mirrors/meta-security
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-security synced 2026-01-12 03:10:13 +00:00
Code Issues Projects Releases Wiki Activity
1,176 Commits 37 Branches 0 Tags
b67b4cf5cafa5fb0c13dddc344ed286e7e6fcc72
Commit Graph

43 Commits

Author SHA1 Message Date
Armin Kuster
b67b4cf5ca apparmor: fix ownership issues 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-18 06:48:22 -07:00
Armin Kuster
98df792565 smack-test: switch to python3 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-07 16:58:24 -07:00
Joe Slater
93f2146211 LICENSE: update to SPDX standard names 
Use convert-spdx-licenses.py to update LICENSE in recipes.

Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-04-13 13:45:44 -07:00
Armin Kuster
0272f7ff02 apparmor: update to 3.0.4 
drop to patches no longer needed
use setuptools

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-03-11 21:07:52 -08:00
Armin Kuster
cc11c8c0ab smack: Use new CVE_CHECK_IGNORE variable 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-02-22 08:10:02 -08:00
Kai Kang
05ee41d3a5 apparmor: fix warning of remove operator combined with += 
Fix warning for apparmor:

| WARNING: /path/to/meta-security/recipes-mac/AppArmor/apparmor_3.0.1.bb:
|  RDEPENDS:${PN}:remove += is not a recommended operator combination,
|  please replace it.

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-11-28 16:16:10 -08:00
Armin Kuster
7e27eb5fca recipes: Update SRC_URI branch and protocols 
This patch updates SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls as generated by the conversion script
in OE-Core.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-11-04 08:18:00 -07:00
Armin Kuster
8f045875fb apparmor: Add a python 3.10 compatability patch 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-10-26 07:23:18 -07:00
Armin Kuster
11a67b861a meta-security: Convert to new override syntax 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-01 08:47:08 -07:00
Yi Zhao
cab0c7d343 apparmor: use its own initscript and service files 
Use initscript and service files provided by apparmor.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
 2021-07-10 05:16:52 -07:00
Yi Zhao
366bd7026f apparmor: upgrade 3.0 -> 3.0.1 
Drop backport patches:
  0001-apparmor-fix-manpage-order.patch
  0001-libapparmor-add-missing-include-for-socklen_t.patch
  0002-libapparmor-add-aa_features_new_from_file-to-public-.patch
  0003-libapparmor-add-_aa_asprintf-to-private-symbols.patch
  0001-aa_status-Fix-build-issue-with-musl.patch
  0001-parser-Makefile-dont-force-host-cpp-to-detect-reallo.patch

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
 2021-07-10 05:16:26 -07:00
Sekine Shigeki
46f7e7acbe smack: add 3 cves to allowlist 
CVE-2014-0363, CVE-2014-0364, CVE-2016-10027 are not for smack of smack-team(https://github.com/smack-team/smack) but other project.

Signed-off-by: Sekine Shigeki <sekine.shigeki@fujitsu.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-06-20 15:49:26 -07:00
Armin Kuster
44a345dbb1 Apparmor: fix multi config build issue. 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-05-16 13:23:55 -07:00
Armin Kuster
725526e0ea apparmor: Inherit python3targetconfig 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-02-23 20:34:51 -08:00
Armin Kuster
11dd919372 apparmor: fix build for on musl 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-10-10 16:21:31 -07:00
Armin Kuster
b8c437bf70 apparmor: update to 3.0 
skip ptest for now, on todo list for fix.
Runtime test pass

remove patch now included in update: 0001-regression-tests-Don-t-build-syscall_sysctl-if-missi.patch

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-10-09 07:02:01 -07:00
Armin Kuster
2a7963df18 apparmor: fix build issue with ptest enabled. 
minor spacing cleanup

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-10-09 07:02:01 -07:00
Armin Kuster
f176756890 apparmor: exclude mips64, not supported 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-09-18 04:06:31 -07:00
Zheng Ruoqin
376fad4de1 ccs-tools:Fix build error when enable multilib. 
ERROR: lib32-ccs-tools-1.8.4-r0 do_install: oe_runmake failed
ERROR: lib32-ccs-tools-1.8.4-r0 do_install: Execution of
'/build-armv8/tmp/work/armv7ahf-neon-mllib32-linux-gnueabi/lib32-ccs-tools/1.8.4-r0/temp/run.do_install.22368'
failed with exit code 1:
make: *** No rule to make target 'install'.  Stop.
WARNING: exit code 1 from a shell command.

Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-07-14 19:44:48 +00:00
Alexander Kanavin
3018714159 apparmor: pull in coreutils/findutils only when not using systemd as init manager 
The utilities from those packages (xargs, comm) are only used in sysvinit
scripts, and so there is no need to pull them in when systemd is in use.
Both are gpl3 licensed, so this is beneficial for builds where gpl3 is not
allowed.

Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-06-19 16:03:23 -07:00
Jan Luebbe
f1ca0f9117 apparmor: update to 2.13.4 
Signed-off-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-04-07 11:50:02 -07:00
Jan Luebbe
e45b54998c apparmor: fix wrong executable permission on service file 
This avoids "systemd[1]: Configuration file
/lib/systemd/system/apparmor.service is marked executable. Please remove
executable permission bits. Proceeding anyway." on boot.

