Date   

Bitbake failure

Cris Scott
 

Not sure who to ask about this.

Using https://push.yoctoproject.org/cgit/cgit.cgi/poky/tree/meta/recipes-extended/lighttpd/lighttpd_1.4.59.bb to build lighttpd, bitbake fails, and I receive tons of messages that look like:

 

ERROR: lighttpd-1.4.59-r0 do_package_qa: QA Issue: /usr/lib/mod_staticfile.so contained in package lighttpd-module-staticfile requires libc.so.6(GLIBC_2.4), but no providers found in RDEPENDS_lighttpd-module-staticfile? [file-rdeps]

 

 

Can someone point me in the right direction to resolve this?

 

-Bill

 


kernel init debug features

Monsees, Steven C (US)
 

 

I have kernels based off “rocko” and “zeus” for both Arm and Intel… all using sysvinit (not systemd).

 

Under the Yocto build system, how can I easily set the following kernel configuration variables based on the build for testing/debug ?

 

·        sched_rt_period_us

·        sched_rt_runtime_us

·        overcommit_memory

 

thanks,

Steve


Conditionally install files depending on locale

Amr Bekhit
 

Hello,

I'm trying to put together a recipe where I conditionally install files depending on the image locale. I can see from the reference manual that Yocto will use the contents of IMAGE_LINGUAS to install locales during the root filesystem construction process. How can I go about creating locales for my custom packages/recipes?


[meta-security][PATCH 4/4] meta-hardening/initscripts: missed overide.

Armin Kuster
 

Helps pass YCL.

Signed-off-by: Armin Kuster <akuster808@...>
---
.../recipes-core/initscripts/initscripts_1.0.bbappend | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-hardening/recipes-core/initscripts/initscripts_1.0.bbappend b/meta-hardening/recipes-core/initscripts/initscripts_1.0.bbappend
index 896b039..f943cb3 100644
--- a/meta-hardening/recipes-core/initscripts/initscripts_1.0.bbappend
+++ b/meta-hardening/recipes-core/initscripts/initscripts_1.0.bbappend
@@ -1,4 +1,4 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+FILESEXTRAPATHS_prepend_harden := "${THISDIR}/files:"

SRC_URI_append_harden = " file://mountall.sh"

--
2.25.1


[meta-security][PATCH 3/4] meta-integrity: YCL fixups

Armin Kuster
 

We wont need the linux-% once the kernel-feature class is included in
core.
Move the inherit into the image itself.
Drop kernel patches not being used.

Signed-off-by: Armin Kuster <akuster808@...>
---
.../images/integrity-image-minimal.bb | 2 +
.../recipes-kernel/linux/linux-%.bbappend | 5 -
.../0001-ima-fix-ima_inode_post_setattr.patch | 51 -------
...for-creating-files-using-the-mknodat.patch | 138 ------------------
...-file-hash-setting-by-user-to-fix-an.patch | 60 --------
5 files changed, 2 insertions(+), 254 deletions(-)
delete mode 100644 meta-integrity/recipes-kernel/linux/linux-%.bbappend
delete mode 100644 meta-integrity/recipes-kernel/linux/linux/0001-ima-fix-ima_inode_post_setattr.patch
delete mode 100644 meta-integrity/recipes-kernel/linux/linux/0002-ima-add-support-for-creating-files-using-the-mknodat.patch
delete mode 100644 meta-integrity/recipes-kernel/linux/linux/Revert-ima-limit-file-hash-setting-by-user-to-fix-an.patch

diff --git a/meta-integrity/recipes-core/images/integrity-image-minimal.bb b/meta-integrity/recipes-core/images/integrity-image-minimal.bb
index 1a3a30a..4e7895a 100644
--- a/meta-integrity/recipes-core/images/integrity-image-minimal.bb
+++ b/meta-integrity/recipes-core/images/integrity-image-minimal.bb
@@ -13,6 +13,8 @@ IMAGE_INSTALL = "\
LICENSE = "MIT"

inherit core-image
+inherit ${@bb.utils.contains('DISTRO_FEATURES', 'modsign', 'kernel-modsign', '', d)}
+

export IMAGE_BASENAME = "integrity-image-minimal"

