Date   

[meta-security][hardknott][PATCH] recipes: Update SRC_URI branch and protocols

Armin Kuster
 

This patch updates SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls as generated by the conversion script
in OE-Core.

Signed-off-by: Armin Kuster <akuster808@...>
---
.../recipes-openscap/oe-scap/oe-scap_1.0.bb | 2 +-
.../recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb | 2 +-
.../recipes-openscap/openscap/openscap_1.3.3.bb | 2 +-
.../recipes-openscap/openscap/openscap_git.bb | 2 +-
.../scap-security-guide/scap-security-guide_0.1.44.bb | 2 +-
.../scap-security-guide/scap-security-guide_git.bb | 2 +-
meta-tpm/recipes-tpm/libtpm/libtpm_0.8.2.bb | 2 +-
.../recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb | 2 +-
meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb | 2 +-
meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb | 2 +-
meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb | 2 +-
meta-tpm/recipes-tpm/trousers/trousers_git.bb | 2 +-
meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb | 2 +-
meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.5.0.bb | 2 +-
meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb | 2 +-
meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb | 2 +-
meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb | 2 +-
recipes-ids/suricata/python3-suricata-update_1.2.1.bb | 2 +-
recipes-ids/tripwire/tripwire_2.4.3.7.bb | 2 +-
recipes-mac/smack/smack_1.3.1.bb | 2 +-
recipes-scanners/checksec/checksec_2.4.0.bb | 2 +-
recipes-scanners/clamav/clamav_0.104.0.bb | 2 +-
recipes-security/fail2ban/python3-fail2ban_0.11.2.bb | 2 +-
recipes-security/fscryptctl/fscryptctl_1.0.0.bb | 2 +-
.../google-authenticator-libpam_1.08.bb | 2 +-
recipes-security/libest/libest_3.2.0.bb | 2 +-
recipes-security/libmspack/libmspack_1.9.1.bb | 2 +-
recipes-security/libseccomp/libseccomp_2.5.1.bb | 2 +-
recipes-security/ncrack/ncrack_0.7.bb | 2 +-
recipes-security/nikto/nikto_2.1.6.bb | 2 +-
recipes-security/scapy/python3-scapy_2.4.4.bb | 2 +-
31 files changed, 31 insertions(+), 31 deletions(-)

diff --git a/meta-security-compliance/recipes-openscap/oe-scap/oe-scap_1.0.bb b/meta-security-compliance/recipes-openscap/oe-scap/oe-scap_1.0.bb
index fd53fcb..d75910d 100644
--- a/meta-security-compliance/recipes-openscap/oe-scap/oe-scap_1.0.bb
+++ b/meta-security-compliance/recipes-openscap/oe-scap/oe-scap_1.0.bb
@@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://README.md;md5=46dec9f167b6e05986cb4023df6d92f4"
LICENSE = "MIT"

SRCREV = "7147871d7f37d408c0dd7720ef0fd3ec1b54ad98"
-SRC_URI = "git://github.com/akuster/oe-scap.git"
+SRC_URI = "git://github.com/akuster/oe-scap.git;branch=master;protocol=https"
SRC_URI += " \
file://run_cve.sh \
file://run_test.sh \
diff --git a/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb b/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb
index a775021..ce1fdd3 100644
--- a/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb
+++ b/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb
@@ -9,7 +9,7 @@ LICENSE = "LGPL-2.1"
DEPENDS = "python3-dbus"

SRCREV = "f25b16afb6ac761fea13132ff406fba4cdfd2b76"
-SRC_URI = "git://github.com/OpenSCAP/openscap-daemon.git \
+SRC_URI = "git://github.com/OpenSCAP/openscap-daemon.git;branch=master;protocol=https \
file://0001-Renamed-module-and-variables-to-get-rid-of-async.patch \
"

diff --git a/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.3.bb b/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.3.bb
index 51fa9ee..192b008 100644
--- a/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.3.bb
+++ b/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.3.bb
@@ -3,7 +3,7 @@ SUMARRY = "NIST Certified SCAP 1.2 toolkit"
require openscap.inc

SRCREV = "0cb55c55af6be9934d6fd0caf4563b206f289732"
-SRC_URI = "git://github.com/OpenSCAP/openscap.git;branch=maint-1.3 \
+SRC_URI = "git://github.com/OpenSCAP/openscap.git;branch=maint-1.3;protocol=https \
"

DEFAULT_PREFERENCE = "-1"
diff --git a/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb b/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb
index 73a4729..a18cbd1 100644
--- a/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb
+++ b/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb
@@ -6,7 +6,7 @@ SUMARRY = "NIST Certified SCAP 1.2 toolkit with OE changes"
include openscap.inc

SRCREV = "a85943eee400fdbe59234d1c4a02d8cf710c4625"
-SRC_URI = "git://github.com/akuster/openscap.git;branch=oe-1.3 \
+SRC_URI = "git://github.com/akuster/openscap.git;branch=oe-1.3;protocol=https \
"

PV = "1.3.3+git${SRCPV}"
diff --git a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_0.1.44.bb b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_0.1.44.bb
index d80ecd7..ecf136d 100644
--- a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_0.1.44.bb
+++ b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_0.1.44.bb
@@ -1,7 +1,7 @@
SUMARRY = "SCAP content for various platforms, upstream version"

SRCREV = "8cb2d0f351faff5440742258782281164953b0a6"
-SRC_URI = "git://github.com/ComplianceAsCode/content.git"
+SRC_URI = "git://github.com/ComplianceAsCode/content.git;branch=master;protocol=https"

DEFAULT_PREFERENCE = "-1"

diff --git a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb
index 0617c56..8a22c6f 100644
--- a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb
+++ b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb
@@ -1,7 +1,7 @@
SUMARRY = "SCAP content for various platforms, OE changes"

SRCREV = "5fdfdcb2e95afbd86ace555beca5d20cbf1043ed"
-SRC_URI = "git://github.com/akuster/scap-security-guide.git;branch=oe-0.1.44; \
+SRC_URI = "git://github.com/akuster/scap-security-guide.git;branch=oe-0.1.44;protocol=https \
file://0001-Fix-XML-parsing-of-the-remediation-functions-file.patch \
file://0002-Fixed-the-broken-fix-when-greedy-regex-ate-the-whole.patch \
file://0001-fix-deprecated-instance-of-element.getchildren.patch \
diff --git a/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.2.bb b/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.2.bb
index 9784aa1..d2b3997 100644
--- a/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.2.bb
+++ b/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.2.bb
@@ -3,7 +3,7 @@ LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=e73f0786a936da3814896df06ad225a9"

SRCREV = "f66a719eda0b492ea3ec7852421a9d98db0a0621"
-SRC_URI = "git://github.com/stefanberger/libtpms.git;branch=stable-0.8"
+SRC_URI = "git://github.com/stefanberger/libtpms.git;branch=stable-0.8;protocol=https"

PE = "1"

diff --git a/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb b/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb
index 0f98b79..f55c649 100644
--- a/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb
+++ b/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb
@@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=11f0ee3af475c85b907426e285c9bb52"
DEPENDS += "openssl trousers"

SRC_URI = "\
- git://github.com/mgerstner/openssl_tpm_engine.git \
+ git://github.com/mgerstner/openssl_tpm_engine.git;branch=master;protocol=https \
file://0001-create-tpm-key-support-well-known-key-option.patch \
file://0002-libtpm-support-env-TPM_SRK_PW.patch \
file://0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch \
diff --git a/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb b/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb
index f8347b7..77f65ae 100644
--- a/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb
+++ b/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb
@@ -9,7 +9,7 @@ DEPENDS = "libtspi"
PV = "0.1+git${SRCPV}"
SRCREV = "c02ad8f628b3d99f6d4c087b402fe31a40ee6316"

-SRC_URI = "git://github.com/flihp/pcr-extend.git \
+SRC_URI = "git://github.com/flihp/pcr-extend.git;branch=master;protocol=https \
file://fix_openssl11_build.patch "

inherit autotools
diff --git a/meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb b/meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb
index caf99e8..f12acd2 100644
--- a/meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb
+++ b/meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb
@@ -10,7 +10,7 @@ DEPENDS = "libtasn1 coreutils-native expect socat glib-2.0 net-tools-native libt
DEPENDS_append = " tpm-tools-native expect-native socat-native python3-pip-native python3-cryptography-native"

SRCREV = "e59c0c1a7b4c8d652dbb280fd6126895a7057464"
-SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.5 \
+SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.5;protocol=https \
file://ioctl_h.patch \
file://oe_configure.patch \
"
diff --git a/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb b/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb
index 9e0a686..45f8a6d 100644
--- a/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb
+++ b/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb
@@ -14,7 +14,7 @@ DEPENDS_class-native = "trousers-native"

SRCREV = "bf43837575c5f7d31865562dce7778eae970052e"
SRC_URI = " \
- git://git.code.sf.net/p/trousers/tpm-tools \
+ git://git.code.sf.net/p/trousers/tpm-tools;branch=master \
file://tpm-tools-extendpcr.patch \
file://04-fix-FTBFS-clang.patch \
file://openssl1.1_fix.patch \
diff --git a/meta-tpm/recipes-tpm/trousers/trousers_git.bb b/meta-tpm/recipes-tpm/trousers/trousers_git.bb
index 32c9a49..83d3858 100644
--- a/meta-tpm/recipes-tpm/trousers/trousers_git.bb
+++ b/meta-tpm/recipes-tpm/trousers/trousers_git.bb
@@ -10,7 +10,7 @@ SRCREV = "94144b0a1dcef6e31845d6c319e9bd7357208eb9"
PV = "0.3.15+git${SRCPV}"

SRC_URI = " \
- git://git.code.sf.net/p/trousers/trousers \
+ git://git.code.sf.net/p/trousers/trousers;branch=master \
file://trousers.init.sh \
file://trousers-udev.rules \
file://tcsd.service \
diff --git a/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb b/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb
index edfcce9..9954a8e 100644
--- a/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb
@@ -13,7 +13,7 @@ DEPENDS = "autoconf-archive dbus glib-2.0 tpm2-tss glib-2.0-native \
libtss2 libtss2-mu libtss2-tcti-device libtss2-tcti-mssim"

SRC_URI = "\
- git://github.com/tpm2-software/tpm2-abrmd.git \
+ git://github.com/tpm2-software/tpm2-abrmd.git;branch=master;protocol=https \
file://tpm2-abrmd-init.sh \
file://tpm2-abrmd.default \
"
diff --git a/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.5.0.bb b/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.5.0.bb
index d53d4fa..c8fd10b 100644
--- a/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.5.0.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.5.0.bb
@@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=0fc19f620a102768d6dbd1e7166e78ab"

DEPENDS = "autoconf-archive pkgconfig dstat sqlite3 openssl libtss2-dev tpm2-tools libyaml python3-setuptools-native"

-SRC_URI = "git://github.com/tpm2-software/tpm2-pkcs11.git;branch=1.X \
+SRC_URI = "git://github.com/tpm2-software/tpm2-pkcs11.git;branch=1.X;protocol=https \
file://bootstrap_fixup.patch \
file://0001-remove-local-binary-checkes.patch"

diff --git a/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb b/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb
index a67e3c3..35274a1 100644
--- a/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb
@@ -4,7 +4,7 @@ LICENSE = "BSD-2-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da"
DEPENDS = "libtss2-dev libtss2-mu-dev gnu-efi-native gnu-efi pkgconfig autoconf-archive-native"

-SRC_URI = "git://github.com/tpm2-software/tpm2-tcti-uefi.git \
+SRC_URI = "git://github.com/tpm2-software/tpm2-tcti-uefi.git;branch=master;protocol=https \
file://configure_oe_fixup.patch \
file://0001-configure.ac-stop-inserting-host-directories-into-co.patch \
file://fix_header_file.patch \
diff --git a/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb b/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb
index dfebc07..d324e33 100644
--- a/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb
@@ -10,7 +10,7 @@ DEPENDS = "autoconf-archive libtss2-dev qrencode"
PE = "1"

SRCREV = "96a1448753a48974149003bc90ea3990ae8e8d0b"
-SRC_URI = "git://github.com/tpm2-software/tpm2-totp.git"
+SRC_URI = "git://github.com/tpm2-software/tpm2-totp.git;branch=master;protocol=https"

inherit autotools-brokensep pkgconfig

diff --git a/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb b/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb
index 5395695..137821b 100644
--- a/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb
@@ -9,7 +9,7 @@ SECTION = "security/tpm"
DEPENDS = "autoconf-archive-native bash-completion libtss2 libgcrypt openssl"

SRCREV = "6f387a4efe2049f1b4833e8f621c77231bc1eef4"
-SRC_URI = "git://github.com/tpm2-software/tpm2-tss-engine.git;branch=v1.1.x"
+SRC_URI = "git://github.com/tpm2-software/tpm2-tss-engine.git;branch=v1.1.x;protocol=https"

inherit autotools-brokensep pkgconfig systemd

diff --git a/recipes-ids/suricata/python3-suricata-update_1.2.1.bb b/recipes-ids/suricata/python3-suricata-update_1.2.1.bb
index bbdce69..c0a7960 100644
--- a/recipes-ids/suricata/python3-suricata-update_1.2.1.bb
+++ b/recipes-ids/suricata/python3-suricata-update_1.2.1.bb
@@ -6,7 +6,7 @@ LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://LICENSE;beginline=1;endline=2;md5=c70d8d3310941dcdfcd1e02800a1f548"

