From patchwork Fri Jul 18 14:10:56 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Scott Murray X-Patchwork-Id: 67106 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9DB7EC83F17 for ; Fri, 18 Jul 2025 14:11:13 +0000 (UTC) Received: from mail-qk1-f170.google.com (mail-qk1-f170.google.com [209.85.222.170]) by mx.groups.io with SMTP id smtpd.web10.21829.1752847871312546092 for ; Fri, 18 Jul 2025 07:11:11 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@konsulko.com header.s=google header.b=a8yDigk1; spf=pass (domain: konsulko.com, ip: 209.85.222.170, mailfrom: scott.murray@konsulko.com) Received: by mail-qk1-f170.google.com with SMTP id af79cd13be357-7e29d5f7672so189431985a.3 for ; Fri, 18 Jul 2025 07:11:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=konsulko.com; s=google; t=1752847870; x=1753452670; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=oLJ75hVXgzukzKNS8je7xz7lmIJ3e2Yi7IpfBPcW/5w=; b=a8yDigk1/aZcCr8fbxYhP2fulEF6OMeDqjxzR0be3nSj4hoWtQ82xXIU9ZRVYHCOfY N86Q4DJ1iea785CwljcvlE8U3UcPkQt+7ITUZhrJ9M8eqXoGBcJ9QIhgZg0GA1PIG2Ob jQO75qle8q2TOvYZJfA0dWtw+im8dRc7VD8wg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752847870; x=1753452670; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=oLJ75hVXgzukzKNS8je7xz7lmIJ3e2Yi7IpfBPcW/5w=; b=B+J3LQ7LiRNkJTHuc9XwEa6T6EVGjM4sJsAd75AUkF2ajcGJxqj0VFsxtW6VlVJwLG VtsbBfNLRDErFilIr1ANg69H6kqjQIl0LyRZuYAZywWhab9sXeoMSdeTLQk8WtmwIINo 98JJv+/oR+7Q1ARv+qRooEc3QSLjpp6JBZF8feT1Wq3iZf7b+t23X1njFXWwHdthd7mJ wOE2DwRDD+ew8qFOC4KcQDGVskCtrr+Jxk9mc2KVqp7OlFdvd9c+SFppDsPSHBzBz2fa 1BXpCXxYn8QYFJZB/H1dNccFWhleBAbefmWXrfSoNFfo33ue3AqmLVjNzKELaD6FMLnH R7bg== X-Gm-Message-State: AOJu0Yx5mFItqtoplbeTaaLBEocYETI92X5dLhWBTWQWEI2N7h9qO4UY +MRyWB84n2VOdmPry0/DFdiStBIZrMWOiAUIPozuT0SFpVeBtIkr4DkAonXLxp5/bv7gj0v6GWF p6YXD X-Gm-Gg: ASbGncsaUD1vC5/PiXhurE2wmkbatkbWSuvi8c9PhcXZU1IcifBtyGpBLkoQEySQIxK RUMQXWRpu5NcTZvdrLp/ExG4akWR4XyCICM5FtBCbng2Qb6bg0LlNWmHZng4OsT3seNWKwU32Ng SdcbZ1j2WI5GhvfVv3XtmCUdNPVf/SLI4eXmeqDLcEX3k5Gzf6q1/j8j7TqfNmefCGWcy/Vom5k VweSfUuCv/P5h83sY/XGR+92bfxoXt21boUzayqkAmzeoQm2sUjvLAXDR18OOXk5l7uZvUDwSrO e+dWQvYK2YTo/+UiH0MjSh2f7LpZ56meIdECNoivrs/7npCMZzxNWCjQEzvPcM7qYuaAzmBvJuA rl1ygoueBedm4ZTFU9WpQLLJGSdLmkJC8wogOpr3OlmXNwp0S/FwPaHKPvqIZG5PYwZ6GQ4qT0g == X-Google-Smtp-Source: AGHT+IHglMvGpCpf8vs2xWQCjy+twjfPWbnb9pKpCgoY5dfKOEZHJVz9o9ttSWS1wfpi9apqZDmjYw== X-Received: by 2002:a05:620a:472c:b0:7e3:4db4:8ebf with SMTP id af79cd13be357-7e34db49127mr923756685a.52.1752847870092; Fri, 18 Jul 2025 07:11:10 -0700 (PDT) Received: from ghidorah.spiteful.org (107-179-213-3.cpe.teksavvy.com. [107.179.213.3]) by smtp.gmail.com with ESMTPSA id af79cd13be357-7e356a0732dsm92368785a.0.2025.07.18.07.11.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 18 Jul 2025 07:11:09 -0700 (PDT) From: Scott Murray To: yocto-patches@lists.yoctoproject.org Cc: marta.rybczynska@ygreky.com Subject: [meta-security][PATCH 1/4] scap-security-guide: upgrade 0.1.76 -> 0.1.77 Date: Fri, 18 Jul 2025 10:10:56 -0400 Message-ID: <4b09d567caadeb3c050ce77bdd4dd921719597c1.1752846514.git.scott.murray@konsulko.com> X-Mailer: git-send-email 2.50.