From patchwork Tue Dec 31 03:12:28 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Armin Kuster X-Patchwork-Id: 54812 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 14F14E77194 for ; Tue, 31 Dec 2024 03:12:36 +0000 (UTC) Received: from mail-yb1-f179.google.com (mail-yb1-f179.google.com [209.85.219.179]) by mx.groups.io with SMTP id smtpd.web10.76564.1735614751946844282 for ; Mon, 30 Dec 2024 19:12:32 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Idrr/J7C; spf=pass (domain: gmail.com, ip: 209.85.219.179, mailfrom: akuster808@gmail.com) Received: by mail-yb1-f179.google.com with SMTP id 3f1490d57ef6-e387ad7abdaso14049429276.0 for ; Mon, 30 Dec 2024 19:12:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1735614751; x=1736219551; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=vAa7Ih7nzJq9xZlz5r17eMKPYnm+CSXsXNmfwyoShE8=; b=Idrr/J7CuzZqit/q6FEfbuYM7JZSheUUsx6Vb8CljCyGGVf0HJu5H0jJ5IyEJPbfcU VSsPWrdy9wGQMya/XGSy3GHg6i+B+Bpa16/8ZHgkaI8KXuspVYcosSy8YxozEgr5RkA+ a3eeZX0mroNVF7lK5unX1kmir0/YgMDfGdYCkwLug9nFVLv58PAzX+vVChmMH7sTX7pe jixS2R3oQnaW/QACPQaB3Fw6YK8YdjrpvtI2kS1e52t/ZmYh0LiiC96ezKKKTz2A6L3T PCgBP3X2U5/IWadn+qQNB0W+vxDKh7qoZ0V2p+h3z8gKXmtWiEoeVm5K3poobpdzu1Ce fcPw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735614751; x=1736219551; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=vAa7Ih7nzJq9xZlz5r17eMKPYnm+CSXsXNmfwyoShE8=; b=PcfUheRZMMaMbjGK+OAgt6pML8HK3l1r6n1LaL3VEme3XCP0Ga9GpzlQlKj9LmLItN E0k6YCRflKzPb0okyQy8Neuel+Tp2b0b2/xrUy/2NNB9R8puw2JDloVDJIGM9qsZS5+S jL+Q78iq3Ah90SHCyfum7yszNm4AN80g9agEqsEl4tHQ2BRX8XYKUPjkuXL8D2gEylWq 17McBeS/4BnLZfJWnhD+9D1F4u+yzAv8aHp8cdeOJcetngKNzYSx5lEoLUj/50PPgvS9 3LOtOXOP053xq3FZBQ3r5QzlluwI4bCIlzFV1gI2/i5vnf72fXALr8NNhM6JdjTNgEer LzGg== X-Gm-Message-State: AOJu0YyDO95oeAcoUjqAGX+AVylDz1i7i/WWQIyAPqsBTGZop0sArInT PgWu5llydQSmI/55hemsETDntq0zWP03WqzTGhMh+o++esUADXs/Ojy/EzIa X-Gm-Gg: ASbGnctpXS/rN70y28zceANk2nhPy/gH7mUzE/ybNwOh+IBrJ+I3ba5HqK8xDosmfTT gI4gWE5RfRwVWv1uwxwTsa3xUMDVSzqvXGNczIyIerXh1cxG/m/Hn/pw0Bxx3YL+u6TFUsr1QZ1 JE8E03S2FQj5zs5cd2iBxuwOLiGSW5cr+7xzGQ4ONJVHhbgty+wOg7ZhNZc2RrZvynpMT0InX2t zaeNK5qZhxy62Va+qVXHPezLi8D6H/p/hCju1sjXsWbU6UMMD7U4Af9u0Dxy9iI/7Qf X-Google-Smtp-Source: AGHT+IEiwiFVSJo4fuwFcqmNZFIRquY8125XnsibmzEFnZLv/RjikWpQUS760LsCG+cldQ3JY/4S0w== X-Received: by 2002:a05:6902:842:b0:e38:bf8b:e2d0 with SMTP id 3f1490d57ef6-e538c414d56mr24777408276.46.1735614750921; Mon, 30 Dec 2024 19:12:30 -0800 (PST) Received: from keaua.attlocal.net ([2600:1700:45dd:7000:c83e:ad2:5c14:ece]) by smtp.gmail.com with ESMTPSA id 3f1490d57ef6-e537cbeb0b4sm6270546276.6.2024.12.30.19.12.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Dec 2024 19:12:30 -0800 (PST) From: Armin Kuster To: yocto-patches@lists.yoctoproject.org Subject: [meta-security][PATCH 1/2] kas: tweak to improve CI work flow Date: Mon, 30 Dec 2024 22:12:28 -0500 Message-ID: <20241231031229.2640925-1-akuster808@gmail.com> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 31 Dec 2024 03:12:36 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/960 drop ptest from base builds. Enable ptest in test image only Signed-off-by: Armin Kuster --- kas/kas-security-base.yml | 1 + kas/qemux86-test.yml | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/kas/kas-security-base.yml b/kas/kas-security-base.yml index bdd74b1..6d53071 100644 --- a/kas/kas-security-base.yml +++ b/kas/kas-security-base.yml @@ -46,6 +46,7 @@ local_conf_header: PACKAGE_CLASSES = "package_ipk" DISTRO_FEATURES:append = " security pam apparmor smack ima tpm tpm2" + DISTRO_FEATURES:remove = "ptest" MACHINE_FEATURES:append = " tpm tpm2" diskmon: | diff --git a/kas/qemux86-test.yml b/kas/qemux86-test.yml index 83a5353..98f1e7f 100644 --- a/kas/qemux86-test.yml +++ b/kas/qemux86-test.yml @@ -3,4 +3,8 @@ header: includes: - kas-security-base.yml +local_conf_header: + ptest: | + DISTRO_FEATURES:append = " ptest" + machine: qemux86 From patchwork Tue Dec 31 03:12:29 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Armin Kuster X-Patchwork-Id: 54813 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 138ADE77188 for ; Tue, 31 Dec 2024 03:12:36 +0000 (UTC) Received: from mail-yb1-f171.google.com (mail-yb1-f171.google.com [209.85.219.171]) by mx.groups.io with SMTP id smtpd.web11.76823.1735614752540141803 for ; Mon, 30 Dec 2024 19:12:32 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=g1iSOfK5; spf=pass (domain: gmail.com, ip: 209.85.219.171, mailfrom: akuster808@gmail.com) Received: by mail-yb1-f171.google.com with SMTP id 3f1490d57ef6-e53a5ff2233so10492002276.3 for ; Mon, 30 Dec 2024 19:12:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1735614751; x=1736219551; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=VDGzzK2AeN5Yjk7xvPwY0UstRTI5zsRbce1iXz63l5U=; b=g1iSOfK57OTVZWhTatK0yBUIgyNDZodwq132SpQ6kW5FwKrH4ABqxPqVABaYyDt932 z5c/Sp1v/HAgKjKIdSJ5vA+ZdDAyWPXZ+62Grvq099LE7JXIF7D9o/UjwlKwW6TTduOP FZU08drQS0FwZpg1CnARqDe+qMXeU51+H0UWd3es4o+j4Uh5GKurz2GWLT9ISTvl6zUA wM6z4HeMB9zvta67gTl+l+RhoYCOoNJZYgJnonr7bboxJ+i5sQ0KKG5cZV8ler/bREp5 BjU/jjAsb4A/J36It6FQb0a0ZN17pRU1ICHpRleKo198wgrhcDyenXTDsRMCechLlZw4 eV1A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735614751; x=1736219551; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=VDGzzK2AeN5Yjk7xvPwY0UstRTI5zsRbce1iXz63l5U=; b=jZK1bXtQS6GYtQPMQnTxzARvTS9/+EDvcwkb/lOcI/VnJF23ojyj071t2cNzBfDYx/ Uvmyr4Gm7ES33hVWLeqxT1Zvv8/vQbW4qHYcnTgR4tQe5tA7N3/sm9s8Cj5Tr0OJuLVp 2Rty6zYrnEwU3kO/EfYGtyrMjSEnmfGNjydma4j1CDAXE0jeEkF4U/333Sk+oizr9GJP Y6WcSNSKAqK2b+xH8u5bgrkJ2MELqTxTi5BdbhKlnXK0gbrlWV/G0IIfsA3J6rBbN9u8 PLeVpocuCcNM4V7qoPmNLarGchp5oWdBj7TKwl192Qgzzuv2v8gUQTgf6FFy4ShQ6XG3 zzIQ== X-Gm-Message-State: AOJu0YyDJ+L3o0rmMbx1sfHwE87Z+k02maCBZ8G/vyBKDpV9JIdor1do eaz6Mjeg/XIgzJ68eo0gHDjDZG3MQ8lMSaHpq2IaX0LuDtZaMPZgkKgl6gOA X-Gm-Gg: ASbGncumFg/H0yHFMv2rlm9bBIkEIycnLE8HwPVGB4Yllfq9Vf8mpEGeWOghQeKt2gY ioNZtU22fctTzmgnkdLqtlpmfbyykwXckFJ/gN83EQ4dXwKHYSsprlfArhzHJ5oN3xAKWsXlQy3 lmikNIMs/YiqQPMSmpaavN8uheBRHMLQgNgtvCeVeT2fITVT30Q74xp/0Kh7IyY/Srt3isR7bL4 m6Z3Y594271pFcUhv94rEq1Nz0HR1zrNMYSGlKxLoLbbd1MQdS/1QNIwN58TkTrV5Nl X-Google-Smtp-Source: AGHT+IHLxiHCz4PiL3oSZ8iAOkIZW0Gp6p0NDvzNaagfrmhqTOqP7eYv4cbi37Fh0VRfxwh4vpSRnA== X-Received: by 2002:a05:6902:11cf:b0:e46:e18:9e83 with SMTP id 3f1490d57ef6-e538c34f3ccmr26060273276.39.1735614751564; Mon, 30 Dec 2024 19:12:31 -0800 (PST) Received: from keaua.attlocal.net ([2600:1700:45dd:7000:c83e:ad2:5c14:ece]) by smtp.gmail.com with ESMTPSA id 3f1490d57ef6-e537cbeb0b4sm6270546276.6.2024.12.30.19.12.31 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Dec 2024 19:12:31 -0800 (PST) From: Armin Kuster To: yocto-patches@lists.yoctoproject.org Subject: [meta-security][PATCH 2/2] parsec-service: fix build error Date: Mon, 30 Dec 2024 22:12:29 -0500 Message-ID: <20241231031229.2640925-2-akuster808@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20241231031229.2640925-1-akuster808@gmail.com> References: <20241231031229.2640925-1-akuster808@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 31 Dec 2024 03:12:36 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/961 Fixes: | error: unnecessary qualification | --> src/front/domain_socket.rs:247:30 | | | 247 | let ucred_size = mem::size_of::(); | | ^^^^^^^^^^^^^^^^^^^^^ Signed-off-by: Armin Kuster --- ...Fix-unnecessary-qualifications-error.patch | 50 +++++++++++++++++++ .../parsec-service/parsec-service_1.4.1.bb | 2 + 2 files changed, 52 insertions(+) create mode 100644 meta-parsec/recipes-parsec/parsec-service/files/0002-Fix-unnecessary-qualifications-error.patch diff --git a/meta-parsec/recipes-parsec/parsec-service/files/0002-Fix-unnecessary-qualifications-error.patch b/meta-parsec/recipes-parsec/parsec-service/files/0002-Fix-unnecessary-qualifications-error.patch new file mode 100644 index 0000000..cef6bd8 --- /dev/null +++ b/meta-parsec/recipes-parsec/parsec-service/files/0002-Fix-unnecessary-qualifications-error.patch @@ -0,0 +1,50 @@ +From 86d4d2ca2f1e873a29f9f4d4bba99fedee19a144 Mon Sep 17 00:00:00 2001 +From: Gowtham Suresh Kumar +Date: Thu, 29 Aug 2024 17:10:06 +0100 +Subject: [PATCH 2/4] Fix unnecessary qualifications error + +Signed-off-by: Gowtham Suresh Kumar + +Upstream-Status: Backport +Signed-off-by: Armin Kuster + +--- + src/front/domain_socket.rs | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/src/front/domain_socket.rs b/src/front/domain_socket.rs +index 9fb8a0c..a0effa5 100644 +--- a/src/front/domain_socket.rs ++++ b/src/front/domain_socket.rs +@@ -239,15 +239,16 @@ pub mod peer_credentials { + pub mod impl_linux { + use super::UCred; + use libc::{c_void, getsockopt, socklen_t, ucred, SOL_SOCKET, SO_PEERCRED}; ++ use std::io; ++ use std::mem::size_of; + use std::os::unix::io::AsRawFd; + use std::os::unix::net::UnixStream; +- use std::{io, mem}; + + pub fn peer_cred(socket: &UnixStream) -> io::Result { +- let ucred_size = mem::size_of::(); ++ let ucred_size = size_of::(); + + // Trivial sanity checks. +- assert!(mem::size_of::() <= mem::size_of::()); ++ assert!(size_of::() <= size_of::()); + assert!(ucred_size <= u32::MAX as usize); + + let mut ucred_size = ucred_size as socklen_t; +@@ -266,7 +267,7 @@ pub mod peer_credentials { + &mut ucred_size, + ); + +- if ret == 0 && ucred_size as usize == mem::size_of::() { ++ if ret == 0 && ucred_size as usize == size_of::() { + Ok(UCred { + uid: ucred.uid, + gid: ucred.gid, +-- +2.43.0 + diff --git a/meta-parsec/recipes-parsec/parsec-service/parsec-service_1.4.1.bb b/meta-parsec/recipes-parsec/parsec-service/parsec-service_1.4.1.bb index 3aa0b0a..1d7c6e8 100644 --- a/meta-parsec/recipes-parsec/parsec-service/parsec-service_1.4.1.bb +++ b/meta-parsec/recipes-parsec/parsec-service/parsec-service_1.4.1.bb @@ -11,6 +11,7 @@ SRC_URI += "crate://crates.io/parsec-service/${PV} \ file://parsec_init \ file://systemd.patch \ file://parsec-tmpfiles.conf \ + file://0002-Fix-unnecessary-qualifications-error.patch \ " SRC_URI[parsec-service-1.4.1.sha256sum] = "06ad906fb13d6844ad676d4203a1096ae4efc87fe1abcea0481c507df56d8c98" @@ -47,6 +48,7 @@ INITSCRIPT_NAME = "parsec" # The file should also be included into SRC_URI then PARSEC_CONFIG ?= "${S}/config.toml" + do_install () { # Binaries install -d -m 700 -o parsec -g parsec "${D}${libexecdir}/parsec"