meta-security: subtree update:d6baccc068..4c2f7ffd49
Adrian (1):
gitignore added
Armin Kuster (31):
kas: build with ptest. remove apparmor
softHSM: add pkg
packagegroup-core-security: add softHSM
libest: add recipe
packagegroup-core-security: add libest package
opendnssec: add recipe
packagegroup-core-security: add opendnssec to pkg grp
gitlab-ci: allow test to fail
libseccomp: fix ptest failures.
packagegroup-core-security-ptest: remove keyutils-ptest
security-test-image: simplify
packagegroup-core-security-ptest: remove
apparmor: fix build issue with ptest enabled.
security-test-image: tweak to get more tests to runn
apparmor: update to 3.0
packagegroup-core-security: apparmor 3.0 ptest does not build
suricata: fix compiling on gcc10
qemux86-test: add apparmor back
apparmor: fix build for on musl
ecryptfs-utils: fix musl build
libest: fix musl build.
sssd: update to latest ltm 1.16.5
packagegroup-core-security: remove clamav from musl image
suricata: update to 4.1.9
kas: fixup alt configs
gitlab-ci: add qemux86 and qemuarm64 musl builds
tpm2-tss: update to 2.4.3
tpm2-totp: update to 0.2.1
tpm2-abrmd: update to 2.3.3
tpm2-tools: update to 4.3.0
tpm2-pkcs11: update to 1.4.0
Mingli Yu (1):
scap-security-guide: add expat-native to DEPENDS
Naveen Saini (3):
initramfs-framework/dmverity: add retry loop for slow boot devices
wic: add wks.in for intel dm-verity
linux-%/5.x: Add dm-verity fragment as needed
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: If3a721fdd99bb6e35c82cf4e7485f06cebaef905
diff --git a/meta-security/recipes-mac/AppArmor/files/0001-Revert-profiles-Update-make-check-to-select-tools-ba.patch b/meta-security/recipes-mac/AppArmor/files/0001-Revert-profiles-Update-make-check-to-select-tools-ba.patch
new file mode 100644
index 0000000..791437d
--- /dev/null
+++ b/meta-security/recipes-mac/AppArmor/files/0001-Revert-profiles-Update-make-check-to-select-tools-ba.patch
@@ -0,0 +1,91 @@
+From 5ed21abbef4d4c2983e70bd2868fb817150e883e Mon Sep 17 00:00:00 2001
+From: Armin Kuster <akuster808@gmail.com>
+Date: Sat, 3 Oct 2020 11:26:46 -0700
+Subject: [PATCH] Revert "profiles: Update 'make check' to select tools based
+ on USE_SYSTEM"
+
+This reverts commit 6016f931ebf7b61e1358f19453ef262d9d184a4e.
+
+Upstream-Statue: OE specific
+These changes cause during packaging with perms changing.
+
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+---
+ profiles/Makefile | 50 ++++++++++-------------------------------------
+ 1 file changed, 10 insertions(+), 40 deletions(-)
+
+diff --git a/profiles/Makefile b/profiles/Makefile
+index ba47fc16..5384cb05 100644
+--- a/profiles/Makefile
++++ b/profiles/Makefile
+@@ -35,49 +35,9 @@ EXTRAS_SOURCE=./apparmor/profiles/extras/
+ SUBDIRS=$(shell find ${PROFILES_SOURCE} -type d -print)
+ TOPLEVEL_PROFILES=$(filter-out ${SUBDIRS}, $(wildcard ${PROFILES_SOURCE}/*))
+
+-ifdef USE_SYSTEM
+- PYTHONPATH=
+- PARSER?=apparmor_parser
+- LOGPROF?=aa-logprof
+-else
+- # PYTHON_DIST_BUILD_PATH based on libapparmor/swig/python/test/Makefile.am
+- PYTHON_DIST_BUILD_PATH = ../libraries/libapparmor/swig/python/build/$$($(PYTHON) -c "import distutils.util; import platform; print(\"lib.%s-%s\" %(distutils.util.get_platform(), platform.python_version()[:3]))")
+- LIBAPPARMOR_PATH=../libraries/libapparmor/src/.libs/
+- LD_LIBRARY_PATH=$(LIBAPPARMOR_PATH):$(PYTHON_DIST_BUILD_PATH)
+- PYTHONPATH=../utils/:$(PYTHON_DIST_BUILD_PATH)
+- PARSER?=../parser/apparmor_parser
+- # use ../utils logprof
+- LOGPROF?=LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) PYTHONPATH=$(PYTHONPATH) $(PYTHON) ../utils/aa-logprof
+-endif
+-
+ # $(PWD) is wrong when using "make -C profiles" - explicitely set it here to get the right value
+ PWD=$(shell pwd)
+
+-.PHONY: test-dependencies
+-test-dependencies: __parser __libapparmor
+-
+-
+-.PHONY: __parser __libapparmor
+-__parser:
+-ifndef USE_SYSTEM
+- @if [ ! -f $(PARSER) ]; then \
+- echo "error: $(PARSER) is missing. Pick one of these possible solutions:" 1>&2; \
+- echo " 1) Test using the in-tree parser by building it first and then trying again. See the top-level README for help." 1>&2; \
+- echo " 2) Test using the system parser by adding USE_SYSTEM=1 to your make command." 1>&2; \
+- exit 1; \
+- fi
+-endif
+-
+-__libapparmor:
+-ifndef USE_SYSTEM
+- @if [ ! -f $(LIBAPPARMOR_PATH)libapparmor.so ]; then \
+- echo "error: $(LIBAPPARMOR_PATH)libapparmor.so is missing. Pick one of these possible solutions:" 1>&2; \
+- echo " 1) Build against the in-tree libapparmor by building it first and then trying again. See the top-level README for help." 1>&2; \
+- echo " 2) Build against the system libapparmor by adding USE_SYSTEM=1 to your make command." 1>&2; \
+- exit 1; \
+- fi
+-endif
+-
+ local:
+ for profile in ${TOPLEVEL_PROFILES}; do \
+ fn=$$(basename $$profile); \
+@@ -109,6 +69,16 @@ else
+ Q=
+ endif
+
++ifndef PARSER
++# use system parser
++PARSER=../parser/apparmor_parser
++endif
++
++ifndef LOGPROF
++# use ../utils logprof
++LOGPROF=PYTHONPATH=../utils $(PYTHON) ../utils/aa-logprof
++endif
++
+ .PHONY: docs
+ # docs: should we have some here?
+ docs:
+--
+2.17.1
+