Date   

Re: downgrade openssl libraryes

Ivan Riabtsov <ivriabtsov@...>
 

I have phytec imx6ul board with a preinstalled os. On this os opessl
version is 1.0.2j i need to build nginx for this board, but i can't
build yocto same version as i have on board, so I grabbed a newer
version of yocto from phytec site, rolled back glibc and try to roll
back openssl. I do not want to flash the device, as I'm afraid to get
brick

пн, 30 авг. 2021 г. в 16:51, Alexander Kanavin <alex.kanavin@...>:


openssl 1.0.2 went out of support at the end of 2019 and you should not be using it. What is the problem you need to solve?

Alex

On Mon, 30 Aug 2021 at 15:33, Ivan Riabtsov <ivriabtsov@...> wrote:

hello i am trying to rollback openssl version from 1.1.1i to 1.0.2j.
Copied the recipe openssl_1.1.1i.bb to openssl_1.0.2j.bb, saved the
openssl_1.1.1i.bb version with the name openssl_1.1.1i.bb.backup

Отредактировал новый файл, вот разница в файлах:

diff -Nau ./openssl_1.1.1i.bb.backup ./openssl_1.0.2j.bb
--- ./openssl_1.1.1i.bb.backup 2021-08-27 14:46:07.085808702 +0300
+++ ./openssl_1.0.2j.bb 2021-08-27 16:12:14.216430734 +0300
@@ -7,23 +7,19 @@
# "openssl" here actually means both OpenSSL and SSLeay licenses apply
# (see meta/files/common-licenses/OpenSSL to which "openssl" is
SPDXLICENSEMAPped)
LICENSE = "openssl"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=d343e62fc9c833710bbbed25f27364c8"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6"

DEPENDS = "hostperl-runtime-native"

SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
file://run-ptest \
- file://0001-skip-test_symbol_presence.patch \
- file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
\
- file://afalg.patch \
- file://reproducible.patch \
"

SRC_URI_append_class-nativesdk = " \
file://environment.d-openssl.sh \
"

-SRC_URI[sha256sum] =
"e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242"
+SRC_URI[sha256sum] =
"e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431"

inherit lib_package multilib_header multilib_script ptest
MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
@@ -122,7 +118,7 @@
# WARNING: do not set compiler/linker flags (-I/-D etc.) in
EXTRA_OECONF, as they will fully replace the
# environment variables set by bitbake. Adjust the environment
variables instead.
HASHBANGPERL="/usr/bin/env perl" PERL=perl
PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \
- perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS}
--prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir}
$target
+ perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS}
--prefix=$useprefix --openssldir=${libdir}/ssl-1.0 --libdir=${libdir}
$target
perl ${B}/configdata.pm --dump
}

@@ -134,30 +130,30 @@
# Create SSL structure for packages such as ca-certificates which
# contain hard-coded paths to /etc/ssl. Debian does the same.
install -d ${D}${sysconfdir}/ssl
- mv ${D}${libdir}/ssl-1.1/certs \
- ${D}${libdir}/ssl-1.1/private \
- ${D}${libdir}/ssl-1.1/openssl.cnf \
+ mv ${D}${libdir}/ssl-1.0/certs \
+ ${D}${libdir}/ssl-1.0/private \
+ ${D}${libdir}/ssl-1.0/openssl.cnf \
${D}${sysconfdir}/ssl/

# Although absolute symlinks would be OK for the target, they become
# invalid if native or nativesdk are relocated from sstate.
- ln -sf ${@oe.path.relative('${libdir}/ssl-1.1',
'${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-1.1/certs
- ln -sf ${@oe.path.relative('${libdir}/ssl-1.1',
'${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-1.1/private
- ln -sf ${@oe.path.relative('${libdir}/ssl-1.1',
'${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-1.1/openssl.cnf
+ ln -sf ${@oe.path.relative('${libdir}/ssl-1.0',
'${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-1.0/certs
+ ln -sf ${@oe.path.relative('${libdir}/ssl-1.0',
'${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-1.0/private
+ ln -sf ${@oe.path.relative('${libdir}/ssl-1.0',
'${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-1.0/openssl.cnf
}

do_install_append_class-native () {
create_wrapper ${D}${bindir}/openssl \
- OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \
- SSL_CERT_DIR=${libdir}/ssl-1.1/certs \
- SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \
- OPENSSL_ENGINES=${libdir}/engines-1.1
+ OPENSSL_CONF=${libdir}/ssl-1.0/openssl.cnf \
+ SSL_CERT_DIR=${libdir}/ssl-1.0/certs \
+ SSL_CERT_FILE=${libdir}/ssl-1.0/cert.pem \
+ OPENSSL_ENGINES=${libdir}/engines-1.0
}

do_install_append_class-nativesdk () {
mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
install -m 644 ${WORKDIR}/environment.d-openssl.sh
${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
- sed 's|/usr/lib/ssl/|/usr/lib/ssl-1.1/|g' -i
${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
+ sed 's|/usr/lib/ssl/|/usr/lib/ssl-1.0/|g' -i
${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
}

PTEST_BUILD_HOST_FILES += "configdata.pm"
@@ -170,8 +166,8 @@
cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util
${B}/util ${D}${PTEST_PATH}

# For test_shlibload
- ln -s ${libdir}/libcrypto.so.1.1 ${D}${PTEST_PATH}/
- ln -s ${libdir}/libssl.so.1.1 ${D}${PTEST_PATH}/
+ ln -s ${libdir}/libcrypto.so.1.0 ${D}${PTEST_PATH}/
+ ln -s ${libdir}/libssl.so.1.0 ${D}${PTEST_PATH}/

install -d ${D}${PTEST_PATH}/apps
ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps
@@ -192,11 +188,11 @@
FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
FILES_libssl = "${libdir}/libssl${SOLIBS}"
FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf \
- ${libdir}/ssl-1.1/openssl.cnf* \
+ ${libdir}/ssl-1.0/openssl.cnf* \
"
-FILES_${PN}-engines = "${libdir}/engines-1.1"
-FILES_${PN}-misc = "${libdir}/ssl-1.1/misc"
-FILES_${PN} =+ "${libdir}/ssl-1.1/*"
+FILES_${PN}-engines = "${libdir}/engines-1.0"
+FILES_${PN}-misc = "${libdir}/ssl-1.0/misc"
+FILES_${PN} =+ "${libdir}/ssl-1.0/*"
FILES_${PN}_append_class-nativesdk = "
${SDKPATHNATIVE}/environment-setup.d/openssl.sh"

CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"


вот новый получившийся файл:


cat openssl_1.0.2j.bb
SUMMARY = "Secure Socket Layer"
DESCRIPTION = "Secure Socket Layer (SSL) binary and related
cryptographic tools."
HOMEPAGE = "http://www.openssl.org/"
BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
SECTION = "libs/network"

# "openssl" here actually means both OpenSSL and SSLeay licenses apply
# (see meta/files/common-licenses/OpenSSL to which "openssl" is
SPDXLICENSEMAPped)
LICENSE = "openssl"
LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6"

DEPENDS = "hostperl-runtime-native"

SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
file://run-ptest \
"

SRC_URI_append_class-nativesdk = " \
file://environment.d-openssl.sh \
"

SRC_URI[sha256sum] =
"e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431"

inherit lib_package multilib_header multilib_script ptest
MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"

PACKAGECONFIG ?= ""
PACKAGECONFIG_class-native = ""
PACKAGECONFIG_class-nativesdk = ""

PACKAGECONFIG[cryptodev-linux] =
"enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module"

B = "${WORKDIR}/build"
do_configure[cleandirs] = "${B}"

#| ./libcrypto.so: undefined reference to `getcontext'
#| ./libcrypto.so: undefined reference to `setcontext'
#| ./libcrypto.so: undefined reference to `makecontext'
EXTRA_OECONF_append_libc-musl = " no-async"
EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm"

# adding devrandom prevents openssl from using getrandom() which is
not available on older glibc versions
# (native versions can be built with newer glibc, but then relocated
onto a system with older glibc)
EXTRA_OECONF_class-native = "--with-rand-seed=os,devrandom"
EXTRA_OECONF_class-nativesdk = "--with-rand-seed=os,devrandom"

# Relying on hardcoded built-in paths causes openssl-native to not be
relocateable from sstate.
CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin
-DENGINESDIR=/not/builtin"
CFLAGS_append_class-nativesdk = " -DOPENSSLDIR=/not/builtin
-DENGINESDIR=/not/builtin"

do_configure () {
os=${HOST_OS}
case $os in
linux-gnueabi |\
linux-gnuspe |\
linux-musleabi |\
linux-muslspe |\
linux-musl )
os=linux
;;
*)
;;
esac
target="$os-${HOST_ARCH}"
case $target in
linux-arm*)
target=linux-armv4
;;
linux-aarch64*)
target=linux-aarch64
;;
linux-i?86 | linux-viac3)
target=linux-x86
;;
linux-gnux32-x86_64 | linux-muslx32-x86_64 )
target=linux-x32
;;
linux-gnu64-x86_64)
target=linux-x86_64
;;
linux-mips | linux-mipsel)
# specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding
target architecture flags
target="linux-mips32 ${TARGET_CC_ARCH}"
;;
linux-gnun32-mips*)
target=linux-mips64
;;
linux-*-mips64 | linux-mips64 | linux-*-mips64el | linux-mips64el)
target=linux64-mips64
;;
linux-microblaze* | linux-nios2* | linux-sh3 | linux-sh4 | linux-arc*)
target=linux-generic32
;;
linux-powerpc)
target=linux-ppc
;;
linux-powerpc64)
target=linux-ppc64
;;
linux-powerpc64le)
target=linux-ppc64le
;;
linux-riscv32)
target=linux-generic32
;;
linux-riscv64)
target=linux-generic64
;;
linux-sparc | linux-supersparc)
target=linux-sparcv9
;;
esac

useprefix=${prefix}
if [ "x$useprefix" = "x" ]; then
useprefix=/
fi
# WARNING: do not set compiler/linker flags (-I/-D etc.) in
EXTRA_OECONF, as they will fully replace the
# environment variables set by bitbake. Adjust the environment
variables instead.
HASHBANGPERL="/usr/bin/env perl" PERL=perl
PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \
perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS}
--prefix=$useprefix --openssldir=${libdir}/ssl-1.0 --libdir=${libdir}
$target
perl ${B}/configdata.pm --dump
}

do_install () {
oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install

oe_multilib_header openssl/opensslconf.h

# Create SSL structure for packages such as ca-certificates which
# contain hard-coded paths to /etc/ssl. Debian does the same.
install -d ${D}${sysconfdir}/ssl
mv ${D}${libdir}/ssl-1.0/certs \
${D}${libdir}/ssl-1.0/private \
${D}${libdir}/ssl-1.0/openssl.cnf \
${D}${sysconfdir}/ssl/

# Although absolute symlinks would be OK for the target, they become
# invalid if native or nativesdk are relocated from sstate.
ln -sf ${@oe.path.relative('${libdir}/ssl-1.0',
'${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-1.0/certs
ln -sf ${@oe.path.relative('${libdir}/ssl-1.0',
'${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-1.0/private
ln -sf ${@oe.path.relative('${libdir}/ssl-1.0',
'${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-1.0/openssl.cnf
}

do_install_append_class-native () {
create_wrapper ${D}${bindir}/openssl \
OPENSSL_CONF=${libdir}/ssl-1.0/openssl.cnf \
SSL_CERT_DIR=${libdir}/ssl-1.0/certs \
SSL_CERT_FILE=${libdir}/ssl-1.0/cert.pem \
OPENSSL_ENGINES=${libdir}/engines-1.0
}

do_install_append_class-nativesdk () {
mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
install -m 644 ${WORKDIR}/environment.d-openssl.sh
${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
sed 's|/usr/lib/ssl/|/usr/lib/ssl-1.0/|g' -i
${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
}

PTEST_BUILD_HOST_FILES += "configdata.pm"
PTEST_BUILD_HOST_PATTERN = "perl_version ="
do_install_ptest () {
# Prune the build tree
rm -f ${B}/fuzz/*.* ${B}/test/*.*

cp ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH}
cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util
${D}${PTEST_PATH}

# For test_shlibload
ln -s ${libdir}/libcrypto.so.1.0 ${D}${PTEST_PATH}/
ln -s ${libdir}/libssl.so.1.0 ${D}${PTEST_PATH}/

install -d ${D}${PTEST_PATH}/apps
ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps
install -m644 ${S}/apps/*.pem ${S}/apps/*.srl ${S}/apps/openssl.cnf
${D}${PTEST_PATH}/apps
install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps

install -d ${D}${PTEST_PATH}/engines
install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines
}

# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
# package RRECOMMENDS on this package. This will enable the configuration
# file to be installed for both the openssl-bin package and the libcrypto
# package since the openssl-bin package depends on the libcrypto package.

PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc"

FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
FILES_libssl = "${libdir}/libssl${SOLIBS}"
FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf \
${libdir}/ssl-1.0/openssl.cnf* \
"
FILES_${PN}-engines = "${libdir}/engines-1.0"
FILES_${PN}-misc = "${libdir}/ssl-1.0/misc"
FILES_${PN} =+ "${libdir}/ssl-1.0/*"
FILES_${PN}_append_class-nativesdk = "
${SDKPATHNATIVE}/environment-setup.d/openssl.sh"

CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"

RRECOMMENDS_libcrypto += "openssl-conf"
RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash"

RDEPENDS_${PN}-bin += "openssl-conf"

BBCLASSEXTEND = "native nativesdk"

CVE_PRODUCT = "openssl:openssl"

# Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37
# Apache in meta-webserver is already recent enough
CVE_CHECK_WHITELIST += "CVE-2019-0190"


I understand that I need to figure out the configs yourself, but I get
this error when executing the

bitbake openssl-native

ERROR: Execution of
'/home/ivr/work/yocto_orig/build/tmp/work/x86_64-linux/openssl-native/1.0.2j-r0/temp/run.do_configure.1071458'
failed with exit code 2:
| unable to read opensslv.h:No such file or directory
| Configuring for linux-x86_64
| no-devcryptoeng [option] OPENSSL_NO_DEVCRYPTOENG (skip dir)
| no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128
(skip dir)
| no-gmp [default] OPENSSL_NO_GMP (skip dir)
| no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir)
| no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5
| no-libunbound [experimental] OPENSSL_NO_LIBUNBOUND (skip dir)
| no-md2 [default] OPENSSL_NO_MD2 (skip dir)
| no-rc5 [default] OPENSSL_NO_RC5 (skip dir)
| no-rfc3779 [default] OPENSSL_NO_RFC3779 (skip dir)
| no-sctp [default] OPENSSL_NO_SCTP (skip dir)
| no-shared [default]
| no-ssl-trace [default] OPENSSL_NO_SSL_TRACE (skip dir)
| no-ssl2 [default] OPENSSL_NO_SSL2 (skip dir)
| no-store [experimental] OPENSSL_NO_STORE (skip dir)
| no-unit-test [default] OPENSSL_NO_UNIT_TEST (skip dir)
| no-weak-ssl-ciphers [default] OPENSSL_NO_WEAK_SSL_CIPHERS (skip dir)
| no-zlib [default]
| no-zlib-dynamic [default]
| IsMK1MF=0
| WARNING: exit code 2 from a shell command.
|

As far as I can understand, the opensslv.h file is generated just at
the configuration stage, why does the configuration stage give an
error of the absence of this file?



Re: downgrade openssl libraryes

Alexander Kanavin
 

openssl 1.0.2 went out of support at the end of 2019 and you should not be using it. What is the problem you need to solve?

Alex


On Mon, 30 Aug 2021 at 15:33, Ivan Riabtsov <ivriabtsov@...> wrote:
hello i am trying to rollback openssl version from 1.1.1i to 1.0.2j.
Copied the recipe openssl_1.1.1i.bb to openssl_1.0.2j.bb, saved the
openssl_1.1.1i.bb version with the name openssl_1.1.1i.bb.backup

Отредактировал новый файл, вот разница в файлах:

diff -Nau ./openssl_1.1.1i.bb.backup ./openssl_1.0.2j.bb
--- ./openssl_1.1.1i.bb.backup 2021-08-27 14:46:07.085808702 +0300
+++ ./openssl_1.0.2j.bb 2021-08-27 16:12:14.216430734 +0300
@@ -7,23 +7,19 @@
 # "openssl" here actually means both OpenSSL and SSLeay licenses apply
 # (see meta/files/common-licenses/OpenSSL to which "openssl" is
SPDXLICENSEMAPped)
 LICENSE = "openssl"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=d343e62fc9c833710bbbed25f27364c8"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6"

 DEPENDS = "hostperl-runtime-native"

 SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
            file://run-ptest \
-           file://0001-skip-test_symbol_presence.patch \
-           file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
\
-           file://afalg.patch \
-           file://reproducible.patch \
            "

 SRC_URI_append_class-nativesdk = " \
            file://environment.d-openssl.sh \
            "

-SRC_URI[sha256sum] =
"e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242"
+SRC_URI[sha256sum] =
"e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431"

 inherit lib_package multilib_header multilib_script ptest
 MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
@@ -122,7 +118,7 @@
  # WARNING: do not set compiler/linker flags (-I/-D etc.) in
EXTRA_OECONF, as they will fully replace the
  # environment variables set by bitbake. Adjust the environment
variables instead.
  HASHBANGPERL="/usr/bin/env perl" PERL=perl
PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \
- perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS}
--prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir}
$target
+ perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS}
--prefix=$useprefix --openssldir=${libdir}/ssl-1.0 --libdir=${libdir}
$target
  perl ${B}/configdata.pm --dump
 }

@@ -134,30 +130,30 @@
  # Create SSL structure for packages such as ca-certificates which
  # contain hard-coded paths to /etc/ssl. Debian does the same.
  install -d ${D}${sysconfdir}/ssl
- mv ${D}${libdir}/ssl-1.1/certs \
-    ${D}${libdir}/ssl-1.1/private \
-    ${D}${libdir}/ssl-1.1/openssl.cnf \
+ mv ${D}${libdir}/ssl-1.0/certs \
+    ${D}${libdir}/ssl-1.0/private \
+    ${D}${libdir}/ssl-1.0/openssl.cnf \
     ${D}${sysconfdir}/ssl/

  # Although absolute symlinks would be OK for the target, they become
  # invalid if native or nativesdk are relocated from sstate.
- ln -sf ${@oe.path.relative('${libdir}/ssl-1.1',
'${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-1.1/certs
- ln -sf ${@oe.path.relative('${libdir}/ssl-1.1',
'${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-1.1/private
- ln -sf ${@oe.path.relative('${libdir}/ssl-1.1',
'${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-1.1/openssl.cnf
+ ln -sf ${@oe.path.relative('${libdir}/ssl-1.0',
'${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-1.0/certs
+ ln -sf ${@oe.path.relative('${libdir}/ssl-1.0',
'${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-1.0/private
+ ln -sf ${@oe.path.relative('${libdir}/ssl-1.0',
'${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-1.0/openssl.cnf
 }

 do_install_append_class-native () {
  create_wrapper ${D}${bindir}/openssl \
-     OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \
-     SSL_CERT_DIR=${libdir}/ssl-1.1/certs \
-     SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \
-     OPENSSL_ENGINES=${libdir}/engines-1.1
+     OPENSSL_CONF=${libdir}/ssl-1.0/openssl.cnf \
+     SSL_CERT_DIR=${libdir}/ssl-1.0/certs \
+     SSL_CERT_FILE=${libdir}/ssl-1.0/cert.pem \
+     OPENSSL_ENGINES=${libdir}/engines-1.0
 }

 do_install_append_class-nativesdk () {
  mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
  install -m 644 ${WORKDIR}/environment.d-openssl.sh
${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
- sed 's|/usr/lib/ssl/|/usr/lib/ssl-1.1/|g' -i
${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
+ sed 's|/usr/lib/ssl/|/usr/lib/ssl-1.0/|g' -i
${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
 }

 PTEST_BUILD_HOST_FILES += "configdata.pm"
@@ -170,8 +166,8 @@
  cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util
${B}/util ${D}${PTEST_PATH}

  # For test_shlibload
- ln -s ${libdir}/libcrypto.so.1.1 ${D}${PTEST_PATH}/
- ln -s ${libdir}/libssl.so.1.1 ${D}${PTEST_PATH}/
+ ln -s ${libdir}/libcrypto.so.1.0 ${D}${PTEST_PATH}/
+ ln -s ${libdir}/libssl.so.1.0 ${D}${PTEST_PATH}/

  install -d ${D}${PTEST_PATH}/apps
  ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps
@@ -192,11 +188,11 @@
 FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
 FILES_libssl = "${libdir}/libssl${SOLIBS}"
 FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf \
-                      ${libdir}/ssl-1.1/openssl.cnf* \
+                      ${libdir}/ssl-1.0/openssl.cnf* \
                       "
-FILES_${PN}-engines = "${libdir}/engines-1.1"
-FILES_${PN}-misc = "${libdir}/ssl-1.1/misc"
-FILES_${PN} =+ "${libdir}/ssl-1.1/*"
+FILES_${PN}-engines = "${libdir}/engines-1.0"
+FILES_${PN}-misc = "${libdir}/ssl-1.0/misc"
+FILES_${PN} =+ "${libdir}/ssl-1.0/*"
 FILES_${PN}_append_class-nativesdk = "
${SDKPATHNATIVE}/environment-setup.d/openssl.sh"

 CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"


вот новый получившийся файл:


cat openssl_1.0.2j.bb
SUMMARY = "Secure Socket Layer"
DESCRIPTION = "Secure Socket Layer (SSL) binary and related
cryptographic tools."
HOMEPAGE = "http://www.openssl.org/"
BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
SECTION = "libs/network"

# "openssl" here actually means both OpenSSL and SSLeay licenses apply
# (see meta/files/common-licenses/OpenSSL to which "openssl" is
SPDXLICENSEMAPped)
LICENSE = "openssl"
LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6"

DEPENDS = "hostperl-runtime-native"

SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
           file://run-ptest \
           "

SRC_URI_append_class-nativesdk = " \
           file://environment.d-openssl.sh \
           "

SRC_URI[sha256sum] =
"e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431"

inherit lib_package multilib_header multilib_script ptest
MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"

PACKAGECONFIG ?= ""
PACKAGECONFIG_class-native = ""
PACKAGECONFIG_class-nativesdk = ""

PACKAGECONFIG[cryptodev-linux] =
"enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module"

B = "${WORKDIR}/build"
do_configure[cleandirs] = "${B}"

#| ./libcrypto.so: undefined reference to `getcontext'
#| ./libcrypto.so: undefined reference to `setcontext'
#| ./libcrypto.so: undefined reference to `makecontext'
EXTRA_OECONF_append_libc-musl = " no-async"
EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm"

# adding devrandom prevents openssl from using getrandom() which is
not available on older glibc versions
# (native versions can be built with newer glibc, but then relocated
onto a system with older glibc)
EXTRA_OECONF_class-native = "--with-rand-seed=os,devrandom"
EXTRA_OECONF_class-nativesdk = "--with-rand-seed=os,devrandom"

# Relying on hardcoded built-in paths causes openssl-native to not be
relocateable from sstate.
CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin
-DENGINESDIR=/not/builtin"
CFLAGS_append_class-nativesdk = " -DOPENSSLDIR=/not/builtin
-DENGINESDIR=/not/builtin"

do_configure () {
os=${HOST_OS}
case $os in
linux-gnueabi |\
linux-gnuspe |\
linux-musleabi |\
linux-muslspe |\
linux-musl )
os=linux
;;
*)
;;
esac
target="$os-${HOST_ARCH}"
case $target in
linux-arm*)
target=linux-armv4
;;
linux-aarch64*)
target=linux-aarch64
;;
linux-i?86 | linux-viac3)
target=linux-x86
;;
linux-gnux32-x86_64 | linux-muslx32-x86_64 )
target=linux-x32
;;
linux-gnu64-x86_64)
target=linux-x86_64
;;
linux-mips | linux-mipsel)
# specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding
target architecture flags
target="linux-mips32 ${TARGET_CC_ARCH}"
;;
linux-gnun32-mips*)
target=linux-mips64
;;
linux-*-mips64 | linux-mips64 | linux-*-mips64el | linux-mips64el)
target=linux64-mips64
;;
linux-microblaze* | linux-nios2* | linux-sh3 | linux-sh4 | linux-arc*)
target=linux-generic32
;;
linux-powerpc)
target=linux-ppc
;;
linux-powerpc64)
target=linux-ppc64
;;
linux-powerpc64le)
target=linux-ppc64le
;;
linux-riscv32)
target=linux-generic32
;;
linux-riscv64)
target=linux-generic64
;;
linux-sparc | linux-supersparc)
target=linux-sparcv9
;;
esac

useprefix=${prefix}
if [ "x$useprefix" = "x" ]; then
useprefix=/
fi
# WARNING: do not set compiler/linker flags (-I/-D etc.) in
EXTRA_OECONF, as they will fully replace the
# environment variables set by bitbake. Adjust the environment
variables instead.
HASHBANGPERL="/usr/bin/env perl" PERL=perl
PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \
perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS}
--prefix=$useprefix --openssldir=${libdir}/ssl-1.0 --libdir=${libdir}
$target
perl ${B}/configdata.pm --dump
}

do_install () {
oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install

oe_multilib_header openssl/opensslconf.h

# Create SSL structure for packages such as ca-certificates which
# contain hard-coded paths to /etc/ssl. Debian does the same.
install -d ${D}${sysconfdir}/ssl
mv ${D}${libdir}/ssl-1.0/certs \
   ${D}${libdir}/ssl-1.0/private \
   ${D}${libdir}/ssl-1.0/openssl.cnf \
   ${D}${sysconfdir}/ssl/

# Although absolute symlinks would be OK for the target, they become
# invalid if native or nativesdk are relocated from sstate.
ln -sf ${@oe.path.relative('${libdir}/ssl-1.0',
'${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-1.0/certs
ln -sf ${@oe.path.relative('${libdir}/ssl-1.0',
'${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-1.0/private
ln -sf ${@oe.path.relative('${libdir}/ssl-1.0',
'${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-1.0/openssl.cnf
}

do_install_append_class-native () {
create_wrapper ${D}${bindir}/openssl \
    OPENSSL_CONF=${libdir}/ssl-1.0/openssl.cnf \
    SSL_CERT_DIR=${libdir}/ssl-1.0/certs \
    SSL_CERT_FILE=${libdir}/ssl-1.0/cert.pem \
    OPENSSL_ENGINES=${libdir}/engines-1.0
}

do_install_append_class-nativesdk () {
mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
install -m 644 ${WORKDIR}/environment.d-openssl.sh
${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
sed 's|/usr/lib/ssl/|/usr/lib/ssl-1.0/|g' -i
${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
}

PTEST_BUILD_HOST_FILES += "configdata.pm"
PTEST_BUILD_HOST_PATTERN = "perl_version ="
do_install_ptest () {
# Prune the build tree
rm -f ${B}/fuzz/*.* ${B}/test/*.*

cp ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH}
cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util
${D}${PTEST_PATH}

# For test_shlibload
ln -s ${libdir}/libcrypto.so.1.0 ${D}${PTEST_PATH}/
ln -s ${libdir}/libssl.so.1.0 ${D}${PTEST_PATH}/

install -d ${D}${PTEST_PATH}/apps
ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps
install -m644 ${S}/apps/*.pem ${S}/apps/*.srl ${S}/apps/openssl.cnf
${D}${PTEST_PATH}/apps
install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps

install -d ${D}${PTEST_PATH}/engines
install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines
}

# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
# package RRECOMMENDS on this package. This will enable the configuration
# file to be installed for both the openssl-bin package and the libcrypto
# package since the openssl-bin package depends on the libcrypto package.

PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc"

FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
FILES_libssl = "${libdir}/libssl${SOLIBS}"
FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf \
                      ${libdir}/ssl-1.0/openssl.cnf* \
                      "
FILES_${PN}-engines = "${libdir}/engines-1.0"
FILES_${PN}-misc = "${libdir}/ssl-1.0/misc"
FILES_${PN} =+ "${libdir}/ssl-1.0/*"
FILES_${PN}_append_class-nativesdk = "
${SDKPATHNATIVE}/environment-setup.d/openssl.sh"

CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"

RRECOMMENDS_libcrypto += "openssl-conf"
RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash"

RDEPENDS_${PN}-bin += "openssl-conf"

BBCLASSEXTEND = "native nativesdk"

CVE_PRODUCT = "openssl:openssl"

# Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37
# Apache in meta-webserver is already recent enough
CVE_CHECK_WHITELIST += "CVE-2019-0190"


I understand that I need to figure out the configs yourself, but I get
this error when executing the

bitbake openssl-native

ERROR: Execution of
'/home/ivr/work/yocto_orig/build/tmp/work/x86_64-linux/openssl-native/1.0.2j-r0/temp/run.do_configure.1071458'
failed with exit code 2:
| unable to read opensslv.h:No such file or directory
| Configuring for linux-x86_64
|     no-devcryptoeng [option]   OPENSSL_NO_DEVCRYPTOENG (skip dir)
|     no-ec_nistp_64_gcc_128 [default]  OPENSSL_NO_EC_NISTP_64_GCC_128
(skip dir)
|     no-gmp          [default]  OPENSSL_NO_GMP (skip dir)
|     no-jpake        [experimental] OPENSSL_NO_JPAKE (skip dir)
|     no-krb5         [krb5-flavor not specified] OPENSSL_NO_KRB5
|     no-libunbound   [experimental] OPENSSL_NO_LIBUNBOUND (skip dir)
|     no-md2          [default]  OPENSSL_NO_MD2 (skip dir)
|     no-rc5          [default]  OPENSSL_NO_RC5 (skip dir)
|     no-rfc3779      [default]  OPENSSL_NO_RFC3779 (skip dir)
|     no-sctp         [default]  OPENSSL_NO_SCTP (skip dir)
|     no-shared       [default]
|     no-ssl-trace    [default]  OPENSSL_NO_SSL_TRACE (skip dir)
|     no-ssl2         [default]  OPENSSL_NO_SSL2 (skip dir)
|     no-store        [experimental] OPENSSL_NO_STORE (skip dir)
|     no-unit-test    [default]  OPENSSL_NO_UNIT_TEST (skip dir)
|     no-weak-ssl-ciphers [default]  OPENSSL_NO_WEAK_SSL_CIPHERS (skip dir)
|     no-zlib         [default]
|     no-zlib-dynamic [default]
| IsMK1MF=0
| WARNING: exit code 2 from a shell command.
|

As far as I can understand, the opensslv.h file is generated just at
the configuration stage, why does the configuration stage give an
error of the absence of this file?




downgrade openssl libraryes

Ivan Riabtsov <ivriabtsov@...>
 

hello i am trying to rollback openssl version from 1.1.1i to 1.0.2j.
Copied the recipe openssl_1.1.1i.bb to openssl_1.0.2j.bb, saved the
openssl_1.1.1i.bb version with the name openssl_1.1.1i.bb.backup

Отредактировал новый файл, вот разница в файлах:

diff -Nau ./openssl_1.1.1i.bb.backup ./openssl_1.0.2j.bb
--- ./openssl_1.1.1i.bb.backup 2021-08-27 14:46:07.085808702 +0300
+++ ./openssl_1.0.2j.bb 2021-08-27 16:12:14.216430734 +0300
@@ -7,23 +7,19 @@
# "openssl" here actually means both OpenSSL and SSLeay licenses apply
# (see meta/files/common-licenses/OpenSSL to which "openssl" is
SPDXLICENSEMAPped)
LICENSE = "openssl"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=d343e62fc9c833710bbbed25f27364c8"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6"

DEPENDS = "hostperl-runtime-native"

SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
file://run-ptest \
- file://0001-skip-test_symbol_presence.patch \
- file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
\
- file://afalg.patch \
- file://reproducible.patch \
"

SRC_URI_append_class-nativesdk = " \
file://environment.d-openssl.sh \
"

-SRC_URI[sha256sum] =
"e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242"
+SRC_URI[sha256sum] =
"e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431"

inherit lib_package multilib_header multilib_script ptest
MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
@@ -122,7 +118,7 @@
# WARNING: do not set compiler/linker flags (-I/-D etc.) in
EXTRA_OECONF, as they will fully replace the
# environment variables set by bitbake. Adjust the environment
variables instead.
HASHBANGPERL="/usr/bin/env perl" PERL=perl
PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \
- perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS}
--prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir}
$target
+ perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS}
--prefix=$useprefix --openssldir=${libdir}/ssl-1.0 --libdir=${libdir}
$target
perl ${B}/configdata.pm --dump
}

@@ -134,30 +130,30 @@
# Create SSL structure for packages such as ca-certificates which
# contain hard-coded paths to /etc/ssl. Debian does the same.
install -d ${D}${sysconfdir}/ssl
- mv ${D}${libdir}/ssl-1.1/certs \
- ${D}${libdir}/ssl-1.1/private \
- ${D}${libdir}/ssl-1.1/openssl.cnf \
+ mv ${D}${libdir}/ssl-1.0/certs \
+ ${D}${libdir}/ssl-1.0/private \
+ ${D}${libdir}/ssl-1.0/openssl.cnf \
${D}${sysconfdir}/ssl/

# Although absolute symlinks would be OK for the target, they become
# invalid if native or nativesdk are relocated from sstate.
- ln -sf ${@oe.path.relative('${libdir}/ssl-1.1',
'${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-1.1/certs
- ln -sf ${@oe.path.relative('${libdir}/ssl-1.1',
'${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-1.1/private
- ln -sf ${@oe.path.relative('${libdir}/ssl-1.1',
'${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-1.1/openssl.cnf
+ ln -sf ${@oe.path.relative('${libdir}/ssl-1.0',
'${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-1.0/certs
+ ln -sf ${@oe.path.relative('${libdir}/ssl-1.0',
'${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-1.0/private
+ ln -sf ${@oe.path.relative('${libdir}/ssl-1.0',
'${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-1.0/openssl.cnf
}

do_install_append_class-native () {
create_wrapper ${D}${bindir}/openssl \
- OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \
- SSL_CERT_DIR=${libdir}/ssl-1.1/certs \
- SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \
- OPENSSL_ENGINES=${libdir}/engines-1.1
+ OPENSSL_CONF=${libdir}/ssl-1.0/openssl.cnf \
+ SSL_CERT_DIR=${libdir}/ssl-1.0/certs \
+ SSL_CERT_FILE=${libdir}/ssl-1.0/cert.pem \
+ OPENSSL_ENGINES=${libdir}/engines-1.0
}

do_install_append_class-nativesdk () {
mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
install -m 644 ${WORKDIR}/environment.d-openssl.sh
${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
- sed 's|/usr/lib/ssl/|/usr/lib/ssl-1.1/|g' -i
${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
+ sed 's|/usr/lib/ssl/|/usr/lib/ssl-1.0/|g' -i
${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
}

PTEST_BUILD_HOST_FILES += "configdata.pm"
@@ -170,8 +166,8 @@
cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util
${B}/util ${D}${PTEST_PATH}

# For test_shlibload
- ln -s ${libdir}/libcrypto.so.1.1 ${D}${PTEST_PATH}/
- ln -s ${libdir}/libssl.so.1.1 ${D}${PTEST_PATH}/
+ ln -s ${libdir}/libcrypto.so.1.0 ${D}${PTEST_PATH}/
+ ln -s ${libdir}/libssl.so.1.0 ${D}${PTEST_PATH}/

install -d ${D}${PTEST_PATH}/apps
ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps
@@ -192,11 +188,11 @@
FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
FILES_libssl = "${libdir}/libssl${SOLIBS}"
FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf \
- ${libdir}/ssl-1.1/openssl.cnf* \
+ ${libdir}/ssl-1.0/openssl.cnf* \
"
-FILES_${PN}-engines = "${libdir}/engines-1.1"
-FILES_${PN}-misc = "${libdir}/ssl-1.1/misc"
-FILES_${PN} =+ "${libdir}/ssl-1.1/*"
+FILES_${PN}-engines = "${libdir}/engines-1.0"
+FILES_${PN}-misc = "${libdir}/ssl-1.0/misc"
+FILES_${PN} =+ "${libdir}/ssl-1.0/*"
FILES_${PN}_append_class-nativesdk = "
${SDKPATHNATIVE}/environment-setup.d/openssl.sh"

CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"


вот новый получившийся файл:


cat openssl_1.0.2j.bb
SUMMARY = "Secure Socket Layer"
DESCRIPTION = "Secure Socket Layer (SSL) binary and related
cryptographic tools."
HOMEPAGE = "http://www.openssl.org/"
BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
SECTION = "libs/network"

# "openssl" here actually means both OpenSSL and SSLeay licenses apply
# (see meta/files/common-licenses/OpenSSL to which "openssl" is
SPDXLICENSEMAPped)
LICENSE = "openssl"
LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6"

DEPENDS = "hostperl-runtime-native"

SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
file://run-ptest \
"

SRC_URI_append_class-nativesdk = " \
file://environment.d-openssl.sh \
"

SRC_URI[sha256sum] =
"e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431"

inherit lib_package multilib_header multilib_script ptest
MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"

PACKAGECONFIG ?= ""
PACKAGECONFIG_class-native = ""
PACKAGECONFIG_class-nativesdk = ""

PACKAGECONFIG[cryptodev-linux] =
"enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module"

B = "${WORKDIR}/build"
do_configure[cleandirs] = "${B}"

#| ./libcrypto.so: undefined reference to `getcontext'
#| ./libcrypto.so: undefined reference to `setcontext'
#| ./libcrypto.so: undefined reference to `makecontext'
EXTRA_OECONF_append_libc-musl = " no-async"
EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm"

# adding devrandom prevents openssl from using getrandom() which is
not available on older glibc versions
# (native versions can be built with newer glibc, but then relocated
onto a system with older glibc)
EXTRA_OECONF_class-native = "--with-rand-seed=os,devrandom"
EXTRA_OECONF_class-nativesdk = "--with-rand-seed=os,devrandom"

# Relying on hardcoded built-in paths causes openssl-native to not be
relocateable from sstate.
CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin
-DENGINESDIR=/not/builtin"
CFLAGS_append_class-nativesdk = " -DOPENSSLDIR=/not/builtin
-DENGINESDIR=/not/builtin"

do_configure () {
os=${HOST_OS}
case $os in
linux-gnueabi |\
linux-gnuspe |\
linux-musleabi |\
linux-muslspe |\
linux-musl )
os=linux
;;
*)
;;
esac
target="$os-${HOST_ARCH}"
case $target in
linux-arm*)
target=linux-armv4
;;
linux-aarch64*)
target=linux-aarch64
;;
linux-i?86 | linux-viac3)
target=linux-x86
;;
linux-gnux32-x86_64 | linux-muslx32-x86_64 )
target=linux-x32
;;
linux-gnu64-x86_64)
target=linux-x86_64
;;
linux-mips | linux-mipsel)
# specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding
target architecture flags
target="linux-mips32 ${TARGET_CC_ARCH}"
;;
linux-gnun32-mips*)
target=linux-mips64
;;
linux-*-mips64 | linux-mips64 | linux-*-mips64el | linux-mips64el)
target=linux64-mips64
;;
linux-microblaze* | linux-nios2* | linux-sh3 | linux-sh4 | linux-arc*)
target=linux-generic32
;;
linux-powerpc)
target=linux-ppc
;;
linux-powerpc64)
target=linux-ppc64
;;
linux-powerpc64le)
target=linux-ppc64le
;;
linux-riscv32)
target=linux-generic32
;;
linux-riscv64)
target=linux-generic64
;;
linux-sparc | linux-supersparc)
target=linux-sparcv9
;;
esac

useprefix=${prefix}
if [ "x$useprefix" = "x" ]; then
useprefix=/
fi
# WARNING: do not set compiler/linker flags (-I/-D etc.) in
EXTRA_OECONF, as they will fully replace the
# environment variables set by bitbake. Adjust the environment
variables instead.
HASHBANGPERL="/usr/bin/env perl" PERL=perl
PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \
perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS}
--prefix=$useprefix --openssldir=${libdir}/ssl-1.0 --libdir=${libdir}
$target
perl ${B}/configdata.pm --dump
}

do_install () {
oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install

oe_multilib_header openssl/opensslconf.h

# Create SSL structure for packages such as ca-certificates which
# contain hard-coded paths to /etc/ssl. Debian does the same.
install -d ${D}${sysconfdir}/ssl
mv ${D}${libdir}/ssl-1.0/certs \
${D}${libdir}/ssl-1.0/private \
${D}${libdir}/ssl-1.0/openssl.cnf \
${D}${sysconfdir}/ssl/

# Although absolute symlinks would be OK for the target, they become
# invalid if native or nativesdk are relocated from sstate.
ln -sf ${@oe.path.relative('${libdir}/ssl-1.0',
'${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-1.0/certs
ln -sf ${@oe.path.relative('${libdir}/ssl-1.0',
'${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-1.0/private
ln -sf ${@oe.path.relative('${libdir}/ssl-1.0',
'${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-1.0/openssl.cnf
}

do_install_append_class-native () {
create_wrapper ${D}${bindir}/openssl \
OPENSSL_CONF=${libdir}/ssl-1.0/openssl.cnf \
SSL_CERT_DIR=${libdir}/ssl-1.0/certs \
SSL_CERT_FILE=${libdir}/ssl-1.0/cert.pem \
OPENSSL_ENGINES=${libdir}/engines-1.0
}

do_install_append_class-nativesdk () {
mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
install -m 644 ${WORKDIR}/environment.d-openssl.sh
${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
sed 's|/usr/lib/ssl/|/usr/lib/ssl-1.0/|g' -i
${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
}

PTEST_BUILD_HOST_FILES += "configdata.pm"
PTEST_BUILD_HOST_PATTERN = "perl_version ="
do_install_ptest () {
# Prune the build tree
rm -f ${B}/fuzz/*.* ${B}/test/*.*

cp ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH}
cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util
${D}${PTEST_PATH}

# For test_shlibload
ln -s ${libdir}/libcrypto.so.1.0 ${D}${PTEST_PATH}/
ln -s ${libdir}/libssl.so.1.0 ${D}${PTEST_PATH}/

install -d ${D}${PTEST_PATH}/apps
ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps
install -m644 ${S}/apps/*.pem ${S}/apps/*.srl ${S}/apps/openssl.cnf
${D}${PTEST_PATH}/apps
install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps

install -d ${D}${PTEST_PATH}/engines
install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines
}

# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
# package RRECOMMENDS on this package. This will enable the configuration
# file to be installed for both the openssl-bin package and the libcrypto
# package since the openssl-bin package depends on the libcrypto package.

PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc"

FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
FILES_libssl = "${libdir}/libssl${SOLIBS}"
FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf \
${libdir}/ssl-1.0/openssl.cnf* \
"
FILES_${PN}-engines = "${libdir}/engines-1.0"
FILES_${PN}-misc = "${libdir}/ssl-1.0/misc"
FILES_${PN} =+ "${libdir}/ssl-1.0/*"
FILES_${PN}_append_class-nativesdk = "
${SDKPATHNATIVE}/environment-setup.d/openssl.sh"

CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"

RRECOMMENDS_libcrypto += "openssl-conf"
RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash"

RDEPENDS_${PN}-bin += "openssl-conf"

BBCLASSEXTEND = "native nativesdk"

CVE_PRODUCT = "openssl:openssl"

# Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37
# Apache in meta-webserver is already recent enough
CVE_CHECK_WHITELIST += "CVE-2019-0190"


I understand that I need to figure out the configs yourself, but I get
this error when executing the

bitbake openssl-native

ERROR: Execution of
'/home/ivr/work/yocto_orig/build/tmp/work/x86_64-linux/openssl-native/1.0.2j-r0/temp/run.do_configure.1071458'
failed with exit code 2:
| unable to read opensslv.h:No such file or directory
| Configuring for linux-x86_64
| no-devcryptoeng [option] OPENSSL_NO_DEVCRYPTOENG (skip dir)
| no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128
(skip dir)
| no-gmp [default] OPENSSL_NO_GMP (skip dir)
| no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir)
| no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5
| no-libunbound [experimental] OPENSSL_NO_LIBUNBOUND (skip dir)
| no-md2 [default] OPENSSL_NO_MD2 (skip dir)
| no-rc5 [default] OPENSSL_NO_RC5 (skip dir)
| no-rfc3779 [default] OPENSSL_NO_RFC3779 (skip dir)
| no-sctp [default] OPENSSL_NO_SCTP (skip dir)
| no-shared [default]
| no-ssl-trace [default] OPENSSL_NO_SSL_TRACE (skip dir)
| no-ssl2 [default] OPENSSL_NO_SSL2 (skip dir)
| no-store [experimental] OPENSSL_NO_STORE (skip dir)
| no-unit-test [default] OPENSSL_NO_UNIT_TEST (skip dir)
| no-weak-ssl-ciphers [default] OPENSSL_NO_WEAK_SSL_CIPHERS (skip dir)
| no-zlib [default]
| no-zlib-dynamic [default]
| IsMK1MF=0
| WARNING: exit code 2 from a shell command.
|

As far as I can understand, the opensslv.h file is generated just at
the configuration stage, why does the configuration stage give an
error of the absence of this file?


extrausers-bbclass: plaintext password (since shadow update to 4.9)

Matthias Klein
 

Hello,

I am trying to find a working alternative for the old -P option.

Previous:
EXTRA_USERS_PARAMS = "usermod -P toor root;"

The suggestions from this thread don't seem to work: https://lists.openembedded.org/g/openembedded-core/topic/84548199

Current:
hash="$(python3 -c "import crypt; print(crypt.crypt('toor', crypt.METHOD_SHA512))")"
EXTRA_USERS_PARAMS = "usermod -p ${hash} root;"

The hashed password does not seem to be escaped properly in the extrausers-bbclass. The password in the shadow file is missing $ characters.

Is there a way (with the current master branch) to define a password?

Many greetings,
Matthias


Re: kcrash package compile issue

Zoran
 

That means that kwindowsystem did not install all necessary bits.
Oh, I see... It has everything to do with Xwindows systems in X11
Client/Server domain.

kwindoes => KDE desktop.

Apology for the confusion!

Zee
_______



On Mon, Aug 30, 2021 at 2:19 PM Andreas Müller <schnitzeltony@...> wrote:

On Mon, Aug 30, 2021 at 6:46 AM Zoran <zoran.stojsavljevic@...> wrote:

CMake Error in src/CMakeLists.txt:

Imported target "KF5::WindowSystem" includes non-existent path
You somehow mixed Windows and Linux Cmake build systems. Not sure how...

Solution 1: fix on the fly current problem:
You should inspect the file: src/CMakeLists.txt and try to fix Windows
paths to match Linux paths.

Solution 2: delete the current Cmake setup and execute it from scratch:
Error should not happen, since you need to delete the Cmake setup and
do the whole thing from scratch.
1) configure <<===== This step causes you problems!
2) make
3) make install

Zee
_______


On Mon, Aug 30, 2021 at 6:10 AM sateesh m <sateesh0457@...> wrote:

Hi Team,

I am trying to build kcrash package. I got below error.Can anybody know how to fix this please guide me.

ERROR: kcrash-5.85.0-r0 do_configure: Execution of '/home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/temp/run.do_configure.12650' failed with exit code 1:

-- The C compiler identification is GNU 10.2.0

-- The CXX compiler identification is GNU 10.2.0

-- Detecting C compiler ABI info

-- Detecting C compiler ABI info - done

-- Check for working C compiler: /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot-native/usr/bin/riscv64-oe-linux/riscv64-oe-linux-gcc - skipped

-- Detecting C compile features

-- Detecting C compile features - done

-- Detecting CXX compiler ABI info

-- Detecting CXX compiler ABI info - done

-- Check for working CXX compiler: /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot-native/usr/bin/riscv64-oe-linux/riscv64-oe-linux-g++ - skipped

-- Detecting CXX compile features

-- Detecting CXX compile features - done

--



Installing in /usr. Run /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/build/prefix.sh to set the environment for KCrash.

-- Looking for __GLIBC__

-- Looking for __GLIBC__ - found

-- Performing Test _OFFT_IS_64BIT

-- Performing Test _OFFT_IS_64BIT - Success

-- Performing Test HAVE_DATE_TIME

-- Performing Test HAVE_DATE_TIME - Success

-- Performing Test BSYMBOLICFUNCTIONS_AVAILABLE

-- Performing Test BSYMBOLICFUNCTIONS_AVAILABLE - Success

fatal: not a git repository (or any of the parent directories): .git

-- Found X11: /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot/usr/include

-- Looking for XOpenDisplay in /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot/usr/lib/libX11.so;/home/sateesh/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot/usr/lib/libXext.so

-- Looking for XOpenDisplay in /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot/usr/lib/libX11.so;/home/sateesh/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot/usr/lib/libXext.so - found

-- Looking for gethostbyname

-- Looking for gethostbyname - found

-- Looking for connect

-- Looking for connect - found

-- Looking for remove

-- Looking for remove - found

-- Looking for shmat

-- Looking for shmat - found

-- Looking for IceConnectionNumber in ICE

-- Looking for IceConnectionNumber in ICE - found

-- Performing Test COMPILER_HAS_HIDDEN_VISIBILITY

-- Performing Test COMPILER_HAS_HIDDEN_VISIBILITY - Success

-- Performing Test COMPILER_HAS_HIDDEN_INLINE_VISIBILITY

-- Performing Test COMPILER_HAS_HIDDEN_INLINE_VISIBILITY - Success

-- Performing Test COMPILER_HAS_DEPRECATED_ATTR

-- Performing Test COMPILER_HAS_DEPRECATED_ATTR - Success

-- The following features have been enabled:



* Core Pattern Raising, Raising signals to kernel core patterns (iff the pattern is a process). You may wish to not install drkonqi if this can cause a UI conflict.



-- The following OPTIONAL packages have been found:



* X11



-- The following REQUIRED packages have been found:



* ECM (required version >= 5.85.0), Extra CMake Modules., <https://commits.kde.org/extra-cmake-modules>

* Qt5 (required version >= 5.15.0)

* Qt5Core (required version >= 5.15.0)

* KF5CoreAddons (required version >= 5.85.0)

* Qt5Gui (required version >= 5.15.0)

* KF5WindowSystem (required version >= 5.85.0)

* Qt5X11Extras (required version >= 5.15.0)



-- The following features have been disabled:



* QCH, API documentation in QCH format (for e.g. Qt Assistant, Qt Creator & KDevelop)



-- Configuring done

CMake Error in src/CMakeLists.txt:

Imported target "KF5::WindowSystem" includes non-existent path



"/home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kwindowsystem/5.85.0-r0/recipe-sysroot/usr/include"



in its INTERFACE_INCLUDE_DIRECTORIES. Possible reasons include:



* The path was deleted, renamed, or moved to another location.



* An install or uninstall procedure did not complete successfully.



* The installation package was faulty and references files it does not

provide.







CMake Error in src/CMakeLists.txt:

Imported target "KF5::WindowSystem" includes non-existent path



"/home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kwindowsystem/5.85.0-r0/recipe-sysroot/usr/include"



in its INTERFACE_INCLUDE_DIRECTORIES. Possible reasons include:



* The path was deleted, renamed, or moved to another location.



* An install or uninstall procedure did not complete successfully.



* The installation package was faulty and references files it does not

provide.







-- Generating done

CMake Warning:

Manually-specified variables were not used by the project:



BUILD_DESIGNERPLUGIN

LIB_SUFFIX

OE_KF5_PATH_HOST_ROOT

OE_QMAKE_PATH_ARCHDATA

OE_QMAKE_PATH_BINS

OE_QMAKE_PATH_DATA

OE_QMAKE_PATH_DOCS

OE_QMAKE_PATH_EXAMPLES

OE_QMAKE_PATH_HEADERS

OE_QMAKE_PATH_HOST_BINS

OE_QMAKE_PATH_HOST_DATA

OE_QMAKE_PATH_HOST_LIBS

OE_QMAKE_PATH_HOST_PREFIX

OE_QMAKE_PATH_LIBEXECS

OE_QMAKE_PATH_LIBS

OE_QMAKE_PATH_PLUGINS

OE_QMAKE_PATH_PREFIX

OE_QMAKE_PATH_QML

OE_QMAKE_PATH_QT_ARCHDATA

OE_QMAKE_PATH_QT_BINS

OE_QMAKE_PATH_QT_DATA

OE_QMAKE_PATH_QT_DOCS

OE_QMAKE_PATH_QT_EXAMPLES

OE_QMAKE_PATH_QT_HEADERS

OE_QMAKE_PATH_QT_SETTINGS

OE_QMAKE_PATH_QT_TESTS

OE_QMAKE_PATH_QT_TRANSLATIONS

OE_QMAKE_PATH_SETTINGS

OE_QMAKE_PATH_TESTS

OE_QMAKE_PATH_TRANSLATIONS

PYTHON_EXECUTABLE

Python3_EXECUTABLE

Python_EXECUTABLE





CMake Generate step failed. Build files cannot be regenerated correctly.

WARNING: exit code 1 from a shell command.



ERROR: Logfile of failure stored in: /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/temp/log.do_configure.12650

--
1. From version 5.85 I assume you use meta-qt5-extra (not meta-kf5) - right?
2. the important part of the log is:

| CMake Error in src/CMakeLists.txt:
| Imported target "KF5::WindowSystem" includes non-existent path
| "/home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kwindowsystem/5.85.0-r0/recipe-sysroot/usr/include"

That means that kwindowsystem did not install all necessary bits. Do
you have x11 in your DISTRO_FEATURES? If not you should add that.

Hope that helps

Andreas


Re: kcrash package compile issue

Andreas Müller
 

On Mon, Aug 30, 2021 at 6:46 AM Zoran <zoran.stojsavljevic@...> wrote:

CMake Error in src/CMakeLists.txt:

Imported target "KF5::WindowSystem" includes non-existent path
You somehow mixed Windows and Linux Cmake build systems. Not sure how...

Solution 1: fix on the fly current problem:
You should inspect the file: src/CMakeLists.txt and try to fix Windows
paths to match Linux paths.

Solution 2: delete the current Cmake setup and execute it from scratch:
Error should not happen, since you need to delete the Cmake setup and
do the whole thing from scratch.
1) configure <<===== This step causes you problems!
2) make
3) make install

Zee
_______


On Mon, Aug 30, 2021 at 6:10 AM sateesh m <sateesh0457@...> wrote:

Hi Team,

I am trying to build kcrash package. I got below error.Can anybody know how to fix this please guide me.

ERROR: kcrash-5.85.0-r0 do_configure: Execution of '/home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/temp/run.do_configure.12650' failed with exit code 1:

-- The C compiler identification is GNU 10.2.0

-- The CXX compiler identification is GNU 10.2.0

-- Detecting C compiler ABI info

-- Detecting C compiler ABI info - done

-- Check for working C compiler: /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot-native/usr/bin/riscv64-oe-linux/riscv64-oe-linux-gcc - skipped

-- Detecting C compile features

-- Detecting C compile features - done

-- Detecting CXX compiler ABI info

-- Detecting CXX compiler ABI info - done

-- Check for working CXX compiler: /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot-native/usr/bin/riscv64-oe-linux/riscv64-oe-linux-g++ - skipped

-- Detecting CXX compile features

-- Detecting CXX compile features - done

--



Installing in /usr. Run /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/build/prefix.sh to set the environment for KCrash.

-- Looking for __GLIBC__

-- Looking for __GLIBC__ - found

-- Performing Test _OFFT_IS_64BIT

-- Performing Test _OFFT_IS_64BIT - Success

-- Performing Test HAVE_DATE_TIME

-- Performing Test HAVE_DATE_TIME - Success

-- Performing Test BSYMBOLICFUNCTIONS_AVAILABLE

-- Performing Test BSYMBOLICFUNCTIONS_AVAILABLE - Success

fatal: not a git repository (or any of the parent directories): .git

-- Found X11: /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot/usr/include

-- Looking for XOpenDisplay in /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot/usr/lib/libX11.so;/home/sateesh/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot/usr/lib/libXext.so

-- Looking for XOpenDisplay in /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot/usr/lib/libX11.so;/home/sateesh/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot/usr/lib/libXext.so - found

-- Looking for gethostbyname

-- Looking for gethostbyname - found

-- Looking for connect

-- Looking for connect - found

-- Looking for remove

-- Looking for remove - found

-- Looking for shmat

-- Looking for shmat - found

-- Looking for IceConnectionNumber in ICE

-- Looking for IceConnectionNumber in ICE - found

-- Performing Test COMPILER_HAS_HIDDEN_VISIBILITY

-- Performing Test COMPILER_HAS_HIDDEN_VISIBILITY - Success

-- Performing Test COMPILER_HAS_HIDDEN_INLINE_VISIBILITY

-- Performing Test COMPILER_HAS_HIDDEN_INLINE_VISIBILITY - Success

-- Performing Test COMPILER_HAS_DEPRECATED_ATTR

-- Performing Test COMPILER_HAS_DEPRECATED_ATTR - Success

-- The following features have been enabled:



* Core Pattern Raising, Raising signals to kernel core patterns (iff the pattern is a process). You may wish to not install drkonqi if this can cause a UI conflict.



-- The following OPTIONAL packages have been found:



* X11



-- The following REQUIRED packages have been found:



* ECM (required version >= 5.85.0), Extra CMake Modules., <https://commits.kde.org/extra-cmake-modules>

* Qt5 (required version >= 5.15.0)

* Qt5Core (required version >= 5.15.0)

* KF5CoreAddons (required version >= 5.85.0)

* Qt5Gui (required version >= 5.15.0)

* KF5WindowSystem (required version >= 5.85.0)

* Qt5X11Extras (required version >= 5.15.0)



-- The following features have been disabled:



* QCH, API documentation in QCH format (for e.g. Qt Assistant, Qt Creator & KDevelop)



-- Configuring done

CMake Error in src/CMakeLists.txt:

Imported target "KF5::WindowSystem" includes non-existent path



"/home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kwindowsystem/5.85.0-r0/recipe-sysroot/usr/include"



in its INTERFACE_INCLUDE_DIRECTORIES. Possible reasons include:



* The path was deleted, renamed, or moved to another location.



* An install or uninstall procedure did not complete successfully.



* The installation package was faulty and references files it does not

provide.







CMake Error in src/CMakeLists.txt:

Imported target "KF5::WindowSystem" includes non-existent path



"/home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kwindowsystem/5.85.0-r0/recipe-sysroot/usr/include"



in its INTERFACE_INCLUDE_DIRECTORIES. Possible reasons include:



* The path was deleted, renamed, or moved to another location.



* An install or uninstall procedure did not complete successfully.



* The installation package was faulty and references files it does not

provide.







-- Generating done

CMake Warning:

Manually-specified variables were not used by the project:



BUILD_DESIGNERPLUGIN

LIB_SUFFIX

OE_KF5_PATH_HOST_ROOT

OE_QMAKE_PATH_ARCHDATA

OE_QMAKE_PATH_BINS

OE_QMAKE_PATH_DATA

OE_QMAKE_PATH_DOCS

OE_QMAKE_PATH_EXAMPLES

OE_QMAKE_PATH_HEADERS

OE_QMAKE_PATH_HOST_BINS

OE_QMAKE_PATH_HOST_DATA

OE_QMAKE_PATH_HOST_LIBS

OE_QMAKE_PATH_HOST_PREFIX

OE_QMAKE_PATH_LIBEXECS

OE_QMAKE_PATH_LIBS

OE_QMAKE_PATH_PLUGINS

OE_QMAKE_PATH_PREFIX

OE_QMAKE_PATH_QML

OE_QMAKE_PATH_QT_ARCHDATA

OE_QMAKE_PATH_QT_BINS

OE_QMAKE_PATH_QT_DATA

OE_QMAKE_PATH_QT_DOCS

OE_QMAKE_PATH_QT_EXAMPLES

OE_QMAKE_PATH_QT_HEADERS

OE_QMAKE_PATH_QT_SETTINGS

OE_QMAKE_PATH_QT_TESTS

OE_QMAKE_PATH_QT_TRANSLATIONS

OE_QMAKE_PATH_SETTINGS

OE_QMAKE_PATH_TESTS

OE_QMAKE_PATH_TRANSLATIONS

PYTHON_EXECUTABLE

Python3_EXECUTABLE

Python_EXECUTABLE





CMake Generate step failed. Build files cannot be regenerated correctly.

WARNING: exit code 1 from a shell command.



ERROR: Logfile of failure stored in: /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/temp/log.do_configure.12650

--
1. From version 5.85 I assume you use meta-qt5-extra (not meta-kf5) - right?
2. the important part of the log is:

| CMake Error in src/CMakeLists.txt:
| Imported target "KF5::WindowSystem" includes non-existent path
| "/home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kwindowsystem/5.85.0-r0/recipe-sysroot/usr/include"

That means that kwindowsystem did not install all necessary bits. Do
you have x11 in your DISTRO_FEATURES? If not you should add that.

Hope that helps

Andreas


How to remove -rpath and -rpath-link from BUILD_LDFLAGS env variable to solve following error: QA Issue: package python3-scipy contains bad RPATH? #python #bitbake

surfinride
 

Hey there. I am building a Boot2Qt image for my Jetson Nano. Yocto release is dunfell. Currently I am trying to build the scipy library release 1.5.3. This is the recipe I am using:
inherit pypi setuptools3

SUMMARY = "SciPy: Scientific Library for Python"
HOMEPAGE = "https://www.scipy.org"
LICENSE = "BSD"
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=8256119827cf2bbe63512d4868075867"

SRC_URI += " file://0001-Allow-passing-flags-via-FARCH-for-mach.patch"
SRC_URI[md5sum] = "ecf5c58e4df1d257abf1634d51cb9205"
SRC_URI[sha256sum] = "ddae76784574cc4c172f3d5edd7308be16078dd3b977e8746860c76c195fa707"

DEPENDS += "${PYTHON_PN}-numpy ${PYTHON_PN}-numpy-native ${PYTHON_PN}-pybind11-native lapack"
RDEPENDS_${PN} += "${PYTHON_PN}-numpy lapack"

CLEANBROKEN = "1"

export LAPACK = "${STAGING_LIBDIR}"
export BLAS = "${STAGING_LIBDIR}"

export F90 = "${TARGET_PREFIX}gfortran"
export FARCH = "${TUNE_CCARGS}"
# Numpy expects the LDSHARED env variable to point to a single
# executable, but OE sets it to include some flags as well. So we split
# the existing LDSHARED variable into the base executable and flags, and
# prepend the flags into LDFLAGS
LDFLAGS_prepend := "${@" ".join(d.getVar('LDSHARED', True).split()[1:])} "
export LDSHARED := "${@d.getVar('LDSHARED', True).split()[0]}"

# Tell Numpy to look in target sysroot site-packages directory for libraries
LDFLAGS_append = " -L${STAGING_LIBDIR}/${PYTHON_DIR}/site-packages/numpy/core/lib"
This recipe fails with the bad RPATH error. Complete error log here.

This is what the Yocto documentation has to say about the bad RPATH error:
-package <packagename> contains bad RPATH <rpath> in file <file> [rpaths]The specified binary produced by the recipe contains dynamic library load paths (rpaths) that contain build system paths such as TMPDIR, which are incorrect for the target and could potentially be a security issue. Check for bad -rpathoptions being passed to the linker in your do_compile log. Depending on the build system used by the software being built, there might be a configure option to disable rpath usage completely within the build of the software.
I looked in the run.do_configure file. This is what the BUILD_LDFLAGS variable is set like:
export BUILD_LDFLAGS="-L/media/dell/ext4_volume/jetson-nano-build-files/tmp/work/aarch64-poky-linux/python3-scipy/1.5.3-r0/recipe-sysroot-native/usr/lib                         -L/media/dell/ext4_volume/jetson-nano-build-files/tmp/work/aarch64-poky-linux/python3-scipy/1.5.3-r0/recipe-sysroot-native/lib                         -Wl,--enable-new-dtags                         -Wl,-rpath-link,/media/dell/ext4_volume/jetson-nano-build-files/tmp/work/aarch64-poky-linux/python3-scipy/1.5.3-r0/recipe-sysroot-native/usr/lib                         -Wl,-rpath-link,/media/dell/ext4_volume/jetson-nano-build-files/tmp/work/aarch64-poky-linux/python3-scipy/1.5.3-r0/recipe-sysroot-native/lib                         -Wl,-rpath,/media/dell/ext4_volume/jetson-nano-build-files/tmp/work/aarch64-poky-linux/python3-scipy/1.5.3-r0/recipe-sysroot-native/usr/lib                         -Wl,-rpath,/media/dell/ext4_volume/jetson-nano-build-files/tmp/work/aarch64-poky-linux/python3-scipy/1.5.3-r0/recipe-sysroot-native/lib                         -Wl,-O1 -Wl,--allow-shlib-undefined -Wl,--dynamic-linker=/media/dell/ext4_volume/jetson-nano-build-files/tmp/sysroots-uninative/x86_64-linux/lib/ld-linux-x86-64.so.2"
So I created a copy of bitbake.conf in my custom layer and set the priority of the layer above the poky/meta/ layer. With this the -rpath and -rpath-link options are removed from the BUILD_LDFLAGS variable. Now if I build the package, the build still fails with the same error.
Running grep on the tmp/work/aarch64-poky-linux/python3-scipy/1.5.3-r0/temp/ showed that -rpath option is still being passed to gcc. Complete log.do_compile here.

Right now I am kind of clueless as to how I should approach debugging this. Would really appreciate any help. Thanks.


Re: kcrash package compile issue

Zoran
 

CMake Error in src/CMakeLists.txt:

Imported target "KF5::WindowSystem" includes non-existent path
You somehow mixed Windows and Linux Cmake build systems. Not sure how...

Solution 1: fix on the fly current problem:
You should inspect the file: src/CMakeLists.txt and try to fix Windows
paths to match Linux paths.

Solution 2: delete the current Cmake setup and execute it from scratch:
Error should not happen, since you need to delete the Cmake setup and
do the whole thing from scratch.
1) configure <<===== This step causes you problems!
2) make
3) make install

Zee
_______


On Mon, Aug 30, 2021 at 6:10 AM sateesh m <sateesh0457@...> wrote:

Hi Team,

I am trying to build kcrash package. I got below error.Can anybody know how to fix this please guide me.

ERROR: kcrash-5.85.0-r0 do_configure: Execution of '/home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/temp/run.do_configure.12650' failed with exit code 1:

-- The C compiler identification is GNU 10.2.0

-- The CXX compiler identification is GNU 10.2.0

-- Detecting C compiler ABI info

-- Detecting C compiler ABI info - done

-- Check for working C compiler: /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot-native/usr/bin/riscv64-oe-linux/riscv64-oe-linux-gcc - skipped

-- Detecting C compile features

-- Detecting C compile features - done

-- Detecting CXX compiler ABI info

-- Detecting CXX compiler ABI info - done

-- Check for working CXX compiler: /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot-native/usr/bin/riscv64-oe-linux/riscv64-oe-linux-g++ - skipped

-- Detecting CXX compile features

-- Detecting CXX compile features - done

--



Installing in /usr. Run /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/build/prefix.sh to set the environment for KCrash.

-- Looking for __GLIBC__

-- Looking for __GLIBC__ - found

-- Performing Test _OFFT_IS_64BIT

-- Performing Test _OFFT_IS_64BIT - Success

-- Performing Test HAVE_DATE_TIME

-- Performing Test HAVE_DATE_TIME - Success

-- Performing Test BSYMBOLICFUNCTIONS_AVAILABLE

-- Performing Test BSYMBOLICFUNCTIONS_AVAILABLE - Success

fatal: not a git repository (or any of the parent directories): .git

-- Found X11: /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot/usr/include

-- Looking for XOpenDisplay in /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot/usr/lib/libX11.so;/home/sateesh/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot/usr/lib/libXext.so

-- Looking for XOpenDisplay in /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot/usr/lib/libX11.so;/home/sateesh/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot/usr/lib/libXext.so - found

-- Looking for gethostbyname

-- Looking for gethostbyname - found

-- Looking for connect

-- Looking for connect - found

-- Looking for remove

-- Looking for remove - found

-- Looking for shmat

-- Looking for shmat - found

-- Looking for IceConnectionNumber in ICE

-- Looking for IceConnectionNumber in ICE - found

-- Performing Test COMPILER_HAS_HIDDEN_VISIBILITY

-- Performing Test COMPILER_HAS_HIDDEN_VISIBILITY - Success

-- Performing Test COMPILER_HAS_HIDDEN_INLINE_VISIBILITY

-- Performing Test COMPILER_HAS_HIDDEN_INLINE_VISIBILITY - Success

-- Performing Test COMPILER_HAS_DEPRECATED_ATTR

-- Performing Test COMPILER_HAS_DEPRECATED_ATTR - Success

-- The following features have been enabled:



* Core Pattern Raising, Raising signals to kernel core patterns (iff the pattern is a process). You may wish to not install drkonqi if this can cause a UI conflict.



-- The following OPTIONAL packages have been found:



* X11



-- The following REQUIRED packages have been found:



* ECM (required version >= 5.85.0), Extra CMake Modules., <https://commits.kde.org/extra-cmake-modules>

* Qt5 (required version >= 5.15.0)

* Qt5Core (required version >= 5.15.0)

* KF5CoreAddons (required version >= 5.85.0)

* Qt5Gui (required version >= 5.15.0)

* KF5WindowSystem (required version >= 5.85.0)

* Qt5X11Extras (required version >= 5.15.0)



-- The following features have been disabled:



* QCH, API documentation in QCH format (for e.g. Qt Assistant, Qt Creator & KDevelop)



-- Configuring done

CMake Error in src/CMakeLists.txt:

Imported target "KF5::WindowSystem" includes non-existent path



"/home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kwindowsystem/5.85.0-r0/recipe-sysroot/usr/include"



in its INTERFACE_INCLUDE_DIRECTORIES. Possible reasons include:



* The path was deleted, renamed, or moved to another location.



* An install or uninstall procedure did not complete successfully.



* The installation package was faulty and references files it does not

provide.







CMake Error in src/CMakeLists.txt:

Imported target "KF5::WindowSystem" includes non-existent path



"/home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kwindowsystem/5.85.0-r0/recipe-sysroot/usr/include"



in its INTERFACE_INCLUDE_DIRECTORIES. Possible reasons include:



* The path was deleted, renamed, or moved to another location.



* An install or uninstall procedure did not complete successfully.



* The installation package was faulty and references files it does not

provide.







-- Generating done

CMake Warning:

Manually-specified variables were not used by the project:



BUILD_DESIGNERPLUGIN

LIB_SUFFIX

OE_KF5_PATH_HOST_ROOT

OE_QMAKE_PATH_ARCHDATA

OE_QMAKE_PATH_BINS

OE_QMAKE_PATH_DATA

OE_QMAKE_PATH_DOCS

OE_QMAKE_PATH_EXAMPLES

OE_QMAKE_PATH_HEADERS

OE_QMAKE_PATH_HOST_BINS

OE_QMAKE_PATH_HOST_DATA

OE_QMAKE_PATH_HOST_LIBS

OE_QMAKE_PATH_HOST_PREFIX

OE_QMAKE_PATH_LIBEXECS

OE_QMAKE_PATH_LIBS

OE_QMAKE_PATH_PLUGINS

OE_QMAKE_PATH_PREFIX

OE_QMAKE_PATH_QML

OE_QMAKE_PATH_QT_ARCHDATA

OE_QMAKE_PATH_QT_BINS

OE_QMAKE_PATH_QT_DATA

OE_QMAKE_PATH_QT_DOCS

OE_QMAKE_PATH_QT_EXAMPLES

OE_QMAKE_PATH_QT_HEADERS

OE_QMAKE_PATH_QT_SETTINGS

OE_QMAKE_PATH_QT_TESTS

OE_QMAKE_PATH_QT_TRANSLATIONS

OE_QMAKE_PATH_SETTINGS

OE_QMAKE_PATH_TESTS

OE_QMAKE_PATH_TRANSLATIONS

PYTHON_EXECUTABLE

Python3_EXECUTABLE

Python_EXECUTABLE





CMake Generate step failed. Build files cannot be regenerated correctly.

WARNING: exit code 1 from a shell command.



ERROR: Logfile of failure stored in: /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/temp/log.do_configure.12650

--
Regards,
Sateesh


kcrash package compile issue

sateesh m
 

Hi Team,

             I am trying to build kcrash package. I got below error.Can anybody know how to fix this please guide me.

ERROR: kcrash-5.85.0-r0 do_configure: Execution of '/home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/temp/run.do_configure.12650' failed with exit code 1:

-- The C compiler identification is GNU 10.2.0

-- The CXX compiler identification is GNU 10.2.0

-- Detecting C compiler ABI info

-- Detecting C compiler ABI info - done

-- Check for working C compiler: /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot-native/usr/bin/riscv64-oe-linux/riscv64-oe-linux-gcc - skipped

-- Detecting C compile features

-- Detecting C compile features - done

-- Detecting CXX compiler ABI info

-- Detecting CXX compiler ABI info - done

-- Check for working CXX compiler: /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot-native/usr/bin/riscv64-oe-linux/riscv64-oe-linux-g++ - skipped

-- Detecting CXX compile features

-- Detecting CXX compile features - done

--

 

Installing in /usr. Run /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/build/prefix.sh to set the environment for KCrash.

-- Looking for __GLIBC__

-- Looking for __GLIBC__ - found

-- Performing Test _OFFT_IS_64BIT

-- Performing Test _OFFT_IS_64BIT - Success

-- Performing Test HAVE_DATE_TIME

-- Performing Test HAVE_DATE_TIME - Success

-- Performing Test BSYMBOLICFUNCTIONS_AVAILABLE

-- Performing Test BSYMBOLICFUNCTIONS_AVAILABLE - Success

fatal: not a git repository (or any of the parent directories): .git

-- Found X11: /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot/usr/include

-- Looking for XOpenDisplay in /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot/usr/lib/libX11.so;/home/sateesh/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot/usr/lib/libXext.so

-- Looking for XOpenDisplay in /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot/usr/lib/libX11.so;/home/sateesh/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot/usr/lib/libXext.so - found

-- Looking for gethostbyname

-- Looking for gethostbyname - found

-- Looking for connect

-- Looking for connect - found

-- Looking for remove

-- Looking for remove - found

-- Looking for shmat

-- Looking for shmat - found

-- Looking for IceConnectionNumber in ICE

-- Looking for IceConnectionNumber in ICE - found

-- Performing Test COMPILER_HAS_HIDDEN_VISIBILITY

-- Performing Test COMPILER_HAS_HIDDEN_VISIBILITY - Success

-- Performing Test COMPILER_HAS_HIDDEN_INLINE_VISIBILITY

-- Performing Test COMPILER_HAS_HIDDEN_INLINE_VISIBILITY - Success

-- Performing Test COMPILER_HAS_DEPRECATED_ATTR

-- Performing Test COMPILER_HAS_DEPRECATED_ATTR - Success

-- The following features have been enabled:

 

* Core Pattern Raising, Raising signals to kernel core patterns (iff the pattern is a process). You may wish to not install drkonqi if this can cause a UI conflict.

 

-- The following OPTIONAL packages have been found:

 

* X11

 

-- The following REQUIRED packages have been found:

 

* ECM (required version >= 5.85.0), Extra CMake Modules., <https://commits.kde.org/extra-cmake-modules>

* Qt5 (required version >= 5.15.0)

* Qt5Core (required version >= 5.15.0)

* KF5CoreAddons (required version >= 5.85.0)

* Qt5Gui (required version >= 5.15.0)

* KF5WindowSystem (required version >= 5.85.0)

* Qt5X11Extras (required version >= 5.15.0)

 

-- The following features have been disabled:

 

* QCH, API documentation in QCH format (for e.g. Qt Assistant, Qt Creator & KDevelop)

 

-- Configuring done

CMake Error in src/CMakeLists.txt:

Imported target "KF5::WindowSystem" includes non-existent path

 

"/home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kwindowsystem/5.85.0-r0/recipe-sysroot/usr/include"

 

in its INTERFACE_INCLUDE_DIRECTORIES. Possible reasons include:

 

* The path was deleted, renamed, or moved to another location.

 

* An install or uninstall procedure did not complete successfully.

 

* The installation package was faulty and references files it does not

provide.

 

 

 

CMake Error in src/CMakeLists.txt:

Imported target "KF5::WindowSystem" includes non-existent path

 

"/home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kwindowsystem/5.85.0-r0/recipe-sysroot/usr/include"

 

in its INTERFACE_INCLUDE_DIRECTORIES. Possible reasons include:

 

* The path was deleted, renamed, or moved to another location.

 

* An install or uninstall procedure did not complete successfully.

 

* The installation package was faulty and references files it does not

provide.

 

 

 

-- Generating done

CMake Warning:

Manually-specified variables were not used by the project:

 

BUILD_DESIGNERPLUGIN

LIB_SUFFIX

OE_KF5_PATH_HOST_ROOT

OE_QMAKE_PATH_ARCHDATA

OE_QMAKE_PATH_BINS

OE_QMAKE_PATH_DATA

OE_QMAKE_PATH_DOCS

OE_QMAKE_PATH_EXAMPLES

OE_QMAKE_PATH_HEADERS

OE_QMAKE_PATH_HOST_BINS

OE_QMAKE_PATH_HOST_DATA

OE_QMAKE_PATH_HOST_LIBS

OE_QMAKE_PATH_HOST_PREFIX

OE_QMAKE_PATH_LIBEXECS

OE_QMAKE_PATH_LIBS

OE_QMAKE_PATH_PLUGINS

OE_QMAKE_PATH_PREFIX

OE_QMAKE_PATH_QML

OE_QMAKE_PATH_QT_ARCHDATA

OE_QMAKE_PATH_QT_BINS

OE_QMAKE_PATH_QT_DATA

OE_QMAKE_PATH_QT_DOCS

OE_QMAKE_PATH_QT_EXAMPLES

OE_QMAKE_PATH_QT_HEADERS

OE_QMAKE_PATH_QT_SETTINGS

OE_QMAKE_PATH_QT_TESTS

OE_QMAKE_PATH_QT_TRANSLATIONS

OE_QMAKE_PATH_SETTINGS

OE_QMAKE_PATH_TESTS

OE_QMAKE_PATH_TRANSLATIONS

PYTHON_EXECUTABLE

Python3_EXECUTABLE

Python_EXECUTABLE

 

 

CMake Generate step failed. Build files cannot be regenerated correctly.

WARNING: exit code 1 from a shell command.

 

ERROR: Logfile of failure stored in: /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/temp/log.do_configure.12650

--
Regards,
Sateesh


Re: Pyinstaller error in yocto #yocto

Robert Berger
 

Hi,

Please don't use screen shots, but pastebin instead. I already mentioned this on fb.

My comments are inline.

On 29/08/2021 13:48, yasminebenghozzi6@... wrote:
Hello,
I successfully installed pyinstaller in my yocto image , but while executing the command it doesn't work
It misses ldd.

It's here:

https://git.yoctoproject.org/cgit/cgit.cgi/poky/tree/meta/recipes-core/glibc/glibc-package.inc

You might want to try something like:

IMAGE_INSTALL += "ldd"

Regards,

Robert


Pyinstaller error in yocto #yocto

yasminebenghozzi6@...
 

Hello,
I successfully installed pyinstaller in my yocto image , but while executing the command it doesn't work


Re: [oe][meta-security][PATCH] meta: Fix typos

Martin Jansa
 

Please merge this one.


On Wed, Aug 4, 2021 at 1:20 PM Martin Jansa via lists.yoctoproject.org <Martin.Jansa=gmail.com@...> wrote:
Acked-by: Martin Jansa <Martin.Jansa@...>

On Mon, Aug 2, 2021 at 11:02 AM George Liu <liuxiwei1013@...> wrote:
Fix the variable spelling errors
s/SKIP_META_SECUIRTY_SANITY_CHECK/SKIP_META_SECURITY_SANITY_CHECK

Signed-off-by: George Liu <liuxiwei@...>
---
 classes/sanity-meta-security.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/classes/sanity-meta-security.bbclass b/classes/sanity-meta-security.bbclass
index b6c6b9c..f9e2698 100644
--- a/classes/sanity-meta-security.bbclass
+++ b/classes/sanity-meta-security.bbclass
@@ -1,7 +1,7 @@
 addhandler security_bbappend_distrocheck
 security_bbappend_distrocheck[eventmask] = "bb.event.SanityCheck"
 python security_bbappend_distrocheck() {
-    skip_check = e.data.getVar('SKIP_META_SECUIRTY_SANITY_CHECK') == "1"
+    skip_check = e.data.getVar('SKIP_META_SECURITY_SANITY_CHECK') == "1"
     if 'security' not in e.data.getVar('DISTRO_FEATURES').split() and not skip_check:
         bb.warn("You have included the meta-security layer, but \
 'security' has not been enabled in your DISTRO_FEATURES. Some bbappend files \
--
2.30.2








Re: [meta-tpm][PATCH v2] README: fix mailing lists and a typo

Armin Kuster
 

merged
thanks

On 8/25/21 6:25 AM, Marta Rybczynska wrote:
A number of typo fixes:
- tmp->tpm in the DISTRO_FEATURES
- update the mailing list address as it was out of date
- update the distro name in the subject

Signed-off-by: Marta Rybczynska <rybczynska@...>
---
meta-tpm/README | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/meta-tpm/README b/meta-tpm/README
index 4441dd2..2b32a9f 100644
--- a/meta-tpm/README
+++ b/meta-tpm/README
@@ -5,7 +5,7 @@ The bbappend files for some recipes (e.g. linux-yocto) in this layer need
to have 'tpm' in DISTRO_FEATURES to have effect.
To enable them, add in configuration file the following line.

- DISTRO_FEATURES:append = " tmp"
+ DISTRO_FEATURES:append = " tpm"

If meta-tpm is included, but tpm is not enabled as a
distro feature a warning is printed at parse time:
@@ -57,15 +57,15 @@ other layers needed. e.g.:
Maintenance
-----------

-Send pull requests, patches, comments or questions to yocto@...
+Send pull requests, patches, comments or questions to yocto@...

When sending single patches, please using something like:
-'git send-email -1 --to yocto@... --subject-prefix=meta-security][PATCH'
+'git send-email -1 --to yocto@... --subject-prefix=meta-tpm][PATCH'

These values can be set as defaults for this repository:

-$ git config sendemail.to yocto@...
-$ git config format.subjectPrefix meta-security][PATCH
+$ git config sendemail.to yocto@...
+$ git config format.subjectPrefix meta-tpm][PATCH

Now you can just do 'git send-email origin/master' to send all local patches.


Re: [PATCH] meta-integrity: kernel-modsign: Change weak default value

Armin Kuster
 

merged
thanks

On 8/26/21 10:14 AM, Daiane Angolini wrote:
Assign a weak default value for MODSIGN_KEY_DIR so the other layers can
set a default value for them as well.

Signed-off-by: Daiane Angolini <daiane.angolini@...>
---
meta-integrity/classes/kernel-modsign.bbclass | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-integrity/classes/kernel-modsign.bbclass b/meta-integrity/classes/kernel-modsign.bbclass
index cf5d3eb..093c358 100644
--- a/meta-integrity/classes/kernel-modsign.bbclass
+++ b/meta-integrity/classes/kernel-modsign.bbclass
@@ -2,7 +2,7 @@
# set explicitly in a local.conf before activating kernel-modsign.
# To use the insecure (because public) example keys, use
# MODSIGN_KEY_DIR = "${INTEGRITY_BASE}/data/debug-keys"
-MODSIGN_KEY_DIR ?= "MODSIGN_KEY_DIR_NOT_SET"
+MODSIGN_KEY_DIR ??= "MODSIGN_KEY_DIR_NOT_SET"

# Private key for modules signing. The default is okay when
# using the example key directory.



Re: [meta-hardening][PATCH] README: fix mailing lists

Armin Kuster
 

merged

thanks

On 8/24/21 11:20 PM, Marta Rybczynska wrote:
The address included in the meta-hardening documentation
does not work and was changed in other places in 2019.

Signed-off-by: Marta Rybczynska <rybczynska@...>
---
meta-hardening/README | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/meta-hardening/README b/meta-hardening/README
index 37a0b7e..191253c 100644
--- a/meta-hardening/README
+++ b/meta-hardening/README
@@ -64,14 +64,14 @@ layers: meta-oe
Maintenance
-----------

-Send pull requests, patches, comments or questions to yocto@...
+Send pull requests, patches, comments or questions to yocto@...

When sending single patches, please using something like:
-'git send-email -1 --to yocto@... --subject-prefix=meta-hardening][PATCH'
+'git send-email -1 --to yocto@... --subject-prefix=meta-hardening][PATCH'

These values can be set as defaults for this repository:

-$ git config sendemail.to yocto@...
+$ git config sendemail.to yocto@...
$ git config format.subjectPrefix meta-hardening][PATCH

Now you can just do 'git send-email origin/master' to send all local patches.


Re: [meta-mingw] [PATCH] grpc: use the new PACKAGECONFIG to disable shared

Sinan Kaya <okaya@...>
 

On 8/27/2021 8:41 AM, Joshua Watt wrote:

@@ -1,5 +1,4 @@
  # doesn't build and not required
  DEPENDS:remove:mingw32 = "libnsl2"

This is good, thanks. Is the libnsl2 also tied to some feature? Perhaps
you can explain why it needs to be removed from MinGW
My research says libnsl is a soft requirement for c-ares.
GRPC assumes libnsl to be present and used by default.
However, it will build without it too.

https://www.linuxfromscratch.org/blfs/view/svn/basicnet/libnsl.html

We should be turning libnsl off if you want to enable GRPC's backward
compatibility mode. Maybe, because previous versions didn't support
libnsl.


c-ares
-------------
CMakeLists.txt:CARES_FUNCTION_IN_LIBRARY (gethostbyname nsl HAVE_LIBNSL)
CMakeLists.txt: LIST (APPEND CARES_DEPENDENT_LIBS nsl)


grpc
-------------
if(gRPC_BACKWARDS_COMPATIBILITY_MODE)
# See https://github.com/grpc/grpc/issues/17255
set(HAVE_LIBNSL OFF CACHE BOOL "avoid cares dependency on libnsl")
endif()

CMakeLists.txt:option(gRPC_BACKWARDS_COMPATIBILITY_MODE "Build libraries
that are binary compatible across a larger number of OS and libc
versions" OFF)
CMakeLists.txt:if(gRPC_BACKWARDS_COMPATIBILITY_MODE)


Re: Extensible SDK - runtime packages installation

d0ku
 

Ok, I was able to find the answer to the third point:

 Am I possibly missing some configuration steps? In Yocto environment the PATH gets expanded with `bin/perl-native` automatically, but I wasn't able to pinpoint what file/task actually does it.

The bolded sentence is not actually true. Adding perl-native to the DEPENDS of a recipe, does not cause it to be automatically picked up during the build. For this to happen the perlnative bbclass has to be inherited. Same design is in place for at least python, probably more packages.

This brings me to the followup question:
How can I mimic the perlnative or python3native behaviour on the eSDK level? Is this only possible via the devtool and recipes, and so can't be done "outside" of the Yocto environment, e.g. using ${CC} and ${CXX} variables?

Regards,
Jakub


[meta-security][PATCH 6/6] harden-image-minimal: fix useradd inherit

Armin Kuster
 

Signed-off-by: Armin Kuster <akuster808@...>
---
.../recipes-core/images/harden-image-minimal.bb | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/meta-hardening/recipes-core/images/harden-image-minimal.bb b/meta-hardening/recipes-core/images/harden-image-minimal.bb
index c35c257..38771cd 100644
--- a/meta-hardening/recipes-core/images/harden-image-minimal.bb
+++ b/meta-hardening/recipes-core/images/harden-image-minimal.bb
@@ -10,7 +10,8 @@ LICENSE = "MIT"

IMAGE_ROOTFS_SIZE ?= "8192"

-inherit core-image extrausers
+inherit core-image
+IMAGE_CLASSES:append = " extrausers"

ROOT_DEFAULT_PASSWORD ?= "1SimplePw!"
DEFAULT_ADMIN_ACCOUNT ?= "myadmin"
@@ -19,7 +20,7 @@ DEFAULT_ADMIN_ACCOUNT_PASSWORD ?= "1SimplePw!"

EXTRA_USERS_PARAMS = "${@bb.utils.contains('DISABLE_ROOT', 'True', "usermod -L root;", "usermod -P '${ROOT_DEFAULT_PASSWORD}' root;", d)}"

-EXTRA_USERS_PARAMS += "useradd ${DEFAULT_ADMIN_ACCOUNT};"
-EXTRA_USERS_PARAMS += "groupadd ${DEFAULT_ADMIN_GROUP};"
-EXTRA_USERS_PARAMS += "usermod -P '${DEFAULT_ADMIN_ACCOUNT_PASSWORD}' ${DEFAULT_ADMIN_ACCOUNT};"
-EXTRA_USERS_PARAMS += "usermod -aG ${DEFAULT_ADMIN_GROUP} ${DEFAULT_ADMIN_ACCOUNT};"
+EXTRA_USERS_PARAMS:append = " useradd ${DEFAULT_ADMIN_ACCOUNT};"
+EXTRA_USERS_PARAMS:append = " groupadd ${DEFAULT_ADMIN_GROUP};"
+EXTRA_USERS_PARAMS:append = " usermod -P '${DEFAULT_ADMIN_ACCOUNT_PASSWORD}' ${DEFAULT_ADMIN_ACCOUNT};"
+EXTRA_USERS_PARAMS:append = " usermod -aG ${DEFAULT_ADMIN_GROUP} ${DEFAULT_ADMIN_ACCOUNT};"
--
2.25.1


[meta-security][PATCH 5/6] layer.conf: drop meta-rust

Armin Kuster
 

Signed-off-by: Armin Kuster <akuster808@...>
---
meta-parsec/conf/layer.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-parsec/conf/layer.conf b/meta-parsec/conf/layer.conf
index 86d41b2..2eeb71b 100644
--- a/meta-parsec/conf/layer.conf
+++ b/meta-parsec/conf/layer.conf
@@ -10,5 +10,5 @@ BBFILE_PRIORITY_parsec-layer = "5"

LAYERSERIES_COMPAT_parsec-layer = "honister"

-LAYERDEPENDS_parsec-layer = "core rust-layer clang-layer tpm-layer"
+LAYERDEPENDS_parsec-layer = "core clang-layer tpm-layer"
BBLAYERS_LAYERINDEX_NAME_parsec-layer = "meta-parsec"
--
2.25.1


[meta-security][PATCH 4/6] layer.conf: drop dynamic-layer

Armin Kuster
 

Signed-off-by: Armin Kuster <akuster808@...>
---
conf/layer.conf | 4 ----
1 file changed, 4 deletions(-)

diff --git a/conf/layer.conf b/conf/layer.conf
index cdcfaee..ad9da56 100644
--- a/conf/layer.conf
+++ b/conf/layer.conf
@@ -16,7 +16,3 @@ LAYERDEPENDS_security = "core openembedded-layer perl-layer networking-layer met
# Sanity check for meta-security layer.
# Setting SKIP_META_SECURITY_SANITY_CHECK to "1" would skip the bbappend files check.
INHERIT += "sanity-meta-security"
-
-BBFILES_DYNAMIC += " \
-rust-layer:${LAYERDIR}/dynamic-layers/meta-rust/recipes-*/*/*.bb \
-"
--
2.25.1

2821 - 2840 of 57387