summaryrefslogtreecommitdiffstats
path: root/recipes-compliance
Commit message (Collapse)AuthorAgeFilesLines
* scap-security-guide: disable ptestYi Zhao5 days2-58/+1
| | | | | | | | | | | | | | | | | | | | | | | | | Enabling ptest will significantly increase build time. Additionally, since the ptest distro_feature is enabled by default in poky distro, build time can be very long, which is annoying. On my build host: Enable ptest: $ time build scap-security-guide real 219m54.529s user 0m49.040s sys 0m1.304s Disable ptest: $ time build scap-security-guide real 1m25.222s user 0m3.306s sys 0m0.166s Since no one cares about this ptest and no one fixes the test failures. Let's disable it. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Scott Murray <scott.murray@konsulko.com>
* scap-security-guide: upgrade 0.1.76 -> 0.1.77Scott Murray5 days1-1/+1
| | | | | | | | | | Update to latest version to pick up fixes required for building with CMake 4.0. ChangeLog: https://github.com/ComplianceAsCode/content/releases/tag/v0.1.77 Signed-off-by: Scott Murray <scott.murray@konsulko.com>
* scap-security-guide: fix fetchMarta Rybczynska2025-07-041-1/+1
| | | | | | | | | | | | | | | The project does not use release branches; their release model currently rebases the stable branch each release and relies on the release tags to keep the commits referenced. Until their release model changes, just use the release commit with nobranch. See upstream issue [1] for details. [1] https://github.com/ComplianceAsCode/content/issues/13543 Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com> [tweaked commit message] Signed-off-by: Scott Murray <scott.murray@konsulko.com>
* Adapt to S/UNPACKDIR changesScott Murray2025-07-042-3/+0
| | | | | | | Remove or update S definitions as required to work with oe-core S/UNPACKDIR changes. Signed-off-by: Scott Murray <scott.murray@konsulko.com>
* Fix warning : lack of whitespace around assignmentJ. S.2025-07-041-3/+3
| | | | | | | | | v2 : also fix some typos while we are here. v3 : add fixes for isic and checksecurity Signed-off-by: Jason Schonberg <schonm@gmail.com> [removed already applied change] Signed-off-by: Scott Murray <scott.murray@konsulko.com>
* scap-security-guide: upgrade 0.1.75 -> 0.1.76Yi Zhao2025-04-131-1/+1
| | | | | | | | ChangeLog: https://github.com/ComplianceAsCode/content/releases/tag/v0.1.76 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: upgrade 0.1.74 -> 0.1.75Yi Zhao2025-03-121-1/+1
| | | | | | | | ChangeLog: https://github.com/ComplianceAsCode/content/releases/tag/v0.1.75 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap: upgrade 1.4.0 -> 1.4.1Yi Zhao2025-03-121-1/+1
| | | | | | | | | | | | | | | | | | | | | ChangeLog: https://github.com/OpenSCAP/openscap/releases/tag/1.4.1 * Introduce "oscap-im" - script that can be used in Containerfiles to build hardened bootable container images to run as Image Mode Operating System * Add support for containers with no entrypoint/cmd in "oscap-docker" * Stop printing useless component reference information in "oscap info" * Fix missing declaration of PATH_MAX on Solaris * Fix RPM database path in RPM probes (RHEL-55251, #2151) * Fix issues reported by OpenScanHub after 1.4.0 release * Fix failing test probes/filehash58/test_probes_filehash58.sh on s390x architecture * Ensure xlink namespace exists (RHEL-34104) * Minor fixes in test suite and CI Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* lynis: update to 3.1.4Armin Kuster2025-02-021-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: drop python pkgsArmin Kuster2024-12-221-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: upgrade 0.1.73 -> 0.1.74Yi Zhao2024-08-201-1/+1
| | | | | | | | ChangeLog: https://github.com/ComplianceAsCode/content/releases/tag/v0.1.74 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap: upgrade 1.3.10 -> 1.4.0Yi Zhao2024-08-201-3/+3
| | | | | | | | ChangeLog: https://github.com/OpenSCAP/openscap/releases/tag/1.4.0 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* recipes-*: convert WORKDIR->UNPACKDIRArmin Kuster2024-07-293-4/+4
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap: fix PACKAGECONFIG[remediate_service]Yi Zhao2024-07-012-11/+34
