diff options
Diffstat (limited to 'meta-openbmc-mods/meta-common/recipes-core')
10 files changed, 39 insertions, 45 deletions
diff --git a/meta-openbmc-mods/meta-common/recipes-core/at-scale-debug/at-scale-debug_git.bb b/meta-openbmc-mods/meta-common/recipes-core/at-scale-debug/at-scale-debug_git.bb index 112e77b6a..6e3e0c4de 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/at-scale-debug/at-scale-debug_git.bb +++ b/meta-openbmc-mods/meta-common/recipes-core/at-scale-debug/at-scale-debug_git.bb @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=0d1c657b2ba1e8877940a8d1614ec560" inherit cmake -DEPENDS = "sdbusplus openssl libpam libgpiod" +DEPENDS = "sdbusplus openssl libpam libgpiod safec" do_configure[depends] += "virtual/kernel:do_shared_workdir" diff --git a/meta-openbmc-mods/meta-common/recipes-core/host-error-monitor/host-error-monitor_%.bbappend b/meta-openbmc-mods/meta-common/recipes-core/host-error-monitor/host-error-monitor_%.bbappend new file mode 100644 index 000000000..81462b2d3 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/host-error-monitor/host-error-monitor_%.bbappend @@ -0,0 +1,3 @@ +# Enable downstream autobump +SRC_URI = "git://github.com/openbmc/host-error-monitor" +SRCREV = "53099c49b89c22cfe09c7217679ae1fb20e019eb" diff --git a/meta-openbmc-mods/meta-common/recipes-core/host-error-monitor/host-error-monitor_git.bb b/meta-openbmc-mods/meta-common/recipes-core/host-error-monitor/host-error-monitor_git.bb deleted file mode 100644 index 7e08c9393..000000000 --- a/meta-openbmc-mods/meta-common/recipes-core/host-error-monitor/host-error-monitor_git.bb +++ /dev/null @@ -1,22 +0,0 @@ -LICENSE = "Apache-2.0" -LIC_FILES_CHKSUM = "file://${INTELBASE}/COPYING.apache-2.0;md5=34400b68072d710fecd0a2940a0d1658" -inherit cmake systemd - -SRC_URI = "git://github.com/Intel-BMC/host-error-monitor.git;protocol=ssh" - -DEPENDS = "boost sdbusplus libgpiod libpeci" - -PV = "0.1+git${SRCPV}" -SRCREV = "77722dd390351ce2b3877af13e1a0698a86386c1" - -S = "${WORKDIR}/git" - -SYSTEMD_SERVICE_${PN} += "xyz.openbmc_project.HostErrorMonitor.service" -SECURITY_CFLAGS_pn-host-error-monitor = "${SECURITY_NOPIE_CFLAGS}" - -# linux-libc-headers guides this way to include custom uapi headers -CFLAGS_append = " -I ${STAGING_KERNEL_DIR}/include/uapi" -CFLAGS_append = " -I ${STAGING_KERNEL_DIR}/include" -CXXFLAGS_append = " -I ${STAGING_KERNEL_DIR}/include/uapi" -CXXFLAGS_append = " -I ${STAGING_KERNEL_DIR}/include" -do_configure[depends] += "virtual/kernel:do_shared_workdir" diff --git a/meta-openbmc-mods/meta-common/recipes-core/interfaces/libmctp_git.bb b/meta-openbmc-mods/meta-common/recipes-core/interfaces/libmctp_git.bb index 085c87e23..edbcce6f3 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/interfaces/libmctp_git.bb +++ b/meta-openbmc-mods/meta-common/recipes-core/interfaces/libmctp_git.bb @@ -2,7 +2,7 @@ SUMMARY = "libmctp" DESCRIPTION = "Implementation of MCTP (DTMF DSP0236)" SRC_URI = "git://github.com/openbmc/libmctp.git" -SRCREV = "7b08721ecee81c2eccf642fc6359aab7e36c37be" +SRCREV = "6a18582ba2f47f677846dc68f608effc60bbb9e7" PV = "0.1+git${SRCPV}" diff --git a/meta-openbmc-mods/meta-common/recipes-core/ipmi/intel-ipmi-oem_%.bbappend b/meta-openbmc-mods/meta-common/recipes-core/ipmi/intel-ipmi-oem_%.bbappend index deed05704..16ee0b625 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/ipmi/intel-ipmi-oem_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-core/ipmi/intel-ipmi-oem_%.bbappend @@ -2,4 +2,4 @@ EXTRA_OECMAKE += "${@bb.utils.contains('IMAGE_FSTYPES', 'intel-pfr', '-DINTEL_PF EXTRA_OECMAKE += "${@bb.utils.contains('EXTRA_IMAGE_FEATURES', 'validation-unsecure', '-DBMC_VALIDATION_UNSECURE_FEATURE=ON', '', d)}" EXTRA_OECMAKE += "-DUSING_ENTITY_MANAGER_DECORATORS=OFF" SRC_URI = "git://github.com/openbmc/intel-ipmi-oem.git" -SRCREV = "8709fbb3a396bdef42b2466011bb71fa2bcadfc0" +SRCREV = "2b664d5a185247f0448c763ba7d0e42cfc245024" diff --git a/meta-openbmc-mods/meta-common/recipes-core/libpeci/libpeci_%.bbappend b/meta-openbmc-mods/meta-common/recipes-core/libpeci/libpeci_%.bbappend new file mode 100644 index 