From patchwork Fri Jul 4 17:11:05 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Scott Murray X-Patchwork-Id: 66262 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 39DEEC83F0D for ; Fri, 4 Jul 2025 17:11:58 +0000 (UTC) Received: from mail-qt1-f172.google.com (mail-qt1-f172.google.com [209.85.160.172]) by mx.groups.io with SMTP id smtpd.web10.1065.1751649110175814723 for ; Fri, 04 Jul 2025 10:11:50 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@konsulko.com header.s=google header.b=L9r7i/Ek; spf=pass (domain: konsulko.com, ip: 209.85.160.172, mailfrom: scott.murray@konsulko.com) Received: by mail-qt1-f172.google.com with SMTP id d75a77b69052e-4a97a67aa97so7559071cf.2 for ; Fri, 04 Jul 2025 10:11:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=konsulko.com; s=google; t=1751649109; x=1752253909; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=0GOrU3ip1pxDrG2G1U/soFYT2NqYOVBsbg+B2vEBuGo=; b=L9r7i/EkzhdCB+N7/YbqtpOKYCDBXkZ0VB5b9uAQokbzn7hNVUiiCWlncsWkCuSsKI SfUJ84Psa4RSiYgntYbI1AbPRwQ5ZBvJsTg7y25E6H/GqEzaZi+fnl2sD3CcGgmMPnRZ TE0cZC7jlFhbF0gJMXI1GYtY2jTggJV9zBTms= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751649109; x=1752253909; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0GOrU3ip1pxDrG2G1U/soFYT2NqYOVBsbg+B2vEBuGo=; b=NDYw2kHHbRbMZr8nZO/v8oArwYRw8oNy1mOZLyWTB3u7D23SrisrBKg032VhW8O8uE FjZG6H+FzjmrmgBvs2W/HZtFmewaiecXJbbFDbvQSEreECZ7P6TM2H8pu1sJ9Br3GCp/ q5liomWa/r9FZWGljTr1UeKSgwM5BS64CxSwSa2BmqPhtXt1VH7yRk50dRVmN55nDcUE lK/YcDrBoR2HZwAMg8nA+pwDSf4iPXOMRIm1dhRpthubi46GzroPKW2M3xmj0NPk9nGi 2ud4HlJor11xfZLTt8wNjqyeVyFP5OIKtHxF+OU7GLYpNoZ7nxq+rQUsrTH2eYAaZVjO REpQ== X-Gm-Message-State: AOJu0YweiH0E5oPLUiiR2ASDSiSYyZRcpIpBqzyoHLAvY4rFejwuVX2Q +6TaNymLscmnhZxrhLIOY/3b9ELupr9ChzbKwRltaKZPaR9cdbL5Uo1yMgD6D5uC++2g59lGwIa W2+43 X-Gm-Gg: ASbGnctjqrwwcz3v63z4a3JYwMT9xCpqtCiL/Z3/SMnnIBMZAeASb/baHl+t7feRL3b 7tU9yzInMfGZu21BCga5L51c3APIZYg4DjAzccH4B3Rp8Ak5c9j59SlDlzEAkGerbfOdqvLnGnQ eiCRFYPSpLanY6icdklLu0L0QAb+DTr6jlBOkAa9ahsewcZhzz/Pj/sWh8wulCo93h3ZdbDwpv8 dbbFuoDxyFxsafZjstSZHcUvvPYCDe3yP7JQXEnFsZzX2XeYn7BbK5Gp1yCVMBM47/21Y7EtG5O 89ipTwMZK2Du99r+0Q/i/eE0lW9gCjNrEHgcZ6xCkXW3bbhfixxTZmfGSdlS/COsjvY9DD1nfq4 iDMue8SH7RxyUlL2PpiR4xdEiIvP/aQqI1zmjew== X-Google-Smtp-Source: AGHT+IEPD1qu1nKwU5qcaSi0vUm0M5hrx65RdqYuCHOvYmbx5qg6NrbtrwUpwiz9sEfK0vihieHJgA== X-Received: by 2002:ac8:59c8:0:b0:4a4:3171:b942 with SMTP id d75a77b69052e-4a99882053fmr42451151cf.39.1751649108793; Fri, 04 Jul 2025 10:11:48 -0700 (PDT) Received: from ghidorah.spiteful.org (107-179-213-3.cpe.teksavvy.com. [107.179.213.3]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-4a9949f99dcsm17249611cf.19.2025.07.04.10.11.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 04 Jul 2025 10:11:48 -0700 (PDT) From: Scott Murray To: yocto-patches@lists.yoctoproject.org Cc: "J. S." , Scott Murray Subject: [meta-security][PATCH 01/12] Fix warning : lack of whitespace around assignment Date: Fri, 4 Jul 2025 13:11:05 -0400 Message-ID: <4e2b318a86d1d4a799c4b609d4b626716fe6935e.1751647559.git.scott.murray@konsulko.com> X-Mailer: git-send-email 2.50.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 04 Jul 2025 17:11:58 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/1753 From: "J. S." v2 : also fix some typos while we are here. v3 : add fixes for isic and checksecurity Signed-off-by: Jason Schonberg [removed already applied change] Signed-off-by: Scott Murray --- .../recipes-scanners/checksecurity/checksecurity_2.0.16.bb | 2 +- .../recipes-devtools/python/python3-json2html_1.3.0.bb | 2 +- .../recipes-devtools/python/python3-xmldiff_2.7.0.bb | 2 +- .../scap-security-guide/scap-security-guide_0.1.76.bb | 6 +++--- recipes-ids/aide/aide_0.18.8.bb | 2 +- recipes-ids/ossec/ossec-hids_3.7.0.bb | 2 +- recipes-ids/tripwire/tripwire_2.4.3.7.bb | 2 +- recipes-kernel/lkrg/lkrg-module_0.9.7.bb | 2 +- recipes-mac/ccs-tools/ccs-tools_1.8.9.bb | 4 ++-- recipes-perl/perl/libwhisker2-perl_2.5.bb | 2 +- recipes-scanners/checksec/checksec_2.6.0.bb | 2 +- recipes-security/cryptmount/cryptmount_6.2.0.bb | 2 +- recipes-security/isic/isic_0.07.bb | 2 +- recipes-security/sshguard/sshguard_2.4.3.bb | 4 ++-- 14 files changed, 18 insertions(+), 18 deletions(-) diff --git a/dynamic-layers/meta-perl/recipes-scanners/checksecurity/checksecurity_2.0.16.bb b/dynamic-layers/meta-perl/recipes-scanners/checksecurity/checksecurity_2.0.16.bb index 8006c9f..bc146a9 100644 --- a/dynamic-layers/meta-perl/recipes-scanners/checksecurity/checksecurity_2.0.16.bb +++ b/dynamic-layers/meta-perl/recipes-scanners/checksecurity/checksecurity_2.0.16.bb @@ -14,7 +14,7 @@ S = "${WORKDIR}/checksecurity-${PV}+nmu1" # allow for anylocal, no need to patch -LOGDIR="/etc/checksecurity" +LOGDIR = "/etc/checksecurity" do_compile() { sed -i -e "s;LOGDIR=/var/log/setuid;LOGDIR=${LOGDIR};g" ${B}/etc/check-setuid.conf diff --git a/dynamic-layers/meta-python/recipes-devtools/python/python3-json2html_1.3.0.bb b/dynamic-layers/meta-python/recipes-devtools/python/python3-json2html_1.3.0.bb index 3d7e897..baf3156 100644 --- a/dynamic-layers/meta-python/recipes-devtools/python/python3-json2html_1.3.0.bb +++ b/dynamic-layers/meta-python/recipes-devtools/python/python3-json2html_1.3.0.bb @@ -1,4 +1,4 @@ -DESCRIPTION="Python wrapper to convert JSON into a human readable HTML Table representation." +DESCRIPTION = "Python wrapper to convert JSON into a human readable HTML Table representation." LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=8065590663ea0c10aa131841ea806767" diff --git a/dynamic-layers/meta-python/recipes-devtools/python/python3-xmldiff_2.7.0.bb b/dynamic-layers/meta-python/recipes-devtools/python/python3-xmldiff_2.7.0.bb index 9d38065..a81c252 100644 --- a/dynamic-layers/meta-python/recipes-devtools/python/python3-xmldiff_2.7.0.bb +++ b/dynamic-layers/meta-python/recipes-devtools/python/python3-xmldiff_2.7.0.bb @@ -1,4 +1,4 @@ -DESCRIPTION="Creates diffs of XML files" +DESCRIPTION = "Creates diffs of XML files" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=0d0e9e3949e163c3edd1e097b8b0ed62" diff --git a/recipes-compliance/scap-security-guide/scap-security-guide_0.1.76.bb b/recipes-compliance/scap-security-guide/scap-security-guide_0.1.76.bb index 73bd576..25309c7 100644 --- a/recipes-compliance/scap-security-guide/scap-security-guide_0.1.76.bb +++ b/recipes-compliance/scap-security-guide/scap-security-guide_0.1.76.bb @@ -21,9 +21,9 @@ B = "${S}/build" inherit cmake pkgconfig python3native python3targetconfig ptest STAGING_OSCAP_BUILDDIR = "${TMPDIR}/work-shared/openscap/oscap-build-artifacts" -export OSCAP_CPE_PATH="${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/cpe" -export OSCAP_SCHEMA_PATH="${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/schemas" -export OSCAP_XSLT_PATH="${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/xsl" +export OSCAP_CPE_PATH = "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/cpe" +export OSCAP_SCHEMA_PATH = "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/schemas" +export OSCAP_XSLT_PATH = "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/xsl" OECMAKE_GENERATOR = "Unix Makefiles" diff --git a/recipes-ids/aide/aide_0.18.8.bb b/recipes-ids/aide/aide_0.18.8.bb index e2014a1..2912cb2 100644 --- a/recipes-ids/aide/aide_0.18.8.bb +++ b/recipes-ids/aide/aide_0.18.8.bb @@ -16,7 +16,7 @@ UPSTREAM_CHECK_URI = "https://github.com/${BPN}/${BPN}/releases" inherit autotools pkgconfig aide-base -PACKAGECONFIG ??=" gcrypt zlib e2fsattrs posix capabilities curl pthread \ +PACKAGECONFIG ??= " gcrypt zlib e2fsattrs posix capabilities curl pthread \ ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux audit', '', d)} \ ${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'xattr', '', d)} \ " diff --git a/recipes-ids/ossec/ossec-hids_3.7.0.bb b/recipes-ids/ossec/ossec-hids_3.7.0.bb index fbd1294..d9f5121 100644 --- a/recipes-ids/ossec/ossec-hids_3.7.0.bb +++ b/recipes-ids/ossec/ossec-hids_3.7.0.bb @@ -18,7 +18,7 @@ inherit autotools-brokensep useradd S = "${UNPACKDIR}/git" -OSSEC_DIR="/var/ossec" +OSSEC_DIR = "/var/ossec" OSSEC_UID ?= "ossec" OSSEC_RUID ?= "ossecr" OSSEC_GID ?= "ossec" diff --git a/recipes-ids/tripwire/tripwire_2.4.3.7.bb b/recipes-ids/tripwire/tripwire_2.4.3.7.bb index e67d3c7..3c85027 100644 --- a/recipes-ids/tripwire/tripwire_2.4.3.7.bb +++ b/recipes-ids/tripwire/tripwire_2.4.3.7.bb @@ -1,7 +1,7 @@ SUMMARY = "Tripwire: A system integrity assessment tool (IDS)" DESCRIPTION = "Open Source Tripwire® software is a security and data \ integrity tool useful for monitoring and alerting on specific file change(s) on a range of systems" -HOMEPAGE="http://sourceforge.net/projects/tripwire" +HOMEPAGE = "http://sourceforge.net/projects/tripwire" SECTION = "security Monitor/Admin" LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=1c069be8dbbe48e89b580ab4ed86c127" diff --git a/recipes-kernel/lkrg/lkrg-module_0.9.7.bb b/recipes-kernel/lkrg/lkrg-module_0.9.7.bb index 751c045..20982a8 100644 --- a/recipes-kernel/lkrg/lkrg-module_0.9.7.bb +++ b/recipes-kernel/lkrg/lkrg-module_0.9.7.bb @@ -1,5 +1,5 @@ SUMMARY = "Linux Kernel Runtime Guard" -DESCRIPTION="LKRG performs runtime integrity checking of the Linux \ +DESCRIPTION = "LKRG performs runtime integrity checking of the Linux \ kernel and detection of security vulnerability exploits against the kernel." SECTION = "security" HOMEPAGE = "https://www.openwall.com/lkrg/" diff --git a/recipes-mac/ccs-tools/ccs-tools_1.8.9.bb b/recipes-mac/ccs-tools/ccs-tools_1.8.9.bb index a746c56..3f754e9 100644 --- a/recipes-mac/ccs-tools/ccs-tools_1.8.9.bb +++ b/recipes-mac/ccs-tools/ccs-tools_1.8.9.bb @@ -26,7 +26,7 @@ do_install(){ oe_runmake INSTALLDIR=${D} USRLIBDIR=${libdir} SBINDIR=${sbindir} install } -PACKAGE="${PN} ${PN}-dbg ${PN}-doc" +PACKAGES = "${PN} ${PN}-dbg ${PN}-doc" FILES:${PN} = "\ ${sbindir}/* \ @@ -46,4 +46,4 @@ FILES:${PN}-dbg = "\ /usr/src/debug/* \ " -REQUIRED_DISTRO_FEATURES ?=" tomoyo" +REQUIRED_DISTRO_FEATURES ?= " tomoyo" diff --git a/recipes-perl/perl/libwhisker2-perl_2.5.bb b/recipes-perl/perl/libwhisker2-perl_2.5.bb index 2c32bfc..e16e5f2 100644 --- a/recipes-perl/perl/libwhisker2-perl_2.5.bb +++ b/recipes-perl/perl/libwhisker2-perl_2.5.bb @@ -15,7 +15,7 @@ S = "${UNPACKDIR}/libwhisker2-2.5" inherit cpan-base -PACKAGEGROUP ??="" +PACKAGEGROUP ??= "" PACKAGEGROUP[ssl] = ", , libnet-ssleay-perl, libnet-ssleay-perl" do_install() { diff --git a/recipes-scanners/checksec/checksec_2.6.0.bb b/recipes-scanners/checksec/checksec_2.6.0.bb index 3712e68..4767239 100644 --- a/recipes-scanners/checksec/checksec_2.6.0.bb +++ b/recipes-scanners/checksec/checksec_2.6.0.bb @@ -2,7 +2,7 @@ SUMMARY = "Linux system security checks" DESCRIPTION = "The checksec script is designed to test what standard Linux OS and PaX security features are being used." SECTION = "security" LICENSE = "BSD-3-Clause" -HOMEPAGE="https://github.com/slimm609/checksec.sh" +HOMEPAGE = "https://github.com/slimm609/checksec.sh" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=879b2147c754bc040c29e9c3b84da836" diff --git a/recipes-security/cryptmount/cryptmount_6.2.0.bb b/recipes-security/cryptmount/cryptmount_6.2.0.bb index d69d88b..424ff56 100644 --- a/recipes-security/cryptmount/cryptmount_6.2.0.bb +++ b/recipes-security/cryptmount/cryptmount_6.2.0.bb @@ -10,7 +10,7 @@ inherit autotools-brokensep gettext pkgconfig systemd EXTRA_OECONF = " --enable-cswap --enable-fsck --enable-argv0switch" -PACKAGECONFIG ?="intl luks gcrypt nls" +PACKAGECONFIG ?