SRCREV = "50e857f75e576e239d8306a6ac55946a1ce252a6"
-SRC_URI = "git://github.com/OISF/suricata-update;branch='master-1.2.x'"
+SRC_URI = "git://github.com/OISF/suricata-update;branch='master-1.2.x';protocol=https"

S = "${WORKDIR}/git"

diff --git a/recipes-ids/tripwire/tripwire_2.4.3.7.bb b/recipes-ids/tripwire/tripwire_2.4.3.7.bb
index 4f50bff..b1f4765 100644
--- a/recipes-ids/tripwire/tripwire_2.4.3.7.bb
+++ b/recipes-ids/tripwire/tripwire_2.4.3.7.bb
@@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=1c069be8dbbe48e89b580ab4ed86c127"
SRCREV = "6e64a9e5b70a909ec439bc5a099e3fcf38c614b0"

SRC_URI = "\
- git://github.com/Tripwire/tripwire-open-source.git \
+ git://github.com/Tripwire/tripwire-open-source.git;branch=master;protocol=https \
file://tripwire.cron \
file://tripwire.sh \
file://tripwire.txt \
diff --git a/recipes-mac/smack/smack_1.3.1.bb b/recipes-mac/smack/smack_1.3.1.bb
index b1ea4e9..9fe40d0 100644
--- a/recipes-mac/smack/smack_1.3.1.bb
+++ b/recipes-mac/smack/smack_1.3.1.bb
@@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c"

SRCREV = "4a102c7584b39ce693995ffb65e0918a9df98dd8"
SRC_URI = " \
- git://github.com/smack-team/smack.git \
+ git://github.com/smack-team/smack.git;branch=master;protocol=https \
file://smack_generator_make_fixup.patch \
file://run-ptest"

diff --git a/recipes-scanners/checksec/checksec_2.4.0.bb b/recipes-scanners/checksec/checksec_2.4.0.bb
index 52bcf7c..f5b7137 100644
--- a/recipes-scanners/checksec/checksec_2.4.0.bb
+++ b/recipes-scanners/checksec/checksec_2.4.0.bb
@@ -7,7 +7,7 @@ HOMEPAGE="https://github.com/slimm609/checksec.sh"
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=8d90285f711cf1f378e2c024457066d8"

SRCREV = "c3754e45e04f9104db93b2048afd094427102d48"
-SRC_URI = "git://github.com/slimm609/checksec.sh"
+SRC_URI = "git://github.com/slimm609/checksec.sh;branch=master;protocol=https"

S = "${WORKDIR}/git"

diff --git a/recipes-scanners/clamav/clamav_0.104.0.bb b/recipes-scanners/clamav/clamav_0.104.0.bb
index 36e498d..a97bdf0 100644
--- a/recipes-scanners/clamav/clamav_0.104.0.bb
+++ b/recipes-scanners/clamav/clamav_0.104.0.bb
@@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING.txt;beginline=2;endline=3;md5=f7029fbbc5898b2

SRCREV = "5553a5e206ceae5d920368baee7d403f823bcb6f"

-SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=dev/0.104 \
+SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=dev/0.104;protocol=https \
file://clamd.conf \
file://freshclam.conf \
file://volatiles.03_clamav \
diff --git a/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb b/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
index b480c76..6701e08 100644
--- a/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
+++ b/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
@@ -10,7 +10,7 @@ LICENSE = "GPL-2.0"
LIC_FILES_CHKSUM = "file://COPYING;md5=ecabc31e90311da843753ba772885d9f"

SRCREV ="eea1881b734b73599a21df2bfbe58b11f78d0a46"
-SRC_URI = " git://github.com/fail2ban/fail2ban.git;branch=0.11 \
+SRC_URI = " git://github.com/fail2ban/fail2ban.git;branch=0.11;protocol=https \
file://initd \
file://fail2ban_setup.py \
file://run-ptest \
diff --git a/recipes-security/fscryptctl/fscryptctl_1.0.0.bb b/recipes-security/fscryptctl/fscryptctl_1.0.0.bb
index df76a3d..aed8c24 100644
--- a/recipes-security/fscryptctl/fscryptctl_1.0.0.bb
+++ b/recipes-security/fscryptctl/fscryptctl_1.0.0.bb
@@ -10,7 +10,7 @@ LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"

SRCREV = "56b898c896240328adef7407090215abbe9ee03d"
-SRC_URI = "git://github.com/google/fscryptctl.git"
+SRC_URI = "git://github.com/google/fscryptctl.git;branch=master;protocol=https"

S = "${WORKDIR}/git"

diff --git a/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.08.bb b/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.08.bb
index f9ca092..7181c52 100644
--- a/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.08.bb
+++ b/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.08.bb
@@ -3,7 +3,7 @@ HOME_PAGE = "https://github.com/google/google-authenticator-libpam"
LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
LICENSE = "Apache-2.0"

-SRC_URI = "git://github.com/google/google-authenticator-libpam.git"
+SRC_URI = "git://github.com/google/google-authenticator-libpam.git;branch=master;protocol=https"
SRCREV = "2c7415d950fb0b4a7f779f045910666447b100ef"

DEPENDS = "libpam"
diff --git a/recipes-security/libest/libest_3.2.0.bb b/recipes-security/libest/libest_3.2.0.bb
index 5b6dc99..fe66fc9 100644
--- a/recipes-security/libest/libest_3.2.0.bb
+++ b/recipes-security/libest/libest_3.2.0.bb
@@ -6,7 +6,7 @@ LICENSE = "OpenSSL"
LIC_FILES_CHKSUM = "file://LICENSE;md5=ecb78acde8e3b795de8ef6b61aed5885"

SRCREV = "4ca02c6d7540f2b1bcea278a4fbe373daac7103b"
-SRC_URI = "git://github.com/cisco/libest;branch=main"
+SRC_URI = "git://github.com/cisco/libest;branch=main;protocol=https"

DEPENDS = "openssl"

diff --git a/recipes-security/libmspack/libmspack_1.9.1.bb b/recipes-security/libmspack/libmspack_1.9.1.bb
index 8c288be..65db10f 100644
--- a/recipes-security/libmspack/libmspack_1.9.1.bb
+++ b/recipes-security/libmspack/libmspack_1.9.1.bb
@@ -7,7 +7,7 @@ DEPENDS = ""
LIC_FILES_CHKSUM = "file://COPYING.LIB;beginline=1;endline=2;md5=5b1fd1f66ef926b3c8a5bb00a72a28dd"

SRCREV = "63d3faf90423a4a6c174539a7d32111a840adadc"
-SRC_URI = "git://github.com/kyz/libmspack.git"
+SRC_URI = "git://github.com/kyz/libmspack.git;branch=master;protocol=https"

inherit autotools

diff --git a/recipes-security/libseccomp/libseccomp_2.5.1.bb b/recipes-security/libseccomp/libseccomp_2.5.1.bb
index 40ac1a8..593d08e 100644
--- a/recipes-security/libseccomp/libseccomp_2.5.1.bb
+++ b/recipes-security/libseccomp/libseccomp_2.5.1.bb
@@ -8,7 +8,7 @@ DEPENDS += "gperf-native"

SRCREV = "4bf70431a339a2886ab8c82e9a45378f30c6e6c7"

-SRC_URI = "git://github.com/seccomp/libseccomp.git;branch=release-2.5 \
+SRC_URI = "git://github.com/seccomp/libseccomp.git;branch=release-2.5;protocol=https \
file://run-ptest \
"

diff --git a/recipes-security/ncrack/ncrack_0.7.bb b/recipes-security/ncrack/ncrack_0.7.bb
index ba26965..0b732bc 100644
--- a/recipes-security/ncrack/ncrack_0.7.bb
+++ b/recipes-security/ncrack/ncrack_0.7.bb
@@ -7,7 +7,7 @@ LICENSE = "GPL-2.0"
LIC_FILES_CHKSUM = "file://COPYING;beginline=7;endline=12;md5=66938a7e5b4c118eda78271de14874c2"

SRCREV = "dc570e7e3cec1fb176c0168eaedc723084bd0426"
-SRC_URI = "git://github.com/nmap/ncrack.git"
+SRC_URI = "git://github.com/nmap/ncrack.git;branch=master;protocol=https"

DEPENDS = "openssl zlib"

diff --git a/recipes-security/nikto/nikto_2.1.6.bb b/recipes-security/nikto/nikto_2.1.6.bb
index 615cc30..003fb39 100644
--- a/recipes-security/nikto/nikto_2.1.6.bb
+++ b/recipes-security/nikto/nikto_2.1.6.bb
@@ -7,7 +7,7 @@ LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6"

SRCREV = "f1bbd1a8756c076c8fd4f4dd0bc34a8ef215ae79"
-SRC_URI = "git://github.com/sullo/nikto.git \
+SRC_URI = "git://github.com/sullo/nikto.git;branch=master;protocol=https \
file://location.patch"

S = "${WORKDIR}/git/program"
diff --git a/recipes-security/scapy/python3-scapy_2.4.4.bb b/recipes-security/scapy/python3-scapy_2.4.4.bb
index 8d81ed1..2463ea3 100644
--- a/recipes-security/scapy/python3-scapy_2.4.4.bb
+++ b/recipes-security/scapy/python3-scapy_2.4.4.bb
@@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263"
S = "${WORKDIR}/git"

SRCREV = "95ba5b8504152a1f820bbe679ccf03668cb5118f"
-SRC_URI = "git://github.com/secdev/scapy.git \
+SRC_URI = "git://github.com/secdev/scapy.git;branch=master;protocol=https \
file://run-ptest"

S = "${WORKDIR}/git"
--
2.25.1


[meta-zephyr][PATCH] zephyr-kernel-src: specify nobranch to avoid warnings

Jon Mason
 

bitbake is now warning on git trees not having branches specified, with
errors similar to below:
WARNING: URL: git://github.com/zephyrproject-rtos/cmsis.git;protocol=https;destsuffix=git/modules/cmsis;name=cmsis does not set any branch parameter. The future default branch used by tools and repositories is uncertain and we will therefore soon require this is set in all git urls.

To get around this issue, specify "no-branch=1" for all SRC_URIs that do
not have a branch listed.

Signed-off-by: Jon Mason <jon.mason@...>
---
.../zephyr-kernel/zephyr-kernel-src.inc | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/recipes-kernel/zephyr-kernel/zephyr-kernel-src.inc b/recipes-kernel/zephyr-kernel/zephyr-kernel-src.inc
index 3a2250d880ca..d8dd3abc20f6 100644
--- a/recipes-kernel/zephyr-kernel/zephyr-kernel-src.inc
+++ b/recipes-kernel/zephyr-kernel/zephyr-kernel-src.inc
@@ -10,14 +10,14 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/files:"

SRC_URI = "\
git://github.com/zephyrproject-rtos/zephyr.git;protocol=https;branch=${ZEPHYR_BRANCH};name=default \
- git://github.com/zephyrproject-rtos/cmsis.git;protocol=https;destsuffix=git/modules/cmsis;name=cmsis \
- git://github.com/zephyrproject-rtos/hal_nordic.git;protocol=https;destsuffix=git/modules/hal/nordic;name=nordic \
- git://github.com/zephyrproject-rtos/hal_stm32.git;branch=main;protocol=https;destsuffix=git/modules/hal/stm32;name=stm32 \
- git://github.com/zephyrproject-rtos/mbedtls.git;protocol=https;destsuffix=git/modules/lib/mbedtls;name=mbedtls \
- git://github.com/zephyrproject-rtos/open-amp.git;protocol=https;destsuffix=git/modules/lib/open-amp;name=open-amp \
- git://github.com/zephyrproject-rtos/openthread.git;protocol=https;branch=zephyr;destsuffix=git/modules/lib/openthread;name=openthread \
- git://github.com/zephyrproject-rtos/libmetal.git;protocol=https;destsuffix=git/modules/hal/libmetal;name=libmetal \
- git://github.com/zephyrproject-rtos/tinycrypt.git;protocol=https;destsuffix=git/modules/crypto/tinycrypt;name=tinycrypt \
+ git://github.com/zephyrproject-rtos/cmsis.git;protocol=https;nobranch=1;destsuffix=git/modules/cmsis;name=cmsis \
+ git://github.com/zephyrproject-rtos/hal_nordic.git;protocol=https;nobranch=1;destsuffix=git/modules/hal/nordic;name=nordic \
+ git://github.com/zephyrproject-rtos/hal_stm32.git;protocol=https;branch=main;destsuffix=git/modules/hal/stm32;name=stm32 \
+ git://github.com/zephyrproject-rtos/mbedtls.git;protocol=https;nobranch=1;destsuffix=git/modules/lib/mbedtls;name=mbedtls \
+ git://github.com/zephyrproject-rtos/open-amp.git;protocol=https;nobranch=1;destsuffix=git/modules/lib/open-amp;name=open-amp \
+ git://github.com/zephyrproject-rtos/openthread.git;protocol=https;nobranch=1;branch=zephyr;destsuffix=git/modules/lib/openthread;name=openthread \
+ git://github.com/zephyrproject-rtos/libmetal.git;protocol=https;nobranch=1;destsuffix=git/modules/hal/libmetal;name=libmetal \
+ git://github.com/zephyrproject-rtos/tinycrypt.git;protocol=https;nobranch=1;destsuffix=git/modules/crypto/tinycrypt;name=tinycrypt \
"
S = "${WORKDIR}/git"

--
2.20.1


Re: #golang Build tools required during go generate #golang

Bruce Ashfield
 

I tweaked the recipe a bit (you should use SRCREV, versus a tag), etc,
and added some link flags to make things static.

