mirrors/meta-security
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-security synced 2026-06-04 14:10:22 +00:00
Code Issues Projects Releases Wiki Activity

Security layer version 1.0

Browse Source 
Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com>
This commit is contained in:
Andrei Dinu
2013-07-10 16:41:44 +03:00
parent f359c35ab2
commit d54c9d7dad
15 changed files with 525 additions and 84 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README
+189 -2
View File
@@ -15,7 +15,7 @@ This layer depends on:
prio: default
Adding the security layer to your build
=================================================
========================================
In order to use this layer, you need to make the build system aware of
it.
@@ -29,8 +29,195 @@ other layers needed. e.g.:
/path/to/yocto/meta \
/path/to/poky/meta-security \
Contents and Help
=================
In this section the contents of the layer is listed, along with a short
help for each package.
== bastille ==
Bastille is a system hardening / lockdown program which enhances the
security of a Unix host. It configures daemons, system settings and
firewalls to be more secure. It can shut off unneeded services
like rcp and rlogin, and helps create "chroot jails" that help limit the
vulnerability of common Internet services like Web services and DNS.
usage : Bastille can be used via meta-security layer only in command line mode.
To start Bastille simply write in a terminal :
bastille -c
If this is the first usage of Bastille on the system, the user will be
guided through a list of questions which need to be answered. In the end,
a config file will be created and run. After these steps, you will have a
hardened system.
If you only want to run the config file, without stepping through the
list of questions, simply write in a terminal :
bastille -b
More information can be found in the package readme and manual.
== redhat-security ==
Sometimes you want to check different aspects of a distribution for security problems.
This can be anything from file permissions to correctness of code. This is a collection of those tools.
Depending on what information the tool has to access, it may need to be run as root.
- rpm-chksec.sh : This will take an rpm name as input and verify each ELF file to see if its compiled with the intended flags
to most effectively use PIE and RELRO. Green is good, Orange could use work but is acceptable, and Red needs fixing.
It has a mode --all that is the equivalent of using rpm -qa and feeding the packages to it.
In this mode it will only give a summary result for the package. To find which files don't comply,
re-run using just the package name.
- find-nodrop-groups.sh : This will scan a whole file system to see if a program makes calls to change UID
and GID without also calling setgroups or initgroups.
- rpm-drop-groups.sh : Same as above, but takes an rpm name instead.
- find-chroot.sh : This script scans the whole file system looking for ELF files that calls chroot(2) that also do not include a call to chdir.
Programs that fail to do this do not have the cwd inside the chroot. This means the app can escape the protection that was intended.
- find-chroot-py.sh : This test is like the one above except it examines python scripts for the same problem.
- find-execstack.sh : This program scans the whole file system for ELF programs that have marked the stack as being executable.
This means that if the program has another vulnerablity such as stack buffer overflow,
any code the attacker places there is executable. Any program found must be fixed.
- find-hidden-exec.sh : This program scans the whole file system looking for excutables that are hidden.
Anything found must be investigated since its highly unusual for executables to be hidden.
- find-sh4errors.sh : This program scans the whole file system looking for shell scripts.
It then does a sh -n on the script which causes bash to parse the file to see if there are any mistakes.
- selinux-check-devices.sh : This script checks the /dev directory to see if there are any devices that are not correctly labeled.
Anything found by this test should be reported so that selinux policy can be fixed.
This test is very hardware specific, so to be effective a lot of people with different hardware
should run this test each upstream kernel version release.
- selinux-ls-unconfined.sh : This script scans the running processes and looks for anything labeled with initrc_t or inetd.
These both mean that there are daemons that do not have policy and are therefore running unconfined.
These should be reported as SE Linux policy problems. Because it checks currently running daemons,
the more you have running, the better the test is.
- find-sh4tmp.sh : This script scans the whole filesystem to check if shell scripts are using well known tmp file names
instead of obscure ones created by something like mktemp.
- find-elf4tmp.sh : This script scans the whole file system for ELF files using /tmp. When it finds this,
it also looks to see if any of the known good random name generator functions is called by looking
at the symbol table. If not, it will output the string.