= "intl luks gcrypt nls" PACKAGECONFIG:append = " ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)}" PACKAGECONFIG[systemd] = "--with-systemd, --without-systemd, systemd" diff --git a/recipes-security/isic/isic_0.07.bb b/recipes-security/isic/isic_0.07.bb index d39184e..8e0f5ce 100644 --- a/recipes-security/isic/isic_0.07.bb +++ b/recipes-security/isic/isic_0.07.bb @@ -17,7 +17,7 @@ SRC_URI = "http://prdownloads.sourceforge.net/isic/${BPN}-${PV}.tgz \ SRC_URI[md5sum] = "29f70c9bde9aa9128b8f7e66a315f9a4" SRC_URI[sha256sum] = "e033c53e03e26a4c72b723e2a5a1c433ee70eb4d23a1ba0d7d7e14ee1a80429d" -S="${UNPACKDIR}/${BPN}-${PV}" +S = "${UNPACKDIR}/${BPN}-${PV}" inherit autotools-brokensep diff --git a/recipes-security/sshguard/sshguard_2.4.3.bb b/recipes-security/sshguard/sshguard_2.4.3.bb index 37b414e..de3d856 100644 --- a/recipes-security/sshguard/sshguard_2.4.3.bb +++ b/recipes-security/sshguard/sshguard_2.4.3.bb @@ -1,10 +1,10 @@ -SUMARRY=" Intelligently block brute-force attacks by aggregating system logs " +SUMMARY = " Intelligently block brute-force attacks by aggregating system logs " HOMEPAGE = "https://www.sshguard.net/" LIC_FILES_CHKSUM = "file://COPYING;md5=47a33fc98cd20713882c4d822a57bf4d" LICENSE = "BSD-1-Clause" -SRC_URI="https://sourceforge.net/projects/sshguard/files/sshguard/${PV}/sshguard-${PV}.tar.gz" +SRC_URI = "https://sourceforge.net/projects/sshguard/files/sshguard/${PV}/sshguard-${PV}.tar.gz" SRC_URI[sha256sum] = "64029deff6de90fdeefb1f497d414f0e4045076693a91da1a70eb7595e97efeb" From patchwork Fri Jul 4 17:11:06 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Scott Murray X-Patchwork-Id: 66261 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 41B70C83F0E for ; Fri, 4 Jul 2025 17:11:58 +0000 (UTC) Received: from mail-qt1-f175.google.com (mail-qt1-f175.google.com [209.85.160.175]) by mx.groups.io with SMTP id smtpd.web11.1103.1751649111233915699 for ; Fri, 04 Jul 2025 10:11:51 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@konsulko.com header.s=google header.b=nteBE4Tw; spf=pass (domain: konsulko.com, ip: 209.85.160.175, mailfrom: scott.murray@konsulko.com) Received: by mail-qt1-f175.google.com with SMTP id d75a77b69052e-4a43afb04a7so8855821cf.0 for ; Fri, 04 Jul 2025 10:11:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=konsulko.com; s=google; t=1751649110; x=1752253910; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=8gBWi0Quz5Fb13rYqXrwLeyu3nQB5rO5kgQuoA6jenA=; b=nteBE4Twoza8xBDAeHcFgjOPxLh7R7U+4XV3/Qt6EdSblrZPvVatQfKOIvT9mcxOWe tpYQqafOsmueVJisJd1Wbw7Mkb+qCfeJWJpjfaTTvhfXgGAtgAwT5saQSt+yaqtb+gwg TdAxv2TbE0wM8r1a5Wo0TW7vxQnnD8qvak/QE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751649110; x=1752253910; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=8gBWi0Quz5Fb13rYqXrwLeyu3nQB5rO5kgQuoA6jenA=; b=W3tEmscSFkqdGQuU9gvDBfp5zsNJAbJEtwNFRMvtEoljeSQx5MLlg/TxxqvPGQN3kw cJFmzkriXqBO7tvNEI3CAY5MXs0wKJrqK9XRV+0tOWqFvP9zVVRQ8WYTSzJ7XaEwkdoE Y+WdlvK0uuC2exZfM26SSrsG1F14Al8cGSRRVVQU8ee+Af58Qjo8+W/n7Np8Zgf3ps+Z wdivMZxbIV/HhrZFPPgz2fYMB9B+Nf0zp4VgHAmV4X17eiANeNHLgkBZdzRm/6W96pgF dh90vEIpQq/id+1EqMIvgfGMUyqCXKKcEDQSqkGGgcT2UVWevkAjAGofQHM6ojmyMCu+ bndQ== X-Gm-Message-State: AOJu0YzJiKnmjXGIgqyJM7j/LBHj88gACj/T2at6JSvyqXwxxe2+g1bS JIIUFCtGhd9f+8MFQTMBamdbWvTSk3JTck0tZIwt/btxlm2qFR0z2H8P9b7MuNZiueLkOsbXqD/ SIJFU X-Gm-Gg: ASbGncssPycAV1J1MNW9lgioxBe38DE1MWcIGOZxzoW/+nXHKanA/uO2dqCl9tRTWQu ywwRu10Afe+KqU91eU9EFiCLx5AbbGuMc+yIhA0uic9nhynqLdk4ixZj4aWUQS97VotACzkGodN Qe0vb/YH3P2wPmLFbxUrpRqyRAFPtWXoSttg8MpRaXemKcETWkYH41cI6jmbspMA5+8i+sby933 KIqDbf/w5bcRUXXnUzDsvAJ7EeeM1Up6LJTmMsefPda4i1Uy400jbWi9Ar7nFtmRYTTiWXwkEH2 LSsK9neZNWbyAhdpdMF4D7DaZgHrbxagrct9fC0NfTGQBicay1xF3zmKcDXUsxjQQXkm6bXgA/t B0wDN05mUq1F2S6VfPBGN3lNmRLZNNdTz3A1jOw== X-Google-Smtp-Source: AGHT+IHtFIhEN0PC8vuYC03/piAsA+6pImgu5OxwNh8oV0+nokndeaBz5NUvtbdH1RmQhar91ifaQA== X-Received: by 2002:a05:622a:4d08:b0:4a9:80f6:19ad with SMTP id d75a77b69052e-4a99885a865mr37200411cf.45.1751649109897; Fri, 04 Jul 2025 10:11:49 -0700 (PDT) Received: from ghidorah.spiteful.org (107-179-213-3.cpe.teksavvy.com. [107.179.213.3]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-4a9949f99dcsm17249611cf.19.2025.07.04.10.11.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 04 Jul 2025 10:11:49 -0700 (PDT) From: Scott Murray To: yocto-patches@lists.yoctoproject.org Cc: Clayton Casciato , Scott Murray Subject: [meta-security][PATCH 02/12] smack: Use new CVE_STATUS variable Date: Fri, 4 Jul 2025 13:11:06 -0400 Message-ID: X-Mailer: git-send-email 2.50.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 04 Jul 2025 17:11:58 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/1754 From: Clayton Casciato Fix "CVE_CHECK_IGNORE is deprecated in favor of CVE_STATUS" https://docs.yoctoproject.org/dev/ref-manual/variables.html#term-CVE_STATUS Signed-off-by: Clayton Casciato Signed-off-by: Scott Murray --- recipes-mac/smack/smack_1.3.1.bb | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/recipes-mac/smack/smack_1.3.1.bb b/recipes-mac/smack/smack_1.3.1.bb index 6c52392..7b20e6b 100644 --- a/recipes-mac/smack/smack_1.3.1.bb +++ b/recipes-mac/smack/smack_1.3.1.bb @@ -13,10 +13,9 @@ SRC_URI = " \ PV = "1.3.1" -# CVE-2014-0363, CVE-2014-0364, CVE-2016-10027 is valnerble for other product. -CVE_CHECK_IGNORE += "CVE-2014-0363" -CVE_CHECK_IGNORE += "CVE-2014-0364" -CVE_CHECK_IGNORE += "CVE-2016-10027" +CVE_STATUS[CVE-2014-0363] = "cpe-incorrect: different product" +CVE_STATUS[CVE-2014-0364] = "cpe-incorrect: different product" +CVE_STATUS[CVE-2016-10027] = "cpe-incorrect: different product" inherit autotools update-rc.d pkgconfig ptest inherit ${@bb.utils.contains('VIRTUAL-RUNTIME_init_manager','systemd','systemd','', d)} From patchwork Fri Jul 4 17:11:07 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Scott Murray X-Patchwork-Id: 66256 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1A373C83F03 for ; Fri, 4 Jul 2025 17:11:58 +0000 (UTC) Received: from mail-qt1-f173.google.com (mail-qt1-f173.google.com [209.85.160.173]) by mx.groups.io with SMTP id smtpd.web10.1066.1751649112497438320 for ; Fri, 04 Jul 2025 10:11:52 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@konsulko.com header.s=google header.b=LqCbfthx; spf=pass (domain: konsulko.com, ip: 209.85.160.173, mailfrom: scott.murray@konsulko.com) Received: by mail-qt1-f173.google.com with SMTP id d75a77b69052e-4a7f61ea32aso21655471cf.3 for ; Fri, 04 Jul 2025 10:11:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=konsulko.com; s=google; t=1751649111; x=1752253911; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=itRlGvvNEJGATs6xK1+AGVVK3P+r40VAsoWppsxfPVw=; b=LqCbfthx+MI8WowmgnS9SlV/YtS6zhLIQCXVnWiHtvL+KL/SnbUNbCblRf6CbZ32pV lRnqjPAIFN4D2eL+uvyCdSFIy74waChuLcNYaQXuqXdjLs/+CHE6T82kJeu3MjAeUfT4 4zxgl/rLPT45PFysAFo97Sfn/32XiiD4Gp4Jw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751649111; x=1752253911; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=itRlGvvNEJGATs6xK1+AGVVK3P+r40VAsoWppsxfPVw=; b=WXzXfoy8w/+Nt2/k/FupAFWh/zcfGeH22PKvZV9UvH11WZYGeOhdnF/8c19Y5+hXs2 QDqaIJUgW7UmPFoWnwCkjUL8/pJ8DnCumTh8fCUvy6q/Uwv/XcMtmL5UUDWkYMFpHAIJ UG/wkOSoGwUk6oBAZwBf7TWazz9moNCcLC7OVKI4Wu6ykomLjHM4feKeOm6crWuwRCv6 glSj1M8YeuG0duRqy8wF5pzfMlbzOlWsug4q3PQ4NcUIU6L2oQiE/iSWNbAqeAJ7fex+ 60UnhzVQ/bp5e5dtf9Ggf7VR4h7lVE+92kLB63cgNpw9oQpIa9G6s3icg2sIZ6h+5DTy cH3g== X-Gm-Message-State: AOJu0YybSo7z5BWb3lZM2NT9XOiV0WYGmSNGLSDde2gvSjheXGjWo/0M +jQOvtOuDLi/wX0jUTkDgESKsYLAWCaZcwm5W7LDauuJ2fCjX3kQGcJUyeXQnvXmVugD3SXoPDd hXXSx X-Gm-Gg: ASbGncvfZPVWLAjNXycWKGx06YYsoTaEuWy41fODoxepI/LY91KkYrJYfIXcw8s2AdQ lsdgs4Wezjg4c4dWFMF+dfXwWnULRDqiyZgOgDnmytDgWPlfhKqlFqdlpj08dKH371gQbwohreX P0m86PVBc2u1XIESnFwjXFt8IRg3iX3zdHaLOYGDsNdZw0PsLF+2vK7570wlI4xDIO3BsNjtOsh S4cp4SazbVJ3IWGmNZiuQOV9QG4zOKgnPJLaOvutZuXxqrGMCA02krAJkBi4H57h4BtXKW18Yao L6dBaEafGS4pj4OS/3uWu0G7fn2e63aVqhVisIO8eMWgXlD1DDkLaO2V5339qLtOFlAJnHAkR22 T4j8OMJTkwq46ShG4pFQPuaMmwMKaQfXsoXrumP+hwlUophPZ X-Google-Smtp-Source: AGHT+IF/pbnGIWDJTGMD5Bfhj9ApBNW67NocAxyK/R0AGGoLihR2/Y2cstp4naaJNNuvAdWzq85dCw== X-Received: by 2002:ac8:5e4e:0:b0:4a5:a63b:4796 with SMTP id d75a77b69052e-4a9968344e4mr54715831cf.48.1751649111070; Fri, 04 Jul 2025 10:11:51 -0700 (PDT) Received: from ghidorah.spiteful.org (107-179-213-3.cpe.teksavvy.com. [107.179.213.3]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-4a9949f99dcsm17249611cf.19.2025.07.04.10.11.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 04 Jul 2025 10:11:50 -0700 (PDT) From: Scott Murray To: yocto-patches@lists.yoctoproject.org Cc: Scott Murray Subject: [meta-security][PATCH 03/12] layer.conf: Update to whinlatter (5.3) release Date: Fri, 4 Jul 2025 13:11:07 -0400 Message-ID: X-Mailer: git-send-email 2.50.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 04 Jul 2025 17:11:58 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/1755 Update LAYERSERIES_COMPAT in all layer.conf files with the exception of meta-parsec to whinlatter. For meta-parsec, whinlatter has been added, and the EOL releases removed, as an initial update. Signed-off-by: Scott Murray --- conf/layer.conf | 2 +- meta-hardening/conf/layer.conf | 2 +- meta-integrity/conf/layer.conf | 2 +- meta-parsec/conf/layer.conf | 2 +- meta-tpm/conf/layer.conf | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/conf/layer.conf b/conf/layer.conf index 84d40a1..7a86054 100644 --- a/conf/layer.conf +++ b/conf/layer.conf @@ -9,7 +9,7 @@ BBFILE_COLLECTIONS += "security" BBFILE_PATTERN_security = "^${LAYERDIR}/" BBFILE_PRIORITY_security = "8" -LAYERSERIES_COMPAT_security = "styhead walnascar" +LAYERSERIES_COMPAT_security = "whinlatter" LAYERDEPENDS_security = "core openembedded-layer" diff --git a/meta-hardening/conf/layer.conf b/meta-hardening/conf/layer.conf index a7e32e5..367d3d7 100644 --- a/meta-hardening/conf/layer.conf +++ b/meta-hardening/conf/layer.conf @@ -8,7 +8,7 @@ BBFILE_COLLECTIONS += "harden-layer" BBFILE_PATTERN_harden-layer = "^${LAYERDIR}/" BBFILE_PRIORITY_harden-layer = "6" -LAYERSERIES_COMPAT_harden-layer = "styhead walnascar" +LAYERSERIES_COMPAT_harden-layer = "whinlatter" LAYERDEPENDS_harden-layer = "core openembedded-layer" diff --git a/meta-integrity/conf/layer.conf b/meta-integrity/conf/layer.conf index 33127c7..23d6848 100644 --- a/meta-integrity/conf/layer.conf +++ b/meta-integrity/conf/layer.conf @@ -20,7 +20,7 @@ INTEGRITY_BASE := '${LAYERDIR}' # interactive shell is enough. OE_TERMINAL_EXPORTS += "INTEGRITY_BASE" -LAYERSERIES_COMPAT_integrity = "styhead walnascar" +LAYERSERIES_COMPAT_integrity = "whinlatter" # ima-evm-utils depends on keyutils from meta-oe LAYERDEPENDS_integrity = "core openembedded-layer" diff --git a/meta-parsec/conf/layer.conf b/meta-parsec/conf/layer.conf index 614c17e..29a8f11 100644 --- a/meta-parsec/conf/layer.conf +++ b/meta-parsec/conf/layer.conf @@ -8,7 +8,7 @@ BBFILE_COLLECTIONS += "parsec-layer" BBFILE_PATTERN_parsec-layer = "^${LAYERDIR}/" BBFILE_PRIORITY_parsec-layer = "5" -LAYERSERIES_COMPAT_parsec-layer = "walnascar styhead nanbield scarthgap" +LAYERSERIES_COMPAT_parsec-layer = "whinlatter walnascar scarthgap" LAYERDEPENDS_parsec-layer = "core clang-layer" BBLAYERS_LAYERINDEX_NAME_parsec-layer = "meta-parsec" diff --git a/meta-tpm/conf/layer.conf b/meta-tpm/conf/layer.conf index 5f96114..582fe1e 100644 --- a/meta-tpm/conf/layer.conf +++ b/meta-tpm/conf/layer.conf @@ -8,7 +8,7 @@ BBFILE_COLLECTIONS += "tpm-layer" BBFILE_PATTERN_tpm-layer = "^${LAYERDIR}/" BBFILE_PRIORITY_tpm-layer = "6" -LAYERSERIES_COMPAT_tpm-layer = "styhead walnascar" +LAYERSERIES_COMPAT_tpm-layer = "whinlatter" LAYERDEPENDS_tpm-layer = " \ core \ From patchwork Fri Jul 4 17:11:08 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Scott Murray X-Patchwork-Id: 66258 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1C4FEC8303D for ; Fri, 4 Jul 2025 17:11:58 +0000 (UTC) Received: from mail-qt1-f177.google.com (mail-qt1-f177.google.com [209.85.160.177]) by mx.groups.io with SMTP id smtpd.web11.1105.1751649114016486856 for ; Fri, 04 Jul 2025 10:11:54 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@konsulko.com header.s=google header.b=MRQHihIA; spf=pass (domain: konsulko.com, ip: 209.85.160.177, mailfrom: scott.murray@konsulko.com) Received: by mail-qt1-f177.google.com with SMTP id d75a77b69052e-4a76ea97cefso11607191cf.2 for ; Fri, 04 Jul 2025 10:11:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=konsulko.com; s=google; t=1751649113; x=1752253913; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=QUmDskrKsEqvqtZy1quyX5iLzqnoFP7NmznBEX2CWQQ=; b=MRQHihIALfzW5VqxRXvMQw5VvnL5NYr6qJEcRQiw7KiOXjVBv6XSiGugxbWOaqEm5E XYRLk4DsrTQPjjNNau17tU3o+loXhOLb2Mny1A1E13q3MYZfBk7CP25xVwtpD6zsDaru lWQWuDrcCDCCUBaepv9bK45wtaYTRf5yhgtGw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751649113; x=1752253913; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=QUmDskrKsEqvqtZy1quyX5iLzqnoFP7NmznBEX2CWQQ=; b=mGCriA2Qbll0qbomiTHHLWMs64XLENIA2CVhKbGh/PakCtOh2C1lFCdNVKr8bH35IG 0NrsAlzIlqyePkV81fUUz19Vp1URWBn0yAMb8SkGKouZMGxlorP5LfjC2pRl3S+McbLB t4Vv6MorRdqf25i0Hs1leaQx5e77IA2ukqqt8SfboiKFA30NZJ1WUw9YNzRWIYUnfqfE 8PqoQqWARqf/++zqdDbbEAO9qjxNzvBYBOEBteXNaBrBnwF9MyXGaPRgIzQSNasQVikn E7XHzQMkkiiGnUql0rSoghFMthW7wvcSyUMl5Tn0+PDwLXAMz9fz3ubqhiBM77mBPWUI hlSQ== X-Gm-Message-State: AOJu0YzFZk3S15ThUYbpxWU5MT6wRqwuDO3KNeSLa03jKGNXI7zvQ3xT rAtQrgQDKC8a7CI0ftTpMkIiQugTLt91F7ouZajx6QkGY35z0FXWWWAHKNIN3jbZJSIPclf9uoh suYnR X-Gm-Gg: ASbGncuVMwGnfUs1qTJ39C8n6V0L/lX9e2/iIr2VzN/m1pzICTpoj7q+OWA0t6f0b0L t0yPxQEiGZgH4Ha0p6TwrQg0tf4Zl2RlOQRL/3XwL77StXJVoN79RrH8aHyfBJi3/vC6Z5rgKKk m/s/giIFPZg6dNTul5/NwdtPOcyBjh40kbR9/c8eg5nx0c5W9ndCumc4WEVSOiYWOYO9I0bSSaf C88PcBDCokd7uF0Y5czLX8IebwWqmaGJVHIEEYJeSXeLRdFOs5bv+pPHaSSoZcbuna8mMn0aNvp tHxaBNLeBaPocHSr+5otp2b1y8nw6bGR6dlZmzHamrEsEGxy70ne20ba6seqT47s9MBaPk/8Rg4 8W0z725xCW8Ctbj7klGrGSPZ2+Nm5oP3sY/qQJw== X-Google-Smtp-Source: AGHT+IHB7qfQTpKaEtBe3bW+nV8xtgXGbB4DcjNXVgq4dlwbkE8WNUcpT/8UyJAf8TLPETKKl6xw4Q== X-Received: by 2002:a05:622a:6205:b0:4a4:3d13:7d21 with SMTP id d75a77b69052e-4a99883e4e0mr43840061cf.47.1751649112154; Fri, 04 Jul 2025 10:11:52 -0700 (PDT) Received: from ghidorah.spiteful.org (107-179-213-3.cpe.teksavvy.com. [107.179.213.3]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-4a9949f99dcsm17249611cf.19.2025.07.04.10.11.