dnf error coming while compiling core-image-sato image.
NIKHIL PATIL <nikhilvp29@...>
Hi team ,    I am getting continuously dnf error, How we can resolve these .
|
||
|
||
Re: Which dts is being compiled?
Bel Hadj Salem Talel <bhstalel@...>
Hi, The kernel compiles every DTS exists in the Makefile which is located with DTS files. (arch/arm/boot/dts/Makefile) or (arch/arm64/boot/dts/[VENDOR]/Makefile)
|
||
|
||
Re: Which dts is being compiled?
Zoran
Hello David,
toggle quoted messageShow quoted text
Not sure if your question has anything to do with YOCTO (in contrary, I this is has nothing to do with it). I see kerne's .dtb from U-BOOT messages while booting the system: debug: [enable_uboot_overlays=1] ... debug: [enable_uboot_cape_universal=1] ... debug: [uboot_base_dtb_univ=am335x-boneblack-uboot-univ.dtb] ... uboot_overlays: [uboot_base_dtb=am335x-boneblack-uboot-univ.dtb] ... <<======= .dtb used uboot_overlays: Switching too: dtb=am335x-boneblack-uboot-univ.dtb ... loading /boot/dtbs/5.7.4-bone10/am335x-boneblack-uboot-univ.dtb ... <<======= .dtb loaded 210649 bytes read in 183 ms (1.1 MiB/s) uboot_overlays: [fdt_buffer=0x60000] ... uboot_overlays: loading /lib/firmware/BB-SPI0-SC16IS740-00A0.dtbo ... 2291 bytes read in 698 ms (2.9 KiB/s) You can also stop in U-BOOT monitor and issue: printenv, then search for dtb variables. In my case it gives me the following: ... uboot_base_dtb=am335x-boneblack-uboot.dtb <<======= This one is probably one which U-BOOT uses for its purposes uboot_base_dtb_univ=am335x-boneblack-uboot-univ.dtb <<======= One used by the kernel ... Hope this helps. Best Regards, Zoran _______
On Sun, Oct 18, 2020 at 12:16 AM David Novak <david.novak@...> wrote:
|
||
|
||
Re: do_fetch error while compiling code
Richard Purdie
On Sun, 2020-10-18 at 11:48 +0530, NIKHIL PATIL wrote:
hi ,The fetch error means it can't download the file. The above link: (http://xorg.freedesktop.org/releases/individual/lib/libXcursor-1.1.15.tar.bz2) works for me so it suggests something is wrong with the networking on the machine you're trying to build on. Cheers, Richard
|
||
|
||
Re: do_fetch error while compiling code
NIKHIL PATIL <nikhilvp29@...>
hi , Â Â We totally stuck here , if anyone knows please let us know.
On Sat, Oct 17, 2020 at 3:43 PM NIKHIL PATIL via lists.yoctoproject.org <nikhilvp29=gmail.com@...> wrote:
|
||
|
||
Which dts is being compiled?
David Novak <david.novak@...>
Hi all. I've found the device tree files and I'm fairly certain I know which one is being used in out image, but I want to be certain.
What process is used by Yocto to determine which top level dts file to compile? Thanks, David
|
||
|
||
[dunfell 32/32] apparmor: fix QA warning with systemd enabled
ERROR: apparmor-2.13.4-r0 do_package: QA Issue: apparmor: Files/directories were installed but not shipped in any package:
/usr/lib/systemd /usr/lib/systemd/system /usr/lib/systemd/system/apparmor.service Signed-off-by: Armin Kuster <akuster808@...> --- recipes-mac/AppArmor/apparmor_2.13.4.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes-mac/AppArmor/apparmor_2.13.4.bb b/recipes-mac/AppArmor/apparmor_2.13.4.bb index c1f038f..ba58fc5 100644 --- a/recipes-mac/AppArmor/apparmor_2.13.4.bb +++ b/recipes-mac/AppArmor/apparmor_2.13.4.bb @@ -190,7 +190,7 @@ SYSTEMD_AUTO_ENABLE ?= "enable" PACKAGES += "mod-${PN}" -FILES_${PN} += "/lib/apparmor/ ${sysconfdir}/apparmor ${PYTHON_SITEPACKAGES_DIR}" +FILES_${PN} += "/lib/apparmor/ ${systemd_system_unitdir} ${sysconfdir}/apparmor ${PYTHON_SITEPACKAGES_DIR}" FILES_mod-${PN} = "${libdir}/apache2/modules/*" # Add coreutils and findutils only if sysvinit scripts are in use -- 2.17.1
|
||
|
||
[dunfell 31/32] apparmor: fix issue with older use of shell in make
Signed-off-by: Armin Kuster <akuster808@...>
--- recipes-mac/AppArmor/apparmor_2.13.4.bb | 1 + ...-fix-failure-on-older-versions-of-Ma.patch | 40 +++++++++++++++++++ 2 files changed, 41 insertions(+) create mode 100644 recipes-mac/AppArmor/files/0001-tests-regression-fix-failure-on-older-versions-of-Ma.patch diff --git a/recipes-mac/AppArmor/apparmor_2.13.4.bb b/recipes-mac/AppArmor/apparmor_2.13.4.bb index 6ba1ea8..c1f038f 100644 --- a/recipes-mac/AppArmor/apparmor_2.13.4.bb +++ b/recipes-mac/AppArmor/apparmor_2.13.4.bb @@ -24,6 +24,7 @@ SRC_URI = " \ file://0001-Makefile.am-suppress-perllocal.pod.patch \ file://run-ptest \ file://0001-regression-tests-Don-t-build-syscall_sysctl-if-missi.patch \ + file://0001-tests-regression-fix-failure-on-older-versions-of-Ma.patch \ " SRCREV = "df0ac742f7a1146181d8734d03334494f2015134" diff --git a/recipes-mac/AppArmor/files/0001-tests-regression-fix-failure-on-older-versions-of-Ma.patch b/recipes-mac/AppArmor/files/0001-tests-regression-fix-failure-on-older-versions-of-Ma.patch new file mode 100644 index 0000000..a23d889 --- /dev/null +++ b/recipes-mac/AppArmor/files/0001-tests-regression-fix-failure-on-older-versions-of-Ma.patch @@ -0,0 +1,40 @@ +From bf8c4ca570c27cf58e882e03680b40357223e6e7 Mon Sep 17 00:00:00 2001 +From: John Johansen <john.johansen@...