diff options
Diffstat (limited to 'meta-security')
37 files changed, 95 insertions, 237 deletions
diff --git a/meta-security/kas/kas-security-base.yml b/meta-security/kas/kas-security-base.yml index 3bf46dbf01..30448ad9f4 100644 --- a/meta-security/kas/kas-security-base.yml +++ b/meta-security/kas/kas-security-base.yml @@ -14,7 +14,7 @@ repos: poky: url: https://git.yoctoproject.org/git/poky - refspec: master + refspec: honister layers: meta: meta-poky: @@ -22,7 +22,7 @@ repos: meta-openembedded: url: http://git.openembedded.org/meta-openembedded - refspec: master + refspec: honister layers: meta-oe: meta-perl: diff --git a/meta-security/meta-security-compliance/recipes-openscap/oe-scap/oe-scap_1.0.bb b/meta-security/meta-security-compliance/recipes-openscap/oe-scap/oe-scap_1.0.bb index 0fef23397a..7e9f214126 100644 --- a/meta-security/meta-security-compliance/recipes-openscap/oe-scap/oe-scap_1.0.bb +++ b/meta-security/meta-security-compliance/recipes-openscap/oe-scap/oe-scap_1.0.bb @@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://README.md;md5=46dec9f167b6e05986cb4023df6d92f4" LICENSE = "MIT" SRCREV = "7147871d7f37d408c0dd7720ef0fd3ec1b54ad98" -SRC_URI = "git://github.com/akuster/oe-scap.git" +SRC_URI = "git://github.com/akuster/oe-scap.git;branch=master;protocol=https" SRC_URI += " \ file://run_cve.sh \ file://run_test.sh \ diff --git a/meta-security/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb b/meta-security/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb index f109566212..549a8889a1 100644 --- a/meta-security/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb +++ b/meta-security/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb @@ -9,7 +9,7 @@ LICENSE = "LGPL-2.1" DEPENDS = "python3-dbus" SRCREV = "f25b16afb6ac761fea13132ff406fba4cdfd2b76" -SRC_URI = "git://github.com/OpenSCAP/openscap-daemon.git \ +SRC_URI = "git://github.com/OpenSCAP/openscap-daemon.git;branch=master;protocol=https \ file://0001-Renamed-module-and-variables-to-get-rid-of-async.patch \ " diff --git a/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.3.bb b/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.3.bb index 51fa9ee2ac..192b00860f 100644 --- a/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.3.bb +++ b/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.3.bb @@ -3,7 +3,7 @@ SUMARRY = "NIST Certified SCAP 1.2 toolkit" require openscap.inc SRCREV = "0cb55c55af6be9934d6fd0caf4563b206f289732" -SRC_URI = "git://github.com/OpenSCAP/openscap.git;branch=maint-1.3 \ +SRC_URI = "git://github.com/OpenSCAP/openscap.git;branch=maint-1.3;protocol=https \ " DEFAULT_PREFERENCE = "-1" diff --git a/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb b/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb index 73a4729bfe..a18cbd1f6e 100644 --- a/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb +++ b/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb @@ -6,7 +6,7 @@ SUMARRY = "NIST Certified SCAP 1.2 toolkit with OE changes" include openscap.inc SRCREV = "a85943eee400fdbe59234d1c4a02d8cf710c4625" -SRC_URI = "git://github.com/akuster/openscap.git;branch=oe-1.3 \ +SRC_URI = "git://github.com/akuster/openscap.git;branch=oe-1.3;protocol=https \ " PV = "1.3.3+git${SRCPV}" diff --git a/meta-security/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_0.1.44.bb b/meta-security/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_0.1.44.bb index d80ecd7edb..ecf136d1ba 100644 --- a/meta-security/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_0.1.44.bb +++ b/meta-security/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_0.1.44.bb @@ -1,7 +1,7 @@ SUMARRY = "SCAP content for various platforms, upstream version" SRCREV = "8cb2d0f351faff5440742258782281164953b0a6" -SRC_URI = "git://github.com/ComplianceAsCode/content.git" +SRC_URI = "git://github.com/ComplianceAsCode/content.git;branch=master;protocol=https" DEFAULT_PREFERENCE = "-1" diff --git a/meta-security/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb b/meta-security/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb index 0617c56e72..ddde5ccee3 100644 --- a/meta-security/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb +++ b/meta-security/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb @@ -1,7 +1,7 @@ SUMARRY = "SCAP content for various platforms, OE changes" SRCREV = "5fdfdcb2e95afbd86ace555beca5d20cbf1043ed" -SRC_URI = "git://github.com/akuster/scap-security-guide.git;branch=oe-0.1.44; \ +SRC_URI = "git://github.com/akuster/scap-security-guide.git;branch=oe-0.1.44;;protocol=https \ file://0001-Fix-XML-parsing-of-the-remediation-functions-file.patch \ file://0002-Fixed-the-broken-fix-when-greedy-regex-ate-the-whole.patch \ file://0001-fix-deprecated-instance-of-element.getchildren.patch \ diff --git a/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.7.bb b/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.7.bb index 95ba5c59cd..8fe62cf25d 100644 --- a/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.7.bb +++ b/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.7.bb @@ -3,7 +3,7 @@ LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=e73f0786a936da3814896df06ad225a9" SRCREV = "f6dd8f55eab4910131ec6a6a570dcd7951bd10e4" -SRC_URI = "git://github.com/stefanberger/libtpms.git;branch=stable-0.8" +SRC_URI = "git://github.com/stefanberger/libtpms.git;branch=stable-0.8;protocol=https" PE = "1" diff --git a/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb b/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb index 9ad8967f58..687ddac559 100644 --- a/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb +++ b/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=11f0ee3af475c85b907426e285c9bb52" DEPENDS += "openssl trousers" SRC_URI = "\ - git://github.com/mgerstner/openssl_tpm_engine.git \ + git://github.com/mgerstner/openssl_tpm_engine.git;branch=master;protocol=https \ file://0001-create-tpm-key-support-well-known-key-option.patch \ file://0002-libtpm-support-env-TPM_SRK_PW.patch \ file://0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch \ diff --git a/meta-security/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb b/meta-security/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb index f8347b7f15..77f65aefd6 100644 --- a/meta-security/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb +++ b/meta-security/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb @@ -9,7 +9,7 @@ DEPENDS = "libtspi" PV = "0.1+git${SRCPV}" SRCREV = "c02ad8f628b3d99f6d4c087b402fe31a40ee6316" -SRC_URI = "git://github.com/flihp/pcr-extend.git \ +SRC_URI = "git://github.com/flihp/pcr-extend.git;branch=master;protocol=https \ file://fix_openssl11_build.patch " inherit autotools diff --git a/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb b/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb index 644f3ac136..bb93374fa2 100644 --- a/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb +++ b/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb @@ -1,6 +1,6 @@ SUMMARY = "SWTPM - OpenEmbedded wrapper scripts for native swtpm tools" LICENSE = "MIT" -DEPENDS = "swtpm-native tpm-tools-native net-tools-native" +DEPENDS = "swtpm-native" inherit native @@ -14,23 +14,19 @@ do_create_wrapper () { for i in `find ${bindir} ${base_bindir} ${sbindir} ${base_sbindir} -name 'swtpm*' -perm /+x -type f`; do exe=`basename $i` case $exe in - swtpm_setup.sh) + swtpm_setup) cat >${WORKDIR}/swtpm_setup_oe.sh <<EOF #! /bin/sh # -# Wrapper around swtpm_setup.sh which adds parameters required to +# Wrapper around swtpm_setup which adds parameters required to # run the setup as non-root directly from the native sysroot. PATH="${bindir}:${base_bindir}:${sbindir}:${base_sbindir}:\$PATH" export PATH -# tcsd only allows to be run as root or tss. Pretend to be root... -exec env ${FAKEROOTENV} ${FAKEROOTCMD} swtpm_setup.sh --config ${STAGING_DIR_NATIVE}/etc/swtpm_setup.conf "\$@" +exec swtpm_setup --config ${STAGING_DIR_NATIVE}/etc/swtpm_setup.conf "\$@" EOF ;; - swtpm_setup) - true - ;; *) cat >${WORKDIR}/${exe}_oe.sh <<EOF #! /bin/sh diff --git