meta-security

mirror of https://git.yoctoproject.org/meta-security synced 2026-04-20 11:29:37 +00:00

Author	SHA1	Message	Date
Armin Kuster	048cc16aef	layer.conf: enable apparmor for qemu machine Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-03-11 21:08:22 -08:00
Armin Kuster	0272f7ff02	apparmor: update to 3.0.4 drop to patches no longer needed use setuptools Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-03-11 21:07:52 -08:00
Armin Kuster	75073a5617	packagegroup-security-tpm: Fix QA Error ERROR: packagegroup-security-tpm-1.0-r0 do_package_write_rpm: An allarch packagegroup shouldn't depend on packages which are dynamically renamed (libtpm-dbg to libtpms-dbg) ERROR: packagegroup-security-tpm-1.0-r0 do_package_write_rpm: An allarch packagegroup shouldn't depend on packages which are dynamically renamed (libtpm to libtpms0) ERROR: packagegroup-security-tpm-1.0-r0 do_package_write_rpm: An allarch packagegroup shouldn't depend on packages which are dynamically renamed (libtpm-dev to libtpms-dev) Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-03-11 21:07:52 -08:00
Armin Kuster	c8681cc40f	README.md: fix typo Fix typo in parsec-tools to parsec-tool Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-03-11 21:07:52 -08:00
Anton Antonov	6cc8dde794	Upgrade parsec-tool to 0.5.1 Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-02-25 07:19:55 -08:00
Armin Kuster	cc11c8c0ab	smack: Use new CVE_CHECK_IGNORE variable Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-02-22 08:10:02 -08:00
Armin Kuster	8ff2d27721	chipsec: fix WARNING distutils3.bbclass is deprecated, please use setuptools3.bbclass instead Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-02-22 08:10:02 -08:00
Armin Kuster	419946655d	recipes: Use renamed SKIP_RECIPE varFlag Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-02-22 08:09:54 -08:00
Armin Kuster	30a4227e3c	layer.conf: Update to use kirkstone Update the layers to use the kirkstone namespace. No compatibility is made for honister due to the variable renaming. Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-02-20 19:39:36 -08:00
Patrick Williams	a6fc2597b4	tpm2-pkcs11: fix RDEPENDS variable The RDEPENDS variable was misspelled and as a result was never fixed up with the `_${PN}` to `:${PN}` transition. Fix both aspects. Signed-off-by: Patrick Williams <patrick@stwcx.xyz> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-02-20 19:39:36 -08:00
Akshay Bhat	caec0c657d	scap-security-guide: Fix openembedded platform tests Update the installed_OS_is_openembedded check to drop the quotes in the VERSION_ID string to match f451c68667cca of openembedded-core. Without this fix, all tests are reported as "notapplicable". Signed-off-by: Akshay Bhat <akshay.bhat@timesys.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-02-20 19:39:28 -08:00
Akshay Bhat	9cd85e054f	meta-hardening: Fix override syntax Commit `352e6498a` missed updating the override syntax for the "harden" distro override. Fixes: `352e6498a` ("meta-hardening: Convert to new override syntax") Signed-off-by: Akshay Bhat <akshay.bhat@timesys.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-02-20 19:38:30 -08:00
Armin Kuster	7898fc8117	parsec-service: fix compile issue. \| thread 'main' panicked at 'Failed to find tss2-sys library.: Command { command: "\"pkg-config\" \"--libs\" \"--cflags\" \"tss2-sys\" \"tss2-sys >= 2.3.3\"", cause: Os { code: 2, kind: NotFound, message: "No such file or directory" } }', /home/akuster/oss/clean/poky/build/tmp-glibc/work/cortexa57-oe-linux/parsec-service/0.8.1-r0/cargo_home/bitbake/tss-esapi-sys-0.2.0/build.rs:62:10 add inherit pkgconfig Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-02-20 19:38:30 -08:00
Armin Kuster	32c0e160ea	tpm2-tss: update to 3.1.0 Drop 001-configure.ac-fix-compatibility-with-autoconf-2.70.patch which is included in update. Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-02-20 19:38:30 -08:00
Armin Kuster	c62664348d	suricata: update to 6.0.4 bump lexical-core to 0.6.8 Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-02-04 12:56:43 -08:00
Armin Kuster	7df64c5c2e	lkrg-module: update to 0.9.2 see https://github.com/lkrg-org/lkrg Support new stable and mainline kernels 5.14 to at least 5.16-rc* Support new longterm kernels 5.4.118+, 4.19.191+, 4.14.233+ update SRC_URI as location changed. refresh patch. Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-02-04 11:33:41 -08:00
