correction des différents bugs

2023-07-11 08:30:14 +00:00
parent faf0597483
commit 940ddd1b1f
10 changed files with 71 additions and 30 deletions
--- a/conf/distro/rpi-distro.conf
+++ b/conf/distro/rpi-distro.conf
@@ -34,7 +34,7 @@ CMDLINE_SERIAL = "console=tty1"
 SERIAL_CONSOLES = ""

 # Use systemd
-DISTRO_FEATURES += " systemd usbhost ipv4 pam format"
+DISTRO_FEATURES += " systemd usbhost ipv4 pam format security"
 VIRTUAL-RUNTIME_init_manager = "systemd"
 VIRTUAL_RUNTIME_login_manager = "shadow-base"
 VIRTUAL_RUNTIME_syslog = "rsyslog"
@@ -55,4 +55,4 @@ INHERIT += "rm_work"
 INHERIT += "extrausers"
 EXTRA_USERS_PARAMS += "usermod -p '\$6\$kineintercom\$CRdIWTleZDC7c/0pNVlDZy7K56fyf5PVsAGlx27GAY8UX/EjObgmxhMi3YOOs0uLj.da3jMdv.sKFngNFUqFz1' root;"

-RM_WORK_EXCLUDE += "wazuh"
+RM_WORK_EXCLUDE += "wazuh-agent"
--- a/conf/layer.conf
+++ b/conf/layer.conf
@@ -11,4 +11,4 @@ BBFILE_PRIORITY_cyber-scle = "11"

 #LAYERDEPENDS_cyber-scle = "meta-security"

-LAYERSERIES_COMPAT_cyber-scle = "zeus"
+LAYERSERIES_COMPAT_cyber-scle = "kirkstone"
--- a/recipes-core/images/arkens-image-cybersecurite.bbappend.old
+++ b/recipes-core/images/arkens-image-cybersecurite.bbappend.old
--- a/recipes-core/images/rpi-test-image.bb
+++ b/recipes-core/images/rpi-test-image.bb
@@ -0,0 +1,4 @@
+# Copyright (C) 2022 Vincent BENOIT <vincent.benoit@benserv.fr>
+# Release under the MIT license (see COPYING.MIT for the terms)
+SUMMARY = "RPI Test Image"
+include rpi-test-image.inc
--- a/recipes-core/images/rpi-test-image.inc
+++ b/recipes-core/images/rpi-test-image.inc
@@ -0,0 +1,27 @@
+SUMMARY = "Cyber Scle Image"
+PV = "1.0.0"
+
+inherit core-image
+
+EXTRA_IMAGE_FEATURES = ""
+GLIBC_GENERATE_LOCALES = "en_US.UTF-8 fr_FR.UTF-8"
+IMAGE_LINGUAS = "fr-fr"
+
+PROCESS_INSTALL = " \
+           lynis \
+                  "
+
+PYTHON_INSTALL = " \
+                 "
+
+IMAGE_INSTALL += " \
+          sudo \
+		  logrotate \
+		  rsyslog \
+		  iptables \
+		  procps \
+		  kbd-keymaps \
+		  vim \
+		  usbutils \
+		  ${PROCESS_INSTALL} \
+		 "
--- a/recipes-devtools/audit-userspace/audit-userspace_2.8.5.bb
+++ b/recipes-devtools/audit-userspace/audit-userspace_2.8.5.bb
@@ -1,16 +1,23 @@
 DESCRIPTION = "This is some background information about the Linux Auditing Framework"
 HOMEPAGE = "https://github.com/linux-audit/audit-userspace"
-LICENSE = "GPLv2"
+LICENSE = "GPLv2+"
 LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"

+FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
+
 SRC_URI = "git://github.com/linux-audit/audit-userspace.git;branch=2.8_maintenance;protocol=https"
 SRCREV = "5fae55c1ad15b3cefe6890eba7311af163e9133c"

