Re: [yocto] Yocto server is down

On 12/13/19 7:46 AM, FLoraVLogs wrote: > Hi, > > I went to "http://downloads.yoctoproject.org/; and I get the > following message: > > > Gateway Timeout > > Server error - server 198.145.29.63 is unreachable at this moment. > > Please retry the request or contact your administrator. > > Kindly

Re: [yocto] [meta-security][PATCH 1/3] checksecurity: use more portable find args

Micheal, On 11/25/19 8:41 AM, Christopher Larson wrote: These patches did not land in patchwork. maybe something to do with the mailing list change?? They are in the yocto archives. - armin > From: Christopher Larson > > Signed-off-by: Christopher Larson > --- >

Re: [yocto] [PATCH] overview-manual: minor editing, rendering, wording changes

Robert, On 2/13/20 1:04 AM, rpj...@crashcourse.ca wrote: > Signed-off-by: Robert P. J. Day Please send doc changes to the d...@lists.yoctoproject.org - armin > > --- > > diff --git a/documentation/overview-manual/overview-manual-concepts.xml >

Re: [yocto] QA Cycle report for build (yocto-3.1_M2.rc1)

Sangeeta, On 1/30/20 11:46 PM, Sangeeta Jain wrote: > Hello All, > > This is the full report for yocto-3.1_M2.rc1: > https://git.yoctoproject.org/cgit/cgit.cgi/yocto-testresults-contrib/tree/?h=intel-yocto-testresults > > === Summary > No high milestone defects. > No new defects are

Re: [yocto] master/master-next missing from poky repo?

Thanks for working on a holiday Micheal. - armin On 2/17/20 2:49 PM, Michael Halstead wrote: > The caching issues are resolved as well as a tricky permissions issue. > These repositories are operating correctly again. > > Please let me know if issues persist. > > --  > Michael Halstead > > On

Re: [yocto] QA Cycle report for build (yocto-3.0.2.rc2)

On 2/20/20 2:44 PM, Richard Purdie wrote: > I discussed this quickly in bug triage today with Armin. We agreed > that: > > * The openssh bug is minor and doesn't affect release > * Anuj resolved one of the bugs as being execution error so again it > doesn't affect release > * The bash issue does

Re: [yocto] [error-report-web][PATCH V2] Add local.conf and auto.conf into error details

Changqing, Please use bluelightn...@bluelightning.org for now. According to Linkedin, Paul is now at Microsoft. - armin On 2/13/20 6:42 PM, Changqing Li wrote: > Hi, Paul > > Could you help to check my reply below, thanks. > > On 12/11/19 1:45 PM, Changqing Li wrote: >> >> On 11/13/19 6:36

Re: [yocto] Yocto server is down

On 1/9/20 12:49 PM, FLoraVLogs wrote: > Hi, > > Thanks for fixing it last time for us. But it looks like Yocto is down > again. > > http://downloads.yoctoproject.org/ Its working for me. I believe some work was being done on the NAS that might have affected this. Please try again. - Armin > >

Re: [yocto] Maintaining patchtest

Paul, Thanks for stepping up as the Maintainer. - Armin On 1/8/20 4:48 AM, Paul Barker wrote: > Hi all, > > After discussion on the technical call yesterday I'm looking at > becoming the maintainer of patchtest > (http://git.yoctoproject.org/cgit/cgit.cgi/patchtest/) and > patchtest-oe

Re: [yocto] [meta-security][PATCH] meta-integrity/../systemd: fix pollution issue

On 12/23/19 10:18 AM, Anders Montonen wrote: > Hi, > > These look like typos: thanks. will fix and send v2 - armin > > On 23 Dec 2019, at 19:18, Armpit wrote: >> only include changes of systemd is enabled. > of -> if > >> Signed-off-by: Armin Kuster &

Re: [yocto] QA notification for completed autobuilder build (yocto-3.1.rc2)

On 4/15/20 3:25 PM, Paul Eggleton wrote: > Release notes draft attached, including a dedication to Scott (wasn't sure > where to put that so I've just left it at the top) and contributors list. Let > me know if you notice anything missing/incorrect. Thanks for pulling this together. > > I've

Re: [yocto] FYI: "which" program is broken by default on centos-8

On 4/21/20 5:42 PM, Joel A Cohen wrote: > Centos 8 'which' installs an alias by default: alias which='(alias; > typeset -f) | /usr/bin/which --tty-only --read-alias --read-functions > --show-tilde --show-dot' > > This comes from the which rpm, in /etc/profile.d/which.sh > > This breaks in OE,

Re: [yocto] cannot build PDF docs

Rob, On 7/31/20 8:19 AM, Rob Prowel wrote: > Is there some magic to building the PDF versions of the yocto docs? > I've tried on multiple machines running debian and differing versions > of ubuntu and consistently the PDF docs fail to build. > > Font substitution errors are trivial, but not

Re: [yocto] [meta-security][PATCH] sssd: disable build secrets

On 6/22/20 8:24 PM, kai wrote: > On 6/17/20 11:41 AM, kai wrote: >> From: Kai Kang >> >> It requires http_parser.h to build secrets: >> >> | configure: error: >> | You must have the header file http_parser.h installed to build sssd >> | with secrets responder. If you want to build sssd without

