[yocto] [meta-openssl102-fips][PATCH V3 4/16] classes/image-enable-fips.bbclass: enable user space fips mode in image
Mark Hatle
mark.hatle at kernel.crashing.org
Wed Sep 25 20:21:43 PDT 2019
You are correct. I had found that earlier today.
Anyway, the code has been verified as functional, and has been pushed.
Thanks!
--Mark
On 9/25/19 9:35 PM, Hongxu Jia wrote:
> Refer Fedora/RedHat's way
> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/6.5_technical_notes/dracut
>
> To enable user space fips mode in the image recipe as part of an
> 'IMAGE_CLASSES'. Basically if FIPS-140-2 is enabled, then we can
> touch the file as a post image generation activity.
>
> Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
> ---
> classes/image-enable-fips.bbclass | 5 +++++
> conf/layer.conf | 2 ++
> 2 files changed, 7 insertions(+)
> create mode 100644 classes/image-enable-fips.bbclass
>
> diff --git a/classes/image-enable-fips.bbclass b/classes/image-enable-fips.bbclass
> new file mode 100644
> index 0000000..6c5b370
> --- /dev/null
> +++ b/classes/image-enable-fips.bbclass
> @@ -0,0 +1,5 @@
> +ROOTFS_POSTPROCESS_COMMAND_append = "enable_system_fips;"
> +enable_system_fips() {
> + install -d ${IMAGE_ROOTFS}${sysconfdir}
> + touch ${IMAGE_ROOTFS}${sysconfdir}/system-fips
> +}
> diff --git a/conf/layer.conf b/conf/layer.conf
> index 27a872e..185f422 100644
> --- a/conf/layer.conf
> +++ b/conf/layer.conf
> @@ -18,3 +18,5 @@ LAYERDEPENDS_meta-openssl-one-zero-two-fips = " \
> meta-openssl-one-zero-two \
> wr-template \
> "
> +
> +IMAGE_CLASSES_append = "${@'' if d.getVar('OPENSSL_FIPS_ENABLED', True) != '1' else ' image-enable-fips'}"
>
More information about the yocto
mailing list