summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* tpm2-pkcs11: backport openssl 3.x build fixesArmin Kuster2021-12-273-1/+1401
| | | | | | bump to tip of current sources. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dm-verity-img.bbclass: Fix wrong override syntax for CONVERSION_DEPENDSKristian Klausen2021-12-251-1/+1
| | | | | | | | | CONVERSION_DEPENDS hasn't been converted to the new syntax. Fixes: a23ceef ("dm-verity-img.bbclass: more overided fixups") Signed-off-by: Kristian Klausen <kristian@klausen.dk> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-fail2ban: update to tipArmin Kuster2021-12-251-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* clamav: fix useradd warningArmin Kuster2021-12-251-4/+4
| | | | | | | | | | WARNING: security-build-image-1.0-r0 do_rootfs: [log_check] security-build-image: found 2 warning messages in the logfile: [log_check] warning: user clamav does not exist - using root [log_check] warning: group clamav does not exist - using root clamav-freshclam is the package needing to have its user/group set. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libest: does not build with openssl 3.xArmin Kuster2021-12-252-1/+3
| | | | | | blacklist for now. Remove from pkg grp Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-pkcs11: update to 1.7.0Armin Kuster2021-12-251-295/+0
| | | | | | drop patch now included. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-parsec/README.md: fix for append operator combined with +=Yi Zhao2021-11-281-3/+3
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openssl-tpm-engine: fix warning for append operator combined with +=Yi Zhao2021-11-281-2/+2
| | | | | | | | | Fixes: WARNING: openssl-tpm-engine_0.5.0.bb: CFLAGS:append += is not a recommended operator combination, please replace it. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apparmor: fix warning of remove operator combined with +=Kai Kang2021-11-281-1/+1
| | | | | | | | | | | Fix warning for apparmor: | WARNING: /path/to/meta-security/recipes-mac/AppArmor/apparmor_3.0.1.bb: | RDEPENDS:${PN}:remove += is not a recommended operator combination, | please replace it. Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-fail2ban: remove /runArmin Kuster2021-11-071-1/+1
| | | | | | | | Fixes: ERROR: python3-fail2ban-0.11.2-r0 do_package_qa: QA Issue: python3-fail2ban installs files in /run, but it is expected to be empty [empty-dirs] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* bastille: Create /var/log/Bastille in runtimeArmin Kuster2021-11-071-2/+15
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: Create /var/log/sssd in runtimeArmin Kuster2021-11-071-1/+13
| | | | | | | | | | /var/log is normally a link to /var/volatile/log and /var/volatile is a tmpfs mount. So anything created in /var/log will not be available when the tmpfs is mounted. [Thanks to Peter Kjellerstedt for example] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-tss: fix fapi package configStefan Mueller-Klieser2021-11-071-2/+7
| | | | | | | | | | | | | When enabling fapi, the build breaks with: | configure: error: Package requirements (libcurl) were not met: | No package 'libcurl' found This adds the missing dependency and bundles the additional config files in the base package. Signed-off-by: Stefan Müller-Klieser <s.mueller-klieser@phytec.de> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* recipes: Update SRC_URI branch and protocolsArmin Kuster2021-11-0433-33/+33
| | | | | | | | This patch updates SRC_URIs using git to include branch=master if no branch is set and also to use protocol=https for github urls as generated by the conversion script in OE-Core. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-pkcs11: update to 1.7.0Armin Kuster2021-10-261-2/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-openssl: add new pkgArmin Kuster2021-10-261-0/+11
| | | | | | openssl 3.x support for tpm2 tss function found in tpm2-ssl Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openssl-tpm-engine: fix build issue with openssl 3Armin Kuster2021-10-261-7/+7
| | | | | | | | | ERROR: openssl-tpm-engine-0.5.0-r0 do_package: QA Issue: openssl-tpm-engine: Files/directories were installed but not shipped in any package: /usr/lib/engines-3/tpm.so fix engine locations Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-tools: update to 5.2Armin Kuster2021-10-261-1/+1
| | | | | | | | openssl 3.0 support see https://github.com/tpm2-software/tpm2-tools/releases/tag/5.2 Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apparmor: Add a python 3.10 compatability patchArmin Kuster2021-10-262-2/+37
