meta-security: subtree update:a85fbe980e..c20b35b527
Anton Antonov (1):
Parsec service. Update PACKAGECONFIG definitions and README.md
Armin Kuster (20):
python3-fail2ban: fix build failure and cleanup
meta-parsec/README: remove rust layer req.
opendnssec: blacklist do to ldns being blacklisted
apparmor: Add a python 3.10 compatability patch
tpm2-tools: update to 5.2
openssl-tpm-engine: fix build issue with openssl 3
tpm2-openssl: add new pkg
tpm2-pkcs11: update to 1.7.0
recipes: Update SRC_URI branch and protocols
sssd: Create /var/log/sssd in runtime
bastille: Create /var/log/Bastille in runtime
python3-fail2ban: remove /run
tpm2-pkcs11: update to 1.7.0
libest: does not build with openssl 3.x
clamav: fix useradd warning
python3-fail2ban: update to tip
tpm2-pkcs11: backport openssl 3.x build fixes
packagegroup-security-tpm2: drop ibmswtpm2
meta-integrity: drop strongswan bbappends
meta-tpm: drop strongswan bbappends
Kai Kang (2):
sssd: re-package to fix QA issues
apparmor: fix warning of remove operator combined with +=
Kristian Klausen (2):
swtpm: update to 0.6.1
dm-verity-img.bbclass: Fix wrong override syntax for CONVERSION_DEPENDS
Liwei Song (1):
recipes-security/chipsec: platform security assessment framework
Stefan Mueller-Klieser (1):
tpm2-tss: fix fapi package config
Yi Zhao (2):
openssl-tpm-engine: fix warning for append operator combined with +=
meta-parsec/README.md: fix for append operator combined with +=
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I2156e47cf3f4f45daa2b60a73e3b46be3b6a86c0
diff --git a/meta-security/recipes-security/bastille/bastille_3.2.1.bb b/meta-security/recipes-security/bastille/bastille_3.2.1.bb
index 72281c5..2d82983 100644
--- a/meta-security/recipes-security/bastille/bastille_3.2.1.bb
+++ b/meta-security/recipes-security/bastille/bastille_3.2.1.bb
@@ -48,7 +48,6 @@
install -d ${D}${datadir}/Bastille/OSMap/Modules
install -d ${D}${datadir}/Bastille/Questions
install -d ${D}${datadir}/Bastille/FKL/configs/
- install -d ${D}${localstatedir}/log/Bastille
install -d ${D}${sysconfdir}/Bastille
install -m 0755 AutomatedBastille ${D}${sbindir}
install -m 0755 BastilleBackEnd ${D}${sbindir}
@@ -148,6 +147,20 @@
${THISDIR}/files/set_required_questions.py ${D}${sysconfdir}/Bastille/config ${D}${datadir}/Bastille/Questions
ln -s RevertBastille ${D}${sbindir}/UndoBastille
+
+ # Create /var/log/Bastille in runtime.
+ if [ "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" ]; then
+ install -d ${D}${nonarch_libdir}/tmpfiles.d
+ echo "d ${localstatedir}/log/Bastille - - - -" > ${D}${nonarch_libdir}/tmpfiles.d/Bastille.conf
+ fi
+ if [ "${@bb.utils.filter('DISTRO_FEATURES', 'sysvinit', d)}" ]; then
+ install -d ${D}${sysconfdir}/default/volatiles
+ echo "d root root 0755 ${localstatedir}/log/Bastille none" > ${D}${sysconfdir}/default/volatiles/99_Bastille
+ fi
}
-FILES:${PN} += "${datadir}/Bastille ${libdir}/Bastille ${libdir}/perl* ${sysconfdir}/*"
+FILES:${PN} += "${datadir}/Bastille \
+ ${libdir}/Bastille \
+ ${libdir}/perl* \
+ ${sysconfdir}/* \
+ ${nonarch_libdir}/tmpfiles.d"
diff --git a/meta-security/recipes-security/chipsec/chipsec_git.bb b/meta-security/recipes-security/chipsec/chipsec_git.bb
new file mode 100644
index 0000000..e265a08
--- /dev/null
+++ b/meta-security/recipes-security/chipsec/chipsec_git.bb
@@ -0,0 +1,35 @@
+SUMMARY = "CHIPSEC: Platform Security Assessment Framework"
+
+DESCRIPTION = "CHIPSEC is a framework for analyzing the security \
+ of PC platforms including hardware, system firmware \
+ (BIOS/UEFI), and platform components."
