summaryrefslogtreecommitdiffstats
path: root/meta-app-framework/recipes-security/security-manager
AgeCommit message (Collapse)AuthorFilesLines
2021-11-04Prepare master for new framework integrationJan-Simon Moeller19-1218/+0
During the last workshop the transition to the new framework was presented. This change essentially deprecates the SMACK-based application framework. To prepare the integration of it, we remove the deprecated components: - meta-agl-core: remove Smack kernel patches - meta-app-framework - meta-pipewire/dynamic-layers/meta-app-framework/ v2: rebased Bug-AGL: SPEC-4121 Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org> Change-Id: Icdaeadfb5d2193f3a4c535168c88da6073423e67 Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/26752
2021-11-03Update github.com git:// SRC_URIsmarlin_12.90.1marlin/12.90.112.90.1Scott Murray1-1/+1
GitHub is dropping unauthenticated git protocol access in January 2022, per: https://github.blog/2021-09-01-improving-git-protocol-security-github/#no-more-unauthenticated-git While a workaround in the BitBake git fetcher is forthcoming, not specifying protocol=https for github.com git:// SRC_URIs will start resulting in warnings in Yocto 3.5/Kirkstone. To ease our upgrade path, go ahead and update our affected SRC_URIs. Note that this has been done by running the scripts/contrib/convert-srcuri.py script from latest poky, which also makes git branch specification explicit since the git fetcher is likely to require that in the future due to widespread switches from master to main branches. Bug-AGL: SPEC-4126 Signed-off-by: Scott Murray <scott.murray@konsulko.com> Change-Id: I1b5003a79de5283f88bb51f2decadbabeaff8ed5 Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/26779 Tested-by: Jenkins Job builder account ci-image-build: Jenkins Job builder account ci-image-boot-test: Jenkins Job builder account Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
2021-08-23Convert to new override syntaxScott Murray2-9/+9
This is mostly the result of running a slightly customized version of the convert-overrides.py script from poky with additional overrides added. A few minor fixups were done by hand afterwards during a review of the changes. The intent of these changes is to minimize the effort to keep the "next" branch that builds against poky master up to date and tested in preparation for the switch to the next Yocto LTS release in early 2022. Bug-AGL: SPEC-4052 Signed-off-by: Scott Murray <scott.murray@konsulko.com> Change-Id: Ia3bf63b7cb1aa1d95ada373d1a3ab56def0a125d Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/26564 Tested-by: Jenkins Job builder account ci-image-build: Jenkins Job builder account ci-image-boot-test: Jenkins Job builder account Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
2020-12-17SPEC-3723: restructure meta-aglJan-Simon Moeller19-0/+1218
Goal is to reach a minimal meta-agl-core as base for IVI and IC work at the same time. Trim dependencies and move most 'demo' related recipes to meta-agl-demo. v2: changed to bbapend + .inc , added description v3: testbuild of all images v4: restore -test packagegroup and -qa images, compare manifests and adapt packagegroups. v5: rebased v6: merged meta-agl-distro into meta-agl-core, due to dependency on meta-oe, moved -test packagegroup and -qa images to own layer meta-agl-core-test v7: Fixed comments from Paul Barker v8: Update the markdown files v9: restore wayland/weston/agl-compositor recipes/appends, reworked to move app f/w specific changes to bbappends in meta-app-framework and only demo specific weston-init changes to meta-agl-demo v10: fix s/agldemo/aglcore/ missed in weston-init.bbappend Description: This patch is part 1 out of 2 large patches that implement the layer rework discussed during the previous workshop. Essentially meta-agl-core is the small but versatile new core layer of AGL serving as basis for the work done by the IC and IVI EGs. All demo related work is moved to meta-agl-demo in the 2nd patchset. This should be applied together as atomic change. The resulting meta-agl/* follows these guidelines: - only bsp adaptations in meta-agl-bsp - remove the agl-profile-* layers for simplicity -- the packagegroup-agl(-profile)-graphical and so on have been kept in meta-agl-demo - meta-agl-profile-core is now meta-agl-core - meta-agl-core does pass yocto-check-layer -- therefore use the bbappend + conditional + .inc file construct found in meta-virtualization - meta-agl/meta-security has been merged into meta-agl/meta-app-framework - meta-netboot does pass yocto-check-layer - meta-pipewire does pass yocto-check-layer Migration: All packagegroups are preserved but they're now enabled by 'agl-demo'. Bug-AGL: SPEC-3723 Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org> Signed-off-by: Scott Murray <scott.murray@konsulko.com> Change-Id: Ia6c6e5e6ce2b4ffa69ea94959cdc57c310ba7c53 Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/25769
