meta-integrity: Convert to new override syntax

Signed-off-by: Armin Kuster <akuster808@gmail.com>

meta-integrity/README.md

@@ -6,7 +6,7 @@ The bbappend files for some recipes (e.g. linux-yocto) in this layer need
 to have 'integrity' in DISTRO_FEATURES to have effect.
 To enable them, add in configuration file the following line.
 
-  DISTRO_FEATURES_append = " integrity"
+  DISTRO_FEATURES:append = " integrity"
 
 If meta-integrity is included, but integrity is not enabled as a
 distro feature a warning is printed at parse time:
@@ -219,7 +219,7 @@ executing the file is no longer allowed:
 Enabling the audit kernel subsystem may help to debug appraisal
 issues. Enable it by adding the meta-security-framework layer and
 changing your local.conf:
-    SRC_URI_append_pn-linux-yocto = " file://audit.cfg"
+    SRC_URI:append:pn-linux-yocto = " file://audit.cfg"
     CORE_IMAGE_EXTRA_INSTALL += "auditd"
 
 Then boot with "ima_appraise=log ima_appraise_tcb".

meta-integrity/classes/ima-evm-rootfs.bbclass

@@ -29,7 +29,7 @@ IMA_EVM_ROOTFS_HASHED ?= ". -depth 0 -false"
 IMA_EVM_ROOTFS_IVERSION ?= ""
 
 # Avoid re-generating fstab when ima is enabled.
-WIC_CREATE_EXTRA_ARGS_append = "${@bb.utils.contains('DISTRO_FEATURES', 'ima', ' --no-fstab-update', '', d)}"
+WIC_CREATE_EXTRA_ARGS:append = "${@bb.utils.contains('DISTRO_FEATURES', 'ima', ' --no-fstab-update', '', d)}"
 
 ima_evm_sign_rootfs () {
     cd ${IMAGE_ROOTFS}

meta-integrity/classes/kernel-modsign.bbclass

@@ -15,7 +15,7 @@ MODSIGN_X509 ?= "${MODSIGN_KEY_DIR}/x509_modsign.crt"
 # If this class is enabled, disable stripping signatures from modules
 INHIBIT_PACKAGE_STRIP = "1"
 
-kernel_do_configure_prepend() {
+kernel_do_configure:prepend() {
     if [ -f "${MODSIGN_PRIVKEY}" -a -f "${MODSIGN_X509}" ]; then
         cat "${MODSIGN_PRIVKEY}" "${MODSIGN_X509}" \
             > "${B}/modsign_key.pem"
@@ -24,6 +24,6 @@ kernel_do_configure_prepend() {
     fi
 }
 
-do_shared_workdir_append() {
+do_shared_workdir:append() {
     cp modsign_key.pem $kerneldir/
 }

meta-integrity/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-ima.inc

@@ -1,8 +1,8 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
 
 DEPENDS = "libtspi"
 
-SRC_URI_append = " file://0001-xfrmi-Only-build-if-libcharon-is-built.patch"
+SRC_URI:append = " file://0001-xfrmi-Only-build-if-libcharon-is-built.patch"
 
 PACKAGECONFIG += " \
     aikgen \

meta-integrity/recipes-core/base-files/base-files-ima.inc

@@ -1,5 +1,5 @@
 # Append iversion option for auto types
-do_install_append() {
+do_install:append() {
     sed -i 's/\s*auto\s*defaults/&,iversion/' "${D}${sysconfdir}/fstab"
     echo 'securityfs  /sys/kernel/security  securityfs  defaults  0  0' >> "${D}${sysconfdir}/fstab"
 }

meta-integrity/recipes-core/images/integrity-image-minimal.bb

@@ -18,4 +18,4 @@ export IMAGE_BASENAME = "integrity-image-minimal"
 
 INHERIT += "ima-evm-rootfs"
 
-QB_KERNEL_CMDLINE_APPEND_append = " ima_appraise=fix ima_policy=tcb ima_policy=appraise_tcb"
+QB_KERNEL_CMDLINE_APPEND:append = " ima_appraise=fix ima_policy=tcb ima_policy=appraise_tcb"

meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb

@@ -30,7 +30,7 @@ do_install () {
     sed -i "s/@@FORCE_IMA@@/${IMA_FORCE}/g" ${D}/init.d/20-ima
 }
 
-FILES_${PN} = "/init.d ${sysconfdir}"
+FILES:${PN} = "/init.d ${sysconfdir}"
 
-RDEPENDS_${PN} = "keyutils ima-evm-keys ${IMA_POLICY}"
-RDEPENDS_${PN} += "initramfs-framework-base"
+RDEPENDS:${PN} = "keyutils ima-evm-keys ${IMA_POLICY}"
+RDEPENDS:${PN} += "initramfs-framework-base"

meta-integrity/recipes-core/packagegroups/packagegroup-ima-evm-utils.bb

@@ -6,6 +6,6 @@ inherit packagegroup features_check
 REQUIRED_DISTRO_FEATURES = "ima"
 
