From patchwork Thu Jun 2 15:57:01 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: akuster808 X-Patchwork-Id: 8753 X-Patchwork-Delegate: akuster808@gmail.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id BBEC3CCA47B for ; Thu, 2 Jun 2022 15:57:13 +0000 (UTC) Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) by mx.groups.io with SMTP id smtpd.web09.846.1654185425231238055 for ; Thu, 02 Jun 2022 08:57:05 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=q7hj24fl; spf=pass (domain: gmail.com, ip: 209.85.214.180, mailfrom: akuster808@gmail.com) Received: by mail-pl1-f180.google.com with SMTP id i1so4858983plg.7 for ; Thu, 02 Jun 2022 08:57:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=Tp6F3SIlwo506C/kK9mFfz7ADrd8W51rgBrAKIsV6Gg=; b=q7hj24fl98PxqSrqjwIdFDqFszmw9Y+buwxhjiWOy/f0HDHHgcEgl69qQj9nmwWpY0 ACDhwPoyp6t3R0c8jwK149NzhaEnUqUdXKL60H28plJybW1i+dzyPLG4DEn95ouDeWaQ r9xA6jjArDzKvOGM070ZuyjSERVlgBuQyG7541bqx4dIAcIt1L7Opim06AXDvdrjyNzR Uzq+jsuUZ1HWsQ2kVcGhnMd/8255VVkKyKVm4pcgiI1fWHMYHuPwHj02QbeQCZ3IN5OA WZ2pcNtwlp7T/8drA4KWFg72EvN4U7aKaDYveAWeySFjT82bhfJODAumfRNKDiI+W0jy f+Xg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=Tp6F3SIlwo506C/kK9mFfz7ADrd8W51rgBrAKIsV6Gg=; b=PXt1iOMXk+EljqWWfLYfPoWE4gN7/tYdL93WgdtlX0mW4zv1vFkYd5a+O8iXu//hNg iWADNbv0LvRnarzoCku2gbpu73MFRGOQEmShSHP8mGAeQbI7cCH87hVZHJvdCkPEdeHP 1JPowjkupRxESSsYhELptShl8LhaYPiTljxdzHVYXaBmaoeWhNoahBdjz0qeilOOImvP tapzDlwWoJ3CJ3oy51d8NXxPinW0ng4yGh5Ojn7LUfoRei91UK6iTlOuxpEk1u9KnULn CbPTC+CQu+KYtp81m0rmL/15Q+Ijbjxkt0vS0jd+7cHOWXFdUUe16uNDTJJQYvHjrIPM Qgog== X-Gm-Message-State: AOAM532ETxl+KjvYd1SOEHSFaeZusWPurYqnJE7GTCNxMKthIXmc1yc3 2WT606SUoXJYsMCSGGfa7KlIv1qLyf4= X-Google-Smtp-Source: ABdhPJwD3nLUNRVuAevZGxSCK7ARM82vz2oI4UTjncC30cFhZwUfB+YnCBhOLUmRByhrpytqLLiQhw== X-Received: by 2002:a17:90b:3c6:b0:1e2:e9fc:4e79 with SMTP id go6-20020a17090b03c600b001e2e9fc4e79mr25675972pjb.192.1654185424190; Thu, 02 Jun 2022 08:57:04 -0700 (PDT) Received: from keaua.caveonetworks.com ([2601:202:4180:a5c0:e8e8:b71d:2c05:ffc8]) by smtp.gmail.com with ESMTPSA id c14-20020a170902c2ce00b0015e8d4eb207sm3707996pla.81.2022.06.02.08.57.03 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 02 Jun 2022 08:57:03 -0700 (PDT) From: Armin Kuster To: yocto@lists.yoctoproject.org Subject: [meta-security][PATCH 1/2] layer.conf: Post release codename changes Date: Thu, 2 Jun 2022 08:57:01 -0700 Message-Id: <20220602155702.260918-1-akuster808@gmail.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 02 Jun 2022 15:57:13 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto/message/57251 Signed-off-by: Armin Kuster --- conf/layer.conf | 2 +- meta-hardening/conf/layer.conf | 2 +- meta-integrity/conf/layer.conf | 2 +- meta-parsec/conf/layer.conf | 2 +- meta-security-compliance/conf/layer.conf | 2 +- meta-security-isafw/conf/layer.conf | 2 +- meta-tpm/conf/layer.conf | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/conf/layer.conf b/conf/layer.conf index 7d57f9c..fa7d79e 100644 --- a/conf/layer.conf +++ b/conf/layer.conf @@ -9,7 +9,7 @@ BBFILE_COLLECTIONS += "security" BBFILE_PATTERN_security = "^${LAYERDIR}/" BBFILE_PRIORITY_security = "8" -LAYERSERIES_COMPAT_security = "kirkstone" +LAYERSERIES_COMPAT_security = "kirkstone langdale" LAYERDEPENDS_security = "core openembedded-layer" diff --git a/meta-hardening/conf/layer.conf b/meta-hardening/conf/layer.conf index bc33d97..5983161 100644 --- a/meta-hardening/conf/layer.conf +++ b/meta-hardening/conf/layer.conf @@ -8,6 +8,6 @@ BBFILE_COLLECTIONS += "harden-layer" BBFILE_PATTERN_harden-layer = "^${LAYERDIR}/" BBFILE_PRIORITY_harden-layer = "10" -LAYERSERIES_COMPAT_harden-layer = "kirkstone" +LAYERSERIES_COMPAT_harden-layer = "kirkstone langdale" LAYERDEPENDS_harden-layer = "core openembedded-layer" diff --git a/meta-integrity/conf/layer.conf b/meta-integrity/conf/layer.conf index 3d58be4..1fcf33c 100644 --- a/meta-integrity/conf/layer.conf +++ b/meta-integrity/conf/layer.conf @@ -20,7 +20,7 @@ INTEGRITY_BASE := '${LAYERDIR}' # interactive shell is enough. OE_TERMINAL_EXPORTS += "INTEGRITY_BASE" -LAYERSERIES_COMPAT_integrity = "kirkstone" +LAYERSERIES_COMPAT_integrity = "kirkstone langdale" # ima-evm-utils depends on keyutils from meta-oe LAYERDEPENDS_integrity = "core openembedded-layer" diff --git a/meta-parsec/conf/layer.conf b/meta-parsec/conf/layer.conf index 544cc4e..a748d77 100644 --- a/meta-parsec/conf/layer.conf +++ b/meta-parsec/conf/layer.conf @@ -8,7 +8,7 @@ BBFILE_COLLECTIONS += "parsec-layer" BBFILE_PATTERN_parsec-layer = "^${LAYERDIR}/" BBFILE_PRIORITY_parsec-layer = "5" -LAYERSERIES_COMPAT_parsec-layer = "kirkstone" +LAYERSERIES_COMPAT_parsec-layer = "kirkstone langdale" LAYERDEPENDS_parsec-layer = "core clang-layer" BBLAYERS_LAYERINDEX_NAME_parsec-layer = "meta-parsec" diff --git a/meta-security-compliance/conf/layer.conf b/meta-security-compliance/conf/layer.conf index 7c07625..ec57541 100644 --- a/meta-security-compliance/conf/layer.conf +++ b/meta-security-compliance/conf/layer.conf @@ -8,7 +8,7 @@ BBFILE_COLLECTIONS += "scanners-layer" BBFILE_PATTERN_scanners-layer = "^${LAYERDIR}/" BBFILE_PRIORITY_scanners-layer = "10" -LAYERSERIES_COMPAT_scanners-layer = "kirkstone" +LAYERSERIES_COMPAT_scanners-layer = "kirkstone langdale" LAYERDEPENDS_scanners-layer = "core openembedded-layer meta-python" diff --git a/meta-security-isafw/conf/layer.conf b/meta-security-isafw/conf/layer.conf index e8cdc1b..724742d 100644 --- a/meta-security-isafw/conf/layer.conf +++ b/meta-security-isafw/conf/layer.conf @@ -14,4 +14,4 @@ LAYERVERSION_security-isafw = "1" LAYERDEPENDS_security-isafw = "core" -LAYERSERIES_COMPAT_security-isafw = "kirkstone" +LAYERSERIES_COMPAT_security-isafw = "kirkstone langdale" diff --git a/meta-tpm/conf/layer.conf b/meta-tpm/conf/layer.conf index 52e3ee0..1fd2e4c 100644 --- a/meta-tpm/conf/layer.conf +++ b/meta-tpm/conf/layer.conf @@ -8,7 +8,7 @@ BBFILE_COLLECTIONS += "tpm-layer" BBFILE_PATTERN_tpm-layer = "^${LAYERDIR}/" BBFILE_PRIORITY_tpm-layer = "10" -LAYERSERIES_COMPAT_tpm-layer = "kirkstone" +LAYERSERIES_COMPAT_tpm-layer = "kirkstone langdale" LAYERDEPENDS_tpm-layer = " \ core \ From patchwork Thu Jun 2 15:57:02 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: akuster808 X-Patchwork-Id: 8754 X-Patchwork-Delegate: akuster808@gmail.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id BB14AC43334 for ; Thu, 2 Jun 2022 15:57:13 +0000 (UTC) Received: from mail-pj1-f41.google.com (mail-pj1-f41.google.com [209.85.216.41]) by mx.groups.io with SMTP id smtpd.web12.835.1654185426409310149 for ; Thu, 02 Jun 2022 08:57:06 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=akzWZtI2; spf=pass (domain: gmail.com, ip: 209.85.216.41, mailfrom: akuster808@gmail.com) Received: by mail-pj1-f41.google.com with SMTP id e24so5333729pjt.0 for ; Thu, 02 Jun 2022 08:57:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=7yQgloVTImGF+Yn1KORE+ABVDRe4/u0eXooKv3dcHkc=; b=akzWZtI2AzqUdPFWveS6egzrPGB4MCJHLvcndmkCJGXdEYFgo3V7PqiSEzt4nTwoiR Q1O9US5ITOh4HSsmLfGUQ2uy2WA9dnUAIPEd83FvwNvFmJi57pmkDcMJQKStQDnGlJnZ xzZ/LhWYwNEcH5w6HvUFc20sxTyBWbVUToo0TulWXFn6LumKjHIkynXrFI7VVa9yPET3 nxpbbrES4a1AA1zB/T79H4qE2leyYr0b7Jh0/RLhRGlC0fatDH5zBRZ7qrkryDBji/Lj USQQFwY1GT8Iqt16rpQ+FuWJvYxP+yLtoUGcYNNmWp4D96J6R0ib/g/XGTC53X4s56bV IIYQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=7yQgloVTImGF+Yn1KORE+ABVDRe4/u0eXooKv3dcHkc=; b=QvITNWIvW3oBoV6dp49/JAW1nYR8YIwmKpvzmsabmifx0A2yxabIFOWfbRELlSZnk/ oduT/eh/LxF1MQBpiN/G9Dg3aZtQqgeKOM7Z7VHF8le1snIyEsC9UbBqGBqHa4St/JOP 64OpTfphDLiP0R73gA/1DUSmRc66+HNwtgHQw67W0q4WH8WvjDdXPc5lmU4PMaiWUzBt Zsby0f2Tm5tKJPGt+U52nSonQdQivRmGVPE49NX+UmmPZ0dTgebve8EXj9M4RzC8qLKX j0rz2yuw7Fmc1dHlwEuxtziZuh7QBVquP3mKXv3GmG2w5fByytuuvgUB8y6qLHSKOg1x XShg== X-Gm-Message-State: AOAM530QfO8tpDDRTo7INVeNqdAv0ci9YGLlxkUscGAdB2FSHujcyYln kyt4qx65mLSA0WBG0PP8M1OQUe/dCLE= X-Google-Smtp-Source: ABdhPJwI6N0WWIcSsZvA2yu1bTUuTse5Rkre7QhfSWDY1Mb77dMsrPteHBNfdTpFCm5XDZQKpwlejw== X-Received: by 2002:a17:90b:2245:b0:1e0:6ad6:33c with SMTP id hk5-20020a17090b224500b001e06ad6033cmr5993112pjb.86.1654185425402; Thu, 02 Jun 2022 08:57:05 -0700 (PDT) Received: from keaua.caveonetworks.com ([2601:202:4180:a5c0:e8e8:b71d:2c05:ffc8]) by smtp.gmail.com with ESMTPSA id c14-20020a170902c2ce00b0015e8d4eb207sm3707996pla.81.2022.06.02.08.57.04 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 02 Jun 2022 08:57:04 -0700 (PDT) From: Armin Kuster To: yocto@lists.yoctoproject.org Subject: [meta-security][PATCH 2/2] README: Update for dynamic layers Date: Thu, 2 Jun 2022 08:57:02 -0700 Message-Id: <20220602155702.260918-2-akuster808@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220602155702.260918-1-akuster808@gmail.com> References: <20220602155702.260918-1-akuster808@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 02 Jun 2022 15:57:13 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto/message/57252 Signed-off-by: Armin Kuster --- README | 33 ++++++++++++--------------------- 1 file changed, 12 insertions(+), 21 deletions(-) diff --git a/README b/README index 081669f..2d1996b 100644 --- a/README +++ b/README @@ -28,20 +28,10 @@ Dependencies This layer depends on: URI: git://git.openembedded.org/openembedded-core - branch: master + branch: [same one as checked out for this layer] URI: git://git.openembedded.org/meta-openembedded/meta-oe - branch: master - - URI: git://git.openembedded.org/meta-openembedded/meta-perl - branch: master - - URI: git://git.openembedded.org/meta-openembedded/meta-python - branch: master - - URI: git://git.openembedded.org/meta-openembedded/meta-networking - branch: master - + branch: [same one as checked out for this layer] Adding the security layer to your build ======================================== @@ -57,21 +47,22 @@ other layers needed. e.g.: BBLAYERS ?= " \ /path/to/oe-core/meta \ /path/to/meta-openembedded/meta-oe \ - /path/to/meta-openembedded/meta-perl \ - /path/to/meta-openembedded/meta-python \ - /path/to/meta-openembedded/meta-networking \ /path/to/layer/meta-security " -Optional Rust dependancy +Optional Dynamic layer dependancy ====================================== -If you want to use the latest Suricata that needs rust, you will need to clone - URI: https://github.com/meta-rust/meta-rust.git - branch: master + URI: git://git.openembedded.org/meta-openembedded/meta-oe + + URI: git://git.openembedded.org/meta-openembedded/meta-perl + + URI: git://git.openembedded.org/meta-openembedded/meta-python - BBLAYERS += "/path/to/layer/meta-rust" + BBLAYERS += "/path/to/layer/meta-openembedded/meta-oe" + BBLAYERS += "/path/to/layer/meta-openembedded/meta-perl" + BBLAYERS += "/path/to/layer/meta-openembedded/meta-python" -This will activate the dynamic-layer mechanism and pull in the newer suricata +This will activate the dynamic-layer mechanism.