This tends to be why I write my own do_compile for go applications, so
I can use the provided Makefiles when possible (although there were a
few bad things in the project Makefile .. so using the built in
go.bbclass works just as well).

The almost-no-testing recipe is here:

https://git.yoctoproject.org/cgit/cgit.cgi/meta-virtualization/commit/?h=easyjson&id=b64de1f188e6f675cadf02c77bc72b06ed728eeb

I did see segfaults with other combinations of flags, but I didn't go
back to isolate if all of my tweaks are required or not.

build [/home/bruc...9d7f52f-r0]> ./build/bin/easyjson
Usage of ./build/bin/easyjson:

Bruce


Bruce

On Sat, Nov 6, 2021 at 10:14 AM Sebastian Rühl <sebastian@...> wrote:

Sure here you go:



```

SUMMARY = "easyjson"

DESCRIPTION = "easy json command util"

HOMEPAGE = "https://github.com/mailru/easyjson"

LICENSE = "MIT"

LIC_FILES_CHKSUM = "file://src/${GO_IMPORT}/LICENSE;md5=819e81c2ec13e1bbc47dc5e90bb4d88b"



RDEPENDS_${PN}-dev += "bash"



SRC_URI = "git://${GO_IMPORT};nobranch=1;protocol=https"

SRCREV = "v${PV}"



GO_IMPORT = "github.com/mailru/easyjson"

GO_WORKDIR ?= "${GO_IMPORT}/easyjson"



GO_LINKSHARED = ""

export CGO_ENABLED = "0"



inherit go-mod

BBCLASSEXTEND = "native"

# Upstream class "forgot" this argument

GOBUILDFLAGS:append = " -trimpath"



INSANE_SKIP = "arch"

```



Sebastian



Von: Bruce Ashfield <bruce.ashfield@...>
Datum: Freitag, 5. November 2021 um 21:51
An: Sebastian Rühl <sebastian@...>
Cc: Khem Raj <raj.khem@...>, yocto@... <yocto@...>
Betreff: Re: [yocto] #golang Build tools required during go generate

On Fri, Nov 5, 2021 at 3:18 PM Sebastian Rühl <sebastian@...> wrote:

Yep might be… For me that’s desirable as these a built-utils, it’s golang and I see no benefit in having them dynamically linked anyay. Any tips how to statically link these? As far as I understand the golang classes do dynamic linking by default. Btw. I’m using the backported 1.16 versions from hardknot but I don’t think that matters as our “main” application works just perfectly fine on the target hardware.



I tried:

GO_LINKSHARED = ""

export CGO_ENABLED = "0"
It varies based on the application, the ones I've dealt with, tend to
have a -static flag.

Of course, the flag may not be exposed, and in those scenarios, I
patch the Makefile/build.

If you have public repos, or a pointer to the source of the
applications, I could have a look to see if there's anything I can
specifically recommend.

Bruce




But it didn’t help ☹



Sebastian



Von: Bruce Ashfield <bruce.ashfield@...>
Datum: Freitag, 5. November 2021 um 20:07
An: Sebastian Rühl <sebastian@...>
Cc: Khem Raj <raj.khem@...>, yocto@... <yocto@...>
Betreff: Re: [yocto] #golang Build tools required during go generate

I'd bet it is a variant of this:

https://bugzilla.yoctoproject.org/show_bug.cgi?id=14386

Bruce

On Fri, Nov 5, 2021 at 2:58 PM Sebastian Rühl <sebastian@...> wrote:

Here some outputs:



Bitbake -c devshell target-recipe

sh-4.4# easyjson

Segmentation fault

sh-4.4# strace easyjson

execve("/workdir/build/tmp/work/aarch64-fslc-linux/datadog-agent/7.31.1-r0/recipe-sysroot-native/usr/bin/easyjson", ["easyjson"], 0x7ffc7e88d530 /* 138 vars */) = 0

brk(NULL) = 0x556083886000

arch_prctl(0x3001 /* ARCH_??? */, 0x7fffd54fcc80) = -1 EINVAL (Invalid argument)

--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x556083a1d000} ---

+++ killed by SIGSEGV +++

Segmentation fault

sh-4.4# file $(which easyjson)

/workdir/build/tmp/work/aarch64-fslc-linux/datadog-agent/7.31.1-r0/recipe-sysroot-native/usr/bin/easyjson: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/ld-linux-x86-64.so.2, stripped

sh-4.4# gdb $(which easyjson)

GNU gdb (Ubuntu 8.1.1-0ubuntu1) 8.1.1

Copyright (C) 2018 Free Software Foundation, Inc.

License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law. Type "show copying"

and "show warranty" for details.

This GDB was configured as "x86_64-linux-gnu".

Type "show configuration" for configuration details.

For bug reporting instructions, please see:

<http://www.gnu.org/software/gdb/bugs/>.

Find the GDB manual and other documentation resources online at:

<http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".

Type "apropos word" to search for commands related to "word"...

Reading symbols from /workdir/build/tmp/work/aarch64-fslc-linux/datadog-agent/7.31.1-r0/recipe-sysroot-native/usr/bin/easyjson...(no debugging symbols found)...done.

(gdb) run

Starting program: /workdir/build/tmp/work/aarch64-fslc-linux/datadog-agent/7.31.1-r0/recipe-sysroot-native/usr/bin/easyjson

warning: Error disabling address space randomization: Operation not permitted

BFD: warning: /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/ld-linux-x86-64.so.2: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010001

BFD: warning: /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/ld-linux-x86-64.so.2: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010002

BFD: warning: /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/.debug/ld-2.33.so: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010001

BFD: warning: /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/.debug/ld-2.33.so: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010002



Program received signal SIGSEGV, Segmentation fault.

0x00007fcfd962c2fa in strcmp () from /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/ld-linux-x86-64.so.2

(gdb)



Hope that helps….



Small background: Yocto on dunfell, build with poky docker image



Von: Khem Raj <raj.khem@...>
Datum: Freitag, 5. November 2021 um 18:29
An: Sebastian Rühl <sebastian@...>, yocto@... <yocto@...>
Betreff: Re: [yocto] #golang Build tools required during go generate



On 11/5/21 7:32 AM, sebastian@... wrote:
Hi yoto-devs/users,

in order to get a golang application to run which relies on `go
generate` calls I wrote special recipes for this tools and include them
in my original recipe. However I always get a segmentation fault.
In the tools (which happens to be based on golang too) I use [1] in the
recipes and in the recipe I want to use them I include them via [2].
However if for example enter the dev-shell or during build I get a
segmentation fault although the binary seems to be compiled for the
right architecture (host-amd64).
Is there something wrong I try to use that?
do you have stack trace ? that might give some more info on whats going on


Sebastian

[1]
inherit go-mod
BBCLASSEXTEND = "native"
[2]
DEPENDS += "random-go-tool-needed-by-recipe-native"






--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


Re: #golang Build tools required during go generate #golang

Sebastian Rühl
 

Sure here you go:

 

```

SUMMARY = "easyjson"

DESCRIPTION = "easy json command util"

HOMEPAGE = "https://github.com/mailru/easyjson"

LICENSE = "MIT"

LIC_FILES_CHKSUM = "file://src/${GO_IMPORT}/LICENSE;md5=819e81c2ec13e1bbc47dc5e90bb4d88b"

 

RDEPENDS_${PN}-dev += "bash"

 

SRC_URI = "git://${GO_IMPORT};nobranch=1;protocol=https"

SRCREV = "v${PV}"

 

GO_IMPORT = "github.com/mailru/easyjson"

GO_WORKDIR ?= "${GO_IMPORT}/easyjson"

 

GO_LINKSHARED = ""

export CGO_ENABLED = "0"

 

inherit go-mod

BBCLASSEXTEND = "native"

# Upstream class "forgot" this argument

GOBUILDFLAGS:append = " -trimpath"

 

INSANE_SKIP = "arch"

```

 

Sebastian

 

Von: Bruce Ashfield <bruce.ashfield@...>
Datum: Freitag, 5. November 2021 um 21:51
An: Sebastian Rühl <sebastian@...>
Cc: Khem Raj <raj.khem@...>, yocto@... <yocto@...>
Betreff: Re: [yocto] #golang Build tools required during go generate

On Fri, Nov 5, 2021 at 3:18 PM Sebastian Rühl <sebastian@...> wrote:
>
> Yep might be… For me that’s desirable as these a built-utils, it’s golang and I see no benefit in having them dynamically linked anyay. Any tips how to statically link these? As far as I understand the golang classes do dynamic linking by default. Btw. I’m using the backported 1.16 versions from hardknot but I don’t think that matters as our “main” application works just perfectly fine on the target hardware.
>
>
>
> I tried:
>
> GO_LINKSHARED = ""
>
> export CGO_ENABLED = "0"

It varies based on the application, the ones I've dealt with, tend to
have a -static flag.

Of course, the flag may not be exposed, and in those scenarios, I
patch the Makefile/build.

If you have public repos, or a pointer to the source of the
applications, I could have a look to see if there's anything I can
specifically recommend.

Bruce

>
>
>
> But it didn’t help
>
>
>
> Sebastian
>
>
>
> Von: Bruce Ashfield <bruce.ashfield@...>
> Datum: Freitag, 5. November 2021 um 20:07
> An: Sebastian Rühl <sebastian@...>
> Cc: Khem Raj <raj.khem@...>, yocto@... <yocto@...>
> Betreff: Re: [yocto] #golang Build tools required during go generate
>
> I'd bet it is a variant of this:
>
> https://bugzilla.yoctoproject.org/show_bug.cgi?id=14386
>
> Bruce
>
> On Fri, Nov 5, 2021 at 2:58 PM Sebastian Rühl <sebastian@...> wrote:
> >
> > Here some outputs:
> >
> >
> >
> > Bitbake -c devshell target-recipe
> >
> > sh-4.4# easyjson
> >
> > Segmentation fault
> >
> > sh-4.4# strace easyjson
> >
> > execve("/workdir/build/tmp/work/aarch64-fslc-linux/datadog-agent/7.31.1-r0/recipe-sysroot-native/usr/bin/easyjson", ["easyjson"], 0x7ffc7e88d530 /* 138 vars */) = 0
> >
> > brk(NULL)                               = 0x556083886000
> >
> > arch_prctl(0x3001 /* ARCH_??? */, 0x7fffd54fcc80) = -1 EINVAL (Invalid argument)
> >
> > --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x556083a1d000} ---
> >
> > +++ killed by SIGSEGV +++
> >
> > Segmentation fault
> >
> > sh-4.4# file $(which easyjson)
> >
> > /workdir/build/tmp/work/aarch64-fslc-linux/datadog-agent/7.31.1-r0/recipe-sysroot-native/usr/bin/easyjson: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/ld-linux-x86-64.so.2, stripped
> >
> > sh-4.4# gdb $(which easyjson)
> >
> > GNU gdb (Ubuntu 8.1.1-0ubuntu1) 8.1.1
> >
> > Copyright (C) 2018 Free Software Foundation, Inc.
> >
> > License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
> >
> > This is free software: you are free to change and redistribute it.
> >
> > There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
> >
> > and "show warranty" for details.
> >
> > This GDB was configured as "x86_64-linux-gnu".
> >
> > Type "show configuration" for configuration details.
> >
> > For bug reporting instructions, please see:
> >
> > <http://www.gnu.org/software/gdb/bugs/>.
> >
> > Find the GDB manual and other documentation resources online at:
> >
> > <http://www.gnu.org/software/gdb/documentation/>.
> >
> > For help, type "help".
> >
> > Type "apropos word" to search for commands related to "word"...
> >
> > Reading symbols from /workdir/build/tmp/work/aarch64-fslc-linux/datadog-agent/7.31.1-r0/recipe-sysroot-native/usr/bin/easyjson...(no debugging symbols found)...done.
> >
> > (gdb) run
> >
> > Starting program: /workdir/build/tmp/work/aarch64-fslc-linux/datadog-agent/7.31.1-r0/recipe-sysroot-native/usr/bin/easyjson
> >
> > warning: Error disabling address space randomization: Operation not permitted
> >
> > BFD: warning: /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/ld-linux-x86-64.so.2: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010001
> >
> > BFD: warning: /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/ld-linux-x86-64.so.2: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010002
> >
> > BFD: warning: /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/.debug/ld-2.33.so: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010001
> >
> > BFD: warning: /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/.debug/ld-2.33.so: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010002
> >
> >
> >
> > Program received signal SIGSEGV, Segmentation fault.
> >
> > 0x00007fcfd962c2fa in strcmp () from /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/ld-linux-x86-64.so.2
> >
> > (gdb)
> >
> >
> >
> > Hope that helps….
> >
> >
> >
> > Small background: Yocto on dunfell, build with poky docker image
> >
> >
> >
> > Von: Khem Raj <raj.khem@...>
> > Datum: Freitag, 5. November 2021 um 18:29
> > An: Sebastian Rühl <sebastian@...>, yocto@... <yocto@...>
> > Betreff: Re: [yocto] #golang Build tools required during go generate
> >
> >
> >
> > On 11/5/21 7:32 AM, sebastian@... wrote:
> > > Hi yoto-devs/users,
> > >
> > > in order to get a golang application to run which relies on `go
> > > generate` calls I wrote special recipes for this tools and include them
> > > in my original recipe. However I always get a segmentation fault.
> > > In the tools (which happens to be based on golang too) I use [1] in the
> > > recipes and in the recipe I want to use them I include them via [2].
> > > However if for example enter the dev-shell or during build I get a
> > > segmentation fault although the binary seems to be compiled for the
> > > right architecture (host-amd64).
> > > Is there something wrong I try to use that?
> >
> > do you have stack trace ? that might give some more info on whats going on
> >
> > >
> > > Sebastian
> > >
> > > [1]
> > > inherit go-mod
> > > BBCLASSEXTEND = "native"
> > > [2]
> > > DEPENDS += "random-go-tool-needed-by-recipe-native"
> > >
> > >
> > >
> > >
> >
> >
> >
> >
>
>
> --
> - Thou shalt not follow the NULL pointer, for chaos and madness await
> thee at its end
> - "Use the force Harry" - Gandalf, Star Trek II



--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


[meta-mingw] [PATCH] flex: Add missing dependency on libgnurx

Khem Raj
 

Signed-off-by: Khem Raj <raj.khem@...>
---
recipes-devtools/flex/flex_%.bbappend | 3 +++
1 file changed, 3 insertions(+)
create mode 100644 recipes-devtools/flex/flex_%.bbappend

diff --git a/recipes-devtools/flex/flex_%.bbappend b/recipes-devtools/flex/flex_%.bbappend
new file mode 100644
index 0000000..898c75a
--- /dev/null
+++ b/recipes-devtools/flex/flex_%.bbappend
@@ -0,0 +1,3 @@
+FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
+
+DEPENDS:append:class-nativesdk:mingw32 = " nativesdk-mingw-libgnurx"
--
2.33.1


[meta-security][honister][PATCH] recipes: Update SRC_URI branch and protocols

Armin Kuster
 

This patch updates SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls as generated by the conversion script
in OE-Core.

