diff options
author | Andrew Geissler <geissonator@yahoo.com> | 2023-01-28 01:03:57 +0300 |
---|---|---|
committer | Andrew Geissler <geissonator@yahoo.com> | 2023-01-28 01:17:23 +0300 |
commit | ea144b037776e892b9e05c4d22be842901e2138c (patch) | |
tree | 8979a2b68c7272cbd0a0866c6c7583e8e50a9975 /meta-security | |
parent | f96073cab66cd4c26a12710ba692fcc17cb6e33f (diff) | |
download | openbmc-ea144b037776e892b9e05c4d22be842901e2138c.tar.xz |
subtree updates:raspberrypi:arm:security: Jan 27 2023
meta-raspberrypi: 896566aa92..6c57b92708:
Martin Jansa (2):
pi-bluetooth: fix typo in Upstream-Status
gstreamer1.0-omx: fix Upstream-Status format
meta-arm: 5c42f084f7..3d51e1117d:
Abdellatif El Khlifi (1):
arm-bsp/u-boot: Corstone1000: bump to v2022.10
Anton Antonov (1):
arm/kernel: Update ARM-FFA kernel drivers
Daniel Díaz (1):
arm-bsp/firmware-image-juno: Fix deployment of compressed Image
Jon Mason (8):
arm-bsp/juno: move to compressed initramfs image
arm-bsp/juno: Update kernel patches to the latest
arm-bsp/trusted-firmware-m: corstone1000: TFM file clean-ups
arm/trusted-firmware-m: disable fatal warnings
arm-toolchain: update Arm GCC to 12.2
external-arm-toolchain: Enable 12.2.rel1 support
arm-bsp: add u-boot v2022.10 support
arm-bsp: add u-boot v2022.10 support
Peter Hoyes (8):
arm/scp-firmware: Ensure CMAKE_BUILD_TYPE is capitalized
arm/scp-firmware: Disable cppcheck
arm: Add addpylib declaration
arm/lib: Add XAUTHORITY to runfvp environment
classes: Define FVP_ENV_PASSTHROUGH variable dependencies
classes: Prevent passing None to the runfvp environment
classes: Set ARMLMD_LICENSE_FILE in the runfvp environment
arm: Use SRC* variables consistently
Qi Feng (1):
arm-bsp/fvp-baser-aemv8r64: Rebase u-boot patches onto v2022.10
Ross Burton (9):
meta-*: mark layers as compatible with mickledore only
arm-toolchain: remove obsolete oe_import
CI: switch back to master
CI: remove obsolete linux-yocto workarounds
Revert "CI: revert a meta-clang change which breaks pixman (thus, xserver)"
arm-bsp/fvp-base*: no need to remove rng-tools from openssh
CI: pass --update and --force-checkout to kas in pending-updates job
CI: use 'kas dump' instead of manually catting files
CI: remove obsolete install
Rui Miguel Silva (1):
arm-bsp/u-boot: corstone500: bump to 2022.10
Theodore A. Roth (1):
arm/optee-os: Fix FILESEXTRAPATHS
meta-security: f991b20f56..3d9dab6d14:
Chen Qi (1):
openscap: add libpcre DEPEDNS to fix do_configure failure
Markus Volk (1):
bubblewrap: remove recipe
Martin Jansa (1):
layer.conf: update LAYERSERIES_COMPAT for mickledore
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I5abd2487fbf395b33b1934ff90bd6d97c7953e6c
Diffstat (limited to 'meta-security')
9 files changed, 9 insertions, 31 deletions
diff --git a/meta-security/conf/layer.conf b/meta-security/conf/layer.conf index 84346a1c9c..b5a74f1ea0 100644 --- a/meta-security/conf/layer.conf +++ b/meta-security/conf/layer.conf @@ -9,7 +9,7 @@ BBFILE_COLLECTIONS += "security" BBFILE_PATTERN_security = "^${LAYERDIR}/" BBFILE_PRIORITY_security = "8" -LAYERSERIES_COMPAT_security = "langdale mickledore" +LAYERSERIES_COMPAT_security = "mickledore" LAYERDEPENDS_security = "core openembedded-layer" diff --git a/meta-security/meta-hardening/conf/layer.conf b/meta-security/meta-hardening/conf/layer.conf index a150085b33..add3cbc53d 100644 --- a/meta-security/meta-hardening/conf/layer.conf +++ b/meta-security/meta-hardening/conf/layer.conf @@ -8,6 +8,6 @@ BBFILE_COLLECTIONS += "harden-layer" BBFILE_PATTERN_harden-layer = "^${LAYERDIR}/" BBFILE_PRIORITY_harden-layer = "10" -LAYERSERIES_COMPAT_harden-layer = "langdale mickledore" +LAYERSERIES_COMPAT_harden-layer = "mickledore" LAYERDEPENDS_harden-layer = "core openembedded-layer" diff --git a/meta-security/meta-integrity/conf/layer.conf b/meta-security/meta-integrity/conf/layer.conf index 237306dc65..b273b5b492 100644 --- a/meta-security/meta-integrity/conf/layer.conf +++ b/meta-security/meta-integrity/conf/layer.conf @@ -20,7 +20,7 @@ INTEGRITY_BASE := '${LAYERDIR}' # interactive shell is enough. OE_TERMINAL_EXPORTS += "INTEGRITY_BASE" -LAYERSERIES_COMPAT_integrity = "langdale mickledore" +LAYERSERIES_COMPAT_integrity = "mickledore" # ima-evm-utils depends on keyutils from meta-oe LAYERDEPENDS_integrity = "core