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* opendnssec: blacklist do to ldns being blacklistedArmin Kuster2021-10-242-2/+3
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Parsec service. Update PACKAGECONFIG definitions and README.mdAnton Antonov2021-10-242-10/+23
| | | | | Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-parsec/README: remove rust layer req.Armin Kuster2021-10-241-14/+2
| | | | | | | | | | | Rust is now in core. No need to include the layer referenece. Drop Priority and ref from repo definition. Not used Signed-off-by: Armin Kuster <akuster808@gmail.com> [v2] fixup mailing list
* sssd: re-package to fix QA issuesKai Kang2021-10-181-5/+9
| | | | | | | | | | | | | | | | | | | | | | | It packages all file in ${libdir} to package sssd, including the .so symlink files. Then it causes QA issues: | ERROR: QA Issue: sssd rdepends on dbus-dev [dev-deps] | ERROR: QA Issue: sssd rdepends on ding-libs-dev [dev-deps] So re-package sssd then the .so symlink files and .pc files are packaged to sssd-dev which should be. File ${libdir}/libsss_sudo.so is not a symlink file but packaged to sssd-dev too. Then causes another QA issue: | ERROR: sssd-2.5.2-r0 do_package_qa: QA Issue: -dev package sssd-dev contains non-symlink .so '/usr/lib/libsss_sudo.so' [dev-elf] So create a new sub-package libsss-sudo to package file libsss_sudo.so and make sssd rdepends on it. Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-fail2ban: fix build failure and cleanupArmin Kuster2021-10-182-178/+4
| | | | | | | | | | | | | Fixes: error in fail2ban setup command: use_2to3 is invalid. ERROR: 'python3 setup.py build ' execution failed. drop custom fail2ban_setup.py remove pyhton-fail2ban as its a symlink to python3 Update to tip for 11.2 branch Signed-off-by: Armin Kuster <akuster808@gmail.com>
* recipes-security/chipsec: platform security assessment frameworkLiwei Song2021-10-181-0/+35
| | | | | | | | Add chipsec, tools to dump and analyzing hardware, system firmware components, like PCH register, ioport or iomem configuration space. Signed-off-by: Liwei Song <liwei.song@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* swtpm: update to 0.6.1Kristian Klausen2021-10-182-21/+14
| | | | | | | | | | | | | | | | | swtpm no longer depends on Python[1] so the dependencies have been removed. "inherit perlnative" has been added due to (in oe-core): deda455b3c ("bitbake.conf: drop pod2man from hosttools") Some leftover dependencies have also been removed, ex: tpm-tools required in the past by swtpm_setup.sh (<0.4.0)[2]. [1] https://github.com/stefanberger/swtpm/issues/437 [2] https://github.com/stefanberger/swtpm/commit/eee8cb5dfb13f87140dddda38f65bf61aff19508 Signed-off-by: Kristian Klausen <kristian@klausen.dk> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Upgrade parsec-service 0.8.1 and parsec-tool 0.4.0Anton Antonov2021-09-287-295/+477
| | | | | Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libtpm: update to 0.8.7Kristian Klausen2021-09-281-1/+1
| | | | | Signed-off-by: Kristian Klausen <kristian@klausen.dk> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* clamav: Set clamav:clamav ownership on /var/lib/clamav in do_installZoltán Böszörményi2021-09-281-4/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Also, rearrange the runtime-dependencies a little so clamav-freshclam is installed later than clamav. The issue is that clamav-freshclam ships /var/lib/clamav and the main clamav package uses chown in pkg_postinst to set the ownership of this directory. But pkg_postinst is not marked as "ontarget" so this chown only took effect when upgrading or reinstalling the package. So when clamav is part of an OS image out of the box, freshclamd cannot populate this directory since it's running under the clamav user. Fix this by creating /var/lib/clamav with the proper ownership in do_install and rearrange runtime-dependencies, so clamav-freshclam RDEPENDS on clamav and clamav relaxes its runtime-dependency into RRECOMMENDS so clamav-freshclam is installed later than clamav, avoiding these warnings: Installing : clamav-freshclam-... 487/1954 warning: user clamav does not exist - using root warning: group clamav does not exist - using root Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dmverity: Make use of DATA_BLOCK_SIZE variable in initrdscript.Christer Fletcher2021-09-281-1/+2
