gitlab-ci: add support for dunfell

Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Armin Kuster <akuster808@gmail.com> 2020-10-15 09:20:11 -0700
committer: Armin Kuster <akuster808@gmail.com> 2020-10-15 09:20:11 -0700
commit: 6d6f7151f24470aabd83d2a08151f883c52a64ed (patch)
tree: 07c6fee46b856b74a42b0c05d40ea03d38fa08f7
parent: d4ec0d86b4d906bfeb9355e45926e0e0f84105da (diff)
download: meta-security-6d6f7151f24470aabd83d2a08151f883c52a64ed.tar.gz
27 files changed, 428 insertions, 0 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 0000000..50bfe4f
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,144 @@
+stages:
+  - build
+.build:
+  stage: build
+  image: crops/poky
+  before_script:
+    - echo "$ERR_REPORT_USERNAME" > ~/.oe-send-error
+    - echo "$ERR_REPORT_EMAIL" >> ~/.oe-send-error
+    - export PATH=~/.local/bin:$PATH
+    - wget https://bootstrap.pypa.io/get-pip.py
+    - python3 get-pip.py
+    - python3 -m pip install kas
+  after_script:
+    - cd $CI_PROJECT_DIR/poky
+    - . ./oe-init-build-env $CI_PROJECT_DIR/build
+    - for x in `ls $CI_PROJECT_DIR/build/tmp/log/error-report/ | grep error_report_`; do
+    - send-error-report -y tmp/log/error-report/$x
+    - done
+    - cd $CI_PROJECT_DIR
+    - rm -rf build
+    - $CI_PROJECT_DIR/scripts/ci-cleanup.sh
+  cache:
+    paths:
+      - layers
+qemux86:
+  extends: .build
+  script:
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 
+qemux86-64:
+  extends: .build
+  script:
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 
+qemuarm:
+  extends: .build
+  script:
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 
+qemuarm64:
+  extends: .build
+  script:
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 
+qemuppc:
+  extends: .build
+  script:
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 
+qemumips64:
+  extends: .build
+  script:
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 
+qemuriscv64:
+  extends: .build
+  script:
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 
+qemux86-64-tpm:
+  extends: .build
+  script:
+  - kas build --target security-tpm-image kas/$CI_JOB_NAME.yml 
+qemux86-64-tpm2:
+  extends: .build
+  script:
+  - kas build --target security-tpm2-image kas/$CI_JOB_NAME.yml 
+qemuarm64-tpm2:
+  extends: .build
+  script:
+  - kas build --target security-tpm2-image kas/$CI_JOB_NAME.yml 
+qemux86-ima:
+  extends: .build
+  script:
+  - kas build --target integrity-image-minimal kas/$CI_JOB_NAME.yml 
+qemux86-64-ima:
+  extends: .build
+  script:
+  - kas build --target integrity-image-minimal kas/$CI_JOB_NAME.yml 
+qemuarm64-ima:
+  extends: .build
+  script:
+  - kas build --target integrity-image-minimal kas/$CI_JOB_NAME.yml 
+qemux86-64-dm-verify:
+  extends: .build
+  script:
+  - kas build --target core-image-minimal kas/qemux86-64.yml 
+  - kas build --target dm-verity-image-initramfs kas/$CI_JOB_NAME.yml 
+qemuarm64-alt:
+  extends: .build
+  script:
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 
+qemuarm64-multi:
+  extends: .build
+  script:
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 
+qemumips64-alt:
+  extends: .build
+  script:
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 
+qemumips64-multi:
+  extends: .build
+  script:
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 
+qemux86-64-alt:
+  extends: .build
+  script:
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 
+qemux86-64-multi:
+  extends: .build
+  script:
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 
+qemux86-musl:
+  extends: .build
+  script:
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 
+qemuarm64-musl:
+  extends: .build
+  script:
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 
+qemux86-test:
+  extends: .build
+  allow_failure: true
+  script:
+  - kas build --target security-test-image kas/$CI_JOB_NAME.yml 
+  - kas build -c testimage --target security-test-image kas/$CI_JOB_NAME.yml 
diff --git a/kas/kas-security-alt.yml b/kas/kas-security-alt.yml
new file mode 100644
index 0000000..309acaa
--- /dev/null
+++ b/kas/kas-security-alt.yml
@@ -0,0 +1,8 @@
+header:
+    version: 9
+    includes: 
+        - kas-security-base.yml
+local_conf_header:
+  alt: |
+      DISTRO_FEATURES_append = " apparmor pam smack systemd"
diff --git a/kas/kas-security-base.yml b/kas/kas-security-base.yml
new file mode 100644
index 0000000..c9ca76f
--- /dev/null
+++ b/kas/kas-security-base.yml
@@ -0,0 +1,64 @@
+header:
+  version: 8
+distro: poky
+repos:
+  meta-security:
+    layers:
+      ../meta-security:
+      meta-tpm:
+      meta-integrity:
+      meta-security-compliance:
+  poky:
+    url: https://git.yoctoproject.org/git/poky
+    refspec: dunfell 
+    layers:
+      meta:
+      meta-poky:
+      meta-yocto-bsp:
+  meta-openembedded:
+    url: http://git.openembedded.org/meta-openembedded
+    refspec: dunfell
+    layers:
+      meta-oe:
+      meta-perl:
+      meta-python:
+      meta-networking:
+local_conf_header:
+  base: |
+    CONF_VERSION = "1"
+    SOURCE_MIRROR_URL = "http://downloads.yoctoproject.org/mirror/sources/"
+    SSTATE_MIRRORS = "file://.* http://sstate.yoctoproject.org/dev/PATH;downloadfilename=PATH \n"
+    SSTATE_DIR = "/home/srv/sstate/dunfell"
+    DL_DIR = "/home/srv/downloads/dunfell"
+    BB_HASHSERVE = "auto"
+    BB_SIGNATURE_HANDLER = "OEEquivHash"
+    INHERIT += "buildstats buildstats-summary buildhistory"
+    INHERIT += "report-error"
+    INHERIT += "testimage"
+    TEST_QEMUBOOT_TIMEOUT = "1500"
+    EXTRA_IMAGE_FEATURES ?= "debug-tweaks"
+    PACKAGE_CLASSES = "package_ipk"
+  diskmon: |
+    BB_DISKMON_DIRS = "\
+    STOPTASKS,${TMPDIR},1G,100K \
+    STOPTASKS,${DL_DIR},1G,100K \
+    STOPTASKS,${SSTATE_DIR},1G,100K \
+    STOPTASKS,/tmp,100M,100K \
+    ABORT,${TMPDIR},100M,1K \
+    ABORT,${DL_DIR},100M,1K \
+    ABORT,${SSTATE_DIR},100M,1K \
+    ABORT,/tmp,10M,1K"
+bblayers_conf_header:
+  base: |
+    POKY_BBLAYERS_CONF_VERSION = "2"
+    BBPATH = "${TOPDIR}"
+    BBFILES ?= ""
diff --git a/kas/kas-security-dm.yml b/kas/kas-security-dm.yml
new file mode 100644
index 0000000..7ce0e9d
--- /dev/null
+++ b/kas/kas-security-dm.yml
@@ -0,0 +1,13 @@
+header:
+    version: 9
+    includes: 
+        - kas-security-base.yml
+local_conf_header:
+    dm-verify: |
+        DM_VERITY_IMAGE = "core-image-minimal"
+        DM_VERITY_IMAGE_TYPE = "ext4"
+        IMAGE_CLASSES += "dm-verity-img"
+        INITRAMFS_IMAGE_BUNDLE = "1"
+        INITRAMFS_IMAGE = "dm-verity-image-initramfs"
diff --git a/kas/qemuarm.yml b/kas/qemuarm.yml
new file mode 100644
index 0000000..f51abac
--- /dev/null
+++ b/kas/qemuarm.yml
@@ -0,0 +1,6 @@
+header:
+  version: 8
+  includes:
+    - kas-security-base.yml
+machine: qemuarm
diff --git a/kas/qemuarm64-alt.yml b/kas/qemuarm64-alt.yml
new file mode 100644
index 0000000..48e688c
--- /dev/null
+++ b/kas/qemuarm64-alt.yml
@@ -0,0 +1,6 @@
+header:
+  version: 8
+  includes:
+    - kas-security-alt.yml
+machine: qemuarm64
diff --git a/kas/qemuarm64-ima.yml b/kas/qemuarm64-ima.yml
new file mode 100644
index 0000000..b478472
--- /dev/null
+++ b/kas/qemuarm64-ima.yml
@@ -0,0 +1,10 @@
+header:
+  version: 8
+  includes:
+    - kas-security-base.yml
+local_conf_header:
+  meta-security: |
+    DISTRO_FEATURES_append = " ima"
+machine: qemuarm64
diff --git a/kas/qemuarm64-multi.yml b/kas/qemuarm64-multi.yml
new file mode 100644
index 0000000..d79142c
--- /dev/null
+++ b/kas/qemuarm64-multi.yml
@@ -0,0 +1,12 @@
+header:
+  version: 8
+  includes:
+    - kas-security-base.yml
+local_conf_header:
+  multi: |
+    require conf/multilib.conf
+    MULTILIBS = "multilib:lib32"
+    DEFAULTTUNE_virtclass-multilib-lib32 = "armv7athf-neon"
+machine: qemuarm64
diff --git a/kas/qemuarm64-musl.yml b/kas/qemuarm64-musl.yml
new file mode 100644
index 0000000..b353eb4
--- /dev/null
+++ b/kas/qemuarm64-musl.yml
@@ -0,0 +1,10 @@
+header:
+  version: 8
+  includes:
+    - kas-security-base.yml
+local_conf_header:
+    musl: |
+        TCLIBC = "musl"
+machine: qemuarm64
diff --git a/kas/qemuarm64-tpm2.yml b/kas/qemuarm64-tpm2.yml
new file mode 100644
index 0000000..3a8d8fc
--- /dev/null
+++ b/kas/qemuarm64-tpm2.yml
@@ -0,0 +1,10 @@
+header:
+  version: 8
+  includes:
+    - kas-security-base.yml
+local_conf_header:
+  meta-security: |
+    DISTRO_FEATURES_append = " tpm2"
+machine: qemuarm64 
diff --git a/kas/qemuarm64.yml b/kas/qemuarm64.yml
new file mode 100644
index 0000000..a0c2d1a
--- /dev/null
+++ b/kas/qemuarm64.yml
@@ -0,0 +1,6 @@
+header:
+  version: 8
+  includes:
+    - kas-security-base.yml
+machine: qemuarm64
diff --git a/kas/qemumips64-alt.yml b/kas/qemumips64-alt.yml
new file mode 100644
index 0000000..923c213
--- /dev/null
+++ b/kas/qemumips64-alt.yml
@@ -0,0 +1,10 @@
+header:
+  version: 8
+  includes:
+    - kas-security-base.yml
+local_conf_header:
+  alt: |
+     DISTRO_FEATURES_append = " pam systmed"
+machine: qemumips64
diff --git a/kas/qemumips64-multi.yml b/kas/qemumips64-multi.yml
new file mode 100644
index 0000000..c8cf94b
--- /dev/null
+++ b/kas/qemumips64-multi.yml
@@ -0,0 +1,14 @@
+header:
+  version: 8
+  includes:
+    - kas-security-base.yml
+local_conf_header:
+  multi: |
+    require conf/multilib.conf
