* [cip-dev][isar-cip-core][PATCH] Make read-only rootfs a inc file
@ 2021-12-17 13:50 Q. Gylstorff
2021-12-17 13:53 ` Jan Kiszka
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Q. Gylstorff @ 2021-12-17 13:50 UTC (permalink / raw)
To: cip-dev, jan.kiszka
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
This allows downstream recipes to include the kas option
and use the include as base without recreating some parts
of the recipes.
Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
kas/opt/ebg-secure-boot-snakeoil.yml | 4 ++--
recipes-core/images/cip-core-image.bb | 3 ++-
.../{cip-core-image-read-only.bb => read-only.inc} | 11 ++++++++++-
.../initramfs-verity-hook_0.1.bb | 2 +-
start-qemu.sh | 3 ---
5 files changed, 15 insertions(+), 8 deletions(-)
rename recipes-core/images/{cip-core-image-read-only.bb => read-only.inc} (78%)
diff --git a/kas/opt/ebg-secure-boot-snakeoil.yml b/kas/opt/ebg-secure-boot-snakeoil.yml
index 1cfbacc..807b0d7 100644
--- a/kas/opt/ebg-secure-boot-snakeoil.yml
+++ b/kas/opt/ebg-secure-boot-snakeoil.yml
@@ -14,16 +14,16 @@ header:
includes:
- kas/opt/ebg-secure-boot-base.yml
-target: cip-core-image-read-only
local_conf_header:
+ image-options: |
+ CIP_IMAGE_OPTIONS += "read-only.inc"
swupdate: |
IMAGE_INSTALL_append = " swupdate"
IMAGE_INSTALL_append = " swupdate-handler-roundrobin"
verity-img: |
SECURE_IMAGE_FSTYPE = "squashfs"
- VERITY_IMAGE_RECIPE = "cip-core-image-read-only"
IMAGE_TYPE = "secure-swupdate-img"
WKS_FILE = "${MACHINE}-efibootguard-secureboot.wks.in"
diff --git a/recipes-core/images/cip-core-image.bb b/recipes-core/images/cip-core-image.bb
index 2cecde3..9bf21ff 100644
--- a/recipes-core/images/cip-core-image.bb
+++ b/recipes-core/images/cip-core-image.bb
@@ -18,4 +18,5 @@ IMAGE_INSTALL += "customizations"
# for swupdate
SWU_DESCRIPTION ??= "swupdate"
-include ${SWU_DESCRIPTION}.inc
+CIP_IMAGE_OPTIONS ?= "${SWU_DESCRIPTION}.inc"
+include ${CIP_IMAGE_OPTIONS}
diff --git a/recipes-core/images/cip-core-image-read-only.bb b/recipes-core/images/read-only.inc
similarity index 78%
rename from recipes-core/images/cip-core-image-read-only.bb
rename to recipes-core/images/read-only.inc
index 79cd6bf..604caa0 100644
--- a/recipes-core/images/cip-core-image-read-only.bb
+++ b/recipes-core/images/read-only.inc
@@ -1,4 +1,13 @@
-require cip-core-image.bb
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2021
+#
+# Authors:
+# Quirin Gylstorff <Quriin.Gylstorff@siemens.com>
+#
+# SPDX-License-Identifier: MIT
+#
SQUASHFS_EXCLUDE_DIRS += "home var"
diff --git a/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb b/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
index a7fbf5a..f0d2d68 100644
--- a/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
+++ b/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
@@ -24,7 +24,7 @@ TEMPLATE_VARS += "VERITY_BEHAVIOR_ON_CORRUPTION"
DEBIAN_DEPENDS = "initramfs-tools, cryptsetup"
-VERITY_IMAGE_RECIPE ?= "cip-core-image-read-only"
