From patchwork Sun Aug 17 21:07:53 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Scott Murray X-Patchwork-Id: 68699 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2742FCA0EE9 for ; Sun, 17 Aug 2025 21:08:13 +0000 (UTC) Received: from mail-qt1-f177.google.com (mail-qt1-f177.google.com [209.85.160.177]) by mx.groups.io with SMTP id smtpd.web11.60905.1755464892716864202 for ; Sun, 17 Aug 2025 14:08:12 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@konsulko.com header.s=google header.b=YToWacrf; spf=pass (domain: konsulko.com, ip: 209.85.160.177, mailfrom: scott.murray@konsulko.com) Received: by mail-qt1-f177.google.com with SMTP id d75a77b69052e-4b109914034so40514211cf.0 for ; Sun, 17 Aug 2025 14:08:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=konsulko.com; s=google; t=1755464891; x=1756069691; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=f6NpVdoYjv6ztK8NR1SpYLt4KiubyrP0KqcKi+6afuc=; b=YToWacrfLsjuw1NYwEXjXv3zcU+5S4oFGPQcb5qEAk9xVkR9vIiMJay1TfUZpvet3K /lRolfeY3l2j70w5vKcIqXu2jG8B3iEw1FZQKrLI1ZzXj8HwjjE+S/zEX16KzHJJiiFK nmxjii0L/kYlc+WR/9sMWdAjFwfOZR6Qsa8pw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1755464891; x=1756069691; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=f6NpVdoYjv6ztK8NR1SpYLt4KiubyrP0KqcKi+6afuc=; b=R5Y5mIIebF/vbwxOFyeRcLK1SM32dR+QhWN81CIwJy6KN+Gm+BQu4t4x7N2Bh6Tj7y PhoRLJw733DaBm9D8B5+dcQy40T+fibm8Ol30zTXZ2D9MJQqDxT5edPHWeWfg0j3OtKR mnoyta6wwNNUUEy6swmSFq6exB1uuanuvBp5MKShLxlEuxvSZE5t2mAESwvDADdhBwMe lp0dKNxeaYalgemv4paXrFfg1FGTUmyrzQ/WcPxGGYoMva+sxByOH2GeUjNmn/Sxo0Bc bVfv3M4XI+l8fSVBXob+QtEXblFG6Unl7cujU2wpF8nBtlUQdJ7S4MdB1DVE9q65WPhs vePA== X-Gm-Message-State: AOJu0Yy7XHJsVe2c+o7l71ABOSKQ3gB2S6EVdqQtYz6tUk586uuR1dj6 DTXrOpaxxLi+2wYY5kIzfrE8sOj9dTE5OldbrCEcjlzwCOMSnda8Dk+LgemwQyLVQL8sP3JaA1Q Spi1p X-Gm-Gg: ASbGnctZMnHLdYbDU7n0Ct6NcdW5JHGA2OuHymEjU4ft+z3V13QvJgiFIkUgaXBXC6H yBTlSaAhXqndMg407BB6T7AHT6fTooFBSgesa8nAtvRloUCziFlFLoDiDfSjSvfq2AfuZMW0B6S XgdsJLTNkjr8LnnM3Zqg2fL/7nMrCGq+A13UguBHOkA8rsK1wyf7edQfn4VYaa+2+72u/liXVYk pFjNaNE0F1hWA+b/0y7acaDt6zfuIZDBjUFKO5zvlMie0f/BeTLlLvVvzkrG1XtLeXZNdOQao6k EXwbFuAKOfq0phZet+Mx+VagaBZqCJ+AiHVOCwlUDx93IgiL01Wyw4++n4QllwUXXAxsWTrGJef mXwWkybPUodeqnH9EWw1ZHkI5MJV4lGkRgRkWleiSqd2HNHD1Jd4CNOI334PVh6mfcwzi9IREag == X-Google-Smtp-Source: AGHT+IHkNcTXITXlfo7CpdSbcjRc8F2Z9P1i78pyXijd4qKosB5tPAXQCDHhsGqxiBLpuznolxpK2Q== X-Received: by 2002:ac8:5f8b:0:b0:4b0:7ae5:c3a4 with SMTP id d75a77b69052e-4b129dd720amr100443401cf.40.1755464891509; Sun, 17 Aug 2025 14:08:11 -0700 (PDT) Received: from ghidorah.spiteful.org (107-179-213-3.cpe.teksavvy.com. [107.179.213.3]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-4b11dddb0f4sm42215661cf.38.2025.08.17.14.08.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 17 Aug 2025 14:08:11 -0700 (PDT) From: Scott Murray To: yocto-patches@lists.yoctoproject.org Cc: marta.rybczynska@ygreky.com Subject: [meta-security][walnascar][PATCH 1/7] scap-security-guide: fix fetch Date: Sun, 17 Aug 2025 17:07:53 -0400 Message-ID: <4df29593668e123146749a450e85fe4ef137071e.1755464538.git.scott.murray@konsulko.com> X-Mailer: git-send-email 2.50.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 17 Aug 2025 21:08:13 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/2024 From: Marta Rybczynska The project does not use release branches; their release model currently rebases the stable branch each release and relies on the release tags to keep the commits referenced. Until their release model changes, just use the release commit with nobranch. See upstream issue [1] for details. [1] https://github.com/ComplianceAsCode/content/issues/13543 Signed-off-by: Marta Rybczynska [tweaked commit message] Signed-off-by: Scott Murray --- .../scap-security-guide/scap-security-guide_0.1.76.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes-compliance/scap-security-guide/scap-security-guide_0.1.76.bb b/recipes-compliance/scap-security-guide/scap-security-guide_0.1.76.bb index 73bd576..8615f97 100644 --- a/recipes-compliance/scap-security-guide/scap-security-guide_0.1.76.bb +++ b/recipes-compliance/scap-security-guide/scap-security-guide_0.1.76.