From a48c014e7bf11391734c05fac6552bbef2dc2086 Mon Sep 17 00:00:00 2001 From: Brad Bishop Date: Mon, 6 Jan 2020 09:48:41 -0500 Subject: meta-security: subtree update:3001c3ebfc..b72cc7f87c Armin Kuster (10): apparmor: add distro check smack: add distro check python-fail2ban: Drop python2 package python3-fail2ban: include python-fail2ban.inc google-authenticator-libpam: update to 1.07 smack-test: add feature check for smack lib/oeqa/runtime: fix clamav test order clamav: update to 0.101.5 meta-integrity: fix issues with yocto-check-layer fail2ban: fix runtime error Change-Id: I4f7e656b0f9e2e9dc32989a1756c94e4e0143c42 Signed-off-by: Brad Bishop --- meta-security/lib/oeqa/runtime/cases/clamav.py | 18 +- .../initrdscripts/initramfs-framework-ima.bb | 3 + .../packagegroups/packagegroup-ima-evm-utils.bb | 4 +- .../ima-evm-utils/ima-evm-utils_git.bb | 4 +- .../ima-policy-appraise-all_1.0.bb | 3 + .../ima_policy_hashed/ima-policy-hashed_1.0.bb | 3 + .../ima_policy_simple/ima-policy-simple_1.0.bb | 3 + .../recipes-mac/AppArmor/apparmor_2.13.3.bb | 3 +- meta-security/recipes-mac/smack/smack-test_1.0.bb | 4 + meta-security/recipes-mac/smack/smack_1.3.1.bb | 7 +- .../recipes-security/clamav/clamav_0.101.5.bb | 169 +++++++++++++++++++ .../recipes-security/clamav/clamav_0.99.4.bb | 184 --------------------- .../recipes-security/fail2ban/files/initd | 8 +- .../recipes-security/fail2ban/python-fail2ban.inc | 49 ------ .../fail2ban/python-fail2ban_0.10.4.0.bb | 4 - .../fail2ban/python3-fail2ban_0.10.4.0.bb | 51 +++++- .../google-authenticator-libpam_1.05.bb | 20 --- .../google-authenticator-libpam_1.07.bb | 20 +++ 18 files changed, 279 insertions(+), 278 deletions(-) create mode 100644 meta-security/recipes-security/clamav/clamav_0.101.5.bb delete mode 100644 meta-security/recipes-security/clamav/clamav_0.99.4.bb delete mode 100644 meta-security/recipes-security/fail2ban/python-fail2ban.inc delete mode 100644 meta-security/recipes-security/fail2ban/python-fail2ban_0.10.4.0.bb delete mode 100644 meta-security/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.05.bb create mode 100644 meta-security/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.07.bb (limited to 'meta-security') diff --git a/meta-security/lib/oeqa/runtime/cases/clamav.py b/meta-security/lib/oeqa/runtime/cases/clamav.py index 2808df4dc..cf8393732 100644 --- a/meta-security/lib/oeqa/runtime/cases/clamav.py +++ b/meta-security/lib/oeqa/runtime/cases/clamav.py @@ -48,6 +48,15 @@ class ClamavTest(OERuntimeTestCase): self.assertEqual(status, 0, msg = msg) @OETestDepends(['clamav.ClamavTest.test_ping_clamav_net']) + def test_freshclam_check_mirrors(self): + status, output = self.target.run('freshclam --list-mirrors') + match = re.search('Failures: 0', output) + if not match: + msg = ('freshclam --list-mirrors: failed. ' + 'Status and output:%s and %s' % (status, output)) + self.assertEqual(status, 1, msg = msg) + + @OETestDepends(['clamav.ClamavTest.test_freshclam_check_mirrors']) def test_freshclam_download(self): status, output = self.target.run('freshclam --show-progress') match = re.search('Database updated', output) @@ -57,12 +66,3 @@ class ClamavTest(OERuntimeTestCase): 'Status and output:%s and %s' % (status, output)) self.assertEqual(status, 1, msg = msg) - @OETestDepends(['clamav.ClamavTest.test_ping_clamav_net']) - def test_freshclam_check_mirrors(self): - status, output = self.target.run('freshclam --list-mirrors') - match = re.search('Failures: 0', output) - if not match: - msg = ('freshclam --list-mirrors: failed. ' - 'Status and output:%s and %s' % (status, output)) - self.assertEqual(status, 1, msg = msg) - diff --git a/meta-security/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb b/meta-security/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb index 95c853a72..dacdc8bf0 100644 --- a/meta-security/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb +++ b/meta-security/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb @@ -16,6 +16,9 @@ IMA_POLICY ?