Date   

Re: Enabling SELinux in an application #selinux

Khem Raj
 

On 4/21/20 11:50 AM, Cguerin@... wrote:
I am with The Middleby Corporation.  We manufacture a wide variety of
commercial ovens, ice machines, coffee brewers, microwaves, soft-serve
machines and virtually anything you’d find in a commercial restaurant
kitchen.  Much of our equipment has a touch-screen display on it – often
4.3” to 10.1” in size.  This is part of an embedded control system that
includes a separate I/O board to talk to motors, heating elements, etc. 
The touch-screen control are most often running Yocto Linux with a QT or
similar application running on top of Linux.  Recently, we have been
asked to explore enabling SELinux security provisions in our
applications.  In speaking with several of our vendors, they all
indicated they don’t generally need to enable SELinux and have never
done so in the past.  

I now know what SELinux is, but I can’t get a good answer if it even is
needed to be enabled on a touch-screen application on equipment that a
16 year old kid generally operates.  We often do have USB ports on our
equipment for software updates and some is connected to the internet as
well, but I still don’t see how the security access provisions in
SELinux are needed for our application. 
Generally devices having ports, or being connected to Internet can
become a door to your network and cause some serious damage, so you
sould assess the security needs for your devices, I would think. As far
as technologies needed to achieve security needs SELinux is one of many
options, you have apparmor, tomoyo, and other MAC technologies, and I
would think you should do some experiments to see which of these will
fit your needs to manage MAC. Then there are other methods to address
security concerns.

Lastly, I'm not a programmer. I manage the business end of all of
Middleby's electronic controls, so the aim of this message is to ask for
general guidance regarding the need for SELinux or not.
I would think you need security, SELinux is one cog in the wheel and
there are other options, I would think doing some proof of concept
within your setups after you have done some security analysis, would be
the steps to take.





Re: inconsistencies with selecting systemd as init manager?

Khem Raj
 

On 4/23/20 5:14 AM, Robert P. J. Day wrote:
On Thu, 23 Apr 2020, Nicolas Dechesne wrote:



On Thu, Apr 23, 2020 at 1:18 PM Robert P. J. Day <rpjday@...> wrote:

  just noticed that, given that since YP 3.0 one could select systemd
as the init manager via the single variable INIT_MANAGER, which pulled
in init-manager-systemd.inc:

# Use systemd for system initialization
DISTRO_FEATURES_append = " systemd"
DISTRO_FEATURES_BACKFILL_CONSIDERED_append = " sysvinit"
VIRTUAL-RUNTIME_init_manager ??= "systemd"
VIRTUAL-RUNTIME_initscripts ??= "systemd-compat-units"
VIRTUAL-RUNTIME_login_manager ??= "shadow-base"


INIT_MANAGER was added in 3.0, see:
https://git.openembedded.org/openembedded-core/commit/?id=8d0b4704a526a48cd5e67df6
1b613424bbbdccde
i know, that's what i mentioned above.

  this doesn't quite seem to match this snippet from
meta/lib/oeqa/selftest/cases/imagefeatures.py:

# Switch to systemd
DISTRO_FEATURES += "systemd"
VIRTUAL-RUNTIME_init_manager = "systemd"
VIRTUAL-RUNTIME_initscripts = ""
VIRTUAL-RUNTIME_syslog = ""
VIRTUAL-RUNTIME_login_manager = "shadow-base"
DISTRO_FEATURES_BACKFILL_CONSIDERED = "sysvinit"


this is the 'old' (pre 3.0) method, and it can (and should) be
replaced with INIT_MANAGER, i believe.
i suspected as much, i just wanted to point out that those two
snippets are not *exactly* equivalent so someone should make sure that
INIT_MANAGER usage is precisely defined.
perhaps imagefeatures.py should be updated to sync with INIT_MANAGER
settings.


rday




Re: Distro testing #yocto

Khem Raj
 

On 4/23/20 2:26 AM, sateesh m wrote:
Hi Guys,

             I want to test Distro testing in my yocto build image. for
that I need setup configurations and how can i check results and where i
can get results. can anybody knows please suggest me .
you can check ptest images perhaps see [1]


