summaryrefslogtreecommitdiff
path: root/meta-security
diff options
context:
space:
mode:
authorAndrew Geissler <geissonator@yahoo.com>2020-07-25 00:10:05 +0300
committerAndrew Geissler <geissonator@yahoo.com>2020-07-25 00:10:27 +0300
commit5bea8d8239056487ed7ec39d7b1c319c664dcf68 (patch)
tree46333ed90f5cf2869b61dba854cf567ded9df998 /meta-security
parent5d59ec7e23513a3a7f86280a2610ba3d2123f9a1 (diff)
downloadopenbmc-5bea8d8239056487ed7ec39d7b1c319c664dcf68.tar.xz
meta-security: subtree update:547f552c85..066a04425c
Armin Kuster (9): python3-oauth2client: add recipe python3-privacyidea: adding initial support for mfa strongswan: add bbappends for tpm changes layer.conf: add dynamic-layer for strongswan strongswan: Add bbappends for ima changes meta-integrity: add dynamic-layer for strongswan add gitlab framework and qemu machine kas: add ima, tpm and tpm2 build configs drop ci-build: it is hiding errors Jeremy Puhlman (2): cryptsetup-tpm-incubator: RPROVIDES cryptsetup and cryptsetup-dev packagegroup-security-tpm2: Depend on preferred provider for cryptsetup Zheng Ruoqin (2): ccs-tools:Fix build error when enable multilib. bastille: Deleted redundant inherit to fix error when enable multilib. Signed-off-by: Andrew Geissler <geissonator@yahoo.com> Change-Id: I023e45c8080c3d423cd25cc656da5c1f527295e5
Diffstat (limited to 'meta-security')
-rw-r--r--meta-security/.gitlab-ci.yml86
-rw-r--r--meta-security/kas/kas-security-base.yml57
-rw-r--r--meta-security/kas/qemuarm.yml6
-rw-r--r--meta-security/kas/qemuarm64-ima.yml10
-rw-r--r--meta-security/kas/qemuarm64-tpm2.yml10
-rw-r--r--meta-security/kas/qemuarm64.yml6
-rw-r--r--meta-security/kas/qemumips64.yml6
-rw-r--r--meta-security/kas/qemuppc.yml6
-rw-r--r--meta-security/kas/qemuriscv64.yml6
-rw-r--r--meta-security/kas/qemux86-64-ima.yml10
-rw-r--r--meta-security/kas/qemux86-64-tpm.yml10
-rw-r--r--meta-security/kas/qemux86-64-tpm2.yml10
-rw-r--r--meta-security/kas/qemux86-64.yml6
-rw-r--r--meta-security/kas/qemux86-ima.yml10
-rw-r--r--meta-security/kas/qemux86.yml6
-rw-r--r--meta-security/meta-integrity/conf/layer.conf4
-rw-r--r--meta-security/meta-integrity/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-ima.inc61
-rw-r--r--meta-security/meta-integrity/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan_5.%.bbappend1
-rw-r--r--meta-security/meta-tpm/conf/layer.conf4
-rw-r--r--meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/files/0001-xfrmi-Only-build-if-libcharon-is-built.patch38
-rw-r--r--meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-tpm.inc12
-rw-r--r--meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan_5.%.bbappend1
-rw-r--r--meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb3
-rw-r--r--meta-security/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/cryptsetup-tpm-incubator_0.9.9.bb5
-rw-r--r--meta-security/recipes-mac/ccs-tools/ccs-tools_1.8.4.bb2
-rw-r--r--meta-security/recipes-python/python/python3-oauth2client_4.1.3.bb11
-rw-r--r--meta-security/recipes-security/bastille/bastille_3.2.1.bb2
-rw-r--r--meta-security/recipes-security/mfa/python3-privacyidea_3.3.bb40
