summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* fail2ban: update to 0.10.2Armin Kuster2018-02-141-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* smack: update to 1.3.1Armin Kuster2018-02-141-3/+3
| | | | | | | drop git hash from PV Use master branch Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: update to 1.16.0Armin Kuster2018-02-141-4/+5
| | | | | | update some PACKAGECONFIG changes Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scapy: update to 2.3.3Armin Kuster2018-02-142-114/+2
| | | | | | Drop patch included in update. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tripwire: Update to 2.4.3.6Armin Kuster2018-02-141-2/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libseccomp: update to 2.3.3Armin Kuster2018-02-141-3/+1
| | | | | | | | Drop git PV for bb reciped PV. supports 4.15 kernel Signed-off-by: Armin Kuster <akuster808@gmail.com>
* xmlsec1: Allow native buildsJosé Bollo2018-02-061-1/+1
| | | | | | | | | | | When used in native builds, the variable STAGING_DIR_HOST expands to the empty string. This leads 'sed' to an error because the pattern is empty. Using STAGING_DIR instead of STAGING_DIR_HOST allows to use xmlsec1 in native builds with the correct behaviour. Change-Id: I55f40ac2413863c489d4219e0080f7e4e274a6db Signed-off-by: José Bollo <jose.bollo@iot.bzh> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* conf/layer.conf: remove bbclass from BBFILESRobert Yang2018-02-062-2/+2
| | | | | | | Add bbclass to BBFILES doesn't make any sense. Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* swtpm/libtpm: update to latest masterPatrick Ohly2017-12-105-75/+35
| | | | | | | | | This allows dropping some patches for issues that were addressed upstream. It also brings in support for connecting swtpm to qemu without relying on CUSE. Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* samhain: remove the path for start-stop-daemonMingli Yu2017-12-103-17/+17
| | | | | | | | | | Remove the absolute path for start-stop-daemon to fix samhain start-up as start-stop-daemon sometimes located in /usr/sbin, not the expected /sbin. Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap: fix build issueArmin Kuster2017-12-101-0/+2
| | | | | | | | | core2-64-oe-linux/openscap/1.2.15-r0/git/src/.libs/libopenscap.so: error: undefined reference to 'dlopen' | core2-64-oe-linux/openscap/1.2.15-r0/git/src/.libs/libopenscap.so: error: undefined reference to 'dlsym' | core2-64-oe-linux/openscap/1.2.15-r0/git/src/.libs/libopenscap.so: error: undefined reference to 'dlerror' | core2-64-oe-linux/openscap/1.2.15-r0/git/src/.libs/libopenscap.so: error: undefined reference to 'dlclose' Signed-off-by: Armin Kuster <akuster808@gmail.com>
* trousers: allow overriding localstatedir mandir sysconfdirAndré Draszik2017-11-062-0/+69
| | | | | | | | | | | | It is currently impossible to override localstatedir, mandir and sysconfdir during ./configure, because they are being overriden unconditionally. With this patch it is now possible to set above locations as needed. Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* trousers: make initscript more reliableAndré Draszik2017-11-061-2/+4
| | | | | | | | | | | | | | | | | | | The combination of using start-stop-daemon and pidof is not working reliably in all cases. Sometimes, the tcsd daemon isn't running yet at the time pidof is being invoked. This results in an empty /var/run/tcsd.pid, making it impossible to stop tcsd using the init script. To solve this, one could either add a delay before calling pidof, or alternatively use start-stop-daemon's built-in functionality to achieve the same. Let's do the latter. Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* fscryptctl: add v0.1.0André Draszik2017-10-241-0/+27
| | | | | | | | | | | | | | | | fscryptctl is a low-level tool written in C that handles raw keys and manages policies for Linux filesystem encryption [1]. For a tool that presents a higher level interface and manages metadata, key generation, key wrapping, PAM integration, and passphrase hashing, see fscrypt [2]. [1] https://lwn.net/Articles/639427 [2] https://github.com/google/fscrypt Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscape: fix ptest compile errors and updateArmin Kuster2017-10-151-1/+3