Re: [yocto] [meta-security][master|dunfell][PATCH 2/2] tripwire: Remove makefiles from the man directories.

merged On 6/12/20 7:19 PM, Jeremy Puhlman wrote: > From: Jeremy Puhlman > > Signed-off-by: Jeremy Puhlman > --- > recipes-ids/tripwire/tripwire_2.4.3.7.bb | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/recipes-ids/tripwire/tripwire_2.4.3.7.bb >

Re: [yocto] [meta-security][PATCH] apparmor: pull in coreutils/findutils only when not using systemd as init manager

merged On 6/8/20 3:00 AM, Alexander Kanavin wrote: > The utilities from those packages (xargs, comm) are only used in sysvinit > scripts, and so there is no need to pull them in when systemd is in use. > Both are gpl3 licensed, so this is beneficial for builds where gpl3 is not > allowed. > >

Re: [yocto] [meta-security][PATCH] samhain: dnmalloc hash fix for aarch64 and mips64

merged On 4/19/20 11:27 PM, Haseeb Ashraf wrote: > fix runtime error: > samhain[4069]: FATAL: x_dnmalloc.c: 2790: hashval < AMOUNTHASH > Killed > > The proper fix is not to disable dnmalloc. This change is in > continuation of samhain-mips64-aarch64-dnmalloc-hash-fix.patch > which requires

Re: [yocto] [meta-security] Clamav libclammspack.so missing from image

On 7/29/20 12:34 PM, yoc wrote: > Hi, > > I am adding clamav to my custom image. > > I have added the target clamav-libclamav to my image and libclamav.so > is added, as expected, to /usr/lib but libclammspack.so is not added > to /usr/lib > > How to I make sure that libclammspack.so is include

Re: [yocto] any interest in an official "meta-rubygems" layer?

On 1/27/21 1:29 PM, Robert P. J. Day wrote: > On Wed, 27 Jan 2021, Armin Kuster wrote: > >> >> On 1/27/21 12:04 PM, Robert P. J. Day wrote: >>> regarding the proposed "meta-rubygems" layer --- which sounds like >>> it's going to take off

Re: [yocto] any interest in an official "meta-rubygems" layer?

On 1/27/21 12:04 PM, Robert P. J. Day wrote: > regarding the proposed "meta-rubygems" layer --- which sounds like > it's going to take off as it can be initialized quite a lot just from > konrad's existing meta-sca layer, what are the options for "official" > YP hosting? > > i notice that

Re: [yocto] [meta-security][PATCH] sssd: set pid path with /run

series merged. thanks On 6/15/21 1:50 AM, kai.k...@windriver.com wrote: > From: Kai Kang > > /var/run is deprecated and set pid path with /run to store pid files for > the SSSD. > > Signed-off-by: Kai Kang > --- > recipes-security/sssd/sssd_2.5.0.bb | 5 +++-- > 1 file changed, 3

Re: [yocto] [meta-security][PATCH] aircrack-ng: update to 1.6

merged, thanks    On 6/15/21 9:32 PM, Federico Pellegrin wrote: > Signed-off-by: Federico Pellegrin > --- > .../{aircrack-ng_1.3.bb => aircrack-ng_1.6.bb}| 8 +--- > 1 file changed, 5 insertions(+), 3 deletions(-) > rename recipes-security/aircrack-ng/{aircrack-ng_1.3.bb => >

[yocto] [meta-security][PATCH] initramfs-framework: fix typo in conditional

Signed-off-by: Armin Kuster --- recipes-core/initrdscripts/initramfs-framework_1.0.bbappend | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes-core/initrdscripts/initramfs-framework_1.0.bbappend b/recipes-core/initrdscripts/initramfs-framework_1.0.bbappend index dc74e01

Re: [yocto] [PATCH] smack: add 3 cves to allowlist

merged. On 6/18/21 5:16 AM, Sekine Shigeki wrote: > CVE-2014-0363, CVE-2014-0364, CVE-2016-10027 are not for smack of > smack-team(https://github.com/smack-team/smack) but other project. > > Signed-off-by: Sekine Shigeki > --- > recipes-mac/smack/smack_1.3.1.bb | 5 + > 1 file changed, 5

Re: [yocto] [Openembedded-architecture] Open Source Maintainers - An open letter/request

On 5/10/21 8:14 AM, Richard Purdie wrote: > TLDR: The project is seen as mature, employers don't prioritise maintaining > things and we're struggling for maintainers and help with day to day work > > > Open source projects survive, not just through development work and  > contributions of new

[yocto] [meta-selinux][PATCH 2/2] MAINTAINERS: update email address

Include example send-email Signed-off-by: Armin Kuster --- MAINTAINERS | 9 - 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/MAINTAINERS b/MAINTAINERS index 36c451f..0dc492e 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -1,7 +1,14 @@ This file contains a list

[yocto] [meta-selinux][PATCH 1/2] audit: pkg now in meta-oe

Signed-off-by: Armin Kuster --- .../Fixed-swig-host-contamination-issue.patch | 57 --- .../audit/audit/audit-volatile.conf | 1 - recipes-security/audit/audit/auditd | 153 -- recipes-security/audit/audit/auditd.service | 28 recipes-security

[yocto] [meta-security][PATCH 4/4] lkrg-module: update 0.9.1

LIC_FILES_CHKSUM updated do to yr change and adding new copyrights Signed-off-by: Armin Kuster --- .../lkrg/{lkrg-module_0.9.0.bb => lkrg-module_0.9.1.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename recipes-kernel/lkrg/{lkrg-module_0.9.0.bb => lkrg-module_0.

[yocto] [meta-security][PATCH 3/4] python3-scapy: update to 2.4.5

Signed-off-by: Armin Kuster --- .../scapy/{python3-scapy_2.4.4.bb => python3-scapy_2.4.5.bb} | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) rename recipes-security/scapy/{python3-scapy_2.4.4.bb => python3-scapy_2.4.5.bb} (95%) diff --git a/recipes-security/scapy/python3-scapy

[yocto] [meta-security][PATCH 1/4] clamav: upgrade to latest revision

From: Upgrade Helper Signed-off-by: Armin Kuster --- recipes-scanners/clamav/clamav_0.104.0.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/recipes-scanners/clamav/clamav_0.104.0.bb b/recipes-scanners/clamav/clamav_0.104.0.bb index ce5b0ea..4f20309 100644

[yocto] [meta-security][PATCH 2/4] opendnssec: upgrade 2.1.8 -> 2.1.9

From: Upgrade Helper Signed-off-by: Armin Kuster --- .../opendnssec/{opendnssec_2.1.8.bb => opendnssec_2.1.9.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename recipes-security/opendnssec/{opendnssec_2.1.8.bb => opendnssec_2.1.9.bb} (92%) diff --git a/recipes-se

[yocto] [meta-security][PATCH 2/2] tpm2-pkcs11: Update to 1.6.0

Includes gcc11 fix. Added p11-kit Minor cleanup Signed-off-by: Armin Kuster --- .../recipes-tpm2/tpm2-pkcs11/files/677.patch | 295 ++ ...2-pkcs11_1.5.0.bb => tpm2-pkcs11_1.6.0.bb} | 27 +- 2 files changed, 314 insertions(+), 8 deletions(-) create mode 100644 meta-tpm/reci

[yocto] [meta-security][PATCH 1/2] tripwire: Blacklist pkg, upstream seems abandond

Last update was 2018. Does not build with gcc11. There are other actively maintained IDS options. Signed-off-by: Armin Kuster --- recipes-core/packagegroup/packagegroup-core-security.bb | 2 -- recipes-ids/tripwire/tripwire_2.4.3.7.bb| 2 ++ 2 files changed, 2 insertions(+), 2

[yocto] [meta-security][PATCH 2/6] ossec-hids: add UPSTREAM_CHECK_COMMITS

Signed-off-by: Armin Kuster --- recipes-ids/ossec/ossec-hids_3.6.0.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/recipes-ids/ossec/ossec-hids_3.6.0.bb b/recipes-ids/ossec/ossec-hids_3.6.0.bb index 10354a7..242bbdb 100644 --- a/recipes-ids/ossec/ossec-hids_3.6.0.bb +++ b/recipes-ids

[yocto] [meta-security][PATCH 3/6] python3-scapy: add UPSTREAM_CHECK_COMMITS

Signed-off-by: Armin Kuster --- recipes-security/scapy/python3-scapy_2.4.4.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/recipes-security/scapy/python3-scapy_2.4.4.bb b/recipes-security/scapy/python3-scapy_2.4.4.bb index 8d81ed1..23ddfce 100644 --- a/recipes-security/scapy/python3

[yocto] [meta-security][PATCH 1/6] clamav: update to tip.

Add UPSTEAM_CHECK Signed-off-by: Armin Kuster --- recipes-scanners/clamav/clamav_0.104.0.bb | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/recipes-scanners/clamav/clamav_0.104.0.bb b/recipes-scanners/clamav/clamav_0.104.0.bb index 36e498d..6892bb0 100644 --- a/recipes

[yocto] [meta-security][PATCH 4/6] suricata: 4.1.x add UPSTREAM_CHECK_REGEX

Signed-off-by: Armin Kuster --- recipes-ids/suricata/suricata_4.1.10.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/recipes-ids/suricata/suricata_4.1.10.bb b/recipes-ids/suricata/suricata_4.1.10.bb index 3f7beaa..bf08843 100644 --- a/recipes-ids/suricata/suricata_4.1.10.bb +++ b

[yocto] [meta-security][PATCH 5/6] ibmswtpm2: update to 1661

Drop patch now included in updated Signed-off-by: Armin Kuster --- .../ibmswtpm2/files/fix-wrong-cast.patch | 27 --- .../{ibmswtpm2_1637.bb => ibmswtpm2_1661.bb} | 10 +++ 2 files changed, 4 insertions(+), 33 deletions(-) delete mode 100644 meta-tpm/recipes-t

