Date   

[meta-security][PATCH] scap-security-guide: fix build with Python 3.9

Yi Zhao
 

The getchildren and getiterator functions are deprecated in Python 3.9.
Backport 3 patches to fix the build issue.

Fixes:
File
"/build/tmp/work/cortexa8hf-neon-poky-linux-gnueabi/scap-security-guide/0.1.44+gitAUTOINC+5fdfdcb2e9-r0/git/ssg/build_stig.py",
line 41, in add_references
index = rule.getchildren().index(ref)
AttributeError: 'xml.etree.ElementTree.Element' object has no attribute 'getchildren'

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
...ated-instance-of-element.getchildren.patch | 43 ++++++++++++++
...-fix-deprecated-getiterator-function.patch | 58 +++++++++++++++++++
...etchildren-and-getiterator-functions.patch | 57 ++++++++++++++++++
.../scap-security-guide_git.bb | 3 +
4 files changed, 161 insertions(+)
create mode 100644 meta-security-compliance/recipes-openscap/scap-security-guide/files/0001-fix-deprecated-instance-of-element.getchildren.patch
create mode 100644 meta-security-compliance/recipes-openscap/scap-security-guide/files/0002-fix-deprecated-getiterator-function.patch
create mode 100644 meta-security-compliance/recipes-openscap/scap-security-guide/files/0003-fix-remaining-getchildren-and-getiterator-functions.patch

diff --git a/meta-security-compliance/recipes-openscap/scap-security-guide/files/0001-fix-deprecated-instance-of-element.getchildren.patch b/meta-security-compliance/recipes-openscap/scap-security-guide/files/0001-fix-deprecated-instance-of-element.getchildren.patch
new file mode 100644
index 0000000..01e3dd6
--- /dev/null
+++ b/meta-security-compliance/recipes-openscap/scap-security-guide/files/0001-fix-deprecated-instance-of-element.getchildren.patch
@@ -0,0 +1,43 @@
+From e435bf2dc59d652710104a1c59332e410b12bb64 Mon Sep 17 00:00:00 2001
+From: Vojtech Polasek <vpolasek@redhat.com>
+Date: Mon, 8 Jun 2020 12:33:48 +0200
+Subject: [PATCH] fix deprecated instance of element.getchildren
+
+Upstream-Status: Backport
+[https://github.com/ComplianceAsCode/content/commit/e435bf2dc59d652710104a1c59332e410b12bb64]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ ssg/build_remediations.py | 2 +-
+ ssg/build_stig.py | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/ssg/build_remediations.py b/ssg/build_remediations.py
+index fdde0f268..c18d6bd54 100644
+--- a/ssg/build_remediations.py
++++ b/ssg/build_remediations.py
+@@ -735,7 +735,7 @@ def expand_xccdf_subs(fix, remediation_type, remediation_functions):
+ # First concat output form of modified fix text (including text appended
+ # to all children of the fix)
+ modfix = [fix.text]
+- for child in fix.getchildren():
++ for child in list(fix):
+ if child is not None and child.text is not None:
+ modfix.append(child.text)
+ modfixtext = "".join(modfix)
+diff --git a/ssg/build_stig.py b/ssg/build_stig.py
+index 528285f3d..6122981fc 100644
+--- a/ssg/build_stig.py
++++ b/ssg/build_stig.py
+@@ -38,7 +38,7 @@ def add_references(reference, destination):
+ for ref in refs:
+ if (ref.get('href').startswith(stig_refs) and
+ ref.text in dictionary):
+- index = rule.getchildren().index(ref)
++ index = list(rule).index(ref)
+ new_ref = ET.Element(
+ '{%s}reference' % XCCDF11_NS, {'href': stig_ns})
+ new_ref.text = dictionary[ref.text]
+--
+2.17.1
+
diff --git a/meta-security-compliance/recipes-openscap/scap-security-guide/files/0002-fix-deprecated-getiterator-function.patch b/meta-security-compliance/recipes-openscap/scap-security-guide/files/0002-fix-deprecated-getiterator-function.patch
new file mode 100644
index 0000000..84271c4
--- /dev/null
+++ b/meta-security-compliance/recipes-openscap/scap-security-guide/files/0002-fix-deprecated-getiterator-function.patch
@@ -0,0 +1,58 @@
+From b0adc1d53780def4a95e310b6d26bb91ee97177e Mon Sep 17 00:00:00 2001
+From: Vojtech Polasek <vpolasek@redhat.com>
+Date: Mon, 8 Jun 2020 13:27:41 +0200
+Subject: [PATCH] fix deprecated getiterator function
+
+Upstream-Status: Backport
+[https://github.com/ComplianceAsCode/content/commit/b0adc1d53780def4a95e310b6d26bb91ee97177e]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ ssg/build_cpe.py | 6 +++---
+ ssg/id_translate.py | 2 +-
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/ssg/build_cpe.py b/ssg/build_cpe.py
+index 2e5d24a5d..8c046777a 100644
+--- a/ssg/build_cpe.py
++++ b/ssg/build_cpe.py
+@@ -17,7 +17,7 @@ def extract_subelement(objects, sub_elem_type):
+ """
+
+ for obj in objects:
+- for subelement in obj.getiterator():
++ for subelement in obj.iter():
+ if subelement.get(sub_elem_type):
+ sub_element = subelement.get(sub_elem_type)
+ return sub_element
+@@ -44,12 +44,12 @@ def extract_referred_nodes(tree_with_refs, tree_with_ids, attrname):
+ reflist = []
+ elementlist = []
+
+- for element in tree_with_refs.getiterator():
++ for element in tree_with_refs.iter():
+ value = element.get(attrname)
+ if value is not None:
+ reflist.append(value)
+
+- for element in tree_with_ids.getiterator():
++ for element in tree_with_ids.iter():
+ if element.get("id") in reflist:
+ elementlist.append(element)
+
+diff --git a/ssg/id_translate.py b/ssg/id_translate.py
+index 72b07be18..ba9225904 100644
+--- a/ssg/id_translate.py
++++ b/ssg/id_translate.py
+@@ -64,7 +64,7 @@ class IDTranslator(object):
+ )
+
+ def translate(self, tree, store_defname=False):
+- for element in tree.getiterator():
++ for element in tree.iter():
+ idname = element.get("id")
+ if idname:
+ # store the old name if requested (for OVAL definitions)
+--
+2.17.1
+
diff --git a/meta-security-compliance/recipes-openscap/scap-security-guide/files/0003-fix-remaining-getchildren-and-getiterator-functions.patch b/meta-security-compliance/recipes-openscap/scap-security-guide/files/0003-fix-remaining-getchildren-and-getiterator-functions.patch
new file mode 100644
index 0000000..8162292
--- /dev/null
+++ b/meta-security-compliance/recipes-openscap/scap-security-guide/files/0003-fix-remaining-getchildren-and-getiterator-functions.patch
@@ -0,0 +1,57 @@
+From a0da16c5eeb9a7414f7f2a37a6b270c8d04b2ddf Mon Sep 17 00:00:00 2001
+From: Vojtech Polasek <vpolasek@redhat.com>
+Date: Mon, 8 Jun 2020 14:01:55 +0200
+Subject: [PATCH] fix remaining getchildren and getiterator functions
+
+Upstream-Status: Backport
+[https://github.com/ComplianceAsCode/content/commit/a0da16c5eeb9a7414f7f2a37a6b270c8d04b2ddf]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ build-scripts/sds_move_ocil_to_checks.py | 2 +-
+ build-scripts/verify_references.py | 2 +-
+ shared/transforms/pcidss/transform_benchmark_to_pcidss.py | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/build-scripts/sds_move_ocil_to_checks.py b/build-scripts/sds_move_ocil_to_checks.py
+index 5f5139659..64dc19084 100755
+--- a/build-scripts/sds_move_ocil_to_checks.py
++++ b/build-scripts/sds_move_ocil_to_checks.py
+@@ -106,7 +106,7 @@ def move_ocil_content_from_ds_extended_component_to_ds_component(datastreamtree,
+ timestamp = extendedcomp.get('timestamp')
+
+ # Get children elements of <ds:extended-component> containing OCIL content
+- extchildren = extendedcomp.getchildren()
++ extchildren = list(extendedcomp)
+ # There should be just one OCIL subcomponent in <ds:extended-component>
+ if len(extchildren) != 1:
+ sys.stderr.write("ds:extended-component contains more than one element!"
+diff --git a/build-scripts/verify_references.py b/build-scripts/verify_references.py
+index 69b3e2d1f..95d387f46 100755
+--- a/build-scripts/verify_references.py
++++ b/build-scripts/verify_references.py
+@@ -179,7 +179,7 @@ def main():
+ check_content_refs = xccdftree.findall(".//{%s}check-content-ref"
+ % xccdf_ns)
+
+- xccdf_parent_map = dict((c, p) for p in xccdftree.getiterator() for c in p)
++ xccdf_parent_map = dict((c, p) for p in xccdftree.iter() for c in p)
+ # now we can actually do the verification work here
+ if options.rules_with_invalid_checks or options.all_checks:
+ for check_content_ref in check_content_refs:
+diff --git a/shared/transforms/pcidss/transform_benchmark_to_pcidss.py b/shared/transforms/pcidss/transform_benchmark_to_pcidss.py
+index 0ceaf727d..c94b12c45 100755
+--- a/shared/transforms/pcidss/transform_benchmark_to_pcidss.py
++++ b/shared/transforms/pcidss/transform_benchmark_to_pcidss.py
+@@ -111,7 +111,7 @@ def main():
+ benchmark.findall(".//{%s}Value" % (XCCDF_NAMESPACE)):
+ values.append(value)
+
+- parent_map = dict((c, p) for p in benchmark.getiterator() for c in p)
++ parent_map = dict((c, p) for p in benchmark.iter() for c in p)
+ for rule in \
+ benchmark.findall(".//{%s}Rule" % (XCCDF_NAMESPACE)):
+ parent_map[rule].remove(rule)
+--
+2.17.1
+
diff --git a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb
index f35d769..6e7180f 100644
--- a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb
+++ b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb
@@ -4,6 +4,9 @@ SRCREV = "5fdfdcb2e95afbd86ace555beca5d20cbf1043ed"
SRC_URI = "git://github.com/akuster/scap-security-guide.git;branch=oe-0.1.44; \
file://0001-Fix-XML-parsing-of-the-remediation-functions-file.patch \
file://0002-Fixed-the-broken-fix-when-greedy-regex-ate-the-whole.patch \
+ file://0001-fix-deprecated-instance-of-element.getchildren.patch \
+ file://0002-fix-deprecated-getiterator-function.patch \
+ file://0003-fix-remaining-getchildren-and-getiterator-functions.patch \
"
PV = "0.1.44+git${SRCPV}"

--
2.17.1


Re: how to use meta-cpan layer in a reproducible way?

Khem Raj
 

On 11/4/20 6:29 AM, Robert P. J. Day wrote:
colleague wants to add some perl recipes to a zeus-based image, and
found the meta-cpan layer, which contains a number of desired recipes,
but the structure of that layer seems a bit sparse.
first, here's the entire set of branches:
$ git branch -a
* master
thud
remotes/origin/HEAD -> origin/master
remotes/origin/daisy
remotes/origin/jethro
remotes/origin/jethro-next
remotes/origin/master
remotes/origin/master-next
remotes/origin/rocko
remotes/origin/thud
$
where you can see that the branches jump from thud to master with
nothing in between, so there is no "zeus" branch to focus on. also,
there are absolutely no tags.
finally, it seems that the recipes simply upgrade versions
arbitrarily, all on the master branch, so if you grabbed the "master"
version of any recipe, there's no telling when it might change, which
makes reproducibility a bit iffy.
right, so usually it means maintainers keep master moving forward and perhaps test with latest release or master or perhaps all releases after the thud branch, you have to ask this question to the maintainers. but yes forking and then branching your development from master is perhaps fine.

what is the proper way to take advantage of a layer like this? you
can't even use PREFERRED_VERSION for a given recipe since you can
never predict when that version will suddenly disappear from the
master branch.
i imagine the best approach is to simply clone the layer, check it
out to a specific commit ID that works for all desired recipes, and
just leave it there. or just individually copy each version of each
recipe one wants into a local layer (yuck).
thoughts?
rday


Re: Reproducible builds and RPM packages

Randy MacLeod
 

On 2020-11-03 6:16 a.m., Anders Montonen wrote:
Hi,

When going from Zeus to Dunfell, I noticed that all files on the rootfs had timestamps long in the past, which I assume is from reproducible builds now being on by default. While that is a good thing, running “rpm -V” on any installed package now reports that the mtime differs. Is this the intentional behavior?

Hi Anders,

I haven't played with that for a while but I'm pretty sure the answer is yes, it's intentional.

You can read about reproducible builds here:
   https://wiki.yoctoproject.org/wiki/Reproducible_Builds
and compare to the source if needed:
   https://git.openembedded.org/openembedded-core/tree/meta/classes/reproducible_build.bbclass?id=189630ca6cdf7ceb6cf9b8f9d86c58997f505efc&h=dunfell

I don't see it in the documentation yet:
   http://docs.yoctoproject.org/search.html?q=reproducible&check_keywords=yes&area=default

but I didn't do more than skim those search results.

If you also can't find it in the docs, would you be able to make a first draft of that and contribute to the project?

If so please read and ask for guidance on: docs@...

Thanks,

../Randy


Regards,
Anders Montonen




-- 
# Randy MacLeod
# Wind River Linux


Re: Removing postinst script in bbappend

Jim Krantz
 

It's a simple operation. They check for the existence of /etc/apparmor.d/cache. If it doesn't exist, then they create it as a directory. 

I'm not sure why it can't be moved elsewhere, as we're not the maintainers. I could reach out and find out, though. 

On Wed, Nov 4, 2020 at 3:38 PM Alexander Kanavin <alex.kanavin@...> wrote:
The right way would be to fix the recipe I think? What is doing that has to happen only on target and can't be done during do_rootfs?

Alex

On Wed, 4 Nov 2020 at 21:19, Jim Krantz <krantzj84@...> wrote:
The recipe is apparmor, layer is meta-security. 

We're currently using the 2.x recipe, however the 3.x recipe appears to have the same function.


On Wed, Nov 4, 2020 at 2:32 PM Alexander Kanavin <alex.kanavin@...> wrote:
What recipe is it and what layer is it in?

Alex

On Wed 4. Nov 2020 at 19.04, Jim Krantz <krantzj84@...> wrote:
Hey folks,

We're doing builds using Yocto 3.1 and are attempting to revise a recipe from another layer we don't control. The recipe we want to make alterations to is from an open source project, so we'd prefer to not make changes directly to the recipe, rather change it using a bbappend. 

The issue we're having is that the recipe has a pkg_postinst_ontarget function defined, but we have our filesystem set to read only via 'read-only-rootfs'. The result is a build time failure:

'The following packages could not be configured offline and rootfs is read-only: ['<package>']

Looking at the Yocto code, it appears that this error is detected by checking for the presence of any files in the image rootfs/rpm-postinsts directory. If something is found and the rootfs is read only, then the error above is thrown and the build fails. 

We also looked at emit_pkgdata() and noted it was checking for the pkg_postinst/pkg_postinst_ontarget globals, so we attempted to add a task that set those to 'None', hoping it would result in the conditional checks for these resolving to 'false', however this did not seem to work either. I'm somewhat new to Yocto, so may have misunderstood how this code is applied.

We've also tried simpler solutions, like implementing a blank pkg_postinst_ontarget_{PN} and using deltask, however this also failed. 

So the question I have is: is there a way for us to remove the pkg_postinst_ontarget_{PN} from the recipe in the original layer using a bbappend file in our layer, so that the read only error is not thrown?

Thanks!




Re: Removing postinst script in bbappend

Alexander Kanavin
 

The right way would be to fix the recipe I think? What is doing that has to happen only on target and can't be done during do_rootfs?

Alex


On Wed, 4 Nov 2020 at 21:19, Jim Krantz <krantzj84@...> wrote:
The recipe is apparmor, layer is meta-security. 

We're currently using the 2.x recipe, however the 3.x recipe appears to have the same function.


On Wed, Nov 4, 2020 at 2:32 PM Alexander Kanavin <alex.kanavin@...> wrote:
What recipe is it and what layer is it in?

Alex

On Wed 4. Nov 2020 at 19.04, Jim Krantz <krantzj84@...> wrote:
Hey folks,

We're doing builds using Yocto 3.1 and are attempting to revise a recipe from another layer we don't control. The recipe we want to make alterations to is from an open source project, so we'd prefer to not make changes directly to the recipe, rather change it using a bbappend. 

The issue we're having is that the recipe has a pkg_postinst_ontarget function defined, but we have our filesystem set to read only via 'read-only-rootfs'. The result is a build time failure:

'The following packages could not be configured offline and rootfs is read-only: ['<package>']

Looking at the Yocto code, it appears that this error is detected by checking for the presence of any files in the image rootfs/rpm-postinsts directory. If something is found and the rootfs is read only, then the error above is thrown and the build fails. 

We also looked at emit_pkgdata() and noted it was checking for the pkg_postinst/pkg_postinst_ontarget globals, so we attempted to add a task that set those to 'None', hoping it would result in the conditional checks for these resolving to 'false', however this did not seem to work either. I'm somewhat new to Yocto, so may have misunderstood how this code is applied.

We've also tried simpler solutions, like implementing a blank pkg_postinst_ontarget_{PN} and using deltask, however this also failed. 

So the question I have is: is there a way for us to remove the pkg_postinst_ontarget_{PN} from the recipe in the original layer using a bbappend file in our layer, so that the read only error is not thrown?

Thanks!




Re: Removing postinst script in bbappend

Jim Krantz
 

The recipe is apparmor, layer is meta-security. 

We're currently using the 2.x recipe, however the 3.x recipe appears to have the same function.


On Wed, Nov 4, 2020 at 2:32 PM Alexander Kanavin <alex.kanavin@...> wrote:
What recipe is it and what layer is it in?

Alex

On Wed 4. Nov 2020 at 19.04, Jim Krantz <krantzj84@...> wrote:
Hey folks,

We're doing builds using Yocto 3.1 and are attempting to revise a recipe from another layer we don't control. The recipe we want to make alterations to is from an open source project, so we'd prefer to not make changes directly to the recipe, rather change it using a bbappend. 

The issue we're having is that the recipe has a pkg_postinst_ontarget function defined, but we have our filesystem set to read only via 'read-only-rootfs'. The result is a build time failure:

'The following packages could not be configured offline and rootfs is read-only: ['<package>']

Looking at the Yocto code, it appears that this error is detected by checking for the presence of any files in the image rootfs/rpm-postinsts directory. If something is found and the rootfs is read only, then the error above is thrown and the build fails. 

We also looked at emit_pkgdata() and noted it was checking for the pkg_postinst/pkg_postinst_ontarget globals, so we attempted to add a task that set those to 'None', hoping it would result in the conditional checks for these resolving to 'false', however this did not seem to work either. I'm somewhat new to Yocto, so may have misunderstood how this code is applied.

We've also tried simpler solutions, like implementing a blank pkg_postinst_ontarget_{PN} and using deltask, however this also failed. 

So the question I have is: is there a way for us to remove the pkg_postinst_ontarget_{PN} from the recipe in the original layer using a bbappend file in our layer, so that the read only error is not thrown?

Thanks!




Re: Removing postinst script in bbappend

Alexander Kanavin
 

What recipe is it and what layer is it in?

Alex

On Wed 4. Nov 2020 at 19.04, Jim Krantz <krantzj84@...> wrote:
Hey folks,

We're doing builds using Yocto 3.1 and are attempting to revise a recipe from another layer we don't control. The recipe we want to make alterations to is from an open source project, so we'd prefer to not make changes directly to the recipe, rather change it using a bbappend. 

The issue we're having is that the recipe has a pkg_postinst_ontarget function defined, but we have our filesystem set to read only via 'read-only-rootfs'. The result is a build time failure:

'The following packages could not be configured offline and rootfs is read-only: ['<package>']

Looking at the Yocto code, it appears that this error is detected by checking for the presence of any files in the image rootfs/rpm-postinsts directory. If something is found and the rootfs is read only, then the error above is thrown and the build fails. 

We also looked at emit_pkgdata() and noted it was checking for the pkg_postinst/pkg_postinst_ontarget globals, so we attempted to add a task that set those to 'None', hoping it would result in the conditional checks for these resolving to 'false', however this did not seem to work either. I'm somewhat new to Yocto, so may have misunderstood how this code is applied.

We've also tried simpler solutions, like implementing a blank pkg_postinst_ontarget_{PN} and using deltask, however this also failed. 

So the question I have is: is there a way for us to remove the pkg_postinst_ontarget_{PN} from the recipe in the original layer using a bbappend file in our layer, so that the read only error is not thrown?

Thanks!




Removing postinst script in bbappend

Jim Krantz
 

Hey folks,

We're doing builds using Yocto 3.1 and are attempting to revise a recipe from another layer we don't control. The recipe we want to make alterations to is from an open source project, so we'd prefer to not make changes directly to the recipe, rather change it using a bbappend. 

The issue we're having is that the recipe has a pkg_postinst_ontarget function defined, but we have our filesystem set to read only via 'read-only-rootfs'. The result is a build time failure:

'The following packages could not be configured offline and rootfs is read-only: ['<package>']

Looking at the Yocto code, it appears that this error is detected by checking for the presence of any files in the image rootfs/rpm-postinsts directory. If something is found and the rootfs is read only, then the error above is thrown and the build fails. 

We also looked at emit_pkgdata() and noted it was checking for the pkg_postinst/pkg_postinst_ontarget globals, so we attempted to add a task that set those to 'None', hoping it would result in the conditional checks for these resolving to 'false', however this did not seem to work either. I'm somewhat new to Yocto, so may have misunderstood how this code is applied.

We've also tried simpler solutions, like implementing a blank pkg_postinst_ontarget_{PN} and using deltask, however this also failed. 

So the question I have is: is there a way for us to remove the pkg_postinst_ontarget_{PN} from the recipe in the original layer using a bbappend file in our layer, so that the read only error is not thrown?

Thanks!


Cmake CROSS COMPILE problem [PLEASE HELP, URGENT] #sdk #yocto #toolchain

Bel Hadj Salem Talel
 

Hi All,

I'm in serious task here and I need to cross compile a Cmake project.
I need to send an SDK to a client with steps to cross compile the project.
This project is compiling successfully via a Yocto recipe that inherits cmake.
I extracted an SDK from the main image adding TOOLCHAIN_HOST_TASK_append=" nativesdk-cmake" to add the Toolchain cmake file which is located under: /home/talel/Documents/sensesdk/sysroots/x86_64-pokysdk-linux/usr/share/cmake/OEToolchainConfig.cmake :
Here is its content:

set( CMAKE_SYSTEM_NAME Linux )
set( CMAKE_C_FLAGS $ENV{CFLAGS} CACHE STRING "" FORCE )
set( CMAKE_CXX_FLAGS $ENV{CXXFLAGS}  CACHE STRING "" FORCE )
set( CMAKE_ASM_FLAGS ${CMAKE_C_FLAGS} CACHE STRING "" FORCE )
set( CMAKE_LDFLAGS_FLAGS ${CMAKE_CXX_FLAGS} CACHE STRING "" FORCE )
set( CMAKE_SYSROOT $ENV{OECORE_TARGET_SYSROOT} )
set( CMAKE_FIND_ROOT_PATH $ENV{OECORE_TARGET_SYSROOT} )
set( CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER )
set( CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY )
set( CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY )
set( CMAKE_FIND_ROOT_PATH_MODE_PACKAGE ONLY )
set(CMAKE_FIND_LIBRARY_CUSTOM_LIB_SUFFIX "$ENV{OE_CMAKE_FIND_LIBRARY_CUSTOM_LIB_SUFFIX}")
# Set CMAKE_SYSTEM_PROCESSOR from the sysroot name (assuming processor-distro-os).
if ($ENV{SDKTARGETSYSROOT} MATCHES "/sysroots/([a-zA-Z0-9_-]+)-.+-.+")
  set(CMAKE_SYSTEM_PROCESSOR ${CMAKE_MATCH_1})
endif()
# Include the toolchain configuration subscripts
file( GLOB toolchain_config_files "${CMAKE_TOOLCHAIN_FILE}.d/*.cmake" )
foreach(config ${toolchain_config_files})
    include(${config})
endforeach()


The project is working with gRPC and Protobuf. There is a .cmake files that are responsible for searching for gRPC and Protobuf libs

Here is what I tried after sourcing the SDK environment:
1) A simple "cmake .." with no options:

Setting build type to 'RelWithDebInfo' as none was specified.
-- Toolchain file defaulted to '/home/talel/Documents/sensesdk/sysroots/x86_64-pokysdk-linux/usr/share/cmake/OEToolchainConfig.cmake'
-- The C compiler identification is GNU 7.3.0
-- The CXX compiler identification is GNU 7.3.0
-- Check for working C compiler: /home/talel/Documents/sensesdk/sysroots/x86_64-pokysdk-linux/usr/bin/aarch64-poky-linux/aarch64-poky-linux-gcc
-- Check for working C compiler: /home/talel/Documents/sensesdk/sysroots/x86_64-pokysdk-linux/usr/bin/aarch64-poky-linux/aarch64-poky-linux-gcc -- works
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Detecting C compile features
-- Detecting C compile features - done
-- Check for working CXX compiler: /home/talel/Documents/sensesdk/sysroots/x86_64-pokysdk-linux/usr/bin/aarch64-poky-linux/aarch64-poky-linux-g++
-- Check for working CXX compiler: /home/talel/Documents/sensesdk/sysroots/x86_64-pokysdk-linux/usr/bin/aarch64-poky-linux/aarch64-poky-linux-g++ -- works
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
-- Detecting CXX compile features
-- Detecting CXX compile features - done
CMake Warning at /home/talel/Documents/sensesdk/sysroots/x86_64-pokysdk-linux/usr/share/cmake-3.16/Modules/FindProtobuf.cmake:499 (message):
  Protobuf compiler version 3.12.3 doesn't match library version 3.11.4
Call Stack (most recent call first):
  CMakeLists.txt:23 (find_package)
-- Found Protobuf: /home/talel/Documents/sensesdk/sysroots/aarch64-poky-linux/usr/lib/libprotobuf.so;-lpthread (found version "3.11.4")
-- Could NOT find gRPC (missing: GRPC_CPP_PLUGIN)
-- Configuring done
-- Generating done
-- Build files have been written to: /home/talel/Desktop/sense_software_2/build

protobuf is found, but not gRPC, now when I make:
make[2]: *** No rule to make target 'GRPC_CPP_PLUGIN-NOTFOUND', needed by 'protos/sense_api_settings.grpc.pb.cc'.  Stop.
CMakeFiles/Makefile2:734: recipe for target 'protos/CMakeFiles/sense_api_settings_grpc.dir/all' failed
make[1]: *** [protos/CMakeFiles/sense_api_settings_grpc.dir/all] Error 2
Makefile:129: recipe for target 'all' failed
make: *** [all] Error 2

I searched for a solution and I added the -DCMAKE_PREFIX_PATH=/home/talel/Documents/sensesdk/sysroots/aarch64-poky-linux/usr option to my SDK rootfs
Here is the result of cmake..:

-- Check for working C compiler: /home/talel/Documents/sensesdk/sysroots/x86_64-pokysdk-linux/usr/bin/aarch64-poky-linux/aarch64-poky-linux-gcc -- broken
CMake Error at /home/talel/Documents/sensesdk/sysroots/x86_64-pokysdk-linux/usr/share/cmake-3.16/Modules/CMakeTestCCompiler.cmake:60 (message):
  The C compiler
    "/home/talel/Documents/sensesdk/sysroots/x86_64-pokysdk-linux/usr/bin/aarch64-poky-linux/aarch64-poky-linux-gcc"
  is not able to compile a simple test program.
  It fails with the following output:
    Change Dir: /home/talel/Desktop/sense_software_2/build/CMakeFiles/CMakeTmp
    Run Build Command(s):/home/talel/Documents/sensesdk/sysroots/aarch64-poky-linux/usr/bin/make cmTC_2a27c/fast && /home/talel/Documents/sensesdk/sysroots/aarch64-poky-linux/usr/bin/make: 1: /home/talel/Documents/sensesdk/sysroots/aarch64-poky-linux/usr/bin/make: Syntax error: word unexpected (expecting ")")

I tried to add C and CXX options : -DCMAKE_C_COMPILER_WORKS=1 -DCMAKE_CXX_COMPILER_WORKS=1:
Now it shows this:

/home/talel/Documents/sensesdk/sysroots/aarch64-poky-linux/usr/bin/protoc: 1: /home/talel/Documents/sensesdk/sysroots/aarch64-poky-linux/usr/bin/protoc: ELF�@2@8: not found
/home/talel/Documents/sensesdk/sysroots/aarch64-poky-linux/usr/bin/protoc: 2: /home/talel/Documents/sensesdk/sysroots/aarch64-poky-linux/usr/bin/protoc: Syntax error: ")" unexpected
CMake Warning at /home/talel/Documents/sensesdk/sysroots/x86_64-pokysdk-linux/usr/share/cmake-3.16/Modules/FindProtobuf.cmake:499 (message):
  Protobuf compiler version doesn't match library version 3.11.4

and now when I make same error ; syntax error in protobuf

Here is the main CMakeLists:
cmake_minimum_required (VERSION 3.5)

set(ex_ver "01")

# Set a default build type if none was specified
if(NOT CMAKE_BUILD_TYPE AND NOT CMAKE_CONFIGURATION_TYPES)
message("Setting build type to 'RelWithDebInfo' as none was specified.")
set(CMAKE_BUILD_TYPE RelWithDebInfo CACHE STRING "Choose the type of build." FORCE)
# Set the possible values of build type for cmake-gui
set_property(CACHE CMAKE_BUILD_TYPE PROPERTY STRINGS "Debug" "Release"
"MinSizeRel" "RelWithDebInfo")
endif()

project(ex VERSION ${ex_ver})

# set the C++ standard to C++ 11
set(CMAKE_CXX_STANDARD 11)

list(APPEND CMAKE_MODULE_PATH ${PROJECT_SOURCE_DIR}/cmake)

include(CompileProtos)
set(protobuf_MODULE_COMPATIBLE TRUE)
find_package(Protobuf REQUIRED)
#find_package(gRPC REQUIRED)

set(_PROTOBUF_LIBPROTOBUF protobuf::libprotobuf)
if(CMAKE_CROSSCOMPILING)
find_program(_PROTOBUF_PROTOC protoc)
find_program(_gRPC_CPP_PLUGIN grpc_cpp_plugin)
else()
set(_PROTOBUF_PROTOC $<TARGET_FILE:protobuf::protoc>)
endif()
#message(STATUS "Using protobuf ${protobuf_VERSION}")

# Find gRPC installation
# Looks for gRPCConfig.cmake file installed by gRPC's cmake installation.
find_package(GRPC REQUIRED)

set(_GRPC_GRPCPP_REFLECTION gRPC::grpc++_reflection)
if(CMAKE_CROSSCOMPILING)
find_program(_GRPC_CPP_PLUGIN_EXECUTABLE grpc_cpp_plugin)
else()
set(_GRPC_CPP_PLUGIN_EXECUTABLE $<TARGET_FILE:gRPC::grpc_cpp_plugin>)
endif()

# uncomment for PC
#find_package(fmt REQUIRED)
#add_compile_definitions(SPDLOG_FMT_EXTERNAL)

#Add sub-directories
add_subdirectory(protos)
add_subdirectory(systemd)
add_subdirectory(certs)
add_subdirectory(services)
add_subdirectory(lib)
add_subdirectory(tools)
add_subdirectory(core)



Help me please on this. It is really urgent, I tried a lot.
Thanks, Talel


Re: [meta-security][PATCH 2/2] clamav: unify volatiles file name

Armin Kuster
 

merged
thanks

On 11/2/20 1:11 AM, Yi Zhao wrote:
Make the volatiles file name starts with digital.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
recipes-scanners/clamav/clamav_0.101.5.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-scanners/clamav/clamav_0.101.5.bb b/recipes-scanners/clamav/clamav_0.101.5.bb
index 47fbae4..7dad263 100644
--- a/recipes-scanners/clamav/clamav_0.101.5.bb
+++ b/recipes-scanners/clamav/clamav_0.101.5.bb
@@ -86,7 +86,7 @@ do_install_append_class-target () {

install -m 644 ${WORKDIR}/clamd.conf ${D}/${sysconfdir}
install -m 644 ${WORKDIR}/freshclam.conf ${D}/${sysconfdir}
- install -m 0644 ${WORKDIR}/volatiles.03_clamav ${D}${sysconfdir}/default/volatiles/volatiles.03_clamav
+ install -m 0644 ${WORKDIR}/volatiles.03_clamav ${D}${sysconfdir}/default/volatiles/03_clamav
sed -i -e 's#${STAGING_DIR_HOST}##g' ${D}${libdir}/pkgconfig/libclamav.pc
rm ${D}/${libdir}/libclamav.so
if [ "${INSTALL_CLAMAV_CVD}" = "1" ]; then



Re: [meta-security][PATCH 1/2] suricata: unify volatiles file name

Armin Kuster
 

On 11/2/20 1:11 AM, Yi Zhao wrote:
Make the volatiles file name starts with digital.
merged

thanks

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
recipes-ids/suricata/suricata_4.1.9.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-ids/suricata/suricata_4.1.9.bb b/recipes-ids/suricata/suricata_4.1.9.bb
index 135871c..3f7beaa 100644
--- a/recipes-ids/suricata/suricata_4.1.9.bb
+++ b/recipes-ids/suricata/suricata_4.1.9.bb
@@ -55,7 +55,7 @@ do_install_append () {
oe_runmake install-rules DESTDIR=${D}

install -d ${D}${sysconfdir}/suricata ${D}${sysconfdir}/default/volatiles
- install -m 0644 ${WORKDIR}/volatiles.03_suricata ${D}${sysconfdir}/default/volatiles/volatiles.03_suricata
+ install -m 0644 ${WORKDIR}/volatiles.03_suricata ${D}${sysconfdir}/default/volatiles/03_suricata

install -m 0644 ${S}/threshold.config ${D}${sysconfdir}/suricata




how to use meta-cpan layer in a reproducible way?

Robert P. J. Day
 

colleague wants to add some perl recipes to a zeus-based image, and
found the meta-cpan layer, which contains a number of desired recipes,
but the structure of that layer seems a bit sparse.

first, here's the entire set of branches:

$ git branch -a
* master
thud
remotes/origin/HEAD -> origin/master
remotes/origin/daisy
remotes/origin/jethro
remotes/origin/jethro-next
remotes/origin/master
remotes/origin/master-next
remotes/origin/rocko
remotes/origin/thud
$

where you can see that the branches jump from thud to master with
nothing in between, so there is no "zeus" branch to focus on. also,
there are absolutely no tags.

finally, it seems that the recipes simply upgrade versions
arbitrarily, all on the master branch, so if you grabbed the "master"
version of any recipe, there's no telling when it might change, which
makes reproducibility a bit iffy.

what is the proper way to take advantage of a layer like this? you
can't even use PREFERRED_VERSION for a given recipe since you can
never predict when that version will suddenly disappear from the
master branch.

i imagine the best approach is to simply clone the layer, check it
out to a specific commit ID that works for all desired recipes, and
just leave it there. or just individually copy each version of each
recipe one wants into a local layer (yuck).

thoughts?

rday


Why is the base-files recipe different?

Morten Bruun
 

Hi,

I'm trying to install different fstab files based on the image being built. As far as I can tell this should be possible by using BBCLASSEXTEND. 

The error I get is: 

Error: Transaction check error:
  file /etc/fstab conflicts between attempted installs of base-files-foo-3.0.14-r89.raspberrypi3 and base-files-3.0.14-r89.raspberrypi3

If I do the exact same thing with the iptables recipe - it works perfectly. Why is base-files different?

Any help is much appreciated,
Morten

Here is what I have done:
-----------------------------------

Created foo.class:

CLASSOVERRIDE .= ":class-foo"

python foo_virtclass_handler () {
    # Do nothing if this is inherited, as it's for BBCLASSEXTEND
    if "foo" not in (d.getVar('BBCLASSEXTEND') or ""):
        bb.error("Don't inherit foo, use BBCLASSEXTEND")
        return

    # Restore BPN
    bpn = d.getVar('BPN')
    newbpn = bpn.replace('-foo', '')
    d.setVar('BPN', newbpn)

    # Use default FILESPATH searching for patches and files
    filespath = d.getVar('FILESPATH', True)
    newfilespath = filespath.replace('-foo', '')
    d.setVar('FILESPATH', newfilespath)
}

addhandler foo_virtclass_handler
foo_virtclass_handler[eventmask] = "bb.event.RecipePreFinalise"

============================================================

Added base-files_3.0.14.bbappend:

FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"

BBCLASSEXTEND = "foo"

SRC_URI_append_class-foo = " file://fstab.foo "

do_install_append_class-foo () {
    install -d ${D}${sysconfdir}
    install -m 644 ${WORKDIR}/fstab.foo ${D}${sysconfdir}/fstab
}

============================================================

Added my fstab.foo in the base-files directory next to the .bbappend file.
Added IMAGE_INSTALL += "base-files-foo" to my local.conf.

============================================================


[ANNOUNCEMENT] Yocto Project 3.2 (Gatesgarth 24.0.0) is Released

Vineela
 

Hello,

We are pleased to announce the Yocto Project 3.2 (gatesgarth-24.0.0) Release is now available for download.

http://downloads.yoctoproject.org/releases/yocto/yocto-3.2/poky-gatesgarth-24.0.0.tar.bz2
http://mirrors.kernel.org/yocto/yocto/yocto-3.2/poky-gatesgarth-24.0.0.tar.bz2

A gpg signed version of these release notes is available at:

http://downloads.yoctoproject.org/releases/yocto/yocto-3.2/RELEASENOTES

Full Test Report:

http://downloads.yoctoproject.org/releases/yocto/yocto-3.2/testreport.txt

Thank you for everyone's contributions to this release.

Vineela Tummalapalli
Yocto Project Build and Release
vineela.tummalapalli@intel.com

--------------------------
yocto-3.2 Release Notes
--------------------------

--------------------------
Repositories/Downloads
--------------------------

Repository Name: poky
Repository Location: https://git.yoctoproject.org/git/poky
Branch: gatesgarth
Tag: yocto-3.2
Git Revision: 5d75168a13d00253460020e536b2a87833ec67d2
Release Artefact: poky-gatesgarth-24.0.0
sha: fcc8598b398b454782db8c98e225e5a9ec3ff630f30b75c1a695fd0279700780
Download Locations:
http://downloads.yoctoproject.org/releases/yocto/yocto-3.2/poky-gatesgarth-24.0.0.tar.bz2
http://mirrors.kernel.org/yocto/yocto/yocto-3.2/poky-gatesgarth-24.0.0.tar.bz2

Repository Name: openembedded-core
Repository Location: https://git.openembedded.org/openembedded-core
Branch: gatesgarth
Tag: 2020-10-gatesgarth
Git Revision: d3114ca369792201a5316c1ede29eb72f0868d35
Release Artefact: oecore-gatesgarth-24.0.0
sha: 33f202d1414662f55f33fd675b01d727c9d94f9352aa851582dd633d9a583874
Download Locations:
http://downloads.yoctoproject.org/releases/yocto/yocto-3.2/oecore-gatesgarth-24.0.0.tar.bz2
http://mirrors.kernel.org/yocto/yocto/yocto-3.2/oecore-gatesgarth-24.0.0.tar.bz2

Repository Name: meta-mingw
Repository Location: https://git.yoctoproject.org/git/meta-mingw
Branch: gatesgarth
Tag: yocto-3.2
Git Revision: d2809d7c93bdb46014e1f8b3b0a4f42030078905
Release Artefact: meta-mingw-gatesgarth-24.0.0
sha: 2b13ae27fd8faaf8826122d50bdbe8c729535193eeffebc25f95f0550ff6093b
Download Locations:
http://downloads.yoctoproject.org/releases/yocto/yocto-3.2/meta-mingw-gatesgarth-24.0.0.tar.bz2
http://mirrors.kernel.org/yocto/yocto/yocto-3.2/meta-mingw-gatesgarth-24.0.0.tar.bz2

Repository Name: meta-gplv2
Repository Location: https://git.yoctoproject.org/git/meta-gplv2
Branch: gatesgarth
Tag: yocto-3.2
Git Revision: 6e8e969590a22a729db1ff342de57f2fd5d02d43
Release Artefact: meta-gplv2-gatesgarth-24.0.0
sha: 3910b54110319557ea98d95c09d5466ec827a7406213cef3bf3a3d588dca3def
Download Locations:
http://downloads.yoctoproject.org/releases/yocto/yocto-3.2/meta-gplv2-gatesgarth-24.0.0.tar.bz2
http://mirrors.kernel.org/yocto/yocto/yocto-3.2/meta-gplv2-gatesgarth-24.0.0.tar.bz2

Repository Name: bitbake
Repository Location: https://git.openembedded.org/bitbake
Branch: gatesgarth
Tag: 2020-10-gatesgarth
Git Revision: fec2b85689bba1d26ad6f376bc11cc29bb27cbe5
Release Artefact: bitbake-gatesgarth-24.0.0
sha: b01aa8f31e7b6fd267424f085d80fba46c9a8ead30a3aa5d9c944ad2bd053412
Download Locations:
http://downloads.yoctoproject.org/releases/yocto/yocto-3.2/bitbake-gatesgarth-24.0.0.tar.bz2
http://mirrors.kernel.org/yocto/yocto/yocto-3.2/bitbake-gatesgarth-24.0.0.tar.bz2

--------------
Contributors
--------------

Thanks to the following people who contributed to this release:

Adrian Bunk
Adrian Freihofer
Akira Shibakawa
Alejandro del Castillo
Alejandro Hernandez
Alexander Kanavin
Alexandru N. Onea
Alex Kiernan
Alistair Francis
Anatol Belski
Andreas Müller
Andrei Gherzan
Andrej Valek
Andrew Geissler
Andrey Zhizhikin
Aníbal Limón
Anton Eliasson
Anuj Mittal
Armin Kuster
Arthur She
Bartłomiej Burdukiewicz
Bartosz Golaszewski
Benjamin Fair
Bjarne Michelsen
Bruce Ashfield
Chandana kalluri
Changhyeok Bae
Changqing Li
Charlie Davies
Chen Qi
Chris Laplante
Christian Eggers
Christophe GUIBOUT
Daisuke Yamane
Damian Wrobel
Dan Callaghan
Daniel Ammann
Daniel Díaz
Daniel Gomez
Daniel Klauer
Daniel McGregor
David Khouya
David Reyna
De Huo
Denys Dmytriyenko
Diego Rondini
Diego Sueiro
Dmitry Baryshkov
Domarys Correa
Douglas Royds
Drew Moseley
Fabio Berton
Frazer Clews
Fredrik Gustafsson
Geoff Parker
Gregor Zatko
Guillaume Champagne
Haiqing Bai
Hannu Lounento
He Zhe
Hongxu Jia
Jacob Kroon
Jan Luebbe
Jan Vermaete
Jan-Simon Moeller
Jason Wessel
Jean-Francois Dagenais
Jens Rehsack
Jeremy Puhlman
Joe Slater
Jonathan Richardson
Jon Mason
Joshua Watt
Junling Zheng
Kai Kang
Kamil Dziezyk
Kevin Hao
Khairul Rohaizzat Jamaluddin
Khasim Mohammed
Khem Raj
Konrad Weihmann
Kurt Kiefer
Lee Chee Yang
Leif Middelschulte
Lili Li
Li Wang
Liwei Song
Marco Felsch
Marek Vasut
Mark Hatle
Mark Jonas
Mark Morton
Martin Jansa
Matt Madison
Mauro Queirós
Maxime Roussin-Bélanger
Max Krummenacher
Michael Gloff
Michael Ho
Michael Thalmeier
Michael Tretter
Mikko Rapeli
Ming Liu
Mingde (Matthew) Zeng
Mingli Yu
Naoki Hayama
Naoto Yamaguchi
Nathan Rossi
Naveen Saini
Neil Armstrong
Nicolas Dechesne
Norman Stetter
Oleksandr Kravchuk
Oleksandr Popovych
Otavio Salvador
Ovidiu Panait
Patrick Vacek
Paul Barker
Paul Eggleton
Peter A. Bigot
Peter Bergin
Peter Kjellerstedt
Petr Vorel
Pierre-Jean Texier
Quentin Schulz
Rahul Kumar
Ralph Siemsen
Randy MacLeod
Rasmus Villemoes
Ricardo Ribalda Delgado
Ricardo Salveti
Richard Leitner
Richard Purdie
Robert P. J. Day
Robert Yang
Roland Hieber
Ross Burton
Ryan Rowe
Sakib Sajal
Samuli Piippo
Saul Wold
Sourabh Banerjee
Stacy Gaikovaia
Stefan Agner
Stephen Jolley
Steve Sakoman
Sumit Garg
Tanu Kaskinen
Taras Kondratiuk
Teoh Jay Shen
Timon Ulrich
Tim Orling
Trevor Gamblin
Tuomas Salokanto
Tyler Hicks
Usama Arif
Valentin Longchamp
Vasyl Vavrychuk
Victor Kamensky
Vijai Kumar K
Vineela Tummalapalli
Vyacheslav Yurkov
Wang Mingyu
Wenlin Kang
Yanfei Xu
Yann Dirson
Yeoh Ee Peng
Yi Zhao
Yoann Congal
Yongxin Liu
Yuki Hoshino
Zang Ruochen
Zhang Qiang
Zhaolong Zhang
Zheng Ruoqin
Zhixiong Chi
Zoltan Boszormenyi


-----------------------------
New Features / Enhancements
-----------------------------
* Linux kernel 5.8, gcc 10.2, glibc 2.32 and ~245 other recipe upgrades
* New recipes: boost-build-native, dhcpcd, go-binary-native, help2man, igt-gpu-tools, init-system-helpers, kea, libhandy, libmodulemd, libuv, libva-initial, log4cplus, python3-cython, python3-dbusmock, python3-pyparsing
* Minimum host gcc version is now 6
* Replaced obsolete dhcp with dhcpcd (client) and kea (server)
* New baremetal-image class for baremetal applications or an RTOS
* Enabled pseudo path filtering for improved reliability and slightly less overhead in fakeroot environment
* New go-binary-native providing binary Go (faster bootstrap and supports ARM hosts)
* New go-mod class for `go mod` support
* Extended recipes to native: libexif, libnl
* Architecture / machine-specific enhancements:
- Add tune files for cortexa55 and cortexa73-cortexa53
- Add tune files for cortexa57 (now default for qemuarm64)
- Add tune files for cortex-m0 and cortex-m0plus
- armv8/tunes: Set TUNE_PKGARCH_64 based on ARMPKGARCH
- arch-armv8-2a.inc: add tune include for armv8.2a
- tune-cortexa57-cortexa53.inc: add CRC and set march
- qemumips: change to 64 TLBs in CPU model which improves test performance by 40%
- siteinfo: Recognize 32bit PPC LE
- armv8/tunes: Add tunes for supported ARMv8a cores
- armv8/tunes: Add tunes for supported ARMv8.2a cores
- libucontext: Recognise riscv32 architecture
- dpkg: Add riscv32 CPU support
- lttng-tools & lttng-ust now work on riscv64
- linux-yocto/beaglebone: Switch to sdhci-omap driver
- libucontext: Bring in mips/mips64 support
- packagegroup-core-tools-profile: bring in perf for musl on ARM
* Kernel-related changes:
- Allow dangling KERNEL_FEATURES
- Enhanced configuration queue analysis capabilities
- Allow promotion of configuration warnings to errors
- Add KBUILD_DEFCONFIG search location to failure message
- kernel-yocto: split meta data gathering into patch and config phases to allow patching of in-tree configuration
- netfilter: Enable nat for ipv4 and ipv6
* bitbake improvements:
- BBMASK can now be set per configuration in multiconfig
- Support \ in file:// URLs in SRC_URI
- Support spaces in git:// URLs in SRC_URI
- Added an inverse mode to BBFILES_DYNAMIC (! prefix) to e.g. backfill recipes for a missing layer
- deltask statement can now take multiple task names
- Significant improvement in get_file_layer() performance (as used by bitbake-layers and buildhistory)
- When a shell function fails, print a backtrace with the function's original metadata location
- Filename/line number information now emitted for shell functions (e.g. in run.* files)
- Prefix the log data with pid/time information
- Note when commands complete in logs
- Show command exceptions in the server log as well
- perforce: add basic progress handler
- perforce: add local path handling SRC_URI options
- New bb.event.RecipePostKeyExpansion event (used to support multilib)
- Improved performance with large numbers of files in SRC_URI
- Several refactoring efforts aimed at improving startup performance and reliability
* wic image creator improvements:
- rootfs: added --change-directory argument (similar to tar -C)
- rootfs: do not error out if path in --exclude-path does not exist to make it easier to reuse .wks among different projects
- rootfs: added an optional destination argument to --include-path
- Added --offset argument for partitions
- bootimg-efi: added support for IMAGE_BOOT_FILES
- bootimg-efi: added IMAGE_EFI_BOOT_FILES variable to separate bootimg-efi and bootimg-partition
- Added 512-byte (i.e. sector) alignment to --offset when s/S suffix is used
- image_types: declare support for wic.zst
* Image related changes:
- New image-artifact-names class to centralise image artifact naming variable defaults
- New IMAGE_LOG_CHECK_EXCLUDES to allow excluding false-positive messages in log_check processing
- New IMAGE_LOCALES_ARCHIVE variable prevent locale archive creation
* qemu/runqemu enhancements:
- qemu: enable pass-through GL acceleration when 'opengl' is in DISTRO_FEATURES
- runqemu: add QB_ROOTFS_EXTRA_OPT parameter
- runqemu: If using a vmtype image do not add the -no-reboot flag
- qemuboot: Add QB_RNG variable to allow overriding random number generation
* SDK related changes:
- packagegroup-go-sdk-target: Add go to packagegroup
- oe-publish-sdk: add --keep-orig option
- New ESDK_MANIFEST_EXCLUDES variable to exclude configuration files from sdk-conf-manifest in extensible SDK
- Extended recipes to nativesdk: bmap-tools, btrfs-tools, cpio, dosfstools, glib-networking, kmod, libexif, libnl, librsvg, libsoup-2.4, parted, pbzip2, serf, subversion, tiff
* Name of multiconfig now added to BUILDCFG_HEADER when multiconfig is active (as printed at build startup)
* New PACKAGECONFIG options in apr-util, curl, file, gdk-pixbuf, glibc, gstreamer1.0-plugins-bad, igt-gpu-tools, iputils, kmod, libva, mesa, net-tools, openssh, perf, qemu, rpm, weston, weston-init
* Added ability to inject "minidebuginfo" into packaged binaries (PACKAGE_MINIDEBUGINFO = "1")
* libva: enabled build without opengl in DISTRO_FEATURES
* Add ability to enable VAAPI support in mesa (via new libva-initial bootstrap recipe)
* u-boot: introduce UBOOT_INITIAL_ENV
* u-boot: support merging .cfg files for UBOOT_CONFIG
* buildhistory improvements:
- Add simplistic file move detection
- Record PACKAGECONFIG
- Record SRC_URI
* Packaging changes:
- systemd: split systemd specific udev rules into its own package
- linux-firmware: package nvidia firmware
- linux-firmware: package marvel sdio 8997 firmware
- linux-firmware: add ice for Intel E800 series driver
- linux-firmware: add ibt-20 package
- linux-firmware: add qcom-venus-{5.2,5.4} packages
- linux-firmware: add Amlogic VDEC firmware package
- iptables: split iptables-apply to its own package
- timezone: include leap second data in tzdata-core
* weston-init improvements:
- Enable RDP screen sharing
- Allow setting idle time to 0 for kiosk usage / debugging
- Add environment file support for systemd unit file
- Explicitly select drm/fbdev backends for qemu machines (drm by default for qemuarm64/qemux86/qemux86-64, otherwise fbdev)
* buildtools improvements:
- Handle generic environment setup injection (environment-setup.d)
- Added python3-jinja2 to support resulttool
- Added libstc++.a and libgomp-dev to buildtools-extended-tarball
- install-buildtools: remove hardcoded x86-64 architecture
- install-buildtools: add option to disable checksum validation
* Package QA check changes:
- Added test for shebang line length
- Promoted a number of checks from warning to error
- Check for missing update-alternatives inherit
- Check for missing features_check inherit
- Improved messages for "arch" check
* Testing related improvements:
- Enabled ptests for bzip2, expat, libinput, glib-networking
- New buildall-qemu script to automate build testing a recipe for all qemu MACHINEs
- oeqa/runtime: Add OERequirePackage decorator
- qemurunner: Add extra debug info when qemu fails to start
- testimage: enable ovmf support
- testimage: add an overall timeout setting
- testresults.json: add duration of the tests as well
- resulttool/log: Add ability to dump ltp logs as well as ptest
- Call dump_target() when SSH target reports "no route to host"
* Licensing related improvements:
- Symlink to the current image license manifest dir under tmp/deploy/licenses
- Added BSD-2-Clause-Patent common license file
- Added Unlicense common license file
- Added PSF-2.0 common license file
* kernel-fitimage: build configuration for image tree when dtb is not present
* kernel-fitimage: generate openssl RSA keys for signing fitimage
* systemd-conf: Accept MTU from DHCP
* cmake: allow chainloading of the toolchain file
* curl: enable producing debug info for curl-dbg package
* initramfs-framework: check successful mount using mountpoint (allows rootfs module to be used with OSTree)
* Several optimisations to improve SSH host key generation for openssh & dropbear
* cve-update-db-native: add progress handler
* cve-check: introduce CVE_CHECK_RECIPE_FILE variable to allow changing of per-recipe check file
* cve-check: add CVE_CHECK_REPORT_PATCHED variable to suppress reporting of patched CVEs
* cml1: New KCONFIG_CONFIG_ROOTDIR variable to specify the .config root dir
* base.bbclass: warn when there is trailing slash in S or B variables
* busybox: enable rev and pgrep commands
* New EXTRA_OEWAF_BUILD and EXTRA_OEWAF_INSTALL variables for passing extra build / install arguments to waf
* New WAF_PYTHON variable to specify python interpreter to use for waf per-recipe
* sysvinit-inittab: Add support for tty devices with 10 or more number.
* devtool: finish: support BBFILES_DYNAMIC when finding original recipe location
* uninative: Handle PREMIRRORS generically
* externalsrc: allow multiple tasks to execute in parallel if S != B
* rng-tools: Restrict rngd when running as systemd service
* help2man: rewrite recipe so it can also be built for the target
* graph-tool: add filter subcommand
* boost: optimised build
* grub: Remove native version of grub-efi (use grub-native instead, which is functionally the same)
* rpm: disable libarchive dependency by default
* init-ifupdown: always make machine-specific

- -------------
Known Issues
- -------------

failure in ptest : valgrind.drd and valgrind.helgrind

-----------------
Recipe Licenses
-----------------

The following corrections have been made to the LICENSE values set by recipes:

* avahi: fixed the per-package LICENSE values for libavahi-client package (LGPLv2.1+)
* gdk-pixbuf: LGPLv2.1 -> LGPLv2.1+
* gnutls: with help from upstream, the license text in some source files was corrected to match the documentation (i.e. the library itself is LGPLv2.1+). LICENSE already reflected this.
* util-linux: set per-package LICENSE values for libblkid, libfdisk, libmount, libsmartcols (all LGPLv2.1+), and libuuid (BSD-3-Clause)


------------------------
Migration instructions
------------------------

For details on changes that you might need to make when migrating to the Yocto Project 3.2 release from previous releases, please see the following manual section:

http://www.yoctoproject.org/docs/3.2/ref-manual/ref-manual.html#moving-to-the-yocto-project-3.2-release



----------------
Security Fixes
----------------

* bash: CVE-2019-18276
* bind: CVE-2020-8616, CVE-2020-8617, CVE-2020-8622, CVE-2020-8623, CVE-2020-8624
* bison: CVE-2020-24979, CVE-2020-24980
* curl: CVE-2020-8169, CVE-2020-8177
* gcc: CVE-2020-13844
* ghostscript: CVE-2020-15900
* glibc: CVE-2020-6096
* glib-networking: CVE-2020-13645
* gnupg: CVE-2020-25125
* gnutls: CVE-2020-24659
* grub2: CVE-2020-10713
* icu: CVE-2020-10531
* json-c: CVE-2020-12762
* libproxy: CVE-2020-25219
* librsvg: CVE-2019-20446
* libxml2: CVE-2020-24977
* openssl: CVE-2020-1967
* python3: CVE-2020-8492
* qemu: CVE-2020-10761, CVE-2020-11869, CVE-2020-13361, CVE-2020-13362, CVE-2020-13659, CVE-2020-13791, CVE-2020-13800, CVE-2020-14364, CVE-2020-15863
* re2c: CVE-2020-11958
* sqlite: CVE-2020-11655, CVE-2020-11656
* systemd: CVE-2020-13776
* wpa-supplicant: CVE-2020-12695



-----------------
Recipe Upgrades
-----------------

* acpica 20200430 -> 20200717
* adwaita-icon-theme 3.34.3 -> 3.36.1
* alsa-lib 1.2.1.2 -> 1.2.3.2
* alsa-plugins 1.2.1 -> 1.2.2
* alsa-tools 1.1.7 -> 1.2.2
* alsa-topology-conf 1.2.1 -> 1.2.3
* alsa-ucm-conf 1.2.1.2 -> 1.2.3
* alsa-utils 1.2.1 -> 1.2.3
* alsa-utils-scripts 1.2.1 -> 1.2.3
* apt 1.2.31 -> 1.8.2.1
* asciidoc 8.6.9+py3-gitX -> 9.0.2
* at-spi2-atk 2.34.1 -> 2.34.2
* at-spi2-core 2.34.0 -> 2.36.1
* atk 2.34.1 -> 2.36.0
* automake 1.16.1 -> 1.16.2
* avahi 0.7 -> 0.8
* babeltrace2 2.0.2 -> 2.0.3
* bash-completion 2.10 -> 2.11
* bind 9.11.22 -> 9.16.7
* binutils 2.34 -> 2.35
* bison 3.5.3 -> 3.7.2
* bmap-tools 3.5+gitX (db7087b883...) -> 3.5+gitX (a17f0e3ff8...)
* boost 1.72.0 -> 1.74.0
* bootchart2 0.14.8+gitX -> 0.14.9
* btrfs-tools 5.4.1 -> 5.7
* busybox 1.31.1 -> 1.32.0
* busybox-inittab 1.31.0 -> 1.32.0
* ca-certificates 20190110 -> 20200601
* ccache 3.7.7 -> 3.7.11
* clutter-1.0 1.26.2 -> 1.26.4
* cmake 3.16.5 -> 3.18.2
* cogl-1.0 1.22.4 -> 1.22.8
* connman 1.37 -> 1.38
* coreutils 8.31 -> 8.32
* createrepo-c 0.15.7 -> 0.16.0
* cross-localedef-native 2.31+gitX -> 2.32
* cryptodev-linux 1.10 -> 1.11
* cryptodev-module 1.10 -> 1.11
* cryptodev-tests 1.10 -> 1.11
* cups 2.3.1 -> 2.3.3
* curl 7.69.1 -> 7.72.0
* dbus 1.12.16 -> 1.12.20
* dbus-test 1.12.16 -> 1.12.20
* debianutils 4.9.1 -> 4.11.1
* desktop-file-utils 0.24 -> 0.26
* diffoscope 136 -> 160
* dnf 4.2.2 -> 4.2.23
* dpkg 1.19.7 -> 1.20.5
* dropbear 2019.78 -> 2020.80
* e2fsprogs 1.45.4 -> 1.45.6
* ed 1.15 -> 1.16
* elfutils 0.178 -> 0.180
* enchant2 2.2.8 -> 2.2.9
* epiphany 3.34.4 -> 3.36.4
* ethtool 5.4 -> 5.8
* ffmpeg 4.2.2 -> 4.3.1
* file 5.38 -> 5.39
* font-alias 1.0.3 -> 1.0.4
* freetype 2.10.1 -> 2.10.2
* fribidi 1.0.9 -> 1.0.10
* gawk 5.0.1 -> 5.1.0
* gcc 9.3.0 -> 10.2.0
* gcr 3.34.0 -> 3.36.0
* gdb 9.1 -> 9.2
* gdb-cross 9.1 -> 9.2
* gdb-cross-canadian 9.1 -> 9.2
* gettext 0.20.1 -> 0.21
* git 2.24.3 -> 2.28.0
* glib-2.0 2.62.6 -> 2.64.5
* glib-networking 2.62.4 -> 2.64.3
* glibc 2.31+gitX -> 2.32
* gnu-config 20200117+gitX -> 20200831+gitX
* gnu-efi 3.0.11 -> 3.0.12
* gnupg 2.2.20 -> 2.2.23
* go 1.14.7 -> 1.15.2
* gobject-introspection 1.62.0 -> 1.64.1
* gpgme 1.13.1 -> 1.14.0
* gptfdisk 1.0.4 -> 1.0.5
* gsettings-desktop-schemas 3.36.0 -> 3.36.1
* gtk+3 3.24.14 -> 3.24.22
* harfbuzz 2.6.4 -> 2.7.2
* icu 66.1 -> 67.1
* iproute2 5.5.0 -> 5.8.0
* iptables 1.8.4 -> 1.8.5
* iputils s20190709 -> s20200821
* iso-codes 4.4 -> 4.5.0
* iw 5.4 -> 5.8
* jquery 3.4.1 -> 3.5.1
* json-c 0.13.1 -> 0.15
* kbd 2.2.0 -> 2.3.0
* kern-tools-native 0.2+gitX (c66833e1ca...) -> 0.2+gitX (df4390b18a...)
* kmod 26 -> 27
* kmscube git (76bb57d539...) -> git (4660a7dca6...)
* less 551 -> 562
* libarchive 3.4.2 -> 3.4.3
* libcap 2.32 -> 2.43
* libcap-ng 0.7.10 -> 0.7.11
* libcap-ng-python 0.7.10 -> 0.7.11
* libcheck 0.14.0 -> 0.15.2
* libdazzle 3.34.1 -> 3.36.0
* libdnf 0.28.1 -> 0.48.0
* libdrm 2.4.101 -> 2.4.102
* libevdev 1.8.0 -> 1.9.1
* libevent 2.1.11 -> 2.1.12
* libgcc 9.3.0 -> 10.2.0
* libgcc-initial 9.3.0 -> 10.2.0
* libgcrypt 1.8.5 -> 1.8.6
* libgfortran 9.3.0 -> 10.2.0
* libgloss 3.2.0 -> 3.3.0
* libgpg-error 1.37 -> 1.39
* libical 3.0.7 -> 3.0.8
* libinput 1.15.2 -> 1.16.1
* libjpeg-turbo 2.0.4 -> 2.0.5
* libksba 1.3.5 -> 1.4.0
* libmpc 1.1.0 -> 1.2.0
* libnotify 0.7.8 -> 0.7.9
* libnsl2 1.2.0+gitX -> 1.3.0
* libpcre2 10.34 -> 10.35
* libpipeline 1.5.2 -> 1.5.3
* libpsl 0.21.0 -> 0.21.1
* librepo 1.11.2 -> 1.12.1
* libsecret 0.20.1 -> 0.20.3
* libsolv 0.7.10 -> 0.7.14
* libsoup-2.4 2.68.4 -> 2.70.0
* libunwind 1.3.1 -> 1.4.0
* liburcu 0.11.1 -> 0.12.1
* libusb1 1.0.22 -> 1.0.23
* libva 2.6.1 -> 2.8.0
* libva-utils 2.6.0 -> 2.8.0
* libvorbis 1.3.6 -> 1.3.7
* libwpe 1.4.0.1 -> 1.7.1
* libx11 1.6.9 -> 1.6.12
* libxcb 1.13.1 -> 1.14
* libxcrypt 4.4.15 -> 4.4.17
* libxcrypt-compat 4.4.15 -> 4.4.17
* libyaml 0.2.2 -> 0.2.5
* linux-libc-headers 5.4 -> 5.8
* linux-yocto 5.4.69+gitX -> 5.4.69+gitX, 5.8.13+gitX
* linux-yocto-dev 5.6-rc++gitX -> 5.9-rc++gitX
* linux-yocto-rt 5.4.69+gitX -> 5.4.69+gitX, 5.8.13+gitX
* linux-yocto-tiny 5.4.69+gitX -> 5.4.69+gitX, 5.8.13+gitX
* llvm 9.0.1 -> 10.0.1
* logrotate 3.15.1 -> 3.17.0
* ltp 20200120 -> 20200515
* lttng-modules 2.11.6 -> 2.12.2
* lttng-tools 2.11.5 -> 2.12.2
* lttng-ust 2.11.2 -> 2.12.0
* man-db 2.9.0 -> 2.9.3
* man-pages 5.05 -> 5.08
* mc 4.8.23 -> 4.8.25
* mesa 20.0.2 -> 20.1.8
* mesa-gl 20.0.2 -> 20.1.8
* meson 0.53.2 -> 0.55.1
* mpfr 4.0.2 -> 4.1.0
* mpg123 1.25.13 -> 1.26.3
* msmtp 1.8.7 -> 1.8.12
* mtd-utils 2.1.1 -> 2.1.2
* mtools 4.0.23 -> 4.0.24
* musl 1.2.0+gitX -> 1.2.1+gitX
* nasm 2.14.02 -> 2.15.05
* net-tools 1.60-26 -> 1.60-20181103+gitX
* nettle 3.5.1 -> 3.6
* newlib 3.2.0 -> 3.3.0
* nfs-utils 2.4.3 -> 2.5.1
* ninja 1.10.0 -> 1.10.1
* opensbi 0.6 -> 0.8
* openssh 8.2p1 -> 8.3p1
* opkg 0.4.2 -> 0.4.3
* opkg-utils 0.4.2 -> 0.4.3
* ovmf edk2-stable201911 -> edk2-stable202005
* p11-kit 0.23.20 -> 0.23.21
* pango 1.44.7 -> 1.46.2
* patchelf 0.10 -> 0.12
* pciutils 3.6.4 -> 3.7.0
* perl 5.30.1 -> 5.32.0
* piglit 1.0+gitrX (6126c2d4e4...) -> 1.0+gitrX (2a6a8f954d...)
* pixman 0.38.4 -> 0.40.0
* pkgconf 1.6.3 -> 1.7.3
* popt 1.16 -> 1.18
* powertop 2.10 -> 2.13
* ppp 2.4.7 -> 2.4.8
* pseudo 1.9.0+gitX (060058bb29...) -> 1.9.0+gitX (cca0d7f15b...)
* ptest-runner 2.3.2+gitX -> 2.4.0+gitX
* puzzles 0.0+gitX (79a5378b5a...) -> 0.0+gitX (9aa7b7cdfb...)
* python3 3.8.2 -> 3.8.5
* python3-git 3.0.5 -> 3.1.7
* python3-gitdb 2.0.6 -> 4.0.5
* python3-magic 0.4.15 -> 0.4.18
* python3-mako 1.1.1 -> 1.1.3
* python3-numpy 1.17.4 -> 1.19.1
* python3-pycairo 1.19.0 -> 1.19.1
* python3-pycryptodome 3.9.7 -> 3.9.8
* python3-pycryptodomex 3.9.7 -> 3.9.8
* python3-pygments 2.5.2 -> 2.6.1
* python3-pygobject 3.34.0 -> 3.36.1
* python3-setuptools 45.2.0 -> 49.6.0
* python3-six 1.14.0 -> 1.15.0
* python3-smmap 2.0.5 -> 3.0.4
* python3-subunit 1.3.0 -> 1.4.0
* python3-testtools 2.3.0 -> 2.4.0
* qemu 4.2.0 -> 5.1.0
* re2c 1.0.1 -> 2.0.3
* resolvconf 1.82 -> 1.83
* rng-tools 6.9 -> 6.10
* rpcsvc-proto 1.4+gitX -> 1.4.2
* rpm 4.14.2.1 -> 4.15.1
* rsync 3.1.3 -> 3.2.3
* shared-mime-info 1.15 -> 2.0
* sqlite3 3.31.1 -> 3.33.0
* strace 5.5 -> 5.8
* stress-ng 0.11.17 -> 0.11.21
* subversion 1.13.0 -> 1.14.0
* sudo 1.8.31 -> 1.9.3
* sysklogd 2.1.1 -> 2.1.2
* sysstat 12.2.1 -> 12.4.0
* systemd 244.3 -> 246.6
* systemd-boot 244.3 -> 246.2
* systemd-conf 244.3 -> 246.1
* systemtap 4.2 -> 4.3
* systemtap-uprobes 4.2 -> 4.3
* sysvinit 2.96 -> 2.97
* tzcode-native 2020a -> 2020b
* tzdata 2020a -> 2020b
* u-boot 2020.01 -> 2020.07
* u-boot-tools 2020.01 -> 2020.07
* util-linux 2.35.1 -> 2.36
* vala 0.46.6 -> 0.48.9
* valgrind 3.15.0 -> 3.16.1
* vte 0.58.3 -> 0.60.3
* vulkan-demos git (6d63dc32c3...) -> git (4818f85916...)
* vulkan-headers 1.1.126.0 -> 1.2.135.0
* vulkan-loader 1.1.126.0 -> 1.2.135.0
* vulkan-tools 1.1.126.0 -> 1.2.135.0
* waffle 1.6.0 -> 1.6.1
* watchdog 5.15 -> 5.16
* webkitgtk 2.28.2 -> 2.28.4
* weston 8.0.0 -> 9.0.0
* wpebackend-fdo 1.4.1 -> 1.7.1
* x264 r2991+gitX -> r3011+gitX
* xcb-proto 1.13 -> 1.14
* xev 1.2.3 -> 1.2.4
* xf86-input-libinput 0.29.0 -> 0.30.0
* xinetd 2.3.15 -> 2.3.15.4
* xkeyboard-config 2.28 -> 2.30
* xorgproto 2019.2 -> 2020.1
* xserver-xorg 1.20.8 -> 1.20.9
* xz 5.2.4 -> 5.2.5


Re: [meta-security][PATCH 1/2] softHSM: add pkg

Armin Kuster
 

On 11/3/20 2:52 PM, Ricardo Salveti wrote:
Hi,

On Sun, Sep 27, 2020 at 7:16 PM akuster <akuster808@gmail.com> wrote:
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
recipes-security/softHSM/softhsm_2.6.1.bb | 30 +++++++++++++++++++++++
1 file changed, 30 insertions(+)
create mode 100644 recipes-security/softHSM/softhsm_2.6.1.bb
Was going over recipes that were duplicated over layers, and this one
is a newer version of a similar recipe that is already in meta-oe
(which is a dependency of this layer).

Should we drop the one from meta-oe or should we just update that one
with the content from this recipe and then remove from meta-security?
No. meta-oe is lower in the stack so I should drop the one in
meta-security and update the one in meta-oe.
I didn't notice the recipe already existed. its all about timing and
effort at this point. we may have time.

thanks for reminding me.

-armin

Thanks,


Re: [meta-security][PATCH 1/2] softHSM: add pkg

Ricardo Salveti
 

Hi,

On Sun, Sep 27, 2020 at 7:16 PM akuster <akuster808@gmail.com> wrote:

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
recipes-security/softHSM/softhsm_2.6.1.bb | 30 +++++++++++++++++++++++
1 file changed, 30 insertions(+)
create mode 100644 recipes-security/softHSM/softhsm_2.6.1.bb
Was going over recipes that were duplicated over layers, and this one
is a newer version of a similar recipe that is already in meta-oe
(which is a dependency of this layer).

Should we drop the one from meta-oe or should we just update that one
with the content from this recipe and then remove from meta-security?

Thanks,
--
Ricardo Salveti


[meta-security][PATCH] samhain: update to 4.4.2

Armin Kuster
 

refresh a few patches too

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
...-avoid-searching-host-for-postgresql.patch | 15 ++---
.../samhain-configure-add-option-for-ps.patch | 66 +++++++++----------
recipes-ids/samhain/samhain.inc | 13 ++--
3 files changed, 42 insertions(+), 52 deletions(-)

diff --git a/recipes-ids/samhain/files/samhain-avoid-searching-host-for-postgresql.patch b/recipes-ids/samhain/files/samhain-avoid-searching-host-for-postgresql.patch
index 6bf67e0..a84229e 100644
--- a/recipes-ids/samhain/files/samhain-avoid-searching-host-for-postgresql.patch
+++ b/recipes-ids/samhain/files/samhain-avoid-searching-host-for-postgresql.patch
@@ -10,11 +10,11 @@ Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
configure.ac | 101 +++--------------------------------------------------------
1 file changed, 5 insertions(+), 96 deletions(-)

-diff --git a/configure.ac b/configure.ac
-index a224c68..f658d53 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -1278,90 +1278,11 @@ AC_ARG_WITH(database,
+Index: samhain-4.4.2/configure.ac
+===================================================================
+--- samhain-4.4.2.orig/configure.ac
++++ samhain-4.4.2/configure.ac
+@@ -1290,90 +1290,11 @@ AC_ARG_WITH(database,
AC_DEFINE(WITH_POSTGRES)
AC_DEFINE(WITH_DATABASE)
#
@@ -110,7 +110,7 @@ index a224c68..f658d53 100644
LIBS="$LIBS -L${PGSQL_LIB_DIR} -lpq -lm"
if test x"$enable_static" = xyes; then
LIBS="$LIBS -L${PGSQL_LIB_DIR} -lpq -lcrypt -lm"
-@@ -1370,18 +1291,6 @@ AC_ARG_WITH(database,
+@@ -1382,18 +1303,6 @@ AC_ARG_WITH(database,
fi
# CFLAGS="$CFLAGS -I${PGSQL_INC_DIR}"
CPPFLAGS="$CPPFLAGS -I${PGSQL_INC_DIR}"
@@ -129,6 +129,3 @@ index a224c68..f658d53 100644
fi
elif test "x${withval}" = "xodbc"; then
AC_MSG_CHECKING(for odbc in /usr /usr/local ODBC_HOME)
---
-2.11.0
-
diff --git a/recipes-ids/samhain/files/samhain-configure-add-option-for-ps.patch b/recipes-ids/samhain/files/samhain-configure-add-option-for-ps.patch
index 8de0735..7e7f86e 100644
--- a/recipes-ids/samhain/files/samhain-configure-add-option-for-ps.patch
+++ b/recipes-ids/samhain/files/samhain-configure-add-option-for-ps.patch
@@ -14,29 +14,14 @@ to avoid host contamination.
Upstream-Status: Inappropriate [cross compile specific]

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
----
- aclocal.m4 | 2 +-
- configure.ac | 60 ++++++++++--------------------------------------------------
- 2 files changed, 11 insertions(+), 51 deletions(-)
+[AK: refactored for 4.4.3]
+Signed-off-by: Armin Kuster <akuster808@gmail.com>

-diff --git a/aclocal.m4 b/aclocal.m4
-index a2e59a6..cd20a2f 100644
---- a/aclocal.m4
-+++ b/aclocal.m4
-@@ -409,7 +409,7 @@ x_includes=NONE
- x_libraries=NONE
- DESTDIR=
- SH_ENABLE_OPTS="selinux posix-acl asm ssp db-reload xml-log message-queue login-watch process-check port-check mounts-check logfile-monitor userfiles debug ptrace static network udp nocl stealth micro-stealth install-name identity khide suidcheck base largefile mail external-scripts encrypt srp dnmalloc ipv6 shellexpand suid"
--SH_WITH_OPTS="prelude libprelude-prefix database libwrap cflags libs console altconsole timeserver alttimeserver rnd egd-socket port logserver altlogserver kcheck gpg keyid checksum fp recipient sender trusted tmp-dir config-file log-file pid-file state-dir data-file html-file"
-+SH_WITH_OPTS="prelude libprelude-prefix database libwrap cflags libs console altconsole timeserver alttimeserver rnd egd-socket port logserver altlogserver kcheck gpg keyid checksum fp recipient sender trusted tmp-dir config-file log-file pid-file state-dir data-file html-file ps-path"
-
- # Installation directory options.
- # These are left unexpanded so users can "make install exec_prefix=/foo"
-diff --git a/configure.ac b/configure.ac
-index 5910b1f..8c3e087 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -730,56 +730,16 @@ then
+Index: samhain-4.4.2/configure.ac
+===================================================================
+--- samhain-4.4.2.orig/configure.ac
++++ samhain-4.4.2/configure.ac
+@@ -743,56 +743,16 @@ then
fi
AC_CHECK_HEADERS(gmp.h)

@@ -55,7 +40,16 @@ index 5910b1f..8c3e087 100644
- AC_MSG_ERROR([Cannot find ps in any of /usr/ucb /bin /usr/bin])
-fi
-AC_DEFINE_UNQUOTED([PSPATH], _("$PS"), [Path to ps])
--
++AC_ARG_WITH(ps-path,
++ [ --with-ps-path=PATH set path to ps command ],
++ [
++ if test "x${withval}" != xno; then
++ pspath="${withval}"
++ AC_DEFINE_UNQUOTED([PSPATH], _("${pspath}"), [Path to ps])
++ AC_DEFINE_UNQUOTED([PSARG], _("ax"), [Argument for ps])
++ fi
++ ])
+
-AC_MSG_CHECKING([how to use ps])
-$PS ax >/dev/null 2>&1
-if test $? -eq 0; then
@@ -90,19 +84,19 @@ index 5910b1f..8c3e087 100644
- PSARG="-e"
-fi
-AC_DEFINE_UNQUOTED([PSARG], _("$PSARG"), [Argument for ps])
-+AC_ARG_WITH(ps-path,
-+ [ --with-ps-path=PATH set path to ps command ],
-+ [
-+ if test "x${withval}" != xno; then
-+ pspath="${withval}"
-+ AC_DEFINE_UNQUOTED([PSPATH], _("${pspath}"), [Path to ps])
-+ AC_DEFINE_UNQUOTED([PSARG], _("ax"), [Argument for ps])
-+ fi
-+ ])
-+
AC_MSG_RESULT([$PS $PSARG])

dnl *****************************************
---
-1.9.1
-
+Index: samhain-4.4.2/aclocal.m4
+===================================================================
+--- samhain-4.4.2.orig/aclocal.m4
++++ samhain-4.4.2/aclocal.m4
+@@ -409,7 +409,7 @@ x_includes=NONE
+ x_libraries=NONE
+ DESTDIR=
+ SH_ENABLE_OPTS="selinux posix-acl asm ssp db-reload xml-log message-queue login-watch process-check port-check mounts-check logfile-monitor userfiles debug ptrace static network udp nocl stealth micro-stealth install-name identity khide suidcheck base largefile mail external-scripts encrypt srp dnmalloc ipv6 shellexpand suid"
+-SH_WITH_OPTS="prelude libprelude-prefix database libwrap cflags libs console altconsole timeserver alttimeserver rnd egd-socket port logserver altlogserver signify pubkey-checksum gpg keyid checksum fp recipient sender trusted tmp-dir config-file log-file pid-file state-dir data-file html-file"
++SH_WITH_OPTS="prelude libprelude-prefix database libwrap cflags libs console altconsole timeserver alttimeserver rnd egd-socket port logserver altlogserver kcheck gpg keyid checksum fp recipient sender trusted tmp-dir config-file log-file pid-file state-dir data-file html-file ps-path"
+
+ # Installation directory options.
+ # These are left unexpanded so users can "make install exec_prefix=/foo"
diff --git a/recipes-ids/samhain/samhain.inc b/recipes-ids/samhain/samhain.inc
index b867bbc..3b4aab9 100644
--- a/recipes-ids/samhain/samhain.inc
+++ b/recipes-ids/samhain/samhain.inc
@@ -3,9 +3,12 @@ HOMEPAGE = "http://www.la-samhna.de/samhain/"
LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://LICENSE;md5=8ca43cbc842c2336e835926c2166c28b"

-PV = "4.3.3"
+PV = "4.4.2"

-SRC_URI = "http://la-samhna.de/archive/samhain_signed-${PV}.tar.gz \
+SRC_URI = "https://la-samhna.de/archive/samhain_signed-${PV}.tar.gz \
+ file://${INITSCRIPT_NAME}.init \
+ file://${INITSCRIPT_NAME}.default \
+ file://samhain.service \
file://samhain-mips64-aarch64-dnmalloc-hash-fix.patch \
file://samhain-samhainrc.patch \
file://samhain-samhainrc-fix-files-dirs-path.patch \
@@ -15,13 +18,9 @@ SRC_URI = "http://la-samhna.de/archive/samhain_signed-${PV}.tar.gz \
file://samhain-avoid-searching-host-for-postgresql.patch \
file://samhain-add-LDFLAGS-variable-for-samhain_setpwd.patch \
file://fix-build-with-new-version-attr.patch \
- file://${INITSCRIPT_NAME}.init \
- file://${INITSCRIPT_NAME}.default \
- file://samhain.service \
"

-SRC_URI[md5sum] = "7be46ae7d03f53ba21afafd41cff8926"
-SRC_URI[sha256sum] = "33ad4bc3dad4699694553bd9635a6b5827939f965d1f0f05fce0b4e9cdadf21b"
+SRC_URI[sha256sum] = "2bb2750b32646be32517d0b2259402559c72b96979800f6c33774fcdea327fff"

UPSTREAM_CHECK_URI = "https://www.la-samhna.de/samhain/archive.html"
UPSTREAM_CHECK_REGEX = "samhain_signed-(?P<pver>(\d+(\.\d+)+))\.tar"
--
2.17.1


Re: #yocto -zeus #yocto

Monsees, Steven C (US)
 


Thanks, that was my issue... did not read it carefully enough.
Keep in mind zeus is totally different from rock... running down multiple issues, sorry, I appreciate the your time/help, thanks again...

Anything else in that patch valid for potential issues in zeus 3.0.4 ?


Re: #yocto -zeus #yocto

Martin Jansa
 

> I was use using https... that is a typo, sorry...

Then fix your typo and it will work, but I think you didn't read what I wrote carefully enough, see the url in the log you pasted:

You were supposed to change only protocol parameter as it was done in:
https://git.openembedded.org/openembedded-core/commit/?h=c4301758f5a1560965ca5fb69eb1492adf351ed0

not the name of the bitbake fetcher to use (from 'gitsm://' to 'https://')

On Tue, Nov 3, 2020 at 4:46 PM Monsees, Steven C (US) via lists.yoctoproject.org <steven.monsees=baesystems.com@...> wrote:
I was use using https... that is a typo, sorry...

The error is as I describe using https... Note I do not appear to have any other issues downloading packages.
I believe this might be the first time "gitsm" is used in build. Are their any known issues under zeus ?, Might I need to tweak the build env ?

Not sure how to proceed, zeus 3.0.4 is what I amusing... are there any know env dependencies here ?



Yocto Project Status WW44'20

Stephen Jolley
 

Current Dev Position: YP 3.3 M1 development

Next Deadline: 7th December 2020 YP 3.3 M1 build

 

Next Team Meetings:

 

Key Status/Updates:

  • YP 3.2 rc2 is out of QA, approved by the TSC and should be released imminently.
  • Happy 10th Anniversary Yocto Project! Jefro presented a video to celebrate at ELC-E which is available here: https://www.youtube.com/watch?v=nnhD5CRmfOw

He is collecting more video clips, quotes and photos to put on a page on the website so please send them over to him, it was great to see people past and present from the project.

  • The Yocto Project Summit was a success, thanks to everyone who helped organise or participated.
  • Unfortunately, intermittent autobuilder issues continue to occur. You can see the list of failures we’re continuing to see by searching for the “AB-INT” tag in bugzilla: https://bugzilla.yoctoproject.org/buglist.cgi?quicksearch=AB-INT
  • A YP 3.3 planning document has been created for ideas about what may happen in the YP 3.3 release (assuming there are people to work on the items):

https://docs.google.com/document/d/1IHiE0NU0XspDocgxZeLQ_W7o-yr0nVeBjbqImQUtH5A/edit Request edit/suggest access if you want to add to it.

  • YP 3.3 dates for builds, milestones and release have been added below.
  • Development for 3.3 has started and various queued recipe upgrades and other changes have merged to master.

 

Ways to contribute:

 

YP 3.2 Milestone Dates:

  • YP 3.2 M4 should release soon.

 

YP 3.3 Milestone Dates:

  • YP 3.3 M1 build date 2020/12/07
  • YP 3.3 M1 Release date 2020/12/18
  • YP 3.3 M2 build date 2021/01/18
  • YP 3.3 M2 Release date 2021/01/29
  • YP 3.3 M3 build date 2021/03/01
  • YP 3.3 M3 Release date 2021/03/12
  • YP 3.3 M4 build date 2021/04/05
  • YP 3.3 M4 Release date 2021/04/30

 

Planned upcoming dot releases:

  • YP 3.1.4 build date 2020/11/2
  • YP 3.1.4 release date 2020/11/13
  • YP 3.2.1 build date 2020/11/16
  • YP 3.2.1 release date 2020/12/4
  • YP 3.1.5 build date 2021/01/11
  • YP 3.1.5 release date 2021/01/22
  • YP 3.2.2 build date 2021/02/08
  • YP 3.2.2 release date 2021/02/19
  • YP 3.1.6 build date 2021/02/22
  • YP 3.1.6 release date 2021/03/05
  • YP 3.1.7 build date 2021/03/22
  • YP 3.1.7 release date 2021/04/02

 

Tracking Metrics:

 

The Yocto Project’s technical governance is through its Technical Steering Committee, more information is available at:

https://wiki.yoctoproject.org/wiki/TSC

 

The Status reports are now stored on the wiki at: https://wiki.yoctoproject.org/wiki/Weekly_Status

 

[If anyone has suggestions for other information you’d like to see on this weekly status update, let us know!]

 

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 

2621 - 2640 of 53871