= "ima-policy-hashed" SRC_URI = " file://ima" +inherit features_check +REQUIRED_DISTRO_FEATURES = "ima" + do_install () { install -d ${D}/${sysconfdir}/ima install -d ${D}/init.d diff --git a/meta-security/meta-integrity/recipes-core/packagegroups/packagegroup-ima-evm-utils.bb b/meta-security/meta-integrity/recipes-core/packagegroups/packagegroup-ima-evm-utils.bb index 18acc9dca..8196edb20 100644 --- a/meta-security/meta-integrity/recipes-core/packagegroups/packagegroup-ima-evm-utils.bb +++ b/meta-security/meta-integrity/recipes-core/packagegroups/packagegroup-ima-evm-utils.bb @@ -1,7 +1,9 @@ SUMMARY = "IMA/EVM userspace tools" LICENSE = "MIT" -inherit packagegroup +inherit packagegroup features_check + +REQUIRED_DISTRO_FEATURES = "ima" # Only one at the moment, but perhaps more will come in the future. RDEPENDS_${PN} = " \ diff --git a/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb b/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb index 92c24c902..7f649c2d6 100644 --- a/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb +++ b/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb @@ -23,7 +23,9 @@ SRC_URI += "file://command-line-apply-operation-to-all-paths.patch" S = "${WORKDIR}/git" -inherit pkgconfig autotools +inherit pkgconfig autotools features_check + +REQUIRED_DISTRO_FEATURES = "ima" EXTRA_OECONF_append_class-target = " --with-kernel-headers=${STAGING_KERNEL_BUILDDIR}" diff --git a/meta-security/meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb b/meta-security/meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb index b58d3fed9..da62a4cf8 100644 --- a/meta-security/meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb +++ b/meta-security/meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb @@ -9,6 +9,9 @@ IMA_POLICY ?= "ima_policy_appraise_all" SRC_URI = " file://${IMA_POLICY}" +inherit features_check +REQUIRED_DISTRO_FEATURES = "ima" + do_install () { install -d ${D}/${sysconfdir}/ima install ${WORKDIR}/${IMA_POLICY} ${D}/${sysconfdir}/ima/ima-policy diff --git a/meta-security/meta-integrity/recipes-security/ima_policy_hashed/ima-policy-hashed_1.0.bb b/meta-security/meta-integrity/recipes-security/ima_policy_hashed/ima-policy-hashed_1.0.bb index 3352daa03..ebb042646 100644 --- a/meta-security/meta-integrity/recipes-security/ima_policy_hashed/ima-policy-hashed_1.0.bb +++ b/meta-security/meta-integrity/recipes-security/ima_policy_hashed/ima-policy-hashed_1.0.bb @@ -11,6 +11,9 @@ SRC_URI = " \ file://${IMA_POLICY} \ " +inherit features_check +REQUIRED_DISTRO_FEATURES = "ima" + do_install () { install -d ${D}/${sysconfdir}/ima install ${WORKDIR}/${IMA_POLICY} ${D}/${sysconfdir}/ima/ima-policy diff --git a/meta-security/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb b/meta-security/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb index 17132aa22..cb4b6b8ab 100644 --- a/meta-security/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb +++ b/meta-security/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb @@ -9,6 +9,9 @@ IMA_POLICY ?= "ima_policy_simple" SRC_URI = " file://${IMA_POLICY}" +inherit features_check +REQUIRED_DISTRO_FEATURES = "ima" + do_install () { install -d ${D}/${sysconfdir}/ima install ${WORKDIR}/${IMA_POLICY} ${D}/${sysconfdir}/ima/ima-policy diff --git a/meta-security/recipes-mac/AppArmor/apparmor_2.13.3.bb b/meta-security/recipes-mac/AppArmor/apparmor_2.13.3.bb index 60d5e6880..32230a57d 100644 --- a/meta-security/recipes-mac/AppArmor/apparmor_2.13.3.bb +++ b/meta-security/recipes-mac/AppArmor/apparmor_2.13.3.bb @@ -30,7 +30,8 @@ S = "${WORKDIR}/git" PARALLEL_MAKE = "" -inherit pkgconfig autotools-brokensep update-rc.d python3native perlnative ptest cpan manpages systemd +inherit pkgconfig autotools-brokensep update-rc.d python3native perlnative ptest cpan manpages systemd features_check +REQUIRED_DISTRO_FEATURES = "apparmor" PACKAGECONFIG ??