|
Reducing the perl footprint on my image 5 messages
I have an image that is using debian package management (PACKAGE_CLASSES = "package_deb"). Because apt and dpkg require perl, perl is being installed in the image. No problem. Except that the entire p
I have an image that is using debian package management (PACKAGE_CLASSES = "package_deb"). Because apt and dpkg require perl, perl is being installed in the image. No problem. Except that the entire p
|
By rustyhowell@...
·
|
|
[meta-rockchip][PATCH] tinker board: refactor machine config
Create a common conf/machine/include/tinker.inc and re-spin - conf/machine/tinker-board.conf - conf/machine-tinker-board-s.conf to just contain the differences. Signed-off-by: Trevor Woerner <twoerner
Create a common conf/machine/include/tinker.inc and re-spin - conf/machine/tinker-board.conf - conf/machine-tinker-board-s.conf to just contain the differences. Signed-off-by: Trevor Woerner <twoerner
|
By Trevor Woerner
·
|
|
[meta-rockchip][PATCH] COMPATIBLE_MACHINE cleanup
The COMPATIBLE_MACHINE strings were getting unwieldy, so switch to the MACHINEOVERRIDE notation so they're neater. Signed-off-by: Trevor Woerner <twoerner@...> --- recipes-kernel/linux/linux-stable-bl
The COMPATIBLE_MACHINE strings were getting unwieldy, so switch to the MACHINEOVERRIDE notation so they're neater. Signed-off-by: Trevor Woerner <twoerner@...> --- recipes-kernel/linux/linux-stable-bl
|
By Trevor Woerner
·
|
|
#yocto #sdk
#yocto
#sdk
I still appear to be having an issue with the SXT SDK install… Building for zeus/x86_64 Intel based platform… I build my kernel image clean, fully functional… Standard SDK builds clean and appears fun
I still appear to be having an issue with the SXT SDK install… Building for zeus/x86_64 Intel based platform… I build my kernel image clean, fully functional… Standard SDK builds clean and appears fun
|
By Monsees, Steven C (US)
·
|
|
[meta-security][dunfell][PATCH 4/9] initramfs-framework-ima: RDEPENDS on ima-evm-keys
From: Ming Liu <liu.ming50@...> Signed-off-by: Ming Liu <liu.ming50@...> Signed-off-by: Armin Kuster <akuster808@...> --- .../recipes-core/initrdscripts/initramfs-framework-ima.bb | 2 +- 1 file change
From: Ming Liu <liu.ming50@...> Signed-off-by: Ming Liu <liu.ming50@...> Signed-off-by: Armin Kuster <akuster808@...> --- .../recipes-core/initrdscripts/initramfs-framework-ima.bb | 2 +- 1 file change
|
By
Ming Liu
·
|
|
[meta-security][dunfell][PATCH 0/9] Some IMA/EVM fixes to dunfell branch
From: Ming Liu <ming.liu@...> Cherry pick some IMA/EVM fixes to LTS dunfell branch, with these=20 patches applied, I could run a ima enabled image with sysvinit/systemd on qemuarm/qemuarm64 and some N
From: Ming Liu <ming.liu@...> Cherry pick some IMA/EVM fixes to LTS dunfell branch, with these=20 patches applied, I could run a ima enabled image with sysvinit/systemd on qemuarm/qemuarm64 and some N
|
By
Ming Liu
·
|
|
[meta-security][dunfell][PATCH 2/9] initramfs-framework-ima: fix a wrong path
From: Ming Liu <liu.ming50@...> /etc/ima-policy > /etc/ima/ima-policy. Signed-off-by: Ming Liu <liu.ming50@...> Signed-off-by: Armin Kuster <akuster808@...> --- .../recipes-core/initrdscripts/initramf
From: Ming Liu <liu.ming50@...> /etc/ima-policy > /etc/ima/ima-policy. Signed-off-by: Ming Liu <liu.ming50@...> Signed-off-by: Armin Kuster <akuster808@...> --- .../recipes-core/initrdscripts/initramf
|
By
Ming Liu
·
|
|
[meta-security][dunfell][PATCH 3/9] ima-evm-keys: add recipe
From: Ming Liu <liu.ming50@...> Create a recipe to package IMA/EMV public keys. Signed-off-by: Ming Liu <liu.ming50@...> Signed-off-by: Armin Kuster <akuster808@...> --- .../ima-evm-keys/ima-evm-keys_
From: Ming Liu <liu.ming50@...> Create a recipe to package IMA/EMV public keys. Signed-off-by: Ming Liu <liu.ming50@...> Signed-off-by: Armin Kuster <akuster808@...> --- .../ima-evm-keys/ima-evm-keys_
|
By
Ming Liu
·
|
|
[meta-security][dunfell][PATCH 8/9] ima-evm-rootfs.bbclass: avoid generating /etc/fstab for wic
From: Ming Liu <liu.ming50@...> Or else wic will fail without "--no-fstab-update" option. Signed-off-by: Ming Liu <liu.ming50@...> Signed-off-by: Armin Kuster <akuster808@...> --- meta-integrity/class
From: Ming Liu <liu.ming50@...> Or else wic will fail without "--no-fstab-update" option. Signed-off-by: Ming Liu <liu.ming50@...> Signed-off-by: Armin Kuster <akuster808@...> --- meta-integrity/class
|
By
Ming Liu
·
|
|
[meta-security][dunfell][PATCH 1/9] ima-evm-utils: set native REQUIRED_DISTRO_FEATURES to empty
From: Ming Liu <liu.ming50@...> 'ima' does not have to be in native DISTRO_FEATURES, unset it to avoid sanity check for ima-evm-utils-native. Signed-off-by: Ming Liu <liu.ming50@...> Signed-off-by: Ar
From: Ming Liu <liu.ming50@...> 'ima' does not have to be in native DISTRO_FEATURES, unset it to avoid sanity check for ima-evm-utils-native. Signed-off-by: Ming Liu <liu.ming50@...> Signed-off-by: Ar
|
By
Ming Liu
·
|
|
[meta-security][dunfell][PATCH 5/9] meta: refactor IMA/EVM sign rootfs
From: Ming Liu <liu.ming50@...> The current logic in ima-evm-rootfs.bbclass does not guarantee ima_evm_sign_rootfs is the last function in IMAGE_PREPROCESS_COMMAND by appending to it, for instance, if
From: Ming Liu <liu.ming50@...> The current logic in ima-evm-rootfs.bbclass does not guarantee ima_evm_sign_rootfs is the last function in IMAGE_PREPROCESS_COMMAND by appending to it, for instance, if
|
By
Ming Liu
·
|
|
Yocto Project Status WW09`21
Current Dev Position: YP 3.3 Feature Freeze Next Deadline: 1st March 2021 YP 3.3 M3 build Next Team Meetings: Bug Triage meeting Thursday Mar. 4th at 7:30am PDT (https://zoom.us/j/454367603?pwd=ZGxoa2
Current Dev Position: YP 3.3 Feature Freeze Next Deadline: 1st March 2021 YP 3.3 M3 build Next Team Meetings: Bug Triage meeting Thursday Mar. 4th at 7:30am PDT (https://zoom.us/j/454367603?pwd=ZGxoa2
|
By Stephen Jolley
·
|
|
[meta-security][dunfell][PATCH 6/9] README.md: update according to the refactoring in ima-evm-rootfs.bbclass
From: Ming Liu <liu.ming50@...> Signed-off-by: Ming Liu <liu.ming50@...> Signed-off-by: Armin Kuster <akuster808@...> --- meta-integrity/README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(
From: Ming Liu <liu.ming50@...> Signed-off-by: Ming Liu <liu.ming50@...> Signed-off-by: Armin Kuster <akuster808@...> --- meta-integrity/README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(
|
By
Ming Liu
·
|
|
[meta-security][dunfell][PATCH 7/9] initramfs-framework-ima: let ima_enabled return 0
From: Ming Liu <liu.ming50@...> Otherwise, ima script would not run as intended. Signed-off-by: Ming Liu <liu.ming50@...> Signed-off-by: Armin Kuster <akuster808@...> --- .../recipes-core/initrdscript
From: Ming Liu <liu.ming50@...> Otherwise, ima script would not run as intended. Signed-off-by: Ming Liu <liu.ming50@...> Signed-off-by: Armin Kuster <akuster808@...> --- .../recipes-core/initrdscript
|
By
Ming Liu
·
|
|
[meta-security][dunfell][PATCH 9/9] ima-policy-hashed: add CGROUP2_SUPER_MAGIC fsmagic
From: Ming Liu <liu.ming50@...> This fixes following systemd boot issues: [ 7.455580] systemd[1]: Failed to create /init.scope control group: Pe= rmission denied [ 7.457677] systemd[1]: Failed to allo
From: Ming Liu <liu.ming50@...> This fixes following systemd boot issues: [ 7.455580] systemd[1]: Failed to create /init.scope control group: Pe= rmission denied [ 7.457677] systemd[1]: Failed to allo
|
By
Ming Liu
·
|
|
[meta-selinux][PATCH 7/7] refpolicy: upgrade 20200229+git -> 20210203+git
* Update to latest git rev. * Drop obsolete and unused patches. * Rebase patches. * Add patches to make systemd --user work. Signed-off-by: Yi Zhao <yi.zhao@...> --- .../refpolicy/refpolicy-minimum_gi
* Update to latest git rev. * Drop obsolete and unused patches. * Rebase patches. * Add patches to make systemd --user work. Signed-off-by: Yi Zhao <yi.zhao@...> --- .../refpolicy/refpolicy-minimum_gi
|
By Yi Zhao
·
|
|
[meta-selinux][PATCH 6/7] initscripts: restore security contexts after running populate-volatile.sh
Some directories are created by populate-volatile.sh. We need to restore their security contexts. Before the patch: $ ls -dZ /tmp /var/tmp /var/lock /var/run system_u:object_r:root_t /tmp system_u:obj
Some directories are created by populate-volatile.sh. We need to restore their security contexts. Before the patch: $ ls -dZ /tmp /var/tmp /var/lock /var/run system_u:object_r:root_t /tmp system_u:obj
|
By Yi Zhao
·
|
|
[meta-selinux][PATCH 5/7] packagegroup-core-selinux: add auditd
Install auditd which will help the users debug and eliminate the audit logs on screen. Signed-off-by: Yi Zhao <yi.zhao@...> --- recipes-security/packagegroups/packagegroup-core-selinux.bb | 1 + 1 file
Install auditd which will help the users debug and eliminate the audit logs on screen. Signed-off-by: Yi Zhao <yi.zhao@...> --- recipes-security/packagegroups/packagegroup-core-selinux.bb | 1 + 1 file
|
By Yi Zhao
·
|
|
[meta-selinux][PATCH 4/7] audit: upgrade 3.0 -> 3.0.1
Drop backported patch: 0001-lib-arm_table.h-update-arm-syscall-table.patch Signed-off-by: Yi Zhao <yi.zhao@...> --- ...arm_table.h-update-arm-syscall-table.patch | 49 ------------------- .../audit/{au
Drop backported patch: 0001-lib-arm_table.h-update-arm-syscall-table.patch Signed-off-by: Yi Zhao <yi.zhao@...> --- ...arm_table.h-update-arm-syscall-table.patch | 49 ------------------- .../audit/{au
|
By Yi Zhao
·
|
|
[meta-selinux][PATCH 3/7] audit: move audisp-* to audispd-plugins package
The audisp-* files should be in audispd-plugins package rather than auditd package. Signed-off-by: Yi Zhao <yi.zhao@...> --- recipes-security/audit/audit_3.0.bb | 14 ++++++++++---- 1 file changed, 10
The audisp-* files should be in audispd-plugins package rather than auditd package. Signed-off-by: Yi Zhao <yi.zhao@...> --- recipes-security/audit/audit_3.0.bb | 14 ++++++++++---- 1 file changed, 10
|
By Yi Zhao
·
|