AgeCommit message (Collapse)AuthorFilesLines
2019-12-25python-fail2ban: Drop python2 packageArmin Kuster2-53/+0
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-12-25smack: add distro checkArmin Kuster1-1/+6
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-12-25apparmor: add distro checkArmin Kuster1-1/+2
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-12-16suricata: update to 4.1.6Armin Kuster2-4/+3
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-12-16lib/oeqa/runtime: suricata add testsArmin Kuster1-7/+56
drop the unit test as it should be run via ptest add more tests for python3-suricata-update Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-12-16libhtp: bugfix only update 0.5.32Armin Kuster1-0/+0
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-12-16python3-suricata-update: update to 1.1.1Armin Kuster1-2/+2
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-12-16libseccomp: upgrade 2.4.1 -> 2.4.2Yi Zhao2-1/+47
Backport a patch to fix ptest build failure on arm64. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-12-15meta-security-compliance/conf/layer.conf: fix typoArmin Kuster1-1/+1
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-12-07tpm2-abrmd: Port command line options to new version.Philip Tricca1-1/+1
These have changed upstream. Signed-off-by: Philip Tricca <flihp@twobit.org> Signed-off-by: Diego Santa Cruz <Diego.SantaCruz@spinetix.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-12-07tpm2-abrmd-init.sh: fix for /dev/tpmrmXTrevor Woerner1-1/+1
Newer kernels, in addition to the traditional /dev/tpmX device nodes, are now also creating /dev/tpmrmX device nodes. This causes this script to get confused and abort, meaning tpm2-abrmd does not get started during boot. Fix for https://github.com/flihp/meta-measured/issues/56 Signed-off-by: Trevor Woerner <twoerner@gmail.com> Signed-off-by: Diego Santa Cruz <Diego.SantaCruz@spinetix.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-12-07meta-security: add layer index calloutsArmin Kuster3-0/+5
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-12-05README: update mailing list to new groups.ioArmin Kuster1-3/+3
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-12-05tpm2-totp: update to 0.2.0Armin Kuster2-39/+3
LIC_FILES_CHKSUM update to be true BSD-3-clause text Drop patch included Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-12-05tpm2-tss-engine: update to tip to us tss-tools 4.0.xArmin Kuster1-2/+2
LIC_FILES_CHKSUM update to be true BSD-3-clause text Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-12-05tpm2-tools: update to 4.0.1Armin Kuster2-15/+14
LIC_FILES_CHKSUM added new copyrights Migrate to https d/l from git clone Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-12-05tpm2-abrmd": update to 2.3.0Armin Kuster1-1/+1
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-12-05tpm2-pkcs11: update to tipArmin Kuster1-1/+1
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-11-27meta: inherit features_check instead of distro_features_checkMing Liu4-4/+4
distro_features_check has been deprecated in OE. Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-11-27suricata: add tmpfiles.d configChristopher Larson2-10/+20
This is needed to ensure our /var/log directory is created when using systemd. Signed-off-by: Christopher Larson <chris_larson@mentor.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-11-27clamav: add tmpfiles.d configChristopher Larson2-1/+10
This is needed to ensure freshclam's /var/log directory and file are created when using systemd. Signed-off-by: Christopher Larson <chris_larson@mentor.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-11-27checksecurity: use more portable find argsChristopher Larson2-1/+25
Signed-off-by: Christopher Larson <chris_larson@mentor.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-11-27meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.3.1.bb: add new udev dir to FILES ↵Norbert Kaminski1-1/+3
and append EXTRA_OECONF The tpm2 tool freezes in a XEN distro. It stores the udev rules in /lib/udev directory, thus these changes append the FILES and EXTRA_OECONF to make tpm2 work properly. Signed-off-by: Norbert Kaminski <norbert.kaminski@3mdeb.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-11-27cryptsetup tpm incubator: fix installed vs shippedChristophe PRIOUZEAU1-0/+1
Fix [installed-vs-shipped] by adding /usr/lib/tmpfiles.d on FILES. Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-10-17apparmor: ptest fail to build on armArmin Kuster1-0/+18
exclude arm and aarch64 ptest tasks [v2&3] Sent before committing. Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-10-16apparmor: fix systemd support so it worksArmin Kuster1-5/+11
[Yocto # 13568] Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-10-14checksec: add missing rdepends to readelfArmin Kuster2-1/+2
update test to check for depends Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-10-14suricata: fix compile issueArmin Kuster1-3/+0
cp: cannot stat '/...../tmp-glibc/work/core2-32-oe-linux/suricata/4.1.5-r0/rules': No such file or directory | WARNING: exit code 1 from a shell command. Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-10-13apparmor: make bash dependency optionalAlexander Kanavin1-2/+6