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 18 Jul 2025 14:11:13 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/1812 Update to latest version to pick up fixes required for building with CMake 4.0. ChangeLog: https://github.com/ComplianceAsCode/content/releases/tag/v0.1.77 Signed-off-by: Scott Murray --- ...p-security-guide_0.1.76.bb => scap-security-guide_0.1.77.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename recipes-compliance/scap-security-guide/{scap-security-guide_0.1.76.bb => scap-security-guide_0.1.77.bb} (98%) diff --git a/recipes-compliance/scap-security-guide/scap-security-guide_0.1.76.bb b/recipes-compliance/scap-security-guide/scap-security-guide_0.1.77.bb similarity index 98% rename from recipes-compliance/scap-security-guide/scap-security-guide_0.1.76.bb rename to recipes-compliance/scap-security-guide/scap-security-guide_0.1.77.bb index b9f7a70..a082a70 100644 --- a/recipes-compliance/scap-security-guide/scap-security-guide_0.1.76.bb +++ b/recipes-compliance/scap-security-guide/scap-security-guide_0.1.77.bb @@ -6,7 +6,7 @@ HOME_URL = "https://www.open-scap.org/security-policies/scap-security-guide/" LIC_FILES_CHKSUM = "file://LICENSE;md5=9bfa86579213cb4c6adaffface6b2820" LICENSE = "BSD-3-Clause" -SRCREV = "616d4363527acb61c6494a97f3ceb47ec90f65fd" +SRCREV = "c1e1ba121d32b3c319b0e25ee2993b62386e5857" SRC_URI = "git://github.com/ComplianceAsCode/content.git;nobranch=1;protocol=https \ file://run_eval.sh \ file://run-ptest \ From patchwork Fri Jul 18 14:10:57 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Scott Murray X-Patchwork-Id: 67108 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id ADEA1C83F1A for ; Fri, 18 Jul 2025 14:11:13 +0000 (UTC) Received: from mail-qv1-f43.google.com (mail-qv1-f43.google.com [209.85.219.43]) by mx.groups.io with SMTP id smtpd.web11.22066.1752847872386085068 for ; Fri, 18 Jul 2025 07:11:12 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@konsulko.com header.s=google header.b=aqlwXtpW; spf=pass (domain: konsulko.com, ip: 209.85.219.43, mailfrom: scott.murray@konsulko.com) Received: by mail-qv1-f43.google.com with SMTP id 6a1803df08f44-704c5464aecso19772606d6.0 for ; Fri, 18 Jul 2025 07:11:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=konsulko.com; s=google; t=1752847871; x=1753452671; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=9HWPtE7Ioi+w+7N0ut6SV8GixOh1gwth+6J1S0suc9I=; b=aqlwXtpWGA71v/VakT32Vf+ClA+s5GSILkNwmnwmLvBHdDP6HkeZR7QRU+vumLWNLs liA8ruxgEyO93BlgIigATu/aT9xpI4Rh1TIk79RbzF/UlDdTbxLL8xyvsurpMAk/SrT+ 3qAIVJsNIbwuk16s8ihz32QaKK9VghhnjtyrQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752847871; x=1753452671; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9HWPtE7Ioi+w+7N0ut6SV8GixOh1gwth+6J1S0suc9I=; b=k6Mts4v8P8dXe5SNNlPMouMws3FrXsC2BMnWlBSAPAeT7CvpQGc1yh14ygPe7328Kl ltUCYAP/75uN7mma+w5uSSvt7APNhrb/nE6PutFAU0UY4aXsnwhmgWMbiBB7Wf8feYNR rHDIt0qJu/CbGpkkrzBh3stdn9eg3t5xiZX4su6lZipMaNdDG+deREQKoBGlLDZvyzZf eIW8Zx7O9ZI5Bsg7yv4idBiE/AnymjJepq+RzwD3Eod0hipIaBy2HbzBAwwXYFtXuQwj