From f1e440673465aa768f31e78c0c201002f9f767b7 Mon Sep 17 00:00:00 2001 From: Andrew Geissler Date: Thu, 15 Apr 2021 15:52:46 -0500 Subject: meta-security: subtree update:775870980b..ca9264b1e1 Anton Antonov (4): Use libest "main" branch instead of "master". Add meta-parsec layer into meta-security. Define secure images with parsec-service and parsec-tool included and add the images into gitlab CI Clearly define clang toolchain in Parsec recipes Armin Kuster (16): packagegroup-core-security: drop clamav-cvd clamav: upgrade 104.0 python3-privacyidea: upgrade 3.5.1 -> 3.5.2 clamav: fix systemd service install swtpm: now need python-cryptography, pull in layer swtpm: file pip3 issue swtpm: fix check for tscd deamon on host python3-suricata-update: update to 1.2.1 suricata: update to 6.0.2 layer.conf: add dynamic-layer for rust pkg README: cleanup .gitlab-ci.yml: reorder to speed up builds kas-security-base.yml: tweek build vars gitlab-ci: fine tune order clamav: remove rest of mirror.dat ref lkrg-module: Add Linux Kernel Runtime Guard Ming Liu (2): meta: drop IMA_POLICY from policy recipes initramfs-framework-ima: introduce IMA_FORCE Signed-off-by: Andrew Geissler Change-Id: Ifac35a0d7b7e724f1e30dce5f6634d5d4fc9b5b9 --- meta-security/meta-parsec/README.md | 186 +++++++++++++++++++++ meta-security/meta-parsec/conf/layer.conf | 14 ++ .../parsec-service/files/cryptoki.patch | 18 ++ .../parsec-service/files/parsec-tmpfiles.conf | 2 + .../parsec-service/files/parsec_init | 63 +++++++ .../parsec-service/files/systemd.patch | 19 +++ .../parsec-service/parsec-service_0.7.0.bb | 67 ++++++++ .../parsec-service/parsec-service_0.7.0.inc | 147 ++++++++++++++++ .../parsec-tool/parsec-tool_0.3.0.bb | 17 ++ .../parsec-tool/parsec-tool_0.3.0.inc | 127 ++++++++++++++ 10 files changed, 660 insertions(+) create mode 100644 meta-security/meta-parsec/README.md create mode 100644 meta-security/meta-parsec/conf/layer.conf create mode 100644 meta-security/meta-parsec/recipes-parsec/parsec-service/files/cryptoki.patch create mode 100644 meta-security/meta-parsec/recipes-parsec/parsec-service/files/parsec-tmpfiles.conf create mode 100755 meta-security/meta-parsec/recipes-parsec/parsec-service/files/parsec_init create mode 100644 meta-security/meta-parsec/recipes-parsec/parsec-service/files/systemd.patch create mode 100644 meta-security/meta-parsec/recipes-parsec/parsec-service/parsec-service_0.7.0.bb create mode 100644 meta-security/meta-parsec/recipes-parsec/parsec-service/parsec-service_0.7.0.inc create mode 100644 meta-security/meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.3.0.bb create mode 100644 meta-security/meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.3.0.inc (limited to 'meta-security/meta-parsec') diff --git a/meta-security/meta-parsec/README.md b/meta-security/meta-parsec/README.md new file mode 100644 index 000000000..a2736b694 --- /dev/null +++ b/meta-security/meta-parsec/README.md @@ -0,0 +1,186 @@ +meta-parsec layer +============== + +This layer contains recipes for the Parsec service with Mbed-Crypto, +Pkcs11 and TPM providers and parsec tools. + +Dependencies +============ + +This layer depends on: + + URI: git://git.openembedded.org/meta-openembedded + branch: master + revision: HEAD + prio: default + + URI git://git.yoctoproject.org/meta-security + branch: master + revision: HEAD + prio: default + + URI https://github.com/meta-rust/meta-rust.git + branch: master + revision: HEAD + prio: default + + URI https://github.com/kraj/meta-clang.git + branch: master + revision: HEAD + prio: default + +Adding the meta-parsec layer to your build +========================================== + +In order to use this layer, you need to make the build system aware of it. + +You can add it to the build system by adding the +location of the meta-parsec layer to bblayers.conf, along with any +other layers needed. e.g.: + + BBLAYERS ?