diff options
Diffstat (limited to 'meta-security/recipes-security')
11 files changed, 70 insertions, 195 deletions
diff --git a/meta-security/recipes-security/clamav/clamav_0.99.4.bb b/meta-security/recipes-security/clamav/clamav_0.99.4.bb index 7d8767e2f..7f0433777 100644 --- a/meta-security/recipes-security/clamav/clamav_0.99.4.bb +++ b/meta-security/recipes-security/clamav/clamav_0.99.4.bb @@ -66,14 +66,12 @@ EXTRA_OECONF_class-native += "${EXTRA_OECONF_CLAMAV}" EXTRA_OECONF_class-target += "--with-user=${UID} --with-group=${GID} --disable-rpath ${EXTRA_OECONF_CLAMAV}" do_configure () { - cd ${S} - ./configure ${CONFIGUREOPTS} ${EXTRA_OECONF} + ${S}/configure ${CONFIGUREOPTS} ${EXTRA_OECONF} install -d ${S}/clamav_db } do_configure_class-native () { - cd ${S} - ./configure ${CONFIGUREOPTS} ${EXTRA_OECONF} + ${S}/configure ${CONFIGUREOPTS} ${EXTRA_OECONF} } diff --git a/meta-security/recipes-security/images/security-test-image.bb b/meta-security/recipes-security/images/security-test-image.bb new file mode 100644 index 000000000..c71d7267d --- /dev/null +++ b/meta-security/recipes-security/images/security-test-image.bb @@ -0,0 +1,33 @@ +DESCRIPTION = "A small image for testing meta-security packages" + +IMAGE_FEATURES += "ssh-server-openssh" + +TEST_SUITES = "ssh ping ptest apparmor clamav samhain sssd tripwire checksec smack suricata" + +INSTALL_CLAMAV_CVD = "1" + +IMAGE_INSTALL = "\ + packagegroup-base \ + packagegroup-core-boot \ + packagegroup-core-security-ptest \ + clamav \ + tripwire \ + checksec \ + suricata \ + samhain-standalone \ + ${@bb.utils.contains("DISTRO_FEATURES", "pam", "sssd", "",d)} \ + ${@bb.utils.contains("DISTRO_FEATURES", "apparmor", "apparmor", "",d)} \ + ${@bb.utils.contains("DISTRO_FEATURES", "smack", "smack-test", "",d)} \ + os-release \ + " + + +IMAGE_LINGUAS ?= " " + +LICENSE = "MIT" + +inherit core-image + +export IMAGE_BASENAME = "security-test-image" + +IMAGE_ROOTFS_EXTRA_SPACE = "5242880" diff --git a/meta-security/recipes-security/keyutils/files/fix_library_install_path.patch b/meta-security/recipes-security/keyutils/files/fix_library_install_path.patch deleted file mode 100644 index 938fe2eb5..000000000 --- a/meta-security/recipes-security/keyutils/files/fix_library_install_path.patch +++ /dev/null @@ -1,28 +0,0 @@ -From b0355cc205543ffd33752874295139d57c4fbc3e Mon Sep 17 00:00:00 2001 -From: Wenzong Fan <wenzong.fan@windriver.com> -Date: Tue, 26 Sep 2017 07:59:51 +0000 -Subject: [PATCH] Subject: [PATCH] keyutils: use relative path for link - -The absolute path of the symlink will be invalid -when populated in sysroot, so use relative path instead. - -Upstream-Status: Pending - -Signed-off-by: Jackie Huang <jackie.huang@windriver.com> -Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> -{rebased for 1.6] -Signed-off-by: Armin Kuster <akuster808@gmail.com> - -Index: keyutils-1.6/Makefile -=================================================================== ---- keyutils-1.6.orig/Makefile -+++ keyutils-1.6/Makefile -@@ -184,7 +184,7 @@ ifeq ($(NO_SOLIB),0) - $(INSTALL) -D $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(LIBNAME) - $(LNS) $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(SONAME) - mkdir -p $(DESTDIR)$(USRLIBDIR) -- $(LNS) $(LIBDIR)/$(SONAME) $(DESTDIR)$(USRLIBDIR)/$(DEVELLIB) -+ $(LNS) $(SONAME) $(DESTDIR)$(USRLIBDIR)/$(DEVELLIB) - sed \ - -e 's,@VERSION\@,$(VERSION),g' \ - -e 