summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* opendnssec: upgrade 2.1.8 -> 2.1.9Upgrade Helper2021-06-051-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* clamav: upgrade to latest revisionUpgrade Helper2021-06-051-2/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: add clamav-daemonArmin Kuster2021-05-161-2/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* clamav: fix systemd startupArmin Kuster2021-05-162-21/+48
| | | | | | cleanup recipe Signed-off-by: Armin Kuster <akuster808@gmail.com>
* .gitlab-ci: drop clean up combine alt w baseArmin Kuster2021-05-161-73/+4
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: add aide and ossecArmin Kuster2021-05-161-0/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* aide: Add another idsArmin Kuster2021-05-162-0/+135
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Apparmor: fix multi config build issue.Armin Kuster2021-05-161-1/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: fix typo for mipsArmin Kuster2021-05-161-2/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ibmtpm2tss: update to tipArmin Kuster2021-05-161-1/+3
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ibmswtpm2: update to 1661Armin Kuster2021-05-162-33/+4
| | | | | | Drop patch now included in updated Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: 4.1.x add UPSTREAM_CHECK_URIArmin Kuster2021-05-161-0/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-scapy: add UPSTREAM_CHECK_COMMITSArmin Kuster2021-05-161-0/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ossec-hids: add UPSTREAM_CHECK_COMMITSArmin Kuster2021-05-161-0/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* clamav: update to tip.Armin Kuster2021-05-161-1/+4
| | | | | | Add UPSTEAM_CHECK Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-pkcs11: Update to 1.6.0Armin Kuster2021-05-162-8/+314
| | | | | | | | Includes gcc11 fix. Added p11-kit Minor cleanup Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tripwire: Blacklist pkg, upstream seems abandondArmin Kuster2021-05-162-2/+2
| | | | | | | Last update was 2018. Does not build with gcc11. There are other actively maintained IDS options. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* build cleanup: add iam to base dependArmin Kuster2021-05-165-80/+120
| | | | | | | Drop *.ima.yml Try next Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libseccomp: drop recipe. In core nowArmin Kuster2021-04-262-51/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ossec-hids: add new pkgArmin Kuster2021-04-263-0/+449
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* kas-security-base: fix feature namespace for tpm*Armin Kuster2021-04-201-1/+2
| | | | | | They are MACHINE not DISTRO FEATURES Signed-off-by: Armin Kuster <akuster808@gmail.com>
* .gitlab-ci: use kas shell in some cases.Armin Kuster2021-04-201-5/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: exclude apparmor in mips64Armin Kuster2021-04-191-0/+3
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* kas: cleanup some kas filesArmin Kuster2021-04-192-10/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* gitlab-ci: add new before scriptArmin Kuster2021-04-191-11/+20
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* gitlab-ci: cleanup after_scriptArmin Kuster2021-04-191-36/+15
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* .gitlab-ci: work on pipelimeArmin Kuster2021-04-191-21/+76
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* gitlab-ci: move tpm buildArmin Kuster2021-04-191-11/+3
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* *-tpm.yml: drop tpms jobsArmin Kuster2021-04-193-30/+0
| | | | | | way too many jobs. TPM have there own images, use that Signed-off-by: Armin Kuster <akuster808@gmail.com>
* kas-security-base: Move some DISTRO_FEATURES aroundArmin Kuster2021-04-192-1/+2
| | | | | | Move FEATURES that affect kernel configuation to minimize rebuilds Signed-off-by: Armin Kuster <akuster808@gmail.com>
* gitlab-ci: Move all parsec builds into a separate jobAnton Antonov2021-04-171-5/+9
| | | | | Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* lkrg-module: Add Linux Kernel Runtime GuardArmin Kuster2021-04-142-0/+106