+VERITY_IMAGE_RECIPE ?= "cip-core-image"
VERITY_ENV_FILE = "${DEPLOY_DIR_IMAGE}/${VERITY_IMAGE_RECIPE}-${DISTRO}-${MACHINE}.verity.env"
diff --git a/start-qemu.sh b/start-qemu.sh
index 4ab3861..24df490 100755
--- a/start-qemu.sh
+++ b/start-qemu.sh
@@ -45,9 +45,6 @@ if [ -z "${TARGET_IMAGE}" ];then
if grep -s -q "IMAGE_SECURITY: true" .config.yaml; then
TARGET_IMAGE="cip-core-image-security"
fi
- if [ -n "${SECURE_BOOT}" ]; then
- TARGET_IMAGE="cip-core-image-read-only"
- fi
fi
case "$1" in
--
2.34.1
^ permalink raw reply related [flat|nested] 6+ messages in thread* Re: [cip-dev][isar-cip-core][PATCH] Make read-only rootfs a inc file
2021-12-17 13:50 [cip-dev][isar-cip-core][PATCH] Make read-only rootfs a inc file Q. Gylstorff
@ 2021-12-17 13:53 ` Jan Kiszka
2021-12-17 14:08 ` Gylstorff Quirin
2021-12-17 14:19 ` Jan Kiszka
2021-12-17 14:51 ` Jan Kiszka
2 siblings, 1 reply; 6+ messages in thread
From: Jan Kiszka @ 2021-12-17 13:53 UTC (permalink / raw)
To: Q. Gylstorff, cip-dev
On 17.12.21 14:50, Q. Gylstorff wrote:
> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>
> This allows downstream recipes to include the kas option
> and use the include as base without recreating some parts
> of the recipes.
>
> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
> ---
> kas/opt/ebg-secure-boot-snakeoil.yml | 4 ++--
> recipes-core/images/cip-core-image.bb | 3 ++-
> .../{cip-core-image-read-only.bb => read-only.inc} | 11 ++++++++++-
> .../initramfs-verity-hook_0.1.bb | 2 +-
> start-qemu.sh | 3 ---
> 5 files changed, 15 insertions(+), 8 deletions(-)
> rename recipes-core/images/{cip-core-image-read-only.bb => read-only.inc} (78%)
>
> diff --git a/kas/opt/ebg-secure-boot-snakeoil.yml b/kas/opt/ebg-secure-boot-snakeoil.yml
> index 1cfbacc..807b0d7 100644
> --- a/kas/opt/ebg-secure-boot-snakeoil.yml
> +++ b/kas/opt/ebg-secure-boot-snakeoil.yml
> @@ -14,16 +14,16 @@ header:
> includes:
> - kas/opt/ebg-secure-boot-base.yml
>
> -target: cip-core-image-read-only
>
> local_conf_header:
> + image-options: |
> + CIP_IMAGE_OPTIONS += "read-only.inc"
> swupdate: |
> IMAGE_INSTALL_append = " swupdate"
> IMAGE_INSTALL_append = " swupdate-handler-roundrobin"
>
> verity-img: |
> SECURE_IMAGE_FSTYPE = "squashfs"
> - VERITY_IMAGE_RECIPE = "cip-core-image-read-only"
> IMAGE_TYPE = "secure-swupdate-img"
> WKS_FILE = "${MACHINE}-efibootguard-secureboot.wks.in"
>
> diff --git a/recipes-core/images/cip-core-image.bb b/recipes-core/images/cip-core-image.bb
> index 2cecde3..9bf21ff 100644
> --- a/recipes-core/images/cip-core-image.bb
> +++ b/recipes-core/images/cip-core-image.bb
> @@ -18,4 +18,5 @@ IMAGE_INSTALL += "customizations"
>
> # for swupdate
> SWU_DESCRIPTION ??= "swupdate"
> -include ${SWU_DESCRIPTION}.inc
> +CIP_IMAGE_OPTIONS ?= "${SWU_DESCRIPTION}.inc"
> +include ${CIP_IMAGE_OPTIONS}
Is just
include
an valid bitbake statement? I think this is what will happen when
CIP_IMAGE_OPTIONS is empty, right?
