diff options
author | Andrew Geissler <geissonator@yahoo.com> | 2021-04-15 23:52:46 +0300 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2021-04-19 16:32:18 +0300 |
commit | f1e440673465aa768f31e78c0c201002f9f767b7 (patch) | |
tree | 44dffb1d845b35c3f4bf0629a622d8ae04abda41 /meta-security/meta-parsec/recipes-parsec/parsec-service/files | |
parent | 636aaa195862ab9a5442c3178e38266debab3bff (diff) | |
download | openbmc-f1e440673465aa768f31e78c0c201002f9f767b7.tar.xz |
meta-security: subtree update:775870980b..ca9264b1e1
Anton Antonov (4):
Use libest "main" branch instead of "master".
Add meta-parsec layer into meta-security.
Define secure images with parsec-service and parsec-tool included and add the images into gitlab CI
Clearly define clang toolchain in Parsec recipes
Armin Kuster (16):
packagegroup-core-security: drop clamav-cvd
clamav: upgrade 104.0
python3-privacyidea: upgrade 3.5.1 -> 3.5.2
clamav: fix systemd service install
swtpm: now need python-cryptography, pull in layer
swtpm: file pip3 issue
swtpm: fix check for tscd deamon on host
python3-suricata-update: update to 1.2.1
suricata: update to 6.0.2
layer.conf: add dynamic-layer for rust pkg
README: cleanup
.gitlab-ci.yml: reorder to speed up builds
kas-security-base.yml: tweek build vars
gitlab-ci: fine tune order
clamav: remove rest of mirror.dat ref
lkrg-module: Add Linux Kernel Runtime Guard
Ming Liu (2):
meta: drop IMA_POLICY from policy recipes
initramfs-framework-ima: introduce IMA_FORCE
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Ifac35a0d7b7e724f1e30dce5f6634d5d4fc9b5b9
Diffstat (limited to 'meta-security/meta-parsec/recipes-parsec/parsec-service/files')
4 files changed, 102 insertions, 0 deletions
diff --git a/meta-security/meta-parsec/recipes-parsec/parsec-service/files/cryptoki.patch b/meta-security/meta-parsec/recipes-parsec/parsec-service/files/cryptoki.patch new file mode 100644 index 000000000..c23447967 --- /dev/null +++ b/meta-security/meta-parsec/recipes-parsec/parsec-service/files/cryptoki.patch @@ -0,0 +1,18 @@ + +Use cryptoki v0.1.1 which supports the "generate-bindings" feature +required for building Parsec service 0.7.0 in Yocto. + +Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> +Upstream-Status: Submitted + +--- a/Cargo.toml 2021-04-01 10:29:50.333687763 +0100 ++++ b/Cargo.toml 2021-04-01 10:27:13.051860002 +0100 +@@ -37,7 +37,7 @@ + version = "1.3.1" + + [dependencies.cryptoki] +-version = "0.1.0" ++version = "0.1.1" + features = ["psa-crypto-conversions"] + optional = true + diff --git a/meta-security/meta-parsec/recipes-parsec/parsec-service/files/parsec-tmpfiles.conf b/meta-security/meta-parsec/recipes-parsec/parsec-service/files/parsec-tmpfiles.conf new file mode 100644 index 000000000..fe576a27f --- /dev/null +++ b/meta-security/meta-parsec/recipes-parsec/parsec-service/files/parsec-tmpfiles.conf @@ -0,0 +1,2 @@ +#Type Path Mode User Group Age Argument +d /run/parsec 755 parsec parsec - - diff --git a/meta-security/meta-parsec/recipes-parsec/parsec-service/files/parsec_init b/meta-security/meta-parsec/recipes-parsec/parsec-service/files/parsec_init new file mode 100755 index 000000000..58a289727 --- /dev/null +++ b/meta-security/meta-parsec/recipes-parsec/parsec-service/files/parsec_init @@ -0,0 +1,63 @@ +#! /bin/sh -e + +# ------------------------------------------------------------------------------ +# Copyright (c) 2021, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ------------------------------------------------------------------------------ + +# Parsec Service SysV init script + +test -x /usr/libexec/parsec/parsec || exit 0 + +case "$1" in + start) + echo -n "Starting Parsec daemon: " + if [ ! -f /etc/parsec/config.toml ]; then + echo "There is no Parsec service configuration file." + else + if [ ! -d /run/parsec ]; then + mkdir /run/parsec + chown parsec:parsec /run/parsec + chmod 755 /run/parsec + fi + # start-stop-daemon used in poky busybox doesn't support + # '--chdir' parameter. So, let's do it manually + cd /var/lib/parsec + RUST_LOG=info start-stop-daemon --oknodo --start --background \ + --chuid parsec:parsec --exec /usr/libexec/parsec/parsec \ + -- --config /etc/parsec/config.toml + echo "parsec." + fi + ;; + stop) + echo -n "Stopping Parsec daemon: " + start-stop-daemon --oknodo --stop --exec /usr/libexec/parsec/parsec + echo "parsec." + ;; + reload) + echo -n "Reloading Parsec daemon: " + start-stop-daemon --stop --signal SIGHUP --exec /usr/libexec/parsec/parsec + echo "parsec." + ;; + restart|force-reload) + $0 stop + $0 start + ;; + *) + echo "Usage: /etc/init.d/parsec {start|stop|restart|reload|force-reload}" + exit 1 +esac + +exit 0 diff --git a/meta-security/meta-parsec/recipes-parsec/parsec-service/files/systemd.patch b/meta-security/meta-parsec/recipes-parsec/parsec-service/files/systemd.patch new file mode 100644 index 000000000..c01ff065c --- /dev/null +++ b/meta-security/meta-parsec/recipes-parsec/parsec-service/files/systemd.patch @@ -0,0 +1,19 @@ + +Run the Parsec service as parsec user in /var/lib/parsec/ working directory. + +Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> +Upstream-Status: Inappropriate [deployment configuration] + +--- a/systemd-daemon/parsec.service 2021-03-28 18:34:18.703196235 +0100 ++++ b/systemd-daemon/parsec.service 2021-03-28 18:35:14.279830299 +0100 +@@ -3,7 +3,9 @@ + Documentation=https://parallaxsecond.github.io/parsec-book/parsec_service/install_parsec_linux.html + + [Service] +-WorkingDirectory=/home/parsec/ ++User=parsec ++Group=parsec ++WorkingDirectory=/var/lib/parsec/ + ExecStart=/usr/libexec/parsec/parsec --config /etc/parsec/config.toml + + [Install] |