* [meta-security][PATCH 1/6] python3-oauth2client: add recipe
@ 2020-07-17 4:09 akuster
2020-07-17 4:09 ` [meta-security][PATCH 2/6] python3-privacyidea: adding initial support for mfa akuster
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: akuster @ 2020-07-17 4:09 UTC (permalink / raw)
To: yocto
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
[V2]
Add missing rdepends
---
recipes-python/python/python3-oauth2client_4.1.3.bb | 11 +++++++++++
1 file changed, 11 insertions(+)
create mode 100644 recipes-python/python/python3-oauth2client_4.1.3.bb
diff --git a/recipes-python/python/python3-oauth2client_4.1.3.bb b/recipes-python/python/python3-oauth2client_4.1.3.bb
new file mode 100644
index 0000000..ca25d14
--- /dev/null
+++ b/recipes-python/python/python3-oauth2client_4.1.3.bb
@@ -0,0 +1,11 @@
+SUMMARY = "Add version info to file paths."
+SECTION = "devel/python"
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=038e1390e94fe637991fa5569daa62bc"
+
+PYPI_PACKAGE = "oauth2client"
+SRC_URI[sha256sum] = "d486741e451287f69568a4d26d70d9acd73a2bbfa275746c535b4209891cccc6"
+
+inherit pypi setuptools3
+
+RDEPENDS_${PN} = "python3-six python3-rsa python3-httplib2 python3-pyasn1 python3-pyasn1-modules"
--
2.8.6
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [meta-security][PATCH 2/6] python3-privacyidea: adding initial support for mfa
2020-07-17 4:09 [meta-security][PATCH 1/6] python3-oauth2client: add recipe akuster
@ 2020-07-17 4:09 ` akuster
2020-07-17 4:09 ` [meta-security][PATCH 3/6] strongswan: add bbappends for tpm changes akuster
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: akuster @ 2020-07-17 4:09 UTC (permalink / raw)
To: yocto
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
recipes-security/mfa/python3-privacyidea_3.3.bb | 40 +++++++++++++++++++++++++
1 file changed, 40 insertions(+)
create mode 100644 recipes-security/mfa/python3-privacyidea_3.3.bb
diff --git a/recipes-security/mfa/python3-privacyidea_3.3.bb b/recipes-security/mfa/python3-privacyidea_3.3.bb
new file mode 100644
index 0000000..eb6b7eb
--- /dev/null
+++ b/recipes-security/mfa/python3-privacyidea_3.3.bb
@@ -0,0 +1,40 @@
+SUMMARY = "identity, multifactor authentication (OTP), authorization, audit"
+DESCRIPTION = "privacyIDEA is an open solution for strong two-factor authentication like OTP tokens, SMS, smartphones or SSH keys. Using privacyIDEA you can enhance your existing applications like local login (PAM, Windows Credential Provider), VPN, remote access, SSH connections, access to web sites or web portals with a second factor during authentication. Thus boosting the security of your existing applications."
+
+HOMEPAGE = "http://www.privacyidea.org/"
+LICENSE = "AGPL-3.0"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=c0acfa7a8a03b718abee9135bc1a1c55"
+
+PYPI_PACKAGE = "privacyIDEA"
+SRC_URI[sha256sum] = "55fbdd0fdc8957f7fc5b8900453fd9dc294860bae218e53e7fe394d93f982518"
+
+inherit pypi setuptools3
+
+do_install_append () {
+ #install ${D}/var/log/privacyidea
+
+ rm -fr ${D}${libdir}/${PYTHON_DIR}/site-packages/tests
+}
+
+USERADD_PACKAGES = "${PN}"
+GROUPADD_PARAM_${PN} = "--system privacyidea"
+USERADD_PARAM_${PN} = "--system -g privacyidea -o -r -d /opt/${BPN} \
+ --shell /bin/false privacyidea"
+
+FILES_${PN} += " ${datadir}/etc/privacyidea/* ${datadir}/lib/privacyidea/*"
+
+RDEPENDS_${PN} += " bash perl freeradius-mysql freeradius-utils"
+
+RDEPENDS_${PN} += "python3 python3-alembic python3-babel python3-backports-functools-lru-cache python3-bcrypt"
+RDEPENDS_${PN} += "python3-beautifulsoup4 python3-cbor2 python3-certifi python3-cffi python3-chardet"
+RDEPENDS_${PN} += "python3-click python3-configobj python3-croniter python3-cryptography python3-defusedxml"
+RDEPENDS_${PN} += "python3-ecdsa python3-flask python3-flask-babel python3-flask-migrate"
+RDEPENDS_${PN} += "python3-flask-script python3-flask-sqlalchemy python3-flask-versioned"
+RDEPENDS_${PN} += "python3-future python3-httplib2 python3-huey python3-idna python3-ipaddress"
+RDEPENDS_${PN} += "python3-itsdangerous python3-jinja2 python3-ldap python3-lxml python3-mako"
+RDEPENDS_${PN} += "python3-markupsafe python3-netaddr python3-oauth2client python3-passlib python3-pillow"
+RDEPENDS_${PN} += "python3-pyasn1 python3-pyasn1-modules python3-pycparser python3-pyjwt python3-pymysql"
+RDEPENDS_${PN} += "python3-pyopenssl python3-pyrad python3-dateutil python3-editor python3-gnupg"
+RDEPENDS_${PN} += "python3-pytz python3-pyyaml python3-qrcode python3-redis python3-requests python3-rsa"
+RDEPENDS_${PN} += "python3-six python3-smpplib python3-soupsieve python3-soupsieve "
+RDEPENDS_${PN} += "python3-sqlalchemy python3-sqlsoup python3-urllib3 python3-werkzeug"
--
2.8.6
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [meta-security][PATCH 3/6] strongswan: add bbappends for tpm changes
2020-07-17 4:09 [meta-security][PATCH 1/6] python3-oauth2client: add recipe akuster
2020-07-17 4:09 ` [meta-security][PATCH 2/6] python3-privacyidea: adding initial support for mfa akuster
@ 2020-07-17 4:09 ` akuster
2020-07-17 4:09 ` [meta-security][PATCH 4/6] layer.conf: add dynamic-layer for strongswan akuster
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: akuster @ 2020-07-17 4:09 UTC (permalink / raw)
To: yocto
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
...01-xfrmi-Only-build-if-libcharon-is-built.patch | 38 ++++++++++++++++++++++
.../recipes-support/strongswan/strongswan-tpm.inc | 12 +++++++
.../strongswan/strongswan_5.%.bbappend | 1 +
3 files changed, 51 insertions(+)
create mode 100644 meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/files/0001-xfrmi-Only-build-if-libcharon-is-built.patch
create mode 100644 meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-tpm.inc
create mode 100644 meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan_5.%.bbappend
diff --git a/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/files/0001-xfrmi-Only-build-if-libcharon-is-built.patch b/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/files/0001-xfrmi-Only-build-if-libcharon-is-built.patch
new file mode 100644
index 0000000..8250282
--- /dev/null
+++ b/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/files/0001-xfrmi-Only-build-if-libcharon-is-built.patch
@@ -0,0 +1,38 @@
+From db772305c6baa01f6c6750be74733e4bfc1d6106 Mon Sep 17 00:00:00 2001
+From: Tobias Brunner <tobias@strongswan.org>
+Date: Tue, 14 Apr 2020 10:44:19 +0200
+Subject: [PATCH] xfrmi: Only build if libcharon is built
+
+The kernel-netlink plugin is only built if libcharon is.
+
+Closes strongswan/strongswan#167.
+
+Upstream-Status: Backport
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+---
+ src/Makefile.am | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+Index: strongswan-5.8.4/src/Makefile.am
+===================================================================
+--- strongswan-5.8.4.orig/src/Makefile.am
++++ strongswan-5.8.4/src/Makefile.am
+@@ -42,6 +42,9 @@ endif
+
+ if USE_LIBCHARON
+ SUBDIRS += libcharon
++if USE_KERNEL_NETLINK
++ SUBDIRS += xfrmi
++endif
+ endif
+
+ if USE_FILE_CONFIG
+@@ -143,7 +146,3 @@ endif
+ if USE_TPM
+ SUBDIRS += tpm_extendpcr
+ endif
+-
+-if USE_KERNEL_NETLINK
+- SUBDIRS += xfrmi
+-endif
diff --git a/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-tpm.inc b/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-tpm.inc
new file mode 100644
index 0000000..d8604e1
--- /dev/null
+++ b/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-tpm.inc
@@ -0,0 +1,12 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+
+DEPENDS = "libtspi"
+
+SRC_URI_append = " file://0001-xfrmi-Only-build-if-libcharon-is-built.patch"
+
+PACKAGECONFIG += "aikgen tpm"
+
+PACKAGECONFIG[tpm] = "--enable-tpm,--disable-tpm,,"
+PACKAGECONFIG[aikgen] = "--enable-aikgen,--disable-aikgen,,"
+
+EXTRA_OECONF += "--with-linux-headers=${STAGING_KERNEL_DIR}"
diff --git a/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan_5.%.bbappend b/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan_5.%.bbappend
new file mode 100644
index 0000000..34757bb
--- /dev/null
+++ b/meta-tpm/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan_5.%.bbappend
@@ -0,0 +1 @@
+require ${@bb.utils.contains('DISTRO_FEATURES', 'tpm', 'strongswan-tpm.inc', '', d)}
--
2.8.6
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [meta-security][PATCH 4/6] layer.conf: add dynamic-layer for strongswan
2020-07-17 4:09 [meta-security][PATCH 1/6] python3-oauth2client: add recipe akuster
2020-07-17 4:09 ` [meta-security][PATCH 2/6] python3-privacyidea: adding initial support for mfa akuster
2020-07-17 4:09 ` [meta-security][PATCH 3/6] strongswan: add bbappends for tpm changes akuster
@ 2020-07-17 4:09 ` akuster
2020-07-17 4:10 ` [meta-security][PATCH 5/6] strongswan: Add bbappends for ima changes akuster
2020-07-17 4:10 ` [meta-security][PATCH 6/6] meta-integrity: add dynamic-layer for strongswan akuster
4 siblings, 0 replies; 6+ messages in thread
From: akuster @ 2020-07-17 4:09 UTC (permalink / raw)
To: yocto
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta-tpm/conf/layer.conf | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/meta-tpm/conf/layer.conf b/meta-tpm/conf/layer.conf
index c3372c7..46d0279 100644
--- a/meta-tpm/conf/layer.conf
+++ b/meta-tpm/conf/layer.conf
@@ -15,3 +15,7 @@ LAYERDEPENDS_tpm-layer = " \
openembedded-layer \
"
BBLAYERS_LAYERINDEX_NAME_tpm-layer = "meta-tpm"
+
+BBFILES_DYNAMIC += " \
+networking-layer:${LAYERDIR}/dynamic-layers/meta-networking/recipes-*/*/*.bbappend \
+"
--
2.8.6
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [meta-security][PATCH 5/6] strongswan: Add bbappends for ima changes
2020-07-17 4:09 [meta-security][PATCH 1/6] python3-oauth2client: add recipe akuster
` (2 preceding siblings ...)
2020-07-17 4:09 ` [meta-security][PATCH 4/6] layer.conf: add dynamic-layer for strongswan akuster
@ 2020-07-17 4:10 ` akuster
2020-07-17 4:10 ` [meta-security][PATCH 6/6] meta-integrity: add dynamic-layer for strongswan akuster
4 siblings, 0 replies; 6+ messages in thread
From: akuster @ 2020-07-17 4:10 UTC (permalink / raw)
To: yocto
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../recipes-support/strongswan/strongswan-ima.inc | 61 ++++++++++++++++++++++
.../strongswan/strongswan_5.%.bbappend | 1 +
2 files changed, 62 insertions(+)
create mode 100644 meta-integrity/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-ima.inc
create mode 100644 meta-integrity/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan_5.%.bbappend
diff --git a/meta-integrity/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-ima.inc b/meta-integrity/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-ima.inc
new file mode 100644
index 0000000..a45182e
--- /dev/null
+++ b/meta-integrity/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan-ima.inc
@@ -0,0 +1,61 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+
+DEPENDS = "libtspi"
+
+SRC_URI_append = " file://0001-xfrmi-Only-build-if-libcharon-is-built.patch"
+
+PACKAGECONFIG += " \
+ aikgen \
+ tpm \
+"
+
+PACKAGECONFIG[tpm] = "--enable-tpm,--disable-tpm,,"
+PACKAGECONFIG[aikgen] = "--enable-aikgen,--disable-aikgen,,"
+
+PACKAGECONFIG_ima += "\
+ imc-test \
+ imv-test \
+ imc-scanner \
+ imv-scanner \
+ imc-os \
+ imv-os \
+ imc-attestation \
+ imv-attestation \
+ tnc-ifmap \
+ tnc-imc \
+ tnc-imv \
+ tnc-pdp \
+ tnccs-11 \
+ tnccs-20 \
+ tnccs-dynamic \
+ "
+
+EXTRA_OECONF += "--with-linux-headers=${STAGING_KERNEL_DIR}"
+
+PACKAGECONFIG[imc-test] = "--enable-imc-test,--disable-imc-test,,"
+PACKAGECONFIG[imc-scanner] = "--enable-imc-scanner,--disable-imc-scanner,,"
+PACKAGECONFIG[imc-os] = "--enable-imc-os,--disable-imc-os,,"
+PACKAGECONFIG[imc-attestation] = "--enable-imc-attestation,--disable-imc-attestation,,"
+PACKAGECONFIG[imc-swima] = "--enable-imc-swima, --disable-imc-swima,,"
+PACKAGECONFIG[imc-hcd] = "--enable-imc-hcd, --disable-imc-hcd,,"
+PACKAGECONFIG[tnc-imc] = "--enable-tnc-imc,--disable-tnc-imc,,"
+
+PACKAGECONFIG[imv-test] = "--enable-imv-test,--disable-imv-test,,"
+PACKAGECONFIG[imv-scanner] = "--enable-imv-scanner,--disable-imv-scanner,,"
+PACKAGECONFIG[imv-os] = "--enable-imv-os,--disable-imv-os,,"
+PACKAGECONFIG[imv-attestation] = "--enable-imv-attestation,--disable-imv-attestation,,"
+PACKAGECONFIG[imv-swima] = "--enable-imv-swima, --disable-imv-swima,,"
+PACKAGECONFIG[imv-hcd] = "--enable-imv-hcd, --disable-imv-hcd,,"
+PACKAGECONFIG[tnc-imv] = "--enable-tnc-imv,--disable-tnc-imv,,"
+
+PACKAGECONFIG[tnc-ifmap] = "--enable-tnc-ifmap,--disable-tnc-ifmap,libxml2,"
+PACKAGECONFIG[tnc-pdp] = "--enable-tnc-pdp,--disable-tnc-pdp,,"
+
+PACKAGECONFIG[tnccs-11] = "--enable-tnccs-11,--disable-tnccs-11,libxml2,"
+PACKAGECONFIG[tnccs-20] = "--enable-tnccs-20,--disable-tnccs-20,,"
+PACKAGECONFIG[tnccs-dynamic] = "--enable-tnccs-dynamic,--disable-tnccs-dynamic,,"
+
+#FILES_${PN} += "${libdir}/ipsec/imcvs/*.so ${datadir}/regid.2004-03.org.strongswan"
+#FILES_${PN}-dbg += "${libdir}/ipsec/imcvs/.debug"
+#FILES_${PN}-dev += "${libdir}/ipsec/imcvs/*.la"
+#FILES_${PN}-staticdev += "${libdir}/ipsec/imcvs/*.a"
diff --git a/meta-integrity/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan_5.%.bbappend b/meta-integrity/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan_5.%.bbappend
new file mode 100644
index 0000000..4669fd2
--- /dev/null
+++ b/meta-integrity/dynamic-layers/meta-networking/recipes-support/strongswan/strongswan_5.%.bbappend
@@ -0,0 +1 @@
+require ${@bb.utils.contains('DISTRO_FEATURES', 'imp', 'strongswan-ima.inc', '', d)}
--
2.8.6
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [meta-security][PATCH 6/6] meta-integrity: add dynamic-layer for strongswan
2020-07-17 4:09 [meta-security][PATCH 1/6] python3-oauth2client: add recipe akuster
` (3 preceding siblings ...)
2020-07-17 4:10 ` [meta-security][PATCH 5/6] strongswan: Add bbappends for ima changes akuster
@ 2020-07-17 4:10 ` akuster
4 siblings, 0 replies; 6+ messages in thread
From: akuster @ 2020-07-17 4:10 UTC (permalink / raw)
To: yocto
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta-integrity/conf/layer.conf | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/meta-integrity/conf/layer.conf b/meta-integrity/conf/layer.conf
index b4edac3..f905b0b 100644
--- a/meta-integrity/conf/layer.conf
+++ b/meta-integrity/conf/layer.conf
@@ -26,3 +26,7 @@ LAYERSERIES_COMPAT_integrity = "dunfell"
LAYERDEPENDS_integrity = "core openembedded-layer"
BBLAYERS_LAYERINDEX_NAME_integrity = "meta-integrity"
+
+BBFILES_DYNAMIC += " \
+networking-layer:${LAYERDIR}/dynamic-layers/meta-networking/recipes-*/*/*.bbappend \
+"
--
2.8.6
^ permalink raw reply related [flat|nested] 6+ messages in thread
end of thread, other threads:[~2020-07-17 4:10 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-17 4:09 [meta-security][PATCH 1/6] python3-oauth2client: add recipe akuster
2020-07-17 4:09 ` [meta-security][PATCH 2/6] python3-privacyidea: adding initial support for mfa akuster
2020-07-17 4:09 ` [meta-security][PATCH 3/6] strongswan: add bbappends for tpm changes akuster
2020-07-17 4:09 ` [meta-security][PATCH 4/6] layer.conf: add dynamic-layer for strongswan akuster
2020-07-17 4:10 ` [meta-security][PATCH 5/6] strongswan: Add bbappends for ima changes akuster
2020-07-17 4:10 ` [meta-security][PATCH 6/6] meta-integrity: add dynamic-layer for strongswan akuster
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.