- lib-bin-check.sh : This will check all installed library packages to see if an application is also part of the package.
The relationship to security is that the SHA256 hash check will fail if a 32 bit version overwrites it.
Also, the less binaries on a system, the more secure it is by virtue of removing the chance for an exploitable bug.
usage : simply invoke the script name in the terminal.
== pax-utils ==
pax-utils is a small set of various PaX aware and related utilities for
ELF binaries.
- scanelf : With this application you can print out information specific to the ELF structure of a binary.
For more help please consult the man pages or the readme file.
- pspax : is a user-space utility that scans the proc directory and list
ELF types, as well as their respective PaX flags and filenames and
attributes. Depending on build options, it may additionaly display the
process running set of capabilities.
- scanmacho : is a user-space utility to quickly scan given
Mach-Os, directories, or common system paths for different information. This
may include Mach-O types, their install_names, etc.
- dumpelf : is a user-space utility to dump all of the internal
ELF structures into the equivalent C structures for fun debugging and/or
reference purposes.
usage : simply invoke the script name in the terminal.
== buck-security ==
Buck-Security is a security scanner for Debian and Ubuntu Linux. It runs a couple of important checks and helps you to harden your Linux
system. This enables you to quickly overview the security status of your Linux system.
usage : switch to directory /usr/local/buck-security.
before running the script, you should check the activated checks in conf/buck-security.conf file.
after altering the changes, save the file and simply run :
./buck-security
you can choose between different outputs : 1, 2(default) or 3.
More detailed usage can be found typing ./buck-security --help
== libseccomp ==
The libseccomp library provides and easy to use, platform independent, interface to the Linux Kernel's syscall filtering mechanism: seccomp.
The libseccomp API is designed to abstract away the underlying BPF based syscall filter language and present a more conventional
function-call based filtering interface that should be familiar to, and easily adopted by application developers.
usage : More detailed usage can be found in the man pages and README file of the package.
== checksecurity ==
checksecurity is a simple package which will scan your system for several simple security holes.
It uses a simple collection of plugins, all of which are shell scripts which are configured by environmental variables.
!! IMPORTANT !!
When including this package in the image, please consider adding the following line to the end of the conf/local.conf file:
CORE_IMAGE_EXTRA_INSTALL = "coreutils"
usage : To start checksecurity simply write in the terminal :
checksecurity
More detailed usage can be found in the man pages and README file of the package.
== nikto ==
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items,
including over 6500 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific
problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files,
HTTP server options, and will attempt to identify installed web servers and software.
usage : To start nikto simply write in the terminal :
nikto
More detailed usage can be found in the man pages and README file of the package.
== nmap ==
Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing.
Many systems and network administrators also find it useful for tasks such as network inventory,
managing service upgrade schedules, and monitoring host or service uptime.
usage : To start nikto simply write in the terminal :
nmap
More detailed usage can be found in the man pages and README file of the package.
License
-------
=======
All metadata is MIT licensed unless otherwise stated. Source code included
in tree for individual recipes is under the LICENSE stated in each recipe
recipes-security/Mail-SpamAssasin/Mail-SpamAssassin_3.3.2.bb
-19
View File
@@ -1,19 +0,0 @@
SUMMARY = "e-mail filter"
DESCRIPTION = "SpamAssassin is a mail filter which attempts to identify spam using a variety of mechanisms including text analysis, Bayesian filtering, DNS blocklists, and collaborative filtering databases."