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=9bfa86579213cb4c6adaffface6b2820" LICENSE = "BSD-3-Clause" SRCREV = "616d4363527acb61c6494a97f3ceb47ec90f65fd" -SRC_URI = "git://github.com/ComplianceAsCode/content.git;branch=stable;protocol=https \ +SRC_URI = "git://github.com/ComplianceAsCode/content.git;nobranch=1;protocol=https \ file://run_eval.sh \ file://run-ptest \ " From patchwork Sun Aug 17 21:07:54 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Scott Murray X-Patchwork-Id: 68701 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0ABC9CA0EE4 for ; Sun, 17 Aug 2025 21:08:23 +0000 (UTC) Received: from mail-qt1-f171.google.com (mail-qt1-f171.google.com [209.85.160.171]) by mx.groups.io with SMTP id smtpd.web10.61164.1755464893486311054 for ; Sun, 17 Aug 2025 14:08:13 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@konsulko.com header.s=google header.b=MCHGd+Vu; spf=pass (domain: konsulko.com, ip: 209.85.160.171, mailfrom: scott.murray@konsulko.com) Received: by mail-qt1-f171.google.com with SMTP id d75a77b69052e-4b274838c01so3171051cf.1 for ; Sun, 17 Aug 2025 14:08:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=konsulko.com; s=google; t=1755464892; x=1756069692; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=8cPi+rkuz8le7fGml2RDXF5Cq+8XRqt5TWuZwmKOl4k=; b=MCHGd+VukrDRvDufhXQLGNRDnHVJ4B9iTSYVbHJC7dLJdaiwil+UwATgQPKvHz7T55 qlL64AysNUjm2hDNK7r6H7R/yFcsTP9WjRxHHU/NffKVhwPDBt8oN6+u2io08BDyOifC qsZ/bKDap2ckP35leHpb9VQ4lIXW5eB4FRHCU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1755464892; x=1756069692; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=8cPi+rkuz8le7fGml2RDXF5Cq+8XRqt5TWuZwmKOl4k=; b=jY9gFGMXoE6kGztFwi5EMQvFRZoe0EkCafpVaD1s8eZpbyrX1UglfgvTobTfcLw/Gz ADIOzFKUdxjW2YjpT41BIqXBUlAcVSgRUI52ZLRwVjRSwx+JxlinqtpC6tVD7D3K4XKg o6GTPwo9ezrvW1IbzxWW1pJtB19QX08Mv4FUtsndYc0ZUfaRhZA1xgl5pzJT/c4aG5j6 LDP7mz+qpcuLL9nSEHAhT526f1eeP1E7qiCHhFubw6Q4FBtmySFBnxglA3yktDhx/GnO H0t9Mt6X4EShVW0RsrDogHCIVsglLcyLdH/pbq2wBtKT1oryAKflbJh3zU6btZw1pSbh 3uTg== X-Gm-Message-State: AOJu0Yzp1StwLq+jlhy+a90TnK5FNOerezbKplqUR+NBS0qQIRRdhU7J QQFRnLVMBzenkHes2klqrZWQnczr0MWWJaqPxg7JviqUBX1jSFUB7ZSJPYA0iML6LeGZmlBz6Qt 2qeY1 X-Gm-Gg: ASbGncv/vGJUAsTocrCSywJludKuLmRezjhALVkSCbj6AXg7T76YKtDfnURxOtJ5TYh ucEwFk4Ipu1qpEzfKEi0iKmixGoKpgdeYZ5mEu4WvpphU8LXzWK05sOI3wjktV9vjnKFQuiS9zJ iPhQRFRhYXBA6XETZr/uM+bAoIpwSqEFpxXi+geUR37O4VYEILevj7q/0nnEu557OkQLnvkS5D1 xjH9InQG+0mIuKPub2c1yYa9dgIlu6usYHfDBbvN2Z0h6u5SnDB/OCfRN5LQ85KzxZ1GNNdC4Jf Tw0NKDIp2JEG2X+prM8JZBdTO426E7GNs9lEo4rOzI138rbmS4jYQZM0ioRuccmQNcl0wVr+7gR ktdfDtWpgRBjxi15J42eTdkOkTVRQr/ET54X62EXMz/Ee2PoCsMISffh9eBnYiDnU20dPZ8G6bw == X-Google-Smtp-Source: AGHT+IEeMMEbqzGRIXxh5n4zNYJIhGC4LYMBH67+pCcHX+ejt3JzExuOhruiPpduTascWofn/LJZsA== X-Received: by 2002:ac8:5851:0:b0:4b1:103b:bb70 with SMTP id d75a77b69052e-4b11e32dabbmr125171251cf.62.1755464892303; Sun, 17 Aug 2025 14:08:12 -0700 (PDT) Received: from ghidorah.spiteful.org (107-179-213-3.cpe.teksavvy.com. [107.179.213.3]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-4b11dddb0f4sm42215661cf.38.2025.08.17.14.08.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 17 Aug 2025 14:08:11 -0700 (PDT) From: Scott Murray To: yocto-patches@lists.yoctoproject.org Cc: marta.rybczynska@ygreky.com Subject: [meta-security][walnascar][PATCH 2/7] CI: update build for new CI Date: Sun, 17 Aug 2025 17:07:54 -0400 Message-ID: X-Mailer: git-send-email 2.50.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 17 Aug 2025 21:08:23 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/2025 From: Marta Rybczynska Update for Ubuntu 24.04 runners: - use venv for installing kas - add missing directories Assume that python3 and pip are installed. Signed-off-by: Marta Rybczynska Signed-off-by: Scott Murray --- .gitlab-ci.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 46ab4a9..32ce2b9 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,10 +1,12 @@ .before-my-script: &before-my-script - echo "$ERR_REPORT_USERNAME" > ~/.oe-send-error - echo "$ERR_REPORT_EMAIL" >> ~/.oe-send-error + - echo "$CI_PROJECT_DIR" >> ~/.ci_project_dir - export PATH=~/.local/bin:$PATH - - wget https://bootstrap.pypa.io/get-pip.py - - python3 get-pip.py + - python3 -m venv ~/kas_env/ + - source ~/kas_env/bin/activate - python3 -m pip install kas + - mkdir -p $CI_PROJECT_DIR/build/tmp/log/error-report/ .after-my-script: &after-my-script - cd $CI_PROJECT_DIR/poky From patchwork Sun Aug 17 21:07:55 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Scott Murray X-Patchwork-Id: 68705 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 23D92CA0EF3 for ; Sun, 17 Aug 2025 21:08:23 +0000 (UTC) Received: from mail-qt1-f179.google.com (mail-qt1-f179.google.com [209.85.160.179]) by mx.groups.io with SMTP id smtpd.web10.61166.1755464894207936427 for ; Sun, 17 Aug 2025 14:08:14 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@konsulko.com header.s=google header.b=qvCZQTlZ; spf=pass (domain: konsulko.com, ip: 209.85.160.179, mailfrom: scott.murray@konsulko.com) Received: by mail-qt1-f179.google.com with SMTP id d75a77b69052e-4b1099192b0so59031741cf.0 for ; Sun, 17 Aug 2025 