| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
To avoid confusion, remove stray aircrack-ng entry as it is actually
in the main layer and not meta-tpm.
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Changes:
- Add libmhash and libgssglue so they will get tested by CI.
- Switch to MACHINE_ARCH to facilitate the above, but it makes sense
anyway due to all the machine overrides used in the packagegroup
definition.
- Add the recently added python3-suricata-update so it will get
tested by CI.
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
|
|
| |
Remove the paxctl recipe since it has seemingly been broken for a
while without anyone noticing, and there likely have been no actual
users since grsecurity stopped doing public releases in 2017.
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
|
| |
Remove the libest recipe since it has been disabled since November
2021, and upstream has shown no activity since 2022.
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
|
| |
Remove the tripwire recipe since it has been disabled since May 2021,
and upstream has shown no activity since 2018.
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
|
| |
GCC 15 switched to C23 by default, which libmhash does not yet support.
So keep using C17.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
suricata has "--disable-suricata-update"
Original add: caaeb67863a6 ("suricata-update: add package to pull rules")
Suricata dropped: 7a1691c03726 ("suricata: Drop 4.1.x its EOL")
Not readded: 818a8646a689 ("suricata: rust is in core")
*Changes*
1.2.1 -> 1.3.6
Drop period and trailing space in SUMMARY value
Drop now-redundant "S"
Use HTTPS protocol for SRC_URI
LICENSE "GPLv2" -> "GPL-2.0-only"
Add "python3-shell" RDEPENDS to resolve:
ModuleNotFoundError: No module named 'shlex'
Basic target testing:
root@beaglebone-yocto:~# suricata-update
22/9/2025 -- 04:06:23 - <Info> -- Using data-directory /var/lib/suricata.
22/9/2025 -- 04:06:23 - <Info> -- Using Suricata configuration /etc/suricata/suricata.yaml
22/9/2025 -- 04:06:23 - <Info> -- Using /usr/share/suricata/rules for Suricata provided rules.
22/9/2025 -- 04:06:23 - <Info> -- Found Suricata version 7.0.0 at /bin/suricata.
22/9/2025 -- 04:06:23 - <Info> -- Loading /etc/suricata/suricata.yaml
22/9/2025 -- 04:06:23 - <Info> -- Disabling rules for protocol pgsql
22/9/2025 -- 04:06:23 - <Info> -- Disabling rules for protocol modbus
22/9/2025 -- 04:06:23 - <Info> -- Disabling rules for protocol dnp3
22/9/2025 -- 04:06:23 - <Info> -- Disabling rules for protocol enip
22/9/2025 -- 04:06:23 - <Info> -- No sources configured, will use Emerging Threats Open
22/9/2025 -- 04:06:23 - <Info> -- Fetching https://rules.emergingthreats.net/open/suricata-7.0.0/emerging.rules.tar.gz.
100% - 5102134/5102134
22/9/2025 -- 04:06:24 - <Info> -- Done.
22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/app-layer-events.rules
22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/decoder-events.rules
22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/dhcp-events.rules
22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/dnp3-events.rules
22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/dns-events.rules
22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/files.rules
22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/http2-events.rules
22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/http-events.rules
22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/ipsec-events.rules
22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/kerberos-events.rules
22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/modbus-events.rules
22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/mqtt-events.rules
22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/nfs-events.rules
22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/ntp-events.rules
22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/quic-events.rules
22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/rfb-events.rules
22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/smb-events.rules
22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/smtp-events.rules
22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/ssh-events.rules
22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/stream-events.rules
22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/tls-events.rules
22/9/2025 -- 04:06:27 - <Info> -- Ignoring file ba1345f233851ca2df4d905ea4b386d2/rules/emerging-deleted.rules
22/9/2025 -- 04:06:57 - <Info> -- Loaded 61205 rules.
22/9/2025 -- 04:07:02 - <Info> -- Disabled 14 rules.
22/9/2025 -- 04:07:02 - <Info> -- Enabled 0 rules.
22/9/2025 -- 04:07:02 - <Info> -- Modified 0 rules.
22/9/2025 -- 04:07:02 - <Info> -- Dropped 0 rules.
22/9/2025 -- 04:07:03 - <Info> -- Enabled 136 rules for flowbit dependencies.
22/9/2025 -- 04:07:03 - <Info> -- Creating directory /var/lib/suricata/rules.
