diff options
author | Andrew Geissler <geissonator@yahoo.com> | 2020-07-25 00:10:05 +0300 |
---|---|---|
committer | Andrew Geissler <geissonator@yahoo.com> | 2020-07-25 00:10:27 +0300 |
commit | 5bea8d8239056487ed7ec39d7b1c319c664dcf68 (patch) | |
tree | 46333ed90f5cf2869b61dba854cf567ded9df998 /meta-security/meta-tpm | |
parent | 5d59ec7e23513a3a7f86280a2610ba3d2123f9a1 (diff) | |
download | openbmc-5bea8d8239056487ed7ec39d7b1c319c664dcf68.tar.xz |
meta-security: subtree update:547f552c85..066a04425c
Armin Kuster (9):
python3-oauth2client: add recipe
python3-privacyidea: adding initial support for mfa
strongswan: add bbappends for tpm changes
layer.conf: add dynamic-layer for strongswan
strongswan: Add bbappends for ima changes
meta-integrity: add dynamic-layer for strongswan
add gitlab framework and qemu machine
kas: add ima, tpm and tpm2 build configs
drop ci-build: it is hiding errors
Jeremy Puhlman (2):
cryptsetup-tpm-incubator: RPROVIDES cryptsetup and cryptsetup-dev
packagegroup-security-tpm2: Depend on preferred provider for cryptsetup
Zheng Ruoqin (2):
ccs-tools:Fix build error when enable multilib.
bastille: Deleted redundant inherit to fix error when enable multilib.
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I023e45c8080c3d423cd25cc656da5c1f527295e5
Diffstat (limited to 'meta-security/meta-tpm')
6 files changed, 62 insertions, 1 deletions
diff --git a/meta-security/meta-tpm/conf/layer.conf b/meta-security/meta-tpm/conf/layer.conf index c3372c7076..46d0279ccd 100644 --- a/meta-security/meta-tpm/conf/layer.conf +++ b/meta-security/meta-tpm/conf/layer.conf @@ -15,3 +15,7 @@ LAYERDEPENDS_tpm-layer = " \ openembedded-layer \ " BBLAYERS_LAYERINDEX_NAME_tpm-layer = "meta-tpm" + +BBFILES_DYNAMIC += " \ +networking-layer:${LAYERDIR}/dynamic-layers/meta-networking/recipes-*/*/*.bbappend \ +" diff --git a/meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/files/0001-xfrmi-Only-build-if-libcharon-is-built.patch b/meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/files/0001-xfrmi-Only-build-if-libcharon-is-built.patch new file mode 100644 index 0000000000..825028222f --- /dev/null +++ b/meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/files/0001-xfrmi-Only-build-if-libcharon-is-built.patch @@ -0,0 +1,38 @@ +From db772305c6baa01f6c6750be74733e4bfc1d6106 Mon Sep 17 00:00:00 2001 +From: Tobias Brunner <tobias@strongswan.org> +Date: Tue, 14 Apr 2020 10:44:19 +0200 +Subject: [PATCH] xfrmi: Only build if libcharon is built + +The kernel-netlink plugin is only built if libcharon is. + +Closes strongswan/strongswan#167. + +Upstream-Status: Backport +Signed-off-by: Armin Kuster <akuster808@gmail.com> + +--- + src/Makefile.am | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +Index: strongswan-5.8.4/src/Makefile.am +=================================================================== +--- strongswan-5.8.4.orig/src/Makefile.am ++++ strongswan-5.8.4/src/Makefile.am +@@ -42,6 +42,9 @@ endif + + if USE_LIBCHARON + SUBDIRS += libcharon ++if USE_KERNEL_NETLINK ++ SUBDIRS += xfrmi ++endif + endif + + if USE_FILE_CONFIG +@@ -143,7 +146,3 @@ endif + if USE_TPM + SUBDIRS += tpm_extendpcr + endif +- +-if USE_KERNEL_NETLINK +- SUBDIRS += xfrmi +-endif diff --git a/meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-tpm.inc b/meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-tpm.inc new file mode 100644 index 0000000000..d8604e1165 --- /dev/null +++ b/meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-tpm.inc @@ -0,0 +1,12 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/files:" + +DEPENDS = "libtspi" + +SRC_URI_append = " file://0001-xfrmi-Only-build-if-libcharon-is-built.patch" + +PACKAGECONFIG += "aikgen tpm" + +PACKAGECONFIG[tpm] = "--enable-tpm,--disable-tpm,," +PACKAGECONFIG[aikgen] = "--enable-aikgen,--disable-aikgen,," + +EXTRA_OECONF += "--with-linux-headers=${STAGING_KERNEL_DIR}" diff --git a/meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan_5.%.bbappend b/meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan_5.%.bbappend new file mode 100644 index 0000000000..34757bb479 --- /dev/null +++ b/meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan_5.%.bbappend @@ -0,0 +1 @@ +require ${@bb.utils.contains('DISTRO_FEATURES', 'tpm', 'strongswan-tpm.inc', '', d)} diff --git a/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb b/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb index 8f5c537b95..a553a63d8d 100644 --- a/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb +++ b/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb @@ -7,6 +7,7 @@ inherit packagegroup PACKAGES = "${PN}" +PREFERRED_PROVIDER_cryptsetup ?= "cryptsetup-tpm-incubator" SUMMARY_packagegroup-security-tpm2 = "Security TPM 2.0 support" RDEPENDS_packagegroup-security-tpm2 = " \ tpm2-tools \ @@ -19,5 +20,5 @@ RDEPENDS_packagegroup-security-tpm2 = " \ tpm2-abrmd \ tpm2-pkcs11 \ ibmswtpm2 \ - cryptsetup-tpm-incubator \ + ${PREFERRED_PROVIDER_cryptsetup} \ " diff --git a/meta-security/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/cryptsetup-tpm-incubator_0.9.9.bb b/meta-security/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/cryptsetup-tpm-incubator_0.9.9.bb index b706d15059..2617162352 100644 --- a/meta-security/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/cryptsetup-tpm-incubator_0.9.9.bb +++ b/meta-security/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/cryptsetup-tpm-incubator_0.9.9.bb @@ -36,7 +36,12 @@ FILES_${PN} += "${libdir}/tmpfiles.d" RDEPENDS_${PN} += "lvm2 libdevmapper" RRECOMMENDS_${PN} += "lvm2-udevrules" +RPROVIDES_${PN} = "cryptsetup" RREPLACES_${PN} = "cryptsetup" RCONFLICTS_${PN} ="cryptsetup" +RPROVIDES_${PN}-dev = "cryptsetup-dev" +RREPLACES_${PN}-dev = "cryptsetup-dev" +RCONFLICTS_${PN}-dev ="cryptsetup-dev" + BBCLASSEXTEND = "native nativesdk" |