Date   

Yocto Project Status 14 February 2023 (WW07)

Stephen Jolley
 

Current Dev Position: YP 4.2 M3

Next Deadline: 20th February 2023 YP 4.2 M3 Build

 

Next Team Meetings:

 

Key Status/Updates:

  • YP 3.1.23 was built and is in QA. There was an intermittent failure during the release build but this was a known issue recurring.
  • Next week is when M3 is due to build and this marks feature freeze for YP 4.2.
  • We saw a number of version upgrades this week (thanks Alex Kanavin).
  • There were also improvements to our runtime testing reliability (thanks Mikko Rapeli).
  • Of the issues discussed in https://lists.openembedded.org/g/openembedded-core/message/176476, the bitbake command timeout and PR serv async io issues still need to be addressed.
  • CVE levels in master are reducing but help in resolving the remaining issues would be appreciated.
  • We have a growing number of bugs in bugzilla, any help with them is appreciated.

 

Ways to contribute:

 

YP 4.2 Milestone Dates:

  • YP 4.2 M3 build date 2023/02/20
  • YP 4.2 M3 Release date 2023/03/03
  • YP 4.2 M4 build date 2023/04/03
  • YP 4.2 M4 Release date 2023/04/28

 

Upcoming dot releases:

  • YP 3.1.23 is built and in QA
  • YP 3.1.23 Release date 2023/02/24
  • YP 4.0.8 build date 2023/02/27
  • YP 4.0.8 Release date 2023/03/10
  • YP 4.1.3 build date 2023/03/06
  • YP 4.1.3 Release date 2023/03/17
  • YP 3.1.24 build date 2023/03/20
  • YP 3.1.24 Release date 2023/03/31
  • YP 4.0.9 build date 2023/04/10
  • YP 4.0.9 Release date 2023/04/21
  • YP 4.1.4 build date 2023/05/01
  • YP 4.1.4 Release date 2023/05/13
  • YP 3.1.25 build date 2023/05/08
  • YP 3.1.25 Release date 2023/05/19
  • YP 4.0.10 build date 2023/05/15
  • YP 4.0.10 Release date 2023/05/26

 

Tracking Metrics:

 

The Yocto Project’s technical governance is through its Technical Steering Committee, more information is available at:

https://wiki.yoctoproject.org/wiki/TSC

 

The Status reports are now stored on the wiki at: https://wiki.yoctoproject.org/wiki/Weekly_Status

 

[If anyone has suggestions for other information you’d like to see on this weekly status update, let us know!]

 

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 


Re: [kirkstone][meta-security][PATCH 0/2] dm-verity-img support for squashfs and erofs

Mikko Rapeli
 

Hi,

On Tue, Feb 14, 2023 at 09:08:29AM +0100, Maciej Borzęcki wrote:
A cherry pick of patches adding support for EROFS and squashfs in dm-verity-img.
Depending on stable branch policies for meta-security, backporting new
features may not be acceptable.

As an alternative, master branch may just work with kirkstone. At least it
does for me as long as I set kirkstone to compatible with the layer
in my private layer config:

# meta-security master removed kirkstone support but it still works for us
LAYERSERIES_COMPAT_security-layer += 'kirkstone'
LAYERSERIES_COMPAT_parsec-layer += 'kirkstone'
LAYERSERIES_COMPAT_tpm-layer += 'kirkstone'

Cheers,

-Mikko


[kirkstone][meta-security][PATCH 2/2] dm-verity-img.bbclass: add squashfs images

Maciej Borzęcki
 

From: Maciej Borzęcki <maciek@...>

Add squashfs to images supported by verity.

Signed-off-by: Maciek Borzecki <maciek@...>
Signed-off-by: Armin Kuster <akuster808@...>
(cherry picked from commit ab8651c139a05c476d7e8a6a987106b2f7e9a354)
Signed-off-by: Maciek Borzecki <maciek@...>
---
classes/dm-verity-img.bbclass | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/classes/dm-verity-img.bbclass b/classes/dm-verity-img.bbclass
index dd447e661f6c0002fe3390ed598cddff6bc0ce8f..e5946bc3279c4a200ea3404f7475860a24abd650 100644
--- a/classes/dm-verity-img.bbclass
+++ b/classes/dm-verity-img.bbclass
@@ -63,7 +63,12 @@ verity_setup() {
veritysetup --data-block-size=${DM_VERITY_IMAGE_DATA_BLOCK_SIZE} --hash-offset=$SIZE format $OUTPUT $OUTPUT | tail -n +2 | process_verity
}

