| Message ID | 20220809104100.469265-2-Quirin.Gylstorff@siemens.com (mailing list archive) |
|---|---|
| State | Handled Elsewhere |
| Headers | show |
| Series | clean up kas/opt | expand |
On 09.08.22 13:40, Quirin Gylstorff wrote: > From: Quirin Gylstorff <quirin.gylstorff@siemens.com> > > A build with only the option `kas/efibootguard.yml` will not succeed. > Move the content to a include in the image directory and the adapt the kas > files. > > Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com> > --- > conf/distro/cip-core-common.inc | 2 +- > kas/opt/ebg-secure-boot-snakeoil.yml | 11 +++----- > kas/opt/ebg-swu.yml | 17 +++++++++--- > kas/opt/efibootguard.yml | 39 ---------------------------- > recipes-core/images/efibootguard.inc | 19 ++++++++++++++ > 5 files changed, 37 insertions(+), 51 deletions(-) > delete mode 100644 kas/opt/efibootguard.yml > create mode 100644 recipes-core/images/efibootguard.inc > > diff --git a/conf/distro/cip-core-common.inc b/conf/distro/cip-core-common.inc > index 5cd1603..20a30d2 100644 > --- a/conf/distro/cip-core-common.inc > +++ b/conf/distro/cip-core-common.inc > @@ -11,4 +11,4 @@ > > KERNEL_NAME ?= "cip" > > -WKS_FILE ?= "${MACHINE}.wks" > +WKS_FILE ??= "${MACHINE}.wks" > diff --git a/kas/opt/ebg-secure-boot-snakeoil.yml b/kas/opt/ebg-secure-boot-snakeoil.yml > index 2822cef..ff65e99 100644 > --- a/kas/opt/ebg-secure-boot-snakeoil.yml > +++ b/kas/opt/ebg-secure-boot-snakeoil.yml > @@ -12,21 +12,16 @@ > header: > version: 10 > includes: > - - kas/opt/efibootguard.yml > + - kas/opt/ebg-swu.yml > > local_conf_header: > - image-options-swupdate: | > - CIP_IMAGE_OPTIONS_append = " swupdate.inc" > - > - swupdate: | > - IMAGE_INSTALL_append = " swupdate" > - IMAGE_INSTALL_append = " swupdate-handler-roundrobin" > - > secure-boot-image: | > IMAGE_CLASSES += "verity" > IMAGE_FSTYPES = "wic" > WKS_FILE = "${MACHINE}-efibootguard-secureboot.wks.in" > INITRAMFS_INSTALL_append = " initramfs-verity-hook" > + # abrootfs cannot be installed together with verity > + INITRAMFS_INSTALL_remove = " initramfs-abrootfs-hook" > > secure-boot: | > IMAGER_BUILD_DEPS += "ebg-secure-boot-signer" > diff --git a/kas/opt/ebg-swu.yml b/kas/opt/ebg-swu.yml > index 5e4e771..bf54e4c 100644 > --- a/kas/opt/ebg-swu.yml > +++ b/kas/opt/ebg-swu.yml > @@ -12,12 +12,23 @@ > header: > version: 10 > includes: > - - kas/opt/efibootguard.yml > - kas/opt/swupdate.yml > > local_conf_header: > + ebg_swu_bootloader: | > + SWUPDATE_BOOTLOADER = "efibootguard" > + ebg_swu_image_options: | > + CIP_IMAGE_OPTIONS_append = " efibootguard.inc image-uuid.inc" > initramfs: | > INITRAMFS_INSTALL_append = " initramfs-abrootfs-hook" > + firmware-binaries: | > + # Add ovmf binaries for qemu > + IMAGER_BUILD_DEPS_append_qemu-amd64 += "ovmf-binaries" > + # not needed for Debian 11 and later > + OVERRIDES_append_qemu-amd64 = ":${BASE_DISTRO_CODENAME}" > + DISTRO_APT_SOURCES_append_qemu-amd64_buster = " conf/distro/debian-buster-backports.list" > + DISTRO_APT_PREFERENCES_append_qemu-amd64_buster = " conf/distro/preferences.ovmf-snakeoil.conf" > + # Add U-Boot for qemu > + IMAGER_BUILD_DEPS_append_qemu-arm64 += "u-boot-qemu-arm64" > + IMAGER_BUILD_DEPS_append_qemu-arm += "u-boot-qemu-arm" > > - image-option-uuid: | > - CIP_IMAGE_OPTIONS_append = " image-uuid.inc" > diff --git a/kas/opt/efibootguard.yml b/kas/opt/efibootguard.yml > deleted file mode 100644 > index