summaryrefslogtreecommitdiffstats
path: root/meta-app-framework/recipes-security
AgeCommit message (Collapse)AuthorFilesLines
2021-11-20Convert to new override syntaxScott Murray6-33/+33
This is effectively a manual cherry-pick and squash of commits: dd6fc5dcaa0a027b7651bb365d5dd0f623498f8f 917a82316bf53ead29d6345a39189d9e4efeef25 20e81c0a9d36660de671dd5ac2e006e31c0e621b from the master branch with additional review and fixups. The intent of these changes is to minimize the effort to backport fixes from the master branch, which has been updated in preparation for the switch to the next Yocto LTS release in early 2022. Bug-AGL: SPEC-4144 Signed-off-by: Scott Murray <scott.murray@konsulko.com> Change-Id: I91c1640c6335d7748a2531d2fe8bf86d2d2aee32 Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/26876 Tested-by: Jenkins Job builder account ci-image-build: Jenkins Job builder account ci-image-boot-test: Jenkins Job builder account Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
2021-11-04Update github.com git:// SRC_URIsScott Murray2-2/+2
GitHub is dropping unauthenticated git protocol access in January 2022, per: https://github.blog/2021-09-01-improving-git-protocol-security-github/#no-more-unauthenticated-git While a workaround in the BitBake git fetcher is forthcoming, not specifying protocol=https for github.com git:// SRC_URIs will start resulting in warnings in Yocto 3.5/Kirkstone. To ease our upgrade path, go ahead and update our affected SRC_URIs. Note that this has been done by running the scripts/contrib/convert-srcuri.py script from latest poky, which also makes git branch specification explicit since the git fetcher is likely to require that in the future due to widespread switches from master to main branches. Bug-AGL: SPEC-4126 Signed-off-by: Scott Murray <scott.murray@konsulko.com> Change-Id: I1b5003a79de5283f88bb51f2decadbabeaff8ed5 Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/26779 Tested-by: Jenkins Job builder account ci-image-build: Jenkins Job builder account ci-image-boot-test: Jenkins Job builder account Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org> (cherry picked from commit abc4742a714cfc60a868c0912432a6f59fd41b77) Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/26800
2020-12-17SPEC-3723: restructure meta-aglJan-Simon Moeller32-4/+1830
Goal is to reach a minimal meta-agl-core as base for IVI and IC work at the same time. Trim dependencies and move most 'demo' related recipes to meta-agl-demo. v2: changed to bbapend + .inc , added description v3: testbuild of all images v4: restore -test packagegroup and -qa images, compare manifests and adapt packagegroups. v5: rebased v6: merged meta-agl-distro into meta-agl-core, due to dependency on meta-oe, moved -test packagegroup and -qa images to own layer meta-agl-core-test v7: Fixed comments from Paul Barker v8: Update the markdown files v9: restore wayland/weston/agl-compositor recipes/appends, reworked to move app f/w specific changes to bbappends in meta-app-framework and only demo specific weston-init changes to meta-agl-demo v10: fix s/agldemo/aglcore/ missed in weston-init.bbappend Description: This patch is part 1 out of 2 large patches that implement the layer rework discussed during the previous workshop. Essentially meta-agl-core is the small but versatile new core layer of AGL serving as basis for the work done by the IC and IVI EGs. All demo related work is moved to meta-agl-demo in the 2nd patchset. This should be applied together as atomic change. The resulting meta-agl/* follows these guidelines: - only bsp adaptations in meta-agl-bsp - remove the agl-profile-* layers for simplicity -- the packagegroup-agl(-profile)-graphical and so on have been kept in meta-agl-demo - meta-agl-profile-core is now meta-agl-core - meta-agl-core does pass yocto-check-layer -- therefore use the bbappend + conditional + .inc file construct found in meta-virtualization - meta-agl/meta-security has been merged into meta-agl/meta-app-framework - meta-netboot does pass yocto-check-layer - meta-pipewire does pass yocto-check-layer Migration: All packagegroups are preserved but they're now enabled by 'agl-demo'. Bug-AGL: SPEC-3723 Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org> Signed-off-by: Scott Murray <scott.murray@konsulko.com> Change-Id: Ia6c6e5e6ce2b4ffa69ea94959cdc57c310ba7c53 Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/25769
