summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* python3-suricata-update: update to 1.2.1rust-wipArmin Kuster2021-04-071-3/+5
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: update to 6.0.2Armin Kuster2021-04-076-114/+254
| | | | | | | | use rust to build rust version built against 1.51.1 Signed-off-by: Armin Kuster <akuster808@gmail.com>
* swtpm: fix check for tscd deamon on hostArmin Kuster2021-04-022-0/+27
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* swtpm: file pip3 issueArmin Kuster2021-04-021-3/+3
| | | | | | | | | | | need native pip3, was using host's Signed-off-by: Armin Kuster <akuster808@gmail.com> -- V2] add python3-cryptography-native to DEPENDS forgot to add changes.
* swtpm: now need python-cryptography, pull in layerArmin Kuster2021-04-021-0/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* clamav: fix systemd service installArmin Kuster2021-04-021-1/+4
| | | | | | | | ERROR: clamav-0.104.0-r0 do_package: QA Issue: clamav: Files/directories were installed but not shipped in any package: /lib/systemd/system/clamav-daemon.service /lib/systemd/system/clamav-clamonacc.service Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-privacyidea: upgrade 3.5.1 -> 3.5.2Armin Kuster2021-04-021-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta: drop IMA_POLICY from policy recipesMing Liu2021-04-023-21/+6
| | | | | | | | | | | | IMA_POLICY is being referred as policy recipe name in some places and it is also being referred as policy file in other places, they are conflicting with each other which make it impossible to set a IMA_POLICY global variable in config file. Fix it by dropping IMA_POLICY definitions from policy recipes Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* clamav: upgrade 104.0Armin Kuster2021-04-023-64/+134
| | | | | | | | | | | | | | | convert to cmake and general cleanup include on oe env patch and glibc 2.33 header fixup if running w/in qemu, need to add qemuparams="-m 2048" to allow freshclam not to oom Signed-off-by: Armin Kuster <akuster808@gmail.com> --- V2] Bump PV to match what is being d/l
* packagegroup-core-security: drop clamav-cvdArmin Kuster2021-04-021-2/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* swtpm: update to 0.5.2Armin Kuster2021-03-251-8/+9
| | | | | | Add python package Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-tss-engine: update 1.1.0Armin Kuster2021-03-251-3/+3
| | | | | | LIC_FILES_CHKSUM hash changed between branches. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* layer.conf: Add hardknott to LAYERSERIES_COMPATArmin Kuster2021-03-186-6/+6
| | | | | | Thats codename for 3.3 Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ima-evm-keys: add file-checksums to IMA_EVM_X509Ming Liu2021-03-181-0/+1
| | | | | | | | This ensures when a end user change the IMA_EVM_X509 key file, ima-evm-keys recipe will be rebuilt. Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* samhain: fix compile error on powerpcKai Kang2021-03-182-0/+29
| | | | | | | | | | | | | | It fails to comile samhain for powerpc(qemuppc): | x_sh_dbIO.c: In function 'swap_short': | x_sh_dbIO.c:229:36: error: initializer element is not constant | 229 | static unsigned short ooop = *iptr; | | ^ Assign after initialization of the static variable to avoid the failure. Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* fscryptctl: Fix installation pathlukasz plachno2021-03-181-1/+1
| | | | | | | - Without the patch fscryptctl is installed in /usr/bin/usr/local/bin instead of /usr/bin. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-fail2ban: fix building with ptest enabledArmin Kuster2021-03-092-2/+3
| | | | | | Use new structure for testing. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm-tools: update to 1.3.9.1Armin Kuster2021-03-092-112/+1
| | | | | | drop patch included in update Signed-off-by: Armin Kuster <akuster808@gmail.com>
* trousers: update to 0.3.15Armin Kuster2021-03-091-2/+2
| | | | | | includes: CVE-2020-24332, CVE-2020-24330, CVE-2020-24331 Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-topt: update 0.3.0Armin Kuster2021-03-091-2/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-pkcs11: update to 1.5.0Armin Kuster2021-03-091-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-tss: update to 3.0.3Armin Kuster2021-03-092-2/+52
| | | | | | include automate 2.70 fix Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-tools: update to 5.0Armin Kuster2021-03-091-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-abrmd: update to 2.4.0Armin Kuster2021-03-091-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ibmtpm2tss: update to 1.6.0Armin Kuster2021-03-092-18/+14
