jim.lai/OpenBMC
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Your Name
2026-04-23 17:07:55 +08:00
commit b7e39e063b
16725 changed files with 1625565 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-security/recipes-security/Firejail/firejail/exclude_seccomp_util_compiles.patch
+45
View File
@@ -0,0 +1,45 @@
Exclude all the seccomp files to run during build.
Upstream-Status: Inappropriate [embedded specific]
There are some files that need to run to generate the appropriate files
we are currently doing this on the target.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Index: git/Makefile
===================================================================
--- git.orig/Makefile
+++ git/Makefile
@@ -18,7 +18,6 @@ MYDIRS = src/lib $(MAN_SRC) $(COMPLETION
MYLIBS = src/libpostexecseccomp/libpostexecseccomp.so src/libtrace/libtrace.so src/libtracelog/libtracelog.so
COMPLETIONS = src/zsh_completion/_firejail src/bash_completion/firejail.bash_completion
MANPAGES = firejail.1 firemon.1 firecfg.1 firejail-profile.5 firejail-login.5 firejail-users.5 jailcheck.1
-SECCOMP_FILTERS = seccomp seccomp.debug seccomp.32 seccomp.block_secondary seccomp.mdwx seccomp.mdwx.32
ALL_ITEMS = $(APPS) $(SBOX_APPS) $(SBOX_APPS_NON_DUMPABLE) $(MYLIBS)
.PHONY: all
@@ -43,7 +42,7 @@ $(MANPAGES): src/man config.mk
man: $(MANPAGES)
-filters: $(SECCOMP_FILTERS) $(SBOX_APPS_NON_DUMPABLE)
+filters: $(SBOX_APPS_NON_DUMPABLE)
seccomp: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize
src/fseccomp/fseccomp default seccomp
src/fsec-optimize/fsec-optimize seccomp
@@ -72,7 +71,6 @@ clean:
done
$(MAKE) -C test clean
rm -f $(MANPAGES) $(MANPAGES:%=%.gz) firejail*.rpm
- rm -f $(SECCOMP_FILTERS)
rm -f test/utils/index.html*
rm -f test/utils/wget-log
rm -f test/utils/firejail-test-file*
@@ -110,7 +108,7 @@ endif
# libraries and plugins
install -m 0755 -d $(DESTDIR)$(libdir)/firejail
install -m 0755 -t $(DESTDIR)$(libdir)/firejail src/firecfg/firejail-welcome.sh
- install -m 0644 -t $(DESTDIR)$(libdir)/firejail $(MYLIBS) $(SECCOMP_FILTERS)
+ install -m 0644 -t $(DESTDIR)$(libdir)/firejail $(MYLIBS)
install -m 0755 -t $(DESTDIR)$(libdir)/firejail $(SBOX_APPS)
install -m 0755 -t $(DESTDIR)$(libdir)/firejail src/profstats/profstats
# plugins w/o read permission (non-dumpable)
meta-security/recipes-security/Firejail/firejail_0.9.72.bb
+64
View File
@@ -0,0 +1,64 @@
#
# Copyright 2022 Armin Kuster <akuster808@gmail.com>
#
SUMMARY = "Linux namespaces and seccomp-bpf sandbox"
DESCRIPTION = "Firejail is a SUID sandbox program that reduces the risk of security breaches \
by restricting the running environment of untrusted applications using Linux namespaces, \
seccomp-bpf and Linux capabilities."
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
LICENSE = "GPL-2.0-only"
SRCREV = "2551bc71f14052344666f3ca2ad67f5b798020b9"
SRC_URI = "git://github.com/netblue30/firejail.git;protocol=https;branch=master \
file://exclude_seccomp_util_compiles.patch \
"
DEPENDS = "libseccomp"
S = "${WORKDIR}/git"
inherit autotools-brokensep pkgconfig bash-completion features_check
REQUIRED_DISTRO_FEATURES = "seccomp"
PACKAGECONFIG ?= ""
PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'apparmor', 'apparmor', '', d)}"
PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}"
PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11', '', d)}"
PACKAGECONFIG[apparmor] = "--enable-apparmor, --disable-apparmor, apparmor, apparmor"
PACKAGECONFIG[selinux] = "--enable-selinux, --disable-selinux, libselinux"
PACKAGECONFIG[x11] = " --enable-x11, --disable-x11, "
PACKAGECONFIG[dbusproxy] = ", --disable-dbusproxy, "
PACKAGECONFIG[notmpfs] = ", --disable-usertmpfs ,"
PACKAGECONFIG[nofiretunnel] = ", --disable-firetunnel , "
PACKAGECONFIG[noprivatehome] = ", --disable-private-home, "
PACKAGECONFIG[nochroot] = ", --disable-chroot, "
PACKAGECONFIG[nonetwork] = ", --disable-network, "
PACKAGECONFIG[nouserns] = ", --disable-userns, "
PACKAGECONFIG[nofiletransfer] = ", --disable-file-transfer, "
PACKAGECONFIG[nosuid] = ", --disable-suid, "
EXTRA_OECONF = "--disable-man --enable-busybox-workaround"
PACKAGES:append = " ${PN}-vim ${PN}-zsh"
FILES:${PN}-vim = "${datadir}/vim/"
FILES:${PN}-zsh = "${datadir}/zsh/"
FILES:${PN}-dev = "${datadir}/gtksourceview-5/"
pkg_postinst_ontarget:${PN} () {
${libdir}/${BPN}/fseccomp default ${libdir}/${BPN}/seccomp
${libdir}/${BPN}/fsec-optimize ${libdir}/${BPN}/seccomp
${libdir}/${BPN}/fseccomp default ${libdir}/${BPN}/seccomp.debug allow-debuggers
${libdir}/${BPN}/fsec-optimize ${libdir}/${BPN}/seccomp.debug
${libdir}/${BPN}/fseccomp secondary 32 ${libdir}/${BPN}/seccomp.32
${libdir}/${BPN}/fsec-optimize ${libdir}/${BPN}/seccomp.32
${libdir}/${BPN}/fseccomp secondary block ${libdir}/${BPN}/seccomp.block_secondary
${libdir}/${BPN}/fseccomp memory-deny-write-execute ${libdir}/${BPN}/seccomp.mdwx
}
COMPATIBLE_MACHINE:mips64 = "(!.*mips64).*"
RDEPENDS:${PN} = "bash"
meta-security/recipes-security/aircrack-ng/aircrack-ng_1.6.bb
+36
View File
@@ -0,0 +1,36 @@
SUMMARY = "Aircrack-ng is a set of tools for auditing wireless networks"
DESCRIPTION = "Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the PTW attack, thus making the attack much faster compared to other WEP cracking tools."
SECTION = "security"
LICENSE = "GPL-2.0-only"
LIC_FILES_CHKSUM = "file://LICENSE;beginline=1;endline=2;md5=1fbd81241fe252ec0f5658a521ab7dd8"
DEPENDS = "libnl openssl sqlite3 libpcre libpcap"
SRC_URI = "http://download.aircrack-ng.org/${BP}.tar.gz"
SRC_URI[md5sum] = "22ddc85549b51ed0da0931d01ef215e5"
SRC_URI[sha256sum] = "4f0bfd486efc6ea7229f7fbc54340ff8b2094a0d73e9f617e0a39f878999a247"
inherit autotools-brokensep pkgconfig
PACKAGECONFIG ?= ""
CFLAGS += " -I${S}/src/include"
OEMAKE_EXTRA = "sqlite=true experimental=true pcre=true \
prefix=${prefix} \
"
do_compile () {
make ${OEMAKE_EXTRA} TOOL_PREFIX=${TARGET_SYS}-
}
do_install () {
make DESTDIR=${D} ${OEMAKE_EXTRA} ext_scripts=true install
}
FILES:${PN} += "${libdir}/*.so"
FILES_SOLIBSDEV = ""
INSANE_SKIP:${PN} += "dev-so"
RDEPENDS:${PN} = "libpcap"
meta-security/recipes-security/chipsec/chipsec_1.9.1.bb
+34
View File
@@ -0,0 +1,34 @@
SUMMARY = "CHIPSEC: Platform Security Assessment Framework"
DESCRIPTION = "CHIPSEC is a framework for analyzing the security \
of PC platforms including hardware, system firmware \
(BIOS/UEFI), and platform components."
LICENSE = "GPL-2.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=bc2d1f9b427be5fb63f6af9da56f7c5d"
DEPENDS = "virtual/kernel nasm-native"
SRC_URI = "git://github.com/chipsec/chipsec.git;branch=main;protocol=https"
SRCREV = "d8c2a606bf440c32196c6289a7a458f3ae3107cc"
S = "${WORKDIR}/git"
inherit module setuptools3
EXTRA_OEMAKE = "CC='${CC}' LDFLAGS='${LDFLAGS}' CFLAGS='${CFLAGS}'"
do_compile:append() {
cd ${S}/drivers/linux
oe_runmake KSRC=${STAGING_KERNEL_BUILDDIR}
}
do_install:append() {
install -m 0644 ${S}/drivers/linux/chipsec.ko ${D}${PYTHON_SITEPACKAGES_DIR}/chipsec/helper/linux
}
COMPATIBLE_HOST = "(i.86|x86_64).*-linux"
FILES:${PN} += "${exec_prefix}"
RDEPENDS:${PN} = "python3 python3-modules"
meta-security/recipes-security/cryptmount/cryptmount_6.2.0.bb
+34
View File
@@ -0,0 +1,34 @@
SUMMARY = "Linux encrypted filesystem management tool"
HOMEPAGE = "http://cryptmount.sourceforge.net/"
LIC_FILES_CHKSUM = "file://COPYING;beginline=1;endline=4;md5=6e69c425bf32ecf9b1e11d29d146d03d"
LICENSE = "GPL-2.0-only"
SRC_URI = "https://sourceforge.net/projects/cryptmount/files/${BPN}/${BPN}-6.2/${BPN}-${PV}.tar.gz"
SRC_URI[sha256sum] = "90cc49fd598d636929c70479b1305f12b011edadf4a54578ace6c0fca8cb5ed2"
inherit autotools-brokensep gettext pkgconfig systemd
EXTRA_OECONF = " --enable-cswap --enable-fsck --enable-argv0switch"
PACKAGECONFIG ?="intl luks gcrypt nls"
PACKAGECONFIG:append = " ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)}"
PACKAGECONFIG[systemd] = "--with-systemd, --without-systemd, systemd"
PACKAGECONFIG[intl] = "--with-libintl-prefix, --without-libintl-prefix"
PACKAGECONFIG[gcrypt] = "--with-libgcrypt, --without-libgcrypt, libgcrypt"
PACKAGECONFIG[luks] = "--enable-luks, --disable-luks, cryptsetup"
PACKAGECONFIG[nls] = "--enable-nls, --disable-nls, "
SYSTEMD_PACKAGES = "${PN}"
SYSTEMD_SERVICE:${PN} = "cryptmount.service"
do_install:append () {
if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
install -D -m 0644 ${S}/sysinit/cryptmount.service ${D}${systemd_system_unitdir}/cryptmount.service
rm -fr ${D}/usr/lib
fi
}
FILES:${PN} += "${systemd_system_unitdir}"
RDEPENDS:${PN} = "libdevmapper"
meta-security/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb
+72
View File
@@ -0,0 +1,72 @@
SUMMARY = "The eCryptfs mount helper and support libraries"
DESCRIPTION = "eCryptfs is a stacked cryptographic filesystem \
that ships in Linux kernel versions 2.6.19 and above. This \
package provides the mount helper and supporting libraries \
to perform key management and mount functions."
HOMEPAGE = "https://launchpad.net/ecryptfs"
SECTION = "base"
LICENSE = "GPL-2.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b"
DEPENDS = "keyutils libgcrypt intltool-native glib-2.0-native"
SRC_URI = "\
https://launchpad.net/ecryptfs/trunk/${PV}/+download/${BPN}_${PV}.orig.tar.gz \
file://ecryptfs-utils-CVE-2016-6224.patch \
file://0001-avoid-race-condition.patch \
file://ecryptfs.service \
file://define_musl_sword_type.patch \
"
SRC_URI[md5sum] = "83513228984f671930752c3518cac6fd"
SRC_URI[sha256sum] = "112cb3e37e81a1ecd8e39516725dec0ce55c5f3df6284e0f4cc0f118750a987f"
UPSTREAM_CHECK_URI = "https://launchpad.net/ecryptfs/+download"
inherit autotools pkgconfig systemd
SYSTEMD_PACKAGES = "${PN}"
SYSTEMD_SERVICE:${PN} = "ecryptfs.service"
EXTRA_OECONF = "\
--libdir=${base_libdir} \
--disable-pywrap \
--disable-nls \
--with-pamdir=${base_libdir}/security \
--disable-openssl \
"
PACKAGECONFIG ??= "nss \
${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \
"
PACKAGECONFIG[nss] = "--enable-nss,--disable-nss,nss,"
PACKAGECONFIG[pam] = "--enable-pam,--disable-pam,libpam,"
do_configure:prepend() {
export NSS_CFLAGS="-I${STAGING_INCDIR}/nspr -I${STAGING_INCDIR}/nss3"
export NSS_LIBS="-L${STAGING_BASELIBDIR} -lssl3 -lsmime3 -lnss3 -lsoftokn3 -lnssutil3"
export KEYUTILS_CFLAGS="-I${STAGING_INCDIR}"
export KEYUTILS_LIBS="-L${STAGING_LIBDIR} -lkeyutils"
sed -i -e "s;rootsbindir=\"/sbin\";rootsbindir=\"\${base_sbindir}\";g" ${S}/configure.ac
}
do_install:append() {
chmod 4755 ${D}${base_sbindir}/mount.ecryptfs_private
# ${base_libdir} is identical to ${libdir} when usrmerge enabled
if ! ${@bb.utils.contains('DISTRO_FEATURES','usrmerge','true','false',d)}; then
mkdir -p ${D}/${libdir}
mv ${D}/${base_libdir}/pkgconfig ${D}/${libdir}
fi
sed -i -e 's:-I${STAGING_INCDIR}::' \
-e 's:-L${STAGING_LIBDIR}::' ${D}/${libdir}/pkgconfig/libecryptfs.pc
sed -i -e "s: ${base_sbindir}/cryptsetup: ${sbindir}/cryptsetup:" ${D}${bindir}/ecryptfs-setup-swap
if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
install -D -m 0644 ${WORKDIR}/ecryptfs.service ${D}${systemd_system_unitdir}/ecryptfs.service
fi
}
FILES:${PN} += "${base_libdir}/security/* ${base_libdir}/ecryptfs/*"
RDEPENDS:${PN} += "cryptsetup"
RRECOMMENDS:${PN} = "gettext-runtime"
meta-security/recipes-security/ecryptfs-utils/files/0001-avoid-race-condition.patch
+32
View File
@@ -0,0 +1,32 @@
From ab671b02e3aaf65dd1fd279789ea933b8140fe52 Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Tue, 27 Aug 2019 16:08:00 +0800
Subject: [PATCH] avoid race condition
The rootsbin directory is self defined. The install-rootsbinPROGRAMS
is actually treated as part of install-data.
This would avoid race condition which causes install failure.
Upstream-Status: Pending
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
src/utils/Makefile.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/utils/Makefile.am b/src/utils/Makefile.am
index 83cf851..344883a 100644
--- a/src/utils/Makefile.am
+++ b/src/utils/Makefile.am
@@ -67,6 +67,6 @@ ecryptfs_stat_LDADD = $(top_builddir)/src/libecryptfs/libecryptfs.la
test_SOURCES = test.c io.c
test_LDADD = $(top_builddir)/src/libecryptfs/libecryptfs.la
-install-exec-hook: install-rootsbinPROGRAMS
+install-data-hook: install-rootsbinPROGRAMS
-rm -f "$(DESTDIR)/$(rootsbindir)/umount.ecryptfs_private"
$(LN_S) "mount.ecryptfs_private" "$(DESTDIR)/$(rootsbindir)/umount.ecryptfs_private"
--
2.17.1
meta-security/recipes-security/ecryptfs-utils/files/define_musl_sword_type.patch
+17
View File
@@ -0,0 +1,17 @@
Upstream-Status: Pending
Index: ecryptfs-utils-111/src/utils/mount.ecryptfs_private.c
===================================================================
--- ecryptfs-utils-111.orig/src/utils/mount.ecryptfs_private.c
+++ ecryptfs-utils-111/src/utils/mount.ecryptfs_private.c
@@ -45,6 +45,10 @@
#include <values.h>
#include "../include/ecryptfs.h"
+#ifndef __SWORD_TYPE
+typedef __typeof__( ((struct statfs *)0)->f_type ) __SWORD_TYPE;
+#endif
+
/* Perhaps a future version of this program will allow these to be configurable
* by the system administrator (or user?) at run time. For now, these are set
* to reasonable values to reduce the burden of input validation.
meta-security/recipes-security/ecryptfs-utils/files/ecryptfs-utils-CVE-2016-6224.patch
+65
View File
@@ -0,0 +1,65 @@
From 558a513ba3100ea5190de1a24cf1fed663367765 Mon Sep 17 00:00:00 2001
From: Li Zhou <li.zhou@windriver.com>
Date: Mon, 5 Sep 2016 10:28:08 +0800
Subject: [PATCH] ecryptfs-utils: CVE-2016-6224
src/utils/ecryptfs-setup-swap: Prevent unencrypted swap partitions from
being automatically enabled by systemd. This bug affected GPT partitioned
NVMe/MMC drives and resulted in the swap partition being used without
encryption. It also resulted in a usability issue in that users were
erroneously prompted to enter a pass-phrase to unlock their swap partition
at boot. (LP: #1597154)
the patch comes from:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6224
https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/882
Upstream-Status: Backport
Signed-off-by: Li Zhou <li.zhou@windriver.com>
---
ChangeLog | 9 +++++++++
src/utils/ecryptfs-setup-swap | 10 ++++++++--
2 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index d255a94..2c9c73e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+ecryptfs-utils-112
+ [ Jason Gerard DeRose ]
+ * src/utils/ecryptfs-setup-swap: Prevent unencrypted swap partitions from
+ being automatically enabled by systemd. This bug affected GPT partitioned
+ NVMe/MMC drives and resulted in the swap partition being used without
+ encryption. It also resulted in a usability issue in that users were
+ erroneously prompted to enter a pass-phrase to unlock their swap partition
+ at boot. (LP: #1597154)
+
ecryptfs-utils-74
[ Michal Hlavinka ]
* Changes for RH/Fedora release
diff --git a/src/utils/ecryptfs-setup-swap b/src/utils/ecryptfs-setup-swap
index 41cf18a..e4785d7 100755
--- a/src/utils/ecryptfs-setup-swap
+++ b/src/utils/ecryptfs-setup-swap
@@ -166,8 +166,14 @@ for swap in $swaps; do
# If this is a GPT partition, mark it as no-auto mounting, to avoid
# auto-activating it on boot
if [ "$(blkid -p -s PART_ENTRY_SCHEME -o value "$swap")" = "gpt" ]; then
- drive="${swap%[0-9]*}"
- partno="${swap#$drive}"
+ # Correctly handle NVMe/MMC drives, as well as any similar physical
+ # block device that follow the "/dev/foo0p1" pattern (LP: #1597154)
+ if echo "$swap" | grep -qE "^/dev/.+[0-9]+p[0-9]+$"; then
+ drive=$(echo "$swap" | sed "s:\(.\+[0-9]\)p[0-9]\+:\1:")
+ else
+ drive=$(echo "$swap" | sed "s:\(.\+[^0-9]\)[0-9]\+:\1:")
+ fi
+ partno=$(echo "$swap" | sed "s:.\+[^0-9]\([0-9]\+\):\1:")
if [ -b "$drive" ]; then
if printf "x\np\n" | fdisk "$drive" | grep -q "^$swap .* GUID:.*\b63\b"; then
echo "$swap is already marked as no-auto"
--
1.9.1
meta-security/recipes-security/ecryptfs-utils/files/ecryptfs.service
+9
View File
@@ -0,0 +1,9 @@
[Unit]
Description=A userspace daemon that runs as the user perform file operations under the eCryptfs mount point
After=udev.service
[Service]
ExecStart=/usr/bin/ecryptfsd -f
[Install]
WantedBy=multi-user.target
meta-security/recipes-security/fscrypt/fscrypt_1.1.0.bb
+51
View File
@@ -0,0 +1,51 @@
SUMMARY = "fscrypt is a high-level tool for the management of Linux filesystem encryption"
DESCIPTION = "fscrypt manages metadata, key generation, key wrapping, PAM integration, \
and provides a uniform interface for creating and modifying encrypted directories. For \
a small, low-level tool that directly sets policies, see fscryptctl \
(https://github.com/google/fscryptcl)."
HOMEPAGE = "https://github.com/google/fscrypt"
SECTION = "base"
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://src/${GO_IMPORT}/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
# fscrypt depends on go and libpam
DEPENDS += "go-native libpam"
SRCREV = "7c80c73c084ce9ea49a03b814dac7a82fd7b4c23"
SRC_URI = "git://github.com/google/fscrypt.git;branch=master;protocol=https"
GO_IMPORT = "import"
inherit go goarch features_check
REQUIRED_DISTRO_FEATURES = "pam"
S = "${WORKDIR}/git"
do_compile() {
export GOARCH=${TARGET_GOARCH}
export GOROOT="${STAGING_LIBDIR_NATIVE}/${TARGET_SYS}/go"
export GOPATH="${WORKDIR}/git"
# Pass the needed cflags/ldflags so that cgo
# can find the needed headers files and libraries
export CGO_ENABLED="1"
export CGO_CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_TARGET}"
export CGO_LDFLAGS="${LDFLAGS} --sysroot=${STAGING_DIR_TARGET}"
cd ${S}/src/${GO_IMPORT}
oe_runmake
# Golang forces permissions to 0500 on directories and 0400 on files in
# the module cache which prevents us from easily cleaning up the build
# directory. Let's just fix the permissions here so we don't have to
# hack the clean tasks.
chmod -R u+w ${S}/pkg/mod
}
do_install() {
install -d ${D}/${bindir}
install ${S}/src/${GO_IMPORT}/bin/fscrypt ${D}/${bindir}/fscrypt
}
BBCLASSEXTEND = "native nativesdk"
meta-security/recipes-security/fscryptctl/fscryptctl_1.1.0.bb
+32
View File
@@ -0,0 +1,32 @@
SUMMARY = "low-level tool handling Linux filesystem encryption"
DESCIPTION = "fscryptctl is a low-level tool written in C that handles raw keys and manages \
policies for Linux filesystem encryption (https://lwn.net/Articles/639427). \
For a tool that presents a higher level interface and manages metadata, key \
generation, key wrapping, PAM integration, and passphrase hashing, see \
fscrypt (https://github.com/google/fscrypt)."
