summaryrefslogtreecommitdiffstats
path: root/recipes-core
Commit message (Collapse)AuthorAgeFilesLines
* packagegroup-core-security: drop firejail for muslArmin Kuster2025-01-061-1/+1
| | | | | | | appears to be a known issue: https://bugs.gentoo.org/937374 Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dm-verity-image-initramfs: drop lvm2-udevrulesYi Zhao2024-11-241-1/+1
| | | | | | | | | | Drop lvm2-udevrules as it has been removed in meta-openembedded commit[1]. [1] https://git.openembedded.org/meta-openembedded/commit/?h=master&id=c37c867e1adddd6fa39cf3f3d4c6688ea6dc825a Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* recipes: WORKDIR -> UNPACKDIR transitionChangqing Li2024-06-171-1/+1
| | | | | | | | | * WORKDIR -> UNPACKDIR transition * Switch away from S = WORKDIR Signed-off-by: Changqing Li <changqing.li@windriver.com> [Fixed up the smack changes due to prior patch] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: update libseccomp dependenciesMarta Rybczynska2024-05-081-1/+1
| | | | | | | | | | | libseccomp requires DISTRO_FEATURE seccomp enabled. This one is automatically removed for riscv, so we do not need to add an additional condition. This change is necessary for cve-check on world with meta-security Signed-off-by: Marta Rybczynska <marta.rybczynska@syslinbit.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dm-verity-image-initramfs: Set IMAGE_NAME_SUFFIX to emptyKevin Hao2024-03-271-0/+2
| | | | | | | | | | | | | | | According to the Yocto reference manual [1], the IMAGE_NAME_SUFFIX should be set to empty for the initramfs image. Otherwise, we may incur a build error like following due to the initrd check in live-vm-common.bbclass: ERROR: core-image-minimal-1.0-r0 do_bootimg: build-test/tmp/deploy/images/genericx86-64/dm-verity-image-initramfs-genericx86-64.cpio.gz is invalid. initrd image creation failed. ERROR: core-image-minimal-1.0-r0 do_bootimg: ExecutionError('build-test/tmp/work/genericx86_64-poky-linux/core-image-minimal/1.0/temp/run.build_hddimg.1961965', 1, None, None) ERROR: Logfile of failure stored in: build-test/tmp/work/genericx86_64-poky-linux/core-image-minimal/1.0/temp/log.do_bootimg.1961965 ERROR: Task (poky/meta/recipes-core/images/core-image-minimal.bb:do_bootimg) failed with exit code '1' [1] https://docs.yoctoproject.org/ref-manual/variables.html#term-IMAGE_NAME_SUFFIX Signed-off-by: Kevin Hao <kexin.hao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dm-verity-image-initramfs: Allow compressed image typesWurm, Stephan2023-08-061-1/+8
| | | | | | | | | | Using <DM_VERITY_IMAGE_TYPE> in the depends variable does not work for compressed image types like squashfs-zst, as the resulting task dependency still contains the incompatible dash. Replacing the dash by an underscore resolves this issue. Signed-off-by: Stephan Wurm <stephan.wurm@a-eberle.de> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: only include firejail x86-64 and arch64Armin Kuster2023-07-311-4/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* qemu: move qemu setting to image and out of layer.confArmin Kuster2023-07-311-0/+5
| | | | | | I suspect its better form to have these in the image definition. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: add os-releaseArmin Kuster2023-06-251-0/+4
| | | | | | | | Exclude openscap and scap-security-guide if musl Fix RDEPENDS list to include compliance packages. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dm-verity: hook separate hash into initramfs frameworkPaul Gortmaker2023-06-251-0/+29
| | | | | | | | | | | | | | | | | The prior commits create the separate hash so now it is time to update the initramfs framework so that veritysetup, which is responsible for binding the data and hash, is aware of when separate hash is in use, and can react accordingly. The added code follows the existing appended hash code style, but is considerably smaller because it doesn't have the large case statement that supports all possible identification schemes (label, UUID, ...). With the root hash split in two to create the respective partition UUIDs, we know exactly how to identify it, and the UUIDs used. Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: add compliance pkg groupArmin Kuster2023-06-201-0/+8
| | | | | | | | Signed-off-by: Armin Kuster <akuster808@gmail.com> --- v2] Missed to include trailing \
* dmverity: Suppress the realpath errorsKevin Hao2023-06-111-7/+7
| | | | | | | | | | | | | If we use a non PARTUUID root parameter, we would always get a error like below: realpath: /dev/disk/by-partuuid//dev/mmcblk0p2: No such file or directory This seems pretty confusion and it also seems no need to emit this kind of error when we are waiting for the root device. So suppress all the realpath errors. Signed-off-by: Kevin Hao <kexin.hao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: refactor the inclusion of krillArmin Kuster2023-03-221-6/+6
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-security: Add recipe for GlomeJohn Edward Broadbent2022-08-121-0/+1
