diff --git a/meta-security/.gitlab-ci.yml b/meta-security/.gitlab-ci.yml index 50bfe4fa3c7e..3a1687cca688 100644 --- a/meta-security/.gitlab-ci.yml +++ b/meta-security/.gitlab-ci.yml @@ -136,6 +136,16 @@ qemuarm64-musl: script: - kas build --target security-build-image kas/$CI_JOB_NAME.yml +qemux86-harden: + extends: .build + script: + - kas build --target harden-image-minimal kas/$CI_JOB_NAME.yml + +qemux86-comp: + extends: .build + script: + - kas build --target security-build-image kas/$CI_JOB_NAME.yml + qemux86-test: extends: .build allow_failure: true diff --git a/meta-security/conf/layer.conf b/meta-security/conf/layer.conf index 2c3bd9654099..8c0254b827cf 100644 --- a/meta-security/conf/layer.conf +++ b/meta-security/conf/layer.conf @@ -9,6 +9,6 @@ BBFILE_COLLECTIONS += "security" BBFILE_PATTERN_security = "^${LAYERDIR}/" BBFILE_PRIORITY_security = "8" -LAYERSERIES_COMPAT_security = "dunfell" +LAYERSERIES_COMPAT_security = "gatesgarth" LAYERDEPENDS_security = "core openembedded-layer perl-layer networking-layer meta-python" diff --git a/meta-security/kas/kas-security-base.yml b/meta-security/kas/kas-security-base.yml index 6a77af599997..ba0e0f81f42a 100644 --- a/meta-security/kas/kas-security-base.yml +++ b/meta-security/kas/kas-security-base.yml @@ -10,6 +10,7 @@ repos: meta-tpm: meta-integrity: meta-security-compliance: + meta-hardening: poky: url: https://git.yoctoproject.org/git/poky diff --git a/meta-security/kas/qemux86-comp.yml b/meta-security/kas/qemux86-comp.yml new file mode 100644 index 000000000000..14c5dcabf878 --- /dev/null +++ b/meta-security/kas/qemux86-comp.yml @@ -0,0 +1,11 @@ +header: + version: 8 + includes: + - kas-security-base.yml + +local_conf_header: + meta-compliance: | + IMAGE_INSTALL_append = " lynis" + IMAGE_INSTALL_append = " openscap openscap-daemon scap-security-guide" + +machine: qemux86 diff --git a/meta-security/kas/qemux86-harden.yml b/meta-security/kas/qemux86-harden.yml new file mode 100644 index 000000000000..fb59ddab2f66 --- /dev/null +++ b/meta-security/kas/qemux86-harden.yml @@ -0,0 +1,10 @@ +header: + version: 8 + includes: + - kas-security-base.yml + +local_conf_header: + meta-security: | + DISTRO = "harden" + +machine: qemux86 diff --git a/meta-security/meta-hardening/conf/layer.conf b/meta-security/meta-hardening/conf/layer.conf index 58962144007a..22d88749dba6 100644 --- a/meta-security/meta-hardening/conf/layer.conf +++ b/meta-security/meta-hardening/conf/layer.conf @@ -8,6 +8,6 @@ BBFILE_COLLECTIONS += "harden-layer" BBFILE_PATTERN_harden-layer = "^${LAYERDIR}/" BBFILE_PRIORITY_harden-layer = "10" -LAYERSERIES_COMPAT_harden-layer = "dunfell" +LAYERSERIES_COMPAT_harden-layer = "gatesgarth" LAYERDEPENDS_harden-layer = "core openembedded-layer" diff --git a/meta-security/meta-integrity/conf/layer.conf b/meta-security/meta-integrity/conf/layer.conf index f905b0be4e56..76374eb9bfb7 100644 --- a/meta-security/meta-integrity/conf/layer.conf +++ b/meta-security/meta-integrity/conf/layer.conf @@ -2,8 +2,7 @@ BBPATH =. "${LAYERDIR}:" # We have a packages directory, add to BBFILES -BBFILES := "${BBFILES} \ - ${LAYERDIR}/recipes-*/*/*.bb \ +BBFILES += "${LAYERDIR}/recipes-*/*/*.bb \ ${LAYERDIR}/recipes-*/*/*.bbappend" BBFILE_COLLECTIONS += "integrity" @@ -21,7 +20,7 @@ INTEGRITY_BASE := '${LAYERDIR}' # interactive shell is enough. OE_TERMINAL_EXPORTS += "INTEGRITY_BASE" -LAYERSERIES_COMPAT_integrity = "dunfell" +LAYERSERIES_COMPAT_integrity = "gatesgarth" # ima-evm-utils depends on keyutils from meta-oe LAYERDEPENDS_integrity = "core openembedded-layer" diff --git a/meta-security/meta-security-compliance/conf/layer.conf b/meta-security/meta-security-compliance/conf/layer.conf index 965c83797665..db243f710d86 100644 --- a/meta-security/meta-security-compliance/conf/layer.conf +++ b/meta-security/meta-security-compliance/conf/layer.conf @@ -8,7 +8,7 @@ BBFILE_COLLECTIONS += "scanners-layer" BBFILE_PATTERN_scanners-layer = "^${LAYERDIR}/" BBFILE_PRIORITY_scanners-layer = "10" -LAYERSERIES_COMPAT_scanners-layer = "dunfell" +LAYERSERIES_COMPAT_scanners-layer = "gatesgarth" LAYERDEPENDS_scanners-layer = "core openembedded-layer meta-python" diff --git a/meta-security/meta-security-isafw/conf/layer.conf b/meta-security/meta-security-isafw/conf/layer.conf index 63f990a8b0ca..b8ee1c0137e1 100644 --- a/meta-security/meta-security-isafw/conf/layer.conf +++ b/meta-security/meta-security-isafw/conf/layer.conf @@ -14,4 +14,4 @@ LAYERVERSION_security-isafw = "1" LAYERDEPENDS_security-isafw = "core" -LAYERSERIES_COMPAT_security-isafw = "dunfell" +LAYERSERIES_COMPAT_security-isafw = "gatesgarth" diff --git a/meta-security/meta-tpm/conf/layer.conf b/meta-security/meta-tpm/conf/layer.conf index 46d0279ccded..cd62fbac269e 100644 --- a/meta-security/meta-tpm/conf/layer.conf +++ b/meta-security/meta-tpm/conf/layer.conf @@ -8,7 +8,7 @@ BBFILE_COLLECTIONS += "tpm-layer" BBFILE_PATTERN_tpm-layer = "^${LAYERDIR}/" BBFILE_PRIORITY_tpm-layer = "10" -LAYERSERIES_COMPAT_tpm-layer = "dunfell" +LAYERSERIES_COMPAT_tpm-layer = "gatesgarth" LAYERDEPENDS_tpm-layer = " \ core \