openembedded-layer" diff --git a/meta-security/meta-parsec/conf/layer.conf b/meta-security/meta-parsec/conf/layer.conf index 3495235a49..0a71694cd6 100644 --- a/meta-security/meta-parsec/conf/layer.conf +++ b/meta-security/meta-parsec/conf/layer.conf @@ -8,7 +8,7 @@ BBFILE_COLLECTIONS += "parsec-layer" BBFILE_PATTERN_parsec-layer = "^${LAYERDIR}/" BBFILE_PRIORITY_parsec-layer = "5" -LAYERSERIES_COMPAT_parsec-layer = "langdale mickledore" +LAYERSERIES_COMPAT_parsec-layer = "mickledore" LAYERDEPENDS_parsec-layer = "core clang-layer" BBLAYERS_LAYERINDEX_NAME_parsec-layer = "meta-parsec" diff --git a/meta-security/meta-security-compliance/conf/layer.conf b/meta-security/meta-security-compliance/conf/layer.conf index a250f5c45d..f07532c537 100644 --- a/meta-security/meta-security-compliance/conf/layer.conf +++ b/meta-security/meta-security-compliance/conf/layer.conf @@ -8,7 +8,7 @@ BBFILE_COLLECTIONS += "scanners-layer" BBFILE_PATTERN_scanners-layer = "^${LAYERDIR}/" BBFILE_PRIORITY_scanners-layer = "10" -LAYERSERIES_COMPAT_scanners-layer = "langdale mickledore" +LAYERSERIES_COMPAT_scanners-layer = "mickledore" LAYERDEPENDS_scanners-layer = "core openembedded-layer meta-python" diff --git a/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap.inc b/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap.inc index 4babcf946a..e8752270d3 100644 --- a/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap.inc +++ b/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap.inc @@ -6,8 +6,8 @@ HOME_URL = "https://www.open-scap.org/tools/openscap-base/" LIC_FILES_CHKSUM = "file://COPYING;md5=fbc093901857fcd118f065f900982c24" LICENSE = "LGPL-2.1-only" -DEPENDS = "dbus acl bzip2 pkgconfig gconf procps curl libxml2 libxslt libcap swig" -DEPENDS:class-native = "pkgconfig-native swig-native curl-native libxml2-native libxslt-native libcap-native" +DEPENDS = "dbus acl bzip2 pkgconfig gconf procps curl libxml2 libxslt libcap swig libpcre" +DEPENDS:class-native = "pkgconfig-native swig-native curl-native libxml2-native libxslt-native libcap-native libpcre-native" S = "${WORKDIR}/git" diff --git a/meta-security/meta-security-isafw/conf/layer.conf b/meta-security/meta-security-isafw/conf/layer.conf index bc8853087d..550cceda21 100644 --- a/meta-security/meta-security-isafw/conf/layer.conf +++ b/meta-security/meta-security-isafw/conf/layer.conf @@ -14,4 +14,4 @@ LAYERVERSION_security-isafw = "1" LAYERDEPENDS_security-isafw = "core" -LAYERSERIES_COMPAT_security-isafw = "langdale mickledore" +LAYERSERIES_COMPAT_security-isafw = "mickledore" diff --git a/meta-security/meta-tpm/conf/layer.conf b/meta-security/meta-tpm/conf/layer.conf index 0dd19b65a8..81690ca4c5 100644 --- a/meta-security/meta-tpm/conf/layer.conf +++ b/meta-security/meta-tpm/conf/layer.conf @@ -8,7 +8,7 @@ BBFILE_COLLECTIONS += "tpm-layer" BBFILE_PATTERN_tpm-layer = "^${LAYERDIR}/" BBFILE_PRIORITY_tpm-layer = "10" -LAYERSERIES_COMPAT_tpm-layer = "langdale mickledore" +LAYERSERIES_COMPAT_tpm-layer = "mickledore" LAYERDEPENDS_tpm-layer = " \ core \ diff --git a/meta-security/recipes-security/bubblewrap/bubblewrap_0.7.0.bb b/meta-security/recipes-security/bubblewrap/bubblewrap_0.7.0.bb deleted file mode 100644 index a48b012520..0000000000 --- a/meta-security/recipes-security/bubblewrap/bubblewrap_0.7.0.bb +++ /dev/null @@ -1,22 +0,0 @@ -DESCRIPTION = "Unprivileged sandboxing tool" -HOMEPAGE = "https://github.com/containers/bubblewrap" -LICENSE = "LGPL-2.0-or-later" -LIC_FILES_CHKSUM = "file://COPYING;md5=5f30f0716dfdd0d91eb439ebec522ec2" - -DEPENDS = "libcap" - -SRC_URI = "https://github.com/containers/${BPN}/releases/download/v${PV}/${BP}.tar.xz" -SRC_URI[sha256sum] = "764ab7100bd037ea53d440d362e099d7a425966bc62d1f00ab26b8fbb882a9dc" - -inherit autotools bash-completion github-releases manpages pkgconfig - -GITHUB_BASE_URI = "https://github.com/containers/${BPN}/releases/" - -PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)}" -PACKAGECONFIG[manpages] = "--enable-man,--disable-man,libxslt-native docbook-xsl-stylesheets-native xmlto-native" -PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux" -PACKAGECONFIG[setuid] = "--with-priv-mode=setuid,--with-priv-mode=none" - -PACKAGES += "${PN}-zsh-completion" - -FILES:${PN}-zsh-completion = "${datadir}/zsh/site-functions" |