WARNING: apparmor-2.11.0-r0 do_package: QA Issue: apparmor: Files/directories were installed but not shipped in any package:
/usr/lib/python2.7
/usr/lib/python2.7/site-packages
/usr/lib/python2.7/site-packages/apparmor-2.11.0-py2.7.egg-info
/usr/lib/python2.7/site-packages/apparmor
/usr/lib/python2.7/site-packages/apparmor/regex.py
use python2 instead of python3
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
eCryptfs is a stacked cryptographic filesystem that ships
in Linux kernel versions 2.6.19 and above. This package
provides the mount helper and supporting libraries to
perform key management and mount functions.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
keyutils is utilities to control the kernel key
management facility and to provide a mechanism by
which the kernel call back to userspace to get a
key instantiated.
It's required by ecryptfs-utils.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Fix "ERROR: ExpansionError during parsing" when building with multilib.
Signed-off-by: Peter Lei <peter.lei@ieee.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
configure: error: The installed zlib version may contain a security bug. Please upgrade to 1.2.2 or later: http://www.zlib.net. You can omit this check with --disable-zlib-vcheck but DO NOT REPORT any stability issues then!
bypass check as our zlib is 1.2.11
Signed-off-by: Armin Kuster <akuster808@gmail.com>
netstat from net-tools-native is needed for swtpm_setup.sh, which uses
it to check whether the swtpm daemon has started. The scripts hangs in
a loop during startup when netstat is missing.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Native recipes must be called <foo>-native. This is more than just a
recommendation, there's actual code which checks for the suffix.
Not following that rule broke swtpm-wrappers when using the "usrmerge"
DISTRO_FEATURE, because the code in native.bbclass which cleans up
DISTRO_FEATURES for native recipes was skipped and thus swtpm-wrappers
ended up using different paths than the other native recipes.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Pull in changes to support passing client control sockets(--ctrl
type=unixio,clientfd=<fd>), that allows to fork swtpm and communicate using
socketpair.
Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
[v2]:
include new hash
LICENSE file changes do to removal of TCG
minor changes do to configure and makefile updates
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
[v2]: Correct musl malloc fix.
remove HAVE_MALLOC_H define; this enables using the included defined mallinfo.
[V1]: Fix c99
x_dnmalloc.c:563:26: error: return type is an incomplete type
| #define public_mALLINFo mallinfo
| ^
| x_dnmalloc.c:1689:17: note: in expansion of macro 'public_mALLINFo'
| struct mallinfo public_mALLINFo() {
and
_dnmalloc.c:5527:17: error: unknown type name 'u_int'
| u_int rnd[(128 - 2*sizeof(struct timeval)) / sizeof(u_int)];
| ^~~~~
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Install systemd resource.mgr service and it needed user/group.
version 2:
- do not hardcode sbin directory in a patch but use ${sbindir} instead
Signed-off-by: Benjamin Gaignard <benjamin.gaignard@linaro.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Soon it might be possible to let qemu start swtpm directly, without
requiring root privileges as for swtpm_cuse. For that to work
we also need to wrap the swtpm binary. Just in case we now also
do it for everything.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
when acl is enabled this error occurrs.
configure: error: in `/home/akuster/oss/maint/openembedded-core/build/tmp-glibc/work/x86_64-linux/samhain-server-native/4.2.0-r0/samhain-4.2.0':
| configure: error: --enable-posix-acl was given, but test for acl support failed
add missing depends.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
use POSIX getpwent instead of getpwent_r
This was causing the libtspi to have the getpwent_r with when loaded via tpm-tools, it would fail.
[ Yocto #11095]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The configure script checks for expect and socat and
fails when it is not present.
Signed-off-by: Benjamin Gaignard <benjamin.gaignard@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Brings in instructions for setting the log level. Setting the log level
with --log file=...,level=1 is necessary at the moment before anything
gets written to the log. Even errors are suppressed by default.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Native tools exist in recipe specific sysroots and are normally
not meant to be called from outside a build. But that's what we
need to do when using swtpm-native together with qemu, so these
wrappers make that possible by setting up the necessary environment
and hiding the internal paths.
Invoking swtpm_setup.sh gets some special support: swtpm_setup.sh runs
two daemons, tcsd and swtpm, of which tcsd insists on running as root
or tss. In practice, running as the normal user is perfectly
fine. Instead of patching the upstream source code, the approach take
here is to run under pseudo.
Usage examples:
$ bitbake swtpm-wrappers
$ mkdir -p my-machine/myvtpm0
$ tmp-glibc/work/x86_64-linux/swtpm-wrappers/1.0-r0/swtpm_setup_oe.sh --tpm-state my-machine/myvtpm0
Starting vTPM manufacturing as root:root @ Mon 16 Jan 2017 04:09:21 PM CET
TPM is listening on TCP port 55675.
-rw------- 1 root root 65 Jan 16 16:09 /tmp/tmp.2yJBKTTwRk
Ending vTPM manufacturing @ Mon 16 Jan 2017 04:09:21 PM CET
The resulting "my-machine/myvtpm0" can then be used with swtpm (this
time, it really has to be running as root because it uses CUSE to
create /dev/vtpm0, and an absolute path is needed for the tpm state
dir) and qemu-tpm (patches not currently in OE-core, have to be
applied manually):
$ sudo tmp-glibc/work/x86_64-linux/swtpm-wrappers/1.0-r0/swtpm_cuse_oe.sh -n vtpm0 --tpmstate dir=`pwd`/my-machine/myvtpm0
$ sudo chmod a+rw /dev/vtpm0
$ runqemu ... 'qemuparams=-tpmdev cuse-tpm,id=tpm0,path=/dev/vtpm0 -device tpm-tis,tpmdev=tpm0'
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Armin Kuster
Jackie Huang
André Draszik
Peter Lei
Armin Kuster
Patrick Ohly
Amarnath Valluri
Benjamin Gaignard
Wenzong Fan