: how to fix "do not ask to insatll a package providing xxxx"?
ouyangxuan10@163.com
Dear all, I build a libarary in other project. And add a bb file in yocto to add to my yocto project, but it appear error. who can tell me how to fix it? thanks, Byron
|
|
[meta-security][PATCH] scap-security-guide: fix build with Python 3.9
Yi Zhao
The getchildren and getiterator functions are deprecated in Python 3.9.
Backport 3 patches to fix the build issue. Fixes: File "/build/tmp/work/cortexa8hf-neon-poky-linux-gnueabi/scap-security-guide/0.1.44+gitAUTOINC+5fdfdcb2e9-r0/git/ssg/build_stig.py", line 41, in add_references index = rule.getchildren().index(ref) AttributeError: 'xml.etree.ElementTree.Element' object has no attribute 'getchildren' Signed-off-by: Yi Zhao <yi.zhao@...> --- ...ated-instance-of-element.getchildren.patch | 43 ++++++++++++++ ...-fix-deprecated-getiterator-function.patch | 58 +++++++++++++++++++ ...etchildren-and-getiterator-functions.patch | 57 ++++++++++++++++++ .../scap-security-guide_git.bb | 3 + 4 files changed, 161 insertions(+) create mode 100644 meta-security-compliance/recipes-openscap/scap-security-guide/files/0001-fix-deprecated-instance-of-element.getchildren.patch create mode 100644 meta-security-compliance/recipes-openscap/scap-security-guide/files/0002-fix-deprecated-getiterator-function.patch create mode 100644 meta-security-compliance/recipes-openscap/scap-security-guide/files/0003-fix-remaining-getchildren-and-getiterator-functions.patch diff --git a/meta-security-compliance/recipes-openscap/scap-security-guide/files/0001-fix-deprecated-instance-of-element.getchildren.patch b/meta-security-compliance/recipes-openscap/scap-security-guide/files/0001-fix-deprecated-instance-of-element.getchildren.patch new file mode 100644 index 0000000..01e3dd6 --- /dev/null +++ b/meta-security-compliance/recipes-openscap/scap-security-guide/files/0001-fix-deprecated-instance-of-element.getchildren.patch @@ -0,0 +1,43 @@ +From e435bf2dc59d652710104a1c59332e410b12bb64 Mon Sep 17 00:00:00 2001 +From: Vojtech Polasek <vpolasek@...> +Date: Mon, 8 Jun 2020 12:33:48 +0200 +Subject: [PATCH] fix deprecated instance of element.getchildren + +Upstream-Status: Backport +[https://github.com/ComplianceAsCode/content/commit/e435bf2dc59d652710104a1c59332e410b12bb64] + +Signed-off-by: Yi Zhao <yi.zhao@...> +--- + ssg/build_remediations.py | 2 +- + ssg/build_stig.py | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/ssg/build_remediations.py b/ssg/build_remediations.py +index fdde0f268..c18d6bd54 100644 +--- a/ssg/build_remediations.py ++++ b/ssg/build_remediations.py +@@ -735,7 +735,7 @@ def expand_xccdf_subs(fix, remediation_type, remediation_functions): + # First concat output form of modified fix text (including text appended + # to all children of the fix) + modfix = [fix.text] +- for child in fix.getchildren(): ++ for child in list(fix): + if child is not None and child.text is not None: + modfix.append(child.text) + modfixtext = "".join(modfix) +diff --git a/ssg/build_stig.py b/ssg/build_stig.py +index 528285f3d..6122981fc 100644 +--- a/ssg/build_stig.py ++++ b/ssg/build_stig.py +@@ -38,7 +38,7 @@ def add_references(reference, destination): + for ref in refs: + if (ref.get('href').startswith(stig_refs) and + ref.text in dictionary): +- index = rule.getchildren().index(ref) ++ index = list(rule).index(ref) + new_ref = ET.Element( + '{%s}reference' % XCCDF11_NS, {'href': stig_ns}) + new_ref.text = dictionary[ref.text] +-- +2.17.1 + diff --git a/meta-security-compliance/recipes-openscap/scap-security-guide/files/0002-fix-deprecated-getiterator-function.patch b/meta-security-compliance/recipes-openscap/scap-security-guide/files/0002-fix-deprecated-getiterator-function.patch new file mode 100644 index 0000000..84271c4 --- /dev/null +++ b/meta-security-compliance/recipes-openscap/scap-security-guide/files/0002-fix-deprecated-getiterator-function.patch @@ -0,0 +1,58 @@ +From b0adc1d53780def4a95e310b6d26bb91ee97177e Mon Sep 17 00:00:00 2001 +From: Vojtech Polasek <vpolasek@...> +Date: Mon, 8 Jun 2020 13:27:41 +0200 +Subject: [PATCH] fix deprecated getiterator function + +Upstream-Status: Backport +[https://github.com/ComplianceAsCode/content/commit/b0adc1d53780def4a95e310b6d26bb91ee97177e] + +Signed-off-by: Yi Zhao <yi.zhao@...> +--- + ssg/build_cpe.py | 6 +++--- + ssg/id_translate.py | 2 +- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/ssg/build_cpe.py b/ssg/build_cpe.py +index 2e5d24a5d..8c046777a 100644 +--- a/ssg/build_cpe.py ++++ b/ssg/build_cpe.py +@@ -17,7 +17,7 @@ def extract_subelement(objects, sub_elem_type): + """ + + for obj in objects: +- for subelement in obj.getiterator(): ++ for subelement in obj.iter(): + if subelement.get(sub_elem_type): + sub_element = subelement.get(sub_elem_type) + return sub_element +@@ -44,12 +44,12 @@ def extract_referred_nodes(tree_with_refs, tree_with_ids, attrname): + reflist = [] + elementlist = [] + +- for element in tree_with_refs.getiterator(): ++ for element in tree_with_refs.iter(): + value = element.get(attrname) + if value is not None: + reflist.append(value) + +- for element in tree_with_ids.getiterator(): ++ for element in tree_with_ids.iter(): + if element.get("id") in reflist: + elementlist.append(element) + +diff --git a/ssg/id_translate.py b/ssg/id_translate.py +index 72b07be18..ba9225904 100644 +--- a/ssg/id_translate.py ++++ b/ssg/id_translate.py +@@ -64,7 +64,7 @@ class IDTranslator(object): + ) + + def translate(self, tree, store_defname=False): +- for element in tree.getiterator(): ++ for element in tree.iter(): + idname = element.get("id") + if idname: + # store the old name if requested (for OVAL definitions) +-- +2.17.1 + diff --git a/meta-security-compliance/recipes-openscap/scap-security-guide/files/0003-fix-remaining-getchildren-and-getiterator-functions.patch b/meta-security-compliance/recipes-openscap/scap-security-guide/files/0003-fix-remaining-getchildren-and-getiterator-functions.patch new file mode 100644 index 0000000..8162292 --- /dev/null +++ b/meta-security-compliance/recipes-openscap/scap-security-guide/files/0003-fix-remaining-getchildren-and-getiterator-functions.patch @@ -0,0 +1,57 @@ +From a0da16c5eeb9a7414f7f2a37a6b270c8d04b2ddf Mon Sep 17 00:00:00 2001 +From: Vojtech Polasek <vpolasek@...> +Date: Mon, 8 Jun 2020 14:01:55 +0200 +Subject: [PATCH] fix remaining getchildren and getiterator functions + +Upstream-Status: Backport +[https://github.com/ComplianceAsCode/content/commit/a0da16c5eeb9a7414f7f2a37a6b270c8d04b2ddf] + +Signed-off-by: Yi Zhao <yi.zhao@...> +--- + build-scripts/sds_move_ocil_to_checks.py | 2 +- + build-scripts/verify_references.py | 2 +- + shared/transforms/pcidss/transform_benchmark_to_pcidss.py | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/build-scripts/sds_move_ocil_to_checks.py b/build-scripts/sds_move_ocil_to_checks.py +index 5f5139659..64dc19084 100755 +--- a/build-scripts/sds_move_ocil_to_checks.py ++++ b/build-scripts/sds_move_ocil_to_checks.py +@@ -106,7 +106,7 @@ def move_ocil_content_from_ds_extended_component_to_ds_component(datastreamtree, + timestamp = extendedcomp.get('timestamp') + + # Get children elements of <ds:extended-component> containing OCIL content +- extchildren = extendedcomp.getchildren() ++ extchildren = list(extendedcomp) + # There should be just one OCIL subcomponent in <ds:extended-component> + if len(extchildren) != 1: + sys.stderr.write("ds:extended-component contains more than one element!" +diff --git a/build-scripts/verify_references.py b/build-scripts/verify_references.py +index 69b3e2d1f..95d387f46 100755 +--- a/build-scripts/verify_references.py ++++ b/build-scripts/verify_references.py +@@ -179,7 +179,7 @@ def main(): + check_content_refs = xccdftree.findall(".//{%s}check-content-ref" + % xccdf_ns) + +- xccdf_parent_map = dict((c, p) for p in xccdftree.getiterator() for c in p) ++ xccdf_parent_map = dict((c, p) for p in xccdftree.iter() for c in p) + # now we can actually do the verification work here + if options.rules_with_invalid_checks or options.all_checks: + for check_content_ref in check_content_refs: +diff --git a/shared/transforms/pcidss/transform_benchmark_to_pcidss.py b/shared/transforms/pcidss/transform_benchmark_to_pcidss.py +index 0ceaf727d..c94b12c45 100755 +--- a/shared/transforms/pcidss/transform_benchmark_to_pcidss.py ++++ b/shared/transforms/pcidss/transform_benchmark_to_pcidss.py +@@ -111,7 +111,7 @@ def main(): + benchmark.findall(".//{%s}Value" % (XCCDF_NAMESPACE)): + values.append(value) + +- parent_map = dict((c, p) for p in benchmark.getiterator() for c in p) ++ parent_map = dict((c, p) for p in benchmark.iter() for c in p) + for rule in \ + benchmark.findall(".//{%s}Rule" % (XCCDF_NAMESPACE)): + parent_map[rule].remove(rule) +-- +2.17.1 + diff --git a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb index f35d769..6e7180f 100644 --- a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb +++ b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb @@ -4,6 +4,9 @@ SRCREV = "5fdfdcb2e95afbd86ace555beca5d20cbf1043ed" SRC_URI = "git://github.com/akuster/scap-security-guide.git;branch=oe-0.1.44; \ file://0001-Fix-XML-parsing-of-the-remediation-functions-file.patch \ file://0002-Fixed-the-broken-fix-when-greedy-regex-ate-the-whole.patch \ + file://0001-fix-deprecated-instance-of-element.getchildren.patch \ + file://0002-fix-deprecated-getiterator-function.patch \ + file://0003-fix-remaining-getchildren-and-getiterator-functions.patch \ " PV = "0.1.44+git${SRCPV}" -- 2.17.1
|
|
Re: how to use meta-cpan layer in a reproducible way?
On 11/4/20 6:29 AM, Robert P. J. Day wrote:
colleague wants to add some perl recipes to a zeus-based image, andright, so usually it means maintainers keep master moving forward and perhaps test with latest release or master or perhaps all releases after the thud branch, you have to ask this question to the maintainers. but yes forking and then branching your development from master is perhaps fine. what is the proper way to take advantage of a layer like this? you
|
|
Re: Reproducible builds and RPM packages
On 2020-11-03 6:16 a.m., Anders
Montonen wrote:
Hi Anders, I haven't played with that for a while but I'm pretty sure the answer is yes, it's intentional. You can read about reproducible
builds here: I don't see it in the documentation yet: but I didn't do more than skim those search results. If you also can't find it in the docs, would you be able to make a first draft of that and contribute to the project? If so please read and ask for guidance on: docs@... Thanks, ../Randy
-- # Randy MacLeod # Wind River Linux
|
|
Re: Removing postinst script in bbappend
Jim Krantz
It's a simple operation. They check for the existence of /etc/apparmor.d/cache. If it doesn't exist, then they create it as a directory. I'm not sure why it can't be moved elsewhere, as we're not the maintainers. I could reach out and find out, though.
On Wed, Nov 4, 2020 at 3:38 PM Alexander Kanavin <alex.kanavin@...> wrote:
|
|
Re: Removing postinst script in bbappend
Alexander Kanavin
The right way would be to fix the recipe I think? What is doing that has to happen only on target and can't be done during do_rootfs? Alex
On Wed, 4 Nov 2020 at 21:19, Jim Krantz <krantzj84@...> wrote:
|
|
Re: Removing postinst script in bbappend
Jim Krantz
The recipe is apparmor, layer is meta-security. We're currently using the 2.x recipe, however the 3.x recipe appears to have the same function.
On Wed, Nov 4, 2020 at 2:32 PM Alexander Kanavin <alex.kanavin@...> wrote:
|
|
Re: Removing postinst script in bbappend
Alexander Kanavin
What recipe is it and what layer is it in? Alex
On Wed 4. Nov 2020 at 19.04, Jim Krantz <krantzj84@...> wrote:
|
|
Removing postinst script in bbappend
Jim Krantz
Hey folks, We're doing builds using Yocto 3.1 and are attempting to revise a recipe from another layer we don't control. The recipe we want to make alterations to is from an open source project, so we'd prefer to not make changes directly to the recipe, rather change it using a bbappend. The issue we're having is that the recipe has a pkg_postinst_ontarget function defined, but we have our filesystem set to read only via 'read-only-rootfs'. The result is a build time failure: 'The following packages could not be configured offline and rootfs is read-only: ['<package>'] Looking at the Yocto code, it appears that this error is detected by checking for the presence of any files in the image rootfs/rpm-postinsts directory. If something is found and the rootfs is read only, then the error above is thrown and the build fails. We also looked at emit_pkgdata() and noted it was checking for the pkg_postinst/pkg_postinst_ontarget globals, so we attempted to add a task that set those to 'None', hoping it would result in the conditional checks for these resolving to 'false', however this did not seem to work either. I'm somewhat new to Yocto, so may have misunderstood how this code is applied. We've also tried simpler solutions, like implementing a blank pkg_postinst_ontarget_{PN} and using deltask, however this also failed. So the question I have is: is there a way for us to remove the pkg_postinst_ontarget_{PN} from the recipe in the original layer using a bbappend file in our layer, so that the read only error is not thrown? Thanks!
|
|
Cmake CROSS COMPILE problem [PLEASE HELP, URGENT]
#sdk
#yocto
#toolchain
Bel Hadj Salem Talel <bhstalel@...>
Hi All,
I'm in serious task here and I need to cross compile a Cmake project. I need to send an SDK to a client with steps to cross compile the project. This project is compiling successfully via a Yocto recipe that inherits cmake. I extracted an SDK from the main image adding TOOLCHAIN_HOST_TASK_append=" nativesdk-cmake" to add the Toolchain cmake file which is located under: /home/talel/Documents/sensesdk/sysroots/x86_64-pokysdk-linux/usr/share/cmake/OEToolchainConfig.cmake : Here is its content: set( CMAKE_SYSTEM_NAME Linux ) set( CMAKE_C_FLAGS $ENV{CFLAGS} CACHE STRING "" FORCE ) set( CMAKE_CXX_FLAGS $ENV{CXXFLAGS} CACHE STRING "" FORCE ) set( CMAKE_ASM_FLAGS ${CMAKE_C_FLAGS} CACHE STRING "" FORCE ) set( CMAKE_LDFLAGS_FLAGS ${CMAKE_CXX_FLAGS} CACHE STRING "" FORCE ) set( CMAKE_SYSROOT $ENV{OECORE_TARGET_SYSROOT} ) set( CMAKE_FIND_ROOT_PATH $ENV{OECORE_TARGET_SYSROOT} ) set( CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER ) set( CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY ) set( CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY ) set( CMAKE_FIND_ROOT_PATH_MODE_PACKAGE ONLY ) set(CMAKE_FIND_LIBRARY_CUSTOM_LIB_SUFFIX "$ENV{OE_CMAKE_FIND_LIBRARY_CUSTOM_LIB_SUFFIX}") # Set CMAKE_SYSTEM_PROCESSOR from the sysroot name (assuming processor-distro-os). if ($ENV{SDKTARGETSYSROOT} MATCHES "/sysroots/([a-zA-Z0-9_-]+)-.+-.+") set(CMAKE_SYSTEM_PROCESSOR ${CMAKE_MATCH_1}) endif() # Include the toolchain configuration subscripts file( GLOB toolchain_config_files "${CMAKE_TOOLCHAIN_FILE}.d/*.cmake" ) foreach(config ${toolchain_config_files}) include(${config}) endforeach() The project is working with gRPC and Protobuf. There is a .cmake files that are responsible for searching for gRPC and Protobuf libs Here is what I tried after sourcing the SDK environment: 1) A simple "cmake .." with no options: Setting build type to 'RelWithDebInfo' as none was specified. -- Toolchain file defaulted to '/home/talel/Documents/sensesdk/sysroots/x86_64-pokysdk-linux/usr/share/cmake/OEToolchainConfig.cmake' -- The C compiler identification is GNU 7.3.0 -- The CXX compiler identification is GNU 7.3.0 -- Check for working C compiler: /home/talel/Documents/sensesdk/sysroots/x86_64-pokysdk-linux/usr/bin/aarch64-poky-linux/aarch64-poky-linux-gcc -- Check for working C compiler: /home/talel/Documents/sensesdk/sysroots/x86_64-pokysdk-linux/usr/bin/aarch64-poky-linux/aarch64-poky-linux-gcc -- works -- Detecting C compiler ABI info -- Detecting C compiler ABI info - done -- Detecting C compile features -- Detecting C compile features - done -- Check for working CXX compiler: /home/talel/Documents/sensesdk/sysroots/x86_64-pokysdk-linux/usr/bin/aarch64-poky-linux/aarch64-poky-linux-g++ -- Check for working CXX compiler: /home/talel/Documents/sensesdk/sysroots/x86_64-pokysdk-linux/usr/bin/aarch64-poky-linux/aarch64-poky-linux-g++ -- works -- Detecting CXX compiler ABI info -- Detecting CXX compiler ABI info - done -- Detecting CXX compile features -- Detecting CXX compile features - done CMake Warning at /home/talel/Documents/sensesdk/sysroots/x86_64-pokysdk-linux/usr/share/cmake-3.16/Modules/FindProtobuf.cmake:499 (message): Protobuf compiler version 3.12.3 doesn't match library version 3.11.4 Call Stack (most recent call first): CMakeLists.txt:23 (find_package) -- Found Protobuf: /home/talel/Documents/sensesdk/sysroots/aarch64-poky-linux/usr/lib/libprotobuf.so;-lpthread (found version "3.11.4") -- Could NOT find gRPC (missing: GRPC_CPP_PLUGIN) -- Configuring done -- Generating done -- Build files have been written to: /home/talel/Desktop/sense_software_2/build protobuf is found, but not gRPC, now when I make: make[2]: *** No rule to make target 'GRPC_CPP_PLUGIN-NOTFOUND', needed by 'protos/sense_api_settings.grpc.pb.cc'. Stop. CMakeFiles/Makefile2:734: recipe for target 'protos/CMakeFiles/sense_api_settings_grpc.dir/all' failed make[1]: *** [protos/CMakeFiles/sense_api_settings_grpc.dir/all] Error 2 Makefile:129: recipe for target 'all' failed make: *** [all] Error 2 I searched for a solution and I added the -DCMAKE_PREFIX_PATH=/home/talel/Documents/sensesdk/sysroots/aarch64-poky-linux/usr option to my SDK rootfs Here is the result of cmake..: -- Check for working C compiler: /home/talel/Documents/sensesdk/sysroots/x86_64-pokysdk-linux/usr/bin/aarch64-poky-linux/aarch64-poky-linux-gcc -- broken CMake Error at /home/talel/Documents/sensesdk/sysroots/x86_64-pokysdk-linux/usr/share/cmake-3.16/Modules/CMakeTestCCompiler.cmake:60 (message): The C compiler "/home/talel/Documents/sensesdk/sysroots/x86_64-pokysdk-linux/usr/bin/aarch64-poky-linux/aarch64-poky-linux-gcc" is not able to compile a simple test program. It fails with the following output: Change Dir: /home/talel/Desktop/sense_software_2/build/CMakeFiles/CMakeTmp Run Build Command(s):/home/talel/Documents/sensesdk/sysroots/aarch64-poky-linux/usr/bin/make cmTC_2a27c/fast && /home/talel/Documents/sensesdk/sysroots/aarch64-poky-linux/usr/bin/make: 1: /home/talel/Documents/sensesdk/sysroots/aarch64-poky-linux/usr/bin/make: Syntax error: word unexpected (expecting ")") I tried to add C and CXX options : -DCMAKE_C_COMPILER_WORKS=1 -DCMAKE_CXX_COMPILER_WORKS=1: Now it shows this: /home/talel/Documents/sensesdk/sysroots/aarch64-poky-linux/usr/bin/protoc: 1: /home/talel/Documents/sensesdk/sysroots/aarch64-poky-linux/usr/bin/protoc: ELF�@2@8: not found /home/talel/Documents/sensesdk/sysroots/aarch64-poky-linux/usr/bin/protoc: 2: /home/talel/Documents/sensesdk/sysroots/aarch64-poky-linux/usr/bin/protoc: Syntax error: ")" unexpected CMake Warning at /home/talel/Documents/sensesdk/sysroots/x86_64-pokysdk-linux/usr/share/cmake-3.16/Modules/FindProtobuf.cmake:499 (message): Protobuf compiler version doesn't match library version 3.11.4 and now when I make same error ; syntax error in protobuf Here is the main CMakeLists: cmake_minimum_required (VERSION 3.5)
set(ex_ver "01")
# Set a default build type if none was specified
if(NOT CMAKE_BUILD_TYPE AND NOT CMAKE_CONFIGURATION_TYPES)
message("Setting build type to 'RelWithDebInfo' as none was specified.")
set(CMAKE_BUILD_TYPE RelWithDebInfo CACHE STRING "Choose the type of build." FORCE)
# Set the possible values of build type for cmake-gui
set_property(CACHE CMAKE_BUILD_TYPE PROPERTY STRINGS "Debug" "Release"
"MinSizeRel" "RelWithDebInfo")
endif()
project(ex VERSION ${ex_ver})
# set the C++ standard to C++ 11
set(CMAKE_CXX_STANDARD 11)
list(APPEND CMAKE_MODULE_PATH ${PROJECT_SOURCE_DIR}/cmake)
include(CompileProtos)
set(protobuf_MODULE_COMPATIBLE TRUE)
find_package(Protobuf REQUIRED)
#find_package(gRPC REQUIRED)
set(_PROTOBUF_LIBPROTOBUF protobuf::libprotobuf)
if(CMAKE_CROSSCOMPILING)
find_program(_PROTOBUF_PROTOC protoc)
find_program(_gRPC_CPP_PLUGIN grpc_cpp_plugin)
else()
set(_PROTOBUF_PROTOC $<TARGET_FILE:protobuf::protoc>)
endif()
#message(STATUS "Using protobuf ${protobuf_VERSION}")
# Find gRPC installation
# Looks for gRPCConfig.cmake file installed by gRPC's cmake installation.
find_package(GRPC REQUIRED)
set(_GRPC_GRPCPP_REFLECTION gRPC::grpc++_reflection)
if(CMAKE_CROSSCOMPILING)
find_program(_GRPC_CPP_PLUGIN_EXECUTABLE grpc_cpp_plugin)
else()
set(_GRPC_CPP_PLUGIN_EXECUTABLE $<TARGET_FILE:gRPC::grpc_cpp_plugin>)
endif()
# uncomment for PC
#find_package(fmt REQUIRED)
#add_compile_definitions(SPDLOG_FMT_EXTERNAL)
#Add sub-directories
add_subdirectory(protos)
add_subdirectory(systemd)
add_subdirectory(certs)
add_subdirectory(services)
add_subdirectory(lib)
add_subdirectory(tools)
add_subdirectory(core)
Help me please on this. It is really urgent, I tried a lot. Thanks, Talel
|
|
Re: [meta-security][PATCH 2/2] clamav: unify volatiles file name
merged
toggle quoted messageShow quoted text
thanks
On 11/2/20 1:11 AM, Yi Zhao wrote:
Make the volatiles file name starts with digital.
|
|
Re: [meta-security][PATCH 1/2] suricata: unify volatiles file name
On 11/2/20 1:11 AM, Yi Zhao wrote:
Make the volatiles file name starts with digital.merged thanks
|
|
how to use meta-cpan layer in a reproducible way?
Robert P. J. Day
colleague wants to add some perl recipes to a zeus-based image, and
found the meta-cpan layer, which contains a number of desired recipes, but the structure of that layer seems a bit sparse. first, here's the entire set of branches: $ git branch -a * master thud remotes/origin/HEAD -> origin/master remotes/origin/daisy remotes/origin/jethro remotes/origin/jethro-next remotes/origin/master remotes/origin/master-next remotes/origin/rocko remotes/origin/thud $ where you can see that the branches jump from thud to master with nothing in between, so there is no "zeus" branch to focus on. also, there are absolutely no tags. finally, it seems that the recipes simply upgrade versions arbitrarily, all on the master branch, so if you grabbed the "master" version of any recipe, there's no telling when it might change, which makes reproducibility a bit iffy. what is the proper way to take advantage of a layer like this? you can't even use PREFERRED_VERSION for a given recipe since you can never predict when that version will suddenly disappear from the master branch. i imagine the best approach is to simply clone the layer, check it out to a specific commit ID that works for all desired recipes, and just leave it there. or just individually copy each version of each recipe one wants into a local layer (yuck). thoughts? rday
|
|
Why is the base-files recipe different?
Morten Bruun
Hi, I'm trying to install different fstab files based on the image being built. As far as I can tell this should be possible by using BBCLASSEXTEND. The error I get is: Error: Transaction check error: file /etc/fstab conflicts between attempted installs of base-files-foo-3.0.14-r89.raspberrypi3 and base-files-3.0.14-r89.raspberrypi3 If I do the exact same thing with the iptables recipe - it works perfectly. Why is base-files different? Any help is much appreciated, Morten Here is what I have done: ----------------------------------- Created foo.class: CLASSOVERRIDE .= ":class-foo" python foo_virtclass_handler () { # Do nothing if this is inherited, as it's for BBCLASSEXTEND if "foo" not in (d.getVar('BBCLASSEXTEND') or ""): bb.error("Don't inherit foo, use BBCLASSEXTEND") return # Restore BPN bpn = d.getVar('BPN') newbpn = bpn.replace('-foo', '') d.setVar('BPN', newbpn) # Use default FILESPATH searching for patches and files filespath = d.getVar('FILESPATH', True) newfilespath = filespath.replace('-foo', '') d.setVar('FILESPATH', newfilespath) } addhandler foo_virtclass_handler foo_virtclass_handler[eventmask] = "bb.event.RecipePreFinalise" ============================================================ Added base-files_3.0.14.bbappend: FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" BBCLASSEXTEND = "foo" SRC_URI_append_class-foo = " file://fstab.foo " do_install_append_class-foo () { install -d ${D}${sysconfdir} install -m 644 ${WORKDIR}/fstab.foo ${D}${sysconfdir}/fstab } ============================================================ Added my fstab.foo in the base-files directory next to the .bbappend file. Added IMAGE_INSTALL += "base-files-foo" to my local.conf. ============================================================
|
|
[ANNOUNCEMENT] Yocto Project 3.2 (Gatesgarth 24.0.0) is Released
Vineela
Hello,
We are pleased to announce the Yocto Project 3.2 (gatesgarth-24.0.0) Release is now available for download. http://downloads.yoctoproject.org/releases/yocto/yocto-3.2/poky-gatesgarth-24.0.0.tar.bz2 http://mirrors.kernel.org/yocto/yocto/yocto-3.2/poky-gatesgarth-24.0.0.tar.bz2 A gpg signed version of these release notes is available at: http://downloads.yoctoproject.org/releases/yocto/yocto-3.2/RELEASENOTES Full Test Report: http://downloads.yoctoproject.org/releases/yocto/yocto-3.2/testreport.txt Thank you for everyone's contributions to this release. Vineela Tummalapalli Yocto Project Build and Release vineela.tummalapalli@... -------------------------- yocto-3.2 Release Notes -------------------------- -------------------------- Repositories/Downloads -------------------------- Repository Name: poky Repository Location: https://git.yoctoproject.org/git/poky Branch: gatesgarth Tag: yocto-3.2 Git Revision: 5d75168a13d00253460020e536b2a87833ec67d2 Release Artefact: poky-gatesgarth-24.0.0 sha: fcc8598b398b454782db8c98e225e5a9ec3ff630f30b75c1a695fd0279700780 Download Locations: http://downloads.yoctoproject.org/releases/yocto/yocto-3.2/poky-gatesgarth-24.0.0.tar.bz2 http://mirrors.kernel.org/yocto/yocto/yocto-3.2/poky-gatesgarth-24.0.0.tar.bz2 Repository Name: openembedded-core Repository Location: https://git.openembedded.org/openembedded-core Branch: gatesgarth Tag: 2020-10-gatesgarth Git Revision: d3114ca369792201a5316c1ede29eb72f0868d35 Release Artefact: oecore-gatesgarth-24.0.0 sha: 33f202d1414662f55f33fd675b01d727c9d94f9352aa851582dd633d9a583874 Download Locations: http://downloads.yoctoproject.org/releases/yocto/yocto-3.2/oecore-gatesgarth-24.0.0.tar.bz2 http://mirrors.kernel.org/yocto/yocto/yocto-3.2/oecore-gatesgarth-24.0.0.tar.bz2 Repository Name: meta-mingw Repository Location: https://git.yoctoproject.org/git/meta-mingw Branch: gatesgarth Tag: yocto-3.2 Git Revision: d2809d7c93bdb46014e1f8b3b0a4f42030078905 Release Artefact: meta-mingw-gatesgarth-24.0.0 sha: 2b13ae27fd8faaf8826122d50bdbe8c729535193eeffebc25f95f0550ff6093b Download Locations: http://downloads.yoctoproject.org/releases/yocto/yocto-3.2/meta-mingw-gatesgarth-24.0.0.tar.bz2 http://mirrors.kernel.org/yocto/yocto/yocto-3.2/meta-mingw-gatesgarth-24.0.0.tar.bz2 Repository Name: meta-gplv2 Repository Location: https://git.yoctoproject.org/git/meta-gplv2 Branch: gatesgarth Tag: yocto-3.2 Git Revision: 6e8e969590a22a729db1ff342de57f2fd5d02d43 Release Artefact: meta-gplv2-gatesgarth-24.0.0 sha: 3910b54110319557ea98d95c09d5466ec827a7406213cef3bf3a3d588dca3def Download Locations: http://downloads.yoctoproject.org/releases/yocto/yocto-3.2/meta-gplv2-gatesgarth-24.0.0.tar.bz2 http://mirrors.kernel.org/yocto/yocto/yocto-3.2/meta-gplv2-gatesgarth-24.0.0.tar.bz2 Repository Name: bitbake Repository Location: https://git.openembedded.org/bitbake Branch: gatesgarth Tag: 2020-10-gatesgarth Git Revision: fec2b85689bba1d26ad6f376bc11cc29bb27cbe5 Release Artefact: bitbake-gatesgarth-24.0.0 sha: b01aa8f31e7b6fd267424f085d80fba46c9a8ead30a3aa5d9c944ad2bd053412 Download Locations: http://downloads.yoctoproject.org/releases/yocto/yocto-3.2/bitbake-gatesgarth-24.0.0.tar.bz2 http://mirrors.kernel.org/yocto/yocto/yocto-3.2/bitbake-gatesgarth-24.0.0.tar.bz2 -------------- Contributors -------------- Thanks to the following people who contributed to this release: Adrian Bunk Adrian Freihofer Akira Shibakawa Alejandro del Castillo Alejandro Hernandez Alexander Kanavin Alexandru N. Onea Alex Kiernan Alistair Francis Anatol Belski Andreas Müller Andrei Gherzan Andrej Valek Andrew Geissler Andrey Zhizhikin Aníbal Limón Anton Eliasson Anuj Mittal Armin Kuster Arthur She Bartłomiej Burdukiewicz Bartosz Golaszewski Benjamin Fair Bjarne Michelsen Bruce Ashfield Chandana kalluri Changhyeok Bae Changqing Li Charlie Davies Chen Qi Chris Laplante Christian Eggers Christophe GUIBOUT Daisuke Yamane Damian Wrobel Dan Callaghan Daniel Ammann Daniel Díaz Daniel Gomez Daniel Klauer Daniel McGregor David Khouya David Reyna De Huo Denys Dmytriyenko Diego Rondini Diego Sueiro Dmitry Baryshkov Domarys Correa Douglas Royds Drew Moseley Fabio Berton Frazer Clews Fredrik Gustafsson Geoff Parker Gregor Zatko Guillaume Champagne Haiqing Bai Hannu Lounento He Zhe Hongxu Jia Jacob Kroon Jan Luebbe Jan Vermaete Jan-Simon Moeller Jason Wessel Jean-Francois Dagenais Jens Rehsack Jeremy Puhlman Joe Slater Jonathan Richardson Jon Mason Joshua Watt Junling Zheng Kai Kang Kamil Dziezyk Kevin Hao Khairul Rohaizzat Jamaluddin Khasim Mohammed Khem Raj Konrad Weihmann Kurt Kiefer Lee Chee Yang Leif Middelschulte Lili Li Li Wang Liwei Song Marco Felsch Marek Vasut Mark Hatle Mark Jonas Mark Morton Martin Jansa Matt Madison Mauro Queirós Maxime Roussin-Bélanger Max Krummenacher Michael Gloff Michael Ho Michael Thalmeier Michael Tretter Mikko Rapeli Ming Liu Mingde (Matthew) Zeng Mingli Yu Naoki Hayama Naoto Yamaguchi Nathan Rossi Naveen Saini Neil Armstrong Nicolas Dechesne Norman Stetter Oleksandr Kravchuk Oleksandr Popovych Otavio Salvador Ovidiu Panait Patrick Vacek Paul Barker Paul Eggleton Peter A. Bigot Peter Bergin Peter Kjellerstedt Petr Vorel Pierre-Jean Texier Quentin Schulz Rahul Kumar Ralph Siemsen Randy MacLeod Rasmus Villemoes Ricardo Ribalda Delgado Ricardo Salveti Richard Leitner Richard Purdie Robert P. J. Day Robert Yang Roland Hieber Ross Burton Ryan Rowe Sakib Sajal Samuli Piippo Saul Wold Sourabh Banerjee Stacy Gaikovaia Stefan Agner Stephen Jolley Steve Sakoman Sumit Garg Tanu Kaskinen Taras Kondratiuk Teoh Jay Shen Timon Ulrich Tim Orling Trevor Gamblin Tuomas Salokanto Tyler Hicks Usama Arif Valentin Longchamp Vasyl Vavrychuk Victor Kamensky Vijai Kumar K Vineela Tummalapalli Vyacheslav Yurkov Wang Mingyu Wenlin Kang Yanfei Xu Yann Dirson Yeoh Ee Peng Yi Zhao Yoann Congal Yongxin Liu Yuki Hoshino Zang Ruochen Zhang Qiang Zhaolong Zhang Zheng Ruoqin Zhixiong Chi Zoltan Boszormenyi ----------------------------- New Features / Enhancements ----------------------------- * Linux kernel 5.8, gcc 10.2, glibc 2.32 and ~245 other recipe upgrades * New recipes: boost-build-native, dhcpcd, go-binary-native, help2man, igt-gpu-tools, init-system-helpers, kea, libhandy, libmodulemd, libuv, libva-initial, log4cplus, python3-cython, python3-dbusmock, python3-pyparsing * Minimum host gcc version is now 6 * Replaced obsolete dhcp with dhcpcd (client) and kea (server) * New baremetal-image class for baremetal applications or an RTOS * Enabled pseudo path filtering for improved reliability and slightly less overhead in fakeroot environment * New go-binary-native providing binary Go (faster bootstrap and supports ARM hosts) * New go-mod class for `go mod` support * Extended recipes to native: libexif, libnl * Architecture / machine-specific enhancements: - Add tune files for cortexa55 and cortexa73-cortexa53 - Add tune files for cortexa57 (now default for qemuarm64) - Add tune files for cortex-m0 and cortex-m0plus - armv8/tunes: Set TUNE_PKGARCH_64 based on ARMPKGARCH - arch-armv8-2a.inc: add tune include for armv8.2a - tune-cortexa57-cortexa53.inc: add CRC and set march - qemumips: change to 64 TLBs in CPU model which improves test performance by 40% - siteinfo: Recognize 32bit PPC LE - armv8/tunes: Add tunes for supported ARMv8a cores - armv8/tunes: Add tunes for supported ARMv8.2a cores - libucontext: Recognise riscv32 architecture - dpkg: Add riscv32 CPU support - lttng-tools & lttng-ust now work on riscv64 - linux-yocto/beaglebone: Switch to sdhci-omap driver - libucontext: Bring in mips/mips64 support - packagegroup-core-tools-profile: bring in perf for musl on ARM * Kernel-related changes: - Allow dangling KERNEL_FEATURES - Enhanced configuration queue analysis capabilities - Allow promotion of configuration warnings to errors - Add KBUILD_DEFCONFIG search location to failure message - kernel-yocto: split meta data gathering into patch and config phases to allow patching of in-tree configuration - netfilter: Enable nat for ipv4 and ipv6 * bitbake improvements: - BBMASK can now be set per configuration in multiconfig - Support \ in file:// URLs in SRC_URI - Support spaces in git:// URLs in SRC_URI - Added an inverse mode to BBFILES_DYNAMIC (! prefix) to e.g. backfill recipes for a missing layer - deltask statement can now take multiple task names - Significant improvement in get_file_layer() performance (as used by bitbake-layers and buildhistory) - When a shell function fails, print a backtrace with the function's original metadata location - Filename/line number information now emitted for shell functions (e.g. in run.* files) - Prefix the log data with pid/time information - Note when commands complete in logs - Show command exceptions in the server log as well - perforce: add basic progress handler - perforce: add local path handling SRC_URI options - New bb.event.RecipePostKeyExpansion event (used to support multilib) - Improved performance with large numbers of files in SRC_URI - Several refactoring efforts aimed at improving startup performance and reliability * wic image creator improvements: - rootfs: added --change-directory argument (similar to tar -C) - rootfs: do not error out if path in --exclude-path does not exist to make it easier to reuse .wks among different projects - rootfs: added an optional destination argument to --include-path - Added --offset argument for partitions - bootimg-efi: added support for IMAGE_BOOT_FILES - bootimg-efi: added IMAGE_EFI_BOOT_FILES variable to separate bootimg-efi and bootimg-partition - Added 512-byte (i.e. sector) alignment to --offset when s/S suffix is used - image_types: declare support for wic.zst * Image related changes: - New image-artifact-names class to centralise image artifact naming variable defaults - New IMAGE_LOG_CHECK_EXCLUDES to allow excluding false-positive messages in log_check processing - New IMAGE_LOCALES_ARCHIVE variable prevent locale archive creation * qemu/runqemu enhancements: - qemu: enable pass-through GL acceleration when 'opengl' is in DISTRO_FEATURES - runqemu: add QB_ROOTFS_EXTRA_OPT parameter - runqemu: If using a vmtype image do not add the -no-reboot flag - qemuboot: Add QB_RNG variable to allow overriding random number generation * SDK related changes: - packagegroup-go-sdk-target: Add go to packagegroup - oe-publish-sdk: add --keep-orig option - New ESDK_MANIFEST_EXCLUDES variable to exclude configuration files from sdk-conf-manifest in extensible SDK - Extended recipes to nativesdk: bmap-tools, btrfs-tools, cpio, dosfstools, glib-networking, kmod, libexif, libnl, librsvg, libsoup-2.4, parted, pbzip2, serf, subversion, tiff * Name of multiconfig now added to BUILDCFG_HEADER when multiconfig is active (as printed at build startup) * New PACKAGECONFIG options in apr-util, curl, file, gdk-pixbuf, glibc, gstreamer1.0-plugins-bad, igt-gpu-tools, iputils, kmod, libva, mesa, net-tools, openssh, perf, qemu, rpm, weston, weston-init * Added ability to inject "minidebuginfo" into packaged binaries (PACKAGE_MINIDEBUGINFO = "1") * libva: enabled build without opengl in DISTRO_FEATURES * Add ability to enable VAAPI support in mesa (via new libva-initial bootstrap recipe) * u-boot: introduce UBOOT_INITIAL_ENV * u-boot: support merging .cfg files for UBOOT_CONFIG * buildhistory improvements: - Add simplistic file move detection - Record PACKAGECONFIG - Record SRC_URI * Packaging changes: - systemd: split systemd specific udev rules into its own package - linux-firmware: package nvidia firmware - linux-firmware: package marvel sdio 8997 firmware - linux-firmware: add ice for Intel E800 series driver - linux-firmware: add ibt-20 package - linux-firmware: add qcom-venus-{5.2,5.4} packages - linux-firmware: add Amlogic VDEC firmware package - iptables: split iptables-apply to its own package - timezone: include leap second data in tzdata-core * weston-init improvements: - Enable RDP screen sharing - Allow setting idle time to 0 for kiosk usage / debugging - Add environment file support for systemd unit file - Explicitly select drm/fbdev backends for qemu machines (drm by default for qemuarm64/qemux86/qemux86-64, otherwise fbdev) * buildtools improvements: - Handle generic environment setup injection (environment-setup.d) - Added python3-jinja2 to support resulttool - Added libstc++.a and libgomp-dev to buildtools-extended-tarball - install-buildtools: remove hardcoded x86-64 architecture - install-buildtools: add option to disable checksum validation * Package QA check changes: - Added test for shebang line length - Promoted a number of checks from warning to error - Check for missing update-alternatives inherit - Check for missing features_check inherit - Improved messages for "arch" check * Testing related improvements: - Enabled ptests for bzip2, expat, libinput, glib-networking - New buildall-qemu script to automate build testing a recipe for all qemu MACHINEs - oeqa/runtime: Add OERequirePackage decorator - qemurunner: Add extra debug info when qemu fails to start - testimage: enable ovmf support - testimage: add an overall timeout setting - testresults.json: add duration of the tests as well - resulttool/log: Add ability to dump ltp logs as well as ptest - Call dump_target() when SSH target reports "no route to host" * Licensing related improvements: - Symlink to the current image license manifest dir under tmp/deploy/licenses - Added BSD-2-Clause-Patent common license file - Added Unlicense common license file - Added PSF-2.0 common license file * kernel-fitimage: build configuration for image tree when dtb is not present * kernel-fitimage: generate openssl RSA keys for signing fitimage * systemd-conf: Accept MTU from DHCP * cmake: allow chainloading of the toolchain file * curl: enable producing debug info for curl-dbg package * initramfs-framework: check successful mount using mountpoint (allows rootfs module to be used with OSTree) * Several optimisations to improve SSH host key generation for openssh & dropbear * cve-update-db-native: add progress handler * cve-check: introduce CVE_CHECK_RECIPE_FILE variable to allow changing of per-recipe check file * cve-check: add CVE_CHECK_REPORT_PATCHED variable to suppress reporting of patched CVEs * cml1: New KCONFIG_CONFIG_ROOTDIR variable to specify the .config root dir * base.bbclass: warn when there is trailing slash in S or B variables * busybox: enable rev and pgrep commands * New EXTRA_OEWAF_BUILD and EXTRA_OEWAF_INSTALL variables for passing extra build / install arguments to waf * New WAF_PYTHON variable to specify python interpreter to use for waf per-recipe * sysvinit-inittab: Add support for tty devices with 10 or more number. * devtool: finish: support BBFILES_DYNAMIC when finding original recipe location * uninative: Handle PREMIRRORS generically * externalsrc: allow multiple tasks to execute in parallel if S != B * rng-tools: Restrict rngd when running as systemd service * help2man: rewrite recipe so it can also be built for the target * graph-tool: add filter subcommand * boost: optimised build * grub: Remove native version of grub-efi (use grub-native instead, which is functionally the same) * rpm: disable libarchive dependency by default * init-ifupdown: always make machine-specific - ------------- Known Issues - ------------- failure in ptest : valgrind.drd and valgrind.helgrind ----------------- Recipe Licenses ----------------- The following corrections have been made to the LICENSE values set by recipes: * avahi: fixed the per-package LICENSE values for libavahi-client package (LGPLv2.1+) * gdk-pixbuf: LGPLv2.1 -> LGPLv2.1+ * gnutls: with help from upstream, the license text in some source files was corrected to match the documentation (i.e. the library itself is LGPLv2.1+). LICENSE already reflected this. * util-linux: set per-package LICENSE values for libblkid, libfdisk, libmount, libsmartcols (all LGPLv2.1+), and libuuid (BSD-3-Clause) ------------------------ Migration instructions ------------------------ For details on changes that you might need to make when migrating to the Yocto Project 3.2 release from previous releases, please see the following manual section: http://www.yoctoproject.org/docs/3.2/ref-manual/ref-manual.html#moving-to-the-yocto-project-3.2-release ---------------- Security Fixes ---------------- * bash: CVE-2019-18276 * bind: CVE-2020-8616, CVE-2020-8617, CVE-2020-8622, CVE-2020-8623, CVE-2020-8624 * bison: CVE-2020-24979, CVE-2020-24980 * curl: CVE-2020-8169, CVE-2020-8177 * gcc: CVE-2020-13844 * ghostscript: CVE-2020-15900 * glibc: CVE-2020-6096 * glib-networking: CVE-2020-13645 * gnupg: CVE-2020-25125 * gnutls: CVE-2020-24659 * grub2: CVE-2020-10713 * icu: CVE-2020-10531 * json-c: CVE-2020-12762 * libproxy: CVE-2020-25219 * librsvg: CVE-2019-20446 * libxml2: CVE-2020-24977 * openssl: CVE-2020-1967 * python3: CVE-2020-8492 * qemu: CVE-2020-10761, CVE-2020-11869, CVE-2020-13361, CVE-2020-13362, CVE-2020-13659, CVE-2020-13791, CVE-2020-13800, CVE-2020-14364, CVE-2020-15863 * re2c: CVE-2020-11958 * sqlite: CVE-2020-11655, CVE-2020-11656 * systemd: CVE-2020-13776 * wpa-supplicant: CVE-2020-12695 ----------------- Recipe Upgrades ----------------- * acpica 20200430 -> 20200717 * adwaita-icon-theme 3.34.3 -> 3.36.1 * alsa-lib 1.2.1.2 -> 1.2.3.2 * alsa-plugins 1.2.1 -> 1.2.2 * alsa-tools 1.1.7 -> 1.2.2 * alsa-topology-conf 1.2.1 -> 1.2.3 * alsa-ucm-conf 1.2.1.2 -> 1.2.3 * alsa-utils 1.2.1 -> 1.2.3 * alsa-utils-scripts 1.2.1 -> 1.2.3 * apt 1.2.31 -> 1.8.2.1 * asciidoc 8.6.9+py3-gitX -> 9.0.2 * at-spi2-atk 2.34.1 -> 2.34.2 * at-spi2-core 2.34.0 -> 2.36.1 * atk 2.34.1 -> 2.36.0 * automake 1.16.1 -> 1.16.2 * avahi 0.7 -> 0.8 * babeltrace2 2.0.2 -> 2.0.3 * bash-completion 2.10 -> 2.11 * bind 9.11.22 -> 9.16.7 * binutils 2.34 -> 2.35 * bison 3.5.3 -> 3.7.2 * bmap-tools 3.5+gitX (db7087b883...) -> 3.5+gitX (a17f0e3ff8...) * boost 1.72.0 -> 1.74.0 * bootchart2 0.14.8+gitX -> 0.14.9 * btrfs-tools 5.4.1 -> 5.7 * busybox 1.31.1 -> 1.32.0 * busybox-inittab 1.31.0 -> 1.32.0 * ca-certificates 20190110 -> 20200601 * ccache 3.7.7 -> 3.7.11 * clutter-1.0 1.26.2 -> 1.26.4 * cmake 3.16.5 -> 3.18.2 * cogl-1.0 1.22.4 -> 1.22.8 * connman 1.37 -> 1.38 * coreutils 8.31 -> 8.32 * createrepo-c 0.15.7 -> 0.16.0 * cross-localedef-native 2.31+gitX -> 2.32 * cryptodev-linux 1.10 -> 1.11 * cryptodev-module 1.10 -> 1.11 * cryptodev-tests 1.10 -> 1.11 * cups 2.3.1 -> 2.3.3 * curl 7.69.1 -> 7.72.0 * dbus 1.12.16 -> 1.12.20 * dbus-test 1.12.16 -> 1.12.20 * debianutils 4.9.1 -> 4.11.1 * desktop-file-utils 0.24 -> 0.26 * diffoscope 136 -> 160 * dnf 4.2.2 -> 4.2.23 * dpkg 1.19.7 -> 1.20.5 * dropbear 2019.78 -> 2020.80 * e2fsprogs 1.45.4 -> 1.45.6 * ed 1.15 -> 1.16 * elfutils 0.178 -> 0.180 * enchant2 2.2.8 -> 2.2.9 * epiphany 3.34.4 -> 3.36.4 * ethtool 5.4 -> 5.8 * ffmpeg 4.2.2 -> 4.3.1 * file 5.38 -> 5.39 * font-alias 1.0.3 -> 1.0.4 * freetype 2.10.1 -> 2.10.2 * fribidi 1.0.9 -> 1.0.10 * gawk 5.0.1 -> 5.1.0 * gcc 9.3.0 -> 10.2.0 * gcr 3.34.0 -> 3.36.0 * gdb 9.1 -> 9.2 * gdb-cross 9.1 -> 9.2 * gdb-cross-canadian 9.1 -> 9.2 * gettext 0.20.1 -> 0.21 * git 2.24.3 -> 2.28.0 * glib-2.0 2.62.6 -> 2.64.5 * glib-networking 2.62.4 -> 2.64.3 * glibc 2.31+gitX -> 2.32 * gnu-config 20200117+gitX -> 20200831+gitX * gnu-efi 3.0.11 -> 3.0.12 * gnupg 2.2.20 -> 2.2.23 * go 1.14.7 -> 1.15.2 * gobject-introspection 1.62.0 -> 1.64.1 * gpgme 1.13.1 -> 1.14.0 * gptfdisk 1.0.4 -> 1.0.5 * gsettings-desktop-schemas 3.36.0 -> 3.36.1 * gtk+3 3.24.14 -> 3.24.22 * harfbuzz 2.6.4 -> 2.7.2 * icu 66.1 -> 67.1 * iproute2 5.5.0 -> 5.8.0 * iptables 1.8.4 -> 1.8.5 * iputils s20190709 -> s20200821 * iso-codes 4.4 -> 4.5.0 * iw 5.4 -> 5.8 * jquery 3.4.1 -> 3.5.1 * json-c 0.13.1 -> 0.15 * kbd 2.2.0 -> 2.3.0 * kern-tools-native 0.2+gitX (c66833e1ca...) -> 0.2+gitX (df4390b18a...) * kmod 26 -> 27 * kmscube git (76bb57d539...) -> git (4660a7dca6...) * less 551 -> 562 * libarchive 3.4.2 -> 3.4.3 * libcap 2.32 -> 2.43 * libcap-ng 0.7.10 -> 0.7.11 * libcap-ng-python 0.7.10 -> 0.7.11 * libcheck 0.14.0 -> 0.15.2 * libdazzle 3.34.1 -> 3.36.0 * libdnf 0.28.1 -> 0.48.0 * libdrm 2.4.101 -> 2.4.102 * libevdev 1.8.0 -> 1.9.1 * libevent 2.1.11 -> 2.1.12 * libgcc 9.3.0 -> 10.2.0 * libgcc-initial 9.3.0 -> 10.2.0 * libgcrypt 1.8.5 -> 1.8.6 * libgfortran 9.3.0 -> 10.2.0 * libgloss 3.2.0 -> 3.3.0 * libgpg-error 1.37 -> 1.39 * libical 3.0.7 -> 3.0.8 * libinput 1.15.2 -> 1.16.1 * libjpeg-turbo 2.0.4 -> 2.0.5 * libksba 1.3.5 -> 1.4.0 * libmpc 1.1.0 -> 1.2.0 * libnotify 0.7.8 -> 0.7.9 * libnsl2 1.2.0+gitX -> 1.3.0 * libpcre2 10.34 -> 10.35 * libpipeline 1.5.2 -> 1.5.3 * libpsl 0.21.0 -> 0.21.1 * librepo 1.11.2 -> 1.12.1 * libsecret 0.20.1 -> 0.20.3 * libsolv 0.7.10 -> 0.7.14 * libsoup-2.4 2.68.4 -> 2.70.0 * libunwind 1.3.1 -> 1.4.0 * liburcu 0.11.1 -> 0.12.1 * libusb1 1.0.22 -> 1.0.23 * libva 2.6.1 -> 2.8.0 * libva-utils 2.6.0 -> 2.8.0 * libvorbis 1.3.6 -> 1.3.7 * libwpe 1.4.0.1 -> 1.7.1 * libx11 1.6.9 -> 1.6.12 * libxcb 1.13.1 -> 1.14 * libxcrypt 4.4.15 -> 4.4.17 * libxcrypt-compat 4.4.15 -> 4.4.17 * libyaml 0.2.2 -> 0.2.5 * linux-libc-headers 5.4 -> 5.8 * linux-yocto 5.4.69+gitX -> 5.4.69+gitX, 5.8.13+gitX * linux-yocto-dev 5.6-rc++gitX -> 5.9-rc++gitX * linux-yocto-rt 5.4.69+gitX -> 5.4.69+gitX, 5.8.13+gitX * linux-yocto-tiny 5.4.69+gitX -> 5.4.69+gitX, 5.8.13+gitX * llvm 9.0.1 -> 10.0.1 * logrotate 3.15.1 -> 3.17.0 * ltp 20200120 -> 20200515 * lttng-modules 2.11.6 -> 2.12.2 * lttng-tools 2.11.5 -> 2.12.2 * lttng-ust 2.11.2 -> 2.12.0 * man-db 2.9.0 -> 2.9.3 * man-pages 5.05 -> 5.08 * mc 4.8.23 -> 4.8.25 * mesa 20.0.2 -> 20.1.8 * mesa-gl 20.0.2 -> 20.1.8 * meson 0.53.2 -> 0.55.1 * mpfr 4.0.2 -> 4.1.0 * mpg123 1.25.13 -> 1.26.3 * msmtp 1.8.7 -> 1.8.12 * mtd-utils 2.1.1 -> 2.1.2 * mtools 4.0.23 -> 4.0.24 * musl 1.2.0+gitX -> 1.2.1+gitX * nasm 2.14.02 -> 2.15.05 * net-tools 1.60-26 -> 1.60-20181103+gitX * nettle 3.5.1 -> 3.6 * newlib 3.2.0 -> 3.3.0 * nfs-utils 2.4.3 -> 2.5.1 * ninja 1.10.0 -> 1.10.1 * opensbi 0.6 -> 0.8 * openssh 8.2p1 -> 8.3p1 * opkg 0.4.2 -> 0.4.3 * opkg-utils 0.4.2 -> 0.4.3 * ovmf edk2-stable201911 -> edk2-stable202005 * p11-kit 0.23.20 -> 0.23.21 * pango 1.44.7 -> 1.46.2 * patchelf 0.10 -> 0.12 * pciutils 3.6.4 -> 3.7.0 * perl 5.30.1 -> 5.32.0 * piglit 1.0+gitrX (6126c2d4e4...) -> 1.0+gitrX (2a6a8f954d...) * pixman 0.38.4 -> 0.40.0 * pkgconf 1.6.3 -> 1.7.3 * popt 1.16 -> 1.18 * powertop 2.10 -> 2.13 * ppp 2.4.7 -> 2.4.8 * pseudo 1.9.0+gitX (060058bb29...) -> 1.9.0+gitX (cca0d7f15b...) * ptest-runner 2.3.2+gitX -> 2.4.0+gitX * puzzles 0.0+gitX (79a5378b5a...) -> 0.0+gitX (9aa7b7cdfb...) * python3 3.8.2 -> 3.8.5 * python3-git 3.0.5 -> 3.1.7 * python3-gitdb 2.0.6 -> 4.0.5 * python3-magic 0.4.15 -> 0.4.18 * python3-mako 1.1.1 -> 1.1.3 * python3-numpy 1.17.4 -> 1.19.1 * python3-pycairo 1.19.0 -> 1.19.1 * python3-pycryptodome 3.9.7 -> 3.9.8 * python3-pycryptodomex 3.9.7 -> 3.9.8 * python3-pygments 2.5.2 -> 2.6.1 * python3-pygobject 3.34.0 -> 3.36.1 * python3-setuptools 45.2.0 -> 49.6.0 * python3-six 1.14.0 -> 1.15.0 * python3-smmap 2.0.5 -> 3.0.4 * python3-subunit 1.3.0 -> 1.4.0 * python3-testtools 2.3.0 -> 2.4.0 * qemu 4.2.0 -> 5.1.0 * re2c 1.0.1 -> 2.0.3 * resolvconf 1.82 -> 1.83 * rng-tools 6.9 -> 6.10 * rpcsvc-proto 1.4+gitX -> 1.4.2 * rpm 4.14.2.1 -> 4.15.1 * rsync 3.1.3 -> 3.2.3 * shared-mime-info 1.15 -> 2.0 * sqlite3 3.31.1 -> 3.33.0 * strace 5.5 -> 5.8 * stress-ng 0.11.17 -> 0.11.21 * subversion 1.13.0 -> 1.14.0 * sudo 1.8.31 -> 1.9.3 * sysklogd 2.1.1 -> 2.1.2 * sysstat 12.2.1 -> 12.4.0 * systemd 244.3 -> 246.6 * systemd-boot 244.3 -> 246.2 * systemd-conf 244.3 -> 246.1 * systemtap 4.2 -> 4.3 * systemtap-uprobes 4.2 -> 4.3 * sysvinit 2.96 -> 2.97 * tzcode-native 2020a -> 2020b * tzdata 2020a -> 2020b * u-boot 2020.01 -> 2020.07 * u-boot-tools 2020.01 -> 2020.07 * util-linux 2.35.1 -> 2.36 * vala 0.46.6 -> 0.48.9 * valgrind 3.15.0 -> 3.16.1 * vte 0.58.3 -> 0.60.3 * vulkan-demos git (6d63dc32c3...) -> git (4818f85916...) * vulkan-headers 1.1.126.0 -> 1.2.135.0 * vulkan-loader 1.1.126.0 -> 1.2.135.0 * vulkan-tools 1.1.126.0 -> 1.2.135.0 * waffle 1.6.0 -> 1.6.1 * watchdog 5.15 -> 5.16 * webkitgtk 2.28.2 -> 2.28.4 * weston 8.0.0 -> 9.0.0 * wpebackend-fdo 1.4.1 -> 1.7.1 * x264 r2991+gitX -> r3011+gitX * xcb-proto 1.13 -> 1.14 * xev 1.2.3 -> 1.2.4 * xf86-input-libinput 0.29.0 -> 0.30.0 * xinetd 2.3.15 -> 2.3.15.4 * xkeyboard-config 2.28 -> 2.30 * xorgproto 2019.2 -> 2020.1 * xserver-xorg 1.20.8 -> 1.20.9 * xz 5.2.4 -> 5.2.5
|
|
Re: [meta-security][PATCH 1/2] softHSM: add pkg
On 11/3/20 2:52 PM, Ricardo Salveti wrote:
Hi,No. meta-oe is lower in the stack so I should drop the one in meta-security and update the one in meta-oe. I didn't notice the recipe already existed. its all about timing and effort at this point. we may have time. thanks for reminding me. -armin
|
|
Re: [meta-security][PATCH 1/2] softHSM: add pkg
Ricardo Salveti
Hi,
On Sun, Sep 27, 2020 at 7:16 PM akuster <akuster808@...> wrote: Was going over recipes that were duplicated over layers, and this one is a newer version of a similar recipe that is already in meta-oe (which is a dependency of this layer). Should we drop the one from meta-oe or should we just update that one with the content from this recipe and then remove from meta-security? Thanks, -- Ricardo Salveti
|
|
[meta-security][PATCH] samhain: update to 4.4.2
refresh a few patches too
Signed-off-by: Armin Kuster <akuster808@...> --- ...-avoid-searching-host-for-postgresql.patch | 15 ++--- .../samhain-configure-add-option-for-ps.patch | 66 +++++++++---------- recipes-ids/samhain/samhain.inc | 13 ++-- 3 files changed, 42 insertions(+), 52 deletions(-) diff --git a/recipes-ids/samhain/files/samhain-avoid-searching-host-for-postgresql.patch b/recipes-ids/samhain/files/samhain-avoid-searching-host-for-postgresql.patch index 6bf67e0..a84229e 100644 --- a/recipes-ids/samhain/files/samhain-avoid-searching-host-for-postgresql.patch +++ b/recipes-ids/samhain/files/samhain-avoid-searching-host-for-postgresql.patch @@ -10,11 +10,11 @@ Signed-off-by: Jackie Huang <jackie.huang@...> configure.ac | 101 +++-------------------------------------------------------- 1 file changed, 5 insertions(+), 96 deletions(-) -diff --git a/configure.ac b/configure.ac -index a224c68..f658d53 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1278,90 +1278,11 @@ AC_ARG_WITH(database, +Index: samhain-4.4.2/configure.ac +=================================================================== +--- samhain-4.4.2.orig/configure.ac ++++ samhain-4.4.2/configure.ac +@@ -1290,90 +1290,11 @@ AC_ARG_WITH(database, AC_DEFINE(WITH_POSTGRES) AC_DEFINE(WITH_DATABASE) # @@ -110,7 +110,7 @@ index a224c68..f658d53 100644 LIBS="$LIBS -L${PGSQL_LIB_DIR} -lpq -lm" if test x"$enable_static" = xyes; then LIBS="$LIBS -L${PGSQL_LIB_DIR} -lpq -lcrypt -lm" -@@ -1370,18 +1291,6 @@ AC_ARG_WITH(database, +@@ -1382,18 +1303,6 @@ AC_ARG_WITH(database, fi # CFLAGS="$CFLAGS -I${PGSQL_INC_DIR}" CPPFLAGS="$CPPFLAGS -I${PGSQL_INC_DIR}" @@ -129,6 +129,3 @@ index a224c68..f658d53 100644 fi elif test "x${withval}" = "xodbc"; then AC_MSG_CHECKING(for odbc in /usr /usr/local ODBC_HOME) --- -2.11.0 - diff --git a/recipes-ids/samhain/files/samhain-configure-add-option-for-ps.patch b/recipes-ids/samhain/files/samhain-configure-add-option-for-ps.patch index 8de0735..7e7f86e 100644 --- a/recipes-ids/samhain/files/samhain-configure-add-option-for-ps.patch +++ b/recipes-ids/samhain/files/samhain-configure-add-option-for-ps.patch @@ -14,29 +14,14 @@ to avoid host contamination. Upstream-Status: Inappropriate [cross compile specific] Signed-off-by: Jackie Huang <jackie.huang@...> ---- - aclocal.m4 | 2 +- - configure.ac | 60 ++++++++++-------------------------------------------------- - 2 files changed, 11 insertions(+), 51 deletions(-) +[AK: refactored for 4.4.3] +Signed-off-by: Armin Kuster <akuster808@...> -diff --git a/aclocal.m4 b/aclocal.m4 -index a2e59a6..cd20a2f 100644 ---- a/aclocal.m4 -+++ b/aclocal.m4 -@@ -409,7 +409,7 @@ x_includes=NONE - x_libraries=NONE - DESTDIR= - SH_ENABLE_OPTS="selinux posix-acl asm ssp db-reload xml-log message-queue login-watch process-check port-check mounts-check logfile-monitor userfiles debug ptrace static network udp nocl stealth micro-stealth install-name identity khide suidcheck base largefile mail external-scripts encrypt srp dnmalloc ipv6 shellexpand suid" --SH_WITH_OPTS="prelude libprelude-prefix database libwrap cflags libs console altconsole timeserver alttimeserver rnd egd-socket port logserver altlogserver kcheck gpg keyid checksum fp recipient sender trusted tmp-dir config-file log-file pid-file state-dir data-file html-file" -+SH_WITH_OPTS="prelude libprelude-prefix database libwrap cflags libs console altconsole timeserver alttimeserver rnd egd-socket port logserver altlogserver kcheck gpg keyid checksum fp recipient sender trusted tmp-dir config-file log-file pid-file state-dir data-file html-file ps-path" - - # Installation directory options. - # These are left unexpanded so users can "make install exec_prefix=/foo" -diff --git a/configure.ac b/configure.ac -index 5910b1f..8c3e087 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -730,56 +730,16 @@ then +Index: samhain-4.4.2/configure.ac +=================================================================== +--- samhain-4.4.2.orig/configure.ac ++++ samhain-4.4.2/configure.ac +@@ -743,56 +743,16 @@ then fi AC_CHECK_HEADERS(gmp.h) @@ -55,7 +40,16 @@ index 5910b1f..8c3e087 100644 - AC_MSG_ERROR([Cannot find ps in any of /usr/ucb /bin /usr/bin]) -fi -AC_DEFINE_UNQUOTED([PSPATH], _("$PS"), [Path to ps]) -- ++AC_ARG_WITH(ps-path, ++ [ --with-ps-path=PATH set path to ps command ], ++ [ ++ if test "x${withval}" != xno; then ++ pspath="${withval}" ++ AC_DEFINE_UNQUOTED([PSPATH], _("${pspath}"), [Path to ps]) ++ AC_DEFINE_UNQUOTED([PSARG], _("ax"), [Argument for ps]) ++ fi ++ ]) + -AC_MSG_CHECKING([how to use ps]) -$PS ax >/dev/null 2>&1 -if test $? -eq 0; then @@ -90,19 +84,19 @@ index 5910b1f..8c3e087 100644 - PSARG="-e" -fi -AC_DEFINE_UNQUOTED([PSARG], _("$PSARG"), [Argument for ps]) -+AC_ARG_WITH(ps-path, -+ [ --with-ps-path=PATH set path to ps command ], -+ [ -+ if test "x${withval}" != xno; then -+ pspath="${withval}" -+ AC_DEFINE_UNQUOTED([PSPATH], _("${pspath}"), [Path to ps]) -+ AC_DEFINE_UNQUOTED([PSARG], _("ax"), [Argument for ps]) -+ fi -+ ]) -+ AC_MSG_RESULT([$PS $PSARG]) dnl ***************************************** --- -1.9.1 - +Index: samhain-4.4.2/aclocal.m4 +=================================================================== +--- samhain-4.4.2.orig/aclocal.m4 ++++ samhain-4.4.2/aclocal.m4 +@@ -409,7 +409,7 @@ x_includes=NONE + x_libraries=NONE + DESTDIR= + SH_ENABLE_OPTS="selinux posix-acl asm ssp db-reload xml-log message-queue login-watch process-check port-check mounts-check logfile-monitor userfiles debug ptrace static network udp nocl stealth micro-stealth install-name identity khide suidcheck base largefile mail external-scripts encrypt srp dnmalloc ipv6 shellexpand suid" +-SH_WITH_OPTS="prelude libprelude-prefix database libwrap cflags libs console altconsole timeserver alttimeserver rnd egd-socket port logserver altlogserver signify pubkey-checksum gpg keyid checksum fp recipient sender trusted tmp-dir config-file log-file pid-file state-dir data-file html-file" ++SH_WITH_OPTS="prelude libprelude-prefix database libwrap cflags libs console altconsole timeserver alttimeserver rnd egd-socket port logserver altlogserver kcheck gpg keyid checksum fp recipient sender trusted tmp-dir config-file log-file pid-file state-dir data-file html-file ps-path" + + # Installation directory options. + # These are left unexpanded so users can "make install exec_prefix=/foo" diff --git a/recipes-ids/samhain/samhain.inc b/recipes-ids/samhain/samhain.inc index b867bbc..3b4aab9 100644 --- a/recipes-ids/samhain/samhain.inc +++ b/recipes-ids/samhain/samhain.inc @@ -3,9 +3,12 @@ HOMEPAGE = "http://www.la-samhna.de/samhain/" LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://LICENSE;md5=8ca43cbc842c2336e835926c2166c28b" -PV = "4.3.3" +PV = "4.4.2" -SRC_URI = "http://la-samhna.de/archive/samhain_signed-${PV}.tar.gz \ +SRC_URI = "https://la-samhna.de/archive/samhain_signed-${PV}.tar.gz \ + file://${INITSCRIPT_NAME}.init \ + file://${INITSCRIPT_NAME}.default \ + file://samhain.service \ file://samhain-mips64-aarch64-dnmalloc-hash-fix.patch \ file://samhain-samhainrc.patch \ file://samhain-samhainrc-fix-files-dirs-path.patch \ @@ -15,13 +18,9 @@ SRC_URI = "http://la-samhna.de/archive/samhain_signed-${PV}.tar.gz \ file://samhain-avoid-searching-host-for-postgresql.patch \ file://samhain-add-LDFLAGS-variable-for-samhain_setpwd.patch \ file://fix-build-with-new-version-attr.patch \ - file://${INITSCRIPT_NAME}.init \ - file://${INITSCRIPT_NAME}.default \ - file://samhain.service \ " -SRC_URI[md5sum] = "7be46ae7d03f53ba21afafd41cff8926" -SRC_URI[sha256sum] = "33ad4bc3dad4699694553bd9635a6b5827939f965d1f0f05fce0b4e9cdadf21b" +SRC_URI[sha256sum] = "2bb2750b32646be32517d0b2259402559c72b96979800f6c33774fcdea327fff" UPSTREAM_CHECK_URI = "https://www.la-samhna.de/samhain/archive.html" UPSTREAM_CHECK_REGEX = "samhain_signed-(?P<pver>(\d+(\.\d+)+))\.tar" -- 2.17.1
|
|
Re: #yocto -zeus
#yocto
Monsees, Steven C (US)
Thanks, that was my issue... did not read it carefully enough. Keep in mind zeus is totally different from rock... running down multiple issues, sorry, I appreciate the your time/help, thanks again... Anything else in that patch valid for potential issues in zeus 3.0.4 ?
|
|
Re: #yocto -zeus
#yocto
Martin Jansa
> I was use using https... that is a typo, sorry... Then fix your typo and it will work, but I think you didn't read what I wrote carefully enough, see the url in the log you pasted: zeus: URL gitsm://github.com/tianocore/edk2.git;branch=master;protocol=git You were supposed to change only protocol parameter as it was done in: https://git.openembedded.org/openembedded-core/commit/?h=c4301758f5a1560965ca5fb69eb1492adf351ed0not the name of the bitbake fetcher to use (from 'gitsm://' to 'https://')
On Tue, Nov 3, 2020 at 4:46 PM Monsees, Steven C (US) via lists.yoctoproject.org <steven.monsees=baesystems.com@...> wrote: I was use using https... that is a typo, sorry...
|
|