= " \ + /path/to/yocto/meta \ + /path/to/yocto/meta-yocto \ + /path/to/yocto/meta-yocto-bsp \ + /path/to/meta-openembedded/meta-oe \ + /path/to/meta-openembedded/meta-python \ + /path/to/meta-rust \ + /path/to/meta-clang \ + /path/to/meta-security/meta-tpm \ + /path/to/meta-security/meta-parsec \ + " + +To include the Parsec service into your image add following into the +local.conf: + + IMAGE_INSTALL_append = " parsec-service" + + The Parsec service will be deployed into the image built with all the supported +providers and with the default config file from the Parsec repository: +https://github.com/parallaxsecond/parsec/blob/main/config.toml + The default Parsec service config file contains the MbedCrypto provider +enabled. The config file needs to be updated to use the Parsec service +with other providers like TPM or PKCS11. The required procedures are +covered in Parsec documentation. +https://parallaxsecond.github.io/parsec-book/ + +Updating recipes +================ + + The parsec-service and parsec-tool recipes use include files with lists +of all rust crates required. This allows bitbake to fetch all the necessary +dependent crates, as well as a pegged version of the crates.io index, +to ensure maximum reproducibility. + It's recommended to use cargo-bitbake to generate include files for new +versions of parsec recipes. +https://github.com/meta-rust/cargo-bitbake + + When you have crago-bitbake built: +1. Checkout the required version of parsec repository. +2. Run cargo-bitbake inside the repository. It will produce a BB file. +3. Create a new include file with SRC_URI and LIC_FILES_CHKSUM from the BB file. + +Manual testing with runqemu +=========================== + + This layer also contains a recipe for pasec-tool which can be used for +manual testing of the Parsec service: + + IMAGE_INSTALL_append += " parsec-tools" + + There are a series of Parsec Demo videos showing how to use parsec-tool +to test the Parsec service base functionality: +https://www.youtube.com/watch?v=ido0CyUdMHM&list=PLKjl7IFAwc4S7WQqqphCsyy6DPDxJ2Skg&index=4 + + You can use runqemu to start a VM with a built image file and run +manual tests with parsec-tool. + +1. MbedCrypto provider + The default Parsec service config file contains the MbedCrypto provider +enabled. No changes required for manual testing. + +2. PKCS11 provider + The Software HSM can be used for manual testing of the provider by +including it into your test image: + + IMAGE_INSTALL_append += " softhsm" + +Inside the running VM: +- Stop Parsec +```bash +systemctl stop parsec +``` +- Initialise a token and notice the result slot number +```bash +softhsm2-util --init-token --slot 0 --label "Parsec Service" --pin 123456 --so-pin 123456 +``` +- Change the token ownership: +```bash +for d in /var/lib/softhsm/tokens/*; do chown -R parsec $d; done +``` +- Enable the PKCS11 provider and update its parameters in the Parsec config file +/etc/parsec/config.toml +``` +library_path = "/usr/lib/softhsm/libsofthsm2.so" +slot_number = +user_pin = "123456" +``` +- Start Parsec +```bash +systemctl start parsec +``` + +3. TPM provider + The IBM Software TPM service can be used for manual testing of the provider by +including it into your test image: + + IMAGE_INSTALL_append += " ibmswtpm2 tpm2-tools libtss2 libtss2-tcti-mssim" + +Inside the running VM: +- Stop Parsec +```bash +systemctl stop parsec +``` +- Start and configure the Software TPM server +```bash + /usr/bin/tpm_server & + sleep 5 + /usr/bin/tpm2_startup -c -T mssim + /usr/bin/tpm2_changeauth -c owner tpm_pass +``` +- Enable the TPM provider and update its parameters in the Parsec config file +/etc/parsec/config.toml +``` +tcti = "mssim" +owner_hierarchy_auth = "hex:74706d5f70617373" +``` +- Start Parsec +```bash +systemctl start parsec +``` + +Maintenance +----------- + +Send pull requests, patches, comments or questions to yocto@yoctoproject.org + +When sending single patches, please using something like: +'git send-email -1 --to yocto@yoctoproject.org --subject-prefix=meta-parsec][PATCH' + +These values can be set as defaults for this repository: + +$ git config sendemail.to yocto@yoctoproject.org +$ git config format.subjectPrefix meta-parsec][PATCH + +Now you can just do 'git send-email origin/master' to send all local patches. + +Maintainers: Anton Antonov + Armin Kuster + + +License +======= + +All metadata is MIT licensed unless otherwise stated. Source code included +in tree for individual recipes is under the LICENSE stated in each recipe +(.bb file) unless otherwise stated. diff --git a/meta-security/meta-parsec/conf/layer.conf b/meta-security/meta-parsec/conf/layer.conf new file mode 100644 index 000000000..2d4aa12fb --- /dev/null +++ b/meta-security/meta-parsec/conf/layer.conf @@ -0,0 +1,14 @@ +# We have a conf and classes directory, add to BBPATH +BBPATH .= ":${LAYERDIR}" + +# We have a recipes directory, add to BBFILES +BBFILES += "${LAYERDIR}/recipes*/*/*.bb ${LAYERDIR}/recipes*/*/*.bbappend" + +BBFILE_COLLECTIONS += "parsec-layer" +BBFILE_PATTERN_parsec-layer = "^${LAYERDIR}/" +BBFILE_PRIORITY_parsec-layer = "5" + +LAYERSERIES_COMPAT_parsec-layer = "hardknott gatesgarth" + +LAYERDEPENDS_parsec-layer = "core rust-layer clang-layer tpm-layer" +BBLAYERS_LAYERINDEX_NAME_parsec-layer = "meta-parsec" diff --git a/meta-security/meta-parsec/recipes-parsec/parsec-service/files/cryptoki.patch b/meta-security/meta-parsec/recipes-parsec/parsec-service/files/cryptoki.patch new file mode 100644 index 000000000..c23447967 --- /dev/null +++ b/meta-security/meta-parsec/recipes-parsec/parsec-service/files/cryptoki.patch @@ -0,0 +1,18 @@ + +Use cryptoki v0.1.1 which supports the "generate-bindings" feature +required for building Parsec service 0.7.0 in Yocto. + +Signed-off-by: Anton Antonov +Upstream-Status: Submitted + +--- a/Cargo.toml 2021-04-01 10:29:50.333687763 +0100 ++++ b/Cargo.toml 2021-04-01 10:27:13.051860002 +0100 +@@ -37,7 +37,7 @@ + version = "1.3.1" + + [dependencies.cryptoki] +-version = "0.1.0" ++version = "0.1.1" + features = ["psa-crypto-conversions"] + optional = true + diff --git a/meta-security/meta-parsec/recipes-parsec/parsec-service/files/parsec-tmpfiles.conf b/meta-security/meta-parsec/recipes-parsec/parsec-service/files/parsec-tmpfiles.conf new file mode 100644 index 000000000..fe576a27f --- /dev/null +++ b/meta-security/meta-parsec/recipes-parsec/parsec-service/files/parsec-tmpfiles.conf @@ -0,0 +1,2 @@ +#Type Path Mode User Group Age Argument +d /run/parsec 755 parsec parsec - - diff --git a/meta-security/meta-parsec/recipes-parsec/parsec-service/files/parsec_init b/meta-security/meta-parsec/recipes-parsec/parsec-service/files/parsec_init new file mode 100755 index 000000000..58a289727 --- /dev/null +++ b/meta-security/meta-parsec/recipes-parsec/parsec-service/files/parsec_init @@ -0,0 +1,63 @@ +#! /bin/sh -e + +# ------------------------------------------------------------------------------ +# Copyright (c) 2021, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ------------------------------------------------------------------------------ + +# Parsec Service SysV init script + +test -x /usr/libexec/parsec/parsec || exit 0 + +case "$1" in + start) + echo -n "Starting Parsec daemon: " + if [ ! -f /etc/parsec/config.toml ]; then + echo "There is no Parsec service configuration file." + else + if [ ! -d /run/parsec ]; then + mkdir /run/parsec + chown parsec:parsec /run/parsec + chmod 755 /run/parsec + fi + # start-stop-daemon used in poky busybox doesn't support + # '--chdir' parameter. So, let's do it manually + cd /var/lib/parsec + RUST_LOG=info start-stop-daemon --oknodo --start --background \ + --chuid parsec:parsec --exec /usr/libexec/parsec/parsec \ + -- --config /etc/parsec/config.toml + echo "parsec." + fi + ;; + stop) + echo -n "Stopping Parsec daemon: " + start-stop-daemon --oknodo --stop --exec /usr/libexec/parsec/parsec + echo "parsec." + ;; + reload) + echo -n "Reloading Parsec daemon: " + start-stop-daemon --stop --signal SIGHUP --exec /usr/libexec/parsec/parsec + echo "parsec." + ;; + restart|force-reload) + $0 stop + $0 start + ;; + *) + echo "Usage: /etc/init.d/parsec {start|stop|restart|reload|force-reload}" + exit 1 +esac + +exit 0 diff --git a/meta-security/meta-parsec/recipes-parsec/parsec-service/files/systemd.patch b/meta-security/meta-parsec/recipes-parsec/parsec-service/files/systemd.patch new file mode 100644 index 000000000..c01ff065c --- /dev/null +++ b/meta-security/meta-parsec/recipes-parsec/parsec-service/files/systemd.patch @@ -0,0 +1,19 @@ + +Run the Parsec service as parsec user in /var/lib/parsec/ working directory. + +Signed-off-by: Anton Antonov +Upstream-Status: Inappropriate [deployment configuration] + +--- a/systemd-daemon/parsec.service 2021-03-28 18:34:18.703196235 +0100 ++++ b/systemd-daemon/parsec.service 2021-03-28 18:35:14.279830299 +0100 +@@ -3,7 +3,9 @@ + Documentation=https://parallaxsecond.github.io/parsec-book/parsec_service/install_parsec_linux.html + + [Service] +-WorkingDirectory=/home/parsec/ ++User=parsec ++Group=parsec ++WorkingDirectory=/var/lib/parsec/ + ExecStart=/usr/libexec/parsec/parsec --config /etc/parsec/config.toml + + [Install] diff --git a/meta-security/meta-parsec/recipes-parsec/parsec-service/parsec-service_0.7.0.bb b/meta-security/meta-parsec/recipes-parsec/parsec-service/parsec-service_0.7.0.bb new file mode 100644 index 000000000..0e149558c --- /dev/null +++ b/meta-security/meta-parsec/recipes-parsec/parsec-service/parsec-service_0.7.0.bb @@ -0,0 +1,67 @@ +SUMMARY = "Platform AbstRaction for SECurity Daemon" +HOMEPAGE = "https://github.com/parallaxsecond/parsec" +LICENSE = "Apache-2.0" + +inherit cargo + +SRC_URI += "crate://crates.io/parsec-service/${PV} \ + file://parsec_init \ + file://systemd.patch \ + file://parsec-tmpfiles.conf \ +" + +DEPENDS = "tpm2-tss" +TOOLCHAIN = "clang" + +CARGO_BUILD_FLAGS += " --features all-providers,cryptoki/generate-bindings,tss-esapi/generate-bindings" + +inherit systemd +SYSTEMD_SERVICE_${PN} = "parsec.service" + +inherit update-rc.d +INITSCRIPT_NAME = "parsec" + +# A local file can be defined in build/local.conf +# The file should also be included into SRC_URI then +PARSEC_CONFIG ?