commit f1e440673465aa768f31e78c0c201002f9f767b7
author Andrew Geissler <geissonator@yahoo.com> Thu Apr 15 15:52:46 2021 -0500
committer Brad Bishop <bradleyb@fuzziesquirrel.com> Mon Apr 19 13:32:18 2021 +0000
tree 44dffb1d845b35c3f4bf0629a622d8ae04abda41
parent 636aaa195862ab9a5442c3178e38266debab3bff

meta-security: subtree update:775870980b..ca9264b1e1

Anton Antonov (4):
      Use libest "main" branch instead of "master".
      Add meta-parsec layer into meta-security.
      Define secure images with parsec-service and parsec-tool included and add the images into gitlab CI
      Clearly define clang toolchain in Parsec recipes

Armin Kuster (16):
      packagegroup-core-security: drop clamav-cvd
      clamav: upgrade 104.0
      python3-privacyidea: upgrade 3.5.1 -> 3.5.2
      clamav: fix systemd service install
      swtpm: now need python-cryptography, pull in layer
      swtpm: file pip3 issue
      swtpm: fix check for tscd deamon on host
      python3-suricata-update: update to 1.2.1
      suricata: update to 6.0.2
      layer.conf: add dynamic-layer for rust pkg
      README: cleanup
      .gitlab-ci.yml: reorder to speed up builds
      kas-security-base.yml: tweek build vars
      gitlab-ci: fine tune order
      clamav: remove rest of mirror.dat ref
      lkrg-module: Add Linux Kernel Runtime Guard

Ming Liu (2):
      meta: drop IMA_POLICY from policy recipes
      initramfs-framework-ima: introduce IMA_FORCE

Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Ifac35a0d7b7e724f1e30dce5f6634d5d4fc9b5b9

meta-security/meta-parsec/recipes-parsec/parsec-service/parsec-service_0.7.0.bb

diff --git a/meta-security/meta-parsec/recipes-parsec/parsec-service/parsec-service_0.7.0.bb b/meta-security/meta-parsec/recipes-parsec/parsec-service/parsec-service_0.7.0.bb
new file mode 100644
index 0000000..0e14955
--- /dev/null
+++ b/meta-security/meta-parsec/recipes-parsec/parsec-service/parsec-service_0.7.0.bb
@@ -0,0 +1,67 @@
+SUMMARY = "Platform AbstRaction for SECurity Daemon"
+HOMEPAGE = "https://github.com/parallaxsecond/parsec"
+LICENSE = "Apache-2.0"
+
+inherit cargo
+
+SRC_URI += "crate://crates.io/parsec-service/${PV} \
+            file://parsec_init \
+            file://systemd.patch \
+            file://parsec-tmpfiles.conf \
+"
+
+DEPENDS = "tpm2-tss"
+TOOLCHAIN = "clang"
+
+CARGO_BUILD_FLAGS += " --features all-providers,cryptoki/generate-bindings,tss-esapi/generate-bindings"
+
+inherit systemd
+SYSTEMD_SERVICE_${PN} = "parsec.service"
+
+inherit update-rc.d
+INITSCRIPT_NAME = "parsec"
+
+# A local file can be defined in build/local.conf
+# The file should also be included into SRC_URI then
+PARSEC_CONFIG ?= "${S}/config.toml"
+
+do_install_append () {
+    # Binaries
+    install -d -m 700 -o parsec -g parsec "${D}${libexecdir}/parsec"
+    install -m 700 -o parsec -g parsec "${WORKDIR}/build/target/${CARGO_TARGET_SUBDIR}/parsec" ${D}${libexecdir}/parsec/parsec
+
+    # Config file
+    install -d -m 700 -o parsec -g parsec "${D}${sysconfdir}/parsec"
+    install -m 400 -o parsec -g parsec "${PARSEC_CONFIG}" ${D}${sysconfdir}/parsec/config.toml
+
+    # Data dir
+    install -d -m 700 -o parsec -g parsec "${D}${localstatedir}/lib/parsec"
+
+    if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+        install -d ${D}${systemd_unitdir}/system
+        install -m 644 ${S}/systemd-daemon/parsec.service ${D}${systemd_unitdir}/system
+
+        install -d ${D}${libdir}/tmpfiles.d
+        install -m 644 ${WORKDIR}/parsec-tmpfiles.conf ${D}${libdir}/tmpfiles.d
+    fi
+
+    if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then
+        install -d ${D}${sysconfdir}/init.d
+        install -m 755 ${WORKDIR}/parsec_init ${D}${sysconfdir}/init.d/parsec
+    fi
+}
+
+inherit useradd
+USERADD_PACKAGES = "${PN}"
+USERADD_PARAM_${PN} = "-r -g parsec -s /bin/false -d ${localstatedir}/lib/parsec parsec"
+GROUPADD_PARAM_${PN} = "-r parsec"
+
+FILES_${PN} += " \
+    ${sysconfdir}/parsec/config.toml \
+    ${libexecdir}/parsec/parsec \
+    ${systemd_unitdir}/system/parsec.service \
+    ${libdir}/tmpfiles.d/parsec-tmpfiles.conf \
+    ${sysconfdir}/init.d/parsec \
+"
+
+require parsec-service_${PV}.inc