2020-01-22meta-security meta-app-framework: handle xmlsec1 upgradeScott Murray1-2/+2
Remove now unneeded meta-security xmlsec1 bbappend, and update the bbappend in meta-app-framework to work with the new xmlsec1 1.2.28 recipe in oe-core. Bug-AGL: SPEC-2932 Change-Id: If57b7c9fa2a4d2b8f9470dd67e95b4579d1210c7 Signed-off-by: Scott Murray <scott.murray@konsulko.com>
2019-12-03security-manager: Improve integrationJosé Bollo1-2/+0
This fixes some issues encountered by the current integration of the security-manager: - its recipes is spread in too much directories (see SPEC-2092) - its initialization should be checked (see SPEC-2091) - the location of the database has to be changed (see SPEC-1717 that provided a workaround) All in one, I decided to create that ticket that summarize the work that can be quickly achieved to answer all this issues that are tightly coupled. Bug-AGL: SPEC-2972 Bug-AGL: SPEC-2092 Bug-AGL: SPEC-2091 Bug-AGL: SPEC-1717 Change-Id: I7af941c25cfa1624d76c2e8f512f6535918912f0 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2018-04-04dbus-cynara: Avoid dependency loopJosé Bollo1-38/+0
The dependency loop appeared when compiling with DISTRO_FEATURE ptest. To avoid it, I restore the logic implemented before in meta-intel-iot-security. I also remove unless files. Bug-AGL: SPEC-1334 Change-Id: Ibe8b9359a65fec034df2534c5fceb4769e63aa99 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2018-02-16Move xmlsec1 folder in meta-app-frameworkJan-Simon Möller1-0/+4
The upstream location of xmlsec1 changed from recipes-support/xmlsec1 to recipes-security/xmlsec1 Also we need to add 2 more dependencies added. Bug-AGL: SPEC-1297 Change-Id: Iba96bbb8a63ea9c9b8240f1a72e6e3423178e05c Signed-off-by: Jan-Simon Möller <jsmoeller@linuxfoundation.org>
2018-02-14Merge remote-tracking branch 'agl/sandbox/ronan/rocko' into HEADJan-Simon Möller1-44/+0
* agl/sandbox/ronan/rocko: (58 commits) Update ulcb conf file Remove unsed gstreamer backport [GEN3] add preferred version on omx package run-(agl-)postinst: Emit progress to console meta-security: Remove unused content Upgrade wayland-ivi-extension Revert "Fix kernel gcc7 issue" remove backport commit Revert "Fix CVE-2017-1000364 by backporting the patches for gen3" Remove fix for optee-os Remove gcc 6 fix Update rcar gen3 kernel bbappend version Update rcar gen3 driver Remove porter machine dbus-cynara: Upgrade to 1.10.20 xmlsec1: switch to meta-security version systemd: earlier smack label switch cynara: upgrade to 0.14.10 Remove smack recipe Integrate parts of meta-intel-iot-security ... Bug-AGL: SPEC-1181 Signed-off-by: Jan-Simon Möller <jsmoeller@linuxfoundation.org> Conflicts: meta-app-framework/recipes-security/cynara/cynara_git.bbappend Change-Id: I9875fcb31e960038ce6c23165c99b52a3bd1a1c0
2018-02-13cynara: upgrade to 0.14.10José Bollo2-82/+0
Change-Id: I33caaa8a435e0b36afff43c4199428ae9336d612 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2018-02-13cynara: Fix build error that causes gcc v7.0Changhyeok Bae2-0/+43
- gcc v7 requires include <functional> for std::function. - gcc v7 recognize implicit-fallthrough. Bug-AGL: SPEC-1181 Change-Id: I40b35ef54d3a1e567330102e9e7cbe6882728b95 Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com>
2018-01-23cynara: Fix build error that causes gcc v7.0Changhyeok Bae2-0/+43
- gcc v7 requires include <functional> for std::function. - gcc v7 recognize implicit-fallthrough. Bug-AGL: SPEC-1181 Change-Id: I40b35ef54d3a1e567330102e9e7cbe6882728b95 Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com>
2017-09-08Upgrade to pyroChanghyeok Bae2-0/+41
