| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Rename meta-security dbus bbappend for new 1.2.16 version, and disable
the Cynara support patches until they can be updated by José Bollo.
Bug-AGL: SPEC-2932
Change-Id: Ia2211ad8147381898e47392fe857278189b670d3
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
|
Rename systemd bbappend to work with newer 243.2 version in oe-core.
A wildcard is now used to reduce the need to rename the bbappend on
future upgrades, as the additions it makes have not changed recently.
Bug-AGL: SPEC-2932
Change-Id: Ie6413710e861b8dbf082bcae3d7592f1009927d5
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
|
Shift from the permission database cynara
to cynagora permission database with a compatibility
library.
The cache size required by dbus-cynara is updated
because that size is now a count of bytes, not a count
of entries.
Bug-AGL: SPEC-2844
Change-Id: I9a81de6e3b8bcb94adc0bb05c63183c2eda3f310
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
|
|
- avoid build cycle dependency in yocto zeus
Bug-AGL: SPEC-2932
Change-Id: Icfcc59d873cb75213a50547f5b7d70888dbe41bc
Signed-off-by: Ronan Le Martret <ronan.lemartret@iot.bzh>
|
|
All media mountpoints should have the System::Shared label
to avoid access denials on multimedia items.
Bug-AGL: SPEC-2774
Change-Id: Ib9bb1b26a1950cacd5e1f384cbe19d4a4a6373d9
Signed-off-by: Matt Ranostay <matt.ranostay@konsulko.com>
|
|
Sometime, at start of the system, dbus-daemon was crashing
because a pending authorisation were reactivating a closed
connection.
Also, clean unused function and improve compatibilty to newer gcc.
Bug-AGL: SPEC-2752
Change-Id: I0ad32e93bd0de099a304e37d0c91c56915fb731c
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
|
|
Simplifies the way of building dbus-cynara by removing
the specific recipes in favour of a recipe for dbus that
handles the class-target build feature.
It requires to remove fake dependencies of cynara.
This is a suggestion of Tom Rini.
Bug-AGL: SPEC-1839
Change-Id: Id7a736eb4b73cdb679fa9dde30e9ad8e56c2894e
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
|
|
Migration to yocto/oe/thud implied the shift
to dbus-1.12.10. This fixes some upgrading
concern.
Bug-AGL: SPEC-1837
Change-Id: Iaa9c1493e2fbc2a014aae1315e4e4a31891178cb
Signed-off-by: Jose Bollo <jose.bollo@iot.bzh>
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
|
|
Changes include:
- Add LAYERSERIES_COMPAT definitions to layer.conf files
- Remove now unnecessary SECURITY_*FLAGS over-rides from distro
configuration
- Set intel-corei7-64 preferred kernel version to 4.19 to match
latest linux-intel kernel available in meta-intel
- Update qemuarm preferred kernel version to 4.18 to match latest
linux-yocto
- Update firmware package and devicetree file names for raspberrypi3
- Remove linux-firmware bbappend specific to raspberrypi, it seems no
longer required and breaks the cross SDK build
- Update linux-intel bbappend to 4.19, remove now unnecessary patch
- Remove now unnecessary lttng-modules backport
- Update linux-raspberrypi bbappend to 4.14 kernel
- Added kernel configuration fragment for raspberrypi to disable
Kprobes. This is required until linux-raspberrypi is updated to
greater than 4.14.104 to avoid a build failure in lttng-modules
related to a check for known breakage in the kernel CONFIG_OPTPROBES
code.
