From 940ddd1b1f4cfbc94de0e6a4acd2a68d46cf0dff Mon Sep 17 00:00:00 2001 From: vbenoit Date: Tue, 11 Jul 2023 08:30:14 +0000 Subject: [PATCH] =?UTF-8?q?correction=20des=20diff=C3=A9rents=20bugs?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- conf/distro/rpi-distro.conf | 4 +-- conf/layer.conf | 2 +- ...> arkens-image-cybersecurite.bbappend.old} | 0 recipes-core/images/rpi-test-image.bb | 4 +++ recipes-core/images/rpi-test-image.inc | 27 +++++++++++++++++++ .../audit-userspace/audit-userspace_2.8.5.bb | 19 ++++++++----- .../nlohmann-json/nlohmann-json_3.7.3.bb | 4 +-- recipes-scanners/wazuh/wazuh-agent_4.7.0.bb | 12 ++++----- recipes-scanners/wazuh/wazuh-users.bb | 6 ++--- recipes-support/sqlite/sqlite3.inc | 23 +++++++++------- 10 files changed, 71 insertions(+), 30 deletions(-) rename recipes-core/images/{arkens-image-cybersecurite.bbappend => arkens-image-cybersecurite.bbappend.old} (100%) create mode 100644 recipes-core/images/rpi-test-image.bb create mode 100644 recipes-core/images/rpi-test-image.inc diff --git a/conf/distro/rpi-distro.conf b/conf/distro/rpi-distro.conf index 71b9733..9f7966b 100644 --- a/conf/distro/rpi-distro.conf +++ b/conf/distro/rpi-distro.conf @@ -34,7 +34,7 @@ CMDLINE_SERIAL = "console=tty1" SERIAL_CONSOLES = "" # Use systemd -DISTRO_FEATURES += " systemd usbhost ipv4 pam format" +DISTRO_FEATURES += " systemd usbhost ipv4 pam format security" VIRTUAL-RUNTIME_init_manager = "systemd" VIRTUAL_RUNTIME_login_manager = "shadow-base" VIRTUAL_RUNTIME_syslog = "rsyslog" @@ -55,4 +55,4 @@ INHERIT += "rm_work" INHERIT += "extrausers" EXTRA_USERS_PARAMS += "usermod -p '\$6\$kineintercom\$CRdIWTleZDC7c/0pNVlDZy7K56fyf5PVsAGlx27GAY8UX/EjObgmxhMi3YOOs0uLj.da3jMdv.sKFngNFUqFz1' root;" -RM_WORK_EXCLUDE += "wazuh" +RM_WORK_EXCLUDE += "wazuh-agent" diff --git a/conf/layer.conf b/conf/layer.conf index 9d8109a..7a9bb1b 100644 --- a/conf/layer.conf +++ b/conf/layer.conf @@ -11,4 +11,4 @@ BBFILE_PRIORITY_cyber-scle = "11" #LAYERDEPENDS_cyber-scle = "meta-security" -LAYERSERIES_COMPAT_cyber-scle = "zeus" +LAYERSERIES_COMPAT_cyber-scle = "kirkstone" diff --git a/recipes-core/images/arkens-image-cybersecurite.bbappend b/recipes-core/images/arkens-image-cybersecurite.bbappend.old similarity index 100% rename from recipes-core/images/arkens-image-cybersecurite.bbappend rename to recipes-core/images/arkens-image-cybersecurite.bbappend.old diff --git a/recipes-core/images/rpi-test-image.bb b/recipes-core/images/rpi-test-image.bb new file mode 100644 index 0000000..ba6d20b --- /dev/null +++ b/recipes-core/images/rpi-test-image.bb @@ -0,0 +1,4 @@ +# Copyright (C) 2022 Vincent BENOIT +# Release under the MIT license (see COPYING.MIT for the terms) +SUMMARY = "RPI Test Image" +include rpi-test-image.inc diff --git a/recipes-core/images/rpi-test-image.inc b/recipes-core/images/rpi-test-image.inc new file mode 100644 index 0000000..008136f --- /dev/null +++ b/recipes-core/images/rpi-test-image.inc @@ -0,0 +1,27 @@ +SUMMARY = "Cyber Scle Image" +PV = "1.0.0" + +inherit core-image + +EXTRA_IMAGE_FEATURES = "" +GLIBC_GENERATE_LOCALES = "en_US.UTF-8 fr_FR.UTF-8" +IMAGE_LINGUAS = "fr-fr" + +PROCESS_INSTALL = " \ + lynis \ + " + +PYTHON_INSTALL = " \ + " + +IMAGE_INSTALL += " \ + sudo \ + logrotate \ + rsyslog \ + iptables \ + procps \ + kbd-keymaps \ + vim \ + usbutils \ + ${PROCESS_INSTALL} \ + " diff --git a/recipes-devtools/audit-userspace/audit-userspace_2.8.5.bb b/recipes-devtools/audit-userspace/audit-userspace_2.8.5.bb index 34d8b2b..387f07e 100644 --- a/recipes-devtools/audit-userspace/audit-userspace_2.8.5.bb +++ b/recipes-devtools/audit-userspace/audit-userspace_2.8.5.bb @@ -1,16 +1,23 @@ DESCRIPTION = "This is some background information about the Linux Auditing Framework" HOMEPAGE = "https://github.com/linux-audit/audit-userspace" -LICENSE = "GPLv2" +LICENSE = "GPLv2+" LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" + SRC_URI = "git://github.com/linux-audit/audit-userspace.git;branch=2.8_maintenance;protocol=https" SRCREV = "5fae55c1ad15b3cefe6890eba7311af163e9133c" +SRC_URI += " \ + file://0001-Make-IPX-packet-interpretation-dependent-on-the-ipx-header.patch \ + file://0002-ausearch-common.patch \ +" + S = "${WORKDIR}/git" -DEPENDS = "openldap tcp-wrappers coreutils-native python" +DEPENDS = "openldap tcp-wrappers coreutils-native python3" -RDEPENDS_${PN} += "bash" +RDEPENDS:${PN} += "bash" EXTRA_OECONF = "--with-python=no \ --with-libwrap \ @@ -20,10 +27,10 @@ EXTRA_OECONF = "--with-python=no \ inherit autotools -do_install_append() { +do_install:append() { install -m 644 ${S}/lib/private.h ${D}${includedir} install -m 644 ${S}/lib/dso.h ${D}${includedir} } -FILES_${PN} += "/usr/lib/systemd/system/auditd.service" -FILES_${PN}-dev += "lib/private.h lib/dso.h" +FILES:${PN} += "/usr/lib/systemd/system/auditd.service" +FILES:${PN}-dev += "lib/private.h lib/dso.h" diff --git a/recipes-devtools/nlohmann-json/nlohmann-json_3.7.3.bb b/recipes-devtools/nlohmann-json/nlohmann-json_3.7.3.bb index 5fb54a2..724ffc0 100644 --- a/recipes-devtools/nlohmann-json/nlohmann-json_3.7.3.bb +++ b/recipes-devtools/nlohmann-json/nlohmann-json_3.7.3.bb @@ -18,12 +18,12 @@ EXTRA_OECMAKE += "-DJSON_BuildTests=OFF" # nlohmann-json is a header only C++ library, so the main package will be empty. -RDEPENDS_${PN}-dev = "" +RDEPENDS:${PN}-dev = "" BBCLASSEXTEND = "native nativesdk" # other packages commonly reference the file directly as "json.hpp" # create symlink to allow this usage -do_install_append() { +do_install:append() { ln -s nlohmann/json.hpp ${D}${includedir}/json.hpp } diff --git a/recipes-scanners/wazuh/wazuh-agent_4.7.0.bb b/recipes-scanners/wazuh/wazuh-agent_4.7.0.bb index 684b181..115d30d 100644 --- a/recipes-scanners/wazuh/wazuh-agent_4.7.0.bb +++ b/recipes-scanners/wazuh/wazuh-agent_4.7.0.bb @@ -5,7 +5,7 @@ SUMMARY = "The agent runs on the host you want to monitor and communicates with MAINTAINER = "Vincent BENOIT " LIC_FILES_CHKSUM = "file://LICENSE;md5=i522ae3a9266aa0b86a5f314c85dbb560" LICENSE = "CLOSED" -FILESEXTRAPATHS_prepend := "${THISDIR}/files:" +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" DEPENDS = "curl-native \ audit-userspace \ @@ -35,7 +35,7 @@ DEPENDS = "curl-native \ wazuh-users \ " -RDEPENDS_${PN} += "wazuh-users" +RDEPENDS:${PN} += "wazuh-users" inherit systemd @@ -53,7 +53,7 @@ PV = "4.7.0" S = "${WORKDIR}/git" SYSTEMD_AUTO_ENABLE = "enable" -SYSTEMD_SERVICE_${PN} = "wazuh-agent.service" +SYSTEMD_SERVICE:${PN} = "wazuh-agent.service" EXTRA_OEMAKE = ' \ CC="${CC}" \ @@ -191,7 +191,7 @@ do_install() { install -d -o wazuh -g wazuh ${D}/var/ossec/logs/wazuh } -FILES_${PN} += " \ +FILES:${PN} += " \ ${systemd_unitdir}/system/wazuh-agent.service \ /var/ossec/lib/libwazuhext.so \ /var/ossec/lib/libwazuhshared.so \ @@ -248,6 +248,6 @@ FILES_${PN} += " \ /var/ossec/logs/ossec.json \ " -INSANE_SKIP_${PN} = "ldflags" +INSANE_SKIP:${PN} = "ldflags already-stripped" #For dev packages only -INSANE_SKIP_${PN}-dev = "ldflags" +INSANE_SKIP:${PN}-dev = "ldflags already-stripped" diff --git a/recipes-scanners/wazuh/wazuh-users.bb b/recipes-scanners/wazuh/wazuh-users.bb index 27aedfe..693252e 100644 --- a/recipes-scanners/wazuh/wazuh-users.bb +++ b/recipes-scanners/wazuh/wazuh-users.bb @@ -13,11 +13,11 @@ inherit useradd USERADD_PACKAGES = "${PN}" -GROUPADD_PARAM_${PN} = "-g 987 --system wazuh;" +GROUPADD_PARAM:${PN} = "-g 987 --system wazuh;" # To change the password use something like this : "mkpasswd -m sha-512 p@ssw0rd -s 'seed'" # mkpasswd from 'whois' debian package -USERADD_PARAM_${PN} = "-u 1234 -g 987 --system --shell /bin/bash --password '\$6\$wazuhAgent\$Q/QdBOx6lTuY6Z0P8yTRYboRNil49oNOJOwG41H3.9YLnAMmuKG6qw8hwWuE7r/rdirrd9zhdHVFLJNpJK6Mn1' wazuh" +USERADD_PARAM:${PN} = "-u 1234 -g 987 --system --shell /bin/bash --password '\$6\$wazuhAgent\$Q/QdBOx6lTuY6Z0P8yTRYboRNil49oNOJOwG41H3.9YLnAMmuKG6qw8hwWuE7r/rdirrd9zhdHVFLJNpJK6Mn1' wazuh" # Specify whether to produce an output package even if it is empty -ALLOW_EMPTY_${PN} = "1" +ALLOW_EMPTY:${PN} = "1" diff --git a/recipes-support/sqlite/sqlite3.inc b/recipes-support/sqlite/sqlite3.inc index 4af1e09..bbd5496 100644 --- a/recipes-support/sqlite/sqlite3.inc +++ b/recipes-support/sqlite/sqlite3.inc @@ -44,26 +44,29 @@ EXTRA_OECONF = " \ --disable-static-shell \ " -CFLAGS_append = " -fPIC" +CFLAGS:append = " -fPIC" # pread() is in POSIX.1-2001 so any reasonable system must surely support it -CFLAGS_append = " -DUSE_PREAD" +CFLAGS:append = " -DUSE_PREAD" # Provide column meta-data API -CFLAGS_append = " -DSQLITE_ENABLE_COLUMN_METADATA" +CFLAGS:append = " -DSQLITE_ENABLE_COLUMN_METADATA" # Unless SQLITE_BYTEORDER is predefined, the code falls back to build time # huristics, which are not always correct -CFLAGS_append = " ${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', '-DSQLITE_BYTEORDER=1234', '-DSQLITE_BYTEORDER=4321', d)}" +CFLAGS:append = " ${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', '-DSQLITE_BYTEORDER=1234', '-DSQLITE_BYTEORDER=4321', d)}" PACKAGES = "lib${BPN} lib${BPN}-dev lib${BPN}-doc ${PN}-dbg lib${BPN}-staticdev ${PN}" -FILES_${PN} = "${bindir}/*" -FILES_lib${BPN} = "${libdir}/*.so.*" -FILES_lib${BPN}-dev = "${libdir}/*.la ${libdir}/*.so \ - ${libdir}/pkgconfig ${includedir}" -FILES_lib${BPN}-doc = "${docdir} ${mandir} ${infodir}" -FILES_lib${BPN}-staticdev = "${libdir}/lib*.a" +FILES:${PN} = "${bindir}/*" +FILES:lib${BPN} = "${libdir}/*.so.*" +FILES:lib${BPN}-dev = "${libdir}/*.la \ + ${libdir}/*.so \ + ${libdir}/pkgconfig \ + ${includedir}" + +FILES:lib${BPN}-doc = "${docdir} ${mandir} ${infodir}" +FILES:lib${BPN}-staticdev = "${libdir}/lib*.a" AUTO_LIBNAME_PKGS = "${MLPREFIX}lib${BPN}"