14:08:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=konsulko.com; s=google; t=1755464893; x=1756069693; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=rjHubvCzDzIuUVQgrWIwl5abJ1DlCWTCe/y2DBeMAbg=; b=qvCZQTlZluZEaaQvL4wsZkJd5R1ZB/U9bedBwlzOpHlKW1VD4sucsc5S6gjWIC2KF7 BrIcPMP4vKk3xu4piECDWcXOfWn4Q/hZq8kFFZpFql+UyQdXclI5iXB8sRJhSUV+tllY JDI7VwUNL3ZjwLCR00WbUT0DXSPfJ2QJRLUj4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1755464893; x=1756069693; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=rjHubvCzDzIuUVQgrWIwl5abJ1DlCWTCe/y2DBeMAbg=; b=dxwxDseyLC7N3XD+709xR/H9svU593lSQkUkWYfUz4g0SVhFGLM5mCzoL5TvbpiBiX KStTW8RWONnhBJ5GR1/W1opAxXO5XrDcf5PniEIXERt5/J2uPFzKNyNhxdcOEKEmCtLf KwE5HB8J8vCZu1+8zVO0gYY7WW6kqLWIfl+er1JyN2udcsASdPuBa3mmUVQU4STUj8Kk 4Hyrm0RGXmma2whr2sSV9cnTg5qAGMaM3uT51xuezjciNlC9DsZif89x6jRMwV44733x BoOeB8r1eB4K0erey8auw8sxuTGlErA1rLKOP2A7DLJISmkGb1XCE+WccvJLTPilzsJI hAng== X-Gm-Message-State: AOJu0YzHsKJMoFvqhdb8CX7E/o6gXegkolDYelbYb7sklECnsY9HN5gv pQkfF06vmGlXmnpSkAOlXIlYI0H7fY8UpPWxCdVhDuSJeEc6vjDwBALmtRbzDpffyeexmwtC4mS JIgN3 X-Gm-Gg: ASbGncuAVRaQiYsVRKVGT6TbP77dCTI40cBFMYzXm+Hf6gUON+KV8iL08uXmdnG9gA5 qlEtOU/mdUEPu/3/qg/1yuuMG2dHUbMzgyomGoSrK4rmhg6Y/sXxqJ0VlJsbaQgFHj/eCgbJyFA fc+jDvEXdBiDb1KrYvznERwzj+F7Uvz31IXuS6SYID3YfMujVf1ORBVtisoWLV3NP8iYdzqe1Z3 tvxfcSIg1scmz0XbIOCNik/qFpyWk1WmbsCCAy+BuqbtKOoD86FLaACpmhOPfmuxzUL/IHe94fD cdMDf7kuwZv3pife4pDYNGKzqcNMB8b1kL4D7DnmHEIFl15jSfyHYFtoeYFQMJFza5HLSAXS2GH CdSYas/ey5Fke7XmN27dte7SLumUAym+cP6q/kWG6sET1Z1PjC7aGdhUyDxI1g/o+VihKPr2W/w fvEXikhvW+ X-Google-Smtp-Source: AGHT+IHRq1OfnTHTmI9easF0WDL9sTS/dmrAfditapzVwLNmwZm0zFrArHmH7vIp9JlVyWGIr8vaFQ== X-Received: by 2002:ac8:5d55:0:b0:4ab:6bd2:e25 with SMTP id d75a77b69052e-4b11e1fe7f5mr129510561cf.25.1755464893069; Sun, 17 Aug 2025 14:08:13 -0700 (PDT) Received: from ghidorah.spiteful.org (107-179-213-3.cpe.teksavvy.com. [107.179.213.3]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-4b11dddb0f4sm42215661cf.38.2025.08.17.14.08.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 17 Aug 2025 14:08:12 -0700 (PDT) From: Scott Murray To: yocto-patches@lists.yoctoproject.org Cc: marta.rybczynska@ygreky.com Subject: [meta-security][walnascar][PATCH 3/7] .gitlab-ci.yml: add logging of jobs to files Date: Sun, 17 Aug 2025 17:07:55 -0400 Message-ID: X-Mailer: git-send-email 2.50.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 17 Aug 2025 21:08:23 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/2026 From: Marta Rybczynska Log kas commands to files and export them as artefacts Signed-off-by: Marta Rybczynska Signed-off-by: Scott Murray --- .gitlab-ci.yml | 39 ++++++++++++++++++++++----------------- 1 file changed, 22 insertions(+), 17 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 32ce2b9..628b0e6 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -7,6 +7,7 @@ - source ~/kas_env/bin/activate - python3 -m pip install kas - mkdir -p $CI_PROJECT_DIR/build/tmp/log/error-report/ + - mkdir -p $CI_PROJECT_DIR/log/ .after-my-script: &after-my-script - cd $CI_PROJECT_DIR/poky @@ -28,6 +29,10 @@ stages: stage: base after_script: - *after-my-script + artifacts: + paths: + - $CI_PROJECT_DIR/log/* + when: always .parsec: before_script: @@ -53,72 +58,72 @@ stages: qemux86: extends: .base script: - - kas shell kas/$CI_JOB_NAME.yml -c "bitbake -k security-build-image integrity-image-minimal" - - kas build --target harden-image-minimal kas/$CI_JOB_NAME-harden.yml + - kas shell kas/$CI_JOB_NAME.yml -c "bitbake -k security-build-image integrity-image-minimal" 2>&1 | tee $CI_PROJECT_DIR/log/qemux86_security_image.txt + - kas build --target harden-image-minimal kas/$CI_JOB_NAME-harden.yml 2>&1 | tee CI_PROJECT_DIR/log/qemux86_harden_image.txt qemux86-musl: extends: .musl needs: ['qemux86'] script: - - kas build --target security-build-image kas/$CI_JOB_NAME.yml + - kas build --target security-build-image kas/$CI_JOB_NAME.yml 2>&1 | tee $CI_PROJECT_DIR/log/qemux86_musl_security_image.txt qemux86-parsec: extends: .parsec needs: ['qemux86'] script: - - kas build --target security-parsec-image kas/$CI_JOB_NAME.yml + - kas build --target security-parsec-image kas/$CI_JOB_NAME.yml 2>&1 | tee $CI_PROJECT_DIR/log/qemux86_parsec_security_image.txt qemux86-test: extends: .test needs: ['qemux86'] allow_failure: true script: - - kas build --target security-test-image kas/$CI_JOB_NAME.yml - - kas build -c testimage --target security-test-image kas/$CI_JOB_NAME.yml + - kas build --target security-test-image kas/$CI_JOB_NAME.yml 2>&1 | tee $CI_PROJECT_DIR/log/qemux86_test_security_image.txt + - kas build -c testimage --target security-test-image