diff options
author | Andrew Geissler <geissonator@yahoo.com> | 2020-08-21 23:57:21 +0300 |
---|---|---|
committer | Andrew Geissler <geissonator@yahoo.com> | 2020-08-21 23:57:24 +0300 |
commit | b2fe863db1c3690813aab4707203ed8fbcdc7d52 (patch) | |
tree | 27a84d94039171ac770990b7ef9b258e843e3961 /meta-security/recipes-core | |
parent | 9d7e0aa351ef830384ea15f50f9ed0a9cf5ededd (diff) | |
download | openbmc-b2fe863db1c3690813aab4707203ed8fbcdc7d52.tar.xz |
meta-security: subtree update:066a04425c..787ba6faea
Armin Kuster (10):
lynis: update to 3.0.0
security images: Move to recipe-core
security packagegroups: move to recipes-core
packagegroup-security-tpm: add more packages for building
packagegroup-core-security: remove clamav for riscv*
libsecomp: rv32/rv64 target builds are not supported yet
packagegroup-core-security: remove libseccomp for riscv*
libseccomp: update to 2.5.0
packagegroup-core-security: restore riscv64 for libssecomp
trousers: Several Security fixes
Charlie Davies (1):
clamav: add INSTALL_CLAMAV_CVD flag to do_install
Kai Kang (1):
libseccomp: fix cross compile error for mips
Yi Zhao (1):
ibmswtpm2: upgrade 1563 -> 1628
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I0341c0d4cd61fb6ef7db6a29f9fc60de3caa822f
Diffstat (limited to 'meta-security/recipes-core')
6 files changed, 181 insertions, 0 deletions
diff --git a/meta-security/recipes-core/images/security-build-image.bb b/meta-security/recipes-core/images/security-build-image.bb new file mode 100644 index 000000000..a8757f980 --- /dev/null +++ b/meta-security/recipes-core/images/security-build-image.bb @@ -0,0 +1,19 @@ +DESCRIPTION = "A small image for building meta-security packages" + +IMAGE_FEATURES += "ssh-server-openssh" + +IMAGE_INSTALL = "\ + packagegroup-base \ + packagegroup-core-boot \ + packagegroup-core-security \ + os-release" + +IMAGE_LINGUAS ?= " " + +LICENSE = "MIT" + +inherit core-image + +export IMAGE_BASENAME = "security-build-image" + +IMAGE_ROOTFS_EXTRA_SPACE = "5242880" diff --git a/meta-security/recipes-core/images/security-client-image.bb b/meta-security/recipes-core/images/security-client-image.bb new file mode 100644 index 000000000..f4ebc697c --- /dev/null +++ b/meta-security/recipes-core/images/security-client-image.bb @@ -0,0 +1,16 @@ +DESCRIPTION = "A Client side Security example" + +IMAGE_INSTALL = "\ + packagegroup-base \ + packagegroup-core-boot \ + os-release \ + samhain-client \ + ${@bb.utils.contains("DISTRO_FEATURES", "x11", "packagegroup-xfce-base", "", d)}" + +IMAGE_LINGUAS ?= " " + +LICENSE = "MIT" + +inherit core-image + +export IMAGE_BASENAME = "security-client-image" diff --git a/meta-security/recipes-core/images/security-server-image.bb b/meta-security/recipes-core/images/security-server-image.bb new file mode 100644 index 000000000..4927e0ee5 --- /dev/null +++ b/meta-security/recipes-core/images/security-server-image.bb @@ -0,0 +1,19 @@ +DESCRIPTION = "A Serve side image for Security example " + +IMAGE_FEATURES += "ssh-server-openssh" + +IMAGE_INSTALL = "\ + packagegroup-base \ + packagegroup-core-boot \ + samhain-server \ + os-release " + +IMAGE_LINGUAS ?= " " + +LICENSE = "MIT" + +inherit core-image + +export IMAGE_BASENAME = "security-server-image" + +IMAGE_ROOTFS_EXTRA_SPACE = "5242880" diff --git a/meta-security/recipes-core/images/security-test-image.bb b/meta-security/recipes-core/images/security-test-image.bb new file mode 100644 index 000000000..c71d7267d --- /dev/null +++ b/meta-security/recipes-core/images/security-test-image.bb @@ -0,0 +1,33 @@ +DESCRIPTION = "A small image for testing meta-security packages" + +IMAGE_FEATURES += "ssh-server-openssh" + +TEST_SUITES = "ssh ping ptest apparmor clamav samhain sssd tripwire checksec smack suricata" + +INSTALL_CLAMAV_CVD = "1" + +IMAGE_INSTALL = "\ + packagegroup-base \ + packagegroup-core-boot \ + packagegroup-core-security-ptest \ + clamav \ + tripwire \ + checksec \ + suricata \ + samhain-standalone \ + ${@bb.utils.contains("DISTRO_FEATURES", "pam", "sssd", "",d)} \ + ${@bb.utils.contains("DISTRO_FEATURES", "apparmor", "apparmor", "",d)} \ + ${@bb.utils.contains("DISTRO_FEATURES", "smack", "smack-test", "",d)} \ + os-release \ + " + + +IMAGE_LINGUAS ?= " " + +LICENSE = "MIT" + +inherit core-image + +export IMAGE_BASENAME = "security-test-image" + +IMAGE_ROOTFS_EXTRA_SPACE = "5242880" diff --git a/meta-security/recipes-core/packagegroup/packagegroup-core-security-ptest.bb b/meta-security/recipes-core/packagegroup/packagegroup-core-security-ptest.bb new file mode 100644 index 000000000..cf34ded19 --- /dev/null +++ b/meta-security/recipes-core/packagegroup/packagegroup-core-security-ptest.bb @@ -0,0 +1,28 @@ +DESCRIPTION = "Security ptest packagegroup" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302 \ + file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" + +inherit features_check + +REQUIRED_DISTRO_FEATURES = "ptest" + +PACKAGES = "\ + ${PN} \ + " + +ALLOW_EMPTY_${PN} = "1" + +SUMMARY_${PN} = "Security packages with ptests" +RDEPENDS_${PN} = " \ + ptest-runner \ + samhain-standalone-ptest \ + keyutils-ptest \ + libseccomp-ptest \ + python3-scapy-ptest \ + suricata-ptest \ + tripwire-ptest \ + python3-fail2ban-ptest \ + ${@bb.utils.contains("DISTRO_FEATURES", "apparmor", "apparmor-ptest", "",d)} \ + ${@bb.utils.contains("DISTRO_FEATURES", "smack", "smack-ptest", "",d)} \ + " diff --git a/meta-security/recipes-core/packagegroup/packagegroup-core-security.bb b/meta-security/recipes-core/packagegroup/packagegroup-core-security.bb new file mode 100644 index 000000000..c6342fdb2 --- /dev/null +++ b/meta-security/recipes-core/packagegroup/packagegroup-core-security.bb @@ -0,0 +1,66 @@ +DESCRIPTION = "Security packagegroup for Poky" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302 \ + file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" + +inherit packagegroup + +PACKAGES = "\ + packagegroup-core-security \ + packagegroup-security-utils \ + packagegroup-security-scanners \ + packagegroup-security-ids \ + packagegroup-security-mac \ + " + +RDEPENDS_packagegroup-core-security = "\ + packagegroup-security-utils \ + packagegroup-security-scanners \ + packagegroup-security-ids \ + packagegroup-security-mac \ + " + +SUMMARY_packagegroup-security-utils = "Security utilities" +RDEPENDS_packagegroup-security-utils = "\ + checksec \ + nmap \ + pinentry \ + python3-scapy \ + ding-libs \ + keyutils \ + ${@bb.utils.contains_any("TUNE_FEATURES", "riscv32 ", "", " libseccomp",d)} \ + ${@bb.utils.contains("DISTRO_FEATURES", "pam", "sssd", "",d)} \ + ${@bb.utils.contains("DISTRO_FEATURES", "pax", "pax-utils", "",d)} \ + " + +SUMMARY_packagegroup-security-scanners = "Security scanners" +RDEPENDS_packagegroup-security-scanners = "\ + nikto \ + checksecurity \ + ${@bb.utils.contains_any("TUNE_FEATURES", "riscv32 riscv64", "", " clamav clamav-freshclam clamav-cvd",d)} \ + " + +SUMMARY_packagegroup-security-audit = "Security Audit tools " +RDEPENDS_packagegroup-security-audit = " \ + buck-security \ + redhat-security \ + " + +SUMMARY_packagegroup-security-hardening = "Security Hardening tools" +RDEPENDS_packagegroup-security-hardening = " \ + bastille \ + " + +SUMMARY_packagegroup-security-ids = "Security Intrusion Detection systems" +RDEPENDS_packagegroup-security-ids = " \ + tripwire \ + samhain-standalone \ + suricata \ + " + +SUMMARY_packagegroup-security-mac = "Security Mandatory Access Control systems" +RDEPENDS_packagegroup-security-mac = " \ + ${@bb.utils.contains("DISTRO_FEATURES", "tomoyo", "ccs-tools", "",d)} \ + ${@bb.utils.contains("DISTRO_FEATURES", "apparmor", "apparmor", "",d)} \ + ${@bb.utils.contains("DISTRO_FEATURES", "smack", "smack", "",d)} \ + " |