* [cip-dev][isar-cip-core][PATCH v2] Make read-only rootfs a inc file
@ 2021-12-17 15:05 Q. Gylstorff
2021-12-17 15:17 ` Jan Kiszka
0 siblings, 1 reply; 2+ messages in thread
From: Q. Gylstorff @ 2021-12-17 15:05 UTC (permalink / raw)
To: cip-dev, jan.kiszka
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
This allows downstream recipes to include the kas option
and use the include as base without recreating some parts
of the recipes.
Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
kas/opt/ebg-secure-boot-snakeoil.yml | 4 ++--
recipes-core/images/cip-core-image.bb | 3 ++-
.../{cip-core-image-read-only.bb => read-only.inc} | 11 ++++++++++-
.../initramfs-verity-hook_0.1.bb | 2 +-
start-qemu.sh | 3 ---
5 files changed, 15 insertions(+), 8 deletions(-)
rename recipes-core/images/{cip-core-image-read-only.bb => read-only.inc} (78%)
diff --git a/kas/opt/ebg-secure-boot-snakeoil.yml b/kas/opt/ebg-secure-boot-snakeoil.yml
index 1cfbacc..9f3eae9 100644
--- a/kas/opt/ebg-secure-boot-snakeoil.yml
+++ b/kas/opt/ebg-secure-boot-snakeoil.yml
@@ -14,16 +14,16 @@ header:
includes:
- kas/opt/ebg-secure-boot-base.yml
-target: cip-core-image-read-only
local_conf_header:
+ image-options: |
+ CIP_IMAGE_OPTIONS_append = " read-only.inc"
swupdate: |
IMAGE_INSTALL_append = " swupdate"
IMAGE_INSTALL_append = " swupdate-handler-roundrobin"
verity-img: |
SECURE_IMAGE_FSTYPE = "squashfs"
- VERITY_IMAGE_RECIPE = "cip-core-image-read-only"
IMAGE_TYPE = "secure-swupdate-img"
WKS_FILE = "${MACHINE}-efibootguard-secureboot.wks.in"
diff --git a/recipes-core/images/cip-core-image.bb b/recipes-core/images/cip-core-image.bb
index 2cecde3..9bf21ff 100644
--- a/recipes-core/images/cip-core-image.bb
+++ b/recipes-core/images/cip-core-image.bb
@@ -18,4 +18,5 @@ IMAGE_INSTALL += "customizations"
# for swupdate
SWU_DESCRIPTION ??= "swupdate"
-include ${SWU_DESCRIPTION}.inc
+CIP_IMAGE_OPTIONS ?= "${SWU_DESCRIPTION}.inc"
+include ${CIP_IMAGE_OPTIONS}
diff --git a/recipes-core/images/cip-core-image-read-only.bb b/recipes-core/images/read-only.inc
similarity index 78%
rename from recipes-core/images/cip-core-image-read-only.bb
rename to recipes-core/images/read-only.inc
index 79cd6bf..604caa0 100644
--- a/recipes-core/images/cip-core-image-read-only.bb
+++ b/recipes-core/images/read-only.inc
@@ -1,4 +1,13 @@
-require cip-core-image.bb
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2021
+#
+# Authors:
+# Quirin Gylstorff <Quriin.Gylstorff@siemens.com>
+#
+# SPDX-License-Identifier: MIT
+#
SQUASHFS_EXCLUDE_DIRS += "home var"
diff --git a/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb b/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
index a7fbf5a..f0d2d68 100644
--- a/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
+++ b/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
@@ -24,7 +24,7 @@ TEMPLATE_VARS += "VERITY_BEHAVIOR_ON_CORRUPTION"
DEBIAN_DEPENDS = "initramfs-tools, cryptsetup"
-VERITY_IMAGE_RECIPE ?= "cip-core-image-read-only"
+VERITY_IMAGE_RECIPE ?= "cip-core-image"
VERITY_ENV_FILE = "${DEPLOY_DIR_IMAGE}/${VERITY_IMAGE_RECIPE}-${DISTRO}-${MACHINE}.verity.env"
diff --git a/start-qemu.sh b/start-qemu.sh
index 4ab3861..24df490 100755
--- a/start-qemu.sh
+++ b/start-qemu.sh
@@ -45,9 +45,6 @@ if [ -z "${TARGET_IMAGE}" ];then
if grep -s -q "IMAGE_SECURITY: true" .config.yaml; then
TARGET_IMAGE="cip-core-image-security"
fi
- if [ -n "${SECURE_BOOT}" ]; then
- TARGET_IMAGE="cip-core-image-read-only"
- fi
fi
case "$1" in
--
2.34.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [cip-dev][isar-cip-core][PATCH v2] Make read-only rootfs a inc file
2021-12-17 15:05 [cip-dev][isar-cip-core][PATCH v2] Make read-only rootfs a inc file Q. Gylstorff
@ 2021-12-17 15:17 ` Jan Kiszka
0 siblings, 0 replies; 2+ messages in thread
From: Jan Kiszka @ 2021-12-17 15:17 UTC (permalink / raw)
To: Q. Gylstorff, cip-dev
On 17.12.21 16:05, Q. Gylstorff wrote:
> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>
> This allows downstream recipes to include the kas option
> and use the include as base without recreating some parts
> of the recipes.