RXVlTKeSt3ZxnDqrDdhI8KIybBh8AmvcTmWRlDO9kImDvqv0E5pE02QLh/JOJbGBh6Tt rV+g== X-Gm-Message-State: AOJu0YxRMmGxft7tcz4nBFyNfX3EudfGZNq8DRp7NynRtaNbo1FYaOXW PfA21zlA6ZTmUaM/LG14GkW/9eL4nFeHlGIy+gvu8/6z/07sw8U0WpQKWWYv95zNF59EF2iOv56 N5ROG X-Gm-Gg: ASbGnct3C/1GSsO0CoF32DlvRWQ1t6VjV0uLvW5uOifZPPHlhfyNUOrDl0kukTf3Wp1 kAR4A3QfuXNIpItqfTY9o3ouorqonNxlyJhb9Q3dDqjW75XIFl5FYLfEthLpNXScUwLNW42GotK vBLJnYvja8vfMCiDy7sWNRK72mnuVho183UOx7euJ43mePGIoqK34St/fvbTHEvOyiUpfilLyjc RcfxGWZetfvyFIz7rHRk6vViNVZ/PQoIdbHx+jGQCJNhQA1hkh4ixh/vbN9Obt9VGXQBBpJWTGP EUA4Gz31Lhf/IYDYACnSY0dh2+d2vcSstaE6eEychIXbLNQMlw7CKt1nNlXLtci+URj5AYU668b wgu6FyMdajZPwfPsNtU9YHt3k4nQHaAbj+wAfTrswb/USUOtCz4XsGJ0SPQHGtJDEu9lJSJotFg == X-Google-Smtp-Source: AGHT+IH6mNXF3O+UbPzgh4Td2Q6Qdd7VimZdZE7rVZdDQE0hNw+esIi2lSscfodK/tPljZBHvb5H+g== X-Received: by 2002:a05:6214:468d:b0:6fb:4b73:79f7 with SMTP id 6a1803df08f44-704f6b37ab1mr138653486d6.41.1752847870965; Fri, 18 Jul 2025 07:11:10 -0700 (PDT) Received: from ghidorah.spiteful.org (107-179-213-3.cpe.teksavvy.com. [107.179.213.3]) by smtp.gmail.com with ESMTPSA id af79cd13be357-7e356a0732dsm92368785a.0.2025.07.18.07.11.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 18 Jul 2025 07:11:10 -0700 (PDT) From: Scott Murray To: yocto-patches@lists.yoctoproject.org Cc: marta.rybczynska@ygreky.com Subject: [meta-security][PATCH 2/4] scap-security-guide: disable ptest Date: Fri, 18 Jul 2025 10:10:57 -0400 Message-ID: X-Mailer: git-send-email 2.50.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 18 Jul 2025 14:11:13 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/1813 From: Yi Zhao Enabling ptest will significantly increase build time. Additionally, since the ptest distro_feature is enabled by default in poky distro, build time can be very long, which is annoying. On my build host: Enable ptest: $ time build scap-security-guide real 219m54.529s user 0m49.040s sys 0m1.304s Disable ptest: $ time build scap-security-guide real 1m25.222s user 0m3.306s sys 0m0.166s Since no one cares about this ptest and no one fixes the test failures. Let's disable it. Signed-off-by: Yi Zhao Signed-off-by: Scott Murray --- .../scap-security-guide/files/run-ptest | 7 --- .../scap-security-guide_0.1.77.bb | 52 +------------------ 2 files changed, 1 insertion(+), 58 deletions(-) delete mode 100644 recipes-compliance/scap-security-guide/files/run-ptest diff --git a/recipes-compliance/scap-security-guide/files/run-ptest b/recipes-compliance/scap-security-guide/files/run-ptest deleted file mode 100644 index e8d270f..0000000 --- a/recipes-compliance/scap-security-guide/files/run-ptest +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -export PYTHONPATH="/usr/lib/scap-security-guide/ptest/git:$PYTHONPATH" - -cd git/build - -ctest --output-on-failure -E unique-stigids diff --git a/recipes-compliance/scap-security-guide/scap-security-guide_0.1.77.bb b/recipes-compliance/scap-security-guide/scap-security-guide_0.1.77.bb index a082a70..cdd22a5 100644 --- a/recipes-compliance/scap-security-guide/scap-security-guide_0.1.77.bb +++ b/recipes-compliance/scap-security-guide/scap-security-guide_0.1.77.bb @@ -9,7 +9,6 @@ LICENSE = "BSD-3-Clause" SRCREV = "c1e1ba121d32b3c319b0e25ee2993b62386e5857" SRC_URI = "git://github.com/ComplianceAsCode/content.git;nobranch=1;protocol=https \ file://run_eval.sh \ - file://run-ptest \ " @@ -17,7 +16,7 @@ DEPENDS = "openscap-native python3-pyyaml-native python3-jinja2-native libxml2-n B = "${S}/build" -inherit cmake pkgconfig python3native python3targetconfig ptest +inherit cmake pkgconfig python3native python3targetconfig STAGING_OSCAP_BUILDDIR = "${TMPDIR}/work-shared/openscap/oscap-build-artifacts" export OSCAP_CPE_PATH = "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/cpe" @@ -40,57 +39,8 @@ do_install:append() { install ${UNPACKDIR}/run_eval.sh ${D}${datadir}/openscap/. } -do_compile_ptest() { - cd ${S}/build - cmake ../ - make -} - -do_install_ptest() { - - # remove host & work dir from tests - for x in $(find ${S}/build -type f) ; - do - sed -e 's#${HOSTTOOLS_DIR}/##g' \ - -e 's#${RECIPE_SYSROOT_NATIVE}##g' \ - -e 's#${UNPACKDIR}#${PTEST_PATH}#g' \ - -e 's#/.*/xmllint#/usr/bin/xmllint#g' \ - -e 's#/.*/oscap#/usr/bin/oscap#g' \ - -e 's#/python3-native##g' \ - -i ${x} - done - - for x in $(find ${S}/build-scripts -type f) ; - do - sed -i -e '1s|^#!.*|#!/usr/bin/env python3|' ${x} - done - - for x in $(find ${S}/tests -type f) ; - do - sed -i -e '1s|^#!.*|#!/usr/bin/env python3|' ${x} - done - - for x in $(find ${S}/utils -type f) ; - do - sed -i -e '1s|^#!.*|#!/usr/bin/env python3|' ${x} - done - - PDIRS="apple_os build controls products shared components applications linux_os ocp-resources tests utils ssg build-scripts" - t=${D}/${PTEST_PATH}/git - for d in ${PDIRS}; do - install -d ${t}/$d - cp -fr ${S}/$d/* ${t}/$d/. - done - - # Remove __pycache__ directories as they contain references to TMPDIR - for pycachedir in $(find ${D}/${PTEST_PATH} -name __pycache__); do - rm -rf $pycachedir - done -} - FILES:${PN} += "${datadir}/xml ${datadir}/openscap" RDEPENDS:${PN} = "openscap" -RDEPENDS:${PN}-ptest = "cmake grep sed bash git python3 python3-modules python3-pyyaml python3-pytest libxml2-utils libxslt-bin" COMPATIBLE_HOST:libc-musl = "null" From patchwork Fri Jul 18 14:10:58 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Scott Murray X-Patchwork-Id: 67107 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9F7F5C83F3B for ; Fri, 18 Jul 2025 14:11:13 +0000 (UTC) Received: from mail-qk1-f182.google.com (mail-qk1-f182.google.com [209.85.222.182]) by mx.groups.io with SMTP id smtpd.web10.21830.1752847873031736043 for ; Fri, 18 Jul 2025 07:11:13 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@konsulko.com header.s=google header.b=Z73jBILJ; spf=pass (domain: konsulko.com, ip: 209.85.222.182, mailfrom: scott.murray@konsulko.com) Received: by mail-qk1-f182.google.com with SMTP id af79cd13be357-7e182e4171bso222365385a.3 for ; Fri, 18 Jul 2025 07:11:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=konsulko.com; s=google; t=1752847872; x=1753452672; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=B9M93dSYHu2d3PKS69ZDBnikVN6EHt2Yubky/6THd+Q=; b=Z73jBILJbnywYqXP0d8mUIwRL6mSh36pXl1Llw6O2NyM121Gt/DkY0OILDXvL+7Gky