= "python perl aa-decode" PACKAGECONFIG[manpages] = "--enable-man-pages, --disable-man-pages" diff --git a/meta-security/recipes-mac/smack/smack-test_1.0.bb b/meta-security/recipes-mac/smack/smack-test_1.0.bb index 7cf8f2e04..d5de6076a 100644 --- a/meta-security/recipes-mac/smack/smack-test_1.0.bb +++ b/meta-security/recipes-mac/smack/smack-test_1.0.bb @@ -12,6 +12,10 @@ SRC_URI = " \ S = "${WORKDIR}" +inherit features_check + +REQUIRED_DISTRO_FEATURES = "smack" + do_install() { install -d ${D}${sbindir} install -m 0755 notroot.py ${D}${sbindir} diff --git a/meta-security/recipes-mac/smack/smack_1.3.1.bb b/meta-security/recipes-mac/smack/smack_1.3.1.bb index f32d91ba3..b1ea4e9ff 100644 --- a/meta-security/recipes-mac/smack/smack_1.3.1.bb +++ b/meta-security/recipes-mac/smack/smack_1.3.1.bb @@ -13,7 +13,12 @@ SRC_URI = " \ PV = "1.3.1" -inherit autotools update-rc.d pkgconfig ptest ${@bb.utils.contains('VIRTUAL-RUNTIME_init_manager','systemd','systemd','', d)} +inherit autotools update-rc.d pkgconfig ptest +inherit ${@bb.utils.contains('VIRTUAL-RUNTIME_init_manager','systemd','systemd','', d)} +inherit features_check + +REQUIRED_DISTRO_FEATURES = "smack" + S = "${WORKDIR}/git" diff --git a/meta-security/recipes-security/clamav/clamav_0.101.5.bb b/meta-security/recipes-security/clamav/clamav_0.101.5.bb new file mode 100644 index 000000000..a4c32e1a6 --- /dev/null +++ b/meta-security/recipes-security/clamav/clamav_0.101.5.bb @@ -0,0 +1,169 @@ +SUMMARY = "ClamAV anti-virus utility for Unix - command-line interface" +DESCRIPTION = "ClamAV is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats." +HOMEPAGE = "http://www.clamav.net/index.html" +SECTION = "security" +LICENSE = "LGPL-2.1" + +DEPENDS = "libtool db libxml2 openssl zlib curl llvm clamav-native libmspack" +DEPENDS_class-native = "db-native openssl-native zlib-native llvm-native curl-native" + +LIC_FILES_CHKSUM = "file://COPYING.LGPL;beginline=2;endline=3;md5=4b89c05acc71195e9a06edfa2fa7d092" + +SRCREV = "482fcd413b07e9fd3ef9850e6d01a45f4e187108" + +SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=rel/0.101 \ + file://clamd.conf \ + file://freshclam.conf \ + file://volatiles.03_clamav \ + file://tmpfiles.clamav \ + file://${BPN}.service \ + file://freshclam-native.conf \ + " + +S = "${WORKDIR}/git" + +LEAD_SONAME = "libclamav.so" +SO_VER = "9.0.2" + +inherit autotools pkgconfig useradd systemd + +CLAMAV_UID ?= "clamav" +CLAMAV_GID ?= "clamav" +INSTALL_CLAMAV_CVD ?= "1" + +CLAMAV_USR_DIR = "${STAGING_DIR_NATIVE}/usr" +CLAMAV_USR_DIR_class-target = "${STAGING_DIR_HOST}/usr" + +PACKAGECONFIG_class-target ?= "ncurses bz2" +PACKAGECONFIG_class-target += " ${@bb.utils.contains("DISTRO_FEATURES", "ipv6", "ipv6", "", d)}" +PACKAGECONFIG_class-target += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)}" + +PACKAGECONFIG[pcre] = "--with-pcre=${STAGING_LIBDIR}, --without-pcre, libpcre" +PACKAGECONFIG[json] = "--with-libjson=${STAGING_LIBDIR}, --without-libjson, json-c," +PACKAGECONFIG[ipv6] = "--enable-ipv6, --disable-ipv6" +PACKAGECONFIG[bz2] = "--with-libbz2-prefix=${CLAMAV_USR_DIR}, --disable-bzip2, bzip2" +PACKAGECONFIG[ncurses] = "--with-libncurses-prefix=${CLAMAV_USR_DIR}, --without-libncurses-prefix, ncurses, " +PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_unitdir}/system/, --without-systemdsystemunitdir, " + +EXTRA_OECONF_CLAMAV = "--without-libcheck-prefix --disable-unrar \ + --disable-mempool \ + --program-prefix="" \ + --disable-zlib-vcheck \ + --with-xml=${CLAMAV_USR_DIR} \ + --with-zlib=${CLAMAV_USR_DIR} \ + --with-openssl=${CLAMAV_USR_DIR} \ + --with-libcurl=${CLAMAV_USR_DIR} \ + --with-system-libmspack=${CLAMAV_USR_DIR} \ + --with-iconv=no \ + --enable-check=no \ + " + +EXTRA_OECONF_class-native += "${EXTRA_OECONF_CLAMAV}" +EXTRA_OECONF_class-target += "--with-user=${CLAMAV_UID} --with-group=${CLAMAV_GID} ${EXTRA_OECONF_CLAMAV}" + +do_configure () { + ${S}/configure ${CONFIGUREOPTS} ${EXTRA_OECONF} +} + +do_configure_class-native () { + ${S}/configure ${CONFIGUREOPTS} ${EXTRA_OECONF} +} + +do_compile_append_class-target() { + if [ "${INSTALL_CLAMAV_CVD}" = "1" ]; then + bbnote "CLAMAV creating cvd" + install -d ${S}/clamav_db + ${STAGING_BINDIR_NATIVE}/freshclam --datadir=${S}/clamav_db --config=${WORKDIR}/freshclam-native.conf + fi +} + +do_install_append_class-target () { + install -d ${D}/${sysconfdir} + install -d ${D}/${localstatedir}/lib/clamav + install -d ${D}${sysconfdir}/clamav ${D}${sysconfdir}/default/volatiles + + install -m 644 ${WORKDIR}/clamd.conf ${D}/${sysconfdir} + install -m 644 ${WORKDIR}/freshclam.conf ${D}/${sysconfdir} + install -m 0644 ${WORKDIR}/volatiles.03_clamav ${D}${sysconfdir}/default/volatiles/volatiles.03_clamav + sed -i -e 's#${STAGING_DIR_HOST}##g' ${D}${libdir}/pkgconfig/libclamav.pc + rm ${D}/${libdir}/libclamav.so + install -m 666 ${S}/clamav_db/* ${D}/${localstatedir}/lib/clamav/. + if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)};then + install -D -m 0644 ${WORKDIR}/clamav.service ${D}${systemd_unitdir}/system/clamav.service + install -d ${D}${sysconfdir}/tmpfiles.d + install -m 0644 ${WORKDIR}/tmpfiles.clamav ${D}${sysconfdir}/tmpfiles.d/clamav.conf + fi +} + +pkg_postinst_ontarget_${PN} () { + if command -v systemd-tmpfiles >/dev/null; then + systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/clamav.conf + elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then + ${sysconfdir}/init.d/populate-volatile.sh update + fi + mkdir -p ${localstatedir}/lib/clamav + chown -R ${CLAMAV_UID}:${CLAMAV_GID} ${localstatedir}/lib/clamav +} + + +PACKAGES = "${PN} ${PN}-dev ${PN}-dbg ${PN}-daemon ${PN}-doc ${PN}-cvd \ + ${PN}-clamdscan ${PN}-freshclam ${PN}-libclamav ${PN}-staticdev" + +FILES_${PN} = "${bindir}/clambc ${bindir}/clamscan ${bindir}/clamsubmit \ + ${bindir}/*sigtool ${mandir}/man1/clambc* ${mandir}/man1/clamscan* \ + ${mandir}/man1/sigtool* ${mandir}/man1/clambsubmit* \ + ${docdir}/clamav/* " + +FILES_${PN}-clamdscan = " ${bindir}/clamdscan \ + ${docdir}/clamdscan/* \ + ${mandir}/man1/clamdscan* \ + " + +FILES_${PN}-daemon = "${bindir}/clamconf ${bindir}/clamdtop ${sbindir}/clamd \ + ${mandir}/man1/clamconf* ${mandir}/man1/clamdtop* \ + ${mandir}/man5/clamd* ${mandir}/man8/clamd* \ + ${sysconfdir}/clamd.conf* \ + ${systemd_unitdir}/system/clamav-daemon/* \ + ${docdir}/clamav-daemon/* ${sysconfdir}/clamav-daemon \ + ${sysconfdir}/logcheck/ignore.d.server/clamav-daemon " + +FILES_${PN}-freshclam = "${bindir}/freshclam \ + ${sysconfdir}/freshclam.conf* \ + ${sysconfdir}/clamav ${sysconfdir}/default/volatiles \ + ${sysconfdir}/tmpfiles.d/*.conf \ + ${localstatedir}/lib/clamav \ + ${docdir}/${PN}-freshclam ${mandir}/man1/freshclam.* \ + ${mandir}/man5/freshclam.conf.* \ + ${systemd_unitdir}/system/clamav-freshclam.service" + +FILES_${PN}-dev = " ${bindir}/clamav-config ${libdir}/*.la \ + ${libdir}/pkgconfig/*.pc \ + ${mandir}/man1/clamav-config.