HOMEPAGE = "https://github.com/google/fscryptctl"
SECTION = "base"
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
SRCREV = "7c80c73c084ce9ea49a03b814dac7a82fd7b4c23"
SRC_URI = "git://github.com/google/fscryptctl.git;branch=master;protocol=https"
S = "${WORKDIR}/git"
do_compile:prepend() {
sed -i 's/fscryptctl\.1//g' ${S}/Makefile
sed -i 's/install-man//g' ${S}/Makefile
}
do_install() {
oe_runmake DESTDIR=${D} PREFIX=/usr install
}
RRECOMMENDS:${PN} += "\
keyutils \
kernel-module-cbc \
kernel-module-cts \
kernel-module-ecb \
kernel-module-xts \
"
meta-security/recipes-security/glome/glome_git.bb
+24
View File
@@ -0,0 +1,24 @@
SUMMARY = "GLOME Login Client"
HOME_PAGE = "https://github.com/google/glome"
DESCRIPTION = "GLOME is used to authorize serial console access to Linux machines"
PV = "0.1+git${SRCPV}"
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
inherit meson pkgconfig
DEPENDS += "openssl"
S = "${WORKDIR}/git"
SRC_URI = "git://github.com/google/glome.git;branch=master;protocol=https"
SRCREV = "978ad9fb165f1e382c875f2ce08a1fc4f2ddcf1b"
FILES:${PN} += "${libdir}/security"
PACKAGECONFIG ??= ""
PACKAGECONFIG[glome-cli] = "-Dglome-cli=true,-Dglome-cli=false"
PACKAGECONFIG[pam-glome] = "-Dpam-glome=true,-Dpam-glome=false,libpam"
EXTRA_OEMESON = "-Dtests=false"
meta-security/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.09.bb
+23
View File
@@ -0,0 +1,23 @@
SUMMARY = "Google Authenticator PAM module"
HOME_PAGE = "https://github.com/google/google-authenticator-libpam"
LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
LICENSE = "Apache-2.0"
SRC_URI = "git://github.com/google/google-authenticator-libpam.git;branch=master;protocol=https"
SRCREV = "962f353aac6cfc7b804547319db40f8b804f0b6c"
DEPENDS = "libpam"
S = "${WORKDIR}/git"
inherit autotools features_check
REQUIRED_DISTRO_FEATURES = "pam"
# Use the same dir location as PAM
EXTRA_OECONF = "--libdir=${base_libdir}"
PACKAGES += "pam-google-authenticator"
FILES:pam-google-authenticator = "${base_libdir}/security/pam_google_authenticator.so"
RDEPNEDS_pam-google-authenticator = "libpam"
meta-security/recipes-security/isic/files/configure_fix.patch
+171
View File
@@ -0,0 +1,171 @@
isic: add with-libnet remove libnet test
Upstream-Status: Inappropriate [embedded specific]
builds fine on non-oe systems. We need to exlude
cross compile libnet test. Pass in the location for libnet.a. Path
did not support mulitlib either.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Index: isic-0.07/configure
===================================================================
--- isic-0.07.orig/configure
+++ isic-0.07/configure
@@ -45,6 +45,8 @@ includedir='${prefix}/include'
oldincludedir='/usr/include'
infodir='${prefix}/info'
mandir='${prefix}/man'
+with_libnet_libraries
+libnet_libraries
# Initialize some other variables.
subdirs=
@@ -180,6 +182,7 @@ Features and packages:
--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
--x-includes=DIR X include files are in DIR
--x-libraries=DIR X library files are in DIR
+ --with-libnet-dir=DIR libnet library is in this DIR
EOF
if test -n "$ac_help"; then
echo "--enable and --with options recognized:$ac_help"
@@ -828,117 +832,36 @@ test -z "$INSTALL_SCRIPT" && INSTALL_SCR
test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
-PREFIX=/usr/local
-
-ac_safe=`echo "$PREFIX/lib/libnet.a" | sed 'y%./+-%__p_%'`
-echo $ac_n "checking for $PREFIX/lib/libnet.a""... $ac_c" 1>&6
-echo "configure:836: checking for $PREFIX/lib/libnet.a" >&5
-if eval "test \"`echo '$''{'ac_cv_file_$ac_safe'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-else
- if test "$cross_compiling" = yes; then
- { echo "configure: error: Cannot check for file existence when cross compiling" 1>&2; exit 1; }
-else
- if test -r $PREFIX/lib/libnet.a; then
- eval "ac_cv_file_$ac_safe=yes"
- else
- eval "ac_cv_file_$ac_safe=no"
- fi
-fi
-fi
-if eval "test \"`echo '$ac_cv_file_'$ac_safe`\" = yes"; then
- echo "$ac_t""yes" 1>&6
- FOO=$LIBS; CFLAGS="$CFLAGS -I$PREFIX/include" LIBS="-L$PREFIX/lib $LIBS"
-else
- echo "$ac_t""no" 1>&6
-
-fi
-
-echo $ac_n "checking for -lnet""... $ac_c" 1>&6
-echo "configure:884: checking for -lnet" >&5
-if eval "test \"`echo '$''{'ac_cv_lib_net'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-else
- ac_save_LIBS="$LIBS"
-LIBS="-lnet $LIBS"
-cat > conftest.$ac_ext <<EOF
-#line 891 "configure"
-#include "confdefs.h"
-
-int main() {
-main()
-; return 0; }
-EOF
-if { (eval echo configure:898: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- ac_cv_lib_net=yes
-else
- echo "configure: failed program was:" >&5
- cat conftest.$ac_ext >&5
- rm -rf conftest*
- ac_cv_lib_net=no
+LIBNET_GLOB='libnet.a'
+libnet_libraries=""
+ac_libnet_libraries=NO
+
+# Check whether --with-libnet-libraries was given.
+if test "${with_libnet_libraries+set}" = set; then :
+ withval=$with_libnet_libraries; ac_libnet_libraries="$withval"
+fi
+
+if test ! "$ac_libnet_libraries" = "NO"; then
+ libnet_libdir=$ac_libnet_libraries
+else
+ libnet_libdirs="/usr/lib"
+ libnet_libdir=NONE
+ for dir in $libnet_libdirs; do
+ try="ls -1 $dir/${LIBNET_GLOB}"
+ if test -n "`$try 2> /dev/null`"; then libnet_libdir=$dir; break; else echo "tried $dir" >&5; fi
+ done
fi
-rm -f conftest*
-LIBS="$ac_save_LIBS"
-fi
-echo "$ac_t""$ac_cv_lib_net" 1>&6
-if test "$ac_cv_lib_net" = yes; then
- DEFINES=
-else
- { echo "configure: error: Cannot find libnet... please get it from
- http://www.packetfactory.net/libnet" 1>&2; exit 1; }
-fi
+ac_libnet_libdir="$libnet_libdir"
-echo $ac_n "checking for libnet_init in -lnet""... $ac_c" 1>&6
-echo "configure:921: checking for libnet_init in -lnet" >&5
-ac_lib_var=`echo net'_'libnet_init | sed 'y%./+-%__p_%'`
-if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-else
- ac_save_LIBS="$LIBS"
-LIBS="-lnet $LIBS"
-cat > conftest.$ac_ext <<EOF
-#line 929 "configure"
-#include "confdefs.h"
-/* Override any gcc2 internal prototype to avoid an error. */
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char libnet_init();
-
-int main() {
-libnet_init()
-; return 0; }
-EOF
-if { (eval echo configure:940: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=yes"
-else
- echo "configure: failed program was:" >&5
- cat conftest.$ac_ext >&5
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=no"
+if test "$libnet_libraries"; then
+ libnet_libraries="$ac_libnet_libdir"
fi
-rm -f conftest*
-LIBS="$ac_save_LIBS"
-
-fi
-if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
- echo "$ac_t""yes" 1>&6
- ac_tr_lib=HAVE_LIB`echo net | sed -e 's/[^a-zA-Z0-9_]/_/g' \
- -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'`
- cat >> confdefs.h <<EOF
-#define $ac_tr_lib 1
-EOF
- LIBS="-lnet $LIBS"
-
-else
- echo "$ac_t""no" 1>&6
+if test "$libnet_libraries" != "$x_libraries" && test -n "$libnet_libraries"; then
+ LIBS="$LIBS -lnet"
fi
-
-
echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6
echo "configure:970: checking how to run the C preprocessor" >&5
# On Suns, sometimes $CPP names a directory.
meta-security/recipes-security/isic/files/isic-0.07-make.patch
+23
View File
@@ -0,0 +1,23 @@
isic: Fixup makefile to support destination
Upstream-Status: Backport
http://pkgs.fedoraproject.org/cgit/isic.git/tree/isic-0.07-make.patch
Signed-off-by: Armin Kuster <akuser808@gmail.com>
Index: isic-0.07/Makefile.in
===================================================================
--- isic-0.07.orig/Makefile.in
+++ isic-0.07/Makefile.in
@@ -63,7 +63,7 @@ package: distclean
tar -czvf isic-$(VERSION).tgz ./isic-$(VERSION)/* )
install: $(BINS) $(MAN)
- $(INSTALL) -m 0755 -d $(PREFIX)/bin
- $(INSTALL) -m 0755 -c $(BINS) $(PREFIX)/bin
- $(INSTALL) -m 0755 -d $(PREFIX)/man/man1
- ${INSTALL} -m 0755 -c $(MAN) $(PREFIX)/man/man1
+ $(INSTALL) -m 0755 -d $(DESTDIR)$(PREFIX)/bin
+ $(INSTALL) -m 0755 -c $(BINS) $(DESTDIR)$(PREFIX)/bin
+ $(INSTALL) -m 0755 -d $(DESTDIR)$(PREFIX)/share/man/man1
+ ${INSTALL} -m 0755 -c $(MAN) $(DESTDIR)$(PREFIX)/share/man/man1
meta-security/recipes-security/isic/files/isic-0.07-netinet.patch
+68
View File
@@ -0,0 +1,68 @@
isic: add missing header file
Upstream-Status: Backport
http://pkgs.fedoraproject.org/cgit/isic.git/tree/isic-0.07-netinet.patch
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Index: isic-0.07/multisic.c
===================================================================
--- isic-0.07.orig/multisic.c
+++ isic-0.07/multisic.c
@@ -1,5 +1,8 @@
#include "isic.h"
+#include <netinet/udp.h>
+/*#include <netinet/tcp.h>*/
+
/* This is tuned for ethernet sized frames (1500 bytes)
* For user over a modem or frame (or other) you will have to change the
* 'rand() & 0x4ff' line below. The 0x4ff needs to be less than the size of
Index: isic-0.07/tcpsic.c
===================================================================
--- isic-0.07.orig/tcpsic.c
+++ isic-0.07/tcpsic.c
@@ -1,5 +1,7 @@
#include "isic.h"
+#include <netinet/tcp.h>
+
/* This is tuned for ethernet sized frames (1500 bytes)
* For user over a modem or frame (or other) you will have to change the
* 'rand() & 0x4ff' line below. The 0x4ff needs to be less than the size of
Index: isic-0.07/tcpsic6.c
===================================================================
--- isic-0.07.orig/tcpsic6.c
+++ isic-0.07/tcpsic6.c
@@ -1,5 +1,7 @@
#include "isic.h"
+#include <netinet/tcp.h>
+
/* This is tuned for ethernet sized frames (1500 bytes)
* For user over a modem or frame (or other) you will have to change the
* 'rand() & 0x4ff' line below. The 0x4ff needs to be less than the size of
Index: isic-0.07/udpsic.c
===================================================================
--- isic-0.07.orig/udpsic.c
+++ isic-0.07/udpsic.c
@@ -1,5 +1,7 @@
#include "isic.h"
+#include <netinet/udp.h>
+
/* This is tuned for ethernet sized frames (1500 bytes)
* For user over a modem or frame (or other) you will have to change the
* 'rand() & 0x4ff' line below. The 0x4ff needs to be less than the size of
Index: isic-0.07/udpsic6.c
===================================================================
--- isic-0.07.orig/udpsic6.c
+++ isic-0.07/udpsic6.c
@@ -1,5 +1,7 @@
#include "isic.h"
+#include <netinet/udp.h>
+
/* This is tuned for ethernet sized frames (1500 bytes)
* For user over a modem or frame (or other) you will have to change the
* 'rand() & 0x4ff' line below. The 0x4ff needs to be less than the size of
meta-security/recipes-security/isic/isic_0.07.bb
+30
View File
@@ -0,0 +1,30 @@
SUMMARY = "ISIC -- IP Stack Integrity Checker"
DESCRIPTION = "ISIC is a suite of utilities to exercise the stability of an IP Stack and its component stacks (TCP, UDP, ICMP et. al.)"
HOMEPAGE = "http://isic.sourceforge.net/"
SECTION = "security"
LICENSE = "BSD-2-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=d41d8cd98f00b204e9800998ecf8427e"
DEPENDS = "libnet"
PARALLEL_MAKE = ""
SRC_URI = "http://prdownloads.sourceforge.net/isic/${BPN}-${PV}.tgz \
file://configure_fix.patch \
file://isic-0.07-netinet.patch \
file://isic-0.07-make.patch \
"
SRC_URI[md5sum] = "29f70c9bde9aa9128b8f7e66a315f9a4"
SRC_URI[sha256sum] = "e033c53e03e26a4c72b723e2a5a1c433ee70eb4d23a1ba0d7d7e14ee1a80429d"
S="${WORKDIR}/${BPN}-${PV}"
inherit autotools-brokensep
EXTRA_OECONF += "--with-libnet-dir=${STAGING_DIR_HOST}${libdir} "
do_configure () {
oe_runconf
}
RDEPNEDS += "libnet"
meta-security/recipes-security/krill/files/panic_workaround.patch
+16
View File
@@ -0,0 +1,16 @@
Upstream-Status: Inappropriate [OE specific]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Index: git/Cargo.toml
===================================================================
--- git.orig/Cargo.toml
+++ git/Cargo.toml
@@ -91,7 +91,7 @@ hsm-tests-pkcs11 = [ "hsm" ]
# Make sure that Krill crashes on panics, rather than losing threads and
# limping on in a bad state.
[profile.release]
-panic = "abort"
+#panic = "abort"
[dev-dependencies]
regex = "1.5.5"
meta-security/recipes-security/krill/krill-crates.inc
+550
View File
@@ -0,0 +1,550 @@
# Autogenerated with 'bitbake -c update_crates krill'
# from Cargo.lock
SRC_URI += " \
crate://crates.io/addr2line/0.17.0;name=addr2line-0.17.0 \
crate://crates.io/adler/1.0.2;name=adler-1.0.2 \
crate://crates.io/adler32/1.2.0;name=adler32-1.2.0 \
crate://crates.io/aho-corasick/0.7.18;name=aho-corasick-0.7.18 \
crate://crates.io/android_system_properties/0.1.5;name=android_system_properties-0.1.5 \
crate://crates.io/ansi_term/0.12.1;name=ansi_term-0.12.1 \
crate://crates.io/ascii/1.0.0;name=ascii-1.0.0 \
crate://crates.io/ascii-canvas/3.0.0;name=ascii-canvas-3.0.0 \
crate://crates.io/atty/0.2.14;name=atty-0.2.14 \
crate://crates.io/autocfg/1.1.0;name=autocfg-1.1.0 \
crate://crates.io/backoff/0.3.0;name=backoff-0.3.0 \
crate://crates.io/backtrace/0.3.66;name=backtrace-0.3.66 \
crate://crates.io/base64/0.13.0;name=base64-0.13.0 \
crate://crates.io/basic-cookies/0.1.4;name=basic-cookies-0.1.4 \
crate://crates.io/bcder/0.7.0;name=bcder-0.7.0 \
crate://crates.io/bit-set/0.5.2;name=bit-set-0.5.2 \
crate://crates.io/bit-vec/0.6.3;name=bit-vec-0.6.3 \
crate://crates.io/bitflags/1.3.2;name=bitflags-1.3.2 \
crate://crates.io/block-buffer/0.9.0;name=block-buffer-0.9.0 \
crate://crates.io/block-buffer/0.10.2;name=block-buffer-0.10.2 \
crate://crates.io/bumpalo/3.10.0;name=bumpalo-3.10.0 \
crate://crates.io/bytes/1.1.0;name=bytes-1.1.0 \
crate://crates.io/cc/1.0.73;name=cc-1.0.73 \
crate://crates.io/cfg-if/1.0.0;name=cfg-if-1.0.0 \
crate://crates.io/chrono/0.4.22;name=chrono-0.4.22 \
crate://crates.io/chunked_transfer/1.4.0;name=chunked_transfer-1.4.0 \
crate://crates.io/cipher/0.2.5;name=cipher-0.2.5 \
crate://crates.io/clap/2.34.0;name=clap-2.34.0 \
crate://crates.io/codespan-reporting/0.11.1;name=codespan-reporting-0.11.1 \
crate://crates.io/core-foundation/0.9.3;name=core-foundation-0.9.3 \
crate://crates.io/core-foundation-sys/0.8.3;name=core-foundation-sys-0.8.3 \
crate://crates.io/cpufeatures/0.2.2;name=cpufeatures-0.2.2 \
crate://crates.io/crc32fast/1.3.2;name=crc32fast-1.3.2 \
crate://crates.io/crunchy/0.2.2;name=crunchy-0.2.2 \
crate://crates.io/crypto-common/0.1.6;name=crypto-common-0.1.6 \
crate://crates.io/crypto-mac/0.10.1;name=crypto-mac-0.10.1 \
crate://crates.io/cryptoki/0.3.0;name=cryptoki-0.3.0 \
crate://crates.io/cryptoki-sys/0.1.4;name=cryptoki-sys-0.1.4 \
crate://crates.io/ctrlc/3.2.2;name=ctrlc-3.2.2 \
crate://crates.io/cxx/1.0.79;name=cxx-1.0.79 \
crate://crates.io/cxx-build/1.0.79;name=cxx-build-1.0.79 \
crate://crates.io/cxxbridge-flags/1.0.79;name=cxxbridge-flags-1.0.79 \
crate://crates.io/cxxbridge-macro/1.0.79;name=cxxbridge-macro-1.0.79 \
crate://crates.io/derivative/2.2.0;name=derivative-2.2.0 \
crate://crates.io/deunicode/0.4.3;name=deunicode-0.4.3 \
crate://crates.io/diff/0.1.13;name=diff-0.1.13 \
crate://crates.io/digest/0.9.0;name=digest-0.9.0 \
crate://crates.io/digest/0.10.3;name=digest-0.10.3 \
crate://crates.io/dirs-next/2.0.0;name=dirs-next-2.0.0 \
crate://crates.io/dirs-sys-next/0.1.2;name=dirs-sys-next-0.1.2 \
crate://crates.io/either/1.7.0;name=either-1.7.0 \
crate://crates.io/ena/0.14.0;name=ena-0.14.0 \
crate://crates.io/encoding_rs/0.8.31;name=encoding_rs-0.8.31 \
crate://crates.io/enum-display-derive/0.1.1;name=enum-display-derive-0.1.1 \
crate://crates.io/enum-flags/0.1.8;name=enum-flags-0.1.8 \
crate://crates.io/error-chain/0.11.0;name=error-chain-0.11.0 \
crate://crates.io/fastrand/1.7.0;name=fastrand-1.7.0 \
crate://crates.io/fern/0.5.9;name=fern-0.5.9 \
crate://crates.io/fixedbitset/0.4.2;name=fixedbitset-0.4.2 \
crate://crates.io/fnv/1.0.7;name=fnv-1.0.7 \
crate://crates.io/foreign-types/0.3.2;name=foreign-types-0.3.2 \
crate://crates.io/foreign-types-shared/0.1.1;name=foreign-types-shared-0.1.1 \
crate://crates.io/form_urlencoded/1.0.1;name=form_urlencoded-1.0.1 \
crate://crates.io/fslock/0.2.1;name=fslock-0.2.1 \
crate://crates.io/futures/0.3.21;name=futures-0.3.21 \
crate://crates.io/futures-channel/0.3.21;name=futures-channel-0.3.21 \
crate://crates.io/futures-core/0.3.21;name=futures-core-0.3.21 \
crate://crates.io/futures-executor/0.3.21;name=futures-executor-0.3.21 \
crate://crates.io/futures-io/0.3.21;name=futures-io-0.3.21 \
crate://crates.io/futures-macro/0.3.21;name=futures-macro-0.3.21 \
crate://crates.io/futures-sink/0.3.21;name=futures-sink-0.3.21 \
crate://crates.io/futures-task/0.3.21;name=futures-task-0.3.21 \
crate://crates.io/futures-util/0.3.21;name=futures-util-0.3.21 \
crate://crates.io/generic-array/0.14.5;name=generic-array-0.14.5 \
crate://crates.io/getrandom/0.2.7;name=getrandom-0.2.7 \
crate://crates.io/gimli/0.26.2;name=gimli-0.26.2 \
crate://crates.io/h2/0.3.13;name=h2-0.3.13 \
crate://crates.io/hashbrown/0.12.3;name=hashbrown-0.12.3 \
crate://crates.io/hermit-abi/0.1.19;name=hermit-abi-0.1.19 \
crate://crates.io/hex/0.4.3;name=hex-0.4.3 \
crate://crates.io/hmac/0.10.1;name=hmac-0.10.1 \
crate://crates.io/http/0.2.8;name=http-0.2.8 \
crate://crates.io/http-body/0.4.5;name=http-body-0.4.5 \
crate://crates.io/httparse/1.7.1;name=httparse-1.7.1 \
crate://crates.io/httpdate/1.0.2;name=httpdate-1.0.2 \
crate://crates.io/hyper/0.14.20;name=hyper-0.14.20 \
crate://crates.io/hyper-tls/0.5.0;name=hyper-tls-0.5.0 \
crate://crates.io/iana-time-zone/0.1.51;name=iana-time-zone-0.1.51 \
crate://crates.io/iana-time-zone-haiku/0.1.1;name=iana-time-zone-haiku-0.1.1 \
crate://crates.io/idna/0.2.3;name=idna-0.2.3 \
crate://crates.io/impl-trait-for-tuples/0.2.2;name=impl-trait-for-tuples-0.2.2 \
crate://crates.io/indexmap/1.9.1;name=indexmap-1.9.1 \
crate://crates.io/instant/0.1.12;name=instant-0.1.12 \
crate://crates.io/intervaltree/0.2.7;name=intervaltree-0.2.7 \
crate://crates.io/ipnet/2.5.0;name=ipnet-2.5.0 \
crate://crates.io/itertools/0.10.3;name=itertools-0.10.3 \
crate://crates.io/itoa/1.0.2;name=itoa-1.0.2 \
crate://crates.io/jmespatch/0.3.0;name=jmespatch-0.3.0 \
crate://crates.io/js-sys/0.3.58;name=js-sys-0.3.58 \
crate://crates.io/kmip-protocol/0.4.2;name=kmip-protocol-0.4.2 \
crate://crates.io/kmip-ttlv/0.3.3;name=kmip-ttlv-0.3.3 \
crate://crates.io/lalrpop/0.19.8;name=lalrpop-0.19.8 \
crate://crates.io/lalrpop-util/0.19.8;name=lalrpop-util-0.19.8 \
crate://crates.io/lazy_static/1.4.0;name=lazy_static-1.4.0 \
crate://crates.io/libc/0.2.126;name=libc-0.2.126 \
crate://crates.io/libflate/1.2.0;name=libflate-1.2.0 \
crate://crates.io/libflate_lz77/1.1.0;name=libflate_lz77-1.1.0 \
crate://crates.io/libloading/0.7.3;name=libloading-0.7.3 \
crate://crates.io/link-cplusplus/1.0.7;name=link-cplusplus-1.0.7 \
crate://crates.io/lock_api/0.4.7;name=lock_api-0.4.7 \
crate://crates.io/log/0.4.17;name=log-0.4.17 \
crate://crates.io/maplit/1.0.2;name=maplit-1.0.2 \
crate://crates.io/matchers/0.0.1;name=matchers-0.0.1 \
crate://crates.io/matches/0.1.9;name=matches-0.1.9 \
crate://crates.io/maybe-async/0.2.6;name=maybe-async-0.2.6 \
crate://crates.io/memchr/2.5.0;name=memchr-2.5.0 \
crate://crates.io/mime/0.3.16;name=mime-0.3.16 \
crate://crates.io/miniz_oxide/0.5.3;name=miniz_oxide-0.5.3 \
crate://crates.io/mio/0.8.4;name=mio-0.8.4 \
crate://crates.io/native-tls/0.2.10;name=native-tls-0.2.10 \
crate://crates.io/new_debug_unreachable/1.0.4;name=new_debug_unreachable-1.0.4 \
crate://crates.io/nix/0.24.2;name=nix-0.24.2 \
crate://crates.io/num-bigint/0.4.3;name=num-bigint-0.4.3 \
crate://crates.io/num-integer/0.1.45;name=num-integer-0.1.45 \
crate://crates.io/num-traits/0.2.15;name=num-traits-0.2.15 \
crate://crates.io/num_cpus/1.13.1;name=num_cpus-1.13.1 \
crate://crates.io/oauth2/4.2.3;name=oauth2-4.2.3 \
crate://crates.io/object/0.29.0;name=object-0.29.0 \
crate://crates.io/once_cell/1.13.0;name=once_cell-1.13.0 \
crate://crates.io/opaque-debug/0.3.0;name=opaque-debug-0.3.0 \
crate://crates.io/openidconnect/2.3.2;name=openidconnect-2.3.2 \
crate://crates.io/openssl/0.10.41;name=openssl-0.10.41 \
crate://crates.io/openssl-macros/0.1.0;name=openssl-macros-0.1.0 \
crate://crates.io/openssl-probe/0.1.5;name=openssl-probe-0.1.5 \
crate://crates.io/openssl-src/111.25.0+1.1.1t;name=openssl-src-111.25.0+1.1.1t \
crate://crates.io/openssl-sys/0.9.75;name=openssl-sys-0.9.75 \
crate://crates.io/ordered-float/2.10.0;name=ordered-float-2.10.0 \
crate://crates.io/oso/0.12.4;name=oso-0.12.4 \
crate://crates.io/parking_lot/0.12.1;name=parking_lot-0.12.1 \
crate://crates.io/parking_lot_core/0.9.3;name=parking_lot_core-0.9.3 \
crate://crates.io/pbkdf2/0.7.5;name=pbkdf2-0.7.5 \
crate://crates.io/percent-encoding/2.1.0;name=percent-encoding-2.1.0 \
crate://crates.io/petgraph/0.6.2;name=petgraph-0.6.2 \
crate://crates.io/phf_shared/0.10.0;name=phf_shared-0.10.0 \
crate://crates.io/pico-args/0.4.2;name=pico-args-0.4.2 \
crate://crates.io/pin-project-lite/0.2.9;name=pin-project-lite-0.2.9 \
crate://crates.io/pin-utils/0.1.0;name=pin-utils-0.1.0 \
crate://crates.io/pkg-config/0.3.25;name=pkg-config-0.3.25 \
crate://crates.io/polar-core/0.12.4;name=polar-core-0.12.4 \
crate://crates.io/ppv-lite86/0.2.16;name=ppv-lite86-0.2.16 \
crate://crates.io/precomputed-hash/0.1.1;name=precomputed-hash-0.1.1 \
crate://crates.io/priority-queue/1.2.2;name=priority-queue-1.2.2 \
crate://crates.io/proc-macro2/1.0.40;name=proc-macro2-1.0.40 \
crate://crates.io/quick-xml/0.23.0;name=quick-xml-0.23.0 \
crate://crates.io/quote/1.0.20;name=quote-1.0.20 \
crate://crates.io/r2d2/0.8.10;name=r2d2-0.8.10 \
crate://crates.io/rand/0.8.5;name=rand-0.8.5 \
crate://crates.io/rand_chacha/0.3.1;name=rand_chacha-0.3.1 \
crate://crates.io/rand_core/0.6.3;name=rand_core-0.6.3 \
crate://crates.io/redox_syscall/0.2.13;name=redox_syscall-0.2.13 \
crate://crates.io/redox_users/0.4.3;name=redox_users-0.4.3 \
crate://crates.io/regex/1.6.0;name=regex-1.6.0 \
crate://crates.io/regex-automata/0.1.10;name=regex-automata-0.1.10 \
crate://crates.io/regex-syntax/0.6.27;name=regex-syntax-0.6.27 \
crate://crates.io/remove_dir_all/0.5.3;name=remove_dir_all-0.5.3 \
crate://crates.io/reqwest/0.11.11;name=reqwest-0.11.11 \
crate://crates.io/ring/0.16.20;name=ring-0.16.20 \
crate://crates.io/rle-decode-fast/1.0.3;name=rle-decode-fast-1.0.3 \
crate://crates.io/routecore/0.2.0;name=routecore-0.2.0 \
crate://crates.io/rpassword/5.0.1;name=rpassword-5.0.1 \
crate://crates.io/rpki/0.15.8;name=rpki-0.15.8 \
crate://crates.io/rustc-demangle/0.1.21;name=rustc-demangle-0.1.21 \
crate://crates.io/rustc_version/0.4.0;name=rustc_version-0.4.0 \
crate://crates.io/rustls/0.19.1;name=rustls-0.19.1 \
crate://crates.io/rustversion/1.0.8;name=rustversion-1.0.8 \
crate://crates.io/ryu/1.0.10;name=ryu-1.0.10 \
crate://crates.io/salsa20/0.7.2;name=salsa20-0.7.2 \
crate://crates.io/schannel/0.1.20;name=schannel-0.1.20 \
crate://crates.io/scheduled-thread-pool/0.2.6;name=scheduled-thread-pool-0.2.6 \
crate://crates.io/scopeguard/1.1.0;name=scopeguard-1.1.0 \
crate://crates.io/scratch/1.0.2;name=scratch-1.0.2 \
crate://crates.io/scrypt/0.6.5;name=scrypt-0.6.5 \
crate://crates.io/sct/0.6.1;name=sct-0.6.1 \
crate://crates.io/security-framework/2.6.1;name=security-framework-2.6.1 \
crate://crates.io/security-framework-sys/2.6.1;name=security-framework-sys-2.6.1 \
crate://crates.io/semver/1.0.12;name=semver-1.0.12 \
crate://crates.io/serde/1.0.139;name=serde-1.0.139 \
crate://crates.io/serde-value/0.7.0;name=serde-value-0.7.0 \
crate://crates.io/serde_bytes/0.11.6;name=serde_bytes-0.11.6 \
crate://crates.io/serde_derive/1.0.139;name=serde_derive-1.0.139 \
crate://crates.io/serde_json/1.0.82;name=serde_json-1.0.82 \
crate://crates.io/serde_path_to_error/0.1.7;name=serde_path_to_error-0.1.7 \
crate://crates.io/serde_urlencoded/0.7.1;name=serde_urlencoded-0.7.1 \
crate://crates.io/sha2/0.9.9;name=sha2-0.9.9 \
crate://crates.io/sha2/0.10.2;name=sha2-0.10.2 \
crate://crates.io/sharded-slab/0.1.4;name=sharded-slab-0.1.4 \
crate://crates.io/signal-hook-registry/1.4.0;name=signal-hook-registry-1.4.0 \
crate://crates.io/siphasher/0.3.10;name=siphasher-0.3.10 \
crate://crates.io/slab/0.4.6;name=slab-0.4.6 \
crate://crates.io/slug/0.1.4;name=slug-0.1.4 \
crate://crates.io/smallvec/1.9.0;name=smallvec-1.9.0 \
crate://crates.io/socket2/0.4.4;name=socket2-0.4.4 \
crate://crates.io/spin/0.5.2;name=spin-0.5.2 \
crate://crates.io/string_cache/0.8.4;name=string_cache-0.8.4 \
crate://crates.io/strsim/0.8.0;name=strsim-0.8.0 \
crate://crates.io/subtle/2.4.1;name=subtle-2.4.1 \
crate://crates.io/syn/1.0.98;name=syn-1.0.98 \
crate://crates.io/syslog/4.0.1;name=syslog-4.0.1 \
crate://crates.io/target-lexicon/0.12.4;name=target-lexicon-0.12.4 \
crate://crates.io/tempfile/3.3.0;name=tempfile-3.3.0 \
crate://crates.io/term/0.7.0;name=term-0.7.0 \
crate://crates.io/termcolor/1.1.3;name=termcolor-1.1.3 \
crate://crates.io/textwrap/0.11.0;name=textwrap-0.11.0 \
crate://crates.io/thiserror/1.0.31;name=thiserror-1.0.31 \
crate://crates.io/thiserror-impl/1.0.31;name=thiserror-impl-1.0.31 \
crate://crates.io/thread_local/1.1.4;name=thread_local-1.1.4 \
crate://crates.io/time/0.1.44;name=time-0.1.44 \
crate://crates.io/tiny-keccak/2.0.2;name=tiny-keccak-2.0.2 \
crate://crates.io/tiny_http/0.8.2;name=tiny_http-0.8.2 \
crate://crates.io/tinyvec/1.6.0;name=tinyvec-1.6.0 \
crate://crates.io/tinyvec_macros/0.1.0;name=tinyvec_macros-0.1.0 \
crate://crates.io/tokio/1.20.4;name=tokio-1.20.4 \
crate://crates.io/tokio-macros/1.8.0;name=tokio-macros-1.8.0 \
crate://crates.io/tokio-native-tls/0.3.0;name=tokio-native-tls-0.3.0 \
crate://crates.io/tokio-rustls/0.22.0;name=tokio-rustls-0.22.0 \
crate://crates.io/tokio-util/0.7.3;name=tokio-util-0.7.3 \
crate://crates.io/toml/0.5.9;name=toml-0.5.9 \
crate://crates.io/tower-service/0.3.2;name=tower-service-0.3.2 \
crate://crates.io/tracing/0.1.35;name=tracing-0.1.35 \
crate://crates.io/tracing-attributes/0.1.22;name=tracing-attributes-0.1.22 \
crate://crates.io/tracing-core/0.1.28;name=tracing-core-0.1.28 \
crate://crates.io/tracing-log/0.1.3;name=tracing-log-0.1.3 \
crate://crates.io/tracing-serde/0.1.3;name=tracing-serde-0.1.3 \
crate://crates.io/tracing-subscriber/0.2.25;name=tracing-subscriber-0.2.25 \
crate://crates.io/trait-set/0.2.0;name=trait-set-0.2.0 \
crate://crates.io/try-lock/0.2.3;name=try-lock-0.2.3 \
crate://crates.io/typenum/1.15.0;name=typenum-1.15.0 \
crate://crates.io/unicode-bidi/0.3.8;name=unicode-bidi-0.3.8 \
crate://crates.io/unicode-ident/1.0.2;name=unicode-ident-1.0.2 \
crate://crates.io/unicode-normalization/0.1.21;name=unicode-normalization-0.1.21 \
crate://crates.io/unicode-width/0.1.9;name=unicode-width-0.1.9 \
crate://crates.io/unicode-xid/0.2.3;name=unicode-xid-0.2.3 \
crate://crates.io/untrusted/0.7.1;name=untrusted-0.7.1 \
crate://crates.io/url/2.2.2;name=url-2.2.2 \
crate://crates.io/urlparse/0.7.3;name=urlparse-0.7.3 \
crate://crates.io/uuid/1.1.2;name=uuid-1.1.2 \
crate://crates.io/valuable/0.1.0;name=valuable-0.1.0 \
crate://crates.io/vcpkg/0.2.15;name=vcpkg-0.2.15 \
crate://crates.io/vec_map/0.8.2;name=vec_map-0.8.2 \
crate://crates.io/version_check/0.9.4;name=version_check-0.9.4 \
crate://crates.io/want/0.3.0;name=want-0.3.0 \
crate://crates.io/wasi/0.10.0+wasi-snapshot-preview1;name=wasi-0.10.0+wasi-snapshot-preview1 \
crate://crates.io/wasi/0.11.0+wasi-snapshot-preview1;name=wasi-0.11.0+wasi-snapshot-preview1 \
crate://crates.io/wasm-bindgen/0.2.81;name=wasm-bindgen-0.2.81 \
crate://crates.io/wasm-bindgen-backend/0.2.81;name=wasm-bindgen-backend-0.2.81 \
crate://crates.io/wasm-bindgen-futures/0.4.31;name=wasm-bindgen-futures-0.4.31 \
crate://crates.io/wasm-bindgen-macro/0.2.81;name=wasm-bindgen-macro-0.2.81 \
crate://crates.io/wasm-bindgen-macro-support/0.2.81;name=wasm-bindgen-macro-support-0.2.81 \
crate://crates.io/wasm-bindgen-shared/0.2.81;name=wasm-bindgen-shared-0.2.81 \
crate://crates.io/web-sys/0.3.58;name=web-sys-0.3.58 \
crate://crates.io/webpki/0.21.4;name=webpki-0.21.4 \
crate://crates.io/winapi/0.3.9;name=winapi-0.3.9 \
crate://crates.io/winapi-i686-pc-windows-gnu/0.4.0;name=winapi-i686-pc-windows-gnu-0.4.0 \
crate://crates.io/winapi-util/0.1.5;name=winapi-util-0.1.5 \
crate://crates.io/winapi-x86_64-pc-windows-gnu/0.4.0;name=winapi-x86_64-pc-windows-gnu-0.4.0 \
crate://crates.io/windows-sys/0.36.1;name=windows-sys-0.36.1 \
crate://crates.io/windows_aarch64_msvc/0.36.1;name=windows_aarch64_msvc-0.36.1 \
crate://crates.io/windows_i686_gnu/0.36.1;name=windows_i686_gnu-0.36.1 \
crate://crates.io/windows_i686_msvc/0.36.1;name=windows_i686_msvc-0.36.1 \
crate://crates.io/windows_x86_64_gnu/0.36.1;name=windows_x86_64_gnu-0.36.1 \
crate://crates.io/windows_x86_64_msvc/0.36.1;name=windows_x86_64_msvc-0.36.1 \
crate://crates.io/winreg/0.10.1;name=winreg-0.10.1 \
"
SRC_URI[addr2line-0.17.0.sha256sum] = "b9ecd88a8c8378ca913a680cd98f0f13ac67383d35993f86c90a70e3f137816b"
SRC_URI[adler-1.0.2.sha256sum] = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe"
SRC_URI[adler32-1.2.0.sha256sum] = "aae1277d39aeec15cb388266ecc24b11c80469deae6067e17a1a7aa9e5c1f234"
SRC_URI[aho-corasick-0.7.18.sha256sum] = "1e37cfd5e7657ada45f742d6e99ca5788580b5c529dc78faf11ece6dc702656f"
SRC_URI[android_system_properties-0.1.5.sha256sum] = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311"
SRC_URI[ansi_term-0.12.1.sha256sum] = "d52a9bb7ec0cf484c551830a7ce27bd20d67eac647e1befb56b0be4ee39a55d2"
SRC_URI[ascii-1.0.0.sha256sum] = "bbf56136a5198c7b01a49e3afcbef6cf84597273d298f54432926024107b0109"
SRC_URI[ascii-canvas-3.0.0.sha256sum] = "8824ecca2e851cec16968d54a01dd372ef8f95b244fb84b84e70128be347c3c6"
SRC_URI[atty-0.2.14.sha256sum] = "d9b39be18770d11421cdb1b9947a45dd3f37e93092cbf377614828a319d5fee8"
SRC_URI[autocfg-1.1.0.sha256sum] = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa"
SRC_URI[backoff-0.3.0.sha256sum] = "9fe17f59a06fe8b87a6fc8bf53bb70b3aba76d7685f432487a68cd5552853625"
SRC_URI[backtrace-0.3.66.sha256sum] = "cab84319d616cfb654d03394f38ab7e6f0919e181b1b57e1fd15e7fb4077d9a7"
SRC_URI[base64-0.13.0.sha256sum] = "904dfeac50f3cdaba28fc6f57fdcddb75f49ed61346676a78c4ffe55877802fd"
SRC_URI[basic-cookies-0.1.4.sha256sum] = "cb53b6b315f924c7f113b162e53b3901c05fc9966baf84d201dfcc7432a4bb38"
SRC_URI[bcder-0.7.0.sha256sum] = "f007d8acfb8ef7d219911c7164c025a6d3504735120fc5df59c3c479ab84ea51"
SRC_URI[bit-set-0.5.2.sha256sum] = "6e11e16035ea35e4e5997b393eacbf6f63983188f7a2ad25bfb13465f5ad59de"
SRC_URI[bit-vec-0.6.3.sha256sum] = "349f9b6a179ed607305526ca489b34ad0a41aed5f7980fa90eb03160b69598fb"
SRC_URI[bitflags-1.3.2.sha256sum] = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
SRC_URI[block-buffer-0.9.0.sha256sum] = "4152116fd6e9dadb291ae18fc1ec3575ed6d84c29642d97890f4b4a3417297e4"
SRC_URI[block-buffer-0.10.2.sha256sum] = "0bf7fe51849ea569fd452f37822f606a5cabb684dc918707a0193fd4664ff324"
SRC_URI[bumpalo-3.10.0.sha256sum] = "37ccbd214614c6783386c1af30caf03192f17891059cecc394b4fb119e363de3"
SRC_URI[bytes-1.1.0.sha256sum] = "c4872d67bab6358e59559027aa3b9157c53d9358c51423c17554809a8858e0f8"
SRC_URI[cc-1.0.73.sha256sum] = "2fff2a6927b3bb87f9595d67196a70493f627687a71d87a0d692242c33f58c11"
SRC_URI[cfg-if-1.0.0.sha256sum] = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
SRC_URI[chrono-0.4.22.sha256sum] = "bfd4d1b31faaa3a89d7934dbded3111da0d2ef28e3ebccdb4f0179f5929d1ef1"
SRC_URI[chunked_transfer-1.4.0.sha256sum] = "fff857943da45f546682664a79488be82e69e43c1a7a2307679ab9afb3a66d2e"
SRC_URI[cipher-0.2.5.sha256sum] = "12f8e7987cbd042a63249497f41aed09f8e65add917ea6566effbc56578d6801"
SRC_URI[clap-2.34.0.sha256sum] = "a0610544180c38b88101fecf2dd634b174a62eef6946f84dfc6a7127512b381c"
SRC_URI[codespan-reporting-0.11.1.sha256sum] = "3538270d33cc669650c4b093848450d380def10c331d38c768e34cac80576e6e"
SRC_URI[core-foundation-0.9.3.sha256sum] = "194a7a9e6de53fa55116934067c844d9d749312f75c6f6d0980e8c252f8c2146"
SRC_URI[core-foundation-sys-0.8.3.sha256sum] = "5827cebf4670468b8772dd191856768aedcb1b0278a04f989f7766351917b9dc"
SRC_URI[cpufeatures-0.2.2.sha256sum] = "59a6001667ab124aebae2a495118e11d30984c3a653e99d86d58971708cf5e4b"
SRC_URI[crc32fast-1.3.2.sha256sum] = "b540bd8bc810d3885c6ea91e2018302f68baba2129ab3e88f32389ee9370880d"
SRC_URI[crunchy-0.2.2.sha256sum] = "7a81dae078cea95a014a339291cec439d2f232ebe854a9d672b796c6afafa9b7"
SRC_URI[crypto-common-0.1.6.sha256sum] = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3"
SRC_URI[crypto-mac-0.10.1.sha256sum] = "bff07008ec701e8028e2ceb8f83f0e4274ee62bd2dbdc4fefff2e9a91824081a"
SRC_URI[cryptoki-0.3.0.sha256sum] = "503aa2bd88796da9bc6baf2c47696da40f135721b3d6680c7c6cee0b7d1f7a59"
SRC_URI[cryptoki-sys-0.1.4.sha256sum] = "1e4895bb04269df9a14f2692c6499dc2769e9a93caa33ef37c4df134f76956d2"
SRC_URI[ctrlc-3.2.2.sha256sum] = "b37feaa84e6861e00a1f5e5aa8da3ee56d605c9992d33e082786754828e20865"
SRC_URI[cxx-1.0.79.sha256sum] = "3f83d0ebf42c6eafb8d7c52f7e5f2d3003b89c7aa4fd2b79229209459a849af8"
SRC_URI[cxx-build-1.0.79.sha256sum] = "07d050484b55975889284352b0ffc2ecbda25c0c55978017c132b29ba0818a86"
SRC_URI[cxxbridge-flags-1.0.79.sha256sum] = "99d2199b00553eda8012dfec8d3b1c75fce747cf27c169a270b3b99e3448ab78"
SRC_URI[cxxbridge-macro-1.0.79.sha256sum] = "dcb67a6de1f602736dd7eaead0080cf3435df806c61b24b13328db128c58868f"
SRC_URI[derivative-2.2.0.sha256sum] = "fcc3dd5e9e9c0b295d6e1e4d811fb6f157d5ffd784b8d202fc62eac8035a770b"
SRC_URI[deunicode-0.4.3.sha256sum] = "850878694b7933ca4c9569d30a34b55031b9b139ee1fc7b94a527c4ef960d690"
SRC_URI[diff-0.1.13.sha256sum] = "56254986775e3233ffa9c4d7d3faaf6d36a2c09d30b20687e9f88bc8bafc16c8"
SRC_URI[digest-0.9.0.sha256sum] = "d3dd60d1080a57a05ab032377049e0591415d2b31afd7028356dbf3cc6dcb066"
SRC_URI[digest-0.10.3.sha256sum] = "f2fb860ca6fafa5552fb6d0e816a69c8e49f0908bf524e30a90d97c85892d506"
SRC_URI[dirs-next-2.0.0.sha256sum] = "b98cf8ebf19c3d1b223e151f99a4f9f0690dca41414773390fc824184ac833e1"
SRC_URI[dirs-sys-next-0.1.2.sha256sum] = "4ebda144c4fe02d1f7ea1a7d9641b6fc6b580adcfa024ae48797ecdeb6825b4d"
SRC_URI[either-1.7.0.sha256sum] = "3f107b87b6afc2a64fd13cac55fe06d6c8859f12d4b14cbcdd2c67d0976781be"
SRC_URI[ena-0.14.0.sha256sum] = "d7402b94a93c24e742487327a7cd839dc9d36fec9de9fb25b09f2dae459f36c3"
SRC_URI[encoding_rs-0.8.31.sha256sum] = "9852635589dc9f9ea1b6fe9f05b50ef208c85c834a562f0c6abb1c475736ec2b"
SRC_URI[enum-display-derive-0.1.1.sha256sum] = "f16ef37b2a9b242295d61a154ee91ae884afff6b8b933b486b12481cc58310ca"
SRC_URI[enum-flags-0.1.8.sha256sum] = "3682d2328e61f5529088a02cd20bb0a9aeaeeeb2f26597436dd7d75d1340f8f5"
SRC_URI[error-chain-0.11.0.sha256sum] = "ff511d5dc435d703f4971bc399647c9bc38e20cb41452e3b9feb4765419ed3f3"
SRC_URI[fastrand-1.7.0.sha256sum] = "c3fcf0cee53519c866c09b5de1f6c56ff9d647101f81c1964fa632e148896cdf"
SRC_URI[fern-0.5.9.sha256sum] = "e69ab0d5aca163e388c3a49d284fed6c3d0810700e77c5ae2756a50ec1a4daaa"
SRC_URI[fixedbitset-0.4.2.sha256sum] = "0ce7134b9999ecaf8bcd65542e436736ef32ddca1b3e06094cb6ec5755203b80"
SRC_URI[fnv-1.0.7.sha256sum] = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1"
SRC_URI[foreign-types-0.3.2.sha256sum] = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1"
SRC_URI[foreign-types-shared-0.1.1.sha256sum] = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b"
SRC_URI[form_urlencoded-1.0.1.sha256sum] = "5fc25a87fa4fd2094bffb06925852034d90a17f0d1e05197d4956d3555752191"
SRC_URI[fslock-0.2.1.sha256sum] = "04412b8935272e3a9bae6f48c7bfff74c2911f60525404edfdd28e49884c3bfb"
SRC_URI[futures-0.3.21.sha256sum] = "f73fe65f54d1e12b726f517d3e2135ca3125a437b6d998caf1962961f7172d9e"
SRC_URI[futures-channel-0.3.21.sha256sum] = "c3083ce4b914124575708913bca19bfe887522d6e2e6d0952943f5eac4a74010"
SRC_URI[futures-core-0.3.21.sha256sum] = "0c09fd04b7e4073ac7156a9539b57a484a8ea920f79c7c675d05d289ab6110d3"
SRC_URI[futures-executor-0.3.21.sha256sum] = "9420b90cfa29e327d0429f19be13e7ddb68fa1cccb09d65e5706b8c7a749b8a6"
SRC_URI[futures-io-0.3.21.sha256sum] = "fc4045962a5a5e935ee2fdedaa4e08284547402885ab326734432bed5d12966b"
SRC_URI[futures-macro-0.3.21.sha256sum] = "33c1e13800337f4d4d7a316bf45a567dbcb6ffe087f16424852d97e97a91f512"
SRC_URI[futures-sink-0.3.21.sha256sum] = "21163e139fa306126e6eedaf49ecdb4588f939600f0b1e770f4205ee4b7fa868"
SRC_URI[futures-task-0.3.21.sha256sum] = "57c66a976bf5909d801bbef33416c41372779507e7a6b3a5e25e4749c58f776a"
SRC_URI[futures-util-0.3.21.sha256sum] = "d8b7abd5d659d9b90c8cba917f6ec750a74e2dc23902ef9cd4cc8c8b22e6036a"
SRC_URI[generic-array-0.14.5.sha256sum] = "fd48d33ec7f05fbfa152300fdad764757cbded343c1aa1cff2fbaf4134851803"
SRC_URI[getrandom-0.2.7.sha256sum] = "4eb1a864a501629691edf6c15a593b7a51eebaa1e8468e9ddc623de7c9b58ec6"
SRC_URI[gimli-0.26.2.sha256sum] = "22030e2c5a68ec659fde1e949a745124b48e6fa8b045b7ed5bd1fe4ccc5c4e5d"
SRC_URI[h2-0.3.13.sha256sum] = "37a82c6d637fc9515a4694bbf1cb2457b79d81ce52b3108bdeea58b07dd34a57"
SRC_URI[hashbrown-0.12.3.sha256sum] = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888"
SRC_URI[hermit-abi-0.1.19.sha256sum] = "62b467343b94ba476dcb2500d242dadbb39557df889310ac77c5d99100aaac33"
SRC_URI[hex-0.4.3.sha256sum] = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70"
SRC_URI[hmac-0.10.1.sha256sum] = "c1441c6b1e930e2817404b5046f1f989899143a12bf92de603b69f4e0aee1e15"
SRC_URI[http-0.2.8.sha256sum] = "75f43d41e26995c17e71ee126451dd3941010b0514a81a9d11f3b341debc2399"
SRC_URI[http-body-0.4.5.sha256sum] = "d5f38f16d184e36f2408a55281cd658ecbd3ca05cce6d6510a176eca393e26d1"
SRC_URI[httparse-1.7.1.sha256sum] = "496ce29bb5a52785b44e0f7ca2847ae0bb839c9bd28f69acac9b99d461c0c04c"
SRC_URI[httpdate-1.0.2.sha256sum] = "c4a1e36c821dbe04574f602848a19f742f4fb3c98d40449f11bcad18d6b17421"
SRC_URI[hyper-0.14.20.sha256sum] = "02c929dc5c39e335a03c405292728118860721b10190d98c2a0f0efd5baafbac"
SRC_URI[hyper-tls-0.5.0.sha256sum] = "d6183ddfa99b85da61a140bea0efc93fdf56ceaa041b37d553518030827f9905"
SRC_URI[iana-time-zone-0.1.51.sha256sum] = "f5a6ef98976b22b3b7f2f3a806f858cb862044cfa66805aa3ad84cb3d3b785ed"
SRC_URI[iana-time-zone-haiku-0.1.1.sha256sum] = "0703ae284fc167426161c2e3f1da3ea71d94b21bedbcc9494e92b28e334e3dca"
SRC_URI[idna-0.2.3.sha256sum] = "418a0a6fab821475f634efe3ccc45c013f742efe03d853e8d3355d5cb850ecf8"
SRC_URI[impl-trait-for-tuples-0.2.2.sha256sum] = "11d7a9f6330b71fea57921c9b61c47ee6e84f72d394754eff6163ae67e7395eb"
SRC_URI[indexmap-1.9.1.sha256sum] = "10a35a97730320ffe8e2d410b5d3b69279b98d2c14bdb8b70ea89ecf7888d41e"
SRC_URI[instant-0.1.12.sha256sum] = "7a5bbe824c507c5da5956355e86a746d82e0e1464f65d862cc5e71da70e94b2c"
SRC_URI[intervaltree-0.2.7.sha256sum] = "270bc34e57047cab801a8c871c124d9dc7132f6473c6401f645524f4e6edd111"
SRC_URI[ipnet-2.5.0.sha256sum] = "879d54834c8c76457ef4293a689b2a8c59b076067ad77b15efafbb05f92a592b"
SRC_URI[itertools-0.10.3.sha256sum] = "a9a9d19fa1e79b6215ff29b9d6880b706147f16e9b1dbb1e4e5947b5b02bc5e3"
SRC_URI[itoa-1.0.2.sha256sum] = "112c678d4050afce233f4f2852bb2eb519230b3cf12f33585275537d7e41578d"
SRC_URI[jmespatch-0.3.0.sha256sum] = "7acf91a732ade34d8eda2dee9500a051833f14f0d3d10d77c149845d6ac6a5f0"
SRC_URI[js-sys-0.3.58.sha256sum] = "c3fac17f7123a73ca62df411b1bf727ccc805daa070338fda671c86dac1bdc27"
SRC_URI[kmip-protocol-0.4.2.sha256sum] = "396744d490b405f4ff293057bae5625e03dcf8be70fd4ba8c6346a54e78fd837"
SRC_URI[kmip-ttlv-0.3.3.sha256sum] = "1aa943fd7166db2cc2deaea17bd5c2862ccf68eef9ce15576bcee9e4b494685c"
SRC_URI[lalrpop-0.19.8.sha256sum] = "b30455341b0e18f276fa64540aff54deafb54c589de6aca68659c63dd2d5d823"
SRC_URI[lalrpop-util-0.19.8.sha256sum] = "bcf796c978e9b4d983414f4caedc9273aa33ee214c5b887bd55fde84c85d2dc4"
SRC_URI[lazy_static-1.4.0.sha256sum] = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
SRC_URI[libc-0.2.126.sha256sum] = "349d5a591cd28b49e1d1037471617a32ddcda5731b99419008085f72d5a53836"
SRC_URI[libflate-1.2.0.sha256sum] = "05605ab2bce11bcfc0e9c635ff29ef8b2ea83f29be257ee7d730cac3ee373093"
SRC_URI[libflate_lz77-1.1.0.sha256sum] = "39a734c0493409afcd49deee13c006a04e3586b9761a03543c6272c9c51f2f5a"
SRC_URI[libloading-0.7.3.sha256sum] = "efbc0f03f9a775e9f6aed295c6a1ba2253c5757a9e03d55c6caa46a681abcddd"
SRC_URI[link-cplusplus-1.0.7.sha256sum] = "9272ab7b96c9046fbc5bc56c06c117cb639fe2d509df0c421cad82d2915cf369"
SRC_URI[lock_api-0.4.7.sha256sum] = "327fa5b6a6940e4699ec49a9beae1ea4845c6bab9314e4f84ac68742139d8c53"
SRC_URI[log-0.4.17.sha256sum] = "abb12e687cfb44aa40f41fc3978ef76448f9b6038cad6aef4259d3c095a2382e"
SRC_URI[maplit-1.0.2.sha256sum] = "3e2e65a1a2e43cfcb47a895c4c8b10d1f4a61097f9f254f183aee60cad9c651d"
SRC_URI[matchers-0.0.1.sha256sum] = "f099785f7595cc4b4553a174ce30dd7589ef93391ff414dbb67f62392b9e0ce1"
SRC_URI[matches-0.1.9.sha256sum] = "a3e378b66a060d48947b590737b30a1be76706c8dd7b8ba0f2fe3989c68a853f"
SRC_URI[maybe-async-0.2.6.sha256sum] = "6007f9dad048e0a224f27ca599d669fca8cfa0dac804725aab542b2eb032bce6"
SRC_URI[memchr-2.5.0.sha256sum] = "2dffe52ecf27772e601905b7522cb4ef790d2cc203488bbd0e2fe85fcb74566d"
SRC_URI[mime-0.3.16.sha256sum] = "2a60c7ce501c71e03a9c9c0d35b861413ae925bd979cc7a4e30d060069aaac8d"
SRC_URI[miniz_oxide-0.5.3.sha256sum] = "6f5c75688da582b8ffc1f1799e9db273f32133c49e048f614d22ec3256773ccc"
SRC_URI[mio-0.8.4.sha256sum] = "57ee1c23c7c63b0c9250c339ffdc69255f110b298b901b9f6c82547b7b87caaf"
SRC_URI[native-tls-0.2.10.sha256sum] = "fd7e2f3618557f980e0b17e8856252eee3c97fa12c54dff0ca290fb6266ca4a9"
SRC_URI[new_debug_unreachable-1.0.4.sha256sum] = "e4a24736216ec316047a1fc4252e27dabb04218aa4a3f37c6e7ddbf1f9782b54"
SRC_URI[nix-0.24.2.sha256sum] = "195cdbc1741b8134346d515b3a56a1c94b0912758009cfd53f99ea0f57b065fc"
SRC_URI[num-bigint-0.4.3.sha256sum] = "f93ab6289c7b344a8a9f60f88d80aa20032336fe78da341afc91c8a2341fc75f"
SRC_URI[num-integer-0.1.45.sha256sum] = "225d3389fb3509a24c93f5c29eb6bde2586b98d9f016636dff58d7c6f7569cd9"
SRC_URI[num-traits-0.2.15.sha256sum] = "578ede34cf02f8924ab9447f50c28075b4d3e5b269972345e7e0372b38c6cdcd"
SRC_URI[num_cpus-1.13.1.sha256sum] = "19e64526ebdee182341572e50e9ad03965aa510cd94427a4549448f285e957a1"
SRC_URI[oauth2-4.2.3.sha256sum] = "6d62c436394991641b970a92e23e8eeb4eb9bca74af4f5badc53bcd568daadbd"
SRC_URI[object-0.29.0.sha256sum] = "21158b2c33aa6d4561f1c0a6ea283ca92bc54802a93b263e910746d679a7eb53"
SRC_URI[once_cell-1.13.0.sha256sum] = "18a6dbe30758c9f83eb00cbea4ac95966305f5a7772f3f42ebfc7fc7eddbd8e1"
SRC_URI[opaque-debug-0.3.0.sha256sum] = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5"
SRC_URI[openidconnect-2.3.2.sha256sum] = "e26afc60b2bf11b9a039db1f3a3c0d5fe201eebdbe646a8ecb8342c8240e3271"
SRC_URI[openssl-0.10.41.sha256sum] = "618febf65336490dfcf20b73f885f5651a0c89c64c2d4a8c3662585a70bf5bd0"
SRC_URI[openssl-macros-0.1.0.sha256sum] = "b501e44f11665960c7e7fcf062c7d96a14ade4aa98116c004b2e37b5be7d736c"
SRC_URI[openssl-probe-0.1.5.sha256sum] = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf"
SRC_URI[openssl-src-111.25.0+1.1.1t.sha256sum] = "3173cd3626c43e3854b1b727422a276e568d9ec5fe8cec197822cf52cfb743d6"
SRC_URI[openssl-sys-0.9.75.sha256sum] = "e5f9bd0c2710541a3cda73d6f9ac4f1b240de4ae261065d309dbe73d9dceb42f"
SRC_URI[ordered-float-2.10.0.sha256sum] = "7940cf2ca942593318d07fcf2596cdca60a85c9e7fab408a5e21a4f9dcd40d87"
SRC_URI[oso-0.12.4.sha256sum] = "aec41e2da1ce3a82eb807396f802c172f08aa03e1be31e5df49592a04e12c8c7"
SRC_URI[parking_lot-0.12.1.sha256sum] = "3742b2c103b9f06bc9fff0a37ff4912935851bee6d36f3c02bcc755bcfec228f"
SRC_URI[parking_lot_core-0.9.3.sha256sum] = "09a279cbf25cb0757810394fbc1e359949b59e348145c643a939a525692e6929"
SRC_URI[pbkdf2-0.7.5.sha256sum] = "bf916dd32dd26297907890d99dc2740e33f6bd9073965af4ccff2967962f5508"
SRC_URI[percent-encoding-2.1.0.sha256sum] = "d4fd5641d01c8f18a23da7b6fe29298ff4b55afcccdf78973b24cf3175fee32e"
SRC_URI[petgraph-0.6.2.sha256sum] = "e6d5014253a1331579ce62aa67443b4a658c5e7dd03d4bc6d302b94474888143"
SRC_URI[phf_shared-0.10.0.sha256sum] = "b6796ad771acdc0123d2a88dc428b5e38ef24456743ddb1744ed628f9815c096"
SRC_URI[pico-args-0.4.2.sha256sum] = "db8bcd96cb740d03149cbad5518db9fd87126a10ab519c011893b1754134c468"
SRC_URI[pin-project-lite-0.2.9.sha256sum] = "e0a7ae3ac2f1173085d398531c705756c94a4c56843785df85a60c1a0afac116"
SRC_URI[pin-utils-0.1.0.sha256sum] = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"
SRC_URI[pkg-config-0.3.25.sha256sum] = "1df8c4ec4b0627e53bdf214615ad287367e482558cf84b109250b37464dc03ae"
SRC_URI[polar-core-0.12.4.sha256sum] = "53d2b6ee5b5ff6312ca55e2ba75fbd438c72bc041c799055388d815726eca69b"
SRC_URI[ppv-lite86-0.2.16.sha256sum] = "eb9f9e6e233e5c4a35559a617bf40a4ec447db2e84c20b55a6f83167b7e57872"
SRC_URI[precomputed-hash-0.1.1.sha256sum] = "925383efa346730478fb4838dbe9137d2a47675ad789c546d150a6e1dd4ab31c"
SRC_URI[priority-queue-1.2.2.sha256sum] = "de9cde7493f5f5d2d163b174be9f9a72d756b79b0f6ed85654128d238c347c1e"
SRC_URI[proc-macro2-1.0.40.sha256sum] = "dd96a1e8ed2596c337f8eae5f24924ec83f5ad5ab21ea8e455d3566c69fbcaf7"
SRC_URI[quick-xml-0.23.0.sha256sum] = "9279fbdacaad3baf559d8cabe0acc3d06e30ea14931af31af79578ac0946decc"
SRC_URI[quote-1.0.20.sha256sum] = "3bcdf212e9776fbcb2d23ab029360416bb1706b1aea2d1a5ba002727cbcab804"
SRC_URI[r2d2-0.8.10.sha256sum] = "51de85fb3fb6524929c8a2eb85e6b6d363de4e8c48f9e2c2eac4944abc181c93"
SRC_URI[rand-0.8.5.sha256sum] = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404"
SRC_URI[rand_chacha-0.3.1.sha256sum] = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88"
SRC_URI[rand_core-0.6.3.sha256sum] = "d34f1408f55294453790c48b2f1ebbb1c5b4b7563eb1f418bcfcfdbb06ebb4e7"
SRC_URI[redox_syscall-0.2.13.sha256sum] = "62f25bc4c7e55e0b0b7a1d43fb893f4fa1361d0abe38b9ce4f323c2adfe6ef42"
SRC_URI[redox_users-0.4.3.sha256sum] = "b033d837a7cf162d7993aded9304e30a83213c648b6e389db233191f891e5c2b"
SRC_URI[regex-1.6.0.sha256sum] = "4c4eb3267174b8c6c2f654116623910a0fef09c4753f8dd83db29c48a0df988b"
SRC_URI[regex-automata-0.1.10.sha256sum] = "6c230d73fb8d8c1b9c0b3135c5142a8acee3a0558fb8db5cf1cb65f8d7862132"
SRC_URI[regex-syntax-0.6.27.sha256sum] = "a3f87b73ce11b1619a3c6332f45341e0047173771e8b8b73f87bfeefb7b56244"
SRC_URI[remove_dir_all-0.5.3.sha256sum] = "3acd125665422973a33ac9d3dd2df85edad0f4ae9b00dafb1a05e43a9f5ef8e7"
SRC_URI[reqwest-0.11.11.sha256sum] = "b75aa69a3f06bbcc66ede33af2af253c6f7a86b1ca0033f60c580a27074fbf92"
SRC_URI[ring-0.16.20.sha256sum] = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc"
SRC_URI[rle-decode-fast-1.0.3.sha256sum] = "3582f63211428f83597b51b2ddb88e2a91a9d52d12831f9d08f5e624e8977422"
SRC_URI[routecore-0.2.0.sha256sum] = "9afd872857e85411c0ba7d18dfe650fc4864b292c02cde997e86c511314fdfc3"
SRC_URI[rpassword-5.0.1.sha256sum] = "ffc936cf8a7ea60c58f030fd36a612a48f440610214dc54bc36431f9ea0c3efb"
SRC_URI[rpki-0.15.8.sha256sum] = "46970b82ec6bfec47c88addaaef3d345cec2a5cf9cb89039ef904123e65ba41a"
SRC_URI[rustc-demangle-0.1.21.sha256sum] = "7ef03e0a2b150c7a90d01faf6254c9c48a41e95fb2a8c2ac1c6f0d2b9aefc342"
SRC_URI[rustc_version-0.4.0.sha256sum] = "bfa0f585226d2e68097d4f95d113b15b83a82e819ab25717ec0590d9584ef366"
SRC_URI[rustls-0.19.1.sha256sum] = "35edb675feee39aec9c99fa5ff985081995a06d594114ae14cbe797ad7b7a6d7"
SRC_URI[rustversion-1.0.8.sha256sum] = "24c8ad4f0c00e1eb5bc7614d236a7f1300e3dbd76b68cac8e06fb00b015ad8d8"
SRC_URI[ryu-1.0.10.sha256sum] = "f3f6f92acf49d1b98f7a81226834412ada05458b7364277387724a237f062695"
SRC_URI[salsa20-0.7.2.sha256sum] = "399f290ffc409596022fce5ea5d4138184be4784f2b28c62c59f0d8389059a15"
SRC_URI[schannel-0.1.20.sha256sum] = "88d6731146462ea25d9244b2ed5fd1d716d25c52e4d54aa4fb0f3c4e9854dbe2"
SRC_URI[scheduled-thread-pool-0.2.6.sha256sum] = "977a7519bff143a44f842fd07e80ad1329295bd71686457f18e496736f4bf9bf"
SRC_URI[scopeguard-1.1.0.sha256sum] = "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd"
SRC_URI[scratch-1.0.2.sha256sum] = "9c8132065adcfd6e02db789d9285a0deb2f3fcb04002865ab67d5fb103533898"
SRC_URI[scrypt-0.6.5.sha256sum] = "19230d10daad7f163d8c1fc8edf84fbe52ac71c2ebe5adf3f763aa1557b843e3"
SRC_URI[sct-0.6.1.sha256sum] = "b362b83898e0e69f38515b82ee15aa80636befe47c3b6d3d89a911e78fc228ce"
SRC_URI[security-framework-2.6.1.sha256sum] = "2dc14f172faf8a0194a3aded622712b0de276821addc574fa54fc0a1167e10dc"
SRC_URI[security-framework-sys-2.6.1.sha256sum] = "0160a13a177a45bfb43ce71c01580998474f556ad854dcbca936dd2841a5c556"
SRC_URI[semver-1.0.12.sha256sum] = "a2333e6df6d6598f2b1974829f853c2b4c5f4a6e503c10af918081aa6f8564e1"
SRC_URI[serde-1.0.139.sha256sum] = "0171ebb889e45aa68b44aee0859b3eede84c6f5f5c228e6f140c0b2a0a46cad6"
SRC_URI[serde-value-0.7.0.sha256sum] = "f3a1a3341211875ef120e117ea7fd5228530ae7e7036a779fdc9117be6b3282c"
SRC_URI[serde_bytes-0.11.6.sha256sum] = "212e73464ebcde48d723aa02eb270ba62eff38a9b732df31f33f1b4e145f3a54"
SRC_URI[serde_derive-1.0.139.sha256sum] = "dc1d3230c1de7932af58ad8ffbe1d784bd55efd5a9d84ac24f69c72d83543dfb"
SRC_URI[serde_json-1.0.82.sha256sum] = "82c2c1fdcd807d1098552c5b9a36e425e42e9fbd7c6a37a8425f390f781f7fa7"
SRC_URI[serde_path_to_error-0.1.7.sha256sum] = "d7868ad3b8196a8a0aea99a8220b124278ee5320a55e4fde97794b6f85b1a377"
SRC_URI[serde_urlencoded-0.7.1.sha256sum] = "d3491c14715ca2294c4d6a88f15e84739788c1d030eed8c110436aafdaa2f3fd"
SRC_URI[sha2-0.9.9.sha256sum] = "4d58a1e1bf39749807d89cf2d98ac2dfa0ff1cb3faa38fbb64dd88ac8013d800"
SRC_URI[sha2-0.10.2.sha256sum] = "55deaec60f81eefe3cce0dc50bda92d6d8e88f2a27df7c5033b42afeb1ed2676"
SRC_URI[sharded-slab-0.1.4.sha256sum] = "900fba806f70c630b0a382d0d825e17a0f19fcd059a2ade1ff237bcddf446b31"
SRC_URI[signal-hook-registry-1.4.0.sha256sum] = "e51e73328dc4ac0c7ccbda3a494dfa03df1de2f46018127f60c693f2648455b0"
SRC_URI[siphasher-0.3.10.sha256sum] = "7bd3e3206899af3f8b12af284fafc038cc1dc2b41d1b89dd17297221c5d225de"
SRC_URI[slab-0.4.6.sha256sum] = "eb703cfe953bccee95685111adeedb76fabe4e97549a58d16f03ea7b9367bb32"
SRC_URI[slug-0.1.4.sha256sum] = "b3bc762e6a4b6c6fcaade73e77f9ebc6991b676f88bb2358bddb56560f073373"
SRC_URI[smallvec-1.9.0.sha256sum] = "2fd0db749597d91ff862fd1d55ea87f7855a744a8425a64695b6fca237d1dad1"
SRC_URI[socket2-0.4.4.sha256sum] = "66d72b759436ae32898a2af0a14218dbf55efde3feeb170eb623637db85ee1e0"
SRC_URI[spin-0.5.2.sha256sum] = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d"
SRC_URI[string_cache-0.8.4.sha256sum] = "213494b7a2b503146286049378ce02b482200519accc31872ee8be91fa820a08"
SRC_URI[strsim-0.8.0.sha256sum] = "8ea5119cdb4c55b55d432abb513a0429384878c15dde60cc77b1c99de1a95a6a"
SRC_URI[subtle-2.4.1.sha256sum] = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601"
SRC_URI[syn-1.0.98.sha256sum] = "c50aef8a904de4c23c788f104b7dddc7d6f79c647c7c8ce4cc8f73eb0ca773dd"
SRC_URI[syslog-4.0.1.sha256sum] = "a0641142b4081d3d44beffa4eefd7346a228cdf91ed70186db2ca2cef762d327"
SRC_URI[target-lexicon-0.12.4.sha256sum] = "c02424087780c9b71cc96799eaeddff35af2bc513278cda5c99fc1f5d026d3c1"
SRC_URI[tempfile-3.3.0.sha256sum] = "5cdb1ef4eaeeaddc8fbd371e5017057064af0911902ef36b39801f67cc6d79e4"
SRC_URI[term-0.7.0.sha256sum] = "c59df8ac95d96ff9bede18eb7300b0fda5e5d8d90960e76f8e14ae765eedbf1f"
SRC_URI[termcolor-1.1.3.sha256sum] = "bab24d30b911b2376f3a13cc2cd443142f0c81dda04c118693e35b3835757755"
SRC_URI[textwrap-0.11.0.sha256sum] = "d326610f408c7a4eb6f51c37c330e496b08506c9457c9d34287ecc38809fb060"
SRC_URI[thiserror-1.0.31.sha256sum] = "bd829fe32373d27f76265620b5309d0340cb8550f523c1dda251d6298069069a"
SRC_URI[thiserror-impl-1.0.31.sha256sum] = "0396bc89e626244658bef819e22d0cc459e795a5ebe878e6ec336d1674a8d79a"
SRC_URI[thread_local-1.1.4.sha256sum] = "5516c27b78311c50bf42c071425c560ac799b11c30b31f87e3081965fe5e0180"
SRC_URI[time-0.1.44.sha256sum] = "6db9e6914ab8b1ae1c260a4ae7a49b6c5611b40328a735b21862567685e73255"
SRC_URI[tiny-keccak-2.0.2.sha256sum] = "2c9d3793400a45f954c52e73d068316d76b6f4e36977e3fcebb13a2721e80237"
SRC_URI[tiny_http-0.8.2.sha256sum] = "9ce51b50006056f590c9b7c3808c3bd70f0d1101666629713866c227d6e58d39"
SRC_URI[tinyvec-1.6.0.sha256sum] = "87cc5ceb3875bb20c2890005a4e226a4651264a5c75edb2421b52861a0a0cb50"
SRC_URI[tinyvec_macros-0.1.0.sha256sum] = "cda74da7e1a664f795bb1f8a87ec406fb89a02522cf6e50620d016add6dbbf5c"
SRC_URI[tokio-1.20.4.sha256sum] = "eb78f30e4b41e98ca4cce5acb51168a033839a7af9e42b380355808e14e98ee0"
SRC_URI[tokio-macros-1.8.0.sha256sum] = "9724f9a975fb987ef7a3cd9be0350edcbe130698af5b8f7a631e23d42d052484"
SRC_URI[tokio-native-tls-0.3.0.sha256sum] = "f7d995660bd2b7f8c1568414c1126076c13fbb725c40112dc0120b78eb9b717b"
SRC_URI[tokio-rustls-0.22.0.sha256sum] = "bc6844de72e57df1980054b38be3a9f4702aba4858be64dd700181a8a6d0e1b6"
SRC_URI[tokio-util-0.7.3.sha256sum] = "cc463cd8deddc3770d20f9852143d50bf6094e640b485cb2e189a2099085ff45"
SRC_URI[toml-0.5.9.sha256sum] = "8d82e1a7758622a465f8cee077614c73484dac5b836c02ff6a40d5d1010324d7"
SRC_URI[tower-service-0.3.2.sha256sum] = "b6bc1c9ce2b5135ac7f93c72918fc37feb872bdc6a5533a8b85eb4b86bfdae52"
SRC_URI[tracing-0.1.35.sha256sum] = "a400e31aa60b9d44a52a8ee0343b5b18566b03a8321e0d321f695cf56e940160"
SRC_URI[tracing-attributes-0.1.22.sha256sum] = "11c75893af559bc8e10716548bdef5cb2b983f8e637db9d0e15126b61b484ee2"
SRC_URI[tracing-core-0.1.28.sha256sum] = "7b7358be39f2f274f322d2aaed611acc57f382e8eb1e5b48cb9ae30933495ce7"
SRC_URI[tracing-log-0.1.3.sha256sum] = "78ddad33d2d10b1ed7eb9d1f518a5674713876e97e5bb9b7345a7984fbb4f922"
SRC_URI[tracing-serde-0.1.3.sha256sum] = "bc6b213177105856957181934e4920de57730fc69bf42c37ee5bb664d406d9e1"
SRC_URI[tracing-subscriber-0.2.25.sha256sum] = "0e0d2eaa99c3c2e41547cfa109e910a68ea03823cccad4a0525dcbc9b01e8c71"
SRC_URI[trait-set-0.2.0.sha256sum] = "875c4c873cc824e362fa9a9419ffa59807244824275a44ad06fec9684fff08f2"
SRC_URI[try-lock-0.2.3.sha256sum] = "59547bce71d9c38b83d9c0e92b6066c4253371f15005def0c30d9657f50c7642"
SRC_URI[typenum-1.15.0.sha256sum] = "dcf81ac59edc17cc8697ff311e8f5ef2d99fcbd9817b34cec66f90b6c3dfd987"
SRC_URI[unicode-bidi-0.3.8.sha256sum] = "099b7128301d285f79ddd55b9a83d5e6b9e97c92e0ea0daebee7263e932de992"
SRC_URI[unicode-ident-1.0.2.sha256sum] = "15c61ba63f9235225a22310255a29b806b907c9b8c964bcbd0a2c70f3f2deea7"
SRC_URI[unicode-normalization-0.1.21.sha256sum] = "854cbdc4f7bc6ae19c820d44abdc3277ac3e1b2b93db20a636825d9322fb60e6"
SRC_URI[unicode-width-0.1.9.sha256sum] = "3ed742d4ea2bd1176e236172c8429aaf54486e7ac098db29ffe6529e0ce50973"
SRC_URI[unicode-xid-0.2.3.sha256sum] = "957e51f3646910546462e67d5f7599b9e4fb8acdd304b087a6494730f9eebf04"
SRC_URI[untrusted-0.7.1.sha256sum] = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a"
SRC_URI[url-2.2.2.sha256sum] = "a507c383b2d33b5fc35d1861e77e6b383d158b2da5e14fe51b83dfedf6fd578c"
SRC_URI[urlparse-0.7.3.sha256sum] = "110352d4e9076c67839003c7788d8604e24dcded13e0b375af3efaa8cf468517"
SRC_URI[uuid-1.1.2.sha256sum] = "dd6469f4314d5f1ffec476e05f17cc9a78bc7a27a6a857842170bdf8d6f98d2f"
SRC_URI[valuable-0.1.0.sha256sum] = "830b7e5d4d90034032940e4ace0d9a9a057e7a45cd94e6c007832e39edb82f6d"
SRC_URI[vcpkg-0.2.15.sha256sum] = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426"
SRC_URI[vec_map-0.8.2.sha256sum] = "f1bddf1187be692e79c5ffeab891132dfb0f236ed36a43c7ed39f1165ee20191"
SRC_URI[version_check-0.9.4.sha256sum] = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f"
SRC_URI[want-0.3.0.sha256sum] = "1ce8a968cb1cd110d136ff8b819a556d6fb6d919363c61534f6860c7eb172ba0"
SRC_URI[wasi-0.10.0+wasi-snapshot-preview1.sha256sum] = "1a143597ca7c7793eff794def352d41792a93c481eb1042423ff7ff72ba2c31f"
SRC_URI[wasi-0.11.0+wasi-snapshot-preview1.sha256sum] = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
SRC_URI[wasm-bindgen-0.2.81.sha256sum] = "7c53b543413a17a202f4be280a7e5c62a1c69345f5de525ee64f8cfdbc954994"
SRC_URI[wasm-bindgen-backend-0.2.81.sha256sum] = "5491a68ab4500fa6b4d726bd67408630c3dbe9c4fe7bda16d5c82a1fd8c7340a"
SRC_URI[wasm-bindgen-futures-0.4.31.sha256sum] = "de9a9cec1733468a8c657e57fa2413d2ae2c0129b95e87c5b72b8ace4d13f31f"
SRC_URI[wasm-bindgen-macro-0.2.81.sha256sum] = "c441e177922bc58f1e12c022624b6216378e5febc2f0533e41ba443d505b80aa"
SRC_URI[wasm-bindgen-macro-support-0.2.81.sha256sum] = "7d94ac45fcf608c1f45ef53e748d35660f168490c10b23704c7779ab8f5c3048"
SRC_URI[wasm-bindgen-shared-0.2.81.sha256sum] = "6a89911bd99e5f3659ec4acf9c4d93b0a90fe4a2a11f15328472058edc5261be"
SRC_URI[web-sys-0.3.58.sha256sum] = "2fed94beee57daf8dd7d51f2b15dc2bcde92d7a72304cdf662a4371008b71b90"
SRC_URI[webpki-0.21.4.sha256sum] = "b8e38c0608262c46d4a56202ebabdeb094cef7e560ca7a226c6bf055188aa4ea"
SRC_URI[winapi-0.3.9.sha256sum] = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419"
SRC_URI[winapi-i686-pc-windows-gnu-0.4.0.sha256sum] = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
SRC_URI[winapi-util-0.1.5.sha256sum] = "70ec6ce85bb158151cae5e5c87f95a8e97d2c0c4b001223f33a334e3ce5de178"
SRC_URI[winapi-x86_64-pc-windows-gnu-0.4.0.sha256sum] = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
SRC_URI[windows-sys-0.36.1.sha256sum] = "ea04155a16a59f9eab786fe12a4a450e75cdb175f9e0d80da1e17db09f55b8d2"
SRC_URI[windows_aarch64_msvc-0.36.1.sha256sum] = "9bb8c3fd39ade2d67e9874ac4f3db21f0d710bee00fe7cab16949ec184eeaa47"
SRC_URI[windows_i686_gnu-0.36.1.sha256sum] = "180e6ccf01daf4c426b846dfc66db1fc518f074baa793aa7d9b9aaeffad6a3b6"
SRC_URI[windows_i686_msvc-0.36.1.sha256sum] = "e2e7917148b2812d1eeafaeb22a97e4813dfa60a3f8f78ebe204bcc88f12f024"
SRC_URI[windows_x86_64_gnu-0.36.1.sha256sum] = "4dcd171b8776c41b97521e5da127a2d86ad280114807d0b2ab1e462bc764d9e1"
SRC_URI[windows_x86_64_msvc-0.36.1.sha256sum] = "c811ca4a8c853ef420abd8592ba53ddbbac90410fab6903b3e79972a631f7680"
SRC_URI[winreg-0.10.1.sha256sum] = "80d0f4e272c85def139476380b12f9ac60926689dd2e01d4923222f40580869d"
meta-security/recipes-security/krill/krill_0.12.3.bb
+42
View File
@@ -0,0 +1,42 @@
SUMMARY = "Resource Public Key Infrastructure (RPKI) daemon"
HOMEPAGE = "https://www.nlnetlabs.nl/projects/rpki/krill/"
LICENSE = "MPL-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=9741c346eef56131163e13b9db1241b3"
DEPENDS = "openssl"
# SRC_URI += "crate://crates.io/krill/0.9.1"
SRC_URI = "git://github.com/NLnetLabs/krill.git;protocol=https;branch=main"
SRCREV = "e92098419c7ad82939e0483bc76df21eff705b80"
SRC_URI += "file://panic_workaround.patch"
include krill-crates.inc
UPSTREAM_CHECK_URI = "https://github.com/NLnetLabs/${BPN}/releases"
UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)"
S = "${WORKDIR}/git"
CARGO_SRC_DIR = ""
inherit pkgconfig useradd systemd cargo cargo-update-recipe-crates
do_install:append () {
install -d ${D}${sysconfdir}
install -d ${D}${datadir}/krill
install -m 664 ${S}/defaults/krill.conf ${D}${sysconfdir}/.
install ${S}/defaults/* ${D}${datadir}/krill/.
}
KRILL_UID ?= "krill"
KRILL_GID ?= "krill"
USERADD_PACKAGES = "${PN}"
GROUPADD_PARAM:${PN} = "--system ${KRILL_UID}"
USERADD_PARAM:${PN} = "--system -g ${KRILL_GID} --home-dir \
/var/lib/krill/ --no-create-home \
--shell /sbin/nologin ${BPN}"
FILES:${PN} += "{sysconfdir}/defaults ${datadir}"
COMPATIBLE_HOST = "(i.86|x86_64|aarch64).*-linux"
meta-security/recipes-security/libdhash/ding-libs_0.6.1.bb
+12
View File
@@ -0,0 +1,12 @@
SUMMARY = "Dynamic hash table implementation"
DESCRIPTION = "Dynamic hash table implementation"
HOMEPAGE = "https://fedorahosted.org/released/ding-libs"
SECTION = "base"
LICENSE = "GPL-3.0-or-later"
LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
SRC_URI = "https://fedorahosted.org/released/${BPN}/${BP}.tar.gz"
inherit autotools pkgconfig
SRC_URI[sha256sum] = "a319a327deb81f2dfab9ce4a4926e80e1dac5dcfc89f4c7e548cec2645af27c1"
meta-security/recipes-security/libest/libest_3.2.0.bb
+30
View File
@@ -0,0 +1,30 @@
SUMMARY = "EST is used for secure certificate \
enrollment and is compatible with Suite B certs (as well as RSA \
and DSA certificates)"
LICENSE = "OpenSSL"
LIC_FILES_CHKSUM = "file://LICENSE;md5=ecb78acde8e3b795de8ef6b61aed5885"
SRCREV = "4ca02c6d7540f2b1bcea278a4fbe373daac7103b"
SRC_URI = "git://github.com/cisco/libest;branch=main;protocol=https"
DEPENDS = "openssl"
#fatal error: execinfo.h: No such file or directory
DEPENDS:append:libc-musl = " libexecinfo"
inherit autotools-brokensep
EXTRA_OECONF = "--disable-pthreads --with-ssl-dir=${STAGING_LIBDIR}"
CFLAGS += "-fcommon"
LDFLAGS:append:libc-musl = " -lexecinfo"
S = "${WORKDIR}/git"
PACKAGES = "${PN} ${PN}-dbg ${PN}-dev"
FILES:${PN} = "${bindir}/* ${libdir}/libest-3.2.0p.so"
# https://github.com/cisco/libest/issues/104
SKIP_RECIPE[libest] ?= "Needs porting to openssl 3.x"
meta-security/recipes-security/libgssglue/files/libgssglue-canon-name.patch
+60
View File
@@ -0,0 +1,60 @@
fix the bug:
g_canon_name.c:125:5: warning: passing argument 2 of '__gss_copy_namebuf' from incompatible pointer type [enabled by default]
the 2nd argument of __gss_copy_namebuf should be address of *gss_buffer_t, \
but a *gss_buffer_t is assigned.
what __gss_copy_namebuf does is to alloc memory for a gss_buffer_desc and \
copy from src and return its address.
if following code failed, gss_release_name will free \
union_canon_name->external_name.value if it is not NULL.
OM_uint32 __gss_copy_namebuf(src, dest)
gss_buffer_t src;
gss_buffer_t *dest;
typedef struct gss_union_name_t {
gss_mechanism gss_mech;
gss_OID name_type;
gss_buffer_desc external_name;
/*
* These last two fields are only filled in for mechanism
* names.
*/
gss_OID mech_type;
gss_name_t mech_name;
} gss_union_name_desc, *gss_union_name_t;
typedef struct gss_buffer_desc_struct {
size_t length;
void FAR *value;
} gss_buffer_desc, FAR *gss_buffer_t;
Upstream-Status: Pending
Signed-off-by: Yao Zhao <yao.zhao@windriver.com>
--- a/src/g_canon_name.c
+++ b/src/g_canon_name.c
@@ -121,11 +121,17 @@ gss_canonicalize_name (OM_uint32 *minor_
union_canon_name->mech_name = mech_name;
- status = __gss_copy_namebuf(&union_input_name->external_name,
- &union_canon_name->external_name);
- if (status != GSS_S_COMPLETE)
- goto failure;
+ union_canon_name->external_name.value = (void*) malloc(
+ union_input_name->external_name.length + 1);
+ if (!union_canon_name->external_name.value)
+ goto failure;
+ memcpy(union_canon_name->external_name.value,
+ union_input_name->external_name.value,
+ union_input_name->external_name.length);
+ union_canon_name->external_name.length =
+ union_input_name->external_name.length;
+
if (union_input_name->name_type != GSS_C_NO_OID) {
status = generic_gss_copy_oid(minor_status,
union_input_name->name_type,
meta-security/recipes-security/libgssglue/libgssglue_0.7.bb
+51
View File
@@ -0,0 +1,51 @@
SUMMARY = "Exports a gssapi interface which calls other gssapi libraries"
DESCRIPTION = "\
This library exports a gssapi interface, but does not implement any gssapi \
mechanisms itself; instead it calls gssapi routines in other libraries, \
depending on the mechanism. \
"
HOMEPAGE = "http://www.citi.umich.edu/projects/nfsv4/linux/"
SECTION = "libs"
LICENSE = "BSD-3-Clause | HPND"
#Copyright (c) 1996, by Sun Microsystems, Inc. HPND
#Copyright (c) 2007 The Regents of the University of Michigan. BSD-3-Clause
#Copyright 1995 by the Massachusetts Institute of Technology. HPND without Disclaimer
#Copyright 1993 by OpenVision Technologies, Inc. HPND
LIC_FILES_CHKSUM = "file://COPYING;md5=56871e72a5c475289c0d5e4ba3f2ee3a \
file://src/g_accept_sec_context.c;beginline=3;endline=23;md5=da8ca7a37bd26e576c23874d453751d2\
file://src/g_ccache_name.c;beginline=1;endline=32;md5=208d4de05d5c8273963a8332f084faa7 \
file://src/oid_ops.c;beginline=1;endline=26;md5=1f194d148b396972da26759a8ec399f0\
file://src/oid_ops.c;beginline=378;endline=398;md5=d77a5c03e91908fac453c08bbeaddce1\
"
SRC_URI = "${DEBIAN_MIRROR}/main/libg/${BPN}/${BPN}_${PV}.orig.tar.gz \
file://libgssglue-canon-name.patch \
"
SRC_URI[sha256sum] = "bcd618ae0bc69f12815d77295658a760e7edc20706b9a731a81da8993f5c970a"
inherit autotools-brokensep
do_configure:prepend() {
cd ${S}
./bootstrap
}
do_install:append() {
# install some docs
install -d -m 0755 ${D}${docdir}/${BPN}
install -m 0644 ${S}/AUTHORS ${S}/ChangeLog ${S}/NEWS ${S}/README ${D}${docdir}/${BPN}
# install the gssapi_mech.conf
install -d -m 0755 ${D}${sysconfdir}
install -m 0644 ${S}/doc/gssapi_mech.conf ${D}${sysconfdir}
# change the libgssapi_krb5.so path and name(it is .so.2)
sed -i -e "s:/usr/lib/libgssapi_krb5.so:libgssapi_krb5.so.2:" ${D}${sysconfdir}/gssapi_mech.conf
}
# gssglue can use krb5, spkm3... as gssapi library, configurable
RRECOMMENDS:${PN} += "krb5"
meta-security/recipes-security/libmhash/files/Makefile.test
+13
View File
@@ -0,0 +1,13 @@
#
# Makefile for compiling mhash tests
#
ALL = mhash
all: $(ALL)
mhash: mhash.c
$(CC) $(CFLAGS) $(LDFLAGS) -o mhash mhash.c -lmhash
clean:
rm -f *.debug $(ALL)
meta-security/recipes-security/libmhash/files/mhash.c
+32
View File
@@ -0,0 +1,32 @@
#include <mhash.h>
#include <stdio.h>
int main()
{
char password[] = "Jefe";
int keylen = 4;
char data[] = "what do ya want for nothing?";
int datalen = 28;
MHASH td;
unsigned char mac[16];
int j;
td = mhash_hmac_init(MHASH_MD5, password, keylen, mhash_get_hash_pblock(MHASH_MD5));
mhash(td, data, datalen);
mhash_hmac_deinit(td, mac);
/*
* The output should be 0x750c783e6ab0b503eaa86e310a5db738
* according to RFC 2104.
*/
printf("0x");
for (j = 0; j < mhash_get_block_size(MHASH_MD5); j++) {
printf("%.2x", mac[j]);
}
printf("\n");
exit(0);
}
meta-security/recipes-security/libmhash/files/run-ptest
+12
View File
@@ -0,0 +1,12 @@
#!/bin/sh
OUTPUT=$($(dirname $0)/mhash)
MHASH_MD5="0x750c783e6ab0b503eaa86e310a5db738"
if [ x"$OUTPUT" = x"$MHASH_MD5" ]; then
echo "PASS: mhash ptest"
exit 0
else
echo "FAIL: mhash ptest"
exit 1
fi
meta-security/recipes-security/libmhash/libmhash_0.9.9.9.bb
+43
View File
@@ -0,0 +1,43 @@
SUMMARY = "Library of hashing algorithms."
DESCRIPTION = "\
Mhash is a free (under GNU Lesser GPL) library \
which provides a uniform interface to a large number of hash \
algorithms. These algorithms can be used to compute checksums, \
message digests, and other signatures. \
"
HOMEPAGE = "http://mhash.sourceforge.net/"
LICENSE = "LGPL-2.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=3bf50002aefd002f49e7bb854063f7e7"
S = "${WORKDIR}/mhash-${PV}"
SECTION = "libs"
SRC_URI = "${SOURCEFORGE_MIRROR}/mhash/mhash-${PV}.tar.bz2 \
file://Makefile.test \
file://mhash.c \
file://run-ptest \
"
SRC_URI[md5sum] = "f91c74f9ccab2b574a98be5bc31eb280"
SRC_URI[sha256sum] = "56521c52a9033779154432d0ae47ad7198914785265e1f570cee21ab248dfef0"
inherit autotools-brokensep ptest multilib_header
do_install:append() {
oe_multilib_header mutils/mhash_config.h
}
do_compile_ptest() {
if [ ! -d ${S}/demo ]; then mkdir ${S}/demo; fi
cp ${WORKDIR}/Makefile.test ${S}/demo/Makefile
cp ${WORKDIR}/mhash.c ${S}/demo/
make -C ${S}/demo CFLAGS="${CFLAGS} -I${S}/include/" LDFLAGS="${LDFLAGS} -L${S}/lib/.libs"
}
do_install_ptest() {
install -m 0755 ${S}/demo/mhash ${D}${PTEST_PATH}
}
BBCLASSEXTEND = "native"
meta-security/recipes-security/libmspack/libmspack_1.11.bb
+16
View File
@@ -0,0 +1,16 @@
SUMMARY = "A library for Microsoft compression formats"
HOMEPAGE = "http://www.cabextract.org.uk/libmspack/"
SECTION = "lib"
LICENSE = "LGPL-2.1-only"
DEPENDS = ""
LIC_FILES_CHKSUM = "file://COPYING.LIB;beginline=1;endline=2;md5=5b1fd1f66ef926b3c8a5bb00a72a28dd"
SRCREV = "305907723a4e7ab2018e58040059ffb5e77db837"
SRC_URI = "git://github.com/kyz/libmspack.git;branch=master;protocol=https"
inherit autotools
S = "${WORKDIR}/git/${BPN}"
inherit autotools
meta-security/recipes-security/ncrack/ncrack_0.7.bb
+18
View File
@@ -0,0 +1,18 @@
SUMMARY = "Network authentication cracking tool"
DESCRIPTION = "Ncrack is designed for high-speed parallel testing of network devices for poor passwords."
HOMEPAGE = "https://nmap.org/ncrack"
SECTION = "security"
LICENSE = "GPL-2.0-only"
LIC_FILES_CHKSUM = "file://COPYING;beginline=7;endline=12;md5=66938a7e5b4c118eda78271de14874c2"
SRCREV = "dc570e7e3cec1fb176c0168eaedc723084bd0426"
SRC_URI = "git://github.com/nmap/ncrack.git;branch=master;protocol=https"
DEPENDS = "openssl zlib"
inherit autotools-brokensep
S = "${WORKDIR}/git"
INSANE_SKIP:${PN} = "already-stripped"
meta-security/recipes-security/opendnssec/files/libdns_conf_fix.patch
+216
View File
@@ -0,0 +1,216 @@
Configure does not work with OE pkg-config for the ldns option
Upstream-Status: Inappropriate [OE specific]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Index: opendnssec-2.1.8/configure.ac
===================================================================
--- opendnssec-2.1.8.orig/configure.ac
+++ opendnssec-2.1.8/configure.ac
@@ -133,9 +133,7 @@ AC_CHECK_MEMBER([struct sockaddr_un.sun_
# common dependencies
ACX_LIBXML2
-ACX_LDNS(1,6,17)
-ACX_LDNS_NOT(1,6,14, [binary incompatibility, see http://open.nlnetlabs.nl/pipermail/ldns-users/2012-October/000564.html])
-ACX_LDNS_NOT(1,6,15, [fail to create NSEC3 bitmap for empty non-terminals, see http://www.nlnetlabs.nl/pipermail/ldns-users/2012-November/000565.html])
+ACX_LDNS(1.6.17)
ACX_PKCS11_MODULES
ACX_RT
ACX_LIBC
Index: opendnssec-2.1.8/m4/acx_ldns.m4
===================================================================
--- opendnssec-2.1.8.orig/m4/acx_ldns.m4
+++ opendnssec-2.1.8/m4/acx_ldns.m4
@@ -1,128 +1,63 @@
-AC_DEFUN([ACX_LDNS],[
- AC_ARG_WITH(ldns,
- [AS_HELP_STRING([--with-ldns=PATH],[specify prefix of path of ldns library to use])],
- [
- LDNS_PATH="$withval"
- AC_PATH_PROGS(LDNS_CONFIG, ldns-config, ldns-config, $LDNS_PATH/bin)
- ],[
- LDNS_PATH="/usr/local"
- AC_PATH_PROGS(LDNS_CONFIG, ldns-config, ldns-config, $PATH)
- ])
-
- if test -x "$LDNS_CONFIG"
- then
- AC_MSG_CHECKING(what are the ldns includes)
- LDNS_INCLUDES="`$LDNS_CONFIG --cflags`"
- AC_MSG_RESULT($LDNS_INCLUDES)
-
- AC_MSG_CHECKING(what are the ldns libs)
- LDNS_LIBS="`$LDNS_CONFIG --libs`"
- AC_MSG_RESULT($LDNS_LIBS)
- else
- AC_MSG_CHECKING(what are the ldns includes)
- LDNS_INCLUDES="-I$LDNS_PATH/include"
- AC_MSG_RESULT($LDNS_INCLUDES)
-
- AC_MSG_CHECKING(what are the ldns libs)
- LDNS_LIBS="-L$LDNS_PATH/lib -lldns"
- AC_MSG_RESULT($LDNS_LIBS)
- fi
-
- tmp_CPPFLAGS=$CPPFLAGS
- tmp_LIBS=$LIBS
-
- CPPFLAGS="$CPPFLAGS $LDNS_INCLUDES"
- LIBS="$LIBS $LDNS_LIBS"
-
- AC_CHECK_LIB(ldns, ldns_rr_new,,[AC_MSG_ERROR([Can't find ldns library])])
- LIBS=$tmp_LIBS
-
- AC_MSG_CHECKING([for ldns version])
- CHECK_LDNS_VERSION=m4_format(0x%02x%02x%02x, $1, $2, $3)
- AC_LANG_PUSH([C])
- AC_RUN_IFELSE([
- AC_LANG_SOURCE([[
- #include <ldns/ldns.h>
- int main()
- {
- #ifdef LDNS_REVISION
- if (LDNS_REVISION >= $CHECK_LDNS_VERSION)
- return 0;
- #endif
- return 1;
- }
- ]])
- ],[
- AC_MSG_RESULT([>= $1.$2.$3])
- ],[
- AC_MSG_RESULT([< $1.$2.$3])
- AC_MSG_ERROR([ldns library too old ($1.$2.$3 or later required)])
- ],[])
- AC_LANG_POP([C])
-
- CPPFLAGS=$tmp_CPPFLAGS
-
- AC_SUBST(LDNS_INCLUDES)
- AC_SUBST(LDNS_LIBS)
-])
-
-
-AC_DEFUN([ACX_LDNS_NOT],[
- AC_ARG_WITH(ldns,
- [AS_HELP_STRING([--with-ldns=PATH],[specify prefix of path of ldns library to use])],
- [
- LDNS_PATH="$withval"
- AC_PATH_PROGS(LDNS_CONFIG, ldns-config, ldns-config, $LDNS_PATH/bin)
- ],[
- LDNS_PATH="/usr/local"
- AC_PATH_PROGS(LDNS_CONFIG, ldns-config, ldns-config, $PATH)
- ])
-
- if test -x "$LDNS_CONFIG"
- then
- AC_MSG_CHECKING(what are the ldns includes)
- LDNS_INCLUDES="`$LDNS_CONFIG --cflags`"
- AC_MSG_RESULT($LDNS_INCLUDES)
-
- AC_MSG_CHECKING(what are the ldns libs)
- LDNS_LIBS="`$LDNS_CONFIG --libs`"
- AC_MSG_RESULT($LDNS_LIBS)
- else
- AC_MSG_CHECKING(what are the ldns includes)
- LDNS_INCLUDES="-I$LDNS_PATH/include"
- AC_MSG_RESULT($LDNS_INCLUDES)
-
- AC_MSG_CHECKING(what are the ldns libs)
- LDNS_LIBS="-L$LDNS_PATH/lib -lldns"
- AC_MSG_RESULT($LDNS_LIBS)
- fi
-
- tmp_CPPFLAGS=$CPPFLAGS
-
- CPPFLAGS="$CPPFLAGS $LDNS_INCLUDES"
-
- AC_MSG_CHECKING([for ldns version not $1.$2.$3])
- CHECK_LDNS_VERSION=m4_format(0x%02x%02x%02x, $1, $2, $3)
- AC_LANG_PUSH([C])
- AC_RUN_IFELSE([
- AC_LANG_SOURCE([[
- #include <ldns/ldns.h>
- int main()
- {
- #ifdef LDNS_REVISION
- if (LDNS_REVISION != $CHECK_LDNS_VERSION)
- return 0;
- #endif
- return 1;
- }
- ]])
- ],[
- AC_MSG_RESULT([ok])
- ],[
- AC_MSG_RESULT([no])
- AC_MSG_ERROR([ldns version $1.$2.$3 is not compatible due to $4])
- ],[])
- AC_LANG_POP([C])
-
- CPPFLAGS=$tmp_CPPFLAGS
+AU_ALIAS([CHECK_LDNS], [ACX_LDNS])
+AC_DEFUN([ACX_LDNS], [
+ found=false
+ AC_ARG_WITH([ldns],
+ [AS_HELP_STRING([--with-ldns=DIR],
+ [root of the lnds directory])],
+ [
+ case "$withval" in
+ "" | y | ye | yes | n | no)
+ AC_MSG_ERROR([Invalid --with-lnds value])
+ ;;
+ *) ldnsdirs="$withval"
+ ;;
+ esac
+ ], [
+ # if pkg-config is installed and lnds has installed a .pc file,
+ # then use that information and don't search ldnsdirs
+ AC_CHECK_TOOL([PKG_CONFIG], [pkg-config])
+ if test x"$PKG_CONFIG" != x""; then
+ OPENSSL_LDFLAGS=`$PKG_CONFIG ldns --libs-only-L 2>/dev/null`
+ if test $? = 0; then
+ LDNS_LIBS=`$PKG_CONFIG ldns --libs-only-l 2>/dev/null`
+ LDNS_INCLUDES=`$PKG_CONFIG ldns --cflags-only-I 2>/dev/null`
+ found=true
+ fi
+ fi
+
+ # no such luck; use some default ldnsdirs
+ if ! $found; then
+ ldnsdirs="/usr/local/ldns /usr/lib/ldns /usr/ldns /usr/local /usr"
+ fi
+ ]
+ )
+
+
+ if ! $found; then
+ LDNS_INCLUDES=
+ for ldnsdir in $ldnsdirs; do
+ AC_MSG_CHECKING([for LDNS in $ldnsdir])
+ if test -f "$ldnsdir/include/ldns/dnssec.h"; then
+ LDNS_INCLUDES="-I$ldnsdir/include"
+ LDNS_LDFLAGS="-L$ldnsdir/lib"
+ LDNS_LIBS="-lldns"
+ found=true
+ AC_MSG_RESULT([yes])
+ break
+ else
+ AC_MSG_RESULT([no])
+ fi
+ done
+
+ # if the file wasn't found, well, go ahead and try the link anyway -- maybe
+ # it will just work!
+ fi
+
+ LDFLAGS="$LDFLAGS $OPENSSL_LDFLAGS"
+ LIBS="$LDNS_LIBS $LIBS"
+ CPPFLAGS="$LDNS_INCLUDES $CPPFLAGS"
+
+ AC_SUBST([LDNS_INCLUDES])
+ AC_SUBST([LDNS_LIBS])
+ AC_SUBST([LDNS_LDFLAGS])
])
meta-security/recipes-security/opendnssec/files/libxml2_conf.patch
+112
View File
@@ -0,0 +1,112 @@
configure does not work with OE pkg-config for the libxml2 option
Upstream-Status: Inappropriate [OE specific]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Index: opendnssec-2.1.6/m4/acx_libxml2.m4
===================================================================
--- opendnssec-2.1.6.orig/m4/acx_libxml2.m4
+++ opendnssec-2.1.6/m4/acx_libxml2.m4
@@ -1,37 +1,67 @@
+#serial 11
+AU_ALIAS([CHECK_XML2], [ACX_LIBXML2])
AC_DEFUN([ACX_LIBXML2],[
- AC_ARG_WITH(libxml2,
- [AS_HELP_STRING([--with-libxml2=DIR],[look for libxml2 in this dir])],
- [
- XML2_PATH="$withval"
- AC_PATH_PROGS(XML2_CONFIG, xml2-config, xml2-config, $XML2_PATH/bin)
- ],[
- XML2_PATH="/usr/local"
- AC_PATH_PROGS(XML2_CONFIG, xml2-config, xml2-config, $PATH)
- ])
- if test -x "$XML2_CONFIG"
- then
- AC_MSG_CHECKING(what are the xml2 includes)
- XML2_INCLUDES="`$XML2_CONFIG --cflags`"
- AC_MSG_RESULT($XML2_INCLUDES)
-
- AC_MSG_CHECKING(what are the xml2 libs)
- XML2_LIBS="`$XML2_CONFIG --libs`"
- AC_MSG_RESULT($XML2_LIBS)
-
- tmp_CPPFLAGS=$CPPFLAGS
- tmp_LIBS=$LIBS
-
- CPPFLAGS="$CPPFLAGS $XML2_INCLUDES"
- LIBS="$LIBS $XML2_LIBS"
-
- AC_CHECK_LIB(xml2, xmlDocGetRootElement,,[AC_MSG_ERROR([Can't find libxml2 library])])
-
- CPPFLAGS=$tmp_CPPFLAGS
- LIBS=$tmp_LIBS
- else
- AC_MSG_ERROR([libxml2 required, but not found.])
- fi
+ found=false
+ AC_ARG_WITH([libxml2],
+ [AS_HELP_STRING([--with-libxml2=DIR],
+ [root of the libxml directory])],
+ [
+ case "$withval" in
+ "" | y | ye | yes | n | no)
+ AC_MSG_ERROR([Invalid --with-libxml2 value])
+ ;;
+ *) xml2dirs="$withval"
+ ;;
+ esac
+ ], [
+ # if pkg-config is installed and openssl has installed a .pc file,
+ # then use that information and don't search ssldirs
+ AC_CHECK_TOOL([PKG_CONFIG], [pkg-config])
+ if test x"$PKG_CONFIG" != x""; then
+ XML2_LDFLAGS=`$PKG_CONFIG libxml-2.0 --libs-only-L 2>/dev/null`
+ if test $? = 0; then
+ XML2_LIBS=`$PKG_CONFIG libxml-2.0 --libs-only-l 2>/dev/null`
+ XML2_INCLUDES=`$PKG_CONFIG libxml-2.0 --cflags-only-I 2>/dev/null`
+ found=true
+ fi
+ fi
- AC_SUBST(XML2_INCLUDES)
- AC_SUBST(XML2_LIBS)
+ # no such luck; use some default ssldirs
+ if ! $found; then
+ xml2dirs="/usr/local/libxml /usr/lib/libxml /usr/libxml /usr/pkg /usr/local /usr"
+ fi
+ ]
+ )
+
+
+ # note that we #include <libxml/tree.h>, so the libxml2 headers have to be in
+ # an 'libxml' subdirectory
+
+ if ! $found; then
+ XML2_INCLUDES=
+ for xml2dir in $xml2dirs; do
+ AC_MSG_CHECKING([for XML2 in $xml2dir])
+ if test -f "$xml2dir/include/libxml2/libxml/tree.h"; then
+ XML2_INCLUDES="-I$xml2dir/include/libxml2"
+ XML2_LDFLAGS="-L$xml2dir/lib"
+ XML2_LIBS="-lxml2"
+ found=true
+ AC_MSG_RESULT([yes])
+ break
+ else
+ AC_MSG_RESULT([no])
+ fi
+ done
+
+ # if the file wasn't found, well, go ahead and try the link anyway -- maybe
+ # it will just work!
+ fi
+
+ LDFLAGS="$LDFLAGS $XML2_LDFLAGS"
+ LIBS="$XML2_LIBS $LIBS"
+ CPPFLAGS="$XML2_INCLUDES $CPPFLAGS"
+
+ AC_SUBST(XML2_INCLUDES)
+ AC_SUBST(XML2_LIBS)
+ AC_SUBST(XML2_LDFLAGS)
])
meta-security/recipes-security/opendnssec/opendnssec_2.1.10.bb
+36
View File
@@ -0,0 +1,36 @@
SUMMARY = "OpenDNSSEC is a policy-based zone signer that automates the process of keeping track of DNSSEC keys and the signing of zones"
LICENSE = "BSD-2-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=b041dbe2da80d4efd951393fbba90937"
DEPENDS = "libxml2 openssl ldns libmicrohttpd jansson libyaml "
SRC_URI = "https://dist.opendnssec.org/source/opendnssec-${PV}.tar.gz \
file://libxml2_conf.patch \
file://libdns_conf_fix.patch \
"
SRC_URI[sha256sum] = "c0a8427de241118dccbf7abc508e4dd53fb75b45e9f386addbadae7ecc092756"
inherit autotools pkgconfig perlnative
EXTRA_OECONF = " --with-libxml2=${STAGING_DIR_HOST}/usr --with-ldns=${STAGING_DIR_HOST}/usr \
--with-ssl=${STAGING_DIR_HOST}/usr "
CFLAGS += "-fcommon"
PACKAGECONFIG ?= "sqlite3"
PACKAGECONFIG[cunit] = "--with-cunit=${STAGING_DIR_HOST}/usr, --without-cunit,"
PACKAGECONFIG[sqlite3] = "--with-sqlite3=${STAGING_DIR_HOST}/usr, ,sqlite3, sqlite3"
PACKAGECONFIG[mysql] = "--with-mysql=yes, , mariadb, mariadb"
PACKAGECONFIG[readline] = "--with-readline, --without-readline, readline"
PACKAGECONFIG[unwind] = "--with-libunwind, --without-libunwind"
do_install:append () {
rm -rf ${D}${localstatedir}/run
}
RDEPENDS:${PN} = "softhsm"
SKIP_RECIPE[opendnssec] ?= "Needs porting to openssl 3.x"
meta-security/recipes-security/paxctl/paxctl_0.9.bb
+38
View File
@@ -0,0 +1,38 @@
DESCRIPTION = "paxctl is a tool that allows PaX flags to be modified on a \
per-binary basis. PaX is part of common security-enhancing \
kernel patches and secure distributions, such as \
GrSecurity or Adamantix and Hardened Gen-too, respectively."
HOMEPAGE = "https://pax.grsecurity.net/"
LICENSE = "GPL-2.0-only"
LIC_FILES_CHKSUM = "file://paxctl.c;beginline=1;endline=5;md5=0ddd065c61020dda79729e6bedaed2c7 \
file://paxctl-elf.c;beginline=1;endline=5;md5=99f453ce7f6d1687ee808982e2924813 \
"
SRC_URI = "http://pax.grsecurity.net/${BP}.tar.gz"
SRC_URI[md5sum] = "9bea59b1987dc4e16c2d22d745374e64"
SRC_URI[sha256sum] = "a330ddd812688169802a3ba29e5e3b19956376b8f6f73b8d7e9586eb04423c2e"
EXTRA_OEMAKE = "CC='${CC}' DESTDIR='${D}'"
do_install() {
oe_runmake install
}
# The install target in the Makefile will fail for paxctl-native with error:
# install -D --owner 0 --group 0 --mode a=rx paxctl .../sbin/paxctl
# install: cannot change ownership of '.../sbin/paxctl': \
# Operation not permitted
# Drop '--owner 0 --group 0' to fix the issue.
do_install:class-native() {
local PROG=paxctl
install -d ${D}${base_sbindir}
install -d ${D}${mandir}/man1
install --mode a=rx $PROG ${D}${base_sbindir}/$PROG
install --mode a=r $PROG.1 ${D}${mandir}/man1/$PROG.1
}
# Avoid QA Issue: No GNU_HASH in the elf binary
INSANE_SKIP:${PN} = "ldflags"
BBCLASSEXTEND = "native"
meta-security/recipes-security/redhat-security/files/find-chroot-py.sh
+96
View File
@@ -0,0 +1,96 @@
#!/bin/sh
#
# find-chroot-py utility
# Copyright (c) 2011 Steve Grubb. ALL RIGHTS RESERVED.
# sgrubb@redhat.com
#
# This software may be freely redistributed under the terms of the GNU
# public license.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
# This program looks for python apps that use chroot(2) without using chdir(2)
#
# To save to file: ./find-chroot | sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" | tee findings.txt
libdirs="/lib /lib64 /usr/lib /usr/lib64"
progdirs="/bin /sbin /usr/bin /usr/sbin /usr/libexec"
FOUND=0
# First param is which list to use, second is search pattern
scan () {
if [ "$1" = "1" ] ; then
dirs=$libdirs
elif [ "$1" = "2" ] ; then
dirs=$progdirs
elif [ "$1" = "3" ] ; then
dirs=$3
fi
for d in $dirs ; do
if [ ! -d $d ] ; then
continue
fi
files=`/usr/bin/find $d -name "$2" -type f 2>/dev/null`
for f in $files
do
if [ "$1" = "2" ] ; then
testf=`/usr/bin/file $f | egrep 'ython'`
if [ x"$testf" = "x" ] ; then
continue
fi
fi
syms=`egrep ' os.chroot' $f`
if [ x"$syms" != "x" ] ; then
syms=`egrep ' os.chdir' $f`
if [ x"$syms" = "x" ] ; then
if [ $FOUND = 0 ] ; then
printf "%-44s%s\n" "FILE" " PACKAGE"
FOUND=1
fi
# Red
printf "\033[31m%-44s\033[m" $f
#rpm -qf --queryformat "%{NAME}-%{VERSION}" $f
rpm -qf --queryformat " %{SOURCERPM}" $f
echo
else
# One last test to see if chdir is within 4
# lines of chroot
syms=`cat $f | egrep ' os.chroot' -A3 | egrep ' os.chdir'`
if [ x"$syms" = "x" ] ; then
if [ $FOUND = 0 ] ; then
printf "%-44s%s\n" "FILE" " PACKAGE"
FOUND=1
fi
printf "\033[31m%-44s\033[m" $f
rpm -qf --queryformat " %{SOURCERPM}" $f
echo
fi
fi
fi
done
done
}
if [ $# -eq 1 ] ; then
if [ -d $1 ] ; then
scan 3 '*' $1
else
echo "Input is not a directory"
exit 1
fi
else
scan 2 '*'
scan 1 '*.py'
fi
if [ $FOUND -eq 0 ] ; then
# Nothing to report, just exit
echo "No problems found" 1>&2
exit 0
fi
exit 1
meta-security/recipes-security/redhat-security/files/find-chroot.sh
+93
View File
@@ -0,0 +1,93 @@
#!/bin/sh
#
# find-chroot utility
# Copyright (c) 2011 Steve Grubb. ALL RIGHTS RESERVED.
# sgrubb@redhat.com
#
# This software may be freely redistributed under the terms of the GNU
# public license.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
# This program looks for apps that use chroot(2) without using chdir(2)
#
# To save to file: ./find-chroot | sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" | tee findings.txt
libdirs="/lib /lib64 /usr/lib /usr/lib64"
progdirs="/bin /sbin /usr/bin /usr/sbin /usr/libexec"
FOUND=0
# First param is which list to use, second is search pattern
scan () {
if [ "$1" = "1" ] ; then
dirs=$libdirs
elif [ "$1" = "2" ] ; then
dirs=$progdirs
elif [ "$1" = "3" ] ; then
dirs=$3
fi
for d in $dirs ; do
if [ ! -d $d ] ; then
continue
fi
files=`/usr/bin/find $d -name "$2" -type f 2>/dev/null`
for f in $files
do
syms=`/usr/bin/readelf -s $f 2>/dev/null | egrep ' chroot@.*GLIBC'`
if [ x"$syms" != "x" ] ; then
syms=`/usr/bin/readelf -s $f 2>/dev/null | egrep ' chdir@.*GLIBC'`
if [ x"$syms" = "x" ] ; then
if [ $FOUND = 0 ] ; then
printf "%-44s%s\n" "FILE" " PACKAGE"
FOUND=1
fi
# Red
printf "\033[31m%-44s\033[m" $f
#rpm -qf --queryformat "%{NAME}-%{VERSION}" $f
rpm -qf --queryformat " %{SOURCERPM}" $f
echo
else
# One last test to see if chdir is within 3
# lines of chroot
syms=`objdump -d $f | egrep callq | egrep 'chroot@plt' -A2 | egrep 'chroot|chdir'`
if [ x"$syms" = "x" ] ; then
syms=`echo $f | egrep -v 'libc-2|libc.so'`
if [ x"$syms" != "x" ] ; then
if [ $FOUND = 0 ] ; then
printf "%-44s%s\n" "FILE" "PACKAGE"
FOUND=1
fi
printf "\033[31m%-44s\033[m" $f
rpm -qf --queryformat " %{SOURCERPM}" $f
echo
fi
fi
fi
fi
done
done
}
if [ $# -eq 1 ] ; then
if [ -d $1 ] ; then
scan 3 '*' $1
else
echo "Input is not a directory"
exit 1
fi
else
scan 2 '*'
scan 1 '*.so'
fi
if [ $FOUND -eq 0 ] ; then
# Nothing to report, just exit
echo "No problems found" 1>&2
exit 0
fi
exit 1
meta-security/recipes-security/redhat-security/files/find-elf4tmp.sh
+84
View File
@@ -0,0 +1,84 @@
#!/bin/sh
# find_elf4tmp utility
# Copyright (c) 2010-12 Steve Grubb. ALL RIGHTS RESERVED.
# sgrubb@redhat.com
#
# This software may be freely redistributed under the terms of the GNU
# public license.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
# This script will search a directory and its subdirectories for all elf
# executables. It will then search for the use of the tmp directory. If it finds
# this is true, it will then check to see if XXX is being used which would
# indicate that the path is going to be randomized.
if [ $# -ge 2 ] ; then
echo "Usage: find_elf4tmp [directory]" 1>&2
exit 1
fi
if [ ! -x /usr/bin/strings ] ; then
echo "Skipping due to missing /usr/bin/eu-strings utility"
exit 1
fi
if [ -h /bin ] ; then
DIRS="/usr/bin /usr/sbin /usr/libexec /usr/kerberos /usr/games /usr/lib /usr/lib64 /usr/local"
else
DIRS="/bin /sbin /usr/bin /usr/sbin /usr/libexec /usr/kerberos /usr/games /lib /lib64 /usr/lib /usr/lib64 /usr/local"
fi
if [ $# -eq 1 ] ; then
if [ -d "$1" ] ; then
DIRS="$1"
else
echo "Option passed in was not a directory" 1>&2
exit 1
fi
fi
FOUND=0
for d in $DIRS
do
if [ ! -d $d ] ; then
continue
fi
# echo "Scanning files in $d..."
for f in `/usr/bin/find $d -type f 2>/dev/null`
do
# Get just the elf executables
testf=`echo $f | /usr/bin/file -n -f - 2>/dev/null | grep ELF`
if [ x"$testf" != "x" ] ; then
test_res=`/usr/bin/strings $f | /bin/grep '/tmp/' | /bin/egrep -v 'XX|/tmp/$|[ .,:]/tmp/'`
if [ x"$test_res" = "x" ] ; then
continue
fi
# Do further examination...
syms=`/usr/bin/readelf -s $f 2>/dev/null | egrep ' mkstemp@.*GLIBC| tempnam@.*GLIBC| tmpfile@.*GLIBC'`
if [ x"$syms" != "x" ] ; then
continue
fi
# Well its a bad one...out with it
FOUND=1
# Get the package
RPM=`/bin/rpm -qf --queryformat "%{NAME}-%{VERSION}" $f 2>/dev/null | /bin/grep -v 'not owned' | /usr/bin/sort | /usr/bin/uniq`
if [ x"$RPM" = "x" ] ; then
RPM="<unowned>"
fi
# For each tmp string, output the line
echo $test_res | /usr/bin/tr '\b' '\n' | /usr/bin/awk 'NF >= 1 { printf "%-46s\t%-30s\t%s\n", f, r, $1 }' r=$RPM f=$f
fi
done
done
if [ $FOUND -eq 0 ] ; then
# Nothing to report, just exit
echo "No problems found" 1>&2
exit 0
fi
exit 1
meta-security/recipes-security/redhat-security/files/find-execstack.sh
+72
View File
@@ -0,0 +1,72 @@
#!/bin/sh
#
# find-execstack utility
# Copyright (c) 2007 Steve Grubb. ALL RIGHTS RESERVED.
# sgrubb@redhat.com
#
# This software may be freely redistributed under the terms of the GNU
# public license.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
# This program looks for executable stacks
#
libdirs="/lib /lib64 /usr/lib /usr/lib64"
progdirs="/bin /sbin /usr/bin /usr/sbin /usr/libexec"
FOUND=0
# First param is which list to use, second is search pattern
scan () {
if [ "$1" = "1" ] ; then
dirs=$libdirs
elif [ "$1" = "2" ] ; then
dirs=$progdirs
fi
for d in $dirs ; do
if [ ! -d $d ] ; then
continue
fi
files=`/usr/bin/find $d -name "$2" -type f 2>/dev/null`
for f in $files
do
FOUND_ONE=0
stacks=`/usr/bin/eu-readelf -l $f 2>/dev/null | grep STACK`
if [ x"$stacks" != "x" ] ; then
perms=`echo $stacks | /bin/awk '{ print $7 }'`
if [ x"$perms" != x -a "$perms" != "RW" ] ; then
FOUND_ONE=1
fi
fi
old_stacks=`echo $stacks | /bin/grep -v GNU_STACK`
if [ x"$old_stacks" != "x" ] ; then
FOUND_ONE=1
fi
heaps=`/usr/bin/eu-readelf -l $f 2>/dev/null | grep GNU_HEAP`
if [ x"$heaps" != "x" ] ; then
FOUND_ONE=1
fi
if [ $FOUND_ONE = 1 ] ; then
printf "%-42s" $f
rpm -qf --queryformat "%{SOURCERPM}" $f
echo
FOUND=1
fi
done
done
}
scan 1 '*.so'
scan 2 '*'
if [ $FOUND -eq 0 ] ; then
# Nothing to report, just exit
echo "No problems found" 1>&2
exit 0
fi
exit 1
meta-security/recipes-security/redhat-security/files/find-hidden-exec.sh
+21
View File
@@ -0,0 +1,21 @@
#!/bin/sh
#
#
# This software may be freely redistributed under the terms of the GNU
# public license.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
# This program looks for hidden executables
find / -name '.*' -type f -perm /00111 2>/dev/null
# Also need to find hidden dirs and see if anything below it is hidden
hidden_dirs=`find / -name '.*' -type d 2>/dev/null`
for d in $hidden_dirs
do
find $d -name '.*' -type f -perm /00111 2>/dev/null
done
meta-security/recipes-security/redhat-security/files/find-nodrop-groups.sh
+85
View File
@@ -0,0 +1,85 @@
#!/bin/sh
#
# find-nodrop-groups utility
# Copyright (c) 2011 Steve Grubb. ALL RIGHTS RESERVED.
# sgrubb@redhat.com
#
# This software may be freely redistributed under the terms of the GNU
# public license.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
# This program looks for apps that use setgid(2) without using initgroups(3)
# or setgroups(2).
#
# To save to file: ./find-nodrop-groups | sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" | tee findings.txt
libdirs="/lib /lib64 /usr/lib /usr/lib64"
progdirs="/bin /sbin /usr/bin /usr/sbin /usr/libexec"
FOUND=0
# First param is which list to use, second is search pattern
scan () {
if [ "$1" = "1" ] ; then
dirs=$libdirs
elif [ "$1" = "2" ] ; then
dirs=$progdirs
elif [ "$1" = "3" ] ; then
dirs=$3
fi
for d in $dirs ; do
if [ ! -d $d ] ; then
continue
fi
files=`/usr/bin/find $d -name "$2" -type f 2>/dev/null`
for f in $files
do
syms=`/usr/bin/readelf -s $f 2>/dev/null | egrep ' setgid@.*GLIBC| setegid@.*GLIBC| setresgid@.*GLIBC'`
if [ x"$syms" != "x" ] ; then
syms=`/usr/bin/readelf -s $f 2>/dev/null | egrep ' setuid@.*GLIBC| seteuid@.*GLIBC| setresuid@.*GLIBC'`
if [ x"$syms" != "x" ] ; then
syms=`/usr/bin/readelf -s $f 2>/dev/null | egrep ' setgroups@.*GLIBC| initgroups@.*GLIBC'`
if [ x"$syms" = "x" ] ; then
if [ $FOUND = 0 ] ; then
printf "%-44s%s\n" "FILE" "PACKAGE"
fi
syms=`find $f \( -perm -004000 -o -perm -002000 \) -type f -print`
if [ x"$syms" = "x" ] ; then
printf "\033[31m%-44s\033[m" $f
rpm -qf --queryformat "%{SOURCERPM}" $f
echo
FOUND=1
# else
# printf "\033[33m%-44s\033[m" $f
fi
#rpm -qf --queryformat "%{NAME}-%{VERSION}" $f
fi
fi
fi
done
done
}
if [ $# -eq 1 ] ; then
if [ -d $1 ] ; then
scan 3 '*' $1
else
echo "Input is not a directory"
exit 1
fi
else
scan 1 '*.so'
scan 2 '*'
fi
if [ $FOUND -eq 0 ] ; then
# Nothing to report, just exit
echo "No problems found" 1>&2
exit 0
fi
exit 1
meta-security/recipes-security/redhat-security/files/find-sh4errors.sh
+132
View File
@@ -0,0 +1,132 @@
#!/bin/sh
# find_sh4errors utility
# Copyright (c) 2004 Steve Grubb. ALL RIGHTS RESERVED.
# sgrubb@redhat.com
#
# This software may be freely redistributed under the terms of the GNU
# public license.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
# This script will search a directory and its subdirectories for every shell
# script. It then runs sh -n to see if bash can determine if there are obvious
# parsing errors. It does have a bug in that bash -n does not take into
# account someone may program an unconditional exit and then include man page
# generation information. It also fails to notice the exec command. When you
# run across files that do either of the above, add it to the KNOWN_BAD list.
if [ $# -ge 2 ] ; then
echo "Usage: find_sh4errors [directory]" 1>&2
exit 1
fi
INTERPRETERS="wish wishx tclsh guile rep itkwish expect /etc/kde/kdm/Xsession /etc/X11/xdm/Xsession /usr/bin/festival perl hfssh"
SKIP_DIRS="/opt /home /root"
KNOWN_BAD="/usr/bin/kde-build /usr/bin/cvsversion samples/copifuncs/copi.sendifm1 bashdb bash_completion_test"
DIR="/"
if [ $# -eq 1 ] ; then
if [ -d "$1" ] ; then
DIR="$1"
else
echo "Option passed in was not a directory" 1>&2
exit 1
fi
fi
tempfile=`mktemp /tmp/sh4.XXXXXX`
tempfile2=`mktemp /tmp/sh4.XXXXXX`
if [ -z "$tempfile" -o -z "$tempfile2" ] ; then
echo ; echo "Unable to create tempfiles...aborting." 1>&2 ; echo
exit 1
fi
trap "rm -f $tempfile; rm -f $tempfile2; exit 2" 1 2 3 5 15
# Get executable files
#echo "Locating executables..."
/usr/bin/find $DIR -type f -perm /0111 -print >> $tempfile 2>/dev/null
FOUND=0
#echo "Refining list to shell scripts..."
while read f
do
# Get just the shell scripts
testf=`echo $f | /usr/bin/file -n -f - | egrep 'ourne|POSIX shell'`
if [ x"$testf" != x ] ; then
echo $f >> $tempfile2
FOUND=1
fi
done < $tempfile
/bin/rm -f $tempfile
if [ $FOUND -eq 0 ] ; then
# Nothing to report, just exit
# echo "Examining shell scripts in $DIR"
# echo "No problems found"
/bin/rm -f $tempfile2
exit 0
fi
#echo "Examining shell scripts in $DIR"
FOUND=0
while read i
do
# First see if the script calls an interpreter
SKIP=0
for lang in $INTERPRETERS
do
if `/bin/cat "$i" 2>/dev/null | \
grep "exec[ \t].*$lang" >/dev/null` ; then
SKIP=1
break
fi
done
if [ $SKIP -eq 1 ] ; then
continue
fi
# See if this is in a dir we want to ignore
for d in $SKIP_DIRS
do
if `echo "$i" | /bin/grep "^\$d" >/dev/null`; then
SKIP=1
break
fi
done
if [ $SKIP -eq 1 ] ; then
continue
fi
# Don't do the known naughty files
for bad in $KNOWN_BAD
do
if `echo "$i" | /bin/grep "$bad" >/dev/null`; then
SKIP=1
break
fi
done
if [ $SKIP -eq 1 ] ; then
continue
fi
# Now examine them for correctness
interp=`/usr/bin/head -n 1 "$i" | /bin/awk '{ print $1 }' | \
/usr/bin/tr -d '#!'`
if [ x"$interp" = "x" -o ! -x "$interp" ] ; then
interp="/bin/sh"
fi
$interp -n "$i" 2>/dev/null
if [ $? -ne 0 ] ; then
printf "%-44s" "$i"
rpm -qf --queryformat "%{NAME}-%{VERSION}" $i
echo
FOUND=1
fi
done < $tempfile2
/bin/rm -f $tempfile2
if [ $FOUND -eq 0 ] ; then
# Nothing to report, just exit
# echo "No problems found"
exit 0
fi
exit 1
meta-security/recipes-security/redhat-security/files/find-sh4tmp.sh
+116
View File
@@ -0,0 +1,116 @@
#!/bin/sh
# find_sh4tmp utility
# Copyright (c) 2005 Steve Grubb. ALL RIGHTS RESERVED.
# sgrubb@redhat.com
#
# This software may be freely redistributed under the terms of the GNU
# public license.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
# This script will search a directory and its subdirectories for all shell
# scripts. It will then search for the use of the tmp directory. If it finds
# this is true, it will then try to determine if mktemp or something
# reasonable was used and exclude it. It has a bug in that it does not handle
# rm -f /tmp/ or mkdir /tmp/ correctly. If you run across files that do that,
# add them to the KNOWN_BAD list to ignore them.
if [ $# -ge 2 ] ; then
echo "Usage: find_sh4tmp [directory]" 1>&2
exit 1
fi
INTERPRETERS="wish wishx tclsh guile rep itkwish expect /etc/kde/kdm/Xsession /etc/X11/xdm/Xsession /usr/bin/festival perl hfssh"
SKIP_DIRS="/opt /home /root /mnt /media /dev /proc /selinux /sys /usr/share/doc"
KNOWN_BAD="kopete_latexconvert.sh cvs2dist fixfiles mysqlbug build/scripts/package/mkspec py-compile rc.sysinit init.d/xfs diff-jars grub-install mailshar vncserver Xsession sysreport cross-build vpkg rcs-to-cvs debug_check_log cvs2vendor tmpwatch ps2epsi mkdumprd xdg-open xdg-mime xdg-email gzexe"
DIR="/"
if [ $# -eq 1 ] ; then
if [ -d "$1" ] ; then
DIR="$1"
else
echo "Option passed in was not a directory" 1>&2
exit 1
fi
fi
tempfile=`mktemp /tmp/sh4.XXXXXX`
tempfile2=`mktemp /tmp/sh4.XXXXXX`
if [ -z "$tempfile" -o -z "$tempfile2" ] ; then
echo ; echo "Unable to create tempfiles...aborting." 1>&2 ; echo
exit 1
fi
trap "rm -f $tempfile; rm -f $tempfile2; exit 2" 1 2 3 5 15
# Get executable files
#echo "Scanning shell scripts in $DIR..."
find $DIR -type f -perm /0111 -print >> $tempfile 2>/dev/null
FOUND=0
while read f
do
# Get just the shell scripts
testf=`echo $f | file -n -f - | egrep 'ourne|POSIX shell'`
if [ x"$testf" != x ] ; then
# FIXME: need to do something to get rid of echo, rm, or mkdir "/tmp/"
test_res=`cat $f 2>/dev/null | grep '\/tmp\/' | grep -v 'mktemp' | grep -v '^#'`
if [ x"$test_res" = x ] ; then
continue
fi
# Do further examination...
# First see if the script calls an interpreter
SKIP=0
for lang in $INTERPRETERS
do
if `cat "$f" | grep "exec[ \t].*$lang" >/dev/null` ; then
SKIP=1
break
fi
done
if [ $SKIP -eq 1 ] ; then
continue
fi
# See if this is in a dir we want to ignore
for d in $SKIP_DIRS
do
if `echo "$f" | grep "^\$d" >/dev/null`; then
SKIP=1
break
fi
done
if [ $SKIP -eq 1 ] ; then
continue
fi
# Don't do the known naughty files
for bad in $KNOWN_BAD
do
if `echo "$f" | grep "$bad" >/dev/null`; then
SKIP=1
break
fi
done
if [ $SKIP -eq 1 ] ; then
continue
fi
# Well its a bad one...out with it
printf "%-44s" $f
rpm -qf --queryformat "%{NAME}-%{VERSION}" $f
echo
FOUND=1
fi
done < $tempfile
rm -f $tempfile
if [ $FOUND -eq 0 ] ; then
# Nothing to report, just exit
# echo "No problems found"
rm -f $tempfile2
exit 0
fi
exit 1
meta-security/recipes-security/redhat-security/files/lib-bin-check.sh
+31
View File
@@ -0,0 +1,31 @@
#!/bin/sh
# This software may be freely redistributed under the terms of the GNU
# public license.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
found=0
list=`rpm -qa --queryformat "%{NAME}-%{VERSION}.%{ARCH}\n" | grep '^lib' | egrep -v '\-utils\-|\-bin\-|\-tools\-|\-client\-|libreoffice|\-plugin\-'`
for p in $list
do
bin=`rpm -ql $p | egrep '^/bin|^/sbin|^/usr/bin|^/usr/sbin' | grep -v '\-config'`
if [ "x$bin" != "x" ]; then
testf=`echo $bin | /usr/bin/file -n -f - 2>/dev/null | grep ELF`
if [ x"$testf" != "x" ] ; then
found=1
echo "$p could be split into a utils package"
fi
fi
done
if [ $found = 0 ]; then
echo "No problems found"
exit 0
fi
exit 1
meta-security/recipes-security/redhat-security/files/rpm-chksec.sh
+279
View File
@@ -0,0 +1,279 @@
#!/bin/sh
# rpm-chksec
#
# Copyright (c) 2011-2013 Steve Grubb. ALL RIGHTS RESERVED.
# sgrubb@redhat.com
#
# This software may be freely redistributed under the terms of the GNU
# public license.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
# Given an rpm, it will look at each file to check that its compiled with
# the intended flags to make it more secure. Things that are green are OK.
# Anything in yellow could be better but is passable. Anything in red needs
# attention.
#
# If the --all option is given, it will generate a list of rpms and then
# summarize the rpm's state. For yes, then all files are in the expected
# state. Just one file not compiled with the right flags can turn the
# answer to no. Re-run passing that package (instead of --all) for the details.
#
# To save to file: ./rpm-chksec | sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" | tee output.txt
VERSION="0.5.2"
usage () {
echo "rpm-chksec [--version|--all|<rpmname>...]"
if [ ! -x /usr/bin/filecap ] ; then
echo "You need to install libcap-ng-utils to test capabilities"
fi
if [ $EUID != 0 ] ; then
echo "You might need to be root to read some files"
fi
exit 0
}
if [ "$1" = "--help" -o $# -eq 0 ] ; then
usage
fi
if [ "$1" = "--version" ] ; then
echo "rpm-chksec $VERSION"
exit 0
fi
if [ "$1" = "--all" ] ; then
MODE="all"
else
MODE="single"
fi
do_one () {
if ! rpm -q $1 >/dev/null 2>&1 ; then
if [ "$MODE" = "single" ] ; then
echo "$1 is not installed"
exit 1
else
echo "not installed"
return
fi
fi
files=`rpm -ql $1`
# Look for daemons, need this for later...
DAEMON=""
for f in $files
do
if [ ! -f "$f" ] ; then
continue
fi
if [ `echo "$f" | grep '\/etc\/rc.d\/init.d'` ] ; then
n=`basename "$f"`
t=`which "$n" 2>/dev/null`
if [ x"$t" != "x" ] ; then
DAEMON="$DAEMON $t"
continue
fi
t=`which "$n"d 2>/dev/null`
if [ x"$t" != "x" ] ; then
DAEMON="$DAEMON $t"
continue
fi
t=`cat "$f" 2>/dev/null | grep 'bin' | grep 'exit 5' | grep -v '\$'`
if [ x"$t" != "x" ] ; then
DAEMON="$DAEMON $t"
continue
fi
if [ "$MODE" = "single" ] ; then
echo "Can't find the executable in $f but daemon rules would apply"
fi
elif [ `echo "$f" | grep '\/lib\/systemd\/'` ] ; then
t=`cat "$f" | grep -i '^ExecStart=' | tr '=' ' ' | awk '{ print $2 }'`
if [ x"$t" != "x" ] ; then
DAEMON="$DAEMON $t"
continue
fi
fi
done
# Prevent garbled output when doing --all.
skip_current=0
for f in $files
do
if [ ! -f "$f" ] ; then
continue
fi
# Some packages have files with ~ in them. This avoids it.
if ! echo "$f" | grep '^/' >/dev/null ; then
continue
fi
if [ ! -r "$f" ] && [ $EUID != 0 ] ; then
if [ $MODE = "single" ] ; then
echo "Please re-test $f as the root user"
else
# Don't print results.
skip_current=1
echo "Please re-test $1 as the root user"
fi
continue
fi
if ! file "$f" | grep -qw 'ELF'; then
continue
fi
RELRO="no"
if readelf -l "$f" 2>/dev/null | grep -q 'GNU_RELRO'; then
RELRO="partial"
fi
if readelf -d "$f" 2>/dev/null | grep -q 'BIND_NOW'; then
RELRO="full"
fi
PIE="no"
if readelf -h "$f" 2>/dev/null | grep -q 'Type:[[:space:]]*DYN'; then
PIE="DSO"
if readelf -d "$f" 2>/dev/null | grep -q '(DEBUG)'; then
PIE="yes"
fi
fi
APP=""
if [ x"$DAEMON" != "x" ] ; then
for d in $DAEMON
do
if [ "$f" = "$d" ] ; then
APP="daemon"
break
fi
done
fi
if [ x"$APP" = "x" ] ; then
# See if this is a library or a setuid app
if [ `echo "$f" | grep '\/lib' | grep '\.so'` ] ; then
APP="library"
elif [ `find "$f" -perm -004000 -type f -print` ] ; then
APP="setuid"
elif [ `find "$f" -perm -002000 -type f -print` ] ; then
APP="setgid"
elif [ -x /usr/bin/filecap ] && [ `filecap "$f" 2> /dev/null | wc -w` -gt 0 ] ; then
APP="setcap"
else
syms1=`/usr/bin/readelf -s "$f" 2>/dev/null | egrep ' connect@.*GLIBC| listen@.*GLIBC| accept@.*GLIBC|accept4@.*GLIBC'`
syms2=`/usr/bin/readelf -s "$f" 2>/dev/null | egrep ' getaddrinfo@.*GLIBC| getnameinfo@.*GLIBC| getservent@.*GLIBC| getservbyname@.*GLIBC| getservbyport@.*GLIBC|gethostbyname@.*GLIBC| gethostbyname2@.*GLIBC| gethostbyaddr@.*GLIBC| gethostbyaddr2@.*GLIBC'`
if [ x"$syms1" != "x" ] ; then
if [ x"$syms2" != "x" ] ; then
APP="network-ip"
else
APP="network-local"
fi
fi
fi
fi
if [ x"$APP" = "x" ] ; then
APP="exec"
fi
# OK, ready for the output
if [ "$MODE" = "single" ] ; then
printf "%-56s %-10s " "$f" $APP
if [ "$APP" = "daemon" -o "$APP" = "setuid" -o "$APP" = "setgid" -o "$APP" = "setcap" -o "$APP" = "network-ip" -o "$APP" = "network-local" ] ; then
if [ "$RELRO" = "full" ] ; then
printf "\033[32m%-7s\033[m " $RELRO
elif [ "$RELRO" = "partial" ] ; then
printf "\033[33m%-7s\033[m " $RELRO
else
printf "\033[31m%-7s\033[m " $RELRO
fi
if [ "$PIE" = "yes" ] ; then
printf "\033[32m%-4s\033[m" $PIE
else
printf "\033[31m%-4s\033[m" $PIE
fi
elif [ "$APP" = "library" ] ; then
if [ "$RELRO" = "full" -o "$RELRO" = "partial" ] ; then
printf "\033[32m%-7s\033[m " $RELRO
else
printf "\033[31m%-7s\033[m " $RELRO
fi
printf "\033[32m%-4s\033[m" $PIE
else
# $APP = exec - we want partial relro
if [ "$RELRO" = "no" ] ; then
printf "\033[31m%-7s\033[m " $RELRO
else
printf "\033[32m%-7s\033[m " $RELRO
fi
printf "\033[32m%-4s\033[m" $PIE
fi
echo
else
if [ "$APP" = "daemon" -o "$APP" = "setuid" -o "$APP" = "setgid" -o "$APP" = "setcap" -o "$APP" = "network-ip" -o "$APP" = "network-local" ] ; then
if [ "$RELRO" = "no" ] ; then
RELRO_SUM="no"
APP_SUM="$APP"
fi
if [ "$PIE" = "no" ] ; then
PIE_SUM="no"
APP_SUM="$APP"
fi
elif [ "$APP" = "library" ] ; then
if [ "$RELRO" = "no" ] ; then
RELRO_SUM="no"
APP_SUM="$APP"
fi
# $APP = exec - must have partial or full relro
elif [ "$RELRO" = "no" ] ; then
RELRO_SUM="no"
APP_SUM="$APP"
fi
fi
done
}
if [ "$MODE" = "single" ] ; then
printf "%-56s %-10s %-7s %-4s" "FILE" "TYPE" "RELRO" "PIE"
echo
for i; do
f=$(basename $1)
# Strip the .rpm extension, if present.
do_one ${f%%.rpm}
shift
done
exit 0
fi
# Skip the kernel as its special
packages=`rpm -qa | egrep -v 'kernel.|debuginfo.|.noarch|gpg-pubkey' | sort`
printf "%-50s %-5s %-4s %-14s" "PACKAGE" "RELRO" "PIE" "CLASS"
echo
for p in $packages
do
RELRO_SUM="yes"
PIE_SUM="yes"
APP_SUM=""
printf "%-50s " $p
do_one $p
if [[ $skip_current -eq 1 ]] ; then
continue
fi
if [ "$RELRO_SUM" = "yes" ] ; then
printf "\033[32m%-5s\033[m " "$RELRO_SUM"
else
printf "\033[31m%-5s\033[m " "$RELRO_SUM"
fi
if [ "$PIE_SUM" = "yes" ] ; then
printf "\033[32m%-4s\033[m" "$PIE_SUM"
if [ "$RELRO_SUM" = "no" ] ; then
printf " %-14s" "$APP_SUM"
fi
else
if [ "$APP_SUM" = "network-local" ] ; then
printf "\033[33m%-4s\033[m %-14s" "$PIE_SUM" "$APP_SUM"
else
printf "\033[31m%-4s\033[m %-14s" "$PIE_SUM" "$APP_SUM"
fi
fi
echo
done
exit 0
meta-security/recipes-security/redhat-security/files/rpm-drop-groups.sh
+131
View File
@@ -0,0 +1,131 @@
#!/bin/sh
# rpm-drop-groups
#
# Copyright (c) 2011 Steve Grubb. ALL RIGHTS RESERVED.
# sgrubb@redhat.com
#
# This software may be freely redistributed under the terms of the GNU
# public license.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
# Given an rpm, it will look at each file to check if it tries to change
# group and user credentials. If so, it further tries to determine if
# it also calls setgroups or initgroups. To correctly change groups, the
# program must drop supplemntal groups. Programs are classified into: n/a
# meaning no group dropping occurs, yes its done correctly, and no meaning
# there seems to be a problem.
#
# If the --all option is given, it will generate a list of rpms and then
# summarize the rpm's state. For yes, then all files are in the expected
# state. Just one program failing can turn the package's summary to no.
# Re-run passing that package (instead of --all) for the details.
#
# To save to file: ./rpm-drop-groups | sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" | tee output.txt
VERSION="0.1"
usage () {
echo "rpm-drop-groups [--all|<rpmname>|--version]"
exit 0
}
if [ "$1" = "--help" -o $# -eq 0 ] ; then
usage
fi
if [ "$1" = "--version" ] ; then
echo "rpm-drop-groups $VERSION"
exit 0
fi
if [ "$1" = "--all" ] ; then
MODE="all"
else
MODE="single"
fi
do_one () {
if ! rpm -q $1 >/dev/null 2>&1 ; then
if [ "$MODE" = "single" ] ; then
echo "$1 is not installed"
exit 1
else
echo "not installed"
return
fi
fi
files=`rpm -ql $1`
for f in $files
do
if [ ! -f $f ] ; then
continue
fi
if ! file $f | grep -q 'ELF'; then
continue
fi
CORRECT="n/a"
syms=`/usr/bin/readelf -s $f 2>/dev/null | egrep ' setgid@.*GLIBC| setegid@.*GLIBC| setresgid@.*GLIBC'`
if [ x"$syms" != "x" ] ; then
CORRECT="yes"
syms=`/usr/bin/readelf -s $f 2>/dev/null | egrep ' setuid@.*GLIBC| seteuid@.*GLIBC| setresuid@.*GLIBC'`
if [ x"$syms" != "x" ] ; then
syms=`/usr/bin/readelf -s $f 2>/dev/null | egrep ' setgroups@.*GLIBC| initgroups@.*GLIBC'`
if [ x"$syms" = "x" ] ; then
syms=`find $f \( -perm -004000 -o -perm -002000 \) -type f -print`
if [ x"$syms" = "x" ] ; then
CORRECT="no"
fi
fi
fi
fi
# OK, ready for the output
if [ "$MODE" = "single" ] ; then
printf "%-60s " $f
if [ "$CORRECT" = "yes" ] ; then
printf "\033[32m%-7s\033[m " $CORRECT
elif [ "$CORRECT" = "no" ] ; then
printf "\033[31m%-7s\033[m " $CORRECT
else
printf "\033[33m%-7s\033[m " $CORRECT
fi
echo
else
if [ "$CORRECT" = "no" ] ; then
CORRECT_SUM="no"
fi
fi
done
}
if [ "$MODE" = "single" ] ; then
printf "%-60s%-7s" "FILE" "CORRECT"
echo
for i; do
do_one $1
shift
done
exit 0
fi
packages=`rpm -qa --queryformat "%{NAME}.%{ARCH}\n" | sort`
printf "%-50s %-7s" "PACKAGE" "CORRECT"
echo
for p in $packages
do
CORRECT_SUM="yes"
printf "%-50s " $p
do_one $p
if [ "$CORRECT_SUM" = "yes" ] ; then
printf "\033[32m%-7s\033[m " $CORRECT_SUM
else
printf "\033[31m%-7s\033[m " $CORRECT_SUM
fi
echo
done
exit 0
meta-security/recipes-security/redhat-security/files/selinux-check-devices.sh
+12
View File
@@ -0,0 +1,12 @@
#!/bin/sh
# This software may be freely redistributed under the terms of the GNU
# public license.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
find /dev -context *:device_t:* \( -type c -o -type b \) -printf "%p %Z\n"
meta-security/recipes-security/redhat-security/files/selinux-ls-unconfined.sh
+19
View File
@@ -0,0 +1,19 @@
#!/bin/sh
# This software may be freely redistributed under the terms of the GNU
# public license.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
# This checks for unconfined apps running, initrc and inetd are signs
# of missing transitions.
pidof xinetd >/dev/null
if [ $? -eq 0 ] ; then
ps -eZ | egrep "initrc|inetd" | egrep -v `pidof xinetd` | tr ':' ' ' | awk '{ printf "%s %s\n", $3, $NF }'
else
ps -eZ | egrep "initrc" | tr ':' ' ' | awk '{ printf "%s %s\n", $3, $NF }'
fi
meta-security/recipes-security/redhat-security/redhat-security_1.0.bb
+40
View File
@@ -0,0 +1,40 @@
SUMMARY = "redhat security tools"
DESCRIPTION = "Tools used by redhat linux distribution for security checks"
SECTION = "security"
LICENSE = "GPL-2.0-only"
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6"
SRC_URI = "file://find-chroot-py.sh \
file://find-chroot.sh \
file://find-elf4tmp.sh \
file://find-execstack.sh \
file://find-hidden-exec.sh \
file://find-nodrop-groups.sh \
file://find-sh4errors.sh \
file://find-sh4tmp.sh \
file://lib-bin-check.sh \
file://rpm-chksec.sh \
file://rpm-drop-groups.sh \
file://selinux-check-devices.sh \
file://selinux-ls-unconfined.sh"
S = "${WORKDIR}"
do_install() {
install -d ${D}${bindir}
install -m 0755 ${WORKDIR}/find-chroot-py.sh ${D}${bindir}
install -m 0755 ${WORKDIR}/find-chroot.sh ${D}${bindir}
install -m 0755 ${WORKDIR}/find-elf4tmp.sh ${D}${bindir}
install -m 0755 ${WORKDIR}/find-execstack.sh ${D}${bindir}
install -m 0755 ${WORKDIR}/find-hidden-exec.sh ${D}${bindir}
install -m 0755 ${WORKDIR}/find-nodrop-groups.sh ${D}${bindir}
install -m 0755 ${WORKDIR}/find-sh4errors.sh ${D}${bindir}
install -m 0755 ${WORKDIR}/find-sh4tmp.sh ${D}${bindir}
install -m 0755 ${WORKDIR}/lib-bin-check.sh ${D}${bindir}
install -m 0755 ${WORKDIR}/rpm-chksec.sh ${D}${bindir}
install -m 0755 ${WORKDIR}/rpm-drop-groups.sh ${D}${bindir}
install -m 0755 ${WORKDIR}/selinux-check-devices.sh ${D}${bindir}
install -m 0755 ${WORKDIR}/selinux-ls-unconfined.sh ${D}${bindir}
}
RDEPENDS:${PN} = "file libcap-ng procps findutils"
meta-security/recipes-security/sshguard/sshguard_2.4.2.bb
+11
View File
@@ -0,0 +1,11 @@
SUMARRY=" Intelligently block brute-force attacks by aggregating system logs "
HOMEPAGE = "https://www.sshguard.net/"
LIC_FILES_CHKSUM = "file://COPYING;md5=47a33fc98cd20713882c4d822a57bf4d"
LICENSE = "BSD-1-Clause"
SRC_URI="https://sourceforge.net/projects/sshguard/files/sshguard/${PV}/sshguard-${PV}.tar.gz"
SRC_URI[sha256sum] = "2770b776e5ea70a9bedfec4fd84d57400afa927f0f7522870d2dcbbe1ace37e8"
inherit autotools-brokensep