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 04 Jul 2025 10:11:51 -0700 (PDT) From: Scott Murray To: yocto-patches@lists.yoctoproject.org Cc: Scott Murray Subject: [meta-security][PATCH 04/12] Adapt to S/UNPACKDIR changes Date: Fri, 4 Jul 2025 13:11:08 -0400 Message-ID: <0272225ccdfb31a84408351c5911920a68249cc7.1751647559.git.scott.murray@konsulko.com> X-Mailer: git-send-email 2.50.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 04 Jul 2025 17:11:58 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/1756 Remove or update S definitions as required to work with oe-core S/UNPACKDIR changes. Signed-off-by: Scott Murray --- .../recipes-scanners/checksecurity/checksecurity_2.0.16.bb | 3 +-- .../meta-perl/recipes-security/bastille/bastille_3.2.1.bb | 2 +- .../meta-perl/recipes-security/nikto/nikto_2.1.6.bb | 2 +- .../recipes-security/fail2ban/python3-fail2ban_git.bb | 2 -- meta-tpm/recipes-tpm/libtpm/libtpms_0.10.0.bb | 1 - meta-tpm/recipes-tpm/swtpm/swtpm_0.10.0.bb | 2 -- meta-tpm/recipes-tpm1/hoth/libhoth_git.bb | 2 -- .../openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb | 2 -- meta-tpm/recipes-tpm1/pcr-extend/pcr-extend_git.bb | 2 -- .../recipes-tpm1/tpm-quote-tools/tpm-quote-tools_1.0.4.bb | 1 - meta-tpm/recipes-tpm1/tpm-tools/tpm-tools_1.3.9.2.bb | 2 -- meta-tpm/recipes-tpm1/trousers/trousers_git.bb | 2 -- meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_183-2024-03-27.bb | 2 +- meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_2.2.0.bb | 2 -- meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb | 2 -- meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb | 2 -- recipes-compliance/openscap/openscap_1.4.1.bb | 2 -- .../scap-security-guide/scap-security-guide_0.1.76.bb | 1 - recipes-ids/crowdsec/crowdsec_1.1.1.bb | 2 -- recipes-ids/ossec/ossec-hids_3.7.0.bb | 3 --- recipes-ids/suricata/libhtp_0.5.50.bb | 4 ---- recipes-ids/tripwire/tripwire_2.4.3.7.bb | 2 -- recipes-kernel/lkrg/lkrg-module_0.9.7.bb | 2 -- recipes-mac/AppArmor/apparmor_4.0.3.bb | 1 - recipes-mac/smack/mmap-smack-test_1.0.bb | 3 +-- recipes-mac/smack/smack-test_1.0.bb | 3 +-- recipes-mac/smack/smack_1.3.1.bb | 3 --- recipes-mac/smack/tcp-smack-test_1.0.bb | 3 +-- recipes-mac/smack/udp-smack-test_1.0.bb | 3 +-- recipes-scanners/checksec/checksec_2.6.0.bb | 2 -- recipes-scanners/clamav/clamav_0.104.4.bb | 1 - recipes-security/Firejail/firejail_0.9.72.bb | 2 -- recipes-security/chipsec/chipsec_1.9.1.bb | 2 -- recipes-security/fscrypt/fscrypt_1.1.0.bb | 2 -- recipes-security/fscryptctl/fscryptctl_1.1.0.bb | 2 -- recipes-security/glome/glome_git.bb | 1 - .../google-authenticator-libpam_1.09.bb | 2 -- recipes-security/krill/krill_0.12.3.bb | 1 - recipes-security/libest/libest_3.2.0.bb | 2 -- recipes-security/libgssglue/libgssglue_0.9.bb | 2 -- recipes-security/libmspack/libmspack_1.11.bb | 2 +- recipes-security/ncrack/ncrack_0.7.bb | 2 -- recipes-security/redhat-security/redhat-security_1.0.bb | 3 +-- 43 files changed, 10 insertions(+), 79 deletions(-) diff --git a/dynamic-layers/meta-perl/recipes-scanners/checksecurity/checksecurity_2.0.16.bb b/dynamic-layers/meta-perl/recipes-scanners/checksecurity/checksecurity_2.0.16.bb index bc146a9..8dfb1cc 100644 --- a/dynamic-layers/meta-perl/recipes-scanners/checksecurity/checksecurity_2.0.16.bb +++ b/dynamic-layers/meta-perl/recipes-scanners/checksecurity/checksecurity_2.0.16.bb @@ -10,8 +10,7 @@ SRC_URI = "http://ftp.de.debian.org/debian/pool/main/c/checksecurity/checksecuri SRC_URI[sha256sum] = "9803b3760e9ec48e06ebaf48cec081db48c6fe72254a476224e4c5c55ed97fb0" -S = "${WORKDIR}/checksecurity-${PV}+nmu1" - +S = "${UNPACKDIR}/checksecurity-${PV}+nmu1" # allow for anylocal, no need to patch LOGDIR = "/etc/checksecurity" diff --git a/dynamic-layers/meta-perl/recipes-security/bastille/bastille_3.2.1.bb b/dynamic-layers/meta-perl/recipes-security/bastille/bastille_3.2.1.bb index 7074f68..b95ec2d 100644 --- a/dynamic-layers/meta-perl/recipes-security/bastille/bastille_3.2.1.bb +++ b/dynamic-layers/meta-perl/recipes-security/bastille/bastille_3.2.1.bb @@ -35,7 +35,7 @@ SRC_URI = "http://sourceforge.net/projects/bastille-linux/files/bastille-linux/3 SRC_URI[md5sum] = "df803f7e38085aa5da79f85d0539f91b" SRC_URI[sha256sum] = "0ea25191b1dc1c8f91e1b6f8cb5436a3aa1e57418809ef902293448efed5021a" -S = "${WORKDIR}/Bastille" +S = "${UNPACKDIR}/Bastille" do_install () { install -d ${D}${sbindir} diff --git a/dynamic-layers/meta-perl/recipes-security/nikto/nikto_2.1.6.bb b/dynamic-layers/meta-perl/recipes-security/nikto/nikto_2.1.6.bb index 8c21b30..6d83265 100644 --- a/dynamic-layers/meta-perl/recipes-security/nikto/nikto_2.1.6.bb +++ b/dynamic-layers/meta-perl/recipes-security/nikto/nikto_2.1.6.bb @@ -10,7 +10,7 @@ SRCREV = "f1bbd1a8756c076c8fd4f4dd0bc34a8ef215ae79" SRC_URI = "git://github.com/sullo/nikto.git;branch=master;protocol=https \ file://location.patch" -S = "${WORKDIR}/git/program" +S = "${UNPACKDIR}/${BP}/program" do_install() { install -d ${D}${bindir} diff --git a/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_git.bb b/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_git.bb index 52d35f8..7312bf8 100644 --- a/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_git.bb +++ b/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_git.bb @@ -26,8 +26,6 @@ inherit systemd SYSTEMD_SERVICE:${PN} = "fail2ban.service" -S = "${UNPACKDIR}/git" - do_install:append () { rm -f ${D}/${bindir}/fail2ban-python install -d ${D}/${sysconfdir}/fail2ban diff --git a/meta-tpm/recipes-tpm/libtpm/libtpms_0.10.0.bb b/meta-tpm/recipes-tpm/libtpm/libtpms_0.10.0.bb index 55a4c01..3727bb3 100644 --- a/meta-tpm/recipes-tpm/libtpm/libtpms_0.10.0.bb +++ b/meta-tpm/recipes-tpm/libtpm/libtpms_0.10.0.bb @@ -7,7 +7,6 @@ SRC_URI = "git://github.com/stefanberger/libtpms.git;branch=stable-0.10;protocol PE = "2" -S = "${WORKDIR}/git" inherit autotools-brokensep pkgconfig perlnative PACKAGECONFIG ?= "openssl" diff --git a/meta-tpm/recipes-tpm/swtpm/swtpm_0.10.0.bb b/meta-tpm/recipes-tpm/swtpm/swtpm_0.10.0.bb index c7159e0..d5470f4 100644 --- a/meta-tpm/recipes-tpm/swtpm/swtpm_0.10.0.bb +++ b/meta-tpm/recipes-tpm/swtpm/swtpm_0.10.0.bb @@ -10,8 +10,6 @@ SRCREV = "54f4bb1e702a8b80d990ca00b6f72d5031dd131a" SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.10;protocol=https" PE = "2" -S = "${WORKDIR}/git" - PARALLEL_MAKE = "" inherit autotools pkgconfig perlnative diff --git a/meta-tpm/recipes-tpm1/hoth/libhoth_git.bb b/meta-tpm/recipes-tpm1/hoth/libhoth_git.bb index df1dc04..9d29f78 100644 --- a/meta-tpm/recipes-tpm1/hoth/libhoth_git.bb +++ b/meta-tpm/recipes-tpm1/hoth/libhoth_git.bb @@ -11,7 +11,5 @@ SRCREV = "e4827163741e0804f12ac96c81b8e97649be6795" DEPENDS += "libusb1" -S = "${WORKDIR}/git" - inherit pkgconfig meson diff --git a/meta-tpm/recipes-tpm1/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb b/meta-tpm/recipes-tpm1/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb index e3e643e..b792151 100644 --- a/meta-tpm/recipes-tpm1/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb +++ b/meta-tpm/recipes-tpm1/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb @@ -17,8 +17,6 @@ SRC_URI = "\ " SRCREV = "b28de5065e6eb9aa5d5afe2276904f7624c2cbaf" -S = "${WORKDIR}/git" - inherit autotools-brokensep pkgconfig # The definitions below are used to decrypt the srk password. diff --git a/meta-tpm/recipes-tpm1/pcr-extend/pcr-extend_git.bb b/meta-tpm/recipes-tpm1/pcr-extend/pcr-extend_git.bb index 2e5814b..efd8181 100644 --- a/meta-tpm/recipes-tpm1/pcr-extend/pcr-extend_git.bb +++ b/meta-tpm/recipes-tpm1/pcr-extend/pcr-extend_git.bb @@ -14,8 +14,6 @@ SRC_URI = "git://github.com/flihp/pcr-extend.git;branch=master;protocol=https \ inherit autotools -S = "${WORKDIR}/git" - do_configure[noexec] = "1" do_compile() { diff --git a/meta-tpm/recipes-tpm1/tpm-quote-tools/tpm-quote-tools_1.0.4.bb b/meta-tpm/recipes-tpm1/tpm-quote-tools/tpm-quote-tools_1.0.4.bb index 4672bba..4b82faf 100644 --- a/meta-tpm/recipes-tpm1/tpm-quote-tools/tpm-quote-tools_1.0.4.bb +++ b/meta-tpm/recipes-tpm1/tpm-quote-tools/tpm-quote-tools_1.0.4.bb @@ -18,5 +18,4 @@ DEPENDS = "libtspi tpm-tools" SRC_URI = "git://git.code.sf.net/p/tpmquotetools/tpm-quote-tools;branch=master" SRCREV = "4511874d5c9b4504bb96e94f8a14bd6c39a36295" -S = "${WORKDIR}/git" inherit autotools diff --git a/meta-tpm/recipes-tpm1/tpm-tools/tpm-tools_1.3.9.2.bb b/meta-tpm/recipes-tpm1/tpm-tools/tpm-tools_1.3.9.2.bb index 816f382..6d911c9 100644 --- a/meta-tpm/recipes-tpm1/tpm-tools/tpm-tools_1.3.9.2.bb +++ b/meta-tpm/recipes-tpm1/tpm-tools/tpm-tools_1.3.9.2.bb @@ -22,8 +22,6 @@ SRC_URI = " \ inherit autotools-brokensep gettext -S = "${UNPACKDIR}/git" - # Compile failing with gcc-14 CFLAGS += " -Wno-incompatible-pointer-types -Wno-stringop-truncation -Wno-error=implicit-function-declaration" BUILD_CFLAGS += " -Wno-incompatible-pointer-types -Wno-stringop-truncation -Wno-error=implicit-function-declaration" diff --git a/meta-tpm/recipes-tpm1/trousers/trousers_git.bb b/meta-tpm/recipes-tpm1/trousers/trousers_git.bb index 44a4ee6..abbb436 100644 --- a/meta-tpm/recipes-tpm1/trousers/trousers_git.bb +++ b/meta-tpm/recipes-tpm1/trousers/trousers_git.bb @@ -18,8 +18,6 @@ SRC_URI = " \ file://0001-build-don-t-override-localstatedir-mandir-sysconfdir.patch \ " -S = "${WORKDIR}/git" - inherit autotools pkgconfig useradd update-rc.d ${@bb.utils.contains('VIRTUAL-RUNTIME_init_manager','systemd','systemd','', d)} PACKAGECONFIG ?= "gmp " diff --git a/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_183-2024-03-27.bb b/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_183-2024-03-27.bb index 7ed9569..64df708 100644 --- a/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_183-2024-03-27.bb +++ b/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_183-2024-03-27.bb @@ -23,7 +23,7 @@ SRCREV = "c37c74438429e1d5fe465232e7bf894b239a2cd4" UPSTREAM_CHECK_GITTAGREGEX = "rev(?P\d+(\-\d+)+)" -S = "${WORKDIR}/git/src" +S = "${UNPACKDIR}/${BP}/src" CFLAGS += "-Wno-error=maybe-uninitialized" diff --git a/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_2.2.0.bb b/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_2.2.0.bb index 8e941d1..797222e 100644 --- a/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_2.2.0.bb +++ b/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_2.2.0.bb @@ -25,5 +25,3 @@ SRCREV = "0b9d77e304f68228b13b20ff0d72b0c16ffd2651" UPSTREAM_CHECK_GITTAGREGEX = "v(?P\d+(\.\d+)+)" EXTRA_OECONF = "--disable-tpm-1.2" - -S = "${WORKDIR}/git" diff --git a/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb b/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb index 9c60e2b..09bbef2 100644 --- a/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb +++ b/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb @@ -14,8 +14,6 @@ SRCREV = "0241b08f069f0fdb3612f5c1b938144dbe9be811" UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases" -S = "${WORKDIR}/git" - inherit autotools pkgconfig EFIDIR ?