summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* meta-parsec: add build image.Armin Kuster2022-05-261-0/+17
| | | | | | | | | | | Signed-off-by: Armin Kuster <akuster808@gmail.com> --- v2] Use packagegroup-security-tpm2 add swtpm Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-parsec: Add pkg grpsArmin Kuster2022-05-261-0/+17
| | | | | | | | | | Signed-off-by: Armin Kuster <akuster808@gmail.com> -- V2] Drop tpm pkgs, use the tpm2 pkg grp Signed-off-by: Armin Kuster <akuster808@gmail.com>
* layer.conf: Added BBFILES_DYNAMIC for dynamic-layers.Lei Maohui2022-05-231-0/+7
| | | | | Signed-off-by: Lei Maohui <leimaohui@fujitsu.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* lib-perl: prefix man pages to avoid conflicting with base perlJeremy A. Puhlman2022-05-231-0/+7
| | | | | | | | | | The following occurs when pkgs-docs added to image features. Error: Transaction test error: file /usr/share/man/man3/lib.3 conflicts between attempted installs of lib-perl-doc-0.63-r0.corei7_64 and perl-doc-5.34.1-r0.corei7_64 Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Parsec-service: Update installation procedureAnton Antonov2022-05-232-7/+10
| | | | | Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* oeqa/cases/tpm2: fix and enhance test suiteArmin Kuster2022-05-231-12/+29
| | | | | | | | | | | | | | | | local.conf TEST_SUITES = "ssh ping tpm2" IMAGE_INSTALL:append = " swtpm tpm2-pkcs11" RESULTS: RESULTS - ping.PingTest.test_ping: PASSED (0.05s) RESULTS - ssh.SSHTest.test_ssh: PASSED (2.19s) RESULTS - tpm2.Tpm2Test.test_tpm2_pcrread: PASSED (1.06s) RESULTS - tpm2.Tpm2Test.test_tpm2_pkcs11: PASSED (1.17s) RESULTS - tpm2.Tpm2Test.test_tpm2_swtpm_reset: PASSED (0.59s) RESULTS - tpm2.Tpm2Test.test_tpm2_swtpm_socket: PASSED (307.72s) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-tools: Add missing rdependsArmin Kuster2022-05-231-0/+3
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-pkcs11: tpm2-pkcs11 module missingArmin Kuster2022-05-231-2/+7
| | | | | | Correctly fix symlink issue by putting module in -dev pkg. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* samhain: update to 4.4.9Armin Kuster2022-05-231-2/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: update to 5.0.5Armin Kuster2022-05-232-2/+2
| | | | libhtp rolls with it
* ossec-hids: update to 3.7.0Armin Kuster2022-05-231-1/+1
| | | | | | See https://github.com/ossec/ossec-hids/releases/tag/3.7.0 Signed-off-by: Armin Kuster <akuster808@gmail.com>
* aide: Update 01.17.4Armin Kuster2022-05-231-1/+1
| | | | | | Precalculate buffer size in base64 functions (CVE-2021-45417) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ima-evm-utils: Update to 1.4Armin Kuster2022-05-234-181/+2
| | | | | | | | | | | | | Switch from git to https in SRC_URI Drop patches not upstreamed. Passes OEQA: RESULTS - ima.IMACheck.test_ima_enabled: PASSED (1.05s) RESULTS - ima.IMACheck.test_ima_hash: PASSED (6.13s) RESULTS - ima.IMACheck.test_ima_overwrite: PASSED (131.31s) RESULTS - ima.IMACheck.test_ima_signature: PASSED (69.03s) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* aide: Add depend on audit when audit is enabled.Jeremy A. Puhlman2022-05-231-1/+1
| | | | | | | | | | checking for libaudit.h... no | configure: error: You don't have libaudit properly installed. Install it if you need it. | NOTE: The following config.log files may provide further information. Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* layer.conf: fix up layer dependancies.Armin Kuster2022-05-141-1/+1
| | | | | | reorg pkgs so the we only need meta-oe Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security.bb: fix suricata inclusionArmin Kuster2022-05-141-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: drop nfnetlink from pkg configArmin Kuster2022-05-141-1/+2
| | | | | | nfnetlink has a layer dependancy to meta-networking. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* arpwatch: add postfix to pkg configArmin Kuster2022-05-141-3/+7
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: add dynamic python pkgsArmin Kuster2022-05-141-0/+10
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: add perl pkgs grpsArmin Kuster2022-05-141-0/+18
