919 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
Ming Liu	f70207e1c1	ima-evm-keys: add recipe ... Create a recipe to package IMA/EMV public keys. Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-02-23 20:34:51 -08:00
Ming Liu	0f34b25763	initramfs-framework-ima: fix a wrong path ... /etc/ima-policy > /etc/ima/ima-policy. Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-02-23 20:34:51 -08:00
Ming Liu	ca1c2086ad	ima-evm-utils: set native REQUIRED_DISTRO_FEATURES to empty ... 'ima' does not have to be in native DISTRO_FEATURES, unset it to avoid sanity check for ima-evm-utils-native. Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-02-23 20:34:51 -08:00
Armin Kuster	f13c3fb6cb	softhsm: drop pkg as meta-oe has it ... Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-02-23 20:34:51 -08:00
Jate Sujjavanich	16ee7308c9	scap-security-guide: Fix openembedded platform tests and build ... Add patches to fix openembedded nodistro tests and openembedded build within ssg metadata. Signed-Off-By: Jate Sujjavanich <jatedev@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-02-14 16:31:00 -08:00
Yi Zhao	0a3c0f3499	ibmswtpm2: disable camellia algorithm ... The openssl in oe-core has disabled several deprecated algorithms including camellia. Disable this algorithm to fix the build error. Fixes: TpmToOsslSym.h:185:42: error: unknown type name 'CAMELLIA_KEY' 185 | #define tpmKeyScheduleCAMELLIA CAMELLIA_KEY | ^~~~~~~~~~~~ Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-01-23 15:19:33 -08:00
Adrian Ratiu	6053e8b8e2	tpm2-pkcs11: build and package python tools ... Signed-off-by: Adrian Ratiu <adrian.ratiu@collabora.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2020-12-24 14:40:04 -08:00
Armin Kuster	3b81fca1cd	.gitlab-ci: drop script ... Signed-off-by: Armin Kuster <akuster808@gmail.com>	2020-11-17 08:28:11 -08:00
Armin Kuster	d2ceb5e438	kas-security-base: Don't create local SSTATE mirror ... Signed-off-by: Armin Kuster <akuster808@gmail.com>	2020-11-15 11:03:52 -08:00
Yi Zhao	080778ca97	scap-security-guide: fix build with Python 3.9 ... The getchildren and getiterator functions are deprecated in Python 3.9. Backport 3 patches to fix the build issue. Fixes: File "/build/tmp/work/cortexa8hf-neon-poky-linux-gnueabi/scap-security-guide/0.1.44+gitAUTOINC+5fdfdcb2e9-r0/git/ssg/build_stig.py", line 41, in add_references index = rule.getchildren().index(ref) AttributeError: 'xml.etree.ElementTree.Element' object has no attribute 'getchildren' Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2020-11-15 11:03:39 -08:00
Armin Kuster	c40e8f8d9d	samhain: update to 4.4.2 ... refresh a few patches too Signed-off-by: Armin Kuster <akuster808@gmail.com>	2020-11-03 15:16:53 -08:00
Yi Zhao	ab133ef3f6	clamav: unify volatiles file name ... Make the volatiles file name starts with digital. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2020-11-03 15:16:23 -08:00
Yi Zhao	97cac84f7f	suricata: unify volatiles file name ... Make the volatiles file name starts with digital. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2020-11-03 15:16:23 -08:00
Armin Kuster	e8c9e69c80	gitlab-ci: add building meta-security-compliance pkgs ... Signed-off-by: Armin Kuster <akuster808@gmail.com>	2020-10-19 18:14:23 -07:00
Armin Kuster	9a4de56ad5	gitlab-ci: add meta-hardening build image ... Signed-off-by: Armin Kuster <akuster808@gmail.com>	2020-10-19 18:14:23 -07:00
