From: "akuster" <akuster808@gmail.com>
To: yocto@lists.yoctoproject.org
Subject: [dunfell 00/32] Patch review
Date: Sat, 17 Oct 2020 11:02:57 -0700 [thread overview]
Message-ID: <cover.1602957519.git.akuster@mvista.com> (raw)
From: Armin Kuster <akuster@mvista.com>
These are backports from master or fixes
Please have any feedback by Monday.
Clean build on https://gitlab.com/akuster/meta-security/-/pipelines/203972999
The following changes since commit d4ec0d86b4d906bfeb9355e45926e0e0f84105da:
gitignore added (2020-09-29 07:21:24 -0700)
are available in the Git repository at:
git://git.yoctoproject.org/meta-security dunfell-next
http://git.yoctoproject.org/cgit.cgi//log/?h=dunfell-next
Armin Kuster (13):
gitlab-ci: add support for dunfell
packagegroup-core-security-ptest: update fail2ban ptest pkg name
packagegroup-core-security: remove clamav for riscv*
libsecomp: rv32/rv64 target builds are not supported yet
packagegroup-core-security: remove libseccomp for riscv*
packagegroup-core-security: dont include suricata on riscv or ppc
apparmor: exclude mips64, not supported
apparmor: fix build issue with ptest enabled.
packagegroup-core-security: remove clamav from musl image
ibmswtpm2: fix QA warning
README: updated branch for Dunfell
apparmor: fix issue with older use of shell in make
apparmor: fix QA warning with systemd enabled
Jonatan Pålsson (1):
sssd: Make manpages buildable
Kai Kang (1):
sssd: disable build secrets
Mingli Yu (1):
scap-security-guide: add expat-native to DEPENDS
Naveen Saini (3):
initramfs-framework/dmverity: add retry loop for slow boot devices
wic: add wks.in for intel dm-verity
linux-%/5.x: Add dm-verity fragment as needed
Sajjad Ahmed (1):
layer.conf: use += instead of := to update BBFILES
niko.mauno@vaisala.com (12):
dm-verity-img.bbclass: Fix bashisms
dm-verity-img.bbclass: Reorder parse-time check
dm-verity-image-initramfs: Ensure verity hash sync
dm-verity-image-initramfs: Bind at do_image instead
linux-yocto(-dev): Add dm-verity fragment as needed
dm-verity-img.bbclass: Stage verity.env file
initramfs-framework: Add dmverity module
dm-verity-image-initramfs: Use initramfs-framework
dm-verity-initramfs-image: Cosmetic improvements
dm-verity-image-initramfs: Add base-passwd package
dm-verity-image-initramfs: Drop locales from image
beaglebone-yocto-verity.wks.in: Refer IMGDEPLOYDIR
.gitlab-ci.yml | 144 ++++++++++++++
README | 12 +-
classes/dm-verity-img.bbclass | 22 ++-
kas/kas-security-alt.yml | 8 +
kas/kas-security-base.yml | 64 ++++++
kas/kas-security-dm.yml | 13 ++
kas/qemuarm.yml | 6 +
kas/qemuarm64-alt.yml | 6 +
kas/qemuarm64-ima.yml | 10 +
kas/qemuarm64-multi.yml | 12 ++
kas/qemuarm64-musl.yml | 10 +
kas/qemuarm64-tpm2.yml | 10 +
kas/qemuarm64.yml | 6 +
kas/qemumips64-alt.yml | 10 +
kas/qemumips64-multi.yml | 14 ++
kas/qemumips64.yml | 6 +
kas/qemuppc.yml | 6 +
kas/qemuriscv64.yml | 6 +
kas/qemux86-64-alt.yml | 6 +
kas/qemux86-64-dm-verify.yml | 6 +
kas/qemux86-64-ima.yml | 10 +
kas/qemux86-64-multi.yml | 12 ++
kas/qemux86-64-tpm.yml | 10 +
kas/qemux86-64-tpm2.yml | 10 +
kas/qemux86-64.yml | 6 +
kas/qemux86-ima.yml | 10 +
kas/qemux86-musl.yml | 10 +
kas/qemux86-test.yml | 11 ++
kas/qemux86.yml | 6 +
meta-integrity/README.md | 8 +-
meta-integrity/conf/layer.conf | 3 +-
meta-security-compliance/README | 8 +-
.../scap-security-guide.inc | 2 +-
meta-security-isafw/README.md | 4 +-
meta-tpm/README | 8 +-
.../recipes-tpm2/ibmswtpm2/ibmswtpm2_1563.bb | 3 +-
.../images/dm-verity-image-initramfs.bb | 28 ++-
.../initrdscripts/initramfs-dm-verity.bb | 13 --
.../initramfs-dm-verity/init-dm-verity.sh | 46 -----
.../initramfs-framework/dmverity | 63 ++++++
.../initramfs-framework_1.0.bbappend | 16 ++
recipes-kernel/linux/linux-%_5.%.bbappend | 2 +-
recipes-kernel/linux/linux-yocto-dev.bbappend | 1 +
recipes-kernel/linux/linux-yocto_5.%.bbappend | 1 +
recipes-mac/AppArmor/apparmor_2.13.4.bb | 186 +++++++++---------
...-Don-t-build-syscall_sysctl-if-missi.patch | 96 +++++++++
...-fix-failure-on-older-versions-of-Ma.patch | 40 ++++
.../libseccomp/libseccomp_2.4.3.bb | 3 +
.../packagegroup-core-security-ptest.bb | 2 +-
.../packagegroup-core-security.bb | 9 +-
...AC_CHECK_FILE-when-building-manpages.patch | 34 ++++
recipes-security/sssd/sssd_1.16.4.bb | 11 +-
wic/beaglebone-yocto-verity.wks.in | 2 +-
wic/systemd-bootdisk-dmverity.wks.in | 15 ++
54 files changed, 857 insertions(+), 209 deletions(-)
create mode 100644 .gitlab-ci.yml
create mode 100644 kas/kas-security-alt.yml
create mode 100644 kas/kas-security-base.yml
create mode 100644 kas/kas-security-dm.yml
create mode 100644 kas/qemuarm.yml
create mode 100644 kas/qemuarm64-alt.yml
create mode 100644 kas/qemuarm64-ima.yml
create mode 100644 kas/qemuarm64-multi.yml
create mode 100644 kas/qemuarm64-musl.yml
create mode 100644 kas/qemuarm64-tpm2.yml
create mode 100644 kas/qemuarm64.yml
create mode 100644 kas/qemumips64-alt.yml
create mode 100644 kas/qemumips64-multi.yml
create mode 100644 kas/qemumips64.yml
create mode 100644 kas/qemuppc.yml
create mode 100644 kas/qemuriscv64.yml
create mode 100644 kas/qemux86-64-alt.yml
create mode 100644 kas/qemux86-64-dm-verify.yml
create mode 100644 kas/qemux86-64-ima.yml
create mode 100644 kas/qemux86-64-multi.yml
create mode 100644 kas/qemux86-64-tpm.yml
create mode 100644 kas/qemux86-64-tpm2.yml
create mode 100644 kas/qemux86-64.yml
create mode 100644 kas/qemux86-ima.yml
create mode 100644 kas/qemux86-musl.yml
create mode 100644 kas/qemux86-test.yml
create mode 100644 kas/qemux86.yml
delete mode 100644 recipes-core/initrdscripts/initramfs-dm-verity.bb
delete mode 100644 recipes-core/initrdscripts/initramfs-dm-verity/init-dm-verity.sh
create mode 100644 recipes-core/initrdscripts/initramfs-framework/dmverity
create mode 100644 recipes-core/initrdscripts/initramfs-framework_1.0.bbappend
create mode 100644 recipes-mac/AppArmor/files/0001-regression-tests-Don-t-build-syscall_sysctl-if-missi.patch
create mode 100644 recipes-mac/AppArmor/files/0001-tests-regression-fix-failure-on-older-versions-of-Ma.patch
create mode 100644 recipes-security/sssd/files/0001-build-Don-t-use-AC_CHECK_FILE-when-building-manpages.patch
create mode 100644 wic/systemd-bootdisk-dmverity.wks.in
--
2.17.1
next reply other threads:[~2020-10-17 18:03 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-17 18:02 akuster [this message]
2020-10-17 18:02 ` [dunfell 01/32] gitlab-ci: add support for dunfell akuster
2020-10-17 18:02 ` [dunfell 02/32] packagegroup-core-security-ptest: update fail2ban ptest pkg name akuster
2020-10-17 18:03 ` [dunfell 03/32] packagegroup-core-security: remove clamav for riscv* akuster
2020-10-17 18:03 ` [dunfell 04/32] libsecomp: rv32/rv64 target builds are not supported yet akuster
2020-10-17 18:03 ` [dunfell 05/32] packagegroup-core-security: remove libseccomp for riscv* akuster
2020-10-17 18:03 ` [dunfell 06/32] sssd: disable build secrets akuster
2020-10-17 18:03 ` [dunfell 07/32] sssd: Make manpages buildable akuster
2020-10-17 18:03 ` [dunfell 08/32] dm-verity-img.bbclass: Fix bashisms akuster
2020-10-17 18:03 ` [dunfell 09/32] dm-verity-img.bbclass: Reorder parse-time check akuster
2020-10-17 18:03 ` [dunfell 10/32] dm-verity-image-initramfs: Ensure verity hash sync akuster
2020-10-17 18:03 ` [dunfell 11/32] dm-verity-image-initramfs: Bind at do_image instead akuster
2020-10-17 18:03 ` [dunfell 12/32] linux-yocto(-dev): Add dm-verity fragment as needed akuster
2020-10-17 18:03 ` [dunfell 13/32] dm-verity-img.bbclass: Stage verity.env file akuster
2020-10-17 18:03 ` [dunfell 14/32] initramfs-framework: Add dmverity module akuster
2020-10-17 18:03 ` [dunfell 15/32] dm-verity-image-initramfs: Use initramfs-framework akuster
2020-10-17 18:03 ` [dunfell 16/32] dm-verity-initramfs-image: Cosmetic improvements akuster
2020-10-17 18:03 ` [dunfell 17/32] dm-verity-image-initramfs: Add base-passwd package akuster
2020-10-17 18:03 ` [dunfell 18/32] dm-verity-image-initramfs: Drop locales from image akuster
2020-10-17 18:03 ` [dunfell 19/32] beaglebone-yocto-verity.wks.in: Refer IMGDEPLOYDIR akuster
2020-10-17 18:03 ` [dunfell 20/32] packagegroup-core-security: dont include suricata on riscv or ppc akuster
2020-10-17 18:03 ` [dunfell 21/32] apparmor: exclude mips64, not supported akuster
2020-10-17 18:03 ` [dunfell 22/32] initramfs-framework/dmverity: add retry loop for slow boot devices akuster
2020-10-17 18:03 ` [dunfell 23/32] wic: add wks.in for intel dm-verity akuster
2020-10-17 18:03 ` [dunfell 24/32] linux-%/5.x: Add dm-verity fragment as needed akuster
2020-10-17 18:03 ` [dunfell 25/32] apparmor: fix build issue with ptest enabled akuster
2020-10-17 18:03 ` [dunfell 26/32] packagegroup-core-security: remove clamav from musl image akuster
2020-10-17 18:03 ` [dunfell 27/32] scap-security-guide: add expat-native to DEPENDS akuster
2020-10-17 18:03 ` [dunfell 28/32] layer.conf: use += instead of := to update BBFILES akuster
2020-10-17 18:03 ` [dunfell 29/32] ibmswtpm2: fix QA warning akuster
2020-10-17 18:03 ` [dunfell 30/32] README: updated branch for Dunfell akuster
2020-10-17 18:03 ` [dunfell 31/32] apparmor: fix issue with older use of shell in make akuster
2020-10-17 18:03 ` [dunfell 32/32] apparmor: fix QA warning with systemd enabled akuster
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1602957519.git.akuster@mvista.com \
--to=akuster808@gmail.com \
--cc=yocto@lists.yoctoproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.