Hey Ryan,

This looks good to me. I'll merge this patch tomorrow, if there are no objections.

Thanks,

--
Alex Stewart
Software Engineer - NI Real-Time OS
NI (National Instruments)

alex.stewart@ni.com

Hello all. My organization has been working with Yocto recently, and we
have noticed that there are often weird errors encountered after
updating revisions within a release branch (e.g., 3.1.3 -> 3.1.5). Is
there an accepted process to merging in upstream changes? Here is a
distillation of our workflow:

* Yocto releases 3.1.0 / dunfell

* Create a local tracking branch for the Yocto release
"sample-yocto-dunfell" based on upstream 3.1.0 tag / dunfell branch.
This is necessary because some of our local tooling is located in the
top level directory and it is a pain to copy the files each time.

* Create firmware with Yocto

* Yocto releases 3.1.x

* Merge upstream yocto-3.1.x tag into local tracking branch

* Create firmware with Yocto

Sometimes, after this last step, we encounter problems where patches
cannot be applied, or files cannot be found when bitbake tries to build
the recipes. We have tried deleting build/{tmp,sstate-cache} whenever we
merge upstream changes, but random errors still persist. For each of
these packages, if we run "bitbake -c cleanall", the error goes away.

Most of the time, these recipes have not been extended in our project,
so they are purely meta-oe / meta packages.

Are we doing something wrong, or is there a more acceptable way to
handle updates?

How tightly should meta-openembedded be tied to the core Yocto release?

--
Regards,

Claude Bing

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
recipes-scanners/buck-security/buck-security_0.7.bb | 2 +-
recipes-scanners/checksecurity/checksecurity_2.0.15.bb | 2 +-
recipes-security/nikto/nikto_2.1.6.bb | 2 +-
recipes-security/redhat-security/redhat-security_1.0.bb | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/recipes-scanners/buck-security/buck-security_0.7.bb b/recipes-scanners/buck-security/buck-security_0.7.bb
index 179eeda..20a1fb0 100644
--- a/recipes-scanners/buck-security/buck-security_0.7.bb
+++ b/recipes-scanners/buck-security/buck-security_0.7.bb
@@ -3,7 +3,7 @@ DESCRIPTION = "Buck-Security is a security scanner for Debian and Ubuntu Linux.
system. This enables you to quickly overview the security status of your Linux system."
SECTION = "security"
LICENSE = "GPL-2.0"
-LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6"

SRC_URI = "http://sourceforge.net/projects/buck-security/files/buck-security/buck-security_${PV}/${BPN}_${PV}.tar.gz"

diff --git a/recipes-scanners/checksecurity/checksecurity_2.0.15.bb b/recipes-scanners/checksecurity/checksecurity_2.0.15.bb
index 204123d..0161b4c 100644
--- a/recipes-scanners/checksecurity/checksecurity_2.0.15.bb
+++ b/recipes-scanners/checksecurity/checksecurity_2.0.15.bb
@@ -2,7 +2,7 @@ SUMMARY = "basic system security checks"
DESCRIPTION = "checksecurity is a simple package which will scan your system for several simple security holes."
SECTION = "security"
LICENSE = "GPL-2.0"
-LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6"

SRC_URI = "http://ftp.de.debian.org/debian/pool/main/c/checksecurity/checksecurity_${PV}.tar.gz \
file://setuid-log-folder.patch \
diff --git a/recipes-security/nikto/nikto_2.1.6.bb b/recipes-security/nikto/nikto_2.1.6.bb
index 2d2c46c..615cc30 100644
--- a/recipes-security/nikto/nikto_2.1.6.bb
+++ b/recipes-security/nikto/nikto_2.1.6.bb
@@ -4,7 +4,7 @@ SECTION = "security"
HOMEPAGE = "https://cirt.net/Nikto2"

LICENSE = "GPLv2"
-LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6"

SRCREV = "f1bbd1a8756c076c8fd4f4dd0bc34a8ef215ae79"
SRC_URI = "git://github.com/sullo/nikto.git \
diff --git a/recipes-security/redhat-security/redhat-security_1.0.bb b/recipes-security/redhat-security/redhat-security_1.0.bb
index 56f734c..0d70dc6 100644
--- a/recipes-security/redhat-security/redhat-security_1.0.bb
+++ b/recipes-security/redhat-security/redhat-security_1.0.bb
@@ -2,7 +2,7 @@ SUMMARY = "redhat security tools"
DESCRIPTION = "Tools used by redhat linux distribution for security checks"
SECTION = "security"
LICENSE = "GPLv2"
-LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6"

SRC_URI = "file://find-chroot-py.sh \
file://find-chroot.sh \
--
2.17.1

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../scap-security-guide/scap-security-guide.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide.inc b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide.inc
index 32fce0f..d1a9511 100644
--- a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide.inc
+++ b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide.inc
@@ -10,7 +10,7 @@ DEPENDS = "openscap-native python3 python3-pyyaml-native python3-jinja2-native l

S = "${WORKDIR}/git"

-inherit cmake pkgconfig python3native
+inherit cmake pkgconfig python3native python3targetconfig

STAGING_OSCAP_BUILDDIR = "${TMPDIR}/work-shared/openscap/oscap-build-artifacts"
export OSCAP_CPE_PATH="${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/cpe"
--
2.17.1

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta-security-compliance/recipes-openscap/openscap/openscap.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-security-compliance/recipes-openscap/openscap/openscap.inc b/meta-security-compliance/recipes-openscap/openscap/openscap.inc
index afa576a..812ea9f 100644
--- a/meta-security-compliance/recipes-openscap/openscap/openscap.inc
+++ b/meta-security-compliance/recipes-openscap/openscap/openscap.inc
@@ -11,7 +11,7 @@ DEPENDS_class-native = "pkgconfig-native swig-native curl-native libxml2-native

S = "${WORKDIR}/git"

-inherit cmake pkgconfig python3native perlnative
+inherit cmake pkgconfig python3native python3targetconfig perlnative

PACKAGECONFIG ?= "python3 rpm perl gcrypt ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}"
PACKAGECONFIG[python3] = "-DENABLE_PYTHON3=ON, ,python3, python3"
--
2.17.1

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
recipes-ids/suricata/python3-suricata-update_1.1.1.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-ids/suricata/python3-suricata-update_1.1.1.bb b/recipes-ids/suricata/python3-suricata-update_1.1.1.bb
index 0070b5b..732ca9a 100644
--- a/recipes-ids/suricata/python3-suricata-update_1.1.1.bb
+++ b/recipes-ids/suricata/python3-suricata-update_1.1.1.bb
@@ -10,6 +10,6 @@ SRC_URI = "git://github.com/OISF/suricata-update;branch='master-1.1.x'"

S = "${WORKDIR}/git"

-inherit python3native setuptools3
+inherit python3native python3targetconfig setuptools3

RDEPENDS_${PN} = "python3-pyyaml"
--
2.17.1

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
recipes-mac/AppArmor/apparmor_3.0.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-mac/AppArmor/apparmor_3.0.bb b/recipes-mac/AppArmor/apparmor_3.0.bb
index 35e95a0..015205d 100644
--- a/recipes-mac/AppArmor/apparmor_3.0.bb
+++ b/recipes-mac/AppArmor/apparmor_3.0.bb
@@ -39,7 +39,7 @@ PARALLEL_MAKE = ""

COMPATIBLE_MACHINE_mips64 = "(!.*mips64).*"

-inherit pkgconfig autotools-brokensep update-rc.d python3native perlnative cpan systemd features_check bash-completion
+inherit pkgconfig autotools-brokensep update-rc.d python3native python3targetconfig perlnative cpan systemd features_check bash-completion

REQUIRED_DISTRO_FEATURES = "apparmor"

--
2.17.1

Hi,

Hi all

Is it possible to include a fine in local.conf?

yes. Just add "include my.conf" in your configuration.

https://docs.yoctoproject.org/bitbake/bitbake-user-manual/bitbake-user-manual-metadata.html#include-directive

Regards,
/Peter

MZ

Hello,

we are using a recipe to fetch binary from artifactory and package it in rootfile system.
and this artifactory path can be dynamic so i am using linux system variable to pass this information to the recipe by
d.getVar("SYSTEM_VAR",True)
and then using this variable in recipe to fetch binary from artifactory.

the problem is that when i change the "SYSTEM_VAR on linux machine then YOCTO complains "The metadata is not deterministic and this needs to be fixed"
because i am changing the variable without changing recipe, and the basehash value has changed.

what is the best way to solve the above problem?

On Mon, Feb 22, 2021 at 05:44 AM, Josef Holzmayr wrote:

I personally would probably go with a build-in-build, and put some
form of application rootfs on the emmc - this could either be a simple
chroot or some more advanced form of container. This avoids nasty
breakages and update problems when the filesystems go out of version
sync. Other techniques might also apply depending on your software
rollout process, like an addtional overlay fs, or a pivot-root with
initrd, or.... it depends. But ripping out random packages and
rearranging them at random locations certainly isn't a good idea. It
already hurts when I think of the mount-and-deploy magic one would
need for this to roll out in production.

My $.02

Okay, that makes sense!
I'll look for a better solution. 

KR,
Felix 

(re-adding list as this certainly does not contain sensitive
information - others might add other opinions and hints, as well as my
answer should be available for everyone to find it.)

Am Mo., 22. Feb. 2021 um 14:35 Uhr schrieb <felixn1996@gmail.com>:

On Mon, Feb 22, 2021 at 04:57 AM, Josef Holzmayr wrote:

Whats the reasoning behind this? If its meant to be a work-around for
"my custom software totally wants it in that location", then you're
probably better off fixing your custom software to stick to canonical
paths. If its about partitioning schemes, other techniques might
apply. If its about being able to upgrade/modify python independently
from the system, then you probably want some root-in-root or container
build. But randomly picing a complex package that has system-wide
implications and saying "I want it here, screw the FHS" is not a good
idea usually.

Hi
I am aware that what I am asking for is a bit ugly.

The reason is that I have a small amount of memory at my disposal. I'm working with a setup with two partitions, a root-fs and an overlayed application file system. None of them has enough space for python.
Therefore I want to install it on the eMMC, which has plenty of space.
So instead of /usr which is on the root/app file system, I would install it under /media/<somewhere> on the mounted eMMC.

But maybe there exists a more elegant solution?

I personally would probably go with a build-in-build, and put some
form of application rootfs on the emmc - this could either be a simple
chroot or some more advanced form of container. This avoids nasty
breakages and update problems when the filesystems go out of version
sync. Other techniques might also apply depending on your software
rollout process, like an addtional overlay fs, or a pivot-root with
initrd, or.... it depends. But ripping out random packages and
rearranging them at random locations certainly isn't a good idea. It
already hurts when I think of the mount-and-deploy magic one would
need for this to roll out in production.

My $.02

Greetz

On Mon, Feb 22, 2021 at 04:57 AM, Josef Holzmayr wrote:

Whats the reasoning behind this? If its meant to be a work-around for
"my custom software totally wants it in that location", then you're
probably better off fixing your custom software to stick to canonical
paths. If its about partitioning schemes, other techniques might
apply. If its about being able to upgrade/modify python independently
from the system, then you probably want some root-in-root or container
build. But randomly picing a complex package that has system-wide
implications and saying "I want it here, screw the FHS" is not a good
idea usually.

Hi all

Is it possible to include a fine in local.conf?

MZ

The installation of opkg-build man page introduces a host dependency
on perl for the pod2man package to generate the man page.

To allow the opkg-utils scripts to be installed separately from the
manpages, break apart the install step into two install steps:
install-utils and install-docs

CC: Christian Hermann <mail@hermannch.dev>
Signed-off-by: Ryan Barnett <ryanbarnett3@gmail.com>
---
v1 -> v2:
- Leave all target behavior unchanged (suggested by Christian)
---
Makefile | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/Makefile b/Makefile
index 4049654..fe96d5a 100644
--- a/Makefile
+++ b/Makefile
@@ -27,9 +27,11 @@ mandir ?=3D $(PREFIX)/man
=20
all: $(UTILS) $(MANPAGES)
=20
-install: all
+install-utils: $(UTILS)
install -d $(DESTDIR)$(bindir)
install -m 755 $(UTILS) $(DESTDIR)$(bindir)
+
+install-docs: $(MANPAGES)
install -d $(DESTDIR)$(mandir)
for m in $(MANPAGES); \
do \
@@ -37,4 +39,6 @@ install: all
install -m 644 "$$m" $(DESTDIR)$(mandir)/man$${m##*.}; \
done
=20
-.PHONY: install all
+install: install-utils install-docs
+
+.PHONY: install install-utils install-docs all
--=20
2.25.1

Howdy!

Am Mo., 22. Feb. 2021 um 13:22 Uhr schrieb <felixn1996@gmail.com>:

I'm new to the Yocto Project. It is my first time posting a Yocto related question. If this is the wrong place, I apologize in advance.

No problem, welcome on board!

I need to change the python installation location on my target from /usr/bin and /usr/lib to somewhere under /media.
I have searched around online and tried looking in the recipe: http://git.yoctoproject.org/cgit.cgi/poky/tree/meta/recipes-devtools/python/python3_3.9.1.bb

Whats the reasoning behind this? If its meant to be a work-around for
"my custom software totally wants it in that location", then you're
probably better off fixing your custom software to stick to canonical
paths. If its about partitioning schemes, other techniques might
apply. If its about being able to upgrade/modify python independently
from the system, then you probably want some root-in-root or container
build. But randomly picing a complex package that has system-wide
implications and saying "I want it here, screw the FHS" is not a good
idea usually.

Greetz

https://twitter.com/TheYoctoJester/status/1358865946790797324

Am Mo., 22. Feb. 2021 um 12:24 Uhr schrieb Robert P. J. Day
<rpjday@crashcourse.ca>:

colleague wants a recipe for libbpf:

https://github.com/libbpf/libbpf

would anyone have done that already and is willing to let me steal it?

rday

Remove bbappend since parted 3.4 has removed the enable_selinux
configure option[1].

Fixes:
QA Issue: parted: configure was passed unrecognised options: --enable-selinux [unknown-configure-option]

[1] https://git.savannah.gnu.org/cgit/parted.git/commit/?id=059200d50beb259c54469ae65f2d034af48ff849

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
recipes-extended/parted/parted_%.bbappend | 1 -
1 file changed, 1 deletion(-)
delete mode 100644 recipes-extended/parted/parted_%.bbappend

diff --git a/recipes-extended/parted/parted_%.bbappend b/recipes-extended/parted/parted_%.bbappend
deleted file mode 100644
index 74e22b3..0000000
--- a/recipes-extended/parted/parted_%.bbappend
+++ /dev/null
@@ -1 +0,0 @@
-inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'enable-selinux', '', d)}
--
2.25.1

Hi all,

This is the full report for yocto-3.2.2.rc1:
https://git.yoctoproject.org/cgit/cgit.cgi/yocto-testresults-contrib/tree/?h=intel-yocto-testresults

======= Summary ========
No high milestone defects.

No new issues found

Thanks,
Sangeeta