meta-security: subtree update:4c2f7ffd49..e8c9e69c80
Armin Kuster (3):
meta-security: Add gatesgarth to LAYERSERIES_COMPAT
gitlab-ci: add meta-hardening build image
gitlab-ci: add building meta-security-compliance pkgs
Sajjad Ahmed (1):
layer.conf: use += instead of := to update BBFILES
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Id5439f3fdfc88fe3c987ee3c8cb7d3ed6a5a6a22
diff --git a/meta-security/.gitlab-ci.yml b/meta-security/.gitlab-ci.yml
index 50bfe4f..3a1687c 100644
--- a/meta-security/.gitlab-ci.yml
+++ b/meta-security/.gitlab-ci.yml
@@ -136,6 +136,16 @@
script:
- kas build --target security-build-image kas/$CI_JOB_NAME.yml
+qemux86-harden:
+ extends: .build
+ script:
+ - kas build --target harden-image-minimal kas/$CI_JOB_NAME.yml
+
+qemux86-comp:
+ extends: .build
+ script:
+ - kas build --target security-build-image kas/$CI_JOB_NAME.yml
+
qemux86-test:
extends: .build
allow_failure: true
diff --git a/meta-security/conf/layer.conf b/meta-security/conf/layer.conf
index 2c3bd96..8c0254b 100644
--- a/meta-security/conf/layer.conf
+++ b/meta-security/conf/layer.conf
@@ -9,6 +9,6 @@
BBFILE_PATTERN_security = "^${LAYERDIR}/"
BBFILE_PRIORITY_security = "8"
-LAYERSERIES_COMPAT_security = "dunfell"
+LAYERSERIES_COMPAT_security = "gatesgarth"
LAYERDEPENDS_security = "core openembedded-layer perl-layer networking-layer meta-python"
diff --git a/meta-security/kas/kas-security-base.yml b/meta-security/kas/kas-security-base.yml
index 6a77af5..ba0e0f8 100644
--- a/meta-security/kas/kas-security-base.yml
+++ b/meta-security/kas/kas-security-base.yml
@@ -10,6 +10,7 @@
meta-tpm:
meta-integrity:
meta-security-compliance:
+ meta-hardening:
poky:
url: https://git.yoctoproject.org/git/poky
diff --git a/meta-security/kas/qemux86-comp.yml b/meta-security/kas/qemux86-comp.yml
new file mode 100644
index 0000000..14c5dca
--- /dev/null
+++ b/meta-security/kas/qemux86-comp.yml
@@ -0,0 +1,11 @@
+header:
+ version: 8
+ includes:
+ - kas-security-base.yml
+
+local_conf_header:
+ meta-compliance: |
+ IMAGE_INSTALL_append = " lynis"
+ IMAGE_INSTALL_append = " openscap openscap-daemon scap-security-guide"
+
+machine: qemux86
diff --git a/meta-security/kas/qemux86-harden.yml b/meta-security/kas/qemux86-harden.yml
new file mode 100644
index 0000000..fb59dda
--- /dev/null
+++ b/meta-security/kas/qemux86-harden.yml
@@ -0,0 +1,10 @@
+header:
+ version: 8
+ includes:
+ - kas-security-base.yml
+
+local_conf_header:
+ meta-security: |
+ DISTRO = "harden"
+
+machine: qemux86
diff --git a/meta-security/meta-hardening/conf/layer.conf b/meta-security/meta-hardening/conf/layer.conf
index 5896214..22d8874 100644
--- a/meta-security/meta-hardening/conf/layer.conf
+++ b/meta-security/meta-hardening/conf/layer.conf
@@ -8,6 +8,6 @@
BBFILE_PATTERN_harden-layer = "^${LAYERDIR}/"
BBFILE_PRIORITY_harden-layer = "10"
-LAYERSERIES_COMPAT_harden-layer = "dunfell"
+LAYERSERIES_COMPAT_harden-layer = "gatesgarth"
LAYERDEPENDS_harden-layer = "core openembedded-layer"
diff --git a/meta-security/meta-integrity/conf/layer.conf b/meta-security/meta-integrity/conf/layer.conf
index f905b0b..76374eb 100644
--- a/meta-security/meta-integrity/conf/layer.conf
+++ b/meta-security/meta-integrity/conf/layer.conf
@@ -2,8 +2,7 @@
BBPATH =. "${LAYERDIR}:"
# We have a packages directory, add to BBFILES
-BBFILES := "${BBFILES} \
- ${LAYERDIR}/recipes-*/*/*.bb \
+BBFILES += "${LAYERDIR}/recipes-*/*/*.bb \
${LAYERDIR}/recipes-*/*/*.bbappend"
BBFILE_COLLECTIONS += "integrity"
@@ -21,7 +20,7 @@
# interactive shell is enough.
OE_TERMINAL_EXPORTS += "INTEGRITY_BASE"
-LAYERSERIES_COMPAT_integrity = "dunfell"
+LAYERSERIES_COMPAT_integrity = "gatesgarth"
# ima-evm-utils depends on keyutils from meta-oe
LAYERDEPENDS_integrity = "core openembedded-layer"
diff --git a/meta-security/meta-security-compliance/conf/layer.conf b/meta-security/meta-security-compliance/conf/layer.conf
index 965c837..db243f7 100644
--- a/meta-security/meta-security-compliance/conf/layer.conf
+++ b/meta-security/meta-security-compliance/conf/layer.conf
@@ -8,7 +8,7 @@
BBFILE_PATTERN_scanners-layer = "^${LAYERDIR}/"
BBFILE_PRIORITY_scanners-layer = "10"
-LAYERSERIES_COMPAT_scanners-layer = "dunfell"
+LAYERSERIES_COMPAT_scanners-layer = "gatesgarth"
LAYERDEPENDS_scanners-layer = "core openembedded-layer meta-python"
diff --git a/meta-security/meta-security-isafw/conf/layer.conf b/meta-security/meta-security-isafw/conf/layer.conf
index 63f990a..b8ee1c0 100644
--- a/meta-security/meta-security-isafw/conf/layer.conf
+++ b/meta-security/meta-security-isafw/conf/layer.conf
@@ -14,4 +14,4 @@
LAYERDEPENDS_security-isafw = "core"
-LAYERSERIES_COMPAT_security-isafw = "dunfell"
+LAYERSERIES_COMPAT_security-isafw = "gatesgarth"
diff --git a/meta-security/meta-tpm/conf/layer.conf b/meta-security/meta-tpm/conf/layer.conf
index 46d0279..cd62fba 100644
--- a/meta-security/meta-tpm/conf/layer.conf
+++ b/meta-security/meta-tpm/conf/layer.conf
@@ -8,7 +8,7 @@
BBFILE_PATTERN_tpm-layer = "^${LAYERDIR}/"
BBFILE_PRIORITY_tpm-layer = "10"
-LAYERSERIES_COMPAT_tpm-layer = "dunfell"
+LAYERSERIES_COMPAT_tpm-layer = "gatesgarth"
LAYERDEPENDS_tpm-layer = " \
core \