[yocto] [meta-security][PATCH 6/6] ibmtpm2tss: update to tip

Signed-off-by: Armin Kuster --- meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.6.0.bb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.6.0.bb b/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.6.0.bb index 4d9b554..ae8974b 100644

[yocto] [meta-security][PATCH 2/2] packagegroup-core-security: add clamav-daemon

Signed-off-by: Armin Kuster --- recipes-core/packagegroup/packagegroup-core-security.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/recipes-core/packagegroup/packagegroup-core-security.bb b/recipes-core/packagegroup/packagegroup-core-security.bb index 0bddf64

[yocto] [meta-security][PATCH 1/2] clamav: fix systemd startup

cleanup recipe Signed-off-by: Armin Kuster --- recipes-scanners/clamav/clamav_0.104.0.bb | 44 ++- .../clamav/files/fix_systemd_socket.patch | 25 +++ 2 files changed, 48 insertions(+), 21 deletions(-) create mode 100644 recipes-scanners/clamav/files

[yocto] [meta-security][PATCH 1/6] ibmswtpm2: update to 1661

Drop patch now included in updated Signed-off-by: Armin Kuster --- .../ibmswtpm2/files/fix-wrong-cast.patch | 27 --- .../{ibmswtpm2_1637.bb => ibmswtpm2_1661.bb} | 10 +++ 2 files changed, 4 insertions(+), 33 deletions(-) delete mode 100644 meta-tpm/recipes-t

[yocto] [meta-security][PATCH 5/6] aide: Add another ids

Signed-off-by: Armin Kuster --- recipes-ids/aide/aide/aide.conf | 94 + recipes-ids/aide/aide_0.17.3.bb | 41 ++ 2 files changed, 135 insertions(+) create mode 100644 recipes-ids/aide/aide/aide.conf create mode 100644 recipes-ids/aide/aide_0.17.3.bb

[yocto] [meta-security][PATCH 2/6] ibmtpm2tss: update to tip

Signed-off-by: Armin Kuster --- meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.6.0.bb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.6.0.bb b/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.6.0.bb index 4d9b554..ae8974b 100644

[yocto] [meta-security][PATCH 3/6] packagegroup-core-security: fix typo for mips

Signed-off-by: Armin Kuster --- recipes-core/packagegroup/packagegroup-core-security.bb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/recipes-core/packagegroup/packagegroup-core-security.bb b/recipes-core/packagegroup/packagegroup-core-security.bb index 6d2dd7c..54b8297

[yocto] [meta-security][PATCH 4/6] Apparmor: fix multi config build issue.

Signed-off-by: Armin Kuster --- recipes-mac/AppArmor/apparmor_3.0.bb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/recipes-mac/AppArmor/apparmor_3.0.bb b/recipes-mac/AppArmor/apparmor_3.0.bb index 015205d..d9c3e4d 100644 --- a/recipes-mac/AppArmor/apparmor_3.0.bb +++ b

[yocto] [meta-security][PATCH 6/6] packagegroup-core-security: add aide and ossec

Signed-off-by: Armin Kuster --- recipes-core/packagegroup/packagegroup-core-security.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/recipes-core/packagegroup/packagegroup-core-security.bb b/recipes-core/packagegroup/packagegroup-core-security.bb index 54b8297..0bddf64 100644

[yocto] [meta-security][v2][PATCH] suricata: 4.1.x add UPSTREAM_CHECK_URI

Signed-off-by: Armin Kuster --- recipes-ids/suricata/suricata_4.1.10.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/recipes-ids/suricata/suricata_4.1.10.bb b/recipes-ids/suricata/suricata_4.1.10.bb index 3f7beaa..bf08843 100644 --- a/recipes-ids/suricata/suricata_4.1.10.bb +++ b

[yocto] [meta-security][PATCH 3/4] meta-integrity: YCL fixups

We wont need the linux-% once the kernel-feature class is included in core. Move the inherit into the image itself. Drop kernel patches not being used. Signed-off-by: Armin Kuster --- .../images/integrity-image-minimal.bb | 2 + .../recipes-kernel/linux/linux-%.bbappend | 5

[yocto] [meta-security][PATCH 4/4] meta-hardening/initscripts: missed overide.

Helps pass YCL. Signed-off-by: Armin Kuster --- .../recipes-core/initscripts/initscripts_1.0.bbappend | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-hardening/recipes-core/initscripts/initscripts_1.0.bbappend b/meta-hardening/recipes-core/initscripts

[yocto] [meta-security][PATCH 2/4] meta-tpm: remove linux-yocto

Signed-off-by: Armin Kuster --- .../recipes-kernel/linux/linux-yocto/tpm.cfg| 8 .../recipes-kernel/linux/linux-yocto/tpm.scc| 3 --- .../recipes-kernel/linux/linux-yocto/tpm2.cfg | 6 -- .../recipes-kernel/linux/linux-yocto/tpm2.scc | 3 --- .../linux/linux-yocto

