summaryrefslogtreecommitdiff
path: root/meta-security/meta-integrity
diff options
context:
space:
mode:
Diffstat (limited to 'meta-security/meta-integrity')
-rw-r--r--meta-security/meta-integrity/README.md4
-rw-r--r--meta-security/meta-integrity/classes/ima-evm-rootfs.bbclass2
-rw-r--r--meta-security/meta-integrity/classes/kernel-modsign.bbclass4
-rw-r--r--meta-security/meta-integrity/conf/layer.conf2
-rw-r--r--meta-security/meta-integrity/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-ima.inc4
-rw-r--r--meta-security/meta-integrity/recipes-core/base-files/base-files-ima.inc2
-rw-r--r--meta-security/meta-integrity/recipes-core/images/integrity-image-minimal.bb2
-rw-r--r--meta-security/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb6
-rw-r--r--meta-security/meta-integrity/recipes-core/packagegroups/packagegroup-ima-evm-utils.bb2
-rw-r--r--meta-security/meta-integrity/recipes-core/systemd/systemd_%.bbappend4
-rw-r--r--meta-security/meta-integrity/recipes-kernel/linux/linux_ima.inc4
-rw-r--r--meta-security/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb2
-rw-r--r--meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb8
-rw-r--r--meta-security/meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb4
-rw-r--r--meta-security/meta-integrity/recipes-security/ima_policy_hashed/ima-policy-hashed_1.0.bb4
-rw-r--r--meta-security/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb4
16 files changed, 29 insertions, 29 deletions
diff --git a/meta-security/meta-integrity/README.md b/meta-security/meta-integrity/README.md
index 8254b0d94..eae1c57ea 100644
--- a/meta-security/meta-integrity/README.md
+++ b/meta-security/meta-integrity/README.md
@@ -6,7 +6,7 @@ The bbappend files for some recipes (e.g. linux-yocto) in this layer need
to have 'integrity' in DISTRO_FEATURES to have effect.
To enable them, add in configuration file the following line.
- DISTRO_FEATURES_append = " integrity"
+ DISTRO_FEATURES:append = " integrity"
If meta-integrity is included, but integrity is not enabled as a
distro feature a warning is printed at parse time:
@@ -219,7 +219,7 @@ executing the file is no longer allowed:
Enabling the audit kernel subsystem may help to debug appraisal
issues. Enable it by adding the meta-security-framework layer and
changing your local.conf:
- SRC_URI_append_pn-linux-yocto = " file://audit.cfg"
+ SRC_URI:append:pn-linux-yocto = " file://audit.cfg"
CORE_IMAGE_EXTRA_INSTALL += "auditd"
Then boot with "ima_appraise=log ima_appraise_tcb".
diff --git a/meta-security/meta-integrity/classes/ima-evm-rootfs.bbclass b/meta-security/meta-integrity/classes/ima-evm-rootfs.bbclass
index 0acd6e7aa..57de2f60a 100644
--- a/meta-security/meta-integrity/classes/ima-evm-rootfs.bbclass
+++ b/meta-security/meta-integrity/classes/ima-evm-rootfs.bbclass
@@ -29,7 +29,7 @@ IMA_EVM_ROOTFS_HASHED ?= ". -depth 0 -false"
IMA_EVM_ROOTFS_IVERSION ?= ""