+
+LICENSE = "GPLv2"
+LIC_FILES_CHKSUM = "file://COPYING;md5=bc2d1f9b427be5fb63f6af9da56f7c5d"
+
+SRC_URI = "git://github.com/chipsec/chipsec.git;branch=master;protocol=https \
+ "
+
+SRCREV = "b2a61684826dc8b9f622a844a40efea579cd7e7d"
+
+COMPATIBLE_HOST = "(i.86|x86_64).*-linux"
+
+S = "${WORKDIR}/git"
+EXTRA_OEMAKE = "CC='${CC}' LDFLAGS='${LDFLAGS}' CFLAGS='${CFLAGS}'"
+
+DEPENDS = "virtual/kernel nasm-native python3-setuptools-native"
+RDEPENDS:${PN} += "python3 python3-modules"
+
+inherit module distutils3
+
+do_compile:append() {
+ cd ${S}/drivers/linux
+ oe_runmake KSRC=${STAGING_KERNEL_BUILDDIR}
+}
+
+do_install:append() {
+ install -m 0644 ${S}/drivers/linux/chipsec.ko ${D}${PYTHON_SITEPACKAGES_DIR}/chipsec/helper/linux
+}
+
+FILES:${PN} += "${exec_prefix} \
+"
diff --git a/meta-security/recipes-security/fail2ban/files/fail2ban_setup.py b/meta-security/recipes-security/fail2ban/files/fail2ban_setup.py
deleted file mode 100755
index e231949..0000000
--- a/meta-security/recipes-security/fail2ban/files/fail2ban_setup.py
+++ /dev/null
@@ -1,174 +0,0 @@
-# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
-# vi: set ft=python sts=4 ts=4 sw=4 noet :
-
-# This file is part of Fail2Ban.
-#
-# Fail2Ban is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# Fail2Ban is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-
-__author__ = "Cyril Jaquier, Steven Hiscocks, Yaroslav Halchenko"
-__copyright__ = "Copyright (c) 2004 Cyril Jaquier, 2008-2016 Fail2Ban Contributors"
-__license__ = "GPL"
-
-import platform
-
-try:
- import setuptools
- from setuptools import setup
- from setuptools.command.install import install
- from setuptools.command.install_scripts import install_scripts
-except ImportError:
- setuptools = None
- from distutils.core import setup
-
-# all versions
-from distutils.command.build_py import build_py
-from distutils.command.build_scripts import build_scripts
-if setuptools is None:
- from distutils.command.install import install
- from distutils.command.install_scripts import install_scripts
-try:
- # python 3.x
- from distutils.command.build_py import build_py_2to3
- from distutils.command.build_scripts import build_scripts_2to3
- _2to3 = True
-except ImportError:
- # python 2.x
- _2to3 = False
-
-import os
-from os.path import isfile, join, isdir, realpath
-import sys
-import warnings
-from glob import glob
-
-from fail2ban.setup import updatePyExec
-
-if setuptools and "test" in sys.argv:
- import logging
- logSys = logging.getLogger("fail2ban")
- hdlr = logging.StreamHandler(sys.stdout)
- fmt = logging.Formatter("%(asctime)-15s %(message)s")
- hdlr.setFormatter(fmt)
- logSys.addHandler(hdlr)
- if set(["-q", "--quiet"]) & set(sys.argv):
- logSys.setLevel(logging.CRITICAL)
- warnings.simplefilter("ignore")
- sys.warnoptions.append("ignore")
- elif set(["-v", "--verbose"]) & set(sys.argv):
- logSys.setLevel(logging.DEBUG)
- else:
- logSys.setLevel(logging.INFO)
-elif "test" in sys.argv:
- print("python distribute required to execute fail2ban tests")
- print("")
-
-longdesc = '''
-Fail2Ban scans log files like /var/log/pwdfail or
-/var/log/apache/error_log and bans IP that makes
-too many password failures. It updates firewall rules
-to reject the IP address or executes user defined
-commands.'''