SECTION = "security"
LICENSE = "GPL-2.0"
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10"
DEPENDS = "perl"
SRC_URI = "http://apache.mirrors.hoobly.com/spamassassin/source/${PN}-${PV}.tar.gz"
SRC_URI[md5sum] = "d1d62cc5c6eac57e88c4006d9633b81e"
SRC_URI[sha256sum] = "5323038939a0ef9fc97d5264defce3ae1d95e98b3a94c4c3b583341c927f32df"
EXTRA_CPANFLAGS = "EXPATLIBPATH=${STAGING_LIBDIR} EXPATINCPATH=${STAGING_INCDIR}"
inherit cpan
do_compile(){
export LIBC="$(find ${STAGING_DIR_TARGET}/${base_libdir}/ -name 'libc-*.so')"
cpan_do_compile
}
recipes-security/bastille/bastille_3.2.1.bb
+1
View File
@@ -4,6 +4,7 @@ LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=c93c0550bd3173f4504b2cbd8991e50b"
# Bash is needed for set +o privileged (check busybox), might also need ncurses
RDEPENDS_${PN} = "perl bash tcl perl-module-getopt-long perl-module-text-wrap lib-perl perl-module-file-path perl-module-mime-base64 perl-module-file-find perl-module-errno perl-module-file-glob perl-module-tie-hash-namedcapture perl-module-file-copy perl-module-english perl-module-exporter perl-module-cwd curses-perl coreutils"
FILES_${PN} += "/run/lock/subsys/bastille"
inherit allarch
recipes-security/nikto/files/location.patch
+36
View File
@@ -0,0 +1,36 @@
From e10b9b1f6704057ace39956ae1dc5c7caca07ff1 Mon Sep 17 00:00:00 2001
From: Andrei Dinu <andrei.adrianx.dinu@intel.com>
Date: Mon, 8 Jul 2013 11:53:54 +0300
Subject: [PATCH] Setting the location of nikto on the image
Upstream Status: Inapropriate
Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com>
---
nikto.conf | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/nikto.conf b/nikto.conf
index 25b784d..9577033 100644
--- a/nikto.conf
+++ b/nikto.conf
@@ -61,11 +61,11 @@ CIRT=174.142.17.165
CHECKMETHODS=HEAD GET
# If you want to specify the location of any of the files, specify them here
-# EXECDIR=/opt/nikto # Location of Nikto
-# PLUGINDIR=/opt/nikto/plugins # Location of plugin dir
-# DBDIR=/opt/nikto/databases # Location of plugin dir
-# TEMPLATEDIR=/opt/nikto/templates # Location of tempmlate dir
-# DOCDIR=/opt/nikto/docs # Location of docs dir
+EXECDIR=/usr/bin/nikto # Location of Nikto
+PLUGINDIR=/etc/nikto/plugins # Location of plugin dir
+DBDIR=/etc/nikto/databases # Location of plugin dir
+TEMPLATEDIR=/etc/nikto/templates # Location of tempmlate dir
+DOCDIR=/usr/share/doc/nikto # Location of docs dir
# Default plugin macros
@@MUTATE=dictionary;subdomain
--
1.7.9.5
recipes-security/nikto/nikto_2.1.5.bb
+101
View File
@@ -0,0 +1,101 @@
SUMMARY = "web server scanner"
DESCRIPTION = "Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6500 potentially dangerous \
files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers."
SECTION = "security"
LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
RDEPENDS_${PN} = "perl libnet-ssleay-perl perl-module-getopt-long perl-module-time-local perl-module-io-socket nikto-doc"
SRC_URI = "http://cirt.net/nikto/${PN}-${PV}.tar.gz \
file://location.patch"
SRC_URI[md5sum] = "efcc98a918becb77471ee9a5df0a7b1e"
SRC_URI[sha256sum] = "0e672a6a46bf2abde419a0e8ea846696d7f32e99ad18a6b405736ee6af07509f"
do_install() {
