exclude arm and aarch64 ptest tasks
[v2&3]
Sent before committing.
Signed-off-by: Armin Kuster
---
recipes-mac/AppArmor/apparmor_2.13.3.bb | 18 ++
1 file changed, 18 insertions(+)
diff --git a/recipes-mac/AppArmor/apparmor_2.13.3.bb
b/recipes-mac/AppArmor/apparmor_2.13.
exclude arm and aarch64 ptest tasks
Signed-off-by: Armin Kuster
---
recipes-mac/AppArmor/apparmor_2.13.3.bb | 22 ++
1 file changed, 22 insertions(+)
diff --git a/recipes-mac/AppArmor/apparmor_2.13.3.bb
b/recipes-mac/AppArmor/apparmor_2.13.3.bb
index d434fd3..ba7065b
exclude arm and aarch64 ptest tasks
Signed-off-by: Armin Kuster
---
recipes-mac/AppArmor/apparmor_2.13.3.bb | 22 ++
1 file changed, 22 insertions(+)
diff --git a/recipes-mac/AppArmor/apparmor_2.13.3.bb
b/recipes-mac/AppArmor/apparmor_2.13.3.bb
index d434fd3..ba7065b
[Yocto # 13568]
Signed-off-by: Armin Kuster
---
recipes-mac/AppArmor/apparmor_2.13.3.bb | 16 +++-
1 file changed, 11 insertions(+), 5 deletions(-)
diff --git a/recipes-mac/AppArmor/apparmor_2.13.3.bb
b/recipes-mac/AppArmor/apparmor_2.13.3.bb
index 6183064..d434fd3 100644
update test to check for depends
Signed-off-by: Armin Kuster
---
lib/oeqa/runtime/cases/checksec.py | 1 +
recipes-security/checksec/checksec_2.1.0.bb | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/lib/oeqa/runtime/cases/checksec.py
b/lib/oeqa/runtime/cases
cp: cannot stat
'/./tmp-glibc/work/core2-32-oe-linux/suricata/4.1.5-r0/rules': No such file
or directory
| WARNING: exit code 1 from a shell command.
Signed-off-by: Armin Kuster
---
recipes-ids/suricata/suricata_4.1.5.bb | 3 ---
1 file changed, 3 deletions(-)
diff --git a/recipes-ids
Signed-off-by: Armin Kuster
---
.../recipes-kernel/linux/linux-yocto_4.14.bbappend | 20 ++--
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_4.14.bbappend
b/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_4.14
Signed-off-by: Armin Kuster
---
conf/layer.conf | 2 +-
meta-integrity/conf/layer.conf | 2 +-
meta-security-compliance/conf/layer.conf | 2 +-
meta-tpm/conf/layer.conf | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/conf
From: Ross Burton
Debian 10 is the new stable release and is being tested on the autobuilder, so
add this to the supported distribution list.
[ YOCTO #13432 ]
Signed-off-by: Ross Burton
Signed-off-by: Richard Purdie
Signed-off-by: Armin Kuster
---
meta-poky/conf/distro/poky.conf | 1 +
1
From: Kevin Hao
Boot test for all these boards.
