Date   

[meta-zephyr 1/2] conf: machine: add stm32mp157c-dk2 support

Arnaud Pouliquen <arnaud.pouliquen@...>
 

The board is based on STMicroelectronics STM32MP157 processor based on
a dual Cortex-A7 core and a Cortex-M4 core.

STM32MP1 family support depends on STM32 HAL and OpenAMP for
inter-core communication.

This change has been verified with zephyr-philosophers
and zephyr-shell sample applications on by loading Zephyr image
to Cortex-M4 core from Linux using remoteproc framework.

Signed-off-by: Arnaud Pouliquen <arnaud.pouliquen@...>
---
conf/machine/stm32mp157c-dk2.conf | 8 ++++++++
1 file changed, 8 insertions(+)
create mode 100644 conf/machine/stm32mp157c-dk2.conf

diff --git a/conf/machine/stm32mp157c-dk2.conf b/conf/machine/stm32mp157c-dk2.conf
new file mode 100644
index 000000000000..52c18192b2c3
--- /dev/null
+++ b/conf/machine/stm32mp157c-dk2.conf
@@ -0,0 +1,8 @@
+#@TYPE: Machine
+#@NAME: stm32mp1-openamp
+
+#@DESCRIPTION: Machine configuration for stm32mp157x-DK2 Board.
+
+require conf/machine/include/stm32mp1-cortex-m4.inc
+
+ARCH:stm32mp157c-dk2 = "arm"
--
2.17.1


[meta-zephyr 2/2] zephyr-kernel: add openamp-rsc-table sample

Arnaud Pouliquen <arnaud.pouliquen@...>
 

The recipe to build rpmsg sample demonstrating messaging between
main core dunning Linux and and the coprocessor running Zephyr.
Useful to demonstrate inter-processing communication.

Signed-off-by: Arnaud Pouliquen <arnaud.pouliquen@...>
---
.../zephyr-kernel/zephyr-openamp-rsc-table.bb | 10 ++++++++++
1 file changed, 10 insertions(+)
create mode 100644 recipes-kernel/zephyr-kernel/zephyr-openamp-rsc-table.bb

diff --git a/recipes-kernel/zephyr-kernel/zephyr-openamp-rsc-table.bb b/recipes-kernel/zephyr-kernel/zephyr-openamp-rsc-table.bb
new file mode 100644
index 000000000000..3eec58adb17b
--- /dev/null
+++ b/recipes-kernel/zephyr-kernel/zephyr-openamp-rsc-table.bb
@@ -0,0 +1,10 @@
+include zephyr-sample.inc
+
+
+ZEPHYR_MAKE_OUTPUT = "zephyr_openamp_rsc_table.elf"
+ZEPHYR_MAKE_BIN_OUTPUT = "zephyr_openamp_rsc_table.bin"
+ZEPHYR_MAKE_EFI_OUTPUT = "zephyr_openamp_rsc_table.efi"
+
+ZEPHYR_SRC_DIR = "${S}/samples/subsys/ipc/openamp_rsc_table"
+
+COMPATIBLE_MACHINE = "(stm32mp157c-dk2)"
--
2.17.1


[meta-zephyr 0/2] add support of the zephyr-openamp-rsc-table sample on STM32MP157

Arnaud Pouliquen <arnaud.pouliquen@...>
 

Add capability to genereate the "zephyr-openamp-rsc-table" sample in yocto build.

This example demonstrates inter-processor communication based on a resource table,
with the objective of responding to the Linux kernel rpmsg sample.

This sample is compatible with the stm32mp157c_dk2 board.
The support of the board is also added in this series.

Arnaud Pouliquen (2):
conf: machine: add stm32mp157c-dk2 support
zephyr-kernel: add openamp-rsc-table sample

conf/machine/stm32mp157c-dk2.conf | 8 ++++++++
.../zephyr-kernel/zephyr-openamp-rsc-table.bb | 10 ++++++++++
2 files changed, 18 insertions(+)
create mode 100644 conf/machine/stm32mp157c-dk2.conf
create mode 100644 recipes-kernel/zephyr-kernel/zephyr-openamp-rsc-table.bb

--
2.17.1


Re: [meta-security][PATCH] swtpm: update to 0.6.1

Anton Antonov
 

This recipe fails because of the wrong format in "PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls, gnutls, expect bash tpm2-pkcs11-tools"

There should be only four parts in the line separated by commas as defined here https://www.yoctoproject.org/docs/2.4.2/ref-manual/ref-manual.html#var-PACKAGECONFIG

 


Re: [meta-security][PATCH 2/2] swtpm: fix build issues of missing expect

Kristian Klausen <kristian@...>
 

Den Tue, Sep 28, 2021 at 16:39:09 -0700 skrev Armin Kuster:
Signed-off-by: Armin Kuster <akuster808@...>
---
meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb b/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb
index 807c02b..d602ee0 100644
--- a/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb
+++ b/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb
@@ -4,7 +4,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=fe8092c832b71ef20dfe4c6d3decb3a8"
SECTION = "apps"

# coreutils-native and net-tools-native are reportedly only required for the tests
-DEPENDS = "libtasn1 coreutils-native expect socat glib-2.0 net-tools-native libtpm json-glib"
+DEPENDS = "libtasn1 coreutils-native expect socat glib-2.0 net-tools-native libtpm json-glib expect expect-native"
expect is there twice now (+ native). Would expect-native be enough or
do we also need expect?


SRCREV = "98187d24fe14851653a7c46eb16e9c5f0b9beaa1"
SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.6 \
@@ -28,7 +28,7 @@ PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl"
# expect, bash, tpm2-pkcs11-tools (tpm2_ptool), tpmtool and certtool is
# used by swtpm-create-tpmca (the last two is provided by gnutls)
# gnutls is required by: swtpm-create-tpmca, swtpm-localca and swtpm_cert
-PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls, gnutls, expect bash tpm2-pkcs11-tools"
+PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls, gnutls, bash tpm2-pkcs11-tools"
expect is needed as a runtime dependency for swtpm-create-tpmca, but I
added it as a recommended dependency as I don't think all people are
interesting in swtpm-create-tpmca working out-of-the-box.
expect should still be here, no?

PACKAGECONFIG[selinux] = "--with-selinux, --without-selinux, libselinux"
PACKAGECONFIG[cuse] = "--with-cuse, --without-cuse, fuse"
PACKAGECONFIG[seccomp] = "--with-seccomp, --without-seccomp, libseccomp"
--
2.25.1



[meta-rockchip][PATCH 3/3] nanopi-m4: add common override

Trevor Woerner
 

Add a common override for both nanopi-m4 MACHINEs.

Signed-off-by: Trevor Woerner <twoerner@...>
---
conf/machine/include/nanopi-m4.inc | 3 +++
1 file changed, 3 insertions(+)

diff --git a/conf/machine/include/nanopi-m4.inc b/conf/machine/include/nanopi-m4.inc
index b8e1db1..aaf07a3 100644
--- a/conf/machine/include/nanopi-m4.inc
+++ b/conf/machine/include/nanopi-m4.inc
@@ -1,6 +1,9 @@
# Copyright (C) 2021 Blade SAS
# Common definitions for all NanoPi M4 RK3399 board variants

+# add a common override for all nanopi-m4
+MACHINEOVERRIDES =. "nanopi-m4:"
+
require conf/machine/include/rk3399.inc

MACHINE_FEATURES += "usbhost serial"
--
2.30.0.rc0


[meta-rockchip][PATCH 2/3] include/nanopi-m4: remove KMACHINE

Trevor Woerner
 

There is no "nanopi-m4" defined in any yocto kernel metadata (yet?), therefore
remove this superfluous line.

Build (core-image-base) and run tested (both systemd and sysvinit) on:
- nanopi-m4

Signed-off-by: Trevor Woerner <twoerner@...>
---
conf/machine/include/nanopi-m4.inc | 1 -
1 file changed, 1 deletion(-)

diff --git a/conf/machine/include/nanopi-m4.inc b/conf/machine/include/nanopi-m4.inc
index 3870b51..b8e1db1 100644
--- a/conf/machine/include/nanopi-m4.inc
+++ b/conf/machine/include/nanopi-m4.inc
@@ -5,5 +5,4 @@ require conf/machine/include/rk3399.inc

MACHINE_FEATURES += "usbhost serial"

-KMACHINE = "nanopi-m4"
KERNEL_DEVICETREE = "rockchip/rk3399-nanopi-m4.dtb"
--
2.30.0.rc0


[meta-rockchip][PATCH 1/3] linux-yocto: remove mmc aliases

Trevor Woerner
 

Now that we're booting via UUID, we no longer need these aliases in the DT.
Personally I wasn't able to prove to myself that they actually worked (at
least not with 5.13.y) and fiddling with these aliases didn't seem to affect
the mmc probe order on boot. Additionally it looks like some of these aliases
will be landing upstream shortly.

Build (core-image-base) and run tested (both systemd and sysvinit) on:
- rock64
- rock-pi-e

(i.e. the two rk3328 MACHINEs)

Signed-off-by: Trevor Woerner <twoerner@...>
---
...an-dtsi-rk3328-add-mmc0-mmc1-aliases.patch | 27 -------------------
recipes-kernel/linux/linux-yocto%.bbappend | 3 ---
2 files changed, 30 deletions(-)
delete mode 100644 recipes-kernel/linux/files/0001-ayufan-dtsi-rk3328-add-mmc0-mmc1-aliases.patch

diff --git a/recipes-kernel/linux/files/0001-ayufan-dtsi-rk3328-add-mmc0-mmc1-aliases.patch b/recipes-kernel/linux/files/0001-ayufan-dtsi-rk3328-add-mmc0-mmc1-aliases.patch
deleted file mode 100644
index 1ad3b9e..0000000
--- a/recipes-kernel/linux/files/0001-ayufan-dtsi-rk3328-add-mmc0-mmc1-aliases.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From f10cfe01f753348d346374008b8e8f5f26ed94ab Mon Sep 17 00:00:00 2001
-From: Kamil Trzcinski <ayufan@...>
-Date: Mon, 28 Aug 2017 11:24:37 +0200
-Subject: [PATCH] ayufan: dtsi: rk3328: add mmc0/mmc1 aliases
-Upstream-Status: Pending [https://github.com/ayufan-rock64/linux-mainline-kernel/commit/f10cfe01f753348d346374008b8e8f5f26ed94ab]
-
-Change-Id: I82a5394df8a505f7d1496393621c1198895c88b0
----
- arch/arm64/boot/dts/rockchip/rk3328.dtsi | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/arch/arm64/boot/dts/rockchip/rk3328.dtsi b/arch/arm64/boot/dts/rockchip/rk3328.dtsi
-index 0afed15bc7ff..800f1c796882 100644
---- a/arch/arm64/boot/dts/rockchip/rk3328.dtsi
-+++ b/arch/arm64/boot/dts/rockchip/rk3328.dtsi
-@@ -27,6 +27,8 @@
- i2c1 = &i2c1;
- i2c2 = &i2c2;
- i2c3 = &i2c3;
-+ mmc0 = &emmc;
-+ mmc1 = &sdmmc;
- ethernet0 = &gmac2io;
- ethernet1 = &gmac2phy;
- };
---
-2.30.2
-
diff --git a/recipes-kernel/linux/linux-yocto%.bbappend b/recipes-kernel/linux/linux-yocto%.bbappend
index cf63a30..470dc09 100644
--- a/recipes-kernel/linux/linux-yocto%.bbappend
+++ b/recipes-kernel/linux/linux-yocto%.bbappend
@@ -12,6 +12,3 @@ COMPATIBLE_MACHINE:rock64 = "rock64"
COMPATIBLE_MACHINE:rock-pi-e = "rock-pi-e"

FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
-
-# indeed applicable to all rk3328 boards
-SRC_URI:append:rock64 = " file://0001-ayufan-dtsi-rk3328-add-mmc0-mmc1-aliases.patch"
--
2.30.0.rc0


Re: Enabling tk for Python tkinter module

Tim Orling
 



On Tue, Sep 28, 2021 at 2:58 PM Chris Tapp <opensource@...> wrote:
I am trying to get PySimpleGUI running on an RPi4 using meta-raspberrypi with hardknott.

I have created a recipe for PySimpleGUI and added the following to my local.conf:

PACKAGECONFIG_pn-python3 = “tk”
IMAGE_INSTALL_append = " python3 python3-modules python3-pysimplegui tk"

However, the tkinter module fails to load, reporting “No module named _tkinter”, with a note above saying that Python may not be configured for Tk.

Looking on the target, /usr/lib/libtk.8.so is present.

It looks as if there is something else I need to do to get Python to build correctly, but I’m out of ideas ;-)

You need to add “tk” to the package config for python3

Add the following to your distro|site|local.conf (or a python3_%.bbappend)

PACKAGECONFIG:append:pn-python3 = “ tk”

( replace : with _ if you are on old release that doesn’t support the new override syntax)

(This assumes you have meta-oe in your bblayers.conf so you can build tk, which it sounds like you do)

This is because the _tkinter .so built by python3 is dynamically loaded only if present 
—Tim “moto-timo” Orling


I’ve found a few bits on the internet that seem related, but they haven’t helped me get things going:
 https://www.mail-archive.com/yocto@.../msg18232.html
 https://www.yoctoproject.org/pipermail/yocto/2014-July/020547.html

Any pointers on where to look would be appreciated.

--

Chris Tapp
opensource@...
www.keylevel.com





[meta-security][PATCH 2/2] swtpm: fix build issues of missing expect

Armin Kuster
 

Signed-off-by: Armin Kuster <akuster808@...>
---
meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb b/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb
index 807c02b..d602ee0 100644
--- a/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb
+++ b/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb
@@ -4,7 +4,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=fe8092c832b71ef20dfe4c6d3decb3a8"
SECTION = "apps"

# coreutils-native and net-tools-native are reportedly only required for the tests
-DEPENDS = "libtasn1 coreutils-native expect socat glib-2.0 net-tools-native libtpm json-glib"
+DEPENDS = "libtasn1 coreutils-native expect socat glib-2.0 net-tools-native libtpm json-glib expect expect-native"

SRCREV = "98187d24fe14851653a7c46eb16e9c5f0b9beaa1"
SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.6 \
@@ -28,7 +28,7 @@ PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl"
# expect, bash, tpm2-pkcs11-tools (tpm2_ptool), tpmtool and certtool is
# used by swtpm-create-tpmca (the last two is provided by gnutls)
# gnutls is required by: swtpm-create-tpmca, swtpm-localca and swtpm_cert
-PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls, gnutls, expect bash tpm2-pkcs11-tools"
+PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls, gnutls, bash tpm2-pkcs11-tools"
PACKAGECONFIG[selinux] = "--with-selinux, --without-selinux, libselinux"
PACKAGECONFIG[cuse] = "--with-cuse, --without-cuse, fuse"
PACKAGECONFIG[seccomp] = "--with-seccomp, --without-seccomp, libseccomp"
--
2.25.1


[meta-security][PATCH 1/2] swtpm: update to 0.6.1

Armin Kuster
 

From: "Kristian Klausen via lists.yoctoproject.org" <kristian=klausen.dk@...>

swtpm no longer depends on Python[1] so the dependencies have been
removed.

"inherit perlnative" has been added due to (in oe-core):
deda455b3c ("bitbake.conf: drop pod2man from hosttools")

Some leftover dependencies have also been removed, ex: tpm-tools
required in the past by swtpm_setup.sh (<0.4.0)[2].

[1] https://github.com/stefanberger/swtpm/issues/437
[2] https://github.com/stefanberger/swtpm/commit/eee8cb5dfb13f87140dddda38f65bf61aff19508

Signed-off-by: Kristian Klausen <kristian@...>
Signed-off-by: Armin Kuster <akuster808@...>
---
.../swtpm/swtpm-wrappers-native.bb | 12 ++++------
.../swtpm/{swtpm_0.5.2.bb => swtpm_0.6.1.bb} | 23 ++++++++-----------
2 files changed, 14 insertions(+), 21 deletions(-)
rename meta-tpm/recipes-tpm/swtpm/{swtpm_0.5.2.bb => swtpm_0.6.1.bb} (72%)

diff --git a/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb b/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb
index 644f3ac..bb93374 100644
--- a/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb
+++ b/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb
@@ -1,6 +1,6 @@
SUMMARY = "SWTPM - OpenEmbedded wrapper scripts for native swtpm tools"
LICENSE = "MIT"
-DEPENDS = "swtpm-native tpm-tools-native net-tools-native"
+DEPENDS = "swtpm-native"

inherit native

@@ -14,23 +14,19 @@ do_create_wrapper () {
for i in `find ${bindir} ${base_bindir} ${sbindir} ${base_sbindir} -name 'swtpm*' -perm /+x -type f`; do
exe=`basename $i`
case $exe in
- swtpm_setup.sh)
+ swtpm_setup)
cat >${WORKDIR}/swtpm_setup_oe.sh <<EOF
#! /bin/sh
#
-# Wrapper around swtpm_setup.sh which adds parameters required to
+# Wrapper around swtpm_setup which adds parameters required to
# run the setup as non-root directly from the native sysroot.

PATH="${bindir}:${base_bindir}:${sbindir}:${base_sbindir}:\$PATH"
export PATH

-# tcsd only allows to be run as root or tss. Pretend to be root...
-exec env ${FAKEROOTENV} ${FAKEROOTCMD} swtpm_setup.sh --config ${STAGING_DIR_NATIVE}/etc/swtpm_setup.conf "\$@"
+exec swtpm_setup --config ${STAGING_DIR_NATIVE}/etc/swtpm_setup.conf "\$@"
EOF
;;
- swtpm_setup)
- true
- ;;
*)
cat >${WORKDIR}/${exe}_oe.sh <<EOF
#! /bin/sh
diff --git a/meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb b/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb
similarity index 72%
rename from meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb
rename to meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb
index 912e939..807c02b 100644
--- a/meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb
+++ b/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb
@@ -3,14 +3,11 @@ LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=fe8092c832b71ef20dfe4c6d3decb3a8"
SECTION = "apps"

-DEPENDS = "libtasn1 coreutils-native expect socat glib-2.0 net-tools-native libtpm libtpm-native"
+# coreutils-native and net-tools-native are reportedly only required for the tests
+DEPENDS = "libtasn1 coreutils-native expect socat glib-2.0 net-tools-native libtpm json-glib"

-# configure checks for the tools already during compilation and
-# then swtpm_setup needs them at runtime
-DEPENDS:append = " tpm-tools-native expect-native socat-native python3-pip-native python3-cryptography-native"
-
-SRCREV = "e59c0c1a7b4c8d652dbb280fd6126895a7057464"
-SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.5 \
+SRCREV = "98187d24fe14851653a7c46eb16e9c5f0b9beaa1"
+SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.6 \
file://ioctl_h.patch \
file://oe_configure.patch \
"
@@ -19,7 +16,7 @@ PE = "1"
S = "${WORKDIR}/git"

PARALLEL_MAKE = ""
-inherit autotools pkgconfig python3native
+inherit autotools pkgconfig perlnative

TSS_USER="tss"
TSS_GROUP="tss"
@@ -28,7 +25,10 @@ PACKAGECONFIG ?= "openssl"
PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}"
PACKAGECONFIG += "${@bb.utils.contains('BBFILE_COLLECTIONS', 'filesystems-layer', 'cuse', '', d)}"
PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl"
-PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls"
+# expect, bash, tpm2-pkcs11-tools (tpm2_ptool), tpmtool and certtool is
+# used by swtpm-create-tpmca (the last two is provided by gnutls)
+# gnutls is required by: swtpm-create-tpmca, swtpm-localca and swtpm_cert
+PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls, gnutls, expect bash tpm2-pkcs11-tools"
PACKAGECONFIG[selinux] = "--with-selinux, --without-selinux, libselinux"
PACKAGECONFIG[cuse] = "--with-cuse, --without-cuse, fuse"
PACKAGECONFIG[seccomp] = "--with-seccomp, --without-seccomp, libseccomp"
@@ -41,14 +41,11 @@ USERADD_PARAM:${PN} = "--system -g ${TSS_GROUP} --home-dir \
--no-create-home --shell /bin/false ${BPN}"


-PACKAGES =+ "${PN}-python"
-FILES:${PN}-python = "${PYTHON_SITEPACKAGES_DIR}"
-
PACKAGE_BEFORE_PN = "${PN}-cuse"
FILES:${PN}-cuse = "${bindir}/swtpm_cuse"

INSANE_SKIP:${PN} += "dev-so"

-RDEPENDS:${PN} = "libtpm expect socat bash tpm-tools python3 python3-cryptography python3-twisted"
+RDEPENDS:${PN} = "libtpm"

BBCLASSEXTEND = "native nativesdk"
--
2.25.1


Re: [meta-security][PATCH] dmverity: Make use of DATA_BLOCK_SIZE variable in initrdscript.

Armin Kuster
 

merged.

On 9/23/21 8:45 AM, Paulo Neves wrote:
From: Christer Fletcher <christer.fletcher@...>

DATA_BLOCK_SIZE variable was set in dm-verity-img.bbclass at build
time but the initrdscript was not updated to pass the DATA_BLOCK_SIZE
to the veritysetup. Now the functionality is complete.

Signed-off-by: Paulo Neves <paulo.neves1@...>
---
recipes-core/initrdscripts/initramfs-framework-dm/dmverity | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/recipes-core/initrdscripts/initramfs-framework-dm/dmverity b/recipes-core/initrdscripts/initramfs-framework-dm/dmverity
index 888052c..c815940 100644
--- a/recipes-core/initrdscripts/initramfs-framework-dm/dmverity
+++ b/recipes-core/initrdscripts/initramfs-framework-dm/dmverity
@@ -6,6 +6,7 @@ dmverity_enabled() {

dmverity_run() {
DATA_SIZE="__not_set__"
+ DATA_BLOCK_SIZE="__not_set__"
ROOT_HASH="__not_set__"

. /usr/share/misc/dm-verity.env
@@ -49,7 +50,7 @@ dmverity_run() {
done

veritysetup \
- --data-block-size=1024 \
+ --data-block-size=${DATA_BLOCK_SIZE} \
--hash-offset=${DATA_SIZE} \
create rootfs \
${RDEV} \



Re: [meta-security][PATCH] Upgrade parsec-service 0.8.1 and parsec-tool 0.4.0

Armin Kuster
 

merged.

On 9/27/21 12:57 PM, Anton Antonov wrote:
Signed-off-by: Anton Antonov <Anton.Antonov@...>
---
.../parsec-service/files/cryptoki.patch | 18 --
.../parsec-service/parsec-service_0.7.0.inc | 147 -----------
...rvice_0.7.0.bb => parsec-service_0.8.1.bb} | 15 +-
.../parsec-service/parsec-service_0.8.1.inc | 246 ++++++++++++++++++
.../parsec-tool/parsec-tool_0.3.0.inc | 127 ---------
...sec-tool_0.3.0.bb => parsec-tool_0.4.0.bb} | 3 +
.../parsec-tool/parsec-tool_0.4.0.inc | 216 +++++++++++++++
7 files changed, 477 insertions(+), 295 deletions(-)
delete mode 100644 meta-parsec/recipes-parsec/parsec-service/files/cryptoki.patch
delete mode 100644 meta-parsec/recipes-parsec/parsec-service/parsec-service_0.7.0.inc
rename meta-parsec/recipes-parsec/parsec-service/{parsec-service_0.7.0.bb => parsec-service_0.8.1.bb} (77%)
create mode 100644 meta-parsec/recipes-parsec/parsec-service/parsec-service_0.8.1.inc
delete mode 100644 meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.3.0.inc
rename meta-parsec/recipes-parsec/parsec-tool/{parsec-tool_0.3.0.bb => parsec-tool_0.4.0.bb} (75%)
create mode 100644 meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.4.0.inc

diff --git a/meta-parsec/recipes-parsec/parsec-service/files/cryptoki.patch b/meta-parsec/recipes-parsec/parsec-service/files/cryptoki.patch
deleted file mode 100644
index c234479..0000000
--- a/meta-parsec/recipes-parsec/parsec-service/files/cryptoki.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-
-Use cryptoki v0.1.1 which supports the "generate-bindings" feature
-required for building Parsec service 0.7.0 in Yocto.
-
-Signed-off-by: Anton Antonov <Anton.Antonov@...>
-Upstream-Status: Submitted
-
---- a/Cargo.toml 2021-04-01 10:29:50.333687763 +0100
-+++ b/Cargo.toml 2021-04-01 10:27:13.051860002 +0100
-@@ -37,7 +37,7 @@
- version = "1.3.1"
-
- [dependencies.cryptoki]
--version = "0.1.0"
-+version = "0.1.1"
- features = ["psa-crypto-conversions"]
- optional = true
-
diff --git a/meta-parsec/recipes-parsec/parsec-service/parsec-service_0.7.0.inc b/meta-parsec/recipes-parsec/parsec-service/parsec-service_0.7.0.inc
deleted file mode 100644
index 59a47f9..0000000
--- a/meta-parsec/recipes-parsec/parsec-service/parsec-service_0.7.0.inc
+++ /dev/null
@@ -1,147 +0,0 @@
-# This file is created from parsec-service repository Cargo.lock using cargo-bitbake tool
-
-SRC_URI += " \
- crate://crates.io/aho-corasick/0.7.15 \
- crate://crates.io/ansi_term/0.11.0 \
- crate://crates.io/anyhow/1.0.38 \
- crate://crates.io/atty/0.2.14 \
- crate://crates.io/autocfg/1.0.1 \
- crate://crates.io/base64/0.12.3 \
- crate://crates.io/base64/0.13.0 \
- crate://crates.io/bincode/1.3.2 \
- crate://crates.io/bindgen/0.56.0 \
- crate://crates.io/bindgen/0.57.0 \
- crate://crates.io/bitfield/0.13.2 \
- crate://crates.io/bitflags/1.2.1 \
- crate://crates.io/byteorder/1.3.4 \
- crate://crates.io/bytes/0.5.6 \
- crate://crates.io/bytes/1.0.1 \
- crate://crates.io/cc/1.0.67 \
- crate://crates.io/cexpr/0.4.0 \
- crate://crates.io/cfg-if/1.0.0 \
- crate://crates.io/clang-sys/1.1.1 \
- crate://crates.io/clap/2.33.3 \
- crate://crates.io/cmake/0.1.45 \
- crate://crates.io/cryptoauthlib-sys/0.1.0 \
- crate://crates.io/cryptoki-sys/0.1.1 \
- crate://crates.io/cryptoki/0.1.1 \
- crate://crates.io/derivative/2.2.0 \
- crate://crates.io/either/1.6.1 \
- crate://crates.io/enumflags2/0.6.4 \
- crate://crates.io/enumflags2_derive/0.6.4 \
- crate://crates.io/env_logger/0.8.3 \
- crate://crates.io/fixedbitset/0.2.0 \
- crate://crates.io/getrandom/0.2.2 \
- crate://crates.io/glob/0.3.0 \
- crate://crates.io/hashbrown/0.9.1 \
- crate://crates.io/heck/0.3.2 \
- crate://crates.io/hermit-abi/0.1.18 \
- crate://crates.io/hex/0.4.3 \
- crate://crates.io/hostname-validator/1.0.0 \
- crate://crates.io/humantime/2.1.0 \
- crate://crates.io/indexmap/1.6.2 \
- crate://crates.io/itertools/0.8.2 \
- crate://crates.io/itertools/0.9.0 \
- crate://crates.io/lazy_static/1.4.0 \
- crate://crates.io/lazycell/1.3.0 \
- crate://crates.io/libc/0.2.89 \
- crate://crates.io/libloading/0.7.0 \
- crate://crates.io/log/0.4.14 \
- crate://crates.io/mbox/0.5.0 \
- crate://crates.io/memchr/2.3.4 \
- crate://crates.io/multimap/0.8.3 \
- crate://crates.io/nom/5.1.2 \
- crate://crates.io/num-bigint/0.3.2 \
- crate://crates.io/num-complex/0.3.1 \
- crate://crates.io/num-derive/0.3.3 \
- crate://crates.io/num-integer/0.1.44 \
- crate://crates.io/num-iter/0.1.42 \
- crate://crates.io/num-rational/0.3.2 \
- crate://crates.io/num-traits/0.2.14 \
- crate://crates.io/num/0.3.1 \
- crate://crates.io/num_cpus/1.13.0 \
- crate://crates.io/oid/0.1.1 \
- crate://crates.io/parsec-interface/0.24.0 \
- crate://crates.io/peeking_take_while/0.1.2 \
- crate://crates.io/petgraph/0.5.1 \
- crate://crates.io/picky-asn1-der/0.2.4 \
- crate://crates.io/picky-asn1-x509/0.4.0 \
- crate://crates.io/picky-asn1/0.3.1 \
- crate://crates.io/pkg-config/0.3.19 \
- crate://crates.io/ppv-lite86/0.2.10 \
- crate://crates.io/proc-macro-error-attr/1.0.4 \
- crate://crates.io/proc-macro-error/1.0.4 \
- crate://crates.io/proc-macro2/1.0.24 \
- crate://crates.io/prost-build/0.6.1 \
- crate://crates.io/prost-build/0.7.0 \
- crate://crates.io/prost-derive/0.6.1 \
- crate://crates.io/prost-derive/0.7.0 \
- crate://crates.io/prost-types/0.6.1 \
- crate://crates.io/prost-types/0.7.0 \
- crate://crates.io/prost/0.6.1 \
- crate://crates.io/prost/0.7.0 \
- crate://crates.io/psa-crypto-sys/0.8.0 \
- crate://crates.io/psa-crypto/0.8.0 \
- crate://crates.io/quote/1.0.9 \
- crate://crates.io/rand/0.8.3 \
- crate://crates.io/rand_chacha/0.3.0 \
- crate://crates.io/rand_core/0.6.2 \
- crate://crates.io/rand_hc/0.3.0 \
- crate://crates.io/redox_syscall/0.2.5 \
- crate://crates.io/regex-syntax/0.6.23 \
- crate://crates.io/regex/1.4.5 \
- crate://crates.io/remove_dir_all/0.5.3 \
- crate://crates.io/rust-cryptoauthlib/0.1.0 \
- crate://crates.io/rustc-hash/1.1.0 \
- crate://crates.io/rustc_version/0.2.3 \
- crate://crates.io/same-file/1.0.6 \
- crate://crates.io/sd-notify/0.2.0 \
- crate://crates.io/secrecy/0.7.0 \
- crate://crates.io/semver-parser/0.7.0 \
- crate://crates.io/semver/0.9.0 \
- crate://crates.io/serde/1.0.124 \
- crate://crates.io/serde_bytes/0.11.5 \
- crate://crates.io/serde_derive/1.0.124 \
- crate://crates.io/shlex/0.1.1 \
- crate://crates.io/signal-hook-registry/1.3.0 \
- crate://crates.io/signal-hook/0.3.7 \
- crate://crates.io/stable_deref_trait/1.2.0 \
- crate://crates.io/strsim/0.8.0 \
- crate://crates.io/structopt-derive/0.4.14 \
- crate://crates.io/structopt/0.3.21 \
- crate://crates.io/strum_macros/0.19.4 \
- crate://crates.io/syn/1.0.64 \
- crate://crates.io/synstructure/0.12.4 \
- crate://crates.io/tempfile/3.2.0 \
- crate://crates.io/termcolor/1.1.2 \
- crate://crates.io/textwrap/0.11.0 \
- crate://crates.io/thiserror-impl/1.0.24 \
- crate://crates.io/thiserror/1.0.24 \
- crate://crates.io/threadpool/1.8.1 \
- crate://crates.io/toml/0.5.8 \
- crate://crates.io/tss-esapi-sys/0.1.0 \
- crate://crates.io/tss-esapi/5.0.0 \
- crate://crates.io/unicode-segmentation/1.7.1 \
- crate://crates.io/unicode-width/0.1.8 \
- crate://crates.io/unicode-xid/0.2.1 \
- crate://crates.io/users/0.11.0 \
- crate://crates.io/uuid/0.8.2 \
- crate://crates.io/vec_map/0.8.2 \
- crate://crates.io/version/3.0.0 \
- crate://crates.io/version_check/0.9.3 \
- crate://crates.io/walkdir/2.3.1 \
- crate://crates.io/wasi/0.10.2+wasi-snapshot-preview1 \
- crate://crates.io/which/3.1.1 \
- crate://crates.io/which/4.0.2 \
- crate://crates.io/winapi-i686-pc-windows-gnu/0.4.0 \
- crate://crates.io/winapi-util/0.1.5 \
- crate://crates.io/winapi-x86_64-pc-windows-gnu/0.4.0 \
- crate://crates.io/winapi/0.3.9 \
- crate://crates.io/zeroize/1.2.0 \
- crate://crates.io/zeroize_derive/1.0.1 \
- file://cryptoki.patch \
-"
-
-LIC_FILES_CHKSUM = " \
- file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57 \
-"
diff --git a/meta-parsec/recipes-parsec/parsec-service/parsec-service_0.7.0.bb b/meta-parsec/recipes-parsec/parsec-service/parsec-service_0.8.1.bb
similarity index 77%
rename from meta-parsec/recipes-parsec/parsec-service/parsec-service_0.7.0.bb
rename to meta-parsec/recipes-parsec/parsec-service/parsec-service_0.8.1.bb
index 5f7a99b..b8bfa98 100644
--- a/meta-parsec/recipes-parsec/parsec-service/parsec-service_0.7.0.bb
+++ b/meta-parsec/recipes-parsec/parsec-service/parsec-service_0.8.1.bb
@@ -10,9 +10,18 @@ SRC_URI += "crate://crates.io/parsec-service/${PV} \
file://parsec-tmpfiles.conf \
"

-DEPENDS = "tpm2-tss clang-native"
-
-CARGO_BUILD_FLAGS += " --features all-providers,cryptoki/generate-bindings,tss-esapi/generate-bindings"
+DEPENDS = "clang-native"
+
+PACKAGECONFIG ??= "TPM PKCS11 MBED-CRYPTO CRYPTOAUTHLIB"
+PACKAGECONFIG[ALL] = "all-providers,,tpm2-tss libts,libts"
+PACKAGECONFIG[TPM] = "tpm-provider,,tpm2-tss"
+PACKAGECONFIG[PKCS11] = "pkcs11-provider,"
+PACKAGECONFIG[MBED-CRYPTO] = "mbed-crypto-provider,"
+PACKAGECONFIG[CRYPTOAUTHLIB] = "cryptoauthlib-provider,"
+PACKAGECONFIG[TS] = "trusted-service-provider,,libts,libts"
+
+PARSEC_PROVIDERS = "${@d.getVar('PACKAGECONFIG_CONFARGS',True).replace(' ', ',')}"
+CARGO_BUILD_FLAGS += " --features ${PARSEC_PROVIDERS},cryptoki/generate-bindings,tss-esapi/generate-bindings"

inherit systemd
SYSTEMD_SERVICE:${PN} = "parsec.service"
diff --git a/meta-parsec/recipes-parsec/parsec-service/parsec-service_0.8.1.inc b/meta-parsec/recipes-parsec/parsec-service/parsec-service_0.8.1.inc
new file mode 100644
index 0000000..fd88e87
--- /dev/null
+++ b/meta-parsec/recipes-parsec/parsec-service/parsec-service_0.8.1.inc
@@ -0,0 +1,246 @@
+# This file is created from parsec-service repository Cargo.lock using cargo-bitbake tool
+
+SRC_URI += " \
+ crate://crates.io/addr2line/0.15.2 \
+ crate://crates.io/adler/1.0.2 \
+ crate://crates.io/aho-corasick/0.7.15 \
+ crate://crates.io/ansi_term/0.11.0 \
+ crate://crates.io/anyhow/1.0.41 \
+ crate://crates.io/arrayvec/0.5.2 \
+ crate://crates.io/atty/0.2.14 \
+ crate://crates.io/autocfg/1.0.1 \
+ crate://crates.io/backtrace/0.3.59 \
+ crate://crates.io/base64/0.12.3 \
+ crate://crates.io/base64/0.13.0 \
+ crate://crates.io/bincode/1.3.3 \
+ crate://crates.io/bindgen/0.56.0 \
+ crate://crates.io/bindgen/0.57.0 \
+ crate://crates.io/bitfield/0.13.2 \
+ crate://crates.io/bitflags/1.2.1 \
+ crate://crates.io/bitvec/0.19.5 \
+ crate://crates.io/boringssl-src/0.3.0+688fc5c \
+ crate://crates.io/bumpalo/3.7.0 \
+ crate://crates.io/bytes/0.5.6 \
+ crate://crates.io/bytes/1.0.1 \
+ crate://crates.io/cc/1.0.68 \
+ crate://crates.io/cexpr/0.4.0 \
+ crate://crates.io/cfg-if/1.0.0 \
+ crate://crates.io/chrono/0.4.19 \
+ crate://crates.io/clang-sys/1.2.0 \
+ crate://crates.io/clap/2.33.3 \
+ crate://crates.io/cmake/0.1.45 \
+ crate://crates.io/const-oid/0.6.0 \
+ crate://crates.io/cryptoauthlib-sys/0.2.0 \
+ crate://crates.io/cryptoki-sys/0.1.2 \
+ crate://crates.io/cryptoki/0.2.0 \
+ crate://crates.io/data-encoding/2.3.2 \
+ crate://crates.io/der-oid-macro/0.4.0 \
+ crate://crates.io/der-parser/5.1.0 \
+ crate://crates.io/der/0.4.0 \
+ crate://crates.io/derivative/2.2.0 \
+ crate://crates.io/either/1.6.1 \
+ crate://crates.io/enumflags2/0.6.4 \
+ crate://crates.io/enumflags2_derive/0.6.4 \
+ crate://crates.io/env_logger/0.8.4 \
+ crate://crates.io/failure/0.1.8 \
+ crate://crates.io/failure_derive/0.1.8 \
+ crate://crates.io/fixedbitset/0.2.0 \
+ crate://crates.io/form_urlencoded/1.0.1 \
+ crate://crates.io/funty/1.1.0 \
+ crate://crates.io/futures-channel/0.3.15 \
+ crate://crates.io/futures-core/0.3.15 \
+ crate://crates.io/futures-executor/0.3.15 \
+ crate://crates.io/futures-io/0.3.15 \
+ crate://crates.io/futures-macro/0.3.15 \
+ crate://crates.io/futures-sink/0.3.15 \
+ crate://crates.io/futures-task/0.3.15 \
+ crate://crates.io/futures-util/0.3.15 \
+ crate://crates.io/futures/0.3.15 \
+ crate://crates.io/generic-array/0.14.4 \
+ crate://crates.io/getrandom/0.2.3 \
+ crate://crates.io/gimli/0.24.0 \
+ crate://crates.io/glob/0.3.0 \
+ crate://crates.io/grpcio-compiler/0.7.0 \
+ crate://crates.io/grpcio-sys/0.9.0+1.38.0 \
+ crate://crates.io/grpcio/0.9.0 \
+ crate://crates.io/hamming/0.1.3 \
+ crate://crates.io/hashbrown/0.9.1 \
+ crate://crates.io/heck/0.3.3 \
+ crate://crates.io/hermit-abi/0.1.18 \
+ crate://crates.io/hex/0.4.3 \
+ crate://crates.io/hostname-validator/1.1.0 \
+ crate://crates.io/humantime/2.1.0 \
+ crate://crates.io/idna/0.2.3 \
+ crate://crates.io/indexmap/1.6.2 \
+ crate://crates.io/instant/0.1.9 \
+ crate://crates.io/itertools/0.8.2 \
+ crate://crates.io/itertools/0.9.0 \
+ crate://crates.io/itoa/0.4.7 \
+ crate://crates.io/js-sys/0.3.51 \
+ crate://crates.io/jsonwebkey/0.3.2 \
+ crate://crates.io/jsonwebtoken/7.2.0 \
+ crate://crates.io/lazy_static/1.4.0 \
+ crate://crates.io/lazycell/1.3.0 \
+ crate://crates.io/lexical-core/0.7.6 \
+ crate://crates.io/libc/0.2.97 \
+ crate://crates.io/libloading/0.7.0 \
+ crate://crates.io/libz-sys/1.1.3 \
+ crate://crates.io/lock_api/0.4.4 \
+ crate://crates.io/log/0.4.14 \
+ crate://crates.io/matches/0.1.8 \
+ crate://crates.io/mbox/0.5.0 \
+ crate://crates.io/memchr/2.3.4 \
+ crate://crates.io/miniz_oxide/0.4.4 \
+ crate://crates.io/multimap/0.8.3 \
+ crate://crates.io/nom/5.1.2 \
+ crate://crates.io/nom/6.2.0 \
+ crate://crates.io/num-bigint/0.2.6 \
+ crate://crates.io/num-bigint/0.3.2 \
+ crate://crates.io/num-bigint/0.4.0 \
+ crate://crates.io/num-complex/0.3.1 \
+ crate://crates.io/num-derive/0.3.3 \
+ crate://crates.io/num-integer/0.1.44 \
+ crate://crates.io/num-iter/0.1.42 \
+ crate://crates.io/num-rational/0.3.2 \
+ crate://crates.io/num-traits/0.2.14 \
+ crate://crates.io/num/0.3.1 \
+ crate://crates.io/num_cpus/1.13.0 \
+ crate://crates.io/object/0.24.0 \
+ crate://crates.io/oid-registry/0.1.3 \
+ crate://crates.io/oid/0.1.1 \
+ crate://crates.io/once_cell/1.8.0 \
+ crate://crates.io/parking_lot/0.11.1 \
+ crate://crates.io/parking_lot_core/0.8.3 \
+ crate://crates.io/parsec-interface/0.25.0 \
+ crate://crates.io/peeking_take_while/0.1.2 \
+ crate://crates.io/pem/0.8.3 \
+ crate://crates.io/percent-encoding/2.1.0 \
+ crate://crates.io/petgraph/0.5.1 \
+ crate://crates.io/picky-asn1-der/0.2.4 \
+ crate://crates.io/picky-asn1-x509/0.4.0 \
+ crate://crates.io/picky-asn1/0.3.1 \
+ crate://crates.io/pin-project-lite/0.2.6 \
+ crate://crates.io/pin-utils/0.1.0 \
+ crate://crates.io/pkcs8/0.7.0 \
+ crate://crates.io/pkg-config/0.3.19 \
+ crate://crates.io/ppv-lite86/0.2.10 \
+ crate://crates.io/primal-bit/0.3.0 \
+ crate://crates.io/primal-check/0.3.1 \
+ crate://crates.io/primal-estimate/0.3.1 \
+ crate://crates.io/primal-sieve/0.3.1 \
+ crate://crates.io/primal/0.3.0 \
+ crate://crates.io/proc-macro-error-attr/1.0.4 \
+ crate://crates.io/proc-macro-error/1.0.4 \
+ crate://crates.io/proc-macro-hack/0.5.19 \
+ crate://crates.io/proc-macro-nested/0.1.7 \
+ crate://crates.io/proc-macro2/1.0.27 \
+ crate://crates.io/prost-build/0.7.0 \
+ crate://crates.io/prost-derive/0.6.1 \
+ crate://crates.io/prost-derive/0.7.0 \
+ crate://crates.io/prost-types/0.7.0 \
+ crate://crates.io/prost/0.6.1 \
+ crate://crates.io/prost/0.7.0 \
+ crate://crates.io/protobuf-codegen/2.24.1 \
+ crate://crates.io/protobuf/2.24.1 \
+ crate://crates.io/protoc-grpcio/3.0.0 \
+ crate://crates.io/protoc/2.24.1 \
+ crate://crates.io/psa-crypto-sys/0.9.0 \
+ crate://crates.io/psa-crypto/0.9.0 \
+ crate://crates.io/quote/1.0.9 \
+ crate://crates.io/radium/0.5.3 \
+ crate://crates.io/rand/0.8.4 \
+ crate://crates.io/rand_chacha/0.3.1 \
+ crate://crates.io/rand_core/0.6.3 \
+ crate://crates.io/rand_hc/0.3.1 \
+ crate://crates.io/redox_syscall/0.2.9 \
+ crate://crates.io/regex-syntax/0.6.25 \
+ crate://crates.io/regex/1.4.6 \
+ crate://crates.io/remove_dir_all/0.5.3 \
+ crate://crates.io/ring/0.16.20 \
+ crate://crates.io/rust-cryptoauthlib/0.4.0 \
+ crate://crates.io/rustc-demangle/0.1.20 \
+ crate://crates.io/rustc-hash/1.1.0 \
+ crate://crates.io/rustc_version/0.2.3 \
+ crate://crates.io/rusticata-macros/3.0.1 \
+ crate://crates.io/rustversion/1.0.5 \
+ crate://crates.io/ryu/1.0.5 \
+ crate://crates.io/same-file/1.0.6 \
+ crate://crates.io/scopeguard/1.1.0 \
+ crate://crates.io/sd-notify/0.2.0 \
+ crate://crates.io/secrecy/0.7.0 \
+ crate://crates.io/semver-parser/0.7.0 \
+ crate://crates.io/semver/0.9.0 \
+ crate://crates.io/serde/1.0.126 \
+ crate://crates.io/serde_bytes/0.11.5 \
+ crate://crates.io/serde_derive/1.0.126 \
+ crate://crates.io/serde_json/1.0.64 \
+ crate://crates.io/shlex/0.1.1 \
+ crate://crates.io/signal-hook-registry/1.4.0 \
+ crate://crates.io/signal-hook/0.3.9 \
+ crate://crates.io/simple_asn1/0.4.1 \
+ crate://crates.io/simple_asn1/0.5.3 \
+ crate://crates.io/slab/0.4.3 \
+ crate://crates.io/smallvec/1.6.1 \
+ crate://crates.io/spiffe/0.1.1 \
+ crate://crates.io/spin/0.5.2 \
+ crate://crates.io/spki/0.4.0 \
+ crate://crates.io/stable_deref_trait/1.2.0 \
+ crate://crates.io/static_assertions/1.1.0 \
+ crate://crates.io/strsim/0.8.0 \
+ crate://crates.io/structopt-derive/0.4.14 \
+ crate://crates.io/structopt/0.3.21 \
+ crate://crates.io/strum_macros/0.19.4 \
+ crate://crates.io/syn/1.0.73 \
+ crate://crates.io/synstructure/0.12.4 \
+ crate://crates.io/tap/1.0.1 \
+ crate://crates.io/target-lexicon/0.12.0 \
+ crate://crates.io/tempfile/3.2.0 \
+ crate://crates.io/termcolor/1.1.2 \
+ crate://crates.io/textwrap/0.11.0 \
+ crate://crates.io/thiserror-impl/1.0.25 \
+ crate://crates.io/thiserror/1.0.25 \
+ crate://crates.io/threadpool/1.8.1 \
+ crate://crates.io/time/0.1.44 \
+ crate://crates.io/tinyvec/1.2.0 \
+ crate://crates.io/tinyvec_macros/0.1.0 \
+ crate://crates.io/toml/0.5.8 \
+ crate://crates.io/tss-esapi-sys/0.2.0 \
+ crate://crates.io/tss-esapi/7.0.0-alpha.1 \
+ crate://crates.io/typenum/1.13.0 \
+ crate://crates.io/unicode-bidi/0.3.5 \
+ crate://crates.io/unicode-normalization/0.1.19 \
+ crate://crates.io/unicode-segmentation/1.7.1 \
+ crate://crates.io/unicode-width/0.1.8 \
+ crate://crates.io/unicode-xid/0.2.2 \
+ crate://crates.io/untrusted/0.7.1 \
+ crate://crates.io/url/2.2.2 \
+ crate://crates.io/users/0.11.0 \
+ crate://crates.io/uuid/0.8.2 \
+ crate://crates.io/vcpkg/0.2.15 \
+ crate://crates.io/vec_map/0.8.2 \
+ crate://crates.io/version/3.0.0 \
+ crate://crates.io/version_check/0.9.3 \
+ crate://crates.io/walkdir/2.3.2 \
+ crate://crates.io/wasi/0.10.0+wasi-snapshot-preview1 \
+ crate://crates.io/wasm-bindgen-backend/0.2.74 \
+ crate://crates.io/wasm-bindgen-macro-support/0.2.74 \
+ crate://crates.io/wasm-bindgen-macro/0.2.74 \
+ crate://crates.io/wasm-bindgen-shared/0.2.74 \
+ crate://crates.io/wasm-bindgen/0.2.74 \
+ crate://crates.io/web-sys/0.3.51 \
+ crate://crates.io/which/3.1.1 \
+ crate://crates.io/which/4.1.0 \
+ crate://crates.io/winapi-i686-pc-windows-gnu/0.4.0 \
+ crate://crates.io/winapi-util/0.1.5 \
+ crate://crates.io/winapi-x86_64-pc-windows-gnu/0.4.0 \
+ crate://crates.io/winapi/0.3.9 \
+ crate://crates.io/wyz/0.2.0 \
+ crate://crates.io/x509-parser/0.9.2 \
+ crate://crates.io/yasna/0.3.2 \
+ crate://crates.io/zeroize/1.3.0 \
+ crate://crates.io/zeroize_derive/1.1.0 \
+"
+
+LIC_FILES_CHKSUM = " \
+ file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57 \
+"
diff --git a/meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.3.0.inc b/meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.3.0.inc
deleted file mode 100644
index 9560dcf..0000000
--- a/meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.3.0.inc
+++ /dev/null
@@ -1,127 +0,0 @@
-# This file is created from parsec-tool repository Cargo.lock using cargo-bitbake tool
-
-SRC_URI += " \
- crate://crates.io/aho-corasick/0.7.15 \
- crate://crates.io/ansi_term/0.11.0 \
- crate://crates.io/ansi_term/0.12.1 \
- crate://crates.io/anyhow/1.0.38 \
- crate://crates.io/atty/0.2.14 \
- crate://crates.io/autocfg/1.0.1 \
- crate://crates.io/base64/0.13.0 \
- crate://crates.io/bincode/1.3.1 \
- crate://crates.io/bitflags/1.2.1 \
- crate://crates.io/block-buffer/0.9.0 \
- crate://crates.io/byteorder/1.4.2 \
- crate://crates.io/bytes/0.5.6 \
- crate://crates.io/cc/1.0.66 \
- crate://crates.io/cfg-if/1.0.0 \
- crate://crates.io/clap/2.33.3 \
- crate://crates.io/clap/3.0.0-beta.2 \
- crate://crates.io/clap_derive/3.0.0-beta.2 \
- crate://crates.io/cmake/0.1.45 \
- crate://crates.io/cpuid-bool/0.1.2 \
- crate://crates.io/derivative/2.2.0 \
- crate://crates.io/digest/0.9.0 \
- crate://crates.io/either/1.6.1 \
- crate://crates.io/env_logger/0.8.3 \
- crate://crates.io/fixedbitset/0.2.0 \
- crate://crates.io/form_urlencoded/1.0.0 \
- crate://crates.io/generic-array/0.14.4 \
- crate://crates.io/getrandom/0.2.2 \
- crate://crates.io/hashbrown/0.9.1 \
- crate://crates.io/heck/0.3.2 \
- crate://crates.io/hermit-abi/0.1.18 \
- crate://crates.io/humantime/2.1.0 \
- crate://crates.io/idna/0.2.1 \
- crate://crates.io/indexmap/1.6.1 \
- crate://crates.io/itertools/0.8.2 \
- crate://crates.io/lazy_static/1.4.0 \
- crate://crates.io/libc/0.2.86 \
- crate://crates.io/log/0.4.14 \
- crate://crates.io/matches/0.1.8 \
- crate://crates.io/memchr/2.3.4 \
- crate://crates.io/multimap/0.8.2 \
- crate://crates.io/num-bigint/0.3.1 \
- crate://crates.io/num-complex/0.3.1 \
- crate://crates.io/num-derive/0.3.3 \
- crate://crates.io/num-integer/0.1.44 \
- crate://crates.io/num-iter/0.1.42 \
- crate://crates.io/num-rational/0.3.2 \
- crate://crates.io/num-traits/0.2.14 \
- crate://crates.io/num/0.3.1 \
- crate://crates.io/oid/0.1.1 \
- crate://crates.io/once_cell/1.5.2 \
- crate://crates.io/opaque-debug/0.3.0 \
- crate://crates.io/os_str_bytes/2.4.0 \
- crate://crates.io/parsec-client/0.12.0 \
- crate://crates.io/parsec-interface/0.24.0 \
- crate://crates.io/pem/0.8.3 \
- crate://crates.io/percent-encoding/2.1.0 \
- crate://crates.io/petgraph/0.5.1 \
- crate://crates.io/picky-asn1-der/0.2.4 \
- crate://crates.io/picky-asn1/0.3.1 \
- crate://crates.io/ppv-lite86/0.2.10 \
- crate://crates.io/proc-macro-error-attr/1.0.4 \
- crate://crates.io/proc-macro-error/1.0.4 \
- crate://crates.io/proc-macro2/1.0.24 \
- crate://crates.io/prost-build/0.6.1 \
- crate://crates.io/prost-derive/0.6.1 \
- crate://crates.io/prost-types/0.6.1 \
- crate://crates.io/prost/0.6.1 \
- crate://crates.io/psa-crypto-sys/0.8.0 \
- crate://crates.io/psa-crypto/0.8.0 \
- crate://crates.io/quote/1.0.9 \
- crate://crates.io/rand/0.8.3 \
- crate://crates.io/rand_chacha/0.3.0 \
- crate://crates.io/rand_core/0.6.2 \
- crate://crates.io/rand_hc/0.3.0 \
- crate://crates.io/redox_syscall/0.2.5 \
- crate://crates.io/regex-syntax/0.6.22 \
- crate://crates.io/regex/1.4.3 \
- crate://crates.io/remove_dir_all/0.5.3 \
- crate://crates.io/same-file/1.0.6 \
- crate://crates.io/secrecy/0.7.0 \
- crate://crates.io/serde/1.0.123 \
- crate://crates.io/serde_bytes/0.11.5 \
- crate://crates.io/serde_derive/1.0.123 \
- crate://crates.io/sha2/0.9.3 \
- crate://crates.io/strsim/0.10.0 \
- crate://crates.io/strsim/0.8.0 \
- crate://crates.io/structopt-derive/0.4.14 \
- crate://crates.io/structopt/0.3.21 \
- crate://crates.io/syn/1.0.60 \
- crate://crates.io/synstructure/0.12.4 \
- crate://crates.io/tempfile/3.2.0 \
- crate://crates.io/termcolor/1.1.2 \
- crate://crates.io/textwrap/0.11.0 \
- crate://crates.io/textwrap/0.12.1 \
- crate://crates.io/thiserror-impl/1.0.23 \
- crate://crates.io/thiserror/1.0.23 \
- crate://crates.io/thread_local/1.1.3 \
- crate://crates.io/tinyvec/1.1.1 \
- crate://crates.io/tinyvec_macros/0.1.0 \
- crate://crates.io/typenum/1.12.0 \
- crate://crates.io/unicode-bidi/0.3.4 \
- crate://crates.io/unicode-normalization/0.1.17 \
- crate://crates.io/unicode-segmentation/1.7.1 \
- crate://crates.io/unicode-width/0.1.8 \
- crate://crates.io/unicode-xid/0.2.1 \
- crate://crates.io/url/2.2.0 \
- crate://crates.io/users/0.10.0 \
- crate://crates.io/uuid/0.8.2 \
- crate://crates.io/vec_map/0.8.2 \
- crate://crates.io/version_check/0.9.2 \
- crate://crates.io/walkdir/2.3.1 \
- crate://crates.io/wasi/0.10.2+wasi-snapshot-preview1 \
- crate://crates.io/which/3.1.1 \
- crate://crates.io/winapi-i686-pc-windows-gnu/0.4.0 \
- crate://crates.io/winapi-util/0.1.5 \
- crate://crates.io/winapi-x86_64-pc-windows-gnu/0.4.0 \
- crate://crates.io/winapi/0.3.9 \
- crate://crates.io/zeroize/1.2.0 \
- crate://crates.io/zeroize_derive/1.0.1 \
-"
-
-LIC_FILES_CHKSUM = " \
- file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57 \
-"
diff --git a/meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.3.0.bb b/meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.4.0.bb
similarity index 75%
rename from meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.3.0.bb
rename to meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.4.0.bb
index 881f8d8..4b053b9 100644
--- a/meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.3.0.bb
+++ b/meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.4.0.bb
@@ -7,9 +7,12 @@ inherit cargo
SRC_URI += "crate://crates.io/parsec-tool/${PV} \
"

+RDEPENDS:${PN} = "openssl-bin"
+
do_install() {
install -d ${D}/${bindir}
install -m 755 "${B}/target/${TARGET_SYS}/release/parsec-tool" "${D}${bindir}/parsec-tool"
+ install -m 755 "${S}/tests/parsec-cli-tests.sh" "${D}${bindir}/parsec-cli-tests.sh"
}

require parsec-tool_${PV}.inc
diff --git a/meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.4.0.inc b/meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.4.0.inc
new file mode 100644
index 0000000..e706112
--- /dev/null
+++ b/meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.4.0.inc
@@ -0,0 +1,216 @@
+# This file is created from parsec-tool repository Cargo.lock using cargo-bitbake tool
+
+SRC_URI += " \
+ crate://crates.io/addr2line/0.15.2 \
+ crate://crates.io/adler/1.0.2 \
+ crate://crates.io/aho-corasick/0.7.15 \
+ crate://crates.io/ansi_term/0.11.0 \
+ crate://crates.io/ansi_term/0.12.1 \
+ crate://crates.io/anyhow/1.0.42 \
+ crate://crates.io/arrayvec/0.5.2 \
+ crate://crates.io/atty/0.2.14 \
+ crate://crates.io/autocfg/1.0.1 \
+ crate://crates.io/backtrace/0.3.59 \
+ crate://crates.io/base64/0.12.3 \
+ crate://crates.io/base64/0.13.0 \
+ crate://crates.io/bincode/1.3.3 \
+ crate://crates.io/bindgen/0.57.0 \
+ crate://crates.io/bitflags/1.2.1 \
+ crate://crates.io/bitvec/0.19.5 \
+ crate://crates.io/block-buffer/0.9.0 \
+ crate://crates.io/boringssl-src/0.3.0+688fc5c \
+ crate://crates.io/bumpalo/3.7.0 \
+ crate://crates.io/bytes/0.5.6 \
+ crate://crates.io/cc/1.0.69 \
+ crate://crates.io/cexpr/0.4.0 \
+ crate://crates.io/cfg-if/1.0.0 \
+ crate://crates.io/chrono/0.4.19 \
+ crate://crates.io/clang-sys/1.2.0 \
+ crate://crates.io/clap/2.33.3 \
+ crate://crates.io/clap/3.0.0-beta.2 \
+ crate://crates.io/clap_derive/3.0.0-beta.2 \
+ crate://crates.io/cmake/0.1.45 \
+ crate://crates.io/const-oid/0.6.0 \
+ crate://crates.io/cpufeatures/0.1.5 \
+ crate://crates.io/data-encoding/2.3.2 \
+ crate://crates.io/der-oid-macro/0.4.0 \
+ crate://crates.io/der-parser/5.1.2 \
+ crate://crates.io/der/0.4.0 \
+ crate://crates.io/derivative/2.2.0 \
+ crate://crates.io/digest/0.9.0 \
+ crate://crates.io/either/1.6.1 \
+ crate://crates.io/env_logger/0.8.4 \
+ crate://crates.io/failure/0.1.8 \
+ crate://crates.io/failure_derive/0.1.8 \
+ crate://crates.io/form_urlencoded/1.0.1 \
+ crate://crates.io/funty/1.1.0 \
+ crate://crates.io/futures-channel/0.3.16 \
+ crate://crates.io/futures-core/0.3.16 \
+ crate://crates.io/futures-executor/0.3.16 \
+ crate://crates.io/futures-io/0.3.16 \
+ crate://crates.io/futures-macro/0.3.16 \
+ crate://crates.io/futures-sink/0.3.16 \
+ crate://crates.io/futures-task/0.3.16 \
+ crate://crates.io/futures-util/0.3.16 \
+ crate://crates.io/futures/0.3.16 \
+ crate://crates.io/generic-array/0.14.4 \
+ crate://crates.io/getrandom/0.2.3 \
+ crate://crates.io/gimli/0.24.0 \
+ crate://crates.io/glob/0.3.0 \
+ crate://crates.io/grpcio-compiler/0.7.0 \
+ crate://crates.io/grpcio-sys/0.9.0+1.38.0 \
+ crate://crates.io/grpcio/0.9.0 \
+ crate://crates.io/hashbrown/0.11.2 \
+ crate://crates.io/heck/0.3.3 \
+ crate://crates.io/hermit-abi/0.1.19 \
+ crate://crates.io/humantime/2.1.0 \
+ crate://crates.io/idna/0.2.3 \
+ crate://crates.io/indexmap/1.7.0 \
+ crate://crates.io/instant/0.1.10 \
+ crate://crates.io/itertools/0.8.2 \
+ crate://crates.io/itoa/0.4.7 \
+ crate://crates.io/js-sys/0.3.52 \
+ crate://crates.io/jsonwebkey/0.3.2 \
+ crate://crates.io/jsonwebtoken/7.2.0 \
+ crate://crates.io/lazy_static/1.4.0 \
+ crate://crates.io/lazycell/1.3.0 \
+ crate://crates.io/lexical-core/0.7.6 \
+ crate://crates.io/libc/0.2.102 \
+ crate://crates.io/libloading/0.7.0 \
+ crate://crates.io/libz-sys/1.1.3 \
+ crate://crates.io/lock_api/0.4.4 \
+ crate://crates.io/log/0.4.14 \
+ crate://crates.io/matches/0.1.8 \
+ crate://crates.io/memchr/2.3.4 \
+ crate://crates.io/miniz_oxide/0.4.4 \
+ crate://crates.io/nom/5.1.2 \
+ crate://crates.io/nom/6.2.1 \
+ crate://crates.io/num-bigint/0.2.6 \
+ crate://crates.io/num-bigint/0.3.2 \
+ crate://crates.io/num-bigint/0.4.0 \
+ crate://crates.io/num-complex/0.3.1 \
+ crate://crates.io/num-derive/0.3.3 \
+ crate://crates.io/num-integer/0.1.44 \
+ crate://crates.io/num-iter/0.1.42 \
+ crate://crates.io/num-rational/0.3.2 \
+ crate://crates.io/num-traits/0.2.14 \
+ crate://crates.io/num/0.3.1 \
+ crate://crates.io/object/0.24.0 \
+ crate://crates.io/oid-registry/0.1.5 \
+ crate://crates.io/oid/0.2.1 \
+ crate://crates.io/once_cell/1.8.0 \
+ crate://crates.io/opaque-debug/0.3.0 \
+ crate://crates.io/os_str_bytes/2.4.0 \
+ crate://crates.io/parking_lot/0.11.1 \
+ crate://crates.io/parking_lot_core/0.8.3 \
+ crate://crates.io/parsec-client/0.13.0 \
+ crate://crates.io/parsec-interface/0.25.0 \
+ crate://crates.io/peeking_take_while/0.1.2 \
+ crate://crates.io/pem/0.8.3 \
+ crate://crates.io/percent-encoding/2.1.0 \
+ crate://crates.io/picky-asn1-der/0.2.5 \
+ crate://crates.io/picky-asn1-x509/0.6.1 \
+ crate://crates.io/picky-asn1/0.3.3 \
+ crate://crates.io/pin-project-lite/0.2.7 \
+ crate://crates.io/pin-utils/0.1.0 \
+ crate://crates.io/pkcs8/0.7.5 \
+ crate://crates.io/pkg-config/0.3.19 \
+ crate://crates.io/ppv-lite86/0.2.10 \
+ crate://crates.io/proc-macro-error-attr/1.0.4 \
+ crate://crates.io/proc-macro-error/1.0.4 \
+ crate://crates.io/proc-macro-hack/0.5.19 \
+ crate://crates.io/proc-macro-nested/0.1.7 \
+ crate://crates.io/proc-macro2/1.0.28 \
+ crate://crates.io/prost-derive/0.6.1 \
+ crate://crates.io/prost/0.6.1 \
+ crate://crates.io/protobuf-codegen/2.24.1 \
+ crate://crates.io/protobuf/2.24.1 \
+ crate://crates.io/protoc-grpcio/3.0.0 \
+ crate://crates.io/protoc/2.24.1 \
+ crate://crates.io/psa-crypto-sys/0.9.0 \
+ crate://crates.io/psa-crypto/0.9.0 \
+ crate://crates.io/quote/1.0.9 \
+ crate://crates.io/radium/0.5.3 \
+ crate://crates.io/rand/0.8.4 \
+ crate://crates.io/rand_chacha/0.3.1 \
+ crate://crates.io/rand_core/0.6.3 \
+ crate://crates.io/rand_hc/0.3.1 \
+ crate://crates.io/redox_syscall/0.2.9 \
+ crate://crates.io/regex-syntax/0.6.25 \
+ crate://crates.io/regex/1.4.6 \
+ crate://crates.io/remove_dir_all/0.5.3 \
+ crate://crates.io/ring/0.16.20 \
+ crate://crates.io/rustc-demangle/0.1.20 \
+ crate://crates.io/rustc-hash/1.1.0 \
+ crate://crates.io/rusticata-macros/3.1.0 \
+ crate://crates.io/rustversion/1.0.5 \
+ crate://crates.io/ryu/1.0.5 \
+ crate://crates.io/same-file/1.0.6 \
+ crate://crates.io/scopeguard/1.1.0 \
+ crate://crates.io/secrecy/0.7.0 \
+ crate://crates.io/serde/1.0.127 \
+ crate://crates.io/serde_bytes/0.11.5 \
+ crate://crates.io/serde_derive/1.0.127 \
+ crate://crates.io/serde_json/1.0.66 \
+ crate://crates.io/sha2/0.9.5 \
+ crate://crates.io/shlex/0.1.1 \
+ crate://crates.io/simple_asn1/0.4.1 \
+ crate://crates.io/simple_asn1/0.5.4 \
+ crate://crates.io/slab/0.4.3 \
+ crate://crates.io/smallvec/1.6.1 \
+ crate://crates.io/spiffe/0.1.1 \
+ crate://crates.io/spin/0.5.2 \
+ crate://crates.io/spki/0.4.0 \
+ crate://crates.io/static_assertions/1.1.0 \
+ crate://crates.io/strsim/0.10.0 \
+ crate://crates.io/strsim/0.8.0 \
+ crate://crates.io/structopt-derive/0.4.15 \
+ crate://crates.io/structopt/0.3.22 \
+ crate://crates.io/syn/1.0.74 \
+ crate://crates.io/synstructure/0.12.5 \
+ crate://crates.io/tap/1.0.1 \
+ crate://crates.io/tempfile/3.2.0 \
+ crate://crates.io/termcolor/1.1.2 \
+ crate://crates.io/textwrap/0.11.0 \
+ crate://crates.io/textwrap/0.12.1 \
+ crate://crates.io/thiserror-impl/1.0.26 \
+ crate://crates.io/thiserror/1.0.26 \
+ crate://crates.io/time/0.1.44 \
+ crate://crates.io/tinyvec/1.3.1 \
+ crate://crates.io/tinyvec_macros/0.1.0 \
+ crate://crates.io/typenum/1.13.0 \
+ crate://crates.io/unicode-bidi/0.3.5 \
+ crate://crates.io/unicode-normalization/0.1.19 \
+ crate://crates.io/unicode-segmentation/1.8.0 \
+ crate://crates.io/unicode-width/0.1.8 \
+ crate://crates.io/unicode-xid/0.2.2 \
+ crate://crates.io/untrusted/0.7.1 \
+ crate://crates.io/url/2.2.2 \
+ crate://crates.io/users/0.10.0 \
+ crate://crates.io/uuid/0.8.2 \
+ crate://crates.io/vcpkg/0.2.15 \
+ crate://crates.io/vec_map/0.8.2 \
+ crate://crates.io/version_check/0.9.3 \
+ crate://crates.io/walkdir/2.3.2 \
+ crate://crates.io/wasi/0.10.0+wasi-snapshot-preview1 \
+ crate://crates.io/wasm-bindgen-backend/0.2.75 \
+ crate://crates.io/wasm-bindgen-macro-support/0.2.75 \
+ crate://crates.io/wasm-bindgen-macro/0.2.75 \
+ crate://crates.io/wasm-bindgen-shared/0.2.75 \
+ crate://crates.io/wasm-bindgen/0.2.75 \
+ crate://crates.io/web-sys/0.3.52 \
+ crate://crates.io/which/4.2.2 \
+ crate://crates.io/winapi-i686-pc-windows-gnu/0.4.0 \
+ crate://crates.io/winapi-util/0.1.5 \
+ crate://crates.io/winapi-x86_64-pc-windows-gnu/0.4.0 \
+ crate://crates.io/winapi/0.3.9 \
+ crate://crates.io/wyz/0.2.0 \
+ crate://crates.io/x509-parser/0.9.2 \
+ crate://crates.io/yasna/0.3.2 \
+ crate://crates.io/zeroize/1.3.0 \
+ crate://crates.io/zeroize_derive/1.1.0 \
+"
+
+LIC_FILES_CHKSUM = " \
+ file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57 \
+"



Re: [meta-security][PATCH] libtpm: update to 0.8.7

Armin Kuster
 

merged

On 9/27/21 4:07 AM, Kristian Klausen via lists.yoctoproject.org wrote:
Signed-off-by: Kristian Klausen <kristian@...>
---
.../recipes-tpm/libtpm/{libtpm_0.8.2.bb => libtpm_0.8.7.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta-tpm/recipes-tpm/libtpm/{libtpm_0.8.2.bb => libtpm_0.8.7.bb} (88%)

diff --git a/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.2.bb b/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.7.bb
similarity index 88%
rename from meta-tpm/recipes-tpm/libtpm/libtpm_0.8.2.bb
rename to meta-tpm/recipes-tpm/libtpm/libtpm_0.8.7.bb
index 9784aa1..95ba5c5 100644
--- a/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.2.bb
+++ b/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.7.bb
@@ -2,7 +2,7 @@ SUMMARY = "LIBPM - Software TPM Library"
LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=e73f0786a936da3814896df06ad225a9"

-SRCREV = "f66a719eda0b492ea3ec7852421a9d98db0a0621"
+SRCREV = "f6dd8f55eab4910131ec6a6a570dcd7951bd10e4"
SRC_URI = "git://github.com/stefanberger/libtpms.git;branch=stable-0.8"

PE = "1"



Re: [meta-security][PATCH] clamav: Set clamav:clamav ownership on /var/lib/clamav in do_install

Armin Kuster
 

merged.

On 9/26/21 5:25 AM, Zoltán Böszörményi wrote:
From: Zoltán Böszörményi <zboszor@...>

Also, rearrange the runtime-dependencies a little so
clamav-freshclam is installed later than clamav.

The issue is that clamav-freshclam ships /var/lib/clamav
and the main clamav package uses chown in pkg_postinst to set
the ownership of this directory. But pkg_postinst is not
marked as "ontarget" so this chown only took effect when
upgrading or reinstalling the package.

So when clamav is part of an OS image out of the box, freshclamd
cannot populate this directory since it's running under the clamav
user.

Fix this by creating /var/lib/clamav with the proper ownership
in do_install and rearrange runtime-dependencies, so clamav-freshclam
RDEPENDS on clamav and clamav relaxes its runtime-dependency into
RRECOMMENDS so clamav-freshclam is installed later than clamav,
avoiding these warnings:

Installing : clamav-freshclam-... 487/1954
warning: user clamav does not exist - using root
warning: group clamav does not exist - using root

Signed-off-by: Zoltán Böszörményi <zboszor@...>
---
recipes-scanners/clamav/clamav_0.104.0.bb | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/recipes-scanners/clamav/clamav_0.104.0.bb b/recipes-scanners/clamav/clamav_0.104.0.bb
index 0d3a678..25123dc 100644
--- a/recipes-scanners/clamav/clamav_0.104.0.bb
+++ b/recipes-scanners/clamav/clamav_0.104.0.bb
@@ -54,7 +54,7 @@ export OECMAKE_C_FLAGS += " -I${STAGING_INCDIR} -L ${RECIPE_SYSROOT}${nonarch_li

do_install:append () {
install -d ${D}/${sysconfdir}
- install -d ${D}/${localstatedir}/lib/clamav
+ install -d -o ${CLAMAV_UID} -g ${CLAMAV_GID} ${D}/${localstatedir}/lib/clamav
install -d ${D}${sysconfdir}/clamav ${D}${sysconfdir}/default/volatiles

install -m 644 ${WORKDIR}/clamd.conf ${D}/${prefix}/${sysconfdir}
@@ -83,7 +83,6 @@ pkg_postinst:${PN} () {
elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then
${sysconfdir}/init.d/populate-volatile.sh update
fi
- chown -R ${CLAMAV_UID}:${CLAMAV_GID} ${localstatedir}/lib/clamav
fi
}

@@ -149,5 +148,7 @@ SYSTEMD_PACKAGES = "${PN}-daemon ${PN}-freshclam"
SYSTEMD_SERVICE:${PN}-daemon = "clamav-daemon.service"
SYSTEMD_SERVICE:${PN}-freshclam = "clamav-freshclam.service"

-RDEPENDS:${PN} = "openssl ncurses-libncurses libxml2 libbz2 ncurses-libtinfo curl libpcre2 clamav-freshclam clamav-libclamav"
-RDEPENDS:${PN}-daemon = "clamav"
+RDEPENDS:${PN} = "openssl ncurses-libncurses libxml2 libbz2 ncurses-libtinfo curl libpcre2 clamav-libclamav"
+RRECOMMENDS:${PN} = "clamav-freshclam"
+RDEPENDS:${PN}-freshclam = "clamav"
+RDEPENDS:${PN}-daemon = "clamav clamav-freshclam"


Enabling tk for Python tkinter module

Chris Tapp
 

I am trying to get PySimpleGUI running on an RPi4 using meta-raspberrypi with hardknott.

I have created a recipe for PySimpleGUI and added the following to my local.conf:

PACKAGECONFIG_pn-python3 = “tk”
IMAGE_INSTALL_append = " python3 python3-modules python3-pysimplegui tk"

However, the tkinter module fails to load, reporting “No module named _tkinter”, with a note above saying that Python may not be configured for Tk.

Looking on the target, /usr/lib/libtk.8.so is present.

It looks as if there is something else I need to do to get Python to build correctly, but I’m out of ideas ;-)

I’ve found a few bits on the internet that seem related, but they haven’t helped me get things going:
https://www.mail-archive.com/yocto@yoctoproject.org/msg18232.html
https://www.yoctoproject.org/pipermail/yocto/2014-July/020547.html

Any pointers on where to look would be appreciated.

--

Chris Tapp
opensource@...
www.keylevel.com


Yocto Project Status WW39`21

Stephen Jolley
 

Current Dev Position: YP 3.4 M4

Next Deadline: 4th Oct. 2021 YP 3.4 M4 build

 

Next Team Meetings:

 

Key Status/Updates:

  • YP 3.1.11 was released
  • We replaced the 5.13 kernel with 5.14 for 3.4 since 5.13 was already marked EoL.
  • Changes to do_build task dependencies were merged. Some of these do cause changes in behaviour but in general the behaviour should match what people expect and only some CI setups would need changes. An example would be where an image would have previously built all package backends but now only the image’s format.
  • The invasive pkgconfig-native dependency changes has been deferred to the next release as people felt it was too invasive for 3.4. Meta-oe and OE-Core are fixed ready though.
  • There is an sstate reuse issue where native sstate on aarch64 and x86_64 hosts isn’t generating correct hashes when combined with hash equivalence.
  • Issues with pollution of /tmp with temporary files has been noticed on the autobuilder. Help in cleaning this up would be very welcome.
  • Intermittent issues took a significant rise last week as SWAT caught up with the backlog of issues. Help is very much welcome on these issues. You can see the list of failures we’re continuing to see by searching for the “AB-INT” tag in bugzilla: https://bugzilla.yoctoproject.org/buglist.cgi?quicksearch=AB-INT

 

Ways to contribute:

 

YP 3.4 Milestone Dates:

  • YP 3.4 M4 build date 2021/10/04
  • YP 3.4 M4 Release date 2021/10/29

 

Planned upcoming dot releases:

  • YP 3.1.11 is released

 

Tracking Metrics:

 

The Yocto Project’s technical governance is through its Technical Steering Committee, more information is available at:

https://wiki.yoctoproject.org/wiki/TSC

 

The Status reports are now stored on the wiki at: https://wiki.yoctoproject.org/wiki/Weekly_Status

 

[If anyone has suggestions for other information you’d like to see on this weekly status update, let us know!]

 

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 


Re: [OE-core] Incorrect systemd timer

Manuel Wagesreither
 

Am Di, 28. Sep 2021, um 03:43, schrieb JH:
perhaps use
OnCalendar=*-*-* *:*:00
No, the same result, completely bewildered why the timer does not work
in Yocto Linux
Is the timer unit shadowed by some other timer?

Mind that units can live in
* `/lib/systemd/system/`,
* `/etc/systemd/system/`,
* `/run/systemd/system/`
and there's a priority.

Check here: https://www.freedesktop.org/software/systemd/man/systemd.unit.html

Didn't check, but I guess when you `systemctl status your.timer`, it shows the unit in effect. At least with service unit it does. `systemctl cat your.timer` should do this as well.

Regards, Manuel


Re: [meta-security][PATCH] swtpm: update to 0.6.1

Armin Kuster
 

On 9/27/21 4:39 AM, Kristian Klausen via lists.yoctoproject.org wrote:
swtpm no longer depends on Python[1] so the dependencies have been
removed.

"inherit perlnative" has been added due to (in oe-core):
deda455b3c ("bitbake.conf: drop pod2man from hosttools")

Some leftover dependencies have also been removed, ex: tpm-tools
required in the past by swtpm_setup.sh (<0.4.0)[2].

[1] https://github.com/stefanberger/swtpm/issues/437
[2] https://github.com/stefanberger/swtpm/commit/eee8cb5dfb13f87140dddda38f65bf61aff19508
this is failing on qemux86-64

https://errors.yoctoproject.org/Errors/Build/131312/

Signed-off-by: Kristian Klausen <kristian@...>
---
.../swtpm/swtpm-wrappers-native.bb | 12 ++++------
.../swtpm/{swtpm_0.5.2.bb => swtpm_0.6.1.bb} | 23 ++++++++-----------
2 files changed, 14 insertions(+), 21 deletions(-)
rename meta-tpm/recipes-tpm/swtpm/{swtpm_0.5.2.bb => swtpm_0.6.1.bb} (72%)

diff --git a/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb b/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb
index 644f3ac..bb93374 100644
--- a/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb
+++ b/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb
@@ -1,6 +1,6 @@
SUMMARY = "SWTPM - OpenEmbedded wrapper scripts for native swtpm tools"
LICENSE = "MIT"
-DEPENDS = "swtpm-native tpm-tools-native net-tools-native"
+DEPENDS = "swtpm-native"

inherit native

@@ -14,23 +14,19 @@ do_create_wrapper () {
for i in `find ${bindir} ${base_bindir} ${sbindir} ${base_sbindir} -name 'swtpm*' -perm /+x -type f`; do
exe=`basename $i`
case $exe in
- swtpm_setup.sh)
+ swtpm_setup)
cat >${WORKDIR}/swtpm_setup_oe.sh <<EOF
#! /bin/sh
#
-# Wrapper around swtpm_setup.sh which adds parameters required to
+# Wrapper around swtpm_setup which adds parameters required to
# run the setup as non-root directly from the native sysroot.

PATH="${bindir}:${base_bindir}:${sbindir}:${base_sbindir}:\$PATH"
export PATH

-# tcsd only allows to be run as root or tss. Pretend to be root...
-exec env ${FAKEROOTENV} ${FAKEROOTCMD} swtpm_setup.sh --config ${STAGING_DIR_NATIVE}/etc/swtpm_setup.conf "\$@"
+exec swtpm_setup --config ${STAGING_DIR_NATIVE}/etc/swtpm_setup.conf "\$@"
EOF
;;
- swtpm_setup)
- true
- ;;
*)
cat >${WORKDIR}/${exe}_oe.sh <<EOF
#! /bin/sh
diff --git a/meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb b/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb
similarity index 72%
rename from meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb
rename to meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb
index 912e939..807c02b 100644
--- a/meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb
+++ b/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb
@@ -3,14 +3,11 @@ LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=fe8092c832b71ef20dfe4c6d3decb3a8"
SECTION = "apps"

-DEPENDS = "libtasn1 coreutils-native expect socat glib-2.0 net-tools-native libtpm libtpm-native"
+# coreutils-native and net-tools-native are reportedly only required for the tests
+DEPENDS = "libtasn1 coreutils-native expect socat glib-2.0 net-tools-native libtpm json-glib"

-# configure checks for the tools already during compilation and
-# then swtpm_setup needs them at runtime
-DEPENDS:append = " tpm-tools-native expect-native socat-native python3-pip-native python3-cryptography-native"
-
-SRCREV = "e59c0c1a7b4c8d652dbb280fd6126895a7057464"
-SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.5 \
+SRCREV = "98187d24fe14851653a7c46eb16e9c5f0b9beaa1"
+SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.6 \
file://ioctl_h.patch \
file://oe_configure.patch \
"
@@ -19,7 +16,7 @@ PE = "1"
S = "${WORKDIR}/git"

PARALLEL_MAKE = ""
-inherit autotools pkgconfig python3native
+inherit autotools pkgconfig perlnative

TSS_USER="tss"
TSS_GROUP="tss"
@@ -28,7 +25,10 @@ PACKAGECONFIG ?= "openssl"
PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}"
PACKAGECONFIG += "${@bb.utils.contains('BBFILE_COLLECTIONS', 'filesystems-layer', 'cuse', '', d)}"
PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl"
-PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls"
+# expect, bash, tpm2-pkcs11-tools (tpm2_ptool), tpmtool and certtool is
+# used by swtpm-create-tpmca (the last two is provided by gnutls)
+# gnutls is required by: swtpm-create-tpmca, swtpm-localca and swtpm_cert
+PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls, gnutls, expect bash tpm2-pkcs11-tools"
PACKAGECONFIG[selinux] = "--with-selinux, --without-selinux, libselinux"
PACKAGECONFIG[cuse] = "--with-cuse, --without-cuse, fuse"
PACKAGECONFIG[seccomp] = "--with-seccomp, --without-seccomp, libseccomp"
@@ -41,14 +41,11 @@ USERADD_PARAM:${PN} = "--system -g ${TSS_GROUP} --home-dir \
--no-create-home --shell /bin/false ${BPN}"


-PACKAGES =+ "${PN}-python"
-FILES:${PN}-python = "${PYTHON_SITEPACKAGES_DIR}"
-
PACKAGE_BEFORE_PN = "${PN}-cuse"
FILES:${PN}-cuse = "${bindir}/swtpm_cuse"

INSANE_SKIP:${PN} += "dev-so"

-RDEPENDS:${PN} = "libtpm expect socat bash tpm-tools python3 python3-cryptography python3-twisted"
+RDEPENDS:${PN} = "libtpm"

BBCLASSEXTEND = "native nativesdk"



Re: [meta-zephyr][hardknott] backport tmpfsdir from master

Naveen Saini
 

Done.

Regards,
Naveen

-----Original Message-----
From: yocto@... <yocto@...> On
Behalf Of Jon Mason
Sent: Monday, September 27, 2021 9:24 PM
To: Saini, Naveen Kumar <naveen.kumar.saini@...>
Cc: yocto@...
Subject: [yocto] [meta-zephyr][hardknott] backport tmpfsdir from master

Hey Naveen,
The hardknott branch in meta-zephyr needs the tmpfsdir patch
(678600bee6092e58110a826a9cbefc2f5c52916c) from the master branch
cherry-picked back to hardknott. It has the same issue master had with
breaking when trying to run qemu. Can you please pull it in?

Thanks,
Jon

2921 - 2940 of 57792