+    MULTILIBS = "multilib:lib64 multilib:lib32"
+    DEFAULTTUNE = "mips64-n32"
+    DEFAULTTUNE_virtclass-multilib-lib64 = "mips64"
+    DEFAULTTUNE_virtclass-multilib-lib32 = "mips32r2"
+machine: qemumips64
diff --git a/kas/qemumips64.yml b/kas/qemumips64.yml
new file mode 100644
index 0000000..64e52f7
--- /dev/null
+++ b/kas/qemumips64.yml
@@ -0,0 +1,6 @@
+header:
+  version: 8
+  includes:
+    - kas-security-base.yml
+machine: qemumips64
diff --git a/kas/qemuppc.yml b/kas/qemuppc.yml
new file mode 100644
index 0000000..3dad81c
--- /dev/null
+++ b/kas/qemuppc.yml
@@ -0,0 +1,6 @@
+header:
+  version: 8
+  includes:
+    - kas-security-base.yml
+machine: qemuppc
diff --git a/kas/qemuriscv64.yml b/kas/qemuriscv64.yml
new file mode 100644
index 0000000..e1b1e49
--- /dev/null
+++ b/kas/qemuriscv64.yml
@@ -0,0 +1,6 @@
+header:
+  version: 8
+  includes:
+    - kas-security-base.yml
+machine: qemuriscv64
diff --git a/kas/qemux86-64-alt.yml b/kas/qemux86-64-alt.yml
new file mode 100644
index 0000000..f0d6b27
--- /dev/null
+++ b/kas/qemux86-64-alt.yml
@@ -0,0 +1,6 @@
+header:
+  version: 8
+  includes:
+    - kas-security-alt.yml
+machine: qemux86-64
diff --git a/kas/qemux86-64-dm-verify.yml b/kas/qemux86-64-dm-verify.yml
new file mode 100644
index 0000000..1f26008
--- /dev/null
+++ b/kas/qemux86-64-dm-verify.yml
@@ -0,0 +1,6 @@
+header:
+  version: 8
+  includes:
+    - kas-security-dm.yml
+machine: qemux86-64
diff --git a/kas/qemux86-64-ima.yml b/kas/qemux86-64-ima.yml
new file mode 100644
index 0000000..e64931c
--- /dev/null
+++ b/kas/qemux86-64-ima.yml
@@ -0,0 +1,10 @@
+header:
+  version: 8
+  includes:
+    - kas-security-base.yml
+local_conf_header:
+  meta-security: |
+    DISTRO_FEATURES_append = " ima"
+machine: qemux86-64
diff --git a/kas/qemux86-64-multi.yml b/kas/qemux86-64-multi.yml
new file mode 100644
index 0000000..711ce28
--- /dev/null
+++ b/kas/qemux86-64-multi.yml
@@ -0,0 +1,12 @@
+header:
+  version: 8
+  includes:
+    - kas-security-base.yml
+local_conf_header:
+  multi: |
+    require conf/multilib.conf
+    MULTILIBS = "multilib:lib32"
+    DEFAULTTUNE_virtclass-multilib-lib32 = "x86"
+machine: qemux86-64
diff --git a/kas/qemux86-64-tpm.yml b/kas/qemux86-64-tpm.yml
new file mode 100644
index 0000000..565b423
--- /dev/null
+++ b/kas/qemux86-64-tpm.yml
@@ -0,0 +1,10 @@
+header:
+  version: 8
+  includes:
+    - kas-security-base.yml
+local_conf_header:
+  meta-security: |
+    DISTRO_FEATURES_append = " tpm"
+machine: qemux86-64
diff --git a/kas/qemux86-64-tpm2.yml b/kas/qemux86-64-tpm2.yml
new file mode 100644
index 0000000..a43693e
--- /dev/null
+++ b/kas/qemux86-64-tpm2.yml
@@ -0,0 +1,10 @@
+header:
+  version: 8
+  includes:
+    - kas-security-base.yml
+local_conf_header:
+  meta-security: |
+    DISTRO_FEATURES_append = " tpm2"
+machine: qemux86-64
diff --git a/kas/qemux86-64.yml b/kas/qemux86-64.yml
new file mode 100644
index 0000000..4ba2b66
--- /dev/null
+++ b/kas/qemux86-64.yml
@@ -0,0 +1,6 @@
+header:
+  version: 8
+  includes:
+    - kas-security-base.yml
+machine: qemux86-64
diff --git a/kas/qemux86-ima.yml b/kas/qemux86-ima.yml
new file mode 100644
index 0000000..6528ba6
--- /dev/null
+++ b/kas/qemux86-ima.yml
@@ -0,0 +1,10 @@
+header:
+  version: 8
+  includes:
+    - kas-security-base.yml
+local_conf_header:
+  meta-security: |
+    DISTRO_FEATURES_append = " ima"
+machine: qemux86
diff --git a/kas/qemux86-musl.yml b/kas/qemux86-musl.yml
new file mode 100644
index 0000000..61d9572
--- /dev/null
+++ b/kas/qemux86-musl.yml
@@ -0,0 +1,10 @@
+header:
+  version: 8
+  includes:
+    - kas-security-base.yml
+local_conf_header:
+    musl: |
+        TCLIBC = "musl"
+machine: qemux86
diff --git a/kas/qemux86-test.yml b/kas/qemux86-test.yml
new file mode 100644
index 0000000..7b5f451
--- /dev/null
+++ b/kas/qemux86-test.yml
@@ -0,0 +1,11 @@
+header:
+  version: 8
+  includes:
+    - kas-security-base.yml
+local_conf_header:
+  meta-security: |
+      DISTRO_FEATURES_append = " apparmor smack pam"
+machine: qemux86
diff --git a/kas/qemux86.yml b/kas/qemux86.yml
new file mode 100644
index 0000000..83a5353
--- /dev/null
+++ b/kas/qemux86.yml
@@ -0,0 +1,6 @@
+header:
+  version: 8
+  includes:
+    - kas-security-base.yml
+machine: qemux86
author	Armin Kuster <akuster808@gmail.com>	2020-10-15 09:20:11 -0700
committer	Armin Kuster <akuster808@gmail.com>	2020-10-15 09:20:11 -0700
commit	6d6f7151f24470aabd83d2a08151f883c52a64ed (patch)
tree	07c6fee46b856b74a42b0c05d40ea03d38fa08f7
parent	d4ec0d86b4d906bfeb9355e45926e0e0f84105da (diff)
download	meta-security-6d6f7151f24470aabd83d2a08151f883c52a64ed.tar.gz

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..50bfe4f --- /dev/null +++ b/.gitlab-ci.yml
@@ -0,0 +1,144 @@
	1	stages:
	2	- build
	3
	4	.build:
	5	stage: build
	6	image: crops/poky
	7	before_script:
	8	- echo "$ERR_REPORT_USERNAME" > ~/.oe-send-error
	9	- echo "$ERR_REPORT_EMAIL" >> ~/.oe-send-error
	10	- export PATH=~/.local/bin:$PATH
	11	- wget https://bootstrap.pypa.io/get-pip.py
	12	- python3 get-pip.py
	13	- python3 -m pip install kas
	14	after_script:
	15	- cd $CI_PROJECT_DIR/poky
	16	- . ./oe-init-build-env $CI_PROJECT_DIR/build
	17	- for x in `ls $CI_PROJECT_DIR/build/tmp/log/error-report/ \| grep error_report_`; do
	18	- send-error-report -y tmp/log/error-report/$x
	19	- done
	20	- cd $CI_PROJECT_DIR
	21	- rm -rf build
	22	- $CI_PROJECT_DIR/scripts/ci-cleanup.sh
	23	cache:
	24	paths:
	25	- layers
	26
	27	qemux86:
	28	extends: .build
	29	script:
	30	- kas build --target security-build-image kas/$CI_JOB_NAME.yml
	31
	32	qemux86-64:
	33	extends: .build
	34	script:
	35	- kas build --target security-build-image kas/$CI_JOB_NAME.yml
	36
	37	qemuarm:
	38	extends: .build
	39	script:
	40	- kas build --target security-build-image kas/$CI_JOB_NAME.yml
	41
	42	qemuarm64:
	43	extends: .build
	44	script:
	45	- kas build --target security-build-image kas/$CI_JOB_NAME.yml
	46
	47	qemuppc:
	48	extends: .build
	49	script:
	50	- kas build --target security-build-image kas/$CI_JOB_NAME.yml
	51
	52	qemumips64:
	53	extends: .build
	54	script:
	55	- kas build --target security-build-image kas/$CI_JOB_NAME.yml
	56
	57	qemuriscv64:
	58	extends: .build
	59	script:
	60	- kas build --target security-build-image kas/$CI_JOB_NAME.yml
	61
	62	qemux86-64-tpm:
	63	extends: .build
	64	script:
	65	- kas build --target security-tpm-image kas/$CI_JOB_NAME.yml
	66
	67	qemux86-64-tpm2:
	68	extends: .build
	69	script:
	70	- kas build --target security-tpm2-image kas/$CI_JOB_NAME.yml
	71
	72	qemuarm64-tpm2:
	73	extends: .build
	74	script:
	75	- kas build --target security-tpm2-image kas/$CI_JOB_NAME.yml
	76
	77	qemux86-ima:
	78	extends: .build
	79	script:
	80	- kas build --target integrity-image-minimal kas/$CI_JOB_NAME.yml
	81
	82	qemux86-64-ima:
	83	extends: .build
	84	script:
	85	- kas build --target integrity-image-minimal kas/$CI_JOB_NAME.yml
	86
	87	qemuarm64-ima:
	88	extends: .build
	89	script:
	90	- kas build --target integrity-image-minimal kas/$CI_JOB_NAME.yml
	91
	92	qemux86-64-dm-verify:
	93	extends: .build
	94	script:
	95	- kas build --target core-image-minimal kas/qemux86-64.yml
	96	- kas build --target dm-verity-image-initramfs kas/$CI_JOB_NAME.yml
	97
	98
	99	qemuarm64-alt:
	100	extends: .build
	101	script:
	102	- kas build --target security-build-image kas/$CI_JOB_NAME.yml
	103
	104	qemuarm64-multi:
	105	extends: .build
	106	script:
	107	- kas build --target security-build-image kas/$CI_JOB_NAME.yml
	108
	109	qemumips64-alt:
	110	extends: .build
	111	script:
	112	- kas build --target security-build-image kas/$CI_JOB_NAME.yml
	113
	114	qemumips64-multi:
	115	extends: .build
	116	script:
	117	- kas build --target security-build-image kas/$CI_JOB_NAME.yml
	118
	119	qemux86-64-alt:
	120	extends: .build
	121	script:
	122	- kas build --target security-build-image kas/$CI_JOB_NAME.yml
	123
	124	qemux86-64-multi:
	125	extends: .build
	126	script:
	127	- kas build --target security-build-image kas/$CI_JOB_NAME.yml
	128
	129	qemux86-musl:
	130	extends: .build
	131	script:
	132	- kas build --target security-build-image kas/$CI_JOB_NAME.yml
	133
	134	qemuarm64-musl:
	135	extends: .build
	136	script:
	137	- kas build --target security-build-image kas/$CI_JOB_NAME.yml
	138
	139	qemux86-test:
	140	extends: .build
	141	allow_failure: true
	142	script:
	143	- kas build --target security-test-image kas/$CI_JOB_NAME.yml
	144	- kas build -c testimage --target security-test-image kas/$CI_JOB_NAME.yml


diff --git a/kas/kas-security-alt.yml b/kas/kas-security-alt.yml new file mode 100644 index 0000000..309acaa --- /dev/null +++ b/kas/kas-security-alt.yml
@@ -0,0 +1,8 @@
	1	header:
	2	version: 9
	3	includes:
	4	- kas-security-base.yml
	5
	6	local_conf_header:
	7	alt: \|
	8	DISTRO_FEATURES_append = " apparmor pam smack systemd"


diff --git a/kas/kas-security-base.yml b/kas/kas-security-base.yml new file mode 100644 index 0000000..c9ca76f --- /dev/null +++ b/kas/kas-security-base.yml
@@ -0,0 +1,64 @@
	1	header:
	2	version: 8
	3
	4	distro: poky
	5
	6	repos:
	7	meta-security:
	8	layers:
	9	../meta-security:
	10	meta-tpm:
	11	meta-integrity:
	12	meta-security-compliance:
	13
	14	poky:
	15	url: https://git.yoctoproject.org/git/poky
	16	refspec: dunfell
	17	layers:
	18	meta:
	19	meta-poky:
	20	meta-yocto-bsp:
	21
	22	meta-openembedded:
	23	url: http://git.openembedded.org/meta-openembedded
	24	refspec: dunfell
	25	layers:
	26	meta-oe:
	27	meta-perl:
	28	meta-python:
	29	meta-networking:
	30
	31	local_conf_header:
	32	base: \|
	33	CONF_VERSION = "1"
	34	SOURCE_MIRROR_URL = "http://downloads.yoctoproject.org/mirror/sources/"
	35	SSTATE_MIRRORS = "file://.* http://sstate.yoctoproject.org/dev/PATH;downloadfilename=PATH \n"
	36	SSTATE_DIR = "/home/srv/sstate/dunfell"
	37	DL_DIR = "/home/srv/downloads/dunfell"
	38	BB_HASHSERVE = "auto"
	39	BB_SIGNATURE_HANDLER = "OEEquivHash"
	40	INHERIT += "buildstats buildstats-summary buildhistory"
	41	INHERIT += "report-error"
	42	INHERIT += "testimage"
	43	TEST_QEMUBOOT_TIMEOUT = "1500"
	44	EXTRA_IMAGE_FEATURES ?= "debug-tweaks"
	45	PACKAGE_CLASSES = "package_ipk"
	46
	47
	48	diskmon: \|
	49	BB_DISKMON_DIRS = "\
	50	STOPTASKS,${TMPDIR},1G,100K \
	51	STOPTASKS,${DL_DIR},1G,100K \
	52	STOPTASKS,${SSTATE_DIR},1G,100K \
	53	STOPTASKS,/tmp,100M,100K \
	54	ABORT,${TMPDIR},100M,1K \
	55	ABORT,${DL_DIR},100M,1K \
	56	ABORT,${SSTATE_DIR},100M,1K \
	57	ABORT,/tmp,10M,1K"
	58
	59	bblayers_conf_header:
	60	base: \|
	61	POKY_BBLAYERS_CONF_VERSION = "2"
	62	BBPATH = "${TOPDIR}"
	63	BBFILES ?= ""
	64