> diff --git a/recipes-core/images/cip-core-image-read-only.bb b/recipes-core/images/read-only.inc
> similarity index 78%
> rename from recipes-core/images/cip-core-image-read-only.bb
> rename to recipes-core/images/read-only.inc
> index 79cd6bf..604caa0 100644
> --- a/recipes-core/images/cip-core-image-read-only.bb
> +++ b/recipes-core/images/read-only.inc
> @@ -1,4 +1,13 @@
> -require cip-core-image.bb
> +#
> +# CIP Core, generic profile
> +#
> +# Copyright (c) Siemens AG, 2021
> +#
> +# Authors:
> +# Quirin Gylstorff <Quriin.Gylstorff@siemens.com>
> +#
> +# SPDX-License-Identifier: MIT
> +#
>
> SQUASHFS_EXCLUDE_DIRS += "home var"
>
> diff --git a/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb b/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
> index a7fbf5a..f0d2d68 100644
> --- a/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
> +++ b/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
> @@ -24,7 +24,7 @@ TEMPLATE_VARS += "VERITY_BEHAVIOR_ON_CORRUPTION"
>
> DEBIAN_DEPENDS = "initramfs-tools, cryptsetup"
>
> -VERITY_IMAGE_RECIPE ?= "cip-core-image-read-only"
> +VERITY_IMAGE_RECIPE ?= "cip-core-image"
>
> VERITY_ENV_FILE = "${DEPLOY_DIR_IMAGE}/${VERITY_IMAGE_RECIPE}-${DISTRO}-${MACHINE}.verity.env"
>
> diff --git a/start-qemu.sh b/start-qemu.sh
> index 4ab3861..24df490 100755
> --- a/start-qemu.sh
> +++ b/start-qemu.sh
> @@ -45,9 +45,6 @@ if [ -z "${TARGET_IMAGE}" ];then
> if grep -s -q "IMAGE_SECURITY: true" .config.yaml; then
> TARGET_IMAGE="cip-core-image-security"
> fi
> - if [ -n "${SECURE_BOOT}" ]; then
> - TARGET_IMAGE="cip-core-image-read-only"
> - fi
> fi
>
> case "$1" in
>
Otherwise, helpful cleanup.
Jan
--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [cip-dev][isar-cip-core][PATCH] Make read-only rootfs a inc file
2021-12-17 13:53 ` Jan Kiszka
@ 2021-12-17 14:08 ` Gylstorff Quirin
0 siblings, 0 replies; 6+ messages in thread
From: Gylstorff Quirin @ 2021-12-17 14:08 UTC (permalink / raw)
To: Jan Kiszka, cip-dev
On 12/17/21 14:53, Jan Kiszka wrote:
> On 17.12.21 14:50, Q. Gylstorff wrote:
>> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>
>> This allows downstream recipes to include the kas option
>> and use the include as base without recreating some parts
>> of the recipes.
>>
>> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>> ---
>> kas/opt/ebg-secure-boot-snakeoil.yml | 4 ++--
>> recipes-core/images/cip-core-image.bb | 3 ++-
>> .../{cip-core-image-read-only.bb => read-only.inc} | 11 ++++++++++-
>> .../initramfs-verity-hook_0.1.bb | 2 +-
>> start-qemu.sh | 3 ---
>> 5 files changed, 15 insertions(+), 8 deletions(-)
>> rename recipes-core/images/{cip-core-image-read-only.bb => read-only.inc} (78%)
>>
>> diff --git a/kas/opt/ebg-secure-boot-snakeoil.yml b/kas/opt/ebg-secure-boot-snakeoil.yml
>> index 1cfbacc..807b0d7 100644
>> --- a/kas/opt/ebg-secure-boot-snakeoil.yml
>> +++ b/kas/opt/ebg-secure-boot-snakeoil.yml
>> @@ -14,16 +14,16 @@ header:
>> includes:
>> - kas/opt/ebg-secure-boot-base.yml
>>
>> -target: cip-core-image-read-only
>>
>> local_conf_header:
>> + image-options: |
>> + CIP_IMAGE_OPTIONS += "read-only.inc"
>> swupdate: |
>> IMAGE_INSTALL_append = " swupdate"
>> IMAGE_INSTALL_append = " swupdate-handler-roundrobin"
>>
>> verity-img: |
>> SECURE_IMAGE_FSTYPE = "squashfs"
>> - VERITY_IMAGE_RECIPE = "cip-core-image-read-only"
>> IMAGE_TYPE = "secure-swupdate-img"
>> WKS_FILE = "${MACHINE}-efibootguard-secureboot.wks.in"
>>
>> diff --git a/recipes-core/images/cip-core-image.bb b/recipes-core/images/cip-core-image.bb
>> index 2cecde3..9bf21ff 100644
>> --- a/recipes-core/images/cip-core-image.bb
>> +++ b/recipes-core/images/cip-core-image.bb
>> @@ -18,4 +18,5 @@ IMAGE_INSTALL += "customizations"
>>
>> # for swupdate
>> SWU_DESCRIPTION ??= "swupdate"
>> -include ${SWU_DESCRIPTION}.inc
>> +CIP_IMAGE_OPTIONS ?= "${SWU_DESCRIPTION}.inc"
>> +include ${CIP_IMAGE_OPTIONS}
>
> Is just
>
> include
>
> an valid bitbake statement? I think this is what will happen when
> CIP_IMAGE_OPTIONS is empty, right?