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libtpm: update to 0.8.2Armin Kuster2021-03-091-2/+2
| | | | | | | | Signed-off-by: Armin Kuster <akuster808@gmail.com> -- V2] let include the updated changes
* ima-policy-hashed: add CGROUP2_SUPER_MAGIC fsmagicMing Liu2021-03-021-0/+3
| | | | | | | | | | | This fixes following systemd boot issues: [ 7.455580] systemd[1]: Failed to create /init.scope control group: Permission denied [ 7.457677] systemd[1]: Failed to allocate manager object: Permission denied [!!!!!!] Failed to allocate manager object. [ 7.459270] systemd[1]: Freezing execution. Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-fail2ban: update to 0.11.2Armin Kuster2021-03-022-2530/+4
| | | | | | drop hard python3 patch and create it dufing compile. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: update to 4.10.0Armin Kuster2021-03-023-2/+2
| | | | | | This is the last 4.x. Will need rust support to move to 6.x Signed-off-by: Armin Kuster <akuster808@gmail.com>
* opendnssec: update to 2.1.8Armin Kuster2021-03-023-53/+24
| | | | | | | refresh libdns_conf_fix.patch Drop fix_fprint.patch includd in update Signed-off-by: Armin Kuster <akuster808@gmail.com>
* samhain: update to 4.4.3Armin Kuster2021-03-021-2/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-scapy: upgrade 2.4.3 -> 2.4.4Armin Kuster2021-03-021-1/+1
|
* python3-privacyidea: upgrade 3.3 -> 3.5.1Armin Kuster2021-03-021-1/+1
|
* libseccomp: upgrade 2.5.0 -> 2.5.1Armin Kuster2021-03-022-52/+2
| | | | drop patch merged in update
* fscryptctl: upgrade 0.1.0 -> 1.0.0Armin Kuster2021-03-021-1/+1
|
* ding-libs: upgrade 0.5.0 -> 0.6.1Armin Kuster2021-03-021-2/+1
|
* checksec: upgrade 2.1.0 -> 2.4.0Armin Kuster2021-03-021-2/+2
| | | | LIC_FILES_CHKSUM update do to yr change
* arpwatch: upgrade 3.0 -> 3.1Armin Kuster2021-03-021-2/+2
| | | | LIC_FILES_CHKSUM update do to yr change
* kas-security-base.yml: drop DL_DIRArmin Kuster2021-03-021-1/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* kas-security-base.yml: build setting updatesArmin Kuster2021-02-231-0/+8
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nikito: Update common-licenses references to match new namesArmin Kuster2021-02-234-4/+4
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: Inherit python3targetconfigArmin Kuster2021-02-231-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap: Inherit python3targetconfigArmin Kuster2021-02-231-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-suricata-update: Inherit python3targetconfigArmin Kuster2021-02-231-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apparmor: Inherit python3targetconfigArmin Kuster2021-02-231-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ima-evm-rootfs.bbclass: avoid generating /etc/fstab for wicMing Liu2021-02-231-0/+3
| | | | | | | Or else wic will fail without "--no-fstab-update" option. Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* initramfs-framework-ima: let ima_enabled return 0Ming Liu2021-02-231-0/+1
| | | | | | | Otherwise, ima script would not run as intended. Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* README.md: update according to the refactoring in ima-evm-rootfs.bbclassMing Liu2021-02-231-1/+3
| | | | | Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta: refactor IMA/EVM sign rootfsMing Liu2021-02-231-18/+12
| | | | | | | | | | | | | | | | | | | | | | | | | The current logic in ima-evm-rootfs.bbclass does not guarantee ima_evm_sign_rootfs is the last function in IMAGE_PREPROCESS_COMMAND by appending to it, for instance, if there are other "_append" being used as it's the case in openembedded-core/meta/classes/image.bbclass: | IMAGE_PREPROCESS_COMMAND_append = " ${@ 'systemd_preset_all;' \ | if bb.utils.contains('DISTRO_FEATURES', 'systemd', True, False, d) \ | and not bb.utils.contains('IMAGE_FEATURES', 'stateless-rootfs', True, | False, d) else ''} reproducible_final_image_task; " and ima-evm-rootfs should be in IMAGE_CLASSES instead of in INHERIT since that would impact all recipes but not only image recipes. To fix the above issues, we introduce a ima_evm_sign_handler setting IMA/EVM rootfs signing requirements/dependencies in event bb.event.RecipePreFinalise, it checks 'ima' distro feature to decide if IMA/EVM rootfs signing logic should be applied or not. Also add ima-evm-keys to IMAGE_INSTALL. Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* initramfs-framework-ima: RDEPENDS on ima-evm-keysMing Liu2021-02-231-1/+1
| | | | | Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-17 22:41:54 +0000