| | | | | | | | | | | | | | | | | | For more info see: https://github.com/openwall/lkrg Add to local.conf: IMAGE_INSTALL_append = " kernel-module-lkrg" Need these kconfig options enabled: CONFIG_KALLSYMS_ALL=y CONFIG_JUMP_LABEL=y CONFIG_DEBUG_KERNEL=y To invoke module: sudo insmod {path-to-modules}/p_lkrg.ko kint_enforce=1 Signed-off-by: Armin Kuster <akuster808@gmail.com>
* clamav: remove rest of mirror.dat refArmin Kuster2021-04-141-4/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Clearly define clang toolchain in Parsec recipesAnton Antonov2021-04-142-4/+3
| | | | | Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* gitlab-ci: fine tune orderArmin Kuster2021-04-141-6/+6
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* kas-security-base.yml: tweek build varsArmin Kuster2021-04-121-1/+1
| | | | | | add meta-filesystems Signed-off-by: Armin Kuster <akuster808@gmail.com>
* .gitlab-ci.yml: reorder to speed up buildsArmin Kuster2021-04-121-80/+31
| | | | | | Also clean up extra spaces Signed-off-by: Armin Kuster <akuster808@gmail.com>
* initramfs-framework-ima: introduce IMA_FORCEMing Liu2021-04-122-2/+12
| | | | | | | | | | | | | | Introduce IMA_FORCE to allow the IMA policy be applied forcely even 'no_ima' boot parameter is available. This ensures the end users have a way to disable 'no_ima' support if they want to, because it may expose a security risk if an attacker can find a way to change kernel arguments, it will easily bypass rootfs authenticity checks. Signed-off-by: Sergio Prado <sergio.prado@toradex.com> Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Define secure images with parsec-service and parsec-tool included and add ↵Anton Antonov2021-04-127-0/+76
| | | | | | | the images into gitlab CI Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Add meta-parsec layer into meta-security.Anton Antonov2021-04-1210-0/+661
| | | | | | | The layer contains recipes for Parsec service version 0.7.0 and parsec-tool version 0.3.0. The Parsec service is built with all supported providers and deployed with the MbedCrypto provider enabled. Both systemd and sysv-init are supported. Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* README: cleanupArmin Kuster2021-04-121-12/+15
| | | | | | Add note about rust. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* layer.conf: add dynamic-layer for rust pkgArmin Kuster2021-04-121-0/+4
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: update to 6.0.2Armin Kuster2021-04-129-0/+1613
| | | | | | needs rust Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Use libest "main" branch instead of "master".Anton Antonov2021-04-121-1/+1
| | | | | | | | | | | This patch fixes the issue: WARNING: libest-3.2.0-r0 do_fetch: Failed to fetch URL git://github.com/cisco/libest, attempting MIRRORS if available ERROR: libest-3.2.0-r0 do_fetch: Fetcher failure: Unable to find revision 4ca02c6d7540f2b1bcea278a4fbe373daac7103b in branch master even from upstream ERROR: libest-3.2.0-r0 do_fetch: Fetcher failure for URL: 'git://github.com/cisco/libest'. Unable to fetch URL from any source. Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-suricata-update: update to 1.2.1Armin Kuster2021-04-121-3/+5
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* swtpm: fix check for tscd deamon on hostArmin Kuster2021-04-122-0/+66
| | | | | | Found a few places that tscd check was trying to run the hosts. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* swtpm: file pip3 issueArmin Kuster2021-04-021-3/+3
| | | | | | | | | | | need native pip3, was using host's Signed-off-by: Armin Kuster <akuster808@gmail.com> -- V2] add python3-cryptography-native to DEPENDS forgot to add changes.
* swtpm: now need python-cryptography, pull in layerArmin Kuster2021-04-021-0/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* clamav: fix systemd service installArmin Kuster2021-04-021-1/+4
| | | | | | | | ERROR: clamav-0.104.0-r0 do_package: QA Issue: clamav: Files/directories were installed but not shipped in any package: /lib/systemd/system/clamav-daemon.service /lib/systemd/system/clamav-clamonacc.service Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-privacyidea: upgrade 3.5.1 -> 3.5.2Armin Kuster2021-04-021-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-08-13 19:43:40 +0000