# Avoid re-generating fstab when ima is enabled.
-WIC_CREATE_EXTRA_ARGS_append = "${@bb.utils.contains('DISTRO_FEATURES', 'ima', ' --no-fstab-update', '', d)}"
+WIC_CREATE_EXTRA_ARGS:append = "${@bb.utils.contains('DISTRO_FEATURES', 'ima', ' --no-fstab-update', '', d)}"
ima_evm_sign_rootfs () {
cd ${IMAGE_ROOTFS}
diff --git a/meta-security/meta-integrity/classes/kernel-modsign.bbclass b/meta-security/meta-integrity/classes/kernel-modsign.bbclass
index 09025baa7..cf5d3ebe2 100644
--- a/meta-security/meta-integrity/classes/kernel-modsign.bbclass
+++ b/meta-security/meta-integrity/classes/kernel-modsign.bbclass
@@ -15,7 +15,7 @@ MODSIGN_X509 ?= "${MODSIGN_KEY_DIR}/x509_modsign.crt"
# If this class is enabled, disable stripping signatures from modules
INHIBIT_PACKAGE_STRIP = "1"
-kernel_do_configure_prepend() {
+kernel_do_configure:prepend() {
if [ -f "${MODSIGN_PRIVKEY}" -a -f "${MODSIGN_X509}" ]; then
cat "${MODSIGN_PRIVKEY}" "${MODSIGN_X509}" \
> "${B}/modsign_key.pem"
@@ -24,6 +24,6 @@ kernel_do_configure_prepend() {
fi
}
-do_shared_workdir_append() {
+do_shared_workdir:append() {
cp modsign_key.pem $kerneldir/
}
diff --git a/meta-security/meta-integrity/conf/layer.conf b/meta-security/meta-integrity/conf/layer.conf
index 37776f818..e9446e6cd 100644
--- a/meta-security/meta-integrity/conf/layer.conf
+++ b/meta-security/meta-integrity/conf/layer.conf
@@ -20,7 +20,7 @@ INTEGRITY_BASE := '${LAYERDIR}'
# interactive shell is enough.
OE_TERMINAL_EXPORTS += "INTEGRITY_BASE"
-LAYERSERIES_COMPAT_integrity = "hardknott"
+LAYERSERIES_COMPAT_integrity = "honister"
# ima-evm-utils depends on keyutils from meta-oe
LAYERDEPENDS_integrity = "core openembedded-layer"
diff --git a/meta-security/meta-integrity/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-ima.inc b/meta-security/meta-integrity/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-ima.inc
index a45182e51..807075ca8 100644
--- a/meta-security/meta-integrity/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-ima.inc
+++ b/meta-security/meta-integrity/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-ima.inc
@@ -1,8 +1,8 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
DEPENDS = "libtspi"
-SRC_URI_append = " file://0001-xfrmi-Only-build-if-libcharon-is-built.patch"
+SRC_URI:append = " file://0001-xfrmi-Only-build-if-libcharon-is-built.patch"
PACKAGECONFIG += " \
aikgen \
diff --git a/meta-security/meta-integrity/recipes-core/base-files/base-files-ima.inc b/meta-security/meta-integrity/recipes-core/base-files/base-files-ima.inc
index 7e9e2108d..cfa65a2ac 100644
--- a/meta-security/meta-integrity/recipes-core/base-files/base-files-ima.inc
+++ b/meta-security/meta-integrity/recipes-core/base-files/base-files-ima.inc
@@ -1,5 +1,5 @@
# Append iversion option for auto types
-do_install_append() {
+do_install:append() {
sed -i 's/\s*auto\s*defaults/&,iversion/' "${D}${sysconfdir}/fstab"
echo 'securityfs /sys/kernel/security securityfs defaults 0 0' >> "${D}${sysconfdir}/fstab"
}
diff --git a/meta-security/meta-integrity/recipes-core/images/integrity-image-minimal.bb b/meta-security/meta-integrity/recipes-core/images/integrity-image-minimal.bb
index 1a3a30a19..f40e8670f 100644
--- a/meta-security/meta-integrity/recipes-core/images/integrity-image-minimal.bb
+++ b/meta-security/meta-integrity/recipes-core/images/integrity-image-minimal.bb
@@ -18,4 +18,4 @@ export IMAGE_BASENAME = "integrity-image-minimal"
INHERIT += "ima-evm-rootfs"
