aboutsummaryrefslogtreecommitdiffstats
path: root/meta-security
AgeCommit message (Collapse)AuthorFilesLines
2018-12-18connman+bluez5: Update rights for smack systemsJosé Bollo4-18/+26
Reading the file /etc/resolv.conf that is linked to /run/connman/resolv.conf is not possible for common users. This changes add the setting of the directory /run/connman that allows common applications to read that file. To achieves this goal, that changes use the intended tuning mechanism of systemd instead of using sed. This is cleaner. Thus this as been adapted for bluez5 too. Bug-AGL: SPEC-2006 Change-Id: I3d2a708be2a5c62664bfcf90757e9e5c080d6179 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2018-12-18smack-system-setup: Update udev rulesJosé Bollo1-0/+4
Add rules to correctly tag devices with *. The most general rule is that devices should be protected using DAC rules (user and group). Bug-AGL: SPEC-2006 Change-Id: Ie18f79353f8f7645c2b615a359c65ec3a6984958 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2018-12-14systemd: Cleanup of recipe of meta-securityJosé Bollo12-1012/+9
The recipe for systemd that belongs to meta-security was carrying lot of history for probably no purpose. If history is needed, curious people can still refer to https://github.com/intel/meta-intel-iot-security Change-Id: I8762da7feb2084de2a97025498eb47ef815c7954 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2018-12-14systemd: Refactor build using smack-system-setupJosé Bollo8-69/+144
This changes introduces the new recipe meta-security/recipes-core/smack-system-setup/smack-system-setup_1.bb The purpose is to split the recipe of systemd in two parts: - A part specific to systemd and only systemd It actually includes Smack patches for systemd and a renaming of udev-rules. - A part more oriented on putting the system in order to run with Smack activated. At the end, it will probably save many rebuilds as systemd recipe will evolve less in relation with the setup of the system. As example, the udev rule file "55-udev-smack-default.rules" that setup udev rules specific to smack is no more brought by systemd but by smack-system-setup. Also at the same time, some cleanup and refactoring is done. Note that the ".bbappend" file for systemd is now fixed in version and is including a common file file that records the several known versions. No cleanup was made on the versioned patch for the sake of memory. The cleanup of the history is to be achieved later... Bug-AGL: SPEC-2045 Change-Id: Iacf772142a381729dfdbe98d133a3effc4d6cf68 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2018-09-28Move security manager database under /var/localAnton Gerasimov1-1/+1
It is critical for agl-sota feature Bug-AGL: SPEC-1717 Change-Id: Ia4060721e3a092d13934d3af575199e67e356e71 Signed-off-by: Anton Gerasimov <anton.gerasimov@here.com>
2018-05-313rd part of the layer/profile rework [1/2]Jan-Simon Möller1-3/+3
This is the last larger commit in this series and deals with the graphical part. We introduce the graphical profiles: - meta-agl-profile-graphical -- meta-agl-profile-graphical-html5 -- meta-agl-profile-graphical-qt5 Notable changes: - weston-ini-conf moved to the meta-agl-bsp layer. Most BSPs have bbappends, so we need to have the recipes present (but unused) even in the console images. - new image: agl-image-boot = terminal-only + network + package-manaager. Ready for using package-feeds - new image/sdk: agl-image-minimal-crosssdk - agl-service-mediaplayer has a dependency on weston, thus it cannot be in the 'core'. Moved it to profile-graphical. - The wayland-ivi-extension moved to the agl-demo-platform. - The app-framework layer included and pulled 'web-runtime' as dependency. This broke console-only images. This has been moved to be in meta-agl-demo only for now. - added and massaged the agl-features. - found and added a useful script 'oe-depends-dot' that helps to work with the dot files (produced with bitbake -g) Todo: - we'll need another pass through the packagegroups. The dependencies for the layers/profiles are now sorted-out but we might have to