summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* ima-evm-keys: add recipeMing Liu2021-02-231-0/+16
| | | | | | | Create a recipe to package IMA/EMV public keys. Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* initramfs-framework-ima: fix a wrong pathMing Liu2021-02-231-1/+1
| | | | | | | /etc/ima-policy > /etc/ima/ima-policy. Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ima-evm-utils: set native REQUIRED_DISTRO_FEATURES to emptyMing Liu2021-02-231-0/+1
| | | | | | | | 'ima' does not have to be in native DISTRO_FEATURES, unset it to avoid sanity check for ima-evm-utils-native. Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* softhsm: drop pkg as meta-oe has itArmin Kuster2021-02-231-30/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: Fix openembedded platform tests and buildJate Sujjavanich2021-02-143-0/+82
| | | | | | | | Add patches to fix openembedded nodistro tests and openembedded build within ssg metadata. Signed-Off-By: Jate Sujjavanich <jatedev@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ibmswtpm2: disable camellia algorithmYi Zhao2021-01-231-1/+1
| | | | | | | | | | | | | The openssl in oe-core has disabled several deprecated algorithms including camellia. Disable this algorithm to fix the build error. Fixes: TpmToOsslSym.h:185:42: error: unknown type name 'CAMELLIA_KEY' 185 | #define tpmKeyScheduleCAMELLIA CAMELLIA_KEY | ^~~~~~~~~~~~ Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-pkcs11: build and package python toolsAdrian Ratiu2020-12-241-2/+23
| | | | | Signed-off-by: Adrian Ratiu <adrian.ratiu@collabora.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* .gitlab-ci: drop scriptArmin Kuster2020-11-171-1/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* kas-security-base: Don't create local SSTATE mirrorArmin Kuster2020-11-151-1/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: fix build with Python 3.9Yi Zhao2020-11-154-0/+161
| | | | | | | | | | | | | | | The getchildren and getiterator functions are deprecated in Python 3.9. Backport 3 patches to fix the build issue. Fixes: File "/build/tmp/work/cortexa8hf-neon-poky-linux-gnueabi/scap-security-guide/0.1.44+gitAUTOINC+5fdfdcb2e9-r0/git/ssg/build_stig.py", line 41, in add_references index = rule.getchildren().index(ref) AttributeError: 'xml.etree.ElementTree.Element' object has no attribute 'getchildren' Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* samhain: update to 4.4.2Armin Kuster2020-11-033-52/+42
| | | | | | refresh a few patches too Signed-off-by: Armin Kuster <akuster808@gmail.com>
* clamav: unify volatiles file nameYi Zhao2020-11-031-1/+1
| | | | | | | Make the volatiles file name starts with digital. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: unify volatiles file nameYi Zhao2020-11-031-1/+1
| | | | | | | Make the volatiles file name starts with digital. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* gitlab-ci: add building meta-security-compliance pkgsArmin Kuster2020-10-192-0/+16
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* gitlab-ci: add meta-hardening build imageArmin Kuster2020-10-193-0/+16
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-security: Add gatesgarth to LAYERSERIES_COMPATArmin Kuster2020-10-196-6/+6
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* layer.conf: use += instead of := to update BBFILESSajjad Ahmed2020-10-191-2/+1
| | | | | | | | Updating BBFILES with := isn't the standard way and can break parsing under certain conditions, instead use += which is widely used. Signed-off-by: Sajjad Ahmed <sajjad_ahmed@mentor.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: add expat-native to DEPENDSMingli Yu2020-10-151-1/+1
| | | | | | | | | Add expat-native to DEPENDS to fix the below do_configure error: | CMake Error at CMakeLists.txt:165 (message): | xmlwf is required! Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-pkcs11: update to 1.4.0Armin Kuster2020-10-152-2/+82
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-tools: update to 4.3.0Armin Kuster2020-10-152-2/+2
| | | | | | LIC_FILES_CHKSUM changes do to added Copyright Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-abrmd: update to 2.3.3Armin Kuster2020-10-151-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-totp: update to 0.2.1Armin Kuster2020-10-151-3/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-tss: update to 2.4.3Armin Kuster2020-10-151-3/+1
| | | | | | includes: CVE-2020-24455 Signed-off-by: Armin Kuster <akuster808@gmail.com>
