Date   

Yocto Project Newcomer & Unassigned Bugs - Help Needed

Stephen Jolley
 

All,

 

The triage team is starting to try and collect up and classify bugs which a newcomer to the project would be able to work on in a way which means people can find them. They're being listed on the triage page under the appropriate heading:

https://wiki.yoctoproject.org/wiki/Bug_Triage#Newcomer_Bugs  Also please review: https://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded

The idea is these bugs should be straight forward for a person to help work on who doesn't have deep experience with the project.  If anyone can help, please take ownership of the bug and send patches!  If anyone needs help/advice there are people on irc who can likely do so, or some of the more experienced contributors will likely be happy to help too.

 

Also, the triage team meets weekly and does its best to handle the bugs reported into the Bugzilla. The number of people attending that meeting has fallen, as have the number of people available to help fix bugs. One of the things we hear users report is they don't know how to help. We (the triage team) are therefore going to start reporting out the currently 338 unassigned or newcomer bugs.

 

We're hoping people may be able to spare some time now and again to help out with these.  Bugs are split into two types, "true bugs" where things don't work as they should and "enhancements" which are features we'd want to add to the system.  There are also roughly four different "priority" classes right now, “3.2”, “3.3, "3.99" and "Future", the more pressing/urgent issues being in "3.2" and then “3.3”.

 

Please review this link and if a bug is something you would be able to help with either take ownership of the bug, or send me (sjolley.yp.pm@...) an e-mail with the bug number you would like and I will assign it to you (please make sure you have a Bugzilla account).  The list is at: https://wiki.yoctoproject.org/wiki/Bug_Triage_Archive#Unassigned_or_Newcomer_Bugs

 

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 


Re: Patching file contained in downloaded recipe

Chuck Wolber
 



On Mon, Sep 14, 2020 at 3:05 PM Greg Wilson-Lindberg <GWilson@...> wrote:

Hi Chuck,

 

I am patching a recipe that is included with the Yocto system that I download. The .system file that I need to modify is in one of the file directories that are part of the recipe.

 

I have a .bbappend recipe that is being picked up, but because the file that I want to patch is part of the recipe and not part of what a recipe would download if it were building something from source, the patch system is not finding it.



In that case, your best bet is to probably write a do_*_append() function into the bbappend recipe so you can jump in after one of the build steps and apply your patch during the appropriate stage. Refer to section 28.1 of the Mega Manual for all of the build tasks, and pick one that seems sensible. For example, you can write a do_install_append() function, and then prepend ${B} to the path that the service file typically shows up at to access it. From there, it is a simple matter of using typical commands to apply whatever patch you want.

I have no doubt that other, more experienced people on the Yocto project, may suggest a better target than do_install, so listen to them if any should jump in and offer sensible correction to what I am saying.
 

Part of my question was, could I use the PATCHDIR option to specify the /lib/systemd/system/file.service file to get the patch to run against the ‘copied’ version of the file?


Given the example above, you would simply use ${B}/lib/systemd/system/file.service and use garden variety command line tools to apply the patch.

 

Sorry for the weird “<reply>…<reply\>” blocks, I’m stuck with Outlook for email and I can’t figure out how to get it to indent the email I’m replying to and let me comment in line without indenting my replies also.



No worries. I used to use mutt and pine, which were really good at inline posting. Alas, I have moved on to gmail, which is not so good, and comes into conflict in places such as this. We make-do of course...

..Ch:W..

--
"Perfection must be reached by degrees; she requires the slow hand of time." - Voltaire


Re: Patching file contained in downloaded recipe

Greg Wilson-Lindberg
 

Hi Chuck,

 

 

From: Chuck Wolber <chuckwolber@...>
Sent: Monday, September 14, 2020 12:48 PM
To: Greg Wilson-Lindberg <GWilson@...>
Cc: Yocto list discussion <yocto@...>
Subject: Re: [yocto] Patching file contained in downloaded recipe

 

On Mon, Sep 14, 2020 at 10:50 AM Greg Wilson-Lindberg <gwilson@...> wrote:

I have a recipe that has a .service file in one of its files directories that I need to patch.

 

I haven’t been able to figure out how to specify the directory of the file that needs to be patched. I can’t seem to get the patch to apply to the files directory, do I need to specify the /lib/systemd/system directory into the PATCHDIR option or is there another way that would work better?

 

Are you patching an existing upstream recipe? Or your own recipe? In the former case, you would use a .bbappend recipe.

 

<reply>

I am patching a recipe that is included with the Yocto system that I download. The .system file that I need to modify is in one of the file directories that are part of the recipe.

 

I have a .bbappend recipe that is being picked up, but because the file that I want to patch is part of the recipe and not part of what a recipe would download if it were building something from source, the patch system is not finding it.

 

<reply/>

 

In either case, it all depends on how the service file is generated. If it is part of the source code, then you just create a patch against the source tree and reference that patch in a recipe as a SRC_URI_append. If you generate it as part of a build, then you would either patch the build product (less desirable), or patch the code that generates the service file (more desirable).

 

<reply>

Part of my question was, could I use the PATCHDIR option to specify the /lib/systemd/system/file.service file to get the patch to run against the ‘copied’ version of the file?

 

Sorry for the weird “<reply>…<reply\>” blocks, I’m stuck with Outlook for email and I can’t figure out how to get it to indent the email I’m replying to and let me comment in line without indenting my replies also.

 

Regards, Greg

<reply\>

 

..Ch:W..

 

--

"Perfection must be reached by degrees; she requires the slow hand of time." - Voltaire


Re: Ethernet device with systemd-networkd on Yocto won't work (rejects ARP replies), but does work with /etc/network/interfaces #yocto #systemd

Matt Madison
 

On Mon, Sep 14, 2020 at 11:31 AM eliranl via lists.yoctoproject.org
<eliranl=amazon.com@...> wrote:

Hi,
(since this is a long post, i divided it to sections)

TL;DR

I have a networking issue in my Yocto dist; Somehow, my ethernet device won't work with systemd-networkd, but will work with /etc/network/interfaces.

Problem
I have an Nvidia Jetson AGX Xavier device which runs a Yocto Thud distribution based on meta-tegra's tegra-minimal-initramfs, which is a small initrd for Jetson Xavier, except it was modified to run with coreutils instead of busybox, and with systemd.
Which of the meta-tegra branches is it? thud-l4t-r32.3.1?

It has an eth0 device which is configured (with a config file in /etc/systemd/network) with a static IP address. The Xavier's Ethernet port is connected directly to another Ubuntu PC, which is also on the same subnet with a different static IP address.

I cannot get the Xavier's network device to work with systemd-networkd;
[...]
The following is the non-working systemd network device configuration file:

[Match]
Name=eth0

[Network]
Address=192.168.13.6/24
Gateway=192.168.13.10
There was an issue with NVIDIA's eqos driver in older BSPs. I know it
affected the TX2, with the exact same symptoms
It could affect Xavier modules as well. The workaround is to disable
LLDP on by adding

LLDP=no

to the [Network] section for the interface.

See https://github.com/OE4T/meta-tegra/issues/146

The workaround didn't get back-ported to the thud-l4t-r32.3.1 branch.

[...]

Please accept my apologies if this isn't the right forum, i wasn't sure where to sent it to.
Since this is BSP-related, opening an issue at
https://github.com/OE4T/meta-tegra/issues might work better.

Regards
-Matt


Re: Patching file contained in downloaded recipe

Chuck Wolber
 

On Mon, Sep 14, 2020 at 10:50 AM Greg Wilson-Lindberg <gwilson@...> wrote:

I have a recipe that has a .service file in one of its files directories that I need to patch.

 

I haven’t been able to figure out how to specify the directory of the file that needs to be patched. I can’t seem to get the patch to apply to the files directory, do I need to specify the /lib/systemd/system directory into the PATCHDIR option or is there another way that would work better?


Are you patching an existing upstream recipe? Or your own recipe? In the former case, you would use a .bbappend recipe.

In either case, it all depends on how the service file is generated. If it is part of the source code, then you just create a patch against the source tree and reference that patch in a recipe as a SRC_URI_append. If you generate it as part of a build, then you would either patch the build product (less desirable), or patch the code that generates the service file (more desirable).

..Ch:W..

