Age | Commit message (Collapse) | Author | Files | Lines |
|
Armin Kuster (16):
build cleanup: add iam to base depend
tripwire: Blacklist pkg, upstream seems abandond
tpm2-pkcs11: Update to 1.6.0
clamav: update to tip.
ossec-hids: add UPSTREAM_CHECK_COMMITS
python3-scapy: add UPSTREAM_CHECK_COMMITS
suricata: 4.1.x add UPSTREAM_CHECK_URI
ibmswtpm2: update to 1661
ibmtpm2tss: update to tip
packagegroup-core-security: fix typo for mips
Apparmor: fix multi config build issue.
aide: Add another ids
packagegroup-core-security: add aide and ossec
.gitlab-ci: drop clean up combine alt w base
clamav: fix systemd startup
packagegroup-core-security: add clamav-daemon
Change-Id: Id941ea16208920cfa31bf6d42f8a01fc9765ec7c
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
Anton Antonov (1):
gitlab-ci: Move all parsec builds into a separate job
Armin Kuster (12):
kas-security-base: Move some DISTRO_FEATURES around
*-tpm.yml: drop tpms jobs
gitlab-ci: move tpm build
.gitlab-ci: work on pipelime
gitlab-ci: cleanup after_script
gitlab-ci: add new before script
kas: cleanup some kas files
packagegroup-core-security: exclude apparmor in mips64
.gitlab-ci: use kas shell in some cases.
kas-security-base: fix feature namespace for tpm*
ossec-hids: add new pkg
libseccomp: drop recipe. In core now
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Icef0838533cbc51af188f574d4931ac3d250ba84
|
|
Anton Antonov (4):
Use libest "main" branch instead of "master".
Add meta-parsec layer into meta-security.
Define secure images with parsec-service and parsec-tool included and add the images into gitlab CI
Clearly define clang toolchain in Parsec recipes
Armin Kuster (16):
packagegroup-core-security: drop clamav-cvd
clamav: upgrade 104.0
python3-privacyidea: upgrade 3.5.1 -> 3.5.2
clamav: fix systemd service install
swtpm: now need python-cryptography, pull in layer
swtpm: file pip3 issue
swtpm: fix check for tscd deamon on host
python3-suricata-update: update to 1.2.1
suricata: update to 6.0.2
layer.conf: add dynamic-layer for rust pkg
README: cleanup
.gitlab-ci.yml: reorder to speed up builds
kas-security-base.yml: tweek build vars
gitlab-ci: fine tune order
clamav: remove rest of mirror.dat ref
lkrg-module: Add Linux Kernel Runtime Guard
Ming Liu (2):
meta: drop IMA_POLICY from policy recipes
initramfs-framework-ima: introduce IMA_FORCE
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Ifac35a0d7b7e724f1e30dce5f6634d5d4fc9b5b9
|
|
Armin Kuster (19):
softhsm: drop pkg as meta-oe has it
apparmor: Inherit python3targetconfig
python3-suricata-update: Inherit python3targetconfig
openscap: Inherit python3targetconfig
scap-security-guide: Inherit python3targetconfig
nikito: Update common-licenses references to match new names
kas-security-base.yml: build setting updates
kas-security-base.yml: drop DL_DIR
arpwatch: upgrade 3.0 -> 3.1
checksec: upgrade 2.1.0 -> 2.4.0
ding-libs: upgrade 0.5.0 -> 0.6.1
fscryptctl: upgrade 0.1.0 -> 1.0.0
libseccomp: upgrade 2.5.0 -> 2.5.1
python3-privacyidea: upgrade 3.3 -> 3.5.1
python3-scapy: upgrade 2.4.3 -> 2.4.4
samhain: update to 4.4.3
opendnssec: update to 2.1.8
suricata: update to 4.10.0
python3-fail2ban: update to 0.11.2
Jate Sujjavanich (1):
scap-security-guide: Fix openembedded platform tests and build
Ming Liu (9):
ima-evm-utils: set native REQUIRED_DISTRO_FEATURES to empty
initramfs-framework-ima: fix a wrong path
ima-evm-keys: add recipe
initramfs-framework-ima: RDEPENDS on ima-evm-keys
meta: refactor IMA/EVM sign rootfs
README.md: update according to the refactoring in ima-evm-rootfs.bbclass
initramfs-framework-ima: let ima_enabled return 0
ima-evm-rootfs.bbclass: avoid generating /etc/fstab for wic
ima-policy-hashed: add CGROUP2_SUPER_MAGIC fsmagic
Yi Zhao (1):
ibmswtpm2: disable camellia algorithm
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Ic7dc6f5425a1493ac0534e10ed682662d109e60c
|
|
Armin Kuster (2):
samhain: update to 4.4.2
kas-security-base: Don't create local SSTATE mirror
Yi Zhao (3):
suricata: unify volatiles file name
clamav: unify volatiles file name
scap-security-guide: fix build with Python 3.9
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I60c6ba8c22593542165dbd1af0606e01f6473b33
|
|
Armin Kuster (3):
meta-security: Add gatesgarth to LAYERSERIES_COMPAT
gitlab-ci: add meta-hardening build image
gitlab-ci: add building meta-security-compliance pkgs
Sajjad Ahmed (1):
layer.conf: use += instead of := to update BBFILES
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Id5439f3fdfc88fe3c987ee3c8cb7d3ed6a5a6a22
|
|
Adrian (1):
gitignore added
Armin Kuster (31):
kas: build with ptest. remove apparmor
softHSM: add pkg
packagegroup-core-security: add softHSM
libest: add recipe
packagegroup-core-security: add libest package
opendnssec: add recipe
packagegroup-core-security: add opendnssec to pkg grp
gitlab-ci: allow test to fail
libseccomp: fix ptest failures.