kas/$CI_JOB_NAME.yml 2>&1 | tee $CI_PROJECT_DIR/log/qemux86_testimage_security_image.txt qemux86-64: extends: .base script: - - kas shell kas/$CI_JOB_NAME.yml -c "bitbake -k core-image-minimal security-build-image security-tpm-image security-tpm2-image integrity-image-minimal" - - kas build --target dm-verity-image-initramfs kas/$CI_JOB_NAME-dm-verify.yml - - kas build --target security-build-image kas/$CI_JOB_NAME-alt.yml + - kas shell kas/$CI_JOB_NAME.yml -c "bitbake -k core-image-minimal security-build-image security-tpm-image security-tpm2-image integrity-image-minimal" 2>&1 | tee $CI_PROJECT_DIR/log/qemux86_64_security_image.txt + - kas build --target dm-verity-image-initramfs kas/$CI_JOB_NAME-dm-verify.yml 2>&1 | tee $CI_PROJECT_DIR/log/qemux86_64_dm_verify.txt + - kas build --target security-build-image kas/$CI_JOB_NAME-alt.yml 2>&1 | tee $CI_PROJECT_DIR/log/qemux86_64_security_build_image.txt qemux86-64-parsec: extends: .parsec needs: ['qemux86-64'] script: - - kas build --target security-parsec-image kas/$CI_JOB_NAME.yml + - kas build --target security-parsec-image kas/$CI_JOB_NAME.yml 2>&1 | tee $CI_PROJECT_DIR/log/qemux86_64_parsec_security_image.txt qemuarm: extends: .base script: - - kas build --target security-build-image kas/$CI_JOB_NAME.yml + - kas build --target security-build-image kas/$CI_JOB_NAME.yml 2>&1 | tee $CI_PROJECT_DIR/log/qemuarm_security_image.txt qemuarm-parsec: extends: .parsec needs: ['qemuarm'] script: - - kas build --target security-parsec-image kas/$CI_JOB_NAME.yml + - kas build --target security-parsec-image kas/$CI_JOB_NAME.yml 2>&1 | tee $CI_PROJECT_DIR/log/qemuarm_parsec_security_image.txt qemuarm64: extends: .base script: - - kas shell kas/$CI_JOB_NAME.yml -c "bitbake -k security-build-image security-tpm2-image integrity-image-minimal" - - kas build --target security-build-image kas/$CI_JOB_NAME-alt.yml + - kas shell kas/$CI_JOB_NAME.yml -c "bitbake -k security-build-image security-tpm2-image integrity-image-minimal" 2>&1 | tee $CI_PROJECT_DIR/log/qemuarm64_parsec_security_image.txt + - kas build --target security-build-image kas/$CI_JOB_NAME-alt.yml 2>&1 | tee $CI_PROJECT_DIR/log/qemuarm64_build_security_image.txt qemuarm64-musl: extends: .musl needs: ['qemuarm64'] script: - - kas build --target security-build-image kas/$CI_JOB_NAME.yml + - kas build --target security-build-image kas/$CI_JOB_NAME.yml 2>&1 | tee $CI_PROJECT_DIR/log/qemuarm64_musl_security_image.txt qemuarm64-parsec: extends: .parsec needs: ['qemuarm64'] script: - - kas build --target security-parsec-image kas/$CI_JOB_NAME.yml + - kas build --target security-parsec-image kas/$CI_JOB_NAME.yml 2>&1 | tee $CI_PROJECT_DIR/log/qemuarm64_parsec_security_image.txt qemuriscv64: extends: .base script: - - kas build --target security-build-image kas/$CI_JOB_NAME.yml + - kas build --target security-build-image kas/$CI_JOB_NAME.yml 2>&1 | tee $CI_PROJECT_DIR/log/qemuriscv64_security_image.txt From patchwork Sun Aug 17 21:07:56 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Scott Murray X-Patchwork-Id: 68702 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 17272CA0EDC for ; Sun, 17 Aug 2025 21:08:23 +0000 (UTC) Received: from mail-qt1-f174.google.com (mail-qt1-f174.google.com [209.85.160.174]) by mx.groups.io with SMTP id smtpd.web11.60906.1755464895058193604 for ; Sun, 17 Aug 2025 14:08:15 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@konsulko.com header.s=google header.b=FHPXS8c+; spf=pass (domain: konsulko.com, ip: 209.85.160.174, mailfrom: scott.murray@konsulko.com) Received: by mail-qt1-f174.google.com with SMTP id d75a77b69052e-4b109bcceb9so43291581cf.2 for ; Sun, 17 Aug 2025 14:08:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=konsulko.com; s=google; t=1755464894; x=1756069694; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=SJOI/cuiX62UH61oYe3T1KaZsu34snUNWqf+ckIKaSA=; b=FHPXS8c+OeNmhACqReGQ1Ia9U7ECZ1418mr6QWXeRtGjGq9bqpqK7EsJCOCjeA5zsg toGYulTQjqbL1uOaLc+2974B1XdvKPESqrJHml8FkgU0QwYMcFmc2veu1GG7JCmy6I4W Z0eksAMjCn/b0j6FAigZbzBxCnH4tn0rr+Hhw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1755464894; x=1756069694; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=SJOI/cuiX62UH61oYe3T1KaZsu34snUNWqf+ckIKaSA=; b=kW3YZsgh4haTxLqb/KjOE4nSuSfeh/c7MoFndtgz/beu0gQLYnNeeTKVpeNODpUSYR w4EGS4ARnLN6Eihdh714l1sZgQA75OktUZzQsOCrkAolc3ESmjYTpahY7NOLaicnbZyB CEEExkLGNlAEx/6cUCqBomrE2QnGNy9NqPh5g+5P6MS8iNhdKekuMgs0V4LJyyM1ezQC Sj9WzurAN71lpab7yHNa2RPh5GhBS+CeqDhEx9OhnN5/mKVIx366ZB+FxX5NWn9WfSx8 4heglBrqkfa2gk5Jp1KGQAfSK7SSg+K2gSPO2RPBklyW+/b0U+y5GUslfs6ezfziC3rf 4wAA== X-Gm-Message-State: AOJu0Yw8fFSTl3vFPS+ht96rRy11aAwyDlaI6pXovnaAar3Kg0i1eyaL