--
"Perfection must be reached by degrees; she requires the slow hand of time." - Voltaire


Ethernet device with systemd-networkd on Yocto won't work (rejects ARP replies), but does work with /etc/network/interfaces #yocto #systemd

eliranl@...
 

Hi,
(since this is a long post, i divided it to sections)

TL;DR

I have a networking issue in my Yocto dist; Somehow, my ethernet device won't work with systemd-networkd, but will work with /etc/network/interfaces.

Problem
I have an Nvidia Jetson AGX Xavier device which runs a Yocto Thud distribution based on meta-tegra's tegra-minimal-initramfs, which is a small initrd for Jetson Xavier, except it was modified to run with coreutils instead of busybox, and with systemd.

It has an eth0 device which is configured (with a config file in /etc/systemd/network) with a static IP address. The Xavier's Ethernet port is connected directly to another Ubuntu PC, which is also on the same subnet with a different static IP address.

I cannot get the Xavier's network device to work with systemd-networkd;

Once the device boots into the initrd, it appears as if the network device is configured correctly:

  • `ifconfig` shows that eth0 is configured with the correct IP address
  • The following messages appear in 'dmesg':
    [   12.390612] gpio tegra-gpio wake20 for gpio=52(G:4)
    [   15.242016] eqos 2490000.ether_qos eth0: Link is Up - 1Gbps/Full - flow control off

However, when I ping the Ubuntu machine on the other end of the cable, there's no response.


Debugging

  • When running tcpdump on the Ubuntu machine, it shows that the Ubuntu machine receives an ARP request, and sends a reply back:
20:00:55.280337 ARP, Request who-has 192.168.13.10 tell 192.168.13.6, length 46
20:00:55.280362 ARP, Reply 192.168.13.10 is-at 3c:fd:fe:81:f1:93 (oui Unknown), length 28
20:00:56.291843 ARP, Request who-has 192.168.13.10 tell 192.168.13.6, length 46
20:00:56.291866 ARP, Reply 192.168.13.10 is-at 3c:fd:fe:81:f1:93 (oui Unknown), length 28
  • But, the arp cache on the Xavier is not updated after that; Running 'cat /proc/net/arp' on the Xavier device shows that:

xavier:~$ cat /proc/net/arp
IP address       HW type     Flags       HW address            Mask     Device
192.168.13.10    0x1         0x0         00:00:00:00:00:00     *        eth0

(192.168.13.0 is the address of the machine i tried to ping. as you can see its MAC address is not updated).

 

  • There are no iptable rules in the Xavier (according to iptables -L).
  • Running 'networkctl status' on the device, shows that its State is "routable (configuring)", however i'm not sure if it's a problem or not, after searching what it means.

 

  • I've also tried to look if I somehow installed another networking service that conflicts with systemd-networkd, but it doesn't seem like it:

xavier:~$ systemctl list-units|grep -i net|awk '{print $1}'
sys-devices-2490000.ether_qos-net-eth0.device
sys-devices-virtual-net-dummy0.device
sys-subsystem-net-devices-dummy0.device
sys-subsystem-net-devices-eth0.device
systemd-resolved.service
network-online.target
network.target
nss-lookup.target

Using /etc/network/interface does work

If i 'move' to using /etc/network/interfaces by doing:

1. Running: systemctl stop systemd-networkd.{socket,service}

2. Write an equivalent configuration in /etc/network/interfaces

3. Restart eth0: ifconfig eth0 down; ifconfig eth0 up

Then, all of a sudden the ping works.


My configuration

  • In order to use systemd-networkd, I have tried various combinations of the following configuration parameters in my local.conf, after searching various resources on the internet for using systemd on Yocto:

DISTRO_FEATURES_append = " systemd coreutils procps"
VIRTUAL-RUNTIME_init_manager = "systemd"
VIRTUAL-RUNTIME_initscripts = "systemd-compat-units"
DISTRO_FEATURES_remove = " sysvinit"
PREFERRED_PROVIDER_udev = "systemd"
VIRTUAL-RUNTIME_syslog = ""
VIRTUAL-RUNTIME_login_manager = "shadow"
#DISTRO_FEATURES_BACKFILL_CONSIDERED = "sysvinit"
PREFERRED_PROVIDER_virtual/base-utils = "coreutils"
VIRTUAL-RUNTIME_base-utils = "coreutils"
DISTRO_FEATURES_remove += "wayland directfb busybox"
VIRTUAL-RUNTIME_base-utils-syslog = ""
PACKAGECONFIG_append_pn-systemd = "

And none of it seemed to work.

  • The following is the non-working systemd network device configuration file:

[Match]
Name=eth0

[Network]
Address=192.168.13.6/24
Gateway=192.168.13.10

  • And the following is the working equivalent /etc/network/interfaces file:

auto eth0
iface eth0 inet static
                address 192.168.13.6
                netmask 255.255.255.0

----

I also didn't find a post with similar symptoms.

Does anyone have an idea on how to debug this?


Please accept my apologies if this isn't the right forum, i wasn't sure where to sent it to.

Thanks,

Eliran


Patching file contained in downloaded recipe

Greg Wilson-Lindberg
 

I have a recipe that has a .service file in one of its files directories that I need to patch.

 

I haven’t been able to figure out how to specify the directory of the file that needs to be patched. I can’t seem to get the patch to apply to the files directory, do I need to specify the /lib/systemd/system directory into the PATCHDIR option or is there another way that would work better?

 

Regards

Greg


[psplash] image format.

Mauro Ziliani
 

Hi all.

I'm trying to display a splash screen over a 800x600 display, on Geode LX 800 platform (Geode LX FB or Vesa).


I make the image with Gimp and saved in 4 version to try.

800x600 in png 16bit rgb, png 16bit rgba, png 8bit rgb, png 8bit rgba


The image is not aligned with the display.

1. To "center"  the splash in the screen I need to create a 800x700 image

2. this is the result on the display

https://drive.google.com/file/d/1OHbUr-WxR_weU6JilhFcUO64onb7F3-f/view?usp=sharing


Any idea?


Best regards,

  MZ


Re: #yocto Problem compiling binutils-2.32.0-r0 on zeus #yocto

srijan.nandi@...
 

The issue got resolved after running bitbake -c cleanall binutils. After which it build successfully.

-=Srijan Nandi


#yocto Problem compiling binutils-2.32.0-r0 on zeus #yocto

srijan.nandi@...
 

I am trying to compile binutils-2.32.0-r0 on zeus. I am getting the following error:

DEBUG: Executing python function do_unpack
DEBUG: Executing python function base_do_unpack
DEBUG: Running 'export PSEUDO_DISABLED=1; unset _PYTHON_SYSCONFIGDATA_NAME; export PATH="/opt/grays-poky/build-grays/tmp/sysroots-uninative/x86_64-linux/usr/bin:/opt/grays-poky/build-grays/tmp/work/core2-64-poky-linux/binutils/2.32.0-r0/recipe-sysroot-native/usr/bin/chrpath-native:/opt/grays-poky/scripts:/opt/grays-poky/build-grays/tmp/work/core2-64-poky-linux/binutils/2.32.0-r0/recipe-sysroot-native/usr/bin/x86_64-poky-linux:/opt/grays-poky/build-grays/tmp/work/core2-64-poky-linux/binutils/2.32.0-r0/recipe-sysroot/usr/bin/crossscripts:/opt/grays-poky/build-grays/tmp/work/core2-64-poky-linux/binutils/2.32.0-r0/recipe-sysroot-native/usr/sbin:/opt/grays-poky/build-grays/tmp/work/core2-64-poky-linux/binutils/2.32.0-r0/recipe-sysroot-native/usr/bin:/opt/grays-poky/build-grays/tmp/work/core2-64-poky-linux/binutils/2.32.0-r0/recipe-sysroot-native/sbin:/opt/grays-poky/build-grays/tmp/work/core2-64-poky-linux/binutils/2.32.0-r0/recipe-sysroot-native/bin:/opt/grays-poky/bitbake/bin:/opt/grays-poky/build-grays/tmp/hosttools"; export HOME="/home/srijan.nandi"; git -c core.fsyncobjectfiles=0 branch --contains b8c1f608db9ef3edd483d21a921d1fbedc71df6f --list binutils-2_32-branch 2> /dev/null | wc -l' in /opt/grays-poky/build-grays/downloads/git2/sourceware.org.git.binutils-gdb.git
DEBUG: Running export PSEUDO_DISABLED=1; unset _PYTHON_SYSCONFIGDATA_NAME; export PATH="/opt/grays-poky/build-grays/tmp/sysroots-uninative/x86_64-linux/usr/bin:/opt/grays-poky/build-grays/tmp/work/core2-64-poky-linux/binutils/2.32.0-r0/recipe-sysroot-native/usr/bin/chrpath-native:/opt/grays-poky/scripts:/opt/grays-poky/build-grays/tmp/work/core2-64-poky-linux/binutils/2.32.0-r0/recipe-sysroot-native/usr/bin/x86_64-poky-linux:/opt/grays-poky/build-grays/tmp/work/core2-64-poky-linux/binutils/2.32.0-r0/recipe-sysroot/usr/bin/crossscripts:/opt/grays-poky/build-grays/tmp/work/core2-64-poky-linux/binutils/2.32.0-r0/recipe-sysroot-native/usr/sbin:/opt/grays-poky/build-grays/tmp/work/core2-64-poky-linux/binutils/2.32.0-r0/recipe-sysroot-native/usr/bin:/opt/grays-poky/build-grays/tmp/work/core2-64-poky-linux/binutils/2.32.0-r0/recipe-sysroot-native/sbin:/opt/grays-poky/build-grays/tmp/work/core2-64-poky-linux/binutils/2.32.0-r0/recipe-sysroot-native/bin:/opt/grays-poky/bitbake/bin:/opt/grays-poky/build-grays/tmp/hosttools"; export HOME="/home/srijan.nandi"; git -c core.fsyncobjectfiles=0 clone -s -n /opt/grays-poky/build-grays/downloads/git2/sourceware.org.git.binutils-gdb.git/ /opt/grays-poky/build-grays/tmp/work/core2-64-poky-linux/binutils/2.32.0-r0/git/
ERROR: Fetcher failure: Fetch command export PSEUDO_DISABLED=1; unset _PYTHON_SYSCONFIGDATA_NAME; export PATH="/opt/grays-poky/build-grays/tmp/sysroots-uninative/x86_64-linux/usr/bin:/opt/grays-poky/build-grays/tmp/work/core2-64-poky-linux/binutils/2.32.0-r0/recipe-sysroot-native/usr/bin/chrpath-native:/opt/grays-poky/scripts:/opt/grays-poky/build-grays/tmp/work/core2-64-poky-linux/binutils/2.32.0-r0/recipe-sysroot-native/usr/bin/x86_64-poky-linux:/opt/grays-poky/build-grays/tmp/work/core2-64-poky-linux/binutils/2.32.0-r0/recipe-sysroot/usr/bin/crossscripts:/opt/grays-poky/build-grays/tmp/work/core2-64-poky-linux/binutils/2.32.0-r0/recipe-sysroot-native/usr/sbin:/opt/grays-poky/build-grays/tmp/work/core2-64-poky-linux/binutils/2.32.0-r0/recipe-sysroot-native/usr/bin:/opt/grays-poky/build-grays/tmp/work/core2-64-poky-linux/binutils/2.32.0-r0/recipe-sysroot-native/sbin:/opt/grays-poky/build-grays/tmp/work/core2-64-poky-linux/binutils/2.32.0-r0/recipe-sysroot-native/bin:/opt/grays-poky/bitbake/bin:/opt/grays-poky/build-grays/tmp/hosttools"; export HOME="/home/srijan.nandi"; git -c core.fsyncobjectfiles=0 clone -s -n /opt/grays-poky/build-grays/downloads/git2/sourceware.org.git.binutils-gdb.git/ /opt/grays-poky/build-grays/tmp/work/core2-64-poky-linux/binutils/2.32.0-r0/git/ failed with exit code 128, output:
fatal: repository '/opt/grays-poky/build-grays/downloads/git2/sourceware.org.git.binutils-gdb.git/' does not exist
 
DEBUG: Python function base_do_unpack finished
DEBUG: Python function do_unpack finished

Now I checked and saw that the said directory (/opt/grays-poky/build-grays/downloads/git2/sourceware.org.git.binutils-gdb.git/) does exist. I even tried to change the permission to 777, but still the same issue.
 
Any help will be greatly appreciated.

Thanks and Regards,
-=Srijan Nandi


Tuning 'cortexa53-crypto' has no defined features, and cannot be used.

Andy Pont
 

Hello,

I am trying to get an older meta-layer (meta-maaxboard) that was developed for Sumo to work with Zeus. When I try to build “bitbake core-image-minimal” then the sanity checker gives the following error before aborting:

Error, the PACKAGE_ARCHS variable (all any noarch ${PACKAGE_EXTRA_ARCHS_tune-cortexa53-crypto} maaxboard_ddr4_2g_sdcard) for DEFAULTTUNE (cortexa53-crypto) does not contain TUNE_PKGARCH (${@bb.utils.contains('TUNE_FEATURES', 'aarch64', 'aarch64', '${ARMPKGARCH_tune-cortexa53-crypto}' ,d)}).Toolchain tunings invalid:
Tuning 'cortexa53-crypto' has no defined features, and cannot be used.

I don’t understand what the error message actually means to know how to go about resolving it. Can anyone point me in the right direction?

-Andy.


Re: [meta-security][master][dunfell][PATCH] clamav: update SO_VER to 9.0.4

Armin Kuster
 

merged to both.

thanks

On 9/10/20 7:11 AM, Charlie Davies wrote:
Signed-off-by: Charlie Davies <charles.davies@...>
---
recipes-scanners/clamav/clamav_0.101.5.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-scanners/clamav/clamav_0.101.5.bb b/recipes-scanners/clamav/clamav_0.101.5.bb
index 2ea2c9b..30c8c08 100644
--- a/recipes-scanners/clamav/clamav_0.101.5.bb
+++ b/recipes-scanners/clamav/clamav_0.101.5.bb
@@ -23,7 +23,7 @@ SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=rel/0.101 \
S = "${WORKDIR}/git"

LEAD_SONAME = "libclamav.so"
-SO_VER = "9.0.2"
+SO_VER = "9.0.4"

inherit autotools pkgconfig useradd systemd multilib_header multilib_script



Re: [meta-security][dunfell][PATCH] clamav: add INSTALL_CLAMAV_CVD flag to do_install

Armin Kuster
 

merged

On 9/10/20 6:53 AM, Charlie Davies wrote:
Recipe provides INSTALL_CLAMAV_CVD flag to bypass clamav
cvd db creation. During do_install this flag should be
used to conditionally skip install of cvd db if needed.

Signed-off-by: Charlie Davies <charles.davies@...>
---
recipes-scanners/clamav/clamav_0.101.5.bb | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/recipes-scanners/clamav/clamav_0.101.5.bb b/recipes-scanners/clamav/clamav_0.101.5.bb
index 2ea2c9b..770186a 100644
--- a/recipes-scanners/clamav/clamav_0.101.5.bb
+++ b/recipes-scanners/clamav/clamav_0.101.5.bb
@@ -89,7 +89,9 @@ do_install_append_class-target () {
install -m 0644 ${WORKDIR}/volatiles.03_clamav ${D}${sysconfdir}/default/volatiles/volatiles.03_clamav
sed -i -e 's#${STAGING_DIR_HOST}##g' ${D}${libdir}/pkgconfig/libclamav.pc
rm ${D}/${libdir}/libclamav.so
- install -m 666 ${S}/clamav_db/* ${D}/${localstatedir}/lib/clamav/.
+ if [ "${INSTALL_CLAMAV_CVD}" = "1" ]; then
+ install -m 666 ${S}/clamav_db/* ${D}/${localstatedir}/lib/clamav/.
+ fi
if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)};then
install -D -m 0644 ${WORKDIR}/clamav.service ${D}${systemd_unitdir}/system/clamav.service
install -d ${D}${sysconfdir}/tmpfiles.d


Re: [meta-security][PATCH] ibmtpm2tss: add recipe

Armin Kuster
 

merged

thanks

On 9/11/20 12:37 AM, Jens Rehsack wrote:
From: Jens Rehsack <sno@...>

Add recipe for companion of IBM Software TPM 2.0 - IBM's TPM 2.0 TSS.
It's a user space TSS for TPM 2.0.

