You are correct. I had found that earlier today. Anyway, the code has been verified as functional, and has been pushed.
Thanks! --Mark On 9/25/19 9:35 PM, Hongxu Jia wrote: > Refer Fedora/RedHat's way > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/6.5_technical_notes/dracut > > To enable user space fips mode in the image recipe as part of an > 'IMAGE_CLASSES'. Basically if FIPS-140-2 is enabled, then we can > touch the file as a post image generation activity. > > Signed-off-by: Hongxu Jia <hongxu....@windriver.com> > --- > classes/image-enable-fips.bbclass | 5 +++++ > conf/layer.conf | 2 ++ > 2 files changed, 7 insertions(+) > create mode 100644 classes/image-enable-fips.bbclass > > diff --git a/classes/image-enable-fips.bbclass > b/classes/image-enable-fips.bbclass > new file mode 100644 > index 0000000..6c5b370 > --- /dev/null > +++ b/classes/image-enable-fips.bbclass > @@ -0,0 +1,5 @@ > +ROOTFS_POSTPROCESS_COMMAND_append = "enable_system_fips;" > +enable_system_fips() { > + install -d ${IMAGE_ROOTFS}${sysconfdir} > + touch ${IMAGE_ROOTFS}${sysconfdir}/system-fips > +} > diff --git a/conf/layer.conf b/conf/layer.conf > index 27a872e..185f422 100644 > --- a/conf/layer.conf > +++ b/conf/layer.conf > @@ -18,3 +18,5 @@ LAYERDEPENDS_meta-openssl-one-zero-two-fips = " \ > meta-openssl-one-zero-two \ > wr-template \ > " > + > +IMAGE_CLASSES_append = "${@'' if d.getVar('OPENSSL_FIPS_ENABLED', True) != > '1' else ' image-enable-fips'}" > -- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
