summaryrefslogtreecommitdiffstats
path: root/recipes-compliance
Commit message (Collapse)AuthorAgeFilesLines
* scap-security-guide: upgrade 0.1.73 -> 0.1.74Yi Zhao2024-08-201-1/+1
| | | | | | | | ChangeLog: https://github.com/ComplianceAsCode/content/releases/tag/v0.1.74 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap: upgrade 1.3.10 -> 1.4.0Yi Zhao2024-08-201-3/+3
| | | | | | | | ChangeLog: https://github.com/OpenSCAP/openscap/releases/tag/1.4.0 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* recipes-*: convert WORKDIR->UNPACKDIRArmin Kuster2024-07-293-4/+4
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap: fix PACKAGECONFIG[remediate_service]Yi Zhao2024-07-012-11/+34
| | | | | | | | | | * Fix typo: remdediate_service -> remediate_service * No need to manually install oscap-remediate.service, as it is already installed when ENABLE_OSCAP_REMEDIATE_SERVICE=ON is set. * Add a patch to fix installation directory for systemd service file. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: WORKDIR -> UNPACKDIRChangqing Li2024-06-171-1/+1
| | | | | Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: upgrade 0.1.72 -> 0.1.73Yi Zhao2024-06-171-1/+1
| | | | | | | | ChangeLog: https://github.com/ComplianceAsCode/content/releases/tag/v0.1.73 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: upgrade 0.1.71 -> 0.1.72Yi Zhao2024-05-081-1/+1
| | | | | | | | ChangeLog: https://github.com/ComplianceAsCode/content/releases/tag/v0.1.72 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap: upgrade 1.3.9 -> 1.3.10Yi Zhao2024-05-081-1/+1
| | | | | | | | ChangeLog: https://github.com/OpenSCAP/openscap/releases/tag/1.3.10 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: remove __pycache__ in ptest directoryYi Zhao2024-05-081-0/+5
| | | | | | | | | | | | Remove __pycache__ directories as they contain references to TMPDIR. Fix QA warnings: WARNING: scap-security-guide-0.1.71-r0 do_package_qa: QA Issue: File /usr/lib64/scap-security-guide/ptest/git/utils/_pycache_/gen_reference_table.cpython-312.pyc in package scap-security-guide-ptest contains reference to TMPDIR Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* lynis: upgrade 3.0.9 -> 3.1.1Wang Mingyu2024-04-222-55/+2
| | | | | | | | 0001-osdetection-add-OpenEmbedded-and-Poky.patch removed since it's included in 3.1.1. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap: update to tip to fix new build issue.Armin Kuster2024-03-272-62/+3
| | | | | | drop patch now included. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* lynis: Add missing runtime dependenciesBELOUARGA Mohamed2024-02-201-1/+1
| | | | | | | | Lynis tool needs ip, ss, tr and netstat. If they are missing Lynis skips some important audit tests. Signed-off-by: BELOUARGA Mohamed <m.belouarga@technologyandstrategy.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap: fix build with python 3.12Yi Zhao2024-02-202-1/+60
| | | | | | | | | | | | | | Backport a patch to fix build with python 3.12: $ bitbake openscap-native Traceback (most recent call last): File "<string>", line 1, in <module> ModuleNotFoundError: No module named 'distutils' CMake Error at swig/python3/CMakeLists.txt:35 (install): install TARGETS given no LIBRARY DESTINATION for module target "_openscap_py". Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: update to 0.1.71Armin Kuster2024-01-281-3/+3
| | | | | | change branch name to stable. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* lynis: Update SRC_URI to improve updaterArmin Kuster2023-12-291-1/+3
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: Drop Poky patch and update to tipArmin Kuster2023-09-252-76/+1
| | | | | | The Poky patch has been accepted. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* lynis: Update to 3.0.9Armin Kuster2023-09-251-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap: update to 1.3.9Armin Kuster2023-09-252-41/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: update to 0.1.69+Armin Kuster2023-09-082-391/+2
