| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
way too many jobs. TPM have there own images, use that
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
Move FEATURES that affect kernel configuation to minimize rebuilds
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For more info see: https://github.com/openwall/lkrg
Add to local.conf:
IMAGE_INSTALL_append = " kernel-module-lkrg"
Need these kconfig options enabled:
CONFIG_KALLSYMS_ALL=y
CONFIG_JUMP_LABEL=y
CONFIG_DEBUG_KERNEL=y
To invoke module:
sudo insmod {path-to-modules}/p_lkrg.ko kint_enforce=1
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
add meta-filesystems
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
Also clean up extra spaces
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Introduce IMA_FORCE to allow the IMA policy be applied forcely even
'no_ima' boot parameter is available.
This ensures the end users have a way to disable 'no_ima' support if
they want to, because it may expose a security risk if an attacker can
find a way to change kernel arguments, it will easily bypass rootfs
authenticity checks.
Signed-off-by: Sergio Prado <sergio.prado@toradex.com>
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
the images into gitlab CI
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
The layer contains recipes for Parsec service version 0.7.0 and parsec-tool version 0.3.0. The Parsec service is built with all supported providers and deployed with the MbedCrypto provider enabled. Both systemd and sysv-init are supported.
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
Add note about rust.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
needs rust
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This patch fixes the issue:
WARNING: libest-3.2.0-r0 do_fetch: Failed to fetch URL git://github.com/cisco/libest, attempting MIRRORS if available
ERROR: libest-3.2.0-r0 do_fetch: Fetcher failure: Unable to find revision 4ca02c6d7540f2b1bcea278a4fbe373daac7103b in branch master even from upstream
ERROR: libest-3.2.0-r0 do_fetch: Fetcher failure for URL: 'git://github.com/cisco/libest'. Unable to fetch URL from any source.
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
Found a few places that tscd check was trying to run the hosts.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
need native pip3, was using host's
Signed-off-by: Armin Kuster <akuster808@gmail.com>
--
V2]
add python3-cryptography-native to DEPENDS
forgot to add changes.
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
ERROR: clamav-0.104.0-r0 do_package: QA Issue: clamav: Files/directories were installed but not shipped in any package:
/lib/systemd/system/clamav-daemon.service
/lib/systemd/system/clamav-clamonacc.service
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
IMA_POLICY is being referred as policy recipe name in some places and it
is also being referred as policy file in other places, they are
conflicting with each other which make it impossible to set a IMA_POLICY
global variable in config file.
Fix it by dropping IMA_POLICY definitions from policy recipes
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
convert to cmake and general cleanup
include on oe env patch and glibc 2.33 header fixup
if running w/in qemu, need to add qemuparams="-m 2048" to allow
freshclam not to oom
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
V2]
Bump PV to match what is being d/l
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
Add python package
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
LIC_FILES_CHKSUM hash changed between branches.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
Thats codename for 3.3
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
This ensures when a end user change the IMA_EVM_X509 key file,
ima-evm-keys recipe will be rebuilt.
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
It fails to comile samhain for powerpc(qemuppc):
| x_sh_dbIO.c: In function 'swap_short':
| x_sh_dbIO.c:229:36: error: initializer element is not constant
| 229 | static unsigned short ooop = *iptr;
| | ^
Assign after initialization of the static variable to avoid the failure.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
- Without the patch fscryptctl is installed in
/usr/bin/usr/local/bin instead of /usr/bin.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
Use new structure for testing.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
drop patch included in update
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
includes: CVE-2020-24332, CVE-2020-24330, CVE-2020-24331
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
include automate 2.70 fix
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
--
V2]
let include the updated changes
|
| |
|
|
|
|
|
|
|
|
|
| |
This fixes following systemd boot issues:
[ 7.455580] systemd[1]: Failed to create /init.scope control group: Permission denied
[ 7.457677] systemd[1]: Failed to allocate manager object: Permission denied
[!!!!!!] Failed to allocate manager object.
[ 7.459270] systemd[1]: Freezing execution.
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
drop hard python3 patch and create it dufing compile.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
This is the last 4.x. Will need rust support to move to 6.x
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
refresh libdns_conf_fix.patch
Drop fix_fprint.patch includd in update
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| | |
|
| | |
|
