summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* signing-keys: fix gpg key import failure due to wrong option positionJia Zhang2017-08-201-2/+2
| | | | Signed-off-by: Jia Zhang <lans.zhang2008@gmail.com>
* signing-keys: clean upJia Zhang2017-08-201-3/+1
| | | | Signed-off-by: Jia Zhang <lans.zhang2008@gmail.com>
* sign_rpm_ext: define the location of default gpg keyring to TMPDIRJia Zhang2017-08-201-1/+1
| | | | Signed-off-by: Jia Zhang <lans.zhang2008@gmail.com>
* sign_rpm_ext: fix permission warningJia Zhang2017-08-201-1/+1
| | | | Signed-off-by: Jia Zhang <lans.zhang2008@gmail.com>
* signing-keys: fix gpg key import failureJia Zhang2017-08-201-2/+2
| | | | Signed-off-by: Jia Zhang <lans.zhang2008@gmail.com>
* sign_rpm_ext.bbclass: clean upJia Zhang2017-08-191-9/+1
| | | | Signed-off-by: Jia Zhang <lans.zhang2008@gmail.com>
* sign_rpm_ext: Fix the GPG_PATH directory not exist issue (#4)Guojian2017-08-191-8/+7
| | | | | | | | | | | | | | | If "GPG_PATH" is set in the init script, then "signing-keys" get_public_keys task will execute failed. So the "GPG_PATH" directory would be created when "GPG_PATH" is set. The do_get_public_keys failed to import gpg key error information is as following: ---------------------------------------------------------------------------------------- ERROR: signing-keys-1.0-r0 do_get_public_keys: Function failed: Failed to import gpg key (layers/meta-secure-core/meta-signing-key/files/rpm_keys/RPM-GPG-PRIVKEY-SecureCore): gpg: fatal: can't create directory `tmp/deploy/images/intel-corei7-64/.gnupg': No such file or directory Signed-off-by: Guojian Zhou <guojian.zhou@windriver.com>
* keyutils: Fix keyutils man7 files conflict with man-pages same name files (#3)Guojian2017-08-191-0/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The keyutils-doc package supply some same name man7 files with man-pages, it will cause the rpm package installation or upgrade failed. The keyutils-doc and man-pages rpm packages' transction check error information is as following: -------------------------------------------------------------------- Running transaction test Error: Transaction check error: file /usr/share/man/man7/keyrings.7 from install of keyutils-doc-1.5.9+git0+9209a0c8fd-r0.0.core2_64 conflicts with file from package man-pages-4.11-r0.0.core2_64 file /usr/share/man/man7/persistent-keyring.7 from install of keyutils-doc-1.5.9+git0+9209a0c8fd-r0.0.core2_64 conflicts with file from package man-pages-4.11-r0.0.core2_64 file /usr/share/man/man7/process-keyring.7 from install of keyutils-doc-1.5.9+git0+9209a0c8fd-r0.0.core2_64 conflicts with file from package man-pages-4.11-r0.0.core2_64 file /usr/share/man/man7/session-keyring.7 from install of keyutils-doc-1.5.9+git0+9209a0c8fd-r0.0.core2_64 conflicts with file from package man-pages-4.11-r0.0.core2_64 file /usr/share/man/man7/thread-keyring.7 from install of keyutils-doc-1.5.9+git0+9209a0c8fd-r0.0.core2_64 conflicts with file from package man-pages-4.11-r0.0.core2_64 file /usr/share/man/man7/user-keyring.7 from install of keyutils-doc-1.5.9+git0+9209a0c8fd-r0.0.core2_64 conflicts with file from package man-pages-4.11-r0.0.core2_64 file /usr/share/man/man7/user-session-keyring.7 from install of keyutils-doc-1.5.9+git0+9209a0c8fd-r0.0.core2_64 conflicts with file from package man-pages-4.11-r0.0.core2_64 Signed-off-by: Guojian Zhou <guojian.zhou@windriver.com>
* sign_rpm_ext.bbclass: use the default setting from meta-signing-keyJia Zhang2017-08-193-16/+5
| | | | Signed-off-by: Jia Zhang <lans.zhang2008@gmail.com>
* sign_rpm_ext: set default GPG_PATH if it is not specified (#2)yunguowei2017-08-191-0/+15
| | | | | | | | | | | commit 52bf3b6636f95a(meta-integrity: move gpg keyring initialization to signing-keys) tried to initialize keyring in the task check_public_keys of the recipe signing-keys. However, it does work with the recipe signing-keys only, and GPG_PATH can't be passed to other recipes. We bring the python anonymous function back, and it makes sure GPG_PATH is set before signing the packages for every recipe. Signed-off-by: Yunguo Wei <yunguo.wei@windriver.com>
* grub-efi: remove the unused patchJia Zhang2017-08-181-30/+0
| | | | Signed-off-by: Jia Zhang <lans.zhang2008@gmail.com>
* meta-integrity: move gpg keyring initialization to signing-keysJia Zhang2017-08-172-38/+37
| | | | Signed-off-by: Jia Zhang <lans.zhang2008@gmail.com>
* efitools: fix searching openssl.cnf for target buildJia Zhang2017-08-171-2/+1
| | | | | | | Currently, OPENSSL_LIB is only used for locating openssl.cnf in order to work around openssl-1.1.x. Signed-off-by: Jia Zhang <lans.zhang2008@gmail.com>
* sign_rpm_ext: support RPM signingLans Zhang2017-08-174-8/+113
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* efitools: support to build with openssl-1.1.xLans Zhang2017-08-163-0/+78
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* ima-evm-utils: support to build with openssl-1.1.xLans Zhang2017-08-162-0/+300