22/9/2025 -- 04:07:03 - <Info> -- Backing up current rules.
22/9/2025 -- 04:07:03 - <Info> -- Writing rules to /var/lib/suricata/rules/suricata.rules: total: 61205; enabled: 45406; added: 61205; removed 0; modified: 0
22/9/2025 -- 04:07:06 - <Info> -- Writing /var/lib/suricata/rules/classification.config
22/9/2025 -- 04:07:07 - <Info> -- Testing with suricata -T.
22/9/2025 -- 04:07:57 - <Info> -- Done.
Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://docs.yoctoproject.org/dev/ref-manual/variables.html#term-SYSTEMD_SERVICE
Before:
root@beaglebone-yocto:~# systemctl status suricata
* suricata.service - Suricata IDS/IDP daemon
Loaded: loaded (/usr/lib/systemd/system/suricata.service; disabled; preset: disabled)
Active: inactive (dead)
Docs: man:suricata(8)
man:suricatasc(8)
https://redmine.openinfosecfoundation.org/projects/suricata/wiki
After:
root@beaglebone-yocto:~# systemctl status suricata
* suricata.service - Suricata IDS/IDP daemon
Loaded: loaded (/usr/lib/systemd/system/suricata.service; enabled; preset: enabled)
Active: active (running) since Mon 2025-09-22 04:05:08 UTC; 20s ago
Invocation: 8cfeb29631f443f0830bffeb00975931
Docs: man:suricata(8)
man:suricatasc(8)
https://redmine.openinfosecfoundation.org/projects/suricata/wiki
Main PID: 268 (Suricata-Main)
Tasks: 7 (limit: 4915)
Memory: 36.8M (peak: 37M)
CPU: 2.222s
CGroup: /system.slice/suricata.service
`-268 /usr/bin/suricata -c /etc/suricata/suricata.yaml -i eth0
Sep 22 04:05:08 beaglebone-yocto systemd[1]: Started Suricata IDS/IDP daemon.
Sep 22 04:05:09 beaglebone-yocto suricata[268]: i: suricata: This is Suricata version 7.0.0 RELEASE running in SYSTEM mode
Sep 22 04:05:10 beaglebone-yocto suricata[268]: W: detect: No rule files match the pattern /var/lib/suricata/rules/suricata.rules
Sep 22 04:05:10 beaglebone-yocto suricata[268]: W: detect: 1 rule files specified, but no rules were loaded!
Sep 22 04:05:10 beaglebone-yocto suricata[268]: i: threads: Threads created -> W: 1 FM: 1 FR: 1 Engine started.
Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update to latest git rev as the current version doesn't work with
OpenSSH 9.8+[1].
Ptest result:
$ ptest-runner python3-fail2ban
START: ptest-runner
2025-09-21T12:45
BEGIN: /usr/lib64/python3-fail2ban/ptest
Ran 538 tests in 13.045s
OK (skipped=3)
DURATION: 14
END: /usr/lib64/python3-fail2ban/ptest
2025-09-21T12:46
STOP: ptest-runner
TOTAL: 1 FAIL: 0
[1] https://github.com/fail2ban/fail2ban/commit/2fed408c05ac5206b490368d94599869bd6a056d
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix ptest failures by backporting patches and updating test case config
files.
Before the patch:
$ ptest-runner python3-fail2ban
START: ptest-runner
2025-09-11T15:42
BEGIN: /usr/lib64/python3-fail2ban/ptest
<snip>
Ran 524 tests in 23.023s
FAILED (failures=5, errors=7, skipped=3)
DURATION: 24
END: /usr/lib64/python3-fail2ban/ptest
2025-09-11T15:42
STOP: ptest-runner
TOTAL: 1 FAIL: 1
After the patch:
$ ptest-runner python3-fail2ban
START: ptest-runner
2025-09-11T15:59
BEGIN: /usr/lib64/python3-fail2ban/ptest
<snip>
Ran 524 tests in 25.982s
OK (skipped=3)
DURATION: 27
END: /usr/lib64/python3-fail2ban/ptest
2025-09-11T15:59
STOP: ptest-runner
TOTAL: 1 FAIL: 0
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
| |
|
|
| |
Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
|
| |
|
|
|
|
|
|
|
|
| |
The 1.13.16 version does not work on the kernel 6.16 for now [1].