= "${S}/config.toml" + +do_install_append () { + # Binaries + install -d -m 700 -o parsec -g parsec "${D}${libexecdir}/parsec" + install -m 700 -o parsec -g parsec "${WORKDIR}/build/target/${CARGO_TARGET_SUBDIR}/parsec" ${D}${libexecdir}/parsec/parsec + + # Config file + install -d -m 700 -o parsec -g parsec "${D}${sysconfdir}/parsec" + install -m 400 -o parsec -g parsec "${PARSEC_CONFIG}" ${D}${sysconfdir}/parsec/config.toml + + # Data dir + install -d -m 700 -o parsec -g parsec "${D}${localstatedir}/lib/parsec" + + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + install -d ${D}${systemd_unitdir}/system + install -m 644 ${S}/systemd-daemon/parsec.service ${D}${systemd_unitdir}/system + + install -d ${D}${libdir}/tmpfiles.d + install -m 644 ${WORKDIR}/parsec-tmpfiles.conf ${D}${libdir}/tmpfiles.d + fi + + if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then + install -d ${D}${sysconfdir}/init.d + install -m 755 ${WORKDIR}/parsec_init ${D}${sysconfdir}/init.d/parsec + fi +} + +inherit useradd +USERADD_PACKAGES = "${PN}" +USERADD_PARAM_${PN} = "-r -g parsec -s /bin/false -d ${localstatedir}/lib/parsec parsec" +GROUPADD_PARAM_${PN} = "-r parsec" + +FILES_${PN} += " \ + ${sysconfdir}/parsec/config.toml \ + ${libexecdir}/parsec/parsec \ + ${systemd_unitdir}/system/parsec.service \ + ${libdir}/tmpfiles.d/parsec-tmpfiles.conf \ + ${sysconfdir}/init.d/parsec \ +" + +require parsec-service_${PV}.inc diff --git a/meta-security/meta-parsec/recipes-parsec/parsec-service/parsec-service_0.7.0.inc b/meta-security/meta-parsec/recipes-parsec/parsec-service/parsec-service_0.7.0.inc new file mode 100644 index 000000000..59a47f92a --- /dev/null +++ b/meta-security/meta-parsec/recipes-parsec/parsec-service/parsec-service_0.7.0.inc @@ -0,0 +1,147 @@ +# This file is created from parsec-service repository Cargo.lock using cargo-bitbake tool + +SRC_URI += " \ + crate://crates.io/aho-corasick/0.7.15 \ + crate://crates.io/ansi_term/0.11.0 \ + crate://crates.io/anyhow/1.0.38 \ + crate://crates.io/atty/0.2.14 \ + crate://crates.io/autocfg/1.0.1 \ + crate://crates.io/base64/0.12.3 \ + crate://crates.io/base64/0.13.0 \ + crate://crates.io/bincode/1.3.2 \ + crate://crates.io/bindgen/0.56.0 \ + crate://crates.io/bindgen/0.57.0 \ + crate://crates.io/bitfield/0.13.2 \ + crate://crates.io/bitflags/1.2.1 \ + crate://crates.io/byteorder/1.3.4 \ + crate://crates.io/bytes/0.5.6 \ + crate://crates.io/bytes/1.0.1 \ + crate://crates.io/cc/1.0.67 \ + crate://crates.io/cexpr/0.4.0 \ + crate://crates.io/cfg-if/1.0.0 \ + crate://crates.io/clang-sys/1.1.1 \ + crate://crates.io/clap/2.33.3 \ + crate://crates.io/cmake/0.1.45 \ + crate://crates.io/cryptoauthlib-sys/0.1.0 \ + crate://crates.io/cryptoki-sys/0.1.1 \ + crate://crates.io/cryptoki/0.1.1 \ + crate://crates.io/derivative/2.2.0 \ + crate://crates.io/either/1.6.1 \ + crate://crates.io/enumflags2/0.6.4 \ + crate://crates.io/enumflags2_derive/0.6.4 \ + crate://crates.io/env_logger/0.8.3 \ + crate://crates.io/fixedbitset/0.2.0 \ + crate://crates.io/getrandom/0.2.2 \ + crate://crates.io/glob/0.3.0 \ + crate://crates.io/hashbrown/0.9.1 \ + crate://crates.io/heck/0.3.2 \ + crate://crates.io/hermit-abi/0.1.18 \ + crate://crates.io/hex/0.4.3 \ + crate://crates.io/hostname-validator/1.0.0 \ + crate://crates.io/humantime/2.1.0 \ + crate://crates.io/indexmap/1.6.2 \ + crate://crates.io/itertools/0.8.2 \ + crate://crates.io/itertools/0.9.0 \ + crate://crates.io/lazy_static/1.4.0 \ + crate://crates.io/lazycell/1.3.0 \ + crate://crates.io/libc/0.2.89 \ + crate://crates.io/libloading/0.7.0 \ + crate://crates.io/log/0.4.14 \ + crate://crates.io/mbox/0.5.0 \ + crate://crates.io/memchr/2.3.4 \ + crate://crates.io/multimap/0.8.3 \ + crate://crates.io/nom/5.1.2 \ + crate://crates.io/num-bigint/0.3.2 \ + crate://crates.io/num-complex/0.3.1 \ + crate://crates.io/num-derive/0.3.3 \ + crate://crates.io/num-integer/0.1.44 \ + crate://crates.io/num-iter/0.1.42 \ + crate://crates.io/num-rational/0.3.2 \ + crate://crates.io/num-traits/0.2.14 \ + crate://crates.io/num/0.3.1 \ + crate://crates.io/num_cpus/1.13.0 \ + crate://crates.io/oid/0.1.1 \ + crate://crates.io/parsec-interface/0.24.0 \ + crate://crates.io/peeking_take_while/0.1.2 \ + crate://crates.io/petgraph/0.5.1 \ + crate://crates.io/picky-asn1-der/0.2.4 \ + crate://crates.io/picky-asn1-x509/0.4.0 \ + crate://crates.io/picky-asn1/0.3.1 \ + crate://crates.io/pkg-config/0.3.19 \ + crate://crates.io/ppv-lite86/0.2.10 \ + crate://crates.io/proc-macro-error-attr/1.0.4 \ + crate://crates.io/proc-macro-error/1.0.4 \ + crate://crates.io/proc-macro2/1.0.24 \ + crate://crates.io/prost-build/0.6.1 \ + crate://crates.io/prost-build/0.7.0 \ + crate://crates.io/prost-derive/0.6.1 \ + crate://crates.io/prost-derive/0.7.0 \ + crate://crates.io/prost-types/0.6.1 \ + crate://crates.io/prost-types/0.7.0 \ + crate://crates.io/prost/0.6.1 \ + crate://crates.io/prost/0.7.0 \ + crate://crates.io/psa-crypto-sys/0.8.0 \ + crate://crates.io/psa-crypto/0.8.0 \ + crate://crates.io/quote/1.0.9 \ + crate://crates.io/rand/0.8.3 \ + crate://crates.io/rand_chacha/0.3.0 \ + crate://crates.io/rand_core/0.6.2 \ + crate://crates.io/rand_hc/0.3.0 \ + crate://crates.io/redox_syscall/0.2.5 \ + crate://crates.io/regex-syntax/0.6.23 \ + crate://crates.io/regex/1.4.5 \ + crate://crates.io/remove_dir_all/0.5.3 \ + crate://crates.io/rust-cryptoauthlib/0.1.0 \ + crate://crates.io/rustc-hash/1.1.0 \ + crate://crates.io/rustc_version/0.2.3 \ + crate://crates.io/same-file/1.0.6 \ + crate://crates.io/sd-notify/0.2.0 \ + crate://crates.io/secrecy/0.7.0 \ + crate://crates.io/semver-parser/0.7.0 \ + crate://crates.io/semver/0.9.0 \ + crate://crates.io/serde/1.0.124 \ + crate://crates.io/serde_bytes/0.11.5 \ + crate://crates.io/serde_derive/1.0.124 \ + crate://crates.io/shlex/0.1.1 \ + crate://crates.io/signal-hook-registry/1.3.0 \ + crate://crates.io/signal-hook/0.3.7 \ + crate://crates.io/stable_deref_trait/1.2.0 \ + crate://crates.io/strsim/0.8.0 \ + crate://crates.io/structopt-derive/0.4.14 \ + crate://crates.io/structopt/0.3.21 \ + crate://crates.io/strum_macros/0.19.4 \ + crate://crates.io/syn/1.0.64 \ + crate://crates.io/synstructure/0.12.4 \ + crate://crates.io/tempfile/3.2.0 \ + crate://crates.io/termcolor/1.1.2 \ + crate://crates.io/textwrap/0.11.0 \ + crate://crates.io/thiserror-impl/1.0.24 \ + crate://crates.io/thiserror/1.0.24 \ + crate://crates.io/threadpool/1.8.1 \ + crate://crates.io/toml/0.5.8 \ + crate://crates.io/tss-esapi-sys/0.1.0 \ + crate://crates.io/tss-esapi/5.0.0 \ + crate://crates.io/unicode-segmentation/1.7.1 \ + crate://crates.io/unicode-width/0.1.8 \ + crate://crates.io/unicode-xid/0.2.1 \ + crate://crates.io/users/0.11.0 \ + crate://crates.io/uuid/0.8.2 \ + crate://crates.io/vec_map/0.8.2 \ + crate://crates.io/version/3.0.0 \ + crate://crates.io/version_check/0.9.3 \ + crate://crates.io/walkdir/2.3.1 \ + crate://crates.io/wasi/0.10.2+wasi-snapshot-preview1 \ + crate://crates.io/which/3.1.1 \ + crate://crates.io/which/4.0.2 \ + crate://crates.io/winapi-i686-pc-windows-gnu/0.4.0 \ + crate://crates.io/winapi-util/0.1.5 \ + crate://crates.io/winapi-x86_64-pc-windows-gnu/0.4.0 \ + crate://crates.io/winapi/0.3.9 \ + crate://crates.io/zeroize/1.2.0 \ + crate://crates.io/zeroize_derive/1.0.1 \ + file://cryptoki.patch \ +" + +LIC_FILES_CHKSUM = " \ + file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57 \ +" diff --git a/meta-security/meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.3.0.bb b/meta-security/meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.3.0.bb new file mode 100644 index 000000000..35c65c02a --- /dev/null +++ b/meta-security/meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.3.0.bb @@ -0,0 +1,17 @@ +SUMMARY = "Parsec Command Line Interface" +HOMEPAGE = "https://github.com/parallaxsecond/parsec-tool" +LICENSE = "Apache-2.0" + +inherit cargo + +SRC_URI += "crate://crates.io/parsec-tool/${PV} \ +" + +TOOLCHAIN = "clang" + +do_install() { + install -d ${D}/${bindir} + install -m 755 "${B}/target/${TARGET_SYS}/release/parsec-tool" "${D}${bindir}/parsec-tool" +} + +require parsec-tool_${PV}.inc diff --git a/meta-security/meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.3.0.inc b/meta-security/meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.3.0.inc new file mode 100644 index 000000000..9560dcff1 --- /dev/null +++ b/meta-security/meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.3.0.inc @@ -0,0 +1,127 @@ +# This file is created from parsec-tool repository Cargo.lock using cargo-bitbake tool + +SRC_URI += " \ + crate://crates.io/aho-corasick/0.7.15 \ + crate://crates.io/ansi_term/0.11.0 \ + crate://crates.io/ansi_term/0.12.1 \ + crate://crates.io/anyhow/1.0.38 \ + crate://crates.io/atty/0.2.14 \ + crate://crates.io/autocfg/1.0.1 \ + crate://crates.io/base64/0.13.0 \ + crate://crates.io/bincode/1.3.1 \ + crate://crates.io/bitflags/1.2.1 \ + crate://crates.io/block-buffer/0.9.0 \ + crate://crates.io/byteorder/1.4.2 \ + crate://crates.io/bytes/0.5.6 \ + crate://crates.io/cc/1.0.66 \ + crate://crates.io/cfg-if/1.0.0 \ + crate://crates.io/clap/2.33.3 \ + crate://crates.io/clap/3.0.0-beta.2 \ + crate://crates.io/clap_derive/3.0.0-beta.2 \ + crate://crates.io/cmake/0.1.45 \ + crate://crates.io/cpuid-bool/0.1.2 \ + crate://crates.io/derivative/2.2.0 \ + crate://crates.io/digest/0.9.0 \ + crate://crates.io/either/1.6.1 \ + crate://crates.io/env_logger/0.8.3 \ + crate://crates.io/fixedbitset/0.2.0 \ + crate://crates.io/form_urlencoded/1.0.0 \ + crate://crates.io/generic-array/0.14.4 \ + crate://crates.io/getrandom/0.2.2 \ + crate://crates.io/hashbrown/0.9.1 \ + crate://crates.io/heck/0.3.2 \ + crate://crates.io/hermit-abi/0.1.18 \ + crate://crates.io/humantime/2.1.0 \ + crate://crates.io/idna/0.2.1 \ + crate://crates.io/indexmap/1.6.1 \ + crate://crates.io/itertools/0.8.2 \ + crate://crates.io/lazy_static/1.4.0 \ + crate://crates.io/libc/0.2.86 \ + crate://crates.io/log/0.4.14 \ + crate://crates.io/matches/0.1.8 \ + crate://crates.io/memchr/2.3.4 \ + crate://crates.io/multimap/0.8.2 \ + crate://crates.io/num-bigint/0.3.1 \ + crate://crates.io/num-complex/0.3.1 \ + crate://crates.io/num-derive/0.3.3 \ + crate://crates.io/num-integer/0.1.44 \ + crate://crates.io/num-iter/0.1.42 \ + crate://crates.io/num-rational/0.3.2 \ + crate://crates.io/num-traits/0.2.14 \ + crate://crates.io/num/0.3.1 \ + crate://crates.io/oid/0.1.1 \ + crate://crates.io/once_cell/1.5.2 \ + crate://crates.io/opaque-debug/0.3.0 \ + crate://crates.io/os_str_bytes/2.4.0 \ + crate://crates.io/parsec-client/0.12.0 \ + crate://crates.io/parsec-interface/0.24.0 \ + crate://crates.io/pem/0.8.3 \ + crate://crates.io/percent-encoding/2.1.0 \ + crate://crates.io/petgraph/0.5.1 \ + crate://crates.io/picky-asn1-der/0.2.4 \ + crate://crates.io/picky-asn1/0.3.1 \ + crate://crates.io/ppv-lite86/0.2.10 \ + crate://crates.io/proc-macro-error-attr/1.0.4 \ + crate://crates.io/proc-macro-error/1.0.4 \ + crate://crates.io/proc-macro2/1.0.24 \ + crate://crates.io/prost-build/0.6.1 \ + crate://crates.io/prost-derive/0.6.1 \ + crate://crates.io/prost-types/0.6.1 \ + crate://crates.io/prost/0.6.1 \ + crate://crates.io/psa-crypto-sys/0.8.0 \ + crate://crates.io/psa-crypto/0.8.0 \ + crate://crates.io/quote/1.0.9 \ + crate://crates.io/rand/0.8.3 \ + crate://crates.io/rand_chacha/0.3.0 \ + crate://crates.io/rand_core/0.6.2 \ + crate://crates.io/rand_hc/0.3.0 \ + crate://crates.io/redox_syscall/0.2.5 \ + crate://crates.io/regex-syntax/0.6.22 \ + crate://crates.io/regex/1.4.3 \ + crate://crates.io/remove_dir_all/0.5.3 \ + crate://crates.io/same-file/1.0.6 \ + crate://crates.io/secrecy/0.7.0 \ + crate://crates.io/serde/1.0.123 \ + crate://crates.io/serde_bytes/0.11.5 \ + crate://crates.io/serde_derive/1.0.123 \ + crate://crates.io/sha2/0.9.3 \ + crate://crates.io/strsim/0.10.0 \ + crate://crates.io/strsim/0.8.0 \ + crate://crates.io/structopt-derive/0.4.14 \ + crate://crates.io/structopt/0.3.21 \ + crate://crates.io/syn/1.0.60 \ + crate://crates.io/synstructure/0.12.4 \ + crate://crates.io/tempfile/3.2.0 \ + crate://crates.io/termcolor/1.1.2 \ + crate://crates.io/textwrap/0.11.0 \ + crate://crates.io/textwrap/0.12.1 \ + crate://crates.io/thiserror-impl/1.0.23 \ + crate://crates.io/thiserror/1.0.23 \ + crate://crates.io/thread_local/1.1.3 \ + crate://crates.io/tinyvec/1.1.1 \ + crate://crates.io/tinyvec_macros/0.1.0 \ + crate://crates.io/typenum/1.12.0 \ + crate://crates.io/unicode-bidi/0.3.4 \ + crate://crates.io/unicode-normalization/0.1.17 \ + crate://crates.io/unicode-segmentation/1.7.1 \ + crate://crates.io/unicode-width/0.1.8 \ + crate://crates.io/unicode-xid/0.2.1 \ + crate://crates.io/url/2.2.0 \ + crate://crates.io/users/0.10.0 \ + crate://crates.io/uuid/0.8.2 \ + crate://crates.io/vec_map/0.8.2 \ + crate://crates.io/version_check/0.9.2 \ + crate://crates.io/walkdir/2.3.1 \ + crate://crates.io/wasi/0.10.2+wasi-snapshot-preview1 \ + crate://crates.io/which/3.1.1 \ + crate://crates.io/winapi-i686-pc-windows-gnu/0.4.0 \ + crate://crates.io/winapi-util/0.1.5 \ + crate://crates.io/winapi-x86_64-pc-windows-gnu/0.4.0 \ + crate://crates.io/winapi/0.3.9 \ + crate://crates.io/zeroize/1.2.0 \ + crate://crates.io/zeroize_derive/1.0.1 \ +" + +LIC_FILES_CHKSUM = " \ + file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57 \ +" -- cgit v1.2.3