Signed-off-by: Kevin Hao
Signed-off-by: Richard Purdie
Signed-off-by: Armin Kuster
---
.../recipes-kernel/linux/linux-yocto_4.19.bbappend | 20 ++--
.../recipes-kernel/linux/linux-yocto_5.0.bbappend| 20
From: Ross Burton
Signed-off-by: Ross Burton
Signed-off-by: Richard Purdie
Signed-off-by: Armin Kuster
---
meta-poky/conf/distro/poky.conf | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta-poky/conf/distro/poky.conf b/meta-poky/conf/distro/poky.conf
index f2df2c1..de744f6 100644
Please merge these changes to meta-yocto warrior
The following changes since commit c16082ffa61f485e120670fbdf075f3fa8597494:
poky.conf: Bump version for 2.7.1 warrior release (2019-06-30 22:41:39 +0100)
are available in the git repository at:
git://git.yoctoproject.org/poky-contrib
Signed-off-by: Armin Kuster
---
.../suricata/python3-suricata-update_1.0.5.bb | 15 +++
1 file changed, 15 insertions(+)
create mode 100644 recipes-ids/suricata/python3-suricata-update_1.0.5.bb
diff --git a/recipes-ids/suricata/python3-suricata-update_1.0.5.bb
b/recipes-ids
Signed-off-by: Armin Kuster
---
meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_0.9.9.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_0.9.9.bb
b/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_0.9.9.bb
index 222bb6d..2185749
Signed-off-by: Armin Kuster
---
.../tpm2-totp/{tpm2-totp_0.1.1.bb => tpm2-totp_0.1.2.bb}| 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta-tpm/recipes-tpm2/tpm2-totp/{tpm2-totp_0.1.1.bb =>
tpm2-totp_0.1.2.bb} (90%)
diff --git a/meta-tpm/recipes-tpm2/tpm2-tot
drop patch already in update
Signed-off-by: Armin Kuster
---
...-ax_code_coverage.m4-version-2019.01.patch | 84 ---
.../{tpm2-tss_2.2.3.bb => tpm2-tss_2.3.1.bb} | 5 +-
2 files changed, 2 insertions(+), 87 deletions(-)
delete mode 100644
meta-tpm/recipes-tpm2/tpm2-tss/t
Signed-off-by: Armin Kuster
---
.../{tpm2-tss-engine_1.0.0.bb => tpm2-tss-engine_1.0.1.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta-tpm/recipes-tpm2/tpm2-tss-engine/{tpm2-tss-engine_1.0.0.bb =>
tpm2-tss-engine_1.0.1.bb} (95%)
diff --git a/meta-tpm/recipe
Signed-off-by: Armin Kuster
---
meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb
b/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb
index
Signed-off-by: Armin Kuster
---
.../tpm2-abrmd/{tpm2-abrmd_2.1.1.bb => tpm2-abrmd_2.2.0.bb}| 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
rename meta-tpm/recipes-tpm2/tpm2-abrmd/{tpm2-abrmd_2.1.1.bb =>
tpm2-abrmd_2.2.0.bb} (97%)
diff --git a/meta-tpm/recipes-tpm2/tpm2-abrm
Signed-off-by: Armin Kuster
---
meta-tpm/recipes-tpm/swtpm/{swtpm_0.1.0.bb => swtpm_0.2.0.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta-tpm/recipes-tpm/swtpm/{swtpm_0.1.0.bb => swtpm_0.2.0.bb} (96%)
diff --git a/meta-tpm/recipes-tpm/swtpm/swtpm_0.1.0.bb
b/me
Signed-off-by: Armin Kuster
---
.../recipes-tpm/libtpm/{libtpm_0.6.0.bb => libtpm_0.7.0.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta-tpm/recipes-tpm/libtpm/{libtpm_0.6.0.bb => libtpm_0.7.0.bb} (88%)
diff --git a/meta-tpm/recipes-tpm/libtpm/libtpm_0.6.0.bb
Backport patch to fix build against newer kernels.
Signed-off-by: Armin Kuster
---
...-packet-fix-build-on-recent-Linux-kernels.patch | 26 ++
.../{libhtp_0.5.29.bb => libhtp_0.5.30.bb} | 0
recipes-ids/suricata/suricata.inc |
ERROR: oe-scap-1.0-r0 do_package_qa: QA Issue: /usr/share/oe-scap/run_tests.sh
contained in package oe-scap requires /bin/bash, but no providers found in
RDEPENDS_oe-scap? [file-rdeps]
Signed-off-by: Armin Kuster
---
meta-security-compliance/recipes-openscap/oe-scap/oe-scap_1.0.bb | 2 +-
1
ERROR: cryptsetup-tpm-incubator-0.9.9-r0 do_package_qa: QA Issue:
/usr/lib/libcryptsetup.so.12.3.0 contained in package cryptsetup-tpm-incubator
requires libdevmapper.so.1.02(DM_1_02_97)(64bit), but no providers found in
RDEPENDS_cryptsetup-tpm-incubator? [file-rdeps]
Signed-off-by: Armin
This ensures openscap-native does install the needed patches
security guilde needs to build
Minor recipe cleanup too
Signed-off-by: Armin Kuster
---
.../scap-security-guide/scap-security-guide.inc| 7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git
a/meta
add cleandir depends to do_install task
This nostamp is causing issues with the yocto-check-layer when checking
hash changes.
