blob: 4047b86c354a5de02efe4b23817a1942db2369ee [file] [log] [blame]
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +05301Meta-security
2=============
3
Andrew Geisslera1a6aef2021-06-25 14:23:58 -05004The bbappend files for some recipes (e.g. linux-yocto) in this layer need
5to have 'security' in DISTRO_FEATURES to have effect.
6To enable them, add in configuration file the following line.
7
8 DISTRO_FEATURES_append = " security"
9
10If meta-security is included, but security is not enabled as a
11distro feature a warning is printed at parse time:
12
13 You have included the meta-security layer, but
14 'security' has not been enabled in your DISTRO_FEATURES. Some bbappend files
15 and preferred version setting may not take effect.
16
17If you know what you are doing, this warning can be disabled by setting the following
18variable in your configuration:
19
20 SKIP_META_SECURITY_SANITY_CHECK = 1
21
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +053022This layer provides security tools, hardening tools for Linux kernels
23and libraries for implementing security mechanisms.
24
25Dependencies
26============
27
28This layer depends on:
29
30 URI: git://git.openembedded.org/openembedded-core
31 branch: master
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +053032
33 URI: git://git.openembedded.org/meta-openembedded/meta-oe
34 branch: master
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +053035
36 URI: git://git.openembedded.org/meta-openembedded/meta-perl
37 branch: master
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +053038
Andrew Geissler1fe918a2020-05-15 14:16:47 -050039 URI: git://git.openembedded.org/meta-openembedded/meta-python
40 branch: master
Andrew Geissler1fe918a2020-05-15 14:16:47 -050041
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +053042 URI: git://git.openembedded.org/meta-openembedded/meta-networking
43 branch: master
Andrew Geisslerf1e44062021-04-15 15:52:46 -050044
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +053045
46Adding the security layer to your build
47========================================
48
49In order to use this layer, you need to make the build system aware of
50it.
51
52Assuming the security layer exists at the top-level of your
53yocto build tree, you can add it to the build system by adding the
54location of the security layer to bblayers.conf, along with any
55other layers needed. e.g.:
56
57 BBLAYERS ?= " \
58 /path/to/oe-core/meta \
59 /path/to/meta-openembedded/meta-oe \
60 /path/to/meta-openembedded/meta-perl \
61 /path/to/meta-openembedded/meta-python \
62 /path/to/meta-openembedded/meta-networking \
Andrew Geisslerf1e44062021-04-15 15:52:46 -050063 /path/to/layer/meta-security "
64
65Optional Rust dependancy
66======================================
67If you want to use the latest Suricata that needs rust, you will need to clone
68
69 URI: https://github.com/meta-rust/meta-rust.git
70 branch: master
71
72 BBLAYERS += "/path/to/layer/meta-rust"
73
74This will activate the dynamic-layer mechanism and pull in the newer suricata
75
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +053076
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +053077
78Maintenance
Andrew Geisslerf1e44062021-04-15 15:52:46 -050079======================================
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +053080
Brad Bishop5ead1e52019-12-06 10:10:29 -050081Send pull requests, patches, comments or questions to yocto@lists.yoctoproject.org
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +053082
83When sending single patches, please using something like:
Brad Bishop5ead1e52019-12-06 10:10:29 -050084'git send-email -1 --to yocto@lists.yoctoproject.org --subject-prefix=meta-security][PATCH'
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +053085
Brad Bishop19323692019-04-05 15:28:33 -040086These values can be set as defaults for this repository:
87
Brad Bishop5ead1e52019-12-06 10:10:29 -050088$ git config sendemail.to yocto@lists.yoctoproject.org
Brad Bishop19323692019-04-05 15:28:33 -040089$ git config format.subjectPrefix meta-security][PATCH
90
91Now you can just do 'git send-email origin/master' to send all local patches.
92
Andrew Geissler1fe918a2020-05-15 14:16:47 -050093For pull requests, please use create-pull-request and send-pull-request.
94
Brad Bishop1a4b7ee2018-12-16 17:11:34 -080095Maintainers: Armin Kuster <akuster808@gmail.com>
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +053096
97
98License
99=======
100
101All metadata is MIT licensed unless otherwise stated. Source code included
102in tree for individual recipes is under the LICENSE stated in each recipe
103(.bb file) unless otherwise stated.