Date   

Re: editing Makefile after configure stage to disable -Werror

Ivan Riabtsov <ivriabtsov@...>
 

i cleaned out -Werror wherever possible with command:

sed -i 's/-Werror//g' $(find . -type f -exec egrep -l _no_Werror {} \;)

and elfutils is builded

вт, 31 авг. 2021 г. в 09:41, Ivan Riabtsov via lists.yoctoproject.org
<ivriabtsov=gmail.com@...>:


Hello, I have the following error:

../../elfutils-0.166/libelf/libelfP.h:53:30: error: ‘__elf64_msize’
specifies less restrictive attribute than its target ‘elf64_fsize’:
‘const’ [-Werror=missing-attributes]

i try to solve this by patch:

diff -Naur elfutils-0.166_orig/libelf/libelfP.h elfutils-0.166/libelf/libelfP.h
--- elfutils-0.166_orig/libelf/libelfP.h 2016-01-12 15:49:19.000000000 +0300
+++ elfutils-0.166/libelf/libelfP.h 2021-08-30 19:38:44.866175082 +0300
@@ -48,6 +48,8 @@


/* Helper Macros to write 32 bit and 64 bit functions. */
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wmissing-attributes"
#define __elfw2_(Bits, Name) __elf##Bits##_##Name
#define elfw2_(Bits, Name) elf##Bits##_##Name
#define ElfW2_(Bits, Name) Elf##Bits##_##Name
@@ -632,4 +634,5 @@
#define INVALID_NDX(ndx, type, data) \
unlikely ((data)->d_size / sizeof (type) <= (unsigned int) (ndx))

+#pragma GCC diagnostic pop
#endif /* libelfP.h */


But the patch does not work, error appears again.


i try to add --disable-werror to configure flags, but i have follows warning:

configure: WARNING: unrecognized options: --disable-werror.


The only solution to the problem I could think of is editing the
Makefile after configuration, please tell me how this can be done?



Re: extrausers-bbclass: plaintext password (since shadow update to 4.9)

Peter Bergin
 

Hi Matthias,

On 2021-08-31 09:03, Matthias Klein wrote:
But I have not found a way to set the password with EXTRA_USERS_PARAMS.
Do you know a working variant?
Is it a requirement that you need to regenerate the hash on every build? If not one solution can be:

    inherit extrausers

    #
    # HASH generated with this command:
    # python3 -c "import crypt; print(crypt.crypt('toor', crypt.METHOD_SHA512))"
    #
    HASH = "\\\$6\\\$8Z5vMcqCIB19PgY8\\\$Sv4kAfsH1k.SANHL5JVb6hdqmQWHOeH0Rjrjyii7fGAK20Gclj/.qiBvUPnAfh.WSsr1.XV0pUNom2L9oYYDV/"

    EXTRA_USERS_PARAMS = " \
       usermod -p ${HASH} root; \
    "

Best regards,
/Peter


Re: extrausers-bbclass: plaintext password (since shadow update to 4.9)

Matthias Klein
 

Hello Peter,

I have already tried many things to pass the hash escaped to the extrausers-bbclass.

But I have not found a way to set the password with EXTRA_USERS_PARAMS.
Do you know a working variant?

Many greetings,
Matthias

-----Ursprüngliche Nachricht-----
Von: Peter Bergin <peter@...>
Gesendet: Montag, 30. August 2021 22:52
An: Matthias Klein <matthias.klein@...>; yocto@...
Betreff: Re: [yocto] extrausers-bbclass: plaintext password (since shadow update to 4.9)

On 2021-08-30 14:54, Matthias Klein wrote:

Hello,

I am trying to find a working alternative for the old -P option.

Previous:
EXTRA_USERS_PARAMS = "usermod -P toor root;"

The suggestions from this thread don't seem to work:
https://lists.openembedded.org/g/openembedded-core/topic/84548199

Current:
hash="$(python3 -c "import crypt; print(crypt.crypt('toor', crypt.METHOD_SHA512))")"
EXTRA_USERS_PARAMS = "usermod -p ${hash} root;"

The hashed password does not seem to be escaped properly in the extrausers-bbclass. The password in the shadow file is missing $ characters.

Is there a way (with the current master branch) to define a password?

You have to escape the password string in the recipe. Use '\\\$' to escape the '$' token. There are some levels of evaluation of the expression and that's the reason for multiple '\'. Just iterate until you have the correct string in the shadow file, also check the log.do_rootfs where you can see the parameters to usermod.

/Peter


Re: extrausers-bbclass: plaintext password (since shadow update to 4.9)

Matthias Klein
 

Hello Markus,

thanks for the workaround!
Works great.

Many greetings,
Matthias


Von: Markus Volk <f_l_k@...>
Gesendet: Montag, 30. August 2021 20:46
An: Matthias Klein <matthias.klein@...>
Cc: yocto@...
Betreff: Re: [yocto] extrausers-bbclass: plaintext password (since shadow update to 4.9)

I also have problems with setting passwords in current master branch. I only can provide a hacky workaround. I added the following lines to my image recipe to inject the passwords manually after rootfs creation:

RETRO_USER_PASSWORD ?= "retro"
ROOT_USER_PASSWORD ?= "root"
ROOTFS_POSTPROCESS_COMMAND += "set_root_passwd;"
ROOTFS_POSTPROCESS_COMMAND += "set_retro_passwd;"

set_root_passwd() {
   ROOTPW_ENCRYPTED="$(openssl passwd -6 -salt xyz ${ROOT_USER_PASSWORD})"
   sed -i "s%^root:[^:]*:%root:${ROOTPW_ENCRYPTED}:%" ${IMAGE_ROOTFS}/etc/shadow
}

set_retro_passwd() {
   RETROPW_ENCRYPTED="$(openssl passwd -6 -salt xyz ${RETRO_USER_PASSWORD})"
   sed -i "s%^retro:[^:]*:%retro:${RETROPW_ENCRYPTED}:%" ${IMAGE_ROOTFS}/etc/shadow
}

Am 30.08.21 um 14:54 schrieb Matthias Klein:
Hello,

I am trying to find a working alternative for the old -P option.

Previous:
EXTRA_USERS_PARAMS = "usermod -P toor root;"

The suggestions from this thread don't seem to work: https://lists.openembedded.org/g/openembedded-core/topic/84548199

Current:
hash="$(python3 -c "import crypt; print(crypt.crypt('toor', crypt.METHOD_SHA512))")"
EXTRA_USERS_PARAMS = "usermod -p ${hash} root;"

The hashed password does not seem to be escaped properly in the extrausers-bbclass. The password in the shadow file is missing $ characters.

Is there a way (with the current master branch) to define a password?

Many greetings,
Matthias


editing Makefile after configure stage to disable -Werror

Ivan Riabtsov <ivriabtsov@...>
 

Hello, I have the following error:

../../elfutils-0.166/libelf/libelfP.h:53:30: error: ‘__elf64_msize’
specifies less restrictive attribute than its target ‘elf64_fsize’:
‘const’ [-Werror=missing-attributes]

i try to solve this by patch:

diff -Naur elfutils-0.166_orig/libelf/libelfP.h elfutils-0.166/libelf/libelfP.h
--- elfutils-0.166_orig/libelf/libelfP.h 2016-01-12 15:49:19.000000000 +0300
+++ elfutils-0.166/libelf/libelfP.h 2021-08-30 19:38:44.866175082 +0300
@@ -48,6 +48,8 @@


/* Helper Macros to write 32 bit and 64 bit functions. */
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wmissing-attributes"
#define __elfw2_(Bits, Name) __elf##Bits##_##Name
#define elfw2_(Bits, Name) elf##Bits##_##Name
#define ElfW2_(Bits, Name) Elf##Bits##_##Name
@@ -632,4 +634,5 @@
#define INVALID_NDX(ndx, type, data) \
unlikely ((data)->d_size / sizeof (type) <= (unsigned int) (ndx))

+#pragma GCC diagnostic pop
#endif /* libelfP.h */


But the patch does not work, error appears again.


i try to add --disable-werror to configure flags, but i have follows warning:

configure: WARNING: unrecognized options: --disable-werror.


The only solution to the problem I could think of is editing the
Makefile after configuration, please tell me how this can be done?


Re: [oe][meta-security][PATCH] meta: Fix typos

Armin Kuster
 

On 8/29/21 1:04 AM, Martin Jansa wrote:
Please merge this one.
you are right. Some how dropped that one. Its merged not.

thanks for the reminder.

-armin

On Wed, Aug 4, 2021 at 1:20 PM Martin Jansa via lists.yoctoproject.org
<http://lists.yoctoproject.org>
<Martin.Jansa=gmail.com@...
<mailto:gmail.com@...>> wrote:

Acked-by: Martin Jansa <Martin.Jansa@...
<mailto:Martin.Jansa@...>>

On Mon, Aug 2, 2021 at 11:02 AM George Liu <liuxiwei1013@...
<mailto:liuxiwei1013@...>> wrote:

Fix the variable spelling errors
s/SKIP_META_SECUIRTY_SANITY_CHECK/SKIP_META_SECURITY_SANITY_CHECK

Signed-off-by: George Liu <liuxiwei@...
<mailto:liuxiwei@...>>
---
 classes/sanity-meta-security.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/classes/sanity-meta-security.bbclass
b/classes/sanity-meta-security.bbclass
index b6c6b9c..f9e2698 100644
--- a/classes/sanity-meta-security.bbclass
+++ b/classes/sanity-meta-security.bbclass
@@ -1,7 +1,7 @@
 addhandler security_bbappend_distrocheck
 security_bbappend_distrocheck[eventmask] = "bb.event.SanityCheck"
 python security_bbappend_distrocheck() {
-    skip_check =
e.data.getVar('SKIP_META_SECUIRTY_SANITY_CHECK') == "1"
+    skip_check =
e.data.getVar('SKIP_META_SECURITY_SANITY_CHECK') == "1"
     if 'security' not in
e.data.getVar('DISTRO_FEATURES').split() and not skip_check:
         bb.warn("You have included the meta-security layer, but \
 'security' has not been enabled in your DISTRO_FEATURES. Some
bbappend files \
--
2.30.2







M+ & H bugs with Milestone Movements WW35

Stephen Jolley
 

All,

YP M+ or high bugs which moved to a new milestone in WW35 are listed below:

Priority

Bug ID

Short Description

Changer

Owner

Was

Became

Medium+

13025

WIC image install support

kexin.hao@...

kexin.hao@...

3.5

3.5 M1

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 


Enhancements/Bugs closed WW35!

Stephen Jolley
 

All,

The below were the owners of enhancements or bugs closed during the last week!

Who

Count

richard.purdie@...

1

randy.macleod@...

1

Grand Total

2

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 


Current high bug count owners for Yocto Project 3.4

Stephen Jolley
 

All,

Below is the list as of top 50 bug owners as of the end of WW35 of who have open medium or higher bugs and enhancements against YP 3.4.   There are 42 possible work days left until the final release candidates for YP 3.4 needs to be released.

Who

Count

michael.opdenacker@...

32

ross@...

31

david.reyna@...

22

richard.purdie@...

22

bruce.ashfield@...

16

randy.macleod@...

15

trevor.gamblin@...

13

timothy.t.orling@...

12

JPEWhacker@...

10

sakib.sajal@...

10

bluelightning@...

7

kai.kang@...

7

mhalstead@...

6

tony.tascioglu@...

5

Qi.Chen@...

4

hongxu.jia@...

4

chee.yang.lee@...

3

mingli.yu@...

3

alexandre.belloni@...

2

jaewon@...

2

yi.zhao@...

2

yf3yu@...

2

mshah@...

2

akuster808@...

2

alejandro@...

2

jay.shen.teoh@...

1

diego.sueiro@...

1

john.kaldas.enpj@...

1

sangeeta.jain@...

1

douglas.royds@...

1

mostthingsweb@...

1

mister_rs@...

1

raj.khem@...

1

devendra.tewari@...

1

kergoth@...

1

thomas.perrot@...

1

dl9pf@...

1

tonyb@...

1

open.source@...

1

fransmeulenbroeks@...

1

Martin.Jansa@...

1

yoctoproject@...

1

nicolas.dechesne@...

1

naveen.kumar.saini@...

1

jon.mason@...

1

jason.wessel@...

1

jeanmarie.lemetayer@...

1

ydirson@...

1

aehs29@...

1

pokylinux@...

1

matthewzmd@...

1

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 


Yocto Project Newcomer & Unassigned Bugs - Help Needed

Stephen Jolley
 

All,

 

The triage team is starting to try and collect up and classify bugs which a newcomer to the project would be able to work on in a way which means people can find them. They're being listed on the triage page under the appropriate heading:

https://wiki.yoctoproject.org/wiki/Bug_Triage#Newcomer_Bugs  Also please review: https://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded and how to create a bugzilla account at: https://bugzilla.yoctoproject.org/createaccount.cgi

The idea is these bugs should be straight forward for a person to help work on who doesn't have deep experience with the project.  If anyone can help, please take ownership of the bug and send patches!  If anyone needs help/advice there are people on irc who can likely do so, or some of the more experienced contributors will likely be happy to help too.

 

Also, the triage team meets weekly and does its best to handle the bugs reported into the Bugzilla. The number of people attending that meeting has fallen, as have the number of people available to help fix bugs. One of the things we hear users report is they don't know how to help. We (the triage team) are therefore going to start reporting out the currently 382 unassigned or newcomer bugs.

 

We're hoping people may be able to spare some time now and again to help out with these.  Bugs are split into two types, "true bugs" where things don't work as they should and "enhancements" which are features we'd want to add to the system.  There are also roughly four different "priority" classes right now, “3.4”, “3.5, "3.99" and "Future", the more pressing/urgent issues being in "3.4" and then “3.5”.

 

Please review this link and if a bug is something you would be able to help with either take ownership of the bug, or send me (sjolley.yp.pm@...) an e-mail with the bug number you would like and I will assign it to you (please make sure you have a Bugzilla account).  The list is at: https://wiki.yoctoproject.org/wiki/Bug_Triage_Archive#Unassigned_or_Newcomer_Bugs

 

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 


Re: extrausers-bbclass: plaintext password (since shadow update to 4.9)

Peter Bergin
 

On 2021-08-30 14:54, Matthias Klein wrote:

Hello,

I am trying to find a working alternative for the old -P option.

Previous:
EXTRA_USERS_PARAMS = "usermod -P toor root;"

The suggestions from this thread don't seem to work: https://lists.openembedded.org/g/openembedded-core/topic/84548199

Current:
hash="$(python3 -c "import crypt; print(crypt.crypt('toor', crypt.METHOD_SHA512))")"
EXTRA_USERS_PARAMS = "usermod -p ${hash} root;"

The hashed password does not seem to be escaped properly in the extrausers-bbclass. The password in the shadow file is missing $ characters.

Is there a way (with the current master branch) to define a password?

You have to escape the password string in the recipe. Use '\\\$' to escape the '$' token. There are some levels of evaluation of the expression and that's the reason for multiple '\'. Just iterate until you have the correct string in the shadow file, also check the log.do_rootfs where you can see the parameters to usermod.

/Peter


Re: extrausers-bbclass: plaintext password (since shadow update to 4.9)

Markus Volk
 

I also have problems with setting passwords in current master branch. I only can provide a hacky workaround. I added the following lines to my image recipe to inject the passwords manually after rootfs creation:

RETRO_USER_PASSWORD ?= "retro"
ROOT_USER_PASSWORD ?= "root"
ROOTFS_POSTPROCESS_COMMAND += "set_root_passwd;"
ROOTFS_POSTPROCESS_COMMAND += "set_retro_passwd;"

set_root_passwd() {
   ROOTPW_ENCRYPTED="$(openssl passwd -6 -salt xyz ${ROOT_USER_PASSWORD})"
   sed -i "s%^root:[^:]*:%root:${ROOTPW_ENCRYPTED}:%" ${IMAGE_ROOTFS}/etc/shadow
}

set_retro_passwd() {
   RETROPW_ENCRYPTED="$(openssl passwd -6 -salt xyz ${RETRO_USER_PASSWORD})"
   sed -i "s%^retro:[^:]*:%retro:${RETROPW_ENCRYPTED}:%" ${IMAGE_ROOTFS}/etc/shadow
}


Am 30.08.21 um 14:54 schrieb Matthias Klein:

Hello,

I am trying to find a working alternative for the old -P option.

Previous: 
EXTRA_USERS_PARAMS = "usermod -P toor root;"

The suggestions from this thread don't seem to work: https://lists.openembedded.org/g/openembedded-core/topic/84548199

Current: 
hash="$(python3 -c "import crypt; print(crypt.crypt('toor', crypt.METHOD_SHA512))")"
EXTRA_USERS_PARAMS = "usermod -p ${hash} root;"

The hashed password does not seem to be escaped properly in the extrausers-bbclass. The password in the shadow file is missing $ characters.

Is there a way (with the current master branch) to define a password?

Many greetings,
Matthias





Re: [meta-hardening][PATCH] meta-hardening/binutils: harden installation permissions

Marta Rybczynska
 

(correcting the wrong list address)

On Fri, Aug 27, 2021 at 6:07 AM akuster808 <akuster808@...> wrote:
Marta,

On 8/24/21 11:05 PM, Marta Rybczynska wrote:
> Compilers and related utils are better restricted on production platforms.
> Change permissions of all installed binutils tools to remove access from
> users outside of the root group.
>
> This also demonstrates how to restrict file permissions in a hardened
> distribution.

Have you looked into FILESYSTEM_PERMS_TABLES? An example of the format
can be found @ /meta/files/fs-perms.txt

For more info see
https://www.yoctoproject.org/docs/3.1/ref-manual/ref-manual.html

Maybe having something like fs-perms.txt in meta-hardening may achieve
the same?


It looks like a possibility, I will give it a try. I have a question about the future,
however. Currently meta-hardening is defining its own distribution. When hardening
will be in DISTRO_FEATURES (you were working on it some time ago https://patchwork.openembedded.org/patch/174773/),
it would be less obvious to use, wouldn't it?

A bonus question, do you still plan to make it in DISTRO_FEATURES?

Regards,
Marta


Re: downgrade openssl libraryes

Ivan Riabtsov <ivriabtsov@...>
 

I have phytec imx6ul board with a preinstalled os. On this os opessl
version is 1.0.2j i need to build nginx for this board, but i can't
build yocto same version as i have on board, so I grabbed a newer
version of yocto from phytec site, rolled back glibc and try to roll
back openssl. I do not want to flash the device, as I'm afraid to get
brick

пн, 30 авг. 2021 г. в 16:51, Alexander Kanavin <alex.kanavin@...>:


openssl 1.0.2 went out of support at the end of 2019 and you should not be using it. What is the problem you need to solve?

Alex

On Mon, 30 Aug 2021 at 15:33, Ivan Riabtsov <ivriabtsov@...> wrote:

hello i am trying to rollback openssl version from 1.1.1i to 1.0.2j.
Copied the recipe openssl_1.1.1i.bb to openssl_1.0.2j.bb, saved the
openssl_1.1.1i.bb version with the name openssl_1.1.1i.bb.backup

Отредактировал новый файл, вот разница в файлах:

diff -Nau ./openssl_1.1.1i.bb.backup ./openssl_1.0.2j.bb
--- ./openssl_1.1.1i.bb.backup 2021-08-27 14:46:07.085808702 +0300
+++ ./openssl_1.0.2j.bb 2021-08-27 16:12:14.216430734 +0300
@@ -7,23 +7,19 @@
# "openssl" here actually means both OpenSSL and SSLeay licenses apply
# (see meta/files/common-licenses/OpenSSL to which "openssl" is
SPDXLICENSEMAPped)
LICENSE = "openssl"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=d343e62fc9c833710bbbed25f27364c8"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6"

DEPENDS = "hostperl-runtime-native"

SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
file://run-ptest \
- file://0001-skip-test_symbol_presence.patch \
- file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
\
- file://afalg.patch \
- file://reproducible.patch \
"

SRC_URI_append_class-nativesdk = " \
file://environment.d-openssl.sh \
"

-SRC_URI[sha256sum] =
"e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242"
+SRC_URI[sha256sum] =
"e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431"

inherit lib_package multilib_header multilib_script ptest
MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
@@ -122,7 +118,7 @@
# WARNING: do not set compiler/linker flags (-I/-D etc.) in
EXTRA_OECONF, as they will fully replace the
# environment variables set by bitbake. Adjust the environment
variables instead.
HASHBANGPERL="/usr/bin/env perl" PERL=perl
PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \
- perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS}
--prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir}
$target
+ perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS}
--prefix=$useprefix --openssldir=${libdir}/ssl-1.0 --libdir=${libdir}
$target
perl ${B}/configdata.pm --dump
}

@@ -134,30 +130,30 @@
# Create SSL structure for packages such as ca-certificates which
# contain hard-coded paths to /etc/ssl. Debian does the same.
install -d ${D}${sysconfdir}/ssl
- mv ${D}${libdir}/ssl-1.1/certs \
- ${D}${libdir}/ssl-1.1/private \
- ${D}${libdir}/ssl-1.1/openssl.cnf \
+ mv ${D}${libdir}/ssl-1.0/certs \
+ ${D}${libdir}/ssl-1.0/private \
+ ${D}${libdir}/ssl-1.0/openssl.cnf \
${D}${sysconfdir}/ssl/

# Although absolute symlinks would be OK for the target, they become
# invalid if native or nativesdk are relocated from sstate.
- ln -sf ${@oe.path.relative('${libdir}/ssl-1.1',
'${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-1.1/certs
- ln -sf ${@oe.path.relative('${libdir}/ssl-1.1',
'${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-1.1/private
- ln -sf ${@oe.path.relative('${libdir}/ssl-1.1',
'${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-1.1/openssl.cnf
+ ln -sf ${@oe.path.relative('${libdir}/ssl-1.0',
'${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-1.0/certs
+ ln -sf ${@oe.path.relative('${libdir}/ssl-1.0',
'${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-1.0/private
+ ln -sf ${@oe.path.relative('${libdir}/ssl-1.0',
'${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-1.0/openssl.cnf
}

do_install_append_class-native () {
create_wrapper ${D}${bindir}/openssl \
- OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \
- SSL_CERT_DIR=${libdir}/ssl-1.1/certs \
- SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \
- OPENSSL_ENGINES=${libdir}/engines-1.1
+ OPENSSL_CONF=${libdir}/ssl-1.0/openssl.cnf \
+ SSL_CERT_DIR=${libdir}/ssl-1.0/certs \
+ SSL_CERT_FILE=${libdir}/ssl-1.0/cert.pem \
+ OPENSSL_ENGINES=${libdir}/engines-1.0
}

do_install_append_class-nativesdk () {
mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
install -m 644 ${WORKDIR}/environment.d-openssl.sh
${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
- sed 's|/usr/lib/ssl/|/usr/lib/ssl-1.1/|g' -i
${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
+ sed 's|/usr/lib/ssl/|/usr/lib/ssl-1.0/|g' -i
${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
}

PTEST_BUILD_HOST_FILES += "configdata.pm"
@@ -170,8 +166,8 @@
cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util
${B}/util ${D}${PTEST_PATH}

# For test_shlibload
- ln -s ${libdir}/libcrypto.so.1.1 ${D}${PTEST_PATH}/
- ln -s ${libdir}/libssl.so.1.1 ${D}${PTEST_PATH}/
+ ln -s ${libdir}/libcrypto.so.1.0 ${D}${PTEST_PATH}/
+ ln -s ${libdir}/libssl.so.1.0 ${D}${PTEST_PATH}/

install -d ${D}${PTEST_PATH}/apps
ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps
@@ -192,11 +188,11 @@
FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
FILES_libssl = "${libdir}/libssl${SOLIBS}"
FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf \
- ${libdir}/ssl-1.1/openssl.cnf* \
+ ${libdir}/ssl-1.0/openssl.cnf* \
"
-FILES_${PN}-engines = "${libdir}/engines-1.1"
-FILES_${PN}-misc = "${libdir}/ssl-1.1/misc"
-FILES_${PN} =+ "${libdir}/ssl-1.1/*"
+FILES_${PN}-engines = "${libdir}/engines-1.0"
+FILES_${PN}-misc = "${libdir}/ssl-1.0/misc"
+FILES_${PN} =+ "${libdir}/ssl-1.0/*"
FILES_${PN}_append_class-nativesdk = "
${SDKPATHNATIVE}/environment-setup.d/openssl.sh"

CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"


вот новый получившийся файл:


cat openssl_1.0.2j.bb
SUMMARY = "Secure Socket Layer"
DESCRIPTION = "Secure Socket Layer (SSL) binary and related
cryptographic tools."
HOMEPAGE = "http://www.openssl.org/"
BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
SECTION = "libs/network"

# "openssl" here actually means both OpenSSL and SSLeay licenses apply
# (see meta/files/common-licenses/OpenSSL to which "openssl" is
SPDXLICENSEMAPped)
LICENSE = "openssl"
LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6"

DEPENDS = "hostperl-runtime-native"

SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
file://run-ptest \
"

SRC_URI_append_class-nativesdk = " \
file://environment.d-openssl.sh \
"

SRC_URI[sha256sum] =
"e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431"

inherit lib_package multilib_header multilib_script ptest
MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"

PACKAGECONFIG ?= ""
PACKAGECONFIG_class-native = ""
PACKAGECONFIG_class-nativesdk = ""

PACKAGECONFIG[cryptodev-linux] =
"enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module"

B = "${WORKDIR}/build"
do_configure[cleandirs] = "${B}"

#| ./libcrypto.so: undefined reference to `getcontext'
#| ./libcrypto.so: undefined reference to `setcontext'
#| ./libcrypto.so: undefined reference to `makecontext'
EXTRA_OECONF_append_libc-musl = " no-async"
EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm"

# adding devrandom prevents openssl from using getrandom() which is
not available on older glibc versions
# (native versions can be built with newer glibc, but then relocated
onto a system with older glibc)
EXTRA_OECONF_class-native = "--with-rand-seed=os,devrandom"
EXTRA_OECONF_class-nativesdk = "--with-rand-seed=os,devrandom"

# Relying on hardcoded built-in paths causes openssl-native to not be
relocateable from sstate.
CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin
-DENGINESDIR=/not/builtin"
CFLAGS_append_class-nativesdk = " -DOPENSSLDIR=/not/builtin
-DENGINESDIR=/not/builtin"

do_configure () {
os=${HOST_OS}
case $os in
linux-gnueabi |\
linux-gnuspe |\
linux-musleabi |\
linux-muslspe |\
linux-musl )
os=linux
;;
*)
;;
esac
target="$os-${HOST_ARCH}"
case $target in
linux-arm*)
target=linux-armv4
;;
linux-aarch64*)
target=linux-aarch64
;;
linux-i?86 | linux-viac3)
target=linux-x86
;;
linux-gnux32-x86_64 | linux-muslx32-x86_64 )
target=linux-x32
;;
linux-gnu64-x86_64)
target=linux-x86_64
;;
linux-mips | linux-mipsel)
# specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding
target architecture flags
target="linux-mips32 ${TARGET_CC_ARCH}"
;;
linux-gnun32-mips*)
target=linux-mips64
;;
linux-*-mips64 | linux-mips64 | linux-*-mips64el | linux-mips64el)
target=linux64-mips64
;;
linux-microblaze* | linux-nios2* | linux-sh3 | linux-sh4 | linux-arc*)
target=linux-generic32
;;
linux-powerpc)
target=linux-ppc
;;
linux-powerpc64)
target=linux-ppc64
;;
linux-powerpc64le)
target=linux-ppc64le
;;
linux-riscv32)
target=linux-generic32
;;
linux-riscv64)
target=linux-generic64
;;
linux-sparc | linux-supersparc)
target=linux-sparcv9
;;
esac

useprefix=${prefix}
if [ "x$useprefix" = "x" ]; then
useprefix=/
fi
# WARNING: do not set compiler/linker flags (-I/-D etc.) in
EXTRA_OECONF, as they will fully replace the
# environment variables set by bitbake. Adjust the environment
variables instead.
HASHBANGPERL="/usr/bin/env perl" PERL=perl
PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \
perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS}
--prefix=$useprefix --openssldir=${libdir}/ssl-1.0 --libdir=${libdir}
$target
perl ${B}/configdata.pm --dump
}

do_install () {
oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install

oe_multilib_header openssl/opensslconf.h

# Create SSL structure for packages such as ca-certificates which
# contain hard-coded paths to /etc/ssl. Debian does the same.
install -d ${D}${sysconfdir}/ssl
mv ${D}${libdir}/ssl-1.0/certs \
${D}${libdir}/ssl-1.0/private \
${D}${libdir}/ssl-1.0/openssl.cnf \
${D}${sysconfdir}/ssl/

# Although absolute symlinks would be OK for the target, they become
# invalid if native or nativesdk are relocated from sstate.
ln -sf ${@oe.path.relative('${libdir}/ssl-1.0',
'${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-1.0/certs
ln -sf ${@oe.path.relative('${libdir}/ssl-1.0',
'${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-1.0/private
ln -sf ${@oe.path.relative('${libdir}/ssl-1.0',
'${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-1.0/openssl.cnf
}

do_install_append_class-native () {
create_wrapper ${D}${bindir}/openssl \
OPENSSL_CONF=${libdir}/ssl-1.0/openssl.cnf \
SSL_CERT_DIR=${libdir}/ssl-1.0/certs \
SSL_CERT_FILE=${libdir}/ssl-1.0/cert.pem \
OPENSSL_ENGINES=${libdir}/engines-1.0
}

do_install_append_class-nativesdk () {
mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
install -m 644 ${WORKDIR}/environment.d-openssl.sh
${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
sed 's|/usr/lib/ssl/|/usr/lib/ssl-1.0/|g' -i
${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
}

PTEST_BUILD_HOST_FILES += "configdata.pm"
PTEST_BUILD_HOST_PATTERN = "perl_version ="
do_install_ptest () {
# Prune the build tree
rm -f ${B}/fuzz/*.* ${B}/test/*.*

cp ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH}
cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util
${D}${PTEST_PATH}

# For test_shlibload
ln -s ${libdir}/libcrypto.so.1.0 ${D}${PTEST_PATH}/
ln -s ${libdir}/libssl.so.1.0 ${D}${PTEST_PATH}/

install -d ${D}${PTEST_PATH}/apps
ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps
install -m644 ${S}/apps/*.pem ${S}/apps/*.srl ${S}/apps/openssl.cnf
${D}${PTEST_PATH}/apps
install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps

install -d ${D}${PTEST_PATH}/engines
install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines
}

# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
# package RRECOMMENDS on this package. This will enable the configuration
# file to be installed for both the openssl-bin package and the libcrypto
# package since the openssl-bin package depends on the libcrypto package.

PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc"

FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
FILES_libssl = "${libdir}/libssl${SOLIBS}"
FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf \
${libdir}/ssl-1.0/openssl.cnf* \
"
FILES_${PN}-engines = "${libdir}/engines-1.0"
FILES_${PN}-misc = "${libdir}/ssl-1.0/misc"
FILES_${PN} =+ "${libdir}/ssl-1.0/*"
FILES_${PN}_append_class-nativesdk = "
${SDKPATHNATIVE}/environment-setup.d/openssl.sh"

CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"

RRECOMMENDS_libcrypto += "openssl-conf"
RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash"

RDEPENDS_${PN}-bin += "openssl-conf"

BBCLASSEXTEND = "native nativesdk"

CVE_PRODUCT = "openssl:openssl"

# Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37
# Apache in meta-webserver is already recent enough
CVE_CHECK_WHITELIST += "CVE-2019-0190"


I understand that I need to figure out the configs yourself, but I get
this error when executing the

bitbake openssl-native

ERROR: Execution of
'/home/ivr/work/yocto_orig/build/tmp/work/x86_64-linux/openssl-native/1.0.2j-r0/temp/run.do_configure.1071458'
failed with exit code 2:
| unable to read opensslv.h:No such file or directory
| Configuring for linux-x86_64
| no-devcryptoeng [option] OPENSSL_NO_DEVCRYPTOENG (skip dir)
| no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128
(skip dir)
| no-gmp [default] OPENSSL_NO_GMP (skip dir)
| no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir)
| no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5
| no-libunbound [experimental] OPENSSL_NO_LIBUNBOUND (skip dir)
| no-md2 [default] OPENSSL_NO_MD2 (skip dir)
| no-rc5 [default] OPENSSL_NO_RC5 (skip dir)
| no-rfc3779 [default] OPENSSL_NO_RFC3779 (skip dir)
| no-sctp [default] OPENSSL_NO_SCTP (skip dir)
| no-shared [default]
| no-ssl-trace [default] OPENSSL_NO_SSL_TRACE (skip dir)
| no-ssl2 [default] OPENSSL_NO_SSL2 (skip dir)
| no-store [experimental] OPENSSL_NO_STORE (skip dir)
| no-unit-test [default] OPENSSL_NO_UNIT_TEST (skip dir)
| no-weak-ssl-ciphers [default] OPENSSL_NO_WEAK_SSL_CIPHERS (skip dir)
| no-zlib [default]
| no-zlib-dynamic [default]
| IsMK1MF=0
| WARNING: exit code 2 from a shell command.
|

As far as I can understand, the opensslv.h file is generated just at
the configuration stage, why does the configuration stage give an
error of the absence of this file?



Re: downgrade openssl libraryes

Alexander Kanavin
 

openssl 1.0.2 went out of support at the end of 2019 and you should not be using it. What is the problem you need to solve?

Alex


On Mon, 30 Aug 2021 at 15:33, Ivan Riabtsov <ivriabtsov@...> wrote:
hello i am trying to rollback openssl version from 1.1.1i to 1.0.2j.
Copied the recipe openssl_1.1.1i.bb to openssl_1.0.2j.bb, saved the
openssl_1.1.1i.bb version with the name openssl_1.1.1i.bb.backup

Отредактировал новый файл, вот разница в файлах:

diff -Nau ./openssl_1.1.1i.bb.backup ./openssl_1.0.2j.bb
--- ./openssl_1.1.1i.bb.backup 2021-08-27 14:46:07.085808702 +0300
+++ ./openssl_1.0.2j.bb 2021-08-27 16:12:14.216430734 +0300
@@ -7,23 +7,19 @@
 # "openssl" here actually means both OpenSSL and SSLeay licenses apply
 # (see meta/files/common-licenses/OpenSSL to which "openssl" is
SPDXLICENSEMAPped)
 LICENSE = "openssl"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=d343e62fc9c833710bbbed25f27364c8"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6"

 DEPENDS = "hostperl-runtime-native"

 SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
            file://run-ptest \
-           file://0001-skip-test_symbol_presence.patch \
-           file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
\
-           file://afalg.patch \
-           file://reproducible.patch \
            "

 SRC_URI_append_class-nativesdk = " \
            file://environment.d-openssl.sh \
            "

-SRC_URI[sha256sum] =
"e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242"
+SRC_URI[sha256sum] =
"e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431"

 inherit lib_package multilib_header multilib_script ptest
 MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
@@ -122,7 +118,7 @@
  # WARNING: do not set compiler/linker flags (-I/-D etc.) in
EXTRA_OECONF, as they will fully replace the
  # environment variables set by bitbake. Adjust the environment
variables instead.
  HASHBANGPERL="/usr/bin/env perl" PERL=perl
PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \
- perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS}
--prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir}
$target
+ perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS}
--prefix=$useprefix --openssldir=${libdir}/ssl-1.0 --libdir=${libdir}
$target
  perl ${B}/configdata.pm --dump
 }

@@ -134,30 +130,30 @@
  # Create SSL structure for packages such as ca-certificates which
  # contain hard-coded paths to /etc/ssl. Debian does the same.
  install -d ${D}${sysconfdir}/ssl
- mv ${D}${libdir}/ssl-1.1/certs \
-    ${D}${libdir}/ssl-1.1/private \
-    ${D}${libdir}/ssl-1.1/openssl.cnf \
+ mv ${D}${libdir}/ssl-1.0/certs \
+    ${D}${libdir}/ssl-1.0/private \
+    ${D}${libdir}/ssl-1.0/openssl.cnf \
     ${D}${sysconfdir}/ssl/

  # Although absolute symlinks would be OK for the target, they become
  # invalid if native or nativesdk are relocated from sstate.
- ln -sf ${@oe.path.relative('${libdir}/ssl-1.1',
'${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-1.1/certs
- ln -sf ${@oe.path.relative('${libdir}/ssl-1.1',
'${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-1.1/private
- ln -sf ${@oe.path.relative('${libdir}/ssl-1.1',
'${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-1.1/openssl.cnf
+ ln -sf ${@oe.path.relative('${libdir}/ssl-1.0',
'${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-1.0/certs
+ ln -sf ${@oe.path.relative('${libdir}/ssl-1.0',
'${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-1.0/private
+ ln -sf ${@oe.path.relative('${libdir}/ssl-1.0',
'${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-1.0/openssl.cnf
 }

 do_install_append_class-native () {
  create_wrapper ${D}${bindir}/openssl \
-     OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \
-     SSL_CERT_DIR=${libdir}/ssl-1.1/certs \
-     SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \
-     OPENSSL_ENGINES=${libdir}/engines-1.1
+     OPENSSL_CONF=${libdir}/ssl-1.0/openssl.cnf \
+     SSL_CERT_DIR=${libdir}/ssl-1.0/certs \
+     SSL_CERT_FILE=${libdir}/ssl-1.0/cert.pem \
+     OPENSSL_ENGINES=${libdir}/engines-1.0
 }

 do_install_append_class-nativesdk () {
  mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
  install -m 644 ${WORKDIR}/environment.d-openssl.sh
${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
- sed 's|/usr/lib/ssl/|/usr/lib/ssl-1.1/|g' -i
${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
+ sed 's|/usr/lib/ssl/|/usr/lib/ssl-1.0/|g' -i
${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
 }

 PTEST_BUILD_HOST_FILES += "configdata.pm"
@@ -170,8 +166,8 @@
  cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util
${B}/util ${D}${PTEST_PATH}

  # For test_shlibload
- ln -s ${libdir}/libcrypto.so.1.1 ${D}${PTEST_PATH}/
- ln -s ${libdir}/libssl.so.1.1 ${D}${PTEST_PATH}/
+ ln -s ${libdir}/libcrypto.so.1.0 ${D}${PTEST_PATH}/
+ ln -s ${libdir}/libssl.so.1.0 ${D}${PTEST_PATH}/

  install -d ${D}${PTEST_PATH}/apps
  ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps
@@ -192,11 +188,11 @@
 FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
 FILES_libssl = "${libdir}/libssl${SOLIBS}"
 FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf \
-                      ${libdir}/ssl-1.1/openssl.cnf* \
+                      ${libdir}/ssl-1.0/openssl.cnf* \
                       "
-FILES_${PN}-engines = "${libdir}/engines-1.1"
-FILES_${PN}-misc = "${libdir}/ssl-1.1/misc"
-FILES_${PN} =+ "${libdir}/ssl-1.1/*"
+FILES_${PN}-engines = "${libdir}/engines-1.0"
+FILES_${PN}-misc = "${libdir}/ssl-1.0/misc"
+FILES_${PN} =+ "${libdir}/ssl-1.0/*"
 FILES_${PN}_append_class-nativesdk = "
${SDKPATHNATIVE}/environment-setup.d/openssl.sh"

 CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"


вот новый получившийся файл:


cat openssl_1.0.2j.bb
SUMMARY = "Secure Socket Layer"
DESCRIPTION = "Secure Socket Layer (SSL) binary and related
cryptographic tools."
HOMEPAGE = "http://www.openssl.org/"
BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
SECTION = "libs/network"

# "openssl" here actually means both OpenSSL and SSLeay licenses apply
# (see meta/files/common-licenses/OpenSSL to which "openssl" is
SPDXLICENSEMAPped)
LICENSE = "openssl"
LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6"

DEPENDS = "hostperl-runtime-native"

SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
           file://run-ptest \
           "

SRC_URI_append_class-nativesdk = " \
           file://environment.d-openssl.sh \
           "

SRC_URI[sha256sum] =
"e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431"

inherit lib_package multilib_header multilib_script ptest
MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"

PACKAGECONFIG ?= ""
PACKAGECONFIG_class-native = ""
PACKAGECONFIG_class-nativesdk = ""

PACKAGECONFIG[cryptodev-linux] =
"enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module"

B = "${WORKDIR}/build"
do_configure[cleandirs] = "${B}"

#| ./libcrypto.so: undefined reference to `getcontext'
#| ./libcrypto.so: undefined reference to `setcontext'
#| ./libcrypto.so: undefined reference to `makecontext'
EXTRA_OECONF_append_libc-musl = " no-async"
EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm"

# adding devrandom prevents openssl from using getrandom() which is
not available on older glibc versions
# (native versions can be built with newer glibc, but then relocated
onto a system with older glibc)
EXTRA_OECONF_class-native = "--with-rand-seed=os,devrandom"
EXTRA_OECONF_class-nativesdk = "--with-rand-seed=os,devrandom"

# Relying on hardcoded built-in paths causes openssl-native to not be
relocateable from sstate.
CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin
-DENGINESDIR=/not/builtin"
CFLAGS_append_class-nativesdk = " -DOPENSSLDIR=/not/builtin
-DENGINESDIR=/not/builtin"

do_configure () {
os=${HOST_OS}
case $os in
linux-gnueabi |\
linux-gnuspe |\
linux-musleabi |\
linux-muslspe |\
linux-musl )
os=linux
;;
*)
;;
esac
target="$os-${HOST_ARCH}"
case $target in
linux-arm*)
target=linux-armv4
;;
linux-aarch64*)
target=linux-aarch64
;;
linux-i?86 | linux-viac3)
target=linux-x86
;;
linux-gnux32-x86_64 | linux-muslx32-x86_64 )
target=linux-x32
;;
linux-gnu64-x86_64)
target=linux-x86_64
;;
linux-mips | linux-mipsel)
# specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding
target architecture flags
target="linux-mips32 ${TARGET_CC_ARCH}"
;;
linux-gnun32-mips*)
target=linux-mips64
;;
linux-*-mips64 | linux-mips64 | linux-*-mips64el | linux-mips64el)
target=linux64-mips64
;;
linux-microblaze* | linux-nios2* | linux-sh3 | linux-sh4 | linux-arc*)
target=linux-generic32
;;
linux-powerpc)
target=linux-ppc
;;
linux-powerpc64)
target=linux-ppc64
;;
linux-powerpc64le)
target=linux-ppc64le
;;
linux-riscv32)
target=linux-generic32
;;
linux-riscv64)
target=linux-generic64
;;
linux-sparc | linux-supersparc)
target=linux-sparcv9
;;
esac

useprefix=${prefix}
if [ "x$useprefix" = "x" ]; then
useprefix=/
fi
# WARNING: do not set compiler/linker flags (-I/-D etc.) in
EXTRA_OECONF, as they will fully replace the
# environment variables set by bitbake. Adjust the environment
variables instead.
HASHBANGPERL="/usr/bin/env perl" PERL=perl
PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \
perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS}
--prefix=$useprefix --openssldir=${libdir}/ssl-1.0 --libdir=${libdir}
$target
perl ${B}/configdata.pm --dump
}

do_install () {
oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install

oe_multilib_header openssl/opensslconf.h

# Create SSL structure for packages such as ca-certificates which
# contain hard-coded paths to /etc/ssl. Debian does the same.
install -d ${D}${sysconfdir}/ssl
mv ${D}${libdir}/ssl-1.0/certs \
   ${D}${libdir}/ssl-1.0/private \
   ${D}${libdir}/ssl-1.0/openssl.cnf \
   ${D}${sysconfdir}/ssl/

# Although absolute symlinks would be OK for the target, they become
# invalid if native or nativesdk are relocated from sstate.
ln -sf ${@oe.path.relative('${libdir}/ssl-1.0',
'${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-1.0/certs
ln -sf ${@oe.path.relative('${libdir}/ssl-1.0',
'${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-1.0/private
ln -sf ${@oe.path.relative('${libdir}/ssl-1.0',
'${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-1.0/openssl.cnf
}

do_install_append_class-native () {
create_wrapper ${D}${bindir}/openssl \
    OPENSSL_CONF=${libdir}/ssl-1.0/openssl.cnf \
    SSL_CERT_DIR=${libdir}/ssl-1.0/certs \
    SSL_CERT_FILE=${libdir}/ssl-1.0/cert.pem \
    OPENSSL_ENGINES=${libdir}/engines-1.0
}

do_install_append_class-nativesdk () {
mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
install -m 644 ${WORKDIR}/environment.d-openssl.sh
${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
sed 's|/usr/lib/ssl/|/usr/lib/ssl-1.0/|g' -i
${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
}

PTEST_BUILD_HOST_FILES += "configdata.pm"
PTEST_BUILD_HOST_PATTERN = "perl_version ="
do_install_ptest () {
# Prune the build tree
rm -f ${B}/fuzz/*.* ${B}/test/*.*

cp ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH}
cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util
${D}${PTEST_PATH}

# For test_shlibload
ln -s ${libdir}/libcrypto.so.1.0 ${D}${PTEST_PATH}/
ln -s ${libdir}/libssl.so.1.0 ${D}${PTEST_PATH}/

install -d ${D}${PTEST_PATH}/apps
ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps
install -m644 ${S}/apps/*.pem ${S}/apps/*.srl ${S}/apps/openssl.cnf
${D}${PTEST_PATH}/apps
install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps

install -d ${D}${PTEST_PATH}/engines
install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines
}

# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
# package RRECOMMENDS on this package. This will enable the configuration
# file to be installed for both the openssl-bin package and the libcrypto
# package since the openssl-bin package depends on the libcrypto package.

PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc"

FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
FILES_libssl = "${libdir}/libssl${SOLIBS}"
FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf \
                      ${libdir}/ssl-1.0/openssl.cnf* \
                      "
FILES_${PN}-engines = "${libdir}/engines-1.0"
FILES_${PN}-misc = "${libdir}/ssl-1.0/misc"
FILES_${PN} =+ "${libdir}/ssl-1.0/*"
FILES_${PN}_append_class-nativesdk = "
${SDKPATHNATIVE}/environment-setup.d/openssl.sh"

CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"

RRECOMMENDS_libcrypto += "openssl-conf"
RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash"

RDEPENDS_${PN}-bin += "openssl-conf"

BBCLASSEXTEND = "native nativesdk"

CVE_PRODUCT = "openssl:openssl"

# Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37
# Apache in meta-webserver is already recent enough
CVE_CHECK_WHITELIST += "CVE-2019-0190"


I understand that I need to figure out the configs yourself, but I get
this error when executing the

bitbake openssl-native

ERROR: Execution of
'/home/ivr/work/yocto_orig/build/tmp/work/x86_64-linux/openssl-native/1.0.2j-r0/temp/run.do_configure.1071458'
failed with exit code 2:
| unable to read opensslv.h:No such file or directory
| Configuring for linux-x86_64
|     no-devcryptoeng [option]   OPENSSL_NO_DEVCRYPTOENG (skip dir)
|     no-ec_nistp_64_gcc_128 [default]  OPENSSL_NO_EC_NISTP_64_GCC_128
(skip dir)
|     no-gmp          [default]  OPENSSL_NO_GMP (skip dir)
|     no-jpake        [experimental] OPENSSL_NO_JPAKE (skip dir)
|     no-krb5         [krb5-flavor not specified] OPENSSL_NO_KRB5
|     no-libunbound   [experimental] OPENSSL_NO_LIBUNBOUND (skip dir)
|     no-md2          [default]  OPENSSL_NO_MD2 (skip dir)
|     no-rc5          [default]  OPENSSL_NO_RC5 (skip dir)
|     no-rfc3779      [default]  OPENSSL_NO_RFC3779 (skip dir)
|     no-sctp         [default]  OPENSSL_NO_SCTP (skip dir)
|     no-shared       [default]
|     no-ssl-trace    [default]  OPENSSL_NO_SSL_TRACE (skip dir)
|     no-ssl2         [default]  OPENSSL_NO_SSL2 (skip dir)
|     no-store        [experimental] OPENSSL_NO_STORE (skip dir)
|     no-unit-test    [default]  OPENSSL_NO_UNIT_TEST (skip dir)
|     no-weak-ssl-ciphers [default]  OPENSSL_NO_WEAK_SSL_CIPHERS (skip dir)
|     no-zlib         [default]
|     no-zlib-dynamic [default]
| IsMK1MF=0
| WARNING: exit code 2 from a shell command.
|

As far as I can understand, the opensslv.h file is generated just at
the configuration stage, why does the configuration stage give an
error of the absence of this file?




downgrade openssl libraryes

Ivan Riabtsov <ivriabtsov@...>
 

hello i am trying to rollback openssl version from 1.1.1i to 1.0.2j.
Copied the recipe openssl_1.1.1i.bb to openssl_1.0.2j.bb, saved the
openssl_1.1.1i.bb version with the name openssl_1.1.1i.bb.backup

Отредактировал новый файл, вот разница в файлах:

diff -Nau ./openssl_1.1.1i.bb.backup ./openssl_1.0.2j.bb
--- ./openssl_1.1.1i.bb.backup 2021-08-27 14:46:07.085808702 +0300
+++ ./openssl_1.0.2j.bb 2021-08-27 16:12:14.216430734 +0300
@@ -7,23 +7,19 @@
# "openssl" here actually means both OpenSSL and SSLeay licenses apply
# (see meta/files/common-licenses/OpenSSL to which "openssl" is
SPDXLICENSEMAPped)
LICENSE = "openssl"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=d343e62fc9c833710bbbed25f27364c8"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6"

DEPENDS = "hostperl-runtime-native"

SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
file://run-ptest \
- file://0001-skip-test_symbol_presence.patch \
- file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
\
- file://afalg.patch \
- file://reproducible.patch \
"

SRC_URI_append_class-nativesdk = " \
file://environment.d-openssl.sh \
"

-SRC_URI[sha256sum] =
"e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242"
+SRC_URI[sha256sum] =
"e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431"

inherit lib_package multilib_header multilib_script ptest
MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
@@ -122,7 +118,7 @@
# WARNING: do not set compiler/linker flags (-I/-D etc.) in
EXTRA_OECONF, as they will fully replace the
# environment variables set by bitbake. Adjust the environment
variables instead.
HASHBANGPERL="/usr/bin/env perl" PERL=perl
PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \
- perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS}
--prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir}
$target
+ perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS}
--prefix=$useprefix --openssldir=${libdir}/ssl-1.0 --libdir=${libdir}
$target
perl ${B}/configdata.pm --dump
}

@@ -134,30 +130,30 @@
# Create SSL structure for packages such as ca-certificates which
# contain hard-coded paths to /etc/ssl. Debian does the same.
install -d ${D}${sysconfdir}/ssl
- mv ${D}${libdir}/ssl-1.1/certs \
- ${D}${libdir}/ssl-1.1/private \
- ${D}${libdir}/ssl-1.1/openssl.cnf \
+ mv ${D}${libdir}/ssl-1.0/certs \
+ ${D}${libdir}/ssl-1.0/private \
+ ${D}${libdir}/ssl-1.0/openssl.cnf \
${D}${sysconfdir}/ssl/

# Although absolute symlinks would be OK for the target, they become
# invalid if native or nativesdk are relocated from sstate.
- ln -sf ${@oe.path.relative('${libdir}/ssl-1.1',
'${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-1.1/certs
- ln -sf ${@oe.path.relative('${libdir}/ssl-1.1',
'${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-1.1/private
- ln -sf ${@oe.path.relative('${libdir}/ssl-1.1',
'${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-1.1/openssl.cnf
+ ln -sf ${@oe.path.relative('${libdir}/ssl-1.0',
'${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-1.0/certs
+ ln -sf ${@oe.path.relative('${libdir}/ssl-1.0',
'${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-1.0/private
+ ln -sf ${@oe.path.relative('${libdir}/ssl-1.0',
'${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-1.0/openssl.cnf
}

do_install_append_class-native () {
create_wrapper ${D}${bindir}/openssl \
- OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \
- SSL_CERT_DIR=${libdir}/ssl-1.1/certs \
- SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \
- OPENSSL_ENGINES=${libdir}/engines-1.1
+ OPENSSL_CONF=${libdir}/ssl-1.0/openssl.cnf \
+ SSL_CERT_DIR=${libdir}/ssl-1.0/certs \
+ SSL_CERT_FILE=${libdir}/ssl-1.0/cert.pem \
+ OPENSSL_ENGINES=${libdir}/engines-1.0
}

do_install_append_class-nativesdk () {
mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
install -m 644 ${WORKDIR}/environment.d-openssl.sh
${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
- sed 's|/usr/lib/ssl/|/usr/lib/ssl-1.1/|g' -i
${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
+ sed 's|/usr/lib/ssl/|/usr/lib/ssl-1.0/|g' -i
${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
}

PTEST_BUILD_HOST_FILES += "configdata.pm"
@@ -170,8 +166,8 @@
cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util
${B}/util ${D}${PTEST_PATH}

# For test_shlibload
- ln -s ${libdir}/libcrypto.so.1.1 ${D}${PTEST_PATH}/
- ln -s ${libdir}/libssl.so.1.1 ${D}${PTEST_PATH}/
+ ln -s ${libdir}/libcrypto.so.1.0 ${D}${PTEST_PATH}/
+ ln -s ${libdir}/libssl.so.1.0 ${D}${PTEST_PATH}/

install -d ${D}${PTEST_PATH}/apps
ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps
@@ -192,11 +188,11 @@
FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
FILES_libssl = "${libdir}/libssl${SOLIBS}"
FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf \
- ${libdir}/ssl-1.1/openssl.cnf* \
+ ${libdir}/ssl-1.0/openssl.cnf* \
"
-FILES_${PN}-engines = "${libdir}/engines-1.1"
-FILES_${PN}-misc = "${libdir}/ssl-1.1/misc"
-FILES_${PN} =+ "${libdir}/ssl-1.1/*"
+FILES_${PN}-engines = "${libdir}/engines-1.0"
+FILES_${PN}-misc = "${libdir}/ssl-1.0/misc"
+FILES_${PN} =+ "${libdir}/ssl-1.0/*"
FILES_${PN}_append_class-nativesdk = "
${SDKPATHNATIVE}/environment-setup.d/openssl.sh"

CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"


вот новый получившийся файл:


cat openssl_1.0.2j.bb
SUMMARY = "Secure Socket Layer"
DESCRIPTION = "Secure Socket Layer (SSL) binary and related
cryptographic tools."
HOMEPAGE = "http://www.openssl.org/"
BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
SECTION = "libs/network"

# "openssl" here actually means both OpenSSL and SSLeay licenses apply
# (see meta/files/common-licenses/OpenSSL to which "openssl" is
SPDXLICENSEMAPped)
LICENSE = "openssl"
LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6"

DEPENDS = "hostperl-runtime-native"

SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
file://run-ptest \
"

SRC_URI_append_class-nativesdk = " \
file://environment.d-openssl.sh \
"

SRC_URI[sha256sum] =
"e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431"

inherit lib_package multilib_header multilib_script ptest
MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"

PACKAGECONFIG ?= ""
PACKAGECONFIG_class-native = ""
PACKAGECONFIG_class-nativesdk = ""

PACKAGECONFIG[cryptodev-linux] =
"enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module"

B = "${WORKDIR}/build"
do_configure[cleandirs] = "${B}"

#| ./libcrypto.so: undefined reference to `getcontext'
#| ./libcrypto.so: undefined reference to `setcontext'
#| ./libcrypto.so: undefined reference to `makecontext'
EXTRA_OECONF_append_libc-musl = " no-async"
EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm"

# adding devrandom prevents openssl from using getrandom() which is
not available on older glibc versions
# (native versions can be built with newer glibc, but then relocated
onto a system with older glibc)
EXTRA_OECONF_class-native = "--with-rand-seed=os,devrandom"
EXTRA_OECONF_class-nativesdk = "--with-rand-seed=os,devrandom"

# Relying on hardcoded built-in paths causes openssl-native to not be
relocateable from sstate.
CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin
-DENGINESDIR=/not/builtin"
CFLAGS_append_class-nativesdk = " -DOPENSSLDIR=/not/builtin
-DENGINESDIR=/not/builtin"

do_configure () {
os=${HOST_OS}
case $os in
linux-gnueabi |\
linux-gnuspe |\
linux-musleabi |\
linux-muslspe |\
linux-musl )
os=linux
;;
*)
;;
esac
target="$os-${HOST_ARCH}"
case $target in
linux-arm*)
target=linux-armv4
;;
linux-aarch64*)
target=linux-aarch64
;;
linux-i?86 | linux-viac3)
target=linux-x86
;;
linux-gnux32-x86_64 | linux-muslx32-x86_64 )
target=linux-x32
;;
linux-gnu64-x86_64)
target=linux-x86_64
;;
linux-mips | linux-mipsel)
# specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding
target architecture flags
target="linux-mips32 ${TARGET_CC_ARCH}"
;;
linux-gnun32-mips*)
target=linux-mips64
;;
linux-*-mips64 | linux-mips64 | linux-*-mips64el | linux-mips64el)
target=linux64-mips64
;;
linux-microblaze* | linux-nios2* | linux-sh3 | linux-sh4 | linux-arc*)
target=linux-generic32
;;
linux-powerpc)
target=linux-ppc
;;
linux-powerpc64)
target=linux-ppc64
;;
linux-powerpc64le)
target=linux-ppc64le
;;
linux-riscv32)
target=linux-generic32
;;
linux-riscv64)
target=linux-generic64
;;
linux-sparc | linux-supersparc)
target=linux-sparcv9
;;
esac

useprefix=${prefix}
if [ "x$useprefix" = "x" ]; then
useprefix=/
fi
# WARNING: do not set compiler/linker flags (-I/-D etc.) in
EXTRA_OECONF, as they will fully replace the
# environment variables set by bitbake. Adjust the environment
variables instead.
HASHBANGPERL="/usr/bin/env perl" PERL=perl
PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \
perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS}
--prefix=$useprefix --openssldir=${libdir}/ssl-1.0 --libdir=${libdir}
$target
perl ${B}/configdata.pm --dump
}

do_install () {
oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install

oe_multilib_header openssl/opensslconf.h

# Create SSL structure for packages such as ca-certificates which
# contain hard-coded paths to /etc/ssl. Debian does the same.
install -d ${D}${sysconfdir}/ssl
mv ${D}${libdir}/ssl-1.0/certs \
${D}${libdir}/ssl-1.0/private \
${D}${libdir}/ssl-1.0/openssl.cnf \
${D}${sysconfdir}/ssl/

# Although absolute symlinks would be OK for the target, they become
# invalid if native or nativesdk are relocated from sstate.
ln -sf ${@oe.path.relative('${libdir}/ssl-1.0',
'${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-1.0/certs
ln -sf ${@oe.path.relative('${libdir}/ssl-1.0',
'${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-1.0/private
ln -sf ${@oe.path.relative('${libdir}/ssl-1.0',
'${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-1.0/openssl.cnf
}

do_install_append_class-native () {
create_wrapper ${D}${bindir}/openssl \
OPENSSL_CONF=${libdir}/ssl-1.0/openssl.cnf \
SSL_CERT_DIR=${libdir}/ssl-1.0/certs \
SSL_CERT_FILE=${libdir}/ssl-1.0/cert.pem \
OPENSSL_ENGINES=${libdir}/engines-1.0
}

do_install_append_class-nativesdk () {
mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
install -m 644 ${WORKDIR}/environment.d-openssl.sh
${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
sed 's|/usr/lib/ssl/|/usr/lib/ssl-1.0/|g' -i
${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
}

PTEST_BUILD_HOST_FILES += "configdata.pm"
PTEST_BUILD_HOST_PATTERN = "perl_version ="
do_install_ptest () {
# Prune the build tree
rm -f ${B}/fuzz/*.* ${B}/test/*.*

cp ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH}
cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util
${D}${PTEST_PATH}

# For test_shlibload
ln -s ${libdir}/libcrypto.so.1.0 ${D}${PTEST_PATH}/
ln -s ${libdir}/libssl.so.1.0 ${D}${PTEST_PATH}/

install -d ${D}${PTEST_PATH}/apps
ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps
install -m644 ${S}/apps/*.pem ${S}/apps/*.srl ${S}/apps/openssl.cnf
${D}${PTEST_PATH}/apps
install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps

install -d ${D}${PTEST_PATH}/engines
install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines
}

# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
# package RRECOMMENDS on this package. This will enable the configuration
# file to be installed for both the openssl-bin package and the libcrypto
# package since the openssl-bin package depends on the libcrypto package.

PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc"

FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
FILES_libssl = "${libdir}/libssl${SOLIBS}"
FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf \
${libdir}/ssl-1.0/openssl.cnf* \
"
FILES_${PN}-engines = "${libdir}/engines-1.0"
FILES_${PN}-misc = "${libdir}/ssl-1.0/misc"
FILES_${PN} =+ "${libdir}/ssl-1.0/*"
FILES_${PN}_append_class-nativesdk = "
${SDKPATHNATIVE}/environment-setup.d/openssl.sh"

CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"

RRECOMMENDS_libcrypto += "openssl-conf"
RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash"

RDEPENDS_${PN}-bin += "openssl-conf"

BBCLASSEXTEND = "native nativesdk"

CVE_PRODUCT = "openssl:openssl"

# Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37
# Apache in meta-webserver is already recent enough
CVE_CHECK_WHITELIST += "CVE-2019-0190"


I understand that I need to figure out the configs yourself, but I get
this error when executing the

bitbake openssl-native

ERROR: Execution of
'/home/ivr/work/yocto_orig/build/tmp/work/x86_64-linux/openssl-native/1.0.2j-r0/temp/run.do_configure.1071458'
failed with exit code 2:
| unable to read opensslv.h:No such file or directory
| Configuring for linux-x86_64
| no-devcryptoeng [option] OPENSSL_NO_DEVCRYPTOENG (skip dir)
| no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128
(skip dir)
| no-gmp [default] OPENSSL_NO_GMP (skip dir)
| no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir)
| no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5
| no-libunbound [experimental] OPENSSL_NO_LIBUNBOUND (skip dir)
| no-md2 [default] OPENSSL_NO_MD2 (skip dir)
| no-rc5 [default] OPENSSL_NO_RC5 (skip dir)
| no-rfc3779 [default] OPENSSL_NO_RFC3779 (skip dir)
| no-sctp [default] OPENSSL_NO_SCTP (skip dir)
| no-shared [default]
| no-ssl-trace [default] OPENSSL_NO_SSL_TRACE (skip dir)
| no-ssl2 [default] OPENSSL_NO_SSL2 (skip dir)
| no-store [experimental] OPENSSL_NO_STORE (skip dir)
| no-unit-test [default] OPENSSL_NO_UNIT_TEST (skip dir)
| no-weak-ssl-ciphers [default] OPENSSL_NO_WEAK_SSL_CIPHERS (skip dir)
| no-zlib [default]
| no-zlib-dynamic [default]
| IsMK1MF=0
| WARNING: exit code 2 from a shell command.
|

As far as I can understand, the opensslv.h file is generated just at
the configuration stage, why does the configuration stage give an
error of the absence of this file?


extrausers-bbclass: plaintext password (since shadow update to 4.9)

Matthias Klein
 

Hello,

I am trying to find a working alternative for the old -P option.

Previous:
EXTRA_USERS_PARAMS = "usermod -P toor root;"

The suggestions from this thread don't seem to work: https://lists.openembedded.org/g/openembedded-core/topic/84548199

Current:
hash="$(python3 -c "import crypt; print(crypt.crypt('toor', crypt.METHOD_SHA512))")"
EXTRA_USERS_PARAMS = "usermod -p ${hash} root;"

The hashed password does not seem to be escaped properly in the extrausers-bbclass. The password in the shadow file is missing $ characters.

Is there a way (with the current master branch) to define a password?

Many greetings,
Matthias


Re: kcrash package compile issue

Zoran
 

That means that kwindowsystem did not install all necessary bits.
Oh, I see... It has everything to do with Xwindows systems in X11
Client/Server domain.

kwindoes => KDE desktop.

Apology for the confusion!

Zee
_______



On Mon, Aug 30, 2021 at 2:19 PM Andreas Müller <schnitzeltony@...> wrote:

On Mon, Aug 30, 2021 at 6:46 AM Zoran <zoran.stojsavljevic@...> wrote:

CMake Error in src/CMakeLists.txt:

Imported target "KF5::WindowSystem" includes non-existent path
You somehow mixed Windows and Linux Cmake build systems. Not sure how...

Solution 1: fix on the fly current problem:
You should inspect the file: src/CMakeLists.txt and try to fix Windows
paths to match Linux paths.

Solution 2: delete the current Cmake setup and execute it from scratch:
Error should not happen, since you need to delete the Cmake setup and
do the whole thing from scratch.
1) configure <<===== This step causes you problems!
2) make
3) make install

Zee
_______


On Mon, Aug 30, 2021 at 6:10 AM sateesh m <sateesh0457@...> wrote:

Hi Team,

I am trying to build kcrash package. I got below error.Can anybody know how to fix this please guide me.

ERROR: kcrash-5.85.0-r0 do_configure: Execution of '/home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/temp/run.do_configure.12650' failed with exit code 1:

-- The C compiler identification is GNU 10.2.0

-- The CXX compiler identification is GNU 10.2.0

-- Detecting C compiler ABI info

-- Detecting C compiler ABI info - done

-- Check for working C compiler: /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot-native/usr/bin/riscv64-oe-linux/riscv64-oe-linux-gcc - skipped

-- Detecting C compile features

-- Detecting C compile features - done

-- Detecting CXX compiler ABI info

-- Detecting CXX compiler ABI info - done

-- Check for working CXX compiler: /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot-native/usr/bin/riscv64-oe-linux/riscv64-oe-linux-g++ - skipped

-- Detecting CXX compile features

-- Detecting CXX compile features - done

--



Installing in /usr. Run /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/build/prefix.sh to set the environment for KCrash.

-- Looking for __GLIBC__

-- Looking for __GLIBC__ - found

-- Performing Test _OFFT_IS_64BIT

-- Performing Test _OFFT_IS_64BIT - Success

-- Performing Test HAVE_DATE_TIME

-- Performing Test HAVE_DATE_TIME - Success

-- Performing Test BSYMBOLICFUNCTIONS_AVAILABLE

-- Performing Test BSYMBOLICFUNCTIONS_AVAILABLE - Success

fatal: not a git repository (or any of the parent directories): .git

-- Found X11: /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot/usr/include

-- Looking for XOpenDisplay in /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot/usr/lib/libX11.so;/home/sateesh/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot/usr/lib/libXext.so

-- Looking for XOpenDisplay in /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot/usr/lib/libX11.so;/home/sateesh/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot/usr/lib/libXext.so - found

-- Looking for gethostbyname

-- Looking for gethostbyname - found

-- Looking for connect

-- Looking for connect - found

-- Looking for remove

-- Looking for remove - found

-- Looking for shmat

-- Looking for shmat - found

-- Looking for IceConnectionNumber in ICE

-- Looking for IceConnectionNumber in ICE - found

-- Performing Test COMPILER_HAS_HIDDEN_VISIBILITY

-- Performing Test COMPILER_HAS_HIDDEN_VISIBILITY - Success

-- Performing Test COMPILER_HAS_HIDDEN_INLINE_VISIBILITY

-- Performing Test COMPILER_HAS_HIDDEN_INLINE_VISIBILITY - Success

-- Performing Test COMPILER_HAS_DEPRECATED_ATTR

-- Performing Test COMPILER_HAS_DEPRECATED_ATTR - Success

-- The following features have been enabled:



* Core Pattern Raising, Raising signals to kernel core patterns (iff the pattern is a process). You may wish to not install drkonqi if this can cause a UI conflict.



-- The following OPTIONAL packages have been found:



* X11



-- The following REQUIRED packages have been found:



* ECM (required version >= 5.85.0), Extra CMake Modules., <https://commits.kde.org/extra-cmake-modules>

* Qt5 (required version >= 5.15.0)

* Qt5Core (required version >= 5.15.0)

* KF5CoreAddons (required version >= 5.85.0)

* Qt5Gui (required version >= 5.15.0)

* KF5WindowSystem (required version >= 5.85.0)

* Qt5X11Extras (required version >= 5.15.0)



-- The following features have been disabled:



* QCH, API documentation in QCH format (for e.g. Qt Assistant, Qt Creator & KDevelop)



-- Configuring done

CMake Error in src/CMakeLists.txt:

Imported target "KF5::WindowSystem" includes non-existent path



"/home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kwindowsystem/5.85.0-r0/recipe-sysroot/usr/include"



in its INTERFACE_INCLUDE_DIRECTORIES. Possible reasons include:



* The path was deleted, renamed, or moved to another location.



* An install or uninstall procedure did not complete successfully.



* The installation package was faulty and references files it does not

provide.







CMake Error in src/CMakeLists.txt:

Imported target "KF5::WindowSystem" includes non-existent path



"/home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kwindowsystem/5.85.0-r0/recipe-sysroot/usr/include"



in its INTERFACE_INCLUDE_DIRECTORIES. Possible reasons include:



* The path was deleted, renamed, or moved to another location.



* An install or uninstall procedure did not complete successfully.



* The installation package was faulty and references files it does not

provide.







-- Generating done

CMake Warning:

Manually-specified variables were not used by the project:



BUILD_DESIGNERPLUGIN

LIB_SUFFIX

OE_KF5_PATH_HOST_ROOT

OE_QMAKE_PATH_ARCHDATA

OE_QMAKE_PATH_BINS

OE_QMAKE_PATH_DATA

OE_QMAKE_PATH_DOCS

OE_QMAKE_PATH_EXAMPLES

OE_QMAKE_PATH_HEADERS

OE_QMAKE_PATH_HOST_BINS

OE_QMAKE_PATH_HOST_DATA

OE_QMAKE_PATH_HOST_LIBS

OE_QMAKE_PATH_HOST_PREFIX

OE_QMAKE_PATH_LIBEXECS

OE_QMAKE_PATH_LIBS

OE_QMAKE_PATH_PLUGINS

OE_QMAKE_PATH_PREFIX

OE_QMAKE_PATH_QML

OE_QMAKE_PATH_QT_ARCHDATA

OE_QMAKE_PATH_QT_BINS

OE_QMAKE_PATH_QT_DATA

OE_QMAKE_PATH_QT_DOCS

OE_QMAKE_PATH_QT_EXAMPLES

OE_QMAKE_PATH_QT_HEADERS

OE_QMAKE_PATH_QT_SETTINGS

OE_QMAKE_PATH_QT_TESTS

OE_QMAKE_PATH_QT_TRANSLATIONS

OE_QMAKE_PATH_SETTINGS

OE_QMAKE_PATH_TESTS

OE_QMAKE_PATH_TRANSLATIONS

PYTHON_EXECUTABLE

Python3_EXECUTABLE

Python_EXECUTABLE





CMake Generate step failed. Build files cannot be regenerated correctly.

WARNING: exit code 1 from a shell command.



ERROR: Logfile of failure stored in: /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/temp/log.do_configure.12650

--
1. From version 5.85 I assume you use meta-qt5-extra (not meta-kf5) - right?
2. the important part of the log is:

| CMake Error in src/CMakeLists.txt:
| Imported target "KF5::WindowSystem" includes non-existent path
| "/home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kwindowsystem/5.85.0-r0/recipe-sysroot/usr/include"

That means that kwindowsystem did not install all necessary bits. Do
you have x11 in your DISTRO_FEATURES? If not you should add that.

Hope that helps

Andreas


Re: kcrash package compile issue

Andreas Müller
 

On Mon, Aug 30, 2021 at 6:46 AM Zoran <zoran.stojsavljevic@...> wrote:

CMake Error in src/CMakeLists.txt:

Imported target "KF5::WindowSystem" includes non-existent path
You somehow mixed Windows and Linux Cmake build systems. Not sure how...

Solution 1: fix on the fly current problem:
You should inspect the file: src/CMakeLists.txt and try to fix Windows
paths to match Linux paths.

Solution 2: delete the current Cmake setup and execute it from scratch:
Error should not happen, since you need to delete the Cmake setup and
do the whole thing from scratch.
1) configure <<===== This step causes you problems!
2) make
3) make install

Zee
_______


On Mon, Aug 30, 2021 at 6:10 AM sateesh m <sateesh0457@...> wrote:

Hi Team,

I am trying to build kcrash package. I got below error.Can anybody know how to fix this please guide me.

ERROR: kcrash-5.85.0-r0 do_configure: Execution of '/home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/temp/run.do_configure.12650' failed with exit code 1:

-- The C compiler identification is GNU 10.2.0

-- The CXX compiler identification is GNU 10.2.0

-- Detecting C compiler ABI info

-- Detecting C compiler ABI info - done

-- Check for working C compiler: /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot-native/usr/bin/riscv64-oe-linux/riscv64-oe-linux-gcc - skipped

-- Detecting C compile features

-- Detecting C compile features - done

-- Detecting CXX compiler ABI info

-- Detecting CXX compiler ABI info - done

-- Check for working CXX compiler: /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot-native/usr/bin/riscv64-oe-linux/riscv64-oe-linux-g++ - skipped

-- Detecting CXX compile features

-- Detecting CXX compile features - done

--



Installing in /usr. Run /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/build/prefix.sh to set the environment for KCrash.

-- Looking for __GLIBC__

-- Looking for __GLIBC__ - found

-- Performing Test _OFFT_IS_64BIT

-- Performing Test _OFFT_IS_64BIT - Success

-- Performing Test HAVE_DATE_TIME

-- Performing Test HAVE_DATE_TIME - Success

-- Performing Test BSYMBOLICFUNCTIONS_AVAILABLE

-- Performing Test BSYMBOLICFUNCTIONS_AVAILABLE - Success

fatal: not a git repository (or any of the parent directories): .git

-- Found X11: /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot/usr/include

-- Looking for XOpenDisplay in /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot/usr/lib/libX11.so;/home/sateesh/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot/usr/lib/libXext.so

-- Looking for XOpenDisplay in /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot/usr/lib/libX11.so;/home/sateesh/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/recipe-sysroot/usr/lib/libXext.so - found

-- Looking for gethostbyname

-- Looking for gethostbyname - found

-- Looking for connect

-- Looking for connect - found

-- Looking for remove

-- Looking for remove - found

-- Looking for shmat

-- Looking for shmat - found

-- Looking for IceConnectionNumber in ICE

-- Looking for IceConnectionNumber in ICE - found

-- Performing Test COMPILER_HAS_HIDDEN_VISIBILITY

-- Performing Test COMPILER_HAS_HIDDEN_VISIBILITY - Success

-- Performing Test COMPILER_HAS_HIDDEN_INLINE_VISIBILITY

-- Performing Test COMPILER_HAS_HIDDEN_INLINE_VISIBILITY - Success

-- Performing Test COMPILER_HAS_DEPRECATED_ATTR

-- Performing Test COMPILER_HAS_DEPRECATED_ATTR - Success

-- The following features have been enabled:



* Core Pattern Raising, Raising signals to kernel core patterns (iff the pattern is a process). You may wish to not install drkonqi if this can cause a UI conflict.



-- The following OPTIONAL packages have been found:



* X11



-- The following REQUIRED packages have been found:



* ECM (required version >= 5.85.0), Extra CMake Modules., <https://commits.kde.org/extra-cmake-modules>

* Qt5 (required version >= 5.15.0)

* Qt5Core (required version >= 5.15.0)

* KF5CoreAddons (required version >= 5.85.0)

* Qt5Gui (required version >= 5.15.0)

* KF5WindowSystem (required version >= 5.85.0)

* Qt5X11Extras (required version >= 5.15.0)



-- The following features have been disabled:



* QCH, API documentation in QCH format (for e.g. Qt Assistant, Qt Creator & KDevelop)



-- Configuring done

CMake Error in src/CMakeLists.txt:

Imported target "KF5::WindowSystem" includes non-existent path



"/home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kwindowsystem/5.85.0-r0/recipe-sysroot/usr/include"



in its INTERFACE_INCLUDE_DIRECTORIES. Possible reasons include:



* The path was deleted, renamed, or moved to another location.



* An install or uninstall procedure did not complete successfully.



* The installation package was faulty and references files it does not

provide.







CMake Error in src/CMakeLists.txt:

Imported target "KF5::WindowSystem" includes non-existent path



"/home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kwindowsystem/5.85.0-r0/recipe-sysroot/usr/include"



in its INTERFACE_INCLUDE_DIRECTORIES. Possible reasons include:



* The path was deleted, renamed, or moved to another location.



* An install or uninstall procedure did not complete successfully.



* The installation package was faulty and references files it does not

provide.







-- Generating done

CMake Warning:

Manually-specified variables were not used by the project:



BUILD_DESIGNERPLUGIN

LIB_SUFFIX

OE_KF5_PATH_HOST_ROOT

OE_QMAKE_PATH_ARCHDATA

OE_QMAKE_PATH_BINS

OE_QMAKE_PATH_DATA

OE_QMAKE_PATH_DOCS

OE_QMAKE_PATH_EXAMPLES

OE_QMAKE_PATH_HEADERS

OE_QMAKE_PATH_HOST_BINS

OE_QMAKE_PATH_HOST_DATA

OE_QMAKE_PATH_HOST_LIBS

OE_QMAKE_PATH_HOST_PREFIX

OE_QMAKE_PATH_LIBEXECS

OE_QMAKE_PATH_LIBS

OE_QMAKE_PATH_PLUGINS

OE_QMAKE_PATH_PREFIX

OE_QMAKE_PATH_QML

OE_QMAKE_PATH_QT_ARCHDATA

OE_QMAKE_PATH_QT_BINS

OE_QMAKE_PATH_QT_DATA

OE_QMAKE_PATH_QT_DOCS

OE_QMAKE_PATH_QT_EXAMPLES

OE_QMAKE_PATH_QT_HEADERS

OE_QMAKE_PATH_QT_SETTINGS

OE_QMAKE_PATH_QT_TESTS

OE_QMAKE_PATH_QT_TRANSLATIONS

OE_QMAKE_PATH_SETTINGS

OE_QMAKE_PATH_TESTS

OE_QMAKE_PATH_TRANSLATIONS

PYTHON_EXECUTABLE

Python3_EXECUTABLE

Python_EXECUTABLE





CMake Generate step failed. Build files cannot be regenerated correctly.

WARNING: exit code 1 from a shell command.



ERROR: Logfile of failure stored in: /home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kcrash/5.85.0-r0/temp/log.do_configure.12650

--
1. From version 5.85 I assume you use meta-qt5-extra (not meta-kf5) - right?
2. the important part of the log is:

| CMake Error in src/CMakeLists.txt:
| Imported target "KF5::WindowSystem" includes non-existent path
| "/home/yocto/sources/fu540-build/tmp-glibc/work/riscv64-oe-linux/kwindowsystem/5.85.0-r0/recipe-sysroot/usr/include"

That means that kwindowsystem did not install all necessary bits. Do
you have x11 in your DISTRO_FEATURES? If not you should add that.

Hope that helps

Andreas


How to remove -rpath and -rpath-link from BUILD_LDFLAGS env variable to solve following error: QA Issue: package python3-scipy contains bad RPATH? #python #bitbake

surfinride
 

Hey there. I am building a Boot2Qt image for my Jetson Nano. Yocto release is dunfell. Currently I am trying to build the scipy library release 1.5.3. This is the recipe I am using:
inherit pypi setuptools3

SUMMARY = "SciPy: Scientific Library for Python"
HOMEPAGE = "https://www.scipy.org"
LICENSE = "BSD"
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=8256119827cf2bbe63512d4868075867"

SRC_URI += " file://0001-Allow-passing-flags-via-FARCH-for-mach.patch"
SRC_URI[md5sum] = "ecf5c58e4df1d257abf1634d51cb9205"
SRC_URI[sha256sum] = "ddae76784574cc4c172f3d5edd7308be16078dd3b977e8746860c76c195fa707"

DEPENDS += "${PYTHON_PN}-numpy ${PYTHON_PN}-numpy-native ${PYTHON_PN}-pybind11-native lapack"
RDEPENDS_${PN} += "${PYTHON_PN}-numpy lapack"

CLEANBROKEN = "1"

export LAPACK = "${STAGING_LIBDIR}"
export BLAS = "${STAGING_LIBDIR}"

export F90 = "${TARGET_PREFIX}gfortran"
export FARCH = "${TUNE_CCARGS}"
# Numpy expects the LDSHARED env variable to point to a single
# executable, but OE sets it to include some flags as well. So we split
# the existing LDSHARED variable into the base executable and flags, and
# prepend the flags into LDFLAGS
LDFLAGS_prepend := "${@" ".join(d.getVar('LDSHARED', True).split()[1:])} "
export LDSHARED := "${@d.getVar('LDSHARED', True).split()[0]}"

# Tell Numpy to look in target sysroot site-packages directory for libraries
LDFLAGS_append = " -L${STAGING_LIBDIR}/${PYTHON_DIR}/site-packages/numpy/core/lib"
This recipe fails with the bad RPATH error. Complete error log here.

This is what the Yocto documentation has to say about the bad RPATH error:
-package <packagename> contains bad RPATH <rpath> in file <file> [rpaths]The specified binary produced by the recipe contains dynamic library load paths (rpaths) that contain build system paths such as TMPDIR, which are incorrect for the target and could potentially be a security issue. Check for bad -rpathoptions being passed to the linker in your do_compile log. Depending on the build system used by the software being built, there might be a configure option to disable rpath usage completely within the build of the software.
I looked in the run.do_configure file. This is what the BUILD_LDFLAGS variable is set like:
export BUILD_LDFLAGS="-L/media/dell/ext4_volume/jetson-nano-build-files/tmp/work/aarch64-poky-linux/python3-scipy/1.5.3-r0/recipe-sysroot-native/usr/lib                         -L/media/dell/ext4_volume/jetson-nano-build-files/tmp/work/aarch64-poky-linux/python3-scipy/1.5.3-r0/recipe-sysroot-native/lib                         -Wl,--enable-new-dtags                         -Wl,-rpath-link,/media/dell/ext4_volume/jetson-nano-build-files/tmp/work/aarch64-poky-linux/python3-scipy/1.5.3-r0/recipe-sysroot-native/usr/lib                         -Wl,-rpath-link,/media/dell/ext4_volume/jetson-nano-build-files/tmp/work/aarch64-poky-linux/python3-scipy/1.5.3-r0/recipe-sysroot-native/lib                         -Wl,-rpath,/media/dell/ext4_volume/jetson-nano-build-files/tmp/work/aarch64-poky-linux/python3-scipy/1.5.3-r0/recipe-sysroot-native/usr/lib                         -Wl,-rpath,/media/dell/ext4_volume/jetson-nano-build-files/tmp/work/aarch64-poky-linux/python3-scipy/1.5.3-r0/recipe-sysroot-native/lib                         -Wl,-O1 -Wl,--allow-shlib-undefined -Wl,--dynamic-linker=/media/dell/ext4_volume/jetson-nano-build-files/tmp/sysroots-uninative/x86_64-linux/lib/ld-linux-x86-64.so.2"
So I created a copy of bitbake.conf in my custom layer and set the priority of the layer above the poky/meta/ layer. With this the -rpath and -rpath-link options are removed from the BUILD_LDFLAGS variable. Now if I build the package, the build still fails with the same error.
Running grep on the tmp/work/aarch64-poky-linux/python3-scipy/1.5.3-r0/temp/ showed that -rpath option is still being passed to gcc. Complete log.do_compile here.

Right now I am kind of clueless as to how I should approach debugging this. Would really appreciate any help. Thanks.

2821 - 2840 of 57400