| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
| |
Create a recipe to package IMA/EMV public keys.
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
| |
/etc/ima-policy > /etc/ima/ima-policy.
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
| |
'ima' does not have to be in native DISTRO_FEATURES, unset it to avoid
sanity check for ima-evm-utils-native.
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
| |
Add patches to fix openembedded nodistro tests and openembedded build within
ssg metadata.
Signed-Off-By: Jate Sujjavanich <jatedev@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The openssl in oe-core has disabled several deprecated algorithms
including camellia. Disable this algorithm to fix the build error.
Fixes:
TpmToOsslSym.h:185:42: error: unknown type name 'CAMELLIA_KEY'
185 | #define tpmKeyScheduleCAMELLIA CAMELLIA_KEY
| ^~~~~~~~~~~~
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
| |
Signed-off-by: Adrian Ratiu <adrian.ratiu@collabora.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The getchildren and getiterator functions are deprecated in Python 3.9.
Backport 3 patches to fix the build issue.
Fixes:
File
"/build/tmp/work/cortexa8hf-neon-poky-linux-gnueabi/scap-security-guide/0.1.44+gitAUTOINC+5fdfdcb2e9-r0/git/ssg/build_stig.py",
line 41, in add_references
index = rule.getchildren().index(ref)
AttributeError: 'xml.etree.ElementTree.Element' object has no attribute 'getchildren'
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
| |
refresh a few patches too
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
| |
Make the volatiles file name starts with digital.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
| |
Make the volatiles file name starts with digital.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
| |
Updating BBFILES with := isn't the standard way and can break
parsing under certain conditions, instead use += which is widely used.
Signed-off-by: Sajjad Ahmed <sajjad_ahmed@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
|
| |
Add expat-native to DEPENDS to fix the below do_configure error:
| CMake Error at CMakeLists.txt:165 (message):
| xmlwf is required!
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
| |
LIC_FILES_CHKSUM changes do to added Copyright
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
| |
includes: CVE-2020-24455
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
| |
add smack
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
| |
fix musl support
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
|
| |
fixes
est.c:38:10: fatal error: execinfo.h: No such file or directory
| 38 | #include <execinfo.h>
| | ^~~~~~~~~~~~
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
| |
for now skip apparmor ptest
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
|
| |
skip ptest for now, on todo list for fix.
Runtime test pass
remove patch now included in update: 0001-regression-tests-Don-t-build-syscall_sysctl-if-missi.patch
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
| |
minor spacing cleanup
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
| |
Add checks that include dm-verity specific kernel config fragment
when dm-verity-img.bbclass is used.
Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
|
| |
Based on systemd-bootdisk-microcode.wks.in, this adds
the dm-verity image similar to the beaglebone wks
already in meta-security.
Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Detection of USB devices by the kernel is slow enough. We need to
keep trying for a while (default: 5s seconds, controlled by roottimeout=<seconds>)
and sleep between each attempt (default: one second, rootdelay=<seconds>).
Fix is based on https://git.yoctoproject.org/cgit.cgi/poky/commit/meta/recipes-core/initrdscripts/initramfs-framework/rootfs?id=ee6a6c3461694ce09789bf4d852cea2e22fc95e4
Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
Fixes:
BusyBox v1.32.0 () multi-call binary.
Usage: dd [if=FILE] [of=FILE] [bs=N] [count=N] [skip=N]
Don't use Busybox dd, not compatable. Use coreutils
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
| |
After running testimage there are some python left overs at
lib/oeqa/runtime/cases/__pycache__/
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|