diff options
| author | Andrew Geissler <geissonator@yahoo.com> | 2021-06-25 22:23:58 +0300 |
|---|---|---|
| committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2021-06-28 15:35:59 +0300 |
| commit | a1a6aefba3ae965f2447b102663b2a6a40aa968a (patch) | |
| tree | d1f0aad8f6061d683c52c4dbe88940d454dd09bf /meta-security/recipes-core | |
| parent | a4353c83a2d230d0992feedbf462cc243ab37126 (diff) | |
| download | openbmc-a1a6aefba3ae965f2447b102663b2a6a40aa968a.tar.xz | |
meta-security: subtree update:ab239f1497..46f7e7acbe
Armin Kuster (18):
python3-scapy: update to 2.4.5
lkrg-module: update 0.9.1
packagegroup-core-security: exclude ossec-hids from musl
ossec-hids: musl not compatable
sssd: update to 2.5.0
busybox: drop as libsecomp is in core
linux-%_5.%.bbappend: drop recipe
initramfs-framework: fix YCL issue.
python3-scapy: drop , now in meta-python
packagegroup-core-security: drop python3-scapy
meta-hardening/initscripts: missed overide.
meta-security: add sanity check
meta-security/recipe-kernel: use sanity check
linux-yocto-dev: drop bbappend
meta-tpm: add layer sanity check
meta-tpm/linux-yocto: use sanity support
meta-integrity: add sanity check
meta-integrity/recipe-kernel: use sanity check
Federico Pellegrin (1):
aircrack-ng: update to 1.6
Kai Kang (2):
sssd: set pid path with /run
sssd: add fix-ldblibdir.patch back
Ricardo Salveti (1):
tpm2-tss: fix usrmerge udev install path
Robert P. J. Day (1):
Correct "securiyt" typo in maintainers.inc
Sekine Shigeki (1):
smack: add 3 cves to allowlist
Upgrade Helper (2):
clamav: upgrade to latest revision
opendnssec: upgrade 2.1.8 -> 2.1.9
Yi Zhao (1):
libgssglue: update SRC_URI
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I3bcabc218b240681d525111d16f963eb9b33c922
Diffstat (limited to 'meta-security/recipes-core')
6 files changed, 19 insertions, 23 deletions
diff --git a/meta-security/recipes-core/busybox/busybox/head.cfg b/meta-security/recipes-core/busybox/busybox/head.cfg deleted file mode 100644 index 16017ea48..000000000 --- a/meta-security/recipes-core/busybox/busybox/head.cfg +++ /dev/null @@ -1 +0,0 @@ -CONFIG_FEATURE_FANCY_HEAD=y diff --git a/meta-security/recipes-core/busybox/busybox_%.bbappend b/meta-security/recipes-core/busybox/busybox_%.bbappend deleted file mode 100644 index 27a24824d..000000000 --- a/meta-security/recipes-core/busybox/busybox_%.bbappend +++ /dev/null @@ -1 +0,0 @@ -require ${@bb.utils.contains('DISTRO_FEATURES', 'ptest', 'busybox_libsecomp.inc', '', d)} diff --git a/meta-security/recipes-core/busybox/busybox_libsecomp.inc b/meta-security/recipes-core/busybox/busybox_libsecomp.inc deleted file mode 100644 index 4af22ce3e..000000000 --- a/meta-security/recipes-core/busybox/busybox_libsecomp.inc +++ /dev/null @@ -1,3 +0,0 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/busybox:" - -SRC_URI_append = " file://head.cfg" diff --git a/meta-security/recipes-core/initrdscripts/initramfs-framework.inc b/meta-security/recipes-core/initrdscripts/initramfs-framework.inc new file mode 100644 index 000000000..dad9c967c --- /dev/null +++ b/meta-security/recipes-core/initrdscripts/initramfs-framework.inc @@ -0,0 +1,16 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" + +SRC_URI_append = "\ + file://dmverity \ +" + +do_install_append() { + # dm-verity + install ${WORKDIR}/dmverity ${D}/init.d/80-dmverity +} + +PACKAGES_append = " initramfs-module-dmverity" + +SUMMARY_initramfs-module-dmverity = "initramfs dm-verity rootfs support" +RDEPENDS_initramfs-module-dmverity = "${PN}-base" +FILES_initramfs-module-dmverity = "/init.d/80-dmverity" diff --git a/meta-security/recipes-core/initrdscripts/initramfs-framework_1.0.bbappend b/meta-security/recipes-core/initrdscripts/initramfs-framework_1.0.bbappend index dad9c967c..dc74e017f 100644 --- a/meta-security/recipes-core/initrdscripts/initramfs-framework_1.0.bbappend +++ b/meta-security/recipes-core/initrdscripts/initramfs-framework_1.0.bbappend @@ -1,16 +1 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" - -SRC_URI_append = "\ - file://dmverity \ -" - -do_install_append() { - # dm-verity - install ${WORKDIR}/dmverity ${D}/init.d/80-dmverity -} - -PACKAGES_append = " initramfs-module-dmverity" - -SUMMARY_initramfs-module-dmverity = "initramfs dm-verity rootfs support" -RDEPENDS_initramfs-module-dmverity = "${PN}-base" -FILES_initramfs-module-dmverity = "/init.d/80-dmverity" +require ${@bb.utils.contains('IMAGE_CLASSES', 'dm-verity', 'initramfs-framework.inc', '', d)} diff --git a/meta-security/recipes-core/packagegroup/packagegroup-core-security.bb b/meta-security/recipes-core/packagegroup/packagegroup-core-security.bb index d7349b080..e7b6d9bf3 100644 --- a/meta-security/recipes-core/packagegroup/packagegroup-core-security.bb +++ b/meta-security/recipes-core/packagegroup/packagegroup-core-security.bb @@ -37,7 +37,6 @@ RDEPENDS_packagegroup-security-utils = "\ pinentry \ python3-privacyidea \ python3-fail2ban \ - python3-scapy \ softhsm \ libest \ opendnssec \ @@ -74,6 +73,8 @@ RDEPENDS_packagegroup-security-ids = " \ aide \ " +RDEPENDS_packagegroup-security-ids_remove_libc-musl = "ossec-hids" + SUMMARY_packagegroup-security-mac = "Security Mandatory Access Control systems" RDEPENDS_packagegroup-security-mac = " \ ${@bb.utils.contains("DISTRO_FEATURES", "tomoyo", "ccs-tools", "",d)} \ @@ -87,7 +88,6 @@ RDEPENDS_packagegroup-meta-security-ptest-packages = "\ ptest-runner \ samhain-standalone-ptest \ libseccomp-ptest \ - python3-scapy-ptest \ suricata-ptest \ python3-fail2ban-ptest \ ${@bb.utils.contains("DISTRO_FEATURES", "smack", "smack-ptest", "",d)} \ |