From 95dbbacea0332d5a8e5adebbed8de3a64d515118 Mon Sep 17 00:00:00 2001 From: Brad Bishop Date: Mon, 2 Dec 2019 13:55:25 -0500 Subject: meta-security: subtree update:27ddb45554..fa800e5261 Christophe PRIOUZEAU (1): cryptsetup tpm incubator: fix installed vs shipped Christopher Larson (3): checksecurity: use more portable find args clamav: add tmpfiles.d config suricata: add tmpfiles.d config Ming Liu (1): meta: inherit features_check instead of distro_features_check Norbert Kaminski (1): meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.3.1.bb: add new udev dir to FILES and append EXTRA_OECONF Change-Id: I51369027c747f12d64adb8dbe0262dfb96937ad1 Signed-off-by: Brad Bishop --- .../cryptsetup-tpm-incubator_0.9.9.bb | 1 + .../recipes-tpm2/tpm2-tss/tpm2-tss_2.3.1.bb | 4 +++- .../recipes-ids/suricata/files/tmpfiles.suricata | 2 ++ .../recipes-ids/suricata/suricata_4.1.5.bb | 28 ++++++++++++++-------- .../recipes-mac/ccs-tools/ccs-tools_1.8.4.bb | 2 +- .../checksecurity/checksecurity_2.0.15.bb | 3 ++- .../check-setuid-use-more-portable-find-args.patch | 23 ++++++++++++++++++ .../recipes-security/clamav/clamav_0.99.4.bb | 8 ++++++- .../recipes-security/clamav/files/tmpfiles.clamav | 3 +++ .../google-authenticator-libpam_1.05.bb | 2 +- .../packagegroup-core-security-ptest.bb | 2 +- meta-security/recipes-security/sssd/sssd_1.16.4.bb | 2 +- 12 files changed, 63 insertions(+), 17 deletions(-) create mode 100644 meta-security/recipes-ids/suricata/files/tmpfiles.suricata create mode 100644 meta-security/recipes-security/checksecurity/files/check-setuid-use-more-portable-find-args.patch create mode 100644 meta-security/recipes-security/clamav/files/tmpfiles.clamav (limited to 'meta-security') diff --git a/meta-security/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/cryptsetup-tpm-incubator_0.9.9.bb b/meta-security/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/cryptsetup-tpm-incubator_0.9.9.bb index 8385c9403..b706d1505 100644 --- a/meta-security/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/cryptsetup-tpm-incubator_0.9.9.bb +++ b/meta-security/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/cryptsetup-tpm-incubator_0.9.9.bb @@ -32,6 +32,7 @@ RRECOMMENDS_${PN} = "kernel-module-aes-generic \ kernel-module-xts \ " +FILES_${PN} += "${libdir}/tmpfiles.d" RDEPENDS_${PN} += "lvm2 libdevmapper" RRECOMMENDS_${PN} += "lvm2-udevrules" diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.3.1.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.3.1.bb index 3e77f71d2..dfdf73424 100644 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.3.1.bb +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.3.1.bb @@ -17,6 +17,8 @@ S = "${WORKDIR}/git" PACKAGECONFIG ??= "" PACKAGECONFIG[oxygen] = ",--disable-doxygen-doc, " +EXTRA_OECONF += "--with-udevrulesdir=${base_prefix}/lib/udev/rules.d/" + do_configure_prepend () { ./bootstrap } @@ -74,6 +76,6 @@ FILES_libtss2-dev = " \ ${libdir}/libtss2*so" FILES_libtss2-staticdev = "${libdir}/libtss*a" -FILES_${PN} = "${libdir}/udev" +FILES_${PN} = "${libdir}/udev ${base_prefix}/lib/udev" RDEPENDS_libtss2 = "libgcrypt" diff --git a/meta-security/recipes-ids/suricata/files/tmpfiles.suricata b/meta-security/recipes-ids/suricata/files/tmpfiles.suricata new file mode 100644 index 000000000..fbf37848e --- /dev/null +++ b/meta-security/recipes-ids/suricata/files/tmpfiles.suricata @@ -0,0 +1,2 @@ +#Type Path Mode UID GID Age Argument +d /var/log/suricata 0755 root root diff --git a/meta-security/recipes-ids/suricata/suricata_4.1.5.bb b/meta-security/recipes-ids/suricata/suricata_4.1.5.bb index e15a9a337..b2700d63f 100644 --- a/meta-security/recipes-ids/suricata/suricata_4.1.5.bb +++ b/meta-security/recipes-ids/suricata/suricata_4.1.5.bb @@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;beginline=1;endline=2;md5=c70d8d3310941dcdfcd SRC_URI += " \ file://volatiles.03_suricata \ + file://tmpfiles.suricata \ file://suricata.yaml \ file://suricata.service \ file://run-ptest \ @@ -59,14 +60,19 @@ do_install_append () { install -m 0644 ${S}/threshold.config ${D}${sysconfdir}/suricata - install -d ${D}${systemd_unitdir}/system - sed -e s:/etc:${sysconfdir}:g \ - -e s:/var/run:/run:g \ - -e s:/var:${localstatedir}:g \ - -e s:/usr/bin:${bindir}:g \ - -e s:/bin/kill:${base_bindir}/kill:g \ - -e s:/usr/lib:${libdir}:g \ - ${WORKDIR}/suricata.service > ${D}${systemd_unitdir}/system/suricata.service + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + install -d ${D}${sysconfdir}/tmpfiles.d + install -m 0644 ${WORKDIR}/tmpfiles.suricata ${D}${sysconfdir}/tmpfiles.d/suricata.conf + + install -d ${D}${systemd_unitdir}/system + sed -e s:/etc:${sysconfdir}:g \ + -e s:/var/run:/run:g \ + -e s:/var:${localstatedir}:g \ + -e s:/usr/bin:${bindir}:g \ + -e s:/bin/kill:${base_bindir}/kill:g \ + -e s:/usr/lib:${libdir}:g \ + ${WORKDIR}/suricata.service > ${D}${systemd_unitdir}/system/suricata.service + fi # Remove /var/run as it is created on startup rm -rf ${D}${localstatedir}/run @@ -74,7 +80,9 @@ do_install_append () { } pkg_postinst_ontarget_${PN} () { -if [ -e /etc/init.d/populate-volatile.sh ] ; then +if command -v systemd-tmpfiles >/dev/null; then + systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/suricata.conf +elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then ${sysconfdir}/init.d/populate-volatile.sh update fi } @@ -82,7 +90,7 @@ fi SYSTEMD_PACKAGES = "${PN}" PACKAGES =+ "${PN}-socketcontrol" -FILES_${PN} += "${systemd_unitdir}" +FILES_${PN} += "${systemd_unitdir} ${sysconfdir}/tmpfiles.d" FILES_${PN}-socketcontrol = "${bindir}/suricatasc ${PYTHON_SITEPACKAGES_DIR}" CONFFILES_${PN} = "${sysconfdir}/suricata/suricata.yaml" diff --git a/meta-security/recipes-mac/ccs-tools/ccs-tools_1.8.4.bb b/meta-security/recipes-mac/ccs-tools/ccs-tools_1.8.4.bb index 189504a55..2e37c0b3c 100644 --- a/meta-security/recipes-mac/ccs-tools/ccs-tools_1.8.4.bb +++ b/meta-security/recipes-mac/ccs-tools/ccs-tools_1.8.4.bb @@ -15,7 +15,7 @@ SRC_URI[sha256sum] = "c358b80a2ea77a9dda79dc2a056dae3acaf3a72fcb8481cfb1cd1f1674 S = "${WORKDIR}/${PN}" -inherit distro_features_check +inherit features_check do_make(){ oe_runmake USRLIBDIR=${libdir} all diff --git a/meta-security/recipes-security/checksecurity/checksecurity_2.0.15.bb b/meta-security/recipes-security/checksecurity/checksecurity_2.0.15.bb index a9616911b..030bf2515 100644 --- a/meta-security/recipes-security/checksecurity/checksecurity_2.0.15.bb +++ b/meta-security/recipes-security/checksecurity/checksecurity_2.0.15.bb @@ -5,7 +5,8 @@ LICENSE = "GPL-2.0" LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6" SRC_URI = "http://ftp.de.debian.org/debian/pool/main/c/checksecurity/checksecurity_${PV}.tar.gz \ - file://setuid-log-folder.patch" + file://setuid-log-folder.patch \ + file://check-setuid-use-more-portable-find-args.patch" SRC_URI[md5sum] = "a30161c3e24d3be710b2fd13fcd1f32f" SRC_URI[sha256sum] = "67abe3d6391c96146e96f376d3fd6eb7a9418b0f7fe205b465219889791dba32" diff --git a/meta-security/recipes-security/checksecurity/files/check-setuid-use-more-portable-find-args.patch b/meta-security/recipes-security/checksecurity/files/check-setuid-use-more-portable-find-args.patch new file mode 100644 index 000000000..f1fe8edce --- /dev/null +++ b/meta-security/recipes-security/checksecurity/files/check-setuid-use-more-portable-find-args.patch @@ -0,0 +1,23 @@ +From f3073b8e06a607677d47ad9a19533b2e33408a4f Mon Sep 17 00:00:00 2001 +From: Christopher Larson +Date: Wed, 5 Sep 2018 23:21:43 +0500 +Subject: [PATCH] check-setuid: use more portable find args + +Signed-off-by: Christopher Larson +--- + plugins/check-setuid | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +Index: checksecurity-2.0.15/plugins/check-setuid +=================================================================== +--- checksecurity-2.0.15.orig/plugins/check-setuid 2018-09-06 00:49:23.930934294 +0500 ++++ checksecurity-2.0.15/plugins/check-setuid 2018-09-06 00:49:49.694934757 +0500 +@@ -99,7 +99,7 @@ + ionice -t -c3 \ + find `mount | grep -vE "$CHECKSECURITY_FILTER" | cut -d ' ' -f 3` \ + -xdev $PATHCHK \ +- \( -type f -perm +06000 -o \( \( -type b -o -type c \) \ ++ \( -type f \( -perm -4000 -o -perm -2000 \) -o \( \( -type b -o -type c \) \ + $DEVCHK \) \) \ + -ignore_readdir_race \ + -printf "%8i %5m %3n %-10u %-10g %9s %t %h/%f\n" | diff --git a/meta-security/recipes-security/clamav/clamav_0.99.4.bb b/meta-security/recipes-security/clamav/clamav_0.99.4.bb index 7f0433777..a340b4856 100644 --- a/meta-security/recipes-security/clamav/clamav_0.99.4.bb +++ b/meta-security/recipes-security/clamav/clamav_0.99.4.bb @@ -15,6 +15,7 @@ SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=rel/0.99 \ file://clamd.conf \ file://freshclam.conf \ file://volatiles.03_clamav \ + file://tmpfiles.clamav \ file://${BPN}.service \ file://freshclam-native.conf \ " @@ -104,11 +105,15 @@ do_install_append_class-target () { install -m 666 ${S}/clamav_db/* ${D}/${localstatedir}/lib/clamav/. if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)};then install -D -m 0644 ${WORKDIR}/clamav.service ${D}${systemd_unitdir}/system/clamav.service + install -d ${D}${sysconfdir}/tmpfiles.d + install -m 0644 ${WORKDIR}/tmpfiles.clamav ${D}${sysconfdir}/tmpfiles.d/clamav.conf fi } pkg_postinst_ontarget_${PN} () { - if [ -e /etc/init.d/populate-volatile.sh ] ; then + if command -v systemd-tmpfiles >/dev/null; then + systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/clamav.conf + elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then ${sysconfdir}/init.d/populate-volatile.sh update fi mkdir -p ${localstatedir}/lib/clamav @@ -140,6 +145,7 @@ FILES_${PN}-daemon = "${bindir}/clamconf ${bindir}/clamdtop ${sbindir}/clamd \ FILES_${PN}-freshclam = "${bindir}/freshclam \ ${sysconfdir}/freshclam.conf* \ ${sysconfdir}/clamav ${sysconfdir}/default/volatiles \ + ${sysconfdir}/tmpfiles.d/*.conf \ ${localstatedir}/lib/clamav \ ${docdir}/${PN}-freshclam ${mandir}/man1/freshclam.* \ ${mandir}/man5/freshclam.conf.* \ diff --git a/meta-security/recipes-security/clamav/files/tmpfiles.clamav b/meta-security/recipes-security/clamav/files/tmpfiles.clamav new file mode 100644 index 000000000..fd5adfeeb --- /dev/null +++ b/meta-security/recipes-security/clamav/files/tmpfiles.clamav @@ -0,0 +1,3 @@ +#Type Path Mode UID GID Age Argument +d /var/log/clamav 0755 clamav clamav - +f /var/log/clamav/freshclam.log 0644 clamav clamav - diff --git a/meta-security/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.05.bb b/meta-security/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.05.bb index 73b802fb9..2181629bd 100644 --- a/meta-security/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.05.bb +++ b/meta-security/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.05.bb @@ -10,7 +10,7 @@ DEPENDS = "libpam" S = "${WORKDIR}/git" -inherit autotools distro_features_check +inherit autotools features_check REQUIRED_DISTRO_FEATURES = "pam" diff --git a/meta-security/recipes-security/packagegroup/packagegroup-core-security-ptest.bb