| Age | Commit message (Collapse) | Author |
|---|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Use '${COMMON_LICENSE_DIR}/MIT' for MIT License to fix the warning:
| WARNING: packagegroup-core-security do_populate_lic:
${COREBASE}/LICENSE is not a valid license file, please use
'${COMMON_LICENSE_DIR}/MIT' for a MIT License file in LIC_FILES_CHKSUM.
This will become an error in the future
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Add LDFLAGS variable to fix QA issue for GNU_HASH:
| ERROR: samhain-client-4.2.2-r0 do_package_qa: QA Issue:
No GNU_HASH in the elf binary: '/builddir/usr/sbin/samhain_setpwd' [ldflags]
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Add a patch to avoid searching host dir for postgresql,
and set PGSQL_INC_DIR and PGSQL_LIB_DIR instead.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
* The "??=" assignment for PACKAGECONFIG is overridden by
the following "+=" assignments, which is not expected,
so combine them into one assignment with multiple lines.
* Fix a typo for postgresql.
* Remove unneeded quotation marks.
* run aotoconf to regenerate the configure, or the patch
for ps option doesn't work:
| configure: error: unrecognized option: --with-ps-path=/bin/ps
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The extended attribute is required by selinux feature,
so add the dependency when selinux is enabled.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
configure.ac:8: http://www.gnu.org/software/automake/manual/automake.html#Modernize-AM_005fINIT_005fAUTOMAKE-invocation
| configure.ac:8: error: version mismatch. This is Automake 1.15.1,
| configure.ac:8: but the definition used by this AM_INIT_AUTOMAKE
add aclocal
and
make: Entering directory '/home/akuster/oss/clean/poky/build/tmp/work/mips64-poky-linux/apparmor/2.11.0-r0/apparmor-2.11.0/binutils'
| error: ../libraries/libapparmor//src/.libs/libapparmor.a is missing. Pick one of these possible solutions:
remove --disable-static
and
ERROR: apparmor-2.11.0-r0 do_package_qa: QA Issue: /usr/lib/apparmor/ptest/testsuite/parser/tst/gen-dbus.pl contained in package apparmor-ptest requires /usr/bin/perl, but no providers found in RDEPENDS_apparmor-ptest? [file-rdeps]
add perl to ptest RDEPENDS
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Don't want to add layer depends for one package unless needed.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Commit 4c4fa8c "tpm2.0-tss: install resourcemgr service" introduced
systemd support for the resourcemgr package, but left the default
${PN} in SYSTEMD_PACKAGES, leading to an apparently harmless (?) build
error, emitted by systemd.bbclass via bb.error() because tpm2.0-tss
does not have a package of that name:
ERROR: tpm2.0-tss-git-r0 do_package: tpm2.0-tss does not appear in package list, please add it
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
LIC_CHKSUM_FILES changed do to yr update.
add a few more PACKCONFIG
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Fail2Ban scans log files like /var/log/auth.log and bans IP addresses having too many failed login attempts. It does this by updating system firewall rules to reject new connections from those IP addresses, for a configurable amount of time. Fail2Ban comes out-of-the-box ready to read many standard log files, such as those for sshd and Apache, and is easy to configure to read any log file you choose, for any error you choose.
Though Fail2Ban is able to reduce the rate of incorrect authentications attempts, it cannot eliminate the risk that weak authentication presents. Configure services to use only two factor or public/private authentication mechanisms if you really want to protect services.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
linux-yocto_4.1.bb recipe has been removed from oe-core master
and that triggers a bitbake error due to orphan bbappends
maintained in meta-security.
To fix the error, drop linux-yocto_4.1.bbappend plus the patches
and the config fragments for it.
Signed-off-by: Mikko Ylinen <mikko.ylinen@linux.intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
* update to version 4.2.2
* Add new recipe for standalone mode
* Add systemd support
* Add patches to fix several issues
* samhain-standalone: add ptest support
* samhain-server: no need to depend on samhain-server-native
* Move common things from the bb to the inc file
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
- We need various python3 modules and we can only really solve this
problem by including all python3-modules.
- aa-easyprof needs to have its shebang corrected, do so.
- The apparmor initscript depends on functions that LSB does not require
so we must provide them. In some cases it's using non-standard
function, so we just use more appropriate names.
- The apparmor sysvinit-style initscript assumes that
systemd-detect-virt will exist on the filesystem. Change this to
check that it does before trying to execute it.
[for aa-easyprof:]
Reported-by: Anders Montonen <Anders.Montonen@iki.fi>
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Mhash is a free (under GNU Lesser GPL) library which provides
a uniform interface to a large number of hash algorithms.
These algorithms can be used to compute checksums, message
digests, and other signatures.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
libgssglue exports a gssapi interface which calls
other gssapi libraries.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
- Add a patch to fix python library install dir for multilib.
- Add a patch to fix race condition with mkdir command.
- Inherit pythonnative instead of python-dir and install
python modules for ndiff to fix the following errors:
"""
root@qemux86-64:~# ndiff --help
-sh: /usr/bin/ndiff: /path_to_build/tmp/hosttools/python: bad interpreter: No such file or directory
root@qemux86-64:~# python /usr/bin/ndiff
Could not import the ndiff module: 'No module named ndiff'.
"""
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
KeyNote is a simple and flexible trust-management system
designed to work well for a variety of large- and small-
scale Internet-based applications
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
XML Security Library is a C library based on LibXML2 and OpenSSL.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This introduces a number of changes:
- Fix the python PACKAGECONFIG knob
- The included python support is python3-based, so use those classes.
- When set, make sure to RDEPEND on the python modules the tools use.
- Fix the perl PACKAGECONFIG knob
- Add two patches so that configure will find perl and then compile
will cross-compile the library correctly.
- So that we place perl modules in the correct location we need cpan
to be inherited.
- When disabled, remove the RDEPENDS on perl as the RDEPENDS comes in
via inherit.
- Default to enabling the python and perl PACKAGECONFIG knobs as the
majority of the userspace tools are python3 based, and the few that
aren't that nor C based are perl based.
- Because of the above we must drop the -python package because it's
required for the utilities in the main package.
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
WARNING: apparmor-2.11.0-r0 do_package: QA Issue: apparmor: Files/directories were installed but not shipped in any package:
/usr/lib/python2.7
/usr/lib/python2.7/site-packages
/usr/lib/python2.7/site-packages/apparmor-2.11.0-py2.7.egg-info
/usr/lib/python2.7/site-packages/apparmor
/usr/lib/python2.7/site-packages/apparmor/regex.py
use python2 instead of python3
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
eCryptfs is a stacked cryptographic filesystem that ships
in Linux kernel versions 2.6.19 and above. This package
provides the mount helper and supporting libraries to
perform key management and mount functions.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
keyutils is utilities to control the kernel key
management facility and to provide a mechanism by
which the kernel call back to userspace to get a
key instantiated.
It's required by ecryptfs-utils.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Fix "ERROR: ExpansionError during parsing" when building with multilib.
Signed-off-by: Peter Lei <peter.lei@ieee.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
configure: error: The installed zlib version may contain a security bug. Please upgrade to 1.2.2 or later: http://www.zlib.net. You can omit this check with --disable-zlib-vcheck but DO NOT REPORT any stability issues then!
bypass check as our zlib is 1.2.11
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
build fixes too
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
Armin Kuster
Armin Kuster
Jackie Huang
Patrick Ohly
Mikko Ylinen
Tom Rini
André Draszik
Peter Lei