As linux-yocto upgraded to 5.x in oe-core, update
the bbappend to 5.x to remove the warning
ERROR: No recipes available for:
.../meta-security/meta-tpm/recipes-kernel/linux/linux-yocto_4.%.bbappend
This patch hasn't been verified any further than allowing bitbake
to complete with a non-linux-yocto kernel. In particular options could
be different, or new ones needed / desired.
Signed-off-by: André Draszik <git@andred.net>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
sssd will attempt to build against nss if no crypto is selected. If a
bbappend sets PACKAGECONFIG = <list without nss or crypto>, the
appropriate DEPEND is not established.
Fixes the following configure error:
... snip ...
| checking for NSS... configure: error: Package requirements (nss) were not met:
|
| No package 'nss' found
|
| Consider adjusting the PKG_CONFIG_PATH environment variable if you
| installed software in a non-standard prefix.
|
| Alternatively, you may set the environment variables NSS_CFLAGS
| and NSS_LIBS to avoid the need to call pkg-config.
| See the pkg-config man page for more details.
|
| WARNING: exit code 1 from a shell command.
Signed-off-by: Jonatan Pålsson <jonatan.p@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Fixes the following build error:
.. snip ..
| checking for python2... no
| checking for python3... (cached) python3.8
| configure: error:
| The program python2 was not found in search path.
| Please ensure that it is installed and its directory is included in the search
| path. It is required for building python2 bindings. If you do not want to build
| them please use argument --without-python2-bindings when running configure.
| WARNING: exit code 1 from a shell command.
Signed-off-by: Jonatan Pålsson <jonatan.p@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
/bin/bash: pod2man: command not found
| Makefile:585: recipe for target 'TPMLIB_CancelCommand.3' failed
inherit perlnative to fix
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Fix sssd issue for ldblibdir, systemd, pam etc.
* fix ldblibdir which is not calculated right for cross compile
* create directory /var/log/sssd which is required by sssd daemon
* disable building python2 binding
* fix pam module path
* update systemd configure options and service files
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
As linux-yocto upgraded to 5.x in oe-core, update
the bbappend to 5.x to remove the warning:
WARNING: No recipes available for:
/buildarea/layers/meta-security/recipes-kernel/linux/linux-yocto_4.%.bbappend
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
[Droped 4.x part]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
There is a build error when using openscap-native sstate cache.
Steps to reproduce:
Create a new build project in build-1 directory.
$ bitbake openscap-native
Then remove the whole build directory only keep the sstate-cache
directory as a sstate mirror.
Create another new build project in build-2 directory.
Set SSTATE_MIRRORS
$ bitbake scap-security-guide
Error message:
OpenSCAP Error: Schema file 'xccdf/1.1/xccdf-schema.xsd' not found in path
'/buildarea/build-1/tmp/work-shared/openscap/oscap-build-artifacts/usr/share/openscap/schemas' when trying to validate
'/buildarea/build-2/tmp/work/core2-64-poky-linux/scap-security-guide/0.1.44+gitAUTOINC+5fdfdcb2e9-r0/git/build/jre/xccdf-unlinked-resolved.xml'
[/buildarea/build-1/tmp/work/x86_64-linux/openscap-native/1.3.1+gitAUTOINC+4bbdb46ff6-r0/git/src/source/validate.c:104]
The oscap command from openscap-native tries to find the schema files in
build-1 directory since these paths are hardcoded when building
openscap-native.
We need to pass the correct schema/xslt/cpe paths to oscap to make sure
it can find the files in right location.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
v4.19 LTS has been dropped in poky in favor of v5.4. Drop the bbappend
from meta-security as right now the build fails.
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
pam_google_authenticator.so was being installed where pam could not find
it. Move it where the rest of the pam modules site.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Backport 2 patches to fix the build error:
Processing fix.text for: java_jre_configure_crypto_policy rule
Unable to extract part of the fix.text after inclusion of remediation functions. Aborting..
jre/CMakeFiles/generate-internal-jre-bash-fixes.xml.dir/build.make:60:
recipe for target 'jre/bash-fixes.xml' failed
make[2]: *** [jre/bash-fixes.xml] Error 1
make[2]: *** Deleting file 'jre/bash-fixes.xml'
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
checking for whether to build with seccomp profile... configure: error: "Is libseccomp-devel installed? -- could not get cflags for libseccomp"
Signed-off-by: Armin Kuster <akuster808@gmail.com>