| | | | | | | | | | * Fix typo: remdediate_service -> remediate_service * No need to manually install oscap-remediate.service, as it is already installed when ENABLE_OSCAP_REMEDIATE_SERVICE=ON is set. * Add a patch to fix installation directory for systemd service file. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: WORKDIR -> UNPACKDIRChangqing Li2024-06-171-1/+1
| | | | | Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: upgrade 0.1.72 -> 0.1.73Yi Zhao2024-06-171-1/+1
| | | | | | | | ChangeLog: https://github.com/ComplianceAsCode/content/releases/tag/v0.1.73 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: upgrade 0.1.71 -> 0.1.72Yi Zhao2024-05-081-1/+1
| | | | | | | | ChangeLog: https://github.com/ComplianceAsCode/content/releases/tag/v0.1.72 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap: upgrade 1.3.9 -> 1.3.10Yi Zhao2024-05-081-1/+1
| | | | | | | | ChangeLog: https://github.com/OpenSCAP/openscap/releases/tag/1.3.10 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: remove __pycache__ in ptest directoryYi Zhao2024-05-081-0/+5
| | | | | | | | | | | | Remove __pycache__ directories as they contain references to TMPDIR. Fix QA warnings: WARNING: scap-security-guide-0.1.71-r0 do_package_qa: QA Issue: File /usr/lib64/scap-security-guide/ptest/git/utils/_pycache_/gen_reference_table.cpython-312.pyc in package scap-security-guide-ptest contains reference to TMPDIR Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* lynis: upgrade 3.0.9 -> 3.1.1Wang Mingyu2024-04-222-55/+2
| | | | | | | | 0001-osdetection-add-OpenEmbedded-and-Poky.patch removed since it's included in 3.1.1. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap: update to tip to fix new build issue.Armin Kuster2024-03-272-62/+3
| | | | | | drop patch now included. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* lynis: Add missing runtime dependenciesBELOUARGA Mohamed2024-02-201-1/+1
| | | | | | | | Lynis tool needs ip, ss, tr and netstat. If they are missing Lynis skips some important audit tests. Signed-off-by: BELOUARGA Mohamed <m.belouarga@technologyandstrategy.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap: fix build with python 3.12Yi Zhao2024-02-202-1/+60
| | | | | | | | | | | | | | Backport a patch to fix build with python 3.12: $ bitbake openscap-native Traceback (most recent call last): File "<string>", line 1, in <module> ModuleNotFoundError: No module named 'distutils' CMake Error at swig/python3/CMakeLists.txt:35 (install): install TARGETS given no LIBRARY DESTINATION for module target "_openscap_py". Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: update to 0.1.71Armin Kuster2024-01-281-3/+3
| | | | | | change branch name to stable. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* lynis: Update SRC_URI to improve updaterArmin Kuster2023-12-291-1/+3
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: Drop Poky patch and update to tipArmin Kuster2023-09-252-76/+1
| | | | | | The Poky patch has been accepted. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* lynis: Update to 3.0.9Armin Kuster2023-09-251-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap: update to 1.3.9Armin Kuster2023-09-252-41/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: update to 0.1.69+Armin Kuster2023-09-082-391/+2
| | | | | | | | Update to tip of branch Drop 0001-scap-security-guide-add-openembedded-distro-support.patch is now included in tip Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: pass the correct cpe/schemas/xsl paths to oscapYi Zhao2023-09-081-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There is a build error when using openscap-native sstate cache mirror. Steps to reproduce: Create a new build project in build-1 directory. $ bitbake openscap-native Then remove all directories in build-1 directory except sstate-cache. Use the sstate-cache directory as sstate mirror. Create another new build project in build-2 directory. Set SSATE_MIRRORS to point to the sstate-cache in build-1 directory. $ bitbake scap-security-guide Error message: OpenSCAP Error: Schema file 'sds/1.3/scap-source-data-stream_1.3.xsd' not found in path '/build-1/tmp-glibc/work-shared/openscap/oscap-build-artifacts/usr/share/openscap/schemas' when trying to validate '/build-2/tmp-glibc/work/corei7-64-wrs-linux/scap-security-guide/0.1.67/build/ssg-openembedded-ds.xml' [/build-1/tmp-glibc/work/x86_64-linux/openscap-native/1.3.8/git/src/source/validate.c:103] The oscap command from openscap-native tries to find the schema files in build-1 directory since these paths are hardcoded when building openscap-native. We need to pass the correct cpe/schemas/xsl paths to oscap to make sure it can find the files in right location. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: enable ptestArmin Kuster2023-07-312-1/+53
