Age | Commit message (Collapse) | Author |
|
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
* WORKDIR -> UNPACKDIR transition
* Switch away from S = WORKDIR
Signed-off-by: Changqing Li <changqing.li@windriver.com>
[Fixed up the smack changes due to prior patch]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
ChangeLog:
https://github.com/ComplianceAsCode/content/releases/tag/v0.1.73
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The option --without-python2-bindings was added twice, by the commit
4375507f39ed4bc62e1304838870be65f3a81460, and then after python2 was
deprecated with the commit 96737082ad20eabcbbaa82b0cacee0d05d50eaab.
This removes the latter.
Signed-off-by: Gaël PORTAY <gael.portay@rtone.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
${WORKDIR}
* fixes:
Parsing recipes...
ERROR: meta-security/recipes-mac/smack/mmap-smack-test_1.0.bb: Using S = ${WORKDIR} is no longer supported
ERROR: meta-security/recipes-mac/smack/tcp-smack-test_1.0.bb: Using S = ${WORKDIR} is no longer supported
ERROR: meta-security/recipes-mac/smack/udp-smack-test_1.0.bb: Using S = ${WORKDIR} is no longer supported
ERROR: meta-security/recipes-mac/smack/smack-test_1.0.bb: Using S = ${WORKDIR} is no longer supported
ERROR: Parsing halted due to errors, see error messages above
* see:
https://lists.openembedded.org/g/openembedded-architecture/message/2007
* it's fatal error since:
https://git.openembedded.org/openembedded-core/commit/?h=master&id=32cba1cc916ad530c5e6630a927e74ca6f06289b
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
tcp-smack-test:
http://errors.yoctoproject.org/Errors/Details/766925/
tcp_client.c:55:16: error: implicit declaration of function 'atoi' [-Wimplicit-function-declaration]
udp-client-tests:
http://errors.yoctoproject.org/Errors/Details/766927/
udp_client.c:41:16: error: implicit declaration of function 'atoi' [-Wimplicit-function-declaration]
udp_client.c:51:12: error: implicit declaration of function 'fsetxattr' [-Wimplicit-function-declaration]
udp_client.c:66:9: error: implicit declaration of function 'close'; did you mean 'pclose'? [-Wimplicit-function-declaration]
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Bump tpm2-tss library version from 4.0.1 to 4.1.2.
This simply involves renaming the recipe and chaning the target SHA256
library file hash.
Also update the fixup_hosttools.patch to apply to the new version of the
library. It stays the same functionally, but some line numbers needed to
be updated to apply cleanly.
Signed-off-by: Valentin Kunin <kunin@google.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Dependency for nativesdk-swtpm
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
nativesdk-swtpm needs nativesdk-libtpm
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
tpm2-pkcs11-tools-native needs tpm2-tools-native
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
swtpm-native requires tpm2-pkcs11-tools-native for gnutls PACKAGECONFIG
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
version 0.8.2:
- swtpm:
- cuse: Lock file_ops_lock before reading tpm_running
- build-sys:
- Add support for --disable-tests to disable tests
https://github.com/stefanberger/swtpm/compare/v0.8.1...v0.8.2
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
ChangeLog:
https://github.com/ComplianceAsCode/content/releases/tag/v0.1.72
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
ChangeLog:
https://github.com/OpenSCAP/openscap/releases/tag/1.3.10
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
libseccomp requires DISTRO_FEATURE seccomp enabled. This one
is automatically removed for riscv, so we do not need to add
an additional condition.
This change is necessary for cve-check on world with meta-security
Signed-off-by: Marta Rybczynska <marta.rybczynska@syslinbit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Remove __pycache__ directories as they contain references to TMPDIR.
