meta-iot-security upstream no longer in line with AGL security model
Description
Environment
blocks
is blocked by
Activity
jose bollo May 31, 2018 at 7:53 AM
From current seeks, the security manager hasn't to be upgraded.
Nevertheless the question has to be skaed whether to backport or not cynara to solve the issue for EEL.
jose bollo April 5, 2018 at 8:21 AM
Most of the work is done. I let it open because I still have to check whether the security manager has to be upgraded.
jose bollo January 24, 2018 at 11:18 AM
I already contacted Samsung a long time ago on the subject. They rejected the idea to maintain a yocto recipe. They are happy with OBS.
Dominig ar Foll January 24, 2018 at 11:04 AM
José,
for Cynara, it would be good to contact our old friends at Samsung Poland to get their feeling.
It would be preferable if Cynara meta could be a shared effort on the long term.
Having the meta outside of AGL is a bit more complex to setup but would give it more credibility.
Ideally, we I would prefer it to sit in the new meta-iot-security.
Dominig
Changhyeok Bae January 24, 2018 at 1:53 AM
Please consider .bbappend in https://gerrit.automotivelinux.org/gerrit/gitweb?p=AGL/meta-agl.git;a=tree;f=meta-app-framework/recipes-security;h=851c52f149e77b103e373c3e9ca4dbbd7f830ffa;hb=HEAD when you integrate to rocko. Thanks.
The upstream of meta-iot-security has moved away from Smack and Cynara which has forced AGL to stay lock on an old tag.
That solution is not viable and my tests show that it will soon break with the new release of Yocto.
AGL needs to fork the project and create a new upstream which have to be maintained by AGL security experts.