Bash is only needed by one not particularly important script, so not requiring bash is a useful option for builds that cannot have gpl3 components. Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-10-13apparmor: add PRIVATE_LIBS for ptest packageAlexander Kanavin1-0/+2
Otherwise, the following occurs: ERROR: apparmor-2.13.3-r0 do_package: apparmor: Multiple shlib providers for libapparmor.so.1: apparmor, apparmor-ptest (used by files: /home/alexander/development/poky/build-metaoe/tmp/work/core2-32-poky-linux/apparmor/2.13.3-r0/packages-split/apparmor/usr/lib/perl5/vendor_perl/5.30.0/i686-linux/auto/LibAppArmor/LibAppArmor.so) ERROR: apparmor-2.13.3-r0 do_package: apparmor: Multiple shlib providers for libapparmor.so.1: apparmor, apparmor-ptest (used by files: /home/alexander/development/poky/build-metaoe/tmp/work/core2-32-poky-linux/apparmor/2.13.3-r0/packages-split/apparmor/usr/lib/python3.7/site-packages/LibAppArmor/_LibAppArmor.cpython-37m-i686-linux-gnu.so) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-10-11layer.conf: Update for zeus seriesArmin Kuster4-4/+4
Signed-off-by: Armin Kuster <akuster808@gmail.com> Acked-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-10-08suricata-update: add package to pull rulesArmin Kuster1-0/+15
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-10-08suricata/libhtp: update to 4.1.5/0.5.31Armin Kuster5-13/+8
same sources refresh patch drop rules tar ball Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-29apparmor: suppress appending of installation to perllocal.podNaveen Saini2-0/+29
perl modules when gets installed can produce a perllocal.pod file for documenting a list of locally installed perl modules. This can conflict if multiple packages generate the file. Hits the conflict with apparmor & rrdtool packages. Error: Transaction check error: file /usr/lib/perl5/5.30.0/x86_64-linux/perllocal.pod conflicts between attempted installs of rrdtool-1.7.2-r0.corei7_64 and apparmor-2.13.3-r0.corei7_64 perllocal.pod files are for documentation purpose, so disabling does not harm. Generating perllocal.pod for perl module is disabled by passing NO_PERLLOCAL=1 with ExtUtils::MakeMaker utility. https://perldoc.perl.org/5.30.0/ExtUtils/MakeMaker.html#Using-Attributes-and-Parameters [YOCTO #13491] Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-29ncrack: update to tipScott Ellis1-2/+2
LIC_FILES_CHKSUM changed do to the date bumped to 2018 to 2019. The license is the same as nmap and the nmap recipe in meta-openembedded has that beginline/endline grab stuff. Went for consistency as ncrack is an nmap project. Signed-off-by: Scott Ellis <scott@jumpnowtek.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-12tpm2-pkcs11: update to tipArmin Kuster1-1/+1
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-12tpm2-tcti-uefi: update to tipArmin Kuster1-2/+2
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-12tpm2-totp: update to 0.1.2Armin Kuster1-1/+1
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-12tpm2-tss-engine: update to 1.0.1Armin Kuster1-1/+1
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-12tpm2-tss: update to 2.3.0Armin Kuster2-87/+2
drop patch already in update Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-12tpm2-abrmd: update to 2.2.0Armin Kuster1-2/+1
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-12swtpm: update to 0.2.0Armin Kuster1-1/+1
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-12libtpm: update to 0.7.0Armin Kuster1-1/+1
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-07suricata: update to 4.1.4Armin Kuster4-8/+35
Backport patch to fix build against newer kernels. Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-07oe-scap: Fix QA RDEPENDS errorArmin Kuster1-1/+1
ERROR: oe-scap-1.0-r0 do_package_qa: QA Issue: /usr/share/oe-scap/run_tests.sh contained in package oe-scap requires /bin/bash, but no providers found in RDEPENDS_oe-scap? [file-rdeps] Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-07cryptsetup-tpm-incubator: fix QA error RDEPENDSArmin Kuster1-1/+1
ERROR: cryptsetup-tpm-incubator-0.9.9-r0 do_package_qa: QA Issue: /usr/lib/libcryptsetup.so.12.3.0 contained in package cryptsetup-tpm-incubator requires libdevmapper.so.1.02(DM_1_02_97)(64bit), but no providers found in RDEPENDS_cryptsetup-tpm-incubator? [file-rdeps] Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-07scap-security-guide: add depends on openscap-native do_installArmin Kuster1-3/+4
This ensures openscap-native does install the needed patches security guilde needs to build Minor recipe cleanup too Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-07openscap: Drop nostampArmin Kuster1-3/+2
add cleandir depends to do_install task This nostamp is causing issues with the yocto-check-layer when checking hash changes. Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-07apparmor: drop lsb RDEPENDSArmin Kuster2-2/+1
remove lsb functions from init script Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-07initramfs-framework-ima: correct IMA_POLICY nameArmin Kuster1-1/+1
it had ima_policy_hashed and did not match the recipe ima-policy-hashed found by yocto-check-layer Signed-off-by: Armin Kuster <akuster808@gmail.com>