From 5bea8d8239056487ed7ec39d7b1c319c664dcf68 Mon Sep 17 00:00:00 2001 From: Andrew Geissler Date: Fri, 24 Jul 2020 16:10:05 -0500 Subject: meta-security: subtree update:547f552c85..066a04425c Armin Kuster (9): python3-oauth2client: add recipe python3-privacyidea: adding initial support for mfa strongswan: add bbappends for tpm changes layer.conf: add dynamic-layer for strongswan strongswan: Add bbappends for ima changes meta-integrity: add dynamic-layer for strongswan add gitlab framework and qemu machine kas: add ima, tpm and tpm2 build configs drop ci-build: it is hiding errors Jeremy Puhlman (2): cryptsetup-tpm-incubator: RPROVIDES cryptsetup and cryptsetup-dev packagegroup-security-tpm2: Depend on preferred provider for cryptsetup Zheng Ruoqin (2): ccs-tools:Fix build error when enable multilib. bastille: Deleted redundant inherit to fix error when enable multilib. Signed-off-by: Andrew Geissler Change-Id: I023e45c8080c3d423cd25cc656da5c1f527295e5 --- meta-security/meta-tpm/conf/layer.conf | 4 +++ ...01-xfrmi-Only-build-if-libcharon-is-built.patch | 38 ++++++++++++++++++++++ .../recipes-support/strongswan/strongswan-tpm.inc | 12 +++++++ .../strongswan/strongswan_5.%.bbappend | 1 + .../packagegroup/packagegroup-security-tpm2.bb | 3 +- .../cryptsetup-tpm-incubator_0.9.9.bb | 5 +++ 6 files changed, 62 insertions(+), 1 deletion(-) create mode 100644 meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/files/0001-xfrmi-Only-build-if-libcharon-is-built.patch create mode 100644 meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-tpm.inc create mode 100644 meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan_5.%.bbappend (limited to 'meta-security/meta-tpm') diff --git a/meta-security/meta-tpm/conf/layer.conf b/meta-security/meta-tpm/conf/layer.conf index c3372c707..46d0279cc 100644 --- a/meta-security/meta-tpm/conf/layer.conf +++ b/meta-security/meta-tpm/conf/layer.conf @@ -15,3 +15,7 @@ LAYERDEPENDS_tpm-layer = " \ openembedded-layer \ " BBLAYERS_LAYERINDEX_NAME_tpm-layer = "meta-tpm" + +BBFILES_DYNAMIC += " \ +networking-layer:${LAYERDIR}/dynamic-layers/meta-networking/recipes-*/*/*.bbappend \ +" diff --git a/meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/files/0001-xfrmi-Only-build-if-libcharon-is-built.patch b/meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/files/0001-xfrmi-Only-build-if-libcharon-is-built.patch new file mode 100644 index 000000000..825028222 --- /dev/null +++ b/meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/files/0001-xfrmi-Only-build-if-libcharon-is-built.patch @@ -0,0 +1,38 @@ +From db772305c6baa01f6c6750be74733e4bfc1d6106 Mon Sep 17 00:00:00 2001 +From: Tobias Brunner +Date: Tue, 14 Apr 2020 10:44:19 +0200 +Subject: [PATCH] xfrmi: Only build if libcharon is built + +The kernel-netlink plugin is only built if libcharon is. + +Closes strongswan/strongswan#167. + +Upstream-Status: Backport +Signed-off-by: Armin Kuster + +--- + src/Makefile.am | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +Index: strongswan-5.8.4/src/Makefile.am +=================================================================== +--- strongswan-5.8.4.orig/src/Makefile.am ++++ strongswan-5.8.4/src/Makefile.am +@@ -42,6 +42,9 @@ endif + + if USE_LIBCHARON + SUBDIRS += libcharon ++if USE_KERNEL_NETLINK ++ SUBDIRS += xfrmi ++endif + endif + + if USE_FILE_CONFIG +@@ -143,7 +146,3 @@ endif + if USE_TPM + SUBDIRS += tpm_extendpcr + endif +- +-if USE_KERNEL_NETLINK +- SUBDIRS += xfrmi +-endif diff --git a/meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-tpm.inc b/meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-tpm.inc new file mode 100644 index 000000000..d8604e116 --- /dev/null +++ b/meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-tpm.inc @@ -0,0 +1,12 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/files:" + +DEPENDS = "libtspi" + +SRC_URI_append = " file://0001-xfrmi-Only-build-if-libcharon-is-built.patch" + +PACKAGECONFIG += "aikgen tpm" + +PACKAGECONFIG[tpm] = "--enable-tpm,--disable-tpm,," +PACKAGECONFIG[aikgen] = "--enable-aikgen,--disable-aikgen,," + +EXTRA_OECONF += "--with-linux-headers=${STAGING_KERNEL_DIR}" diff --git a/meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan_5.%.bbappend b/meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan_5.%.bbappend new file mode 100644 index 000000000..34757bb47 --- /dev/null +++ b/meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan_5.%.bbappend @@ -0,0 +1 @@ +require ${@bb.utils.contains('DISTRO_FEATURES', 'tpm', 'strongswan-tpm.inc', '', d)} diff --git a/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb b/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb index 8f5c537b9..a553a63d8 100644 --- a/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb +++ b/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb @@ -7,6 +7,7 @@ inherit packagegroup PACKAGES = "${PN}" +PREFERRED_PROVIDER_cryptsetup ?= "cryptsetup-tpm-incubator" SUMMARY_packagegroup-security-tpm2 = "Security TPM 2.0 support" RDEPENDS_packagegroup-security-tpm2 = " \ tpm2-tools \ @@ -19,5 +20,5 @@ RDEPENDS_packagegroup-security-tpm2 = " \ tpm2-abrmd \ tpm2-pkcs11 \ ibmswtpm2 \ - cryptsetup-tpm-incubator \ + ${PREFERRED_PROVIDER_cryptsetup} \ " diff --git a/meta-security/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/cryptsetup-tpm-incubator_0.9.9.bb b/meta-security/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/cryptsetup-tpm-incubator_0.9.9.bb index b706d1505..261716235 100644 --- a/meta-security/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/cryptsetup-tpm-incubator_0.9.9.bb +++ b/meta-security/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/cryptsetup-tpm-incubator_0.9.9.bb @@ -36,7 +36,12 @@ FILES_${PN} += "${libdir}/tmpfiles.d" RDEPENDS_${PN} += "lvm2 libdevmapper" RRECOMMENDS_${PN} += "lvm2-udevrules" +RPROVIDES_${PN} = "cryptsetup" RREPLACES_${PN} = "cryptsetup" RCONFLICTS_${PN} ="cryptsetup" +RPROVIDES_${PN}-dev = "cryptsetup-dev" +RREPLACES_${PN}-dev = "cryptsetup-dev" +RCONFLICTS_${PN}-dev ="cryptsetup-dev" + BBCLASSEXTEND = "native nativesdk" -- cgit v1.2.3