diff options
Diffstat (limited to 'kas')
| -rw-r--r-- | kas/kas-security-alt.yml | 2 | ||||
| -rw-r--r-- | kas/kas-security-base.yml | 23 | ||||
| -rw-r--r-- | kas/kas-security-dm.yml | 1 | ||||
| -rw-r--r-- | kas/kas-security-parsec.yml | 6 | ||||
| -rw-r--r-- | kas/qemuarm64-ima.yml | 10 | ||||
| -rw-r--r-- | kas/qemuarm64-multi.yml | 12 | ||||
| -rw-r--r-- | kas/qemumips64-multi.yml | 4 | ||||
| -rw-r--r-- | kas/qemuppc-parsec.yml | 6 | ||||
| -rw-r--r-- | kas/qemuppc.yml | 6 | ||||
| -rw-r--r-- | kas/qemux86-64-ima.yml | 10 | ||||
| -rw-r--r-- | kas/qemux86-64-multi.yml | 12 | ||||
| -rw-r--r-- | kas/qemux86-comp.yml | 11 | ||||
| -rw-r--r-- | kas/qemux86-ima.yml | 10 |
13 files changed, 14 insertions, 99 deletions
diff --git a/kas/kas-security-alt.yml b/kas/kas-security-alt.yml index 1514524..3ee9808 100644 --- a/kas/kas-security-alt.yml +++ b/kas/kas-security-alt.yml @@ -5,4 +5,4 @@ header: local_conf_header: alt: | - DISTRO_FEATURES_append = " systemd" + DISTRO_FEATURES:append = " systemd" diff --git a/kas/kas-security-base.yml b/kas/kas-security-base.yml index 3a5134e..fa7915c 100644 --- a/kas/kas-security-base.yml +++ b/kas/kas-security-base.yml @@ -1,5 +1,5 @@ header: - version: 8 + version: 9 distro: poky @@ -9,7 +9,6 @@ repos: ../meta-security: meta-tpm: meta-integrity: - meta-security-compliance: meta-hardening: poky: @@ -32,15 +31,11 @@ repos: local_conf_header: base: | - CONF_VERSION = "1" + CONF_VERSION = "2" SOURCE_MIRROR_URL = "http://downloads.yoctoproject.org/mirror/sources/" - SSTATE_MIRRORS = "file://.* http://sstate.yoctoproject.org/dev/PATH;downloadfilename=PATH \n" - BB_HASHSERVE = "auto" - BB_SIGNATURE_HANDLER = "OEEquivHash" INHERIT += "buildstats buildstats-summary buildhistory" INHERIT += "report-error" - INHERIT += "testimage" - INHERIT += "rm_work" + IMAGE_CLASSES += "testimage" BB_NUMBER_THREADS="24" BB_NUMBER_PARSE_THREADS="12" BB_TASK_NICE_LEVEL = '5' @@ -51,7 +46,8 @@ local_conf_header: EXTRA_IMAGE_FEATURES ?= "debug-tweaks" PACKAGE_CLASSES = "package_ipk" - DISTRO_FEATURES_append = " pam tpm tpm2 apparmor smack" + DISTRO_FEATURES:append = " security pam apparmor smack ima tpm tpm2" + MACHINE_FEATURES:append = " tpm tpm2" diskmon: | BB_DISKMON_DIRS = "\ @@ -59,14 +55,13 @@ local_conf_header: STOPTASKS,${DL_DIR},1G,100K \ STOPTASKS,${SSTATE_DIR},1G,100K \ STOPTASKS,/tmp,100M,100K \ - ABORT,${TMPDIR},100M,1K \ - ABORT,${DL_DIR},100M,1K \ - ABORT,${SSTATE_DIR},100M,1K \ - ABORT,/tmp,10M,1K" + HALT,${TMPDIR},100M,1K \ + HALT,${DL_DIR},100M,1K \ + HALT,${SSTATE_DIR},100M,1K \ + HALT,/tmp,10M,1K" bblayers_conf_header: base: | - POKY_BBLAYERS_CONF_VERSION = "2" BBPATH = "${TOPDIR}" BBFILES ?= "" diff --git a/kas/kas-security-dm.yml b/kas/kas-security-dm.yml index 7ce0e9d..c03b336 100644 --- a/kas/kas-security-dm.yml +++ b/kas/kas-security-dm.yml @@ -5,6 +5,7 @@ header: local_conf_header: dm-verify: | + DISTRO_FEATURES:append = " integrity" DM_VERITY_IMAGE = "core-image-minimal" DM_VERITY_IMAGE_TYPE = "ext4" IMAGE_CLASSES += "dm-verity-img" diff --git a/kas/kas-security-parsec.yml b/kas/kas-security-parsec.yml index 6152f0c..9a009be 100644 --- a/kas/kas-security-parsec.yml +++ b/kas/kas-security-parsec.yml @@ -8,14 +8,10 @@ repos: layers: meta-parsec: - meta-rust: - url: https://github.com/meta-rust/meta-rust.git - refspec: master - meta-clang: url: https://github.com/kraj/meta-clang.git refspec: master local_conf_header: meta-parsec: | - IMAGE_INSTALL_append = " parsec-service parsec-tool" + IMAGE_INSTALL:append = " parsec-service parsec-tool" diff --git a/kas/qemuarm64-ima.yml b/kas/qemuarm64-ima.yml deleted file mode 100644 index b478472..0000000 --- a/kas/qemuarm64-ima.yml +++ /dev/null @@ -1,10 +0,0 @@ -header: - version: 8 - includes: - - kas-security-base.yml - -local_conf_header: - meta-security: | - DISTRO_FEATURES_append = " ima" - -machine: qemuarm64 diff --git a/kas/qemuarm64-multi.yml b/kas/qemuarm64-multi.yml deleted file mode 100644 index d79142c..0000000 --- a/kas/qemuarm64-multi.yml +++ /dev/null @@ -1,12 +0,0 @@ -header: - version: 8 - includes: - - kas-security-base.yml - -local_conf_header: - multi: | - require conf/multilib.conf - MULTILIBS = "multilib:lib32" - DEFAULTTUNE_virtclass-multilib-lib32 = "armv7athf-neon" - -machine: qemuarm64 diff --git a/kas/qemumips64-multi.yml b/kas/qemumips64-multi.yml index c8cf94b..6ef8b39 100644 --- a/kas/qemumips64-multi.yml +++ b/kas/qemumips64-multi.yml @@ -8,7 +8,7 @@ local_conf_header: require conf/multilib.conf MULTILIBS = "multilib:lib64 multilib:lib32" DEFAULTTUNE = "mips64-n32" - DEFAULTTUNE_virtclass-multilib-lib64 = "mips64" - DEFAULTTUNE_virtclass-multilib-lib32 = "mips32r2" + DEFAULTTUNE:virtclass-multilib-lib64 = "mips64" + DEFAULTTUNE:virtclass-multilib-lib32 = "mips32r2" machine: qemumips64 diff --git a/kas/qemuppc-parsec.yml b/kas/qemuppc-parsec.yml deleted file mode 100644 index 1176d13..0000000 --- a/kas/qemuppc-parsec.yml +++ /dev/null @@ -1,6 +0,0 @@ -header: - version: 8 - includes: - - kas-security-parsec.yml - -machine: qemuppc diff --git a/kas/qemuppc.yml b/kas/qemuppc.yml deleted file mode 100644 index 3dad81c..0000000 --- a/kas/qemuppc.yml +++ /dev/null @@ -1,6 +0,0 @@ -header: - version: 8 - includes: - - kas-security-base.yml - -machine: qemuppc diff --git a/kas/qemux86-64-ima.yml b/kas/qemux86-64-ima.yml deleted file mode 100644 index e64931c..0000000 --- a/kas/qemux86-64-ima.yml +++ /dev/null @@ -1,10 +0,0 @@ -header: - version: 8 - includes: - - kas-security-base.yml - -local_conf_header: - meta-security: | - DISTRO_FEATURES_append = " ima" - -machine: qemux86-64 diff --git a/kas/qemux86-64-multi.yml b/kas/qemux86-64-multi.yml deleted file mode 100644 index 711ce28..0000000 --- a/kas/qemux86-64-multi.yml +++ /dev/null @@ -1,12 +0,0 @@ -header: - version: 8 - includes: - - kas-security-base.yml - -local_conf_header: - multi: | - require conf/multilib.conf - MULTILIBS = "multilib:lib32" - DEFAULTTUNE_virtclass-multilib-lib32 = "x86" - -machine: qemux86-64 diff --git a/kas/qemux86-comp.yml b/kas/qemux86-comp.yml deleted file mode 100644 index 14c5dca..0000000 --- a/kas/qemux86-comp.yml +++ /dev/null @@ -1,11 +0,0 @@ -header: - version: 8 - includes: - - kas-security-base.yml - -local_conf_header: - meta-compliance: | - IMAGE_INSTALL_append = " lynis" - IMAGE_INSTALL_append = " openscap openscap-daemon scap-security-guide" - -machine: qemux86 diff --git a/kas/qemux86-ima.yml b/kas/qemux86-ima.yml deleted file mode 100644 index 6528ba6..0000000 --- a/kas/qemux86-ima.yml +++ /dev/null @@ -1,10 +0,0 @@ -header: - version: 8 - includes: - - kas-security-base.yml - -local_conf_header: - meta-security: | - DISTRO_FEATURES_append = " ima" - -machine: qemux86 |