[1] https://wiki.yoctoproject.org/wiki/Image_tests


Re: meta-javascripts

Khem Raj
 

On 4/23/20 12:01 AM, Per Hallsmark wrote:
Hi Nicholas,

Thanks, I was thinking as providing it to Yocto but not maintaining it
myself. Too much other stuff going on
so it would be a slowly updated layer then.
Give it some time and see if someone steps up to maintain it, if not you
can also put these recipes in other layers

BR,
Per

On Thu, 23 Apr 2020 at 07:59, Nicholas Krause <xerofoify@...
<mailto:xerofoify@...>> wrote:



On 4/23/20 1:28 AM, per@... <mailto:per@...> wrote:
Hello fellow Yocto developers,

To be able todo efficient HTML5 programming we of course needs
some javascript libraries.
I've not seen Yocto have them packaged so I made up this idea of
putting them into their own /usr/lib/js path
with a subdir for each javascript library. It is published here :

https://gitlab.com/saxofon/meta-javascripts

With an example usage here :

https://github.com/Wind-River/device-remote-gui

Would this be something yoctoproject is interested of perhaps?

BR,
Per
Hi,

I'm not a maintainer but you may want to see if you or other  people
are able to maintain
then as a open embedded layer as part of the index. Not sure if
someone else can
chip in if this is a useful recipe set to add to the open embedded
index.

That would ideally be where you would want this to go if this is
useful and maintained,

Nick



Can't find pyconfig.h with python3

Emily
 

Hi all - 

I'm trying to build an OS with a custom recipe (https://github.com/kratsg/meta-l1calo/blob/add/opcServer/recipes-core/opc-ua/opc-ua-server-gfex_git.bb). I can build it as-is in the link above, but when actually trying to use the output of the recipe (Poverty.so) I get the below error in python3: 
>>> import Poverty Traceback (most recent call last): File "<stdin>", line 1, in <module> ImportError: /usr/bin/Poverty.so: undefined symbol: _ZN5boost6python6detail11init_moduleEPKcPFvvE

I think that's because I built against python2 in some places. So I replaced essentially all of the python dependencies with their corresponding python3 dependencies, but that gives a build error in bitbake like:  
| /local/d6/easmith5/rocko_bitbake/poky/build/tmp/work/aarch64-poky-linux/opc-ua-server-gfex/1.0+gitAUTOINC+921c563309-r0/recipe-sysroot/usr/include/boost/python/detail/wrap_python.hpp:50:11: fatal error: pyconfig.h: No such file or directory
|  # include <pyconfig.h>
|            ^~~~~~~~~~~~
| compilation terminated.

However, I checked and the offending file pyconfig.h is actually present at | /local/d6/easmith5/rocko_bitbake/poky/build/tmp/work/aarch64-poky-linux/opc-ua-server-gfex/1.0+gitAUTOINC+921c563309-r0/recipe-sysroot/usr/include/python3.5m/. When I build with python2 dependencies the file is in the same location, just /python2.7/.

I can't quite tell if this is a yocto problem, or a problem with my recipe and/or build files for that recipe. If anyone has suggestions they would be much appreciated! 

Thanks!
Emily Smith


Re: Enabling SELinux in an application #selinux

Rudolf J Streif
 

Hi,

There is no simply answer to your question. Most generally speaking any type of security, not just for computers and embedded systems, is a tradeoff between risk and cost.

The fact that your appliances have USB ports and are potentially connected to the Internet makes them vulnerable for attacks. They can potentially be used to gain access to your appliances, put malicious software on them, potentially damage them. be used as bots for cyber attacks, etc. An expert and embedded security can assess the risk by examining your appliances, software etc. You only can assess the risk for your business and the business of your customers. What will it mean for a customer and your business if multiple appliances are hacked and not functioning anymore and the customer cannot deliver their product and services possibly for days until you are able to reinstall the software? What does that mean for your business if that happens at many of your customers' locations at the same time?

It does not need to be professional hackers that are out for financial gain doing that. Your proverbial 16 year old kid operating the equipment could be an aspiring embedded systems engineer who is curious about what's behind the scenes of the appliances.

