mirrors/meta-security
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-security synced 2026-01-12 03:10:13 +00:00
Code Issues Projects Releases Wiki Activity

build cleanup: add iam to base depend

Browse Source 
Drop *.ima.yml
Try next

Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
Armin Kuster
2021-05-03 13:38:46 -07:00
parent baca6133f9
commit acbf11eec8
5 changed files with 151 additions and 111 deletions
Download Patch File Download Diff File Expand all files Collapse all files

230
.gitlab-ci.yml
View File

@@ -12,21 +12,20 @@
- for x in `ls $CI_PROJECT_DIR/build/tmp/log/error-report/ | grep error_report_`; do
- send-error-report -y tmp/log/error-report/$x
- done
- rm -fr $CI_PROJECT_DIR/build
stages:
- build
- base
- parsec
- multi
- alt
- musl
- test
- cleanup
.build:
.base:
before_script:
- *before-my-script
stage: build
stage: base
after_script:
- *after-my-script
@@ -66,100 +65,171 @@ stages:
after_script:
- *after-my-script
.cleanup:
stage: cleanup
qemux86:
extends: .build
extends: .base
script:
- kas build --target security-build-image kas/$CI_JOB_NAME.yml
- kas shell kas/$CI_JOB_NAME.yml -c "bitbake -k security-build-image integrity-image-minimal"
- kas build --target security-build-image kas/$CI_JOB_NAME-comp.yml
- kas build --target harden-image-minimal kas/$CI_JOB_NAME-harden.yml
- kas build --target integrity-image-minimal kas/$CI_JOB_NAME-ima.yml
qemux86-64:
extends: .build
script:
- kas shell kas/$CI_JOB_NAME.yml -c "bitbake -k security-build-image security-tpm-image security-tpm2-image"
- kas build --target dm-verity-image-initramfs kas/$CI_JOB_NAME-dm-verify.yml
- kas build --target integrity-image-minimal kas/$CI_JOB_NAME-ima.yml
qemuarm:
extends: .build
script:
- kas build --target security-build-image kas/$CI_JOB_NAME.yml
qemuarm64:
extends: .build
script:
- kas shell kas/$CI_JOB_NAME.yml -c "bitbake -k security-build-image security-tpm2-image"
- kas build --target integrity-image-minimal kas/$CI_JOB_NAME-ima.yml
qemuppc:
extends: .build
script:
- kas build --target security-build-image kas/$CI_JOB_NAME.yml
qemumips64:
extends: .build
script:
- kas build --target security-build-image kas/$CI_JOB_NAME.yml
qemuriscv64:
extends: .build
script:
- kas build --target security-build-image kas/$CI_JOB_NAME.yml
qemuarm64-alt:
extends: .alt
script:
- kas build --target security-build-image kas/$CI_JOB_NAME.yml
qemuarm64-multi:
extends: .multi
script:
- kas build --target security-build-image kas/$CI_JOB_NAME.yml
qemumips64-alt:
extends: .alt
script:
- kas build --target security-build-image kas/$CI_JOB_NAME.yml
qemumips64-multi:
extends: .multi
script:
- kas build --target security-build-image kas/$CI_JOB_NAME.yml
qemux86-64-alt:
extends: .alt
script:
- kas build --target security-build-image kas/$CI_JOB_NAME.yml
qemux86-64-multi:
extends: .multi
script:
- kas build --target security-build-image kas/$CI_JOB_NAME.yml
qemux86-musl:
extends: .musl
needs: ['qemux86-parsec']
script:
- kas build --target security-build-image kas/$CI_JOB_NAME.yml
qemuarm64-musl:
extends: .musl
qemux86-parsec:
extends: .parsec
needs: ['qemux86']
script:
- kas build --target security-build-image kas/$CI_JOB_NAME.yml
qemux86-test:
extends: .test
needs: ['qemux86']
allow_failure: true
script:
- kas build --target security-test-image kas/$CI_JOB_NAME.yml
- kas build -c testimage --target security-test-image kas/$CI_JOB_NAME.yml
parsec:
extends: .parsec
qemux86-rm:
extends: .cleanup
needs: ['qemux86']
script:
- kas build --target security-build-image kas/qemuarm-$CI_JOB_NAME.yml
- kas build --target security-build-image kas/qemuarm64-$CI_JOB_NAME.yml
- kas build --target security-build-image kas/qemux86-$CI_JOB_NAME.yml
- kas build --target security-build-image kas/qemux86-64-$CI_JOB_NAME.yml
