summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* oeqa: update smack runtime testArmin Kuster2022-06-231-88/+15
| | | | | | drop test_smack_mmap_enforced as is was skipped do to possible licensing issues Signed-off-by: Armin Kuster <akuster808@gmail.com>
* smack-test: more py3 covertionArmin Kuster2022-06-232-11/+11
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* security-test-image: auto include layers if present.Armin Kuster2022-06-181-1/+10
| | | | | | | This is to simplify tesing to build one image and include pkgs depending on the layers included in the BBLAYERS. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: update to 2.7.1Armin Kuster2022-06-184-307/+24
| | | | | | | | | | | | | | drop CVE-2021-3621.patch refresh a few patches fixup configure-unsafe globally via sed in build.m4 === test RESULTS - sssd.SSSDTest.test_sssd_help: PASSED (1.70s) RESULTS - sssd.SSSDTest.test_sssd_sssctl_conf_perms_chk: PASSED (2.71s) RESULTS - sssd.SSSDTest.test_sssd_sssctl_deamon: PASSED (2.07s) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* oeqa: sssd.py fix testsArmin Kuster2022-06-181-2/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: use example conf fileArmin Kuster2022-06-181-1/+8
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* oeqa: fix checksec runtime testArmin Kuster2022-06-181-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security.bbappend: add sssdArmin Kuster2022-06-181-0/+4
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: drop sssdArmin Kuster2022-06-181-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* layer.conf:add meta-netorking to BBFILES_DYNAMICArmin Kuster2022-06-181-0/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd:move to dynamic networking-layerArmin Kuster2022-06-189-0/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apparmor: fix ownership issuesArmin Kuster2022-06-181-0/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* aide: fix typoYi Zhao2022-06-181-1/+2
| | | | | | | | Fix typo: RDPENDS_${PN} -> RDEPENDS:${PN} Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: don't include aprwatch for muslArmin Kuster2022-06-071-0/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* arpwatch: update to 3.3Armin Kuster2022-06-072-8/+9
| | | | | | not compatible with musl Signed-off-by: Armin Kuster <akuster808@gmail.com>
* chkrootkit: Fix missing includes for muslArmin Kuster2022-06-072-1/+60
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: drop arpwatch for riscv from pkg grpArmin Kuster2022-06-071-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* arpwatch: riscv not supportedArmin Kuster2022-06-071-0/+3
| | | | | | exclude this arch for compat list Signed-off-by: Armin Kuster <akuster808@gmail.com>
* README: Update for dynamic layersArmin Kuster2022-06-071-21/+12
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* layer.conf: Post release codename changesArmin Kuster2022-06-077-7/+7
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: add arpwatch and chkrootkit to pkg grpArmin Kuster2022-06-071-0/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* chkrootkit: update SRC_URIArmin Kuster2022-06-071-1/+1
| | | | | | 0.55 no longer hosted from main source. Use Ubuntu archive Signed-off-by: Armin Kuster <akuster808@gmail.com>
* checksec: update 2.6.0Armin Kuster2022-06-071-3/+5
| | | | | | | | LIC_FILES_CHKSUM changed do to yr update add native support Signed-off-by: Armin Kuster <akuster808@gmail.com>
* oeqa/smack: consolidate classesArmin Kuster2022-06-071-39/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* smack-test: switch to python3Armin Kuster2022-06-071-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-pkcs11: we really need the symlinksArmin Kuster2022-06-071-9/+2
| | | | | | | MASK dev-so Drop un-needed install append steps. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* oeqa/tpm2: fix and cleanup testsArmin Kuster2022-06-071-9/+16
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* oeqa/swtpm: add swtpm runtimeArmin Kuster2022-06-071-0/+24
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* swtpm: enable gnutlsArmin Kuster2022-06-071-2/+2
| | | | | | needed for cert support Signed-off-by: Armin Kuster <akuster808@gmail.com>