's,@prefix\@,$(PREFIX),g' \ diff --git a/meta-security/recipes-security/keyutils/files/keyutils-fix-error-report-by-adding-default-message.patch b/meta-security/recipes-security/keyutils/files/keyutils-fix-error-report-by-adding-default-message.patch deleted file mode 100644 index acd91c01c..000000000 --- a/meta-security/recipes-security/keyutils/files/keyutils-fix-error-report-by-adding-default-message.patch +++ /dev/null @@ -1,42 +0,0 @@ -fix keyutils test error report - -Upstream-Status: Pending - -"Permission denied" may be the reason of EKEYEXPIRED and EKEYREVOKED. -"Required key not available" may be the reason of EKEYREVOKED. -EXPIRED and REVOKED are 2 status of kernel security keys features. -But the userspace keyutils lib will output the error message, which may -have several reasons. - -Signed-off-by: Han Chao <chan@windriver.com> - -diff --git a/tests/toolbox.inc.sh b/tests/toolbox.inc.sh -index bbca00a..739e9d0 100644 ---- a/tests/toolbox.inc.sh -+++ b/tests/toolbox.inc.sh -@@ -227,11 +227,12 @@ function expect_error () - ;; - EKEYEXPIRED) - my_err="Key has expired" -- alt_err="Unknown error 127" -+ alt_err="Permission denied" - ;; - EKEYREVOKED) - my_err="Key has been revoked" -- alt_err="Unknown error 128" -+ alt_err="Permission denied" -+ alt2_err="Required key not available" - ;; - EKEYREJECTED) - my_err="Key has been rejected" -@@ -249,6 +250,9 @@ function expect_error () - elif [ "x$alt_err" != "x" ] && expr "$my_errmsg" : ".*: $alt_err" >&/dev/null - then - : -+ elif [ "x$alt2_err" != "x" ] && expr "$my_errmsg" : ".*: $alt2_err" >&/dev/null -+ then -+ : - elif [ "x$old_err" != "x" ] && expr "$my_errmsg" : ".*: $old_err" >&/dev/null - then - : - diff --git a/meta-security/recipes-security/keyutils/files/keyutils-test-fix-output-format.patch b/meta-security/recipes-security/keyutils/files/keyutils-test-fix-output-format.patch deleted file mode 100644 index a4ffd50ce..000000000 --- a/meta-security/recipes-security/keyutils/files/keyutils-test-fix-output-format.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 49b6321368e4bd3cd233d045cd09004ddd7968b2 Mon Sep 17 00:00:00 2001 -From: Jackie Huang <jackie.huang@windriver.com> -Date: Mon, 15 May 2017 14:52:00 +0800 -Subject: [PATCH] keyutils: fix output format - -keyutils ptest output format is incorrect, according to yocto -Development Manual -(http://www.yoctoproject.org/docs/latest/dev-manual/dev-manual.html#testing-packages-with-ptest) -5.10.6. Testing Packages With ptestThe test generates output in the format used by Automake: -<result>: <testname> -where the result can be PASS, FAIL, or SKIP, and the testname can be any -identifying string. -So we should change the test result format to match yocto ptest rules. - -Upstream-Status: Inappropriate [OE ptest specific] - -Signed-off-by: Li Wang <li.wang@windriver.com> -Signed-off-by: Jackie Huang <jackie.huang@windriver.com> ---- - tests/runtest.sh | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/tests/runtest.sh b/tests/runtest.sh -index b6eaa7c..84263fb 100644 ---- a/tests/runtest.sh -+++ b/tests/runtest.sh -@@ -21,6 +21,11 @@ for i in ${TESTS}; do - echo "### RUNNING TEST $i" - if [[ $AUTOMATED != 0 ]] ; then - bash ./runtest.sh -+ if [ $? != 0 ]; then -+ echo "FAIL: $i" -+ else -+ echo "PASS: $i" -+ fi - else - bash ./runtest.sh || exit 1 - fi --- -2.11.0 - diff --git a/meta-security/recipes-security/keyutils/files/run-ptest b/meta-security/recipes-security/keyutils/files/run-ptest deleted file mode 100755 index 305707f65..000000000 --- a/meta-security/recipes-security/keyutils/files/run-ptest +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh -export AUTOMATED=1 -make -C tests run diff --git a/meta-security/recipes-security/keyutils/keyutils_1.6.bb b/meta-security/recipes-security/keyutils/keyutils_1.6.bb deleted file mode 100644 index 4d3a96f29..000000000 --- a/meta-security/recipes-security/keyutils/keyutils_1.6.bb +++ /dev/null @@ -1,53 +0,0 @@ -SUMMARY = "Linux Key Management Utilities" -DESCRIPTION = "\ - Utilities to control the kernel key management facility and to provide \ - a mechanism by which the kernel call back to userspace to get a key \ - instantiated. \ - " -HOMEPAGE = "http://people.redhat.com/dhowells/keyutils" -SECTION = "base" - -LICENSE = "LGPLv2.1+ & GPLv2.0+" - -LIC_FILES_CHKSUM = "file://LICENCE.GPL;md5=5f6e72824f5da505c1f4a7197f004b45 \ - file://LICENCE.LGPL;md5=7d1cacaa3ea752b72ea5e525df54a21f" - -inherit siteinfo autotools-brokensep ptest - -SRC_URI = "http://people.redhat.com/dhowells/keyutils/${BP}.tar.bz2 \ - file://keyutils-test-fix-output-format.patch \ - file://keyutils-fix-error-report-by-adding-default-message.patch \ - file://run-ptest \ - file://fix_library_install_path.patch \ - " - -SRC_URI[md5sum] = "191987b0ab46bb5b50efd70a6e6ce808" -SRC_URI[sha256sum] = "d3aef20cec0005c0fa6b4be40079885567473185b1a57b629b030e67942c7115" - -EXTRA_OEMAKE = "'CFLAGS=${CFLAGS} -Wall' \ - NO_ARLIB=1 \ - BINDIR=${base_bindir} \ - SBINDIR=${base_sbindir} \ - LIBDIR=${libdir} \ - USRLIBDIR=${libdir} \ - INCLUDEDIR=${includedir} \ - BUILDFOR=${SITEINFO_BITS}-bit \ - NO_GLIBC_KEYERR=1 \ - " - -do_install () { - install -d ${D}/${libdir}/pkgconfig - oe_runmake DESTDIR=${D} install -} - -do_install_ptest () { - cp -r ${S}/tests ${D}${PTEST_PATH}/ - sed -i -e 's/OSDIST=Unknown/OSDIST=${DISTRO}/' ${D}${PTEST_PATH}/tests/prepare.inc.sh -} - - -RDEPENDS_${PN}-ptest += "lsb" -RDEPENDS_${PN}-ptest_append_libc-glibc = " glibc-utils" -RDEPENDS_${PN}-ptest_append_libc-musl = " musl-utils" - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta-security/recipes-security/libmspack/libmspack_0.10.1.bb b/meta-security/recipes-security/libmspack/libmspack_1.9.1.bb index b46159f20..8c288beeb 100644 --- a/meta-security/recipes-security/libmspack/libmspack_0.10.1.bb +++ b/meta-security/recipes-security/libmspack/libmspack_1.9.1.bb @@ -6,11 +6,11 @@ DEPENDS = "" LIC_FILES_CHKSUM = "file://COPYING.LIB;beginline=1;endline=2;md5=5b1fd1f66ef926b3c8a5bb00a72a28dd" -SRC_URI = "${DEBIAN_MIRROR}/main/libm/${BPN}/${BPN}_${PV}.orig.tar.xz" - -SRC_URI[md5sum] = "d894d91eba4d2c6f76695fc9566d5387" -SRC_URI[sha256sum] = "850c57442b850bf1bc0fc4ea8880903ebf2bed063c3c80782ee4626fbcb0e67d" +SRCREV = "63d3faf90423a4a6c174539a7d32111a840adadc" +SRC_URI = "git://github.com/kyz/libmspack.git" inherit autotools -S = "${WORKDIR}/${BP}alpha" +S = "${WORKDIR}/git/${BPN}" + +inherit autotools diff --git a/meta-security/recipes-security/packagegroup/packagegroup-core-security-ptest.bb b/meta-security/recipes-security/packagegroup/packagegroup-core-security-ptest.bb new file mode 100644 index 000000000..493488918 --- /dev/null +++ b/meta-security/recipes-security/packagegroup/packagegroup-core-security-ptest.bb @@ -0,0 +1,25 @@ +DESCRIPTION = "Security ptest packagegroup" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302 \ + file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" + +PACKAGES = "\ + ${PN} \ + " + +ALLOW_EMPTY_${PN} = "1" + +SUMMARY_${PN} = "Security packages with ptests" +RDEPENDS_${PN} = " \ + ptest-runner \ + samhain-standalone-ptest \ + xmlsec1-ptest \ + keyutils-ptest \ + libseccomp-ptest \ + python-scapy-ptest \ + suricata-ptest \ + tripwire-ptest \ + python-fail2ban-ptest \ + ${@bb.utils.contains("DISTRO_FEATURES", "apparmor", "apparmor-ptest", "",d)} \ + ${@bb.utils.contains("DISTRO_FEATURES", "smack", "smack-ptest", "",d)} \ + " diff --git a/meta-security/recipes-security/packagegroup/packagegroup-core-security.bb b/meta-security/recipes-security/packagegroup/packagegroup-core-security.bb index b8ab27df1..9165eef9f 100644 --- a/meta-security/recipes-security/packagegroup/packagegroup-core-security.bb +++ b/meta-security/recipes-security/packagegroup/packagegroup-core-security.bb @@ -12,7 +12,6 @@ PACKAGES = "\ packagegroup-security-ids \ packagegroup-security-mac \ ${@bb.utils.contains("MACHINE_FEATURES", "tpm", "packagegroup-security-tpm", "",d)} \ - ${@bb.utils.contains("DISTRO_FEATURES", "ptest", "packagegroup-security-ptest", "", d)} \ " RDEPENDS_packagegroup-core-security = "\ @@ -21,7 +20,6 @@ RDEPENDS_packagegroup-core-security = "\ packagegroup-security-ids \ packagegroup-security-mac \ ${@bb.utils.contains("MACHINE_FEATURES", "tpm", "packagegroup-security-tpm", "",d)} \ - ${@bb.utils.contains("DISTRO_FEATURES", "ptest", "packagegroup-security-ptest", "", d)} \ " SUMMARY_packagegroup-security-utils = "Security utilities" @@ -34,6 +32,7 @@ RDEPENDS_packagegroup-security-utils = "\ xmlsec1 \ keyutils \ libseccomp \ + ${@bb.utils.contains("DISTRO_FEATURES", "pam", "sssd", "",d)} \ ${@bb.utils.contains("DISTRO_FEATURES", "pax", "pax-utils", "",d)} \ " @@ -42,6 +41,8 @@ RDEPENDS_packagegroup-security-scanners = "\ nikto \ checksecurity \ clamav \ + clamav-freshclam \ + clamav-cvd \ " SUMMARY_packagegroup-security-audit = "Security Audit tools " @@ -68,18 +69,3 @@ RDEPENDS_packagegroup-security-mac = " \ ${@bb.utils.contains("DISTRO_FEATURES", "apparmor", "apparmor", "",d)} \ ${@bb.utils.contains("DISTRO_FEATURES", "smack", "smack", "",d)} \ " - -SUMMARY_packagegroup-security-ptest = "Security packages with ptests" -RDEPENDS_packagegroup-security-ptest = " \ - samhain-standalone-ptest \ - xmlsec1-ptest \ - keyutils-ptest \ - libseccomp-ptest \ - python-scapy-ptest \ - suricata-ptest \ - tripwire-ptest \ - python-fail2ban-ptest \ - ${@bb.utils.contains("DISTRO_FEATURES", "apparmor", "apparmor-ptest", "",d)} \ - ${@bb.utils.contains("DISTRO_FEATURES", "smack", "smack-ptest", "",d)} \ - ptest-runner \ - " diff --git a/meta-security/recipes-security/xmlsec1/xmlsec1_1.2.27.bb b/meta-security/recipes-security/xmlsec1/xmlsec1_1.2.28.bb index eac8d6bd4..0a4c56aa0 100644 --- a/meta-security/recipes-security/xmlsec1/xmlsec1_1.2.27.bb +++ b/meta-security/recipes-security/xmlsec1/xmlsec1_1.2.28.bb @@ -20,8 +20,8 @@ SRC_URI = "http://www.aleksey.com/xmlsec/download/${BP}.tar.gz \ file://run-ptest \ " -SRC_URI[md5sum] = "508bee7e4f1b99f2d50aaa7d38ede56e" -SRC_URI[sha256sum] = "97d756bad8e92588e6997d2227797eaa900d05e34a426829b149f65d87118eb6" +SRC_URI[md5sum] = "69b8d95c009a404462e19f335e650241" +SRC_URI[sha256sum] = "13eec4811ea30e3f0e16a734d1dbf7f9d246a71d540b48d143a07b489f6222d4" inherit autotools-brokensep ptest pkgconfig |