| | | | | | | | Update to tip of branch Drop 0001-scap-security-guide-add-openembedded-distro-support.patch is now included in tip Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: pass the correct cpe/schemas/xsl paths to oscapYi Zhao2023-09-081-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There is a build error when using openscap-native sstate cache mirror. Steps to reproduce: Create a new build project in build-1 directory. $ bitbake openscap-native Then remove all directories in build-1 directory except sstate-cache. Use the sstate-cache directory as sstate mirror. Create another new build project in build-2 directory. Set SSATE_MIRRORS to point to the sstate-cache in build-1 directory. $ bitbake scap-security-guide Error message: OpenSCAP Error: Schema file 'sds/1.3/scap-source-data-stream_1.3.xsd' not found in path '/build-1/tmp-glibc/work-shared/openscap/oscap-build-artifacts/usr/share/openscap/schemas' when trying to validate '/build-2/tmp-glibc/work/corei7-64-wrs-linux/scap-security-guide/0.1.67/build/ssg-openembedded-ds.xml' [/build-1/tmp-glibc/work/x86_64-linux/openscap-native/1.3.8/git/src/source/validate.c:103] The oscap command from openscap-native tries to find the schema files in build-1 directory since these paths are hardcoded when building openscap-native. We need to pass the correct cpe/schemas/xsl paths to oscap to make sure it can find the files in right location. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: enable ptestArmin Kuster2023-07-312-1/+53
| | | | | | | | | This add the basic framework to allow the test suite to run. It takes a very long time so it my not be practical to run in some cases (days in my case). The ptest log format has not been verified. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap: fix buildpaths issueKai Kang2023-07-312-1/+41
| | | | | | | | | | | | | | | | Variables PREFERRED_PYTHON_PATH and PYTHON3_PATH are set with ${PYTHON_EXECUTABLE}. For cross compile, ${PYTHON_EXECUTABLE} may point to other path rather than standard dir such as /usr/bin. Then the generated library file contains such path which should NOT. Update to make variables PREFERRED_PYTHON_PATH and PYTHON3_PATH configurable to fix buildpaths issue: | WARNING: openscap-1.3.7-r0 do_package_qa: QA Issue: File | /usr/lib/libopenscap.so.25.5.1 in package openscap contains reference | to TMPDIR [buildpaths] Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: refactor patchesArmin Kuster2023-07-314-307/+215
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* *.patch: fix malformed Upstream-Status and SOB linesMartin Jansa2023-06-251-0/+1
| | | | | | | | | | | | | | | | | | | | | | * as reported by openembedded-core/scripts/contrib/patchreview.py -v . Malformed Signed-off-by 'Signed-Off-By:' (./recipes-mac/AppArmor/files/crosscompile_perl_bindings.patch) Malformed Signed-off-by 'Signed-Off-By:' (./recipes-mac/AppArmor/files/disable_perl_h_check.patch) Missing Upstream-Status tag (./recipes-compliance/scap-security-guide/files/0001-standard.profile-expand-checks.patch) Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-ids/samhain/files/samhain-not-run-ptest-on-host.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-ids/samhain/files/samhain-pid-path.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-ids/suricata/files/fixup.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-scanners/clamav/files/fix2_libcurl_check.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-security/ecryptfs-utils/files/ecryptfs-utils-CVE-2016-6224.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-security/isic/files/configure_fix.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-security/krill/files/panic_workaround.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-security/opendnssec/files/libdns_conf_fix.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-security/opendnssec/files/libxml2_conf.patch Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap: update to 1.3.8Armin Kuster2023-06-251-4/+9
| | | | | | Remediate service is now off by default. Only include if needed. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: Does not build for muslArmin Kuster2023-06-251-0/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: add Upstream-StatusArmin Kuster2023-06-251-0/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: Add PokyArmin Kuster2023-06-252-0/+92
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: bump the number of test that passArmin Kuster2023-06-253-2/+241
| | | | | | | Add a eval script. Lets see how many checks pass out of the box Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap: Update to tip to get OE/Poky supportArmin Kuster2023-06-253-212/+2
| | | | | | Drop changes now in upstream. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: add OE supportArmin Kuster2023-06-202-9/+235
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap: add support for OpenEmbedded nodistro and PokyArmin Kuster2023-06-203-2/+215
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap: move to main meta-security layerArmin Kuster2023-06-202-0/+106
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* lynis: move to main meta-security layerArmin Kuster2023-06-202-0/+93
Signed-off-by: Armin Kuster <akuster808@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-08-05 13:35:41 +0000