+SRC_URI += " \
+             file://0001-Make-IPX-packet-interpretation-dependent-on-the-ipx-header.patch \
+             file://0002-ausearch-common.patch \
+"
+
 S = "${WORKDIR}/git"

-DEPENDS = "openldap tcp-wrappers coreutils-native python"
+DEPENDS = "openldap tcp-wrappers coreutils-native python3"

-RDEPENDS_${PN} += "bash"
+RDEPENDS:${PN} += "bash"

 EXTRA_OECONF = "--with-python=no \
                --with-libwrap \
@@ -20,10 +27,10 @@ EXTRA_OECONF = "--with-python=no \

 inherit autotools

-do_install_append() {
+do_install:append() {
 	install -m 644 ${S}/lib/private.h ${D}${includedir}
 	install -m 644 ${S}/lib/dso.h ${D}${includedir}
 }

-FILES_${PN} += "/usr/lib/systemd/system/auditd.service"
-FILES_${PN}-dev += "lib/private.h lib/dso.h"
+FILES:${PN} += "/usr/lib/systemd/system/auditd.service"
+FILES:${PN}-dev += "lib/private.h lib/dso.h"
--- a/recipes-devtools/nlohmann-json/nlohmann-json_3.7.3.bb
+++ b/recipes-devtools/nlohmann-json/nlohmann-json_3.7.3.bb
@@ -18,12 +18,12 @@ EXTRA_OECMAKE += "-DJSON_BuildTests=OFF"

 # nlohmann-json is a header only C++ library, so the main package will be empty.

-RDEPENDS_${PN}-dev = ""
+RDEPENDS:${PN}-dev = ""

 BBCLASSEXTEND = "native nativesdk"

 # other packages commonly reference the file directly as "json.hpp"
 # create symlink to allow this usage
-do_install_append() {
+do_install:append() {
    ln -s nlohmann/json.hpp ${D}${includedir}/json.hpp
 }
--- a/recipes-scanners/wazuh/wazuh-agent_4.7.0.bb
+++ b/recipes-scanners/wazuh/wazuh-agent_4.7.0.bb
@@ -5,7 +5,7 @@ SUMMARY = "The agent runs on the host you want to monitor and communicates with
 MAINTAINER = "Vincent BENOIT <vincent.benoit@benserv.fr>"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=i522ae3a9266aa0b86a5f314c85dbb560"
 LICENSE = "CLOSED"
-FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+FILESEXTRAPATHS:prepend := "${THISDIR}/files:"

 DEPENDS = "curl-native \
           audit-userspace \
@@ -35,7 +35,7 @@ DEPENDS = "curl-native \
           wazuh-users \
         "

-RDEPENDS_${PN} += "wazuh-users"
+RDEPENDS:${PN} += "wazuh-users"

 inherit systemd

@@ -53,7 +53,7 @@ PV = "4.7.0"
 S = "${WORKDIR}/git"

 SYSTEMD_AUTO_ENABLE = "enable"
-SYSTEMD_SERVICE_${PN} = "wazuh-agent.service"
+SYSTEMD_SERVICE:${PN} = "wazuh-agent.service"

 EXTRA_OEMAKE = ' \
                CC="${CC}" \
@@ -191,7 +191,7 @@ do_install() {
 	install -d -o wazuh -g wazuh ${D}/var/ossec/logs/wazuh
 }

-FILES_${PN} += " \
+FILES:${PN} += " \
                 ${systemd_unitdir}/system/wazuh-agent.service \
                 /var/ossec/lib/libwazuhext.so \
                 /var/ossec/lib/libwazuhshared.so \
@@ -248,6 +248,6 @@ FILES_${PN} += " \
                 /var/ossec/logs/ossec.json \
               "