b/meta-security/recipes-security/packagegroup/packagegroup-core-security-ptest.bb index 39873b850..83a9ed83e 100644 --- a/meta-security/recipes-security/packagegroup/packagegroup-core-security-ptest.bb +++ b/meta-security/recipes-security/packagegroup/packagegroup-core-security-ptest.bb @@ -3,7 +3,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302 \ file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" -inherit distro_features_check +inherit features_check REQUIRED_DISTRO_FEATURES = "ptest" diff --git a/meta-security/recipes-security/sssd/sssd_1.16.4.bb b/meta-security/recipes-security/sssd/sssd_1.16.4.bb index 34bc8c804..089a99e0d 100644 --- a/meta-security/recipes-security/sssd/sssd_1.16.4.bb +++ b/meta-security/recipes-security/sssd/sssd_1.16.4.bb @@ -14,7 +14,7 @@ SRC_URI = "https://releases.pagure.org/SSSD/${BPN}/${BP}.tar.gz\ SRC_URI[md5sum] = "757bbb6f15409d8d075f4f06cb678d50" SRC_URI[sha256sum] = "6bb212cd6b75b918e945c24e7c3f95a486fb54d7f7d489a9334cfa1a1f3bf959" -inherit autotools pkgconfig gettext python-dir distro_features_check +inherit autotools pkgconfig gettext python-dir features_check REQUIRED_DISTRO_FEATURES = "pam" -- cgit v1.2.3 From 5ead1e508818df1218e69f47199a1863eb2336e4 Mon Sep 17 00:00:00 2001 From: Brad Bishop Date: Fri, 6 Dec 2019 10:10:29 -0500 Subject: meta-security: subtree update:fa800e5261..2df7dd9fba Armin Kuster (6): tpm2-pkcs11: update to tip tpm2-abrmd": update to 2.3.0 tpm2-tools: update to 4.0.1 tpm2-tss-engine: update to tip to us tss-tools 4.0.x tpm2-totp: update to 0.2.0 README: update mailing list to new groups.io Change-Id: Iae675505d3cf5b70686599a26d9162bb8aaee1b3 Signed-off-by: Brad Bishop --- meta-security/README | 6 +-- .../recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.2.0.bb | 54 ---------------------- .../recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.3.0.bb | 54 ++++++++++++++++++++++ .../recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_0.9.9.bb | 2 +- .../recipes-tpm2/tpm2-tools/tpm2-tools_3.2.0.bb | 15 ------ .../recipes-tpm2/tpm2-tools/tpm2-tools_4.0.1.bb | 14 ++++++ .../tpm2-totp/files/litpm2_totp_build_fix.patch | 36 --------------- .../recipes-tpm2/tpm2-totp/tpm2-totp_0.1.2.bb | 18 -------- .../recipes-tpm2/tpm2-totp/tpm2-totp_0.2.0.bb | 18 ++++++++ .../tpm2-tss-engine/tpm2-tss-engine_1.0.1.bb | 4 +- 10 files changed, 92 insertions(+), 129 deletions(-) delete mode 100644 meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.2.0.bb create mode 100644 meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.3.0.bb delete mode 100644 meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_3.2.0.bb create mode 100644 meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.0.1.bb delete mode 100644 meta-security/meta-tpm/recipes-tpm2/tpm2-totp/files/litpm2_totp_build_fix.patch delete mode 100644 meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.1.2.bb create mode 100644 meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.2.0.bb (limited to 'meta-security') diff --git a/meta-security/README b/meta-security/README index 5abb0e262..c419d506d 100644 --- a/meta-security/README +++ b/meta-security/README @@ -52,14 +52,14 @@ other layers needed. e.g.: Maintenance ----------- -Send pull requests, patches, comments or questions to yocto@yoctoproject.org +Send pull requests, patches, comments or questions to yocto@lists.yoctoproject.org When sending single patches, please using something like: -'git send-email -1 --to yocto@yoctoproject.org --subject-prefix=meta-security][PATCH' +'git send-email -1 --to yocto@lists.yoctoproject.org --subject-prefix=meta-security][PATCH' These values can be set as defaults for this repository: -$ git config sendemail.to yocto@yoctoproject.org +$ git config sendemail.to yocto@lists.yoctoproject.org $ git config format.subjectPrefix meta-security][PATCH Now you can just do 'git send-email origin/master' to send all local patches. diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.2.