= "/EFI/BOOT" diff --git a/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb b/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb index d324e33..9c9f4c5 100644 --- a/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb +++ b/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb @@ -13,5 +13,3 @@ SRCREV = "96a1448753a48974149003bc90ea3990ae8e8d0b" SRC_URI = "git://github.com/tpm2-software/tpm2-totp.git;branch=master;protocol=https" inherit autotools-brokensep pkgconfig - -S = "${WORKDIR}/git" diff --git a/recipes-compliance/openscap/openscap_1.4.1.bb b/recipes-compliance/openscap/openscap_1.4.1.bb index 47034ad..3e5f00a 100644 --- a/recipes-compliance/openscap/openscap_1.4.1.bb +++ b/recipes-compliance/openscap/openscap_1.4.1.bb @@ -15,8 +15,6 @@ SRC_URI = "git://github.com/OpenSCAP/openscap.git;branch=main;protocol=https \ SRCREV = "23a8ea3de3c4fd6017db4067675a81287177166e" -S = "${UNPACKDIR}/git" - inherit cmake pkgconfig python3native python3targetconfig perlnative systemd PACKAGECONFIG ?= "python3 rpm perl gcrypt ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}" diff --git a/recipes-compliance/scap-security-guide/scap-security-guide_0.1.76.bb b/recipes-compliance/scap-security-guide/scap-security-guide_0.1.76.bb index 25309c7..d5a9406 100644 --- a/recipes-compliance/scap-security-guide/scap-security-guide_0.1.76.bb +++ b/recipes-compliance/scap-security-guide/scap-security-guide_0.1.76.bb @@ -15,7 +15,6 @@ SRC_URI = "git://github.com/ComplianceAsCode/content.git;branch=stable;protocol= DEPENDS = "openscap-native python3-pyyaml-native python3-jinja2-native libxml2-native expat-native coreutils-native" -S = "${UNPACKDIR}/git" B = "${S}/build" inherit cmake pkgconfig python3native python3targetconfig ptest diff --git a/recipes-ids/crowdsec/crowdsec_1.1.1.bb b/recipes-ids/crowdsec/crowdsec_1.1.1.bb index deccecf..fa13e9d 100644 --- a/recipes-ids/crowdsec/crowdsec_1.1.1.bb +++ b/recipes-ids/crowdsec/crowdsec_1.1.1.bb @@ -12,8 +12,6 @@ GO_IMPORT = "import" inherit go -S = "${UNPACKDIR}/git" - do_compile() { export GOARCH="${TARGET_GOARCH}" export GOROOT="${STAGING_LIBDIR_NATIVE}/${TARGET_SYS}/go" diff --git a/recipes-ids/ossec/ossec-hids_3.7.0.bb b/recipes-ids/ossec/ossec-hids_3.7.0.bb index d9f5121..f8ee993 100644 --- a/recipes-ids/ossec/ossec-hids_3.7.0.bb +++ b/recipes-ids/ossec/ossec-hids_3.7.0.bb @@ -15,9 +15,6 @@ UPSTREAM_CHECK_COMMITS = "1" inherit autotools-brokensep useradd -S = "${UNPACKDIR}/git" - - OSSEC_DIR = "/var/ossec" OSSEC_UID ?= "ossec" OSSEC_RUID ?= "ossecr" diff --git a/recipes-ids/suricata/libhtp_0.5.50.bb b/recipes-ids/suricata/libhtp_0.5.50.bb index 3a795ae..7695539 100644 --- a/recipes-ids/suricata/libhtp_0.5.50.bb +++ b/recipes-ids/suricata/libhtp_0.5.50.bb @@ -13,10 +13,6 @@ inherit autotools-brokensep pkgconfig CFLAGS += "-D_DEFAULT_SOURCE" -#S = "${UNPACKDIR}/suricata-${VER}/${BPN}" - -S = "${UNPACKDIR}/git" - do_configure () { cd ${S} ./autogen.sh diff --git a/recipes-ids/tripwire/tripwire_2.4.3.7.bb b/recipes-ids/tripwire/tripwire_2.4.3.7.bb index 3c85027..e2968e4 100644 --- a/recipes-ids/tripwire/tripwire_2.4.3.7.bb +++ b/recipes-ids/tripwire/tripwire_2.4.3.7.bb @@ -19,8 +19,6 @@ SRC_URI = "\ file://run-ptest \ " -S = "${UNPACKDIR}/git" - inherit autotools-brokensep update-rc.d ptest INITSCRIPT_NAME = "tripwire" diff --git a/recipes-kernel/lkrg/lkrg-module_0.9.7.bb b/recipes-kernel/lkrg/lkrg-module_0.9.7.bb index 20982a8..85a9644 100644 --- a/recipes-kernel/lkrg/lkrg-module_0.9.7.bb +++ b/recipes-kernel/lkrg/lkrg-module_0.9.7.bb @@ -13,8 +13,6 @@ SRC_URI = "git://github.com/lkrg-org/lkrg.git;protocol=https;branch=main" SRCREV = "5dc5cfea1f4dc8febdd5274d99e277c17df06acc" -S = "${UNPACKDIR}/git" - inherit module kernel-module-split MAKE_TARGETS = "modules" diff --git a/recipes-mac/AppArmor/apparmor_4.0.3.bb b/recipes-mac/AppArmor/apparmor_4.0.3.bb index 06a5010..9983157 100644 --- a/recipes-mac/AppArmor/apparmor_4.0.3.bb +++ b/recipes-mac/AppArmor/apparmor_4.0.3.bb @@ -23,7 +23,6 @@ SRC_URI = " \ " SRCREV = "b4dfdf50f50ed1d64161424d036a2453645f0cfe" -S = "${UNPACKDIR}/git" PARALLEL_MAKE = "" diff --git a/recipes-mac/smack/mmap-smack-test_1.0.bb b/recipes-mac/smack/mmap-smack-test_1.0.bb index b11fbf3..df2896c 100644 --- a/recipes-mac/smack/mmap-smack-test_1.0.bb +++ b/recipes-mac/smack/mmap-smack-test_1.0.bb @@ -5,8 +5,7 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda SRC_URI = "file://mmap.c" -S = "${WORKDIR}/sources" -UNPACKDIR = "${S}" +S = "${UNPACKDIR}" do_compile() { ${CC} mmap.c ${LDFLAGS} -o mmap_test diff --git a/recipes-mac/smack/smack-test_1.0.bb b/recipes-mac/smack/smack-test_1.0.bb index 0949cd5..4a581ee 100644 --- a/recipes-mac/smack/smack-test_1.0.bb +++ b/recipes-mac/smack/smack-test_1.0.bb @@ -10,8 +10,7 @@ SRC_URI = " \ file://test_smack_onlycap.sh \ " -S = "${WORKDIR}/sources" -UNPACKDIR = "${S}" +S = "${UNPACKDIR}" inherit features_check diff --git a/recipes-mac/smack/smack_1.3.1.bb b/recipes-mac/smack/smack_1.3.1.bb index 7b20e6b..99f79b7 100644 --- a/recipes-mac/smack/smack_1.3.1.bb +++ b/recipes-mac/smack/smack_1.3.1.bb @@ -23,9 +23,6 @@ inherit features_check REQUIRED_DISTRO_FEATURES = "smack" - -S = "${WORKDIR}/git" - PACKAGECONFIG ??= "" PACKAGECONFIG:append = " ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)}" diff --git a/recipes-mac/smack/tcp-smack-test_1.0.bb b/recipes-mac/smack/tcp-smack-test_1.0.bb index 370905d..8b7704f 100644 --- a/recipes-mac/smack/tcp-smack-test_1.0.bb +++ b/recipes-mac/smack/tcp-smack-test_1.0.bb @@ -8,8 +8,7 @@ SRC_URI = "file://tcp_server.c \ file://test_smack_tcp_sockets.sh \ " -S = "${WORKDIR}/sources" -UNPACKDIR = "${S}" +S = "${UNPACKDIR}" do_compile() { ${CC} tcp_client.c ${LDFLAGS} -o tcp_client diff --git a/recipes-mac/smack/udp-smack-test_1.0.bb b/recipes-mac/smack/udp-smack-test_1.0.bb index 861138d..1a2e011 100644 --- a/recipes-mac/smack/udp-smack-test_1.0.bb +++ b/recipes-mac/smack/udp-smack-test_1.0.bb @@ -8,8 +8,7 @@ SRC_URI = "file://udp_server.c \ file://test_smack_udp_sockets.sh \ " -S = "${WORKDIR}/sources" -UNPACKDIR = "${S}" +S = "${UNPACKDIR}" do_compile() { ${CC} udp_client.c ${LDFLAGS} -o udp_client diff --git a/recipes-scanners/checksec/checksec_2.6.0.bb b/recipes-scanners/checksec/checksec_2.6.0.bb index 4767239..192e249 100644 --- a/recipes-scanners/checksec/checksec_2.6.0.bb +++ b/recipes-scanners/checksec/checksec_2.6.0.bb @@ -9,8 +9,6 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=879b2147c754bc040c29e9c3b84da836" SRCREV = "2753ebb89fcdc96433ae8a4c4e5a49214a845be2" SRC_URI = "git://github.com/slimm609/checksec.sh;branch=main;protocol=https" -S = "${UNPACKDIR}/git" - do_install() { install -d ${D}${bindir} install -m 0755 ${S}/checksec ${D}${bindir} diff --git a/recipes-scanners/clamav/clamav_0.104.4.bb b/recipes-scanners/clamav/clamav_0.104.4.bb index 48cc75c..7b81fd0 100644 --- a/recipes-scanners/clamav/clamav_0.104.4.bb +++ b/recipes-scanners/clamav/clamav_0.104.4.bb @@ -21,7 +21,6 @@ SRC_URI = "git://github.com/Cisco-Talos/clamav;branch=rel/0.104;protocol=https \ file://headers_fixup.patch \ file://oe_cmake_fixup.patch \ " -S = "${UNPACKDIR}/git" LEAD_SONAME = "libclamav.so" SO_VER = "9.6.0" diff --git a/recipes-security/Firejail/firejail_0.9.72.bb b/recipes-security/Firejail/firejail_0.9.72.bb index 10023c1..cf0190d 100644 --- a/recipes-security/Firejail/firejail_0.9.72.bb +++ b/recipes-security/Firejail/firejail_0.9.72.bb @@ -16,8 +16,6 @@ SRC_URI = "git://github.com/netblue30/firejail.git;protocol=https;branch=master DEPENDS = "libseccomp" -S = "${UNPACKDIR}/git" - inherit autotools-brokensep pkgconfig bash-completion features_check REQUIRED_DISTRO_FEATURES = "seccomp" diff --git a/recipes-security/chipsec/chipsec_1.9.1.bb b/recipes-security/chipsec/chipsec_1.9.1.bb index 213b047..ef293bc 100644 --- a/recipes-security/chipsec/chipsec_1.9.1.bb +++ b/recipes-security/chipsec/chipsec_1.9.1.bb @@ -12,8 +12,6 @@ DEPENDS = "virtual/kernel nasm-native" SRC_URI = "git://github.com/chipsec/chipsec.git;branch=main;protocol=https" SRCREV = "d8c2a606bf440c32196c6289a7a458f3ae3107cc" -S = "${UNPACKDIR}/git" - inherit module setuptools3 EXTRA_OEMAKE = "CC='${CC}' LDFLAGS='${LDFLAGS}' CFLAGS='${CFLAGS}'" diff --git a/recipes-security/fscrypt/fscrypt_1.1.0.bb b/recipes-security/fscrypt/fscrypt_1.1.0.bb index c620c6e..6ccb8fe 100644 --- a/recipes-security/fscrypt/fscrypt_1.1.0.bb +++ b/recipes-security/fscrypt/fscrypt_1.1.0.bb @@ -20,8 +20,6 @@ inherit go goarch features_check REQUIRED_DISTRO_FEATURES = "pam" -S = "${UNPACKDIR}/git" - do_compile() { export GOARCH=${TARGET_GOARCH} export GOROOT="${STAGING_LIBDIR_NATIVE}/${TARGET_SYS}/go" diff --git a/recipes-security/fscryptctl/fscryptctl_1.1.0.bb b/recipes-security/fscryptctl/fscryptctl_1.1.0.bb index cf03a18..edd6943 100644 --- a/recipes-security/fscryptctl/fscryptctl_1.1.0.bb +++ b/recipes-security/fscryptctl/fscryptctl_1.1.0.bb @@ -12,8 +12,6 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" SRCREV = "7c80c73c084ce9ea49a03b814dac7a82fd7b4c23" SRC_URI = "git://github.com/google/fscryptctl.git;branch=master;protocol=https" -S = "${UNPACKDIR}/git" - do_compile:prepend() { sed -i 's/fscryptctl\.1//g' ${S}/Makefile sed -i 's/install-man//g' ${S}/Makefile diff --git a/recipes-security/glome/glome_git.bb b/recipes-security/glome/glome_git.bb index b99239e..5a0300f 100644 --- a/recipes-security/glome/glome_git.bb +++ b/recipes-security/glome/glome_git.bb @@ -10,7 +10,6 @@ inherit meson pkgconfig DEPENDS += "openssl" -S = "${UNPACKDIR}/git" SRC_URI = "git://github.com/google/glome.git;branch=master;protocol=https" SRCREV = "48d28f82bd51ae4bccc84fbbee93c375b026596b" diff --git a/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.09.bb b/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.09.bb index ba0531c..60f2c9e 100644 --- a/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.09.bb +++ b/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.09.bb @@ -8,8 +8,6 @@ SRCREV = "962f353aac6cfc7b804547319db40f8b804f0b6c" DEPENDS = "libpam" -S = "${UNPACKDIR}/git" - inherit autotools features_check REQUIRED_DISTRO_FEATURES = "pam" diff --git a/recipes-security/krill/krill_0.12.3.bb b/recipes-security/krill/krill_0.12.3.bb index d5917a1..472bac9 100644 --- a/recipes-security/krill/krill_0.12.3.bb +++ b/recipes-security/krill/krill_0.12.3.bb @@ -15,7 +15,6 @@ include krill-crates.inc UPSTREAM_CHECK_URI = "https://github.com/NLnetLabs/${BPN}/releases" UPSTREAM_CHECK_GITTAGREGEX = "v(?P\d+(\.