Signed-off-by: Jens Rehsack <sno@...>
---
...efile.am-expand-wildcards-in-prereqs.patch | 125 ++++++++++++++++++
.../ibmtpm2tss/ibmtpm2tss_1.5.0.bb | 27 ++++
2 files changed, 152 insertions(+)
create mode 100644 meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch
create mode 100644 meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.5.0.bb

diff --git a/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch b/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch
new file mode 100644
index 0000000..8b13fb6
--- /dev/null
+++ b/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch
@@ -0,0 +1,125 @@
+From 26091b7830d84a12308442b238652ee9475d407b Mon Sep 17 00:00:00 2001
+From: Jens Rehsack <sno@...>
+Date: Fri, 11 Sep 2020 07:46:41 +0200
+Subject: [PATCH] utils{,12}/Makefile.am: expand wildcards in prereqs
+
+Expand wildcards of required sources to avoid errors like:
+make[2]: *** No rule to make target 'man/man1/*.1', needed by 'all-am'. Stop.
+make[2]: *** Waiting for unfinished jobs....
+
+Upstream-Status: Submitted
+
+Signed-off-by: Jens Rehsack <sno@...>
+---
+ utils/Makefile.am | 75 +++++++++++++++++++++++++++++++++++++++++++--
+ utils12/Makefile.am | 8 ++++-
+ 2 files changed, 79 insertions(+), 4 deletions(-)
+
+diff --git a/utils/Makefile.am b/utils/Makefile.am
+index 1e51fe3..170a26e 100644
+--- a/utils/Makefile.am
++++ b/utils/Makefile.am
+@@ -81,9 +81,78 @@ libibmtssutils_la_LIBADD = libibmtss.la $(LIBCRYPTO_LIBS)
+
+ noinst_HEADERS = CommandAttributes.h imalib.h tssdev.h ntc2lib.h tssntc.h Commands_fp.h objecttemplates.h tssproperties.h cryptoutils.h Platform.h tssauth.h tsssocket.h ekutils.h eventlib.h tssccattributes.h
+ # install every header in ibmtss
+-nobase_include_HEADERS = ibmtss/*.h
+-
+-notrans_man_MANS = man/man1/*.1
++nobase_include_HEADERS = ibmtss/ActivateCredential_fp.h ibmtss/ActivateIdentity_fp.h ibmtss/BaseTypes.h \
++ ibmtss/CertifyCreation_fp.h ibmtss/Certify_fp.h ibmtss/CertifyX509_fp.h ibmtss/ChangeEPS_fp.h \
++ ibmtss/ChangePPS_fp.h ibmtss/ClearControl_fp.h ibmtss/Clear_fp.h ibmtss/ClockRateAdjust_fp.h \
++ ibmtss/ClockSet_fp.h ibmtss/Commit_fp.h ibmtss/ContextLoad_fp.h ibmtss/ContextSave_fp.h \
++ ibmtss/CreateEndorsementKeyPair_fp.h ibmtss/Create_fp.h ibmtss/CreateLoaded_fp.h \
++ ibmtss/CreatePrimary_fp.h ibmtss/CreateWrapKey_fp.h ibmtss/DictionaryAttackLockReset_fp.h \
++ ibmtss/DictionaryAttackParameters_fp.h ibmtss/Duplicate_fp.h ibmtss/ECC_Parameters_fp.h \
++ ibmtss/ECDH_KeyGen_fp.h ibmtss/ECDH_ZGen_fp.h ibmtss/EC_Ephemeral_fp.h ibmtss/EncryptDecrypt2_fp.h \
++ ibmtss/EncryptDecrypt_fp.h ibmtss/EventSequenceComplete_fp.h ibmtss/EvictControl_fp.h ibmtss/Extend_fp.h \
++ ibmtss/FlushContext_fp.h ibmtss/FlushSpecific_fp.h ibmtss/GetCapability12_fp.h ibmtss/GetCapability_fp.h \
++ ibmtss/GetCommandAuditDigest_fp.h ibmtss/GetRandom_fp.h ibmtss/GetSessionAuditDigest_fp.h \
++ ibmtss/GetTestResult_fp.h ibmtss/GetTime_fp.h ibmtss/Hash_fp.h ibmtss/HashSequenceStart_fp.h \
++ ibmtss/HierarchyChangeAuth_fp.h ibmtss/HierarchyControl_fp.h ibmtss/HMAC_fp.h ibmtss/HMAC_Start_fp.h \
++ ibmtss/Implementation.h ibmtss/Import_fp.h ibmtss/IncrementalSelfTest_fp.h ibmtss/LoadExternal_fp.h \
++ ibmtss/Load_fp.h ibmtss/LoadKey2_fp.h ibmtss/MakeCredential_fp.h ibmtss/MakeIdentity_fp.h ibmtss/NTC_fp.h \
++ ibmtss/NV_Certify_fp.h ibmtss/NV_ChangeAuth_fp.h ibmtss/NV_DefineSpace12_fp.h ibmtss/NV_DefineSpace_fp.h \
++ ibmtss/NV_Extend_fp.h ibmtss/NV_GlobalWriteLock_fp.h ibmtss/NV_Increment_fp.h ibmtss/NV_Read_fp.h \
++ ibmtss/NV_ReadLock_fp.h ibmtss/NV_ReadPublic_fp.h ibmtss/NV_ReadValueAuth_fp.h ibmtss/NV_ReadValue_fp.h \
++ ibmtss/NV_SetBits_fp.h ibmtss/NV_UndefineSpace_fp.h ibmtss/NV_UndefineSpaceSpecial_fp.h ibmtss/NV_Write_fp.h \
++ ibmtss/NV_WriteLock_fp.h ibmtss/NV_WriteValueAuth_fp.h ibmtss/NV_WriteValue_fp.h ibmtss/ObjectChangeAuth_fp.h \
++ ibmtss/OIAP_fp.h ibmtss/OSAP_fp.h ibmtss/OwnerReadInternalPub_fp.h ibmtss/OwnerSetDisable_fp.h \
++ ibmtss/Parameters12.h ibmtss/Parameters.h ibmtss/PCR_Allocate_fp.h ibmtss/PCR_Event_fp.h ibmtss/PCR_Extend_fp.h \
++ ibmtss/PcrRead12_fp.h ibmtss/PCR_Read_fp.h ibmtss/PCR_Reset12_fp.h ibmtss/PCR_Reset_fp.h ibmtss/PCR_SetAuthPolicy_fp.h \
++ ibmtss/PCR_SetAuthValue_fp.h ibmtss/PolicyAuthorize_fp.h ibmtss/PolicyAuthorizeNV_fp.h ibmtss/PolicyAuthValue_fp.h \
++ ibmtss/PolicyCommandCode_fp.h ibmtss/PolicyCounterTimer_fp.h ibmtss/PolicyCpHash_fp.h ibmtss/PolicyDuplicationSelect_fp.h \
++ ibmtss/PolicyGetDigest_fp.h ibmtss/PolicyLocality_fp.h ibmtss/PolicyNameHash_fp.h ibmtss/PolicyNV_fp.h \
++ ibmtss/PolicyNvWritten_fp.h ibmtss/PolicyOR_fp.h ibmtss/PolicyPassword_fp.h ibmtss/PolicyPCR_fp.h \
++ ibmtss/PolicyPhysicalPresence_fp.h ibmtss/PolicyRestart_fp.h ibmtss/PolicySecret_fp.h ibmtss/PolicySigned_fp.h \
++ ibmtss/PolicyTemplate_fp.h ibmtss/PolicyTicket_fp.h ibmtss/PP_Commands_fp.h ibmtss/Quote2_fp.h ibmtss/Quote_fp.h \
++ ibmtss/ReadClock_fp.h ibmtss/ReadPubek_fp.h ibmtss/ReadPublic_fp.h ibmtss/Rewrap_fp.h ibmtss/RSA_Decrypt_fp.h \
++ ibmtss/RSA_Encrypt_fp.h ibmtss/SelfTest_fp.h ibmtss/SequenceComplete_fp.h ibmtss/SequenceUpdate_fp.h \
++ ibmtss/SetAlgorithmSet_fp.h ibmtss/SetCommandCodeAuditStatus_fp.h ibmtss/SetPrimaryPolicy_fp.h ibmtss/Shutdown_fp.h \
++ ibmtss/Sign12_fp.h ibmtss/Sign_fp.h ibmtss/StartAuthSession_fp.h ibmtss/Startup12_fp.h ibmtss/Startup_fp.h \
++ ibmtss/StirRandom_fp.h ibmtss/TakeOwnership_fp.h ibmtss/TestParms_fp.h ibmtss/TPMB.h ibmtss/TpmBuildSwitches.h \
++ ibmtss/tpmconstants12.h ibmtss/tpmstructures12.h ibmtss/tpmtypes12.h ibmtss/TPM_Types.h ibmtss/tsscrypto.h \
++ ibmtss/tsscryptoh.h ibmtss/tsserror12.h ibmtss/tsserror.h ibmtss/tssfile.h ibmtss/tss.h ibmtss/tssmarshal12.h \
++ ibmtss/tssmarshal.h ibmtss/tssprintcmd.h ibmtss/tssprint.h ibmtss/tssresponsecode.h ibmtss/tsstransmit.h \
++ ibmtss/tssutils.h ibmtss/Unmarshal12_fp.h ibmtss/Unmarshal_fp.h ibmtss/Unseal_fp.h ibmtss/VerifySignature_fp.h \
++ ibmtss/ZGen_2Phase_fp.h
++
++notrans_man_MANS = man/man1/tssactivatecredential.1 man/man1/tsscertify.1 man/man1/tsscertifycreation.1 \
++ man/man1/tsscertifyx509.1 man/man1/tsschangeeps.1 man/man1/tsschangepps.1 man/man1/tssclear.1 \
