summaryrefslogtreecommitdiffstats
path: root/meta-security-compliance
Commit message (Collapse)AuthorAgeFilesLines
* meta-security-compliance: remove layerArmin Kuster2023-06-202-56/+0
| | | | | | simplify structure. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap: move to main meta-security layerArmin Kuster2023-06-202-106/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* lynis: move to main meta-security layerArmin Kuster2023-06-202-93/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap: Drop OE specific recipeArmin Kuster2023-06-202-69/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap: Fix native build missing dependsArmin Kuster2023-06-201-6/+54
| | | | | | | Include .inc for pending change New host OS required an addition to the depends file Signed-off-by: Armin Kuster <akuster808@gmail.com>
* oe-scap: Not maintained nor upstreamedArmin Kuster2023-06-206-214/+0
| | | | | | drop Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap-daemon: This is now obsoleteArmin Kuster2023-06-202-153/+0
| | | | | | drop pkg Signed-off-by: Armin Kuster <akuster808@gmail.com>
* complicance/isafw: remove oeqa addpylibChen Qi2023-06-201-2/+0
| | | | | | | | | These two layers do not have oeqa lib modules. Remove these two lines. Otherwise, `bitbake-layers add-layer <any_layer>' would fail if either of these two layers are in BBLAYERS. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide_git: drop oe versionArmin Kuster2023-06-2010-395/+0
| | | | | | This is un-maintained so dropping this version Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: update to tipArmin Kuster2023-06-201-3/+34
| | | | | | Make default Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: update to 0.1.67Armin Kuster2023-06-111-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* layer.conf: Insert addpylib declarationArmin Kuster2023-05-221-0/+2
| | | | | | | | | | | Yocto mickledore introduced the addpylib directive for explicitly adding layer paths to the PYTHONPATH. Standalone OEQA test suite discovery does not require this directive but it is required to import test cases from other layers, e.g. to extend and modify the test cases. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openembedded-release: drop as os-release does this nowArmin Kuster2023-05-061-32/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* os-release.bbappend: drop now CPE_NAME is in coreArmin Kuster2023-05-061-1/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* lynis: Add decoding OE and PokyArmin Kuster2023-05-062-1/+54
| | | | | | Patch sent upstream. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap git: add DEFAULT_PREFERENCEArmin Kuster2023-03-201-0/+2
| | | | | | This recipe is not maintained and will be dropped by the next LTS if nothing changes. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap: update to 1.3.7Armin Kuster2023-03-201-3/+1
| | | | | | | | remove DEFAULT_PREFERENCE -1 The git version is unmaintained Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap: update to 1.3.6Armin Kuster2023-03-202-9/+21
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-security-compliance/layer: lower the priority from 10 to 6Jose Quaresma2023-03-201-1/+1
| | | | | | | | | | The priority change on sumo version without any description. Since then is very hard to add in other layers a new version of any recipe on this layer with such priority so these patch reverts the priority back to 6. Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap: add libpcre DEPEDNS to fix do_configure failureChen Qi2023-01-161-2/+2
| | | | | | | | swig has switched to use libpcre2, we need to add libpcre to DEPENDS to avoid do_configure failure. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* layer.conf: update LAYERSERIES_COMPAT for mickledoreMartin Jansa2023-01-041-1/+1
| | | | | | | | * oe-core switched to mickedore in: https://git.openembedded.org/openembedded-core/commit/?id=57239d66b933c4313cf331d35d13ec2d0661c38f Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* README: update email addressArmin Kuster2022-06-231-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* lynis: update to 3.0.8Armin Kuster2022-06-231-1/+1
| | | | | | See changelog for details: https://cisofy.com/changelog/lynis/#308 Signed-off-by: Armin Kuster <akuster808@gmail.com>
* layer.conf: Post release codename changesArmin Kuster2022-06-071-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* LICENSE: update to SPDX standard namesJoe Slater2022-04-133-3/+3
| | | | | | | Use convert-spdx-licenses.py to update LICENSE in recipes. Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap-daemon: use renamaed python_setuptools_build_metaArmin Kuster2022-04-021-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap-daemon: fix wheels and License issues.Armin Kuster2022-03-111-2/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* layer.conf: Update to use kirkstoneArmin Kuster2022-02-201-1/+1
| | | | | | | Update the layers to use the kirkstone namespace. No compatibility is made for honister due to the variable renaming. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: Fix openembedded platform testsAkshay Bhat2022-02-202-0/+31
| | | | | | | | | Update the installed_OS_is_openembedded check to drop the quotes in the VERSION_ID string to match f451c68667cca of openembedded-core. Without this fix, all tests are reported as "notapplicable". Signed-off-by: Akshay Bhat <akshay.bhat@timesys.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* recipes: Update SRC_URI branch and protocolsArmin Kuster2021-11-046-6/+6
