diff options
19 files changed, 374 insertions, 78 deletions
@@ -1,47 +1,22 @@ -This README file contains information on the contents of the -security layer. - -Please see the corresponding sections below for details. +Meta-security +============= +This layer provides security tools, hardening tools for Linux kernels +and libraries for implementing security mechanisms. Dependencies ============ This layer depends on: - URI: git://git.openembedded.org/bitbake - branch: master - - URI: git://git.openembedded.org/openembedded-core - layers: meta - branch: master - - URI: git://git.yoctoproject.org/xxxx - layers: xxxx + URI: git://git.yoctoproject.org/poky branch: master + revision: HEAD + prio: default - -Patches -======= - -Please submit any patches against the security layer to the -xxxx mailing list (xxxx@zzzz.org) and cc: the maintainer: - -Maintainer: XXX YYYYYY <xxx.yyyyyy@zzzzz.com> - - -Table of Contents -================= - - I. Adding the security layer to your build - II. Misc - - -I. Adding the security layer to your build +Adding the security layer to your build ================================================= ---- replace with specific instructions for the security layer --- - In order to use this layer, you need to make the build system aware of it. @@ -52,13 +27,11 @@ other layers needed. e.g.: BBLAYERS ?= " \ /path/to/yocto/meta \ - /path/to/yocto/meta-yocto \ - /path/to/yocto/meta-yocto-bsp \ - /path/to/yocto/meta-security \ - " - + /path/to/poky/meta-security \ -II. Misc -======== +License +------- ---- replace with specific information about the security layer --- +All metadata is MIT licensed unless otherwise stated. Source code included +in tree for individual recipes is under the LICENSE stated in each recipe +(.bb file) unless otherwise stated. diff --git a/recipes-example/example/example-0.1/example.patch b/recipes-example/example/example-0.1/example.patch deleted file mode 100644 index 2000a34..0000000 --- a/recipes-example/example/example-0.1/example.patch +++ /dev/null @@ -1,12 +0,0 @@ -# -# This is a non-functional placeholder file, here for example purposes -# only. -# -# If you had a patch for your recipe, you'd put it in this directory -# and reference it from your recipe's SRC_URI: -# -# SRC_URI += "file://example.patch" -# -# Note that you could also rename the directory containing this patch -# to remove the version number or simply rename it 'files'. Doing so -# allows you to use the same directory for multiple recipes. diff --git a/recipes-example/example/example-0.1/helloworld.c b/recipes-example/example/example-0.1/helloworld.c deleted file mode 100644 index 71f2e46..0000000 --- a/recipes-example/example/example-0.1/helloworld.c +++ /dev/null @@ -1,8 +0,0 @@ -#include <stdio.h> - -int main(int argc, char **argv) -{ - printf("Hello World!\n"); - - return 0; -} diff --git a/recipes-security/Mail-SpamAssasin/Mail-SpamAssassin_3.3.2.bb b/recipes-security/Mail-SpamAssasin/Mail-SpamAssassin_3.3.2.bb new file mode 100644 index 0000000..af5907f --- /dev/null +++ b/recipes-security/Mail-SpamAssasin/Mail-SpamAssassin_3.3.2.bb @@ -0,0 +1,19 @@ +SUMMARY = "e-mail filter" +DESCRIPTION = "SpamAssassin is a mail filter which attempts to identify spam using a variety of mechanisms including text analysis, Bayesian filtering, DNS blocklists, and collaborative filtering databases." +SECTION = "security" +LICENSE = "GPL-2.0" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10" +DEPENDS = "perl" + +SRC_URI = "http://apache.mirrors.hoobly.com/spamassassin/source/${PN}-${PV}.tar.gz" + +SRC_URI[md5sum] = "d1d62cc5c6eac57e88c4006d9633b81e" +SRC_URI[sha256sum] = "5323038939a0ef9fc97d5264defce3ae1d95e98b3a94c4c3b583341c927f32df" + +EXTRA_CPANFLAGS = "EXPATLIBPATH=${STAGING_LIBDIR} EXPATINCPATH=${STAGING_INCDIR}" +inherit cpan + +do_compile(){ + export LIBC="$(find ${STAGING_DIR_TARGET}/${base_libdir}/ -name 'libc-*.so')" + cpan_do_compile +} diff --git a/recipes-security/bastille/bastille_3.2.1.bb b/recipes-security/bastille/bastille_3.2.1.bb index 9aa0fb1..ef754c2 100644 --- a/recipes-security/bastille/bastille_3.2.1.bb +++ b/recipes-security/bastille/bastille_3.2.1.bb @@ -1,9 +1,9 @@ +SUMMARY = "Linux hardening tool" DESCRIPTION = "Bastille Linux is a Hardening and Reporting/Auditing Program which enhances the security of a Linux box, by configuring daemons, system settings and firewalling." LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=c93c0550bd3173f4504b2cbd8991e50b" # Bash is needed for set +o privileged (check busybox), might also need ncurses RDEPENDS_${PN} = "perl bash tcl perl-module-getopt-long perl-module-text-wrap lib-perl perl-module-file-path perl-module-mime-base64 perl-module-file-find perl-module-errno perl-module-file-glob perl-module-tie-hash-namedcapture perl-module-file-copy perl-module-english perl-module-exporter perl-module-cwd curses-perl coreutils" -PR = "r0" inherit allarch diff --git a/recipes-security/buck-security/buck-security_0.6.bb b/recipes-security/buck-security/buck-security_0.6.bb new file mode 100644 index 0000000..23bf1b1 --- /dev/null +++ b/recipes-security/buck-security/buck-security_0.6.bb @@ -0,0 +1,29 @@ +SUMMARY = "Linux security scanner" +DESCRIPTION = "Buck-Security is a security scanner for Debian and Ubuntu Linux. It runs a couple of important checks and helps you to harden your Linux \ +system. This enables you to quickly overview the security status of your Linux system." +SECTION = "security" +LICENSE = "GPL-2.0" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6" +RDEPENDS_${PN} = "perl perl-module-term-ansicolor perl-module-posix perl-module-getopt-long perl-module-time-localtime perl-module-data-dumper perl-module-lib" + +SRC_URI = "http://sourceforge.net/projects/buck-security/files/buck-security/buck-security_0.6/${PN}_${PV}.tar.gz" + +SRC_URI[md5sum] = "edbd40742853fc91ffeae5b2d9ea7bab" +SRC_URI[sha256sum] = "5d5dcc58b09c3a4bd87f60f86bb62cd2b0bfd7106a474951f8f520af0042a5b7" + +S = "${WORKDIR}/${PN}_${PV}" + +do_configure() { + : +} + +do_compile() { + : +} + +do_install() { + install -d ${D}${exec_prefix}/local/${PN} + cp -r ${S}/* ${D}${exec_prefix}/local/${PN} +} + +FILES_${PN} = "${exec_prefix}/*" diff --git a/recipes-security/checksecurity/checksecurity_2.0.14.bb b/recipes-security/checksecurity/checksecurity_2.0.14.bb index 951a3e6..72d6c64 100644 --- a/recipes-security/checksecurity/checksecurity_2.0.14.bb +++ b/recipes-security/checksecurity/checksecurity_2.0.14.bb @@ -1,9 +1,12 @@ -DESCRIPTION = "basic system security checks" +SUMMARY = "basic system security checks" +DESCRIPTION = "checksecurity is a simple package which will scan your system for several simple security holes." SECTION = "security" LICENSE = "GPL-2.0" LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6" +RDEPENDS_${PN} = "perl env-perl perl-module-tie-array