++ man/man1/tssclearcontrol.1 man/man1/tssclockrateadjust.1 man/man1/tssclockset.1 man/man1/tsscommit.1 \
++ man/man1/tsscontextload.1 man/man1/tsscontextsave.1 man/man1/tsscreate.1 man/man1/tsscreateek.1 \
++ man/man1/tsscreateekcert.1 man/man1/tsscreateloaded.1 man/man1/tsscreateprimary.1 \
++ man/man1/tssdictionaryattacklockreset.1 man/man1/tssdictionaryattackparameters.1 man/man1/tssduplicate.1 \
++ man/man1/tsseccparameters.1 man/man1/tssecephemeral.1 man/man1/tssencryptdecrypt.1 man/man1/tsseventextend.1 \
++ man/man1/tsseventsequencecomplete.1 man/man1/tssevictcontrol.1 man/man1/tssflushcontext.1 man/man1/tssgetcapability.1 \
++ man/man1/tssgetcommandauditdigest.1 man/man1/tssgetcryptolibrary.1 man/man1/tssgetrandom.1 \
++ man/man1/tssgetsessionauditdigest.1 man/man1/tssgettestresult.1 man/man1/tssgettime.1 man/man1/tsshash.1 \
++ man/man1/tsshashsequencestart.1 man/man1/tsshierarchychangeauth.1 man/man1/tsshierarchycontrol.1 \
++ man/man1/tsshmac.1 man/man1/tsshmacstart.1 man/man1/tssimaextend.1 man/man1/tssimport.1 man/man1/tssimportpem.1 \
++ man/man1/tssload.1 man/man1/tssloadexternal.1 man/man1/tssmakecredential.1 man/man1/tssntc2getconfig.1 \
++ man/man1/tssntc2lockconfig.1 man/man1/tssntc2preconfig.1 man/man1/tssnvcertify.1 man/man1/tssnvchangeauth.1 \
++ man/man1/tssnvdefinespace.1 man/man1/tssnvextend.1 man/man1/tssnvglobalwritelock.1 man/man1/tssnvincrement.1 \
++ man/man1/tssnvread.1 man/man1/tssnvreadlock.1 man/man1/tssnvreadpublic.1 man/man1/tssnvsetbits.1 \
++ man/man1/tssnvundefinespace.1 man/man1/tssnvundefinespacespecial.1 man/man1/tssnvwrite.1 man/man1/tssnvwritelock.1 \
++ man/man1/tssobjectchangeauth.1 man/man1/tsspcrallocate.1 man/man1/tsspcrevent.1 man/man1/tsspcrextend.1 \
++ man/man1/tsspcrread.1 man/man1/tsspcrreset.1 man/man1/tsspolicyauthorize.1 man/man1/tsspolicyauthorizenv.1 \
++ man/man1/tsspolicyauthvalue.1 man/man1/tsspolicycommandcode.1 man/man1/tsspolicycountertimer.1 \
++ man/man1/tsspolicycphash.1 man/man1/tsspolicyduplicationselect.1 man/man1/tsspolicygetdigest.1 \
++ man/man1/tsspolicymaker.1 man/man1/tsspolicymakerpcr.1 man/man1/tsspolicynamehash.1 man/man1/tsspolicynv.1 \
++ man/man1/tsspolicynvwritten.1 man/man1/tsspolicyor.1 man/man1/tsspolicypassword.1 man/man1/tsspolicypcr.1 \
++ man/man1/tsspolicyrestart.1 man/man1/tsspolicysecret.1 man/man1/tsspolicysigned.1 man/man1/tsspolicytemplate.1 \
++ man/man1/tsspolicyticket.1 man/man1/tsspowerup.1 man/man1/tssprintattr.1 man/man1/tsspublicname.1 \
++ man/man1/tssquote.1 man/man1/tssreadclock.1 man/man1/tssreadpublic.1 man/man1/tssreturncode.1 \
++ man/man1/tssrewrap.1 man/man1/tssrsadecrypt.1 man/man1/tssrsaencrypt.1 man/man1/tsssequencecomplete.1 \
++ man/man1/tsssequenceupdate.1 man/man1/tsssetcommandcodeauditstatus.1 man/man1/tsssetprimarypolicy.1 \
++ man/man1/tssshutdown.1 man/man1/tsssign.1 man/man1/tsssignapp.1 man/man1/tssstartauthsession.1 \
++ man/man1/tssstartup.1 man/man1/tssstirrandom.1 man/man1/tsstimepacket.1 man/man1/tsstpm2pem.1 \
++ man/man1/tsstpmcmd.1 man/man1/tsstpmpublic2eccpoint.1 man/man1/tssunseal.1 man/man1/tssverifysignature.1 \
++ man/man1/tsswriteapp.1 man/man1/tsszgen2phase.1
+
+ if CONFIG_TPM20
+ noinst_HEADERS += tss20.h tssauth20.h ibmtss/tssprintcmd.h
+diff --git a/utils12/Makefile.am b/utils12/Makefile.am
+index a01f47c..e9fe61e 100644
+--- a/utils12/Makefile.am
++++ b/utils12/Makefile.am
+@@ -9,7 +9,13 @@ libibmtssutils12_la_CFLAGS = -I$(top_srcdir)/utils
+ # result: [current-age].age.revision
+ libibmtssutils12_la_LDFLAGS = -version-info @TSSLIB_VERSION_INFO@ ../utils/libibmtss.la
+
+-notrans_man_MANS = man/man1/*.1
++notrans_man_MANS = man/man1/tss1activateidentity.1 man/man1/tss1createekcert.1 man/man1/tss1createendorsementkeypair.1 \
++ man/man1/tss1createwrapkey.1 man/man1/tss1eventextend.1 man/man1/tss1extend.1 man/man1/tss1flushspecific.1 \
++ man/man1/tss1getcapability.1 man/man1/tss1imaextend.1 man/man1/tss1loadkey2.1 man/man1/tss1makeekblob.1 \
++ man/man1/tss1makeidentity.1 man/man1/tss1nvdefinespace.1 man/man1/tss1nvreadvalue.1 man/man1/tss1nvreadvalueauth.1 \
++ man/man1/tss1nvwritevalue.1 man/man1/tss1nvwritevalueauth.1 man/man1/tss1oiap.1 man/man1/tss1osap.1 \
++ man/man1/tss1ownerreadinternalpub.1 man/man1/tss1ownersetdisable.1 man/man1/tss1pcrread.1 man/man1/tss1quote2.1 \
++ man/man1/tss1sign.1 man/man1/tss1startup.1 man/man1/tss1takeownership.1 man/man1/tss1tpminit.1
+ noinst_HEADERS = ekutils12.h
+
+ bin_PROGRAMS = activateidentity createendorsementkeypair createwrapkey extend flushspecific getcapability loadkey2 makeidentity nvdefinespace nvreadvalueauth nvreadvalue nvwritevalueauth nvwritevalue oiap osap ownerreadinternalpub ownersetdisable pcrread quote2 sign startup takeownership tpminit createekcert makeekblob eventextend imaextend
+--
+2.17.1
+
diff --git a/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.5.0.bb b/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.5.0.bb
new file mode 100644
index 0000000..18ad7eb
--- /dev/null
+++ b/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.5.0.bb
@@ -0,0 +1,27 @@
+SUMMARY = "IBM's Software TPM 2.0 TSS"
+DESCRIPTION = "This is a user space TSS for TPM 2.0. It implements the \
+functionality equivalent to (but not API compatible with) the TCG TSS \
+working group's ESAPI, SAPI, and TCTI API's (and perhaps more) but with a \
+hopefully simpler interface. \
+It comes with over 110 'TPM tools' samples that can be used for scripted \
+apps, rapid prototyping, education, and debugging. \
+It also comes with a web based TPM interface, suitable for a demo to an \
+audience that is unfamiliar with TCG technology. It is also useful for \
+basic TPM management."
+HOMEPAGE = "http://ibmswtpm.sourceforge.net/ibmtss2.html"
+LICENSE = "BSD"
+SECTION = "securty/tpm"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=1e023f61454ac828b4aa1bc4293f7d5f"
+
+DEPENDS = "openssl ibmswtpm2"
+
+inherit autotools pkgconfig
+
+SRCREV = "aa6c6ec83793ba21782033c03439977c26d3cc87"
+SRC_URI = " git://git.code.sf.net/p/ibmtpm20tss/tss;nobranch=1 \
+ file://0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch \
+ "
+
+EXTRA_OECONF = "--disable-tpm-1.2"
+
+S = "${WORKDIR}/git"


