Date   

[meta-selinux][PATCH 2/2] bind: remove volatile file

Yi Zhao
 

This file is not needed anymore as bind daemon will create them by
itself.

Signed-off-by: Yi Zhao <yi.zhao@...>
---
recipes-connectivity/bind/bind_selinux.inc | 7 -------
recipes-connectivity/bind/files/volatiles.04_bind | 4 ----
2 files changed, 11 deletions(-)
delete mode 100644 recipes-connectivity/bind/files/volatiles.04_bind

diff --git a/recipes-connectivity/bind/bind_selinux.inc b/recipes-connectivity/bind/bind_selinux.inc
index aa11005..948a377 100644
--- a/recipes-connectivity/bind/bind_selinux.inc
+++ b/recipes-connectivity/bind/bind_selinux.inc
@@ -1,11 +1,4 @@
-FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
-
-SRC_URI += "file://volatiles.04_bind"
-
do_install:append() {
- install -d ${D}${sysconfdir}/default/volatiles
- install -m 0644 ${WORKDIR}/volatiles.04_bind ${D}${sysconfdir}/default/volatiles/04_bind
-
sed -i '/^\s*\/usr\/sbin\/rndc-confgen/a\
[ -x /sbin/restorecon ] && /sbin/restorecon -F /etc/bind/rndc.key' ${D}${sysconfdir}/init.d/bind
}
diff --git a/recipes-connectivity/bind/files/volatiles.04_bind b/recipes-connectivity/bind/files/volatiles.04_bind
deleted file mode 100644
index c6a8151..0000000
--- a/recipes-connectivity/bind/files/volatiles.04_bind
+++ /dev/null
@@ -1,4 +0,0 @@
-# <type> <owner> <group> <mode> <path> <linksource>
-d root root 0755 /var/run/named none
-d root root 0755 /var/run/bind/run none
-d root root 0755 /var/cache/bind none
--
2.25.1


[meta-selinux][PATCH 1/2] recipes: update SRC_URI branch and protocols

Yi Zhao
 

Update SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls.

Signed-off-by: Yi Zhao <yi.zhao@...>
---
recipes-security/refpolicy/refpolicy_git.inc | 2 +-
recipes-security/selinux/selinux_common.inc | 2 +-
recipes-security/setools/setools_4.4.0.bb | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/recipes-security/refpolicy/refpolicy_git.inc b/recipes-security/refpolicy/refpolicy_git.inc
index ccf1bde..1d56403 100644
--- a/recipes-security/refpolicy/refpolicy_git.inc
+++ b/recipes-security/refpolicy/refpolicy_git.inc
@@ -1,6 +1,6 @@
PV = "2.20210203+git${SRCPV}"

-SRC_URI = "git://github.com/SELinuxProject/refpolicy.git;protocol=git;branch=master;name=refpolicy;destsuffix=refpolicy"
+SRC_URI = "git://github.com/SELinuxProject/refpolicy.git;protocol=https;branch=master;name=refpolicy;destsuffix=refpolicy"

SRCREV_refpolicy ?= "1167739da1882f9c89281095d2595da5ea2d9d6b"

diff --git a/recipes-security/selinux/selinux_common.inc b/recipes-security/selinux/selinux_common.inc
index f2e180f..dc4ccd5 100644
--- a/recipes-security/selinux/selinux_common.inc
+++ b/recipes-security/selinux/selinux_common.inc
@@ -1,6 +1,6 @@
HOMEPAGE = "https://github.com/SELinuxProject"

-SRC_URI = "git://github.com/SELinuxProject/selinux.git"
+SRC_URI = "git://github.com/SELinuxProject/selinux.git;branch=master;protocol=https"
SRCREV = "cf853c1a0c2328ad6c62fb2b2cc55d4926301d6b"

UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+)"
diff --git a/recipes-security/setools/setools_4.4.0.bb b/recipes-security/setools/setools_4.4.0.bb
index 2b10993..b78af36 100644
--- a/recipes-security/setools/setools_4.4.0.bb
+++ b/recipes-security/setools/setools_4.4.0.bb
@@ -9,7 +9,7 @@ SECTION = "base"
LICENSE = "GPLv2 & LGPLv2.1"

S = "${WORKDIR}/git"
-SRC_URI = "git://github.com/SELinuxProject/${BPN}.git;branch=4.4 \
+SRC_URI = "git://github.com/SELinuxProject/${BPN}.git;branch=4.4;protocol=https \
file://setools4-fixes-for-cross-compiling.patch \
"

--
2.25.1


Re: Bitbake build fails because of a python function

Alexander Kanavin
 

Just wondering, what it /srv/yocto? Can you build in your $HOME?

Otherwise, you can run bitbake under 'strace -ff -o strace-log ...' and try to check exactly what syscall causes cpio to fail.

Alex


On Thu, 4 Nov 2021 at 20:44, Maksym Iliev <maksym.iliev@...> wrote:

Dear Alexander,

Thanks a lot for responding. I've attached the log file.
The only valuable info I could find is the following piece at the end of the log file. Could that be a potential cause for failures?

Deprecated external dependency generator is used!

create archive failed: cpio: write

WARNING: exit code 1 from a shell command.

 

 

 

Thanks in advance,

Maksym

From: Alexander Kanavin
Sent: November 3, 2021 4:48 PM
To: Maksym Iliev
Cc: Yocto-mailing-list
Subject: Re: [yocto] Bitbake build fails because of a python function

 

You don't often get email from alex.kanavin@.... Learn why this is important

It's hard to say if we can't replicate the issue. Check /srv/yocto/build/tmp/work/corei7-64-poky-linux/perl/5.30.1-r0/temp/log.do_package_write_rpm, it might have useful debugging info.

 

Alex

 

 

On Wed, 3 Nov 2021 at 21:45, Maksym Iliev via lists.yoctoproject.org <maksym.iliev=litmus.io@...> wrote:

Hello guys. I am brand new to yocto and bitbake and I am looking for any help/advice/hints I can get. I have inherited someone else's code for building yocto project images, but the bitbake fails with the following error:

ERROR: perl-5.30.1-r0 do_package_write_rpm: Error executing a python function in exec_func_python() 
autogenerated:The stack trace of python calls that resulted in this exception/failure was: File: 'exec_func_python() autogenerated', lineno: 2, function: <module>
0001: *** 
0002:do_package_rpm(d)     
0003:
File: '/srv/yocto/poky/meta/classes/package_rpm.bbclass', lineno: 712, function: do_package_rpm     
0708:     
0709:    # Build the rpm package!     
0710:    d.setVar('BUILDSPEC', cmd + \"\\n\" + cleanupcmd + \"\\n\")     
0711:    d.setVarFlag('BUILDSPEC', 'func', '1')
0712:    bb.build.exec_func('BUILDSPEC', d)     
0713:     
0714:    if d.getVar('RPM_SIGN_PACKAGES') == '1':
0715:        bb.build.exec_func(\"sign_rpm\", d)     
0716:}
File: '/srv/yocto/poky/bitbake/lib/bb/build.py', lineno: 254, function: exec_func     
0250:    with bb.utils.fileslocked(lockfiles):     
0251:    if ispython:     
0252:            exec_func_python(func, d, runfile, cwd=adir)     
0253:    else: *** 
0254:            exec_func_shell(func, d, runfile, cwd=adir)     
0255:     
0256:    try:     
0257:        curcwd = os.getcwd()     
0258:    except:
File: '/srv/yocto/poky/bitbake/lib/bb/build.py', lineno: 455, function: exec_func_shell     
0451:    with open(fifopath, 'r+b', buffering=0) as fifo:     
0452:        try:     
0453:            bb.debug(2, \"Executing shell function %s\" % func)    
0454:            with open(os.devnull, 'r+') as stdin, logfile: *** 
0455:                bb.process.run(cmd, shell=False, stdin=stdin, log=logfile, extrafiles=[(fifo,readfifo)])     
0456:        finally:     
0457:            os.unlink(fifopath)    
0458:     
0459:    bb.debug(2, \"Shell function %s finished\" % func)
File: '/srv/yocto/poky/bitbake/lib/bb/process.py', lineno: 184, function: run     
0180:     
0181:    if pipe.returncode != 0:     
0182:        if log:     
0183:            # Don't duplicate the output in the exception if logging it *** 
0184:            raise ExecutionError(cmd, pipe.returncode, None, None)     
0185:        raise ExecutionError(cmd, pipe.returncode, stdout, stderr)     
0186:    return stdout, stderr Exception: bb.process.ExecutionError: Execution of '/srv/yocto/build/tmp/work/corei7-64-poky-linux/perl/5.30.1-r0/temp/run.BUILDSPEC.35372' failed with exit code 1

Would anyone be able to point me in the right direction as to what could be potentially causing this issue?

Thanks in advance,
Maksym

 


Re: Bitbake build fails because of a python function

Maksym Iliev
 

Dear Alexander,

Thanks a lot for responding. I've attached the log file.
The only valuable info I could find is the following piece at the end of the log file. Could that be a potential cause for failures?

Deprecated external dependency generator is used!

create archive failed: cpio: write

WARNING: exit code 1 from a shell command.

 

 

 

Thanks in advance,

Maksym

From: Alexander Kanavin
Sent: November 3, 2021 4:48 PM
To: Maksym Iliev
Cc: Yocto-mailing-list
Subject: Re: [yocto] Bitbake build fails because of a python function

 

You don't often get email from alex.kanavin@.... Learn why this is important

It's hard to say if we can't replicate the issue. Check /srv/yocto/build/tmp/work/corei7-64-poky-linux/perl/5.30.1-r0/temp/log.do_package_write_rpm, it might have useful debugging info.

