From 064f75b35a14f3bd6e99ce65a7f7609b973036d5 Mon Sep 17 00:00:00 2001 From: Andrew Geissler Date: Sat, 27 Jun 2020 00:14:46 -0500 Subject: meta-security: subtree update:95fe86eb98..7831969f8c Alexander Kanavin (1): apparmor: pull in coreutils/findutils only when not using systemd as init manager Armin Kuster (7): tpm2-tools: update to 4.1.3 tpm2-tss: update to 2.4.1 tpm2-tss-engine: add branch to SRC_URI & update to tip tpm2-pkcs11: update 1.2.0 libtpm: update to 0.7.2 openscap: update to 1.3.3 tpm2-tcti-uefi: drop patch no longer needed Jeremy Puhlman (2): clamav: resolve multilib issues tripwire: Remove makefiles from the man directories. Kai Kang (1): sssd: disable build secrets Signed-off-by: Andrew Geissler Change-Id: I1e19d2563541504bcf89f1f70c680bd7e7e62d6c --- .../recipes-openscap/openscap/openscap_1.3.1.bb | 9 --- .../recipes-openscap/openscap/openscap_1.3.3.bb | 9 +++ .../recipes-openscap/openscap/openscap_git.bb | 4 +- .../meta-tpm/recipes-tpm/libtpm/libtpm_0.7.0.bb | 16 ----- .../meta-tpm/recipes-tpm/libtpm/libtpm_0.7.2.bb | 16 +++++ .../recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_0.9.9.bb | 21 ------ .../recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.2.0.bb | 20 ++++++ .../tpm2-tcti-uefi/files/tpm2-get-caps-fixed.patch | 23 ------ .../tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb | 4 +- .../recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb | 17 ----- .../recipes-tpm2/tpm2-tools/tpm2-tools_4.1.3.bb | 13 ++++ .../tpm2-tss-engine/tpm2-tss-engine_1.0.1.bb | 8 +-- .../recipes-tpm2/tpm2-tss/tpm2-tss_2.3.2.bb | 81 ---------------------- .../recipes-tpm2/tpm2-tss/tpm2-tss_2.4.1.bb | 78 +++++++++++++++++++++ .../recipes-ids/tripwire/tripwire_2.4.3.7.bb | 1 + .../recipes-mac/AppArmor/apparmor_2.13.4.bb | 3 +- .../recipes-scanners/clamav/clamav_0.101.5.bb | 5 +- meta-security/recipes-security/sssd/sssd_1.16.4.bb | 7 +- 18 files changed, 154 insertions(+), 181 deletions(-) delete mode 100644 meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.1.bb create mode 100644 meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.3.bb delete mode 100644 meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.7.0.bb create mode 100644 meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.7.2.bb delete mode 100644 meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_0.9.9.bb create mode 100644 meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.2.0.bb delete mode 100644 meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/files/tpm2-get-caps-fixed.patch delete mode 100644 meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb create mode 100644 meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.3.bb delete mode 100644 meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.3.2.bb create mode 100644 meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.4.1.bb (limited to 'meta-security') diff --git a/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.1.bb b/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.1.bb deleted file mode 100644 index ad29efdada..0000000000 --- a/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.1.bb +++ /dev/null @@ -1,9 +0,0 @@ -SUMARRY = "NIST Certified SCAP 1.2 toolkit" - -require openscap.inc - -SRCREV = "3a4c635691380fa990a226acc8558db35d7ebabc" -SRC_URI = "git://github.com/OpenSCAP/openscap.git;branch=maint-1.3 \ -" - -DEFAULT_PREFERENCE = "-1" diff --git a/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.3.bb b/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.3.bb new file mode 100644 index 0000000000..51fa9ee2ac --- /dev/null +++ b/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.3.bb @@ -0,0 +1,9 @@ +SUMARRY = "NIST Certified SCAP 1.2 toolkit" + +require openscap.inc + +SRCREV = "0cb55c55af6be9934d6fd0caf4563b206f289732" +SRC_URI = "git://github.com/OpenSCAP/openscap.git;branch=maint-1.3 \ +" + +DEFAULT_PREFERENCE = "-1" diff --git a/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb b/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb index 963d3dec94..73a4729bfe 100644 --- a/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb +++ b/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb @@ -5,8 +5,8 @@ SUMARRY = "NIST Certified SCAP 1.2 toolkit with OE changes" include openscap.inc -SRCREV = "4bbdb46ff651f809d5b38ca08d769790c4bfff90" +SRCREV = "a85943eee400fdbe59234d1c4a02d8cf710c4625" SRC_URI = "git://github.com/akuster/openscap.git;branch=oe-1.3 \ " -PV = "1.3.1+git${SRCPV}" +PV = "1.3.3+git${SRCPV}" diff --git a/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.7.0.bb b/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.7.0.bb deleted file mode 100644 index 4588c8d09d..0000000000 --- a/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.7.0.bb +++ /dev/null @@ -1,16 +0,0 @@ -SUMMARY = "LIBPM - Software TPM Library" -LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=e73f0786a936da3814896df06ad225a9" - -SRCREV = "c26e8f7b08b19a69cea9e8f1f1e6639c7951fb01" -SRC_URI = "git://github.com/stefanberger/libtpms.git;branch=stable-${PV}" - -PE = "1" - -S = "${WORKDIR}/git" -inherit autotools-brokensep pkgconfig perlnative - -PACKAGECONFIG ?= "openssl" -PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl" - -BBCLASSEXTEND = "native" diff --git a/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.7.2.bb b/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.7.2.bb new file mode 100644 index 0000000000..0ade01dd50 --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.7.2.bb @@ -0,0 +1,16 @@ +SUMMARY = "LIBPM - Software TPM Library" +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=e73f0786a936da3814896df06ad225a9" + +SRCREV = "7325acb4777f70419fe10a1d9621c2666e977e73" +SRC_URI = "git://github.com/stefanberger/libtpms.git;branch=stable-0.7.0" + +PE = "1" + +S = "${WORKDIR}/git" +inherit autotools-brokensep pkgconfig perlnative + +PACKAGECONFIG ?= "openssl" +PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl" + +BBCLASSEXTEND = "native" diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_0.9.9.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_0.9.9.bb deleted file mode 100644 index 351e03e5b5..0000000000 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_0.9.9.bb +++ /dev/null @@ -1,21 +0,0 @@ -SUMMARY = "A PKCS#11 interface for TPM2 hardware" -DESCRIPTION = "PKCS #11 is a Public-Key Cryptography Standard that defines a standard method to access cryptographic services from tokens/ devices such as hardware security modules (HSM), smart cards, etc. In this project we intend to