Date   

Current high bug count owners for Yocto Project 3.3

Stephen Jolley
 

All,

Below is the list as of top 40 bug owners as of the end of WW13 of who have open medium or higher bugs and enhancements against YP 3.3.   There are 23 possible work days left until the final release candidates for YP 3.3 needs to be released.

Who

Count

ross@...

17

bluelightning@...

14

richard.purdie@...

9

mark.morton@...

7

JPEWhacker@...

7

akuster808@...

5

raj.khem@...

4

chee.yang.lee@...

4

idadelm@...

3

Qi.Chen@...

3

timothy.t.orling@...

3

trevor.gamblin@...

3

mostthingsweb@...

3

matthewzmd@...

2

limon.anibal@...

2

randy.macleod@...

2

ydirson@...

2

jeanmarie.lemetayer@...

2

sakib.sajal@...

2

nicolas.dechesne@...

2

alejandro@...

2

jaewon@...

2

yoctoproject@...

1

mhalstead@...

1

bruce.ashfield@...

1

twoerner@...

1

mister_rs@...

1

pokylinux@...

1

open.source@...

1

devendra.tewari@...

1

dorindabassey@...

1

mark.hatle@...

1

stacygaikovaia@...

1

hongxu.jia@...

1

yifan.yu@...

1

matt.ranostay@...

1

john.kaldas.enpj@...

1

aehs29@...

1

kergoth@...

1

mshah@...

1

Grand Total

118

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 


Yocto Project Newcomer & Unassigned Bugs - Help Needed

Stephen Jolley
 

All,

 

The triage team is starting to try and collect up and classify bugs which a newcomer to the project would be able to work on in a way which means people can find them. They're being listed on the triage page under the appropriate heading:

https://wiki.yoctoproject.org/wiki/Bug_Triage#Newcomer_Bugs  Also please review: https://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded and how to create a bugzilla account at: https://bugzilla.yoctoproject.org/createaccount.cgi

The idea is these bugs should be straight forward for a person to help work on who doesn't have deep experience with the project.  If anyone can help, please take ownership of the bug and send patches!  If anyone needs help/advice there are people on irc who can likely do so, or some of the more experienced contributors will likely be happy to help too.

 

Also, the triage team meets weekly and does its best to handle the bugs reported into the Bugzilla. The number of people attending that meeting has fallen, as have the number of people available to help fix bugs. One of the things we hear users report is they don't know how to help. We (the triage team) are therefore going to start reporting out the currently 362 unassigned or newcomer bugs.

 

We're hoping people may be able to spare some time now and again to help out with these.  Bugs are split into two types, "true bugs" where things don't work as they should and "enhancements" which are features we'd want to add to the system.  There are also roughly four different "priority" classes right now, “3.2”, “3.3, "3.99" and "Future", the more pressing/urgent issues being in "3.2" and then “3.3”.

 

Please review this link and if a bug is something you would be able to help with either take ownership of the bug, or send me (sjolley.yp.pm@...) an e-mail with the bug number you would like and I will assign it to you (please make sure you have a Bugzilla account).  The list is at: https://wiki.yoctoproject.org/wiki/Bug_Triage_Archive#Unassigned_or_Newcomer_Bugs

 

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 


[ANNOUNCEMENT]Milestone 3 for Yocto Project 3.3 (yocto-3.3_M3) now available

Vineela
 

Hello,

We are pleased to announce the third milestone release for Yocto Project 3.3 (yocto-3.3_M3) is now available for download.

Download:

http://downloads.yoctoproject.org/releases/yocto/milestones/yocto-3.3_M3

bitbake: ed8e1fd4cf9d5ac8a8203638add99d686b4b3521
meta-arm: ac1dc0b894642101a80235a920bdc3bbe6d74558
meta-gplv2: 9e119f333cc8f53bd3cf64326f826dbc6ce3db0f
meta-intel: 6fea44c695730129df8bd744b0e22ccd62a725c2
meta-kernel: 29329d7cacc71595cecfdd05a455a0cfb164564d
meta-mingw: 422b96cb2b6116442be1f40dfb5bd77447d1219e
oecore: 7ae12e4278e98c5b916a1067ae0b48c2da6e82cd
poky: ea455ca8671d3bc2a1097989bfaabe92f3ca37ab

Full Test Report:

http://downloads.yoctoproject.org/releases/yocto/milestones/yocto-3.3_M3/testreport.txt

Thank you.

Vineela Tummalapalli,
Yocto Project Build and Release
vineela.tummalapalli@intel.com


Re: Naming images

Quentin Schulz
 

Hi Damien,

On Mon, Mar 29, 2021 at 03:33:09PM +0300, Damien LEFEVRE wrote:
Hi,

In my build system the generated images are in this format:

imagename-machine-timestamp.img

For release builds, I'd like to replace the time stamp with the image
version. I could rename the image after the build but is there a better way?
IMAGE_NAME variable is the one specifying the name which should be used
for the final image. c.f. https://docs.yoctoproject.org/ref-manual/variables.html#term-IMAGE_NAME

By default, its value is "${IMAGE_BASENAME}-${MACHINE}${IMAGE_VERSION_SUFFIX}"

IMAGE_VERSION_SUFFIX is by default set to "-${DATETIME}" as documented
here: https://docs.yoctoproject.org/ref-manual/variables.html#term-IMAGE_VERSION_SUFFIX

Therefore to put the image version, you just need to change
IMAGE_VERSION_SUFFIX to what you want it to contain.

Cheers,
Quentin


Re: Package indexes for package feeds, ipk and rpm

Ross Burton
 

That's just how RPM and opkg work, Yocto can't control or alter that.

Ross

On Mon, 29 Mar 2021 at 10:36, keydi <krzysztof.dudziak@thalesgroup.com> wrote:

Regarding package feed packages index I learned one difference between rpm and ipk.
For ipk plain-text files named Packages are generated and placed to architecture-subdirectories in tmp/deploy/ipk tree.
For rpm I see just one file named Packages, it is a binary file yet located in one image arch-subdir within tmp/deploy/rpm tree.

Is this difference the result how Poky/OE handles both
or rather coming already from package management systems?

I wonder also how could the chances be to have Packages files in RPM in same form
as for IPK - plain-text yet provided for each architecture build artifacts sub-tree?



Naming images

Damien LEFEVRE
 

Hi,

In my build system the generated images are in this format:

imagename-machine-timestamp.img

For release builds, I'd like to replace the time stamp with the image version. I could rename the image after the build but is there a better way?

I found a BUILDNAME variable but it has no effect.

Also should the timestamp written in /etc/version match the one from the image name?

For some reason for me it doesn't. /etc/version is 20180309123456 while the one from the image name is 20210329064542.

-Damien


[meta-zephyr][PATCH 1/1] zephyr-kernel-src.inc: Support samples from external layers

Andrei Gherzan
 

From: Andrei Gherzan <andrei.gherzan@huawei.com>

The inc file references patch(es) local to the inc file. Including this
file from another recipe as part of an external layer, will make bitbake
fail finding the files referenced in zephyr-kernel-src.inc's SRC_URI.

By including an explicit path to the files directory in FILESEXTRAPATHS,
we make sure that any recipe including this inc file will inherit the
needed path.

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
---
recipes-kernel/zephyr-kernel/zephyr-kernel-src.inc | 5 +++++
1 file changed, 5 insertions(+)

diff --git a/recipes-kernel/zephyr-kernel/zephyr-kernel-src.inc b/recipes-kernel/zephyr-kernel/zephyr-kernel-src.inc
index 39cbc10..8c987bb 100644
--- a/recipes-kernel/zephyr-kernel/zephyr-kernel-src.inc
+++ b/recipes-kernel/zephyr-kernel/zephyr-kernel-src.inc
@@ -7,6 +7,11 @@ include zephyr-kernel-src-${PREFERRED_VERSION_zephyr-kernel}.inc

inherit cmake

+# This file might be included from other places (like other layers) and not
+# having an explicit path to the patches directory, will make bitbake fail to
+# find the patch(es) in SRC_URI.
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+
SRC_URI = "\
git://github.com/zephyrproject-rtos/zephyr.git;protocol=https;branch=master;name=default \
git://github.com/zephyrproject-rtos/cmsis.git;protocol=https;destsuffix=git/modules/cmsis;name=cmsis \
--
2.31.1


Package indexes for package feeds, ipk and rpm

keydi
 

Regarding package feed packages index I learned one difference between rpm and ipk.
For ipk plain-text files named Packages are generated and placed to architecture-subdirectories in tmp/deploy/ipk tree.
For rpm I see just one file named Packages, it is a binary file yet located in one image arch-subdir within tmp/deploy/rpm tree.

Is this difference the result how Poky/OE handles both
or rather coming already from package management systems?

I wonder also how could the chances be to have Packages files in RPM in same form
as for IPK - plain-text yet provided for each architecture build artifacts sub-tree?


Re: To burn 'bitbake package-index' into build process

keydi
 

Thanks for hint.
Which qualities might current implementation output still miss?

I tried to ask in meantime three Yocto books for help
but no clear help got. My search went toward distribution-level meta-data,
this can be however wrong direction as package index is not built for
target system distribution/image.

I get the impression as of time being the only solution
will be to start one small script additionally to main script
to respawn Bitbake environment once again to do bitbake package-index.

Regards
k.d.

-----Original Message-----
From: Ross Burton [mailto:ross@burtonini.com]
Sent: Samstag, 27. März 2021 22:20
To: DUDZIAK Krzysztof <krzysztof.dudziak@thalesgroup.com>
Cc: yocto@lists.yoctoproject.org
Subject: Re: [yocto] To burn 'bitbake package-index' into build process

http://git.yoctoproject.org/cgit/cgit.cgi/poky-contrib/log/?h=ross/index
is close to what you want, but I didn't quite finish it off!

Ross

On Fri, 26 Mar 2021 at 16:45, keydi <krzysztof.dudziak@thalesgroup.com>
wrote:

Should it be feasible to burn execution of 'bitbake package-index'
into distribution/image build process by conducting an adaption of meta-
data ?
I mean high-level script is used to spawn Bitbake environment then start
Bitbake image target.
I am unhappy to mess up high-level script to add that step to build process.
I am unhappy to make detail that level be visible in high-level script.
Rather I prefer to modify meta-data.



Re: [qa-build-notification] QA notification for completed autobuilder build (yocto-3.2.3.rc1)

Sangeeta Jain
 

Hi all,

Intel and WR YP QA is planning for QA execution for YP build yocto-3.2.3.rc1. We are planning to execute following tests for this cycle:

OEQA-manual tests for following module:
1. OE-Core
2. BSP-hw

Runtime auto test for following platforms:
1. MinnowTurbot 32-bit
2. Coffee Lake
3. NUC 7
4. NUC 6
5. Edgerouter
6. Beaglebone

ETA for completion is next Thursday, April 01

Thanks,
Sangeeta

-----Original Message-----
From: qa-build-notification@lists.yoctoproject.org <qa-build-
notification@lists.yoctoproject.org> On Behalf Of Pokybuild User
Sent: Monday, 29 March, 2021 11:49 AM
To: yocto@lists.yoctoproject.org
Cc: qa-build-notification@lists.yoctoproject.org
Subject: [qa-build-notification] QA notification for completed autobuilder build
(yocto-3.2.3.rc1)


A build flagged for QA (yocto-3.2.3.rc1) was completed on the autobuilder and is
available at:


https://autobuilder.yocto.io/pub/releases/yocto-3.2.3.rc1


Build hash information:

bitbake: 5d02c98489d3a5836676b9c3fb3bd0157449db2b
meta-arm: e219ef606e297b98512887c96522d8d8c536bd6b
meta-gplv2: 6e8e969590a22a729db1ff342de57f2fd5d02d43
meta-intel: 76e0a427e58d068d0758fa052d2d1548067cf592
meta-kernel: 29329d7cacc71595cecfdd05a455a0cfb164564d
meta-mingw: 352d8b0aa3c7bbd5060a4cc2ebe7c0e964de4879
oecore: fdae970656cc421c542af9856bc9ae038c61db13
poky: 08665a81dcd41069eed1468f1587abe6b5893471



This is an automated message from the Yocto Project Autobuilder
Git: git://git.yoctoproject.org/yocto-autobuilder2
Email: richard.purdie@linuxfoundation.org







QA notification for completed autobuilder build (yocto-3.2.3.rc1)

Pokybuild User <pokybuild@...>
 

A build flagged for QA (yocto-3.2.3.rc1) was completed on the autobuilder and is available at:


https://autobuilder.yocto.io/pub/releases/yocto-3.2.3.rc1


Build hash information:

bitbake: 5d02c98489d3a5836676b9c3fb3bd0157449db2b
meta-arm: e219ef606e297b98512887c96522d8d8c536bd6b
meta-gplv2: 6e8e969590a22a729db1ff342de57f2fd5d02d43
meta-intel: 76e0a427e58d068d0758fa052d2d1548067cf592
meta-kernel: 29329d7cacc71595cecfdd05a455a0cfb164564d
meta-mingw: 352d8b0aa3c7bbd5060a4cc2ebe7c0e964de4879
oecore: fdae970656cc421c542af9856bc9ae038c61db13
poky: 08665a81dcd41069eed1468f1587abe6b5893471



This is an automated message from the Yocto Project Autobuilder
Git: git://git.yoctoproject.org/yocto-autobuilder2
Email: richard.purdie@linuxfoundation.org


[meta-security][V2][PATCH] clamav: upgrade 104.0

Armin Kuster
 

convert to cmake and general cleanup

include on oe env patch and glibc 2.33 header fixup

if running w/in qemu, need to add qemuparams="-m 2048" to allow
freshclam not to oom

Signed-off-by: Armin Kuster <akuster808@gmail.com>

---
V2]
Bump PV to match what is being d/l
---
.../{clamav_0.101.5.bb => clamav_0.104.0.bb} | 101 +++++++-----------
.../clamav/files/headers_fixup.patch | 58 ++++++++++
.../clamav/files/oe_cmake_fixup.patch | 39 +++++++
3 files changed, 134 insertions(+), 64 deletions(-)
rename recipes-scanners/clamav/{clamav_0.101.5.bb => clamav_0.104.0.bb} (61%)
create mode 100644 recipes-scanners/clamav/files/headers_fixup.patch
create mode 100644 recipes-scanners/clamav/files/oe_cmake_fixup.patch

diff --git a/recipes-scanners/clamav/clamav_0.101.5.bb b/recipes-scanners/clamav/clamav_0.104.0.bb
similarity index 61%
rename from recipes-scanners/clamav/clamav_0.101.5.bb
rename to recipes-scanners/clamav/clamav_0.104.0.bb
index 7dad263..9e50466 100644
--- a/recipes-scanners/clamav/clamav_0.101.5.bb
+++ b/recipes-scanners/clamav/clamav_0.104.0.bb
@@ -4,94 +4,68 @@ HOMEPAGE = "http://www.clamav.net/index.html"
SECTION = "security"
LICENSE = "LGPL-2.1"

-DEPENDS = "libtool db libxml2 openssl zlib curl llvm clamav-native libmspack bison-native"
-DEPENDS_class-native = "db-native openssl-native zlib-native llvm-native curl-native bison-native"
+DEPENDS = "glibc llvm libtool db openssl zlib curl libxml2 bison pcre2 json-c libcheck"

-LIC_FILES_CHKSUM = "file://COPYING.LGPL;beginline=2;endline=3;md5=4b89c05acc71195e9a06edfa2fa7d092"
+LIC_FILES_CHKSUM = "file://COPYING.txt;beginline=2;endline=3;md5=f7029fbbc5898b273d5902896f7bbe17"

-SRCREV = "482fcd413b07e9fd3ef9850e6d01a45f4e187108"
+SRCREV = "5553a5e206ceae5d920368baee7d403f823bcb6f"

-SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=rel/0.101 \
+SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=dev/0.104 \
file://clamd.conf \
file://freshclam.conf \
file://volatiles.03_clamav \
file://tmpfiles.clamav \
file://${BPN}.service \
- file://freshclam-native.conf \
- "
-
+ file://headers_fixup.patch \
+ file://oe_cmake_fixup.patch \
+"
S = "${WORKDIR}/git"

LEAD_SONAME = "libclamav.so"
-SO_VER = "9.0.4"
+SO_VER = "9.6.0"
+
+BINCONFIG = "${bindir}/clamav-config"

-inherit autotools pkgconfig useradd systemd multilib_header multilib_script
+inherit cmake chrpath pkgconfig useradd systemd multilib_header multilib_script

CLAMAV_UID ?= "clamav"
CLAMAV_GID ?= "clamav"
-INSTALL_CLAMAV_CVD ?= "1"
-
-CLAMAV_USR_DIR = "${STAGING_DIR_NATIVE}/usr"
-CLAMAV_USR_DIR_class-target = "${STAGING_DIR_HOST}/usr"
-
-PACKAGECONFIG_class-target ?= "ncurses bz2"
-PACKAGECONFIG_class-target += " ${@bb.utils.contains("DISTRO_FEATURES", "ipv6", "ipv6", "", d)}"
-PACKAGECONFIG_class-target += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)}"
-
-PACKAGECONFIG[pcre] = "--with-pcre=${STAGING_LIBDIR}, --without-pcre, libpcre"
-PACKAGECONFIG[json] = "--with-libjson=${STAGING_LIBDIR}, --without-libjson, json-c,"
-PACKAGECONFIG[ipv6] = "--enable-ipv6, --disable-ipv6"
-PACKAGECONFIG[bz2] = "--with-libbz2-prefix=${CLAMAV_USR_DIR}, --disable-bzip2, bzip2"
-PACKAGECONFIG[ncurses] = "--with-libncurses-prefix=${CLAMAV_USR_DIR}, --without-libncurses-prefix, ncurses, "
-PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_unitdir}/system/, --without-systemdsystemunitdir, "

MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/clamav-config ${PN}-cvd:${localstatedir}/lib/clamav/mirrors.dat"

-EXTRA_OECONF_CLAMAV = "--without-libcheck-prefix --disable-unrar \
- --disable-mempool \
- --program-prefix="" \
- --disable-zlib-vcheck \
- --with-xml=${CLAMAV_USR_DIR} \
- --with-zlib=${CLAMAV_USR_DIR} \
- --with-openssl=${CLAMAV_USR_DIR} \
- --with-libcurl=${CLAMAV_USR_DIR} \
- --with-system-libmspack=${CLAMAV_USR_DIR} \
- --with-iconv=no \
- --enable-check=no \
- "
-
-EXTRA_OECONF_class-native += "${EXTRA_OECONF_CLAMAV}"
-EXTRA_OECONF_class-target += "--with-user=${CLAMAV_UID} --with-group=${CLAMAV_GID} ${EXTRA_OECONF_CLAMAV}"
-
-do_configure () {
- ${S}/configure ${CONFIGUREOPTS} ${EXTRA_OECONF}
-}
+EXTRA_OECMAKE = " -DCMAKE_BUILD_TYPE=Release -DOPTIMIZE=ON -DENABLE_JSON_SHARED=OFF \
+ -DCLAMAV_GROUP=${CLAMAV_GID} -DCLAMAV_USER=${CLAMAV_UID} \
+ -DENABLE_TESTS=OFF -DBUILD_SHARED_LIBS=ON \
+ -DDISABLE_MPOOL=ON -DENABLE_FRESHCLAM_DNS_FIX=ON \
+ "

-do_configure_class-native () {
- ${S}/configure ${CONFIGUREOPTS} ${EXTRA_OECONF}
-}
+PACKAGECONFIG ?= " clamonacc \
+ ${@bb.utils.contains("DISTRO_FEATURES", "systemd", "systemd", "", d)}"

-do_compile_append_class-target() {
- if [ "${INSTALL_CLAMAV_CVD}" = "1" ]; then
- bbnote "CLAMAV creating cvd"
- install -d ${S}/clamav_db
- ${STAGING_BINDIR_NATIVE}/freshclam --datadir=${S}/clamav_db --config=${WORKDIR}/freshclam-native.conf
- fi
-}
+PACKAGECONFIG[milter] = "-DENABLE_MILTER=ON ,-DENABLE_MILTER=OFF, curl, curl"
+PACKAGECONFIG[clamonacc] = "-DENABLE_CLAMONACC=ON ,-DENABLE_CLAMONACC=OFF,"
+PACKAGECONFIG[unrar] = "-DENABLE_UNRAR=ON ,-DENABLE_UNRAR=OFF,"
+PACKAGECONFIG[systemd] = "-DENABLE_SYSTEMD=ON -DSYSTEMD_UNIT_DIR=${systemd_system_unitdir}, -DENABLE_SYSTEMD=OFF, systemd"
+
+export OECMAKE_C_FLAGS += " -I${STAGING_INCDIR} -L ${RECIPE_SYSROOT}${nonarch_libdir} -L${STAGING_LIBDIR} -lpthread"

-do_install_append_class-target () {
+do_install_append () {
install -d ${D}/${sysconfdir}
install -d ${D}/${localstatedir}/lib/clamav
install -d ${D}${sysconfdir}/clamav ${D}${sysconfdir}/default/volatiles

- install -m 644 ${WORKDIR}/clamd.conf ${D}/${sysconfdir}
- install -m 644 ${WORKDIR}/freshclam.conf ${D}/${sysconfdir}
+ install -m 644 ${WORKDIR}/clamd.conf ${D}/${prefix}/${sysconfdir}
+ install -m 644 ${WORKDIR}/freshclam.conf ${D}/${prefix}/${sysconfdir}
install -m 0644 ${WORKDIR}/volatiles.03_clamav ${D}${sysconfdir}/default/volatiles/03_clamav
sed -i -e 's#${STAGING_DIR_HOST}##g' ${D}${libdir}/pkgconfig/libclamav.pc
rm ${D}/${libdir}/libclamav.so
if [ "${INSTALL_CLAMAV_CVD}" = "1" ]; then
install -m 666 ${S}/clamav_db/* ${D}/${localstatedir}/lib/clamav/.
fi
+
+ rm ${D}/${libdir}/libfreshclam.so
+ rm ${D}/${libdir}/libmspack.so
+
if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)};then
install -D -m 0644 ${WORKDIR}/clamav.service ${D}${systemd_unitdir}/system/clamav.service
install -d ${D}${sysconfdir}/tmpfiles.d
@@ -114,10 +88,10 @@ pkg_postinst_ontarget_${PN} () {
PACKAGES = "${PN} ${PN}-dev ${PN}-dbg ${PN}-daemon ${PN}-doc ${PN}-cvd \
${PN}-clamdscan ${PN}-freshclam ${PN}-libclamav ${PN}-staticdev"

-FILES_${PN} = "${bindir}/clambc ${bindir}/clamscan ${bindir}/clamsubmit \
+FILES_${PN} = "${bindir}/clambc ${bindir}/clamscan ${bindir}/clamsubmit ${sbindir}/clamonacc \
${bindir}/*sigtool ${mandir}/man1/clambc* ${mandir}/man1/clamscan* \
${mandir}/man1/sigtool* ${mandir}/man1/clambsubmit* \
- ${docdir}/clamav/* "
+ ${docdir}/clamav/* ${libdir}/libmspack* "

FILES_${PN}-clamdscan = " ${bindir}/clamdscan \
${docdir}/clamdscan/* \
@@ -128,12 +102,14 @@ FILES_${PN}-daemon = "${bindir}/clamconf ${bindir}/clamdtop ${sbindir}/clamd \
${mandir}/man1/clamconf* ${mandir}/man1/clamdtop* \
${mandir}/man5/clamd* ${mandir}/man8/clamd* \
${sysconfdir}/clamd.conf* \
+ /usr/etc/clamd.conf* \
${systemd_unitdir}/system/clamav-daemon/* \
${docdir}/clamav-daemon/* ${sysconfdir}/clamav-daemon \
${sysconfdir}/logcheck/ignore.d.server/clamav-daemon "

FILES_${PN}-freshclam = "${bindir}/freshclam \
${sysconfdir}/freshclam.conf* \
+ /usr/etc/freshclam.conf* \
${sysconfdir}/clamav ${sysconfdir}/default/volatiles \
${sysconfdir}/tmpfiles.d/*.conf \
${localstatedir}/lib/clamav \
@@ -148,8 +124,8 @@ FILES_${PN}-dev = " ${bindir}/clamav-config ${libdir}/*.la \

FILES_${PN}-staticdev = "${libdir}/*.a"

-FILES_${PN}-libclamav = "${libdir}/libclamav.so* ${libdir}/libclammspack.so*\
- ${docdir}/libclamav/* "
+FILES_${PN}-libclamav = "${libdir}/libclamav.so* ${libdir}/libclammspack.so* \
+ ${libdir}/libfreshclam.so* ${docdir}/libclamav/* "

FILES_${PN}-doc = "${mandir}/man/* \
${datadir}/man/* \
@@ -169,6 +145,3 @@ RCONFLICTS_${PN} += "${PN}-systemd"
SYSTEMD_SERVICE_${PN} = "${BPN}.service"

RDEPENDS_${PN} = "openssl ncurses-libncurses libxml2 libbz2 ncurses-libtinfo curl libpcre2 clamav-freshclam clamav-libclamav"
-RDEPENDS_${PN}_class-native = ""
-
-BBCLASSEXTEND = "native"
diff --git a/recipes-scanners/clamav/files/headers_fixup.patch b/recipes-scanners/clamav/files/headers_fixup.patch
new file mode 100644
index 0000000..9de0a26
--- /dev/null
+++ b/recipes-scanners/clamav/files/headers_fixup.patch
@@ -0,0 +1,58 @@
+Fixes checks not needed do to glibc 2.33
+
+Upstream-Status: Pending
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: git/CMakeLists.txt
+===================================================================
+--- git.orig/CMakeLists.txt
++++ git/CMakeLists.txt
+@@ -374,8 +373,6 @@ check_include_file("stdlib.h"
+ check_include_file("string.h" HAVE_STRING_H)
+ check_include_file("strings.h" HAVE_STRINGS_H)
+ check_include_file("sys/cdefs.h" HAVE_SYS_CDEFS_H)
+-check_include_file("sys/dl.h" HAVE_SYS_DL_H)
+-check_include_file("sys/fileio.h" HAVE_SYS_FILIO_H)
+ check_include_file("sys/mman.h" HAVE_SYS_MMAN_H)
+ check_include_file("sys/param.h" HAVE_SYS_PARAM_H)
+ check_include_file("sys/queue.h" HAVE_SYS_QUEUE_H)
+@@ -410,8 +407,6 @@ endif()
+
+ # int-types variants
+ check_include_file("inttypes.h" HAVE_INTTYPES_H)
+-check_include_file("sys/inttypes.h" HAVE_SYS_INTTYPES_H)
+-check_include_file("sys/int_types.h" HAVE_SYS_INT_TYPES_H)
+ check_include_file("stdint.h" HAVE_STDINT_H)
+
+ # this hack required to silence warnings on systems with inttypes.h
+@@ -539,17 +528,11 @@ check_type_size("time_t" SIZEOF_TIME_T)
+ # Checks for library functions.
+ include(CheckSymbolExists)
+ check_symbol_exists(_Exit "stdlib.h" HAVE__EXIT)
+-check_symbol_exists(accept4 "sys/types.h" HAVE_ACCEPT4)
+ check_symbol_exists(snprintf "stdio.h" HAVE_SNPRINTF)
+-check_symbol_exists(stat64 "sys/stat.h" HAVE_STAT64)
+-check_symbol_exists(strcasestr "string.h" HAVE_STRCASESTR)
+ check_symbol_exists(strerror_r "string.h" HAVE_STRERROR_R)
+-check_symbol_exists(strlcat "string.h" HAVE_STRLCAT)
+-check_symbol_exists(strlcpy "string.h" HAVE_STRLCPY)
+ check_symbol_exists(strndup "string.h" HAVE_STRNDUP)
+ check_symbol_exists(strnlen "string.h" HAVE_STRNLEN)
+-check_symbol_exists(strnstr "string.h" HAVE_STRNSTR)
+-check_symbol_exists(sysctlbyname "sysctl.h" HAVE_SYSCTLBYNAME)
++check_symbol_exists(strcasecmp "string.h" HAVE_STRNCMP)
+ check_symbol_exists(timegm "time.h" HAVE_TIMEGM)
+ check_symbol_exists(vsnprintf "stdio.h" HAVE_VSNPRINTF)
+
+@@ -563,10 +546,9 @@ else()
+ check_symbol_exists(fseeko "stdio.h" HAVE_FSEEKO)
+ check_symbol_exists(getaddrinfo "netdb.h" HAVE_GETADDRINFO)
+ check_symbol_exists(getpagesize "unistd.h" HAVE_GETPAGESIZE)
+- check_symbol_exists(mkstemp "unistd.h" HAVE_MKSTEMP)
+ check_symbol_exists(poll "poll.h" HAVE_POLL)
+- check_symbol_exists(setgroups "unistd.h" HAVE_SETGROUPS)
+ check_symbol_exists(setsid "unistd.h" HAVE_SETSID)
++ set(HAVE_SYSCONF_SC_PAGESIZE 1)
+ endif()
+
+ include(CheckSymbolExists)
diff --git a/recipes-scanners/clamav/files/oe_cmake_fixup.patch b/recipes-scanners/clamav/files/oe_cmake_fixup.patch
new file mode 100644
index 0000000..b284915
--- /dev/null
+++ b/recipes-scanners/clamav/files/oe_cmake_fixup.patch
@@ -0,0 +1,39 @@
+Issue with rpath including /usr/lib and crosscompile checkes causing oe configure to fail
+
+Use oe's cmake rpath framework and exclude some of the cmake checks that fail in our env
+
+Upstream-Status: Inappropriate [configuration]
+Singed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: git/CMakeLists.txt
+===================================================================
+--- git.orig/CMakeLists.txt
++++ git/CMakeLists.txt
+@@ -162,12 +162,6 @@ endif()
+
+ include(GNUInstallDirs)
+
+-if(CMAKE_INSTALL_FULL_LIBDIR)
+- set(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_FULL_LIBDIR}")
+-else()
+- set(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_PREFIX}/lib")
+-endif()
+-
+ if(C_LINUX)
+ if(CMAKE_COMPILER_IS_GNUCXX)
+ # Set _GNU_SOURCE for O_LARGEFILE, O_CLOEXEC, O_DIRECTORY, O_NOFOLLOW, etc flags on older systems
+@@ -512,14 +506,8 @@ include(TestInline)
+ include(CheckFileOffsetBits)
+ # Determine how to pack structs on this platform.
+ include(CheckStructPacking)
+-# Check for signed right shift implementation.
+-include(CheckSignedRightShift)
+ # Check if systtem fts implementation available
+ include(CheckFTS)
+-# Check if uname(2) follows POSIX standard.
+-include(CheckUnamePosix)
+-# Check support for file descriptor passing
+-include(CheckFDPassing)
+
+ # Check if big-endian
+ include(TestBigEndian)
--
2.17.1


Re: [meta-security][PATCH] clamav: upgrade 103.0

Armin Kuster
 

On 3/27/21 2:12 PM, Quentin Schulz wrote:
Hi Armin,

On March 27, 2021 7:04:53 PM UTC, akuster <akuster808@gmail.com> wrote:
convert to cmake and general cleanup

include on oe env patch and glibc 2.33 header fixup

if running w/in qemu, need to add qemuparams="-m 2048" to allow
freshclam not to oom

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../{clamav_0.101.5.bb => clamav_0.103.0.bb} | 101 +++++++-----------
.../clamav/files/headers_fixup.patch | 58 ++++++++++
.../clamav/files/oe_cmake_fixup.patch | 39 +++++++
3 files changed, 134 insertions(+), 64 deletions(-)
rename recipes-scanners/clamav/{clamav_0.101.5.bb => clamav_0.103.0.bb} (61%)
create mode 100644 recipes-scanners/clamav/files/headers_fixup.patch
create mode 100644 recipes-scanners/clamav/files/oe_cmake_fixup.patch

diff --git a/recipes-scanners/clamav/clamav_0.101.5.bb b/recipes-scanners/clamav/clamav_0.103.0.bb
similarity index 61%
rename from recipes-scanners/clamav/clamav_0.101.5.bb
rename to recipes-scanners/clamav/clamav_0.103.0.bb
index 7dad263..9e50466 100644
--- a/recipes-scanners/clamav/clamav_0.101.5.bb
+++ b/recipes-scanners/clamav/clamav_0.103.0.bb
@@ -4,94 +4,68 @@ HOMEPAGE = "http://www.clamav.net/index.html"
SECTION = "security"
LICENSE = "LGPL-2.1"

-DEPENDS = "libtool db libxml2 openssl zlib curl llvm clamav-native libmspack bison-native"
-DEPENDS_class-native = "db-native openssl-native zlib-native llvm-native curl-native bison-native"
+DEPENDS = "glibc llvm libtool db openssl zlib curl libxml2 bison pcre2 json-c libcheck"

-LIC_FILES_CHKSUM = "file://COPYING.LGPL;beginline=2;endline=3;md5=4b89c05acc71195e9a06edfa2fa7d092"
+LIC_FILES_CHKSUM = "file://COPYING.txt;beginline=2;endline=3;md5=f7029fbbc5898b273d5902896f7bbe17"

-SRCREV = "482fcd413b07e9fd3ef9850e6d01a45f4e187108"
+SRCREV = "5553a5e206ceae5d920368baee7d403f823bcb6f"

-SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=rel/0.101 \
+SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=dev/0.104 \
Are you sure it's not dev/0.103 here? Also, there seems to be a 0.103.1 branch available already. I don't really know which version you're targeting. I would say it makes sense to have this branch aligned with the filename of the recipe.
Right.. I should change the PV of the recipe.  Ill send v2

thanks for the feedback.

-armin

Cheers,
Quentin

file://clamd.conf \
file://freshclam.conf \
file://volatiles.03_clamav \
file://tmpfiles.clamav \
file://${BPN}.service \
- file://freshclam-native.conf \
- "
-
+ file://headers_fixup.patch \
+ file://oe_cmake_fixup.patch \
+"
S = "${WORKDIR}/git"

LEAD_SONAME = "libclamav.so"
-SO_VER = "9.0.4"
+SO_VER = "9.6.0"
+
+BINCONFIG = "${bindir}/clamav-config"

-inherit autotools pkgconfig useradd systemd multilib_header multilib_script
+inherit cmake chrpath pkgconfig useradd systemd multilib_header multilib_script

CLAMAV_UID ?= "clamav"
CLAMAV_GID ?= "clamav"
-INSTALL_CLAMAV_CVD ?= "1"
-
-CLAMAV_USR_DIR = "${STAGING_DIR_NATIVE}/usr"
-CLAMAV_USR_DIR_class-target = "${STAGING_DIR_HOST}/usr"
-
-PACKAGECONFIG_class-target ?= "ncurses bz2"
-PACKAGECONFIG_class-target += " ${@bb.utils.contains("DISTRO_FEATURES", "ipv6", "ipv6", "", d)}"
-PACKAGECONFIG_class-target += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)}"
-
-PACKAGECONFIG[pcre] = "--with-pcre=${STAGING_LIBDIR}, --without-pcre, libpcre"
-PACKAGECONFIG[json] = "--with-libjson=${STAGING_LIBDIR}, --without-libjson, json-c,"
-PACKAGECONFIG[ipv6] = "--enable-ipv6, --disable-ipv6"
-PACKAGECONFIG[bz2] = "--with-libbz2-prefix=${CLAMAV_USR_DIR}, --disable-bzip2, bzip2"
-PACKAGECONFIG[ncurses] = "--with-libncurses-prefix=${CLAMAV_USR_DIR}, --without-libncurses-prefix, ncurses, "
-PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_unitdir}/system/, --without-systemdsystemunitdir, "

MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/clamav-config ${PN}-cvd:${localstatedir}/lib/clamav/mirrors.dat"

-EXTRA_OECONF_CLAMAV = "--without-libcheck-prefix --disable-unrar \
- --disable-mempool \
- --program-prefix="" \
- --disable-zlib-vcheck \
- --with-xml=${CLAMAV_USR_DIR} \
- --with-zlib=${CLAMAV_USR_DIR} \
- --with-openssl=${CLAMAV_USR_DIR} \
- --with-libcurl=${CLAMAV_USR_DIR} \
- --with-system-libmspack=${CLAMAV_USR_DIR} \
- --with-iconv=no \
- --enable-check=no \
- "
-
-EXTRA_OECONF_class-native += "${EXTRA_OECONF_CLAMAV}"
-EXTRA_OECONF_class-target += "--with-user=${CLAMAV_UID} --with-group=${CLAMAV_GID} ${EXTRA_OECONF_CLAMAV}"
-
-do_configure () {
- ${S}/configure ${CONFIGUREOPTS} ${EXTRA_OECONF}
-}
+EXTRA_OECMAKE = " -DCMAKE_BUILD_TYPE=Release -DOPTIMIZE=ON -DENABLE_JSON_SHARED=OFF \
+ -DCLAMAV_GROUP=${CLAMAV_GID} -DCLAMAV_USER=${CLAMAV_UID} \
+ -DENABLE_TESTS=OFF -DBUILD_SHARED_LIBS=ON \
+ -DDISABLE_MPOOL=ON -DENABLE_FRESHCLAM_DNS_FIX=ON \
+ "

-do_configure_class-native () {
- ${S}/configure ${CONFIGUREOPTS} ${EXTRA_OECONF}
-}
+PACKAGECONFIG ?= " clamonacc \
+ ${@bb.utils.contains("DISTRO_FEATURES", "systemd", "systemd", "", d)}"

-do_compile_append_class-target() {
- if [ "${INSTALL_CLAMAV_CVD}" = "1" ]; then
- bbnote "CLAMAV creating cvd"
- install -d ${S}/clamav_db
- ${STAGING_BINDIR_NATIVE}/freshclam --datadir=${S}/clamav_db --config=${WORKDIR}/freshclam-native.conf
- fi
-}
+PACKAGECONFIG[milter] = "-DENABLE_MILTER=ON ,-DENABLE_MILTER=OFF, curl, curl"
+PACKAGECONFIG[clamonacc] = "-DENABLE_CLAMONACC=ON ,-DENABLE_CLAMONACC=OFF,"
+PACKAGECONFIG[unrar] = "-DENABLE_UNRAR=ON ,-DENABLE_UNRAR=OFF,"
+PACKAGECONFIG[systemd] = "-DENABLE_SYSTEMD=ON -DSYSTEMD_UNIT_DIR=${systemd_system_unitdir}, -DENABLE_SYSTEMD=OFF, systemd"
+
+export OECMAKE_C_FLAGS += " -I${STAGING_INCDIR} -L ${RECIPE_SYSROOT}${nonarch_libdir} -L${STAGING_LIBDIR} -lpthread"

-do_install_append_class-target () {
+do_install_append () {
install -d ${D}/${sysconfdir}
install -d ${D}/${localstatedir}/lib/clamav
install -d ${D}${sysconfdir}/clamav ${D}${sysconfdir}/default/volatiles

- install -m 644 ${WORKDIR}/clamd.conf ${D}/${sysconfdir}
- install -m 644 ${WORKDIR}/freshclam.conf ${D}/${sysconfdir}
+ install -m 644 ${WORKDIR}/clamd.conf ${D}/${prefix}/${sysconfdir}
+ install -m 644 ${WORKDIR}/freshclam.conf ${D}/${prefix}/${sysconfdir}
install -m 0644 ${WORKDIR}/volatiles.03_clamav ${D}${sysconfdir}/default/volatiles/03_clamav
sed -i -e 's#${STAGING_DIR_HOST}##g' ${D}${libdir}/pkgconfig/libclamav.pc
rm ${D}/${libdir}/libclamav.so
if [ "${INSTALL_CLAMAV_CVD}" = "1" ]; then
install -m 666 ${S}/clamav_db/* ${D}/${localstatedir}/lib/clamav/.
fi
+
+ rm ${D}/${libdir}/libfreshclam.so
+ rm ${D}/${libdir}/libmspack.so
+
if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)};then
install -D -m 0644 ${WORKDIR}/clamav.service ${D}${systemd_unitdir}/system/clamav.service
install -d ${D}${sysconfdir}/tmpfiles.d
@@ -114,10 +88,10 @@ pkg_postinst_ontarget_${PN} () {
PACKAGES = "${PN} ${PN}-dev ${PN}-dbg ${PN}-daemon ${PN}-doc ${PN}-cvd \
${PN}-clamdscan ${PN}-freshclam ${PN}-libclamav ${PN}-staticdev"

-FILES_${PN} = "${bindir}/clambc ${bindir}/clamscan ${bindir}/clamsubmit \
+FILES_${PN} = "${bindir}/clambc ${bindir}/clamscan ${bindir}/clamsubmit ${sbindir}/clamonacc \
${bindir}/*sigtool ${mandir}/man1/clambc* ${mandir}/man1/clamscan* \
${mandir}/man1/sigtool* ${mandir}/man1/clambsubmit* \
- ${docdir}/clamav/* "
+ ${docdir}/clamav/* ${libdir}/libmspack* "

FILES_${PN}-clamdscan = " ${bindir}/clamdscan \
${docdir}/clamdscan/* \
@@ -128,12 +102,14 @@ FILES_${PN}-daemon = "${bindir}/clamconf ${bindir}/clamdtop ${sbindir}/clamd \
${mandir}/man1/clamconf* ${mandir}/man1/clamdtop* \
${mandir}/man5/clamd* ${mandir}/man8/clamd* \
${sysconfdir}/clamd.conf* \
+ /usr/etc/clamd.conf* \
${systemd_unitdir}/system/clamav-daemon/* \
${docdir}/clamav-daemon/* ${sysconfdir}/clamav-daemon \
${sysconfdir}/logcheck/ignore.d.server/clamav-daemon "

FILES_${PN}-freshclam = "${bindir}/freshclam \
${sysconfdir}/freshclam.conf* \
+ /usr/etc/freshclam.conf* \
${sysconfdir}/clamav ${sysconfdir}/default/volatiles \
${sysconfdir}/tmpfiles.d/*.conf \
${localstatedir}/lib/clamav \
@@ -148,8 +124,8 @@ FILES_${PN}-dev = " ${bindir}/clamav-config ${libdir}/*.la \

FILES_${PN}-staticdev = "${libdir}/*.a"

-FILES_${PN}-libclamav = "${libdir}/libclamav.so* ${libdir}/libclammspack.so*\
- ${docdir}/libclamav/* "
+FILES_${PN}-libclamav = "${libdir}/libclamav.so* ${libdir}/libclammspack.so* \
+ ${libdir}/libfreshclam.so* ${docdir}/libclamav/* "

FILES_${PN}-doc = "${mandir}/man/* \
${datadir}/man/* \
@@ -169,6 +145,3 @@ RCONFLICTS_${PN} += "${PN}-systemd"
SYSTEMD_SERVICE_${PN} = "${BPN}.service"

RDEPENDS_${PN} = "openssl ncurses-libncurses libxml2 libbz2 ncurses-libtinfo curl libpcre2 clamav-freshclam clamav-libclamav"
-RDEPENDS_${PN}_class-native = ""
-
-BBCLASSEXTEND = "native"
diff --git a/recipes-scanners/clamav/files/headers_fixup.patch b/recipes-scanners/clamav/files/headers_fixup.patch
new file mode 100644
index 0000000..9de0a26
--- /dev/null
+++ b/recipes-scanners/clamav/files/headers_fixup.patch
@@ -0,0 +1,58 @@
+Fixes checks not needed do to glibc 2.33
+
+Upstream-Status: Pending
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: git/CMakeLists.txt
+===================================================================
+--- git.orig/CMakeLists.txt
++++ git/CMakeLists.txt
+@@ -374,8 +373,6 @@ check_include_file("stdlib.h"
+ check_include_file("string.h" HAVE_STRING_H)
+ check_include_file("strings.h" HAVE_STRINGS_H)
+ check_include_file("sys/cdefs.h" HAVE_SYS_CDEFS_H)
+-check_include_file("sys/dl.h" HAVE_SYS_DL_H)
+-check_include_file("sys/fileio.h" HAVE_SYS_FILIO_H)
+ check_include_file("sys/mman.h" HAVE_SYS_MMAN_H)
+ check_include_file("sys/param.h" HAVE_SYS_PARAM_H)
+ check_include_file("sys/queue.h" HAVE_SYS_QUEUE_H)
+@@ -410,8 +407,6 @@ endif()
+
+ # int-types variants
+ check_include_file("inttypes.h" HAVE_INTTYPES_H)
+-check_include_file("sys/inttypes.h" HAVE_SYS_INTTYPES_H)
+-check_include_file("sys/int_types.h" HAVE_SYS_INT_TYPES_H)
+ check_include_file("stdint.h" HAVE_STDINT_H)
+
+ # this hack required to silence warnings on systems with inttypes.h
+@@ -539,17 +528,11 @@ check_type_size("time_t" SIZEOF_TIME_T)
+ # Checks for library functions.
+ include(CheckSymbolExists)
+ check_symbol_exists(_Exit "stdlib.h" HAVE__EXIT)
+-check_symbol_exists(accept4 "sys/types.h" HAVE_ACCEPT4)
+ check_symbol_exists(snprintf "stdio.h" HAVE_SNPRINTF)
+-check_symbol_exists(stat64 "sys/stat.h" HAVE_STAT64)
+-check_symbol_exists(strcasestr "string.h" HAVE_STRCASESTR)
+ check_symbol_exists(strerror_r "string.h" HAVE_STRERROR_R)
+-check_symbol_exists(strlcat "string.h" HAVE_STRLCAT)
+-check_symbol_exists(strlcpy "string.h" HAVE_STRLCPY)
+ check_symbol_exists(strndup "string.h" HAVE_STRNDUP)
+ check_symbol_exists(strnlen "string.h" HAVE_STRNLEN)
+-check_symbol_exists(strnstr "string.h" HAVE_STRNSTR)
+-check_symbol_exists(sysctlbyname "sysctl.h" HAVE_SYSCTLBYNAME)
++check_symbol_exists(strcasecmp "string.h" HAVE_STRNCMP)
+ check_symbol_exists(timegm "time.h" HAVE_TIMEGM)
+ check_symbol_exists(vsnprintf "stdio.h" HAVE_VSNPRINTF)
+
+@@ -563,10 +546,9 @@ else()
+ check_symbol_exists(fseeko "stdio.h" HAVE_FSEEKO)
+ check_symbol_exists(getaddrinfo "netdb.h" HAVE_GETADDRINFO)
+ check_symbol_exists(getpagesize "unistd.h" HAVE_GETPAGESIZE)
+- check_symbol_exists(mkstemp "unistd.h" HAVE_MKSTEMP)
+ check_symbol_exists(poll "poll.h" HAVE_POLL)
+- check_symbol_exists(setgroups "unistd.h" HAVE_SETGROUPS)
+ check_symbol_exists(setsid "unistd.h" HAVE_SETSID)
++ set(HAVE_SYSCONF_SC_PAGESIZE 1)
+ endif()
+
+ include(CheckSymbolExists)
diff --git a/recipes-scanners/clamav/files/oe_cmake_fixup.patch b/recipes-scanners/clamav/files/oe_cmake_fixup.patch
new file mode 100644
index 0000000..b284915
--- /dev/null
+++ b/recipes-scanners/clamav/files/oe_cmake_fixup.patch
@@ -0,0 +1,39 @@
+Issue with rpath including /usr/lib and crosscompile checkes causing oe configure to fail
+
+Use oe's cmake rpath framework and exclude some of the cmake checks that fail in our env
+
+Upstream-Status: Inappropriate [configuration]
+Singed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: git/CMakeLists.txt
+===================================================================
+--- git.orig/CMakeLists.txt
++++ git/CMakeLists.txt
+@@ -162,12 +162,6 @@ endif()
+
+ include(GNUInstallDirs)
+
+-if(CMAKE_INSTALL_FULL_LIBDIR)
+- set(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_FULL_LIBDIR}")
+-else()
+- set(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_PREFIX}/lib")
+-endif()
+-
+ if(C_LINUX)
+ if(CMAKE_COMPILER_IS_GNUCXX)
+ # Set _GNU_SOURCE for O_LARGEFILE, O_CLOEXEC, O_DIRECTORY, O_NOFOLLOW, etc flags on older systems
+@@ -512,14 +506,8 @@ include(TestInline)
+ include(CheckFileOffsetBits)
+ # Determine how to pack structs on this platform.
+ include(CheckStructPacking)
+-# Check for signed right shift implementation.
+-include(CheckSignedRightShift)
+ # Check if systtem fts implementation available
+ include(CheckFTS)
+-# Check if uname(2) follows POSIX standard.
+-include(CheckUnamePosix)
+-# Check support for file descriptor passing
+-include(CheckFDPassing)
+
+ # Check if big-endian
+ include(TestBigEndian)
--
2.25.1


[meta-security][PATCH] packagegroup-core-security: drop clamav-cvd

Armin Kuster
 

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
recipes-core/packagegroup/packagegroup-core-security.bb | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/recipes-core/packagegroup/packagegroup-core-security.bb b/recipes-core/packagegroup/packagegroup-core-security.bb
index 0a4452e..9ac0d2c 100644
--- a/recipes-core/packagegroup/packagegroup-core-security.bb
+++ b/recipes-core/packagegroup/packagegroup-core-security.bb
@@ -51,9 +51,9 @@ RDEPENDS_packagegroup-security-scanners = "\
isic \
nikto \
checksecurity \
- ${@bb.utils.contains_any("TUNE_FEATURES", "riscv32 riscv64", "", " clamav clamav-freshclam clamav-cvd",d)} \
+ ${@bb.utils.contains_any("TUNE_FEATURES", "riscv32 riscv64", "", " clamav clamav-freshclam",d)} \
"
-RDEPENDS_packagegroup-security-scanners_remove_libc-musl = "clamav clamav-freshclam clamav-cvd"
+RDEPENDS_packagegroup-security-scanners_remove_libc-musl = "clamav clamav-freshclam"

SUMMARY_packagegroup-security-audit = "Security Audit tools "
RDEPENDS_packagegroup-security-audit = " \
--
2.25.1


[yocto-autobuilder-helper][dunfell 00/15] Pull request (cover letter only)

Steve Sakoman
 

The following changes since commit ef52b284e8cbe90c18fdab6a0d6fa8095a2c4ed9:

send-qa-email: Save the QA email in case it doesn't reach the mailing lists. (2021-02-23 10:24:14 +0000)

are available in the Git repository at:

git://git.yoctoproject.org/yocto-autobuilder-helper contrib/sakoman
http://git.yoctoproject.org/cgit.cgi/yocto-autobuilder-helper/log/?h=contrib/sakoman

Richard Purdie (14):
scripts/run-config: Don't execute steps that don't exist!
scripts/run-config: Ensure stepnum has a value when there are no steps
scripts/run-config: If target is present default to 1 step
run-config: Adapt to two pass execution
scripts/run-config: Improve logfile naming
scripts/run-config: Ensure logging to both logfile and stdout
config.json/run-config: Add human readable descriptions of steps
scripts/run-config: Remove redundant boilerplate json
scripts/shared-repo-unpack: Add flush call to update the output more
regularly before buildtools
config.json/run-config: Add support for shortnames and descriptions
config.json: Unbreak qa-extras locked sigs test
config.json: Add further descriptions
scripts/run-config: Disable output buffering
config.json: Split reproduciblity tests into their own target

Ross Burton (1):
config: build and test SDKs when using package_deb

config.json | 101 +++++++++++++---
scripts/run-config | 235 ++++++++++++++++++++++++++-----------
scripts/shared-repo-unpack | 1 +
scripts/utils.py | 5 +-
4 files changed, 259 insertions(+), 83 deletions(-)

--
2.25.1


Re: To burn 'bitbake package-index' into build process

Ross Burton
 

http://git.yoctoproject.org/cgit/cgit.cgi/poky-contrib/log/?h=ross/index
is close to what you want, but I didn't quite finish it off!

Ross

On Fri, 26 Mar 2021 at 16:45, keydi <krzysztof.dudziak@thalesgroup.com> wrote:

Should it be feasible to burn execution of 'bitbake package-index' into distribution/image build process
by conducting an adaption of meta-data ?
I mean high-level script is used to spawn Bitbake environment then start Bitbake image target.
I am unhappy to mess up high-level script to add that step to build process.
I am unhappy to make detail that level be visible in high-level script.
Rather I prefer to modify meta-data.



Re: [meta-security][PATCH] clamav: upgrade 103.0

Quentin Schulz
 

Hi Armin,

On March 27, 2021 7:04:53 PM UTC, akuster <akuster808@gmail.com> wrote:
convert to cmake and general cleanup

include on oe env patch and glibc 2.33 header fixup

if running w/in qemu, need to add qemuparams="-m 2048" to allow
freshclam not to oom

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../{clamav_0.101.5.bb => clamav_0.103.0.bb} | 101 +++++++-----------
.../clamav/files/headers_fixup.patch | 58 ++++++++++
.../clamav/files/oe_cmake_fixup.patch | 39 +++++++
3 files changed, 134 insertions(+), 64 deletions(-)
rename recipes-scanners/clamav/{clamav_0.101.5.bb => clamav_0.103.0.bb} (61%)
create mode 100644 recipes-scanners/clamav/files/headers_fixup.patch
create mode 100644 recipes-scanners/clamav/files/oe_cmake_fixup.patch

diff --git a/recipes-scanners/clamav/clamav_0.101.5.bb b/recipes-scanners/clamav/clamav_0.103.0.bb
similarity index 61%
rename from recipes-scanners/clamav/clamav_0.101.5.bb
rename to recipes-scanners/clamav/clamav_0.103.0.bb
index 7dad263..9e50466 100644
--- a/recipes-scanners/clamav/clamav_0.101.5.bb
+++ b/recipes-scanners/clamav/clamav_0.103.0.bb
@@ -4,94 +4,68 @@ HOMEPAGE = "http://www.clamav.net/index.html"
SECTION = "security"
LICENSE = "LGPL-2.1"

-DEPENDS = "libtool db libxml2 openssl zlib curl llvm clamav-native libmspack bison-native"
-DEPENDS_class-native = "db-native openssl-native zlib-native llvm-native curl-native bison-native"
+DEPENDS = "glibc llvm libtool db openssl zlib curl libxml2 bison pcre2 json-c libcheck"

-LIC_FILES_CHKSUM = "file://COPYING.LGPL;beginline=2;endline=3;md5=4b89c05acc71195e9a06edfa2fa7d092"
+LIC_FILES_CHKSUM = "file://COPYING.txt;beginline=2;endline=3;md5=f7029fbbc5898b273d5902896f7bbe17"

-SRCREV = "482fcd413b07e9fd3ef9850e6d01a45f4e187108"
+SRCREV = "5553a5e206ceae5d920368baee7d403f823bcb6f"

-SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=rel/0.101 \
+SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=dev/0.104 \
Are you sure it's not dev/0.103 here? Also, there seems to be a 0.103.1 branch available already. I don't really know which version you're targeting. I would say it makes sense to have this branch aligned with the filename of the recipe.

Cheers,
Quentin

file://clamd.conf \
file://freshclam.conf \
file://volatiles.03_clamav \
file://tmpfiles.clamav \
file://${BPN}.service \
- file://freshclam-native.conf \
- "
-
+ file://headers_fixup.patch \
+ file://oe_cmake_fixup.patch \
+"
S = "${WORKDIR}/git"

LEAD_SONAME = "libclamav.so"
-SO_VER = "9.0.4"
+SO_VER = "9.6.0"
+
+BINCONFIG = "${bindir}/clamav-config"

-inherit autotools pkgconfig useradd systemd multilib_header multilib_script
+inherit cmake chrpath pkgconfig useradd systemd multilib_header multilib_script

CLAMAV_UID ?= "clamav"
CLAMAV_GID ?= "clamav"
-INSTALL_CLAMAV_CVD ?= "1"
-
-CLAMAV_USR_DIR = "${STAGING_DIR_NATIVE}/usr"
-CLAMAV_USR_DIR_class-target = "${STAGING_DIR_HOST}/usr"
-
-PACKAGECONFIG_class-target ?= "ncurses bz2"
-PACKAGECONFIG_class-target += " ${@bb.utils.contains("DISTRO_FEATURES", "ipv6", "ipv6", "", d)}"
-PACKAGECONFIG_class-target += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)}"
-
-PACKAGECONFIG[pcre] = "--with-pcre=${STAGING_LIBDIR}, --without-pcre, libpcre"
-PACKAGECONFIG[json] = "--with-libjson=${STAGING_LIBDIR}, --without-libjson, json-c,"
-PACKAGECONFIG[ipv6] = "--enable-ipv6, --disable-ipv6"
-PACKAGECONFIG[bz2] = "--with-libbz2-prefix=${CLAMAV_USR_DIR}, --disable-bzip2, bzip2"
-PACKAGECONFIG[ncurses] = "--with-libncurses-prefix=${CLAMAV_USR_DIR}, --without-libncurses-prefix, ncurses, "
-PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_unitdir}/system/, --without-systemdsystemunitdir, "

MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/clamav-config ${PN}-cvd:${localstatedir}/lib/clamav/mirrors.dat"

-EXTRA_OECONF_CLAMAV = "--without-libcheck-prefix --disable-unrar \
- --disable-mempool \
- --program-prefix="" \
- --disable-zlib-vcheck \
- --with-xml=${CLAMAV_USR_DIR} \
- --with-zlib=${CLAMAV_USR_DIR} \
- --with-openssl=${CLAMAV_USR_DIR} \
- --with-libcurl=${CLAMAV_USR_DIR} \
- --with-system-libmspack=${CLAMAV_USR_DIR} \
- --with-iconv=no \
- --enable-check=no \
- "
-
-EXTRA_OECONF_class-native += "${EXTRA_OECONF_CLAMAV}"
-EXTRA_OECONF_class-target += "--with-user=${CLAMAV_UID} --with-group=${CLAMAV_GID} ${EXTRA_OECONF_CLAMAV}"
-
-do_configure () {
- ${S}/configure ${CONFIGUREOPTS} ${EXTRA_OECONF}
-}
+EXTRA_OECMAKE = " -DCMAKE_BUILD_TYPE=Release -DOPTIMIZE=ON -DENABLE_JSON_SHARED=OFF \
+ -DCLAMAV_GROUP=${CLAMAV_GID} -DCLAMAV_USER=${CLAMAV_UID} \
+ -DENABLE_TESTS=OFF -DBUILD_SHARED_LIBS=ON \
+ -DDISABLE_MPOOL=ON -DENABLE_FRESHCLAM_DNS_FIX=ON \
+ "

-do_configure_class-native () {
- ${S}/configure ${CONFIGUREOPTS} ${EXTRA_OECONF}
-}
+PACKAGECONFIG ?= " clamonacc \
+ ${@bb.utils.contains("DISTRO_FEATURES", "systemd", "systemd", "", d)}"

-do_compile_append_class-target() {
- if [ "${INSTALL_CLAMAV_CVD}" = "1" ]; then
- bbnote "CLAMAV creating cvd"
- install -d ${S}/clamav_db
- ${STAGING_BINDIR_NATIVE}/freshclam --datadir=${S}/clamav_db --config=${WORKDIR}/freshclam-native.conf
- fi
-}
+PACKAGECONFIG[milter] = "-DENABLE_MILTER=ON ,-DENABLE_MILTER=OFF, curl, curl"
+PACKAGECONFIG[clamonacc] = "-DENABLE_CLAMONACC=ON ,-DENABLE_CLAMONACC=OFF,"
+PACKAGECONFIG[unrar] = "-DENABLE_UNRAR=ON ,-DENABLE_UNRAR=OFF,"
+PACKAGECONFIG[systemd] = "-DENABLE_SYSTEMD=ON -DSYSTEMD_UNIT_DIR=${systemd_system_unitdir}, -DENABLE_SYSTEMD=OFF, systemd"
+
+export OECMAKE_C_FLAGS += " -I${STAGING_INCDIR} -L ${RECIPE_SYSROOT}${nonarch_libdir} -L${STAGING_LIBDIR} -lpthread"

-do_install_append_class-target () {
+do_install_append () {
install -d ${D}/${sysconfdir}
install -d ${D}/${localstatedir}/lib/clamav
install -d ${D}${sysconfdir}/clamav ${D}${sysconfdir}/default/volatiles

- install -m 644 ${WORKDIR}/clamd.conf ${D}/${sysconfdir}
- install -m 644 ${WORKDIR}/freshclam.conf ${D}/${sysconfdir}
+ install -m 644 ${WORKDIR}/clamd.conf ${D}/${prefix}/${sysconfdir}
+ install -m 644 ${WORKDIR}/freshclam.conf ${D}/${prefix}/${sysconfdir}
install -m 0644 ${WORKDIR}/volatiles.03_clamav ${D}${sysconfdir}/default/volatiles/03_clamav
sed -i -e 's#${STAGING_DIR_HOST}##g' ${D}${libdir}/pkgconfig/libclamav.pc
rm ${D}/${libdir}/libclamav.so
if [ "${INSTALL_CLAMAV_CVD}" = "1" ]; then
install -m 666 ${S}/clamav_db/* ${D}/${localstatedir}/lib/clamav/.
fi
+
+ rm ${D}/${libdir}/libfreshclam.so
+ rm ${D}/${libdir}/libmspack.so
+
if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)};then
install -D -m 0644 ${WORKDIR}/clamav.service ${D}${systemd_unitdir}/system/clamav.service
install -d ${D}${sysconfdir}/tmpfiles.d
@@ -114,10 +88,10 @@ pkg_postinst_ontarget_${PN} () {
PACKAGES = "${PN} ${PN}-dev ${PN}-dbg ${PN}-daemon ${PN}-doc ${PN}-cvd \
${PN}-clamdscan ${PN}-freshclam ${PN}-libclamav ${PN}-staticdev"

-FILES_${PN} = "${bindir}/clambc ${bindir}/clamscan ${bindir}/clamsubmit \
+FILES_${PN} = "${bindir}/clambc ${bindir}/clamscan ${bindir}/clamsubmit ${sbindir}/clamonacc \
${bindir}/*sigtool ${mandir}/man1/clambc* ${mandir}/man1/clamscan* \
${mandir}/man1/sigtool* ${mandir}/man1/clambsubmit* \
- ${docdir}/clamav/* "
+ ${docdir}/clamav/* ${libdir}/libmspack* "

FILES_${PN}-clamdscan = " ${bindir}/clamdscan \
${docdir}/clamdscan/* \
@@ -128,12 +102,14 @@ FILES_${PN}-daemon = "${bindir}/clamconf ${bindir}/clamdtop ${sbindir}/clamd \
${mandir}/man1/clamconf* ${mandir}/man1/clamdtop* \
${mandir}/man5/clamd* ${mandir}/man8/clamd* \
${sysconfdir}/clamd.conf* \
+ /usr/etc/clamd.conf* \
${systemd_unitdir}/system/clamav-daemon/* \
${docdir}/clamav-daemon/* ${sysconfdir}/clamav-daemon \
${sysconfdir}/logcheck/ignore.d.server/clamav-daemon "

FILES_${PN}-freshclam = "${bindir}/freshclam \
${sysconfdir}/freshclam.conf* \
+ /usr/etc/freshclam.conf* \
${sysconfdir}/clamav ${sysconfdir}/default/volatiles \
${sysconfdir}/tmpfiles.d/*.conf \
${localstatedir}/lib/clamav \
@@ -148,8 +124,8 @@ FILES_${PN}-dev = " ${bindir}/clamav-config ${libdir}/*.la \

FILES_${PN}-staticdev = "${libdir}/*.a"

-FILES_${PN}-libclamav = "${libdir}/libclamav.so* ${libdir}/libclammspack.so*\
- ${docdir}/libclamav/* "
+FILES_${PN}-libclamav = "${libdir}/libclamav.so* ${libdir}/libclammspack.so* \
+ ${libdir}/libfreshclam.so* ${docdir}/libclamav/* "

FILES_${PN}-doc = "${mandir}/man/* \
${datadir}/man/* \
@@ -169,6 +145,3 @@ RCONFLICTS_${PN} += "${PN}-systemd"
SYSTEMD_SERVICE_${PN} = "${BPN}.service"

RDEPENDS_${PN} = "openssl ncurses-libncurses libxml2 libbz2 ncurses-libtinfo curl libpcre2 clamav-freshclam clamav-libclamav"
-RDEPENDS_${PN}_class-native = ""
-
-BBCLASSEXTEND = "native"
diff --git a/recipes-scanners/clamav/files/headers_fixup.patch b/recipes-scanners/clamav/files/headers_fixup.patch
new file mode 100644
index 0000000..9de0a26
--- /dev/null
+++ b/recipes-scanners/clamav/files/headers_fixup.patch
@@ -0,0 +1,58 @@
+Fixes checks not needed do to glibc 2.33
+
+Upstream-Status: Pending
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: git/CMakeLists.txt
+===================================================================
+--- git.orig/CMakeLists.txt
++++ git/CMakeLists.txt
+@@ -374,8 +373,6 @@ check_include_file("stdlib.h"
+ check_include_file("string.h" HAVE_STRING_H)
+ check_include_file("strings.h" HAVE_STRINGS_H)
+ check_include_file("sys/cdefs.h" HAVE_SYS_CDEFS_H)
+-check_include_file("sys/dl.h" HAVE_SYS_DL_H)
+-check_include_file("sys/fileio.h" HAVE_SYS_FILIO_H)
+ check_include_file("sys/mman.h" HAVE_SYS_MMAN_H)
+ check_include_file("sys/param.h" HAVE_SYS_PARAM_H)
+ check_include_file("sys/queue.h" HAVE_SYS_QUEUE_H)
+@@ -410,8 +407,6 @@ endif()
+
+ # int-types variants
+ check_include_file("inttypes.h" HAVE_INTTYPES_H)
+-check_include_file("sys/inttypes.h" HAVE_SYS_INTTYPES_H)
+-check_include_file("sys/int_types.h" HAVE_SYS_INT_TYPES_H)
+ check_include_file("stdint.h" HAVE_STDINT_H)
+
+ # this hack required to silence warnings on systems with inttypes.h
+@@ -539,17 +528,11 @@ check_type_size("time_t" SIZEOF_TIME_T)
+ # Checks for library functions.
+ include(CheckSymbolExists)
+ check_symbol_exists(_Exit "stdlib.h" HAVE__EXIT)
+-check_symbol_exists(accept4 "sys/types.h" HAVE_ACCEPT4)
+ check_symbol_exists(snprintf "stdio.h" HAVE_SNPRINTF)
+-check_symbol_exists(stat64 "sys/stat.h" HAVE_STAT64)
+-check_symbol_exists(strcasestr "string.h" HAVE_STRCASESTR)
+ check_symbol_exists(strerror_r "string.h" HAVE_STRERROR_R)
+-check_symbol_exists(strlcat "string.h" HAVE_STRLCAT)
+-check_symbol_exists(strlcpy "string.h" HAVE_STRLCPY)
+ check_symbol_exists(strndup "string.h" HAVE_STRNDUP)
+ check_symbol_exists(strnlen "string.h" HAVE_STRNLEN)
+-check_symbol_exists(strnstr "string.h" HAVE_STRNSTR)
+-check_symbol_exists(sysctlbyname "sysctl.h" HAVE_SYSCTLBYNAME)
++check_symbol_exists(strcasecmp "string.h" HAVE_STRNCMP)
+ check_symbol_exists(timegm "time.h" HAVE_TIMEGM)
+ check_symbol_exists(vsnprintf "stdio.h" HAVE_VSNPRINTF)
+
+@@ -563,10 +546,9 @@ else()
+ check_symbol_exists(fseeko "stdio.h" HAVE_FSEEKO)
+ check_symbol_exists(getaddrinfo "netdb.h" HAVE_GETADDRINFO)
+ check_symbol_exists(getpagesize "unistd.h" HAVE_GETPAGESIZE)
+- check_symbol_exists(mkstemp "unistd.h" HAVE_MKSTEMP)
+ check_symbol_exists(poll "poll.h" HAVE_POLL)
+- check_symbol_exists(setgroups "unistd.h" HAVE_SETGROUPS)
+ check_symbol_exists(setsid "unistd.h" HAVE_SETSID)
++ set(HAVE_SYSCONF_SC_PAGESIZE 1)
+ endif()
+
+ include(CheckSymbolExists)
diff --git a/recipes-scanners/clamav/files/oe_cmake_fixup.patch b/recipes-scanners/clamav/files/oe_cmake_fixup.patch
new file mode 100644
index 0000000..b284915
--- /dev/null
+++ b/recipes-scanners/clamav/files/oe_cmake_fixup.patch
@@ -0,0 +1,39 @@
+Issue with rpath including /usr/lib and crosscompile checkes causing oe configure to fail
+
+Use oe's cmake rpath framework and exclude some of the cmake checks that fail in our env
+
+Upstream-Status: Inappropriate [configuration]
+Singed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: git/CMakeLists.txt
+===================================================================
+--- git.orig/CMakeLists.txt
++++ git/CMakeLists.txt
+@@ -162,12 +162,6 @@ endif()
+
+ include(GNUInstallDirs)
+
+-if(CMAKE_INSTALL_FULL_LIBDIR)
+- set(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_FULL_LIBDIR}")
+-else()
+- set(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_PREFIX}/lib")
+-endif()
+-
+ if(C_LINUX)
+ if(CMAKE_COMPILER_IS_GNUCXX)
+ # Set _GNU_SOURCE for O_LARGEFILE, O_CLOEXEC, O_DIRECTORY, O_NOFOLLOW, etc flags on older systems
+@@ -512,14 +506,8 @@ include(TestInline)
+ include(CheckFileOffsetBits)
+ # Determine how to pack structs on this platform.
+ include(CheckStructPacking)
+-# Check for signed right shift implementation.
+-include(CheckSignedRightShift)
+ # Check if systtem fts implementation available
+ include(CheckFTS)
+-# Check if uname(2) follows POSIX standard.
+-include(CheckUnamePosix)
+-# Check support for file descriptor passing
+-include(CheckFDPassing)
+
+ # Check if big-endian
+ include(TestBigEndian)
--
2.25.1
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.


[meta-security][PATCH] clamav: upgrade 103.0

Armin Kuster
 

convert to cmake and general cleanup

include on oe env patch and glibc 2.33 header fixup

if running w/in qemu, need to add qemuparams="-m 2048" to allow
freshclam not to oom

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../{clamav_0.101.5.bb => clamav_0.103.0.bb} | 101 +++++++-----------
.../clamav/files/headers_fixup.patch | 58 ++++++++++
.../clamav/files/oe_cmake_fixup.patch | 39 +++++++
3 files changed, 134 insertions(+), 64 deletions(-)
rename recipes-scanners/clamav/{clamav_0.101.5.bb => clamav_0.103.0.bb} (61%)
create mode 100644 recipes-scanners/clamav/files/headers_fixup.patch
create mode 100644 recipes-scanners/clamav/files/oe_cmake_fixup.patch

diff --git a/recipes-scanners/clamav/clamav_0.101.5.bb b/recipes-scanners/clamav/clamav_0.103.0.bb
similarity index 61%
rename from recipes-scanners/clamav/clamav_0.101.5.bb
rename to recipes-scanners/clamav/clamav_0.103.0.bb
index 7dad263..9e50466 100644
--- a/recipes-scanners/clamav/clamav_0.101.5.bb
+++ b/recipes-scanners/clamav/clamav_0.103.0.bb
@@ -4,94 +4,68 @@ HOMEPAGE = "http://www.clamav.net/index.html"
SECTION = "security"
LICENSE = "LGPL-2.1"

-DEPENDS = "libtool db libxml2 openssl zlib curl llvm clamav-native libmspack bison-native"
-DEPENDS_class-native = "db-native openssl-native zlib-native llvm-native curl-native bison-native"
+DEPENDS = "glibc llvm libtool db openssl zlib curl libxml2 bison pcre2 json-c libcheck"

-LIC_FILES_CHKSUM = "file://COPYING.LGPL;beginline=2;endline=3;md5=4b89c05acc71195e9a06edfa2fa7d092"
+LIC_FILES_CHKSUM = "file://COPYING.txt;beginline=2;endline=3;md5=f7029fbbc5898b273d5902896f7bbe17"

-SRCREV = "482fcd413b07e9fd3ef9850e6d01a45f4e187108"
+SRCREV = "5553a5e206ceae5d920368baee7d403f823bcb6f"

-SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=rel/0.101 \
+SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=dev/0.104 \
file://clamd.conf \
file://freshclam.conf \
file://volatiles.03_clamav \
file://tmpfiles.clamav \
file://${BPN}.service \
- file://freshclam-native.conf \
- "
-
+ file://headers_fixup.patch \
+ file://oe_cmake_fixup.patch \
+"
S = "${WORKDIR}/git"

LEAD_SONAME = "libclamav.so"
-SO_VER = "9.0.4"
+SO_VER = "9.6.0"
+
+BINCONFIG = "${bindir}/clamav-config"

-inherit autotools pkgconfig useradd systemd multilib_header multilib_script
+inherit cmake chrpath pkgconfig useradd systemd multilib_header multilib_script

CLAMAV_UID ?= "clamav"
CLAMAV_GID ?= "clamav"
-INSTALL_CLAMAV_CVD ?= "1"
-
-CLAMAV_USR_DIR = "${STAGING_DIR_NATIVE}/usr"
-CLAMAV_USR_DIR_class-target = "${STAGING_DIR_HOST}/usr"
-
-PACKAGECONFIG_class-target ?= "ncurses bz2"
-PACKAGECONFIG_class-target += " ${@bb.utils.contains("DISTRO_FEATURES", "ipv6", "ipv6", "", d)}"
-PACKAGECONFIG_class-target += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)}"
-
-PACKAGECONFIG[pcre] = "--with-pcre=${STAGING_LIBDIR}, --without-pcre, libpcre"
-PACKAGECONFIG[json] = "--with-libjson=${STAGING_LIBDIR}, --without-libjson, json-c,"
-PACKAGECONFIG[ipv6] = "--enable-ipv6, --disable-ipv6"
-PACKAGECONFIG[bz2] = "--with-libbz2-prefix=${CLAMAV_USR_DIR}, --disable-bzip2, bzip2"
-PACKAGECONFIG[ncurses] = "--with-libncurses-prefix=${CLAMAV_USR_DIR}, --without-libncurses-prefix, ncurses, "
-PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_unitdir}/system/, --without-systemdsystemunitdir, "

MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/clamav-config ${PN}-cvd:${localstatedir}/lib/clamav/mirrors.dat"

-EXTRA_OECONF_CLAMAV = "--without-libcheck-prefix --disable-unrar \
- --disable-mempool \
- --program-prefix="" \
- --disable-zlib-vcheck \
- --with-xml=${CLAMAV_USR_DIR} \
- --with-zlib=${CLAMAV_USR_DIR} \
- --with-openssl=${CLAMAV_USR_DIR} \
- --with-libcurl=${CLAMAV_USR_DIR} \
- --with-system-libmspack=${CLAMAV_USR_DIR} \
- --with-iconv=no \
- --enable-check=no \
- "
-
-EXTRA_OECONF_class-native += "${EXTRA_OECONF_CLAMAV}"
-EXTRA_OECONF_class-target += "--with-user=${CLAMAV_UID} --with-group=${CLAMAV_GID} ${EXTRA_OECONF_CLAMAV}"
-
-do_configure () {
- ${S}/configure ${CONFIGUREOPTS} ${EXTRA_OECONF}
-}
+EXTRA_OECMAKE = " -DCMAKE_BUILD_TYPE=Release -DOPTIMIZE=ON -DENABLE_JSON_SHARED=OFF \
+ -DCLAMAV_GROUP=${CLAMAV_GID} -DCLAMAV_USER=${CLAMAV_UID} \
+ -DENABLE_TESTS=OFF -DBUILD_SHARED_LIBS=ON \
+ -DDISABLE_MPOOL=ON -DENABLE_FRESHCLAM_DNS_FIX=ON \
+ "

-do_configure_class-native () {
- ${S}/configure ${CONFIGUREOPTS} ${EXTRA_OECONF}
-}
+PACKAGECONFIG ?= " clamonacc \
+ ${@bb.utils.contains("DISTRO_FEATURES", "systemd", "systemd", "", d)}"

-do_compile_append_class-target() {
- if [ "${INSTALL_CLAMAV_CVD}" = "1" ]; then
- bbnote "CLAMAV creating cvd"
- install -d ${S}/clamav_db
- ${STAGING_BINDIR_NATIVE}/freshclam --datadir=${S}/clamav_db --config=${WORKDIR}/freshclam-native.conf
- fi
-}
+PACKAGECONFIG[milter] = "-DENABLE_MILTER=ON ,-DENABLE_MILTER=OFF, curl, curl"
+PACKAGECONFIG[clamonacc] = "-DENABLE_CLAMONACC=ON ,-DENABLE_CLAMONACC=OFF,"
+PACKAGECONFIG[unrar] = "-DENABLE_UNRAR=ON ,-DENABLE_UNRAR=OFF,"
+PACKAGECONFIG[systemd] = "-DENABLE_SYSTEMD=ON -DSYSTEMD_UNIT_DIR=${systemd_system_unitdir}, -DENABLE_SYSTEMD=OFF, systemd"
+
+export OECMAKE_C_FLAGS += " -I${STAGING_INCDIR} -L ${RECIPE_SYSROOT}${nonarch_libdir} -L${STAGING_LIBDIR} -lpthread"

-do_install_append_class-target () {
+do_install_append () {
install -d ${D}/${sysconfdir}
install -d ${D}/${localstatedir}/lib/clamav
install -d ${D}${sysconfdir}/clamav ${D}${sysconfdir}/default/volatiles

- install -m 644 ${WORKDIR}/clamd.conf ${D}/${sysconfdir}
- install -m 644 ${WORKDIR}/freshclam.conf ${D}/${sysconfdir}
+ install -m 644 ${WORKDIR}/clamd.conf ${D}/${prefix}/${sysconfdir}
+ install -m 644 ${WORKDIR}/freshclam.conf ${D}/${prefix}/${sysconfdir}
install -m 0644 ${WORKDIR}/volatiles.03_clamav ${D}${sysconfdir}/default/volatiles/03_clamav
sed -i -e 's#${STAGING_DIR_HOST}##g' ${D}${libdir}/pkgconfig/libclamav.pc
rm ${D}/${libdir}/libclamav.so
if [ "${INSTALL_CLAMAV_CVD}" = "1" ]; then
install -m 666 ${S}/clamav_db/* ${D}/${localstatedir}/lib/clamav/.
fi
+
+ rm ${D}/${libdir}/libfreshclam.so
+ rm ${D}/${libdir}/libmspack.so
+
if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)};then
install -D -m 0644 ${WORKDIR}/clamav.service ${D}${systemd_unitdir}/system/clamav.service
install -d ${D}${sysconfdir}/tmpfiles.d
@@ -114,10 +88,10 @@ pkg_postinst_ontarget_${PN} () {
PACKAGES = "${PN} ${PN}-dev ${PN}-dbg ${PN}-daemon ${PN}-doc ${PN}-cvd \
${PN}-clamdscan ${PN}-freshclam ${PN}-libclamav ${PN}-staticdev"

-FILES_${PN} = "${bindir}/clambc ${bindir}/clamscan ${bindir}/clamsubmit \
+FILES_${PN} = "${bindir}/clambc ${bindir}/clamscan ${bindir}/clamsubmit ${sbindir}/clamonacc \
${bindir}/*sigtool ${mandir}/man1/clambc* ${mandir}/man1/clamscan* \
${mandir}/man1/sigtool* ${mandir}/man1/clambsubmit* \
- ${docdir}/clamav/* "
+ ${docdir}/clamav/* ${libdir}/libmspack* "

FILES_${PN}-clamdscan = " ${bindir}/clamdscan \
${docdir}/clamdscan/* \
@@ -128,12 +102,14 @@ FILES_${PN}-daemon = "${bindir}/clamconf ${bindir}/clamdtop ${sbindir}/clamd \
${mandir}/man1/clamconf* ${mandir}/man1/clamdtop* \
${mandir}/man5/clamd* ${mandir}/man8/clamd* \
${sysconfdir}/clamd.conf* \
+ /usr/etc/clamd.conf* \
${systemd_unitdir}/system/clamav-daemon/* \
${docdir}/clamav-daemon/* ${sysconfdir}/clamav-daemon \
${sysconfdir}/logcheck/ignore.d.server/clamav-daemon "

FILES_${PN}-freshclam = "${bindir}/freshclam \
${sysconfdir}/freshclam.conf* \
+ /usr/etc/freshclam.conf* \
${sysconfdir}/clamav ${sysconfdir}/default/volatiles \
${sysconfdir}/tmpfiles.d/*.conf \
${localstatedir}/lib/clamav \
@@ -148,8 +124,8 @@ FILES_${PN}-dev = " ${bindir}/clamav-config ${libdir}/*.la \

FILES_${PN}-staticdev = "${libdir}/*.a"

-FILES_${PN}-libclamav = "${libdir}/libclamav.so* ${libdir}/libclammspack.so*\
- ${docdir}/libclamav/* "
+FILES_${PN}-libclamav = "${libdir}/libclamav.so* ${libdir}/libclammspack.so* \
+ ${libdir}/libfreshclam.so* ${docdir}/libclamav/* "

FILES_${PN}-doc = "${mandir}/man/* \
${datadir}/man/* \
@@ -169,6 +145,3 @@ RCONFLICTS_${PN} += "${PN}-systemd"
SYSTEMD_SERVICE_${PN} = "${BPN}.service"

RDEPENDS_${PN} = "openssl ncurses-libncurses libxml2 libbz2 ncurses-libtinfo curl libpcre2 clamav-freshclam clamav-libclamav"
-RDEPENDS_${PN}_class-native = ""
-
-BBCLASSEXTEND = "native"
diff --git a/recipes-scanners/clamav/files/headers_fixup.patch b/recipes-scanners/clamav/files/headers_fixup.patch
new file mode 100644
index 0000000..9de0a26
--- /dev/null
+++ b/recipes-scanners/clamav/files/headers_fixup.patch
@@ -0,0 +1,58 @@
+Fixes checks not needed do to glibc 2.33
+
+Upstream-Status: Pending
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: git/CMakeLists.txt
+===================================================================
+--- git.orig/CMakeLists.txt
++++ git/CMakeLists.txt
+@@ -374,8 +373,6 @@ check_include_file("stdlib.h"
+ check_include_file("string.h" HAVE_STRING_H)
+ check_include_file("strings.h" HAVE_STRINGS_H)
+ check_include_file("sys/cdefs.h" HAVE_SYS_CDEFS_H)
+-check_include_file("sys/dl.h" HAVE_SYS_DL_H)
+-check_include_file("sys/fileio.h" HAVE_SYS_FILIO_H)
+ check_include_file("sys/mman.h" HAVE_SYS_MMAN_H)
+ check_include_file("sys/param.h" HAVE_SYS_PARAM_H)
+ check_include_file("sys/queue.h" HAVE_SYS_QUEUE_H)
+@@ -410,8 +407,6 @@ endif()
+
+ # int-types variants
+ check_include_file("inttypes.h" HAVE_INTTYPES_H)
+-check_include_file("sys/inttypes.h" HAVE_SYS_INTTYPES_H)
+-check_include_file("sys/int_types.h" HAVE_SYS_INT_TYPES_H)
+ check_include_file("stdint.h" HAVE_STDINT_H)
+
+ # this hack required to silence warnings on systems with inttypes.h
+@@ -539,17 +528,11 @@ check_type_size("time_t" SIZEOF_TIME_T)
+ # Checks for library functions.
+ include(CheckSymbolExists)
+ check_symbol_exists(_Exit "stdlib.h" HAVE__EXIT)
+-check_symbol_exists(accept4 "sys/types.h" HAVE_ACCEPT4)
+ check_symbol_exists(snprintf "stdio.h" HAVE_SNPRINTF)
+-check_symbol_exists(stat64 "sys/stat.h" HAVE_STAT64)
+-check_symbol_exists(strcasestr "string.h" HAVE_STRCASESTR)
+ check_symbol_exists(strerror_r "string.h" HAVE_STRERROR_R)
+-check_symbol_exists(strlcat "string.h" HAVE_STRLCAT)
+-check_symbol_exists(strlcpy "string.h" HAVE_STRLCPY)
+ check_symbol_exists(strndup "string.h" HAVE_STRNDUP)
+ check_symbol_exists(strnlen "string.h" HAVE_STRNLEN)
+-check_symbol_exists(strnstr "string.h" HAVE_STRNSTR)
+-check_symbol_exists(sysctlbyname "sysctl.h" HAVE_SYSCTLBYNAME)
++check_symbol_exists(strcasecmp "string.h" HAVE_STRNCMP)
+ check_symbol_exists(timegm "time.h" HAVE_TIMEGM)
+ check_symbol_exists(vsnprintf "stdio.h" HAVE_VSNPRINTF)
+
+@@ -563,10 +546,9 @@ else()
+ check_symbol_exists(fseeko "stdio.h" HAVE_FSEEKO)
+ check_symbol_exists(getaddrinfo "netdb.h" HAVE_GETADDRINFO)
+ check_symbol_exists(getpagesize "unistd.h" HAVE_GETPAGESIZE)
+- check_symbol_exists(mkstemp "unistd.h" HAVE_MKSTEMP)
+ check_symbol_exists(poll "poll.h" HAVE_POLL)
+- check_symbol_exists(setgroups "unistd.h" HAVE_SETGROUPS)
+ check_symbol_exists(setsid "unistd.h" HAVE_SETSID)
++ set(HAVE_SYSCONF_SC_PAGESIZE 1)
+ endif()
+
+ include(CheckSymbolExists)
diff --git a/recipes-scanners/clamav/files/oe_cmake_fixup.patch b/recipes-scanners/clamav/files/oe_cmake_fixup.patch
new file mode 100644
index 0000000..b284915
--- /dev/null
+++ b/recipes-scanners/clamav/files/oe_cmake_fixup.patch
@@ -0,0 +1,39 @@
+Issue with rpath including /usr/lib and crosscompile checkes causing oe configure to fail
+
+Use oe's cmake rpath framework and exclude some of the cmake checks that fail in our env
+
+Upstream-Status: Inappropriate [configuration]
+Singed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: git/CMakeLists.txt
+===================================================================
+--- git.orig/CMakeLists.txt
++++ git/CMakeLists.txt
+@@ -162,12 +162,6 @@ endif()
+
+ include(GNUInstallDirs)
+
+-if(CMAKE_INSTALL_FULL_LIBDIR)
+- set(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_FULL_LIBDIR}")
+-else()
+- set(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_PREFIX}/lib")
+-endif()
+-
+ if(C_LINUX)
+ if(CMAKE_COMPILER_IS_GNUCXX)
+ # Set _GNU_SOURCE for O_LARGEFILE, O_CLOEXEC, O_DIRECTORY, O_NOFOLLOW, etc flags on older systems
+@@ -512,14 +506,8 @@ include(TestInline)
+ include(CheckFileOffsetBits)
+ # Determine how to pack structs on this platform.
+ include(CheckStructPacking)
+-# Check for signed right shift implementation.
+-include(CheckSignedRightShift)
+ # Check if systtem fts implementation available
+ include(CheckFTS)
+-# Check if uname(2) follows POSIX standard.
+-include(CheckUnamePosix)
+-# Check support for file descriptor passing
+-include(CheckFDPassing)
+
+ # Check if big-endian
+ include(TestBigEndian)
--
2.25.1


[meta-openssl102] Updated

Mark Hatle
 

Not sure if anyone is still using this, but I did update OpenSSL 1.0.2 to fix
the latest three CVEs:

CVE-2021-23839
CVE-2021-23840
CVE-2021-23841

All branches updated.

Additionally master has been updated for 'hardknott'.

Note, corresponding meta-openssl102-fips does not build. If anyone is
interested in this, they will likely need to help update it.

--Mark


Re: Yocto Technical Team Minutes, Engineering Sync, for March 23, 2021

Alexander Kanavin
 

On Fri, 26 Mar 2021 at 21:44, Trevor Woerner <twoerner@...> wrote:
RP: if anyone knows any RISC-V companies, we’d like to get some of them
    interested in becoming members. i’d really like to add RISC-V as part
    of our matrix, but that would be hard if it doesn’t have a source of
    funding

I guess SiFive is the one you could approach? I actually sent them my CV a few weeks back, as a long shot to try to see if they're interested in Yocto and someone like myself to help them with it.

Alex

2141 - 2160 of 55062