yiB4H+5kUGAAZO3zyFqsAt2ON1eD+hjLNipyH64nQyq1WCGP007xPAZsZ81v3JJlCRPSMX9bx13 XoV8T X-Gm-Gg: ASbGncuu81Y764REU7CHmwL4Uleq82PKB5ccX5mLSLBcVmN9uuxMW6n10vD8yIThYXu 68CYJjsqw0XOlDC2PUVC3UKvsSgP6YPmnEuSIkqiWBOULE1uEInG8uSvLGPU0GVH2fDjUeVSaya ggPmYLAvRix7LU0JAOEgJHGb9bnCk7jNXgNJ4t4zeNSGJr3JW+8bcjURlRRCVVYA9UHFN5GBYGF BCYCsl4/qToOIKH5iPEqUT+n+WBeFq+NHB+Fdsnq03vomsLnWsDa9+Qf+sZhMe9zFqpm7XhFEOQ GrxJMbF/JQOWmQVGB1bDq54kxwpkV6rXilZ4G0T69JHTmEH0XLfRK5jF2LPz8Uc5YTIhQDk3kzl Dzqe8dyEvDbJe0ZbUfy3/ibh3veMIx95OiuBuyVN8/7YJRyvfsVjQm9pmdqc1ieXdQ/5OrMq/c+ QzmDboCutg X-Google-Smtp-Source: AGHT+IEzt14DFzA2xwnJ+Gna3A/BuHUiIMhkUH+l6Uy6KAJfSwH2A0GW5LvBg41ZeQCApswTYpzLFQ== X-Received: by 2002:a05:622a:5e1b:b0:4b1:2457:5aa2 with SMTP id d75a77b69052e-4b124575d14mr60731491cf.59.1755464893819; Sun, 17 Aug 2025 14:08:13 -0700 (PDT) Received: from ghidorah.spiteful.org (107-179-213-3.cpe.teksavvy.com. [107.179.213.3]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-4b11dddb0f4sm42215661cf.38.2025.08.17.14.08.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 17 Aug 2025 14:08:13 -0700 (PDT) From: Scott Murray To: yocto-patches@lists.yoctoproject.org Cc: marta.rybczynska@ygreky.com Subject: [meta-security][walnascar][PATCH 4/7] gitlab-ci.yml: fix file redirection for qemux86 build logs Date: Sun, 17 Aug 2025 17:07:56 -0400 Message-ID: <9947033c9268678ea716752d5893a4f8e49b3ca3.1755464538.git.scott.murray@konsulko.com> X-Mailer: git-send-email 2.50.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 17 Aug 2025 21:08:23 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/2027 From: Marta Rybczynska Signed-off-by: Marta Rybczynska --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 628b0e6..80b2dfd 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -59,7 +59,7 @@ qemux86: extends: .base script: - kas shell kas/$CI_JOB_NAME.yml -c "bitbake -k security-build-image integrity-image-minimal" 2>&1 | tee $CI_PROJECT_DIR/log/qemux86_security_image.txt - - kas build --target harden-image-minimal kas/$CI_JOB_NAME-harden.yml 2>&1 | tee CI_PROJECT_DIR/log/qemux86_harden_image.txt + - kas build --target harden-image-minimal kas/$CI_JOB_NAME-harden.yml 2>&1 | tee $CI_PROJECT_DIR/log/qemux86_harden_image.txt qemux86-musl: extends: .musl From patchwork Sun Aug 17 21:07:57 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Scott Murray X-Patchwork-Id: 68704 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 172C8CA0EF1 for ; Sun, 17 Aug 2025 21:08:23 +0000 (UTC) Received: from mail-qt1-f175.google.com (mail-qt1-f175.google.com [209.85.160.175]) by mx.groups.io with SMTP id smtpd.web10.61167.1755464896085564934 for ; Sun, 17 Aug 2025 14:08:16 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@konsulko.com header.s=google header.b=gD1BGxcD; spf=pass (domain: konsulko.com, ip: 209.85.160.175, mailfrom: scott.murray@konsulko.com) Received: by mail-qt1-f175.google.com with SMTP id d75a77b69052e-4b274838c01so3171461cf.1 for ; Sun, 17 Aug 2025 14:08:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=konsulko.com; s=google; t=1755464895; x=1756069695; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=TYuh9666F2g4zL/6vjCO7tcYSpSKhtpBAcs6JPJTzK8=; b=gD1BGxcDfWDlXYIewEzMgAEpqLvu5wE7yeHSwmF3VLWe4T0FBVQxSd0O4/a6Utu+Iv 0h+MiXp3foP0zxmPPWIHcxZZv8vCXS4xqdQRXAEg8+9MyzfPejTxx++cESDU3T+kDVt6 LvyOExxUq+vtV7coY/jnuwahGUs6Vdpl6t6Ms= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1755464895; x=1756069695; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=TYuh9666F2g4zL/6vjCO7tcYSpSKhtpBAcs6JPJTzK8=; b=ZcdyMQ2IALlzs/EziHcDp0U+ckjt+ooy2FzHkGCfPAPN262Ilblra2SXzBgVuveLjS KKwYCo0Ze+5Z+SAGK1KiYPDEFHZesoQiaD+qN0Aafbo8NuPosxXGfdds80cbXOxHakQM DfgoSimVFuDudITXsINL/nkSy+TrgSfAxdhSvH8r/qmHmKwVep/5ZpCmz115r+BwjNt/ roOFVxsyuw8aieTKH8s6U2H33Wu/2VjHae6xqUUFAaIl1XTIVmXIWbVgiMB2QU2eZnT9 v6/Cs6ajVxL33ul168iF/PZFKeTCPHTv7RXcqecRzi9uSgi1ouAX6UduhAlyf9lr8SH+ LpTQ== X-Gm-Message-State: AOJu0YwI3m3+rBmyo+zIXcrMgdh0toXW+JH5VyyDwFWIu8wrsn5p7kH+ i8EIzIShE7ZSTGid4cRBHTcqrA3oddpJFuPhjpJIP3l83wXSeDTBvu2EWa3rIxpnyqIdkkUMjd9 avR1r X-Gm-Gg: ASbGncuJbnIQx6IQ+zyyhcXJjDi6ckgUH2PwgbaDGtmIwqXpkTRWVYSQm8ovwkjNQKK fOQtCQrDRTZENYITIUuHjA72G2TZOqjU4+ceg78MRHKRXreZHtDsU/j28Xef200wHZxB382ALr7 U0lx+SwYDVIJ3wg+7qJNiVH5QtfbSXCgSoDU7nWZi2FtmcKQqmbzC1xfFD9HNHcwFylm98VaLO+ 5Dfq14MeZpkAY6cvojYdYHjbsgWkksgUDSSLZv5na3Ab4PmQQ96ICYf1VbiXk5JKgo8/EbN7l9F 7ZfnatM+OddTGbqBnd/1TsmpA7QERYLmDX4MCkXdaYWeyVlAlPmvyZ75A3aV2xzGm8fXX9ZIv9U dMHHKx4FqkVMeZsgVdDLrcHbReZgYtb3QlZGUo2/3P7PE7uR1BaT1HHB9NX2d1FdCDvc62v6YPg == X-Google-Smtp-Source: AGHT+IG66mt8GcchwfR6goSHvl1W2pFoiVyIRnaWnXUTFjroTw7l5Ui0nTat+oWMZP4uT/QCn0MtSA== X-Received: by 2002:ac8:598e:0:b0:4ab:644b:885c with SMTP id d75a77b69052e-4b11e0fd96fmr142714831cf.12.1755464894843; Sun, 17 Aug 2025 14:08:14 -0700 (PDT) Received: from ghidorah.spiteful.org (107-179-213-3.cpe.teksavvy.com. [107.179.213.3]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-4b11dddb0f4sm42215661cf.38.2025.08.17.14.08.