| Richard Marian Thomaiyar | 14fddef | 2018-07-13 23:55:56 +0530 | [diff] [blame] | 1 | Meta-security |
| 2 | ============= |
| 3 | |
| Andrew Geissler | a1a6aef | 2021-06-25 14:23:58 -0500 | [diff] [blame] | 4 | The bbappend files for some recipes (e.g. linux-yocto) in this layer need |
| 5 | to have 'security' in DISTRO_FEATURES to have effect. |
| 6 | To enable them, add in configuration file the following line. |
| 7 | |
| Patrick Williams | 213cb26 | 2021-08-07 19:21:33 -0500 | [diff] [blame] | 8 | DISTRO_FEATURES:append = " security" |
| Andrew Geissler | a1a6aef | 2021-06-25 14:23:58 -0500 | [diff] [blame] | 9 | |
| 10 | If meta-security is included, but security is not enabled as a |
| 11 | distro feature a warning is printed at parse time: |
| 12 | |
| 13 | You have included the meta-security layer, but |
| 14 | 'security' has not been enabled in your DISTRO_FEATURES. Some bbappend files |
| 15 | and preferred version setting may not take effect. |
| 16 | |
| 17 | If you know what you are doing, this warning can be disabled by setting the following |
| 18 | variable in your configuration: |
| 19 | |
| 20 | SKIP_META_SECURITY_SANITY_CHECK = 1 |
| 21 | |
| Richard Marian Thomaiyar | 14fddef | 2018-07-13 23:55:56 +0530 | [diff] [blame] | 22 | This layer provides security tools, hardening tools for Linux kernels |
| 23 | and libraries for implementing security mechanisms. |
| 24 | |
| 25 | Dependencies |
| 26 | ============ |
| 27 | |
| 28 | This layer depends on: |
| 29 | |
| 30 | URI: git://git.openembedded.org/openembedded-core |
| 31 | branch: master |
| Richard Marian Thomaiyar | 14fddef | 2018-07-13 23:55:56 +0530 | [diff] [blame] | 32 | |
| 33 | URI: git://git.openembedded.org/meta-openembedded/meta-oe |
| 34 | branch: master |
| Richard Marian Thomaiyar | 14fddef | 2018-07-13 23:55:56 +0530 | [diff] [blame] | 35 | |
| 36 | URI: git://git.openembedded.org/meta-openembedded/meta-perl |
| 37 | branch: master |
| Richard Marian Thomaiyar | 14fddef | 2018-07-13 23:55:56 +0530 | [diff] [blame] | 38 | |
| Andrew Geissler | 1fe918a | 2020-05-15 14:16:47 -0500 | [diff] [blame] | 39 | URI: git://git.openembedded.org/meta-openembedded/meta-python |
| 40 | branch: master |
| Andrew Geissler | 1fe918a | 2020-05-15 14:16:47 -0500 | [diff] [blame] | 41 | |
| Richard Marian Thomaiyar | 14fddef | 2018-07-13 23:55:56 +0530 | [diff] [blame] | 42 | URI: git://git.openembedded.org/meta-openembedded/meta-networking |
| 43 | branch: master |
| Andrew Geissler | f1e4406 | 2021-04-15 15:52:46 -0500 | [diff] [blame] | 44 | |
| Richard Marian Thomaiyar | 14fddef | 2018-07-13 23:55:56 +0530 | [diff] [blame] | 45 | |
| 46 | Adding the security layer to your build |
| 47 | ======================================== |
| 48 | |
| 49 | In order to use this layer, you need to make the build system aware of |
| 50 | it. |
| 51 | |
| 52 | Assuming the security layer exists at the top-level of your |
| 53 | yocto build tree, you can add it to the build system by adding the |
| 54 | location of the security layer to bblayers.conf, along with any |
| 55 | other layers needed. e.g.: |
| 56 | |
| 57 | BBLAYERS ?= " \ |
| 58 | /path/to/oe-core/meta \ |
| 59 | /path/to/meta-openembedded/meta-oe \ |
| 60 | /path/to/meta-openembedded/meta-perl \ |
| 61 | /path/to/meta-openembedded/meta-python \ |
| 62 | /path/to/meta-openembedded/meta-networking \ |
| Andrew Geissler | f1e4406 | 2021-04-15 15:52:46 -0500 | [diff] [blame] | 63 | /path/to/layer/meta-security " |
| 64 | |
| 65 | Optional Rust dependancy |
| 66 | ====================================== |
| 67 | If you want to use the latest Suricata that needs rust, you will need to clone |
| 68 | |
| 69 | URI: https://github.com/meta-rust/meta-rust.git |
| 70 | branch: master |
| 71 | |
| 72 | BBLAYERS += "/path/to/layer/meta-rust" |
| 73 | |
| 74 | This will activate the dynamic-layer mechanism and pull in the newer suricata |
| 75 | |
| Richard Marian Thomaiyar | 14fddef | 2018-07-13 23:55:56 +0530 | [diff] [blame] | 76 | |
| Richard Marian Thomaiyar | 14fddef | 2018-07-13 23:55:56 +0530 | [diff] [blame] | 77 | |
| 78 | Maintenance |
| Andrew Geissler | f1e4406 | 2021-04-15 15:52:46 -0500 | [diff] [blame] | 79 | ====================================== |
| Richard Marian Thomaiyar | 14fddef | 2018-07-13 23:55:56 +0530 | [diff] [blame] | 80 | |
| Brad Bishop | 5ead1e5 | 2019-12-06 10:10:29 -0500 | [diff] [blame] | 81 | Send pull requests, patches, comments or questions to yocto@lists.yoctoproject.org |
| Richard Marian Thomaiyar | 14fddef | 2018-07-13 23:55:56 +0530 | [diff] [blame] | 82 | |
| 83 | When sending single patches, please using something like: |
| Brad Bishop | 5ead1e5 | 2019-12-06 10:10:29 -0500 | [diff] [blame] | 84 | 'git send-email -1 --to yocto@lists.yoctoproject.org --subject-prefix=meta-security][PATCH' |
| Richard Marian Thomaiyar | 14fddef | 2018-07-13 23:55:56 +0530 | [diff] [blame] | 85 | |
| Brad Bishop | 1932369 | 2019-04-05 15:28:33 -0400 | [diff] [blame] | 86 | These values can be set as defaults for this repository: |
| 87 | |
| Brad Bishop | 5ead1e5 | 2019-12-06 10:10:29 -0500 | [diff] [blame] | 88 | $ git config sendemail.to yocto@lists.yoctoproject.org |
| Brad Bishop | 1932369 | 2019-04-05 15:28:33 -0400 | [diff] [blame] | 89 | $ git config format.subjectPrefix meta-security][PATCH |
| 90 | |
| 91 | Now you can just do 'git send-email origin/master' to send all local patches. |
| 92 | |
| Andrew Geissler | 1fe918a | 2020-05-15 14:16:47 -0500 | [diff] [blame] | 93 | For pull requests, please use create-pull-request and send-pull-request. |
| 94 | |
| Brad Bishop | 1a4b7ee | 2018-12-16 17:11:34 -0800 | [diff] [blame] | 95 | Maintainers: Armin Kuster <akuster808@gmail.com> |
| Richard Marian Thomaiyar | 14fddef | 2018-07-13 23:55:56 +0530 | [diff] [blame] | 96 | |
| 97 | |
| 98 | License |
| 99 | ======= |
| 100 | |
| 101 | All metadata is MIT licensed unless otherwise stated. Source code included |
| 102 | in tree for individual recipes is under the LICENSE stated in each recipe |
| 103 | (.bb file) unless otherwise stated. |