- Replace obsolete base_conditional usage with oe.utils.conditional
- Add gstreamer1.0-plugins-bad bbappend for raspberrypi3 to disable
faad PACKAGECONFIG to avoid commercial license issues
- Remove unused and unbuildable Vayu gstreamer recipes
- Update linux-ti-staging bbappend for new BSP kernel
- Regen dcan2_pinmux_enable.patch for linux-ti-staging to remove fuzz
warning, and remove upstreamed fix_dcan_addresses.patch
- Remove ipumm-fw from meta-agl-bsp/meta-ti, as newer version is
available in the upstream BSP
- Update meta-agl-bsp/meta-ti weston patch to apply against 5.0.0
- Update meta-agl-bsp/meta-ti wayland-ivi-extension patch to apply
against 2.2.0
- Add ti-sgx-ddk-km patch to add AGL toolchain configuration file
- Remove now unnecessary fdtoverlay recipe
- Update core.cfg and ivishell.cfg in weston-ini-conf recipe to handle
move of ivi-controller.so configuration in Weston 5.0.0
- Update connman-ncurses patch to remove fuzz warning
- Add installation of systemd over-ride file for run-postinsts.service
in run-postinsts bbappend to workaround race condition between
ldconfig.service and the /sbin/ldconfig invocations in the
post-install scripts run by run-postinsts.service. The observed
failure was cynara's post-install script failing and its database
not being created.
- Remove now unnecessary valgrind backport
- Add patches to fix most driver compilation against newer kernels
- Update libmicrohttpd bbappend
- Remove libssp-dev from agl-image-graphical-qt5-crosssdk and
agl-demo-platform-html5-crosssdk, upstream have removed it from
non-mingw32 platform SDKs
- Update wayland-ivi-extension recipe to build 2.2.0, and update
local patches
- Update weston patches for 5.0.0. Patches:
0016-ivi-shell_add_screen_remove_layer_api.patch
0017-ivi-shell-register-ivi_layout_interface.patch
have been removed as they have been applied upstream and are no longer
necessary. Patches:
0018-compositor-add-output-type-to-weston_output.patch
0019-compositor-drm-introduce-drm_get_dmafd_from_view.patch
(both related to Waltham) have been disabled for now as they need
significant rework.
- Remove weston-conf RRECOMMENDS in weston bbappend to avoid conflict
with weston-ini-conf
- Add OECMAKE_GENERATOR = "Unix Makefiles" to aglwgt.bbclass to work
around CMake+ninja issue in cmake-apps-module
- Update dbus cynara patches for 1.12.10
- Add do_install_append in cynara recipe to remove /var/cynara from
cynara package so the directory creation and labelling in the
post-install scriptlet will function as intended
- Remove now unnecessary e2fsprogs backport
- Remove now unnecessary libcap-ng backport
- Update pulseaudio patches to remove fuzz warnings
- Update neardal patch to remove fuzz warning
- Update freetype patch to remove fuzz warning
- Rename opencv bbappend to 3.% to handle 3.x backports in upstream
- Updated qtwayland patch to remove fuzz warning
Changes from Stephane Desneux <stephane.desneux@iot.bzh>:
- Remove wayland-ivi-extension PREFERRED_VERSION
- Remove now unnecessary nativesdk-cmake patch
- Remove now unnecessary ptest-runner patches
- Remove now unnecessary harfbuzz patches
- Disable waltham-transmitter as it does not build against weston 5.0.0
- Update af-main, cynara, and security-manager to use pkg_postinst_ontarget
- Bump connman-ncurses revision to avoid deprecated ncurses functions
- Update libva package usage with new intel-vaapi-driver name
- Add patches to security-manager to fix compilation with gcc8
- Updated systemd bbappend
Changes from Jan-Simon Möller <jsmoeller@linuxfoundation.org>:
- Remove meta-agl-bsp/ROCKO.FIXMEs
- Remove linux-yocto_4.12.bbappend and now unnecessary associated
patch
- Remove now unneeded kern-tools-native patch
- Bump gstreamer PREFERRED_VERSIONs to 1.14.x
- Remove latencytop from packagegroup-agl-core-devel, it has been
dropped by upstream
- Remove now unnecessary rpm patches
- Update pulseaudio bbappend to 12.2
- Update opencv bbappend to 3.4
- Update freetype bbappend to 2.9.1
- Update dbus bbappend to 1.12.10
- Update weston bbappend to 5.0.0
- Update cynara patches to remove fuzz warnings
- Add patch to cynara to fix compilation with gcc8
- Add xmlsec1 bbappend to clear EXTRA_OECONF to fix compilation on
sumo or newer
Changes from Ronan Le Martet <ronan.lemartet@iot.bzh>:
- Update meta-rcar-gen3-adas layer gstreamer1.0-plugin-vspfilter
bbappend to version 1.0.1
Known issues (marked with FIXME):
- CMake+ninja issue in cmake-apps-module has been worked around with
OECMAKE_GENERATOR
- waltham-transmitter and the patches to weston related to it have been
disabled
- Currently unclear if patch to libcap-native is actually required or
not
Bug-AGL: SPEC-1837
Change-Id: I7b8b9ef667aec2d229952eace6663dfc761654d0
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
|
Add rules to correctly tag devices with *.