- kas build --target security-build-image kas/qemuppc-$CI_JOB_NAME.yml
- rm -fr $CI_PROJECT_DIR/build
qemux86-64:
extends: .base
script:
- kas shell kas/$CI_JOB_NAME.yml -c "bitbake -k security-build-image security-tpm-image security-tpm2-image integrity-image-minimal"
- kas build --target dm-verity-image-initramfs kas/$CI_JOB_NAME-dm-verify.yml
qemux86-64-parsec:
extends: .parsec
needs: ['qemux86-64']
script:
- kas build --target security-build-image kas/$CI_JOB_NAME.yml
qemux86-64-multi:
extends: .multi
needs: ['qemux86-64']
script:
- kas build --target security-build-image kas/$CI_JOB_NAME.yml
qemux86-64-alt:
extends: .alt
needs: ['qemux86-64-multi']
script:
- kas build --target security-build-image kas/$CI_JOB_NAME.yml
qemux86-64-rm:
extends: .cleanup
needs: ['qemux86-64']
script:
- rm -fr $CI_PROJECT_DIR/build
qemuarm:
extends: .base
script:
- kas build --target security-build-image kas/$CI_JOB_NAME.yml
qemuarm-parsec:
extends: .parsec
needs: ['qemuarm']
script:
- kas build --target security-build-image kas/$CI_JOB_NAME.yml
qemuarm-rm:
extends: .cleanup
needs: ['qemuarm']
script:
- rm -fr $CI_PROJECT_DIR/build
qemuarm64:
extends: .base
script:
- kas shell kas/$CI_JOB_NAME.yml -c "bitbake -k security-build-image security-tpm2-image integrity-image-minimal"
qemuarm64-multi:
extends: .multi
needs: ['qemuarm64']
script:
- kas build --target security-build-image kas/$CI_JOB_NAME.yml
qemuarm64-alt:
extends: .alt
needs: ['qemuarm64-multi']
script:
- kas build --target security-build-image kas/$CI_JOB_NAME.yml
qemuarm64-musl:
extends: .musl
needs: ['qemuarm64-alt']
script:
- kas build --target security-build-image kas/$CI_JOB_NAME.yml
qemuarm64-parsec:
extends: .parsec
needs: ['qemuarm64']
script:
- kas build --target security-build-image kas/$CI_JOB_NAME.yml
qemuarm64-rm:
extends: .cleanup
needs: ['qemuarm64']
script:
- rm -fr $CI_PROJECT_DIR/build
qemuppc:
extends: .base
script:
- kas build --target security-build-image kas/$CI_JOB_NAME.yml
qemuppc-parsec:
extends: .parsec
needs: ['qemuppc']
script:
- kas build --target security-build-image kas/$CI_JOB_NAME.yml
qemuppc-rm:
extends: .cleanup
needs: ['qemuppc']
script:
- rm -fr $CI_PROJECT_DIR/build
qemumips64:
extends: .base
script:
- kas build --target security-build-image kas/$CI_JOB_NAME.yml
qemumips64-multi:
extends: .multi
needs: ['qemumips64']
script:
- kas build --target security-build-image kas/$CI_JOB_NAME.yml
qemumips64-alt:
extends: .alt
needs: ['qemumips64-multi']
script:
- kas build --target security-build-image kas/$CI_JOB_NAME.yml
qemumips64-rm:
extends: .cleanup
needs: ['qemumips64']
script:
- rm -fr $CI_PROJECT_DIR/build
qemuriscv64:
extends: .base
script:
- kas build --target security-build-image kas/$CI_JOB_NAME.yml
qemuriscv64-rm:
extends: .cleanup
needs: ['qemuriscv64']
script:
- rm -fr $CI_PROJECT_DIR/build

2
kas/kas-security-base.yml
View File

@@ -51,7 +51,7 @@ local_conf_header:
EXTRA_IMAGE_FEATURES ?= "debug-tweaks"
PACKAGE_CLASSES = "package_ipk"
DISTRO_FEATURES_append = " pam apparmor smack"
DISTRO_FEATURES_append = " pam apparmor smack ima"
MACHINE_FEATURES_append = " tpm tpm2"
diskmon: |

10
kas/qemuarm64-ima.yml
View File

@@ -1,10 +0,0 @@
header:
version: 8
includes:
- kas-security-base.yml
local_conf_header:
meta-security: |
DISTRO_FEATURES_append = " ima"
machine: qemuarm64

10
kas/qemux86-64-ima.yml
View File

@@ -1,10 +0,0 @@
header:
version: 8
includes:
- kas-security-base.yml
local_conf_header:
meta-security: |
DISTRO_FEATURES_append = " ima"
machine: qemux86-64

10
kas/qemux86-ima.yml
View File

@@ -1,10 +0,0 @@
header:
version: 8
includes:
- kas-security-base.yml
local_conf_header:
meta-security: |
DISTRO_FEATURES_append = " ima"
machine: qemux86