diff options
| author | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-09-09 21:56:41 +0300 |
|---|---|---|
| committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-09-09 21:57:26 +0300 |
| commit | 1fdf4aa48a5446689546be41e10dd0e8832605d6 (patch) | |
| tree | f3f8c95aa276ac0fb150acdc7e41958b57654424 /meta-security/recipes-security | |
| parent | c1d34338068e7d99e34db98597b2d8b3b58e6c2a (diff) | |
| download | openbmc-1fdf4aa48a5446689546be41e10dd0e8832605d6.tar.xz | |
meta-security: subtree update:30ea7a89dc..d75dc96fa3
Armin Kuster (11):
python-scapy: drop py2 package
packagegroup-core-security-ptest: only included if ptest is enabled
packagegroup-core-security: update package name
busybox: fix sig changes when layer added
initramfs-framework-ima: correct IMA_POLICY name
apparmor: drop lsb RDEPENDS
openscap: Drop nostamp
scap-security-guide: add depends on openscap-native do_install
cryptsetup-tpm-incubator: fix QA error RDEPENDS
oe-scap: Fix QA RDEPENDS error
suricata: update to 4.1.4
Stefan Agner (1):
libseccomp: build static library always
Change-Id: Ia2f8aec978de4f3d20c13be3c12b70a7badc29d5
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'meta-security/recipes-security')
7 files changed, 33 insertions, 41 deletions
diff --git a/meta-security/recipes-security/libseccomp/libseccomp_2.4.1.bb b/meta-security/recipes-security/libseccomp/libseccomp_2.4.1.bb index dba1be5748..37a79829f7 100644 --- a/meta-security/recipes-security/libseccomp/libseccomp_2.4.1.bb +++ b/meta-security/recipes-security/libseccomp/libseccomp_2.4.1.bb @@ -17,6 +17,8 @@ inherit autotools-brokensep pkgconfig ptest PACKAGECONFIG ??= "" PACKAGECONFIG[python] = "--enable-python, --disable-python, python" +DISABLE_STATIC = "" + do_compile_ptest() { oe_runmake -C tests check-build } diff --git a/meta-security/recipes-security/packagegroup/packagegroup-core-security-ptest.bb b/meta-security/recipes-security/packagegroup/packagegroup-core-security-ptest.bb index ddcf2086e2..39873b8506 100644 --- a/meta-security/recipes-security/packagegroup/packagegroup-core-security-ptest.bb +++ b/meta-security/recipes-security/packagegroup/packagegroup-core-security-ptest.bb @@ -3,6 +3,10 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302 \ file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" +inherit distro_features_check + +REQUIRED_DISTRO_FEATURES = "ptest" + PACKAGES = "\ ${PN} \ " @@ -15,7 +19,7 @@ RDEPENDS_${PN} = " \ samhain-standalone-ptest \ keyutils-ptest \ libseccomp-ptest \ - python-scapy-ptest \ + python3-scapy-ptest \ suricata-ptest \ tripwire-ptest \ python-fail2ban-ptest \ diff --git a/meta-security/recipes-security/packagegroup/packagegroup-core-security.bb b/meta-security/recipes-security/packagegroup/packagegroup-core-security.bb index 20ba46f34d..e0a9d05347 100644 --- a/meta-security/recipes-security/packagegroup/packagegroup-core-security.bb +++ b/meta-security/recipes-security/packagegroup/packagegroup-core-security.bb @@ -11,7 +11,6 @@ PACKAGES = "\ packagegroup-security-scanners \ packagegroup-security-ids \ packagegroup-security-mac \ - ${@bb.utils.contains("MACHINE_FEATURES", "tpm", "packagegroup-security-tpm", "",d)} \ " RDEPENDS_packagegroup-core-security = "\ @@ -19,7 +18,6 @@ RDEPENDS_packagegroup-core-security = "\ packagegroup-security-scanners \ packagegroup-security-ids \ packagegroup-security-mac \ - ${@bb.utils.contains("MACHINE_FEATURES", "tpm", "packagegroup-security-tpm", "",d)} \ " SUMMARY_packagegroup-security-utils = "Security utilities" @@ -27,7 +25,7 @@ RDEPENDS_packagegroup-security-utils = "\ checksec \ nmap \ pinentry \ - python-scapy \ + python3-scapy \ ding-libs \ keyutils \ libseccomp \ diff --git a/meta-security/recipes-security/scapy/files/run-ptest b/meta-security/recipes-security/scapy/files/run-ptest index 91b29f907f..797d8ecf78 100644 --- a/meta-security/recipes-security/scapy/files/run-ptest +++ b/meta-security/recipes-security/scapy/files/run-ptest @@ -1,4 +1,4 @@ #!