-rwxr-xr-xmeta-security/scripts/ci-cleanup.sh7
29 files changed, 432 insertions, 4 deletions
diff --git a/meta-security/.gitlab-ci.yml b/meta-security/.gitlab-ci.yml
new file mode 100644
index 000000000..132eb785c
--- /dev/null
+++ b/meta-security/.gitlab-ci.yml
@@ -0,0 +1,86 @@
+stages:
+ - build
+
+.build:
+ stage: build
+ image: crops/poky
+ before_script:
+ - export PATH=~/.local/bin:$PATH
+ - wget https://bootstrap.pypa.io/get-pip.py
+ - python3 get-pip.py
+ - python3 -m pip install kas
+ - wget -q 'https://downloads.rclone.org/rclone-current-linux-amd64.zip'
+ - unzip -q rclone-current-linux-amd64.zip
+ - mv rclone-*-linux-amd64/rclone ~/.local/bin/
+ - rm -rf rclone-*-linux-amd64*
+ after_script:
+ - rm -rf build
+ - ./scripts/ci-cleanup.sh
+ cache:
+ paths:
+ - layers
+
+qemux86:
+ extends: .build
+ script:
+ - kas build --target security-build-image kas/$CI_JOB_NAME.yml
+
+qemux86-64:
+ extends: .build
+ script:
+ - kas build --target security-build-image kas/$CI_JOB_NAME.yml
+
+qemuarm:
+ extends: .build
+ script:
+ - kas build --target security-build-image kas/$CI_JOB_NAME.yml
+
+qemuarm64:
+ extends: .build
+ script:
+ - kas build --target security-build-image kas/$CI_JOB_NAME.yml
+
+qemuppc:
+ extends: .build
+ script:
+ - kas build --target security-build-image kas/$CI_JOB_NAME.yml
+
+qemumips64:
+ extends: .build
+ script:
+ - kas build --target security-build-image kas/$CI_JOB_NAME.yml
+
+qemuriscv64:
+ extends: .build
+ script:
+ - kas build --target security-build-image kas/$CI_JOB_NAME.yml
+
+qemux86-64-tpm:
+ extends: .build
+ script:
+ - kas build --target security-tpm-image kas/$CI_JOB_NAME.yml
+
+qemux86-64-tpm2:
+ extends: .build
+ script:
+ - kas build --target security-tpm2-image kas/$CI_JOB_NAME.yml
+
+qemuarm64-tpm2:
+ extends: .build
+ script:
+ - kas build --target security-tpm2-image kas/$CI_JOB_NAME.yml
+
+qemux86-ima:
+ extends: .build
+ script:
+ - kas build --target integrity-image-minimal kas/$CI_JOB_NAME.yml
+
+qemux86-64-ima:
+ extends: .build
+ script:
+ - kas build --target integrity-image-minimal kas/$CI_JOB_NAME.yml
+
+qemuarm64-ima:
+ extends: .build
+ script:
+ - kas build --target integrity-image-minimal kas/$CI_JOB_NAME.yml
diff --git a/meta-security/kas/kas-security-base.yml b/meta-security/kas/kas-security-base.yml
new file mode 100644
index 000000000..768390e25
--- /dev/null
+++ b/meta-security/kas/kas-security-base.yml
@@ -0,0 +1,57 @@
+header:
+ version: 8
+
+distro: poky
+
+repos:
+ meta-security:
+ layers:
+ ../meta-security:
+ meta-tpm:
+ meta-integrity:
+ meta-security-compliance:
+
+ poky:
+ url: https://git.yoctoproject.org/git/poky
+ refspec: master
+ layers:
+ meta:
+ meta-poky:
+ meta-yocto-bsp:
+
+ meta-openembedded:
+ url: http://git.openembedded.org/meta-openembedded
+ refspec: master
+ layers:
+ meta-oe:
+ meta-perl:
+ meta-python:
+ meta-networking:
+
+local_conf_header:
+ meta-security: |
+ CONF_VERSION = "1"
+ SOURCE_MIRROR_URL = "http://downloads.yoctoproject.org/mirror/sources/"
+ SSTATE_MIRRORS = "file://.* http://sstate.yoctoproject.org/dev/PATH;downloadfilename=PATH \n"
+ SSTATE_DIR = "/home/srv/sstate/master"
+ DL_DIR = "/home/srv/downloads/master"
+ BB_HASHSERVE = "auto"
+ BB_SIGNATURE_HANDLER = "OEEquivHash"
+
+ diskmon: |
+ BB_DISKMON_DIRS = "\
+ STOPTASKS,${TMPDIR},1G,100K \
+ STOPTASKS,${DL_DIR},1G,100K \
+ STOPTASKS,${SSTATE_DIR},1G,100K \
+ STOPTASKS,/tmp,100M,100K \
+ ABORT,${TMPDIR},100M,1K \
+ ABORT,${DL_DIR},100M,1K \
+ ABORT,${SSTATE_DIR},100M,1K \
+ ABORT,/tmp,10M,1K"
+
+bblayers_conf_header:
+ meta-security: |
+ POKY_BBLAYERS_CONF_VERSION = "2"
+ BBPATH = "${TOPDIR}"
+ BBFILES ?= ""
+
diff --git a/meta-security/kas/qemuarm.yml b/meta-security/kas/qemuarm.yml
new file mode 100644
index 000000000..f51abacf0
--- /dev/null
+++ b/meta-security/kas/qemuarm.yml
@@ -0,0 +1,6 @@
+header:
+ version: 8
+ includes:
+ - kas-security-base.yml
+
+machine: qemuarm
diff --git a/meta-security/kas/qemuarm64-ima.yml b/meta-security/kas/qemuarm64-ima.yml
new file mode 100644
index 000000000..b4784729b
--- /dev/null
+++ b/meta-security/kas/qemuarm64-ima.yml
@@ -0,0 +1,10 @@
+header:
+ version: 8
+ includes:
+ - kas-security-base.yml
+
+local_conf_header:
+ meta-security: |
+ DISTRO_FEATURES_append = " ima"
+
+machine: qemuarm64
diff --git a/meta-security/kas/qemuarm64-tpm2.yml b/meta-security/kas/qemuarm64-tpm2.yml
new file mode 100644
index 000000000..3a8d8fc0d
--- /dev/null
+++ b/meta-security/kas/qemuarm64-tpm2.yml
@@ -0,0 +1,10 @@
+header:
+ version: 8
+ includes:
+ - kas-security-base.yml
+
+local_conf_header:
+ meta-security: |
+ DISTRO_FEATURES_append = " tpm2"
+
+machine: qemuarm64
diff --git a/meta-security/kas/qemuarm64.yml b/meta-security/kas/qemuarm64.yml
new file mode 100644
index 000000000..a0c2d1abb
--- /dev/null
+++ b/meta-security/kas/qemuarm64.yml
@@ -0,0 +1,6 @@
+header:
+ version: 8
+ includes:
+ - kas-security-base.yml
+
+machine: qemuarm64
diff --git a/meta-security/kas/qemumips64.yml b/meta-security/kas/qemumips64.yml
new file mode 100644
index 000000000..64e52f77b
--- /dev/null
+++ b/meta-security/kas/qemumips64.yml
@@ -0,0 +1,6 @@
+header:
+ version: 8
+ includes:
+ - kas-security-base.yml
+
+machine: qemumips64
diff --git a/meta-security/kas/qemuppc.yml b/meta-security/kas/qemuppc.yml
new file mode 100644
index 000000000..3dad81c27
--- /dev/null
+++ b/meta-security/kas/qemuppc.yml
@@ -0,0 +1,6 @@
+header:
+ version: 8
+ includes:
+ - kas-security-base.yml
+
+machine: qemuppc
diff --git a/meta-security/kas/qemuriscv64.yml b/meta-security/kas/qemuriscv64.yml
new file mode 100644
index 000000000..e1b1e4947
--- /dev/null
+++ b/meta-security/kas/qemuriscv64.yml
@@ -0,0 +1,6 @@
+header:
+ version: 8
+ includes:
+ - kas-security-base.yml
+
+machine: qemuriscv64
diff --git a/meta-security/kas/qemux86-64-ima.yml b/meta-security/kas/qemux86-64-ima.yml
new file mode 100644
index 000000000..e64931c17
--- /dev/null
+++ b/meta-security/kas/qemux86-64-ima.yml
@@ -0,0 +1,10 @@
+header:
+ version: 8
+ includes:
+ - kas-security-base.yml
+
+local_conf_header:
+ meta-security: |
+ DISTRO_FEATURES_append = " ima"
+
+machine: qemux86-64
diff --git a/meta-security/kas/qemux86-64-tpm.yml b/meta-security/kas/qemux86-64-tpm.yml
new file mode 100644
index 000000000..565b42327
--- /dev/null
+++ b/meta-security/kas/qemux86-64-tpm.yml
@@ -0,0 +1,10 @@
+header:
+ version: 8
+ includes:
+ - kas-security-base.yml
+
+local_conf_header:
+ meta-security: |
+ DISTRO_FEATURES_append = " tpm"
+
+machine: qemux86-64
diff --git a/meta-security/kas/qemux86-64-tpm2.yml b/meta-security/kas/qemux86-64-tpm2.yml
new file mode 100644
index 000000000..a43693ee9
--- /dev/null
+++ b/meta-security/kas/qemux86-64-tpm2.yml
@@ -0,0 +1,10 @@
+header:
+ version: 8
+ includes:
+ - kas-security-base.yml
+
+local_conf_header:
+ meta-security: |
+ DISTRO_FEATURES_append = " tpm2"
+
+machine: qemux86-64
diff --git a/meta-security/kas/qemux86-64.yml b/meta-security/kas/qemux86-64.yml
new file mode 100644
index 000000000..4ba2b662b
--- /dev/null
+++ b/meta-security/kas/qemux86-64.yml
@@ -0,0 +1,6 @@
+header:
+ version: 8
+ includes:
+ - kas-security-base.yml
+
+machine: qemux86-64
diff --git a/meta-security/kas/qemux86-ima.yml b/meta-security/kas/qemux86-ima.yml
new file mode 100644
index 000000000..6528ba620
--- /dev/null
+++ b/meta-security/kas/qemux86-ima.yml
@@ -0,0 +1,10 @@
+header:
+ version: 8
+ includes:
+ - kas-security-base.yml
+
+local_conf_header:
+ meta-security: |
+ DISTRO_FEATURES_append = " ima"
+
+machine: qemux86
diff --git a/meta-security/kas/qemux86.yml b/meta-security/kas/qemux86.yml
new file mode 100644
index 000000000..83a5353e7
--- /dev/null
+++ b/meta-security/kas/qemux86.yml
@@ -0,0 +1,6 @@
+header:
+ version: 8
+ includes:
+ - kas-security-base.yml
+
+machine: qemux86
diff --git a/meta-security/meta-integrity/conf/layer.conf b/meta-security/meta-integrity/conf/layer.conf
index b4edac383..f905b0be4 100644
--- a/meta-security/meta-integrity/conf/layer.conf
+++ b/meta-security/meta-integrity/conf/layer.conf
@@ -26,3 +26,7 @@ LAYERSERIES_COMPAT_integrity = "dunfell"
LAYERDEPENDS_integrity = "core openembedded-layer"
BBLAYERS_LAYERINDEX_NAME_integrity = "meta-integrity"
+
+BBFILES_DYNAMIC += " \
+networking-layer:${LAYERDIR}/dynamic-layers/meta-networking/recipes-*/*/*.bbappend \
+"
diff --git a/meta-security/meta-integrity/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-ima.inc b/meta-security/meta-integrity/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-ima.inc
new file mode 100644
index 000000000..a45182e51
--- /dev/null
+++ b/meta-security/meta-integrity/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-ima.inc
@@ -0,0 +1,61 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+
+DEPENDS = "libtspi"
+
+SRC_URI_append = " file://0001-xfrmi-Only-build-if-libcharon-is-built.patch"
+
+PACKAGECONFIG += " \
+ aikgen \
+ tpm \
+"
+
+PACKAGECONFIG[tpm] = "--enable-tpm,--disable-tpm,,"
+PACKAGECONFIG[aikgen] = "--enable-aikgen,--disable-aikgen,,"
+
+PACKAGECONFIG_ima += "\
+ imc-test \
+ imv-test \
+ imc-scanner \
+ imv-scanner \
+ imc-os \
+ imv-os \
+ imc-attestation \
+ imv-attestation \
+ tnc-ifmap \
+ tnc-imc \
+ tnc-imv \
+ tnc-pdp \
+ tnccs-11 \
+ tnccs-20 \
+ tnccs-dynamic \
+ "
+
+EXTRA_OECONF += "--with-linux-headers=${STAGING_KERNEL_DIR}"
+
+PACKAGECONFIG[imc-test] = "--enable-imc-test,--disable-imc-test,,"
+PACKAGECONFIG[imc-scanner] = "--enable-imc-scanner,--disable-imc-scanner,,"
+PACKAGECONFIG[imc-os] = "--enable-imc-os,--disable-imc-os,,"
+PACKAGECONFIG[imc-attestation] = "--enable-imc-attestation,--disable-imc-attestation,,"
+PACKAGECONFIG[imc-swima] = "--enable-imc-swima, --disable-imc-swima,,"
+PACKAGECONFIG[imc-hcd] = "--enable-imc-hcd, --disable-imc-hcd,,"
+PACKAGECONFIG[tnc-imc] = "--enable-tnc-imc,--disable-tnc-imc,,"
+
+PACKAGECONFIG[imv-test] = "--enable-imv-test,--disable-imv-test,,"
+PACKAGECONFIG[imv-scanner] = "--enable-imv-scanner,--disable-imv-scanner,,"
+PACKAGECONFIG[imv-os] = "--enable-imv-os,--disable-imv-os,,"
+PACKAGECONFIG[imv-attestation] = "--enable-imv-attestation,--disable-imv-attestation,,"
+PACKAGECONFIG[imv-swima] = "--enable-imv-swima, --disable-imv-swima,,"
+PACKAGECONFIG[imv-hcd] = "--enable-imv-hcd, --disable-imv-hcd,,"
+PACKAGECONFIG[tnc-imv] = "--enable-tnc-imv,--disable-tnc-imv,,"
+
+PACKAGECONFIG[tnc-ifmap] = "--enable-tnc-ifmap,--disable-tnc-ifmap,libxml2,"
+PACKAGECONFIG[tnc-pdp] = "--enable-tnc-pdp,--disable-tnc-pdp,,"
+
+PACKAGECONFIG[tnccs-11] = "--enable-tnccs-11,--disable-tnccs-11,libxml2,"
+PACKAGECONFIG[tnccs-20] = "--enable-tnccs-20,--disable-tnccs-20,,"
+PACKAGECONFIG[tnccs-dynamic] = "--enable-tnccs-dynamic,--disable-tnccs-dynamic,,"
+
+#FILES_${PN} += "${libdir}/ipsec/imcvs/*.so ${datadir}/regid.2004-03.org.strongswan"
+#FILES_${PN}-dbg += "${libdir}/ipsec/imcvs/.debug"
+#FILES_${PN}-dev += "${libdir}/ipsec/imcvs/*.la"
+#FILES_${PN}-staticdev += "${libdir}/ipsec/imcvs/*.a"
diff --git a/meta-security/meta-integrity/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan_5.%.bbappend b/meta-security/meta-integrity/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan_5.%.bbappend
new file mode 100644
index 000000000..4669fd2a1
--- /dev/null
+++ b/meta-security/meta-integrity/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan_5.%.bbappend
@@ -0,0 +1 @@
+require ${@bb.utils.contains('DISTRO_FEATURES', 'imp', 'strongswan-ima.inc', '', d)}
diff --git a/meta-security/meta-tpm/conf/layer.conf b/meta-security/meta-tpm/conf/layer.conf
index c3372c707..46d0279cc 100644
--- a/meta-security/meta-tpm/conf/layer.conf
+++ b/meta-security/meta-tpm/conf/layer.conf
@@ -15,3 +15,7 @@ LAYERDEPENDS_tpm-layer = " \
openembedded-layer \
"
BBLAYERS_LAYERINDEX_NAME_tpm-layer = "meta-tpm"
+
+BBFILES_DYNAMIC += " \
+networking-layer:${LAYERDIR}/dynamic-layers/meta-networking/recipes-*/*/*.bbappend \
+"
diff --git a/meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/files/0001-xfrmi-Only-build-if-libcharon-is-built.patch b/meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/files/0001-xfrmi-Only-build-if-libcharon-is-built.patch
new file mode 100644
index 000000000..825028222
--- /dev/null
+++ b/meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/files/0001-xfrmi-Only-build-if-libcharon-is-built.patch
@@ -0,0 +1,38 @@
+From db772305c6baa01f6c6750be74733e4bfc1d6106 Mon Sep 17 00:00:00 2001
+From: Tobias Brunner <tobias@strongswan.org>
+Date: Tue, 14 Apr 2020 10:44:19 +0200
+Subject: [PATCH] xfrmi: Only build if libcharon is built
+
+The kernel-netlink plugin is only built if libcharon is.
+
+Closes strongswan/strongswan#167.
+
+Upstream-Status: Backport
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+---
+ src/Makefile.am | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+Index: strongswan-5.8.4/src/Makefile.am
+===================================================================
+--- strongswan-5.8.4.orig/src/Makefile.am
++++ strongswan-5.8.4/src/Makefile.am
+@@ -42,6 +42,9 @@ endif
+
+ if USE_LIBCHARON
+ SUBDIRS += libcharon
++if USE_KERNEL_NETLINK
++ SUBDIRS += xfrmi
++endif
+ endif
+
+ if USE_FILE_CONFIG
+@@ -143,7 +146,3 @@ endif
+ if USE_TPM
+ SUBDIRS += tpm_extendpcr
+ endif
+-
+-if USE_KERNEL_NETLINK
+- SUBDIRS += xfrmi
+-endif
diff --git a/meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-tpm.inc b/meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-tpm.inc
new file mode 100644
index 000000000..d8604e116
--- /dev/null
+++ b/meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-tpm.inc
@@ -0,0 +1,12 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+
+DEPENDS = "libtspi"
+
+SRC_URI_append = " file://0001-xfrmi-Only-build-if-libcharon-is-built.patch"
+
+PACKAGECONFIG += "aikgen tpm"
+
+PACKAGECONFIG[tpm] = "--enable-tpm,--disable-tpm,,"
+PACKAGECONFIG[aikgen] = "--enable-aikgen,--disable-aikgen,,"
+
+EXTRA_OECONF += "--with-linux-headers=${STAGING_KERNEL_DIR}"
diff --git a/meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan_5.%.bbappend b/meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan_5.%.bbappend
new file mode 100644
index 000000000..34757bb47
--- /dev/null
+++ b/meta-security/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan_5.%.bbappend
@@ -0,0 +1 @@
+require ${@bb.utils.contains('DISTRO_FEATURES', 'tpm', 'strongswan-tpm.inc', '', d)}
diff --git a/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb b/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb
index 8f5c537b9..a553a63d8 100644
--- a/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb
+++ b/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb
@@ -7,6 +7,7 @@ inherit packagegroup
PACKAGES = "${PN}"
+PREFERRED_PROVIDER_cryptsetup ?= "cryptsetup-tpm-incubator"
SUMMARY_packagegroup-security-tpm2 = "Security TPM 2.0 support"
RDEPENDS_packagegroup-security-tpm2 = " \
tpm2-tools \
@@ -19,5 +20,5 @@ RDEPENDS_packagegroup-security-tpm2 = " \
tpm2-abrmd \
tpm2-pkcs11 \
ibmswtpm2 \
- cryptsetup-tpm-incubator \
+ ${PREFERRED_PROVIDER_cryptsetup} \
"
diff --git a/meta-security/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/cryptsetup-tpm-incubator_0.9.9.bb b/meta-security/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/cryptsetup-tpm-incubator_0.9.9.bb
index b706d1505..261716235 100644
--- a/meta-security/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/cryptsetup-tpm-incubator_0.9.9.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/cryptsetup-tpm-incubator_0.9.9.bb
@@ -36,7 +36,12 @@ FILES_${PN} += "${libdir}/tmpfiles.d"
RDEPENDS_${PN} += "lvm2 libdevmapper"
RRECOMMENDS_${PN} += "lvm2-udevrules"
+RPROVIDES_${PN} = "cryptsetup"
RREPLACES_${PN} = "cryptsetup"
RCONFLICTS_${PN} ="cryptsetup"
+RPROVIDES_${PN}-dev = "cryptsetup-dev"
+RREPLACES_${PN}-dev = "cryptsetup-dev"
+RCONFLICTS_${PN}-dev ="cryptsetup-dev"
+
BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-security/recipes-mac/ccs-tools/ccs-tools_1.8.4.bb b/meta-security/recipes-mac/ccs-tools/ccs-tools_1.8.4.bb
index 2e37c0b3c..79af6a5d1 100644
--- a/meta-security/recipes-mac/ccs-tools/ccs-tools_1.8.4.bb
+++ b/meta-security/recipes-mac/ccs-tools/ccs-tools_1.8.4.bb
@@ -13,7 +13,7 @@ SRC_URI = "http://osdn.dl.sourceforge.jp/tomoyo/49693/${BPN}-${PV}-${DS}.tar.gz"
SRC_URI[md5sum] = "eeee8eb96a7680bfa9c8f6de55502c44"
SRC_URI[sha256sum] = "c358b80a2ea77a9dda79dc2a056dae3acaf3a72fcb8481cfb1cd1f16746324b4"
-S = "${WORKDIR}/${PN}"
+S = "${WORKDIR}/${BPN}"
inherit features_check
diff --git a/meta-security/recipes-python/python/python3-oauth2client_4.1.3.bb b/meta-security/recipes-python/python/python3-oauth2client_4.1.3.bb
new file mode 100644
index 000000000..ca25d1459
--- /dev/null
+++ b/meta-security/recipes-python/python/python3-oauth2client_4.1.3.bb
@@ -0,0 +1,11 @@
+SUMMARY = "Add version info to file paths."
+SECTION = "devel/python"
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=038e1390e94fe637991fa5569daa62bc"
+
+PYPI_PACKAGE = "oauth2client"
+SRC_URI[sha256sum] = "d486741e451287f69568a4d26d70d9acd73a2bbfa275746c535b4209891cccc6"
+
+inherit pypi setuptools3
+
+RDEPENDS_${PN} = "python3-six python3-rsa python3-httplib2 python3-pyasn1 python3-pyasn1-modules"
diff --git a/meta-security/recipes-security/bastille/bastille_3.2.1.bb b/meta-security/recipes-security/bastille/bastille_3.2.1.bb
index e9accb56f..0290cae2e 100644
--- a/meta-security/recipes-security/bastille/bastille_3.2.1.bb
+++ b/meta-security/recipes-security/bastille/bastille_3.2.1.bb
@@ -9,8 +9,6 @@ DEPENDS = "virtual/kernel"
RDEPENDS_${PN} = "perl bash tcl perl-module-getopt-long perl-module-text-wrap lib-perl perl-module-file-path perl-module-mime-base64 perl-module-file-find perl-module-errno perl-module-file-glob perl-module-tie-hash-namedcapture perl-module-file-copy perl-module-english perl-module-exporter perl-module-cwd libcurses-perl coreutils"
FILES_${PN} += "/run/lock/subsys/bastille"
-inherit module-base
-
SRC_URI = "http://sourceforge.net/projects/bastille-linux/files/bastille-linux/3.2.1/Bastille-3.2.1.tar.bz2 \
file://AccountPermission.pm \
file://FileContent.pm \
diff --git a/meta-security/recipes-security/mfa/python3-privacyidea_3.3.bb b/meta-security/recipes-security/mfa/python3-privacyidea_3.3.bb
new file mode 100644
index 000000000..eb6b7eb33
--- /dev/null
+++ b/meta-security/recipes-security/mfa/python3-privacyidea_3.3.bb
@@ -0,0 +1,40 @@
+SUMMARY = "identity, multifactor authentication (OTP), authorization, audit"
+DESCRIPTION = "privacyIDEA is an open solution for strong two-factor authentication like OTP tokens, SMS, smartphones or SSH keys. Using privacyIDEA you can enhance your existing applications like local login (PAM, Windows Credential Provider), VPN, remote access, SSH connections, access to web sites or web portals with a second factor during authentication. Thus boosting the security of your existing applications."
