Age | Commit message (Collapse) | Author | Files | Lines |
|
This fixes some issues encountered by the current
integration of the security-manager:
- its recipes is spread in too much directories (see SPEC-2092)
- its initialization should be checked (see SPEC-2091)
- the location of the database has to be changed
(see SPEC-1717 that provided a workaround)
All in one, I decided to create that ticket that summarize
the work that can be quickly achieved to answer all this
issues that are tightly coupled.
Bug-AGL: SPEC-2972
Bug-AGL: SPEC-2092
Bug-AGL: SPEC-2091
Bug-AGL: SPEC-1717
Change-Id: I7af941c25cfa1624d76c2e8f512f6535918912f0
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
|
|
It is critical for agl-sota feature
Bug-AGL: SPEC-1717
Change-Id: Ia4060721e3a092d13934d3af575199e67e356e71
Signed-off-by: Anton Gerasimov <anton.gerasimov@here.com>
|
|
smack user space library is provided by meta-security
Change-Id: Ifb5e88e5f5a1aab3e695ab91a56d8c55c33fd004
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
|
|
Using the OVERRIDE "smack" came with the use of
the layer meta-intel-iot-security.
When switching to meta-security, it conflicts with the
package name 'smack' that provide the smack user library.
Yocto was reporting the following error:
ERROR: .../meta-security/recipes-security/smack/smack_1.3.0.bb:
QA Issue: Recipe .../meta-security/recipes-security/smack/smack_1.3.0.bb
has PN of "smack" which is in OVERRIDES, this can result
in unexpected behaviour. [pn-overrides]
Change-Id: Id71b283bf1ce5682bd94bf96595eb32506acb1d5
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
|
|
gcc v7 requires include <functional> for std::function.
Bug-AGL: SPEC-1181
Change-Id: Id5deb6f5ea5c2c82ae4a26889f209e1d7619000e
Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com>
|
|
* Since yocto pyro we need to declare PACKAGE_WRITE_DEPS, dependency
for post install script
http://www.yoctoproject.org/docs/2.3/mega-manual/mega-manual.html#var-PACKAGE_WRITE_DEPS
* we alsa need to explicit exit 1 if post script failed
Bug-AGL: SPEC-646
Bug-AGL: SPEC-825
Change-Id: Ic15f8af884895fecacceb9886de5bebe591a2be0
Signed-off-by: Ronan Le Martret <ronan.lemartret@iot.bzh>
Reviewed-on: https://gerrit.automotivelinux.org/gerrit/10883
Reviewed-by: Stéphane Desneux <stephane.desneux@iot.bzh>
Reviewed-by: Thomas Rini <trini@konsulko.com>
Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
Tested-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
|
|
The global user name is 'afm'
AGL-Bug: SPEC-617
Change-Id: I8b129afb333fdf0e90fde5e364ce6b56ceb5d712
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Reviewed-on: https://gerrit.automotivelinux.org/gerrit/9503
Reviewed-by: Scott Murray <scott.murray@konsulko.com>
Tested-by: Jenkins Job builder account <agl-jobbuilder@automotivelinux.org>
ci-image-build: Jenkins Job builder account <agl-jobbuilder@automotivelinux.org>
Reviewed-by: Matt Porter <mporter@konsulko.com>
Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
|
|
Systemd was complaining that the service files were
executable. This patch removes that issue.
Change-Id: I77183bb142956fec84b3ca727f7084e8f652c292
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Signed-off-by: Stephane Desneux <stephane.desneux@iot.bzh>
|
|
Change-Id: Iea4f0ba83e1d93ea2e7cc5950dced714b65dd251
Signed-off-by: Ronan <ronan.lemartret@iot.bzh>
Signed-off-by: Stephane Desneux <stephane.desneux@iot.bzh>
|
|
Latest change for compatibility with OSTree introduced this bug, fix.
Change-Id: Ib9c7fe624fbbd722abe07ca08ff56f4334dbf13e
Signed-off-by: Anton Gerasimov <anton@advancedtelematic.com>
Signed-off-by: Stephane Desneux <stephane.desneux@iot.bzh>
|
|
The purpose of these changes is to make OSTree and AppFw update domains
compatible with each other. Some intergation code is also needed to deploy
initial data to writable area (see SPEC-359 in Jira).
Bug-AGL: SPEC-359
Change-Id: Iccba1e9916c569167df2922ad5e2d90cc33f06fe
Signed-off-by: Anton Gerasimov <anton@advancedtelematic.com>
Signed-off-by: Stephane Desneux <stephane.desneux@iot.bzh>
|
|
Since introduction of ambient capabilities,
systemd deprecated the use of Capabilities.
With systemd 229 activated with krogoth,
the use of Capabilities does nothing.
This commits avoids to use SecureBits and Capabilities.
It now relies on the fact that post installations are
setting the capabilities to the file:
- setcap cap_mac_override,cap_dac_override=ep afm-system-daemon
- setcap cap_mac_override,cap_mac_admin,cap_setgid=ep afm-user-daemon
Using p (permitted) instead of i (inherited) that was
previously used.
It also includes evolutions of the security model to be synchronized
with the deletion of 'User'. The recommended version to use now
is the commit 20bbb97f6d5400b126ae96ef446c3e60c7e16285.
Change-Id: Id24ce7c7651e2fdf8d66b6e8286268e7d88508a0
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Signed-off-by: Stephane Desneux <stephane.desneux@iot.bzh>
|