Disable when waiting for the fix.
[1] https://github.com/chipsec/chipsec/issues/2563
Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
|
| |
|
|
|
|
|
|
| |
Update from 1.9.1 (October 2022) to the latest 1.x release, 1.13.16.
Changelog: https://github.com/chipsec/chipsec/releases
Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
|
| |
|
|
|
|
|
| |
Move to fetching from GitHub hashes to avoid issues at releases,
when the last-recent release changes place.
Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Tested on master (whinlatter) with beaglebone-yocto
New in version 3.1.5 (2025-07-29):
https://cisofy.com/changelog/lynis/#315
Added:
- Support for OpenWrt
- Bitdefender detection on Linux
- Detection of openSUSE Tumbleweed-Slowroll
Changed:
- Corrected detection of service manager SMF
- Extended GetHostID function to allow HostID and HostID2 creation on OpenWrt
- Check modules also under /usr/lib/modules.d
Signed-off-by: Michael Opdenacker <michael.opdenacker@rootcommit.com>
|
| |
|
|
| |
Signed-off-by: Michael Opdenacker <michael.opdenacker@rootcommit.com>
|
| |
|
|
|
|
|
| |
There is no hint of libgcrypt in the upstream code and distro packages
like Debian and Fedora do not have this dependency either.
Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
suricata.yaml references these configs
Resolve:
<Warning> -- could not open: "/etc/suricata/classification.config": No
such file or directory
<Error> -- please check the "classification-file" option in your
suricata.yaml file
Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com>
|
| |
|
|
| |
Signed-off-by: Jason Schonberg <schonm@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Add whitespaces when assigning variables in kas cofiguration.
We were getting:
WARNING: ... has a lack of whitespace around the assignment: 'BB_NUMBER_THREADS="24"'
WARNING: ... has a lack of whitespace around the assignment: 'BB_NUMBER_PARSE_THREADS="12"'
Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
|
| |
|
|
|
|
|
| |
Aide currently doesn't compile with musl because of copied getopt prototypes
and implementation.
Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
|
| |
|
|
| |
Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
|
| |
|
|
|
|
|
|
|
|
| |
We get an intermittent QA error about file permissions, happening roughly
on 1 build of 10.
The change adds chown to prevent host ids on files related to the
set_required_questions.py script, to avoid long debugging for now.
Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The previously used package (nmu1) is not longer available, use the latest current
one (nmu3). The changelog between the two:
checksecurity (2.0.16+nmu3) unstable; urgency=medium
* Non-maintainer upload.
* Fix "missing required debian/rules targets build-arch and/or build-
indep": Add targets to debian/rules.
(Closes: #999082)
* Fix "Removal of obsolete debhelper compat 5 and 6 in bookworm":
Bump to 7 in debian/{compat,control}.
(Closes: #965448)
* Fix some grave packaging errors:
- move debhelper from Build-Depends-Indep to Build-Depends
- remove temporary files debian/postrm.debhelper and debian/substvars from
source package
-- gregor herrmann <gregoa@debian.org> Sun, 26 Dec 2021 01:56:10 +0100
checksecurity (2.0.16+nmu2) unstable; urgency=medium
* Non maintainer upload by the Reproducible Builds team.
* No source change upload to rebuild on buildd with .buildinfo files.
-- Holger Levsen <holger@debian.org> Fri, 01 Jan 2021 19:17:53 +0100
Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
|
| |
|
|
|
|
|
|
|
|
| |
The package choice was using TUNE_FEATURES that doesn't work anymore
with multiple sub-architectures of RISCV. Instead use the overrides
and make sure to take into account also qemu versions.
Only riscv32/riscv64 does not work, fail on RDEPEND for qemu targets.
Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
|
| |
|
|
| |
Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Convert CuTest output to follow Automake-compatible format
(PASS:/FAIL:) so that ptest-runner can correctly parse and
report test results.
root@qemux86-64:~# ptest-runner samhain-standalone -t 3600
START: ptest-runner
2025-07-06T09:38
BEGIN: /usr/lib64/samhain-standalone/ptest
PASS: Test_quote_string_ok
PASS: Test_unquote_string_ok
PASS: Test_csv_escape_ok
PASS: Test_tiger
PASS: Test_tiger_file
PASS: Test_tiger_file_with_length
PASS: Test_sh_tools_safe_name_01
PASS: Test_sh_tools_safe_name_02
PASS: Test_sh_tools_safe_name_03
PASS: Test_sh_tools_safe_name_04
PASS: Test_sh_tools_safe_name_05
PASS: Test_sh_tools_safe_name_06
PASS: Test_sh_tools_safe_name_07
PASS: Test_is_numeric_01
PASS: Test_dnmalloc
PASS: Test_sh_unix_lookup_page
PASS: Test_sl_strlcpy
PASS: Test_sl_strlcat
PASS: Test_sh_util_acl_compact
PASS: Test_sh_util_strdup_ok
PASS: Test_sh_util_strconcat_ok
PASS: Test_sh_util_base64_enc_ok
PASS: Test_sh_util_dirname_ok
PASS: Test_sh_util_basename_ok
PASS: Test_sh_util_utf8_ok
PASS: Test_sh_util_obscure_ok
PASS: Test_sl_stale
PASS: Test_sl_snprintf
PASS: Test_sl_ts_strncmp
PASS: Test_sl_strcasecmp
PASS: Test_zAVLTree
PASS: Test_sha256
PASS: Test_entropy
PASS: Test_fifo
PASS: Test_file_lists
PASS: Test_file_dequote
PASS: Test_uuid
PASS: Test_ignore_ok
PASS: Test_inotify
PASS: Test_ipvx
PASS: Test_login
PASS: Test_login
PASS: Test_portcheck_lists
PASS: Test_processcheck_watchlist_ok
PASS: Test_processcheck_listhandle_ok
PASS: Test_restrict
PASS: Test_cmdlist
PASS: Test_srp
PASS: Test_string
DURATION: 0
END: /usr/lib64/samhain-standalone/ptest
2025-07-06T09:38
STOP: ptest-runner
TOTAL: 1 FAIL: 0
root@qemux86-64:~#
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
|
|
|
| |
Fix service startup
https://docs.suricata.io/en/suricata-7.0.0/command-line-options.html#cmdoption-i
Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Enabling ptest will significantly increase build time. Additionally,
since the ptest distro_feature is enabled by default in poky distro,
build time can be very long, which is annoying.
On my build host:
Enable ptest:
$ time build scap-security-guide
real 219m54.529s
user 0m49.040s
sys 0m1.304s
Disable ptest:
$ time build scap-security-guide
real 1m25.222s
user 0m3.306s
sys 0m0.166s
Since no one cares about this ptest and no one fixes the test failures.
Let's disable it.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
|
|
|
|
| |
Update to latest version to pick up fixes required for building with
CMake 4.0.
ChangeLog:
https://github.com/ComplianceAsCode/content/releases/tag/v0.1.77
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
|
| |
Log kas commands to files and export them as artefacts
Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Update for Ubuntu 24.04 runners:
- use venv for installing kas
- add missing directories
Assume that python3 and pip are installed.
Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
| |
Add a patch to fix building chkrootkit with gcc 15.
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
|
| |
Use the Debian mirror as the Ubuntu one is failing frequently.
Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Update libhoth SRCREV to its latest commit, and add patches to fix
gcc 15 and build dependency issues. Since the last update was
so long ago, the changelog is longer than seems reasonable to
include here, please refer to:
https://github.com/google/libhoth/commits/main/?since=2024-01-16&until=2025-07-03
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
|
|
| |
This picks up required gcc 15 fixes.
Changelog: https://bitbucket.org/sshguard/sshguard/src/master/CHANGELOG.rst
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The project does not use release branches; their release model currently
rebases the stable branch each release and relies on the release tags to
keep the commits referenced. Until their release model changes, just
use the release commit with nobranch.
See upstream issue [1] for details.
[1] https://github.com/ComplianceAsCode/content/issues/13543
Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
[tweaked commit message]
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
After commit 7a2b9acef2 "cargo: pass PACKAGECONFIG_CONFARGS to cargo build"
we don't need to include Parsec cargo build features into CARGO_BUILD_FLAGS.
Let's update PACKAGECONFIG options as lists of features.
A small fix in readme.md as well.
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
|
| |
Remove or update S definitions as required to work with oe-core
S/UNPACKDIR changes.
