From 1c7d6584a7811b7785ae5c1e378f14b5ba0971cf Mon Sep 17 00:00:00 2001 From: takeshi_hoshina Date: Mon, 2 Nov 2020 11:07:33 +0900 Subject: basesystem-jj recipes --- .../images/dm-verity-image-initramfs.bb | 26 ++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 external/meta-security/recipes-core/images/dm-verity-image-initramfs.bb (limited to 'external/meta-security/recipes-core/images/dm-verity-image-initramfs.bb') diff --git a/external/meta-security/recipes-core/images/dm-verity-image-initramfs.bb b/external/meta-security/recipes-core/images/dm-verity-image-initramfs.bb new file mode 100644 index 00000000..f9ea3762 --- /dev/null +++ b/external/meta-security/recipes-core/images/dm-verity-image-initramfs.bb @@ -0,0 +1,26 @@ +DESCRIPTION = "Simple initramfs image for mounting the rootfs over the verity device mapper." + +# We want a clean, minimal image. +IMAGE_FEATURES = "" + +PACKAGE_INSTALL = " \ + initramfs-dm-verity \ + base-files \ + busybox \ + util-linux-mount \ + udev \ + cryptsetup \ + lvm2-udevrules \ +" + +# Can we somehow inspect reverse dependencies to avoid these variables? +do_rootfs[depends] += "${DM_VERITY_IMAGE}:do_image_${DM_VERITY_IMAGE_TYPE}" + +IMAGE_FSTYPES = "${INITRAMFS_FSTYPES}" + +inherit core-image + +deploy_verity_hash() { + install -D -m 0644 ${DEPLOY_DIR_IMAGE}/${DM_VERITY_IMAGE}-${MACHINE}.${DM_VERITY_IMAGE_TYPE}.verity.env ${IMAGE_ROOTFS}/${datadir}/dm-verity.env +} +ROOTFS_POSTPROCESS_COMMAND += "deploy_verity_hash;" -- cgit 1.2.3-korg