[yocto] [meta-security][PATCH 1/4] linux-yocto: remove bbappend

Signed-off-by: Armin Kuster --- recipes-kernel/linux/linux-yocto-dev.bbappend | 3 --- recipes-kernel/linux/linux-yocto_5.%.bbappend | 3 --- 2 files changed, 6 deletions(-) delete mode 100644 recipes-kernel/linux/linux-yocto-dev.bbappend delete mode 100644 recipes-kernel/linux/linux-yocto_5

[yocto] [meta-security][v2][PATCH] sssd: update to 2.5.0

Add new depends Drop obsolete patches Signed-off-by: Armin Kuster v2] Fix issue with nsupdate check don't use host bind --- ...AC_CHECK_FILE-when-building-manpages.patch | 34 ...s-Collision-with-external-nss-symbol.patch | 78 --- ...defines-which-otherwise

[yocto] [meta-security][PATCH 2/5] linux-%_5.%.bbappend: drop recipe

Signed-off-by: Armin Kuster --- recipes-kernel/linux/linux-%_5.%.bbappend | 4 1 file changed, 4 deletions(-) delete mode 100644 recipes-kernel/linux/linux-%_5.%.bbappend diff --git a/recipes-kernel/linux/linux-%_5.%.bbappend b/recipes-kernel/linux/linux-%_5.%.bbappend deleted file mode

[yocto] [meta-security][PATCH 3/5] initramfs-framework: fix YCL issue.

Signed-off-by: Armin Kuster --- .../initrdscripts/initramfs-framework.inc | 16 .../initramfs-framework_1.0.bbappend| 17 + 2 files changed, 17 insertions(+), 16 deletions(-) create mode 100644 recipes-core/initrdscripts/initramfs-framework.inc

[yocto] [meta-security][PATCH 4/5] python3-scapy: drop , now in meta-python

Signed-off-by: Armin Kuster --- recipes-security/scapy/files/run-ptest| 4 --- recipes-security/scapy/python3-scapy_2.4.5.bb | 30 --- 2 files changed, 34 deletions(-) delete mode 100644 recipes-security/scapy/files/run-ptest delete mode 100644 recipes-security/scapy

[yocto] [meta-security][PATCH 1/5] busybox: drop as libsecomp is in core

Signed-off-by: Armin Kuster --- recipes-core/busybox/busybox/head.cfg | 1 - recipes-core/busybox/busybox_%.bbappend| 1 - recipes-core/busybox/busybox_libsecomp.inc | 3 --- 3 files changed, 5 deletions(-) delete mode 100644 recipes-core/busybox/busybox/head.cfg delete mode 100644

[yocto] [meta-security][PATCH 5/5] packagegroup-core-security: drop python3-scapy

Signed-off-by: Armin Kuster --- recipes-core/packagegroup/packagegroup-core-security.bb | 2 -- 1 file changed, 2 deletions(-) diff --git a/recipes-core/packagegroup/packagegroup-core-security.bb b/recipes-core/packagegroup/packagegroup-core-security.bb index cf9620f..e7b6d9b 100644

[yocto] [meta-security][PATCH 2/7] meta-security/recipe-kernel: use sanity check

Signed-off-by: Armin Kuster --- recipes-kernel/linux/linux-yocto-dev.bbappend | 4 +--- recipes-kernel/linux/linux-yocto_5.%.bbappend | 4 +--- recipes-kernel/linux/linux-yocto_security.inc | 3 +++ 3 files changed, 5 insertions(+), 6 deletions(-) create mode 100644 recipes-kernel/linux/linux

[yocto] [meta-security][PATCH 4/7] meta-tpm: add layer sanity check

Signed-off-by: Armin Kuster --- meta-tpm/README | 19 +++ meta-tpm/classes/sanity-meta-tpm.bbclass | 10 ++ meta-tpm/conf/layer.conf | 4 3 files changed, 33 insertions(+) create mode 100644 meta-tpm/classes/sanity-meta

[yocto] [meta-security][PATCH 3/7] linux-yocto-dev: drop bbappend

Signed-off-by: Armin Kuster --- recipes-kernel/linux/linux-yocto-dev.bbappend | 1 - 1 file changed, 1 deletion(-) delete mode 100644 recipes-kernel/linux/linux-yocto-dev.bbappend diff --git a/recipes-kernel/linux/linux-yocto-dev.bbappend b/recipes-kernel/linux/linux-yocto-dev.bbappend

[yocto] [meta-security][PATCH 7/7] meta-integrity/recipe-kernel: use sanity check

Signed-off-by: Armin Kuster --- meta-integrity/recipes-kernel/linux/linux-%.bbappend | 6 +- meta-integrity/recipes-kernel/linux/linux_ima.inc| 5 + 2 files changed, 6 insertions(+), 5 deletions(-) create mode 100644 meta-integrity/recipes-kernel/linux/linux_ima.inc diff --git

[yocto] [meta-security][PATCH 5/7] meta-tpm/linux-yocto: use sanity support

Signed-off-by: Armin Kuster --- .../linux/linux-yocto_5.%.bbappend | 18 +- .../recipes-kernel/linux/linux-yocto_tpm.inc | 17 + 2 files changed, 18 insertions(+), 17 deletions(-) create mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto_tpm.inc

