Mirror of git.yoctoproject.org/meta-security.git https://git.enea.com/cgit/linux/meta-security.git/atom?h=master-next 2026-03-22T14:24:23+00:00 2026-03-22T14:24:23+00:00 Marta Rybczynska marta.rybczynska@ygreky.com 2026-03-19T13:12:19+00:00 urn:sha1:8028c573db6923525c2918724f2bd36d4a420e0b Update LAYERSERIES_COMPAT in all layer.conf files with the exception of meta-parsec to wrynose. For meta-parsec, added wrynose to the list of supported versions. Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com> 2025-11-13T20:03:36+00:00 Scott Murray scott.murray@konsulko.com 2025-11-13T20:03:36+00:00 urn:sha1:5770a76fc0d78a645ab254979986f572fd18b3ec It was pointed out that the recipe was wrongly doing FILESEXTRAPATHS:append, but on inspection the recipe does not need it at all, so just remove. Reported-by: Robert P. J. Day <rpjday@crashcourse.ca> Signed-off-by: Scott Murray <scott.murray@konsulko.com> 2025-07-04T16:41:20+00:00 Scott Murray scott.murray@konsulko.com 2025-07-02T22:38:07+00:00 urn:sha1:ea67ceefdca42da806f3312c6703eff769463b8b Update LAYERSERIES_COMPAT in all layer.conf files with the exception of meta-parsec to whinlatter. For meta-parsec, whinlatter has been added, and the EOL releases removed, as an initial update. Signed-off-by: Scott Murray <scott.murray@konsulko.com> 2025-06-27T21:16:05+00:00 Scott Murray scott.murray@konsulko.com 2025-06-27T18:46:17+00:00 urn:sha1:ebe9234fb8867d5be6916b52b54e24f191f5fcab Add Marta and myself as maintainers for meta-security and the other embedded layers that Armin had been maintaining. To avoid Armin getting bugged about individual recipes, set the RECIPE_MAINTAINER variables to myself for now as a starting point that can be adjusted as things get more settled. Signed-off-by: Scott Murray <scott.murray@konsulko.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2025-06-23T20:14:41+00:00 Armin Kuster akuster808@gmail.com 2025-06-23T20:14:41+00:00 urn:sha1:c5ce0b7e469fbee4ca630d3adefba63e3fefb3fe Signed-off-by: Armin Kuster <akuster808@gmail.com> 2025-03-12T19:31:15+00:00 Stefan Berger stefanb@linux.ibm.com 2025-02-06T20:54:41+00:00 urn:sha1:a76a5c51283b9d361caf514dc5cdebd72b5b4ca1 When IMA and EVM are used for file appraisal then EVM verifies the signature stored in security.evm. This signature covers file metadata (uid, gid, mode bits, etc.) as well as the security.ima xattr. Therefore, it is sufficient that only files' hashes are stored in security.ima. This also leads to slight performance improvements since IMA appraisal will then only verify that a file's hash matches the expected hash stored in security.ima. EVM will ensure that the signature over all the file metadata and security.ima xattr is correct. Therefore, give the user control over whether to store file signatures (--imasig) in ima.security or hashes (--imahash) by setting the option in IMA_EVM_IMA_XATTR_OPT. Only test-verify an IMA signature if --imasig is used as the option. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2025-02-03T02:11:12+00:00 akash hadke akash.hadke27@gmail.com 2025-01-09T10:43:48+00:00 urn:sha1:8fcbc47b9c56fe405a7a6d51ff0d8e2b756818ea getVar() now defaults to expanding by default, thus remove the True option from getVar() calls with a regex search and replace. Signed-off-by: Akash Hadke <akash.hadke27@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2024-12-27T16:28:23+00:00 Mikko Rapeli mikko.rapeli@linaro.org 2024-12-20T14:04:41+00:00 urn:sha1:1f7cc51443cb6baa1de519df1a9c570b3f5cae2a ima and meta-integrity are not enabled without and the test fails. Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2024-11-25T01:15:36+00:00 Armin Kuster akuster808@gmail.com 2024-10-05T16:33:45+00:00 urn:sha1:0055dfe35d98bcfb11cb649c89a868ad9c163497 Signed-off-by: Armin Kuster <akuster808@gmail.com> 2024-09-15T15:27:10+00:00 Armin Kuster akuster808@gmail.com 2024-09-15T15:27:10+00:00 urn:sha1:5e742d7fb09f63c558738dc9ec728dfdc624cec4 few more layers to fixup Signed-off-by: Armin Kuster <akuster808@gmail.com>