It should not fail according to [1] and my testing.
[1]:
https://www.yoctoproject.org/docs/1.6/bitbake-user-manual/bitbake-user-manual.html#include-directive
Quirin
>
>> diff --git a/recipes-core/images/cip-core-image-read-only.bb b/recipes-core/images/read-only.inc
>> similarity index 78%
>> rename from recipes-core/images/cip-core-image-read-only.bb
>> rename to recipes-core/images/read-only.inc
>> index 79cd6bf..604caa0 100644
>> --- a/recipes-core/images/cip-core-image-read-only.bb
>> +++ b/recipes-core/images/read-only.inc
>> @@ -1,4 +1,13 @@
>> -require cip-core-image.bb
>> +#
>> +# CIP Core, generic profile
>> +#
>> +# Copyright (c) Siemens AG, 2021
>> +#
>> +# Authors:
>> +# Quirin Gylstorff <Quriin.Gylstorff@siemens.com>
>> +#
>> +# SPDX-License-Identifier: MIT
>> +#
>>
>> SQUASHFS_EXCLUDE_DIRS += "home var"
>>
>> diff --git a/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb b/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
>> index a7fbf5a..f0d2d68 100644
>> --- a/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
>> +++ b/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
>> @@ -24,7 +24,7 @@ TEMPLATE_VARS += "VERITY_BEHAVIOR_ON_CORRUPTION"
>>
>> DEBIAN_DEPENDS = "initramfs-tools, cryptsetup"
>>
>> -VERITY_IMAGE_RECIPE ?= "cip-core-image-read-only"
>> +VERITY_IMAGE_RECIPE ?= "cip-core-image"
>>
>> VERITY_ENV_FILE = "${DEPLOY_DIR_IMAGE}/${VERITY_IMAGE_RECIPE}-${DISTRO}-${MACHINE}.verity.env"
>>
>> diff --git a/start-qemu.sh b/start-qemu.sh
>> index 4ab3861..24df490 100755
>> --- a/start-qemu.sh
>> +++ b/start-qemu.sh
>> @@ -45,9 +45,6 @@ if [ -z "${TARGET_IMAGE}" ];then
>> if grep -s -q "IMAGE_SECURITY: true" .config.yaml; then
>> TARGET_IMAGE="cip-core-image-security"
>> fi
>> - if [ -n "${SECURE_BOOT}" ]; then
>> - TARGET_IMAGE="cip-core-image-read-only"
>> - fi
>> fi
>>
>> case "$1" in
>>
>
> Otherwise, helpful cleanup.
>
> Jan
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [cip-dev][isar-cip-core][PATCH] Make read-only rootfs a inc file
2021-12-17 13:50 [cip-dev][isar-cip-core][PATCH] Make read-only rootfs a inc file Q. Gylstorff
2021-12-17 13:53 ` Jan Kiszka
@ 2021-12-17 14:19 ` Jan Kiszka
2021-12-17 14:49 ` Jan Kiszka
2021-12-17 14:51 ` Jan Kiszka
2 siblings, 1 reply; 6+ messages in thread
From: Jan Kiszka @ 2021-12-17 14:19 UTC (permalink / raw)
To: Q. Gylstorff, cip-dev
On 17.12.21 14:50, Q. Gylstorff wrote:
> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>
> This allows downstream recipes to include the kas option
> and use the include as base without recreating some parts
> of the recipes.
