aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2023-09-11layer.conf: update LAYERSERIES_COMPAT for nanbieldMartin Jansa
* oe-core switched to nanbield in: https://git.openembedded.org/openembedded-core/commit/?id=f212cb12a0db9c9de5afd3cc89b1331d386e55f6 Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-09-11ccs-tools: Fix do_package QA Issue.Lei Maohui
After usrmerge had been enabled, paxctl has the fowllowing error: ERROR: ccs-tools-1.8.9-r0 do_package: QA Issue: ccs-tools: Files/directories were installed but not shipped in any package: /sbin/ccs-init Signed-off-by: Lei Maohui <leimaohui@fujitsu.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-09-08paxctl: Fix do_package QA Issue.Lei Maohui
After usrmerge had been enabled, paxctl has the fowllowing error: ERROR: paxctl-0.9-r0 do_package: QA Issue: paxctl: Files/directories were installed but not shipped in any package: /sbin/paxctl Signed-off-by: Lei Maohui <leimaohui@fujitsu.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-09-08scap-security-guide: update to 0.1.69+Armin Kuster
Update to tip of branch Drop 0001-scap-security-guide-add-openembedded-distro-support.patch is now included in tip Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-09-08scap-security-guide: pass the correct cpe/schemas/xsl paths to oscapYi Zhao
There is a build error when using openscap-native sstate cache mirror. Steps to reproduce: Create a new build project in build-1 directory. $ bitbake openscap-native Then remove all directories in build-1 directory except sstate-cache. Use the sstate-cache directory as sstate mirror. Create another new build project in build-2 directory. Set SSATE_MIRRORS to point to the sstate-cache in build-1 directory. $ bitbake scap-security-guide Error message: OpenSCAP Error: Schema file 'sds/1.3/scap-source-data-stream_1.3.xsd' not found in path '/build-1/tmp-glibc/work-shared/openscap/oscap-build-artifacts/usr/share/openscap/schemas' when trying to validate '/build-2/tmp-glibc/work/corei7-64-wrs-linux/scap-security-guide/0.1.67/build/ssg-openembedded-ds.xml' [/build-1/tmp-glibc/work/x86_64-linux/openscap-native/1.3.8/git/src/source/validate.c:103] The oscap command from openscap-native tries to find the schema files in build-1 directory since these paths are hardcoded when building openscap-native. We need to pass the correct cpe/schemas/xsl paths to oscap to make sure it can find the files in right location. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-08-06layer: add QA_WARNINGS to all layersArmin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-08-06meta-tpm linux-yocto-rt: Add the bbappend for rt kernelArmin Kuster
So that the security features in this layer can be used on the rt kernel. Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-08-06linux-yocto-rt: Add the bbappend for rt kernelKevin Hao
So that the security features in this layer can be used on the rt kernel. Signed-off-by: Kevin Hao <kexin.hao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-08-06sshguard: Update to 2.4.3Armin Kuster
Changelog: https://bitbucket.org/sshguard/sshguard/src/master/CHANGELOG.rst Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-08-06sssd: 2.7.4 -> 2.9.1Kai Kang
Update sssd from 2.7.4 to 2.9.1. * backport patch to fix interpreter of script sss_analyze * add runtime dependency python3-systemd when systemd is enabled * update FILES Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-08-06glome: update to tipLuke Granger-Brown
Markus Rudy (17): Use Github TeX Markdown instead of image includes. Merge pull request #134 from burgerdev/md-tex Merge pull request #135 from vvidic/cli-base64 RFD 002: public key format at rest (#109) Merge pull request #137 from vvidic/hmac Merge pull request #138 from vvidic/hmac2 Update list of supported Python versions Install golint instead of 'get'ting it. Merge pull request #139 from burgerdev/actions Clarify format of public key at rest Test all supported config file keys Merge pull request #144 from burgerdev/public-key-format Fix linter findings for #144 Use 'release' buildtype for NixOS builds Merge pull request #149 from google/l9i/bye-java RFD 001: GLOME Login v2 (#102) login/v2 implementation for Go (#162) Philipp Kern (21): Merge pull request #133 from google/l9i/pam-fix Merge pull request #132 from google/l9i/nix-shell Merge pull request #140 from vvidic/defaul-typo Merge pull request #142 from vvidic/soversion Merge pull request #146 from burgerdev/lint Merge pull request #148 from google/dependabot/go_modules/go/golang.org/x/crypto-0.1.0 Merge pull request #152 from google/l9i/cpplint Merge pull request #154 from vvidic/docker-public-key Merge pull request #155 from vvidic/prompt-fix Insert a slash after url-prefix when writing it into prompt Merge pull request #156 from google/url-prefix-compat Merge pull request #157 from vvidic/config-order State that devices require randomness for the protocol to work Update docs/protocol.md Merge pull request #158 from google/pkern-patch-1 Fix error to state "at most" instead of "at least" Merge pull request #153 from vvidic/min-tag-length Merge pull request #159 from vvidic/host-id-type README.md: Codeblock fixups Merge branch 'master' into l9i/README Merge pull request #141 from google/l9i/README Piotr Lewandowski (12): Fix failing PAM test Treat warning as errors Define OPENSSL_API_COMPAT to require OpenSSL >=1.1 Use werror only for CI Add nix-shell config for setting up dev environment Add GitHub Action workflow for shell.nix Add intro and installation steps to README.md Address reviewer's comments Wrap lines Delete Java implementation Rename `url-prefix` to `prompt` (#131) Add `cpplint` linter Valentin Vidic (10): Update CLI to use base64 instead of hex tags. Replace deprecated OpenSSL HMAC API with EVP. Replace OpenSSL EVP_DigestSign API with HMAC() Fix typo: defaul => default Use project version in library version Update Docker scripts for new public key format Fix setting of prompt parameter Parse command line again after reading the config Add config option for minimum authcode length #122 Add config option for host-id type #122 dependabot[bot] (1): Bump golang.org/x/crypto in /go Signed-off-by: Luke Granger-Brown <lukegb@google.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-08-06dm-verity-image-initramfs: Allow compressed image typesWurm, Stephan