> +Date: Wed, 30 Sep 2020 13:36:23 -0700 +Subject: [PATCH] tests regression: fix failure on older versions of Make + +Older versions of Make will choke on the # character in the $(shell +expression, treating it as the beginning of a comment. Resulting in +the following error + +make unterminated call to function 'shell': missing ')'. Stop. + +MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/639 +Signed-off-by: John Johansen <john.johansen@...> +Acked-by: Steve Beattie <steve.beattie@...> +(cherry picked from commit 8cf3534a5b11643c5913e5eb74e491f2f014d792) + +Upstream-Status: Backport +[Minor fixup] +Signed-off-by: Armin Kuster <akuster808@...> +--- + tests/regression/apparmor/Makefile | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/tests/regression/apparmor/Makefile b/tests/regression/apparmor/Makefile +index c3d0cfb7..1d55547c 100644 +--- a/tests/regression/apparmor/Makefile ++++ b/tests/regression/apparmor/Makefile +@@ -69,7 +69,8 @@ endif # USE_SYSTEM + + CFLAGS += -g -O0 -Wall -Wstrict-prototypes + +-USE_SYSCTL:=$(shell echo "#include <sys/sysctl.h>" | cpp -dM >/dev/null 2>/dev/null && echo true) ++SYSCTL_INCLUDE="\#include <sys/sysctl.h>" ++USE_SYSCTL:=$(shell echo $(SYSCTL_INCLUDE) | cpp -dM >/dev/null 2>/dev/null && echo true) + + + SRC=access.c \ +-- +2.17.1 + -- 2.17.1
|
||
|
||
[dunfell 30/32] README: updated branch for Dunfell
Signed-off-by: Armin Kuster <akuster808@...>
--- README | 12 ++++++------ meta-integrity/README.md | 8 ++------ meta-security-compliance/README | 8 ++++---- meta-security-isafw/README.md | 4 ++-- meta-tpm/README | 8 ++++---- 5 files changed, 18 insertions(+), 22 deletions(-) diff --git a/README b/README index f223fee..19b07c7 100644 --- a/README +++ b/README @@ -10,27 +10,27 @@ Dependencies This layer depends on: URI: git://git.openembedded.org/openembedded-core - branch: master + branch: dunfell revision: HEAD prio: default URI: git://git.openembedded.org/meta-openembedded/meta-oe - branch: master + branch: dunfell revision: HEAD prio: default URI: git://git.openembedded.org/meta-openembedded/meta-perl - branch: master + branch: dunfell revision: HEAD prio: default URI: git://git.openembedded.org/meta-openembedded/meta-python - branch: master + branch: dunfell revision: HEAD prio: default URI: git://git.openembedded.org/meta-openembedded/meta-networking - branch: master + branch: dunfell revision: HEAD prio: default @@ -60,7 +60,7 @@ Maintenance Send pull requests, patches, comments or questions to yocto@... When sending single patches, please using something like: -'git send-email -1 --to yocto@... --subject-prefix=meta-security][PATCH' +'git send-email -1 --to yocto@... --subject-prefix=meta-security][dunfell][PATCH' These values can be set as defaults for this repository: diff --git a/meta-integrity/README.md b/meta-integrity/README.md index 4607948..f08a164 100644 --- a/meta-integrity/README.md +++ b/meta-integrity/README.md @@ -10,15 +10,11 @@ Dependencies This layer depends on: URI: git://git.openembedded.org/bitbake - branch: master + branch: dunfell URI: git://git.openembedded.org/openembedded-core layers: meta - branch: master - - URI: git://github.com/01org/meta-security/meta-integrate - layers: security-framework - branch: master + branch: dunfell Patches diff --git a/meta-security-compliance/README b/meta-security-compliance/README index 320f856..86a95fb 100644 --- a/meta-security-compliance/README +++ b/meta-security-compliance/README @@ -9,16 +9,16 @@ Dependencies This layer depends on: URI: git://git.openembedded.org/bitbake - branch: master + branch: 1.48 URI: git://git.openembedded.org/openembedded-core layers: meta - branch: master + branch: dunfell or URI: git://git.yoctoproject.org/poky - branch: master + branch: dunfell @@ -28,7 +28,7 @@ Maintenance Send pull requests, patches, comments or questions to yocto@... When sending single patches, please using something like: -'git send-email -1 --to yocto@... --subject-prefix=meta-security-compliance][PATCH' +'git send-email -1 --to yocto@... --subject-prefix=meta-security-compliance][dunfell][PATCH' Layer Maintainer: Armin Kuster <akuster808@...> diff --git a/meta-security-isafw/README.md b/meta-security-isafw/README.md index 16041cb..48db167 100644 --- a/meta-security-isafw/README.md +++ b/meta-security-isafw/README.md @@ -78,12 +78,12 @@ Patches end pull requests, patches, comments or questions to yocto@... When sending single patches, please using something like: -'git send-email -1 --to yocto@... --subject-prefix=meta-security-isafw][PATCH' +'git send-email -1 --to yocto@... --subject-prefix=meta-security-isafw][dunfell][PATCH' These values can be set as defaults for this repository: $ git config sendemail.to yocto@... -$ git config format.subjectPrefix meta-security-isafw][PATCH +$ git config format.subjectPrefix meta-security-isafw][dunfell][PATCH Now you can just do 'git send-email origin/master' to send all local patches. diff --git a/meta-tpm/README b/meta-tpm/README index dd662b3..90e211c 100644 --- a/meta-tpm/README +++ b/meta-tpm/README @@ -9,12 +9,12 @@ Dependencies This layer depends on: URI: git://git.openembedded.org/openembedded-core - branch: master + branch: dunfell revision: HEAD prio: default URI: git://git.openembedded.org/meta-openembedded/meta-oe - branch: master + branch: dunfell revision: HEAD prio: default @@ -41,12 +41,12 @@ Maintenance Send pull requests, patches, comments or questions to yocto@... When sending single patches, please using something like: -'git send-email -1 --to yocto@... --subject-prefix=meta-security][PATCH' +'git send-email -1 --to yocto@... --subject-prefix=meta-security][dunfell][PATCH' These values can be set as defaults for this repository: $ git config sendemail.to yocto@... -$ git config format.subjectPrefix meta-security][PATCH +$ git config format.subjectPrefix meta-security][dunfell][PATCH Now you can just do 'git send-email origin/master' to send all local patches. -- 2.17.1
|
||
|
||
[dunfell 29/32] ibmswtpm2: fix QA warning
ibmswtpm2 doesn't have GNU_HASH (didn't pass LDFLAGS?) [ldflags
Signed-off-by: Armin Kuster <akuster808@...> --- meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1563.bb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1563.bb b/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1563.bb index 8054226..a892761 100644 --- a/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1563.bb +++ b/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1563.bb @@ -16,6 +16,8 @@ SRC_URI[sha512sum] = "ff0b9e5f0d0070eb572b23641f7a0e70a8bc65cbf4b59dca1778be3bb0 S = "${WORKDIR}/src" +INSANE_SKIP_${PN} += "ldflags" + do_compile () { make CC='${CC}' } @@ -24,4 +26,3 @@ do_install () { install -d ${D}/${bindir} install -m 0755 tpm_server ${D}/${bindir} } - -- 2.17.1
|
||
|
||
[dunfell 28/32] layer.conf: use += instead of := to update BBFILES
From: Sajjad Ahmed <sajjad_ahmed@...>
Updating BBFILES with := isn't the standard way and can break parsing under certain conditions, instead use += which is widely used. Signed-off-by: Sajjad Ahmed <sajjad_ahmed@...> Signed-off-by: Armin Kuster <akuster808@...> (cherry picked from commit 63e1cf3ffa26a4e820ec8d882e67e438aa0d23ee) --- meta-integrity/conf/layer.conf | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/meta-integrity/conf/layer.conf b/meta-integrity/conf/layer.conf index b4edac3..6072e6d 100644 --- a/meta-integrity/conf/layer.conf +++ b/meta-integrity/conf/layer.conf @@ -2,8 +2,7 @@ BBPATH =. "${LAYERDIR}:" # We have a packages directory, add to BBFILES -BBFILES := "${BBFILES} \ - ${LAYERDIR}/recipes-*/*/*.bb \ +BBFILES += "${LAYERDIR}/recipes-*/*/*.bb \ ${LAYERDIR}/recipes-*/*/*.bbappend" BBFILE_COLLECTIONS += "integrity" -- 2.17.1
|
||
|
||
[dunfell 27/32] scap-security-guide: add expat-native to DEPENDS
From: Mingli Yu <mingli.yu@...>
Add expat-native to DEPENDS to fix the below do_configure error: | CMake Error at CMakeLists.txt:165 (message): | xmlwf is required! Signed-off-by: Mingli Yu <mingli.yu@...> Signed-off-by: Armin Kuster <akuster808@...> (cherry picked from commit 4c2f7ffd492c7083273aca7cc718802279f05ce2) --- .../scap-security-guide/scap-security-guide.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide.inc b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide.inc index 66c2623..32fce0f 100644 --- a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide.inc +++ b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide.inc @@ -6,7 +6,7 @@ HOME_URL = "https://www.open-scap.org/security-policies/scap-security-guide/" LIC_FILES_CHKSUM = "file://LICENSE;md5=97662e4486d9a1d09f358851d9f41a1a" LICENSE = "LGPL-2.1" -DEPENDS = "openscap-native python3 python3-pyyaml-native python3-jinja2-native libxml2-native" +DEPENDS = "openscap-native python3 python3-pyyaml-native python3-jinja2-native libxml2-native expat-native" S = "${WORKDIR}/git" -- 2.17.1
|
||
|
||
[dunfell 26/32] packagegroup-core-security: remove clamav from musl image
Signed-off-by: Armin Kuster <akuster808@...>
(cherry picked from commit 496a734c14fc72250979a4e7eb69c5d541ffd870) --- recipes-security/packagegroup/packagegroup-core-security.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/recipes-security/packagegroup/packagegroup-core-security.bb b/recipes-security/packagegroup/packagegroup-core-security.bb index 72ca0f4..fd6da9e 100644 --- a/recipes-security/packagegroup/packagegroup-core-security.bb +++ b/recipes-security/packagegroup/packagegroup-core-security.bb @@ -39,6 +39,7 @@ RDEPENDS_packagegroup-security-scanners = "\ checksecurity \ ${@bb.utils.contains_any("TUNE_FEATURES", "riscv32 riscv64", "", " clamav clamav-freshclam clamav-cvd",d)} \ " +RDEPENDS_packagegroup-security-scanners_remove_libc-musl = "clamav clamav-freshclam clamav-cvd" SUMMARY_packagegroup-security-audit = "Security Audit tools " RDEPENDS_packagegroup-security-audit = " \ -- 2.17.1
|
||
|
||
[dunfell 25/32] apparmor: fix build issue with ptest enabled.