Fix QA warnings:
WARNING: scap-security-guide-0.1.71-r0 do_package_qa: QA Issue: File
/usr/lib64/scap-security-guide/ptest/git/utils/_pycache_/gen_reference_table.cpython-312.pyc
in package scap-security-guide-ptest contains reference to TMPDIR
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
* Refresh patch
* Fix UPSTREAM_CHECK_GITTAGREGEX
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
0001-osdetection-add-OpenEmbedded-and-Poky.patch
removed since it's included in 3.1.1.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Remove '-DALG_CAMELLIA=ALG_NO' from CFLAGS to fix compile error:
| TpmProfile_Common.h:109: error: "ALG_CAMELLIA" redefined [-Werror]
| 109 | #define ALG_CAMELLIA ALG_YES
| |
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Simple fix for Python 3.12 since it dropped asyncore. Catches the import
error instead of using a version check so that the user can install the
compatibility package for any uses that can't be upgraded to asyncio or
similar immediately.
Fixes:
# python3
Python 3.12.1 (main, Dec 7 2023, 20:45:44) [GCC 13.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import pyinotify
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib64/python3.12/site-packages/pyinotify.py", line 71, in <module>
import asyncore
ModuleNotFoundError: No module named 'asyncore'
>>>
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The install expects man8 directory to already exists. If not created
the man page gets installed as "man8", which causes conflicts with
other packages, that expect it to be a directory.
'arpsnmp' -> '/build/project/tmp/work/corei7-64-poky-linux/arpwatch/3.3/image/usr/sbin/arpsnmp'
'./arpwatch.8' -> '/build/project/tmp/work/corei7-64-poky-linux/arpwatch/3.3/image/usr/share/man/man8'
removed '/build/project/tmp/work/corei7-64-poky-linux/arpwatch/3.3/image/usr/share/man/man8'
'./arpsnmp.8' -> '/build/project/tmp/work/corei7-64-poky-linux/arpwatch/3.3/image/usr/share/man/man8'
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
According to the Yocto reference manual [1], the IMAGE_NAME_SUFFIX should
be set to empty for the initramfs image. Otherwise, we may incur a build
error like following due to the initrd check in live-vm-common.bbclass:
ERROR: core-image-minimal-1.0-r0 do_bootimg: build-test/tmp/deploy/images/genericx86-64/dm-verity-image-initramfs-genericx86-64.cpio.gz is invalid. initrd image creation failed.
ERROR: core-image-minimal-1.0-r0 do_bootimg: ExecutionError('build-test/tmp/work/genericx86_64-poky-linux/core-image-minimal/1.0/temp/run.build_hddimg.1961965', 1, None, None)
ERROR: Logfile of failure stored in: build-test/tmp/work/genericx86_64-poky-linux/core-image-minimal/1.0/temp/log.do_bootimg.1961965
ERROR: Task (poky/meta/recipes-core/images/core-image-minimal.bb:do_bootimg) failed with exit code '1'
[1] https://docs.yoctoproject.org/ref-manual/variables.html#term-IMAGE_NAME_SUFFIX
Signed-off-by: Kevin Hao <kexin.hao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
drop patch now included.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Arpwatch won't build on a system without a sendmail provider
installed with out this setting.
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
After the using inherit_defer for the image classes in oe-core commit
451363438d38 ("classes/recipes: Switch to use inherit_defer"),
the using of anonymous python function in dm-verity-img.bbclass to
set the IMAGE_FSTYPES doesn't work anymore. The reason is that
image.bbclass also use anonymous python function to add the do_image_xxx
task for the corresponding filesystem type. The anonymous function in
dm-verity-img.bbclass is evaluated much later than the one in
image.bbclass. Then the task such as do_image_vhash will not be added
as we expect. So we choose to use "+=" to set the IMAGE_FSTYPES.
The populate_sdk_ext.bbclass may generate a dependency list like below:
core-image-minimal.do_sdk_depends -> lib32-core-image-minimal.do_image_vhash
So we also need to make sure the do_image_vhash task for the multilib
filesystem is added.
Signed-off-by: Kevin Hao <kexin.hao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
After the oe-core commit 26d97acc7137 ("image-artifact-names: include
${IMAGE_NAME_SUFFIX} directly in both ${IMAGE_NAME} and
${IMAGE_LINK_NAME}"), the image names have changed from
core-image-minimal-qemux86-64-20230307181808.rootfs.ext4
core-image-minimal-qemux86-64.ext4
to
core-image-minimal-qemux86-64.rootfs-20230307181456.ext4
core-image-minimal-qemux86-64.rootfs.ext4
Adjust the images name used by dm-verity according to this change.
Signed-off-by: Kevin Hao <kexin.hao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Kevin Hao <kexin.hao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
V2] Fix typo in python3-pyinotify changes
|
|
Lynis tool needs ip, ss, tr and netstat.
If they are missing Lynis skips some important audit tests.
Signed-off-by: BELOUARGA Mohamed <m.belouarga@technologyandstrategy.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Checksec tool depends of commands "find, file and ps"
Signed-off-by: BELOUARGA Mohamed <m.belouarga@technologyandstrategy.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Backport a patch to fix build with python 3.12:
$ bitbake openscap-native
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'distutils'
CMake Error at swig/python3/CMakeLists.txt:35 (install):
install TARGETS given no LIBRARY DESTINATION for module target
"_openscap_py".
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Append to IMAGE_INSTALL rather than directly setting the variable
and does it after inheriting core-image.bbclass because in it
IMAGE_INSTALL is set with a default value CORE_IMAGE_BASE_INSTALL.
Variable CORE_IMAGE_BASE_INSTALL includes CORE_IMAGE_EXTRA_INSTALL
so the change allows adding auditd to CORE_IMAGE_EXTRA_INSTALL as
per the instructions in meta-integrity/README.md.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Add audit.cfg configuration fragment. By default it is not appended
to SRC_URI. It allows enabling the audit kernel subsystem which may
help to debug appraisal issues. Boot with "integrity_audit=1" to
capture a more complete set of events in /var/log/audit/.
Previously the same configuration fragment was provided by layer
meta-security-framework but it is no longer maintained therefore it
makes sense to have audit.cfg in layer meta-integrity.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
change branch name to stable.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
It's not mentioned anywhere in source code, and python 3.12
has removed it.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Nicholas Nooney (1):
Update error messages in htool_exec_hostcmd (#43)
Royce (1):
Add ability to process raw host commands (#41)
Yoan Andreev (1):
Payload getstatus (#40)
daimeng (1):
htool: Allow console snapshot on proxy channels (#42)
Signed-off-by: Yushi Sun <yushis@google.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
New openssl 3.2.0 version removed spaces around serialNumber in:
Subject: CN=parallaxsecond.com, serialNumber=EZ4U2CIXL
Fixes parsec-service oeqa test on qemu.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
If image recipe A wants to embed another image B which used
dm-verity-img.bbclass and generated the .wks file, then
recipe B must deploy everything to IMGDEPLOYDIR but recipe A
finds the output from DM_VERITY_DEPLOY_DIR = "${DEPLOY_DIR_IMAGE}".
Now both A and B images can use dm-verity-img.bbclass.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Reviewed-by: Erik Schilling <erik.schilling@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
It is embedded into IMAGE_NAME since poky master branch commit
6f6c79029bc2020907295858449c725952d560a1
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Erik Schilling <erik.schilling@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Build host may not have bc.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Erik Schilling <erik.schilling@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
systemd tool ukify
https://www.freedesktop.org/software/systemd/man/latest/ukify.html
depends on systemd-measure
https://www.freedesktop.org/software/systemd/man/latest/systemd-measure.html
which depends on tpm2-tss. So to support creating UKI
images containing both kernel and initramfs with systemd-native,
tpm2-tss support is needed for native too.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Reviewed-by: Erik Schilling <erik.schilling@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
drop EXTRA_OECONF
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|