install -d ${D}${bindir}
install -d ${D}${datadir}
install -d ${D}${datadir}/man/man1
install -d ${D}${datadir}/doc/nikto
install -d ${D}${sysconfdir}/nikto
install -d ${D}${sysconfdir}/nikto/databases
install -d ${D}${sysconfdir}/nikto/plugins
install -d ${D}${sysconfdir}/nikto/templates
install -m 0644 databases/db_404_strings ${D}${sysconfdir}/nikto/databases
install -m 0644 databases/db_content_search ${D}${sysconfdir}/nikto/databases
install -m 0644 databases/db_dictionary ${D}${sysconfdir}/nikto/databases
install -m 0644 databases/db_embedded ${D}${sysconfdir}/nikto/databases
install -m 0644 databases/db_favicon ${D}${sysconfdir}/nikto/databases
install -m 0644 databases/db_headers ${D}${sysconfdir}/nikto/databases
install -m 0644 databases/db_httpoptions ${D}${sysconfdir}/nikto/databases
install -m 0644 databases/db_multiple_index ${D}${sysconfdir}/nikto/databases
install -m 0644 databases/db_outdated ${D}${sysconfdir}/nikto/databases
install -m 0644 databases/db_parked_strings ${D}${sysconfdir}/nikto/databases
install -m 0644 databases/db_realms ${D}${sysconfdir}/nikto/databases
install -m 0644 databases/db_server_msgs ${D}${sysconfdir}/nikto/databases
install -m 0644 databases/db_subdomains ${D}${sysconfdir}/nikto/databases
install -m 0644 databases/db_tests ${D}${sysconfdir}/nikto/databases
install -m 0644 databases/db_variables ${D}${sysconfdir}/nikto/databases
install -m 0644 plugins/JSON-PP.pm ${D}${sysconfdir}/nikto/plugins
install -m 0644 plugins/LW2.pm ${D}${sysconfdir}/nikto/plugins
install -m 0644 plugins/nikto_apache_expect_xss.plugin ${D}${sysconfdir}/nikto/plugins
install -m 0644 plugins/nikto_apacheusers.plugin ${D}${sysconfdir}/nikto/plugins
install -m 0644 plugins/nikto_auth.plugin ${D}${sysconfdir}/nikto/plugins
install -m 0644 plugins/nikto_cgi.plugin ${D}${sysconfdir}/nikto/plugins
install -m 0644 plugins/nikto_clientaccesspolicy.plugin ${D}${sysconfdir}/nikto/plugins
install -m 0644 plugins/nikto_content_search.plugin ${D}${sysconfdir}/nikto/plugins
install -m 0644 plugins/nikto_cookies.plugin ${D}${sysconfdir}/nikto/plugins
install -m 0644 plugins/nikto_core.plugin ${D}${sysconfdir}/nikto/plugins
install -m 0644 plugins/nikto_dictionary_attack.plugin ${D}${sysconfdir}/nikto/plugins
install -m 0644 plugins/nikto_embedded.plugin ${D}${sysconfdir}/nikto/plugins
install -m 0644 plugins/nikto_favicon.plugin ${D}${sysconfdir}/nikto/plugins
install -m 0644 plugins/nikto_fileops.plugin ${D}${sysconfdir}/nikto/plugins
install -m 0644 plugins/nikto_headers.plugin ${D}${sysconfdir}/nikto/plugins
install -m 0644 plugins/nikto_httpoptions.plugin ${D}${sysconfdir}/nikto/plugins
install -m 0644 plugins/nikto_msgs.plugin ${D}${sysconfdir}/nikto/plugins
install -m 0644 plugins/nikto_multiple_index.plugin ${D}${sysconfdir}/nikto/plugins
install -m 0644 plugins/nikto_outdated.plugin ${D}${sysconfdir}/nikto/plugins
install -m 0644 plugins/nikto_parked.plugin ${D}${sysconfdir}/nikto/plugins
install -m 0644 plugins/nikto_paths.plugin ${D}${sysconfdir}/nikto/plugins
install -m 0644 plugins/nikto_put_del_test.plugin ${D}${sysconfdir}/nikto/plugins
install -m 0644 plugins/nikto_report_csv.plugin ${D}${sysconfdir}/nikto/plugins