/bin/sh -UTscapy -t regression.uts -f text -l -C \ +UTscapy3 -t regression.uts -f text -l -C \ -o @PTEST_PATH@/scapy_ptest_$(date +%Y%m%d-%H%M%S).log \ 2>&1 | sed -e 's/^passed None/PASS:/' -e 's/^failed None/FAIL:/' diff --git a/meta-security/recipes-security/scapy/python-scapy.inc b/meta-security/recipes-security/scapy/python-scapy.inc deleted file mode 100644 index 28e13f2880..0000000000 --- a/meta-security/recipes-security/scapy/python-scapy.inc +++ /dev/null @@ -1,22 +0,0 @@ -SUMMARY = "Network scanning and manipulation tool" -DESCRIPTION = "Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.). It also performs very well at a lot of other specific tasks that most other tools can't handle, like sending invalid frames, injecting your own 802.11 frames, combining technics (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, ...), etc." -SECTION = "security" -LICENSE = "GPLv2" - -LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263" - -S = "${WORKDIR}/git" - -SRCREV = "3047580162a9407ef05fe981983cacfa698f1159" -SRC_URI = "git://github.com/secdev/scapy.git" - -inherit ptest - -do_install_ptest() { - install -m 0644 ${S}/test/regression.uts ${D}${PTEST_PATH} - sed -i 's,@PTEST_PATH@,${PTEST_PATH},' ${D}${PTEST_PATH}/run-ptest -} - -RDEPENDS_${PN} = "tcpdump ${PYTHON_PN}-compression ${PYTHON_PN}-cryptography ${PYTHON_PN}-netclient \ - ${PYTHON_PN}-netserver ${PYTHON_PN}-pydoc ${PYTHON_PN}-pkgutil ${PYTHON_PN}-shell \ - ${PYTHON_PN}-threading ${PYTHON_PN}-numbers ${PYTHON_PN}-pycrypto" diff --git a/meta-security/recipes-security/scapy/python-scapy_2.4.3.bb b/meta-security/recipes-security/scapy/python-scapy_2.4.3.bb deleted file mode 100644 index 982620e0b1..0000000000 --- a/meta-security/recipes-security/scapy/python-scapy_2.4.3.bb +++ /dev/null @@ -1,11 +0,0 @@ -inherit setuptools -require python-scapy.inc - -SRC_URI += "file://run-ptest" - -RDEPENDS_${PN} += "${PYTHON_PN}-subprocess" - -do_install_append() { - mv ${D}${bindir}/scapy ${D}${bindir}/scapy2 - mv ${D}${bindir}/UTscapy ${D}${bindir}/UTscapy2 -} diff --git a/meta-security/recipes-security/scapy/python3-scapy_2.4.3.bb b/meta-security/recipes-security/scapy/python3-scapy_2.4.3.bb index abcaeeb0b4..925f188cde 100644 --- a/meta-security/recipes-security/scapy/python3-scapy_2.4.3.bb +++ b/meta-security/recipes-security/scapy/python3-scapy_2.4.3.bb @@ -1,9 +1,30 @@ -inherit setuptools3 -require python-scapy.inc +SUMMARY = "Network scanning and manipulation tool" +DESCRIPTION = "Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.). It also performs very well at a lot of other specific tasks that most other tools can't handle, like sending invalid frames, injecting your own 802.11 frames, combining technics (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, ...), etc." +SECTION = "security" +LICENSE = "GPLv2" -SRC_URI += "file://run-ptest" +LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263" + +S = "${WORKDIR}/git" + +SRCREV = "3047580162a9407ef05fe981983cacfa698f1159" +SRC_URI = "git://github.com/secdev/scapy.git \ + file://run-ptest" + +S = "${WORKDIR}/git" + +inherit setuptools3 ptest do_install_append() { mv ${D}${bindir}/scapy ${D}${bindir}/scapy3 mv ${D}${bindir}/UTscapy ${D}${bindir}/UTscapy3 } + +do_install_ptest() { + install -m 0644 ${S}/test/regression.uts ${D}${PTEST_PATH} + sed -i 's,@PTEST_PATH@,${PTEST_PATH},' ${D}${PTEST_PATH}/run-ptest +} + +RDEPENDS_${PN} = "tcpdump ${PYTHON_PN}-compression ${PYTHON_PN}-cryptography ${PYTHON_PN}-netclient \ + ${PYTHON_PN}-netserver ${PYTHON_PN}-pydoc ${PYTHON_PN}-pkgutil ${PYTHON_PN}-shell \ + ${PYTHON_PN}-threading ${PYTHON_PN}-numbers ${PYTHON_PN}-pycrypto" |