| Age | Commit message (Collapse) | Author |
|---|
|
It packages all file in ${libdir} to package sssd, including the .so
symlink files. Then it causes QA issues:
| ERROR: QA Issue: sssd rdepends on dbus-dev [dev-deps]
| ERROR: QA Issue: sssd rdepends on ding-libs-dev [dev-deps]
So re-package sssd then the .so symlink files and .pc files are packaged
to sssd-dev which should be.
File ${libdir}/libsss_sudo.so is not a symlink file but packaged to
sssd-dev too. Then causes another QA issue:
| ERROR: sssd-2.5.2-r0 do_package_qa: QA Issue:
-dev package sssd-dev contains non-symlink .so '/usr/lib/libsss_sudo.so' [dev-elf]
So create a new sub-package libsss-sudo to package file libsss_sudo.so
and make sssd rdepends on it.
JP: Updated for version differences.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit e81c15f851ca5396c78c8737967ee38db0ebe0cd)
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This patch updates SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls as generated by the conversion script
in OE-Core.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Backport patch to fix CVE-2021-3621.
CVE: CVE-2021-3621
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 833ae34c8f3222358f65e8ee3fdbac565485694e)
|
|
This error occurs randomly.
/bin/bash: pod2man: command not found
[Yocto #14304]
minor space/tab cleanup
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Cc: Ben <koncept1@gmail.com>
|
|
They are MACHINE not DISTRO FEATURES
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
way too many jobs. TPM have there own images, use that
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Move FEATURES that affect kernel configuation to minimize rebuilds
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
move to different builder and define SSTATE_DIR
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
For more info see: https://github.com/openwall/lkrg
Add to local.conf:
IMAGE_INSTALL_append = " kernel-module-lkrg"
Need these kconfig options enabled:
CONFIG_KALLSYMS_ALL=y
CONFIG_JUMP_LABEL=y
CONFIG_DEBUG_KERNEL=y
To invoke module:
sudo insmod {path-to-modules}/p_lkrg.ko kint_enforce=1
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
add meta-filesystems
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Also clean up extra spaces
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Introduce IMA_FORCE to allow the IMA policy be applied forcely even
'no_ima' boot parameter is available.
This ensures the end users have a way to disable 'no_ima' support if
they want to, because it may expose a security risk if an attacker can
find a way to change kernel arguments, it will easily bypass rootfs
authenticity checks.
Signed-off-by: Sergio Prado <sergio.prado@toradex.com>
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
the images into gitlab CI
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The layer contains recipes for Parsec service version 0.7.0 and parsec-tool version 0.3.0. The Parsec service is built with all supported providers and deployed with the MbedCrypto provider enabled. Both systemd and sysv-init are supported.
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This patch fixes the issue:
WARNING: libest-3.2.0-r0 do_fetch: Failed to fetch URL git://github.com/cisco/libest, attempting MIRRORS if available
ERROR: libest-3.2.0-r0 do_fetch: Fetcher failure: Unable to find revision 4ca02c6d7540f2b1bcea278a4fbe373daac7103b in branch master even from upstream
ERROR: libest-3.2.0-r0 do_fetch: Fetcher failure for URL: 'git://github.com/cisco/libest'. Unable to fetch URL from any source.
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Found a few places that tscd check was trying to run the hosts.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
need native pip3, was using host's
Signed-off-by: Armin Kuster <akuster808@gmail.com>
--
V2]
add python3-cryptography-native to DEPENDS
forgot to add changes.
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
ERROR: clamav-0.104.0-r0 do_package: QA Issue: clamav: Files/directories were installed but not shipped in any package:
/lib/systemd/system/clamav-daemon.service
/lib/systemd/system/clamav-clamonacc.service
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
IMA_POLICY is being referred as policy recipe name in some places and it
is also being referred as policy file in other places, they are
conflicting with each other which make it impossible to set a IMA_POLICY
global variable in config file.
Fix it by dropping IMA_POLICY definitions from policy recipes
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
convert to cmake and general cleanup
include on oe env patch and glibc 2.33 header fixup
if running w/in qemu, need to add qemuparams="-m 2048" to allow
freshclam not to oom
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
V2]
Bump PV to match what is being d/l
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Add python package
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
LIC_FILES_CHKSUM hash changed between branches.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Thats codename for 3.3
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This ensures when a end user change the IMA_EVM_X509 key file,
ima-evm-keys recipe will be rebuilt.
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
It fails to comile samhain for powerpc(qemuppc):
| x_sh_dbIO.c: In function 'swap_short':
| x_sh_dbIO.c:229:36: error: initializer element is not constant
| 229 | static unsigned short ooop = *iptr;
| | ^
Assign after initialization of the static variable to avoid the failure.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
- Without the patch fscryptctl is installed in
/usr/bin/usr/local/bin instead of /usr/bin.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Use new structure for testing.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
drop patch included in update
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
includes: CVE-2020-24332, CVE-2020-24330, CVE-2020-24331
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
include automate 2.70 fix
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
Jeremy A. Puhlman
Armin Kuster
Kai Kang
Anton Antonov
Ming Liu
lukasz plachno