It's never a bad idea to think about security for your embedded systems. Having done a whole lot deal of embedded systems in automotive and explicitly for securing content and devices for digital television I can only advise you to take it seriously. It's better to be proactive then reactive. Bad embedded systems security practices are all around. Just because your vendors have not done it does not really mean anything.

SELinux is only one consideration. There are other things that go into hardening an embedded system.

Best regards,
Rudi

On 4/21/20 11:50 AM, Cguerin@... wrote:

I am with The Middleby Corporation.  We manufacture a wide variety of commercial ovens, ice machines, coffee brewers, microwaves, soft-serve machines and virtually anything you’d find in a commercial restaurant kitchen.  Much of our equipment has a touch-screen display on it – often 4.3” to 10.1” in size.  This is part of an embedded control system that includes a separate I/O board to talk to motors, heating elements, etc.  The touch-screen control are most often running Yocto Linux with a QT or similar application running on top of Linux.  Recently, we have been asked to explore enabling SELinux security provisions in our applications.  In speaking with several of our vendors, they all indicated they don’t generally need to enable SELinux and have never done so in the past.  

I now know what SELinux is, but I can’t get a good answer if it even is needed to be enabled on a touch-screen application on equipment that a 16 year old kid generally operates.  We often do have USB ports on our equipment for software updates and some is connected to the internet as well, but I still don’t see how the security access provisions in SELinux are needed for our application. 

Lastly, I'm not a programmer. I manage the business end of all of Middleby's electronic controls, so the aim of this message is to ask for general guidance regarding the need for SELinux or not.  



    
-- 
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3386 x700


Re: [PATCH yocto-autobuilder-helper 2/2] scripts/send-qa-email: fix bug in git push logic for yocto-testresults

Richard Purdie
 

On Wed, 2020-04-22 at 14:43 -1000, Steve Sakoman wrote:
We were mistakenly doing a force push if the branch was in either
BUILD_HISTORY_FORKPUSH or BUILD_HISTORY_DIRECTPUSH.

Now we force push for branches in BUILD_HISTORY_FORKPUSH, regular push
for branches in BUILD_HISTORY_DIRECTPUSH, and no push if the branch is
in neither list.

Signed-off-by: Steve Sakoman <steve@...>
---
scripts/send-qa-email | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/send-qa-email b/scripts/send-qa-email
index 205f6d1..b4d4cec 100755
--- a/scripts/send-qa-email
+++ b/scripts/send-qa-email
@@ -80,10 +80,10 @@ if 'poky' in repos and os.path.exists(resulttool) and args.results_dir:
extraopts = None

subprocess.check_call([resulttool, "store", args.results_dir, tempdir])
- if basebranch:
+ if comparebranch:
subprocess.check_call(["git", "push", "--all", "--force"], cwd=tempdir)
subprocess.check_call(["git", "push", "--tags", "--force"], cwd=tempdir)
- else:
+ elif basebranch:
subprocess.check_call(["git", "push", "--all"], cwd=tempdir)
subprocess.check_call(["git", "push", "--tags"], cwd=tempdir)
Thanks, well found!

I tweaked the first patch to use comparerepo instead of baserepo. The
confusion came from cut and paste from the buildhistory code.

Cheers,

Richard


Re: inconsistencies with selecting systemd as init manager?

Robert P. J. Day
 

On Thu, 23 Apr 2020, Nicolas Dechesne wrote:



On Thu, Apr 23, 2020 at 1:18 PM Robert P. J. Day <rpjday@...> wrote:

  just noticed that, given that since YP 3.0 one could select systemd
as the init manager via the single variable INIT_MANAGER, which pulled
in init-manager-systemd.inc:

# Use systemd for system initialization
DISTRO_FEATURES_append = " systemd"
DISTRO_FEATURES_BACKFILL_CONSIDERED_append = " sysvinit"
VIRTUAL-RUNTIME_init_manager ??= "systemd"
VIRTUAL-RUNTIME_initscripts ??= "systemd-compat-units"
VIRTUAL-RUNTIME_login_manager ??= "shadow-base"