Signed-off-by: Armin Kuster
---
.../recipes-openscap/openscap/openscap.inc | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git
remove lsb functions from init script
Signed-off-by: Armin Kuster
---
recipes-mac/AppArmor/apparmor_2.13.3.bb | 2 +-
recipes-mac/AppArmor/files/apparmor | 1 -
2 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/recipes-mac/AppArmor/apparmor_2.13.3.bb
b/recipes-mac/AppArmor
it had ima_policy_hashed and did not match the recipe
ima-policy-hashed
found by yocto-check-layer
Signed-off-by: Armin Kuster
---
.../recipes-core/initrdscripts/initramfs-framework-ima.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
a/meta-integrity/recipes-core
Signed-off-by: Armin Kuster
---
recipes-core/busybox/busybox_%.bbappend| 4 +---
recipes-core/busybox/busybox_libsecomp.inc | 3 +++
2 files changed, 4 insertions(+), 3 deletions(-)
create mode 100644 recipes-core/busybox/busybox_libsecomp.inc
diff --git a/recipes-core/busybox/busybox_
Also remove tpm packagegroup reference
Signed-off-by: Armin Kuster
---
recipes-security/packagegroup/packagegroup-core-security.bb | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/recipes-security/packagegroup/packagegroup-core-security.bb
b/recipes-security/packagegroup
update python package names
Signed-off-by: Armin Kuster
---
.../packagegroup/packagegroup-core-security-ptest.bb| 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/recipes-security/packagegroup/packagegroup-core-security-ptest.bb
b/recipes-security/packagegroup
fixup run-ptest
Signed-off-by: Armin Kuster
---
recipes-security/scapy/files/run-ptest| 2 +-
recipes-security/scapy/python-scapy.inc | 22 ---
recipes-security/scapy/python-scapy_2.4.3.bb | 11
recipes-security/scapy/python3-scapy_2.4.3.bb | 27
Signed-off-by: Armin Kuster
---
meta-integrity/recipes-core/images/integrity-image-minimal.bb | 1 -
1 file changed, 1 deletion(-)
diff --git a/meta-integrity/recipes-core/images/integrity-image-minimal.bb
b/meta-integrity/recipes-core/images/integrity-image-minimal.bb
index e1bc6ff..1a3a30a
create the cache dir at install time
Signed-off-by: Armin Kuster
---
.../AppArmor/{apparmor_2.13.2.bb => apparmor_2.13.3.bb} | 8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
rename recipes-mac/AppArmor/{apparmor_2.13.2.bb => apparmor_2.13.3.bb} (96%)
diff --git a/recip
apparmor-2.13.2-r0 do_package_qa: QA Issue: /usr/bin/aa-easyprof contained in
package apparmor requires /usr/bin/python3, but no providers found in
RDEPENDS_apparmor? [file-rdeps]
Signed-off-by: Armin Kuster
---
recipes-mac/AppArmor/apparmor_2.13.2.bb | 2 +-
1 file changed, 1 insertion(+), 1
use wildcards
Signed-off-by: Armin Kuster
---
recipes-kernel/linux/{linux-stable_5.2.bbappend => linux-%_5.%.bbappend} | 0
1 file changed, 0 insertions(+), 0 deletions(-)
rename recipes-kernel/linux/{linux-stable_5.2.bbappend =>
linux-%_5.%.bbappend} (100%)
diff --git a/recipes-kernel
Signed-off-by: Armin Kuster
---
recipes-kernel/linux/linux-yocto-dev.bbappend | 13 ++---
1 file changed, 2 insertions(+), 11 deletions(-)
diff --git a/recipes-kernel/linux/linux-yocto-dev.bbappend
b/recipes-kernel/linux/linux-yocto-dev.bbappend
index 68b2b8b..239e30e 100644
remove kernel fragments now that they are in the
kernel-cache for 4.19
update bbappend accordingly.