Using <DM_VERITY_IMAGE_TYPE> in the depends variable does not work for compressed image types like squashfs-zst, as the resulting task dependency still contains the incompatible dash. Replacing the dash by an underscore resolves this issue. Signed-off-by: Stephan Wurm <stephan.wurm@a-eberle.de> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-07-31meta-integrity: drop ima.cfg in favor of new k-cacheArmin Kuster
The upstream ima.cfg kernel-cache has been updated. Use it instead. Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-07-31python3-json2html: add new pkgArmin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-07-31python3-json2html: add new pkgArmin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-07-31python3-yamlpath: Add new pkgArmin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-07-31scap-security-guide: enable ptestArmin Kuster
This add the basic framework to allow the test suite to run. It takes a very long time so it my not be practical to run in some cases (days in my case). The ptest log format has not been verified. Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-07-31openscap: fix buildpaths issueKai Kang
Variables PREFERRED_PYTHON_PATH and PYTHON3_PATH are set with ${PYTHON_EXECUTABLE}. For cross compile, ${PYTHON_EXECUTABLE} may point to other path rather than standard dir such as /usr/bin. Then the generated library file contains such path which should NOT. Update to make variables PREFERRED_PYTHON_PATH and PYTHON3_PATH configurable to fix buildpaths issue: | WARNING: openscap-1.3.7-r0 do_package_qa: QA Issue: File | /usr/lib/libopenscap.so.25.5.1 in package openscap contains reference | to TMPDIR [buildpaths] Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-07-31packagegroup-security-tpm2: add more pkgsArmin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-07-31scap-security-guide: refactor patchesArmin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-07-31clamav: update SRC_URIArmin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-07-31packagegroup: add python3-tpm2-pytssArmin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-07-31python3-tpm2-pytss: add python tss2 supportArmin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-07-31firejail: only allow x86-64 and arm64 to buildArmin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-07-31packagegroup-core-security: only include firejail x86-64 and arch64Armin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-07-31qemu: move qemu setting to image and out of layer.confArmin Kuster
I suspect its better form to have these in the image definition. Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-07-31python3-privacyidea: fixup REDPENDSArmin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-07-31python3-segno: add new packageArmin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-07-31python3-flask-script: add packageArmin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-07-31ossec-hids: Fix usermodArmin Kuster
Use built in USERMOD to set uid and gid properly. convert to using OSSEC_DIR instead of DIR Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-07-31bastille: bastille/config should not be world writeable.Armin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-06-25.patch: remove probably unused patchesMartin Jansa
There could be some false possitives (the script is far from perfect), so please test it on your QA, I've only double checked with "git grep" (the script looks only in parent directory). @ ~/layers/meta-security $ /OE/extra-layers/meta-ros/scripts/check-patch-files.sh . ./recipes-ids/tripwire/files/add_armeb_arch.patch: not used in any recipe ./dynamic-layers/meta-python/recipes-security/fail2ban/files/0001-To-fix-build-error-of-xrang.patch: not used in any recipe ./recipes-scanners/clamav/files/fix2_libcurl_check.patch: not used in any recipe ./recipes-scanners/arpwatch/files/postfix_workaround.patch: not used in any recipe ./meta-tpm/recipes-tpm/libtpm/files/Use-format-s-for-call-to-dprintf.patch: not used in any recipe ./meta-tpm/recipes-tpm/libtpm/files/fix_signed_issue.patch: not used in any recipe ./meta-tpm/recipes-tpm/libtpm/files/Convert-another-vdprintf-to-dprintf.patch: not used in any recipe ./meta-tpm/recipes-tpm/swtpm/files/fix_lib_search_path.patch: not used in any recipe ./meta-tpm/recipes-tpm/swtpm/files/fix_fcntl_h.patch: not used in any recipe ./recipes-mac/AppArmor/files/disable_perl_h_check.patch: not used in any recipe @ ~/layers/meta-security $ git grep add_armeb_arch.patch @ ~/layers/meta-security $ git grep 0001-To-fix-build-error-of-xrang.patch @ ~/layers/meta-security $ git grep fix2_libcurl_check.patch @ ~/layers/meta-security $ git grep postfix_workaround.patch @ ~/layers/meta-security $ git grep Use-format-s-for-call-to-dprintf.patch @ ~/layers/meta-security $ git grep fix_signed_issue.patch @ ~/layers/meta-security $ git grep Convert-another-vdprintf-to-dprintf.patch @ ~/layers/meta-security $ git grep fix_lib_search_path.patch @ ~/layers/meta-security $ git grep fix_fcntl_h.patch @ ~/layers/meta-security $ git grep disable_perl_h_check.patch Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-06-25*.patch: fix malformed Upstream-Status and SOB linesMartin Jansa
