From 0b9a7d9c7e6c5774def752c924d6baff69afb930 Mon Sep 17 00:00:00 2001 From: Samuel Dolt Date: Thu, 13 Oct 2022 15:22:09 +0200 Subject: [PATCH] feat(coreos-sanity): add some checks to ensure that coreos policies are not overwritted --- .gitignore | 2 ++ documentation/ref-manual/classes.rst | 18 ++++++++-- .../classes/coreos-sanity.bbclass | 33 +++++++++++++++++++ .../conf/distro/belden-coreos.conf | 4 +++ layers/meta-belden-coreos/conf/layer.conf | 5 +++ 5 files changed, 60 insertions(+), 2 deletions(-) create mode 100644 layers/meta-belden-coreos/classes/coreos-sanity.bbclass diff --git a/.gitignore b/.gitignore index 8fb193c..6ac9b00 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,6 @@ build/ vscode-bitbake-build/ documentation/_build/ +documentation/oe-logs +documentation/oe-workdir diff --git a/documentation/ref-manual/classes.rst b/documentation/ref-manual/classes.rst index a0a85d2..13564de 100644 --- a/documentation/ref-manual/classes.rst +++ b/documentation/ref-manual/classes.rst @@ -21,12 +21,26 @@ The ``coreos_metadata_scm`` is automatically inherited if ``DISTRO`` is set to ``belden-coreos`` or to any distro based on ``belden-coreos``. .. _ref-classes-coreos-image: -.. index:: coreos_image.bbclass +.. index:: coreos-image.bbclass -``coreos_image.bbclass`` +``coreos-image.bbclass`` ======================== The ``coreos-image`` class provides common definitions for the ``coreos-image-*`` image recipes, such as support for additional :extern:ref:`IMAGE_FEATURE `. +.. _ref-classes-coreos-sanity: +.. index:: coreos-sanity.class + +``coreos-sanity.bbclass`` +======================== + +The ``coreos-sanity`` class is inherited inside the CoreOS layer +configuration file to add some sanity checks. Theses check ensure that the +policies of CoreOS are followed. + +Currently, this add check to ensure: + - that the distro is based on CoreOS + - that SystemD is used as ``INIT_MANAGER`` + - that glibc is used as the default C library diff --git a/layers/meta-belden-coreos/classes/coreos-sanity.bbclass b/layers/meta-belden-coreos/classes/coreos-sanity.bbclass new file mode 100644 index 0000000..f0a0386 --- /dev/null +++ b/layers/meta-belden-coreos/classes/coreos-sanity.bbclass @@ -0,0 +1,33 @@ +# This class add some sanity checks to ensure that distribution based on +# CoreOS only use the subset of openembedded-core that is supported by the +# CoreOS team. + + +SANITY_COREOS_COMPATIBLE ??= "0" + +addhandler check_coreos_sanity_eventhandler +check_coreos_sanity_eventhandler[eventmask] = "bb.event.SanityCheck" +python check_coreos_sanity_eventhandler() { + + if e.data.getVar('SANITY_COREOS_COMPATIBLE') != "1": + bb.fatal( + "The CoreOS layer is only compatible with distribution based on " + "conf/distro/belden-core.conf.\n" + "Please ensure that your distribution configuration file contains " + " `require conf/distro/belden-core.conf`" + ) + + if e.data.getVar('VIRTUAL-RUNTIME_init_manager') != "systemd": + bb.fatal( + "systemd is not set as `INIT_MANAGER`. " + "Using SystemD is mandatory on CoreOS based distribution" + ) + + if e.data.getVar("TCLIBC") != "glibc": + bb.fatal( + "glibc is not set as `TCLIBC`. " + "Using glibc is mandatory on CoreOS based distribution" + ) + + return +} diff --git a/layers/meta-belden-coreos/conf/distro/belden-coreos.conf b/layers/meta-belden-coreos/conf/distro/belden-coreos.conf index bec0528..a06e66e 100644 --- a/layers/meta-belden-coreos/conf/distro/belden-coreos.conf +++ b/layers/meta-belden-coreos/conf/distro/belden-coreos.conf @@ -31,6 +31,10 @@ SANITY_TESTED_DISTROS ?= " \ debian-11 \n \ " +# This variable is used to ensure that any distribution using the CoreOS layer +# include this file. This is checked by the coreos-sanity class +SANITY_COREOS_COMPATIBLE ?= "1" + require conf/distro/include/no-static-libs.inc require conf/distro/include/yocto-uninative.inc require conf/distro/include/security_flags.inc diff --git a/layers/meta-belden-coreos/conf/layer.conf b/layers/meta-belden-coreos/conf/layer.conf index 7365b7a..5860c04 100644 --- a/layers/meta-belden-coreos/conf/layer.conf +++ b/layers/meta-belden-coreos/conf/layer.conf @@ -11,3 +11,8 @@ BBFILE_PRIORITY_meta-belden-coreos = "6" LAYERDEPENDS_meta-belden-coreos = "core" LAYERSERIES_COMPAT_meta-belden-coreos = "kirkstone" + +# Sanity Checks +# ============================================================================== + +INHERIT += "coreos-sanity"