Signed-off-by: Armin Kuster
---
recipes-kernel/linux/linux-yocto/apparmor.cfg | 15 ---
.../linux/linux-yocto/apparmor_on_boot.cfg| 1 -
.../linux/linux-yocto/smack
Signed-off-by: Armin Kuster
---
recipes-kernel/linux/linux-stable_5.2.bbappend | 4
1 file changed, 4 insertions(+)
create mode 100644 recipes-kernel/linux/linux-stable_5.2.bbappend
diff --git a/recipes-kernel/linux/linux-stable_5.2.bbappend
b/recipes-kernel/linux/linux-stable_5.2
Signed-off-by: Armin Kuster
---
.../recipes-kernel/linux/linux-%.bbappend | 5 ++---
.../recipes-kernel/linux/linux/ima.cfg | 18 --
.../linux/linux/ima_evm_root_ca.cfg| 3 ---
.../recipes-kernel/linux/linux/modsign.cfg | 5 -
.../recipes
Signed-off-by: Armin Kuster
---
recipes-kernel/linux/linux-%.bbapend | 9 -
recipes-kernel/linux/linux/apparmor.cfg | 9 -
recipes-kernel/linux/linux/apparmor_on_boot.cfg | 1 -
recipes-kernel/linux/linux/smack-default-lsm.cfg | 2 --
recipes-kernel/linux
Signed-off-by: Armin Kuster
---
meta-integrity/recipes-core/images/integrity-image-minimal.bb | 1 -
1 file changed, 1 deletion(-)
diff --git a/meta-integrity/recipes-core/images/integrity-image-minimal.bb
b/meta-integrity/recipes-core/images/integrity-image-minimal.bb
index e1bc6ff..1a3a30a
Signed-off-by: Armin Kuster
---
features/yama/yama.cfg | 1 +
features/yama/yama.scc | 4
2 files changed, 5 insertions(+)
create mode 100644 features/yama/yama.cfg
create mode 100644 features/yama/yama.scc
diff --git a/features/yama/yama.cfg b/features/yama/yama.cfg
new file mode 100644
Signed-off-by: Armin Kuster
---
features/smack/smack.cfg | 10 ++
features/smack/smack.scc | 4
2 files changed, 14 insertions(+)
create mode 100644 features/smack/smack.cfg
create mode 100644 features/smack/smack.scc
diff --git a/features/smack/smack.cfg b/features/smack
Signed-off-by: Armin Kuster
---
features/apparmor/apparmor.cfg | 7 +++
features/apparmor/apparmor.scc | 5 +
features/apparmor/apparmor_on_boot.cfg | 1 +
3 files changed, 13 insertions(+)
create mode 100644 features/apparmor/apparmor.cfg
create mode 100644 features
Signed-off-by: Armin Kuster
---
features/ima/ima.cfg | 18 ++
features/ima/ima.scc | 4
features/ima/ima_evm_root_ca.cfg | 3 +++
features/ima/modsign.cfg | 3 +++
features/ima/modsign.scc | 6 ++
5 files changed, 34 insertions
It is time to move the kernel fragments out of meta-security to cache.
It should make maintenance easier.
Armin Kuster (4):
kernel-cache: add apparmor fragments
kernel-cache: add smack
kernel-cache: add ima fragments
kernel-cache: add yama security fragments
features/apparmor
From: Dmitry Eremin-Solenikov
Add bbclass responsible for handling signing of kernel modules.