-VERITY_TYPES = "ext2.verity ext3.verity ext4.verity btrfs.verity erofs.verity erofs-lz4.verity erofs-lz4hc.verity"
+VERITY_TYPES = " \
+ ext2.verity ext3.verity ext4.verity \
+ btrfs.verity \
+ erofs.verity erofs-lz4.verity erofs-lz4hc.verity \
+ squashfs.verity squashfs-xz.verity squashfs-lzo.verity squashfs-lz4.verity squashfs-zst.verity \
+"
IMAGE_TYPES += "${VERITY_TYPES}"
CONVERSIONTYPES += "verity"
CONVERSION_CMD:verity = "verity_setup ${type}"
--
2.39.1


[kirkstone][meta-security][PATCH 1/2] Add EROFS support to dm-verity-img class

Maciej Borzęcki
 

From: Josh Harley <jharley@...>

[PATCH] Add support for the EROFS image, and it's compressed options,
to the dm-verity-img.bbclass setup, theoretically this is a simple addition
to the list of types however there is a quirk in how Poky handles the
filesystems in poky/meta/classes/image_types.bbclass.

Specifically the 'IMAGE_CMD' and 'IMAGE_FSTYPES' use a hyphen, e.g.
erofs-lz4, however in the image_type bbclass the task for that would be
"do_image_erofs_lz4", replacing the hyphen with an underscore.

As the dm-verity-img.bbclass adds a dependency to the wic image creation
on the do_image_* task then it fails as there is no
"do_image_erofs-lz4", so simply replace the hypen with an underscore.

Signed-off-by: Armin Kuster <akuster808@...>
(cherry picked from commit 8ca6bb86e653a332f7cb5b30babc0cd6c58769d0)
Signed-off-by: Maciek Borzecki <maciek@...>
---
classes/dm-verity-img.bbclass | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/classes/dm-verity-img.bbclass b/classes/dm-verity-img.bbclass
index 93f667d6cdc11257ae8f2ba6300db9f62384a46c..dd447e661f6c0002fe3390ed598cddff6bc0ce8f 100644
--- a/classes/dm-verity-img.bbclass
+++ b/classes/dm-verity-img.bbclass
@@ -63,7 +63,7 @@ verity_setup() {
veritysetup --data-block-size=${DM_VERITY_IMAGE_DATA_BLOCK_SIZE} --hash-offset=$SIZE format $OUTPUT $OUTPUT | tail -n +2 | process_verity
}

-VERITY_TYPES = "ext2.verity ext3.verity ext4.verity btrfs.verity"
+VERITY_TYPES = "ext2.verity ext3.verity ext4.verity btrfs.verity erofs.verity erofs-lz4.verity erofs-lz4hc.verity"
IMAGE_TYPES += "${VERITY_TYPES}"
CONVERSIONTYPES += "verity"
CONVERSION_CMD:verity = "verity_setup ${type}"
@@ -90,6 +90,6 @@ python __anonymous() {
# If we're using wic: we'll have to use partition images and not the rootfs
# source plugin so add the appropriate dependency.
if 'wic' in image_fstypes:
- dep = ' %s:do_image_%s' % (pn, verity_type)
+ dep = ' %s:do_image_%s' % (pn, verity_type.replace("-", "_"))
d.appendVarFlag('do_image_wic', 'depends', dep)
}
--
2.39.1


[kirkstone][meta-security][PATCH 0/2] dm-verity-img support for squashfs and erofs

Maciej Borzęcki
 

A cherry pick of patches adding support for EROFS and squashfs in dm-verity-img.

Josh Harley (1):
Add EROFS support to dm-verity-img class

Maciej Borzęcki (1):
dm-verity-img.bbclass: add squashfs images

classes/dm-verity-img.bbclass | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)

--
2.39.1


Re: [qa-build-notification] QA notification for completed autobuilder build (yocto-3.1.23.rc1)

Jing Hui Tham
 

Hi all,

Intel and WR YP QA is planning for QA execution for YP build yocto-3.1.23.rc1. We are planning to execute following tests for this cycle:

OEQA-manual tests for following module:
1. OE-Core
2. BSP-hw

Runtime auto test for following platforms:
1. MinnowTurbot 32-bit
2. NUC 7
3. ADL
4. TGL NUC 11
5. Edgerouter
6. Beaglebone

ETA for completion Friday, 17 February 2023.

