| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upstream changlog shows that python 3.12 support
was added/fixed in version 2.2.0:
https://github.com/tpm2-software/tpm2-pytss/blob/master/CHANGELOG.md
To fix build error:
| DEBUG: Executing python function autotools_aclocals
| DEBUG: SITE files ['endian-little', 'bit-64', 'arm-common', 'arm-64', 'common-linux', 'common-glibc', 'aarch64-linux', 'common']
| DEBUG: Python function autotools_aclocals finished
| DEBUG: Executing shell function do_compile
| /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/recipe-sysroot-native/usr/lib/python3.12/site-packages/setuptools/__init__.py:80: _DeprecatedInstaller: setuptools.installer and fetch_build_eggs are deprecated.
| !!
|
| ********************************************************************************
| Requirements should be satisfied by a PEP 517 installer.
| If you are using pip, you can try `pip install --use-pep517`.
| ********************************************************************************
|
| !!
| dist.fetch_build_eggs(dist.setup_requires)
| /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/tpm2-pytss-2.1.0/scripts/prepare_headers.py:27: SyntaxWarning: invalid escape sequence '\('
| s = re.sub("#define TSS2_RC_LAYER\(level\).*", "", s)
| /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/tpm2-pytss-2.1.0/scripts/prepare_headers.py:28: SyntaxWarning: invalid escape sequence '\('
| s = re.sub("(#define.*)TSS2_RC_LAYER\(0xff\)", "\g<1>0xff0000", s)
| /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/tpm2-pytss-2.1.0/scripts/prepare_headers.py:28: SyntaxWarning: invalid escape sequence '\g'
| s = re.sub("(#define.*)TSS2_RC_LAYER\(0xff\)", "\g<1>0xff0000", s)
| /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/tpm2-pytss-2.1.0/scripts/prepare_headers.py:31: SyntaxWarning: invalid escape sequence '\*'
| s = re.sub("/\*.*?\*/", "", s, flags=re.MULTILINE)
| /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/tpm2-pytss-2.1.0/scripts/prepare_headers.py:34: SyntaxWarning: invalid escape sequence '\('
| s = re.sub("(#define [A-Za-z0-9_]+) +\(\(.*?\) \(.*?\)\)", "\g<1>...", s)
| /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/tpm2-pytss-2.1.0/scripts/prepare_headers.py:34: SyntaxWarning: invalid escape sequence '\g'
| s = re.sub("(#define [A-Za-z0-9_]+) +\(\(.*?\) \(.*?\)\)", "\g<1>...", s)
| /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/tpm2-pytss-2.1.0/scripts/prepare_headers.py:35: SyntaxWarning: invalid escape sequence '\('
| s = re.sub("(#define [A-Za-z0-9_]+) +\(\(.*?\).*?\) ", "\g<1>...", s)
| /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/tpm2-pytss-2.1.0/scripts/prepare_headers.py:35: SyntaxWarning: invalid escape sequence '\g'
| s = re.sub("(#define [A-Za-z0-9_]+) +\(\(.*?\).*?\) ", "\g<1>...", s)
| /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/tpm2-pytss-2.1.0/scripts/prepare_headers.py:37: SyntaxWarning: invalid escape sequence '\)'
| "(#define [A-Za-z0-9_]+) .*\n.*?.*\)\)", "\g<1>...", s, flags=re.MULTILINE
| /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/tpm2-pytss-2.1.0/scripts/prepare_headers.py:37: SyntaxWarning: invalid escape sequence '\g'
| "(#define [A-Za-z0-9_]+) .*\n.*?.*\)\)", "\g<1>...", s, flags=re.MULTILINE
| /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/tpm2-pytss-2.1.0/scripts/prepare_headers.py:39: SyntaxWarning: invalid escape sequence '\g'
| s = re.sub("(#define [A-Za-z0-9_]+) .*", "\g<1>...", s)
| /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/tpm2-pytss-2.1.0/scripts/prepare_headers.py:42: SyntaxWarning: invalid escape sequence '\['
| s = re.sub("\[.+?\]", "[...]", s)
| /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/tpm2-pytss-2.1.0/scripts/prepare_headers.py:77: SyntaxWarning: invalid escape sequence '\)'
| "#define TPM2_MAX_TAGGED_POLICIES.*\n.*TPMS_TAGGED_POLICY\)\)",
| /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/tpm2-pytss-2.1.0/scripts/prepare_headers.py:262: SyntaxWarning: invalid escape sequence '\s'
| "TSS2_RC\s+Tss2_MU_BYTE_Marshal\(.+?\);", s, re.DOTALL | re.MULTILINE
| /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/tpm2-pytss-2.1.0/scripts/prepare_headers.py:266: SyntaxWarning: invalid escape sequence '\s'
| "TSS2_RC\s+Tss2_MU_BYTE_Marshal\(.+?\);", "", s, 1, re.DOTALL | re.MULTILINE
| /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/tpm2-pytss-2.1.0/scripts/prepare_headers.py:270: SyntaxWarning: invalid escape sequence '\s'
| "TSS2_RC\s+Tss2_MU_BYTE_Unmarshal\(.+?\);", s, re.DOTALL | re.MULTILINE
| /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/tpm2-pytss-2.1.0/scripts/prepare_headers.py:274: SyntaxWarning: invalid escape sequence '\s'
| "TSS2_RC\s+Tss2_MU_BYTE_Unmarshal\(.+?\);",
| adding path: /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/tpm2-pytss-2.1.0/scripts
| Traceback (most recent call last):
| File "/home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/tpm2-pytss-2.1.0/setup.py", line 280, in <module>
| setup(
| File "/home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/recipe-sysroot-native/usr/lib/python3.12/site-packages/setuptools/__init__.py", line 103, in setup
| return distutils.core.setup(**attrs)
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
| File "/home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/recipe-sysroot-native/usr/lib/python3.12/site-packages/setuptools/_distutils/core.py", line 146, in setup
| _setup_distribution = dist = klass(attrs)
| ^^^^^^^^^^^^
| File "/home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/recipe-sysroot-native/usr/lib/python3.12/site-packages/setuptools/dist.py", line 307, in __init__
| _Distribution.__init__(self, dist_attrs)
| File "/home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/recipe-sysroot-native/usr/lib/python3.12/site-packages/setuptools/_distutils/dist.py", line 286, in __init__
| self.finalize_options()
| File "/home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/recipe-sysroot-native/usr/lib/python3.12/site-packages/setuptools/dist.py", line 659, in finalize_options
| ep(self)
| File "/home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/recipe-sysroot-native/usr/lib/python3.12/site-packages/setuptools/dist.py", line 679, in _finalize_setup_keywords
| ep.load()(self, ep.name, value)
| File "/home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/recipe-sysroot-native/usr/lib/python3.12/site-packages/cffi/setuptools_ext.py", line 216, in cffi_modules
| add_cffi_module(dist, cffi_module)
| File "/home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/recipe-sysroot-native/usr/lib/python3.12/site-packages/cffi/setuptools_ext.py", line 49, in add_cffi_module
| execfile(build_file_name, mod_vars)
| File "/home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/recipe-sysroot-native/usr/lib/python3.12/site-packages/cffi/setuptools_ext.py", line 25, in execfile
| exec(code, glob, glob)
| File "scripts/libtss2_build.py", line 69, in <module>
| ffibuilder.cdef(open("libesys.h").read())
| File "/home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/recipe-sysroot-native/usr/lib/python3.12/site-packages/cffi/api.py", line 112, in cdef
| self._cdef(csource, override=override, packed=packed, pack=pack)
| File "/home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/recipe-sysroot-native/usr/lib/python3.12/site-packages/cffi/api.py", line 126, in _cdef
| self._parser.parse(csource, override=override, **options)
| File "/home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/recipe-sysroot-native/usr/lib/python3.12/site-packages/cffi/cparser.py", line 389, in parse
| self._internal_parse(csource)
| File "/home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/recipe-sysroot-native/usr/lib/python3.12/site-packages/cffi/cparser.py", line 396, in _internal_parse
| self._process_macros(macros)
| File "/home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/recipe-sysroot-native/usr/lib/python3.12/site-packages/cffi/cparser.py", line 479, in _process_macros
| raise CDefError(
| cffi.CDefError: only supports one of the following syntax:
| #define TPM2_HR_PCR ... (literally dot-dot-dot)
| #define TPM2_HR_PCR NUMBER (with NUMBER an integer constant, decimal/hex/octal)
| got:
| #define TPM2_HR_PCR ...<< TPM2_HR_SHIFT)
| ERROR: 'python3 setup.py build ' execution failed.
| WARNING: /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/temp/run.do_compile.2430604:190 exit 1 from 'exit 1'
| WARNING: Backtrace (BB generated script):
| #1: bbfatal_log, /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/temp/run.do_compile.2430604, line 190
| #2: setuptools3_legacy_do_compile, /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/temp/run.do_compile.2430604, line 180
| #3: do_compile, /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/temp/run.do_compile.2430604, line 162
| #4: main, /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/temp/run.do_compile.2430604, line 194
NOTE: recipe python3-tpm2-pytss-2.1.0-r0: task do_compile: Failed
ERROR: Task (/home/builder/src/base/build/../meta-security/meta-tpm/recipes-tpm2/tpm2-pytss/python3-tpm2-pytss_2.1.0.bb:do_compile) failed with exit code '1'
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2024-38536
Upstream-Status: Backport from [https://github.com/OISF/suricata/commit/aab7f35c76721df19403a7c0c0025feae12f3b6b, https://github.com/OISF/suricata/commit/a753cdbe84caee3b66d0bf49b2712d29a50d67ae, https://github.com/OISF/suricata/commit/c82fa5ca0d1ce0bd8f936e0b860707a6571373b2, https://github.com/OISF/suricata/commit/2bd3bd0e318f19008e9fe068ab17277c530ffb92]
CVE's Fixed:
CVE-2024-37151 suricata: suricata: packet reassembly failure, which can lead to policy bypass
CVE-2024-38534 suricata: suricata: Crafted modbus traffic can lead to unlimited resource accumulation within a flow
CVE-2024-38535 suricata: Suricata: can run out of memory when parsing crafted HTTP/2 traffic
CVE-2024-38536 suricata: NULL pointer dereference when http.memcap is reached
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
Replace references of WORKDIR with UNPACKDIR where it makes sense to do so in preparation for changing the default value of UNPACKDIR.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
* Fix typo: remdediate_service -> remediate_service
* No need to manually install oscap-remediate.service, as it is already
installed when ENABLE_OSCAP_REMEDIATE_SERVICE=ON is set.
* Add a patch to fix installation directory for systemd service file.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Upstream removed gcrypt backend as part of the 3.0.0 release
(https://github.com/tpm2-software/tpm2-tss/pull/1781), but it was not
removed from the recipe during the update.
Signed-off-by: Ricardo Salveti <ricardo@foundries.io>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
Allow users to pass the private key password using
IMA_EVM_EVMCTL_KEY_PASSWORD.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Introduce IMA_EVM_PRIVKEY_KEY_OPT to pass additional options to evmctl
when signing files. An example is --keyid <id> that makes evmctl use
a specific key id when signing files.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
* other places were updated to use yocto-patches, but not this one
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
fatal with gcc-14
tcp-smack-test:
tcp_server.c: In function 'main':
tcp_server.c:50:16: error: implicit declaration of function 'atoi' [-Wimplicit-function-declaration]
50 | port = atoi(argv[1]);
| ^~~~
tcp_server.c:62:12: error: implicit declaration of function 'fsetxattr' [-Wimplicit-function-declaration]
62 | if(fsetxattr(sock, attr_in, label_in, strlen(label_in),0) < 0)
| ^~~~~~~~~
udp-smack-test:
udp_client.c: In function 'main':
udp_client.c:52:12: error: implicit declaration of function 'fsetxattr' [-Wimplicit-function-declaration]
52 | if(fsetxattr(sock, attr, label, strlen(label),0) < 0)
| ^~~~~~~~~
udp_client.c:67:9: error: implicit declaration of function 'close'; did you mean 'pclose'? [-Wimplicit-function-declaration]
67 | close(sock);
| ^~~~~
| pclose
udp_server.c: In function 'main':
udp_server.c:42:16: error: implicit declaration of function 'atoi' [-Wimplicit-function-declaration]
42 | port = atoi(argv[1]);
| ^~~~
udp_server.c:57:12: error: implicit declaration of function 'fsetxattr' [-Wimplicit-function-declaration]
57 | if(fsetxattr(sock, attr, label, strlen(label), 0) < 0)
| ^~~~~~~~~
udp_server.c:84:9: error: implicit declaration of function 'close'; did you mean 'pclose'? [-Wimplicit-function-declaration]
84 | close(sock);
| ^~~~~
| pclose
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
Replace references of WORKDIR with UNPACKDIR where it makes sense to do so in preparation for changing the default value of UNPACKDIR.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
Replace references of WORKDIR with UNPACKDIR where it makes sense to do so in preparation for changing the default value of UNPACKDIR.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
* WORKDIR -> UNPACKDIR transition
* Switch away from S = WORKDIR
Signed-off-by: Changqing Li <changqing.li@windriver.com>
[Fixed up the smack changes due to prior patch]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
ChangeLog:
https://github.com/ComplianceAsCode/content/releases/tag/v0.1.73
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The option --without-python2-bindings was added twice, by the commit
4375507f39ed4bc62e1304838870be65f3a81460, and then after python2 was
deprecated with the commit 96737082ad20eabcbbaa82b0cacee0d05d50eaab.
