1. yocto@lists.yoctoproject.org
  2. Messages
   Date   
Yocto Project Status WW27`21

Stephen Jolley
 

Current Dev Position: YP 3.4 M2

Next Deadline: 12th July 2021 YP 3.4 M2 build

 

Next Team Meetings:

 

Key Status/Updates:

  • YP 3.1.9 was released.
  • The prserv rewrite is still pending on resolving the issues with python asyncio.
  • Alexandre Belloni/Bootlin have been taking over some of the patch testing/queuing work over the last couple of weeks, feedback to either Richard/Alexandre or the TSC on how this is working is welcome.
  • Intermittent autobuilder issues continue to occur, about 50% of the open issues are now ptest failures, many occurring more frequently on arm and the rest are various other races or timeouts. You can see the list of failures we’re continuing to see by searching for the “AB-INT” tag in bugzilla: https://bugzilla.yoctoproject.org/buglist.cgi?quicksearch=AB-INT
  • We have made progress on a couple of the race issues and on one of the ptest issues (util-linux), some of the ptest issues and the bitbake server timeout issue are now our most frequently encountered issues.
  • A rootfs license race issue (#14123) now has reproduction steps which should allow a fix to follow.
  • The multiconfig changes in bitbake continue to cause problems, we still need simpler test cases to reproduce issues rather than huge builds. The existing patches seem to fix some workloads and break others and current test cases are very slow to work with.

 

Ways to contribute:

 

YP 3.4 Milestone Dates:

  • YP 3.4 M2 build date 2021/07/12
  • YP 3.4 M2 Release date 2021/07/23
  • YP 3.4 M3 build date 2021/08/23 (Feature Freeze)
  • YP 3.4 M3 Release date 2021/09/03
  • YP 3.4 M4 build date 2021/10/04
  • YP 3.4 M4 Release date 2021/10/29

 

Planned upcoming dot releases:

  • YP 3.1.9 is released
  • YP 3.3.2 build date 2021/07/19
  • YP 3.3.2 release date 2021/07/30
  • YP 3.1.10 build date 2021/07/26
  • YP 3.1.10 release date 2021/08/06
  • YP 3.1.11 build date 2021/09/13
  • YP 3.1.11 release date 2021/9/24

 

Tracking Metrics:

 

The Yocto Project’s technical governance is through its Technical Steering Committee, more information is available at:

https://wiki.yoctoproject.org/wiki/TSC

 

The Status reports are now stored on the wiki at: https://wiki.yoctoproject.org/wiki/Weekly_Status

 

[If anyone has suggestions for other information you’d like to see on this weekly status update, let us know!]

 

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 
M+ & H bugs with Milestone Movements WW27

Stephen Jolley
 

All,

YP M+ or high bugs which moved to a new milestone in WW27 are listed below:

Priority

Bug ID

Short Description

Changer

Owner

Was

Became

Medium+

10693

Add a testcase for multilib eSDK on the autobuilder

Qi.Chen@...

Qi.Chen@...

3.4 M1

3.5

 

11449

Allow overriding classes to override overridden classes

richard.purdie@...

richard.purdie@...

3.4 M1

3.4 M3

 

11746

oe-selftest: capture self.logger messages in XML output

richard.purdie@...

richard.purdie@...

3.4 M1

3.4 M3

 

12090

bitbake resident server reconnect needed ?

richard.purdie@...

richard.purdie@...

3.4 M1

3.4 M3

 

12368

persistent bitbake server does not re-parse if previous build was ctrl+C'd

richard.purdie@...

richard.purdie@...

3.4 M1

3.4 M3

 

12723

mysql requires unicode and char length filtering

david.reyna@...

david.reyna@...

3.4 M1

3.4 M2

 

12970

uninative file should be versionned

richard.purdie@...

richard.purdie@...

3.4 M1

3.4 M3

 

12986

Failed to expand SRCPV on updateding SRC_URI using pn overrides and BBCLASSEXTEND

richard.purdie@...

richard.purdie@...

3.4 M1

3.4 M3

 

13103

[Bug][QA 2.7 M1 rc1][Toaster] "Recipes" tableá and á"machines" table are not getting populated after clickingáon imported layer as well as after clicking Machines Tab on project page

david.reyna@...

david.reyna@...

3.4 M1

3.4 M2

 

13183

bitbake-layers crashes with incorrect layer configuration data is given (expected proper error printing and exit with error)

richard.purdie@...

richard.purdie@...

3.4 M1

3.4 M3

 

13278

If git protocol doesn't work, you get a tar.gz clone from PREMIRROR which has git protocol origin

richard.purdie@...

richard.purdie@...

3.4 M1

3.4 M3

 

13424

devupstream doesn't work with mutilib

richard.purdie@...

richard.purdie@...

3.4 M1

3.4 M3

 

13448

bitbake master appears to expand variables it should not need to

richard.purdie@...

richard.purdie@...

3.4 M1

3.4 M3

 

13520

many valgrind tests fail for arm64

randy.macleod@...

stacygaikovaia@...

3.4 M1

3.4 M3

 

13599

Enhancement: Detect variables that shouldn't be defined in image scope, but in global (distro) scope

richard.purdie@...

richard.purdie@...

3.4 M1

3.4 M3

 

13699

Prolonged recipe parsing times after removing tmp when the resident bitbake server is used

richard.purdie@...

richard.purdie@...

3.4 M1

3.4 M3

 

13711

Parsing fails on externalsrc recipe containing both git and file in SRC_URI

richard.purdie@...

richard.purdie@...

3.4 M1

3.4 M3

 

13729

Changing siteinfo files doesn't change task checksum

richard.purdie@...

richard.purdie@...

3.4 M1

3.4 M3

 

13823

fetch2: PREMIRROR and SRC_URI with users on both url yields invalid username

richard.purdie@...

richard.purdie@...

3.4 M1

3.4 M3

 

13888

Toaster is not starting for Django-3

david.reyna@...

david.reyna@...

3.4 M1

3.4 M2

 

13973

change siginfo data format to json for reproducibility? (siginfo files currently not reproducible)

richard.purdie@...

richard.purdie@...

3.4 M1

3.4 M3

 

14026

documentation how to use systemd is inconsistent

randy.macleod@...

michael.opdenacker@...

3.4 M1

3.4 M3

 

14085

Toaster UI should know when bitbake crashed

david.reyna@...

david.reyna@...

3.4 M1

3.4 M2

 

14088

Attempting to override RDEPENDS_${PN} from global config doesn't work

richard.purdie@...

richard.purdie@...

3.4 M1

3.4 M3

 

14156

gitsm: submodules are fetched as mirrored and not working as expected

richard.purdie@...

richard.purdie@...

3.4 M1

3.4 M3

 

14165

AB-INT PTEST: strace ptest intermittent failure in qual_fault-syscall.test

randy.macleod@...

randy.macleod@...

3.3 M3

3.4 M3

 

14177

AB-INT PTEST: tcl ptest intermittent failure

randy.macleod@...

ross@...

3.4 M1

3.4 M2

 

14311

AB-INT PTEST: valgrind drd/tests ptest intermittent failure

randy.macleod@...

yf3yu@...

3.4 M1

3.4 M2

 

14340

improve detection and error reporting when oe-core is missing

richard.purdie@...

richard.purdie@...

3.4 M1

3.4 M3

 

14356

Too small images in epub output

randy.macleod@...

michael.opdenacker@...

3.4 M1

3.4 M3

 

14357

No PDF and EPUB versions of the manuals available on the website

randy.macleod@...

michael.opdenacker@...

3.4 M1

3.4 M3

 

14366

populate_sdk_ext fails with pseudo path mismatch due to COPY_LIC_DIRS hard links

richard.purdie@...

richard.purdie@...

3.4 M1

3.4 M3

 

14408

bitbake hangs using taskexp ui and a new build directory

richard.purdie@...

richard.purdie@...

3.4 M2

3.4 M3

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 
Enhancements/Bugs closed WW27!

Stephen Jolley
 

All,

The below were the owners of enhancements or bugs closed during the last week!

Who

Count

richard.purdie@...

19

bruce.ashfield@...

2

weaverjs@...

1

randy.macleod@...

1

JPEWhacker@...

1

Grand Total

24

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 
Current high bug count owners for Yocto Project 3.4

Stephen Jolley
 

All,

Below is the list as of top 50 bug owners as of the end of WW27 of who have open medium or higher bugs and enhancements against YP 3.4.   There are 82 possible work days left until the final release candidates for YP 3.4 needs to be released.

Who

Count

ross@...

31

richard.purdie@...

29

michael.opdenacker@...

26

david.reyna@...

22

bruce.ashfield@...

18

bluelightning@...

12

akuster808@...

12

JPEWhacker@...

11

timothy.t.orling@...

11

trevor.gamblin@...

11

sakib.sajal@...

10

randy.macleod@...

10

tony.tascioglu@...

9

kai.kang@...

7

raj.khem@...

6

hongxu.jia@...

6

yi.zhao@...

5

mingli.yu@...

5

Qi.Chen@...

5

chee.yang.lee@...

5

mostthingsweb@...

3

mshah@...

2

jaewon@...

2

alexandre.belloni@...

2

yf3yu@...

2

pokylinux@...

2

ydirson@...

2

alejandro@...

2

yoctoproject@...

1

mhalstead@...

1

liezhi.yang@...

1

mark.hatle@...

1

stacygaikovaia@...

1

thomas.perrot@...

1

alex.kanavin@...

1

jon.mason@...

1

sangeeta.jain@...

1

kexin.hao@...

1

shachar@...

1

Martin.Jansa@...

1

mister_rs@...

1

naveen.kumar.saini@...

1

john.kaldas.enpj@...

1

kergoth@...

1

devendra.tewari@...

1

jeanmarie.lemetayer@...

1

diego.sueiro@...

1

aehs29@...

1

nicolas.dechesne@...

1

matthewzmd@...

1

douglas.royds@...

1

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 
Yocto Project Newcomer & Unassigned Bugs - Help Needed

Stephen Jolley
 

All,

 

The triage team is starting to try and collect up and classify bugs which a newcomer to the project would be able to work on in a way which means people can find them. They're being listed on the triage page under the appropriate heading:

https://wiki.yoctoproject.org/wiki/Bug_Triage#Newcomer_Bugs  Also please review: https://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded and how to create a bugzilla account at: https://bugzilla.yoctoproject.org/createaccount.cgi

The idea is these bugs should be straight forward for a person to help work on who doesn't have deep experience with the project.  If anyone can help, please take ownership of the bug and send patches!  If anyone needs help/advice there are people on irc who can likely do so, or some of the more experienced contributors will likely be happy to help too.

 

Also, the triage team meets weekly and does its best to handle the bugs reported into the Bugzilla. The number of people attending that meeting has fallen, as have the number of people available to help fix bugs. One of the things we hear users report is they don't know how to help. We (the triage team) are therefore going to start reporting out the currently 357 unassigned or newcomer bugs.

 

We're hoping people may be able to spare some time now and again to help out with these.  Bugs are split into two types, "true bugs" where things don't work as they should and "enhancements" which are features we'd want to add to the system.  There are also roughly four different "priority" classes right now, “3.2”, “3.3, "3.99" and "Future", the more pressing/urgent issues being in "3.2" and then “3.3”.

 

Please review this link and if a bug is something you would be able to help with either take ownership of the bug, or send me (sjolley.yp.pm@...) an e-mail with the bug number you would like and I will assign it to you (please make sure you have a Bugzilla account).  The list is at: https://wiki.yoctoproject.org/wiki/Bug_Triage_Archive#Unassigned_or_Newcomer_Bugs

 

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 
Re: Integration of Docker in Read-only Rootfile system through Yocto

Poornesh <poornesh.g@...>
 

Greetings !

I am trying to integrate Docker in Yocto. (Yocto Zeus) . I could able to add Docker in yocto and it is working as expected in the Rootfile system which is having "Read-write" permission . But in the Rootfile system which is having "Read-only" type the "docker.sevice" is failing .  Please find the attachment includes service status of "docker.service" . Ultimately I am having a requirement of working of Docker with "Read-only" Rootfile system.

Kindly requesting your suggestions to over come this issue.

--

Thanks and Regards

Poornesh G
Re: [meta-security][PATCH 2/2] apparmor: use its own initscript and service files

Yi Zhao
 

Ping ...


On 6/23/21 5:15 PM, Yi Zhao wrote:

Use initscript and service files provided by apparmor.

Signed-off-by: Yi Zhao <yi.zhao@...>
---
 recipes-mac/AppArmor/apparmor_3.0.1.bb        |  33 +--
 ...x-hardcoded-installation-directories.patch |  51 ++++
 ...pparmor.debian-add-missing-functions.patch |  57 ++++
 recipes-mac/AppArmor/files/apparmor           | 226 ---------------
 recipes-mac/AppArmor/files/apparmor.rc        |  98 -------
 recipes-mac/AppArmor/files/apparmor.service   |  22 --
 recipes-mac/AppArmor/files/functions          | 271 ------------------
 7 files changed, 118 insertions(+), 640 deletions(-)
 create mode 100644 recipes-mac/AppArmor/files/0001-Makefile-fix-hardcoded-installation-directories.patch
 create mode 100644 recipes-mac/AppArmor/files/0001-rc.apparmor.debian-add-missing-functions.patch
 delete mode 100644 recipes-mac/AppArmor/files/apparmor
 delete mode 100644 recipes-mac/AppArmor/files/apparmor.rc
 delete mode 100644 recipes-mac/AppArmor/files/apparmor.service
 delete mode 100644 recipes-mac/AppArmor/files/functions

diff --git a/recipes-mac/AppArmor/apparmor_3.0.1.bb b/recipes-mac/AppArmor/apparmor_3.0.1.bb
index 6377683..ff5b39b 100644
--- a/recipes-mac/AppArmor/apparmor_3.0.1.bb
+++ b/recipes-mac/AppArmor/apparmor_3.0.1.bb
@@ -15,15 +15,13 @@ DEPENDS = "bison-native apr gettext-native coreutils-native swig-native"
 
 SRC_URI = " \
     git://gitlab.com/apparmor/apparmor.git;protocol=https;branch=apparmor-3.0 \
+    file://run-ptest \
     file://disable_perl_h_check.patch \
     file://crosscompile_perl_bindings.patch \
-    file://apparmor.rc \
-    file://functions \
-    file://apparmor \
-    file://apparmor.service \
     file://0001-Makefile.am-suppress-perllocal.pod.patch \
-    file://run-ptest \
     file://0001-Revert-profiles-Update-make-check-to-select-tools-ba.patch \
+    file://0001-Makefile-fix-hardcoded-installation-directories.patch \
+    file://0001-rc.apparmor.debian-add-missing-functions.patch \
     "
 
 SRCREV = "b0f08aa9d678197b8e3477c2fbff790f50a1de5e"
@@ -79,8 +77,6 @@ do_compile () {
 }
 
 do_install () {
-    install -d ${D}/${INIT_D_DIR}
-    install -d ${D}/lib/apparmor
     oe_runmake -C ${B}/libraries/libapparmor DESTDIR="${D}" install
     oe_runmake -C ${B}/binutils DESTDIR="${D}" install
     oe_runmake -C ${B}/utils DESTDIR="${D}" install
@@ -96,16 +92,16 @@ do_install () {
     fi
 
     if ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'true', 'false', d)}; then
-        install -d ${D}/lib/security
         oe_runmake -C ${B}/changehat/pam_apparmor DESTDIR="${D}" install
     fi
 
-    install -m 755 ${WORKDIR}/apparmor ${D}/${INIT_D_DIR}/apparmor
-    install -m 755 ${WORKDIR}/functions ${D}/lib/apparmor
+    if ${@bb.utils.contains('DISTRO_FEATURES','sysvinit','true','false',d)}; then
+        install -d ${D}${sysconfdir}/init.d
+        install -m 755 ${B}/parser/rc.apparmor.debian ${D}${sysconfdir}/init.d/apparmor
+    fi
 
     if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
-        install -d ${D}${systemd_system_unitdir}
-        install -m 0644 ${WORKDIR}/apparmor.service ${D}${systemd_system_unitdir}
+        oe_runmake -C ${B}/parser DESTDIR="${D}" install-systemd
     fi
 }
 
@@ -152,15 +148,6 @@ do_install_ptest_arm() {
   :
 }
 
-pkg_postinst_ontarget_${PN} () {
-if [ ! -d /etc/apparmor.d/cache ] ; then
-    mkdir /etc/apparmor.d/cache
-fi
-}
-
-# We need the init script so don't rm it
-RMINITDIR_class-target_remove = " rm_sysvinit_initddir"
-
 INITSCRIPT_PACKAGES = "${PN}"
 INITSCRIPT_NAME = "apparmor"
 INITSCRIPT_PARAMS = "start 16 2 3 4 5 . stop 35 0 1 6 ."
@@ -171,9 +158,9 @@ SYSTEMD_AUTO_ENABLE ?= "enable"
 
 PACKAGES += "mod-${PN}"
 
-FILES_${PN} += "/lib/apparmor/ /lib/security/ ${sysconfdir}/apparmor ${nonarch_libdir}/${PYTHON_DIR}/site-packages"
+FILES_${PN} += "${nonarch_base_libdir}/apparmor/ ${base_libdir}/security/ ${sysconfdir}/apparmor ${nonarch_libdir}/${PYTHON_DIR}/site-packages"
 FILES_mod-${PN} = "${libdir}/apache2/modules/*"
-FILES_${PN}-dbg += "/lib/security/"
+FILES_${PN}-dbg += "${base_libdir}/security/.debug"
 
 DEPENDS_append_libc-musl = " fts "
 RDEPENDS_${PN}_libc-musl +=  "musl-utils"
diff --git a/recipes-mac/AppArmor/files/0001-Makefile-fix-hardcoded-installation-directories.patch b/recipes-mac/AppArmor/files/0001-Makefile-fix-hardcoded-installation-directories.patch
new file mode 100644
index 0000000..f10acb1
--- /dev/null
+++ b/recipes-mac/AppArmor/files/0001-Makefile-fix-hardcoded-installation-directories.patch
@@ -0,0 +1,51 @@
+From 363114dcd72abf1c0dcd637c66037227b8be229b Mon Sep 17 00:00:00 2001
+From: Yi Zhao <yi.zhao@...>
+Date: Mon, 21 Jun 2021 14:18:30 +0800
+Subject: [PATCH 1/2] Makefile: fix hardcoded installation directories
+
+Update the installation directories to fix the do_install error for
+multilib and usrmerge.
+
+Upstream-Status: Inappropriate [configuration]
+
+Signed-off-by: Yi Zhao <yi.zhao@...>
+---
+ changehat/pam_apparmor/Makefile | 2 +-
+ parser/Makefile                 | 8 ++++----
+ 2 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/changehat/pam_apparmor/Makefile b/changehat/pam_apparmor/Makefile
+index f6ece2d1..0143ae9f 100644
+--- a/changehat/pam_apparmor/Makefile
++++ b/changehat/pam_apparmor/Makefile
+@@ -77,7 +77,7 @@ $(NAME).so: ${OBJECTS}
+ 
+ # need some better way of determining this
+ DESTDIR=/
+-SECDIR ?= ${DESTDIR}/lib/security
++SECDIR ?= ${DESTDIR}/${base_libdir}/security
+ 
+ .PHONY: install
+ install: $(NAME).so
+diff --git a/parser/Makefile b/parser/Makefile
+index 8250ac45..cf18bc11 100644
+--- a/parser/Makefile
++++ b/parser/Makefile
+@@ -23,10 +23,10 @@ COMMONDIR=../common/
+ include $(COMMONDIR)/Make.rules
+ 
+ DESTDIR=/
+-APPARMOR_BIN_PREFIX=${DESTDIR}/lib/apparmor
+-SBINDIR=${DESTDIR}/sbin
+-USR_SBINDIR=${DESTDIR}/usr/sbin
+-SYSTEMD_UNIT_DIR=${DESTDIR}/usr/lib/systemd/system
++APPARMOR_BIN_PREFIX=${DESTDIR}/${nonarch_base_libdir}/apparmor
++SBINDIR=${DESTDIR}/${base_sbindir}
++USR_SBINDIR=${DESTDIR}/${sbindir}
++SYSTEMD_UNIT_DIR=${DESTDIR}/${systemd_system_unitdir}
+ CONFDIR=/etc/apparmor
+ INSTALL_CONFDIR=${DESTDIR}${CONFDIR}
+ LOCALEDIR=/usr/share/locale
+-- 
+2.17.1
+
diff --git a/recipes-mac/AppArmor/files/0001-rc.apparmor.debian-add-missing-functions.patch b/recipes-mac/AppArmor/files/0001-rc.apparmor.debian-add-missing-functions.patch
new file mode 100644
index 0000000..53bdde8
--- /dev/null
+++ b/recipes-mac/AppArmor/files/0001-rc.apparmor.debian-add-missing-functions.patch
@@ -0,0 +1,57 @@
+From a737c95ac0f887c365fe8f16583ea95da79de1e9 Mon Sep 17 00:00:00 2001
+From: Yi Zhao <yi.zhao@...>
+Date: Mon, 21 Jun 2021 16:53:39 +0800
+Subject: [PATCH] rc.apparmor.debian: add missing functions
+
+Add missing functions:
+  aa_log_action_start
+  aa_log_action_end
+  aa_log_daemon_msg
+  aa_log_end_msg
+
+Fixes:
+$ /etc/init.d/apparmor start
+/lib/apparmor/rc.apparmor.functions: line 294: aa_log_daemon_msg: command not found
+/lib/apparmor/rc.apparmor.functions: line 214: aa_log_action_start: command not found
+
+Upstream-Status: Pending
+
+Signed-off-by: Yi Zhao <yi.zhao@...>
+---
+ parser/rc.apparmor.debian | 20 ++++++++++++++++++++
+ 1 file changed, 20 insertions(+)
+
+diff --git a/parser/rc.apparmor.debian b/parser/rc.apparmor.debian
+index 8efd4400..f35124e8 100644
+--- a/parser/rc.apparmor.debian
++++ b/parser/rc.apparmor.debian
+@@ -70,6 +70,26 @@ aa_log_skipped_msg() {
+         echo ": Skipped."
+ }
+ 
++aa_log_action_start()
++{
++    echo "$@"
++}
++
++aa_log_action_end()
++{
++    printf ""
++}
++
++aa_log_daemon_msg()
++{
++    echo "$@"
++}
++
++aa_log_end_msg()
++{
++    printf ""
++}
++
+ usage() {
+     echo "Usage: $0 {start|stop|restart|try-restart|reload|force-reload|status|kill}"
+ }
+-- 
+2.17.1
+
diff --git a/recipes-mac/AppArmor/files/apparmor b/recipes-mac/AppArmor/files/apparmor
deleted file mode 100644
index 604e48d..0000000
--- a/recipes-mac/AppArmor/files/apparmor
+++ /dev/null
@@ -1,226 +0,0 @@
-#!/bin/sh
-# ----------------------------------------------------------------------
-#    Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007
-#     NOVELL (All rights reserved)
-#    Copyright (c) 2008, 2009 Canonical, Ltd.
-#
-#    This program is free software; you can redistribute it and/or
-#    modify it under the terms of version 2 of the GNU General Public
-#    License published by the Free Software Foundation.
-#
-#    This program is distributed in the hope that it will be useful,
-#    but WITHOUT ANY WARRANTY; without even the implied warranty of
-#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#    GNU General Public License for more details.
-#
-#    You should have received a copy of the GNU General Public License
-#    along with this program; if not, contact Novell, Inc.
-# ----------------------------------------------------------------------
-# Authors:
-#  Steve Beattie <steve.beattie@...>
-#  Kees Cook <kees@...>
-#
-# /etc/init.d/apparmor
-#
-### BEGIN INIT INFO
-# Provides: apparmor
-# Required-Start: $local_fs
-# Required-Stop: umountfs
-# Default-Start: S
-# Default-Stop:
-# Short-Description: AppArmor initialization
-# Description: AppArmor init script. This script loads all AppArmor profiles.
-### END INIT INFO
-
-log_daemon_msg() {
-    echo $*
-}
-
-log_end_msg () {
-    retval=$1
-    if [ $retval -eq 0 ]; then
-        echo "."
-    else
-        echo " failed!"
-    fi
-    return $retval
-}
-
-. /lib/apparmor/functions
-
-usage() {
-    echo "Usage: $0 {start|stop|restart|reload|force-reload|status|recache}"
-}
-
-test -x ${PARSER} || exit 0 # by debian policy
-# LSM is built-in, so it is either there or not enabled for this boot
-test -d /sys/module/apparmor || exit 0
-
-securityfs() {
-	# Need securityfs for any mode
-	if [ ! -d "${AA_SFS}" ]; then
-		if cut -d" " -f2,3 /proc/mounts | grep -q "^${SECURITYFS} securityfs"'$' ; then
-			log_daemon_msg "AppArmor not available as kernel LSM."
-			log_end_msg 1
-			exit 1
-		else
-			log_daemon_msg "Mounting securityfs on ${SECURITYFS}"
-			if ! mount -t securityfs none "${SECURITYFS}"; then
-				log_end_msg 1
-				exit 1
-			fi
-		fi
-	fi
-	if [ ! -w "$AA_SFS"/.load ]; then
-		log_daemon_msg "Insufficient privileges to change profiles."
-		log_end_msg 1
-		exit 1
-	fi
-}
-
-handle_system_policy_package_updates() {
-	apparmor_was_updated=0
-
-	if ! compare_previous_version ; then
-		# On snappy flavors, if the current and previous versions are
-		# different then clear the system cache. snappy will handle
-		# "$PROFILES_CACHE_VAR" itself (on Touch flavors
-		# compare_previous_version always returns '0' since snappy
-		# isn't available).
-		clear_cache_system
-		apparmor_was_updated=1
-	elif ! compare_and_save_debsums apparmor ; then
-		# If the system policy has been updated since the last time we
-		# ran, clear the cache to prevent potentially stale binary
-		# cache files after an Ubuntu image based upgrade (LP:
-		# #1350673). This can be removed once all system image flavors
-		# move to snappy (on snappy systems compare_and_save_debsums
-		# always returns '0' since /var/lib/dpkg doesn't exist).
-		clear_cache
-		apparmor_was_updated=1
-	fi
-
-	if [ -x /usr/bin/aa-clickhook ] || [ -x /usr/bin/aa-profile-hook ] ; then
-		# If packages for system policy that affect click packages have
-		# been updated since the last time we ran, run aa-clickhook -f
-                force_clickhook=0
-                force_profile_hook=0
-                if ! compare_and_save_debsums apparmor-easyprof-ubuntu ; then
-                        force_clickhook=1
-                fi
-                if ! compare_and_save_debsums apparmor-easyprof-ubuntu-snappy ; then
-                        force_clickhook=1
-                fi
-                if ! compare_and_save_debsums click-apparmor ; then
-                        force_clickhook=1
-                        force_profile_hook=1
-                fi
-                if [ -x /usr/bin/aa-clickhook ] && ([ $force_clickhook -eq 1 ] || [ $apparmor_was_updated -eq 1 ]) ; then
-                        aa-clickhook -f
-                fi
-                if [ -x /usr/bin/aa-profile-hook ] && ([ $force_profile_hook -eq 1 ] || [ $apparmor_was_updated -eq 1 ]) ; then
-                        aa-profile-hook -f
-                fi
-	fi
-}
-
-# Allow "recache" even when running on the liveCD
-if [ "$1" = "recache" ]; then
-	log_daemon_msg "Recaching AppArmor profiles"
-	recache_profiles
-	rc=$?
-	log_end_msg "$rc"
-	exit $rc
-fi
-
-# do not perform start/stop/reload actions when running from liveCD
-test -d /rofs/etc/apparmor.d && exit 0
-
-rc=255
-case "$1" in
-	start)
-		if test -x /sbin/systemd-detect-virt && \
-		   systemd-detect-virt --quiet --container && \
-		   ! is_container_with_internal_policy; then
-			log_daemon_msg "Not starting AppArmor in container"
-			log_end_msg 0
-			exit 0
-		fi
-		log_daemon_msg "Starting AppArmor profiles"
-		securityfs
-		# That is only useful for click, snappy and system images,
-		# i.e. not in Debian. And it reads and writes to /var, that
-		# can be remote-mounted, so it would prevent us from using
-		# Before=sysinit.target without possibly introducing dependency
-		# loops.
-		handle_system_policy_package_updates
-		load_configured_profiles
-		rc=$?
-		log_end_msg "$rc"
-		;;
-	stop)
-		log_daemon_msg "Clearing AppArmor profiles cache"
-		clear_cache
-		rc=$?
-		log_end_msg "$rc"
-		cat >&2 <<EOM
-All profile caches have been cleared, but no profiles have been unloaded.
-Unloading profiles will leave already running processes permanently
-unconfined, which can lead to unexpected situations.
-
-To set a process to complain mode, use the command line tool
-'aa-complain'. To really tear down all profiles, run the init script
-with the 'teardown' option."
-EOM
-		;;
-	teardown)
-		if test -x /sbin/systemd-detect-virt && \
-		   systemd-detect-virt --quiet --container && \
-		   ! is_container_with_internal_policy; then
-			log_daemon_msg "Not tearing down AppArmor in container"
-			log_end_msg 0
-			exit 0
-		fi
-		log_daemon_msg "Unloading AppArmor profiles"
-		securityfs
-		running_profile_names | while read profile; do
-			if ! unload_profile "$profile" ; then
-				log_end_msg 1
-				exit 1
-			fi
-		done
-		rc=0
-		log_end_msg $rc
-		;;
-	restart|reload|force-reload)
-		if test -x /sbin/systemd-detect-virt && \
-		   systemd-detect-virt --quiet --container && \
-		   ! is_container_with_internal_policy; then
-			log_daemon_msg "Not reloading AppArmor in container"
-			log_end_msg 0
-			exit 0
-		fi
-		log_daemon_msg "Reloading AppArmor profiles"
-		securityfs
-		clear_cache
-		load_configured_profiles
-		rc=$?
-		unload_obsolete_profiles
-
-		log_end_msg "$rc"
-		;;
-	status)
-		securityfs
-		if [ -x /usr/sbin/aa-status ]; then
-			aa-status --verbose
-		else
-			cat "$AA_SFS"/profiles
-		fi
-		rc=$?
-		;;
-	*)
-		usage
-		rc=1
-		;;
-	esac
-exit $rc
diff --git a/recipes-mac/AppArmor/files/apparmor.rc b/recipes-mac/AppArmor/files/apparmor.rc
deleted file mode 100644
index 1507d7b..0000000
--- a/recipes-mac/AppArmor/files/apparmor.rc
+++ /dev/null
@@ -1,98 +0,0 @@
-description "Pre-cache and pre-load apparmor profiles"
-author "Dimitri John Ledkov <xnox@...> and Jamie Strandboge <jamie@...>"
-
-task
-
-start on starting rc-sysinit
-
-script
-    [ -d /rofs/etc/apparmor.d ]  && exit 0 # do not load on liveCD
-    [ -d /sys/module/apparmor ]  || exit 0 # do not load without AppArmor
-    [ -x /sbin/apparmor_parser ] || exit 0 # do not load without parser
-
-    . /lib/apparmor/functions
-
-    systemd-detect-virt --quiet --container && ! is_container_with_internal_policy && exit 0 || true
-
-    # Need securityfs for any mode
-    if [ ! -d /sys/kernel/security/apparmor ]; then
-        if cut -d" " -f2,3 /proc/mounts | grep -q "^/sys/kernel/security securityfs"'$' ; then
-            exit 0
-        else
-            mount -t securityfs none /sys/kernel/security || exit 0
-        fi
-    fi
-
-    [ -w /sys/kernel/security/apparmor/.load ] || exit 0
-
-    apparmor_was_updated=0
-    if ! compare_previous_version ; then
-        # On snappy flavors, if the current and previous versions are
-        # different then clear the system cache. snappy will handle
-        # "$PROFILES_CACHE_VAR" itself  (on Touch flavors
-        # compare_previous_version  always returns '0' since snappy
-        # isn't available).
-        clear_cache_system
-        apparmor_was_updated=1
-    elif ! compare_and_save_debsums apparmor ; then
-        # If the system policy has been updated since the last time we
-        # ran, clear the cache to prevent potentially stale binary
-        # cache files after an Ubuntu image based upgrade (LP:
-        # #1350673). This can be removed once all system image flavors
-        # move to snappy (on snappy systems compare_and_save_debsums
-        # always returns '0' since /var/lib/dpkg doesn't exist).
-        clear_cache
-        apparmor_was_updated=1
-    fi
-
-    if [ -x /usr/bin/aa-clickhook ] || [ -x /usr/bin/aa-profile-hook ] ; then
-        # If packages for system policy that affect click packages have
-        # been updated since the last time we ran, run aa-clickhook -f
-        force_clickhook=0
-        force_profile_hook=0
-        if ! compare_and_save_debsums apparmor-easyprof-ubuntu ; then
-            force_clickhook=1
-        fi
-        if ! compare_and_save_debsums apparmor-easyprof-ubuntu-snappy ; then
-            force_clickhook=1
-        fi
-        if ! compare_and_save_debsums click-apparmor ; then
-            force_clickhook=1
-            force_profile_hook=1
-        fi
-        if [ -x /usr/bin/aa-clickhook ] && ([ $force_clickhook -eq 1 ] || [ $apparmor_was_updated -eq 1 ]) ; then
-            aa-clickhook -f
-        fi
-        if [ -x /usr/bin/aa-profile-hook ] && ([ $force_profile_hook -eq 1 ] || [ $apparmor_was_updated -eq 1 ]) ; then
-            aa-profile-hook -f
-        fi
-    fi
-
-    if [ "$ACTION" = "teardown" ]; then
-        running_profile_names | while read profile; do
-            unload_profile "$profile"
-        done
-        exit 0
-    fi
-
-    if [ "$ACTION" = "clear" ]; then
-        clear_cache
-        exit 0
-    fi
-
-    if [ "$ACTION" = "reload" ] || [ "$ACTION" = "force-reload" ]; then
-        clear_cache
-        load_configured_profiles
-	unload_obsolete_profiles
-        exit 0
-    fi
-
-    # Note: if apparmor-easyprof-ubuntu md5sums didn't match up above,
-    # aa-clickhook will have already compiled the policy, generated the cache
-    # files and loaded them into the kernel by this point, so reloading click
-    # policy from cache, while fairly fast (<2 seconds for 250 profiles on
-    # armhf), is redundant. Fixing this would complicate the logic quite a bit
-    # and it wouldn't improve the (by far) common case (ie, when
-    # 'aa-clickhook -f' is not run).
-    load_configured_profiles
-end script
diff --git a/recipes-mac/AppArmor/files/apparmor.service b/recipes-mac/AppArmor/files/apparmor.service
deleted file mode 100644
index e66afe4..0000000
--- a/recipes-mac/AppArmor/files/apparmor.service
+++ /dev/null
@@ -1,22 +0,0 @@
-[Unit]
-Description=AppArmor initialization
-After=local-fs.target
-Before=sysinit.target
-AssertPathIsReadWrite=/sys/kernel/security/apparmor/.load
-ConditionSecurity=apparmor
-DefaultDependencies=no
-Documentation=man:apparmor(7)
-Documentation=http://wiki.apparmor.net/
-
-# Don't start this unit on the Ubuntu Live CD
-ConditionPathExists=!/rofs/etc/apparmor.d
-
-[Service]
-Type=oneshot
-RemainAfterExit=yes
-ExecStart=/etc/init.d/apparmor start
-ExecStop=/etc/init.d/apparmor stop
-ExecReload=/etc/init.d/apparmor reload
-
-[Install]
-WantedBy=sysinit.target
diff --git a/recipes-mac/AppArmor/files/functions b/recipes-mac/AppArmor/files/functions
deleted file mode 100644
index e9e2bbf..0000000
--- a/recipes-mac/AppArmor/files/functions
+++ /dev/null
@@ -1,271 +0,0 @@
-# /lib/apparmor/functions for Debian -*- shell-script -*-
-# ----------------------------------------------------------------------
-#    Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007
-#     NOVELL (All rights reserved)
-#    Copyright (c) 2008-2010 Canonical, Ltd.
-#
-#    This program is free software; you can redistribute it and/or
-#    modify it under the terms of version 2 of the GNU General Public
-#    License published by the Free Software Foundation.
-#
-#    This program is distributed in the hope that it will be useful,
-#    but WITHOUT ANY WARRANTY; without even the implied warranty of
-#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#    GNU General Public License for more details.
-#
-#    You should have received a copy of the GNU General Public License
-#    along with this program; if not, contact Novell, Inc.
-# ----------------------------------------------------------------------
-# Authors:
-#  Kees Cook <kees@...>
-
-PROFILES="/etc/apparmor.d"
-PROFILES_CACHE="$PROFILES/cache"
-PROFILES_VAR="/var/lib/apparmor/profiles"
-PROFILES_SNAPPY="/var/lib/snapd/apparmor/profiles"
-PROFILES_CACHE_VAR="/var/cache/apparmor"
-PARSER="/sbin/apparmor_parser"
-SECURITYFS="/sys/kernel/security"
-export AA_SFS="$SECURITYFS/apparmor"
-
-# Suppress warnings when booting in quiet mode
-quiet_arg=""
-[ "${QUIET:-no}" = yes ] && quiet_arg="-q"
-[ "${quiet:-n}" = y ] && quiet_arg="-q"
-
-foreach_configured_profile() {
-	rc_all="0"
-	for pdir in "$PROFILES" "$PROFILES_VAR" "$PROFILES_SNAPPY" ; do
-		if [ ! -d "$pdir" ]; then
-			continue
-		fi
-		num=`find "$pdir" -type f ! -name '*.md5sums' | wc -l`
-		if [ "$num" = "0" ]; then
-			continue
-		fi
-
-		cache_dir="$PROFILES_CACHE"
-		if [ -d "$PROFILES_CACHE_VAR" ] && [ "$pdir" = "$PROFILES_VAR" ] || [ "$pdir" = "$PROFILES_SNAPPY" ]; then
-			cache_dir="$PROFILES_CACHE_VAR"
-		fi
-		cache_args="--cache-loc=$cache_dir"
-		if [ ! -d "$cache_dir" ]; then
-			cache_args=
-		fi
-
-		# LP: #1383858 - expr tree simplification is too slow for
-		# Touch policy on ARM, so disable it for now
-		cache_extra_args=
-		if [ -d "$PROFILES_CACHE_VAR" ] && [ "$pdir" = "$PROFILES_VAR" ] || [ "$pdir" = "$PROFILES_SNAPPY" ]; then
-			cache_extra_args="-O no-expr-simplify"
-		fi
-
-		# If need to compile everything, then use -n1 with xargs to
-		# take advantage of -P. When cache files are in use, omit -n1
-		# since it is considerably faster on moderately sized profile
-		# sets to give the parser all the profiles to load at once
-		n1_args=
-		num=`find "$cache_dir" -type f ! -name '.features' | wc -l`
-		if [ "$num" = "0" ]; then
-			n1_args="-n1"
-		fi
-
-		(ls -1 "$pdir" | egrep -v '(\.dpkg-(new|old|dist|bak)|~)$' | \
-		while read profile; do
-			if [ -f "$pdir"/"$profile" ]; then
-				echo "$pdir"/"$profile"
-			fi
-		done) | \
-		xargs $n1_args -d"\n" -P$(getconf _NPROCESSORS_ONLN) "$PARSER" "$@" $cache_args $cache_extra_args -- || {
-			rc_all="$?"
-			# FIXME: when the parser properly handles broken
-			# profiles (LP: #1377338), remove this if statement.
-			# For now, if the xargs returns with error, just run
-			# through everything with -n1. (This could be broken
-			# out and refactored, but this is temporary so make it
-			# easy to understand and revert)
-			if [ "$rc_all" != "0" ]; then
-				(ls -1 "$pdir" | \
-				egrep -v '(\.dpkg-(new|old|dist|bak)|~)$' | \
-				while read profile; do
-					if [ -f "$pdir"/"$profile" ]; then
-						echo "$pdir"/"$profile"
-					fi
-				done) | \
-				xargs -n1 -d"\n" -P$(getconf _NPROCESSORS_ONLN) "$PARSER" "$@" $cache_args $cache_extra_args -- || {
-					rc_all="$?"
-				}
-			fi
-		}
-	done
-	return $rc_all
-}
-
-load_configured_profiles() {
-	clear_cache_if_outdated
-	foreach_configured_profile $quiet_arg --write-cache --replace
-}
-
-load_configured_profiles_without_caching() {
-	foreach_configured_profile $quiet_arg --replace
-}
-
-recache_profiles() {
-	clear_cache
-	foreach_configured_profile $quiet_arg --write-cache --skip-kernel-load
-}
-
-configured_profile_names() {
-	foreach_configured_profile $quiet_arg -N 2>/dev/null | LC_COLLATE=C sort | grep -v '//'
-}
-
-running_profile_names() {
-	# Output a sorted list of loaded profiles, skipping libvirt's
-	# dynamically generated files
-	cat "$AA_SFS"/profiles | sed -e "s/ (\(enforce\|complain\))$//" | egrep -v '^libvirt-[0-9a-f\-]+$' | LC_COLLATE=C sort | grep -v '//'
-}
-
-unload_profile() {
-	echo -n "$1" > "$AA_SFS"/.remove
-}
-
-clear_cache() {
-	clear_cache_system
-	clear_cache_var
-}
-
-clear_cache_system() {
-	find "$PROFILES_CACHE" -maxdepth 1 -type f -print0 | xargs -0 rm -f --
-}
-
-clear_cache_var() {
-	find "$PROFILES_CACHE_VAR" -maxdepth 1 -type f -print0 | xargs -0 rm -f --
-}
-
-read_features_dir()
-{
-	for f in `ls -A "$1"` ; do
-		if [ -f "$1/$f" ] ; then
-			read -r KF < "$1/$f" || true
-			echo -n "$f {$KF } "
-		elif [ -d "$1/$f" ] ; then
-			echo -n "$f {"
-			KF=`read_features_dir "$1/$f"` || true
-			echo -n "$KF} "
-		fi
-	done
-}
-
-clear_cache_if_outdated() {
-	if [ -r "$PROFILES_CACHE"/.features ]; then
-		if [ -d "$AA_SFS"/features ]; then
-			KERN_FEATURES=`read_features_dir "$AA_SFS"/features`
-		else
-			read -r KERN_FEATURES < "$AA_SFS"/features
-		fi
-		CACHE_FEATURES=`tr '\n' ' ' < "$PROFILES_CACHE"/.features`
-		if [ "$KERN_FEATURES" != "$CACHE_FEATURES" ]; then
-			clear_cache
-		fi
-	fi
-}
-
-unload_obsolete_profiles() {
-	# Currently we must re-parse all the profiles to get policy names.  :(
-	aa_configured=$(mktemp -t aa-XXXXXX)
-	configured_profile_names > "$aa_configured" || true
-	aa_loaded=$(mktemp -t aa-XXXXXX)
-	running_profile_names > "$aa_loaded" || true
-	LC_COLLATE=C comm -2 -3 "$aa_loaded" "$aa_configured" | while read profile ; do
-		unload_profile "$profile"
-        done
-	rm -f "$aa_configured" "$aa_loaded"
-}
-
-# If the system debsum differs from the saved debsum, the new system debsum is
-# saved and non-zero is returned. Returns 0 if the two debsums matched or if
-# the system debsum file does not exist. This can be removed when system image
-# flavors all move to snappy.
-compare_and_save_debsums() {
-	pkg="$1"
-
-	if [ -n $pkg ] && [ -d "$PROFILES_VAR" ]; then
-		sums="/var/lib/dpkg/info/${pkg}.md5sums"
-		# store saved md5sums in /var/lib/apparmor/profiles since
-		# /var/cache/apparmor might be cleared by apparmor
-		saved_sums="${PROFILES_VAR}/.${pkg}.md5sums"
-
-		if [ -f "$sums" ] && \
-		   ! diff -q "$sums" "$saved_sums" 2>&1 >/dev/null ; then
-			cp -f "$sums" "$saved_sums"
-			return 1
-		fi
-	fi
-
-	return 0
-}
-
-compare_previous_version() {
-	installed="/usr/share/snappy/security-policy-version"
-	previous="/var/lib/snappy/security-policy-version"
-
-	# When just $previous doesn't exist, assume this is a new system with
-	# no cache and don't do anything special.
-	if [ -f "$installed" ] && [ -f "$previous" ]; then
-		pv=`grep '^apparmor/' "$previous" | cut -d ' ' -f 2`
-		iv=`grep '^apparmor/' "$installed" | cut -d ' ' -f 2`
-		if [ -n "$iv" ] && [ -n "$pv" ] && [ "$iv" != "$pv" ]; then
-			# snappy updates $previous elsewhere, so just return
-			return 1
-		fi
-	fi
-
-	return 0
-}
-
-# Checks to see if the current container is capable of having internal AppArmor
-# profiles that should be loaded. Callers of this function should have already
-# verified that they're running inside of a container environment with
-# something like `systemd-detect-virt --container`.
-#
-# The only known container environments capable of supporting internal policy
-# are LXD and LXC environment.
-#
-# Returns 0 if the container environment is capable of having its own internal
-# policy and non-zero otherwise.
-#
-# IMPORTANT: This function will return 0 in the case of a non-LXD/non-LXC
-# system container technology being nested inside of a LXD/LXC container that
-# utilized an AppArmor namespace and profile stacking. The reason 0 will be
-# returned is because .ns_stacked will be "yes" and .ns_name will still match
-# "lx[dc]-*" since the nested system container technology will not have set up
-# a new AppArmor profile namespace. This will result in the nested system
-# container's boot process to experience failed policy loads but the boot
-# process should continue without any loss of functionality. This is an
-# unsupported configuration that cannot be properly handled by this function.
-is_container_with_internal_policy() {
-	local ns_stacked_path="${AA_SFS}/.ns_stacked"
-	local ns_name_path="${AA_SFS}/.ns_name"
-	local ns_stacked
-	local ns_name
-
-	if ! [ -f "$ns_stacked_path" ] || ! [ -f "$ns_name_path" ]; then
-		return 1
-	fi
-
-	read -r ns_stacked < "$ns_stacked_path"
-	if [ "$ns_stacked" != "yes" ]; then
-		return 1
-	fi
-
-	# LXD and LXC set up AppArmor namespaces starting with "lxd-" and
-	# "lxc-", respectively. Return non-zero for all other namespace
-	# identifiers.
-	read -r ns_name < "$ns_name_path"
-	if [ "${ns_name#lxd-*}" = "$ns_name" ] && \
-	   [ "${ns_name#lxc-*}" = "$ns_name" ]; then
-		return 1
-	fi
-
-	return 0
-}

Re: QEMU Size Increase from Yocto Thud to Zeus

Aashik Aswin
 

Hello Ross,

Thanks ! I was able to reduce the size of the image by modifying the QEMU_TARGETS variable.. but on enabling buildhistory and checking under installed-image-sizes.txt , the individual package size of the qemu remains the same. Is this correct? If not is there any other optimization that can be done?

Thanks in advance

Aashik

On Mon, Jun 14, 2021 at 4:23 PM Zoran Stojsavljevic <zoran.stojsavljevic@...> wrote:
> Yes, look at the PACKAGECONFIGs and setting QEMU_TARGETS.

Does it mean that with the local.conf line:

# enable,disable,depends,rdepends
#
PACKAGECONFIG[qemu] = "--with-qemu,--without-qemu,qemu,"

The QEMU is completely removed (this is all that needs to be done, or...)?

Thank you,
Zee
_______

On Mon, Jun 14, 2021 at 12:14 PM Ross Burton <ross@...> wrote:
>
> Yes, look at the PACKAGECONFIGs and setting QEMU_TARGETS.
>
> Ross
>
> On Mon, 14 Jun 2021 at 09:04, Aashik Aswin <thisisaash9698@...> wrote:
> >
> > Thanks for the clarification, yes I am installing QEMU in my image. Is there some way that we can disable the additional architectures and streamline the size ?
> >
> > Thanks
> >
> > On Fri, Jun 11, 2021 at 8:48 PM Ross Burton <ross@...> wrote:
> >>
> >> Are you installing qemu into your image though?
> >>
> >> Qemu did get larger as it is built with more architectures enabled,
> >> but unless you're installing it in your image it won't make a
> >> difference.
> >>
> >> Ross
> >>
> >> On Fri, 11 Jun 2021 at 11:40, Aashik Aswin <thisisaash9698@...> wrote:
> >> >
> >> > Hi Experts,
> >> >
> >> > I am upgrading my Linux from Yocto Thud to Zeus (5.4 Kernel) . After building I could see a significant increase in the size of the image.
> >> > On checking with buildhistory enabled, I could see that qemu has nearly doubled in size.
> >> >
> >> > Thud (4.19) - 223084  KiB     qemu
> >> > Zeus (5.4) - 474757  KiB     qemu
> >> >
> >> > Is this size increase expected or are there some additional configs that might have been added as a part of the upgrade ?
> >> >
> >> > Appreciate your help.
> >> >
> >> > TIA,
> >> > Aashik
> >> >
> >> >
> >> >
>
>
>
Re: meta-parsec build failure

Khem Raj
 

On Mon, Jul 5, 2021 at 4:50 PM akuster808 <akuster808@...> wrote:



On 7/5/21 4:15 PM, Khem Raj wrote:
yeah perhaps try using -DMBEDTLS_FATAL_WARNINGS=OFF
I would love to try that out, Where would I apply that?
mbedtls is a dependent create to a dependent create to parsec-service
recipe. The Rust paradigm in OE does make my head hurt.
yeah perhaps you need to fork this repo and let main package know via
editing the toml file perhaps.


-armin

On Mon, Jul 5, 2021 at 1:57 PM Armin Kuster <akuster808@...> wrote:
The parsec-service in meta-parsec has been failing ever since gcc 11 was
merged into core.

https://errors.yoctoproject.org/Errors/Build/123537/

I have already opened an issue with upstream:
https://github.com/parallaxsecond/rust-psa-crypto/issues/85

If anyone is interested in this package, I could use an extra set of
eye's on progress of this build failure.

regards,
Armin
Re: meta-parsec build failure

Armin Kuster
 

On 7/5/21 4:15 PM, Khem Raj wrote:
yeah perhaps try using -DMBEDTLS_FATAL_WARNINGS=OFF
I would love to try that out, Where would I apply that?
 mbedtls is a dependent create to a dependent create to parsec-service
recipe.  The Rust paradigm in OE  does make my head hurt.

-armin

On Mon, Jul 5, 2021 at 1:57 PM Armin Kuster <akuster808@...> wrote:
The parsec-service in meta-parsec has been failing ever since gcc 11 was
merged into core.

https://errors.yoctoproject.org/Errors/Build/123537/

I have already opened an issue with upstream:
https://github.com/parallaxsecond/rust-psa-crypto/issues/85

If anyone is interested in this package, I could use an extra set of
eye's on progress of this build failure.

regards,
Armin
Re: meta-parsec build failure

Khem Raj
 

yeah perhaps try using -DMBEDTLS_FATAL_WARNINGS=OFF

On Mon, Jul 5, 2021 at 1:57 PM Armin Kuster <akuster808@...> wrote:

The parsec-service in meta-parsec has been failing ever since gcc 11 was
merged into core.

https://errors.yoctoproject.org/Errors/Build/123537/

I have already opened an issue with upstream:
https://github.com/parallaxsecond/rust-psa-crypto/issues/85

If anyone is interested in this package, I could use an extra set of
eye's on progress of this build failure.

regards,
Armin
meta-parsec build failure

Armin Kuster
 

The parsec-service in meta-parsec has been failing ever since gcc 11 was
merged into core.

https://errors.yoctoproject.org/Errors/Build/123537/

I have already opened an issue with upstream:
https://github.com/parallaxsecond/rust-psa-crypto/issues/85

If anyone is interested in this package, I could use an extra set of
eye's on progress of this build failure.

regards,
Armin
[yocto-autobuilder-helper][dunfell] config.json: Switch to newer buildtools-extended-tarball

Steve Sakoman
 

From: Richard Purdie <richard.purdie@...>

This adds locale information which should fix reproducibility issues with vim.

Signed-off-by: Richard Purdie <richard.purdie@...>
(cherry picked from commit 345475b99a59ef78a8736e3832c85a07ac7923e2)
Signed-off-by: Steve Sakoman <steve@...>
---
config.json | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config.json b/config.json
index 3cff363..e22124d 100644
--- a/config.json
+++ b/config.json
@@ -10,7 +10,7 @@

"BUILDTOOLS_URL_TEMPLOCAL" : "/srv/autobuilder/autobuilder.yoctoproject.org/pub/non-release/20200309-15/buildtools/x86_64-buildtools-extended-nativesdk-standalone-3.0+snapshot-20200309.sh",
"BUILDTOOLS_URL_TEMPLOCAL2" : "http://downloads.yoctoproject.org/releases/yocto/milestones/yocto-3.1_M3/buildtools/x86_64-buildtools-extended-nativesdk-standalone-3.0+snapshot-20200315.sh",
- "BUILDTOOLS_URL" : "/srv/autobuilder/autobuilder.yoctoproject.org/pub/non-release/20200923-11/buildtools/x86_64-buildtools-extended-nativesdk-standalone-3.1.3.sh;4845f1e119dbd67e214959d5fd4e8fc79772ad38d385fdcc4702d5a6e6ece55c",
+ "BUILDTOOLS_URL" : "/srv/autobuilder/autobuilder.yoctoproject.org/pub/non-release/20210214-8/buildtools/x86_64-buildtools-extended-nativesdk-standalone-3.2+snapshot-7d38cc8e749aedb8435ee71847e04b353cca541d.sh",

"REPO_STASH_DIR" : "${BASE_HOMEDIR}/git/mirror",
"TRASH_DIR" : "${BASE_HOMEDIR}/git/trash",
--
2.25.1
How to handle build time dependencies on native python modules?

Sergey Bostandzhyan
 

Hi,

I ran into the following situation and I am wondering, what the "correct"
way of handling such a setup is?

We have an application that is embedding Python 3 in order to allow users to
modify app behavior; so unlike the most common scenario, it's not
a standalone python module or python bindings to a library, but a linux binary
that does stuff, but that also allows to execute python scripts from within by
linking vs libpython (i.e. python3-embed.pc setup). I am pointing this out
specifically, because from what I have seen this is the least used scenario.

We depend on cffi to generate Python bindings for the application
API, so the idea is that configure runs the cffi python script which will
spit out the sources, which then get compiled together with the application.

The sources generated by cffi are portable, so it would be OK to use the
native python interpreter to run the cffi build script.

I added python3-native and python3-cffi-native to DEPENDS and I can see that
the cffi module is present in:
${WORKDIR}/recipe-sysroot-native/usr/lib/python3.8/site-packages/


The issue is, that python3-native does not see the cffi module, because
PYTHONPATH does not reflect the recipe-sysroot-native directory. So when I
try to run my cffi build.py script it fails at "import cffi"

I "hacked" a solution by inheriting python3-dir and setting PYTHONPATH
in do_configure_prepend() and in do_compile_prepend():

export PYTHONPATH="${WORKDIR}/recipe-sysroot-native/${PYTHON_SITEPACKAGES_DIR}"

The above works, but feels like a hack.

I am wondering if there is a way of configuring this properly?

I asked on IRC and Russ Burton suggested to try inheriting python3native, but
as far as I can see it does not do anything to PYTHONPATH, actually it's
in turn inheriting python3-dir. Interestingly enough, if I inherit
python3native, but keep my "export" hack in place - it does not work anymore.
It does work if I only inherit python3-dir

Did anyone facec a similar problem and do you have any hints?

I'm on Dunfell btw (LTS).

Kind regards,
Jin
Re: Upgrading connman to a version over 1.37 fails to build.

Martin Jansa
 

1.40 is already in oe-core master you should be able to backport the recipe from there.

libnml dependency was already added with wireguard PACKAGECONFIG in 1.38 here:


On Mon, Jul 5, 2021 at 6:55 AM Moya, Ignacio via lists.yoctoproject.org <imoya=irobot.com@...> wrote:
Hi,

I'm trying to upgrade our connman recipe to 1.39 or 1.40 version, but when I try to build our image, it fails in "do_configure" because it can't find libmnl.
This is the exact output of my connman/1.40-r0/build/config.log

configure:14443: checking for libmnl >= 1.0.0
configure:14450: $PKG_CONFIG --exists --print-errors "libmnl >= 1.0.0"
Package libmnl was not found in the pkg-config search path.
Perhaps you should add the directory containing `libmnl.pc'
to the PKG_CONFIG_PATH environment variable
No package 'libmnl' found
configure:14453: $? = 1
configure:14467: $PKG_CONFIG --exists --print-errors "libmnl >= 1.0.0"
Package libmnl was not found in the pkg-config search path.
Perhaps you should add the directory containing `libmnl.pc'
to the PKG_CONFIG_PATH environment variable
No package 'libmnl' found
configure:14470: $? = 1
configure:14484: result: no
No package 'libmnl' found
configure:14500: error: libmnl >= 1.0.0 not found

My libmnl recipe is located inside poky ./poky/meta/recipes-extended/libmnl/libmnl_1.0.4.bb . This error only happens with connman 1.39 or 1.40.
I appreciate any help or suggestions off a better place to ask this questions since is connman related.

Thanks,
Ignacio.

This e-mail message and any files attached may contain information that iRobot Corporation considers confidential and/or proprietary or may later designate as confidential and proprietary. If you are not the intended recipient, please contact the sender and delete the email immediately. Unauthorized use or distribution is strictly prohibited.
Upgrading connman to a version over 1.37 fails to build.

Moya, Ignacio
 

Hi,

I'm trying to upgrade our connman recipe to 1.39 or 1.40 version, but when I try to build our image, it fails in "do_configure" because it can't find libmnl.
This is the exact output of my connman/1.40-r0/build/config.log

configure:14443: checking for libmnl >= 1.0.0
configure:14450: $PKG_CONFIG --exists --print-errors "libmnl >= 1.0.0"
Package libmnl was not found in the pkg-config search path.
Perhaps you should add the directory containing `libmnl.pc'
to the PKG_CONFIG_PATH environment variable
No package 'libmnl' found
configure:14453: $? = 1
configure:14467: $PKG_CONFIG --exists --print-errors "libmnl >= 1.0.0"
Package libmnl was not found in the pkg-config search path.
Perhaps you should add the directory containing `libmnl.pc'
to the PKG_CONFIG_PATH environment variable
No package 'libmnl' found
configure:14470: $? = 1
configure:14484: result: no
No package 'libmnl' found
configure:14500: error: libmnl >= 1.0.0 not found

My libmnl recipe is located inside poky ./poky/meta/recipes-extended/libmnl/libmnl_1.0.4.bb . This error only happens with connman 1.39 or 1.40.
I appreciate any help or suggestions off a better place to ask this questions since is connman related.

Thanks,
Ignacio.

This e-mail message and any files attached may contain information that iRobot Corporation considers confidential and/or proprietary or may later designate as confidential and proprietary. If you are not the intended recipient, please contact the sender and delete the email immediately. Unauthorized use or distribution is strictly prohibited.
#selinux #yocto #linux #bitbake: Yocto-hardknott build is success with lbpcre2(V10.36) but libpcre2.so files were never observed under /usr/lib/ when the image is flashed #selinux #yocto #linux

RK25 <rakesh1225@...>
 

We tried to upgrade the Yocto version from Dunfell to Hardknott.  After successful build using hardknott, we flashed the generated image to the device. But we don't see the libpcre2 package installed under /usr/lib/ folder.
 
Below are the missing so files after built and installed/flashed with hardknott :
 
/usr/lib/libpcre2-8.so.0  /usr/lib/libpcre2-posix.so.2  /usr/lib/libpcre2-8.so.0.9.0  /usr/lib/libpcre2-posix.so.2.0.3
 
 
No changes were done in Yocto recipe libpcre2_10.36.bb:
 
https://git.yoctoproject.org/cgit/cgit.cgi/poky/tree/meta/recipes-support/libpcre?h=hardknott
 
any inputs pl?
[PATCH V2][yocto-autobuilder-helper] summarize_top_output.py: add script, use it and publish summary

sakib.sajal@...
 

summarize_top_output.py is used to summarize the top
output that is captured during autobuilder intermittent
failures.

Use the script to summarize the host top output and
publish the summary that is created instead of
the raw logfile.

Signed-off-by: Sakib Sajal <sakib.sajal@...>
---
scripts/collect-results | 2 +-
scripts/generate-testresult-index.py | 2 +-
scripts/run-config | 1 +
scripts/summarize_top_output.py | 176 +++++++++++++++++++++++++++
4 files changed, 179 insertions(+), 2 deletions(-)
create mode 100755 scripts/summarize_top_output.py

diff --git a/scripts/collect-results b/scripts/collect-results
index 7474e36..7178380 100755
--- a/scripts/collect-results
+++ b/scripts/collect-results
@@ -19,7 +19,7 @@ if [ -e $WORKDIR/buildhistory ]; then
fi

HSFILE=$WORKDIR/tmp/buildstats/*/host_stats
-d=`date +%Y-%m-%d--%H-%M`
+d="intermittent_failure_host_data"

mkdir -p $DEST/$target/$d

diff --git a/scripts/generate-testresult-index.py b/scripts/generate-testresult-index.py
index 7fdc17c..d85d606 100755
--- a/scripts/generate-testresult-index.py
+++ b/scripts/generate-testresult-index.py
@@ -154,7 +154,7 @@ for build in sorted(os.listdir(path), key=keygen, reverse=True):
hd = []
counter = 0
# do we really need the loop?
- for p in glob.glob(buildpath + "/*/*/host_stats*top.txt"):
+ for p in glob.glob(buildpath + "/*/*/host_stats*top_summary.txt"):
n_split = p.split(build)
res = reldir[0:-1] + n_split[1]
hd.append((res, str(counter)))
diff --git a/scripts/run-config b/scripts/run-config
index 8ed88cf..82de91f 100755
--- a/scripts/run-config
+++ b/scripts/run-config
@@ -327,6 +327,7 @@ elif args.phase == "finish" and args.stepname == "collect-results":
if args.results_dir:
hp.printheader("Running results collection")
runcmd([scriptsdir + "/collect-results", args.builddir, args.results_dir, args.target])
+ runcmd([scriptsdir + "/summarize_top_output.py", args.results_dir, args.target])
sys.exit(0)

if jcfg:
diff --git a/scripts/summarize_top_output.py b/scripts/summarize_top_output.py
new file mode 100755
index 0000000..50c9b0a
--- /dev/null
+++ b/scripts/summarize_top_output.py
@@ -0,0 +1,176 @@
+#!/usr/bin/env python3
+
+import os, sys, glob
+
+# constants
+HOME = "/home/pokybuild/yocto-worker/"
+top_header = 7
+max_cols = 11
+cpu_hoggers = 5
+zombie_proc_id = "<defunct>"
+parser = "Parser"
+
+# report the following whenever they occur
+special_cmds = ["rm", "tar", "qemu"]
+
+# string substitution to make things easier to read
+subs = {
+ "/home/pokybuild/yocto-worker/" : "~/",
+ "/build/build/tmp/work/" : "/...WORK_DIR.../"
+}
+
+def usage():
+ print("Usage: " + sys.argv[0] + " <dest> <target>")
+
+def list_top_outputs(logfile):
+ # top delimiter
+ top_start = "start: top output"
+ top_end = "end: top output"
+
+ # list of top outputs
+ top_outputs = []
+
+ # flag
+ collect = False
+ with open(logfile) as log:
+ top_output = []
+ for line in log:
+ lstrip = line.strip()
+ if collect:
+ if lstrip.startswith(top_end):
+ collect = False
+ top_outputs.append(top_output)
+ top_output = []
+ else:
+ top_output.append(lstrip)
+ if lstrip.startswith(top_start):
+ collect = True
+
+ return top_outputs
+
+def summarize_top(top_outs, target):
+ summaries = []
+ kernel_summaries = []
+ zombie_summaries = []
+ short_summaries = []
+ other_builds = []
+ for top_out in top_outs:
+ summary = {}
+ kernel_summary = {}
+ zombie_summary = {}
+ short_summary = top_out[:top_header + cpu_hoggers]
+ for line in top_out[top_header:]:
+ cmd = line.split(maxsplit=max_cols)[-1]
+ if cmd.startswith(HOME):
+ b = cmd.split(HOME)[1].split("/")[0]
+ if b not in other_builds:
+ other_builds.append(b)
+ if cmd[0] == "[" and cmd[-1] == "]": # kernel processes
+ kproc = cmd[1:-1].split("/")[0]
+ if kproc not in kernel_summary:
+ kernel_summary[kproc] = 1
+ else:
+ kernel_summary[kproc] += 1
+ elif zombie_proc_id in cmd: # zombie processes
+ zproc = cmd.split()[0][1:-1]
+ if parser in zproc:
+ zproc = parser
+ if zproc not in zombie_summary:
+ zombie_summary[zproc] = 1
+ else:
+ zombie_summary[zproc] += 1
+ else: # userspace processes
+ cmd_split = cmd.split()
+ prog = cmd_split[0]
+ if prog not in summary:
+ summary[prog] = 1
+ else:
+ summary[prog] += 1
+ summary = dict(sorted(summary.items(), key=lambda item: item[1], reverse=True))
+ kernel_summary = dict(sorted(kernel_summary.items(), key=lambda item: item[1], reverse=True))
+ zombie_summary = dict(sorted(zombie_summary.items(), key=lambda item: item[1], reverse=True))
+
+ summaries.append(summary)
+ kernel_summaries.append(kernel_summary)
+ zombie_summaries.append(zombie_summary)
+ short_summaries.append(short_summary)
+ return (short_summaries, summaries, kernel_summaries, zombie_summaries, other_builds)
+
+def summarize_path(path):
+ sub = ["/recipe-sysroot-native/", "/../../libexec/", "/gcc/"]
+ p = path
+ for k, v in subs.items():
+ p = p.replace(k, v)
+ if all(x in p for x in sub):
+ rsn_spl = p.split("/recipe-sysroot-native/")
+ gcc_spl = rsn_spl[-1].split("/gcc/")
+ p = rsn_spl[0] + "/...GCC.../" + gcc_spl[-1]
+
+ return p
+
+def write_summary(short_summary, summary, kernel_summary, zombie_summary, other_build, target, logfile):
+ dirname = os.path.dirname(logfile)
+ fname = os.path.basename(logfile)
+ report_name = fname.split(".")[0] + "_summary.txt"
+ outfile = os.path.join(dirname, report_name)
+ out = "NOTE:\nProcesses that occur only once is not reported.\n"
+ out += "Program names have been shortened for better readability.\n"
+ out += "Substitutions are as follows:\n"
+ for k, v in subs.items():
+ out += (v + " = " + k + "\n")
+ out += "\n"
+
+ out += "top was invoked " + str(len(short_summary)) + " times.\n\n"
+ out += "Current build: " + target + "\n"
+ out += "Other builds:"
+ for b in other_build:
+ out += " " + b
+ out += "\n\n"
+ for i in range(len(short_summary)):
+ for l in short_summary[i]:
+ out += (l + "\n")
+
+ out += ("\nUserspace Process Summary: " + "\n")
+ if not summary:
+ out += "There were no userspace processes\n"
+ else:
+ for k, v in summary[i].items():
+ if v > 1 or any(k.startswith(x) for x in special_cmds):
+ r = summarize_path(k)
+ out += (str(v) + " " + r + "\n")
+
+ out += ("\nKernel Process Summary: " + "\n")
+ if not kernel_summary:
+ out += "There were no kernel processes\n"
+ else:
+ for k, v in kernel_summary[i].items():
+ if v > 1 or any(k.startswith(x) for x in special_cmds):
+ out += (str(v) + " " + k + "\n")
+
+ out += ("\nZombie Process Summary: " + "\n")
+ if not zombie_summary:
+ out += "There were no zombie processes\n"
+ else:
+ for k, v in zombie_summary[i].items():
+ if v > 1 or any(k.startswith(x) for x in special_cmds):
+ out += (str(v) + " " + k + "\n")
+ out += ("\n")
+
+ with open(outfile, "w") as of:
+ of.write(out)
+
+def main():
+ if len(sys.argv) != 3:
+ usage()
+ sys.exit()
+
+ dest = sys.argv[1]
+ target = sys.argv[2]
+ host_data_dir = "intermittent_failure_host_data"
+ directory = os.path.join(dest, target, host_data_dir)
+ for f in glob.glob(directory + "/*_top.txt"):
+ outputs = list_top_outputs(f)
+ short_summary, summary, kernel_summary, zombie_summary, other_build = summarize_top(outputs, target)
+ write_summary(short_summary, summary, kernel_summary, zombie_summary, other_build, target, f)
+
+main()
--
2.25.1
Re: [meta-mingw][PATCH] openssl: support for building nativesdk of mingw

Changqing Li
 

ping

On 1/13/21 10:23 AM, Changqing Li wrote:

ping

On 1/5/21 11:31 AM, Changqing Li wrote:
* add support for mingw32
* Engines are installed in a slightly different path, which is
  urgly, patch it to make the path shorter
* remove runtime dependency from perl for mingw nativesdk

since commit 70da1f956bfbb627691c47eba7451182aca758e3 of oe-core
'openssl: Add c_rehash to misc package and add perl runtime dependency'

package openssl-misc have runtime dependency on perl, and perl then
have depenency on another 3 recipes, db/gdbm/libxcrypt. according to
http://arsv.github.io/perl-cross/usage.html, perl don't support
cross-compile build for mingw32 and another 3 recipes also don't
support mingw well. so remove the dependency of perl, don't support
c_rehash for mingw.

Signed-off-by: Changqing Li <changqing.li@...>
---
 ...ile.tmpl-don-t-add-prefix-for-libdir.patch | 32 +++++++++++++++++++
 .../openssl/openssl_%.bbappend                | 31 ++++++++++++++++++
 2 files changed, 63 insertions(+)
 create mode 100644 recipes-connectivity/openssl/files/0001-unix-Makefile.tmpl-don-t-add-prefix-for-libdir.patch
 create mode 100644 recipes-connectivity/openssl/openssl_%.bbappend

diff --git a/recipes-connectivity/openssl/files/0001-unix-Makefile.tmpl-don-t-add-prefix-for-libdir.patch b/recipes-connectivity/openssl/files/0001-unix-Makefile.tmpl-don-t-add-prefix-for-libdir.patch
new file mode 100644
index 0000000..028431b
--- /dev/null
+++ b/recipes-connectivity/openssl/files/0001-unix-Makefile.tmpl-don-t-add-prefix-for-libdir.patch
@@ -0,0 +1,32 @@
+From 8fe5c9421acfaff35b637e7ad55d1df598bb7081 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@...>
+Date: Tue, 22 Dec 2020 09:22:10 +0800
+Subject: [PATCH] unix-Makefile.tmpl: don't add prefix for libdir
+
+we had pass libdir to Configure, don't use prefix again to
+avoid engineer dir set to:
+/opt/poky/3.2+snapshot/sysroots/x86_64-w64-mingw32/usr/opt/poky/3.2+snapshot/sysroots/x86_64-w64-mingw32/usr/lib/engines-1_1
+
+Upstream-Status: Inappropriate[oe-specific]
+
+Signed-off-by: Changqing Li <changqing.li@...>
+---
+ Configurations/unix-Makefile.tmpl | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
+index bbafb98..eecb63e 100644
+--- a/Configurations/unix-Makefile.tmpl
++++ b/Configurations/unix-Makefile.tmpl
+@@ -244,7 +244,7 @@ LIBDIR={- our $libdir = $config{libdir} || "lib";
+           File::Spec::Win32->file_name_is_absolute($libdir) ? "" : $libdir -}
+ ENGINESDIR_dev={- use File::Spec::Win32;
+                   our $enginesdir =
+-                      File::Spec::Win32->catdir($prefix,$libdir,
++                      File::Spec::Win32->catdir($libdir,
+                                                 "engines-$sover_dirname");
+                   our ($enginesdir_dev, $enginesdir_dir, $enginesdir_file) =
+                       File::Spec::Win32->splitpath($enginesdir, 1);
+-- 
+2.17.1
+
diff --git a/recipes-connectivity/openssl/openssl_%.bbappend b/recipes-connectivity/openssl/openssl_%.bbappend
new file mode 100644
index 0000000..7fd82f1
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl_%.bbappend
@@ -0,0 +1,31 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+
+SRC_URI_append_mingw32_class-nativesdk = " \
+           file://0001-unix-Makefile.tmpl-don-t-add-prefix-for-libdir.patch \
+"
+
+do_configure_mingw32 () {
+	os=${HOST_OS}
+	target="$os-${HOST_ARCH}"
+	case $target in
+        mingw32-x86_64)
+                target=mingw64
+                ;;
+        mingw32-i686)
+                target=mingw
+                ;;
+        esac
+
+        useprefix=${prefix}
+        if [ "x$useprefix" = "x" ]; then
+                useprefix=/
+        fi
+        # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the
+        # environment variables set by bitbake. Adjust the environment variables instead.
+        HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \
+        perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir} $target
+        perl ${B}/configdata.pm --dump
+}
+
+FILES_${PN}-engines_mingw32_class-nativesdk = "${libdir}/engines-1_1"
+RDEPENDS_${PN}-misc_remove_mingw32_class-nativesdk = "perl"



      

      

      
      




    

  


					


				
				
				
			

			
			

				
	


		
	

		
			

				

				

				
					

						

							
							
						

					

				

			
			

				

					

				

			

			
				
		
		

		
		
	


	

			
		
			
				
	
		
	

		
			
			

			
			
				
				

					

						
							
							

							[meta-security][PATCH] sssd: update to 2.5.1
							
						
					

				

				

			
			

				

					


						
							
								
	
		
			
		
		
  
	
    Armin Kuster
	

	

							
						
					

					

						
							


						
						 
						
							
							
						
						
					

				

			

			

			

				
See full change log: https://sssd.io/release-notes/sssd-2.5.1.html

Including a musl build work around

Signed-off-by: Armin Kuster <akuster808@...>
---
 recipes-security/sssd/files/musl_fixup.patch  | 53 +++++++++++++++++++
 .../sssd/{sssd_2.5.0.bb => sssd_2.5.1.bb}     |  6 ++-
 2 files changed, 57 insertions(+), 2 deletions(-)
 create mode 100644 recipes-security/sssd/files/musl_fixup.patch
 rename recipes-security/sssd/{sssd_2.5.0.bb => sssd_2.5.1.bb} (96%)

diff --git a/recipes-security/sssd/files/musl_fixup.patch b/recipes-security/sssd/files/musl_fixup.patch
new file mode 100644
index 0000000..68f267c
--- /dev/null
+++ b/recipes-security/sssd/files/musl_fixup.patch
@@ -0,0 +1,53 @@
+fix musl build failures
+
+Missing _PATH_HOSTS and some NETDB defines when musl is enabled.
+
+These are work arounds for now while we figure out where the real fix should reside (musl, gcompact, sssd):
+
+./sssd-2.5.1/src/providers/fail_over.c:1199:19: error: '_PATH_HOSTS' undeclared (first use in this function)
+|  1199 |                   _PATH_HOSTS);
+|       |                   ^~~~~~~~~~~
+
+and 
+
+i./sssd-2.5.1/src/sss_client/nss_ipnetworks.c:415:21: error: 'NETDB_INTERNAL' undeclared (first use in this function)
+|   415 |         *h_errnop = NETDB_INTERNAL;
+
+
+Upstream-Status: Pending
+Signed-off-by: Armin Kuster <akuster808@...>
+
+Index: sssd-2.5.1/src/providers/fail_over.c
+===================================================================
+--- sssd-2.5.1.orig/src/providers/fail_over.c
++++ sssd-2.5.1/src/providers/fail_over.c
+@@ -31,6 +31,10 @@
+ #include <talloc.h>
+ #include <netdb.h>
+ 
++#if !defined(_PATH_HOSTS)
++#define _PATH_HOSTS     "/etc/hosts"
++#endif
++
+ #include "util/dlinklist.h"
+ #include "util/refcount.h"
+ #include "util/util.h"
+Index: sssd-2.5.1/src/sss_client/sss_cli.h
+===================================================================
+--- sssd-2.5.1.orig/src/sss_client/sss_cli.h
++++ sssd-2.5.1/src/sss_client/sss_cli.h
+@@ -44,6 +44,14 @@ typedef int errno_t;
+ #define EOK 0
+ #endif
+ 
++#ifndef NETDB_INTERNAL
++# define NETDB_INTERNAL (-1)
++#endif
++
++#ifndef NETDB_SUCCESS
++# define NETDB_SUCCESS (0)
++#endif
++
+ #define SSS_NSS_PROTOCOL_VERSION 1
+ #define SSS_PAM_PROTOCOL_VERSION 3
+ #define SSS_SUDO_PROTOCOL_VERSION 1
diff --git a/recipes-security/sssd/sssd_2.5.0.bb b/recipes-security/sssd/sssd_2.5.1.bb
similarity index 96%
rename from recipes-security/sssd/sssd_2.5.0.bb
rename to recipes-security/sssd/sssd_2.5.1.bb
index 84b7b0e..9205843 100644
--- a/recipes-security/sssd/sssd_2.5.0.bb
+++ b/recipes-security/sssd/sssd_2.5.1.bb
@@ -15,15 +15,17 @@ DEPENDS_append_libc-musl = " musl-nscd"
 DEPENDS += "${@bb.utils.contains('PACKAGECONFIG', 'nss', '', \
                bb.utils.contains('PACKAGECONFIG', 'crypto', '', 'nss', d), d)}"
 
-SRC_URI = "https://github.com/SSSD/sssd/releases/download/2.5.0/sssd-2.5.0.tar.gz \
+SRC_URI = "https://github.com/SSSD/sssd/releases/download/${PV}/sssd-${PV}.tar.gz \
            file://sssd.conf \
            file://volatiles.99_sssd \
            file://no_gen.patch \
            file://fix_gid.patch \
            file://drop_ntpdate_chk.patch \
            file://fix-ldblibdir.patch \
+           file://musl_fixup.patch \
            "
-SRC_URI[sha256sum] = "afa62d7d8d23fca3aba093abe4ec0d14e7d9346c5b28ceb7c2c624bed98caa06"
+
+SRC_URI[sha256sum] = "ce2f5d84a3f1750093318afd27f4fd75b1e3e75f7d80fc42d21a40cc54b58ea4"
 
 inherit autotools pkgconfig gettext python3-dir features_check systemd
 
-- 
2.25.1

				
				
				
			

			
			

				
	


		
	

		
			

				

				

				
					

						

							
							
						

					

				

			
			

				

					

				

			

			
				
		
		

		
		
	


	

			
		
	

	

		
		
		
		
		
	

	

		
		
		
		
		
	

	
	

		
		
		
		
	



	

		

			
	
		

			

				

					
						
							5441 - 5460 of 59467