* \ + ${includedir}/*.h ${docdir}/libclamav* " + +FILES_${PN}-staticdev = "${libdir}/*.a" + +FILES_${PN}-libclamav = "${libdir}/libclamav.so* ${libdir}/libclammspack.so*\ + ${docdir}/libclamav/* " + +FILES_${PN}-doc = "${mandir}/man/* \ + ${datadir}/man/* \ + ${docdir}/* " + +FILES_${PN}-cvd = "${localstatedir}/lib/clamav/*.cvd ${localstatedir}/lib/clamav/*.dat" + +USERADD_PACKAGES = "${PN}" +GROUPADD_PARAM_${PN} = "--system ${CLAMAV_UID}" +USERADD_PARAM_${PN} = "--system -g ${CLAMAV_GID} --home-dir \ + ${localstatedir}/spool/${BPN} \ + --no-create-home --shell /bin/false ${BPN}" + +RPROVIDES_${PN} += "${PN}-systemd" +RREPLACES_${PN} += "${PN}-systemd" +RCONFLICTS_${PN} += "${PN}-systemd" +SYSTEMD_SERVICE_${PN} = "${BPN}.service" + +RDEPENDS_${PN} = "openssl ncurses-libncurses libxml2 libbz2 ncurses-libtinfo curl libpcre2 clamav-freshclam clamav-libclamav" +RDEPENDS_${PN}_class-native = "" + +BBCLASSEXTEND = "native" diff --git a/meta-security/recipes-security/clamav/clamav_0.99.4.bb b/meta-security/recipes-security/clamav/clamav_0.99.4.bb deleted file mode 100644 index a340b4856..000000000 --- a/meta-security/recipes-security/clamav/clamav_0.99.4.bb +++ /dev/null @@ -1,184 +0,0 @@ -SUMMARY = "ClamAV anti-virus utility for Unix - command-line interface" -DESCRIPTION = "ClamAV is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats." -HOMEPAGE = "http://www.clamav.net/index.html" -SECTION = "security" -LICENSE = "LGPL-2.1" - -DEPENDS = "libtool db libmspack openssl zlib llvm chrpath-replacement-native clamav-native" -DEPENDS_class-native = "db-native openssl-native zlib-native" - -LIC_FILES_CHKSUM = "file://COPYING.LGPL;beginline=2;endline=3;md5=4b89c05acc71195e9a06edfa2fa7d092" - -SRCREV = "b66e5e27b48c0a07494f9df9b809ed933cede047" - -SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=rel/0.99 \ - file://clamd.conf \ - file://freshclam.conf \ - file://volatiles.03_clamav \ - file://tmpfiles.clamav \ - file://${BPN}.service \ - file://freshclam-native.conf \ - " - -S = "${WORKDIR}/git" - -LEAD_SONAME = "libclamav.so" -SO_VER = "7.1.1" - -EXTRANATIVEPATH += "chrpath-native" - -inherit autotools-brokensep pkgconfig useradd systemd - -UID = "clamav" -GID = "clamav" -INSTALL_CLAMAV_CVD ?= "1" - -# Clamav has a built llvm version 2 but does not build with gcc 6.x, -# disable the internal one. This is a known issue -# If you want LLVM support, use the one in core - -CLAMAV_USR_DIR = "${STAGING_DIR_NATIVE}/usr" -CLAMAV_USR_DIR_class-target = "${STAGING_DIR_HOST}/usr" - -PACKAGECONFIG_class-target ?= "ncurses bz2" -PACKAGECONFIG_class-target += " ${@bb.utils.contains("DISTRO_FEATURES", "ipv6", "ipv6", "", d)}" -PACKAGECONFIG_class-target += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)}" - -PACKAGECONFIG[pcre] = "--with-pcre=${STAGING_LIBDIR}, --without-pcre, libpcre" -PACKAGECONFIG[xml] = "--with-xml=${CLAMAV_USR_DIR}, --disable-xml, libxml2," -PACKAGECONFIG[json] = "--with-libjson=${STAGING_LIBDIR}, --without-libjson, json," -PACKAGECONFIG[curl] = "--with-libcurl=${STAGING_LIBDIR}, --without-libcurl, curl," -PACKAGECONFIG[ipv6] = "--enable-ipv6, --disable-ipv6" -PACKAGECONFIG[bz2] = "--with-libbz2-prefix=${CLAMAV_USR_DIR}, --without-libbz2-prefix, " -PACKAGECONFIG[ncurses] = "--with-libncurses-prefix=${CLAMAV_USR_DIR}, --without-libncurses-prefix, ncurses, " -PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_unitdir}/system/, --without-systemdsystemunitdir, " - -EXTRA_OECONF_CLAMAV = "--without-libcheck-prefix --disable-unrar \ - --with-system-llvm --with-llvm-linking=dynamic --disable-llvm \ - --disable-mempool \ - --program-prefix="" \ - --disable-yara \ - --disable-xml \ - --with-openssl=${CLAMAV_USR_DIR} \ - --with-zlib=${CLAMAV_USR_DIR} --disable-zlib-vcheck \ - " - -EXTRA_OECONF_class-native += "${EXTRA_OECONF_CLAMAV}" -EXTRA_OECONF_class-target += "--with-user=${UID} --with-group=${GID} --disable-rpath ${EXTRA_OECONF_CLAMAV}" - -do_configure () { - ${S}/configure ${CONFIGUREOPTS} ${EXTRA_OECONF} - install -d ${S}/clamav_db -} - -do_configure_class-native () { - ${S}/configure ${CONFIGUREOPTS} ${EXTRA_OECONF} -} - - -do_compile_append_class-target() { - # brute force removing RPATH - chrpath -d ${B}/libclamav/.libs/libclamav.so.