aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2020-12-24tpm2-pkcs11: build and package python toolsHEADmasterAdrian Ratiu1-2/+23
Signed-off-by: Adrian Ratiu <adrian.ratiu@collabora.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-11-17.gitlab-ci: drop scriptArmin Kuster1-1/+0
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-11-15kas-security-base: Don't create local SSTATE mirrorArmin Kuster1-1/+0
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-11-15scap-security-guide: fix build with Python 3.9Yi Zhao4-0/+161
The getchildren and getiterator functions are deprecated in Python 3.9. Backport 3 patches to fix the build issue. Fixes: File "/build/tmp/work/cortexa8hf-neon-poky-linux-gnueabi/scap-security-guide/0.1.44+gitAUTOINC+5fdfdcb2e9-r0/git/ssg/build_stig.py", line 41, in add_references index = rule.getchildren().index(ref) AttributeError: 'xml.etree.ElementTree.Element' object has no attribute 'getchildren' Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-11-03samhain: update to 4.4.2Armin Kuster3-52/+42
refresh a few patches too Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-11-03clamav: unify volatiles file nameYi Zhao1-1/+1
Make the volatiles file name starts with digital. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-11-03suricata: unify volatiles file nameYi Zhao1-1/+1
Make the volatiles file name starts with digital. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-10-19gitlab-ci: add building meta-security-compliance pkgsArmin Kuster2-0/+16
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-10-19gitlab-ci: add meta-hardening build imageArmin Kuster3-0/+16
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-10-19meta-security: Add gatesgarth to LAYERSERIES_COMPATArmin Kuster6-6/+6
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-10-19layer.conf: use += instead of := to update BBFILESSajjad Ahmed1-2/+1
Updating BBFILES with := isn't the standard way and can break parsing under certain conditions, instead use += which is widely used. Signed-off-by: Sajjad Ahmed <sajjad_ahmed@mentor.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-10-15scap-security-guide: add expat-native to DEPENDSMingli Yu1-1/+1
Add expat-native to DEPENDS to fix the below do_configure error: | CMake Error at CMakeLists.txt:165 (message): | xmlwf is required! Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-10-15tpm2-pkcs11: update to 1.4.0Armin Kuster2-2/+82
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-10-15tpm2-tools: update to 4.3.0Armin Kuster2-2/+2
LIC_FILES_CHKSUM changes do to added Copyright Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-10-15tpm2-abrmd: update to 2.3.3Armin Kuster1-1/+1
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-10-15tpm2-totp: update to 0.2.1Armin Kuster1-3/+2
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-10-15tpm2-tss: update to 2.4.3Armin Kuster1-3/+1
includes: CVE-2020-24455 Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-10-15gitlab-ci: add qemux86 and qemuarm64 musl buildsArmin Kuster3-0/+29
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-10-15kas: fixup alt configsArmin Kuster3-10/+10
add smack Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-10-10suricata: update to 4.1.9Armin Kuster3-2/+2
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-10-10packagegroup-core-security: remove clamav from musl imageArmin Kuster1-0/+1
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-10-10sssd: update to latest ltm 1.16.5Armin Kuster2-3/+37
fix musl support Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-10-10libest: fix musl build.Armin Kuster1-0/+4
fixes est.c:38:10: fatal error: execinfo.h: No such file or directory | 38 | #include <execinfo.h> | | ^~~~~~~~~~~~ Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-10-10ecryptfs-utils: fix musl buildArmin Kuster2-0/+16
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-10-10apparmor: fix build for on muslArmin Kuster6-1/+185
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-10-10qemux86-test: add apparmor backArmin Kuster1-1/+1
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-10-09suricata: fix compiling on gcc10Armin Kuster1-1/+1
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-10-09packagegroup-core-security: apparmor 3.0 ptest does not buildArmin Kuster1-1/+0
for now skip apparmor ptest Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-10-09apparmor: update to 3.0Armin Kuster5-136/+158
skip ptest for now, on todo list for fix. Runtime test pass remove patch now included in update: 0001-regression-tests-Don-t-build-syscall_sysctl-if-missi.patch Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-10-09security-test-image: tweak to get more tests to runnArmin Kuster1-1/+8
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-10-09apparmor: fix build issue with ptest enabled.Armin Kuster2-91/+186
minor spacing cleanup Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-10-09linux-%/5.x: Add dm-verity fragment as neededNaveen Saini1-1/+1
Add checks that include dm-verity specific kernel config fragment when dm-verity-img.bbclass is used. Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-10-09wic: add wks.in for intel dm-verityNaveen Saini1-0/+15
Based on systemd-bootdisk-microcode.wks.in, this adds the dm-verity image similar to the beaglebone wks already in meta-security. Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-10-09initramfs-framework/dmverity: add retry loop for slow boot devicesNaveen Saini1-27/+37
Detection of USB devices by the kernel is slow enough. We need to keep trying for a while (default: 5s seconds, controlled by roottimeout=<seconds>) and sleep between each attempt (default: one second, rootdelay=<seconds>). Fix is based on https://git.yoctoproject.org/cgit.cgi/poky/commit/meta/recipes-core/initrdscripts/initramfs-framework/rootfs?id=ee6a6c3461694ce09789bf4d852cea2e22fc95e4 Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-10-01packagegroup-core-security-ptest: removeArmin Kuster1-27/+0
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-10-01security-test-image: simplifyArmin Kuster2-24/+16
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-10-01packagegroup-core-security-ptest: remove keyutils-ptestArmin Kuster1-1/+0
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-10-01libseccomp: fix ptest failures.Armin Kuster1-1/+1
Fixes: BusyBox v1.32.0 () multi-call binary. Usage: dd [if=FILE] [of=FILE] [bs=N] [count=N] [skip=N] Don't use Busybox dd, not compatable. Use coreutils Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-10-01gitlab-ci: allow test to failArmin Kuster1-0/+1
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-09-29packagegroup-core-security: add opendnssec to pkg grpArmin Kuster1-0/+1
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-09-29opendnssec: add recipeArmin Kuster4-0/+391
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-09-29gitignore addedAdrian1-0/+7
After running testimage there are some python left overs at lib/oeqa/runtime/cases/__pycache__/ Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-09-29packagegroup-core-security: add libest packageArmin Kuster1-0/+1
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-09-29libest: add recipeArmin Kuster1-0/+23
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-09-29packagegroup-core-security: add softHSMArmin Kuster1-0/+1
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-09-29softHSM: add pkgArmin Kuster1-0/+30
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-09-29kas: build with ptest. remove apparmorArmin Kuster2-3/+2
apparmor does not build with ptest enabled. skipping it for now Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-09-18qemu test: set ptestArmin Kuster1-1/+1
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-09-18kas-security-base: set RPM and disable ptestArmin Kuster1-0/+2
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-09-18kas: add alt and mutli build imagesArmin Kuster7-0/+100
Signed-off-by: Armin Kuster <akuster808@gmail.com>