 

Alex

 

 

On Wed, 3 Nov 2021 at 21:45, Maksym Iliev via lists.yoctoproject.org <maksym.iliev=litmus.io@...> wrote:

Hello guys. I am brand new to yocto and bitbake and I am looking for any help/advice/hints I can get. I have inherited someone else's code for building yocto project images, but the bitbake fails with the following error:

ERROR: perl-5.30.1-r0 do_package_write_rpm: Error executing a python function in exec_func_python() 
autogenerated:The stack trace of python calls that resulted in this exception/failure was: File: 'exec_func_python() autogenerated', lineno: 2, function: <module>
0001: *** 
0002:do_package_rpm(d)     
0003:
File: '/srv/yocto/poky/meta/classes/package_rpm.bbclass', lineno: 712, function: do_package_rpm     
0708:     
0709:    # Build the rpm package!     
0710:    d.setVar('BUILDSPEC', cmd + \"\\n\" + cleanupcmd + \"\\n\")     
0711:    d.setVarFlag('BUILDSPEC', 'func', '1')
0712:    bb.build.exec_func('BUILDSPEC', d)     
0713:     
0714:    if d.getVar('RPM_SIGN_PACKAGES') == '1':
0715:        bb.build.exec_func(\"sign_rpm\", d)     
0716:}
File: '/srv/yocto/poky/bitbake/lib/bb/build.py', lineno: 254, function: exec_func     
0250:    with bb.utils.fileslocked(lockfiles):     
0251:    if ispython:     
0252:            exec_func_python(func, d, runfile, cwd=adir)     
0253:    else: *** 
0254:            exec_func_shell(func, d, runfile, cwd=adir)     
0255:     
0256:    try:     
0257:        curcwd = os.getcwd()     
0258:    except:
File: '/srv/yocto/poky/bitbake/lib/bb/build.py', lineno: 455, function: exec_func_shell     
0451:    with open(fifopath, 'r+b', buffering=0) as fifo:     
0452:        try:     
0453:            bb.debug(2, \"Executing shell function %s\" % func)    
0454:            with open(os.devnull, 'r+') as stdin, logfile: *** 
0455:                bb.process.run(cmd, shell=False, stdin=stdin, log=logfile, extrafiles=[(fifo,readfifo)])     
0456:        finally:     
0457:            os.unlink(fifopath)    
0458:     
0459:    bb.debug(2, \"Shell function %s finished\" % func)
File: '/srv/yocto/poky/bitbake/lib/bb/process.py', lineno: 184, function: run     
0180:     
0181:    if pipe.returncode != 0:     
0182:        if log:     
0183:            # Don't duplicate the output in the exception if logging it *** 
0184:            raise ExecutionError(cmd, pipe.returncode, None, None)     
0185:        raise ExecutionError(cmd, pipe.returncode, stdout, stderr)     
0186:    return stdout, stderr Exception: bb.process.ExecutionError: Execution of '/srv/yocto/build/tmp/work/corei7-64-poky-linux/perl/5.30.1-r0/temp/run.BUILDSPEC.35372' failed with exit code 1

Would anyone be able to point me in the right direction as to what could be potentially causing this issue?

Thanks in advance,
Maksym

 


Minutes: Yocto Project Weekly Triage Meeting 11/4/2021

Trevor Gamblin
 

Wiki: https://wiki.yoctoproject.org/wiki/Bug_Triage

Attendees: Alexandre, Armin, Bruce, Jon, Joshua, Kiran, Michael, Randy, Richard, Stephen, Steve, Tim, Trevor

ARs:

N/A


Notes:

N/A

Medium+ 3.5 Unassigned Enhancements/Bugs: 79 (Last week 81)

Medium+ 3.99 Unassigned Enhancements/Bugs: 39 (No change)

AB Bugs: 62 (No change)


[meta-security][PATCH] tpm2-tss: fix fapi package config

Stefan Mueller-Klieser
 

When enabling fapi, the build breaks with:

| configure: error: Package requirements (libcurl) were not met:
| No package 'libcurl' found

This adds the missing dependency and bundles the additional config files
in the base package.

Signed-off-by: Stefan Müller-Klieser <s.mueller-klieser@...>
---
v1:
- tested on hardknott and master

meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.0.3.bb | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.0.3.bb b/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.0.3.bb
index 64708791f4a9..1a36a5b73b06 100644
--- a/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.0.3.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.0.3.bb
@@ -15,7 +15,7 @@ inherit autotools pkgconfig systemd extrausers

PACKAGECONFIG ??= ""
PACKAGECONFIG[oxygen] = ",--disable-doxygen-doc, "
-PACKAGECONFIG[fapi] = "--enable-fapi,--disable-fapi,json-c "
+PACKAGECONFIG[fapi] = "--enable-fapi,--disable-fapi,curl json-c "

EXTRA_OECONF += "--enable-static --with-udevrulesdir=${nonarch_base_libdir}/udev/rules.d/"
EXTRA_OECONF:remove = " --disable-static"
@@ -73,6 +73,11 @@ FILES:libtss2-dev = " \
${libdir}/libtss2*so"
FILES:libtss2-staticdev = "${libdir}/libtss*a"

-FILES:${PN} = "${libdir}/udev ${nonarch_base_libdir}/udev"
+FILES:${PN} = "\
+ ${libdir}/udev \
+ ${nonarch_base_libdir}/udev \
+ ${sysconfdir}/tmpfiles.d \
+ ${sysconfdir}/tpm2-tss \
+ ${sysconfdir}/sysusers.d"

RDEPENDS:libtss2 = "libgcrypt"
--
2.20.1


User configuration & host contamination

Jeffrey Simons
 

Hi all,

I'm having some difficulty with setting up users and the respective application user assignments. I have a generic recipe which inherits useradd and sets a user, this works great for my purpose without one exception. I can't assign the user in my other recipe where the application is build.

Snippet from my user add (based on the useradd-example):
USERADD_PARAM_${PN} = "--uid 1200 \
--home-dir /home/user1 \
--groups dialout \
--user-group \
--password '********' \
--shell /bin/bash user1"

Snippet from my application which wants to assign the user1:
do_install () {
chown -R user1 ${D}/usr/local/bin/test_app/
}
It fails with the message:
"WARNING: test_app-1.0-12-r0 do_package_qa: QA Issue: test_app: /usr/local/bin/test_app/some_script.py is owned by uid 1000, which is the same as the user running bitbake. This may be due to host contamination"

Any pointers/thoughts in how I can resolve this issue?

With kind regards,

Jeffrey Simons

Software Engineer
Royal Boon Edam International B.V.


Re: Dunfell - ERROR: ca-certificates-20211016-r0 do_fetch: Fetcher failure

Martin Jansa
 

Most likely expired Let's Encrypt certificate (which salsa.debian.org where ca-certificates are hoster is using) on your builder (host OS), see e.g. for ubuntu:

So to fix this update ca-certificates on your host distribution and then it should be fine.

On Thu, Nov 4, 2021 at 1:20 AM Darcy Watkins <dwatkins@...> wrote:

Hi,

 

After syncup of Yocto dunfell, I get the following error:

 

dwatkins@carmd-ed-n11377-docker-dwatkins_apollo17:64bit build $ bitbake ca-certificates -c fetch

Loading cache: 100% |#################################################################################################################################################################################################################################################| Time: 0:00:00

Loaded 4042 entries from dependency cache.

Parsing recipes: 100% |###############################################################################################################################################################################################################################################| Time: 0:00:00

Parsing of 2833 .bb files complete (2815 cached, 18 parsed). 4060 targets, 183 skipped, 0 masked, 0 errors.

WARNING: No recipes available for:

  /home/dwatkins/workspace/mgos/apollo17/meta-mg90-bsp/recipes-kernel/firmware/linux-firmware_git.bbappend

  /home/dwatkins/workspace/mgos/apollo17/meta-mg90-bsp/recipes-kernel/linux/linux-qoriq_4.19.bbappend

  /home/dwatkins/workspace/mgos/apollo17/meta-mgos-distro/meta-openssl-fips/recipes-support/openssl/openssl_1.0.2%.bbappend

  /home/dwatkins/workspace/mgos/apollo17/meta-mgos-core/recipes-support/cherrypy/cherrypy-python_%.bbappend

  /home/dwatkins/workspace/mgos/apollo17/meta-mgos-core/recipes-support/hostapd/hostapd_2.6.bbappend

  /home/dwatkins/workspace/mgos/apollo17/meta-mgos-core/recipes-support/hostapd/hostapd_2.8.bbappend

  /home/dwatkins/workspace/mgos/apollo17/meta-mgos-core/recipes-support/wpa-supplicant/wpa-supplicant_2.6.bbappend

  /home/dwatkins/workspace/mgos/apollo17/meta-mgos-core/recipes-support/wpa-supplicant/wpa-supplicant_2.7.bbappend

NOTE: Resolving any missing task queue dependencies

 

Build Configuration:

BB_VERSION           = "1.46.0"

BUILD_SYS            = "x86_64-linux"

NATIVELSBSTRING      = "universal"

TARGET_SYS           = "arm-poky-linux-gnueabi"

MACHINE              = "mg90"

DISTRO               = "mgos"

DISTRO_VERSION       = "3.1.11"