a/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb b/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb index 912e939a16..63734b9b36 100644 --- a/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb +++ b/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb @@ -3,14 +3,11 @@ LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=fe8092c832b71ef20dfe4c6d3decb3a8" SECTION = "apps" -DEPENDS = "libtasn1 coreutils-native expect socat glib-2.0 net-tools-native libtpm libtpm-native" +# expect-native, socat-native, coreutils-native and net-tools-native are reportedly only required for the tests +DEPENDS = "libtasn1 coreutils-native expect-native socat-native glib-2.0 net-tools-native libtpm json-glib" -# configure checks for the tools already during compilation and -# then swtpm_setup needs them at runtime -DEPENDS:append = " tpm-tools-native expect-native socat-native python3-pip-native python3-cryptography-native" - -SRCREV = "e59c0c1a7b4c8d652dbb280fd6126895a7057464" -SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.5 \ +SRCREV = "98187d24fe14851653a7c46eb16e9c5f0b9beaa1" +SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.6;protocol=https \ file://ioctl_h.patch \ file://oe_configure.patch \ " @@ -19,7 +16,7 @@ PE = "1" S = "${WORKDIR}/git" PARALLEL_MAKE = "" -inherit autotools pkgconfig python3native +inherit autotools pkgconfig perlnative TSS_USER="tss" TSS_GROUP="tss" @@ -28,7 +25,10 @@ PACKAGECONFIG ?= "openssl" PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}" PACKAGECONFIG += "${@bb.utils.contains('BBFILE_COLLECTIONS', 'filesystems-layer', 'cuse', '', d)}" PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl" -PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls" +# expect, bash, tpm2-pkcs11-tools (tpm2_ptool), tpmtool and certtool is +# used by swtpm-create-tpmca (the last two is provided by gnutls) +# gnutls is required by: swtpm-create-tpmca, swtpm-localca and swtpm_cert +PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls, gnutls, expect bash tpm2-pkcs11-tools" PACKAGECONFIG[selinux] = "--with-selinux, --without-selinux, libselinux" PACKAGECONFIG[cuse] = "--with-cuse, --without-cuse, fuse" PACKAGECONFIG[seccomp] = "--with-seccomp, --without-seccomp, libseccomp" @@ -41,14 +41,11 @@ USERADD_PARAM:${PN} = "--system -g ${TSS_GROUP} --home-dir \ --no-create-home --shell /bin/false ${BPN}" -PACKAGES =+ "${PN}-python" -FILES:${PN}-python = "${PYTHON_SITEPACKAGES_DIR}" - PACKAGE_BEFORE_PN = "${PN}-cuse" FILES:${PN}-cuse = "${bindir}/swtpm_cuse" INSANE_SKIP:${PN} += "dev-so" -RDEPENDS:${PN} = "libtpm expect socat bash tpm-tools python3 python3-cryptography python3-twisted" +RDEPENDS:${PN} = "libtpm" BBCLASSEXTEND = "native nativesdk" diff --git a/meta-security/meta-tpm/recipes-tpm/tpm-quote-tools/tpm-quote-tools_1.0.4.bb b/meta-security/meta-tpm/recipes-tpm/tpm-quote-tools/tpm-quote-tools_1.0.4.bb index 53cf8ff116..4672bba518 100644 --- a/meta-security/meta-tpm/recipes-tpm/tpm-quote-tools/tpm-quote-tools_1.0.4.bb +++ b/meta-security/meta-tpm/recipes-tpm/tpm-quote-tools/tpm-quote-tools_1.0.4.bb @@ -15,7 +15,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=8ec30b01163d242ecf07d9cd84e3611f" DEPENDS = "libtspi tpm-tools" -SRC_URI = "git://git.code.sf.net/p/tpmquotetools/tpm-quote-tools" +SRC_URI = "git://git.code.sf.net/p/tpmquotetools/tpm-quote-tools;branch=master" SRCREV = "4511874d5c9b4504bb96e94f8a14bd6c39a36295" S = "${WORKDIR}/git" diff --git a/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb b/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb index dbe1647d25..3b3da4fa03 100644 --- a/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb +++ b/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb @@ -14,7 +14,7 @@ DEPENDS:class-native = "trousers-native" SRCREV = "bf43837575c5f7d31865562dce7778eae970052e" SRC_URI = " \ - git://git.code.sf.net/p/trousers/tpm-tools \ + git://git.code.sf.net/p/trousers/tpm-tools;branch=master \ file://tpm-tools-extendpcr.patch \ file://04-fix-FTBFS-clang.patch \ file://openssl1.1_fix.patch \ diff --git