diff options
Diffstat (limited to 'meta-security')
12 files changed, 63 insertions, 17 deletions
diff --git a/meta-security/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/cryptsetup-tpm-incubator_0.9.9.bb b/meta-security/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/cryptsetup-tpm-incubator_0.9.9.bb index 8385c9403..b706d1505 100644 --- a/meta-security/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/cryptsetup-tpm-incubator_0.9.9.bb +++ b/meta-security/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/cryptsetup-tpm-incubator_0.9.9.bb @@ -32,6 +32,7 @@ RRECOMMENDS_${PN} = "kernel-module-aes-generic \ kernel-module-xts \ " +FILES_${PN} += "${libdir}/tmpfiles.d" RDEPENDS_${PN} += "lvm2 libdevmapper" RRECOMMENDS_${PN} += "lvm2-udevrules" diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.3.1.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.3.1.bb index 3e77f71d2..dfdf73424 100644 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.3.1.bb +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.3.1.bb @@ -17,6 +17,8 @@ S = "${WORKDIR}/git" PACKAGECONFIG ??= "" PACKAGECONFIG[oxygen] = ",--disable-doxygen-doc, " +EXTRA_OECONF += "--with-udevrulesdir=${base_prefix}/lib/udev/rules.d/" + do_configure_prepend () { ./bootstrap } @@ -74,6 +76,6 @@ FILES_libtss2-dev = " \ ${libdir}/libtss2*so" FILES_libtss2-staticdev = "${libdir}/libtss*a" -FILES_${PN} = "${libdir}/udev" +FILES_${PN} = "${libdir}/udev ${base_prefix}/lib/udev" RDEPENDS_libtss2 = "libgcrypt" diff --git a/meta-security/recipes-ids/suricata/files/tmpfiles.suricata b/meta-security/recipes-ids/suricata/files/tmpfiles.suricata new file mode 100644 index 000000000..fbf37848e --- /dev/null +++ b/meta-security/recipes-ids/suricata/files/tmpfiles.suricata @@ -0,0 +1,2 @@ +#Type Path Mode UID GID Age Argument +d /var/log/suricata 0755 root root diff --git a/meta-security/recipes-ids/suricata/suricata_4.1.5.bb b/meta-security/recipes-ids/suricata/suricata_4.1.5.bb index e15a9a337..b2700d63f 100644 --- a/meta-security/recipes-ids/suricata/suricata_4.1.5.bb +++ b/meta-security/recipes-ids/suricata/suricata_4.1.5.bb @@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;beginline=1;endline=2;md5=c70d8d3310941dcdfcd SRC_URI += " \ file://volatiles.03_suricata \ + file://tmpfiles.suricata \ file://suricata.yaml \ file://suricata.service \ file://run-ptest \ @@ -59,14 +60,19 @@ do_install_append () { install -m 0644 ${S}/threshold.config ${D}${sysconfdir}/suricata - install -d ${D}${systemd_unitdir}/system - sed -e s:/etc:${sysconfdir}:g \ - -e s:/var/run:/run:g \ - -e s:/var:${localstatedir}:g \ - -e s:/usr/bin:${bindir}:g \ - -e s:/bin/kill:${base_bindir}/kill:g \ - -e s:/usr/lib:${libdir}:g \ - ${WORKDIR}/suricata.service > ${D}${systemd_unitdir}/system/suricata.service + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + install -d ${D}${sysconfdir}/tmpfiles.d + install -m 0644 ${WORKDIR}/tmpfiles.suricata ${D}${sysconfdir}/tmpfiles.d/suricata.conf + + install -d ${D}${systemd_unitdir}/system + sed -e s:/etc:${sysconfdir}:g \ + -e s:/var/run:/run:g \ + -e s:/var:${localstatedir}:g \ + -e s:/usr/bin:${bindir}:g \ + -e s:/bin/kill:${base_bindir}/kill:g \ + -e s:/usr/lib:${libdir}:g \ + ${WORKDIR}/suricata.service > ${D}${systemd_unitdir}/system/suricata.service + fi # Remove /var/run as it is created on startup rm -rf ${D}${localstatedir}/run @@ -74,7 +80,9 @@ do_install_append () { } pkg_postinst_ontarget_${PN} () { -if [ -e /etc/init.d/populate-volatile.sh ] ; then +if command -v systemd-tmpfiles >/dev/null; then + systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/suricata.conf +elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then ${sysconfdir}/init.d/populate-volatile.sh update fi } @@ -82,7 +90,7 @@ fi SYSTEMD_PACKAGES = "${PN}" PACKAGES =+ "${PN}-socketcontrol" -FILES_${PN} += "${systemd_unitdir}" +FILES_${PN} += "${systemd_unitdir} ${sysconfdir}/tmpfiles.d" FILES_${PN}-socketcontrol = "${bindir}/suricatasc ${PYTHON_SITEPACKAGES_DIR}" CONFFILES_${PN} = "${sysconfdir}/suricata/suricata.yaml" diff --git a/meta-security/recipes-mac/ccs-tools/ccs-tools_1.8.4.bb b/meta-security/recipes-mac/ccs-tools/ccs-tools_1.8.4.bb index 189504a55..2e37c0b3c 100644 --- a/meta-security/recipes-mac/ccs-tools/ccs-tools_1.8.4.bb +++ b/meta-security/recipes-mac/ccs-tools/ccs-tools_1.8.4.bb @@ -15,7 +15,7 @@ SRC_URI[sha256sum] = "c358b80a2ea77a9dda79dc2a056dae3acaf3a72fcb8481cfb1cd1f1674 S = "${WORKDIR}/${PN}" -inherit distro_features_check +inherit features_check do_make(){ oe_runmake USRLIBDIR=${libdir} all diff --git a/meta-security/recipes-security/checksecurity/checksecurity_2.0.15.bb b/meta-security/recipes-security/checksecurity/checksecurity_2.0.15.bb index a9616911b..030bf2515 100644 --- a/meta-security/recipes-security/checksecurity/checksecurity_2.0.15.bb +++ b/meta-security/recipes-security/checksecurity/checksecurity_2.0.15.bb @@ -5,7 +5,8 @@ LICENSE = "GPL-2.0" LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6" SRC_URI = "http://ftp.de.debian.org/debian/pool/main/c/checksecurity/checksecurity_${PV}.tar.gz \ - file://setuid-log-folder.patch" + file://setuid-log-folder.patch \ + file://check-setuid-use-more-portable-find-args.patch" SRC_URI[md5sum] = "a30161c3e24d3be710b2fd13fcd1f32f" SRC_URI[sha256sum] = "67abe3d6391c96146e96f376d3fd6eb7a9418b0f7fe205b465219889791dba32" diff --git a/meta-security/recipes-security/checksecurity/files/check-setuid-use-more-portable-find-args.patch b/meta-security/recipes-security/checksecurity/files/check-setuid-use-more-portable-find-args.patch new file mode 100644 index 000000000..f1fe8edce --- /dev/null +++ b/meta-security/recipes-security/checksecurity/files/check-setuid-use-more-portable-find-args.patch @@ -0,0 +1,23 @@ +From f3073b8e06a607677d47ad9a19533b2e33408a4f Mon Sep 17 00:00:00 2001 +From: Christopher Larson <chris_larson@mentor.com> +Date: Wed, 5 Sep 2018 23:21:43 +0500 +Subject: [PATCH] check-setuid: use more portable find args + +Signed-off-by: Christopher Larson <chris_larson@mentor.com> +--- + plugins/check-setuid | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +Index: checksecurity-2.0.15/plugins/check-setuid +=================================================================== +--- checksecurity-2.0.15.orig/plugins/check-setuid 2018-09-06 00:49:23.930934294 +0500 ++++ checksecurity-2.0.15/plugins/check-setuid 2018-09-06 00:49:49.694934757 +0500 +@@ -99,7 +99,7 @@ + ionice -t -c3 \ + find `mount | grep -vE "$CHECKSECURITY_FILTER" | cut -d ' ' -f 3` \ + -xdev $PATHCHK \ +- \( -type f -perm +06000 -o \( \( -type b -o -type c \) \ ++ \( -type f \( -perm -4000 -o -perm -2000 \) -o \( \( -type b -o -type c \) \ + $DEVCHK \) \) \ + -ignore_readdir_race \ + -printf "%8i %5m %3n %-10u %-10g %9s %t %h/%f\n" | diff --git a/meta-security/recipes-security/clamav/clamav_0.99.4.bb b/meta-security/recipes-security/clamav/clamav_0.99.4.bb index 7f0433777..a340b4856 100644 --- a/meta-security/recipes-security/clamav/clamav_0.99.4.bb +++ b/meta-security/recipes-security/clamav/clamav_0.99.4.bb @@ -15,6 +15,7 @@ SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=rel/0.99 \ file://clamd.conf \ file://freshclam.conf \ file://volatiles.03_clamav \ + file://tmpfiles.clamav \ file://${BPN}.service \ file://freshclam-native.conf \ " @@ -104,11 +105,15 @@ do_install_append_class-target () { install -m 666 ${S}/clamav_db/* ${D}/${localstatedir}/lib/clamav/. if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)};then install -D -m 0644 ${WORKDIR}/clamav.service ${D}${systemd_unitdir}/system/clamav.service + install -d ${D}${sysconfdir}/tmpfiles.d + install -m 0644 ${WORKDIR}/tmpfiles.clamav ${D}${sysconfdir}/tmpfiles.d/clamav.conf fi } pkg_postinst_ontarget_${PN} () { - if [ -e /etc/init.d/populate-volatile.sh ] ; then + if command -v systemd-tmpfiles >/dev/null; then + systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/clamav.conf + elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then ${sysconfdir}/init.d/populate-volatile.sh update fi mkdir -p ${localstatedir}/lib/clamav @@ -140,6 +145,7 @@ FILES_${PN}-daemon = "${bindir}/clamconf ${bindir}/clamdtop ${sbindir}/clamd \ FILES_${PN}-freshclam = "${bindir}/freshclam \ ${sysconfdir}/freshclam.conf* \ ${sysconfdir}/clamav ${sysconfdir}/default/volatiles \ + ${sysconfdir}/tmpfiles.d/*.conf \ ${localstatedir}/lib/clamav \ ${docdir}/${PN}-freshclam ${mandir}/man1/freshclam.* \ ${mandir}/man5/freshclam.conf.* \ diff --git a/meta-security/recipes-security/clamav/files/tmpfiles.clamav b/meta-security/recipes-security/clamav/files/tmpfiles.clamav new file mode 100644 index 000000000..fd5adfeeb --- /dev/null +++ b/meta-security/recipes-security/clamav/files/tmpfiles.clamav @@ -0,0 +1,3 @@ +#Type Path Mode UID GID Age Argument +d /var/log/clamav 0755 clamav clamav - +f /var/log/clamav/freshclam.log 0644 clamav clamav - diff --git a/meta-security/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.05.bb b/meta-security/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.05.bb index 73b802fb9..2181629bd 100644 --- a/meta-security/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.05.bb +++ b/meta-security/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.05.bb @@ -10,7 +10,7 @@ DEPENDS = "libpam" S = "${WORKDIR}/git" -inherit autotools distro_features_check +inherit autotools features_check REQUIRED_DISTRO_FEATURES = "pam" diff --git a/meta-security/recipes-security/packagegroup/packagegroup-core-security-ptest.bb b/meta-security/recipes-security/packagegroup/packagegroup-core-security-ptest.bb index 39873b850..83a9ed83e 100644 --- a/meta-security/recipes-security/packagegroup/packagegroup-core-security-ptest.bb +++ b/meta-security/recipes-security/packagegroup/packagegroup-core-security-ptest.bb @@ -3,7 +3,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302 \ file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" -inherit distro_features_check +inherit features_check REQUIRED_DISTRO_FEATURES = "ptest" diff --git a/meta-security/recipes-security/sssd/sssd_1.16.4.bb b/meta-security/recipes-security/sssd/sssd_1.16.4.bb index 34bc8c804..089a99e0d 100644 --- a/meta-security/recipes-security/sssd/sssd_1.16.4.bb +++ b/meta-security/recipes-security/sssd/sssd_1.16.4.bb @@ -14,7 +14,7 @@ SRC_URI = "https://releases.pagure.org/SSSD/${BPN}/${BP}.tar.gz\ SRC_URI[md5sum] = "757bbb6f15409d8d075f4f06cb678d50" SRC_URI[sha256sum] = "6bb212cd6b75b918e945c24e7c3f95a486fb54d7f7d489a9334cfa1a1f3bf959" -inherit autotools pkgconfig gettext python-dir distro_features_check +inherit autotools pkgconfig gettext python-dir features_check REQUIRED_DISTRO_FEATURES = "pam" |