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 17 Aug 2025 14:08:14 -0700 (PDT) From: Scott Murray To: yocto-patches@lists.yoctoproject.org Cc: marta.rybczynska@ygreky.com Subject: [meta-security][walnascar][PATCH 5/7] checksecurity: update the debian package Date: Sun, 17 Aug 2025 17:07:57 -0400 Message-ID: <5ac5c42ea34eaf75c6ac5b78535f7b913789f31d.1755464538.git.scott.murray@konsulko.com> X-Mailer: git-send-email 2.50.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 17 Aug 2025 21:08:23 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/2028 From: Marta Rybczynska The previously used package (nmu1) is not longer available, use the latest current one (nmu3). The changelog between the two: checksecurity (2.0.16+nmu3) unstable; urgency=medium * Non-maintainer upload. * Fix "missing required debian/rules targets build-arch and/or build- indep": Add targets to debian/rules. (Closes: #999082) * Fix "Removal of obsolete debhelper compat 5 and 6 in bookworm": Bump to 7 in debian/{compat,control}. (Closes: #965448) * Fix some grave packaging errors: - move debhelper from Build-Depends-Indep to Build-Depends - remove temporary files debian/postrm.debhelper and debian/substvars from source package -- gregor herrmann Sun, 26 Dec 2021 01:56:10 +0100 checksecurity (2.0.16+nmu2) unstable; urgency=medium * Non maintainer upload by the Reproducible Builds team. * No source change upload to rebuild on buildd with .buildinfo files. -- Holger Levsen Fri, 01 Jan 2021 19:17:53 +0100 Signed-off-by: Marta Rybczynska Signed-off-by: Scott Murray --- .../recipes-scanners/checksecurity/checksecurity_2.0.16.bb | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/dynamic-layers/meta-perl/recipes-scanners/checksecurity/checksecurity_2.0.16.bb b/dynamic-layers/meta-perl/recipes-scanners/checksecurity/checksecurity_2.0.16.bb index 8006c9f..6a223f8 100644 --- a/dynamic-layers/meta-perl/recipes-scanners/checksecurity/checksecurity_2.0.16.bb +++ b/dynamic-layers/meta-perl/recipes-scanners/checksecurity/checksecurity_2.0.16.bb @@ -4,14 +4,13 @@ SECTION = "security" LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6" -SRC_URI = "http://ftp.de.debian.org/debian/pool/main/c/checksecurity/checksecurity_${PV}+nmu1.tar.gz \ +SRC_URI = "http://ftp.de.debian.org/debian/pool/main/c/checksecurity/checksecurity_${PV}+nmu3.tar.gz \ file://check-setuid-use-more-portable-find-args.patch \ " -SRC_URI[sha256sum] = "9803b3760e9ec48e06ebaf48cec081db48c6fe72254a476224e4c5c55ed97fb0" - -S = "${WORKDIR}/checksecurity-${PV}+nmu1" +SRC_URI[sha256sum] = "12b043dc7b38512cdf0735c7c147a4f9e60d83a397b5b8ec130c65ceddbe1a0c" +S = "${WORKDIR}/checksecurity-${PV}+nmu3" # allow for anylocal, no need to patch LOGDIR="/etc/checksecurity" From patchwork Sun Aug 17 21:07:58 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Scott Murray X-Patchwork-Id: 68703 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 23CD1CA0EF2 for ; Sun, 17 Aug 2025 21:08:23 +0000 (UTC) Received: from mail-qt1-f172.google.com (mail-qt1-f172.google.com [209.85.160.172]) by mx.groups.io with SMTP id smtpd.web11.60909.1755464896934951898 for ; Sun, 17 Aug 2025 14:08:17 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@konsulko.com header.s=google header.b=ifoReMog; spf=pass (domain: konsulko.com, ip: 209.85.160.172, mailfrom: scott.murray@konsulko.com) Received: by mail-qt1-f172.google.com with SMTP id d75a77b69052e-4b1098d1bbaso52914651cf.1 for ; Sun, 17 Aug 2025 14:08:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=konsulko.com; s=google; t=1755464896; x=1756069696; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=GqjKc6tzKpzZeL/nq+vk7am4T1M6SbQXx0jZrDuC4Dk=; b=ifoReMogOxUl7CkyFGp9ffZoF82morTl7rZCGaSlPsqQgl4oupndnmU2A0R6iKUtYV pgOpLPvlehU7MytskoO8tgcsR9OkvHiD0RTSpglb6MLH8RlK7LBbd1DrRL2DNfqEZ9oR EeFgAWV1CNfQe4OkkZMZn/cDvgD6Swl2cc6Qc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1755464896; x=1756069696; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=GqjKc6tzKpzZeL/nq+vk7am4T1M6SbQXx0jZrDuC4Dk=; b=w/M4K9CUTEWuBNt79empjrIUVK0pULe6igjkavcKSXQvkB1vuvZ9hMIp8BiNOcduOx qRsgreIsWMLtuOnjWFRz5ZMEPKfTI8+z1/yqTyEavQexLvC+Xc9nR6R9q0lqxBA7pNPu icqqTxCrmiw3cJ+sx2FeiBFamxc/C+icAaoiNkbvuGqwmkSN/bkgIB0iSrJDNkhh1+nI xVDn9Q2ti10VtiEZonWIiEmO53DfutVxWYEHVhldQng4WwPgFm5kOzJduSW8uTRIeNz3 