Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / refs/heads/master / . / meta-security / recipes-core / packagegroup / packagegroup-core-security.bb
blob: 3ef77e5ac9f0dcc3c6dfa3ecbe5e4d8cfb45bda1 [file] [log] [blame]
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +0530[diff] [blame]1DESCRIPTION = "Security packagegroup for Poky"
2LICENSE = "MIT"
3LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302 \
4 file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
5
6inherit packagegroup
7
8PACKAGES = "\
9 packagegroup-core-security \
10 packagegroup-security-utils \
11 packagegroup-security-scanners \
Andrew Geisslercc589282020-09-18 13:34:40 -0500[diff] [blame]12 packagegroup-security-audit \
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +0530[diff] [blame]13 packagegroup-security-ids \
14 packagegroup-security-mac \
Patrick Williams520786c2023-06-25 16:20:36 -0500[diff] [blame]15 packagegroup-security-compliance \
Andrew Geisslerd1d22e62020-10-16 10:14:32 -0500[diff] [blame]16 ${@bb.utils.contains("DISTRO_FEATURES", "ptest", "packagegroup-meta-security-ptest-packages", "", d)} \
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +0530[diff] [blame]17 "
18
Patrick Williams213cb262021-08-07 19:21:33 -0500[diff] [blame]19RDEPENDS:packagegroup-core-security = "\
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +0530[diff] [blame]20 packagegroup-security-utils \
21 packagegroup-security-scanners \
Andrew Geisslercc589282020-09-18 13:34:40 -0500[diff] [blame]22 packagegroup-security-audit \
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +0530[diff] [blame]23 packagegroup-security-ids \
24 packagegroup-security-mac \
Patrick Williams520786c2023-06-25 16:20:36 -0500[diff] [blame]25 packagegroup-security-compliance \
Andrew Geisslerd1d22e62020-10-16 10:14:32 -0500[diff] [blame]26 ${@bb.utils.contains("DISTRO_FEATURES", "ptest", "packagegroup-meta-security-ptest-packages", "", d)} \
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +0530[diff] [blame]27 "
28
Patrick Williams213cb262021-08-07 19:21:33 -0500[diff] [blame]29SUMMARY:packagegroup-security-utils = "Security utilities"
30RDEPENDS:packagegroup-security-utils = "\
Patrick Williamsdb4c27e2022-08-05 08:10:29 -0500[diff] [blame]31 bubblewrap \
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +0530[diff] [blame]32 checksec \
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]33 cryptmount \
Andrew Geisslercc589282020-09-18 13:34:40 -0500[diff] [blame]34 ding-libs \
35 ecryptfs-utils \
36 fscryptctl \
Patrick Williams92b42cb2022-09-03 06:53:57 -0500[diff] [blame]37 glome \
Andrew Geisslercc589282020-09-18 13:34:40 -0500[diff] [blame]38 keyutils \
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +0530[diff] [blame]39 nmap \
40 pinentry \
Andrew Geisslerd1d22e62020-10-16 10:14:32 -0500[diff] [blame]41 softhsm \
Andrew Geissler59125e02021-07-23 12:56:22 -0400[diff] [blame]42 sshguard \
Andrew Geisslerb2fe8632020-08-21 15:57:21 -0500[diff] [blame]43 ${@bb.utils.contains_any("TUNE_FEATURES", "riscv32 ", "", " libseccomp",d)} \
Andrew Geissler2daf84b2023-03-31 09:57:23 -0500[diff] [blame]44 ${@bb.utils.contains("DISTRO_FEATURES", "pam", "google-authenticator-libpam", "",d)} \
Andrew Geisslercc589282020-09-18 13:34:40 -0500[diff] [blame]45 ${@bb.utils.contains("DISTRO_FEATURES", "pax", "pax-utils packctl", "",d)} \
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +0530[diff] [blame]46 "
47
Andrew Geissler2daf84b2023-03-31 09:57:23 -0500[diff] [blame]48have_krill = "${@bb.utils.contains("DISTRO_FEATURES", "pam", "krill", "",d)}"
49RDEPENDS:packagegroup-security-utils:append:x86 = " chipsec ${have_krill}"
Patrick Williams2a254922023-08-11 09:48:11 -0500[diff] [blame]50RDEPENDS:packagegroup-security-utils:append:x86-64 = " firejail chipsec ${have_krill}"
51RDEPENDS:packagegroup-security-utils:append:aarch64 = " firejail ${have_krill}"
Patrick Williamsdb4c27e2022-08-05 08:10:29 -0500[diff] [blame]52RDEPENDS:packagegroup-security-utils:remove:libc-musl = "krill"
Andrew Geissler615f2f12022-07-15 14:00:58 -0500[diff] [blame]53
Patrick Williams213cb262021-08-07 19:21:33 -0500[diff] [blame]54SUMMARY:packagegroup-security-scanners = "Security scanners"
55RDEPENDS:packagegroup-security-scanners = "\
Andrew Geissler78b72792022-06-14 06:47:25 -0500[diff] [blame]56 ${@bb.utils.contains_any("TUNE_FEATURES", "riscv32 riscv64", "", " arpwatch",d)} \
57 chkrootkit \
Andrew Geisslercc589282020-09-18 13:34:40 -0500[diff] [blame]58 isic \
William A. Kennington IIIee32beb2021-06-02 12:48:35 -0700[diff] [blame]59 ${@bb.utils.contains_any("TUNE_FEATURES", "riscv32 riscv64", "", " clamav clamav-daemon clamav-freshclam",d)} \
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +0530[diff] [blame]60 "
Patrick Williams213cb262021-08-07 19:21:33 -0500[diff] [blame]61RDEPENDS:packagegroup-security-scanners:remove:libc-musl = "clamav clamav-daemon clamav-freshclam"
Andrew Geissler78b72792022-06-14 06:47:25 -0500[diff] [blame]62RDEPENDS:packagegroup-security-scanners:remove:libc-musl = "arpwatch"
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +0530[diff] [blame]63
Patrick Williams213cb262021-08-07 19:21:33 -0500[diff] [blame]64SUMMARY:packagegroup-security-audit = "Security Audit tools "
65RDEPENDS:packagegroup-security-audit = " \
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +0530[diff] [blame]66 buck-security \
67 redhat-security \
68 "
69
Patrick Williams213cb262021-08-07 19:21:33 -0500[diff] [blame]70SUMMARY:packagegroup-security-ids = "Security Intrusion Detection systems"
71RDEPENDS:packagegroup-security-ids = " \
Brad Bishop1a4b7ee2018-12-16 17:11:34 -0800[diff] [blame]72 samhain-standalone \
Andrew Geisslerd5838332022-05-27 11:33:10 -0500[diff] [blame]73 suricata \
William A. Kennington IIIee32beb2021-06-02 12:48:35 -0700[diff] [blame]74 ossec-hids \
75 aide \
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +0530[diff] [blame]76 "
77
Patrick Williams213cb262021-08-07 19:21:33 -0500[diff] [blame]78RDEPENDS:packagegroup-security-ids:remove:powerpc = "suricata"
79RDEPENDS:packagegroup-security-ids:remove:powerpc64le = "suricata"
80RDEPENDS:packagegroup-security-ids:remove:powerpc64 = "suricata"
81RDEPENDS:packagegroup-security-ids:remove:riscv32 = "suricata"
82RDEPENDS:packagegroup-security-ids:remove:riscv64 = "suricata"
83RDEPENDS:packagegroup-security-ids:remove:libc-musl = "ossec-hids"
Andrew Geisslera1a6aef2021-06-25 14:23:58 -0500[diff] [blame]84
Patrick Williams213cb262021-08-07 19:21:33 -0500[diff] [blame]85SUMMARY:packagegroup-security-mac = "Security Mandatory Access Control systems"
86RDEPENDS:packagegroup-security-mac = " \
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +0530[diff] [blame]87 ${@bb.utils.contains("DISTRO_FEATURES", "tomoyo", "ccs-tools", "",d)} \
Brad Bishop1a4b7ee2018-12-16 17:11:34 -0800[diff] [blame]88 ${@bb.utils.contains("DISTRO_FEATURES", "apparmor", "apparmor", "",d)} \
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +0530[diff] [blame]89 ${@bb.utils.contains("DISTRO_FEATURES", "smack", "smack", "",d)} \
90 "
Andrew Geisslerd1d22e62020-10-16 10:14:32 -0500[diff] [blame]91
Patrick Williams213cb262021-08-07 19:21:33 -0500[diff] [blame]92RDEPENDS:packagegroup-security-mac:remove:mipsarch = "apparmor"
Andrew Geissler5e7fd512021-05-07 16:09:00 -0500[diff] [blame]93
Patrick Williams520786c2023-06-25 16:20:36 -0500[diff] [blame]94SUMMARY:packagegroup-security-compliance = "Security Compliance applications"
95RDEPENDS:packagegroup-security-compliance = " \
96 lynis \
97 openscap \
98 scap-security-guide \
99 os-release \
100 "
101
102RDEPENDS:packagegroup-security-compliance:remove:libc-musl = "openscap scap-security-guide"
103
Patrick Williams213cb262021-08-07 19:21:33 -0500[diff] [blame]104RDEPENDS:packagegroup-meta-security-ptest-packages = "\
Andrew Geisslerd1d22e62020-10-16 10:14:32 -0500[diff] [blame]105 ptest-runner \
106 samhain-standalone-ptest \
Patrick Williams213cb262021-08-07 19:21:33 -0500[diff] [blame]107 ${@bb.utils.contains("BBLAYERS", "meta-rust", "suricata-ptest","", d)} \
Andrew Geisslerd1d22e62020-10-16 10:14:32 -0500[diff] [blame]108 ${@bb.utils.contains("DISTRO_FEATURES", "smack", "smack-ptest", "",d)} \
109"
Patrick Williams213cb262021-08-07 19:21:33 -0500[diff] [blame]110
111RDEPENDS:packagegroup-security-ptest-packages:remove:powerpc = "suricata-ptest"
112RDEPENDS:packagegroup-security-ptest-packages:remove:powerpc64le = "suricata-ptest"
113RDEPENDS:packagegroup-security-ptest-packages:remove:powerpc64 = "suricata-ptest"
114RDEPENDS:packagegroup-security-ptest-packages:remove:riscv32 = "suricata-ptest"
115RDEPENDS:packagegroup-security-ptest-packages:remove:riscv64 = "suricata-ptest"