diff mbox series

[isar-cip-core,v2] Make read-only rootfs a inc file

Message ID 20211217150510.1351713-1-Quirin.Gylstorff@siemens.com (mailing list archive)
State Handled Elsewhere
Headers show
Series [isar-cip-core,v2] Make read-only rootfs a inc file | expand

Commit Message

Gylstorff Quirin Dec. 17, 2021, 3:05 p.m. UTC 
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

This allows downstream recipes to include the kas option
and use the include as base without recreating some parts
of the recipes.

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
 kas/opt/ebg-secure-boot-snakeoil.yml                  |  4 ++--
 recipes-core/images/cip-core-image.bb                 |  3 ++-
 .../{cip-core-image-read-only.bb => read-only.inc}    | 11 ++++++++++-
 .../initramfs-verity-hook_0.1.bb                      |  2 +-
 start-qemu.sh                                         |  3 ---
 5 files changed, 15 insertions(+), 8 deletions(-)
 rename recipes-core/images/{cip-core-image-read-only.bb => read-only.inc} (78%)

Comments

Jan Kiszka Dec. 17, 2021, 3:17 p.m. UTC | #1 
On 17.12.21 16:05, Q. Gylstorff wrote:
> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
> 
> This allows downstream recipes to include the kas option
> and use the include as base without recreating some parts
> of the recipes.
> 
> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
> ---
>  kas/opt/ebg-secure-boot-snakeoil.yml                  |  4 ++--
>  recipes-core/images/cip-core-image.bb                 |  3 ++-
>  .../{cip-core-image-read-only.bb => read-only.inc}    | 11 ++++++++++-
>  .../initramfs-verity-hook_0.1.bb                      |  2 +-
>  start-qemu.sh                                         |  3 ---
>  5 files changed, 15 insertions(+), 8 deletions(-)
>  rename recipes-core/images/{cip-core-image-read-only.bb => read-only.inc} (78%)
> 
> diff --git a/kas/opt/ebg-secure-boot-snakeoil.yml b/kas/opt/ebg-secure-boot-snakeoil.yml
> index 1cfbacc..9f3eae9 100644
> --- a/kas/opt/ebg-secure-boot-snakeoil.yml
> +++ b/kas/opt/ebg-secure-boot-snakeoil.yml
> @@ -14,16 +14,16 @@ header:
>    includes:
>     - kas/opt/ebg-secure-boot-base.yml
>  
> -target: cip-core-image-read-only
>  
>  local_conf_header:
> +  image-options: |
> +    CIP_IMAGE_OPTIONS_append = " read-only.inc"
>    swupdate: |
>      IMAGE_INSTALL_append = " swupdate"
>      IMAGE_INSTALL_append = " swupdate-handler-roundrobin"
>  
>    verity-img: |
>      SECURE_IMAGE_FSTYPE = "squashfs"
> -    VERITY_IMAGE_RECIPE = "cip-core-image-read-only"
>      IMAGE_TYPE = "secure-swupdate-img"
>      WKS_FILE = "${MACHINE}-efibootguard-secureboot.wks.in"
>  
> diff --git a/recipes-core/images/cip-core-image.bb b/recipes-core/images/cip-core-image.bb
> index 2cecde3..9bf21ff 100644
> --- a/recipes-core/images/cip-core-image.bb
> +++ b/recipes-core/images/cip-core-image.bb
> @@ -18,4 +18,5 @@ IMAGE_INSTALL += "customizations"
>  
>  # for swupdate
>  SWU_DESCRIPTION ??= "swupdate"
> -include ${SWU_DESCRIPTION}.inc
> +CIP_IMAGE_OPTIONS ?= "${SWU_DESCRIPTION}.inc"
> +include ${CIP_IMAGE_OPTIONS}
> diff --git a/recipes-core/images/cip-core-image-read-only.bb b/recipes-core/images/read-only.inc
> similarity index 78%
> rename from recipes-core/images/cip-core-image-read-only.bb
> rename to recipes-core/images/read-only.inc
> index 79cd6bf..604caa0 100644
> --- a/recipes-core/images/cip-core-image-read-only.bb
> +++ b/recipes-core/images/read-only.inc
> @@ -1,4 +1,13 @@
> -require cip-core-image.bb
> +#
> +# CIP Core, generic profile
> +#
> +# Copyright (c) Siemens AG, 2021
> +#
> +# Authors:
> +#  Quirin Gylstorff <Quriin.Gylstorff@siemens.com>
> +#
> +# SPDX-License-Identifier: MIT
> +#
>  
>  SQUASHFS_EXCLUDE_DIRS += "home var"
>  
> diff --git a/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb b/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
> index a7fbf5a..f0d2d68 100644
> --- a/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
> +++ b/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
> @@ -24,7 +24,7 @@ TEMPLATE_VARS += "VERITY_BEHAVIOR_ON_CORRUPTION"
>  
>  DEBIAN_DEPENDS = "initramfs-tools, cryptsetup"
>  
> -VERITY_IMAGE_RECIPE ?= "cip-core-image-read-only"
> +VERITY_IMAGE_RECIPE ?= "cip-core-image"
>  
>  VERITY_ENV_FILE = "${DEPLOY_DIR_IMAGE}/${VERITY_IMAGE_RECIPE}-${DISTRO}-${MACHINE}.verity.env"
>  
> diff --git a/start-qemu.sh b/start-qemu.sh
> index 4ab3861..24df490 100755
> --- a/start-qemu.sh
> +++ b/start-qemu.sh
> @@ -45,9 +45,6 @@ if [ -z "${TARGET_IMAGE}" ];then
>  	if grep -s -q "IMAGE_SECURITY: true" .config.yaml; then
>  		TARGET_IMAGE="cip-core-image-security"
>  	fi
> -	if [ -n "${SECURE_BOOT}" ]; then
> -		TARGET_IMAGE="cip-core-image-read-only"
> -	fi
>  fi
>  
>  case "$1" in
> 