Best regards,
Jing Hui

-----Original Message-----
From: qa-build-notification@... <qa-build-
notification@...> On Behalf Of Pokybuild User
Sent: Monday, 13 February, 2023 9:22 PM
To: yocto@...
Cc: qa-build-notification@...
Subject: [qa-build-notification] QA notification for completed autobuilder
build (yocto-3.1.23.rc1)


A build flagged for QA (yocto-3.1.23.rc1) was completed on the autobuilder
and is available at:


https://autobuilder.yocto.io/pub/releases/yocto-3.1.23.rc1


Build hash information:

bitbake: c16d364dbf68d2a500fecaf8d6e6d62b11475d9f
meta-agl: ae982d798a979ee5690bee00ca90a2855bab4802
meta-arm: b1fe8443a7a72c65fa0fc3371f607c6671b3a882
meta-aws: 99e30a393f980694bf46284521b137eddd6a753a
meta-gplv2: 60b251c25ba87e946a0ca4cdc8d17b1cb09292ac
meta-intel: 6c202291925bb179d2d08b5bde80192f9b032b88
meta-mingw: 524de686205b5d6736661d4532f5f98fee8589b7
meta-openembedded: e707e9b7cf5c62bff4fee029965a87b22dd4ccba
meta-virtualization: beea119eb529b4a11f266004aee8b548427aea39
oecore: daaee6fcb0d201f041678af433d8e1cd6f924d09
poky: aec83663aadc871354b441eef0a3a41eb3780b13



This is an automated message from the Yocto Project Autobuilder
Git: git://git.yoctoproject.org/yocto-autobuilder2
Email: richard.purdie@...







M+ & H bugs with Milestone Movements WW06

Stephen Jolley
 

All,

YP M+ or high bugs which moved to a new milestone in WW06 are listed below:

Priority

Bug ID

Short Description

Changer

Owner

Was

Became

Medium+

10061

Ctrl+C during BB_HASHCHECK_FUNCTION execution does not interrupt processing nicely

randy.macleod@...

unassigned@...

4.2 M2

4.2 M3

 

10731

bitbake --observe-only doesn't work with memres

randy.macleod@...

pavel@...

4.2 M2

4.2 M3

 

11704

Add other resource monitoring options to conf/local.conf STOPTASKS/ABORT

randy.macleod@...

randy.macleod@...

4.2 M2

4.2 M4

 

11781

bitbake --observe-only may get KeyError

richard.purdie@...

richard.purdie@...

4.2 M2

4.2 M3

 

11899

broken 'bitbake --status-only' and 'bitbake -m' for multiple connections

richard.purdie@...

richard.purdie@...

4.2 M2

4.2 M3

 

12279

enhance manifest not found warning

randy.macleod@...

newcomer@...

4.2 M2

4.2 M3

 

13533

Devtool finish on _git package with SRCPV in PV points to wrong WORKDIR

randy.macleod@...

saul.wold@...

4.2 M2

4.2 M3

 

13808

do_task[noexec] = "" marks task noexec, which is inconsistent with docs

richard.purdie@...

richard.purdie@...

4.2 M2

4.2 M3

 

13980

Investigate replacements for PhantomJS for buildperf output

randy.macleod@...

randy.macleod@...

4.2 M2

4.2 M4

 

14066

bitbake core-image-base -c populate_sdk fails when image contains bash, core-utils and package_deb is used

randy.macleod@...

pavel@...

4.2 M2

4.2 M3

 

14125

busybox wget ssl is exposed to MitM attack due to CVE-2018-1000500

randy.macleod@...

randy.macleod@...

4.2 M2

4.2 M3

 

14141

devtool modify fails with submodules

randy.macleod@...

sgw@...

4.2 M2

4.2 M3

 

14165

AB-INT PTEST: strace ptest intermittent failure in qual_fault-syscall.test

randy.macleod@...

randy.macleod@...

4.2 M2

4.2 M3

 

14311

valgrind drd/tests ptest intermittent failure

randy.macleod@...

randy.macleod@...

4.2 M2

4.2 M3

 

14430

valgrind memcheck/tests/linux/stack_changes failure

randy.macleod@...

randy.macleod@...

