[PATCH 2/5] image-swab: introduce a class for generating swabber reports

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH 2/5] image-swab: introduce a class for generating swabber reports
@ 2010-11-12 21:37 Joshua Lock
  0 siblings, 0 replies; only message in thread
From: Joshua Lock @ 2010-11-12 21:37 UTC (permalink / raw)
  To: poky


Add a postprocess command to rootfs generation which generates a swabber
report.

Signed-off-by: Joshua Lock <josh@linux.intel.com>
---
 meta/classes/image-swab.bbclass |   83
+++++++++++++++++++++++++++++++++++++++
 meta/conf/local.conf.sample     |    1 +
 2 files changed, 84 insertions(+), 0 deletions(-)
 create mode 100644 meta/classes/image-swab.bbclass

diff --git a/meta/classes/image-swab.bbclass
b/meta/classes/image-swab.bbclass
new file mode 100644
index 0000000..7dd83f8
--- /dev/null
+++ b/meta/classes/image-swab.bbclass
@@ -0,0 +1,83 @@
+HOST_DATA ?= "${TMPDIR}/host-contamination-data/"
+SWABBER_REPORT ?= "${LOG_DIR}/swabber/"
+SWABBER_LOGS ?= "${LOG_DIR}/contamination-logs"
+TRACE_LOGDIR ?= "${SWABBER_LOGS}/${PACKAGE_ARCH}"
+export TRACE_LOGFILE = "${TRACE_LOGDIR}/${PN}-${PV}"
+
+SWAB_ORIG_TASK := "${BB_DEFAULT_TASK}"
+BB_DEFAULT_TASK = "generate_swabber_report"
+
+# Several recipes don't build with parallel make when run under strace
+# Ideally these should be fixed but as a temporary measure disable
parallel
+# builds for troublesome recipes
+PARALLEL_MAKE_pn-openssl = ""
+PARALLEL_MAKE_pn-eglibc = ""
+PARALLEL_MAKE_pn-glib-2.0 = ""
+PARALLEL_MAKE_pn-libxml2 = ""
+PARALLEL_MAKE_pn-readline = ""
+PARALLEL_MAKE_pn-util-linux = ""
+PARALLEL_MAKE_pn-binutils = ""
+PARALLEL_MAKE_pn-bison = ""
+PARALLEL_MAKE_pn-cmake = ""
+PARALLEL_MAKE_pn-elfutils = ""
+PARALLEL_MAKE_pn-gcc = ""
+PARALLEL_MAKE_pn-gcc-runtime = ""
+PARALLEL_MAKE_pn-m4 = ""
+PARALLEL_MAKE_pn-opkg = ""
+PARALLEL_MAKE_pn-pkgconfig = ""
+PARALLEL_MAKE_pn-prelink = ""
+PARALLEL_MAKE_pn-qemugl = ""
+PARALLEL_MAKE_pn-rpm = ""
+PARALLEL_MAKE_pn-tcl = ""
+PARALLEL_MAKE_pn-beecrypt = ""
+PARALLEL_MAKE_pn-curl = ""
+PARALELL_MAKE_pn-gmp = ""
+PARALLEL_MAKE_pn-libmpc = ""
+PARALLEL_MAKE_pn-libxslt = ""
+PARALLEL_MAKE_pn-lzo = ""
+PARALLEL_MAKE_pn-popt = ""
+PARALLEL_MAKE_pn-linux-wrs = ""
+PARALLEL_MAKE_pn-libgcrypt = ""
+PARALLEL_MAKE_pn-gpgme = ""
+PARALLEL_MAKE_pn-udev = ""
+PARALLEL_MAKE_pn-gnutls = ""
+PARALLEL_MAKE_pn-sat-solver = ""
+PARALLEL_MAKE_pn-libzypp = ""
+PARALLEL_MAKE_pn-zypper = ""
+
+python() {
+    # NOTE: It might be useful to detect host infection on native and
cross
+    # packages but as it turns out to be pretty hard to do this for all
native
+    # and cross packages which aren't swabber-native or one of its
dependencies
+    # I have ignored them for now...
+    if not bb.data.inherits_class('native', d) and not
bb.data.inherits_class('nativesdk', d) and not
bb.data.inherits_class('cross', d):
+       deps = (bb.data.getVarFlag('do_setscene', 'depends', d) or
"").split()
+       deps.append('strace-native:do_populate_sysroot')
+       bb.data.setVarFlag('do_setscene', 'depends', " ".join(deps), d)
+       logdir = bb.data.expand("${TRACE_LOGDIR}", d)
+       bb.utils.mkdirhier(logdir)
+       bb.data.setVar('BB_RUNTASK', 'bitbake-runtask-strace', d)
+}
+
+do_generate_swabber_report () {
+  echo "Updating host data"
+
+  # Ensure we have the very latest host information
+  if [ "${NOSWABBERUPDATE}" != "1" ]; then
+     update_distro ${HOST_DATA}
+  fi
+
+  # Swabber can't create the directory for us
+  mkdir -p ${SWABBER_REPORT}
+
+  REPORTSTAMP=${SWAB_ORIG_TASK}-`date +%2m%2d%2H%2M%Y`
+
+  if [ "$(ls -A ${HOST_DATA})" ]; then
+    echo "Generating swabber report"
+    swabber -d ${HOST_DATA} -l ${SWABBER_LOGS} -o
${SWABBER_REPORT}/report-${REPORTSTAMP}.txt -r
${SWABBER_REPORT}/extra_report-${REPORTSTAMP}.txt
+  else
+    echo "No host data, cannot generate swabber report."
+  fi
+}
+addtask generate_swabber_report after do_${SWAB_ORIG_TASK}
+do_generate_swabber_report[depends] =
"swabber-native:do_populate_sysroot"
diff --git a/meta/conf/local.conf.sample b/meta/conf/local.conf.sample
index a2e1374..fae949c 100644
--- a/meta/conf/local.conf.sample
+++ b/meta/conf/local.conf.sample
@@ -79,6 +79,7 @@ PACKAGE_CLASSES ?= "package_rpm package_ipk"
 
 # A list of additional classes to use when building the system
 # include 'image-prelink' in order to prelink the filesystem image
+# include 'image-swab' to perform host system intrusion detection
 USER_CLASSES ?= "image-prelink"
 
 # POKYMODE controls the characteristics of the generated
packages/images by
-- 
1.7.3.2




^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2010-11-12 21:37 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-11-12 21:37 [PATCH 2/5] image-swab: introduce a class for generating swabber reports Joshua Lock

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.