\d+)+)" -S = "${UNPACKDIR}/git" CARGO_SRC_DIR = "" inherit pkgconfig useradd systemd cargo cargo-update-recipe-crates diff --git a/recipes-security/libest/libest_3.2.0.bb b/recipes-security/libest/libest_3.2.0.bb index 04bfcee..e6af2c6 100644 --- a/recipes-security/libest/libest_3.2.0.bb +++ b/recipes-security/libest/libest_3.2.0.bb @@ -20,8 +20,6 @@ EXTRA_OECONF = "--disable-pthreads --with-ssl-dir=${STAGING_LIBDIR}" CFLAGS += "-fcommon" LDFLAGS:append:libc-musl = " -lexecinfo" -S = "${UNPACKDIR}/git" - PACKAGES = "${PN} ${PN}-dbg ${PN}-dev" FILES:${PN} = "${bindir}/* ${libdir}/libest-3.2.0p.so" diff --git a/recipes-security/libgssglue/libgssglue_0.9.bb b/recipes-security/libgssglue/libgssglue_0.9.bb index 73e6dec..532227a 100644 --- a/recipes-security/libgssglue/libgssglue_0.9.bb +++ b/recipes-security/libgssglue/libgssglue_0.9.bb @@ -26,8 +26,6 @@ SRC_URI = "git://gitlab.com/gsasl/libgssglue.git;protocol=https;branch=master \ " SRCREV = "ada76bdaec665f70505f0b3aefe871b873e7c4b6" -S = "${WORKDIR}/git" - inherit autotools-brokensep ptest do_configure:prepend() { diff --git a/recipes-security/libmspack/libmspack_1.11.bb b/recipes-security/libmspack/libmspack_1.11.bb index 338701e..7203dee 100644 --- a/recipes-security/libmspack/libmspack_1.11.bb +++ b/recipes-security/libmspack/libmspack_1.11.bb @@ -11,6 +11,6 @@ SRC_URI = "git://github.com/kyz/libmspack.git;branch=master;protocol=https" inherit autotools -S = "${UNPACKDIR}/git/${BPN}" +S = "${UNPACKDIR}/${BP}/${BPN}" inherit autotools diff --git a/recipes-security/ncrack/ncrack_0.7.bb b/recipes-security/ncrack/ncrack_0.7.bb index 881ee38..f389e3c 100644 --- a/recipes-security/ncrack/ncrack_0.7.bb +++ b/recipes-security/ncrack/ncrack_0.7.bb @@ -13,6 +13,4 @@ DEPENDS = "openssl zlib" inherit autotools-brokensep -S = "${UNPACKDIR}/git" - INSANE_SKIP:${PN} = "already-stripped" diff --git a/recipes-security/redhat-security/redhat-security_1.0.bb b/recipes-security/redhat-security/redhat-security_1.0.bb index 1f0ba6c..edd34f7 100644 --- a/recipes-security/redhat-security/redhat-security_1.0.bb +++ b/recipes-security/redhat-security/redhat-security_1.0.bb @@ -18,8 +18,7 @@ SRC_URI = "file://find-chroot-py.sh \ file://selinux-check-devices.sh \ file://selinux-ls-unconfined.sh" -S = "${WORKDIR}/sources" -UNPACKDIR = "${S}" +S = "${UNPACKDIR}" do_install() { install -d ${D}${bindir} From patchwork Fri Jul 4 17:11:09 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Scott Murray X-Patchwork-Id: 66260 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2B0FDC83F0C for ; Fri, 4 Jul 2025 17:11:58 +0000 (UTC) Received: from mail-qt1-f175.google.com (mail-qt1-f175.google.com [209.85.160.175]) by mx.groups.io with SMTP id smtpd.web10.1067.1751649114584268993 for ; Fri, 04 Jul 2025 10:11:54 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@konsulko.com header.s=google header.b=Hfdhe5SK; spf=pass (domain: konsulko.com, ip: 209.85.160.175, mailfrom: scott.murray@konsulko.com) Received: by mail-qt1-f175.google.com with SMTP id d75a77b69052e-4a44b0ed780so13368501cf.3 for ; Fri, 04 Jul 2025 10:11:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=konsulko.com; s=google; t=1751649113; x=1752253913; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=VrbDCebYBXx1OkEJTFVzKAx9LL7cbCFsZrF1YY4ZQpI=; b=Hfdhe5SKdLdfvFFWcYCWhpJnbRPIcTrDLfjvgGVEv7ItoSL4YXYuC4MdsOq3mB8eNk 6LutCWWInsc0toIq9BYQ4hXu65nvQS3UumYYi6LdFyxcarcrVD6YsGUEnlA17wy9nMEX 6GV7DeSHCFzJQbkapa84+T7Q/WQp5bDOqPnL8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751649113; x=1752253913; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=VrbDCebYBXx1OkEJTFVzKAx9LL7cbCFsZrF1YY4ZQpI=; b=npVOByUKl9NGhcv17ZNGKLFOu9QvlHceotkOyZgI93pBInEAyQQ5cIZWnLQXG37GCm vYWj5EwwA36Dl907gPIk9TQXGMRcDqu9MX8suRXKL82KlsafRd9zav79z3OdywMOKY0S X1UX9iL8mIQ8nR9n4pKgcfVrygmr7UroV9VEmjP//twnNGoeeSdV+g04wobo+l4qLk4e krCLBHC5WjDg9L7y9hYuKnd5jW8lfAWEwheQjgLfG13JJ52aP4vEm2FcjN/1aOxo+BXc ZweHvQWuIRiWimjE20sIpcPRUVlJUwx6EDGqcEkhHJKp5z1IoWggl0qmIObobyVC6bt8 ZxXg== X-Gm-Message-State: AOJu0YwSQc+6RZHI3yLdSbmAcRlZde6yaqJWa2brZR9cx650YGJkMxyw CR1uIX9c/Y7cHTuSWs55Th3jazcYt0eMM+taQ00NwdwxXazsSciSPVp4KzSF2ksZCOkuRQanplx hnagO X-Gm-Gg: ASbGncuNbx0FVvRcyjzRE183g44qM8jZLFawCIWVGcaQK97gW4LHPQRVAHY5XY7ADh3 Ddi9Xb7swsu6c61tv+bkqhNIDeXSTb/KdpP+sqAPhXKjAtEXzkYNd6PRQxBhctNFw1q+1pQwsM+ C5HVLxVc4itftrG3/KQ+fIlpWBy5iLh35Xk30b6nzUHSuVMelH/5sOyQVS8Hq8DqeqPxL/rIZkT 6OS+bcw/Md+9llZRykoUyAdDFjYvwgfPaPnrv5M0zyiQxktbOONr4GtH1A9bdx7cndOajmn5EOr jaUtDpjQmQJm8X4IhU0XT5iRUQDa1wwlB7L08v8j26WBRiLRQrFESfYfUXxUxhDYEYW3XXdAud/ OHCCepK4wbxpE/aiG19EJnJuWJj8tERMfSCttH5rDIx44qlA9 X-Google-Smtp-Source: AGHT+IHXbW7pWFXtVZzRSDA2+dVBYyN9UGLyhRQlIDqUk2+arUC/dV/5nYjteLbvY7TG4S2QzKhYbw== X-Received: by 2002:a05:622a:118e:b0:4a7:6586:8d9 with SMTP id d75a77b69052e-4a996460a98mr45954231cf.12.1751649113162; Fri, 04 Jul 2025 10:11:53 -0700 (PDT) Received: from ghidorah.spiteful.org (107-179-213-3.cpe.teksavvy.com. [107.179.213.3]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-4a9949f99dcsm17249611cf.19.2025.07.04.10.11.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 04 Jul 2025 10:11:52 -0700 (PDT) From: Scott Murray To: yocto-patches@lists.yoctoproject.org Cc: Anton Antonov , Anton Antonov , Scott Murray Subject: [meta-security][PATCH 05/12] parsec-service: update PACKAGECONFIG options as lists of cargo build features Date: Fri, 4 Jul 2025 13:11:09 -0400 Message-ID: X-Mailer: git-send-email 2.50.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 04 Jul 2025 17:11:58 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/1757 From: Anton Antonov After commit 7a2b9acef2 "cargo: pass PACKAGECONFIG_CONFARGS to cargo build" we don't need to include Parsec cargo build features into CARGO_BUILD_FLAGS. Let's update PACKAGECONFIG options as lists of features. A small fix in readme.md as well. Signed-off-by: Anton Antonov Signed-off-by: Scott Murray --- meta-parsec/README.md | 4 ++-- .../parsec-service/parsec-service_1.4.1.bb | 15 ++++++--------- 2 files changed, 8 insertions(+), 11 deletions(-) diff --git a/meta-parsec/README.md b/meta-parsec/README.md index 9dea718..a5472ae 100644 --- a/meta-parsec/README.md +++ b/meta-parsec/README.md @@ -112,7 +112,7 @@ You might need to change permissions or add the account into `kvm` unix group. - Add into your `local.conf`: ``` -INHERIT += "testimage" +IMAGE_CLASSES += "testimage" TEST_SUITES = "ping ssh parsec" ``` - Build your image @@ -129,7 +129,7 @@ bitbake -c testimage - Add into your `local.conf`: ``` DISTRO_FEATURES += " tpm2" -INHERIT += "testimage" +IMAGE_CLASSES += "testimage" TEST_SUITES = "ping ssh parsec" ``` - Build security-parsec-image image diff --git a/meta-parsec/recipes-parsec/parsec-service/parsec-service_1.4.1.bb b/meta-parsec/recipes-parsec/parsec-service/parsec-service_1.4.1.bb index 49467cd..baa02fb 100644 --- a/meta-parsec/recipes-parsec/parsec-service/parsec-service_1.4.1.bb +++ b/meta-parsec/recipes-parsec/parsec-service/parsec-service_1.4.1.bb @@ -21,15 +21,12 @@ PACKAGECONFIG ??= "PKCS11 MBED-CRYPTO" have_TPM = "${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', 'TPM', '', d)}" PACKAGECONFIG:append = " ${@bb.utils.contains('BBFILE_COLLECTIONS', 'tpm-layer', '${have_TPM}', '', d)}" -PACKAGECONFIG[ALL] = "all-providers cryptoki/generate-bindings tss-esapi/generate-bindings,,tpm2-tss libts,tpm2-tss libtss2-tcti-device libts" -PACKAGECONFIG[TPM] = "tpm-provider tss-esapi/generate-bindings,,tpm2-tss,tpm2-tss libtss2-tcti-device" -PACKAGECONFIG[PKCS11] = "pkcs11-provider cryptoki/generate-bindings," -PACKAGECONFIG[MBED-CRYPTO] = "mbed-crypto-provider," -PACKAGECONFIG[CRYPTOAUTHLIB] = "cryptoauthlib-provider," -PACKAGECONFIG[TS] = "trusted-service-provider,,libts,libts" - -PARSEC_FEATURES = "${@d.getVar('PACKAGECONFIG_CONFARGS').strip().replace(' ', ',')}" -CARGO_BUILD_FLAGS += " --features ${PARSEC_FEATURES}" +PACKAGECONFIG[ALL] = "-F all-providers -F cryptoki/generate-bindings -F tss-esapi/generate-bindings,,tpm2-tss libts,tpm2-tss libtss2-tcti-device libts" +PACKAGECONFIG[TPM] = "-F tpm-provider -F tss-esapi/generate-bindings,,tpm2-tss,tpm2-tss libtss2-tcti-device" +PACKAGECONFIG[PKCS11] = "-F pkcs11-provider -F cryptoki/generate-bindings," +PACKAGECONFIG[MBED-CRYPTO] = "-F mbed-crypto-provider," +PACKAGECONFIG[CRYPTOAUTHLIB] = "-F cryptoauthlib-provider," +PACKAGECONFIG[TS] = "-F trusted-service-provider,,libts,libts" export BINDGEN_EXTRA_CLANG_ARGS target = "${@d.getVar('TARGET_SYS').replace('-', ' ')}" From patchwork Fri Jul 4 17:11:10 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Scott Murray X-Patchwork-Id: 66257 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2AE80C83F09 for ; Fri, 4 Jul 2025 17:11:58 +0000 (UTC) Received: from mail-qt1-f172.google.com (mail-qt1-f172.google.com [209.85.160.172]) by mx.groups.io with SMTP id smtpd.web10.1070.1751649115528243175 for ; Fri, 04 Jul 2025 10:11:55 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@konsulko.com header.s=google header.b=JG4eAqXj; spf=pass (domain: konsulko.com, ip: 209.85.160.172, mailfrom: scott.murray@konsulko.com) Received: by mail-qt1-f172.google.com with SMTP id d75a77b69052e-4a44b0ed780so13368641cf.3 for ; Fri, 04 Jul 2025 10:11:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=konsulko.com; s=google; t=1751649114; x=1752253914; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=zGf2RYiiySC/5mDRzwfx20QxCK8N7FWXFtnT1SjtCUI=; b=JG4eAqXjZ8lz6qyQI3eHz6tGlVydOD1dwlCBFixx6Div4a5dS8qJSrtQQ9M46I2szx rAgOiUEBmQrqiaZi5V4ZsSG2nKJQJO5g07N3yjwyFfiffzxemPsQwsQ2ZISGLE/dS6ig XGS9FMjeK4GsV/C0br3c1I5oMr61Adc0qE3ao= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751649114; x=1752253914; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=zGf2RYiiySC/5mDRzwfx20QxCK8N7FWXFtnT1SjtCUI=; b=oP50xT2ItvjPqFFF4cnsoLI1KOfX3o5kspF4ZuVnqSsT6xXznX8LNsVkPKdzUle46P TTtPePUPdV2KBLWdC8XfovDNNkzj5jsGKzW2V/FZ0UWNRovyilm2fWMGhX59h715gWg3 +8VOwnElnezLhE21ncbpY8PG6FxyWdrj0YKltCagErt+P0Ipob1u//m0mFkvcqKJp2v7 4ewRIIWzPta/aK+W4iIp3SC6S+ouCUXdsEOxGOk8PK117orLzT28UmHhUZSU9zsm2POh xvCpPF9CgEiIdQM8IdowEn4TZskgv1R/mNxE9SRsSK2n/wbOT9TjQhCp2NuU198yYpqp Ksog== X-Gm-Message-State: AOJu0YxlUS5r360antXg6HPfmM2EBwaLcD4PjYSX4+m5J8lARnPfnZEB 1j7PcSvHwCjg+Xvoy7IDITndRLCUjLmmJc3GTtMlM1ohQ4lZ19E3iTZTj2xhDMw9HuL9W+WGpMw Q8MJx X-Gm-Gg: ASbGncuZAYXpKBdRuBH4WhukAujOeVlLPSzDo/BGScbamRyAaqJAVqUxHwrOnFVwbgu C07bMKsZb17xdPzhymOUadZ6EgT5HNZGOy2RZrfZS4XUtGdsD6Ws65XFHky/CMiAcAEe22HDMGP vXxHV+yRKvS+VcSnw73gjfHajwMDDRgTkphLOK43qhpDuJ2xmFms53zNedQ3KyUvK7dHYxl5mq9 WoS7AplGSupp86z8aWdZU8zmp88uy7EPt9lEIGH75BSbisEBWxKtmnjqdWrbWgg7ujwmQGfwjEB /EJNzJwbWS8Z7nzAXTE7lA2Zc4dd53BILZ7mXdpKrZPnEKZgVi757WbKqtvf7KmUzeMRHzCQqh3 l0hDCSIq8KEJ3Y9mS9AjePd2eTf9eLYkDfIqFAg== X-Google-Smtp-Source: AGHT+IHpvnWsWdkrMM6NZzoU2ejMa+P2pZoVPD/3l58WLWWcQ8yS2Dq9O753I3egiQBzx0zZ7gKVQA== X-Received: by 2002:ac8:5a8f:0:b0:477:c04:b512 with SMTP id d75a77b69052e-4a99647de63mr53636551cf.16.1751649114339; Fri, 04 Jul 2025 10:11:54 -0700 (PDT) Received: from ghidorah.spiteful.org (107-179-213-3.cpe.teksavvy.com. [107.179.213.3]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-4a9949f99dcsm17249611cf.19.2025.07.04.10.11.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 04 Jul 2025 10:11:53 -0700 (PDT) From: Scott Murray To: yocto-patches@lists.yoctoproject.org Cc: Marta Rybczynska , Scott Murray Subject: [meta-security][PATCH 06/12] scap-security-guide: fix fetch Date: Fri, 4 Jul 2025 13:11:10 -0400 Message-ID: <4822b91ef5d662cd1a63dd24b0c36ab6da732ddb.1751647559.git.scott.murray@konsulko.com> X-Mailer: git-send-email 2.50.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 04 Jul 2025 17:11:58 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/1758 From: Marta Rybczynska The project does not use release branches; their release model currently rebases the stable branch each release and relies on the release tags to keep the commits referenced. Until their release model changes, just use the release commit with nobranch. See upstream issue [1] for details. [1] https://github.com/ComplianceAsCode/content/issues/13543 Signed-off-by: Marta Rybczynska [tweaked commit message] Signed-off-by: Scott Murray --- .../scap-security-guide/scap-security-guide_0.1.76.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes-compliance/scap-security-guide/scap-security-guide_0.1.76.bb b/recipes-compliance/scap-security-guide/scap-security-guide_0.1.76.bb index d5a9406..b9f7a70 100644 --- a/recipes-compliance/scap-security-guide/scap-security-guide_0.1.76.bb +++ b/recipes-compliance/scap-security-guide/scap-security-guide_0.1.76.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=9bfa86579213cb4c6adaffface6b2820" LICENSE = "BSD-3-Clause" SRCREV = "616d4363527acb61c6494a97f3ceb47ec90f65fd" -SRC_URI = "git://github.com/ComplianceAsCode/content.git;branch=stable;protocol=https \ +SRC_URI = "git://github.com/ComplianceAsCode/content.git;nobranch=1;protocol=https \ file://run_eval.sh \ file://run-ptest \ " From patchwork Fri Jul 4 17:11:11 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Scott Murray X-Patchwork-Id: 66259 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 39F6FC83F0F for ; Fri, 4 Jul 2025 17:11:58 +0000 (UTC) Received: from mail-qt1-f175.google.com (mail-qt1-f175.google.com [209.85.160.175]) by mx.groups.io with SMTP id smtpd.web11.1106.1751649116865797859 for ; Fri, 04 Jul 2025 10:11:57 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@konsulko.com header.s=google header.b=a8CqhUnJ; spf=pass (domain: konsulko.com, ip: 209.85.160.175, mailfrom: scott.murray@konsulko.com) Received: by mail-qt1-f175.google.com with SMTP id d75a77b69052e-4a44e94f0b0so14389701cf.1 for ; Fri, 04 Jul 2025 10:11:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=konsulko.com; s=google; t=1751649115; x=1752253915; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=4tV5PCAWtLfSx/58wzTy4ytbhV/e6XFVT0/2dsinBTg=; b=a8CqhUnJH0xzt/vknVsEh8IxzAHT5QnI/WD8Em5r580fgzyZ91QwWBJzUdx6jVR31k nzJZMtFU2IKURGBcWzue9oInCo7neRTkY+3oio8odV2YZSeXYrU+WRMaY3dGnoqZpc/z hcA5yuBKKqsvs173uarPjj11ZrBHXeJbvm4lQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751649115; x=1752253915; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4tV5PCAWtLfSx/58wzTy4ytbhV/e6XFVT0/2dsinBTg=; b=lnkwepHNDBiED7cfDDXkoUkr+AUOOAqRJFCLamlWqgD+QwGOlZ4ksHjO+p6YoyRIa6 PAy4UG/1hL6JQsqifsISo/7gTq40HRmnPKfDQ0CtS46n2lLQwu+jq97+L4/sYrfCfWGN RVqKysfvi1uVKp7D4UyJYWkLTT5OfvDngxYgjFsXvX8gy72V6LitbexrpHPvqz5ulMDU 0C7f5nYcI01yDHwnZRe7geuP3xoxbYI9BtOeVvYahccBzKJvJ+Z8A1Qj3h2pXJdHl6s5 Im1ibti8BIZIgcbOkDhKUxxSoTkUYAmf21xCu/ImX7ERBaVvx4qOoFrPGnzqvSFCTAuk 4Wng== X-Gm-Message-State: AOJu0YzTe1U72paFIeLfLCcHNHkmdJ9V3iIREddW+1WkhO0qgq6+SJuu u4/hzdkhEPkmbYuywRfM+ehDvrtfunTdYMXDQsX0qmssU4KiYXR04R3lnfjHZqxV7EWU96A84Ss dzBKL X-Gm-Gg: ASbGnctY17n5CmP0oejcvOqiwDlokN+gqaf1P5zfBhZjmZC4Y5kAyK0+vvckN9Gjgmq c7C+5WkJ5WmGRBuZiN37Le4QJNKPtzqtuNhow6a4mfdb/yDbHLinCG6SaWA/upJDTfHgNGtZrqQ gVwGusqWE7MEMgrxYARqPbTKUlGila+icegnZH1cusRzbii6eVNTEbdwZRBGcfXOzyTZpOPHhEI MVsbiZ4zCAVVFCa6QojOvCRE3KdV3NfJALNXQYTABAoCMxaf6Nl/p+AIEO7kSC6mANJszqIbn8Y 1fl46YSXKDHYQgfVUFwmRBysnNU999hivA0ZPlQERo7xqM7LST0Me6iPFzPjd9r/iSoF/8lkDEI mA+bjsqxFgmaNjZpX1JHfzTwVBEt5nHiYPfoQag== X-Google-Smtp-Source: AGHT+IE+QrwToVlcPSW2dIu9e1Mx2Lyf3IN+zEq2Sn7GxXwLzRXp6duUAjT5xhf7A1VpP1p1uPjMYQ== X-Received: by 2002:a05:622a:11c3:b0:4a5:aa42:49e6 with SMTP id d75a77b69052e-4a9964fee4bmr53762261cf.32.1751649115425; Fri, 04 Jul 2025 10:11:55 -0700 (PDT) Received: from ghidorah.spiteful.org (107-179-213-3.cpe.teksavvy.com. [107.179.213.3]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-4a9949f99dcsm17249611cf.19.2025.07.04.10.11.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 04 Jul 2025 10:11:54 -0700 (PDT) From: Scott Murray To: yocto-patches@lists.yoctoproject.org Cc: Scott Murray Subject: [meta-security][PATCH 07/12] sshguard: Update to 2.5.1 Date: Fri, 4 Jul 2025 13:11:11 -0400 Message-ID: X-Mailer: git-send-email 2.50.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 04 Jul 2025 17:11:58 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/1759 This picks up required gcc 15 fixes. Changelog: https://bitbucket.org/sshguard/sshguard/src/master/CHANGELOG.rst Signed-off-by: Scott Murray --- .../sshguard/{sshguard_2.4.3.bb => sshguard_2.5.1.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename recipes-security/sshguard/{sshguard_2.4.3.bb => sshguard_2.5.1.bb} (79%) diff --git a/recipes-security/sshguard/sshguard_2.4.3.bb b/recipes-security/sshguard/sshguard_2.5.1.bb similarity index 79% rename from recipes-security/sshguard/sshguard_2.4.3.bb rename to recipes-security/sshguard/sshguard_2.5.1.bb index de3d856..db5bad8 100644 --- a/recipes-security/sshguard/sshguard_2.4.3.bb +++ b/recipes-security/sshguard/sshguard_2.5.1.bb @@ -6,6 +6,6 @@ LICENSE = "BSD-1-Clause" SRC_URI = "https://sourceforge.net/projects/sshguard/files/sshguard/${PV}/sshguard-${PV}.tar.gz" -SRC_URI[sha256sum] = "64029deff6de90fdeefb1f497d414f0e4045076693a91da1a70eb7595e97efeb" +SRC_URI[sha256sum] = "997a1e0ec2b2165b4757c42f8948162eb534183946af52efc406885d97cb89fc" inherit autotools-brokensep From patchwork Fri Jul 4 17:11:12 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Scott Murray X-Patchwork-Id: 66267 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3DE8CC83F09 for ; Fri, 4 Jul 2025 17:12:08 +0000 (UTC) Received: from mail-qt1-f169.google.com (mail-qt1-f169.google.com [209.85.160.169]) by mx.groups.io with SMTP id smtpd.web11.1107.1751649118287495016 for ; Fri, 04 Jul 2025 10:11:58 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@konsulko.com header.s=google header.b=bFvXBFES; spf=pass (domain: konsulko.com, ip: 209.85.160.169, mailfrom: scott.murray@konsulko.com) Received: by mail-qt1-f169.google.com with SMTP id d75a77b69052e-4a44b9b2af8so6691771cf.3 for ; Fri, 04 Jul 2025 10:11:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=konsulko.com; s=google; t=1751649117; x=1752253917; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=dzBOAP0wooPATnmkWbdqygk3pa5qIz7QrMIxoB6/zY0=; b=bFvXBFESyyKbpArysPeQMgdb9DdMT5q7HjbvCukMwJVRmlueKCMS70nZjYdA5pLEzt TRkSGxDjwVajf6xCnoC0SVeFRURVen4XkyT4ySo6Be/rT6dSIZmEfN7yCms48DF5+mRU FPTYP0fXBCp81CA8IzzvJD1UAJjnO3C16NL2g= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751649117; x=1752253917; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=dzBOAP0wooPATnmkWbdqygk3pa5qIz7QrMIxoB6/zY0=; b=Htsh2nySqWWJW1ht53rhEKw1PW1kggwAi8OVDy53Rj1L2Y5wdSD9UFNYQlODyXMxbz cNoqKUjr6K1LHu1wT1m1JokVUfdVYGx98QJ/Ke73PJ4qFMZ1tbI2Z3U82fJBdZud7nzc xz4Z5TOlZMdWYDlCrFsKCPSUTP1CRP/zO3frvC9Q092xmUG4hmvM4NzVsHQRjLMfn0Wg DpIWrnm5GBHol+sWODNty7SXxPxbBdRzItOPc8/0rC4iJyD55j925E/lmK3r8mqneGcb 6qEOAg3E7tkkgUN+Q0ONfwO9jcCV6tQJSWzpC0a1nMJbaVrvZ7Uzufg2zPEtOrrHuVZv M9yQ== X-Gm-Message-State: AOJu0YynzHFXvl5twSVhh6ZLCbRJX1yLHagJCkkFSyOZhi1fvTEs0XGP J3pddZEzCLfaI+gxk7Ozeb2/hioREUs/OTbEgWm4k9cqfMyKOpdljUdVcf8JJtq0T3ABZWf9x+y 9hkDR X-Gm-Gg: ASbGncsQjUdxYtIi4KqQlqLh/eLFo/JCP3idP4fkqExS/uqfMRyuYOubLP4hMPm2RlL L/8DB8fPdampZ4i4ZHuUmPKVxsKg7jphaqUh1SX+UXabwHlGCd1UERpv2OsK2v04gDJ51CMXuY4 iXV79k967ZBHxgUk9ckHJHdS5NqHzNI2rxKhZfqEj96fMbYOwMT/SGIA5CRV/Jh9Gy/cbm+LFB3 qPb2lnCTZdhiV0Kv6cMPJHblGxgfcUKbOjL0JSRbsfePe4UqoTkTn5TM7jjLC1wp949TW/42RlT HM3qMrnHCll69gj2SQLFZJDs4UNCuAUmwdCuv0ZuZK0x5dco7JC98DFO42pSjo/2nKLvGmbDHKD WQtge2gGSypRz5t5N9JHvgTSBh+kppSRyVN7q2Q== X-Google-Smtp-Source: AGHT+IEsKfVTTzn8Tw7O3+pICOQ64l37OgR+q94MF/evG2nLqKXujovuEV+QB62Mr95zuc/4O7oxSw== X-Received: by 2002:a05:622a:6088:b0:4a4:3766:3180 with SMTP id d75a77b69052e-4a99887a536mr41585431cf.47.1751649116791; Fri, 04 Jul 2025 10:11:56 -0700 (PDT) Received: from ghidorah.spiteful.org (107-179-213-3.cpe.teksavvy.com. [107.179.213.3]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-4a9949f99dcsm17249611cf.19.2025.07.04.10.11.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 04 Jul 2025 10:11:56 -0700 (PDT) From: Scott Murray To: yocto-patches@lists.yoctoproject.org Cc: Scott Murray Subject: [meta-security][PATCH 08/12] libhoth: update to latest Date: Fri, 4 Jul 2025 13:11:12 -0400 Message-ID: X-Mailer: git-send-email 2.50.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 04 Jul 2025 17:12:08 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/1760 Update libhoth SRCREV to its latest commit, and add patches to fix gcc 15 and build dependency issues. Since the last update was so long ago, the changelog is longer than seems reasonable to include here, please refer to: https://github.com/google/libhoth/commits/main/?since=2024-01-16&until=2025-07-03 Signed-off-by: Scott Murray --- .../0001-Fix-building-with-gcc-15.patch | 151 ++++++++++++++++++ ...02-Fix-building-without-dbus-backend.patch | 36 +++++ meta-tpm/recipes-tpm1/hoth/libhoth_git.bb | 11 +- 3 files changed, 196 insertions(+), 2 deletions(-) create mode 100644 meta-tpm/recipes-tpm1/hoth/libhoth/0001-Fix-building-with-gcc-15.patch create mode 100644 meta-tpm/recipes-tpm1/hoth/libhoth/0002-Fix-building-without-dbus-backend.patch diff --git a/meta-tpm/recipes-tpm1/hoth/libhoth/0001-Fix-building-with-gcc-15.patch b/meta-tpm/recipes-tpm1/hoth/libhoth/0001-Fix-building-with-gcc-15.patch new file mode 100644 index 0000000..5004c66 --- /dev/null +++ b/meta-tpm/recipes-tpm1/hoth/libhoth/0001-Fix-building-with-gcc-15.patch @@ -0,0 +1,151 @@ +From 59dfffdb03654e004d848e8f6639ba066f7786a1 Mon Sep 17 00:00:00 2001 +From: Scott Murray +Date: Thu, 3 Jul 2025 17:41:16 -0400 +Subject: [PATCH 1/2] Fix building with gcc 15 + +Correct function signatures of a few of the htool command functions +to fix gcc 15 errors from incompatible function pointer types. + +Upstream-Status: Pending +Signed-off-by: Scott Murray +--- + examples/htool_key_rotation.c | 6 +++--- + examples/htool_key_rotation.h | 6 +++--- + examples/htool_payload.c | 2 +- + examples/htool_payload.h | 2 +- + examples/htool_payload_update.c | 2 +- + examples/htool_payload_update.h | 2 +- + examples/htool_statistics.c | 2 +- + examples/htool_statistics.h | 3 ++- + 8 files changed, 13 insertions(+), 12 deletions(-) + +diff --git a/examples/htool_key_rotation.c b/examples/htool_key_rotation.c +index af7ef59..3b938cd 100644 +--- a/examples/htool_key_rotation.c ++++ b/examples/htool_key_rotation.c +@@ -43,7 +43,7 @@ static const char *get_validation_method_string(uint32_t validation_method) { + } + } + +-int htool_key_rotation_get_status(void) { ++int htool_key_rotation_get_status(const struct htool_invocation* inv) { + struct libhoth_device *dev = htool_libhoth_device(); + if (!dev) { + return -1; +@@ -65,7 +65,7 @@ int htool_key_rotation_get_status(void) { + return 0; + } + +-int htool_key_rotation_get_version(void) { ++int htool_key_rotation_get_version(const struct htool_invocation* inv) { + struct libhoth_device *dev = htool_libhoth_device(); + if (!dev) { + return -1; +@@ -161,7 +161,7 @@ int htool_key_rotation_update(const struct htool_invocation *inv) { + return result; + } + +-int htool_key_rotation_payload_status() { ++int htool_key_rotation_payload_status(const struct htool_invocation* inv) { + struct libhoth_device *dev = htool_libhoth_device(); + if (!dev) { + return -1; +diff --git a/examples/htool_key_rotation.h b/examples/htool_key_rotation.h +index 1dbfc02..cbcde98 100644 +--- a/examples/htool_key_rotation.h ++++ b/examples/htool_key_rotation.h +@@ -23,9 +23,9 @@ extern "C" { + #endif + + struct htool_invocation; +-int htool_key_rotation_get_status(); +-int htool_key_rotation_get_version(); +-int htool_key_rotation_payload_status(); ++int htool_key_rotation_get_status(const struct htool_invocation* inv); ++int htool_key_rotation_get_version(const struct htool_invocation* inv); ++int htool_key_rotation_payload_status(const struct htool_invocation* inv); + int htool_key_rotation_read(const struct htool_invocation* inv); + int htool_key_rotation_read_chunk_type(const struct htool_invocation* inv); + int htool_key_rotation_update(const struct htool_invocation* inv); +diff --git a/examples/htool_payload.c b/examples/htool_payload.c +index cada560..5a87660 100644 +--- a/examples/htool_payload.c ++++ b/examples/htool_payload.c +@@ -29,7 +29,7 @@ + #include "protocol/payload_info.h" + #include "protocol/payload_status.h" + +-int htool_payload_status() { ++int htool_payload_status(const struct htool_invocation* inv) { + struct libhoth_device* dev = htool_libhoth_device(); + if (!dev) { + return -1; +diff --git a/examples/htool_payload.h b/examples/htool_payload.h +index f218034..82c77ac 100644 +--- a/examples/htool_payload.h ++++ b/examples/htool_payload.h +@@ -24,7 +24,7 @@ + extern "C" { + #endif + +-int htool_payload_status(); ++int htool_payload_status(const struct htool_invocation* inv); + int htool_payload_info(const struct htool_invocation* inv); + + #ifdef __cplusplus +diff --git a/examples/htool_payload_update.c b/examples/htool_payload_update.c +index 8e3beb3..6cf44f1 100644 +--- a/examples/htool_payload_update.c ++++ b/examples/htool_payload_update.c +@@ -125,7 +125,7 @@ const char *payload_update_getstatus_half_string(uint8_t h) { + } + } + +-int htool_payload_update_getstatus() { ++int htool_payload_update_getstatus(const struct htool_invocation* inv) { + struct libhoth_device *dev = htool_libhoth_device(); + if (!dev) { + return -1; +diff --git a/examples/htool_payload_update.h b/examples/htool_payload_update.h +index f87c5e7..55c6b44 100644 +--- a/examples/htool_payload_update.h ++++ b/examples/htool_payload_update.h +@@ -24,7 +24,7 @@ extern "C" { + + struct htool_invocation; + int htool_payload_update(const struct htool_invocation* inv); +-int htool_payload_update_getstatus(); ++int htool_payload_update_getstatus(const struct htool_invocation* inv); + + #ifdef __cplusplus + } +diff --git a/examples/htool_statistics.c b/examples/htool_statistics.c +index 4c5b536..6bca31a 100644 +--- a/examples/htool_statistics.c ++++ b/examples/htool_statistics.c +@@ -178,7 +178,7 @@ const char* PayloadUpdateErrorToString(uint16_t reason) { + } + } + +-int htool_statistics() { ++int htool_statistics(const struct htool_invocation* inv) { + struct libhoth_device* dev = htool_libhoth_device(); + if (!dev) { + return -1; +diff --git a/examples/htool_statistics.h