From a1a6aefba3ae965f2447b102663b2a6a40aa968a Mon Sep 17 00:00:00 2001 From: Andrew Geissler Date: Fri, 25 Jun 2021 14:23:58 -0500 Subject: meta-security: subtree update:ab239f1497..46f7e7acbe Armin Kuster (18): python3-scapy: update to 2.4.5 lkrg-module: update 0.9.1 packagegroup-core-security: exclude ossec-hids from musl ossec-hids: musl not compatable sssd: update to 2.5.0 busybox: drop as libsecomp is in core linux-%_5.%.bbappend: drop recipe initramfs-framework: fix YCL issue. python3-scapy: drop , now in meta-python packagegroup-core-security: drop python3-scapy meta-hardening/initscripts: missed overide. meta-security: add sanity check meta-security/recipe-kernel: use sanity check linux-yocto-dev: drop bbappend meta-tpm: add layer sanity check meta-tpm/linux-yocto: use sanity support meta-integrity: add sanity check meta-integrity/recipe-kernel: use sanity check Federico Pellegrin (1): aircrack-ng: update to 1.6 Kai Kang (2): sssd: set pid path with /run sssd: add fix-ldblibdir.patch back Ricardo Salveti (1): tpm2-tss: fix usrmerge udev install path Robert P. J. Day (1): Correct "securiyt" typo in maintainers.inc Sekine Shigeki (1): smack: add 3 cves to allowlist Upgrade Helper (2): clamav: upgrade to latest revision opendnssec: upgrade 2.1.8 -> 2.1.9 Yi Zhao (1): libgssglue: update SRC_URI Signed-off-by: Andrew Geissler Change-Id: I3bcabc218b240681d525111d16f963eb9b33c922 --- meta-security/recipes-core/busybox/busybox/head.cfg | 1 - meta-security/recipes-core/busybox/busybox_%.bbappend | 1 - .../recipes-core/busybox/busybox_libsecomp.inc | 3 --- .../recipes-core/initrdscripts/initramfs-framework.inc | 16 ++++++++++++++++ .../initrdscripts/initramfs-framework_1.0.bbappend | 17 +---------------- .../packagegroup/packagegroup-core-security.bb | 4 ++-- 6 files changed, 19 insertions(+), 23 deletions(-) delete mode 100644 meta-security/recipes-core/busybox/busybox/head.cfg delete mode 100644 meta-security/recipes-core/busybox/busybox_%.bbappend delete mode 100644 meta-security/recipes-core/busybox/busybox_libsecomp.inc create mode 100644 meta-security/recipes-core/initrdscripts/initramfs-framework.inc (limited to 'meta-security/recipes-core') diff --git a/meta-security/recipes-core/busybox/busybox/head.cfg b/meta-security/recipes-core/busybox/busybox/head.cfg deleted file mode 100644 index 16017ea486..0000000000 --- a/meta-security/recipes-core/busybox/busybox/head.cfg +++ /dev/null @@ -1 +0,0 @@ -CONFIG_FEATURE_FANCY_HEAD=y diff --git a/meta-security/recipes-core/busybox/busybox_%.bbappend b/meta-security/recipes-core/busybox/busybox_%.bbappend deleted file mode 100644 index 27a24824dc..0000000000 --- a/meta-security/recipes-core/busybox/busybox_%.bbappend +++ /dev/null @@ -1 +0,0 @@ -require ${@bb.utils.contains('DISTRO_FEATURES', 'ptest', 'busybox_libsecomp.inc', '', d)} diff --git a/meta-security/recipes-core/busybox/busybox_libsecomp.inc b/meta-security/recipes-core/busybox/busybox_libsecomp.inc deleted file mode 100644 index 4af22ce3e9..0000000000 --- a/meta-security/recipes-core/busybox/busybox_libsecomp.inc +++ /dev/null @@ -1,3 +0,0 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/busybox:" - -SRC_URI_append = " file://head.cfg" diff --git a/meta-security/recipes-core/initrdscripts/initramfs-framework.inc b/meta-security/recipes-core/initrdscripts/initramfs-framework.inc new file mode 100644 index 0000000000..dad9c967c0 --- /dev/null +++ b/meta-security/recipes-core/initrdscripts/initramfs-framework.inc @@ -0,0 +1,16 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" + +SRC_URI_append = "\ + file://dmverity \ +" + +do_install_append() { + # dm-verity + install ${WORKDIR}/dmverity ${D}/init.d/80-dmverity +} + +PACKAGES_append = " initramfs-module-dmverity" + +SUMMARY_initramfs-module-dmverity = "initramfs dm-verity rootfs support" +RDEPENDS_initramfs-module-dmverity = "${PN}-base" +FILES_initramfs-module-dmverity = "/init.d/80-dmverity" diff --git a/meta-security/recipes-core/initrdscripts/initramfs-framework_1.0.bbappend b/meta-security/recipes-core/initrdscripts/initramfs-framework_1.0.bbappend index dad9c967c0..dc74e017fe 100644 --- a/meta-security/recipes-core/initrdscripts/initramfs-framework_1.0.bbappend +++ b/meta-security/recipes-core/initrdscripts/initramfs-framework_1.0.bbappend @@ -1,16 +1 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" - -SRC_URI_append = "\ - file://dmverity \ -" - -do_install_append() { - # dm-verity - install ${WORKDIR}/dmverity ${D}/init.d/80-dmverity -} - -PACKAGES_append = " initramfs-module-dmverity" - -SUMMARY_initramfs-module-dmverity = "initramfs dm-verity rootfs support" -RDEPENDS_initramfs-module-dmverity = "${PN}-base" -FILES_initramfs-module-dmverity = "/init.d/80-dmverity" +require ${@bb.utils.contains('IMAGE_CLASSES', 'dm-verity', 'initramfs-framework.inc', '', d)} diff --git a/meta-security/recipes-core/packagegroup/packagegroup-core-security.bb b/meta-security/recipes-core/packagegroup/packagegroup-core-security.bb index d7349b0807..e7b6d9bf35 100644 --- a/meta-security/recipes-core/packagegroup/packagegroup-core-security.bb +++ b/meta-security/recipes-core/packagegroup/packagegroup-core-security.bb @@ -37,7 +37,6 @@ RDEPENDS_packagegroup-security-utils = "\ pinentry \ python3-privacyidea \ python3-fail2ban \ - python3-scapy \ softhsm \ libest \ opendnssec \ @@ -74,6 +73,8 @@ RDEPENDS_packagegroup-security-ids = " \ aide \ " +RDEPENDS_packagegroup-security-ids_remove_libc-musl = "ossec-hids" + SUMMARY_packagegroup-security-mac = "Security Mandatory Access Control systems" RDEPENDS_packagegroup-security-mac = " \ ${@bb.utils.contains("DISTRO_FEATURES", "tomoyo", "ccs-tools", "",d)} \ @@ -87,7 +88,6 @@ RDEPENDS_packagegroup-meta-security-ptest-packages = "\ ptest-runner \ samhain-standalone-ptest \ libseccomp-ptest \ - python3-scapy-ptest \ suricata-ptest \ python3-fail2ban-ptest \ ${@bb.utils.contains("DISTRO_FEATURES", "smack", "smack-ptest", "",d)} \ -- cgit v1.2.3