* security-tpm2-image: add swtpmArmin Kuster2022-06-071-0/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* swtpm: enable seccomp if DISTRO is enabledArmin Kuster2022-06-071-0/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-parsec: Update Parsec runtime testsAnton Antonov2022-05-265-19/+191
| | | | | Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Parsec-service: Fix arm32 buildAnton Antonov2022-05-261-1/+5
| | | | | Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* oeqa: add parsec runtime testsArmin Kuster2022-05-261-0/+33
| | | | | | | | | | Signed-off-by: Armin Kuster <akuster808@gmail.com> --- v2] Add parsec-cli-tests.sh to mix Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-parsec: add build image.Armin Kuster2022-05-261-0/+17
| | | | | | | | | | | Signed-off-by: Armin Kuster <akuster808@gmail.com> --- v2] Use packagegroup-security-tpm2 add swtpm Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-parsec: Add pkg grpsArmin Kuster2022-05-261-0/+17
| | | | | | | | | | Signed-off-by: Armin Kuster <akuster808@gmail.com> -- V2] Drop tpm pkgs, use the tpm2 pkg grp Signed-off-by: Armin Kuster <akuster808@gmail.com>
* layer.conf: Added BBFILES_DYNAMIC for dynamic-layers.Lei Maohui2022-05-231-0/+7
| | | | | Signed-off-by: Lei Maohui <leimaohui@fujitsu.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* lib-perl: prefix man pages to avoid conflicting with base perlJeremy A. Puhlman2022-05-231-0/+7
| | | | | | | | | | The following occurs when pkgs-docs added to image features. Error: Transaction test error: file /usr/share/man/man3/lib.3 conflicts between attempted installs of lib-perl-doc-0.63-r0.corei7_64 and perl-doc-5.34.1-r0.corei7_64 Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Parsec-service: Update installation procedureAnton Antonov2022-05-232-7/+10
| | | | | Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* oeqa/cases/tpm2: fix and enhance test suiteArmin Kuster2022-05-231-12/+29
| | | | | | | | | | | | | | | | local.conf TEST_SUITES = "ssh ping tpm2" IMAGE_INSTALL:append = " swtpm tpm2-pkcs11" RESULTS: RESULTS - ping.PingTest.test_ping: PASSED (0.05s) RESULTS - ssh.SSHTest.test_ssh: PASSED (2.19s) RESULTS - tpm2.Tpm2Test.test_tpm2_pcrread: PASSED (1.06s) RESULTS - tpm2.Tpm2Test.test_tpm2_pkcs11: PASSED (1.17s) RESULTS - tpm2.Tpm2Test.test_tpm2_swtpm_reset: PASSED (0.59s) RESULTS - tpm2.Tpm2Test.test_tpm2_swtpm_socket: PASSED (307.72s) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-tools: Add missing rdependsArmin Kuster2022-05-231-0/+3
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-pkcs11: tpm2-pkcs11 module missingArmin Kuster2022-05-231-2/+7
| | | | | | Correctly fix symlink issue by putting module in -dev pkg. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* samhain: update to 4.4.9Armin Kuster2022-05-231-2/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: update to 5.0.5Armin Kuster2022-05-232-2/+2
| | | | libhtp rolls with it
* ossec-hids: update to 3.7.0Armin Kuster2022-05-231-1/+1
| | | | | | See https://github.com/ossec/ossec-hids/releases/tag/3.7.0 Signed-off-by: Armin Kuster <akuster808@gmail.com>
* aide: Update 01.17.4Armin Kuster2022-05-231-1/+1
| | | | | | Precalculate buffer size in base64 functions (CVE-2021-45417) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ima-evm-utils: Update to 1.4Armin Kuster2022-05-234-181/+2
| | | | | | | | | | | | | Switch from git to https in SRC_URI Drop patches not upstreamed. Passes OEQA: RESULTS - ima.IMACheck.test_ima_enabled: PASSED (1.05s) RESULTS - ima.IMACheck.test_ima_hash: PASSED (6.13s) RESULTS - ima.IMACheck.test_ima_overwrite: PASSED (131.31s) RESULTS - ima.IMACheck.test_ima_signature: PASSED (69.03s) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* aide: Add depend on audit when audit is enabled.Jeremy A. Puhlman2022-05-231-1/+1
| | | | | | | | | | checking for libaudit.h... no | configure: error: You don't have libaudit properly installed. Install it if you need it. | NOTE: The following config.log files may provide further information. Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* layer.conf: fix up layer dependancies.Armin Kuster2022-05-141-1/+1
| | | | | | reorg pkgs so the we only need meta-oe Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security.bb: fix suricata inclusionArmin Kuster2022-05-141-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>