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: remove pkgsArmin Kuster2022-05-141-12/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-security: move perl and python recipes to dynamic layers structureArmin Kuster2022-05-1434-0/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* fscrypt: add distro_check on pamArmin Kuster2022-05-141-5/+7
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Add EROFS support to dm-verity-img classJosh Harley2022-05-011-2/+2
| | | | | | | | | | | | | | | | | [PATCH] Add support for the EROFS image, and it's compressed options, to the dm-verity-img.bbclass setup, theoretically this is a simple addition to the list of types however there is a quirk in how Poky handles the filesystems in poky/meta/classes/image_types.bbclass. Specifically the 'IMAGE_CMD' and 'IMAGE_FSTYPES' use a hyphen, e.g. erofs-lz4, however in the image_type bbclass the task for that would be "do_image_erofs_lz4", replacing the hyphen with an underscore. As the dm-verity-img.bbclass adds a dependency to the wic image creation on the do_image_* task then it fails as there is no "do_image_erofs-lz4", so simply replace the hypen with an underscore. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* LICENSE: update to SPDX standard namesJoe Slater2022-04-1320-20/+20
| | | | | | | Use convert-spdx-licenses.py to update LICENSE in recipes. Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* samhain.inc: Correct LICENSE to GPL-2.0-onlyRanjitsinh Rathod2022-04-131-1/+1
| | | | | | | | | It seems below change done manually and so LICENSE variable modified from GPLv2 to GPL-2.0-or-later. But it should be GPL-2.0-only Link: https://git.yoctoproject.org/meta-security/commit/?id=c56ae450c93a1383a1ce800a32a6ef2c3fbbae1c Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-pkcs11: update to 1.8.0Petr Gotthard2022-04-135-1498/+7
| | | | | | | | | The build patches are now included in the upstream, the local binary checkes can be disabled with --disable-ptool-checks, the boostrap doesn't need to be called if the release .tar.gz is used. Signed-off-by: Petr Gotthard <petr.gotthard@advantech.cz> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-tss-engine: fix version string and build with openssl 3.0Petr Gotthard2022-04-131-6/+13
| | | | | | | | | | | Calling autoreconf outside git repo causes the version number to be null. This patch makes the version number fixed. Since Yocto now uses OpenSSL 3.0, the file packaging need to be updated. Signed-off-by: Petr Gotthard <petr.gotthard@advantech.cz> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-abrmd: update to 2.4.1Petr Gotthard2022-04-131-4/+2
| | | | | | | | The version number is correctly assigned only when the release .tar.gz is used. Signed-off-by: Petr Gotthard <petr.gotthard@advantech.cz> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-tss: update to 3.2.0Petr Gotthard2022-04-134-377/+22
| | | | | | | | | This deletes the patches that were unused for a long time, updates the tpm2-tss package and introduces a fix to the version number problem that got introduced with the 3.2.0 version. Signed-off-by: Petr Gotthard <petr.gotthard@advantech.cz> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-openssl: update to 1.1.0Petr Gotthard2022-04-132-11/+19
| | | | | | | | | | | | | Also, the recipe is fixed to correctly package the openssl provider. This new tpm2-openssl: - Fixed segmentation fault when a signature algorithm is beging initialized without a private key. - Fixed RSA/EC key equality checks. Works with OpenSSL 3.0.1. - Added support for the `TPM2OPENSSL_PARENT_AUTH` environment variable. Signed-off-by: Petr Gotthard <petr.gotthard@advantech.cz> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-tools: fix missing version numberPetr Gotthard2022-04-131-0/+5
| | | | | | | | Calling autoreconf outside git repo causes the version number to be null. This patch makes the version number fixed. Signed-off-by: Petr Gotthard <petr.gotthard@advantech.cz> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Upgrade parsec-service to 1.0.0 and parsec-tool to 0.5.2Anton Antonov2022-04-137-344/+351
| | | | | Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* fscrypt: update dependecy from go-dep-native to go-nativeDavide Gardenal2022-04-071-1/+1
| | | | | Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* clamav: add COMPATIBLE_HOST to fix build errorDavide Gardenal2022-04-071-0/+2
