mirrors/meta-security
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-security synced 2026-01-11 15:00:34 +00:00
Code Issues Projects Releases Wiki Activity
1,664 Commits 37 Branches 0 Tags
fa4057267c920f211cdcd49f0a0d060d4e8a8b84
Commit Graph

51 Commits

Author SHA1 Message Date
Scott Murray
fa4057267c paxctl: Remove recipe 
Remove the paxctl recipe since it has seemingly been broken for a
while without anyone noticing, and there likely have been no actual
users since grsecurity stopped doing public releases in 2017.

Signed-off-by: Scott Murray <scott.murray@konsulko.com>
 2025-10-08 17:34:14 +02:00
Marta Rybczynska
65fd11a293 chipsec: disable until 6.16 support is fixed 
The 1.13.16 version does not work on the kernel 6.16 for now [1].

Disable when waiting for the fix.

[1] https://github.com/chipsec/chipsec/issues/2563

Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
 2025-10-08 17:34:14 +02:00
Marta Rybczynska
643c3d78b9 aide: remove for musl 
Aide currently doesn't compile with musl because of copied getopt prototypes
and implementation.

Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
 2025-07-23 18:45:56 +02:00
Marta Rybczynska
aa7213378a packagegroup-core-security: unify conditional adding of packages on RISCV 
The package choice was using TUNE_FEATURES that doesn't work anymore
with multiple sub-architectures of RISCV. Instead use the overrides
and make sure to take into account also qemu versions.

Only riscv32/riscv64 does not work, fail on RDEPEND for qemu targets.

Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
 2025-07-23 18:45:56 +02:00
Armin Kuster
a9c3a4fdfd packagegroup-core-security: drop firejail for musl 
appears to be a known issue:
https://bugs.gentoo.org/937374

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2025-01-06 20:01:40 -05:00
Marta Rybczynska
3a88379610 packagegroup-core-security: update libseccomp dependencies 
libseccomp requires DISTRO_FEATURE seccomp enabled. This one
is automatically removed for riscv, so we do not need to add
an additional condition.

This change is necessary for cve-check on world with meta-security

Signed-off-by: Marta Rybczynska <marta.rybczynska@syslinbit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-05-08 22:03:13 -04:00
Armin Kuster
e4318a3c5a packagegroup-core-security: only include firejail x86-64 and arch64 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2023-07-31 06:18:52 -04:00
Armin Kuster
515dd792ba packagegroup-core-security: add os-release 
Exclude openscap and scap-security-guide if musl

Fix RDEPENDS list to include compliance packages.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2023-06-25 15:05:28 -04:00
Armin Kuster
6ae25c7673 packagegroup-core-security: add compliance pkg group 
Signed-off-by: Armin Kuster <akuster808@gmail.com>

---
v2]
Missed to include trailing \
 2023-06-20 11:07:20 -04:00
Armin Kuster
4ed311eaf7 packagegroup-core-security: refactor the inclusion of krill 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2023-03-22 08:02:50 -04:00
John Edward Broadbent
571af37e9c meta-security: Add recipe for Glome 
Generic Low Overhead Message Exchange (GLOME) is a protocol providing
secure authentication and authorization for low dependency environments.

Signed-off-by: John Edward Broadbent <jebr@google.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-08-12 08:32:51 -07:00
Armin Kuster
5f530ba5ab packagegroup-core-security: add pkg to grp 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-08-12 08:32:51 -07:00
Armin Kuster
c352530c13 packagegroup-core-security: add space for appends 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-08-06 08:55:49 -07:00
Armin Kuster
2a2d650ee0 packagegroup-core-security: remove krill for some archs 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-08-02 13:45:26 -07:00
Armin Kuster
d8d3824d2d packagegroup-core-security: add chipsec pkg to grp 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-08-02 13:45:26 -07:00
Armin Kuster
c48c6e5881 packagegroup-core-security: add krill to pkg grps 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-08-02 13:45:26 -07:00
Armin Kuster
ac0a4ea0f8 packagegroup-core-security.bb: add bubblewrap to pkg grp 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-07-30 14:11:27 -07:00
Armin Kuster
a68a46ded9 packagegroup-core-security: skip mips firejail 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-23 18:47:59 -07:00
Armin Kuster
6cdb369591 packagegroup-core-security: add firejail 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-23 18:47:59 -07:00
Armin Kuster
db2ebfc0d3 packagegroup-core-security: drop sssd 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-18 06:48:22 -07:00
Armin Kuster
8c6fe006a1 packagegroup-core-security: don't include aprwatch for musl 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-07 16:58:24 -07:00
Armin Kuster
5bdb7a35c1 packagegroup-core-security: drop arpwatch for riscv from pkg grp 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-07 16:58:24 -07:00
Armin Kuster
982ff6fb97 packagegroup-core-security: add arpwatch and chkrootkit to pkg grp 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-07 16:58:24 -07:00
Armin Kuster
bc59937b54 packagegroup-core-security.bb: fix suricata inclusion 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-05-14 10:51:32 -07:00
Armin Kuster
55839bcd20 packagegroup-core-security: remove pkgs 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-05-14 10:51:32 -07:00
Armin Kuster
e740a30c10 libest: does not build with openssl 3.x 
blacklist for now. Remove from pkg grp