diff --git a/meta-integrity/recipes-kernel/linux/linux-%.bbappend b/meta-integrity/recipes-kernel/linux/linux-%.bbappend
deleted file mode 100644
index f9a48cd..0000000
--- a/meta-integrity/recipes-kernel/linux/linux-%.bbappend
+++ /dev/null
@@ -1,5 +0,0 @@
-KERNEL_FEATURES_append = " ${@bb.utils.contains("DISTRO_FEATURES", "ima", " features/ima/ima.scc", "" ,d)}"
-
-KERNEL_FEATURES_append = " ${@bb.utils.contains('DISTRO_FEATURES', 'modsign', ' features/ima/modsign.scc', '', d)}"
-
-inherit ${@bb.utils.contains('DISTRO_FEATURES', 'modsign', 'kernel-modsign', '', d)}
diff --git a/meta-integrity/recipes-kernel/linux/linux/0001-ima-fix-ima_inode_post_setattr.patch b/meta-integrity/recipes-kernel/linux/linux/0001-ima-fix-ima_inode_post_setattr.patch
deleted file mode 100644
index 64016dd..0000000
--- a/meta-integrity/recipes-kernel/linux/linux/0001-ima-fix-ima_inode_post_setattr.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From 45ea681ebc0dd44aaec5d3cc4143b9722070d3ac Mon Sep 17 00:00:00 2001
-From: Mimi Zohar <zohar@...>
-Date: Tue, 8 Mar 2016 16:43:55 -0500
-Subject: [PATCH] ima: fix ima_inode_post_setattr
-
-Changing file metadata (eg. uid, guid) could result in having to
-re-appraise a file's integrity, but does not change the "new file"
-status nor the security.ima xattr. The IMA_PERMIT_DIRECTIO and
-IMA_DIGSIG_REQUIRED flags are policy rule specific. This patch
-only resets these flags, not the IMA_NEW_FILE or IMA_DIGSIG flags.
-
-With this patch, changing the file timestamp will not remove the
-file signature on new files.
-
-Upstream-Status: Accepted [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/security/integrity/ima/ima_appraise.c?id=42a4c603198f0d45b7aa936d3ac6ba1b8bd14a1b]
-
-Reported-by: Dmitry Rozhkov <dmitry.rozhkov@...>
-Signed-off-by: Mimi Zohar <zohar@...>
----
- security/integrity/ima/ima_appraise.c | 2 +-
- security/integrity/integrity.h | 1 +
- 2 files changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
-index 4df493e..a384ba1 100644
---- a/security/integrity/ima/ima_appraise.c
-+++ b/security/integrity/ima/ima_appraise.c
-@@ -327,7 +327,7 @@ void ima_inode_post_setattr(struct dentry *dentry)
- if (iint) {
- iint->flags &= ~(IMA_APPRAISE | IMA_APPRAISED |
- IMA_APPRAISE_SUBMASK | IMA_APPRAISED_SUBMASK |
-- IMA_ACTION_FLAGS);
-+ IMA_ACTION_RULE_FLAGS);
- if (must_appraise)
- iint->flags |= IMA_APPRAISE;
- }
-diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
-index 0fc9519..f9decae 100644
---- a/security/integrity/integrity.h
-+++ b/security/integrity/integrity.h
-@@ -28,6 +28,7 @@
-
- /* iint cache flags */
- #define IMA_ACTION_FLAGS 0xff000000
-+#define IMA_ACTION_RULE_FLAGS 0x06000000
- #define IMA_DIGSIG 0x01000000
- #define IMA_DIGSIG_REQUIRED 0x02000000
- #define IMA_PERMIT_DIRECTIO 0x04000000
---
-2.5.0
-
diff --git a/meta-integrity/recipes-kernel/linux/linux/0002-ima-add-support-for-creating-files-using-the-mknodat.patch b/meta-integrity/recipes-kernel/linux/linux/0002-ima-add-support-for-creating-files-using-the-mknodat.patch
deleted file mode 100644
index 6ab7ce2..0000000
--- a/meta-integrity/recipes-kernel/linux/linux/0002-ima-add-support-for-creating-files-using-the-mknodat.patch
+++ /dev/null
@@ -1,138 +0,0 @@
-From baaec960e9e7be0b526eaf831b079ddfe5c15124 Mon Sep 17 00:00:00 2001
-From: Mimi Zohar <zohar@...>
-Date: Thu, 10 Mar 2016 18:19:20 +0200
-Subject: [PATCH] ima: add support for creating files using the mknodat
- syscall
-
-Commit 3034a14 "ima: pass 'opened' flag to identify newly created files"
-stopped identifying empty files as new files. However new empty files
-can be created using the mknodat syscall. On systems with IMA-appraisal
-enabled, these empty files are not labeled with security.ima extended
-attributes properly, preventing them from subsequently being opened in
-order to write the file data contents. This patch marks these empty
-files, created using mknodat, as new in order to allow the file data
-contents to be written.
-
-Files with security.ima xattrs containing a file signature are considered
-"immutable" and can not be modified. The file contents need to be
-written, before signing the file. This patch relaxes this requirement
-for new files, allowing the file signature to be written before the file
-contents.
-
-Upstream-Status: Accepted [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/security/integrity/ima/ima_appraise.c?id=05d1a717ec0430c916a749b94eb90ab74bbfa356]
-
-Signed-off-by: Mimi Zohar <zohar@...>
----
- fs/namei.c | 2 ++
- include/linux/ima.h | 7 ++++++-
- security/integrity/ima/ima_appraise.c | 3 +++
- security/integrity/ima/ima_main.c | 32 +++++++++++++++++++++++++++++++-
- 4 files changed, 42 insertions(+), 2 deletions(-)
-
-diff --git a/fs/namei.c b/fs/namei.c
-index ccd7f98..19502da 100644
---- a/fs/namei.c
-+++ b/fs/namei.c
-@@ -3526,6 +3526,8 @@ retry:
- switch (mode & S_IFMT) {
- case 0: case S_IFREG:
- error = vfs_create(path.dentry->d_inode,dentry,mode,true);
-+ if (!error)
-+ ima_post_path_mknod(dentry);
- break;
- case S_IFCHR: case S_IFBLK:
- error = vfs_mknod(path.dentry->d_inode,dentry,mode,
-diff --git a/include/linux/ima.h b/include/linux/ima.h
-index 120ccc5..7f51971 100644
---- a/include/linux/ima.h
-+++ b/include/linux/ima.h
-@@ -20,7 +20,7 @@ extern void ima_file_free(struct file *file);
- extern int ima_file_mmap(struct file *file, unsigned long prot);
- extern int ima_module_check(struct file *file);
- extern int ima_fw_from_file(struct file *file, char *buf, size_t size);
--
-+extern void ima_post_path_mknod(struct dentry *dentry);
- #else
- static inline int ima_bprm_check(struct linux_binprm *bprm)
- {
-@@ -52,6 +52,11 @@ static inline int ima_fw_from_file(struct file *file, char *buf, size_t size)
- return 0;
- }
-
-+static inline void ima_post_path_mknod(struct dentry *dentry)
-+{
-+ return;
-+}
-+
- #endif /* CONFIG_IMA */
-
- #ifdef CONFIG_IMA_APPRAISE
-diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
-index 4df493e..20806ea 100644
---- a/security/integrity/ima/ima_appraise.c
-+++ b/security/integrity/ima/ima_appraise.c
-@@ -274,6 +274,11 @@ out:
- xattr_value->type != EVM_IMA_XATTR_DIGSIG)) {
- if (!ima_fix_xattr(dentry, iint))
- status = INTEGRITY_PASS;
-+ } else if ((inode->i_size == 0) &&
-+ (iint->flags & IMA_NEW_FILE) &&
-+ (xattr_value &&
-+ xattr_value->type == EVM_IMA_XATTR_DIGSIG)) {
-+ status = INTEGRITY_PASS;
- }
- integrity_audit_msg(AUDIT_INTEGRITY_DATA, inode, filename,
- op, cause, rc, 0);
-diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
-index eeee00dc..705bf78 100644
---- a/security/integrity/ima/ima_main.c
-+++ b/security/integrity/ima/ima_main.c
-@@ -242,7 +242,8 @@ static int process_measurement(struct file *file, int mask, int function,
- ima_audit_measurement(iint, pathname);
-
- out_digsig:
-- if ((mask & MAY_WRITE) && (iint->flags & IMA_DIGSIG))
-+ if ((mask & MAY_WRITE) && (iint->flags & IMA_DIGSIG) &&
-+ !(iint->flags & IMA_NEW_FILE))
- rc = -EACCES;
- kfree(xattr_value);
- out_free:
-@@ -310,6 +311,35 @@ int ima_file_check(struct file *file, int mask, int opened)
- EXPORT_SYMBOL_GPL(ima_file_check);
-
- /**
-+ * ima_post_path_mknod - mark as a new inode
-+ * @dentry: newly created dentry
-+ *
-+ * Mark files created via the mknodat syscall as new, so that the
-+ * file data can be written later.
-+ */
-+void ima_post_path_mknod(struct dentry *dentry)
-+{
-+ struct integrity_iint_cache *iint;
-+ struct inode *inode;
-+ int must_appraise;
-+
-+ if (!dentry || !dentry->d_inode)
-+ return;
-+
-+ inode = dentry->d_inode;
-+ if (inode->i_size != 0)
-+ return;
-+
-+ must_appraise = ima_must_appraise(inode, MAY_ACCESS, FILE_CHECK);
-+ if (!must_appraise)
-+ return;
-+
-+ iint = integrity_inode_get(inode);
-+ if (iint)
-+ iint->flags |= IMA_NEW_FILE;
-+}
-+
-+/**
- * ima_module_check - based on policy, collect/store/appraise measurement.
- * @file: pointer to the file to be measured/appraised
- *
---
-2.5.0
-
diff --git a/meta-integrity/recipes-kernel/linux/linux/Revert-ima-limit-file-hash-setting-by-user-to-fix-an.patch b/meta-integrity/recipes-kernel/linux/linux/Revert-ima-limit-file-hash-setting-by-user-to-fix-an.patch
deleted file mode 100644
index 157c007..0000000
--- a/meta-integrity/recipes-kernel/linux/linux/Revert-ima-limit-file-hash-setting-by-user-to-fix-an.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From a34d61850b680c152e1dcc958ee83c3ab3261c3d Mon Sep 17 00:00:00 2001
-From: Patrick Ohly <patrick.ohly@...>
-Date: Tue, 15 Nov 2016 10:10:23 +0100
-Subject: [PATCH] Revert "ima: limit file hash setting by user to fix and log
- modes"
-
-This reverts commit c68ed80c97d9720f51ef31fe91560fdd1e121533.
-
-The original motivation was security hardening ("File hashes are
-automatically set and updated and should not be manually set.")
-
-However, that hardening ignores and breaks some valid use cases:
-- File hashes might not be set because the file is currently
- outside of the policy and therefore have to be set by the
- creator. Examples:
- - Booting into an initramfs with an IMA-enabled kernel but
- without setting an IMA policy, then installing
- the OS onto the target partition by unpacking a rootfs archive
- which has the file hashes pre-computed.
- - Unpacking a file into a staging area with meta data (like owner)
- that leaves the file outside of the current policy, then changing
- the meta data such that it becomes part of the current policy.
-- "should not be set manually" implies that the creator is aware
- of IMA semantic, the current system's configuration, and then
- skips setting file hashes in security.ima if (and only if) the
- kernel would prevent it. That's not the case for standard, unmodified
- tools. Example: unpacking an archive with security.ima xattrs with
- bsdtar or GNU tar.
-
-Upstream-Status: Submitted [https://sourceforge.net/p/linux-ima/mailman/message/35492824/]
-
-Signed-off-by: Patrick Ohly <patrick.ohly@...>
----
- security/integrity/ima/ima_appraise.c | 8 ++------
- 1 file changed, 2 insertions(+), 6 deletions(-)
-
-diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
-index 4b9b4a4..b8b2dd9 100644
---- a/security/integrity/ima/ima_appraise.c
-+++ b/security/integrity/ima/ima_appraise.c
-@@ -385,14 +385,10 @@ int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name,
- result = ima_protect_xattr(dentry, xattr_name, xattr_value,
- xattr_value_len);
- if (result == 1) {
-- bool digsig;
--
- if (!xattr_value_len || (xvalue->type >= IMA_XATTR_LAST))
- return -EINVAL;
-- digsig = (xvalue->type == EVM_IMA_XATTR_DIGSIG);
-- if (!digsig && (ima_appraise & IMA_APPRAISE_ENFORCE))
-- return -EPERM;
-- ima_reset_appraise_flags(d_backing_inode(dentry), digsig);
-+ ima_reset_appraise_flags(d_backing_inode(dentry),
-+ (xvalue->type == EVM_IMA_XATTR_DIGSIG) ? 1 : 0);
- result = 0;
- }
- return result;
---
-2.1.4
-
--
2.25.1


[meta-security][PATCH 2/4] meta-tpm: remove linux-yocto

Armin Kuster
 

Signed-off-by: Armin Kuster <akuster808@...>
---
.../recipes-kernel/linux/linux-yocto/tpm.cfg | 8 --------
.../recipes-kernel/linux/linux-yocto/tpm.scc | 3 ---
.../recipes-kernel/linux/linux-yocto/tpm2.cfg | 6 ------
.../recipes-kernel/linux/linux-yocto/tpm2.scc | 3 ---
.../linux/linux-yocto/tpm_i2c.cfg | 15 ---------------
.../linux/linux-yocto/tpm_i2c.scc | 6 ------
.../linux/linux-yocto/tpm_x86.cfg | 4 ----
.../recipes-kernel/linux/linux-yocto/vtpm.cfg | 5 -----
.../recipes-kernel/linux/linux-yocto/vtpm.scc | 4 ----
.../linux/linux-yocto_5.%.bbappend | 17 -----------------
10 files changed, 71 deletions(-)
delete mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto/tpm.cfg
delete mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto/tpm.scc
delete mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto/tpm2.cfg
delete mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto/tpm2.scc
delete mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto/tpm_i2c.cfg
delete mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto/tpm_i2c.scc
delete mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto/tpm_x86.cfg
delete mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto/vtpm.cfg
delete mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto/vtpm.scc
delete mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto_5.%.bbappend

diff --git a/meta-tpm/recipes-kernel/linux/linux-yocto/tpm.cfg b/meta-tpm/recipes-kernel/linux/linux-yocto/tpm.cfg
deleted file mode 100644
index 8782823..0000000
--- a/meta-tpm/recipes-kernel/linux/linux-yocto/tpm.cfg
+++ /dev/null
@@ -1,8 +0,0 @@
-CONFIG_HW_RANDOM_TPM=y
-CONFIG_TCG_TPM=y
-CONFIG_TCG_TIS_CORE=y
-CONFIG_TCG_TIS=y
-CONFIG_SECURITYFS=y
-CONFIG_TCG_NSC=m
-CONFIG_TCG_ATMEL=m
-CONFIG_TCG_INFINEON=m
diff --git a/meta-tpm/recipes-kernel/linux/linux-yocto/tpm.scc b/meta-tpm/recipes-kernel/linux/linux-yocto/tpm.scc
deleted file mode 100644
index 2949ed4..0000000
--- a/meta-tpm/recipes-kernel/linux/linux-yocto/tpm.scc
+++ /dev/null
@@ -1,3 +0,0 @@
-define KFEATURE_DESCRIPTION "Enable TPM"
-
-kconf hardware tpm.cfg
diff --git a/meta-tpm/recipes-kernel/linux/linux-yocto/tpm2.cfg b/meta-tpm/recipes-kernel/linux/linux-yocto/tpm2.cfg
deleted file mode 100644
index a81b54d..0000000
--- a/meta-tpm/recipes-kernel/linux/linux-yocto/tpm2.cfg
+++ /dev/null
@@ -1,6 +0,0 @@
-CONFIG_HW_RANDOM_TPM=y
-CONFIG_TCG_TPM=y
-CONFIG_TCG_TIS_CORE=y
-CONFIG_TCG_TIS=y
-CONFIG_TCG_CRB=y
-CONFIG_SECURITYFS=y
diff --git a/meta-tpm/recipes-kernel/linux/linux-yocto/tpm2.scc b/meta-tpm/recipes-kernel/linux/linux-yocto/tpm2.scc
deleted file mode 100644
index 088148f..0000000
--- a/meta-tpm/recipes-kernel/linux/linux-yocto/tpm2.scc
+++ /dev/null
@@ -1,3 +0,0 @@
-define KFEATURE_DESCRIPTION "Enable TPM 2.0"
-
-kconf hardware tpm2.cfg
diff --git a/meta-tpm/recipes-kernel/linux/linux-yocto/tpm_i2c.cfg b/meta-tpm/recipes-kernel/linux/linux-yocto/tpm_i2c.cfg
deleted file mode 100644
index 59993f9..0000000
--- a/meta-tpm/recipes-kernel/linux/linux-yocto/tpm_i2c.cfg
+++ /dev/null
@@ -1,15 +0,0 @@
-CONFIG_HW_RANDOM_TPM=y
-CONFIG_TCG_TPM=y
-CONFIG_TCG_TIS_CORE=y
-CONFIG_TCG_TIS=y
-CONFIG_SECURITYFS=y
-
-CONFIG_REGMAP_I2C=y
-CONFIG_I2C_BOARDINFO=y
-CONFIG_I2C_COMPAT=y
-CONFIG_RTC_I2C_AND_SPI=y
-
-CONFIG_TCG_TIS_I2C_ATMEL=m
-CONFIG_TCG_TIS_I2C_INFINEON=m
-CONFIG_TCG_TIS_I2C_NUVOTON=m
-CONFIG_TCG_TIS_ST33ZP24_I2C=m
diff --git a/meta-tpm/recipes-kernel/linux/linux-yocto/tpm_i2c.scc b/meta-tpm/recipes-kernel/linux/linux-yocto/tpm_i2c.scc
deleted file mode 100644
index 0e4eedb..0000000
--- a/meta-tpm/recipes-kernel/linux/linux-yocto/tpm_i2c.scc
+++ /dev/null
@@ -1,6 +0,0 @@
-define KFEATURE_DESCRIPTION "Enable TPM i2c"
-
-include features/i2c/i2c.scc
-
-kconf hardware tpm_i2c.cfg
-
diff --git a/meta-tpm/recipes-kernel/linux/linux-yocto/tpm_x86.cfg b/meta-tpm/recipes-kernel/linux/linux-yocto/tpm_x86.cfg
deleted file mode 100644
index 8be331a..0000000
--- a/meta-tpm/recipes-kernel/linux/linux-yocto/tpm_x86.cfg
+++ /dev/null
@@ -1,4 +0,0 @@
-CONFIG_TCG_NSC=m
-CONFIG_TCG_ATMEL=m
-CONFIG_TCG_INFINEON=m
-CONFIG_TCG_TIS_ST33ZP24=m
diff --git a/meta-tpm/recipes-kernel/linux/linux-yocto/vtpm.cfg b/meta-tpm/recipes-kernel/linux/linux-yocto/vtpm.cfg
deleted file mode 100644
index a8b3758..0000000
--- a/meta-tpm/recipes-kernel/linux/linux-yocto/vtpm.cfg
+++ /dev/null
@@ -1,5 +0,0 @@
-CONFIG_HW_RANDOM_TPM=y
-CONFIG_TCG_TPM=y
-CONFIG_TCG_VTPM_PROXY=y
-CONFIG_SECURITYFS=y
-~
diff --git a/meta-tpm/recipes-kernel/linux/linux-yocto/vtpm.scc b/meta-tpm/recipes-kernel/linux/linux-yocto/vtpm.scc
deleted file mode 100644
index e842da6..0000000
--- a/meta-tpm/recipes-kernel/linux/linux-yocto/vtpm.scc
+++ /dev/null
@@ -1,4 +0,0 @@
-define KFEATURE_DESCRIPTION "Enable vTPM"
-
-kconf hardware vtpm.cfg
-
diff --git a/meta-tpm/recipes-kernel/linux/linux-yocto_5.%.bbappend b/meta-tpm/recipes-kernel/linux/linux-yocto_5.%.bbappend
deleted file mode 100644
index cea8b1b..0000000
--- a/meta-tpm/recipes-kernel/linux/linux-yocto_5.%.bbappend
+++ /dev/null
@@ -1,17 +0,0 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/linux-yocto:"
-
-# Enable tpm in kernel
-SRC_URI_append_x86 = " \
- ${@bb.utils.contains('MACHINE_FEATURES', 'tpm', 'file://tpm.scc', '', d)} \
- ${@bb.utils.contains('MACHINE_FEATURES', 'tpm2', 'file://tpm2.scc', '', d)} \
- "
-
-SRC_URI_append_x86-64 = " \
- ${@bb.utils.contains('MACHINE_FEATURES', 'tpm', 'file://tpm.scc', '', d)} \
- ${@bb.utils.contains('MACHINE_FEATURES', 'tpm2', 'file://tpm2.scc', '', d)} \
- "
-
-SRC_URI += " \
- ${@bb.utils.contains('MACHINE_FEATURES', 'tpm_i2c', 'file://tpm_i2c.scc', '', d)} \
- ${@bb.utils.contains('MACHINE_FEATURES', 'vtpm', 'file://vtpm.scc', '', d)} \
- "
--
2.25.1


[meta-security][PATCH 1/4] linux-yocto: remove bbappend

Armin Kuster
 

Signed-off-by: Armin Kuster <akuster808@...>
---
recipes-kernel/linux/linux-yocto-dev.bbappend | 3 ---
recipes-kernel/linux/linux-yocto_5.%.bbappend | 3 ---
2 files changed, 6 deletions(-)
delete mode 100644 recipes-kernel/linux/linux-yocto-dev.bbappend
delete mode 100644 recipes-kernel/linux/linux-yocto_5.%.bbappend

diff --git a/recipes-kernel/linux/linux-yocto-dev.bbappend b/recipes-kernel/linux/linux-yocto-dev.bbappend
deleted file mode 100644
index fa536d0..0000000
--- a/recipes-kernel/linux/linux-yocto-dev.bbappend
+++ /dev/null
@@ -1,3 +0,0 @@
-KERNEL_FEATURES_append = " ${@bb.utils.contains("DISTRO_FEATURES", "apparmor", " features/apparmor/apparmor.scc", "" ,d)}"
-KERNEL_FEATURES_append = " ${@bb.utils.contains("DISTRO_FEATURES", "smack", " features/smack/smack.scc", "" ,d)}"
-KERNEL_FEATURES_append = " ${@bb.utils.contains("IMAGE_CLASSES", "dm-verity-img", " features/device-mapper/dm-verity.scc", "" ,d)}"
diff --git a/recipes-kernel/linux/linux-yocto_5.%.bbappend b/recipes-kernel/linux/linux-yocto_5.%.bbappend
deleted file mode 100644
index fa536d0..0000000
--- a/recipes-kernel/linux/linux-yocto_5.%.bbappend
+++ /dev/null
@@ -1,3 +0,0 @@
-KERNEL_FEATURES_append = " ${@bb.utils.contains("DISTRO_FEATURES", "apparmor", " features/apparmor/apparmor.scc", "" ,d)}"
-KERNEL_FEATURES_append = " ${@bb.utils.contains("DISTRO_FEATURES", "smack", " features/smack/smack.scc", "" ,d)}"
-KERNEL_FEATURES_append = " ${@bb.utils.contains("IMAGE_CLASSES", "dm-verity-img", " features/device-mapper/dm-verity.scc", "" ,d)}"
--
2.25.1


[PATCH 2/2] zephyr-openthread-echo-client: Add new echo-client variant for OpenThread

Stefan Schmidt
 

From: Stefan Schmidt <stefan.schmidt@...>

Similar to the normal echo-client example it demonstrates socket usage,
but in this variant we enable the OpenThread config overlay and add the
needed module to the build.

Signed-off-by: Stefan Schmidt <stefan.schmidt@...>
---
.../zephyr-kernel/zephyr-openthread-echo-client.bb | 8 ++++++++
1 file changed, 8 insertions(+)
create mode 100644 recipes-kernel/zephyr-kernel/zephyr-openthread-echo-c=
lient.bb

diff --git a/recipes-kernel/zephyr-kernel/zephyr-openthread-echo-client.b=
b b/recipes-kernel/zephyr-kernel/zephyr-openthread-echo-client.bb
new file mode 100644
index 0000000..c985df2
--- /dev/null
+++ b/recipes-kernel/zephyr-kernel/zephyr-openthread-echo-client.bb
@@ -0,0 +1,8 @@
+include zephyr-sample.inc
+
+ZEPHYR_SRC_DIR =3D "${S}/samples/net/sockets/echo_client"
+
+ZEPHYR_MODULES_append =3D "\;${S}/modules/lib/mbedtls"
+ZEPHYR_MODULES_append =3D "\;${S}/modules/lib/openthread"
+
+EXTRA_OECMAKE +=3D "-DOVERLAY_CONFIG=3Doverlay-ot.conf"
--=20
2.31.1


[PATCH 1/2] zephyr-kernel: Add OpenThread module to build

Stefan Schmidt
 

From: Stefan Schmidt <stefan.schmidt@...>

OpenThread support in Zephyr is realised as an external module. Make
sure we pull it in and have it available for applications to use it.

Signed-off-by: Stefan Schmidt <stefan.schmidt@...>
---
recipes-kernel/zephyr-kernel/zephyr-kernel-common.inc | 1 +
recipes-kernel/zephyr-kernel/zephyr-kernel-src-2.6.0-rc1.inc | 1 +
recipes-kernel/zephyr-kernel/zephyr-kernel-src.inc | 1 +
3 files changed, 3 insertions(+)

diff --git a/recipes-kernel/zephyr-kernel/zephyr-kernel-common.inc b/reci=
pes-kernel/zephyr-kernel/zephyr-kernel-common.inc
index c9acbbb..eb5e75a 100644
--- a/recipes-kernel/zephyr-kernel/zephyr-kernel-common.inc
+++ b/recipes-kernel/zephyr-kernel/zephyr-kernel-common.inc
@@ -30,6 +30,7 @@ ZEPHYR_MODULES_append_nordic =3D "\;${S}/modules/hal/no=
rdic"
ZEPHYR_MODULES_append_stm32 =3D "\;${S}/modules/hal/stm32"
ZEPHYR_MODULES_append_mbedtls =3D "\;${S}/modules/lib/mbedtls"
ZEPHYR_MODULES_append_openamp =3D "\;${S}/modules/lib/open-amp\;${S}/mod=
ules/hal/libmetal"
+ZEPHYR_MODULES_append_openthread =3D "\;${S}/modules/lib/openthread"
=20
EXTRA_OECMAKE_append =3D " -DZEPHYR_MODULES=3D${ZEPHYR_MODULES}"
=20
diff --git a/recipes-kernel/zephyr-kernel/zephyr-kernel-src-2.6.0-rc1.inc=
b/recipes-kernel/zephyr-kernel/zephyr-kernel-src-2.6.0-rc1.inc
index a0e358e..546eb35 100644
--- a/recipes-kernel/zephyr-kernel/zephyr-kernel-src-2.6.0-rc1.inc
+++ b/recipes-kernel/zephyr-kernel/zephyr-kernel-src-2.6.0-rc1.inc
@@ -4,6 +4,7 @@ SRCREV_cmsis =3D "c3bd2094f92d574377f7af2aec147ae181aa5f8=
e"
SRCREV_nordic =3D "574493fe29c79140df4827ab5d4a23df79d03681"
SRCREV_stm32 =3D "f8ff8d25aa0a9e65948040c7b47ec67f3fa300df"
SRCREV_open-amp =3D "6010f0523cbc75f551d9256cf782f173177acdef"
+SRCREV_openthread =3D "385e19da1ae15f27872c2543b97276a42f102ead"
SRCREV_libmetal =3D "39d049d4ae68e6f6d595fce7de1dcfc1024fb4eb"
SRCREV_tinycrypt =3D "3e9a49d2672ec01435ffbf0d788db6d95ef28de0"
SRCREV_mbedtls =3D "5765cb7f75a9973ae9232d438e361a9d7bbc49e7"
diff --git a/recipes-kernel/zephyr-kernel/zephyr-kernel-src.inc b/recipes=
-kernel/zephyr-kernel/zephyr-kernel-src.inc
index 069fa56..4df5e7e 100644
--- a/recipes-kernel/zephyr-kernel/zephyr-kernel-src.inc
+++ b/recipes-kernel/zephyr-kernel/zephyr-kernel-src.inc
@@ -15,6 +15,7 @@ SRC_URI =3D "\
git://github.com/zephyrproject-rtos/hal_stm32.git;protocol=3Dhttps;d=
estsuffix=3Dgit/modules/hal/stm32;name=3Dstm32 \
git://github.com/zephyrproject-rtos/mbedtls.git;protocol=3Dhttps;des=
tsuffix=3Dgit/modules/lib/mbedtls;name=3Dmbedtls \
git://github.com/zephyrproject-rtos/open-amp.git;protocol=3Dhttps;de=
stsuffix=3Dgit/modules/lib/open-amp;name=3Dopen-amp \
+ git://github.com/zephyrproject-rtos/openthread.git;protocol=3Dhttps;=
branch=3Dzephyr;destsuffix=3Dgit/modules/lib/openthread;name=3Dopenthread=
\
git://github.com/zephyrproject-rtos/libmetal.git;protocol=3Dhttps;de=
stsuffix=3Dgit/modules/hal/libmetal;name=3Dlibmetal \
git://github.com/zephyrproject-rtos/tinycrypt.git;protocol=3Dhttps;d=
estsuffix=3Dgit/modules/crypto/tinycrypt;name=3Dtinycrypt \
file://0001-cmake-add-yocto-toolchain.patch \
--=20
2.31.1


[meta-rockchip][PATCH v2] Rock64: add machine

Yann Dirson
 

From: Yann Dirson <yann@...>

This is a RK3328 board from Pine64.
Board details at https://wiki.pine64.org/wiki/ROCK64.

Default image is built to boot from SD-card. Building an image for
eMMC requires to set RK_BOOT_DEVICE=3D"mmcblk0".

Signed-off-by: Yann Dirson <yann@...>
---

This is just basic initial support without a kernel BSP. As is the
board boots with a serial console.

Note I had to create the SoC definition for rk3328, and rather than
setting serial at 115200 there just to have the board definition
override it with rockchip-standard 1500000 I've set the latter right
in rk3328.inc.

Changes in v2:
- include Ayufan's patch for mmc aliases so presence of eMMC won't
prevent booting from SD

conf/machine/include/rk3328.inc | 25 ++++++++++++++++
conf/machine/rock64.conf | 30 +++++++++++++++++++
...an-dtsi-rk3328-add-mmc0-mmc1-aliases.patch | 27 +++++++++++++++++
recipes-kernel/linux/linux-yocto%.bbappend | 6 ++++
4 files changed, 88 insertions(+)
create mode 100644 conf/machine/include/rk3328.inc
create mode 100644 conf/machine/rock64.conf
create mode 100644 recipes-kernel/linux/files/0001-ayufan-dtsi-rk3328-ad=
d-mmc0-mmc1-aliases.patch

diff --git a/conf/machine/include/rk3328.inc b/conf/machine/include/rk332=
8.inc
new file mode 100644
index 0000000..7d67627
--- /dev/null
+++ b/conf/machine/include/rk3328.inc
@@ -0,0 +1,25 @@
+# Copyright (C) 2020 Garmin Ltd. or its subsidaries
+# Released under the MIT license (see COPYING.MIT for the terms)
+
+SOC_FAMILY =3D "rk3328"
+
+DEFAULTTUNE ?=3D "cortexa53-crypto"
+
+require conf/machine/include/soc-family.inc
+require conf/machine/include/tune-cortexa53.inc
+require conf/machine/include/rockchip-defaults.inc
+
+KBUILD_DEFCONFIG ?=3D "defconfig"
+KERNEL_CLASSES =3D "kernel-fitimage"
+KERNEL_IMAGETYPE =3D "fitImage"
+
+TFA_PLATFORM =3D "rk3328"
+TFA_BUILD_TARGET =3D "bl31"
+
+UBOOT_SUFFIX ?=3D "itb"
+UBOOT_ENTRYPOINT ?=3D "0x06000000"
+
+SERIAL_CONSOLES =3D "1500000;ttyS2"
+
+PREFERRED_PROVIDER_virtual/bootloader ?=3D "u-boot"
+SPL_BINARY ?=3D "idbloader.img"
diff --git a/conf/machine/rock64.conf b/conf/machine/rock64.conf
new file mode 100644
index 0000000..38bc9fa
--- /dev/null
+++ b/conf/machine/rock64.conf
@@ -0,0 +1,30 @@
+# Copyright (C) 2021 Blade SAS
+
+#@TYPE: Machine
+#@NAME: Rock64
+#@DESCRIPTION: Rock64 RK3328 board from Pine64
+
+require include/rk3328.inc
+
+MACHINE_FEATURES +=3D "usbhost serial"
+
+UBOOT_MACHINE =3D "rock64-rk3328_defconfig"
+KERNEL_DEVICETREE =3D "rockchip/rk3328-rock64.dtb"
+
+# set to mmcblk0 for booting from optional eMMC
+RK_BOOT_DEVICE ?=3D "mmcblk1"
+
+WKS_FILE ?=3D "rock-pi-4.wks"
+IMAGE_FSTYPES +=3D "wic wic.bmap"
+
+WKS_FILE_DEPENDS ?=3D " \
+ mtools-native \
+ dosfstools-native \
+ virtual/bootloader \
+ virtual/kernel \
+ "
+IMAGE_BOOT_FILES ?=3D "\
+ ${KERNEL_IMAGETYPE} \
+ "
+
+KBUILD_DEFCONFIG =3D "defconfig"
diff --git a/recipes-kernel/linux/files/0001-ayufan-dtsi-rk3328-add-mmc0-=
mmc1-aliases.patch b/recipes-kernel/linux/files/0001-ayufan-dtsi-rk3328-a=
dd-mmc0-mmc1-aliases.patch
new file mode 100644
index 0000000..1ad3b9e
--- /dev/null
+++ b/recipes-kernel/linux/files/0001-ayufan-dtsi-rk3328-add-mmc0-mmc1-al=
iases.patch
@@ -0,0 +1,27 @@
+From f10cfe01f753348d346374008b8e8f5f26ed94ab Mon Sep 17 00:00:00 2001
+From: Kamil Trzcinski <ayufan@...>
+Date: Mon, 28 Aug 2017 11:24:37 +0200
+Subject: [PATCH] ayufan: dtsi: rk3328: add mmc0/mmc1 aliases
+Upstream-Status: Pending [https://github.com/ayufan-rock64/linux-mainlin=
e-kernel/commit/f10cfe01f753348d346374008b8e8f5f26ed94ab]
+
+Change-Id: I82a5394df8a505f7d1496393621c1198895c88b0
+---
+ arch/arm64/boot/dts/rockchip/rk3328.dtsi | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/arch/arm64/boot/dts/rockchip/rk3328.dtsi b/arch/arm64/boot/=
dts/rockchip/rk3328.dtsi
+index 0afed15bc7ff..800f1c796882 100644
+--- a/arch/arm64/boot/dts/rockchip/rk3328.dtsi
++++ b/arch/arm64/boot/dts/rockchip/rk3328.dtsi
+@@ -27,6 +27,8 @@
+ i2c1 =3D &i2c1;
+ i2c2 =3D &i2c2;
+ i2c3 =3D &i2c3;
++ mmc0 =3D &emmc;
++ mmc1 =3D &sdmmc;
+ ethernet0 =3D &gmac2io;
+ ethernet1 =3D &gmac2phy;
+ };
+--=20
+2.30.2
+
diff --git a/recipes-kernel/linux/linux-yocto%.bbappend b/recipes-kernel/=
linux/linux-yocto%.bbappend
index 7702e3f..3789c72 100644
--- a/recipes-kernel/linux/linux-yocto%.bbappend
+++ b/recipes-kernel/linux/linux-yocto%.bbappend
@@ -8,3 +8,9 @@ COMPATIBLE_MACHINE_tinker-board-s =3D "tinker-board-s"
COMPATIBLE_MACHINE_rock-pi-4 =3D "rock-pi-4"
COMPATIBLE_MACHINE_nanopi-m4 =3D "nanopi-m4"
COMPATIBLE_MACHINE_nanopi-m4-2gb =3D "nanopi-m4-2gb"
+COMPATIBLE_MACHINE_rock64 =3D "rock64"
+
+FILESEXTRAPATHS_prepend :=3D "${THISDIR}/files:"
+
+# indeed applicable to all rk3328 boards
+SRC_URI_append_rock64 =3D " file://0001-ayufan-dtsi-rk3328-add-mmc0-mmc1=
-aliases.patch"
--=20
2.30.2


Re: precedence problem with custom xserver-xf86-config_0.1.bbappend recipe

Stefan Seefeld
 


On 2021-05-31 5:09 a.m., Quentin Schulz wrote:
A common mistake would be the forgotten semi-colon and/or _prepend:
FILESEXTRAPATHS_prepend := "${THISDIR}/files"

Another common mistake is to not respect the tree layout of the original
path relative to the original recipe (or for that matter, the one you
want to override coming from the bbappend) for xorg.conf.
In that case, you can see that in meta-yocto-bsp, there's a parent
directory of xorg.conf that is not the one listed in
FILESEXTRAPATHS_prepend. You should add this directory in the path of
your bbappend.

Indeed, I was basing my layout on the original recipe, not on the poky override (which adds the $MACHINE as a subdirectory).

With that adjustment everything appears to be working fine.

https://pretalx.com/media/yocto-project-summit-2021/submissions/WTT3UV/resources/Demystifying_the_OVERRIDES_mechan_no6J6fb.pdf
slides 70 to 80 might help you. The recording should be available in a
few days/weeks.

Thanks a lot, this looks really useful ! 

Stefan
-- 

      ...ich hab' noch einen Koffer in Berlin...


Re: [qa-build-notification] QA notification for completed autobuilder build (yocto-3.1.8.rc1)

Sangeeta Jain
 

Hi all,

This is the full report for yocto-3.1.8.rc1:
https://git.yoctoproject.org/cgit/cgit.cgi/yocto-testresults-contrib/tree/?h=intel-yocto-testresults

======= Summary ========
No high milestone defects.

1 new issue found:

BUG id:14414 - [QA 3.1.8 RC1] failure in ptest : strace.printstrn-umoven.gen.test


======= Bugs ========
https://bugzilla.yoctoproject.org/show_bug.cgi?id=14414

Thanks,
Sangeeta

-----Original Message-----
From: qa-build-notification@... <qa-build-
notification@...> On Behalf Of Pokybuild User
Sent: Wednesday, 26 May, 2021 3:40 AM
To: yocto@...
Cc: qa-build-notification@...
Subject: [qa-build-notification] QA notification for completed autobuilder
build (yocto-3.1.8.rc1)


A build flagged for QA (yocto-3.1.8.rc1) was completed on the autobuilder
and is available at:


https://autobuilder.yocto.io/pub/releases/yocto-3.1.8.rc1


Build hash information:

bitbake: 078f3164dcb1de7a141bec3a8fd52631d0362631
meta-arm: 9dadb61b36fdd09a39d8cb755fa29d03928a1116
meta-gplv2: 60b251c25ba87e946a0ca4cdc8d17b1cb09292ac
meta-intel: 2fb89eb85dea00de9446c1cf44ba6a5586f42c84
meta-mingw: 524de686205b5d6736661d4532f5f98fee8589b7
oecore: ecd636154e7cfc1349a7cfd8026a85eafa219535
poky: 6ebb33bdaccaeadff0c85aab27acf35723df00d8



This is an automated message from the Yocto Project Autobuilder
Git: git://git.yoctoproject.org/yocto-autobuilder2
Email: richard.purdie@...







Re: [meta-rockchip][PATCH] Rock64: add machine

Yann Dirson
 

Le lun. 31 mai 2021 à 10:20, Yann Dirson via lists.yoctoproject.org
<yann.dirson=blade-group.com@...> a écrit :

From: Yann Dirson <yann@...>

This is a RK3328 board from Pine64.
Board details at https://wiki.pine64.org/wiki/ROCK64.

Signed-off-by: Yann Dirson <yann@...>
---

This is just basic initial support without a kernel BSP. As is the
board boots with a serial console.
This statement was refering to core-image-minimal. The board does get
working ethernet, usb, hdmi with core-image-base, the only major devices
not handled are audio (not even hdmi-audio by default) and emmc (see
below).


Note I had to create the SoC definition for rk3328, and rather than
setting serial at 115200 there just to have the board definition
override it with rockchip-standard 1500000 I've set the latter right
in rk3328.inc.

conf/machine/include/rk3328.inc | 25 +++++++++++++++++++
conf/machine/rock64.conf | 28 ++++++++++++++++++++++
recipes-kernel/linux/linux-yocto%.bbappend | 1 +
3 files changed, 54 insertions(+)
create mode 100644 conf/machine/include/rk3328.inc
create mode 100644 conf/machine/rock64.conf

diff --git a/conf/machine/include/rk3328.inc b/conf/machine/include/rk3328.inc
new file mode 100644
index 0000000..7d67627
--- /dev/null
+++ b/conf/machine/include/rk3328.inc
@@ -0,0 +1,25 @@
+# Copyright (C) 2020 Garmin Ltd. or its subsidaries
+# Released under the MIT license (see COPYING.MIT for the terms)
+
+SOC_FAMILY = "rk3328"
+
+DEFAULTTUNE ?= "cortexa53-crypto"
+
+require conf/machine/include/soc-family.inc
+require conf/machine/include/tune-cortexa53.inc
+require conf/machine/include/rockchip-defaults.inc
+
+KBUILD_DEFCONFIG ?= "defconfig"
+KERNEL_CLASSES = "kernel-fitimage"
+KERNEL_IMAGETYPE = "fitImage"
+
+TFA_PLATFORM = "rk3328"
+TFA_BUILD_TARGET = "bl31"
+
+UBOOT_SUFFIX ?= "itb"
+UBOOT_ENTRYPOINT ?= "0x06000000"
+
+SERIAL_CONSOLES = "1500000;ttyS2"
+
+PREFERRED_PROVIDER_virtual/bootloader ?= "u-boot"
+SPL_BINARY ?= "idbloader.img"
diff --git a/conf/machine/rock64.conf b/conf/machine/rock64.conf
new file mode 100644
index 0000000..88a8434
--- /dev/null
+++ b/conf/machine/rock64.conf
@@ -0,0 +1,28 @@
+# Copyright (C) 2021 Blade SAS
+
+#@TYPE: Machine
+#@NAME: Rock64
+#@DESCRIPTION: Rock64 RK3328 board from Pine64
+
+require include/rk3328.inc
+
+MACHINE_FEATURES += "usbhost serial"
+
+UBOOT_MACHINE = "rock64-rk3328_defconfig"
+KERNEL_DEVICETREE = "rockchip/rk3328-rock64.dtb"
+
+RK_BOOT_DEVICE = "mmcblk0"
I realize now that this part is problematic:
- booting core-image-minimal from sdcard with or without an eMMC
plugged indeed works, as does core-image-base without an eMMC
- booting core-image-base from sdcard with an eMMC plugged gets the sd
as mmcblk1

This seems to indicate that upstream dts lacks "/aliases/mmc*"
statements in the dts, I'll have to dig and see
what the proper aliases should be.


+WKS_FILE ?= "rock-pi-4.wks"
+IMAGE_FSTYPES += "wic wic.bmap"
+
+WKS_FILE_DEPENDS ?= " \
+ mtools-native \
+ dosfstools-native \
+ virtual/bootloader \
+ virtual/kernel \
+ "
+IMAGE_BOOT_FILES ?= "\
+ ${KERNEL_IMAGETYPE} \
+ "
+
+KBUILD_DEFCONFIG = "defconfig"
diff --git a/recipes-kernel/linux/linux-yocto%.bbappend b/recipes-kernel/linux/linux-yocto%.bbappend
index 7702e3f..f453281 100644
--- a/recipes-kernel/linux/linux-yocto%.bbappend
+++ b/recipes-kernel/linux/linux-yocto%.bbappend
@@ -8,3 +8,4 @@ COMPATIBLE_MACHINE_tinker-board-s = "tinker-board-s"
COMPATIBLE_MACHINE_rock-pi-4 = "rock-pi-4"
COMPATIBLE_MACHINE_nanopi-m4 = "nanopi-m4"
COMPATIBLE_MACHINE_nanopi-m4-2gb = "nanopi-m4-2gb"
+COMPATIBLE_MACHINE_rock64 = "rock64"
--
2.30.2




--
Yann Dirson <yann@...>
Blade / Shadow -- http://shadow.tech


Re: precedence problem with custom xserver-xf86-config_0.1.bbappend recipe

Quentin Schulz
 

Hi Stefan,

On Sun, May 30, 2021 at 06:10:48PM -0400, Stefan Seefeld wrote:
Hello,

I'm trying to add a custom `xorg.conf` file to my yocto build, by defining a
`recipes-graphics/xorg-xserver/xserver-xf86-config_0.1.bbappend` recipe to
my layer.

However, it seems like I always end up getting the (empty) `xorg.conf` file
from `meta-yocto-bsp/recipes-graphics/xorg-xserver/xserver-xf86-config_0.1.bbappend`,
even though poky's `meta-yocto-bsp` layer has lower priority (5) than my own
(6).
I do get my own `xorg.conf` file if I remove (or rename) the meta-yocto-bsp
recipe, so this really looks like a precedence problem.

Any idea what I may be missing ?
A common mistake would be the forgotten semi-colon and/or _prepend:
FILESEXTRAPATHS_prepend := "${THISDIR}/files"

Another common mistake is to not respect the tree layout of the original
path relative to the original recipe (or for that matter, the one you
want to override coming from the bbappend) for xorg.conf.
In that case, you can see that in meta-yocto-bsp, there's a parent
directory of xorg.conf that is not the one listed in
FILESEXTRAPATHS_prepend. You should add this directory in the path of
your bbappend.

https://pretalx.com/media/yocto-project-summit-2021/submissions/WTT3UV/resources/Demystifying_the_OVERRIDES_mechan_no6J6fb.pdf
slides 70 to 80 might help you. The recording should be available in a
few days/weeks.

Cheers,
Quentin


[meta-rockchip][PATCH] Rock64: add machine

Yann Dirson
 

From: Yann Dirson <yann@...>

This is a RK3328 board from Pine64.
Board details at https://wiki.pine64.org/wiki/ROCK64.

Signed-off-by: Yann Dirson <yann@...>
---

This is just basic initial support without a kernel BSP. As is the
board boots with a serial console.

Note I had to create the SoC definition for rk3328, and rather than
setting serial at 115200 there just to have the board definition
override it with rockchip-standard 1500000 I've set the latter right
in rk3328.inc.

conf/machine/include/rk3328.inc | 25 +++++++++++++++++++
conf/machine/rock64.conf | 28 ++++++++++++++++++++++
recipes-kernel/linux/linux-yocto%.bbappend | 1 +
3 files changed, 54 insertions(+)
create mode 100644 conf/machine/include/rk3328.inc
create mode 100644 conf/machine/rock64.conf

diff --git a/conf/machine/include/rk3328.inc b/conf/machine/include/rk332=
8.inc
new file mode 100644
index 0000000..7d67627
--- /dev/null
+++ b/conf/machine/include/rk3328.inc
@@ -0,0 +1,25 @@
+# Copyright (C) 2020 Garmin Ltd. or its subsidaries
+# Released under the MIT license (see COPYING.MIT for the terms)
+
+SOC_FAMILY =3D "rk3328"
+
+DEFAULTTUNE ?=3D "cortexa53-crypto"
+
+require conf/machine/include/soc-family.inc
+require conf/machine/include/tune-cortexa53.inc
+require conf/machine/include/rockchip-defaults.inc
+
+KBUILD_DEFCONFIG ?=3D "defconfig"
+KERNEL_CLASSES =3D "kernel-fitimage"
+KERNEL_IMAGETYPE =3D "fitImage"
+
+TFA_PLATFORM =3D "rk3328"
+TFA_BUILD_TARGET =3D "bl31"
+
+UBOOT_SUFFIX ?=3D "itb"
+UBOOT_ENTRYPOINT ?=3D "0x06000000"
+
+SERIAL_CONSOLES =3D "1500000;ttyS2"
+
+PREFERRED_PROVIDER_virtual/bootloader ?=3D "u-boot"
+SPL_BINARY ?=3D "idbloader.img"
diff --git a/conf/machine/rock64.conf b/conf/machine/rock64.conf
new file mode 100644
index 0000000..88a8434
--- /dev/null
+++ b/conf/machine/rock64.conf
@@ -0,0 +1,28 @@
+# Copyright (C) 2021 Blade SAS
+
+#@TYPE: Machine
+#@NAME: Rock64
+#@DESCRIPTION: Rock64 RK3328 board from Pine64
+
+require include/rk3328.inc
+
+MACHINE_FEATURES +=3D "usbhost serial"
+
+UBOOT_MACHINE =3D "rock64-rk3328_defconfig"
+KERNEL_DEVICETREE =3D "rockchip/rk3328-rock64.dtb"
+
+RK_BOOT_DEVICE =3D "mmcblk0"
+WKS_FILE ?=3D "rock-pi-4.wks"
+IMAGE_FSTYPES +=3D "wic wic.bmap"
+
+WKS_FILE_DEPENDS ?=3D " \
+ mtools-native \
+ dosfstools-native \
+ virtual/bootloader \
+ virtual/kernel \
+ "
+IMAGE_BOOT_FILES ?=3D "\
+ ${KERNEL_IMAGETYPE} \
+ "
+
+KBUILD_DEFCONFIG =3D "defconfig"
diff --git a/recipes-kernel/linux/linux-yocto%.bbappend b/recipes-kernel/=
linux/linux-yocto%.bbappend
index 7702e3f..f453281 100644
--- a/recipes-kernel/linux/linux-yocto%.bbappend
+++ b/recipes-kernel/linux/linux-yocto%.bbappend
@@ -8,3 +8,4 @@ COMPATIBLE_MACHINE_tinker-board-s =3D "tinker-board-s"
COMPATIBLE_MACHINE_rock-pi-4 =3D "rock-pi-4"
COMPATIBLE_MACHINE_nanopi-m4 =3D "nanopi-m4"
COMPATIBLE_MACHINE_nanopi-m4-2gb =3D "nanopi-m4-2gb"
+COMPATIBLE_MACHINE_rock64 =3D "rock64"
--=20
2.30.2


Re: How to switch yocto INIT_MANAGER from systemd to sysvinit #dunfell

Zoran
 

What about the following:
https://docs.yoctoproject.org/ref-manual/migration-3.0.html?highlight=init_manager#init-system-selection

To be enhanced/added with the following:
https://github.com/ZoranStojsavljevic/bbb-yocto/blob/master/bbb-releases/bbb-hardknott/README.md

Best Regards,
Zee
_______

On Fri, May 28, 2021 at 3:02 PM Swapna Nannapaneni
<sayinswapna@...> wrote:

Typo. No leading space INIT_MANAGER = "sysvinit".

Thanks,
Priya.

On Fri, May 28, 2021 at 8:55 AM Zoran Stojsavljevic <zoran.stojsavljevic@...> wrote:

you don't want the leading space.
I got the idea from reading
https://docs.yoctoproject.org/ref-manual/migration-3.0.html?highlight=init_manager#init-system-selection

But this is exactly why we need some explicit examples. :-)

Zee
_______

On Fri, May 28, 2021 at 2:45 PM Robert P. J. Day <rpjday@...> wrote:

On Fri, 28 May 2021, Zoran wrote:

Tried setting INIT_MANAGER = " sysvinit" in build/conf/local.conf
Is it INIT_MANAGER = " sysvinit" , or INIT_MANAGER = "sysvinit" (no
blank at the beginning)?

Thank you,
Zee
you don't want the leading space.

rday


precedence problem with custom xserver-xf86-config_0.1.bbappend recipe

Stefan Seefeld
 

Hello,

I'm trying to add a custom `xorg.conf` file to my yocto build, by defining a `recipes-graphics/xorg-xserver/xserver-xf86-config_0.1.bbappend` recipe to my layer.

However, it seems like I always end up getting the (empty) `xorg.conf` file from `meta-yocto-bsp/recipes-graphics/xorg-xserver/xserver-xf86-config_0.1.bbappend`, even though poky's `meta-yocto-bsp` layer has lower priority (5) than my own (6).
I do get my own `xorg.conf` file if I remove (or rename) the meta-yocto-bsp recipe, so this really looks like a precedence problem.

Any idea what I may be missing ?

Thanks !

Stefan
-- 

      ...ich hab' noch einen Koffer in Berlin...


[meta-security][PATCH 5/5] packagegroup-core-security: drop python3-scapy

Armin Kuster
 

Signed-off-by: Armin Kuster <akuster808@...>
---
recipes-core/packagegroup/packagegroup-core-security.bb | 2 --
1 file changed, 2 deletions(-)

diff --git a/recipes-core/packagegroup/packagegroup-core-security.bb b/recipes-core/packagegroup/packagegroup-core-security.bb
index cf9620f..e7b6d9b 100644
--- a/recipes-core/packagegroup/packagegroup-core-security.bb
+++ b/recipes-core/packagegroup/packagegroup-core-security.bb
@@ -37,7 +37,6 @@ RDEPENDS_packagegroup-security-utils = "\
pinentry \
python3-privacyidea \
python3-fail2ban \
- python3-scapy \
softhsm \
libest \
opendnssec \
@@ -89,7 +88,6 @@ RDEPENDS_packagegroup-meta-security-ptest-packages = "\
ptest-runner \
samhain-standalone-ptest \
libseccomp-ptest \
- python3-scapy-ptest \
suricata-ptest \
python3-fail2ban-ptest \
${@bb.utils.contains("DISTRO_FEATURES", "smack", "smack-ptest", "",d)} \
--
2.24.3


[meta-security][PATCH 4/5] python3-scapy: drop , now in meta-python

Armin Kuster
 

Signed-off-by: Armin Kuster <akuster808@...>
---
recipes-security/scapy/files/run-ptest | 4 ---
recipes-security/scapy/python3-scapy_2.4.5.bb | 30 -------------------
2 files changed, 34 deletions(-)
delete mode 100644 recipes-security/scapy/files/run-ptest
delete mode 100644 recipes-security/scapy/python3-scapy_2.4.5.bb

diff --git a/recipes-security/scapy/files/run-ptest b/recipes-security/scapy/files/run-ptest
deleted file mode 100644
index 797d8ec..0000000
--- a/recipes-security/scapy/files/run-ptest
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/sh
-UTscapy3 -t regression.uts -f text -l -C \
- -o @PTEST_PATH@/scapy_ptest_$(date +%Y%m%d-%H%M%S).log \
- 2>&1 | sed -e 's/^passed None/PASS:/' -e 's/^failed None/FAIL:/'
diff --git a/recipes-security/scapy/python3-scapy_2.4.5.bb b/recipes-security/scapy/python3-scapy_2.4.5.bb
deleted file mode 100644
index 8f36520..0000000
--- a/recipes-security/scapy/python3-scapy_2.4.5.bb
+++ /dev/null
@@ -1,30 +0,0 @@
-SUMMARY = "Network scanning and manipulation tool"
-DESCRIPTION = "Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.). It also performs very well at a lot of other specific tasks that most other tools can't handle, like sending invalid frames, injecting your own 802.11 frames, combining technics (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, ...), etc."
-SECTION = "security"
-LICENSE = "GPLv2"
-
-LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263"
-
-SRCREV = "32cd7eb0f620d9adf171c48d55514e8326a538d7"
-SRC_URI = "git://github.com/secdev/scapy.git \
- file://run-ptest"
-
-S = "${WORKDIR}/git"
-
-UPSTREAM_CHECK_COMMITS = "1"
-
-inherit setuptools3 ptest
-
-do_install_append() {
- mv ${D}${bindir}/scapy ${D}${bindir}/scapy3
- mv ${D}${bindir}/UTscapy ${D}${bindir}/UTscapy3
-}
-
-do_install_ptest() {
- install -m 0644 ${S}/test/regression.uts ${D}${PTEST_PATH}
- sed -i 's,@PTEST_PATH@,${PTEST_PATH},' ${D}${PTEST_PATH}/run-ptest
-}
-
-RDEPENDS_${PN} = "tcpdump ${PYTHON_PN}-compression ${PYTHON_PN}-cryptography ${PYTHON_PN}-netclient \
- ${PYTHON_PN}-netserver ${PYTHON_PN}-pydoc ${PYTHON_PN}-pkgutil ${PYTHON_PN}-shell \
- ${PYTHON_PN}-threading ${PYTHON_PN}-numbers ${PYTHON_PN}-pycrypto"
--
2.24.3


[meta-security][PATCH 3/5] initramfs-framework: fix YCL issue.

Armin Kuster
 

Signed-off-by: Armin Kuster <akuster808@...>
---
.../initrdscripts/initramfs-framework.inc | 16 ++++++++++++++++
.../initramfs-framework_1.0.bbappend | 17 +----------------
2 files changed, 17 insertions(+), 16 deletions(-)
create mode 100644 recipes-core/initrdscripts/initramfs-framework.inc

diff --git a/recipes-core/initrdscripts/initramfs-framework.inc b/recipes-core/initrdscripts/initramfs-framework.inc
new file mode 100644
index 0000000..dad9c96
--- /dev/null
+++ b/recipes-core/initrdscripts/initramfs-framework.inc
@@ -0,0 +1,16 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
+
+SRC_URI_append = "\
+ file://dmverity \
+"
+
+do_install_append() {
+ # dm-verity
+ install ${WORKDIR}/dmverity ${D}/init.d/80-dmverity
+}
+
+PACKAGES_append = " initramfs-module-dmverity"
+
+SUMMARY_initramfs-module-dmverity = "initramfs dm-verity rootfs support"
+RDEPENDS_initramfs-module-dmverity = "${PN}-base"
+FILES_initramfs-module-dmverity = "/init.d/80-dmverity"
diff --git a/recipes-core/initrdscripts/initramfs-framework_1.0.bbappend b/recipes-core/initrdscripts/initramfs-framework_1.0.bbappend
index dad9c96..dc74e01 100644
--- a/recipes-core/initrdscripts/initramfs-framework_1.0.bbappend
+++ b/recipes-core/initrdscripts/initramfs-framework_1.0.bbappend
@@ -1,16 +1 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
-
-SRC_URI_append = "\
- file://dmverity \
-"
-
-do_install_append() {
- # dm-verity
- install ${WORKDIR}/dmverity ${D}/init.d/80-dmverity
-}
-
-PACKAGES_append = " initramfs-module-dmverity"
-
-SUMMARY_initramfs-module-dmverity = "initramfs dm-verity rootfs support"
-RDEPENDS_initramfs-module-dmverity = "${PN}-base"
-FILES_initramfs-module-dmverity = "/init.d/80-dmverity"
+require ${@bb.utils.contains('IMAGE_CLASSES', 'dm-verity', 'initramfs-framework.inc', '', d)}
--
2.24.3

4121 - 4140 of 57807