bNUZTVEqrW/3vrQrlCeLzUGyeCwuGuzp/6djb7j9v4IXu5rRsh1ai3NK0yb1TtaealfJ Ju0TB41OJVHFs+fODi9Bws7ARPYmuhZx/hCPw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752847872; x=1753452672; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=B9M93dSYHu2d3PKS69ZDBnikVN6EHt2Yubky/6THd+Q=; b=OSIUUhh2KYsX19RWAti8E3OEOdOTTHB+YLGmi6Jk0BOFzmztd+bvAhIalL1MWARlqe w/nuY3gZmTZQxo2qaIpCI/xCfF/beFI1U+WWqIC3SkrMeFol2dADjE7aT8Xel/2g9l5K EM1KrqyuMC2pBYHiV8rnjP3EwNSMVM66Ksaj1mdJi6fM5i5Zg1WiF5dTK1TX3Zspem5M hwiRftw5AeCXcwmwEhbKGhSkzaN1aVEmnjgtg6n4r4LwFb7FiLAhmU53IixJINa7dk2o phHhsWXkxm2FQlc1fYCVCltA4P34AxOIIzkD8ST3OHnqd+obmnMy54ncyeqhDjsS6a/s WeWw== X-Gm-Message-State: AOJu0YyU2+LvaZXawmow7JLwFNqyHzbjtiQ6M2AINZW4j9C2uInVi2bB e9fLIQy+zBP+FHmxDDsIr6eJkc9iGjex6USMCjBtA4ucsI17kzSKNqOQOENLHBX+0xIwbvM70Cv AsYYv X-Gm-Gg: ASbGncuOvzx4Jf6iYZfzJrL9IWfF1tYaXjYyTwyk9LBnqjE+X2jyx1SKIZj7YEyIGsp 88YZAwIOdBqJl4aNDRBRBjX4JDUy5ACuECPY0LVXBNnqU3FQhvgiVff/laqZ4opLu+OHrfyuhEN jXmEz8KQsQkGjq4Gv//it2LQcHYMSnJHpkAxqtHA/6tFR3qs5KxOh5qkRx9EBF/4uz5aR1b3tfT svqYgrBpDXQUEsHCDJ8FaOOq32K1PjjmUdopQtpJUVzLPAgFsms7xo7o5olH2RXDFU/QtZKwFwA VpxOX53XVgPYaPfIl0N6UfcwpZ86bEsw6xJjzgyC7NsEU88UMewYAhtmQCoB6gDrr3h9nYG+JQo XoFlIYEHRTbQcpHYjSdwk1VbBYO7kv4jckykywYr9EplPYXJPearBNxQubeqNzYif7izI3wMSOA == X-Google-Smtp-Source: AGHT+IGXV/3iEWAGaxGdVO1jR7VEX1y6ZbErXG76YW+AYtYwf1z0XEwX3ObhzMxwxfOMEf3jU4z/ag== X-Received: by 2002:a05:6214:5681:b0:704:949e:9514 with SMTP id 6a1803df08f44-704f6a907d8mr184183566d6.19.1752847871637; Fri, 18 Jul 2025 07:11:11 -0700 (PDT) Received: from ghidorah.spiteful.org (107-179-213-3.cpe.teksavvy.com. [107.179.213.3]) by smtp.gmail.com with ESMTPSA id af79cd13be357-7e356a0732dsm92368785a.0.2025.07.18.07.11.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 18 Jul 2025 07:11:11 -0700 (PDT) From: Scott Murray To: yocto-patches@lists.yoctoproject.org Cc: marta.rybczynska@ygreky.com Subject: [meta-security][PATCH 3/4] suricata: fix "interface" arg in systemd service Date: Fri, 18 Jul 2025 10:10:58 -0400 Message-ID: X-Mailer: git-send-email 2.50.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 18 Jul 2025 14:11:13 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/1814 From: Clayton Casciato Fix service startup https://docs.suricata.io/en/suricata-7.0.0/command-line-options.html#cmdoption-i Signed-off-by: Clayton Casciato Signed-off-by: Scott Murray --- recipes-ids/suricata/files/suricata.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes-ids/suricata/files/suricata.service b/recipes-ids/suricata/files/suricata.service index a99a76e..bd7010d 100644 --- a/recipes-ids/suricata/files/suricata.service +++ b/recipes-ids/suricata/files/suricata.service @@ -9,7 +9,7 @@ Documentation=https://redmine.openinfosecfoundation.org/projects/suricata/wiki Type=simple CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW RestrictAddressFamilies= -ExecStart=/usr/bin/suricata -c /etc/suricata/suricata.yaml eth0 +ExecStart=/usr/bin/suricata -c /etc/suricata/suricata.yaml -i eth0 ExecReload=/bin/kill -HUP $MAINPID PrivateTmp=yes ProtectHome=yes From patchwork Fri Jul 18 14:10:59 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Scott Murray X-Patchwork-Id: 67109 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9C6ADC83F17 for ; Fri, 18 Jul 2025 14:11:23 +0000 (UTC) Received: from mail-qk1-f174.google.com (mail-qk1-f174.google.com [209.85.222.174]) by mx.groups.io with SMTP id smtpd.web11.22067.1752847873682369345 for ; Fri, 18 Jul 2025 07:11:13 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@konsulko.com header.s=google header.b=AH7pJlHI; spf=pass (domain: konsulko.com, ip: 209.85.222.174, mailfrom: scott.murray@konsulko.com) Received: by mail-qk1-f174.google.com with SMTP id af79cd13be357-7e32c95775aso206337185a.3 for ; Fri, 18 Jul 2025 07:11:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=konsulko.com; s=google; t=1752847872; x=1753452672; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=JyfwPjr4aiDBcR7zyq8OiX3qeV3uJUV0T463+JFxXtk=; b=AH7pJlHIsG9KvUoO4YJBBBqokriDKigYVi7XOXcWRELmTCh+1YadLI4220U/tS+WQn SPnMjUxlc4um0T67P5u7LZGfczwQ7S6WEqC0aMekRfAlwZnGNbkEqQ3rOz9UJlCDaKXA yA6c8m9i5HSK8TTo0cxKaBhWgUBHGEPmtMWz8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752847872; x=1753452672; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=JyfwPjr4aiDBcR7zyq8OiX3qeV3uJUV0T463+JFxXtk=; b=iJTawrNYB2+uFnaUjTjgaWKjGKr3MKr6kS1VQojaVeyVeFxCjlXoJcNapehGxVszBa xbMpyZN5O5Rx02vyLxJQQvNPydbUFZz2MLUdUxLYdDATK9Ztwzc2zXGjl6FtkOqalHxs DCdlGPml6HIUS3bh9awb42c5RgB4Tv3jXNzwyWwFw7rrPZdP3ZM4cma1UaoZn9uH5OMj g1xwviDnOxKwSfoMADkIuefluDsd2Q4uWWuQu+H87NzFr8RVVLQseU0RXloGTc0LN2TZ 2iwQp/m0eiSNHTU8LXc1FbCTUgFlSJSvsiWN74UlJGhms9Ign6WNUTksB1OIT2EvVb7v 4hmg== X-Gm-Message-State: AOJu0YxJb8Bowy0nKCh+g7XZPLsFXEJXaZds5Apv5wnF/NiK38IEZ3kO j+Ade4JKGjC/tuHTEX6O957n0DzIuDLIu77Ddk+vN90MgGQ/DnSrMnE0EIZgHn6AZUkA8POCUXC FMgIt X-Gm-Gg: ASbGncuxw82hF6epWTjiO+VOilVFdhIzr8/sJ68APchv9jr6239fxyS/onhjnsu62jj UsiuZQZElT7Iq4cLFuYpHIKxvSZQ+EUdIyjdTJpL2ClX0+H6ELBdu3JHifSTiWYQy6NgIUlQh5a AXW5Yg8+ae5KyrXPoQetkexC0O+wyZwAuCJ4JYeTQfMnymeJyQctlJevNCBZyXWKbI0+1r2QuWJ ggjdLc2WVYAkHi7BVg+bJy7frqSOrr79W/+dZ4V2T6+juLNuIiAjltMyDfsk327hmUzv1ncrx8a kyUaO6WYAhP2WZ0r8pQvZnq3o8pBlES91WuFvHsnqB7zmjQyCUQ2OMhjXDGAL2VcFqWIASCTkbj hankihb42APfKd+Bx8FjWYYQlnB7o1cvi3VSv2aQ+l7tvE9EdYdSZtxnJvQuG0+bmFS6JySCgHw == X-Google-Smtp-Source: AGHT+IF3LI6wrq4yAK5ghkAVgOGhpO0HSQsfrNcDIJ2hXYcbfVwGxPF9YEfGHsmv5cyOq77pEAgMNg== X-Received: by 2002:a05:620a:7109:b0:7e3:4b99:9e7e with SMTP id af79cd13be357-7e34b99a4ebmr1249544285a.25.1752847872290; Fri, 18 Jul 2025 07:11:12 -0700 (PDT) Received: from ghidorah.spiteful.org (107-179-213-3.cpe.teksavvy.com. [107.179.213.3]) by smtp.gmail.com with ESMTPSA id af79cd13be357-7e356a0732dsm92368785a.0.2025.07.18.07.11.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 18 Jul 2025 07:11:12 -0700 (PDT) From: Scott Murray To: yocto-patches@lists.yoctoproject.org Cc: marta.rybczynska@ygreky.com Subject: [meta-security][PATCH 4/4] samhain: Adapt test output to Automake format for ptest compatibility Date: Fri, 18 Jul 2025 10:10:59 -0400 Message-ID: <06bd60600e8db1b843cf5cc0f074a11eac7e9a80.1752846514.git.scott.murray@konsulko.com> X-Mailer: git-send-email 2.50.