Signed-off-by: Armin Kuster <akuster808@...>
(cherry picked from commit 7e27eb5fca7a22e82251f79103bb12d2b70307fb)
---
.../recipes-openscap/oe-scap/oe-scap_1.0.bb | 2 +-
.../recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb | 2 +-
.../recipes-openscap/openscap/openscap_1.3.3.bb | 2 +-
.../recipes-openscap/openscap/openscap_git.bb | 2 +-
.../scap-security-guide/scap-security-guide_0.1.44.bb | 2 +-
.../scap-security-guide/scap-security-guide_git.bb | 2 +-
meta-tpm/recipes-tpm/libtpm/libtpm_0.8.7.bb | 2 +-
.../recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb | 2 +-
meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb | 2 +-
meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb | 2 +-
meta-tpm/recipes-tpm/tpm-quote-tools/tpm-quote-tools_1.0.4.bb | 2 +-
meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb | 2 +-
meta-tpm/recipes-tpm/trousers/trousers_git.bb | 2 +-
meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb | 2 +-
meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.6.0.bb | 2 +-
meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb | 2 +-
meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb | 2 +-
meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb | 2 +-
recipes-ids/crowdsec/crowdsec_1.1.1.bb | 2 +-
recipes-ids/ossec/ossec-hids_3.6.0.bb | 2 +-
recipes-ids/tripwire/tripwire_2.4.3.7.bb | 2 +-
recipes-mac/smack/smack_1.3.1.bb | 2 +-
recipes-scanners/checksec/checksec_2.4.0.bb | 2 +-
recipes-scanners/clamav/clamav_0.104.0.bb | 2 +-
recipes-security/chipsec/chipsec_git.bb | 2 +-
recipes-security/fail2ban/python3-fail2ban_0.11.2.bb | 2 +-
recipes-security/fscrypt/fscrypt_1.0.0.bb | 2 +-
recipes-security/fscryptctl/fscryptctl_1.0.0.bb | 2 +-
.../google-authenticator-libpam_1.08.bb | 2 +-
recipes-security/libest/libest_3.2.0.bb | 2 +-
recipes-security/libmspack/libmspack_1.9.1.bb | 2 +-
recipes-security/ncrack/ncrack_0.7.bb | 2 +-
recipes-security/nikto/nikto_2.1.6.bb | 2 +-
33 files changed, 33 insertions(+), 33 deletions(-)

diff --git a/meta-security-compliance/recipes-openscap/oe-scap/oe-scap_1.0.bb b/meta-security-compliance/recipes-openscap/oe-scap/oe-scap_1.0.bb
index 0fef233..7e9f214 100644
--- a/meta-security-compliance/recipes-openscap/oe-scap/oe-scap_1.0.bb
+++ b/meta-security-compliance/recipes-openscap/oe-scap/oe-scap_1.0.bb
@@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://README.md;md5=46dec9f167b6e05986cb4023df6d92f4"
LICENSE = "MIT"

SRCREV = "7147871d7f37d408c0dd7720ef0fd3ec1b54ad98"
-SRC_URI = "git://github.com/akuster/oe-scap.git"
+SRC_URI = "git://github.com/akuster/oe-scap.git;branch=master;protocol=https"
SRC_URI += " \
file://run_cve.sh \
file://run_test.sh \
diff --git a/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb b/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb
index f109566..549a888 100644
--- a/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb
+++ b/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb
@@ -9,7 +9,7 @@ LICENSE = "LGPL-2.1"
DEPENDS = "python3-dbus"

SRCREV = "f25b16afb6ac761fea13132ff406fba4cdfd2b76"
-SRC_URI = "git://github.com/OpenSCAP/openscap-daemon.git \
+SRC_URI = "git://github.com/OpenSCAP/openscap-daemon.git;branch=master;protocol=https \
file://0001-Renamed-module-and-variables-to-get-rid-of-async.patch \
"

diff --git a/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.3.bb b/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.3.bb
index 51fa9ee..192b008 100644
--- a/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.3.bb
+++ b/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.3.bb
@@ -3,7 +3,7 @@ SUMARRY = "NIST Certified SCAP 1.2 toolkit"
require openscap.inc

SRCREV = "0cb55c55af6be9934d6fd0caf4563b206f289732"
-SRC_URI = "git://github.com/OpenSCAP/openscap.git;branch=maint-1.3 \
+SRC_URI = "git://github.com/OpenSCAP/openscap.git;branch=maint-1.3;protocol=https \
"

DEFAULT_PREFERENCE = "-1"
diff --git a/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb b/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb
index 73a4729..a18cbd1 100644
--- a/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb
+++ b/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb
@@ -6,7 +6,7 @@ SUMARRY = "NIST Certified SCAP 1.2 toolkit with OE changes"
include openscap.inc

SRCREV = "a85943eee400fdbe59234d1c4a02d8cf710c4625"
-SRC_URI = "git://github.com/akuster/openscap.git;branch=oe-1.3 \
+SRC_URI = "git://github.com/akuster/openscap.git;branch=oe-1.3;protocol=https \
"

PV = "1.3.3+git${SRCPV}"
diff --git a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_0.1.44.bb b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_0.1.44.bb
index d80ecd7..ecf136d 100644
--- a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_0.1.44.bb
+++ b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_0.1.44.bb
@@ -1,7 +1,7 @@
SUMARRY = "SCAP content for various platforms, upstream version"

SRCREV = "8cb2d0f351faff5440742258782281164953b0a6"
-SRC_URI = "git://github.com/ComplianceAsCode/content.git"
+SRC_URI = "git://github.com/ComplianceAsCode/content.git;branch=master;protocol=https"

DEFAULT_PREFERENCE = "-1"

diff --git a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb
index 0617c56..ddde5cc 100644
--- a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb
+++ b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb
@@ -1,7 +1,7 @@
SUMARRY = "SCAP content for various platforms, OE changes"

SRCREV = "5fdfdcb2e95afbd86ace555beca5d20cbf1043ed"
-SRC_URI = "git://github.com/akuster/scap-security-guide.git;branch=oe-0.1.44; \
+SRC_URI = "git://github.com/akuster/scap-security-guide.git;branch=oe-0.1.44;;protocol=https \
file://0001-Fix-XML-parsing-of-the-remediation-functions-file.patch \
file://0002-Fixed-the-broken-fix-when-greedy-regex-ate-the-whole.patch \
file://0001-fix-deprecated-instance-of-element.getchildren.patch \
diff --git a/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.7.bb b/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.7.bb
index 95ba5c5..8fe62cf 100644
--- a/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.7.bb
+++ b/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.7.bb
@@ -3,7 +3,7 @@ LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=e73f0786a936da3814896df06ad225a9"

SRCREV = "f6dd8f55eab4910131ec6a6a570dcd7951bd10e4"
-SRC_URI = "git://github.com/stefanberger/libtpms.git;branch=stable-0.8"
+SRC_URI = "git://github.com/stefanberger/libtpms.git;branch=stable-0.8;protocol=https"

PE = "1"

diff --git a/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb b/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb
index 9ad8967..687ddac 100644
--- a/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb
+++ b/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb
@@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=11f0ee3af475c85b907426e285c9bb52"
DEPENDS += "openssl trousers"

SRC_URI = "\
- git://github.com/mgerstner/openssl_tpm_engine.git \
+ git://github.com/mgerstner/openssl_tpm_engine.git;branch=master;protocol=https \
file://0001-create-tpm-key-support-well-known-key-option.patch \
file://0002-libtpm-support-env-TPM_SRK_PW.patch \
file://0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch \
diff --git a/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb b/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb
index f8347b7..77f65ae 100644
--- a/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb
+++ b/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb
@@ -9,7 +9,7 @@ DEPENDS = "libtspi"
PV = "0.1+git${SRCPV}"
SRCREV = "c02ad8f628b3d99f6d4c087b402fe31a40ee6316"

-SRC_URI = "git://github.com/flihp/pcr-extend.git \
+SRC_URI = "git://github.com/flihp/pcr-extend.git;branch=master;protocol=https \
file://fix_openssl11_build.patch "

inherit autotools
diff --git a/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb b/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb
index c7fc131..63734b9 100644
--- a/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb
+++ b/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb
@@ -7,7 +7,7 @@ SECTION = "apps"
DEPENDS = "libtasn1 coreutils-native expect-native socat-native glib-2.0 net-tools-native libtpm json-glib"

SRCREV = "98187d24fe14851653a7c46eb16e9c5f0b9beaa1"
-SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.6 \
+SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.6;protocol=https \
file://ioctl_h.patch \
file://oe_configure.patch \
"
diff --git a/meta-tpm/recipes-tpm/tpm-quote-tools/tpm-quote-tools_1.0.4.bb b/meta-tpm/recipes-tpm/tpm-quote-tools/tpm-quote-tools_1.0.4.bb
index 53cf8ff..4672bba 100644
--- a/meta-tpm/recipes-tpm/tpm-quote-tools/tpm-quote-tools_1.0.4.bb
+++ b/meta-tpm/recipes-tpm/tpm-quote-tools/tpm-quote-tools_1.0.4.bb
@@ -15,7 +15,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=8ec30b01163d242ecf07d9cd84e3611f"

DEPENDS = "libtspi tpm-tools"

-SRC_URI = "git://git.code.sf.net/p/tpmquotetools/tpm-quote-tools"
+SRC_URI = "git://git.code.sf.net/p/tpmquotetools/tpm-quote-tools;branch=master"
SRCREV = "4511874d5c9b4504bb96e94f8a14bd6c39a36295"

S = "${WORKDIR}/git"
diff --git a/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb b/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb
index dbe1647..3b3da4f 100644
--- a/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb
+++ b/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb
@@ -14,7 +14,7 @@ DEPENDS:class-native = "trousers-native"

SRCREV = "bf43837575c5f7d31865562dce7778eae970052e"
SRC_URI = " \
- git://git.code.sf.net/p/trousers/tpm-tools \
+ git://git.code.sf.net/p/trousers/tpm-tools;branch=master \
file://tpm-tools-extendpcr.patch \
file://04-fix-FTBFS-clang.patch \
file://openssl1.1_fix.patch \
diff --git a/meta-tpm/recipes-tpm/trousers/trousers_git.bb b/meta-tpm/recipes-tpm/trousers/trousers_git.bb
index 5e03b71..192c66c 100644
--- a/meta-tpm/recipes-tpm/trousers/trousers_git.bb
+++ b/meta-tpm/recipes-tpm/trousers/trousers_git.bb
@@ -10,7 +10,7 @@ SRCREV = "94144b0a1dcef6e31845d6c319e9bd7357208eb9"
PV = "0.3.15+git${SRCPV}"

SRC_URI = " \
- git://git.code.sf.net/p/trousers/trousers \
+ git://git.code.sf.net/p/trousers/trousers;branch=master \
file://trousers.init.sh \
file://trousers-udev.rules \
file://tcsd.service \
diff --git a/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb b/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb
index b80ef79..1818171 100644
--- a/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb
@@ -13,7 +13,7 @@ DEPENDS = "autoconf-archive dbus glib-2.0 tpm2-tss glib-2.0-native \
libtss2 libtss2-mu libtss2-tcti-device libtss2-tcti-mssim"

SRC_URI = "\
- git://github.com/tpm2-software/tpm2-abrmd.git \
+ git://github.com/tpm2-software/tpm2-abrmd.git;branch=master;protocol=https \
file://tpm2-abrmd-init.sh \
file://tpm2-abrmd.default \
"
diff --git a/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.6.0.bb b/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.6.0.bb
index fdeda26..ef0c642 100644
--- a/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.6.0.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.6.0.bb
@@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=0fc19f620a102768d6dbd1e7166e78ab"

DEPENDS = "autoconf-archive pkgconfig dstat sqlite3 openssl libtss2-dev tpm2-tools libyaml p11-kit python3-setuptools-native"

