summaryrefslogtreecommitdiff
path: root/meta-security
diff options
context:
space:
mode:
Diffstat (limited to 'meta-security')
-rw-r--r--meta-security/conf/layer.conf2
-rw-r--r--meta-security/lib/oeqa/runtime/cases/checksec.py1
-rw-r--r--meta-security/meta-integrity/conf/layer.conf2
-rw-r--r--meta-security/meta-security-compliance/conf/layer.conf2
-rw-r--r--meta-security/meta-tpm/conf/layer.conf2
-rw-r--r--meta-security/recipes-ids/suricata/suricata_4.1.5.bb3
-rw-r--r--meta-security/recipes-mac/AppArmor/apparmor_2.13.3.bb44
-rw-r--r--meta-security/recipes-security/checksec/checksec_2.1.0.bb2
8 files changed, 43 insertions, 15 deletions
diff --git a/meta-security/conf/layer.conf b/meta-security/conf/layer.conf
index b9a4f254c..3e890e12e 100644
--- a/meta-security/conf/layer.conf
+++ b/meta-security/conf/layer.conf
@@ -9,6 +9,6 @@ BBFILE_COLLECTIONS += "security"
BBFILE_PATTERN_security = "^${LAYERDIR}/"
BBFILE_PRIORITY_security = "8"
-LAYERSERIES_COMPAT_security = "warrior"
+LAYERSERIES_COMPAT_security = "zeus"
LAYERDEPENDS_security = "core openembedded-layer perl-layer networking-layer meta-python"
diff --git a/meta-security/lib/oeqa/runtime/cases/checksec.py b/meta-security/lib/oeqa/runtime/cases/checksec.py
index ff6d2f319..e46744c63 100644
--- a/meta-security/lib/oeqa/runtime/cases/checksec.py
+++ b/meta-security/lib/oeqa/runtime/cases/checksec.py
@@ -24,6 +24,7 @@ class CheckSecTest(OERuntimeTestCase):
self.assertEqual(status, 0, msg = msg)
@OETestDepends(['checksec.CheckSecTest.test_checksec_xml'])
+ @OEHasPackage(['binutils'])
def test_checksec_fortify(self):
status, output = self.target.run('checksec --fortify-proc 1')
match = re.search('FORTIFY_SOURCE support:', output)
diff --git a/meta-security/meta-integrity/conf/layer.conf b/meta-security/meta-integrity/conf/layer.conf
index 41989da38..962424ccb 100644
--- a/meta-security/meta-integrity/conf/layer.conf
+++ b/meta-security/meta-integrity/conf/layer.conf
@@ -21,6 +21,6 @@ INTEGRITY_BASE := '${LAYERDIR}'
# interactive shell is enough.
OE_TERMINAL_EXPORTS += "INTEGRITY_BASE"
-LAYERSERIES_COMPAT_integrity = "warrior"
+LAYERSERIES_COMPAT_integrity = "zeus"
# ima-evm-utils depends on keyutils from meta-oe
LAYERDEPENDS_integrity = "core openembedded-layer"
diff --git a/meta-security/meta-security-compliance/conf/layer.conf b/meta-security/meta-security-compliance/conf/layer.conf
index 9ccadab8b..0e93bd0e8 100644
--- a/meta-security/meta-security-compliance/conf/layer.conf
+++ b/meta-security/meta-security-compliance/conf/layer.conf
@@ -8,6 +8,6 @@ BBFILE_COLLECTIONS += "scanners-layer"
BBFILE_PATTERN_scanners-layer = "^${LAYERDIR}/"
BBFILE_PRIORITY_scanners-layer = "10"
-LAYERSERIES_COMPAT_scanners-layer = "warrior"
+LAYERSERIES_COMPAT_scanners-layer = "zeus"
LAYERDEPENDS_scanners-layer = "core openembedded-layer meta-python"
diff --git a/meta-security/meta-tpm/conf/layer.conf b/meta-security/meta-tpm/conf/layer.conf
index cdccc553e..3af2d9517 100644
--- a/meta-security/meta-tpm/conf/layer.conf
+++ b/meta-security/meta-tpm/conf/layer.conf
@@ -8,7 +8,7 @@ BBFILE_COLLECTIONS += "tpm-layer"
BBFILE_PATTERN_tpm-layer = "^${LAYERDIR}/"
BBFILE_PRIORITY_tpm-layer = "10"
-LAYERSERIES_COMPAT_tpm-layer = "warrior"
+LAYERSERIES_COMPAT_tpm-layer = "zeus"
LAYERDEPENDS_tpm-layer = " \
core \
diff --git a/meta-security/recipes-ids/suricata/suricata_4.1.5.bb b/meta-security/recipes-ids/suricata/suricata_4.1.5.bb
index cda1c870f..e15a9a337 100644
--- a/meta-security/recipes-ids/suricata/suricata_4.1.5.bb
+++ b/meta-security/recipes-ids/suricata/suricata_4.1.5.bb
@@ -52,9 +52,6 @@ do_install_append () {
oe_runmake install-conf DESTDIR=${D}
- # mimic move of downloaded rules to e_sysconfrulesdir
- cp -rf ${WORKDIR}/rules ${D}${sysconfdir}/suricata
-
oe_runmake install-rules DESTDIR=${D}
install -d ${D}${sysconfdir}/suricata ${D}${sysconfdir}/default/volatiles