>
> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
> ---
> kas/opt/ebg-secure-boot-snakeoil.yml | 4 ++--
> recipes-core/images/cip-core-image.bb | 3 ++-
> .../{cip-core-image-read-only.bb => read-only.inc} | 11 ++++++++++-
> .../initramfs-verity-hook_0.1.bb | 2 +-
> start-qemu.sh | 3 ---
> 5 files changed, 15 insertions(+), 8 deletions(-)
> rename recipes-core/images/{cip-core-image-read-only.bb => read-only.inc} (78%)
>
> diff --git a/kas/opt/ebg-secure-boot-snakeoil.yml b/kas/opt/ebg-secure-boot-snakeoil.yml
> index 1cfbacc..807b0d7 100644
> --- a/kas/opt/ebg-secure-boot-snakeoil.yml
> +++ b/kas/opt/ebg-secure-boot-snakeoil.yml
> @@ -14,16 +14,16 @@ header:
> includes:
> - kas/opt/ebg-secure-boot-base.yml
>
> -target: cip-core-image-read-only
>
> local_conf_header:
> + image-options: |
> + CIP_IMAGE_OPTIONS += "read-only.inc"
> swupdate: |
> IMAGE_INSTALL_append = " swupdate"
> IMAGE_INSTALL_append = " swupdate-handler-roundrobin"
>
> verity-img: |
> SECURE_IMAGE_FSTYPE = "squashfs"
> - VERITY_IMAGE_RECIPE = "cip-core-image-read-only"
> IMAGE_TYPE = "secure-swupdate-img"
> WKS_FILE = "${MACHINE}-efibootguard-secureboot.wks.in"
>
> diff --git a/recipes-core/images/cip-core-image.bb b/recipes-core/images/cip-core-image.bb
> index 2cecde3..9bf21ff 100644
> --- a/recipes-core/images/cip-core-image.bb
> +++ b/recipes-core/images/cip-core-image.bb
> @@ -18,4 +18,5 @@ IMAGE_INSTALL += "customizations"
>
> # for swupdate
> SWU_DESCRIPTION ??= "swupdate"
> -include ${SWU_DESCRIPTION}.inc
> +CIP_IMAGE_OPTIONS ?= "${SWU_DESCRIPTION}.inc"
> +include ${CIP_IMAGE_OPTIONS}
> diff --git a/recipes-core/images/cip-core-image-read-only.bb b/recipes-core/images/read-only.inc
> similarity index 78%
> rename from recipes-core/images/cip-core-image-read-only.bb
> rename to recipes-core/images/read-only.inc
> index 79cd6bf..604caa0 100644
> --- a/recipes-core/images/cip-core-image-read-only.bb
> +++ b/recipes-core/images/read-only.inc
> @@ -1,4 +1,13 @@
> -require cip-core-image.bb
> +#
> +# CIP Core, generic profile
> +#
> +# Copyright (c) Siemens AG, 2021
> +#
> +# Authors:
> +# Quirin Gylstorff <Quriin.Gylstorff@siemens.com>
> +#
> +# SPDX-License-Identifier: MIT
> +#
>
> SQUASHFS_EXCLUDE_DIRS += "home var"
>
> diff --git a/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb b/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
> index a7fbf5a..f0d2d68 100644
> --- a/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
> +++ b/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
> @@ -24,7 +24,7 @@ TEMPLATE_VARS += "VERITY_BEHAVIOR_ON_CORRUPTION"
>
> DEBIAN_DEPENDS = "initramfs-tools, cryptsetup"
>
> -VERITY_IMAGE_RECIPE ?= "cip-core-image-read-only"
> +VERITY_IMAGE_RECIPE ?= "cip-core-image"
>
> VERITY_ENV_FILE = "${DEPLOY_DIR_IMAGE}/${VERITY_IMAGE_RECIPE}-${DISTRO}-${MACHINE}.verity.env"
>
> diff --git a/start-qemu.sh b/start-qemu.sh
> index 4ab3861..24df490 100755
> --- a/start-qemu.sh
> +++ b/start-qemu.sh
> @@ -45,9 +45,6 @@ if [ -z "${TARGET_IMAGE}" ];then
> if grep -s -q "IMAGE_SECURITY: true" .config.yaml; then
> TARGET_IMAGE="cip-core-image-security"
> fi
> - if [ -n "${SECURE_BOOT}" ]; then
> - TARGET_IMAGE="cip-core-image-read-only"
> - fi
> fi
>
> case "$1" in
>
Thanks, applied to next.