| | | | | | | | This patch updates SRC_URIs using git to include branch=master if no branch is set and also to use protocol=https for github urls as generated by the conversion script in OE-Core. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* layer.conf: Update to honisterMartin Jansa2021-08-011-1/+1
| | | | | | | This marks the layers as compatible with honister now they use the new override syntax. Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* meta-security-compliance: Convert to new override syntaxArmin Kuster2021-08-015-15/+15
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* layer.conf: Add hardknott to LAYERSERIES_COMPATArmin Kuster2021-03-181-1/+1
| | | | | | Thats codename for 3.3 Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: Inherit python3targetconfigArmin Kuster2021-02-231-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap: Inherit python3targetconfigArmin Kuster2021-02-231-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: Fix openembedded platform tests and buildJate Sujjavanich2021-02-143-0/+82
| | | | | | | | Add patches to fix openembedded nodistro tests and openembedded build within ssg metadata. Signed-Off-By: Jate Sujjavanich <jatedev@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: fix build with Python 3.9Yi Zhao2020-11-154-0/+161
| | | | | | | | | | | | | | | The getchildren and getiterator functions are deprecated in Python 3.9. Backport 3 patches to fix the build issue. Fixes: File "/build/tmp/work/cortexa8hf-neon-poky-linux-gnueabi/scap-security-guide/0.1.44+gitAUTOINC+5fdfdcb2e9-r0/git/ssg/build_stig.py", line 41, in add_references index = rule.getchildren().index(ref) AttributeError: 'xml.etree.ElementTree.Element' object has no attribute 'getchildren' Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-security: Add gatesgarth to LAYERSERIES_COMPATArmin Kuster2020-10-191-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: add expat-native to DEPENDSMingli Yu2020-10-151-1/+1
| | | | | | | | | Add expat-native to DEPENDS to fix the below do_configure error: | CMake Error at CMakeLists.txt:165 (message): | xmlwf is required! Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* lynis: update to 3.0.0Armin Kuster2020-07-251-2/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap: update to 1.3.3Armin Kuster2020-06-192-3/+3
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* layer.conf: update LAYERSERIES_COMPAT for dunfellMartin Jansa2020-03-271-1/+1
| | | | | Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* lynis: add missing rdependsArmin Kuster2020-03-271-1/+1
| | | | | | add findutils Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap-daemon: add missing runtime dependenciesYi Zhao2020-03-271-1/+4
| | | | | | | | Add missing runtime dependencies otherwise /usr/bin/oscapd can not startup. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: pass the correct schema file path to openscap-nativeYi Zhao2020-03-051-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | There is a build error when using openscap-native sstate cache. Steps to reproduce: Create a new build project in build-1 directory. $ bitbake openscap-native Then remove the whole build directory only keep the sstate-cache directory as a sstate mirror. Create another new build project in build-2 directory. Set SSTATE_MIRRORS $ bitbake scap-security-guide Error message: OpenSCAP Error: Schema file 'xccdf/1.1/xccdf-schema.xsd' not found in path '/buildarea/build-1/tmp/work-shared/openscap/oscap-build-artifacts/usr/share/openscap/schemas' when trying to validate '/buildarea/build-2/tmp/work/core2-64-poky-linux/scap-security-guide/0.1.44+gitAUTOINC+5fdfdcb2e9-r0/git/build/jre/xccdf-unlinked-resolved.xml' [/buildarea/build-1/tmp/work/x86_64-linux/openscap-native/1.3.1+gitAUTOINC+4bbdb46ff6-r0/git/src/source/validate.c:104] The oscap command from openscap-native tries to find the schema files in build-1 directory since these paths are hardcoded when building openscap-native. We need to pass the correct schema/xslt/cpe paths to oscap to make sure it can find the files in right location. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: fix xml parsing error when build remediation filesYi Zhao2020-02-093-1/+78
| | | | | | | | | | | | | | Backport 2 patches to fix the build error: Processing fix.text for: java_jre_configure_crypto_policy rule Unable to extract part of the fix.text after inclusion of remediation functions. Aborting.. jre/CMakeFiles/generate-internal-jre-bash-fixes.xml.dir/build.make:60: recipe for target 'jre/bash-fixes.xml' failed make[2]: *** [jre/bash-fixes.xml] Error 1 make[2]: *** Deleting file 'jre/bash-fixes.xml' Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-security-compliance/conf/layer.conf: fix typoArmin Kuster2019-12-151-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-security: add layer index calloutsArmin Kuster2019-12-071-0/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* layer.conf: Update for zeus seriesArmin Kuster2019-10-111-1/+1
| | | | | | Signed-off-by: Armin Kuster <akuster808@gmail.com> Acked-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* oe-scap: Fix QA RDEPENDS errorArmin Kuster2019-09-071-1/+1
| | | | | | ERROR: oe-scap-1.0-r0 do_package_qa: QA Issue: /usr/share/oe-scap/run_tests.sh contained in package oe-scap requires /bin/bash, but no providers found in RDEPENDS_oe-scap? [file-rdeps] Signed-off-by: Armin Kuster <akuster808@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-06-24 00:08:29 +0000