>
> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
> ---
> kas/opt/ebg-secure-boot-snakeoil.yml | 4 ++--
> recipes-core/images/cip-core-image.bb | 3 ++-
> .../{cip-core-image-read-only.bb => read-only.inc} | 11 ++++++++++-
> .../initramfs-verity-hook_0.1.bb | 2 +-
> start-qemu.sh | 3 ---
> 5 files changed, 15 insertions(+), 8 deletions(-)
> rename recipes-core/images/{cip-core-image-read-only.bb => read-only.inc} (78%)
>
> diff --git a/kas/opt/ebg-secure-boot-snakeoil.yml b/kas/opt/ebg-secure-boot-snakeoil.yml
> index 1cfbacc..9f3eae9 100644
> --- a/kas/opt/ebg-secure-boot-snakeoil.yml
> +++ b/kas/opt/ebg-secure-boot-snakeoil.yml
> @@ -14,16 +14,16 @@ header:
> includes:
> - kas/opt/ebg-secure-boot-base.yml
>
> -target: cip-core-image-read-only
>
> local_conf_header:
> + image-options: |
> + CIP_IMAGE_OPTIONS_append = " read-only.inc"
> swupdate: |
> IMAGE_INSTALL_append = " swupdate"
> IMAGE_INSTALL_append = " swupdate-handler-roundrobin"
>
> verity-img: |
> SECURE_IMAGE_FSTYPE = "squashfs"
> - VERITY_IMAGE_RECIPE = "cip-core-image-read-only"
> IMAGE_TYPE = "secure-swupdate-img"
> WKS_FILE = "${MACHINE}-efibootguard-secureboot.wks.in"
>
> diff --git a/recipes-core/images/cip-core-image.bb b/recipes-core/images/cip-core-image.bb
> index 2cecde3..9bf21ff 100644
> --- a/recipes-core/images/cip-core-image.bb
> +++ b/recipes-core/images/cip-core-image.bb
> @@ -18,4 +18,5 @@ IMAGE_INSTALL += "customizations"
>
> # for swupdate
> SWU_DESCRIPTION ??= "swupdate"
> -include ${SWU_DESCRIPTION}.inc
> +CIP_IMAGE_OPTIONS ?= "${SWU_DESCRIPTION}.inc"
> +include ${CIP_IMAGE_OPTIONS}
> diff --git a/recipes-core/images/cip-core-image-read-only.bb b/recipes-core/images/read-only.inc
> similarity index 78%
> rename from recipes-core/images/cip-core-image-read-only.bb
> rename to recipes-core/images/read-only.inc
> index 79cd6bf..604caa0 100644
> --- a/recipes-core/images/cip-core-image-read-only.bb
> +++ b/recipes-core/images/read-only.inc
> @@ -1,4 +1,13 @@
> -require cip-core-image.bb
> +#
> +# CIP Core, generic profile
> +#
> +# Copyright (c) Siemens AG, 2021
> +#
> +# Authors:
> +# Quirin Gylstorff <Quriin.Gylstorff@siemens.com>
> +#
> +# SPDX-License-Identifier: MIT
> +#
>
> SQUASHFS_EXCLUDE_DIRS += "home var"
>
> diff --git a/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb b/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
> index a7fbf5a..f0d2d68 100644
> --- a/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
> +++ b/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
> @@ -24,7 +24,7 @@ TEMPLATE_VARS += "VERITY_BEHAVIOR_ON_CORRUPTION"
>
> DEBIAN_DEPENDS = "initramfs-tools, cryptsetup"
>
> -VERITY_IMAGE_RECIPE ?= "cip-core-image-read-only"
> +VERITY_IMAGE_RECIPE ?= "cip-core-image"
>
> VERITY_ENV_FILE = "${DEPLOY_DIR_IMAGE}/${VERITY_IMAGE_RECIPE}-${DISTRO}-${MACHINE}.verity.env"
>
> diff --git a/start-qemu.sh b/start-qemu.sh
> index 4ab3861..24df490 100755
> --- a/start-qemu.sh
> +++ b/start-qemu.sh
> @@ -45,9 +45,6 @@ if [ -z "${TARGET_IMAGE}" ];then
> if grep -s -q "IMAGE_SECURITY: true" .config.yaml; then
> TARGET_IMAGE="cip-core-image-security"
> fi
> - if [ -n "${SECURE_BOOT}" ]; then
> - TARGET_IMAGE="cip-core-image-read-only"
> - fi
> fi
>
> case "$1" in
>
Thanks, taken to next in favor of v1.
Jan
--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-12-17 15:17 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-17 15:05 [cip-dev][isar-cip-core][PATCH v2] Make read-only rootfs a inc file Q. Gylstorff
2021-12-17 15:17 ` Jan Kiszka
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.