-
-if setuptools:
- setup_extra = {
- 'test_suite': "fail2ban.tests.utils.gatherTests",
- 'use_2to3': True,
- }
-else:
- setup_extra = {}
-
-data_files_extra = []
-
-# Installing documentation files only under Linux or other GNU/ systems
-# (e.g. GNU/kFreeBSD), since others might have protective mechanisms forbidding
-# installation there (see e.g. #1233)
-platform_system = platform.system().lower()
-doc_files = ['README.md', 'DEVELOP', 'FILTERS', 'doc/run-rootless.txt']
-if platform_system in ('solaris', 'sunos'):
- doc_files.append('README.Solaris')
-if platform_system in ('linux', 'solaris', 'sunos') or platform_system.startswith('gnu'):
- data_files_extra.append(
- ('/usr/share/doc/fail2ban', doc_files)
- )
-
-# Get version number, avoiding importing fail2ban.
-# This is due to tests not functioning for python3 as 2to3 takes place later
-exec(open(join("fail2ban", "version.py")).read())
-
-setup(
- name = "fail2ban",
- version = version,
- description = "Ban IPs that make too many password failures",
- long_description = longdesc,
- author = "Cyril Jaquier & Fail2Ban Contributors",
- author_email = "cyril.jaquier@fail2ban.org",
- url = "http://www.fail2ban.org",
- license = "GPL",
- platforms = "Posix",
- cmdclass = {
- 'build_py': build_py, 'build_scripts': build_scripts,
- },
- scripts = [
- 'bin/fail2ban-client',
- 'bin/fail2ban-server',
- 'bin/fail2ban-regex',
- 'bin/fail2ban-testcases',
- # 'bin/fail2ban-python', -- link (binary), will be installed via install_scripts_f2b wrapper
- ],
- packages = [
- 'fail2ban',
- 'fail2ban.client',
- 'fail2ban.server',
- 'fail2ban.tests',
- 'fail2ban.tests.action_d',
- ],
- package_data = {
- 'fail2ban.tests':
- [ join(w[0], f).replace("fail2ban/tests/", "", 1)
- for w in os.walk('fail2ban/tests/files')
- for f in w[2]] +
- [ join(w[0], f).replace("fail2ban/tests/", "", 1)
- for w in os.walk('fail2ban/tests/config')
- for f in w[2]] +
- [ join(w[0], f).replace("fail2ban/tests/", "", 1)
- for w in os.walk('fail2ban/tests/action_d')
- for f in w[2]]
- },
- data_files = [
- ('/etc/fail2ban',
- glob("config/*.conf")
- ),
- ('/etc/fail2ban/filter.d',
- glob("config/filter.d/*.conf")
- ),
- ('/etc/fail2ban/filter.d/ignorecommands',
- [p for p in glob("config/filter.d/ignorecommands/*") if isfile(p)]
- ),
- ('/etc/fail2ban/action.d',
- glob("config/action.d/*.conf") +
- glob("config/action.d/*.py")
- ),
- ('/etc/fail2ban/fail2ban.d',
- ''
- ),
- ('/etc/fail2ban/jail.d',
- ''
- ),
- ('/var/lib/fail2ban',
- ''
- ),
- ] + data_files_extra,
- **setup_extra
-)
diff --git a/meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb b/meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
index ed75a0e..f6394cc 100644
--- a/meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
+++ b/meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
@@ -9,10 +9,9 @@
