[yocto] dynamic layer dependencies in meta-security
Patrick Ohly
patrick.ohly at intel.com
Thu Jul 20 21:37:49 PDT 2017
On Thu, 2017-07-20 at 14:39 -0700, akuster808 wrote:
> > I would certainly caution against dynamic layerdepends/layerrecommends and
> > instead focus on listing everything between what is required and what you want
> > to add in addition -- then using the meta-freescale approach of only extending
> > (the recommends) when present.
FWIW, the meta-freescale approach has been superseeded by
BBFILES_DYNAMIC.
> This appears to be more beneficial in a bbappends than a recipe needing
> a package from another layer.
BBFILES_DYNAMIC can be used for both .bb and .bbappend files.
In refkit, I ended up just using it for .bbappend files:
https://github.com/intel/intel-iot-refkit/blob/master/meta-refkit-core/conf/layer.conf#L7
# All our .bbappends for other layers are in a separate
# "bbappends/<layer>" hierarchy. We activate only those
# bbappends for which the layer they apply to is actually
# present.
#
# Sorted by layer path to keep related layers together.
BBFILES_DYNAMIC += " \
clang-layer:${LAYERDIR}/bbappends/meta-clang/*/*/*.bbappend \
flatpak:${LAYERDIR}/bbappends/meta-flatpak/*/*/*.bbappend \
For recipes, I wanted to have a bit more flexibility:
- let developers decide from where they get the dependency - the
well-known layer or a copy elsewhere
- let recipes decide which features they enable based on which
dependencies are available
Also, "bitbake foo" should result in an error about "dependency bar
required for foo not found", not a blunt "nothing provides foo". With
BBFILES_DYNAMIC for .bb files one only gets the latter.
Here's how it is defined what's available:
https://github.com/intel/intel-iot-refkit/blob/master/meta-refkit-core/conf/layer.conf#L51
# There are multiple different ways for providing some of the
# dependencies. Here we assume that the dependencies are available if
# the layers that the refkit distro takes them from are present.
HAVE_META_OE = "${@ bb.utils.contains('BBFILE_COLLECTIONS', 'openembedded-layer', 'True', 'False', d) }"
HAVE_ATOP ??= "${HAVE_META_OE}"
HAVE_CRYPTSETUP ??= "${HAVE_META_OE}"
...
And here's how it is used:
https://github.com/intel/intel-iot-refkit/blob/master/meta-refkit-core/recipes-images/images/initramfs-framework-refkit-dm-verity.bb#L22
python () {
if not oe.types.boolean(d.getVar('HAVE_CRYPTSETUP') or '0'):
raise bb.parse.SkipRecipe('cryptsetup dependency not available')
}
--
Best Regards, Patrick Ohly
The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.
More information about the yocto
mailing list