summaryrefslogtreecommitdiff
path: root/meta-security/meta-integrity/classes
diff options
context:
space:
mode:
authorjmbills <jason.m.bills@intel.com>2021-10-04 22:42:48 +0300
committerGitHub <noreply@github.com>2021-10-04 22:42:48 +0300
commit0c9e31989c615598b5d042ffab385606660c93c0 (patch)
tree8019999b0ca042482e5193d6cabc06220c71d776 /meta-security/meta-integrity/classes
parent04cd92067d2481643df5010cb39b2134b648cf4d (diff)
parentffe6d597d9e3d4407cf8062b5d6505a80ce08f41 (diff)
downloadopenbmc-1-0.75.tar.xz
Merge pull request #72 from Intel-BMC/update2021-0.751-0.75
Update
Diffstat (limited to 'meta-security/meta-integrity/classes')
-rw-r--r--meta-security/meta-integrity/classes/ima-evm-rootfs.bbclass2
-rw-r--r--meta-security/meta-integrity/classes/kernel-modsign.bbclass6
2 files changed, 4 insertions, 4 deletions
diff --git a/meta-security/meta-integrity/classes/ima-evm-rootfs.bbclass b/meta-security/meta-integrity/classes/ima-evm-rootfs.bbclass
index 0acd6e7aa..57de2f60a 100644
--- a/meta-security/meta-integrity/classes/ima-evm-rootfs.bbclass
+++ b/meta-security/meta-integrity/classes/ima-evm-rootfs.bbclass
@@ -29,7 +29,7 @@ IMA_EVM_ROOTFS_HASHED ?= ". -depth 0 -false"
IMA_EVM_ROOTFS_IVERSION ?= ""
# Avoid re-generating fstab when ima is enabled.
-WIC_CREATE_EXTRA_ARGS_append = "${@bb.utils.contains('DISTRO_FEATURES', 'ima', ' --no-fstab-update', '', d)}"
+WIC_CREATE_EXTRA_ARGS:append = "${@bb.utils.contains('DISTRO_FEATURES', 'ima', ' --no-fstab-update', '', d)}"
ima_evm_sign_rootfs () {
cd ${IMAGE_ROOTFS}
diff --git a/meta-security/meta-integrity/classes/kernel-modsign.bbclass b/meta-security/meta-integrity/classes/kernel-modsign.bbclass
index 09025baa7..093c3585e 100644
--- a/meta-security/meta-integrity/classes/kernel-modsign.bbclass
+++ b/meta-security/meta-integrity/classes/kernel-modsign.bbclass
@@ -2,7 +2,7 @@
# set explicitly in a local.conf before activating kernel-modsign.
# To use the insecure (because public) example keys, use
# MODSIGN_KEY_DIR = "${INTEGRITY_BASE}/data/debug-keys"
-MODSIGN_KEY_DIR ?= "MODSIGN_KEY_DIR_NOT_SET"
+MODSIGN_KEY_DIR ??= "MODSIGN_KEY_DIR_NOT_SET"
# Private key for modules signing. The default is okay when
# using the example key directory.
@@ -15,7 +15,7 @@ MODSIGN_X509 ?= "${MODSIGN_KEY_DIR}/x509_modsign.crt"
# If this class is enabled, disable stripping signatures from modules
INHIBIT_PACKAGE_STRIP = "1"
-kernel_do_configure_prepend() {
+kernel_do_configure:prepend() {
if [ -f "${MODSIGN_PRIVKEY}" -a -f "${MODSIGN_X509}" ]; then
cat "${MODSIGN_PRIVKEY}" "${MODSIGN_X509}" \
> "${B}/modsign_key.pem"
@@ -24,6 +24,6 @@ kernel_do_configure_prepend() {
fi
}
-do_shared_workdir_append() {
+do_shared_workdir:append() {
cp modsign_key.pem $kerneldir/
}
generated by cgit v1.2.3 (git 2.39.0) at 2025-09-13 17:04:49 +0300