Signed-off-by: Dmitry Eremin-Solenikov
fixup class to avoid including in every configure task
Signed-off-by: Armin Kuster
---
meta-integrity/classes/kernel-modsign.bbclass | 29
Signed-off-by: Armin Kuster
---
files/waf-cross-answers/README | 3 --
files/waf-cross-answers/cross-answers-aarch64.txt | 39 -
.../waf-cross-answers/cross-answers-aarch64_be.txt | 39 -
files/waf-cross-answers/cross-answers-arm.txt
Signed-off-by: Armin Kuster
---
.../libldb/avoid-openldap-unless-wanted.patch | 13 --
...-import-target-module-while-cross-compile.patch | 58 ---
recipes-support/libldb/libldb/options-1.3.1.patch | 193 -
recipes-support/libldb/libldb_1.3.1.bb | 64
now in meta-oe
Signed-off-by: Armin Kuster
---
.../files/fix_library_install_path.patch | 28 --
...ror-report-by-adding-default-message.patch | 42 ---
.../keyutils-test-fix-output-format.patch | 41 --
recipes-security/keyutils/files/run-ptest | 3
for 1.16 context, CVE-2019-13122 ]
Signed-off-by: Armin Kuster
---
patchwork/filters.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/patchwork/filters.py b/patchwork/filters.py
index 87c904f..b734207 100644
--- a/patchwork/filters.py
+++ b/patchwork/filters.py
@@ -212,7
This is an untested backported patch from stable/2.0 patchwork for the OE
version.
It is a function already being used in the file so I have high confidence it
wont introduce
any new issues.
Andrew Donnellan (1):
filters: Escape State names when generating selector HTML
create a PV version to track upstream
git version includes OE changes
Signed-off-by: Armin Kuster
---
.../scap-security-guide.inc | 47 ++
.../scap-security-guide_0.1.44.bb | 8 +++
.../scap-security-guide_git.bb| 63
with some for the recipe updates, more pyton support is needed
Signed-off-by: Armin Kuster
---
meta-security-compliance/conf/layer.conf | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/meta-security-compliance/conf/layer.conf
b/meta-security-compliance/conf/layer.conf
removed unneeded patch
convert over to cmake
refactor files
Signed-off-by: Armin Kuster
---
.../openscap/files/crypto_pkgconfig.patch | 36
.../recipes-openscap/openscap/openscap.inc| 75 +
.../recipes-openscap/openscap/openscap_git.bb | 83
Signed-off-by: Armin Kuster
---
.../recipes-openscap/openscap/openscap.inc| 11 +--
.../recipes-openscap/openscap/openscap_1.3.1.bb | 10 ++
.../recipes-openscap/openscap/openscap_git.bb | 4 ++--
3 files changed, 17 insertions(+), 8 deletions
Signed-off-by: Armin Kuster
---
meta-security-compliance/README | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta-security-compliance/README b/meta-security-compliance/README
index b29c143..320f856 100644
--- a/meta-security-compliance/README
+++ b/meta-security
Signed-off-by: Armin Kuster
---
.../recipes-auditors/lynis/{lynis_2.7.2.bb => lynis_2.7.5.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta-security-compliance/recipes-auditors/lynis/{lynis_2.7.2.bb =>
lynis_2.7.5.bb} (89%)
diff --git a/meta-security-compliance/r
Signed-off-by: Armin Kuster
---
recipes-security/clamav/clamav_0.99.4.bb | 6 ++
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/recipes-security/clamav/clamav_0.99.4.bb
b/recipes-security/clamav/clamav_0.99.4.bb
index 7d8767e..7f04337 100644
--- a/recipes-security/clamav
Signed-off-by: Armin Kuster
---
.../{libmspack_0.10.1.bb => libmspack_1.9.1.bb}| 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
rename recipes-security/libmspack/{libmspack_0.10.1.bb => libmspack_1.9.1.bb}
(53%)
diff --git a/recipes-security/libmspack/libmspack_
Clean up recipe to match actual app
Signed-off-by: Armin Kuster
---
.../recipes-tpm2/tpm2-totp/tpm2-totp_0.1.1.bb | 18 ++
.../recipes-tpm2/tpm2-totp/tpm2-totp_0.9.9.bb | 17 -
