Re: [yocto] [meta-openssl102-fips][PATCH V3 4/16] classes/image-enable-fips.bbclass: enable user space fips mode in image
You are correct. I had found that earlier today. Anyway, the code has been verified as functional, and has been pushed. Thanks! --Mark On 9/25/19 9:35 PM, Hongxu Jia wrote: > Refer Fedora/RedHat's way > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/6.5_technical_notes/dracut > > To enable user space fips mode in the image recipe as part of an > 'IMAGE_CLASSES'. Basically if FIPS-140-2 is enabled, then we can > touch the file as a post image generation activity. > > Signed-off-by: Hongxu Jia > --- > classes/image-enable-fips.bbclass | 5 + > conf/layer.conf | 2 ++ > 2 files changed, 7 insertions(+) > create mode 100644 classes/image-enable-fips.bbclass > > diff --git a/classes/image-enable-fips.bbclass > b/classes/image-enable-fips.bbclass > new file mode 100644 > index 000..6c5b370 > --- /dev/null > +++ b/classes/image-enable-fips.bbclass > @@ -0,0 +1,5 @@ > +ROOTFS_POSTPROCESS_COMMAND_append = "enable_system_fips;" > +enable_system_fips() { > +install -d ${IMAGE_ROOTFS}${sysconfdir} > +touch ${IMAGE_ROOTFS}${sysconfdir}/system-fips > +} > diff --git a/conf/layer.conf b/conf/layer.conf > index 27a872e..185f422 100644 > --- a/conf/layer.conf > +++ b/conf/layer.conf > @@ -18,3 +18,5 @@ LAYERDEPENDS_meta-openssl-one-zero-two-fips = " \ > meta-openssl-one-zero-two \ > wr-template \ > " > + > +IMAGE_CLASSES_append = "${@'' if d.getVar('OPENSSL_FIPS_ENABLED', True) != > '1' else ' image-enable-fips'}" > -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-openssl102-fips][PATCH V3 4/16] classes/image-enable-fips.bbclass: enable user space fips mode in image
Refer Fedora/RedHat's way https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/6.5_technical_notes/dracut To enable user space fips mode in the image recipe as part of an 'IMAGE_CLASSES'. Basically if FIPS-140-2 is enabled, then we can touch the file as a post image generation activity. Signed-off-by: Hongxu Jia --- classes/image-enable-fips.bbclass | 5 + conf/layer.conf | 2 ++ 2 files changed, 7 insertions(+) create mode 100644 classes/image-enable-fips.bbclass diff --git a/classes/image-enable-fips.bbclass b/classes/image-enable-fips.bbclass new file mode 100644 index 000..6c5b370 --- /dev/null +++ b/classes/image-enable-fips.bbclass @@ -0,0 +1,5 @@ +ROOTFS_POSTPROCESS_COMMAND_append = "enable_system_fips;" +enable_system_fips() { +install -d ${IMAGE_ROOTFS}${sysconfdir} +touch ${IMAGE_ROOTFS}${sysconfdir}/system-fips +} diff --git a/conf/layer.conf b/conf/layer.conf index 27a872e..185f422 100644 --- a/conf/layer.conf +++ b/conf/layer.conf @@ -18,3 +18,5 @@ LAYERDEPENDS_meta-openssl-one-zero-two-fips = " \ meta-openssl-one-zero-two \ wr-template \ " + +IMAGE_CLASSES_append = "${@'' if d.getVar('OPENSSL_FIPS_ENABLED', True) != '1' else ' image-enable-fips'}" -- 2.7.4 -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto