summaryrefslogtreecommitdiffstats
path: root/meta-integrity
Commit message (Collapse)AuthorAgeFilesLines
* encrypted-storage: use luks as the feature name for current implementationJia Zhang2017-08-201-3/+3
| | | | | | | | encrypted-storage layer will include more security features about encrypted storage so the term "encrypted-storage" won't be used to specify a dedicated technology term such as "LUKS". Signed-off-by: Jia Zhang <lans.zhang2008@gmail.com>
* signing-keys: fix gpg key import failure due to wrong option positionJia Zhang2017-08-201-2/+2
| | | | Signed-off-by: Jia Zhang <lans.zhang2008@gmail.com>
* signing-keys: clean upJia Zhang2017-08-201-3/+1
| | | | Signed-off-by: Jia Zhang <lans.zhang2008@gmail.com>
* sign_rpm_ext: define the location of default gpg keyring to TMPDIRJia Zhang2017-08-201-1/+1
| | | | Signed-off-by: Jia Zhang <lans.zhang2008@gmail.com>
* sign_rpm_ext: fix permission warningJia Zhang2017-08-201-1/+1
| | | | Signed-off-by: Jia Zhang <lans.zhang2008@gmail.com>
* signing-keys: fix gpg key import failureJia Zhang2017-08-201-2/+2
| | | | Signed-off-by: Jia Zhang <lans.zhang2008@gmail.com>
* sign_rpm_ext.bbclass: clean upJia Zhang2017-08-191-9/+1
| | | | Signed-off-by: Jia Zhang <lans.zhang2008@gmail.com>
* sign_rpm_ext: Fix the GPG_PATH directory not exist issue (#4)Guojian2017-08-191-8/+7
| | | | | | | | | | | | | | | If "GPG_PATH" is set in the init script, then "signing-keys" get_public_keys task will execute failed. So the "GPG_PATH" directory would be created when "GPG_PATH" is set. The do_get_public_keys failed to import gpg key error information is as following: ---------------------------------------------------------------------------------------- ERROR: signing-keys-1.0-r0 do_get_public_keys: Function failed: Failed to import gpg key (layers/meta-secure-core/meta-signing-key/files/rpm_keys/RPM-GPG-PRIVKEY-SecureCore): gpg: fatal: can't create directory `tmp/deploy/images/intel-corei7-64/.gnupg': No such file or directory Signed-off-by: Guojian Zhou <guojian.zhou@windriver.com>
* keyutils: Fix keyutils man7 files conflict with man-pages same name files (#3)Guojian2017-08-191-0/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The keyutils-doc package supply some same name man7 files with man-pages, it will cause the rpm package installation or upgrade failed. The keyutils-doc and man-pages rpm packages' transction check error information is as following: -------------------------------------------------------------------- Running transaction test Error: Transaction check error: file /usr/share/man/man7/keyrings.7 from install of keyutils-doc-1.5.9+git0+9209a0c8fd-r0.0.core2_64 conflicts with file from package man-pages-4.11-r0.0.core2_64 file /usr/share/man/man7/persistent-keyring.7 from install of keyutils-doc-1.5.9+git0+9209a0c8fd-r0.0.core2_64 conflicts with file from package man-pages-4.11-r0.0.core2_64 file /usr/share/man/man7/process-keyring.7 from install of keyutils-doc-1.5.9+git0+9209a0c8fd-r0.0.core2_64 conflicts with file from package man-pages-4.11-r0.0.core2_64 file /usr/share/man/man7/session-keyring.7 from install of keyutils-doc-1.5.9+git0+9209a0c8fd-r0.0.core2_64 conflicts with file from package man-pages-4.11-r0.0.core2_64 file /usr/share/man/man7/thread-keyring.7 from install of keyutils-doc-1.5.9+git0+9209a0c8fd-r0.0.core2_64 conflicts with file from package man-pages-4.11-r0.0.core2_64 file /usr/share/man/man7/user-keyring.7 from install of keyutils-doc-1.5.9+git0+9209a0c8fd-r0.0.core2_64 conflicts with file from package man-pages-4.11-r0.0.core2_64 file /usr/share/man/man7/user-session-keyring.7 from install of keyutils-doc-1.5.9+git0+9209a0c8fd-r0.0.core2_64 conflicts with file from package man-pages-4.11-r0.0.core2_64 Signed-off-by: Guojian Zhou <guojian.zhou@windriver.com>
* sign_rpm_ext.bbclass: use the default setting from meta-signing-keyJia Zhang2017-08-192-14/+3
| | | | Signed-off-by: Jia Zhang <lans.zhang2008@gmail.com>
* sign_rpm_ext: set default GPG_PATH if it is not specified (#2)yunguowei2017-08-191-0/+15
| | | | | | | | | | | commit 52bf3b6636f95a(meta-integrity: move gpg keyring initialization to signing-keys) tried to initialize keyring in the task check_public_keys of the recipe signing-keys. However, it does work with the recipe signing-keys only, and GPG_PATH can't be passed to other recipes. We bring the python anonymous function back, and it makes sure GPG_PATH is set before signing the packages for every recipe. Signed-off-by: Yunguo Wei <yunguo.wei@windriver.com>
