summaryrefslogtreecommitdiff
path: root/meta-security/recipes-core/images
diff options
context:
space:
mode:
Diffstat (limited to 'meta-security/recipes-core/images')
-rw-r--r--meta-security/recipes-core/images/dm-verity-image-initramfs.bb28
-rw-r--r--meta-security/recipes-core/images/security-build-image.bb19
-rw-r--r--meta-security/recipes-core/images/security-client-image.bb16
-rw-r--r--meta-security/recipes-core/images/security-server-image.bb19
-rw-r--r--meta-security/recipes-core/images/security-test-image.bb18
5 files changed, 90 insertions, 10 deletions
diff --git a/meta-security/recipes-core/images/dm-verity-image-initramfs.bb b/meta-security/recipes-core/images/dm-verity-image-initramfs.bb
index f9ea3762d..187aeaee2 100644
--- a/meta-security/recipes-core/images/dm-verity-image-initramfs.bb
+++ b/meta-security/recipes-core/images/dm-verity-image-initramfs.bb
@@ -1,26 +1,34 @@
DESCRIPTION = "Simple initramfs image for mounting the rootfs over the verity device mapper."
-# We want a clean, minimal image.
-IMAGE_FEATURES = ""
+inherit core-image
PACKAGE_INSTALL = " \
- initramfs-dm-verity \
base-files \
+ base-passwd \
busybox \
- util-linux-mount \
- udev \
cryptsetup \
+ initramfs-module-dmverity \
+ initramfs-module-udev \
lvm2-udevrules \
+ udev \
+ util-linux-mount \
"
+# We want a clean, minimal image.
+IMAGE_FEATURES = ""
+IMAGE_LINGUAS = ""
+
# Can we somehow inspect reverse dependencies to avoid these variables?
-do_rootfs[depends] += "${DM_VERITY_IMAGE}:do_image_${DM_VERITY_IMAGE_TYPE}"
+do_image[depends] += "${DM_VERITY_IMAGE}:do_image_${DM_VERITY_IMAGE_TYPE}"
-IMAGE_FSTYPES = "${INITRAMFS_FSTYPES}"
+# Ensure dm-verity.env is updated also when rebuilding DM_VERITY_IMAGE
+do_image[nostamp] = "1"
-inherit core-image
+IMAGE_FSTYPES = "${INITRAMFS_FSTYPES}"
deploy_verity_hash() {
- install -D -m 0644 ${DEPLOY_DIR_IMAGE}/${DM_VERITY_IMAGE}-${MACHINE}.${DM_VERITY_IMAGE_TYPE}.verity.env ${IMAGE_ROOTFS}/${datadir}/dm-verity.env
+ install -D -m 0644 \
+ ${STAGING_VERITY_DIR}/${DM_VERITY_IMAGE}.${DM_VERITY_IMAGE_TYPE}.verity.env \
+ ${IMAGE_ROOTFS}${datadir}/misc/dm-verity.env
}
-ROOTFS_POSTPROCESS_COMMAND += "deploy_verity_hash;"
+IMAGE_PREPROCESS_COMMAND += "deploy_verity_hash;"
diff --git a/meta-security/recipes-core/images/security-build-image.bb b/meta-security/recipes-core/images/security-build-image.bb
new file mode 100644
index 000000000..a8757f980
--- /dev/null
+++ b/meta-security/recipes-core/images/security-build-image.bb
@@ -0,0 +1,19 @@
+DESCRIPTION = "A small image for building meta-security packages"
+
+IMAGE_FEATURES += "ssh-server-openssh"
+
+IMAGE_INSTALL = "\
+ packagegroup-base \
+ packagegroup-core-boot \
+ packagegroup-core-security \
+ os-release"
+
+IMAGE_LINGUAS ?= " "
+
+LICENSE = "MIT"
+
+inherit core-image
+
+export IMAGE_BASENAME = "security-build-image"
+
+IMAGE_ROOTFS_EXTRA_SPACE = "5242880"
diff --git a/meta-security/recipes-core/images/security-client-image.bb b/meta-security/recipes-core/images/security-client-image.bb
new file mode 100644
index 000000000..f4ebc697c
--- /dev/null
+++ b/meta-security/recipes-core/images/security-client-image.bb
@@ -0,0 +1,16 @@
+DESCRIPTION = "A Client side Security example"
+
+IMAGE_INSTALL = "\
+ packagegroup-base \
+ packagegroup-core-boot \
+ os-release \
+ samhain-client \
+ ${@bb.utils.contains("DISTRO_FEATURES", "x11", "packagegroup-xfce-base", "", d)}"
+
+IMAGE_LINGUAS ?= " "
+
+LICENSE = "MIT"
+
+inherit core-image
+
+export IMAGE_BASENAME = "security-client-image"
diff --git a/meta-security/recipes-core/images/security-server-image.bb b/meta-security/recipes-core/images/security-server-image.bb
new file mode 100644
index 000000000..4927e0ee5
--- /dev/null
+++ b/meta-security/recipes-core/images/security-server-image.bb
@@ -0,0 +1,19 @@
+DESCRIPTION = "A Serve side image for Security example "
+
+IMAGE_FEATURES += "ssh-server-openssh"
+
+IMAGE_INSTALL = "\
+ packagegroup-base \
+ packagegroup-core-boot \
+ samhain-server \
+ os-release "
+
+IMAGE_LINGUAS ?= " "
+
+LICENSE = "MIT"
+
+inherit core-image
+
+export IMAGE_BASENAME = "security-server-image"
+
+IMAGE_ROOTFS_EXTRA_SPACE = "5242880"
diff --git a/meta-security/recipes-core/images/security-test-image.bb b/meta-security/recipes-core/images/security-test-image.bb
new file mode 100644
index 000000000..54d89787f
--- /dev/null
+++ b/meta-security/recipes-core/images/security-test-image.bb
@@ -0,0 +1,18 @@
+DESCRIPTION = "A small image for testing meta-security packages"
+
+require security-build-image.bb
+
+IMAGE_FEATURES += "ssh-server-openssh"
+
+TEST_SUITES = "ssh ping ptest apparmor clamav samhain sssd tripwire checksec smack suricata"
+
+INSTALL_CLAMAV_CVD = "1"
+
+IMAGE_OVERHEAD_FACTOR = "1.0"
+IMAGE_ROOTFS_EXTRA_SPACE = "1124288"
+
+# ptests need more memory than standard to avoid the OOM killer
+# also lttng-tools needs /tmp that has at least 1G
+QB_MEM = "-m 2048"
+
+PTEST_EXPECT_FAILURE = "1"
generated by cgit v1.2.3 (git 2.39.0) at 2024-08-24 08:46:38 +0300