Date   

[meta-security][PATCH 2/2] linux-yocto_security.inc: add lkrg kfrags

Armin Kuster
 

Signed-off-by: Armin Kuster <akuster808@...>
---
recipes-kernel/linux/files/lkrg.cfg | 4 ++++
recipes-kernel/linux/files/lkrg.scc | 5 +++++
recipes-kernel/linux/linux-yocto_security.inc | 3 +++
3 files changed, 12 insertions(+)
create mode 100644 recipes-kernel/linux/files/lkrg.cfg
create mode 100644 recipes-kernel/linux/files/lkrg.scc

diff --git a/recipes-kernel/linux/files/lkrg.cfg b/recipes-kernel/linux/files/lkrg.cfg
new file mode 100644
index 0000000..e02bf76
--- /dev/null
+++ b/recipes-kernel/linux/files/lkrg.cfg
@@ -0,0 +1,4 @@
+CONFIG_DEBUG_KERNEL=y
+CONFIG_KALLSYMS_ALL=y
+CONFIG_JUMP_LABEL=y
+CONFIG_DEBUG_SECTION_MISMATCH=y
diff --git a/recipes-kernel/linux/files/lkrg.scc b/recipes-kernel/linux/files/lkrg.scc
new file mode 100644
index 0000000..83397f8
--- /dev/null
+++ b/recipes-kernel/linux/files/lkrg.scc
@@ -0,0 +1,5 @@
+# SPDX-License-Identifier: MIT
+define KFEATURE_DESCRIPTION "Enable Support for LKRG"
+define KFEATURE_COMPATIBILITY board
+
+kconf hardware lkrg.cfg
diff --git a/recipes-kernel/linux/linux-yocto_security.inc b/recipes-kernel/linux/linux-yocto_security.inc
index defca57..b79af80 100644
--- a/recipes-kernel/linux/linux-yocto_security.inc
+++ b/recipes-kernel/linux/linux-yocto_security.inc
@@ -1,3 +1,6 @@
+FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
+
KERNEL_FEATURES:append = " ${@bb.utils.contains("DISTRO_FEATURES", "apparmor", " features/apparmor/apparmor.scc", "" ,d)}"
KERNEL_FEATURES:append = " ${@bb.utils.contains("DISTRO_FEATURES", "smack", " features/smack/smack.scc", "" ,d)}"
KERNEL_FEATURES:append = " ${@bb.utils.contains("IMAGE_CLASSES", "dm-verity-img", " features/device-mapper/dm-verity.scc", "" ,d)}"
+SRC_URI += " ${@bb.utils.contains("DISTRO_FEATURES", "lkrg", "file://lkrg.scc", "" ,d)}"
--
2.25.1


[meta-security][PATCH 1/2] lkrg-module: covert to git fetcher

Armin Kuster
 

This allows to track tip easier.
refresh patch
Fix LICENSE to match SPDX format

Signed-off-by: Armin Kuster <akuster808@...>
---
recipes-kernel/lkrg/files/makefile_cleanup.patch | 6 +++---
recipes-kernel/lkrg/lkrg-module_0.9.2.bb | 10 +++++-----
2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/recipes-kernel/lkrg/files/makefile_cleanup.patch b/recipes-kernel/lkrg/files/makefile_cleanup.patch
index a4db2d9..799b1a6 100644
--- a/recipes-kernel/lkrg/files/makefile_cleanup.patch
+++ b/recipes-kernel/lkrg/files/makefile_cleanup.patch
@@ -4,10 +4,10 @@ This needs more work. Its my starting point.

Signed-off-by: Armin Kuster <akuster808@...>

-Index: lkrg-0.9.2/Makefile
+Index: git/Makefile
===================================================================
---- lkrg-0.9.2.orig/Makefile
-+++ lkrg-0.9.2/Makefile
+--- git.orig/Makefile
++++ git/Makefile
@@ -4,28 +4,10 @@
# Author:
# - Adam 'pi3' Zabrocki (http://pi3.com.pl)
diff --git a/recipes-kernel/lkrg/lkrg-module_0.9.2.bb b/recipes-kernel/lkrg/lkrg-module_0.9.2.bb
index e055fbe..85f7d44 100644
--- a/recipes-kernel/lkrg/lkrg-module_0.9.2.bb
+++ b/recipes-kernel/lkrg/lkrg-module_0.9.2.bb
@@ -3,18 +3,18 @@ DESCRIPTION="LKRG performs runtime integrity checking of the Linux \
kernel and detection of security vulnerability exploits against the kernel."
SECTION = "security"
HOMEPAGE = "https://www.openwall.com/lkrg/"
-LICENSE = "GPLv2"
+LICENSE = "GPL-2.0-only"

LIC_FILES_CHKSUM = "file://LICENSE;md5=5105ead24b08a32954f34cbaa7112432"

DEPENDS = "virtual/kernel elfutils"