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* cryptfs-tpm2: sync up with upstreamLans Zhang2017-08-161-1/+1
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* README.md: update reference linksLans Zhang2017-08-162-4/+4
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* meta-integrity/README.md: updateLans Zhang2017-08-161-12/+25
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* sbsigntool: fix build failure with openssl-1.0.xLans Zhang2017-08-162-9/+33
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* init.ima: clean up and allow to load extra IMA policies from the real rootfsLans Zhang2017-08-151-10/+18
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* ima_policy: update the commentLans Zhang2017-08-151-1/+2
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* meta-integrity/README.md: updateLans Zhang2017-08-151-15/+14
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* sbsigntool: update to support openssl-1.1.0Lans Zhang2017-08-153-0/+209
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* meta-integrity/README.md: updateLans Zhang2017-08-151-30/+38
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* meta-signing-key: clean up the default values of sample RPM signing keyLans Zhang2017-08-151-1/+2
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* meta-signing-key: renew the sample keys for UEFI Secure BootLans Zhang2017-08-146-127/+129
| | | | | | The DB and KEK now are self-signed. Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* create-user-key-store.sh: gpg key creation updatesLans Zhang2017-08-112-20/+34
| | | | | | | | - code style fixup - remove gen_rpm_keyring script - check gpg version Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* shim: refresh fallback patchsetLans Zhang2017-08-116-14/+294
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* init: don't explicitly set the LUKS partition nameLans Zhang2017-08-091-1/+1
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* cryptfs-tpm2: sync up with upstreamLans Zhang2017-08-091-1/+1
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* shim: sync up with upstreamLans Zhang2017-08-091-2/+2
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* systemd: work around circular dependency chains found if systemd is ↵Lans Zhang2017-08-091-4/+4
| | | | | | configured to enable cryptsetup Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* systemd: fix the conditions of PACKAGECONFIG for ima and cryptsetupLans Zhang2017-08-042-2/+2
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* systemd: enable ima and cryptsetupLans Zhang2017-08-042-0/+8
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* cryptsetup: depend on lvm2 to include dmsetupLans Zhang2017-08-041-0/+1
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* cryptfs-tpm2: fix RDEPENDSLans Zhang2017-08-041-5/+2
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* meta-encrypted-storage: depend on meta-oeLans Zhang2017-08-041-0/+1
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* kernel-initramfs: set the default priority to -1Lans Zhang2017-08-031-0/+2
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* shim: sync up with upstreamLans Zhang2017-08-032-8/+8
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* shim: don't set CSV boot entry as the first boot optionLans Zhang2017-08-012-0/+50
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* create-user-key-store.sh: self-sign KEK and DBLans Zhang2017-08-011-2/+2
| | | | | | | UEFI spec never ask for the fact that KEK must be signed by PK and DB must be signed by KEK. Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* README.md: simplify the commits for boot flowLans Zhang2017-07-311-5/+5
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* rpm: remove PACKAGECONFIG[imaevm]Lans Zhang2017-07-281-1/+0
| | | | | | This setting is already merged to oe-core. Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* meta-secure-core: code style fixupLans Zhang2017-07-287-24/+27
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* grub-efi: remove the depreciated replacement for initrd= parameterLans Zhang2017-07-281-7/+1
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* grub/boot-menu.inc: use linux and initrd commands instead of chainloader to ↵Lans Zhang2017-07-271-2/+4
| | | | | | | | boot kernel Since bzImage is not signed during the build. Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* tpm2.0-tss: remove systemd from inherit commandLans Zhang2017-07-271-1/+1
| | | | | | | The resource manager provided by this package is not used any more. Thus its systemd-related settings should be removed. Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* packagegroup-encrypted-storage.inc: add cryptfs-tpm2Lans Zhang2017-07-271-0/+4
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* initrdscripts-secure-core: install udevd and udevadm provided by either ↵Lans Zhang2017-07-261-3/+2
| | | | | | eudev or udev Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-08-04 09:02:16 +0000