2 files changed, 18 insertions(+), 17 deletions(-)
create mode 100644 meta-tpm
Signed-off-by: Armin Kuster
---
.../tpm2-tss/{tpm2-tss_2.2.1.bb => tpm2-tss_2.2.3.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta-tpm/recipes-tpm2/tpm2-tss/{tpm2-tss_2.2.1.bb => tpm2-tss_2.2.3.bb}
(97%)
diff --git a/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss
Signed-off-by: Armin Kuster
---
.../tpm2-tools/{tpm2-tools_3.1.3.bb => tpm2-tools_3.2.0.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta-tpm/recipes-tpm2/tpm2-tools/{tpm2-tools_3.1.3.bb =>
tpm2-tools_3.2.0.bb} (86%)
diff --git a/meta-tpm/recipes-tpm2/tpm2-tool
Signed-off-by: Armin Kuster
---
meta-tpm/recipes-core/images/security-tpm-image.bb | 7 +++
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/meta-tpm/recipes-core/images/security-tpm-image.bb
b/meta-tpm/recipes-core/images/security-tpm-image.bb
index a337076..dbdd309 100644
Signed-off-by: Armin Kuster
---
.../{tpm2-tss-engine_0.9.9.bb => tpm2-tss-engine_1.0.0.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta-tpm/recipes-tpm2/tpm2-tss-engine/{tpm2-tss-engine_0.9.9.bb =>
tpm2-tss-engine_1.0.0.bb} (95%)
diff --git a/meta-tpm/recipe
license-check-sum: Add SPDX format
Signed-off-by: Armin Kuster
---
meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_0.9.9.bb | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_0.9.9.bb
b/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2
Signed-off-by: Armin Kuster
---
meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb
b/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb
index
Signed-off-by: Armin Kuster
---
.../recipes-core/images/security-tpm2-image.bb | 18 ++
.../packagegroup/packagegroup-security-tpm2.bb | 5 -
2 files changed, 22 insertions(+), 1 deletion(-)
create mode 100644 meta-tpm/recipes-core/images/security-tpm2-image.bb
diff --git
Signed-off-by: Armin Kuster
---
meta-tpm/lib/oeqa/runtime/cases/tpm2.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta-tpm/lib/oeqa/runtime/cases/tpm2.py
b/meta-tpm/lib/oeqa/runtime/cases/tpm2.py
index 240a9b3..c6f9d92 100644
--- a/meta-tpm/lib/oeqa/runtime/cases
Signed-off-by: Armin Kuster
---
.../recipes-security/ima-evm-utils/ima-evm-utils_git.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb
b/meta-integrity/recipes-security/ima-evm-utils/ima-evm
Signed-off-by: Armin Kuster
---
.../initrdscripts/initramfs-framework-ima.bb | 12
1 file changed, 4 insertions(+), 8 deletions(-)
diff --git
a/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb
b/meta-integrity/recipes-core/initrdscripts/initramfs
Signed-off-by: Armin Kuster
---
meta-integrity/data/ima_policy_appraise_all | 29
meta-integrity/data/ima_policy_hashed | 77 -
meta-integrity/data/ima_policy_simple | 4 --
3 files changed, 110 deletions(-)
delete mode 100644 meta-integrity/data
remove untested code
Signed-off-by: Armin Kuster
---
.../recipes-kernel/linux/linux-%.bbappend | 117 +-
1 file changed, 2 insertions(+), 115 deletions(-)
diff --git a/meta-integrity/recipes-kernel/linux/linux-%.bbappend
b/meta-integrity/recipes-kernel/linux/linux
Signed-off-by: Armin Kuster
---
.../images/integrity-image-minimal.bb | 22 +++
1 file changed, 22 insertions(+)
create mode 100644
meta-integrity/recipes-core/images/integrity-image-minimal.bb
diff --git a/meta-integrity/recipes-core/images/integrity-image-minimal.bb
Signed-off-by: Armin Kuster
---
.../ima_policy_simple/files/ima_policy_simple | 4
.../ima_policy_simple/ima-policy-simple_1.0.bb | 18 ++
2 files changed, 22 insertions(+)
create mode 100644
meta-integrity/recipes-security/ima_policy_simple/files/ima_policy_simple
Signed-off-by: Armin Kuster
---