Armin Kuster	deeadddfb4	tpm2-pkcs11_1.7.0: Drop dstat from DPENDS dstat was removed from meta-oe. Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-01-30 12:14:37 -08:00
Armin Kuster	0594aee231	packagegroup-security-tpm2.bb: remove dynamic pkgs fixes: packagegroup-security-tpm2-1.0-r0 do_package_write_rpm: An allarch packagegroup shouldn't depend on packages which are dynamically renamed (libtss2-tcti-device to libtss2-tcti-device0) Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-01-30 12:14:37 -08:00
Yi Zhao	c763e2715c	samhain: upgrade 4.4.3 -> 4.4.6 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-01-30 12:14:37 -08:00
Armin Kuster	b46386395b	google-authenticator-libpam: update to 1.09 Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-01-30 12:13:54 -08:00
Armin Kuster	c20b35b527	meta-tpm: drop strongswan bbappends Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-12-27 11:47:56 -08:00
Armin Kuster	d6f8b795a8	meta-integrity: drop strongswan bbappends Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-12-27 11:47:51 -08:00
Armin Kuster	147ed69a19	packagegroup-security-tpm2: drop ibmswtpm2 ibmswtpm2 has not been ported to openssl 3 Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-12-27 11:47:15 -08:00
Armin Kuster	e3b50febf8	tpm2-pkcs11: backport openssl 3.x build fixes bump to tip of current sources. Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-12-27 11:47:11 -08:00
Kristian Klausen	126860dac3	dm-verity-img.bbclass: Fix wrong override syntax for CONVERSION_DEPENDS CONVERSION_DEPENDS hasn't been converted to the new syntax. Fixes: `a23ceef` ("dm-verity-img.bbclass: more overided fixups") Signed-off-by: Kristian Klausen <kristian@klausen.dk> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-12-25 11:31:45 -08:00
Armin Kuster	cb7778e5ef	python3-fail2ban: update to tip Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-12-25 11:29:31 -08:00
Armin Kuster	587c92251d	clamav: fix useradd warning WARNING: security-build-image-1.0-r0 do_rootfs: [log_check] security-build-image: found 2 warning messages in the logfile: [log_check] warning: user clamav does not exist - using root [log_check] warning: group clamav does not exist - using root clamav-freshclam is the package needing to have its user/group set. Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-12-25 11:29:31 -08:00
Armin Kuster	e740a30c10	libest: does not build with openssl 3.x blacklist for now. Remove from pkg grp Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-12-25 11:29:31 -08:00
Armin Kuster	9bf5c504d1	tpm2-pkcs11: update to 1.7.0 drop patch now included. Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-12-25 11:29:19 -08:00
Yi Zhao	e4a49814e1	meta-parsec/README.md: fix for append operator combined with += Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-11-28 16:16:19 -08:00
Yi Zhao	59295103f1	openssl-tpm-engine: fix warning for append operator combined with += Fixes: WARNING: openssl-tpm-engine_0.5.0.bb: CFLAGS:append += is not a recommended operator combination, please replace it. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-11-28 16:16:19 -08:00
Kai Kang	05ee41d3a5	apparmor: fix warning of remove operator combined with += Fix warning for apparmor: \| WARNING: /path/to/meta-security/recipes-mac/AppArmor/apparmor_3.0.1.bb: \| RDEPENDS:${PN}:remove += is not a recommended operator combination, \| please replace it. Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-11-28 16:16:10 -08:00
Armin Kuster	4c19c83ee8	python3-fail2ban: remove /run Fixes: ERROR: python3-fail2ban-0.11.2-r0 do_package_qa: QA Issue: python3-fail2ban installs files in /run, but it is expected to be empty [empty-dirs] Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-11-07 11:26:49 -08:00
Armin Kuster	f6fa9dc1c9	bastille: Create /var/log/Bastille in runtime Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-11-07 11:26:49 -08:00
Armin Kuster	b654040fad	sssd: Create /var/log/sssd in runtime /var/log is normally a link to /var/volatile/log and /var/volatile is a tmpfs mount. So anything created in /var/log will not be available when the tmpfs is mounted. [Thanks to Peter Kjellerstedt for example] Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-11-07 11:26:49 -08:00
