<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-security.git/recipes-core, branch walnascar</title>
<subtitle>Mirror of git.yoctoproject.org/meta-security.git</subtitle>
<id>https://git.enea.com/cgit/linux/meta-security.git/atom?h=walnascar</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-security.git/atom?h=walnascar'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/'/>
<updated>2025-01-07T01:01:40+00:00</updated>
<entry>
<title>packagegroup-core-security: drop firejail for musl</title>
<updated>2025-01-07T01:01:40+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2025-01-01T19:40:25+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=a9c3a4fdfd4d612e98613d94b10e1380c6180524'/>
<id>urn:sha1:a9c3a4fdfd4d612e98613d94b10e1380c6180524</id>
<content type='text'>
appears to be a known issue:
https://bugs.gentoo.org/937374

Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>dm-verity-image-initramfs: drop lvm2-udevrules</title>
<updated>2024-11-25T01:19:50+00:00</updated>
<author>
<name>Yi Zhao</name>
<email>yi.zhao@eng.windriver.com</email>
</author>
<published>2024-10-28T10:02:34+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=c9585ebfe802139c7a3452352723d117c82cc3af'/>
<id>urn:sha1:c9585ebfe802139c7a3452352723d117c82cc3af</id>
<content type='text'>
Drop lvm2-udevrules as it has been removed in meta-openembedded
commit[1].

[1] https://git.openembedded.org/meta-openembedded/commit/?h=master&amp;id=c37c867e1adddd6fa39cf3f3d4c6688ea6dc825a

Signed-off-by: Yi Zhao &lt;yi.zhao@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>recipes: WORKDIR -&gt; UNPACKDIR transition</title>
<updated>2024-06-17T12:25:25+00:00</updated>
<author>
<name>Changqing Li</name>
<email>changqing.li@windriver.com</email>
</author>
<published>2024-05-28T05:44:06+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=ceb47a8a39c4cec612db63fab573124960f52a8d'/>
<id>urn:sha1:ceb47a8a39c4cec612db63fab573124960f52a8d</id>
<content type='text'>
* WORKDIR -&gt; UNPACKDIR transition
* Switch away from S = WORKDIR

Signed-off-by: Changqing Li &lt;changqing.li@windriver.com&gt;
[Fixed up the smack changes due to prior patch]
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>packagegroup-core-security: update libseccomp dependencies</title>
<updated>2024-05-09T02:03:13+00:00</updated>
<author>
<name>Marta Rybczynska</name>
<email>rybczynska@gmail.com</email>
</author>
<published>2024-04-24T16:20:04+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=3a8837961075a6ddd60aa22852cdf6e625dfc426'/>
<id>urn:sha1:3a8837961075a6ddd60aa22852cdf6e625dfc426</id>
<content type='text'>
libseccomp requires DISTRO_FEATURE seccomp enabled. This one
is automatically removed for riscv, so we do not need to add
an additional condition.

This change is necessary for cve-check on world with meta-security

Signed-off-by: Marta Rybczynska &lt;marta.rybczynska@syslinbit.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>dm-verity-image-initramfs: Set IMAGE_NAME_SUFFIX to empty</title>
<updated>2024-03-27T16:36:58+00:00</updated>
<author>
<name>Kevin Hao</name>
<email>kexin.hao@windriver.com</email>
</author>
<published>2024-03-05T09:05:31+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=40ddb9e5ed71cc8787c929d5011f09e244123ef0'/>
<id>urn:sha1:40ddb9e5ed71cc8787c929d5011f09e244123ef0</id>
<content type='text'>
According to the Yocto reference manual [1], the IMAGE_NAME_SUFFIX should
be set to empty for the initramfs image. Otherwise, we may incur a build
error like following due to the initrd check in live-vm-common.bbclass:
  ERROR: core-image-minimal-1.0-r0 do_bootimg: build-test/tmp/deploy/images/genericx86-64/dm-verity-image-initramfs-genericx86-64.cpio.gz is invalid. initrd image creation failed.
  ERROR: core-image-minimal-1.0-r0 do_bootimg: ExecutionError('build-test/tmp/work/genericx86_64-poky-linux/core-image-minimal/1.0/temp/run.build_hddimg.1961965', 1, None, None)
  ERROR: Logfile of failure stored in: build-test/tmp/work/genericx86_64-poky-linux/core-image-minimal/1.0/temp/log.do_bootimg.1961965
  ERROR: Task (poky/meta/recipes-core/images/core-image-minimal.bb:do_bootimg) failed with exit code '1'

[1] https://docs.yoctoproject.org/ref-manual/variables.html#term-IMAGE_NAME_SUFFIX

Signed-off-by: Kevin Hao &lt;kexin.hao@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>dm-verity-image-initramfs: Allow compressed image types</title>
<updated>2023-08-06T15:31:18+00:00</updated>
<author>
<name>Wurm, Stephan</name>
<email>Stephan.Wurm@a-eberle.de</email>
</author>
<published>2023-07-21T08:44:05+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=a94674c5bc380580d9219d2bc470c408c1779de6'/>
<id>urn:sha1:a94674c5bc380580d9219d2bc470c408c1779de6</id>
<content type='text'>
Using &lt;DM_VERITY_IMAGE_TYPE&gt; in the depends variable does not work for
compressed image types like squashfs-zst, as the resulting task
dependency still contains the incompatible dash. Replacing the dash by
an underscore resolves this issue.

Signed-off-by: Stephan Wurm &lt;stephan.wurm@a-eberle.de&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>packagegroup-core-security: only include firejail x86-64 and arch64</title>
<updated>2023-07-31T10:18:52+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2023-06-30T11:15:05+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=e4318a3c5aa7772f3ed713552b9c82ffeffbd47d'/>
<id>urn:sha1:e4318a3c5aa7772f3ed713552b9c82ffeffbd47d</id>
<content type='text'>
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>qemu: move qemu setting to image and out of layer.conf</title>
<updated>2023-07-31T10:18:52+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2023-06-28T18:13:39+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=cfe73355683894ad30cc43a51973f55c2fcbf1c6'/>
<id>urn:sha1:cfe73355683894ad30cc43a51973f55c2fcbf1c6</id>
<content type='text'>
I suspect its better form to have these in the image definition.

Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>packagegroup-core-security: add os-release</title>
<updated>2023-06-25T19:05:28+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2023-06-22T16:16:42+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=515dd792bacac1e6c594990c80f4bccf8cd082a0'/>
<id>urn:sha1:515dd792bacac1e6c594990c80f4bccf8cd082a0</id>
<content type='text'>
Exclude openscap and scap-security-guide if musl

Fix RDEPENDS list to include compliance packages.

Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>dm-verity: hook separate hash into initramfs framework</title>
<updated>2023-06-25T19:05:28+00:00</updated>
<author>
<name>Paul Gortmaker</name>
<email>paul.gortmaker@windriver.com</email>
</author>
<published>2023-06-21T17:13:34+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=521e7b040a6011fd66d22be0c98b14ab40eca28b'/>
<id>urn:sha1:521e7b040a6011fd66d22be0c98b14ab40eca28b</id>
<content type='text'>
The prior commits create the separate hash so now it is time to update
the initramfs framework so that veritysetup, which is responsible for
binding the data and hash, is aware of when separate hash is in use,
and can react accordingly.

The added code follows the existing appended hash code style, but is
considerably smaller because it doesn't have the large case statement
that supports all possible identification schemes (label, UUID, ...).

With the root hash split in two to create the respective partition
UUIDs, we know exactly how to identify it, and the UUIDs used.

Signed-off-by: Paul Gortmaker &lt;paul.gortmaker@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
</feed>
