From 1c7d6584a7811b7785ae5c1e378f14b5ba0971cf Mon Sep 17 00:00:00 2001
From: takeshi_hoshina <takeshi_hoshina@mail.toyota.co.jp>
Date: Mon, 2 Nov 2020 11:07:33 +0900
Subject: basesystem-jj recipes

---
 .../ima-evm-utils/ima-evm-utils_git.bb             | 37 ++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 external/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb

(limited to 'external/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb')

diff --git a/external/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb b/external/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb
new file mode 100644
index 00000000..7f649c2d
--- /dev/null
+++ b/external/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb
@@ -0,0 +1,37 @@
+DESCRIPTION = "IMA/EVM control utility"
+LICENSE = "GPL-2.0-with-OpenSSL-exception"
+LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
+
+DEPENDS += "openssl attr keyutils"
+
+DEPENDS_class-native += "openssl-native keyutils-native"
+
+PV = "1.2.1+git${SRCPV}"
+SRCREV = "3eab1f93b634249c1720f65fcb495b1996f0256e"
+SRC_URI = "git://git.code.sf.net/p/linux-ima/ima-evm-utils;branch=ima-evm-utils-1.2.y"
+
+# Documentation depends on asciidoc, which we do not have, so
+# do not build documentation.
+SRC_URI += "file://disable-doc-creation.patch"
+
+# Workaround for upstream incompatibility with older Linux distros.
+# Relevant for us when compiling ima-evm-utils-native.
+SRC_URI += "file://evmctl.c-do-not-depend-on-xattr.h-with-IMA-defines.patch"
+
+# Required for xargs with more than one path as argument (better for performance).
+SRC_URI += "file://command-line-apply-operation-to-all-paths.patch"
+
+S = "${WORKDIR}/git"
+
+inherit pkgconfig autotools features_check
+
+REQUIRED_DISTRO_FEATURES = "ima"
+
+EXTRA_OECONF_append_class-target = " --with-kernel-headers=${STAGING_KERNEL_BUILDDIR}"
+
+# blkid is called by evmctl when creating evm checksums.
+# This is less useful when signing files on the build host,
+# so disable it when compiling on the host.
+RDEPENDS_${PN}_append_class-target = " util-linux-blkid libcrypto attr libattr keyutils"
+
+BBCLASSEXTEND = "native nativesdk"
-- 
cgit 1.2.3-korg