summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* cryptsetup-tpm-incubator: remove reference from other filesArmin Kuster2020-09-052-3/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: Avoid nss function conflicts with glibc nss.hArmin Kuster2020-09-052-0/+78
| | | | | | | | | | glibc 2.32 will define these varibles [1] which results in conflicts with these static function names, backport a fix from upstream [1] https://sourceware.org/git/?p=glibc.git;a=commit;h=499a92df8b9fc64a054cf3b7f728f8967fc1da7d Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* cryptsetup-tpm-incubator: drop recipeArmin Kuster2020-09-052-63/+0
| | | | | | The upstream package appears to tbe dead so drop it. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* .gitlab: send error reportsArmin Kuster2020-08-291-5/+9
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* kas/kas-security-base.yml: lets enable error reportingArmin Kuster2020-08-291-0/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* upload-error-report: add script to upload errorsArmin Kuster2020-08-291-0/+26
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: Make manpages buildableJonatan Pålsson2020-08-292-1/+37
| | | | | | | Some XML related fixes are needed to make the sssd manpages buildable Signed-off-by: Jonatan Pålsson <jonatan.p@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* trousers: update to tipArmin Kuster2020-08-292-96/+1
| | | | | | | | | Many for compile issue now being seen. rpc/tcstp/.libs/libtspi_la-rpc_cmk.o:/usr/src/debug/trousers/0.3.14+gitAUTOINC+4b9a70d578-r0/build/src/tspi/../../../git/src/include/tcsd.h:169: multiple definition of `tcsd_sa_int'; .libs/libtspi_la-tspi_context.o:/usr/src/debug/trousers/0.3.14+gitAUTOINC+4b9a70d578-r0/build/src/tspi/../../../git/src/include/tcsd.h:169: first defined here | collect2: error: ld returned 1 exit status Signed-off-by: Armin Kuster <akuster808@gmail.com>
* trousers: Several Security fixesArmin Kuster2020-08-172-0/+95
| | | | | | | | | | Fixes: CVE-2020-24332 CVE-2020-24330 CVE-2020-24331 Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libseccomp: fix cross compile error for mipsKai Kang2020-08-042-0/+50
| | | | | | | | | | | Backport patch to fix cross compile error for mips: | syscalls.h:44:6: error: expected identifier or '(' before numeric constant | 44 | int mips; | | ^~~~ Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* clamav: add INSTALL_CLAMAV_CVD flag to do_installCharlie Davies2020-08-041-1/+3
| | | | | | | | | Recipe provides INSTALL_CLAMAV_CVD flag to bypass clamav cvd db creation. During do_install this flag should be used to conditionally skip install of cvd db if needed. Signed-off-by: Charlie Davies <charles.davies@whitetree.xyz> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: restore riscv64 for libssecompArmin Kuster2020-07-271-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libseccomp: update to 2.5.0Armin Kuster2020-07-271-4/+5
| | | | | | | | | | | Notable changes: Add support for the 64-bit RISC-V architecture Update the syscall tables to Linux v5.8.0-rc5 Python bindings and build now default to Python 3.x for more info see: https://github.com/seccomp/libseccomp/blob/master/CHANGELOG Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: remove libseccomp for riscv*Armin Kuster2020-07-271-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libsecomp: rv32/rv64 target builds are not supported yetArmin Kuster2020-07-271-0/+3
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: remove clamav for riscv*Armin Kuster2020-07-251-3/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-security-tpm: add more packages for buildingArmin Kuster2020-07-251-0/+5
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* security packagegroups: move to recipes-coreArmin Kuster2020-07-252-0/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* security images: Move to recipe-coreArmin Kuster2020-07-254-0/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ibmswtpm2: upgrade 1563 -> 1628Yi Zhao2020-07-252-27/+26
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* lynis: update to 3.0.0Armin Kuster2020-07-251-2/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* drop ci-build: it is hiding errorsArmin Kuster2020-07-244-27/+22
| | | | | | | | | call kas from .gitlab-ci fix typos add missing mips64 file add main layer workaround Signed-off-by: Armin Kuster <akuster808@gmail.com>
* kas: add ima, tpm and tpm2 build configsArmin Kuster2020-07-199-1/+97
| | | | | | for qemux86, qemux86-64 and qemuarm64 Signed-off-by: Armin Kuster <akuster808@gmail.com>
* add gitlab framework and qemu machineArmin Kuster2020-07-1810-0/+161
| | | | | | | | | | | | | Machines: qemux86 qemux86-64 qemuarm qemuarm64 qemuppc qemumips84 qemuriscv64 Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-integrity: add dynamic-layer for strongswanArmin Kuster2020-07-181-0/+4
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* strongswan: Add bbappends for ima changesArmin Kuster2020-07-182-0/+62
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* layer.conf: add dynamic-layer for strongswanArmin Kuster2020-07-181-0/+4
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* strongswan: add bbappends for tpm changesArmin Kuster2020-07-183-0/+51
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-privacyidea: adding initial support for mfaArmin Kuster2020-07-181-0/+40
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-oauth2client: add recipeArmin Kuster2020-07-181-0/+11