packagegroup-core-security-ptest: remove keyutils-ptest
security-test-image: simplify
packagegroup-core-security-ptest: remove
apparmor: fix build issue with ptest enabled.
security-test-image: tweak to get more tests to runn
apparmor: update to 3.0
packagegroup-core-security: apparmor 3.0 ptest does not build
suricata: fix compiling on gcc10
qemux86-test: add apparmor back
apparmor: fix build for on musl
ecryptfs-utils: fix musl build
libest: fix musl build.
sssd: update to latest ltm 1.16.5
packagegroup-core-security: remove clamav from musl image
suricata: update to 4.1.9
kas: fixup alt configs
gitlab-ci: add qemux86 and qemuarm64 musl builds
tpm2-tss: update to 2.4.3
tpm2-totp: update to 0.2.1
tpm2-abrmd: update to 2.3.3
tpm2-tools: update to 4.3.0
tpm2-pkcs11: update to 1.4.0
Mingli Yu (1):
scap-security-guide: add expat-native to DEPENDS
Naveen Saini (3):
initramfs-framework/dmverity: add retry loop for slow boot devices
wic: add wks.in for intel dm-verity
linux-%/5.x: Add dm-verity fragment as needed
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: If3a721fdd99bb6e35c82cf4e7485f06cebaef905
|
|
Armin Kuster (20):
trousers: update to tip
upload-error-report: add script to upload errors
kas/kas-security-base.yml: lets enable error reporting
.gitlab: send error reports
cryptsetup-tpm-incubator: drop recipe
sssd: Avoid nss function conflicts with glibc nss.h
cryptsetup-tpm-incubator: remove reference from other files
packagegroup-core-security: dont include suricata on riscv or ppc
kas-security-base: add testimage
kas: add test config
kas: add one dm-verify image build
gitlab-ci: add dm-verify-image
gitlab-ci: add testimage
meta-harden: Add a layer to demo harding OE/YP
kas-security-base: define sections as base
packagegroup-core-security: add more pkgs to base group
apparmor: exclude mips64, not supported
kas: add alt and mutli build images
kas-security-base: set RPM and disable ptest
qemu test: set ptest
Charlie Davies (1):
clamav: update SO_VER to 9.0.4
Jens Rehsack (2):
ibmswtpm2: update to 1637
ibmtpm2tss: add recipe
Jonatan PĂ„lsson (1):
sssd: Make manpages buildable
Qi.Chen@windriver.com (1):
nss: update patch to fix do_patch error
Zheng Ruoqin (1):
trousers: Fix the problem that do_package fails when multilib is enabled.
niko.mauno@vaisala.com (12):
dm-verity-img.bbclass: Fix bashisms
dm-verity-img.bbclass: Reorder parse-time check
dm-verity-image-initramfs: Ensure verity hash sync
dm-verity-image-initramfs: Bind at do_image instead
linux-yocto(-dev): Add dm-verity fragment as needed
dm-verity-img.bbclass: Stage verity.env file
initramfs-framework: Add dmverity module
dm-verity-image-initramfs: Use initramfs-framework
dm-verity-initramfs-image: Cosmetic improvements
dm-verity-image-initramfs: Add base-passwd package
dm-verity-image-initramfs: Drop locales from image
beaglebone-yocto-verity.wks.in: Refer IMGDEPLOYDIR
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I9f2debc1f48092734569fd106b56cd7bcb6180b7
|
|
Armin Kuster (9):
python3-oauth2client: add recipe
python3-privacyidea: adding initial support for mfa
strongswan: add bbappends for tpm changes
layer.conf: add dynamic-layer for strongswan
strongswan: Add bbappends for ima changes
meta-integrity: add dynamic-layer for strongswan
add gitlab framework and qemu machine
kas: add ima, tpm and tpm2 build configs
drop ci-build: it is hiding errors
Jeremy Puhlman (2):
cryptsetup-tpm-incubator: RPROVIDES cryptsetup and cryptsetup-dev
packagegroup-security-tpm2: Depend on preferred provider for cryptsetup
Zheng Ruoqin (2):
ccs-tools:Fix build error when enable multilib.
bastille: Deleted redundant inherit to fix error when enable multilib.
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I023e45c8080c3d423cd25cc656da5c1f527295e5
|