${SO_VER} - chrpath -d ${B}/sigtool/.libs/sigtool - chrpath -d ${B}/clambc/.libs/clambc - chrpath -d ${B}/clamscan/.libs/clamscan - chrpath -d ${B}/clamconf/.libs/clamconf - chrpath -d ${B}/clamd/.libs/clamd - chrpath -d ${B}/freshclam/.libs/freshclam - - if [ "${INSTALL_CLAMAV_CVD}" = "1" ]; then - bbnote "CLAMAV creating cvd" - ${STAGING_BINDIR_NATIVE}/freshclam --datadir=${S}/clamav_db --config=${WORKDIR}/freshclam-native.conf - fi -} - -do_install_append_class-target () { - install -d ${D}/${sysconfdir} - install -d ${D}/${localstatedir}/lib/clamav - install -d ${D}${sysconfdir}/clamav ${D}${sysconfdir}/default/volatiles - - install -m 644 ${WORKDIR}/clamd.conf ${D}/${sysconfdir} - install -m 644 ${WORKDIR}/freshclam.conf ${D}/${sysconfdir} - install -m 0644 ${WORKDIR}/volatiles.03_clamav ${D}${sysconfdir}/default/volatiles/volatiles.03_clamav - sed -i -e 's#${STAGING_DIR_HOST}##g' ${D}${libdir}/pkgconfig/libclamav.pc - rm ${D}/${libdir}/libclamav.so - install -m 666 ${S}/clamav_db/* ${D}/${localstatedir}/lib/clamav/. - if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)};then - install -D -m 0644 ${WORKDIR}/clamav.service ${D}${systemd_unitdir}/system/clamav.service - install -d ${D}${sysconfdir}/tmpfiles.d - install -m 0644 ${WORKDIR}/tmpfiles.clamav ${D}${sysconfdir}/tmpfiles.d/clamav.conf - fi -} - -pkg_postinst_ontarget_${PN} () { - if command -v systemd-tmpfiles >/dev/null; then - systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/clamav.conf - elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then - ${sysconfdir}/init.d/populate-volatile.sh update - fi - mkdir -p ${localstatedir}/lib/clamav - chown -R ${UID}:${GID} ${localstatedir}/lib/clamav -} - - -PACKAGES = "${PN} ${PN}-dev ${PN}-dbg ${PN}-daemon ${PN}-doc ${PN}-cvd \ - ${PN}-clamdscan ${PN}-freshclam ${PN}-libclamav ${PN}-staticdev" - -FILES_${PN} = "${bindir}/clambc ${bindir}/clamscan ${bindir}/clamsubmit \ - ${bindir}/*sigtool ${mandir}/man1/clambc* ${mandir}/man1/clamscan* \ - ${mandir}/man1/sigtool* ${mandir}/man1/clambsubmit* \ - ${docdir}/clamav/* " - -FILES_${PN}-clamdscan = " ${bindir}/clamdscan \ - ${docdir}/clamdscan/* \ - ${mandir}/man1/clamdscan* \ - " - -FILES_${PN}-daemon = "${bindir}/clamconf ${bindir}/clamdtop ${sbindir}/clamd \ - ${mandir}/man1/clamconf* ${mandir}/man1/clamdtop* \ - ${mandir}/man5/clamd* ${mandir}/man8/clamd* \ - ${sysconfdir}/clamd.conf* \ - ${systemd_unitdir}/system/clamav-daemon/* \ - ${docdir}/clamav-daemon/* ${sysconfdir}/clamav-daemon \ - ${sysconfdir}/logcheck/ignore.d.server/clamav-daemon " - -FILES_${PN}-freshclam = "${bindir}/freshclam \ - ${sysconfdir}/freshclam.conf* \ - ${sysconfdir}/clamav ${sysconfdir}/default/volatiles \ - ${sysconfdir}/tmpfiles.d/*.conf \ - ${localstatedir}/lib/clamav \ - ${docdir}/${PN}-freshclam ${mandir}/man1/freshclam.* \ - ${mandir}/man5/freshclam.conf.* \ - ${systemd_unitdir}/system/clamav-freshclam.service" - -FILES_${PN}-dev = " ${bindir}/clamav-config ${libdir}/*.la \ - ${libdir}/pkgconfig/*.pc \ - ${mandir}/man1/clamav-config.