| | | | | | | | | This add the basic framework to allow the test suite to run. It takes a very long time so it my not be practical to run in some cases (days in my case). The ptest log format has not been verified. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap: fix buildpaths issueKai Kang2023-07-312-1/+41
| | | | | | | | | | | | | | | | Variables PREFERRED_PYTHON_PATH and PYTHON3_PATH are set with ${PYTHON_EXECUTABLE}. For cross compile, ${PYTHON_EXECUTABLE} may point to other path rather than standard dir such as /usr/bin. Then the generated library file contains such path which should NOT. Update to make variables PREFERRED_PYTHON_PATH and PYTHON3_PATH configurable to fix buildpaths issue: | WARNING: openscap-1.3.7-r0 do_package_qa: QA Issue: File | /usr/lib/libopenscap.so.25.5.1 in package openscap contains reference | to TMPDIR [buildpaths] Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: refactor patchesArmin Kuster2023-07-314-307/+215
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* *.patch: fix malformed Upstream-Status and SOB linesMartin Jansa2023-06-251-0/+1
| | | | | | | | | | | | | | | | | | | | | | * as reported by openembedded-core/scripts/contrib/patchreview.py -v . Malformed Signed-off-by 'Signed-Off-By:' (./recipes-mac/AppArmor/files/crosscompile_perl_bindings.patch) Malformed Signed-off-by 'Signed-Off-By:' (./recipes-mac/AppArmor/files/disable_perl_h_check.patch) Missing Upstream-Status tag (./recipes-compliance/scap-security-guide/files/0001-standard.profile-expand-checks.patch) Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-ids/samhain/files/samhain-not-run-ptest-on-host.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-ids/samhain/files/samhain-pid-path.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-ids/suricata/files/fixup.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-scanners/clamav/files/fix2_libcurl_check.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-security/ecryptfs-utils/files/ecryptfs-utils-CVE-2016-6224.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-security/isic/files/configure_fix.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-security/krill/files/panic_workaround.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-security/opendnssec/files/libdns_conf_fix.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-security/opendnssec/files/libxml2_conf.patch Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap: update to 1.3.8Armin Kuster2023-06-251-4/+9
| | | | | | Remediate service is now off by default. Only include if needed. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: Does not build for muslArmin Kuster2023-06-251-0/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: add Upstream-StatusArmin Kuster2023-06-251-0/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: Add PokyArmin Kuster2023-06-252-0/+92
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: bump the number of test that passArmin Kuster2023-06-253-2/+241
| | | | | | | Add a eval script. Lets see how many checks pass out of the box Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap: Update to tip to get OE/Poky supportArmin Kuster2023-06-253-212/+2
| | | | | | Drop changes now in upstream. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: add OE supportArmin Kuster2023-06-202-9/+235
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap: add support for OpenEmbedded nodistro and PokyArmin Kuster2023-06-203-2/+215
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap: move to main meta-security layerArmin Kuster2023-06-202-0/+106
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* lynis: move to main meta-security layerArmin Kuster2023-06-202-0/+93
Signed-off-by: Armin Kuster <akuster808@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-07-23 15:29:23 +0000