Date   

[layerindex-web][PATCH] models.py: extend max_length of name in YPCompatibleVersions to 100

Changqing Li
 

From: Changqing Li <changqing.li@...>

Now, YPCompatibleVersions's name is only designed for using version like
2.0 3.0, the max_length is 25. but we mostly use Codename for layer
compatibility, eg: LAYERSERIES_COMPAT_dpdk = "dunfell gatesgarth
hardknott", in this case, it's not enough to save the compatible
version. so extend it to 100.

Signed-off-by: Changqing Li <changqing.li@...>
---
.../migrations/0045_yp_compatible_extend.py | 24 +++++++++++++++++++
layerindex/models.py | 2 +-
2 files changed, 25 insertions(+), 1 deletion(-)
create mode 100644 layerindex/migrations/0045_yp_compatible_extend.py

diff --git a/layerindex/migrations/0045_yp_compatible_extend.py b/layerindex/migrations/0045_yp_compatible_extend.py
new file mode 100644
index 0000000..3544b4b
--- /dev/null
+++ b/layerindex/migrations/0045_yp_compatible_extend.py
@@ -0,0 +1,24 @@
+# Generated by Django 2.2 on 2021-07-13 02:43
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+ dependencies = [
+ ('layerindex', '0044_extendedprovides'),
+ ]
+
+ operations = [
+ migrations.AlterField(
+ model_name='classicrecipe',
+ name='cover_layerbranch',
+ field=models.ForeignKey(blank=True, limit_choices_to={'branch__name': 'master'}, null=True, on_delete=django.db.models.deletion.SET_NULL, to='layerindex.LayerBranch', verbose_name='Covering layer'),
+ ),
+ migrations.AlterField(
+ model_name='ypcompatibleversion',
+ name='name',
+ field=models.CharField(help_text='Name of this Yocto Project compatible version (e.g. "2.0")', max_length=100, unique=True, verbose_name='Yocto Project Version'),
+ ),
+ ]
diff --git a/layerindex/models.py b/layerindex/models.py
index 329cc33..2317740 100644
--- a/layerindex/models.py
+++ b/layerindex/models.py
@@ -217,7 +217,7 @@ class LayerRecipeExtraURL(models.Model):


class YPCompatibleVersion(models.Model):
- name = models.CharField('Yocto Project Version', max_length=25, unique=True, help_text='Name of this Yocto Project compatible version (e.g. "2.0")')
+ name = models.CharField('Yocto Project Version', max_length=100, unique=True, help_text='Name of this Yocto Project compatible version (e.g. "2.0")')
description = models.TextField(blank=True)
image_url = models.CharField('Image URL', max_length=300, blank=True)
link_url = models.CharField('Link URL', max_length=100, blank=True)
--
2.17.1


wic automount of a data partition #zeus

Gary Huband
 

I'm using Zeus.  I'm trying to create and mount a data partition using wic.  My wks file is

part u-boot --source rawcopy --sourceparams="file=u-boot.imx" --ondisk mmc --no-table --align 1
part /boot --source bootimg-partition --ondisk mmc --fstype=vfat --label bootA --active --align 4096 --size 20
part / --source rootfs --ondisk mmc --fstype=ext4 --label rootfsA --align 4096 --size 4096
part /boot --source bootimg-partition --ondisk mmc --fstype=vfat --label bootB --size 20
part / --source rootfs --ondisk mmc --fstype=ext4 --label rootfsB --align 4096 --size 4096
part /data --ondisk mmc --fstype=ext4 --fsoptions="defaults" --label data --align 4096 --size 2048
part --ondisk mmc --fstype=ext4 --label recovery --align 4096 --size 1024

This creates the data on partition 6 but does not mount create the /data directory nor mount the partition.
If I manually create /data and manually modify the /etc/fstab file everything works.

Any suggestions for fixing the wks file?

Thanks

Gary


Re: [yocto-autobuilder-helper][PATCH] config.json: track system load with PARALLEL_MAKE

Trevor Gamblin
 


On 2021-07-12 12:04 p.m., Alexander Kanavin wrote:

[Please note: This e-mail is from an EXTERNAL e-mail address]

I seem to vaguely remember that -l is not actually taking a percentage, but an absolute value that is specific to the amount of CPU cores a system has. Have you verified your assumption?
You are right that it's not actually a percentage and is instead tied to the number of cores. I'll correct the patch body to reflect this when I inevitably send a v2. With the latest testing on the AB, my suspicion that "-l 100" is too generous for most machines is being confirmed...

Alex

On Mon, 12 Jul 2021 at 14:11, Trevor Gamblin <trevor.gamblin@...> wrote:
This adds the "-l" option to PARALLEL_MAKE in config.json with an
initial testing value of 100 (100% system load). This option is supported
by both Make and Ninja. However, we also require the "--debug=j" option
to be passed to Make in order for the latter to report perceived system
load in the do_compile logs, and since this option is not supported by
Ninja, also add EXTRA_OEMAKE to the EXTRAVARS so that we can determine if
the target load percentage needs to be adjusted.

Signed-off-by: Trevor Gamblin <trevor.gamblin@...>
---
 config.json | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/config.json b/config.json
index f54081b..7fc89ea 100644
--- a/config.json
+++ b/config.json
@@ -44,7 +44,7 @@
             "PREMIRRORS = ''",
             "BB_GENERATE_MIRROR_TARBALLS = '1'",
             "BB_NUMBER_THREADS = '16'",
-            "PARALLEL_MAKE = '-j 16'",
+            "PARALLEL_MAKE = '-j 16 -l 100'",
             "XZ_MEMLIMIT = '5%'",
             "XZ_THREADS = '8'",
             "BB_TASK_NICE_LEVEL = '5'",
@@ -61,7 +61,8 @@
             "RUNQEMU_TMPFS_DIR = '/home/pokybuild/tmp'",
             "BB_HEARTBEAT_EVENT = '60'",
             "BB_LOG_HOST_STAT_ON_INTERVAL = '1'",
-            "BB_LOG_HOST_STAT_CMDS_INTERVAL = 'oe-time-dd-test.sh 100'"
+            "BB_LOG_HOST_STAT_CMDS_INTERVAL = 'oe-time-dd-test.sh 100'",
+            "EXTRA_OEMAKE = ' --debug=j'"
         ]
     },
     "templates" : {
--
2.31.1





Reminder: Yocto Project Technical Team Meeting @ Monthly from 8am on the first Tuesday (PDT)

Stephen Jolley
 

All,

 

Just a reminder we will hold the monthly Yocto Project Technical Meeting at 8am PST tomorrow. (7/13) 

 

Yocto Project Technical Team Meeting: We encourage people attending the meeting to logon and announce themselves on the Yocto Project IRC chancel during the meeting (optional):

Yocto IRC: http://webchat.freenode.net/?channels=#yocto

 

Wiki: https://www.yoctoproject.org/public-virtual-meetings/

 

When            Monthly from 8am to 9am on the first Tuesday Pacific Time

Where           Zoom Meeting: https://zoom.us/j/990892712?pwd=cHU1MjhoM2x6ck81bkcrYjRrcmJsUT09

 

We are tracking the minutes at: https://docs.google.com/document/d/1ly8nyhO14kDNnFcW2QskANXW3ZT7QwKC5wWVDg9dDH4/edit?pli=1 Please request access if you want to assist in editing them.  The world should have view access.

 

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 


Re: [yocto-autobuilder-helper][PATCH] config.json: track system load with PARALLEL_MAKE

Alexander Kanavin
 

I seem to vaguely remember that -l is not actually taking a percentage, but an absolute value that is specific to the amount of CPU cores a system has. Have you verified your assumption?

Alex


On Mon, 12 Jul 2021 at 14:11, Trevor Gamblin <trevor.gamblin@...> wrote:
This adds the "-l" option to PARALLEL_MAKE in config.json with an
initial testing value of 100 (100% system load). This option is supported
by both Make and Ninja. However, we also require the "--debug=j" option
to be passed to Make in order for the latter to report perceived system
load in the do_compile logs, and since this option is not supported by
Ninja, also add EXTRA_OEMAKE to the EXTRAVARS so that we can determine if
the target load percentage needs to be adjusted.

Signed-off-by: Trevor Gamblin <trevor.gamblin@...>
---
 config.json | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/config.json b/config.json
index f54081b..7fc89ea 100644
--- a/config.json
+++ b/config.json
@@ -44,7 +44,7 @@
             "PREMIRRORS = ''",
             "BB_GENERATE_MIRROR_TARBALLS = '1'",
             "BB_NUMBER_THREADS = '16'",
-            "PARALLEL_MAKE = '-j 16'",
+            "PARALLEL_MAKE = '-j 16 -l 100'",
             "XZ_MEMLIMIT = '5%'",
             "XZ_THREADS = '8'",
             "BB_TASK_NICE_LEVEL = '5'",
@@ -61,7 +61,8 @@
             "RUNQEMU_TMPFS_DIR = '/home/pokybuild/tmp'",
             "BB_HEARTBEAT_EVENT = '60'",
             "BB_LOG_HOST_STAT_ON_INTERVAL = '1'",
-            "BB_LOG_HOST_STAT_CMDS_INTERVAL = 'oe-time-dd-test.sh 100'"
+            "BB_LOG_HOST_STAT_CMDS_INTERVAL = 'oe-time-dd-test.sh 100'",
+            "EXTRA_OEMAKE = ' --debug=j'"
         ]
     },
     "templates" : {
--
2.31.1





Re: Yocto Autobuilder: Latency Monitor and AB-INT - Meeting notes: July 8, 2021

Trevor Gamblin
 

On 2021-07-08 9:53 a.m., Randy MacLeod wrote:

YP AB Intermittent failures meeting
===================================
July 1, 2021, 9 AM ET
https://windriver.zoom.us/j/3696693975

Attendees:  Tony, Richard, Trevor, Randy


Summary:

========



The autobuilder RCU hang is still fixed ;-),
   master branch builds greener.

ptest failures are the top problem now.



Add Michael Halstead, see questions below in section 4.



If anyone wants to help, we could use more eyes on the logs,

particularly the summary logs and understanding iostat #

when the dd test times out.





Plans for the week:



===================





  Richard: glibc upgrade, etc.



  Alex: ?



  Sakib: pub/non-release link upgrade, script clean-up.



  Trevor: make job server test. Try it on YP AB!!! What type of build?



  Tony: fix/work-around valgrind ptest bug:
     none/tests/amd64/fb_test_amd64
  Saul: nothing this week for YP.



  Randy: vacation, then email catch-up!




Meeting Notes:

==============


1, runqemu

Tony having trouble with runqemu on some Wind River machine.

Richard has a fix for a race in runqemu in master-next.

These might be related but if not Tony should debug the
issue/ collect logs.

2. job server

- Trevor has conclusive evidence that the 'make' job server is useful.
  email summary to come. Need to fix some assumptoins in code that
  parses PARALLEL_MAKE then send patch to yocto-autobuilder-helper.

- ninja will have to be done next.
I've submitted an initial patch to yocto@.... My short notes to go along with it:

MAKE JOBSERVERS, SYSTEM LOADS, AND THE YOCTO AUTOBUILDER

INTRO

- Yocto Autobuilder has been experiencing several issues with nightly builds, some intermittent
- Previous discussions looking for ways to limit CPU/RAM loading (see " [yocto] bitbake controlling memory use" on yocto@... mailing list)
- Source packages built as part of YP builds rely on various build tools, including Make, Ninja. Can we use them to limit system resource loading, and therefore reduce build failures that occur near/beyond these limits?

MAKE JOBSERVER

- When the "-j" option is provided (e.g. by PARALLEL_MAKE and/or EXTRA_OEMAKE in local.conf), this tells Make to use that many job slots, e.g. PARALLEL_MAKE = "-j 10" tells make to use at most 10 job slots during compilation
- When the "-l" or "--max-load" option is provided (also via PARALLEL_MAKE or EXTRA_OEMAKE in local.conf), this tells Make not to start *more than one job* if the system load average (as perceived by Make) exceeds that value. If the system load exceeds the average specified with the "-l" argument and there is already a Make job running, no new ones are started until either the existing jobs finish, or the system load falls below the threshold.
- No limit by default

Sources:
https://www.gnu.org/software/make/manual/make.html#Parallel
http://make.mad-scientist.net/papers/jobserver-implementation/

PROPOSED SOLUTION

- "Just do it" - put a patch in for use with the Autobuilder and see what shakes out
- add 'PARALLEL_MAKE = "-j N -l M"' to the yocto-autobuilder-helper config.json default
- Complicated slightly by Ninja not supporting the same "--debug" functionality as Make - this is what has been used to track the system load in the initial testing. To get around this, we can temporarily set EXTRA_OEMAKE. Without "--debug", the "-l" option still works, but there is no output in the do_compile logs to tell us how the actual system load compares to the percentage targeted by the "-l" option

I did not see any issues in my manual testing with PARALLEL_MAKE and EXTRA_OEMAKE set in the same manner. It appears from a recursive grep through the poky repository that PARALLEL_MAKE gets referenced in various places, but it is usually either passed directly to the build tool of choice, or the argument to the "-j" flag is explicitly stripped out for use. An example of the former is meta/classes/meson.bbclass:

...

meson_do_compile() {
    ninja -v ${PARALLEL_MAKE}
}

...

It's possible that we will run into some edge cases of course, but I haven't seen them in my manual testing. Builds are running now at https://autobuilder.yoctoproject.org/typhoon/#/builders/85/builds/1478 , so we should have some initial results soon.

- Trevor



3. AB status

 generally better but...

 ptests are having some recurring problems.
 - parted - only on arm?
 - valgrind - none/tests/amd64/fb_test_amd64
 - gdb test failing again. - Randy!

4. Richard reported
   - something really flaky going on with serial ports.
   - particularly bad on qemuppc but also x86.
   - related to Saul's QMP data dump?

5. Sakib needs to send patch to make testimage failures
   generate summary logs.

6. Richard says that we may need to redesign the data collection system
   that Sakib's AB INT tests are based on.





Still relevant parts of
Previous Meeting Notes:
=======================

1. The qemu RCU hang has been fixed to not deadlock anymore!

It still  hangs at times but this dramatically reduces the
AB failures.



4. bitbake server timeout.

   "Timeout while waiting for a reply from the bitbake server (60s)"

   Randy mentioned that the bitbake server timeouts seen in the
   Wind River build cluster have gone away after upgrading to
   a newer version of docker.

   Old: Docker Version: Docker version 18.09.4, build d14af54266
   New: Docker Version: Docker version 20.10.7, build f0df350


   Clearly the YP ABs aren't running in docker but what
   about firmware and kernel tunings.

   Michael,

   Is the BIOS/firmware kept up to date on most nodes?

   It seems that we are running stock kernels which makes sense but
   given that we don't have concerns about privacy since system access
   is controlled and the nodes are being used to test open
   source software, we might consider optimizing for performance
   rather than security.

   Alex pointed at: https://make-linux-fast-again.com/
   Which just lists a set of kernel boot options:
      noibrs noibpb nopti nospectre_v2 nospectre_v1  \
      l1tf=off nospec_store_bypass_disable no_stf_barrier \
      mds=off tsx=on tsx_async_abort=off mitigations=off

   Can we enable some or all of these on a node to see what the
   performance difference is?


5. io stalls

   Richard said that it would make sense to write an ftrace utility
   / script to monitor io latency and we could install it with sudo
   Ch^W mentioned ftrace on IRC.
   Sakib and Randy will work on that but not for a week or two.

6. Switch the pub/non-release links from full log to summary.
   The host data links on:
     https://autobuilder.yocto.io/pub/non-release/
   should include links to the summary data. I think we have room to
   include both links like this:
   0 1 2 3  (Full: 0 1 2 3 )





../Randy


[meta-spdxscanner] Question about meta-spdxscanner

Marco Cavallini
 

Hello,
I see that meta-spdxscanner has been moved to http://git.yoctoproject.org, and doesn't maintained on github anymore.https://github.com/dl9pf/meta-spdxscanner/issues/21

Therefore the only way to get in contact to developers is writing to this ML

I am trying to understand how meta-spdxscanner works.
I'd like to test it without any external service (no Fossology) therefore I am trying the INHERIT += "scancode-tk" approach.

I am testing it with a dunfell version and I noticed a lot of errors so I switched to master and the bitbake build started but again I am facing to a problem

ERROR: bash-completion-2.10-r0 do_get_report: Could not invoke scancode Command

I'd like to have advice from you to understand if is it possible to test it without any external service and discover what kind of artefacts are generated into deploy/spdx.

Thank you

--
Marco


[yocto-autobuilder-helper][PATCH] config.json: track system load with PARALLEL_MAKE

Trevor Gamblin
 

This adds the "-l" option to PARALLEL_MAKE in config.json with an
initial testing value of 100 (100% system load). This option is supported
by both Make and Ninja. However, we also require the "--debug=j" option
to be passed to Make in order for the latter to report perceived system
load in the do_compile logs, and since this option is not supported by
Ninja, also add EXTRA_OEMAKE to the EXTRAVARS so that we can determine if
the target load percentage needs to be adjusted.

Signed-off-by: Trevor Gamblin <trevor.gamblin@...>
---
config.json | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/config.json b/config.json
index f54081b..7fc89ea 100644
--- a/config.json
+++ b/config.json
@@ -44,7 +44,7 @@
"PREMIRRORS = ''",
"BB_GENERATE_MIRROR_TARBALLS = '1'",
"BB_NUMBER_THREADS = '16'",
- "PARALLEL_MAKE = '-j 16'",
+ "PARALLEL_MAKE = '-j 16 -l 100'",
"XZ_MEMLIMIT = '5%'",
"XZ_THREADS = '8'",
"BB_TASK_NICE_LEVEL = '5'",
@@ -61,7 +61,8 @@
"RUNQEMU_TMPFS_DIR = '/home/pokybuild/tmp'",
"BB_HEARTBEAT_EVENT = '60'",
"BB_LOG_HOST_STAT_ON_INTERVAL = '1'",
- "BB_LOG_HOST_STAT_CMDS_INTERVAL = 'oe-time-dd-test.sh 100'"
+ "BB_LOG_HOST_STAT_CMDS_INTERVAL = 'oe-time-dd-test.sh 100'",
+ "EXTRA_OEMAKE = ' --debug=j'"
]
},
"templates" : {
--
2.31.1


Re: [meta-security][PATCH 2/2] apparmor: use its own initscript and service files

Armin Kuster
 

merged.

thanks for the reminder.

-armin

On 7/6/21 2:03 AM, Yi Zhao wrote:

Ping ...


On 6/23/21 5:15 PM, Yi Zhao wrote:
Use initscript and service files provided by apparmor.

Signed-off-by: Yi Zhao <yi.zhao@...>
---
recipes-mac/AppArmor/apparmor_3.0.1.bb | 33 +--
...x-hardcoded-installation-directories.patch | 51 ++++
...pparmor.debian-add-missing-functions.patch | 57 ++++
recipes-mac/AppArmor/files/apparmor | 226 ---------------
recipes-mac/AppArmor/files/apparmor.rc | 98 -------
recipes-mac/AppArmor/files/apparmor.service | 22 --
recipes-mac/AppArmor/files/functions | 271 ------------------
7 files changed, 118 insertions(+), 640 deletions(-)
create mode 100644 recipes-mac/AppArmor/files/0001-Makefile-fix-hardcoded-installation-directories.patch
create mode 100644 recipes-mac/AppArmor/files/0001-rc.apparmor.debian-add-missing-functions.patch
delete mode 100644 recipes-mac/AppArmor/files/apparmor
delete mode 100644 recipes-mac/AppArmor/files/apparmor.rc
delete mode 100644 recipes-mac/AppArmor/files/apparmor.service
delete mode 100644 recipes-mac/AppArmor/files/functions

diff --git a/recipes-mac/AppArmor/apparmor_3.0.1.bb b/recipes-mac/AppArmor/apparmor_3.0.1.bb
index 6377683..ff5b39b 100644
--- a/recipes-mac/AppArmor/apparmor_3.0.1.bb
+++ b/recipes-mac/AppArmor/apparmor_3.0.1.bb
@@ -15,15 +15,13 @@ DEPENDS = "bison-native apr gettext-native coreutils-native swig-native"

SRC_URI = " \
git://gitlab.com/apparmor/apparmor.git;protocol=https;branch=apparmor-3.0 \
+ file://run-ptest \
file://disable_perl_h_check.patch \
file://crosscompile_perl_bindings.patch \
- file://apparmor.rc \
- file://functions \
- file://apparmor \
- file://apparmor.service \
file://0001-Makefile.am-suppress-perllocal.pod.patch \
- file://run-ptest \
file://0001-Revert-profiles-Update-make-check-to-select-tools-ba.patch \
+ file://0001-Makefile-fix-hardcoded-installation-directories.patch \
+ file://0001-rc.apparmor.debian-add-missing-functions.patch \
"

SRCREV = "b0f08aa9d678197b8e3477c2fbff790f50a1de5e"
@@ -79,8 +77,6 @@ do_compile () {
}

do_install () {
- install -d ${D}/${INIT_D_DIR}
- install -d ${D}/lib/apparmor
oe_runmake -C ${B}/libraries/libapparmor DESTDIR="${D}" install
oe_runmake -C ${B}/binutils DESTDIR="${D}" install
oe_runmake -C ${B}/utils DESTDIR="${D}" install
@@ -96,16 +92,16 @@ do_install () {
fi

if ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'true', 'false', d)}; then
- install -d ${D}/lib/security
oe_runmake -C ${B}/changehat/pam_apparmor DESTDIR="${D}" install
fi

- install -m 755 ${WORKDIR}/apparmor ${D}/${INIT_D_DIR}/apparmor
- install -m 755 ${WORKDIR}/functions ${D}/lib/apparmor
+ if ${@bb.utils.contains('DISTRO_FEATURES','sysvinit','true','false',d)}; then
+ install -d ${D}${sysconfdir}/init.d
+ install -m 755 ${B}/parser/rc.apparmor.debian ${D}${sysconfdir}/init.d/apparmor
+ fi

if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
- install -d ${D}${systemd_system_unitdir}
- install -m 0644 ${WORKDIR}/apparmor.service ${D}${systemd_system_unitdir}
+ oe_runmake -C ${B}/parser DESTDIR="${D}" install-systemd
fi
}

@@ -152,15 +148,6 @@ do_install_ptest_arm() {
:
}

-pkg_postinst_ontarget_${PN} () {
-if [ ! -d /etc/apparmor.d/cache ] ; then
- mkdir /etc/apparmor.d/cache
-fi
-}
-
-# We need the init script so don't rm it
-RMINITDIR_class-target_remove = " rm_sysvinit_initddir"
-
INITSCRIPT_PACKAGES = "${PN}"
INITSCRIPT_NAME = "apparmor"
INITSCRIPT_PARAMS = "start 16 2 3 4 5 . stop 35 0 1 6 ."
@@ -171,9 +158,9 @@ SYSTEMD_AUTO_ENABLE ?= "enable"

PACKAGES += "mod-${PN}"

-FILES_${PN} += "/lib/apparmor/ /lib/security/ ${sysconfdir}/apparmor ${nonarch_libdir}/${PYTHON_DIR}/site-packages"
+FILES_${PN} += "${nonarch_base_libdir}/apparmor/ ${base_libdir}/security/ ${sysconfdir}/apparmor ${nonarch_libdir}/${PYTHON_DIR}/site-packages"
FILES_mod-${PN} = "${libdir}/apache2/modules/*"
-FILES_${PN}-dbg += "/lib/security/"
+FILES_${PN}-dbg += "${base_libdir}/security/.debug"

DEPENDS_append_libc-musl = " fts "
RDEPENDS_${PN}_libc-musl += "musl-utils"
diff --git a/recipes-mac/AppArmor/files/0001-Makefile-fix-hardcoded-installation-directories.patch b/recipes-mac/AppArmor/files/0001-Makefile-fix-hardcoded-installation-directories.patch
new file mode 100644
index 0000000..f10acb1
--- /dev/null
+++ b/recipes-mac/AppArmor/files/0001-Makefile-fix-hardcoded-installation-directories.patch
@@ -0,0 +1,51 @@
+From 363114dcd72abf1c0dcd637c66037227b8be229b Mon Sep 17 00:00:00 2001
+From: Yi Zhao <yi.zhao@...>
+Date: Mon, 21 Jun 2021 14:18:30 +0800
+Subject: [PATCH 1/2] Makefile: fix hardcoded installation directories
+
+Update the installation directories to fix the do_install error for
+multilib and usrmerge.
+
+Upstream-Status: Inappropriate [configuration]
+
+Signed-off-by: Yi Zhao <yi.zhao@...>
+---
+ changehat/pam_apparmor/Makefile | 2 +-
+ parser/Makefile | 8 ++++----
+ 2 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/changehat/pam_apparmor/Makefile b/changehat/pam_apparmor/Makefile
+index f6ece2d1..0143ae9f 100644
+--- a/changehat/pam_apparmor/Makefile
++++ b/changehat/pam_apparmor/Makefile
+@@ -77,7 +77,7 @@ $(NAME).so: ${OBJECTS}
+
+ # need some better way of determining this
+ DESTDIR=/
+-SECDIR ?= ${DESTDIR}/lib/security
++SECDIR ?= ${DESTDIR}/${base_libdir}/security
+
+ .PHONY: install
+ install: $(NAME).so
+diff --git a/parser/Makefile b/parser/Makefile
+index 8250ac45..cf18bc11 100644
+--- a/parser/Makefile
++++ b/parser/Makefile
+@@ -23,10 +23,10 @@ COMMONDIR=../common/
+ include $(COMMONDIR)/Make.rules
+
+ DESTDIR=/
+-APPARMOR_BIN_PREFIX=${DESTDIR}/lib/apparmor
+-SBINDIR=${DESTDIR}/sbin
+-USR_SBINDIR=${DESTDIR}/usr/sbin
+-SYSTEMD_UNIT_DIR=${DESTDIR}/usr/lib/systemd/system
++APPARMOR_BIN_PREFIX=${DESTDIR}/${nonarch_base_libdir}/apparmor
++SBINDIR=${DESTDIR}/${base_sbindir}
++USR_SBINDIR=${DESTDIR}/${sbindir}
++SYSTEMD_UNIT_DIR=${DESTDIR}/${systemd_system_unitdir}
+ CONFDIR=/etc/apparmor
+ INSTALL_CONFDIR=${DESTDIR}${CONFDIR}
+ LOCALEDIR=/usr/share/locale
+--
+2.17.1
+
diff --git a/recipes-mac/AppArmor/files/0001-rc.apparmor.debian-add-missing-functions.patch b/recipes-mac/AppArmor/files/0001-rc.apparmor.debian-add-missing-functions.patch
new file mode 100644
index 0000000..53bdde8
--- /dev/null
+++ b/recipes-mac/AppArmor/files/0001-rc.apparmor.debian-add-missing-functions.patch
@@ -0,0 +1,57 @@
+From a737c95ac0f887c365fe8f16583ea95da79de1e9 Mon Sep 17 00:00:00 2001
+From: Yi Zhao <yi.zhao@...>
+Date: Mon, 21 Jun 2021 16:53:39 +0800
+Subject: [PATCH] rc.apparmor.debian: add missing functions
+
+Add missing functions:
+ aa_log_action_start
+ aa_log_action_end
+ aa_log_daemon_msg
+ aa_log_end_msg
+
+Fixes:
+$ /etc/init.d/apparmor start
+/lib/apparmor/rc.apparmor.functions: line 294: aa_log_daemon_msg: command not found
+/lib/apparmor/rc.apparmor.functions: line 214: aa_log_action_start: command not found
+
+Upstream-Status: Pending
+
+Signed-off-by: Yi Zhao <yi.zhao@...>
+---
+ parser/rc.apparmor.debian | 20 ++++++++++++++++++++
+ 1 file changed, 20 insertions(+)
+
+diff --git a/parser/rc.apparmor.debian b/parser/rc.apparmor.debian
+index 8efd4400..f35124e8 100644
+--- a/parser/rc.apparmor.debian
++++ b/parser/rc.apparmor.debian
+@@ -70,6 +70,26 @@ aa_log_skipped_msg() {
+ echo ": Skipped."
+ }
+
++aa_log_action_start()
++{
++ echo "$@"
++}
++
++aa_log_action_end()
++{
++ printf ""
++}
++
++aa_log_daemon_msg()
++{
++ echo "$@"
++}
++
++aa_log_end_msg()
++{
++ printf ""
++}
++
+ usage() {
+ echo "Usage: $0 {start|stop|restart|try-restart|reload|force-reload|status|kill}"
+ }
+--
+2.17.1
+
diff --git a/recipes-mac/AppArmor/files/apparmor b/recipes-mac/AppArmor/files/apparmor
deleted file mode 100644
index 604e48d..0000000
--- a/recipes-mac/AppArmor/files/apparmor
+++ /dev/null
@@ -1,226 +0,0 @@
-#!/bin/sh
-# ----------------------------------------------------------------------
-# Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007
-# NOVELL (All rights reserved)
-# Copyright (c) 2008, 2009 Canonical, Ltd.
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License published by the Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, contact Novell, Inc.
-# ----------------------------------------------------------------------
-# Authors:
-# Steve Beattie <steve.beattie@...>
-# Kees Cook <kees@...>
-#
-# /etc/init.d/apparmor
-#
-### BEGIN INIT INFO
-# Provides: apparmor
-# Required-Start: $local_fs
-# Required-Stop: umountfs
-# Default-Start: S
-# Default-Stop:
-# Short-Description: AppArmor initialization
-# Description: AppArmor init script. This script loads all AppArmor profiles.
-### END INIT INFO
-
-log_daemon_msg() {
- echo $*
-}
-
-log_end_msg () {
- retval=$1
- if [ $retval -eq 0 ]; then
- echo "."
- else
- echo " failed!"
- fi
- return $retval
-}
-
-. /lib/apparmor/functions
-
-usage() {
- echo "Usage: $0 {start|stop|restart|reload|force-reload|status|recache}"
-}
-
-test -x ${PARSER} || exit 0 # by debian policy
-# LSM is built-in, so it is either there or not enabled for this boot
-test -d /sys/module/apparmor || exit 0
-
-securityfs() {
- # Need securityfs for any mode
- if [ ! -d "${AA_SFS}" ]; then
- if cut -d" " -f2,3 /proc/mounts | grep -q "^${SECURITYFS} securityfs"'$' ; then
- log_daemon_msg "AppArmor not available as kernel LSM."
- log_end_msg 1
- exit 1
- else
- log_daemon_msg "Mounting securityfs on ${SECURITYFS}"
- if ! mount -t securityfs none "${SECURITYFS}"; then
- log_end_msg 1
- exit 1
- fi
- fi
- fi
- if [ ! -w "$AA_SFS"/.load ]; then
- log_daemon_msg "Insufficient privileges to change profiles."
- log_end_msg 1
- exit 1
- fi
-}
-
-handle_system_policy_package_updates() {
- apparmor_was_updated=0
-
- if ! compare_previous_version ; then
- # On snappy flavors, if the current and previous versions are
- # different then clear the system cache. snappy will handle
- # "$PROFILES_CACHE_VAR" itself (on Touch flavors
- # compare_previous_version always returns '0' since snappy
- # isn't available).
- clear_cache_system
- apparmor_was_updated=1
- elif ! compare_and_save_debsums apparmor ; then
- # If the system policy has been updated since the last time we
- # ran, clear the cache to prevent potentially stale binary
- # cache files after an Ubuntu image based upgrade (LP:
- # #1350673). This can be removed once all system image flavors
- # move to snappy (on snappy systems compare_and_save_debsums
- # always returns '0' since /var/lib/dpkg doesn't exist).
- clear_cache
- apparmor_was_updated=1
- fi
-
- if [ -x /usr/bin/aa-clickhook ] || [ -x /usr/bin/aa-profile-hook ] ; then
- # If packages for system policy that affect click packages have
- # been updated since the last time we ran, run aa-clickhook -f
- force_clickhook=0
- force_profile_hook=0
- if ! compare_and_save_debsums apparmor-easyprof-ubuntu ; then
- force_clickhook=1
- fi
- if ! compare_and_save_debsums apparmor-easyprof-ubuntu-snappy ; then
- force_clickhook=1
- fi
- if ! compare_and_save_debsums click-apparmor ; then
- force_clickhook=1
- force_profile_hook=1
- fi
- if [ -x /usr/bin/aa-clickhook ] && ([ $force_clickhook -eq 1 ] || [ $apparmor_was_updated -eq 1 ]) ; then
- aa-clickhook -f
- fi
- if [ -x /usr/bin/aa-profile-hook ] && ([ $force_profile_hook -eq 1 ] || [ $apparmor_was_updated -eq 1 ]) ; then
- aa-profile-hook -f
- fi
- fi
-}
-
-# Allow "recache" even when running on the liveCD
-if [ "$1" = "recache" ]; then
- log_daemon_msg "Recaching AppArmor profiles"
- recache_profiles
- rc=$?
- log_end_msg "$rc"
- exit $rc
-fi
-
-# do not perform start/stop/reload actions when running from liveCD
-test -d /rofs/etc/apparmor.d && exit 0
-
-rc=255
-case "$1" in
- start)
- if test -x /sbin/systemd-detect-virt && \
- systemd-detect-virt --quiet --container && \
- ! is_container_with_internal_policy; then
- log_daemon_msg "Not starting AppArmor in container"
- log_end_msg 0
- exit 0
- fi
- log_daemon_msg "Starting AppArmor profiles"
- securityfs
- # That is only useful for click, snappy and system images,
- # i.e. not in Debian. And it reads and writes to /var, that
- # can be remote-mounted, so it would prevent us from using
- # Before=sysinit.target without possibly introducing dependency
- # loops.
- handle_system_policy_package_updates
- load_configured_profiles
- rc=$?
- log_end_msg "$rc"
- ;;
- stop)
- log_daemon_msg "Clearing AppArmor profiles cache"
- clear_cache
- rc=$?
- log_end_msg "$rc"
- cat >&2 <<EOM
-All profile caches have been cleared, but no profiles have been unloaded.
-Unloading profiles will leave already running processes permanently
-unconfined, which can lead to unexpected situations.
-
-To set a process to complain mode, use the command line tool
-'aa-complain'. To really tear down all profiles, run the init script
-with the 'teardown' option."
-EOM
- ;;
- teardown)
- if test -x /sbin/systemd-detect-virt && \
- systemd-detect-virt --quiet --container && \
- ! is_container_with_internal_policy; then
- log_daemon_msg "Not tearing down AppArmor in container"
- log_end_msg 0
- exit 0
- fi
- log_daemon_msg "Unloading AppArmor profiles"
- securityfs
- running_profile_names | while read profile; do
- if ! unload_profile "$profile" ; then
- log_end_msg 1
- exit 1
- fi
- done
- rc=0
- log_end_msg $rc
- ;;
- restart|reload|force-reload)
- if test -x /sbin/systemd-detect-virt && \
- systemd-detect-virt --quiet --container && \
- ! is_container_with_internal_policy; then
- log_daemon_msg "Not reloading AppArmor in container"
- log_end_msg 0
- exit 0
- fi
- log_daemon_msg "Reloading AppArmor profiles"
- securityfs
- clear_cache
- load_configured_profiles
- rc=$?
- unload_obsolete_profiles
-
- log_end_msg "$rc"
- ;;
- status)
- securityfs
- if [ -x /usr/sbin/aa-status ]; then
- aa-status --verbose
- else
- cat "$AA_SFS"/profiles
- fi
- rc=$?
- ;;
- *)
- usage
- rc=1
- ;;
- esac
-exit $rc
diff --git a/recipes-mac/AppArmor/files/apparmor.rc b/recipes-mac/AppArmor/files/apparmor.rc
deleted file mode 100644
index 1507d7b..0000000
--- a/recipes-mac/AppArmor/files/apparmor.rc
+++ /dev/null
@@ -1,98 +0,0 @@
-description "Pre-cache and pre-load apparmor profiles"
-author "Dimitri John Ledkov <xnox@...> and Jamie Strandboge <jamie@...>"
-
-task
-
-start on starting rc-sysinit
-
-script
- [ -d /rofs/etc/apparmor.d ] && exit 0 # do not load on liveCD
- [ -d /sys/module/apparmor ] || exit 0 # do not load without AppArmor
- [ -x /sbin/apparmor_parser ] || exit 0 # do not load without parser
-
- . /lib/apparmor/functions
-
- systemd-detect-virt --quiet --container && ! is_container_with_internal_policy && exit 0 || true
-
- # Need securityfs for any mode
- if [ ! -d /sys/kernel/security/apparmor ]; then
- if cut -d" " -f2,3 /proc/mounts | grep -q "^/sys/kernel/security securityfs"'$' ; then
- exit 0
- else
- mount -t securityfs none /sys/kernel/security || exit 0
- fi
- fi
-
- [ -w /sys/kernel/security/apparmor/.load ] || exit 0
-
- apparmor_was_updated=0
- if ! compare_previous_version ; then
- # On snappy flavors, if the current and previous versions are
- # different then clear the system cache. snappy will handle
- # "$PROFILES_CACHE_VAR" itself (on Touch flavors
- # compare_previous_version always returns '0' since snappy
- # isn't available).
- clear_cache_system
- apparmor_was_updated=1
- elif ! compare_and_save_debsums apparmor ; then
- # If the system policy has been updated since the last time we
- # ran, clear the cache to prevent potentially stale binary
- # cache files after an Ubuntu image based upgrade (LP:
- # #1350673). This can be removed once all system image flavors
- # move to snappy (on snappy systems compare_and_save_debsums
- # always returns '0' since /var/lib/dpkg doesn't exist).
- clear_cache
- apparmor_was_updated=1
- fi
-
- if [ -x /usr/bin/aa-clickhook ] || [ -x /usr/bin/aa-profile-hook ] ; then
- # If packages for system policy that affect click packages have
- # been updated since the last time we ran, run aa-clickhook -f
- force_clickhook=0
- force_profile_hook=0
- if ! compare_and_save_debsums apparmor-easyprof-ubuntu ; then
- force_clickhook=1
- fi
- if ! compare_and_save_debsums apparmor-easyprof-ubuntu-snappy ; then
- force_clickhook=1
- fi
- if ! compare_and_save_debsums click-apparmor ; then
- force_clickhook=1
- force_profile_hook=1
- fi
- if [ -x /usr/bin/aa-clickhook ] && ([ $force_clickhook -eq 1 ] || [ $apparmor_was_updated -eq 1 ]) ; then
- aa-clickhook -f
- fi
- if [ -x /usr/bin/aa-profile-hook ] && ([ $force_profile_hook -eq 1 ] || [ $apparmor_was_updated -eq 1 ]) ; then
- aa-profile-hook -f
- fi
- fi
-
- if [ "$ACTION" = "teardown" ]; then
- running_profile_names | while read profile; do
- unload_profile "$profile"
- done
- exit 0
- fi
-
- if [ "$ACTION" = "clear" ]; then
- clear_cache
- exit 0
- fi
-
- if [ "$ACTION" = "reload" ] || [ "$ACTION" = "force-reload" ]; then
- clear_cache
- load_configured_profiles
- unload_obsolete_profiles
- exit 0
- fi
-
- # Note: if apparmor-easyprof-ubuntu md5sums didn't match up above,
- # aa-clickhook will have already compiled the policy, generated the cache
- # files and loaded them into the kernel by this point, so reloading click
- # policy from cache, while fairly fast (<2 seconds for 250 profiles on
- # armhf), is redundant. Fixing this would complicate the logic quite a bit
- # and it wouldn't improve the (by far) common case (ie, when
- # 'aa-clickhook -f' is not run).
- load_configured_profiles
-end script
diff --git a/recipes-mac/AppArmor/files/apparmor.service b/recipes-mac/AppArmor/files/apparmor.service
deleted file mode 100644
index e66afe4..0000000
--- a/recipes-mac/AppArmor/files/apparmor.service
+++ /dev/null
@@ -1,22 +0,0 @@
-[Unit]
-Description=AppArmor initialization
-After=local-fs.target
-Before=sysinit.target
-AssertPathIsReadWrite=/sys/kernel/security/apparmor/.load
-ConditionSecurity=apparmor
-DefaultDependencies=no
-Documentation=man:apparmor(7)
-Documentation=http://wiki.apparmor.net/
-
-# Don't start this unit on the Ubuntu Live CD
-ConditionPathExists=!/rofs/etc/apparmor.d
-
-[Service]
-Type=oneshot
-RemainAfterExit=yes
-ExecStart=/etc/init.d/apparmor start
-ExecStop=/etc/init.d/apparmor stop
-ExecReload=/etc/init.d/apparmor reload
-
-[Install]
-WantedBy=sysinit.target
diff --git a/recipes-mac/AppArmor/files/functions b/recipes-mac/AppArmor/files/functions
deleted file mode 100644
index e9e2bbf..0000000
--- a/recipes-mac/AppArmor/files/functions
+++ /dev/null
@@ -1,271 +0,0 @@
-# /lib/apparmor/functions for Debian -*- shell-script -*-
-# ----------------------------------------------------------------------
-# Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007
-# NOVELL (All rights reserved)
-# Copyright (c) 2008-2010 Canonical, Ltd.
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License published by the Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, contact Novell, Inc.
-# ----------------------------------------------------------------------
-# Authors:
-# Kees Cook <kees@...>
-
-PROFILES="/etc/apparmor.d"
-PROFILES_CACHE="$PROFILES/cache"
-PROFILES_VAR="/var/lib/apparmor/profiles"
-PROFILES_SNAPPY="/var/lib/snapd/apparmor/profiles"
-PROFILES_CACHE_VAR="/var/cache/apparmor"
-PARSER="/sbin/apparmor_parser"
-SECURITYFS="/sys/kernel/security"
-export AA_SFS="$SECURITYFS/apparmor"
-
-# Suppress warnings when booting in quiet mode
-quiet_arg=""
-[ "${QUIET:-no}" = yes ] && quiet_arg="-q"
-[ "${quiet:-n}" = y ] && quiet_arg="-q"
-
-foreach_configured_profile() {
- rc_all="0"
- for pdir in "$PROFILES" "$PROFILES_VAR" "$PROFILES_SNAPPY" ; do
- if [ ! -d "$pdir" ]; then
- continue
- fi
- num=`find "$pdir" -type f ! -name '*.md5sums' | wc -l`
- if [ "$num" = "0" ]; then
- continue
- fi
-
- cache_dir="$PROFILES_CACHE"
- if [ -d "$PROFILES_CACHE_VAR" ] && [ "$pdir" = "$PROFILES_VAR" ] || [ "$pdir" = "$PROFILES_SNAPPY" ]; then
- cache_dir="$PROFILES_CACHE_VAR"
- fi
- cache_args="--cache-loc=$cache_dir"
- if [ ! -d "$cache_dir" ]; then
- cache_args=
- fi
-
- # LP: #1383858 - expr tree simplification is too slow for
- # Touch policy on ARM, so disable it for now
- cache_extra_args=
- if [ -d "$PROFILES_CACHE_VAR" ] && [ "$pdir" = "$PROFILES_VAR" ] || [ "$pdir" = "$PROFILES_SNAPPY" ]; then
- cache_extra_args="-O no-expr-simplify"
- fi
-
- # If need to compile everything, then use -n1 with xargs to
- # take advantage of -P. When cache files are in use, omit -n1
- # since it is considerably faster on moderately sized profile
- # sets to give the parser all the profiles to load at once
- n1_args=
- num=`find "$cache_dir" -type f ! -name '.features' | wc -l`
- if [ "$num" = "0" ]; then
- n1_args="-n1"
- fi
-
- (ls -1 "$pdir" | egrep -v '(\.dpkg-(new|old|dist|bak)|~)$' | \
- while read profile; do
- if [ -f "$pdir"/"$profile" ]; then
- echo "$pdir"/"$profile"
- fi
- done) | \
- xargs $n1_args -d"\n" -P$(getconf _NPROCESSORS_ONLN) "$PARSER" "$@" $cache_args $cache_extra_args -- || {
- rc_all="$?"
- # FIXME: when the parser properly handles broken
- # profiles (LP: #1377338), remove this if statement.
- # For now, if the xargs returns with error, just run
- # through everything with -n1. (This could be broken
- # out and refactored, but this is temporary so make it
- # easy to understand and revert)
- if [ "$rc_all" != "0" ]; then
- (ls -1 "$pdir" | \
- egrep -v '(\.dpkg-(new|old|dist|bak)|~)$' | \
- while read profile; do
- if [ -f "$pdir"/"$profile" ]; then
- echo "$pdir"/"$profile"
- fi
- done) | \
- xargs -n1 -d"\n" -P$(getconf _NPROCESSORS_ONLN) "$PARSER" "$@" $cache_args $cache_extra_args -- || {
- rc_all="$?"
- }
- fi
- }
- done
- return $rc_all
-}
-
-load_configured_profiles() {
- clear_cache_if_outdated
- foreach_configured_profile $quiet_arg --write-cache --replace
-}
-
-load_configured_profiles_without_caching() {
- foreach_configured_profile $quiet_arg --replace
-}
-
-recache_profiles() {
- clear_cache
- foreach_configured_profile $quiet_arg --write-cache --skip-kernel-load
-}
-
-configured_profile_names() {
- foreach_configured_profile $quiet_arg -N 2>/dev/null | LC_COLLATE=C sort | grep -v '//'
-}
-
-running_profile_names() {
- # Output a sorted list of loaded profiles, skipping libvirt's
- # dynamically generated files
- cat "$AA_SFS"/profiles | sed -e "s/ (\(enforce\|complain\))$//" | egrep -v '^libvirt-[0-9a-f\-]+$' | LC_COLLATE=C sort | grep -v '//'
-}
-
-unload_profile() {
- echo -n "$1" > "$AA_SFS"/.remove
-}
-
-clear_cache() {
- clear_cache_system
- clear_cache_var
-}
-
-clear_cache_system() {
- find "$PROFILES_CACHE" -maxdepth 1 -type f -print0 | xargs -0 rm -f --
-}
-
-clear_cache_var() {
- find "$PROFILES_CACHE_VAR" -maxdepth 1 -type f -print0 | xargs -0 rm -f --
-}
-
-read_features_dir()
-{
- for f in `ls -A "$1"` ; do
- if [ -f "$1/$f" ] ; then
- read -r KF < "$1/$f" || true
- echo -n "$f {$KF } "
- elif [ -d "$1/$f" ] ; then
- echo -n "$f {"
- KF=`read_features_dir "$1/$f"` || true
- echo -n "$KF} "
- fi
- done
-}
-
-clear_cache_if_outdated() {
- if [ -r "$PROFILES_CACHE"/.features ]; then
- if [ -d "$AA_SFS"/features ]; then
- KERN_FEATURES=`read_features_dir "$AA_SFS"/features`
- else
- read -r KERN_FEATURES < "$AA_SFS"/features
- fi
- CACHE_FEATURES=`tr '\n' ' ' < "$PROFILES_CACHE"/.features`
- if [ "$KERN_FEATURES" != "$CACHE_FEATURES" ]; then
- clear_cache
- fi
- fi
-}
-
-unload_obsolete_profiles() {
- # Currently we must re-parse all the profiles to get policy names. :(
- aa_configured=$(mktemp -t aa-XXXXXX)
- configured_profile_names > "$aa_configured" || true
- aa_loaded=$(mktemp -t aa-XXXXXX)
- running_profile_names > "$aa_loaded" || true
- LC_COLLATE=C comm -2 -3 "$aa_loaded" "$aa_configured" | while read profile ; do
- unload_profile "$profile"
- done
- rm -f "$aa_configured" "$aa_loaded"
-}
-
-# If the system debsum differs from the saved debsum, the new system debsum is
-# saved and non-zero is returned. Returns 0 if the two debsums matched or if
-# the system debsum file does not exist. This can be removed when system image
-# flavors all move to snappy.
-compare_and_save_debsums() {
- pkg="$1"
-
- if [ -n $pkg ] && [ -d "$PROFILES_VAR" ]; then
- sums="/var/lib/dpkg/info/${pkg}.md5sums"
- # store saved md5sums in /var/lib/apparmor/profiles since
- # /var/cache/apparmor might be cleared by apparmor
- saved_sums="${PROFILES_VAR}/.${pkg}.md5sums"
-
- if [ -f "$sums" ] && \
- ! diff -q "$sums" "$saved_sums" 2>&1 >/dev/null ; then
- cp -f "$sums" "$saved_sums"
- return 1
- fi
- fi
-
- return 0
-}
-
-compare_previous_version() {
- installed="/usr/share/snappy/security-policy-version"
- previous="/var/lib/snappy/security-policy-version"
-
- # When just $previous doesn't exist, assume this is a new system with
- # no cache and don't do anything special.
- if [ -f "$installed" ] && [ -f "$previous" ]; then
- pv=`grep '^apparmor/' "$previous" | cut -d ' ' -f 2`
- iv=`grep '^apparmor/' "$installed" | cut -d ' ' -f 2`
- if [ -n "$iv" ] && [ -n "$pv" ] && [ "$iv" != "$pv" ]; then
- # snappy updates $previous elsewhere, so just return
- return 1
- fi
- fi
-
- return 0
-}
-
-# Checks to see if the current container is capable of having internal AppArmor
-# profiles that should be loaded. Callers of this function should have already
-# verified that they're running inside of a container environment with
-# something like `systemd-detect-virt --container`.
-#
-# The only known container environments capable of supporting internal policy
-# are LXD and LXC environment.
-#
-# Returns 0 if the container environment is capable of having its own internal
-# policy and non-zero otherwise.
-#
-# IMPORTANT: This function will return 0 in the case of a non-LXD/non-LXC
-# system container technology being nested inside of a LXD/LXC container that
-# utilized an AppArmor namespace and profile stacking. The reason 0 will be
-# returned is because .ns_stacked will be "yes" and .ns_name will still match
-# "lx[dc]-*" since the nested system container technology will not have set up
-# a new AppArmor profile namespace. This will result in the nested system
-# container's boot process to experience failed policy loads but the boot
-# process should continue without any loss of functionality. This is an
-# unsupported configuration that cannot be properly handled by this function.
-is_container_with_internal_policy() {
- local ns_stacked_path="${AA_SFS}/.ns_stacked"
- local ns_name_path="${AA_SFS}/.ns_name"
- local ns_stacked
- local ns_name
-
- if ! [ -f "$ns_stacked_path" ] || ! [ -f "$ns_name_path" ]; then
- return 1
- fi
-
- read -r ns_stacked < "$ns_stacked_path"
- if [ "$ns_stacked" != "yes" ]; then
- return 1
- fi
-
- # LXD and LXC set up AppArmor namespaces starting with "lxd-" and
- # "lxc-", respectively. Return non-zero for all other namespace
- # identifiers.
- read -r ns_name < "$ns_name_path"
- if [ "${ns_name#lxd-*}" = "$ns_name" ] && \
- [ "${ns_name#lxc-*}" = "$ns_name" ]; then
- return 1
- fi
-
- return 0
-}



[meta-security][PATCH] tpm-tools: fix build issue

Armin Kuster
 

This error occurs randomly.
/bin/bash: pod2man: command not found

[Yocto #14304]

minor space/tab cleanup

Signed-off-by: Armin Kuster <akuster808@...>
Cc: Ben <koncept1@...>
---
meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb b/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb
index 8aeb8ac..9e0a686 100644
--- a/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb
+++ b/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb
@@ -9,16 +9,16 @@ SECTION = "tpm"
LICENSE = "CPL-1.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=059e8cd6165cb4c31e351f2b69388fd9"

-DEPENDS = "libtspi openssl"
+DEPENDS = "libtspi openssl perl"
DEPENDS_class-native = "trousers-native"

SRCREV = "bf43837575c5f7d31865562dce7778eae970052e"
SRC_URI = " \
- git://git.code.sf.net/p/trousers/tpm-tools \
- file://tpm-tools-extendpcr.patch \
- file://04-fix-FTBFS-clang.patch \
- file://openssl1.1_fix.patch \
- "
+ git://git.code.sf.net/p/trousers/tpm-tools \
+ file://tpm-tools-extendpcr.patch \
+ file://04-fix-FTBFS-clang.patch \
+ file://openssl1.1_fix.patch \
+ "

inherit autotools-brokensep gettext

--
2.25.1


[PATCH yocto-autobuilder-helper 4/4] scripts/generate-testresult-index.py: update index to list host data

sakib.sajal@...
 

Host data is collected on failure by default. List the collected files
in the index.

Signed-off-by: Sakib Sajal <sakib.sajal@...>
---
scripts/generate-testresult-index.py | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/scripts/generate-testresult-index.py b/scripts/generate-testresult-index.py
index d85d606..5c33778 100755
--- a/scripts/generate-testresult-index.py
+++ b/scripts/generate-testresult-index.py
@@ -152,13 +152,15 @@ for build in sorted(os.listdir(path), key=keygen, reverse=True):
buildhistory.append((reldir + "testresults/qemuarm/buildhistory.txt", "qemuarm"))

hd = []
- counter = 0
- # do we really need the loop?
- for p in glob.glob(buildpath + "/*/*/host_stats*top_summary.txt"):
+ for p in glob.glob(buildpath + "/*/*/host_stats*summary.txt"):
n_split = p.split(build)
res = reldir[0:-1] + n_split[1]
- hd.append((res, str(counter)))
- counter += 1
+ n = os.path.basename(p).split("host_stats_")[-1]
+ if "failure" in n:
+ n = n.split("_summary.txt")[0]
+ elif "top" in n:
+ n = n.split("_top_summary.txt")[0]
+ hd.append((res, n))


branch = get_build_branch(buildpath)
--
2.25.1


[PATCH yocto-autobuilder-helper 3/4] summarize_top_output.py: summarize data logged on failure

sakib.sajal@...
 

Signed-off-by: Sakib Sajal <sakib.sajal@...>
---
scripts/summarize_top_output.py | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/scripts/summarize_top_output.py b/scripts/summarize_top_output.py
index 50c9b0a..4e96ce9 100755
--- a/scripts/summarize_top_output.py
+++ b/scripts/summarize_top_output.py
@@ -168,9 +168,11 @@ def main():
target = sys.argv[2]
host_data_dir = "intermittent_failure_host_data"
directory = os.path.join(dest, target, host_data_dir)
- for f in glob.glob(directory + "/*_top.txt"):
- outputs = list_top_outputs(f)
- short_summary, summary, kernel_summary, zombie_summary, other_build = summarize_top(outputs, target)
- write_summary(short_summary, summary, kernel_summary, zombie_summary, other_build, target, f)
+ regs = (directory + "/*_top.txt", directory + "/*_failure_*.txt")
+ for exts in regs:
+ for f in glob.glob(exts):
+ outputs = list_top_outputs(f)
+ short_summary, summary, kernel_summary, zombie_summary, other_build = summarize_top(outputs, target)
+ write_summary(short_summary, summary, kernel_summary, zombie_summary, other_build, target, f)

main()
--
2.25.1


[PATCH yocto-autobuilder-helper 2/4] collect-results: collect all host_stats files

sakib.sajal@...
 

data collection on failure is enabled by default.
Collect all host stats files created.

Signed-off-by: Sakib Sajal <sakib.sajal@...>
---
scripts/collect-results | 16 +++++++++++-----
1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/scripts/collect-results b/scripts/collect-results
index 7178380..93834d6 100755
--- a/scripts/collect-results
+++ b/scripts/collect-results
@@ -18,21 +18,27 @@ if [ -e $WORKDIR/buildhistory ]; then
fi
fi

-HSFILE=$WORKDIR/tmp/buildstats/*/host_stats
+HSFILE=$WORKDIR/tmp/buildstats/*/host_stats*
d="intermittent_failure_host_data"

mkdir -p $DEST/$target/$d

-step=0
+step_i=1
+step_f=1
for f in $HSFILE; do
if [ -e $f ]; then
cp $f $DEST/$target/$d
+ if [[ "$f" == *"failure"* ]] ; then
+ mv $DEST/$target/$d/`basename $f` $DEST/$target/$d/`basename $f`_${step_f}.txt
+ step_f=$((step_f+1))
+ continue
+ fi
grep -m 1 "^top -" $f
if [ $? -eq 0 ]; then
- mv $DEST/$target/$d/`basename $f` $DEST/$target/$d/`basename $f`_${step}_top.txt
+ mv $DEST/$target/$d/`basename $f` $DEST/$target/$d/`basename $f`_${step_i}_top.txt
else
- mv $DEST/$target/$d/`basename $f` $DEST/$target/$d/`basename $f`_${step}.txt
+ mv $DEST/$target/$d/`basename $f` $DEST/$target/$d/`basename $f`_${step_i}.txt
fi
- step=$((step+1))
+ step_i=$((step_i+1))
fi
done
--
2.25.1


[PATCH yocto-autobuilder-helper 1/4] config.json: collect data on failure by default

sakib.sajal@...
 

Signed-off-by: Sakib Sajal <sakib.sajal@...>
---
config.json | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/config.json b/config.json
index f54081b..99593c8 100644
--- a/config.json
+++ b/config.json
@@ -61,7 +61,9 @@
"RUNQEMU_TMPFS_DIR = '/home/pokybuild/tmp'",
"BB_HEARTBEAT_EVENT = '60'",
"BB_LOG_HOST_STAT_ON_INTERVAL = '1'",
- "BB_LOG_HOST_STAT_CMDS_INTERVAL = 'oe-time-dd-test.sh 100'"
+ "BB_LOG_HOST_STAT_CMDS_INTERVAL = 'oe-time-dd-test.sh -c 100 -t 15'",
+ "BB_LOG_HOST_STAT_ON_FAILURE = '1'",
+ "BB_LOG_HOST_STAT_CMDS_FAILURE = 'oe-time-dd-test.sh -l'"
]
},
"templates" : {
--
2.25.1


Re: Integration of Docker in Read-only Rootfile system through Yocto

Poornesh <poornesh.g@...>
 

Greetings !

I have added the docker in yocto (zeus) and it is working with the Rootfile system which is having "Read-write" permission. When I trying to run the "Hello-world" image with the Rootfile system having "Read-only" permission through docker  I am facing issue . Please find the attached error logs .

Requesting your suggestions to overcome this issue.

--

Thanks and Regards

Poornesh G


Re: #archiver Archiver not archiving sources from Mirror #archiver

 

On Fri, 9 Jul 2021 10:21:56 +0000
"Seipel, Christoph" <Christoph.Seipel@...> wrote:

Hello,

I have a problem with the archiver. I want to use it to export the sources used in our image for license compliance (GPL etc.).
We have a BSP supplier that supplies the Yocto system and the sources to build it in a mirror directory.

Now, when I use the archiver (mode: original) the exported sources don't contain the sources from the mirror, but only other files like patches.

To analyse this problem I put some extra logging into the archiver.bbclass to inspect the variable contents, and it seems the "local" variable where the archiver is looking for the sources to export doesn't fit with the path of the actual sources. This leads to the archiver just skipping that URL and proceeding.

For example for the systemd recipe it has the variable URL="git://github.com/systemd/systemd.git;protocol=git" and therefore it decides to look at local="<builddir>/downloads/git2/github.com.systemd.systemd.git"
But that file doesn't exist.
I inspected the do_fetch and do_unpack logs to find that the fetcher resolves "git://github.com/systemd/systemd.git;protocol=git" with returning the corresponding file from the mirror file:///<mirrorpath>/gitshallow_github.com.systemd.systemd.git_46659f7-1_master.tar.gz<file:///%3cmirrorpath%3e/gitshallow_github.com.systemd.systemd.git_46659f7-1_master.tar.gz>
The do_unpack task then unpacks tar -xzf <builddir>/downloads/gitshallow_github.com.systemd.systemd.git_46659f7-1_master.tar.gz
Which is possible because there is a symlink, I guess that was created by the fetcher
<builddir>/downloads/gitshallow_github.com.systemd.systemd.git_46659f7-1_master.tar.gz -> <mirror>/gitshallow_github.com.systemd.systemd.git_46659f7-1_master.tar.gz

So the problem seems to be that the archiver expects the sources in downloads/git2 but the fetcher creates the symlink in downloads and with additional pre- and postfiexes on the filename.

Sadly we are still on sumo, but at least for the archiver class there isn't any relevant change to hardknott. At least a dunfell upgrade is incoming in the next weeks.
If the archives you've been given have names starting with
'gitshallow_' then it's likely that the following variables were set in
local.conf or in a distro conf file to generate them:

BB_GENERATE_MIRROR_TARBALLS = "1"
BB_GENERATE_SHALLOW_TARBALLS = "1"
BB_GIT_SHALLOW = "1"

Could you make sure those are set in your configuration? If they're not
then the archiver may not be looking for the file names you have.

If things still don't work after that you could try backporting the
archiver class from hardknott and using the mirror archiver mode. That
mode is written to pick up the mirror tarballs from the downloads
directory so it should be able to handle your situation.

Thanks,

--
Paul Barker
https://pbarker.dev/


#archiver Archiver not archiving sources from Mirror #archiver

Seipel, Christoph
 

Hello,

 

I have a problem with the archiver. I want to use it to export the sources used in our image for license compliance (GPL etc.).

We have a BSP supplier that supplies the Yocto system and the sources to build it in a mirror directory.

 

Now, when I use the archiver (mode: original) the exported sources don’t contain the sources from the mirror, but only other files like patches.

 

To analyse this problem I put some extra logging into the archiver.bbclass to inspect the variable contents, and it seems the “local” variable where the archiver is looking for the sources to export doesn’t fit with the path of the actual sources. This leads to the archiver just skipping that URL and proceeding.

 

For example for the systemd recipe it has the variable URL=”git://github.com/systemd/systemd.git;protocol=git” and therefore it decides to look at local=”<builddir>/downloads/git2/github.com.systemd.systemd.git”

But that file doesn’t exist.

I inspected the do_fetch and do_unpack logs to find that the fetcher resolves “git://github.com/systemd/systemd.git;protocol=git” with returning the corresponding file from the mirror file:///<mirrorpath>/gitshallow_github.com.systemd.systemd.git_46659f7-1_master.tar.gz

The do_unpack task then unpacks tar -xzf <builddir>/downloads/gitshallow_github.com.systemd.systemd.git_46659f7-1_master.tar.gz

Which is possible because there is a symlink, I guess that was created by the fetcher

<builddir>/downloads/gitshallow_github.com.systemd.systemd.git_46659f7-1_master.tar.gz -> <mirror>/gitshallow_github.com.systemd.systemd.git_46659f7-1_master.tar.gz

 

So the problem seems to be that the archiver expects the sources in downloads/git2 but the fetcher creates the symlink in downloads and with additional pre- and postfiexes on the filename.

 

Sadly we are still on sumo, but at least for the archiver class there isn’t any relevant change to hardknott. At least a dunfell upgrade is incoming in the next weeks.

 

Best regards,

 

Christoph

_____________________________________________________

Christoph Seipel
 
CLAAS E-Systems GmbH

System & Software Displays, Operator Panels & Mobile Apps
Sommerkämpen 11
49201 Dissen a.T.W.
Germany
 
Phone +49 5421 9311-8762
Mail christoph.seipel@...

 


Re: #linux #dunfell How to use eclipse with autotools without yocto plugin #linux #dunfell

Sebastian Holzgreve
 

Hi,

we were currently upgrading our yocto system to v3.1. In the older yocto system there was the "Yocto Eclipse Plugin" available. I saw in the changelog that unfortunately that this plugin is not maintained anymore and removed.

From the past we got whole bunch of autotools based projects. Is it somehow posible to use eclipse for development and debugging keeping the projects in the autotools world?

I tried using the eSDK (Following: https://www.yoctoproject.org/docs/latest/mega-manual/mega-manual.html#sdk-working-projects)

Rebuilding the project from eclipse is now possible. It still complains that is can run the executable but I can start debugging. I tried to setup the debugger configuration like it was set up, when the "Yocto Eclipse Plugin" generated it. But when I try to debug the code, eclipse opens up the "Debug Perspective", also attaches to the remotly running gdbserver, but it never stops on breakpoints that were set in the eclipse GUI.

Is there any chance to use eclipse without the plugin, without converting all the packages to CMake or plain makefile projects?

Any hints or pointings to the right direction is appreciated.

I found the solution: My problem was that the default project configuration which created by "./configure {CONFIGURE_FLAGS}" doesn't do a build with debug information.

So ./configure {CONFIGURE_FLAGS} CXXFLAGS="-g -O0" has to be called before, and then debug is working.


Sorry for the stupid question before.


Kind regards,

Sebastian


Re: [error-report-web][PATCH] report-error.bbclass: Add layer and bitbake version info to error report

Milan Shah
 

Thanks, Richard

Closed the Bug as Resolved Fixed Status and commit link as a Comment.

Thanks & Regards,
Milan Shah

Milan Shah | Software Engineer
a: MontaVista Software, LLC | Bangalore, India
e: info@... | w: www.mvista.com/
p: +91-80-4939-5000


On Fri, Jul 9, 2021 at 2:23 PM Richard Purdie <richard.purdie@...> wrote:
On Fri, 2021-07-09 at 14:07 +0530, Milan Shah wrote:
> Well, there was no update on the bug as well as on the patch so I was 
> not aware of it.
>
> Thanks, Richard for responding. I'll definitely follow your suggestion 
> next time.

We'd normally expect the bug owner to update the status of the bug since it
isn't really possible for me or the triage team to track and update them all.
We can close this one with a link to the commit:

http://git.yoctoproject.org/cgit.cgi/poky/commit/meta/classes/report-error.bbclass?id=8b299a62c55aa8d1583aff4b8428f16def7231b7

Happy for you to, or I can...

Cheers,

Richard



Re: [error-report-web][PATCH] report-error.bbclass: Add layer and bitbake version info to error report

Richard Purdie
 

On Fri, 2021-07-09 at 14:07 +0530, Milan Shah wrote:
Well, there was no update on the bug as well as on the patch so I was 
not aware of it.

Thanks, Richard for responding. I'll definitely follow your suggestion 
next time.
We'd normally expect the bug owner to update the status of the bug since it
isn't really possible for me or the triage team to track and update them all.
We can close this one with a link to the commit:

http://git.yoctoproject.org/cgit.cgi/poky/commit/meta/classes/report-error.bbclass?id=8b299a62c55aa8d1583aff4b8428f16def7231b7

Happy for you to, or I can...

Cheers,

Richard

3321 - 3340 of 57387