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.2.0.bb deleted file mode 100644 index 021c96930..000000000 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.2.0.bb +++ /dev/null @@ -1,54 +0,0 @@ -SUMMARY = "TPM2 Access Broker & Resource Manager" -DESCRIPTION = "This is a system daemon implementing the TPM2 access \ -broker (TAB) & Resource Manager (RM) spec from the TCG. The daemon (tpm2-abrmd) \ -is implemented using Glib and the GObject system. In this documentation and \ -in the code we use `tpm2-abrmd` and `tabrmd` interchangeably. \ -" -SECTION = "security/tpm" - -LICENSE = "BSD-2-Clause" -LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da" - -DEPENDS = "autoconf-archive dbus glib-2.0 tpm2-tss glib-2.0-native \ - libtss2 libtss2-mu libtss2-tcti-device libtss2-tcti-mssim" - -SRC_URI = "\ - git://github.com/tpm2-software/tpm2-abrmd.git \ - file://tpm2-abrmd-init.sh \ - file://tpm2-abrmd.default \ -" - -SRCREV = "ac2a5a4b5a4e548177ed7a5b74cea23e00fd30b4" - -S = "${WORKDIR}/git" - -inherit autotools pkgconfig systemd update-rc.d useradd - -SYSTEMD_PACKAGES += "${PN}" -SYSTEMD_SERVICE_${PN} = "tpm2-abrmd.service" -SYSTEMD_AUTO_ENABLE_${PN} = "disable" - -INITSCRIPT_NAME = "${PN}" -INITSCRIPT_PARAMS = "start 99 2 3 4 5 . stop 19 0 1 6 ." - -USERADD_PACKAGES = "${PN}" -GROUPADD_PARAM_${PN} = "tss" -USERADD_PARAM_${PN} = "--system -M -d /var/lib/tpm -s /bin/false -g tss tss" - -PACKAGECONFIG ?="${@bb.utils.contains('DISTRO_FEATURES','systemd','systemd', '', d)}" -PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir}, --with-systemdsystemunitdir=no" - -do_install_append() { - install -d "${D}${sysconfdir}/init.d" - install -m 0755 "${WORKDIR}/tpm2-abrmd-init.sh" "${D}${sysconfdir}/init.d/tpm2-abrmd" - - install -d "${D}${sysconfdir}/default" - install -m 0644 "${WORKDIR}/tpm2-abrmd.default" "${D}${sysconfdir}/default/tpm2-abrmd" -} - -FILES_${PN} += "${libdir}/systemd/system-preset \ - ${datadir}/dbus-1" - -RDEPENDS_${PN} += "tpm2-tss" - -BBCLASSEXTEND = "native" diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.3.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.3.0.bb new file mode 100644 index 000000000..991364ad3 --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.3.0.bb @@ -0,0 +1,54 @@ +SUMMARY = "TPM2 Access Broker & Resource Manager" +DESCRIPTION = "This is a system daemon implementing the TPM2 access \ +broker (TAB) & Resource Manager (RM) spec from the TCG. The daemon (tpm2-abrmd) \ +is implemented using Glib and the GObject system. In this documentation and \ +in the code we use `tpm2-abrmd` and `tabrmd` interchangeably. \ +" +SECTION = "security/tpm" + +LICENSE = "BSD-2-Clause" +LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da" + +DEPENDS = "autoconf-archive dbus glib-2.0 tpm2-tss glib-2.0-native \ + libtss2 libtss2-mu libtss2-tcti-device libtss2-tcti-mssim" + +SRC_URI = "\ + git://github.com/tpm2-software/tpm2-abrmd.git \ + file://tpm2-abrmd-init.sh \ + file://tpm2-abrmd.default \ +" + +SRCREV = "ac82192df1158cb58eac02777cf15c965b02cfbc" + +S = "${WORKDIR}/git" + +inherit autotools pkgconfig systemd update-rc.d useradd + +SYSTEMD_PACKAGES += "${PN}" +SYSTEMD_SERVICE_${PN} = "tpm2-abrmd.service" +SYSTEMD_AUTO_ENABLE_${PN} = "disable" + +INITSCRIPT_NAME = "${PN}" +INITSCRIPT_PARAMS = "start 99 2 3 4 5 . stop 19 0 1 6 ." + +USERADD_PACKAGES = "${PN}" +GROUPADD_PARAM_${PN} = "tss" +USERADD_PARAM_${PN} = "--system -M -d /var/lib/tpm -s /bin/false -g tss tss" + +PACKAGECONFIG ?