|
Enhancements/Bugs closed WW35!
Stephen Jolley
All,
Thanks,
Stephen K. Jolley Yocto Project Program Manager ( Cell: (208) 244-4460 * Email: sjolley.yp.pm@...
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Current high bug count owners for Yocto Project 3.4
Stephen Jolley
All,
Thanks,
Stephen K. Jolley Yocto Project Program Manager ( Cell: (208) 244-4460 * Email: sjolley.yp.pm@...
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Yocto Project Newcomer & Unassigned Bugs - Help Needed
Stephen Jolley
All,
The triage team is starting to try and collect up and classify bugs which a newcomer to the project would be able to work on in a way which means people can find them. They're being listed on the triage page under the appropriate heading: https://wiki.yoctoproject.org/wiki/Bug_Triage#Newcomer_Bugs Also please review: https://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded and how to create a bugzilla account at: https://bugzilla.yoctoproject.org/createaccount.cgi The idea is these bugs should be straight forward for a person to help work on who doesn't have deep experience with the project. If anyone can help, please take ownership of the bug and send patches! If anyone needs help/advice there are people on irc who can likely do so, or some of the more experienced contributors will likely be happy to help too.
Also, the triage team meets weekly and does its best to handle the bugs reported into the Bugzilla. The number of people attending that meeting has fallen, as have the number of people available to help fix bugs. One of the things we hear users report is they don't know how to help. We (the triage team) are therefore going to start reporting out the currently 382 unassigned or newcomer bugs.
We're hoping people may be able to spare some time now and again to help out with these. Bugs are split into two types, "true bugs" where things don't work as they should and "enhancements" which are features we'd want to add to the system. There are also roughly four different "priority" classes right now, “3.4”, “3.5, "3.99" and "Future", the more pressing/urgent issues being in "3.4" and then “3.5”.
Please review this link and if a bug is something you would be able to help with either take ownership of the bug, or send me (sjolley.yp.pm@...) an e-mail with the bug number you would like and I will assign it to you (please make sure you have a Bugzilla account). The list is at: https://wiki.yoctoproject.org/wiki/Bug_Triage_Archive#Unassigned_or_Newcomer_Bugs
Thanks,
Stephen K. Jolley Yocto Project Program Manager ( Cell: (208) 244-4460 * Email: sjolley.yp.pm@...
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: extrausers-bbclass: plaintext password (since shadow update to 4.9)
Peter Bergin
On 2021-08-30 14:54, Matthias Klein wrote:
Hello,You have to escape the password string in the recipe. Use '\\\$' to escape the '$' token. There are some levels of evaluation of the expression and that's the reason for multiple '\'. Just iterate until you have the correct string in the shadow file, also check the log.do_rootfs where you can see the parameters to usermod. /Peter
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: extrausers-bbclass: plaintext password (since shadow update to 4.9)
Markus Volk
I also have problems with setting passwords in current master
branch. I only can provide a hacky workaround. I added the
following lines to my image recipe to inject the passwords
manually after rootfs creation:
Am 30.08.21 um 14:54 schrieb Matthias
Klein:
Hello, I am trying to find a working alternative for the old -P option. Previous: EXTRA_USERS_PARAMS = "usermod -P toor root;" The suggestions from this thread don't seem to work: https://lists.openembedded.org/g/openembedded-core/topic/84548199 Current: hash="$(python3 -c "import crypt; print(crypt.crypt('toor', crypt.METHOD_SHA512))")" EXTRA_USERS_PARAMS = "usermod -p ${hash} root;" The hashed password does not seem to be escaped properly in the extrausers-bbclass. The password in the shadow file is missing $ characters. Is there a way (with the current master branch) to define a password? Many greetings, Matthias
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: [meta-hardening][PATCH] meta-hardening/binutils: harden installation permissions
Marta Rybczynska
(correcting the wrong list address) On Fri, Aug 27, 2021 at 6:07 AM akuster808 <akuster808@...> wrote: Marta, It looks like a possibility, I will give it a try. I have a question about the future, however. Currently meta-hardening is defining its own distribution. When hardening will be in DISTRO_FEATURES (you were working on it some time ago https://patchwork.openembedded.org/patch/174773/), it would be less obvious to use, wouldn't it? A bonus question, do you still plan to make it in DISTRO_FEATURES? Regards, Marta
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: downgrade openssl libraryes
Ivan Riabtsov <ivriabtsov@...>
I have phytec imx6ul board with a preinstalled os. On this os opessl
toggle quoted messageShow quoted text
version is 1.0.2j i need to build nginx for this board, but i can't build yocto same version as i have on board, so I grabbed a newer version of yocto from phytec site, rolled back glibc and try to roll back openssl. I do not want to flash the device, as I'm afraid to get brick пн, 30 авг. 2021 г. в 16:51, Alexander Kanavin <alex.kanavin@...>:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: downgrade openssl libraryes
Alexander Kanavin
openssl 1.0.2 went out of support at the end of 2019 and you should not be using it. What is the problem you need to solve? Alex
On Mon, 30 Aug 2021 at 15:33, Ivan Riabtsov <ivriabtsov@...> wrote: hello i am trying to rollback openssl version from 1.1.1i to 1.0.2j.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
downgrade openssl libraryes
Ivan Riabtsov <ivriabtsov@...>
hello i am trying to rollback openssl version from 1.1.1i to 1.0.2j.
Copied the recipe openssl_1.1.1i.bb to openssl_1.0.2j.bb, saved the openssl_1.1.1i.bb version with the name openssl_1.1.1i.bb.backup Отредактировал новый файл, вот разница в файлах: diff -Nau ./openssl_1.1.1i.bb.backup ./openssl_1.0.2j.bb --- ./openssl_1.1.1i.bb.backup 2021-08-27 14:46:07.085808702 +0300 +++ ./openssl_1.0.2j.bb 2021-08-27 16:12:14.216430734 +0300 @@ -7,23 +7,19 @@ # "openssl" here actually means both OpenSSL and SSLeay licenses apply # (see meta/files/common-licenses/OpenSSL to which "openssl" is SPDXLICENSEMAPped) LICENSE = "openssl" -LIC_FILES_CHKSUM = "file://LICENSE;md5=d343e62fc9c833710bbbed25f27364c8" +LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6" DEPENDS = "hostperl-runtime-native" SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ file://run-ptest \ - file://0001-skip-test_symbol_presence.patch \ - file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ - file://afalg.patch \ - file://reproducible.patch \ " SRC_URI_append_class-nativesdk = " \ file://environment.d-openssl.sh \ " -SRC_URI[sha256sum] = "e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242" +SRC_URI[sha256sum] = "e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431" inherit lib_package multilib_header multilib_script ptest MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" @@ -122,7 +118,7 @@ # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the # environment variables set by bitbake. Adjust the environment variables instead. HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \ - perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir} $target + perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} --prefix=$useprefix --openssldir=${libdir}/ssl-1.0 --libdir=${libdir} $target perl ${B}/configdata.pm --dump } @@ -134,30 +130,30 @@ # Create SSL structure for packages such as ca-certificates which # contain hard-coded paths to /etc/ssl. Debian does the same. install -d ${D}${sysconfdir}/ssl - mv ${D}${libdir}/ssl-1.1/certs \ - ${D}${libdir}/ssl-1.1/private \ - ${D}${libdir}/ssl-1.1/openssl.cnf \ + mv ${D}${libdir}/ssl-1.0/certs \ + ${D}${libdir}/ssl-1.0/private \ + ${D}${libdir}/ssl-1.0/openssl.cnf \ ${D}${sysconfdir}/ssl/ # Although absolute symlinks would be OK for the target, they become # invalid if native or nativesdk are relocated from sstate. - ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-1.1/certs - ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-1.1/private - ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-1.1/openssl.cnf + ln -sf ${@oe.path.relative('${libdir}/ssl-1.0', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-1.0/certs + ln -sf ${@oe.path.relative('${libdir}/ssl-1.0', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-1.0/private + ln -sf ${@oe.path.relative('${libdir}/ssl-1.0', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-1.0/openssl.cnf } do_install_append_class-native () { create_wrapper ${D}${bindir}/openssl \ - OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \ - SSL_CERT_DIR=${libdir}/ssl-1.1/certs \ - SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \ - OPENSSL_ENGINES=${libdir}/engines-1.1 + OPENSSL_CONF=${libdir}/ssl-1.0/openssl.cnf \ + SSL_CERT_DIR=${libdir}/ssl-1.0/certs \ + SSL_CERT_FILE=${libdir}/ssl-1.0/cert.pem \ + OPENSSL_ENGINES=${libdir}/engines-1.0 } do_install_append_class-nativesdk () { mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh - sed 's|/usr/lib/ssl/|/usr/lib/ssl-1.1/|g' -i ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh + sed 's|/usr/lib/ssl/|/usr/lib/ssl-1.0/|g' -i ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh } PTEST_BUILD_HOST_FILES += "configdata.pm" @@ -170,8 +166,8 @@ cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util ${D}${PTEST_PATH} # For test_shlibload - ln -s ${libdir}/libcrypto.so.1.1 ${D}${PTEST_PATH}/ - ln -s ${libdir}/libssl.so.1.1 ${D}${PTEST_PATH}/ + ln -s ${libdir}/libcrypto.so.1.0 ${D}${PTEST_PATH}/ + ln -s ${libdir}/libssl.so.1.0 ${D}${PTEST_PATH}/ install -d ${D}${PTEST_PATH}/apps ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps @@ -192,11 +188,11 @@ FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}" FILES_libssl = "${libdir}/libssl${SOLIBS}" FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf \ - ${libdir}/ssl-1.1/openssl.cnf* \ + ${libdir}/ssl-1.0/openssl.cnf* \ " -FILES_${PN}-engines = "${libdir}/engines-1.1" -FILES_${PN}-misc = "${libdir}/ssl-1.1/misc" -FILES_${PN} =+ "${libdir}/ssl-1.1/*" +FILES_${PN}-engines = "${libdir}/engines-1.0" +FILES_${PN}-misc = "${libdir}/ssl-1.0/misc" +FILES_${PN} =+ "${libdir}/ssl-1.0/*" FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh" CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf" вот новый получившийся файл: cat openssl_1.0.2j.bb SUMMARY = "Secure Socket Layer" DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools." HOMEPAGE = "http://www.openssl.org/" BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html" SECTION = "libs/network" # "openssl" here actually means both OpenSSL and SSLeay licenses apply # (see meta/files/common-licenses/OpenSSL to which "openssl" is SPDXLICENSEMAPped) LICENSE = "openssl" LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6" DEPENDS = "hostperl-runtime-native" SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ file://run-ptest \ " SRC_URI_append_class-nativesdk = " \ file://environment.d-openssl.sh \ " SRC_URI[sha256sum] = "e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431" inherit lib_package multilib_header multilib_script ptest MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" PACKAGECONFIG ?= "" PACKAGECONFIG_class-native = "" PACKAGECONFIG_class-nativesdk = "" PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module" B = "${WORKDIR}/build" do_configure[cleandirs] = "${B}" #| ./libcrypto.so: undefined reference to `getcontext' #| ./libcrypto.so: undefined reference to `setcontext' #| ./libcrypto.so: undefined reference to `makecontext' EXTRA_OECONF_append_libc-musl = " no-async" EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm" # adding devrandom prevents openssl from using getrandom() which is not available on older glibc versions # (native versions can be built with newer glibc, but then relocated onto a system with older glibc) EXTRA_OECONF_class-native = "--with-rand-seed=os,devrandom" EXTRA_OECONF_class-nativesdk = "--with-rand-seed=os,devrandom" # Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate. CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" CFLAGS_append_class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" do_configure () { os=${HOST_OS} case $os in linux-gnueabi |\ linux-gnuspe |\ linux-musleabi |\ linux-muslspe |\ linux-musl ) os=linux ;; *) ;; esac target="$os-${HOST_ARCH}" case $target in linux-arm*) target=linux-armv4 ;; linux-aarch64*) target=linux-aarch64 ;; linux-i?86 | linux-viac3) target=linux-x86 ;; linux-gnux32-x86_64 | linux-muslx32-x86_64 ) target=linux-x32 ;; linux-gnu64-x86_64) target=linux-x86_64 ;; linux-mips | linux-mipsel) # specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags target="linux-mips32 ${TARGET_CC_ARCH}" ;; linux-gnun32-mips*) target=linux-mips64 ;; linux-*-mips64 | linux-mips64 | linux-*-mips64el | linux-mips64el) target=linux64-mips64 ;; linux-microblaze* | linux-nios2* | linux-sh3 | linux-sh4 | linux-arc*) target=linux-generic32 ;; linux-powerpc) target=linux-ppc ;; linux-powerpc64) target=linux-ppc64 ;; linux-powerpc64le) target=linux-ppc64le ;; linux-riscv32) target=linux-generic32 ;; linux-riscv64) target=linux-generic64 ;; linux-sparc | linux-supersparc) target=linux-sparcv9 ;; esac useprefix=${prefix} if [ "x$useprefix" = "x" ]; then useprefix=/ fi # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the # environment variables set by bitbake. Adjust the environment variables instead. HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \ perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} --prefix=$useprefix --openssldir=${libdir}/ssl-1.0 --libdir=${libdir} $target perl ${B}/configdata.pm --dump } do_install () { oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install oe_multilib_header openssl/opensslconf.h # Create SSL structure for packages such as ca-certificates which # contain hard-coded paths to /etc/ssl. Debian does the same. install -d ${D}${sysconfdir}/ssl mv ${D}${libdir}/ssl-1.0/certs \ ${D}${libdir}/ssl-1.0/private \ ${D}${libdir}/ssl-1.0/openssl.cnf \ ${D}${sysconfdir}/ssl/ # Although absolute symlinks would be OK for the target, they become # invalid if native or nativesdk are relocated from sstate. ln -sf ${@oe.path.relative('${libdir}/ssl-1.0', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-1.0/certs ln -sf ${@oe.path.relative('${libdir}/ssl-1.0', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-1.0/private ln -sf ${@oe.path.relative('${libdir}/ssl-1.0', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-1.0/openssl.cnf } do_install_append_class-native () { create_wrapper ${D}${bindir}/openssl \ OPENSSL_CONF=${libdir}/ssl-1.0/openssl.cnf \ SSL_CERT_DIR=${libdir}/ssl-1.0/certs \ SSL_CERT_FILE=${libdir}/ssl-1.0/cert.pem \ OPENSSL_ENGINES=${libdir}/engines-1.0 } do_install_append_class-nativesdk () { mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh sed 's|/usr/lib/ssl/|/usr/lib/ssl-1.0/|g' -i ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh } PTEST_BUILD_HOST_FILES += "configdata.pm" PTEST_BUILD_HOST_PATTERN = "perl_version =" do_install_ptest () { # Prune the build tree rm -f ${B}/fuzz/*.* ${B}/test/*.* cp ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH} cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util ${D}${PTEST_PATH} # For test_shlibload ln -s ${libdir}/libcrypto.so.1.0 ${D}${PTEST_PATH}/ ln -s ${libdir}/libssl.so.1.0 ${D}${PTEST_PATH}/ install -d ${D}${PTEST_PATH}/apps ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps install -m644 ${S}/apps/*.pem ${S}/apps/*.srl ${S}/apps/openssl.cnf ${D}${PTEST_PATH}/apps install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps install -d ${D}${PTEST_PATH}/engines install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines } # Add the openssl.cnf file to the openssl-conf package. Make the libcrypto # package RRECOMMENDS on this package. This will enable the configuration # file to be installed for both the openssl-bin package and the libcrypto # package since the openssl-bin package depends on the libcrypto package. PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc" FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}" FILES_libssl = "${libdir}/libssl${SOLIBS}" FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf \ ${libdir}/ssl-1.0/openssl.cnf* \ " FILES_${PN}-engines = "${libdir}/engines-1.0" FILES_${PN}-misc = "${libdir}/ssl-1.0/misc" FILES_${PN} =+ "${libdir}/ssl-1.0/*" FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh" CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf" RRECOMMENDS_libcrypto += "openssl-conf" RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash" RDEPENDS_${PN}-bin += "openssl-conf" BBCLASSEXTEND = "native nativesdk" CVE_PRODUCT = "openssl:openssl" # Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37 # Apache in meta-webserver is already recent enough CVE_CHECK_WHITELIST += "CVE-2019-0190" I understand that I need to figure out the configs yourself, but I get this error when executing the bitbake openssl-native ERROR: Execution of '/home/ivr/work/yocto_orig/build/tmp/work/x86_64-linux/openssl-native/1.0.2j-r0/temp/run.do_configure.1071458' failed with exit code 2: | unable to read opensslv.h:No such file or directory | Configuring for linux-x86_64 | no-devcryptoeng [option] OPENSSL_NO_DEVCRYPTOENG (skip dir) | no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir) | no-gmp [default] OPENSSL_NO_GMP (skip dir) | no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir) | no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5 | no-libunbound [experimental] OPENSSL_NO_LIBUNBOUND (skip dir) | no-md2 [default] OPENSSL_NO_MD2 (skip dir) | no-rc5 [default] OPENSSL_NO_RC5 (skip dir) | no-rfc3779 [default] OPENSSL_NO_RFC3779 (skip dir) | no-sctp [default] OPENSSL_NO_SCTP (skip dir) | no-shared [default] | no-ssl-trace [default] OPENSSL_NO_SSL_TRACE (skip dir) | no-ssl2 [default] OPENSSL_NO_SSL2 (skip dir) | no-store [experimental] OPENSSL_NO_STORE (skip dir) | no-unit-test [default] OPENSSL_NO_UNIT_TEST (skip dir) | no-weak-ssl-ciphers [default] OPENSSL_NO_WEAK_SSL_CIPHERS (skip dir) | no-zlib [default] | no-zlib-dynamic [default] | IsMK1MF=0 | WARNING: exit code 2 from a shell command. | As far as I can understand, the opensslv.h file is generated just at the configuration stage, why does the configuration stage give an error of the absence of this file?
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
extrausers-bbclass: plaintext password (since shadow update to 4.9)
Matthias Klein
Hello,
I am trying to find a working alternative for the old -P option. Previous: EXTRA_USERS_PARAMS = "usermod -P toor root;" The suggestions from this thread don't seem to work: https://lists.openembedded.org/g/openembedded-core/topic/84548199 Current: hash="$(python3 -c "import crypt; print(crypt.crypt('toor', crypt.METHOD_SHA512))")" EXTRA_USERS_PARAMS = "usermod -p ${hash} root;" The hashed password does not seem to be escaped properly in the extrausers-bbclass. The password in the shadow file is missing $ characters. Is there a way (with the current master branch) to define a password? Many greetings, Matthias
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: kcrash package compile issue
Zoran
That means that kwindowsystem did not install all necessary bits.Oh, I see... It has everything to do with Xwindows systems in X11 Client/Server domain. kwindoes => KDE desktop. Apology for the confusion! Zee _______ On Mon, Aug 30, 2021 at 2:19 PM Andreas Müller <schnitzeltony@...> wrote:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: kcrash package compile issue
Andreas Müller
On Mon, Aug 30, 2021 at 6:46 AM Zoran <zoran.stojsavljevic@...> wrote:
1. From version 5.85 I assume you use meta-qt5-extra (not meta-kf5) - right?CMake Error in src/CMakeLists.txt:You somehow mixed Windows and Linux Cmake build systems. Not sure how... 2. the important part of the log is: | CMake Error in src/CMakeLists.txt: | Imported target "KF5::WindowSystem" includes non-existent path | "/home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kwindowsystem/5.85.0-r0/recipe-sysroot/usr/include" That means that kwindowsystem did not install all necessary bits. Do you have x11 in your DISTRO_FEATURES? If not you should add that. Hope that helps Andreas
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
surfinride
Hey there. I am building a Boot2Qt image for my Jetson Nano. Yocto release is dunfell. Currently I am trying to build the scipy library release 1.5.3. This is the recipe I am using:
inherit pypi setuptools3 This recipe fails with the bad RPATH error. Complete error log here.
This is what the Yocto documentation has to say about the bad RPATH error: -package <packagename> contains bad RPATH <rpath> in file <file> [rpaths]The specified binary produced by the recipe contains dynamic library load paths (rpaths) that contain build system paths such as TMPDIR, which are incorrect for the target and could potentially be a security issue. Check for bad -rpathoptions being passed to the linker in your do_compile log. Depending on the build system used by the software being built, there might be a configure option to disable rpath usage completely within the build of the software.I looked in the run.do_configure file. This is what the BUILD_LDFLAGS variable is set like: export BUILD_LDFLAGS="-L/media/dell/ext4_volume/jetson-nano-build-files/tmp/work/aarch64-poky-linux/python3-scipy/1.5.3-r0/recipe-sysroot-native/usr/lib -L/media/dell/ext4_volume/jetson-nano-build-files/tmp/work/aarch64-poky-linux/python3-scipy/1.5.3-r0/recipe-sysroot-native/lib -Wl,--enable-new-dtags -Wl,-rpath-link,/media/dell/ext4_volume/jetson-nano-build-files/tmp/work/aarch64-poky-linux/python3-scipy/1.5.3-r0/recipe-sysroot-native/usr/lib -Wl,-rpath-link,/media/dell/ext4_volume/jetson-nano-build-files/tmp/work/aarch64-poky-linux/python3-scipy/1.5.3-r0/recipe-sysroot-native/lib -Wl,-rpath,/media/dell/ext4_volume/jetson-nano-build-files/tmp/work/aarch64-poky-linux/python3-scipy/1.5.3-r0/recipe-sysroot-native/usr/lib -Wl,-rpath,/media/dell/ext4_volume/jetson-nano-build-files/tmp/work/aarch64-poky-linux/python3-scipy/1.5.3-r0/recipe-sysroot-native/lib -Wl,-O1 -Wl,--allow-shlib-undefined -Wl,--dynamic-linker=/media/dell/ext4_volume/jetson-nano-build-files/tmp/sysroots-uninative/x86_64-linux/lib/ld-linux-x86-64.so.2"So I created a copy of bitbake.conf in my custom layer and set the priority of the layer above the poky/meta/ layer. With this the -rpath and -rpath-link options are removed from the BUILD_LDFLAGS variable. Now if I build the package, the build still fails with the same error. Running grep on the tmp/work/aarch64-poky-linux/python3-scipy/1.5.3-r0/temp/ showed that -rpath option is still being passed to gcc. Complete log.do_compile here. Right now I am kind of clueless as to how I should approach debugging this. Would really appreciate any help. Thanks.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: kcrash package compile issue
Zoran
CMake Error in src/CMakeLists.txt:You somehow mixed Windows and Linux Cmake build systems. Not sure how... Solution 1: fix on the fly current problem: You should inspect the file: src/CMakeLists.txt and try to fix Windows paths to match Linux paths. Solution 2: delete the current Cmake setup and execute it from scratch: Error should not happen, since you need to delete the Cmake setup and do the whole thing from scratch. 1) configure <<===== This step causes you problems! 2) make 3) make install Zee _______ On Mon, Aug 30, 2021 at 6:10 AM sateesh m <sateesh0457@...> wrote:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
kcrash package compile issue
sateesh m
Hi Team,
I am trying to build kcrash package. I got below error.Can anybody know how to fix this please guide me. ERROR: kcrash-5.85.0-r0 do_configure: Execution of '/home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/temp/run.do_configure.12650' failed with exit code 1: -- The C compiler identification is GNU 10.2.0 -- The CXX compiler identification is GNU 10.2.0 -- Detecting C compiler ABI info -- Detecting C compiler ABI info - done -- Check for working C compiler: /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot-native/usr/bin/riscv64-oe-linux/riscv64-oe-linux-gcc - skipped -- Detecting C compile features -- Detecting C compile features - done -- Detecting CXX compiler ABI info -- Detecting CXX compiler ABI info - done -- Check for working CXX compiler: /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot-native/usr/bin/riscv64-oe-linux/riscv64-oe-linux-g++ - skipped -- Detecting CXX compile features -- Detecting CXX compile features - done --
Installing in /usr. Run /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/build/prefix.sh to set the environment for KCrash. -- Looking for __GLIBC__ -- Looking for __GLIBC__ - found -- Performing Test _OFFT_IS_64BIT -- Performing Test _OFFT_IS_64BIT - Success -- Performing Test HAVE_DATE_TIME -- Performing Test HAVE_DATE_TIME - Success -- Performing Test BSYMBOLICFUNCTIONS_AVAILABLE -- Performing Test BSYMBOLICFUNCTIONS_AVAILABLE - Success fatal: not a git repository (or any of the parent directories): .git -- Found X11: /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot/usr/include -- Looking for XOpenDisplay in /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot/usr/lib/libX11.so;/home/sateesh/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot/usr/lib/libXext.so -- Looking for XOpenDisplay in /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot/usr/lib/libX11.so;/home/sateesh/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot/usr/lib/libXext.so - found -- Looking for gethostbyname -- Looking for gethostbyname - found -- Looking for connect -- Looking for connect - found -- Looking for remove -- Looking for remove - found -- Looking for shmat -- Looking for shmat - found -- Looking for IceConnectionNumber in ICE -- Looking for IceConnectionNumber in ICE - found -- Performing Test COMPILER_HAS_HIDDEN_VISIBILITY -- Performing Test COMPILER_HAS_HIDDEN_VISIBILITY - Success -- Performing Test COMPILER_HAS_HIDDEN_INLINE_VISIBILITY -- Performing Test COMPILER_HAS_HIDDEN_INLINE_VISIBILITY - Success -- Performing Test COMPILER_HAS_DEPRECATED_ATTR -- Performing Test COMPILER_HAS_DEPRECATED_ATTR - Success -- The following features have been enabled:
* Core Pattern Raising, Raising signals to kernel core patterns (iff the pattern is a process). You may wish to not install drkonqi if this can cause a UI conflict.
-- The following OPTIONAL packages have been found:
* X11
-- The following REQUIRED packages have been found:
* ECM (required version >= 5.85.0), Extra CMake Modules., <https://commits.kde.org/extra-cmake-modules> * Qt5 (required version >= 5.15.0) * Qt5Core (required version >= 5.15.0) * KF5CoreAddons (required version >= 5.85.0) * Qt5Gui (required version >= 5.15.0) * KF5WindowSystem (required version >= 5.85.0) * Qt5X11Extras (required version >= 5.15.0)
-- The following features have been disabled:
* QCH, API documentation in QCH format (for e.g. Qt Assistant, Qt Creator & KDevelop)
-- Configuring done CMake Error in src/CMakeLists.txt: Imported target "KF5::WindowSystem" includes non-existent path
"/home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kwindowsystem/5.85.0-r0/recipe-sysroot/usr/include"
in its INTERFACE_INCLUDE_DIRECTORIES. Possible reasons include:
* The path was deleted, renamed, or moved to another location.
* An install or uninstall procedure did not complete successfully.
* The installation package was faulty and references files it does not provide.
CMake Error in src/CMakeLists.txt: Imported target "KF5::WindowSystem" includes non-existent path
"/home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kwindowsystem/5.85.0-r0/recipe-sysroot/usr/include"
in its INTERFACE_INCLUDE_DIRECTORIES. Possible reasons include:
* The path was deleted, renamed, or moved to another location.
* An install or uninstall procedure did not complete successfully.
* The installation package was faulty and references files it does not provide.
-- Generating done CMake Warning: Manually-specified variables were not used by the project:
BUILD_DESIGNERPLUGIN LIB_SUFFIX OE_KF5_PATH_HOST_ROOT OE_QMAKE_PATH_ARCHDATA OE_QMAKE_PATH_BINS OE_QMAKE_PATH_DATA OE_QMAKE_PATH_DOCS OE_QMAKE_PATH_EXAMPLES OE_QMAKE_PATH_HEADERS OE_QMAKE_PATH_HOST_BINS OE_QMAKE_PATH_HOST_DATA OE_QMAKE_PATH_HOST_LIBS OE_QMAKE_PATH_HOST_PREFIX OE_QMAKE_PATH_LIBEXECS OE_QMAKE_PATH_LIBS OE_QMAKE_PATH_PLUGINS OE_QMAKE_PATH_PREFIX OE_QMAKE_PATH_QML OE_QMAKE_PATH_QT_ARCHDATA OE_QMAKE_PATH_QT_BINS OE_QMAKE_PATH_QT_DATA OE_QMAKE_PATH_QT_DOCS OE_QMAKE_PATH_QT_EXAMPLES OE_QMAKE_PATH_QT_HEADERS OE_QMAKE_PATH_QT_SETTINGS OE_QMAKE_PATH_QT_TESTS OE_QMAKE_PATH_QT_TRANSLATIONS OE_QMAKE_PATH_SETTINGS OE_QMAKE_PATH_TESTS OE_QMAKE_PATH_TRANSLATIONS PYTHON_EXECUTABLE Python3_EXECUTABLE Python_EXECUTABLE
CMake Generate step failed. Build files cannot be regenerated correctly. WARNING: exit code 1 from a shell command.
ERROR: Logfile of failure stored in: /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/temp/log.do_configure.12650 --Regards, Sateesh
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: Pyinstaller error in yocto
#yocto
Hi,
Please don't use screen shots, but pastebin instead. I already mentioned this on fb. My comments are inline. On 29/08/2021 13:48, yasminebenghozzi6@... wrote: Hello,It misses ldd. It's here: https://git.yoctoproject.org/cgit/cgit.cgi/poky/tree/meta/recipes-core/glibc/glibc-package.inc You might want to try something like: IMAGE_INSTALL += "ldd" Regards, Robert
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Pyinstaller error in yocto
#yocto
yasminebenghozzi6@...
Hello,
I successfully installed pyinstaller in my yocto image , but while executing the command it doesn't work
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: [oe][meta-security][PATCH] meta: Fix typos
Martin Jansa
Please merge this one.
On Wed, Aug 4, 2021 at 1:20 PM Martin Jansa via lists.yoctoproject.org <Martin.Jansa=gmail.com@...> wrote:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: [meta-tpm][PATCH v2] README: fix mailing lists and a typo
merged
toggle quoted messageShow quoted text
thanks
On 8/25/21 6:25 AM, Marta Rybczynska wrote:
A number of typo fixes:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: [PATCH] meta-integrity: kernel-modsign: Change weak default value
merged
toggle quoted messageShow quoted text
thanks
On 8/26/21 10:14 AM, Daiane Angolini wrote:
Assign a weak default value for MODSIGN_KEY_DIR so the other layers can
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|