4.2 M2

4.2 M3

 

14443

valgrind none/tests/amd64/fb_test_amd64 ptest intermittent failure

randy.macleod@...

randy.macleod@...

4.2 M2

4.2 M4

 

14466

python: Should we add this optimization: -fno-semantic-interposition for 1.3x speed improvment?

randy.macleod@...

randy.macleod@...

4.2 M2

4.2 M3

 

14564

AB-INT: udev worker vda timeout

randy.macleod@...

randy.macleod@...

4.2 M2

4.2 M3

 

14572

mozjs doesn't build for armv5

randy.macleod@...

jon.mason@...

4.2 M2

4.2 M3

 

14677

systemd.SystemdServiceTests.test_systemd_disable_enable intermittent failure: no filesystem space on target

randy.macleod@...

randy.macleod@...

4.2 M2

4.2 M3

 

14693

cmake-native do_configure fails when rebuilding without sstate on NIS hosts

randy.macleod@...

randy.macleod@...

4.2 M2

4.2 M3

 

14689

Need to show activity when talking to hash equivalence servers

randy.macleod@...

unassigned@...

4.2 M2

4.2 M3

 

14710

Improve cargo fetcher test cases

randy.macleod@...

randy.macleod@...

4.2 M2

4.2 M4

 

14717

OEToolchainConfig.cmake sets wrong and unsuitable compiler flags

richard.purdie@...

richard.purdie@...

4.2 M2

4.2 M3

 

14745

cve-checker update to support NVD json 5.0 format

randy.macleod@...

rybczynska@...

4.2 M2

4.2 M3

 

14875

reproducibility failures in rust

randy.macleod@...

sundeep.kokkonda@...

4.2 M2

4.2 M3

 

14905

Error in compiling rustfmt does not cause do_compile to fail

randy.macleod@...

Naveen.Gowda@...

4.2 M2

4.2 M3

 

14918

Devtool fails if SRCREV is set to ${AUTOREV}

richard.purdie@...

richard.purdie@...

4.2 M2

4.2 M3

 

14921

devtool failure: No such file or directory: '/tmp/devtoolqambdi_6eh/singletask.lock'

richard.purdie@...

richard.purdie@...

4.2 M2

4.2 M3

 

14938

gitsm fetcher failure when LFS content is present and git smudge fails

randy.macleod@...

Martin.Jansa@...

4.2 M2

4.2 M3

 

14975

Installing cargo on target fails

randy.macleod@...

randy.macleod@...

4.2 M2

4.2 M3

 

14982

Some layers in the layerindex data have breaking subdirectory changes in "master" branch

randy.macleod@...

unassigned@...

4.2 M2

4.2 M3

 

14986

Check libraries linked with qemu

randy.macleod@...

newcomer@...

4.2 M2

4.2 M3

 

14989

layerindex cannot add layers with "main" (not "master") branch

randy.macleod@...

unassigned@...

4.2 M2

4.2 M3

 

14991

When forcing WARN_QA as ERROR_QA patch-fuzz QA checks are not fatal

randy.macleod@...

mathew.prokos@...

4.2 M2

4.2 M3

 

14998

Poky missing update to SANITY_LOCALCONF_SAMPLE

randy.macleod@...

michael.opdenacker@...

4.2 M2

4.2 M3

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 


Enhancements/Bugs closed WW06!

Stephen Jolley
 

All,

The below were the owners of enhancements or bugs closed during the last week!

Who

Count

randy.macleod@...

4

alexandre.belloni@...

1

richard.purdie@...

1

Grand Total

6

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 


Current high bug count owners for Yocto Project 4.2

Stephen Jolley
 

All,

Below is the list as of top 30 bug owners as of the end of WW06 of who have open medium or higher bugs and enhancements against YP 4.2.   There are 52 possible work days left until the final release candidates for YP 4.2 needs to be released.

Who

Count

michael.opdenacker@...

34

randy.macleod@...

27

richard.purdie@...

25

ross.burton@...

23

david.reyna@...

23

bruce.ashfield@...

20

JPEWhacker@...

10

pavel@...

7

sakib.sajal@...

7

saul.wold@...

6

pidge@...

4

tim.orling@...

4

sundeep.kokkonda@...

3

alexandre.belloni@...

2

Naveen.Gowda@...

2

rybczynska@...

2

sgw@...

2

jon.mason@...

2

alexis.lothore@...

2

jens.georg@...

1

mathew.prokos@...

1

sundeep.kokkonda@...

1

mhalstead@...

1

yashinde145@...

1

Zheng.Qiu@...

1

hongxu.jia@...

1

louis.rannou@...

1

tvgamblin@...

1

Martin.Jansa@...

1

thomas.perrot@...

1

Grand Total

216

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 


Yocto Project Newcomer & Unassigned Bugs - Help Needed

Stephen Jolley
 

All,

 

The triage team is starting to try and collect up and classify bugs which a newcomer to the project would be able to work on in a way which means people can find them. They're being listed on the triage page under the appropriate heading:

https://wiki.yoctoproject.org/wiki/Bug_Triage#Newcomer_Bugs  Also please review: https://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded and how to create a bugzilla account at: https://bugzilla.yoctoproject.org/createaccount.cgi

The idea is these bugs should be straight forward for a person to help work on who doesn't have deep experience with the project.  If anyone can help, please take ownership of the bug and send patches!  If anyone needs help/advice there are people on irc who can likely do so, or some of the more experienced contributors will likely be happy to help too.

 

Also, the triage team meets weekly and does its best to handle the bugs reported into the Bugzilla. The number of people attending that meeting has fallen, as have the number of people available to help fix bugs. One of the things we hear users report is they don't know how to help. We (the triage team) are therefore going to start reporting out the currently 411 unassigned or newcomer bugs.

 

We're hoping people may be able to spare some time now and again to help out with these.  Bugs are split into two types, "true bugs" where things don't work as they should and "enhancements" which are features we'd want to add to the system.  There are also roughly four different "priority" classes right now,  “4.2”, “4.3”, "4.99" and "Future", the more pressing/urgent issues being in "4.2" and then “4.3”.

 

Please review this link and if a bug is something you would be able to help with either take ownership of the bug, or send me (sjolley.yp.pm@...) an e-mail with the bug number you would like and I will assign it to you (please make sure you have a Bugzilla account).  The list is at: https://wiki.yoctoproject.org/wiki/Bug_Triage_Archive#Unassigned_or_Newcomer_Bugs

 

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 


Re: Adding backported driver to the kernel #kernel

Daniel
 

Probably you have two packages that provides that Kernel module. Kernel's default one via kernel-module-split BBClass, and yours with your recipe.

Try telling Yocto you have your own runtime provider for that driver. Into the recipe add this as well:

RPROVIDES:${PN} = " kernel-module-cfg80211-${KERNEL_VERSION}"

 


[meta-zephyr][PATCH 1/2] CI: pin to kas 3.2 as 3.2.1 fails

Jon Mason
 

From: Ross Burton <ross.burton@...>

For some reason the kas 3.2.1 container fails:

No such file or directory: '/builds/engineering/yocto/meta-zephyr/ci/ci/b=
ase.yml'

Note the repeated /ci/, which is wrong.

Pin the kas container to 3.2 for now until this is resolved.

Signed-off-by: Ross Burton <ross.burton@...>
Signed-off-by: Jon Mason <jon.mason@...>
---
.gitlab-ci.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 7ec0bd0..c7a9191 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,4 +1,4 @@
-image: ghcr.io/siemens/kas/kas:latest-release
+image: ghcr.io/siemens/kas/kas:3.2
=20
variables:
CPU_REQUEST: ""
--=20
2.25.1


[meta-zephyr][PATCH 2/2] zephyr-bsp/v2m-beetle: add support

Jon Mason
 

Signed-off-by: Jon Mason <jon.mason@...>
---
.gitlab-ci.yml | 3 +++
ci/v2m-beetle.yml | 6 ++++++
meta-zephyr-bsp/conf/machine/v2m-beetle.conf | 12 ++++++++++++
3 files changed, 21 insertions(+)
create mode 100644 ci/v2m-beetle.yml
create mode 100644 meta-zephyr-bsp/conf/machine/v2m-beetle.conf