meta-integrity/lib/oeqa/runtime/__init__.py | 0
meta-integrity/lib/oeqa/runtime/cases/ima.py | 129 +++
meta-integrity/lib/oeqa/runtime/ima.py | 82
3 files changed, 129 insertions(+), 82 deletions(-)
delete mode 100644
Signed-off-by: Armin Kuster
---
.../ima_policy_hashed/files/ima_policy_hashed | 77 +++
.../ima-policy-hashed_1.0.bb | 20 +
2 files changed, 97 insertions(+)
create mode 100644
meta-integrity/recipes-security/ima_policy_hashed/files/ima_policy_hashed
Signed-off-by: Armin Kuster
---
.../files/ima_policy_appraise_all | 29 +++
.../ima-policy-appraise-all_1.0.bb| 18
2 files changed, 47 insertions(+)
create mode 100644
meta-integrity/recipes-security/ima_policy_appraise_all/files
Signed-off-by: Armin Kuster
---
meta-integrity/recipes-core/base-files/base-files-ima.inc| 5 +
meta-integrity/recipes-core/base-files/base-files_%.bbappend | 1 +
2 files changed, 6 insertions(+)
create mode 100644 meta-integrity/recipes-core/base-files/base-files-ima.inc
create mode
Signed-off-by: Armin Kuster
---
meta-integrity/README.md | 253 ++
meta-integrity/classes/ima-evm-rootfs.bbclass | 92 +++
meta-integrity/conf/layer.conf| 22 ++
.../data/debug-keys/privkey_ima.pem | 16 ++
meta-integrity/data
update to tip
backported patches to fix build issues.
fix native support
Signed-off-by: Armin Kuster
---
.../ima-evm-utils/ima-evm-utils.inc | 19 --
...link-to-libcrypto-instead-of-OpenSSL.patch | 65 +++
...ls-replace-INCLUDES-with-AM_CPPFLAGS.patch | 43
Signed-off-by: Armin Kuster
---
.../recipes-kernel/linux/linux/ima.cfg| 28 ++-
.../linux/linux/ima_evm_root_ca.cfg | 6 ++--
2 files changed, 18 insertions(+), 16 deletions(-)
diff --git a/meta-integrity/recipes-kernel/linux/linux/ima.cfg
b/meta-integrity
Signed-off-by: Armin Kuster
---
meta-integrity/README.md | 5 +
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/meta-integrity/README.md b/meta-integrity/README.md
index ba96d8e..5bef76e 100644
--- a/meta-integrity/README.md
+++ b/meta-integrity/README.md
@@ -24,12 +24,9
Signed-off-by: Armin Kuster
---
meta-integrity/conf/layer.conf | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta-integrity/conf/layer.conf b/meta-integrity/conf/layer.conf
index e8bb268..2f696cf 100644
--- a/meta-integrity/conf/layer.conf
+++ b/meta-integrity/conf/layer.conf
@@ -20,3
Copied meta-integrity from meta-intel-iot-security that Intel created,
to carry on maintenance.
This update that code base to work on master.
runtime test passes on Arm H/w and qemux86-64
Armin Kuster (14):
meta-integrity: port over from meta-intel-iot-security
layer.conf: add
Signed-off-by: Armin Kuster
---
lib/oeqa/runtime/cases/checksec.py | 33 ++
1 file changed, 33 insertions(+)
create mode 100644 lib/oeqa/runtime/cases/checksec.py
diff --git a/lib/oeqa/runtime/cases/checksec.py
b/lib/oeqa/runtime/cases/checksec.py
new file mode
[v2]
fix multilib support
Als add native support
Signed-off-by: Armin Kuster
---
.../files/fix_library_install_path.patch | 28 +++
recipes-security/keyutils/keyutils_1.6.bb | 14 ++
2 files changed, 36 insertions(+), 6 deletions(-)
create mode 100644
recipes
Signed-off-by: Armin Kuster
---
.../files/fix_library_install_path.patch | 28 +++
recipes-security/keyutils/keyutils_1.6.bb | 1 +
2 files changed, 29 insertions(+)
create mode 100644
recipes-security/keyutils/files/fix_library_install_path.patch
diff --git
* checksec.sh: Add arm64 specific kernel checks
* checksec.sh: Add REFCOUNT_FULL to kernel tests
* checksec.sh: Remove OSX support
Signed-off-by: Armin Kuster
---
.../checksec/{checksec_1.11.bb => checksec_1.11.1.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename reci
From: Richard Purdie
Matching changes in OE-Core. drop OETestID.
