subtree updates
meta-security: 53c5cc794f..ddf301c45c:
Adrian Zaharia (1):
libmhash: fix multilib header conflict - mutils/mhash_config.h
Alexander Kanavin (1):
maintainers.inc: rename to avoid clashes with oe-core
Armin Kuster (15):
meta-tpm: rename recipes-tpm to recipes-tpm1
recipes-tpm: use this for common tpm recipes
swtpm: update to 0.8.0
libtpm: update to 0.9.6
ossec-hids: update to tip of 3.7.0
libhtp: update to 0.5.43
suricata: update to 6.0.11
fscryptctl: update to 1.0.1
oeqa: fix hash test to match new changes
integrity-image-minimal: adapt QEMU cmdline to new changes
lynis: Add decoding OE and Poky
os-release.bbappend: drop now CPE_NAME is in core
openembedded-release: drop as os-release does this now
tpm2-tss: drop vendor from PACKAGECONFIG
packagegroup-security-tpm2: restore pkgs removed earlier
Paul Gortmaker (4):
dm-verity: ensure people don't ignore the DISTRO_FEATURES warning
dm-verity: don't make read-only-rootfs sound like a requirement
dm-verity: document the meta-intel dependency in the systemd example
dm-verity: add x86-64 systemd based example instructions
Peter Hoyes (1):
meta-parsec/layer.conf: Insert addpylib declaration
Peter Kjellerstedt (1):
tpm2-tools: Remove unnecessary and optional dependencies
Stefan Berger (12):
ima: Document and replace keys and adapt scripts for EC keys
ima: Fix the ima_policy_appraise_all to appraise executables & libraries
ima: Fix the IMA kernel feature
ima: Rename IMA_EVM_POLICY_SYSTEMD to IMA_EVM_POLICY
ima: Sign all executables and the ima-policy in the root filesystem
integrity: Update the README for IMA support
linux: overlayfs: Add kernel patch resolving a file change notification issue
ima-evm-utils: Update ima-evm-utils to v1.5 and add a patch
linux: overlayfs: Drop kernel patch resolving a file change notification issue
ima: Drop kernel config option CONFIG_SQUASHFS_XATTR=y from ima.cfg
integrity: Fix the do_configure function
integrity: Rename linux-%.bbappend to linux-yocto%.bbappend
meta-raspberrypi: bf948e0aa8..928bb234bb:
Martin Jansa (3):
rpi-libcamera-apps: fix flags used in aarch64 builds
rpi-libcamera-apps: fix version generation on hosts with older python
rpi-libcamera-apps: bump to latest SRCREV and set PV
meta-arm: 0b5724266a..f9d80e1a14:
Emekcan Aras (2):
arm-bsp/trusted-firmware-m: Align Capsule Update with GPT changes
arm-bsp/wic: corstone1000: Fix and limit the partition size for corstone1000
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I56f7d26070d879e3138618332841c30cf57eb7d9
diff --git a/meta-security/meta-tpm/conf/distro/include/maintainers.inc b/meta-security/meta-tpm/conf/distro/include/maintainers-meta-tpm.inc
similarity index 100%
rename from meta-security/meta-tpm/conf/distro/include/maintainers.inc
rename to meta-security/meta-tpm/conf/distro/include/maintainers-meta-tpm.inc
diff --git a/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb b/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb
index fb36fab..fb0105e 100644
--- a/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb
+++ b/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb
@@ -3,6 +3,8 @@
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302 \
file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
+PACKAGE_ARCH = "${TUNE_PKGARCH}"
+
inherit packagegroup
PACKAGES = "${PN}"
@@ -12,6 +14,9 @@
tpm2-tools \
trousers \
tpm2-tss \
+ libtss2-mu \
+ libtss2-tcti-device \
+ libtss2-tcti-mssim \
libtss2 \
tpm2-abrmd \
tpm2-pkcs11 \
diff --git a/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.9.5.bb b/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.9.6.bb
similarity index 88%
rename from meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.9.5.bb
rename to meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.9.6.bb
index cf80064..a860319 100644
--- a/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.9.5.bb
+++ b/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.9.6.bb
@@ -2,7 +2,7 @@
LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=e73f0786a936da3814896df06ad225a9"
-SRCREV = "df1c3e98d697f3c1f09262d2ba161a7db784d6cc"
+SRCREV = "f8c2dc7e12a730dcca4220d7ac5ad86d13dfd630"
SRC_URI = "git://github.com/stefanberger/libtpms.git;branch=stable-0.9;protocol=https"
PE = "1"
diff --git a/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.3.bb b/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.8.0.bb
similarity index 92%
rename from meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.3.bb
rename to meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.8.0.bb
