* [meta-security][PATCH 0/3] Add image, packagegroups and ditro
@ 2014-07-10 14:30 Armin Kuster
2014-07-10 14:30 ` [meta-security][PATCH 1/3] packagegroup: Add initial set of package groups Armin Kuster
` (2 more replies)
0 siblings, 3 replies; 8+ messages in thread
From: Armin Kuster @ 2014-07-10 14:30 UTC (permalink / raw)
To: yocto
To aid in testing I have create an image and packagegroups.
By setting "DISTRO=poky-security" in the local.conf,
the security_flag.inc will be included.
This was varified by checksec utility.
Armin Kuster (3):
packagegroup: Add initial set of package groups
images: Add initial image
distro: Add distro
conf/distro/poky-security.conf | 4 ++
recipes-security/images/core-image-security.bb | 19 +++++++++
.../packagegroup/packagegroup-core-security.bb | 45 ++++++++++++++++++++++
3 files changed, 68 insertions(+)
create mode 100644 conf/distro/poky-security.conf
create mode 100644 recipes-security/images/core-image-security.bb
create mode 100644 recipes-security/packagegroup/packagegroup-core-security.bb
--
1.9.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* [meta-security][PATCH 1/3] packagegroup: Add initial set of package groups
2014-07-10 14:30 [meta-security][PATCH 0/3] Add image, packagegroups and ditro Armin Kuster
@ 2014-07-10 14:30 ` Armin Kuster
2014-07-10 15:06 ` Saul Wold
2014-07-10 14:30 ` [meta-security][PATCH 2/3] images: Add initial image Armin Kuster
2014-07-10 14:30 ` [meta-security][PATCH 3/3] distro: Add distro Armin Kuster
2 siblings, 1 reply; 8+ messages in thread
From: Armin Kuster @ 2014-07-10 14:30 UTC (permalink / raw)
To: yocto
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
.../packagegroup/packagegroup-core-security.bb | 45 ++++++++++++++++++++++
1 file changed, 45 insertions(+)
create mode 100644 recipes-security/packagegroup/packagegroup-core-security.bb
diff --git a/recipes-security/packagegroup/packagegroup-core-security.bb b/recipes-security/packagegroup/packagegroup-core-security.bb
new file mode 100644
index 0000000..1acc4a9
--- /dev/null
+++ b/recipes-security/packagegroup/packagegroup-core-security.bb
@@ -0,0 +1,45 @@
+DESCRIPTION = "Security packagegroup for Poky"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \
+ file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
+
+PR = "r0"
+
+inherit packagegroup
+
+PACKAGES = "\
+ packagegroup-core-security \
+ packagegroup-security-utils \
+ packagegroup-security-scanners \
+ "
+
+RDEPENDS_packagegroup-core-security = "\
+ packagegroup-security-utils \
+ packagegroup-security-scanners \
+ "
+
+SUMMARY_packagegroup-security-utils = "Security utilities"
+RDEPENDS_packagegroup-security-utils = "\
+ nmap \
+ libseccomp \
+ pinentry \
+ ${@bb.utils.contains("DISTRO_FEATURES", "pax", "pax-utils", "",d)} \
+ "
+
+SUMMARY_packagegroup-security-scanners = "Security scanners"
+RDEPENDS_packagegroup-security-scanners = "\
+ nikto \
+ checksecurity \
+ "
+
+SUMMARY_packagegroup-security-audit = "Security Audit tools "
+RDEPENDS_packagegroup-security-audit = " \
+ buck-security \
+ redhat-security \
+ "
+
+SUMMARY_packagegroup-security-hardening = "Security Hardening tools"
+RDEPENDS_packagegroup-security-hardening = " \
+ bastille \
+ "
+
--
1.9.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [meta-security][PATCH 2/3] images: Add initial image
2014-07-10 14:30 [meta-security][PATCH 0/3] Add image, packagegroups and ditro Armin Kuster
2014-07-10 14:30 ` [meta-security][PATCH 1/3] packagegroup: Add initial set of package groups Armin Kuster
@ 2014-07-10 14:30 ` Armin Kuster
2014-07-10 14:30 ` [meta-security][PATCH 3/3] distro: Add distro Armin Kuster
2 siblings, 0 replies; 8+ messages in thread
From: Armin Kuster @ 2014-07-10 14:30 UTC (permalink / raw)
To: yocto
this will aid in testing
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
recipes-security/images/core-image-security.bb | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
create mode 100644 recipes-security/images/core-image-security.bb
diff --git a/recipes-security/images/core-image-security.bb b/recipes-security/images/core-image-security.bb
new file mode 100644
index 0000000..1781c35
--- /dev/null
+++ b/recipes-security/images/core-image-security.bb
@@ -0,0 +1,19 @@
+DESCRIPTION = "Image with Security utilities support"
+LICENSE = "MIT"
+
+IMAGE_FEATURES += "splash ssh-server-openssh"
+
+IMAGE_LINGUAS = " "
+
+IMAGE_INSTALL = "\
+ ${CORE_IMAGE_BASE_INSTALL} \
+ util-linux-agetty \
+ packagegroup-core-full-cmdline \
+ packagegroup-core-security \
+"
+
+inherit core-image distro_features_check
+
+DISTRO_FEATURES = "pax"
+
+
--
1.9.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [meta-security][PATCH 3/3] distro: Add distro
2014-07-10 14:30 [meta-security][PATCH 0/3] Add image, packagegroups and ditro Armin Kuster
2014-07-10 14:30 ` [meta-security][PATCH 1/3] packagegroup: Add initial set of package groups Armin Kuster
2014-07-10 14:30 ` [meta-security][PATCH 2/3] images: Add initial image Armin Kuster
@ 2014-07-10 14:30 ` Armin Kuster
2014-07-14 11:31 ` Paul Eggleton
2 siblings, 1 reply; 8+ messages in thread
From: Armin Kuster @ 2014-07-10 14:30 UTC (permalink / raw)
To: yocto
This allows us to include security_flags.inc
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
conf/distro/poky-security.conf | 4 ++++
1 file changed, 4 insertions(+)
create mode 100644 conf/distro/poky-security.conf
diff --git a/conf/distro/poky-security.conf b/conf/distro/poky-security.conf
new file mode 100644
index 0000000..5092dfa
--- /dev/null
+++ b/conf/distro/poky-security.conf
@@ -0,0 +1,4 @@
+require conf/distro/poky.conf
+require conf/distro/include/security_flags.inc
+
+DISTRO = "poky-security"
--
1.9.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [meta-security][PATCH 1/3] packagegroup: Add initial set of package groups
2014-07-10 14:30 ` [meta-security][PATCH 1/3] packagegroup: Add initial set of package groups Armin Kuster
@ 2014-07-10 15:06 ` Saul Wold
2014-07-10 15:52 ` akuster
0 siblings, 1 reply; 8+ messages in thread
From: Saul Wold @ 2014-07-10 15:06 UTC (permalink / raw)
To: Armin Kuster, yocto
On 07/10/2014 07:30 AM, Armin Kuster wrote:
> Signed-off-by: Armin Kuster <akuster@mvista.com>
> ---
> .../packagegroup/packagegroup-core-security.bb | 45 ++++++++++++++++++++++
> 1 file changed, 45 insertions(+)
> create mode 100644 recipes-security/packagegroup/packagegroup-core-security.bb
>
> diff --git a/recipes-security/packagegroup/packagegroup-core-security.bb b/recipes-security/packagegroup/packagegroup-core-security.bb
> new file mode 100644
> index 0000000..1acc4a9
> --- /dev/null
> +++ b/recipes-security/packagegroup/packagegroup-core-security.bb
> @@ -0,0 +1,45 @@
> +DESCRIPTION = "Security packagegroup for Poky"
> +LICENSE = "MIT"
> +LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \
> + file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
> +
> +PR = "r0"
> +
You can drop the PR as they are un-needed now with the PR Server
> +inherit packagegroup
> +
> +PACKAGES = "\
> + packagegroup-core-security \
> + packagegroup-security-utils \
> + packagegroup-security-scanners \
> + "
> +
> +RDEPENDS_packagegroup-core-security = "\
> + packagegroup-security-utils \
> + packagegroup-security-scanners \
> + "
> +
> +SUMMARY_packagegroup-security-utils = "Security utilities"
> +RDEPENDS_packagegroup-security-utils = "\
> + nmap \
> + libseccomp \
> + pinentry \
> + ${@bb.utils.contains("DISTRO_FEATURES", "pax", "pax-utils", "",d)} \
> + "
> +
> +SUMMARY_packagegroup-security-scanners = "Security scanners"
> +RDEPENDS_packagegroup-security-scanners = "\
> + nikto \
> + checksecurity \
> + "
> +
> +SUMMARY_packagegroup-security-audit = "Security Audit tools "
> +RDEPENDS_packagegroup-security-audit = " \
> + buck-security \
> + redhat-security \
> + "
> +
> +SUMMARY_packagegroup-security-hardening = "Security Hardening tools"
> +RDEPENDS_packagegroup-security-hardening = " \
> + bastille \
> + "
> +
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [meta-security][PATCH 1/3] packagegroup: Add initial set of package groups
2014-07-10 15:06 ` Saul Wold
@ 2014-07-10 15:52 ` akuster
0 siblings, 0 replies; 8+ messages in thread
From: akuster @ 2014-07-10 15:52 UTC (permalink / raw)
To: Saul Wold, yocto
will fix in V2 .
thanks,
Armin
On 07/10/2014 08:06 AM, Saul Wold wrote:
> On 07/10/2014 07:30 AM, Armin Kuster wrote:
>> Signed-off-by: Armin Kuster <akuster@mvista.com>
>> ---
>> .../packagegroup/packagegroup-core-security.bb | 45
>> ++++++++++++++++++++++
>> 1 file changed, 45 insertions(+)
>> create mode 100644
>> recipes-security/packagegroup/packagegroup-core-security.bb
>>
>> diff --git
>> a/recipes-security/packagegroup/packagegroup-core-security.bb
>> b/recipes-security/packagegroup/packagegroup-core-security.bb
>> new file mode 100644
>> index 0000000..1acc4a9
>> --- /dev/null
>> +++ b/recipes-security/packagegroup/packagegroup-core-security.bb
>> @@ -0,0 +1,45 @@
>> +DESCRIPTION = "Security packagegroup for Poky"
>> +LICENSE = "MIT"
>> +LIC_FILES_CHKSUM =
>> "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \
>> +
>> file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
>> +
>> +PR = "r0"
>> +
> You can drop the PR as they are un-needed now with the PR Server
>
>> +inherit packagegroup
>> +
>> +PACKAGES = "\
>> + packagegroup-core-security \
>> + packagegroup-security-utils \
>> + packagegroup-security-scanners \
>> + "
>> +
>> +RDEPENDS_packagegroup-core-security = "\
>> + packagegroup-security-utils \
>> + packagegroup-security-scanners \
>> + "
>> +
>> +SUMMARY_packagegroup-security-utils = "Security utilities"
>> +RDEPENDS_packagegroup-security-utils = "\
>> + nmap \
>> + libseccomp \
>> + pinentry \
>> + ${@bb.utils.contains("DISTRO_FEATURES", "pax", "pax-utils",
>> "",d)} \
>> + "
>> +
>> +SUMMARY_packagegroup-security-scanners = "Security scanners"
>> +RDEPENDS_packagegroup-security-scanners = "\
>> + nikto \
>> + checksecurity \
>> + "
>> +
>> +SUMMARY_packagegroup-security-audit = "Security Audit tools "
>> +RDEPENDS_packagegroup-security-audit = " \
>> + buck-security \
>> + redhat-security \
>> + "
>> +
>> +SUMMARY_packagegroup-security-hardening = "Security Hardening tools"
>> +RDEPENDS_packagegroup-security-hardening = " \
>> + bastille \
>> + "
>> +
>>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [meta-security][PATCH 3/3] distro: Add distro
2014-07-10 14:30 ` [meta-security][PATCH 3/3] distro: Add distro Armin Kuster
@ 2014-07-14 11:31 ` Paul Eggleton
2014-07-14 19:20 ` akuster
0 siblings, 1 reply; 8+ messages in thread
From: Paul Eggleton @ 2014-07-14 11:31 UTC (permalink / raw)
To: yocto
Hi Armin,
On Thursday 10 July 2014 07:30:33 Armin Kuster wrote:
> This allows us to include security_flags.inc
>
> Signed-off-by: Armin Kuster <akuster@mvista.com>
> ---
> conf/distro/poky-security.conf | 4 ++++
> 1 file changed, 4 insertions(+)
> create mode 100644 conf/distro/poky-security.conf
>
> diff --git a/conf/distro/poky-security.conf b/conf/distro/poky-security.conf
> new file mode 100644
> index 0000000..5092dfa
> --- /dev/null
> +++ b/conf/distro/poky-security.conf
> @@ -0,0 +1,4 @@
> +require conf/distro/poky.conf
> +require conf/distro/include/security_flags.inc
> +
> +DISTRO = "poky-security"
AIUI, meta-security is supposed to be simply a layer providing additional
recipes; thus adding a distro config to this wouldn't really be right.
Cheers,
Paul
--
Paul Eggleton
Intel Open Source Technology Centre
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [meta-security][PATCH 3/3] distro: Add distro
2014-07-14 11:31 ` Paul Eggleton
@ 2014-07-14 19:20 ` akuster
0 siblings, 0 replies; 8+ messages in thread
From: akuster @ 2014-07-14 19:20 UTC (permalink / raw)
To: Paul Eggleton, yocto
Paul,
On 07/14/2014 04:31 AM, Paul Eggleton wrote:
> Hi Armin,
>
> On Thursday 10 July 2014 07:30:33 Armin Kuster wrote:
>> This allows us to include security_flags.inc
>>
>> Signed-off-by: Armin Kuster <akuster@mvista.com>
>> ---
>> conf/distro/poky-security.conf | 4 ++++
>> 1 file changed, 4 insertions(+)
>> create mode 100644 conf/distro/poky-security.conf
>>
>> diff --git a/conf/distro/poky-security.conf b/conf/distro/poky-security.conf
>> new file mode 100644
>> index 0000000..5092dfa
>> --- /dev/null
>> +++ b/conf/distro/poky-security.conf
>> @@ -0,0 +1,4 @@
>> +require conf/distro/poky.conf
>> +require conf/distro/include/security_flags.inc
>> +
>> +DISTRO = "poky-security"
> AIUI, meta-security is supposed to be simply a layer providing additional
> recipes; thus adding a distro config to this wouldn't really be right.
Sure the distro config patch can be dropped.
Thanks for the feedback.
regards,
Armin
>
> Cheers,
> Paul
>
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2014-07-14 19:21 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-07-10 14:30 [meta-security][PATCH 0/3] Add image, packagegroups and ditro Armin Kuster
2014-07-10 14:30 ` [meta-security][PATCH 1/3] packagegroup: Add initial set of package groups Armin Kuster
2014-07-10 15:06 ` Saul Wold
2014-07-10 15:52 ` akuster
2014-07-10 14:30 ` [meta-security][PATCH 2/3] images: Add initial image Armin Kuster
2014-07-10 14:30 ` [meta-security][PATCH 3/3] distro: Add distro Armin Kuster
2014-07-14 11:31 ` Paul Eggleton
2014-07-14 19:20 ` akuster
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.