new file mode 100644
@@ -0,0 +1,81 @@
+From b540967b87394d855c26375ac5a9a7265f265053 Mon Sep 17 00:00:00 2001
+From: Maximilian Blenk <Maximilian.Blenk@bmw.de>
+Date: Fri, 2 Jul 2021 14:42:25 +0200
+Subject: [PATCH] main: Add option to ignore symlinks
+
+When analyzing a complete rootfs (which might not be the rootfs of the
+analyzing system) symlinks within that rootfs might be broken. In
+particular absolute symlinks. However, if by chance such a symlink
+currently points to a valid binary in your system, this binary pointed
+to is analyzed. This commit adds the possibility to ignore symlinks to
+files (symlinks to dirs are already ignored by default). This allows to
+solve the issue described above, and if the whole rootfs is analyzed
+there shouldn't be a loss of information (because all the binaries will
+be analyzed anyway). Additionally, this also saves some time when
+performing the analysis.
+
+Upstream-Status: Submitted [https://github.com/Wenzel/checksec.py/pull/106]
+---
+ checksec/__main__.py | 12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+diff --git a/checksec/__main__.py b/checksec/__main__.py
+index a14862f..931d850 100644
+--- a/checksec/__main__.py
++++ b/checksec/__main__.py
+@@ -8,6 +8,7 @@ Options:
+ -w WORKERS --workers=WORKERS Specify the number of process pool workers [default: 4]
+ -j --json Display results as JSON
+ -s LIBC --set-libc=LIBC Specify LIBC library to use to check for fortify scores (ELF)
++ -i --ignore-symlinks Ignore symlinks to files
+ -d --debug Enable debug output
+ -h --help Display this message
+ """
+@@ -27,18 +28,18 @@ from .pe import PEChecksecData, PESecurity, is_pe
+ from .utils import lief_set_logging
+
+
+-def walk_filepath_list(filepath_list: List[Path], recursive: bool = False) -> Iterator[Path]:
++def walk_filepath_list(filepath_list: List[Path], recursive: bool = False, ignore_symlinks: bool = False) -> Iterator[Path]:
+ for path in filepath_list:
+ if path.is_dir() and not path.is_symlink():
+ try:
+ if recursive:
+ for f in os.scandir(path):
+- yield from walk_filepath_list([Path(f)], recursive)
++ yield from walk_filepath_list([Path(f)], recursive, ignore_symlinks)
+ else:
+ yield from (Path(f) for f in os.scandir(path))
+ except OSError:
+ continue
+- elif path.is_file():
++ elif path.is_file() and (not ignore_symlinks or not path.is_symlink()):
+ yield path
+
+
+@@ -75,6 +76,7 @@ def main(args):
+ json = args["--json"]
+ recursive = args["--recursive"]
+ libc_path = args["--set-libc"]
++ ignore_symlinks = args["--ignore-symlinks"]
+
+ # logging
+ formatter = "%(asctime)s %(levelname)s:%(name)s:%(message)s"
+@@ -110,7 +112,7 @@ def main(args):
+ # we need to consume the iterator once to get the total
+ # for the progress bar
+ check_output.enumerating_tasks_start()
+- count = sum(1 for i in walk_filepath_list(filepath_list, recursive))
++ count = sum(1 for i in walk_filepath_list(filepath_list, recursive, ignore_symlinks))
+ check_output.enumerating_tasks_stop(count)
+ with ProcessPoolExecutor(
+ max_workers=workers, initializer=worker_initializer, initargs=(libc_path,)
+@@ -119,7 +121,7 @@ def main(args):
+ check_output.processing_tasks_start()
+ future_to_checksec = {
+ pool.submit(checksec_file, filepath): filepath
+- for filepath in walk_filepath_list(filepath_list, recursive)
++ for filepath in walk_filepath_list(filepath_list, recursive, ignore_symlinks)
+ }
+ for future in as_completed(future_to_checksec):
+ filepath = future_to_checksec[future]
new file mode 100644
@@ -0,0 +1,27 @@
+SUMMARY = "Recipe to embedded the Python PiP Package checksec_py"
+HOMEPAGE = "https://pypi.org/project/checksec_py"
+LICENSE = "GPL-3.0-only"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=1ebbd3e34237af26da5dc08a4e440464"
+
+PR = "r0"
+
+inherit pypi python_poetry_core
+PYPI_PACKAGE = "checksec_py"
+SRC_URI[sha256sum] = "892854f95d17a76d8f45a5c0cc597b9f1bebced3fffb9c7205d0baaf5eace886"
+
+SRC_URI += " \
+ file://0001-main-Add-option-to-ignore-symlinks.patch \
+"
+
+RDEPENDS:${PN} += " \
+ python3-docopt \
+ python3-lief \
+ python3-pylddwrap \
+ python3-rich \
+"
+
+# python3-lief is not available for x86:
+# https://github.com/lief-project/LIEF/commit/3def579f75965aa19c021d840a759bce2afc0a31#r152197203
+COMPATIBLE_HOST:x86 = "null"
+
+BBCLASSEXTEND = "native nativesdk"
new file mode 100644
@@ -0,0 +1,14 @@
+SUMMARY = "Recipe to embedded the Python PiP Package icontract"
+HOMEPAGE = "https://pypi.org/project/icontract"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=1d4a9b1f6b84bedf7a38843931e0dd57"
+
+PR = "r0"
+
+inherit pypi setuptools3
+PYPI_PACKAGE = "icontract"
+SRC_URI[sha256sum] = "c1fd55c7709ef18a2ee64313fe863be2668b53060828fcca3525051160c92691"
+
+RDEPENDS:${PN} += "python3-asttokens"
+
+BBCLASSEXTEND = "native"
new file mode 100644
@@ -0,0 +1,26 @@
+SUMMARY = "Recipe to embedded the Python PiP Package pylddwrap"
+HOMEPAGE = "https://pypi.org/project/pylddwrap"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=48fd6c978d39a38b3a04f45a1456d0fa"
+
+inherit pypi setuptools3
+PYPI_PACKAGE = "pylddwrap"
+SRC_URI[sha256sum] = "a70437fea7bca647c0e98161e1006ef49970267999c571b499760f1c43c6ba10"
+
+PR = "r0"
+
+RDEPENDS:${PN} += "python3-icontract"
+
+BBCLASSEXTEND = "native"
+
+do_install:append() {
+ # similarly to https://gitlab.com/akuster/meta-security/-/commit/0fd8e0f8cae612010bafecbff77ed9bb6f647a2d#4e154e295e639fd6c298ca644c75291eb99e0a57_0_16
+ # but delete it from prefix and delete requirements.txt as well.
+ # ERROR: QA Issue: python3-pylddwrap: Files/directories were installed but not shipped in any package:
+ # /usr/README.rst
+ # /usr/requirements.txt
+ # /usr/LICENSE
+ # Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
+ # python3-pylddwrap: 3 installed and not shipped files. [installed-vs-shipped]
+ rm -f ${D}${prefix}/README.rst ${D}${prefix}/requirements.txt ${D}${prefix}/LICENSE
+}