Armin Kuster	58c17d008d	meta-security: Add gatesgarth to LAYERSERIES_COMPAT ... Signed-off-by: Armin Kuster <akuster808@gmail.com>	2020-10-19 18:14:23 -07:00
Sajjad Ahmed	8bcc4d7057	layer.conf: use += instead of := to update BBFILES ... Updating BBFILES with := isn't the standard way and can break parsing under certain conditions, instead use += which is widely used. Signed-off-by: Sajjad Ahmed <sajjad_ahmed@mentor.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2020-10-19 18:14:13 -07:00
Mingli Yu	4c2f7ffd49	scap-security-guide: add expat-native to DEPENDS ... Add expat-native to DEPENDS to fix the below do_configure error: | CMake Error at CMakeLists.txt:165 (message): | xmlwf is required! Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2020-10-15 21:15:03 -07:00
Armin Kuster	0a07bf8046	tpm2-pkcs11: update to 1.4.0 ... Signed-off-by: Armin Kuster <akuster808@gmail.com>	2020-10-15 21:15:03 -07:00
Armin Kuster	02b62b859d	tpm2-tools: update to 4.3.0 ... LIC_FILES_CHKSUM changes do to added Copyright Signed-off-by: Armin Kuster <akuster808@gmail.com>	2020-10-15 21:15:03 -07:00
Armin Kuster	9d6e3ff0ed	tpm2-abrmd: update to 2.3.3 ... Signed-off-by: Armin Kuster <akuster808@gmail.com>	2020-10-15 21:15:03 -07:00
Armin Kuster	8566325c96	tpm2-totp: update to 0.2.1 ... Signed-off-by: Armin Kuster <akuster808@gmail.com>	2020-10-15 21:15:03 -07:00
Armin Kuster	6c6e967b98	tpm2-tss: update to 2.4.3 ... includes: CVE-2020-24455 Signed-off-by: Armin Kuster <akuster808@gmail.com>	2020-10-15 21:15:03 -07:00
Armin Kuster	bf494f2114	gitlab-ci: add qemux86 and qemuarm64 musl builds ... Signed-off-by: Armin Kuster <akuster808@gmail.com>	2020-10-15 21:15:03 -07:00
Armin Kuster	16ab6ce706	kas: fixup alt configs ... add smack Signed-off-by: Armin Kuster <akuster808@gmail.com>	2020-10-15 21:14:53 -07:00
Armin Kuster	3ce8b759c9	suricata: update to 4.1.9 ... Signed-off-by: Armin Kuster <akuster808@gmail.com>	2020-10-10 16:21:48 -07:00
Armin Kuster	496a734c14	packagegroup-core-security: remove clamav from musl image ... Signed-off-by: Armin Kuster <akuster808@gmail.com>	2020-10-10 16:21:48 -07:00
Armin Kuster	c0e801f1e0	sssd: update to latest ltm 1.16.5 ... fix musl support Signed-off-by: Armin Kuster <akuster808@gmail.com>	2020-10-10 16:21:48 -07:00
Armin Kuster	7578a8b2ed	libest: fix musl build. ... fixes est.c:38:10: fatal error: execinfo.h: No such file or directory | 38 | #include <execinfo.h> | | ^~~~~~~~~~~~ Signed-off-by: Armin Kuster <akuster808@gmail.com>	2020-10-10 16:21:48 -07:00
Armin Kuster	b3f10d2285	ecryptfs-utils: fix musl build ... Signed-off-by: Armin Kuster <akuster808@gmail.com>	2020-10-10 16:21:48 -07:00
Armin Kuster	11dd919372	apparmor: fix build for on musl ... Signed-off-by: Armin Kuster <akuster808@gmail.com>	2020-10-10 16:21:31 -07:00
Armin Kuster	c5b5737ef3	qemux86-test: add apparmor back ... Signed-off-by: Armin Kuster <akuster808@gmail.com>	2020-10-10 16:21:31 -07:00
Armin Kuster	d3aff039c9	suricata: fix compiling on gcc10 ... Signed-off-by: Armin Kuster <akuster808@gmail.com>	2020-10-09 07:02:01 -07:00
Armin Kuster	8bab022533	packagegroup-core-security: apparmor 3.0 ptest does not build ... for now skip apparmor ptest Signed-off-by: Armin Kuster <akuster808@gmail.com>	2020-10-09 07:02:01 -07:00