a/meta-security/meta-tpm/recipes-tpm/trousers/trousers_git.bb b/meta-security/meta-tpm/recipes-tpm/trousers/trousers_git.bb index 5e03b710e9..192c66c9f4 100644 --- a/meta-security/meta-tpm/recipes-tpm/trousers/trousers_git.bb +++ b/meta-security/meta-tpm/recipes-tpm/trousers/trousers_git.bb @@ -10,7 +10,7 @@ SRCREV = "94144b0a1dcef6e31845d6c319e9bd7357208eb9" PV = "0.3.15+git${SRCPV}" SRC_URI = " \ - git://git.code.sf.net/p/trousers/trousers \ + git://git.code.sf.net/p/trousers/trousers;branch=master \ file://trousers.init.sh \ file://trousers-udev.rules \ file://tcsd.service \ diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb index b80ef79732..18181712cd 100644 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb @@ -13,7 +13,7 @@ DEPENDS = "autoconf-archive dbus glib-2.0 tpm2-tss glib-2.0-native \ libtss2 libtss2-mu libtss2-tcti-device libtss2-tcti-mssim" SRC_URI = "\ - git://github.com/tpm2-software/tpm2-abrmd.git \ + git://github.com/tpm2-software/tpm2-abrmd.git;branch=master;protocol=https \ file://tpm2-abrmd-init.sh \ file://tpm2-abrmd.default \ " diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.6.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.6.0.bb index fdeda269e1..ef0c642f9d 100644 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.6.0.bb +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.6.0.bb @@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=0fc19f620a102768d6dbd1e7166e78ab" DEPENDS = "autoconf-archive pkgconfig dstat sqlite3 openssl libtss2-dev tpm2-tools libyaml p11-kit python3-setuptools-native" -SRC_URI = "git://github.com/tpm2-software/tpm2-pkcs11.git;branch=master \ +SRC_URI = "git://github.com/tpm2-software/tpm2-pkcs11.git;branch=master;protocol=https \ file://bootstrap_fixup.patch \ file://0001-remove-local-binary-checkes.patch \ file://677.patch \ diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb index 47113d25aa..2bf1eed0c9 100644 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb @@ -4,7 +4,7 @@ LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da" DEPENDS = "libtss2-dev libtss2-mu-dev gnu-efi-native gnu-efi pkgconfig autoconf-archive-native" -SRC_URI = "git://github.com/tpm2-software/tpm2-tcti-uefi.git \ +SRC_URI = "git://github.com/tpm2-software/tpm2-tcti-uefi.git;branch=master;protocol=https \ file://configure_oe_fixup.patch \ file://0001-configure.ac-stop-inserting-host-directories-into-co.patch \ file://fix_header_file.patch \ diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb index dfebc072d3..d324e33805 100644 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb @@ -10,7 +10,7 @@ DEPENDS = "autoconf-archive libtss2-dev qrencode" PE = "1" SRCREV = "96a1448753a48974149003bc90ea3990ae8e8d0b" -SRC_URI = "git://github.com/tpm2-software/tpm2-totp.git" +SRC_URI = "git://github.com/tpm2-software/tpm2-totp.git;branch=master;protocol=https" inherit autotools-brokensep pkgconfig diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb index 3069b1f19a..4d1f425d8e 100644 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb @@ -9,7 +9,7 @@ SECTION = "security/tpm" DEPENDS = "autoconf-archive-native bash-completion libtss2 libgcrypt openssl" SRCREV = "6f387a4efe2049f1b4833e8f621c77231bc1eef4" -SRC_URI = "git://github.com/tpm2-software/tpm2-tss-engine.git;branch=v1.1.x" +SRC_URI = "git://github.com/tpm2-software/tpm2-tss-engine.git;branch=v1.1.x;protocol=https" inherit autotools-brokensep pkgconfig systemd diff --git a/meta-security/recipes-ids/crowdsec/crowdsec_1.1.1.bb b/meta-security/recipes-ids/crowdsec/crowdsec_1.1.1.bb index 887c75df87..81f2b8fe84 100644 --- a/meta-security/recipes-ids/crowdsec/crowdsec_1.1.1.bb +++ b/meta-security/recipes-ids/crowdsec/crowdsec_1.1.1.bb @@ -3,7 +3,7 @@ SUMMARY = "CrowdSec is a free, modern & collaborative behavior detection engine, LICENSE = "MIT" LIC_FILES_CHKSUM = "file://src/import/LICENSE;md5=105e75b680b2ab82fa5718661b41f3bf" -SRC_URI = "git://github.com/crowdsecurity/crowdsec.git;branch=master" +SRC_URI = "git://github.com/crowdsecurity/crowdsec.git;branch=master;protocol=https" SRCREV = "73e0bbaf93070f4a640eb5a22212b5dcf26699de" DEPENDS = "jq-native" diff --git a/meta-security/recipes-ids/ossec/ossec-hids_3.6.0.bb b/meta-security/recipes-ids/ossec/ossec-hids_3.6.0.bb index 309ca52340..853facf38e 100644 --- a/meta-security/recipes-ids/ossec/ossec-hids_3.6.0.bb +++ b/meta-security/recipes-ids/ossec/ossec-hids_3.6.0.bb @@ -4,7 +4,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=d625d1520b5e38faefb81cf9772badc9" DEPENDS = "openssl libpcre2 zlib libevent" -SRC_URI = "git://github.com/ossec/ossec-hids;branch=master \ +SRC_URI = "git://github.com/ossec/ossec-hids;branch=master;protocol=https \ file://0001-Makefile-drop-running-scrips-install.patch \ file://0002-Makefile-don-t-set-uid-gid.patch \ " diff --git a/meta-security/recipes-ids/tripwire/tripwire_2.4.3.7.bb b/meta-security/recipes-ids/tripwire/tripwire_2.4.3.7.bb index 3a9bc1de27..93cb4431b2 100644 --- a/meta-security/recipes-ids/tripwire/tripwire_2.4.3.7.bb +++ b/meta-security/recipes-ids/tripwire/tripwire_2.4.3.7.bb @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=1c069be8dbbe48e89b580ab4ed86c127" SRCREV = "6e64a9e5b70a909ec439bc5a099e3fcf38c614b0" SRC_URI = "\ - git://github.com/Tripwire/tripwire-open-source.git \ + git://github.com/Tripwire/tripwire-open-source.git;branch=master;protocol=https \ file://tripwire.cron \ file://tripwire.sh \ file://tripwire.txt \ diff --git a/meta-security/recipes-mac/smack/smack_1.3.1.bb b/meta-security/recipes-mac/smack/smack_1.3.1.bb index 6c2f041084..79a8f5a0cd 100644 --- a/meta-security/recipes-mac/smack/smack_1.3.1.bb +++ b/meta-security/recipes-mac/smack/smack_1.3.1.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" SRCREV = "4a102c7584b39ce693995ffb65e0918a9df98dd8" SRC_URI = " \ - git://github.com/smack-team/smack.git \ + git://github.com/smack-team/smack.git;branch=master;protocol=https \ file://smack_generator_make_fixup.patch \ file://run-ptest" diff --git a/meta-security/recipes-scanners/checksec/checksec_2.4.0.bb b/meta-security/recipes-scanners/checksec/checksec_2.4.0.bb index 12c9bce307..9a6e44a27c 100644 --- a/meta-security/recipes-scanners/checksec/checksec_2.4.0.bb +++ b/meta-security/recipes-scanners/checksec/checksec_2.4.0.bb @@ -7,7 +7,7 @@ HOMEPAGE="https://github.com/slimm609/checksec.sh" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=8d90285f711cf1f378e2c024457066d8" SRCREV = "c3754e45e04f9104db93b2048afd094427102d48" -SRC_URI = "git://github.com/slimm609/checksec.sh" +SRC_URI = "git://github.com/slimm609/checksec.sh;branch=master;protocol=https" S = "${WORKDIR}/git" diff --git a/meta-security/recipes-scanners/clamav/clamav_0.104.0.bb b/meta-security/recipes-scanners/clamav/clamav_0.104.0.bb index 25123dce03..e59f5fff9b 100644 --- a/meta-security/recipes-scanners/clamav/clamav_0.104.0.bb +++ b/meta-security/recipes-scanners/clamav/clamav_0.104.0.bb @@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING.txt;beginline=2;endline=3;md5=f7029fbbc5898b2 # July 27th SRCREV = "c389dfa4c3af92b006ada4f7595bbc3e6df3f356" -SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=rel/0.104 \ +SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=rel/0.104;protocol=https \ file://clamd.conf \ file://freshclam.conf \ file://volatiles.03_clamav \ diff --git a/meta-security/recipes-security/chipsec/chipsec_git.bb b/meta-security/recipes-security/chipsec/chipsec_git.bb new file mode 100644 index 0000000000..e265a082ed --- /dev/null +++ b/meta-security/recipes-security/chipsec/chipsec_git.bb @@ -0,0 +1,35 @@ +SUMMARY = "CHIPSEC: Platform Security Assessment Framework" + +DESCRIPTION = "CHIPSEC is a framework for analyzing the security \ + of PC platforms including hardware, system firmware \ + (BIOS/UEFI), and platform components." + +LICENSE = "GPLv2" +LIC_FILES_CHKSUM = "file://COPYING;md5=bc2d1f9b427be5fb63f6af9da56f7c5d" + +SRC_URI = "git://github.com/chipsec/chipsec.git;branch=master;protocol=https \ + " + +SRCREV = "b2a61684826dc8b9f622a844a40efea579cd7e7d" + +COMPATIBLE_HOST = "(i.86|x86_64).