+4
View File
@@ -26,6 +26,10 @@ LAYERDEPENDS_integrity = "core openembedded-layer"
BBLAYERS_LAYERINDEX_NAME_integrity = "meta-integrity" BBLAYERS_LAYERINDEX_NAME_integrity = "meta-integrity"
# Sanity check for meta-integrity layer.
# Setting SKIP_META_INTEGRITY_SANITY_CHECK to "1" would skip the bbappend files check.
INHERIT += "sanity-meta-integrity"
BBFILES_DYNAMIC += " \ BBFILES_DYNAMIC += " \
networking-layer:${LAYERDIR}/dynamic-layers/meta-networking/recipes-*/*/*.bbappend \ networking-layer:${LAYERDIR}/dynamic-layers/meta-networking/recipes-*/*/*.bbappend \
" "