meta-security

mirror of https://git.yoctoproject.org/meta-security synced 2026-05-30 12:30:36 +00:00

Author	SHA1	Message	Date
Upgrade Helper	77db981282	clamav: upgrade to latest revision Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-06-05 19:25:17 +00:00
Armin Kuster	ab239f1497	packagegroup-core-security: add clamav-daemon Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-05-16 13:23:55 -07:00
Armin Kuster	448426a1ba	clamav: fix systemd startup cleanup recipe Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-05-16 13:23:55 -07:00
Armin Kuster	10f866a458	.gitlab-ci: drop clean up combine alt w base Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-05-16 13:23:55 -07:00
Armin Kuster	31e5b3e08f	packagegroup-core-security: add aide and ossec Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-05-16 13:23:55 -07:00
Armin Kuster	2f49b2dad0	aide: Add another ids Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-05-16 13:23:55 -07:00
Armin Kuster	44a345dbb1	Apparmor: fix multi config build issue. Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-05-16 13:23:55 -07:00
Armin Kuster	06101dd3da	packagegroup-core-security: fix typo for mips Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-05-16 13:23:55 -07:00
Armin Kuster	2410c36f1f	ibmtpm2tss: update to tip Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-05-16 13:23:55 -07:00
Armin Kuster	ab9da58c3a	ibmswtpm2: update to 1661 Drop patch now included in updated Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-05-16 13:23:55 -07:00
Armin Kuster	cb6b4ae505	suricata: 4.1.x add UPSTREAM_CHECK_URI Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-05-16 13:23:55 -07:00
Armin Kuster	c127cf37f2	python3-scapy: add UPSTREAM_CHECK_COMMITS Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-05-16 13:23:55 -07:00
Armin Kuster	8a098010c1	ossec-hids: add UPSTREAM_CHECK_COMMITS Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-05-16 13:23:55 -07:00
Armin Kuster	75d37ed02a	clamav: update to tip. Add UPSTEAM_CHECK Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-05-16 13:23:55 -07:00
Armin Kuster	5a9e1224e7	tpm2-pkcs11: Update to 1.6.0 Includes gcc11 fix. Added p11-kit Minor cleanup Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-05-16 13:23:55 -07:00
Armin Kuster	7db47965a2	tripwire: Blacklist pkg, upstream seems abandond Last update was 2018. Does not build with gcc11. There are other actively maintained IDS options. Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-05-16 13:23:55 -07:00
Armin Kuster	acbf11eec8	build cleanup: add iam to base depend Drop *.ima.yml Try next Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-05-16 13:23:43 -07:00
Armin Kuster	baca6133f9	libseccomp: drop recipe. In core now Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-04-26 14:33:01 +00:00
Armin Kuster	f1f517c919	ossec-hids: add new pkg Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-04-26 14:32:51 +00:00
Armin Kuster	30da585d2a	kas-security-base: fix feature namespace for tpm* They are MACHINE not DISTRO FEATURES Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-04-20 07:41:29 -07:00
Armin Kuster	caeeb4fb24	.gitlab-ci: use kas shell in some cases. Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-04-20 07:41:29 -07:00
Armin Kuster	881d441f71	packagegroup-core-security: exclude apparmor in mips64 Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-04-19 06:56:18 -07:00
Armin Kuster	32bcdd0fc5	kas: cleanup some kas files Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-04-19 06:56:18 -07:00
Armin Kuster	ca7491a2e3	gitlab-ci: add new before script Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-04-19 06:56:18 -07:00
Armin Kuster	81ec453fc5	gitlab-ci: cleanup after_script Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-04-19 06:56:18 -07:00
Armin Kuster	40a7f58913	.gitlab-ci: work on pipelime Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-04-19 06:56:18 -07:00
Armin Kuster	93a002412c	gitlab-ci: move tpm build Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-04-19 06:56:18 -07:00
Armin Kuster	450421fee8	*-tpm.yml: drop tpms jobs way too many jobs. TPM have there own images, use that Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-04-19 06:56:18 -07:00
Armin Kuster	92bc24566d	kas-security-base: Move some DISTRO_FEATURES around Move FEATURES that affect kernel configuation to minimize rebuilds Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-04-19 06:56:18 -07:00
Anton Antonov	09397c20c5	gitlab-ci: Move all parsec builds into a separate job Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-04-17 10:23:15 -07:00
