diff options
| author | Andrew Geissler <geissonator@yahoo.com> | 2021-04-15 23:52:46 +0300 |
|---|---|---|
| committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2021-04-19 16:32:18 +0300 |
| commit | f1e440673465aa768f31e78c0c201002f9f767b7 (patch) | |
| tree | 44dffb1d845b35c3f4bf0629a622d8ae04abda41 /meta-security/.gitlab-ci.yml | |
| parent | 636aaa195862ab9a5442c3178e38266debab3bff (diff) | |
| download | openbmc-f1e440673465aa768f31e78c0c201002f9f767b7.tar.xz | |
meta-security: subtree update:775870980b..ca9264b1e1
Anton Antonov (4):
Use libest "main" branch instead of "master".
Add meta-parsec layer into meta-security.
Define secure images with parsec-service and parsec-tool included and add the images into gitlab CI
Clearly define clang toolchain in Parsec recipes
Armin Kuster (16):
packagegroup-core-security: drop clamav-cvd
clamav: upgrade 104.0
python3-privacyidea: upgrade 3.5.1 -> 3.5.2
clamav: fix systemd service install
swtpm: now need python-cryptography, pull in layer
swtpm: file pip3 issue
swtpm: fix check for tscd deamon on host
python3-suricata-update: update to 1.2.1
suricata: update to 6.0.2
layer.conf: add dynamic-layer for rust pkg
README: cleanup
.gitlab-ci.yml: reorder to speed up builds
kas-security-base.yml: tweek build vars
gitlab-ci: fine tune order
clamav: remove rest of mirror.dat ref
lkrg-module: Add Linux Kernel Runtime Guard
Ming Liu (2):
meta: drop IMA_POLICY from policy recipes
initramfs-framework-ima: introduce IMA_FORCE
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Ifac35a0d7b7e724f1e30dce5f6634d5d4fc9b5b9
Diffstat (limited to 'meta-security/.gitlab-ci.yml')
| -rw-r--r-- | meta-security/.gitlab-ci.yml | 88 |
1 files changed, 32 insertions, 56 deletions
diff --git a/meta-security/.gitlab-ci.yml b/meta-security/.gitlab-ci.yml index 1442239b2..f673ef698 100644 --- a/meta-security/.gitlab-ci.yml +++ b/meta-security/.gitlab-ci.yml @@ -26,128 +26,104 @@ stages: qemux86: extends: .build script: - - kas build --target security-build-image kas/$CI_JOB_NAME.yml + - kas build --target security-build-image kas/$CI_JOB_NAME.yml + - kas build --target security-build-image kas/$CI_JOB_NAME-parsec.yml + - kas build --target security-build-image kas/$CI_JOB_NAME-comp.yml + - kas build --target harden-image-minimal kas/$CI_JOB_NAME-harden.yml + - kas build --target integrity-image-minimal kas/$CI_JOB_NAME-ima.yml qemux86-64: extends: .build script: - - kas build --target security-build-image kas/$CI_JOB_NAME.yml + - kas build --target security-build-image kas/$CI_JOB_NAME.yml + - kas build --target security-build-image kas/$CI_JOB_NAME-parsec.yml + - kas build --target dm-verity-image-initramfs kas/$CI_JOB_NAME-dm-verify.yml + - kas build --target integrity-image-minimal kas/$CI_JOB_NAME-ima.yml qemuarm: extends: .build script: - - kas build --target security-build-image kas/$CI_JOB_NAME.yml + - kas build --target security-build-image kas/$CI_JOB_NAME.yml + - kas build --target security-build-image kas/$CI_JOB_NAME-parsec.yml qemuarm64: extends: .build script: - - kas build --target security-build-image kas/$CI_JOB_NAME.yml + - kas build --target security-build-image kas/$CI_JOB_NAME.yml + - kas build --target security-build-image kas/$CI_JOB_NAME-parsec.yml + - kas build --target integrity-image-minimal kas/$CI_JOB_NAME-ima.yml qemuppc: extends: .build script: - - kas build --target security-build-image kas/$CI_JOB_NAME.yml + - kas