Date   

Open Source Maintainers - An open letter/request

Richard Purdie
 

TLDR: The project is seen as mature, employers don't prioritise maintaining
things and we're struggling for maintainers and help with day to day work


Open source projects survive, not just through development work and 
contributions of new features but through a whole load of "unglamorous" 
day to day "admin" work. This may be tracking down a regression, 
triaging failing builds, making a release of a component, reviewing a 
patch, documenting something or many other activities.

I love the fact we have active contributions, particularly for new features
but we are continuing to struggle in many of the other areas above. I am
extrememly grateful for the help we do receive with these tasks!

As a project we have automated an absolute ton of things, we can test
changes in ways we could only dream of a few years ago but maintaining
this automation, tracking down regressions and ensuring it all stays working
does have a cost.

I am worried, not just about the core of the project, but the wider layer
ecosystem since "layer maintainer" isn't seen as a particularly interesting
career enabling focus by employers and it seems a lot of this work isn't being
recognised. Internal business pressures are often continually being
prioritised over this.

The YP+OE ecosystem is becoming more mature and this means we have our 
experienced developers being pulled away to new things and few people
are replacing them so it feels like we're seeing a gradual skills drain/fade.

There are a few things companies can do to help:

a) Publicly acknowledge you use the project. 

I'm often asked where the project is being used but I find it hard to point
at companies using it, or products developed with it. It does help to be able
to point at real users rather than theoretical scenarios. We *know* it is used
in some interesting places but many won't let us say that publicly.

https://wiki.yoctoproject.org/wiki/Project_Users

b) Embrace employee's Open Source contributions, code and otherwise

If companies can find ways to recognise the value of having open source
experts/leaders working for them from a career development and reward 
perspective, that would encourage people to do the important work needed

c) Consider Yocto Project membership

https://www.yoctoproject.org/ecosystem/members/
https://www.yoctoproject.org/join/

We're finding that some infrastructure and roles need to be centrally funded
as the work is important but no one company is willing to commit people to it.
We're only able to to this through project membership which supports things
like the autobuilder, LTS, our build triage process and my own role.

d) Support employees in spending some time on open source projects

I hear quite often that employees get XX% time to spend on open source
projects. I also hear they get pulled onto mission critical product 
deliverables and can't prioritise that other project work. Finding ways
to ensure employees can spend time on open source projects including 
management support would help a lot.

e) Transition roles

If someone has a key role in a project but is moving to new things, help
them find a replacement and allow them time to train/transition to that
new person. Some companies do this really well, I'd call out NI and opkg
maintainership as a particularly good exmaple.



I appreciate these are difficult times, both for individuals and for 
businesses. I'd like to conclude by thanking everyone who does participate
and contribute. Whilst I do want/need to highlight the above (and have been
asked to do so that people have something they can point people at), the 
project is proving to be successful, going to interesting places and making
things possible we can all be proud of!

Cheers,

Richard


[dunfell] Remove hwclock #dunfell #yocto

Alexandre GAMBIER <alexandre@...>
 

Hi,

I would like to remove hwclock from the rootfs cause we don't have an RTC.
Maybe later I'll replace it with fake-hwclock.

I'm using dunfell with IPK packages and I tried to add the following settings in my image settings file (not all at the same time) but none of them removed hwclock.
  • PACKAGE_EXCLUDE += " util-linux-hwclock "
  • BAD_RECOMMENDATIONS += " util-linux-hwclock "
  • IMAGE_INSTALL_remove += " util-linux-hwclock "

Is there a way to remove the package util-linux-hwclock ?
I could use IMAGE_POSTPROCESS_COMMAND and write my own script to remove it but I think it's better and safer to remove the package during the rootfs build.

Thanks


[PATCH yocto-autobuilder-helper 4/4] config.json: add a target to test standalone X11 image

Alexander Kanavin
 

Signed-off-by: Alexander Kanavin <alex.kanavin@...>
---
config.json | 14 ++++++++++++++
1 file changed, 14 insertions(+)

diff --git a/config.json b/config.json
index 72b7af2..8a98c30 100644
--- a/config.json
+++ b/config.json
@@ -752,6 +752,20 @@
]
}
},
+ "only-x11" : {
+ "MACHINE" : "qemux86-64",
+ "BBTARGETS" : "core-image-sato core-image-sato:do_populate_sdk core-image-sato:do_populate_sdk_ext core-image-sato-sdk",
+ "SANITYTARGETS" : "core-image-sato:do_testimage core-image-sato:do_testsdk core-image-sato:do_testsdkext core-image-sato-sdk:do_testimage"
+ "step1" : {
+ "shortname" : "Keep both wayland and opengl"
+ },
+ "step2" : {
+ "shortname" : "Remove wayland and opengl",
+ "extravars" : [
+ "DISTRO_FEATURES_remove = 'opengl wayland'"
+ ]
+ }
+ },
"musl-qemux86" : {
"MACHINE" : "qemux86",
"SDKMACHINE" : "x86_64",
--
2.31.1


[PATCH yocto-autobuilder-helper 3/4] config.json: pam is required when weston starts under systemd

Alexander Kanavin
 

Signed-off-by: Alexander Kanavin <alex.kanavin@...>
---
config.json | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/config.json b/config.json
index ef1637e..72b7af2 100644
--- a/config.json
+++ b/config.json
@@ -998,7 +998,7 @@
"BBTARGETS" : "core-image-weston",
"SANITYTARGETS" : "core-image-weston:do_testimage",
"extravars" : [
- "DISTRO_FEATURES_append = ' systemd'",
+ "DISTRO_FEATURES_append = ' pam systemd'",
"VIRTUAL-RUNTIME_init_manager = 'systemd'",
"TEST_SUITES_append = ' systemd'"
]
@@ -1018,7 +1018,7 @@
"SANITYTARGETS" : "core-image-weston:do_testimage",
"extravars" : [
"TEST_SUITES_append = ' systemd'",
- "DISTRO_FEATURES_append = ' systemd'",
+ "DISTRO_FEATURES_append = ' pam systemd'",
"VIRTUAL-RUNTIME_init_manager = 'systemd'",
"DISTRO_FEATURES_BACKFILL_CONSIDERED = 'sysvinit'"
]
--
2.31.1


[PATCH yocto-autobuilder-helper 2/4] config.json: replace core-image-sato with core-image-weston

Alexander Kanavin
 

I believe the time has come for YP to be defaulting to Wayland
and not X11.

X11 is effectively deprecated technology at this point with
only minimal maintenance; standalone X server will not be
developed any further, and all attention currently is towards
making X apps work well under Wayland.

Weston is built with x11 support enabled via xwayland, so
x11 bits continue do be built and exercised in tests and SDKs;
for testing core-image-sato as a whole a separate target will
be added next.

Signed-off-by: Alexander Kanavin <alex.kanavin@...>
---
config.json | 176 ++++++++++++++++++++++++++--------------------------
1 file changed, 88 insertions(+), 88 deletions(-)

