meta-security: subtree update:775870980b..ca9264b1e1
Anton Antonov (4):
Use libest "main" branch instead of "master".
Add meta-parsec layer into meta-security.
Define secure images with parsec-service and parsec-tool included and add the images into gitlab CI
Clearly define clang toolchain in Parsec recipes
Armin Kuster (16):
packagegroup-core-security: drop clamav-cvd
clamav: upgrade 104.0
python3-privacyidea: upgrade 3.5.1 -> 3.5.2
clamav: fix systemd service install
swtpm: now need python-cryptography, pull in layer
swtpm: file pip3 issue
swtpm: fix check for tscd deamon on host
python3-suricata-update: update to 1.2.1
suricata: update to 6.0.2
layer.conf: add dynamic-layer for rust pkg
README: cleanup
.gitlab-ci.yml: reorder to speed up builds
kas-security-base.yml: tweek build vars
gitlab-ci: fine tune order
clamav: remove rest of mirror.dat ref
lkrg-module: Add Linux Kernel Runtime Guard
Ming Liu (2):
meta: drop IMA_POLICY from policy recipes
initramfs-framework-ima: introduce IMA_FORCE
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Ifac35a0d7b7e724f1e30dce5f6634d5d4fc9b5b9
diff --git a/meta-security/recipes-scanners/clamav/clamav_0.101.5.bb b/meta-security/recipes-scanners/clamav/clamav_0.101.5.bb
deleted file mode 100644
index 7dad263..0000000
--- a/meta-security/recipes-scanners/clamav/clamav_0.101.5.bb
+++ /dev/null
@@ -1,174 +0,0 @@
-SUMMARY = "ClamAV anti-virus utility for Unix - command-line interface"
-DESCRIPTION = "ClamAV is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats."
-HOMEPAGE = "http://www.clamav.net/index.html"
-SECTION = "security"
-LICENSE = "LGPL-2.1"
-
-DEPENDS = "libtool db libxml2 openssl zlib curl llvm clamav-native libmspack bison-native"
-DEPENDS_class-native = "db-native openssl-native zlib-native llvm-native curl-native bison-native"
-
-LIC_FILES_CHKSUM = "file://COPYING.LGPL;beginline=2;endline=3;md5=4b89c05acc71195e9a06edfa2fa7d092"
-
-SRCREV = "482fcd413b07e9fd3ef9850e6d01a45f4e187108"
-
-SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=rel/0.101 \
- file://clamd.conf \
- file://freshclam.conf \
- file://volatiles.03_clamav \
- file://tmpfiles.clamav \
- file://${BPN}.service \
- file://freshclam-native.conf \
- "
-
-S = "${WORKDIR}/git"
-
-LEAD_SONAME = "libclamav.so"
-SO_VER = "9.0.4"
-
-inherit autotools pkgconfig useradd systemd multilib_header multilib_script
-
-CLAMAV_UID ?= "clamav"
-CLAMAV_GID ?= "clamav"
-INSTALL_CLAMAV_CVD ?= "1"
-
-CLAMAV_USR_DIR = "${STAGING_DIR_NATIVE}/usr"
-CLAMAV_USR_DIR_class-target = "${STAGING_DIR_HOST}/usr"
-
-PACKAGECONFIG_class-target ?= "ncurses bz2"
-PACKAGECONFIG_class-target += " ${@bb.utils.contains("DISTRO_FEATURES", "ipv6", "ipv6", "", d)}"
-PACKAGECONFIG_class-target += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)}"
-
-PACKAGECONFIG[pcre] = "--with-pcre=${STAGING_LIBDIR}, --without-pcre, libpcre"
-PACKAGECONFIG[json] = "--with-libjson=${STAGING_LIBDIR}, --without-libjson, json-c,"
-PACKAGECONFIG[ipv6] = "--enable-ipv6, --disable-ipv6"
-PACKAGECONFIG[bz2] = "--with-libbz2-prefix=${CLAMAV_USR_DIR}, --disable-bzip2, bzip2"
-PACKAGECONFIG[ncurses] = "--with-libncurses-prefix=${CLAMAV_USR_DIR}, --without-libncurses-prefix, ncurses, "
-PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_unitdir}/system/, --without-systemdsystemunitdir, "
-
-MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/clamav-config ${PN}-cvd:${localstatedir}/lib/clamav/mirrors.dat"
-
-EXTRA_OECONF_CLAMAV = "--without-libcheck-prefix --disable-unrar \
- --disable-mempool \
- --program-prefix="" \
- --disable-zlib-vcheck \
- --with-xml=${CLAMAV_USR_DIR} \
- --with-zlib=${CLAMAV_USR_DIR} \
- --with-openssl=${CLAMAV_USR_DIR} \
- --with-libcurl=${CLAMAV_USR_DIR} \
- --with-system-libmspack=${CLAMAV_USR_DIR} \
- --with-iconv=no \
- --enable-check=no \
- "
-
-EXTRA_OECONF_class-native += "${EXTRA_OECONF_CLAMAV}"
-EXTRA_OECONF_class-target += "--with-user=${CLAMAV_UID} --with-group=${CLAMAV_GID} ${EXTRA_OECONF_CLAMAV}"
-
-do_configure () {
- ${S}/configure ${CONFIGUREOPTS} ${EXTRA_OECONF}
-}
-
-do_configure_class-native () {
- ${S}/configure ${CONFIGUREOPTS} ${EXTRA_OECONF}
-}
-
-do_compile_append_class-target() {
- if [ "${INSTALL_CLAMAV_CVD}" = "1" ]; then
- bbnote "CLAMAV creating cvd"
- install -d ${S}/clamav_db
- ${STAGING_BINDIR_NATIVE}/freshclam --datadir=${S}/clamav_db --config=${WORKDIR}/freshclam-native.conf
- fi
-}
-
-do_install_append_class-target () {
- install -d ${D}/${sysconfdir}
- install -d ${D}/${localstatedir}/lib/clamav
- install -d ${D}${sysconfdir}/clamav ${D}${sysconfdir}/default/volatiles
-
- install -m 644 ${WORKDIR}/clamd.conf ${D}/${sysconfdir}
- install -m 644 ${WORKDIR}/freshclam.conf ${D}/${sysconfdir}
- install -m 0644 ${WORKDIR}/volatiles.03_clamav ${D}${sysconfdir}/default/volatiles/03_clamav
- sed -i -e 's#${STAGING_DIR_HOST}##g' ${D}${libdir}/pkgconfig/libclamav.pc
- rm ${D}/${libdir}/libclamav.so
- if [ "${INSTALL_CLAMAV_CVD}" = "1" ]; then
- install -m 666 ${S}/clamav_db/* ${D}/${localstatedir}/lib/clamav/.
- fi
- if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)};then
- install -D -m 0644 ${WORKDIR}/clamav.service ${D}${systemd_unitdir}/system/clamav.service
- install -d ${D}${sysconfdir}/tmpfiles.d
- install -m 0644 ${WORKDIR}/tmpfiles.clamav ${D}${sysconfdir}/tmpfiles.d/clamav.conf
- fi
- oe_multilib_header clamav-types.h
-}
-
-pkg_postinst_ontarget_${PN} () {
- if command -v systemd-tmpfiles >/dev/null; then
- systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/clamav.conf
- elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then
- ${sysconfdir}/init.d/populate-volatile.sh update
- fi
- mkdir -p ${localstatedir}/lib/clamav
- chown -R ${CLAMAV_UID}:${CLAMAV_GID} ${localstatedir}/lib/clamav
-}
-
-
-PACKAGES = "${PN} ${PN}-dev ${PN}-dbg ${PN}-daemon ${PN}-doc ${PN}-cvd \
- ${PN}-clamdscan ${PN}-freshclam ${PN}-libclamav ${PN}-staticdev"
-
-FILES_${PN} = "${bindir}/clambc ${bindir}/clamscan ${bindir}/clamsubmit \
- ${bindir}/*sigtool ${mandir}/man1/clambc* ${mandir}/man1/clamscan* \
- ${mandir}/man1/sigtool* ${mandir}/man1/clambsubmit* \
- ${docdir}/clamav/* "
-
-FILES_${PN}-clamdscan = " ${bindir}/clamdscan \
- ${docdir}/clamdscan/* \
- ${mandir}/man1/clamdscan* \
- "
-
-FILES_${PN}-daemon = "${bindir}/clamconf ${bindir}/clamdtop ${sbindir}/clamd \
- ${mandir}/man1/clamconf* ${mandir}/man1/clamdtop* \
- ${mandir}/man5/clamd* ${mandir}/man8/clamd* \
- ${sysconfdir}/clamd.conf* \
- ${systemd_unitdir}/system/clamav-daemon/* \
- ${docdir}/clamav-daemon/* ${sysconfdir}/clamav-daemon \
- ${sysconfdir}/logcheck/ignore.d.server/clamav-daemon "
-
-FILES_${PN}-freshclam = "${bindir}/freshclam \
- ${sysconfdir}/freshclam.conf* \
- ${sysconfdir}/clamav ${sysconfdir}/default/volatiles \
- ${sysconfdir}/tmpfiles.d/*.conf \
- ${localstatedir}/lib/clamav \
- ${docdir}/${PN}-freshclam ${mandir}/man1/freshclam.* \
- ${mandir}/man5/freshclam.conf.* \
- ${systemd_unitdir}/system/clamav-freshclam.service"
-
-FILES_${PN}-dev = " ${bindir}/clamav-config ${libdir}/*.la \
- ${libdir}/pkgconfig/*.pc \
- ${mandir}/man1/clamav-config.* \
- ${includedir}/*.h ${docdir}/libclamav* "
-
-FILES_${PN}-staticdev = "${libdir}/*.a"
-
-FILES_${PN}-libclamav = "${libdir}/libclamav.so* ${libdir}/libclammspack.so*\
- ${docdir}/libclamav/* "
-
-FILES_${PN}-doc = "${mandir}/man/* \
- ${datadir}/man/* \
- ${docdir}/* "
-
-FILES_${PN}-cvd = "${localstatedir}/lib/clamav/*.cvd ${localstatedir}/lib/clamav/*.dat"
-
-USERADD_PACKAGES = "${PN}"
-GROUPADD_PARAM_${PN} = "--system ${CLAMAV_UID}"
-USERADD_PARAM_${PN} = "--system -g ${CLAMAV_GID} --home-dir \
- ${localstatedir}/spool/${BPN} \
- --no-create-home --shell /bin/false ${BPN}"
-
-RPROVIDES_${PN} += "${PN}-systemd"
-RREPLACES_${PN} += "${PN}-systemd"
-RCONFLICTS_${PN} += "${PN}-systemd"
-SYSTEMD_SERVICE_${PN} = "${BPN}.service"
-
-RDEPENDS_${PN} = "openssl ncurses-libncurses libxml2 libbz2 ncurses-libtinfo curl libpcre2 clamav-freshclam clamav-libclamav"
-RDEPENDS_${PN}_class-native = ""
-
-BBCLASSEXTEND = "native"
diff --git a/meta-security/recipes-scanners/clamav/clamav_0.104.0.bb b/meta-security/recipes-scanners/clamav/clamav_0.104.0.bb
new file mode 100644
index 0000000..36e498d
--- /dev/null
+++ b/meta-security/recipes-scanners/clamav/clamav_0.104.0.bb
@@ -0,0 +1,148 @@
+SUMMARY = "ClamAV anti-virus utility for Unix - command-line interface"
+DESCRIPTION = "ClamAV is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats."
+HOMEPAGE = "http://www.clamav.net/index.html"
+SECTION = "security"
+LICENSE = "LGPL-2.1"
+
+DEPENDS = "glibc llvm libtool db openssl zlib curl libxml2 bison pcre2 json-c libcheck"
+
+LIC_FILES_CHKSUM = "file://COPYING.txt;beginline=2;endline=3;md5=f7029fbbc5898b273d5902896f7bbe17"
+
+SRCREV = "5553a5e206ceae5d920368baee7d403f823bcb6f"
+
+SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=dev/0.104 \
+ file://clamd.conf \
+ file://freshclam.conf \
+ file://volatiles.03_clamav \
+ file://tmpfiles.clamav \
+ file://${BPN}.service \
+ file://headers_fixup.patch \
+ file://oe_cmake_fixup.patch \
+"
+S = "${WORKDIR}/git"
+
+LEAD_SONAME = "libclamav.so"
+SO_VER = "9.6.0"
+
+BINCONFIG = "${bindir}/clamav-config"
+
+inherit cmake chrpath pkgconfig useradd systemd multilib_header multilib_script
+
+CLAMAV_UID ?= "clamav"
+CLAMAV_GID ?= "clamav"
+
+MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/clamav-config"
+
+EXTRA_OECMAKE = " -DCMAKE_BUILD_TYPE=Release -DOPTIMIZE=ON -DENABLE_JSON_SHARED=OFF \
+ -DCLAMAV_GROUP=${CLAMAV_GID} -DCLAMAV_USER=${CLAMAV_UID} \
+ -DENABLE_TESTS=OFF -DBUILD_SHARED_LIBS=ON \
+ -DDISABLE_MPOOL=ON -DENABLE_FRESHCLAM_DNS_FIX=ON \
+ "
+
+PACKAGECONFIG ?= " clamonacc \
+ ${@bb.utils.contains("DISTRO_FEATURES", "systemd", "systemd", "", d)}"
+
+PACKAGECONFIG[milter] = "-DENABLE_MILTER=ON ,-DENABLE_MILTER=OFF, curl, curl"
+PACKAGECONFIG[clamonacc] = "-DENABLE_CLAMONACC=ON ,-DENABLE_CLAMONACC=OFF,"
+PACKAGECONFIG[unrar] = "-DENABLE_UNRAR=ON ,-DENABLE_UNRAR=OFF,"
+PACKAGECONFIG[systemd] = "-DENABLE_SYSTEMD=ON -DSYSTEMD_UNIT_DIR=${systemd_system_unitdir}, -DENABLE_SYSTEMD=OFF, systemd"
+
+export OECMAKE_C_FLAGS += " -I${STAGING_INCDIR} -L ${RECIPE_SYSROOT}${nonarch_libdir} -L${STAGING_LIBDIR} -lpthread"
+
+do_install_append () {
+ install -d ${D}/${sysconfdir}
+ install -d ${D}/${localstatedir}/lib/clamav
+ install -d ${D}${sysconfdir}/clamav ${D}${sysconfdir}/default/volatiles
+
+ install -m 644 ${WORKDIR}/clamd.conf ${D}/${prefix}/${sysconfdir}
+ install -m 644 ${WORKDIR}/freshclam.conf ${D}/${prefix}/${sysconfdir}
+ install -m 0644 ${WORKDIR}/volatiles.03_clamav ${D}${sysconfdir}/default/volatiles/03_clamav
+ sed -i -e 's#${STAGING_DIR_HOST}##g' ${D}${libdir}/pkgconfig/libclamav.pc
+ rm ${D}/${libdir}/libclamav.so
+ if [ "${INSTALL_CLAMAV_CVD}" = "1" ]; then
+ install -m 666 ${S}/clamav_db/* ${D}/${localstatedir}/lib/clamav/.
+ fi
+
+ rm ${D}/${libdir}/libfreshclam.so
+ rm ${D}/${libdir}/libmspack.so
+
+ if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)};then
+ install -D -m 0644 ${WORKDIR}/clamav.service ${D}${systemd_unitdir}/system/clamav.service
+ install -d ${D}${sysconfdir}/tmpfiles.d
+ install -m 0644 ${WORKDIR}/tmpfiles.clamav ${D}${sysconfdir}/tmpfiles.d/clamav.conf
+ fi
+ oe_multilib_header clamav-types.h
+}
+
+pkg_postinst_ontarget_${PN} () {
+ if command -v systemd-tmpfiles >/dev/null; then
+ systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/clamav.conf
+ elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then
+ ${sysconfdir}/init.d/populate-volatile.sh update
+ fi
+ mkdir -p ${localstatedir}/lib/clamav
+ chown -R ${CLAMAV_UID}:${CLAMAV_GID} ${localstatedir}/lib/clamav
+}
+
+
+PACKAGES = "${PN} ${PN}-dev ${PN}-dbg ${PN}-daemon ${PN}-doc \
+ ${PN}-clamdscan ${PN}-freshclam ${PN}-libclamav ${PN}-staticdev"
+
+FILES_${PN} = "${bindir}/clambc ${bindir}/clamscan ${bindir}/clamsubmit ${sbindir}/clamonacc \
+ ${bindir}/*sigtool ${mandir}/man1/clambc* ${mandir}/man1/clamscan* \
+ ${mandir}/man1/sigtool* ${mandir}/man1/clambsubmit* \
+ ${docdir}/clamav/* ${libdir}/libmspack* "
+
+FILES_${PN}-clamdscan = " ${bindir}/clamdscan \
+ ${docdir}/clamdscan/* \
+ ${mandir}/man1/clamdscan* \
+ "
+
+FILES_${PN}-daemon = "${bindir}/clamconf ${bindir}/clamdtop ${sbindir}/clamd \
+ ${mandir}/man1/clamconf* ${mandir}/man1/clamdtop* \
+ ${mandir}/man5/clamd* ${mandir}/man8/clamd* \
+ ${sysconfdir}/clamd.conf* \
+ /usr/etc/clamd.conf* \
+ ${systemd_unitdir}/system/clamav-daemon/* \
+ ${docdir}/clamav-daemon/* ${sysconfdir}/clamav-daemon \
+ ${sysconfdir}/logcheck/ignore.d.server/clamav-daemon \
+ ${systemd_unitdir}/system/clamav-daemon.service \
+ ${systemd_unitdir}/system/clamav-clamonacc.service \
+ "
+
+FILES_${PN}-freshclam = "${bindir}/freshclam \
+ ${sysconfdir}/freshclam.conf* \
+ /usr/etc/freshclam.conf* \
+ ${sysconfdir}/clamav ${sysconfdir}/default/volatiles \
+ ${sysconfdir}/tmpfiles.d/*.conf \
+ ${localstatedir}/lib/clamav \
+ ${docdir}/${PN}-freshclam ${mandir}/man1/freshclam.* \
+ ${mandir}/man5/freshclam.conf.* \
+ ${systemd_unitdir}/system/clamav-freshclam.service"
+
+FILES_${PN}-dev = " ${bindir}/clamav-config ${libdir}/*.la \
+ ${libdir}/pkgconfig/*.pc \
+ ${mandir}/man1/clamav-config.* \
+ ${includedir}/*.h ${docdir}/libclamav* "
+
+FILES_${PN}-staticdev = "${libdir}/*.a"
+
+FILES_${PN}-libclamav = "${libdir}/libclamav.so* ${libdir}/libclammspack.so* \
+ ${libdir}/libfreshclam.so* ${docdir}/libclamav/* "
+
+FILES_${PN}-doc = "${mandir}/man/* \
+ ${datadir}/man/* \
+ ${docdir}/* "
+
+USERADD_PACKAGES = "${PN}"
+GROUPADD_PARAM_${PN} = "--system ${CLAMAV_UID}"
+USERADD_PARAM_${PN} = "--system -g ${CLAMAV_GID} --home-dir \
+ ${localstatedir}/spool/${BPN} \
+ --no-create-home --shell /bin/false ${BPN}"
+
+RPROVIDES_${PN} += "${PN}-systemd"
+RREPLACES_${PN} += "${PN}-systemd"
+RCONFLICTS_${PN} += "${PN}-systemd"
+SYSTEMD_SERVICE_${PN} = "${BPN}.service"
+
+RDEPENDS_${PN} = "openssl ncurses-libncurses libxml2 libbz2 ncurses-libtinfo curl libpcre2 clamav-freshclam clamav-libclamav"
diff --git a/meta-security/recipes-scanners/clamav/files/headers_fixup.patch b/meta-security/recipes-scanners/clamav/files/headers_fixup.patch
new file mode 100644
index 0000000..9de0a26
--- /dev/null
+++ b/meta-security/recipes-scanners/clamav/files/headers_fixup.patch
@@ -0,0 +1,58 @@
+Fixes checks not needed do to glibc 2.33
+
+Upstream-Status: Pending
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: git/CMakeLists.txt
+===================================================================
+--- git.orig/CMakeLists.txt
++++ git/CMakeLists.txt
+@@ -374,8 +373,6 @@ check_include_file("stdlib.h"
+ check_include_file("string.h" HAVE_STRING_H)
+ check_include_file("strings.h" HAVE_STRINGS_H)
+ check_include_file("sys/cdefs.h" HAVE_SYS_CDEFS_H)
+-check_include_file("sys/dl.h" HAVE_SYS_DL_H)
+-check_include_file("sys/fileio.h" HAVE_SYS_FILIO_H)
+ check_include_file("sys/mman.h" HAVE_SYS_MMAN_H)
+ check_include_file("sys/param.h" HAVE_SYS_PARAM_H)
+ check_include_file("sys/queue.h" HAVE_SYS_QUEUE_H)
+@@ -410,8 +407,6 @@ endif()
+
+ # int-types variants
+ check_include_file("inttypes.h" HAVE_INTTYPES_H)
+-check_include_file("sys/inttypes.h" HAVE_SYS_INTTYPES_H)
+-check_include_file("sys/int_types.h" HAVE_SYS_INT_TYPES_H)
+ check_include_file("stdint.h" HAVE_STDINT_H)
+
+ # this hack required to silence warnings on systems with inttypes.h
+@@ -539,17 +528,11 @@ check_type_size("time_t" SIZEOF_TIME_T)
+ # Checks for library functions.
+ include(CheckSymbolExists)
+ check_symbol_exists(_Exit "stdlib.h" HAVE__EXIT)
+-check_symbol_exists(accept4 "sys/types.h" HAVE_ACCEPT4)
+ check_symbol_exists(snprintf "stdio.h" HAVE_SNPRINTF)
+-check_symbol_exists(stat64 "sys/stat.h" HAVE_STAT64)
+-check_symbol_exists(strcasestr "string.h" HAVE_STRCASESTR)
+ check_symbol_exists(strerror_r "string.h" HAVE_STRERROR_R)
+-check_symbol_exists(strlcat "string.h" HAVE_STRLCAT)
+-check_symbol_exists(strlcpy "string.h" HAVE_STRLCPY)
+ check_symbol_exists(strndup "string.h" HAVE_STRNDUP)
+ check_symbol_exists(strnlen "string.h" HAVE_STRNLEN)
+-check_symbol_exists(strnstr "string.h" HAVE_STRNSTR)
+-check_symbol_exists(sysctlbyname "sysctl.h" HAVE_SYSCTLBYNAME)
++check_symbol_exists(strcasecmp "string.h" HAVE_STRNCMP)
+ check_symbol_exists(timegm "time.h" HAVE_TIMEGM)
+ check_symbol_exists(vsnprintf "stdio.h" HAVE_VSNPRINTF)
+
+@@ -563,10 +546,9 @@ else()
+ check_symbol_exists(fseeko "stdio.h" HAVE_FSEEKO)
+ check_symbol_exists(getaddrinfo "netdb.h" HAVE_GETADDRINFO)
+ check_symbol_exists(getpagesize "unistd.h" HAVE_GETPAGESIZE)
+- check_symbol_exists(mkstemp "unistd.h" HAVE_MKSTEMP)
+ check_symbol_exists(poll "poll.h" HAVE_POLL)
+- check_symbol_exists(setgroups "unistd.h" HAVE_SETGROUPS)
+ check_symbol_exists(setsid "unistd.h" HAVE_SETSID)
++ set(HAVE_SYSCONF_SC_PAGESIZE 1)
+ endif()
+
+ include(CheckSymbolExists)
diff --git a/meta-security/recipes-scanners/clamav/files/oe_cmake_fixup.patch b/meta-security/recipes-scanners/clamav/files/oe_cmake_fixup.patch
new file mode 100644
index 0000000..b284915
--- /dev/null
+++ b/meta-security/recipes-scanners/clamav/files/oe_cmake_fixup.patch
@@ -0,0 +1,39 @@
+Issue with rpath including /usr/lib and crosscompile checkes causing oe configure to fail
+
+Use oe's cmake rpath framework and exclude some of the cmake checks that fail in our env
+
+Upstream-Status: Inappropriate [configuration]
+Singed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: git/CMakeLists.txt
+===================================================================
+--- git.orig/CMakeLists.txt
++++ git/CMakeLists.txt
+@@ -162,12 +162,6 @@ endif()
+
+ include(GNUInstallDirs)
+
+-if(CMAKE_INSTALL_FULL_LIBDIR)
+- set(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_FULL_LIBDIR}")
+-else()
+- set(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_PREFIX}/lib")
+-endif()
+-
+ if(C_LINUX)
+ if(CMAKE_COMPILER_IS_GNUCXX)
+ # Set _GNU_SOURCE for O_LARGEFILE, O_CLOEXEC, O_DIRECTORY, O_NOFOLLOW, etc flags on older systems
+@@ -512,14 +506,8 @@ include(TestInline)
+ include(CheckFileOffsetBits)
+ # Determine how to pack structs on this platform.
+ include(CheckStructPacking)
+-# Check for signed right shift implementation.
+-include(CheckSignedRightShift)
+ # Check if systtem fts implementation available
+ include(CheckFTS)
+-# Check if uname(2) follows POSIX standard.
+-include(CheckUnamePosix)
+-# Check support for file descriptor passing
+-include(CheckFDPassing)
+
+ # Check if big-endian
+ include(TestBigEndian)