meta-security: subtree update:b72cc7f87c..95fe86eb98

André Draszik (1):
      linux-yocto: update the bbappend to 5.x

Armin Kuster (36):
      README: add pull request option
      sssd: drop py2 support
      python3-fail2ban: update to latest
      Apparmor: fix some runtime depends
      linux-yocto-dev: remove "+"
      checksecurity: fix runtime issues
      buck-security: fix rdebends and minor style cleanup
      swtpm: fix configure error
      ecryptfs-utils: search nspr header files in ${STAGING_INCDIR}/nspr directory
      bastille: convert to py3
      tpm2-tools: update to 4.1.1
      tpm2-tcti-uefi: fix build issue for i386 machine
      tpm2-tss: update to 2.3.2
      ibmswtpm2: update to 1563
      python3-fail2ban: add 2-3 conversion changes
      google-authenticator-libpam: install module in pam location
      apparmor: update to tip
      clamav: add bison-native to depend
      meta-security-isafw: import layer from Intel
      isafw: fix to work against master
      layer.conf: add zeus
      README.md: update to new maintainer
      clamav-native: missed bison fix
      secuirty*-image: remove dead var and minor cleanup
      libtpm: fix build issue over pod2man
      sssd: python2 not supported
      libseccomp: update to 2.4.3
      lynis: add missing rdepends
      fail2ban: change hardcoded sysklogd to VIRTUAL-RUNTIME_base-utils-syslog
      chkrootkit: add rootkit recipe
      clamav: move to recipes-scanners
      checksec: move to recipe-scanners
      checksecurity: move to recipes-scanners
      buck-security: move to recipes-scanners
      arpwatch: add new recipe
      buck-security: fix runtime issue with missing per module

Bartosz Golaszewski (3):
      linux: drop the bbappend for linux v4.x series
      classes: provide a class for generating dm-verity meta-data images
      dm-verity: add a working example for BeagleBone Black

Haseeb Ashraf (1):
      samhain: dnmalloc hash fix for aarch64 and mips64

Jan Luebbe (2):
      apparmor: fix wrong executable permission on service file
      apparmor: update to 2.13.4

Jonatan Pålsson (10):
      README: Add meta-python to list of layer deps
      sssd: Add PACKAGECONFIG for python2
      sssd: Fix typo in PACKAGECONFIG. cyrpto -> crypto
      sssd: DEPEND on nss if nothing else is chosen
      sssd: Sort PACKAGECONFIG entries
      sssd: Add autofs PACKAGECONFIG
      sssd: Add sudo PACKAGECONFIG
      sssd: Add missing files to SYSTEMD_SERVICE
      sssd: Add missing DEPENDS on jansson
      sssd: Add infopipe PACKAGECONFIG

Kai Kang (1):
      sssd: fix for ldblibdir and systemd etc

Martin Jansa (1):
      layer.conf: update LAYERSERIES_COMPAT for dunfell

Mingli Yu (1):
      linux-yocto: update the bbappend to 5.x

Pierre-Jean Texier via Lists.Yoctoproject.Org (1):
      google-authenticator-libpam: upgrade 1.07 -> 1.08

Yi Zhao (5):
      samhain: fix build with new version attr
      scap-security-guide: fix xml parsing error when build remediation files
      scap-security-guide: pass the correct schema file path to openscap-native
      openscap-daemon: add missing runtime dependencies
      samhain-server: add volatile file for systemd

Change-Id: I3d4a4055cb9420e97d3eacf8436d9b048d34733f
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>

1 files changed, 92 insertions, 0 deletions

diff --git a/meta-security/meta-security-isafw/README.md b/meta-security/meta-security-isafw/README.md
new file mode 100644
index 000000000..16041cbff
--- /dev/null
+++ b/meta-security/meta-security-isafw/README.md
@@ -0,0 +1,92 @@
+**meta-security-isafw** is an OE layer that allows enabling the Image
+Security Analysis Framework (isafw) for your image builds. 
+
+The primary purpose of isafw is to provide an extensible 
+framework for analysing different security aspects of images 
+during the build process.
+
+The isafw project itself can be found at 
+    https://github.com/01org/isafw
+
+The framework supports a number of callbacks (such as 
+process_package(), process_filesystem(), and etc.) that are invoked 
+by the bitbake during different stages of package and image build. 
+These callbacks are then forwarded for processing to the avaliable 
+ISA FW plugins that have registered for these callbacks. 
+Plugins can do their own processing on each stage of the build 
+process and produce security reports. 
+
+Dependencies
+------------
+
+The **meta-security-isafw** layer depends on the Open Embeeded
+core layer:
+
+    git://git.openembedded.org/openembedded-core
+
+
+Usage
+-----
+
+In order to enable the isafw during the image build, please add 
+the following line to your build/conf/local.conf file:
+
+```python
+INHERIT += "isafw"
+```
+
+Next you need to update your build/conf/bblayers.conf file with the
+location of meta-security-isafw layer on your filesystem along with
+any other layers needed. e.g.:
+
+```python
+BBLAYERS ?= " \
+  /OE/oe-core/meta \
+  /OE/meta-security/meta-security-isafw \
+  "
+```
+ 
+Also, some isafw plugins require network connection, so in case of a
+proxy setup please make sure to export http_proxy variable into your 
+environment.
+
+In order to produce image reports, you can execute image build 
+normally. For example:
+
+```shell
+bitbake core-image-minimal
+```
+
+If you are only interested to produce a report based on packages 
+and without building an image, please use:
+
+```shell
+bitbake -c analyse_sources_all core-image-minimal
+```
+
+
+Logs
+----
+
+All isafw plugins by default create their logs under the 
+${LOG_DIR}/isafw-report/ directory, where ${LOG_DIR} is a bitbake 
+default location for log files. If you wish to change this location, 
+please define ISAFW_REPORTDIR variable in your local.conf file. 
+
+Patches
+-------
+end pull requests, patches, comments or questions to yocto@lists.yoctoproject.org
+
+When sending single patches, please using something like:
+'git send-email -1 --to yocto@lists.yoctoproject.org --subject-prefix=meta-security-isafw][PATCH'
+
+These values can be set as defaults for this repository:
+
+$ git config sendemail.to yocto@lists.yoctoproject.org
+$ git config format.subjectPrefix meta-security-isafw][PATCH
+
+Now you can just do 'git send-email origin/master' to send all local patches.
+
+For pull requests, please use create-pull-request and send-pull-request.
+
+Maintainers:    Armin Kuster <akuster808@gmail.com>