mirrors/meta-security
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-security synced 2026-05-08 05:09:48 +00:00
Code Issues Projects Releases Wiki Activity
1,720 Commits 39 Branches 0 Tags
5bcd679c2c9fb8312fbface4b95fc66e18486231
Commit Graph

1720 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Armin Kuster 833ae34c8f linux-%_5.%.bbappend: drop recipe 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-06-05 19:25:24 +00:00
Armin Kuster a1d5476acc busybox: drop as libsecomp is in core 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-06-05 19:25:23 +00:00
Ricardo Salveti 8236d78343 tpm2-tss: fix usrmerge udev install path 
Update ${base_prefix}/lib to ${nonarch_base_libdir} to fix a package QA
issue when usrmerge is enabled in DISTRO_FEATURES.

QA Issue: tpm2-tss package is not obeying usrmerge distro feature. /lib
should be relocated to /usr. [usrmerge]

Signed-off-by: Ricardo Salveti <ricardo@foundries.io>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-06-05 19:25:22 +00:00
Armin Kuster e471ff0926 sssd: update to 2.5.0 
Add new depends
Drop obsolete patches

Signed-off-by: Armin Kuster <akuster808@gmail.com>

----
v2]
Fix issue with nsupdate check
don't use host bind
 2021-06-05 19:25:19 +00:00
Armin Kuster a57799000e ossec-hids: musl not compatable 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-06-05 19:25:17 +00:00
Armin Kuster e1f0699492 packagegroup-core-security: exclude ossec-hids from musl 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-06-05 19:25:17 +00:00
Armin Kuster 72c5043d84 lkrg-module: update 0.9.1 
LIC_FILES_CHKSUM updated do to yr change and adding new copyrights

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-06-05 19:25:17 +00:00
Armin Kuster 951ea7ca15 python3-scapy: update to 2.4.5 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-06-05 19:25:17 +00:00
Upgrade Helper ed6e250b4d opendnssec: upgrade 2.1.8 -> 2.1.9 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-06-05 19:25:17 +00:00
Upgrade Helper 77db981282 clamav: upgrade to latest revision 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-06-05 19:25:17 +00:00
Armin Kuster ab239f1497 packagegroup-core-security: add clamav-daemon 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-05-16 13:23:55 -07:00
Armin Kuster 448426a1ba clamav: fix systemd startup 
cleanup recipe

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-05-16 13:23:55 -07:00
Armin Kuster 10f866a458 .gitlab-ci: drop clean up combine alt w base 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-05-16 13:23:55 -07:00
Armin Kuster 31e5b3e08f packagegroup-core-security: add aide and ossec 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-05-16 13:23:55 -07:00
Armin Kuster 2f49b2dad0 aide: Add another ids 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-05-16 13:23:55 -07:00
Armin Kuster 44a345dbb1 Apparmor: fix multi config build issue. 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-05-16 13:23:55 -07:00
Armin Kuster 06101dd3da packagegroup-core-security: fix typo for mips 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-05-16 13:23:55 -07:00
Armin Kuster 2410c36f1f ibmtpm2tss: update to tip 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-05-16 13:23:55 -07:00
Armin Kuster ab9da58c3a ibmswtpm2: update to 1661 
Drop patch now included in updated

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-05-16 13:23:55 -07:00
Armin Kuster cb6b4ae505 suricata: 4.1.x add UPSTREAM_CHECK_URI 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-05-16 13:23:55 -07:00
Armin Kuster c127cf37f2 python3-scapy: add UPSTREAM_CHECK_COMMITS 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-05-16 13:23:55 -07:00
Armin Kuster 8a098010c1 ossec-hids: add UPSTREAM_CHECK_COMMITS 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-05-16 13:23:55 -07:00
Armin Kuster 75d37ed02a clamav: update to tip. 
Add UPSTEAM_CHECK

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-05-16 13:23:55 -07:00
Armin Kuster 5a9e1224e7 tpm2-pkcs11: Update to 1.6.0 
Includes gcc11 fix.
Added p11-kit
Minor cleanup

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-05-16 13:23:55 -07:00
Armin Kuster 7db47965a2 tripwire: Blacklist pkg, upstream seems abandond 
Last update was 2018. Does not build with gcc11.
There are other actively maintained IDS options.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-05-16 13:23:55 -07:00
Armin Kuster acbf11eec8 build cleanup: add iam to base depend 
Drop *.ima.yml
Try next

