ERROR: oe-scap-1.0-r0 do_package_qa: QA Issue: /usr/share/oe-scap/run_tests.sh contained in package oe-scap requires /bin/bash, but no providers found in RDEPENDS_oe-scap? [file-rdeps]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
ERROR: cryptsetup-tpm-incubator-0.9.9-r0 do_package_qa: QA Issue: /usr/lib/libcryptsetup.so.12.3.0 contained in package cryptsetup-tpm-incubator requires libdevmapper.so.1.02(DM_1_02_97)(64bit), but no providers found in RDEPENDS_cryptsetup-tpm-incubator? [file-rdeps]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This ensures openscap-native does install the needed patches
security guilde needs to build
Minor recipe cleanup too
Signed-off-by: Armin Kuster <akuster808@gmail.com>
add cleandir depends to do_install task
This nostamp is causing issues with the yocto-check-layer when checking
hash changes.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Always build static library. This is required e.g. for runc from
meta-virtualization in its default configuration.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The rootsbindir is a self-defined directory. The install-rootsbinPROGRAMS
is actually treated as part of install-data instead of install-exec.
Do making install-exec-am depend on it actually results in the following
Makefile contents.
install-data-am: install-rootsbinPROGRAMS
install-exec-am: install-binPROGRAMS install-binSCRIPTS
@$(NORMAL_INSTALL)
$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
install-exec-hook: install-rootsbinPROGRAMS
And this results in race condition as two install commands of the same
file running at the same time. Error message is like below.
TOPDIR/tmp-glibc/hosttools/install: cannot create regular file 'TOPDIR/tmp-glibc/work/aarch64-wrs-linux/ecryptfs-utils/111-r0/image/sbin/mount.ecryptfs': File exists
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
ecryptfs-utils does not build with openssl1.1.
Previously this openssl PACKAGECONFIG is disabled by default, so
we are not getting build failures by default. But if we enable it,
we get do_compile failure.
This package is from ubuntu source, and the one ubuntu ships does not
depend on openssl. The development of this package has stopped for about
3 years. I don't see it will fix the build offically.
So remove this PACKAGECONFIG and use '--disable-openssl' directly.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
apparmor-2.13.2-r0 do_package_qa: QA Issue: /usr/bin/aa-easyprof contained in package apparmor requires /usr/bin/python3, but no providers found in RDEPENDS_apparmor? [file-rdeps]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Fixes:
ERROR: QA Issue: /usr/bin/oscap-ssh contained in package openscap requires /bin/bash, but no providers found in RDEPENDS_openscap? [file-rdeps]
ERROR: QA Issue: /usr/bin/scap-as-rpm contained in package openscap requires /usr/bin/python3, but no providers found in RDEPENDS_openscap? [file-rdeps]
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* fixes:
ERROR: QA Issue: /usr/share/smack/smack_rules_gen contained in package smack requires /usr/bin/python3, but no providers found in RDEPENDS_smack? [file-rdeps]
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
It would fail to build scap-security-guide when use openscap-native
sstate cache.
Steps to reproduce:
Create a new build project:
$ bitbake openscap-native
$ bitbake openscap-native -c clean
$ bitbake scap-security-guide
Error message:
OpenSCAP Error: Schema file 'xccdf/1.1/xccdf-schema.xsd' not found in path
'/buildarea/build/tmp/work-shared/openscap/oscap-build-artifacts/usr/share/openscap/schemas'
when trying to validate
'/buildarea/build/tmp/work/core2-64-poky-linux/scap-security-guide/0.1.44+gitAUTOINC+5fdfdcb2e9-r0/git/build/chromium/xccdf-unlinked-resolved.xml'
[/buildarea/build/tmp/work/x86_64-linux/openscap-native/1.3.1+gitAUTOINC+4bbdb46ff6-r0/git/src/source/validate.c:104]
Invalid XCCDF Checklist (1.1) content in
/buildarea/build/tmp/work/core2-64-poky-linux/scap-security-guide/0.1.44+gitAUTOINC+5fdfdcb2e9-r0/git/build/chromium/xccdf-unlinked-resolved.xml.
[/buildarea/build/tmp/work/x86_64-linux/openscap-native/1.3.1+gitAUTOINC+4bbdb46ff6-r0/git/src/source/oscap_source.c:346]
chromium/CMakeFiles/generate-internal-chromium-xccdf-unlinked-resolved.xml.dir/build.make:63: recipe for target 'chromium/xccdf-unlinked-resolved.xml' failed
When using sstate cache, the openscap-native doesn't install the
artifacts to work-shared/openscap/oscap-build-artifacts when prepare
recipe sysroot for scap-security-guide.
Set do_install[nostamp] to 1 to ensure the openscap-native artifacts
are installed to work-shared/openscap/oscap-build-artifacts even if
using sstate cache.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
As pointer by Martin Jansa, keyutils package is now a part of meta-oe,
so switch to using keyutils from that layer.
Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Remove autoconf-archive from DEPENDS because it is using CMake/Ninjia
build now. Also remove unused dpkg-native dependency from
DEPENDS_class-native.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Add bbclass responsible for handling signing of kernel modules.
Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
fixup class to avoid including in every configure task
Signed-off-by: Armin Kuster <akuster808@gmail.com>
data/debug-keys will be reused for demo modsign keys, so rename
IMA_EVM_BASE to more generic INTEGRITY_BASE.
Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
* Set B="${S}/build" to fix the build failure for out of source
directory
* Remove do_complile and do_install. Use the default functions from
cmake.bbclass.
* Install the artifacts to /usr/share rather than /usr/local/share
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Add PACKAGECONFIG for gcrypt, nss3 and selinux
* Use EXTRA_OECMAKE rather than EXTRA_OECONF
* Set CMAKE_SKIP_RPATH and CMAKE_SKIP_INSTALL_RPATH instead of chrpath
* Remove ptest since there are many host contamination issues on target.
We will add it back when these issues are solved.
* Drop the unused patch
* Add PV
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Examples are usefull to actually check TPM2 from UEFI shell. Add them to
tpm2-tcti-uefi package.
Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
New autoconf-archive comes with updated AX_CODE_COVERAGE macro, which is
not compatible with current tpm2-tss source base. Apply upstream patch
to fix this incompatibility.
Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Armin Kuster
Stefan Agner
Yuan Chao
Adrian Bunk
Qi.Chen@windriver.com
Yi Zhao
Martin Jansa
Dmitry Eremin-Solenikov
lumag