| | | | | | | | Add COMPATIBLE_HOST to match what is found in glibc to avoid build error when using musl Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* samhain: update to 4.4.7Armin Kuster2022-04-071-2/+2
| | | | | | This fixes musl builds too. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* linux-yocto_security.inc: add lkrg kfragsArmin Kuster2022-04-073-0/+12
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* lkrg-module: covert to git fetcherArmin Kuster2022-04-072-8/+8
| | | | | | | | This allows to track tip easier. refresh patch Fix LICENSE to match SPDX format Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-fail2ban: fix compile issue on some hostsArmin Kuster2022-04-021-0/+7
| | | | | | | | | | Use python3-native to use 2to3 Fix build issue on some hosts with this error: (result, consumed) = self._buffer_decode(data, self.errors, final) | UnicodeDecodeError: 'utf-8' codec can't decode byte 0xd8 in position 152: invalid continuation byte Signed-off-by: Armin Kuster <akuster808@gmail.com>
* LICENSE: adopt SPDX standard namesRobert Yang2022-04-022-2/+2
| | | | | | | Modify LICENSE for ding-libs and libmhash. Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-security : Use SPDX style licensing formatAshish Sharma2022-04-028-8/+8
| | | | | | | | | | | | | | WARNING: selinux-sandbox-3.3-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2+ [obsolete-license] \ WARNING: selinux-gui-3.3-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2+ [obsolete-license] \ WARNING: semodule-utils-3.3-r0.1 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2+ [obsolete-license] \ WARNING: selinux-dbus-3.3-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2+ [obsolete-license] \ WARNING: libwhisker2-perl-2.5-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPL-1.0+ [obsolete-license] \ WARNING: lib-perl-0.63-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPL-1.0+ [obsolete-license] \ WARNING: libhtp-0.5.39-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2 [obsolete-license] \ ... Signed-off-by: Ashish Sharma <asharma@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap-daemon: use renamaed python_setuptools_build_metaArmin Kuster2022-04-021-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* kas-security-alt: drop rust layerArmin Kuster2022-03-131-5/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-privacyidea: drop old package ref.Armin Kuster2022-03-131-1/+1
| | | | | | | | | meta-python dropped package via commit: 620689d4efba28bc8dd60e2d82908bfb3531fbd0 python3-backports-functional-lru-cache: remove, not needed for Python 3 Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Subject: [PATCH] Subject: python3-fail2ban: switch to legacy setuptools3Ashish Sharma2022-03-111-1/+1
| | | | | | | | | | | raise InvalidWheelFilename(f"{filename} is not a valid wheel filename.") pip._internal.exceptions.InvalidWheelFilename: fail2ban-*-*.whl is not a valid wheel filename. Removed build tracker: '/tmp/pip-req-tracker-qnepnk46' ERROR: Failed to pip install wheel. Check the logs. Signed-off-by: Ashish Sharma <asharma@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-fail2ban: fix SPDX license.Armin Kuster2022-03-111-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-tss: fix user permsArmin Kuster2022-03-111-5/+4
| | | | | | [Yocto #14724] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm-tools: Fix pod2man raceArmin Kuster2022-03-111-1/+1
| | | | | | On some systems, pod2man is not available so add native depends. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ima-evm-keys: don't use lnrArmin Kuster2022-03-111-1/+1
| | | | | | | | | | | | lnr is a script in oe-core that creates relative symlinks, with the same behaviour as `ln --relative --symlink`. It was added back in 2014[1] as not all of the supported host distributions at the time shipped coreutils 8.16, the first release with --relative. However the oldest coreutils release in the supported distributions is now 8.22 in CentOS 7, so lnr can be deprecated and users switched to ln. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libtpm: update to 0.9.2Armin Kuster2022-03-111-2/+2
| | | | | | includes: CVE-2021-3623 Signed-off-by: Armin Kuster <akuster808@gmail.com>