685ff03814
suricata has "--disable-suricata-update" Original add:caaeb67863("suricata-update: add package to pull rules") Suricata dropped:7a1691c037("suricata: Drop 4.1.x its EOL") Not readded:818a8646a6("suricata: rust is in core") *Changes* 1.2.1 -> 1.3.6 Drop period and trailing space in SUMMARY value Drop now-redundant "S" Use HTTPS protocol for SRC_URI LICENSE "GPLv2" -> "GPL-2.0-only" Add "python3-shell" RDEPENDS to resolve: ModuleNotFoundError: No module named 'shlex' Basic target testing: root@beaglebone-yocto:~# suricata-update 22/9/2025 -- 04:06:23 - <Info> -- Using data-directory /var/lib/suricata. 22/9/2025 -- 04:06:23 - <Info> -- Using Suricata configuration /etc/suricata/suricata.yaml 22/9/2025 -- 04:06:23 - <Info> -- Using /usr/share/suricata/rules for Suricata provided rules. 22/9/2025 -- 04:06:23 - <Info> -- Found Suricata version 7.0.0 at /bin/suricata. 22/9/2025 -- 04:06:23 - <Info> -- Loading /etc/suricata/suricata.yaml 22/9/2025 -- 04:06:23 - <Info> -- Disabling rules for protocol pgsql 22/9/2025 -- 04:06:23 - <Info> -- Disabling rules for protocol modbus 22/9/2025 -- 04:06:23 - <Info> -- Disabling rules for protocol dnp3 22/9/2025 -- 04:06:23 - <Info> -- Disabling rules for protocol enip 22/9/2025 -- 04:06:23 - <Info> -- No sources configured, will use Emerging Threats Open 22/9/2025 -- 04:06:23 - <Info> -- Fetching https://rules.emergingthreats.net/open/suricata-7.0.0/emerging.rules.tar.gz. 100% - 5102134/5102134 22/9/2025 -- 04:06:24 - <Info> -- Done. 22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/app-layer-events.rules 22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/decoder-events.rules 22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/dhcp-events.rules 22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/dnp3-events.rules 22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/dns-events.rules 22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/files.rules 22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/http2-events.rules 22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/http-events.rules 22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/ipsec-events.rules 22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/kerberos-events.rules 22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/modbus-events.rules 22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/mqtt-events.rules 22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/nfs-events.rules 22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/ntp-events.rules 22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/quic-events.rules 22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/rfb-events.rules 22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/smb-events.rules 22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/smtp-events.rules 22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/ssh-events.rules 22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/stream-events.rules 22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/tls-events.rules 22/9/2025 -- 04:06:27 - <Info> -- Ignoring file ba1345f233851ca2df4d905ea4b386d2/rules/emerging-deleted.rules 22/9/2025 -- 04:06:57 - <Info> -- Loaded 61205 rules. 22/9/2025 -- 04:07:02 - <Info> -- Disabled 14 rules. 22/9/2025 -- 04:07:02 - <Info> -- Enabled 0 rules. 22/9/2025 -- 04:07:02 - <Info> -- Modified 0 rules. 22/9/2025 -- 04:07:02 - <Info> -- Dropped 0 rules. 22/9/2025 -- 04:07:03 - <Info> -- Enabled 136 rules for flowbit dependencies. 22/9/2025 -- 04:07:03 - <Info> -- Creating directory /var/lib/suricata/rules. 22/9/2025 -- 04:07:03 - <Info> -- Backing up current rules. 22/9/2025 -- 04:07:03 - <Info> -- Writing rules to /var/lib/suricata/rules/suricata.rules: total: 61205; enabled: 45406; added: 61205; removed 0; modified: 0 22/9/2025 -- 04:07:06 - <Info> -- Writing /var/lib/suricata/rules/classification.config 22/9/2025 -- 04:07:07 - <Info> -- Testing with suricata -T. 22/9/2025 -- 04:07:57 - <Info> -- Done. Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com>
Master-next:
Master: 
Meta-security
The bbappend files for some recipes (e.g. linux-yocto) in this layer need to have 'security' in DISTRO_FEATURES to have effect. To enable them, add in configuration file the following line.
DISTRO_FEATURES:append = " security"
If meta-security is included, but security is not enabled as a distro feature a warning is printed at parse time:
You have included the meta-security layer, but
'security' has not been enabled in your DISTRO_FEATURES. Some bbappend files
and preferred version setting may not take effect.
If you know what you are doing, this warning can be disabled by setting the following variable in your configuration:
SKIP_META_SECURITY_SANITY_CHECK = 1
This layer provides security tools, hardening tools for Linux kernels and libraries for implementing security mechanisms.
Dependencies
This layer depends on:
URI: git://git.openembedded.org/openembedded-core branch: [same one as checked out for this layer]
URI: git://git.openembedded.org/meta-openembedded/meta-oe branch: [same one as checked out for this layer]
Adding the security layer to your build
In order to use this layer, you need to make the build system aware of it.
Assuming the security layer exists at the top-level of your yocto build tree, you can add it to the build system by adding the location of the security layer to bblayers.conf, along with any other layers needed. e.g.:
BBLAYERS ?= "
/path/to/oe-core/meta
/path/to/meta-openembedded/meta-oe
/path/to/layer/meta-security "
Optional Dynamic layer dependancy
URI: git://git.openembedded.org/meta-openembedded/meta-oe
URI: git://git.openembedded.org/meta-openembedded/meta-perl
URI: git://git.openembedded.org/meta-openembedded/meta-python
BBLAYERS += "/path/to/layer/meta-openembedded/meta-oe" BBLAYERS += "/path/to/layer/meta-openembedded/meta-perl" BBLAYERS += "/path/to/layer/meta-openembedded/meta-python"
This will activate the dynamic-layer mechanism.
Maintenance
Send pull requests, patches, comments or questions to yocto-patches@lists.yoctoproject.org
When sending single patches, please using something like: 'git send-email -1 --to yocto-patches@lists.yoctoproject.org --subject-prefix=meta-security][PATCH'
These values can be set as defaults for this repository:
$ git config sendemail.to yocto-patches@lists.yoctoproject.org $ git config format.subjectPrefix meta-security][PATCH
Now you can just do 'git send-email origin/master' to send all local patches.
For pull requests, please use create-pull-request and send-pull-request.
Maintainers: Scott Murray scott.murray@konsulko.com Marta Rybczynska rybczynska@gmail.com
License
All metadata is MIT licensed unless otherwise stated. Source code included in tree for individual recipes is under the LICENSE stated in each recipe (.bb file) unless otherwise stated.