2019-12-03security-manager: Improve integrationJosé Bollo1-2/+0
This fixes some issues encountered by the current integration of the security-manager: - its recipes is spread in too much directories (see SPEC-2092) - its initialization should be checked (see SPEC-2091) - the location of the database has to be changed (see SPEC-1717 that provided a workaround) All in one, I decided to create that ticket that summarize the work that can be quickly achieved to answer all this issues that are tightly coupled. Bug-AGL: SPEC-2972 Bug-AGL: SPEC-2092 Bug-AGL: SPEC-2091 Bug-AGL: SPEC-1717 Change-Id: I7af941c25cfa1624d76c2e8f512f6535918912f0 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2017-09-08Upgrade to pyroChanghyeok Bae1-0/+2
u-boot: v2017.01 dlt-daemon: Remove gzipnative inheritance - gzipnative.bbclass is removed in pyro branch. - See ab0f46400c113c0d893be872727a67739d5e794d in poky. gpm: Remove bbappend file - upstream(meta-openembedded) is using git(v1.99.7) and this is not required anymore. gnutls: Remove bbappend file - The patch is already applied in upstream. agl-image-minimal: Remove ROOTFS_PKGMANAGE_BOOTSTRAP - ROOTFS_PKGMANAGE_BOOTSTRAP is removed in upstream. - Please see 529244ee212fe14019e35a5f163fab705ddbf141 in poky. freetype: Change hash value for v2.7.1 binary shadow: Remove shadow_%.bbappend - It's already applied upstream poky. Remove nativesdk-packagegroup-sdk-host.bbappend - It's already applied in upstream poky. faac: Remove bbappend file - It's already applied meta-openembedded upstream. pulseaudio: Change bbappend naming - Upstream yocto provides pulseaudio v10.0. weston: re-create patch to apply new version (v2.0.0) - Remove 0001-compositor-drm.c-Launch-without-input-devices.patch because it's already applied in new version. mesa: Remove 12.0.3 recipe and fix build error for qemux86-64 - Yocto upstream supports 17.0.2 and v12.0.3 is not required anymore in raspberrypi - Error: | configure: error: --enable-gallium-llvm selected but llvm-config is not found wayland-ivi-extension: Upgrade to latest master version - Due to weston upgrade, wayland-ivi-extension should be upgraded. packagegroup-ivi-common-core-multimedia: Remove alsa-lib - alsa-lib has empty package and it's not required anymore. Add agl-driver and agl-passenger in group and passwd - Parsing Error: agl-users: groupname agl-passenger does not have a static ID defined. poky-agl.conf: Change gstreamer default version to v1.10.x - Yocto upstream moves gstreamer to v1.10.4. af-main: Fix build error - Error: file /usr/local conflicts between attempted installs of af-main-1.0-r0.corei7_64 and base-files-3.0.14-r89.qemux86_64 intel-corei7-64: Change gstreamer-vaapi-1.0 name - gstreamer-vaapi-1.0 is moved to oe-core and its name is changed to gstreamer1.0-vaapi. linux-raspberrypi: Drop 4.4 bbappend - The upstream meta-raspberrypi doesn't support v4.4 anymore. - CVE patches are not required anymore. glibc: Remove bbappend - The bug-20116 is already applied in 2.25 cynara,security-manager: Fix build error - cynara: Replace bb.data to d - security-manager: Temporarily use 'no' in APPLY variable u-boot-ota: Add SRC_URI - In pyro, SRC_URI and S is moved from .inc to .bb linux-yocto: Remove 4.8 and 4.4 bbappend - Yocto 2.3 (Pyro) doesn't support v4.8 kernel anymore. - CVE patches in meta-agl-bsp are already applied in Yocto 2.3. tcf-agent: Remove bbappend file - This change is merged to upstream poky (pyro) bluez5: Remove recipe and add .bbappend - Yocto 2.3 (Pyro) already has same version. - bluetooth.conf file is added in .bbappend python-pycrypto: Remove recipe - meta-openembedded (Pyro) already has same version. meta-agl-bsp/classes/image.bbclass: Arrange for pyro - image.bbclass is taken from poky/meta/classes/image.bbclass and only changed IMAGE_TYPE_vm variable. libsoup: Fix native build error temporarily v2 (jsmoeller): meta-agl-bsp/meta-ti: - workaround patches in meta-ti/recipes-arago/gstreamer/gstreamer1.0-plugins-bad_%.bbappend - fix old python code in meta-ti/recipes-arago/ipumm-fw/ipumm-fw_3.00.13.00.bb - workaround patches in meta-ti/recipes-arago/weston/weston_%.bbappend - make specific to dra7xx-evm: -- meta-ti/recipes-bsp/alsa-state/alsa-state.bbappend -- meta-ti/recipes-bsp/u-boot/u-boot-ti-staging_%.bbappend -- rename meta-ti/recipes-multimedia/pulseaudio/pulseaudio/dra7xx-evm-set-default-sink-source.patch -- rename meta-ti/recipes-multimedia/pulseaudio/pulseaudio_%.bbappend TODO/FIXME's in: - meta-agl-bsp/meta-ti/recipes-arago/gstreamer/gstreamer1.0-plugins-bad_%.bbappend - meta-agl-bsp/meta-ti/recipes-arago/weston/weston_%.bbappend - meta-agl-bsp/meta-ti/recipes-multimedia/pulseaudio/pulseaudio_%.bbappend - meta-ti/recipes-bsp/u-boot/u-boot-ti-staging_%.bbappend Bug-AGL: SPEC-646 Change-Id: I4162ae887d3334e9102575e3724483aa25f4bd9c Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com> Signed-off-by: Jan-Simon Möller <jsmoeller@linuxfoundation.org> Reviewed-on: https://gerrit.automotivelinux.org/gerrit/10457