The most general rule is that devices should be
protected using DAC rules (user and group).
Bug-AGL: SPEC-2006
Change-Id: Ie18f79353f8f7645c2b615a359c65ec3a6984958
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
|
|
The recipe for systemd that belongs to meta-security
was carrying lot of history for probably no purpose.
If history is needed, curious people can still refer to
https://github.com/intel/meta-intel-iot-security
Change-Id: I8762da7feb2084de2a97025498eb47ef815c7954
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
|
|
This changes introduces the new recipe
meta-security/recipes-core/smack-system-setup/smack-system-setup_1.bb
The purpose is to split the recipe of systemd in two
parts:
- A part specific to systemd and only systemd
It actually includes Smack patches for systemd
and a renaming of udev-rules.
- A part more oriented on putting the system in
order to run with Smack activated.
At the end, it will probably save many rebuilds as
systemd recipe will evolve less in relation with the
setup of the system.
As example, the udev rule file "55-udev-smack-default.rules"
that setup udev rules specific to smack is no more brought
by systemd but by smack-system-setup.
Also at the same time, some cleanup and refactoring is
done. Note that the ".bbappend" file for systemd is
now fixed in version and is including a common file file
that records the several known versions. No cleanup was
made on the versioned patch for the sake of memory.
The cleanup of the history is to be achieved later...
Bug-AGL: SPEC-2045
Change-Id: Iacf772142a381729dfdbe98d133a3effc4d6cf68
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
|
|
dbus-cynara is a separate package of dbus because it
allows to break the dependency loop dbus -> cynara -> ... -> dbus
coming from the fact that many many usefull things depend
on dbus: documentation generators, test handlers, ...
In other words, dbus-cynara is the same as dbus. As such, it
uses the subpackage dbus-lib (known as libdbus). This has to
be set as a RDEPENDS, otherwise bitbake complains:
QA Issue: dbus-cynara rdepends on dbus-lib, but it isn't a builds
dependency, missing dbus in DEPENDS or PACKAGECONFIG?
Change-Id: I72472dc9e6e8f21d0aabc9a1186f1cb7d8343445
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
|
|
The dependency loop appeared when compiling
with DISTRO_FEATURE ptest.
To avoid it, I restore the logic implemented before in
meta-intel-iot-security. I also remove unless files.
Bug-AGL: SPEC-1334
Change-Id: Ibe8b9359a65fec034df2534c5fceb4769e63aa99
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
|
|
The main patches from dbus to make it cynara aware are
cherry-picked on top of the dbus 1.10.20 that is the
upstream version for rocko.
Change-Id: Ib7b07f335543cb56c4c96ef8f55305e61bc69b5c
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
|
|
smack user space library is provided by meta-security
Change-Id: Ifb5e88e5f5a1aab3e695ab91a56d8c55c33fd004
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
|
|
Adds the recipes of the sub layers
- meta-security-framework
- meta-security-smack
Change-Id: I618608008a3b3d1d34adb6e38048110f13ac0643
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
|
Scott Murray
José Bollo
Ronan Le Martret
Matt Ranostay