-SRC_URI = "https://download.openwall.net/pub/projects/lkrg/lkrg-${PV}.tar.gz \
- file://makefile_cleanup.patch "
+SRCREV = "43db5f19fca259feb1962f6db33382348cbc8320"

-SRC_URI[sha256sum] = "c2b501c47089cce3ec3114cef6520b73aa3a098836183186b9bb5e097c99ac27"
+SRC_URI = "git://github.com/lkrg-org/lkrg.git;protocol=https;branch=main \
+ file://makefile_cleanup.patch "

-S = "${WORKDIR}/lkrg-${PV}"
+S = "${WORKDIR}/git"

inherit module kernel-module-split

--
2.25.1


Re: Fedora 36 / uninative GLIBCXX 3.4.30

Martin Jansa
 

FWIW: the same is happening now with ubuntu-22.04 where libstdc++6 package is now built from gcc-12 sources (even when gcc itself still defaults to gcc-11).

I was trying to add the check in uninative.bbclass, but haven't found easy portable way to detect the version from libstdc++.so.6 (other than parsing objdump -x /full/path/to/libstdc++.so.6 output).

On Sun, Apr 3, 2022 at 12:44 PM Richard Purdie <richard.purdie@...> wrote:
On Sun, 2022-04-03 at 09:12 +0200, Federico Pellegrin wrote:
> I've been playing around building a Yocto imagine based on kirkstone/master on
> the just released Fedora 36 beta test image. (just to give a few bits more
> details: builds a MX8X image, works perfectly fine with Fedora 34 and 35 since
> quite some time)
>
> The first and most obvious thing I've found out is that it is based on a newer
> version of glibcxx (3.4.30) when the very latest uninative available (as far
> as I could see, apologies if I'm wrong) is on 3.4.29, so at some point this
> will break the build (when pzstd is called).
>
> Of course for the time being I just disabled uninative and the build is going
> on (will report of course should I find something else). I'm not sure (still
> checking this) if that should have happened automatically, but there was
> actually no warning in that sense (maybe because is GLIBCXX and not GLIBC
> itself?)
> But the question is: should I try to contribute that tarball (I will search
> for details, but if there is any good reference more than welcome!) or is it
> something that is likely done by the core team?
>
> Of course FC36 is still a test distro so there is no surprise it broke, but as
> we are close to Kirkstone release and possibly other distros will get the same
> upgrade, I guess it could be great if we may fix this before that deadline.

Thanks for reporting it. I think to generate the newer version we need gcc 12
which is still in pre-release. We generate the uninative tarball using our own
builds on the autobuilder so until we have gcc 12 recipes there, we can't
generate that.

Once gcc 12 is out, we will release a new uninative (assuming we can update our
recipes).

I'd like to think the checks in uninative would have noticed the mismatch, we do
have some code there to detect libc version but perhaps not the CXX pieces so
I'd welcome help in adding something for that.

Cheers,

Richard







Re: Fedora 36 / uninative GLIBCXX 3.4.30

Richard Purdie
 

On Sun, 2022-04-03 at 09:12 +0200, Federico Pellegrin wrote:
I've been playing around building a Yocto imagine based on kirkstone/master on
the just released Fedora 36 beta test image. (just to give a few bits more
details: builds a MX8X image, works perfectly fine with Fedora 34 and 35 since
quite some time)

The first and most obvious thing I've found out is that it is based on a newer
version of glibcxx (3.4.30) when the very latest uninative available (as far
as I could see, apologies if I'm wrong) is on 3.4.29, so at some point this
will break the build (when pzstd is called).

Of course for the time being I just disabled uninative and the build is going
on (will report of course should I find something else). I'm not sure (still
checking this) if that should have happened automatically, but there was
actually no warning in that sense (maybe because is GLIBCXX and not GLIBC
itself?)
But the question is: should I try to contribute that tarball (I will search
for details, but if there is any good reference more than welcome!) or is it
something that is likely done by the core team?

Of course FC36 is still a test distro so there is no surprise it broke, but as
we are close to Kirkstone release and possibly other distros will get the same
upgrade, I guess it could be great if we may fix this before that deadline.
Thanks for reporting it. I think to generate the newer version we need gcc 12
which is still in pre-release. We generate the uninative tarball using our own
builds on the autobuilder so until we have gcc 12 recipes there, we can't
generate that.

Once gcc 12 is out, we will release a new uninative (assuming we can update our
recipes).

I'd like to think the checks in uninative would have noticed the mismatch, we do
have some code there to detect libc version but perhaps not the CXX pieces so
I'd welcome help in adding something for that.

Cheers,

Richard


Fedora 36 / uninative GLIBCXX 3.4.30

Federico Pellegrin
 



Hello,
I've been playing around building a Yocto imagine based on kirkstone/master on the just released Fedora 36 beta test image. (just to give a few bits more details: builds a MX8X image, works perfectly fine with Fedora 34 and 35 since quite some time)

The first and most obvious thing I've found out is that it is based on a newer version of glibcxx (3.4.30) when the very latest uninative available (as far as I could see, apologies if I'm wrong) is on 3.4.29, so at some point this will break the build (when pzstd is called).