minor spacing cleanup
Signed-off-by: Armin Kuster <akuster808@...> (cherry picked from commit 2a7963df18e7f43c6209387b6e1a1e75ff74b6ca) --- recipes-mac/AppArmor/apparmor_2.13.4.bb | 181 +++++++++--------- ...-Don-t-build-syscall_sysctl-if-missi.patch | 96 ++++++++++ 2 files changed, 186 insertions(+), 91 deletions(-) create mode 100644 recipes-mac/AppArmor/files/0001-regression-tests-Don-t-build-syscall_sysctl-if-missi.patch diff --git a/recipes-mac/AppArmor/apparmor_2.13.4.bb b/recipes-mac/AppArmor/apparmor_2.13.4.bb index dcdc1f7..6ba1ea8 100644 --- a/recipes-mac/AppArmor/apparmor_2.13.4.bb +++ b/recipes-mac/AppArmor/apparmor_2.13.4.bb @@ -14,16 +14,17 @@ LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=fd57a4b0bc782d7b80fd431f10bbf9d0" DEPENDS = "bison-native apr gettext-native coreutils-native" SRC_URI = " \ - git://gitlab.com/apparmor/apparmor.git;protocol=https;branch=apparmor-2.13 \ - file://disable_perl_h_check.patch \ - file://crosscompile_perl_bindings.patch \ - file://apparmor.rc \ - file://functions \ - file://apparmor \ - file://apparmor.service \ - file://0001-Makefile.am-suppress-perllocal.pod.patch \ - file://run-ptest \ - " + git://gitlab.com/apparmor/apparmor.git;protocol=https;branch=apparmor-2.13 \ + file://disable_perl_h_check.patch \ + file://crosscompile_perl_bindings.patch \ + file://apparmor.rc \ + file://functions \ + file://apparmor \ + file://apparmor.service \ + file://0001-Makefile.am-suppress-perllocal.pod.patch \ + file://run-ptest \ + file://0001-regression-tests-Don-t-build-syscall_sysctl-if-missi.patch \ + " SRCREV = "df0ac742f7a1146181d8734d03334494f2015134" S = "${WORKDIR}/git" @@ -54,76 +55,76 @@ python() { DISABLE_STATIC = "" do_configure() { - cd ${S}/libraries/libapparmor - aclocal - autoconf --force - libtoolize --automake -c --force - automake -ac - ./configure ${CONFIGUREOPTS} ${EXTRA_OECONF} + cd ${S}/libraries/libapparmor + aclocal + autoconf --force + libtoolize --automake -c --force + automake -ac + ./configure ${CONFIGUREOPTS} ${EXTRA_OECONF} } do_compile () { - # Fixes: - # | sed -ie 's///g' Makefile.perl - # | sed: -e expression #1, char 0: no previous regular expression - #| Makefile:478: recipe for target 'Makefile.perl' failed - sed -i "s@sed -ie 's///g' Makefile.perl@@" ${S}/libraries/libapparmor/swig/perl/Makefile - - - oe_runmake -C ${B}/libraries/libapparmor - oe_runmake -C ${B}/binutils - oe_runmake -C ${B}/utils - oe_runmake -C ${B}/parser - oe_runmake -C ${B}/profiles - - if test -z "${HTTPD}" ; then - oe_runmake -C ${B}/changehat/mod_apparmor - fi - - if test -z "${PAMLIB}" ; then - oe_runmake -C ${B}/changehat/pam_apparmor - fi + # Fixes: + # | sed -ie 's///g' Makefile.perl + # | sed: -e expression #1, char 0: no previous regular expression + #| Makefile:478: recipe for target 'Makefile.perl' failed + sed -i "s@sed -ie 's///g' Makefile.perl@@" ${S}/libraries/libapparmor/swig/perl/Makefile + + + oe_runmake -C ${B}/libraries/libapparmor + oe_runmake -C ${B}/binutils + oe_runmake -C ${B}/utils + oe_runmake -C ${B}/parser + oe_runmake -C ${B}/profiles + + if test -z "${HTTPD}" ; then + oe_runmake -C ${B}/changehat/mod_apparmor + fi + + if test -z "${PAMLIB}" ; then + oe_runmake -C ${B}/changehat/pam_apparmor + fi } do_install () { - install -d ${D}/${INIT_D_DIR} - install -d ${D}/lib/apparmor - oe_runmake -C ${B}/libraries/libapparmor DESTDIR="${D}" install - oe_runmake -C ${B}/binutils DESTDIR="${D}" install - oe_runmake -C ${B}/utils DESTDIR="${D}" install - oe_runmake -C ${B}/parser DESTDIR="${D}" install - oe_runmake -C ${B}/profiles DESTDIR="${D}" install - - # If perl is disabled this script won't be any good - if ! ${@bb.utils.contains('PACKAGECONFIG','perl','true','false', d)}; then - rm -f ${D}${sbindir}/aa-notify - fi - - if ! ${@bb.utils.contains('PACKAGECONFIG','aa-decode','true','false', d)}; then - rm -f ${D}${sbindir}/aa-decode - fi - - if test -z "${HTTPD}" ; then - oe_runmake -C ${B}/changehat/mod_apparmor DESTDIR="${D}" install - fi - - if test -z "${PAMLIB}" ; then - oe_runmake -C ${B}/changehat/pam_apparmor DESTDIR="${D}" install - fi - - # aa-easyprof is installed by python-tools-setup.py, fix it up - sed -i -e 's:/usr/bin/env.