RDKCOM-4122: RDKDEV-774 Add support for DAC-sec distro feature
Adds support for "DAC-sec" distro feature in rdkservices
allowing encrypted containers to be used.
- Adds new PACKAGECONFIG[ocicontainersec] which allows
OCIContainer plugin to support dm-verity[1] based
encrypted bundles. It uses OMI[2] service to mount
encrypted bundles.
Note: PACKAGECONFIG[ocicontainersec] requires
PACKAGECONFIG[ocicontainer] to be enabled as well.
- Adds support for "DAC-sec" distro feature.
Note: "DAC-sec" distro feature requires "DOBBY_CONTAINERS"
distro feature to be enabled as well. When "DAC-sec" is
enabled it checks if the "DOBBY_CONTAINERS" feature has been
enabled and generates an error if it is not the case.
In other words having enabled:
DISTRO_FEATURES_append=" DOBBY_CONTAINERS DAC-sec"
makes sure that both:
PACKAGECONFIG[ocicontainer] and
PACKAGECONFIG[ocicontainersec]
gets enabled.
[1] https://docs.kernel.org/admin-guide/device-mapper/verity.html
[2] https://code.rdkcentral.com/r/plugins/gitiles/rdk/components/generic/rdk-oe/meta-cmf/+/refs/heads/rdk-next/recipes-support/omi/omi.bb
Signed-off-by: Damian Wrobel <dwrobel.contractor@libertyglobal.com>
Signed-off-by: Damian Wrobel <dwrobel@ertelnet.rybnik.pl>
Reason for change: RDKDEV-774 Add support for DAC-sec distro feature
Test Procedure: None.
Risks: Low.
(cherry picked from commit 773cf91b5057e868bacfae3757490093e65b583d)
Change-Id: Ib04ca8a9e1476b5eee5abe57d40ee136d22cd933
(cherry picked from commit 646dc7bee67d2943bb7c7479b70bf3df70032f3c)
diff --git a/recipes-extended/rdkservices/rdkservices_git.bb b/recipes-extended/rdkservices/rdkservices_git.bb
index f13cddc..4b9304a 100644
--- a/recipes-extended/rdkservices/rdkservices_git.bb
+++ b/recipes-extended/rdkservices/rdkservices_git.bb
@@ -75,6 +75,7 @@
${@bb.utils.contains('DISTRO_FEATURES', 'clearkey', 'opencdmi_ck', '', d)} \
${@bb.utils.contains('DISTRO_FEATURES', 'rdkshell', 'rdkshell', '', d)} \
${@bb.utils.contains('DISTRO_FEATURES', 'DOBBY_CONTAINERS', 'ocicontainer', '', d)} \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'DAC-sec', 'ocicontainersec', '', d)} \
${@bb.utils.contains('DISTRO_FEATURES', 'wifi', 'wifimanager network', '', d)} \
${@bb.utils.contains('DISTRO_FEATURES', 'enable_maintenance_manager', 'maintenancemanager', '', d)} \
${@bb.utils.contains('DISTRO_FEATURES', 'fireboltmediaplayer', 'fireboltmediaplayer', '', d)} \
@@ -85,6 +86,10 @@
${@bb.utils.contains('DISTRO_FEATURES', 'ctrlm', 'controlservice voicecontrol remotecontrol remoteactionmapping', '', d)} \
"
+
+inherit features_check
+REQUIRED_DISTRO_FEATURES = "${@bb.utils.contains('DISTRO_FEATURES', 'DAC-sec', 'DOBBY_CONTAINERS', '', d)}"
+
EXTRA_OECMAKE += "${@bb.utils.contains('DISTRO_FEATURES', 'rdkshell_disable_autostart', ' -DPLUGIN_RDKSHELL_AUTOSTART=false ', ' -DPLUGIN_RDKSHELL_AUTOSTART=true ', d)}"
EXTRA_OECMAKE += "${@bb.utils.contains_any('DISTRO_FEATURES', 'rdkshell_ra second_form_factor', ' -DPLUGIN_RDKSHELL_AUTOSTART=true ', ' ', d)}"
@@ -156,6 +161,7 @@
PACKAGECONFIG[wifimanager] = "-DPLUGIN_WIFIMANAGER=ON,-DPLUGIN_WIFIMANAGER=OFF,netsrvmgr iarmbus iarmmgrs,iarmbus"
PACKAGECONFIG[xcast] = "-DPLUGIN_XCAST=ON,-DPLUGIN_XCAST=OFF,iarmbus iarmmgrs rfc pxcore-libnode rtremote,iarmbus rfc pxcore-libnode rtremote"
PACKAGECONFIG[ocicontainer] = "-DPLUGIN_OCICONTAINER=ON, -DPLUGIN_OCICONTAINER=OFF, dobby systemd, dobby systemd"
+PACKAGECONFIG[ocicontainersec] = " , , omi, omi"
PACKAGECONFIG[usbaccess] = "-DPLUGIN_USBACCESS=ON,-DPLUGIN_USBACCESS=OFF,iarmbus iarmmgrs udev,iarmbus udev"
PACKAGECONFIG[erm] = "-DBUILD_ENABLE_ERM=ON,-DBUILD_ENABLE_ERM=OFF,essos,essos"
PACKAGECONFIG[fireboltmediaplayer] = "-DPLUGIN_FIREBOLTMEDIAPLAYER=ON,-DPLUGIN_FIREBOLTMEDIAPLAYER=OFF, aamp wpeframework-interfaces, aamp wpeframework-interfaces"