*-linux" + +S = "${WORKDIR}/git" +EXTRA_OEMAKE = "CC='${CC}' LDFLAGS='${LDFLAGS}' CFLAGS='${CFLAGS}'" + +DEPENDS = "virtual/kernel nasm-native python3-setuptools-native" +RDEPENDS:${PN} += "python3 python3-modules" + +inherit module distutils3 + +do_compile:append() { + cd ${S}/drivers/linux + oe_runmake KSRC=${STAGING_KERNEL_BUILDDIR} +} + +do_install:append() { + install -m 0644 ${S}/drivers/linux/chipsec.ko ${D}${PYTHON_SITEPACKAGES_DIR}/chipsec/helper/linux +} + +FILES:${PN} += "${exec_prefix} \ +" diff --git a/meta-security/recipes-security/fail2ban/files/fail2ban_setup.py b/meta-security/recipes-security/fail2ban/files/fail2ban_setup.py deleted file mode 100755 index e23194986f..0000000000 --- a/meta-security/recipes-security/fail2ban/files/fail2ban_setup.py +++ /dev/null @@ -1,174 +0,0 @@ -# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*- -# vi: set ft=python sts=4 ts=4 sw=4 noet : - -# This file is part of Fail2Ban. -# -# Fail2Ban is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# Fail2Ban is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - -__author__ = "Cyril Jaquier, Steven Hiscocks, Yaroslav Halchenko" -__copyright__ = "Copyright (c) 2004 Cyril Jaquier, 2008-2016 Fail2Ban Contributors" -__license__ = "GPL" - -import platform - -try: - import setuptools - from setuptools import setup - from setuptools.command.install import install - from setuptools.command.install_scripts import install_scripts -except ImportError: - setuptools = None - from distutils.core import setup - -# all versions -from distutils.command.build_py import build_py -from distutils.command.build_scripts import build_scripts -if setuptools is None: - from distutils.command.install import install - from distutils.command.install_scripts import install_scripts -try: - # python 3.x - from distutils.command.build_py import build_py_2to3 - from distutils.command.build_scripts import build_scripts_2to3 - _2to3 = True -except ImportError: - # python 2.x - _2to3 = False - -import os -from os.path import isfile, join, isdir, realpath -import sys -import warnings -from glob import glob - -from fail2ban.setup import updatePyExec - -if setuptools and "test" in sys.argv: - import logging - logSys = logging.getLogger("fail2ban") - hdlr = logging.StreamHandler(sys.stdout) - fmt = logging.Formatter("%(asctime)-15s %(message)s") - hdlr.setFormatter(fmt) - logSys.addHandler(hdlr) - if set(["-q", "--quiet"]) & set(sys.argv): - logSys.setLevel(logging.CRITICAL) - warnings.simplefilter("ignore") - sys.warnoptions.append("ignore") - elif set(["-v", "--verbose"]) & set(sys.argv): - logSys.setLevel(logging.DEBUG) - else: - logSys.setLevel(logging.INFO) -elif "test" in sys.argv: - print("python distribute required to execute fail2ban tests") - print("") - -longdesc = ''' -Fail2Ban scans log files like /var/log/pwdfail or -/var/log/apache/error_log and bans IP that makes -too many password failures. It updates firewall rules -to reject the IP address or executes user defined -commands.''' - -if setuptools: - setup_extra = { - 'test_suite': "fail2ban.tests.utils.gatherTests", - 'use_2to3': True, - } -else: - setup_extra = {} - -data_files_extra = [] - -# Installing documentation files only under Linux or other GNU/ systems -# (e.g. GNU/kFreeBSD), since others might have protective mechanisms forbidding -# installation there (see e.g. #1233) -platform_system = platform.system().lower() -doc_files = ['README.md', 'DEVELOP', 'FILTERS', 'doc/run-rootless.txt'] -if platform_system in ('solaris', 'sunos'): - doc_files.append('README.Solaris') -if platform_system in ('linux', 'solaris', 'sunos') or platform_system.startswith('gnu'): - data_files_extra.append( - ('/usr/share/doc/fail2ban', doc_files) - ) - -# Get version number, avoiding importing fail2ban. -# This is due to tests not functioning for python3 as 2to3 takes place later -exec(open(join("fail2ban", "version.py")).read()) - -setup( - name = "fail2ban", - version = version, - description = "Ban IPs that make too many password failures", - long_description = longdesc, - author = "Cyril Jaquier & Fail2Ban Contributors", - author_email = "cyril.jaquier@fail2ban.org", - url = "http://www.fail2ban.org", - license = "GPL", - platforms = "Posix", - cmdclass = { - 'build_py': build_py, 'build_scripts': build_scripts, - }, - scripts = [ - 'bin/fail2ban-client', - 'bin/fail2ban-server', - 'bin/fail2ban-regex', - 'bin/fail2ban-testcases', - # 'bin/fail2ban-python', -- link (binary), will be installed via install_scripts_f2b wrapper - ], - packages = [ - 'fail2ban', - 'fail2ban.client', - 'fail2ban.server', - 'fail2ban.tests', - 'fail2ban.tests.action_d', - ], - package_data = { - 'fail2ban.tests': - [ join(w[0], f).replace("fail2ban/tests/", "", 1) - for w in os.walk('fail2ban/tests/files') - for f in w[2]] + - [ join(w[0], f).replace("fail2ban/tests/", "", 1) - for w in os.walk('fail2ban/tests/config') - for f in w[2]] + - [ join(w[0], f).replace("fail2ban/tests/", "", 1) - for w in os.walk('fail2ban/tests/action_d') - for f in w[2]] - }, - data_files = [ - ('/etc/fail2ban', - glob("config/*.conf") - ), - ('/etc/fail2ban/filter.d', - glob("config/filter.d/*.conf") - ), - ('/etc/fail2ban/filter.d/ignorecommands', - [p for p in glob("config/filter.d/ignorecommands/*") if isfile(p)] - ), - ('/etc/fail2ban/action.d', - glob("config/action.d/*.conf") + - glob("config/action.d/*.py") - ), - ('/etc/fail2ban/fail2ban.d', - '' - ), - ('/etc/fail2ban/jail.d', - '' - ), - ('/var/lib/fail2ban', - '' - ), - ] + data_files_extra, - **setup_extra -) diff --git a/meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb b/meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb index ed75a0e7dd..fcf044a562 100644 --- a/meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb +++ b/meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb @@ -9,10 +9,9 @@ HOMEPAGE = "http://www.fail2ban.org" LICENSE = "GPL-2.0" LIC_FILES_CHKSUM = "file://COPYING;md5=ecabc31e90311da843753ba772885d9f" -SRCREV ="eea1881b734b73599a21df2bfbe58b11f78d0a46" -SRC_URI = " git://github.com/fail2ban/fail2ban.git;branch=0.11 \ +SRCREV ="d6b884f3b72b8a42b21da863836569ef6836c2ea" +SRC_URI = " git://github.com/fail2ban/fail2ban.git;branch=0.11;protocol=https \ file://initd \ - file://fail2ban_setup.py \ file://run-ptest \ " @@ -20,13 +19,13 @@ inherit update-rc.d ptest setuptools3 S = "${WORKDIR}/git" -do_compile:prepend () { - cp ${WORKDIR}/fail2ban_setup.py ${S}/setup.py +do_compile () { cd ${S} ./fail2ban-2to3 } do_install:append () { + rm -f ${D}/${bindir}/fail2ban-python install -d ${D}/${sysconfdir}/fail2ban install -d ${D}/${sysconfdir}/init.d install -m 0755 ${WORKDIR}/initd ${D}${sysconfdir}/init.d/fail2ban-server @@ -38,6 +37,7 @@ do_install_ptest:append () { install -d ${D}${PTEST_PATH}/bin sed -i -e 's/##PYTHON##/${PYTHON_PN}/g' ${D}${PTEST_PATH}/run-ptest install -D ${S}/bin/* ${D}${PTEST_PATH}/bin + rm -f ${D}${PTEST_PATH}/bin/fail2ban-python } FILES:${PN} += "/run" diff --git a/meta-security/recipes-security/fscrypt/fscrypt_1.0.0.bb b/meta-security/recipes-security/fscrypt/fscrypt_1.0.0.bb index a70d310a5b..66bf429a46 100644 --- a/meta-security/recipes-security/fscrypt/fscrypt_1.0.0.bb +++ b/meta-security/recipes-security/fscrypt/fscrypt_1.0.0.bb @@ -14,7 +14,7 @@ BBCLASSEXTEND = "native nativesdk" DEPENDS += "go-dep-native libpam" SRCREV = "92b1e9a8670ccd3916a7d24a06cab1e4c9815bc4" -SRC_URI = "git://github.com/google/fscrypt.git" +SRC_URI = "git://github.com/google/fscrypt.git;branch=master;protocol=https" GO_IMPORT = "import" S = "${WORKDIR}/git" diff --git a/meta-security/recipes-security/fscryptctl/fscryptctl_1.0.0.bb b/meta-security/recipes-security/fscryptctl/fscryptctl_1.0.0.bb index 26f549b6c0..d319e48dbe 100644 --- a/meta-security/recipes-security/fscryptctl/fscryptctl_1.0.0.bb +++ b/meta-security/recipes-security/fscryptctl/fscryptctl_1.0.0.bb @@ -10,7 +10,7 @@ LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" SRCREV = "56b898c896240328adef7407090215abbe9ee03d" -SRC_URI = "git://github.com/google/fscryptctl.git" +SRC_URI = "git://github.com/google/fscryptctl.git;branch=master;protocol=https" S = "${WORKDIR}/git" diff --git