| | | | | | | | | DATA_BLOCK_SIZE variable was set in dm-verity-img.bbclass at build time but the initrdscript was not updated to pass the DATA_BLOCK_SIZE to the veritysetup. Now the functionality is complete. Signed-off-by: Paulo Neves <paulo.neves1@inter.ikea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* recipes-security/fscrypt: Add fscrypt .bb fileBhupesh Sharma2021-09-281-0/+49
| | | | | | | | | | | | fscrypt is a high-level tool for the management of Linux filesystem encryption. fscrypt manages metadata, key generation, key wrapping, PAM integration, and provides a uniform interface for creating and modifying encrypted directories. Add recipe for the same in 'recipes-security'. Signed-off-by: Bhupesh Sharma <bhupesh.sharma@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* chkrootkit: update to 0.55Armin Kuster2021-09-281-2/+1
| | | | | | | | | | changes: Umbreon Linux Rootkit detection Kinsing.A Backdoor RotaJakito Backdoor Minor bug fixes Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm-quote-tools: Update SRC_URIArmin Kuster2021-09-161-4/+3
| | | | | | The wget now asks for user info so git clone. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* isic: set precise BSD licenseArmin Kuster2021-09-151-1/+1
| | | | | | "BSD" is ambiguous, use the precise licenses BSD-2-Clause Signed-off-by: Armin Kuster <akuster808@gmail.com>
* checksec: set precise BSD licenseArmin Kuster2021-09-151-1/+1
| | | | | | "BSD" is ambiguous, use the precise licenses BSD-3-Clause Signed-off-by: Armin Kuster <akuster808@gmail.com>
* opendnssec: set precise BSD licenseArmin Kuster2021-09-151-1/+1
| | | | | | "BSD" is ambiguous, use the precise licenses BSD-2-Clause Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ibmswtpm2: set precise BSD licenseArmin Kuster2021-09-151-1/+1
| | | | | | "BSD" is ambiguous, use the precise licenses BSD-2-Clause Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ibmtpm2tss: set precise BSD licenseArmin Kuster2021-09-151-1/+1
| | | | | | "BSD" is ambiguous, use the precise licenses BSD-2-Clause Signed-off-by: Armin Kuster <akuster808@gmail.com>
* trousers: set precise BSD licenseArmin Kuster2021-09-151-1/+1
| | | | | | "BSD" is ambiguous, use the precise licenses BSD-3-Clause Signed-off-by: Armin Kuster <akuster808@gmail.com>
* cryfs: drop recipeArmin Kuster2021-09-151-10/+0
| | | | | | it was accidently pushed and is incmomplete Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: 2.5.1 -> 2.5.2Kai Kang2021-09-102-1/+290
| | | | | | | | | | | | | | | | | | | | | | | | | | | SSSD 2.5.2 Highlights * General information - originalADgidNumber attribute in the SSSD cache is now indexed * New features - Debug messages in data provider include a unique request ID that can be used to track the request from its start to its end (requires libtevent >= 0.11.0) * Important fixes - Update large files in the files provider in batches to avoid timeouts * Configuration changes - Add new config option fallback_to_nss Full release notes: * https://sssd.io/release-notes/sssd-2.5.2.html And backport patch to fix CVE-2021-3621. CVE: CVE-2021-3621 Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dm-verity-img.bbclass: Expose --data-block-size for configurationChrister Fletcher2021-09-061-1/+4
| | | | | | | | | | Add DM_VERITY_IMAGE_DATA_BLOCK_SIZE to be able to set the --data-block-size used in veritysetup. Tuning this value effects the performance and size of the resulting image. Signed-off-by: Christer Fletcher <christer.fletcher@inter.ikea.com> Signed-off-by: Paulo Neves <paulo.neves1@inter.ikea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta: Fix typosGeorge Liu2021-08-291-1/+1
| | | | | | | | | Fix the variable spelling errors s/SKIP_META_SECUIRTY_SANITY_CHECK/SKIP_META_SECURITY_SANITY_CHECK Signed-off-by: George Liu <liuxiwei@inspur.com> Acked-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* kas: remove rust layersArmin Kuster2021-08-272-10/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* harden-image-minimal: fix useradd inheritArmin Kuster2021-08-261-5/+6
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* layer.conf: drop meta-rustArmin Kuster2021-08-261-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* layer.conf: drop dynamic-layerArmin Kuster2021-08-261-4/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: rust is in coreArmin Kuster2021-08-269-0/+0
| | | | | | drop dynamic-layer Signed-off-by: Armin Kuster <akuster808@gmail.com>
* krill: Rust is in core nowArmin Kuster2021-08-263-0/+0
| | | | | | drop dynamic-layer Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dm-verity-img.bbclass: more overided fixupsArmin Kuster2021-08-261-2/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-07-07 09:20:43 +0000