It is currently impossible to override localstatedir,
mandir and sysconfdir during ./configure, because they
are being overriden unconditionally.
With this patch it is now possible to set above
locations as needed.
Signed-off-by: André Draszik <adraszik@tycoint.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The combination of using start-stop-daemon and pidof is
not working reliably in all cases. Sometimes, the
tcsd daemon isn't running yet at the time pidof is being
invoked.
This results in an empty /var/run/tcsd.pid, making it
impossible to stop tcsd using the init script.
To solve this, one could either add a delay before calling
pidof, or alternatively use start-stop-daemon's built-in
functionality to achieve the same.
Let's do the latter.
Signed-off-by: André Draszik <adraszik@tycoint.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
fscryptctl is a low-level tool written in C that handles
raw keys and manages policies for Linux filesystem
encryption [1].
For a tool that presents a higher level interface and
manages metadata, key generation, key wrapping, PAM
integration, and passphrase hashing, see fscrypt [2].
[1] https://lwn.net/Articles/639427
[2] https://github.com/google/fscrypt
Signed-off-by: André Draszik <adraszik@tycoint.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
update to 1.2.15
plus
ERROR: openscap-1.2.14-r0 do_package_qa: QA Issue: /usr/lib/openscap/ptest/tests/probes/process58/all.sh contained in package openscap-ptest requires /bin/bash, but no providers found in RDEPENDS_openscap-ptest? [file-rdeps]
ERROR: openscap-1.2.14-r0 do_package_qa: QA Issue: /usr/lib/openscap/ptest/tests/xmldiff.pl contained in package openscap-ptest requires /usr/bin/perl, but no providers found in RDEPENDS_openscap-ptest? [file-rdeps]
ERROR: openscap-1.2.14-r0 do_package_qa: QA Issue: /usr/lib/openscap/ptest/tests/nist/test_worker.py contained in package openscap-ptest requires /usr/bin/python2, but no providers found in RDEPENDS_openscap-ptest? [file-rdeps]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
ERROR: openscap-daemon-0.1.6+gitAUTOINC+3fd5c75a08-r0 do_package_qa: QA Issue: /usr/bin/oscapd-cli contained in package openscap-daemon requires /usr/bin/python, but no providers found in RDEPENDS_openscap-daemon? [file-rdeps]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
ERROR: gettext-native required but not in DEPENDS for file /build/build_artifacts/master/tmp-glibc/work/i586-oe-linux/libewf/20140608-r0/libewf-20140608/configure.ac.
Missing inherit gettext?
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Use '${COMMON_LICENSE_DIR}/MIT' for MIT License to fix the warning:
| WARNING: packagegroup-core-security do_populate_lic:
${COREBASE}/LICENSE is not a valid license file, please use
'${COMMON_LICENSE_DIR}/MIT' for a MIT License file in LIC_FILES_CHKSUM.
This will become an error in the future
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Add a patch to avoid searching host dir for postgresql,
and set PGSQL_INC_DIR and PGSQL_LIB_DIR instead.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* The "??=" assignment for PACKAGECONFIG is overridden by
the following "+=" assignments, which is not expected,
so combine them into one assignment with multiple lines.
* Fix a typo for postgresql.
* Remove unneeded quotation marks.
* run aotoconf to regenerate the configure, or the patch
for ps option doesn't work:
| configure: error: unrecognized option: --with-ps-path=/bin/ps
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The extended attribute is required by selinux feature,
so add the dependency when selinux is enabled.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
configure.ac:8: http://www.gnu.org/software/automake/manual/automake.html#Modernize-AM_005fINIT_005fAUTOMAKE-invocation
| configure.ac:8: error: version mismatch. This is Automake 1.15.1,
| configure.ac:8: but the definition used by this AM_INIT_AUTOMAKE
add aclocal
and
make: Entering directory '/home/akuster/oss/clean/poky/build/tmp/work/mips64-poky-linux/apparmor/2.11.0-r0/apparmor-2.11.0/binutils'
| error: ../libraries/libapparmor//src/.libs/libapparmor.a is missing. Pick one of these possible solutions:
remove --disable-static
and
ERROR: apparmor-2.11.0-r0 do_package_qa: QA Issue: /usr/lib/apparmor/ptest/testsuite/parser/tst/gen-dbus.pl contained in package apparmor-ptest requires /usr/bin/perl, but no providers found in RDEPENDS_apparmor-ptest? [file-rdeps]
add perl to ptest RDEPENDS
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Commit 4c4fa8c "tpm2.0-tss: install resourcemgr service" introduced
systemd support for the resourcemgr package, but left the default
${PN} in SYSTEMD_PACKAGES, leading to an apparently harmless (?) build
error, emitted by systemd.bbclass via bb.error() because tpm2.0-tss
does not have a package of that name:
ERROR: tpm2.0-tss-git-r0 do_package: tpm2.0-tss does not appear in package list, please add it
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Fail2Ban scans log files like /var/log/auth.log and bans IP addresses having too many failed login attempts. It does this by updating system firewall rules to reject new connections from those IP addresses, for a configurable amount of time. Fail2Ban comes out-of-the-box ready to read many standard log files, such as those for sshd and Apache, and is easy to configure to read any log file you choose, for any error you choose.
Though Fail2Ban is able to reduce the rate of incorrect authentications attempts, it cannot eliminate the risk that weak authentication presents. Configure services to use only two factor or public/private authentication mechanisms if you really want to protect services.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
linux-yocto_4.1.bb recipe has been removed from oe-core master
and that triggers a bitbake error due to orphan bbappends
maintained in meta-security.
To fix the error, drop linux-yocto_4.1.bbappend plus the patches
and the config fragments for it.
Signed-off-by: Mikko Ylinen <mikko.ylinen@linux.intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* update to version 4.2.2
* Add new recipe for standalone mode
* Add systemd support
* Add patches to fix several issues
* samhain-standalone: add ptest support
* samhain-server: no need to depend on samhain-server-native
* Move common things from the bb to the inc file
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
- We need various python3 modules and we can only really solve this
problem by including all python3-modules.
- aa-easyprof needs to have its shebang corrected, do so.
- The apparmor initscript depends on functions that LSB does not require
so we must provide them. In some cases it's using non-standard
function, so we just use more appropriate names.
- The apparmor sysvinit-style initscript assumes that
systemd-detect-virt will exist on the filesystem. Change this to
check that it does before trying to execute it.
[for aa-easyprof:]
Reported-by: Anders Montonen <Anders.Montonen@iki.fi>
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Mhash is a free (under GNU Lesser GPL) library which provides
a uniform interface to a large number of hash algorithms.
These algorithms can be used to compute checksums, message
digests, and other signatures.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
- Add a patch to fix python library install dir for multilib.
- Add a patch to fix race condition with mkdir command.
- Inherit pythonnative instead of python-dir and install
python modules for ndiff to fix the following errors:
"""
root@qemux86-64:~# ndiff --help
-sh: /usr/bin/ndiff: /path_to_build/tmp/hosttools/python: bad interpreter: No such file or directory
root@qemux86-64:~# python /usr/bin/ndiff
Could not import the ndiff module: 'No module named ndiff'.
"""
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Armin Kuster
André Draszik
Dengke Du
Jackie Huang
Patrick Ohly
Mikko Ylinen
Tom Rini