TUNE_FEATURES        = "arm vfp cortexa7 neon callconvention-hard"

TARGET_FPU           = "hard"

meta-mgos-core       = "main:96c5c6d35f19d16f65100ee29cb23e9a1470876c"

meta-mgos-release    = "main:0825ac63c95db495330848f80d6d68b6f47a77d4"

meta-mg90-bsp        = "main:47d0284b7a337df7587055c405213f9428c94884"

meta-mgos-airprime   = "main:5e8ffb01629c60d282b22e3313740e3b2cf325f4"

meta                 

meta-daisy-cf        

meta-openssl-fips    

meta-sigma           = "main:abf8a7a7408b690dfb0dff796ce8e94b6b661b0d"

meta                 

meta-poky            

meta-yocto-bsp       = "HEAD:0810ac6b926cd901f0619e95f367efc79d4c3159"

meta-oe              

meta-networking      

meta-python          

meta-perl            = "HEAD:814eec96c2a29172da57a425a3609f8b6fcc6afe"

meta-security        

meta-integrity       

meta-security-compliance 

meta-security-isafw  = "HEAD:b76698c788cb8ca632077a972031899ef15025d6"

meta-freescale       = "HEAD:727fd8df20c8ee58474ce15cd5e1459f14bee977"

meta-java            = "HEAD:6e84638d77ac921aac46649095bca5ddbde94d2a"

workspace            = "<unknown>:<unknown>"

 

Initialising tasks: 100% |############################################################################################################################################################################################################################################| Time: 0:00:00

Sstate summary: Wanted 0 Found 0 Missed 0 Current 0 (0% match, 0% complete)

NOTE: No setscene tasks

NOTE: Executing Tasks

WARNING: ca-certificates-20211016-r0 do_fetch: Failed to fetch URL git://salsa.debian.org/debian/ca-certificates.git;protocol=https, attempting MIRRORS if available

ERROR: ca-certificates-20211016-r0 do_fetch: Fetcher failure: Fetch command export PSEUDO_DISABLED=1; export PATH="/home/dwatkins/workspace/mgos/apollo17/build/tmp/sysroots-uninative/x86_64-linux/usr/bin:/home/dwatkins/workspace/mgos/apollo17/upstream/yocto/poky/scripts:/home/dwatkins/workspace/mgos/apollo17/build/tmp/work/all-poky-linux/ca-certificates/20211016-r0/recipe-sysroot-native/usr/bin/allarch-poky-linux:/home/dwatkins/workspace/mgos/apollo17/build/tmp/work/all-poky-linux/ca-certificates/20211016-r0/recipe-sysroot/usr/bin/crossscripts:/home/dwatkins/workspace/mgos/apollo17/build/tmp/work/all-poky-linux/ca-certificates/20211016-r0/recipe-sysroot-native/usr/sbin:/home/dwatkins/workspace/mgos/apollo17/build/tmp/work/all-poky-linux/ca-certificates/20211016-r0/recipe-sysroot-native/usr/bin:/home/dwatkins/workspace/mgos/apollo17/build/tmp/work/all-poky-linux/ca-certificates/20211016-r0/recipe-sysroot-native/sbin:/home/dwatkins/workspace/mgos/apollo17/build/tmp/work/all-poky-linux/ca-certificates/20211016-r0/recipe-sysroot-native/bin:/home/dwatkins/workspace/mgos/apollo17/upstream/yocto/poky/bitbake/bin:/home/dwatkins/workspace/mgos/apollo17/build/tmp/hosttools"; export HOME="/home/dwatkins"; LANG=C git -c core.fsyncobjectfiles=0 fetch -f --progress "https://salsa.debian.org/debian/ca-certificates.git" refs/*:refs/* failed with exit code 128, no output

ERROR: ca-certificates-20211016-r0 do_fetch: Bitbake Fetcher Error: FetchError('Unable to fetch URL from any source.', 'git://salsa.debian.org/debian/ca-certificates.git;protocol=https')

ERROR: Logfile of failure stored in: /home/dwatkins/workspace/mgos/apollo17/build/tmp/work/all-poky-linux/ca-certificates/20211016-r0/temp/log.do_fetch.11215

ERROR: Task (/home/dwatkins/workspace/mgos/apollo17/upstream/yocto/poky/meta/recipes-support/ca-certificates/ca-certificates_20211016.bb:do_fetch) failed with exit code '1'

NOTE: Tasks Summary: Attempted 1 tasks of which 0 didn't need to be rerun and 1 failed.

 

Summary: 1 task failed:

  /home/dwatkins/workspace/mgos/apollo17/upstream/yocto/poky/meta/recipes-support/ca-certificates/ca-certificates_20211016.bb:do_fetch

Summary: There were 2 WARNING messages shown.

Summary: There were 2 ERROR messages shown, returning a non-zero exit code.

dwatkins@carmd-ed-n11377-docker-dwatkins_apollo17:64bit build $

 

 

Looking in the git history, I find a recent commit…

 

commit 7158bf0775383eefcec148c47310b4681bfbed86

Author: Alexander Kanavin <alex.kanavin@...>

Date:   Tue Oct 19 17:33:29 2021 +0200

 

    ca-certificates: update 20210119 -> 20211016

    

    (From OE-Core rev: 43aa25b523b2c11ce483ea22435196dfca259b30)

    

    Signed-off-by: Alexander Kanavin <alex@...>

    Signed-off-by: Alexandre Belloni <alexandre.belloni@...>

    Signed-off-by: Richard Purdie <richard.purdie@...>

    (cherry picked from commit c479b8a810d966d7267af1b4dac38a46f55fc547)

    Signed-off-by: Steve Sakoman <steve@...>

    Signed-off-by: Richard Purdie <richard.purdie@...>

 

 

I don’t think this is necessarily the culprit as I likely fetched long ago and have been using cached content since.

 

Is this part of that unauthenticated GIT protocol issue?

 

 

 

Regards,

 

Darcy

 

Darcy Watkins ::  Senior Staff Engineer, Firmware

 

SIERRA WIRELESS

Direct  +1 604 233 7989   ::  Fax  +1 604 231 1109  ::  Main  +1 604 231 1100

13811 Wireless Way  :: Richmond, BC Canada V6V 3A4

[M4]

dwatkins@... :: www.sierrawireless.com





Dunfell - ERROR: ca-certificates-20211016-r0 do_fetch: Fetcher failure

Darcy Watkins
 

Hi,

 

After syncup of Yocto dunfell, I get the following error:

 

dwatkins@carmd-ed-n11377-docker-dwatkins_apollo17:64bit build $ bitbake ca-certificates -c fetch

Loading cache: 100% |#################################################################################################################################################################################################################################################| Time: 0:00:00

Loaded 4042 entries from dependency cache.

Parsing recipes: 100% |###############################################################################################################################################################################################################################################| Time: 0:00:00

Parsing of 2833 .bb files complete (2815 cached, 18 parsed). 4060 targets, 183 skipped, 0 masked, 0 errors.

WARNING: No recipes available for:

  /home/dwatkins/workspace/mgos/apollo17/meta-mg90-bsp/recipes-kernel/firmware/linux-firmware_git.bbappend

  /home/dwatkins/workspace/mgos/apollo17/meta-mg90-bsp/recipes-kernel/linux/linux-qoriq_4.19.bbappend

  /home/dwatkins/workspace/mgos/apollo17/meta-mgos-distro/meta-openssl-fips/recipes-support/openssl/openssl_1.0.2%.bbappend

  /home/dwatkins/workspace/mgos/apollo17/meta-mgos-core/recipes-support/cherrypy/cherrypy-python_%.bbappend

  /home/dwatkins/workspace/mgos/apollo17/meta-mgos-core/recipes-support/hostapd/hostapd_2.6.bbappend

  /home/dwatkins/workspace/mgos/apollo17/meta-mgos-core/recipes-support/hostapd/hostapd_2.8.bbappend

  /home/dwatkins/workspace/mgos/apollo17/meta-mgos-core/recipes-support/wpa-supplicant/wpa-supplicant_2.6.bbappend

  /home/dwatkins/workspace/mgos/apollo17/meta-mgos-core/recipes-support/wpa-supplicant/wpa-supplicant_2.7.bbappend

NOTE: Resolving any missing task queue dependencies

 

Build Configuration:

BB_VERSION           = "1.46.0"

BUILD_SYS            = "x86_64-linux"

NATIVELSBSTRING      = "universal"

TARGET_SYS           = "arm-poky-linux-gnueabi"

MACHINE              = "mg90"

DISTRO               = "mgos"

DISTRO_VERSION       = "3.1.11"

TUNE_FEATURES        = "arm vfp cortexa7 neon callconvention-hard"

TARGET_FPU           = "hard"

meta-mgos-core       = "main:96c5c6d35f19d16f65100ee29cb23e9a1470876c"

meta-mgos-release    = "main:0825ac63c95db495330848f80d6d68b6f47a77d4"

meta-mg90-bsp        = "main:47d0284b7a337df7587055c405213f9428c94884"

meta-mgos-airprime   = "main:5e8ffb01629c60d282b22e3313740e3b2cf325f4"

meta                 

meta-daisy-cf        

meta-openssl-fips    

meta-sigma           = "main:abf8a7a7408b690dfb0dff796ce8e94b6b661b0d"

meta                 

meta-poky            

meta-yocto-bsp       = "HEAD:0810ac6b926cd901f0619e95f367efc79d4c3159"

meta-oe              

meta-networking      

meta-python          

meta-perl            = "HEAD:814eec96c2a29172da57a425a3609f8b6fcc6afe"

meta-security        

meta-integrity       

meta-security-compliance 

meta-security-isafw  = "HEAD:b76698c788cb8ca632077a972031899ef15025d6"

meta-freescale       = "HEAD:727fd8df20c8ee58474ce15cd5e1459f14bee977"

meta-java            = "HEAD:6e84638d77ac921aac46649095bca5ddbde94d2a"

workspace            = "<unknown>:<unknown>"

 

Initialising tasks: 100% |############################################################################################################################################################################################################################################| Time: 0:00:00

Sstate summary: Wanted 0 Found 0 Missed 0 Current 0 (0% match, 0% complete)

NOTE: No setscene tasks

NOTE: Executing Tasks

WARNING: ca-certificates-20211016-r0 do_fetch: Failed to fetch URL git://salsa.debian.org/debian/ca-certificates.git;protocol=https, attempting MIRRORS if available

ERROR: ca-certificates-20211016-r0 do_fetch: Fetcher failure: Fetch command export PSEUDO_DISABLED=1; export PATH="/home/dwatkins/workspace/mgos/apollo17/build/tmp/sysroots-uninative/x86_64-linux/usr/bin:/home/dwatkins/workspace/mgos/apollo17/upstream/yocto/poky/scripts:/home/dwatkins/workspace/mgos/apollo17/build/tmp/work/all-poky-linux/ca-certificates/20211016-r0/recipe-sysroot-native/usr/bin/allarch-poky-linux:/home/dwatkins/workspace/mgos/apollo17/build/tmp/work/all-poky-linux/ca-certificates/20211016-r0/recipe-sysroot/usr/bin/crossscripts:/home/dwatkins/workspace/mgos/apollo17/build/tmp/work/all-poky-linux/ca-certificates/20211016-r0/recipe-sysroot-native/usr/sbin:/home/dwatkins/workspace/mgos/apollo17/build/tmp/work/all-poky-linux/ca-certificates/20211016-r0/recipe-sysroot-native/usr/bin:/home/dwatkins/workspace/mgos/apollo17/build/tmp/work/all-poky-linux/ca-certificates/20211016-r0/recipe-sysroot-native/sbin:/home/dwatkins/workspace/mgos/apollo17/build/tmp/work/all-poky-linux/ca-certificates/20211016-r0/recipe-sysroot-native/bin:/home/dwatkins/workspace/mgos/apollo17/upstream/yocto/poky/bitbake/bin:/home/dwatkins/workspace/mgos/apollo17/build/tmp/hosttools"; export HOME="/home/dwatkins"; LANG=C git -c core.fsyncobjectfiles=0 fetch -f --progress "https://salsa.debian.org/debian/ca-certificates.git" refs/*:refs/* failed with exit code 128, no output

ERROR: ca-certificates-20211016-r0 do_fetch: Bitbake Fetcher Error: FetchError('Unable to fetch URL from any source.', 'git://salsa.debian.org/debian/ca-certificates.git;protocol=https')

ERROR: Logfile of failure stored in: /home/dwatkins/workspace/mgos/apollo17/build/tmp/work/all-poky-linux/ca-certificates/20211016-r0/temp/log.do_fetch.11215

ERROR: Task (/home/dwatkins/workspace/mgos/apollo17/upstream/yocto/poky/meta/recipes-support/ca-certificates/ca-certificates_20211016.bb:do_fetch) failed with exit code '1'

NOTE: Tasks Summary: Attempted 1 tasks of which 0 didn't need to be rerun and 1 failed.

 

Summary: 1 task failed:

  /home/dwatkins/workspace/mgos/apollo17/upstream/yocto/poky/meta/recipes-support/ca-certificates/ca-certificates_20211016.bb:do_fetch

Summary: There were 2 WARNING messages shown.

Summary: There were 2 ERROR messages shown, returning a non-zero exit code.

dwatkins@carmd-ed-n11377-docker-dwatkins_apollo17:64bit build $

 

 

Looking in the git history, I find a recent commit…

 

commit 7158bf0775383eefcec148c47310b4681bfbed86

Author: Alexander Kanavin <alex.kanavin@...>

Date:   Tue Oct 19 17:33:29 2021 +0200

 

    ca-certificates: update 20210119 -> 20211016

    

    (From OE-Core rev: 43aa25b523b2c11ce483ea22435196dfca259b30)

    

    Signed-off-by: Alexander Kanavin <alex@...>

    Signed-off-by: Alexandre Belloni <alexandre.belloni@...>

    Signed-off-by: Richard Purdie <richard.purdie@...>

    (cherry picked from commit c479b8a810d966d7267af1b4dac38a46f55fc547)

    Signed-off-by: Steve Sakoman <steve@...>

    Signed-off-by: Richard Purdie <richard.purdie@...>

 

 

I don’t think this is necessarily the culprit as I likely fetched long ago and have been using cached content since.

 

Is this part of that unauthenticated GIT protocol issue?

 

 

 

Regards,

 

Darcy

 

Darcy Watkins ::  Senior Staff Engineer, Firmware

 

SIERRA WIRELESS

Direct  +1 604 233 7989   ::  Fax  +1 604 231 1109  ::  Main  +1 604 231 1100

13811 Wireless Way  :: Richmond, BC Canada V6V 3A4

[M4]

dwatkins@... :: www.sierrawireless.com


Re: Bitbake build fails because of a python function

Alexander Kanavin
 

It's hard to say if we can't replicate the issue. Check /srv/yocto/build/tmp/work/corei7-64-poky-linux/perl/5.30.1-r0/temp/log.do_package_write_rpm, it might have useful debugging info.

Alex


On Wed, 3 Nov 2021 at 21:45, Maksym Iliev via lists.yoctoproject.org <maksym.iliev=litmus.io@...> wrote:

Hello guys. I am brand new to yocto and bitbake and I am looking for any help/advice/hints I can get. I have inherited someone else's code for building yocto project images, but the bitbake fails with the following error:

ERROR: perl-5.30.1-r0 do_package_write_rpm: Error executing a python function in exec_func_python() 
autogenerated:The stack trace of python calls that resulted in this exception/failure was: File: 'exec_func_python() autogenerated', lineno: 2, function: <module>
0001: *** 
0002:do_package_rpm(d)     
0003:
File: '/srv/yocto/poky/meta/classes/package_rpm.bbclass', lineno: 712, function: do_package_rpm     
0708:     
0709:    # Build the rpm package!     
0710:    d.setVar('BUILDSPEC', cmd + \"\\n\" + cleanupcmd + \"\\n\")     
0711:    d.setVarFlag('BUILDSPEC', 'func', '1')
0712:    bb.build.exec_func('BUILDSPEC', d)     
0713:     
0714:    if d.getVar('RPM_SIGN_PACKAGES') == '1':
0715:        bb.build.exec_func(\"sign_rpm\", d)     
0716:}
File: '/srv/yocto/poky/bitbake/lib/bb/build.py', lineno: 254, function: exec_func     
0250:    with bb.utils.fileslocked(lockfiles):     
0251:    if ispython:     
0252:            exec_func_python(func, d, runfile, cwd=adir)     
0253:    else: *** 
0254:            exec_func_shell(func, d, runfile, cwd=adir)     
0255:     
0256:    try:     
0257:        curcwd = os.getcwd()     
0258:    except:
File: '/srv/yocto/poky/bitbake/lib/bb/build.py', lineno: 455, function: exec_func_shell     
0451:    with open(fifopath, 'r+b', buffering=0) as fifo:     
0452:        try:     
0453:            bb.debug(2, \"Executing shell function %s\" % func)    
0454:            with open(os.devnull, 'r+') as stdin, logfile: *** 
0455:                bb.process.run(cmd, shell=False, stdin=stdin, log=logfile, extrafiles=[(fifo,readfifo)])     
0456:        finally:     
0457:            os.unlink(fifopath)    
0458:     
0459:    bb.debug(2, \"Shell function %s finished\" % func)
File: '/srv/yocto/poky/bitbake/lib/bb/process.py', lineno: 184, function: run     
0180:     
0181:    if pipe.returncode != 0:     
0182:        if log:     
0183:            # Don't duplicate the output in the exception if logging it *** 
0184:            raise ExecutionError(cmd, pipe.returncode, None, None)     
0185:        raise ExecutionError(cmd, pipe.returncode, stdout, stderr)     
0186:    return stdout, stderr Exception: bb.process.ExecutionError: Execution of '/srv/yocto/build/tmp/work/corei7-64-poky-linux/perl/5.30.1-r0/temp/run.BUILDSPEC.35372' failed with exit code 1
Would anyone be able to point me in the right direction as to what could be potentially causing this issue?

Thanks in advance,
Maksym



Bitbake build fails because of a python function

Maksym Iliev
 

Hello guys. I am brand new to yocto and bitbake and I am looking for any help/advice/hints I can get. I have inherited someone else's code for building yocto project images, but the bitbake fails with the following error:

ERROR: perl-5.30.1-r0 do_package_write_rpm: Error executing a python function in exec_func_python() 
autogenerated:The stack trace of python calls that resulted in this exception/failure was: File: 'exec_func_python() autogenerated', lineno: 2, function: <module>
0001: *** 
0002:do_package_rpm(d)     
0003:
File: '/srv/yocto/poky/meta/classes/package_rpm.bbclass', lineno: 712, function: do_package_rpm     
0708:     
0709:    # Build the rpm package!     
0710:    d.setVar('BUILDSPEC', cmd + \"\\n\" + cleanupcmd + \"\\n\")     
0711:    d.setVarFlag('BUILDSPEC', 'func', '1')
0712:    bb.build.exec_func('BUILDSPEC', d)     
0713:     
0714:    if d.getVar('RPM_SIGN_PACKAGES') == '1':
0715:        bb.build.exec_func(\"sign_rpm\", d)     
0716:}
File: '/srv/yocto/poky/bitbake/lib/bb/build.py', lineno: 254, function: exec_func     
0250:    with bb.utils.fileslocked(lockfiles):     
0251:    if ispython:     
0252:            exec_func_python(func, d, runfile, cwd=adir)     
0253:    else: *** 
0254:            exec_func_shell(func, d, runfile, cwd=adir)     
0255:     
0256:    try:     
0257:        curcwd = os.getcwd()     
0258:    except:
File: '/srv/yocto/poky/bitbake/lib/bb/build.py', lineno: 455, function: exec_func_shell     
0451:    with open(fifopath, 'r+b', buffering=0) as fifo:     
0452:        try:     
0453:            bb.debug(2, \"Executing shell function %s\" % func)    
0454:            with open(os.devnull, 'r+') as stdin, logfile: *** 
0455:                bb.process.run(cmd, shell=False, stdin=stdin, log=logfile, extrafiles=[(fifo,readfifo)])     
0456:        finally:     
0457:            os.unlink(fifopath)    
0458:     
0459:    bb.debug(2, \"Shell function %s finished\" % func)
File: '/srv/yocto/poky/bitbake/lib/bb/process.py', lineno: 184, function: run     
0180:     
0181:    if pipe.returncode != 0:     
0182:        if log:     
0183:            # Don't duplicate the output in the exception if logging it *** 
0184:            raise ExecutionError(cmd, pipe.returncode, None, None)     
0185:        raise ExecutionError(cmd, pipe.returncode, stdout, stderr)     
0186:    return stdout, stderr Exception: bb.process.ExecutionError: Execution of '/srv/yocto/build/tmp/work/corei7-64-poky-linux/perl/5.30.1-r0/temp/run.BUILDSPEC.35372' failed with exit code 1
Would anyone be able to point me in the right direction as to what could be potentially causing this issue?

Thanks in advance,
Maksym


Re: how to handle third party licenses

Khem Raj
 



On Wed, Nov 3, 2021 at 10:57 AM Monsees, Steven C (US) via lists.yoctoproject.org <steven.monsees=baesystems.com@...> wrote:

 

Looking for the proper Yocto way to handle third party software ported to Yocto and built into kernel…

 

I’m not having issues when I recognize the license as a generic license. But the license provided to us by the vendor is not part of the generic licenses list that you (Yocto) recognize.

 

I was wondering if you could explain how to add a custom license to a recipe in yocto.

 

The vendor has provided us with a generic license.txt file and I was able to add that to the our recipe. I do get a warning though which says:

 

WARNING: aiox-defaultfs-1.0-r0 do_rootfs: The license listed DataDeviceCorporation was not in the licenses collected for recipe acexpci

 

Though the warning occurs, I can see the license.txt being saved inside the rootfs on our board and is saved under tmp/deploy/licenses/acexpci. I’ve been trying to get rid of this warning when the image builds, but I can’t seem to find anything in the manual or online. One solution says : Add LICENSE_PATH += "${LAYERDIR}/custom-licenses" under conf/layer.conf, which does not resolve this warning.


Whatever you are setting for LICENSE Variable inside recipe there should be a file with same name stored inside One of LICENSE_PATH directories. 

 

I am currently building with Yocto zeus…

 

Thanks,

Steve

 





Re: how to handle third party licenses

Jose Quaresma
 

Hi Steven,

Monsees, Steven C (US) via lists.yoctoproject.org <steven.monsees=baesystems.com@...> escreveu no dia quarta, 3/11/2021 à(s) 17:57:

 

Looking for the proper Yocto way to handle third party software ported to Yocto and built into kernel…

 

I’m not having issues when I recognize the license as a generic license. But the license provided to us by the vendor is not part of the generic licenses list that you (Yocto) recognize.

 

I was wondering if you could explain how to add a custom license to a recipe in yocto.

 

The vendor has provided us with a generic license.txt file and I was able to add that to the our recipe. I do get a warning though which says:

 

WARNING: aiox-defaultfs-1.0-r0 do_rootfs: The license listed DataDeviceCorporation was not in the licenses collected for recipe acexpci

 

Though the warning occurs, I can see the license.txt being saved inside the rootfs on our board and is saved under tmp/deploy/licenses/acexpci. I’ve been trying to get rid of this warning when the image builds, but I can’t seem to find anything in the manual or online. One solution says : Add LICENSE_PATH += "${LAYERDIR}/custom-licenses" under conf/layer.conf, which does not resolve this warning.


You can add the generic license.txt provided by the vendor to ${LAYERDIR}/custom-licenses/vendor-lic-ID

In conf/layer.conf add:
LICENSE_PATH += "${LAYERDIR}/custom-licenses"

And in the recipe:
SRC_URI += "file://license.txt"
LICENSE = "vendor-lic-ID"
LIC_FILES_CHKSUM = "file://license.txt;md5=xxxxxxxxxxxxxxxxxx"

 

I am currently building with Yocto zeus…

 

Thanks,

Steve

 






--
Best regards,

José Quaresma


how to handle third party licenses

Monsees, Steven C (US)
 

 

Looking for the proper Yocto way to handle third party software ported to Yocto and built into kernel…

 

I’m not having issues when I recognize the license as a generic license. But the license provided to us by the vendor is not part of the generic licenses list that you (Yocto) recognize.

 

I was wondering if you could explain how to add a custom license to a recipe in yocto.

 

The vendor has provided us with a generic license.txt file and I was able to add that to the our recipe. I do get a warning though which says:

 

WARNING: aiox-defaultfs-1.0-r0 do_rootfs: The license listed DataDeviceCorporation was not in the licenses collected for recipe acexpci

 

Though the warning occurs, I can see the license.txt being saved inside the rootfs on our board and is saved under tmp/deploy/licenses/acexpci. I’ve been trying to get rid of this warning when the image builds, but I can’t seem to find anything in the manual or online. One solution says : Add LICENSE_PATH += "${LAYERDIR}/custom-licenses" under conf/layer.conf, which does not resolve this warning.

 

I am currently building with Yocto zeus…

 

Thanks,

Steve

 


[meta-security][PATCH] recipes: Update SRC_URI branch and protocols

Armin Kuster
 

This patch updates SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls as generated by the conversion script
in OE-Core.

Signed-off-by: Armin Kuster <akuster808@...>
---
.../recipes-openscap/oe-scap/oe-scap_1.0.bb | 2 +-
.../recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb | 2 +-
.../recipes-openscap/openscap/openscap_1.3.3.bb | 2 +-
.../recipes-openscap/openscap/openscap_git.bb | 2 +-
.../scap-security-guide/scap-security-guide_0.1.44.bb | 2 +-
.../scap-security-guide/scap-security-guide_git.bb | 2 +-
meta-tpm/recipes-tpm/libtpm/libtpm_0.8.7.bb | 2 +-
.../recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb | 2 +-
meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb | 2 +-
meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb | 2 +-
meta-tpm/recipes-tpm/tpm-quote-tools/tpm-quote-tools_1.0.4.bb | 2 +-
meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb | 2 +-
meta-tpm/recipes-tpm/trousers/trousers_git.bb | 2 +-
meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb | 2 +-
meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.7.0.bb | 2 +-
meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb | 2 +-
meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb | 2 +-
meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb | 2 +-
recipes-ids/crowdsec/crowdsec_1.1.1.bb | 2 +-
recipes-ids/ossec/ossec-hids_3.6.0.bb | 2 +-
recipes-ids/tripwire/tripwire_2.4.3.7.bb | 2 +-
recipes-mac/smack/smack_1.3.1.bb | 2 +-
recipes-scanners/checksec/checksec_2.4.0.bb | 2 +-
recipes-scanners/clamav/clamav_0.104.0.bb | 2 +-
recipes-security/chipsec/chipsec_git.bb | 2 +-
recipes-security/fail2ban/python3-fail2ban_0.11.2.bb | 2 +-
recipes-security/fscrypt/fscrypt_1.0.0.bb | 2 +-
recipes-security/fscryptctl/fscryptctl_1.0.0.bb | 2 +-
.../google-authenticator-libpam_1.08.bb | 2 +-
recipes-security/libest/libest_3.2.0.bb | 2 +-
recipes-security/libmspack/libmspack_1.9.1.bb | 2 +-
recipes-security/ncrack/ncrack_0.7.bb | 2 +-
recipes-security/nikto/nikto_2.1.6.bb | 2 +-
33 files changed, 33 insertions(+), 33 deletions(-)

diff --git a/meta-security-compliance/recipes-openscap/oe-scap/oe-scap_1.0.bb b/meta-security-compliance/recipes-openscap/oe-scap/oe-scap_1.0.bb
index 0fef233..7e9f214 100644
--- a/meta-security-compliance/recipes-openscap/oe-scap/oe-scap_1.0.bb
+++ b/meta-security-compliance/recipes-openscap/oe-scap/oe-scap_1.0.bb
@@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://README.md;md5=46dec9f167b6e05986cb4023df6d92f4"
LICENSE = "MIT"