* as reported by openembedded-core/scripts/contrib/patchreview.py -v . Malformed Signed-off-by 'Signed-Off-By:' (./recipes-mac/AppArmor/files/crosscompile_perl_bindings.patch) Malformed Signed-off-by 'Signed-Off-By:' (./recipes-mac/AppArmor/files/disable_perl_h_check.patch) Missing Upstream-Status tag (./recipes-compliance/scap-security-guide/files/0001-standard.profile-expand-checks.patch) Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-ids/samhain/files/samhain-not-run-ptest-on-host.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-ids/samhain/files/samhain-pid-path.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-ids/suricata/files/fixup.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-scanners/clamav/files/fix2_libcurl_check.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-security/ecryptfs-utils/files/ecryptfs-utils-CVE-2016-6224.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-security/isic/files/configure_fix.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-security/krill/files/panic_workaround.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-security/opendnssec/files/libdns_conf_fix.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-security/opendnssec/files/libxml2_conf.patch Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-06-25dynamic-layers: *.patch: fix malformed and missing Upstream-Status linesMartin Jansa
* as reported by openembedded-core/scripts/contrib/patchreview.py -v . Missing Upstream-Status tag (dynamic-layers/meta-perl/recipes-scanners/checksecurity/files/check-setuid-use-more-portable-find-args.patch) Missing Upstream-Status tag (dynamic-layers/meta-python/recipes-security/fail2ban/files/0001-To-fix-build-error-of-xrang.patch) Malformed Upstream-Status 'Malformed Upstream-Status in patch dynamic-layers/meta-perl/recipes-security/bastille/files/accept_os_flag_in_backend.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch dynamic-layers/meta-perl/recipes-security/bastille/files/allow_os_with_assess.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch dynamic-layers/meta-perl/recipes-security/bastille/files/call_output_config.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch dynamic-layers/meta-perl/recipes-security/bastille/files/do_not_apply_config.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch dynamic-layers/meta-perl/recipes-security/bastille/files/edit_usage_message.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch dynamic-layers/meta-perl/recipes-security/bastille/files/find_existing_config.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch dynamic-layers/meta-perl/recipes-security/bastille/files/fix_missing_use_directives.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch dynamic-layers/meta-perl/recipes-security/bastille/files/fix_number_of_modules.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch dynamic-layers/meta-perl/recipes-security/bastille/files/fix_version_parse.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch dynamic-layers/meta-perl/recipes-security/bastille/files/fixed_defined_warnings.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch dynamic-layers/meta-perl/recipes-security/bastille/files/organize_distro_discovery.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch dynamic-layers/meta-perl/recipes-security/bastille/files/remove_questions_text_file_references.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch dynamic-layers/meta-perl/recipes-security/bastille/files/simplify_B_place.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch dynamic-layers/meta-perl/recipes-security/bastille/files/upgrade_options_processing.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch dynamic-layers/meta-perl/recipes-security/nikto/files/location.patch Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-06-25meta-tpm: *.patch: fix malformed Upstream-Status linesMartin Jansa
* as reported by openembedded-core/scripts/contrib/patchreview.py -v . Malformed Upstream-Status 'Malformed Upstream-Status in patch meta-tpm/recipes-tpm2/ibmswtpm2/files/tune-makefile.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch meta-tpm/recipes-tpm2/tpm2-tcti-uefi/files/configure_oe_fixup.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch meta-tpm/recipes-tpm2/tpm2-tcti-uefi/files/fix_header_file.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi/0001-configure.ac-stop-inserting-host-directories-into-co.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/fixup_hosttools.patch Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-06-25packagegroup-core-security: add os-releaseArmin Kuster
Exclude openscap and scap-security-guide if musl Fix RDEPENDS list to include compliance packages. Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-06-25openscap: update to 1.3.8Armin Kuster
Remediate service is now off by default. Only include if needed. Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-06-25scap-security-guide: Does not build for muslArmin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-06-25scap-security-guide: add Upstream-StatusArmin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-06-25arpwatch: Fix typo in COMPATIBLE_HOST:libc-musl = "null"Armin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-06-25scap-security-guide: Add PokyArmin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-06-25dm-verity: add sample systemd separate hash example and docPaul Gortmaker
