subtree updates: raspberrypi security arm
meta-arm: eb9c47a4e1..9b6c8c95e4:
Abdellatif El Khlifi (1):
CI: append classes to INHERIT in the common fvp.yml
Adam Johnston (1):
arm-bsp/linux-yocto: Update N1SDP PCI quirk patch
Jon Mason (10):
CI: add yml files for defaults
CI: add support for dev kernel, rt kernel, and poky-tiny
arm-bsp/fvp-base: update to u-boot 2023.01
arm-bsp/fvp-base-arm32: remove support
ci: add external-toolchain to qemuarm-secureboot
arm-bsp/optee: remove unused recipes
arm/optee: optee-os include cleanup
arm/optee-os: update to 3.20.0
arm/edk2: update version and relocate edk2-basetools to be with edk2
arm-bsp/fvp-base: Add edk2 build testing
Ross Burton (7):
arm-bsp/linux-arm64-ack: update Upstream-Status tags
CI: add CI_CLEAN_REPOS variable to allow cleaning the repo reference cache
arm/scp-firmware: fix up whitespace
arm/scp-firmware: enable verbose builds
arm/scp-firmware: remove textrel from INSANE_SKIP
arm/scp-firmware: improve debug packaging
CI: mask poky's llvm if we're using clang
Rui Miguel Silva (1):
arm-bsp/optee: bump corstone1000 to v3.20
Satish Kumar (1):
arm-bsp/corstone1000: new gpt based disk layout and fwu metadata
Xueliang Zhong (1):
arm-bsp/n1sdp: update to linux yocto kernel 6.1
meta-security: c06b9a18a6..a397a38ed9:
Armin Kuster (16):
openscap: update to 1.3.6
openscap: update to 1.3.7
openscap git: add DEFAULT_PREFERENCE
python3-fail2ban: update to 1.0.2
python3-privacyidea: update to 3.8.1
libhtp: update to 0.5.42
lkrg-modules: update to 0.9.6
chkrootkit: update to 0.57
fscrypt: update to 1.1.0
libmspack: update to 1.11
firejail: update 0.9.72
suricata: update to 6.0.10
apparmor: update to 3.1.3
krill: update 0.12.3
cryptmout: update to 6.2.0
packagegroup-core-security: refactor the inclusion of krill
Eero Aaltonen (1):
dm-verity-img.bbclass: fix syntax warning
Jose Quaresma (3):
meta-hardening/layer: lower the priority from 10 to 6
meta-security-compliance/layer: lower the priority from 10 to 6
meta-tpm/layer: lower the priority from 10 to 6
Kevin Hao (1):
dm-verity-img.bbclass: Fix the hash offset alignment issue
Mikko Rapeli (1):
ima-evm-utils: disable documentation from build
Paul Gortmaker (3):
dm-verity: update beaglebone wic to match meta-yocto
dm-verity: add basic non-arch/non-BSP yocto specific settings
dm-verity: document board specifics for Beaglebone Black
Peter Marko (1):
tpm2-tss: correct CVE product
meta-raspberrypi: e15b876155..3afdbbf782:
Carlos Alberto Lopez Perez (1):
mesa-demos: enable build with userland graphics drivers.
Khem Raj (6):
linux-raspberrypi: Add recipes for 6.1 kernel
psplash: Make psplash wait for the framebuffer to be ready
rpi-default-versions: Use 6.1 kernel as default
gstreamer1.0-plugins-bad: Drop gpl packageconfig
rpidistro-ffmpeg: Pin to use gcc always
rpidistro-vlc: Fix build with clang16
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Ie6e60085306d31972098b87738eb550e5140b92a
diff --git a/meta-security/recipes-security/fscrypt/fscrypt_1.1.0.bb b/meta-security/recipes-security/fscrypt/fscrypt_1.1.0.bb
new file mode 100644
index 0000000..ea9593b
--- /dev/null
+++ b/meta-security/recipes-security/fscrypt/fscrypt_1.1.0.bb
@@ -0,0 +1,51 @@
+SUMMARY = "fscrypt is a high-level tool for the management of Linux filesystem encryption"
+DESCIPTION = "fscrypt manages metadata, key generation, key wrapping, PAM integration, \
+and provides a uniform interface for creating and modifying encrypted directories. For \
+a small, low-level tool that directly sets policies, see fscryptctl \
+(https://github.com/google/fscryptcl)."
+HOMEPAGE = "https://github.com/google/fscrypt"
+SECTION = "base"
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://src/${GO_IMPORT}/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
+
+# fscrypt depends on go and libpam
+DEPENDS += "go-native libpam"
+
+SRCREV = "7c80c73c084ce9ea49a03b814dac7a82fd7b4c23"
+SRC_URI = "git://github.com/google/fscrypt.git;branch=master;protocol=https"
+
+GO_IMPORT = "import"
+
+inherit go goarch features_check
+
+REQUIRED_DISTRO_FEATURES = "pam"
+
+S = "${WORKDIR}/git"
+
+do_compile() {
+ export GOARCH=${TARGET_GOARCH}
+ export GOROOT="${STAGING_LIBDIR_NATIVE}/${TARGET_SYS}/go"
+ export GOPATH="${WORKDIR}/git"
+
+ # Pass the needed cflags/ldflags so that cgo
+ # can find the needed headers files and libraries
+ export CGO_ENABLED="1"
+ export CGO_CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_TARGET}"
+ export CGO_LDFLAGS="${LDFLAGS} --sysroot=${STAGING_DIR_TARGET}"
+
+ cd ${S}/src/${GO_IMPORT}
+ oe_runmake
+
+ # Golang forces permissions to 0500 on directories and 0400 on files in
+ # the module cache which prevents us from easily cleaning up the build
+ # directory. Let's just fix the permissions here so we don't have to
+ # hack the clean tasks.
+ chmod -R u+w ${S}/pkg/mod
+}
+
+do_install() {
+ install -d ${D}/${bindir}
+ install ${S}/src/${GO_IMPORT}/bin/fscrypt ${D}/${bindir}/fscrypt
+}
+
+BBCLASSEXTEND = "native nativesdk"