build --target security-build-image kas/$CI_JOB_NAME.yml + - kas build --target security-build-image kas/$CI_JOB_NAME-parsec.yml qemumips64: extends: .build script: - - kas build --target security-build-image kas/$CI_JOB_NAME.yml + - kas build --target security-build-image kas/$CI_JOB_NAME.yml qemuriscv64: extends: .build script: - - kas build --target security-build-image kas/$CI_JOB_NAME.yml + - kas build --target security-build-image kas/$CI_JOB_NAME.yml qemux86-64-tpm: extends: .build script: - - kas build --target security-tpm-image kas/$CI_JOB_NAME.yml - -qemux86-64-tpm2: - extends: .build - script: - - kas build --target security-tpm2-image kas/$CI_JOB_NAME.yml + - kas build --target security-tpm-image kas/$CI_JOB_NAME.yml + - kas build --target security-tpm2-image kas/$CI_JOB_NAME2.yml qemuarm64-tpm2: extends: .build script: - - kas build --target security-tpm2-image kas/$CI_JOB_NAME.yml - -qemux86-ima: - extends: .build - script: - - kas build --target integrity-image-minimal kas/$CI_JOB_NAME.yml - -qemux86-64-ima: - extends: .build - script: - - kas build --target integrity-image-minimal kas/$CI_JOB_NAME.yml - -qemuarm64-ima: - extends: .build - script: - - kas build --target integrity-image-minimal kas/$CI_JOB_NAME.yml - -qemux86-64-dm-verify: - extends: .build - script: - - kas build --target core-image-minimal kas/qemux86-64.yml - - kas build --target dm-verity-image-initramfs kas/$CI_JOB_NAME.yml - + - kas build --target security-tpm2-image kas/$CI_JOB_NAME.yml qemuarm64-alt: extends: .build script: - - kas build --target security-build-image kas/$CI_JOB_NAME.yml + - kas build --target security-build-image kas/$CI_JOB_NAME.yml qemuarm64-multi: extends: .build script: - - kas build --target security-build-image kas/$CI_JOB_NAME.yml + - kas build --target security-build-image kas/$CI_JOB_NAME.yml qemumips64-alt: extends: .build script: - - kas build --target security-build-image kas/$CI_JOB_NAME.yml + - kas build --target security-build-image kas/$CI_JOB_NAME.yml qemumips64-multi: extends: .build script: - - kas build --target security-build-image kas/$CI_JOB_NAME.yml + - kas build --target security-build-image kas/$CI_JOB_NAME.yml qemux86-64-alt: extends: .build script: - - kas build --target security-build-image kas/$CI_JOB_NAME.yml + - kas build --target security-build-image kas/$CI_JOB_NAME.yml qemux86-64-multi: extends: .build script: - - kas build --target security-build-image kas/$CI_JOB_NAME.yml + - kas build --target security-build-image kas/$CI_JOB_NAME.yml qemux86-musl: extends: .build script: - - kas build --target security-build-image kas/$CI_JOB_NAME.yml + - kas build --target security-build-image kas/$CI_JOB_NAME.yml qemuarm64-musl: extends: .build script: - - kas build --target security-build-image kas/$CI_JOB_NAME.yml - -qemux86-harden: - extends: .build - script: - - kas build --target harden-image-minimal kas/$CI_JOB_NAME.yml - -qemux86-comp: - extends: .build - script: - - kas build --target security-build-image kas/$CI_JOB_NAME.yml + - kas build --target security-build-image kas/$CI_JOB_NAME.yml qemux86-test: extends: .build allow_failure: true script: - - kas build --target security-test-image kas/$CI_JOB_NAME.yml - - kas build -c testimage --target security-test-image kas/$CI_JOB_NAME.yml + - kas build --target security-test-image kas/$CI_JOB_NAME.yml + - kas build -c testimage --target security-test-image kas/$CI_JOB_NAME.yml + |