Thanks, taken to next in favor of v1.

Jan
diff mbox series

Patch

diff --git a/kas/opt/ebg-secure-boot-snakeoil.yml b/kas/opt/ebg-secure-boot-snakeoil.yml
index 1cfbacc..9f3eae9 100644
--- a/kas/opt/ebg-secure-boot-snakeoil.yml
+++ b/kas/opt/ebg-secure-boot-snakeoil.yml
@@ -14,16 +14,16 @@  header:
   includes:
    - kas/opt/ebg-secure-boot-base.yml
 
-target: cip-core-image-read-only
 
 local_conf_header:
+  image-options: |
+    CIP_IMAGE_OPTIONS_append = " read-only.inc"
   swupdate: |
     IMAGE_INSTALL_append = " swupdate"
     IMAGE_INSTALL_append = " swupdate-handler-roundrobin"
 
   verity-img: |
     SECURE_IMAGE_FSTYPE = "squashfs"
-    VERITY_IMAGE_RECIPE = "cip-core-image-read-only"
     IMAGE_TYPE = "secure-swupdate-img"
     WKS_FILE = "${MACHINE}-efibootguard-secureboot.wks.in"
 
diff --git a/recipes-core/images/cip-core-image.bb b/recipes-core/images/cip-core-image.bb
index 2cecde3..9bf21ff 100644
--- a/recipes-core/images/cip-core-image.bb
+++ b/recipes-core/images/cip-core-image.bb
@@ -18,4 +18,5 @@  IMAGE_INSTALL += "customizations"
 
 # for swupdate
 SWU_DESCRIPTION ??= "swupdate"
-include ${SWU_DESCRIPTION}.inc
+CIP_IMAGE_OPTIONS ?= "${SWU_DESCRIPTION}.inc"
+include ${CIP_IMAGE_OPTIONS}
diff --git a/recipes-core/images/cip-core-image-read-only.bb b/recipes-core/images/read-only.inc
similarity index 78%
rename from recipes-core/images/cip-core-image-read-only.bb
rename to recipes-core/images/read-only.inc
index 79cd6bf..604caa0 100644
--- a/recipes-core/images/cip-core-image-read-only.bb
+++ b/recipes-core/images/read-only.inc
@@ -1,4 +1,13 @@ 
-require cip-core-image.bb
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2021
+#
+# Authors:
+#  Quirin Gylstorff <Quriin.Gylstorff@siemens.com>
+#
+# SPDX-License-Identifier: MIT
+#
 
 SQUASHFS_EXCLUDE_DIRS += "home var"
 
diff --git a/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb b/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
index a7fbf5a..f0d2d68 100644
--- a/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
+++ b/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
@@ -24,7 +24,7 @@  TEMPLATE_VARS += "VERITY_BEHAVIOR_ON_CORRUPTION"
 
 DEBIAN_DEPENDS = "initramfs-tools, cryptsetup"
 
-VERITY_IMAGE_RECIPE ?= "cip-core-image-read-only"
+VERITY_IMAGE_RECIPE ?= "cip-core-image"
 
 VERITY_ENV_FILE = "${DEPLOY_DIR_IMAGE}/${VERITY_IMAGE_RECIPE}-${DISTRO}-${MACHINE}.verity.env"
 
diff --git a/start-qemu.sh b/start-qemu.sh
index 4ab3861..24df490 100755
--- a/start-qemu.sh
+++ b/start-qemu.sh
@@ -45,9 +45,6 @@  if [ -z "${TARGET_IMAGE}" ];then
 	if grep -s -q "IMAGE_SECURITY: true" .config.yaml; then
 		TARGET_IMAGE="cip-core-image-security"
 	fi
-	if [ -n "${SECURE_BOOT}" ]; then
-		TARGET_IMAGE="cip-core-image-read-only"
-	fi
 fi
 
 case "$1" in