Signed-off-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-04-07 11:49:54 -07:00
Armin Kuster
0d8cee5029 apparmor: update to tip 
fixes Python3.8 configure issues

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-02-17 19:13:30 -08:00
Armin Kuster
197d3588b6 Apparmor: fix some runtime depends 
missing xargs and comm

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-01-23 19:53:31 -08:00
Armin Kuster
41506052f6 smack-test: add feature check for smack 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-12-25 16:04:27 +00:00
Armin Kuster
980bdff22e smack: add distro check 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-12-25 16:04:27 +00:00
Armin Kuster
2e5662214d apparmor: add distro check 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-12-25 16:04:27 +00:00
Ming Liu
fa800e5261 meta: inherit features_check instead of distro_features_check 
distro_features_check has been deprecated in OE.

Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-11-27 13:38:58 -08:00
Armin Kuster
27ddb45554 apparmor: ptest fail to build on arm 
exclude arm and aarch64 ptest tasks

[v2&3]

Sent before committing.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-10-17 13:29:07 -07:00
Armin Kuster
5d049e7ef8 apparmor: fix systemd support so it works 
[Yocto # 13568]

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-10-16 10:29:21 -07:00
Alexander Kanavin
400eade386 apparmor: make bash dependency optional 
Bash is only needed by one not particularly important script,
so not requiring bash is a useful option for builds that
cannot have gpl3 components.

Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-10-13 13:22:08 -07:00
Alexander Kanavin
e2612dd58d apparmor: add PRIVATE_LIBS for ptest package 
Otherwise, the following occurs:
ERROR: apparmor-2.13.3-r0 do_package: apparmor: Multiple shlib providers for libapparmor.so.1: apparmor, apparmor-ptest (used by files: /home/alexander/development/poky/build-metaoe/tmp/work/core2-32-poky-linux/apparmor/2.13.3-r0/packages-split/apparmor/usr/lib/perl5/vendor_perl/5.30.0/i686-linux/auto/LibAppArmor/LibAppArmor.so)
ERROR: apparmor-2.13.3-r0 do_package: apparmor: Multiple shlib providers for libapparmor.so.1: apparmor, apparmor-ptest (used by files: /home/alexander/development/poky/build-metaoe/tmp/work/core2-32-poky-linux/apparmor/2.13.3-r0/packages-split/apparmor/usr/lib/python3.7/site-packages/LibAppArmor/_LibAppArmor.cpython-37m-i686-linux-gnu.so)

Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-10-13 13:22:00 -07:00
Naveen Saini
86ba098074 apparmor: suppress appending of installation to perllocal.pod 
perl modules when gets installed can produce a perllocal.pod
file for documenting a list of locally installed perl modules.
This can conflict if multiple packages generate the file.

Hits the conflict with apparmor & rrdtool packages.
Error: Transaction check error:
  file /usr/lib/perl5/5.30.0/x86_64-linux/perllocal.pod conflicts between attempted installs of rrdtool-1.7.2-r0.corei7_64 and apparmor-2.13.3-r0.corei7_64

perllocal.pod files are for documentation purpose, so
disabling does not harm. Generating perllocal.pod for perl
module is disabled by passing NO_PERLLOCAL=1
with ExtUtils::MakeMaker utility.

https://perldoc.perl.org/5.30.0/ExtUtils/MakeMaker.html#Using-Attributes-and-Parameters

[YOCTO #13491]

Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-09-29 16:13:37 -07:00
Armin Kuster
6c42c018ff apparmor: drop lsb RDEPENDS 
remove lsb functions from init script

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-09-07 08:32:50 -07:00
Armin Kuster
01fec26059 apparmor: update to 2.13.3 
create the cache dir at install time

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-08-24 19:02:12 -07:00
Armin Kuster
7631d20592 apparmor: fix RDPENDS 
apparmor-2.13.2-r0 do_package_qa: QA Issue: /usr/bin/aa-easyprof contained in package apparmor requires /usr/bin/python3, but no providers found in RDEPENDS_apparmor? [file-rdeps]

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-08-24 18:09:02 -07:00
Martin Jansa
a6703eaef2 smack: add runtime dependency on python3-core 
* fixes:
  ERROR: QA Issue: /usr/share/smack/smack_rules_gen contained in package smack requires /usr/bin/python3, but no providers found in RDEPENDS_smack? [file-rdeps]

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-08-24 12:54:57 -07:00
Alexander Kanavin
462d76700a apparmor: fetch from git 
Tarballs from archive.ubuntu.com can and do disappear (similar to archive.debian.org).

Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-05-12 10:49:36 -07:00
Armin Kuster
8eee8727cb smack-test: add smack tests from meta-intel-iot-security 
ported over smack tests

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-05-09 17:45:13 -07:00
Armin Kuster
5d37937f2e smack: move patch to smack dir 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-05-09 17:44:59 -07:00
Armin Kuster
98750e8933 ccs-tools: move to reciped-mac 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-04-07 05:12:43 +05:30
Armin Kuster
5dcf7ca44e apparmor: update to 2.13.2 
Drop patch included in update:
tool-paths.patch

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-03-31 11:57:02 -07:00
Armin Kuster
75e609f7b1 reorg: move mac recipes to recipes-mac 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-03-31 10:37:09 -07:00