7af4d16f33
tpm image: split out tpm2
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-06-26 15:47:47 -07:00
44cb58c3e8
tpm2 images: create tpm2 image and fix packagegroup
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-06-26 15:47:47 -07:00
6aae738ee6
runtime: tpm2 fix names in packagecheck
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-06-26 15:47:47 -07:00
f63db8ce1d
ima-evm-utils: update to tip
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-06-26 15:47:47 -07:00
88350b1267
test-image: add a few more packages to image
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-06-26 15:47:47 -07:00
2098981e0c
test-image: add packagegroup-core-security-ptest
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-06-26 15:47:47 -07:00
55ff4e2434
packagegroup-core-security: cleanup and remove ptest
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-06-26 15:47:47 -07:00
c44f8f3cb2
runtime: clamav test cleanup
...
mirror test is independant of download
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-06-26 15:47:47 -07:00
ee580bd011
security-test-image: add a testing image
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-06-26 15:47:47 -07:00
723cd9e372
layers: set warrior only
...
remove TEST_SUITES from main layer.conf
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-06-26 15:47:47 -07:00
51a4c6b517
linux-bbappends: simplify
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-06-26 15:46:52 -07:00
c28b72e91d
python3-scapy: solved the conflict with python-scapy
...
-Rename the following file to resolve the conflict with python-scapy:
Rename /usr/bin/UTscapy to /usr/bin/UTscapy3
Rename /usr/bin/scapy to /usr/bin/scapy3
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-06-10 07:35:35 -07:00
470271aea7
python-scapy: solved the conflict with python3-scapy
...
-Rename the following file to resolve the conflict with python3-scapy:
Rename /usr/bin/UTscapy to /usr/bin/UTscapy2
Rename /usr/bin/scapy to /usr/bin/scapy2
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-06-10 07:35:35 -07:00
b1e379ee5c
python-scapy: Remove redundant sed operations
...
-Remove redundant sed operations.
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-06-10 07:35:27 -07:00
376d34368e
bastille: solved the conflict with perl-module-text-wrap and base-files
...
-Remove the link to perl5 to resolve the conflict with perl-module-text-wrap.
-Remove the operation on /var/lock to resolve the conflict with base-files.
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-06-10 07:35:18 -07:00
74445465e3
samhain: add rconflict for client and server mode
...
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-05-28 07:38:52 -07:00
41708b0b0c
image: add image for testing
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-05-28 07:38:52 -07:00
4970243bfc
runtime qa: moderize ima test
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-05-28 07:38:52 -07:00
7b287954f7
initramfs: clean up to pull in packages.
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-05-28 07:38:52 -07:00
d1d4e78708
data: remove policies
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-05-28 07:38:52 -07:00
cf0123e130
policy: add ima appraise all policy
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-05-28 07:38:52 -07:00
1293478068
ima_policy_simple: add another sample policy
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-05-28 07:38:52 -07:00
c84f39f8e0
ima-policy-hashed: add new recipe
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-05-28 07:38:52 -07:00
8910674d19
base-files: add appending to automount securityfs
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-05-28 07:38:52 -07:00
e7771ce287
linux: update bbappend
...
remove untested code
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-05-28 07:38:52 -07:00
f26869aef3
ima.cfg: update to 5.0 kernel
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-05-28 07:38:52 -07:00
756a1649b7
ima-evm-utils: cleanup and update to tip
...
update to tip
backported patches to fix build issues.
fix native support
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-05-28 07:38:52 -07:00
d86d3353b2
README: update
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-05-28 07:38:52 -07:00
b2587711d1
layer.conf: add LAYERSERIES_COMPAT
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-05-28 07:38:52 -07:00
6680225c05
meta-integrity: port over from meta-intel-iot-security
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-05-28 07:38:41 -07:00
479d9cc23a
python3-fail2ban: Fix build error of xrange.
...
NameError: name 'xrange' is not defined
Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-05-21 08:18:36 -07:00
56d6256c83
checksec: add runtime test
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-05-21 08:18:36 -07:00
28629fe8a4
keyutils: fix library install path
...