+
+HOMEPAGE = "http://www.privacyidea.org/"
+LICENSE = "AGPL-3.0"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=c0acfa7a8a03b718abee9135bc1a1c55"
+
+PYPI_PACKAGE = "privacyIDEA"
+SRC_URI[sha256sum] = "55fbdd0fdc8957f7fc5b8900453fd9dc294860bae218e53e7fe394d93f982518"
+
+inherit pypi setuptools3
+
+do_install_append () {
+ #install ${D}/var/log/privacyidea
+
+ rm -fr ${D}${libdir}/${PYTHON_DIR}/site-packages/tests
+}
+
+USERADD_PACKAGES = "${PN}"
+GROUPADD_PARAM_${PN} = "--system privacyidea"
+USERADD_PARAM_${PN} = "--system -g privacyidea -o -r -d /opt/${BPN} \
+ --shell /bin/false privacyidea"
+
+FILES_${PN} += " ${datadir}/etc/privacyidea/* ${datadir}/lib/privacyidea/*"
+
+RDEPENDS_${PN} += " bash perl freeradius-mysql freeradius-utils"
+
+RDEPENDS_${PN} += "python3 python3-alembic python3-babel python3-backports-functools-lru-cache python3-bcrypt"
+RDEPENDS_${PN} += "python3-beautifulsoup4 python3-cbor2 python3-certifi python3-cffi python3-chardet"
+RDEPENDS_${PN} += "python3-click python3-configobj python3-croniter python3-cryptography python3-defusedxml"
+RDEPENDS_${PN} += "python3-ecdsa python3-flask python3-flask-babel python3-flask-migrate"
+RDEPENDS_${PN} += "python3-flask-script python3-flask-sqlalchemy python3-flask-versioned"
+RDEPENDS_${PN} += "python3-future python3-httplib2 python3-huey python3-idna python3-ipaddress"
+RDEPENDS_${PN} += "python3-itsdangerous python3-jinja2 python3-ldap python3-lxml python3-mako"
+RDEPENDS_${PN} += "python3-markupsafe python3-netaddr python3-oauth2client python3-passlib python3-pillow"
+RDEPENDS_${PN} += "python3-pyasn1 python3-pyasn1-modules python3-pycparser python3-pyjwt python3-pymysql"
+RDEPENDS_${PN} += "python3-pyopenssl python3-pyrad python3-dateutil python3-editor python3-gnupg"
+RDEPENDS_${PN} += "python3-pytz python3-pyyaml python3-qrcode python3-redis python3-requests python3-rsa"
+RDEPENDS_${PN} += "python3-six python3-smpplib python3-soupsieve python3-soupsieve "
+RDEPENDS_${PN} += "python3-sqlalchemy python3-sqlsoup python3-urllib3 python3-werkzeug"
diff --git a/meta-security/scripts/ci-cleanup.sh b/meta-security/scripts/ci-cleanup.sh
new file mode 100755
index 000000000..df3b68f98
--- /dev/null
+++ b/meta-security/scripts/ci-cleanup.sh
@@ -0,0 +1,7 @@
+#! /bin/bash
+
+set -e
+
+export SSTATE_CACHE_DIR=/home/srv/sstate/master
+
+./poky/scripts/sstate-cache-management.sh -d -y