-SRC_URI = "git://github.com/tpm2-software/tpm2-pkcs11.git;branch=master \
+SRC_URI = "git://github.com/tpm2-software/tpm2-pkcs11.git;branch=master;protocol=https \
file://bootstrap_fixup.patch \
file://0001-remove-local-binary-checkes.patch \
file://677.patch \
diff --git a/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb b/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb
index 47113d2..2bf1eed 100644
--- a/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb
@@ -4,7 +4,7 @@ LICENSE = "BSD-2-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da"
DEPENDS = "libtss2-dev libtss2-mu-dev gnu-efi-native gnu-efi pkgconfig autoconf-archive-native"

-SRC_URI = "git://github.com/tpm2-software/tpm2-tcti-uefi.git \
+SRC_URI = "git://github.com/tpm2-software/tpm2-tcti-uefi.git;branch=master;protocol=https \
file://configure_oe_fixup.patch \
file://0001-configure.ac-stop-inserting-host-directories-into-co.patch \
file://fix_header_file.patch \
diff --git a/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb b/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb
index dfebc07..d324e33 100644
--- a/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb
@@ -10,7 +10,7 @@ DEPENDS = "autoconf-archive libtss2-dev qrencode"
PE = "1"

SRCREV = "96a1448753a48974149003bc90ea3990ae8e8d0b"
-SRC_URI = "git://github.com/tpm2-software/tpm2-totp.git"
+SRC_URI = "git://github.com/tpm2-software/tpm2-totp.git;branch=master;protocol=https"

inherit autotools-brokensep pkgconfig

diff --git a/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb b/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb
index 3069b1f..4d1f425 100644
--- a/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb
@@ -9,7 +9,7 @@ SECTION = "security/tpm"
DEPENDS = "autoconf-archive-native bash-completion libtss2 libgcrypt openssl"

SRCREV = "6f387a4efe2049f1b4833e8f621c77231bc1eef4"
-SRC_URI = "git://github.com/tpm2-software/tpm2-tss-engine.git;branch=v1.1.x"
+SRC_URI = "git://github.com/tpm2-software/tpm2-tss-engine.git;branch=v1.1.x;protocol=https"

inherit autotools-brokensep pkgconfig systemd

diff --git a/recipes-ids/crowdsec/crowdsec_1.1.1.bb b/recipes-ids/crowdsec/crowdsec_1.1.1.bb
index 887c75d..81f2b8f 100644
--- a/recipes-ids/crowdsec/crowdsec_1.1.1.bb
+++ b/recipes-ids/crowdsec/crowdsec_1.1.1.bb
@@ -3,7 +3,7 @@ SUMMARY = "CrowdSec is a free, modern & collaborative behavior detection engine,
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://src/import/LICENSE;md5=105e75b680b2ab82fa5718661b41f3bf"

-SRC_URI = "git://github.com/crowdsecurity/crowdsec.git;branch=master"
+SRC_URI = "git://github.com/crowdsecurity/crowdsec.git;branch=master;protocol=https"
SRCREV = "73e0bbaf93070f4a640eb5a22212b5dcf26699de"

DEPENDS = "jq-native"
diff --git a/recipes-ids/ossec/ossec-hids_3.6.0.bb b/recipes-ids/ossec/ossec-hids_3.6.0.bb
index 309ca52..853facf 100644
--- a/recipes-ids/ossec/ossec-hids_3.6.0.bb
+++ b/recipes-ids/ossec/ossec-hids_3.6.0.bb
@@ -4,7 +4,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=d625d1520b5e38faefb81cf9772badc9"


DEPENDS = "openssl libpcre2 zlib libevent"
-SRC_URI = "git://github.com/ossec/ossec-hids;branch=master \
+SRC_URI = "git://github.com/ossec/ossec-hids;branch=master;protocol=https \
file://0001-Makefile-drop-running-scrips-install.patch \
file://0002-Makefile-don-t-set-uid-gid.patch \
"
diff --git a/recipes-ids/tripwire/tripwire_2.4.3.7.bb b/recipes-ids/tripwire/tripwire_2.4.3.7.bb
index 3a9bc1d..93cb443 100644
--- a/recipes-ids/tripwire/tripwire_2.4.3.7.bb
+++ b/recipes-ids/tripwire/tripwire_2.4.3.7.bb
@@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=1c069be8dbbe48e89b580ab4ed86c127"
SRCREV = "6e64a9e5b70a909ec439bc5a099e3fcf38c614b0"

SRC_URI = "\
- git://github.com/Tripwire/tripwire-open-source.git \
+ git://github.com/Tripwire/tripwire-open-source.git;branch=master;protocol=https \
file://tripwire.cron \
file://tripwire.sh \
file://tripwire.txt \
diff --git a/recipes-mac/smack/smack_1.3.1.bb b/recipes-mac/smack/smack_1.3.1.bb
index 6c2f041..79a8f5a 100644
--- a/recipes-mac/smack/smack_1.3.1.bb
+++ b/recipes-mac/smack/smack_1.3.1.bb
@@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c"

SRCREV = "4a102c7584b39ce693995ffb65e0918a9df98dd8"
SRC_URI = " \
- git://github.com/smack-team/smack.git \
+ git://github.com/smack-team/smack.git;branch=master;protocol=https \
file://smack_generator_make_fixup.patch \
file://run-ptest"

diff --git a/recipes-scanners/checksec/checksec_2.4.0.bb b/recipes-scanners/checksec/checksec_2.4.0.bb
index 12c9bce..9a6e44a 100644
--- a/recipes-scanners/checksec/checksec_2.4.0.bb
+++ b/recipes-scanners/checksec/checksec_2.4.0.bb
@@ -7,7 +7,7 @@ HOMEPAGE="https://github.com/slimm609/checksec.sh"
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=8d90285f711cf1f378e2c024457066d8"

SRCREV = "c3754e45e04f9104db93b2048afd094427102d48"
-SRC_URI = "git://github.com/slimm609/checksec.sh"
+SRC_URI = "git://github.com/slimm609/checksec.sh;branch=master;protocol=https"

S = "${WORKDIR}/git"

diff --git a/recipes-scanners/clamav/clamav_0.104.0.bb b/recipes-scanners/clamav/clamav_0.104.0.bb
index 25123dc..e59f5ff 100644
--- a/recipes-scanners/clamav/clamav_0.104.0.bb
+++ b/recipes-scanners/clamav/clamav_0.104.0.bb
@@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING.txt;beginline=2;endline=3;md5=f7029fbbc5898b2
# July 27th
SRCREV = "c389dfa4c3af92b006ada4f7595bbc3e6df3f356"

-SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=rel/0.104 \
+SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=rel/0.104;protocol=https \
file://clamd.conf \
file://freshclam.conf \
file://volatiles.03_clamav \
diff --git a/recipes-security/chipsec/chipsec_git.bb b/recipes-security/chipsec/chipsec_git.bb
index 3339dc1..e265a08 100644
--- a/recipes-security/chipsec/chipsec_git.bb
+++ b/recipes-security/chipsec/chipsec_git.bb
@@ -7,7 +7,7 @@ DESCRIPTION = "CHIPSEC is a framework for analyzing the security \
LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=bc2d1f9b427be5fb63f6af9da56f7c5d"

-SRC_URI = "git://github.com/chipsec/chipsec.git;branch=master \
+SRC_URI = "git://github.com/chipsec/chipsec.git;branch=master;protocol=https \
"

SRCREV = "b2a61684826dc8b9f622a844a40efea579cd7e7d"
diff --git a/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb b/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
index 627496f..fcf044a 100644
--- a/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
+++ b/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
@@ -10,7 +10,7 @@ LICENSE = "GPL-2.0"
LIC_FILES_CHKSUM = "file://COPYING;md5=ecabc31e90311da843753ba772885d9f"

SRCREV ="d6b884f3b72b8a42b21da863836569ef6836c2ea"
-SRC_URI = " git://github.com/fail2ban/fail2ban.git;branch=0.11 \
+SRC_URI = " git://github.com/fail2ban/fail2ban.git;branch=0.11;protocol=https \
file://initd \
file://run-ptest \
"
diff --git a/recipes-security/fscrypt/fscrypt_1.0.0.bb b/recipes-security/fscrypt/fscrypt_1.0.0.bb
index a70d310..66bf429 100644
--- a/recipes-security/fscrypt/fscrypt_1.0.0.bb
+++ b/recipes-security/fscrypt/fscrypt_1.0.0.bb
@@ -14,7 +14,7 @@ BBCLASSEXTEND = "native nativesdk"
DEPENDS += "go-dep-native libpam"

SRCREV = "92b1e9a8670ccd3916a7d24a06cab1e4c9815bc4"
-SRC_URI = "git://github.com/google/fscrypt.git"
+SRC_URI = "git://github.com/google/fscrypt.git;branch=master;protocol=https"
GO_IMPORT = "import"

S = "${WORKDIR}/git"
diff --git a/recipes-security/fscryptctl/fscryptctl_1.0.0.bb b/recipes-security/fscryptctl/fscryptctl_1.0.0.bb
index 26f549b..d319e48 100644
--- a/recipes-security/fscryptctl/fscryptctl_1.0.0.bb
+++ b/recipes-security/fscryptctl/fscryptctl_1.0.0.bb
@@ -10,7 +10,7 @@ LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"

SRCREV = "56b898c896240328adef7407090215abbe9ee03d"
-SRC_URI = "git://github.com/google/fscryptctl.git"
+SRC_URI = "git://github.com/google/fscryptctl.git;branch=master;protocol=https"

S = "${WORKDIR}/git"

diff --git a/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.08.bb b/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.08.bb
index 4ab8374..e8ddf29 100644
--- a/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.08.bb
+++ b/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.08.bb
@@ -3,7 +3,7 @@ HOME_PAGE = "https://github.com/google/google-authenticator-libpam"
LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
LICENSE = "Apache-2.0"

-SRC_URI = "git://github.com/google/google-authenticator-libpam.git"
+SRC_URI = "git://github.com/google/google-authenticator-libpam.git;branch=master;protocol=https"
SRCREV = "2c7415d950fb0b4a7f779f045910666447b100ef"

DEPENDS = "libpam"
diff --git a/recipes-security/libest/libest_3.2.0.bb b/recipes-security/libest/libest_3.2.0.bb
index fda2df4..31fbe3c 100644
--- a/recipes-security/libest/libest_3.2.0.bb
+++ b/recipes-security/libest/libest_3.2.0.bb
@@ -6,7 +6,7 @@ LICENSE = "OpenSSL"
LIC_FILES_CHKSUM = "file://LICENSE;md5=ecb78acde8e3b795de8ef6b61aed5885"

SRCREV = "4ca02c6d7540f2b1bcea278a4fbe373daac7103b"
-SRC_URI = "git://github.com/cisco/libest;branch=main"
+SRC_URI = "git://github.com/cisco/libest;branch=main;protocol=https"

DEPENDS = "openssl"

diff --git a/recipes-security/libmspack/libmspack_1.9.1.bb b/recipes-security/libmspack/libmspack_1.9.1.bb
index 8c288be..65db10f 100644
--- a/recipes-security/libmspack/libmspack_1.9.1.bb
+++ b/recipes-security/libmspack/libmspack_1.9.1.bb
@@ -7,7 +7,7 @@ DEPENDS = ""
LIC_FILES_CHKSUM = "file://COPYING.LIB;beginline=1;endline=2;md5=5b1fd1f66ef926b3c8a5bb00a72a28dd"

SRCREV = "63d3faf90423a4a6c174539a7d32111a840adadc"
-SRC_URI = "git://github.com/kyz/libmspack.git"
+SRC_URI = "git://github.com/kyz/libmspack.git;branch=master;protocol=https"

inherit autotools

diff --git a/recipes-security/ncrack/ncrack_0.7.bb b/recipes-security/ncrack/ncrack_0.7.bb
index 8b221e5..f151e4e 100644
--- a/recipes-security/ncrack/ncrack_0.7.bb
+++ b/recipes-security/ncrack/ncrack_0.7.bb
@@ -7,7 +7,7 @@ LICENSE = "GPL-2.0"
LIC_FILES_CHKSUM = "file://COPYING;beginline=7;endline=12;md5=66938a7e5b4c118eda78271de14874c2"

SRCREV = "dc570e7e3cec1fb176c0168eaedc723084bd0426"
-SRC_URI = "git://github.com/nmap/ncrack.git"
+SRC_URI = "git://github.com/nmap/ncrack.git;branch=master;protocol=https"

DEPENDS = "openssl zlib"

diff --git a/recipes-security/nikto/nikto_2.1.6.bb b/recipes-security/nikto/nikto_2.1.6.bb
index 242f3ac..8542d69 100644
--- a/recipes-security/nikto/nikto_2.1.6.bb
+++ b/recipes-security/nikto/nikto_2.1.6.bb
@@ -7,7 +7,7 @@ LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6"

SRCREV = "f1bbd1a8756c076c8fd4f4dd0bc34a8ef215ae79"
-SRC_URI = "git://github.com/sullo/nikto.git \
+SRC_URI = "git://github.com/sullo/nikto.git;branch=master;protocol=https \
file://location.patch"

S = "${WORKDIR}/git/program"
--
2.25.1


Re: building the kernel's usbipd daemon

chuck kamas
 

Well it turns out that following the Perf recipe was not only a good idea, but absolutely necessary. The perf recipe copies the code out of the work-shared kernel directory into the perf build directory. This avoids the error when bitbake thinks that the kernel code is not needed anymore and removes it.


Please see my version of the USBIP recipe below.


Question, how does one get this into the recipe database?


Again thanks for the help!

Chuck

SUMMARY = "USBip part of Linux kernel built in tools"
DESCRIPTION = " USB/IP protocol allows to pass USB device from server to \
client over the network. Server is a machine which provides (shares) a \
USB device. Client is a machine which uses USB device provided by server \
over the network. The USB device may be either physical device connected \
to a server or software entity created on a server using USB gadget subsystem."

LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
DEPENDS = "virtual/kernel libtool udev"
PROVIDES = "virtual/usbip-tools"

inherit linux-kernel-base kernel-arch kernelsrc manpages


do_populate_lic[depends] += "virtual/kernel:do_patch"
do_configure[depends] += "virtual/kernel:do_shared_workdir"

EXTRA_OEMAKE = "\
    -C ${S}/tools/usb/usbip \
    O=${B} \
    CROSS_COMPILE=${TARGET_PREFIX} \
    CROSS=${TARGET_PREFIX} \
    CC="${CC}" \
    CCLD="${CC}" \
    LD="${LD}" \
    AR="${AR}" \
    ARCH="${ARCH}" \
    TMPDIR="${B}" \
"

EXTRA_OEMAKE += "\
    'DESTDIR=${D}' \
    KERNEL_SRC=${STAGING_KERNEL_DIR} \
"

do_configure[depends] += "virtual/kernel:do_shared_workdir"

inherit autotools gettext

# stolen from autotools.bbclass

CONFIGUREOPTS = " --build=${BUILD_SYS} \
          --host=${HOST_SYS} \
          --target=${TARGET_SYS} \
          --prefix=${prefix} \
          --exec_prefix=${exec_prefix} \
          --bindir=${bindir} \
          --sbindir=${sbindir} \
          --libexecdir=${libexecdir} \
          --datadir=${datadir} \
          --sysconfdir=${sysconfdir} \
          --sharedstatedir=${sharedstatedir} \
          --localstatedir=${localstatedir} \
          --libdir=${libdir} \
          --includedir=${includedir} \
          --oldincludedir=${oldincludedir} \
          --infodir=${infodir} \
          --mandir=${mandir} \
          --disable-silent-rules \
          ${CONFIGUREOPT_DEPTRACK} \
          ${@append_libtool_sysroot(d)} \
"

do_configure_prepend () {
    cd ${S}/tools/usb/usbip
    ./cleanup.sh
    ./autogen.sh
    ./configure ${CONFIGUREOPTS} ${EXTRA_OECONF}
}

do_compile() {
    oe_runmake
}

do_install() {
    oe_runmake DESTDIR=${D} install
}

PACKAGE_ARCH = "${MACHINE_ARCH}"

python do_package_prepend() {
    d.setVar('PKGV', d.getVar("KERNEL_VERSION", True).split("-")[0])
}

B = "${WORKDIR}/${BPN}-${PV}"


Re: #golang Build tools required during go generate #golang

Bruce Ashfield
 

On Fri, Nov 5, 2021 at 3:18 PM Sebastian Rühl <sebastian@...> wrote:

Yep might be… For me that’s desirable as these a built-utils, it’s golang and I see no benefit in having them dynamically linked anyay. Any tips how to statically link these? As far as I understand the golang classes do dynamic linking by default. Btw. I’m using the backported 1.16 versions from hardknot but I don’t think that matters as our “main” application works just perfectly fine on the target hardware.



I tried:

GO_LINKSHARED = ""

export CGO_ENABLED = "0"
It varies based on the application, the ones I've dealt with, tend to
have a -static flag.

Of course, the flag may not be exposed, and in those scenarios, I
patch the Makefile/build.

If you have public repos, or a pointer to the source of the
applications, I could have a look to see if there's anything I can
specifically recommend.

Bruce




But it didn’t help ☹



Sebastian



Von: Bruce Ashfield <bruce.ashfield@...>
Datum: Freitag, 5. November 2021 um 20:07
An: Sebastian Rühl <sebastian@...>
Cc: Khem Raj <raj.khem@...>, yocto@... <yocto@...>
Betreff: Re: [yocto] #golang Build tools required during go generate

I'd bet it is a variant of this:

https://bugzilla.yoctoproject.org/show_bug.cgi?id=14386

Bruce

On Fri, Nov 5, 2021 at 2:58 PM Sebastian Rühl <sebastian@...> wrote:

Here some outputs:



Bitbake -c devshell target-recipe

sh-4.4# easyjson

Segmentation fault

sh-4.4# strace easyjson

execve("/workdir/build/tmp/work/aarch64-fslc-linux/datadog-agent/7.31.1-r0/recipe-sysroot-native/usr/bin/easyjson", ["easyjson"], 0x7ffc7e88d530 /* 138 vars */) = 0

brk(NULL) = 0x556083886000

arch_prctl(0x3001 /* ARCH_??? */, 0x7fffd54fcc80) = -1 EINVAL (Invalid argument)

--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x556083a1d000} ---

+++ killed by SIGSEGV +++

Segmentation fault

sh-4.4# file $(which easyjson)

/workdir/build/tmp/work/aarch64-fslc-linux/datadog-agent/7.31.1-r0/recipe-sysroot-native/usr/bin/easyjson: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/ld-linux-x86-64.so.2, stripped

sh-4.4# gdb $(which easyjson)

GNU gdb (Ubuntu 8.1.1-0ubuntu1) 8.1.1

Copyright (C) 2018 Free Software Foundation, Inc.

License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law. Type "show copying"

and "show warranty" for details.

This GDB was configured as "x86_64-linux-gnu".

Type "show configuration" for configuration details.

For bug reporting instructions, please see:

<http://www.gnu.org/software/gdb/bugs/>.

Find the GDB manual and other documentation resources online at:

<http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".

Type "apropos word" to search for commands related to "word"...

Reading symbols from /workdir/build/tmp/work/aarch64-fslc-linux/datadog-agent/7.31.1-r0/recipe-sysroot-native/usr/bin/easyjson...(no debugging symbols found)...done.

(gdb) run

Starting program: /workdir/build/tmp/work/aarch64-fslc-linux/datadog-agent/7.31.1-r0/recipe-sysroot-native/usr/bin/easyjson

warning: Error disabling address space randomization: Operation not permitted

BFD: warning: /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/ld-linux-x86-64.so.2: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010001

BFD: warning: /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/ld-linux-x86-64.so.2: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010002

BFD: warning: /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/.debug/ld-2.33.so: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010001

BFD: warning: /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/.debug/ld-2.33.so: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010002



Program received signal SIGSEGV, Segmentation fault.

0x00007fcfd962c2fa in strcmp () from /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/ld-linux-x86-64.so.2

(gdb)



Hope that helps….



Small background: Yocto on dunfell, build with poky docker image



Von: Khem Raj <raj.khem@...>
Datum: Freitag, 5. November 2021 um 18:29
An: Sebastian Rühl <sebastian@...>, yocto@... <yocto@...>
Betreff: Re: [yocto] #golang Build tools required during go generate



On 11/5/21 7:32 AM, sebastian@... wrote:
Hi yoto-devs/users,

in order to get a golang application to run which relies on `go
generate` calls I wrote special recipes for this tools and include them
in my original recipe. However I always get a segmentation fault.
In the tools (which happens to be based on golang too) I use [1] in the
recipes and in the recipe I want to use them I include them via [2].
However if for example enter the dev-shell or during build I get a
segmentation fault although the binary seems to be compiled for the
right architecture (host-amd64).
Is there something wrong I try to use that?
do you have stack trace ? that might give some more info on whats going on


Sebastian

[1]
inherit go-mod
BBCLASSEXTEND = "native"
[2]
DEPENDS += "random-go-tool-needed-by-recipe-native"






--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


Re: #golang Build tools required during go generate #golang

Sebastian Rühl
 

Yep might be… For me that’s desirable as these a built-utils, it’s golang and I see no benefit in having them dynamically linked anyay. Any tips how to statically link these? As far as I understand the golang classes do dynamic linking by default. Btw. I’m using the backported 1.16 versions from hardknot but I don’t think that matters as our “main” application works just perfectly fine on the target hardware.

 

I tried:

GO_LINKSHARED = ""

export CGO_ENABLED = "0"

 

But it didn’t help

 

Sebastian

 

Von: Bruce Ashfield <bruce.ashfield@...>
Datum: Freitag, 5. November 2021 um 20:07
An: Sebastian Rühl <sebastian@...>
Cc: Khem Raj <raj.khem@...>, yocto@... <yocto@...>
Betreff: Re: [yocto] #golang Build tools required during go generate

I'd bet it is a variant of this:

https://bugzilla.yoctoproject.org/show_bug.cgi?id=14386

Bruce

On Fri, Nov 5, 2021 at 2:58 PM Sebastian Rühl <sebastian@...> wrote:
>
> Here some outputs:
>
>
>
> Bitbake -c devshell target-recipe
>
> sh-4.4# easyjson
>
> Segmentation fault
>
> sh-4.4# strace easyjson
>
> execve("/workdir/build/tmp/work/aarch64-fslc-linux/datadog-agent/7.31.1-r0/recipe-sysroot-native/usr/bin/easyjson", ["easyjson"], 0x7ffc7e88d530 /* 138 vars */) = 0
>
> brk(NULL)                               = 0x556083886000
>
> arch_prctl(0x3001 /* ARCH_??? */, 0x7fffd54fcc80) = -1 EINVAL (Invalid argument)
>
> --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x556083a1d000} ---
>
> +++ killed by SIGSEGV +++
>
> Segmentation fault
>
> sh-4.4# file $(which easyjson)
>
> /workdir/build/tmp/work/aarch64-fslc-linux/datadog-agent/7.31.1-r0/recipe-sysroot-native/usr/bin/easyjson: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/ld-linux-x86-64.so.2, stripped
>
> sh-4.4# gdb $(which easyjson)
>
> GNU gdb (Ubuntu 8.1.1-0ubuntu1) 8.1.1
>
> Copyright (C) 2018 Free Software Foundation, Inc.
>
> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
>
> This is free software: you are free to change and redistribute it.
>
> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
>
> and "show warranty" for details.
>
> This GDB was configured as "x86_64-linux-gnu".
>
> Type "show configuration" for configuration details.
>
> For bug reporting instructions, please see:
>
> <http://www.gnu.org/software/gdb/bugs/>.
>
> Find the GDB manual and other documentation resources online at:
>
> <http://www.gnu.org/software/gdb/documentation/>.
>
> For help, type "help".
>
> Type "apropos word" to search for commands related to "word"...
>
> Reading symbols from /workdir/build/tmp/work/aarch64-fslc-linux/datadog-agent/7.31.1-r0/recipe-sysroot-native/usr/bin/easyjson...(no debugging symbols found)...done.
>
> (gdb) run
>
> Starting program: /workdir/build/tmp/work/aarch64-fslc-linux/datadog-agent/7.31.1-r0/recipe-sysroot-native/usr/bin/easyjson
>
> warning: Error disabling address space randomization: Operation not permitted
>
> BFD: warning: /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/ld-linux-x86-64.so.2: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010001
>
> BFD: warning: /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/ld-linux-x86-64.so.2: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010002
>
> BFD: warning: /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/.debug/ld-2.33.so: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010001
>
> BFD: warning: /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/.debug/ld-2.33.so: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010002
>
>
>
> Program received signal SIGSEGV, Segmentation fault.
>
> 0x00007fcfd962c2fa in strcmp () from /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/ld-linux-x86-64.so.2
>
> (gdb)
>
>
>
> Hope that helps….
>
>
>
> Small background: Yocto on dunfell, build with poky docker image
>
>
>
> Von: Khem Raj <raj.khem@...>
> Datum: Freitag, 5. November 2021 um 18:29
> An: Sebastian Rühl <sebastian@...>, yocto@... <yocto@...>
> Betreff: Re: [yocto] #golang Build tools required during go generate
>
>
>
> On 11/5/21 7:32 AM, sebastian@... wrote:
> > Hi yoto-devs/users,
> >
> > in order to get a golang application to run which relies on `go
> > generate` calls I wrote special recipes for this tools and include them
> > in my original recipe. However I always get a segmentation fault.
> > In the tools (which happens to be based on golang too) I use [1] in the
> > recipes and in the recipe I want to use them I include them via [2].
> > However if for example enter the dev-shell or during build I get a
> > segmentation fault although the binary seems to be compiled for the
> > right architecture (host-amd64).
> > Is there something wrong I try to use that?
>
> do you have stack trace ? that might give some more info on whats going on
>
> >
> > Sebastian
> >
> > [1]
> > inherit go-mod
> > BBCLASSEXTEND = "native"
> > [2]
> > DEPENDS += "random-go-tool-needed-by-recipe-native"
> >
> >
> >
> >
>
>
>
>


--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


Re: #golang Build tools required during go generate #golang

Bruce Ashfield
 

I'd bet it is a variant of this:

https://bugzilla.yoctoproject.org/show_bug.cgi?id=14386

Bruce

On Fri, Nov 5, 2021 at 2:58 PM Sebastian Rühl <sebastian@...> wrote:

Here some outputs:



Bitbake -c devshell target-recipe

sh-4.4# easyjson

Segmentation fault

sh-4.4# strace easyjson

execve("/workdir/build/tmp/work/aarch64-fslc-linux/datadog-agent/7.31.1-r0/recipe-sysroot-native/usr/bin/easyjson", ["easyjson"], 0x7ffc7e88d530 /* 138 vars */) = 0

brk(NULL) = 0x556083886000

arch_prctl(0x3001 /* ARCH_??? */, 0x7fffd54fcc80) = -1 EINVAL (Invalid argument)

--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x556083a1d000} ---

+++ killed by SIGSEGV +++

Segmentation fault

sh-4.4# file $(which easyjson)

/workdir/build/tmp/work/aarch64-fslc-linux/datadog-agent/7.31.1-r0/recipe-sysroot-native/usr/bin/easyjson: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/ld-linux-x86-64.so.2, stripped

sh-4.4# gdb $(which easyjson)

GNU gdb (Ubuntu 8.1.1-0ubuntu1) 8.1.1

Copyright (C) 2018 Free Software Foundation, Inc.

License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law. Type "show copying"

and "show warranty" for details.

This GDB was configured as "x86_64-linux-gnu".

Type "show configuration" for configuration details.

For bug reporting instructions, please see:

<http://www.gnu.org/software/gdb/bugs/>.

Find the GDB manual and other documentation resources online at:

<http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".

Type "apropos word" to search for commands related to "word"...

Reading symbols from /workdir/build/tmp/work/aarch64-fslc-linux/datadog-agent/7.31.1-r0/recipe-sysroot-native/usr/bin/easyjson...(no debugging symbols found)...done.

(gdb) run

Starting program: /workdir/build/tmp/work/aarch64-fslc-linux/datadog-agent/7.31.1-r0/recipe-sysroot-native/usr/bin/easyjson

warning: Error disabling address space randomization: Operation not permitted

BFD: warning: /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/ld-linux-x86-64.so.2: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010001

BFD: warning: /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/ld-linux-x86-64.so.2: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010002

BFD: warning: /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/.debug/ld-2.33.so: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010001

BFD: warning: /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/.debug/ld-2.33.so: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010002



Program received signal SIGSEGV, Segmentation fault.

0x00007fcfd962c2fa in strcmp () from /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/ld-linux-x86-64.so.2

(gdb)



Hope that helps….



Small background: Yocto on dunfell, build with poky docker image



Von: Khem Raj <raj.khem@...>
Datum: Freitag, 5. November 2021 um 18:29
An: Sebastian Rühl <sebastian@...>, yocto@... <yocto@...>
Betreff: Re: [yocto] #golang Build tools required during go generate



On 11/5/21 7:32 AM, sebastian@... wrote:
Hi yoto-devs/users,

in order to get a golang application to run which relies on `go
generate` calls I wrote special recipes for this tools and include them
in my original recipe. However I always get a segmentation fault.
In the tools (which happens to be based on golang too) I use [1] in the
recipes and in the recipe I want to use them I include them via [2].
However if for example enter the dev-shell or during build I get a
segmentation fault although the binary seems to be compiled for the
right architecture (host-amd64).
Is there something wrong I try to use that?
do you have stack trace ? that might give some more info on whats going on


Sebastian

[1]
inherit go-mod
BBCLASSEXTEND = "native"
[2]
DEPENDS += "random-go-tool-needed-by-recipe-native"





--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


Re: #golang Build tools required during go generate #golang

Sebastian Rühl
 

Here some outputs:

 

Bitbake -c devshell target-recipe

sh-4.4# easyjson

Segmentation fault

sh-4.4# strace easyjson

execve("/workdir/build/tmp/work/aarch64-fslc-linux/datadog-agent/7.31.1-r0/recipe-sysroot-native/usr/bin/easyjson", ["easyjson"], 0x7ffc7e88d530 /* 138 vars */) = 0

brk(NULL)                               = 0x556083886000

arch_prctl(0x3001 /* ARCH_??? */, 0x7fffd54fcc80) = -1 EINVAL (Invalid argument)

--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x556083a1d000} ---

+++ killed by SIGSEGV +++

Segmentation fault

sh-4.4# file $(which easyjson)

/workdir/build/tmp/work/aarch64-fslc-linux/datadog-agent/7.31.1-r0/recipe-sysroot-native/usr/bin/easyjson: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/ld-linux-x86-64.so.2, stripped

sh-4.4# gdb $(which easyjson)

GNU gdb (Ubuntu 8.1.1-0ubuntu1) 8.1.1

Copyright (C) 2018 Free Software Foundation, Inc.

License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.  Type "show copying"

and "show warranty" for details.

This GDB was configured as "x86_64-linux-gnu".

Type "show configuration" for configuration details.

For bug reporting instructions, please see:

<http://www.gnu.org/software/gdb/bugs/>.

Find the GDB manual and other documentation resources online at:

<http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".

Type "apropos word" to search for commands related to "word"...

Reading symbols from /workdir/build/tmp/work/aarch64-fslc-linux/datadog-agent/7.31.1-r0/recipe-sysroot-native/usr/bin/easyjson...(no debugging symbols found)...done.

(gdb) run

Starting program: /workdir/build/tmp/work/aarch64-fslc-linux/datadog-agent/7.31.1-r0/recipe-sysroot-native/usr/bin/easyjson

warning: Error disabling address space randomization: Operation not permitted

BFD: warning: /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/ld-linux-x86-64.so.2: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010001

BFD: warning: /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/ld-linux-x86-64.so.2: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010002

BFD: warning: /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/.debug/ld-2.33.so: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010001

BFD: warning: /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/.debug/ld-2.33.so: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010002

 

Program received signal SIGSEGV, Segmentation fault.

0x00007fcfd962c2fa in strcmp () from /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/ld-linux-x86-64.so.2

(gdb)

 

Hope that helps….

 

Small background: Yocto on dunfell, build with poky docker image

 

Von: Khem Raj <raj.khem@...>
Datum: Freitag, 5. November 2021 um 18:29
An: Sebastian Rühl <sebastian@...>, yocto@... <yocto@...>
Betreff: Re: [yocto] #golang Build tools required during go generate



On 11/5/21 7:32 AM, sebastian@... wrote:
> Hi yoto-devs/users,
>
> in order to get a golang application to run which relies on `go
> generate` calls I wrote special recipes for this tools and include them
> in my original recipe. However I always get a segmentation fault.
> In the tools (which happens to be based on golang too) I use [1] in the
> recipes and in the recipe I want to use them I include them via [2].
> However if for example enter the dev-shell or during build I get a
> segmentation fault although the binary seems to be compiled for the
> right architecture (host-amd64).
> Is there something wrong I try to use that?

do you have stack trace ? that might give some more info on whats going on

>
> Sebastian
>
> [1]
> inherit go-mod
> BBCLASSEXTEND = "native"
> [2]
> DEPENDS += "random-go-tool-needed-by-recipe-native"
>
>
>
>


WG: [yocto] #golang Build tools required during go generate #golang

Sebastian Rühl
 

There is literaly no stacktrace just a segmentation fault pretty early in the execution (like 3rd instruction or something). I will send more outputs as soon as my dual-core has finished compiling stuff again :/

 

Von: Khem Raj <raj.khem@...>
Datum: Freitag, 5. November 2021 um 18:29
An: Sebastian Rühl <sebastian@...>, yocto@... <yocto@...>
Betreff: Re: [yocto] #golang Build tools required during go generate



On 11/5/21 7:32 AM, sebastian@... wrote:
> Hi yoto-devs/users,
>
> in order to get a golang application to run which relies on `go
> generate` calls I wrote special recipes for this tools and include them
> in my original recipe. However I always get a segmentation fault.
> In the tools (which happens to be based on golang too) I use [1] in the
> recipes and in the recipe I want to use them I include them via [2].
> However if for example enter the dev-shell or during build I get a
> segmentation fault although the binary seems to be compiled for the
> right architecture (host-amd64).
> Is there something wrong I try to use that?

do you have stack trace ? that might give some more info on whats going on

>
> Sebastian
>
> [1]
> inherit go-mod
> BBCLASSEXTEND = "native"
> [2]
> DEPENDS += "random-go-tool-needed-by-recipe-native"
>
>
>
>


Re: [meta-cgl][PATCH] recipes: update SRC_URI branch and protocols

Jeremy Puhlman
 

Merged.

On 11/5/2021 2:06 AM, Yi Zhao wrote:
Update SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls.

Signed-off-by: Yi Zhao <yi.zhao@...>
---
meta-cgl-common/recipes-cgl/cluster-glue/cluster-glue_1.0.12.bb | 2 +-
.../cluster-resource-agents/resource-agents_4.5.0.bb | 2 +-
meta-cgl-common/recipes-cgl/crmsh/crmsh_4.3.1.bb | 2 +-
meta-cgl-common/recipes-cgl/ocfs2-tools/ocfs2-tools_1.8.6.bb | 2 +-
meta-cgl-common/recipes-cgl/pacemaker/pacemaker_2.0.5.bb | 2 +-
meta-cgl-common/recipes-cgl/racoon2/racoon2_202003018.bb | 2 +-
6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/meta-cgl-common/recipes-cgl/cluster-glue/cluster-glue_1.0.12.bb b/meta-cgl-common/recipes-cgl/cluster-glue/cluster-glue_1.0.12.bb
index 9221f06..acd3149 100644
--- a/meta-cgl-common/recipes-cgl/cluster-glue/cluster-glue_1.0.12.bb
+++ b/meta-cgl-common/recipes-cgl/cluster-glue/cluster-glue_1.0.12.bb
@@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b70d30a00a451e19d7449d7465d02601 \
DEPENDS = "libxml2 libtool glib-2.0 bzip2 util-linux net-snmp openhpi"
SRC_URI = " \
- git://github.com/ClusterLabs/${BPN}.git \
+ git://github.com/ClusterLabs/${BPN}.git;branch=master;protocol=https \
file://0001-don-t-compile-doc-and-Error-Fix.patch \
file://0001-ribcl.py.in-Warning-Fix.patch \
file://0001-Update-for-python3.patch \
diff --git a/meta-cgl-common/recipes-cgl/cluster-resource-agents/resource-agents_4.5.0.bb b/meta-cgl-common/recipes-cgl/cluster-resource-agents/resource-agents_4.5.0.bb
index bd906b2..261681c 100644
--- a/meta-cgl-common/recipes-cgl/cluster-resource-agents/resource-agents_4.5.0.bb
+++ b/meta-cgl-common/recipes-cgl/cluster-resource-agents/resource-agents_4.5.0.bb
@@ -14,7 +14,7 @@ LICENSE:${PN}-extra = "GPLv3"
LICENSE:${PN}-extra-dbg = "GPLv3"
LICENSE:ldirectord = "GPLv2+"
-SRC_URI = "git://github.com/ClusterLabs/resource-agents \
+SRC_URI = "git://github.com/ClusterLabs/resource-agents;branch=master;protocol=https \
file://01-disable-doc-build.patch \
file://02-set-OCF_ROOT_DIR-to-libdir-ocf.patch \
file://03-fix-header-defs-lookup.patch \
diff --git a/meta-cgl-common/recipes-cgl/crmsh/crmsh_4.3.1.bb b/meta-cgl-common/recipes-cgl/crmsh/crmsh_4.3.1.bb
index 531a053..43393d8 100644
--- a/meta-cgl-common/recipes-cgl/crmsh/crmsh_4.3.1.bb
+++ b/meta-cgl-common/recipes-cgl/crmsh/crmsh_4.3.1.bb
@@ -13,7 +13,7 @@ DEPENDS = "asciidoc-native \
RDEPENDS:${PN} = "pacemaker python3-lxml python3-parallax gawk bash python3-doctest"
S = "${WORKDIR}/git"
-SRC_URI = "git://github.com/ClusterLabs/${BPN}.git \
+SRC_URI = "git://github.com/ClusterLabs/${BPN}.git;branch=master;protocol=https \
file://tweaks_for_build.patch \
file://0001-orderedset.py-fix-deprecation-on-collections.Mutable.patch \
"
diff --git a/meta-cgl-common/recipes-cgl/ocfs2-tools/ocfs2-tools_1.8.6.bb b/meta-cgl-common/recipes-cgl/ocfs2-tools/ocfs2-tools_1.8.6.bb
index fa38006..7c32c54 100644
--- a/meta-cgl-common/recipes-cgl/ocfs2-tools/ocfs2-tools_1.8.6.bb
+++ b/meta-cgl-common/recipes-cgl/ocfs2-tools/ocfs2-tools_1.8.6.bb
@@ -12,7 +12,7 @@ SECTION = "System Environment/Base"
LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=8ef380476f642c20ebf40fecb0add2ec"
-SRC_URI = "git://github.com/markfasheh/ocfs2-tools \
+SRC_URI = "git://github.com/markfasheh/ocfs2-tools;branch=master;protocol=https \
file://0003-vendor-common-o2cb.ocf-add-new-conf-file.patch \
file://ocfs2-tools-1.8.5-format-fortify.patch \
file://no-redhat.patch \
diff --git a/meta-cgl-common/recipes-cgl/pacemaker/pacemaker_2.0.5.bb b/meta-cgl-common/recipes-cgl/pacemaker/pacemaker_2.0.5.bb
index c86c282..006ed9b 100644
--- a/meta-cgl-common/recipes-cgl/pacemaker/pacemaker_2.0.5.bb
+++ b/meta-cgl-common/recipes-cgl/pacemaker/pacemaker_2.0.5.bb
@@ -13,7 +13,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=000212f361a81b100d9d0f0435040663"
DEPENDS = "corosync libxslt libxml2 gnutls resource-agents libqb python3-native"
-SRC_URI = "git://github.com/ClusterLabs/${BPN}.git \
+SRC_URI = "git://github.com/ClusterLabs/${BPN}.git;branch=master;protocol=https \
file://0001-Fix-python3-usage.patch \
file://0001-pacemaker-set-OCF_ROOT_DIR-to-libdir-ocf.patch \
file://volatiles \
diff --git a/meta-cgl-common/recipes-cgl/racoon2/racoon2_202003018.bb b/meta-cgl-common/recipes-cgl/racoon2/racoon2_202003018.bb
index 4c7c080..0388afe 100644
--- a/meta-cgl-common/recipes-cgl/racoon2/racoon2_202003018.bb
+++ b/meta-cgl-common/recipes-cgl/racoon2/racoon2_202003018.bb
@@ -13,7 +13,7 @@ RDEPENDS:${PN} += "perl"
LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=99a60756441098855c538fe86f859afe"
-SRC_URI = "git://github.com/zoulasc/racoon2 \
+SRC_URI = "git://github.com/zoulasc/racoon2;branch=master;protocol=https \
file://0001-Add-DESTDIR-to-install-commands.patch \
file://0002-Enable-turning-of-kinkd-and-iked.patch \
file://0003-Replace-perl_bindir-with-usr-bin-env-perl.patch \


Re: #golang Build tools required during go generate #golang

Khem Raj
 

On 11/5/21 7:32 AM, sebastian@... wrote:
Hi yoto-devs/users,
in order to get a golang application to run which relies on `go generate` calls I wrote special recipes for this tools and include them in my original recipe. However I always get a segmentation fault.
In the tools (which happens to be based on golang too) I use [1] in the recipes and in the recipe I want to use them I include them via [2].
However if for example enter the dev-shell or during build I get a segmentation fault although the binary seems to be compiled for the right architecture (host-amd64).
Is there something wrong I try to use that?
do you have stack trace ? that might give some more info on whats going on

Sebastian
[1]
inherit go-mod
BBCLASSEXTEND = "native"
[2]
DEPENDS += "random-go-tool-needed-by-recipe-native"


[meta-selinux][PATCH] libselinux: mount selinuxfs with noexec

Maximilian Blenk
 

Ensure that selinuxfs is mounted using the noxec and nosuid flags.
The current master branch of meta-selinux already contains this commit.

Change-Id: I38cba8ad0da17286f8b722c24717da5990ac1ee8
Upstream-Status: Backport [https://github.com/SELinuxProject/selinux/commit/7eaea214a0a5d9e3fb517152ac6162449ed3ef40]
---
...ux-mount-selinuxfs-noexec-and-nosuid.patch | 36 +++++++++++++++++++
recipes-security/selinux/libselinux_3.0.bb | 1 +
2 files changed, 37 insertions(+)
create mode 100644 recipes-security/selinux/libselinux/0001-libselinux-mount-selinuxfs-noexec-and-nosuid.patch

Hi there,

this commit backports a patch of libselinux that ensures that the
selinuxfs is mounted using the noexec and nosuid flag. Thought you guys
might also be interested in backporting this one.

BR Max


diff --git a/recipes-security/selinux/libselinux/0001-libselinux-mount-selinuxfs-noexec-and-nosuid.patch b/recipes-security/selinux/libselinux/0001-libselinux-mount-selinuxfs-noexec-and-nosuid.patch
new file mode 100644
index 0000000..2de9573
--- /dev/null
+++ b/recipes-security/selinux/libselinux/0001-libselinux-mount-selinuxfs-noexec-and-nosuid.patch
@@ -0,0 +1,36 @@
+From a94f3791ddd3155dde94ed48ffd1566fbe8bf4e2 Mon Sep 17 00:00:00 2001
+From: Topi Miettinen <toiwoton@...>
+Date: Tue, 28 Apr 2020 14:11:42 +0300
+Subject: [PATCH] libselinux: mount selinuxfs noexec and nosuid
+
+Mount selinuxfs with mount flags noexec and nosuid. It's not likely
+that this has any effect, but it's visually more pleasing.
+
+Option nodev can't be used because of /sys/fs/selinux/null device,
+which is used by Android.
+
+Signed-off-by: Topi Miettinen <toiwoton@...>
+Acked-by: Stephen Smalley <stephen.smalley.work@...>
+---
+ libselinux/src/load_policy.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+Upstream-Status: Backport [git https://github.com/SELinuxProject/selinux/commit/7eaea214a0a5d9e3fb517152ac6162449ed3ef40]
+
+diff --git a/src/load_policy.c b/src/load_policy.c
+index 9e75292d..ccf73c95 100644
+--- a/src/load_policy.c
++++ b/src/load_policy.c
+@@ -281,7 +281,8 @@ int selinux_init_load_policy(int *enforce)
+ const char *mntpoint = NULL;
+ /* First make sure /sys is mounted */
+ if (mount("sysfs", "/sys", "sysfs", 0, 0) == 0 || errno == EBUSY) {
+- if (mount(SELINUXFS, SELINUXMNT, SELINUXFS, 0, 0) == 0 || errno == EBUSY) {
++ /* MS_NODEV can't be set because of /sys/fs/selinux/null device, used by Android */
++ if (mount(SELINUXFS, SELINUXMNT, SELINUXFS, MS_NOEXEC | MS_NOSUID, 0) == 0 || errno == EBUSY) {
+ mntpoint = SELINUXMNT;
+ } else {
+ /* check old mountpoint */
+--
+2.33.0
+
diff --git a/recipes-security/selinux/libselinux_3.0.bb b/recipes-security/selinux/libselinux_3.0.bb
index 4a60962..40defcd 100644
--- a/recipes-security/selinux/libselinux_3.0.bb
+++ b/recipes-security/selinux/libselinux_3.0.bb
@@ -13,4 +13,5 @@ SRC_URI += "\
file://libselinux-define-FD_CLOEXEC-as-necessary.patch \
file://0001-Fix-building-against-musl-and-uClibc-libc-libraries.patch \
file://0001-Fix-NULL-pointer-use-in-selinux_restorecon_set_sehandle.patch \
+ file://0001-libselinux-mount-selinuxfs-noexec-and-nosuid.patch \
"
--
2.33.0


#golang Build tools required during go generate #golang

Sebastian Rühl
 

Hi yoto-devs/users,

in order to get a golang application to run which relies on `go generate` calls I wrote special recipes for this tools and include them in my original recipe. However I always get a segmentation fault.
In the tools (which happens to be based on golang too) I use [1] in the recipes and in the recipe I want to use them I include them via [2].
However if for example enter the dev-shell or during build I get a segmentation fault although the binary seems to be compiled for the right architecture (host-amd64).
Is there something wrong I try to use that?

Sebastian

[1]
inherit go-mod
BBCLASSEXTEND = "native"
[2]
DEPENDS += "random-go-tool-needed-by-recipe-native"


[meta-security][PATCH 3/3] python3-fail2ban: remove /run

Armin Kuster
 

Fixes:

ERROR: python3-fail2ban-0.11.2-r0 do_package_qa: QA Issue: python3-fail2ban installs files in /run, but it is expected to be empty [empty-dirs]

Signed-off-by: Armin Kuster <akuster808@...>
---
recipes-security/fail2ban/python3-fail2ban_0.11.2.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb b/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
index fcf044a..4e344c8 100644
--- a/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
+++ b/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
@@ -30,6 +30,7 @@ do_install:append () {
install -d ${D}/${sysconfdir}/init.d
install -m 0755 ${WORKDIR}/initd ${D}${sysconfdir}/init.d/fail2ban-server
chown -R root:root ${D}/${bindir}
+ rm -rf ${D}/run
}

do_install_ptest:append () {
@@ -40,7 +41,6 @@ do_install_ptest:append () {
rm -f ${D}${PTEST_PATH}/bin/fail2ban-python
}

-FILES:${PN} += "/run"

INITSCRIPT_PACKAGES = "${PN}"
INITSCRIPT_NAME = "fail2ban-server"
--
2.25.1


[meta-security][PATCH 2/3] bastille: Create /var/log/Bastille in runtime

Armin Kuster
 

Signed-off-by: Armin Kuster <akuster808@...>
---
recipes-security/bastille/bastille_3.2.1.bb | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/recipes-security/bastille/bastille_3.2.1.bb b/recipes-security/bastille/bastille_3.2.1.bb
index 72281c5..2d82983 100644
--- a/recipes-security/bastille/bastille_3.2.1.bb
+++ b/recipes-security/bastille/bastille_3.2.1.bb
@@ -48,7 +48,6 @@ do_install () {
install -d ${D}${datadir}/Bastille/OSMap/Modules
install -d ${D}${datadir}/Bastille/Questions
install -d ${D}${datadir}/Bastille/FKL/configs/
- install -d ${D}${localstatedir}/log/Bastille
install -d ${D}${sysconfdir}/Bastille
install -m 0755 AutomatedBastille ${D}${sbindir}
install -m 0755 BastilleBackEnd ${D}${sbindir}
@@ -148,6 +147,20 @@ do_install () {
${THISDIR}/files/set_required_questions.py ${D}${sysconfdir}/Bastille/config ${D}${datadir}/Bastille/Questions

ln -s RevertBastille ${D}${sbindir}/UndoBastille
+
+ # Create /var/log/Bastille in runtime.
+ if [ "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" ]; then
+ install -d ${D}${nonarch_libdir}/tmpfiles.d
+ echo "d ${localstatedir}/log/Bastille - - - -" > ${D}${nonarch_libdir}/tmpfiles.d/Bastille.conf
+ fi
+ if [ "${@bb.utils.filter('DISTRO_FEATURES', 'sysvinit', d)}" ]; then
+ install -d ${D}${sysconfdir}/default/volatiles
+ echo "d root root 0755 ${localstatedir}/log/Bastille none" > ${D}${sysconfdir}/default/volatiles/99_Bastille
+ fi
}

-FILES:${PN} += "${datadir}/Bastille ${libdir}/Bastille ${libdir}/perl* ${sysconfdir}/*"
+FILES:${PN} += "${datadir}/Bastille \
+ ${libdir}/Bastille \
+ ${libdir}/perl* \
+ ${sysconfdir}/* \
+ ${nonarch_libdir}/tmpfiles.d"
--
2.25.1


[meta-security][PATCH 1/3] sssd: Create /var/log/sssd in runtime

Armin Kuster
 

/var/log is normally a link to /var/volatile/log and /var/volatile is a
tmpfs mount. So anything created in /var/log will not be available when
the tmpfs is mounted.

[Thanks to Peter Kjellerstedt for example]

Signed-off-by: Armin Kuster <akuster808@...>
---
recipes-security/sssd/sssd_2.5.2.bb | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/recipes-security/sssd/sssd_2.5.2.bb b/recipes-security/sssd/sssd_2.5.2.bb
index ed8af5e..8bc8787 100644
--- a/recipes-security/sssd/sssd_2.5.2.bb
+++ b/recipes-security/sssd/sssd_2.5.2.bb
@@ -86,13 +86,23 @@ do_install () {
rmdir --ignore-fail-on-non-empty "${D}/${bindir}"
install -d ${D}/${sysconfdir}/${BPN}
install -m 600 ${WORKDIR}/${BPN}.conf ${D}/${sysconfdir}/${BPN}
- install -D -m 644 ${WORKDIR}/volatiles.99_sssd ${D}/${sysconfdir}/default/volatiles/99_sssd
+
+ # /var/log/sssd needs to be created in runtime. Use rmdir to catch if
+ # upstream stops creating /var/log/sssd, or adds something else in
+ # /var/log.
+ rmdir ${D}${localstatedir}/log/${BPN} ${D}${localstatedir}/log
+ rmdir --ignore-fail-on-non-empty ${D}${localstatedir}

if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
install -d ${D}${sysconfdir}/tmpfiles.d
echo "d /var/log/sssd 0750 - - - -" > ${D}${sysconfdir}/tmpfiles.d/sss.conf
fi

+ if [ "${@bb.utils.filter('DISTRO_FEATURES', 'sysvinit', d)}" ]; then
+ install -d ${D}${sysconfdir}/default/volatiles
+ echo "d ${SSSD_UID}:${SSSD_GID} 0755 ${localstatedir}/log/${BPN} none" > ${D}${sysconfdir}/default/volatiles/99_${BPN}
+ fi
+
# Remove /run as it is created on startup
rm -rf ${D}/run

@@ -106,6 +116,8 @@ fi
chown ${SSSD_UID}:${SSSD_GID} ${sysconfdir}/${BPN}/${BPN}.conf
}

+FILES:${PN} += "${nonarch_libdir}/tmpfiles.d"
+
CONFFILES:${PN} = "${sysconfdir}/${BPN}/${BPN}.conf"

INITSCRIPT_NAME = "sssd"
--
2.25.1


QA notification for completed autobuilder build (yocto-3.3.4.rc1)

Richard Purdie
 

A build flagged for QA (yocto-3.3.4.rc1) was completed on the autobuilder and is
available at:


https://autobuilder.yocto.io/pub/releases/yocto-3.3.4.rc1


Build hash information:

bitbake: 0fe1a9e2d2e33f80d807cefc7a23df4a5f760c74
meta-agl: d997986f27e239400cf01e0cdef942cee278ea66
meta-arm: 71686ac05c34e53950268bfe0d52c3624e78c190
meta-aws: cad1c714434fe0adc566006e1e1626b4657bcf40
meta-gplv2: 9e119f333cc8f53bd3cf64326f826dbc6ce3db0f
meta-intel: 76495b60dd915846d2f84d03b9c9cfbb548e9dc0
meta-mingw: 422b96cb2b6116442be1f40dfb5bd77447d1219e
meta-openembedded: d378e4293d18e374f5d1494a88bfc3caee4d02df
oecore: 0ca080a23c2770a15138f702d4c879bbd90ca360
poky: c40ac16d79026169639f47be76a3f7b9d8b5178e



This is an automated message from the Yocto Project Autobuilder
Git: git://git.yoctoproject.org/yocto-autobuilder2
Email: richard.purdie@...

2181 - 2200 of 57408