LICENSE = "GPL-2.0"
LIC_FILES_CHKSUM = "file://COPYING;md5=ecabc31e90311da843753ba772885d9f"
-SRCREV ="eea1881b734b73599a21df2bfbe58b11f78d0a46"
-SRC_URI = " git://github.com/fail2ban/fail2ban.git;branch=0.11 \
+SRCREV ="4fe4ac8dde6ba14841da598ec37f8c6911fe0f64"
+SRC_URI = " git://github.com/fail2ban/fail2ban.git;branch=0.11;protocol=https \
file://initd \
- file://fail2ban_setup.py \
file://run-ptest \
"
@@ -20,17 +19,18 @@
S = "${WORKDIR}/git"
-do_compile:prepend () {
- cp ${WORKDIR}/fail2ban_setup.py ${S}/setup.py
+do_compile () {
cd ${S}
./fail2ban-2to3
}
do_install:append () {
+ rm -f ${D}/${bindir}/fail2ban-python
install -d ${D}/${sysconfdir}/fail2ban
install -d ${D}/${sysconfdir}/init.d
install -m 0755 ${WORKDIR}/initd ${D}${sysconfdir}/init.d/fail2ban-server
chown -R root:root ${D}/${bindir}
+ rm -rf ${D}/run
}
do_install_ptest:append () {
@@ -38,9 +38,9 @@
install -d ${D}${PTEST_PATH}/bin
sed -i -e 's/##PYTHON##/${PYTHON_PN}/g' ${D}${PTEST_PATH}/run-ptest
install -D ${S}/bin/* ${D}${PTEST_PATH}/bin
+ rm -f ${D}${PTEST_PATH}/bin/fail2ban-python
}
-FILES:${PN} += "/run"
INITSCRIPT_PACKAGES = "${PN}"
INITSCRIPT_NAME = "fail2ban-server"
diff --git a/meta-security/recipes-security/fscrypt/fscrypt_1.0.0.bb b/meta-security/recipes-security/fscrypt/fscrypt_1.0.0.bb
index a70d310..66bf429 100644
--- a/meta-security/recipes-security/fscrypt/fscrypt_1.0.0.bb
+++ b/meta-security/recipes-security/fscrypt/fscrypt_1.0.0.bb
@@ -14,7 +14,7 @@
DEPENDS += "go-dep-native libpam"
SRCREV = "92b1e9a8670ccd3916a7d24a06cab1e4c9815bc4"
-SRC_URI = "git://github.com/google/fscrypt.git"
+SRC_URI = "git://github.com/google/fscrypt.git;branch=master;protocol=https"
GO_IMPORT = "import"
S = "${WORKDIR}/git"
diff --git a/meta-security/recipes-security/fscryptctl/fscryptctl_1.0.0.bb b/meta-security/recipes-security/fscryptctl/fscryptctl_1.0.0.bb
index 26f549b..d319e48 100644
--- a/meta-security/recipes-security/fscryptctl/fscryptctl_1.0.0.bb
+++ b/meta-security/recipes-security/fscryptctl/fscryptctl_1.0.0.bb
@@ -10,7 +10,7 @@
LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
SRCREV = "56b898c896240328adef7407090215abbe9ee03d"
-SRC_URI = "git://github.com/google/fscryptctl.git"
+SRC_URI = "git://github.com/google/fscryptctl.git;branch=master;protocol=https"
S = "${WORKDIR}/git"
diff --git a/meta-security/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.08.bb b/meta-security/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.08.bb
index 4ab8374..e8ddf29 100644
--- a/meta-security/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.08.bb
+++ b/meta-security/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.08.bb
@@ -3,7 +3,7 @@
LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
LICENSE = "Apache-2.0"
-SRC_URI = "git://github.com/google/google-authenticator-libpam.git"