[yocto] [meta-security][PATCH 6/7] meta-integrity: add sanity check

Signed-off-by: Armin Kuster --- meta-integrity/README.md | 18 +- .../classes/sanity-meta-integrity.bbclass | 10 ++ meta-integrity/conf/layer.conf | 4 3 files changed, 31 insertions(+), 1 deletion(-) create mode 100644

[yocto] [meta-security][PATCH 0/7] YCL cleanups

This series superceeds the privious set to help pass the check-layer scrip. Armin Kuster (7): meta-security: add sanity check meta-security/recipe-kernel: use sanity check linux-yocto-dev: drop bbappend meta-tpm: add layer sanity check meta-tpm/linux-yocto: use sanity support meta

[yocto] [meta-security][PATCH 1/7] meta-security: add sanity check

Signed-off-by: Armin Kuster --- README | 18 ++ classes/sanity-meta-security.bbclass | 10 ++ conf/layer.conf | 4 3 files changed, 32 insertions(+) create mode 100644 classes/sanity-meta-security.bbclass diff

[yocto] [meta-security][PATCH] sssd: update to 2.5.1

See full change log: https://sssd.io/release-notes/sssd-2.5.1.html Including a musl build work around Signed-off-by: Armin Kuster --- recipes-security/sssd/files/musl_fixup.patch | 53 +++ .../sssd/{sssd_2.5.0.bb => sssd_2.5.1.bb} | 6 ++- 2 files changed, 57 inserti

[yocto] [meta-security][PATCH] sssd: update to 2.5.1

See full change log: https://sssd.io/release-notes/sssd-2.5.1.html Including a musl build work around Signed-off-by: Armin Kuster --- recipes-security/sssd/files/musl_fixup.patch | 53 +++ .../sssd/{sssd_2.5.0.bb => sssd_2.5.1.bb} | 6 ++- 2 files changed, 57 inserti

[yocto] [meta-security][PATCH 2/4] ssshgaurd: add packaage

Signed-off-by: Armin Kuster --- recipes-security/sshguard/sshguard_2.4.2.bb | 11 +++ 1 file changed, 11 insertions(+) create mode 100644 recipes-security/sshguard/sshguard_2.4.2.bb diff --git a/recipes-security/sshguard/sshguard_2.4.2.bb b/recipes-security/sshguard/sshguard_2.4.2.bb

[yocto] [meta-security][PATCH 1/4] initramfs-framework: fix typo in conditional

Signed-off-by: Armin Kuster --- recipes-core/initrdscripts/initramfs-framework_1.0.bbappend | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes-core/initrdscripts/initramfs-framework_1.0.bbappend b/recipes-core/initrdscripts/initramfs-framework_1.0.bbappend index dc74e01

[yocto] [meta-security][PATCH 4/4] initramfs-framework: rename files dir

Fixes: ERROR: initramfs-framework-1.0-r4 do_fetch: Fetcher failure for URL: 'file://dmverity'. Unable to fetch URL from any source. Signed-off-by: Armin Kuster --- .../{initramfs-framework => initramfs-framework-dm}/dmverity| 0 recipes-core/initrdscripts/initramfs-framework.

Re: [yocto] meta-parsec build failure

t; On Mon, Jul 5, 2021 at 1:57 PM Armin Kuster wrote: >> The parsec-service in meta-parsec has been failing ever since gcc 11 was >> merged into core. >> >> https://errors.yoctoproject.org/Errors/Build/123537/ >> >> I have already opened an issue with upstream:

[yocto] meta-parsec build failure

The parsec-service in meta-parsec has been failing ever since gcc 11 was merged into core. https://errors.yoctoproject.org/Errors/Build/123537/ I have already opened an issue with upstream: https://github.com/parallaxsecond/rust-psa-crypto/issues/85 If anyone is interested in this package, I

[yocto] [meta-security][PATCH] suricata: update to 6.0.3

add new crates minor cleanup Signed-off-by: Armin Kuster --- .../{libhtp_0.5.37.bb => libhtp_0.5.38.bb} | 2 +- .../meta-rust/recipes-ids/suricata/suricata.inc | 5 - .../{suricata_6.0.2.bb => suricata_6.0.3.bb}| 17 +++-- 3 files changed, 16 insertions

[yocto] [meta-security][PATCH] tpm-tools: fix build issue

This error occurs randomly. /bin/bash: pod2man: command not found [Yocto #14304] minor space/tab cleanup Signed-off-by: Armin Kuster Cc: Ben --- meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb | 12 ++-- 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/meta-tpm

Re: [yocto] [meta-security][PATCH 2/2] apparmor: use its own initscript and service files

merged. thanks for the reminder. -armin On 7/6/21 2:03 AM, Yi Zhao wrote: > > Ping ... > > > On 6/23/21 5:15 PM, Yi Zhao wrote: >> Use initscript and service files provided by apparmor. >> >> Signed-off-by: Yi Zhao >> --- >> recipes-mac/AppArmor/apparmor_3.0.1.bb| 33 +-- >>

