From patchwork Thu Jul 25 09:01:15 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 46818 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C305DC3DA49 for ; Thu, 25 Jul 2024 09:02:05 +0000 (UTC) Received: from mail-lj1-f172.google.com (mail-lj1-f172.google.com [209.85.208.172]) by mx.groups.io with SMTP id smtpd.web10.32001.1721898119272651907 for ; Thu, 25 Jul 2024 02:01:59 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@linaro.org header.s=google header.b=FzUIsC1t; spf=pass (domain: linaro.org, ip: 209.85.208.172, mailfrom: mikko.rapeli@linaro.org) Received: by mail-lj1-f172.google.com with SMTP id 38308e7fff4ca-2ef2fbf1d14so17801391fa.1 for ; Thu, 25 Jul 2024 02:01:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1721898117; x=1722502917; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=WQRgdY9LmIQTj9b3Y8m0XD9vDPCAwhGP3+U/1W/GlSg=; b=FzUIsC1tC3TWU9YxwvUsP86Z7Zm74JBoi0Lf5vayOhCS/GutF4Qhdu4tpz2TklSGLp GZfx3ssQPiXEuXBwKX9x5JjkOhgIYJMcKkVmtI64dSG5QsPf9rV1DceP6Pl7jI+mnMnF fg1hI0uzsnIz4KMQ32LNNw6fyllq6SagNXDCtpH6cHuO8Dr2N+hG6m8w8GPI0Mb3q+II s5uI7s0X4REHeoR/+pUfJ9w1GnZBNqfDmVGSx1jP2Vor7iw2Lm+mxSQbSesiEHctn4yS Lw1tDadCf1qAMKWJUdv/5YYEPTmgg+IlWLHoQyNUiU8Fk1NVaTkTUvaWtc9N6MHMckuN 97TA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721898117; x=1722502917; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=WQRgdY9LmIQTj9b3Y8m0XD9vDPCAwhGP3+U/1W/GlSg=; b=XlqvtWYi7ewuetSRA5HLRDrb8bdPaPmr5BBOZcOYQZi731OuJpFljIZBIboNZfWvrV dlaVW99DaJ4IEbC/YN2dPZ6NOBKHggJU0CJKxbWoAfx4IcdrAnvamY6j6LjHwu5qoz13 peRvwbimm2wdPewdZwq3MCTenE/aTCBW+fCnybREGBX1ehYM36SrHOmcFaR2RzfNwBtW jJczY5W9uUM7D9Z/ZqmIdV+6mEsmP+YSZiLOT1kfF6ecYWB+bx880j965jLlFwfqtEeH spRqyxvv5dOTU00x3d6clUwI3KrQgI6mFqHK4ZsYfF4vKsbkR9fXgsUTrpAgEir6XB5h kdMA== X-Gm-Message-State: AOJu0YzhxCdMhjS97H7viRxwnOCCc/10f+CLW8vrlU8Oz4ZKnHHNhNcX f15pH0g54a92t0umbjpMntHK235ITdbq5q/1K3v0KXlokHyOzsET/LpDvN3PxcOO2ZTKLvanOt2 K X-Google-Smtp-Source: AGHT+IEB6IzKj5Cnxm8W2z+rQvi5aSg5k41anb0n4WIMoAj9sdeYXLLX9a78/IWSb15rwb23nH/+jA== X-Received: by 2002:a05:6512:3992:b0:52c:8a6b:6071 with SMTP id 2adb3069b0e04-52fd423fe9dmr618738e87.30.1721898116746; Thu, 25 Jul 2024 02:01:56 -0700 (PDT) Received: from localhost.localdomain (87-100-245-199.bb.dnainternet.fi. [87.100.245.199]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-52fd5c08d40sm152827e87.171.2024.07.25.02.01.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 Jul 2024 02:01:56 -0700 (PDT) From: Mikko Rapeli To: yocto-patches@lists.yoctoproject.org Cc: Mikko Rapeli Subject: [meta-security][PATCH 01/17] bastille: UNPACKDIR fixes Date: Thu, 25 Jul 2024 12:01:15 +0300 Message-ID: <20240725090131.75860-1-mikko.rapeli@linaro.org> X-Mailer: git-send-email 2.45.2 MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 25 Jul 2024 09:02:05 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/458 New poky version uses UNPACKDIR instead of WORKDIR Signed-off-by: Mikko Rapeli --- .../recipes-security/bastille/bastille_3.2.1.bb | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/dynamic-layers/meta-perl/recipes-security/bastille/bastille_3.2.1.bb b/dynamic-layers/meta-perl/recipes-security/bastille/bastille_3.2.1.bb index f2ef335..7074f68 100644 --- a/dynamic-layers/meta-perl/recipes-security/bastille/bastille_3.2.1.bb +++ b/dynamic-layers/meta-perl/recipes-security/bastille/bastille_3.2.1.bb @@ -83,11 +83,11 @@ do_install () { install -m 0644 Bastille/AccountSecurity.pm ${D}${libdir}/Bastille install -m 0644 Bastille/Apache.pm ${D}${libdir}/Bastille install -m 0644 Bastille/API.pm ${D}${libdir}/Bastille - install -m 0644 ${WORKDIR}/AccountPermission.pm ${D}${libdir}/Bastille/API - install -m 0644 ${WORKDIR}/FileContent.pm ${D}${libdir}/Bastille/API - install -m 0644 ${WORKDIR}/HPSpecific.pm ${D}${libdir}/Bastille/API - install -m 0644 ${WORKDIR}/ServiceAdmin.pm ${D}${libdir}/Bastille/API - install -m 0644 ${WORKDIR}/Miscellaneous.pm ${D}${libdir}/Bastille/API + install -m 0644 ${UNPACKDIR}/AccountPermission.pm ${D}${libdir}/Bastille/API + install -m 0644 ${UNPACKDIR}/FileContent.pm ${D}${libdir}/Bastille/API + install -m 0644 ${UNPACKDIR}/HPSpecific.pm ${D}${libdir}/Bastille/API + install -m 0644 ${UNPACKDIR}/ServiceAdmin.pm ${D}${libdir}/Bastille/API + install -m 0644 ${UNPACKDIR}/Miscellaneous.pm ${D}${libdir}/Bastille/API install -m 0644 Bastille/BootSecurity.pm ${D}${libdir}/Bastille install -m 0644 Bastille/ConfigureMiscPAM.pm ${D}${libdir}/Bastille install -m 0644 Bastille/DisableUserTools.pm ${D}${libdir}/Bastille @@ -138,7 +138,7 @@ do_install () { install -m 0644 OSMap/OSX.bastille ${D}${datadir}/Bastille/OSMap install -m 0644 OSMap/OSX.system ${D}${datadir}/Bastille/OSMap - install -m 0644 ${WORKDIR}/config ${D}${sysconfdir}/Bastille/config + install -m 0644 ${UNPACKDIR}/config ${D}${sysconfdir}/Bastille/config for file in `cat Modules.txt` ; do install -m 0644 Questions/$file.txt ${D}${datadir}/Bastille/Questions From patchwork Thu Jul 25 09:01:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 46817 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C4D5EC3DA7F for ; Thu, 25 Jul 2024 09:02:05 +0000 (UTC) Received: from mail-lf1-f42.google.com (mail-lf1-f42.google.com [209.85.167.42]) by mx.groups.io with SMTP id smtpd.web10.32004.1721898122638903096 for ; Thu, 25 Jul 2024 02:02:02 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@linaro.org header.s=google header.b=HnkQSjm8; spf=pass (domain: linaro.org, ip: 209.85.167.42, mailfrom: mikko.rapeli@linaro.org) Received: by mail-lf1-f42.google.com with SMTP id 2adb3069b0e04-52efd855adbso870641e87.2 for ; Thu, 25 Jul 2024 02:02:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1721898120; x=1722502920; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=MYfdn30CYY4FGMjXgpAAAXHsu3lcn9xCjA/L5LfGkS0=; b=HnkQSjm8bHfXF0T6wo1NnbkE/W3b6XwCUw8vp0SN7A+qiUB0uT9MXSHSTAOBceNVxJ AWb2BJ3cigudvYbRzUCmIwZYDuw0CcGZjmrn+6TLWNOAfPfWF91qmcVJchBhz2egUGwU LulglX0rBwsKRvcuYPSD5vd6zL1IftozPXa9ux5jyd4PEe9bNag7Io1Nb4qoI0YUfAw3 1fdfxsON0k6VQQVLXaypqCrECNjNTLC5xL+L60B/XNi1F8QI83+DKW+e5pozpGBdIi4h 7VMe2dciA2gP871RosoKtflXYRnpOcu04Qf8SdqSt+DXSz0EhlXOSPwuwSDCCuoYKC+U t58A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721898120; x=1722502920; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=MYfdn30CYY4FGMjXgpAAAXHsu3lcn9xCjA/L5LfGkS0=; b=BRtLgtsmQ5M6CA0sPdeRlTne9Gzw5LQJ95V8ZBwvTI4w4tENttibc6o/pagqfnIa0l RANwKHw1PbdS+YK2R5HII3dah63l6wLtRiL18Jz9onnHPYes65vCcAHOSJSw/InUM3kl YLTbQktLxakWTY9bpKdqIvnqqJHz0YFBc/tuCXLIBmgfMZiN9P+lUgs17GK/sIjteS3a B6vUQYWrAHodetXibuafM/45Yzz31YHlOPWtSFK1SaNpKT2YBgs89NgCHGzhi2Y7HRN0 jeam2Frl5+82wGU6AJA4xSSaVqkCYC3knOH3+CiJUegyE6wBqkkn07XPKW1yKGdFbrmI rALg== X-Gm-Message-State: AOJu0YziF2YVmygNc8sZypjjMKGS3QevOWrMZOTkd8/gdEBsuvvh/31Y BQF/Rw/QSeXi0Uy4I/H4xs7qvJ1HXj6ZnaV7SBQDPS734CJ9zBv67cxULg5T43IvPt4tBRd/by8 l X-Google-Smtp-Source: AGHT+IF9Km0FNrm3HIUZWuex/qg+iiazyG6gkE1OXraQzwrnXsv5wPnB5ByrHS8ci469yK6NsMez5A== X-Received: by 2002:a05:6512:3d1d:b0:52e:9f17:841a with SMTP id 2adb3069b0e04-52fd3ef6e11mr1583120e87.6.1721898120352; Thu, 25 Jul 2024 02:02:00 -0700 (PDT) Received: from localhost.localdomain (87-100-245-199.bb.dnainternet.fi. [87.100.245.199]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-52fd5c08d40sm152827e87.171.2024.07.25.02.01.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 Jul 2024 02:01:59 -0700 (PDT) From: Mikko Rapeli To: yocto-patches@lists.yoctoproject.org Cc: Mikko Rapeli Subject: [meta-security][PATCH 02/17] python3-fail2ban: UNPACKDIR fix Date: Thu, 25 Jul 2024 12:01:16 +0300 Message-ID: <20240725090131.75860-2-mikko.rapeli@linaro.org> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240725090131.75860-1-mikko.rapeli@linaro.org> References: <20240725090131.75860-1-mikko.rapeli@linaro.org> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 25 Jul 2024 09:02:05 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/459 New poky uses UNPACKDIR instead of WORKDIR Signed-off-by: Mikko Rapeli --- .../recipes-security/fail2ban/python3-fail2ban_1.0.2.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_1.0.2.bb b/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_1.0.2.bb index bf5f87d..757336a 100644 --- a/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_1.0.2.bb +++ b/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_1.0.2.bb @@ -40,7 +40,7 @@ do_install:append () { rm -f ${D}/${bindir}/fail2ban-python install -d ${D}/${sysconfdir}/fail2ban install -d ${D}/${sysconfdir}/init.d - install -m 0755 ${WORKDIR}/initd ${D}${sysconfdir}/init.d/fail2ban-server + install -m 0755 ${UNPACKDIR}/initd ${D}${sysconfdir}/init.d/fail2ban-server if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then install -d ${D}${systemd_system_unitdir} From patchwork Thu Jul 25 09:01:17 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 46819 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A1906C3DA7E for ; Thu, 25 Jul 2024 09:02:15 +0000 (UTC) Received: from mail-lf1-f45.google.com (mail-lf1-f45.google.com [209.85.167.45]) by mx.groups.io with SMTP id smtpd.web10.32005.1721898125406340703 for ; Thu, 25 Jul 2024 02:02:05 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@linaro.org header.s=google header.b=MKhPYSiO; spf=pass (domain: linaro.org, ip: 209.85.167.45, mailfrom: mikko.rapeli@linaro.org) Received: by mail-lf1-f45.google.com with SMTP id 2adb3069b0e04-52f01993090so795142e87.2 for ; Thu, 25 Jul 2024 02:02:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1721898123; x=1722502923; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=02aSaDqJWRmjLqfFhoW70kGSC4/95HdhG8XC3RNq0mU=; b=MKhPYSiOJhXEWI/GMNqgS8OAdEcNOQp4c2Sv43DQp6Yg+mRivBtv7ivV4f3FW6LxhP Fcjr/T+UNSHuvQJgg4aSKzRv+DUTsLA64sTu5CzZMFjxm9eAfg3MSFJBaCInVNP6WLUE mkOevolvH1fR52P2uWrSvAdSWetg7Ta2PVPpizIDwxh3+JeA8d8Eo7uJk/kujstjIDoi HKaDq2/9kb4iw7eo1cyeYY6HryzNM+QAGTYhS+jh4G0PI0Nnj3f6AM8z4QszRse568Fc jCM53+I0ngRv72U/ERKoe+2dyGhSkW96DaJg3LKfIsUmt+PhDXJzIEZ5RL3beoLjKtrG FzVA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721898123; x=1722502923; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=02aSaDqJWRmjLqfFhoW70kGSC4/95HdhG8XC3RNq0mU=; b=I0fi0IqR5ETrbj8vT2AM2jJ/0Wu3z6sZ1hDqubDhJHAQKzA3DxKhlM8Hm4NQ5cDFJs g66naRzVIc51i+BcaH9H+OXw6baVOOvVatMhw5CKZGxWRxEv/cjla9JMhmbjfkkjPvYu 9q+H9GH9ZkK/Pz3m4PMtSGSxxciDI2rPv6uzeEMvc3W6nLgF2zyo8pj92nrQtNZpTAEV 0NOFPaVuqOenYgN9VavoNKVIpxLgZhikoyf7ESbpv9lx1p5ZIALTMG/1jXmLOjYKawAs RFFt8cHqjG89alB9T2htHbrzDNVyFE+HQ1M7RBQ9ZiGELpqRCSIIQkve75r42o6kXrx+ vF7g== X-Gm-Message-State: AOJu0Yy+alsZZaNEFttgakkPhf/vNyPwi84UN2mD+Hi7i0Lope9iSnka YPJWPhXRQEvgWwYhFvXfAJG9IEVJLiAzRD7dXg4+8/w9xSF37Zah/E9oORJ8ELcyqiGcQL63dHd 8 X-Google-Smtp-Source: AGHT+IGmkBqtYGq9b8/j0A8e3ur3BrEKL8n8VKtNyEJHsZSh321XD2lWQ1gBoc83ipbdDv3zw4/tmA== X-Received: by 2002:a19:f70d:0:b0:52c:e0fb:92c0 with SMTP id 2adb3069b0e04-52fd60439a8mr718406e87.34.1721898123504; Thu, 25 Jul 2024 02:02:03 -0700 (PDT) Received: from localhost.localdomain (87-100-245-199.bb.dnainternet.fi. [87.100.245.199]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-52fd5c08d40sm152827e87.171.2024.07.25.02.02.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 Jul 2024 02:02:02 -0700 (PDT) From: Mikko Rapeli To: yocto-patches@lists.yoctoproject.org Cc: Mikko Rapeli Subject: [meta-security][PATCH 03/17] initscripts: UNPACKDIR fixes Date: Thu, 25 Jul 2024 12:01:17 +0300 Message-ID: <20240725090131.75860-3-mikko.rapeli@linaro.org> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240725090131.75860-1-mikko.rapeli@linaro.org> References: <20240725090131.75860-1-mikko.rapeli@linaro.org> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 25 Jul 2024 09:02:15 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/460 New poky uses UNPACKDIR instead of WORKDIR Signed-off-by: Mikko Rapeli --- .../recipes-core/initscripts/initscripts_1.0.bbappend | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-hardening/recipes-core/initscripts/initscripts_1.0.bbappend b/meta-hardening/recipes-core/initscripts/initscripts_1.0.bbappend index 92e364c..8af6979 100644 --- a/meta-hardening/recipes-core/initscripts/initscripts_1.0.bbappend +++ b/meta-hardening/recipes-core/initscripts/initscripts_1.0.bbappend @@ -4,5 +4,5 @@ SRC_URI:append:harden = " file://mountall.sh" do_install:append:harden() { install -d ${D}${sysconfdir}/init.d - install -m 0755 ${WORKDIR}/mountall.sh ${D}${sysconfdir}/init.d + install -m 0755 ${UNPACKDIR}/mountall.sh ${D}${sysconfdir}/init.d } From patchwork Thu Jul 25 09:01:18 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 46821 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id BBC90C3DA5D for ; Thu, 25 Jul 2024 09:02:15 +0000 (UTC) Received: from mail-lj1-f173.google.com (mail-lj1-f173.google.com [209.85.208.173]) by mx.groups.io with SMTP id smtpd.web10.32007.1721898127359674563 for ; Thu, 25 Jul 2024 02:02:07 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@linaro.org header.s=google header.b=nP/AfLsO; spf=pass (domain: linaro.org, ip: 209.85.208.173, mailfrom: mikko.rapeli@linaro.org) Received: by mail-lj1-f173.google.com with SMTP id 38308e7fff4ca-2eeb1051360so7067731fa.0 for ; Thu, 25 Jul 2024 02:02:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1721898125; x=1722502925; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=0SXA9g/1g2hvjQxZAAgpdGDxQtmVlctPP+APW+fegQo=; b=nP/AfLsOt+R+hv+DHvKpg7Otgi0ZvztFFRKs5XRSrCN4FWitTPAJZrWAiTXAN3iTOF W+d4JAf1jPzxmU4VU1JPbIVIhN269Kt9D9LQusptvXLH0mHRcgQNHQv+q0NeK1f2f4GC uoJtdXVa8k+CHD1gp+BwOiFYxp2Sxm/AVlaJ2n6V+PpO6MsBMYIXqdm6XQYlzu7azUjr 8mLLakPhQb06DsLPtwHIG//w5+Lf/5/Qfm2C8zfs9dupNnYWZA/DX7W5NCsRcXE43tYj 8NDkN0Pd/5Rs0f7LyTWQJ/9lyv2B7EuLeMtDgFHFMRZHcFpuMhSDtlRwNuXZAVXQHZka 1hyQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721898125; x=1722502925; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0SXA9g/1g2hvjQxZAAgpdGDxQtmVlctPP+APW+fegQo=; b=LgUitCXLS8BUE73sTEvIJ8zVHuZsn3C8mNjvW17mp6+OTbxjfB6BO3hFLTBZxYXz3E DY1BVnDsRhNi9E6hfuDtXbUff13HWZlwsDI2fuPgxKc3FCddbH2LMl1Cp1f+Dr3IZmxj IPPLz2bm/j761rypDawWyI7FsdfxVjYzs99UHS4TeVsn2GPN8m7FL/YduSZt1AxnWMbG jgtaA+M7klbSfOW8abP7NgFOVmWxcEsGexRFKWPnJYt91ycqtgPECuQEpauYjVzrM54Y yAluUgApJwFxodZgX1vl8VJRPhL3yAN03yyKr5wFZmokHrVNI9iLTMAoJjU3q3C6G3yz xSRA== X-Gm-Message-State: AOJu0Ywsme9uhMmGrnJev6cFFRP6FkhVqub5vCEH1ZeZcu43lER38DEz it6YU5oE9SJDSzb/bsLyIR3ZH1OslA8gslLmfhD0Y40MmtB55PQa6d4OAkFLZiLkR/314dC/tGh 0 X-Google-Smtp-Source: AGHT+IHp1pavsnkl8F+R2R/LrD5HkjW5iNpBfTiBJ4+Mw0CLTGOjj+hFpXBgkN4q8WLNrpj7sq3j6A== X-Received: by 2002:a05:6512:2256:b0:52f:c833:861a with SMTP id 2adb3069b0e04-52fd3f82889mr1505313e87.51.1721898125245; Thu, 25 Jul 2024 02:02:05 -0700 (PDT) Received: from localhost.localdomain (87-100-245-199.bb.dnainternet.fi. [87.100.245.199]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-52fd5c08d40sm152827e87.171.2024.07.25.02.02.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 Jul 2024 02:02:04 -0700 (PDT) From: Mikko Rapeli To: yocto-patches@lists.yoctoproject.org Cc: Mikko Rapeli Subject: [meta-security][PATCH 04/17] initramfs-framework-ima: UNPACKDIR fix Date: Thu, 25 Jul 2024 12:01:18 +0300 Message-ID: <20240725090131.75860-4-mikko.rapeli@linaro.org> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240725090131.75860-1-mikko.rapeli@linaro.org> References: <20240725090131.75860-1-mikko.rapeli@linaro.org> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 25 Jul 2024 09:02:15 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/461 New poky uses UNPACKDIR instead of WORKDIR Signed-off-by: Mikko Rapeli --- .../recipes-core/initrdscripts/initramfs-framework-ima.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb b/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb index 58cbe6e..fed4609 100644 --- a/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb +++ b/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb @@ -25,7 +25,7 @@ REQUIRED_DISTRO_FEATURES = "ima" do_install () { install -d ${D}/${sysconfdir}/ima install -d ${D}/init.d - install ${WORKDIR}/ima ${D}/init.d/20-ima + install ${UNPACKDIR}/ima ${D}/init.d/20-ima sed -i "s/@@FORCE_IMA@@/${IMA_FORCE}/g" ${D}/init.d/20-ima } From patchwork Thu Jul 25 09:01:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 46823 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D6108C52CD8 for ; Thu, 25 Jul 2024 09:02:15 +0000 (UTC) Received: from mail-lf1-f44.google.com (mail-lf1-f44.google.com [209.85.167.44]) by mx.groups.io with SMTP id smtpd.web11.32093.1721898128597054026 for ; Thu, 25 Jul 2024 02:02:08 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@linaro.org header.s=google header.b=EQMUejKp; spf=pass (domain: linaro.org, ip: 209.85.167.44, mailfrom: mikko.rapeli@linaro.org) Received: by mail-lf1-f44.google.com with SMTP id 2adb3069b0e04-52efc89dbedso680007e87.3 for ; Thu, 25 Jul 2024 02:02:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1721898127; x=1722502927; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=AKgmqCG89tJRgcgBtjwK68BBJ2om/yNVQQvXJO8zTiY=; b=EQMUejKp5FdPuuhdfk6uQQhOoQnQ8ky+IU/f7bIZCkUcNSSYNWrIS4JSiWwW2ecNhe Sg+olJaTP6rBO0nE9cuN7Nmq8zu1KLwrtKJqNgpLoS01bmaR6si6z0D+rg7qXNN7C52i rDanSeBAklMW8rTd6l0OKoiiOcgJCvdsBqHYDA/Bg5VKVCSnNmSFAv+kklF1PcAMC20P OJMlNlo37iNLjRSFC4QOCP2UR5Jr2UsfD3bUU9qNDHiwRIIte/eQW+OntSX7qAHf4UXq 5oKkNA8EVnG04QFbgFaXI5/t02t/zDcHvEzu54sI6JWZJaGtw+Q7O/6JMZ3XJX2sUkpO TiDQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721898127; x=1722502927; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=AKgmqCG89tJRgcgBtjwK68BBJ2om/yNVQQvXJO8zTiY=; b=BlYk2eHJkbrLqx2v6JTqWXKpms6gVV1LoJ8ZT3ooLjrl/hM/bBMogd8szS3oHDTbwF UJep14trFEK4zUF4Gdo2qiqIDeK9Jxl8DBnET3vC//L7FKgvUDIlcGdpB481BrU7j/Ii qWc6pnVQSfzJHIure/iFoISeW45o208Fc5JQRW6/7rG1+ANohAksdpOoaraOq+94reAj O8iLTj4c0iwFvk+3J9btWQ09PgF9K2afKxPmOuSlp4REGseJ/hYGXTD9p8krqxznJoVr sz1T7LzxZ4dn3xx7/uq6i4JmC3GN+SVaRCqFNjDz1bqeNgIWHn70n5I2gqxMrA0AwHYu SBSA== X-Gm-Message-State: AOJu0YzkNLe3BzhnSGYQMjoDtxAQ+ecvScQ253F84HhRT414qPfTadRb HNWnxIV+wjWHTRjX7h9gMyQlg0awOagtLw+wW45RAW6KvPCr19uKkSiKd/sm3iqtkyeNWY3sb3d L X-Google-Smtp-Source: AGHT+IHURBIeZmNClQNfEGH44M6dj/qarsYO3f6j4AZgHCLwf7/rcok4ROKKWTKQ6KgfO8vjtYx9dg== X-Received: by 2002:a05:6512:2c0b:b0:52e:7a8c:35a0 with SMTP id 2adb3069b0e04-52fd608773fmr852358e87.7.1721898126727; Thu, 25 Jul 2024 02:02:06 -0700 (PDT) Received: from localhost.localdomain (87-100-245-199.bb.dnainternet.fi. [87.100.245.199]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-52fd5c08d40sm152827e87.171.2024.07.25.02.02.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 Jul 2024 02:02:06 -0700 (PDT) From: Mikko Rapeli To: yocto-patches@lists.yoctoproject.org Cc: Mikko Rapeli Subject: [meta-security][PATCH 05/17] ima-policy-appraise-all: UNPACKDIR fix Date: Thu, 25 Jul 2024 12:01:19 +0300 Message-ID: <20240725090131.75860-5-mikko.rapeli@linaro.org> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240725090131.75860-1-mikko.rapeli@linaro.org> References: <20240725090131.75860-1-mikko.rapeli@linaro.org> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 25 Jul 2024 09:02:15 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/462 New poky uses UNPACKDIR instead of WORKDIR Signed-off-by: Mikko Rapeli --- .../ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb b/meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb index 5f2244e..88b3698 100644 --- a/meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb +++ b/meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb @@ -9,7 +9,7 @@ REQUIRED_DISTRO_FEATURES = "ima" do_install () { install -d ${D}/${sysconfdir}/ima - install ${WORKDIR}/ima_policy_appraise_all ${D}/${sysconfdir}/ima/ima-policy + install ${UNPACKDIR}/ima_policy_appraise_all ${D}/${sysconfdir}/ima/ima-policy } FILES:${PN} = "${sysconfdir}/ima" From patchwork Thu Jul 25 09:01:20 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 46825 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id BC0CCC52CD9 for ; Thu, 25 Jul 2024 09:02:15 +0000 (UTC) Received: from mail-lf1-f45.google.com (mail-lf1-f45.google.com [209.85.167.45]) by mx.groups.io with SMTP id smtpd.web10.32010.1721898130158223775 for ; Thu, 25 Jul 2024 02:02:10 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@linaro.org header.s=google header.b=ajQl6zWq; spf=pass (domain: linaro.org, ip: 209.85.167.45, mailfrom: mikko.rapeli@linaro.org) Received: by mail-lf1-f45.google.com with SMTP id 2adb3069b0e04-52f008aa351so786439e87.0 for ; Thu, 25 Jul 2024 02:02:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1721898128; x=1722502928; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=pIJaUGyfa1fpHiHnxYmwvhSsmDJ5zijjd+J5huiOmNI=; b=ajQl6zWqwV5fag50FmGmd6aUqd2ViVEppX2ZY0dA1uOBFA9DwmWSzoaCbMgI/XIaIU A5bvWN8b/q7rfr5mtjuy+02lL361Xc1AiPf5e7AwmXzgiUzZl3NoVoSukTf8sDIVhDR2 OR+p17GWR18B1k/rDsHnFVGPWd26IWEPI1t2FP/r7XPnLDxQkh/v6PN3sb5u4KvQVQjN B98zjf+ZsKRjFU8oqH+yvf7IBoqGR70WeAniXzWeCFHWe9DUAqfN0QDfX1WQljeEx3kI AeDe7L/I9sqwmN4vZigGKWiXQicJnIHpCzuVOB1kU2ibQmfZrx7bU/ELRPoBywGUC7aK BWlg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721898128; x=1722502928; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=pIJaUGyfa1fpHiHnxYmwvhSsmDJ5zijjd+J5huiOmNI=; b=mKO72e9W7IugZHtajsh8Aq5OxcVpQBM6ZGUeJoV+cTN0bUyN28NAVNPRHJ9Xcq/R3N qyylttlAWI0ipt6TahF/Nce0ZEo14alE4G7XDFx1WqaGYxIcbHxuacJkg1x5ep3TXtgP 7kDL9+cqdB0fAXbyq4qjsCCSEXf4/EYRE0CCPY24iPPfp2+0a5aghGdaUe5bPKW5jpBh yb0Z8BwaeS7qHRfpILRgTjbTdOJtbBvr9tZJEa8gX2Fr8n8QewQb0+XyWHPwuh8Ay95o vCh172p3sDqZKTv+ZBT5MxuXSSK/QzQHvbeei73jRsEy7qJNYcB469Jn24lUwnlo1O6e mkiA== X-Gm-Message-State: AOJu0YwX6grclSrwyFQX9BrDS8EvDTGV/199/gp5vgHhZGvgD3W+3yql JFD4gG9o6nIpRYzfLryf/+TGOBbOIOfi26kqZHG5JWRXr2V/5dJSQd3mHB/71PkhU+WeOa+cZsY x X-Google-Smtp-Source: AGHT+IFaRD6Gf0cVXorep1p68gSUFIlN9UKiwSka0orG9RkLbQB1x6yX/OhD2AnoidYsx4h33LhlZQ== X-Received: by 2002:a05:6512:31ca:b0:52c:dba6:b4cb with SMTP id 2adb3069b0e04-52fd602a88bmr1097239e87.13.1721898128327; Thu, 25 Jul 2024 02:02:08 -0700 (PDT) Received: from localhost.localdomain (87-100-245-199.bb.dnainternet.fi. [87.100.245.199]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-52fd5c08d40sm152827e87.171.2024.07.25.02.02.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 Jul 2024 02:02:07 -0700 (PDT) From: Mikko Rapeli To: yocto-patches@lists.yoctoproject.org Cc: Mikko Rapeli Subject: [meta-security][PATCH 06/17] ima-policy-simple: UNPACKDIR fix Date: Thu, 25 Jul 2024 12:01:20 +0300 Message-ID: <20240725090131.75860-6-mikko.rapeli@linaro.org> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240725090131.75860-1-mikko.rapeli@linaro.org> References: <20240725090131.75860-1-mikko.rapeli@linaro.org> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 25 Jul 2024 09:02:15 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/463 New poky uses UNPACKDIR instead of WORKDIR Signed-off-by: Mikko Rapeli --- .../recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb b/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb index 8fed410..69aec47 100644 --- a/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb +++ b/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb @@ -9,7 +9,7 @@ REQUIRED_DISTRO_FEATURES = "ima" do_install () { install -d ${D}/${sysconfdir}/ima - install ${WORKDIR}/ima_policy_simple ${D}/${sysconfdir}/ima/ima-policy + install ${UNPACKDIR}/ima_policy_simple ${D}/${sysconfdir}/ima/ima-policy } FILES:${PN} = "${sysconfdir}/ima" From patchwork Thu Jul 25 09:01:21 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 46822 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id ADBC1C3DA7F for ; Thu, 25 Jul 2024 09:02:15 +0000 (UTC) Received: from mail-lf1-f53.google.com (mail-lf1-f53.google.com [209.85.167.53]) by mx.groups.io with SMTP id smtpd.web11.32094.1721898132256139380 for ; Thu, 25 Jul 2024 02:02:12 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@linaro.org header.s=google header.b=p9U+Kjun; spf=pass (domain: linaro.org, ip: 209.85.167.53, mailfrom: mikko.rapeli@linaro.org) Received: by mail-lf1-f53.google.com with SMTP id 2adb3069b0e04-52f025bc147so716792e87.3 for ; Thu, 25 Jul 2024 02:02:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1721898130; x=1722502930; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=4boPpXZPcduJ/g1CgwngAVZuip4tiO88+2jyE5EDQqw=; b=p9U+KjunClL2UmyNv8XfWbG5YrVBoznxKvZ+rm5f9qC/gCHNO4Sv7pnyVnIUYf33nh t0Z9cr0iNF126gJBf1yVRoxyUxYnsqfnVs3ze1qY3eb3QmWs+2fGqtRG7TW6jjUGXw22 SuyfIfx32JJKjWjm3tYpxXndTwtsA47IjFdlSlDi6wm8w6ilCmgiw+YN+ZorJtoyOZfi G1qbSz7uxiFjzjlICOnpe6NFnpclqwbRGzhbA1w+7uAf63dsk30d9M3qpqfQXBD3lBjU uCEyLJfg6pi3Lefge48n/XRrinQ6QzI9OPvzcQxlj//8uGPJE4Mer1cOVn8F91BQk8Or STeA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721898130; x=1722502930; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4boPpXZPcduJ/g1CgwngAVZuip4tiO88+2jyE5EDQqw=; b=ktFzjhYhtZamL3HvdlPIymq2dvcMw0eplCDraD3T+eBt5PTZN5+BJTPtmRthYQDNiH E3/+SJbr/Sjk1G+SSyRkHXYQ6zQFhfwpMIjdErbrd9Ev/FLckzYxmg7/c1jKpk9Y39y0 gBayO/kH2gXIG39VdN4NMw2Jlobu2visPy0n7Y2qCFHJwEaRl5CD90S4oeAbCqZXIPsn UpAGpxgOT41KWzH0tY2MhSMFjuZq3jSy3Fincnt0jJfLtxpyceENK6q2Tah+ggBtDJlv kO5SocKz0uOlIRYe0/byJ49UMi4Vk9WrkFnj8l9Yw2XhTe5c6uWISCwswqQ+XqQfGPIT eKCg== X-Gm-Message-State: AOJu0YxFzn3IEzBcyx3KJ1hg+MtGzs7f+Z/Qmt2FVifxoOsZnKTzWjYG p504rdVR0Xrcvs+m4JmcYemXX9F4uhj3pFvFPSyqdz90xeMAIky3Oldvm3pEefNl1smGQ54ZbI/ O X-Google-Smtp-Source: AGHT+IGriMWR/W7WpNWUwgb2WE2GqvbXzqm1KofpStrnxXVOMafEtDHgCR3zKQmaF0o6bd5PTBfzkQ== X-Received: by 2002:a05:6512:10c2:b0:52e:9958:1a66 with SMTP id 2adb3069b0e04-52fd3f14166mr1592246e87.23.1721898129928; Thu, 25 Jul 2024 02:02:09 -0700 (PDT) Received: from localhost.localdomain (87-100-245-199.bb.dnainternet.fi. [87.100.245.199]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-52fd5c08d40sm152827e87.171.2024.07.25.02.02.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 Jul 2024 02:02:09 -0700 (PDT) From: Mikko Rapeli To: yocto-patches@lists.yoctoproject.org Cc: Mikko Rapeli Subject: [meta-security][PATCH 07/17] parsec-service: UNPACKDIR fixes Date: Thu, 25 Jul 2024 12:01:21 +0300 Message-ID: <20240725090131.75860-7-mikko.rapeli@linaro.org> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240725090131.75860-1-mikko.rapeli@linaro.org> References: <20240725090131.75860-1-mikko.rapeli@linaro.org> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 25 Jul 2024 09:02:15 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/464 New poky uses UNPACKDIR instead of WORKDIR Signed-off-by: Mikko Rapeli --- .../recipes-parsec/parsec-service/parsec-service_1.4.1.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta-parsec/recipes-parsec/parsec-service/parsec-service_1.4.1.bb b/meta-parsec/recipes-parsec/parsec-service/parsec-service_1.4.1.bb index 2d55c24..3aa0b0a 100644 --- a/meta-parsec/recipes-parsec/parsec-service/parsec-service_1.4.1.bb +++ b/meta-parsec/recipes-parsec/parsec-service/parsec-service_1.4.1.bb @@ -61,12 +61,12 @@ do_install () { install -m 644 ${S}/systemd-daemon/parsec.service ${D}${systemd_unitdir}/system install -d ${D}${libdir}/tmpfiles.d - install -m 644 ${WORKDIR}/parsec-tmpfiles.conf ${D}${libdir}/tmpfiles.d + install -m 644 ${UNPACKDIR}/parsec-tmpfiles.conf ${D}${libdir}/tmpfiles.d fi if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then install -d ${D}${sysconfdir}/init.d - install -m 755 ${WORKDIR}/parsec_init ${D}${sysconfdir}/init.d/parsec + install -m 755 ${UNPACKDIR}/parsec_init ${D}${sysconfdir}/init.d/parsec # Data dir install -d -m 700 -o parsec -g parsec "${D}${localstatedir}/lib/parsec" fi From patchwork Thu Jul 25 09:01:22 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 46824 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B2371C49EA1 for ; Thu, 25 Jul 2024 09:02:15 +0000 (UTC) Received: from mail-lf1-f46.google.com (mail-lf1-f46.google.com [209.85.167.46]) by mx.groups.io with SMTP id smtpd.web10.32011.1721898133420476185 for ; Thu, 25 Jul 2024 02:02:13 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@linaro.org header.s=google header.b=eDXN4kYB; spf=pass (domain: linaro.org, ip: 209.85.167.46, mailfrom: mikko.rapeli@linaro.org) Received: by mail-lf1-f46.google.com with SMTP id 2adb3069b0e04-52f01ec08d6so900669e87.2 for ; Thu, 25 Jul 2024 02:02:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1721898131; x=1722502931; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=zz+lIpp/JsPl5UFda8y7mFcOJiDS73uEfzOlppeLUhw=; b=eDXN4kYBSyEY2FDtKV/SpY1JWjW6l0p7Cugc1+mWmiD7mT/qE7aCQ9YFi8aShWL5Gn e5CSSMJKNyegrRmIdEU6eZWRNzeVH+y6hZTQa4TPuML4XKGdb3UcaFIyZ45zNs+chJCF rbwLKnB4AMAh7D0rOBgEOoqifM6XrEQNz69/sfzKF1p7tsjRNaL0vHvATL36+cFt9v8k 0h7y3Ta6184zjg6Nvjxrs4824Tld2CmXZF1vlDdGRaJEr8Zts+RtYZqQd2GC+epztqVG pAO0iCDIsA/bHCHXDrlEciYK2K3wxBjGeT58M3XGnC2wDEqod5+456WGM0toQ+pedIYt Ahqg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721898131; x=1722502931; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=zz+lIpp/JsPl5UFda8y7mFcOJiDS73uEfzOlppeLUhw=; b=GQslKO3H1Rqy4eqgqA4Lc4b+HAyMQJPlQ+umc/U/FwNgyQXcoCkCcz07Z6zdFvVHiv 3xQ3Isfefr5zhU1HNNTotS/A/u5NEy4lvsj3cxov52mAFdMQKks+n4MkpQe4YQjkbVVk xNrJwtAyXKpgj/ginsQawv6/NusP9TBoLA8wBl41i5vcXmA4L51+QxMYtz3Sgp83aECJ D7sDD3e/5TOQZF754nI2oezzpEG8EcgVAMwg1dQ4gUJ/3/W14k0jxHvtlh+GyrEazN00 Ta7ZJMrDmfViOb2PwhgxIxbwJ7PQTqOxtxcd14Z6dW54PKF8u45SSHT5Zl+6tRmdoZ9O l21Q== X-Gm-Message-State: AOJu0YzPYwbcDqoBtV5ZFQuBdozinuZ98mWZdYKqaYAiB0DIOLd/PWKU v4ZreR9pdDx/Tex0/ftf0GlUyKefyzwqz0i2slKVgW60YetVFQT7qrK1IT5bR0uFFkb8xy821uH p X-Google-Smtp-Source: AGHT+IGAeeZK5xPSxtOMweeIY9A6t3IH5eWeGN6ZP8qHacEku2O6zd+FwJzGE/i5HnQ6v+bQwgc8FQ== X-Received: by 2002:a05:6512:31d4:b0:52f:159:2dc5 with SMTP id 2adb3069b0e04-52fd60f5052mr1106814e87.42.1721898131588; Thu, 25 Jul 2024 02:02:11 -0700 (PDT) Received: from localhost.localdomain (87-100-245-199.bb.dnainternet.fi. [87.100.245.199]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-52fd5c08d40sm152827e87.171.2024.07.25.02.02.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 Jul 2024 02:02:11 -0700 (PDT) From: Mikko Rapeli To: yocto-patches@lists.yoctoproject.org Cc: Mikko Rapeli Subject: [meta-security][PATCH 08/17] trousers: UNPACKDIR fixes Date: Thu, 25 Jul 2024 12:01:22 +0300 Message-ID: <20240725090131.75860-8-mikko.rapeli@linaro.org> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240725090131.75860-1-mikko.rapeli@linaro.org> References: <20240725090131.75860-1-mikko.rapeli@linaro.org> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 25 Jul 2024 09:02:15 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/465 New poky uses UNPACKDIR instead of WORKDIR. Combine with whitespace fixes. Signed-off-by: Mikko Rapeli --- .../recipes-tpm1/trousers/trousers_git.bb | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/meta-tpm/recipes-tpm1/trousers/trousers_git.bb b/meta-tpm/recipes-tpm1/trousers/trousers_git.bb index 192c66c..0940f76 100644 --- a/meta-tpm/recipes-tpm1/trousers/trousers_git.bb +++ b/meta-tpm/recipes-tpm1/trousers/trousers_git.bb @@ -10,13 +10,13 @@ SRCREV = "94144b0a1dcef6e31845d6c319e9bd7357208eb9" PV = "0.3.15+git${SRCPV}" SRC_URI = " \ - git://git.code.sf.net/p/trousers/trousers;branch=master \ - file://trousers.init.sh \ - file://trousers-udev.rules \ - file://tcsd.service \ - file://get-user-ps-path-use-POSIX-getpwent-instead-of-getpwe.patch \ - file://0001-build-don-t-override-localstatedir-mandir-sysconfdir.patch \ - " + git://git.code.sf.net/p/trousers/trousers;branch=master \ + file://trousers.init.sh \ + file://trousers-udev.rules \ + file://tcsd.service \ + file://get-user-ps-path-use-POSIX-getpwent-instead-of-getpwe.patch \ + file://0001-build-don-t-override-localstatedir-mandir-sysconfdir.patch \ +" S = "${WORKDIR}/git" @@ -32,15 +32,15 @@ do_install () { do_install:append() { install -d ${D}${sysconfdir}/init.d - install -m 0755 ${WORKDIR}/trousers.init.sh ${D}${sysconfdir}/init.d/trousers + install -m 0755 ${UNPACKDIR}/trousers.init.sh ${D}${sysconfdir}/init.d/trousers install -d ${D}${sysconfdir}/udev/rules.d - install -m 0644 ${WORKDIR}/trousers-udev.rules ${D}${sysconfdir}/udev/rules.d/45-trousers.rules + install -m 0644 ${UNPACKDIR}/trousers-udev.rules ${D}${sysconfdir}/udev/rules.d/45-trousers.rules if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/tcsd.service ${D}${systemd_unitdir}/system/ + install -m 0644 ${UNPACKDIR}/tcsd.service ${D}${systemd_unitdir}/system/ sed -i -e 's#@SBINDIR@#${sbindir}#g' ${D}${systemd_unitdir}/system/tcsd.service - fi + fi } CONFFILES:${PN} += "${sysconfig}/tcsd.conf" From patchwork Thu Jul 25 09:01:23 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 46820 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A0CFCC3DA49 for ; Thu, 25 Jul 2024 09:02:15 +0000 (UTC) Received: from mail-lf1-f52.google.com (mail-lf1-f52.google.com [209.85.167.52]) by mx.groups.io with SMTP id smtpd.web10.32012.1721898134897317680 for ; Thu, 25 Jul 2024 02:02:15 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@linaro.org header.s=google header.b=FPv8N42B; spf=pass (domain: linaro.org, ip: 209.85.167.52, mailfrom: mikko.rapeli@linaro.org) Received: by mail-lf1-f52.google.com with SMTP id 2adb3069b0e04-52f00ad303aso856164e87.2 for ; Thu, 25 Jul 2024 02:02:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1721898133; x=1722502933; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Slg8itjqGvaAIgoxgl9v6aG0skZ4WEQLBzskDoekWRs=; b=FPv8N42BEiyYL2kA37BokssShjOEvoubvWCaBDY1/S9Ql1OorCuOWXOX5xQRBCXfIR rMUrLR82NsP5qSU9udUEyyqewylQwXyy463LuaZR7eFHD4Dy4J8Hof3nFQWskQiRbmEa U6abhqHxAjZqpIHRXaNyH1OOnk7y7kEzcw3HCoiOUvFCPR7zAq3ORxRgRbclsEHvmG+/ 18F0AhLiu/k/OVPBYw9dahZCsQw0YX/HK8PL8R0B/q6sUbbEHqCRoTe5KV+hGfrbLtRb RmElqKl8U7w6VayhSngSFc96kMS7vEkGuhnsr3mQfxRJQHJbCB9i49PiorVwH7XPqP/h IHfQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721898133; x=1722502933; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Slg8itjqGvaAIgoxgl9v6aG0skZ4WEQLBzskDoekWRs=; b=fxMeGNr9/E82qCD/sDB72k6x+ui9ALVtDuunEbUP1vZmBFEUQCVHkD/8T2L/99Ry92 8NwHgfF4No8ibhrsjqHm09CzkNuwkw4yc2gVTXKja0IkbG8c88Vya7x9QKoUt0wgVVFC Q5fQZVzlR5uitbYl0cRQyJnT2RwcNiFPBsYbB7TSK6ZODZoKavHGxwMBW1iSslpcZsac 11e0C94W1IFzNL9XgsJLjlhFjVRO5T3lzjp3Zonc8X5SW62TQ4EspW4Vb/+fBT1PkEkm K1VPNMS0gkb/7ZXD8gepayqAcyPf4wf0YRv/33jzQHcIOEoV+F8NtZX6qqwYabnDnldf wnfg== X-Gm-Message-State: AOJu0Yz9mSu+W6vOU2lZZiYLQ/T3fDc6GP6K0DhvjYfurRCfYgyPeA8X t+G3CeNJUbC76Rr1JRWudTSL+Nu2P7IFTZkXr2PtfYL4eLa5R66a73E9802Iwq1Xc461gPE5o3p B X-Google-Smtp-Source: AGHT+IGy4A2SQhyjO3+CW2++csgEzOKhEvK5hI1ZygoK5ZZAOy58CAQENQoHUNpnNAuIsG97kXfnfA== X-Received: by 2002:a05:6512:1391:b0:52c:dd7d:3fd4 with SMTP id 2adb3069b0e04-52fd3f1c857mr1611983e87.25.1721898133098; Thu, 25 Jul 2024 02:02:13 -0700 (PDT) Received: from localhost.localdomain (87-100-245-199.bb.dnainternet.fi. [87.100.245.199]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-52fd5c08d40sm152827e87.171.2024.07.25.02.02.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 Jul 2024 02:02:12 -0700 (PDT) From: Mikko Rapeli To: yocto-patches@lists.yoctoproject.org Cc: Mikko Rapeli Subject: [meta-security][PATCH 09/17] aide: UNPACKDIR fixes Date: Thu, 25 Jul 2024 12:01:23 +0300 Message-ID: <20240725090131.75860-9-mikko.rapeli@linaro.org> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240725090131.75860-1-mikko.rapeli@linaro.org> References: <20240725090131.75860-1-mikko.rapeli@linaro.org> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 25 Jul 2024 09:02:15 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/466 New poky uses UNPACKDIR instead of WORKDIR Signed-off-by: Mikko Rapeli --- recipes-ids/aide/aide_0.17.4.bb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/recipes-ids/aide/aide_0.17.4.bb b/recipes-ids/aide/aide_0.17.4.bb index 52ddc43..b1b9f10 100644 --- a/recipes-ids/aide/aide_0.17.4.bb +++ b/recipes-ids/aide/aide_0.17.4.bb @@ -33,9 +33,9 @@ PACKAGECONFIG[posix] = "--with-posix-acl, --without-posix-acl, acl, acl" do_install[nostamp] = "1" do_install:append () { - install -d ${D}${libdir}/${PN}/logs - install -d ${D}${sysconfdir} - install ${WORKDIR}/aide.conf ${D}${sysconfdir}/ + install -d ${D}${libdir}/${PN}/logs + install -d ${D}${sysconfdir} + install ${UNPACKDIR}/aide.conf ${D}${sysconfdir}/ for dir in ${AIDE_INCLUDE_DIRS}; do echo "${dir} NORMAL" >> ${D}${sysconfdir}/aide.conf @@ -50,7 +50,7 @@ do_install:class-native () { install -d ${STAGING_AIDE_DIR}/lib/logs install ${B}/aide ${STAGING_AIDE_DIR}/bin - install ${WORKDIR}/aide.conf ${STAGING_AIDE_DIR}/ + install ${UNPACKDIR}/aide.conf ${STAGING_AIDE_DIR}/ sed -i -s "s:\@\@define DBDIR.*:\@\@define DBDIR ${STAGING_AIDE_DIR}/lib:" ${STAGING_AIDE_DIR}/aide.conf sed -i -e "s:\@\@define LOGDIR.*:\@\@define LOGDIR ${STAGING_AIDE_DIR}/lib/logs:" ${STAGING_AIDE_DIR}/aide.conf From patchwork Thu Jul 25 09:01:24 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 46827 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D0224C3DA5D for ; Thu, 25 Jul 2024 09:02:25 +0000 (UTC) Received: from mail-lf1-f42.google.com (mail-lf1-f42.google.com [209.85.167.42]) by mx.groups.io with SMTP id smtpd.web10.32013.1721898136685930094 for ; Thu, 25 Jul 2024 02:02:17 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@linaro.org header.s=google header.b=pAixE6d3; spf=pass (domain: linaro.org, ip: 209.85.167.42, mailfrom: mikko.rapeli@linaro.org) Received: by mail-lf1-f42.google.com with SMTP id 2adb3069b0e04-52efd8807aaso908981e87.3 for ; Thu, 25 Jul 2024 02:02:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1721898135; x=1722502935; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=4vJ3vRGG+GDMIUxU8VFQuVTHJf5vs8l7UM944rfIiYs=; b=pAixE6d37gKhFiAn9NKYh7/nvFwE10du99LGnSnb42FTAwbyjsXJ0Ga2DZRcLPdkN5 gSy/jTWE40vHfn6b6L4TuDbKLeE0uD2LjqtYbefguoWjh2cI1ssP7Srj2IhGYZ6dZyCl uf0Ie+BT7W6Nog9Vs2QKTDByszoSY2z5Bz6jQP+Eokhzzw6dAUKh3BvZithupJhikYCY xfs4C8WTDLuI0CFn4FyyK1rx0+QuD7O1hbpAt5eA+O3cm4yuKnreUyL8y1TwPqH0LGZF w5r1+DXD2NatFZj7HSRY+p6mkXvfK/le0VhnKmnPVnlYIxfcMFxofrRg0/65CzcXWKHJ 9RVQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721898135; x=1722502935; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4vJ3vRGG+GDMIUxU8VFQuVTHJf5vs8l7UM944rfIiYs=; b=geOrEtLChbAzmO6V2kitcESYmzoO/EN/jUxxDDicvTASSm/FuEPp8sHd+1qxwVzXbh nCfm9yh4E1UXFlqx6KOSDjQMMJXMfxfL7+zcAi7ufi3Wia956eOw95ZoqqSY7F6dRV/o 6Q4uEjf2yMe/WlvUbutExoZ8HYCBXrX94r4q90/PoxHp8XNeWGJ6nFsXJen0o2hWKXgX +rKX4rqR1M1I8PGOsjnLTd1uBecJg0HwcSFSZQ1D6gTsO7Ro2iKSpuYz8M1OmiMXgkR0 wuGJ86U8AaacAmKnNZPmb4lrg/1TlthvQ/Hir0kURgFQ/qMthVhgbahy7+TtSUTBBkLX 2OBQ== X-Gm-Message-State: AOJu0Yx6lNbr9kzJ/p0kZ9uQDO1aoddpQvHgfh2T65kgxNU2yTw0wg2P JPea+a5jXGQ1sj6AiOnFdRgCGedxDfzJCPgu+LC7zPhLDwvO2QgkvhxsqafkpuDogwQ10SouY71 2 X-Google-Smtp-Source: AGHT+IFkTniaUL4l+5RylYMH2HUfscSec+fB8DcphV6+sWluGYJmH0+NxSr6H6Jtho/JeGFjFi9Jhg== X-Received: by 2002:a05:6512:b85:b0:52c:d943:300f with SMTP id 2adb3069b0e04-52fd3f6bd76mr1732684e87.38.1721898134835; Thu, 25 Jul 2024 02:02:14 -0700 (PDT) Received: from localhost.localdomain (87-100-245-199.bb.dnainternet.fi. [87.100.245.199]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-52fd5c08d40sm152827e87.171.2024.07.25.02.02.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 Jul 2024 02:02:14 -0700 (PDT) From: Mikko Rapeli To: yocto-patches@lists.yoctoproject.org Cc: Mikko Rapeli Subject: [meta-security][PATCH 10/17] suricata: UNPACKDIR fix Date: Thu, 25 Jul 2024 12:01:24 +0300 Message-ID: <20240725090131.75860-10-mikko.rapeli@linaro.org> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240725090131.75860-1-mikko.rapeli@linaro.org> References: <20240725090131.75860-1-mikko.rapeli@linaro.org> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 25 Jul 2024 09:02:25 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/467 New poky uses UNPACKDIR instead of WORKDIR Signed-off-by: Mikko Rapeli --- recipes-ids/suricata/suricata_7.0.0.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/recipes-ids/suricata/suricata_7.0.0.bb b/recipes-ids/suricata/suricata_7.0.0.bb index 21d4306..d87cebd 100644 --- a/recipes-ids/suricata/suricata_7.0.0.bb +++ b/recipes-ids/suricata/suricata_7.0.0.bb @@ -91,7 +91,7 @@ do_install () { if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then install -d ${D}${sysconfdir}/tmpfiles.d - install -m 0644 ${WORKDIR}/tmpfiles.suricata ${D}${sysconfdir}/tmpfiles.d/suricata.conf + install -m 0644 ${UNPACKDIR}/tmpfiles.suricata ${D}${sysconfdir}/tmpfiles.d/suricata.conf install -d ${D}${systemd_unitdir}/system sed -e s:/etc:${sysconfdir}:g \ @@ -100,7 +100,7 @@ do_install () { -e s:/usr/bin:${bindir}:g \ -e s:/bin/kill:${base_bindir}/kill:g \ -e s:/usr/lib:${libdir}:g \ - ${WORKDIR}/suricata.service > ${D}${systemd_unitdir}/system/suricata.service + ${UNPACKDIR}/suricata.service > ${D}${systemd_unitdir}/system/suricata.service fi # Remove /var/run as it is created on startup From patchwork Thu Jul 25 09:01:25 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 46828 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id EB400C52CD8 for ; Thu, 25 Jul 2024 09:02:25 +0000 (UTC) Received: from mail-lf1-f45.google.com (mail-lf1-f45.google.com [209.85.167.45]) by mx.groups.io with SMTP id smtpd.web11.32096.1721898138027096632 for ; Thu, 25 Jul 2024 02:02:18 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@linaro.org header.s=google header.b=VLSKNPxI; spf=pass (domain: linaro.org, ip: 209.85.167.45, mailfrom: mikko.rapeli@linaro.org) Received: by mail-lf1-f45.google.com with SMTP id 2adb3069b0e04-52fc14d6689so639598e87.1 for ; Thu, 25 Jul 2024 02:02:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1721898136; x=1722502936; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=oOnCtC0t+oG4U7p1iWW2f2BP5AGl7r663DoDAIMANZo=; b=VLSKNPxI5IN8sUJWGG1RDBeMlR8A7wopAvjYbnv14ng0WH2IShm1bTtphKo54Qew5A TwffRx58ZN5xkuXNMlZrcsPrD7taj5FHcRZQP8Klvns5RplwRyE/QLlEVr8LQVSoICwV +9kmfo2+OSLYih++b+JpHhm4z39ipTxFao20uBoM4CiXBjZgVzhBnVc/eFyIWPnlt7s2 p4Amdw2pDIjo4vunH0GOvCyIRSkise0dN29t+3TXW5Dt0a+M6IrQ9QVhKBgqo/0AUr3X ye4RMWfaK4IRrfjrpXzsRLHlW8uFG09v6x3NhGKinygREQC3FWvX9pGhPr2zCqY2PCMY 25Fw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721898136; x=1722502936; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=oOnCtC0t+oG4U7p1iWW2f2BP5AGl7r663DoDAIMANZo=; b=e35lvnOi9+m8TX5ZjKXLtcCRt5VM/eD6iXRLH/DKbWu4PMmALl/9UPZ2ArzmExzBH8 6yhloRNp8DzQ7t9EvOpmuKflWypZvlwkWq6bUpWEaah5LlFruNL484WWDO8c+v8r3J1n 82qQLwYlkmDykRKhqEs/UnA0unc7MZRhyI7zRLik33Qndy36RMXGHRTTG82tpgziyzY+ P0f+ZMCwQoxA/JnWNj9K+/vn2oiSoTWf1ITIGOfuOM/Dg8M+BpUOuVC0Xxfq/X7gt0Ve GbAeKAcE8kv/gsyREYRd+LbJZEimnDZSXptlUOUzrAEeG9irzbv85wzOlQbcTI3gin1j ER2Q== X-Gm-Message-State: AOJu0YwM0CvFWhJGj1mde/fE0lhHJ9c0jCjKuY+GF2DSdaj38lReopdq IUUtS4cV8oww7XDMVBZZVZuoF2BN6mXdbRezCefRHbZ62DTIMAU0fYr2P6yix+GOCawpJFpXV1f w X-Google-Smtp-Source: AGHT+IEReZVcns8qOcvI+Mi329X66nXBbSHJfwRfQuQLCzv4lenFQdZljzxVSGJ0V9cV7aolAQOXuw== X-Received: by 2002:a05:6512:234b:b0:52c:dd3d:85af with SMTP id 2adb3069b0e04-52fd60351cdmr1031061e87.25.1721898136243; Thu, 25 Jul 2024 02:02:16 -0700 (PDT) Received: from localhost.localdomain (87-100-245-199.bb.dnainternet.fi. [87.100.245.199]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-52fd5c08d40sm152827e87.171.2024.07.25.02.02.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 Jul 2024 02:02:15 -0700 (PDT) From: Mikko Rapeli To: yocto-patches@lists.yoctoproject.org Cc: Mikko Rapeli Subject: [meta-security][PATCH 11/17] arpwatch: UNPACKDIR fixes Date: Thu, 25 Jul 2024 12:01:25 +0300 Message-ID: <20240725090131.75860-11-mikko.rapeli@linaro.org> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240725090131.75860-1-mikko.rapeli@linaro.org> References: <20240725090131.75860-1-mikko.rapeli@linaro.org> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 25 Jul 2024 09:02:25 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/468 New poky uses UNPACKDIR instead of WORKDIR Signed-off-by: Mikko Rapeli --- recipes-scanners/arpwatch/arpwatch_3.3.bb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/recipes-scanners/arpwatch/arpwatch_3.3.bb b/recipes-scanners/arpwatch/arpwatch_3.3.bb index e547938..cacfea7 100644 --- a/recipes-scanners/arpwatch/arpwatch_3.3.bb +++ b/recipes-scanners/arpwatch/arpwatch_3.3.bb @@ -60,9 +60,9 @@ do_install () { install -d ${D}/var/lib/arpwatch oe_runmake install DESTDIR=${D} - install -m 644 ${WORKDIR}/arpwatch.conf ${D}${sysconfdir} - install -m 655 ${WORKDIR}/arpwatch_init ${D}${sysconfdir}/init.d/arpwatch - install -m 644 ${WORKDIR}/arpwatch.default ${D}${sysconfdir}/default + install -m 644 ${UNPACKDIR}/arpwatch.conf ${D}${sysconfdir} + install -m 655 ${UNPACKDIR}/arpwatch_init ${D}${sysconfdir}/init.d/arpwatch + install -m 644 ${UNPACKDIR}/arpwatch.default ${D}${sysconfdir}/default } INITSCRIPT_NAME = "arpwatch" From patchwork Thu Jul 25 09:01:26 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 46831 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0526EC52CD9 for ; Thu, 25 Jul 2024 09:02:26 +0000 (UTC) Received: from mail-lf1-f43.google.com (mail-lf1-f43.google.com [209.85.167.43]) by mx.groups.io with SMTP id smtpd.web11.32097.1721898139591064731 for ; Thu, 25 Jul 2024 02:02:19 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@linaro.org header.s=google header.b=TabzY5tS; spf=pass (domain: linaro.org, ip: 209.85.167.43, mailfrom: mikko.rapeli@linaro.org) Received: by mail-lf1-f43.google.com with SMTP id 2adb3069b0e04-52efc89dbedso680288e87.3 for ; Thu, 25 Jul 2024 02:02:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1721898138; x=1722502938; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=nZHTQo/km/a/80u7HzdBBIQQ3ZfG5ZV8wQbgMYn50iQ=; b=TabzY5tSz7naPb5AuwRaXrwAIbPPwABeppxLLK19zJDA5kC1Cb6k618+xVwMUtwxJC YiPaAXbm9aTkrs+0L/yWZ/ueIRhHdMLq7XBN3laNkxL/M2B520Y4uvEWtXG2NprHUfR6 fD7XSYb7ZCFU5mGrnjrFZPdRrZx+2xIFWaxHEpaV63yfSUlM9+tHEam12DjlSf5h9h7m sGL6ibsLoXXH51yR+PVo/BBw4dLljyJ8v+92WrV8tAfPfGiCQ+oN+YgGZGnvqXJn0gss QNDL5zZ/1Ar/GJPylIOFLv5gzbvoX4MiyU3pYZRjaQvLDsaBjN68FewTsaqFpHzb9jFD 2KDg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721898138; x=1722502938; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=nZHTQo/km/a/80u7HzdBBIQQ3ZfG5ZV8wQbgMYn50iQ=; b=soIVXemVQqjrrlEMte6v404NfRYGW6oyPzuOEOp/unK28Yy8WEggc5wGHA2NrKUR7l 60SwNuCHt7ZDGrOIEAKPLyYuRPk0Og/FeoqLHXT2WTVxvus7bQwGmg9LdfkdRIW0BMKs rTyJcHdZ5jdA9RVV1P3GwrCDEC9yvmsBEnOFb1kzgVYoQvP5iuSdL2+zjhCecIqFBEW8 wl2plh2pzjjxXlaxn1Fok1bm1tZTQpxWStzIsb9Kkzf0Xlqi0mpEy1gExzi4wwZEQzlO jBHlgoCg8wh0nT6/cvGS4DQy2OUQIrR2vMVYU/9WHzzNYLQNUiBuYt7ooeIj2VU0VsC/ nefg== X-Gm-Message-State: AOJu0YygLtS+QMbsdKjOYTuSKPlFZUxR3F5MTg51V72xKr1lBTKoBO5I j5HONPIy+dEj4bTpiGaUNp2P7x25jQKF0oRiL2ZPu1gs4zlYn9HUJ6hqn7ISVtG7aZdrSUA7sm9 Z X-Google-Smtp-Source: AGHT+IGS6LX3IS/SvGgVqZAWVlesKKO2SdGhTyS+KRFKfi9CVq4Xejq81WdcnJ0iYEZm3roj4eZttQ== X-Received: by 2002:ac2:4c4b:0:b0:52c:c5c4:43d4 with SMTP id 2adb3069b0e04-52fd60fafcbmr1046478e87.53.1721898137848; Thu, 25 Jul 2024 02:02:17 -0700 (PDT) Received: from localhost.localdomain (87-100-245-199.bb.dnainternet.fi. [87.100.245.199]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-52fd5c08d40sm152827e87.171.2024.07.25.02.02.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 Jul 2024 02:02:17 -0700 (PDT) From: Mikko Rapeli To: yocto-patches@lists.yoctoproject.org Cc: Mikko Rapeli Subject: [meta-security][PATCH 12/17] clamav: UNPACKDIR fixes Date: Thu, 25 Jul 2024 12:01:26 +0300 Message-ID: <20240725090131.75860-12-mikko.rapeli@linaro.org> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240725090131.75860-1-mikko.rapeli@linaro.org> References: <20240725090131.75860-1-mikko.rapeli@linaro.org> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 25 Jul 2024 09:02:26 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/469 New poky uses UNPACKDIR instead of WORKDIR Signed-off-by: Mikko Rapeli --- recipes-scanners/clamav/clamav_0.104.4.bb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/recipes-scanners/clamav/clamav_0.104.4.bb b/recipes-scanners/clamav/clamav_0.104.4.bb index 102f267..ad9e124 100644 --- a/recipes-scanners/clamav/clamav_0.104.4.bb +++ b/recipes-scanners/clamav/clamav_0.104.4.bb @@ -58,9 +58,9 @@ do_install:append () { install -d -o ${PN} -g ${CLAMAV_GID} ${D}/${localstatedir}/lib/clamav install -d ${D}${sysconfdir}/clamav ${D}${sysconfdir}/default/volatiles - install -m 644 ${WORKDIR}/clamd.conf ${D}/${prefix}/${sysconfdir} - install -m 644 ${WORKDIR}/freshclam.conf ${D}/${prefix}/${sysconfdir} - install -m 0644 ${WORKDIR}/volatiles.03_clamav ${D}${sysconfdir}/default/volatiles/03_clamav + install -m 644 ${UNPACKDIR}/clamd.conf ${D}/${prefix}/${sysconfdir} + install -m 644 ${UNPACKDIR}/freshclam.conf ${D}/${prefix}/${sysconfdir} + install -m 0644 ${UNPACKDIR}/volatiles.03_clamav ${D}${sysconfdir}/default/volatiles/03_clamav sed -i -e 's#${STAGING_DIR_HOST}##g' ${D}${libdir}/pkgconfig/libclamav.pc rm ${D}/${libdir}/libclamav.so if [ "${INSTALL_CLAMAV_CVD}" = "1" ]; then @@ -71,7 +71,7 @@ do_install:append () { if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)};then install -d ${D}${sysconfdir}/tmpfiles.d - install -m 0644 ${WORKDIR}/tmpfiles.clamav ${D}${sysconfdir}/tmpfiles.d/clamav.conf + install -m 0644 ${UNPACKDIR}/tmpfiles.clamav ${D}${sysconfdir}/tmpfiles.d/clamav.conf fi oe_multilib_header clamav-types.h } From patchwork Thu Jul 25 09:01:27 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 46829 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id EB37EC49EA1 for ; Thu, 25 Jul 2024 09:02:25 +0000 (UTC) Received: from mail-lf1-f44.google.com (mail-lf1-f44.google.com [209.85.167.44]) by mx.groups.io with SMTP id smtpd.web10.32015.1721898141140841327 for ; Thu, 25 Jul 2024 02:02:21 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@linaro.org header.s=google header.b=sQ1MCtym; spf=pass (domain: linaro.org, ip: 209.85.167.44, mailfrom: mikko.rapeli@linaro.org) Received: by mail-lf1-f44.google.com with SMTP id 2adb3069b0e04-52efc60a6e6so871811e87.1 for ; Thu, 25 Jul 2024 02:02:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1721898139; x=1722502939; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=6cTPdgN6vFLZzUYmiV9ID/u60yG1ZIuiu0Nv4bXwPCk=; b=sQ1MCtym9zkk/zV13/0jb3qQZ6iZ2EideIDJN6/T6CLzxUoJO7/N8Sk1wjg4ut0WU6 +N/oxXQtiD8jk7uNDzjp88Tp7gexTHjXzu/ixdDd1zLgXe+Eev0/LyhIO8mUpBjN5ES4 aeobMetpI4nMrp3+6F8SZqx65LnUgs4toxg6TQOIWMhBGMcP2V/KKPplhXevD91xlcNF 4FEy1JJDsdEJJlt4qZfZkqPRFSNkDPZCkKMg2GxI7AfTQMDfOBh1VmjBmXzQImhvdjR0 iethhCJ8VgELGzBcKEc2W+0vdbR2cGJjgsMqGMP3LmZ61LDOheR8eTagPy/N0XTlJQgr z2YA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721898139; x=1722502939; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6cTPdgN6vFLZzUYmiV9ID/u60yG1ZIuiu0Nv4bXwPCk=; b=NhDPQyXMDim0l2FKlq90IOQZvjNstIPNZrruCpF5OqTLVbIECbYQ+4tarTpnODF4s3 v6KOyqr8+Iz9nlc/rhGSauF3Ne/16K/MFPUIsICmmgTSB1YYk1lFJs+iehpZv7jpA8s1 1cgYAHcLBBHQYDpyi/n0pqfSN/VRSHRP4D/d1zHwr0XsPJ95NHv7qNFxujZXKlcWdSbC 9L7KCyKrwcXs1cLN/zb+7O0i82ACWYs1UOqJySTUqWlWkLtYrpQXGhT1e6Im1hyygZMa WUFrNyT2F1C6krMH9gkcZckT+KEUzdDGZsXLnqAcNTd3Q0AHZUU6zO3kyycPJ3u3QMdX nPcQ== X-Gm-Message-State: AOJu0YxEgL2C0oArhB/xJRamPRGZ5CxWuNDDpSU8bjaGiybYnNUzJrVb I+59E+rLm1jCT5uSMPK076AVyA171vmYVIsi7RrWYI8VavcO5j3/wtjNp39QYsJ6VrMoH8Dxx9h H X-Google-Smtp-Source: AGHT+IEi3Nr5y71YNUn1GE/vcZaYEAFQ+yypMOgEnNS8wDQR6Dqp+gSJFH5zJbCb8SoNMXIl8Gszvg== X-Received: by 2002:a19:7403:0:b0:52e:f77b:bb58 with SMTP id 2adb3069b0e04-52fd6043befmr740469e87.36.1721898139405; Thu, 25 Jul 2024 02:02:19 -0700 (PDT) Received: from localhost.localdomain (87-100-245-199.bb.dnainternet.fi. [87.100.245.199]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-52fd5c08d40sm152827e87.171.2024.07.25.02.02.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 Jul 2024 02:02:18 -0700 (PDT) From: Mikko Rapeli To: yocto-patches@lists.yoctoproject.org Cc: Mikko Rapeli Subject: [meta-security][PATCH 13/17] arpwatch: disable compiler errors Date: Thu, 25 Jul 2024 12:01:27 +0300 Message-ID: <20240725090131.75860-13-mikko.rapeli@linaro.org> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240725090131.75860-1-mikko.rapeli@linaro.org> References: <20240725090131.75860-1-mikko.rapeli@linaro.org> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 25 Jul 2024 09:02:25 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/470 Old code throws new warnings and fails to compile. Work around the issues. Signed-off-by: Mikko Rapeli --- recipes-scanners/arpwatch/arpwatch_3.3.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/recipes-scanners/arpwatch/arpwatch_3.3.bb b/recipes-scanners/arpwatch/arpwatch_3.3.bb index cacfea7..a3f42f8 100644 --- a/recipes-scanners/arpwatch/arpwatch_3.3.bb +++ b/recipes-scanners/arpwatch/arpwatch_3.3.bb @@ -45,6 +45,8 @@ CONFIGUREOPTS = " --build=${BUILD_SYS} \ --with-sendmail=${sbindir}/sendmail \ " +CFLAGS += "-Wno-error=implicit-int -Wno-error=implicit-function-declaration -Wno-error=unused-result" + do_configure () { ${S}/configure ${CONFIGUREOPTS} } From patchwork Thu Jul 25 09:01:28 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 46830 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id DF121C3DA7E for ; Thu, 25 Jul 2024 09:02:25 +0000 (UTC) Received: from mail-lf1-f43.google.com (mail-lf1-f43.google.com [209.85.167.43]) by mx.groups.io with SMTP id smtpd.web10.32016.1721898142646548470 for ; Thu, 25 Jul 2024 02:02:23 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@linaro.org header.s=google header.b=ih3rI8DZ; spf=pass (domain: linaro.org, ip: 209.85.167.43, mailfrom: mikko.rapeli@linaro.org) Received: by mail-lf1-f43.google.com with SMTP id 2adb3069b0e04-52efd530a4eso860680e87.0 for ; Thu, 25 Jul 2024 02:02:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1721898141; x=1722502941; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=oVpxc1Na7ceBr+tLL98oBdSCpXM6/E0sOjfSBevQjek=; b=ih3rI8DZ6i4MNpj8R2t9QmGKbjo3tf8v9TrGmjBQjfVUFzbEq9taKOn30QX9Xmqaoq sunsboEc52x/yGMNtPJRhym95XQepSxnwSXOIECrnO5wuT4L9EGsrxuxvnD7KBtK+oSm IXhxpY+Q6qfbaON87BQRXCh6Q/b/x4AlbTjAlaW5SEcb1LLlliURKYYZsZ55/a5Sb68z Lunjkr166b2t+Oy/pVGgjtQ4qlzRMDSoEJWODloFQ8LFro7giIYBSq7RDZXe/7UHdyGF WBo81TH2BGxqDc6FMOGqlJntQUozOkxgiUKi0SMBakXtlGw2U+UhZ1kLJcnSRJsk9EQ1 wSqQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721898141; x=1722502941; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=oVpxc1Na7ceBr+tLL98oBdSCpXM6/E0sOjfSBevQjek=; b=V4mPcoMmzDWaGrhIK62FyHKlLZaJuWgVo2CrUakrc/bNcOMiDbb4P6F8rw3lqi7aqg 3LjNgNJ/Nl6Om5gPCpung9qu2aI5UqkPgj7U3h4/3PrD8jBZWWvx4ntchu868JPUS1qk cbz9V1gY0YsHII6WYQY6PovcnLXkL/9zgqP9IHmJACUbp2jOeDpyO6rJVybLDkEc+9FY Kwc6+RA5Fd3GaFORcBORocJkj6rqUwptRuWkpJF7BOK6v+nbi+18UJ7uDOaxCGsB7+/P +zT2mnc6Uit2an4MkysiIV+pxp0ZhUxMypUG8K7QIWK56SNIvbkXOD1OB3dgEc+vFqmn 9UmA== X-Gm-Message-State: AOJu0Yxe+e4UFENzZMDzwaqYgHO1fEDbNqwoh1exz7DJeZFPEIg+wjoO xLDqJtlYzYUa+VYIOF5b6/g1KyOhYI3H7SNv2kzkQL+SkPQIyqEneZ8WOZoBynuJC7CwZ5FbUPt q X-Google-Smtp-Source: AGHT+IG8phJ6oiNtMRxQy9D8OWwe7DoVqcOFXEfxkGWEGHA267IytA3m/P2yhjbkhmwB8+s3xfZyZQ== X-Received: by 2002:ac2:4c4b:0:b0:52c:c5c4:43d4 with SMTP id 2adb3069b0e04-52fd60fafcbmr1046607e87.53.1721898140899; Thu, 25 Jul 2024 02:02:20 -0700 (PDT) Received: from localhost.localdomain (87-100-245-199.bb.dnainternet.fi. [87.100.245.199]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-52fd5c08d40sm152827e87.171.2024.07.25.02.02.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 Jul 2024 02:02:20 -0700 (PDT) From: Mikko Rapeli To: yocto-patches@lists.yoctoproject.org Cc: Mikko Rapeli Subject: [meta-security][PATCH 14/17] ima-policy-hashed: set S Date: Thu, 25 Jul 2024 12:01:28 +0300 Message-ID: <20240725090131.75860-14-mikko.rapeli@linaro.org> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240725090131.75860-1-mikko.rapeli@linaro.org> References: <20240725090131.75860-1-mikko.rapeli@linaro.org> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 25 Jul 2024 09:02:25 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/471 Build with latest poky fails without Signed-off-by: Mikko Rapeli --- .../recipes-security/ima_policy_hashed/ima-policy-hashed_1.0.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-integrity/recipes-security/ima_policy_hashed/ima-policy-hashed_1.0.bb b/meta-integrity/recipes-security/ima_policy_hashed/ima-policy-hashed_1.0.bb index 8c670e8..3de7497 100644 --- a/meta-integrity/recipes-security/ima_policy_hashed/ima-policy-hashed_1.0.bb +++ b/meta-integrity/recipes-security/ima_policy_hashed/ima-policy-hashed_1.0.bb @@ -6,6 +6,8 @@ SRC_URI = " \ file://ima_policy_hashed \ " +S = "${WORKDIR}/${BP}" + inherit features_check REQUIRED_DISTRO_FEATURES = "ima" From patchwork Thu Jul 25 09:01:29 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 46826 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id CFF80C3DA49 for ; Thu, 25 Jul 2024 09:02:25 +0000 (UTC) Received: from mail-lf1-f49.google.com (mail-lf1-f49.google.com [209.85.167.49]) by mx.groups.io with SMTP id smtpd.web10.32017.1721898144382414139 for ; Thu, 25 Jul 2024 02:02:24 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@linaro.org header.s=google header.b=zgjtQz1x; spf=pass (domain: linaro.org, ip: 209.85.167.49, mailfrom: mikko.rapeli@linaro.org) Received: by mail-lf1-f49.google.com with SMTP id 2adb3069b0e04-52f01993090so795624e87.2 for ; Thu, 25 Jul 2024 02:02:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1721898142; x=1722502942; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=88jb28MCxaRhKAwLTwqTSQ3Rf2/thPPgPMnWav/kKuo=; b=zgjtQz1xF4eEBsV+5UhJW0rrv4UNcVMaDYjWO92INdUH2jO1aifdU8unuBwFf+jKWN ZVZqfvQja6P+XO1eu/QTH9l2nvsaM8rf4Y9V/zMxG98/w02ToL9gt2bPkvnkm7iiofUc VGXFCweDbDl76Dmk0Eq3E9ABRCNqfVXTOlVPkNQdsXWCJrBPd2DnduBzGZ5mYzVj+ZBt usD0k0/7kWyhjiYCprFjHZEN5Tvsn7cbdgjJSeJZqkmoru39NM657rPMgMnjJmersydl peftJWoP3eExxesZadhHHLH9W5zebTm8FTjcnDTCe2UDumknRJhqtzD6TiPgPp/zZtUP K0Uw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721898142; x=1722502942; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=88jb28MCxaRhKAwLTwqTSQ3Rf2/thPPgPMnWav/kKuo=; b=K+rBxBgQnAmUva43BSqdfHL/h0mvUPRFSOQW7qebcbKllHjmVm1wS/LLhCAgHoBdZK djfHHlVBI8fXrXF1++X+WdZgYgIufQiZKZoL4txS9BxNpqqmcSrPvov7Cw3fDuIdrSA+ c37t9lVzA70ZZms7jWh767w9AVGTfR53xJHxo3+xVp7iXkSvoMrAjR1bzgBeeolv+06X zg/71D02aDVUh0IcxuBLP4neWd6U8JhbzzTsK+Zf5yWLv4wzl04Dc5KkC+Y4dMHp2F2+ s3XCHnhCHTTQWvOHq/Dz6IGcRYr6VNJu3gNhd2I1D6wy2dYMgKj3lgJ/Q3sjE5zr6K17 40eg== X-Gm-Message-State: AOJu0Yxju5dHlvL1wFQF2cAMcTC4TkYDIPHm5XIQe6V9WeCZdiPSQIpB HggOEoLhL+IDwaQEzwRI4f4bByVnEiQLmyR/T6ul6Rv0vj9eejLF1TKQ6d2/8Ov0XLPKVMDUfAO Y X-Google-Smtp-Source: AGHT+IHS9oTeEyee8SNbah6CunPTN+1xqEJbsEI2hKd3tbvoE9u3yuXI4yINcf+qViuualyGbwU1HQ== X-Received: by 2002:ac2:51cc:0:b0:52e:9d60:7b4c with SMTP id 2adb3069b0e04-52fd60a1de9mr1009496e87.61.1721898142483; Thu, 25 Jul 2024 02:02:22 -0700 (PDT) Received: from localhost.localdomain (87-100-245-199.bb.dnainternet.fi. [87.100.245.199]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-52fd5c08d40sm152827e87.171.2024.07.25.02.02.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 Jul 2024 02:02:21 -0700 (PDT) From: Mikko Rapeli To: yocto-patches@lists.yoctoproject.org Cc: Mikko Rapeli Subject: [meta-security][PATCH 15/17] ima-policy-appraise-all: set S Date: Thu, 25 Jul 2024 12:01:29 +0300 Message-ID: <20240725090131.75860-15-mikko.rapeli@linaro.org> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240725090131.75860-1-mikko.rapeli@linaro.org> References: <20240725090131.75860-1-mikko.rapeli@linaro.org> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 25 Jul 2024 09:02:25 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/472 Build with latest poky requires it Signed-off-by: Mikko Rapeli --- .../ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb b/meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb index 88b3698..121e9ff 100644 --- a/meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb +++ b/meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb @@ -4,6 +4,8 @@ LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384 SRC_URI = " file://ima_policy_appraise_all" +S = "${WORKDIR}/${BP}" + inherit features_check REQUIRED_DISTRO_FEATURES = "ima" From patchwork Thu Jul 25 09:01:30 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 46832 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0243AC3DA49 for ; Thu, 25 Jul 2024 09:02:36 +0000 (UTC) Received: from mail-lf1-f46.google.com (mail-lf1-f46.google.com [209.85.167.46]) by mx.groups.io with SMTP id smtpd.web11.32099.1721898145800412586 for ; Thu, 25 Jul 2024 02:02:26 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@linaro.org header.s=google header.b=tW2FtppP; spf=pass (domain: linaro.org, ip: 209.85.167.46, mailfrom: mikko.rapeli@linaro.org) Received: by mail-lf1-f46.google.com with SMTP id 2adb3069b0e04-52fc14d6689so639736e87.1 for ; Thu, 25 Jul 2024 02:02:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1721898144; x=1722502944; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=eHqixL2xpqeYqiA4vj3qEHMj/p5fVBNm7e3jPrpUjWA=; b=tW2FtppPFAjlv9DfC7aUV+K5ESNp3OhzJkpZ1hTRTj5bXoSFdgErhfyyMmYNUEGBGl gajkkFMNux3yWteMw7mbTCPduqhtSB0E7qPEoU6JsyCSagqxfdw64w0Ho/x5UyktnEPI hAJFtsvzuLTBuC62qIhMsp5iOhEIFhBhNDuRnjFO2Jx7b0sxkoirKIH6hTkviwedMqlK dsCavAltFoT0JysvBnasOk1jbcNLu1JnDB7CO0pxfAg+0XuaLoC55byE3gpGALRMx7iG J//If6oJ5g2RIplA26qfhkh2S6B7wXSj11PAkpma5yisLO/TgbRkmofOMJobvXrcW4Dz F41Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721898144; x=1722502944; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=eHqixL2xpqeYqiA4vj3qEHMj/p5fVBNm7e3jPrpUjWA=; b=Y3MMhIKIq32SRmpRWDSbgzzkcLmKj4p0rt7NsJmCltDhf9//f7RjVbapDYzYqFhfuv jNDfEdZQMglVVpUL5hLxT0UGnr3ln7UELQNy7E+o6wZZTJ6yrINfVv6Gf20uMhtixXa/ zhQhEeeBa8kvSK9/mAHreD88g/dmc2FY+EYXQSEZZT+thbSN6r3mk0zYPZeCfNuhXuIk 5CdXCk1HoPKGFOkfbnXDAyM0dMr/cszDGv5bKZToje2lX9aa+SIFHt2hibWQO61mxdVo PFgtG1t+Q7X7n4S4SYDsEQeD5Lf1fP4WOqkcmCK3kPx+9b5x2tUtl7j7jX1SPnnNtKOv enLA== X-Gm-Message-State: AOJu0Yyx4fKV3xdJP8Dnrz0qelr+lpoUDDpmMeXddCAKdf1O6fjyrS9X E7RzextUeGxTt6O9UdSWNOUoZb8a8qwRviRiH9gm0m6xVTTWpvj/3Qwzm1epgJ42P9AUtmkUuxr f X-Google-Smtp-Source: AGHT+IFbYd7P16mPBLtIK2Dj4w+a5qEJ9J8Vhmk2J2Mzxj7r2HSl0yBZhsg1qIEmnPlkARGwWn3W/g== X-Received: by 2002:a05:6512:3f02:b0:52c:d9b3:2b06 with SMTP id 2adb3069b0e04-52fd6098ce2mr917856e87.58.1721898144058; Thu, 25 Jul 2024 02:02:24 -0700 (PDT) Received: from localhost.localdomain (87-100-245-199.bb.dnainternet.fi. [87.100.245.199]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-52fd5c08d40sm152827e87.171.2024.07.25.02.02.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 Jul 2024 02:02:23 -0700 (PDT) From: Mikko Rapeli To: yocto-patches@lists.yoctoproject.org Cc: Mikko Rapeli Subject: [meta-security][PATCH 16/17] ima-policy-simple: set S Date: Thu, 25 Jul 2024 12:01:30 +0300 Message-ID: <20240725090131.75860-16-mikko.rapeli@linaro.org> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240725090131.75860-1-mikko.rapeli@linaro.org> References: <20240725090131.75860-1-mikko.rapeli@linaro.org> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 25 Jul 2024 09:02:36 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/473 Build with latest poky fails without it Signed-off-by: Mikko Rapeli --- .../recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb b/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb index 69aec47..8b30858 100644 --- a/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb +++ b/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb @@ -4,6 +4,8 @@ LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384 SRC_URI = " file://ima_policy_simple" +S = "${WORKDIR}/${BP}" + inherit features_check REQUIRED_DISTRO_FEATURES = "ima" From patchwork Thu Jul 25 09:01:31 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 46833 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 07A88C3DA5D for ; Thu, 25 Jul 2024 09:02:36 +0000 (UTC) Received: from mail-lf1-f54.google.com (mail-lf1-f54.google.com [209.85.167.54]) by mx.groups.io with SMTP id smtpd.web11.32100.1721898147235610195 for ; Thu, 25 Jul 2024 02:02:27 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@linaro.org header.s=google header.b=w5pf8tXu; spf=pass (domain: linaro.org, ip: 209.85.167.54, mailfrom: mikko.rapeli@linaro.org) Received: by mail-lf1-f54.google.com with SMTP id 2adb3069b0e04-52efbb55d24so927512e87.1 for ; Thu, 25 Jul 2024 02:02:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1721898145; x=1722502945; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Nzr9Qna32F7ErKbsME+2VHMIaB+4JetoXDnifOC5WdM=; b=w5pf8tXuTL9sbHIdpQ7+B+FUaoZGPHYKn4wKRbA2juZgxvqifg9gZ+kwEWbwXi5ETb X/ICRPmbSsz1BcN6PZfFXTlc2qFHB99RpKV25G5/TKJmPJnue4hJgeIjhr/oeKCMW3cw ldRFXDGEjcvasVUP9Kw49PiW/BcDnHij5BKqJ4aAF+v/51FT7Xt4v1WfEtSYrg+Feglr fbgSgAdzDLy2jJaCES4NIrHvPAqYoqb7JyXLU0+uaMMqlu0YClrbdfHu84iTEjgqG+gr EB+rWoDCLcZu3NJe0HL759L2NmU0xoWLk/nrjDpEXDhSqyOclKihmkkVqZBxcOx5slNH kOhw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721898145; x=1722502945; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Nzr9Qna32F7ErKbsME+2VHMIaB+4JetoXDnifOC5WdM=; b=GFaSMRtSelVxxWz4FM7Ddd/KqB3FMEC0dkxBgHYrR3Vm6L8svvFoJSLkN0E5E3lz4U NOxdk0EmMegf731W54K/YaE6Uevx+ByeUrMi03GvAr9EbwBKpjiAmMMm1hzgNEwKJN05 6fk4GiH5W/dV/LZDQHlEs57Dh6xOiS2SyvUl3Fw7ucIegLKtyAFmq9Tr1e0aYcP0vdkT zg6J/l3F4XxC3ku/ThH9ymh4LSKk1qrv1oxpQ5nvQ2jwkt+XPfXivZmXU/+fx8ojjfT2 gRSC+1NbpGsZIR85rT/GLSRGT7drb90/RBZoOn5zlS4uEMwY9fO3CR21JQaDQCzn9/gt XEzg== X-Gm-Message-State: AOJu0YyXgFGx5lJ/b6F0Hy57BdtR/SJStykZjS1A+R42qu1nOO9xr6sj qfvAnSsQPRZ98YWOGU15sanj7yKER9aOS4d4ZQ2NBgGUHazeoGnxpzaMl7SnNmzN1ljlNaibe5a H X-Google-Smtp-Source: AGHT+IF/AEcSaPlqAdDQpe3yXRC8CtZXk8pTEpvgpXX5GEhWwGn2NjH2EfcUZbPGrsNKuJ8NMVnmeQ== X-Received: by 2002:ac2:4bc8:0:b0:52c:d76f:4604 with SMTP id 2adb3069b0e04-52fd608390amr1296378e87.46.1721898145462; Thu, 25 Jul 2024 02:02:25 -0700 (PDT) Received: from localhost.localdomain (87-100-245-199.bb.dnainternet.fi. [87.100.245.199]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-52fd5c08d40sm152827e87.171.2024.07.25.02.02.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 Jul 2024 02:02:24 -0700 (PDT) From: Mikko Rapeli To: yocto-patches@lists.yoctoproject.org Cc: Mikko Rapeli Subject: [meta-security][PATCH 17/17] suricata: remove build paths Date: Thu, 25 Jul 2024 12:01:31 +0300 Message-ID: <20240725090131.75860-17-mikko.rapeli@linaro.org> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240725090131.75860-1-mikko.rapeli@linaro.org> References: <20240725090131.75860-1-mikko.rapeli@linaro.org> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 25 Jul 2024 09:02:36 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/474 Remove build time tool paths from build info which gets embedded into binaries. Signed-off-by: Mikko Rapeli --- ...uricata-remove-paths-from-build-info.patch | 56 +++++++++++++++++++ recipes-ids/suricata/suricata_7.0.0.bb | 1 + 2 files changed, 57 insertions(+) create mode 100644 recipes-ids/suricata/files/0001-suricata-remove-paths-from-build-info.patch diff --git a/recipes-ids/suricata/files/0001-suricata-remove-paths-from-build-info.patch b/recipes-ids/suricata/files/0001-suricata-remove-paths-from-build-info.patch new file mode 100644 index 0000000..ebd1433 --- /dev/null +++ b/recipes-ids/suricata/files/0001-suricata-remove-paths-from-build-info.patch @@ -0,0 +1,56 @@ +From 3d11a6a8c764e4af2f24cc4cf56b4943a3aa212a Mon Sep 17 00:00:00 2001 +From: Mikko Rapeli +Date: Thu, 25 Jul 2024 08:31:21 +0000 +Subject: [PATCH] suricata: remove paths from build info + +Remove paths etc from build info to fix build reproduction +issues. + +Signed-off-by: Mikko Rapeli +--- + configure.ac | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +Upstream-Status: Inappropriate [configuration] + +diff --git a/configure.ac b/configure.ac +index 5258f3d..9712c9b 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -2632,13 +2632,13 @@ SURICATA_BUILD_CONF="Suricata Configuration: + + Rust support: ${enable_rust} + Rust strict mode: ${enable_rust_strict} +- Rust compiler path: ${RUSTC} ++ Rust compiler path: + Rust compiler version: ${rust_compiler_version} +- Cargo path: ${CARGO} ++ Cargo path: + Cargo version: ${cargo_version_output} + + Python support: ${enable_python} +- Python path: ${python_path} ++ Python path: + Install suricatactl: ${install_suricatactl} + Install suricatasc: ${install_suricatactl} + Install suricata-update: ${install_suricata_update}${install_suricata_update_reason} +@@ -2667,13 +2667,13 @@ Generic build parameters: + --localstatedir ${CONFIGURE_LOCALSTATEDIR} + --datarootdir ${CONFIGURE_DATAROOTDIR} + +- Host: ${host} +- Compiler: ${CC} (exec name) / ${compiler} (real) ++ Host: ++ Compiler: + GCC Protect enabled: ${enable_gccprotect} + GCC march native enabled: ${enable_gccmarch_native} + GCC Profile enabled: ${enable_gccprofile} + Position Independent Executable enabled: ${enable_pie} +- CFLAGS ${CFLAGS} ++ CFLAGS + PCAP_CFLAGS ${PCAP_CFLAGS} + SECCFLAGS ${SECCFLAGS}" + +-- +2.34.1 + diff --git a/recipes-ids/suricata/suricata_7.0.0.bb b/recipes-ids/suricata/suricata_7.0.0.bb index d87cebd..35ac8c0 100644 --- a/recipes-ids/suricata/suricata_7.0.0.bb +++ b/recipes-ids/suricata/suricata_7.0.0.bb @@ -10,6 +10,7 @@ SRC_URI[sha256sum] = "7bcd1313118366451465dc3f8385a3f6aadd084ffe44dd257dda810586 DEPENDS = "lz4 libhtp" SRC_URI += " \ + file://0001-suricata-remove-paths-from-build-info.patch \ file://volatiles.03_suricata \ file://tmpfiles.suricata \ file://suricata.yaml \