From 1a4b7ee28bf7413af6513fb45ad0d0736048f866 Mon Sep 17 00:00:00 2001 From: Brad Bishop Date: Sun, 16 Dec 2018 17:11:34 -0800 Subject: reset upstream subtrees to yocto 2.6 Reset the following subtrees on thud HEAD: poky: 87e3a9739d meta-openembedded: 6094ae18c8 meta-security: 31dc4e7532 meta-raspberrypi: a48743dc36 meta-xilinx: c42016e2e6 Also re-apply backports that didn't make it into thud: poky: 17726d0 systemd-systemctl-native: handle Install wildcards meta-openembedded: 4321a5d libtinyxml2: update to 7.0.1 042f0a3 libcereal: Add native and nativesdk classes e23284f libcereal: Allow empty package 030e8d4 rsyslog: curl-less build with fmhttp PACKAGECONFIG 179a1b9 gtest: update to 1.8.1 Squashed OpenBMC subtree compatibility updates: meta-aspeed: Brad Bishop (1): aspeed: add yocto 2.6 compatibility meta-ibm: Brad Bishop (1): ibm: prepare for yocto 2.6 meta-ingrasys: Brad Bishop (1): ingrasys: set layer compatibility to yocto 2.6 meta-openpower: Brad Bishop (1): openpower: set layer compatibility to yocto 2.6 meta-phosphor: Brad Bishop (3): phosphor: set layer compatibility to thud phosphor: libgpg-error: drop patches phosphor: react to fitimage artifact rename Ed Tanous (4): Dropbear: upgrade options for latest upgrade yocto2.6: update openssl options busybox: remove upstream watchdog patch systemd: Rebase CONFIG_CGROUP_BPF patch Change-Id: I7b1fe71cca880d0372a82d94b5fd785323e3a9e7 Signed-off-by: Brad Bishop --- .../meta-security-compliance/conf/layer.conf | 4 +- .../recipes-auditors/lynis/lynis_2.5.1.bb | 38 ---------- .../recipes-auditors/lynis/lynis_2.6.8.bb | 41 ++++++++++ .../recipes-core/os-release/os-release.bbappend | 3 - .../openscap-daemon/openscap-daemon_0.1.10.bb | 18 +++++ .../openscap-daemon/openscap-daemon_0.1.6.bb | 20 ----- .../recipes-openscap/openscap/openscap_1.2.15.bb | 86 --------------------- .../recipes-openscap/openscap/openscap_1.2.17.bb | 87 ++++++++++++++++++++++ 8 files changed, 148 insertions(+), 149 deletions(-) delete mode 100644 meta-security/meta-security-compliance/recipes-auditors/lynis/lynis_2.5.1.bb create mode 100644 meta-security/meta-security-compliance/recipes-auditors/lynis/lynis_2.6.8.bb create mode 100644 meta-security/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb delete mode 100644 meta-security/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.6.bb delete mode 100644 meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_1.2.15.bb create mode 100644 meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_1.2.17.bb (limited to 'meta-security/meta-security-compliance') diff --git a/meta-security/meta-security-compliance/conf/layer.conf b/meta-security/meta-security-compliance/conf/layer.conf index 31716d6e79..fcc5cd6cae 100644 --- a/meta-security/meta-security-compliance/conf/layer.conf +++ b/meta-security/meta-security-compliance/conf/layer.conf @@ -6,9 +6,9 @@ BBFILES += "${LAYERDIR}/recipes*/*/*.bb ${LAYERDIR}/recipes*/*/*.bbappend" BBFILE_COLLECTIONS += "scanners-layer" BBFILE_PATTERN_scanners-layer = "^${LAYERDIR}/" -BBFILE_PRIORITY_scanners-layer = "6" +BBFILE_PRIORITY_scanners-layer = "10" -LAYERSERIES_COMPAT_scanners-layer = "sumo" +LAYERSERIES_COMPAT_scanners-layer = "thud" LAYERDEPENDS_scanners-layer = " \ core \ diff --git a/meta-security/meta-security-compliance/recipes-auditors/lynis/lynis_2.5.1.bb b/meta-security/meta-security-compliance/recipes-auditors/lynis/lynis_2.5.1.bb deleted file mode 100644 index 884999c08e..0000000000 --- a/meta-security/meta-security-compliance/recipes-auditors/lynis/lynis_2.5.1.bb +++ /dev/null @@ -1,38 +0,0 @@ -# Copyright (C) 2017 Armin Kuster -# Released under the MIT license (see COPYING.MIT for the terms) - -SUMMARY = "Lynis is a free and open source security and auditing tool." -HOMEDIR = "https://cisofy.com/" -LICENSE = "GPL-3.0" -LIC_FILES_CHKSUM = "file://LICENSE;md5=3edd6782854304fd11da4975ab9799c1" - -SRCREV= "1be5154b35ce144db4f386856debe8a06b403899" -SRC_URI = "git://github.com/CISOfy/Lynis.git" -S = "${WORKDIR}/git" - -inherit autotools-brokensep - -do_compile[noexec] = "1" -do_configure[noexec] = "1" - -do_install () { - install -d ${D}/${bindir} - install -d ${D}/${sysconfdir}/lynis - install -m 555 ${S}/lynis ${D}/${bindir} - - install -d ${D}/${datadir}/lynis/db - install -d ${D}/${datadir}/lynis/plugins - install -d ${D}/${datadir}/lynis/include - install -d ${D}/${datadir}/lynis/extras - - cp -r ${S}/db/* ${D}/${datadir}/lynis/db/. - cp -r ${S}/plugins/* ${D}/${datadir}/lynis/plugins/. - cp -r ${S}/include/* ${D}/${datadir}/lynis/include/. - cp -r ${S}/extras/* ${D}/${datadir}/lynis/extras/. - cp ${S}/*.prf ${D}/${sysconfdir}/lynis -} - -FILES_${PN} += "${sysconfdir}/developer.prf ${sysconfdir}/default.prf" -FILES_${PN}-doc += "lynis.8 FAQ README CHANGELOG.md CONTRIBUTIONS.md CONTRIBUTORS.md" - -RDEPENDS_${PN} += "procps" diff --git a/meta-security/meta-security-compliance/recipes-auditors/lynis/lynis_2.6.8.bb b/meta-security/meta-security-compliance/recipes-auditors/lynis/lynis_2.6.8.bb new file mode 100644 index 0000000000..28a44691c3 --- /dev/null +++ b/meta-security/meta-security-compliance/recipes-auditors/lynis/lynis_2.6.8.bb @@ -0,0 +1,41 @@ +# Copyright (C) 2017 Armin Kuster +# Released under the MIT license (see COPYING.MIT for the terms) + +SUMMARY = "Lynis is a free and open source security and auditing tool." +HOMEDIR = "https://cisofy.com/" +LICENSE = "GPL-3.0" +LIC_FILES_CHKSUM = "file://LICENSE;md5=3edd6782854304fd11da4975ab9799c1" + +SRC_URI = "https://cisofy.com/files/${BPN}-${PV}.tar.gz" + +SRC_URI[md5sum] = "91a538055bfb682733ef8e4fe7eb0902" +SRC_URI[sha256sum] = "2e4c5157a4f2d9bb37d3f0f1f5bea03f92233a2a7d4df6eddf231a784087dfac" + +S = "${WORKDIR}/${BPN}" + +inherit autotools-brokensep + +do_compile[noexec] = "1" +do_configure[noexec] = "1" + +do_install () { + install -d ${D}/${bindir} + install -d ${D}/${sysconfdir}/lynis + install -m 555 ${S}/lynis ${D}/${bindir} + + install -d ${D}/${datadir}/lynis/db + install -d ${D}/${datadir}/lynis/plugins + install -d ${D}/${datadir}/lynis/include + install -d ${D}/${datadir}/lynis/extras + + cp -r ${S}/db/* ${D}/${datadir}/lynis/db/. + cp -r ${S}/plugins/* ${D}/${datadir}/lynis/plugins/. + cp -r ${S}/include/* ${D}/${datadir}/lynis/include/. + cp -r ${S}/extras/* ${D}/${datadir}/lynis/extras/. + cp ${S}/*.prf ${D}/${sysconfdir}/lynis +} + +FILES_${PN} += "${sysconfdir}/developer.prf ${sysconfdir}/default.prf" +FILES_${PN}-doc += "lynis.8 FAQ README CHANGELOG.md CONTRIBUTIONS.md CONTRIBUTORS.md" + +RDEPENDS_${PN} += "procps" diff --git a/meta-security/meta-security-compliance/recipes-core/os-release/os-release.bbappend b/meta-security/meta-security-compliance/recipes-core/os-release/os-release.bbappend index e9fd44ade8..604bacb1a0 100644 --- a/meta-security/meta-security-compliance/recipes-core/os-release/os-release.bbappend +++ b/meta-security/meta-security-compliance/recipes-core/os-release/os-release.bbappend @@ -1,4 +1 @@ -OS_RELEASE_FIELDS += "CPE_NAME" - CPE_NAME="cpe:/o:openembedded:nodistro:0" - diff --git a/meta-security/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb b/meta-security/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb new file mode 100644 index 0000000000..a6a9373ea1 --- /dev/null +++ b/meta-security/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb @@ -0,0 +1,18 @@ +# Copyright (C) 2017 Armin Kuster +# Released under the MIT license (see COPYING.MIT for the terms) + +SUMARRY = "The OpenSCAP Daemon is a service that runs in the background." +HOME_URL = "https://www.open-scap.org/tools/openscap-daemon/" +LIC_FILES_CHKSUM = "file://LICENSE;md5=40d2542b8c43a3ec2b7f5da31a697b88" +LICENSE = "LGPL-2.1" + +DEPENDS = "python3-dbus" + +SRCREV = "f25b16afb6ac761fea13132ff406fba4cdfd2b76" +SRC_URI = "git://github.com/OpenSCAP/openscap-daemon.git" + +inherit setuptools3 + +S = "${WORKDIR}/git" + +RDEPENDS_${PN} = "python" diff --git a/meta-security/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.6.bb b/meta-security/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.6.bb deleted file mode 100644 index fb01a1134c..0000000000 --- a/meta-security/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.6.bb +++ /dev/null @@ -1,20 +0,0 @@ -# Copyright (C) 2017 Armin Kuster -# Released under the MIT license (see COPYING.MIT for the terms) - -SUMARRY = "The OpenSCAP Daemon is a service that runs in the background." -HOME_URL = "https://www.open-scap.org/tools/openscap-daemon/" -LIC_FILES_CHKSUM = "file://LICENSE;md5=40d2542b8c43a3ec2b7f5da31a697b88" -LICENSE = "LGPL-2.1" - -DEPENDS = "python3-dbus" - -SRCREV = "3fd5c75a08223de35a865d026d2a6980ec9c1d74" -SRC_URI = "git://github.com/OpenSCAP/openscap-daemon.git" - -PV = "0.1.6+git${SRCPV}" - -inherit setuptools3 - -S = "${WORKDIR}/git" - -RDEPENDS_${PN} = "python" diff --git a/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_1.2.15.bb b/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_1.2.15.bb deleted file mode 100644 index 7cbb1e2eca..0000000000 --- a/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_1.2.15.bb +++ /dev/null @@ -1,86 +0,0 @@ -# Copyright (C) 2017 Armin Kuster -# Released under the MIT license (see COPYING.MIT for the terms) - -SUMARRY = "NIST Certified SCAP 1.2 toolkit" -HOME_URL = "https://www.open-scap.org/tools/openscap-base/" -LIC_FILES_CHKSUM = "file://COPYING;md5=fbc093901857fcd118f065f900982c24" -LICENSE = "LGPL-2.1" - -DEPENDS = "autoconf-archive pkgconfig gconf procps curl libxml2 rpm \ - libxslt libcap swig swig-native" - -DEPENDS_class-native = "autoconf-archive-native pkgconfig-native swig-native curl-native libxml2-native libxslt-native dpkg-native libgcrypt-native nss-native" - -SRCREV = "240930d42611983c65ecae16dbca3248ce130921" -SRC_URI = "git://github.com/akuster/openscap.git;branch=oe \ - file://crypto_pkgconfig.patch \ - file://run-ptest \ -" - -inherit autotools-brokensep pkgconfig python3native perlnative ptest - -S = "${WORKDIR}/git" - -PACKAGECONFIG ?= "nss3 pcre rpm" -PACKAGECONFIG[pcre] = ",--enable-regex-posix, libpcre" -PACKAGECONFIG[gcrypt] = "--with-crypto=gcrypt,, libgcrypt " -PACKAGECONFIG[nss3] = "--with-crypto=nss3,, nss" -PACKAGECONFIG[python] = "--enable-python, --disable-python, python, python" -PACKAGECONFIG[python3] = "--enable-python3, --disable-python3, python3, python3" -PACKAGECONFIG[perl] = "--enable-perl, --disable-perl, perl, perl" -PACKAGECONFIG[rpm] = " --enable-util-scap-as-rpm, --disable-util-scap-as-rpm, rpm, rpm" - -export LDFLAGS += " -ldl" - -EXTRA_OECONF += "--enable-probes-independent --enable-probes-linux \ - --enable-probes-solaris --enable-probes-unix --disable-util-oscap-docker\ - --enable-util-oscap-ssh --enable-util-oscap --enable-ssp --enable-sce \ -" - -EXTRA_OECONF_class-native += "--disable-probes-independent --enable-probes-linux \ - --disable-probes-solaris --disable-probes-unix \ - --enable-util-oscap \ -" - -do_configure_prepend () { - sed -i 's:-I/usr/include:-I${STAGING_INCDIR}:' ${S}/swig/perl/Makefile.am - sed -i 's:-I/usr/include:-I${STAGING_INCDIR}:' ${S}/swig/python3/Makefile.am - sed -i 's:-I/usr/include:-I${STAGING_INCDIR}:' ${S}/swig/python2/Makefile.am -} - - -include openscap.inc - -do_configure_append_class-native () { - sed -i 's:OSCAP_DEFAULT_CPE_PATH.*$:OSCAP_DEFAULT_CPE_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/cpe":' ${S}/config.h - sed -i 's:OSCAP_DEFAULT_SCHEMA_PATH.*$:OSCAP_DEFAULT_SCHEMA_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/schemas":' ${S}/config.h - sed -i 's:OSCAP_DEFAULT_XSLT_PATH.*$:OSCAP_DEFAULT_XSLT_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/xsl":' ${S}/config.h -} - -do_clean[cleandirs] += " ${STAGING_OSCAP_BUILDDIR}" - -do_install_append_class-native () { - oscapdir=${STAGING_OSCAP_BUILDDIR}/${datadir_native} - install -d $oscapdir - cp -a ${D}/${STAGING_DATADIR_NATIVE}/openscap $oscapdir -} - -TESTDIR = "tests" - -do_compile_ptest() { - sed -i 's:python2:python:' ${S}/${TESTDIR}/nist/test_worker.py - echo 'buildtest-TESTS: $(check)' >> ${TESTDIR}/Makefile - oe_runmake -C ${TESTDIR} buildtest-TESTS -} - -do_install_ptest() { - # install the tests - cp -rf ${B}/${TESTDIR} ${D}${PTEST_PATH} -} - -FILES_${PN} += "${PYTHON_SITEPACKAGES_DIR}" - -RDEPENDS_${PN} += "libxml2 python libgcc" -RDEPENDS_${PN}-ptest = "bash perl python" - -BBCLASSEXTEND = "native" diff --git a/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_1.2.17.bb b/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_1.2.17.bb new file mode 100644 index 0000000000..e2a4fa2e69 --- /dev/null +++ b/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_1.2.17.bb @@ -0,0 +1,87 @@ +# Copyright (C) 2017 Armin Kuster +# Released under the MIT license (see COPYING.MIT for the terms) + +SUMARRY = "NIST Certified SCAP 1.2 toolkit" +HOME_URL = "https://www.open-scap.org/tools/openscap-base/" +LIC_FILES_CHKSUM = "file://COPYING;md5=fbc093901857fcd118f065f900982c24" +LICENSE = "LGPL-2.1" + +DEPENDS = "autoconf-archive pkgconfig gconf procps curl libxml2 rpm \ + libxslt libcap swig swig-native" + +DEPENDS_class-native = "autoconf-archive-native pkgconfig-native swig-native curl-native libxml2-native libxslt-native dpkg-native libgcrypt-native nss-native" + +SRCREV = "59c234b3e9907480c89dfbd1b466a6bf72a2d2ed" +SRC_URI = "git://github.com/akuster/openscap.git;branch=oe \ + file://crypto_pkgconfig.patch \ + file://run-ptest \ +" + +inherit autotools-brokensep pkgconfig python3native perlnative ptest + +S = "${WORKDIR}/git" + +PACKAGECONFIG ?= "nss3 pcre rpm" +PACKAGECONFIG[pcre] = ",--enable-regex-posix, libpcre" +PACKAGECONFIG[gcrypt] = "--with-crypto=gcrypt,, libgcrypt " +PACKAGECONFIG[nss3] = "--with-crypto=nss3,, nss" +PACKAGECONFIG[python] = "--enable-python, --disable-python, python, python" +PACKAGECONFIG[python3] = "--enable-python3, --disable-python3, python3, python3" +PACKAGECONFIG[perl] = "--enable-perl, --disable-perl, perl, perl" +PACKAGECONFIG[rpm] = " --enable-util-scap-as-rpm, --disable-util-scap-as-rpm, rpm, rpm" + +export LDFLAGS += " -ldl" + +EXTRA_OECONF += "--enable-probes-independent --enable-probes-linux \ + --enable-probes-solaris --enable-probes-unix --disable-util-oscap-docker\ + --enable-util-oscap-ssh --enable-util-oscap --enable-ssp --enable-sce \ +" + +EXTRA_OECONF_class-native += "--disable-probes-independent --enable-probes-linux \ + --disable-probes-solaris --disable-probes-unix \ + --enable-util-oscap \ +" + +do_configure_prepend () { + sed -i 's:-I/usr/include:-I${STAGING_INCDIR}:' ${S}/swig/perl/Makefile.am + sed -i 's:-I/usr/include:-I${STAGING_INCDIR}:' ${S}/swig/python3/Makefile.am + sed -i 's:-I/usr/include:-I${STAGING_INCDIR}:' ${S}/swig/python2/Makefile.am + sed -i 's:python2:python:' ${S}/utils/scap-as-rpm +} + + +include openscap.inc + +do_configure_append_class-native () { + sed -i 's:OSCAP_DEFAULT_CPE_PATH.*$:OSCAP_DEFAULT_CPE_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/cpe":' ${S}/config.h + sed -i 's:OSCAP_DEFAULT_SCHEMA_PATH.*$:OSCAP_DEFAULT_SCHEMA_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/schemas":' ${S}/config.h + sed -i 's:OSCAP_DEFAULT_XSLT_PATH.*$:OSCAP_DEFAULT_XSLT_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/xsl":' ${S}/config.h +} + +do_clean[cleandirs] += " ${STAGING_OSCAP_BUILDDIR}" + +do_install_append_class-native () { + oscapdir=${STAGING_OSCAP_BUILDDIR}/${datadir_native} + install -d $oscapdir + cp -a ${D}/${STAGING_DATADIR_NATIVE}/openscap $oscapdir +} + +TESTDIR = "tests" + +do_compile_ptest() { + sed -i 's:python2:python:' ${S}/${TESTDIR}/nist/test_worker.py + echo 'buildtest-TESTS: $(check)' >> ${TESTDIR}/Makefile + oe_runmake -C ${TESTDIR} buildtest-TESTS +} + +do_install_ptest() { + # install the tests + cp -rf ${B}/${TESTDIR} ${D}${PTEST_PATH} +} + +FILES_${PN} += "${PYTHON_SITEPACKAGES_DIR}" + +RDEPENDS_${PN} += "libxml2 python libgcc" +RDEPENDS_${PN}-ptest = "bash perl python" + +BBCLASSEXTEND = "native" -- cgit v1.2.3