diff --git a/config.json b/config.json
index c122412..ef1637e 100644
--- a/config.json
+++ b/config.json
@@ -67,13 +67,13 @@
"BUILDINFO" : true,
"BUILDHISTORY" : true,
"step1" : {
- "BBTARGETS" : "core-image-sato core-image-sato-sdk core-image-minimal core-image-minimal-dev core-image-sato:do_populate_sdk",
- "SANITYTARGETS" : "core-image-minimal:do_testimage core-image-sato:do_testimage core-image-sato-sdk:do_testimage core-image-sato:do_testsdk"
+ "BBTARGETS" : "core-image-weston core-image-weston-sdk core-image-minimal core-image-minimal-dev core-image-weston:do_populate_sdk",
+ "SANITYTARGETS" : "core-image-minimal:do_testimage core-image-weston:do_testimage core-image-weston-sdk:do_testimage core-image-weston:do_testsdk"
},
"step2" : {
"SDKMACHINE" : "x86_64",
- "BBTARGETS" : "core-image-sato:do_populate_sdk core-image-minimal:do_populate_sdk_ext core-image-sato:do_populate_sdk_ext",
- "SANITYTARGETS" : "core-image-sato:do_testsdk core-image-minimal:do_testsdkext core-image-sato:do_testsdkext"
+ "BBTARGETS" : "core-image-weston:do_populate_sdk core-image-minimal:do_populate_sdk_ext core-image-weston:do_populate_sdk_ext",
+ "SANITYTARGETS" : "core-image-weston:do_testsdk core-image-minimal:do_testsdkext core-image-weston:do_testsdkext"
},
"step3" : {
"shortname" : "Machine oe-selftest",
@@ -87,8 +87,8 @@
"BUILDINFO" : true,
"BUILDHISTORY" : true,
"step1" : {
- "BBTARGETS" : "core-image-full-cmdline core-image-sato core-image-sato-sdk",
- "SANITYTARGETS" : "core-image-full-cmdline:do_testimage core-image-sato:do_testimage core-image-sato-sdk:do_testimage"
+ "BBTARGETS" : "core-image-full-cmdline core-image-weston core-image-weston-sdk",
+ "SANITYTARGETS" : "core-image-full-cmdline:do_testimage core-image-weston:do_testimage core-image-weston-sdk:do_testimage"
}
},
"ptest-qemu" : {
@@ -109,8 +109,8 @@
},
"ltp-qemu" : {
"BUILDINFO" : true,
- "BBTARGETS" : "core-image-sato",
- "SANITYTARGETS" : "core-image-sato:do_testimage",
+ "BBTARGETS" : "core-image-weston",
+ "SANITYTARGETS" : "core-image-weston:do_testimage",
"extravars" : [
"IMAGE_INSTALL_append = ' ltp'",
"TEST_SUITES = 'ping ssh ltp ltp_compliance'",
@@ -122,16 +122,16 @@
"arch-hw" : {
"BUILDINFO" : true,
"step1" : {
- "BBTARGETS" : "core-image-sato core-image-sato-sdk core-image-minimal core-image-minimal-dev core-image-weston-ptest-all core-image-sato:do_populate_sdk",
- "SANITYTARGETS" : "core-image-sato:do_testsdk"
+ "BBTARGETS" : "core-image-weston core-image-weston-sdk core-image-minimal core-image-minimal-dev core-image-weston-ptest-all core-image-weston:do_populate_sdk",
+ "SANITYTARGETS" : "core-image-weston:do_testsdk"
}
},
"arch-hw-qemu" : {
"BUILDINFO" : true,
"step1" : {
"SDKMACHINE" : "x86_64",
- "BBTARGETS" : "core-image-minimal core-image-sato core-image-sato-sdk core-image-sato:do_populate_sdk core-image-sato:do_populate_sdk_ext",
- "SANITYTARGETS" : "core-image-minimal:do_testimage core-image-sato:do_testimage core-image-sato-sdk:do_testimage core-image-sato:do_testsdk core-image-sato:do_testsdkext"
+ "BBTARGETS" : "core-image-minimal core-image-weston core-image-weston-sdk core-image-weston:do_populate_sdk core-image-weston:do_populate_sdk_ext",
+ "SANITYTARGETS" : "core-image-minimal:do_testimage core-image-weston:do_testimage core-image-weston-sdk:do_testimage core-image-weston:do_testsdk core-image-weston:do_testsdkext"
},
"step2" : {
"shortname" : "Machine oe-selftest",
@@ -143,7 +143,7 @@
"DISTRO" : "poky-altcfg",
"BUILDINFO" : true,
"step1" : {
- "BBTARGETS" : "core-image-full-cmdline core-image-sato core-image-sato-sdk"
+ "BBTARGETS" : "core-image-full-cmdline core-image-weston core-image-weston-sdk"
}
},
"buildperf" : {
@@ -230,17 +230,17 @@
"BB_SIGNATURE_HANDLER = 'OEEquivHash'"
],
"step1" : {
- "BBTARGETS" : "core-image-sato",
- "SANITYTARGETS" : "core-image-sato:do_testimage"
+ "BBTARGETS" : "core-image-weston",
+ "SANITYTARGETS" : "core-image-weston:do_testimage"
},
"step2" : {
- "BBTARGETS" : "core-image-sato:do_populate_sdk",
- "SANITYTARGETS" : "core-image-sato:do_testsdk"
+ "BBTARGETS" : "core-image-weston:do_populate_sdk",
+ "SANITYTARGETS" : "core-image-weston:do_testsdk"
},
"step3" : {
"SDKMACHINE" : "x86_64",
- "BBTARGETS" : "core-image-sato:do_populate_sdk core-image-minimal:do_populate_sdk_ext",
- "SANITYTARGETS" : "core-image-sato:do_testsdk"
+ "BBTARGETS" : "core-image-weston:do_populate_sdk core-image-minimal:do_populate_sdk_ext",
+ "SANITYTARGETS" : "core-image-weston:do_testsdk"
}
},
"qemuarm" : {
@@ -252,8 +252,8 @@
"BUILDINFO" : true,
"step1" : {
"SDKMACHINE" : "aarch64",
- "BBTARGETS" : "core-image-sato core-image-sato-sdk core-image-minimal core-image-minimal-dev core-image-sato:do_populate_sdk core-image-minimal:do_populate_sdk_ext core-image-sato:do_populate_sdk_ext",
- "SANITYTARGETS" : "core-image-minimal:do_testimage core-image-sato:do_testimage core-image-sato-sdk:do_testimage core-image-sato:do_testsdk core-image-minimal:do_testsdkext core-image-sato:do_testsdkext"
+ "BBTARGETS" : "core-image-weston core-image-weston-sdk core-image-minimal core-image-minimal-dev core-image-weston:do_populate_sdk core-image-minimal:do_populate_sdk_ext core-image-weston:do_populate_sdk_ext",
+ "SANITYTARGETS" : "core-image-minimal:do_testimage core-image-weston:do_testimage core-image-weston-sdk:do_testimage core-image-weston:do_testsdk core-image-minimal:do_testsdkext core-image-weston:do_testsdkext"
}
},
"qemuarm-alt" : {
@@ -265,7 +265,7 @@
"TEMPLATE" : "arch-hw",
"step2" : {
"SDKMACHINE" : "x86_64",
- "BBTARGETS" : "core-image-minimal:do_populate_sdk_ext core-image-sato:do_populate_sdk"
+ "BBTARGETS" : "core-image-minimal:do_populate_sdk_ext core-image-weston:do_populate_sdk"
}
},
"beaglebone-alt" : {
@@ -281,8 +281,8 @@
"BUILDINFO" : true,
"step1" : {
"SDKMACHINE" : "aarch64",
- "BBTARGETS" : "core-image-sato core-image-sato-sdk core-image-minimal core-image-minimal-dev core-image-sato:do_populate_sdk core-image-minimal:do_populate_sdk_ext core-image-sato:do_populate_sdk_ext",
- "SANITYTARGETS" : "core-image-minimal:do_testimage core-image-sato:do_testimage core-image-sato-sdk:do_testimage core-image-sato:do_testsdk core-image-minimal:do_testsdkext core-image-sato:do_testsdkext"
+ "BBTARGETS" : "core-image-weston core-image-weston-sdk core-image-minimal core-image-minimal-dev core-image-weston:do_populate_sdk core-image-minimal:do_populate_sdk_ext core-image-weston:do_populate_sdk_ext",
+ "SANITYTARGETS" : "core-image-minimal:do_testimage core-image-weston:do_testimage core-image-weston-sdk:do_testimage core-image-weston:do_testsdk core-image-minimal:do_testsdkext core-image-weston:do_testsdkext"
}
},
"qemuarm64-ptest" : {
@@ -306,13 +306,13 @@
],
"step1": {
"MACHINE": "n1sdp",
- "BBTARGETS": "core-image-minimal core-image-sato core-image-sato:do_populate_sdk",
- "SANITYTARGETS" : "core-image-sato:do_testsdk"
+ "BBTARGETS": "core-image-minimal core-image-weston core-image-weston:do_populate_sdk",
+ "SANITYTARGETS" : "core-image-weston:do_testsdk"
},
"step2": {
"MACHINE": "juno",
- "BBTARGETS": "core-image-minimal core-image-sato core-image-sato:do_populate_sdk",
- "SANITYTARGETS" : "core-image-sato:do_testsdk"
+ "BBTARGETS": "core-image-minimal core-image-weston core-image-weston:do_populate_sdk",
+ "SANITYTARGETS" : "core-image-weston:do_testsdk"
}
},
"meta-agl-core" : {
@@ -337,24 +337,24 @@
"SSTATEDIR" : ["SSTATE_DIR ?= '${HELPERBUILDDIR}/sstate'"],
"MACHINE" : "qemuarm64",
"step1" : {
- "BBTARGETS" : "core-image-sato core-image-sato-sdk core-image-minimal core-image-minimal-dev core-image-sato:do_populate_sdk",
- "SANITYTARGETS" : "core-image-minimal:do_testimage core-image-sato:do_testimage core-image-sato-sdk:do_testimage core-image-sato:do_testsdk"
+ "BBTARGETS" : "core-image-weston core-image-weston-sdk core-image-minimal core-image-minimal-dev core-image-weston:do_populate_sdk",
+ "SANITYTARGETS" : "core-image-minimal:do_testimage core-image-weston:do_testimage core-image-weston-sdk:do_testimage core-image-weston:do_testsdk"
},
"step2" : {
"MACHINE" : "qemux86-64",
- "BBTARGETS" : "core-image-sato core-image-sato-sdk core-image-minimal core-image-minimal-dev core-image-weston-ptest-all core-image-sato:do_populate_sdk",
- "SANITYTARGETS" : "core-image-sato:do_testsdk"
+ "BBTARGETS" : "core-image-weston core-image-weston-sdk core-image-minimal core-image-minimal-dev core-image-weston-ptest-all core-image-weston:do_populate_sdk",
+ "SANITYTARGETS" : "core-image-weston:do_testsdk"