INIT_MANAGER was added in 3.0, see:
https://git.openembedded.org/openembedded-core/commit/?id=8d0b4704a526a48cd5e67df6
1b613424bbbdccde
i know, that's what i mentioned above.

  this doesn't quite seem to match this snippet from
meta/lib/oeqa/selftest/cases/imagefeatures.py:

# Switch to systemd
DISTRO_FEATURES += "systemd"
VIRTUAL-RUNTIME_init_manager = "systemd"
VIRTUAL-RUNTIME_initscripts = ""
VIRTUAL-RUNTIME_syslog = ""
VIRTUAL-RUNTIME_login_manager = "shadow-base"
DISTRO_FEATURES_BACKFILL_CONSIDERED = "sysvinit"


this is the 'old' (pre 3.0) method, and it can (and should) be
replaced with INIT_MANAGER, i believe.
i suspected as much, i just wanted to point out that those two
snippets are not *exactly* equivalent so someone should make sure that
INIT_MANAGER usage is precisely defined.

rday


Re: inconsistencies with selecting systemd as init manager?

Nicolas Dechesne
 



On Thu, Apr 23, 2020 at 1:18 PM Robert P. J. Day <rpjday@...> wrote:

  just noticed that, given that since YP 3.0 one could select systemd
as the init manager via the single variable INIT_MANAGER, which pulled
in init-manager-systemd.inc:

# Use systemd for system initialization
DISTRO_FEATURES_append = " systemd"
DISTRO_FEATURES_BACKFILL_CONSIDERED_append = " sysvinit"
VIRTUAL-RUNTIME_init_manager ??= "systemd"
VIRTUAL-RUNTIME_initscripts ??= "systemd-compat-units"
VIRTUAL-RUNTIME_login_manager ??= "shadow-base"

INIT_MANAGER was added in 3.0, see:


  this doesn't quite seem to match this snippet from
meta/lib/oeqa/selftest/cases/imagefeatures.py:

# Switch to systemd
DISTRO_FEATURES += "systemd"
VIRTUAL-RUNTIME_init_manager = "systemd"
VIRTUAL-RUNTIME_initscripts = ""
VIRTUAL-RUNTIME_syslog = ""
VIRTUAL-RUNTIME_login_manager = "shadow-base"
DISTRO_FEATURES_BACKFILL_CONSIDERED = "sysvinit"

this is the 'old' (pre 3.0) method, and it can (and should) be replaced with INIT_MANAGER, i believe.


  not sure if that second snippet could be replaced with a simple
assignment to INIT_MANAGER or whether those two snippets are
effectively equivalent ... i'll let someone else make that call.

rday

--

========================================================================
Robert P. J. Day                                 Ottawa, Ontario, CANADA
                         http://crashcourse.ca

Twitter:                                       http://twitter.com/rpjday
LinkedIn:                               http://ca.linkedin.com/in/rpjday
========================================================================


inconsistencies with selecting systemd as init manager?

Robert P. J. Day
 

just noticed that, given that since YP 3.0 one could select systemd
as the init manager via the single variable INIT_MANAGER, which pulled
in init-manager-systemd.inc:

# Use systemd for system initialization
DISTRO_FEATURES_append = " systemd"
DISTRO_FEATURES_BACKFILL_CONSIDERED_append = " sysvinit"
VIRTUAL-RUNTIME_init_manager ??= "systemd"
VIRTUAL-RUNTIME_initscripts ??= "systemd-compat-units"
VIRTUAL-RUNTIME_login_manager ??= "shadow-base"

this doesn't quite seem to match this snippet from
meta/lib/oeqa/selftest/cases/imagefeatures.py:

# Switch to systemd
DISTRO_FEATURES += "systemd"
VIRTUAL-RUNTIME_init_manager = "systemd"
VIRTUAL-RUNTIME_initscripts = ""
VIRTUAL-RUNTIME_syslog = ""
VIRTUAL-RUNTIME_login_manager = "shadow-base"
DISTRO_FEATURES_BACKFILL_CONSIDERED = "sysvinit"

not sure if that second snippet could be replaced with a simple
assignment to INIT_MANAGER or whether those two snippets are
effectively equivalent ... i'll let someone else make that call.