* \ - ${includedir}/*.h ${docdir}/libclamav* " - -FILES_${PN}-staticdev = "${libdir}/*.a" - -FILES_${PN}-libclamav = "${libdir}/libclamav.so* ${libdir}/libmspack.so*\ - ${docdir}/libclamav/* " - -FILES_${PN}-doc = "${mandir}/man/* \ - ${datadir}/man/* \ - ${docdir}/* " - -FILES_${PN}-cvd = "${localstatedir}/lib/clamav/*.cvd ${localstatedir}/lib/clamav/*.dat" - -USERADD_PACKAGES = "${PN}" -GROUPADD_PARAM_${PN} = "--system ${UID}" -USERADD_PARAM_${PN} = "--system -g ${GID} --home-dir \ - ${localstatedir}/spool/${BPN} \ - --no-create-home --shell /bin/false ${BPN}" - -RPROVIDES_${PN} += "${PN}-systemd" -RREPLACES_${PN} += "${PN}-systemd" -RCONFLICTS_${PN} += "${PN}-systemd" -SYSTEMD_SERVICE_${PN} = "${BPN}.service" - -RDEPENDS_${PN} = "openssl ncurses-libncurses libbz2 ncurses-libtinfo clamav-freshclam clamav-libclamav" -RDEPENDS_${PN}_class-native = "" - -BBCLASSEXTEND = "native" diff --git a/meta-security/recipes-security/fail2ban/files/initd b/meta-security/recipes-security/fail2ban/files/initd index 4f4b394c4..586b3dac3 100644 --- a/meta-security/recipes-security/fail2ban/files/initd +++ b/meta-security/recipes-security/fail2ban/files/initd @@ -39,9 +39,9 @@ start() { RETVAL=$? if [ $RETVAL = 0 ]; then touch ${lockfile} - echo_success + success else - echo_failure + failure fi echo return $RETVAL @@ -53,9 +53,9 @@ stop() { RETVAL=$? if [ $RETVAL = 0 ]; then rm -f ${lockfile} ${pidfile} - echo_success + success else - echo_failure + failure fi echo return $RETVAL diff --git a/meta-security/recipes-security/fail2ban/python-fail2ban.inc b/meta-security/recipes-security/fail2ban/python-fail2ban.inc deleted file mode 100644 index 7270ed8ac..000000000 --- a/meta-security/recipes-security/fail2ban/python-fail2ban.inc +++ /dev/null @@ -1,49 +0,0 @@ -SUMMARY = "Daemon to ban hosts that cause multiple authentication errors." -DESCRIPTION = "Fail2Ban scans log files like /var/log/auth.log and bans IP addresses having too \ -many failed login attempts. It does this by updating system firewall rules to reject new \ -connections from those IP addresses, for a configurable amount of time. Fail2Ban comes \ -out-of-the-box ready to read many standard log files, such as those for sshd and Apache, \ -and is easy to configure to read any log file you choose, for any error you choose." -HOMEPAGE = "http://www.fail2ban.org" - -LICENSE = "GPL-2.0" -LIC_FILES_CHKSUM = "file://COPYING;md5=ecabc31e90311da843753ba772885d9f" - -SRCREV ="aa565eb80ec6043317e8430cabcaf9c3f4e61578" -SRC_URI = " \ - git://github.com/fail2ban/fail2ban.git;branch=0.11 \ - file://initd \ - file://fail2ban_setup.py \ - file://run-ptest \ -" - -inherit update-rc.d ptest - -S = "${WORKDIR}/git" - -INITSCRIPT_PACKAGES = "${PN}" -INITSCRIPT_NAME = "fail2ban-server" -INITSCRIPT_PARAMS = "defaults 25" - -do_compile_prepend () { - cp ${WORKDIR}/fail2ban_setup.py ${S}/setup.py -} - -do_install_append () { - install -d ${D}/${sysconfdir}/fail2ban - install -d ${D}/${sysconfdir}/init.d - install -m 0755 ${WORKDIR}/initd ${D}${sysconfdir}/init.d/fail2ban-server - chown -R root:root ${D}/${bindir} -} - -do_install_ptest_append () { - install -d ${D}${PTEST_PATH} - sed -i -e 's/##PYTHON##/${PYTHON_PN}/g' ${D}${PTEST_PATH}/run-ptest - install -D ${S}/bin/fail2ban-testcases ${D}${PTEST_PATH} -} - -FILES_${PN} += "/run" - -INSANE_SKIP_${PN}_append = "already-stripped" - -RDEPENDS_${PN} = "sysklogd iptables sqlite3 ${PYTHON_PN} ${PYTHON_PN}-pyinotify" diff --git a/meta-security/recipes-security/fail2ban/python-fail2ban_0.10.4.0.bb b/meta-security/recipes-security/fail2ban/python-fail2ban_0.10.4.0.bb deleted file mode 100644 index 17a7dd8dd..000000000 --- a/meta-security/recipes-security/fail2ban/python-fail2ban_0.10.4.0.bb +++ /dev/null @@ -1,4 +0,0 @@ -inherit setuptools -require python-fail2ban.inc - -RDEPENDS_${PN}-ptest = "python python-modules python-fail2ban" diff --git a/meta-security/recipes-security/fail2ban/python3-fail2ban_0.10.4.0.bb b/meta-security/recipes-security/fail2ban/python3-fail2ban_0.10.4.0.bb index 23ef027b3..53f94ff9f 100644 --- a/meta-security/recipes-security/fail2ban/python3-fail2ban_0.10.4.0.bb +++ b/meta-security/recipes-security/fail2ban/python3-fail2ban_0.10.4.0.bb @@ -1,8 +1,51 @@ -inherit setuptools3 -require python-fail2ban.inc +SUMMARY = "Daemon to ban