Date   

[meta-selinux][PATCH 2/2] libselinux: fix build with glibc-2.30 from poky

Mikko Rapeli
 


[meta-selinux][PATCH 1/2] meson-selinux.bbclass: fix meson flags for glib-2.0-native

Mikko Rapeli
 

With latest poky master, glib-2.0-native fails to compile:

| meson.build:1:0: ERROR: Value "false" for combo option is not one of the choices. Possible choices are: "enabled",
"disabled", "auto".

Thus use enabled and disabled when enabling and disabling flags
with meson. Now glib-2.0-native compiles again.

Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
---
classes/meson-selinux.bbclass | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/classes/meson-selinux.bbclass b/classes/meson-selinux.bbclass
index 77a763a..91c2a2b 100644
--- a/classes/meson-selinux.bbclass
+++ b/classes/meson-selinux.bbclass
@@ -1,4 +1,4 @@
inherit selinux

PACKAGECONFIG_append = " ${@target_selinux(d)}"
-PACKAGECONFIG[selinux] = "-Dselinux=true,-Dselinux=false,libselinux,"
+PACKAGECONFIG[selinux] = "-Dselinux=enabled,-Dselinux=disabled,libselinux,"
--
1.9.1


[PATCH] selinux-python: Fix dependency for ntpath

Lorenz Kofler <lorenz@...>
 

On yocto warrior the semanage tool didn't work correctly, because it
couldn't find ntpath module. It turned out that this module is now part
of the package python-misc, therefore add dependency to python-misc.

Signed-off-by: Lorenz Kofler <lorenz@sigma-star.at>
---
recipes-security/selinux/selinux-python.inc | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/recipes-security/selinux/selinux-python.inc b/recipes-security/selinux/selinux-python.inc
index c774de4..911d678 100644
--- a/recipes-security/selinux/selinux-python.inc
+++ b/recipes-security/selinux/selinux-python.inc
@@ -44,7 +44,8 @@ RDEPENDS_${BPN}-semanage += "\
python-ipy \
python-compression \
python-xml \
- libselinux-python \
+ python-misc \
+ libselinux-python \
${BPN} \
"
RDEPENDS_${BPN}-sepolicy += "\
--
2.16.4


[meta]/recipes-extended - Sumo Branch

Prawn Hongs <prawnhongs@...>
 

Hi Everyone,

In the Sumo branch, the iptables are not compiling correctly, I see that the xtables.c isn't getting compiled at all.

Here is the recipe for iptables 


Has anyone faced this issue?

Thanks




[meta-security][PATCH] libenv-perl: Remove, moved to meta-perl

Adrian Bunk
 

Signed-off-by: Adrian Bunk <bunk@stusta.de>
---
conf/distro/include/maintainers.inc | 1 -
recipes-perl/perl/libenv-perl_1.04.bb | 21 ---------------------
2 files changed, 22 deletions(-)
delete mode 100644 recipes-perl/perl/libenv-perl_1.04.bb

diff --git a/conf/distro/include/maintainers.inc b/conf/distro/include/maintainers.inc
index 47f5317..7b82ef7 100644
--- a/conf/distro/include/maintainers.inc
+++ b/conf/distro/include/maintainers.inc
@@ -35,7 +35,6 @@ RECIPE_MAINTAINER_pn-hash-perl = "Armin Kuster <akuster808@gmail.com>"
RECIPE_MAINTAINER_pn-isic = "Armin Kuster <akuster808@gmail.com>"
RECIPE_MAINTAINER_pn-keyutils = "Armin Kuster <akuster808@gmail.com>"
RECIPE_MAINTAINER_pn-libaes-siv = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER_pn-libenv-perl = "Armin Kuster <akuster808@gmail.com>"
RECIPE_MAINTAINER_pn-libgssglue = "Armin Kuster <akuster808@gmail.com>"
RECIPE_MAINTAINER_pn-libhtp = "Armin Kuster <akuster808@gmail.com>"
RECIPE_MAINTAINER_pn-libmhash = "Armin Kuster <akuster808@gmail.com>"
diff --git a/recipes-perl/perl/libenv-perl_1.04.bb b/recipes-perl/perl/libenv-perl_1.04.bb
deleted file mode 100644
index dd8e115..0000000
--- a/recipes-perl/perl/libenv-perl_1.04.bb
+++ /dev/null
@@ -1,21 +0,0 @@
-SUMMARY = "Perl module that imports environment variables as scalars or arrays"
-DESCRIPTION = "Perl maintains environment variables in a special hash named %ENV. \
-For when this access method is inconvenient, the Perl module Env allows environment \
-variables to be treated as scalar or array variables."
-
-HOMEPAGE = "http://search.cpan.org/~flora/Env/"
-SECTION = "libs"
-LICENSE = "Artistic-1.0 | GPL-1.0+"
-
-LIC_FILES_CHKSUM = "file://LICENSE;md5=76c1cbf18db56b3340d91cb947943bd3"
-
-SRC_URI = "http://search.cpan.org/CPAN/authors/id/F/FL/FLORA/Env-${PV}.tar.gz"
-
-SRC_URI[md5sum] = "fdba5c0690e66972c96fee112cf5f25c"
-SRC_URI[sha256sum] = "d94a3d412df246afdc31a2199cbd8ae915167a3f4684f7b7014ce1200251ebb0"
-
-S = "${WORKDIR}/Env-${PV}"
-
-inherit cpan
-
-BBCLASSEXTEND = "native"
--
2.17.1


[meta-security][PATCH] xmlsec1: Remove, moved to meta-oe

Adrian Bunk
 

Signed-off-by: Adrian Bunk <bunk@stusta.de>
---
conf/distro/include/maintainers.inc | 1 -
.../packagegroup-core-security-ptest.bb | 1 -
.../packagegroup-core-security.bb | 1 -
.../xmlsec1/change-finding-path-of-nss.patch | 67 ---------------
.../xmlsec1/xmlsec1/fix-ltmain.sh.patch | 26 ------
.../xmlsec1/xmlsec1/makefile-ptest.patch | 40 ---------
recipes-security/xmlsec1/xmlsec1/run-ptest | 85 -------------------
...examples-allow-build-in-separate-dir.patch | 30 -------
recipes-security/xmlsec1/xmlsec1_1.2.28.bb | 64 --------------
9 files changed, 315 deletions(-)
delete mode 100644 recipes-security/xmlsec1/xmlsec1/change-finding-path-of-nss.patch
delete mode 100644 recipes-security/xmlsec1/xmlsec1/fix-ltmain.sh.patch
delete mode 100644 recipes-security/xmlsec1/xmlsec1/makefile-ptest.patch
delete mode 100755 recipes-security/xmlsec1/xmlsec1/run-ptest
delete mode 100644 recipes-security/xmlsec1/xmlsec1/xmlsec1-examples-allow-build-in-separate-dir.patch
delete mode 100644 recipes-security/xmlsec1/xmlsec1_1.2.28.bb

diff --git a/conf/distro/include/maintainers.inc b/conf/distro/include/maintainers.inc
index 94b45f2..47f5317 100644
--- a/conf/distro/include/maintainers.inc
+++ b/conf/distro/include/maintainers.inc
@@ -56,4 +56,3 @@ RECIPE_MAINTAINER_pn-smack = "Armin Kuster <akuster808@gmail.com>"
RECIPE_MAINTAINER_pn-sssd = "Armin Kuster <akuster808@gmail.com>"
RECIPE_MAINTAINER_pn-suricata = "Armin Kuster <akuster808@gmail.com>"
RECIPE_MAINTAINER_pn-tripwire = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER_pn-xmlsec1 = "Armin Kuster <akuster808@gmail.com>"
diff --git a/recipes-security/packagegroup/packagegroup-core-security-ptest.bb b/recipes-security/packagegroup/packagegroup-core-security-ptest.bb
index 4934889..ddcf208 100644
--- a/recipes-security/packagegroup/packagegroup-core-security-ptest.bb
+++ b/recipes-security/packagegroup/packagegroup-core-security-ptest.bb
@@ -13,7 +13,6 @@ SUMMARY_${PN} = "Security packages with ptests"
RDEPENDS_${PN} = " \
ptest-runner \
samhain-standalone-ptest \
- xmlsec1-ptest \
keyutils-ptest \
libseccomp-ptest \
python-scapy-ptest \
diff --git a/recipes-security/packagegroup/packagegroup-core-security.bb b/recipes-security/packagegroup/packagegroup-core-security.bb
index 9165eef..20ba46f 100644
--- a/recipes-security/packagegroup/packagegroup-core-security.bb
+++ b/recipes-security/packagegroup/packagegroup-core-security.bb
@@ -29,7 +29,6 @@ RDEPENDS_packagegroup-security-utils = "\
pinentry \
python-scapy \
ding-libs \
- xmlsec1 \
keyutils \
libseccomp \
${@bb.utils.contains("DISTRO_FEATURES", "pam", "sssd", "",d)} \
diff --git a/recipes-security/xmlsec1/xmlsec1/change-finding-path-of-nss.patch b/recipes-security/xmlsec1/xmlsec1/change-finding-path-of-nss.patch
deleted file mode 100644
index 1cec47f..0000000
--- a/recipes-security/xmlsec1/xmlsec1/change-finding-path-of-nss.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-From c1c980a95d85bcaf8802524d6148783522b300d7 Mon Sep 17 00:00:00 2001
-From: Yulong Pei <Yulong.pei@windriver.com>
-Date: Wed, 21 Jul 2010 22:33:43 +0800
-Subject: [PATCH] change finding path of nss and nspr
-
-Upstream-Status: Pending
-
-Signed-off-by: Yulong Pei <Yulong.pei@windriver.com>
-Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- configure.ac | 20 ++++++++++----------
- 1 file changed, 10 insertions(+), 10 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 951b3eb..1fdeb0f 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -866,10 +866,10 @@ MOZILLA_MIN_VERSION="1.4"
- NSS_CRYPTO_LIB="$XMLSEC_PACKAGE-nss"
- NSPR_PACKAGE=mozilla-nspr
- NSS_PACKAGE=mozilla-nss
--NSPR_INCLUDE_MARKER="nspr/nspr.h"
-+NSPR_INCLUDE_MARKER="nspr.h"
- NSPR_LIB_MARKER="libnspr4$shrext"
- NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4"
--NSS_INCLUDE_MARKER="nss/nss.h"
-+NSS_INCLUDE_MARKER="nss3/nss.h"
- NSS_LIB_MARKER="libnss3$shrext"
- NSS_LIBS_LIST="-lnss3 -lsmime3"
-
-@@ -898,24 +898,24 @@ fi
- dnl Priority 1: User specifies the path to installation
- if test "z$NSPR_FOUND" = "zno" -a "z$with_nspr" != "z" -a "z$with_nspr" != "zyes" ; then
- AC_MSG_CHECKING(for nspr library installation in "$with_nspr" folder)
-- if test -f "$with_nspr/include/$NSPR_INCLUDE_MARKER" -a -f "$with_nspr/lib/$NSPR_LIB_MARKER" ; then
-- NSPR_INCLUDE_PATH="$with_nspr/include"
-- NSPR_LIB_PATH="$with_nspr/lib"
-+ if test -f "$with_nspr/usr/include/$NSPR_INCLUDE_MARKER" -a -f "$with_nspr/${libdir}/$NSPR_LIB_MARKER" ; then
-+ NSPR_INCLUDE_PATH="$with_nspr/usr/include"
-+ NSPR_LIB_PATH="$with_nspr/${libdir}"
- NSPR_FOUND="yes"
- AC_MSG_RESULT([yes])
- else
-- AC_MSG_ERROR([not found: "$with_nspr/include/$NSPR_INCLUDE_MARKER" and/or "$with_nspr/lib/$NSPR_LIB_MARKER" files don't exist), typo?])
-+ AC_MSG_ERROR([not found: "$with_nspr/usr/include/$NSPR_INCLUDE_MARKER" and/or "$with_nspr/${libdir}/$NSPR_LIB_MARKER" files don't exist), typo?])
- fi
- fi
- if test "z$NSS_FOUND" = "zno" -a "z$with_nss" != "z" -a "z$with_nss" != "zyes" ; then
- AC_MSG_CHECKING(for nss library installation in "$with_nss" folder)
-- if test -f "$with_nss/include/$NSS_INCLUDE_MARKER" -a -f "$with_nss/lib/$NSS_LIB_MARKER" ; then
-- NSS_INCLUDE_PATH="$with_nss/include"
-- NSS_LIB_PATH="$with_nss/lib"
-+ if test -f "$with_nss/usr/include/$NSS_INCLUDE_MARKER" -a -f "$with_nss/${libdir}/$NSS_LIB_MARKER" ; then
-+ NSS_INCLUDE_PATH="$with_nss/usr/include/nss3"
-+ NSS_LIB_PATH="$with_nss/${libdir}"
- NSS_FOUND="yes"
- AC_MSG_RESULT([yes])
- else
-- AC_MSG_ERROR([not found: "$with_nss/include/$NSS_INCLUDE_MARKER" and/or "$with_nss/lib/$NSS_LIB_MARKER" files don't exist), typo?])
-+ AC_MSG_ERROR([not found: "$with_nss/usr/include/$NSS_INCLUDE_MARKER" and/or "$with_nss/${libdir}/$NSS_LIB_MARKER" files don't exist), typo?])
- fi
- fi
-
---
-2.7.4
-
diff --git a/recipes-security/xmlsec1/xmlsec1/fix-ltmain.sh.patch b/recipes-security/xmlsec1/xmlsec1/fix-ltmain.sh.patch
deleted file mode 100644
index af598fe..0000000
--- a/recipes-security/xmlsec1/xmlsec1/fix-ltmain.sh.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 847dc52f5a50e34ee4d6e3dc2c708711747a58ca Mon Sep 17 00:00:00 2001
-From: Yulong Pei <Yulong.pei@windriver.com>
-Date: Thu, 21 Jan 2010 14:11:20 +0800
-Subject: [PATCH] force to use our own libtool
-
-Upstream-Status: Inappropriate [ OE specific ]
-
-Signed-off-by: Yulong Pei <Yulong.pei@windriver.com>
-
----
- ltmain.sh | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ltmain.sh b/ltmain.sh
-index 147d758..a61f16b 100644
---- a/ltmain.sh
-+++ b/ltmain.sh
-@@ -6969,7 +6969,7 @@ func_mode_link ()
- dir=$func_resolve_sysroot_result
- # We need an absolute path.
- case $dir in
-- [\\/]* | [A-Za-z]:[\\/]*) ;;
-+ =* | [\\/]* | [A-Za-z]:[\\/]*) ;;
- *)
- absdir=`cd "$dir" && pwd`
- test -z "$absdir" && \
diff --git a/recipes-security/xmlsec1/xmlsec1/makefile-ptest.patch b/recipes-security/xmlsec1/xmlsec1/makefile-ptest.patch
deleted file mode 100644
index d453569..0000000
--- a/recipes-security/xmlsec1/xmlsec1/makefile-ptest.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 83a1381e1d6bd1b5ec3df6f7c4bc1f4fe4f860b6 Mon Sep 17 00:00:00 2001
-From: Jackie Huang <jackie.huang@windriver.com>
-Date: Thu, 15 Jun 2017 14:44:01 +0800
-Subject: [PATCH] xmlsec1: add new recipe
-
-This enables the building of the examples directory
-and it's installed as ptest.
-
-Upstream-Status: Inappropriate [ OE ptest specific ]
-
-Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
-
----
- examples/Makefile | 12 ++++++++++--
- 1 file changed, 10 insertions(+), 2 deletions(-)
-
-diff --git a/examples/Makefile b/examples/Makefile
-index 89b1d61..c1cbcca 100644
---- a/examples/Makefile
-+++ b/examples/Makefile
-@@ -8,9 +8,17 @@ PROGRAMS = \
- decrypt1 decrypt2 decrypt3 \
- xmldsigverify
-
-+ifndef CC
- CC = gcc
--CFLAGS += -g $(shell xmlsec1-config --cflags) -DUNIX_SOCKETS
--LDLIBS += -g $(shell xmlsec1-config --libs)
-+endif
-+
-+CFLAGS += -I../include -g $(shell PKG_CONFIG_PATH=.. pkg-config --cflags xmlsec1 ) -DUNIX_SOCKETS
-+LDLIBS += -L../src/.libs -g $(shell PKG_CONFIG_PATH=.. pkg-config --libs xmlsec1 )
-+
-+DESTDIR = /usr/share/xmlsec1
-+install-ptest:
-+ if [ ! -d $(DESTDIR) ]; then mkdir -p $(DESTDIR); fi
-+ cp * $(DESTDIR)
-
- all: $(PROGRAMS)
-
diff --git a/recipes-security/xmlsec1/xmlsec1/run-ptest b/recipes-security/xmlsec1/xmlsec1/run-ptest
deleted file mode 100755
index a203c38..0000000
--- a/recipes-security/xmlsec1/xmlsec1/run-ptest
+++ /dev/null
@@ -1,85 +0,0 @@
-#!/bin/sh
-
-check_return() {
- if [ $? == 0 ]; then
- echo -e "PASS: $1\n"
- else
- echo -e "FAIL: $1\n"
- fi
-}
-
-echo "---------------------------------------------------"
-echo "Signing a template file..."
-./sign1 sign1-tmpl.xml rsakey.pem > sign1-res.xml
-./verify1 sign1-res.xml rsapub.pem
-check_return sign-tmpl
-
-echo "---------------------------------------------------"
-echo "Signing a dynamicaly created template..."
-./sign2 sign2-doc.xml rsakey.pem > sign2-res.xml
-./verify1 sign2-res.xml rsapub.pem
-check_return sign-dynamic-templ
-
-echo "---------------------------------------------------"
-echo "Signing with X509 certificate..."
-./sign3 sign3-doc.xml rsakey.pem rsacert.pem > sign3-res.xml
-./verify3 sign3-res.xml ca2cert.pem cacert.pem
-check_return sign-x509
-
-echo "---------------------------------------------------"
-echo "Verifying a signature with a single key..."
-./verify1 sign1-res.xml rsapub.pem
-./verify1 sign2-res.xml rsapub.pem
-check_return verify-single-key
-
-echo "---------------------------------------------------"
-echo "Verifying a signature with keys manager..."
-./verify2 sign1-res.xml rsapub.pem
-./verify2 sign2-res.xml rsapub.pem
-check_return verify-keys-manager
-
-echo "---------------------------------------------------"
-echo "Verifying a signature with X509 certificates..."
-./verify3 sign3-res.xml ca2cert.pem cacert.pem
-check_return verify-x509
-
-echo "---------------------------------------------------"
-echo "Verifying a signature with additional restrictions..."
-./verify4 verify4-res.xml ca2cert.pem cacert.pem
-check_return verify-res
-
-echo "---------------------------------------------------"
-echo "Encrypting data with a template file..."
-./encrypt1 encrypt1-tmpl.xml deskey.bin > encrypt1-res.xml
-./decrypt1 encrypt1-res.xml deskey.bin
-check_return encrypt-tmpl
-
-echo "---------------------------------------------------"
-echo "Encrypting data with a dynamicaly created template..."
-./encrypt2 encrypt2-doc.xml deskey.bin > encrypt2-res.xml
-./decrypt1 encrypt2-res.xml deskey.bin
-check_return encrypt-dynamic-tmpl
-
-echo "---------------------------------------------------"
-echo "Encrypting data with a session key..."
-./encrypt3 encrypt3-doc.xml rsakey.pem > encrypt3-res.xml
-./decrypt3 encrypt3-res.xml
-check_return encrypt-session-key
-
-echo "---------------------------------------------------"
-echo "Decrypting data with a single key..."
-./decrypt1 encrypt1-res.xml deskey.bin
-./decrypt1 encrypt2-res.xml deskey.bin
-check_return encrypt-single-key
-
-echo "---------------------------------------------------"
-echo "Decrypting data with keys manager..."
-./decrypt2 encrypt1-res.xml deskey.bin
-./decrypt2 encrypt2-res.xml deskey.bin
-check_return encrypt-keys-manager
-
-echo "---------------------------------------------------"
-echo "Writing a custom keys manager..."
-./decrypt3 encrypt1-res.xml
-./decrypt3 encrypt2-res.xml
-check_return write-keys-manager
diff --git a/recipes-security/xmlsec1/xmlsec1/xmlsec1-examples-allow-build-in-separate-dir.patch b/recipes-security/xmlsec1/xmlsec1/xmlsec1-examples-allow-build-in-separate-dir.patch
deleted file mode 100644
index 8b2533e..0000000
--- a/recipes-security/xmlsec1/xmlsec1/xmlsec1-examples-allow-build-in-separate-dir.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 0c38c6864e7ba8f53a657d87894f24374a6a4932 Mon Sep 17 00:00:00 2001
-From: Jackie Huang <jackie.huang@windriver.com>
-Date: Tue, 30 Dec 2014 11:18:17 +0800
-Subject: [PATCH] examples: allow build in separate dir
-
-Upstream-Status: Inappropriate [ OE specific ]
-
-Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
-
----
- examples/Makefile | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/examples/Makefile b/examples/Makefile
-index c1cbcca..3f1bd14 100644
---- a/examples/Makefile
-+++ b/examples/Makefile
-@@ -12,8 +12,10 @@ ifndef CC
- CC = gcc
- endif
-
--CFLAGS += -I../include -g $(shell PKG_CONFIG_PATH=.. pkg-config --cflags xmlsec1 ) -DUNIX_SOCKETS
--LDLIBS += -L../src/.libs -g $(shell PKG_CONFIG_PATH=.. pkg-config --libs xmlsec1 )
-+top_srcdir = ..
-+top_builddir = ..
-+CFLAGS += -I$(top_srcdir)/include -g $(shell PKG_CONFIG_PATH=$(top_srcdir) pkg-config --cflags xmlsec1 ) -DUNIX_SOCKETS
-+LDLIBS += -L$(top_builddir)/src/.libs -g $(shell PKG_CONFIG_PATH=$(top_srcdir) pkg-config --libs xmlsec1 )
-
- DESTDIR = /usr/share/xmlsec1
- install-ptest:
diff --git a/recipes-security/xmlsec1/xmlsec1_1.2.28.bb b/recipes-security/xmlsec1/xmlsec1_1.2.28.bb
deleted file mode 100644
index 0a4c56a..0000000
--- a/recipes-security/xmlsec1/xmlsec1_1.2.28.bb
+++ /dev/null
@@ -1,64 +0,0 @@
-SUMMARY = "XML Security Library is a C library based on LibXML2"
-DESCRIPTION = "\
- XML Security Library is a C library based on \
- LibXML2 and OpenSSL. The library was created with a goal to support major \
- XML security standards "XML Digital Signature" and "XML Encryption". \
- "
-HOMEPAGE = "http://www.aleksey.com/xmlsec/"
-DEPENDS = "libtool libxml2 libxslt zlib"
-
-LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://COPYING;md5=352791d62092ea8104f085042de7f4d0"
-
-SECTION = "libs"
-
-SRC_URI = "http://www.aleksey.com/xmlsec/download/${BP}.tar.gz \
- file://fix-ltmain.sh.patch \
- file://change-finding-path-of-nss.patch \
- file://makefile-ptest.patch \
- file://xmlsec1-examples-allow-build-in-separate-dir.patch \
- file://run-ptest \
- "
-
-SRC_URI[md5sum] = "69b8d95c009a404462e19f335e650241"
-SRC_URI[sha256sum] = "13eec4811ea30e3f0e16a734d1dbf7f9d246a71d540b48d143a07b489f6222d4"
-
-inherit autotools-brokensep ptest pkgconfig
-
-CFLAGS += "-I${STAGING_INCDIR}/nspr4 -I${STAGING_INCDIR}/nss3"
-CPPFLAGS += "-I${STAGING_INCDIR}/nspr4 -I${STAGING_INCDIR}/nss3"
-
-PACKAGECONFIG ??= "gnutls libgcrypt nss openssl des"
-PACKAGECONFIG[gnutls] = ",,gnutls"
-PACKAGECONFIG[libgcrypt] = ",,libgcrypt"
-PACKAGECONFIG[nss] = "--with-nss=${STAGING_LIBDIR}/../.. --with-nspr=${STAGING_LIBDIR}/../..,,nss nspr"
-PACKAGECONFIG[openssl] = ",,openssl"
-PACKAGECONFIG[des] = ",--disable-des,,"
-
-# these can be dynamically loaded with xmlSecCryptoDLLoadLibrary()
-FILES_SOLIBSDEV = "${libdir}/libxmlsec1.so"
-FILES_${PN} += "${libdir}/libxmlsec1-*.so"
-INSANE_SKIP_${PN} = "dev-so"
-
-FILES_${PN}-dev += "${libdir}/xmlsec1Conf.sh"
-FILES_${PN}-dbg += "${PTEST_PATH}/.debug/*"
-
-RDEPENDS_${PN}-ptest += "${PN}-dev"
-INSANE_SKIP_${PN}-ptest += "dev-deps"
-
-PTEST_EXTRA_ARGS = "top_srcdir=${S} top_builddir=${B}"
-
-do_compile_ptest () {
- oe_runmake -C ${S}/examples ${PTEST_EXTRA_ARGS} all
-}
-
-do_install_append() {
- for i in ${bindir}/xmlsec1-config ${libdir}/xmlsec1Conf.sh \
- ${libdir}/pkgconfig/xmlsec1-openssl.pc; do
- sed -i -e "s@${RECIPE_SYSROOT}@@g" ${D}$i
- done
-}
-
-do_install_ptest () {
- oe_runmake -C ${S}/examples DESTDIR=${D}${PTEST_PATH} ${PTEST_EXTRA_ARGS} install-ptest
-}
--
2.17.1


Re: MySql python support in Yocto.

Marek Belisko
 

Hi Mauro,

On Wed, Aug 28, 2019 at 6:14 AM Mauro Ziliani <mauro@faresoftware.it> wrote:

Hi all.

There is some library for MariaDB/MySql in Python3 in Yocto?
You can check: https://layers.openembedded.org/layerindex/recipe/4825/


Best regards.

MZ

--
_______________________________________________
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
BR,

marek

--
as simple and primitive as possible
-------------------------------------------------
Marek Belisko - OPEN-NANDRA
Freelance Developer

Ruska Nova Ves 219 | Presov, 08005 Slovak Republic
Tel: +421 915 052 184
skype: marekwhite
twitter: #opennandra
web: http://open-nandra.com


MySql python support in Yocto.

Mauro Ziliani
 

Hi all.

There is some library for MariaDB/MySql in Python3 in Yocto?


Best regards.

  MZ


[meta-security][PATCH 2/2] ecryptfs-utils: fix race condition in do_install

Chen Qi
 

The rootsbindir is a self-defined directory. The install-rootsbinPROGRAMS
is actually treated as part of install-data instead of install-exec.

Do making install-exec-am depend on it actually results in the following
Makefile contents.

install-data-am: install-rootsbinPROGRAMS
install-exec-am: install-binPROGRAMS install-binSCRIPTS
@$(NORMAL_INSTALL)
$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
install-exec-hook: install-rootsbinPROGRAMS

And this results in race condition as two install commands of the same
file running at the same time. Error message is like below.

TOPDIR/tmp-glibc/hosttools/install: cannot create regular file 'TOPDIR/tmp-glibc/work/aarch64-wrs-linux/ecryptfs-utils/111-r0/image/sbin/mount.ecryptfs': File exists

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
.../ecryptfs-utils/ecryptfs-utils_111.bb | 1 +
.../files/0001-avoid-race-condition.patch | 32 +++++++++++++++++++
2 files changed, 33 insertions(+)
create mode 100644 recipes-security/ecryptfs-utils/files/0001-avoid-race-condition.patch

diff --git a/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb b/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb
index 8e498c9..e45ee0b 100644
--- a/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb
+++ b/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb
@@ -14,6 +14,7 @@ DEPENDS = "keyutils libgcrypt intltool-native glib-2.0-native"
SRC_URI = "\
https://launchpad.net/ecryptfs/trunk/${PV}/+download/${BPN}_${PV}.orig.tar.gz \
file://ecryptfs-utils-CVE-2016-6224.patch \
+ file://0001-avoid-race-condition.patch \
file://ecryptfs.service \
"

diff --git a/recipes-security/ecryptfs-utils/files/0001-avoid-race-condition.patch b/recipes-security/ecryptfs-utils/files/0001-avoid-race-condition.patch
new file mode 100644
index 0000000..af28d58
--- /dev/null
+++ b/recipes-security/ecryptfs-utils/files/0001-avoid-race-condition.patch
@@ -0,0 +1,32 @@
+From ab671b02e3aaf65dd1fd279789ea933b8140fe52 Mon Sep 17 00:00:00 2001
+From: Chen Qi <Qi.Chen@windriver.com>
+Date: Tue, 27 Aug 2019 16:08:00 +0800
+Subject: [PATCH] avoid race condition
+
+The rootsbin directory is self defined. The install-rootsbinPROGRAMS
+is actually treated as part of install-data.
+
+This would avoid race condition which causes install failure.
+
+Upstream-Status: Pending
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ src/utils/Makefile.am | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/utils/Makefile.am b/src/utils/Makefile.am
+index 83cf851..344883a 100644
+--- a/src/utils/Makefile.am
++++ b/src/utils/Makefile.am
+@@ -67,6 +67,6 @@ ecryptfs_stat_LDADD = $(top_builddir)/src/libecryptfs/libecryptfs.la
+ test_SOURCES = test.c io.c
+ test_LDADD = $(top_builddir)/src/libecryptfs/libecryptfs.la
+
+-install-exec-hook: install-rootsbinPROGRAMS
++install-data-hook: install-rootsbinPROGRAMS
+ -rm -f "$(DESTDIR)/$(rootsbindir)/umount.ecryptfs_private"
+ $(LN_S) "mount.ecryptfs_private" "$(DESTDIR)/$(rootsbindir)/umount.ecryptfs_private"
+--
+2.17.1
+
--
2.17.1


[meta-security][PATCH 1/2] ecryptfs-utils: remove openssl PACKAGECONFIG

Chen Qi
 

ecryptfs-utils does not build with openssl1.1.

Previously this openssl PACKAGECONFIG is disabled by default, so
we are not getting build failures by default. But if we enable it,
we get do_compile failure.

This package is from ubuntu source, and the one ubuntu ships does not
depend on openssl. The development of this package has stopped for about
3 years. I don't see it will fix the build offically.

So remove this PACKAGECONFIG and use '--disable-openssl' directly.

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb b/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb
index 1f780f9..8e498c9 100644
--- a/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb
+++ b/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb
@@ -30,13 +30,13 @@ EXTRA_OECONF = "\
--disable-pywrap \
--disable-nls \
--with-pamdir=${base_libdir}/security \
+ --disable-openssl \
"

PACKAGECONFIG ??= "nss \
${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \
"
PACKAGECONFIG[nss] = "--enable-nss,--disable-nss,nss,"
-PACKAGECONFIG[openssl] = "--enable-openssl,--disable-openssl,openssl,"
PACKAGECONFIG[pam] = "--enable-pam,--disable-pam,libpam,"

do_configure_prepend() {
--
2.17.1


Re: Build break in the latest openbmc tree.

Brad Bishop
 

On Sun, 2019-08-25 at 10:49 -0700, akuster808 wrote:
the meta-security layer should be fix now.

please update and let me know if not.
Thanks Armin!

Jae, I've pulled this into OpenBMC. Can you give it a try?

-brad


Re: [meta-mingw] QEMU on thud mingw SDK is broken

Joshua Watt
 

On 8/26/19 9:55 PM, Sinan Kaya wrote:
On 8/26/2019 9:47 PM, Joshua Watt wrote:
No, I don't think that is supported. Just to make sure, did you try
building with

SDKMACHINE = "x86_64-mingw32"

to try building the entire SDK as 64-bit?
Yup, that's what I have been using.

SDKMACHINE = "x86_64-mingw32"
Hmm, we are actually building the mingw-w64 runtime libraries (see meta-mingw/recipes-devtools/mingw-w64), and compiling for 64-bit, so I'm not sure where qemu is getting hung up. Perhaps there is something preventing it from detecting this?



SUMO - XT_NAT module - SNAT, DNAT symbols missing

Prawn Hongs <prawnhongs@...>
 

Hi Everyone,

I am using SUMO Yocto version to build for zynq machine type.
I am facing problems related to CONNTRACK SNAT, DNAT. I want to know in this forum like is there a known issue in the kernel version supported in SUMO.
I have tried various IP table options but I couldn't get the SNAT, DNAT symbols identified. Here is what I am trying - 

# iptables  -A FORWARD -m conntrack --ctstate SNAT,DNAT -j ACCEPT
iptables: No chain/target/match by that name
Here is my lsmod -


$ lsmod
Module                  Size  Used by
iptable_nat            16384  0
nf_conntrack_ipv4      16384  1
nf_defrag_ipv4         16384  1 nf_conntrack_ipv4
nf_nat_ipv4            16384  1 iptable_nat
ipt_MASQUERADE         16384  0
nf_nat_masquerade_ipv4    16384  1 ipt_MASQUERADE
nf_nat                 28672  2 nf_nat_masquerade_ipv4,nf_nat_ipv4
nf_conntrack          139264  5 nf_conntrack_ipv4,ipt_MASQUERADE,nf_nat_masquerade_ipv4,nf_nat_ipv4,nf_nat
iptable_filter         16384  0
ip_tables              20480  2 iptable_filter,iptable_nat
x_tables               24576  3 ip_tables,iptable_filter,ipt_MASQUERADE
fanctl                 45056  0
rtc                    16384  0
cardirq                20480  0
Has anybody faced similar problems? Is it a known problem in the
kernel version supported by SUMO.


Re: wic create - bad ownership of directories inside image

Behnke, Jochen <j.behnke@...>
 

Hi Randy,

 

FYI

I created a completely new poky clone.

Then I set up a config for “genericx86” and built a core-image-minimal

 

Here are the results

1)    Using “thud” branch -> problem persisted

2)    Using “warrior” branch  à problem solved

 

 

Regards

Jochen

 

Von: Behnke, Jochen
Gesendet: Montag, 26. August 2019 10:18
An: 'Randy MacLeod'
Betreff: AW: AW: [yocto] wic create - bad ownership of directories inside image

 

Hi Randy,

 

removing my core-image-minimal.bbappend does not change anything.

I still get the same behavior.

 

Here are my version

poky 2.6.1

 

$ bitbake –version

-> 1.40.0

 

The next step would be to upgrade my poky to the latest version.

Right now I can’t do that, but I’ll give it a try in the next few weeks.

 

Many thanks for your assistance.

 

Regards

Jochen

 

Von: Randy MacLeod [mailto:randy.macleod@...]
Gesendet: Samstag, 24. August 2019 00:21
An: Behnke, Jochen; yocto Mailingliste (yocto@...)
Betreff: Re: AW: [yocto] wic create - bad ownership of directories inside image

 

On 8/22/19 11:23 AM, Behnke, Jochen wrote:

Hello Randy,

thanks for your reponse and sorry for my late reaction.

In order to test, if the problem can be reproduced reliably, I performed a clean rebuild as follows

$ source oe-init-build-env build-tca5-32
$ rm -rf tmp
$ rm -rf sstate-cache
$ bitbake core-image-minimal
$ wic create mkefidisk -e core-image-minmal

I then mounted the resulting image file "mkefidisk-201908221701-sda.direct" using a loopback device (losetup)
Inside the Image all directories have UID/GID 1000/1000, which corresponds to my host user.
Files however have UID/GID 0/0.

Hi Jochen,

I'm not able to reproduce the error, see below (1).

What version of oe-core/bitbake are you using?

I'm using the latest master branches:

oe-core: 64f9fd2a1e quilt: added less to RDEPENDS list
bitbake:  28b3f0d8  runqueue: Optimise build_taskdepdata slightly

 


So the answer to your question is "yes I can reproduce the behavior".

One sidenote
- I am using an appended core-image-minimal not the default

 

 

What is the bbappend? Is it publicly clonable? What happens if you drop that addition?

../Randy

 

(1)

I followed your steps above and mounted my image as follows:

$ fdisk -l mkefidisk-201908230902-sda.direct
Disk mkefidisk-201908230902-sda.direct: 94.4 MiB, 98956288 bytes, 193274 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: 1E5F9B4E-ED8A-4677-82CD-7B146807C145

Device                              Start    End Sectors  Size Type
mkefidisk-201908230902-sda.direct1   2048  51433   49386 24.1M Microsoft basic data
mkefidisk-201908230902-sda.direct2  53248 103127   49880 24.4M Linux filesystem
mkefidisk-201908230902-sda.direct3 103128 193239   90112   44M Linux swap

 

# 53248*512 = 27262976

$ sudo mount -o loop,offset=27262976 ./mkefidisk-201908230902-sda.direct /mnt/loop

$ ls -l /mnt/loop/bin/busybox.nosuid
-rwxr-xr-x 1 root root 625296 Aug 23 11:45 /mnt/loop/bin/busybox.nosuid

$ ls -l /mnt/loop/usr | head -3
total 10
drwxr-xr-x 2 root root 3072 Aug 23 11:52 bin
drwxr-xr-x 2 root root 1024 Aug 23 11:29 games

 

../Randy

- In my other image I am using qt5 (v5.12)



Regards
Jochen

On 8/12/19 5:11 AM, Behnke, Jochen wrote:
> Hello,
>
> I am using poky 2.6.1 (thud) and create images using the wic utility.
>
> Recently I noticed that all directories contained in the created image
> are owned by UID 1000 and not by root. The files inside the image
> however are owned by root.
>
> The UID 1000 refers to my unprivileged user on the host system.
>
> Here is the command I use to create the image
>
> “wic create mkefidisk –e core-image-minimal”
>
> The images created by bitbake directly (.tar.bz2, .hddimg) are correct
> so this seems to be a wic related problem.
>
> Does anybody have a solution for this?

Hi Jochen,

No and I've never seen this particular extreme symptom.

There is a known, generally rare bug:
    Bug 12434 - pseudo: Incorrect UID/GID in packaged files
    https://bugzilla.yoctoproject.org/show_bug.cgi?id=12434
but that usually shows up when building.

You could check you build logs for the generic stings from:

    glibc-locale-2.26: glibc-locale:
    /glibc-binary-localedata-en-gb/usr/lib/locale/en_GB/LC_MEASUREMENT
    is owned by uid 3004, which is the same as the user running bitbake.
    This may be due to host contamination [host-user-contaminated]


Is your issue 100% reproducible?

../Randy


>
> Many thanks in advance, any hint is appreciated.
>
> Regards
>
> Jochen
>
> <gfidisc.SID=010500000000000515000000993c4a7a4675257c8b2de024250d0000>
>
>
> __________________________________
> *SCHMIDT Technology GmbH*
> Feldbergstrasse 1
> 78112 St. Georgen/Germany
> Telefon +49 (0) 77 24 / 89 90
> Fax +49 (0) 77 24 / 89 91 01
> info@... <mailto:info@...>
> http://www.schmidttechnology.de
>
> USt-Id Nr. DE 811725105 · Registergericht Freiburg HRB 600 755
> Geschaeftsfuehrung: Oliver Schmidt, Stephan Schmidt
>
> <gfidisc.SID=010500000000000515000000993c4a7a4675257c8b2de024250d0000>
>
>
>


--
# Randy MacLeod
# Wind River Linux

 

-- 
# Randy MacLeod
# Wind River Linux


Re: Yocto 2.7 SDK Eclipse

Bert Böhne <bert.boehne@...>
 

Hi,

 

I was able to get Eclipse IDE 2019 06 working together with http://downloads.yoctoproject.org/releases/eclipse-plugin/2.6.1/oxygen/. This together with my generated SDK lets me compile and debug (remotely). Maybe it helps someone else…

 

Thanks,

 

Bert

 

Von: Bert Böhne
Gesendet: Mittwoch, 21. August 2019 14:06
An: 'Alexander Kanavin' <alex.kanavin@...>
Cc: yocto@...
Betreff: AW: [yocto] Yocto 2.7 SDK Eclipse

 

OK, thanks. We would like to use Eclipse because we are coming from Windows and it would give us the possibility to code and debug easier or in a more known way.

 

Von: Alexander Kanavin [mailto:alex.kanavin@...]
Gesendet: Mittwoch, 21.
August 2019 12:03
An: Bert Böhne <
bert.boehne@...>
Cc:
yocto@...
Betreff: Re: [yocto] Yocto 2.7 SDK Eclipse

 

On Wed, 21 Aug 2019 at 11:00, Bert Böhne <bert.boehne@...> wrote:

thanks for your reply. Do I need the plugins for writing and debugging code in Eclipse? The documentation says:

 

24.9.11. ADT Removed¶

 

The Application Development Toolkit (ADT) has been removed because its functionality almost completely overlapped with the standard SDK and the extensible SDK. For information on these SDKs and how to build and use them, see the Yocto Project Application Development and the Extensible Software Development Kit (eSDK) manual.

 

So would it work if I use Eclipse and maybe a plugin for CMake? Start Eclipse from the cmdline where I sourced the SDK environment setup script?

 

What is the ‘normal’ way or tool for writing applications? Is it weird to want to use Eclipse?

 

I do not want to define 'normal'; for me personally the way to work is to do everything from command line, with an extremely lightweight editor (e.g. nano). Since I have never used Eclipse, I do not know what the (now removed) plugins actually do. You can certainly still edit code using Eclipse but I can imagine that for building it, and running it and other things you would have to switch to the command line.

 

Alex


Re: WARNING: bluez5-5.50-r0 do_fetch: Failed to fetch URL file://variscite-bt.conf

Zoran
 

BTW, I have created the complete description of this problem!

Best Regards,
Zoran
_______


On Mon, Aug 26, 2019 at 5:23 PM Zoran Stojsavljevic <zoran.stojsavljevic@...> wrote:
Hello Folks,

While doing the following YOCTO build:

Actually, using the latest available tag: thud-fslc-4.14.78-mx6ul-v1.1

I've got the following error, while compiling for both:
bitbake -k fsl-image-gui
bitbake -k fsl-image-qt5

Seems, that the local file: file://variscite-bt.conf is somehow missing?!

I can add this file artificially, but, the question is: why this file is missing???
_______

Transcript follows:
bluez5-5.50-r0 do_fetch: Failed to fetch variscite-bt.conf

Thank you,
Zoran
_______


Re: metadata mismatch between image and package (uninative)

Tim Blechmann <tim@...>
 

i've been able to build by `INHERIT_remove`ing "uninative", but this
feels like a hack.

so i'm wondering: what could cause a reparse error when `uninative` is
enabled?
i think i've tracked down the error:
`uninative_event_enable` extends `PATH`, but only if `UNINATIVE_LOADER`
points to a valid path
https://git.yoctoproject.org/cgit.cgi/poky/tree/meta/classes/uninative.bbclass#n128


`UNINATIVE_LOADER` only points to a valid path after
`uninative_event_fetchloader` succeeds.
https://git.yoctoproject.org/cgit.cgi/poky/tree/meta/classes/uninative.bbclass#n33

but `uninative_event_fetchloader` is only executed during
`bb.event.BuildStarted`, while `uninative_event_enable` is called during
`bb.event.ConfigParsed
`.
https://git.yoctoproject.org/cgit.cgi/poky/tree/meta/classes/uninative.bbclass#n16



afaict this leads to the following situation:
* the initial `uninative_event_enable` "fails", as no `UNINATIVE_LOADER
` path exists
* the recipes are parsed with original `PATH`
* during `BuildStarted`, the `UNINATIVE_LOADER` is populated and
`enable_uninative` is called from `uninative_event_fetchloader`,
extending `PATH`
* reparsing sees a different `PATH`

----

now i'm wondering, what's the correct way to fix this?

thanks a lot,
tim


Re: [meta-mingw] QEMU on thud mingw SDK is broken

Sinan Kaya
 

On 8/26/2019 9:47 PM, Joshua Watt wrote:
No, I don't think that is supported. Just to make sure, did you try
building with

SDKMACHINE = "x86_64-mingw32"

to try building the entire SDK as 64-bit?
Yup, that's what I have been using.

SDKMACHINE = "x86_64-mingw32"


Re: [meta-mingw] QEMU on thud mingw SDK is broken

Joshua Watt
 

On Mon, Aug 26, 2019 at 4:47 PM Sinan Kaya <okaya@kernel.org> wrote:

On 8/26/2019 5:33 PM, Joshua Watt wrote:
On 8/19/19 7:30 AM, Sinan Kaya wrote:
I noticed last week that qemu packaged into mingw sdk is broken while
the qemu in linux sdk works fine.

Qemu crashes very early while launching the kernel boot.
This used to work fine on sumo.

Does anybody see this problem too?
Doesn't look like it. I wasn't aware that QEMU even worked in MinGW in
the first place :)

Is it included in the default SDK, or did you add it manually?
It is included by default similar to Linux SDK. The difference is mingw
one doesn't work :)

I tried cross-compiling QEMU 3.0.0 against mingw32 and didn't have much
luck either.

The only thing that worked is mingw64.

I don't know if we can mix and match ming64 with meta-mingw.
No, I don't think that is supported. Just to make sure, did you try
building with

SDKMACHINE = "x86_64-mingw32"

to try building the entire SDK as 64-bit?


Re: [meta-mingw] QEMU on thud mingw SDK is broken

Sinan Kaya
 

On 8/26/2019 5:33 PM, Joshua Watt wrote:
On 8/19/19 7:30 AM, Sinan Kaya wrote:
I noticed last week that qemu packaged into mingw sdk is broken while
the qemu in linux sdk works fine.

Qemu crashes very early while launching the kernel boot.
This used to work fine on sumo.

Does anybody see this problem too?
Doesn't look like it. I wasn't aware that QEMU even worked in MinGW in
the first place :)

Is it included in the default SDK, or did you add it manually?
It is included by default similar to Linux SDK. The difference is mingw
one doesn't work :)

I tried cross-compiling QEMU 3.0.0 against mingw32 and didn't have much
luck either.

The only thing that worked is mingw64.

I don't know if we can mix and match ming64 with meta-mingw.

7481 - 7500 of 53914