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-05-16 13:23:43 -07:00
Armin Kuster baca6133f9 libseccomp: drop recipe. In core now 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-04-26 14:33:01 +00:00
Armin Kuster f1f517c919 ossec-hids: add new pkg 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-04-26 14:32:51 +00:00
Armin Kuster 30da585d2a kas-security-base: fix feature namespace for tpm* 
They are MACHINE not DISTRO FEATURES

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-04-20 07:41:29 -07:00
Armin Kuster caeeb4fb24 .gitlab-ci: use kas shell in some cases. 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-04-20 07:41:29 -07:00
Armin Kuster 881d441f71 packagegroup-core-security: exclude apparmor in mips64 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-04-19 06:56:18 -07:00
Armin Kuster 32bcdd0fc5 kas: cleanup some kas files 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-04-19 06:56:18 -07:00
Armin Kuster ca7491a2e3 gitlab-ci: add new before script 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-04-19 06:56:18 -07:00
Armin Kuster 81ec453fc5 gitlab-ci: cleanup after_script 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-04-19 06:56:18 -07:00
Armin Kuster 40a7f58913 .gitlab-ci: work on pipelime 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-04-19 06:56:18 -07:00
Armin Kuster 93a002412c gitlab-ci: move tpm build 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-04-19 06:56:18 -07:00
Armin Kuster 450421fee8 *-tpm.yml: drop tpms jobs 
way too many jobs. TPM have there own images, use that

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-04-19 06:56:18 -07:00
Armin Kuster 92bc24566d kas-security-base: Move some DISTRO_FEATURES around 
Move FEATURES that affect kernel configuation to minimize rebuilds

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-04-19 06:56:18 -07:00
Anton Antonov 09397c20c5 gitlab-ci: Move all parsec builds into a separate job 
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-04-17 10:23:15 -07:00
Armin Kuster ca9264b1e1 lkrg-module: Add Linux Kernel Runtime Guard 
For more info see: https://github.com/openwall/lkrg

Add to local.conf:
IMAGE_INSTALL_append = " kernel-module-lkrg"

Need these kconfig options enabled:
CONFIG_KALLSYMS_ALL=y
CONFIG_JUMP_LABEL=y
CONFIG_DEBUG_KERNEL=y

To invoke module:

sudo insmod {path-to-modules}/p_lkrg.ko kint_enforce=1

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-04-14 13:49:47 +00:00
Armin Kuster 879330ae38 clamav: remove rest of mirror.dat ref 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-04-14 13:49:47 +00:00
Anton Antonov 5f07a3dcec Clearly define clang toolchain in Parsec recipes 
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-04-14 13:49:47 +00:00
Armin Kuster 1b796b3c21 gitlab-ci: fine tune order 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-04-14 13:49:36 +00:00
Armin Kuster 9286904960 kas-security-base.yml: tweek build vars 
add meta-filesystems

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-04-12 07:10:09 -07:00
Armin Kuster 6f763e6c58 .gitlab-ci.yml: reorder to speed up builds 
Also clean up extra spaces

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-04-12 07:08:34 -07:00
Ming Liu 076e75d5cc initramfs-framework-ima: introduce IMA_FORCE 
Introduce IMA_FORCE to allow the IMA policy be applied forcely even
'no_ima' boot parameter is available.

This ensures the end users have a way to disable 'no_ima' support if
they want to, because it may expose a security risk if an attacker can
find a way to change kernel arguments, it will easily bypass rootfs
authenticity checks.

Signed-off-by: Sergio Prado <sergio.prado@toradex.com>
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-04-12 07:07:11 -07:00
Anton Antonov 269cd6a9a2 Define secure images with parsec-service and parsec-tool included and add the images into gitlab CI 
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-04-12 07:06:46 -07:00
Anton Antonov 409a8d4276 Add meta-parsec layer into meta-security. 
The layer contains recipes for Parsec service version 0.7.0 and parsec-tool version 0.3.0. The Parsec service is built with all supported providers and deployed with the MbedCrypto provider enabled. Both systemd and sysv-init are supported.

Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-04-12 07:06:46 -07:00
Armin Kuster 6ad6bb0141 README: cleanup 
Add note about rust.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-04-12 07:06:46 -07:00
Armin Kuster aebcf9a985 layer.conf: add dynamic-layer for rust pkg 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-04-12 07:06:46 -07:00