diff options
author | Andrew Geissler <geissonator@yahoo.com> | 2020-05-15 22:16:47 +0300 |
---|---|---|
committer | Andrew Geissler <geissonator@yahoo.com> | 2020-05-21 23:43:47 +0300 |
commit | 1fe918a07084c878d72cf8a7d1707f6598cc438f (patch) | |
tree | 4c68407364bab78c848876a89613f8075f2954f9 /meta-security/meta-security-isafw/README.md | |
parent | c182c62dd929fe69b57a12bc04099fcd09b5d436 (diff) | |
download | openbmc-1fe918a07084c878d72cf8a7d1707f6598cc438f.tar.xz |
meta-security: subtree update:b72cc7f87c..95fe86eb98
André Draszik (1):
linux-yocto: update the bbappend to 5.x
Armin Kuster (36):
README: add pull request option
sssd: drop py2 support
python3-fail2ban: update to latest
Apparmor: fix some runtime depends
linux-yocto-dev: remove "+"
checksecurity: fix runtime issues
buck-security: fix rdebends and minor style cleanup
swtpm: fix configure error
ecryptfs-utils: search nspr header files in ${STAGING_INCDIR}/nspr directory
bastille: convert to py3
tpm2-tools: update to 4.1.1
tpm2-tcti-uefi: fix build issue for i386 machine
tpm2-tss: update to 2.3.2
ibmswtpm2: update to 1563
python3-fail2ban: add 2-3 conversion changes
google-authenticator-libpam: install module in pam location
apparmor: update to tip
clamav: add bison-native to depend
meta-security-isafw: import layer from Intel
isafw: fix to work against master
layer.conf: add zeus
README.md: update to new maintainer
clamav-native: missed bison fix
secuirty*-image: remove dead var and minor cleanup
libtpm: fix build issue over pod2man
sssd: python2 not supported
libseccomp: update to 2.4.3
lynis: add missing rdepends
fail2ban: change hardcoded sysklogd to VIRTUAL-RUNTIME_base-utils-syslog
chkrootkit: add rootkit recipe
clamav: move to recipes-scanners
checksec: move to recipe-scanners
checksecurity: move to recipes-scanners
buck-security: move to recipes-scanners
arpwatch: add new recipe
buck-security: fix runtime issue with missing per module
Bartosz Golaszewski (3):
linux: drop the bbappend for linux v4.x series
classes: provide a class for generating dm-verity meta-data images
dm-verity: add a working example for BeagleBone Black
Haseeb Ashraf (1):
samhain: dnmalloc hash fix for aarch64 and mips64
Jan Luebbe (2):
apparmor: fix wrong executable permission on service file
apparmor: update to 2.13.4
Jonatan Pålsson (10):
README: Add meta-python to list of layer deps
sssd: Add PACKAGECONFIG for python2
sssd: Fix typo in PACKAGECONFIG. cyrpto -> crypto
sssd: DEPEND on nss if nothing else is chosen
sssd: Sort PACKAGECONFIG entries
sssd: Add autofs PACKAGECONFIG
sssd: Add sudo PACKAGECONFIG
sssd: Add missing files to SYSTEMD_SERVICE
sssd: Add missing DEPENDS on jansson
sssd: Add infopipe PACKAGECONFIG
Kai Kang (1):
sssd: fix for ldblibdir and systemd etc
Martin Jansa (1):
layer.conf: update LAYERSERIES_COMPAT for dunfell
Mingli Yu (1):
linux-yocto: update the bbappend to 5.x
Pierre-Jean Texier via Lists.Yoctoproject.Org (1):
google-authenticator-libpam: upgrade 1.07 -> 1.08
Yi Zhao (5):
samhain: fix build with new version attr
scap-security-guide: fix xml parsing error when build remediation files
scap-security-guide: pass the correct schema file path to openscap-native
openscap-daemon: add missing runtime dependencies
samhain-server: add volatile file for systemd
Change-Id: I3d4a4055cb9420e97d3eacf8436d9b048d34733f
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Diffstat (limited to 'meta-security/meta-security-isafw/README.md')
-rw-r--r-- | meta-security/meta-security-isafw/README.md | 92 |
1 files changed, 92 insertions, 0 deletions
diff --git a/meta-security/meta-security-isafw/README.md b/meta-security/meta-security-isafw/README.md new file mode 100644 index 000000000..16041cbff --- /dev/null +++ b/meta-security/meta-security-isafw/README.md @@ -0,0 +1,92 @@ +**meta-security-isafw** is an OE layer that allows enabling the Image +Security Analysis Framework (isafw) for your image builds. + +The primary purpose of isafw is to provide an extensible +framework for analysing different security aspects of images +during the build process. + +The isafw project itself can be found at + https://github.com/01org/isafw + +The framework supports a number of callbacks (such as +process_package(), process_filesystem(), and etc.) that are invoked +by the bitbake during different stages of package and image build. +These callbacks are then forwarded for processing to the avaliable +ISA FW plugins that have registered for these callbacks. +Plugins can do their own processing on each stage of the build +process and produce security reports. + +Dependencies +------------ + +The **meta-security-isafw** layer depends on the Open Embeeded +core layer: + + git://git.openembedded.org/openembedded-core + + +Usage +----- + +In order to enable the isafw during the image build, please add +the following line to your build/conf/local.conf file: + +```python +INHERIT += "isafw" +``` + +Next you need to update your build/conf/bblayers.conf file with the +location of meta-security-isafw layer on your filesystem along with +any other layers needed. e.g.: + +```python +BBLAYERS ?= " \ + /OE/oe-core/meta \ + /OE/meta-security/meta-security-isafw \ + " +``` + +Also, some isafw plugins require network connection, so in case of a +proxy setup please make sure to export http_proxy variable into your +environment. + +In order to produce image reports, you can execute image build +normally. For example: + +```shell +bitbake core-image-minimal +``` + +If you are only interested to produce a report based on packages +and without building an image, please use: + +```shell +bitbake -c analyse_sources_all core-image-minimal +``` + + +Logs +---- + +All isafw plugins by default create their logs under the +${LOG_DIR}/isafw-report/ directory, where ${LOG_DIR} is a bitbake +default location for log files. If you wish to change this location, +please define ISAFW_REPORTDIR variable in your local.conf file. + +Patches +------- +end pull requests, patches, comments or questions to yocto@lists.yoctoproject.org + +When sending single patches, please using something like: +'git send-email -1 --to yocto@lists.yoctoproject.org --subject-prefix=meta-security-isafw][PATCH' + +These values can be set as defaults for this repository: + +$ git config sendemail.to yocto@lists.yoctoproject.org +$ git config format.subjectPrefix meta-security-isafw][PATCH + +Now you can just do 'git send-email origin/master' to send all local patches. + +For pull requests, please use create-pull-request and send-pull-request. + +Maintainers: Armin Kuster <akuster808@gmail.com> |