Signed-off-by: Richard Purdie
Signed-off-by: Armin Kuster
---
meta-yocto-bsp/lib/oeqa/selftest/cases/systemd_boot.py | 3 ---
1 file changed, 3 deletions(-)
diff --git a/meta-yocto-bsp/lib/oeqa/selftest/cases/systemd_boot.py
From: Naveen Saini
Bump to kernel release v4.19.19
Signed-off-by: Naveen Saini
Signed-off-by: Ross Burton
Signed-off-by: Richard Purdie
Signed-off-by: Armin Kuster
---
meta-yocto-bsp/recipes-kernel/linux/linux-yocto_4.19.bbappend | 8
1 file changed, 4 insertions(+), 4 deletions
From: Armin Kuster
please review these change for the next meta-yocto warrior update
The following changes since commit 299b4150c66520985415fcc91119d563f7ba663c:
poky.conf: Bump version for 2.7 warrior release (2019-04-12 13:50:29 +0100)
are available in the git repository at:
git
Signed-off-by: Armin Kuster
---
recipes-kernel/linux/linux-yocto-5.0/smack.cfg | 11 +--
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/recipes-kernel/linux/linux-yocto-5.0/smack.cfg
b/recipes-kernel/linux/linux-yocto-5.0/smack.cfg
index 62f465a..0d5fc64 100644
Signed-off-by: Armin Kuster
---
lib/oeqa/selftest/cases/cvechecker.py | 27 +++
1 file changed, 27 insertions(+)
create mode 100644 lib/oeqa/selftest/cases/cvechecker.py
diff --git a/lib/oeqa/selftest/cases/cvechecker.py
b/lib/oeqa/selftest/cases/cvechecker.py
new file
Signed-off-by: Armin Kuster
---
lib/oeqa/runtime/cases/samhain.py | 31 +++
1 file changed, 27 insertions(+), 4 deletions(-)
diff --git a/lib/oeqa/runtime/cases/samhain.py
b/lib/oeqa/runtime/cases/samhain.py
index e4bae7b..5043a38 100644
--- a/lib/oeqa/runtime/cases
ported over smack tests
Signed-off-by: Armin Kuster
---
lib/oeqa/runtime/cases/smack.py | 529 ++
recipes-mac/smack/mmap-smack-test/mmap.c | 7 +
recipes-mac/smack/mmap-smack-test_1.0.bb | 16 +
recipes-mac/smack/smack-test/notroot.py | 33
Signed-off-by: Armin Kuster
---
recipes-mac/smack/{files => smack}/run-ptest | 0
.../smack/{files => smack}/smack_generator_make_fixup.patch | 0
2 files changed, 0 insertions(+), 0 deletions(-)
rename recipes-mac/smack/{files => smack}/run-ptest (100%
Signed-off-by: Armin Kuster
---
lib/oeqa/runtime/cases/apparmor.py | 19 +++
1 file changed, 19 insertions(+)
diff --git a/lib/oeqa/runtime/cases/apparmor.py
b/lib/oeqa/runtime/cases/apparmor.py
index e2cb316..b6a9537 100644
--- a/lib/oeqa/runtime/cases/apparmor.py
+++ b/lib
Signed-off-by: Armin Kuster
---
meta-cgl-common/recipes-kernel/linux/files/cfg/4-kgdb.cfg | 1 -
meta-cgl-common/recipes-kernel/linux/files/cfg/5-quota.cfg | 2 --
meta-cgl-common/recipes-kernel/linux/files/cfg/9-filesystem-acl.cfg | 1 -
meta-cgl-common/recipes
1 - 100 of 559 matches
Mail list logo