[isar-cip-core][PATCH v2] Make read-only rootfs a inc file


Quirin Gylstorff
 

From: Quirin Gylstorff <quirin.gylstorff@...>

This allows downstream recipes to include the kas option
and use the include as base without recreating some parts
of the recipes.

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
kas/opt/ebg-secure-boot-snakeoil.yml | 4 ++--
recipes-core/images/cip-core-image.bb | 3 ++-
.../{cip-core-image-read-only.bb => read-only.inc} | 11 ++++++++++-
.../initramfs-verity-hook_0.1.bb | 2 +-
start-qemu.sh | 3 ---
5 files changed, 15 insertions(+), 8 deletions(-)
rename recipes-core/images/{cip-core-image-read-only.bb => read-only.inc} (78%)

diff --git a/kas/opt/ebg-secure-boot-snakeoil.yml b/kas/opt/ebg-secure-boot-snakeoil.yml
index 1cfbacc..9f3eae9 100644
--- a/kas/opt/ebg-secure-boot-snakeoil.yml
+++ b/kas/opt/ebg-secure-boot-snakeoil.yml
@@ -14,16 +14,16 @@ header:
includes:
- kas/opt/ebg-secure-boot-base.yml

-target: cip-core-image-read-only

local_conf_header:
+ image-options: |
+ CIP_IMAGE_OPTIONS_append = " read-only.inc"
swupdate: |
IMAGE_INSTALL_append = " swupdate"
IMAGE_INSTALL_append = " swupdate-handler-roundrobin"

verity-img: |
SECURE_IMAGE_FSTYPE = "squashfs"
- VERITY_IMAGE_RECIPE = "cip-core-image-read-only"
IMAGE_TYPE = "secure-swupdate-img"
WKS_FILE = "${MACHINE}-efibootguard-secureboot.wks.in"

diff --git a/recipes-core/images/cip-core-image.bb b/recipes-core/images/cip-core-image.bb
index 2cecde3..9bf21ff 100644
--- a/recipes-core/images/cip-core-image.bb
+++ b/recipes-core/images/cip-core-image.bb
@@ -18,4 +18,5 @@ IMAGE_INSTALL += "customizations"

# for swupdate
SWU_DESCRIPTION ??= "swupdate"
-include ${SWU_DESCRIPTION}.inc
+CIP_IMAGE_OPTIONS ?= "${SWU_DESCRIPTION}.inc"
+include ${CIP_IMAGE_OPTIONS}
diff --git a/recipes-core/images/cip-core-image-read-only.bb b/recipes-core/images/read-only.inc
similarity index 78%
rename from recipes-core/images/cip-core-image-read-only.bb
rename to recipes-core/images/read-only.inc
index 79cd6bf..604caa0 100644
--- a/recipes-core/images/cip-core-image-read-only.bb
+++ b/recipes-core/images/read-only.inc
@@ -1,4 +1,13 @@
-require cip-core-image.bb
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2021
+#
+# Authors:
+# Quirin Gylstorff <Quriin.Gylstorff@...>
+#
+# SPDX-License-Identifier: MIT
+#

SQUASHFS_EXCLUDE_DIRS += "home var"

diff --git a/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb b/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
index a7fbf5a..f0d2d68 100644
--- a/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
+++ b/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
@@ -24,7 +24,7 @@ TEMPLATE_VARS += "VERITY_BEHAVIOR_ON_CORRUPTION"

DEBIAN_DEPENDS = "initramfs-tools, cryptsetup"

-VERITY_IMAGE_RECIPE ?= "cip-core-image-read-only"
+VERITY_IMAGE_RECIPE ?= "cip-core-image"

VERITY_ENV_FILE = "${DEPLOY_DIR_IMAGE}/${VERITY_IMAGE_RECIPE}-${DISTRO}-${MACHINE}.verity.env"

diff --git a/start-qemu.sh b/start-qemu.sh
index 4ab3861..24df490 100755
--- a/start-qemu.sh
+++ b/start-qemu.sh
@@ -45,9 +45,6 @@ if [ -z "${TARGET_IMAGE}" ];then
if grep -s -q "IMAGE_SECURITY: true" .config.yaml; then
TARGET_IMAGE="cip-core-image-security"
fi
- if [ -n "${SECURE_BOOT}" ]; then
- TARGET_IMAGE="cip-core-image-read-only"
- fi
fi

case "$1" in
--
2.34.1


Jan Kiszka
 

On 17.12.21 16:05, Q. Gylstorff wrote:
From: Quirin Gylstorff <quirin.gylstorff@...>

This allows downstream recipes to include the kas option
and use the include as base without recreating some parts
of the recipes.