ZQYqknVcmdqctGBb5jI5/c71aCGadq1LKZ+eFG8FLuz81pB6yvaJyrj/U52B/64eysEu nfsw== X-Gm-Message-State: AOJu0YwJsOK7zJDJLQjTHp3ifEx/Oyaz5Y3026bwzriisVCdQLSDmcKf p0Bjxlnq8rFhaLNpQb3Tv2GQ8TBspT8CxefplwsSNmDeZq+WY/e1775xyH8QEeg7sBvBrl8lvoX MbLn+ X-Gm-Gg: ASbGnctgghRPmvRMi6KTKDxp9hv0bfZm5Jh8UGGPeTA3T8qloTN7b5R9ttKygAagQVN UeX1zXcT1305O4RXi4cSlPVisecgCSPH6IeamGkgGPuwvctS7nC/traHI3ZlKng1TxMlonOtbLy z/cyoEKCeSrUN37QZTUv4T2zW71+KGzOj2hakSPEebqr/7Ha5ZsSZhpGROZn5uB3qRICDCfJ8MS B+8OQeAiakuj8utI4ZbD+NJcRIdoxWIaELcJp2A5+bBxF+SD8ZKY0AvNmxCtPNHgjYKU9YGY15V u8e5/0wfc0c3So3XejZOU1PF1Ig1IdiZXDR9IW1xnTKYC9O8L0lBsk0OZRVgWekknc2D6y6iW4G 30xms4HgaiZlkqUrMA4ylmp3cnTNl4vLvTXqC/or+vtf6ClNw/BU0DQf1z3Ei16/z3IJzTVXVlg == X-Google-Smtp-Source: AGHT+IGkbEAndNScZYt90YhDe1oSnHSXux+cblJaeCvqGUHycTJKE0zSM1Pe2Ra+A4qhaC+4Z0ew0g== X-Received: by 2002:ac8:5a10:0:b0:4af:233c:4c07 with SMTP id d75a77b69052e-4b11d14c156mr161493501cf.5.1755464895697; Sun, 17 Aug 2025 14:08:15 -0700 (PDT) Received: from ghidorah.spiteful.org (107-179-213-3.cpe.teksavvy.com. [107.179.213.3]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-4b11dddb0f4sm42215661cf.38.2025.08.17.14.08.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 17 Aug 2025 14:08:15 -0700 (PDT) From: Scott Murray To: yocto-patches@lists.yoctoproject.org Cc: marta.rybczynska@ygreky.com Subject: [meta-security][walnascar][PATCH 6/7] parsec-service: update PACKAGECONFIG options as lists of cargo build features Date: Sun, 17 Aug 2025 17:07:58 -0400 Message-ID: <0b63683ef297356ea16f3a1a632b69e08c1d00e4.1755464538.git.scott.murray@konsulko.com> X-Mailer: git-send-email 2.50.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 17 Aug 2025 21:08:23 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/2029 From: Anton Antonov After commit 7a2b9acef2 "cargo: pass PACKAGECONFIG_CONFARGS to cargo build" we don't need to include Parsec cargo build features into CARGO_BUILD_FLAGS. Let's update PACKAGECONFIG options as lists of features. A small fix in readme.md as well. Signed-off-by: Anton Antonov Signed-off-by: Scott Murray --- meta-parsec/README.md | 4 ++-- .../parsec-service/parsec-service_1.4.1.bb | 15 ++++++--------- 2 files changed, 8 insertions(+), 11 deletions(-) diff --git a/meta-parsec/README.md b/meta-parsec/README.md index 785c932..90decaf 100644 --- a/meta-parsec/README.md +++ b/meta-parsec/README.md @@ -112,7 +112,7 @@ You might need to change permissions or add the account into `kvm` unix group. - Add into your `local.conf`: ``` -INHERIT += "testimage" +IMAGE_CLASSES += "testimage" TEST_SUITES = "ping ssh parsec" ``` - Build your image @@ -129,7 +129,7 @@ bitbake -c testimage - Add into your `local.conf`: ``` DISTRO_FEATURES += " tpm2" -INHERIT += "testimage" +IMAGE_CLASSES += "testimage" TEST_SUITES = "ping ssh parsec" ``` - Build security-parsec-image image diff --git a/meta-parsec/recipes-parsec/parsec-service/parsec-service_1.4.1.bb b/meta-parsec/recipes-parsec/parsec-service/parsec-service_1.4.1.bb index 49467cd..baa02fb 100644 --- a/meta-parsec/recipes-parsec/parsec-service/parsec-service_1.4.1.bb +++ b/meta-parsec/recipes-parsec/parsec-service/parsec-service_1.4.1.bb @@ -21,15 +21,12 @@ PACKAGECONFIG ??= "PKCS11 MBED-CRYPTO" have_TPM = "${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', 'TPM', '', d)}" PACKAGECONFIG:append = " ${@bb.utils.contains('BBFILE_COLLECTIONS', 'tpm-layer', '${have_TPM}', '', d)}" -PACKAGECONFIG[ALL] = "all-providers cryptoki/generate-bindings tss-esapi/generate-bindings,,tpm2-tss libts,tpm2-tss libtss2-tcti-device libts" -PACKAGECONFIG[TPM] = "tpm-provider tss-esapi/generate-bindings,,tpm2-tss,tpm2-tss libtss2-tcti-device" -PACKAGECONFIG[PKCS11] = "pkcs11-provider cryptoki/generate-bindings," -PACKAGECONFIG[MBED-CRYPTO] = "mbed-crypto-provider," -PACKAGECONFIG[CRYPTOAUTHLIB] = "cryptoauthlib-provider," -PACKAGECONFIG[TS] = "trusted-service-provider,,libts,libts" - -PARSEC_FEATURES = "${@d.getVar('PACKAGECONFIG_CONFARGS').strip().replace(' ', ',')}" -CARGO_BUILD_FLAGS += " --features ${PARSEC_FEATURES}" +PACKAGECONFIG[ALL] = "-F all-providers -F cryptoki/generate-bindings -F tss-esapi/generate-bindings,,tpm2-tss libts,tpm2-tss libtss2-tcti-device libts" +PACKAGECONFIG[TPM] = "-F tpm-provider -F tss-esapi/generate-bindings,,tpm2-tss,tpm2-tss libtss2-tcti-device" +PACKAGECONFIG[PKCS11] = "-F pkcs11-provider -F cryptoki/generate-bindings," +PACKAGECONFIG[MBED-CRYPTO] = "-F mbed-crypto-provider," +PACKAGECONFIG[CRYPTOAUTHLIB] = "-F cryptoauthlib-provider," +PACKAGECONFIG[TS] = "-F trusted-service-provider,,libts,libts" export BINDGEN_EXTRA_CLANG_ARGS target = "${@d.getVar('TARGET_SYS').replace('-', ' ')}" From