add/shuffle a few packages. For further details, see meta-agl/docs/profiles.md. v2: fix meta-agl/meta-security/conf/layer.conf - the immediate expansion previously used in there caused some recipes not being added to BBFILES. v3: fix packagegroup renaming (packagegroup-agl-devel -> packagegroup-agl-core-devel) v4: fix missing packagegroup inclusion (tnx Jose, Scott, Stephane) v5: fix missing packagegroup inclusion v6: explicitely put profile-graphical-qt5 on-top of profile-graphical v7: re-add 'procps' when agl-devel feature is on Bug-AGL: SPEC-145 Change-Id: I24cdcd1118932758d0c55d333338238f2a770877 Signed-off-by: Jan-Simon Möller <jsmoeller@linuxfoundation.org>
2018-04-06dbus-cynara: Fix a missing RDEPENDSJosé Bollo1-0/+2
dbus-cynara is a separate package of dbus because it allows to break the dependency loop dbus -> cynara -> ... -> dbus coming from the fact that many many usefull things depend on dbus: documentation generators, test handlers, ... In other words, dbus-cynara is the same as dbus. As such, it uses the subpackage dbus-lib (known as libdbus). This has to be set as a RDEPENDS, otherwise bitbake complains: QA Issue: dbus-cynara rdepends on dbus-lib, but it isn't a builds dependency, missing dbus in DEPENDS or PACKAGECONFIG? Change-Id: I72472dc9e6e8f21d0aabc9a1186f1cb7d8343445 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2018-04-05Merge "dbus-cynara: Avoid dependency loop"Jan-Simon Moeller17-6279/+75
2018-04-04dbus-cynara: Avoid dependency loopJosé Bollo17-6279/+75
The dependency loop appeared when compiling with DISTRO_FEATURE ptest. To avoid it, I restore the logic implemented before in meta-intel-iot-security. I also remove unless files. Bug-AGL: SPEC-1334 Change-Id: Ibe8b9359a65fec034df2534c5fceb4769e63aa99 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2018-04-04Adapt repository priorities in preparation of the profilesJan-Simon Möller1-1/+1
The profiles need a clear priorization of the layers. Especially the core layers need a high prio in this context. Apply a prio of 70 to core/essential layers and of 60 to BSP, netboot and smack. Change-Id: I24a59daadab4c98ffbcb799cc784e84e87ac7d23 Signed-off-by: Jan-Simon Möller <jsmoeller@linuxfoundation.org>
2018-04-01Remove upstreamed patch for typo in verify3Jan-Simon Möller2-14/+0
Upstream recipe has fix included. Change-Id: Ice5b699c9fbd25ec9b1dceb0bdac8f669cec9b0f Signed-off-by: Jan-Simon Möller <jsmoeller@linuxfoundation.org>
2018-03-27xmlsec1: Fix compilation issue in examplesJosé Bollo2-0/+14
When the feature agl-ptest is selected, it leads to a compilation error due to an unexpected character in the file examples/verify3.c. Bug-AGL: SPEC-1353 Change-Id: Idcda2eed181636a9229b4a666a1ef31eddc6309c Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2018-02-13meta-security: Remove unused contentJosé Bollo24-1953/+0
This unused content can be devided in two parts: - setting and feature in bitbake classes - tests None are actually used by AGL. Even if this content can be later included in distribution, I prefer to remove it now. Change-Id: I4e6a8ac6326986a5652a7c47614dcaa3db8cabb6 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2018-02-13dbus-cynara: Upgrade to 1.10.20José Bollo18-255/+5794
The main patches from dbus to make it cynara aware are cherry-picked on top of the dbus 1.10.20 that is the upstream version for rocko. Change-Id: Ib7b07f335543cb56c4c96ef8f55305e61bc69b5c Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2018-02-13cynara: upgrade to 0.14.10José Bollo10-225/+462
Change-Id: I33caaa8a435e0b36afff43c4199428ae9336d612 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2018-02-13Remove smack recipeJosé Bollo5-33/+6
smack user space library is provided by meta-security Change-Id: Ifb5e88e5f5a1aab3e695ab91a56d8c55c33fd004 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2018-02-13Integrate parts of meta-intel-iot-securityJosé Bollo112-0/+15442
Adds the recipes of the sub layers - meta-security-framework - meta-security-smack Change-Id: I618608008a3b3d1d34adb6e38048110f13ac0643 Signed-off-by: José Bollo <jose.bollo@iot.bzh>