+SRC_URI = "git://github.com/google/google-authenticator-libpam.git;branch=master;protocol=https"
SRCREV = "2c7415d950fb0b4a7f779f045910666447b100ef"
DEPENDS = "libpam"
diff --git a/meta-security/recipes-security/libest/libest_3.2.0.bb b/meta-security/recipes-security/libest/libest_3.2.0.bb
index fda2df4..41a4025 100644
--- a/meta-security/recipes-security/libest/libest_3.2.0.bb
+++ b/meta-security/recipes-security/libest/libest_3.2.0.bb
@@ -6,7 +6,7 @@
LIC_FILES_CHKSUM = "file://LICENSE;md5=ecb78acde8e3b795de8ef6b61aed5885"
SRCREV = "4ca02c6d7540f2b1bcea278a4fbe373daac7103b"
-SRC_URI = "git://github.com/cisco/libest;branch=main"
+SRC_URI = "git://github.com/cisco/libest;branch=main;protocol=https"
DEPENDS = "openssl"
@@ -25,3 +25,6 @@
PACKAGES = "${PN} ${PN}-dbg ${PN}-dev"
FILES:${PN} = "${bindir}/* ${libdir}/libest-3.2.0p.so"
+
+# https://github.com/cisco/libest/issues/104
+PNBLACKLIST[libest] ?= "Needs porting to openssl 3.x"
diff --git a/meta-security/recipes-security/libmspack/libmspack_1.9.1.bb b/meta-security/recipes-security/libmspack/libmspack_1.9.1.bb
index 8c288be..65db10f 100644
--- a/meta-security/recipes-security/libmspack/libmspack_1.9.1.bb
+++ b/meta-security/recipes-security/libmspack/libmspack_1.9.1.bb
@@ -7,7 +7,7 @@
LIC_FILES_CHKSUM = "file://COPYING.LIB;beginline=1;endline=2;md5=5b1fd1f66ef926b3c8a5bb00a72a28dd"
SRCREV = "63d3faf90423a4a6c174539a7d32111a840adadc"
-SRC_URI = "git://github.com/kyz/libmspack.git"
+SRC_URI = "git://github.com/kyz/libmspack.git;branch=master;protocol=https"
inherit autotools
diff --git a/meta-security/recipes-security/ncrack/ncrack_0.7.bb b/meta-security/recipes-security/ncrack/ncrack_0.7.bb
index 8b221e5..f151e4e 100644
--- a/meta-security/recipes-security/ncrack/ncrack_0.7.bb
+++ b/meta-security/recipes-security/ncrack/ncrack_0.7.bb
@@ -7,7 +7,7 @@
LIC_FILES_CHKSUM = "file://COPYING;beginline=7;endline=12;md5=66938a7e5b4c118eda78271de14874c2"
SRCREV = "dc570e7e3cec1fb176c0168eaedc723084bd0426"
-SRC_URI = "git://github.com/nmap/ncrack.git"
+SRC_URI = "git://github.com/nmap/ncrack.git;branch=master;protocol=https"
DEPENDS = "openssl zlib"
diff --git a/meta-security/recipes-security/nikto/nikto_2.1.6.bb b/meta-security/recipes-security/nikto/nikto_2.1.6.bb
index 242f3ac..8542d69 100644
--- a/meta-security/recipes-security/nikto/nikto_2.1.6.bb
+++ b/meta-security/recipes-security/nikto/nikto_2.1.6.bb
@@ -7,7 +7,7 @@
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6"
SRCREV = "f1bbd1a8756c076c8fd4f4dd0bc34a8ef215ae79"
-SRC_URI = "git://github.com/sullo/nikto.git \
+SRC_URI = "git://github.com/sullo/nikto.git;branch=master;protocol=https \
file://location.patch"
S = "${WORKDIR}/git/program"
diff --git a/meta-security/recipes-security/opendnssec/opendnssec_2.1.9.bb b/meta-security/recipes-security/opendnssec/opendnssec_2.1.10.bb
similarity index 88%
