From 1ac5c704bb4b7fd72d9e382ccf23f4d186da0f86 Mon Sep 17 00:00:00 2001 From: Stephane Desneux Date: Thu, 23 Jun 2016 16:00:59 +0000 Subject: add layer meta-app-framework meta-app-framework is a layer containing the AGL App Framework recipes 4 new layers are added for application framework: * meta-intel-iot-security/meta-security-smack * meta-intel-iot-security/meta-security-framework * meta-agl/meta-agl-security * meta-agl/meta-app-framework Configuration file changes to support AppFw: * activation of Smack and Cynara * modify the tar command to be used to support Smack extended attributes Change-Id: Idc8abdc8869787feb4b534ee45bf7b5d3dde3632 Signed-off-by: Stephane Desneux --- meta-app-framework/conf/layer.conf | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 meta-app-framework/conf/layer.conf (limited to 'meta-app-framework/conf') diff --git a/meta-app-framework/conf/layer.conf b/meta-app-framework/conf/layer.conf new file mode 100644 index 000000000..f74ebd658 --- /dev/null +++ b/meta-app-framework/conf/layer.conf @@ -0,0 +1,11 @@ +# We have a conf and classes directory, add to BBPATH +BBPATH .= ":${LAYERDIR}" + +# We have recipes-* directories, add to BBFILES +BBFILES += "${LAYERDIR}/recipes-*/*/*.bb \ + ${LAYERDIR}/recipes-*/*/*.bbappend" + +BBFILE_COLLECTIONS += "app-framework" +BBFILE_PATTERN_app-framework = "^${LAYERDIR}/" +BBFILE_PRIORITY_app-framework = "7" + -- cgit 1.2.3-korg From a9fd01093b3feda9a5f71484c1934c890da8cb52 Mon Sep 17 00:00:00 2001 From: Ronan Date: Fri, 20 Jan 2017 16:30:39 +0100 Subject: Move feature code into the meta recipes * Having a minimlal local.conf serving the only purpose of user customization is the "Yocto" way of doing things * After a source synchronization (repo sync), feature code must be update without regenerate local.conf * move feature/agl-demo to meta-agl-demo Change-Id: I6db3956da8091bf583b20fce7dc184bfe622a85a Signed-off-by: Ronan Signed-off-by: Stephane Desneux --- meta-app-framework/conf/include/agl-appfw-smack.inc | 12 ++++++++++++ templates/feature/agl-appfw-smack/50_local.conf.inc | 14 ++------------ 2 files changed, 14 insertions(+), 12 deletions(-) create mode 100644 meta-app-framework/conf/include/agl-appfw-smack.inc (limited to 'meta-app-framework/conf') diff --git a/meta-app-framework/conf/include/agl-appfw-smack.inc b/meta-app-framework/conf/include/agl-appfw-smack.inc new file mode 100644 index 000000000..90862cb09 --- /dev/null +++ b/meta-app-framework/conf/include/agl-appfw-smack.inc @@ -0,0 +1,12 @@ +# enable security features (smack, cynara) - required by Application Framework +OVERRIDES .= ":smack" +DISTRO_FEATURES_append = " smack dbus-cynara" + +# use tar-native to support SMACK extended attributes independently of host config +IMAGE_CMD_TAR = "tar --xattrs-include='*'" +IMAGE_DEPENDS_tar_append = " tar-replacement-native" +EXTRANATIVEPATH += "tar-native" + +# security: enable ssh server in place of dropbear to support PAM on user sessions +IMAGE_FEATURES += "ssh-server-openssh" + diff --git a/templates/feature/agl-appfw-smack/50_local.conf.inc b/templates/feature/agl-appfw-smack/50_local.conf.inc index 90862cb09..add62a30b 100644 --- a/templates/feature/agl-appfw-smack/50_local.conf.inc +++ b/templates/feature/agl-appfw-smack/50_local.conf.inc @@ -1,12 +1,2 @@ -# enable security features (smack, cynara) - required by Application Framework -OVERRIDES .= ":smack" -DISTRO_FEATURES_append = " smack dbus-cynara" - -# use tar-native to support SMACK extended attributes independently of host config -IMAGE_CMD_TAR = "tar --xattrs-include='*'" -IMAGE_DEPENDS_tar_append = " tar-replacement-native" -EXTRANATIVEPATH += "tar-native" - -# security: enable ssh server in place of dropbear to support PAM on user sessions -IMAGE_FEATURES += "ssh-server-openssh" - +#see meta-agl-extra/meta-app-framework/conf/include/agl-appfw-smack.inc +require conf/include/agl-appfw-smack.inc -- cgit 1.2.3-korg From 84359dab292d9cfc2ad66800c8d1765ce32c717b Mon Sep 17 00:00:00 2001 From: José Bollo Date: Mon, 6 Mar 2017 17:19:16 +0100 Subject: Ensure that eXtended Attributes are managed MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Common tools like 'useradd' work better in a Smacked context when the extended attributes are correctly managed. This is achieved by enforcing extended attributes "xattr" to be in DISTRO_FEATURES. When the commit 1c3eae5e654b7942b3ffd0b53426ca77219cec03 of poky will be integrated in the upstream of AGL (pyro), it will be possible to removes the 3 last lines of meta-app-framework/conf/include/agl-appfw-smack.inc that explicitely activate the handling of extended attributes for the package "shadow". See SPEC-475. Change-Id: I299e68a34e7e49b33f1046aa99d255655fa2ffcc Signed-off-by: José Bollo Signed-off-by: Stephane Desneux --- meta-app-framework/conf/include/agl-appfw-smack.inc | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'meta-app-framework/conf') diff --git a/meta-app-framework/conf/include/agl-appfw-smack.inc b/meta-app-framework/conf/include/agl-appfw-smack.inc index 90862cb09..133f6b04c 100644 --- a/meta-app-framework/conf/include/agl-appfw-smack.inc +++ b/meta-app-framework/conf/include/agl-appfw-smack.inc @@ -1,12 +1,16 @@ # enable security features (smack, cynara) - required by Application Framework OVERRIDES .= ":smack" -DISTRO_FEATURES_append = " smack dbus-cynara" +DISTRO_FEATURES_append = " smack dbus-cynara xattr" # use tar-native to support SMACK extended attributes independently of host config -IMAGE_CMD_TAR = "tar --xattrs-include='*'" +IMAGE_CMD_TAR = "tar --xattrs --xattrs-include='*'" IMAGE_DEPENDS_tar_append = " tar-replacement-native" EXTRANATIVEPATH += "tar-native" # security: enable ssh server in place of dropbear to support PAM on user sessions IMAGE_FEATURES += "ssh-server-openssh" +# enforce copy of xattrs (to be removed, see SPEC-475) +PACKAGECONFIG_append_pn-shadow = " attr" +PACKAGECONFIG_append_pn-shadow-native = " attr" + -- cgit 1.2.3-korg