Of course for the time being I just disabled uninative and the build is going on (will report of course should I find something else). I'm not sure (still checking this) if that should have happened automatically, but there was actually no warning in that sense (maybe because is GLIBCXX and not GLIBC itself?)
But the question is: should I try to contribute that tarball (I will search for details, but if there is any good reference more than welcome!) or is it something that is likely done by the core team?

Of course FC36 is still a test distro so there is no surprise it broke, but as we are close to Kirkstone release and possibly other distros will get the same upgrade, I guess it could be great if we may fix this before that deadline.

Many thanks!
Federico



Re: installed and not shipped files. [installed-vs-shipped]

Konstantin Kletschke
 

On Sat, Apr 02, 2022 at 12:13:26PM +0200, Quentin Schulz wrote:

FILES variables is compatible with glob from Python so that should work but that's really the first time I see this, usually it's just the directory or dir/*. Learned something new today :)
:-)

Are you on honister (or master/soon kirkstone) release? If so, it's FILES:${PN} and not FILES_${PN}.
That's it!
I wasn't aware of this change, could have searched for another couple of
days!

Thank.
you.
very.
much.

Kind Regards
Konsti


--
INSIDE M2M GmbH
Konstantin Kletschke
Berenbosteler Straße 76 B
30823 Garbsen

Telefon: +49 (0) 5137 90950136
Mobil: +49 (0) 151 15256238
Fax: +49 (0) 5137 9095010

konstantin.kletschke@...
http://www.inside-m2m.de

Geschäftsführung: Michael Emmert, Ingo Haase, Dr. Fred Könemann, Derek Uhlig
HRB: 111204, AG Hannover


Re: Specified SDKMACHINE value is not valid

Khem Raj
 

On Sat, Apr 2, 2022 at 9:37 AM jchludzinski <jchludzinski@...> wrote:

I’m actually trying this on an RP4 running Raspbian.
Oh I see. we do support aarch64 as build host, so if you are trying
64bit OS on rpi then it should work
although, rpi4 may not have enough muscle to build, perhaps using SSD
with rpi4 might help a bit

So find out if rpi4 is running in 64bit mode if not then building on
armv7 might have issues.

in anycase try setting SDKMACHINE = "i686" this should get you past
this particular error, there might be more after it.

Fixed when x11 is not in DISTRO_FEATURES:
$ bitbake wxwidgets
ERROR: Nothing PROVIDES 'wxwidgets'
wxwidgets was skipped: missing required distro feature 'x11' (not in
DISTRO_FEATURES)


On 2022-04-02 12:15, Khem Raj wrote:
On Sat, Apr 2, 2022 at 1:47 AM jchludzinski <jchludzinski@...>
wrote:

$ git clone git://git.yoctoproject.org/poky.git
$ cd ./poky
$ git checkout yocto-3.4.2
$ cd ..
$ source ./poky/oe-init-build-env
$ cd ./build
$ time bitbake core-image-minimal
...
ERROR: OE-core's config sanity checker detected a potential
misconfiguration.
Either fix the cause of this error or at your own risk disable the
checker (see sanity.conf).
Following is the list of potential problems / advisories:

Specified SDKMACHINE value is not valid


Summary: There was 1 WARNING message shown.
Summary: There was 1 ERROR message shown, returning a non-zero exit
code.

________________________________________________________
Executed in 3.92 secs fish external
usr time 1.07 secs 9.77 millis 1.06 secs
sys time 0.18 secs 2.96 millis 0.17 secs



On 2022-04-01 18:09, Khem Raj wrote:

On Fri, Apr 1, 2022 at 2:02 PM jchludzinski <jchludzinski@...>
wrote:


But obviously commented out.

On 2022-04-01 16:43, jchludzinski via lists.yoctoproject.org wrote:

There's this:
#SDKMACHINE ?= "i686"


OK it should be ok then. Can you describe your steps to setup the
system?
maybe there is some caveat


---John

On 2022-04-01 16:22, Khem Raj wrote:

On Fri, Apr 1, 2022 at 1:09 PM jchludzinski via
lists.yoctoproject.org
[1 [1]] <jchludzinski=vivaldi.net@...> wrote:

I'm trying an experiment building yocto/OE on a Raspberry Pi 4 to
host on the same RP4. Admittedly, a not practical platform for
this
purpose but it should work.

I'm trying to target the ARM ISA for the image using yocto-3.4.2.
I've tried simply using the default setting and end up with:

_ERROR: OE-core's config sanity checker detected a potential
misconfiguration._
_ Either fix the cause of this error or at your own risk
disable
the checker (see sanity.conf)._
_ Following is the list of potential problems / advisories:_
_ _
_ Specified SDKMACHINE value is not valid_

I've tried editing ./conf/local.conf:

MACHINE ?= "qemuarm64"

#MACHINE ??= "qemux86-64"


It's complaining about SDKMACHINE setting which is a separate
variable, can you check your local.conf if it's set to something

But this accomplishes nothing. Needless to say, I'm a yacto/OE
newbie, so any suggestions would be greatly appreciated.
are you on a x86_64 host? Secondly try to uncomment SDKMACHINE setting
in local.conf
and see if it helps. Also check if your default shell is bash or dash.


---John


Links:
------
[1] http://lists.yoctoproject.org



Links:
------
[1] http://lists.yoctoproject.org




--
NULL


Re: Specified SDKMACHINE value is not valid

jchludzinski
 

I’m actually trying this on an RP4 running Raspbian.

On 2022-04-02 12:15, Khem Raj wrote:
On Sat, Apr 2, 2022 at 1:47 AM jchludzinski <jchludzinski@...> wrote:
$ git clone git://git.yoctoproject.org/poky.git
$ cd ./poky
$ git checkout yocto-3.4.2
$ cd ..
$ source ./poky/oe-init-build-env
$ cd ./build
$ time bitbake core-image-minimal
...
ERROR: OE-core's config sanity checker detected a potential misconfiguration.
Either fix the cause of this error or at your own risk disable the checker (see sanity.conf).
Following is the list of potential problems / advisories:
Specified SDKMACHINE value is not valid
Summary: There was 1 WARNING message shown.
Summary: There was 1 ERROR message shown, returning a non-zero exit code.
________________________________________________________
Executed in 3.92 secs fish external
usr time 1.07 secs 9.77 millis 1.06 secs
sys time 0.18 secs 2.96 millis 0.17 secs
On 2022-04-01 18:09, Khem Raj wrote:
On Fri, Apr 1, 2022 at 2:02 PM jchludzinski <jchludzinski@...> wrote:
But obviously commented out.
On 2022-04-01 16:43, jchludzinski via lists.yoctoproject.org wrote:
There's this:
#SDKMACHINE ?= "i686"
OK it should be ok then. Can you describe your steps to setup the system?
maybe there is some caveat
---John
On 2022-04-01 16:22, Khem Raj wrote:
On Fri, Apr 1, 2022 at 1:09 PM jchludzinski via
lists.yoctoproject.org
[1 [1]] <jchludzinski=vivaldi.net@...> wrote:
I'm trying an experiment building yocto/OE on a Raspberry Pi 4 to
host on the same RP4. Admittedly, a not practical platform for
this
purpose but it should work.
I'm trying to target the ARM ISA for the image using yocto-3.4.2.
I've tried simply using the default setting and end up with:
_ERROR: OE-core's config sanity checker detected a potential
misconfiguration._
_ Either fix the cause of this error or at your own risk
disable
the checker (see sanity.conf)._
_ Following is the list of potential problems / advisories:_
_ _
_ Specified SDKMACHINE value is not valid_
I've tried editing ./conf/local.conf:
MACHINE ?= "qemuarm64"
#MACHINE ??= "qemux86-64"
It's complaining about SDKMACHINE setting which is a separate
variable, can you check your local.conf if it's set to something
But this accomplishes nothing. Needless to say, I'm a yacto/OE
newbie, so any suggestions would be greatly appreciated.
are you on a x86_64 host? Secondly try to uncomment SDKMACHINE setting
in local.conf
and see if it helps. Also check if your default shell is bash or dash.

---John
Links:
------
[1] http://lists.yoctoproject.org
Links:
------
[1] http://lists.yoctoproject.org
--
NULL


Re: Specified SDKMACHINE value is not valid

Khem Raj
 

On Sat, Apr 2, 2022 at 1:47 AM jchludzinski <jchludzinski@...> wrote:

$ git clone git://git.yoctoproject.org/poky.git
$ cd ./poky
$ git checkout yocto-3.4.2
$ cd ..
$ source ./poky/oe-init-build-env
$ cd ./build
$ time bitbake core-image-minimal
...
ERROR: OE-core's config sanity checker detected a potential misconfiguration.
Either fix the cause of this error or at your own risk disable the checker (see sanity.conf).
Following is the list of potential problems / advisories:

Specified SDKMACHINE value is not valid


Summary: There was 1 WARNING message shown.
Summary: There was 1 ERROR message shown, returning a non-zero exit code.

________________________________________________________
Executed in 3.92 secs fish external
usr time 1.07 secs 9.77 millis 1.06 secs
sys time 0.18 secs 2.96 millis 0.17 secs



On 2022-04-01 18:09, Khem Raj wrote:

On Fri, Apr 1, 2022 at 2:02 PM jchludzinski <jchludzinski@...> wrote:


But obviously commented out.

On 2022-04-01 16:43, jchludzinski via lists.yoctoproject.org wrote:

There's this:
#SDKMACHINE ?= "i686"


OK it should be ok then. Can you describe your steps to setup the system?
maybe there is some caveat


---John

On 2022-04-01 16:22, Khem Raj wrote:

On Fri, Apr 1, 2022 at 1:09 PM jchludzinski via
lists.yoctoproject.org
[1 [1]] <jchludzinski=vivaldi.net@...> wrote:

I'm trying an experiment building yocto/OE on a Raspberry Pi 4 to
host on the same RP4. Admittedly, a not practical platform for
this
purpose but it should work.

I'm trying to target the ARM ISA for the image using yocto-3.4.2.
I've tried simply using the default setting and end up with:

_ERROR: OE-core's config sanity checker detected a potential
misconfiguration._
_ Either fix the cause of this error or at your own risk
disable
the checker (see sanity.conf)._
_ Following is the list of potential problems / advisories:_
_ _
_ Specified SDKMACHINE value is not valid_

I've tried editing ./conf/local.conf:

MACHINE ?= "qemuarm64"

#MACHINE ??= "qemux86-64"


It's complaining about SDKMACHINE setting which is a separate
variable, can you check your local.conf if it's set to something

But this accomplishes nothing. Needless to say, I'm a yacto/OE
newbie, so any suggestions would be greatly appreciated.
are you on a x86_64 host? Secondly try to uncomment SDKMACHINE setting
in local.conf
and see if it helps. Also check if your default shell is bash or dash.


---John


Links:
------
[1] http://lists.yoctoproject.org



Links:
------
[1] http://lists.yoctoproject.org





Re: installed and not shipped files. [installed-vs-shipped]

Quentin Schulz
 

Hi Konstantin,

On April 1, 2022 2:50:13 PM GMT+02:00, Konstantin Kletschke <konstantin.kletschke@...> wrote:
I am currently trying to extend the meta-java framework with an
openjdk-18 recipe.
I encounter a problem with the [installed-vs-shipped] QA check which I
can't cope with, I admit.

The autotolls and crosscompile seems to work fine, the install is
overridden with this:

do_install() {
rm -rf ${D}/${JAVA_HOME}
mkdir -p ${D}/${JAVA_HOME}
echo "THIS IS D: "${D} > ${D}/${JAVA_HOME}/THE_D
if [[ "${PN}" = openjre* ]]; then
# cp -rp ${B}/images/jre/* ${D}/${JAVA_HOME}
cp -rp ${B}/jdk/* ${D}${JAVA_HOME}
else
# cp -rp ${B}/images/jdk/* ${D}/${JAVA_HOME}
cp -rp ${B}/jdk/* ${D}${JAVA_HOME}
fi
chown -R root:root ${D}${JAVA_HOME}
#install -m644 ${WORKDIR}/jvm.cfg ${D}${JAVA_HOME}/jre/lib/${JDK_ARCH}/
find ${D}/${JAVA_HOME} -name "*.debuginfo" -exec rm {} \;
}

To verify ${D} there is this "echo [...] THE_D" part in the install step
to look, what's happening.

After this stage I have the following file

/home/konsti/yocto/build/tmp/work/cortexa8hf-neon-poky-linux-gnueabi/openjdk-18/18+37+gitAUTOINC+0f2113cee7-r0/image/usr/lib/jvm/openjdk-18/THE_D

with contents

THIS IS D: /home/konsti/yocto/build/tmp/work/cortexa8hf-neon-poky-linux-gnueabi/openjdk-18/18+37+gitAUTOINC+0f2113cee7-r0/image

What I suppose is ${D} looks like this:

~/yocto/build   honister ?1 ❯ ls -la /home/konsti/yocto/build/tmp/work/cortexa8hf-neon-poky-linux-gnueabi/openjdk-18/18+37+gitAUTOINC+0f2113cee7-r0/image
total 12
drwxr-xr-x 3 konsti konsti 4096 Apr 1 14:24 .
drwxr-xr-x 17 konsti konsti 4096 Apr 1 14:24 ..
drwxr-xr-x 3 konsti konsti 4096 Apr 1 14:24 usr

${JAVA_HOME} expands to /usr/lib/jvm/openjdk-18:

~/yocto/build   honister ?1 ❯ ls -la /home/konsti/yocto/build/tmp/work/cortexa8hf-neon-poky-linux-gnueabi/openjdk-18/18+37+gitAUTOINC+0f2113cee7-r0/image/usr/lib/jvm/openjdk-18/
total 36
drwxr-xr-x 7 konsti konsti 4096 Apr 1 14:24 .
drwxr-xr-x 3 konsti konsti 4096 Apr 1 14:24 ..
-rw-r--r-- 3 konsti konsti 128 Apr 1 14:24 THE_D
drwxr-xr-x 2 konsti konsti 4096 Apr 1 14:24 bin
drwxr-xr-x 5 konsti konsti 4096 Apr 1 14:22 conf
drwxr-xr-x 3 konsti konsti 4096 Apr 1 14:22 include
drwxr-xr-x 5 konsti konsti 4096 Apr 1 14:24 lib
drwxr-xr-x 69 konsti konsti 4096 Apr 1 14:23 modules
-rw-r--r-- 3 konsti konsti 129 Apr 1 14:22 release

So accordingly the recipe continues with extending the FILES to do
packaging this way:

FILES_${PN} += "\
${JAVA_HOME}/bin/[a-z]* \
${JAVA_HOME}/lib/[a-z]* \
FILES variables is compatible with glob from Python so that should work but that's really the first time I see this, usually it's just the directory or dir/*. Learned something new today :)

${JAVA_HOME}/modules \
${JAVA_HOME}/release \
${JAVA_HOME}/conf \
${JAVA_HOME}/include \
${JAVA_HOME}/THE_D \
"

When I do "bitbake -e openjdk-18 |grep FILES_openjdk-18=" I get this:
Are you on honister (or master/soon kirkstone) release? If so, it's FILES:${PN} and not FILES_${PN}.

Try to avoid using hardcoded names instead of ${PN} because it breaks multilib (probably not a problem for many, I can concede :) ).

Make sure that openjdk-18 is actually a valid package name too by running bitbake -e <recipe-name> | grep "^PACKAGES=".

FILES_openjdk-18=" /usr/lib/jvm/openjdk-18/bin/[a-z]* /usr/lib/jvm/openjdk-18/lib/[a-z]* /usr/lib/jvm/openjdk-18/modules /usr/lib/jvm/openjdk-18/release /usr/lib/jvm/openjdk-18/conf /usr/lib/jvm/openjdk-18/include /usr/lib/jvm/openjdk-18/THE_D "

When bitbake tries to package, I get this error:

ERROR: openjdk-18-18+37+gitAUTOINC+0f2113cee7-r0 do_package: QA Issue: openjdk-18: Files/directories were installed but not shipped in any package:
/usr/lib/jvm/openjdk-18/release
/usr/lib/jvm/openjdk-18/THE_D
/usr/lib/jvm/openjdk-18/conf
/usr/lib/jvm/openjdk-18/include
/usr/lib/jvm/openjdk-18/lib/libj2gss.so
[...]
/usr/lib/jvm/openjdk-18/modules/jdk.internal.le/jdk/internal/org/jline/keymap/BindingReader.class
/usr/lib/jvm/openjdk-18/modules/jdk.internal.le/jdk/internal/org/jline/keymap/KeyMap.class
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
openjdk-18: 28751 installed and not shipped files. [installed-vs-shipped]
ERROR: openjdk-18-18+37+gitAUTOINC+0f2113cee7-r0 do_package: Fatal QA errors found, failing task.
ERROR: Logfile of failure stored in: /home/konsti/yocto/build/tmp/work/cortexa8hf-neon-poky-linux-gnueabi/openjdk-18/18+37+gitAUTOINC+0f2113cee7-r0/temp/log.do_package.3424506
ERROR: Task (/home/konsti/yocto/meta-insidem2m/recipes-core/openjdk/openjdk-18_18+37.bb:do_package) failed with exit code '1'

Well, I am pretty shure the FILES_${PN} refers relative to ${D}, where
is my stupid misunderstanding?

Side-Quest: In do install the destination is referred as
${D}${JAVA_HOME}. Why does this not need to be ${D}/${JAVA_HOME}?
To quote yourself:
${JAVA_HOME} expands to /usr/lib/jvm/openjdk-18
Cheers,
Quentin


Building a core-image-weston with custom app using rust and gtk3

atch.cpp@...
 

Hello,
I'm having real difficulties in compiling a Rust app that uses gtk3 (this app successfully builds and runs on my host machine). I'm on the master branch of poky, using rust 1.59.
Is this still untested and unstabilized feature, that is gtk-rs bindings in yocto?

Thank you


Re: Specified SDKMACHINE value is not valid

jchludzinski
 

$ git clone git://git.yoctoproject.org/poky.git
$ cd ./poky
$ git checkout yocto-3.4.2
$ cd ..
$ source ./poky/oe-init-build-env
$ cd ./build
$ time bitbake core-image-minimal
...
ERROR:  OE-core's config sanity checker detected a potential misconfiguration.
    Either fix the cause of this error or at your own risk disable the checker (see sanity.conf).
    Following is the list of potential problems / advisories:
 
    Specified SDKMACHINE value is not valid
 
 
Summary: There was 1 WARNING message shown.
Summary: There was 1 ERROR message shown, returning a non-zero exit code.
 
________________________________________________________
Executed in    3.92 secs    fish           external
   usr time    1.07 secs    9.77 millis    1.06 secs
   sys time    0.18 secs    2.96 millis    0.17 secs


 
On 2022-04-01 18:09, Khem Raj wrote:

On Fri, Apr 1, 2022 at 2:02 PM jchludzinski <jchludzinski@...> wrote:

But obviously commented out.

On 2022-04-01 16:43, jchludzinski via lists.yoctoproject.org wrote:
There's this:
#SDKMACHINE ?= "i686"

OK it should be ok then. Can you describe your steps to setup the system?
maybe there is some caveat


---John

On 2022-04-01 16:22, Khem Raj wrote:

On Fri, Apr 1, 2022 at 1:09 PM jchludzinski via
lists.yoctoproject.org
[1 [1]] <jchludzinski=vivaldi.net@...> wrote:

I'm trying an experiment building yocto/OE on a Raspberry Pi 4 to
host on the same RP4. Admittedly, a not practical platform for
this
purpose but it should work.

I'm trying to target the ARM ISA for the image using yocto-3.4.2.
I've tried simply using the default setting and end up with:

_ERROR:  OE-core's config sanity checker detected a potential
misconfiguration._
_    Either fix the cause of this error or at your own risk
disable
the checker (see sanity.conf)._
_    Following is the list of potential problems / advisories:_
_ _
_    Specified SDKMACHINE value is not valid_

I've tried editing ./conf/local.conf:

MACHINE ?= "qemuarm64"

#MACHINE ??= "qemux86-64"

It's complaining about SDKMACHINE setting which is a separate
variable, can you check your local.conf if it's set to something

But this accomplishes nothing. Needless to say, I'm a yacto/OE
newbie, so any suggestions would be greatly appreciated.

---John

Links:
------
[1] http://lists.yoctoproject.org


Links:
------
[1] http://lists.yoctoproject.org





[meta-selinux][PATCH 11/11] checkpolicy: Update LICENSE variable

Yu, Mingli
 

From: Mingli Yu <mingli.yu@...>

Update LICENSE variable to use SPDX license identifiers.

Signed-off-by: Mingli Yu <mingli.yu@...>
---
recipes-security/selinux/checkpolicy_3.3.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-security/selinux/checkpolicy_3.3.bb b/recipes-security/selinux/checkpolicy_3.3.bb
index 99ac470..ad90cc2 100644
--- a/recipes-security/selinux/checkpolicy_3.3.bb
+++ b/recipes-security/selinux/checkpolicy_3.3.bb
@@ -6,7 +6,7 @@ binary policy. checkpolicy uses the static libsepol since it deals \
with low level details of the policy that have not been \
encapsulated/abstracted by a proper shared library interface."
SECTION = "base"
-LICENSE = "GPLv2+"
+LICENSE = "GPL-2.0-or-later"
LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=393a5ca445f6965873eca0259a17f833"

require selinux_common.inc
--
2.25.1


[meta-selinux][PATCH 10/11] selinux-sandbox: Update LICENSE variable

Yu, Mingli
 

From: Mingli Yu <mingli.yu@...>

Update LICENSE variable to use SPDX license identifiers.

Signed-off-by: Mingli Yu <mingli.yu@...>
---
recipes-security/selinux/selinux-sandbox_3.3.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-security/selinux/selinux-sandbox_3.3.bb b/recipes-security/selinux/selinux-sandbox_3.3.bb
index a20982c..cc9baad 100644
--- a/recipes-security/selinux/selinux-sandbox_3.3.bb
+++ b/recipes-security/selinux/selinux-sandbox_3.3.bb
@@ -4,7 +4,7 @@ Run application within a tightly confined SELinux domain. The default \
sandbox domain only allows applications the ability to read and write \
stdin, stdout and any other file descriptors handed to it."
SECTION = "base"
-LICENSE = "GPLv2+"
+LICENSE = "GPL-2.0-or-later"
LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=393a5ca445f6965873eca0259a17f833"

require selinux_common.inc
--
2.25.1


[meta-selinux][PATCH 09/11] setools: Update LICENSE variable

Yu, Mingli
 

From: Mingli Yu <mingli.yu@...>

Update LICENSE variable to use SPDX license identifiers.

Signed-off-by: Mingli Yu <mingli.yu@...>
---
recipes-security/setools/setools_4.4.0.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-security/setools/setools_4.4.0.bb b/recipes-security/setools/setools_4.4.0.bb
index b78af36..f1557b1 100644
--- a/recipes-security/setools/setools_4.4.0.bb
+++ b/recipes-security/setools/setools_4.4.0.bb
@@ -6,7 +6,7 @@ libraries designed to facilitate SELinux policy analysis. \
This meta-package depends upon the main packages necessary to run \
SETools."
SECTION = "base"
-LICENSE = "GPLv2 & LGPLv2.1"
+LICENSE = "GPL-2.0-only & LGPL-2.1-only"

S = "${WORKDIR}/git"
SRC_URI = "git://github.com/SELinuxProject/${BPN}.git;branch=4.4;protocol=https \
--
2.25.1


[meta-selinux][PATCH 08/11] policycoreutils: Update LICENSE variable

Yu, Mingli
 

From: Mingli Yu <mingli.yu@...>

Update LICENSE variable to use SPDX license identifiers.

Signed-off-by: Mingli Yu <mingli.yu@...>
---
recipes-security/selinux/policycoreutils_3.3.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-security/selinux/policycoreutils_3.3.bb b/recipes-security/selinux/policycoreutils_3.3.bb
index 04f8ef7..552d354 100644
--- a/recipes-security/selinux/policycoreutils_3.3.bb
+++ b/recipes-security/selinux/policycoreutils_3.3.bb
@@ -5,7 +5,7 @@ load_policy to load policies, setfiles to label filesystems, newrole \
to switch roles, and run_init to run /etc/init.d scripts in the proper \
context."
SECTION = "base"
-LICENSE = "GPLv2+"
+LICENSE = "GPL-2.0-or-later"
LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=393a5ca445f6965873eca0259a17f833"

require selinux_common.inc
--
2.25.1


[meta-selinux][PATCH 07/11] mcstrans: Update LICENSE variable

Yu, Mingli
 

From: Mingli Yu <mingli.yu@...>

Update LICENSE variable to use SPDX license identifiers.

Signed-off-by: Mingli Yu <mingli.yu@...>
---
recipes-security/selinux/mcstrans_3.3.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-security/selinux/mcstrans_3.3.bb b/recipes-security/selinux/mcstrans_3.3.bb
index 4d99e18..cd8780b 100644
--- a/recipes-security/selinux/mcstrans_3.3.bb
+++ b/recipes-security/selinux/mcstrans_3.3.bb
@@ -4,7 +4,7 @@ DESCRIPTION = "\
mcstrans provides an translation daemon to translate SELinux categories \
from internal representations to user defined representation."
SECTION = "base"
-LICENSE = "GPLv2+"
+LICENSE = "GPL-2.0-or-later"
LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"

require selinux_common.inc
--
2.25.1


[meta-selinux][PATCH 06/11] libsemanage: Update LICENSE variable

Yu, Mingli
 

From: Mingli Yu <mingli.yu@...>

Update LICENSE variable to use SPDX license identifiers.

Signed-off-by: Mingli Yu <mingli.yu@...>
---
recipes-security/selinux/libsemanage_3.3.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-security/selinux/libsemanage_3.3.bb b/recipes-security/selinux/libsemanage_3.3.bb
index 0a6ff95..b17eb68 100644
--- a/recipes-security/selinux/libsemanage_3.3.bb
+++ b/recipes-security/selinux/libsemanage_3.3.bb
@@ -4,7 +4,7 @@ It is used by checkpolicy (the policy compiler) and similar tools, as well \
as by programs like load_policy that need to perform specific transformations \
on binary policies such as customizing policy boolean settings."
SECTION = "base"
-LICENSE = "LGPLv2.1+"
+LICENSE = "LGPL-2.1-or-later"
LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343"

require selinux_common.inc
--
2.25.1


[meta-selinux][PATCH 04/11] semodule-utils: Update LICENSE variable

Yu, Mingli
 

From: Mingli Yu <mingli.yu@...>

Update LICENSE variable to use SPDX license identifiers.

Signed-off-by: Mingli Yu <mingli.yu@...>
---
recipes-security/selinux/semodule-utils_3.3.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-security/selinux/semodule-utils_3.3.bb b/recipes-security/selinux/semodule-utils_3.3.bb
index a8bca0e..06e28f4 100644
--- a/recipes-security/selinux/semodule-utils_3.3.bb
+++ b/recipes-security/selinux/semodule-utils_3.3.bb
@@ -3,7 +3,7 @@ DESCRIPTION = "\
The utilities to create, expand, link and show the dependencies between \
the SELinux policy module packages."
SECTION = "base"
-LICENSE = "GPLv2+"
+LICENSE = "GPL-2.0-or-later"
LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=393a5ca445f6965873eca0259a17f833"

require selinux_common.inc
--
2.25.1


[meta-selinux][PATCH 05/11] selinux-gui: Update LICENSE variable

Yu, Mingli
 

From: Mingli Yu <mingli.yu@...>

Update LICENSE variable to use SPDX license identifiers.

Signed-off-by: Mingli Yu <mingli.yu@...>
---
recipes-security/selinux/selinux-gui_3.3.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-security/selinux/selinux-gui_3.3.bb b/recipes-security/selinux/selinux-gui_3.3.bb
index 5534ec6..9916afb 100644
--- a/recipes-security/selinux/selinux-gui_3.3.bb
+++ b/recipes-security/selinux/selinux-gui_3.3.bb
@@ -3,7 +3,7 @@ DESCRIPTION = "\
Provide SELinux Management tool (system-config-selinux) and SELinux \
Policy Generation Tool (selinux-polgengui)"
SECTION = "base"
-LICENSE = "GPLv2+"
+LICENSE = "GPL-2.0-or-later"
LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=393a5ca445f6965873eca0259a17f833"

require selinux_common.inc
--
2.25.1

1981 - 2000 of 58585