Re: Install headers to /usr/include/

majid.nasiry65@...
 

I did what you said but not working. 

Sorry about personal messages. I'am new with this stuffs.


Re: Install headers to /usr/include/

Khem Raj
 

change 

do_install_append(){
     install -d ${D}${includedir}
     cp -r ${S}/cpp/lib/include/opendnp3 ${D}${includedir}
 }


to 

do_install_append(){
     install -d ${D}${includedir}/opendnp3
     cp -R --no-dereference --preserve=mode,links ${S}/cpp/lib/include/opendnp3/* ${D}${includedir}/opendnp3/
 }

reading mailing list.
idon't send personal emails, Always keep mailing lists in Cc so others can also see the proceedings.

On Sun, Sep 13, 2020 at 12:27 AM Majid Nasiry <majid.nasiry65@...> wrote:
It contains all of what I need, but only lib installed. 
tree -L 3
image.png

On Sun, Sep 13, 2020 at 11:44 AM Khem Raj <raj.khem@...> wrote:
what all files are inside opendnp3-dev ?

On Sat, Sep 12, 2020 at 11:35 PM Majid Nasiry <majid.nasiry65@...> wrote:
This is content of this directory :
image.png



On Sun, Sep 13, 2020 at 10:56 AM Khem Raj <raj.khem@...> wrote:
what do you see in packages-split/ directory in build area for this package ?

On Sat, Sep 12, 2020 at 11:11 PM Majid Nasiry <majid.nasiry65@...> wrote:
>
> Hi Khem
> I tried this :
>
> do_install_append(){
>     install -d ${D}${includedir}
>     cp -r ${S}/cpp/lib/include/opendnp3 ${D}${includedir}
>
>     install -d ${D}/usr/include-2
>     cp -r ${S}/cpp/lib/include/opendnp3 ${D}/usr/include-2
> }
>
> FILES_${PN}-dev += "${includedir}"
> FILES_${PN}-dev += "/usr/include-2/"
>
> but it did't work. When I change the last two lines to FILES_${PN} += .. . , the "/usr/include-2/" directory installed and "opendnp3" folder copied too, but in -dev state nothing happened.
>
> Any suggestions?
>
> Regards
>
> On Sun, Sep 13, 2020 at 6:58 AM Khem Raj <raj.khem@...> wrote:
>>
>> headers should be in the devel package  ( PN-dev ) please install that
>> in your image
>>
>> On Sat, Sep 12, 2020 at 2:58 AM <majid.nasiry65@...> wrote:
>> >
>> > Hi
>> > I have a recipe for a library. It install .so files correctly but headers not installed. It can install files any where except /usr/inclue/ directory.
>> >
>> > SUMMARY = "An open source library for DNP3"
>> > HOMEPAGE = "http://dnp3.github.io/"
>> > SECTION = "libs"
>> > DEPENDS = ""
>> > LICENSE = "Apache-2.0"
>> > LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
>> >
>> >
>> > SRCREV = "639edaf1a5d2d74bc04efdd9ddf165bc14a06390"
>> > SRC_URI = "git://github.com/dnp3/opendnp3.git;branch=release"
>> >
>> > S = "${WORKDIR}/git"
>> >
>> > EXTRA_OECMAKE += "-DNP3_TLS=ON"
>> >
>> > do_install_append(){
>> >     install -d ${D}${includedir}
>> >     cp -r ${S}/cpp/lib/include/opendnp3 ${D}${includedir}
>> > }
>> >
>> > FILES_${PN} += "${includedir}"
>> >
>> > inherit cmake
>> >
>> > Where is my mistake?
>> > Thanks.
>> >
>> >
>> >
>> >


Re: Install headers to /usr/include/

Khem Raj
 

headers should be in the devel package ( PN-dev ) please install that
in your image

On Sat, Sep 12, 2020 at 2:58 AM <majid.nasiry65@...> wrote:

Hi
I have a recipe for a library. It install .so files correctly but headers not installed. It can install files any where except /usr/inclue/ directory.

SUMMARY = "An open source library for DNP3"
HOMEPAGE = "http://dnp3.github.io/"
SECTION = "libs"
DEPENDS = ""
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"


SRCREV = "639edaf1a5d2d74bc04efdd9ddf165bc14a06390"
SRC_URI = "git://github.com/dnp3/opendnp3.git;branch=release"

S = "${WORKDIR}/git"

EXTRA_OECMAKE += "-DNP3_TLS=ON"

do_install_append(){
install -d ${D}${includedir}
cp -r ${S}/cpp/lib/include/opendnp3 ${D}${includedir}
}

FILES_${PN} += "${includedir}"

inherit cmake

Where is my mistake?
Thanks.




Re: poky dhcpcd failed build

Yocto
 


On 9/10/20 10:19 AM, Yocto wrote:

On 9/10/20 6:58 AM, Khem Raj wrote:
#include <sys/param.h>

i ran devtool modify dhcpcd and there is no "socket.c" in the source tree.

this appears fixed with the recent dhcpcd version update





    


Re: [meta-security][PATCH v2] ibmswtpm2: update to 1637

Armin Kuster
 

merged.
thanks

On 9/11/20 12:34 AM, Jens Rehsack wrote:
From: Jens Rehsack <sno@...>

Update ibmswtpm2 from 1628 to 1637. Build 1637 Includes:
* Increase NV memory size to match PC Client RSA 3072 requirements
* Add and fix ACT support
* Update Visual Studio files to 2019.

Signed-off-by: Jens Rehsack <sno@...>
---
.../ibmswtpm2/files/fix-wrong-cast.patch | 27 ++++++++++
.../ibmswtpm2/files/remove_optimization.patch | 26 ----------
.../ibmswtpm2/files/tune-makefile.patch | 50 +++++++++++++++++++
.../recipes-tpm2/ibmswtpm2/ibmswtpm2_1628.bb | 26 ----------
.../recipes-tpm2/ibmswtpm2/ibmswtpm2_1637.bb | 39 +++++++++++++++
5 files changed, 116 insertions(+), 52 deletions(-)
create mode 100644 meta-tpm/recipes-tpm2/ibmswtpm2/files/fix-wrong-cast.patch
delete mode 100644 meta-tpm/recipes-tpm2/ibmswtpm2/files/remove_optimization.patch
create mode 100644 meta-tpm/recipes-tpm2/ibmswtpm2/files/tune-makefile.patch
delete mode 100644 meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1628.bb
create mode 100644 meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1637.bb