perl-module-getopt-long perl-module-file-glob util-linux findutils" -SRC_URI = "http://ftp.de.debian.org/debian/pool/main/c/checksecurity/checksecurity_${PV}.tar.gz" +SRC_URI = "http://ftp.de.debian.org/debian/pool/main/c/checksecurity/checksecurity_${PV}.tar.gz \ + file://setuid-log-folder.patch" SRC_URI[md5sum] = "ad6cfe0cd66ebdd16dd5d4ee5fa8fa17" SRC_URI[sha256sum] = "a2bc2355358d6daf3cb72485d564e82cb541e8516f23b50522c816853ecd13c2" diff --git a/recipes-security/checksecurity/files/setuid-log-folder.patch b/recipes-security/checksecurity/files/setuid-log-folder.patch new file mode 100644 index 0000000..540ea9c --- /dev/null +++ b/recipes-security/checksecurity/files/setuid-log-folder.patch @@ -0,0 +1,52 @@ +From 24dbeec135ff83f2fd35ef12fe9842f02d6fd337 Mon Sep 17 00:00:00 2001 +From: Andrei Dinu <andrei.adrianx.dinu@intel.com> +Date: Thu, 20 Jun 2013 15:14:55 +0300 +Subject: [PATCH] changed log folder for check-setuid + +check-setuid was creating logs in /var/log directory, +which cannot be created persistently. To avoid errors +the log folder was changed to /etc/checksecurity/. + +Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com> +--- + etc/check-setuid.conf | 2 +- + plugins/check-setuid | 6 +++--- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/etc/check-setuid.conf b/etc/check-setuid.conf +index 621336f..e1532c0 100644 +--- a/etc/check-setuid.conf ++++ b/etc/check-setuid.conf +@@ -116,4 +116,4 @@ CHECKSECURITY_PATHFILTER="-false" + # + # Location of setuid file databases. + # +-LOGDIR=/var/log/setuid ++LOGDIR=/etc/checksecurity/ +diff --git a/plugins/check-setuid b/plugins/check-setuid +index 8d6f90b..bdb21c1 100755 +--- a/plugins/check-setuid ++++ b/plugins/check-setuid +@@ -44,8 +44,8 @@ if [ `/usr/bin/id -u` != 0 ] ; then + exit 1 + fi + +-TMPSETUID=${LOGDIR:=/var/log/setuid}/setuid.new.tmp +-TMPDIFF=${LOGDIR:=/var/log/setuid}/setuid.diff.tmp ++TMPSETUID=${LOGDIR:=/etc/checksecurity/}/setuid.new.tmp ++TMPDIFF=${LOGDIR:=/etc/checksecurity/}/setuid.diff.tmp + + # + # Check for NFS/AFS mounts that are not nosuid/nodev +@@ -75,7 +75,7 @@ if [ "$CHECKSECURITY_NOFINDERRORS" = "TRUE" ] ; then + fi + + # Guard against undefined vars +-[ -z "$LOGDIR" ] && LOGDIR=/var/log/setuid ++[ -z "$LOGDIR" ] && LOGDIR=/etc/checksecurity/ + if [ ! -e "$LOGDIR" ] ; then + echo "ERROR: Log directory $LOGDIR does not exist" + exit 1 +-- +1.7.9.5 + diff --git a/recipes-security/libseccomp/files/compiler.patch b/recipes-security/libseccomp/files/compiler.patch new file mode 100644 index 0000000..c7f2fbb --- /dev/null +++ b/recipes-security/libseccomp/files/compiler.patch @@ -0,0 +1,32 @@ +From fb3e84f6212333949ee3e410bb468bb06c289a1e Mon Sep 17 00:00:00 2001 +From: Andrei Dinu <andrei.adrianx.dinu@intel.com> +Date: Fri, 28 Jun 2013 15:55:13 +0300 +Subject: [PATCH] libseccomp always used host compiler + +passing $CC at do_install() doesn't seem to have +effect on the compiler used by libseccomp. Modified +the compiler manually. + +Upstream Status: Inapropriate + +Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com> +--- + macros.mk | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/macros.mk b/macros.mk +index 9c62fa7..e219be6 100644 +--- a/macros.mk ++++ b/macros.mk +@@ -66,7 +66,7 @@ AWK ?= awk + PYTHON ?= /usr/bin/env python + + # we require gcc specific functionality +-GCC ?= gcc ++GCC ?= $(CC) + + INSTALL ?