Jan
--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [cip-dev][isar-cip-core][PATCH] Make read-only rootfs a inc file
2021-12-17 14:19 ` Jan Kiszka
@ 2021-12-17 14:49 ` Jan Kiszka
0 siblings, 0 replies; 6+ messages in thread
From: Jan Kiszka @ 2021-12-17 14:49 UTC (permalink / raw)
To: Q. Gylstorff, cip-dev
On 17.12.21 15:19, Jan Kiszka wrote:
> On 17.12.21 14:50, Q. Gylstorff wrote:
>> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>
>> This allows downstream recipes to include the kas option
>> and use the include as base without recreating some parts
>> of the recipes.
>>
>> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>> ---
>> kas/opt/ebg-secure-boot-snakeoil.yml | 4 ++--
>> recipes-core/images/cip-core-image.bb | 3 ++-
>> .../{cip-core-image-read-only.bb => read-only.inc} | 11 ++++++++++-
>> .../initramfs-verity-hook_0.1.bb | 2 +-
>> start-qemu.sh | 3 ---
>> 5 files changed, 15 insertions(+), 8 deletions(-)
>> rename recipes-core/images/{cip-core-image-read-only.bb => read-only.inc} (78%)
>>
>> diff --git a/kas/opt/ebg-secure-boot-snakeoil.yml b/kas/opt/ebg-secure-boot-snakeoil.yml
>> index 1cfbacc..807b0d7 100644
>> --- a/kas/opt/ebg-secure-boot-snakeoil.yml
>> +++ b/kas/opt/ebg-secure-boot-snakeoil.yml
>> @@ -14,16 +14,16 @@ header:
>> includes:
>> - kas/opt/ebg-secure-boot-base.yml
>>
>> -target: cip-core-image-read-only
>>
>> local_conf_header:
>> + image-options: |
>> + CIP_IMAGE_OPTIONS += "read-only.inc"
>> swupdate: |
>> IMAGE_INSTALL_append = " swupdate"
>> IMAGE_INSTALL_append = " swupdate-handler-roundrobin"
>>
>> verity-img: |
>> SECURE_IMAGE_FSTYPE = "squashfs"
>> - VERITY_IMAGE_RECIPE = "cip-core-image-read-only"
>> IMAGE_TYPE = "secure-swupdate-img"
>> WKS_FILE = "${MACHINE}-efibootguard-secureboot.wks.in"
>>
>> diff --git a/recipes-core/images/cip-core-image.bb b/recipes-core/images/cip-core-image.bb
>> index 2cecde3..9bf21ff 100644
>> --- a/recipes-core/images/cip-core-image.bb
>> +++ b/recipes-core/images/cip-core-image.bb
>> @@ -18,4 +18,5 @@ IMAGE_INSTALL += "customizations"
>>
>> # for swupdate
>> SWU_DESCRIPTION ??= "swupdate"
>> -include ${SWU_DESCRIPTION}.inc
>> +CIP_IMAGE_OPTIONS ?= "${SWU_DESCRIPTION}.inc"
>> +include ${CIP_IMAGE_OPTIONS}
>> diff --git a/recipes-core/images/cip-core-image-read-only.bb b/recipes-core/images/read-only.inc
>> similarity index 78%
>> rename from recipes-core/images/cip-core-image-read-only.bb
>> rename to recipes-core/images/read-only.inc
>> index 79cd6bf..604caa0 100644
>> --- a/recipes-core/images/cip-core-image-read-only.bb
>> +++ b/recipes-core/images/read-only.inc
>> @@ -1,4 +1,13 @@
>> -require cip-core-image.bb
>> +#
>> +# CIP Core, generic profile
>> +#
>> +# Copyright (c) Siemens AG, 2021
>> +#
>> +# Authors:
>> +# Quirin Gylstorff <Quriin.Gylstorff@siemens.com>
>> +#
>> +# SPDX-License-Identifier: MIT
>> +#
>>
>> SQUASHFS_EXCLUDE_DIRS += "home var"
>>
>> diff --git a/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb b/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