[yocto] [meta-security][PATCH 1/3] packagegroup-core-security: exclude ossec-hids from musl

Signed-off-by: Armin Kuster --- recipes-core/packagegroup/packagegroup-core-security.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/recipes-core/packagegroup/packagegroup-core-security.bb b/recipes-core/packagegroup/packagegroup-core-security.bb index d7349b0..cf9620f 100644

[yocto] [meta-security][PATCH 3/3] sssd: update to 2.5.0

Add new depends Drop obsolete patches Signed-off-by: Armin Kuster --- ...AC_CHECK_FILE-when-building-manpages.patch | 34 ...s-Collision-with-external-nss-symbol.patch | 78 --- ...defines-which-otherwise-are-availabl.patch | 32 .../sssd/files/fix

[yocto] [meta-security][PATCH 2/3] ossec-hids: musl not compatable

Signed-off-by: Armin Kuster --- recipes-ids/ossec/ossec-hids_3.6.0.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/recipes-ids/ossec/ossec-hids_3.6.0.bb b/recipes-ids/ossec/ossec-hids_3.6.0.bb index 242bbdb..778278b 100644 --- a/recipes-ids/ossec/ossec-hids_3.6.0.bb +++ b/recipes-ids

Re: [yocto] [meta-security] [dunfell] [PATCH 0/3] Backport several IMA fixes to LTS dunfell

On 4/18/21 11:41 PM, liu.min...@gmail.com wrote: > From: Ming Liu I have not forgotten about these. My build system is backlogged. I hope to process these by this weekend. -armin > > Ming Liu (3): > ima-evm-keys: add file-checksums to IMA_EVM_X509 > meta: drop IMA_POLICY from policy

Re: [yocto] Can layer maintainers add yocto-X.Y tags for yocto-3.3 and later?

On 4/27/21 9:48 AM, Randy MacLeod wrote: > Hi, > > > I've CCed some of the maintainers of more widely used Yocto layers > to get comments on about tagging. Please add in people who I may > have missed. > > > For a while now, oe-core has had a yocto-X.Y tag in addition to the > release branch

Re: [yocto] [OE-core] [PATCH 6/7] default-distrovars.inc: add wayland/opengl to default distro features

On 4/27/21 9:09 AM, Randy MacLeod wrote: > Cross-posting to yocto since this is of general interest. > > On 2021-04-23 2:02 p.m., Alexander Kanavin wrote: >> This puts them on equal terms with x11 distro feature >> (which I think is due). >> >> Signed-off-by: Alexander Kanavin >> --- >>  

Re: [yocto] Can layer maintainers add yocto-X.Y tags for yocto-3.3 and later?

On 4/29/21 12:37 PM, Randy MacLeod wrote: > On 2021-04-27 1:06 p.m., Khem Raj wrote: >> On Tue, Apr 27, 2021 at 9:48 AM Randy MacLeod >> wrote: >>> Hi, >>> >>> >>> I've CCed some of the maintainers of more widely used Yocto layers >>> to get comments on about tagging. Please add in people who I

Re: [yocto] Can layer maintainers add yocto-X.Y tags for yocto-3.3 and later?

On 4/27/21 10:06 AM, Khem Raj wrote: > On Tue, Apr 27, 2021 at 9:48 AM Randy MacLeod > wrote: >> Hi, >> >> >> I've CCed some of the maintainers of more widely used Yocto layers >> to get comments on about tagging. Please add in people who I may >> have missed. >> >> >> For a while now, oe-core

Re: [yocto] [PATCH yocto-autobuilder2 1/2] meta-arm has a hardknott branch now

On 4/29/21 2:25 PM, Ross Burton wrote: > On Thu, 29 Apr 2021 at 20:35, Randy MacLeod > wrote: >> It doesn't have a yocto-3.3 tag yet... >> Could you add one? > When we actually release, yes. So do you plan on doing the dot releases too? -armin > Ross > > > -=-=-=-=-=-=-=-=-=-=-=- Links:

[yocto] The Yocto Project 2021 virtual Summit CFP reminder

Hello all, This is a reminder that the 2021 Yocto Project Summit CFP window closes this Sunday at 11:59 PM PST. If anyone is interested, please visit: https://pretalx.com/yocto-project-summit-2021/cfp Kind regards, Armin sorry about the cross posting. -=-=-=-=-=-=-=-=-=-=-=- Links: You

Re: [yocto] [meta-security][PATCH] packagegroup-core-security: exclude apparmor in mips64

On 4/20/21 9:07 AM, Khem Raj wrote: > > > On 4/20/21 7:41 AM, Armin Kuster wrote: >> Signed-off-by: Armin Kuster >> --- >>   recipes-core/packagegroup/packagegroup-core-security.bb | 3 +++ >>   1 file changed, 3 insertions(+) >> >> diff --git

Re: [yocto] [meta-security] [dunfell] [PATCH 0/3] Backport several IMA fixes to LTS dunfell

merged. thanks On 4/18/21 11:41 PM, liu.min...@gmail.com wrote: > From: Ming Liu > > Ming Liu (3): > ima-evm-keys: add file-checksums to IMA_EVM_X509 > meta: drop IMA_POLICY from policy recipes > initramfs-framework-ima: introduce IMA_FORCE > >