-QB_KERNEL_CMDLINE_APPEND_append = " ima_appraise=fix ima_policy=tcb ima_policy=appraise_tcb"
+QB_KERNEL_CMDLINE_APPEND:append = " ima_appraise=fix ima_policy=tcb ima_policy=appraise_tcb"
diff --git a/meta-security/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb b/meta-security/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb
index 6471c532c..58cbe6e95 100644
--- a/meta-security/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb
+++ b/meta-security/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb
@@ -30,7 +30,7 @@ do_install () {
sed -i "s/@@FORCE_IMA@@/${IMA_FORCE}/g" ${D}/init.d/20-ima
}
-FILES_${PN} = "/init.d ${sysconfdir}"
+FILES:${PN} = "/init.d ${sysconfdir}"
-RDEPENDS_${PN} = "keyutils ima-evm-keys ${IMA_POLICY}"
-RDEPENDS_${PN} += "initramfs-framework-base"
+RDEPENDS:${PN} = "keyutils ima-evm-keys ${IMA_POLICY}"
+RDEPENDS:${PN} += "initramfs-framework-base"
diff --git a/meta-security/meta-integrity/recipes-core/packagegroups/packagegroup-ima-evm-utils.bb b/meta-security/meta-integrity/recipes-core/packagegroups/packagegroup-ima-evm-utils.bb
index 8196edb20..484859f7c 100644
--- a/meta-security/meta-integrity/recipes-core/packagegroups/packagegroup-ima-evm-utils.bb
+++ b/meta-security/meta-integrity/recipes-core/packagegroups/packagegroup-ima-evm-utils.bb
@@ -6,6 +6,6 @@ inherit packagegroup features_check
REQUIRED_DISTRO_FEATURES = "ima"
# Only one at the moment, but perhaps more will come in the future.
-RDEPENDS_${PN} = " \
+RDEPENDS:${PN} = " \
ima-evm-utils \
"
diff --git a/meta-security/meta-integrity/recipes-core/systemd/systemd_%.bbappend b/meta-security/meta-integrity/recipes-core/systemd/systemd_%.bbappend
index 3b4554162..57b3684c9 100644
--- a/meta-security/meta-integrity/recipes-core/systemd/systemd_%.bbappend
+++ b/meta-security/meta-integrity/recipes-core/systemd/systemd_%.bbappend
@@ -1,11 +1,11 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
SRC_URI += " \
file://machine-id-commit-sync.conf \
file://random-seed-sync.conf \
"
-do_install_append () {
+do_install:append () {
for i in machine-id-commit random-seed; do
install -d ${D}/${systemd_system_unitdir}/systemd-$i.service.d
install -m 0644 ${WORKDIR}/$i-sync.conf ${D}/${systemd_system_unitdir}/systemd-$i.service.d
diff --git a/meta-security/meta-integrity/recipes-kernel/linux/linux_ima.inc b/meta-security/meta-integrity/recipes-kernel/linux/linux_ima.inc
index f9a48cd05..3ab53e5de 100644
--- a/meta-security/meta-integrity/recipes-kernel/linux/linux_ima.inc
+++ b/meta-security/meta-integrity/recipes-kernel/linux/linux_ima.inc
@@ -1,5 +1,5 @@
-KERNEL_FEATURES_append = " ${@bb.utils.contains("DISTRO_FEATURES", "ima", " features/ima/ima.scc", "" ,d)}"
+KERNEL_FEATURES:append = " ${@bb.utils.contains("DISTRO_FEATURES", "ima", " features/ima/ima.scc", "" ,d)}"
-KERNEL_FEATURES_append = " ${@bb.utils.contains('DISTRO_FEATURES', 'modsign', ' features/ima/modsign.scc', '', d)}"
+KERNEL_FEATURES:append = " ${@bb.utils.contains('DISTRO_FEATURES', 'modsign', ' features/ima/modsign.scc', '', d)}"
inherit ${@bb.utils.contains('DISTRO_FEATURES', 'modsign', 'kernel-modsign', '', d)}
diff --git a/meta-security/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb b/meta-security/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb
index 7708aef2c..dd32397a6 100644
--- a/meta-security/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb
+++ b/meta-security/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb
@@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384
inherit features_check
REQUIRED_DISTRO_FEATURES = "ima"
-ALLOW_EMPTY_${PN} = "1"
+ALLOW_EMPTY:${PN} = "1"
do_install () {
if [ -e "${IMA_EVM_X509}" ]; then
diff --git a/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb b/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb
index bd8558303..fc7a2d61a 100644
--- a/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb
+++ b/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb
@@ -4,7 +4,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
DEPENDS += "openssl attr keyutils"
-DEPENDS_class-native += "openssl-native keyutils-native"
+DEPENDS:class-native += "openssl-native keyutils-native"
PV = "1.2.1+git${SRCPV}"
SRCREV = "3eab1f93b634249c1720f65fcb495b1996f0256e"
@@ -26,13 +26,13 @@ S = "${WORKDIR}/git"
inherit pkgconfig autotools features_check
REQUIRED_DISTRO_FEATURES = "ima"
-REQUIRED_DISTRO_FEATURES_class-native = ""
+REQUIRED_DISTRO_FEATURES:class-native = ""
-EXTRA_OECONF_append_class-target = " --with-kernel-headers=${STAGING_KERNEL_BUILDDIR}"
+EXTRA_OECONF:append:class-target = " --with-kernel-headers=${STAGING_KERNEL_BUILDDIR}"
# blkid is called by evmctl when creating evm checksums.
# This is less useful when signing files on the build host,
# so disable it when compiling on the host.
-RDEPENDS_${PN}_append_class-target = " util-linux-blkid libcrypto attr libattr keyutils"
+RDEPENDS:${PN}:append:class-target = " util-linux-blkid libcrypto attr libattr keyutils"
BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-security/meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb b/meta-security/meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb
index 84ea16120..5f2244edc 100644
--- a/meta-security/meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb
+++ b/meta-security/meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb
@@ -12,5 +12,5 @@ do_install () {
install ${WORKDIR}/ima_policy_appraise_all ${D}/${sysconfdir}/ima/ima-policy
}
-FILES_${PN} = "${sysconfdir}/ima"
-RDEPENDS_${PN} = "ima-evm-utils"
+FILES:${PN} = "${sysconfdir}/ima"
+RDEPENDS:${PN} = "ima-evm-utils"
diff --git a/meta-security/meta-integrity/recipes-security/ima_policy_hashed/ima-policy-hashed_1.0.bb b/meta-security/meta-integrity/recipes-security/ima_policy_hashed/ima-policy-hashed_1.0.bb
index ff7169ef5..57c06400b 100644
--- a/meta-security/meta-integrity/recipes-security/ima_policy_hashed/ima-policy-hashed_1.0.bb
+++ b/meta-security/meta-integrity/recipes-security/ima_policy_hashed/ima-policy-hashed_1.0.bb
@@ -14,5 +14,5 @@ do_install () {
install ${WORKDIR}/ima_policy_hashed ${D}/${sysconfdir}/ima/ima-policy
}
-FILES_${PN} = "${sysconfdir}/ima"
-RDEPENDS_${PN} = "ima-evm-utils"
+FILES:${PN} = "${sysconfdir}/ima"
+RDEPENDS:${PN} = "ima-evm-utils"
diff --git a/meta-security/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb b/meta-security/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb
index 0e56aec51..8fed41006 100644
--- a/meta-security/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb
+++ b/meta-security/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb
@@ -12,5 +12,5 @@ do_install () {
install ${WORKDIR}/ima_policy_simple ${D}/${sysconfdir}/ima/ima-policy
}
-FILES_${PN} = "${sysconfdir}/ima"
-RDEPENDS_${PN} = "ima-evm-utils"
+FILES:${PN} = "${sysconfdir}/ima"
+RDEPENDS:${PN} = "ima-evm-utils"
generated by cgit v1.2.3 (git 2.39.0) at 2024-06-18 14:03:36 +0300