},
"step3" : {
"SDKMACHINE" : "x86_64",
- "BBTARGETS" : "core-image-sato:do_populate_sdk core-image-minimal:do_populate_sdk_ext core-image-sato:do_populate_sdk_ext",
- "SANITYTARGETS" : "core-image-sato:do_testsdk core-image-minimal:do_testsdkext core-image-sato:do_testsdkext"
+ "BBTARGETS" : "core-image-weston:do_populate_sdk core-image-minimal:do_populate_sdk_ext core-image-weston:do_populate_sdk_ext",
+ "SANITYTARGETS" : "core-image-weston:do_testsdk core-image-minimal:do_testsdkext core-image-weston:do_testsdkext"
},
"step4" : {
"MACHINE" : "qemux86-64",
"SDKMACHINE" : "x86_64",
- "BBTARGETS" : "core-image-minimal:do_populate_sdk_ext core-image-sato:do_populate_sdk"
+ "BBTARGETS" : "core-image-minimal:do_populate_sdk_ext core-image-weston:do_populate_sdk"
},
"step5" : {
"BUILDINFO" : false,
@@ -498,11 +498,11 @@
"baselib = \"${@d.getVar('BASE_LIB_tune-' + (d.getVar('DEFAULTTUNE', True) or 'INVALID'), True) or 'lib'}\""
],
"step1" : {
- "BBTARGETS" : "core-image-minimal core-image-sato",
+ "BBTARGETS" : "core-image-minimal core-image-weston",
"SANITYTARGETS" : "core-image-minimal:do_testimage"
},
"step2" : {
- "SANITYTARGETS" : "core-image-sato:do_testimage",
+ "SANITYTARGETS" : "core-image-weston:do_testimage",
"extravars" : [
"TEST_SUITES_append = ' x32lib'"
]
@@ -551,8 +551,8 @@
"step3" : {
"shortname" : "x86-64 lib32 rpm",
"description" : "qemux86-64 64bit image and 32 bit multilibs with rpm",
- "BBTARGETS" : "core-image-sato",
- "SANITYTARGETS" : "core-image-sato:do_testimage",
+ "BBTARGETS" : "core-image-weston",
+ "SANITYTARGETS" : "core-image-weston:do_testimage",
"extravars" : [
"TEST_SUITES_append = ' multilib'",
"require conf/multilib.conf",
@@ -566,8 +566,8 @@
"shortname" : "x86-64 lib32 ipk",
"description" : "qemux86-64 64bit image and 32 bit multilibs with ipk",
"PACKAGE_CLASSES" : "package_ipk",
- "BBTARGETS" : "core-image-sato",
- "SANITYTARGETS" : "core-image-sato:do_testimage",
+ "BBTARGETS" : "core-image-weston",
+ "SANITYTARGETS" : "core-image-weston:do_testimage",
"extravars" : [
"TEST_SUITES_append = ' multilib'",
"require conf/multilib.conf",
@@ -582,7 +582,7 @@
"description" : "x86 building 64bit multilib image",
"MACHINE" : "qemux86",
"SDKMACHINE" : "i686",
- "BBTARGETS" : "lib64-core-image-sato lib64-core-image-sato-sdk",
+ "BBTARGETS" : "lib64-core-image-weston lib64-core-image-weston-sdk",
"extravars" : [
"require conf/multilib.conf",
"MULTILIBS = 'multilib:lib64'",
@@ -607,26 +607,26 @@
"pkgman-rpm-non-rpm" : {
"MACHINE" : "qemux86",
"PACKAGE_CLASSES" : "package_rpm",
- "BBTARGETS" : "core-image-sato core-image-sato-sdk core-image-minimal core-image-minimal-dev",
- "SANITYTARGETS" : "core-image-minimal:do_testimage core-image-sato:do_testimage core-image-sato-sdk:do_testimage"
+ "BBTARGETS" : "core-image-weston core-image-weston-sdk core-image-minimal core-image-minimal-dev",
+ "SANITYTARGETS" : "core-image-minimal:do_testimage core-image-weston:do_testimage core-image-weston-sdk:do_testimage"
},
"pkgman-deb-non-deb" : {
"MACHINE" : "qemux86",
"PACKAGE_CLASSES" : "package_deb",
- "BBTARGETS" : "core-image-sato core-image-sato-sdk core-image-minimal core-image-minimal-dev core-image-sato:do_populate_sdk",
- "SANITYTARGETS" : "core-image-minimal:do_testimage core-image-sato:do_testimage core-image-sato-sdk:do_testimage core-image-sato:do_testsdk"
+ "BBTARGETS" : "core-image-weston core-image-weston-sdk core-image-minimal core-image-minimal-dev core-image-weston:do_populate_sdk",
+ "SANITYTARGETS" : "core-image-minimal:do_testimage core-image-weston:do_testimage core-image-weston-sdk:do_testimage core-image-weston:do_testsdk"
},
"pkgman-non-rpm" : {
"MACHINE" : "qemux86",
"step1" : {
"PACKAGE_CLASSES" : "package_ipk",
- "BBTARGETS" : "core-image-sato core-image-sato-sdk core-image-minimal core-image-minimal-dev",
- "SANITYTARGETS" : "core-image-minimal:do_testimage core-image-sato:do_testimage core-image-sato-sdk:do_testimage"
+ "BBTARGETS" : "core-image-weston core-image-weston-sdk core-image-minimal core-image-minimal-dev",
+ "SANITYTARGETS" : "core-image-minimal:do_testimage core-image-weston:do_testimage core-image-weston-sdk:do_testimage"
},
"step2" : {
"PACKAGE_CLASSES" : "package_deb",
- "BBTARGETS" : "core-image-sato core-image-sato-sdk core-image-minimal core-image-minimal-dev",
- "SANITYTARGETS" : "core-image-minimal:do_testimage core-image-sato:do_testimage core-image-sato-sdk:do_testimage"
+ "BBTARGETS" : "core-image-weston core-image-weston-sdk core-image-minimal core-image-minimal-dev",
+ "SANITYTARGETS" : "core-image-minimal:do_testimage core-image-weston:do_testimage core-image-weston-sdk:do_testimage"
}
},
"poky-tiny" : {
@@ -643,41 +643,41 @@
"step1" : {
"MACHINE" : "qemux86",
"shortname" : "qemux86 wic",
- "BBTARGETS" : "wic-tools core-image-sato",
+ "BBTARGETS" : "wic-tools core-image-weston",
"EXTRACMDS" : [
- "wic create directdisk -e core-image-sato -o ${BUILDDIR}/tmp/deploy/wic_images/qemux86/directdisk/core-image-sato/",
- "wic create directdisk-gpt -e core-image-sato -o ${BUILDDIR}/tmp/deploy/wic_images/qemux86/directdisk/core-image-sato/",
- "wic create mkefidisk -e core-image-sato -o ${BUILDDIR}/tmp/deploy/wic_images/qemux86/directdisk/core-image-sato/"
+ "wic create directdisk -e core-image-weston -o ${BUILDDIR}/tmp/deploy/wic_images/qemux86/directdisk/core-image-weston/",
+ "wic create directdisk-gpt -e core-image-weston -o ${BUILDDIR}/tmp/deploy/wic_images/qemux86/directdisk/core-image-weston/",
+ "wic create mkefidisk -e core-image-weston -o ${BUILDDIR}/tmp/deploy/wic_images/qemux86/directdisk/core-image-weston/"
]
},
"step2" : {
"MACHINE" : "genericx86",
"shortname" : "genericx86 wic",
- "BBTARGETS" : "wic-tools core-image-sato",
+ "BBTARGETS" : "wic-tools core-image-weston",
"EXTRACMDS" : [
- "wic create directdisk -e core-image-sato -o ${BUILDDIR}/tmp/deploy/wic_images/genericx86/directdisk/core-image-sato/",
- "wic create directdisk-gpt -e core-image-sato -o ${BUILDDIR}/tmp/deploy/wic_images/genericx86/directdisk/core-image-sato/",
- "wic create mkefidisk -e core-image-sato -o ${BUILDDIR}/tmp/deploy/wic_images/genericx86/directdisk/core-image-sato/"
+ "wic create directdisk -e core-image-weston -o ${BUILDDIR}/tmp/deploy/wic_images/genericx86/directdisk/core-image-weston/",
+ "wic create directdisk-gpt -e core-image-weston -o ${BUILDDIR}/tmp/deploy/wic_images/genericx86/directdisk/core-image-weston/",
+ "wic create mkefidisk -e core-image-weston -o ${BUILDDIR}/tmp/deploy/wic_images/genericx86/directdisk/core-image-weston/"
]
},
"step3" : {
"MACHINE" : "qemux86-64",
"shortname" : "qemux86-64 wic",
- "BBTARGETS" : "wic-tools core-image-sato",
+ "BBTARGETS" : "wic-tools core-image-weston",
"EXTRACMDS" : [
- "wic create directdisk -e core-image-sato -o ${BUILDDIR}/tmp/deploy/wic_images/qemux86-64/directdisk/core-image-sato/",
- "wic create directdisk-gpt -e core-image-sato -o ${BUILDDIR}/tmp/deploy/wic_images/qemux86-64/directdisk/core-image-sato/",
- "wic create mkefidisk -e core-image-sato -o ${BUILDDIR}/tmp/deploy/wic_images/qemux86-64/directdisk/core-image-sato/"
+ "wic create directdisk -e core-image-weston -o ${BUILDDIR}/tmp/deploy/wic_images/qemux86-64/directdisk/core-image-weston/",
+ "wic create directdisk-gpt -e core-image-weston -o ${BUILDDIR}/tmp/deploy/wic_images/qemux86-64/directdisk/core-image-weston/",
+ "wic create mkefidisk -e core-image-weston -o ${BUILDDIR}/tmp/deploy/wic_images/qemux86-64/directdisk/core-image-weston/"
]
},
"step4" : {
"MACHINE" : "genericx86-64",
"shortname" : "genericx86-64 wic",
- "BBTARGETS" : "wic-tools core-image-sato",
+ "BBTARGETS" : "wic-tools core-image-weston",
"EXTRACMDS" : [
- "wic create directdisk -e core-image-sato -o ${BUILDDIR}/tmp/deploy/wic_images/genericx86-64/directdisk/core-image-sato/",
- "wic create directdisk-gpt -e core-image-sato -o ${BUILDDIR}/tmp/deploy/wic_images/genericx86-64/directdisk/core-image-sato/",
- "wic create mkefidisk -e core-image-sato -o ${BUILDDIR}/tmp/deploy/wic_images/genericx86-64/directdisk/core-image-sato/"
+ "wic create directdisk -e core-image-weston -o ${BUILDDIR}/tmp/deploy/wic_images/genericx86-64/directdisk/core-image-weston/",
+ "wic create directdisk-gpt -e core-image-weston -o ${BUILDDIR}/tmp/deploy/wic_images/genericx86-64/directdisk/core-image-weston/",
+ "wic create mkefidisk -e core-image-weston -o ${BUILDDIR}/tmp/deploy/wic_images/genericx86-64/directdisk/core-image-weston/"
]
}
},
@@ -755,8 +755,8 @@
"musl-qemux86" : {
"MACHINE" : "qemux86",
"SDKMACHINE" : "x86_64",
- "BBTARGETS" : "core-image-minimal core-image-full-cmdline core-image-sato-sdk world",
- "SANITYTARGETS" : "core-image-minimal:do_testimage core-image-full-cmdline:do_testimage core-image-sato-sdk:do_testimage",
+ "BBTARGETS" : "core-image-minimal core-image-full-cmdline core-image-weston-sdk world",
+ "SANITYTARGETS" : "core-image-minimal:do_testimage core-image-full-cmdline:do_testimage core-image-weston-sdk:do_testimage",
"extravars" : [
"TCLIBC = 'musl'"
]
@@ -765,8 +765,8 @@
"MACHINE" : "qemux86-64",
"SDKMACHINE" : "x86_64",
"BUILDINFO" : true,
- "BBTARGETS" : "core-image-minimal core-image-full-cmdline core-image-sato-sdk world",
- "SANITYTARGETS" : "core-image-minimal:do_testimage core-image-full-cmdline:do_testimage core-image-sato-sdk:do_testimage",
+ "BBTARGETS" : "core-image-minimal core-image-full-cmdline core-image-weston-sdk world",
+ "SANITYTARGETS" : "core-image-minimal:do_testimage core-image-full-cmdline:do_testimage core-image-weston-sdk:do_testimage",
"extravars" : [
"TCLIBC = 'musl'"
]
@@ -938,18 +938,18 @@
"step4" : {
"shortname" : "Prep locked-sigs test",
"SDKMACHINE" : "x86_64",
- "BBTARGETS" : "core-image-sato core-image-sato:do_populate_sdk_ext"
+ "BBTARGETS" : "core-image-weston core-image-weston:do_populate_sdk_ext"
},
"step5" : {
"shortname" : "Prep #2 locked-sigs test",
"SDKMACHINE" : "x86_64",
- "BBTARGETS" : "core-image-sato -S none",
+ "BBTARGETS" : "core-image-weston -S none",
"EXTRACMDS" : ["${SCRIPTSDIR}/../janitor/clobberdir ${BUILDDIR}/../build/tmp"]
},
"step6" : {
"shortname" : "Test locked-sigs image",
"SDKMACHINE" : "x86_64",
- "BBTARGETS" : "core-image-sato",
+ "BBTARGETS" : "core-image-weston",
"extravars" : [
"TMPDIR = '${TOPDIR}/newtmp'",
"require ../locked-sigs.inc"
@@ -958,7 +958,7 @@
"step7" : {
"shortname" : "Test locked-sigs eSDK",
"SDKMACHINE" : "x86_64",
- "BBTARGETS" : "core-image-sato:do_populate_sdk_ext",
+ "BBTARGETS" : "core-image-weston:do_populate_sdk_ext",
"extravars" : [
"TMPDIR = '${TOPDIR}/sdktmp'"
]
@@ -968,16 +968,16 @@
"MACHINE" : "qemux86-64",
"step1" : {
"shortname" : "Test logrotate",
- "BBTARGETS" : "core-image-sato",
- "SANITYTARGETS" : "core-image-sato:do_testimage",
+ "BBTARGETS" : "core-image-weston",
+ "SANITYTARGETS" : "core-image-weston:do_testimage",
"extravars" : [
"IMAGE_INSTALL_append = ' logrotate'",
"TEST_SUITES_append = ' logrotate'"
]
},
"step2" : {
- "BBTARGETS" : "core-image-sato",
- "SANITYTARGETS" : "core-image-sato:do_testimage",
+ "BBTARGETS" : "core-image-weston",
+ "SANITYTARGETS" : "core-image-weston:do_testimage",
"extravars" : [
"DISTRO_FEATURES_append = ' pam'",
"TEST_SUITES_append = ' pam'"
@@ -985,8 +985,8 @@
},
"step3" : {
"shortname" : "Test skeletoninit",
- "BBTARGETS" : "core-image-sato",
- "SANITYTARGETS" : "core-image-sato:do_testimage",
+ "BBTARGETS" : "core-image-weston",
+ "SANITYTARGETS" : "core-image-weston:do_testimage",
"extravars" : [
"IMAGE_INSTALL_append = ' service hello-mod'",
"TEST_SUITES_append = ' skeletoninit'"
@@ -995,8 +995,8 @@
},
"step4" : {
"shortname" : "Systemd with sysvinit compat",
- "BBTARGETS" : "core-image-sato",
- "SANITYTARGETS" : "core-image-sato:do_testimage",
+ "BBTARGETS" : "core-image-weston",
+ "SANITYTARGETS" : "core-image-weston:do_testimage",
"extravars" : [
"DISTRO_FEATURES_append = ' systemd'",
"VIRTUAL-RUNTIME_init_manager = 'systemd'",
@@ -1005,8 +1005,8 @@
},
"step5" : {
"shortname" : "Sysvinit with systemd",
- "BBTARGETS" : "core-image-sato",
- "SANITYTARGETS" : "core-image-sato:do_testimage",
+ "BBTARGETS" : "core-image-weston",
+ "SANITYTARGETS" : "core-image-weston:do_testimage",
"extravars" : [
"DISTRO_FEATURES_append = ' systemd'",
"VIRTUAL-RUNTIME_init_manager = 'sysvinit'"
@@ -1014,8 +1014,8 @@
},
"step6" : {
"shortname" : "Systemd",
- "BBTARGETS" : "core-image-sato",
- "SANITYTARGETS" : "core-image-sato:do_testimage",
+ "BBTARGETS" : "core-image-weston",
+ "SANITYTARGETS" : "core-image-weston:do_testimage",
"extravars" : [
"TEST_SUITES_append = ' systemd'",
"DISTRO_FEATURES_append = ' systemd'",
@@ -1025,8 +1025,8 @@
},
"step7" : {
"shortname" : "Mesa gallium-llvm",
- "BBTARGETS" : "core-image-sato",
- "SANITYTARGETS" : "core-image-sato:do_testimage",
+ "BBTARGETS" : "core-image-weston",
+ "SANITYTARGETS" : "core-image-weston:do_testimage",
"extravars" : [
"PACKAGECONFIG_append_x86-64_pn-mesa = ' gallium-llvm gallium r600'"
]
--
2.31.1


[PATCH yocto-autobuilder-helper 1/4] config.json: transition ptests to weston-based images

Alexander Kanavin
 

Signed-off-by: Alexander Kanavin <alex.kanavin@...>
---
config.json | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/config.json b/config.json
index 6533dab..c122412 100644
--- a/config.json
+++ b/config.json
@@ -93,16 +93,16 @@
},
"ptest-qemu" : {
"BUILDINFO" : true,
- "BBTARGETS" : "core-image-sato-ptest",
- "SANITYTARGETS" : "core-image-sato-ptest:do_testimage",
+ "BBTARGETS" : "core-image-weston-ptest-all",
+ "SANITYTARGETS" : "core-image-weston-ptest-all:do_testimage",
"extravars" : [
"TEST_SUITES = 'ping ssh ptest'"
]
},
"ptest-qemu-fast" : {
"BUILDINFO" : true,
- "BBTARGETS" : "core-image-sato-ptest-fast",
- "SANITYTARGETS" : "core-image-sato-ptest-fast:do_testimage",
+ "BBTARGETS" : "core-image-weston-ptest-fast",
+ "SANITYTARGETS" : "core-image-weston-ptest-fast:do_testimage",
"extravars" : [
"TEST_SUITES = 'ping ssh ptest'"
]
@@ -122,7 +122,7 @@
"arch-hw" : {
"BUILDINFO" : true,
"step1" : {
- "BBTARGETS" : "core-image-sato core-image-sato-sdk core-image-minimal core-image-minimal-dev core-image-sato-ptest core-image-sato:do_populate_sdk",
+ "BBTARGETS" : "core-image-sato core-image-sato-sdk core-image-minimal core-image-minimal-dev core-image-weston-ptest-all core-image-sato:do_populate_sdk",
"SANITYTARGETS" : "core-image-sato:do_testsdk"
}
},
@@ -342,7 +342,7 @@
},
"step2" : {
"MACHINE" : "qemux86-64",
- "BBTARGETS" : "core-image-sato core-image-sato-sdk core-image-minimal core-image-minimal-dev core-image-sato-sdk-ptest core-image-sato:do_populate_sdk",
+ "BBTARGETS" : "core-image-sato core-image-sato-sdk core-image-minimal core-image-minimal-dev core-image-weston-ptest-all core-image-sato:do_populate_sdk",
"SANITYTARGETS" : "core-image-sato:do_testsdk"

},
--
2.31.1


Re: KeyError: 'getpwuid(): uid not found: 1000' in do_package phase

Martin Jansa
 

On Mon, May 10, 2021 at 12:08:22PM +0300, Thomas Hill via lists.yoctoproject.org wrote:
Hi Richard!

On Fri, 7 May 2021, 15:28, Richard Purdie <richard.purdie@...>
On Fri, 2021-05-07 at 10:10 +0300, Thomas Hill via lists.yoctoproject.org wrote:
On Thu, 6 May 2021, 13:44 Martin Jansa <Martin.Jansa@...> wrote:
On Thu, May 6, 2021 at 10:57 AM Thomas Hill via lists.yoctoproject.org <tom.hill=inbox.lv@...> wrote:
On Mon, Nov 16, 2020 at 02:28 PM, Martin Jansa wrote:
https://github.com/webOS-ports/meta-webos-ports/commit/9fd17a67cdbed92df13a14b002a189b4c6c2d442
is an example where it triggers this error, but doesn't trigger the more common host-user-contaminated QA error (unless you happened to use UID 1001 on host for the user running bitbake).
 > I have here a similar problem with one of my own packages. It happens that my bitbake user uses UID 1001. Do you have more information why this is a problem? Should it be enough to change the UID to 1002 to get everything running?
No, you should chown the files to be owned by the expected user which exists in the image (probably root like in my commit). Changing the UID of the user on host is very bad work around (as it will fail for the next person building the same image with host user 1001.
Ok. Thanks. I can confirm that the change of the bitbake users UID to 1111
did not solve the issue.
I will open a new thread because I don't see why this fails. I use oe_runmake
in my do_install function and got the impression that oe_runmake should take 
care of this via fakeroot.
When you install files during do_install, you need to be clear about who
you want to own the end result.
See my other mail for more details - subject:
"Path ./package/usr/lib/libcryptopp.so.8 is owned by uid 1111, gid 1111, which doesn't match any ..."

If you do something like "touch ${D}/x", the it will be owned by the default
user which in a fakeroot context under pseudo is root.

If however you cp a file to ${D}/x, it would depend what you told cp
to do about ownership. If the original file was owned by user 1001, it
may try and preserve that.
I do not touch any files myself. The do_install function uses only
"oe_runmake install-lib". No "touch", no "cp", nothing.
The GNUmakefile uses "mkdir", "cp", "chmod" but I patched it so it
uses "install" instead of "cp" in my recipe.

We don't know what your code is doing in do_install but its almost certainly
not setting the file ownership correctly.
My other mail has more details. I did not append the GNUmakefile. It is
quite large. I think it ist easier to get it directly from the original git-repository.
<https://github.com/weidai11/cryptopp/blob/9dcc26c58213abb8351fbb1b2a7a1d2c667366e4/GNUmakefile>
0002_libcryptopp_8.2.0_use-install-instead-of-cp.patch from your recipe
might be interesting as well to guess what went wrong in your case.


Re: Improving NPM recipe build speed

Nicolas Jeker
 

On Mon, 2021-04-26 at 16:29 -0700, Alessandro Tagliapietra wrote:
Hi everyone,
Hi Alessandro,

I'm making an image that includes the node-red recipe from meta-iot-
cloud.
The whole process takes about 30+ minutes for that recipe alone (most
of the time spent in do_configure).
Now I want to override the recipe systemd service file and create a
nodered user. Every time I change my bbappend file I have to wait 30+
minutes to have the result even for a small systemd file change.

Is it possible to speed up the process somehow?
I never worked with node-red in yocto, so I can't speak specifically
for that, but I encountered similar situations before. Here is what I
usually do when I need to change a file in a recipe that takes a really
long time to compile or triggers a rebuild of a ton of other recipes.

This only works for files that don't need to be compiled, like
configuration files, systemd service files, udev rules etc. I usually
replace the file in the rootfs directly on the device (or boot from NFS
and edit the file in the NFS export). For example if I need to change a
systemd service file, I change the file on my host, copy it with scp to
the device and check if everything is working as expected. When I'm
finished, I reintegrate my edits with a bbappend file and check again
if it works.

Thanks in advance


Re: KeyError: 'getpwuid(): uid not found: 1000' in do_package phase

Thomas Hill
 

Hi Richard!

On Fri, 7 May 2021, 15:28, Richard Purdie <richard.purdie@...>
On Fri, 2021-05-07 at 10:10 +0300, Thomas Hill via lists.yoctoproject.org wrote:
On Thu, 6 May 2021, 13:44 Martin Jansa <Martin.Jansa@...> wrote:
On Thu, May 6, 2021 at 10:57 AM Thomas Hill via lists.yoctoproject.org <tom.hill=inbox.lv@...> wrote:
On Mon, Nov 16, 2020 at 02:28 PM, Martin Jansa wrote:
https://github.com/webOS-ports/meta-webos-ports/commit/9fd17a67cdbed92df13a14b002a189b4c6c2d442
is an example where it triggers this error, but doesn't trigger the more common host-user-contaminated QA error (unless you happened to use UID 1001 on host for the user running bitbake).
 > I have here a similar problem with one of my own packages. It happens that my bitbake user uses UID 1001. Do you have more information why this is a problem? Should it be enough to change the UID to 1002 to get everything running?
No, you should chown the files to be owned by the expected user which exists in the image (probably root like in my commit). Changing the UID of the user on host is very bad work around (as it will fail for the next person building the same image with host user 1001.
Ok. Thanks. I can confirm that the change of the bitbake users UID to 1111
did not solve the issue.
I will open a new thread because I don't see why this fails. I use oe_runmake
in my do_install function and got the impression that oe_runmake should take 
care of this via fakeroot.
When you install files during do_install, you need to be clear about who
you want to own the end result.
See my other mail for more details - subject:
"Path ./package/usr/lib/libcryptopp.so.8 is owned by uid 1111, gid 1111, which doesn't match any ..."

If you do something like "touch ${D}/x", the it will be owned by the default
user which in a fakeroot context under pseudo is root.

If however you cp a file to ${D}/x, it would depend what you told cp
to do about ownership. If the original file was owned by user 1001, it
may try and preserve that.
I do not touch any files myself. The do_install function uses only
"oe_runmake install-lib". No "touch", no "cp", nothing.
The GNUmakefile uses "mkdir", "cp", "chmod" but I patched it so it
uses "install" instead of "cp" in my recipe.

We don't know what your code is doing in do_install but its almost certainly
not setting the file ownership correctly.
My other mail has more details. I did not append the GNUmakefile. It is
quite large. I think it ist easier to get it directly from the original git-repository.
<https://github.com/weidai11/cryptopp/blob/9dcc26c58213abb8351fbb1b2a7a1d2c667366e4/GNUmakefile>

Tom


Re: [meta-security][PATCH 4/6] suricata: 4.1.x add UPSTREAM_CHECK_REGEX

Quentin Schulz
 

Hi Armin,

On May 9, 2021 3:47:38 PM UTC, Armin Kuster <akuster808@...> wrote:
Signed-off-by: Armin Kuster <akuster808@...>
---
recipes-ids/suricata/suricata_4.1.10.bb | 2 ++
1 file changed, 2 insertions(+)

diff --git a/recipes-ids/suricata/suricata_4.1.10.bb b/recipes-ids/suricata/suricata_4.1.10.bb
index 3f7beaa..bf08843 100644
--- a/recipes-ids/suricata/suricata_4.1.10.bb
+++ b/recipes-ids/suricata/suricata_4.1.10.bb
@@ -12,6 +12,8 @@ SRC_URI += " \
file://run-ptest \
"

+UPSTREAM_CHECK_URI = "www.openinfosecfoundation.org/download"
+
There is a mismatch between what you're doing and what the title of this commit is, I guess the commit title is to be updated?

Cheers,
Quentin


[meta-security][PATCH 6/6] ibmtpm2tss: update to tip

Armin Kuster
 

Signed-off-by: Armin Kuster <akuster808@...>
---
meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.6.0.bb | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.6.0.bb b/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.6.0.bb
index 4d9b554..ae8974b 100644
--- a/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.6.0.bb
+++ b/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.6.0.bb
@@ -17,11 +17,13 @@ DEPENDS = "openssl ibmswtpm2"

inherit autotools pkgconfig

-SRCREV = "3e736f712ba53c8f06e66751f60fae428fd2e20f"
+SRCREV = "c4e131e34ec0ed09411aa3bc76f76129ef881573"
SRC_URI = " git://git.code.sf.net/p/ibmtpm20tss/tss;nobranch=1 \
file://0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch \
"

+UPSTREAM_CHECK_COMMITS = "1"
+
EXTRA_OECONF = "--disable-tpm-1.2"

S = "${WORKDIR}/git"
--
2.25.1


[meta-security][PATCH 5/6] ibmswtpm2: update to 1661

Armin Kuster
 

Drop patch now included in updated

Signed-off-by: Armin Kuster <akuster808@...>
---
.../ibmswtpm2/files/fix-wrong-cast.patch | 27 -------------------
.../{ibmswtpm2_1637.bb => ibmswtpm2_1661.bb} | 10 +++----
2 files changed, 4 insertions(+), 33 deletions(-)
delete mode 100644 meta-tpm/recipes-tpm2/ibmswtpm2/files/fix-wrong-cast.patch
rename meta-tpm/recipes-tpm2/ibmswtpm2/{ibmswtpm2_1637.bb => ibmswtpm2_1661.bb} (69%)

diff --git a/meta-tpm/recipes-tpm2/ibmswtpm2/files/fix-wrong-cast.patch b/meta-tpm/recipes-tpm2/ibmswtpm2/files/fix-wrong-cast.patch
deleted file mode 100644
index f2938e0..0000000
--- a/meta-tpm/recipes-tpm2/ibmswtpm2/files/fix-wrong-cast.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-Fix strict aliasing issue of gcc10
-
-fixes:
-
-TpmFail.c: In function 'TpmLogFailure':
-TpmFail.c:217:23: error: dereferencing type-punned pointer will break strict-aliasing rules [-Werror=strict-aliasing]
- 217 | s_failFunction = *(UINT32 *)&function; /* kgold */
- | ^~~~~~~~~~~~~~~~~~~
-cc1: all warnings being treated as errors
-
-Upstream-Status: Submitted
-
-Signed-off-by: Jens Rehsack <sno@...>
-
-Index: src/TpmFail.c
-===================================================================
---- src.orig/TpmFail.c 2020-09-10 15:43:57.085063875 +0200
-+++ src/TpmFail.c 2020-09-10 15:48:35.563302634 +0200
-@@ -214,7 +214,7 @@
- // On a 64-bit machine, this may truncate the address of the string
- // of the function name where the error occurred.
- #if FAIL_TRACE
-- s_failFunction = *(UINT32 *)&function; /* kgold */
-+ memcpy(&s_failFunction, function, sizeof(uint32_t)); /* kgold */
- s_failLine = line;
- #else
- s_failFunction = 0;
diff --git a/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1637.bb b/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1661.bb
similarity index 69%
rename from meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1637.bb
rename to meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1661.bb
index 301980d..7ea40a8 100644
--- a/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1637.bb
+++ b/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1661.bb
@@ -17,13 +17,11 @@ DEPENDS = "openssl"

SRC_URI = "https://sourceforge.net/projects/ibmswtpm2/files/ibmtpm${PV}.tar.gz \
file://tune-makefile.patch \
- file://fix-wrong-cast.patch \
"
-SRC_URI[md5sum] = "43b217d87056e9155633925eb6ef749c"
-SRC_URI[sha256sum] = "dd3a4c3f7724243bc9ebcd5c39bbf87b82c696d1c1241cb8e5883534f6e2e327"
-SRC_URI[sha1sum] = "ab4b94079e57a86996991e8a2b749ce063e4ad3e"
-SRC_URI[sha384sum] = "bbef16a934853ce78cba7ddc766aa9d7ef3cde3430a322b1be772bf3ad4bd6d413ae9c4de21bc1a4879d17dfe2aadc1d"
-SRC_URI[sha512sum] = "007aa415cccf19a2bcf789c426727dc4032dcb04cc9d11eedc231d2add708c1134d3d5ee5cfbe7de68307c95fff7a30bd306fbd8d53c198a5ef348440440a6ed"
+
+SRC_URI[sha256sum] = "55145928ad2b24f34be6a0eacf9fb492e10e0ea919b8428c721fa970e85d6147"
+
+UPSTREAM_CHECK_REGEX = "libtpm(?P<pver>).tar.gz"

S = "${WORKDIR}/src"

--
2.25.1


[meta-security][PATCH 4/6] suricata: 4.1.x add UPSTREAM_CHECK_REGEX

Armin Kuster
 

Signed-off-by: Armin Kuster <akuster808@...>
---
recipes-ids/suricata/suricata_4.1.10.bb | 2 ++
1 file changed, 2 insertions(+)

diff --git a/recipes-ids/suricata/suricata_4.1.10.bb b/recipes-ids/suricata/suricata_4.1.10.bb
index 3f7beaa..bf08843 100644
--- a/recipes-ids/suricata/suricata_4.1.10.bb
+++ b/recipes-ids/suricata/suricata_4.1.10.bb
@@ -12,6 +12,8 @@ SRC_URI += " \
file://run-ptest \
"

+UPSTREAM_CHECK_URI = "www.openinfosecfoundation.org/download"
+
inherit autotools-brokensep pkgconfig python3-dir systemd ptest

CFLAGS += "-D_DEFAULT_SOURCE -fcommon"
--
2.25.1


[meta-security][PATCH 3/6] python3-scapy: add UPSTREAM_CHECK_COMMITS

Armin Kuster
 

Signed-off-by: Armin Kuster <akuster808@...>
---
recipes-security/scapy/python3-scapy_2.4.4.bb | 2 ++
1 file changed, 2 insertions(+)

diff --git a/recipes-security/scapy/python3-scapy_2.4.4.bb b/recipes-security/scapy/python3-scapy_2.4.4.bb
index 8d81ed1..23ddfce 100644
--- a/recipes-security/scapy/python3-scapy_2.4.4.bb
+++ b/recipes-security/scapy/python3-scapy_2.4.4.bb
@@ -13,6 +13,8 @@ SRC_URI = "git://github.com/secdev/scapy.git \

S = "${WORKDIR}/git"

+UPSTREAM_CHECK_COMMITS = "1"
+
inherit setuptools3 ptest

do_install_append() {
--
2.25.1


[meta-security][PATCH 2/6] ossec-hids: add UPSTREAM_CHECK_COMMITS

Armin Kuster
 

Signed-off-by: Armin Kuster <akuster808@...>
---
recipes-ids/ossec/ossec-hids_3.6.0.bb | 2 ++
1 file changed, 2 insertions(+)

diff --git a/recipes-ids/ossec/ossec-hids_3.6.0.bb b/recipes-ids/ossec/ossec-hids_3.6.0.bb
index 10354a7..242bbdb 100644
--- a/recipes-ids/ossec/ossec-hids_3.6.0.bb
+++ b/recipes-ids/ossec/ossec-hids_3.6.0.bb
@@ -11,6 +11,8 @@ SRC_URI = "git://github.com/ossec/ossec-hids;branch=master \

SRCREV = "1303c78e2c67d7acee0508cb00c3bc63baaa27c2"

+UPSTREAM_CHECK_COMMITS = "1"
+
inherit autotools-brokensep useradd

S = "${WORKDIR}/git"
--
2.25.1


[meta-security][PATCH 1/6] clamav: update to tip.

Armin Kuster
 

Add UPSTEAM_CHECK

Signed-off-by: Armin Kuster <akuster808@...>
---
recipes-scanners/clamav/clamav_0.104.0.bb | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/recipes-scanners/clamav/clamav_0.104.0.bb b/recipes-scanners/clamav/clamav_0.104.0.bb
index 36e498d..6892bb0 100644
--- a/recipes-scanners/clamav/clamav_0.104.0.bb
+++ b/recipes-scanners/clamav/clamav_0.104.0.bb
@@ -8,7 +8,8 @@ DEPENDS = "glibc llvm libtool db openssl zlib curl libxml2 bison pcre2 json-c li

LIC_FILES_CHKSUM = "file://COPYING.txt;beginline=2;endline=3;md5=f7029fbbc5898b273d5902896f7bbe17"

-SRCREV = "5553a5e206ceae5d920368baee7d403f823bcb6f"
+# May 2nd
+SRCREV = "de0086aa918b79cd22570d0c05977a288b197e23"

SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=dev/0.104 \
file://clamd.conf \
@@ -28,6 +29,8 @@ BINCONFIG = "${bindir}/clamav-config"

inherit cmake chrpath pkgconfig useradd systemd multilib_header multilib_script

+UPSTREAM_CHECK_COMMITS = "1"
+
CLAMAV_UID ?= "clamav"
CLAMAV_GID ?= "clamav"

--
2.25.1


Re: Recipe Grep'ing

Robert Joslyn
 

On Wed, 2021-05-05 at 17:50 -0700, Khem Raj wrote:


On 5/5/21 5:41 PM, Chuck Wolber wrote:
I was pondering putting some work in to a fairly large patch set
aimed
at making recipes easier to grep through, and wanted to get some
feedback before I put time and effort into it.

"what" and the "why" when grep'ing through recipes to search for
things:

FOO += "item1"
FOO += "item2"

Whereas this pattern gives us the "what", but not the "why":

FOO = "item1 \
              item2 \
             "

After discussing this with Richard Purdie on IRC, I also understand
that
the latter pattern benefits some forms of build output. In addition,
for
SRC_URI, the "why" is normally fairly obvious from context clues.

So, is there any interest in accepting a patch set of that nature for
Yocto and OE repositories? If so, what variables and situations
should
be considered "off limits" to a change like that?
nice to have a linter, which can do such checks and perhaps we can
enable this in autobuilders so we can keep such cleansups maintained
There is the oe-stylize.py script that attempts to format recipes
according to the style guide:
https://git.openembedded.org/meta-openembedded/tree/contrib/oe-stylize.py

Last time I played with it, I was a bit disappointed with some of the
changes it makes, some of which are different than what devtool does.
When I need to introduce new developers to bitbake, I'd love to be able
to hand them oe-stylize or something similar and just tell them to run
it before committing to make sure everything is formatted consistently.

I've had updating oe-stylize.py on my TODO list for a while, but more
important things always come up.

Robert


[meta-security][PATCH 2/2] tpm2-pkcs11: Update to 1.6.0

Armin Kuster
 

Includes gcc11 fix.
Added p11-kit
Minor cleanup

Signed-off-by: Armin Kuster <akuster808@...>
---
.../recipes-tpm2/tpm2-pkcs11/files/677.patch | 295 ++++++++++++++++++
...2-pkcs11_1.5.0.bb => tpm2-pkcs11_1.6.0.bb} | 27 +-
2 files changed, 314 insertions(+), 8 deletions(-)
create mode 100644 meta-tpm/recipes-tpm2/tpm2-pkcs11/files/677.patch
rename meta-tpm/recipes-tpm2/tpm2-pkcs11/{tpm2-pkcs11_1.5.0.bb => tpm2-pkcs11_1.6.0.bb} (76%)

diff --git a/meta-tpm/recipes-tpm2/tpm2-pkcs11/files/677.patch b/meta-tpm/recipes-tpm2/tpm2-pkcs11/files/677.patch
new file mode 100644
index 0000000..5c91a5e
--- /dev/null
+++ b/meta-tpm/recipes-tpm2/tpm2-pkcs11/files/677.patch
@@ -0,0 +1,295 @@
+From 2b74d3df9b3b6932052ace627b21ff1352aa2932 Mon Sep 17 00:00:00 2001
+From: William Roberts <william.c.roberts@...>
+Date: Wed, 5 May 2021 13:32:05 -0500
+Subject: [PATCH 1/4] test: fix build for gcc11
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fixes 0 size regions by ignoring them. The test code intentionally does
+bad things.
+
+test/unit/test_twist.c: In function ‘test_twistbin_aappend_twist_null’:
+test/unit/test_twist.c:327:18: error: ‘twistbin_aappend’ accessing 16 bytes in a region of size 0 [-Werror=stringop-overflow=]
+ 327 | actual = twistbin_aappend(expected, (binarybuffer *) 0xDEADBEEF, 0);
+ | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Signed-off-by: William Roberts <william.c.roberts@...>
+
+Upstream-Status: Pending
+Fix out for merge to offical repo
+
+Signed-off-by: Armin Kuster <akuster808@...>
+
+---
+ test/unit/test_twist.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/test/unit/test_twist.c b/test/unit/test_twist.c
+index ec66f69f..58d4530a 100644
+--- a/test/unit/test_twist.c
++++ b/test/unit/test_twist.c
+@@ -244,15 +244,23 @@ void test_twistbin_create(void **state) {
+ void test_twistbin_new_overflow_1(void **state) {
+ (void) state;
+
++#pragma GCC diagnostic push
++#pragma GCC diagnostic ignored "-Wpragmas"
++#pragma GCC diagnostic ignored "-Wstringop-overflow"
+ twist actual = twistbin_new((void *) 0xDEADBEEF, ~0);
+ assert_null(actual);
++#pragma GCC diagnostic pop
+ }
+
+ void test_twistbin_new_overflow_2(void **state) {
+ (void) state;
+
++#pragma GCC diagnostic push
++#pragma GCC diagnostic ignored "-Wpragmas"
++#pragma GCC diagnostic ignored "-Wstringop-overflow"
+ twist actual = twistbin_new((void *) 0xDEADBEEF, ~0 - sizeof(void *));
+ assert_null(actual);
++#pragma GCC diagnostic pop
+ }
+
+ void test_twistbin_new_overflow_3(void **state) {
+@@ -318,8 +326,12 @@ void test_twistbin_aappend_twist_null(void **state) {
+ twist actual = twistbin_aappend(expected, NULL, 42);
+ assert_ptr_equal((void * )actual, (void * )expected);
+
++#pragma GCC diagnostic push
++#pragma GCC diagnostic ignored "-Wpragmas"
++#pragma GCC diagnostic ignored "-Wstringop-overflow"
+ actual = twistbin_aappend(expected, (binarybuffer *) 0xDEADBEEF, 0);
+ assert_ptr_equal((void * )actual, (void * )expected);
++#pragma GCC diagnostic pop
+
+ twist_free(actual);
+ }
+
+From 5bea05613e638375b73e29e5d56a9dabcfd2269d Mon Sep 17 00:00:00 2001
+From: William Roberts <william.c.roberts@...>
+Date: Wed, 5 May 2021 11:52:23 -0500
+Subject: [PATCH 2/4] utils: fix stringop-overread in str_padded_copy
+
+cc1: all warnings being treated as errors
+| make: *** [Makefile:1953: src/lib/slot.lo] Error 1
+| make: *** Waiting for unfinished jobs....
+| In file included from src/lib/mutex.h:10,
+| from src/lib/session_ctx.h:6,
+| from src/lib/digest.h:13,
+| from src/lib/tpm.c:28:
+| In function 'str_padded_copy',
+| inlined from 'tpm_get_token_info' at src/lib/tpm.c:742:5:
+| src/lib/utils.h:42:5: error: 'strnlen' specified bound 32 exceeds source size 5 [-Werror=stringop-overread]
+| 42 | memcpy(dst, src, strnlen((char *)(src), dst_len));
+| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+| src/lib/utils.h: In function 'tpm_get_token_info':
+| src/lib/tpm.c:739:19: note: source object declared here
+| 739 | unsigned char manufacturerID[sizeof(UINT32)+1] = {0}; // 4 bytes + '\0' as temp storage
+| | ^~~~~~~~~~~~~~
+| cc1: all warnings being treated as errors
+| make: *** [Makefile:1953: src/lib/tpm.lo] Error 1
+| WARNING: exit code 1 from a shell command.
+
+Fixes #676
+
+Signed-off-by: William Roberts <william.c.roberts@...>
+---
+ src/lib/general.c | 8 ++++----
+ src/lib/general.h | 2 +-
+ src/lib/slot.c | 4 ++--
+ src/lib/token.c | 4 ++--
+ src/lib/tpm.c | 7 +++----
+ src/lib/utils.h | 6 ++++--
+ 6 files changed, 16 insertions(+), 15 deletions(-)
+
+diff --git a/src/lib/general.c b/src/lib/general.c
+index 9b7327c1..eaddaf82 100644
+--- a/src/lib/general.c
++++ b/src/lib/general.c
+@@ -19,8 +19,8 @@
+ #define VERSION "UNKNOWN"
+ #endif
+
+-#define LIBRARY_DESCRIPTION (CK_UTF8CHAR_PTR)"TPM2.0 Cryptoki"
+-#define LIBRARY_MANUFACTURER (CK_UTF8CHAR_PTR)"tpm2-software.github.io"
++static const CK_UTF8CHAR LIBRARY_DESCRIPTION[] = "TPM2.0 Cryptoki";
++static const CK_UTF8CHAR LIBRARY_MANUFACTURER[] = "tpm2-software.github.io";
+
+ #define CRYPTOKI_VERSION { \
+ .major = CRYPTOKI_VERSION_MAJOR, \
+@@ -78,8 +78,8 @@ CK_RV general_get_info(CK_INFO *info) {
+
+ static CK_INFO *_info = NULL;
+ if (!_info) {
+- str_padded_copy(_info_.manufacturerID, LIBRARY_MANUFACTURER, sizeof(_info_.manufacturerID));
+- str_padded_copy(_info_.libraryDescription, LIBRARY_DESCRIPTION, sizeof(_info_.libraryDescription));
++ str_padded_copy(_info_.manufacturerID, LIBRARY_MANUFACTURER);
++ str_padded_copy(_info_.libraryDescription, LIBRARY_DESCRIPTION);
+
+ parse_lib_version(&_info_.libraryVersion.major,
+ &_info_.libraryVersion.minor);
+diff --git a/src/lib/general.h b/src/lib/general.h
+index 14a18e46..356c142d 100644
+--- a/src/lib/general.h
++++ b/src/lib/general.h
+@@ -10,7 +10,7 @@
+ #define TPM2_TOKEN_LABEL "TPM2 PKCS#11 Token"
+ #define TPM2_TOKEN_MANUFACTURER "Intel"
+ #define TPM2_TOKEN_MODEL "TPM2 PKCS#11"
+-#define TPM2_TOKEN_SERIAL_NUMBER "0000000000000000"
++static const CK_UTF8CHAR TPM2_TOKEN_SERIAL_NUMBER[] = "0000000000000000";
+ #define TPM2_TOKEN_HW_VERSION { 0, 0 }
+ #define TPM2_TOKEN_FW_VERSION { 0, 0 }
+
+diff --git a/src/lib/slot.c b/src/lib/slot.c
+index 548d22b5..6db5bb93 100644
+--- a/src/lib/slot.c
++++ b/src/lib/slot.c
+@@ -119,8 +119,8 @@ CK_RV slot_get_info (CK_SLOT_ID slot_id, CK_SLOT_INFO *info) {
+ return CKR_GENERAL_ERROR;
+ }
+
+- str_padded_copy(info->manufacturerID, token_info.manufacturerID, sizeof(info->manufacturerID));
+- str_padded_copy(info->slotDescription, token_info.label, sizeof(info->slotDescription));
++ str_padded_copy(info->manufacturerID, token_info.manufacturerID);
++ str_padded_copy(info->slotDescription, token_info.label);
+
+ info->hardwareVersion = token_info.hardwareVersion;
+ info->firmwareVersion = token_info.firmwareVersion;
+diff --git a/src/lib/token.c b/src/lib/token.c
+index 6d7ebd27..c7211296 100644
+--- a/src/lib/token.c
++++ b/src/lib/token.c
+@@ -317,8 +317,8 @@ CK_RV token_get_info (token *t, CK_TOKEN_INFO *info) {
+ }
+
+ // Identification
+- str_padded_copy(info->label, t->label, sizeof(info->label));
+- str_padded_copy(info->serialNumber, (unsigned char*) TPM2_TOKEN_SERIAL_NUMBER, sizeof(info->serialNumber));
++ str_padded_copy(info->label, t->label);
++ str_padded_copy(info->serialNumber, TPM2_TOKEN_SERIAL_NUMBER);
+
+
+ // Memory: TODO not sure what memory values should go here, the platform?
+diff --git a/src/lib/tpm.c b/src/lib/tpm.c
+index 1639df48..7f9f052a 100644
+--- a/src/lib/tpm.c
++++ b/src/lib/tpm.c
+@@ -740,15 +740,14 @@ CK_RV tpm_get_token_info (tpm_ctx *ctx, CK_TOKEN_INFO *info) {
+ unsigned char manufacturerID[sizeof(UINT32)+1] = {0}; // 4 bytes + '\0' as temp storage
+ UINT32 manufacturer = ntohl(tpmProperties[TPM2_PT_MANUFACTURER - TPM2_PT_FIXED].value);
+ memcpy(manufacturerID, (unsigned char*) &manufacturer, sizeof(uint32_t));
+- str_padded_copy(info->manufacturerID, manufacturerID, sizeof(info->manufacturerID));
++ str_padded_copy(info->manufacturerID, manufacturerID);
+
+ // Map human readable Manufacturer String, if available,
+ // otherwise 4 byte ID was already padded and will be used.
+ for (unsigned int i=0; i < ARRAY_LEN(TPM2_MANUFACTURER_MAP); i++){
+ if (!strncasecmp((char *)info->manufacturerID, TPM2_MANUFACTURER_MAP[i][0], 4)) {
+ str_padded_copy(info->manufacturerID,
+- (unsigned char *)TPM2_MANUFACTURER_MAP[i][1],
+- sizeof(info->manufacturerID));
++ (unsigned char *)TPM2_MANUFACTURER_MAP[i][1]);
+ }
+ }
+
+@@ -758,7 +757,7 @@ CK_RV tpm_get_token_info (tpm_ctx *ctx, CK_TOKEN_INFO *info) {
+ vendor[1] = ntohl(tpmProperties[TPM2_PT_VENDOR_STRING_2 - TPM2_PT_FIXED].value);
+ vendor[2] = ntohl(tpmProperties[TPM2_PT_VENDOR_STRING_3 - TPM2_PT_FIXED].value);
+ vendor[3] = ntohl(tpmProperties[TPM2_PT_VENDOR_STRING_4 - TPM2_PT_FIXED].value);
+- str_padded_copy(info->model, (unsigned char*) &vendor, sizeof(info->model));
++ str_padded_copy(info->model, (unsigned char*) &vendor);
+
+ return CKR_OK;
+ }
+diff --git a/src/lib/utils.h b/src/lib/utils.h
+index 81c61fae..cf357464 100644
+--- a/src/lib/utils.h
++++ b/src/lib/utils.h
+@@ -39,9 +39,11 @@
+
+ int str_to_ul(const char *val, size_t *res);
+
+-static inline void str_padded_copy(CK_UTF8CHAR_PTR dst, const CK_UTF8CHAR_PTR src, size_t dst_len) {
++#define str_padded_copy(dst, src) _str_padded_copy(dst, sizeof(dst), src, strnlen((const char *)src, sizeof(src)))
++static inline void _str_padded_copy(CK_UTF8CHAR_PTR dst, size_t dst_len, const CK_UTF8CHAR *src, size_t src_len) {
+ memset(dst, ' ', dst_len);
+- memcpy(dst, src, strnlen((char *)(src), dst_len));
++ memcpy(dst, src, src_len);
++ LOGE("BILL(%zu): %.*s\n", dst_len, dst_len, dst);
+ }
+
+ twist utils_hash_pass(const twist pin, const twist salt);
+
+From afeae8a3846e06152fafb180077fbad4381a124d Mon Sep 17 00:00:00 2001
+From: William Roberts <william.c.roberts@...>
+Date: Wed, 5 May 2021 14:09:27 -0500
+Subject: [PATCH 3/4] general: drop unused macros
+
+Signed-off-by: William Roberts <william.c.roberts@...>
+---
+ src/lib/general.h | 10 ----------
+ 1 file changed, 10 deletions(-)
+
+diff --git a/src/lib/general.h b/src/lib/general.h
+index 356c142d..b3089554 100644
+--- a/src/lib/general.h
++++ b/src/lib/general.h
+@@ -7,17 +7,7 @@
+
+ #include "pkcs11.h"
+
+-#define TPM2_TOKEN_LABEL "TPM2 PKCS#11 Token"
+-#define TPM2_TOKEN_MANUFACTURER "Intel"
+-#define TPM2_TOKEN_MODEL "TPM2 PKCS#11"
+ static const CK_UTF8CHAR TPM2_TOKEN_SERIAL_NUMBER[] = "0000000000000000";
+-#define TPM2_TOKEN_HW_VERSION { 0, 0 }
+-#define TPM2_TOKEN_FW_VERSION { 0, 0 }
+-
+-#define TPM2_SLOT_DESCRIPTION "Intel TPM2.0 Cryptoki"
+-#define TPM2_SLOT_MANUFACTURER TPM2_TOKEN_MANUFACTURER
+-#define TPM2_SLOT_HW_VERSION TPM2_TOKEN_HW_VERSION
+-#define TPM2_SLOT_FW_VERSION TPM2_TOKEN_FW_VERSION
+
+ CK_RV general_init(void *init_args);
+ CK_RV general_get_func_list(CK_FUNCTION_LIST **function_list);
+
+From 8b43a99c5ff604d890bdc23fd2fa5f98aa087d83 Mon Sep 17 00:00:00 2001
+From: William Roberts <william.c.roberts@...>
+Date: Wed, 5 May 2021 14:11:04 -0500
+Subject: [PATCH 4/4] token: move TPM2_TOKEN_SERIAL_NUMBER local to use
+
+Signed-off-by: William Roberts <william.c.roberts@...>
+---
+ src/lib/general.h | 2 --
+ src/lib/token.c | 2 ++
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/lib/general.h b/src/lib/general.h
+index b3089554..9afd61ec 100644
+--- a/src/lib/general.h
++++ b/src/lib/general.h
+@@ -7,8 +7,6 @@
+
+ #include "pkcs11.h"
+
+-static const CK_UTF8CHAR TPM2_TOKEN_SERIAL_NUMBER[] = "0000000000000000";
+-
+ CK_RV general_init(void *init_args);
+ CK_RV general_get_func_list(CK_FUNCTION_LIST **function_list);
+ CK_RV general_get_info(CK_INFO *info);
+diff --git a/src/lib/token.c b/src/lib/token.c
+index c7211296..63a9a71b 100644
+--- a/src/lib/token.c
++++ b/src/lib/token.c
+@@ -20,6 +20,8 @@
+ #include "token.h"
+ #include "utils.h"
+
++static const CK_UTF8CHAR TPM2_TOKEN_SERIAL_NUMBER[] = "0000000000000000";
++
+ void pobject_config_free(pobject_config *c) {
+
+ if (c->is_transient) {
diff --git a/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.5.0.bb b/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.6.0.bb
similarity index 76%
rename from meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.5.0.bb
rename to meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.6.0.bb
index d53d4fa..63ec18d 100644
--- a/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.5.0.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.6.0.bb
@@ -4,13 +4,15 @@ SECTION = "security/tpm"
LICENSE = "BSD-2-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=0fc19f620a102768d6dbd1e7166e78ab"

-DEPENDS = "autoconf-archive pkgconfig dstat sqlite3 openssl libtss2-dev tpm2-tools libyaml python3-setuptools-native"
+DEPENDS = "autoconf-archive pkgconfig dstat sqlite3 openssl libtss2-dev tpm2-tools libyaml p11-kit python3-setuptools-native"

-SRC_URI = "git://github.com/tpm2-software/tpm2-pkcs11.git;branch=1.X \
+SRC_URI = "git://github.com/tpm2-software/tpm2-pkcs11.git;branch=master \
file://bootstrap_fixup.patch \
- file://0001-remove-local-binary-checkes.patch"
+ file://0001-remove-local-binary-checkes.patch \
+ file://677.patch \
+ "

-SRCREV = "5d583351028eebd470f50ec35db5dcf00533df31"
+SRCREV = "c2d53cc1af6b9df13c832715442853b21048c273"

S = "${WORKDIR}/git"

@@ -26,6 +28,10 @@ do_compile_append() {
}

do_install_append() {
+ install -d ${D}${libdir}/pkcs11
+ install -d ${D}${datadir}/p11-kit
+ rm -f ${D}${libdir}/pkcs11/libtpm2_pkcs11.so
+
cd ${S}/tools
export PYTHONPATH="${D}${PYTHON_SITEPACKAGES_DIR}"
${PYTHON_PN} setup.py install --root="${D}" --prefix="${prefix}" --install-lib="${PYTHON_SITEPACKAGES_DIR}" --optimize=1 --skip-build
@@ -33,12 +39,17 @@ do_install_append() {
sed -i -e "s:${PYTHON}:${USRBINPATH}/env ${PYTHON_PN}:g" "${D}${bindir}"/tpm2_ptool
}

-RDEPNDS_${PN} = "tpm2-tools"
-
PACKAGES =+ "${PN}-tools"
-RDEPENDS_${PN}-tools += "${PYTHON_PN}-setuptools ${PYTHON_PN}-pyyaml ${PYTHON_PN}-cryptography ${PYTHON_PN}-pyasn1-modules"

FILES_${PN}-tools = "\
${bindir}/tpm2_ptool \
${libdir}/${PYTHON_DIR}/* \
-"
+ "
+
+FILES_${PN} += "\
+ ${libdir}/pkcs11/* \
+ ${datadir}/p11-kit/* \
+ "
+
+RDEPNDS_${PN} = "tpm2-tools"
+RDEPENDS_${PN}-tools += "${PYTHON_PN}-setuptools ${PYTHON_PN}-pyyaml ${PYTHON_PN}-cryptography ${PYTHON_PN}-pyasn1-modules"
--
2.25.1


[meta-security][PATCH 1/2] tripwire: Blacklist pkg, upstream seems abandond

Armin Kuster
 

Last update was 2018. Does not build with gcc11.
There are other actively maintained IDS options.

Signed-off-by: Armin Kuster <akuster808@...>
---
recipes-core/packagegroup/packagegroup-core-security.bb | 2 --
recipes-ids/tripwire/tripwire_2.4.3.7.bb | 2 ++
2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/recipes-core/packagegroup/packagegroup-core-security.bb b/recipes-core/packagegroup/packagegroup-core-security.bb
index a6142a8..6d2dd7c 100644
--- a/recipes-core/packagegroup/packagegroup-core-security.bb
+++ b/recipes-core/packagegroup/packagegroup-core-security.bb
@@ -68,7 +68,6 @@ RDEPENDS_packagegroup-security-hardening = " \

SUMMARY_packagegroup-security-ids = "Security Intrusion Detection systems"
RDEPENDS_packagegroup-security-ids = " \
- tripwire \
samhain-standalone \
${@bb.utils.contains_any("TUNE_FEATURES", "ppc7400 riscv32 riscv64", "", " suricata",d)} \
"
@@ -89,7 +88,6 @@ RDEPENDS_packagegroup-meta-security-ptest-packages = "\
libseccomp-ptest \
python3-scapy-ptest \
suricata-ptest \
- tripwire-ptest \
python3-fail2ban-ptest \
${@bb.utils.contains("DISTRO_FEATURES", "smack", "smack-ptest", "",d)} \
"
diff --git a/recipes-ids/tripwire/tripwire_2.4.3.7.bb b/recipes-ids/tripwire/tripwire_2.4.3.7.bb
index 4f50bff..36e5d00 100644
--- a/recipes-ids/tripwire/tripwire_2.4.3.7.bb
+++ b/recipes-ids/tripwire/tripwire_2.4.3.7.bb
@@ -73,3 +73,5 @@ FILES_${PN}-ptest += "${PTEST_PATH}/tests "

RDEPENDS_${PN} += " perl nano msmtp cronie"
RDEPENDS_${PN}-ptest = " perl lib-perl perl-modules "
+
+PNBLACKLIST[tripwire] ?= "Upsteram project appears to be abondoned, fails to build with gcc11"
--
2.25.1


Re: Improving NPM recipe build speed

Alessandro Tagliapietra
 

Anyone?

3981 - 4000 of 57383