mirror of
https://git.yoctoproject.org/meta-security
synced 2026-06-04 14:10:22 +00:00
Yi Zhao
7fb8569f0b
It would fail to build scap-security-guide when use openscap-native sstate cache. Steps to reproduce: Create a new build project: $ bitbake openscap-native $ bitbake openscap-native -c clean $ bitbake scap-security-guide Error message: OpenSCAP Error: Schema file 'xccdf/1.1/xccdf-schema.xsd' not found in path '/buildarea/build/tmp/work-shared/openscap/oscap-build-artifacts/usr/share/openscap/schemas' when trying to validate '/buildarea/build/tmp/work/core2-64-poky-linux/scap-security-guide/0.1.44+gitAUTOINC+5fdfdcb2e9-r0/git/build/chromium/xccdf-unlinked-resolved.xml' [/buildarea/build/tmp/work/x86_64-linux/openscap-native/1.3.1+gitAUTOINC+4bbdb46ff6-r0/git/src/source/validate.c:104] Invalid XCCDF Checklist (1.1) content in /buildarea/build/tmp/work/core2-64-poky-linux/scap-security-guide/0.1.44+gitAUTOINC+5fdfdcb2e9-r0/git/build/chromium/xccdf-unlinked-resolved.xml. [/buildarea/build/tmp/work/x86_64-linux/openscap-native/1.3.1+gitAUTOINC+4bbdb46ff6-r0/git/src/source/oscap_source.c:346] chromium/CMakeFiles/generate-internal-chromium-xccdf-unlinked-resolved.xml.dir/build.make:63: recipe for target 'chromium/xccdf-unlinked-resolved.xml' failed When using sstate cache, the openscap-native doesn't install the artifacts to work-shared/openscap/oscap-build-artifacts when prepare recipe sysroot for scap-security-guide. Set do_install[nostamp] to 1 to ensure the openscap-native artifacts are installed to work-shared/openscap/oscap-build-artifacts even if using sstate cache. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Meta-security
=============
This layer provides security tools, hardening tools for Linux kernels
and libraries for implementing security mechanisms.
Dependencies
============
This layer depends on:
URI: git://git.openembedded.org/openembedded-core
branch: master
revision: HEAD
prio: default
URI: git://git.openembedded.org/meta-openembedded/meta-oe
branch: master
revision: HEAD
prio: default
URI: git://git.openembedded.org/meta-openembedded/meta-perl
branch: master
revision: HEAD
prio: default
URI: git://git.openembedded.org/meta-openembedded/meta-networking
branch: master
revision: HEAD
prio: default
Adding the security layer to your build
========================================
In order to use this layer, you need to make the build system aware of
it.
Assuming the security layer exists at the top-level of your
yocto build tree, you can add it to the build system by adding the
location of the security layer to bblayers.conf, along with any
other layers needed. e.g.:
BBLAYERS ?= " \
/path/to/oe-core/meta \
/path/to/meta-openembedded/meta-oe \
/path/to/meta-openembedded/meta-perl \
/path/to/meta-openembedded/meta-python \
/path/to/meta-openembedded/meta-networking \
/path/to/layer/meta-security \
Maintenance
-----------
Send pull requests, patches, comments or questions to yocto@yoctoproject.org
When sending single patches, please using something like:
'git send-email -1 --to yocto@yoctoproject.org --subject-prefix=meta-security][PATCH'
These values can be set as defaults for this repository:
$ git config sendemail.to yocto@yoctoproject.org
$ git config format.subjectPrefix meta-security][PATCH
Now you can just do 'git send-email origin/master' to send all local patches.
Maintainers: Armin Kuster <akuster808@gmail.com>
License
=======
All metadata is MIT licensed unless otherwise stated. Source code included
in tree for individual recipes is under the LICENSE stated in each recipe
(.bb file) unless otherwise stated.