[yocto] [meta-openssl102-fips][PATCH V3 4/16] classes/image-enable-fips.bbclass: enable user space fips mode in image
Hongxu Jia
hongxu.jia at windriver.com
Wed Sep 25 19:35:09 PDT 2019
Refer Fedora/RedHat's way
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/6.5_technical_notes/dracut
To enable user space fips mode in the image recipe as part of an
'IMAGE_CLASSES'. Basically if FIPS-140-2 is enabled, then we can
touch the file as a post image generation activity.
Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
---
classes/image-enable-fips.bbclass | 5 +++++
conf/layer.conf | 2 ++
2 files changed, 7 insertions(+)
create mode 100644 classes/image-enable-fips.bbclass
diff --git a/classes/image-enable-fips.bbclass b/classes/image-enable-fips.bbclass
new file mode 100644
index 0000000..6c5b370
--- /dev/null
+++ b/classes/image-enable-fips.bbclass
@@ -0,0 +1,5 @@
+ROOTFS_POSTPROCESS_COMMAND_append = "enable_system_fips;"
+enable_system_fips() {
+ install -d ${IMAGE_ROOTFS}${sysconfdir}
+ touch ${IMAGE_ROOTFS}${sysconfdir}/system-fips
+}
diff --git a/conf/layer.conf b/conf/layer.conf
index 27a872e..185f422 100644
--- a/conf/layer.conf
+++ b/conf/layer.conf
@@ -18,3 +18,5 @@ LAYERDEPENDS_meta-openssl-one-zero-two-fips = " \
meta-openssl-one-zero-two \
wr-template \
"
+
+IMAGE_CLASSES_append = "${@'' if d.getVar('OPENSSL_FIPS_ENABLED', True) != '1' else ' image-enable-fips'}"
--
2.7.4
More information about the yocto
mailing list