commit f1e440673465aa768f31e78c0c201002f9f767b7
author Andrew Geissler <geissonator@yahoo.com> Thu Apr 15 15:52:46 2021 -0500
committer Brad Bishop <bradleyb@fuzziesquirrel.com> Mon Apr 19 13:32:18 2021 +0000
tree 44dffb1d845b35c3f4bf0629a622d8ae04abda41
parent 636aaa195862ab9a5442c3178e38266debab3bff

meta-security: subtree update:775870980b..ca9264b1e1

Anton Antonov (4):
      Use libest "main" branch instead of "master".
      Add meta-parsec layer into meta-security.
      Define secure images with parsec-service and parsec-tool included and add the images into gitlab CI
      Clearly define clang toolchain in Parsec recipes

Armin Kuster (16):
      packagegroup-core-security: drop clamav-cvd
      clamav: upgrade 104.0
      python3-privacyidea: upgrade 3.5.1 -> 3.5.2
      clamav: fix systemd service install
      swtpm: now need python-cryptography, pull in layer
      swtpm: file pip3 issue
      swtpm: fix check for tscd deamon on host
      python3-suricata-update: update to 1.2.1
      suricata: update to 6.0.2
      layer.conf: add dynamic-layer for rust pkg
      README: cleanup
      .gitlab-ci.yml: reorder to speed up builds
      kas-security-base.yml: tweek build vars
      gitlab-ci: fine tune order
      clamav: remove rest of mirror.dat ref
      lkrg-module: Add Linux Kernel Runtime Guard

Ming Liu (2):
      meta: drop IMA_POLICY from policy recipes
      initramfs-framework-ima: introduce IMA_FORCE

Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Ifac35a0d7b7e724f1e30dce5f6634d5d4fc9b5b9

meta-security/.gitlab-ci.yml

diff --git a/meta-security/.gitlab-ci.yml b/meta-security/.gitlab-ci.yml
index 1442239..f673ef6 100644
--- a/meta-security/.gitlab-ci.yml
+++ b/meta-security/.gitlab-ci.yml
@@ -26,128 +26,104 @@
 qemux86:
   extends: .build
   script:
-  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml
+  - kas build --target security-build-image kas/$CI_JOB_NAME-parsec.yml
+  - kas build --target security-build-image kas/$CI_JOB_NAME-comp.yml
+  - kas build --target harden-image-minimal kas/$CI_JOB_NAME-harden.yml
+  - kas build --target integrity-image-minimal kas/$CI_JOB_NAME-ima.yml
 
 qemux86-64:
   extends: .build
   script:
-  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml
+  - kas build --target security-build-image kas/$CI_JOB_NAME-parsec.yml
+  - kas build --target dm-verity-image-initramfs kas/$CI_JOB_NAME-dm-verify.yml
+  - kas build --target integrity-image-minimal kas/$CI_JOB_NAME-ima.yml
 
 qemuarm:
   extends: .build
   script:
-  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml
+  - kas build --target security-build-image kas/$CI_JOB_NAME-parsec.yml
 
 qemuarm64:
   extends: .build
   script:
-  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml
+  - kas build --target security-build-image kas/$CI_JOB_NAME-parsec.yml
+  - kas build --target integrity-image-minimal kas/$CI_JOB_NAME-ima.yml
 
 qemuppc:
   extends: .build
   script:
-  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml
+  - kas build --target security-build-image kas/$CI_JOB_NAME-parsec.yml
 
 qemumips64:
   extends: .build
   script:
-  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml
 
 qemuriscv64:
   extends: .build
   script:
-  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml
 
 qemux86-64-tpm:
   extends: .build
   script:
-  - kas build --target security-tpm-image kas/$CI_JOB_NAME.yml 
-
-qemux86-64-tpm2:
-  extends: .build
-  script:
-  - kas build --target security-tpm2-image kas/$CI_JOB_NAME.yml 
+  - kas build --target security-tpm-image kas/$CI_JOB_NAME.yml
+  - kas build --target security-tpm2-image kas/$CI_JOB_NAME2.yml
 
 qemuarm64-tpm2:
   extends: .build
   script:
-  - kas build --target security-tpm2-image kas/$CI_JOB_NAME.yml 
-
-qemux86-ima:
-  extends: .build
-  script:
-  - kas build --target integrity-image-minimal kas/$CI_JOB_NAME.yml 
-
-qemux86-64-ima:
-  extends: .build
-  script:
-  - kas build --target integrity-image-minimal kas/$CI_JOB_NAME.yml 
-
-qemuarm64-ima:
-  extends: .build
-  script:
-  - kas build --target integrity-image-minimal kas/$CI_JOB_NAME.yml 
-
-qemux86-64-dm-verify:
-  extends: .build
-  script:
-  - kas build --target core-image-minimal kas/qemux86-64.yml 
-  - kas build --target dm-verity-image-initramfs kas/$CI_JOB_NAME.yml 
-
+  - kas build --target security-tpm2-image kas/$CI_JOB_NAME.yml
 
 qemuarm64-alt:
   extends: .build
   script:
-  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml
 
 qemuarm64-multi:
   extends: .build
   script:
-  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml
 
 qemumips64-alt:
   extends: .build
   script:
-  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml
 
 qemumips64-multi:
   extends: .build
   script:
-  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml
 
 qemux86-64-alt:
   extends: .build
   script:
-  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml
 
 qemux86-64-multi:
   extends: .build
   script:
-  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml
 
 qemux86-musl:
   extends: .build
   script:
-  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml
 
 qemuarm64-musl:
   extends: .build
   script:
-  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 
-
-qemux86-harden:
-  extends: .build
-  script:
-  - kas build --target harden-image-minimal kas/$CI_JOB_NAME.yml 
-
-qemux86-comp:
-  extends: .build
-  script:
-  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml
 
 qemux86-test:
   extends: .build
   allow_failure: true
   script:
-  - kas build --target security-test-image kas/$CI_JOB_NAME.yml 
-  - kas build -c testimage --target security-test-image kas/$CI_JOB_NAME.yml 
+  - kas build --target security-test-image kas/$CI_JOB_NAME.yml
+  - kas build -c testimage --target security-test-image kas/$CI_JOB_NAME.yml
+