patchwork Sun Aug 17 21:07:59 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Scott Murray X-Patchwork-Id: 68700 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0AC0BCA0EE9 for ; Sun, 17 Aug 2025 21:08:23 +0000 (UTC) Received: from mail-qt1-f171.google.com (mail-qt1-f171.google.com [209.85.160.171]) by mx.groups.io with SMTP id smtpd.web10.61168.1755464897787711952 for ; Sun, 17 Aug 2025 14:08:17 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@konsulko.com header.s=google header.b=bIvjZn+p; spf=pass (domain: konsulko.com, ip: 209.85.160.171, mailfrom: scott.murray@konsulko.com) Received: by mail-qt1-f171.google.com with SMTP id d75a77b69052e-4b134f1c451so9075821cf.1 for ; Sun, 17 Aug 2025 14:08:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=konsulko.com; s=google; t=1755464897; x=1756069697; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=qfnthYqZEY2DIETGId2O4rHHoXv7nshbPXG1qEXTrd4=; b=bIvjZn+pP5oS1gx4l3vdZuH1eNR4EL7aMYpnfeoKduwvlUC58MzfC0k3wd5p60NY0s TDFqbmj2WFxpUSQv3nmpQ13PXDbiNk/TeiP3sw/Yw/jPC23Gne9AJwbZVJsacvcw3U+7 EwyvEb+PezEUS7xKwwV8GqMSvSuTdVt4SdFDE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1755464897; x=1756069697; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=qfnthYqZEY2DIETGId2O4rHHoXv7nshbPXG1qEXTrd4=; b=wI21uc7/kNezcSOk8tflRcFX6VLbVWCq9UrWjrLStwL5G3MnsF8YQ1CwHBs1QX29sL vLCGI7yQK75kKvqAE19e5CljX59Zzx/xghWo2nDTp8LHDXJsObuWXZTkLuWhOqfnW8+6 rM2z86hGPb4EVnPY6i0Dc2fey3pb4a2DPCRgfJj5FDzDrYWtxTkDQv1zS1yatN377OIw 5eHXmfKJIHH0YrGxYf5mocrHTkc3c6vrSVc0bqHPPKql130fmy6CKm5cVKTJxftnz28m D7C1VmWjDoJaKxr+a7IptT1VIulV/Mpmm3eZnqXYhi67U2KGgS8JLf4bARdl13GxKgAR sF6Q== X-Gm-Message-State: AOJu0Yw7glKxqqYIUnSACWgmdxWpE7tq9uROc/TIAU5dI4UeMH9CnPBx l6MTSygpkkS2Qx/hTqeDxhTDhCuT7W4EAUQHy8PSlmFj6RTLhVbiH7TOQh15xX7tOYJJyqAlbZx PGwGj X-Gm-Gg: ASbGncvtrI9UxuZQRLjAM6EIOIH7L013vrV2XLcXXFOjJ77qscSl0Hmz/0wcq5c9vj1 NEt+LBWy787WeJNlHB8sOGKkGPx/pTJ6zDx7xBQAJSDEwhiyF5kZECrKn3ZNH8ZMlOffpN6+AGJ GXgC+Q3g3IiAGPFKZBymJsCxe0DFLVJcpn7arguJ+6Yj65kiXqmry7QAgaVERSNAztzmWQ0fS4c QPmqTRyNCcl11iUBa65iMBkgYmPe310FmQ4lEjJSQ7Q+UDEnm89rUqRyyBLBFkLeRBgUGxKK6xL 4uRpN36M4htxAZyPcFHI4aJ0VXmGYLN+yOdMem/APhQ/Mj8rtWImM68bst1x0O7HwNkVBq5L6GO lNsEtOmzLNc3OSVMlkmO68CJ8bEmIx5ispXrlzkQuYWO5ya/HjmNKhWhywq0OUhe6WW8MTvRshw == X-Google-Smtp-Source: AGHT+IG3uRid+nlptQ+CtHDSNe2nS2wWZ/H3WgMr+LHTGxf2mLTMyL8oi2cJe1X9KHIE/b6QPydqgA== X-Received: by 2002:ac8:59d6:0:b0:4b0:61aa:e38a with SMTP id d75a77b69052e-4b12a5cc8cbmr91781681cf.12.1755464896641; Sun, 17 Aug 2025 14:08:16 -0700 (PDT) Received: from ghidorah.spiteful.org (107-179-213-3.cpe.teksavvy.com. [107.179.213.3]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-4b11dddb0f4sm42215661cf.38.2025.08.17.14.08.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 17 Aug 2025 14:08:16 -0700 (PDT) From: Scott Murray To: yocto-patches@lists.yoctoproject.org Cc: marta.rybczynska@ygreky.com Subject: [meta-security][walnascar][PATCH 7/7] scap-security-guide: upgrade 0.1.76 -> 0.1.77 Date: Sun, 17 Aug 2025 17:07:59 -0400 Message-ID: <1f7eeb8e84811fa79b98f236ade42dc52d44cfc6.1755464538.git.scott.murray@konsulko.com> X-Mailer: git-send-email 2.50.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 17 Aug 2025 21:08:23 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/2030 Update to latest version to pick up fixes required for building with CMake 4.0. ChangeLog: https://github.com/ComplianceAsCode/content/releases/tag/v0.1.77 Signed-off-by: Scott Murray --- ...p-security-guide_0.1.76.bb => scap-security-guide_0.1.77.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename recipes-compliance/scap-security-guide/{scap-security-guide_0.1.76.bb => scap-security-guide_0.1.77.bb} (98%) diff --git a/recipes-compliance/scap-security-guide/scap-security-guide_0.1.76.bb b/recipes-compliance/scap-security-guide/scap-security-guide_0.1.77.bb similarity index 98% rename from recipes-compliance/scap-security-guide/scap-security-guide_0.1.76.bb rename to recipes-compliance/scap-security-guide/scap-security-guide_0.1.77.bb index 8615f97..4da6c66 100644 --- a/recipes-compliance/scap-security-guide/scap-security-guide_0.1.76.bb +++ b/recipes-compliance/scap-security-guide/scap-security-guide_0.1.77.bb @@ -6,7 +6,7 @@ HOME_URL = "https://www.open-scap.org/security-policies/scap-security-guide/" LIC_FILES_CHKSUM = "file://LICENSE;md5=9bfa86579213cb4c6adaffface6b2820" LICENSE = "BSD-3-Clause" -SRCREV = "616d4363527acb61c6494a97f3ceb47ec90f65fd" +SRCREV = "c1e1ba121d32b3c319b0e25ee2993b62386e5857" SRC_URI = "git://github.com/ComplianceAsCode/content.git;nobranch=1;protocol=https \ file://run_eval.sh \ file://run-ptest \