Re: [yocto] [meta-openssl102-fips][PATCH V3 4/16] classes/image-enable-fips.bbclass: enable user space fips mode in image

[Mark Hatle]

You are correct.  I had found that earlier today.

Anyway, the code has been verified as functional, and has been pushed.

Thanks!
--Mark

On 9/25/19 9:35 PM, Hongxu Jia wrote:
> Refer Fedora/RedHat's way
> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/6.5_technical_notes/dracut
> 
> To enable user space fips mode in the image recipe as part of an
> 'IMAGE_CLASSES'. Basically if FIPS-140-2 is enabled, then we can
> touch the file as a post image generation activity.
> 
> Signed-off-by: Hongxu Jia 
> ---
>  classes/image-enable-fips.bbclass | 5 +
>  conf/layer.conf   | 2 ++
>  2 files changed, 7 insertions(+)
>  create mode 100644 classes/image-enable-fips.bbclass
> 
> diff --git a/classes/image-enable-fips.bbclass 
> b/classes/image-enable-fips.bbclass
> new file mode 100644
> index 000..6c5b370
> --- /dev/null
> +++ b/classes/image-enable-fips.bbclass
> @@ -0,0 +1,5 @@
> +ROOTFS_POSTPROCESS_COMMAND_append = "enable_system_fips;"
> +enable_system_fips() {
> +install -d ${IMAGE_ROOTFS}${sysconfdir}
> +touch ${IMAGE_ROOTFS}${sysconfdir}/system-fips
> +}
> diff --git a/conf/layer.conf b/conf/layer.conf
> index 27a872e..185f422 100644
> --- a/conf/layer.conf
> +++ b/conf/layer.conf
> @@ -18,3 +18,5 @@ LAYERDEPENDS_meta-openssl-one-zero-two-fips = " \
>  meta-openssl-one-zero-two \
>  wr-template \
>  "
> +
> +IMAGE_CLASSES_append = "${@'' if d.getVar('OPENSSL_FIPS_ENABLED', True) != 
> '1' else ' image-enable-fips'}"
> 
-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-openssl102-fips][PATCH V3 4/16] classes/image-enable-fips.bbclass: enable user space fips mode in image

[Hongxu Jia]

Refer Fedora/RedHat's way
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/6.5_technical_notes/dracut

To enable user space fips mode in the image recipe as part of an
'IMAGE_CLASSES'. Basically if FIPS-140-2 is enabled, then we can
touch the file as a post image generation activity.

Signed-off-by: Hongxu Jia 
---
 classes/image-enable-fips.bbclass | 5 +
 conf/layer.conf   | 2 ++
 2 files changed, 7 insertions(+)
 create mode 100644 classes/image-enable-fips.bbclass

diff --git a/classes/image-enable-fips.bbclass 
b/classes/image-enable-fips.bbclass
new file mode 100644
index 000..6c5b370
--- /dev/null
+++ b/classes/image-enable-fips.bbclass
@@ -0,0 +1,5 @@
+ROOTFS_POSTPROCESS_COMMAND_append = "enable_system_fips;"
+enable_system_fips() {
+install -d ${IMAGE_ROOTFS}${sysconfdir}
+touch ${IMAGE_ROOTFS}${sysconfdir}/system-fips
+}
diff --git a/conf/layer.conf b/conf/layer.conf
index 27a872e..185f422 100644
--- a/conf/layer.conf
+++ b/conf/layer.conf
@@ -18,3 +18,5 @@ LAYERDEPENDS_meta-openssl-one-zero-two-fips = " \
 meta-openssl-one-zero-two \
 wr-template \
 "
+
+IMAGE_CLASSES_append = "${@'' if d.getVar('OPENSSL_FIPS_ENABLED', True) != '1' 
else ' image-enable-fips'}"
-- 
2.7.4

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto