From patchwork Fri Dec 20 08:56:59 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Mikko Rapeli <mikko.rapeli@linaro.org>
X-Patchwork-Id: 54431
Return-Path: <mikko.rapeli@linaro.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 80DEBE77188
	for <webhook@archiver.kernel.org>; Fri, 20 Dec 2024 08:57:40 +0000 (UTC)
Received: from mail-lf1-f49.google.com (mail-lf1-f49.google.com
 [209.85.167.49])
 by mx.groups.io with SMTP id smtpd.web10.148472.1734685052216370786
 for <openembedded-core@lists.openembedded.org>;
 Fri, 20 Dec 2024 00:57:32 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@linaro.org header.s=google header.b=ZI3NWKML;
 spf=pass (domain: linaro.org, ip: 209.85.167.49,
 mailfrom: mikko.rapeli@linaro.org)
Received: by mail-lf1-f49.google.com with SMTP id
 2adb3069b0e04-54024aa9febso1776247e87.1
        for <openembedded-core@lists.openembedded.org>;
 Fri, 20 Dec 2024 00:57:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linaro.org; s=google; t=1734685050; x=1735289850;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:from:to:cc:subject:date:message-id:reply-to;
        bh=jjey3dQZqIgZv111LfLZ7I2Rf1SvseQm3+rkGxnAboM=;
        b=ZI3NWKML9HpSITuQAjgG8UvdLQtVVjtiEVbMOP1i8aI4D/1Kquc8/z9DsJbrYkhT0o
         PS2kHFhb+C1WkrRasGX3IXlXR91A43MVuAKC2r4E0LZ4Gq9DiK3192xs+md+wMFQC0TR
         6Dk9f8INNyZFjdw/llsxw9IeHhAH2LJpZRwfJnw0xaeypcDWHHId0wpOuMtpCWjcSozp
         e8Z/+UTQA2/7cYk6/GWFeUnJ+W293uBpCYLRcae/N5pG3OuNWHNhZDZ8WpHqb1QmICsd
         L90uOPVT4SUybPNb9wkOddD5UtXvdlLUoa0e/1njkxEvX6wBpMnIJqtgPn1fB3yvcfY2
         LzvA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1734685050; x=1735289850;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=jjey3dQZqIgZv111LfLZ7I2Rf1SvseQm3+rkGxnAboM=;
        b=Jmca/ftkhCD1zqQYiKWyyJASWP5ONu9/R6PAVwUYJxO3bvvLvi/9mcI59ATuW/vp1E
         EACQKyq+TP2R6UhPoztWj8V81GDdgLhnjgWECNhu7ZeSi0m0g6gELRnKqqOQfdobiW9P
         SQcuak7AXIqDOKrHlrbBl1wy5QFxhuU0BU1ZVZHLyuzC/5D2Y8GLbp5fh/iYHKUcj5ZL
         xJzUL39Iys06mqA09xdg8/3BBNbU1SXB8ZON7zRwlS+9BvyQZ+/oWmYDhLMdR+xYEK0c
         426QovHyolfnfZnLORWJR1/w6UcgpYAaIXDst8qnk5A6KuQ8G0rjvum1BsPnrts7fTT8
         trSw==
X-Gm-Message-State: AOJu0Yyn9C3kdwEGDkGescJZq8WGAkcJ+JiqTbuhzbIFhVp+ixDxb2PS
	iejmGY+7mp+IkWN25oKUbZYPPaVILYq9XJ/NFNXGCGSdqsTlzuOR4I2oGf6bVgS6pC/C57lZCnB
	q8BU=
X-Gm-Gg: ASbGncs6I+jTr454CQgINmF0Zy21fYglP2nQNBsCtof1IJyry/6sQbOJETllbDLdv0x
	qpKLGHB+foX4AiKk1oRrcTlya9fGAkMtVjif0sQa3q3AzQAdUz2S4k51ZWyukfZhkwFXYuiVer8
	L0YCRL04A5TTmoMJRDj8FUNES4QcTglqt5e6KNkxcq9DMrVESKnXLhyYNNBMd1JMiwRUgsbjsu4
	7WpPyQ2ZgA08v3iYqu7/R+nYIAJzucnHvflaF2GLhmKK8NBfFK0uyq7hd/dKDpFjt7TLgAlRUGI
	xvd+GjcF8qA1a4880r6VouSEGQ==
X-Google-Smtp-Source: 
 AGHT+IGHpmZBIb3UZQajmeEKABMpoHoFm6PSW05dgYil+G4xJaMvrljivcQUHf6yBWMEZL8VcydlYg==
X-Received: by 2002:a05:6512:1114:b0:540:2567:469b with SMTP id
 2adb3069b0e04-54229533e5amr644394e87.16.1734685050250;
        Fri, 20 Dec 2024 00:57:30 -0800 (PST)
Received: from localhost.localdomain (78-27-76-97.bb.dnainternet.fi.
 [78.27.76.97])
        by smtp.gmail.com with ESMTPSA id
 2adb3069b0e04-54228744c06sm218186e87.219.2024.12.20.00.57.26
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 20 Dec 2024 00:57:28 -0800 (PST)
From: Mikko Rapeli <mikko.rapeli@linaro.org>
To: openembedded-core@lists.openembedded.org
Cc: Mikko Rapeli <mikko.rapeli@linaro.org>
Subject: [PATCH 1/2] systemd: add apparmor PACKAGECONFIG support
Date: Fri, 20 Dec 2024 10:56:59 +0200
Message-ID: <20241220085700.228006-1-mikko.rapeli@linaro.org>
X-Mailer: git-send-email 2.45.2
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 20 Dec 2024 08:57:40 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/208969

For meta-security to enable with "apparmor" in DISTRO_FEATURES.

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
---
 meta/recipes-core/systemd/systemd_256.9.bb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-core/systemd/systemd_256.9.bb b/meta/recipes-core/systemd/systemd_256.9.bb
index a9224915c6..c047964953 100644
--- a/meta/recipes-core/systemd/systemd_256.9.bb
+++ b/meta/recipes-core/systemd/systemd_256.9.bb
@@ -69,7 +69,7 @@ PAM_PLUGINS = " \
 "
 
 PACKAGECONFIG ??= " \
-    ${@bb.utils.filter('DISTRO_FEATURES', 'acl audit efi ldconfig pam pni-names selinux smack polkit seccomp', d)} \
+    ${@bb.utils.filter('DISTRO_FEATURES', 'acl audit apparmor efi ldconfig pam pni-names selinux smack polkit seccomp', d)} \
     ${@bb.utils.contains('DISTRO_FEATURES', 'minidebuginfo', 'coredump elfutils', '', d)} \
     ${@bb.utils.contains('DISTRO_FEATURES', 'wifi', 'rfkill', '', d)} \
     ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'xkbcommon', '', d)} \
@@ -132,6 +132,7 @@ PACKAGECONFIG[serial-getty-generator] = ""
 
 PACKAGECONFIG[acl] = "-Dacl=enabled,-Dacl=disabled,acl"
 PACKAGECONFIG[audit] = "-Daudit=enabled,-Daudit=disabled,audit"
+PACKAGECONFIG[apparmor] = "-Dapparmor=enabled,-Dapparmor=disabled,apparmor"
 PACKAGECONFIG[backlight] = "-Dbacklight=true,-Dbacklight=false"
 PACKAGECONFIG[binfmt] = "-Dbinfmt=true,-Dbinfmt=false"
 PACKAGECONFIG[bpf-framework] = "-Dbpf-framework=enabled,-Dbpf-framework=disabled,clang-native bpftool-native libbpf,libbpf"

From patchwork Fri Dec 20 08:57:00 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Mikko Rapeli <mikko.rapeli@linaro.org>
X-Patchwork-Id: 54432
Return-Path: <mikko.rapeli@linaro.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 5FABEE77188
	for <webhook@archiver.kernel.org>; Fri, 20 Dec 2024 08:57:50 +0000 (UTC)
Received: from mail-lf1-f50.google.com (mail-lf1-f50.google.com
 [209.85.167.50])
 by mx.groups.io with SMTP id smtpd.web10.148473.1734685061332622002
 for <openembedded-core@lists.openembedded.org>;
 Fri, 20 Dec 2024 00:57:41 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@linaro.org header.s=google header.b=rYqOZ6Sy;
 spf=pass (domain: linaro.org, ip: 209.85.167.50,
 mailfrom: mikko.rapeli@linaro.org)
Received: by mail-lf1-f50.google.com with SMTP id
 2adb3069b0e04-53e3c47434eso1741780e87.3
        for <openembedded-core@lists.openembedded.org>;
 Fri, 20 Dec 2024 00:57:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linaro.org; s=google; t=1734685059; x=1735289859;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=7c7Hl5DUFiQkshlgOqkgP3u7uP9Zys1yhTeA93pSZ4c=;
        b=rYqOZ6SyZbMRHSiJjuYHUl8bkTSY+RNtBzB626VA50a19PQV/ix19/Yts69+JmnH65
         tD3FrUWrZA0zMH4oS7QN7m8oRWLLkdAVTdbHRjDUcT4rzNJjCOLF7z5CVQCZc/EQHQSU
         qmpFxgeFMSecUp2/shFPRuShlOCDaMyRTw3dauiIwVFtH4XyKVSa2HgtT4lrsGHjwqIQ
         +vv7B9T2tGtgTiWD+Pwibmu3alJjVYUFO9q4l/wOw0YrpATKmgJYKrjEZYEjL98cXFHA
         qUsTnAPddxJFJi2C+F7iT0SSszyiQHymb2VQsEx2UAwBK5bL5On0Uv+zTaCinDEc/LAP
         JaBA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1734685059; x=1735289859;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=7c7Hl5DUFiQkshlgOqkgP3u7uP9Zys1yhTeA93pSZ4c=;
        b=ZgiwwgA74NCTlWrVWy4X1bf1op+Q9tfrbGNbB13S9yBRYl0c+nu3MRpdl/aMxx6ASS
         p6jnnJFGbVglfCgG3cmnFCoWx4ARC8GLtu0QIpLKQN76vjhpac6FCi83JmAsYd8of1sW
         KdVMwLdil6gNmLPNB+rQOFRkDg2tPvgHZ4Mmz8gSKP3m3QBnswURf8BvLVtDRt/6tTSJ
         EAKEu991LU24yaQpyTA3V4hfAoHd6kz31S8rADIIxfSkjGpmTwa01hwz8W+RlKZPNakL
         mlNw4SRnJCnG4FQCy/SyeeGTS8NJv57YAG8hmDRM+Llvzyn5e80SkcRRXjOO/QHta42N
         rk6g==
X-Gm-Message-State: AOJu0Yyw7N4QYkfHFy4yJzkXMETmGPwr1cYe/5H5MNsp+Hft+0UvFi76
	fZqIBJDbZkfhq4hshRUToQYbAdR2vW2emIPrV3NBG6Mc1YCSJLqE3QUkPKU2VqqspugT4SMVDl2
	v07Q=
X-Gm-Gg: ASbGnct8FMcpG7ZMV0NPhyXJL3GCxRv7WxmdIALZFxWJSOFtAI7hyzu3Uqx2YgJjbcP
	GJcrGPRxwEVgTcXiTNmUJ040GupdBcOZTlFnMNIDnPABqNQuWWsYBFTREBoekxmJgyMTkkpm83k
	OAefs10Fgl9Zf68LyOl8VMtO2vUGaVq/Vcy32g1uxnUQWo1JnfQrBVSAfMFCFp1mMJ7H1ZCF5ys
	1/skWMg8ddUGWituZpGFL11rRPpqbp2T2GhCl8IkwSm2CoVqocsQUQeeis+KcUV91sui4H0xRI4
	DFwcGogv2SMT0YwwsCEVT5EAkw==
X-Google-Smtp-Source: 
 AGHT+IHjbq/I5job7Vl/2tPPF2ucxuhJ/K1JOdhywD3nXfNScwfFzJkPqCeq0TjhnPQhk8pJV2O/Cg==
X-Received: by 2002:ac2:4c48:0:b0:53e:362e:ed0 with SMTP id
 2adb3069b0e04-54229561a53mr620074e87.44.1734685059480;
        Fri, 20 Dec 2024 00:57:39 -0800 (PST)
Received: from localhost.localdomain (78-27-76-97.bb.dnainternet.fi.
 [78.27.76.97])
        by smtp.gmail.com with ESMTPSA id
 2adb3069b0e04-54228744c06sm218186e87.219.2024.12.20.00.57.37
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 20 Dec 2024 00:57:37 -0800 (PST)
From: Mikko Rapeli <mikko.rapeli@linaro.org>
To: openembedded-core@lists.openembedded.org
Cc: Mikko Rapeli <mikko.rapeli@linaro.org>
Subject: [PATCH 2/2] systemd: add fido to PACKAGECONFIG option
Date: Fri, 20 Dec 2024 10:57:00 +0200
Message-ID: <20241220085700.228006-2-mikko.rapeli@linaro.org>
X-Mailer: git-send-email 2.45.2
In-Reply-To: <20241220085700.228006-1-mikko.rapeli@linaro.org>
References: <20241220085700.228006-1-mikko.rapeli@linaro.org>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 20 Dec 2024 08:57:50 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/208970

To enable FIDO support.

meta-security can provide libfido2 but it depends on udev
which creates a dependency loop between systemd (provider of udev)
and libfido2 which is currently unresolved. systemd recipe
could split udev to a separate recipe to solve this, or libfido2
could be compiled in systemd source tree after udev but before
rest of systemd.

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
---
 meta/recipes-core/systemd/systemd_256.9.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-core/systemd/systemd_256.9.bb b/meta/recipes-core/systemd/systemd_256.9.bb
index c047964953..b5e3e85a38 100644
--- a/meta/recipes-core/systemd/systemd_256.9.bb
+++ b/meta/recipes-core/systemd/systemd_256.9.bb
@@ -150,6 +150,7 @@ PACKAGECONFIG[default-compression-zstd] = "-Dzstd=true -Ddefault-compression=zst
 PACKAGECONFIG[dbus] = "-Ddbus=enabled,-Ddbus=disabled,dbus"
 PACKAGECONFIG[efi] = "-Defi=true -Dbootloader=enabled,-Defi=false -Dbootloader=disabled,python3-pyelftools-native"
 PACKAGECONFIG[elfutils] = "-Delfutils=enabled,-Delfutils=disabled,elfutils,,libelf libdw"
+PACKAGECONFIG[fido] = "-Dlibfido2=enabled,-Dlibfido2=disabled,libfido2"
 PACKAGECONFIG[firstboot] = "-Dfirstboot=true,-Dfirstboot=false"
 PACKAGECONFIG[repart] = "-Drepart=enabled,-Drepart=disabled"
 PACKAGECONFIG[homed] = "-Dhomed=enabled,-Dhomed=disabled"