="${@bb.utils.contains('DISTRO_FEATURES','systemd','systemd', '', d)}" +PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir}, --with-systemdsystemunitdir=no" + +do_install_append() { + install -d "${D}${sysconfdir}/init.d" + install -m 0755 "${WORKDIR}/tpm2-abrmd-init.sh" "${D}${sysconfdir}/init.d/tpm2-abrmd" + + install -d "${D}${sysconfdir}/default" + install -m 0644 "${WORKDIR}/tpm2-abrmd.default" "${D}${sysconfdir}/default/tpm2-abrmd" +} + +FILES_${PN} += "${libdir}/systemd/system-preset \ + ${datadir}/dbus-1" + +RDEPENDS_${PN} += "tpm2-tss" + +BBCLASSEXTEND = "native" diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_0.9.9.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_0.9.9.bb index 218574999..351e03e5b 100644 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_0.9.9.bb +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_0.9.9.bb @@ -10,7 +10,7 @@ SRC_URI = "git://github.com/tpm2-software/tpm2-pkcs11.git \ file://bootstrap_fixup.patch \ " -SRCREV = "caf20c04651029626466c59d88b36c05cc6ea20b" +SRCREV = "6de3f6f9c6e0a4983f3fb90e35feb34906f8aea7" S = "${WORKDIR}/git" diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_3.2.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_3.2.0.bb deleted file mode 100644 index b6f1be0d9..000000000 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_3.2.0.bb +++ /dev/null @@ -1,15 +0,0 @@ -SUMMARY = "Tools for TPM2." -DESCRIPTION = "tpm2-tools" -LICENSE = "BSD" -LIC_FILES_CHKSUM = "file://LICENSE;md5=91b7c548d73ea16537799e8060cea819" -SECTION = "tpm" - -DEPENDS = "pkgconfig tpm2-tss openssl curl autoconf-archive" - -SRCREV = "a17daa948fc67685651bf3b7a589ed341080ddd3" - -SRC_URI = "git://github.com/tpm2-software/tpm2-tools.git;branch=3.X" - -S = "${WORKDIR}/git" - -inherit autotools pkgconfig diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.0.1.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.0.1.bb new file mode 100644 index 000000000..8f9497252 --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.0.1.bb @@ -0,0 +1,14 @@ +SUMMARY = "Tools for TPM2." +DESCRIPTION = "tpm2-tools" +LICENSE = "BSD" +LIC_FILES_CHKSUM = "file://LICENSE;md5=0eb1216e46938bd723098d93a23c3bcc" +SECTION = "tpm" + +DEPENDS = "tpm2-abrmd tpm2-tss openssl curl autoconf-archive" + +SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz" + +SRC_URI[md5sum] = "071aa40bc8721700ea4ed19cc2fdeabf" +SRC_URI[sha256sum] = "ccec3fca6370341a102c5c2ef1ddb4e5cd242bf1bbc6c51d969f77fc78ca67d1" + +inherit autotools pkgconfig bash-completion diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/files/litpm2_totp_build_fix.patch b/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/files/litpm2_totp_build_fix.patch deleted file mode 100644 index c14705458..000000000 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/files/litpm2_totp_build_fix.patch +++ /dev/null @@ -1,36 +0,0 @@ -C99 fixes: - - src/libtpm2-totp.c:172:13: error: format '%li' expects argument of type 'long int', but argument 3 has type 'size_t' {aka 'unsigned int'} [-Werror=format=] -| dbg("Calling Esys_GetRandom for %li bytes", SECRETLEN - *secret_size); - -src/tpm2-totp.c:343:23: error: format '%ld' expects argument of type 'long int', but argument 3 has type 'uint64_t' {aka 'long long unsigned int'} [-Werror=format=] - -Upstream-Status: Pending -Signed-off-by: Armin Kuster - -Index: git/src/libtpm2-totp.c -=================================================================== ---- git.orig/src/libtpm2-totp.c -+++ git/src/libtpm2-totp.c -@@ -169,7 +169,7 @@ tpm2totp_generateKey(uint32_t pcrs, uint - if (rc != TPM2_RC_INITIALIZE) chkrc(rc, goto error); - - while (*secret_size < SECRETLEN) { -- dbg("Calling Esys_GetRandom for %li bytes", SECRETLEN - *secret_size); -+ dbg("Calling Esys_GetRandom for %li bytes", (long int) (SECRETLEN - *secret_size)); - rc = Esys_GetRandom(ctx, - ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE, - SECRETLEN - *secret_size, &t); -Index: git/src/tpm2-totp.c -=================================================================== ---- git.orig/src/tpm2-totp.c -+++ git/src/tpm2-totp.c -@@ -340,7 +340,7 @@ main(int argc, char **argv) - localtime (&now)); - chkrc(rc, exit(1)); - } -- printf("%s%06ld", timestr, totp); -+ printf("%s%06ld", timestr, (long int)totp); - break; - case CMD_RESEAL: - rc = tpm2totp_loadKey_nv(opt.nvindex, &keyBlob, &keyBlob_size); diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.1.2.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.1.2.bb deleted file mode 100644 index 8a2504d94..000000000 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.1.2.bb +++ /dev/null @@ -1,18 +0,0 @@ -SUMMARY = "Attest the trustworthiness of a device against a human using time-based one-time passwords" - -LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=ed23833e93c95173c8d8913745e4b4e1" - -SECTION = "security/tpm" - -DEPENDS = "autoconf-archive libtss2-dev qrencode" - -PE = "1" - -SRCREV = "15cc8fbc8fe71be9c04c3169ee1f70450d52a51a" -SRC_URI = "git://github.com/tpm2-software/tpm2-totp.git;branch=v0.1.x \ - file://litpm2_totp_build_fix.patch " - -inherit autotools-brokensep pkgconfig - -S = "${WORKDIR}/git" diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.2.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.2.0.bb new file mode 100644 index 000000000..0dad67306 --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.2.0.bb @@ -0,0 +1,18 @@ +SUMMARY = "Attest the trustworthiness of a device against a human using time-based one-time passwords" + +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=ed23833e93c95173c8d8913745e4b4e1" + +SECTION = "security/tpm" + +DEPENDS = "autoconf-archive libtss2-dev qrencode" + +PE = "1" + +SRCREV = "994b4203e4769baefa6e7719915629bc8210e90a" +SRC_URI = "git://github.com/tpm2-software/tpm2-totp.git;branch=v0.2.x \ + " + +inherit autotools-brokensep pkgconfig + +S = "${WORKDIR}/git" diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.0.1.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.0.1.bb index 8825737ee..3641b1b76 100644 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.0.1.bb +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.0.1.bb @@ -2,13 +2,13 @@ SUMMARY = "The tpm2-tss-engine project implements a cryptographic engine for Ope DESCRIPTION = "The tpm2-tss-engine project implements a cryptographic engine for OpenSSL for Trusted Platform Module (TPM 2.0) using the tpm2-tss software stack that follows the Trusted Computing Groups (TCG) TPM Software Stack (TSS 2.0). It uses the Enhanced System API (ESAPI) interface of the TSS 2.0 for downwards communication. It supports RSA decryption and signatures as well as ECDSA signatures." LICENSE = "BSD-2-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=3fb0047fd29391478a71e8e6101c76eb" +LIC_FILES_CHKSUM = "file://LICENSE;md5=7b3ab643b9ce041de515d1ed092a36d4" SECTION = "security/tpm" DEPENDS = "autoconf-archive-native bash-completion libtss2 libgcrypt openssl" -SRCREV = "e1bbabe29377e45282d753a1b103625c420a19cf" +SRCREV = "fdc8f65dfc8bad8b5a3aed181fae338267308f70" SRC_URI = "git://github.com/tpm2-software/tpm2-tss-engine.git" inherit autotools-brokensep pkgconfig systemd -- cgit v1.2.3