mirrors/meta-security
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-security synced 2026-01-11 15:00:34 +00:00
Code Issues Projects Releases Wiki Activity

dm-verity: Set the IMAGE_FSTYPES correctly when dm-verity is enabled

Browse Source 
After the using inherit_defer for the image classes in oe-core commit
451363438d38 ("classes/recipes: Switch to use inherit_defer"),
the using of anonymous python function in dm-verity-img.bbclass to
set the IMAGE_FSTYPES doesn't work anymore. The reason is that
image.bbclass also use anonymous python function to add the do_image_xxx
task for the corresponding filesystem type. The anonymous function in
dm-verity-img.bbclass is evaluated much later than the one in
image.bbclass. Then the task such as do_image_vhash will not be added
as we expect. So we choose to use "+=" to set the IMAGE_FSTYPES.

The populate_sdk_ext.bbclass may generate a dependency list like below:
  core-image-minimal.do_sdk_depends -> lib32-core-image-minimal.do_image_vhash

So we also need to make sure the do_image_vhash task for the multilib
filesystem is added.

Signed-off-by: Kevin Hao <kexin.hao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
Kevin Hao
2024-02-22 09:21:54 +08:00
committed by Armin Kuster
parent 7b951e3900
commit d80cd2ba6a
1 changed files with 19 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
classes/dm-verity-img.bbclass
View File

@@ -177,6 +177,24 @@ CONVERSION_CMD:verity = "verity_setup ${type}"
CONVERSION_DEPENDS_verity = "cryptsetup-native"
IMAGE_CMD:vhash = "verity_hash"
def get_verity_fstypes(d):
verity_image = d.getVar('DM_VERITY_IMAGE')
verity_type = d.getVar('DM_VERITY_IMAGE_TYPE')
verity_hash = d.getVar('DM_VERITY_SEPARATE_HASH')
pn = d.getVar('PN')
fstypes = ""
if not pn.endswith(verity_image):
return fstypes # This doesn't concern this image
fstypes = verity_type + ".verity"
if verity_hash == "1":
fstypes += " vhash"
return fstypes
IMAGE_FSTYPES += "${@get_verity_fstypes(d)}"
python __anonymous() {
verity_image = d.getVar('DM_VERITY_IMAGE')
verity_type = d.getVar('DM_VERITY_IMAGE_TYPE')
@@ -188,16 +206,12 @@ python __anonymous() {
bb.warn('dm-verity-img class inherited but not used')
return
if verity_image != pn:
if not pn.endswith(verity_image):
return # This doesn't concern this image
if len(verity_type.split()) != 1:
bb.fatal('DM_VERITY_IMAGE_TYPE must contain exactly one type')
d.appendVar('IMAGE_FSTYPES', ' %s.verity' % verity_type)
if verity_hash == "1":
d.appendVar('IMAGE_FSTYPES', ' vhash')
# If we're using wic: we'll have to use partition images and not the rootfs
# source plugin so add the appropriate dependency.
if 'wic' in image_fstypes: