From patchwork Tue Jun 13 19:12:41 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: akuster808 X-Patchwork-Id: 25524 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A1096EB64D0 for ; Tue, 13 Jun 2023 19:12:51 +0000 (UTC) Received: from mail-yw1-f173.google.com (mail-yw1-f173.google.com [209.85.128.173]) by mx.groups.io with SMTP id smtpd.web10.33.1686683569462617836 for ; Tue, 13 Jun 2023 12:12:49 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="signature has expired" header.i=@gmail.com header.s=20221208 header.b=fP+1ySxw; spf=pass (domain: gmail.com, ip: 209.85.128.173, mailfrom: akuster808@gmail.com) Received: by mail-yw1-f173.google.com with SMTP id 00721157ae682-56d378b75f0so27194627b3.1 for ; Tue, 13 Jun 2023 12:12:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1686683568; x=1689275568; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=O+piQ0MWP7dMckedPZi0squmZmVmVW2yzu7A0EojQ6k=; b=fP+1ySxw278OEqD/O5e5H1xApZJZxe0hC6Q4INiuXmoWincxrptpu/nhdj7nAownX4 wdV1o3DLh/eW9Jr0ehjvhVZNJTBYkpp0K7zoPNdbhjHzDmq54ltC1aYJU1YsJOXLXI2w tjb/QU0cowm3R+L6zy85dxOmBlNZ3I9HJ/Qe8nJXMQyQG+0sn3bGoQBgPTRwgd5ebJms tiA6AKETJ/RANDG7vgEkt9l/2x9jWciknhsjCpekINM4MxhQKtuDLBA2YYyQEAehveRB Ta7n1cMHmwMLSNfMwMgK2V41dRGmiSSgfqHKR+/llDwktJPW/vUz822Aw8KzTrjCVcUa vfGg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686683568; x=1689275568; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=O+piQ0MWP7dMckedPZi0squmZmVmVW2yzu7A0EojQ6k=; b=iSk+cgrx5wqXLYGGIZU2nwr92TdTyQblOHaZVLkA1YnENKEep8dLE1fpPDJXZwGz2y oQGZas5rdWd8E4yD1nPY3rSTpqse00Ik9o7AFiIR2V3dA6/if67XtGlS37vhfple9+/v AvMPLfzCPHjLi4x/0X/xR0GV7kbwJEe3c32sCbZmUTnKhydLHoJj/w1nO8wNetW3Ejnp RmPgqyU1k5Pr1EPam7zWRhOZllFLbCf41mTsoxR85GenPs+Ap5t/NX3SqW/IEywDuXkg CiuTsQl008Qs9fFLuo7fYacZgXODAs1UBF63Q0r7MJ4F0U7LsIsw5MGz2XlGJYXALVcO q4tw== X-Gm-Message-State: AC+VfDyAkk0OMKIdZDmKkA8FKGGW4VEeJvdkk6PTQjXmOcm0NGWAHe9P po/offWZ69XrruGT3rDky89yG9o5zPA= X-Google-Smtp-Source: ACHHUZ7to4litYwC1T8KtSpIAsDvQ1cvnecusAvysXi3mQZmcgSTLrzHhAcutOLCQiTcROm9HBrgUg== X-Received: by 2002:a81:8343:0:b0:56c:fbb4:7d46 with SMTP id t64-20020a818343000000b0056cfbb47d46mr2997490ywf.28.1686683568135; Tue, 13 Jun 2023 12:12:48 -0700 (PDT) Received: from keaua.caveonetworks.com ([2600:1700:9190:ba10:be62:56a:860e:4129]) by smtp.gmail.com with ESMTPSA id q133-20020a815c8b000000b005569567aac1sm1971786ywb.106.2023.06.13.12.12.47 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Jun 2023 12:12:47 -0700 (PDT) From: Armin Kuster To: yocto@lists.yoctoproject.org Subject: [meta-security][PATCH 1/7] openscap-daemon: This is now obsolete Date: Tue, 13 Jun 2023 15:12:41 -0400 Message-Id: <20230613191247.18732-1-akuster808@gmail.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 13 Jun 2023 19:12:51 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto/message/60274 drop pkg Signed-off-by: Armin Kuster --- ...le-and-variables-to-get-rid-of-async.patch | 130 ------------------ .../openscap-daemon/openscap-daemon_0.1.10.bb | 23 ---- 2 files changed, 153 deletions(-) delete mode 100644 meta-security-compliance/recipes-openscap/openscap-daemon/files/0001-Renamed-module-and-variables-to-get-rid-of-async.patch delete mode 100644 meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb diff --git a/meta-security-compliance/recipes-openscap/openscap-daemon/files/0001-Renamed-module-and-variables-to-get-rid-of-async.patch b/meta-security-compliance/recipes-openscap/openscap-daemon/files/0001-Renamed-module-and-variables-to-get-rid-of-async.patch deleted file mode 100644 index 2a518bf..0000000 --- a/meta-security-compliance/recipes-openscap/openscap-daemon/files/0001-Renamed-module-and-variables-to-get-rid-of-async.patch +++ /dev/null @@ -1,130 +0,0 @@ -From c34349720a57997d30946286756e2ba9dbab6ace Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= -Date: Mon, 2 Jul 2018 11:21:19 +0200 -Subject: [PATCH] Renamed module and variables to get rid of async. - -async is a reserved word in Python 3.7. - -Upstream-Status: Backport -[https://github.com/OpenSCAP/openscap-daemon/commit/c34349720a57997d30946286756e2ba9dbab6ace] - -Signed-off-by: Yi Zhao ---- - openscap_daemon/{async.py => async_tools.py} | 0 - openscap_daemon/dbus_daemon.py | 2 +- - openscap_daemon/system.py | 16 ++++++++-------- - tests/unit/test_basic_update.py | 3 ++- - 4 files changed, 11 insertions(+), 10 deletions(-) - rename openscap_daemon/{async.py => async_tools.py} (100%) - -diff --git a/openscap_daemon/async.py b/openscap_daemon/async_tools.py -similarity index 100% -rename from openscap_daemon/async.py -rename to openscap_daemon/async_tools.py -diff --git a/openscap_daemon/dbus_daemon.py b/openscap_daemon/dbus_daemon.py -index e6eadf9..cb6a8b6 100644 ---- a/openscap_daemon/dbus_daemon.py -+++ b/openscap_daemon/dbus_daemon.py -@@ -81,7 +81,7 @@ class OpenSCAPDaemonDbus(dbus.service.Object): - @dbus.service.method(dbus_interface=dbus_utils.DBUS_INTERFACE, - in_signature="", out_signature="a(xsi)") - def GetAsyncActionsStatus(self): -- return self.system.async.get_status() -+ return self.system.async_manager.get_status() - - @dbus.service.method(dbus_interface=dbus_utils.DBUS_INTERFACE, - in_signature="s", out_signature="(sssn)") -diff --git a/openscap_daemon/system.py b/openscap_daemon/system.py -index 2012f6e..85c2680 100644 ---- a/openscap_daemon/system.py -+++ b/openscap_daemon/system.py -@@ -26,7 +26,7 @@ import logging - from openscap_daemon.task import Task - from openscap_daemon.config import Configuration - from openscap_daemon import oscap_helpers --from openscap_daemon import async -+from openscap_daemon import async_tools - - - class ResultsNotAvailable(Exception): -@@ -40,7 +40,7 @@ TASK_ACTION_PRIORITY = 10 - - class System(object): - def __init__(self, config_file): -- self.async = async.AsyncManager() -+ self.async_manager = async_tools.AsyncManager() - - logging.info("Loading configuration from '%s'.", config_file) - self.config = Configuration() -@@ -90,7 +90,7 @@ class System(object): - input_file, tailoring_file, None - ) - -- class AsyncEvaluateSpecAction(async.AsyncAction): -+ class AsyncEvaluateSpecAction(async_tools.AsyncAction): - def __init__(self, system, spec): - super(System.AsyncEvaluateSpecAction, self).__init__() - -@@ -113,7 +113,7 @@ class System(object): - return "Evaluate Spec '%s'" % (self.spec) - - def evaluate_spec_async(self, spec): -- return self.async.enqueue( -+ return self.async_manager.enqueue( - System.AsyncEvaluateSpecAction( - self, - spec -@@ -488,7 +488,7 @@ class System(object): - - return ret - -- class AsyncUpdateTaskAction(async.AsyncAction): -+ class AsyncUpdateTaskAction(async_tools.AsyncAction): - def __init__(self, system, task_id, reference_datetime): - super(System.AsyncUpdateTaskAction, self).__init__() - -@@ -536,7 +536,7 @@ class System(object): - - if task.should_be_updated(reference_datetime): - self.tasks_scheduled.add(task.id_) -- self.async.enqueue( -+ self.async_manager.enqueue( - System.AsyncUpdateTaskAction( - self, - task.id_, -@@ -662,7 +662,7 @@ class System(object): - fix_type - ) - -- class AsyncEvaluateCVEScannerWorkerAction(async.AsyncAction): -+ class AsyncEvaluateCVEScannerWorkerAction(async_tools.AsyncAction): - def __init__(self, system, worker): - super(System.AsyncEvaluateCVEScannerWorkerAction, self).__init__() - -@@ -680,7 +680,7 @@ class System(object): - return "Evaluate CVE Scanner Worker '%s'" % (self.worker) - - def evaluate_cve_scanner_worker_async(self, worker): -- return self.async.enqueue( -+ return self.async_manager.enqueue( - System.AsyncEvaluateCVEScannerWorkerAction( - self, - worker -diff --git a/tests/unit/test_basic_update.py b/tests/unit/test_basic_update.py -index 6f683e6..7f953f7 100755 ---- a/tests/unit/test_basic_update.py -+++ b/tests/unit/test_basic_update.py -@@ -37,8 +37,9 @@ class BasicUpdateTest(unit_test_harness.APITest): - print(self.system.tasks) - self.system.schedule_tasks() - -- while len(self.system.async.actions) > 0: -+ while len(self.system.async_manager.actions) > 0: - time.sleep(1) - -+ - if __name__ == "__main__": - BasicUpdateTest.run() --- -2.7.4 - diff --git a/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb b/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb deleted file mode 100644 index 9659323..0000000 --- a/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright (C) 2017 Armin Kuster -# Released under the MIT license (see COPYING.MIT for the terms) - -SUMARRY = "The OpenSCAP Daemon is a service that runs in the background." -HOME_URL = "https://www.open-scap.org/tools/openscap-daemon/" -LIC_FILES_CHKSUM = "file://LICENSE;md5=40d2542b8c43a3ec2b7f5da31a697b88" -LICENSE = "LGPL-2.1-only" - -DEPENDS = "python3-dbus" - -SRCREV = "f25b16afb6ac761fea13132ff406fba4cdfd2b76" -SRC_URI = "git://github.com/OpenSCAP/openscap-daemon.git;branch=master;protocol=https \ - file://0001-Renamed-module-and-variables-to-get-rid-of-async.patch \ - " - -inherit python_setuptools_build_meta - -S = "${WORKDIR}/git" - -RDEPENDS:${PN} = "openscap scap-security-guide \ - python3-core python3-dbus \ - python3-pygobject \ - " From patchwork Tue Jun 13 19:12:42 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: akuster808 X-Patchwork-Id: 25523 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A2261EB64DA for ; Tue, 13 Jun 2023 19:12:51 +0000 (UTC) Received: from mail-yw1-f182.google.com (mail-yw1-f182.google.com [209.85.128.182]) by mx.groups.io with SMTP id smtpd.web11.27.1686683570080910140 for ; Tue, 13 Jun 2023 12:12:50 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="signature has expired" header.i=@gmail.com header.s=20221208 header.b=bME7sx58; spf=pass (domain: gmail.com, ip: 209.85.128.182, mailfrom: akuster808@gmail.com) Received: by mail-yw1-f182.google.com with SMTP id 00721157ae682-56d2b7a9465so30338897b3.3 for ; Tue, 13 Jun 2023 12:12:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1686683569; x=1689275569; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=6ATTYX2bhgWd81ogSRMokaXfOYbI957M/fYByUmaCM8=; b=bME7sx58otD6dg4SpahHTCO75BQluZsxR6ryBdvvA/l3rlrxR9ciYatAP4lddZkcLk YjTiieCXwGn7z+xPD+JOmkw6BVMsBzFbNXVTKC7rDoAjoZpg+y+6oi4jQhhuZEDZ+eka CDMbMmyhzD7rYlZMcUQK6zmAKq/DogWipOawk1PQJc2mWE+fCOkuLtf24PllM8Nh/bPQ tkHeinVytYOLDBTEqntRA+Mg4T3bdZ3425x3BTQwxx/MD7B3nfxWkRnEA/UscIXlHXmR OwOvehpNGkp59D7RRZLA0XPUcUGOq/FUslmJjE3FgOI6TUQEoTxt62pLobLJs9pKxVgK N0PQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686683569; x=1689275569; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6ATTYX2bhgWd81ogSRMokaXfOYbI957M/fYByUmaCM8=; b=cO75J/vxX+eCvz4LF8iktLn/C/Tu117OKcGxaWDf4GVixX6RHt9yEVDavE0225eL/t vBc7bq95cX9CkbdnufEf4qgMnVYuZTZzFYXBZ45IreY4SIFNyEoiBVy34KWQV8HWBbPa 2F2GWVLBmdOXcfssW3KgXb/Dw8wJlBjDfvRskRmjBBlR8FgPCJmeBz+B+hhKwLwn3R0m lBPuCthSVAVkG4qi0T2HQEIB0rwr9pH0vfM6ZxxTMP1QafC/1yqYDF4ZJ64fF1UjqN68 k8QYV6NL/tEwySmA7zv6AO6yBOqPqRxVBY9BCIufmLrdBhvmldifuYwdkKTOUW+2XMBq 0UAA== X-Gm-Message-State: AC+VfDxFHDgASUvzyGc1MOPmrI6HDhpgQsbUy76XQr2rP3TJjo2oJJvF FiEixpwPiw7PYK4p8mHj90dq5ihn0bQ= X-Google-Smtp-Source: ACHHUZ6agzLpLp+Rqo6hVFl5FfvoW2Tz2Q61qNZIy4itfaq9AoQOJoI+CKIFRyRkDR8YvKRhAcvSgA== X-Received: by 2002:a81:8506:0:b0:561:d21d:8ce3 with SMTP id v6-20020a818506000000b00561d21d8ce3mr3085905ywf.3.1686683568673; Tue, 13 Jun 2023 12:12:48 -0700 (PDT) Received: from keaua.caveonetworks.com ([2600:1700:9190:ba10:be62:56a:860e:4129]) by smtp.gmail.com with ESMTPSA id q133-20020a815c8b000000b005569567aac1sm1971786ywb.106.2023.06.13.12.12.48 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Jun 2023 12:12:48 -0700 (PDT) From: Armin Kuster To: yocto@lists.yoctoproject.org Subject: [meta-security][PATCH 2/7] oe-scap: Not maintained nor upstreamed Date: Tue, 13 Jun 2023 15:12:42 -0400 Message-Id: <20230613191247.18732-2-akuster808@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230613191247.18732-1-akuster808@gmail.com> References: <20230613191247.18732-1-akuster808@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 13 Jun 2023 19:12:51 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto/message/60275 drop Signed-off-by: Armin Kuster --- .../files/OpenEmbedded_nodistro_0.xccdf.xml | 14 ---- .../oe-scap/files/OpenEmbedded_nodistro_0.xml | 83 ------------------- .../oe-scap/files/oval-to-xccdf.xslt | 72 ---------------- .../recipes-openscap/oe-scap/files/run_cve.sh | 7 -- .../oe-scap/files/run_test.sh | 5 -- .../recipes-openscap/oe-scap/oe-scap_1.0.bb | 33 -------- 6 files changed, 214 deletions(-) delete mode 100644 meta-security-compliance/recipes-openscap/oe-scap/files/OpenEmbedded_nodistro_0.xccdf.xml delete mode 100644 meta-security-compliance/recipes-openscap/oe-scap/files/OpenEmbedded_nodistro_0.xml delete mode 100644 meta-security-compliance/recipes-openscap/oe-scap/files/oval-to-xccdf.xslt delete mode 100644 meta-security-compliance/recipes-openscap/oe-scap/files/run_cve.sh delete mode 100644 meta-security-compliance/recipes-openscap/oe-scap/files/run_test.sh delete mode 100644 meta-security-compliance/recipes-openscap/oe-scap/oe-scap_1.0.bb diff --git a/meta-security-compliance/recipes-openscap/oe-scap/files/OpenEmbedded_nodistro_0.xccdf.xml b/meta-security-compliance/recipes-openscap/oe-scap/files/OpenEmbedded_nodistro_0.xccdf.xml deleted file mode 100644 index d3b2c9a..0000000 --- a/meta-security-compliance/recipes-openscap/oe-scap/files/OpenEmbedded_nodistro_0.xccdf.xml +++ /dev/null @@ -1,14 +0,0 @@ - - - incomplete - Automatically generated XCCDF from OVAL file: OpenEmbedded_nodistro_0.xml - This file has been generated automatically from oval definitions file. - None, generated from OVAL file. - - CPE-2017:1365: nss security and bug fix update (Important) - CVE-2017-7502 - - - - - diff --git a/meta-security-compliance/recipes-openscap/oe-scap/files/OpenEmbedded_nodistro_0.xml b/meta-security-compliance/recipes-openscap/oe-scap/files/OpenEmbedded_nodistro_0.xml deleted file mode 100644 index a9bf2a0..0000000 --- a/meta-security-compliance/recipes-openscap/oe-scap/files/OpenEmbedded_nodistro_0.xml +++ /dev/null @@ -1,83 +0,0 @@ - - - - OpenEmbedded Errata Test System - 5.10.1 - 2017-06-07T04:05:05 - - - - - - CPE-2017:1365: nss security and bug fix update (Important) - - OpenEmbedded Nodistro - - - - Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. - -Security Fix(es): - -* A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a server application compiled against the NSS library. (CVE-2017-7502) - -Bug Fix(es): - -* The Network Security Services (NSS) code and Certificate Authority (CA) list have been updated to meet the recommendations as published with the latest Mozilla Firefox Extended Support Release (ESR). The updated CA list improves compatibility with the certificates that are used in the Internet Public Key Infrastructure (PKI). To avoid certificate validation refusals, Red Hat recommends installing the updated CA list on June 12, 2017. (BZ#1451421) - - - - - Important - NA - - - CVE-2017-7502 - CVE-2017-7502 nss: Null pointer dereference when handling empty SSLv2 messages - - cpe:/o:openembedded:nodistro:0 - - - - - - - - - - - - - - - - - - - - - - - - - - - - nss - - - openembedded-release - - - - - - - ^1[^\d] - - - 0:3.31.4-r0 - - - - diff --git a/meta-security-compliance/recipes-openscap/oe-scap/files/oval-to-xccdf.xslt b/meta-security-compliance/recipes-openscap/oe-scap/files/oval-to-xccdf.xslt deleted file mode 100644 index 2243ac4..0000000 --- a/meta-security-compliance/recipes-openscap/oe-scap/files/oval-to-xccdf.xslt +++ /dev/null @@ -1,72 +0,0 @@ - - - - - - - - incomplete - - Automatically generated XCCDF from OVAL file: - - - This file has been generated automatically from oval definitions file. - - - - - None, generated from OVAL file. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/meta-security-compliance/recipes-openscap/oe-scap/files/run_cve.sh b/meta-security-compliance/recipes-openscap/oe-scap/files/run_cve.sh deleted file mode 100644 index 48a7485..0000000 --- a/meta-security-compliance/recipes-openscap/oe-scap/files/run_cve.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -oscap oval eval \ ---report oval.html \ ---verbose-log-file filedevel.log \ ---verbose DEVEL \ -/usr/share/xml/scap/ssg/content/ssg-openembedded-ds.xml diff --git a/meta-security-compliance/recipes-openscap/oe-scap/files/run_test.sh b/meta-security-compliance/recipes-openscap/oe-scap/files/run_test.sh deleted file mode 100644 index 70cd82c..0000000 --- a/meta-security-compliance/recipes-openscap/oe-scap/files/run_test.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - -#oscap oval eval --result-file ./myresults.xml ./OpenEmbedded_nodistro_0.xml - -oscap xccdf eval --results results.xml --report report.html OpenEmbedded_nodistro_0.xccdf.xml diff --git a/meta-security-compliance/recipes-openscap/oe-scap/oe-scap_1.0.bb b/meta-security-compliance/recipes-openscap/oe-scap/oe-scap_1.0.bb deleted file mode 100644 index 7e9f214..0000000 --- a/meta-security-compliance/recipes-openscap/oe-scap/oe-scap_1.0.bb +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright (C) 2017 Armin Kuster -# Released under the MIT license (see COPYING.MIT for the terms) - -SUMARRY = "OE SCAP files" -LIC_FILES_CHKSUM = "file://README.md;md5=46dec9f167b6e05986cb4023df6d92f4" -LICENSE = "MIT" - -SRCREV = "7147871d7f37d408c0dd7720ef0fd3ec1b54ad98" -SRC_URI = "git://github.com/akuster/oe-scap.git;branch=master;protocol=https" -SRC_URI += " \ - file://run_cve.sh \ - file://run_test.sh \ - file://OpenEmbedded_nodistro_0.xml \ - file://OpenEmbedded_nodistro_0.xccdf.xml \ - " - -S = "${WORKDIR}/git" - -do_configure[noexec] = "1" -do_compile[noexec] = "1" - -do_install () { - install -d ${D}/${datadir}/oe-scap - install ${WORKDIR}/run_cve.sh ${D}/${datadir}/oe-scap/. - install ${WORKDIR}/run_test.sh ${D}/${datadir}/oe-scap/. - install ${WORKDIR}/OpenEmbedded_nodistro_0.xml ${D}/${datadir}/oe-scap/. - install ${WORKDIR}/OpenEmbedded_nodistro_0.xccdf.xml ${D}/${datadir}/oe-scap/. - cp ${S}/* ${D}/${datadir}/oe-scap/. -} - -FILES:${PN} += "${datadir}/oe-scap" - -RDEPENDS:${PN} = "openscap bash" From patchwork Tue Jun 13 19:12:43 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: akuster808 X-Patchwork-Id: 25525 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A3766EB64D8 for ; Tue, 13 Jun 2023 19:12:51 +0000 (UTC) Received: from mail-yw1-f175.google.com (mail-yw1-f175.google.com [209.85.128.175]) by mx.groups.io with SMTP id smtpd.web10.34.1686683570425475776 for ; Tue, 13 Jun 2023 12:12:50 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="signature has expired" header.i=@gmail.com header.s=20221208 header.b=rPcd4v3M; spf=pass (domain: gmail.com, ip: 209.85.128.175, mailfrom: akuster808@gmail.com) Received: by mail-yw1-f175.google.com with SMTP id 00721157ae682-56d4f50427cso21252757b3.3 for ; Tue, 13 Jun 2023 12:12:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1686683569; x=1689275569; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=rFNE5TIfqKKCcJFXSOcKdIAv85liq4Eq4oPjM/+udI8=; b=rPcd4v3M9+aPSqvdeOiNaTUMWipYLO/ADxo51cRrE4wSBcqnwbxRxHO4v7sraT/l7q DaTiQz1kvB9ULtPjXew+HxXCl9p+wc2ucZAkHCaBYV0gwq7oPlwB69NcoFMutjBfKIZp U7qMnpi0TfK/y9KQpyWDxa18nPwmZOmJx4aEOjaYv7Vbt6Wm57o56PdsN4J/f3N4eC5I BEJysYaQEBvePSfB+PalEU7kyuX0AmiTxhrRXyXppHhiRuoFIHNqqtaES0CVJSZeUXPo omOvE6SV04wRj+3RFBmOJadyoaTV9xRCTsnNLvRhtjwzqrtnoSnXR2whYqumU/x3a64v aWEg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686683569; x=1689275569; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=rFNE5TIfqKKCcJFXSOcKdIAv85liq4Eq4oPjM/+udI8=; b=ZFHJx6OMHcB1AIb0E7Pb3gDqOkKqfNstfpeMcjZ2qViww8LKgZF/W1ZXAOHR+rnfz0 ro2+E4U733/4bSSx+zQglgWOCwQ6GhvdqIMGcvfuRak0pZIfxTPytCmXRFthUenW0Gvn M3vjTXfpWJyaFxyyURABK8G6eyYEWeteey1PnI/nbqddcW+N8BhqtNxEI0u7aGFP6ye2 mQmLZkttuPFZx6RutV0RWRB+llWqIARuDvhX5hr3W3LkQUCPM19uXE/u/C7iHtEz/1WP HVsiIFiKjOOMT3Msd7MpLUfiQbI9W+0S7wFave1gNeqIO72cTjmxo1QWziao9pR6HXwP 8GrA== X-Gm-Message-State: AC+VfDzbsl3pGrmCUYzbgse1JzoKRD3EptG4fpCL9aXoXE6Ud1cqg4N/ usg9wPYMjKTn4yTUrsC7CCTlxJYVqSs= X-Google-Smtp-Source: ACHHUZ6ulcC7kpBSw0Z7yagCij+V8ZB26f+NJOWiq/iCpR1IO/Y6OIr4W5x6wHQHXI4QXG7kUI1PZQ== X-Received: by 2002:a0d:ca88:0:b0:56d:2d67:cb38 with SMTP id m130-20020a0dca88000000b0056d2d67cb38mr2596628ywd.34.1686683569331; Tue, 13 Jun 2023 12:12:49 -0700 (PDT) Received: from keaua.caveonetworks.com ([2600:1700:9190:ba10:be62:56a:860e:4129]) by smtp.gmail.com with ESMTPSA id q133-20020a815c8b000000b005569567aac1sm1971786ywb.106.2023.06.13.12.12.48 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Jun 2023 12:12:48 -0700 (PDT) From: Armin Kuster To: yocto@lists.yoctoproject.org Subject: [meta-security][PATCH 3/7] openscap: Fix native build missing depends Date: Tue, 13 Jun 2023 15:12:43 -0400 Message-Id: <20230613191247.18732-3-akuster808@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230613191247.18732-1-akuster808@gmail.com> References: <20230613191247.18732-1-akuster808@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 13 Jun 2023 19:12:51 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto/message/60276 Include .inc for pending change New host OS required an addition to the depends file Signed-off-by: Armin Kuster --- .../openscap/openscap_1.3.7.bb | 60 +++++++++++++++++-- 1 file changed, 54 insertions(+), 6 deletions(-) diff --git a/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.7.bb b/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.7.bb index cfe93f0..a422f9c 100644 --- a/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.7.bb +++ b/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.7.bb @@ -1,19 +1,67 @@ -SUMARRY = "NIST Certified SCAP 1.2 toolkit" +# Copyright (C) 2017 - 2023 Armin Kuster +# Released under the MIT license (see COPYING.MIT for the terms) -DEPENDS:append = " xmlsec1" +SUMARRY = "NIST Certified SCAP 1.2 toolkit" +HOME_URL = "https://www.open-scap.org/tools/openscap-base/" +LIC_FILES_CHKSUM = "file://COPYING;md5=fbc093901857fcd118f065f900982c24" +LICENSE = "LGPL-2.1-only" -require openscap.inc +DEPENDS = "dbus acl bzip2 pkgconfig gconf procps curl libxml2 libxslt libcap swig libpcre xmlsec1" +DEPENDS:class-native = "pkgconfig-native swig-native curl-native libxml2-native libxslt-native libcap-native libpcre-native xmlsec1-native" -inherit systemd SRCREV = "55efbfda0f617e05862ab6ed4862e10dbee52b03" SRC_URI = "git://github.com/OpenSCAP/openscap.git;branch=maint-1.3;protocol=https" -SYSTEMD_PACKAGES = "${PN}" -SYSTEMD_SERVICE:${PN} = "oscap-remediate.service" +S = "${WORKDIR}/git" + +inherit cmake pkgconfig python3native python3targetconfig perlnative systemd + +PACKAGECONFIG ?= "python3 rpm perl gcrypt ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}" +PACKAGECONFIG[python3] = "-DENABLE_PYTHON3=ON, ,python3, python3" +PACKAGECONFIG[perl] = "-DENABLE_PERL=ON, ,perl, perl" +PACKAGECONFIG[rpm] = "-DENABLE_OSCAP_UTIL_AS_RPM=ON, ,rpm, rpm" +PACKAGECONFIG[gcrypt] = "-DWITH_CRYPTO=gcrypt, ,libgcrypt" +PACKAGECONFIG[nss3] = "-DWITH_CRYPTO=nss3, ,nss" +PACKAGECONFIG[selinux] = ", ,libselinux" + +EXTRA_OECMAKE += "-DENABLE_PROBES_LINUX=ON -DENABLE_PROBES_UNIX=ON \ + -DENABLE_PROBES_SOLARIS=OFF -DENABLE_PROBES_INDEPENDENT=ON \ + -DENABLE_OSCAP_UTIL=ON -DENABLE_OSCAP_UTIL_SSH=ON \ + -DENABLE_OSCAP_UTIL_DOCKER=OFF -DENABLE_OSCAP_UTIL_CHROOT=OFF \ + -DENABLE_OSCAP_UTIL_PODMAN=OFF -DENABLE_OSCAP_UTIL_VM=OFF \ + -DENABLE_PROBES_WINDOWS=OFF -DENABLE_VALGRIND=OFF \ + -DENABLE_SCE=ON -DENABLE_MITRE=OFF -DENABLE_TESTS=OFF \ + -DCMAKE_SKIP_INSTALL_RPATH=ON -DCMAKE_SKIP_RPATH=ON \ + " + +STAGING_OSCAP_DIR = "${TMPDIR}/work-shared/${MACHINE}/oscap-source" +STAGING_OSCAP_BUILDDIR = "${TMPDIR}/work-shared/openscap/oscap-build-artifacts" + +do_configure:append:class-native () { + sed -i 's:OSCAP_DEFAULT_CPE_PATH.*$:OSCAP_DEFAULT_CPE_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/cpe":' ${B}/config.h + sed -i 's:OSCAP_DEFAULT_SCHEMA_PATH.*$:OSCAP_DEFAULT_SCHEMA_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/schemas":' ${B}/config.h + sed -i 's:OSCAP_DEFAULT_XSLT_PATH.*$:OSCAP_DEFAULT_XSLT_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/xsl":' ${B}/config.h +} do_install:append () { if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then install -D -m 0644 ${B}/oscap-remediate.service ${D}${systemd_system_unitdir}/oscap-remediate.service fi } + +do_install:class-native[cleandirs] += " ${STAGING_OSCAP_BUILDDIR}" +do_install:append:class-native () { + oscapdir=${STAGING_OSCAP_BUILDDIR}/${datadir_native} + install -d $oscapdir + cp -a ${D}/${STAGING_DATADIR_NATIVE}/openscap $oscapdir +} + + +SYSTEMD_PACKAGES = "${PN}" +SYSTEMD_SERVICE:${PN} = "oscap-remediate.service" + +FILES:${PN} += "${PYTHON_SITEPACKAGES_DIR}" + +RDEPENDS:${PN} += "libxml2 python3-core libgcc bash" +BBCLASSEXTEND = "native" From patchwork Tue Jun 13 19:12:44 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: akuster808 X-Patchwork-Id: 25529 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6F4A1EB64D0 for ; Tue, 13 Jun 2023 19:13:01 +0000 (UTC) Received: from mail-yw1-f180.google.com (mail-yw1-f180.google.com [209.85.128.180]) by mx.groups.io with SMTP id smtpd.web11.29.1686683571263541643 for ; Tue, 13 Jun 2023 12:12:51 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="signature has expired" header.i=@gmail.com header.s=20221208 header.b=qMM5JUoV; spf=pass (domain: gmail.com, ip: 209.85.128.180, mailfrom: akuster808@gmail.com) Received: by mail-yw1-f180.google.com with SMTP id 00721157ae682-56ce53c0040so44023227b3.2 for ; Tue, 13 Jun 2023 12:12:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1686683570; x=1689275570; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=xdXKOkQ/zQ9fzA9OvM9ROjslrdJI2mW6eQ1IL6mpDkA=; b=qMM5JUoVPX3Zq32957RW2jtP5ZQu1TtWVG0+59WozoLeNZAMWrdfGPOgIvjz0lRqND 1jHnOMf1zrgI7aezMd7PREz9ASdz/vlkH/2AuhZWxBSnETpk+BB+kCKpYoeluPyRCHdG RYspa4WnNxVzF6tDaZJ+i1+V7ajzQS3bsYff0pkg037ZPO2luSpxvyGEAJ1hhNpM24CV buigNFf56hXSinUJwG3692UYZ9TphfHBtHFxdOwD0BIikgLdwRaUBad7IRWC91Va8Z9E yjGkXdg7o+74MLUoGPJkGHob3hfUpxfSazzcam+4nX99ir1Psm/ertsxN7K1+5IObx4e N24A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686683570; x=1689275570; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=xdXKOkQ/zQ9fzA9OvM9ROjslrdJI2mW6eQ1IL6mpDkA=; b=Q8FTT7Rs7eh07TZqRF1shd/rR0BKF3G9t1a7YVwewq/ogcctL6mM8ZZlrbRcU/5Xc4 FHXVR90Czc7vTGq58m/jEV+/7eIkf+Hn6hVu2x3wpQ6/hEIR0P5h66k4sKgTkkyQ0bo2 2w2TVTL6mIntLwsNO6/QWmY9dV9obaKHBRNb3Awsf52YHs+vEfE+PIG3qySR6uOrBcDu TKqAwgzJQk0pSNCC2bo7QviwHANxO9utjeapTwzFsW6KQZAINZAhO1koyF8N2NRHAZbW nR/LIaWlQyk3jP9SSDYxl1/dUyXDGYNH6phbNxvoNP43+uYjFBO/Nz+9hSQh8NDWnO75 JXSg== X-Gm-Message-State: AC+VfDwkjp4YvqV4nkShhCjphWe+ziTptcJ693AKRR6jhA+egoMUfcbI j/NyaO30tEop0uZLlnR7KwwC8Y8/a/I= X-Google-Smtp-Source: ACHHUZ71MU6UbBQ/0zDEqNDYpFBZlGL08hXnrcsAM/zPbCdOD6f7BRz377ZLejFsU5ZiM/zcTbUHjQ== X-Received: by 2002:a0d:eb4b:0:b0:56d:7c4:8be8 with SMTP id u72-20020a0deb4b000000b0056d07c48be8mr2796677ywe.16.1686683570202; Tue, 13 Jun 2023 12:12:50 -0700 (PDT) Received: from keaua.caveonetworks.com ([2600:1700:9190:ba10:be62:56a:860e:4129]) by smtp.gmail.com with ESMTPSA id q133-20020a815c8b000000b005569567aac1sm1971786ywb.106.2023.06.13.12.12.49 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Jun 2023 12:12:49 -0700 (PDT) From: Armin Kuster To: yocto@lists.yoctoproject.org Subject: [meta-security][PATCH 4/7] openscap: Drop OE specific recipe Date: Tue, 13 Jun 2023 15:12:44 -0400 Message-Id: <20230613191247.18732-4-akuster808@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230613191247.18732-1-akuster808@gmail.com> References: <20230613191247.18732-1-akuster808@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 13 Jun 2023 19:13:01 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto/message/60277 Signed-off-by: Armin Kuster --- .../recipes-openscap/openscap/openscap.inc | 55 ------------------- .../recipes-openscap/openscap/openscap_git.bb | 14 ----- 2 files changed, 69 deletions(-) delete mode 100644 meta-security-compliance/recipes-openscap/openscap/openscap.inc delete mode 100644 meta-security-compliance/recipes-openscap/openscap/openscap_git.bb diff --git a/meta-security-compliance/recipes-openscap/openscap/openscap.inc b/meta-security-compliance/recipes-openscap/openscap/openscap.inc deleted file mode 100644 index e875227..0000000 --- a/meta-security-compliance/recipes-openscap/openscap/openscap.inc +++ /dev/null @@ -1,55 +0,0 @@ -# Copyright (C) 2017 Armin Kuster -# Released under the MIT license (see COPYING.MIT for the terms) - -SUMARRY = "NIST Certified SCAP 1.2 toolkit" -HOME_URL = "https://www.open-scap.org/tools/openscap-base/" -LIC_FILES_CHKSUM = "file://COPYING;md5=fbc093901857fcd118f065f900982c24" -LICENSE = "LGPL-2.1-only" - -DEPENDS = "dbus acl bzip2 pkgconfig gconf procps curl libxml2 libxslt libcap swig libpcre" -DEPENDS:class-native = "pkgconfig-native swig-native curl-native libxml2-native libxslt-native libcap-native libpcre-native" - -S = "${WORKDIR}/git" - -inherit cmake pkgconfig python3native python3targetconfig perlnative - -PACKAGECONFIG ?= "python3 rpm perl gcrypt ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}" -PACKAGECONFIG[python3] = "-DENABLE_PYTHON3=ON, ,python3, python3" -PACKAGECONFIG[perl] = "-DENABLE_PERL=ON, ,perl, perl" -PACKAGECONFIG[rpm] = "-DENABLE_OSCAP_UTIL_AS_RPM=ON, ,rpm, rpm" -PACKAGECONFIG[gcrypt] = "-DWITH_CRYPTO=gcrypt, ,libgcrypt" -PACKAGECONFIG[nss3] = "-DWITH_CRYPTO=nss3, ,nss" -PACKAGECONFIG[selinux] = ", ,libselinux" - -EXTRA_OECMAKE += "-DENABLE_PROBES_LINUX=ON -DENABLE_PROBES_UNIX=ON \ - -DENABLE_PROBES_SOLARIS=OFF -DENABLE_PROBES_INDEPENDENT=ON \ - -DENABLE_OSCAP_UTIL=ON -DENABLE_OSCAP_UTIL_SSH=ON \ - -DENABLE_OSCAP_UTIL_DOCKER=OFF -DENABLE_OSCAP_UTIL_CHROOT=OFF \ - -DENABLE_OSCAP_UTIL_PODMAN=OFF -DENABLE_OSCAP_UTIL_VM=OFF \ - -DENABLE_PROBES_WINDOWS=OFF -DENABLE_VALGRIND=OFF \ - -DENABLE_SCE=ON -DENABLE_MITRE=OFF -DENABLE_TESTS=OFF \ - -DCMAKE_SKIP_INSTALL_RPATH=ON -DCMAKE_SKIP_RPATH=ON \ - " - -STAGING_OSCAP_DIR = "${TMPDIR}/work-shared/${MACHINE}/oscap-source" -STAGING_OSCAP_BUILDDIR = "${TMPDIR}/work-shared/openscap/oscap-build-artifacts" - -do_configure:append:class-native () { - sed -i 's:OSCAP_DEFAULT_CPE_PATH.*$:OSCAP_DEFAULT_CPE_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/cpe":' ${B}/config.h - sed -i 's:OSCAP_DEFAULT_SCHEMA_PATH.*$:OSCAP_DEFAULT_SCHEMA_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/schemas":' ${B}/config.h - sed -i 's:OSCAP_DEFAULT_XSLT_PATH.*$:OSCAP_DEFAULT_XSLT_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/xsl":' ${B}/config.h -} - -do_install:class-native[cleandirs] += " ${STAGING_OSCAP_BUILDDIR}" -do_install:append:class-native () { - oscapdir=${STAGING_OSCAP_BUILDDIR}/${datadir_native} - install -d $oscapdir - cp -a ${D}/${STAGING_DATADIR_NATIVE}/openscap $oscapdir -} - - -FILES:${PN} += "${PYTHON_SITEPACKAGES_DIR}" - -RDEPENDS:${PN} += "libxml2 python3-core libgcc bash" - -BBCLASSEXTEND = "native" diff --git a/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb b/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb deleted file mode 100644 index 3543e11..0000000 --- a/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb +++ /dev/null @@ -1,14 +0,0 @@ -# Copyright (C) 2017 Armin Kuster -# Released under the MIT license (see COPYING.MIT for the terms) - -SUMARRY = "NIST Certified SCAP 1.2 toolkit with OE changes" - -include openscap.inc - -SRCREV = "a85943eee400fdbe59234d1c4a02d8cf710c4625" -SRC_URI = "git://github.com/akuster/openscap.git;branch=oe-1.3;protocol=https \ -" - -PV = "1.3.3+git${SRCPV}" - -DEFAULT_PREFERENCE = "-1" From patchwork Tue Jun 13 19:12:45 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: akuster808 X-Patchwork-Id: 25528 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 803CAEB64D8 for ; Tue, 13 Jun 2023 19:13:01 +0000 (UTC) Received: from mail-yw1-f169.google.com (mail-yw1-f169.google.com [209.85.128.169]) by mx.groups.io with SMTP id smtpd.web10.36.1686683572174649089 for ; Tue, 13 Jun 2023 12:12:52 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="signature has expired" header.i=@gmail.com header.s=20221208 header.b=ZFTPHmGX; spf=pass (domain: gmail.com, ip: 209.85.128.169, mailfrom: akuster808@gmail.com) Received: by mail-yw1-f169.google.com with SMTP id 00721157ae682-56d304ef801so29473827b3.0 for ; Tue, 13 Jun 2023 12:12:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1686683571; x=1689275571; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=N46Y3AAuqPR1HYy4Qzovj6yi82ID/U35f2IiLwyEh20=; b=ZFTPHmGXXnoUeZSCT/qfzT6sRQw3EJn2/TVh2x+TzdQ7mq4yxCLjdjAdj1I9XKvNBL eH89ENeYu3EjH4pm/stV2Jdig4xUV4J3r8y5LyO11eAQXgo8WPpQWI4bBdx/vWooyFFR cTeWNOTStejvdAHakT+BYmY3lsLSa0BCu4+m72E40KnNSSjQijmG6heV4JfJd8/L9VHM +X4iQNu3pCNS/UDlQOmU7nBPJhQDJfWXPnszgv1ORDrgKNCAO9lCVs+p9fuVHMIA3q41 NqewUDT0n65BoPtLMbHyfzpxmYoZPJXRqnpuVQX/m9pX0cD/yPyBZQZHyhPZSkirh9tS eArA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686683571; x=1689275571; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=N46Y3AAuqPR1HYy4Qzovj6yi82ID/U35f2IiLwyEh20=; b=gidJdHF88siWc2WJdoqcTypm5kkS+PBVfdU0n3dFzR/2DCunh3R7021U5uaZCuzDd+ aqJiXyoPxP+H9qyvPVU6Y24yXzJCXzli6T1OmCdwoVocVKyeSCPK6mObIFpKLFvJexGE +7OLXSn4nCLRsj9rJ/YOQt1lh7e0tva25wQOpt9id75N8zgcrkutwGK6sDxalAnXZGmi ZCFiS/n8VF067G468ygWj9fBDJ+NjFj39U8rTV3ab2yFvCJhGvePYVDnJKKDUvmo3WRP C3bRx3jMcYO1g7uSDDTyEq+ZLuamu+JcB63e5s+HnDAF8sga6Ldj7SdhzFSfJMwve41l rZSQ== X-Gm-Message-State: AC+VfDyQuVqu8hLxRwu6Q6nPPuJMEe0gM0ReikqoyoxIXOQRw215+KbF /Ku0iyEqrvXh5UJ82D5+wmMyIWzyrl8= X-Google-Smtp-Source: ACHHUZ6ym1BrHCpXvhjI+U/4ohN51UqT/M/5jqpPNuvOSTDOFZngRCtItNrH+2XYWWxlISoXSRN/EQ== X-Received: by 2002:a81:6505:0:b0:565:a0c8:7e66 with SMTP id z5-20020a816505000000b00565a0c87e66mr2993546ywb.0.1686683570988; Tue, 13 Jun 2023 12:12:50 -0700 (PDT) Received: from keaua.caveonetworks.com ([2600:1700:9190:ba10:be62:56a:860e:4129]) by smtp.gmail.com with ESMTPSA id q133-20020a815c8b000000b005569567aac1sm1971786ywb.106.2023.06.13.12.12.50 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Jun 2023 12:12:50 -0700 (PDT) From: Armin Kuster To: yocto@lists.yoctoproject.org Subject: [meta-security][PATCH 5/7] lynis: move to main meta-security layer Date: Tue, 13 Jun 2023 15:12:45 -0400 Message-Id: <20230613191247.18732-5-akuster808@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230613191247.18732-1-akuster808@gmail.com> References: <20230613191247.18732-1-akuster808@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 13 Jun 2023 19:13:01 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto/message/60278 Signed-off-by: Armin Kuster --- .../lynis/files/0001-osdetection-add-OpenEmbedded-and-Poky.patch | 0 .../recipes-auditors => recipes-compliance}/lynis/lynis_3.0.8.bb | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename {meta-security-compliance/recipes-auditors => recipes-compliance}/lynis/files/0001-osdetection-add-OpenEmbedded-and-Poky.patch (100%) rename {meta-security-compliance/recipes-auditors => recipes-compliance}/lynis/lynis_3.0.8.bb (100%) diff --git a/meta-security-compliance/recipes-auditors/lynis/files/0001-osdetection-add-OpenEmbedded-and-Poky.patch b/recipes-compliance/lynis/files/0001-osdetection-add-OpenEmbedded-and-Poky.patch similarity index 100% rename from meta-security-compliance/recipes-auditors/lynis/files/0001-osdetection-add-OpenEmbedded-and-Poky.patch rename to recipes-compliance/lynis/files/0001-osdetection-add-OpenEmbedded-and-Poky.patch diff --git a/meta-security-compliance/recipes-auditors/lynis/lynis_3.0.8.bb b/recipes-compliance/lynis/lynis_3.0.8.bb similarity index 100% rename from meta-security-compliance/recipes-auditors/lynis/lynis_3.0.8.bb rename to recipes-compliance/lynis/lynis_3.0.8.bb From patchwork Tue Jun 13 19:12:46 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: akuster808 X-Patchwork-Id: 25526 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6F5CBEB64D7 for ; Tue, 13 Jun 2023 19:13:01 +0000 (UTC) Received: from mail-yw1-f173.google.com (mail-yw1-f173.google.com [209.85.128.173]) by mx.groups.io with SMTP id smtpd.web10.37.1686683572605208448 for ; Tue, 13 Jun 2023 12:12:52 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="signature has expired" header.i=@gmail.com header.s=20221208 header.b=B3Mpd7lc; spf=pass (domain: gmail.com, ip: 209.85.128.173, mailfrom: akuster808@gmail.com) Received: by mail-yw1-f173.google.com with SMTP id 00721157ae682-56cf916aaa2so41660147b3.3 for ; Tue, 13 Jun 2023 12:12:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1686683571; x=1689275571; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=dDc0PfcWqzPrEJKxPjQqNkKuq6Onlu7Hyji7gsVMJjo=; b=B3Mpd7lc+2NpJhumxIJ9Vh5ffxZWKRQxKsnm6dtme0leSop6re8e8gqySLPq6Ks67h B2c6N0Kgk0jSirDz1d+YMh0FVO4UL2vrRPOIcDE6fJpudFsyRdI7LWcxsnteByUWoeMo /LpUXeCoCWh5m3uK0AJNsK/qoUPoFa3t8nKjGg+1OMF/6QP2tyDNCX5aBcUsEAqx2Clh UhSEw9jkZ1+joXBVZhxtTWdTjVTAUTKK0vXbWHmT4nCpjeHDA0p+SzFptNLDNBhKQZsV 7s/3WkIlZ0eSnOZ/mz+5wPrxIos8TCXrLrMd8ShB9IMbUgx4TYHu3rWFMXAzCBBi541D GnnQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686683571; x=1689275571; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=dDc0PfcWqzPrEJKxPjQqNkKuq6Onlu7Hyji7gsVMJjo=; b=ghIu9TyEwuwZttWOtNxootNfudiKYHxqaCBEV4v8+era2YyvOnaWzBPo53ueLvBCob ShZ93jx8eJCa922xDVluS25xO2JeKx8rBhYFE0UIhTYNqimb0EACU16lH203jiurDba9 mbzXcW4xUkT0EAikIX2DV05X6ukqK/jSQmW/IIMu5miAjK9idILfR7aTa8JiMFOaNf+8 qHrbzvwSutUyPuMJSo4IIAc0HiJH1tcJ9plgTGMO7krsN8QjS0dg4C6+vVkdc9hcK9Xd Xd3kG9qlXEmf1cqvAdGa97CRIXmjIoOfpAzIoc+7WxMnIryoMKsh2KyZnhZGV5Replta lZ/w== X-Gm-Message-State: AC+VfDwS94PMFarKL3tXKVqLTyHPl9vYa9zqUrECuxpzb5RdoKY5E5Ds ox54Prvc8qRrvnl4jUPGBfph4U5jBjg= X-Google-Smtp-Source: ACHHUZ5zIpJXfii046Q67VwDh5EvzZYGve1SWJzK+CJGULdw+f9evJApT0+Tuk/xDp/rZzX82JvFZg== X-Received: by 2002:a0d:d54d:0:b0:565:5478:713c with SMTP id x74-20020a0dd54d000000b005655478713cmr2686146ywd.0.1686683571527; Tue, 13 Jun 2023 12:12:51 -0700 (PDT) Received: from keaua.caveonetworks.com ([2600:1700:9190:ba10:be62:56a:860e:4129]) by smtp.gmail.com with ESMTPSA id q133-20020a815c8b000000b005569567aac1sm1971786ywb.106.2023.06.13.12.12.51 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Jun 2023 12:12:51 -0700 (PDT) From: Armin Kuster To: yocto@lists.yoctoproject.org Subject: [meta-security][PATCH 6/7] openscap: move to main meta-security layer Date: Tue, 13 Jun 2023 15:12:46 -0400 Message-Id: <20230613191247.18732-6-akuster808@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230613191247.18732-1-akuster808@gmail.com> References: <20230613191247.18732-1-akuster808@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 13 Jun 2023 19:13:01 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto/message/60279 Signed-off-by: Armin Kuster --- .../openscap/openscap_1.3.7.bb | 0 .../scap-security-guide/scap-security-guide_0.1.67.bb | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename {meta-security-compliance/recipes-openscap => recipes-compliance}/openscap/openscap_1.3.7.bb (100%) rename {meta-security-compliance/recipes-openscap => recipes-compliance}/scap-security-guide/scap-security-guide_0.1.67.bb (100%) diff --git a/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.7.bb b/recipes-compliance/openscap/openscap_1.3.7.bb similarity index 100% rename from meta-security-compliance/recipes-openscap/openscap/openscap_1.3.7.bb rename to recipes-compliance/openscap/openscap_1.3.7.bb diff --git a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_0.1.67.bb b/recipes-compliance/scap-security-guide/scap-security-guide_0.1.67.bb similarity index 100% rename from meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_0.1.67.bb rename to recipes-compliance/scap-security-guide/scap-security-guide_0.1.67.bb From patchwork Tue Jun 13 19:12:47 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: akuster808 X-Patchwork-Id: 25527 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 706CDEB64DA for ; Tue, 13 Jun 2023 19:13:01 +0000 (UTC) Received: from mail-yw1-f180.google.com (mail-yw1-f180.google.com [209.85.128.180]) by mx.groups.io with SMTP id smtpd.web11.30.1686683573672980447 for ; Tue, 13 Jun 2023 12:12:53 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="signature has expired" header.i=@gmail.com header.s=20221208 header.b=fBnjFoMk; spf=pass (domain: gmail.com, ip: 209.85.128.180, mailfrom: akuster808@gmail.com) Received: by mail-yw1-f180.google.com with SMTP id 00721157ae682-56d1ca11031so33764067b3.2 for ; Tue, 13 Jun 2023 12:12:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1686683572; x=1689275572; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=a8haHwxEf5iEHWx3s83vRtuuv3Pp10VLf51a+x4KE6Y=; b=fBnjFoMkU9giHRo73MhClRkebOge6nCd4foeuADlXQjAGw/IxBygii21JCn5Nn96QR ZVwDWDwCJ9F7EQshelPfL9+Mxyp5wgOoc2YYeCGUkfse+nAak3ic2E8rlymQitDpcyD1 /XxzZNT291AKaqqvvHhvo2d0Mlmrb9+Uw9IhJ20sA5N9DSI90jknynHGeqjaldfTztu5 vIaasKRtVsR0RHRzIZuGuO1shnsTl8eFwY8+gmXdYQWP5TP9aFxX8CvAyWKNt6DfPFs8 iF0nvi1xEQQLjtA43zsz671fEFSytKgzHE6WaH87RqLMQupdcuqQvkbqnyuSlHEbvt7c bejw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686683572; x=1689275572; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=a8haHwxEf5iEHWx3s83vRtuuv3Pp10VLf51a+x4KE6Y=; b=OLbzHPrE3eIZIX3Pm8pwwEGPcs5OX+EzKDPvz+QPIlLz8GzlccL8qhMmUXM00ewIuG ijj5b/t3lTGmz5Q89uATt2WJYWpfKsVMUIZM4Vi8dSEAf6AAJp3UV6bLyaTEFlh8fxhs WIHDRBqtO4glGO3V4EyFgsbxE+6OcX3fbN3FdjDNSRIMT00jDahW45pszNQZWYdoPenh e16Ni+fSR/wPKhEHmlnbYAK5MSaU4a4UKKy76nKpqzJtstzFeSNloXivNirSWrOafsm5 IF1O+3ejL7Y1SF4zUKusUQFBSixL9u+UoYkuGLY7LBgw9lhpjiQZrhZGzT4x7xCDY0RA bDEQ== X-Gm-Message-State: AC+VfDznAKj/8ozxm0Fqax4XvAhn17KrVGYZWvnPGwuhk/V1wtw1+yx7 uDOjlr3mgI3YKBfa1GcHCkH+XZAsfFE= X-Google-Smtp-Source: ACHHUZ6d2IVcnklfXKiCYFdbcGxDCOcB3vLUQ414iPg4u/mBC7/H5gFUYrtoP0j5WRGdFPbF+JaoGg== X-Received: by 2002:a25:cbd6:0:b0:bca:f2b2:cbf5 with SMTP id b205-20020a25cbd6000000b00bcaf2b2cbf5mr52209ybg.38.1686683572474; Tue, 13 Jun 2023 12:12:52 -0700 (PDT) Received: from keaua.caveonetworks.com ([2600:1700:9190:ba10:be62:56a:860e:4129]) by smtp.gmail.com with ESMTPSA id q133-20020a815c8b000000b005569567aac1sm1971786ywb.106.2023.06.13.12.12.51 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Jun 2023 12:12:51 -0700 (PDT) From: Armin Kuster To: yocto@lists.yoctoproject.org Subject: [meta-security][PATCH 7/7] meta-security-compliance: remove layer Date: Tue, 13 Jun 2023 15:12:47 -0400 Message-Id: <20230613191247.18732-7-akuster808@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230613191247.18732-1-akuster808@gmail.com> References: <20230613191247.18732-1-akuster808@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 13 Jun 2023 19:13:01 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto/message/60280 simplify structure. Signed-off-by: Armin Kuster --- meta-security-compliance/README | 41 ------------------------ meta-security-compliance/conf/layer.conf | 15 --------- 2 files changed, 56 deletions(-) delete mode 100644 meta-security-compliance/README delete mode 100644 meta-security-compliance/conf/layer.conf diff --git a/meta-security-compliance/README b/meta-security-compliance/README deleted file mode 100644 index 3311d05..0000000 --- a/meta-security-compliance/README +++ /dev/null @@ -1,41 +0,0 @@ -# Meta-security-compliance - -This layer is meant to contain programs to help in security compliance and auditing - - -Dependencies -============ - -This layer depends on: - - URI: git://git.openembedded.org/bitbake - branch: master - - URI: git://git.openembedded.org/openembedded-core - layers: meta - branch: master - -or - - URI: git://git.yoctoproject.org/poky - branch: master - - - -Maintenance ------------ - -Send pull requests, patches, comments or questions to yocto@yoctoproject.org - -When sending single patches, please using something like: -'git send-email -1 --to yocto@lists.yoctoproject.org --subject-prefix=meta-security-compliance][PATCH' - -Layer Maintainer: Armin Kuster - - -License -======= - -All metadata is MIT licensed unless otherwise stated. Source code included -in tree for individual recipes is under the LICENSE stated in each recipe -(.bb file) unless otherwise stated. diff --git a/meta-security-compliance/conf/layer.conf b/meta-security-compliance/conf/layer.conf deleted file mode 100644 index 82409a6..0000000 --- a/meta-security-compliance/conf/layer.conf +++ /dev/null @@ -1,15 +0,0 @@ -# We have a conf and classes directory, add to BBPATH -BBPATH .= ":${LAYERDIR}" - -# We have a recipes directory, add to BBFILES -BBFILES += "${LAYERDIR}/recipes*/*/*.bb ${LAYERDIR}/recipes*/*/*.bbappend" - -BBFILE_COLLECTIONS += "scanners-layer" -BBFILE_PATTERN_scanners-layer = "^${LAYERDIR}/" -BBFILE_PRIORITY_scanners-layer = "6" - -LAYERSERIES_COMPAT_scanners-layer = "mickledore" - -LAYERDEPENDS_scanners-layer = "core openembedded-layer meta-python" - -BBLAYERS_LAYERINDEX_NAME_scanners-layer = "meta-security-compliance"