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index c7a9191..d5462a4 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -161,6 +161,9 @@ qemu-x86:
stm32mp157c-dk2:
extends: .build
=20
+v2m-beetle:
+ extends: .build
+
v2m-musca-b1:
extends: .build
=20
diff --git a/ci/v2m-beetle.yml b/ci/v2m-beetle.yml
new file mode 100644
index 0000000..df62469
--- /dev/null
+++ b/ci/v2m-beetle.yml
@@ -0,0 +1,6 @@
+header:
+ version: 11
+ includes:
+ - ci/base.yml
+
+machine: v2m-beetle
diff --git a/meta-zephyr-bsp/conf/machine/v2m-beetle.conf b/meta-zephyr-b=
sp/conf/machine/v2m-beetle.conf
new file mode 100644
index 0000000..37895c6
--- /dev/null
+++ b/meta-zephyr-bsp/conf/machine/v2m-beetle.conf
@@ -0,0 +1,12 @@
+# Configuration for Beetle development board
+
+#@TYPE: Machine
+#@NAME: Beetle machine
+#@DESCRIPTION: Machine configuration for Beetle
+
+require conf/machine/include/arm/armv7m/tune-cortexm3.inc
+
+# GLIBC will not work with Cortex-M.
+TCLIBC =3D "newlib"
+
+ARCH:beetle =3D "arm"
--=20
2.25.1


Adding backported driver to the kernel #kernel

Adrian
 

Hi,
 
I built cfg80211 driver externally and added it as a recipe to the system:
 
KERNEL_MODULE_AUTOLOAD += "cfg80211"
install -m 755 ${S}/cfg80211.ko ${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/extra
 
In kernel I setup to use cfg80211 as a module.
 
If I copy this manually it's working but if I want build this recipe I received error:
wlan-driver-1.0-r0 do_packagedata: The recipe wlan-driver is trying to install files into a shared area when those files already exist.
 
Ofcourse I have already installed cfg80211 because it selected as a module so kernel create the file:

 
If I disabled cfg80211 from kernel, building is working but I received error during insmod:
 
cfg80211: disagrees about version of symbol wireless_send_event
cfg80211: Unknown symbol wireless_send_event (err -22)

 
Thanks


QA notification for completed autobuilder build (yocto-3.1.23.rc1)

Pokybuild User <pokybuild@...>
 

A build flagged for QA (yocto-3.1.23.rc1) was completed on the autobuilder and is available at:


https://autobuilder.yocto.io/pub/releases/yocto-3.1.23.rc1


Build hash information:

bitbake: c16d364dbf68d2a500fecaf8d6e6d62b11475d9f
meta-agl: ae982d798a979ee5690bee00ca90a2855bab4802
meta-arm: b1fe8443a7a72c65fa0fc3371f607c6671b3a882
meta-aws: 99e30a393f980694bf46284521b137eddd6a753a
meta-gplv2: 60b251c25ba87e946a0ca4cdc8d17b1cb09292ac
meta-intel: 6c202291925bb179d2d08b5bde80192f9b032b88
meta-mingw: 524de686205b5d6736661d4532f5f98fee8589b7
meta-openembedded: e707e9b7cf5c62bff4fee029965a87b22dd4ccba
meta-virtualization: beea119eb529b4a11f266004aee8b548427aea39
oecore: daaee6fcb0d201f041678af433d8e1cd6f924d09
poky: aec83663aadc871354b441eef0a3a41eb3780b13



This is an automated message from the Yocto Project Autobuilder
Git: git://git.yoctoproject.org/yocto-autobuilder2
Email: richard.purdie@...


Re: [meta-security][PATCH] dm-verity-img.bbclass: add squashfs images

Armin Kuster
 

merged.

On 2/8/23 7:06 AM, Maciej Borzęcki wrote:
On Wed, Feb 1, 2023 at 3:17 PM Maciek Borzecki <maciek@...> wrote:

Add squashfs to images supported by verity.

Signed-off-by: Maciek Borzecki <maciek@...>
---
 classes/dm-verity-img.bbclass | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/classes/dm-verity-img.bbclass
b/classes/dm-verity-img.bbclass
index dd447e6..e5946bc 100644
--- a/classes/dm-verity-img.bbclass
+++ b/classes/dm-verity-img.bbclass
@@ -63,7 +63,12 @@ verity_setup() {
     veritysetup
--data-block-size=${DM_VERITY_IMAGE_DATA_BLOCK_SIZE}
--hash-offset=$SIZE format $OUTPUT $OUTPUT | tail -n +2 |
process_verity
 }