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
kas/opt/ebg-secure-boot-snakeoil.yml | 4 ++--
recipes-core/images/cip-core-image.bb | 3 ++-
.../{cip-core-image-read-only.bb => read-only.inc} | 11 ++++++++++-
.../initramfs-verity-hook_0.1.bb | 2 +-
start-qemu.sh | 3 ---
5 files changed, 15 insertions(+), 8 deletions(-)
rename recipes-core/images/{cip-core-image-read-only.bb => read-only.inc} (78%)

diff --git a/kas/opt/ebg-secure-boot-snakeoil.yml b/kas/opt/ebg-secure-boot-snakeoil.yml
index 1cfbacc..9f3eae9 100644
--- a/kas/opt/ebg-secure-boot-snakeoil.yml
+++ b/kas/opt/ebg-secure-boot-snakeoil.yml
@@ -14,16 +14,16 @@ header:
includes:
- kas/opt/ebg-secure-boot-base.yml

-target: cip-core-image-read-only

local_conf_header:
+ image-options: |
+ CIP_IMAGE_OPTIONS_append = " read-only.inc"
swupdate: |
IMAGE_INSTALL_append = " swupdate"
IMAGE_INSTALL_append = " swupdate-handler-roundrobin"

verity-img: |
SECURE_IMAGE_FSTYPE = "squashfs"
- VERITY_IMAGE_RECIPE = "cip-core-image-read-only"
IMAGE_TYPE = "secure-swupdate-img"
WKS_FILE = "${MACHINE}-efibootguard-secureboot.wks.in"

diff --git a/recipes-core/images/cip-core-image.bb b/recipes-core/images/cip-core-image.bb
index 2cecde3..9bf21ff 100644
--- a/recipes-core/images/cip-core-image.bb
+++ b/recipes-core/images/cip-core-image.bb
@@ -18,4 +18,5 @@ IMAGE_INSTALL += "customizations"

# for swupdate
SWU_DESCRIPTION ??= "swupdate"
-include ${SWU_DESCRIPTION}.inc
+CIP_IMAGE_OPTIONS ?= "${SWU_DESCRIPTION}.inc"
+include ${CIP_IMAGE_OPTIONS}
diff --git a/recipes-core/images/cip-core-image-read-only.bb b/recipes-core/images/read-only.inc
similarity index 78%
rename from recipes-core/images/cip-core-image-read-only.bb
rename to recipes-core/images/read-only.inc
index 79cd6bf..604caa0 100644
--- a/recipes-core/images/cip-core-image-read-only.bb
+++ b/recipes-core/images/read-only.inc
@@ -1,4 +1,13 @@
-require cip-core-image.bb
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2021
+#
+# Authors:
+# Quirin Gylstorff <Quriin.Gylstorff@...>
+#
+# SPDX-License-Identifier: MIT
+#

SQUASHFS_EXCLUDE_DIRS += "home var"

diff --git a/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb b/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
index a7fbf5a..f0d2d68 100644
--- a/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
+++ b/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
@@ -24,7 +24,7 @@ TEMPLATE_VARS += "VERITY_BEHAVIOR_ON_CORRUPTION"

DEBIAN_DEPENDS = "initramfs-tools, cryptsetup"

-VERITY_IMAGE_RECIPE ?= "cip-core-image-read-only"
+VERITY_IMAGE_RECIPE ?= "cip-core-image"

VERITY_ENV_FILE = "${DEPLOY_DIR_IMAGE}/${VERITY_IMAGE_RECIPE}-${DISTRO}-${MACHINE}.verity.env"

diff --git a/start-qemu.sh b/start-qemu.sh
index 4ab3861..24df490 100755
--- a/start-qemu.sh
+++ b/start-qemu.sh
@@ -45,9 +45,6 @@ if [ -z "${TARGET_IMAGE}" ];then
if grep -s -q "IMAGE_SECURITY: true" .config.yaml; then
TARGET_IMAGE="cip-core-image-security"
fi
- if [ -n "${SECURE_BOOT}" ]; then
- TARGET_IMAGE="cip-core-image-read-only"
- fi
fi

case "$1" in
Thanks, taken to next in favor of v1.

Jan

--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux