summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* layer.conf: update LAYERSERIES_COMPAT for dunfellMartin Jansa2020-03-275-5/+5
| | | | | Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: Add infopipe PACKAGECONFIGJonatan Pålsson2020-03-271-2/+3
| | | | | | | | | | | infopipe was previously on by default, so add it to the default PACKAGECONFIG. The systemd files are only installed when --with-infopipe is passed to configure, so conditionally add them to SYSTEMD_SERVICE. Signed-off-by: Jonatan Pålsson <jonatan.p@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: Add missing DEPENDS on janssonJonatan Pålsson2020-03-271-1/+1
| | | | | | | | | | | | | | | | | | | | When building with the curl PACKAGECONFIG, sssd will depend on the jansson library. Fixes the following error: | checking for JANSSON... no | checking jansson.h usability... no | checking jansson.h presence... no | checking for jansson.h... no | configure: error: | You must have the header file jansson.h installed to build sssd | with secrets and KCM responder. If you want to build sssd without these | responders then specify --without-secrets --without-kcm when running configure. Signed-off-by: Jonatan Pålsson <jonatan.p@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: Add missing files to SYSTEMD_SERVICEJonatan Pålsson2020-03-271-0/+2
| | | | | | | | | | | | | | | | These files are installed when the ssh or curl PACKAGECONFIGs are enabled. Fixes the following error: ERROR: sssd-1.16.4-r0 do_package: QA Issue: sssd: Files/directories were installed but not shipped in any package: /lib/systemd/system/sssd-kcm.socket /lib/systemd/system/sssd-kcm.service /lib/systemd/system/sssd-ssh.socket /lib/systemd/system/sssd-ssh.service Signed-off-by: Jonatan Pålsson <jonatan.p@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: Add sudo PACKAGECONFIGJonatan Pålsson2020-03-271-3/+3
| | | | | | | | | | | sudo was previously on by default, so add it to the default PACKAGECONFIG. The systemd files are only installed when --with-sudo is passed to configure, so conditionally add them to SYSTEMD_SERVICE. Signed-off-by: Jonatan Pålsson <jonatan.p@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: Add autofs PACKAGECONFIGJonatan Pålsson2020-03-271-3/+3
| | | | | | | | | | | autofs was previously on by default, so add it to the default PACKAGECONFIG. The systemd files are only installed when --with-autofs is passed to configure, so conditionally add them to SYSTEMD_SERVICE. Signed-off-by: Jonatan Pålsson <jonatan.p@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: Sort PACKAGECONFIG entriesJonatan Pålsson2020-03-271-9/+9
| | | | | Signed-off-by: Jonatan Pålsson <jonatan.p@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* buck-security: move to recipes-scannersArmin Kuster2020-03-271-0/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* checksecurity: move to recipes-scannersArmin Kuster2020-03-273-0/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* checksec: move to recipe-scannersArmin Kuster2020-03-271-0/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* clamav: move to recipes-scannersArmin Kuster2020-03-279-0/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* chkrootkit: add rootkit recipeArmin Kuster2020-03-271-0/+48
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* fail2ban: change hardcoded sysklogd to VIRTUAL-RUNTIME_base-utils-syslogArmin Kuster2020-03-271-2/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* lynis: add missing rdependsArmin Kuster2020-03-271-1/+1
| | | | | | add findutils Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap-daemon: add missing runtime dependenciesYi Zhao2020-03-271-1/+4
| | | | | | | | Add missing runtime dependencies otherwise /usr/bin/oscapd can not startup. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libseccomp: update to 2.4.3Armin Kuster2020-03-082-47/+1
| | | | | | dropped patch now included in update Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: python2 not supportedArmin Kuster2020-03-081-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* linux-yocto: update the bbappend to 5.xAndré Draszik2020-03-081-0/+0
| | | | | | | | | | | | | | | As linux-yocto upgraded to 5.x in oe-core, update the bbappend to 5.x to remove the warning ERROR: No recipes available for: .../meta-security/meta-tpm/recipes-kernel/linux/linux-yocto_4.%.bbappend This patch hasn't been verified any further than allowing bitbake to complete with a non-linux-yocto kernel. In particular options could be different, or new ones needed / desired. Signed-off-by: André Draszik <git@andred.net> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: DEPEND on nss if nothing else is chosenJonatan Pålsson2020-03-081-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | sssd will attempt to build against nss if no crypto is selected. If a bbappend sets PACKAGECONFIG = <list without nss or crypto>, the appropriate DEPEND is not established. Fixes the following configure error: ... snip ... | checking for NSS... configure: error: Package requirements (nss) were not met: | | No package 'nss' found | | Consider adjusting the PKG_CONFIG_PATH environment variable if you | installed software in a non-standard prefix. | | Alternatively, you may set the environment variables NSS_CFLAGS | and NSS_LIBS to avoid the need to call pkg-config. | See the pkg-config man page for more details. | | WARNING: exit code 1 from a shell command. Signed-off-by: Jonatan Pålsson <jonatan.p@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: Fix typo in PACKAGECONFIG. cyrpto -> cryptoJonatan Pålsson2020-03-081-1/+1
| | | | | Signed-off-by: Jonatan Pålsson <jonatan.p@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: Add PACKAGECONFIG for python2Jonatan Pålsson2020-03-081-0/+1
| | | | | | | | | | | | | | | | | Fixes the following build error: .. snip .. | checking for python2... no | checking for python3... (cached) python3.8 | configure: error: | The program python2 was not found in search path. | Please ensure that it is installed and its directory is included in the search | path. It is required for building python2 bindings. If you do not want to build | them please use argument --without-python2-bindings when running configure. | WARNING: exit code 1 from a shell command. Signed-off-by: Jonatan Pålsson <jonatan.p@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* README: Add meta-python to list of layer depsJonatan Pålsson2020-03-051-0/+5
| | | | | Signed-off-by: Jonatan Pålsson <jonatan.p@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libtpm: fix build issue over pod2manArmin Kuster2020-03-051-1/+1
| | | | | | | | | /bin/bash: pod2man: command not found | Makefile:585: recipe for target 'TPMLIB_CancelCommand.3' failed inherit perlnative to fix Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: fix for ldblibdir and systemd etcKai Kang2020-03-053-7/+62
| | | | | | | | | | | | | Fix sssd issue for ldblibdir, systemd, pam etc. * fix ldblibdir which is not calculated right for cross compile * create directory /var/log/sssd which is required by sssd daemon * disable building python2 binding * fix pam module path * update systemd configure options and service files Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* linux-yocto: update the bbappend to 5.xMingli Yu2020-03-051-0/+2
| | | | | | | | | | | | As linux-yocto upgraded to 5.x in oe-core, update the bbappend to 5.x to remove the warning: WARNING: No recipes available for: /buildarea/layers/meta-security/recipes-kernel/linux/linux-yocto_4.%.bbappend Signed-off-by: Mingli Yu <mingli.yu@windriver.com> [Droped 4.x part] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: pass the correct schema file path to openscap-nativeYi Zhao2020-03-051-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | There is a build error when using openscap-native sstate cache. Steps to reproduce: Create a new build project in build-1 directory. $ bitbake openscap-native Then remove the whole build directory only keep the sstate-cache directory as a sstate mirror. Create another new build project in build-2 directory. Set SSTATE_MIRRORS $ bitbake scap-security-guide Error message: OpenSCAP Error: Schema file 'xccdf/1.1/xccdf-schema.xsd' not found in path '/buildarea/build-1/tmp/work-shared/openscap/oscap-build-artifacts/usr/share/openscap/schemas' when trying to validate '/buildarea/build-2/tmp/work/core2-64-poky-linux/scap-security-guide/0.1.44+gitAUTOINC+5fdfdcb2e9-r0/git/build/jre/xccdf-unlinked-resolved.xml' [/buildarea/build-1/tmp/work/x86_64-linux/openscap-native/1.3.1+gitAUTOINC+4bbdb46ff6-r0/git/src/source/validate.c:104] The oscap command from openscap-native tries to find the schema files in build-1 directory since these paths are hardcoded when building openscap-native. We need to pass the correct schema/xslt/cpe paths to oscap to make sure it can find the files in right location. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* secuirty*-image: remove dead var and minor cleanupArmin Kuster2020-03-012-4/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* linux: drop the bbappend for linux v4.x seriesBartosz Golaszewski2020-03-011-2/+0
| | | | | | | | v4.19 LTS has been dropped in poky in favor of v5.4. Drop the bbappend from meta-security as right now the build fails. Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* clamav-native: missed bison fixArmin Kuster2020-03-011-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* README.md: update to new maintainerArmin Kuster2020-03-011-3/+13
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* layer.conf: add zeusArmin Kuster2020-03-011-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* isafw: fix to work against masterArmin Kuster2020-03-011-4/+4
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-security-isafw: import layer from IntelArmin Kuster2020-03-0123-0/+2550
| | | | | | take over layer Signed-off-by: Armin Kuster <akuster808@gmail.com>
* clamav: add bison-native to dependArmin Kuster2020-03-011-1/+1
| | | | | | | fixes build issue: clamav/0.101.5-r0/git/config/ylwrap: line 176: yacc: command not found Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apparmor: update to tipArmin Kuster2020-02-171-1/+1
| | | | | | fixes Python3.8 configure issues Signed-off-by: Armin Kuster <akuster808@gmail.com>
* google-authenticator-libpam: install module in pam locationArmin Kuster2020-02-161-1/+4
| | | | | | | pam_google_authenticator.so was being installed where pam could not find it. Move it where the rest of the pam modules site. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-fail2ban: add 2-3 conversion changesArmin Kuster2020-02-163-2/+2530
| | | | | | | Had to use the fail2ban-2.3 program to create py3 code Add it as a patch Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ibmswtpm2: update to 1563Armin Kuster2020-02-103-24/+53
| | | | | | | | | fix build issue [v2] Fix subject line Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-tss: update to 2.3.2Armin Kuster2020-02-101-9/+9
| | | | | | clean up reciped. drop git fetching Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-tcti-uefi: fix build issue for i386 machineArmin Kuster2020-02-104-12/+77
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-tools: update to 4.1.1Armin Kuster2020-02-102-14/+17
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* bastille: convert to py3Armin Kuster2020-02-101-2/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: fix xml parsing error when build remediation filesYi Zhao2020-02-093-1/+78
| | | | | | | | | | | | | | Backport 2 patches to fix the build error: Processing fix.text for: java_jre_configure_crypto_policy rule Unable to extract part of the fix.text after inclusion of remediation functions. Aborting.. jre/CMakeFiles/generate-internal-jre-bash-fixes.xml.dir/build.make:60: recipe for target 'jre/bash-fixes.xml' failed make[2]: *** [jre/bash-fixes.xml] Error 1 make[2]: *** Deleting file 'jre/bash-fixes.xml' Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ecryptfs-utils: search nspr header files in ${STAGING_INCDIR}/nspr directoryArmin Kuster2020-02-021-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* swtpm: fix configure errorArmin Kuster2020-02-011-0/+1
| | | | | | checking for whether to build with seccomp profile... configure: error: "Is libseccomp-devel installed? -- could not get cflags for libseccomp" Signed-off-by: Armin Kuster <akuster808@gmail.com>
* buck-security: fix rdebends and minor style cleanupArmin Kuster2020-01-281-34/+16
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* checksecurity: fix runtime issuesArmin Kuster2020-01-281-1/+1
| | | | | | add some missing perl modules Signed-off-by: Armin Kuster <akuster808@gmail.com>
* linux-yocto-dev: remove "+"Armin Kuster2020-01-281-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* google-authenticator-libpam: upgrade 1.07 -> 1.08Pierre-Jean Texier via Lists.Yoctoproject.Org2020-01-281-1/+1
| | | | | | | See changelog: https://github.com/google/google-authenticator-libpam/releases/tag/1.08 Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* samhain: fix build with new version attrYi Zhao2020-01-282-0/+74
| | | | | | | | | | | The attr/xattr.h has been removed from attr 2.4.48 with commit: http://git.savannah.nongnu.org/cgit/attr.git/commit/include?id=7921157890d07858d092f4003ca4c6bae9fd2c38 The xattr syscalls are provided by sys/xattr.h from glibc now. Remove the checking code to adapt it otherwise it would fail to build with selinux support. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-07-21 20:01:07 +0000