subtree updates
meta-security: b9bc938785..1856a7cf43:
Armin Kuster (1):
scap-security-guide: update to 0.1.69+
Lei Maohui (2):
paxctl: Fix do_package QA Issue.
ccs-tools: Fix do_package QA Issue.
Martin Jansa (1):
layer.conf: update LAYERSERIES_COMPAT for nanbield
Yi Zhao (1):
scap-security-guide: pass the correct cpe/schemas/xsl paths to oscap
meta-arm: 992c07f7c0..bd0953cc60:
Abdellatif El Khlifi (1):
arm-bsp/u-boot: corstone1000: detect the kernel size automatically
Anusmita Dutta Mazumder (5):
arm-bsp/u-boot: corstone1000: add unique firmware GUID
arm-bsp/trusted-firmware-m: corstone1000: add unique firmware GUID
arm-bsp/scp-firmware: Update N1SDP scp-firmware version
arm-bsp/n1sdp: Enable tests with pseudo trusted application
CI: Build custom image for N1SDP optee-xtest
Delane Brandy (1):
arm-bsp/corstone1000: mmc2-enablement
Emekcan Aras (2):
arm-bsp/trusted-firmware-a: corstone1000: Update TF-A v2.9
arm-bsp/optee-os: corstone1000: Update optee-os v3.22
Javier Tia (1):
optee-client: Add path condition to tee-supplicant.service
Jon Mason (14):
arm/trusted-firmware-a: update to 2.9.0
arm-bsp/juno: update kernel to 6.4
arm/linux-yocto: change defconfig patch for 6.4
arm/hafnium: update to v2.8
arm/linux-yocto: update kernel patches
arm/trusted-services: add SRCREV_FORMAT
arm-bsp/tc1: update optee
arm-bsp/fvp-baser-aemv8r64: update u-boot to 2023.01
arm-bsp/corstone500: upgrade u-boot to the latest
arm-bsp/corstone500: removal of support
arm: patch clean-ups
arm/edk2: update to 202305 version
arm/sbsa-acs: update to v7.1.2
arm-bsp/trusted-firmware-a: remove unneeded patches
Mariam Elshakfy (2):
arm-bsp/trusted-firmware-a: Update TF-A version for N1SDP
arm-bsp/n1sdp: Update edk2-firmware version for N1SDP to 202305
Ross Burton (3):
kas/: pass through DISPLAY from environment
Remove explicit SRCPV
arm-bsp/external-system: set PACKAGE_ARCH as this is machine-specific
meta-raspberrypi: 5e2f79a6fa..6501ec892c:
Andrei Gherzan (2):
ci: Add usrmerge to distro features
docs: Fix documentation theme
Sangmo Kang (1):
omxplayer: fix an error caused by new srcrev fetcher API
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
diff --git a/meta-security/recipes-compliance/scap-security-guide/scap-security-guide_0.1.69.bb b/meta-security/recipes-compliance/scap-security-guide/scap-security-guide_0.1.69.bb
new file mode 100644
index 0000000..ac839de
--- /dev/null
+++ b/meta-security/recipes-compliance/scap-security-guide/scap-security-guide_0.1.69.bb
@@ -0,0 +1,93 @@
+# Copyright (C) 2017 - 2023 Armin Kuster <akuster808@gmail.com>
+# Released under the MIT license (see COPYING.MIT for the terms)
+
+SUMARRY = "SCAP content for various platforms, upstream version"
+HOME_URL = "https://www.open-scap.org/security-policies/scap-security-guide/"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=9bfa86579213cb4c6adaffface6b2820"
+LICENSE = "BSD-3-Clause"
+
+SRCREV = "d09e81ae00509a9be4b01359166cfbece06e47f4"
+SRC_URI = "git://github.com/ComplianceAsCode/content.git;branch=master;protocol=https \
+ file://run_eval.sh \
+ file://run-ptest \
+ file://0002-scap-security-guide-Add-Poky-support.patch \
+ "
+
+
+DEPENDS = "openscap-native python3-pyyaml-native python3-jinja2-native libxml2-native expat-native coreutils-native"
+
+S = "${WORKDIR}/git"
+B = "${S}/build"
+
+inherit cmake pkgconfig python3native python3targetconfig ptest
+
+STAGING_OSCAP_BUILDDIR = "${TMPDIR}/work-shared/openscap/oscap-build-artifacts"
+export OSCAP_CPE_PATH="${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/cpe"
+export OSCAP_SCHEMA_PATH="${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/schemas"
+export OSCAP_XSLT_PATH="${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/xsl"
+
+OECMAKE_GENERATOR = "Unix Makefiles"
+
+EXTRA_OECMAKE += "-DENABLE_PYTHON_COVERAGE=OFF -DSSG_PRODUCT_DEFAULT=OFF -DSSG_PRODUCT_OPENEMBEDDED=ON"
+
+do_configure[depends] += "openscap-native:do_install"
+
+do_configure:prepend () {
+ sed -i -e 's:NAMES\ sed:NAMES\ ${HOSTTOOLS_DIR}/sed:g' ${S}/CMakeLists.txt
+ sed -i -e 's:NAMES\ grep:NAMES\ ${HOSTTOOLS_DIR}/grep:g' ${S}/CMakeLists.txt
+}
+
+do_install:append() {
+ install -d ${D}${datadir}/openscap
+ install ${WORKDIR}/run_eval.sh ${D}${datadir}/openscap/.
+}
+
+do_compile_ptest() {
+ cd ${S}/build
+ cmake ../
+ make
+}
+
+do_install_ptest() {
+
+ # remove host & work dir from tests
+ for x in $(find ${S}/build -type f) ;
+ do
+ sed -e 's#${HOSTTOOLS_DIR}/##g' \
+ -e 's#${RECIPE_SYSROOT_NATIVE}##g' \
+ -e 's#${WORKDIR}#${PTEST_PATH}#g' \
+ -e 's#/.*/xmllint#/usr/bin/xmllint#g' \
+ -e 's#/.*/oscap#/usr/bin/oscap#g' \
+ -e 's#/python3-native##g' \
+ -i ${x}
+ done
+
+ for x in $(find ${S}/build-scripts -type f) ;
+ do
+ sed -i -e '1s|^#!.*|#!/usr/bin/env python3|' ${x}
+ done
+
+ for x in $(find ${S}/tests -type f) ;
+ do
+ sed -i -e '1s|^#!.*|#!/usr/bin/env python3|' ${x}
+ done
+
+ for x in $(find ${S}/utils -type f) ;
+ do
+ sed -i -e '1s|^#!.*|#!/usr/bin/env python3|' ${x}
+ done
+
+ PDIRS="apple_os build controls products shared components applications linux_os ocp-resources tests utils ssg build-scripts"
+ t=${D}/${PTEST_PATH}/git
+ for d in ${PDIRS}; do
+ install -d ${t}/$d
+ cp -fr ${S}/$d/* ${t}/$d/.
+ done
+}
+
+FILES:${PN} += "${datadir}/xml ${datadir}/openscap"
+
+RDEPENDS:${PN} = "openscap"
+RDEPENDS:${PN}-ptest = "cmake grep sed bash git python3 python3-modules python3-mypy python3-pyyaml python3-yamlpath python3-xmldiff python3-json2html python3-pandas python3-openpyxl python3-pytest libxml2-utils libxslt-bin"
+
+COMPATIBLE_HOST:libc-musl = "null"