meta-security: subtree update:775870980b..ca9264b1e1
Anton Antonov (4):
Use libest "main" branch instead of "master".
Add meta-parsec layer into meta-security.
Define secure images with parsec-service and parsec-tool included and add the images into gitlab CI
Clearly define clang toolchain in Parsec recipes
Armin Kuster (16):
packagegroup-core-security: drop clamav-cvd
clamav: upgrade 104.0
python3-privacyidea: upgrade 3.5.1 -> 3.5.2
clamav: fix systemd service install
swtpm: now need python-cryptography, pull in layer
swtpm: file pip3 issue
swtpm: fix check for tscd deamon on host
python3-suricata-update: update to 1.2.1
suricata: update to 6.0.2
layer.conf: add dynamic-layer for rust pkg
README: cleanup
.gitlab-ci.yml: reorder to speed up builds
kas-security-base.yml: tweek build vars
gitlab-ci: fine tune order
clamav: remove rest of mirror.dat ref
lkrg-module: Add Linux Kernel Runtime Guard
Ming Liu (2):
meta: drop IMA_POLICY from policy recipes
initramfs-framework-ima: introduce IMA_FORCE
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Ifac35a0d7b7e724f1e30dce5f6634d5d4fc9b5b9
diff --git a/meta-security/recipes-kernel/lkrg/files/makefile_cleanup.patch b/meta-security/recipes-kernel/lkrg/files/makefile_cleanup.patch
new file mode 100644
index 0000000..106dc3f
--- /dev/null
+++ b/meta-security/recipes-kernel/lkrg/files/makefile_cleanup.patch
@@ -0,0 +1,73 @@
+Upstream-Status: Pending
+
+This needs more work. Its my starting point.
+
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: lkrg-0.9.0/Makefile
+===================================================================
+--- lkrg-0.9.0.orig/Makefile
++++ lkrg-0.9.0/Makefile
+@@ -4,28 +4,10 @@
+ # Author:
+ # - Adam 'pi3' Zabrocki (http://pi3.com.pl)
+ ##
+-
+-P_OUTPUT = output
+ P_PWD ?= $(shell pwd)
+-P_KVER ?= $(shell uname -r)
+-P_BOOTUP_SCRIPT ?= scripts/bootup/lkrg-bootup.sh
+-TARGET := p_lkrg
+-ifneq ($(KERNELRELEASE),)
+- KERNEL := /lib/modules/$(KERNELRELEASE)/build
+-else
+- ## KERNELRELEASE not set.
+- KERNEL := /lib/modules/$(P_KVER)/build
+-endif
+-
+-#
+-# Uncomment for debug compilation
+-#
+-# ccflags-m := -ggdb -DP_LKRG_DEBUG_BUILD -finstrument-functions
+-# ccflags-y := ${ccflags-m}
+-# p_lkrg-objs += src/modules/print_log/p_lkrg_debug_log.o
+
+-obj-m += $(TARGET).o
+-$(TARGET)-objs += src/modules/ksyms/p_resolve_ksym.o \
++obj-m := p_lkrg.o
++p_lkrg-y := src/modules/ksyms/p_resolve_ksym.o \
+ src/modules/hashing/p_lkrg_fast_hash.o \
+ src/modules/comm_channel/p_comm_channel.o \
+ src/modules/integrity_timer/p_integrity_timer.o \
+@@ -91,23 +73,14 @@ $(TARGET)-objs += src/modules/ksyms/p_re
+ src/p_lkrg_main.o
+
+
+-all:
+-# $(MAKE) -C $(KERNEL) M=$(P_PWD) modules CONFIG_DEBUG_SECTION_MISMATCH=y
+- $(MAKE) -C $(KERNEL) M=$(P_PWD) modules
+- mkdir -p $(P_OUTPUT)
+- cp $(P_PWD)/$(TARGET).ko $(P_OUTPUT)
+-
+-install:
+- $(MAKE) -C $(KERNEL) M=$(P_PWD) modules_install
+- depmod -a
+- $(P_PWD)/$(P_BOOTUP_SCRIPT) install
+
+-uninstall:
+- $(P_PWD)/$(P_BOOTUP_SCRIPT) uninstall
++modules:
++ $(MAKE) -C $(KERNEL_SRC) M=$(P_PWD) modules
++
++modules_install:
++ $(MAKE) -C $(KERNEL_SRC) M=$(P_PWD) modules_install
+
+ clean:
+- $(MAKE) -C $(KERNEL) M=$(P_PWD) clean
+- $(RM) Module.markers modules.order
+- $(RM) $(P_PWD)/src/modules/kmod/client/kmod/Module.markers
+- $(RM) $(P_PWD)/src/modules/kmod/client/kmod/modules.order
+- $(RM) -rf $(P_OUTPUT)
++ rm -f *.o *~ core .depend .*.cmd *.ko *.mod.c
++ rm -f Module.markers Module.symvers modules.order
++ rm -rf .tmp_versions Modules.symvers