From 1987326b9e7d231f472a9f173eced92975725b8b Mon Sep 17 00:00:00 2001
From: Marta Rybczynska <marta.rybczynska@huawei.com>
Date: Mon, 19 Jul 2021 12:30:54 +0200
Subject: [PATCH] allscenarios-linux.conf: hardening, remove NFS

We do not use NFS in the image, nor in any of the blueprints. An unused service
is a potential security issue, so we remove it.

In addition to expected DISTRO_FEATURES/IMAGE_FEATURES, we need to remove a
dependency to the packagegroup-core-device-devel that includes nfs. This
package is included in poky.conf for all qemu builds, but is not needed and
has been removed from Poky [1] in August 2020.

[1] https://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=d707fa30f8a24d1e50831846330757254f245791

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 meta-ohos-core/conf/distro/allscenarios-linux.conf | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/meta-ohos-core/conf/distro/allscenarios-linux.conf b/meta-ohos-core/conf/distro/allscenarios-linux.conf
index 001d8dcd..d4908752 100644
--- a/meta-ohos-core/conf/distro/allscenarios-linux.conf
+++ b/meta-ohos-core/conf/distro/allscenarios-linux.conf
@@ -19,7 +19,13 @@ GLIBCVERSION ?= "2.33%"
 INIT_MANAGER = "systemd"
 
 # Remove some of the default Poky DISTRO_FEATURES we inherited, but do not use.
-DISTRO_FEATURES_remove = "nfc 3g pcmcia"
+DISTRO_FEATURES_remove = " nfs nfc 3g pcmcia"
+
+# Remove some of the default Poky IMAGE_FEATURES we inherited, but do not need.
+IMAGE_FEATURES_remove = " nfs-server nfs-client nfs-utils"
+
+# Remove some of the default Poky runtime dependencies that have no use
+DISTRO_EXTRA_RDEPENDS_remove = " packagegroup-core-device-devel"
 
 PREFERRED_VERSION_linux-yocto = "5.10%"
 
-- 
GitLab