mirrors/meta-security
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-security synced 2026-05-07 04:58:47 +00:00
Code Issues Projects Releases Wiki Activity
1,325 Commits 39 Branches 0 Tags
a6997dc78fcb8d1f0efc85e2cb29abe704e6fcdc
Commit Graph

1325 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Yi Zhao b0b626721e aide: fix typo 
Fix typo:
RDPENDS_${PN} -> RDEPENDS:${PN}

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-18 06:48:22 -07:00
Armin Kuster 8c6fe006a1 packagegroup-core-security: don't include aprwatch for musl 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-07 16:58:24 -07:00
Armin Kuster d93501969c arpwatch: update to 3.3 
not compatible with musl

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-07 16:58:24 -07:00
Armin Kuster 2a90888cfd chkrootkit: Fix missing includes for musl 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-07 16:58:24 -07:00
Armin Kuster 5bdb7a35c1 packagegroup-core-security: drop arpwatch for riscv from pkg grp 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-07 16:58:24 -07:00
Armin Kuster 20c250884d arpwatch: riscv not supported 
exclude this arch for compat list

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-07 16:58:24 -07:00
Armin Kuster 87eda5e187 README: Update for dynamic layers 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-07 16:58:24 -07:00
Armin Kuster 5c215dd679 layer.conf: Post release codename changes 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-07 16:58:24 -07:00
Armin Kuster 982ff6fb97 packagegroup-core-security: add arpwatch and chkrootkit to pkg grp 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-07 16:58:24 -07:00
Armin Kuster 93b888c7b4 chkrootkit: update SRC_URI 
0.55 no longer hosted from main source. Use Ubuntu archive

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-07 16:58:24 -07:00
Armin Kuster a5a05f61cd checksec: update 2.6.0 
LIC_FILES_CHKSUM changed do to yr update

add native support

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-07 16:58:24 -07:00
Armin Kuster 3e5502a31c oeqa/smack: consolidate classes 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-07 16:58:24 -07:00
Armin Kuster 98df792565 smack-test: switch to python3 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-07 16:58:24 -07:00
Armin Kuster c78cfc5cd0 tpm2-pkcs11: we really need the symlinks 
MASK dev-so
Drop un-needed install append steps.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-07 16:58:24 -07:00
Armin Kuster 3db9e08300 oeqa/tpm2: fix and cleanup tests 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-07 16:58:24 -07:00
Armin Kuster 50eff83d42 oeqa/swtpm: add swtpm runtime 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-07 16:58:24 -07:00
Armin Kuster 3cb0ec3086 swtpm: enable gnutls 
needed for cert support

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-07 16:58:24 -07:00
Armin Kuster a2783a8d8b security-tpm2-image: add swtpm 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-07 16:58:24 -07:00
Armin Kuster f658bd542a swtpm: enable seccomp if DISTRO is enabled 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-07 16:58:24 -07:00
Anton Antonov 7628a3e90b meta-parsec: Update Parsec runtime tests 
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-05-26 16:09:42 -07:00
Anton Antonov ddd4b13ea0 Parsec-service: Fix arm32 build 
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-05-26 16:09:42 -07:00
Armin Kuster 1afcf4413b oeqa: add parsec runtime tests 
Signed-off-by: Armin Kuster <akuster808@gmail.com>

---
v2]
Add parsec-cli-tests.sh to mix

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-05-26 16:09:42 -07:00
Armin Kuster 6805f23867 meta-parsec: add build image. 
Signed-off-by: Armin Kuster <akuster808@gmail.com>

---
v2]
Use packagegroup-security-tpm2
add swtpm

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-05-26 16:09:42 -07:00
Armin Kuster 9285375bd6 meta-parsec: Add pkg grps 
Signed-off-by: Armin Kuster <akuster808@gmail.com>

--
V2]
Drop tpm pkgs, use the tpm2 pkg grp

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-05-26 16:09:42 -07:00
Lei Maohui 5dd17d202e layer.conf: Added BBFILES_DYNAMIC for dynamic-layers. 
Signed-off-by: Lei Maohui <leimaohui@fujitsu.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-05-23 07:11:55 -07:00
Jeremy A. Puhlman e05ce8fb39 lib-perl: prefix man pages to avoid conflicting with base perl 
The following occurs when pkgs-docs added to image features.

Error: Transaction test error:
  file /usr/share/man/man3/lib.3 conflicts between attempted installs of lib-perl-doc-0.63-r0.corei7_64 and perl-doc-5.34.1-r0.corei7_64

Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-05-23 07:11:55 -07:00
Anton Antonov 17d7ad92ea Parsec-service: Update installation procedure 
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-05-23 07:11:55 -07:00
Armin Kuster 8be830dd85 oeqa/cases/tpm2: fix and enhance test suite 
local.conf
TEST_SUITES = "ssh ping tpm2"
IMAGE_INSTALL:append = " swtpm tpm2-pkcs11"