[v2]
fix multilib support
Als add native support
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-05-21 08:18:36 -07:00
7b9206d346
checksec: update to 1.11.1
...
* checksec.sh: Updated to 1.11.1
* checksec.sh: resolved issues with readelf
* checksec.sh: Added docker images for testing
* checksec.sh: Added armhf and aarch64 libc locations
* checksec.sh: Replace FS_COUNT with fgrep
* checksec.sh: Fixed symbols count in csv
* checksec.sh: Fixed RW-RPATH and RW-RUNPATH
* checksec.sh: Added stack canaries generated by intel compiler
* checksec.sh: Mute stat errors for non-existent directories
* checksec.sh: Removed invalid json structures and duplicate kernel checks
* checksec.sh: fixed spaces in -d option
* checksec.sh: Added stack-protector-string check
* checksec.sh: Add arm64 specific kernel checks
* checksec.sh: Add REFCOUNT_FULL to kernel tests
* checksec.sh: Remove OSX support
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-05-21 08:18:36 -07:00
9f5cc2a7eb
smack: kernel fragment update
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-05-12 11:10:44 -07:00
6e3c025a5b
oe-selftest: add running cve checker
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-05-12 11:10:36 -07:00
462d76700a
apparmor: fetch from git
...
Tarballs from archive.ubuntu.com can and do disappear (similar to archive.debian.org).
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-05-12 10:49:36 -07:00
34cb20fe5c
libseccomp: update to 2.4.1
...
bug fix release.
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-05-09 20:05:47 -07:00
78d7a2ef26
libldb: add earlier version
...
This version does not have a dependacy on samba
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-05-09 20:05:32 -07:00
f524ba9665
samhain: add more tests and fix ret checks
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-05-09 17:45:13 -07:00
8eee8727cb
smack-test: add smack tests from meta-intel-iot-security
...
ported over smack tests
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-05-09 17:45:13 -07:00
5d37937f2e
smack: move patch to smack dir
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-05-09 17:44:59 -07:00
f67e1bc01d
apparmor: add a few more runtime
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-05-09 17:44:59 -07:00
f506138eb5
apparmor: fix fragment for 5.0 kernel
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-05-09 17:44:59 -07:00
eaa616a2e2
meta-tpm/README: update
...
Add more description
Signed-off-by: Yi Zhao <yi.zhao@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-05-01 15:53:40 -07:00
e3f6970b09
meta-tpm/conf/layer.conf: update layer dependencies
...
Add openembedded-layer to layer dependencies.
Fix the following build errors:
ERROR: Required build target 'tpm2-pkcs11' has no buildable providers.
Missing or unbuildable dependency chain was: ['tpm2-pkcs11', 'dstat']
ERROR: Required build target 'cryptsetup-tpm-incubator' has no buildable providers.
Missing or unbuildable dependency chain was: ['cryptsetup-tpm-incubator', 'libdevmapper']
ERROR: Required build target 'tpm2-totp' has no buildable providers.
Missing or unbuildable dependency chain was: ['tpm2-totp', 'qrencode']
Signed-off-by: Yi Zhao <yi.zhao@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-05-01 15:53:32 -07:00
5959e4f4bf
clamav-native: fix new build issue
...
re-arch the reciped to build properly.
Fixed /var/lib/clamav dir issue
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-04-14 10:54:20 -07:00
ab3c84c4d3
clamav: add clamav-cvd package for cvd db
...
Add native package to support creating a mirror
of the clamav cvd and supply it in a new package.
Provide a INSTALL_CLAMAV_CVD flag to bypass this creation
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-04-14 10:54:07 -07:00
3b88d3d9ca
clamav: runtime fix local routing
...
This addes the localhost to resolve.conf to fix:
ERROR: Can't get information about database.clamav.net: Temporary failure in name resolution
ERROR: Can't download main.cvd from database.clamav.net
Giving up on database.clamav.net...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-04-13 10:31:20 -07:00
361aa8c562
libldb: add waf-cross-answeres
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2019-04-13 10:31:20 -07:00
Armin Kuster
Zang Ruochen
Changqing Li
leimaohui
Alexander Kanavin
Yi Zhao