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-12-25 11:29:31 -08:00
Armin Kuster
e5e54135da opendnssec: blacklist do to ldns being blacklisted 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-10-24 19:54:00 -07:00
Armin Kuster
c885d399cd packagegroup-core-security.bb: only include suricat-ptest if rust is included 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-01 08:47:08 -07:00
Armin Kuster
11a67b861a meta-security: Convert to new override syntax 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-01 08:47:08 -07:00
Armin Kuster
f447658731 packagegroup-core-security.bb: fix suricat-ptest inclusion 
drop libseccomp ptest

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-07-28 18:21:25 -07:00
Armin Kuster
8f313d951c packagegroup-core-security: add sshguard 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-06-29 09:31:13 -07:00
Armin Kuster
0c26950b0d packagegroup-core-security: drop python3-scapy 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-06-05 19:25:24 +00:00
Armin Kuster
e1f0699492 packagegroup-core-security: exclude ossec-hids from musl 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-06-05 19:25:17 +00:00
Armin Kuster
ab239f1497 packagegroup-core-security: add clamav-daemon 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-05-16 13:23:55 -07:00
Armin Kuster
31e5b3e08f packagegroup-core-security: add aide and ossec 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-05-16 13:23:55 -07:00
Armin Kuster
06101dd3da packagegroup-core-security: fix typo for mips 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-05-16 13:23:55 -07:00
Armin Kuster
7db47965a2 tripwire: Blacklist pkg, upstream seems abandond 
Last update was 2018. Does not build with gcc11.
There are other actively maintained IDS options.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-05-16 13:23:55 -07:00
Armin Kuster
881d441f71 packagegroup-core-security: exclude apparmor in mips64 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-04-19 06:56:18 -07:00
Armin Kuster
44d51ebff5 packagegroup-core-security: drop clamav-cvd 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-04-02 08:21:34 -07:00
Armin Kuster
496a734c14 packagegroup-core-security: remove clamav from musl image 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-10-10 16:21:48 -07:00
Armin Kuster
8bab022533 packagegroup-core-security: apparmor 3.0 ptest does not build 
for now skip apparmor ptest

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-10-09 07:02:01 -07:00
Armin Kuster
b03d65ffe4 security-test-image: simplify 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-10-01 06:22:07 -07:00
Armin Kuster
cef1768aff packagegroup-core-security: add opendnssec to pkg grp 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-09-29 07:18:24 -07:00
Armin Kuster
082305ded8 packagegroup-core-security: add libest package 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-09-29 07:18:24 -07:00
Armin Kuster
f0c6f7769c packagegroup-core-security: add softHSM 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-09-29 07:18:24 -07:00
Armin Kuster
91d6d1f5f3 packagegroup-core-security: add more pkgs to base group 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-09-18 04:06:31 -07:00
Armin Kuster
caf76696e8 packagegroup-core-security: dont include suricata on riscv or ppc 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-09-12 08:55:28 -07:00
Armin Kuster
fcceba2208 packagegroup-core-security: restore riscv64 for libssecomp 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-07-27 22:22:17 -07:00
Armin Kuster
29f47b4485 packagegroup-core-security: remove libseccomp for riscv* 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-07-27 22:22:17 -07:00
Armin Kuster
98ff502d40 packagegroup-core-security: remove clamav for riscv* 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-07-25 09:00:39 -07:00