a/meta-security/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.08.bb b/meta-security/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.08.bb index 4ab8374854..e8ddf291e6 100644 --- a/meta-security/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.08.bb +++ b/meta-security/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.08.bb @@ -3,7 +3,7 @@ HOME_PAGE = "https://github.com/google/google-authenticator-libpam" LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" LICENSE = "Apache-2.0" -SRC_URI = "git://github.com/google/google-authenticator-libpam.git" +SRC_URI = "git://github.com/google/google-authenticator-libpam.git;branch=master;protocol=https" SRCREV = "2c7415d950fb0b4a7f779f045910666447b100ef" DEPENDS = "libpam" diff --git a/meta-security/recipes-security/libest/libest_3.2.0.bb b/meta-security/recipes-security/libest/libest_3.2.0.bb index fda2df4c99..31fbe3c158 100644 --- a/meta-security/recipes-security/libest/libest_3.2.0.bb +++ b/meta-security/recipes-security/libest/libest_3.2.0.bb @@ -6,7 +6,7 @@ LICENSE = "OpenSSL" LIC_FILES_CHKSUM = "file://LICENSE;md5=ecb78acde8e3b795de8ef6b61aed5885" SRCREV = "4ca02c6d7540f2b1bcea278a4fbe373daac7103b" -SRC_URI = "git://github.com/cisco/libest;branch=main" +SRC_URI = "git://github.com/cisco/libest;branch=main;protocol=https" DEPENDS = "openssl" diff --git a/meta-security/recipes-security/libmspack/libmspack_1.9.1.bb b/meta-security/recipes-security/libmspack/libmspack_1.9.1.bb index 8c288beebc..65db10f976 100644 --- a/meta-security/recipes-security/libmspack/libmspack_1.9.1.bb +++ b/meta-security/recipes-security/libmspack/libmspack_1.9.1.bb @@ -7,7 +7,7 @@ DEPENDS = "" LIC_FILES_CHKSUM = "file://COPYING.LIB;beginline=1;endline=2;md5=5b1fd1f66ef926b3c8a5bb00a72a28dd" SRCREV = "63d3faf90423a4a6c174539a7d32111a840adadc" -SRC_URI = "git://github.com/kyz/libmspack.git" +SRC_URI = "git://github.com/kyz/libmspack.git;branch=master;protocol=https" inherit autotools diff --git a/meta-security/recipes-security/ncrack/ncrack_0.7.bb b/meta-security/recipes-security/ncrack/ncrack_0.7.bb index 8b221e53c1..f151e4e139 100644 --- a/meta-security/recipes-security/ncrack/ncrack_0.7.bb +++ b/meta-security/recipes-security/ncrack/ncrack_0.7.bb @@ -7,7 +7,7 @@ LICENSE = "GPL-2.0" LIC_FILES_CHKSUM = "file://COPYING;beginline=7;endline=12;md5=66938a7e5b4c118eda78271de14874c2" SRCREV = "dc570e7e3cec1fb176c0168eaedc723084bd0426" -SRC_URI = "git://github.com/nmap/ncrack.git" +SRC_URI = "git://github.com/nmap/ncrack.git;branch=master;protocol=https" DEPENDS = "openssl zlib" diff --git a/meta-security/recipes-security/nikto/nikto_2.1.6.bb b/meta-security/recipes-security/nikto/nikto_2.1.6.bb index 242f3acc57..8542d69216 100644 --- a/meta-security/recipes-security/nikto/nikto_2.1.6.bb +++ b/meta-security/recipes-security/nikto/nikto_2.1.6.bb @@ -7,7 +7,7 @@ LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6" SRCREV = "f1bbd1a8756c076c8fd4f4dd0bc34a8ef215ae79" -SRC_URI = "git://github.com/sullo/nikto.git \ +SRC_URI = "git://github.com/sullo/nikto.git;branch=master;protocol=https \ file://location.patch" S = "${WORKDIR}/git/program" diff --git a/meta-security/recipes-security/sssd/sssd_2.5.2.bb b/meta-security/recipes-security/sssd/sssd_2.5.2.bb index 76d6e03e9b..ed8af5ea3b 100644 --- a/meta-security/recipes-security/sssd/sssd_2.5.2.bb +++ b/meta-security/recipes-security/sssd/sssd_2.5.2.bb @@ -125,10 +125,14 @@ SYSTEMD_SERVICE:${PN} = " \ " SYSTEMD_AUTO_ENABLE = "disable" -FILES:${PN} += "${libdir} ${datadir} ${base_libdir}/security/pam_sss*.so" -FILES:${PN}-dev = " ${includedir}/* ${libdir}/*la ${libdir}/*/*la" +PACKAGES =+ "libsss-sudo" +ALLOW_EMPTY:libsss-sudo = "1" -# The package contains symlinks that trip up insane -INSANE_SKIP:${PN} = "dev-so" +FILES:${PN} += "${base_libdir}/security/pam_sss*.so \ + ${datadir}/dbus-1/system-services/*.service \ + ${libdir}/krb5/* \ + ${libdir}/ldb/* \ + " +FILES:libsss-sudo = "${libdir}/libsss_sudo.so" -RDEPENDS:${PN} = "bind bind-utils dbus libldb libpam" +RDEPENDS:${PN} = "bind bind-utils dbus libldb libpam libsss-sudo" |