*:/usr/bin/python3:' ${D}${bindir}/aa-easyprof - chmod 0755 ${D}${bindir}/aa-easyprof - - install ${WORKDIR}/apparmor ${D}/${INIT_D_DIR}/apparmor - install ${WORKDIR}/functions ${D}/lib/apparmor - sed -i -e 's/getconf _NPROCESSORS_ONLN/nproc/' ${D}/lib/apparmor/functions - sed -i -e 's/ls -AU/ls -A/' ${D}/lib/apparmor/functions - - if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then - install -d ${D}${systemd_system_unitdir} - install -m 0644 ${WORKDIR}/apparmor.service ${D}${systemd_system_unitdir} - fi + install -d ${D}/${INIT_D_DIR} + install -d ${D}/lib/apparmor + oe_runmake -C ${B}/libraries/libapparmor DESTDIR="${D}" install + oe_runmake -C ${B}/binutils DESTDIR="${D}" install + oe_runmake -C ${B}/utils DESTDIR="${D}" install + oe_runmake -C ${B}/parser DESTDIR="${D}" install + oe_runmake -C ${B}/profiles DESTDIR="${D}" install + + # If perl is disabled this script won't be any good + if ! ${@bb.utils.contains('PACKAGECONFIG','perl','true','false', d)}; then + rm -f ${D}${sbindir}/aa-notify + fi + + if ! ${@bb.utils.contains('PACKAGECONFIG','aa-decode','true','false', d)}; then + rm -f ${D}${sbindir}/aa-decode + fi + + if test -z "${HTTPD}" ; then + oe_runmake -C ${B}/changehat/mod_apparmor DESTDIR="${D}" install + fi + + if test -z "${PAMLIB}" ; then + oe_runmake -C ${B}/changehat/pam_apparmor DESTDIR="${D}" install + fi + + # aa-easyprof is installed by python-tools-setup.py, fix it up + sed -i -e 's:/usr/bin/env.*:/usr/bin/python3:' ${D}${bindir}/aa-easyprof + chmod 0755 ${D}${bindir}/aa-easyprof + + install ${WORKDIR}/apparmor ${D}/${INIT_D_DIR}/apparmor + install ${WORKDIR}/functions ${D}/lib/apparmor + sed -i -e 's/getconf _NPROCESSORS_ONLN/nproc/' ${D}/lib/apparmor/functions + sed -i -e 's/ls -AU/ls -A/' ${D}/lib/apparmor/functions + + if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then + install -d ${D}${systemd_system_unitdir} + install -m 0644 ${WORKDIR}/apparmor.service ${D}${systemd_system_unitdir} + fi } #Building ptest on arm fails. @@ -136,30 +137,28 @@ do_compile_ptest_arm () { } do_compile_ptest () { - oe_runmake -C ${B}/tests/regression/apparmor - oe_runmake -C ${B}/parser/tst - oe_runmake -C ${B}/libraries/libapparmor + sed -i -e 's/cpp \-dM/${HOST_PREFIX}gcc \-dM/' ${B}/tests/regression/apparmor/Makefile + oe_runmake -C ${B}/tests/regression/apparmor + oe_runmake -C ${B}/libraries/libapparmor } do_install_ptest () { - t=${D}/${PTEST_PATH}/testsuite - install -d ${t} - install -d ${t}/tests/regression/apparmor - cp -rf ${B}/tests/regression/apparmor ${t}/tests/regression + t=${D}/${PTEST_PATH}/testsuite + install -d ${t} + install -d ${t}/tests/regression/apparmor + cp -rf ${B}/tests/regression/apparmor ${t}/tests/regression - install -d ${t}/parser/tst - cp -rf ${B}/parser/tst ${t}/parser - cp ${B}/parser/apparmor_parser ${t}/parser - cp ${B}/parser/frob_slack_rc ${t}/parser + cp ${B}/parser/apparmor_parser ${t}/parser + cp ${B}/parser/frob_slack_rc ${t}/parser - install -d ${t}/libraries/libapparmor - cp -rf ${B}/libraries/libapparmor ${t}/libraries + install -d ${t}/libraries/libapparmor + cp -rf ${B}/libraries/libapparmor ${t}/libraries - install -d ${t}/common - cp -rf ${B}/common ${t} + install -d ${t}/common + cp -rf ${B}/common ${t} - install -d ${t}/binutils - cp -rf ${B}/binutils ${t} + install -d ${t}/binutils + cp -rf ${B}/binutils ${t} } #Building ptest on arm fails. diff --git a/recipes-mac/AppArmor/files/0001-regression-tests-Don-t-build-syscall_sysctl-if-missi.patch b/recipes-mac/AppArmor/files/0001-regression-tests-Don-t-build-syscall_sysctl-if-missi.patch new file mode 100644 index 0000000..3cd1e88 --- /dev/null +++ b/recipes-mac/AppArmor/files/0001-regression-tests-Don-t-build-syscall_sysctl-if-missi.patch @@ -0,0 +1,96 @@ +From 7a7c7fb346ded6f017c8df44486778a5f032d41a Mon Sep 17 00:00:00 2001 +From: John Johansen <john.johansen@...> +Date: Tue, 29 Sep 2020 03:05:22 -0700 +Subject: [PATCH] regression tests: Don't build syscall_sysctl if missing + kernel headers + +sys/sysctl.h is not guaranteed to exist anymore since +https://sourceware.org/pipermail/glibc-cvs/2020q2/069366.html + +which is a follow on to the kernel commit +61a47c1ad3a4 sysctl: Remove the sysctl system call + +While the syscall_sysctl currently checks if the kernel supports +sysctrs before running the tests. The tests can't even build if the +kernel headers don't have the sysctl defines. + +Fixes: https://gitlab.com/apparmor/apparmor/-/issues/119 +Fixes: https://bugs.launchpad.net/apparmor/+bug/1897288 +MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/637 +Signed-off-by: John Johansen <john.johansen@...> +Acked-by: Steve Beattie <steve.beattie@...> +(cherry picked from commit 2e5a266eb715fc7e526520235a6450444775791f) + +Upstream-Status: Backport +Signed-off-by: Armin Kuster <akuster808@...> + +--- + tests/regression/apparmor/Makefile | 10 +++++++++- + tests/regression/apparmor/syscall_sysctl.sh | 15 +++++++++++---- + 2 files changed, 20 insertions(+), 5 deletions(-) + +diff --git a/tests/regression/apparmor/Makefile b/tests/regression/apparmor/Makefile +index 198ca421..c3d0cfb7 100644 +--- a/tests/regression/apparmor/Makefile ++++ b/tests/regression/apparmor/Makefile +@@ -69,6 +69,9 @@ endif # USE_SYSTEM + + CFLAGS += -g -O0 -Wall -Wstrict-prototypes + ++USE_SYSCTL:=$(shell echo "#include <sys/sysctl.h>" | cpp -dM >/dev/null 2>/dev/null && echo true) ++ ++ + SRC=access.c \ + at_secure.c \ + introspect.c \ +@@ -130,7 +133,6 @@ SRC=access.c \ + syscall_sethostname.c \ + syscall_setdomainname.c \ + syscall_setscheduler.c \ +- syscall_sysctl.c \ + sysctl_proc.c \ + tcp.c \ + transition.c \ +@@ -146,6 +148,12 @@ ifneq (,$(findstring $(shell uname -i),i386 i486 i586 i686 x86 x86_64)) + SRC+=syscall_ioperm.c syscall_iopl.c + endif + ++#only do sysctl syscall test if defines installed and OR supported by the ++# kernel ++ifeq ($(USE_SYSCTL),true) ++SRC+=syscall_sysctl.c ++endif ++ + #only do dbus if proper libs are installl + ifneq (,$(shell pkg-config --exists dbus-1 && echo TRUE)) + SRC+=dbus_eavesdrop.c dbus_message.c dbus_service.c dbus_unrequested_reply.c +diff --git a/tests/regression/apparmor/syscall_sysctl.sh b/tests/regression/apparmor/syscall_sysctl.sh +index f93946f3..5f856984 100644 +--- a/tests/regression/apparmor/syscall_sysctl.sh ++++ b/tests/regression/apparmor/syscall_sysctl.sh +@@ -148,11 +148,18 @@ test_sysctl_proc() + # check if the kernel supports CONFIG_SYSCTL_SYSCALL + # generally we want to encourage kernels to disable it, but if it's + # enabled we want to test against it +-settest syscall_sysctl +-if ! res="$(${test} ro 2>&1)" && [ "$res" = "FAIL: sysctl read failed - Function not implemented" ] ; then +- echo " WARNING: syscall sysctl not implemented, skipping tests ..." ++# In addition test that sysctl exists in the kernel headers, if it does't ++# then we can't even built the syscall_sysctl test ++if echo "#include <sys/sysctl.h>" | cpp -dM >/dev/null 2>/dev/null ; then ++ settest syscall_sysctl ++ ++ if ! res="$(${test} ro 2>&1)" && [ "$res" = "FAIL: sysctl read failed - Function not implemented" ] ; then ++ echo " WARNING: syscall sysctl not implemented, skipping tests ..." ++ else ++ test_syscall_sysctl ++ fi + else +- test_syscall_sysctl ++ echo " WARNING: syscall sysctl not supported by kernel headers, skipping tests ..." + fi + + # now test /proc/sys/ paths +-- +2.17.1 + -- 2.17.1
|
||
|
||
[dunfell 24/32] linux-%/5.x: Add dm-verity fragment as needed
From: Naveen Saini <naveen.kumar.saini@...>
Add checks that include dm-verity specific kernel config fragment when dm-verity-img.bbclass is used. Signed-off-by: Naveen Saini <naveen.kumar.saini@...> Signed-off-by: Armin Kuster <akuster808@...> (cherry picked from commit d9feafe991cdf4084746c41438526dbf0b5dc2c8) --- recipes-kernel/linux/linux-%_5.%.bbappend | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes-kernel/linux/linux-%_5.%.bbappend b/recipes-kernel/linux/linux-%_5.%.bbappend index 76b5df5..6bc40cd 100644 --- a/recipes-kernel/linux/linux-%_5.%.bbappend +++ b/recipes-kernel/linux/linux-%_5.%.bbappend @@ -1,4 +1,4 @@ KERNEL_FEATURES_append = " ${@bb.utils.contains("DISTRO_FEATURES", "apparmor", " features/apparmor/apparmor.scc", "" ,d)}" KERNEL_FEATURES_append = " ${@bb.utils.contains("DISTRO_FEATURES", "smack", " features/smack/smack.scc", "" ,d)}" KERNEL_FEATURES_append = " ${@bb.utils.contains("DISTRO_FEATURES", "yama", " features/yama/yama.scc", "" ,d)}" - +KERNEL_FEATURES_append = " ${@bb.utils.contains("IMAGE_CLASSES", "dm-verity-img", " features/device-mapper/dm-verity.scc", "" ,d)}" -- 2.17.1