diff --git a/kas/kas-security-dm.yml b/kas/kas-security-dm.yml new file mode 100644 index 0000000..7ce0e9d --- /dev/null +++ b/kas/kas-security-dm.yml
@@ -0,0 +1,13 @@
	1	header:
	2	version: 9
	3	includes:
	4	- kas-security-base.yml
	5
	6	local_conf_header:
	7	dm-verify: \|
	8	DM_VERITY_IMAGE = "core-image-minimal"
	9	DM_VERITY_IMAGE_TYPE = "ext4"
	10	IMAGE_CLASSES += "dm-verity-img"
	11	INITRAMFS_IMAGE_BUNDLE = "1"
	12	INITRAMFS_IMAGE = "dm-verity-image-initramfs"
	13


diff --git a/kas/qemuarm.yml b/kas/qemuarm.yml new file mode 100644 index 0000000..f51abac --- /dev/null +++ b/kas/qemuarm.yml
@@ -0,0 +1,6 @@
	1	header:
	2	version: 8
	3	includes:
	4	- kas-security-base.yml
	5
	6	machine: qemuarm


diff --git a/kas/qemuarm64-alt.yml b/kas/qemuarm64-alt.yml new file mode 100644 index 0000000..48e688c --- /dev/null +++ b/kas/qemuarm64-alt.yml
@@ -0,0 +1,6 @@
	1	header:
	2	version: 8
	3	includes:
	4	- kas-security-alt.yml
	5
	6	machine: qemuarm64


diff --git a/kas/qemuarm64-ima.yml b/kas/qemuarm64-ima.yml new file mode 100644 index 0000000..b478472 --- /dev/null +++ b/kas/qemuarm64-ima.yml
@@ -0,0 +1,10 @@
	1	header:
	2	version: 8
	3	includes:
	4	- kas-security-base.yml
	5
	6	local_conf_header:
	7	meta-security: \|
	8	DISTRO_FEATURES_append = " ima"
	9
	10	machine: qemuarm64