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 18 Jul 2025 14:11:23 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/1815 From: Haixiao Yan Convert CuTest output to follow Automake-compatible format (PASS:/FAIL:) so that ptest-runner can correctly parse and report test results. root@qemux86-64:~# ptest-runner samhain-standalone -t 3600 START: ptest-runner 2025-07-06T09:38 BEGIN: /usr/lib64/samhain-standalone/ptest PASS: Test_quote_string_ok PASS: Test_unquote_string_ok PASS: Test_csv_escape_ok PASS: Test_tiger PASS: Test_tiger_file PASS: Test_tiger_file_with_length PASS: Test_sh_tools_safe_name_01 PASS: Test_sh_tools_safe_name_02 PASS: Test_sh_tools_safe_name_03 PASS: Test_sh_tools_safe_name_04 PASS: Test_sh_tools_safe_name_05 PASS: Test_sh_tools_safe_name_06 PASS: Test_sh_tools_safe_name_07 PASS: Test_is_numeric_01 PASS: Test_dnmalloc PASS: Test_sh_unix_lookup_page PASS: Test_sl_strlcpy PASS: Test_sl_strlcat PASS: Test_sh_util_acl_compact PASS: Test_sh_util_strdup_ok PASS: Test_sh_util_strconcat_ok PASS: Test_sh_util_base64_enc_ok PASS: Test_sh_util_dirname_ok PASS: Test_sh_util_basename_ok PASS: Test_sh_util_utf8_ok PASS: Test_sh_util_obscure_ok PASS: Test_sl_stale PASS: Test_sl_snprintf PASS: Test_sl_ts_strncmp PASS: Test_sl_strcasecmp PASS: Test_zAVLTree PASS: Test_sha256 PASS: Test_entropy PASS: Test_fifo PASS: Test_file_lists PASS: Test_file_dequote PASS: Test_uuid PASS: Test_ignore_ok PASS: Test_inotify PASS: Test_ipvx PASS: Test_login PASS: Test_login PASS: Test_portcheck_lists PASS: Test_processcheck_watchlist_ok PASS: Test_processcheck_listhandle_ok PASS: Test_restrict PASS: Test_cmdlist PASS: Test_srp PASS: Test_string DURATION: 0 END: /usr/lib64/samhain-standalone/ptest 2025-07-06T09:38 STOP: ptest-runner TOTAL: 1 FAIL: 0 root@qemux86-64:~# Signed-off-by: Haixiao Yan Signed-off-by: Scott Murray --- ...t-output-to-match-Automake-standards.patch | 102 ++++++++++++++++++ recipes-ids/samhain/samhain.inc | 1 + 2 files changed, 103 insertions(+) create mode 100644 recipes-ids/samhain/files/0001-Format-test-output-to-match-Automake-standards.patch diff --git a/recipes-ids/samhain/files/0001-Format-test-output-to-match-Automake-standards.patch b/recipes-ids/samhain/files/0001-Format-test-output-to-match-Automake-standards.patch new file mode 100644 index 0000000..eccd242 --- /dev/null +++ b/recipes-ids/samhain/files/0001-Format-test-output-to-match-Automake-standards.patch @@ -0,0 +1,102 @@ +From 065813e5ec274942c4e8803d813ae863fb17313f Mon Sep 17 00:00:00 2001 +From: Haixiao Yan +Date: Sun, 6 Jul 2025 14:34:08 +0800 +Subject: [PATCH] Format test output to match Automake standards + +Upstream-Status: Pending + +Signed-off-by: Haixiao Yan +--- + src/CuTest.c | 63 +++++++++++++++-------------------------------- + src/make-tests.sh | 1 - + 2 files changed, 20 insertions(+), 44 deletions(-) + +diff --git a/src/CuTest.c