diff --git a/meta-tpm/recipes-tpm2/ibmswtpm2/files/fix-wrong-cast.patch b/meta-tpm/recipes-tpm2/ibmswtpm2/files/fix-wrong-cast.patch
new file mode 100644
index 0000000..f2938e0
--- /dev/null
+++ b/meta-tpm/recipes-tpm2/ibmswtpm2/files/fix-wrong-cast.patch
@@ -0,0 +1,27 @@
+Fix strict aliasing issue of gcc10
+
+fixes:
+
+TpmFail.c: In function 'TpmLogFailure':
+TpmFail.c:217:23: error: dereferencing type-punned pointer will break strict-aliasing rules [-Werror=strict-aliasing]
+ 217 | s_failFunction = *(UINT32 *)&function; /* kgold */
+ | ^~~~~~~~~~~~~~~~~~~
+cc1: all warnings being treated as errors
+
+Upstream-Status: Submitted
+
+Signed-off-by: Jens Rehsack <sno@...>
+
+Index: src/TpmFail.c
+===================================================================
+--- src.orig/TpmFail.c 2020-09-10 15:43:57.085063875 +0200
++++ src/TpmFail.c 2020-09-10 15:48:35.563302634 +0200
+@@ -214,7 +214,7 @@
+ // On a 64-bit machine, this may truncate the address of the string
+ // of the function name where the error occurred.
+ #if FAIL_TRACE
+- s_failFunction = *(UINT32 *)&function; /* kgold */
++ memcpy(&s_failFunction, function, sizeof(uint32_t)); /* kgold */
+ s_failLine = line;
+ #else
+ s_failFunction = 0;
diff --git a/meta-tpm/recipes-tpm2/ibmswtpm2/files/remove_optimization.patch b/meta-tpm/recipes-tpm2/ibmswtpm2/files/remove_optimization.patch
deleted file mode 100644
index 2919e2e..0000000
--- a/meta-tpm/recipes-tpm2/ibmswtpm2/files/remove_optimization.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-Allow recipe to overide optimization.
-
-fixes:
-
-397 | # warning _FORTIFY_SOURCE requires compiling with optimization (-O)
-| | ^~~~~~~
-| cc1: all warnings being treated as errors
-
-
-Upstream-Status: OE specific
-
-Signed-off-by: Armin Kuster <akuster808@...>
-
-Index: src/makefile
-===================================================================
---- src.orig/makefile
-+++ src/makefile
-@@ -43,7 +43,7 @@ CC = /usr/bin/gcc
- CCFLAGS = -Wall \
- -Wmissing-declarations -Wmissing-prototypes -Wnested-externs \
- -Werror -Wsign-compare \
-- -c -ggdb -O0 \
-+ -c -ggdb -O \
- -DTPM_POSIX \
- -D_POSIX_ \
- -DTPM_NUVOTON
diff --git a/meta-tpm/recipes-tpm2/ibmswtpm2/files/tune-makefile.patch b/meta-tpm/recipes-tpm2/ibmswtpm2/files/tune-makefile.patch
new file mode 100644
index 0000000..eebddb9
--- /dev/null
+++ b/meta-tpm/recipes-tpm2/ibmswtpm2/files/tune-makefile.patch
@@ -0,0 +1,50 @@
+1) Allow recipe to overide optimization.
+
+fixes:
+
+397 | # warning _FORTIFY_SOURCE requires compiling with optimization (-O)
+| | ^~~~~~~
+| cc1: all warnings being treated as errors
+
+2) Allow recipe to override OE related compile-/link-flags
+
+fixes:
+
+ERROR: QA Issue: File /usr/bin/tpm_server in package ibmswtpm2 doesn't have GNU_HASH (didn't pass LDFLAGS?) [ldflags]
+
+Upstream-Status: OE specific
+
+Signed-off-by: Jens Rehsack <sno@...>
+
+Index: src/makefile
+===================================================================
+--- src.orig/makefile
++++ src/makefile
+@@ -38,12 +38,10 @@
+ #################################################################################
+
+
+-CC = /usr/bin/gcc
+-
+ CCFLAGS = -Wall \
+ -Wmissing-declarations -Wmissing-prototypes -Wnested-externs \
+ -Werror -Wsign-compare \
+- -c -ggdb -O0 \
++ -c -ggdb -O \
+ -DTPM_POSIX \
+ -D_POSIX_ \
+ -DTPM_NUVOTON
+@@ -79,11 +77,11 @@
+ .PRECIOUS: %.o
+
+ tpm_server: $(OBJFILES)
+- $(CC) $(OBJFILES) $(LNFLAGS) -o tpm_server
++ $(CCLD) $(OBJFILES) $(LDFLAGS) $(LNFLAGS) -o tpm_server
+
+ clean:
+ rm -f *.o tpm_server *~
+
+ %.o: %.c
+- $(CC) $(CCFLAGS) $< -o $@
++ $(CC) $(CCFLAGS) $(CFLAGS) $< -o $@
+
diff --git a/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1628.bb b/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1628.bb
deleted file mode 100644
index 3373a30..0000000
--- a/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1628.bb
+++ /dev/null
@@ -1,26 +0,0 @@
-SUMMARY = "IBM's Software TPM 2.0"
-LICENSE = "BSD"
-SECTION = "securty/tpm"
-LIC_FILES_CHKSUM = "file://../LICENSE;md5=1e023f61454ac828b4aa1bc4293f7d5f"
-
-DEPENDS = "openssl"
-
-SRC_URI = "https://sourceforge.net/projects/ibmswtpm2/files/ibmtpm${PV}.tar.gz \
- file://remove_optimization.patch \
- "
-SRC_URI[md5sum] = "bfd3eca2411915f24de628b9ec36f259"
-SRC_URI[sha256sum] = "a8e874e7a1ae13a1290d7679d846281f72d0eb6a5e4cfbafca5297dbf4e29ea3"
-SRC_URI[sha1sum] = "7c8241a4e97a801eace9f0eea8cdda7c58114f7f"
-SRC_URI[sha384sum] = "eec25cc8ba0e3cb27d41ba4fa4c71d8158699953ccb61bb6d440236dcbd8f52b6954eaae9d640a713186e0b99311fd91"
-SRC_URI[sha512sum] = "ab47caa4406ba57c0afc6fadae304fc9ef5e3e125be0f2fb1955a419cf93cd5e9176e103f0b566825abc16cca00b795f98d2b407f0a2bf7b141ef4b025d907d0"
-
-S = "${WORKDIR}/src"
-
-do_compile () {
- make CC='${CC}'
-}
-
-do_install () {
- install -d ${D}/${bindir}
- install -m 0755 tpm_server ${D}/${bindir}
-}
diff --git a/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1637.bb b/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1637.bb
new file mode 100644
index 0000000..32afd37
--- /dev/null
+++ b/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1637.bb
@@ -0,0 +1,39 @@
+SUMMARY = "IBM's Software TPM 2.0"
+DESCRIPTION = "The software TPM 2.0 is targeted toward application development, \
+education, and virtualization. \
+\
+The intent is that an application can be developed using the software TPM. \
+The application should then run using a hardware TPM without changes. \
+Advantages of this approach: \
+* In contrast to a hardware TPM, it runs on many platforms and it's generally faster. \
+* Application software errors are easily reversed by simply removing the TPM state and starting over. \
+* Difficult crypto errors are quickly debugged by looking inside the TPM."
+HOMEPAGE = "http://ibmswtpm.sourceforge.net/ibmswtpm2.html"
+LICENSE = "BSD"
+SECTION = "securty/tpm"
+LIC_FILES_CHKSUM = "file://../LICENSE;md5=1e023f61454ac828b4aa1bc4293f7d5f"
+
+DEPENDS = "openssl"
+
+SRC_URI = "https://sourceforge.net/projects/ibmswtpm2/files/ibmtpm${PV}.tar.gz \
+ file://tune-makefile.patch \
+ file://fix-wrong-cast.patch \
+ "
+SRC_URI[md5sum] = "43b217d87056e9155633925eb6ef749c"
+SRC_URI[sha256sum] = "dd3a4c3f7724243bc9ebcd5c39bbf87b82c696d1c1241cb8e5883534f6e2e327"
+SRC_URI[sha1sum] = "ab4b94079e57a86996991e8a2b749ce063e4ad3e"
+SRC_URI[sha384sum] = "bbef16a934853ce78cba7ddc766aa9d7ef3cde3430a322b1be772bf3ad4bd6d413ae9c4de21bc1a4879d17dfe2aadc1d"
+SRC_URI[sha512sum] = "007aa415cccf19a2bcf789c426727dc4032dcb04cc9d11eedc231d2add708c1134d3d5ee5cfbe7de68307c95fff7a30bd306fbd8d53c198a5ef348440440a6ed"
+
+S = "${WORKDIR}/src"
+
+CFLAGS += "-Wno-error=maybe-uninitialized"
+
+do_compile () {
+ make CC='${CC}'
+}
+
+do_install () {
+ install -d ${D}/${bindir}
+ install -m 0755 tpm_server ${D}/${bindir}
+}


Re: [meta-security][PATCH] nss: update patch to fix do_patch error

Armin Kuster
 

merged,
thanks

On 9/8/20 1:20 AM, Chen Qi wrote:
Currently sssd's do_patch task fails. Update the patch to fix this problem.