This removes the latter.
Signed-off-by: Gaël PORTAY <gael.portay@rtone.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
${WORKDIR}
* fixes:
Parsing recipes...
ERROR: meta-security/recipes-mac/smack/mmap-smack-test_1.0.bb: Using S = ${WORKDIR} is no longer supported
ERROR: meta-security/recipes-mac/smack/tcp-smack-test_1.0.bb: Using S = ${WORKDIR} is no longer supported
ERROR: meta-security/recipes-mac/smack/udp-smack-test_1.0.bb: Using S = ${WORKDIR} is no longer supported
ERROR: meta-security/recipes-mac/smack/smack-test_1.0.bb: Using S = ${WORKDIR} is no longer supported
ERROR: Parsing halted due to errors, see error messages above
* see:
https://lists.openembedded.org/g/openembedded-architecture/message/2007
* it's fatal error since:
https://git.openembedded.org/openembedded-core/commit/?h=master&id=32cba1cc916ad530c5e6630a927e74ca6f06289b
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
tcp-smack-test:
http://errors.yoctoproject.org/Errors/Details/766925/
tcp_client.c:55:16: error: implicit declaration of function 'atoi' [-Wimplicit-function-declaration]
udp-client-tests:
http://errors.yoctoproject.org/Errors/Details/766927/
udp_client.c:41:16: error: implicit declaration of function 'atoi' [-Wimplicit-function-declaration]
udp_client.c:51:12: error: implicit declaration of function 'fsetxattr' [-Wimplicit-function-declaration]
udp_client.c:66:9: error: implicit declaration of function 'close'; did you mean 'pclose'? [-Wimplicit-function-declaration]
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bump tpm2-tss library version from 4.0.1 to 4.1.2.
This simply involves renaming the recipe and chaning the target SHA256
library file hash.
Also update the fixup_hosttools.patch to apply to the new version of the
library. It stays the same functionally, but some line numbers needed to
be updated to apply cleanly.
Signed-off-by: Valentin Kunin <kunin@google.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
Dependency for nativesdk-swtpm
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
nativesdk-swtpm needs nativesdk-libtpm
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
tpm2-pkcs11-tools-native needs tpm2-tools-native
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
swtpm-native requires tpm2-pkcs11-tools-native for gnutls PACKAGECONFIG
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
version 0.8.2:
- swtpm:
- cuse: Lock file_ops_lock before reading tpm_running
- build-sys:
- Add support for --disable-tests to disable tests
https://github.com/stefanberger/swtpm/compare/v0.8.1...v0.8.2
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
ChangeLog:
https://github.com/ComplianceAsCode/content/releases/tag/v0.1.72
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
ChangeLog:
https://github.com/OpenSCAP/openscap/releases/tag/1.3.10
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
libseccomp requires DISTRO_FEATURE seccomp enabled. This one
is automatically removed for riscv, so we do not need to add
an additional condition.
This change is necessary for cve-check on world with meta-security
Signed-off-by: Marta Rybczynska <marta.rybczynska@syslinbit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Remove __pycache__ directories as they contain references to TMPDIR.
Fix QA warnings:
WARNING: scap-security-guide-0.1.71-r0 do_package_qa: QA Issue: File
/usr/lib64/scap-security-guide/ptest/git/utils/_pycache_/gen_reference_table.cpython-312.pyc
in package scap-security-guide-ptest contains reference to TMPDIR
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
* Refresh patch
* Fix UPSTREAM_CHECK_GITTAGREGEX
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
0001-osdetection-add-OpenEmbedded-and-Poky.patch
removed since it's included in 3.1.1.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Remove '-DALG_CAMELLIA=ALG_NO' from CFLAGS to fix compile error:
| TpmProfile_Common.h:109: error: "ALG_CAMELLIA" redefined [-Werror]
| 109 | #define ALG_CAMELLIA ALG_YES
| |
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Simple fix for Python 3.12 since it dropped asyncore. Catches the import
error instead of using a version check so that the user can install the
compatibility package for any uses that can't be upgraded to asyncio or
similar immediately.
Fixes:
# python3
Python 3.12.1 (main, Dec 7 2023, 20:45:44) [GCC 13.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import pyinotify
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib64/python3.12/site-packages/pyinotify.py", line 71, in <module>
import asyncore
ModuleNotFoundError: No module named 'asyncore'
>>>
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The install expects man8 directory to already exists. If not created
the man page gets installed as "man8", which causes conflicts with
other packages, that expect it to be a directory.