u-boot: v2017.01 dlt-daemon: Remove gzipnative inheritance - gzipnative.bbclass is removed in pyro branch. - See ab0f46400c113c0d893be872727a67739d5e794d in poky. gpm: Remove bbappend file - upstream(meta-openembedded) is using git(v1.99.7) and this is not required anymore. gnutls: Remove bbappend file - The patch is already applied in upstream. agl-image-minimal: Remove ROOTFS_PKGMANAGE_BOOTSTRAP - ROOTFS_PKGMANAGE_BOOTSTRAP is removed in upstream. - Please see 529244ee212fe14019e35a5f163fab705ddbf141 in poky. freetype: Change hash value for v2.7.1 binary shadow: Remove shadow_%.bbappend - It's already applied upstream poky. Remove nativesdk-packagegroup-sdk-host.bbappend - It's already applied in upstream poky. faac: Remove bbappend file - It's already applied meta-openembedded upstream. pulseaudio: Change bbappend naming - Upstream yocto provides pulseaudio v10.0. weston: re-create patch to apply new version (v2.0.0) - Remove 0001-compositor-drm.c-Launch-without-input-devices.patch because it's already applied in new version. mesa: Remove 12.0.3 recipe and fix build error for qemux86-64 - Yocto upstream supports 17.0.2 and v12.0.3 is not required anymore in raspberrypi - Error: | configure: error: --enable-gallium-llvm selected but llvm-config is not found wayland-ivi-extension: Upgrade to latest master version - Due to weston upgrade, wayland-ivi-extension should be upgraded. packagegroup-ivi-common-core-multimedia: Remove alsa-lib - alsa-lib has empty package and it's not required anymore. Add agl-driver and agl-passenger in group and passwd - Parsing Error: agl-users: groupname agl-passenger does not have a static ID defined. poky-agl.conf: Change gstreamer default version to v1.10.x - Yocto upstream moves gstreamer to v1.10.4. af-main: Fix build error - Error: file /usr/local conflicts between attempted installs of af-main-1.0-r0.corei7_64 and base-files-3.0.14-r89.qemux86_64 intel-corei7-64: Change gstreamer-vaapi-1.0 name - gstreamer-vaapi-1.0 is moved to oe-core and its name is changed to gstreamer1.0-vaapi. linux-raspberrypi: Drop 4.4 bbappend - The upstream meta-raspberrypi doesn't support v4.4 anymore. - CVE patches are not required anymore. glibc: Remove bbappend - The bug-20116 is already applied in 2.25 cynara,security-manager: Fix build error - cynara: Replace bb.data to d - security-manager: Temporarily use 'no' in APPLY variable u-boot-ota: Add SRC_URI - In pyro, SRC_URI and S is moved from .inc to .bb linux-yocto: Remove 4.8 and 4.4 bbappend - Yocto 2.3 (Pyro) doesn't support v4.8 kernel anymore. - CVE patches in meta-agl-bsp are already applied in Yocto 2.3. tcf-agent: Remove bbappend file - This change is merged to upstream poky (pyro) bluez5: Remove recipe and add .bbappend - Yocto 2.3 (Pyro) already has same version. - bluetooth.conf file is added in .bbappend python-pycrypto: Remove recipe - meta-openembedded (Pyro) already has same version. meta-agl-bsp/classes/image.bbclass: Arrange for pyro - image.bbclass is taken from poky/meta/classes/image.bbclass and only changed IMAGE_TYPE_vm variable. libsoup: Fix native build error temporarily v2 (jsmoeller): meta-agl-bsp/meta-ti: - workaround patches in meta-ti/recipes-arago/gstreamer/gstreamer1.0-plugins-bad_%.bbappend - fix old python code in meta-ti/recipes-arago/ipumm-fw/ipumm-fw_3.00.13.00.bb - workaround patches in meta-ti/recipes-arago/weston/weston_%.bbappend - make specific to dra7xx-evm: -- meta-ti/recipes-bsp/alsa-state/alsa-state.bbappend -- meta-ti/recipes-bsp/u-boot/u-boot-ti-staging_%.bbappend -- rename meta-ti/recipes-multimedia/pulseaudio/pulseaudio/dra7xx-evm-set-default-sink-source.patch -- rename meta-ti/recipes-multimedia/pulseaudio/pulseaudio_%.bbappend TODO/FIXME's in: - meta-agl-bsp/meta-ti/recipes-arago/gstreamer/gstreamer1.0-plugins-bad_%.bbappend - meta-agl-bsp/meta-ti/recipes-arago/weston/weston_%.bbappend - meta-agl-bsp/meta-ti/recipes-multimedia/pulseaudio/pulseaudio_%.bbappend - meta-ti/recipes-bsp/u-boot/u-boot-ti-staging_%.bbappend Bug-AGL: SPEC-646 Change-Id: I4162ae887d3334e9102575e3724483aa25f4bd9c Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com> Signed-off-by: Jan-Simon Möller <jsmoeller@linuxfoundation.org> Reviewed-on: https://gerrit.automotivelinux.org/gerrit/10457