rday

--

========================================================================
Robert P. J. Day Ottawa, Ontario, CANADA
http://crashcourse.ca

Twitter: http://twitter.com/rpjday
LinkedIn: http://ca.linkedin.com/in/rpjday
========================================================================


Distro testing #yocto

sateesh m
 

Hi Guys,

             I want to test Distro testing in my yocto build image. for that I need setup configurations and how can i check results and where i can get results. can anybody knows please suggest me .


perf-1.0 do complie issue

sateesh m
 

Hi Sir,

           I am trying to build yocto image target qemuriscv64 using core-image-sato. But i am facing issue with this package how can i resolve this issue . can you please suggest me solution.



Thanks & Regards,
Sateesh


Re: meta-javascripts

Per Hallsmark
 

Hi Nicholas,

Thanks, I was thinking as providing it to Yocto but not maintaining it myself. Too much other stuff going on
so it would be a slowly updated layer then.

BR,
Per

On Thu, 23 Apr 2020 at 07:59, Nicholas Krause <xerofoify@...> wrote:


On 4/23/20 1:28 AM, per@... wrote:
Hello fellow Yocto developers,

To be able todo efficient HTML5 programming we of course needs some javascript libraries.
I've not seen Yocto have them packaged so I made up this idea of putting them into their own /usr/lib/js path
with a subdir for each javascript library. It is published here :

https://gitlab.com/saxofon/meta-javascripts

With an example usage here :

https://github.com/Wind-River/device-remote-gui

Would this be something yoctoproject is interested of perhaps?

BR,
Per

Hi,

I'm not a maintainer but you may want to see if you or other  people are able to maintain
then as a open embedded layer as part of the index. Not sure if someone else can
chip in if this is a useful recipe set to add to the open embedded index.

That would ideally be where you would want this to go if this is useful and maintained,

Nick

    


[meta-selinux][PATCH] libselinux-python: Fix one invalid link

Changqing Li
 

From: Changqing Li <changqing.li@...>

when host arch and target arch are different, the extension
suffix of host is different with target one, so there will
be a invalid link. Fix by update the way to create the link.

Signed-off-by: Changqing Li <changqing.li@...>
---
recipes-security/selinux/libselinux-python_3.0.bb | 1 +
...PYCEXT-and-rely-on-the-installed-file-nam.patch | 52 ++++++++++++++++++++++
2 files changed, 53 insertions(+)
create mode 100644 recipes-security/selinux/libselinux/0001-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch

diff --git a/recipes-security/selinux/libselinux-python_3.0.bb b/recipes-security/selinux/libselinux-python_3.0.bb
index e024a22..2b5438d 100644
--- a/recipes-security/selinux/libselinux-python_3.0.bb
+++ b/recipes-security/selinux/libselinux-python_3.0.bb
@@ -16,5 +16,6 @@ SRC_URI += "\
file://libselinux-define-FD_CLOEXEC-as-necessary.patch \
file://0001-Fix-building-against-musl-and-uClibc-libc-libraries.patch \
file://0001-Makefile-fix-python-modules-install-path-for-multili.patch \
+ file://0001-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch \
"
S = "${WORKDIR}/libselinux-${PV}"
diff --git a/recipes-security/selinux/libselinux/0001-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch b/recipes-security/selinux/libselinux/0001-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
new file mode 100644
index 0000000..b7cd59d
--- /dev/null
+++ b/recipes-security/selinux/libselinux/0001-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
@@ -0,0 +1,52 @@
+From 0d4da8093bc2ef92b7c6f7fd1f4804f6ebc6cb56 Mon Sep 17 00:00:00 2001
+From: Thomas Petazzoni <thomas.petazzoni@...>
+Date: Fri, 25 Oct 2019 13:37:14 +0200
+Subject: [PATCH] Do not use PYCEXT, and rely on the installed file name
+
+PYCEXT is computed by asking the Python intrepreter what is the
+file extension used for native Python modules.
+
+Unfortunately, when cross-compiling, the host Python doesn't give the
+proper result: it gives the result matching the build machine, and not
+the target machine. Due to this, the symlink has an incorrect name,
+and doesn't point to the .so file that was actually built/installed.
+
+To address this and keep things simple, this patch just changes the ln
+invocation to rely on the name of the _selinux*.so Python module that
+was installed.
+
+[Upstream: https://github.com/SELinuxProject/selinux/pull/184]
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@...>
+
+Upstream-Status: Denied [https://patchwork.kernel.org/patch/11212405/]
+
+[Refreshed for 3.0]
+Signed-off-by: Changqing Li <changqing.li@...>
+---
+ src/Makefile | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/src/Makefile b/src/Makefile
+index a384a10..82adf82 100644
+--- a/src/Makefile
++++ b/src/Makefile
+@@ -15,7 +15,6 @@ INCLUDEDIR ?= $(PREFIX)/include
+ PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX))
+ PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX))
+ PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig import *; print(get_python_lib(plat_specific=1, prefix='$(PREFIX)'))")
+-PYCEXT ?= $(shell $(PYTHON) -c 'import imp;print([s for s,m,t in imp.get_suffixes() if t == imp.C_EXTENSION][0])')
+ RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" + RbConfig::CONFIG["rubyarchhdrdir"] + " -I" + RbConfig::CONFIG["rubyhdrdir"]')
+ RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" + RbConfig::CONFIG["libdir"] + " -L" + RbConfig::CONFIG["archlibdir"] + " " + RbConfig::CONFIG["LIBRUBYARG_SHARED"]')
+ RUBYINSTALL ?= $(shell $(RUBY) -e 'puts RbConfig::CONFIG["vendorarchdir"]')
+@@ -175,7 +174,7 @@ install: all
+ install-pywrap: pywrap
+ $(PYTHON) setup.py install --prefix=$(PREFIX) --root=$(DESTDIR) --install-lib=$(PYTHONLIBDIR)
+ install -m 644 $(SWIGPYOUT) $(DESTDIR)$(PYTHONLIBDIR)/selinux/__init__.py
+- ln -sf --relative $(DESTDIR)$(PYTHONLIBDIR)/selinux/_selinux$(PYCEXT) $(DESTDIR)$(PYTHONLIBDIR)/_selinux$(PYCEXT)
++ ln -sf --relative $(DESTDIR)$(PYTHONLIBDIR)/selinux/_selinux*.so $(DESTDIR)$(PYTHONLIBDIR)/
+
+ install-rubywrap: rubywrap
+ test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d $(DESTDIR)$(RUBYINSTALL)
+--
+2.24.1
+
--
2.7.4


Re: meta-javascripts

Nicholas Krause
 



On 4/23/20 1:28 AM, per@... wrote:
Hello fellow Yocto developers,

To be able todo efficient HTML5 programming we of course needs some javascript libraries.
I've not seen Yocto have them packaged so I made up this idea of putting them into their own /usr/lib/js path
with a subdir for each javascript library. It is published here :

https://gitlab.com/saxofon/meta-javascripts

With an example usage here :

https://github.com/Wind-River/device-remote-gui

Would this be something yoctoproject is interested of perhaps?

BR,
Per

Hi,

I'm not a maintainer but you may want to see if you or other  people are able to maintain
then as a open embedded layer as part of the index. Not sure if someone else can
chip in if this is a useful recipe set to add to the open embedded index.

That would ideally be where you would want this to go if this is useful and maintained,

Nick

    


meta-javascripts

Per Hallsmark
 

Hello fellow Yocto developers,

To be able todo efficient HTML5 programming we of course needs some javascript libraries.
I've not seen Yocto have them packaged so I made up this idea of putting them into their own /usr/lib/js path
with a subdir for each javascript library. It is published here :

https://gitlab.com/saxofon/meta-javascripts

With an example usage here :

https://github.com/Wind-River/device-remote-gui

Would this be something yoctoproject is interested of perhaps?

BR,
Per


[PATCH yocto-autobuilder-helper 2/2] scripts/send-qa-email: fix bug in git push logic for yocto-testresults

Steve Sakoman
 

We were mistakenly doing a force push if the branch was in either
BUILD_HISTORY_FORKPUSH or BUILD_HISTORY_DIRECTPUSH.

Now we force push for branches in BUILD_HISTORY_FORKPUSH, regular push
for branches in BUILD_HISTORY_DIRECTPUSH, and no push if the branch is
in neither list.

Signed-off-by: Steve Sakoman <steve@...>
---
scripts/send-qa-email | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/send-qa-email b/scripts/send-qa-email
index 205f6d1..b4d4cec 100755
--- a/scripts/send-qa-email
+++ b/scripts/send-qa-email
@@ -80,10 +80,10 @@ if 'poky' in repos and os.path.exists(resulttool) and args.results_dir:
extraopts = None

subprocess.check_call([resulttool, "store", args.results_dir, tempdir])
- if basebranch:
+ if comparebranch:
subprocess.check_call(["git", "push", "--all", "--force"], cwd=tempdir)
subprocess.check_call(["git", "push", "--tags", "--force"], cwd=tempdir)
- else:
+ elif basebranch:
subprocess.check_call(["git", "push", "--all"], cwd=tempdir)
subprocess.check_call(["git", "push", "--tags"], cwd=tempdir)

--
2.17.1


[PATCH yocto-autobuilder-helper 1/2] scripts/utils.py: Fix confusing naming of getcomparisonbranch() return value

Steve Sakoman
 

Signed-off-by: Steve Sakoman <steve@...>
---
scripts/utils.py | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/scripts/utils.py b/scripts/utils.py
index 68652d9..25eba31 100644
--- a/scripts/utils.py
+++ b/scripts/utils.py
@@ -358,9 +358,9 @@ def getcomparisonbranch(ourconfig, reponame, branchname):
if (reponame + ":" + branchname) in getconfig("BUILD_HISTORY_FORKPUSH", ourconfig):
base = getconfig("BUILD_HISTORY_FORKPUSH", ourconfig)[reponame + ":" + branchname]
if base:
- baserepo, basebranch = base.split(":")
- print("Comparing to %s\n" % (basebranch))
- return branchname, basebranch
+ baserepo, comparebranch = base.split(":")
+ print("Comparing to %s\n" % (comparebranch))
+ return branchname, comparebranch
if (reponame + ":" + branchname) in getconfig("BUILD_HISTORY_DIRECTPUSH", ourconfig):
return branchname, None
return None, None
--
2.17.1


Re: Adding python3 remotely

Sean McKay
 

Assuming you’re using the default rpm packaging, you can extract the contents of the rpm (from tmp/deploy/rpm/<target>) file to a staging directory using rpm2cpio and piping to cpio (easiest way I know of to extract an rpm) and then scp/rsync/etc the files into the right places.

 

That being said, you’ll now have a “package” that wasn’t installed by the package manager on the system, so it could cause weirdness when you do finally get it up and running. I’d strongly recommend trying to get the packaging to work correctly… is rpm (or whatever packagemanager you’re using) installed on your target? Does it work if you try to copy the whole package on manually and install it with the package manager, rather than going through the whole sources process for updating?

 

-Sean McKay

 

From: yocto@... <yocto@...> On Behalf Of Emily
Sent: Wednesday, April 22, 2020 8:25 AM
To: Yocto List <yocto@...>
Subject: [yocto] Adding python3 remotely

 

Hi all - 

 

I'd like to add python3 to my OS - I can add and build it just fine, but at the moment I can't physically access my board. I've never been able to get the OS to update properly remotely, though I think there should be a way since I'm booting from SD. That aside, can I just copy the built python3 files to the proper places in my OS (/usr/lib, /usr/bin, etc) and have a working python3 on the board? If so, which files do I need? I've been unable to get it to work thus far by just poking around the workdir files. 

 

Thanks,

Emily Smith


Re: HELP NEEDED TO ENABLE CUPS IN YOCTO #cups #yocto #linux

Ross Burton <ross@...>
 

On Wed, 22 Apr 2020 at 16:58, Dan O'Donovan <dan.odonovan@...> wrote:
This meta-printing layer has worked well for me in the past:
https://github.com/rossburton/meta-printing.git
Those recipes exist in other layers, meta-printing is dead so please
don't use it.

Ross

8161 - 8180 of 57383