meta-security: subtree update:547f552c85..066a04425c

Armin Kuster (9):
      python3-oauth2client: add recipe
      python3-privacyidea: adding initial support for mfa
      strongswan: add bbappends for tpm changes
      layer.conf: add dynamic-layer for strongswan
      strongswan: Add bbappends for ima changes
      meta-integrity: add dynamic-layer for strongswan
      add gitlab framework and qemu machine
      kas: add ima, tpm and tpm2 build configs
      drop ci-build: it is hiding errors

Jeremy Puhlman (2):
      cryptsetup-tpm-incubator: RPROVIDES cryptsetup and cryptsetup-dev
      packagegroup-security-tpm2: Depend on preferred provider for cryptsetup

Zheng Ruoqin (2):
      ccs-tools:Fix build error when enable multilib.
      bastille: Deleted redundant inherit to fix error when enable multilib.

Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I023e45c8080c3d423cd25cc656da5c1f527295e5

3 files changed, 51 insertions, 0 deletions

diff --git a/meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/files/0001-xfrmi-Only-build-if-libcharon-is-built.patch b/meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/files/0001-xfrmi-Only-build-if-libcharon-is-built.patch
new file mode 100644
index 000000000..825028222
--- /dev/null
+++ b/meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/files/0001-xfrmi-Only-build-if-libcharon-is-built.patch
@@ -0,0 +1,38 @@
+From db772305c6baa01f6c6750be74733e4bfc1d6106 Mon Sep 17 00:00:00 2001
+From: Tobias Brunner <tobias@strongswan.org>
+Date: Tue, 14 Apr 2020 10:44:19 +0200
+Subject: [PATCH] xfrmi: Only build if libcharon is built
+
+The kernel-netlink plugin is only built if libcharon is.
+
+Closes strongswan/strongswan#167.
+
+Upstream-Status: Backport
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+---
+ src/Makefile.am | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+Index: strongswan-5.8.4/src/Makefile.am
+===================================================================
+--- strongswan-5.8.4.orig/src/Makefile.am
++++ strongswan-5.8.4/src/Makefile.am
+@@ -42,6 +42,9 @@ endif
+ 
+ if USE_LIBCHARON
+   SUBDIRS += libcharon
++if USE_KERNEL_NETLINK
++  SUBDIRS += xfrmi
++endif
+ endif
+ 
+ if USE_FILE_CONFIG
+@@ -143,7 +146,3 @@ endif
+ if USE_TPM
+   SUBDIRS += tpm_extendpcr
+ endif
+-
+-if USE_KERNEL_NETLINK
+-  SUBDIRS += xfrmi
+-endif
diff --git a/meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-tpm.inc b/meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-tpm.inc
new file mode 100644
index 000000000..d8604e116
--- /dev/null
+++ b/meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-tpm.inc
@@ -0,0 +1,12 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+
+DEPENDS = "libtspi"
+
+SRC_URI_append = " file://0001-xfrmi-Only-build-if-libcharon-is-built.patch"
+
+PACKAGECONFIG += "aikgen tpm"
+
+PACKAGECONFIG[tpm] = "--enable-tpm,--disable-tpm,,"
+PACKAGECONFIG[aikgen] = "--enable-aikgen,--disable-aikgen,,"
+
+EXTRA_OECONF += "--with-linux-headers=${STAGING_KERNEL_DIR}"
diff --git a/meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan_5.%.bbappend b/meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan_5.%.bbappend
new file mode 100644
index 000000000..34757bb47
--- /dev/null
+++ b/meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan_5.%.bbappend
@@ -0,0 +1 @@
+require ${@bb.utils.contains('DISTRO_FEATURES', 'tpm', 'strongswan-tpm.inc', '', d)}