Signed-off-by: Chen Qi <Qi.Chen@...>
---
...s-Collision-with-external-nss-symbol.patch | 155 +++++++++---------
1 file changed, 78 insertions(+), 77 deletions(-)

diff --git a/recipes-security/sssd/files/0001-nss-Collision-with-external-nss-symbol.patch b/recipes-security/sssd/files/0001-nss-Collision-with-external-nss-symbol.patch
index bf79f65..c319269 100644
--- a/recipes-security/sssd/files/0001-nss-Collision-with-external-nss-symbol.patch
+++ b/recipes-security/sssd/files/0001-nss-Collision-with-external-nss-symbol.patch
@@ -1,77 +1,78 @@
-+From a069e4186a3cb482226005d4bc73c6fb3dd35c79 Mon Sep 17 00:00:00 2001
-+From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzidek@...>
-+Date: Thu, 27 Feb 2020 06:50:40 +0100
-+Subject: [PATCH] nss: Collision with external nss symbol
-+MIME-Version: 1.0
-+Content-Type: text/plain; charset=UTF-8
-+Content-Transfer-Encoding: 8bit
-+
-+One of our internal static function names started
-+to collide with external nss symbol. Additional
-+sss_ suffix was added to avoid the collision.
-+
-+This is needed to unblock Fedora Rawhide's
-+SSSD build.
-+
-+Reviewed-by: Pavel Březina <pbrezina@...>
-+
-+Upstream-Status: Backport [https://github.com/SSSD/sssd.git]
-+Signed-off-by: Hongxu Jia <hongxu.jia@...>
-+---
-+ src/responder/nss/nss_cmd.c | 18 ++++++++++--------
-+ 1 file changed, 10 insertions(+), 8 deletions(-)
-+
-+diff --git a/src/responder/nss/nss_cmd.c b/src/responder/nss/nss_cmd.c
-+index 25e663e..a4d4cfc 100644
-+--- a/src/responder/nss/nss_cmd.c
-++++ b/src/responder/nss/nss_cmd.c
-+@@ -728,11 +728,13 @@ done:
-+ talloc_free(cmd_ctx);
-+ }
-+
-+-static void nss_setnetgrent_done(struct tevent_req *subreq);
-++static void sss_nss_setnetgrent_done(struct tevent_req *subreq);
-+
-+-static errno_t nss_setnetgrent(struct cli_ctx *cli_ctx,
-+- enum cache_req_type type,
-+- nss_protocol_fill_packet_fn fill_fn)
-++/* This function's name started to collide with external nss symbol,
-++ * so it has additional sss_* prefix unlike other functions here. */
-++static errno_t sss_nss_setnetgrent(struct cli_ctx *cli_ctx,
-++ enum cache_req_type type,
-++ nss_protocol_fill_packet_fn fill_fn)
-+ {
-+ struct nss_ctx *nss_ctx;
-+ struct nss_state_ctx *state_ctx;
-+@@ -774,7 +776,7 @@ static errno_t nss_setnetgrent(struct cli_ctx *cli_ctx,
-+ goto done;
-+ }
-+
-+- tevent_req_set_callback(subreq, nss_setnetgrent_done, cmd_ctx);
-++ tevent_req_set_callback(subreq, sss_nss_setnetgrent_done, cmd_ctx);
-+
-+ ret = EOK;
-+
-+@@ -787,7 +789,7 @@ done:
-+ return EOK;
-+ }
-+
-+-static void nss_setnetgrent_done(struct tevent_req *subreq)
-++static void sss_nss_setnetgrent_done(struct tevent_req *subreq)
-+ {
-+ struct nss_cmd_ctx *cmd_ctx;
-+ errno_t ret;
-+@@ -1037,8 +1039,8 @@ static errno_t nss_cmd_initgroups_ex(struct cli_ctx *cli_ctx)
-+
-+ static errno_t nss_cmd_setnetgrent(struct cli_ctx *cli_ctx)
-+ {
-+- return nss_setnetgrent(cli_ctx, CACHE_REQ_NETGROUP_BY_NAME,
-+- nss_protocol_fill_setnetgrent);
-++ return sss_nss_setnetgrent(cli_ctx, CACHE_REQ_NETGROUP_BY_NAME,
-++ nss_protocol_fill_setnetgrent);
-+ }
-+
-+ static errno_t nss_cmd_getnetgrent(struct cli_ctx *cli_ctx)
-+--
-+2.21.0
-+
+From 05c315100a70d3372e891e9a0ea981a875b2ec90 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzidek@...>
+Date: Thu, 27 Feb 2020 06:50:40 +0100
+Subject: [PATCH] nss: Collision with external nss symbol
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+One of our internal static function names started
+to collide with external nss symbol. Additional
+sss_ suffix was added to avoid the collision.
+
+This is needed to unblock Fedora Rawhide's
+SSSD build.
+
+Reviewed-by: Pavel Březina <pbrezina@...>
+
+Upstream-Status: Backport [https://github.com/SSSD/sssd.git]
+Signed-off-by: Hongxu.jia@...
+Signed-off-by: Qi.Chen@...
+---
+ src/responder/nss/nss_cmd.c | 18 ++++++++++--------
+ 1 file changed, 10 insertions(+), 8 deletions(-)
+
+diff --git a/src/responder/nss/nss_cmd.c b/src/responder/nss/nss_cmd.c
+index 25e663ed5..a4d4cfc0b 100644
+--- a/src/responder/nss/nss_cmd.c
++++ b/src/responder/nss/nss_cmd.c
+@@ -728,11 +728,13 @@ done:
+ talloc_free(cmd_ctx);
+ }
+
+-static void nss_setnetgrent_done(struct tevent_req *subreq);
++static void sss_nss_setnetgrent_done(struct tevent_req *subreq);
+
+-static errno_t nss_setnetgrent(struct cli_ctx *cli_ctx,
+- enum cache_req_type type,
+- nss_protocol_fill_packet_fn fill_fn)
++/* This function's name started to collide with external nss symbol,
++ * so it has additional sss_* prefix unlike other functions here. */
++static errno_t sss_nss_setnetgrent(struct cli_ctx *cli_ctx,
++ enum cache_req_type type,
++ nss_protocol_fill_packet_fn fill_fn)
+ {
+ struct nss_ctx *nss_ctx;
+ struct nss_state_ctx *state_ctx;
+@@ -774,7 +776,7 @@ static errno_t nss_setnetgrent(struct cli_ctx *cli_ctx,
+ goto done;
+ }
+
+- tevent_req_set_callback(subreq, nss_setnetgrent_done, cmd_ctx);
++ tevent_req_set_callback(subreq, sss_nss_setnetgrent_done, cmd_ctx);
+
+ ret = EOK;
+
+@@ -787,7 +789,7 @@ done:
+ return EOK;
+ }
+
+-static void nss_setnetgrent_done(struct tevent_req *subreq)
++static void sss_nss_setnetgrent_done(struct tevent_req *subreq)
+ {
+ struct nss_cmd_ctx *cmd_ctx;
+ errno_t ret;
+@@ -1037,8 +1039,8 @@ static errno_t nss_cmd_initgroups_ex(struct cli_ctx *cli_ctx)
+
+ static errno_t nss_cmd_setnetgrent(struct cli_ctx *cli_ctx)
+ {
+- return nss_setnetgrent(cli_ctx, CACHE_REQ_NETGROUP_BY_NAME,
+- nss_protocol_fill_setnetgrent);
++ return sss_nss_setnetgrent(cli_ctx, CACHE_REQ_NETGROUP_BY_NAME,
++ nss_protocol_fill_setnetgrent);
+ }
+
+ static errno_t nss_cmd_getnetgrent(struct cli_ctx *cli_ctx)
+--
+2.21.0
+

6741 - 6760 of 57398