From 5bea8d8239056487ed7ec39d7b1c319c664dcf68 Mon Sep 17 00:00:00 2001
From: Andrew Geissler <geissonator@yahoo.com>
Date: Fri, 24 Jul 2020 16:10:05 -0500
Subject: meta-security: subtree update:547f552c85..066a04425c

Armin Kuster (9):
      python3-oauth2client: add recipe
      python3-privacyidea: adding initial support for mfa
      strongswan: add bbappends for tpm changes
      layer.conf: add dynamic-layer for strongswan
      strongswan: Add bbappends for ima changes
      meta-integrity: add dynamic-layer for strongswan
      add gitlab framework and qemu machine
      kas: add ima, tpm and tpm2 build configs
      drop ci-build: it is hiding errors

Jeremy Puhlman (2):
      cryptsetup-tpm-incubator: RPROVIDES cryptsetup and cryptsetup-dev
      packagegroup-security-tpm2: Depend on preferred provider for cryptsetup

Zheng Ruoqin (2):
      ccs-tools:Fix build error when enable multilib.
      bastille: Deleted redundant inherit to fix error when enable multilib.

Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I023e45c8080c3d423cd25cc656da5c1f527295e5
---
 meta-security/meta-integrity/conf/layer.conf       |  4 ++
 .../recipes-support/strongswan/strongswan-ima.inc  | 61 ++++++++++++++++++++++
 .../strongswan/strongswan_5.%.bbappend             |  1 +
 3 files changed, 66 insertions(+)
 create mode 100644 meta-security/meta-integrity/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-ima.inc
 create mode 100644 meta-security/meta-integrity/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan_5.%.bbappend

(limited to 'meta-security/meta-integrity')

diff --git a/meta-security/meta-integrity/conf/layer.conf b/meta-security/meta-integrity/conf/layer.conf
index b4edac383..f905b0be4 100644
--- a/meta-security/meta-integrity/conf/layer.conf
+++ b/meta-security/meta-integrity/conf/layer.conf
@@ -26,3 +26,7 @@ LAYERSERIES_COMPAT_integrity = "dunfell"
 LAYERDEPENDS_integrity = "core openembedded-layer"
 
 BBLAYERS_LAYERINDEX_NAME_integrity = "meta-integrity"
+
+BBFILES_DYNAMIC += " \
+networking-layer:${LAYERDIR}/dynamic-layers/meta-networking/recipes-*/*/*.bbappend \
+"
diff --git a/meta-security/meta-integrity/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-ima.inc b/meta-security/meta-integrity/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-ima.inc
new file mode 100644
index 000000000..a45182e51
--- /dev/null
+++ b/meta-security/meta-integrity/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-ima.inc
@@ -0,0 +1,61 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+
+DEPENDS = "libtspi"
+
+SRC_URI_append = " file://0001-xfrmi-Only-build-if-libcharon-is-built.patch"
+
+PACKAGECONFIG += " \
+    aikgen \
+    tpm \
+"
+
+PACKAGECONFIG[tpm] = "--enable-tpm,--disable-tpm,,"
+PACKAGECONFIG[aikgen] = "--enable-aikgen,--disable-aikgen,,"
+
+PACKAGECONFIG_ima += "\
+    imc-test \
+    imv-test \
+    imc-scanner \
+    imv-scanner \
+    imc-os \
+    imv-os \
+    imc-attestation \
+    imv-attestation \
+    tnc-ifmap \
+    tnc-imc \
+    tnc-imv \
+    tnc-pdp \
+    tnccs-11 \
+    tnccs-20 \
+    tnccs-dynamic \
+    "
+
+EXTRA_OECONF += "--with-linux-headers=${STAGING_KERNEL_DIR}"
+
+PACKAGECONFIG[imc-test] = "--enable-imc-test,--disable-imc-test,,"
+PACKAGECONFIG[imc-scanner] = "--enable-imc-scanner,--disable-imc-scanner,,"
+PACKAGECONFIG[imc-os] = "--enable-imc-os,--disable-imc-os,,"
+PACKAGECONFIG[imc-attestation] = "--enable-imc-attestation,--disable-imc-attestation,,"
+PACKAGECONFIG[imc-swima] = "--enable-imc-swima, --disable-imc-swima,,"
+PACKAGECONFIG[imc-hcd] = "--enable-imc-hcd, --disable-imc-hcd,,"
+PACKAGECONFIG[tnc-imc] = "--enable-tnc-imc,--disable-tnc-imc,,"
+
+PACKAGECONFIG[imv-test] = "--enable-imv-test,--disable-imv-test,,"
+PACKAGECONFIG[imv-scanner] = "--enable-imv-scanner,--disable-imv-scanner,,"
+PACKAGECONFIG[imv-os] = "--enable-imv-os,--disable-imv-os,,"
+PACKAGECONFIG[imv-attestation] = "--enable-imv-attestation,--disable-imv-attestation,,"
+PACKAGECONFIG[imv-swima] = "--enable-imv-swima, --disable-imv-swima,,"
+PACKAGECONFIG[imv-hcd] = "--enable-imv-hcd, --disable-imv-hcd,,"
+PACKAGECONFIG[tnc-imv] = "--enable-tnc-imv,--disable-tnc-imv,,"
+
+PACKAGECONFIG[tnc-ifmap] = "--enable-tnc-ifmap,--disable-tnc-ifmap,libxml2,"
+PACKAGECONFIG[tnc-pdp] = "--enable-tnc-pdp,--disable-tnc-pdp,,"
+
+PACKAGECONFIG[tnccs-11] = "--enable-tnccs-11,--disable-tnccs-11,libxml2,"
+PACKAGECONFIG[tnccs-20] = "--enable-tnccs-20,--disable-tnccs-20,,"
+PACKAGECONFIG[tnccs-dynamic] = "--enable-tnccs-dynamic,--disable-tnccs-dynamic,,"
+
+#FILES_${PN} += "${libdir}/ipsec/imcvs/*.so ${datadir}/regid.2004-03.org.strongswan"
+#FILES_${PN}-dbg += "${libdir}/ipsec/imcvs/.debug"
+#FILES_${PN}-dev += "${libdir}/ipsec/imcvs/*.la"
+#FILES_${PN}-staticdev += "${libdir}/ipsec/imcvs/*.a"
diff --git a/meta-security/meta-integrity/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan_5.%.bbappend b/meta-security/meta-integrity/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan_5.%.bbappend
new file mode 100644
index 000000000..4669fd2a1
--- /dev/null
+++ b/meta-security/meta-integrity/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan_5.%.bbappend
@@ -0,0 +1 @@
+require ${@bb.utils.contains('DISTRO_FEATURES', 'imp', 'strongswan-ima.inc', '', d)}
-- 
cgit v1.2.3