mirror of
https://git.yoctoproject.org/meta-security
synced 2026-01-12 03:10:13 +00:00
53 lines
1.6 KiB
Plaintext
53 lines
1.6 KiB
Plaintext
#
|
|
# Copyright 2022 Armin Kuster <akuster808@gmail.com>
|
|
#
|
|
# This class creates the initial aide database durning
|
|
# the build cycle allowing for that set being skipped during boot
|
|
# It has an additional benefit of having not being tamper with
|
|
# after build.
|
|
#
|
|
# To have the aide db created during build
|
|
# 1. Extend local.conf:
|
|
# INHERIT += "adie-init-db"
|
|
#
|
|
# These are the defaults as defined in aide-base.bbclass
|
|
# They can be overriden in your local.conf or other distro include
|
|
#
|
|
# To define where the share directory should be.
|
|
# STAGING_AIDE_DIR = "${TMPDIR}/work-shared/${MACHINE}/aida"
|
|
#
|
|
# To define which directories should be inclued in a scan
|
|
# AIDE_INCLUDE_DIRS ?= "/lib"
|
|
#
|
|
# To exclude directories and files from being scanned
|
|
# AIDE_SKIP_DIRS ?= "/lib/modules/.\*"
|
|
#
|
|
# To controll if a db init should happen at postint
|
|
# AIDE_SCAN_POSTINIT ?= "0"
|
|
#
|
|
# To cotroll if a db recan should be run at postinit
|
|
# AIDE_RESCAN_POSTINIT ?= "0"
|
|
|
|
inherit aide-base
|
|
|
|
aide_init_db() {
|
|
for dir in ${AIDE_INCLUDE_DIRS}; do
|
|
echo "${IMAGE_ROOTFS}${dir} NORMAL" >> ${STAGING_AIDE_DIR}/aide.conf
|
|
done
|
|
for dir in ${AIDE_SKIP_DIRS}; do
|
|
echo "!${IMAGE_ROOTFS}${dir}" >> ${STAGING_AIDE_DIR}/aide.conf
|
|
done
|
|
|
|
|
|
${STAGING_AIDE_DIR}/bin/aide -c ${STAGING_AIDE_DIR}/aide.conf --init
|
|
gunzip ${STAGING_AIDE_DIR}/lib/aide.db.gz
|
|
# strip out native path
|
|
sed -i -e 's:${IMAGE_ROOTFS}::' ${STAGING_AIDE_DIR}/lib/aide.db
|
|
gzip -9 ${STAGING_AIDE_DIR}/lib/aide.db
|
|
cp -f ${STAGING_AIDE_DIR}/lib/aide.db.gz ${IMAGE_ROOTFS}${libdir}/aide
|
|
}
|
|
|
|
EXTRA_IMAGEDEPENDS:append = " aide-native"
|
|
|
|
ROOTFS_POSTPROCESS_COMMAND:append = " aide_init_db;"
|