000000000..fd56781d7 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/libpeci/libpeci_%.bbappend @@ -0,0 +1,3 @@ +# Enable downstream autobump +SRC_URI = "git://github.com/openbmc/libpeci" +SRCREV = "7ef5a55777bb4d0c403a4eca98c487fa4e9c7bd1" diff --git a/meta-openbmc-mods/meta-common/recipes-core/libpeci/libpeci_git.bb b/meta-openbmc-mods/meta-common/recipes-core/libpeci/libpeci_git.bb deleted file mode 100644 index 5a49156da..000000000 --- a/meta-openbmc-mods/meta-common/recipes-core/libpeci/libpeci_git.bb +++ /dev/null @@ -1,17 +0,0 @@ -LICENSE = "Apache-2.0" -LIC_FILES_CHKSUM = "file://${INTELBASE}/COPYING.apache-2.0;md5=34400b68072d710fecd0a2940a0d1658" -inherit cmake - -SRC_URI = "git://github.com/Intel-BMC/provingground.git;protocol=ssh" - -PV = "0.1+git${SRCPV}" -SRCREV = "bee56d62b209088454d166d1efae4825a2b175df" - -S = "${WORKDIR}/git/libpeci" - -# linux-libc-headers guides this way to include custom uapi headers -CFLAGS_append = " -I ${STAGING_KERNEL_DIR}/include/uapi" -CFLAGS_append = " -I ${STAGING_KERNEL_DIR}/include" -CXXFLAGS_append = " -I ${STAGING_KERNEL_DIR}/include/uapi" -CXXFLAGS_append = " -I ${STAGING_KERNEL_DIR}/include" -do_configure[depends] += "virtual/kernel:do_shared_workdir" diff --git a/meta-openbmc-mods/meta-common/recipes-core/security-registers-check/security-registers-check.bb b/meta-openbmc-mods/meta-common/recipes-core/security-registers-check/security-registers-check.bb index 29f8e4986..cfea1a910 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/security-registers-check/security-registers-check.bb +++ b/meta-openbmc-mods/meta-common/recipes-core/security-registers-check/security-registers-check.bb @@ -18,9 +18,9 @@ FILES_${PN} += "${systemd_system_unitdir}/security-registers-check.service" do_install() { install -d ${D}${systemd_system_unitdir} - install -m 0777 ${WORKDIR}/security-registers-check.service ${D}${systemd_system_unitdir} + install -m 0644 ${WORKDIR}/security-registers-check.service ${D}${systemd_system_unitdir} install -d ${D}${bindir} - install -m 0777 ${S}/security-registers-check.sh ${D}/${bindir}/security-registers-check.sh + install -m 0755 ${S}/security-registers-check.sh ${D}/${bindir}/security-registers-check.sh } -SYSTEMD_SERVICE_${PN} += " security-registers-check.service"
\ No newline at end of file +SYSTEMD_SERVICE_${PN} += " security-registers-check.service" diff --git a/meta-openbmc-mods/meta-common/recipes-core/systemd/systemd/0002-Disable-LLMNR-port-5355.patch b/meta-openbmc-mods/meta-common/recipes-core/systemd/systemd/0002-Disable-LLMNR-port-5355.patch new file mode 100644 index 000000000..8b978e4fb --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/systemd/systemd/0002-Disable-LLMNR-port-5355.patch @@ -0,0 +1,26 @@ +From 9fb05323291ccdfbf19ac0d9428e366d6023b408 Mon Sep 17 00:00:00 2001 +From: Karthick Sundarrajan <karthick.sundarrajan@intel.com> +Date: Fri, 3 Apr 2020 10:23:41 -0700 +Subject: [PATCH] Disable LLMNR (port 5355) + +As part of OS hardening process, the port has to be +disabled. + +Signed-off-by: Karthick Sundarrajan <karthick.sundarrajan@intel.com> +--- + src/resolve/resolved.conf.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/resolve/resolved.conf.in b/src/resolve/resolved.conf.in +index 6898c78..a9125fd 100644 +--- a/src/resolve/resolved.conf.in ++++ b/src/resolve/resolved.conf.in +@@ -15,7 +15,7 @@ + #DNS= + #FallbackDNS=@DNS_SERVERS@ + #Domains= +-#LLMNR=yes ++LLMNR=no + #MulticastDNS=yes + #DNSSEC=@DEFAULT_DNSSEC_MODE@ + #DNSOverTLS=@DEFAULT_DNS_OVER_TLS_MODE@ diff --git a/meta-openbmc-mods/meta-common/recipes-core/systemd/systemd_%.bbappend b/meta-openbmc-mods/meta-common/recipes-core/systemd/systemd_%.bbappend index d80714589..17f423dc3 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/systemd/systemd_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-core/systemd/systemd_%.bbappend @@ -5,6 +5,7 @@ LICENSE = "GPL-2.0" FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" SRC_URI += "file://0001-Modfiy-system.conf-DefaultTimeoutStopSec.patch \ + file://0002-Disable-LLMNR-port-5355.patch \ file://systemd-time-wait-sync.service \ " |