meta-security: subtree update:d6baccc068..4c2f7ffd49
Adrian (1):
gitignore added
Armin Kuster (31):
kas: build with ptest. remove apparmor
softHSM: add pkg
packagegroup-core-security: add softHSM
libest: add recipe
packagegroup-core-security: add libest package
opendnssec: add recipe
packagegroup-core-security: add opendnssec to pkg grp
gitlab-ci: allow test to fail
libseccomp: fix ptest failures.
packagegroup-core-security-ptest: remove keyutils-ptest
security-test-image: simplify
packagegroup-core-security-ptest: remove
apparmor: fix build issue with ptest enabled.
security-test-image: tweak to get more tests to runn
apparmor: update to 3.0
packagegroup-core-security: apparmor 3.0 ptest does not build
suricata: fix compiling on gcc10
qemux86-test: add apparmor back
apparmor: fix build for on musl
ecryptfs-utils: fix musl build
libest: fix musl build.
sssd: update to latest ltm 1.16.5
packagegroup-core-security: remove clamav from musl image
suricata: update to 4.1.9
kas: fixup alt configs
gitlab-ci: add qemux86 and qemuarm64 musl builds
tpm2-tss: update to 2.4.3
tpm2-totp: update to 0.2.1
tpm2-abrmd: update to 2.3.3
tpm2-tools: update to 4.3.0
tpm2-pkcs11: update to 1.4.0
Mingli Yu (1):
scap-security-guide: add expat-native to DEPENDS
Naveen Saini (3):
initramfs-framework/dmverity: add retry loop for slow boot devices
wic: add wks.in for intel dm-verity
linux-%/5.x: Add dm-verity fragment as needed
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: If3a721fdd99bb6e35c82cf4e7485f06cebaef905
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/files/0001-remove-local-binary-checkes.patch b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/files/0001-remove-local-binary-checkes.patch
new file mode 100644
index 0000000..9d3f073
--- /dev/null
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/files/0001-remove-local-binary-checkes.patch
@@ -0,0 +1,77 @@
+From 9e3ef6f253f9427596baf3e7d748a79854cadfa9 Mon Sep 17 00:00:00 2001
+From: Armin Kuster <akuster808@gmail.com>
+Date: Wed, 14 Oct 2020 08:55:33 -0700
+Subject: [PATCH] remove local binary checkes
+
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Upsteam-Status: Inappropriate
+These are only needed to run on the tartget so we add an RDPENDS.
+Not needed for building.
+
+---
+ configure.ac | 48 ------------------------------------------------
+ 1 file changed, 48 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 50e7d4b..2b9abcf 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -219,54 +219,6 @@ AX_PROG_JAVAC()
+ AX_PROG_JAVA()
+ m4_popdef([AC_MSG_ERROR])
+
+-AC_CHECK_PROG([tpm2_createprimary], [tpm2_createprimary], [yes], [no])
+- AS_IF([test "x$tpm2_createprimary" != "xyes"],
+- [AC_MSG_ERROR([tpm2_ptool requires tpm2_createprimary, but executable not found.])])
+-
+-AC_CHECK_PROG([tpm2_create], [tpm2_create], [yes], [no])
+- AS_IF([test "x$tpm2_create" != "xyes"],
+- [AC_MSG_ERROR([tpm2_ptool requires tpm2_create, but executable not found.])])
+-
+-AC_CHECK_PROG([tpm2_evictcontrol], [tpm2_evictcontrol], [yes], [no])
+- AS_IF([test "x$tpm2_evictcontrol" != "xyes"],
+- [AC_MSG_ERROR([tpm2_ptool requires tpm2_evictcontrol, but executable not found.])])
+-
+-AC_CHECK_PROG([tpm2_readpublic], [tpm2_readpublic], [yes], [no])
+- AS_IF([test "x$tpm2_readpublic" != "xyes"],
+- [AC_MSG_ERROR([tpm2_ptool requires tpm2_readpublic, but executable not found.])])
+-
+-AC_CHECK_PROG([tpm2_load], [tpm2_load], [yes], [no])
+- AS_IF([test "x$tpm2_load" != "xyes"],
+- [AC_MSG_ERROR([tpm2_ptool requires tpm2_load, but executable not found.])])
+-
+-AC_CHECK_PROG([tpm2_loadexternal], [tpm2_loadexternal], [yes], [no])
+- AS_IF([test "x$tpm2_loadexternal" != "xyes"],
+- [AC_MSG_ERROR([tpm2_ptool requires tpm2_loadexternal, but executable not found.])])
+-
+-AC_CHECK_PROG([tpm2_unseal], [tpm2_unseal], [yes], [no])
+- AS_IF([test "x$tpm2_unseal" != "xyes"],
+- [AC_MSG_ERROR([tpm2_ptool requires tpm2_unseal, but executable not found.])])
+-
+-AC_CHECK_PROG([tpm2_encryptdecrypt], [tpm2_encryptdecrypt], [yes], [no])
+- AS_IF([test "x$tpm2_encryptdecrypt" != "xyes"],
+- [AC_MSG_ERROR([tpm2_ptool requires tpm2_encryptdecrypt, but executable not found.])])
+-
+-AC_CHECK_PROG([tpm2_sign], [tpm2_sign], [yes], [no])
+- AS_IF([test "x$tpm2_sign" != "xyes"],
+- [AC_MSG_ERROR([tpm2_ptool requires tpm2_sign, but executable not found.])])
+-
+-AC_CHECK_PROG([tpm2_getcap], [tpm2_getcap], [yes], [no])
+- AS_IF([test "x$tpm2_getcap" != "xyes"],
+- [AC_MSG_ERROR([tpm2_ptool requires tpm2_getcap, but executable not found.])])
+-
+-AC_CHECK_PROG([tpm2_import], [tpm2_import], [yes], [no])
+- AS_IF([test "x$tpm2_import" != "xyes"],
+- [AC_MSG_ERROR([tpm2_ptool requires tpm2_import, but executable not found.])])
+-
+-AC_CHECK_PROG([tpm2_changeauth], [tpm2_changeauth], [yes], [no])
+- AS_IF([test "x$tpm2_changeauth" != "xyes"],
+- [AC_MSG_ERROR([tpm2_ptool requires tpm2_changeauth, but executable not found.])])
+-
+ AC_DEFUN([integration_test_checks], [
+
+ PKG_CHECK_MODULES([OPENSC_PKCS11],[opensc-pkcs11],,
+--
+2.17.1
+
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.2.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.4.0.bb
similarity index 79%
rename from meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.2.0.bb
rename to meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.4.0.bb
index ce2dac0..4865733 100644
--- a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.2.0.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.4.0.bb
@@ -7,9 +7,10 @@
DEPENDS = "autoconf-archive pkgconfig dstat sqlite3 openssl libtss2-dev tpm2-tools libyaml"
SRC_URI = "git://github.com/tpm2-software/tpm2-pkcs11.git;branch=1.X \
- file://bootstrap_fixup.patch "
+ file://bootstrap_fixup.patch \
+ file://0001-remove-local-binary-checkes.patch"
-SRCREV = "8d8f137f65f1d61d66cc191947b59c378f23e97d"
+SRCREV = "78bbf6a0237351830d0c3923b25ba0b57ae0b7e9"
S = "${WORKDIR}/git"
@@ -18,3 +19,5 @@
do_configure_prepend () {
${S}/bootstrap
}
+
+RDEPNDS_${PN} = "tpm2-tools"