Date   

Re: [meta-security][PATCH 1/2] Add meta-parsec layer into meta-security.

Armin Kuster
 

Merged,

Thanks

On 4/9/21 4:14 AM, Anton Antonov wrote:
From: Anton Antonov <anton.antonov@...>

The layer contains recipes for Parsec service version 0.7.0 and parsec-tool version 0.3.0. The Parsec service is built with all supported providers and deployed with the MbedCrypto provider enabled. Both systemd and sysv-init are supported.

Signed-off-by: Anton Antonov <Anton.Antonov@...>
---
meta-parsec/README.md | 186 ++++++++++++++++++
meta-parsec/conf/layer.conf | 14 ++
.../parsec-service/files/cryptoki.patch | 18 ++
.../parsec-service/files/parsec-tmpfiles.conf | 2 +
.../parsec-service/files/parsec_init | 63 ++++++
.../parsec-service/files/systemd.patch | 19 ++
.../parsec-service/parsec-service_0.7.0.bb | 67 +++++++
.../parsec-service/parsec-service_0.7.0.inc | 147 ++++++++++++++
.../parsec-tool/parsec-tool_0.3.0.bb | 18 ++
.../parsec-tool/parsec-tool_0.3.0.inc | 127 ++++++++++++
10 files changed, 661 insertions(+)
create mode 100644 meta-parsec/README.md
create mode 100644 meta-parsec/conf/layer.conf
create mode 100644 meta-parsec/recipes-parsec/parsec-service/files/cryptoki.patch
create mode 100644 meta-parsec/recipes-parsec/parsec-service/files/parsec-tmpfiles.conf
create mode 100755 meta-parsec/recipes-parsec/parsec-service/files/parsec_init
create mode 100644 meta-parsec/recipes-parsec/parsec-service/files/systemd.patch
create mode 100644 meta-parsec/recipes-parsec/parsec-service/parsec-service_0.7.0.bb
create mode 100644 meta-parsec/recipes-parsec/parsec-service/parsec-service_0.7.0.inc
create mode 100644 meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.3.0.bb
create mode 100644 meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.3.0.inc

diff --git a/meta-parsec/README.md b/meta-parsec/README.md
new file mode 100644
index 0000000..a2736b6
--- /dev/null
+++ b/meta-parsec/README.md
@@ -0,0 +1,186 @@
+meta-parsec layer
+==============
+
+This layer contains recipes for the Parsec service with Mbed-Crypto,
+Pkcs11 and TPM providers and parsec tools.
+
+Dependencies
+============
+
+This layer depends on:
+
+ URI: git://git.openembedded.org/meta-openembedded
+ branch: master
+ revision: HEAD
+ prio: default
+
+ URI git://git.yoctoproject.org/meta-security
+ branch: master
+ revision: HEAD
+ prio: default
+
+ URI https://github.com/meta-rust/meta-rust.git
+ branch: master
+ revision: HEAD
+ prio: default
+
+ URI https://github.com/kraj/meta-clang.git
+ branch: master
+ revision: HEAD
+ prio: default
+
+Adding the meta-parsec layer to your build
+==========================================
+
+In order to use this layer, you need to make the build system aware of it.
+
+You can add it to the build system by adding the
+location of the meta-parsec layer to bblayers.conf, along with any
+other layers needed. e.g.:
+
+ BBLAYERS ?= " \
+ /path/to/yocto/meta \
+ /path/to/yocto/meta-yocto \
+ /path/to/yocto/meta-yocto-bsp \
+ /path/to/meta-openembedded/meta-oe \
+ /path/to/meta-openembedded/meta-python \
+ /path/to/meta-rust \
+ /path/to/meta-clang \
+ /path/to/meta-security/meta-tpm \
+ /path/to/meta-security/meta-parsec \
+ "
+
+To include the Parsec service into your image add following into the
+local.conf:
+
+ IMAGE_INSTALL_append = " parsec-service"
+
+ The Parsec service will be deployed into the image built with all the supported
+providers and with the default config file from the Parsec repository:
+https://github.com/parallaxsecond/parsec/blob/main/config.toml
+ The default Parsec service config file contains the MbedCrypto provider
+enabled. The config file needs to be updated to use the Parsec service
+with other providers like TPM or PKCS11. The required procedures are
+covered in Parsec documentation.
+https://parallaxsecond.github.io/parsec-book/
+
+Updating recipes
+================
+
+ The parsec-service and parsec-tool recipes use include files with lists
+of all rust crates required. This allows bitbake to fetch all the necessary
+dependent crates, as well as a pegged version of the crates.io index,
+to ensure maximum reproducibility.
+ It's recommended to use cargo-bitbake to generate include files for new
+versions of parsec recipes.
+https://github.com/meta-rust/cargo-bitbake
+
+ When you have crago-bitbake built:
+1. Checkout the required version of parsec repository.
+2. Run cargo-bitbake inside the repository. It will produce a BB file.
+3. Create a new include file with SRC_URI and LIC_FILES_CHKSUM from the BB file.
+
+Manual testing with runqemu
+===========================
+
+ This layer also contains a recipe for pasec-tool which can be used for
+manual testing of the Parsec service:
+
+ IMAGE_INSTALL_append += " parsec-tools"
+
+ There are a series of Parsec Demo videos showing how to use parsec-tool
+to test the Parsec service base functionality:
+https://www.youtube.com/watch?v=ido0CyUdMHM&list=PLKjl7IFAwc4S7WQqqphCsyy6DPDxJ2Skg&index=4
+
+ You can use runqemu to start a VM with a built image file and run
+manual tests with parsec-tool.
+
+1. MbedCrypto provider
+ The default Parsec service config file contains the MbedCrypto provider
+enabled. No changes required for manual testing.
+
+2. PKCS11 provider
+ The Software HSM can be used for manual testing of the provider by
+including it into your test image:
+
+ IMAGE_INSTALL_append += " softhsm"
+
+Inside the running VM:
+- Stop Parsec
+```bash
+systemctl stop parsec
+```
+- Initialise a token and notice the result slot number
+```bash
+softhsm2-util --init-token --slot 0 --label "Parsec Service" --pin 123456 --so-pin 123456
+```
+- Change the token ownership:
+```bash
+for d in /var/lib/softhsm/tokens/*; do chown -R parsec $d; done
+```
+- Enable the PKCS11 provider and update its parameters in the Parsec config file
+/etc/parsec/config.toml
+```
+library_path = "/usr/lib/softhsm/libsofthsm2.so"
+slot_number = <slot number>
+user_pin = "123456"
+```
+- Start Parsec
+```bash
+systemctl start parsec
+```
+
+3. TPM provider
+ The IBM Software TPM service can be used for manual testing of the provider by
+including it into your test image:
+
+ IMAGE_INSTALL_append += " ibmswtpm2 tpm2-tools libtss2 libtss2-tcti-mssim"
+
+Inside the running VM:
+- Stop Parsec
+```bash
+systemctl stop parsec
+```
+- Start and configure the Software TPM server
+```bash
+ /usr/bin/tpm_server &
+ sleep 5
+ /usr/bin/tpm2_startup -c -T mssim
+ /usr/bin/tpm2_changeauth -c owner tpm_pass
+```
+- Enable the TPM provider and update its parameters in the Parsec config file
+/etc/parsec/config.toml
+```
+tcti = "mssim"
+owner_hierarchy_auth = "hex:74706d5f70617373"
+```
+- Start Parsec
+```bash
+systemctl start parsec
+```
+
+Maintenance
+-----------
+
+Send pull requests, patches, comments or questions to yocto@...
+
+When sending single patches, please using something like:
+'git send-email -1 --to yocto@... --subject-prefix=meta-parsec][PATCH'
+
+These values can be set as defaults for this repository:
+
+$ git config sendemail.to yocto@...
+$ git config format.subjectPrefix meta-parsec][PATCH
+
+Now you can just do 'git send-email origin/master' to send all local patches.
+
+Maintainers: Anton Antonov <Anton.Antonov@...>
+ Armin Kuster <akuster808@...>
+
+
+License
+=======
+
+All metadata is MIT licensed unless otherwise stated. Source code included
+in tree for individual recipes is under the LICENSE stated in each recipe
+(.bb file) unless otherwise stated.
diff --git a/meta-parsec/conf/layer.conf b/meta-parsec/conf/layer.conf
new file mode 100644
index 0000000..2d4aa12
--- /dev/null
+++ b/meta-parsec/conf/layer.conf
@@ -0,0 +1,14 @@
+# We have a conf and classes directory, add to BBPATH
+BBPATH .= ":${LAYERDIR}"
+
+# We have a recipes directory, add to BBFILES
+BBFILES += "${LAYERDIR}/recipes*/*/*.bb ${LAYERDIR}/recipes*/*/*.bbappend"
+
+BBFILE_COLLECTIONS += "parsec-layer"
+BBFILE_PATTERN_parsec-layer = "^${LAYERDIR}/"
+BBFILE_PRIORITY_parsec-layer = "5"
+
+LAYERSERIES_COMPAT_parsec-layer = "hardknott gatesgarth"
+
+LAYERDEPENDS_parsec-layer = "core rust-layer clang-layer tpm-layer"
+BBLAYERS_LAYERINDEX_NAME_parsec-layer = "meta-parsec"
diff --git a/meta-parsec/recipes-parsec/parsec-service/files/cryptoki.patch b/meta-parsec/recipes-parsec/parsec-service/files/cryptoki.patch
new file mode 100644
index 0000000..c234479
--- /dev/null
+++ b/meta-parsec/recipes-parsec/parsec-service/files/cryptoki.patch
@@ -0,0 +1,18 @@
+
+Use cryptoki v0.1.1 which supports the "generate-bindings" feature
+required for building Parsec service 0.7.0 in Yocto.
+
+Signed-off-by: Anton Antonov <Anton.Antonov@...>
+Upstream-Status: Submitted
+
+--- a/Cargo.toml 2021-04-01 10:29:50.333687763 +0100
++++ b/Cargo.toml 2021-04-01 10:27:13.051860002 +0100
+@@ -37,7 +37,7 @@
+ version = "1.3.1"
+
+ [dependencies.cryptoki]
+-version = "0.1.0"
++version = "0.1.1"
+ features = ["psa-crypto-conversions"]
+ optional = true
+
diff --git a/meta-parsec/recipes-parsec/parsec-service/files/parsec-tmpfiles.conf b/meta-parsec/recipes-parsec/parsec-service/files/parsec-tmpfiles.conf
new file mode 100644
index 0000000..fe576a2
--- /dev/null
+++ b/meta-parsec/recipes-parsec/parsec-service/files/parsec-tmpfiles.conf
@@ -0,0 +1,2 @@
+#Type Path Mode User Group Age Argument
+d /run/parsec 755 parsec parsec - -
diff --git a/meta-parsec/recipes-parsec/parsec-service/files/parsec_init b/meta-parsec/recipes-parsec/parsec-service/files/parsec_init
new file mode 100755
index 0000000..58a2897
--- /dev/null
+++ b/meta-parsec/recipes-parsec/parsec-service/files/parsec_init
@@ -0,0 +1,63 @@
+#! /bin/sh -e
+
+# ------------------------------------------------------------------------------
+# Copyright (c) 2021, Arm Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ------------------------------------------------------------------------------
+
+# Parsec Service SysV init script
+
+test -x /usr/libexec/parsec/parsec || exit 0
+
+case "$1" in
+ start)
+ echo -n "Starting Parsec daemon: "
+ if [ ! -f /etc/parsec/config.toml ]; then
+ echo "There is no Parsec service configuration file."
+ else
+ if [ ! -d /run/parsec ]; then
+ mkdir /run/parsec
+ chown parsec:parsec /run/parsec
+ chmod 755 /run/parsec
+ fi
+ # start-stop-daemon used in poky busybox doesn't support
+ # '--chdir' parameter. So, let's do it manually
+ cd /var/lib/parsec
+ RUST_LOG=info start-stop-daemon --oknodo --start --background \
+ --chuid parsec:parsec --exec /usr/libexec/parsec/parsec \
+ -- --config /etc/parsec/config.toml
+ echo "parsec."
+ fi
+ ;;
+ stop)
+ echo -n "Stopping Parsec daemon: "
+ start-stop-daemon --oknodo --stop --exec /usr/libexec/parsec/parsec
+ echo "parsec."
+ ;;
+ reload)
+ echo -n "Reloading Parsec daemon: "
+ start-stop-daemon --stop --signal SIGHUP --exec /usr/libexec/parsec/parsec
+ echo "parsec."
+ ;;
+ restart|force-reload)
+ $0 stop
+ $0 start
+ ;;
+ *)
+ echo "Usage: /etc/init.d/parsec {start|stop|restart|reload|force-reload}"
+ exit 1
+esac
+
+exit 0
diff --git a/meta-parsec/recipes-parsec/parsec-service/files/systemd.patch b/meta-parsec/recipes-parsec/parsec-service/files/systemd.patch
new file mode 100644
index 0000000..c01ff06
--- /dev/null
+++ b/meta-parsec/recipes-parsec/parsec-service/files/systemd.patch
@@ -0,0 +1,19 @@
+
+Run the Parsec service as parsec user in /var/lib/parsec/ working directory.
+
+Signed-off-by: Anton Antonov <Anton.Antonov@...>
+Upstream-Status: Inappropriate [deployment configuration]
+
+--- a/systemd-daemon/parsec.service 2021-03-28 18:34:18.703196235 +0100
++++ b/systemd-daemon/parsec.service 2021-03-28 18:35:14.279830299 +0100
+@@ -3,7 +3,9 @@
+ Documentation=https://parallaxsecond.github.io/parsec-book/parsec_service/install_parsec_linux.html
+
+ [Service]
+-WorkingDirectory=/home/parsec/
++User=parsec
++Group=parsec
++WorkingDirectory=/var/lib/parsec/
+ ExecStart=/usr/libexec/parsec/parsec --config /etc/parsec/config.toml
+
+ [Install]
diff --git a/meta-parsec/recipes-parsec/parsec-service/parsec-service_0.7.0.bb b/meta-parsec/recipes-parsec/parsec-service/parsec-service_0.7.0.bb
new file mode 100644
index 0000000..b3f7b21
--- /dev/null
+++ b/meta-parsec/recipes-parsec/parsec-service/parsec-service_0.7.0.bb
@@ -0,0 +1,67 @@
+SUMMARY = "Platform AbstRaction for SECurity Daemon"
+HOMEPAGE = "https://github.com/parallaxsecond/parsec"
+LICENSE = "Apache-2.0"
+
+inherit cargo
+
+SRC_URI += "crate://crates.io/parsec-service/${PV} \
+ file://parsec_init \
+ file://systemd.patch \
+ file://parsec-tmpfiles.conf \
+"
+
+DEPENDS = "clang-native tpm2-tss"
+INSANE_SKIP_${PN} += "dev-deps"
+
+CARGO_BUILD_FLAGS += " --features all-providers,cryptoki/generate-bindings,tss-esapi/generate-bindings"
+
+inherit systemd
+SYSTEMD_SERVICE_${PN} = "parsec.service"
+
+inherit update-rc.d
+INITSCRIPT_NAME = "parsec"
+
+# A local file can be defined in build/local.conf
+# The file should also be included into SRC_URI then
+PARSEC_CONFIG ?= "${S}/config.toml"
+
+do_install_append () {
+ # Binaries
+ install -d -m 700 -o parsec -g parsec "${D}${libexecdir}/parsec"
+ install -m 700 -o parsec -g parsec "${WORKDIR}/build/target/${CARGO_TARGET_SUBDIR}/parsec" ${D}${libexecdir}/parsec/parsec
+
+ # Config file
+ install -d -m 700 -o parsec -g parsec "${D}${sysconfdir}/parsec"
+ install -m 400 -o parsec -g parsec "${PARSEC_CONFIG}" ${D}${sysconfdir}/parsec/config.toml
+
+ # Data dir
+ install -d -m 700 -o parsec -g parsec "${D}${localstatedir}/lib/parsec"
+
+ if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+ install -d ${D}${systemd_unitdir}/system
+ install -m 644 ${S}/systemd-daemon/parsec.service ${D}${systemd_unitdir}/system
+
+ install -d ${D}${libdir}/tmpfiles.d
+ install -m 644 ${WORKDIR}/parsec-tmpfiles.conf ${D}${libdir}/tmpfiles.d
+ fi
+
+ if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then
+ install -d ${D}${sysconfdir}/init.d
+ install -m 755 ${WORKDIR}/parsec_init ${D}${sysconfdir}/init.d/parsec
+ fi
+}
+
+inherit useradd
+USERADD_PACKAGES = "${PN}"
+USERADD_PARAM_${PN} = "-r -g parsec -s /bin/false -d ${localstatedir}/lib/parsec parsec"
+GROUPADD_PARAM_${PN} = "-r parsec"
+
+FILES_${PN} += " \
+ ${sysconfdir}/parsec/config.toml \
+ ${libexecdir}/parsec/parsec \
+ ${systemd_unitdir}/system/parsec.service \
+ ${libdir}/tmpfiles.d/parsec-tmpfiles.conf \
+ ${sysconfdir}/init.d/parsec \
+"
+
+require parsec-service_${PV}.inc
diff --git a/meta-parsec/recipes-parsec/parsec-service/parsec-service_0.7.0.inc b/meta-parsec/recipes-parsec/parsec-service/parsec-service_0.7.0.inc
new file mode 100644
index 0000000..59a47f9
--- /dev/null
+++ b/meta-parsec/recipes-parsec/parsec-service/parsec-service_0.7.0.inc
@@ -0,0 +1,147 @@
+# This file is created from parsec-service repository Cargo.lock using cargo-bitbake tool
+
+SRC_URI += " \
+ crate://crates.io/aho-corasick/0.7.15 \
+ crate://crates.io/ansi_term/0.11.0 \
+ crate://crates.io/anyhow/1.0.38 \
+ crate://crates.io/atty/0.2.14 \
+ crate://crates.io/autocfg/1.0.1 \
+ crate://crates.io/base64/0.12.3 \
+ crate://crates.io/base64/0.13.0 \
+ crate://crates.io/bincode/1.3.2 \
+ crate://crates.io/bindgen/0.56.0 \
+ crate://crates.io/bindgen/0.57.0 \
+ crate://crates.io/bitfield/0.13.2 \
+ crate://crates.io/bitflags/1.2.1 \
+ crate://crates.io/byteorder/1.3.4 \
+ crate://crates.io/bytes/0.5.6 \
+ crate://crates.io/bytes/1.0.1 \
+ crate://crates.io/cc/1.0.67 \
+ crate://crates.io/cexpr/0.4.0 \
+ crate://crates.io/cfg-if/1.0.0 \
+ crate://crates.io/clang-sys/1.1.1 \
+ crate://crates.io/clap/2.33.3 \
+ crate://crates.io/cmake/0.1.45 \
+ crate://crates.io/cryptoauthlib-sys/0.1.0 \
+ crate://crates.io/cryptoki-sys/0.1.1 \
+ crate://crates.io/cryptoki/0.1.1 \
+ crate://crates.io/derivative/2.2.0 \
+ crate://crates.io/either/1.6.1 \
+ crate://crates.io/enumflags2/0.6.4 \
+ crate://crates.io/enumflags2_derive/0.6.4 \
+ crate://crates.io/env_logger/0.8.3 \
+ crate://crates.io/fixedbitset/0.2.0 \
+ crate://crates.io/getrandom/0.2.2 \
+ crate://crates.io/glob/0.3.0 \
+ crate://crates.io/hashbrown/0.9.1 \
+ crate://crates.io/heck/0.3.2 \
+ crate://crates.io/hermit-abi/0.1.18 \
+ crate://crates.io/hex/0.4.3 \
+ crate://crates.io/hostname-validator/1.0.0 \
+ crate://crates.io/humantime/2.1.0 \
+ crate://crates.io/indexmap/1.6.2 \
+ crate://crates.io/itertools/0.8.2 \
+ crate://crates.io/itertools/0.9.0 \
+ crate://crates.io/lazy_static/1.4.0 \
+ crate://crates.io/lazycell/1.3.0 \
+ crate://crates.io/libc/0.2.89 \
+ crate://crates.io/libloading/0.7.0 \
+ crate://crates.io/log/0.4.14 \
+ crate://crates.io/mbox/0.5.0 \
+ crate://crates.io/memchr/2.3.4 \
+ crate://crates.io/multimap/0.8.3 \
+ crate://crates.io/nom/5.1.2 \
+ crate://crates.io/num-bigint/0.3.2 \
+ crate://crates.io/num-complex/0.3.1 \
+ crate://crates.io/num-derive/0.3.3 \
+ crate://crates.io/num-integer/0.1.44 \
+ crate://crates.io/num-iter/0.1.42 \
+ crate://crates.io/num-rational/0.3.2 \
+ crate://crates.io/num-traits/0.2.14 \
+ crate://crates.io/num/0.3.1 \
+ crate://crates.io/num_cpus/1.13.0 \
+ crate://crates.io/oid/0.1.1 \
+ crate://crates.io/parsec-interface/0.24.0 \
+ crate://crates.io/peeking_take_while/0.1.2 \
+ crate://crates.io/petgraph/0.5.1 \
+ crate://crates.io/picky-asn1-der/0.2.4 \
+ crate://crates.io/picky-asn1-x509/0.4.0 \
+ crate://crates.io/picky-asn1/0.3.1 \
+ crate://crates.io/pkg-config/0.3.19 \
+ crate://crates.io/ppv-lite86/0.2.10 \
+ crate://crates.io/proc-macro-error-attr/1.0.4 \
+ crate://crates.io/proc-macro-error/1.0.4 \
+ crate://crates.io/proc-macro2/1.0.24 \
+ crate://crates.io/prost-build/0.6.1 \
+ crate://crates.io/prost-build/0.7.0 \
+ crate://crates.io/prost-derive/0.6.1 \
+ crate://crates.io/prost-derive/0.7.0 \
+ crate://crates.io/prost-types/0.6.1 \
+ crate://crates.io/prost-types/0.7.0 \
+ crate://crates.io/prost/0.6.1 \
+ crate://crates.io/prost/0.7.0 \
+ crate://crates.io/psa-crypto-sys/0.8.0 \
+ crate://crates.io/psa-crypto/0.8.0 \
+ crate://crates.io/quote/1.0.9 \
+ crate://crates.io/rand/0.8.3 \
+ crate://crates.io/rand_chacha/0.3.0 \
+ crate://crates.io/rand_core/0.6.2 \
+ crate://crates.io/rand_hc/0.3.0 \
+ crate://crates.io/redox_syscall/0.2.5 \
+ crate://crates.io/regex-syntax/0.6.23 \
+ crate://crates.io/regex/1.4.5 \
+ crate://crates.io/remove_dir_all/0.5.3 \
+ crate://crates.io/rust-cryptoauthlib/0.1.0 \
+ crate://crates.io/rustc-hash/1.1.0 \
+ crate://crates.io/rustc_version/0.2.3 \
+ crate://crates.io/same-file/1.0.6 \
+ crate://crates.io/sd-notify/0.2.0 \
+ crate://crates.io/secrecy/0.7.0 \
+ crate://crates.io/semver-parser/0.7.0 \
+ crate://crates.io/semver/0.9.0 \
+ crate://crates.io/serde/1.0.124 \
+ crate://crates.io/serde_bytes/0.11.5 \
+ crate://crates.io/serde_derive/1.0.124 \
+ crate://crates.io/shlex/0.1.1 \
+ crate://crates.io/signal-hook-registry/1.3.0 \
+ crate://crates.io/signal-hook/0.3.7 \
+ crate://crates.io/stable_deref_trait/1.2.0 \
+ crate://crates.io/strsim/0.8.0 \
+ crate://crates.io/structopt-derive/0.4.14 \
+ crate://crates.io/structopt/0.3.21 \
+ crate://crates.io/strum_macros/0.19.4 \
+ crate://crates.io/syn/1.0.64 \
+ crate://crates.io/synstructure/0.12.4 \
+ crate://crates.io/tempfile/3.2.0 \
+ crate://crates.io/termcolor/1.1.2 \
+ crate://crates.io/textwrap/0.11.0 \
+ crate://crates.io/thiserror-impl/1.0.24 \
+ crate://crates.io/thiserror/1.0.24 \
+ crate://crates.io/threadpool/1.8.1 \
+ crate://crates.io/toml/0.5.8 \
+ crate://crates.io/tss-esapi-sys/0.1.0 \
+ crate://crates.io/tss-esapi/5.0.0 \
+ crate://crates.io/unicode-segmentation/1.7.1 \
+ crate://crates.io/unicode-width/0.1.8 \
+ crate://crates.io/unicode-xid/0.2.1 \
+ crate://crates.io/users/0.11.0 \
+ crate://crates.io/uuid/0.8.2 \
+ crate://crates.io/vec_map/0.8.2 \
+ crate://crates.io/version/3.0.0 \
+ crate://crates.io/version_check/0.9.3 \
+ crate://crates.io/walkdir/2.3.1 \
+ crate://crates.io/wasi/0.10.2+wasi-snapshot-preview1 \
+ crate://crates.io/which/3.1.1 \
+ crate://crates.io/which/4.0.2 \
+ crate://crates.io/winapi-i686-pc-windows-gnu/0.4.0 \
+ crate://crates.io/winapi-util/0.1.5 \
+ crate://crates.io/winapi-x86_64-pc-windows-gnu/0.4.0 \
+ crate://crates.io/winapi/0.3.9 \
+ crate://crates.io/zeroize/1.2.0 \
+ crate://crates.io/zeroize_derive/1.0.1 \
+ file://cryptoki.patch \
+"
+
+LIC_FILES_CHKSUM = " \
+ file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57 \
+"
diff --git a/meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.3.0.bb b/meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.3.0.bb
new file mode 100644
index 0000000..939e771
--- /dev/null
+++ b/meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.3.0.bb
@@ -0,0 +1,18 @@
+SUMMARY = "Parsec Command Line Interface"
+HOMEPAGE = "https://github.com/parallaxsecond/parsec-tool"
+LICENSE = "Apache-2.0"
+
+inherit cargo
+
+SRC_URI += "crate://crates.io/parsec-tool/${PV} \
+"
+
+DEPENDS = "clang-native"
+INSANE_SKIP_${PN} += "dev-deps"
+
+do_install() {
+ install -d ${D}/${bindir}
+ install -m 755 "${B}/target/${TARGET_SYS}/release/parsec-tool" "${D}${bindir}/parsec-tool"
+}
+
+require parsec-tool_${PV}.inc
diff --git a/meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.3.0.inc b/meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.3.0.inc
new file mode 100644
index 0000000..9560dcf
--- /dev/null
+++ b/meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.3.0.inc
@@ -0,0 +1,127 @@
+# This file is created from parsec-tool repository Cargo.lock using cargo-bitbake tool
+
+SRC_URI += " \
+ crate://crates.io/aho-corasick/0.7.15 \
+ crate://crates.io/ansi_term/0.11.0 \
+ crate://crates.io/ansi_term/0.12.1 \
+ crate://crates.io/anyhow/1.0.38 \
+ crate://crates.io/atty/0.2.14 \
+ crate://crates.io/autocfg/1.0.1 \
+ crate://crates.io/base64/0.13.0 \
+ crate://crates.io/bincode/1.3.1 \
+ crate://crates.io/bitflags/1.2.1 \
+ crate://crates.io/block-buffer/0.9.0 \
+ crate://crates.io/byteorder/1.4.2 \
+ crate://crates.io/bytes/0.5.6 \
+ crate://crates.io/cc/1.0.66 \
+ crate://crates.io/cfg-if/1.0.0 \
+ crate://crates.io/clap/2.33.3 \
+ crate://crates.io/clap/3.0.0-beta.2 \
+ crate://crates.io/clap_derive/3.0.0-beta.2 \
+ crate://crates.io/cmake/0.1.45 \
+ crate://crates.io/cpuid-bool/0.1.2 \
+ crate://crates.io/derivative/2.2.0 \
+ crate://crates.io/digest/0.9.0 \
+ crate://crates.io/either/1.6.1 \
+ crate://crates.io/env_logger/0.8.3 \
+ crate://crates.io/fixedbitset/0.2.0 \
+ crate://crates.io/form_urlencoded/1.0.0 \
+ crate://crates.io/generic-array/0.14.4 \
+ crate://crates.io/getrandom/0.2.2 \
+ crate://crates.io/hashbrown/0.9.1 \
+ crate://crates.io/heck/0.3.2 \
+ crate://crates.io/hermit-abi/0.1.18 \
+ crate://crates.io/humantime/2.1.0 \
+ crate://crates.io/idna/0.2.1 \
+ crate://crates.io/indexmap/1.6.1 \
+ crate://crates.io/itertools/0.8.2 \
+ crate://crates.io/lazy_static/1.4.0 \
+ crate://crates.io/libc/0.2.86 \
+ crate://crates.io/log/0.4.14 \
+ crate://crates.io/matches/0.1.8 \
+ crate://crates.io/memchr/2.3.4 \
+ crate://crates.io/multimap/0.8.2 \
+ crate://crates.io/num-bigint/0.3.1 \
+ crate://crates.io/num-complex/0.3.1 \
+ crate://crates.io/num-derive/0.3.3 \
+ crate://crates.io/num-integer/0.1.44 \
+ crate://crates.io/num-iter/0.1.42 \
+ crate://crates.io/num-rational/0.3.2 \
+ crate://crates.io/num-traits/0.2.14 \
+ crate://crates.io/num/0.3.1 \
+ crate://crates.io/oid/0.1.1 \
+ crate://crates.io/once_cell/1.5.2 \
+ crate://crates.io/opaque-debug/0.3.0 \
+ crate://crates.io/os_str_bytes/2.4.0 \
+ crate://crates.io/parsec-client/0.12.0 \
+ crate://crates.io/parsec-interface/0.24.0 \
+ crate://crates.io/pem/0.8.3 \
+ crate://crates.io/percent-encoding/2.1.0 \
+ crate://crates.io/petgraph/0.5.1 \
+ crate://crates.io/picky-asn1-der/0.2.4 \
+ crate://crates.io/picky-asn1/0.3.1 \
+ crate://crates.io/ppv-lite86/0.2.10 \
+ crate://crates.io/proc-macro-error-attr/1.0.4 \
+ crate://crates.io/proc-macro-error/1.0.4 \
+ crate://crates.io/proc-macro2/1.0.24 \
+ crate://crates.io/prost-build/0.6.1 \
+ crate://crates.io/prost-derive/0.6.1 \
+ crate://crates.io/prost-types/0.6.1 \
+ crate://crates.io/prost/0.6.1 \
+ crate://crates.io/psa-crypto-sys/0.8.0 \
+ crate://crates.io/psa-crypto/0.8.0 \
+ crate://crates.io/quote/1.0.9 \
+ crate://crates.io/rand/0.8.3 \
+ crate://crates.io/rand_chacha/0.3.0 \
+ crate://crates.io/rand_core/0.6.2 \
+ crate://crates.io/rand_hc/0.3.0 \
+ crate://crates.io/redox_syscall/0.2.5 \
+ crate://crates.io/regex-syntax/0.6.22 \
+ crate://crates.io/regex/1.4.3 \
+ crate://crates.io/remove_dir_all/0.5.3 \
+ crate://crates.io/same-file/1.0.6 \
+ crate://crates.io/secrecy/0.7.0 \
+ crate://crates.io/serde/1.0.123 \
+ crate://crates.io/serde_bytes/0.11.5 \
+ crate://crates.io/serde_derive/1.0.123 \
+ crate://crates.io/sha2/0.9.3 \
+ crate://crates.io/strsim/0.10.0 \
+ crate://crates.io/strsim/0.8.0 \
+ crate://crates.io/structopt-derive/0.4.14 \
+ crate://crates.io/structopt/0.3.21 \
+ crate://crates.io/syn/1.0.60 \
+ crate://crates.io/synstructure/0.12.4 \
+ crate://crates.io/tempfile/3.2.0 \
+ crate://crates.io/termcolor/1.1.2 \
+ crate://crates.io/textwrap/0.11.0 \
+ crate://crates.io/textwrap/0.12.1 \
+ crate://crates.io/thiserror-impl/1.0.23 \
+ crate://crates.io/thiserror/1.0.23 \
+ crate://crates.io/thread_local/1.1.3 \
+ crate://crates.io/tinyvec/1.1.1 \
+ crate://crates.io/tinyvec_macros/0.1.0 \
+ crate://crates.io/typenum/1.12.0 \
+ crate://crates.io/unicode-bidi/0.3.4 \
+ crate://crates.io/unicode-normalization/0.1.17 \
+ crate://crates.io/unicode-segmentation/1.7.1 \
+ crate://crates.io/unicode-width/0.1.8 \
+ crate://crates.io/unicode-xid/0.2.1 \
+ crate://crates.io/url/2.2.0 \
+ crate://crates.io/users/0.10.0 \
+ crate://crates.io/uuid/0.8.2 \
+ crate://crates.io/vec_map/0.8.2 \
+ crate://crates.io/version_check/0.9.2 \
+ crate://crates.io/walkdir/2.3.1 \
+ crate://crates.io/wasi/0.10.2+wasi-snapshot-preview1 \
+ crate://crates.io/which/3.1.1 \
+ crate://crates.io/winapi-i686-pc-windows-gnu/0.4.0 \
+ crate://crates.io/winapi-util/0.1.5 \
+ crate://crates.io/winapi-x86_64-pc-windows-gnu/0.4.0 \
+ crate://crates.io/winapi/0.3.9 \
+ crate://crates.io/zeroize/1.2.0 \
+ crate://crates.io/zeroize_derive/1.0.1 \
+"
+
+LIC_FILES_CHKSUM = " \
+ file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57 \
+"



Re: [meta-security][PATCH] initramfs-framework-ima: introduce IMA_FORCE

Armin Kuster
 

merged,
Thanks

On 4/8/21 11:38 AM, Ming Liu wrote:
From: Ming Liu <liu.ming50@...>

Introduce IMA_FORCE to allow the IMA policy be applied forcely even
'no_ima' boot parameter is available.

This ensures the end users have a way to disable 'no_ima' support if
they want to, because it may expose a security risk if an attacker can
find a way to change kernel arguments, it will easily bypass rootfs
authenticity checks.

Signed-off-by: Sergio Prado <sergio.prado@...>
Signed-off-by: Ming Liu <liu.ming50@...>
---
.../initrdscripts/initramfs-framework-ima.bb | 5 +++++
.../initrdscripts/initramfs-framework-ima/ima | 9 +++++++--
2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb b/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb
index 77f6f7c..6471c53 100644
--- a/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb
+++ b/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb
@@ -14,6 +14,9 @@ LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384
# to this recipe can just point towards one of its own files.
IMA_POLICY ?= "ima-policy-hashed"

+# Force proceed IMA procedure even 'no_ima' boot parameter is available.
+IMA_FORCE ?= "false"
+
SRC_URI = " file://ima"

inherit features_check
@@ -23,6 +26,8 @@ do_install () {
install -d ${D}/${sysconfdir}/ima
install -d ${D}/init.d
install ${WORKDIR}/ima ${D}/init.d/20-ima
+
+ sed -i "s/@@FORCE_IMA@@/${IMA_FORCE}/g" ${D}/init.d/20-ima
}

FILES_${PN} = "/init.d ${sysconfdir}"
diff --git a/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima/ima b/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima/ima
index cff26a3..8971494 100644
--- a/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima/ima
+++ b/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima/ima
@@ -2,11 +2,16 @@
#
# Loads IMA policy into the kernel.

+force_ima=@@FORCE_IMA@@
+
ima_enabled() {
- if [ "$bootparam_no_ima" = "true" ]; then
+ if [ "$force_ima" = "true" ]; then
+ return 0
+ elif [ "$bootparam_no_ima" = "true" ]; then
return 1
+ else
+ return 0
fi
- return 0
}

ima_run() {



Re: [meta-security][PATCH] Use libest "main" branch instead of "master".

Armin Kuster
 

merged

thanks,
armin

On 4/7/21 3:19 AM, Anton Antonov wrote:
This patch fixes the issue:

WARNING: libest-3.2.0-r0 do_fetch: Failed to fetch URL git://github.com/cisco/libest, attempting MIRRORS if available
ERROR: libest-3.2.0-r0 do_fetch: Fetcher failure: Unable to find revision 4ca02c6d7540f2b1bcea278a4fbe373daac7103b in branch master even from upstream
ERROR: libest-3.2.0-r0 do_fetch: Fetcher failure for URL: 'git://github.com/cisco/libest'. Unable to fetch URL from any source.

Signed-off-by: Anton Antonov <Anton.Antonov@...>
---
recipes-security/libest/libest_3.2.0.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-security/libest/libest_3.2.0.bb b/recipes-security/libest/libest_3.2.0.bb
index f993bd6..5b6dc99 100644
--- a/recipes-security/libest/libest_3.2.0.bb
+++ b/recipes-security/libest/libest_3.2.0.bb
@@ -6,7 +6,7 @@ LICENSE = "OpenSSL"
LIC_FILES_CHKSUM = "file://LICENSE;md5=ecb78acde8e3b795de8ef6b61aed5885"

SRCREV = "4ca02c6d7540f2b1bcea278a4fbe373daac7103b"
-SRC_URI = "git://github.com/cisco/libest"
+SRC_URI = "git://github.com/cisco/libest;branch=main"

DEPENDS = "openssl"




Re: [meta-security][PATCH] meta: drop IMA_POLICY from policy recipes

Armin Kuster
 

merged.

thanks
-armin

On 3/22/21 6:02 AM, liu.ming50@... wrote:
From: Ming Liu <liu.ming50@...>

IMA_POLICY is being referred as policy recipe name in some places and it
is also being referred as policy file in other places, they are
conflicting with each other which make it impossible to set a IMA_POLICY
global variable in config file.

Fix it by dropping IMA_POLICY definitions from policy recipes

Signed-off-by: Ming Liu <liu.ming50@...>
---
.../ima-policy-appraise-all_1.0.bb | 9 ++-------
.../ima_policy_hashed/ima-policy-hashed_1.0.bb | 9 ++-------
.../ima_policy_simple/ima-policy-simple_1.0.bb | 9 ++-------
3 files changed, 6 insertions(+), 21 deletions(-)

diff --git a/meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb b/meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb
index da62a4c..84ea161 100644
--- a/meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb
+++ b/meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb
@@ -2,19 +2,14 @@ SUMMARY = "IMA sample simple appraise policy "
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"

-# This policy file will get installed as /etc/ima/ima-policy.
-# It is located via the normal file search path, so a .bbappend
-# to this recipe can just point towards one of its own files.
-IMA_POLICY ?= "ima_policy_appraise_all"
-
-SRC_URI = " file://${IMA_POLICY}"
+SRC_URI = " file://ima_policy_appraise_all"

inherit features_check
REQUIRED_DISTRO_FEATURES = "ima"

do_install () {
install -d ${D}/${sysconfdir}/ima
- install ${WORKDIR}/${IMA_POLICY} ${D}/${sysconfdir}/ima/ima-policy
+ install ${WORKDIR}/ima_policy_appraise_all ${D}/${sysconfdir}/ima/ima-policy
}

FILES_${PN} = "${sysconfdir}/ima"
diff --git a/meta-integrity/recipes-security/ima_policy_hashed/ima-policy-hashed_1.0.bb b/meta-integrity/recipes-security/ima_policy_hashed/ima-policy-hashed_1.0.bb
index ebb0426..ff7169e 100644
--- a/meta-integrity/recipes-security/ima_policy_hashed/ima-policy-hashed_1.0.bb
+++ b/meta-integrity/recipes-security/ima_policy_hashed/ima-policy-hashed_1.0.bb
@@ -2,13 +2,8 @@ SUMMARY = "IMA sample hash policy"
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"

-# This policy file will get installed as /etc/ima/ima-policy.
-# It is located via the normal file search path, so a .bbappend
-# to this recipe can just point towards one of its own files.
-IMA_POLICY ?= "ima_policy_hashed"
-
SRC_URI = " \
- file://${IMA_POLICY} \
+ file://ima_policy_hashed \
"

inherit features_check
@@ -16,7 +11,7 @@ REQUIRED_DISTRO_FEATURES = "ima"

do_install () {
install -d ${D}/${sysconfdir}/ima
- install ${WORKDIR}/${IMA_POLICY} ${D}/${sysconfdir}/ima/ima-policy
+ install ${WORKDIR}/ima_policy_hashed ${D}/${sysconfdir}/ima/ima-policy
}

FILES_${PN} = "${sysconfdir}/ima"
diff --git a/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb b/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb
index cb4b6b8..0e56aec 100644
--- a/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb
+++ b/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb
@@ -2,19 +2,14 @@ SUMMARY = "IMA sample simple policy"
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"

-# This policy file will get installed as /etc/ima/ima-policy.
-# It is located via the normal file search path, so a .bbappend
-# to this recipe can just point towards one of its own files.
-IMA_POLICY ?= "ima_policy_simple"
-
-SRC_URI = " file://${IMA_POLICY}"
+SRC_URI = " file://ima_policy_simple"

inherit features_check
REQUIRED_DISTRO_FEATURES = "ima"

do_install () {
install -d ${D}/${sysconfdir}/ima
- install ${WORKDIR}/${IMA_POLICY} ${D}/${sysconfdir}/ima/ima-policy
+ install ${WORKDIR}/ima_policy_simple ${D}/${sysconfdir}/ima/ima-policy
}

FILES_${PN} = "${sysconfdir}/ima"


[meta-security][PATCH] gitlab-ci: Move all parsec builds into a separate job

Anton Antonov
 

Signed-off-by: Anton Antonov <Anton.Antonov@...>
---
.gitlab-ci.yml | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index f673ef6..f155ba0 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -27,7 +27,6 @@ qemux86:
extends: .build
script:
- kas build --target security-build-image kas/$CI_JOB_NAME.yml
- - kas build --target security-build-image kas/$CI_JOB_NAME-parsec.yml
- kas build --target security-build-image kas/$CI_JOB_NAME-comp.yml
- kas build --target harden-image-minimal kas/$CI_JOB_NAME-harden.yml
- kas build --target integrity-image-minimal kas/$CI_JOB_NAME-ima.yml
@@ -36,7 +35,6 @@ qemux86-64:
extends: .build
script:
- kas build --target security-build-image kas/$CI_JOB_NAME.yml
- - kas build --target security-build-image kas/$CI_JOB_NAME-parsec.yml
- kas build --target dm-verity-image-initramfs kas/$CI_JOB_NAME-dm-verify.yml
- kas build --target integrity-image-minimal kas/$CI_JOB_NAME-ima.yml

@@ -44,20 +42,17 @@ qemuarm:
extends: .build
script:
- kas build --target security-build-image kas/$CI_JOB_NAME.yml
- - kas build --target security-build-image kas/$CI_JOB_NAME-parsec.yml

qemuarm64:
extends: .build
script:
- kas build --target security-build-image kas/$CI_JOB_NAME.yml
- - kas build --target security-build-image kas/$CI_JOB_NAME-parsec.yml
- kas build --target integrity-image-minimal kas/$CI_JOB_NAME-ima.yml

qemuppc:
extends: .build
script:
- kas build --target security-build-image kas/$CI_JOB_NAME.yml
- - kas build --target security-build-image kas/$CI_JOB_NAME-parsec.yml

qemumips64:
extends: .build
@@ -127,3 +122,12 @@ qemux86-test:
- kas build --target security-test-image kas/$CI_JOB_NAME.yml
- kas build -c testimage --target security-test-image kas/$CI_JOB_NAME.yml

+
+parsec:
+ extends: .build
+ script:
+ - kas build --target security-build-image kas/qemuarm-$CI_JOB_NAME.yml
+ - kas build --target security-build-image kas/qemuarm64-$CI_JOB_NAME.yml
+ - kas build --target security-build-image kas/qemux86-$CI_JOB_NAME.yml
+ - kas build --target security-build-image kas/qemux86-64-$CI_JOB_NAME.yml
+ - kas build --target security-build-image kas/qemuppc-$CI_JOB_NAME.yml
--
2.20.1


Re: bitbake controlling memory use

Richard Purdie
 

On Tue, 2021-04-13 at 21:14 -0400, Randy MacLeod wrote:
On 2021-04-11 12:19 p.m., Alexander Kanavin wrote:
make already has -l option for limiting new instances if load average is
too high, so it's only natural to add a RAM limiter too.

   -l [N], --load-average[=N], --max-load[=N]
                               Don't start multiple jobs unless load is
below N.

In any case, patches welcome :)
During today's Yocto technical call (1),
we talked about approaches to limiting the system load and avoiding
swap and/or OOM events. Here's what (little!) i recall from the
discussion, 9 busy hours later.

In the short run, instead of independently maintaining changes to
configurations to limit parallelism or xz memory usage, etc, we
could develop an optional common include file where such limits
are shared across the community.

In the longer run, changes to how bitbake schedules work may be needed.

Richard says that there was a make/build server idea and maybe even a
patch from a while ago. It may be in one of his poky-contrib branches.
I took a few minutes to look but nothing popped up. A set of keywords to
search for might help me find it.
http://git.yoctoproject.org/cgit.cgi/poky-contrib/commit/?h=rpurdie/wipqueue4&id=d66a327fb6189db5de8bc489859235dcba306237

Cheers,

Richard


Re: bitbake controlling memory use

Khem Raj
 

I use

BUILDHISTORY_COMMIT_forcevariable = "1"
PARALLEL_MAKE = "-j 11"
BB_NUMBER_THREADS = "11"
INHERIT += "rm_work"
XZ_DEFAULTS = "--threads=8"

On Tue, Apr 13, 2021 at 6:15 PM Randy MacLeod
<randy.macleod@...> wrote:

On 2021-04-11 12:19 p.m., Alexander Kanavin wrote:
make already has -l option for limiting new instances if load average is
too high, so it's only natural to add a RAM limiter too.

-l [N], --load-average[=N], --max-load[=N]
Don't start multiple jobs unless load is
below N.

In any case, patches welcome :)
During today's Yocto technical call (1),
we talked about approaches to limiting the system load and avoiding
swap and/or OOM events. Here's what (little!) i recall from the
discussion, 9 busy hours later.

In the short run, instead of independently maintaining changes to
configurations to limit parallelism or xz memory usage, etc, we
could develop an optional common include file where such limits
are shared across the community.

In the longer run, changes to how bitbake schedules work may be needed.

Richard says that there was a make/build server idea and maybe even a
patch from a while ago. It may be in one of his poky-contrib branches.
I took a few minutes to look but nothing popped up. A set of keywords to
search for might help me find it.

Someone mentioned that while ninja has not been open to accepting any
patches that would complicate and potentially slow down builds, there
is a fork of ninja calls 'samurai' that does seem to be open to some
improvements that we could benefit from.

It was also suggested that there were existing defects in the YP BZ (2)
but I didn't find any earlier and it's too late in my day to start
looking now! If no one replies with a relevant BZ ID, I'll create one.

I'm sure I missed some things that were mentioned but Trevor Woerner
sometimes takes notes so I'll check on them once / if they are sent out.

../Randy


1) https://www.yoctoproject.org/public-virtual-meetings/

2) https://bugzilla.yoctoproject.org/


Alex

On Sun, 11 Apr 2021 at 18:08, Gmane Admin <gley-yocto@m.gmane-mx.org
<mailto:gley-yocto@m.gmane-mx.org>> wrote:

Op 11-04-2021 om 17:55 schreef Alexander Kanavin:
> On Sun, 11 Apr 2021 at 17:49, Gmane Admin
<gley-yocto@m.gmane-mx.org <mailto:gley-yocto@m.gmane-mx.org>
> <mailto:gley-yocto@m.gmane-mx.org
<mailto:gley-yocto@m.gmane-mx.org>>> wrote:
>
> Yes, and make project doesn't care, because make is called
with -j
> 16 so
> that is what it does.
>
> So here's my pitch: bitbake can stop processes spawned by
make, because
> it knows that it started make on 4 recipies, each with -j 16. The
> individual makes don't know about each other.
>
>
> And neither they should. They can simply abstain from spawning new
> compilers if used RAM is, say, at 90% total. Then bitbake does
not have
> to get involved in babysitting those makes.
>
> Alex
Bitbake does a lot of babysitting anyway :-) And is pretty good at
it too.

To me, fixing make et al. is more work and less effective then adding a
feature to bitbake. The only way to know how much memory the compiler
will use for each spawned compiler is to let it run. And then it's
too late.

This memory issue is all over our eco system and nobody cares (kernel,
make etc.) The only thing moving is systemd's oom killer will arrive
and
start killing processes. So that will just stop our builds from
completing.

Yeah, I prefer a babysitter over a child murderer :-)

Ferry








--
# Randy MacLeod
# Wind River Linux



Re: [qa-build-notification] QA notification for completed autobuilder build (yocto-3.1.7.rc1)

Sangeeta Jain
 

Hi all,

Intel and WR YP QA is planning for QA execution for YP build yocto-3.1.7.rc1 We are planning to execute following tests for this cycle:

OEQA-manual tests for following module:
1. OE-Core
2. BSP-hw

Runtime auto test for following platforms:
1. MinnowTurbot 32-bit
2. Coffee Lake
3. NUC 7
4. NUC 6
5. Edgerouter
6. Beaglebone

ETA for completion is next Monday, April 19


Thanks,
Sangeeta

-----Original Message-----
From: qa-build-notification@... <qa-build-
notification@...> On Behalf Of Pokybuild User
Sent: Wednesday, 14 April, 2021 5:55 AM
To: yocto@...
Cc: qa-build-notification@...
Subject: [qa-build-notification] QA notification for completed autobuilder build
(yocto-3.1.7.rc1)


A build flagged for QA (yocto-3.1.7.rc1) was completed on the autobuilder and is
available at:


https://autobuilder.yocto.io/pub/releases/yocto-3.1.7.rc1


Build hash information:

bitbake: 017a39ed05d065bf28fd38f91bcde8a098300551
meta-arm: 1cf8b975e1c40bf8e8c0bf315db5d4cddcb01a7b
meta-gplv2: 60b251c25ba87e946a0ca4cdc8d17b1cb09292ac
meta-intel: 4bd62a7e154b8c9e8a114f452d3b062d8d058118
meta-kernel: 29329d7cacc71595cecfdd05a455a0cfb164564d
meta-mingw: 524de686205b5d6736661d4532f5f98fee8589b7
oecore: a3de6239e98efafe3668396e69133ffee3d9b27f
poky: 13f4ddf50eccaeed96a40a5f1a1d4173e677e98a



This is an automated message from the Yocto Project Autobuilder
Git: git://git.yoctoproject.org/yocto-autobuilder2
Email: richard.purdie@...







[meta-mingw] [PATCH] mingw-w64: Check for __builtin_ia32_rdtsc

Khem Raj
 

Signed-off-by: Khem Raj <raj.khem@...>
---
...rincs-Check-for-__builtin_ia32_rdtsc.patch | 33 +++++++++++++++++++
.../nativesdk-mingw-w64-runtime_7.0.0.bb | 2 ++
2 files changed, 35 insertions(+)
create mode 100644 recipes-devtools/mingw-w64/files/0001-intrincs-Check-for-__builtin_ia32_rdtsc.patch

diff --git a/recipes-devtools/mingw-w64/files/0001-intrincs-Check-for-__builtin_ia32_rdtsc.patch b/recipes-devtools/mingw-w64/files/0001-intrincs-Check-for-__builtin_ia32_rdtsc.patch
new file mode 100644
index 0000000..ce4ba81
--- /dev/null
+++ b/recipes-devtools/mingw-w64/files/0001-intrincs-Check-for-__builtin_ia32_rdtsc.patch
@@ -0,0 +1,33 @@
+From 346de7591f58015d111f4d4f3b001382c04d5557 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@...>
+Date: Tue, 13 Apr 2021 18:44:25 -0700
+Subject: [PATCH] intrincs: Check for __builtin_ia32_rdtsc
+
+on modern gcc ( >=4.6 ) __rdtsc function is implemented using
+special builtin function called __builtin_ia32_rdtsc, its actually
+a define in gcc, so __has_builtin check fails for __rdtsc even
+though it is defined to imply __builtin_ia32_rdtsc(), therefore
+check for existence of __builtin_ia32_rdtsc as well
+
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem@...>
+---
+ mingw-w64-crt/intrincs/rdtsc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/mingw-w64-crt/intrincs/rdtsc.c b/mingw-w64-crt/intrincs/rdtsc.c
+index bf9c03b..df04711 100644
+--- a/mingw-w64-crt/intrincs/rdtsc.c
++++ b/mingw-w64-crt/intrincs/rdtsc.c
+@@ -11,7 +11,7 @@
+ #define __has_builtin(x) 0
+ #endif
+
+-#if !__has_builtin(__rdtsc)
++#if !__has_builtin(__rdtsc) && !__has_builtin(__builtin_ia32_rdtsc)
+ unsigned __int64 __rdtsc(void)
+ {
+ #ifdef _WIN64
+--
+2.31.1
+
diff --git a/recipes-devtools/mingw-w64/nativesdk-mingw-w64-runtime_7.0.0.bb b/recipes-devtools/mingw-w64/nativesdk-mingw-w64-runtime_7.0.0.bb
index 9f79ffe..0368841 100644
--- a/recipes-devtools/mingw-w64/nativesdk-mingw-w64-runtime_7.0.0.bb
+++ b/recipes-devtools/mingw-w64/nativesdk-mingw-w64-runtime_7.0.0.bb
@@ -2,6 +2,8 @@ DESCRIPTION = "Runtime libraries from MinGW-w64 project"

require mingw-w64.inc

+SRC_URI += "file://0001-intrincs-Check-for-__builtin_ia32_rdtsc.patch;striplevel=2"
+
S = "${WORKDIR}/mingw-w64-v${PV}/mingw-w64-crt"
B = "${WORKDIR}/build-${TARGET_SYS}"

--
2.31.1


[meta-security][PATCH 2/2] lkrg-module: Add Linux Kernel Runtime Guard

Armin Kuster
 

For more info see: https://github.com/openwall/lkrg

Add to local.conf:
IMAGE_INSTALL_append = " kernel-module-lkrg"

Need these kconfig options enabled:
CONFIG_KALLSYMS_ALL=y
CONFIG_JUMP_LABEL=y
CONFIG_DEBUG_KERNEL=y

To invoke module:

sudo insmod {path-to-modules}/p_lkrg.ko kint_enforce=1

Signed-off-by: Armin Kuster <akuster808@...>
---
.../lkrg/files/makefile_cleanup.patch | 73 +++++++++++++++++++
recipes-kernel/lkrg/lkrg-module_0.9.0.bb | 33 +++++++++
2 files changed, 106 insertions(+)
create mode 100644 recipes-kernel/lkrg/files/makefile_cleanup.patch
create mode 100644 recipes-kernel/lkrg/lkrg-module_0.9.0.bb

diff --git a/recipes-kernel/lkrg/files/makefile_cleanup.patch b/recipes-kernel/lkrg/files/makefile_cleanup.patch
new file mode 100644
index 0000000..106dc3f
--- /dev/null
+++ b/recipes-kernel/lkrg/files/makefile_cleanup.patch
@@ -0,0 +1,73 @@
+Upstream-Status: Pending
+
+This needs more work. Its my starting point.
+
+Signed-off-by: Armin Kuster <akuster808@...>
+
+Index: lkrg-0.9.0/Makefile
+===================================================================
+--- lkrg-0.9.0.orig/Makefile
++++ lkrg-0.9.0/Makefile
+@@ -4,28 +4,10 @@
+ # Author:
+ # - Adam 'pi3' Zabrocki (http://pi3.com.pl)
+ ##
+-
+-P_OUTPUT = output
+ P_PWD ?= $(shell pwd)
+-P_KVER ?= $(shell uname -r)
+-P_BOOTUP_SCRIPT ?= scripts/bootup/lkrg-bootup.sh
+-TARGET := p_lkrg
+-ifneq ($(KERNELRELEASE),)
+- KERNEL := /lib/modules/$(KERNELRELEASE)/build
+-else
+- ## KERNELRELEASE not set.
+- KERNEL := /lib/modules/$(P_KVER)/build
+-endif
+-
+-#
+-# Uncomment for debug compilation
+-#
+-# ccflags-m := -ggdb -DP_LKRG_DEBUG_BUILD -finstrument-functions
+-# ccflags-y := ${ccflags-m}
+-# p_lkrg-objs += src/modules/print_log/p_lkrg_debug_log.o
+
+-obj-m += $(TARGET).o
+-$(TARGET)-objs += src/modules/ksyms/p_resolve_ksym.o \
++obj-m := p_lkrg.o
++p_lkrg-y := src/modules/ksyms/p_resolve_ksym.o \
+ src/modules/hashing/p_lkrg_fast_hash.o \
+ src/modules/comm_channel/p_comm_channel.o \
+ src/modules/integrity_timer/p_integrity_timer.o \
+@@ -91,23 +73,14 @@ $(TARGET)-objs += src/modules/ksyms/p_re
+ src/p_lkrg_main.o
+
+
+-all:
+-# $(MAKE) -C $(KERNEL) M=$(P_PWD) modules CONFIG_DEBUG_SECTION_MISMATCH=y
+- $(MAKE) -C $(KERNEL) M=$(P_PWD) modules
+- mkdir -p $(P_OUTPUT)
+- cp $(P_PWD)/$(TARGET).ko $(P_OUTPUT)
+-
+-install:
+- $(MAKE) -C $(KERNEL) M=$(P_PWD) modules_install
+- depmod -a
+- $(P_PWD)/$(P_BOOTUP_SCRIPT) install
+
+-uninstall:
+- $(P_PWD)/$(P_BOOTUP_SCRIPT) uninstall
++modules:
++ $(MAKE) -C $(KERNEL_SRC) M=$(P_PWD) modules
++
++modules_install:
++ $(MAKE) -C $(KERNEL_SRC) M=$(P_PWD) modules_install
+
+ clean:
+- $(MAKE) -C $(KERNEL) M=$(P_PWD) clean
+- $(RM) Module.markers modules.order
+- $(RM) $(P_PWD)/src/modules/kmod/client/kmod/Module.markers
+- $(RM) $(P_PWD)/src/modules/kmod/client/kmod/modules.order
+- $(RM) -rf $(P_OUTPUT)
++ rm -f *.o *~ core .depend .*.cmd *.ko *.mod.c
++ rm -f Module.markers Module.symvers modules.order
++ rm -rf .tmp_versions Modules.symvers
diff --git a/recipes-kernel/lkrg/lkrg-module_0.9.0.bb b/recipes-kernel/lkrg/lkrg-module_0.9.0.bb
new file mode 100644
index 0000000..dbc195d
--- /dev/null
+++ b/recipes-kernel/lkrg/lkrg-module_0.9.0.bb
@@ -0,0 +1,33 @@
+SUMMARY = "Linux Kernel Runtime Guard"
+DESCRIPTION="LKRG performs runtime integrity checking of the Linux \
+kernel and detection of security vulnerability exploits against the kernel."
+SECTION = "security"
+HOMEPAGE = "https://www.openwall.com/lkrg/"
+LICENSE = "GPLv2"
+
+LIC_FILES_CHKSUM = "file://LICENSE;md5=d931f44a1f4be309bcdac742d7ed92f9"
+
+DEPENDS = "virtual/kernel elfutils"
+
+SRC_URI = "https://www.openwall.com/lkrg/lkrg-${PV}.tar.gz \
+ file://makefile_cleanup.patch "
+
+SRC_URI[sha256sum] = "a997e4d98962c359f3af163bbcfa38a736d2a50bfe35c15065b74cb57f8742bf"
+
+S = "${WORKDIR}/lkrg-${PV}"
+
+inherit module kernel-module-split
+
+MAKE_TARGETS = "modules"
+
+MODULE_NAME = "p_lkrg"
+
+module_do_install() {
+ install -d ${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/kernel/${MODULE_NAME}
+ install -m 0644 ${MODULE_NAME}.ko \
+ ${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/kernel/${MODULE_NAME}/${MODULE_NAME}.ko
+}
+
+RPROVIDES_${PN} += "kernel-module-lkrg"
+
+COMPATIBLE_HOST = "(i.86|x86_64|arm|aarch64).*-linux"
--
2.25.1


[meta-security][PATCH 1/2] clamav: remove rest of mirror.dat ref

Armin Kuster
 

Signed-off-by: Armin Kuster <akuster808@...>
---
recipes-scanners/clamav/clamav_0.104.0.bb | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/recipes-scanners/clamav/clamav_0.104.0.bb b/recipes-scanners/clamav/clamav_0.104.0.bb
index ba036b0..36e498d 100644
--- a/recipes-scanners/clamav/clamav_0.104.0.bb
+++ b/recipes-scanners/clamav/clamav_0.104.0.bb
@@ -31,7 +31,7 @@ inherit cmake chrpath pkgconfig useradd systemd multilib_header multilib_script
CLAMAV_UID ?= "clamav"
CLAMAV_GID ?= "clamav"

-MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/clamav-config ${PN}-cvd:${localstatedir}/lib/clamav/mirrors.dat"
+MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/clamav-config"

EXTRA_OECMAKE = " -DCMAKE_BUILD_TYPE=Release -DOPTIMIZE=ON -DENABLE_JSON_SHARED=OFF \
-DCLAMAV_GROUP=${CLAMAV_GID} -DCLAMAV_USER=${CLAMAV_UID} \
@@ -85,7 +85,7 @@ pkg_postinst_ontarget_${PN} () {
}


-PACKAGES = "${PN} ${PN}-dev ${PN}-dbg ${PN}-daemon ${PN}-doc ${PN}-cvd \
+PACKAGES = "${PN} ${PN}-dev ${PN}-dbg ${PN}-daemon ${PN}-doc \
${PN}-clamdscan ${PN}-freshclam ${PN}-libclamav ${PN}-staticdev"

FILES_${PN} = "${bindir}/clambc ${bindir}/clamscan ${bindir}/clamsubmit ${sbindir}/clamonacc \
@@ -134,8 +134,6 @@ FILES_${PN}-doc = "${mandir}/man/* \
${datadir}/man/* \
${docdir}/* "

-FILES_${PN}-cvd = "${localstatedir}/lib/clamav/*.cvd ${localstatedir}/lib/clamav/*.dat"
-
USERADD_PACKAGES = "${PN}"
GROUPADD_PARAM_${PN} = "--system ${CLAMAV_UID}"
USERADD_PARAM_${PN} = "--system -g ${CLAMAV_GID} --home-dir \
--
2.25.1


Re: bitbake controlling memory use

Randy MacLeod
 

On 2021-04-11 12:19 p.m., Alexander Kanavin wrote:
make already has -l option for limiting new instances if load average is too high, so it's only natural to add a RAM limiter too.
  -l [N], --load-average[=N], --max-load[=N]
                              Don't start multiple jobs unless load is below N.
In any case, patches welcome :)
During today's Yocto technical call (1),
we talked about approaches to limiting the system load and avoiding
swap and/or OOM events. Here's what (little!) i recall from the
discussion, 9 busy hours later.

In the short run, instead of independently maintaining changes to
configurations to limit parallelism or xz memory usage, etc, we
could develop an optional common include file where such limits
are shared across the community.

In the longer run, changes to how bitbake schedules work may be needed.

Richard says that there was a make/build server idea and maybe even a
patch from a while ago. It may be in one of his poky-contrib branches.
I took a few minutes to look but nothing popped up. A set of keywords to
search for might help me find it.

Someone mentioned that while ninja has not been open to accepting any
patches that would complicate and potentially slow down builds, there
is a fork of ninja calls 'samurai' that does seem to be open to some
improvements that we could benefit from.

It was also suggested that there were existing defects in the YP BZ (2)
but I didn't find any earlier and it's too late in my day to start
looking now! If no one replies with a relevant BZ ID, I'll create one.

I'm sure I missed some things that were mentioned but Trevor Woerner
sometimes takes notes so I'll check on them once / if they are sent out.

../Randy


1) https://www.yoctoproject.org/public-virtual-meetings/

2) https://bugzilla.yoctoproject.org/

Alex
On Sun, 11 Apr 2021 at 18:08, Gmane Admin <gley-yocto@m.gmane-mx.org <mailto:gley-yocto@m.gmane-mx.org>> wrote:
Op 11-04-2021 om 17:55 schreef Alexander Kanavin:
> On Sun, 11 Apr 2021 at 17:49, Gmane Admin
<gley-yocto@m.gmane-mx.org <mailto:gley-yocto@m.gmane-mx.org>
> <mailto:gley-yocto@m.gmane-mx.org
<mailto:gley-yocto@m.gmane-mx.org>>> wrote:
>
>     Yes, and make project doesn't care, because make is called
with -j
>     16 so
>     that is what it does.
>
>     So here's my pitch: bitbake can stop processes spawned by
make, because
>     it knows that it started make on 4 recipies, each with -j 16. The
>     individual makes don't know about each other.
>
>
> And neither they should. They can simply abstain from spawning new
> compilers if used RAM is, say, at 90% total. Then bitbake does
not have
> to get involved in babysitting those makes.
>
> Alex
Bitbake does a lot of babysitting anyway :-) And is pretty good at
it too.
To me, fixing make et al. is more work and less effective then adding a
feature to bitbake. The only way to know how much memory the compiler
will use for each spawned compiler is to let it run. And then it's
too late.
This memory issue is all over our eco system and nobody cares (kernel,
make etc.) The only thing moving is systemd's oom killer will arrive
and
start killing processes. So that will just stop our builds from
completing.
Yeah, I prefer a babysitter over a child murderer :-)
Ferry

--
# Randy MacLeod
# Wind River Linux


QA notification for completed autobuilder build (yocto-3.1.7.rc1)

Pokybuild User <pokybuild@...>
 

A build flagged for QA (yocto-3.1.7.rc1) was completed on the autobuilder and is available at:


https://autobuilder.yocto.io/pub/releases/yocto-3.1.7.rc1


Build hash information:

bitbake: 017a39ed05d065bf28fd38f91bcde8a098300551
meta-arm: 1cf8b975e1c40bf8e8c0bf315db5d4cddcb01a7b
meta-gplv2: 60b251c25ba87e946a0ca4cdc8d17b1cb09292ac
meta-intel: 4bd62a7e154b8c9e8a114f452d3b062d8d058118
meta-kernel: 29329d7cacc71595cecfdd05a455a0cfb164564d
meta-mingw: 524de686205b5d6736661d4532f5f98fee8589b7
oecore: a3de6239e98efafe3668396e69133ffee3d9b27f
poky: 13f4ddf50eccaeed96a40a5f1a1d4173e677e98a



This is an automated message from the Yocto Project Autobuilder
Git: git://git.yoctoproject.org/yocto-autobuilder2
Email: richard.purdie@...


[PATCH yocto-autobuilder-helper 4/4] generate-testresult-index.py: publish host data collected by collect-data template

sakib.sajal@...
 

Add a column "Host Data" to publish the host data collected.

Signed-off-by: Sakib Sajal <sakib.sajal@...>
Signed-off-by: Randy MacLeod <Randy.MacLeod@...>
---
scripts/generate-testresult-index.py | 18 +++++++++++++++++-
1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/scripts/generate-testresult-index.py b/scripts/generate-testresult-index.py
index d9d577e..7fdc17c 100755
--- a/scripts/generate-testresult-index.py
+++ b/scripts/generate-testresult-index.py
@@ -33,6 +33,7 @@ index_templpate = """
<th>Performance Reports</th>
<th>ptest Logs</th>
<th>Buildhistory</th>
+ <th>Host Data</th>
</tr>
</thead>
<tdata>
@@ -57,6 +58,11 @@ index_templpate = """
<a href="{{bh[0]}}">{{bh[1]}}</a>
{% endfor %}
</td>
+ <td>
+ {% for hd in entry[8] %}
+ <a href="{{hd[0]}}">{{hd[1]}}</a>
+ {% endfor %}
+ </td>
</tr>
{% endfor %}
</tdata>
@@ -145,9 +151,19 @@ for build in sorted(os.listdir(path), key=keygen, reverse=True):
if os.path.exists(buildpath + "/qemuarm/buildhistory.txt"):
buildhistory.append((reldir + "testresults/qemuarm/buildhistory.txt", "qemuarm"))

+ hd = []
+ counter = 0
+ # do we really need the loop?
+ for p in glob.glob(buildpath + "/*/*/host_stats*top.txt"):
+ n_split = p.split(build)
+ res = reldir[0:-1] + n_split[1]
+ hd.append((res, str(counter)))
+ counter += 1
+
+
branch = get_build_branch(buildpath)

- entries.append((build, reldir, btype, testreport, branch, buildhistory, perfreports, ptestlogs))
+ entries.append((build, reldir, btype, testreport, branch, buildhistory, perfreports, ptestlogs, hd))

# Also ensure we have saved out log data for ptest runs to aid debugging
if "ptest" in btype or btype in ["full", "quick"]:
--
2.25.1


[PATCH yocto-autobuilder-helper 3/4] collect-results: collect "host_stats" files generated by collect-data template

sakib.sajal@...
 

collect-data template generates host_stats files which are collected.
All files are published, file names are determined by the contents:
- Files that contain "top" output are named host_stats_<number>_top.txt
- host_stats_<number>.txt otherwise

Signed-off-by: Sakib Sajal <sakib.sajal@...>
Signed-off-by: Randy MacLeod <Randy.MacLeod@...>
---
scripts/collect-results | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)

diff --git a/scripts/collect-results b/scripts/collect-results
index 5db43fb..7474e36 100755
--- a/scripts/collect-results
+++ b/scripts/collect-results
@@ -17,3 +17,22 @@ if [ -e $WORKDIR/buildhistory ]; then
$WORKDIR/../scripts/buildhistory-diff -p $WORKDIR/buildhistory ab-fetchrev > $DEST/$target/buildhistory.txt
fi
fi
+
+HSFILE=$WORKDIR/tmp/buildstats/*/host_stats
+d=`date +%Y-%m-%d--%H-%M`
+
+mkdir -p $DEST/$target/$d
+
+step=0
+for f in $HSFILE; do
+ if [ -e $f ]; then
+ cp $f $DEST/$target/$d
+ grep -m 1 "^top -" $f
+ if [ $? -eq 0 ]; then
+ mv $DEST/$target/$d/`basename $f` $DEST/$target/$d/`basename $f`_${step}_top.txt
+ else
+ mv $DEST/$target/$d/`basename $f` $DEST/$target/$d/`basename $f`_${step}.txt
+ fi
+ step=$((step+1))
+ fi
+done
--
2.25.1


[PATCH yocto-autobuilder-helper 2/4] config.json: collect data by default

sakib.sajal@...
 

add the variables required to collect data to "defaults"
so that data is collected on all builds.

Signed-off-by: Sakib Sajal <sakib.sajal@...>
Signed-off-by: Randy MacLeod <Randy.MacLeod@...>
---
config.json | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/config.json b/config.json
index c43d231..cd82047 100644
--- a/config.json
+++ b/config.json
@@ -55,7 +55,10 @@
"SDK_INCLUDE_TOOLCHAIN = '1'",
"BB_DISKMON_DIRS = 'STOPTASKS,${TMPDIR},1G,100K STOPTASKS,${DL_DIR},1G STOPTASKS,${SSTATE_DIR},1G STOPTASKS,/tmp,100M,100K ABORT,${TMPDIR},100M,1K ABORT,${DL_DIR},100M ABORT,${SSTATE_DIR},100M ABORT,/tmp,10M,1K'",
"BB_HASHSERVE = 'typhoon.yocto.io:8686'",
- "RUNQEMU_TMPFS_DIR = '/home/pokybuild/tmp'"
+ "RUNQEMU_TMPFS_DIR = '/home/pokybuild/tmp'",
+ "BB_HEARTBEAT_EVENT = '10'",
+ "BB_LOG_HOST_STAT_ON_INTERVAL = '1'",
+ "BB_LOG_HOST_STAT_CMDS = 'oe-time-dd-test.sh 100'"
]
},
"templates" : {
--
2.25.1


[PATCH yocto-autobuilder-helper 1/4] config.json: add "collect-data" template

sakib.sajal@...
 

collect-data template can run arbitrary commands/scripts
on a regular basis and logs the output in a file.

See oe-core for more details:
edb7098e9e buildstats.bbclass: add functionality to collect build system stats

Signed-off-by: Sakib Sajal <sakib.sajal@...>
Signed-off-by: Randy MacLeod <Randy.MacLeod@...>
---
config.json | 7 +++++++
1 file changed, 7 insertions(+)

diff --git a/config.json b/config.json
index 5bfa240..c43d231 100644
--- a/config.json
+++ b/config.json
@@ -87,6 +87,13 @@
"SANITYTARGETS" : "core-image-full-cmdline:do_testimage core-image-sato:do_testimage core-image-sato-sdk:do_testimage"
}
},
+ "collect-data" : {
+ "extravars" : [
+ "BB_HEARTBEAT_EVENT = '10'",
+ "BB_LOG_HOST_STAT_ON_INTERVAL = '1'",
+ "BB_LOG_HOST_STAT_CMDS = 'oe-time-dd-test.sh 100'"
+ ]
+ },
"ptest-qemu" : {
"BUILDINFO" : true,
"BBTARGETS" : "core-image-sato-ptest",
--
2.25.1


Re: ref-manual: reverse the order of migration guides?

Michael Opdenacker
 

Oops, sent to the wrong list (meant to use the "docs" list). You can
remove if this list is moderated.

Apologies

--
Michael Opdenacker, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com


ref-manual: reverse the order of migration guides?

Michael Opdenacker
 

Greetings,

Wouldn't it make sense to reverse the order of migration guides in the
reference manual
(https://www.yoctoproject.org/docs/3.0/ref-manual/ref-manual.html#migration)?

I guess it would be easier to start mentioning the migration path from
the most recent release, as version 1.3 looks ancient.

Would it make sense? If so, it's easy to propose a patch...

Thanks in advance,

Michael.

--
Michael Opdenacker, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com


Re: [meta-cgl][PATCH] pacemaker: upgrade 2.0.3 -> 2.0.5

Randy MacLeod
 

On 2021-04-12 11:00 p.m., Jeremy Puhlman wrote:
I haven't been doing much with it lately and this got lost in my pile. Its merged to master.
Thanks Jeremy.
../Randy

On Mon, Apr 12, 2021 at 7:29 PM Randy MacLeod <randy.macleod@... <mailto:randy.macleod@...>> wrote:
On 2021-03-05 1:28 a.m., Changqing Li wrote:
> ping
Is this layer alive? :)
../Randy
>
> On 12/9/20 2:01 PM, Yi Zhao wrote:
>> Drop backported patches:
>> 0001-Mark-declaration-with-extern.patch
>> 0006-Fix-tools-Fix-definition-of-curses_indented_printf.patch
>>
>> Rebase patches:
>> 0001-Fix-python3-usage.patch
>> 0001-pacemaker-fix-compile-error-of-musl-libc.patch
>>
>> Remove /var/log directory in do_install and create
/var/log/pacemaker
>> directory in volatile file.
>>
>> Signed-off-by: Yi Zhao<yi.zhao@...
<mailto:yi.zhao@...>>
>> ---
>>   .../recipes-cgl/pacemaker/files/tmpfiles      |  3 +-
>>   .../recipes-cgl/pacemaker/files/volatiles     |  1 +
>>   .../pacemaker/0001-Fix-python3-usage.patch    | 34 ++++----------
>>   .../0001-Mark-declaration-with-extern.patch   | 46
-------------------
>>   ...maker-fix-compile-error-of-musl-libc.patch | 39
+++-------------
>>   ...definition-of-curses_indented_printf.patch | 30 ------------
>>   ...{pacemaker_2.0.3.bb <http://pacemaker_2.0.3.bb> =>
pacemaker_2.0.5.bb <http://pacemaker_2.0.5.bb>} |  5 +-
>>   7 files changed, 21 insertions(+), 137 deletions(-)
>>   mode change 100755 => 100644
meta-cgl-common/recipes-cgl/pacemaker/files/tmpfiles
>>   mode change 100755 => 100644
meta-cgl-common/recipes-cgl/pacemaker/files/volatiles
>>   delete mode 100644
meta-cgl-common/recipes-cgl/pacemaker/pacemaker/0001-Mark-declaration-with-extern.patch
>>   delete mode 100644
meta-cgl-common/recipes-cgl/pacemaker/pacemaker/0006-Fix-tools-Fix-definition-of-curses_indented_printf.patch
>>   rename
meta-cgl-common/recipes-cgl/pacemaker/{pacemaker_2.0.3.bb
<http://pacemaker_2.0.3.bb> => pacemaker_2.0.5.bb
<http://pacemaker_2.0.5.bb>} (96%)
>>
>> diff --git
a/meta-cgl-common/recipes-cgl/pacemaker/files/tmpfiles
b/meta-cgl-common/recipes-cgl/pacemaker/files/tmpfiles
>> old mode 100755
>> new mode 100644
>> index 979db47..765ee0d
>> --- a/meta-cgl-common/recipes-cgl/pacemaker/files/tmpfiles
>> +++ b/meta-cgl-common/recipes-cgl/pacemaker/files/tmpfiles
>> @@ -3,4 +3,5 @@ d /var/lib/pacemaker/cib 0750 hacluster haclient -
>>   d /var/lib/pacemaker/cores 0750 hacluster haclient -
>>   d /var/lib/pacemaker/pengine 0750 hacluster haclient -
>>   d /var/lib/pacemaker/blackbox 0750 hacluster haclient -
>> -d /var/run/crm 0750 hacluster haclient -
>> +d /run/crm 0750 hacluster haclient -
>> +d /var/log/pacemaker 0750 hacluster haclient -
>> diff --git
a/meta-cgl-common/recipes-cgl/pacemaker/files/volatiles
b/meta-cgl-common/recipes-cgl/pacemaker/files/volatiles
>> old mode 100755
>> new mode 100644
>> index 1700a69..eca3002
>> --- a/meta-cgl-common/recipes-cgl/pacemaker/files/volatiles
>> +++ b/meta-cgl-common/recipes-cgl/pacemaker/files/volatiles
>> @@ -4,3 +4,4 @@ d hacluster haclient 0750
/var/lib/pacemaker/cores none
>>   d hacluster haclient 0750 /var/lib/pacemaker/pengine none
>>   d hacluster haclient 0750 /var/lib/pacemaker/blackbox none
>>   d hacluster haclient 0750 /var/run/crm none
>> +d hacluster haclient 0750 /var/log/pacemaker none
>> diff --git
a/meta-cgl-common/recipes-cgl/pacemaker/pacemaker/0001-Fix-python3-usage.patch
b/meta-cgl-common/recipes-cgl/pacemaker/pacemaker/0001-Fix-python3-usage.patch
>> index 05d7a76..2095227 100644
>> ---
a/meta-cgl-common/recipes-cgl/pacemaker/pacemaker/0001-Fix-python3-usage.patch
>> +++
b/meta-cgl-common/recipes-cgl/pacemaker/pacemaker/0001-Fix-python3-usage.patch
>> @@ -1,4 +1,4 @@
>> -From fdefa9efc726fe704238d462a3dc207e0282fb9e Mon Sep 17
00:00:00 2001
>> +From f470884e0b990676685c8740b5c7d6f094267e4f Mon Sep 17
00:00:00 2001
>>   From: Jeremy Puhlman<jpuhlman@...
<mailto:jpuhlman@...>>
>>   Date: Sun, 15 Mar 2020 21:09:33 +0000
>>   Subject: [PATCH] Fix python3 usage
>> @@ -18,12 +18,11 @@ Upstream-Status: Pending
>>    cts/pacemaker-cts-dummyd.in <http://pacemaker-cts-dummyd.in>
                 | 2 +-
>>    daemons/fenced/fence_legacy.in <http://fence_legacy.in>
          | 2 +-
>>    doc/Pacemaker_Development/en-US/Ch-Python.txt | 2 +-
>> - doc/Pacemaker_Development/pot/Ch-Python.pot   | 2 +-
>>    tools/pcmk_simtimes.in <http://pcmk_simtimes.in>
          | 2 +-
>> - 14 files changed, 14 insertions(+), 14 deletions(-)
>> + 13 files changed, 13 insertions(+), 13 deletions(-)
>>
>>   diff --git a/cts/CTSlab.py.in <http://CTSlab.py.in>
b/cts/CTSlab.py.in <http://CTSlab.py.in>
>> -index f4ae60dc1..55a0d4ecf 100644
>> +index 4bae93515..f09f71c66 100644
>>   --- a/cts/CTSlab.py.in <http://CTSlab.py.in>
>>   +++ b/cts/CTSlab.py.in <http://CTSlab.py.in>
>>   @@ -1,4 +1,4 @@
>> @@ -43,10 +42,10 @@ index 81a5da8c0..bbadf938a 100644
>>    '''OCF IPaddr/IPaddr2 Resource Agent Test'''
>>
>>   diff --git a/cts/cluster_test.in <http://cluster_test.in>
b/cts/cluster_test.in <http://cluster_test.in>
>> -index e0d28509d..f982be05a 100755
>> +index 38f941d3e..5a289e3fc 100755
>>   --- a/cts/cluster_test.in <http://cluster_test.in>
>>   +++ b/cts/cluster_test.in <http://cluster_test.in>
>> -@@ -171,4 +171,4 @@ printf "\nAll set to go for %d
iterations!\n" "$CTS_numtests"
>> +@@ -172,4 +172,4 @@ printf "\nAll set to go for %d
iterations!\n" "$CTS_numtests"
>>        || echo "+ To use a different configuration, remove
~/.cts and re-run cts (or edit it manually)."
>>
>>    echo Now paste the following command into this shell:
>> @@ -63,7 +62,7 @@ index 592d850b4..9a653a442 100644
>>    """
>>
>>   diff --git a/cts/cts-fencing.in <http://cts-fencing.in>
b/cts/cts-fencing.in <http://cts-fencing.in>
>> -index 2d9999ca0..8e3fb7203 100644
>> +index 444402438..0270c99ce 100644
>>   --- a/cts/cts-fencing.in <http://cts-fencing.in>
>>   +++ b/cts/cts-fencing.in <http://cts-fencing.in>
>>   @@ -1,4 +1,4 @@
>> @@ -83,7 +82,7 @@ index 28f4efe7f..b4ed5024f 100644
>>
>>    Reads a specified number of lines from the supplied offset
>>   diff --git a/cts/cts-scheduler.in <http://cts-scheduler.in>
b/cts/cts-scheduler.in <http://cts-scheduler.in>
>> -index 8fa16fb69..d4306b02b 100644
>> +index 23e6a919f..09058ce22 100644
>>   --- a/cts/cts-scheduler.in <http://cts-scheduler.in>
>>   +++ b/cts/cts-scheduler.in <http://cts-scheduler.in>
>>   @@ -1,4 +1,4 @@
>> @@ -93,7 +92,7 @@ index 8fa16fb69..d4306b02b 100644
>>    """
>>
>>   diff --git a/cts/environment.py b/cts/environment.py
>> -index db9d3db16..9d103fda9 100644
>> +index 6a97b1289..39e89fa6f 100644
>>   --- a/cts/environment.py
>>   +++ b/cts/environment.py
>>   @@ -639,7 +639,7 @@ class Environment(object):
>> @@ -106,7 +105,7 @@ index db9d3db16..9d103fda9 100644
>>
>>            sys.exit(status)
>>   diff --git a/cts/fence_dummy.in <http://fence_dummy.in>
b/cts/fence_dummy.in <http://fence_dummy.in>
>> -index a2692b1e0..f1d111205 100644
>> +index 8b0dd5165..9e8624bd9 100644
>>   --- a/cts/fence_dummy.in <http://fence_dummy.in>
>>   +++ b/cts/fence_dummy.in <http://fence_dummy.in>
>>   @@ -1,4 +1,4 @@
>> @@ -148,19 +147,6 @@ index 42d35b649..467e1c524 100644
>>    ----
>>    ====
>>    which will be replaced with the appropriate python executable
when Pacemaker is
>> -diff --git a/doc/Pacemaker_Development/pot/Ch-Python.pot
b/doc/Pacemaker_Development/pot/Ch-Python.pot
>> -index ed71331ce..27c7e22e5 100644
>> ---- a/doc/Pacemaker_Development/pot/Ch-Python.pot
>> -+++ b/doc/Pacemaker_Development/pot/Ch-Python.pot
>> -@@ -39,7 +39,7 @@ msgstr ""
>> -
>> - #. Tag: screen
>> - #, no-c-format
>> --msgid "#!@PYTHON@"
>> -+msgid "#!/usr/bin/env python3"
>> - msgstr ""
>> -
>> - #. Tag: para
>>   diff --git a/tools/pcmk_simtimes.in <http://pcmk_simtimes.in>
b/tools/pcmk_simtimes.in <http://pcmk_simtimes.in>
>>   index 6e362243b..28009f499 100644
>>   --- a/tools/pcmk_simtimes.in <http://pcmk_simtimes.in>
>> @@ -172,5 +158,5 @@ index 6e362243b..28009f499 100644
>>    """
>>
>>   --
>> -2.23.0
>> +2.17.1
>>
>> diff --git
a/meta-cgl-common/recipes-cgl/pacemaker/pacemaker/0001-Mark-declaration-with-extern.patch
b/meta-cgl-common/recipes-cgl/pacemaker/pacemaker/0001-Mark-declaration-with-extern.patch
>> deleted file mode 100644
>> index 5729447..0000000
>> ---
a/meta-cgl-common/recipes-cgl/pacemaker/pacemaker/0001-Mark-declaration-with-extern.patch
>> +++ /dev/null
>> @@ -1,46 +0,0 @@
>> -From e1abd3b7c7a0122813e4d0abdb079df10104882c Mon Sep 17
00:00:00 2001
>> -From: Mingli Yu<mingli.yu@...
<mailto:mingli.yu@...>>
>> -Date: Thu, 3 Sep 2020 04:44:09 +0000
>> -Subject: [PATCH] Mark declaration with extern
>> -
>> -Fixes build with gcc 10+
>> -
>> -Upstream-Status: Pending
>> -
>> -Signed-off-by: Mingli Yu<mingli.yu@...
<mailto:mingli.yu@...>>
>> ----
>> - daemons/attrd/pacemaker-attrd.h | 4 ++--
>> - daemons/execd/pacemaker-execd.h | 2 +-
>> - 2 files changed, 3 insertions(+), 3 deletions(-)
>> -
>> -diff --git a/daemons/attrd/pacemaker-attrd.h
b/daemons/attrd/pacemaker-attrd.h
>> -index cc8e29ee1..76778915e 100644
>> ---- a/daemons/attrd/pacemaker-attrd.h
>> -+++ b/daemons/attrd/pacemaker-attrd.h
>> -@@ -106,8 +106,8 @@ typedef struct attribute_value_s {
>> -         gboolean seen;
>> - } attribute_value_t;
>> -
>> --crm_cluster_t *attrd_cluster;
>> --GHashTable *attributes;
>> -+extern crm_cluster_t *attrd_cluster;
>> -+extern GHashTable *attributes;
>> -
>> - #define attrd_send_ack(client, id, flags) \
>> -     crm_ipcs_send_ack((client), (id), (flags), "ack",
__FUNCTION__, __LINE__)
>> -diff --git a/daemons/execd/pacemaker-execd.h
b/daemons/execd/pacemaker-execd.h
>> -index 4a52d9183..dab3ccdbe 100644
>> ---- a/daemons/execd/pacemaker-execd.h
>> -+++ b/daemons/execd/pacemaker-execd.h
>> -@@ -20,7 +20,7 @@
>> - #    include <gnutls/gnutls.h>
>> - #  endif
>> -
>> --GHashTable *rsc_list;
>> -+extern GHashTable *rsc_list;
>> -
>> - typedef struct lrmd_rsc_s {
>> -     char *rsc_id;
>> ---
>> -2.26.2
>> -
>> diff --git
a/meta-cgl-common/recipes-cgl/pacemaker/pacemaker/0001-pacemaker-fix-compile-error-of-musl-libc.patch
b/meta-cgl-common/recipes-cgl/pacemaker/pacemaker/0001-pacemaker-fix-compile-error-of-musl-libc.patch
>> index f8cbb7e..a10e8cd 100644
>> ---
a/meta-cgl-common/recipes-cgl/pacemaker/pacemaker/0001-pacemaker-fix-compile-error-of-musl-libc.patch
>> +++
b/meta-cgl-common/recipes-cgl/pacemaker/pacemaker/0001-pacemaker-fix-compile-error-of-musl-libc.patch
>> @@ -1,4 +1,4 @@
>> -From 51b0df9242bb1e3eb41362381472a00727910f64 Mon Sep 17
00:00:00 2001
>> +From ba9e4810a09893521d28f6c699fb7f213d4a4b34 Mon Sep 17
00:00:00 2001
>>   From: Changqing Li<changqing.li@...
<mailto:changqing.li@...>>
>>   Date: Fri, 10 Aug 2018 15:08:31 +0800
>>   Subject: [PATCH] pacemaker: fix compile error of musl libc
>> @@ -7,28 +7,14 @@ Upstream-Status: Pending
>>
>>   Signed-off-by: Changqing Li<changqing.li@...
<mailto:changqing.li@...>>
>>   ---
>> - include/crm/stonith-ng.h | 1 +
>> - lib/cib/cib_remote.c     | 3 ---
>> - tools/crm_mon.c          | 2 +-
>> - 3 files changed, 2 insertions(+), 4 deletions(-)
>> + lib/cib/cib_remote.c | 3 ---
>> + 1 file changed, 3 deletions(-)
>>
>> -diff --git a/include/crm/stonith-ng.h b/include/crm/stonith-ng.h
>> -index 56c1ec7..a637b47 100644
>> ---- a/include/crm/stonith-ng.h
>> -+++ b/include/crm/stonith-ng.h
>> -@@ -28,6 +28,7 @@
>> - #  include <dlfcn.h>
>> - #  include <errno.h>
>> - #  include <stdbool.h>
>> -+#  include <time.h>
>> -
>> - /* TO-DO: Work out how to drop this requirement */
>> - #  include <libxml/tree.h>
>>   diff --git a/lib/cib/cib_remote.c b/lib/cib/cib_remote.c
>> -index 4d7b93b..8be8ecc 100644
>> +index 4de0a0f7b..7686637db 100644
>>   --- a/lib/cib/cib_remote.c
>>   +++ b/lib/cib/cib_remote.c
>> -@@ -53,9 +53,6 @@ typedef void gnutls_session_t;
>> +@@ -45,9 +45,6 @@ typedef void gnutls_session_t;
>>    #endif
>>
>>    #include <arpa/inet.h>
>> @@ -38,19 +24,6 @@ index 4d7b93b..8be8ecc 100644
>>
>>    #define DH_BITS 1024
>>
>> -diff --git a/tools/crm_mon.c b/tools/crm_mon.c
>> -index 7c63803..1ae6c21 100644
>> ---- a/tools/crm_mon.c
>> -+++ b/tools/crm_mon.c
>> -@@ -553,7 +553,7 @@ main(int argc, char **argv)
>> -
>> - #if !defined (ON_DARWIN) && !defined (ON_BSD)
>> -     /* prevent zombies */
>> --    signal(SIGCLD, SIG_IGN);
>> -+    signal(SIGCHLD, SIG_IGN);
>> - #endif
>> -
>> -     if (crm_ends_with_ext(argv[0], ".cgi") == TRUE) {
>>   --
>> -2.7.4
>> +2.17.1
>>
>> diff --git
a/meta-cgl-common/recipes-cgl/pacemaker/pacemaker/0006-Fix-tools-Fix-definition-of-curses_indented_printf.patch
b/meta-cgl-common/recipes-cgl/pacemaker/pacemaker/0006-Fix-tools-Fix-definition-of-curses_indented_printf.patch
>> deleted file mode 100644
>> index f5e1829..0000000
>> ---
a/meta-cgl-common/recipes-cgl/pacemaker/pacemaker/0006-Fix-tools-Fix-definition-of-curses_indented_printf.patch
>> +++ /dev/null
>> @@ -1,30 +0,0 @@
>> -From 426f06cc088d11d6db0c45b434e5ce6b69da78b4 Mon Sep 17
00:00:00 2001
>> -From: Chris Lumens<clumens@... <mailto:clumens@...>>
>> -Date: Thu, 2 Jan 2020 15:08:58 -0500
>> -Subject: [PATCH 006/207] Fix: tools: Fix definition of
curses_indented_printf.
>> -
>> -The placeholder version that is built if curses is not enabled
does not
>> -have a type that matches the header file.  Correct that.
>> -
>> -Signed-off-by: Jeremy A. Puhlman<jpuhlman@...
<mailto:jpuhlman@...>>
>> -Upstream-Status: Backport[git]
>> ----
>> - tools/crm_mon_curses.c | 2 +-
>> - 1 file changed, 1 insertion(+), 1 deletion(-)
>> -
>> -diff --git a/tools/crm_mon_curses.c b/tools/crm_mon_curses.c
>> -index c0dbedbf0..ecd0584fe 100644
>> ---- a/tools/crm_mon_curses.c
>> -+++ b/tools/crm_mon_curses.c
>> -@@ -368,7 +368,7 @@ curses_indented_vprintf(pcmk__output_t
*out, const char *format, va_list args) {
>> -
>> - G_GNUC_PRINTF(2, 3)
>> - void
>> --curses_indented_printf(pcmk__output_t *out, const char
*format, va_list args) {
>> -+curses_indented_printf(pcmk__output_t *out, const char
*format, ...) {
>> -     return;
>> - }
>> -
>> ---
>> -2.23.0
>> -
>> diff --git
a/meta-cgl-common/recipes-cgl/pacemaker/pacemaker_2.0.3.bb
<http://pacemaker_2.0.3.bb>
b/meta-cgl-common/recipes-cgl/pacemaker/pacemaker_2.0.5.bb
<http://pacemaker_2.0.5.bb>
>> similarity index 96%
>> rename from
meta-cgl-common/recipes-cgl/pacemaker/pacemaker_2.0.3.bb
<http://pacemaker_2.0.3.bb>
>> rename to
meta-cgl-common/recipes-cgl/pacemaker/pacemaker_2.0.5.bb
<http://pacemaker_2.0.5.bb>
>> index 8576f18..6cfa057 100644
>> --- a/meta-cgl-common/recipes-cgl/pacemaker/pacemaker_2.0.3.bb
<http://pacemaker_2.0.3.bb>
>> +++ b/meta-cgl-common/recipes-cgl/pacemaker/pacemaker_2.0.5.bb
<http://pacemaker_2.0.5.bb>
>> @@ -14,9 +14,7 @@ LIC_FILES_CHKSUM
="file://COPYING;md5=000212f361a81b100d9d0f0435040663"
>>   DEPENDS = "corosync libxslt libxml2 gnutls resource-agents
libqb python3-native"
>>
>>   SRC_URI = "git://github.com/ClusterLabs/${BPN}.git
<http://github.com/ClusterLabs/$%7BBPN%7D.git> \
>>
-file://0006-Fix-tools-Fix-definition-of-curses_indented_printf.patch  \
>>              file://0001-Fix-python3-usage.patch  \
>> -file://0001-Mark-declaration-with-extern.patch  \
>>
file://0001-pacemaker-set-OCF_ROOT_DIR-to-libdir-ocf.patch  \
>>              file://volatiles  \
>>              file://tmpfiles  \
>> @@ -26,7 +24,7 @@ CFLAGS += "-I${STAGING_INCDIR}/heartbeat"
>>   CPPFLAGS +="-I${STAGING_INCDIR}/heartbeat"
>>   SRC_URI_append_libc-musl
="file://0001-pacemaker-fix-compile-error-of-musl-libc.patch"
>>
>> -SRCREV = "4b1f869f0f64ef0d248b6aa4781d38ecccf83318"
>> +SRCREV = "ba59be71228fed04f78ab374dfac748d314d0e89"
>>
>>   inherit autotools-brokensep pkgconfig systemd python3native
python3-dir useradd
>>
>> @@ -78,6 +76,7 @@ do_install_append() {
>>
>>       rm -rf ${D}${localstatedir}/lib/heartbeat
>>       rm -rf ${D}${localstatedir}/run
>> +    rm -rf ${D}${localstatedir}/log
>>
>>       # remove buildpath
>>       tempdirs=$(grep -Rn ${RECIPE_SYSROOT_NATIVE} ${D}/* | awk
-F: '{print $1}' | uniq)
>>
>
>
>
--
# Randy MacLeod
# Wind River Linux
--
Jeremy Puhlman
Montavista Software, LLC.

--
# Randy MacLeod
# Wind River Linux

4681 - 4700 of 57773