'arpsnmp' -> '/build/project/tmp/work/corei7-64-poky-linux/arpwatch/3.3/image/usr/sbin/arpsnmp'
'./arpwatch.8' -> '/build/project/tmp/work/corei7-64-poky-linux/arpwatch/3.3/image/usr/share/man/man8'
removed '/build/project/tmp/work/corei7-64-poky-linux/arpwatch/3.3/image/usr/share/man/man8'
'./arpsnmp.8' -> '/build/project/tmp/work/corei7-64-poky-linux/arpwatch/3.3/image/usr/share/man/man8'
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to the Yocto reference manual [1], the IMAGE_NAME_SUFFIX should
be set to empty for the initramfs image. Otherwise, we may incur a build
error like following due to the initrd check in live-vm-common.bbclass:
ERROR: core-image-minimal-1.0-r0 do_bootimg: build-test/tmp/deploy/images/genericx86-64/dm-verity-image-initramfs-genericx86-64.cpio.gz is invalid. initrd image creation failed.
ERROR: core-image-minimal-1.0-r0 do_bootimg: ExecutionError('build-test/tmp/work/genericx86_64-poky-linux/core-image-minimal/1.0/temp/run.build_hddimg.1961965', 1, None, None)
ERROR: Logfile of failure stored in: build-test/tmp/work/genericx86_64-poky-linux/core-image-minimal/1.0/temp/log.do_bootimg.1961965
ERROR: Task (poky/meta/recipes-core/images/core-image-minimal.bb:do_bootimg) failed with exit code '1'
[1] https://docs.yoctoproject.org/ref-manual/variables.html#term-IMAGE_NAME_SUFFIX
Signed-off-by: Kevin Hao <kexin.hao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
drop patch now included.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
Arpwatch won't build on a system without a sendmail provider
installed with out this setting.
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After the using inherit_defer for the image classes in oe-core commit
451363438d38 ("classes/recipes: Switch to use inherit_defer"),
the using of anonymous python function in dm-verity-img.bbclass to
set the IMAGE_FSTYPES doesn't work anymore. The reason is that
image.bbclass also use anonymous python function to add the do_image_xxx
task for the corresponding filesystem type. The anonymous function in
dm-verity-img.bbclass is evaluated much later than the one in
image.bbclass. Then the task such as do_image_vhash will not be added
as we expect. So we choose to use "+=" to set the IMAGE_FSTYPES.
The populate_sdk_ext.bbclass may generate a dependency list like below:
core-image-minimal.do_sdk_depends -> lib32-core-image-minimal.do_image_vhash
So we also need to make sure the do_image_vhash task for the multilib
filesystem is added.
Signed-off-by: Kevin Hao <kexin.hao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After the oe-core commit 26d97acc7137 ("image-artifact-names: include
${IMAGE_NAME_SUFFIX} directly in both ${IMAGE_NAME} and
${IMAGE_LINK_NAME}"), the image names have changed from
core-image-minimal-qemux86-64-20230307181808.rootfs.ext4
core-image-minimal-qemux86-64.ext4
to
core-image-minimal-qemux86-64.rootfs-20230307181456.ext4
core-image-minimal-qemux86-64.rootfs.ext4
Adjust the images name used by dm-verity according to this change.
Signed-off-by: Kevin Hao <kexin.hao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Kevin Hao <kexin.hao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
V2] Fix typo in python3-pyinotify changes
|
| |
|
|
|
|
|
|
| |
Lynis tool needs ip, ss, tr and netstat.
If they are missing Lynis skips some important audit tests.
Signed-off-by: BELOUARGA Mohamed <m.belouarga@technologyandstrategy.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
Checksec tool depends of commands "find, file and ps"
Signed-off-by: BELOUARGA Mohamed <m.belouarga@technologyandstrategy.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport a patch to fix build with python 3.12:
$ bitbake openscap-native
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'distutils'
CMake Error at swig/python3/CMakeLists.txt:35 (install):
install TARGETS given no LIBRARY DESTINATION for module target
"_openscap_py".
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Append to IMAGE_INSTALL rather than directly setting the variable
and does it after inheriting core-image.bbclass because in it
IMAGE_INSTALL is set with a default value CORE_IMAGE_BASE_INSTALL.
Variable CORE_IMAGE_BASE_INSTALL includes CORE_IMAGE_EXTRA_INSTALL
so the change allows adding auditd to CORE_IMAGE_EXTRA_INSTALL as
per the instructions in meta-integrity/README.md.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