-INSANE_SKIP_${PN} = "ldflags"
+INSANE_SKIP:${PN} = "ldflags already-stripped"
 #For dev packages only
-INSANE_SKIP_${PN}-dev = "ldflags"
+INSANE_SKIP:${PN}-dev = "ldflags already-stripped"
--- a/recipes-scanners/wazuh/wazuh-users.bb
+++ b/recipes-scanners/wazuh/wazuh-users.bb
@@ -13,11 +13,11 @@ inherit useradd

 USERADD_PACKAGES = "${PN}"

-GROUPADD_PARAM_${PN} = "-g 987 --system wazuh;"
+GROUPADD_PARAM:${PN} = "-g 987 --system wazuh;"

 # To change the password use something like this : "mkpasswd -m sha-512 p@ssw0rd -s 'seed'"
 # mkpasswd from 'whois' debian package
-USERADD_PARAM_${PN} = "-u 1234 -g 987 --system --shell /bin/bash --password '\$6\$wazuhAgent\$Q/QdBOx6lTuY6Z0P8yTRYboRNil49oNOJOwG41H3.9YLnAMmuKG6qw8hwWuE7r/rdirrd9zhdHVFLJNpJK6Mn1' wazuh"
+USERADD_PARAM:${PN} = "-u 1234 -g 987 --system --shell /bin/bash --password '\$6\$wazuhAgent\$Q/QdBOx6lTuY6Z0P8yTRYboRNil49oNOJOwG41H3.9YLnAMmuKG6qw8hwWuE7r/rdirrd9zhdHVFLJNpJK6Mn1' wazuh"

 # Specify whether to produce an output package even if it is empty
-ALLOW_EMPTY_${PN} = "1"
+ALLOW_EMPTY:${PN} = "1"
--- a/recipes-support/sqlite/sqlite3.inc
+++ b/recipes-support/sqlite/sqlite3.inc
@@ -44,26 +44,29 @@ EXTRA_OECONF = " \
    --disable-static-shell \
 "

-CFLAGS_append = " -fPIC"
+CFLAGS:append = " -fPIC"

 # pread() is in POSIX.1-2001 so any reasonable system must surely support it
-CFLAGS_append = " -DUSE_PREAD"
+CFLAGS:append = " -DUSE_PREAD"

 # Provide column meta-data API
-CFLAGS_append = " -DSQLITE_ENABLE_COLUMN_METADATA"
+CFLAGS:append = " -DSQLITE_ENABLE_COLUMN_METADATA"

 # Unless SQLITE_BYTEORDER is predefined, the code falls back to build time
 # huristics, which are not always correct
-CFLAGS_append = " ${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', '-DSQLITE_BYTEORDER=1234', '-DSQLITE_BYTEORDER=4321', d)}"
+CFLAGS:append = " ${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', '-DSQLITE_BYTEORDER=1234', '-DSQLITE_BYTEORDER=4321', d)}"

 PACKAGES = "lib${BPN} lib${BPN}-dev lib${BPN}-doc ${PN}-dbg lib${BPN}-staticdev ${PN}"

-FILES_${PN} = "${bindir}/*"
-FILES_lib${BPN} = "${libdir}/*.so.*"
-FILES_lib${BPN}-dev = "${libdir}/*.la ${libdir}/*.so \
-                       ${libdir}/pkgconfig ${includedir}"
-FILES_lib${BPN}-doc = "${docdir} ${mandir} ${infodir}"
-FILES_lib${BPN}-staticdev = "${libdir}/lib*.a"
+FILES:${PN} = "${bindir}/*"
+FILES:lib${BPN} = "${libdir}/*.so.*"
+FILES:lib${BPN}-dev = "${libdir}/*.la \
+                       ${libdir}/*.so \
+                       ${libdir}/pkgconfig \
+                       ${includedir}"
+
+FILES:lib${BPN}-doc = "${docdir} ${mandir} ${infodir}"
+FILES:lib${BPN}-staticdev = "${libdir}/lib*.a"

 AUTO_LIBNAME_PKGS = "${MLPREFIX}lib${BPN}"