[yocto] yocto Digest, Vol 97, Issue 86
ephraim ben-ishai
ephraim4321 at gmail.com
Mon Oct 29 02:50:49 PDT 2018
On Sun, Oct 28, 2018, 20:54 <yocto-request at yoctoproject.org> wrote:
> Send yocto mailing list submissions to
> yocto at yoctoproject.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.yoctoproject.org/listinfo/yocto
> or, via email, send a message with subject or body 'help' to
> yocto-request at yoctoproject.org
>
> You can reach the person managing the list at
> yocto-owner at yoctoproject.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of yocto digest..."
>
>
> Today's Topics:
>
> 1. [meta-security][PATCH 02/13] tpm2-abrmd: update to 2.0.2
> (Armin Kuster)
> 2. [meta-security][PATCH 03/13] packagegroup-security-tpm2: add
> and remove packages (Armin Kuster)
> 3. [meta-security][PATCH 05/13] packagegroup-core-security: add
> few more ptest packages (Armin Kuster)
> 4. [meta-security][PATCH 04/13] swtpm: switch to stable branch
> and clean up recipe (Armin Kuster)
> 5. [meta-security][PATCH 06/13] suricata: add ptest (Armin Kuster)
> 6. [meta-security][PATCH 07/13] packagegroup-core-security: add
> suricata-ptest (Armin Kuster)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sun, 28 Oct 2018 18:50:17 +0000
> From: Armin Kuster <akuster808 at gmail.com>
> To: yocto at yoctoproject.org
> Subject: [yocto] [meta-security][PATCH 02/13] tpm2-abrmd: update to
> 2.0.2
> Message-ID: <1540752628-10832-2-git-send-email-akuster808 at gmail.com>
>
> Signed-off-by: Armin Kuster <akuster808 at gmail.com>
> ---
> .../tpm2-abrmd/{tpm2-abrmd_2.0.1.bb => tpm2-abrmd_2.0.2.bb} | 9
> ++++-----
> .../{tpm2simulator-native_138.bb => tpm2simulator_138.bb} | 0
> 2 files changed, 4 insertions(+), 5 deletions(-)
> rename meta-tpm/recipes-tpm/tpm2-abrmd/{tpm2-abrmd_2.0.1.bb =>
> tpm2-abrmd_2.0.2.bb} (86%)
> rename meta-tpm/recipes-tpm/tpm2simulator/{tpm2simulator-native_138.bb
> => tpm2simulator_138.bb} (100%)
>
> diff --git a/meta-tpm/recipes-tpm/tpm2-abrmd/tpm2-abrmd_2.0.1.bb
> b/meta-tpm/recipes-tpm/tpm2-abrmd/tpm2-abrmd_2.0.2.bb
> similarity index 86%
> rename from meta-tpm/recipes-tpm/tpm2-abrmd/tpm2-abrmd_2.0.1.bb
> rename to meta-tpm/recipes-tpm/tpm2-abrmd/tpm2-abrmd_2.0.2.bb
> index 31e90f8..951556d 100644
> --- a/meta-tpm/recipes-tpm/tpm2-abrmd/tpm2-abrmd_2.0.1.bb
> +++ b/meta-tpm/recipes-tpm/tpm2-abrmd/tpm2-abrmd_2.0.2.bb
> @@ -9,15 +9,16 @@ SECTION = "security/tpm"
> LICENSE = "BSD-2-Clause"
> LIC_FILES_CHKSUM =
> "file://${S}/LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da"
>
> -DEPENDS += "autoconf-archive dbus glib-2.0 pkgconfig tpm2.0-tss
> glib-2.0-native \
> +DEPENDS = "autoconf-archive dbus glib-2.0 tpm2.0-tss glib-2.0-native \
> libtss2 libtss2-mu libtss2-tcti-device libtss2-tcti-mssim"
>
> +
> SRC_URI = "\
> git://github.com/01org/tpm2-abrmd.git \
> file://tpm2-abrmd-init.sh \
> file://tpm2-abrmd.default \
> "
> -SRCREV = "80f8966b90d6394ad568e362d2936b333c2822bb"
> +SRCREV = "d0120ace58d97bc9520c0d558657eaca87ae73b1"
>
> S = "${WORKDIR}/git"
>
> @@ -34,9 +35,7 @@ USERADD_PACKAGES = "${PN}"
> GROUPADD_PARAM_${PN} = "tss"
> USERADD_PARAM_${PN} = "--system -M -d /var/lib/tpm -s /bin/false -g tss
> tss"
>
> -PACKAGECONFIG ?="udev"
> -PACKAGECONFIG +=
> "${@bb.utils.contains('DISTRO_FEATURES','systemd','systemd', '', d)}"
> -
> +PACKAGECONFIG
> ?="${@bb.utils.contains('DISTRO_FEATURES','systemd','systemd', '', d)}"
> PACKAGECONFIG[systemd] =
> "--with-systemdsystemunitdir=${systemd_system_unitdir},
> --with-systemdsystemunitdir=no"
>
> do_install_append() {
> diff --git a/meta-tpm/recipes-tpm/tpm2simulator/
> tpm2simulator-native_138.bb b/meta-tpm/recipes-tpm/tpm2simulator/
> tpm2simulator_138.bb
> similarity index 100%
> rename from meta-tpm/recipes-tpm/tpm2simulator/tpm2simulator-native_138.bb
> rename to meta-tpm/recipes-tpm/tpm2simulator/tpm2simulator_138.bb
> --
> 2.7.4
>
>
>
> ------------------------------
>
> Message: 2
> Date: Sun, 28 Oct 2018 18:50:18 +0000
> From: Armin Kuster <akuster808 at gmail.com>
> To: yocto at yoctoproject.org
> Subject: [yocto] [meta-security][PATCH 03/13]
> packagegroup-security-tpm2: add and remove packages
> Message-ID: <1540752628-10832-3-git-send-email-akuster808 at gmail.com>
>
> Signed-off-by: Armin Kuster <akuster808 at gmail.com>
> ---
> meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/meta-tpm/recipes-core/packagegroup/
> packagegroup-security-tpm2.bb b/meta-tpm/recipes-core/packagegroup/
> packagegroup-security-tpm2.bb
> index 099e01c..c4c8fb2 100644
> --- a/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb
> +++ b/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb
> @@ -1,4 +1,4 @@
> -DESCRIPTION = "Security packagegroup for Poky"
> +DESCRIPTION = "TPM2 packagegroup for Security"
> LICENSE = "MIT"
> LIC_FILES_CHKSUM =
> "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302 \
>
> file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
> @@ -14,5 +14,5 @@ RDEPENDS_packagegroup-security-tpm2 = " \
> libtss2 \
> libtss2-tcti-device \
> libtss2-tcti-mssim \
> - resourcemgr \
> + tpm2-abrmd \
> "
> --
> 2.7.4
>
>
>
> ------------------------------
>
> Message: 3
> Date: Sun, 28 Oct 2018 18:50:20 +0000
> From: Armin Kuster <akuster808 at gmail.com>
> To: yocto at yoctoproject.org
> Subject: [yocto] [meta-security][PATCH 05/13]
> packagegroup-core-security: add few more ptest packages
> Message-ID: <1540752628-10832-5-git-send-email-akuster808 at gmail.com>
>
> Signed-off-by: Armin Kuster <akuster808 at gmail.com>
> ---
> recipes-security/packagegroup/packagegroup-core-security.bb | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/recipes-security/packagegroup/packagegroup-core-security.bb
> b/recipes-security/packagegroup/packagegroup-core-security.bb
> index 653d87b..9cf233f 100644
> --- a/recipes-security/packagegroup/packagegroup-core-security.bb
> +++ b/recipes-security/packagegroup/packagegroup-core-security.bb
> @@ -65,7 +65,7 @@ RDEPENDS_packagegroup-security-ids = " \
> SUMMARY_packagegroup-security-mac = "Security Mandatory Access Control
> systems"
> RDEPENDS_packagegroup-security-mac = " \
> ${@bb.utils.contains("DISTRO_FEATURES", "tomoyo", "ccs-tools", "",d)}
> \
> - ${@bb.utils.contains("DISTRO_FEATURES", "apparmor", "", "",d)} \
> + ${@bb.utils.contains("DISTRO_FEATURES", "apparmor", "apparmor",
> "",d)} \
> ${@bb.utils.contains("DISTRO_FEATURES", "smack", "smack", "",d)} \
> "
>
> @@ -76,5 +76,7 @@ RDEPENDS_packagegroup-security-ptest = " \
> keyutils-ptest \
> libseccomp-ptest \
> python-scapy-ptest \
> + ${@bb.utils.contains("DISTRO_FEATURES", "apparmor", "apparmor-ptest",
> "",d)} \
> + ${@bb.utils.contains("DISTRO_FEATURES", "smack", "smack-ptest",
> "",d)} \
> ptest-runner \
> "
> --
> 2.7.4
>
>
>
> ------------------------------
>
> Message: 4
> Date: Sun, 28 Oct 2018 18:50:19 +0000
> From: Armin Kuster <akuster808 at gmail.com>
> To: yocto at yoctoproject.org
> Subject: [yocto] [meta-security][PATCH 04/13] swtpm: switch to stable
> branch and clean up recipe
> Message-ID: <1540752628-10832-4-git-send-email-akuster808 at gmail.com>
>
> Signed-off-by: Armin Kuster <akuster808 at gmail.com>
> ---
> meta-tpm/recipes-tpm/swtpm/swtpm_1.0.bb | 22 +++++-----------------
> 1 file changed, 5 insertions(+), 17 deletions(-)
>
> diff --git a/meta-tpm/recipes-tpm/swtpm/swtpm_1.0.bb
> b/meta-tpm/recipes-tpm/swtpm/swtpm_1.0.bb
> index e0c5ffe..3fe1393 100644
> --- a/meta-tpm/recipes-tpm/swtpm/swtpm_1.0.bb
> +++ b/meta-tpm/recipes-tpm/swtpm/swtpm_1.0.bb
> @@ -3,22 +3,21 @@ LICENSE = "BSD-3-Clause"
> LIC_FILES_CHKSUM = "file://LICENSE;md5=fe8092c832b71ef20dfe4c6d3decb3a8"
> SECTION = "apps"
>
> -DEPENDS = "libtasn1 expect socat glib-2.0 libtpm libtpm-native"
> +DEPENDS = "libtasn1 expect socat glib-2.0 net-tools-native libtpm
> libtpm-native"
>
> # configure checks for the tools already during compilation and
> # then swtpm_setup needs them at runtime
> DEPENDS += "tpm-tools-native expect-native socat-native"
>
> -SRCREV = "66b42f52ef363998cb57f039889d59381d20bdf1"
> -SRC_URI = "git://github.com/stefanberger/swtpm.git \
> - file://fix_lib_search_path.patch \
> +SRCREV = "94bb9f2d716d09bcc6cd2a2e033018f8592008e7"
> +SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=tpm2-preview.v2
> \
> file://fix_fcntl_h.patch \
> file://ioctl_h.patch \
> "
>
> S = "${WORKDIR}/git"
>
> -inherit autotools-brokensep pkgconfig
> +inherit autotools pkgconfig
> PARALLEL_MAKE = ""
>
> TSS_USER="tss"
> @@ -35,21 +34,12 @@ EXTRA_OECONF += "--with-tss-user=${TSS_USER}
> --with-tss-group=${TSS_GROUP}"
>
> export SEARCH_DIR = "${STAGING_LIBDIR_NATIVE}"
>
> -# dup bootstrap
> -do_configure_prepend () {
> - libtoolize --force --copy
> - autoheader
> - aclocal
> - automake --add-missing -c
> - autoconf
> -}
> -
> USERADD_PACKAGES = "${PN}"
> GROUPADD_PARAM_${PN} = "--system ${TSS_USER}"
> USERADD_PARAM_${PN} = "--system -g ${TSS_GROUP} --home-dir \
> --no-create-home --shell /bin/false ${BPN}"
>
> -RDEPENDS_${PN} = "libtpm expect socat bash"
> +RDEPENDS_${PN} = "libtpm expect socat bash tpm-tools"
>
> BBCLASSEXTEND = "native nativesdk"
>
> @@ -58,5 +48,3 @@ python() {
> 'filesystems-layer' not in d.getVar('BBFILE_COLLECTIONS').split():
> raise bb.parse.SkipRecipe('Cuse enabled which requires
> meta-filesystems to be present.')
> }
> -
> -RDEPENDS_${PN} += "tpm-tools"
> --
> 2.7.4
>
>
>
> ------------------------------
>
> Message: 5
> Date: Sun, 28 Oct 2018 18:50:21 +0000
> From: Armin Kuster <akuster808 at gmail.com>
> To: yocto at yoctoproject.org
> Subject: [yocto] [meta-security][PATCH 06/13] suricata: add ptest
> Message-ID: <1540752628-10832-6-git-send-email-akuster808 at gmail.com>
>
> Signed-off-by: Armin Kuster <akuster808 at gmail.com>
> ---
> recipes-security/suricata/files/run-ptest | 3 +++
> recipes-security/suricata/suricata_4.0.5.bb | 6 +++++-
> 2 files changed, 8 insertions(+), 1 deletion(-)
> create mode 100644 recipes-security/suricata/files/run-ptest
>
> diff --git a/recipes-security/suricata/files/run-ptest
> b/recipes-security/suricata/files/run-ptest
> new file mode 100644
> index 0000000..666ba9c
> --- /dev/null
> +++ b/recipes-security/suricata/files/run-ptest
> @@ -0,0 +1,3 @@
> +#!/bin/sh
> +
> +suricata -u
> diff --git a/recipes-security/suricata/suricata_4.0.5.bb
> b/recipes-security/suricata/suricata_4.0.5.bb
> index 90b4638..6c0a109 100644
> --- a/recipes-security/suricata/suricata_4.0.5.bb
> +++ b/recipes-security/suricata/suricata_4.0.5.bb
> @@ -10,12 +10,13 @@ SRC_URI += " \
> file://volatiles.03_suricata \
> file://suricata.yaml \
> file://suricata.service \
> + file://run-ptest \
> "
>
> SRC_URI[rules.md5sum] = "205c5e5b54e489207ed892c03ad75b33"
> SRC_URI[rules.sha256sum] =
> "4aa81011b246875a57181c6a0569ca887845e366904bcaf0043220f33bd69798"
>
> -inherit autotools-brokensep pkgconfig python-dir systemd
> +inherit autotools-brokensep pkgconfig python-dir systemd ptest
>
> CFLAGS += "-D_DEFAULT_SOURCE"
>
> @@ -28,6 +29,8 @@ EXTRA_OECONF += " --disable-debug \
> "
>
> PACKAGECONFIG ??= "htp jansson file pcre yaml pcap cap-ng net nfnetlink
> nss nspr"
> +PACKAGECONFIG_append = " ${@bb.utils.contains('DISTRO_FEATURES', 'ptest',
> 'unittests', '', d)}"
> +
> PACKAGECONFIG[htp] = "--with-libhtp-includes=${STAGING_INCDIR}
> --with-libhtp-libraries=${STAGING_LIBDIR}, ,libhtp,"
> PACKAGECONFIG[pcre] = "--with-libpcre-includes=${STAGING_INCDIR}
> --with-libpcre-libraries=${STAGING_LIBDIR}, ,libpcre ,"
> PACKAGECONFIG[yaml] = "--with-libyaml-includes=${STAGING_INCDIR}
> --with-libyaml-libraries=${STAGING_LIBDIR}, ,libyaml ,"
> @@ -42,6 +45,7 @@ PACKAGECONFIG[file] = ",,file, file"
> PACKAGECONFIG[nss] = "--with-libnss-includes=${STAGING_INCDIR}
> --with-libnss-libraries=${STAGING_LIBDIR}, nss, nss,"
> PACKAGECONFIG[nspr] = "--with-libnspr-includes=${STAGING_INCDIR}
> --with-libnspr-libraries=${STAGING_LIBDIR}, nspr, nspr,"
> PACKAGECONFIG[python] = "--enable-python, --disable-python, python,
> python"
> +PACKAGECONFIG[unittests] = "--enable-unittests, --disable-unittests,"
>
> export logdir = "${localstatedir}/log"
>
> --
> 2.7.4
>
>
>
> ------------------------------
>
> Message: 6
> Date: Sun, 28 Oct 2018 18:50:22 +0000
> From: Armin Kuster <akuster808 at gmail.com>
> To: yocto at yoctoproject.org
> Subject: [yocto] [meta-security][PATCH 07/13]
> packagegroup-core-security: add suricata-ptest
> Message-ID: <1540752628-10832-7-git-send-email-akuster808 at gmail.com>
>
> Signed-off-by: Armin Kuster <akuster808 at gmail.com>
> ---
> recipes-security/packagegroup/packagegroup-core-security.bb | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/recipes-security/packagegroup/packagegroup-core-security.bb
> b/recipes-security/packagegroup/packagegroup-core-security.bb
> index 9cf233f..5ee06e3 100644
> --- a/recipes-security/packagegroup/packagegroup-core-security.bb
> +++ b/recipes-security/packagegroup/packagegroup-core-security.bb
> @@ -76,6 +76,7 @@ RDEPENDS_packagegroup-security-ptest = " \
> keyutils-ptest \
> libseccomp-ptest \
> python-scapy-ptest \
> + suricata-ptest \
> ${@bb.utils.contains("DISTRO_FEATURES", "apparmor", "apparmor-ptest",
> "",d)} \
> ${@bb.utils.contains("DISTRO_FEATURES", "smack", "smack-ptest",
> "",d)} \
> ptest-runner \
> --
> 2.7.4
>
>
>
> ------------------------------
>
> --
> _______________________________________________
> yocto mailing list
> yocto at yoctoproject.org
> https://lists.yoctoproject.org/listinfo/yocto
>
>
> End of yocto Digest, Vol 97, Issue 86
> *************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20181029/ebe56ca0/attachment-0001.html>
More information about the yocto
mailing list