diff options
Diffstat (limited to 'meta-security')
-rw-r--r-- | meta-security/conf/layer.conf | 2 | ||||
-rw-r--r-- | meta-security/lib/oeqa/runtime/cases/checksec.py | 1 | ||||
-rw-r--r-- | meta-security/meta-integrity/conf/layer.conf | 2 | ||||
-rw-r--r-- | meta-security/meta-security-compliance/conf/layer.conf | 2 | ||||
-rw-r--r-- | meta-security/meta-tpm/conf/layer.conf | 2 | ||||
-rw-r--r-- | meta-security/recipes-ids/suricata/suricata_4.1.5.bb | 3 | ||||
-rw-r--r-- | meta-security/recipes-mac/AppArmor/apparmor_2.13.3.bb | 44 | ||||
-rw-r--r-- | meta-security/recipes-security/checksec/checksec_2.1.0.bb | 2 |
8 files changed, 43 insertions, 15 deletions
diff --git a/meta-security/conf/layer.conf b/meta-security/conf/layer.conf index b9a4f254c..3e890e12e 100644 --- a/meta-security/conf/layer.conf +++ b/meta-security/conf/layer.conf @@ -9,6 +9,6 @@ BBFILE_COLLECTIONS += "security" BBFILE_PATTERN_security = "^${LAYERDIR}/" BBFILE_PRIORITY_security = "8" -LAYERSERIES_COMPAT_security = "warrior" +LAYERSERIES_COMPAT_security = "zeus" LAYERDEPENDS_security = "core openembedded-layer perl-layer networking-layer meta-python" diff --git a/meta-security/lib/oeqa/runtime/cases/checksec.py b/meta-security/lib/oeqa/runtime/cases/checksec.py index ff6d2f319..e46744c63 100644 --- a/meta-security/lib/oeqa/runtime/cases/checksec.py +++ b/meta-security/lib/oeqa/runtime/cases/checksec.py @@ -24,6 +24,7 @@ class CheckSecTest(OERuntimeTestCase): self.assertEqual(status, 0, msg = msg) @OETestDepends(['checksec.CheckSecTest.test_checksec_xml']) + @OEHasPackage(['binutils']) def test_checksec_fortify(self): status, output = self.target.run('checksec --fortify-proc 1') match = re.search('FORTIFY_SOURCE support:', output) diff --git a/meta-security/meta-integrity/conf/layer.conf b/meta-security/meta-integrity/conf/layer.conf index 41989da38..962424ccb 100644 --- a/meta-security/meta-integrity/conf/layer.conf +++ b/meta-security/meta-integrity/conf/layer.conf @@ -21,6 +21,6 @@ INTEGRITY_BASE := '${LAYERDIR}' # interactive shell is enough. OE_TERMINAL_EXPORTS += "INTEGRITY_BASE" -LAYERSERIES_COMPAT_integrity = "warrior" +LAYERSERIES_COMPAT_integrity = "zeus" # ima-evm-utils depends on keyutils from meta-oe LAYERDEPENDS_integrity = "core openembedded-layer" diff --git a/meta-security/meta-security-compliance/conf/layer.conf b/meta-security/meta-security-compliance/conf/layer.conf index 9ccadab8b..0e93bd0e8 100644 --- a/meta-security/meta-security-compliance/conf/layer.conf +++ b/meta-security/meta-security-compliance/conf/layer.conf @@ -8,6 +8,6 @@ BBFILE_COLLECTIONS += "scanners-layer" BBFILE_PATTERN_scanners-layer = "^${LAYERDIR}/" BBFILE_PRIORITY_scanners-layer = "10" -LAYERSERIES_COMPAT_scanners-layer = "warrior" +LAYERSERIES_COMPAT_scanners-layer = "zeus" LAYERDEPENDS_scanners-layer = "core openembedded-layer meta-python" diff --git a/meta-security/meta-tpm/conf/layer.conf b/meta-security/meta-tpm/conf/layer.conf index cdccc553e..3af2d9517 100644 --- a/meta-security/meta-tpm/conf/layer.conf +++ b/meta-security/meta-tpm/conf/layer.conf @@ -8,7 +8,7 @@ BBFILE_COLLECTIONS += "tpm-layer" BBFILE_PATTERN_tpm-layer = "^${LAYERDIR}/" BBFILE_PRIORITY_tpm-layer = "10" -LAYERSERIES_COMPAT_tpm-layer = "warrior" +LAYERSERIES_COMPAT_tpm-layer = "zeus" LAYERDEPENDS_tpm-layer = " \ core \ diff --git a/meta-security/recipes-ids/suricata/suricata_4.1.5.bb b/meta-security/recipes-ids/suricata/suricata_4.1.5.bb index cda1c870f..e15a9a337 100644 --- a/meta-security/recipes-ids/suricata/suricata_4.1.5.bb +++ b/meta-security/recipes-ids/suricata/suricata_4.1.5.bb @@ -52,9 +52,6 @@ do_install_append () { oe_runmake install-conf DESTDIR=${D} - # mimic move of downloaded rules to e_sysconfrulesdir - cp -rf ${WORKDIR}/rules ${D}${sysconfdir}/suricata - oe_runmake install-rules DESTDIR=${D} install -d ${D}${sysconfdir}/suricata ${D}${sysconfdir}/default/volatiles diff --git a/meta-security/recipes-mac/AppArmor/apparmor_2.13.3.bb b/meta-security/recipes-mac/AppArmor/apparmor_2.13.3.bb index 2e5d221c3..60d5e6880 100644 --- a/meta-security/recipes-mac/AppArmor/apparmor_2.13.3.bb +++ b/meta-security/recipes-mac/AppArmor/apparmor_2.13.3.bb @@ -32,16 +32,16 @@ PARALLEL_MAKE = "" inherit pkgconfig autotools-brokensep update-rc.d python3native perlnative ptest cpan manpages systemd -PACKAGECONFIG ??= "python perl" +PACKAGECONFIG ??= "python perl aa-decode" PACKAGECONFIG[manpages] = "--enable-man-pages, --disable-man-pages" PACKAGECONFIG[python] = "--with-python, --without-python, python3 swig-native" PACKAGECONFIG[perl] = "--with-perl, --without-perl, perl perl-native swig-native" PACKAGECONFIG[apache2] = ",,apache2," +PACKAGECONFIG[aa-decode] = ",,,bash" PAMLIB="${@bb.utils.contains('DISTRO_FEATURES', 'pam', '1', '0', d)}" HTTPD="${@bb.utils.contains('PACKAGECONFIG', 'apache2', '1', '0', d)}" - python() { if 'apache2' in d.getVar('PACKAGECONFIG').split() and \ 'webserver' not in d.getVar('BBFILE_COLLECTIONS').split(): @@ -85,7 +85,6 @@ do_compile () { do_install () { install -d ${D}/${INIT_D_DIR} install -d ${D}/lib/apparmor - oe_runmake -C ${B}/libraries/libapparmor DESTDIR="${D}" install oe_runmake -C ${B}/binutils DESTDIR="${D}" install oe_runmake -C ${B}/utils DESTDIR="${D}" install @@ -97,6 +96,10 @@ do_install () { rm -f ${D}${sbindir}/aa-notify fi + if ! ${@bb.utils.contains('PACKAGECONFIG','aa-decode','true','false', d)}; then + rm -f ${D}${sbindir}/aa-decode + fi + if test -z "${HTTPD}" ; then oe_runmake -C ${B}/changehat/mod_apparmor DESTDIR="${D}" install fi @@ -111,8 +114,22 @@ do_install () { install ${WORKDIR}/apparmor ${D}/${INIT_D_DIR}/apparmor install ${WORKDIR}/functions ${D}/lib/apparmor - install -d ${D}${systemd_system_unitdir} - install ${WORKDIR}/apparmor.service ${D}${systemd_system_unitdir} + sed -i -e 's/getconf _NPROCESSORS_ONLN/nproc/' ${D}/lib/apparmor/functions + sed -i -e 's/ls -AU/ls -A/' ${D}/lib/apparmor/functions + + if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then + install -d ${D}${systemd_system_unitdir} + install ${WORKDIR}/apparmor.service ${D}${systemd_system_unitdir} + fi +} + +#Building ptest on arm fails. +do_compile_ptest_aarch64 () { + : +} + +do_compile_ptest_arm () { + : } do_compile_ptest () { @@ -142,26 +159,39 @@ do_install_ptest () { cp -rf ${B}/binutils ${t} } +#Building ptest on arm fails. +do_install_ptest_aarch64 () { + : +} + +do_install_ptest_arm() { + : +} + pkg_postinst_ontarget_${PN} () { if [ ! -d /etc/apparmor.d/cache ] ; then mkdir /etc/apparmor.d/cache fi } +# We need the init script so don't rm it +RMINITDIR_class-target_remove = " rm_sysvinit_initddir" + INITSCRIPT_PACKAGES = "${PN}" INITSCRIPT_NAME = "apparmor" INITSCRIPT_PARAMS = "start 16 2 3 4 5 . stop 35 0 1 6 ." SYSTEMD_PACKAGES = "${PN}" SYSTEMD_SERVICE_${PN} = "apparmor.service" -SYSTEMD_AUTO_ENABLE = "disable" +SYSTEMD_AUTO_ENABLE ?= "enable" PACKAGES += "mod-${PN}" FILES_${PN} += "/lib/apparmor/ ${sysconfdir}/apparmor ${PYTHON_SITEPACKAGES_DIR}" FILES_mod-${PN} = "${libdir}/apache2/modules/*" -RDEPENDS_${PN} += "bash" RDEPENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','python','python3-core python3-modules','', d)}" RDEPENDS_${PN}_remove += "${@bb.utils.contains('PACKAGECONFIG','perl','','perl', d)}" RDEPENDS_${PN}-ptest += "perl coreutils dbus-lib bash" + +PRIVATE_LIBS_${PN}-ptest = "libapparmor.so*" diff --git a/meta-security/recipes-security/checksec/checksec_2.1.0.bb b/meta-security/recipes-security/checksec/checksec_2.1.0.bb index 5c6528e48..b67c98bb6 100644 --- a/meta-security/recipes-security/checksec/checksec_2.1.0.bb +++ b/meta-security/recipes-security/checksec/checksec_2.1.0.bb @@ -16,4 +16,4 @@ do_install() { install -m 0755 ${S}/checksec ${D}${bindir} } -RDEPENDS_${PN} = "bash openssl-bin" +RDEPENDS_${PN} = "bash openssl-bin binutils" |