install -m 0644 plugins/nikto_report_html.plugin ${D}${sysconfdir}/nikto/plugins
install -m 0644 plugins/nikto_report_msf.plugin ${D}${sysconfdir}/nikto/plugins
install -m 0644 plugins/nikto_report_nbe.plugin ${D}${sysconfdir}/nikto/plugins
install -m 0644 plugins/nikto_report_text.plugin ${D}${sysconfdir}/nikto/plugins
install -m 0644 plugins/nikto_report_xml.plugin ${D}${sysconfdir}/nikto/plugins
install -m 0644 plugins/nikto_robots.plugin ${D}${sysconfdir}/nikto/plugins
install -m 0644 plugins/nikto_siebel.plugin ${D}${sysconfdir}/nikto/plugins
install -m 0644 plugins/nikto_ssl.plugin ${D}${sysconfdir}/nikto/plugins
install -m 0644 plugins/nikto_subdomain.plugin ${D}${sysconfdir}/nikto/plugins
install -m 0644 plugins/nikto_tests.plugin ${D}${sysconfdir}/nikto/plugins
install -m 0644 templates/htm_close.tmpl ${D}${sysconfdir}/nikto/templates
install -m 0644 templates/htm_end.tmpl ${D}${sysconfdir}/nikto/templates
install -m 0644 templates/htm_host_head.tmpl ${D}${sysconfdir}/nikto/templates
install -m 0644 templates/htm_host_im.tmpl ${D}${sysconfdir}/nikto/templates
install -m 0644 templates/htm_host_item.tmpl ${D}${sysconfdir}/nikto/templates
install -m 0644 templates/htm_start.tmpl ${D}${sysconfdir}/nikto/templates
install -m 0644 templates/htm_stop.tmpl ${D}${sysconfdir}/nikto/templates
install -m 0644 templates/htm_start.tmpl ${D}${sysconfdir}/nikto/templates
install -m 0644 templates/htm_summary.tmpl ${D}${sysconfdir}/nikto/templates
install -m 0644 templates/xml_end.tmpl ${D}${sysconfdir}/nikto/templates
install -m 0644 templates/xml_host_head.tmpl ${D}${sysconfdir}/nikto/templates
install -m 0644 templates/xml_host_im.tmpl ${D}${sysconfdir}/nikto/templates
install -m 0644 templates/xml_host_item.tmpl ${D}${sysconfdir}/nikto/templates
install -m 0644 templates/xml_start.tmpl ${D}${sysconfdir}/nikto/templates
install -m 0644 templates/xml_summary.tmpl ${D}${sysconfdir}/nikto/templates
install -m 0644 nikto.conf ${D}${sysconfdir}
install -m 0755 nikto.pl ${D}${bindir}/nikto
install -m 0644 replay.pl ${D}${bindir}
install -m 0644 docs/nikto.1 ${D}${datadir}/man/man1
install -m 0644 docs/CHANGES.txt ${D}${datadir}/doc/nikto
install -m 0644 docs/LICENSE.txt ${D}${datadir}/doc/nikto
install -m 0644 docs/nikto.dtd ${D}${datadir}/doc/nikto
install -m 0644 docs/nikto_manual.html ${D}${datadir}/doc/nikto
}
recipes-security/nmap/nmap_6.25.bb
+3
View File
@@ -3,6 +3,7 @@ DESCRIPTION = "Nmap ("Network Mapper") is a free and open source (license) utili
SECTION = "security"
LICENSE = "GPL-2.0"
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
FILES_${PN} += "${target_datadir}/ncat"
SRC_URI = "http://nmap.org/dist/${PN}-${PV}.tar.bz2 \
file://lua.patch"
@@ -12,6 +13,8 @@ SRC_URI[sha256sum] = "3349cc6d36b86b95ca2b8075d16615a3a598cef494920d6652f9a8bf9f
inherit autotools
DEPENDS = "libpcap"
EXTRA_OECONF = "--without-liblua --without-zenmap"
do_configure() {
recipes-security/openvas-cli/openvas-cli_1.2.0.bb
-13
View File
@@ -1,13 +0,0 @@
DESCRIPTION = "The module OpenVAS-CLI collects command line tools to handle with the OpenVAS services via the respective protocols."