b/examples/htool_statistics.h +index 2dd59b6..fe54eda 100644 +--- a/examples/htool_statistics.h ++++ b/examples/htool_statistics.h +@@ -19,7 +19,8 @@ + extern "C" { + #endif + +-int htool_statistics(); ++struct htool_invocation; ++int htool_statistics(const struct htool_invocation* inv); + + #ifdef __cplusplus + } +-- +2.50.0 + diff --git a/meta-tpm/recipes-tpm1/hoth/libhoth/0002-Fix-building-without-dbus-backend.patch b/meta-tpm/recipes-tpm1/hoth/libhoth/0002-Fix-building-without-dbus-backend.patch new file mode 100644 index 0000000..ca98609 --- /dev/null +++ b/meta-tpm/recipes-tpm1/hoth/libhoth/0002-Fix-building-without-dbus-backend.patch @@ -0,0 +1,36 @@ +From ee75dcb0ea9818a10a6f7f85a3b5ee37572a3b08 Mon Sep 17 00:00:00 2001 +From: Scott Murray +Date: Thu, 3 Jul 2025 17:41:50 -0400 +Subject: [PATCH 2/2] Fix building without dbus backend + +Move libsystemd and libcap dependencies into conditional logic for +dbus_backend option so that building without the backend works when +libsystemd and libcap are not available in the build environment. +This situation occurs when building with OpenEmbedded. + +Upstream-Status: Pending +Signed-off-by: Scott Murray +--- + transports/meson.build | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/transports/meson.build b/transports/meson.build +index e9f30d4..5abd103 100644 +--- a/transports/meson.build ++++ b/transports/meson.build +@@ -9,10 +9,10 @@ transport_srcs = [ + + incdir = include_directories('..') + libusb = dependency('libusb-1.0') +-libsystemd = dependency('libsystemd') +-libcap = dependency('libcap') + + if get_option('dbus_backend') ++ libsystemd = dependency('libsystemd') ++ libcap = dependency('libcap') + libhoth_dbus = static_library( + 'hoth_dbus', + 'libhoth_dbus.c', +-- +2.50.0 + diff --git a/meta-tpm/recipes-tpm1/hoth/libhoth_git.bb b/meta-tpm/recipes-tpm1/hoth/libhoth_git.bb index 9d29f78..2608acf 100644 --- a/meta-tpm/recipes-tpm1/hoth/libhoth_git.bb +++ b/meta-tpm/recipes-tpm1/hoth/libhoth_git.bb @@ -6,10 +6,17 @@ HOMEPAGE = "https://github.com/google/libhoth" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" -SRC_URI = "git://github.com/google/libhoth;protocol=https;branch=main" -SRCREV = "e4827163741e0804f12ac96c81b8e97649be6795" +SRC_URI = "git://github.com/google/libhoth;protocol=https;branch=main \ + file://0001-Fix-building-with-gcc-15.patch \ + file://0002-Fix-building-without-dbus-backend.patch \ +" +SRCREV = "69661d3ea542604353c48a00beee9a6247b27686" DEPENDS += "libusb1" inherit pkgconfig meson +PACKAGECONFIG ?= "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'dbus', '', d)}" + +PACKAGECONFIG[dbus] = "-Ddbus_backend=true,-Ddbus_backend=false,systemd libcap" + From patchwork Fri Jul 4 17:11:13 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Scott Murray X-Patchwork-Id: 66265 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4A8D1C83F0B for ; Fri, 4 Jul 2025 17:12:08 +0000 (UTC) Received: from mail-qt1-f169.google.com (mail-qt1-f169.google.com [209.85.160.169]) by mx.groups.io with SMTP id smtpd.web11.1108.1751649119210356897 for ; Fri, 04 Jul 2025 10:11:59 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@konsulko.com header.s=google header.b=HIasjoRG; spf=pass (domain: konsulko.com, ip: 209.85.160.169, mailfrom: scott.murray@konsulko.com) Received: by mail-qt1-f169.google.com with SMTP id d75a77b69052e-4a823b532a4so11732961cf.2 for ; Fri, 04 Jul 2025 10:11:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=konsulko.com; s=google; t=1751649118; x=1752253918; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=iC7XnOw2guosJsuzFYSn+LJ7WJLDLWWIipF/afE1ayI=; b=HIasjoRGbXdi35LxzrhYUrEZ/TTqR4D/0BRTRonQ3IUUMumeBRnn/w044LGh/Vo00t Bqafij0k91nm9SabbpO/8hakk/64D7S546zVQikzQxCdDCd5j1r9Szb55R5UNU8Ls1Nj OX/Y00e0t7V+NueLvSkpUvsBCsYLxRpYU+FdA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751649118; x=1752253918; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=iC7XnOw2guosJsuzFYSn+LJ7WJLDLWWIipF/afE1ayI=; b=hPf/n4SfM4uBMvAkjiZjKAu1UDY746gTuYN06JaZ8wxwMQDy8cnTim46sMexXXYCPr 2MvpOzbNz4o9nsQuTgdp3h2ZudLlYQLg2EQ7LQg8fnYtaV2XXfjPgjKoZYocBNvvD2hR hLoS2F0cWAwlMyV/9La8co8iZSEK4b+DDBQifo3xIVOaMBxqTD2ujG7l5VpA2A3J3age 53RFmstI5+DkB+llDGOI6BHPGlDiKiCjJdZYyT79i3h0ChyktZdP2iu9+ETr8puWtVY7 MfMBrLwXKobuUyfqk3C3etDxmgzobw3jIjxU1nZivquuSA+lMvrQ46ALTSgsCNt483Pj M7VQ== X-Gm-Message-State: AOJu0Ywwxjkst8lV2HAICZfDwlx3bb/Jg4D8z41Gl99v7WYLw1ZrCQyX w2ugSiI+JtKonySWvpnHxJO26tEFfkXS+TPO6l489fPbh+XA5Mm7LiPksikwziO5+Jd5OvvL+aY bduGQ X-Gm-Gg: ASbGncvlzrVRy5loXRauUVMABRSdP4tt3I6yo7rVE9AUN37YTAcIL9w3fQTucjLamoJ zlzQ7q4Ud7rM6Hv5RBVGzgOTNBM/fisvd7st0bHEXxMjAeKavGutm9m7SHEYT+6Yn9BEc13khNs lI7CS/JzhnHTjEQ/ER907v5rYq2WIh82TQhmtyaCkdukXEYKxqRr9d8u6vgoBGy4jicVXDxN8wa WBVrIsgAq8E/31hH7ujx8MwcV09vUALaDigklJOlQ3bckeYYjBhU6x3AH/Fl14nM/xVBzEP3R4d uWP4zsqqULWPz61mGXhLc99NysosTy08znUgeGq7tYpYqg/L4vspEtmF5q2rh07/QmzvjKbDf4d azMsNP3fbm4nD5Jv8jIDVzJWtdnt15kbJajgWew== X-Google-Smtp-Source: AGHT+IHCohdiVzdfYNdFeXzFJsWGoCflX+C75o4V5OyvWkeuBHSMETZSCI4SNvqjKvAj9n05FkhGKA== X-Received: by 2002:a05:622a:14f:b0:4a5:9b9c:2d9f with SMTP id d75a77b69052e-4a996441f12mr45346781cf.2.1751649117848; Fri, 04 Jul 2025 10:11:57 -0700 (PDT) Received: from ghidorah.spiteful.org (107-179-213-3.cpe.teksavvy.com. [107.179.213.3]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-4a9949f99dcsm17249611cf.19.2025.07.04.10.11.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 04 Jul 2025 10:11:57 -0700 (PDT) From: Scott Murray To: yocto-patches@lists.yoctoproject.org Cc: Marta Rybczynska , Scott Murray Subject: [meta-security][PATCH 09/12] chkrootkit: use Debian mirror Date: Fri, 4 Jul 2025 13:11:13 -0400 Message-ID: X-Mailer: git-send-email 2.50.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 04 Jul 2025 17:12:08 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/1761 From: Marta Rybczynska Use the Debian mirror as the Ubuntu one is failing frequently. Signed-off-by: Marta Rybczynska Signed-off-by: Scott Murray --- recipes-scanners/rootkits/chkrootkit_0.58b.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes-scanners/rootkits/chkrootkit_0.58b.bb b/recipes-scanners/rootkits/chkrootkit_0.58b.bb index a6c4090..0fcc55d 100644 --- a/recipes-scanners/rootkits/chkrootkit_0.58b.bb +++ b/recipes-scanners/rootkits/chkrootkit_0.58b.bb @@ -5,7 +5,7 @@ SECTION = "security" LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=6db4d77fb8f0cc84d175e7a1211e4c13" -SRC_URI = "http://archive.ubuntu.com/ubuntu/pool/universe/c/${BPN}/${BPN}_${PV}.orig.tar.gz \ +SRC_URI = "${DEBIAN_MIRROR}/main/c/${BPN}/${BPN}_${PV}.orig.tar.gz \ file://musl_fix.patch" SRC_URI[sha256sum] = "75ed2ace81f0fa3e9c3fb64dab0e8857ed59247ea755f5898416feb2c66807b9" From patchwork Fri Jul 4 17:11:14 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Scott Murray X-Patchwork-Id: 66266 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 51661C83F0C for ; Fri, 4 Jul 2025 17:12:08 +0000 (UTC) Received: from mail-qt1-f176.google.com (mail-qt1-f176.google.com [209.85.160.176]) by mx.groups.io with SMTP id smtpd.web10.1073.1751649120293107248 for ; Fri, 04 Jul 2025 10:12:00 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@konsulko.com header.s=google header.b=bEhm1ny9; spf=pass (domain: konsulko.com, ip: 209.85.160.176, mailfrom: scott.murray@konsulko.com) Received: by mail-qt1-f176.google.com with SMTP id d75a77b69052e-4a44b3526e6so17486421cf.0 for ; Fri, 04 Jul 2025 10:12:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=konsulko.com; s=google; t=1751649119; x=1752253919; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=20l6qZ/CJmk9etXQtooTDc6ED7V5rBkUosbbQEjAvtw=; b=bEhm1ny9KuHfOva6Ir6y36Hm5Yck5LLGDSxg7jtlInKKcBzIH8eXgeCWUZOkXFX18H +d8453IZBFfe1xHlSbAa6F5u02YYI2vupkPtm32UXFYiykdWzaLXvVnVAHx0mqYZw1eF Jv8MHN9kJLn6yRcg/yQQRwz7JqrOrBcd5fkGE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751649119; x=1752253919; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=20l6qZ/CJmk9etXQtooTDc6ED7V5rBkUosbbQEjAvtw=; b=Qqnr7TgS0gEj5EOqTmqhBTATjNcoImApW9Y2pT81TzsTe/XD0qyezpOh52WEn6PgQm a/oxe+0btzuKbx3j3ZDHE3VfNZkD6mIGB03n6RZs+SNOnG36A/AX+LD9JuW8k3VOtDns Jp7ibIL44O9gW4g7mFdE4fFkbsO97sKxTDsJhnm+1u926EFH4OJx/5x657Apw5iVcDEt ihR9sUdGc/Dq3GM8KxhMX2Q8q8QuGCjvvHD9mujhN+ur+VaHY9rAV3pY356cSMkdsnNp l7RFYiwL11WXKak5nzNjgdPCPHgCITnXc0o/GibOnAYOyUyezmK4ereu305HentucmL8 TQ1A== X-Gm-Message-State: AOJu0Yw0sIwIYP53CipsRmhrJXPhCgN+2kBn720++B0FSZBlV/TLhAAm irAgY1N4hqmV7x1sXfYiWZ2OkOel4xhFJcAJgJ90Q22nqUUXSzc767RlA07Z3PF1jKJvNJjZGKZ Tu3BG X-Gm-Gg: ASbGnctT5IsXr0riD857R/AO3DacVBOnXhN//HfeCwhh8Vhw4SG2dOsz+hnoQxCVKvF LdTatHyxi16k402NtFW56FHH7Nkc8rfge/GfYWFRRIYseZDCzOgfrQYX1XJA+e0/VkSWoDctTBk ZVzWytge2DF0+SziEYH3mcc+/eraEHJekp/Rn/TDjsSLEJBuotn+EjGM7bslTXDGDgPOMVnwuPR 8M/FR/sLwaeHQP/vZcuRfMCVzjEckcazPu4q2tJlOuT/uBBFrAuI37xWaVy3VQNW0kvyYCobxi+ wclAAztCI5Bs7qRxv1AI7dDRwYX+U3f6/poXerUC/xqqRYTqwx6XbDaMBI4baMuNlLVsgUFOm7y U42Hkskv3Oc9LqITsNSy0Ngac2rMiE0/AOQdJJBDQTX/4DKul X-Google-Smtp-Source: AGHT+IEed1ZHo5ntgvsjg3pI6oGEfPyG0RKQNZxIcL78yFl2QJ4UgPFWfdPTbD6fkJdTYvAwygdFqg== X-Received: by 2002:ac8:59c5:0:b0:494:ad3f:cb7e with SMTP id d75a77b69052e-4a99682f5f2mr48596551cf.50.1751649118953; Fri, 04 Jul 2025 10:11:58 -0700 (PDT) Received: from ghidorah.spiteful.org (107-179-213-3.cpe.teksavvy.com. [107.179.213.3]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-4a9949f99dcsm17249611cf.19.2025.07.04.10.11.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 04 Jul 2025 10:11:58 -0700 (PDT) From: Scott Murray To: yocto-patches@lists.yoctoproject.org Cc: Scott Murray Subject: [meta-security][PATCH 10/12] chkrootkit: fix building with gcc 15 Date: Fri, 4 Jul 2025 13:11:14 -0400 Message-ID: <8a266d6df5118fc3be230931d2aa4534bfc9f8b2.1751647559.git.scott.murray@konsulko.com> X-Mailer: git-send-email 2.50.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 04 Jul 2025 17:12:08 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/1762 Add a patch to fix building chkrootkit with gcc 15. Signed-off-by: Scott Murray --- recipes-scanners/rootkits/chkrootkit_0.58b.bb | 5 ++- .../files/0001-Fix-building-with-gcc-15.patch | 39 +++++++++++++++++++ 2 files changed, 42 insertions(+), 2 deletions(-) create mode 100644 recipes-scanners/rootkits/files/0001-Fix-building-with-gcc-15.patch diff --git a/recipes-scanners/rootkits/chkrootkit_0.58b.bb b/recipes-scanners/rootkits/chkrootkit_0.58b.bb index 0fcc55d..e5912fe 100644 --- a/recipes-scanners/rootkits/chkrootkit_0.58b.bb +++ b/recipes-scanners/rootkits/chkrootkit_0.58b.bb @@ -6,8 +6,9 @@ LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=6db4d77fb8f0cc84d175e7a1211e4c13" SRC_URI = "${DEBIAN_MIRROR}/main/c/${BPN}/${BPN}_${PV}.orig.tar.gz \ - file://musl_fix.patch" - + file://musl_fix.patch \ + file://0001-Fix-building-with-gcc-15.patch \ +" SRC_URI[sha256sum] = "75ed2ace81f0fa3e9c3fb64dab0e8857ed59247ea755f5898416feb2c66807b9" inherit autotools-brokensep diff --git a/recipes-scanners/rootkits/files/0001-Fix-building-with-gcc-15.patch b/recipes-scanners/rootkits/files/0001-Fix-building-with-gcc-15.patch new file mode 100644 index 0000000..8c2a111 --- /dev/null +++ b/recipes-scanners/rootkits/files/0001-Fix-building-with-gcc-15.patch @@ -0,0 +1,39 @@ +From 9834ad9f0b8a10de22512772222a9c51014c750d Mon Sep 17 00:00:00 2001 +From: Scott Murray +Date: Thu, 3 Jul 2025 18:11:24 -0400 +Subject: [PATCH] Fix building with gcc 15 + +Fix read_status signature to avoid incompatible function pointer +error with gcc 15. + +Upstream-Status: Inactive-Upstream [lastrelease: July 5, 2024] +Signed-off-by: Scott Murray +--- + chklastlog.