index 55d83f9..614b07f 100644
--- a/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.3.bb
+++ b/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.8.0.bb
@@ -6,8 +6,8 @@
# expect-native, socat-native, coreutils-native and net-tools-native are reportedly only required for the tests
DEPENDS = "libtasn1 coreutils-native expect-native socat-native glib-2.0 net-tools-native libtpm json-glib"
-SRCREV = "f2268eebb0d1adf89bad83fa4cf91e37b4e3fa53"
-SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.7-next;protocol=https \
+SRCREV = "2ae7b019370760e17f4f2675195a91ca53950eda"
+SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=master;protocol=https \
"
PE = "1"
diff --git a/meta-security/meta-tpm/recipes-tpm/hoth/libhoth_git.bb b/meta-security/meta-tpm/recipes-tpm1/hoth/libhoth_git.bb
similarity index 100%
rename from meta-security/meta-tpm/recipes-tpm/hoth/libhoth_git.bb
rename to meta-security/meta-tpm/recipes-tpm1/hoth/libhoth_git.bb
diff --git a/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch b/meta-security/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch
similarity index 100%
rename from meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch
rename to meta-security/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch
diff --git a/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0002-libtpm-support-env-TPM_SRK_PW.patch b/meta-security/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0002-libtpm-support-env-TPM_SRK_PW.patch
similarity index 100%
rename from meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0002-libtpm-support-env-TPM_SRK_PW.patch
rename to meta-security/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0002-libtpm-support-env-TPM_SRK_PW.patch
diff --git a/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch b/meta-security/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch
similarity index 100%
rename from meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch
rename to meta-security/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch
diff --git a/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch b/meta-security/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch
similarity index 100%
rename from meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch
rename to meta-security/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch
diff --git a/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/openssl11_build_fix.patch b/meta-security/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/openssl11_build_fix.patch
similarity index 100%
rename from meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/openssl11_build_fix.patch
rename to meta-security/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/openssl11_build_fix.patch
diff --git a/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb b/meta-security/meta-tpm/recipes-tpm1/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb
similarity index 100%
rename from meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb
rename to meta-security/meta-tpm/recipes-tpm1/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb
diff --git a/meta-security/meta-tpm/recipes-tpm/pcr-extend/files/fix_openssl11_build.patch b/meta-security/meta-tpm/recipes-tpm1/pcr-extend/files/fix_openssl11_build.patch
similarity index 100%
rename from meta-security/meta-tpm/recipes-tpm/pcr-extend/files/fix_openssl11_build.patch
rename to meta-security/meta-tpm/recipes-tpm1/pcr-extend/files/fix_openssl11_build.patch
diff --git a/meta-security/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb b/meta-security/meta-tpm/recipes-tpm1/pcr-extend/pcr-extend_git.bb
similarity index 100%
rename from meta-security/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb
rename to meta-security/meta-tpm/recipes-tpm1/pcr-extend/pcr-extend_git.bb
diff --git a/meta-security/meta-tpm/recipes-tpm/tpm-quote-tools/tpm-quote-tools_1.0.4.bb b/meta-security/meta-tpm/recipes-tpm1/tpm-quote-tools/tpm-quote-tools_1.0.4.bb
similarity index 100%
rename from meta-security/meta-tpm/recipes-tpm/tpm-quote-tools/tpm-quote-tools_1.0.4.bb
rename to meta-security/meta-tpm/recipes-tpm1/tpm-quote-tools/tpm-quote-tools_1.0.4.bb
diff --git a/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/04-fix-FTBFS-clang.patch b/meta-security/meta-tpm/recipes-tpm1/tpm-tools/files/04-fix-FTBFS-clang.patch
similarity index 100%
rename from meta-security/meta-tpm/recipes-tpm/tpm-tools/files/04-fix-FTBFS-clang.patch
rename to meta-security/meta-tpm/recipes-tpm1/tpm-tools/files/04-fix-FTBFS-clang.patch