hosts that cause multiple authentication errors." +DESCRIPTION = "Fail2Ban scans log files like /var/log/auth.log and bans IP addresses having too \ +many failed login attempts. It does this by updating system firewall rules to reject new \ +connections from those IP addresses, for a configurable amount of time. Fail2Ban comes \ +out-of-the-box ready to read many standard log files, such as those for sshd and Apache, \ +and is easy to configure to read any log file you choose, for any error you choose." +HOMEPAGE = "http://www.fail2ban.org" -RDEPENDS_${PN}-ptest = "python3-core python3-io python3-modules python3-fail2ban" +LICENSE = "GPL-2.0" +LIC_FILES_CHKSUM = "file://COPYING;md5=ecabc31e90311da843753ba772885d9f" -SRC_URI += " \ +SRCREV ="aa565eb80ec6043317e8430cabcaf9c3f4e61578" +SRC_URI = " \ + git://github.com/fail2ban/fail2ban.git;branch=0.11 \ + file://initd \ + file://fail2ban_setup.py \ + file://run-ptest \ file://0001-To-fix-build-error-of-xrang.patch \ " + +inherit update-rc.d ptest setuptools3 + +S = "${WORKDIR}/git" + +do_compile_prepend () { + cp ${WORKDIR}/fail2ban_setup.py ${S}/setup.py +} + +do_install_append () { + install -d ${D}/${sysconfdir}/fail2ban + install -d ${D}/${sysconfdir}/init.d + install -m 0755 ${WORKDIR}/initd ${D}${sysconfdir}/init.d/fail2ban-server + chown -R root:root ${D}/${bindir} +} + +do_install_ptest_append () { + install -d ${D}${PTEST_PATH} + sed -i -e 's/##PYTHON##/${PYTHON_PN}/g' ${D}${PTEST_PATH}/run-ptest + install -D ${S}/bin/fail2ban-testcases ${D}${PTEST_PATH} +} + +FILES_${PN} += "/run" + +INITSCRIPT_PACKAGES = "${PN}" +INITSCRIPT_NAME = "fail2ban-server" +INITSCRIPT_PARAMS = "defaults 25" + +INSANE_SKIP_${PN}_append = "already-stripped" + +RDEPENDS_${PN} = "sysklogd iptables sqlite3 ${PYTHON_PN} ${PYTHON_PN}-pyinotify" +RDEPENDS_${PN}-ptest = "python3-core python3-io python3-modules python3-fail2ban" diff --git a/meta-security/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.05.bb b/meta-security/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.05.bb deleted file mode 100644 index 2181629bd..000000000 --- a/meta-security/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.05.bb +++ /dev/null @@ -1,20 +0,0 @@ -SUMMARY = "Google Authenticator PAM module" -HOME_PAGE = "https://github.com/google/google-authenticator-libpam" -LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" -LICENSE = "Apache-2.0" - -SRC_URI = "git://github.com/google/google-authenticator-libpam.git" -SRCREV = "7365ed10d54393fb4c100cac063ae8edb744eac6" - -DEPENDS = "libpam" - -S = "${WORKDIR}/git" - -inherit autotools features_check - -REQUIRED_DISTRO_FEATURES = "pam" - -PACKAGES += "pam-google-authenticator" -FILES_pam-google-authenticator = "${libdir}/security/pam_google_authenticator.so" - -RDEPNEDS_pam-google-authenticator = "libpam" diff --git a/meta-security/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.07.bb b/meta-security/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.07.bb new file mode 100644 index 000000000..98f895c44 --- /dev/null +++ b/meta-security/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.07.bb @@ -0,0 +1,20 @@ +SUMMARY = "Google Authenticator PAM module" +HOME_PAGE = "https://github.com/google/google-authenticator-libpam" +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" +LICENSE = "Apache-2.0" + +SRC_URI = "git://github.com/google/google-authenticator-libpam.git" +SRCREV = "c9280f43610ce896f91eafd0f740a4eb4dcecedd" + +DEPENDS = "libpam" + +S = "${WORKDIR}/git" + +inherit autotools features_check + +REQUIRED_DISTRO_FEATURES = "pam" + +PACKAGES += "pam-google-authenticator" +FILES_pam-google-authenticator = "${libdir}/security/pam_google_authenticator.so" + +RDEPNEDS_pam-google-authenticator = "libpam" -- cgit v1.2.3