| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
| |
use rust to build
rust version built against 1.51.1
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
| |
need native pip3, was using host's
Signed-off-by: Armin Kuster <akuster808@gmail.com>
--
V2]
add python3-cryptography-native to DEPENDS
forgot to add changes.
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
| |
ERROR: clamav-0.104.0-r0 do_package: QA Issue: clamav: Files/directories were installed but not shipped in any package:
/lib/systemd/system/clamav-daemon.service
/lib/systemd/system/clamav-clamonacc.service
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
IMA_POLICY is being referred as policy recipe name in some places and it
is also being referred as policy file in other places, they are
conflicting with each other which make it impossible to set a IMA_POLICY
global variable in config file.
Fix it by dropping IMA_POLICY definitions from policy recipes
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
convert to cmake and general cleanup
include on oe env patch and glibc 2.33 header fixup
if running w/in qemu, need to add qemuparams="-m 2048" to allow
freshclam not to oom
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
V2]
Bump PV to match what is being d/l
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
| |
Add python package
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
| |
LIC_FILES_CHKSUM hash changed between branches.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
| |
Thats codename for 3.3
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
| |
This ensures when a end user change the IMA_EVM_X509 key file,
ima-evm-keys recipe will be rebuilt.
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It fails to comile samhain for powerpc(qemuppc):
| x_sh_dbIO.c: In function 'swap_short':
| x_sh_dbIO.c:229:36: error: initializer element is not constant
| 229 | static unsigned short ooop = *iptr;
| | ^
Assign after initialization of the static variable to avoid the failure.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
| |
- Without the patch fscryptctl is installed in
/usr/bin/usr/local/bin instead of /usr/bin.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
| |
Use new structure for testing.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
| |
drop patch included in update
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
| |
includes: CVE-2020-24332, CVE-2020-24330, CVE-2020-24331
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
| |
include automate 2.70 fix
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
--
V2]
let include the updated changes
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes following systemd boot issues:
[ 7.455580] systemd[1]: Failed to create /init.scope control group: Permission denied
[ 7.457677] systemd[1]: Failed to allocate manager object: Permission denied
[!!!!!!] Failed to allocate manager object.
[ 7.459270] systemd[1]: Freezing execution.
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
| |
drop hard python3 patch and create it dufing compile.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
| |
This is the last 4.x. Will need rust support to move to 6.x
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
| |
refresh libdns_conf_fix.patch
Drop fix_fprint.patch includd in update
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
| |
|
|
|
|
| |
drop patch merged in update
|
| |
|
| |
|
|
|
|
| |
LIC_FILES_CHKSUM update do to yr change
|
|
|
|
| |
LIC_FILES_CHKSUM update do to yr change
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
| |
Or else wic will fail without "--no-fstab-update" option.
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
| |
Otherwise, ima script would not run as intended.
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
| |
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current logic in ima-evm-rootfs.bbclass does not guarantee
ima_evm_sign_rootfs is the last function in IMAGE_PREPROCESS_COMMAND
by appending to it, for instance, if there are other "_append" being
used as it's the case in openembedded-core/meta/classes/image.bbclass:
| IMAGE_PREPROCESS_COMMAND_append = " ${@ 'systemd_preset_all;' \
| if bb.utils.contains('DISTRO_FEATURES', 'systemd', True, False, d) \
| and not bb.utils.contains('IMAGE_FEATURES', 'stateless-rootfs', True,
| False, d) else ''} reproducible_final_image_task; "
and ima-evm-rootfs should be in IMAGE_CLASSES instead of in INHERIT
since that would impact all recipes but not only image recipes.
To fix the above issues, we introduce a ima_evm_sign_handler setting
IMA/EVM rootfs signing requirements/dependencies in event
bb.event.RecipePreFinalise, it checks 'ima' distro feature to decide if
IMA/EVM rootfs signing logic should be applied or not.
Also add ima-evm-keys to IMAGE_INSTALL.
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
| |
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|