Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / 78b727985e7571e0b196561e44427690f04d57d9 / . / meta-security / README
blob: 2d1996b1533f0577cf26d2f123dab620bce8e556 [file] [log] [blame]
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +0530[diff] [blame]1Meta-security
2=============
3
Andrew Geisslera1a6aef2021-06-25 14:23:58 -0500[diff] [blame]4The bbappend files for some recipes (e.g. linux-yocto) in this layer need
5to have 'security' in DISTRO_FEATURES to have effect.
6To enable them, add in configuration file the following line.
7
Patrick Williams213cb262021-08-07 19:21:33 -0500[diff] [blame]8 DISTRO_FEATURES:append = " security"
Andrew Geisslera1a6aef2021-06-25 14:23:58 -0500[diff] [blame]9
10If meta-security is included, but security is not enabled as a
11distro feature a warning is printed at parse time:
12
13 You have included the meta-security layer, but
14 'security' has not been enabled in your DISTRO_FEATURES. Some bbappend files
15 and preferred version setting may not take effect.
16
17If you know what you are doing, this warning can be disabled by setting the following
18variable in your configuration:
19
20 SKIP_META_SECURITY_SANITY_CHECK = 1
21
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +0530[diff] [blame]22This layer provides security tools, hardening tools for Linux kernels
23and libraries for implementing security mechanisms.
24
25Dependencies
26============
27
28This layer depends on:
29
30 URI: git://git.openembedded.org/openembedded-core
Andrew Geissler78b72792022-06-14 06:47:25 -0500[diff] [blame^]31 branch: [same one as checked out for this layer]
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +0530[diff] [blame]32
33 URI: git://git.openembedded.org/meta-openembedded/meta-oe
Andrew Geissler78b72792022-06-14 06:47:25 -0500[diff] [blame^]34 branch: [same one as checked out for this layer]
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +0530[diff] [blame]35
36Adding the security layer to your build
37========================================
38
39In order to use this layer, you need to make the build system aware of
40it.
41
42Assuming the security layer exists at the top-level of your
43yocto build tree, you can add it to the build system by adding the
44location of the security layer to bblayers.conf, along with any
45other layers needed. e.g.:
46
47 BBLAYERS ?= " \
48 /path/to/oe-core/meta \
49 /path/to/meta-openembedded/meta-oe \
Andrew Geisslerf1e44062021-04-15 15:52:46 -0500[diff] [blame]50 /path/to/layer/meta-security "
51
Andrew Geissler78b72792022-06-14 06:47:25 -0500[diff] [blame^]52Optional Dynamic layer dependancy
Andrew Geisslerf1e44062021-04-15 15:52:46 -0500[diff] [blame]53======================================
Andrew Geisslerf1e44062021-04-15 15:52:46 -0500[diff] [blame]54
Andrew Geissler78b72792022-06-14 06:47:25 -0500[diff] [blame^]55 URI: git://git.openembedded.org/meta-openembedded/meta-oe
Andrew Geisslerf1e44062021-04-15 15:52:46 -0500[diff] [blame]56
Andrew Geissler78b72792022-06-14 06:47:25 -0500[diff] [blame^]57 URI: git://git.openembedded.org/meta-openembedded/meta-perl
Andrew Geisslerf1e44062021-04-15 15:52:46 -0500[diff] [blame]58
Andrew Geissler78b72792022-06-14 06:47:25 -0500[diff] [blame^]59 URI: git://git.openembedded.org/meta-openembedded/meta-python
60
61 BBLAYERS += "/path/to/layer/meta-openembedded/meta-oe"
62 BBLAYERS += "/path/to/layer/meta-openembedded/meta-perl"
63 BBLAYERS += "/path/to/layer/meta-openembedded/meta-python"
64
65This will activate the dynamic-layer mechanism.
Andrew Geisslerf1e44062021-04-15 15:52:46 -0500[diff] [blame]66
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +0530[diff] [blame]67
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +0530[diff] [blame]68
69Maintenance
Andrew Geisslerf1e44062021-04-15 15:52:46 -0500[diff] [blame]70======================================
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +0530[diff] [blame]71
Brad Bishop5ead1e52019-12-06 10:10:29 -0500[diff] [blame]72Send pull requests, patches, comments or questions to yocto@lists.yoctoproject.org
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +0530[diff] [blame]73
74When sending single patches, please using something like:
Brad Bishop5ead1e52019-12-06 10:10:29 -0500[diff] [blame]75'git send-email -1 --to yocto@lists.yoctoproject.org --subject-prefix=meta-security][PATCH'
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +0530[diff] [blame]76
Brad Bishop19323692019-04-05 15:28:33 -0400[diff] [blame]77These values can be set as defaults for this repository:
78
Brad Bishop5ead1e52019-12-06 10:10:29 -0500[diff] [blame]79$ git config sendemail.to yocto@lists.yoctoproject.org
Brad Bishop19323692019-04-05 15:28:33 -0400[diff] [blame]80$ git config format.subjectPrefix meta-security][PATCH
81
82Now you can just do 'git send-email origin/master' to send all local patches.
83
Andrew Geissler1fe918a2020-05-15 14:16:47 -0500[diff] [blame]84For pull requests, please use create-pull-request and send-pull-request.
85
Brad Bishop1a4b7ee2018-12-16 17:11:34 -0800[diff] [blame]86Maintainers: Armin Kuster <akuster808@gmail.com>
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +0530[diff] [blame]87
88
89License
90=======
91
92All metadata is MIT licensed unless otherwise stated. Source code included
93in tree for individual recipes is under the LICENSE stated in each recipe
94(.bb file) unless otherwise stated.