Armin Kuster	ca9264b1e1	lkrg-module: Add Linux Kernel Runtime Guard For more info see: https://github.com/openwall/lkrg Add to local.conf: IMAGE_INSTALL_append = " kernel-module-lkrg" Need these kconfig options enabled: CONFIG_KALLSYMS_ALL=y CONFIG_JUMP_LABEL=y CONFIG_DEBUG_KERNEL=y To invoke module: sudo insmod {path-to-modules}/p_lkrg.ko kint_enforce=1 Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-04-14 13:49:47 +00:00
Armin Kuster	879330ae38	clamav: remove rest of mirror.dat ref Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-04-14 13:49:47 +00:00
Anton Antonov	5f07a3dcec	Clearly define clang toolchain in Parsec recipes Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-04-14 13:49:47 +00:00
Armin Kuster	1b796b3c21	gitlab-ci: fine tune order Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-04-14 13:49:36 +00:00
Armin Kuster	9286904960	kas-security-base.yml: tweek build vars add meta-filesystems Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-04-12 07:10:09 -07:00
Armin Kuster	6f763e6c58	.gitlab-ci.yml: reorder to speed up builds Also clean up extra spaces Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-04-12 07:08:34 -07:00
Ming Liu	076e75d5cc	initramfs-framework-ima: introduce IMA_FORCE Introduce IMA_FORCE to allow the IMA policy be applied forcely even 'no_ima' boot parameter is available. This ensures the end users have a way to disable 'no_ima' support if they want to, because it may expose a security risk if an attacker can find a way to change kernel arguments, it will easily bypass rootfs authenticity checks. Signed-off-by: Sergio Prado <sergio.prado@toradex.com> Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-04-12 07:07:11 -07:00
Anton Antonov	269cd6a9a2	Define secure images with parsec-service and parsec-tool included and add the images into gitlab CI Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-04-12 07:06:46 -07:00
Anton Antonov	409a8d4276	Add meta-parsec layer into meta-security. The layer contains recipes for Parsec service version 0.7.0 and parsec-tool version 0.3.0. The Parsec service is built with all supported providers and deployed with the MbedCrypto provider enabled. Both systemd and sysv-init are supported. Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-04-12 07:06:46 -07:00
Armin Kuster	6ad6bb0141	README: cleanup Add note about rust. Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-04-12 07:06:46 -07:00
Armin Kuster	aebcf9a985	layer.conf: add dynamic-layer for rust pkg Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-04-12 07:06:46 -07:00
Armin Kuster	aa6d847de4	suricata: update to 6.0.2 needs rust Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-04-12 07:06:29 -07:00
Anton Antonov	f93595863c	Use libest "main" branch instead of "master". This patch fixes the issue: WARNING: libest-3.2.0-r0 do_fetch: Failed to fetch URL git://github.com/cisco/libest, attempting MIRRORS if available ERROR: libest-3.2.0-r0 do_fetch: Fetcher failure: Unable to find revision 4ca02c6d7540f2b1bcea278a4fbe373daac7103b in branch master even from upstream ERROR: libest-3.2.0-r0 do_fetch: Fetcher failure for URL: 'git://github.com/cisco/libest'. Unable to fetch URL from any source. Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-04-12 07:00:47 -07:00
Armin Kuster	a00b285f8c	python3-suricata-update: update to 1.2.1 Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-04-12 07:00:47 -07:00
Armin Kuster	0f79f5aa67	swtpm: fix check for tscd deamon on host Found a few places that tscd check was trying to run the hosts. Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-04-12 07:00:47 -07:00
Armin Kuster	e70a97b570	swtpm: file pip3 issue need native pip3, was using host's Signed-off-by: Armin Kuster <akuster808@gmail.com> -- V2] add python3-cryptography-native to DEPENDS forgot to add changes.	2021-04-02 08:21:34 -07:00
Armin Kuster	6bcba5f95c	swtpm: now need python-cryptography, pull in layer Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-04-02 08:21:34 -07:00
Armin Kuster	2223b8692e	clamav: fix systemd service install ERROR: clamav-0.104.0-r0 do_package: QA Issue: clamav: Files/directories were installed but not shipped in any package: /lib/systemd/system/clamav-daemon.service /lib/systemd/system/clamav-clamonacc.service Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-04-02 08:21:34 -07:00
Armin Kuster	549436c511	python3-privacyidea: upgrade 3.5.1 -> 3.5.2 Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-04-02 08:21:34 -07:00
Ming Liu	995f25bcb9	meta: drop IMA_POLICY from policy recipes IMA_POLICY is being referred as policy recipe name in some places and it is also being referred as policy file in other places, they are conflicting with each other which make it impossible to set a IMA_POLICY global variable in config file. Fix it by dropping IMA_POLICY definitions from policy recipes Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2021-04-02 08:21:34 -07:00

... 14 15 16 17 18 ...

1711 Commits