b/src/CuTest.c +index c1884daedbd8..44007fdb97ff 100644 +--- a/src/CuTest.c ++++ b/src/CuTest.c +@@ -302,49 +302,26 @@ void CuSuiteRun(CuSuite* testSuite) + } + } + +-void CuSuiteSummary(CuSuite* testSuite, CuString* summary) +-{ +- int i; +- for (i = 0 ; i < testSuite->count ; ++i) +- { +- CuTest* testCase = testSuite->list[i]; +- CuStringAppend(summary, testCase->failed ? "F" : "."); +- } +- CuStringAppend(summary, "\n\n"); +-} +- + void CuSuiteDetails(CuSuite* testSuite, CuString* details) + { +- int i; +- int failCount = 0; +- +- if (testSuite->failCount == 0) +- { +- int passCount = testSuite->count - testSuite->failCount; +- const char* testWord = passCount == 1 ? "test" : "tests"; +- CuStringAppendFormat(details, "OK (%d %s)\n", passCount, testWord); +- } +- else +- { +- if (testSuite->failCount == 1) +- CuStringAppend(details, "There was 1 failure:\n"); +- else +- CuStringAppendFormat(details, "There were %d failures:\n", testSuite->failCount); +- +- for (i = 0 ; i < testSuite->count ; ++i) +- { +- CuTest* testCase = testSuite->list[i]; +- if (testCase->failed) +- { +- failCount++; +- CuStringAppendFormat(details, "%d) %s: %s\n", +- failCount, testCase->name, testCase->message); +- } +- } +- CuStringAppend(details, "\n!!!FAILURES!!!\n"); +- +- CuStringAppendFormat(details, "Runs: %d ", testSuite->count); +- CuStringAppendFormat(details, "Passes: %d ", testSuite->count - testSuite->failCount); +- CuStringAppendFormat(details, "Fails: %d\n", testSuite->failCount); +- } ++ int i; ++ ++ for (i = 0; i < testSuite->count; ++i) ++ { ++ CuTest* testCase = testSuite->list[i]; ++ if (testCase->failed) ++ { ++ CuStringAppendFormat(details, "FAIL: %s\n", testCase->name); ++ } ++ else ++ { ++ CuStringAppendFormat(details, "PASS: %s\n", testCase->name); ++ } ++ } ++ ++ CuStringAppend(details, "\n"); ++ CuStringAppendFormat(details, "# TOTAL: %d\n", testSuite->count); ++ CuStringAppendFormat(details, "# PASS: %d\n", testSuite->count - testSuite->failCount); ++ CuStringAppendFormat(details, "# FAIL: %d\n", testSuite->failCount); + } ++ +diff --git a/src/make-tests.sh b/src/make-tests.sh +index b6cf814e7030..01399ca75775 100755 +--- a/src/make-tests.sh ++++ b/src/make-tests.sh +@@ -45,7 +45,6 @@ cat $FILES | grep '^void Test' | + echo \ + ' + CuSuiteRun(suite); +- CuSuiteSummary(suite, output); + CuSuiteDetails(suite, output); + if (suite->failCount > 0) + fprintf(stderr, "%s%c", output->buffer, 0x0A); +-- +2.34.1 + diff --git a/recipes-ids/samhain/samhain.inc b/recipes-ids/samhain/samhain.inc index 6b8d30e..fc4e423 100644 --- a/recipes-ids/samhain/samhain.inc +++ b/recipes-ids/samhain/samhain.inc @@ -19,6 +19,7 @@ SRC_URI = "https://la-samhna.de/archive/samhain_signed-${PV}.tar.gz \ file://0008-Add-LDFLAGS-variable-for-compiling-samhain_setpwd.patch \ file://0009-fix-build-with-new-version-attr.patch \ file://0010-Fix-initializer-element-is-not-constant.patch \ + file://0001-Format-test-output-to-match-Automake-standards.patch \ " SRC_URI[sha256sum] = "0b5d3534fd60ecf45dfd79bd415e81f7a56eba7f1755771735e204f334033578"