| | | | | | | | | | | update to 1.2.15 plus ERROR: openscap-1.2.14-r0 do_package_qa: QA Issue: /usr/lib/openscap/ptest/tests/probes/process58/all.sh contained in package openscap-ptest requires /bin/bash, but no providers found in RDEPENDS_openscap-ptest? [file-rdeps] ERROR: openscap-1.2.14-r0 do_package_qa: QA Issue: /usr/lib/openscap/ptest/tests/xmldiff.pl contained in package openscap-ptest requires /usr/bin/perl, but no providers found in RDEPENDS_openscap-ptest? [file-rdeps] ERROR: openscap-1.2.14-r0 do_package_qa: QA Issue: /usr/lib/openscap/ptest/tests/nist/test_worker.py contained in package openscap-ptest requires /usr/bin/python2, but no providers found in RDEPENDS_openscap-ptest? [file-rdeps] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* keynote: update the SRC_URIDengke Du2017-10-101-3/+6
| | | | | | | | | | | | | | The old URL can't be available, give the new URL to keynote. The project already moved to: https://sourceforge.net/projects/keynote-2-3/ The different between old and new tarball was: the old tarball contains doc directory, source codes were same. Signed-off-by: Dengke Du <dengke.du@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openssl-tpm-engine: add packageArmin Kuster2017-10-106-0/+570
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-abrmd: add packageArmin Kuster2017-10-103-0/+120
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm-quote-tools: Add packageArmin Kuster2017-10-101-0/+23
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* pcr-extend: add new packageArmin Kuster2017-10-101-0/+25
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* README: update with basic infoArmin Kuster2017-10-101-0/+4
| | | | | | needed to pass yocto-check-layer Signed-off-by: Armin Kuster <akuster808@gmail.com>
* swtpm: fix cuse dependsArmin Kuster2017-10-101-2/+8
| | | | | | | if cuse is enabled, depend on fuse which is in meta-filesystems throw error is layer is missing. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* linux-yocto/4.12: update path versionArmin Kuster2017-10-021-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* bastile: fix QA issueArmin Kuster2017-10-021-1/+1
| | | | | | WARNING: bastille-3.2.1-r0 do_package_qa: QA Issue: Symlink /usr/sbin/UndoBastille in bastille points to TMPDIR [symlink-to-sysroot] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* lynis: move recipe to correct layerArmin Kuster2017-10-021-0/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap-daemon: fix QA issueArmin Kuster2017-10-021-0/+2
| | | | | | ERROR: openscap-daemon-0.1.6+gitAUTOINC+3fd5c75a08-r0 do_package_qa: QA Issue: /usr/bin/oscapd-cli contained in package openscap-daemon requires /usr/bin/python, but no providers found in RDEPENDS_openscap-daemon? [file-rdeps] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: update to 4.0.0Armin Kuster2017-10-023-6/+6
| | | | | | libhtp updated in // as suricata contains the sources Signed-off-by: Armin Kuster <akuster808@gmail.com>
* redhat-security: remove PR and fix styleArmin Kuster2017-10-021-3/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* checksecurity: fix recipe styleArmin Kuster2017-10-021-1/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libenv-perl: add recipe removed from coreArmin Kuster2017-10-021-0/+21
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* layer.conf: update layer dependsArmin Kuster2017-10-021-2/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libewf: fix build issueArmin Kuster2017-10-021-1/+1
| | | | | | | ERROR: gettext-native required but not in DEPENDS for file /build/build_artifacts/master/tmp-glibc/work/i586-oe-linux/libewf/20140608-r0/libewf-20140608/configure.ac. Missing inherit gettext? Signed-off-by: Armin Kuster <akuster808@gmail.com>
* oe-release: add oe-release file for openscapArmin Kuster2017-09-301-0/+32
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* os-release: needed by openscapArmin Kuster2017-09-301-0/+4
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap: Add oe specific filesArmin Kuster2017-09-306-0/+215
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap: add dameonArmin Kuster2017-09-301-0/+18
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap: add scap-security-guideArmin Kuster2017-09-301-0/+57
