mirror of
https://git.yoctoproject.org/meta-security
synced 2026-01-12 03:10:13 +00:00
21bb5627e0
Markus Rudy (17):
Use Github TeX Markdown instead of image includes.
Merge pull request #134 from burgerdev/md-tex
Merge pull request #135 from vvidic/cli-base64
RFD 002: public key format at rest (#109)
Merge pull request #137 from vvidic/hmac
Merge pull request #138 from vvidic/hmac2
Update list of supported Python versions
Install golint instead of 'get'ting it.
Merge pull request #139 from burgerdev/actions
Clarify format of public key at rest
Test all supported config file keys
Merge pull request #144 from burgerdev/public-key-format
Fix linter findings for #144
Use 'release' buildtype for NixOS builds
Merge pull request #149 from google/l9i/bye-java
RFD 001: GLOME Login v2 (#102)
login/v2 implementation for Go (#162)
Philipp Kern (21):
Merge pull request #133 from google/l9i/pam-fix
Merge pull request #132 from google/l9i/nix-shell
Merge pull request #140 from vvidic/defaul-typo
Merge pull request #142 from vvidic/soversion
Merge pull request #146 from burgerdev/lint
Merge pull request #148 from google/dependabot/go_modules/go/golang.org/x/crypto-0.1.0
Merge pull request #152 from google/l9i/cpplint
Merge pull request #154 from vvidic/docker-public-key
Merge pull request #155 from vvidic/prompt-fix
Insert a slash after url-prefix when writing it into prompt
Merge pull request #156 from google/url-prefix-compat
Merge pull request #157 from vvidic/config-order
State that devices require randomness for the protocol to work
Update docs/protocol.md
Merge pull request #158 from google/pkern-patch-1
Fix error to state "at most" instead of "at least"
Merge pull request #153 from vvidic/min-tag-length
Merge pull request #159 from vvidic/host-id-type
README.md: Codeblock fixups
Merge branch 'master' into l9i/README
Merge pull request #141 from google/l9i/README
Piotr Lewandowski (12):
Fix failing PAM test
Treat warning as errors
Define OPENSSL_API_COMPAT to require OpenSSL >=1.1
Use werror only for CI
Add nix-shell config for setting up dev environment
Add GitHub Action workflow for shell.nix
Add intro and installation steps to README.md
Address reviewer's comments
Wrap lines
Delete Java implementation
Rename `url-prefix` to `prompt` (#131)
Add `cpplint` linter
Valentin Vidic (10):
Update CLI to use base64 instead of hex tags.
Replace deprecated OpenSSL HMAC API with EVP.
Replace OpenSSL EVP_DigestSign API with HMAC()
Fix typo: defaul => default
Use project version in library version
Update Docker scripts for new public key format
Fix setting of prompt parameter
Parse command line again after reading the config
Add config option for minimum authcode length #122
Add config option for host-id type #122
dependabot[bot] (1):
Bump golang.org/x/crypto in /go
Signed-off-by: Luke Granger-Brown <lukegb@google.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Meta-security
=============
The bbappend files for some recipes (e.g. linux-yocto) in this layer need
to have 'security' in DISTRO_FEATURES to have effect.
To enable them, add in configuration file the following line.
DISTRO_FEATURES:append = " security"
If meta-security is included, but security is not enabled as a
distro feature a warning is printed at parse time:
You have included the meta-security layer, but
'security' has not been enabled in your DISTRO_FEATURES. Some bbappend files
and preferred version setting may not take effect.
If you know what you are doing, this warning can be disabled by setting the following
variable in your configuration:
SKIP_META_SECURITY_SANITY_CHECK = 1
This layer provides security tools, hardening tools for Linux kernels
and libraries for implementing security mechanisms.
Dependencies
============
This layer depends on:
URI: git://git.openembedded.org/openembedded-core
branch: [same one as checked out for this layer]
URI: git://git.openembedded.org/meta-openembedded/meta-oe
branch: [same one as checked out for this layer]
Adding the security layer to your build
========================================
In order to use this layer, you need to make the build system aware of
it.
Assuming the security layer exists at the top-level of your
yocto build tree, you can add it to the build system by adding the
location of the security layer to bblayers.conf, along with any
other layers needed. e.g.:
BBLAYERS ?= " \
/path/to/oe-core/meta \
/path/to/meta-openembedded/meta-oe \
/path/to/layer/meta-security "
Optional Dynamic layer dependancy
======================================
URI: git://git.openembedded.org/meta-openembedded/meta-oe
URI: git://git.openembedded.org/meta-openembedded/meta-perl
URI: git://git.openembedded.org/meta-openembedded/meta-python
BBLAYERS += "/path/to/layer/meta-openembedded/meta-oe"
BBLAYERS += "/path/to/layer/meta-openembedded/meta-perl"
BBLAYERS += "/path/to/layer/meta-openembedded/meta-python"
This will activate the dynamic-layer mechanism.
Maintenance
======================================
Send pull requests, patches, comments or questions to yocto@lists.yoctoproject.org
When sending single patches, please using something like:
'git send-email -1 --to yocto@lists.yoctoproject.org --subject-prefix=meta-security][PATCH'
These values can be set as defaults for this repository:
$ git config sendemail.to yocto@lists.yoctoproject.org
$ git config format.subjectPrefix meta-security][PATCH
Now you can just do 'git send-email origin/master' to send all local patches.
For pull requests, please use create-pull-request and send-pull-request.
Maintainers: Armin Kuster <akuster808@gmail.com>
License
=======
All metadata is MIT licensed unless otherwise stated. Source code included
in tree for individual recipes is under the LICENSE stated in each recipe
(.bb file) unless otherwise stated.