RESULTS:
RESULTS - ping.PingTest.test_ping: PASSED (0.05s)
RESULTS - ssh.SSHTest.test_ssh: PASSED (2.19s)
RESULTS - tpm2.Tpm2Test.test_tpm2_pcrread: PASSED (1.06s)
RESULTS - tpm2.Tpm2Test.test_tpm2_pkcs11: PASSED (1.17s)
RESULTS - tpm2.Tpm2Test.test_tpm2_swtpm_reset: PASSED (0.59s)
RESULTS - tpm2.Tpm2Test.test_tpm2_swtpm_socket: PASSED (307.72s)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-05-23 07:11:55 -07:00
Armin Kuster 311b7daea1 tpm2-tools: Add missing rdepends 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-05-23 07:11:55 -07:00
Armin Kuster 3045de13ab tpm2-pkcs11: tpm2-pkcs11 module missing 
Correctly fix symlink issue by putting module in -dev pkg.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-05-23 07:11:55 -07:00
Armin Kuster 2c534791b0 samhain: update to 4.4.9 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-05-23 07:11:55 -07:00
Armin Kuster 972953e1e0 suricata: update to 5.0.5 
libhtp rolls with it
 2022-05-23 07:11:55 -07:00
Armin Kuster 025d758738 ossec-hids: update to 3.7.0 
See https://github.com/ossec/ossec-hids/releases/tag/3.7.0

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-05-23 07:11:55 -07:00
Armin Kuster 5a5edebbb8 aide: Update 01.17.4 
Precalculate buffer size in base64 functions (CVE-2021-45417)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-05-23 07:11:55 -07:00
Armin Kuster 8e59bd9e0a ima-evm-utils: Update to 1.4 
Switch from git to https in SRC_URI
Drop patches not upstreamed.

Passes OEQA:
RESULTS - ima.IMACheck.test_ima_enabled: PASSED (1.05s)
RESULTS - ima.IMACheck.test_ima_hash: PASSED (6.13s)
RESULTS - ima.IMACheck.test_ima_overwrite: PASSED (131.31s)
RESULTS - ima.IMACheck.test_ima_signature: PASSED (69.03s)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-05-23 07:11:55 -07:00
Jeremy A. Puhlman a8fba7a8ef aide: Add depend on audit when audit is enabled. 
| checking for libaudit.h... no
| configure: error: You don't have libaudit properly installed. Install it if you need it.
| NOTE: The following config.log files may provide further information.

Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-05-23 07:11:55 -07:00
Armin Kuster 8a6722eaee layer.conf: fix up layer dependancies. 
reorg pkgs so the we only need meta-oe

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-05-14 10:51:32 -07:00
Armin Kuster bc59937b54 packagegroup-core-security.bb: fix suricata inclusion 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-05-14 10:51:32 -07:00
Armin Kuster c21d1a04eb suricata: drop nfnetlink from pkg config 
nfnetlink has a layer dependancy to meta-networking.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-05-14 10:51:32 -07:00
Armin Kuster 0120b7475d arpwatch: add postfix to pkg config 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-05-14 10:51:32 -07:00
Armin Kuster d198b6fab1 packagegroup-core-security: add dynamic python pkgs 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-05-14 10:51:32 -07:00
Armin Kuster 28194e9251 packagegroup-core-security: add perl pkgs grps 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-05-14 10:51:32 -07:00
Armin Kuster 55839bcd20 packagegroup-core-security: remove pkgs 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-05-14 10:51:32 -07:00
Armin Kuster a764533c20 meta-security: move perl and python recipes to dynamic layers structure 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-05-14 10:51:32 -07:00
Armin Kuster 20c13f6335 fscrypt: add distro_check on pam 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-05-14 10:51:32 -07:00
Josh Harley 8ca6bb86e6 Add EROFS support to dm-verity-img class 
[PATCH] Add support for the EROFS image, and it's compressed options,
 to the dm-verity-img.bbclass setup, theoretically this is a simple addition
 to the list of types however there is a quirk in how Poky handles the
 filesystems in poky/meta/classes/image_types.bbclass.

Specifically the 'IMAGE_CMD' and 'IMAGE_FSTYPES' use a hyphen, e.g.
erofs-lz4, however in the image_type bbclass the task for that would be
"do_image_erofs_lz4", replacing the hyphen with an underscore.

As the dm-verity-img.bbclass adds a dependency to the wic image creation
on the do_image_* task then it fails as there is no
"do_image_erofs-lz4", so simply replace the hypen with an underscore.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-05-01 10:26:52 -07:00
Joe Slater 93f2146211 LICENSE: update to SPDX standard names 
Use convert-spdx-licenses.py to update LICENSE in recipes.

Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-04-13 13:45:44 -07:00
Ranjitsinh Rathod 4158c871a6 samhain.inc: Correct LICENSE to GPL-2.0-only 
It seems below change done manually and so LICENSE variable modified
from GPLv2 to GPL-2.0-or-later. But it should be GPL-2.0-only
Link: https://git.yoctoproject.org/meta-security/commit/?id=c56ae450c93a1383a1ce800a32a6ef2c3fbbae1c

Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-04-13 13:45:44 -07:00
Petr Gotthard d4fffc44f3 tpm2-pkcs11: update to 1.8.0 
The build patches are now included in the upstream,
the local binary checkes can be disabled with --disable-ptool-checks,
the boostrap doesn't need to be called if the release .tar.gz is used.

Signed-off-by: Petr Gotthard <petr.gotthard@advantech.cz>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-04-13 13:45:44 -07:00
Petr Gotthard f576e38379 tpm2-tss-engine: fix version string and build with openssl 3.0 
Calling autoreconf outside git repo causes the version number to
be null. This patch makes the version number fixed.

Since Yocto now uses OpenSSL 3.0, the file packaging need to
be updated.

Signed-off-by: Petr Gotthard <petr.gotthard@advantech.cz>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-04-13 13:45:44 -07:00