SECTION = "security"
LICENSE = "GPL-2.0"
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
DEPENDS = "gnutls openvas-libraries glib-2.0"
SRC_URI = "http://wald.intevation.org/frs/download.php/1323/${PN}-${PV}.tar.gz"
SRC_URI[md5sum] = "e712eb71f3a13cc1b70b50f696465f8e"
SRC_URI[sha256sum] = "d195ca01a44940d1e6fd2ad54ee4fc9b57a3d103235f0a1f05a8b35d97db6be8"
inherit cmake pkgconfig
recipes-security/openvas-libraries/files/g_type_init.patch
-36
View File
@@ -1,36 +0,0 @@
From f498503889b8178f165afa66dc33aa8ad8901371 Mon Sep 17 00:00:00 2001
From: Andrei Dinu <andrei.adrianx.dinu@intel.com>
Date: Fri, 28 Jun 2013 09:38:08 +0300
Subject: [PATCH] removed the g_type_init()
The function is depricated in glib >= 2.35.0 and is
automatically called.
Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com>
---
base/openvas_file.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/base/openvas_file.c b/base/openvas_file.c
index 8597198..d110c7f 100644
--- a/base/openvas_file.c
+++ b/base/openvas_file.c
@@ -164,7 +164,6 @@ openvas_file_copy (const gchar *source_file, const gchar *dest_file)
GFile *sfile, *dfile;
GError *error;
- g_type_init ();
sfile = g_file_new_for_path (source_file);
dfile = g_file_new_for_path (dest_file);
error = NULL;
@@ -200,7 +199,6 @@ openvas_file_move (const gchar *source_file, const gchar *dest_file)
GFile *sfile, *dfile;
GError *error;
- g_type_init ();
sfile = g_file_new_for_path (source_file);
dfile = g_file_new_for_path (dest_file);
error = NULL;
--
1.7.9.5
recipes-security/openvas-libraries/openvas-libraries_6.0.0.bb
-14
View File
@@ -1,14 +0,0 @@
DESCRIPTION = "This is the libraries module for the Open Vulnerability Assessment System (OpenVAS)."
SECTION = "security"
LICENSE = "GPL-2.0"
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
DEPENDS = "bison flex gpgme glib-2.0"
SRC_URI = "http://wald.intevation.org/frs/download.php/1303/${PN}-${PV}.tar.gz \
file://g_type_init.patch"
SRC_URI[md5sum] = "0e8b73ee4ad5b36984b5d7be5d6bdfc0"
SRC_URI[sha256sum] = "50d23afd46f7b49c4cb82a6500b0fe1fb53378af5efce95fd275ea33c879e1dd"
inherit cmake pkgconfig
recipes-security/perl/files/libwhisker2.patch
+73
View File
@@ -0,0 +1,73 @@
From 34698c7f561fb575293a1c991a71e1b4ddc5ae73 Mon Sep 17 00:00:00 2001
From: Andrei Dinu <andrei.adrianx.dinu@intel.com>
Date: Fri, 5 Jul 2013 11:56:58 +0300
Subject: [PATCH] Mandir and perl install dir were overwritten with faulty
information in the Makefile. Now the Mandir and perl
install dir are sent via paramters from the recipe.
Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com>
---
Makefile.pl | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/Makefile.pl b/Makefile.pl
index 9ca5602..8776e18 100644
--- a/Makefile.pl
+++ b/Makefile.pl
@@ -131,6 +131,8 @@ foreach (keys %MODULES){
# adjust DESTDIR, if needed
$DESTDIR = $ENV{DESTDIR} if(defined $ENV{DESTDIR});
+$MANDIR = $ENV{MANDIR} if(defined $ENV{MANDIR});
+$INSTALLDIR = $ENV{INSTALLDIR} if(defined $ENV{INSTALLDIR});
# parse command line build options
while($COMMAND = shift @ARGV){
@@ -171,7 +173,7 @@ sub command_install_pod {
command_build() if(!-e $TARGET);
die("Can not install without Config.pm") if($MODULES{Config}==0);
$CWD=&cwd if($MODULES{Cwd}>0);
- my $where=$DESTDIR . $Config{'man3direxp'};
+ my $where=$DESTDIR . $MANDIR;
my $t = $TARGET;
if($LIBRARY){
$t="$PACKAGE.3pm";
@@ -219,7 +221,7 @@ sub command_install_pod {
sub command_uninstall_pod {
die("Can not uninstall without Config.pm") if($MODULES{Config}==0);
$CWD=&cwd if($MODULES{Cwd}>0);
- my $where=$DESTDIR . $Config{'man3direxp'};
+ my $where=$DESTDIR . $MANDIR;
my $t = $TARGET;
if($LIBRARY){
$t="$PACKAGE.3pm";
@@ -243,7 +245,7 @@ sub command_install_library {
command_build() if(!-e $TARGET);
die("Can not install without Config.pm") if($MODULES{Config}==0);
$CWD=&cwd if($MODULES{Cwd}>0);
- my $where=$DESTDIR . $Config{'installsitelib'};
+ my $where=$DESTDIR . $INSTALLDIR;
if(!-e $where){
print STDOUT "WARNING!\n\n",
"The local perl site directory does not exist:\n",
@@ -271,7 +273,7 @@ sub command_install_library {
sub command_uninstall_library {
die("Can not uninstall without Config.pm") if($MODULES{Config}==0);
$CWD=&cwd if($MODULES{Cwd}>0);
- my $where=$DESTDIR . $Config{'installsitelib'};
+ my $where=$DESTDIR . $INSTALLDIR;
chdir($where);
if(-e $TARGET){
unlink $TARGET;
@@ -401,7 +403,7 @@ sub command_socket_diag {
sub command_install_compat {
die("Can not install without Config.pm") if($MODULES{Config}==0);
$CWD=&cwd if($MODULES{Cwd}>0);
- my $where=$DESTDIR . $Config{'installsitelib'};
+ my $where=$DESTDIR . $INSTALLDIR;
if(!-e $where){
print STDOUT "WARNING!\n\n",
"The local perl site directory does not exist:\n",
--
1.7.9.5
recipes-security/perl/libhtml-parser-perl_3.71.bb
+25
View File
@@ -0,0 +1,25 @@
DESCRIPTION = "This package contains the Parser.pm module with friends."
SECTION = "libs"
LICENSE = "Artistic-1.0 | GPL-1.0+"
LIC_FILES_CHKSUM = "file://README;md5=6c3dacf9f405c7483870ab5f148770c3"
DEPENDS += "perl"
SRC_URI = "http://search.cpan.org/CPAN/authors/id/G/GA/GAAS/HTML-Parser-${PV}.tar.gz"
SRC_URI[md5sum] = "9128a45893097dfa3bf03301b19c5efe"
SRC_URI[sha256sum] = "be918b3749d3ff93627f72ee4b825683332ecb4c81c67a3a8d72b0435ffbd802"
S = "${WORKDIR}/HTML-Parser-${PV}"
EXTRA_CPANFLAGS = "EXPATLIBPATH=${STAGING_LIBDIR} EXPATINCPATH=${STAGING_INCDIR}"
inherit cpan
do_compile() {
export LIBC="$(find ${STAGING_DIR_TARGET}/${base_libdir}/ -name 'libc-*.so')"
cpan_do_compile
}
BBCLASSEXTEND = "native"
recipes-security/perl/libnet-dns-perl_0.72.bb
+25
View File
@@ -0,0 +1,25 @@
DESCRIPTION = "This package contains the DNS.pm module with friends."