| | | | | | | | Generic Low Overhead Message Exchange (GLOME) is a protocol providing secure authentication and authorization for low dependency environments. Signed-off-by: John Edward Broadbent <jebr@google.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: add pkg to grpArmin Kuster2022-08-121-0/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: add space for appendsArmin Kuster2022-08-061-2/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: remove krill for some archsArmin Kuster2022-08-021-1/+4
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: add chipsec pkg to grpArmin Kuster2022-08-021-0/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: add krill to pkg grpsArmin Kuster2022-08-021-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security.bb: add bubblewrap to pkg grpArmin Kuster2022-07-301-0/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* security-build-image: add lkrg-module to build imageArmin Kuster2022-06-231-0/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: skip mips firejailArmin Kuster2022-06-231-0/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* security-test-image: add firejail and aide test suitesArmin Kuster2022-06-231-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: add firejailArmin Kuster2022-06-231-0/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* security-test-image: auto include layers if present.Armin Kuster2022-06-181-1/+10
| | | | | | | This is to simplify tesing to build one image and include pkgs depending on the layers included in the BBLAYERS. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: drop sssdArmin Kuster2022-06-181-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: don't include aprwatch for muslArmin Kuster2022-06-071-0/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: drop arpwatch for riscv from pkg grpArmin Kuster2022-06-071-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: add arpwatch and chkrootkit to pkg grpArmin Kuster2022-06-071-0/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security.bb: fix suricata inclusionArmin Kuster2022-05-141-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: remove pkgsArmin Kuster2022-05-141-12/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libest: does not build with openssl 3.xArmin Kuster2021-12-251-1/+0
| | | | | | blacklist for now. Remove from pkg grp Signed-off-by: Armin Kuster <akuster808@gmail.com>
* opendnssec: blacklist do to ldns being blacklistedArmin Kuster2021-10-241-1/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dmverity: Make use of DATA_BLOCK_SIZE variable in initrdscript.Christer Fletcher2021-09-281-1/+2
| | | | | | | | | DATA_BLOCK_SIZE variable was set in dm-verity-img.bbclass at build time but the initrdscript was not updated to pass the DATA_BLOCK_SIZE to the veritysetup. Now the functionality is complete. Signed-off-by: Paulo Neves <paulo.neves1@inter.ikea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security.bb: only include suricat-ptest if rust is includedArmin Kuster2021-08-011-2/+13
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-security: Convert to new override syntaxArmin Kuster2021-08-012-24/+24
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security.bb: fix suricat-ptest inclusionArmin Kuster2021-07-281-2/+1
| | | | | | drop libseccomp ptest Signed-off-by: Armin Kuster <akuster808@gmail.com>
* initramfs-framework: rename files dirArmin Kuster2021-06-292-1/+1
| | | | | | | Fixes: ERROR: initramfs-framework-1.0-r4 do_fetch: Fetcher failure for URL: 'file://dmverity'. Unable to fetch URL from any source. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: add sshguardArmin Kuster2021-06-291-0/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* initramfs-framework: fix typo in conditionalArmin Kuster2021-06-291-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: drop python3-scapyArmin Kuster2021-06-051-2/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* initramfs-framework: fix YCL issue.Armin Kuster2021-06-052-16/+17
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* busybox: drop as libsecomp is in coreArmin Kuster2021-06-053-5/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: exclude ossec-hids from muslArmin Kuster2021-06-051-0/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: add clamav-daemonArmin Kuster2021-05-161-2/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: add aide and ossecArmin Kuster2021-05-161-0/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: fix typo for mipsArmin Kuster2021-05-161-2/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tripwire: Blacklist pkg, upstream seems abandondArmin Kuster2021-05-161-2/+0
| | | | | | | Last update was 2018. Does not build with gcc11. There are other actively maintained IDS options. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: exclude apparmor in mips64Armin Kuster2021-04-191-0/+3
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: drop clamav-cvdArmin Kuster2021-04-021-2/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-06-30 00:38:07 +0000