 # Only one at the moment, but perhaps more will come in the future.
-RDEPENDS_${PN} = " \
+RDEPENDS:${PN} = " \
     ima-evm-utils \
 "

meta-integrity/recipes-core/systemd/systemd_%.bbappend

@@ -1,11 +1,11 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
 
 SRC_URI += " \
     file://machine-id-commit-sync.conf \
     file://random-seed-sync.conf \
 "
 
-do_install_append () {
+do_install:append () {
     for i in machine-id-commit random-seed; do
         install -d ${D}/${systemd_system_unitdir}/systemd-$i.service.d
         install -m 0644 ${WORKDIR}/$i-sync.conf ${D}/${systemd_system_unitdir}/systemd-$i.service.d

meta-integrity/recipes-kernel/linux/linux_ima.inc

@@ -1,5 +1,5 @@
-KERNEL_FEATURES_append = " ${@bb.utils.contains("DISTRO_FEATURES", "ima", " features/ima/ima.scc", "" ,d)}"
+KERNEL_FEATURES:append = " ${@bb.utils.contains("DISTRO_FEATURES", "ima", " features/ima/ima.scc", "" ,d)}"
 
-KERNEL_FEATURES_append = " ${@bb.utils.contains('DISTRO_FEATURES', 'modsign', ' features/ima/modsign.scc', '', d)}"
+KERNEL_FEATURES:append = " ${@bb.utils.contains('DISTRO_FEATURES', 'modsign', ' features/ima/modsign.scc', '', d)}"
 
 inherit ${@bb.utils.contains('DISTRO_FEATURES', 'modsign', 'kernel-modsign', '', d)}

meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb

@@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384
 inherit features_check
 REQUIRED_DISTRO_FEATURES = "ima"
 
-ALLOW_EMPTY_${PN} = "1"
+ALLOW_EMPTY:${PN} = "1"
 
 do_install () {
     if [ -e "${IMA_EVM_X509}" ]; then

meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb

@@ -4,7 +4,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
 
 DEPENDS += "openssl attr keyutils"
 
-DEPENDS_class-native += "openssl-native keyutils-native"
+DEPENDS:class-native += "openssl-native keyutils-native"
 
 PV = "1.2.1+git${SRCPV}"
 SRCREV = "3eab1f93b634249c1720f65fcb495b1996f0256e"
@@ -26,13 +26,13 @@ S = "${WORKDIR}/git"
 inherit pkgconfig autotools features_check
 
 REQUIRED_DISTRO_FEATURES = "ima"
-REQUIRED_DISTRO_FEATURES_class-native = ""
+REQUIRED_DISTRO_FEATURES:class-native = ""
 
-EXTRA_OECONF_append_class-target = " --with-kernel-headers=${STAGING_KERNEL_BUILDDIR}"
+EXTRA_OECONF:append:class-target = " --with-kernel-headers=${STAGING_KERNEL_BUILDDIR}"
 
 # blkid is called by evmctl when creating evm checksums.
 # This is less useful when signing files on the build host,
 # so disable it when compiling on the host.
-RDEPENDS_${PN}_append_class-target = " util-linux-blkid libcrypto attr libattr keyutils"
+RDEPENDS:${PN}:append:class-target = " util-linux-blkid libcrypto attr libattr keyutils"
 
 BBCLASSEXTEND = "native nativesdk"

meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb

@@ -12,5 +12,5 @@ do_install () {
     install ${WORKDIR}/ima_policy_appraise_all ${D}/${sysconfdir}/ima/ima-policy
 }
 
-FILES_${PN} = "${sysconfdir}/ima"
-RDEPENDS_${PN} = "ima-evm-utils"
+FILES:${PN} = "${sysconfdir}/ima"
+RDEPENDS:${PN} = "ima-evm-utils"

meta-integrity/recipes-security/ima_policy_hashed/ima-policy-hashed_1.0.bb

@@ -14,5 +14,5 @@ do_install () {
     install ${WORKDIR}/ima_policy_hashed ${D}/${sysconfdir}/ima/ima-policy
 }
 
-FILES_${PN} = "${sysconfdir}/ima"
-RDEPENDS_${PN} = "ima-evm-utils"
+FILES:${PN} = "${sysconfdir}/ima"
+RDEPENDS:${PN} = "ima-evm-utils"

meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb

@@ -12,5 +12,5 @@ do_install () {
     install ${WORKDIR}/ima_policy_simple ${D}/${sysconfdir}/ima/ima-policy
 }
 
-FILES_${PN} = "${sysconfdir}/ima"
-RDEPENDS_${PN} = "ima-evm-utils"
+FILES:${PN} = "${sysconfdir}/ima"
+RDEPENDS:${PN} = "ima-evm-utils"