I have an image that is using debian package management (PACKAGE_CLASSES = "package_deb"). Because apt and dpkg require perl, perl is being installed in the image. No problem. Except that the entire p

Create a common conf/machine/include/tinker.inc and re-spin - conf/machine/tinker-board.conf - conf/machine-tinker-board-s.conf to just contain the differences. Signed-off-by: Trevor Woerner <twoerner

The COMPATIBLE_MACHINE strings were getting unwieldy, so switch to the MACHINEOVERRIDE notation so they're neater. Signed-off-by: Trevor Woerner <twoerner@...> --- recipes-kernel/linux/linux-stable-bl

I still appear to be having an issue with the SXT SDK install… Building for zeus/x86_64 Intel based platform… I build my kernel image clean, fully functional… Standard SDK builds clean and appears fun

From: Ming Liu <liu.ming50@...> Signed-off-by: Ming Liu <liu.ming50@...> Signed-off-by: Armin Kuster <akuster808@...> --- .../recipes-core/initrdscripts/initramfs-framework-ima.bb | 2 +- 1 file change

From: Ming Liu <ming.liu@...> Cherry pick some IMA/EVM fixes to LTS dunfell branch, with these=20 patches applied, I could run a ima enabled image with sysvinit/systemd on qemuarm/qemuarm64 and some N

From: Ming Liu <liu.ming50@...> /etc/ima-policy > /etc/ima/ima-policy. Signed-off-by: Ming Liu <liu.ming50@...> Signed-off-by: Armin Kuster <akuster808@...> --- .../recipes-core/initrdscripts/initramf

From: Ming Liu <liu.ming50@...> Create a recipe to package IMA/EMV public keys. Signed-off-by: Ming Liu <liu.ming50@...> Signed-off-by: Armin Kuster <akuster808@...> --- .../ima-evm-keys/ima-evm-keys_

From: Ming Liu <liu.ming50@...> Or else wic will fail without "--no-fstab-update" option. Signed-off-by: Ming Liu <liu.ming50@...> Signed-off-by: Armin Kuster <akuster808@...> --- meta-integrity/class

From: Ming Liu <liu.ming50@...> 'ima' does not have to be in native DISTRO_FEATURES, unset it to avoid sanity check for ima-evm-utils-native. Signed-off-by: Ming Liu <liu.ming50@...> Signed-off-by: Ar

From: Ming Liu <liu.ming50@...> The current logic in ima-evm-rootfs.bbclass does not guarantee ima_evm_sign_rootfs is the last function in IMAGE_PREPROCESS_COMMAND by appending to it, for instance, if

Current Dev Position: YP 3.3 Feature Freeze Next Deadline: 1st March 2021 YP 3.3 M3 build Next Team Meetings: Bug Triage meeting Thursday Mar. 4th at 7:30am PDT (https://zoom.us/j/454367603?pwd=ZGxoa2

From: Ming Liu <liu.ming50@...> Signed-off-by: Ming Liu <liu.ming50@...> Signed-off-by: Armin Kuster <akuster808@...> --- meta-integrity/README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(

From: Ming Liu <liu.ming50@...> Otherwise, ima script would not run as intended. Signed-off-by: Ming Liu <liu.ming50@...> Signed-off-by: Armin Kuster <akuster808@...> --- .../recipes-core/initrdscript

From: Ming Liu <liu.ming50@...> This fixes following systemd boot issues: [ 7.455580] systemd[1]: Failed to create /init.scope control group: Pe= rmission denied [ 7.457677] systemd[1]: Failed to allo

* Update to latest git rev. * Drop obsolete and unused patches. * Rebase patches. * Add patches to make systemd --user work. Signed-off-by: Yi Zhao <yi.zhao@...> --- .../refpolicy/refpolicy-minimum_gi

Some directories are created by populate-volatile.sh. We need to restore their security contexts. Before the patch: $ ls -dZ /tmp /var/tmp /var/lock /var/run system_u:object_r:root_t /tmp system_u:obj

Install auditd which will help the users debug and eliminate the audit logs on screen. Signed-off-by: Yi Zhao <yi.zhao@...> --- recipes-security/packagegroups/packagegroup-core-selinux.bb | 1 + 1 file

Drop backported patch: 0001-lib-arm_table.h-update-arm-syscall-table.patch Signed-off-by: Yi Zhao <yi.zhao@...> --- ...arm_table.h-update-arm-syscall-table.patch | 49 ------------------- .../audit/{au

The audisp-* files should be in audispd-plugins package rather than auditd package. Signed-off-by: Yi Zhao <yi.zhao@...> --- recipes-security/audit/audit_3.0.bb | 14 ++++++++++---- 1 file changed, 10