* gitlab-ci: add qemux86 and qemuarm64 musl buildsArmin Kuster2020-10-153-0/+29
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* kas: fixup alt configsArmin Kuster2020-10-153-10/+10
| | | | | | add smack Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: update to 4.1.9Armin Kuster2020-10-103-2/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: remove clamav from musl imageArmin Kuster2020-10-101-0/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: update to latest ltm 1.16.5Armin Kuster2020-10-102-3/+37
| | | | | | fix musl support Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libest: fix musl build.Armin Kuster2020-10-101-0/+4
| | | | | | | | | fixes est.c:38:10: fatal error: execinfo.h: No such file or directory | 38 | #include <execinfo.h> | | ^~~~~~~~~~~~ Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ecryptfs-utils: fix musl buildArmin Kuster2020-10-102-0/+16
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apparmor: fix build for on muslArmin Kuster2020-10-106-1/+185
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* qemux86-test: add apparmor backArmin Kuster2020-10-101-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: fix compiling on gcc10Armin Kuster2020-10-091-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: apparmor 3.0 ptest does not buildArmin Kuster2020-10-091-1/+0
| | | | | | for now skip apparmor ptest Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apparmor: update to 3.0Armin Kuster2020-10-095-136/+158
| | | | | | | | | skip ptest for now, on todo list for fix. Runtime test pass remove patch now included in update: 0001-regression-tests-Don-t-build-syscall_sysctl-if-missi.patch Signed-off-by: Armin Kuster <akuster808@gmail.com>
* security-test-image: tweak to get more tests to runnArmin Kuster2020-10-091-1/+8
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apparmor: fix build issue with ptest enabled.Armin Kuster2020-10-092-91/+186
| | | | | | minor spacing cleanup Signed-off-by: Armin Kuster <akuster808@gmail.com>
* linux-%/5.x: Add dm-verity fragment as neededNaveen Saini2020-10-091-1/+1
| | | | | | | | Add checks that include dm-verity specific kernel config fragment when dm-verity-img.bbclass is used. Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* wic: add wks.in for intel dm-verityNaveen Saini2020-10-091-0/+15
| | | | | | | | | Based on systemd-bootdisk-microcode.wks.in, this adds the dm-verity image similar to the beaglebone wks already in meta-security. Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* initramfs-framework/dmverity: add retry loop for slow boot devicesNaveen Saini2020-10-091-27/+37
| | | | | | | | | | | Detection of USB devices by the kernel is slow enough. We need to keep trying for a while (default: 5s seconds, controlled by roottimeout=<seconds>) and sleep between each attempt (default: one second, rootdelay=<seconds>). Fix is based on https://git.yoctoproject.org/cgit.cgi/poky/commit/meta/recipes-core/initrdscripts/initramfs-framework/rootfs?id=ee6a6c3461694ce09789bf4d852cea2e22fc95e4 Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security-ptest: removeArmin Kuster2020-10-011-27/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* security-test-image: simplifyArmin Kuster2020-10-012-24/+16
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security-ptest: remove keyutils-ptestArmin Kuster2020-10-011-1/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libseccomp: fix ptest failures.Armin Kuster2020-10-011-1/+1
| | | | | | | | | | Fixes: BusyBox v1.32.0 () multi-call binary. Usage: dd [if=FILE] [of=FILE] [bs=N] [count=N] [skip=N] Don't use Busybox dd, not compatable. Use coreutils Signed-off-by: Armin Kuster <akuster808@gmail.com>
* gitlab-ci: allow test to failArmin Kuster2020-10-011-0/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: add opendnssec to pkg grpArmin Kuster2020-09-291-0/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* opendnssec: add recipeArmin Kuster2020-09-294-0/+391
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* gitignore addedAdrian2020-09-291-0/+7
| | | | | | | | After running testimage there are some python left overs at lib/oeqa/runtime/cases/__pycache__/ Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: add libest packageArmin Kuster2020-09-291-0/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libest: add recipeArmin Kuster2020-09-291-0/+23
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-06-07 16:50:51 +0000