diff --git a/meta-security/recipes-mac/AppArmor/apparmor_2.13.3.bb b/meta-security/recipes-mac/AppArmor/apparmor_2.13.3.bb
index 2e5d221c3..60d5e6880 100644
--- a/meta-security/recipes-mac/AppArmor/apparmor_2.13.3.bb
+++ b/meta-security/recipes-mac/AppArmor/apparmor_2.13.3.bb
@@ -32,16 +32,16 @@ PARALLEL_MAKE = ""
inherit pkgconfig autotools-brokensep update-rc.d python3native perlnative ptest cpan manpages systemd
-PACKAGECONFIG ??= "python perl"
+PACKAGECONFIG ??= "python perl aa-decode"
PACKAGECONFIG[manpages] = "--enable-man-pages, --disable-man-pages"
PACKAGECONFIG[python] = "--with-python, --without-python, python3 swig-native"
PACKAGECONFIG[perl] = "--with-perl, --without-perl, perl perl-native swig-native"
PACKAGECONFIG[apache2] = ",,apache2,"
+PACKAGECONFIG[aa-decode] = ",,,bash"
PAMLIB="${@bb.utils.contains('DISTRO_FEATURES', 'pam', '1', '0', d)}"
HTTPD="${@bb.utils.contains('PACKAGECONFIG', 'apache2', '1', '0', d)}"
-
python() {
if 'apache2' in d.getVar('PACKAGECONFIG').split() and \
'webserver' not in d.getVar('BBFILE_COLLECTIONS').split():
@@ -85,7 +85,6 @@ do_compile () {
do_install () {
install -d ${D}/${INIT_D_DIR}
install -d ${D}/lib/apparmor
-
oe_runmake -C ${B}/libraries/libapparmor DESTDIR="${D}" install
oe_runmake -C ${B}/binutils DESTDIR="${D}" install
oe_runmake -C ${B}/utils DESTDIR="${D}" install
@@ -97,6 +96,10 @@ do_install () {
rm -f ${D}${sbindir}/aa-notify
fi
+ if ! ${@bb.utils.contains('PACKAGECONFIG','aa-decode','true','false', d)}; then
+ rm -f ${D}${sbindir}/aa-decode
+ fi
+
if test -z "${HTTPD}" ; then
oe_runmake -C ${B}/changehat/mod_apparmor DESTDIR="${D}" install
fi
@@ -111,8 +114,22 @@ do_install () {
install ${WORKDIR}/apparmor ${D}/${INIT_D_DIR}/apparmor
install ${WORKDIR}/functions ${D}/lib/apparmor
- install -d ${D}${systemd_system_unitdir}
- install ${WORKDIR}/apparmor.service ${D}${systemd_system_unitdir}
+ sed -i -e 's/getconf _NPROCESSORS_ONLN/nproc/' ${D}/lib/apparmor/functions
+ sed -i -e 's/ls -AU/ls -A/' ${D}/lib/apparmor/functions
+
+ if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
+ install -d ${D}${systemd_system_unitdir}
+ install ${WORKDIR}/apparmor.service ${D}${systemd_system_unitdir}
+ fi
+}
+
+#Building ptest on arm fails.
+do_compile_ptest_aarch64 () {
+ :
+}
+
+do_compile_ptest_arm () {
+ :
}
do_compile_ptest () {
@@ -142,26 +159,39 @@ do_install_ptest () {
cp -rf ${B}/binutils ${t}
}
+#Building ptest on arm fails.
+do_install_ptest_aarch64 () {
+ :
+}
+
+do_install_ptest_arm() {
+ :
+}
+
pkg_postinst_ontarget_${PN} () {
if [ ! -d /etc/apparmor.d/cache ] ; then
mkdir /etc/apparmor.d/cache
fi
}
+# We need the init script so don't rm it
+RMINITDIR_class-target_remove = " rm_sysvinit_initddir"
+
INITSCRIPT_PACKAGES = "${PN}"
INITSCRIPT_NAME = "apparmor"
INITSCRIPT_PARAMS = "start 16 2 3 4 5 . stop 35 0 1 6 ."
SYSTEMD_PACKAGES = "${PN}"
SYSTEMD_SERVICE_${PN} = "apparmor.service"
-SYSTEMD_AUTO_ENABLE = "disable"
+SYSTEMD_AUTO_ENABLE ?= "enable"
PACKAGES += "mod-${PN}"
FILES_${PN} += "/lib/apparmor/ ${sysconfdir}/apparmor ${PYTHON_SITEPACKAGES_DIR}"
FILES_mod-${PN} = "${libdir}/apache2/modules/*"
-RDEPENDS_${PN} += "bash"
RDEPENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','python','python3-core python3-modules','', d)}"
RDEPENDS_${PN}_remove += "${@bb.utils.contains('PACKAGECONFIG','perl','','perl', d)}"
RDEPENDS_${PN}-ptest += "perl coreutils dbus-lib bash"
+
+PRIVATE_LIBS_${PN}-ptest = "libapparmor.so*"
diff --git a/meta-security/recipes-security/checksec/checksec_2.1.0.bb b/meta-security/recipes-security/checksec/checksec_2.1.0.bb
index 5c6528e48..b67c98bb6 100644
--- a/meta-security/recipes-security/checksec/checksec_2.1.0.bb
+++ b/meta-security/recipes-security/checksec/checksec_2.1.0.bb
@@ -16,4 +16,4 @@ do_install() {
install -m 0755 ${S}/checksec ${D}${bindir}
}
-RDEPENDS_${PN} = "bash openssl-bin"
+RDEPENDS_${PN} = "bash openssl-bin binutils"
generated by cgit v1.2.3 (git 2.39.0) at 2024-07-17 00:50:27 +0300