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap: add packageArmin Kuster2017-09-305-0/+140
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* lynis: add auditing toolArmin Kuster2017-09-301-0/+41
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-security-compliance: add new layer for compliance and audit applicationsArmin Kuster2017-09-302-0/+54
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* clamav: update llvm to use 5.0 to match version in coreArmin Kuster2017-09-301-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroups: fix invalid license fileJackie Huang2017-09-155-5/+5
| | | | | | | | | | | | Use '${COMMON_LICENSE_DIR}/MIT' for MIT License to fix the warning: | WARNING: packagegroup-core-security do_populate_lic: ${COREBASE}/LICENSE is not a valid license file, please use '${COMMON_LICENSE_DIR}/MIT' for a MIT License file in LIC_FILES_CHKSUM. This will become an error in the future Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* samhain: fix QA issue for GNU_HASHJackie Huang2017-09-152-0/+29
| | | | | | | | | Add LDFLAGS variable to fix QA issue for GNU_HASH: | ERROR: samhain-client-4.2.2-r0 do_package_qa: QA Issue: No GNU_HASH in the elf binary: '/builddir/usr/sbin/samhain_setpwd' [ldflags] Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* samhain: avoid searching host dir for postgresqlJackie Huang2017-09-152-1/+136
| | | | | | | | Add a patch to avoid searching host dir for postgresql, and set PGSQL_INC_DIR and PGSQL_LIB_DIR instead. Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* samhain: fix for the PACKAGECONFIGJackie Huang2017-09-151-11/+13
| | | | | | | | | | | | | | | | | * The "??=" assignment for PACKAGECONFIG is overridden by the following "+=" assignments, which is not expected, so combine them into one assignment with multiple lines. * Fix a typo for postgresql. * Remove unneeded quotation marks. * run aotoconf to regenerate the configure, or the patch for ps option doesn't work: | configure: error: unrecognized option: --with-ps-path=/bin/ps Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* samhain: depends on attr when selinux is enabledJackie Huang2017-09-151-1/+1
| | | | | | | | The extended attribute is required by selinux feature, so add the dependency when selinux is enabled. Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apparmor: fix a few build issuesArmin Kuster2017-09-151-2/+5
| | | | | | | | | | | | | | | | | | | | | | | configure.ac:8: http://www.gnu.org/software/automake/manual/automake.html#Modernize-AM_005fINIT_005fAUTOMAKE-invocation | configure.ac:8: error: version mismatch. This is Automake 1.15.1, | configure.ac:8: but the definition used by this AM_INIT_AUTOMAKE add aclocal and make: Entering directory '/home/akuster/oss/clean/poky/build/tmp/work/mips64-poky-linux/apparmor/2.11.0-r0/apparmor-2.11.0/binutils' | error: ../libraries/libapparmor//src/.libs/libapparmor.a is missing. Pick one of these possible solutions: remove --disable-static and ERROR: apparmor-2.11.0-r0 do_package_qa: QA Issue: /usr/lib/apparmor/ptest/testsuite/parser/tst/gen-dbus.pl contained in package apparmor-ptest requires /usr/bin/perl, but no providers found in RDEPENDS_apparmor-ptest? [file-rdeps] add perl to ptest RDEPENDS Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Apparmor: add apache2 to PACKAGECONF and check for webserver layerArmin Kuster2017-09-151-4/+22
| | | | | | Don't want to add layer depends for one package unless needed. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2.0-tss: fix systemd package listPatrick Ohly2017-09-151-1/+1
| | | | | | | | | | | | | Commit 4c4fa8c "tpm2.0-tss: install resourcemgr service" introduced systemd support for the resourcemgr package, but left the default ${PN} in SYSTEMD_PACKAGES, leading to an apparently harmless (?) build error, emitted by systemd.bbclass via bb.error() because tpm2.0-tss does not have a package of that name: ERROR: tpm2.0-tss-git-r0 do_package: tpm2.0-tss does not appear in package list, please add it Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nmap: update to 7.60Armin Kuster2017-09-131-3/+5
| | | | | | | | LIC_CHKSUM_FILES changed do to yr update. add a few more PACKCONFIG Signed-off-by: Armin Kuster <akuster808@gmail.com>