Re: [yocto] AppArmor with BusyBox

On 4/27/21 8:33 PM, Khem Raj wrote: > > > On Tue, Apr 27, 2021 at 3:34 PM Konstantin Aladyshev > mailto:aladyshe...@gmail.com>> wrote: > > I've added `IMAGE_INSTALL += "findutils"` to my `conf/local.conf` > file, and it seems like it was enough. There weren't any build > conflicts. >

[yocto] [meta-security][PATCH] ossec-hids: add new pkg

Signed-off-by: Armin Kuster --- ...Makefile-drop-running-scrips-install.patch | 37 +++ .../0002-Makefile-don-t-set-uid-gid.patch | 251 ++ recipes-ids/ossec/ossec-hids_3.6.0.bb | 161 +++ 3 files changed, 449 insertions(+) create mode 100644 recipes-ids

Re: [yocto] what OE/YP layers should be considered "supported"?

Helllo Robert, On 5/4/21 2:03 PM, Robert P. J. Day wrote: > related to something that richard purdie mentioned on the OE list, > if one wanted to do a YP-wide "cleanup" of some indeterminate form, > what are the layers that would be considered mandatory to cover in > such a cleanup? I don't

Re: [yocto] [meta-security][PATCH] initramfs-framework-ima: introduce IMA_FORCE

merged, Thanks On 4/8/21 11:38 AM, Ming Liu wrote: > From: Ming Liu > > Introduce IMA_FORCE to allow the IMA policy be applied forcely even > 'no_ima' boot parameter is available. > > This ensures the end users have a way to disable 'no_ima' support if > they want to, because it may expose a

Re: [yocto] [meta-security][PATCH] Use libest "main" branch instead of "master".

merged thanks, armin On 4/7/21 3:19 AM, Anton Antonov wrote: > This patch fixes the issue: > > WARNING: libest-3.2.0-r0 do_fetch: Failed to fetch URL > git://github.com/cisco/libest, attempting MIRRORS if available > ERROR: libest-3.2.0-r0 do_fetch: Fetcher failure: Unable to find revision >

Re: [yocto] [meta-security][PATCH] meta: drop IMA_POLICY from policy recipes

merged. thanks -armin On 3/22/21 6:02 AM, liu.min...@gmail.com wrote: > From: Ming Liu > > IMA_POLICY is being referred as policy recipe name in some places and it > is also being referred as policy file in other places, they are > conflicting with each other which make it impossible to set a

Re: [yocto] [meta-security][PATCH 1/2] Add meta-parsec layer into meta-security.

= "mssim" > +owner_hierarchy_auth = "hex:74706d5f70617373" > +``` > +- Start Parsec > +```bash > +systemctl start parsec > +``` > + > +Maintenance > +--- > + > +Send pull requests, patches, comments or questions to yo...@yoctoproject.org > +

Re: [yocto] [meta-security][PATCH] Clearly define clang toolchain in Parsec recipes

merged, Thanks On 4/12/21 8:30 AM, Anton Antonov wrote: > Signed-off-by: Anton Antonov > --- > .../recipes-parsec/parsec-service/parsec-service_0.7.0.bb | 4 ++-- > meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.3.0.bb | 3 +-- > 2 files changed, 3 insertions(+), 4 deletions(-) > >

[yocto] [meta-security][PATCH 2/2] lkrg-module: Add Linux Kernel Runtime Guard

_enforce=1 Signed-off-by: Armin Kuster --- .../lkrg/files/makefile_cleanup.patch | 73 +++ recipes-kernel/lkrg/lkrg-module_0.9.0.bb | 33 + 2 files changed, 106 insertions(+) create mode 100644 recipes-kernel/lkrg/files/makefile_cleanup.patch create mode 1006

[yocto] [meta-security][PATCH 1/2] clamav: remove rest of mirror.dat ref

Signed-off-by: Armin Kuster --- recipes-scanners/clamav/clamav_0.104.0.bb | 6 ++ 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/recipes-scanners/clamav/clamav_0.104.0.bb b/recipes-scanners/clamav/clamav_0.104.0.bb index ba036b0..36e498d 100644 --- a/recipes-scanners/clamav

[yocto] [meta-security][PATCH] packagegroup-core-security: exclude apparmor in mips64

Signed-off-by: Armin Kuster --- recipes-core/packagegroup/packagegroup-core-security.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/recipes-core/packagegroup/packagegroup-core-security.bb b/recipes-core/packagegroup/packagegroup-core-security.bb index 9ac0d2c..a6142a8 100644

Re: [yocto] [meta-security][PATCH 1/2] image-with-hardened-binaries: add class

Hello Max, On 8/18/21 8:42 AM, Maximilian Blenk via lists.yoctoproject.org wrote: > Add class to analyze binaries with checksec.py. checksec.py is a tool > that checks if security features of a compiler have been used. To do > so, it analyses the resulting binaries: > * NX Proctection is

  1   2   3   4   5   6   >