* [meta-security][PATCH 0/7] Assorted updates 03/07
@ 2026-03-07 10:29 Scott Murray
2026-03-07 10:29 ` [meta-security][PATCH 1/7] suricata: improve PACKAGECONFIG[unittests] control Scott Murray
` (6 more replies)
0 siblings, 7 replies; 8+ messages in thread
From: Scott Murray @ 2026-03-07 10:29 UTC (permalink / raw)
To: yocto-patches
This patch series rolls up the contributed patches from the past few
weeks, plus a nikto fix from myself. These changes are queued on the
master-next branch if you would like to check them out to test yourself.
I intend to merge these to master branch at end of day Monday (Eastern
Time, March 9) unless there are objections.
Scott
Changes:
Clayton Casciato (1):
suricata: improve PACKAGECONFIG[unittests] control
Peter Kjellerstedt (3):
fscrypt: Correct the spelling of DESCRIPTION
fscryptctl: Use ${prefix} rather than /usr
fscryptctl: Correct the spelling of DESCRIPTION
Peter Marko (1):
python3-tpm2-pytss: BBCLASSEXTEND native and nativesdk
Scott Murray (2):
nikto: fix branch
A couple of small CI fixes
.gitlab-ci.yml | 2 +-
.../meta-perl/recipes-security/nikto/nikto_2.1.6.bb | 2 +-
kas/kas-security-base.yml | 2 +-
meta-tpm/recipes-tpm2/tpm2-pytss/python3-tpm2-pytss_2.3.0.bb | 2 ++
recipes-ids/suricata/suricata_7.0.13.bb | 2 +-
recipes-security/fscrypt/fscrypt_1.1.0.bb | 2 +-
recipes-security/fscryptctl/fscryptctl_1.1.0.bb | 4 ++--
7 files changed, 9 insertions(+), 7 deletions(-)
--
2.51.0
^ permalink raw reply [flat|nested] 8+ messages in thread
* [meta-security][PATCH 1/7] suricata: improve PACKAGECONFIG[unittests] control
2026-03-07 10:29 [meta-security][PATCH 0/7] Assorted updates 03/07 Scott Murray
@ 2026-03-07 10:29 ` Scott Murray
2026-03-07 10:29 ` [meta-security][PATCH 2/7] python3-tpm2-pytss: BBCLASSEXTEND native and nativesdk Scott Murray
` (5 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Scott Murray @ 2026-03-07 10:29 UTC (permalink / raw)
To: yocto-patches
From: Clayton Casciato <majortomtosourcecontrol@gmail.com>
Allow downstream users to explicitly select desired PACKAGECONFIG
options (e.g. via "=").
Users are currently forced to use ":remove" (with "ptest").
Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
recipes-ids/suricata/suricata_7.0.13.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/recipes-ids/suricata/suricata_7.0.13.bb b/recipes-ids/suricata/suricata_7.0.13.bb
index b0d2c82..936c057 100644
--- a/recipes-ids/suricata/suricata_7.0.13.bb
+++ b/recipes-ids/suricata/suricata_7.0.13.bb
@@ -46,8 +46,8 @@ PACKAGECONFIG ??= "file \
cap-ng \
net \
${@bb.utils.filter('DISTRO_FEATURES', 'seccomp', d)} \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'ptest', 'unittests', '', d)} \
"
-PACKAGECONFIG:append = " ${@bb.utils.contains('DISTRO_FEATURES', 'ptest', 'unittests', '', d)}"
PACKAGECONFIG[pcre2] = "--with-libpcre2-includes=${STAGING_INCDIR} --with-libpcre2-libraries=${STAGING_LIBDIR}, ,libpcre2 ,"
PACKAGECONFIG[yaml] = "--with-libyaml-includes=${STAGING_INCDIR} --with-libyaml-libraries=${STAGING_LIBDIR}, ,libyaml ,"
--
2.51.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [meta-security][PATCH 2/7] python3-tpm2-pytss: BBCLASSEXTEND native and nativesdk
2026-03-07 10:29 [meta-security][PATCH 0/7] Assorted updates 03/07 Scott Murray
2026-03-07 10:29 ` [meta-security][PATCH 1/7] suricata: improve PACKAGECONFIG[unittests] control Scott Murray
@ 2026-03-07 10:29 ` Scott Murray
2026-03-07 10:29 ` [meta-security][PATCH 3/7] fscrypt: Correct the spelling of DESCRIPTION Scott Murray
` (4 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Scott Murray @ 2026-03-07 10:29 UTC (permalink / raw)
To: yocto-patches
From: Peter Marko <peter.marko@siemens.com>
Commit cd729862f68152bc76db02cd4a93ca12a9424f88 added native/nativesdk
possibility to tpm2-pkcs11.
After 784ca4b6584101e971b2d5d76ec7b716ad1301b5 which added rdepends on
python3-tpm2-pytss, there are errors like:
Missing or unbuildable dependency chain was:
['<image>', 'swtpm-native', 'tpm2-pkcs11-tools-native', 'python3-tpm2-pytss-native']
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
meta-tpm/recipes-tpm2/tpm2-pytss/python3-tpm2-pytss_2.3.0.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta-tpm/recipes-tpm2/tpm2-pytss/python3-tpm2-pytss_2.3.0.bb b/meta-tpm/recipes-tpm2/tpm2-pytss/python3-tpm2-pytss_2.3.0.bb
index 4ddf287..63ed8cf 100644
--- a/meta-tpm/recipes-tpm2/tpm2-pytss/python3-tpm2-pytss_2.3.0.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-pytss/python3-tpm2-pytss_2.3.0.bb
@@ -19,3 +19,5 @@ DEPENDS = " \
"
RDEPENDS:${PN} = "libtss2 python3-asn1crypto"
+
+BBCLASSEXTEND = "native nativesdk"
--
2.51.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [meta-security][PATCH 3/7] fscrypt: Correct the spelling of DESCRIPTION
2026-03-07 10:29 [meta-security][PATCH 0/7] Assorted updates 03/07 Scott Murray
2026-03-07 10:29 ` [meta-security][PATCH 1/7] suricata: improve PACKAGECONFIG[unittests] control Scott Murray
2026-03-07 10:29 ` [meta-security][PATCH 2/7] python3-tpm2-pytss: BBCLASSEXTEND native and nativesdk Scott Murray
@ 2026-03-07 10:29 ` Scott Murray
2026-03-07 10:29 ` [meta-security][PATCH 4/7] fscryptctl: Use ${prefix} rather than /usr Scott Murray
` (3 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Scott Murray @ 2026-03-07 10:29 UTC (permalink / raw)
To: yocto-patches
From: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
recipes-security/fscrypt/fscrypt_1.1.0.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/recipes-security/fscrypt/fscrypt_1.1.0.bb b/recipes-security/fscrypt/fscrypt_1.1.0.bb
index 6ccb8fe..665648c 100644
--- a/recipes-security/fscrypt/fscrypt_1.1.0.bb
+++ b/recipes-security/fscrypt/fscrypt_1.1.0.bb
@@ -1,5 +1,5 @@
SUMMARY = "fscrypt is a high-level tool for the management of Linux filesystem encryption"
-DESCIPTION = "fscrypt manages metadata, key generation, key wrapping, PAM integration, \
+DESCRIPTION = "fscrypt manages metadata, key generation, key wrapping, PAM integration, \
and provides a uniform interface for creating and modifying encrypted directories. For \
a small, low-level tool that directly sets policies, see fscryptctl \
(https://github.com/google/fscryptcl)."
--
2.51.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [meta-security][PATCH 4/7] fscryptctl: Use ${prefix} rather than /usr
2026-03-07 10:29 [meta-security][PATCH 0/7] Assorted updates 03/07 Scott Murray
` (2 preceding siblings ...)
2026-03-07 10:29 ` [meta-security][PATCH 3/7] fscrypt: Correct the spelling of DESCRIPTION Scott Murray
@ 2026-03-07 10:29 ` Scott Murray
2026-03-07 10:29 ` [meta-security][PATCH 5/7] fscryptctl: Correct the spelling of DESCRIPTION Scott Murray
` (2 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Scott Murray @ 2026-03-07 10:29 UTC (permalink / raw)
To: yocto-patches
From: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
recipes-security/fscryptctl/fscryptctl_1.1.0.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/recipes-security/fscryptctl/fscryptctl_1.1.0.bb b/recipes-security/fscryptctl/fscryptctl_1.1.0.bb
index edd6943..81cc1ea 100644
--- a/recipes-security/fscryptctl/fscryptctl_1.1.0.bb
+++ b/recipes-security/fscryptctl/fscryptctl_1.1.0.bb
@@ -18,7 +18,7 @@ do_compile:prepend() {
}
do_install() {
- oe_runmake DESTDIR=${D} PREFIX=/usr install
+ oe_runmake DESTDIR=${D} PREFIX=${prefix} install
}
RRECOMMENDS:${PN} += "\
--
2.51.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [meta-security][PATCH 5/7] fscryptctl: Correct the spelling of DESCRIPTION
2026-03-07 10:29 [meta-security][PATCH 0/7] Assorted updates 03/07 Scott Murray
` (3 preceding siblings ...)
2026-03-07 10:29 ` [meta-security][PATCH 4/7] fscryptctl: Use ${prefix} rather than /usr Scott Murray
@ 2026-03-07 10:29 ` Scott Murray
2026-03-07 10:30 ` [meta-security][PATCH 6/7] nikto: fix branch Scott Murray
2026-03-07 10:30 ` [meta-security][PATCH 7/7] A couple of small CI fixes Scott Murray
6 siblings, 0 replies; 8+ messages in thread
From: Scott Murray @ 2026-03-07 10:29 UTC (permalink / raw)
To: yocto-patches
From: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
recipes-security/fscryptctl/fscryptctl_1.1.0.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/recipes-security/fscryptctl/fscryptctl_1.1.0.bb b/recipes-security/fscryptctl/fscryptctl_1.1.0.bb
index 81cc1ea..4c9b99a 100644
--- a/recipes-security/fscryptctl/fscryptctl_1.1.0.bb
+++ b/recipes-security/fscryptctl/fscryptctl_1.1.0.bb
@@ -1,5 +1,5 @@
SUMMARY = "low-level tool handling Linux filesystem encryption"
-DESCIPTION = "fscryptctl is a low-level tool written in C that handles raw keys and manages \
+DESCRIPTION = "fscryptctl is a low-level tool written in C that handles raw keys and manages \
policies for Linux filesystem encryption (https://lwn.net/Articles/639427). \
For a tool that presents a higher level interface and manages metadata, key \
generation, key wrapping, PAM integration, and passphrase hashing, see \
--
2.51.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [meta-security][PATCH 6/7] nikto: fix branch
2026-03-07 10:29 [meta-security][PATCH 0/7] Assorted updates 03/07 Scott Murray
` (4 preceding siblings ...)
2026-03-07 10:29 ` [meta-security][PATCH 5/7] fscryptctl: Correct the spelling of DESCRIPTION Scott Murray
@ 2026-03-07 10:30 ` Scott Murray
2026-03-07 10:30 ` [meta-security][PATCH 7/7] A couple of small CI fixes Scott Murray
6 siblings, 0 replies; 8+ messages in thread
From: Scott Murray @ 2026-03-07 10:30 UTC (permalink / raw)
To: yocto-patches
Upstream has renamed their master branch to main, adjust SRC_URI to
match.
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
dynamic-layers/meta-perl/recipes-security/nikto/nikto_2.1.6.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dynamic-layers/meta-perl/recipes-security/nikto/nikto_2.1.6.bb b/dynamic-layers/meta-perl/recipes-security/nikto/nikto_2.1.6.bb
index 6d83265..5668f87 100644
--- a/dynamic-layers/meta-perl/recipes-security/nikto/nikto_2.1.6.bb
+++ b/dynamic-layers/meta-perl/recipes-security/nikto/nikto_2.1.6.bb
@@ -7,7 +7,7 @@ LICENSE = "GPL-2.0-only"
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6"
SRCREV = "f1bbd1a8756c076c8fd4f4dd0bc34a8ef215ae79"
-SRC_URI = "git://github.com/sullo/nikto.git;branch=master;protocol=https \
+SRC_URI = "git://github.com/sullo/nikto.git;branch=main;protocol=https \
file://location.patch"
S = "${UNPACKDIR}/${BP}/program"
--
2.51.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [meta-security][PATCH 7/7] A couple of small CI fixes
2026-03-07 10:29 [meta-security][PATCH 0/7] Assorted updates 03/07 Scott Murray
` (5 preceding siblings ...)
2026-03-07 10:30 ` [meta-security][PATCH 6/7] nikto: fix branch Scott Murray
@ 2026-03-07 10:30 ` Scott Murray
6 siblings, 0 replies; 8+ messages in thread
From: Scott Murray @ 2026-03-07 10:30 UTC (permalink / raw)
To: yocto-patches
Change the "poky" layer configuration name to "meta-yocto" in the
KAS configuration so the cloned repo name is less confusing in logs,
and fix a spot where "poky" -> "openembedded-core" had been missed
in the gitlab configuration.
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
.gitlab-ci.yml | 2 +-
kas/kas-security-base.yml | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 80b2dfd..701a65a 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -10,7 +10,7 @@
- mkdir -p $CI_PROJECT_DIR/log/
.after-my-script: &after-my-script
- - cd $CI_PROJECT_DIR/poky
+ - cd $CI_PROJECT_DIR/openembedded-core
- . ./oe-init-build-env $CI_PROJECT_DIR/build
- for x in `ls $CI_PROJECT_DIR/build/tmp/log/error-report/ | grep error_report_`; do
- send-error-report -y tmp/log/error-report/$x
diff --git a/kas/kas-security-base.yml b/kas/kas-security-base.yml
index 2ab81aa..38043f5 100644
--- a/kas/kas-security-base.yml
+++ b/kas/kas-security-base.yml
@@ -23,7 +23,7 @@ repos:
layers:
meta:
- poky:
+ meta-yocto:
url: "https://git.yoctoproject.org/git/meta-yocto"
branch: master
layers:
--
2.51.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
end of thread, other threads:[~2026-03-07 10:30 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-03-07 10:29 [meta-security][PATCH 0/7] Assorted updates 03/07 Scott Murray
2026-03-07 10:29 ` [meta-security][PATCH 1/7] suricata: improve PACKAGECONFIG[unittests] control Scott Murray
2026-03-07 10:29 ` [meta-security][PATCH 2/7] python3-tpm2-pytss: BBCLASSEXTEND native and nativesdk Scott Murray
2026-03-07 10:29 ` [meta-security][PATCH 3/7] fscrypt: Correct the spelling of DESCRIPTION Scott Murray
2026-03-07 10:29 ` [meta-security][PATCH 4/7] fscryptctl: Use ${prefix} rather than /usr Scott Murray
2026-03-07 10:29 ` [meta-security][PATCH 5/7] fscryptctl: Correct the spelling of DESCRIPTION Scott Murray
2026-03-07 10:30 ` [meta-security][PATCH 6/7] nikto: fix branch Scott Murray
2026-03-07 10:30 ` [meta-security][PATCH 7/7] A couple of small CI fixes Scott Murray
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.