On 9/22/19 9:56 AM, Hongxu Jia wrote:
> Refer https://pagure.io/fipscheck/c/489bc3ab3f73707e12b6c2644d80af5ff6fbbf70
>
> Signed-off-by: Hongxu Jia <hongxu....@windriver.com>
> ---
> recipes-connectivity/openssh/fipscheck_1.5.0.bb | 18 ++++++++++++++++++
> 1 file changed, 18 insertions(+)
>
> diff --git a/recipes-connectivity/openssh/fipscheck_1.5.0.bb
> b/recipes-connectivity/openssh/fipscheck_1.5.0.bb
> index 68051d2..0a06bd3 100644
> --- a/recipes-connectivity/openssh/fipscheck_1.5.0.bb
> +++ b/recipes-connectivity/openssh/fipscheck_1.5.0.bb
> @@ -27,4 +27,22 @@ EXTRA_OECONF += " \
> EXTRA_OEMAKE += " \
> -I${STAGING_LIBDIR_NATIVE}/ssl/fips-2.0/include \
> "
> +do_install_append() {
> + install -d ${D}${libdir}/fipscheck
> +}
>
> +inherit qemu
> +
> +pkg_postinst_${PN} () {
> + if [ -n "$D" ]; then
> + ${@qemu_run_binary(d, '$D', '${bindir}/fipshmac')} \
> + -d $D${libdir}/fipscheck $D${bindir}/fipscheck
> $D${libdir}/libfipscheck.so.1.2.1 && \
> + ln -s libfipscheck.so.1.2.1.hmac
> $D${libdir}/fipscheck/libfipscheck.so.1.hmac
> + else
> + ${bindir}/fipshmac -d ${libdir}/fipscheck ${bindir}/fipscheck \
> + ${libdir}/libfipscheck.so.1.2.1 && \
> + ln -s libfipscheck.so.1.2.1.hmac
> ${libdir}/fipscheck/libfipscheck.so.1.hmac
> + fi
> +}
The way this works has changed a bit since I really knew it. I was looking in
the manpages.bbclass and they have the following:
> if ${@bb.utils.contains('PACKAGECONFIG', 'manpages', 'true', 'false',
> d)}; then
> if test -n "$D"; then
> if ${@bb.utils.contains('MACHINE_FEATURES',
> 'qemu-usermode', 'true','false', d)}; then
> sed "s:\(\s\)/:\1$D/:g"
> $D${sysconfdir}/man_db.conf | ${@qemu_run_binary(d, '$D', '${bindir}/mandb')}
> -C - -u -q $D${mandir}
> mkdir -p $D${localstatedir}/cache/man
> mv $D${mandir}/index.db
> $D${localstatedir}/cache/man
> else
> $INTERCEPT_DIR/postinst_intercept
> delay_to_first_boot ${PKG} mlprefix=${MLPREFIX}
> fi
> else
> mandb -q
> fi
> fi
That is checking for the presence of the MACHINE_FEATURE. I'm not sure I like
that in this case though since it makes these recipes machine specific.
But I do think we need the delay until first boot part.
Jason, I know you've been working on first boot things for a while, any opinion?
--Mark
> +
> +FILES_${PN} += "${libdir}/fipscheck"
>
--
_______________________________________________
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto