mirrors/meta-security
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-security synced 2026-04-20 11:29:37 +00:00
Code Issues Projects Releases Wiki Activity
1,223 Commits 38 Branches 0 Tags
dc0d72e51adf7e72cbba9e8a8fb00879871b438c
Commit Graph

1223 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Armin Kuster
dc0d72e51a tpm2-tools: Add UPSTREAM_CHECK_URI 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-07-30 14:11:27 -07:00
Armin Kuster
293d3ba9ad tpm2-tss: add UPSTREAM_CHECK_URI 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-07-30 14:11:27 -07:00
Armin Kuster
edcb1537de tpm2-tss-engine: add UPSTREAM_CHECK_URI 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-07-30 14:11:27 -07:00
Armin Kuster
770c7f3c05 ibmtpm2tss: fix SRC_URI 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-07-30 14:11:27 -07:00
Armin Kuster
5a30024396 fail2ban: add UPSTREAM_CHECK vars 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-07-30 14:11:27 -07:00
Upgrade Helper
2ca0809282 sssd: upgrade 2.7.1 -> 2.7.3 
add UPSTREAM_CHECK_URI
 2022-07-30 14:11:27 -07:00
Armin Kuster
8cf673deaa chipsec: update to 1.8.7 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-07-30 14:11:27 -07:00
Armin Kuster
01d58e266d suricata: update to 6.0.5 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-07-30 14:11:27 -07:00
Armin Kuster
affbb0d267 python3-privacyidea: update to 3.7.2 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-07-30 14:11:27 -07:00
Armin Kuster
77910422fa packagegroup-security-tpm: add libhoth to pkg grp 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-07-30 14:11:27 -07:00
John Edward Broadbent
71199365ff meta-security: Add recipe for libhoth 
Libhoth is usb protocol implementation which is required for hoth class
devices

Signed-off-by: John Edward Broadbent <jebr@google.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-07-30 14:11:27 -07:00
Armin Kuster
ac0a4ea0f8 packagegroup-core-security.bb: add bubblewrap to pkg grp 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-07-30 14:11:27 -07:00
Alex Kiernan
f4a4c902ed bubblewrap: Add recipe 
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
 2022-07-30 14:11:27 -07:00
Jeremy A. Puhlman
7ad5f6a9da python3-privacyidea: add correct path to lib/privacyidea 
Nothing in getting installed in ${datadir}/lib, it is all going to
${prefix}/lib. setuptools pulls in ${libdir}/* so for the base lib
case of ${prefix}/lib the build works. If libdir is something else
lib64 for example, its still ending up in ${prefix}/lib and it fails
to build.

Set value to correct path as it is being installed.

Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-07-05 19:26:50 -04:00
Jeremy A. Puhlman
a0d7194b21 clamav: make install owner match the added user name 
USERADD_PARAM:${PN}-freshclam = "--system -g ${CLAMAV_GID} --home-dir  \
    ${localstatedir}/lib/${BPN} \
        --no-create-home  --shell /sbin/nologin ${PN}"

The username added to the passwd file is ${PN}. When ${PN} is
multilibized, it no longer matches CLAMAV_UID. Make the two match.

Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-07-05 19:26:50 -04:00
Jose Quaresma
c1c80cf0c0 meta-integrity: kernel-modsign: prevents splitting out debug symbols 
Starting with [1] kernel modules symbols is being slipped in OE-core
and this breaks the kernel modules sign, so disable it.

[1] https://git.openembedded.org/openembedded-core/commit/?id=e09a8fa931fe617afc05bd5e00dca5dd3fe386e8

Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-07-05 19:26:50 -04:00
Armin Kuster
7cff72ef80 lkrg: update to 0.9.3 
refresh patch

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-07-05 19:26:50 -04:00
Armin Kuster
f453866cf6 security-build-image: add lkrg-module to build image 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-23 18:47:59 -07:00
Armin Kuster
a87a1a3e7c chipsec: update to 1.8.5 
minor recipe cleanup

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-23 18:47:59 -07:00
Armin Kuster
a68a46ded9 packagegroup-core-security: skip mips firejail 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-23 18:47:59 -07:00
Armin Kuster
fdff18d9da README: update email address 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-23 18:47:59 -07:00
Armin Kuster
0b9e9c0519 lynis: update to 3.0.8 
See changelog for details: https://cisofy.com/changelog/lynis/#308

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-23 18:47:59 -07:00
Armin Kuster
94edbcea9a ccs-tools: update to 1.8.9 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-23 18:47:59 -07:00
Armin Kuster
14b2a6ac18 oeqa: shut done swtpm before and after testing 
fixes:
swtpm: Could not open TCP socket: Address already in use

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-23 18:47:59 -07:00
Armin Kuster
b5642c519b oeqa: meta-tpm shut swtpm down before and after testing 
fixes:
swtpm: Could not open TCP socket: Address already in use

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-23 18:47:59 -07:00
Armin Kuster
fccbe155be oeqa/clamav drop depricated --list-mirror test 
Fix download test

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-23 18:47:59 -07:00
Armin Kuster
123c59c313 security-test-image: add firejail and aide test suites 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-23 18:47:59 -07:00
Armin Kuster
6cdb369591 packagegroup-core-security: add firejail 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-23 18:47:59 -07:00
Armin Kuster
4e0d448aca oeqa: Add a very basic firejail test 
Currently check if --help works.

RESULTS:
RESULTS - ping.PingTest.test_ping: PASSED (0.07s)
RESULTS - ssh.SSHTest.test_ssh: PASSED (2.41s)
RESULTS - firejail.FirejailTest.test_firejail_basic: PASSED (1.30s)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-23 18:47:59 -07:00
Armin Kuster
fec94e6ce4 firejail: Add new package 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-23 18:47:59 -07:00
Armin Kuster
6dedb1de70 aide.conf: adjust to allow for build time db creation 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-23 18:47:59 -07:00
Armin Kuster
1f11389089 aide: add native support for build time db creation 
This will help create a aide db during build that is
then installed on the rootfs for verification at boot time.

This work was inspired by:
Marco Cavallini
Yocto Project Ambassador

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-23 18:47:59 -07:00
Armin Kuster
a0665584ab classes: add aide routines 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-23 18:47:59 -07:00
Armin Kuster
80bc8b7133 libmhash: add native pkg support 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-23 18:47:59 -07:00
Armin Kuster
71061edbe1 oeqa: add aide test 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-23 18:47:59 -07:00
Armin Kuster
36d0577057 aide: add a few more config options 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-23 18:47:59 -07:00
Armin Kuster
102e47f14d oeqa: update smack runtime test 
drop test_smack_mmap_enforced as is was skipped do to possible licensing issues

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-23 18:47:59 -07:00
Armin Kuster
95f7abc7ef smack-test: more py3 covertion 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-23 18:47:59 -07:00
Armin Kuster
6c77d06b84 security-test-image: auto include layers if present. 
This is to simplify tesing to build one image and include pkgs depending on the
layers included in the BBLAYERS.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-18 06:48:22 -07:00
Armin Kuster
caadc8672b sssd: update to 2.7.1 
drop CVE-2021-3621.patch
refresh a few patches

fixup configure-unsafe globally via sed in build.m4

=== test
RESULTS - sssd.SSSDTest.test_sssd_help: PASSED (1.70s)
RESULTS - sssd.SSSDTest.test_sssd_sssctl_conf_perms_chk: PASSED (2.71s)
RESULTS - sssd.SSSDTest.test_sssd_sssctl_deamon: PASSED (2.07s)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-18 06:48:22 -07:00
Armin Kuster
4bb7e5b84a oeqa: sssd.py fix tests 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-18 06:48:22 -07:00
Armin Kuster
23d501eb70 sssd: use example conf file 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-18 06:48:22 -07:00
Armin Kuster
72ba0a4a14 oeqa: fix checksec runtime test 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-18 06:48:22 -07:00
Armin Kuster
ed2535a84f packagegroup-core-security.bbappend: add sssd 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-18 06:48:22 -07:00
Armin Kuster
db2ebfc0d3 packagegroup-core-security: drop sssd 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-18 06:48:22 -07:00
Armin Kuster
e4bb9a9e7f layer.conf:add meta-netorking to BBFILES_DYNAMIC 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-18 06:48:22 -07:00
Armin Kuster
db3a3e87a6 sssd:move to dynamic networking-layer 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-18 06:48:22 -07:00
Armin Kuster
b67b4cf5ca apparmor: fix ownership issues 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-18 06:48:22 -07:00
Yi Zhao
b0b626721e aide: fix typo 
Fix typo:
RDPENDS_${PN} -> RDEPENDS:${PN}

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-18 06:48:22 -07:00
Armin Kuster
8c6fe006a1 packagegroup-core-security: don't include aprwatch for musl 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-07 16:58:24 -07:00