>> index a7fbf5a..f0d2d68 100644
>> --- a/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
>> +++ b/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
>> @@ -24,7 +24,7 @@ TEMPLATE_VARS += "VERITY_BEHAVIOR_ON_CORRUPTION"
>>
>> DEBIAN_DEPENDS = "initramfs-tools, cryptsetup"
>>
>> -VERITY_IMAGE_RECIPE ?= "cip-core-image-read-only"
>> +VERITY_IMAGE_RECIPE ?= "cip-core-image"
>>
>> VERITY_ENV_FILE = "${DEPLOY_DIR_IMAGE}/${VERITY_IMAGE_RECIPE}-${DISTRO}-${MACHINE}.verity.env"
>>
>> diff --git a/start-qemu.sh b/start-qemu.sh
>> index 4ab3861..24df490 100755
>> --- a/start-qemu.sh
>> +++ b/start-qemu.sh
>> @@ -45,9 +45,6 @@ if [ -z "${TARGET_IMAGE}" ];then
>> if grep -s -q "IMAGE_SECURITY: true" .config.yaml; then
>> TARGET_IMAGE="cip-core-image-security"
>> fi
>> - if [ -n "${SECURE_BOOT}" ]; then
>> - TARGET_IMAGE="cip-core-image-read-only"
>> - fi
>> fi
>>
>> case "$1" in
>>
>
> Thanks, applied to next.
>
We have a regression, you already saw it. Dropping this, waiting for v2.
Jan
--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [cip-dev][isar-cip-core][PATCH] Make read-only rootfs a inc file
2021-12-17 13:50 [cip-dev][isar-cip-core][PATCH] Make read-only rootfs a inc file Q. Gylstorff
2021-12-17 13:53 ` Jan Kiszka
2021-12-17 14:19 ` Jan Kiszka
@ 2021-12-17 14:51 ` Jan Kiszka
2 siblings, 0 replies; 6+ messages in thread
From: Jan Kiszka @ 2021-12-17 14:51 UTC (permalink / raw)
To: Q. Gylstorff, cip-dev
On 17.12.21 14:50, Q. Gylstorff wrote:
> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>
> This allows downstream recipes to include the kas option
> and use the include as base without recreating some parts
> of the recipes.
>
> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
> ---
> kas/opt/ebg-secure-boot-snakeoil.yml | 4 ++--
> recipes-core/images/cip-core-image.bb | 3 ++-
> .../{cip-core-image-read-only.bb => read-only.inc} | 11 ++++++++++-
> .../initramfs-verity-hook_0.1.bb | 2 +-
> start-qemu.sh | 3 ---
> 5 files changed, 15 insertions(+), 8 deletions(-)
> rename recipes-core/images/{cip-core-image-read-only.bb => read-only.inc} (78%)
>
> diff --git a/kas/opt/ebg-secure-boot-snakeoil.yml b/kas/opt/ebg-secure-boot-snakeoil.yml
> index 1cfbacc..807b0d7 100644
> --- a/kas/opt/ebg-secure-boot-snakeoil.yml
> +++ b/kas/opt/ebg-secure-boot-snakeoil.yml
> @@ -14,16 +14,16 @@ header:
> includes:
> - kas/opt/ebg-secure-boot-base.yml
>
> -target: cip-core-image-read-only
>
> local_conf_header:
> + image-options: |
> + CIP_IMAGE_OPTIONS += "read-only.inc"
I think you want _append here to that the default assignment in
cip-core-image.bb also works.
Jan
--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2021-12-17 14:52 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-17 13:50 [cip-dev][isar-cip-core][PATCH] Make read-only rootfs a inc file Q. Gylstorff
2021-12-17 13:53 ` Jan Kiszka
2021-12-17 14:08 ` Gylstorff Quirin
2021-12-17 14:19 ` Jan Kiszka
2021-12-17 14:49 ` Jan Kiszka
2021-12-17 14:51 ` Jan Kiszka
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.