= install + +-- +1.7.9.5 + diff --git a/recipes-security/libseccomp/libseccomp_2.1.0.bb b/recipes-security/libseccomp/libseccomp_2.1.0.bb new file mode 100644 index 0000000..f909c62 --- /dev/null +++ b/recipes-security/libseccomp/libseccomp_2.1.0.bb @@ -0,0 +1,19 @@ +SUMMARY = "interface to seccomp filtering mechanism" +DESCRIPTION = "The libseccomp library provides and easy to use, platform independent,interface to the Linux Kernel's syscall filtering mechanism: seccomp." +SECTION = "security" +LICENSE = "GPL-2.0" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6" + +SRC_URI = "http://sourceforge.net/projects/libseccomp/files/${PN}-${PV}.tar.gz \ + file://compiler.patch" + +SRC_URI[md5sum] = "3961103c1234c13a810f6a12e60c797f" +SRC_URI[sha256sum] = "b0d6e4f0984e6632a04f0cf33c6babdb011674ba15ff208e196f037e0e09905e" + +do_configure() { + ${S}/configure --prefix=${prefix} --libdir=${libdir} +} + +do_install() { + oe_runmake DESTDIR=${D} install +} diff --git a/recipes-security/nmap/files/lua.patch b/recipes-security/nmap/files/lua.patch new file mode 100644 index 0000000..7cb86ab --- /dev/null +++ b/recipes-security/nmap/files/lua.patch @@ -0,0 +1,79 @@ +Added missing definitions which caused failuire at do_configure +with --without-liblua option. + +Upstream Status : pending + +Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com> +--- a/output.h ++++ b/output.h +@@ -226,6 +226,10 @@ + void printscriptresults(ScriptResults *scriptResults, stype scantype); + + void printhostscriptresults(Target *currenths); ++ ++/*This is a helper function to determine the ordering of the script results ++ based on their id */ ++bool comparescriptids(ScriptResult first, ScriptResult second); + #endif + + /* Print a table with traceroute hops. */ +@@ -253,8 +257,4 @@ + were found. */ + void printdatafilepaths(); + +-/*This is a helper function to determine the ordering of the script results +- based on their id */ +-bool comparescriptids(ScriptResult first, ScriptResult second); +- + #endif /* OUTPUT_H */ +--- a/output.cc ++++ b/output.cc +@@ -2613,6 +2613,7 @@ + } + } + ++#ifndef NOLUA + /*This is a helper function to determine the ordering of the script results + based on their id */ + bool comparescriptids(ScriptResult first, ScriptResult second){ +@@ -2625,5 +2626,6 @@ + else + return false; + } ++#endif + + +--- a/portlist.cc ++++ b/portlist.cc +@@ -144,6 +144,7 @@ + } + } + ++#ifndef NOLUA + void Port::freeScriptResults(void) + { + while (!scriptResults.empty()) { +@@ -151,6 +152,7 @@ + scriptResults.pop_front(); + } + } ++#endif + + /* Fills in namebuf (as long as there is space in buflen) with the + Name nmap normal output will use to describe the port. This takes +--- a/Target.cc ++++ b/Target.cc +@@ -162,10 +162,12 @@ + + Target::~Target() { + FreeInternal(); ++#ifndef NOLUA + while (!scriptResults.empty()) { + scriptResults.front().clear(); + scriptResults.pop_front(); + } ++#endif + } + + void Target::FreeInternal() { + diff --git a/recipes-security/nmap/nmap_6.25.bb b/recipes-security/nmap/nmap_6.25.bb new file mode 100644 index 0000000..ff0caa7 --- /dev/null +++ b/recipes-security/nmap/nmap_6.25.bb @@ -0,0 +1,21 @@ +SUMMARY = "network auditing tool" +DESCRIPTION = "Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing." +SECTION = "security" +LICENSE = "GPL-2.0" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6" + +SRC_URI = "http://nmap.org/dist/${PN}-${PV}.tar.bz2 \ + file://lua.patch" + +SRC_URI[md5sum] = "fcc80f94ff3adcb11eedf91092ea6f5e" +SRC_URI[sha256sum] = "3349cc6d36b86b95ca2b8075d16615a3a598cef494920d6652f9a8bf9f7660b5" + +inherit autotools + +EXTRA_OECONF = "--without-liblua --without-zenmap" + +do_configure() { + autoconf + oe_runconf +} + diff --git a/recipes-security/openvas-cli/openvas-cli_1.2.0.bb b/recipes-security/openvas-cli/openvas-cli_1.2.0.bb new file mode 100644 index 0000000..d755578 --- /dev/null +++ b/recipes-security/openvas-cli/openvas-cli_1.2.0.bb @@ -0,0 +1,13 @@ +DESCRIPTION = "The module OpenVAS-CLI collects command line tools to handle with the OpenVAS services via the respective protocols." +SECTION = "security" +LICENSE = "GPL-2.0" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6" + +DEPENDS = "gnutls openvas-libraries glib-2.0" + +SRC_URI = "http://wald.intevation.org/frs/download.php/1323/${PN}-${PV}.tar.gz" + +SRC_URI[md5sum] = "e712eb71f3a13cc1b70b50f696465f8e" +SRC_URI[sha256sum] = "d195ca01a44940d1e6fd2ad54ee4fc9b57a3d103235f0a1f05a8b35d97db6be8" + +inherit cmake pkgconfig diff --git a/recipes-security/openvas-libraries/files/g_type_init.patch b/recipes-security/openvas-libraries/files/g_type_init.patch new file mode 100644 index 0000000..db55057 --- /dev/null +++ b/recipes-security/openvas-libraries/files/g_type_init.patch @@ -0,0 +1,36 @@ +From f498503889b8178f165afa66dc33aa8ad8901371 Mon Sep 17 00:00:00 2001 +From: Andrei Dinu <andrei.adrianx.dinu@intel.com> +Date: Fri, 28 Jun 2013 09:38:08 +0300 +Subject: [PATCH] removed the g_type_init() + +The function is depricated in glib >= 2.35.0 and is +automatically called. + +Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com> +--- + base/openvas_file.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/base/openvas_file.c b/base/openvas_file.c +index 8597198..d110c7f 100644 +--- a/base/openvas_file.c ++++ b/base/openvas_file.c +@@ -164,7 +164,6 @@ openvas_file_copy (const gchar *source_file, const gchar *dest_file) + GFile *sfile, *dfile; + GError *error; + +- g_type_init (); + sfile = g_file_new_for_path (source_file); + dfile = g_file_new_for_path (dest_file); + error = NULL; +@@ -200,7 +199,6 @@ openvas_file_move (const gchar *source_file, const gchar *dest_file) + GFile *sfile, *dfile; + GError *error; + +- g_type_init (); + sfile = g_file_new_for_path (source_file); + dfile = g_file_new_for_path (dest_file); + error = NULL; +-- +1.7.9.5 + diff --git a/recipes-security/openvas-libraries/openvas-libraries_6.0.0.bb b/recipes-security/openvas-libraries/openvas-libraries_6.0.0.bb new file mode 100644 index 0000000..caf96f1 --- /dev/null +++ b/recipes-security/openvas-libraries/openvas-libraries_6.0.0.bb @@ -0,0 +1,14 @@ +DESCRIPTION = "This is the libraries module for the Open Vulnerability Assessment System (OpenVAS)." +SECTION = "security" +LICENSE = "GPL-2.0" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6" + +DEPENDS = "bison flex gpgme glib-2.0" + +SRC_URI = "http://wald.intevation.org/frs/download.php/1303/${PN}-${PV}.tar.gz \ + file://g_type_init.patch" + +SRC_URI[md5sum] = "0e8b73ee4ad5b36984b5d7be5d6bdfc0" +SRC_URI[sha256sum] = "50d23afd46f7b49c4cb82a6500b0fe1fb53378af5efce95fd275ea33c879e1dd" + +inherit cmake pkgconfig diff --git a/recipes-security/curses-perl/curses-perl_1.28.bb b/recipes-security/perl/curses-perl_1.28.bb index 5984ca7..5984ca7 100644 --- a/recipes-security/curses-perl/curses-perl_1.28.bb +++ b/recipes-security/perl/curses-perl_1.28.bb diff --git a/recipes-security/perl/env-perl_1.04.bb b/recipes-security/perl/env-perl_1.04.bb new file mode 100644 index 0000000..4aeba4f --- /dev/null +++ b/recipes-security/perl/env-perl_1.04.bb @@ -0,0 +1,25 @@ +DESCRIPTION = "This package contains the Env.pm \ + perl module that imports environment variables as scalars or arrays" + +SECTION = "libs" +LICENSE = "Artistic-1.0 | GPL-1.0+" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=76c1cbf18db56b3340d91cb947943bd3" + +SRC_URI[md5sum] = "fdba5c0690e66972c96fee112cf5f25c" +SRC_URI[sha256sum] = "d94a3d412df246afdc31a2199cbd8ae915167a3f4684f7b7014ce1200251ebb0" + +DEPENDS += "perl" + +SRC_URI = "http://search.cpan.org/CPAN/authors/id/F/FL/FLORA/Env-${PV}.tar.gz" + +S = "${WORKDIR}/Env-${PV}" + +EXTRA_CPANFLAGS = "EXPATLIBPATH=${STAGING_LIBDIR} EXPATINCPATH=${STAGING_INCDIR}" + +inherit cpan + +do_compile() { + export LIBC="$(find ${STAGING_DIR_TARGET}/${base_libdir}/ -name 'libc-*.so')" + cpan_do_compile +} diff --git a/recipes-security/lib-perl/lib-perl_0.63.bb b/recipes-security/perl/lib-perl_0.63.bb index 606ecfb..606ecfb 100644 --- a/recipes-security/lib-perl/lib-perl_0.63.bb +++ b/recipes-security/perl/lib-perl_0.63.bb diff --git a/recipes-security/redhat-security/redhat-security_1.0.bb b/recipes-security/redhat-security/redhat-security_1.0.bb index edab390..442688b 100644 --- a/recipes-security/redhat-security/redhat-security_1.0.bb +++ b/recipes-security/redhat-security/redhat-security_1.0.bb @@ -1,3 +1,4 @@ +SUMMARY = "redhat security tools" DESCRIPTION = "Tools used by redhat linux distribution for security checks" SECTION = "security" LICENSE = "GPLv2" @@ -21,18 +22,18 @@ SRC_URI = "file://find-chroot-py.sh \ S = "${WORKDIR}" do_install() { - install -d ${D}${bindir} - install -m 0755 ${WORKDIR}/find-chroot-py.sh ${D}${bindir} - install -m 0755 ${WORKDIR}/find-chroot.sh ${D}${bindir} - install -m 0755 ${WORKDIR}/find-elf4tmp.sh ${D}${bindir} - install -m 0755 ${WORKDIR}/find-execstack.sh ${D}${bindir} - install -m 0755 ${WORKDIR}/find-hidden-exec.sh ${D}${bindir} - install -m 0755 ${WORKDIR}/find-nodrop-groups.sh ${D}${bindir} - install -m 0755 ${WORKDIR}/find-sh4errors.sh ${D}${bindir} - install -m 0755 ${WORKDIR}/find-sh4tmp.sh ${D}${bindir} - install -m 0755 ${WORKDIR}/lib-bin-check.sh ${D}${bindir} - install -m 0755 ${WORKDIR}/rpm-chksec.sh ${D}${bindir} - install -m 0755 ${WORKDIR}/rpm-drop-groups.sh ${D}${bindir} - install -m 0755 ${WORKDIR}/selinux-check-devices.sh ${D}${bindir} - install -m 0755 ${WORKDIR}/selinux-ls-unconfined.sh ${D}${bindir} + install -d ${D}${bindir} + install -m 0755 ${WORKDIR}/find-chroot-py.sh ${D}${bindir} + install -m 0755 ${WORKDIR}/find-chroot.sh ${D}${bindir} + install -m 0755 ${WORKDIR}/find-elf4tmp.sh ${D}${bindir} + install -m 0755 ${WORKDIR}/find-execstack.sh ${D}${bindir} + install -m 0755 ${WORKDIR}/find-hidden-exec.sh ${D}${bindir} + install -m 0755 ${WORKDIR}/find-nodrop-groups.sh ${D}${bindir} + install -m 0755 ${WORKDIR}/find-sh4errors.sh ${D}${bindir} + install -m 0755 ${WORKDIR}/find-sh4tmp.sh ${D}${bindir} + install -m 0755 ${WORKDIR}/lib-bin-check.sh ${D}${bindir} + install -m 0755 ${WORKDIR}/rpm-chksec.sh ${D}${bindir} + install -m 0755 ${WORKDIR}/rpm-drop-groups.sh ${D}${bindir} + install -m 0755 ${WORKDIR}/selinux-check-devices.sh ${D}${bindir} + install -m 0755 ${WORKDIR}/selinux-ls-unconfined.sh ${D}${bindir} } |