Stefan Mueller-Klieser	696651d0c3	tpm2-tss: fix fapi package config When enabling fapi, the build breaks with: \| configure: error: Package requirements (libcurl) were not met: \| No package 'libcurl' found This adds the missing dependency and bundles the additional config files in the base package. Signed-off-by: Stefan Müller-Klieser <s.mueller-klieser@phytec.de> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-11-07 11:26:49 -08:00
Armin Kuster	7e27eb5fca	recipes: Update SRC_URI branch and protocols This patch updates SRC_URIs using git to include branch=master if no branch is set and also to use protocol=https for github urls as generated by the conversion script in OE-Core. Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-11-04 08:18:00 -07:00
Armin Kuster	8215ed27aa	tpm2-pkcs11: update to 1.7.0 Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-10-26 08:20:55 -07:00
Armin Kuster	d77b7765e7	tpm2-openssl: add new pkg openssl 3.x support for tpm2 tss function found in tpm2-ssl Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-10-26 08:20:51 -07:00
Armin Kuster	b5e277022b	openssl-tpm-engine: fix build issue with openssl 3 ERROR: openssl-tpm-engine-0.5.0-r0 do_package: QA Issue: openssl-tpm-engine: Files/directories were installed but not shipped in any package: /usr/lib/engines-3/tpm.so fix engine locations Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-10-26 07:23:30 -07:00
Armin Kuster	5d2afb321c	tpm2-tools: update to 5.2 openssl 3.0 support see https://github.com/tpm2-software/tpm2-tools/releases/tag/5.2 Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-10-26 07:23:30 -07:00
Armin Kuster	8f045875fb	apparmor: Add a python 3.10 compatability patch Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-10-26 07:23:18 -07:00
Armin Kuster	e5e54135da	opendnssec: blacklist do to ldns being blacklisted Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-10-24 19:54:00 -07:00
Anton Antonov	14e1db4ce8	Parsec service. Update PACKAGECONFIG definitions and README.md Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-10-24 11:08:07 -07:00
Armin Kuster	2bc849ada3	meta-parsec/README: remove rust layer req. Rust is now in core. No need to include the layer referenece. Drop Priority and ref from repo definition. Not used Signed-off-by: Armin Kuster <akuster808@gmail.com> [v2] fixup mailing list	2021-10-24 11:06:02 -07:00
Kai Kang	e81c15f851	sssd: re-package to fix QA issues It packages all file in ${libdir} to package sssd, including the .so symlink files. Then it causes QA issues: \| ERROR: QA Issue: sssd rdepends on dbus-dev [dev-deps] \| ERROR: QA Issue: sssd rdepends on ding-libs-dev [dev-deps] So re-package sssd then the .so symlink files and .pc files are packaged to sssd-dev which should be. File ${libdir}/libsss_sudo.so is not a symlink file but packaged to sssd-dev too. Then causes another QA issue: \| ERROR: sssd-2.5.2-r0 do_package_qa: QA Issue: -dev package sssd-dev contains non-symlink .so '/usr/lib/libsss_sudo.so' [dev-elf] So create a new sub-package libsss-sudo to package file libsss_sudo.so and make sssd rdepends on it. Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-10-18 21:50:22 -07:00
Armin Kuster	30a5e16b75	python3-fail2ban: fix build failure and cleanup Fixes: error in fail2ban setup command: use_2to3 is invalid. ERROR: 'python3 setup.py build ' execution failed. drop custom fail2ban_setup.py remove pyhton-fail2ban as its a symlink to python3 Update to tip for 11.2 branch Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-10-18 21:50:22 -07:00
Liwei Song	7f9a5b311e	recipes-security/chipsec: platform security assessment framework Add chipsec, tools to dump and analyzing hardware, system firmware components, like PCH register, ioport or iomem configuration space. Signed-off-by: Liwei Song <liwei.song@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-10-18 21:50:22 -07:00
Kristian Klausen	01bdc2918c	swtpm: update to 0.6.1 swtpm no longer depends on Python[1] so the dependencies have been removed. "inherit perlnative" has been added due to (in oe-core): deda455b3c ("bitbake.conf: drop pod2man from hosttools") Some leftover dependencies have also been removed, ex: tpm-tools required in the past by swtpm_setup.sh (<0.4.0)[2]. [1] https://github.com/stefanberger/swtpm/issues/437 [2] `eee8cb5dfb` Signed-off-by: Kristian Klausen <kristian@klausen.dk> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-10-18 21:50:13 -07:00
Anton Antonov	a85fbe980e	Upgrade parsec-service 0.8.1 and parsec-tool 0.4.0 Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-09-28 16:19:38 -07:00

1 2 3 4 5 ...

1097 Commits