diff --git a/kas/qemuarm64-multi.yml b/kas/qemuarm64-multi.yml new file mode 100644 index 0000000..d79142c --- /dev/null +++ b/kas/qemuarm64-multi.yml
@@ -0,0 +1,12 @@
	1	header:
	2	version: 8
	3	includes:
	4	- kas-security-base.yml
	5
	6	local_conf_header:
	7	multi: \|
	8	require conf/multilib.conf
	9	MULTILIBS = "multilib:lib32"
	10	DEFAULTTUNE_virtclass-multilib-lib32 = "armv7athf-neon"
	11
	12	machine: qemuarm64


diff --git a/kas/qemuarm64-musl.yml b/kas/qemuarm64-musl.yml new file mode 100644 index 0000000..b353eb4 --- /dev/null +++ b/kas/qemuarm64-musl.yml
@@ -0,0 +1,10 @@
	1	header:
	2	version: 8
	3	includes:
	4	- kas-security-base.yml
	5
	6	local_conf_header:
	7	musl: \|
	8	TCLIBC = "musl"
	9
	10	machine: qemuarm64


diff --git a/kas/qemuarm64-tpm2.yml b/kas/qemuarm64-tpm2.yml new file mode 100644 index 0000000..3a8d8fc --- /dev/null +++ b/kas/qemuarm64-tpm2.yml
@@ -0,0 +1,10 @@
	1	header:
	2	version: 8
	3	includes:
	4	- kas-security-base.yml
	5
	6	local_conf_header:
	7	meta-security: \|
	8	DISTRO_FEATURES_append = " tpm2"
	9
	10	machine: qemuarm64


diff --git a/kas/qemuarm64.yml b/kas/qemuarm64.yml new file mode 100644 index 0000000..a0c2d1a --- /dev/null +++ b/kas/qemuarm64.yml
@@ -0,0 +1,6 @@
	1	header:
	2	version: 8
	3	includes:
	4	- kas-security-base.yml
	5
	6	machine: qemuarm64


diff --git a/kas/qemumips64-alt.yml b/kas/qemumips64-alt.yml new file mode 100644 index 0000000..923c213 --- /dev/null +++ b/kas/qemumips64-alt.yml
@@ -0,0 +1,10 @@
	1	header:
	2	version: 8
	3	includes:
	4	- kas-security-base.yml
	5
	6	local_conf_header:
	7	alt: \|
	8	DISTRO_FEATURES_append = " pam systmed"
	9
	10	machine: qemumips64


diff --git a/kas/qemumips64-multi.yml b/kas/qemumips64-multi.yml new file mode 100644 index 0000000..c8cf94b --- /dev/null +++ b/kas/qemumips64-multi.yml
@@ -0,0 +1,14 @@
	1	header:
	2	version: 8
	3	includes:
	4	- kas-security-base.yml
	5
	6	local_conf_header:
	7	multi: \|
	8	require conf/multilib.conf
	9	MULTILIBS = "multilib:lib64 multilib:lib32"
	10	DEFAULTTUNE = "mips64-n32"
	11	DEFAULTTUNE_virtclass-multilib-lib64 = "mips64"
	12	DEFAULTTUNE_virtclass-multilib-lib32 = "mips32r2"
	13
	14	machine: qemumips64


diff --git a/kas/qemumips64.yml b/kas/qemumips64.yml new file mode 100644 index 0000000..64e52f7 --- /dev/null +++ b/kas/qemumips64.yml
@@ -0,0 +1,6 @@
	1	header:
	2	version: 8
	3	includes:
	4	- kas-security-base.yml
	5
	6	machine: qemumips64


diff --git a/kas/qemuppc.yml b/kas/qemuppc.yml new file mode 100644 index 0000000..3dad81c --- /dev/null +++ b/kas/qemuppc.yml
@@ -0,0 +1,6 @@
	1	header:
	2	version: 8
	3	includes:
	4	- kas-security-base.yml
	5
	6	machine: qemuppc


diff --git a/kas/qemuriscv64.yml b/kas/qemuriscv64.yml new file mode 100644 index 0000000..e1b1e49 --- /dev/null +++ b/kas/qemuriscv64.yml
@@ -0,0 +1,6 @@
	1	header:
	2	version: 8
	3	includes:
	4	- kas-security-base.yml
	5
	6	machine: qemuriscv64


diff --git a/kas/qemux86-64-alt.yml b/kas/qemux86-64-alt.yml new file mode 100644 index 0000000..f0d6b27 --- /dev/null +++ b/kas/qemux86-64-alt.yml
@@ -0,0 +1,6 @@
	1	header:
	2	version: 8
	3	includes:
	4	- kas-security-alt.yml
	5
	6	machine: qemux86-64