|
||
|
||
[dunfell 23/32] wic: add wks.in for intel dm-verity
From: Naveen Saini <naveen.kumar.saini@...>
Based on systemd-bootdisk-microcode.wks.in, this adds the dm-verity image similar to the beaglebone wks already in meta-security. Signed-off-by: Naveen Saini <naveen.kumar.saini@...> Signed-off-by: Armin Kuster <akuster808@...> (cherry picked from commit 0de4f3bfb7fffe8d91026f00ce7f9384e13dfc54) --- wic/systemd-bootdisk-dmverity.wks.in | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 wic/systemd-bootdisk-dmverity.wks.in diff --git a/wic/systemd-bootdisk-dmverity.wks.in b/wic/systemd-bootdisk-dmverity.wks.in new file mode 100644 index 0000000..ef114ca --- /dev/null +++ b/wic/systemd-bootdisk-dmverity.wks.in @@ -0,0 +1,15 @@ +# A dm-verity variant of the regular wks for IA machines. We need to fetch +# the partition images from the IMGDEPLOYDIR as the rootfs source plugin will +# not recreate the exact block device corresponding with the hash tree. We must +# not alter the label or any other setting on the image. +# Based on OE-core's systemd-bootdisk.wks and meta-security's beaglebone-yocto-verity.wks.in file +# +# This .wks only works with the dm-verity-img class. + +part /boot --source bootimg-efi --sourceparams="loader=systemd-boot,initrd=microcode.cpio" --ondisk sda --label msdos --active --align 1024 --use-uuid + +part / --source rawcopy --ondisk sda --sourceparams="file=${IMGDEPLOYDIR}/${DM_VERITY_IMAGE}-${MACHINE}.${DM_VERITY_IMAGE_TYPE}.verity" --use-uuid + +part swap --ondisk sda --size 44 --label swap1 --fstype=swap --use-uuid + +bootloader --ptable gpt --timeout=5 --append=" " -- 2.17.1
|
||
|
||
[dunfell 22/32] initramfs-framework/dmverity: add retry loop for slow boot devices
From: Naveen Saini <naveen.kumar.saini@...>
Detection of USB devices by the kernel is slow enough. We need to keep trying for a while (default: 5s seconds, controlled by roottimeout=<seconds>) and sleep between each attempt (default: one second, rootdelay=<seconds>). Fix is based on https://git.yoctoproject.org/cgit.cgi/poky/commit/meta/recipes-core/initrdscripts/initramfs-framework/rootfs?id=ee6a6c3461694ce09789bf4d852cea2e22fc95e4 Signed-off-by: Naveen Saini <naveen.kumar.saini@...> Signed-off-by: Armin Kuster <akuster808@...> (cherry picked from commit e23767fc72040cc58e638b08925ab467221c91f9) --- .../initramfs-framework/dmverity | 64 +++++++++++-------- 1 file changed, 37 insertions(+), 27 deletions(-) diff --git a/recipes-core/initrdscripts/initramfs-framework/dmverity b/recipes-core/initrdscripts/initramfs-framework/dmverity index bb07aab..888052c 100644 --- a/recipes-core/initrdscripts/initramfs-framework/dmverity +++ b/recipes-core/initrdscripts/initramfs-framework/dmverity @@ -10,33 +10,43 @@ dmverity_run() { . /usr/share/misc/dm-verity.env - case "${bootparam_root}" in - ID=*) - RDEV="$(realpath /dev/disk/by-id/${bootparam_root#ID=})" - ;; - LABEL=*) - RDEV="$(realpath /dev/disk/by-label/${bootparam_root#LABEL=})" - ;; - PARTLABEL=*) - RDEV="$(realpath /dev/disk/by-partlabel/${bootparam_root#PARTLABEL=})" - ;; - PARTUUID=*) - RDEV="$(realpath /dev/disk/by-partuuid/${bootparam_root#PARTUUID=})" - ;; - PATH=*) - RDEV="$(realpath /dev/disk/by-path/${bootparam_root#PATH=})" - ;; - UUID=*) - RDEV="$(realpath /dev/disk/by-uuid/${bootparam_root#UUID=})" - ;; - *) - RDEV="${bootparam_root}" - esac - - if ! [ -b "${RDEV}" ]; then - echo "Root device resolution failed" - exit 1 - fi + C=0 + delay=${bootparam_rootdelay:-1} + timeout=${bootparam_roottimeout:-5} + RDEV="$(realpath /dev/disk/by-partuuid/${bootparam_root#PARTUUID=})" + while [ ! -b "${RDEV}" ]; do + if [ $(( $C * $delay )) -gt $timeout ]; then + fatal "Root device resolution failed" + exit 1 + fi + + case "${bootparam_root}" in + ID=*) + RDEV="$(realpath /dev/disk/by-id/${bootparam_root#ID=})" + ;; + LABEL=*) + RDEV="$(realpath /dev/disk/by-label/${bootparam_root#LABEL=})" + ;; + PARTLABEL=*) + RDEV="$(realpath /dev/disk/by-partlabel/${bootparam_root#PARTLABEL=})" + ;; + PARTUUID=*) + RDEV="$(realpath /dev/disk/by-partuuid/${bootparam_root#PARTUUID=})" + ;; + PATH=*) + RDEV="$(realpath /dev/disk/by-path/${bootparam_root#PATH=})" + ;; + UUID=*) + RDEV="$(realpath /dev/disk/by-uuid/${bootparam_root#UUID=})" + ;; + *) + RDEV="${bootparam_root}" + esac + debug "Sleeping for $delay second(s) to wait root to settle..." + sleep $delay + C=$(( $C + 1 )) + + done veritysetup \ --data-block-size=1024 \ -- 2.17.1
|
||
|
||
[dunfell 21/32] apparmor: exclude mips64, not supported
Signed-off-by: Armin Kuster <akuster808@...>
(cherry picked from commit f176756890766bc9a6a00fe83bfe8e3c9bc13d07) --- recipes-mac/AppArmor/apparmor_2.13.4.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/recipes-mac/AppArmor/apparmor_2.13.4.bb b/recipes-mac/AppArmor/apparmor_2.13.4.bb index 552cac7..dcdc1f7 100644 --- a/recipes-mac/AppArmor/apparmor_2.13.4.bb +++ b/recipes-mac/AppArmor/apparmor_2.13.4.bb @@ -30,6 +30,8 @@ S = "${WORKDIR}/git" PARALLEL_MAKE = "" +COMPATIBLE_MACHINE_mips64 = "(!.*mips64).*" + inherit pkgconfig autotools-brokensep update-rc.d python3native perlnative ptest cpan manpages systemd features_check REQUIRED_DISTRO_FEATURES = "apparmor" -- 2.17.1
|
||
|
||
[dunfell 20/32] packagegroup-core-security: dont include suricata on riscv or ppc
Signed-off-by: Armin Kuster <akuster808@...>
(cherry picked from commit caf76696e8669ee48339c13f01042da9e52515ae) --- recipes-security/packagegroup/packagegroup-core-security.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes-security/packagegroup/packagegroup-core-security.bb b/recipes-security/packagegroup/packagegroup-core-security.bb index 539ea2a..72ca0f4 100644 --- a/recipes-security/packagegroup/packagegroup-core-security.bb +++ b/recipes-security/packagegroup/packagegroup-core-security.bb @@ -55,7 +55,7 @@ SUMMARY_packagegroup-security-ids = "Security Intrusion Detection systems" RDEPENDS_packagegroup-security-ids = " \ tripwire \ samhain-standalone \ - suricata \ + ${@bb.utils.contains_any("TUNE_FEATURES", "ppc7400 riscv32 riscv64", "", " suricata",d)} \ " SUMMARY_packagegroup-security-mac = "Security Mandatory Access Control systems" -- 2.17.1
|
||
|
||
[dunfell 19/32] beaglebone-yocto-verity.wks.in: Refer IMGDEPLOYDIR
From: "niko.mauno@..." <niko.mauno@...>
Since dm-verity-image.bbclass effectively injects <DM_VERITY_IMAGE>:do_image_<DM_VERITY_IMAGE_TYPE> dependency for do_image_wic task, we can change verity rootfs artifact reference here from DEPLOY_DIR_IMAGE to IMGDEPLOYDIR in order to mitigate following breakage which was observed when bitbaking <DM_VERITY_IMAGE> target from scratch (using sstate-cache provided artifacts): | wic.filemap.Error: cannot open image file '.../build/tmp/deploy/images/beaglebone-yocto/core-image-minimal-beaglebone-yocto.ext4.verity': [Errno 2] No such file or directory: '.../build/tmp/deploy/images/beaglebone-yocto/core-image-minimal-beaglebone-yocto.ext4.verity' | WARNING: exit code 1 from a shell command. | ERROR: Task (.../meta/recipes-core/images/core-image-minimal.bb:do_image_wic) failed with exit code '1' Signed-off-by: Niko Mauno <niko.mauno@...> Signed-off-by: Armin Kuster <akuster808@...> (cherry picked from commit 4602d6420835a603fde6f3f25a87b19cbf721ed6) --- wic/beaglebone-yocto-verity.wks.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wic/beaglebone-yocto-verity.wks.in b/wic/beaglebone-yocto-verity.wks.in index cd1702e..658018b 100644 --- a/wic/beaglebone-yocto-verity.wks.in +++ b/wic/beaglebone-yocto-verity.wks.in @@ -11,5 +11,5 @@ # This .wks only works with the dm-verity-img class. part /boot --source bootimg-partition --ondisk mmcblk0 --fstype=vfat --label boot --active --align 4 --size 16 --sourceparams="loader=u-boot" --use-uuid -part / --source rawcopy --ondisk mmcblk0 --sourceparams="file=${DEPLOY_DIR_IMAGE}/${DM_VERITY_IMAGE}-${MACHINE}.${DM_VERITY_IMAGE_TYPE}.verity" +part / --source rawcopy --ondisk mmcblk0 --sourceparams="file=${IMGDEPLOYDIR}/${DM_VERITY_IMAGE}-${MACHINE}.${DM_VERITY_IMAGE_TYPE}.verity" bootloader --append="console=ttyS0,115200" -- 2.17.1
|
||
|