summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* meta-security: add sanity checkArmin Kuster2021-06-063-0/+32
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-hardening/initscripts: missed overide.Armin Kuster2021-06-051-1/+1
| | | | | | Helps pass YCL. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libgssglue: update SRC_URIYi Zhao2021-06-051-3/+3
| | | | | | | | | | | | Update SRC_URI to use Debian mirror because the original site is unaccessible. Fixes do_fetch error: ERROR: libgssglue-0.4-r0 do_fetch: Fetcher failure for URL: 'http://www.citi.umich.edu/projects/nfsv4/linux/libgssglue/libgssglue-0.4.tar.gz'. Unable to fetch URL from any source. Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* Correct "securiyt" typo in maintainers.incRobert P. J. Day2021-06-051-1/+1
| | | | | Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: drop python3-scapyArmin Kuster2021-06-051-2/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-scapy: drop , now in meta-pythonArmin Kuster2021-06-052-34/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* initramfs-framework: fix YCL issue.Armin Kuster2021-06-052-16/+17
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* linux-%_5.%.bbappend: drop recipeArmin Kuster2021-06-051-4/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* busybox: drop as libsecomp is in coreArmin Kuster2021-06-053-5/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-tss: fix usrmerge udev install pathRicardo Salveti2021-06-051-2/+2
| | | | | | | | | | | Update ${base_prefix}/lib to ${nonarch_base_libdir} to fix a package QA issue when usrmerge is enabled in DISTRO_FEATURES. QA Issue: tpm2-tss package is not obeying usrmerge distro feature. /lib should be relocated to /usr. [usrmerge] Signed-off-by: Ricardo Salveti <ricardo@foundries.io> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: update to 2.5.0Armin Kuster2021-06-058-183/+89
| | | | | | | | | | | | Add new depends Drop obsolete patches Signed-off-by: Armin Kuster <akuster808@gmail.com> ---- v2] Fix issue with nsupdate check don't use host bind
* ossec-hids: musl not compatableArmin Kuster2021-06-051-0/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: exclude ossec-hids from muslArmin Kuster2021-06-051-0/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* lkrg-module: update 0.9.1Armin Kuster2021-06-051-2/+2
| | | | | | LIC_FILES_CHKSUM updated do to yr change and adding new copyrights Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-scapy: update to 2.4.5Armin Kuster2021-06-051-3/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* opendnssec: upgrade 2.1.8 -> 2.1.9Upgrade Helper2021-06-051-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* clamav: upgrade to latest revisionUpgrade Helper2021-06-051-2/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: add clamav-daemonArmin Kuster2021-05-161-2/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* clamav: fix systemd startupArmin Kuster2021-05-162-21/+48
| | | | | | cleanup recipe Signed-off-by: Armin Kuster <akuster808@gmail.com>
* .gitlab-ci: drop clean up combine alt w baseArmin Kuster2021-05-161-73/+4
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: add aide and ossecArmin Kuster2021-05-161-0/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* aide: Add another idsArmin Kuster2021-05-162-0/+135
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Apparmor: fix multi config build issue.Armin Kuster2021-05-161-1/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: fix typo for mipsArmin Kuster2021-05-161-2/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ibmtpm2tss: update to tipArmin Kuster2021-05-161-1/+3
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ibmswtpm2: update to 1661Armin Kuster2021-05-162-33/+4
| | | | | | Drop patch now included in updated Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: 4.1.x add UPSTREAM_CHECK_URIArmin Kuster2021-05-161-0/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-scapy: add UPSTREAM_CHECK_COMMITSArmin Kuster2021-05-161-0/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ossec-hids: add UPSTREAM_CHECK_COMMITSArmin Kuster2021-05-161-0/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* clamav: update to tip.Armin Kuster2021-05-161-1/+4
| | | | | | Add UPSTEAM_CHECK Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-pkcs11: Update to 1.6.0Armin Kuster2021-05-162-8/+314
| | | | | | | | Includes gcc11 fix. Added p11-kit Minor cleanup Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tripwire: Blacklist pkg, upstream seems abandondArmin Kuster2021-05-162-2/+2
| | | | | | | Last update was 2018. Does not build with gcc11. There are other actively maintained IDS options. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* build cleanup: add iam to base dependArmin Kuster2021-05-165-80/+120
| | | | | | | Drop *.ima.yml Try next Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libseccomp: drop recipe. In core nowArmin Kuster2021-04-262-51/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ossec-hids: add new pkgArmin Kuster2021-04-263-0/+449
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* kas-security-base: fix feature namespace for tpm*Armin Kuster2021-04-201-1/+2
| | | | | | They are MACHINE not DISTRO FEATURES Signed-off-by: Armin Kuster <akuster808@gmail.com>
* .gitlab-ci: use kas shell in some cases.Armin Kuster2021-04-201-5/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: exclude apparmor in mips64Armin Kuster2021-04-191-0/+3
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* kas: cleanup some kas filesArmin Kuster2021-04-192-10/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* gitlab-ci: add new before scriptArmin Kuster2021-04-191-11/+20
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* gitlab-ci: cleanup after_scriptArmin Kuster2021-04-191-36/+15
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* .gitlab-ci: work on pipelimeArmin Kuster2021-04-191-21/+76
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* gitlab-ci: move tpm buildArmin Kuster2021-04-191-11/+3
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* *-tpm.yml: drop tpms jobsArmin Kuster2021-04-193-30/+0
| | | | | | way too many jobs. TPM have there own images, use that Signed-off-by: Armin Kuster <akuster808@gmail.com>
* kas-security-base: Move some DISTRO_FEATURES aroundArmin Kuster2021-04-192-1/+2
| | | | | | Move FEATURES that affect kernel configuation to minimize rebuilds Signed-off-by: Armin Kuster <akuster808@gmail.com>
* gitlab-ci: Move all parsec builds into a separate jobAnton Antonov2021-04-171-5/+9
| | | | | Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* lkrg-module: Add Linux Kernel Runtime GuardArmin Kuster2021-04-142-0/+106
| | | | | | | | | | | | | | | | | | For more info see: https://github.com/openwall/lkrg Add to local.conf: IMAGE_INSTALL_append = " kernel-module-lkrg" Need these kconfig options enabled: CONFIG_KALLSYMS_ALL=y CONFIG_JUMP_LABEL=y CONFIG_DEBUG_KERNEL=y To invoke module: sudo insmod {path-to-modules}/p_lkrg.ko kint_enforce=1 Signed-off-by: Armin Kuster <akuster808@gmail.com>
* clamav: remove rest of mirror.dat refArmin Kuster2021-04-141-4/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Clearly define clang toolchain in Parsec recipesAnton Antonov2021-04-142-4/+3
| | | | | Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* gitlab-ci: fine tune orderArmin Kuster2021-04-141-6/+6
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>