use a TPM2 device as the cryptographic token." -SECTION = "security/tpm" -LICENSE = "BSD-2-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=93645981214b60a02688745c14f93c95" - -DEPENDS = "autoconf-archive pkgconfig dstat sqlite3 openssl libtss2-dev tpm2-tools" - -SRC_URI = "git://github.com/tpm2-software/tpm2-pkcs11.git \ - file://bootstrap_fixup.patch \ - " - -SRCREV = "6de3f6f9c6e0a4983f3fb90e35feb34906f8aea7" - -S = "${WORKDIR}/git" - -inherit autotools-brokensep pkgconfig - -do_configure_prepend () { - ${S}/bootstrap -} diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.2.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.2.0.bb new file mode 100644 index 0000000000..ce2dac0a55 --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.2.0.bb @@ -0,0 +1,20 @@ +SUMMARY = "A PKCS#11 interface for TPM2 hardware" +DESCRIPTION = "PKCS #11 is a Public-Key Cryptography Standard that defines a standard method to access cryptographic services from tokens/ devices such as hardware security modules (HSM), smart cards, etc. In this project we intend to use a TPM2 device as the cryptographic token." +SECTION = "security/tpm" +LICENSE = "BSD-2-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=0fc19f620a102768d6dbd1e7166e78ab" + +DEPENDS = "autoconf-archive pkgconfig dstat sqlite3 openssl libtss2-dev tpm2-tools libyaml" + +SRC_URI = "git://github.com/tpm2-software/tpm2-pkcs11.git;branch=1.X \ + file://bootstrap_fixup.patch " + +SRCREV = "8d8f137f65f1d61d66cc191947b59c378f23e97d" + +S = "${WORKDIR}/git" + +inherit autotools-brokensep pkgconfig + +do_configure_prepend () { + ${S}/bootstrap +} diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/files/tpm2-get-caps-fixed.patch b/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/files/tpm2-get-caps-fixed.patch deleted file mode 100644 index bc70913e85..0000000000 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/files/tpm2-get-caps-fixed.patch +++ /dev/null @@ -1,23 +0,0 @@ -Fix defined to match tpm2-tools 4.1.1 - -Upstream-Status: Submitted https://github.com/tpm2-software/tpm2-tcti-uefi/pull/81 -Signed-off-by: Armin Kuster - -Index: git/example/tpm2-get-caps-fixed.c -=================================================================== ---- git.orig/example/tpm2-get-caps-fixed.c -+++ git/example/tpm2-get-caps-fixed.c -@@ -140,11 +140,11 @@ dump_tpm_properties_fixed (TPMS_TAGGED_P - Print (L"TPM2_PT_INPUT_BUFFER:\n" - " value: 0x%X\n", value); - break; -- case TPM2_PT_HR_TRANSIENT_MIN: -+ case TPM2_PT_TPM2_HR_TRANSIENT_MIN: - Print (L"TPM2_PT_TPM2_HR_TRANSIENT_MIN:\n" - " value: 0x%X\n", value); - break; -- case TPM2_PT_HR_PERSISTENT_MIN: -+ case TPM2_PT_TPM2_HR_PERSISTENT_MIN: - Print (L"TPM2_PT_TPM2_HR_PERSISTENT_MIN:\n" - " value: 0x%X\n", value); - break; diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb index 67b36b787d..a67e3c34d1 100644 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb @@ -7,9 +7,9 @@ DEPENDS = "libtss2-dev libtss2-mu-dev gnu-efi-native gnu-efi pkgconfig autoconf- SRC_URI = "git://github.com/tpm2-software/tpm2-tcti-uefi.git \ file://configure_oe_fixup.patch \ file://0001-configure.ac-stop-inserting-host-directories-into-co.patch \ - file://tpm2-get-caps-fixed.patch \ file://fix_header_file.patch \ - " +" + SRCREV = "0241b08f069f0fdb3612f5c1b938144dbe9be811" S = "${WORKDIR}/git" diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb deleted file mode 100644 index e90dcfe6e4..0000000000 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb +++ /dev/null @@ -1,17 +0,0 @@ -SUMMARY = "Tools for TPM2." -DESCRIPTION = "tpm2-tools" -LICENSE = "BSD" -LIC_FILES_CHKSUM = "file://LICENSE;md5=0eb1216e46938bd723098d93a23c3bcc" -SECTION = "tpm" - -DEPENDS = "tpm2-abrmd tpm2-tss openssl curl autoconf-archive" - -SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz" - -SRC_URI[md5sum] = "701ae9e8c8cbdd37d89c8ad774f55395" -SRC_URI[sha256sum] = "40b9263d8b949bd2bc03a3cd60fa242e27116727467f9bbdd0b5f2539a25a7b1" -SRC_URI[sha1sum] = "d097d321237983435f05c974533ad90e6f20acef" -SRC_URI[sha384sum] = "396547f400e4f5626d7741d77ec543f312d94e6697899f4c36260d15fab3f4f971ad2c0487e6eaa2d60256f3cf68f85f" -SRC_URI[sha512sum] = "25952cf947f0acd16b1a8dbd3ac8573bce85ff970a7e24c290c4f9cd29418e77a3e48ac82c932fbd250887a9303ab301ff92db594c2fffaba47b873382444d26" - -inherit autotools pkgconfig bash-completion diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.3.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.3.bb new file mode 100644 index 0000000000..ae01d5e1de --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.3.bb @@ -0,0 +1,13 @@ +SUMMARY = "Tools for TPM2." +DESCRIPTION = "tpm2-tools" +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=0eb1216e46938bd723098d93a23c3bcc" +SECTION = "tpm" + +DEPENDS = "tpm2-abrmd tpm2-tss openssl curl autoconf-archive" + +SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz" + +SRC_URI[sha256sum] = "bb5d3310620e75468fe33dbd530bd73dd648c70ec707b4579c74d9f63fc82704" + +inherit autotools pkgconfig bash-completion diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.0.1.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.0.1.bb index 3641b1b761..ebd6d539ef 100644 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.0.1.bb +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.0.1.bb @@ -1,15 +1,15 @@ SUMMARY = "The tpm2-tss-engine project implements a cryptographic engine for OpenSSL." DESCRIPTION = "The tpm2-tss-engine project implements a cryptographic engine for OpenSSL for Trusted Platform Module (TPM 2.0) using the tpm2-tss software stack that follows the Trusted Computing Groups (TCG) TPM Software Stack (TSS 2.0). It uses the Enhanced System API (ESAPI) interface of the TSS 2.0 for downwards communication. It supports RSA decryption and signatures as well as ECDSA signatures." -LICENSE = "BSD-2-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=7b3ab643b9ce041de515d1ed092a36d4" +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=3fb0047fd29391478a71e8e6101c76eb" SECTION = "security/tpm" DEPENDS = "autoconf-archive-native bash-completion libtss2 libgcrypt openssl" -SRCREV = "fdc8f65dfc8bad8b5a3aed181fae338267308f70" -SRC_URI = "git://github.com/tpm2-software/tpm2-tss-engine.git" +SRCREV = "24f1383cc6befde44d6f01a51ea653304d844ffd" +SRC_URI = "git://github.com/tpm2-software/tpm2-tss-engine.git;branch=v1.0.x" inherit autotools-brokensep pkgconfig systemd diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.3.2.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.3.2.bb deleted file mode 100644 index 135efed84e..0000000000 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.3.2.bb +++ /dev/null @@ -1,81 +0,0 @@ -SUMMARY = "Software stack for TPM2." -DESCRIPTION = "OSS implementation of the TCG TPM2 Software Stack (TSS2) " -LICENSE = "BSD-2-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da" -SECTION = "tpm" - -DEPENDS = "autoconf-archive-native libgcrypt openssl" - -SRCREV = "a99e733ba66c359502689a9c42fd5e02ed1dd7d6" - -SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz" -SRC_URI[md5sum] = "fb7e6d371959a65dc6d129af81739742" -SRC_URI[sha256sum] = "82929a0611f39246e09202702a61b54c980ab694626c1f5823520ddf75024fa6" -SRC_URI[sha1sum] = "c24ce8b20a8686ada775239389292f6d78020668" -SRC_URI[sha384sum] = "a0c023c024efb6c9906df1e143d692f44433de332b616dc0584c9b4cd4fb0ad544308f291892e91c5a52ef1a4b2abf7f" -SRC_URI[sha512sum] = "7b679b54f3478c3adee5b6c3135cbe491ffd9f4712991f465edbd6c7d2831e5f1537038ec36f288e9545c719d5d167b61116c924cf5d816220615d0b58a1d436" - -inherit autotools pkgconfig systemd extrausers - -PACKAGECONFIG ??= "" -PACKAGECONFIG[oxygen] = ",--disable-doxygen-doc, " - -EXTRA_OECONF += "--enable-static --with-udevrulesdir=${base_prefix}/lib/udev/rules.d/" -EXTRA_OECONF_remove = " --disable-static" - - -EXTRA_USERS_PARAMS = "\ - useradd -p '' tss; \ - groupadd tss; \ - " - -PROVIDES = "${PACKAGES}" -PACKAGES = " \ - ${PN} \ - ${PN}-dbg \ - ${PN}-doc \ - libtss2-mu \ - libtss2-mu-dev \ - libtss2-mu-staticdev \ - libtss2-tcti-device \ - libtss2-tcti-device-dev \ - libtss2-tcti-device-staticdev \ - libtss2-tcti-mssim \ - libtss2-tcti-mssim-dev \ - libtss2-tcti-mssim-staticdev \ - libtss2 \ - libtss2-dev \ - libtss2-staticdev \ -" - -FILES_libtss2-tcti-device = "${libdir}/libtss2-tcti-device.so.*" -FILES_libtss2-tcti-device-dev = " \ - ${includedir}/tss2/tss2_tcti_device.h \ - ${libdir}/pkgconfig/tss2-tcti-device.pc \ - ${libdir}/libtss2-tcti-device.so" -FILES_libtss2-tcti-device-staticdev = "${libdir}/libtss2-tcti-device.*a" - -FILES_libtss2-tcti-mssim = "${libdir}/libtss2-tcti-mssim.so.*" -FILES_libtss2-tcti-mssim-dev = " \ - ${includedir}/tss2/tss2_tcti_mssim.h \ - ${libdir}/pkgconfig/tss2-tcti-mssim.pc \ - ${libdir}/libtss2-tcti-mssim.so" -FILES_libtss2-tcti-mssim-staticdev = "${libdir}/libtss2-tcti-mssim.*a" - -FILES_libtss2-mu = "${libdir}/libtss2-mu.so.*" -FILES_libtss2-mu-dev = " \ - ${includedir}/tss2/tss2_mu.h \ - ${libdir}/pkgconfig/tss2-mu.pc \ - ${libdir}/libtss2-mu.so" -FILES_libtss2-mu-staticdev = "${libdir}/libtss2-mu.*a" - -FILES_libtss2 = "${libdir}/libtss2*so.*" -FILES_libtss2-dev = " \ - ${includedir} \ - ${libdir}/pkgconfig \ - ${libdir}/libtss2*so" -FILES_libtss2-staticdev = "${libdir}/libtss*a" - -FILES_${PN} = "${libdir}/udev ${base_prefix}/lib/udev" - -RDEPENDS_libtss2 = "libgcrypt" diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.4.1.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.4.1.bb new file mode 100644 index 0000000000..22b961d1c8 --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.4.1.bb @@ -0,0 +1,78 @@ +SUMMARY = "Software stack for TPM2." +DESCRIPTION = "OSS implementation of the TCG TPM2 Software Stack (TSS2) " +LICENSE = "BSD-2-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da" +SECTION = "tpm" + +DEPENDS = "autoconf-archive-native libgcrypt openssl" + +SRCREV = "a99e733ba66c359502689a9c42fd5e02ed1dd7d6" + +SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz" +SRC_URI[sha256sum] = "58d7afcab9ff3daaafb5316e57d2c211118334b470d5a5bc6ceace6f89a1e60d" + +inherit autotools pkgconfig systemd extrausers + +PACKAGECONFIG ??= "" +PACKAGECONFIG[oxygen] = ",--disable-doxygen-doc, " +PACKAGECONFIG[fapi] = "--enable-fapi,--disable-fapi,json-c " + +EXTRA_OECONF += "--enable-static --with-udevrulesdir=${base_prefix}/lib/udev/rules.d/" +EXTRA_OECONF_remove = " --disable-static" + + +EXTRA_USERS_PARAMS = "\ + useradd -p '' tss; \ + groupadd tss; \ + " + +PROVIDES = "${PACKAGES}" +PACKAGES = " \ + ${PN} \ + ${PN}-dbg \ + ${PN}-doc \ + libtss2-mu \ + libtss2-mu-dev \ + libtss2-mu-staticdev \ + libtss2-tcti-device \ + libtss2-tcti-device-dev \ + libtss2-tcti-device-staticdev \ + libtss2-tcti-mssim \ + libtss2-tcti-mssim-dev \ + libtss2-tcti-mssim-staticdev \ + libtss2 \ + libtss2-dev \ + libtss2-staticdev \ +" + +FILES_libtss2-tcti-device = "${libdir}/libtss2-tcti-device.so.*" +FILES_libtss2-tcti-device-dev = " \ + ${includedir}/tss2/tss2_tcti_device.h \ + ${libdir}/pkgconfig/tss2-tcti-device.pc \ + ${libdir}/libtss2-tcti-device.so" +FILES_libtss2-tcti-device-staticdev = "${libdir}/libtss2-tcti-device.*a" + +FILES_libtss2-tcti-mssim = "${libdir}/libtss2-tcti-mssim.so.*" +FILES_libtss2-tcti-mssim-dev = " \ + ${includedir}/tss2/tss2_tcti_mssim.h \ + ${libdir}/pkgconfig/tss2-tcti-mssim.pc \ + ${libdir}/libtss2-tcti-mssim.so" +FILES_libtss2-tcti-mssim-staticdev = "${libdir}/libtss2-tcti-mssim.*a" + +FILES_libtss2-mu = "${libdir}/libtss2-mu.so.*" +FILES_libtss2-mu-dev = " \ + ${includedir}/tss2/tss2_mu.h \ + ${libdir}/pkgconfig/tss2-mu.pc \ + ${libdir}/libtss2-mu.so" +FILES_libtss2-mu-staticdev = "${libdir}/libtss2-mu.*a" + +FILES_libtss2 = "${libdir}/libtss2*so.*" +FILES_libtss2-dev = " \ + ${includedir} \ + ${libdir}/pkgconfig \ + ${libdir}/libtss2*so" +FILES_libtss2-staticdev = "${libdir}/libtss*a" + +FILES_${PN} = "${libdir}/udev ${base_prefix}/lib/udev" + +RDEPENDS_libtss2 = "libgcrypt" diff --git a/meta-security/recipes-ids/tripwire/tripwire_2.4.3.7.bb b/meta-security/recipes-ids/tripwire/tripwire_2.4.3.7.bb index c26392a04e..4f50bff737 100644 --- a/meta-security/recipes-ids/tripwire/tripwire_2.4.3.7.bb +++ b/meta-security/recipes-ids/tripwire/tripwire_2.4.3.7.bb @@ -52,6 +52,7 @@ do_install () { install -m 0644 ${S}/man/man4/* ${D}${mandir}/man4 install -m 0644 ${S}/man/man5/* ${D}${mandir}/man5 install -m 0644 ${S}/man/man8/* ${D}${mandir}/man8 + rm ${D}${mandir}/man*/Makefile* install -m 0644 ${S}/policy/templates/* ${D}${docdir}/${BPN}/templates install -m 0644 ${S}/policy/*txt ${D}${docdir}/${BPN} install -m 0644 ${S}/COPYING ${D}${docdir}/${BPN} diff --git a/meta-security/recipes-mac/AppArmor/apparmor_2.13.4.bb b/meta-security/recipes-mac/AppArmor/apparmor_2.13.4.bb index d6f61b39af..552cac70ae 100644 --- a/meta-security/recipes-mac/AppArmor/apparmor_2.13.4.bb +++ b/meta-security/recipes-mac/AppArmor/apparmor_2.13.4.bb @@ -191,7 +191,8 @@ PACKAGES += "mod-${PN}" FILES_${PN} += "/lib/apparmor/ ${sysconfdir}/apparmor ${PYTHON_SITEPACKAGES_DIR}" FILES_mod-${PN} = "${libdir}/apache2/modules/*" -RDEPENDS_${PN} += "coreutils findutils ${@bb.utils.contains('PACKAGECONFIG','python','python3-core python3-modules','', d)}" +# Add coreutils and findutils only if sysvinit scripts are in use +RDEPENDS_${PN} += "${@["coreutils findutils", ""][(d.getVar('VIRTUAL-RUNTIME_init_manager') == 'systemd')]} ${@bb.utils.contains('PACKAGECONFIG','python','python3-core python3-modules','', d)}" RDEPENDS_${PN}_remove += "${@bb.utils.contains('PACKAGECONFIG','perl','','perl', d)}" RDEPENDS_${PN}-ptest += "perl coreutils dbus-lib bash" diff --git a/meta-security/recipes-scanners/clamav/clamav_0.101.5.bb b/meta-security/recipes-scanners/clamav/clamav_0.101.5.bb index f4625b182c..2ea2c9bd27 100644 --- a/meta-security/recipes-scanners/clamav/clamav_0.101.5.bb +++ b/meta-security/recipes-scanners/clamav/clamav_0.101.5.bb @@ -25,7 +25,7 @@ S = "${WORKDIR}/git" LEAD_SONAME = "libclamav.so" SO_VER = "9.0.2" -inherit autotools pkgconfig useradd systemd +inherit autotools pkgconfig useradd systemd multilib_header multilib_script CLAMAV_UID ?= "clamav" CLAMAV_GID ?= "clamav" @@ -45,6 +45,8 @@ PACKAGECONFIG[bz2] = "--with-libbz2-prefix=${CLAMAV_USR_DIR}, --disable-bzip2, b PACKAGECONFIG[ncurses] = "--with-libncurses-prefix=${CLAMAV_USR_DIR}, --without-libncurses-prefix, ncurses, " PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_unitdir}/system/, --without-systemdsystemunitdir, " +MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/clamav-config ${PN}-cvd:${localstatedir}/lib/clamav/mirrors.dat" + EXTRA_OECONF_CLAMAV = "--without-libcheck-prefix --disable-unrar \ --disable-mempool \ --program-prefix="" \ @@ -93,6 +95,7 @@ do_install_append_class-target () { install -d ${D}${sysconfdir}/tmpfiles.d install -m 0644 ${WORKDIR}/tmpfiles.clamav ${D}${sysconfdir}/tmpfiles.d/clamav.conf fi + oe_multilib_header clamav-types.h } pkg_postinst_ontarget_${PN} () { diff --git a/meta-security/recipes-security/sssd/sssd_1.16.4.bb b/meta-security/recipes-security/sssd/sssd_1.16.4.bb index 7ea1586bd4..2c3c8032ec 100644 --- a/meta-security/recipes-security/sssd/sssd_1.16.4.bb +++ b/meta-security/recipes-security/sssd/sssd_1.16.4.bb @@ -39,8 +39,7 @@ PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', PACKAGECONFIG[autofs] = "--with-autofs, --with-autofs=no" PACKAGECONFIG[crypto] = "--with-crypto=libcrypto, , libcrypto" -PACKAGECONFIG[curl] = "--with-secrets --with-kcm, --without-secrets --without-kcm, curl jansson" -PACKAGECONFIG[http] = "--with-secrets, --without-secrets, apache2" +PACKAGECONFIG[curl] = "--with-kcm, --without-kcm, curl jansson" PACKAGECONFIG[infopipe] = "--with-infopipe, --with-infopipe=no, " PACKAGECONFIG[manpages] = "--with-manpages, --with-manpages=no" PACKAGECONFIG[nl] = "--with-libnl, --with-libnl=no, libnl" @@ -60,6 +59,7 @@ EXTRA_OECONF += " \ --without-python2-bindings \ --enable-pammoddir=${base_libdir}/security \ --without-python2-bindings \ + --without-secrets \ " do_configure_prepend() { @@ -85,6 +85,7 @@ do_install () { # Remove /var/run as it is created on startup rm -rf ${D}${localstatedir}/run + rm -f ${D}${systemd_system_unitdir}/sssd-secrets.* } pkg_postinst_ontarget_${PN} () { @@ -109,8 +110,6 @@ SYSTEMD_SERVICE_${PN} = " \ sssd-pam-priv.socket \ sssd-pam.service \ sssd-pam.socket \ - sssd-secrets.service \ - sssd-secrets.socket \ sssd.service \ " SYSTEMD_AUTO_ENABLE = "disable" -- cgit v1.2.3