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/chklastlog.c b/chklastlog.c +index 2fffd9e..1566c76 100644 +--- a/chklastlog.c ++++ b/chklastlog.c +@@ -78,7 +78,7 @@ int main () { return 0; } + long total_wtmp_bytes_read=0; + size_t wtmp_file_size; + uid_t *uid; +-void read_status(); ++void read_status(int signum); + + struct s_localpwd { + int numentries; +@@ -214,7 +214,7 @@ int nonuser(struct utmp utmp_ent) + } + #endif + +-void read_status() { ++void read_status(int signum) { + double remaining_time; + static long last_total_bytes_read=0; + int diff; +-- +2.50.0 + From patchwork Fri Jul 4 17:11:15 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Scott Murray X-Patchwork-Id: 66263 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3DE55C83F03 for ; Fri, 4 Jul 2025 17:12:08 +0000 (UTC) Received: from mail-qt1-f180.google.com (mail-qt1-f180.google.com [209.85.160.180]) by mx.groups.io with SMTP id smtpd.web10.1076.1751649121373627455 for ; Fri, 04 Jul 2025 10:12:01 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@konsulko.com header.s=google header.b=Zxprmjip; spf=pass (domain: konsulko.com, ip: 209.85.160.180, mailfrom: scott.murray@konsulko.com) Received: by mail-qt1-f180.google.com with SMTP id d75a77b69052e-4a5903bceffso16569171cf.3 for ; Fri, 04 Jul 2025 10:12:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=konsulko.com; s=google; t=1751649120; x=1752253920; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=L1SnTX3DMhNFVDPSXroIv0Luy/aL7cfHWxkS+CAFaPU=; b=ZxprmjipBh/84pCC7yGnE8LdjMt2amenZbe9rmM2qxC/Vp/6Q3ZVPQhw+yldupr+R+ Pl/EVwBHDcJjF7qgmOq/8wsLu4pTHBQQjyIkfkfeKg5WHBEtD7Y/R2JJhs940mGhw77/ MKTXywHd5+rfUMzsY9zWCa89HNP+VLZTxbPsU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751649120; x=1752253920; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=L1SnTX3DMhNFVDPSXroIv0Luy/aL7cfHWxkS+CAFaPU=; b=gX9Fp4gXk1rfxcUVmEcZFnKFlWo2TKND1MZQndVfhZSo7tK89W9oh4t9SOuLbSgSG1 JxILRCxWq6EQwgr/cLEAUdTxCBTWZ1E3r4kjmVcI9b/V4QsLMa9qjOZgKGILVuGJfuGR 2pjbyNBbRF6FU8VPcHc3Su1fTSBYQFzXh+T7RB/9kh5ahhFV0U0XXsm30IvRn39cwB+2 w0rPN6ch5VJnC77ERFvUbjvXkPwsMpx+zQE9Xk/d3G3xYeABawxbDVlIUXKZ+5IFDjKK eMpE9aWaNdVhXJ6bOkfNDTewYzaxbX1H+aUIfWRkTFNf8cwxSgmM7xVwdVbPjlbRDt7Z ZkhA== X-Gm-Message-State: AOJu0YzTpBBNttlYLyZKaXn4p6fty/oXn8QspnSVl1Knbh4AJJPXUgJC FL9f28q94qJGLVu7ggSZAV3mvCH3kDUtZwlZQB0ywtoAW5HnwBBHlGaZ4tUFGWYcHl7BlVxtSxG 3/dXZ X-Gm-Gg: ASbGnctlyhNiUCJd/ipHn3GMuWcM5+RNp5Y4vl/gk5VJ6an2SJvXfJX64O//dUNvQ/M wO/mWrEGPr3Giin+hRxaI014g0iMjDWq2aaNw97zTuci7NivVBlAwAbGjSD7UXF5VPnfPVUmsEy lGf0elVTyeoK3VaJPZVV0mRS6akG+1D+c8wGnuJPQ232PW/nhcJ2L42n4WUKwIxGYFPIPs1Bdiv WfduifFqmc+f0fWi40Ru9LScQ1LA752CZJxmLygjw+qbdXcOGwaE7WMhaTpPpVzckMsRxwDFWLP MVNKFrNIcQx1USIHz826I/TpA4amFyjQPjEsM2DqlMIktqHGdkLcZMkZwjJ1l094/+j3PrLNCHg j/r4dE1hwu13yjMWL/ZGXun7LZ5DDLHHak6hjzA== X-Google-Smtp-Source: AGHT+IHgndsDnKhBbDtWJxJcoJwOzNvPgsHJHhq+a14ZlcfKOkBibTH96vdSn6W9Y0Zx5WvGLCnFpw== X-Received: by 2002:a05:622a:1988:b0:4a9:9428:6f01 with SMTP id d75a77b69052e-4a9968579ccmr51288761cf.51.1751649120012; Fri, 04 Jul 2025 10:12:00 -0700 (PDT) Received: from ghidorah.spiteful.org (107-179-213-3.cpe.teksavvy.com. [107.179.213.3]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-4a9949f99dcsm17249611cf.19.2025.07.04.10.11.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 04 Jul 2025 10:11:59 -0700 (PDT) From: Scott Murray To: yocto-patches@lists.yoctoproject.org Cc: Marta Rybczynska , Scott Murray Subject: [meta-security][PATCH 11/12] CI: update build for new CI Date: Fri, 4 Jul 2025 13:11:15 -0400 Message-ID: <7cabe4fa2b992f525d17c493146edd8fdb2d9578.1751647559.git.scott.murray@konsulko.com> X-Mailer: git-send-email 2.50.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 04 Jul 2025 17:12:08 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/1763 From: Marta Rybczynska Update for Ubuntu 24.04 runners: - use venv for installing kas - add missing directories Assume that python3 and pip are installed. Signed-off-by: Marta Rybczynska Signed-off-by: Scott Murray --- .gitlab-ci.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 46ab4a9..32ce2b9 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,10 +1,12 @@ .before-my-script: &before-my-script - echo "$ERR_REPORT_USERNAME" > ~/.oe-send-error - echo "$ERR_REPORT_EMAIL" >> ~/.oe-send-error + - echo "$CI_PROJECT_DIR" >> ~/.ci_project_dir - export PATH=~/.local/bin:$PATH - - wget https://bootstrap.pypa.io/get-pip.py - - python3 get-pip.py + - python3 -m venv ~/kas_env/ + - source ~/kas_env/bin/activate - python3 -m pip install kas + - mkdir -p $CI_PROJECT_DIR/build/tmp/log/error-report/ .after-my-script: &after-my-script - cd $CI_PROJECT_DIR/poky From patchwork Fri Jul 4 17:11:16 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Scott Murray X-Patchwork-Id: 66264 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 46787C8303D for ; Fri, 4 Jul 2025 17:12:08 +0000 (UTC) Received: from mail-qt1-f178.google.com (mail-qt1-f178.google.com [209.85.160.178]) by mx.groups.io with SMTP id smtpd.web10.1077.1751649122318532540 for ; Fri, 04 Jul 2025 10:12:02 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@konsulko.com header.s=google header.b=L89m5ROD; spf=pass (domain: konsulko.com, ip: 209.85.160.178, mailfrom: scott.murray@konsulko.com) Received: by mail-qt1-f178.google.com with SMTP id d75a77b69052e-4a58ba6c945so16307291cf.2 for ; Fri, 04 Jul 2025 10:12:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=konsulko.com; s=google; t=1751649121; x=1752253921; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=fE/CFFoS6DeYN05U6of3e7KDk13m2RwYIL/xiqcBvI4=; b=L89m5RODm+XcZGUyN3WQ3nW8U4gXWkF+HrL36rvtO3kicfhMfXJgtkRzpKXqop19Sk b/uQoTkZN2QtQ1Y+BjpWTwczYE7Hd+H+jhz5WW9XCKA1l6ZIO+BogeT9zdO1zz8fWyjT E0hwRSUQQNgPqk0ztOA963EbBU7GGcLEiv3/I= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751649121; x=1752253921; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=fE/CFFoS6DeYN05U6of3e7KDk13m2RwYIL/xiqcBvI4=; b=nfta6D6bWlURbDeRxjui8QVBzLwORwb9jGKjhMU8g6jwqIrCTm0qcaOmKWqtbOeB9t ZcsfmZX9rV6l32Vb7EAc+zkb4pvRpj58Ia2qtSVfqQRNPhPAqYuGoVmlaHgqhNGqiAwO JnKV2BijXtJxHLwPk4yj2WH9XL97QGob3GLhXr24dOo3fkmDCETUSPsaSxrkinInLNsx oas0AxZF6nmGqLkrGbDQkK27Kl984GcKd3ZWUrWWEAzMvtZwmusDONfhGai/E2JA2nCU pfbGBAxCUoMqjhTSUU5bMdo6hfMqtrPrV6R+cuUjyjiuKkwx0QEeWG+6U9Wg5gBdLzIC hGIQ== X-Gm-Message-State: AOJu0YyEyBROs1Nv+aVFsCOwK3oYA0VGtZFiNN65j50/2WLYdsTViQz1 v4UumG1n0HVxl6splbhCGWu5qNf8wcBZm1rCO00dvzwLir8BrvXlKqefkaXIbdsgCGTIhDk5gLw QQU9+ X-Gm-Gg: ASbGncuyEsJ1MD8XjpxYWwY73gbEDd2920jNTWrh+ckCIF1VwFgaecT+6z9frDVa/Ln SnTbhA+RAHzF9YdB94bsGwoLtf2QvPSjtGtW7w4QSnos05zGM02QE0I3tzFINFUJfRZM/ztfAu7 1MuWBVNd9pevw71OXiz8Tv0Xi+Jcdcd7yz4K6RqOOBO+3HLprzZSXwQGYQIoD4K+oRh5Zhm3B/Q oWvKdUIDEbsPTVOhaMGqLYFUAkGK1B3Een5Cep2CRgHHg2ou6PdKilAh/i3bCH1X6EXPzzenSAC hNSXhV+Q94vx8vevmtEb56s1aRiEq+rVSA7O7i6ut6IKNhWfQDEoxrZjFqOaIf+yOuSGUPNfNfz 3wFYePCih5wwXlNtajQXZuv/dO9gdO1YAomMfrg== X-Google-Smtp-Source: AGHT+IE/mLPQ+0ASedDYwAFJXBKdy/68DkFgg+i/we1LGLjdnf24oh5aONmJSkhxZt6HZ2mkJePbMw== X-Received: by 2002:a05:622a:58cd:b0:4a7:7032:d229 with SMTP id d75a77b69052e-4a99688adfdmr55743271cf.39.1751649121083; Fri, 04 Jul 2025 10:12:01 -0700 (PDT) Received: from ghidorah.spiteful.org (107-179-213-3.cpe.teksavvy.com. [107.179.213.3]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-4a9949f99dcsm17249611cf.19.2025.07.04.10.12.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 04 Jul 2025 10:12:00 -0700 (PDT) From: Scott Murray To: yocto-patches@lists.yoctoproject.org Cc: Marta Rybczynska , Scott Murray Subject: [meta-security][PATCH 12/12] .gitlab-ci.yml: add logging of jobs to files Date: Fri, 4 Jul 2025 13:11:16 -0400 Message-ID: X-Mailer: git-send-email 2.50.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 04 Jul 2025 17:12:08 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/1764 From: Marta Rybczynska Log kas commands to files and export them as artefacts Signed-off-by: Marta Rybczynska Signed-off-by: Scott Murray --- .gitlab-ci.yml | 39 ++++++++++++++++++++++----------------- 1 file changed, 22 insertions(+), 17 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 32ce2b9..628b0e6 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -7,6 +7,7 @@ - source ~/kas_env/bin/activate - python3 -m pip install kas - mkdir -p $CI_PROJECT_DIR/build/tmp/log/error-report/ + - mkdir -p $CI_PROJECT_DIR/log/ .after-my-script: &after-my-script - cd $CI_PROJECT_DIR/poky @@ -28,6 +29,10 @@ stages: stage: base after_script: - *after-my-script + artifacts: + paths: + - $CI_PROJECT_DIR/log/* + when: always .parsec: before_script: @@ -53,72 +58,72 @@ stages: qemux86: extends: .base script: - - kas shell kas/$CI_JOB_NAME.yml -c "bitbake -k security-build-image integrity-image-minimal" - - kas build --target harden-image-minimal kas/$CI_JOB_NAME-harden.yml + - kas shell kas/$CI_JOB_NAME.yml -c "bitbake -k security-build-image integrity-image-minimal" 2>&1 | tee $CI_PROJECT_DIR/log/qemux86_security_image.txt + - kas build --target harden-image-minimal kas/$CI_JOB_NAME-harden.yml 2>&1 | tee CI_PROJECT_DIR/log/qemux86_harden_image.txt qemux86-musl: extends: .musl needs: ['qemux86'] script: - - kas build --target security-build-image kas/$CI_JOB_NAME.yml + - kas build --target security-build-image kas/$CI_JOB_NAME.yml 2>&1 | tee $CI_PROJECT_DIR/log/qemux86_musl_security_image.txt qemux86-parsec: extends: .parsec needs: ['qemux86'] script: - - kas build --target security-parsec-image kas/$CI_JOB_NAME.yml + - kas build --target security-parsec-image kas/$CI_JOB_NAME.yml 2>&1 | tee $CI_PROJECT_DIR/log/qemux86_parsec_security_image.txt qemux86-test: extends: .test needs: ['qemux86'] allow_failure: true script: - - kas build --target security-test-image kas/$CI_JOB_NAME.yml - - kas build -c testimage --target security-test-image kas/$CI_JOB_NAME.yml + - kas build --target security-test-image kas/$CI_JOB_NAME.yml 2>&1 | tee $CI_PROJECT_DIR/log/qemux86_test_security_image.txt + - kas build -c testimage --target security-test-image kas/$CI_JOB_NAME.yml 2>&1 | tee $CI_PROJECT_DIR/log/qemux86_testimage_security_image.txt qemux86-64: extends: .base script: - - kas shell kas/$CI_JOB_NAME.yml -c "bitbake -k core-image-minimal security-build-image security-tpm-image security-tpm2-image integrity-image-minimal" - - kas build --target dm-verity-image-initramfs kas/$CI_JOB_NAME-dm-verify.yml - - kas build --target security-build-image kas/$CI_JOB_NAME-alt.yml + - kas shell kas/$CI_JOB_NAME.yml -c "bitbake -k core-image-minimal security-build-image security-tpm-image security-tpm2-image integrity-image-minimal" 2>&1 | tee $CI_PROJECT_DIR/log/qemux86_64_security_image.txt + - kas build --target dm-verity-image-initramfs kas/$CI_JOB_NAME-dm-verify.yml 2>&1 | tee $CI_PROJECT_DIR/log/qemux86_64_dm_verify.txt + - kas build --target security-build-image kas/$CI_JOB_NAME-alt.yml 2>&1 | tee $CI_PROJECT_DIR/log/qemux86_64_security_build_image.txt qemux86-64-parsec: extends: .parsec needs: ['qemux86-64'] script: - - kas build --target security-parsec-image kas/$CI_JOB_NAME.yml + - kas build --target security-parsec-image kas/$CI_JOB_NAME.yml 2>&1 | tee $CI_PROJECT_DIR/log/qemux86_64_parsec_security_image.txt qemuarm: extends: .base script: - - kas build --target security-build-image kas/$CI_JOB_NAME.yml + - kas build --target security-build-image kas/$CI_JOB_NAME.yml 2>&1 | tee $CI_PROJECT_DIR/log/qemuarm_security_image.txt qemuarm-parsec: extends: .parsec needs: ['qemuarm'] script: - - kas build --target security-parsec-image kas/$CI_JOB_NAME.yml + - kas build --target security-parsec-image kas/$CI_JOB_NAME.yml 2>&1 | tee $CI_PROJECT_DIR/log/qemuarm_parsec_security_image.txt qemuarm64: extends: .base script: - - kas shell kas/$CI_JOB_NAME.yml -c "bitbake -k security-build-image security-tpm2-image integrity-image-minimal" - - kas build --target security-build-image kas/$CI_JOB_NAME-alt.yml + - kas shell kas/$CI_JOB_NAME.yml -c "bitbake -k security-build-image security-tpm2-image integrity-image-minimal" 2>&1 | tee $CI_PROJECT_DIR/log/qemuarm64_parsec_security_image.txt + - kas build --target security-build-image kas/$CI_JOB_NAME-alt.yml 2>&1 | tee $CI_PROJECT_DIR/log/qemuarm64_build_security_image.txt qemuarm64-musl: extends: .musl needs: ['qemuarm64'] script: - - kas build --target security-build-image kas/$CI_JOB_NAME.yml + - kas build --target security-build-image kas/$CI_JOB_NAME.yml 2>&1 | tee $CI_PROJECT_DIR/log/qemuarm64_musl_security_image.txt qemuarm64-parsec: extends: .parsec needs: ['qemuarm64'] script: - - kas build --target security-parsec-image kas/$CI_JOB_NAME.yml + - kas build --target security-parsec-image kas/$CI_JOB_NAME.yml 2>&1 | tee $CI_PROJECT_DIR/log/qemuarm64_parsec_security_image.txt qemuriscv64: extends: .base script: - - kas build --target security-build-image kas/$CI_JOB_NAME.yml + - kas build --target security-build-image kas/$CI_JOB_NAME.yml 2>&1 | tee $CI_PROJECT_DIR/log/qemuriscv64_security_image.txt