Armin Kuster	b8c437bf70	apparmor: update to 3.0 ... skip ptest for now, on todo list for fix. Runtime test pass remove patch now included in update: 0001-regression-tests-Don-t-build-syscall_sysctl-if-missi.patch Signed-off-by: Armin Kuster <akuster808@gmail.com>	2020-10-09 07:02:01 -07:00
Armin Kuster	21489a2942	security-test-image: tweak to get more tests to runn ... Signed-off-by: Armin Kuster <akuster808@gmail.com>	2020-10-09 07:02:01 -07:00
Armin Kuster	2a7963df18	apparmor: fix build issue with ptest enabled. ... minor spacing cleanup Signed-off-by: Armin Kuster <akuster808@gmail.com>	2020-10-09 07:02:01 -07:00
Naveen Saini	d9feafe991	linux-%/5.x: Add dm-verity fragment as needed ... Add checks that include dm-verity specific kernel config fragment when dm-verity-img.bbclass is used. Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2020-10-09 07:02:01 -07:00
Naveen Saini	0de4f3bfb7	wic: add wks.in for intel dm-verity ... Based on systemd-bootdisk-microcode.wks.in, this adds the dm-verity image similar to the beaglebone wks already in meta-security. Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2020-10-09 07:02:01 -07:00
Naveen Saini	e23767fc72	initramfs-framework/dmverity: add retry loop for slow boot devices ... Detection of USB devices by the kernel is slow enough. We need to keep trying for a while (default: 5s seconds, controlled by roottimeout=<seconds>) and sleep between each attempt (default: one second, rootdelay=<seconds>). Fix is based on https://git.yoctoproject.org/cgit.cgi/poky/commit/meta/recipes-core/initrdscripts/initramfs-framework/rootfs?id=ee6a6c3461694ce09789bf4d852cea2e22fc95e4 Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2020-10-09 07:01:47 -07:00
Armin Kuster	ab56b1df52	packagegroup-core-security-ptest: remove ... Signed-off-by: Armin Kuster <akuster808@gmail.com>	2020-10-01 06:22:07 -07:00
Armin Kuster	b03d65ffe4	security-test-image: simplify ... Signed-off-by: Armin Kuster <akuster808@gmail.com>	2020-10-01 06:22:07 -07:00
Armin Kuster	60a17b82d2	packagegroup-core-security-ptest: remove keyutils-ptest ... Signed-off-by: Armin Kuster <akuster808@gmail.com>	2020-10-01 06:22:07 -07:00
Armin Kuster	ab251c2c7b	libseccomp: fix ptest failures. ... Fixes: BusyBox v1.32.0 () multi-call binary. Usage: dd [if=FILE] [of=FILE] [bs=N] [count=N] [skip=N] Don't use Busybox dd, not compatable. Use coreutils Signed-off-by: Armin Kuster <akuster808@gmail.com>	2020-10-01 06:22:07 -07:00
Armin Kuster	1b8f1b1dfb	gitlab-ci: allow test to fail ... Signed-off-by: Armin Kuster <akuster808@gmail.com>	2020-10-01 06:22:07 -07:00
Armin Kuster	cef1768aff	packagegroup-core-security: add opendnssec to pkg grp ... Signed-off-by: Armin Kuster <akuster808@gmail.com>	2020-09-29 07:18:24 -07:00
Armin Kuster	524a44f6d5	opendnssec: add recipe ... Signed-off-by: Armin Kuster <akuster808@gmail.com>	2020-09-29 07:18:24 -07:00
Adrian	904b0cbd33	gitignore added ... After running testimage there are some python left overs at lib/oeqa/runtime/cases/__pycache__/ Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2020-09-29 07:18:24 -07:00
Armin Kuster	082305ded8	packagegroup-core-security: add libest package ... Signed-off-by: Armin Kuster <akuster808@gmail.com>	2020-09-29 07:18:24 -07:00
Armin Kuster	0a2feda94b	libest: add recipe ... Signed-off-by: Armin Kuster <akuster808@gmail.com>	2020-09-29 07:18:24 -07:00