meta-security: subtree update:547f552c85..066a04425c

Armin Kuster (9):
      python3-oauth2client: add recipe
      python3-privacyidea: adding initial support for mfa
      strongswan: add bbappends for tpm changes
      layer.conf: add dynamic-layer for strongswan
      strongswan: Add bbappends for ima changes
      meta-integrity: add dynamic-layer for strongswan
      add gitlab framework and qemu machine
      kas: add ima, tpm and tpm2 build configs
      drop ci-build: it is hiding errors

Jeremy Puhlman (2):
      cryptsetup-tpm-incubator: RPROVIDES cryptsetup and cryptsetup-dev
      packagegroup-security-tpm2: Depend on preferred provider for cryptsetup

Zheng Ruoqin (2):
      ccs-tools:Fix build error when enable multilib.
      bastille: Deleted redundant inherit to fix error when enable multilib.

Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I023e45c8080c3d423cd25cc656da5c1f527295e5

6 files changed, 62 insertions, 1 deletions

diff --git a/meta-security/meta-tpm/conf/layer.conf b/meta-security/meta-tpm/conf/layer.conf
index c3372c707..46d0279cc 100644
--- a/meta-security/meta-tpm/conf/layer.conf
+++ b/meta-security/meta-tpm/conf/layer.conf
@@ -15,3 +15,7 @@ LAYERDEPENDS_tpm-layer = " \
     openembedded-layer \
 "
 BBLAYERS_LAYERINDEX_NAME_tpm-layer = "meta-tpm"
+
+BBFILES_DYNAMIC += " \
+networking-layer:${LAYERDIR}/dynamic-layers/meta-networking/recipes-*/*/*.bbappend \
+"
diff --git a/meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/files/0001-xfrmi-Only-build-if-libcharon-is-built.patch b/meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/files/0001-xfrmi-Only-build-if-libcharon-is-built.patch
new file mode 100644
index 000000000..825028222
--- /dev/null
+++ b/meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/files/0001-xfrmi-Only-build-if-libcharon-is-built.patch
@@ -0,0 +1,38 @@
+From db772305c6baa01f6c6750be74733e4bfc1d6106 Mon Sep 17 00:00:00 2001
+From: Tobias Brunner <tobias@strongswan.org>
+Date: Tue, 14 Apr 2020 10:44:19 +0200
+Subject: [PATCH] xfrmi: Only build if libcharon is built
+
+The kernel-netlink plugin is only built if libcharon is.
+
+Closes strongswan/strongswan#167.
+
+Upstream-Status: Backport
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+---
+ src/Makefile.am | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+Index: strongswan-5.8.4/src/Makefile.am
+===================================================================
+--- strongswan-5.8.4.orig/src/Makefile.am
++++ strongswan-5.8.4/src/Makefile.am
+@@ -42,6 +42,9 @@ endif
+ 
+ if USE_LIBCHARON
+   SUBDIRS += libcharon
++if USE_KERNEL_NETLINK
++  SUBDIRS += xfrmi
++endif
+ endif
+ 
+ if USE_FILE_CONFIG
+@@ -143,7 +146,3 @@ endif
+ if USE_TPM
+   SUBDIRS += tpm_extendpcr
+ endif
+-
+-if USE_KERNEL_NETLINK
+-  SUBDIRS += xfrmi
+-endif
diff --git a/meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-tpm.inc b/meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-tpm.inc
new file mode 100644
index 000000000..d8604e116
--- /dev/null
+++ b/meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-tpm.inc
@@ -0,0 +1,12 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+
+DEPENDS = "libtspi"
+
+SRC_URI_append = " file://0001-xfrmi-Only-build-if-libcharon-is-built.patch"
+
+PACKAGECONFIG += "aikgen tpm"
+
+PACKAGECONFIG[tpm] = "--enable-tpm,--disable-tpm,,"
+PACKAGECONFIG[aikgen] = "--enable-aikgen,--disable-aikgen,,"
+
+EXTRA_OECONF += "--with-linux-headers=${STAGING_KERNEL_DIR}"
diff --git a/meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan_5.%.bbappend b/meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan_5.%.bbappend
new file mode 100644
index 000000000..34757bb47
--- /dev/null
+++ b/meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan_5.%.bbappend
@@ -0,0 +1 @@
+require ${@bb.utils.contains('DISTRO_FEATURES', 'tpm', 'strongswan-tpm.inc', '', d)}
diff --git a/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb b/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb
index 8f5c537b9..a553a63d8 100644
--- a/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb
+++ b/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb
@@ -7,6 +7,7 @@ inherit packagegroup
 
 PACKAGES = "${PN}"
 
+PREFERRED_PROVIDER_cryptsetup ?= "cryptsetup-tpm-incubator"
 SUMMARY_packagegroup-security-tpm2 = "Security TPM 2.0 support"
 RDEPENDS_packagegroup-security-tpm2 = " \
     tpm2-tools \
@@ -19,5 +20,5 @@ RDEPENDS_packagegroup-security-tpm2 = " \
     tpm2-abrmd \
     tpm2-pkcs11 \
     ibmswtpm2 \
-    cryptsetup-tpm-incubator \
+    ${PREFERRED_PROVIDER_cryptsetup} \
     "
diff --git a/meta-security/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/cryptsetup-tpm-incubator_0.9.9.bb b/meta-security/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/cryptsetup-tpm-incubator_0.9.9.bb
index b706d1505..261716235 100644
--- a/meta-security/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/cryptsetup-tpm-incubator_0.9.9.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/cryptsetup-tpm-incubator_0.9.9.bb
@@ -36,7 +36,12 @@ FILES_${PN} += "${libdir}/tmpfiles.d"
 RDEPENDS_${PN} += "lvm2 libdevmapper"
 RRECOMMENDS_${PN} += "lvm2-udevrules"
 
+RPROVIDES_${PN} = "cryptsetup"
 RREPLACES_${PN} = "cryptsetup"
 RCONFLICTS_${PN}  ="cryptsetup"
 
+RPROVIDES_${PN}-dev = "cryptsetup-dev"
+RREPLACES_${PN}-dev = "cryptsetup-dev"
+RCONFLICTS_${PN}-dev  ="cryptsetup-dev"
+
 BBCLASSEXTEND = "native nativesdk"