SECTION = "libs"
LICENSE = "Artistic-1.0 | GPL-1.0+"
LIC_FILES_CHKSUM = "file://README;md5=f21d77d9c6b56a07470bbce561b169e3"
DEPENDS += "perl"
SRC_URI = "http://search.cpan.org/CPAN/authors/id/N/NL/NLNETLABS/Net-DNS-${PV}.tar.gz"
SRC_URI[md5sum] = "393e48ec6f28abe5ed30204276e02775"
SRC_URI[sha256sum] = "a62cae0be54a9684c305456cb95515a0bd3128d6ef3093b6069fe8e8e8d5943f"
S = "${WORKDIR}/Net-DNS-${PV}"
EXTRA_CPANFLAGS = "EXPATLIBPATH=${STAGING_LIBDIR} EXPATINCPATH=${STAGING_INCDIR}"
inherit cpan
do_compile() {
export LIBC="$(find ${STAGING_DIR_TARGET}/${base_libdir}/ -name 'libc-*.so')"
cpan_do_compile
}
BBCLASSEXTEND = "native"
recipes-security/perl/libnet-ssleay-perl_1.55.bb
+24
View File
@@ -0,0 +1,24 @@
DESCRIPTION = "Perl module for using OpenSSL"
SECTION = "libs"
LICENSE = "Artistic-1.0 | GPL-1.0+"
LIC_FILES_CHKSUM = "file://README;md5=94ec8036b939a2e3c9b5e7f10af8f4ee"
DEPENDS += "perl openssl"
SRC_URI = "http://search.cpan.org/CPAN/authors/id/M/MI/MIKEM/Net-SSLeay-${PV}.tar.gz"
SRC_URI[md5sum] = "473b8d66ca69d5784bb0e428721f58e0"
SRC_URI[sha256sum] = "8cd5f09722e07b4e436102cb3a4b93623d753c171665ca9752c3b39a62ea3a79"
S = "${WORKDIR}/Net-SSLeay-${PV}"
EXTRA_CPANFLAGS = "INC='-I${STAGING_INCDIR}' LIBS='-L${STAGING_LIBDIR} -lssl -lcrypto -lz'"
inherit cpan
do_compile() {
export LIBC="$(find ${STAGING_DIR_TARGET}/${base_libdir}/ -name 'libc-*.so')"
cpan_do_compile
}
recipes-security/perl/libnetaddr-ip-perl_4.069.bb
+24
View File
@@ -0,0 +1,24 @@
DESCRIPTION = "This package contains the IP.pm module with friends."
SECTION = "libs"
LICENSE = "Artistic-1.0 | GPL-1.0+"
LIC_FILES_CHKSUM = "file://Copying;md5=cde580764a0fbc0f02fafde4c65d6227"
DEPENDS += "perl"
SRC_URI = "http://search.cpan.org/CPAN/authors/id/M/MI/MIKER/NetAddr-IP-${PV}.tar.gz"
SRC_URI[md5sum] = "7721135fcea390327f75421a6b701144"
SRC_URI[sha256sum] = "96739afc484eca1597c4f4b520864b342169c8fdeef486778511e5a1527ba4e7"
S = "${WORKDIR}/NetAddr-IP-${PV}"
EXTRA_CPANFLAGS = "EXPATLIBPATH=${STAGING_LIBDIR} EXPATINCPATH=${STAGING_INCDIR}"
inherit cpan
do_compile() {
cpan_do_compile
}
BBCLASSEXTEND = "native"
recipes-security/perl/libwhisker2-perl_2.5.bb
+24
View File
@@ -0,0 +1,24 @@
DESCRIPTION = "Libwhisker is a Perl module geared specificly for HTTP testing."
SECTION = "libs"
LICENSE = "Artistic-1.0 | GPL-1.0+"
LIC_FILES_CHKSUM = "file://LICENSE;md5=254b8e29606fce6d1c1a4c9e32354573"
DEPENDS = "perl"
SRC_URI = "http://sourceforge.net/projects/whisker/files/libwhisker/${PV}/libwhisker2-${PV}.tar.gz \
file://libwhisker2.patch"
SRC_URI[md5sum] = "7cc1718dddde8f9a439d5622ae2f37eb"
SRC_URI[sha256sum] = "f45a1cf2ad2637b29dd1b13d7221ea12e3923ea09d107ced446400f19070a42f"
S = "${WORKDIR}/libwhisker2-2.5"
inherit cpan-base perlnative
do_install() {
install -d 755 ${D}${PERLLIBDIRS}/vendor_perl/${PERLVERSION}
install -d 755 ${D}${datadir}/perl/${PERLVERSION}
oe_runmake install DESTDIR=${D} INSTALLDIR=${PERLLIBDIRS}/vendor_perl/${PERLVERSION} MANDIR=${datadir}/perl/${PERLVERSION}
}