Create a wks.in that allows an out-of-the-box build of a bootable USB image using systemd and the hash data as a separate device or partition. A focus here was to ensure we used proper GPT names and GPT types, and the GPT UUIDs that are based on splitting the root hash. Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-06-25dm-verity: hook separate hash into initramfs frameworkPaul Gortmaker
The prior commits create the separate hash so now it is time to update the initramfs framework so that veritysetup, which is responsible for binding the data and hash, is aware of when separate hash is in use, and can react accordingly. The added code follows the existing appended hash code style, but is considerably smaller because it doesn't have the large case statement that supports all possible identification schemes (label, UUID, ...). With the root hash split in two to create the respective partition UUIDs, we know exactly how to identify it, and the UUIDs used. Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-06-25dm-verity: add wks.in fragment with dynamic build hash dataPaul Gortmaker
Export the dynamic build data for consumption in wic image generation. It can either be included directly or manually parsed for useful chunks in custom configurations people end up making. For convenience, it is placed alongside the work-shared/dm-verity dir where we already store the plain environment file and the veritysetup formatting argument that was used. There is a subtle thing going on here with respect to using an include, which warrants a mention. The wic (wks.in) stuff only has access to normal Yocto/OE/bitbake variables. So, instead of a fragment, say if you had: DM_VERITY_ROOT_HASH = "__not_set__" and then later, did a: d.setVar("DM_VERITY_ROOT_HASH", value) after the image was built, and the hash was known - that seems sane. But the problem is that once you do that, your variables are tracked by default, and bitbake/lib/bb/siggen.py will be angry with you for changing metadata during a build. In theory one should be able to avoid this with BB_BASEHASH_IGNORE_VARS and "vardepsexclude" but it means more exposed variables, and as much as I tried, I couldn't get this to work. Creating a fragment with the dynamic data for inclusion avoids all that. The wks template itself remains static, and hence doesn't trigger warns. Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-06-25dm-verity: add support for hash storage on separate partitionPaul Gortmaker
There are essentially two ways for dealing with where to put the hash data for dm-verity block integrity checks. You can store both in a single partition, by using ~95% of the storage space for the filesystem and the remaining 5% tail for the hash, or you can use a completely separate partition (or even device) for storing the hash data elsewhere. Method A relies on using a hash offset argument during creation, which is generally OK from a scripted use case but is error prone when run from the command line and the offset calculated manually. Method B has the advantage of using the basic partition/device compartmentalization of the kernel to ensure the fs data doesn't overwrite the hash or vice versa. It takes any possible errors due to math miscalculations completely off the table. At the moment, our current support is hard coded to only support the offset method A. Here we add support for separate hash as per B. As multiple partitions are now in play, we use the UUID creation standard adopted by the systemd/verity community which implicitly links the root and hash partitions by splitting the top roothash in two for the UUIDs of the components. This change optionally creates the separate hash file but no examples use it yet. Further commits will implement an example. Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-06-25dm-verity: save veritysetup args beside runtime environmentPaul Gortmaker
We already have this directory to save the environment variable settings so they can be copied into the initramfs for runtime setup. There are quite a few veritysetup args, and the nature of storing the hash data after the filesystem data in an "oversized" partition can be error prone due to rounding, fencepost errors, etc. Save a copy of what we used for ease of debug inspection, and for basic cut and paste use in experimentation and tweaking. Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-06-25dm-verity: restructure the veritysetup arg parsingPaul Gortmaker
In making changes to the existing veritysetup arg list, it is harder to see what the proposed change is since they are are glued together on one long line. Break them up so reviewing future unified diffs will be more easy to visually parse. This also makes it easier to temp. dump the args to a file for debugging. In theory this should have no functional change. Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-06-25dm-verity: add descriptive strings for "wic list images"Paul Gortmaker
Without these one line descriptors and their associated marker prefix, the output from "wic list images" only shows they are available as a choice but w/o any description Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-06-25isic: fine tune Upstream-StatusArmin Kuster
These are changes I did so apply the appropriate label. Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-06-25clamav: drop unused patchArmin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>