SRCREV = "7147871d7f37d408c0dd7720ef0fd3ec1b54ad98"
-SRC_URI = "git://github.com/akuster/oe-scap.git"
+SRC_URI = "git://github.com/akuster/oe-scap.git;branch=master;protocol=https"
SRC_URI += " \
file://run_cve.sh \
file://run_test.sh \
diff --git a/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb b/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb
index f109566..549a888 100644
--- a/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb
+++ b/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb
@@ -9,7 +9,7 @@ LICENSE = "LGPL-2.1"
DEPENDS = "python3-dbus"

SRCREV = "f25b16afb6ac761fea13132ff406fba4cdfd2b76"
-SRC_URI = "git://github.com/OpenSCAP/openscap-daemon.git \
+SRC_URI = "git://github.com/OpenSCAP/openscap-daemon.git;branch=master;protocol=https \
file://0001-Renamed-module-and-variables-to-get-rid-of-async.patch \
"

diff --git a/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.3.bb b/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.3.bb
index 51fa9ee..192b008 100644
--- a/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.3.bb
+++ b/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.3.bb
@@ -3,7 +3,7 @@ SUMARRY = "NIST Certified SCAP 1.2 toolkit"
require openscap.inc

SRCREV = "0cb55c55af6be9934d6fd0caf4563b206f289732"
-SRC_URI = "git://github.com/OpenSCAP/openscap.git;branch=maint-1.3 \
+SRC_URI = "git://github.com/OpenSCAP/openscap.git;branch=maint-1.3;protocol=https \
"

DEFAULT_PREFERENCE = "-1"
diff --git a/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb b/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb
index 73a4729..a18cbd1 100644
--- a/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb
+++ b/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb
@@ -6,7 +6,7 @@ SUMARRY = "NIST Certified SCAP 1.2 toolkit with OE changes"
include openscap.inc

SRCREV = "a85943eee400fdbe59234d1c4a02d8cf710c4625"
-SRC_URI = "git://github.com/akuster/openscap.git;branch=oe-1.3 \
+SRC_URI = "git://github.com/akuster/openscap.git;branch=oe-1.3;protocol=https \
"

PV = "1.3.3+git${SRCPV}"
diff --git a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_0.1.44.bb b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_0.1.44.bb
index d80ecd7..ecf136d 100644
--- a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_0.1.44.bb
+++ b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_0.1.44.bb
@@ -1,7 +1,7 @@
SUMARRY = "SCAP content for various platforms, upstream version"

SRCREV = "8cb2d0f351faff5440742258782281164953b0a6"
-SRC_URI = "git://github.com/ComplianceAsCode/content.git"
+SRC_URI = "git://github.com/ComplianceAsCode/content.git;branch=master;protocol=https"

DEFAULT_PREFERENCE = "-1"

diff --git a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb
index 0617c56..ddde5cc 100644
--- a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb
+++ b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb
@@ -1,7 +1,7 @@
SUMARRY = "SCAP content for various platforms, OE changes"

SRCREV = "5fdfdcb2e95afbd86ace555beca5d20cbf1043ed"
-SRC_URI = "git://github.com/akuster/scap-security-guide.git;branch=oe-0.1.44; \
+SRC_URI = "git://github.com/akuster/scap-security-guide.git;branch=oe-0.1.44;;protocol=https \
file://0001-Fix-XML-parsing-of-the-remediation-functions-file.patch \
file://0002-Fixed-the-broken-fix-when-greedy-regex-ate-the-whole.patch \
file://0001-fix-deprecated-instance-of-element.getchildren.patch \
diff --git a/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.7.bb b/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.7.bb
index 95ba5c5..8fe62cf 100644
--- a/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.7.bb
+++ b/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.7.bb
@@ -3,7 +3,7 @@ LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=e73f0786a936da3814896df06ad225a9"

SRCREV = "f6dd8f55eab4910131ec6a6a570dcd7951bd10e4"
-SRC_URI = "git://github.com/stefanberger/libtpms.git;branch=stable-0.8"
+SRC_URI = "git://github.com/stefanberger/libtpms.git;branch=stable-0.8;protocol=https"

PE = "1"

diff --git a/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb b/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb
index dab1589..ef663eb 100644
--- a/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb
+++ b/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb
@@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=11f0ee3af475c85b907426e285c9bb52"
DEPENDS += "openssl trousers"

SRC_URI = "\
- git://github.com/mgerstner/openssl_tpm_engine.git \
+ git://github.com/mgerstner/openssl_tpm_engine.git;branch=master;protocol=https \
file://0001-create-tpm-key-support-well-known-key-option.patch \
file://0002-libtpm-support-env-TPM_SRK_PW.patch \
file://0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch \
diff --git a/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb b/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb
index f8347b7..77f65ae 100644
--- a/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb
+++ b/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb
@@ -9,7 +9,7 @@ DEPENDS = "libtspi"
PV = "0.1+git${SRCPV}"
SRCREV = "c02ad8f628b3d99f6d4c087b402fe31a40ee6316"

-SRC_URI = "git://github.com/flihp/pcr-extend.git \
+SRC_URI = "git://github.com/flihp/pcr-extend.git;branch=master;protocol=https \
file://fix_openssl11_build.patch "

inherit autotools
diff --git a/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb b/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb
index c7fc131..63734b9 100644
--- a/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb
+++ b/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb
@@ -7,7 +7,7 @@ SECTION = "apps"
DEPENDS = "libtasn1 coreutils-native expect-native socat-native glib-2.0 net-tools-native libtpm json-glib"

SRCREV = "98187d24fe14851653a7c46eb16e9c5f0b9beaa1"
-SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.6 \
+SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.6;protocol=https \
file://ioctl_h.patch \
file://oe_configure.patch \
"
diff --git a/meta-tpm/recipes-tpm/tpm-quote-tools/tpm-quote-tools_1.0.4.bb b/meta-tpm/recipes-tpm/tpm-quote-tools/tpm-quote-tools_1.0.4.bb
index 53cf8ff..4672bba 100644
--- a/meta-tpm/recipes-tpm/tpm-quote-tools/tpm-quote-tools_1.0.4.bb
+++ b/meta-tpm/recipes-tpm/tpm-quote-tools/tpm-quote-tools_1.0.4.bb
@@ -15,7 +15,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=8ec30b01163d242ecf07d9cd84e3611f"

DEPENDS = "libtspi tpm-tools"

-SRC_URI = "git://git.code.sf.net/p/tpmquotetools/tpm-quote-tools"
+SRC_URI = "git://git.code.sf.net/p/tpmquotetools/tpm-quote-tools;branch=master"
SRCREV = "4511874d5c9b4504bb96e94f8a14bd6c39a36295"

S = "${WORKDIR}/git"
diff --git a/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb b/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb
index dbe1647..3b3da4f 100644
--- a/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb
+++ b/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb
@@ -14,7 +14,7 @@ DEPENDS:class-native = "trousers-native"

SRCREV = "bf43837575c5f7d31865562dce7778eae970052e"
SRC_URI = " \
- git://git.code.sf.net/p/trousers/tpm-tools \
+ git://git.code.sf.net/p/trousers/tpm-tools;branch=master \
file://tpm-tools-extendpcr.patch \
file://04-fix-FTBFS-clang.patch \
file://openssl1.1_fix.patch \
diff --git a/meta-tpm/recipes-tpm/trousers/trousers_git.bb b/meta-tpm/recipes-tpm/trousers/trousers_git.bb
index 5e03b71..192c66c 100644
--- a/meta-tpm/recipes-tpm/trousers/trousers_git.bb
+++ b/meta-tpm/recipes-tpm/trousers/trousers_git.bb
@@ -10,7 +10,7 @@ SRCREV = "94144b0a1dcef6e31845d6c319e9bd7357208eb9"
PV = "0.3.15+git${SRCPV}"

SRC_URI = " \
- git://git.code.sf.net/p/trousers/trousers \
+ git://git.code.sf.net/p/trousers/trousers;branch=master \
file://trousers.init.sh \
file://trousers-udev.rules \
file://tcsd.service \
diff --git a/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb b/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb
index b80ef79..1818171 100644
--- a/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb
@@ -13,7 +13,7 @@ DEPENDS = "autoconf-archive dbus glib-2.0 tpm2-tss glib-2.0-native \
libtss2 libtss2-mu libtss2-tcti-device libtss2-tcti-mssim"

SRC_URI = "\
- git://github.com/tpm2-software/tpm2-abrmd.git \
+ git://github.com/tpm2-software/tpm2-abrmd.git;branch=master;protocol=https \
file://tpm2-abrmd-init.sh \
file://tpm2-abrmd.default \
"
diff --git a/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.7.0.bb b/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.7.0.bb
index 649338a..366e9da 100644
--- a/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.7.0.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.7.0.bb
@@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=0fc19f620a102768d6dbd1e7166e78ab"

DEPENDS = "autoconf-archive pkgconfig dstat sqlite3 openssl libtss2-dev tpm2-tools libyaml p11-kit python3-setuptools-native"

-SRC_URI = "git://github.com/tpm2-software/tpm2-pkcs11.git;branch=master \
+SRC_URI = "git://github.com/tpm2-software/tpm2-pkcs11.git;branch=master;protocol=https \
file://bootstrap_fixup.patch \
file://0001-remove-local-binary-checkes.patch \
"
diff --git a/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb b/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb
index 47113d2..2bf1eed 100644
--- a/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb
@@ -4,7 +4,7 @@ LICENSE = "BSD-2-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da"
DEPENDS = "libtss2-dev libtss2-mu-dev gnu-efi-native gnu-efi pkgconfig autoconf-archive-native"

-SRC_URI = "git://github.com/tpm2-software/tpm2-tcti-uefi.git \
+SRC_URI = "git://github.com/tpm2-software/tpm2-tcti-uefi.git;branch=master;protocol=https \
file://configure_oe_fixup.patch \
file://0001-configure.ac-stop-inserting-host-directories-into-co.patch \
file://fix_header_file.patch \
diff --git a/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb b/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb
index dfebc07..d324e33 100644
--- a/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb
@@ -10,7 +10,7 @@ DEPENDS = "autoconf-archive libtss2-dev qrencode"
PE = "1"

SRCREV = "96a1448753a48974149003bc90ea3990ae8e8d0b"
-SRC_URI = "git://github.com/tpm2-software/tpm2-totp.git"
+SRC_URI = "git://github.com/tpm2-software/tpm2-totp.git;branch=master;protocol=https"

inherit autotools-brokensep pkgconfig

diff --git a/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb b/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb
index 3069b1f..4d1f425 100644
--- a/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb
@@ -9,7 +9,7 @@ SECTION = "security/tpm"
DEPENDS = "autoconf-archive-native bash-completion libtss2 libgcrypt openssl"

SRCREV = "6f387a4efe2049f1b4833e8f621c77231bc1eef4"
-SRC_URI = "git://github.com/tpm2-software/tpm2-tss-engine.git;branch=v1.1.x"
+SRC_URI = "git://github.com/tpm2-software/tpm2-tss-engine.git;branch=v1.1.x;protocol=https"

inherit autotools-brokensep pkgconfig systemd

diff --git a/recipes-ids/crowdsec/crowdsec_1.1.1.bb b/recipes-ids/crowdsec/crowdsec_1.1.1.bb
index 887c75d..81f2b8f 100644
--- a/recipes-ids/crowdsec/crowdsec_1.1.1.bb
+++ b/recipes-ids/crowdsec/crowdsec_1.1.1.bb
@@ -3,7 +3,7 @@ SUMMARY = "CrowdSec is a free, modern & collaborative behavior detection engine,
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://src/import/LICENSE;md5=105e75b680b2ab82fa5718661b41f3bf"

-SRC_URI = "git://github.com/crowdsecurity/crowdsec.git;branch=master"
+SRC_URI = "git://github.com/crowdsecurity/crowdsec.git;branch=master;protocol=https"
SRCREV = "73e0bbaf93070f4a640eb5a22212b5dcf26699de"

DEPENDS = "jq-native"
diff --git a/recipes-ids/ossec/ossec-hids_3.6.0.bb b/recipes-ids/ossec/ossec-hids_3.6.0.bb
index 309ca52..853facf 100644
--- a/recipes-ids/ossec/ossec-hids_3.6.0.bb
+++ b/recipes-ids/ossec/ossec-hids_3.6.0.bb
@@ -4,7 +4,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=d625d1520b5e38faefb81cf9772badc9"


DEPENDS = "openssl libpcre2 zlib libevent"
-SRC_URI = "git://github.com/ossec/ossec-hids;branch=master \
+SRC_URI = "git://github.com/ossec/ossec-hids;branch=master;protocol=https \
file://0001-Makefile-drop-running-scrips-install.patch \
file://0002-Makefile-don-t-set-uid-gid.patch \
"
diff --git a/recipes-ids/tripwire/tripwire_2.4.3.7.bb b/recipes-ids/tripwire/tripwire_2.4.3.7.bb
index 3a9bc1d..93cb443 100644
--- a/recipes-ids/tripwire/tripwire_2.4.3.7.bb
+++ b/recipes-ids/tripwire/tripwire_2.4.3.7.bb
@@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=1c069be8dbbe48e89b580ab4ed86c127"
SRCREV = "6e64a9e5b70a909ec439bc5a099e3fcf38c614b0"

SRC_URI = "\
- git://github.com/Tripwire/tripwire-open-source.git \
+ git://github.com/Tripwire/tripwire-open-source.git;branch=master;protocol=https \
file://tripwire.cron \
file://tripwire.sh \
file://tripwire.txt \
diff --git a/recipes-mac/smack/smack_1.3.1.bb b/recipes-mac/smack/smack_1.3.1.bb
index 6c2f041..79a8f5a 100644
--- a/recipes-mac/smack/smack_1.3.1.bb
+++ b/recipes-mac/smack/smack_1.3.1.bb
@@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c"

SRCREV = "4a102c7584b39ce693995ffb65e0918a9df98dd8"
SRC_URI = " \
- git://github.com/smack-team/smack.git \
+ git://github.com/smack-team/smack.git;branch=master;protocol=https \
file://smack_generator_make_fixup.patch \
file://run-ptest"

diff --git a/recipes-scanners/checksec/checksec_2.4.0.bb b/recipes-scanners/checksec/checksec_2.4.0.bb
index 12c9bce..9a6e44a 100644
--- a/recipes-scanners/checksec/checksec_2.4.0.bb
+++ b/recipes-scanners/checksec/checksec_2.4.0.bb
@@ -7,7 +7,7 @@ HOMEPAGE="https://github.com/slimm609/checksec.sh"
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=8d90285f711cf1f378e2c024457066d8"

SRCREV = "c3754e45e04f9104db93b2048afd094427102d48"
-SRC_URI = "git://github.com/slimm609/checksec.sh"
+SRC_URI = "git://github.com/slimm609/checksec.sh;branch=master;protocol=https"

S = "${WORKDIR}/git"

diff --git a/recipes-scanners/clamav/clamav_0.104.0.bb b/recipes-scanners/clamav/clamav_0.104.0.bb
index 25123dc..e59f5ff 100644
--- a/recipes-scanners/clamav/clamav_0.104.0.bb
+++ b/recipes-scanners/clamav/clamav_0.104.0.bb
@@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING.txt;beginline=2;endline=3;md5=f7029fbbc5898b2
# July 27th
SRCREV = "c389dfa4c3af92b006ada4f7595bbc3e6df3f356"

-SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=rel/0.104 \
+SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=rel/0.104;protocol=https \
file://clamd.conf \
file://freshclam.conf \
file://volatiles.03_clamav \
diff --git a/recipes-security/chipsec/chipsec_git.bb b/recipes-security/chipsec/chipsec_git.bb
index 3339dc1..e265a08 100644
--- a/recipes-security/chipsec/chipsec_git.bb
+++ b/recipes-security/chipsec/chipsec_git.bb
@@ -7,7 +7,7 @@ DESCRIPTION = "CHIPSEC is a framework for analyzing the security \
LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=bc2d1f9b427be5fb63f6af9da56f7c5d"

-SRC_URI = "git://github.com/chipsec/chipsec.git;branch=master \
+SRC_URI = "git://github.com/chipsec/chipsec.git;branch=master;protocol=https \
"

SRCREV = "b2a61684826dc8b9f622a844a40efea579cd7e7d"
diff --git a/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb b/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
index 627496f..fcf044a 100644
--- a/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
+++ b/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
@@ -10,7 +10,7 @@ LICENSE = "GPL-2.0"
LIC_FILES_CHKSUM = "file://COPYING;md5=ecabc31e90311da843753ba772885d9f"

SRCREV ="d6b884f3b72b8a42b21da863836569ef6836c2ea"
-SRC_URI = " git://github.com/fail2ban/fail2ban.git;branch=0.11 \
+SRC_URI = " git://github.com/fail2ban/fail2ban.git;branch=0.11;protocol=https \
file://initd \
file://run-ptest \
"
diff --git a/recipes-security/fscrypt/fscrypt_1.0.0.bb b/recipes-security/fscrypt/fscrypt_1.0.0.bb
index a70d310..66bf429 100644
--- a/recipes-security/fscrypt/fscrypt_1.0.0.bb
+++ b/recipes-security/fscrypt/fscrypt_1.0.0.bb
@@ -14,7 +14,7 @@ BBCLASSEXTEND = "native nativesdk"
DEPENDS += "go-dep-native libpam"

SRCREV = "92b1e9a8670ccd3916a7d24a06cab1e4c9815bc4"
-SRC_URI = "git://github.com/google/fscrypt.git"
+SRC_URI = "git://github.com/google/fscrypt.git;branch=master;protocol=https"
GO_IMPORT = "import"

S = "${WORKDIR}/git"
diff --git a/recipes-security/fscryptctl/fscryptctl_1.0.0.bb b/recipes-security/fscryptctl/fscryptctl_1.0.0.bb
index 26f549b..d319e48 100644
--- a/recipes-security/fscryptctl/fscryptctl_1.0.0.bb
+++ b/recipes-security/fscryptctl/fscryptctl_1.0.0.bb
@@ -10,7 +10,7 @@ LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"

SRCREV = "56b898c896240328adef7407090215abbe9ee03d"
-SRC_URI = "git://github.com/google/fscryptctl.git"
+SRC_URI = "git://github.com/google/fscryptctl.git;branch=master;protocol=https"

S = "${WORKDIR}/git"

diff --git a/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.08.bb b/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.08.bb
index 4ab8374..e8ddf29 100644
--- a/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.08.bb
+++ b/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.08.bb
@@ -3,7 +3,7 @@ HOME_PAGE = "https://github.com/google/google-authenticator-libpam"
LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
LICENSE = "Apache-2.0"

-SRC_URI = "git://github.com/google/google-authenticator-libpam.git"
+SRC_URI = "git://github.com/google/google-authenticator-libpam.git;branch=master;protocol=https"
SRCREV = "2c7415d950fb0b4a7f779f045910666447b100ef"

DEPENDS = "libpam"
diff --git a/recipes-security/libest/libest_3.2.0.bb b/recipes-security/libest/libest_3.2.0.bb
index fda2df4..31fbe3c 100644
--- a/recipes-security/libest/libest_3.2.0.bb
+++ b/recipes-security/libest/libest_3.2.0.bb
@@ -6,7 +6,7 @@ LICENSE = "OpenSSL"
LIC_FILES_CHKSUM = "file://LICENSE;md5=ecb78acde8e3b795de8ef6b61aed5885"

SRCREV = "4ca02c6d7540f2b1bcea278a4fbe373daac7103b"
-SRC_URI = "git://github.com/cisco/libest;branch=main"
+SRC_URI = "git://github.com/cisco/libest;branch=main;protocol=https"

DEPENDS = "openssl"

diff --git a/recipes-security/libmspack/libmspack_1.9.1.bb b/recipes-security/libmspack/libmspack_1.9.1.bb
index 8c288be..65db10f 100644
--- a/recipes-security/libmspack/libmspack_1.9.1.bb
+++ b/recipes-security/libmspack/libmspack_1.9.1.bb
@@ -7,7 +7,7 @@ DEPENDS = ""
LIC_FILES_CHKSUM = "file://COPYING.LIB;beginline=1;endline=2;md5=5b1fd1f66ef926b3c8a5bb00a72a28dd"

SRCREV = "63d3faf90423a4a6c174539a7d32111a840adadc"
-SRC_URI = "git://github.com/kyz/libmspack.git"
+SRC_URI = "git://github.com/kyz/libmspack.git;branch=master;protocol=https"

inherit autotools

diff --git a/recipes-security/ncrack/ncrack_0.7.bb b/recipes-security/ncrack/ncrack_0.7.bb
index 8b221e5..f151e4e 100644
--- a/recipes-security/ncrack/ncrack_0.7.bb
+++ b/recipes-security/ncrack/ncrack_0.7.bb
@@ -7,7 +7,7 @@ LICENSE = "GPL-2.0"
LIC_FILES_CHKSUM = "file://COPYING;beginline=7;endline=12;md5=66938a7e5b4c118eda78271de14874c2"

SRCREV = "dc570e7e3cec1fb176c0168eaedc723084bd0426"
-SRC_URI = "git://github.com/nmap/ncrack.git"
+SRC_URI = "git://github.com/nmap/ncrack.git;branch=master;protocol=https"

DEPENDS = "openssl zlib"

diff --git a/recipes-security/nikto/nikto_2.1.6.bb b/recipes-security/nikto/nikto_2.1.6.bb
index 242f3ac..8542d69 100644
--- a/recipes-security/nikto/nikto_2.1.6.bb
+++ b/recipes-security/nikto/nikto_2.1.6.bb
@@ -7,7 +7,7 @@ LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6"

SRCREV = "f1bbd1a8756c076c8fd4f4dd0bc34a8ef215ae79"
-SRC_URI = "git://github.com/sullo/nikto.git \
+SRC_URI = "git://github.com/sullo/nikto.git;branch=master;protocol=https \
file://location.patch"

S = "${WORKDIR}/git/program"
--
2.25.1


Re: preempt-rt

Monsees, Steven C (US)
 

Thanks…

 

 

From: yocto@... <yocto@...> On Behalf Of codusnocturnus via lists.yoctoproject.org
Sent: Wednesday, November 3, 2021 9:25 AM
To: yocto@...
Subject: Re: [yocto] preempt-rt

 

External Email Alert

This email has been sent from an account outside of the BAE Systems network.

Please treat the email with caution, especially if you are requested to click on a link, decrypt/open an attachment, or enable macros.  For further information on how to spot phishing, access “Cybersecurity OneSpace Page” and report phishing by clicking the button “Report Phishing” on the Outlook toolbar.

 

 

 

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐

On Wednesday, November 3rd, 2021 at 5:43 AM, Monsees, Steven C (US) via lists.yoctoproject.org <steven.monsees=baesystems.com@...> wrote:

 

 

I have a platform based off a aarm64 Xilinx based kernel, which is not a compliant mainline kernel… so, I will need to go the preemp-rt patch route.

 

Can you supply an example Yocto recipe that applies the patch, doesn’t even have to be arm based… just looking for baseline I might use to carve out support for my platform.

 

There are a few details to sort out (like finding a patch compatible with the kernel recipe you want to use, or a compromise of the two), but basically a kernel .bbappend with the following will suffice to just patch the kernel.

FILES_EXTRAPATHS_prepend := "${THISDIR}/files:"

 

After that, you need a configuration fragment to enable PREEMPT-RT in the build.

CONFIG_PREEMPT_RT=y

 

 

Thanks,

Steve

Sent with ProtonMail Secure Email.

 

 

 


Re: preempt-rt

codusnocturnus
 


‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Wednesday, November 3rd, 2021 at 6:24 AM, codusnocturnus via lists.yoctoproject.org <codusnocturnus=protonmail.com@...> wrote:



‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Wednesday, November 3rd, 2021 at 5:43 AM, Monsees, Steven C (US) via lists.yoctoproject.org <steven.monsees=baesystems.com@...> wrote:

 

I have a platform based off a aarm64 Xilinx based kernel, which is not a compliant mainline kernel… so, I will need to go the preemp-rt patch route.

 

Can you supply an example Yocto recipe that applies the patch, doesn’t even have to be arm based… just looking for baseline I might use to carve out support for my platform.


There are a few details to sort out (like finding a patch compatible with the kernel recipe you want to use, or a compromise of the two), but basically a kernel .bbappend with the following will suffice to just patch the kernel.
FILES_EXTRAPATHS_prepend := "${THISDIR}/files:"

Oops, FILES_EXTRAPATHS_prepend isn't necessary in this case.  I usually download and store the patch in my layer once I find the right one...



After that, you need a configuration fragment to enable PREEMPT-RT in the build.
CONFIG_PREEMPT_RT=y

 

Thanks,

Steve

Sent with ProtonMail Secure Email.





Re: preempt-rt

codusnocturnus
 



‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Wednesday, November 3rd, 2021 at 5:43 AM, Monsees, Steven C (US) via lists.yoctoproject.org <steven.monsees=baesystems.com@...> wrote:

 

I have a platform based off a aarm64 Xilinx based kernel, which is not a compliant mainline kernel… so, I will need to go the preemp-rt patch route.

 

Can you supply an example Yocto recipe that applies the patch, doesn’t even have to be arm based… just looking for baseline I might use to carve out support for my platform.


There are a few details to sort out (like finding a patch compatible with the kernel recipe you want to use, or a compromise of the two), but basically a kernel .bbappend with the following will suffice to just patch the kernel.
FILES_EXTRAPATHS_prepend := "${THISDIR}/files:"

After that, you need a configuration fragment to enable PREEMPT-RT in the build.
CONFIG_PREEMPT_RT=y

 

Thanks,

Steve

Sent with ProtonMail Secure Email.




Re: preempt-rt

Monsees, Steven C (US)
 

Cannot…

 

Generic preempt-rt patch bbappend should be enough…

 

 

From: Leon Woestenberg <leon@...>
Sent: Wednesday, November 3, 2021 8:59 AM
To: Monsees, Steven C (US) <steven.monsees@...>
Cc: yocto@...
Subject: Re: [yocto] preempt-rt

 

External Email Alert

This email has been sent from an account outside of the BAE Systems network.

Please treat the email with caution, especially if you are requested to click on a link, decrypt/open an attachment, or enable macros.  For further information on how to spot phishing, access “Cybersecurity OneSpace Page” and report phishing by clicking the button “Report Phishing” on the Outlook toolbar.

 

Hello Steve,

 

On Wed, 3 Nov 2021 at 13:44, Monsees, Steven C (US) via lists.yoctoproject.org <steven.monsees=baesystems.com@...> wrote:

 

I have a platform based off a aarm64 Xilinx based kernel, which is not a compliant mainline kernel… so, I will need to go the preemp-rt patch route.

 

Depends, no mainline kernel? Vendor kernel?

 

Can you share the machine name? Might be supported already in a layer with -rt.

 

Regards,

 

Leon

--

-- 
Leon Woestenberg
leon@...
T: +31 40 711 42 76
M: +31 6 472 30 372

Image removed by sender.

Sidebranch Embedded Systems
Eindhoven, The Netherlands
http://www.sidebranch.com

 


Re: [meta-selinux][dunfell][PATCH 0/3] Fix dunfell build

Jason Andryuk
 

On Wed, Oct 27, 2021 at 10:04 AM Jason Andryuk via
lists.yoctoproject.org <jandryuk=gmail.com@...>
wrote:

meta-selinux fails to build libselinux and e2fsprogs. These patches
fix that and then removes the unused e2fsprogs overrides.

Jason Andryuk (3):
e2fsprogs: Remove misc_create_inode.c-label_rootfs.patch
Remove e2fsprogs override
libselinux: Fix restorecon_set_sehandle.patch context
Ping? I'd like to unbreak meta-selinux dunfell. Other branches may
also be broken, but I'm not in a position to test that.

Thanks,
Jason

2181 - 2200 of 57387