rename from meta-security/recipes-security/opendnssec/opendnssec_2.1.9.bb
rename to meta-security/recipes-security/opendnssec/opendnssec_2.1.10.bb
index 6c1bd46..6b53711 100644
--- a/meta-security/recipes-security/opendnssec/opendnssec_2.1.9.bb
+++ b/meta-security/recipes-security/opendnssec/opendnssec_2.1.10.bb
@@ -10,7 +10,7 @@
file://libdns_conf_fix.patch \
"
-SRC_URI[sha256sum] = "6d1d466c8d7f507f3e665f4bfe4d16a68d6bff9d7c2ab65f852e2b2a821c28b5"
+SRC_URI[sha256sum] = "c0a8427de241118dccbf7abc508e4dd53fb75b45e9f386addbadae7ecc092756"
inherit autotools pkgconfig perlnative
@@ -32,3 +32,5 @@
}
RDEPENDS:${PN} = "softhsm"
+
+PNBLACKLIST[opendnssec] ?= "Needs porting to openssl 3.x"
diff --git a/meta-security/recipes-security/sssd/sssd_2.5.2.bb b/meta-security/recipes-security/sssd/sssd_2.5.2.bb
index 76d6e03..8bc8787 100644
--- a/meta-security/recipes-security/sssd/sssd_2.5.2.bb
+++ b/meta-security/recipes-security/sssd/sssd_2.5.2.bb
@@ -86,13 +86,23 @@
rmdir --ignore-fail-on-non-empty "${D}/${bindir}"
install -d ${D}/${sysconfdir}/${BPN}
install -m 600 ${WORKDIR}/${BPN}.conf ${D}/${sysconfdir}/${BPN}
- install -D -m 644 ${WORKDIR}/volatiles.99_sssd ${D}/${sysconfdir}/default/volatiles/99_sssd
+
+ # /var/log/sssd needs to be created in runtime. Use rmdir to catch if
+ # upstream stops creating /var/log/sssd, or adds something else in
+ # /var/log.
+ rmdir ${D}${localstatedir}/log/${BPN} ${D}${localstatedir}/log
+ rmdir --ignore-fail-on-non-empty ${D}${localstatedir}
if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
install -d ${D}${sysconfdir}/tmpfiles.d
echo "d /var/log/sssd 0750 - - - -" > ${D}${sysconfdir}/tmpfiles.d/sss.conf
fi
+ if [ "${@bb.utils.filter('DISTRO_FEATURES', 'sysvinit', d)}" ]; then
+ install -d ${D}${sysconfdir}/default/volatiles
+ echo "d ${SSSD_UID}:${SSSD_GID} 0755 ${localstatedir}/log/${BPN} none" > ${D}${sysconfdir}/default/volatiles/99_${BPN}
+ fi
+
# Remove /run as it is created on startup
rm -rf ${D}/run
@@ -106,6 +116,8 @@
chown ${SSSD_UID}:${SSSD_GID} ${sysconfdir}/${BPN}/${BPN}.conf
}
+FILES:${PN} += "${nonarch_libdir}/tmpfiles.d"
+
CONFFILES:${PN} = "${sysconfdir}/${BPN}/${BPN}.conf"
INITSCRIPT_NAME = "sssd"
@@ -125,10 +137,14 @@
"
SYSTEMD_AUTO_ENABLE = "disable"
-FILES:${PN} += "${libdir} ${datadir} ${base_libdir}/security/pam_sss*.so"
-FILES:${PN}-dev = " ${includedir}/* ${libdir}/*la ${libdir}/*/*la"
+PACKAGES =+ "libsss-sudo"
+ALLOW_EMPTY:libsss-sudo = "1"
-# The package contains symlinks that trip up insane
-INSANE_SKIP:${PN} = "dev-so"
+FILES:${PN} += "${base_libdir}/security/pam_sss*.so \
+ ${datadir}/dbus-1/system-services/*.service \
+ ${libdir}/krb5/* \
+ ${libdir}/ldb/* \
+ "
+FILES:libsss-sudo = "${libdir}/libsss_sudo.so"
-RDEPENDS:${PN} = "bind bind-utils dbus libldb libpam"
+RDEPENDS:${PN} = "bind bind-utils dbus libldb libpam libsss-sudo"