diff --git a/kas/qemux86-64-dm-verify.yml b/kas/qemux86-64-dm-verify.yml new file mode 100644 index 0000000..1f26008 --- /dev/null +++ b/kas/qemux86-64-dm-verify.yml
@@ -0,0 +1,6 @@
	1	header:
	2	version: 8
	3	includes:
	4	- kas-security-dm.yml
	5
	6	machine: qemux86-64


diff --git a/kas/qemux86-64-ima.yml b/kas/qemux86-64-ima.yml new file mode 100644 index 0000000..e64931c --- /dev/null +++ b/kas/qemux86-64-ima.yml
@@ -0,0 +1,10 @@
	1	header:
	2	version: 8
	3	includes:
	4	- kas-security-base.yml
	5
	6	local_conf_header:
	7	meta-security: \|
	8	DISTRO_FEATURES_append = " ima"
	9
	10	machine: qemux86-64


diff --git a/kas/qemux86-64-multi.yml b/kas/qemux86-64-multi.yml new file mode 100644 index 0000000..711ce28 --- /dev/null +++ b/kas/qemux86-64-multi.yml
@@ -0,0 +1,12 @@
	1	header:
	2	version: 8
	3	includes:
	4	- kas-security-base.yml
	5
	6	local_conf_header:
	7	multi: \|
	8	require conf/multilib.conf
	9	MULTILIBS = "multilib:lib32"
	10	DEFAULTTUNE_virtclass-multilib-lib32 = "x86"
	11
	12	machine: qemux86-64


diff --git a/kas/qemux86-64-tpm.yml b/kas/qemux86-64-tpm.yml new file mode 100644 index 0000000..565b423 --- /dev/null +++ b/kas/qemux86-64-tpm.yml
@@ -0,0 +1,10 @@
	1	header:
	2	version: 8
	3	includes:
	4	- kas-security-base.yml
	5
	6	local_conf_header:
	7	meta-security: \|
	8	DISTRO_FEATURES_append = " tpm"
	9
	10	machine: qemux86-64


diff --git a/kas/qemux86-64-tpm2.yml b/kas/qemux86-64-tpm2.yml new file mode 100644 index 0000000..a43693e --- /dev/null +++ b/kas/qemux86-64-tpm2.yml
@@ -0,0 +1,10 @@
	1	header:
	2	version: 8
	3	includes:
	4	- kas-security-base.yml
	5
	6	local_conf_header:
	7	meta-security: \|
	8	DISTRO_FEATURES_append = " tpm2"
	9
	10	machine: qemux86-64


diff --git a/kas/qemux86-64.yml b/kas/qemux86-64.yml new file mode 100644 index 0000000..4ba2b66 --- /dev/null +++ b/kas/qemux86-64.yml
@@ -0,0 +1,6 @@
	1	header:
	2	version: 8
	3	includes:
	4	- kas-security-base.yml
	5
	6	machine: qemux86-64


diff --git a/kas/qemux86-ima.yml b/kas/qemux86-ima.yml new file mode 100644 index 0000000..6528ba6 --- /dev/null +++ b/kas/qemux86-ima.yml
@@ -0,0 +1,10 @@
	1	header:
	2	version: 8
	3	includes:
	4	- kas-security-base.yml
	5
	6	local_conf_header:
	7	meta-security: \|
	8	DISTRO_FEATURES_append = " ima"
	9
	10	machine: qemux86


diff --git a/kas/qemux86-musl.yml b/kas/qemux86-musl.yml new file mode 100644 index 0000000..61d9572 --- /dev/null +++ b/kas/qemux86-musl.yml
@@ -0,0 +1,10 @@
	1	header:
	2	version: 8
	3	includes:
	4	- kas-security-base.yml
	5
	6	local_conf_header:
	7	musl: \|
	8	TCLIBC = "musl"
	9
	10	machine: qemux86


diff --git a/kas/qemux86-test.yml b/kas/qemux86-test.yml new file mode 100644 index 0000000..7b5f451 --- /dev/null +++ b/kas/qemux86-test.yml
@@ -0,0 +1,11 @@
	1	header:
	2	version: 8
	3	includes:
	4	- kas-security-base.yml
	5
	6
	7	local_conf_header:
	8	meta-security: \|
	9	DISTRO_FEATURES_append = " apparmor smack pam"
	10
	11	machine: qemux86


diff --git a/kas/qemux86.yml b/kas/qemux86.yml new file mode 100644 index 0000000..83a5353 --- /dev/null +++ b/kas/qemux86.yml
@@ -0,0 +1,6 @@
	1	header:
	2	version: 8
	3	includes:
	4	- kas-security-base.yml
	5
	6	machine: qemux86