diff --git a/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/openssl1.1_fix.patch b/meta-security/meta-tpm/recipes-tpm1/tpm-tools/files/openssl1.1_fix.patch
similarity index 100%
rename from meta-security/meta-tpm/recipes-tpm/tpm-tools/files/openssl1.1_fix.patch
rename to meta-security/meta-tpm/recipes-tpm1/tpm-tools/files/openssl1.1_fix.patch
diff --git a/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/tpm-tools-extendpcr.patch b/meta-security/meta-tpm/recipes-tpm1/tpm-tools/files/tpm-tools-extendpcr.patch
similarity index 100%
rename from meta-security/meta-tpm/recipes-tpm/tpm-tools/files/tpm-tools-extendpcr.patch
rename to meta-security/meta-tpm/recipes-tpm1/tpm-tools/files/tpm-tools-extendpcr.patch
diff --git a/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb b/meta-security/meta-tpm/recipes-tpm1/tpm-tools/tpm-tools_1.3.9.2.bb
similarity index 100%
rename from meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb
rename to meta-security/meta-tpm/recipes-tpm1/tpm-tools/tpm-tools_1.3.9.2.bb
diff --git a/meta-security/meta-tpm/recipes-tpm/trousers/files/0001-build-don-t-override-localstatedir-mandir-sysconfdir.patch b/meta-security/meta-tpm/recipes-tpm1/trousers/files/0001-build-don-t-override-localstatedir-mandir-sysconfdir.patch
similarity index 100%
rename from meta-security/meta-tpm/recipes-tpm/trousers/files/0001-build-don-t-override-localstatedir-mandir-sysconfdir.patch
rename to meta-security/meta-tpm/recipes-tpm1/trousers/files/0001-build-don-t-override-localstatedir-mandir-sysconfdir.patch
diff --git a/meta-security/meta-tpm/recipes-tpm/trousers/files/get-user-ps-path-use-POSIX-getpwent-instead-of-getpwe.patch b/meta-security/meta-tpm/recipes-tpm1/trousers/files/get-user-ps-path-use-POSIX-getpwent-instead-of-getpwe.patch
similarity index 100%
rename from meta-security/meta-tpm/recipes-tpm/trousers/files/get-user-ps-path-use-POSIX-getpwent-instead-of-getpwe.patch
rename to meta-security/meta-tpm/recipes-tpm1/trousers/files/get-user-ps-path-use-POSIX-getpwent-instead-of-getpwe.patch
diff --git a/meta-security/meta-tpm/recipes-tpm/trousers/files/tcsd.service b/meta-security/meta-tpm/recipes-tpm1/trousers/files/tcsd.service
similarity index 100%
rename from meta-security/meta-tpm/recipes-tpm/trousers/files/tcsd.service
rename to meta-security/meta-tpm/recipes-tpm1/trousers/files/tcsd.service
diff --git a/meta-security/meta-tpm/recipes-tpm/trousers/files/trousers-udev.rules b/meta-security/meta-tpm/recipes-tpm1/trousers/files/trousers-udev.rules
similarity index 100%
rename from meta-security/meta-tpm/recipes-tpm/trousers/files/trousers-udev.rules
rename to meta-security/meta-tpm/recipes-tpm1/trousers/files/trousers-udev.rules
diff --git a/meta-security/meta-tpm/recipes-tpm/trousers/files/trousers.init.sh b/meta-security/meta-tpm/recipes-tpm1/trousers/files/trousers.init.sh
similarity index 100%
rename from meta-security/meta-tpm/recipes-tpm/trousers/files/trousers.init.sh
rename to meta-security/meta-tpm/recipes-tpm1/trousers/files/trousers.init.sh
diff --git a/meta-security/meta-tpm/recipes-tpm/trousers/trousers_git.bb b/meta-security/meta-tpm/recipes-tpm1/trousers/trousers_git.bb
similarity index 100%
rename from meta-security/meta-tpm/recipes-tpm/trousers/trousers_git.bb
rename to meta-security/meta-tpm/recipes-tpm1/trousers/trousers_git.bb
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.5.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.5.bb
index ef73238..8119bb1 100644
--- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.5.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.5.bb
@@ -4,7 +4,7 @@
LIC_FILES_CHKSUM = "file://docs/LICENSE;md5=a846608d090aa64494c45fc147cc12e3"
SECTION = "tpm"
-DEPENDS = "tpm2-abrmd tpm2-tss openssl curl autoconf-archive"
+DEPENDS = "tpm2-tss openssl curl"
SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz"
@@ -13,6 +13,3 @@
UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases"
inherit autotools pkgconfig bash-completion
-
-# need tss-esys
-RDEPENDS:${PN} = "libtss2 tpm2-abrmd"
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb
index cc7e6ae..6386105 100644
--- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb
@@ -18,7 +18,7 @@
inherit autotools pkgconfig systemd useradd
-PACKAGECONFIG ??= "vendor"
+PACKAGECONFIG ??= ""
PACKAGECONFIG[oxygen] = ",--disable-doxygen-doc, "
PACKAGECONFIG[fapi] = "--enable-fapi,--disable-fapi,curl json-c util-linux-libuuid "
PACKAGECONFIG[policy] = "--enable-policy,--disable-policy,json-c util-linux-libuuid "