cee9c78..0000000 > --- a/kas/opt/efibootguard.yml > +++ /dev/null > @@ -1,39 +0,0 @@ > -# > -# CIP Core, generic profile > -# > -# Copyright (c) Siemens AG, 2020 > -# > -# Authors: > -# Quirin Gylstorff <quirin.gylstorff@siemens.com> > -# > -# SPDX-License-Identifier: MIT > -# > -# This kas file adds efibootguard as the bootloader to the image > - > -header: > - version: 10 > - > -local_conf_header: > - efibootguard: | > - IMAGE_INSTALL_append = " efibootguard" > - > - efibootguard-swupdate: | > - SWUPDATE_BOOTLOADER = "efibootguard" > - > - efibootguard-wic: | > - WIC_IMAGER_INSTALL_append = " efibootguard" > - WDOG_TIMEOUT ?= "60" > - WICVARS += "WDOG_TIMEOUT KERNEL_IMAGE INITRD_IMAGE DTB_FILES" > - IMAGE_FSTYPES ?= "wic" > - WKS_FILE ?= "${MACHINE}-efibootguard.wks.in" > - > - firmware-binaries: | > - # Add ovmf binaries for qemu > - IMAGER_BUILD_DEPS_append_qemu-amd64 += "ovmf-binaries" > - # not needed for Debian 11 and later > - OVERRIDES_append_qemu-amd64 = ":${BASE_DISTRO_CODENAME}" > - DISTRO_APT_SOURCES_append_qemu-amd64_buster = " conf/distro/debian-buster-backports.list" > - DISTRO_APT_PREFERENCES_append_qemu-amd64_buster = " conf/distro/preferences.ovmf-snakeoil.conf" > - # Add U-Boot for qemu > - IMAGER_BUILD_DEPS_append_qemu-arm64 += "u-boot-qemu-arm64" > - IMAGER_BUILD_DEPS_append_qemu-arm += "u-boot-qemu-arm" > diff --git a/recipes-core/images/efibootguard.inc b/recipes-core/images/efibootguard.inc > new file mode 100644 > index 0000000..504a9a9 > --- /dev/null > +++ b/recipes-core/images/efibootguard.inc > @@ -0,0 +1,19 @@ > +# > +# CIP Core, generic profile > +# > +# Copyright (c) Siemens AG, 2020 > +# > +# Authors: > +# Quirin Gylstorff <quirin.gylstorff@siemens.com> > +# > +# SPDX-License-Identifier: MIT > +# > + > +IMAGE_INSTALL_append = " efibootguard" > + > +WIC_IMAGER_INSTALL_append = " efibootguard" > +WDOG_TIMEOUT ?= "60" > +WICVARS += "WDOG_TIMEOUT KERNEL_IMAGE INITRD_IMAGE DTB_FILES" > +WKS_FILE ?= "${MACHINE}-efibootguard.wks.in" > +IMAGE_FSTYPES += "wic" > + $ kas-container build kas-cip.yml:kas/board/bbb.yml:kas/opt/rt.yml:kas/opt/wic-targz-img.yml:kas/opt/bullseye.yml ERROR: /build/../repo/recipes-core/images/cip-core-image-security.bb: WKS_FILE 'sdimage-efi.wks' not found ERROR: /build/../repo/recipes-core/images/cip-core-image.bb: WKS_FILE 'sdimage-efi.wks' not found ERROR: Failed to parse recipe: /build/../repo/recipes-core/images/cip-core-image-security.bb ERROR: /build/../repo/recipes-core/images/cip-core-image-kernelci.bb: WKS_FILE 'sdimage-efi.wks' not found Dropping the series from next again. Jan
diff --git a/conf/distro/cip-core-common.inc b/conf/distro/cip-core-common.inc index 5cd1603..20a30d2 100644 --- a/conf/distro/cip-core-common.inc +++ b/conf/distro/cip-core-common.inc @@ -11,4 +11,4 @@ KERNEL_NAME ?= "cip" -WKS_FILE ?= "${MACHINE}.wks" +WKS_FILE ??= "${MACHINE}.wks" diff --git a/kas/opt/ebg-secure-boot-snakeoil.yml b/kas/opt/ebg-secure-boot-snakeoil.yml index 2822cef..ff65e99 100644 --- a/kas/opt/ebg-secure-boot-snakeoil.yml +++ b/kas/opt/ebg-secure-boot-snakeoil.yml @@ -12,21 +12,16 @@ header: version: 10 includes: - - kas/opt/efibootguard.yml + - kas/opt/ebg-swu.yml local_conf_header: - image-options-swupdate: | - CIP_IMAGE_OPTIONS_append = " swupdate.inc" - - swupdate: | - IMAGE_INSTALL_append = " swupdate" - IMAGE_INSTALL_append = " swupdate-handler-roundrobin" - secure-boot-image: | IMAGE_CLASSES += "verity" IMAGE_FSTYPES = "wic" WKS_FILE = "${MACHINE}-efibootguard-secureboot.wks.in" INITRAMFS_INSTALL_append = " initramfs-verity-hook" + # abrootfs cannot be installed together with verity + INITRAMFS_INSTALL_remove = " initramfs-abrootfs-hook" secure-boot: | IMAGER_BUILD_DEPS += "ebg-secure-boot-signer" diff --git a/kas/opt/ebg-swu.yml b/kas/opt/ebg-swu.yml index 5e4e771..bf54e4c 100644 --- a/kas/opt/ebg-swu.yml +++ b/kas/opt/ebg-swu.yml @@ -12,12 +12,23 @@ header: version: 10 includes: - - kas/opt/efibootguard.yml - kas/opt/swupdate.yml local_conf_header: + ebg_swu_bootloader: | + SWUPDATE_BOOTLOADER = "efibootguard" + ebg_swu_image_options: | + CIP_IMAGE_OPTIONS_append = " efibootguard.inc image-uuid.inc" initramfs: | INITRAMFS_INSTALL_append = " initramfs-abrootfs-hook" + firmware-binaries: | + # Add ovmf binaries for qemu + IMAGER_BUILD_DEPS_append_qemu-amd64 += "ovmf-binaries" + # not needed for Debian 11 and later + OVERRIDES_append_qemu-amd64 = ":${BASE_DISTRO_CODENAME}" + DISTRO_APT_SOURCES_append_qemu-amd64_buster = " conf/distro/debian-buster-backports.list" + DISTRO_APT_PREFERENCES_append_qemu-amd64_buster = " conf/distro/preferences.ovmf-snakeoil.conf" + # Add U-Boot for qemu + IMAGER_BUILD_DEPS_append_qemu-arm64 += "u-boot-qemu-arm64" + IMAGER_BUILD_DEPS_append_qemu-arm += "u-boot-qemu-arm" - image-option-uuid: | - CIP_IMAGE_OPTIONS_append = " image-uuid.inc" diff --git a/kas/opt/efibootguard.yml b/kas/opt/efibootguard.yml deleted file mode 100644 index cee9c78..0000000 --- a/kas/opt/efibootguard.yml +++ /dev/null @@ -1,39 +0,0 @@ -# -# CIP Core, generic profile -# -# Copyright (c) Siemens AG, 2020 -# -# Authors: -# Quirin Gylstorff <quirin.gylstorff@siemens.com> -# -# SPDX-License-Identifier: MIT -# -# This kas file adds efibootguard as the bootloader to the image - -header: - version: 10 - -local_conf_header: - efibootguard: | - IMAGE_INSTALL_append = " efibootguard" - - efibootguard-swupdate: | - SWUPDATE_BOOTLOADER = "efibootguard" - - efibootguard-wic: | - WIC_IMAGER_INSTALL_append = " efibootguard" - WDOG_TIMEOUT ?= "60" - WICVARS += "WDOG_TIMEOUT KERNEL_IMAGE INITRD_IMAGE DTB_FILES" - IMAGE_FSTYPES ?= "wic" - WKS_FILE ?= "${MACHINE}-efibootguard.wks.in" - - firmware-binaries: | - # Add ovmf binaries for qemu - IMAGER_BUILD_DEPS_append_qemu-amd64 += "ovmf-binaries" - # not needed for Debian 11 and later - OVERRIDES_append_qemu-amd64 = ":${BASE_DISTRO_CODENAME}" - DISTRO_APT_SOURCES_append_qemu-amd64_buster = " conf/distro/debian-buster-backports.list" - DISTRO_APT_PREFERENCES_append_qemu-amd64_buster = " conf/distro/preferences.ovmf-snakeoil.conf" - # Add U-Boot for qemu - IMAGER_BUILD_DEPS_append_qemu-arm64 += "u-boot-qemu-arm64" - IMAGER_BUILD_DEPS_append_qemu-arm += "u-boot-qemu-arm" diff --git a/recipes-core/images/efibootguard.inc b/recipes-core/images/efibootguard.inc new file mode 100644 index 0000000..504a9a9 --- /dev/null +++ b/recipes-core/images/efibootguard.inc @@ -0,0 +1,19 @@ +# +# CIP Core, generic profile +# +# Copyright (c) Siemens AG, 2020 +# +# Authors: +# Quirin Gylstorff <quirin.gylstorff@siemens.com> +# +# SPDX-License-Identifier: MIT +# + +IMAGE_INSTALL_append = " efibootguard" + +WIC_IMAGER_INSTALL_append = " efibootguard" +WDOG_TIMEOUT ?= "60" +WICVARS += "WDOG_TIMEOUT KERNEL_IMAGE INITRD_IMAGE DTB_FILES" +WKS_FILE ?= "${MACHINE}-efibootguard.wks.in" +IMAGE_FSTYPES += "wic" +