* meta-integrity: move gpg keyring initialization to signing-keysJia Zhang2017-08-172-38/+37
| | | | Signed-off-by: Jia Zhang <lans.zhang2008@gmail.com>
* sign_rpm_ext: support RPM signingLans Zhang2017-08-171-6/+45
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* ima-evm-utils: support to build with openssl-1.1.xLans Zhang2017-08-162-0/+300
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* README.md: update reference linksLans Zhang2017-08-161-2/+2
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* meta-integrity/README.md: updateLans Zhang2017-08-161-12/+25
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* init.ima: clean up and allow to load extra IMA policies from the real rootfsLans Zhang2017-08-151-10/+18
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* ima_policy: update the commentLans Zhang2017-08-151-1/+2
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* meta-integrity/README.md: updateLans Zhang2017-08-151-15/+14
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* meta-integrity/README.md: updateLans Zhang2017-08-151-30/+38
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* systemd: fix the conditions of PACKAGECONFIG for ima and cryptsetupLans Zhang2017-08-041-1/+1
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* systemd: enable ima and cryptsetupLans Zhang2017-08-041-0/+4
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* rpm: remove PACKAGECONFIG[imaevm]Lans Zhang2017-07-281-1/+0
| | | | | | This setting is already merged to oe-core. Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* meta-secure-core: code style fixupLans Zhang2017-07-282-16/+19
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* IMA: move the default policy file to /etc/ima directoryLans Zhang2017-07-252-8/+10
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* IMA: allow to write policy but deny to read policyLans Zhang2017-07-201-1/+1
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* meta-secure-core: define the oe index nameLans Zhang2017-07-201-0/+2
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* sign_rpm_ext: remove the test linesLans Zhang2017-07-191-4/+0
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* IMA: enable RPM file signing if ima is configuredLans Zhang2017-07-191-1/+1
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* rpm: allow to enable IMA signingLans Zhang2017-07-1812-0/+805
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* Fix the occurrence of checking the existence of signing keysLans Zhang2017-07-121-5/+0
| | | | | | packagegroups are not the end consumers of using user-key-store. Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* packagegroup-efi-secure-boot/packagegroup-ima: depend on check_deploy_keysLans Zhang2017-07-111-0/+5
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* keyutils: fix build failure with ppcLans Zhang2017-07-112-29/+1
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* meta-integrity: enable sign_rpm_ext to support rpm and file signingLans Zhang2017-07-112-0/+22
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* base-file: mount securityfsLans Zhang2017-07-111-0/+1
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* IMA: clean up IMA signingLans Zhang2017-07-113-178/+3
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* Clean up RDEPENDSLans Zhang2017-07-051-1/+0
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* ima-policy: enable policy checkLans Zhang2017-07-041-0/+3
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* initrdscripts-ima: clean up code style and RDEPENDSLans Zhang2017-07-041-23/+20
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* init.ima: code style cleanupLans Zhang2017-07-041-14/+8
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* Code style fixupLans Zhang2017-07-043-7/+6
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* packagegroup-ima*: clean up the RDEPENDSLans Zhang2017-07-042-11/+5
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* meta-integrity: implement the system trusted cert and IMA trusted certLans Zhang2017-07-042-4/+9
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* Use the DER-formatted system trusted keyLans Zhang2017-07-031-3/+4
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* code style fixupLans Zhang2017-06-291-3/+5
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* IMA: refresh kernel cfgLans Zhang2017-06-267-23/+22
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* meta-secure-core: initial commitLans Zhang2017-06-2229-0/+1003
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-08-04 09:40:50 +0000