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-security-tpm2: Depend on preferred provider for cryptsetupJeremy Puhlman2020-07-141-1/+2
| | | | | Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* cryptsetup-tpm-incubator: RPROVIDES cryptsetup and cryptsetup-devJeremy Puhlman2020-07-141-0/+5
| | | | | | | | | | | | | | | | | | | | | | | Without this we get weird conflict when you include dev packages: rror: Transaction check error: file /usr/include/libcryptsetup.h conflicts between attempted installs of cryptsetup-tpm-incubator-dev-0.9.9-r0.corei7_64 and lib32-cryptsetup-dev-2.3.2-r0.1.i586 file /usr/lib64/libcryptsetup.so conflicts between attempted installs of cryptsetup-tpm-incubator-dev-0.9.9-r0.corei7_64 and cryptsetup-dev-2.3.2-r0.1.corei7_64 file /usr/lib64/pkgconfig/libcryptsetup.pc conflicts between attempted installs of cryptsetup-tpm-incubator-dev-0.9.9-r0.corei7_64 and cryptsetup-dev-2.3.2-r0.1.corei7_64 file /usr/lib/libcryptsetup.so conflicts between attempted installs of lib32-cryptsetup-tpm-incubator-dev-0.9.9-r0.i586 and lib32-cryptsetup-dev-2.3.2-r0.1.i586 file /usr/lib/pkgconfig/libcryptsetup.pc conflicts between attempted installs of lib32-cryptsetup-tpm-incubator-dev-0.9.9-r0.i586 and lib32-cryptsetup-dev-2.3.2-r0.1.i586 Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* bastille: Deleted redundant inherit to fix error when enable multilib.Zheng Ruoqin2020-07-141-2/+0
| | | | | | | | There is no need to inherit module-base. Because this inherit will stop bastille to build to lib32-bastille. Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ccs-tools:Fix build error when enable multilib.Zheng Ruoqin2020-07-141-1/+1
| | | | | | | | | | | | ERROR: lib32-ccs-tools-1.8.4-r0 do_install: oe_runmake failed ERROR: lib32-ccs-tools-1.8.4-r0 do_install: Execution of '/build-armv8/tmp/work/armv7ahf-neon-mllib32-linux-gnueabi/lib32-ccs-tools/1.8.4-r0/temp/run.do_install.22368' failed with exit code 1: make: *** No rule to make target 'install'. Stop. WARNING: exit code 1 from a shell command. Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* isafw.bbclass: typo in layer nameArmin Kuster2020-07-061-0/+0
| | | | | | move class to proper layer Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security-ptest: update fail2ban ptest pkg nameArmin Kuster2020-07-061-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: update to 4.1.8Armin Kuster2020-07-063-3/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: disable build secretsKai Kang2020-06-231-4/+3
| | | | | | | | | | | | | | | | | | | It requires http_parser.h to build secrets: | configure: error: | You must have the header file http_parser.h installed to build sssd | with secrets responder. If you want to build sssd without secret responder | then specify --without-secrets when running configure. The header file is from package http-parser[1] rather than apache2. But there is no recipe http-parser in openembedded. So disable build secrets for sssd and remove related systemd service and socket files. Reference: 1. https://github.com/nodejs/http-parser Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apparmor: pull in coreutils/findutils only when not using systemd as init ↵Alexander Kanavin2020-06-191-1/+2
| | | | | | | | | | | | manager The utilities from those packages (xargs, comm) are only used in sysvinit scripts, and so there is no need to pull them in when systemd is in use. Both are gpl3 licensed, so this is beneficial for builds where gpl3 is not allowed. Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tripwire: Remove makefiles from the man directories.Jeremy Puhlman2020-06-191-0/+1
| | | | | Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* clamav: resolve multilib issuesJeremy Puhlman2020-06-191-1/+4
| | | | | Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-tcti-uefi: drop patch no longer neededArmin Kuster2020-06-192-25/+2
| | | | | | | drop tpm2-get-caps-fixed.patch, tss update negated the need for this change. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap: update to 1.3.3Armin Kuster2020-06-192-3/+3
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libtpm: update to 0.7.2Armin Kuster2020-06-191-2/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-pkcs11: update 1.2.0Armin Kuster2020-06-191-6/+5
| | | | | | | add yaml package Updated LICNESE Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-tss-engine: add branch to SRC_URI & update to tipArmin Kuster2020-06-191-4/+4
| | | | | | LICENSE changed to BSD 3 Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-tss: update to 2.4.1Armin Kuster2020-06-191-5/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-tools: update to 4.1.3Armin Kuster2020-06-192-17/+13
| | | | | | LICENSE changed to BSD3 Signed-off-by: Armin Kuster <akuster808@gmail.com>
* samhain: dnmalloc hash fix for aarch64 and mips64Haseeb Ashraf2020-05-151-1/+3
| | | | | | | | | | | | | | fix runtime error: samhain[4069]: FATAL: x_dnmalloc.c: 2790: hashval < AMOUNTHASH Killed The proper fix is not to disable dnmalloc. This change is in continuation of samhain-mips64-aarch64-dnmalloc-hash-fix.patch which requires CONFIG_ARCH_AARCH64 or CONFIG_ARCH_MIPS64 to be defined for the corresponding architecture Signed-off-by: Haseeb Ashraf <Haseeb_Ashraf@mentor.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* samhain-server: add volatile file for systemdYi Zhao2020-05-153-4/+15
| | | | | | | | Add volatile file to create /var/log/yule when using systemd. Also remove unused /var/log directory in do_install. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-07-09 09:13:34 +0000