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
|
|
| |
Update LAYERSERIES_COMPAT in all layer.conf files with the exception
of meta-parsec to whinlatter. For meta-parsec, whinlatter has been
added, and the EOL releases removed, as an initial update.
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
|
|
|
| |
Fix "CVE_CHECK_IGNORE is deprecated in favor of CVE_STATUS"
https://docs.yoctoproject.org/dev/ref-manual/variables.html#term-CVE_STATUS
Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
|
|
|
| |
v2 : also fix some typos while we are here.
v3 : add fixes for isic and checksecurity
Signed-off-by: Jason Schonberg <schonm@gmail.com>
[removed already applied change]
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Add Marta and myself as maintainers for meta-security and the other
embedded layers that Armin had been maintaining. To avoid Armin
getting bugged about individual recipes, set the RECIPE_MAINTAINER
variables to myself for now as a starting point that can be adjusted
as things get more settled.
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
/var/log/suricata initialization is handled by
systemd-tmpfiles-setup.service, which occurs before services like
suricata
Work towards resolving:
ERROR: [...] do_rootfs: The following packages could not be configured
offline and rootfs is read-only: ['100-suricata']
Added in commit 36d656fe7244 ("suricata: add tmpfiles.d config")
systemd testing:
root@beaglebone-yocto:~# ls -d /var/log/suricata
/var/log/suricata
root@beaglebone-yocto:~# systemctl enable suricata
Created symlink '/etc/systemd/system/multi-user.target.wants/suricata.service' -> '/usr/lib/systemd/system/suricata.service'.
root@beaglebone-yocto:~# rmdir /var/log/suricata
root@beaglebone-yocto:~# reboot now
root@beaglebone-yocto:~# ls -d /var/log/suricata
/var/log/suricata
root@beaglebone-yocto:~# journalctl -o short-iso-precise -u systemd-tmpfiles-setup -u suricata
2025-05-20T00:45:46.450027+00:00 beaglebone-yocto systemd[1]: Starting Create System Files and Directories...
[...]
2025-05-20T00:45:47.041049+00:00 beaglebone-yocto systemd[1]: Finished Create System Files and Directories.
2025-05-20T00:45:47.542976+00:00 beaglebone-yocto systemd[1]: Started Suricata IDS/IDP daemon.
[...]
Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ERROR: suricata-7.0.0-r0 do_package_qa: QA Issue: File /usr/bin/suricata
in package suricata contains reference to TMPDIR [buildpaths]
ERROR: suricata-7.0.0-r0 do_package_qa: QA Issue: File
/usr/src/debug/suricata/7.0.0/src/build-info.h in package suricata-src
contains reference to TMPDIR [buildpaths]
Address references when src/build-info.h is being written
This is similar to Debian's approach:
https://sources.debian.org/patches/suricata/1:7.0.10-1~bpo12%2B1/reproducible.patch/
Restore the "already-stripped" check and CFLAGS info
Original resolution in commit c0e3fecc3bea ("suricata: fix QA warnings")
Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
If measured-uki support is not enabled or build is continuing
from previous stages, then the matching file list can be empty.
Fixes build failure where sed says no input files.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since OE bitbake commit 24772dd2ae6c ("parse/ConfHandler: Add warning for
deprecated whitespace usage"), the current build generates the following
warning (as example):
| WARNING: ...meta-security/meta-tpm/recipes-core/systemd/systemd-boot_%.bbappend:7
| has a lack of whitespace around the assignment:
| 'EXTRA_OEMESON:append= " ${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', '-Dtpm2=true', '', d)} "'
Fix all the warnings.
Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
* Some sources like merger/merger.py import json, so add
python3-json to RDEPENDS
* Fix following warning
has a lack of whitespace around the assignment: 'DESCRIPTION=xxx'
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The tpm2-pkcs11-tools python module is importing several modules which
are not currently included in it's dependencies. This causes the script
invocation to fail. The current commit adds the relevant dependencies,
to ensure that the python module is always able to run.
The relevant dependencies are:
* python3-fcntl: To add the fcntl module, imported in db.py.
* python3-sqlite3: To add the sqlite3 module, imported in db.py.
* python3-tpm2-pytss: To add the tpm2_pytss module, imported in
utils.py.
* python3-compression: To add the zipfile module, imported through
"importlib.metadata import distribution" in tpm2_ptool.
Signed-off-by: Omri Sarig <omri.sarig13@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