-VERITY_TYPES = "ext2.verity ext3.verity ext4.verity btrfs.verity
erofs.verity erofs-lz4.verity erofs-lz4hc.verity"
+VERITY_TYPES = " \
+    ext2.verity ext3.verity ext4.verity \
+    btrfs.verity \
+    erofs.verity erofs-lz4.verity erofs-lz4hc.verity \
+    squashfs.verity squashfs-xz.verity squashfs-lzo.verity
squashfs-lz4.verity squashfs-zst.verity \
+"
 IMAGE_TYPES += "${VERITY_TYPES}"
 CONVERSIONTYPES += "verity"
 CONVERSION_CMD:verity = "verity_setup ${type}"
--
2.39.1

Gentle ping about the patch. Wanted to resubmit this to kirkstone along with a cherry-pick of https://git.yoctoproject.org/meta-security/commit/classes/dm-verity-img.bbclass?id=8ca6bb86e653a332f7cb5b30babc0cd6c58769d0, so I'd be thankful for any feedback.

Cheers,
Maciek


[lirkstone][meta-security][PATCH 2/2] oeqa: meta-tpm shut swtpm down before and after testing

Armin Kuster
 

fixes:
swtpm: Could not open TCP socket: Address already in use

Signed-off-by: Armin Kuster <akuster808@...>
(cherry picked from commit 0768ad76b16a04654488fe2e0e837a97bd7817d9)
[Fixup for kirkstone context]
Signed-off-by: Armin Kuster <akuster808@...>
---
meta-tpm/lib/oeqa/runtime/cases/tpm2.py | 2 ++
1 file changed, 2 insertions(+)

diff --git a/meta-tpm/lib/oeqa/runtime/cases/tpm2.py b/meta-tpm/lib/oeqa/runtime/cases/tpm2.py
index e64d19d..8e90dc9 100644
--- a/meta-tpm/lib/oeqa/runtime/cases/tpm2.py
+++ b/meta-tpm/lib/oeqa/runtime/cases/tpm2.py
@@ -8,10 +8,12 @@ from oeqa.core.decorator.data import skipIfNotFeature
class Tpm2Test(OERuntimeTestCase):
@classmethod
def setUpClass(cls):
+ cls.tc.target.run('swtpm_ioctl -s --tcp :2322')
cls.tc.target.run('mkdir /tmp/myvtpm2')

@classmethod
def tearDownClass(cls):
+ cls.tc.target.run('swtpm_ioctl -s --tcp :2322')
cls.tc.target.run('rm -fr /tmp/myvtpm2')

def check_endlines(self, results, expected_endlines):
--
2.37.3


[lirkstone][meta-security][PATCH 1/2] oeqa/tpm2: fix and cleanup tests

Armin Kuster
 

Signed-off-by: Armin Kuster <akuster808@...>
(cherry picked from commit 5f2ba567ca691192e875ff94d0d746440311e7af)
Signed-off-by: Armin Kuster <akuster808@...>
---
meta-tpm/lib/oeqa/runtime/cases/tpm2.py | 25 ++++++++++++++++---------
1 file changed, 16 insertions(+), 9 deletions(-)

diff --git a/meta-tpm/lib/oeqa/runtime/cases/tpm2.py b/meta-tpm/lib/oeqa/runtime/cases/tpm2.py
index c2c95e7..e64d19d 100644
--- a/meta-tpm/lib/oeqa/runtime/cases/tpm2.py
+++ b/meta-tpm/lib/oeqa/runtime/cases/tpm2.py
@@ -1,11 +1,19 @@
-# Copyright (C) 2019 Armin Kuster <akuster808@...>
+# Copyright (C) 2019 - 2022 Armin Kuster <akuster808@...>
#
from oeqa.runtime.case import OERuntimeTestCase
from oeqa.core.decorator.depends import OETestDepends
from oeqa.runtime.decorator.package import OEHasPackage
-
+from oeqa.core.decorator.data import skipIfNotFeature

class Tpm2Test(OERuntimeTestCase):
+ @classmethod
+ def setUpClass(cls):
+ cls.tc.target.run('mkdir /tmp/myvtpm2')
+
+ @classmethod
+ def tearDownClass(cls):
+ cls.tc.target.run('rm -fr /tmp/myvtpm2')
+
def check_endlines(self, results, expected_endlines):
for line in results.splitlines():
for el in expected_endlines:
@@ -19,20 +27,19 @@ class Tpm2Test(OERuntimeTestCase):
@OEHasPackage(['tpm2-tools'])
@OEHasPackage(['tpm2-abrmd'])
@OEHasPackage(['swtpm'])
+ @skipIfNotFeature('tpm2','Test tpm2_startup requires tpm2 to be in DISTRO_FEATURES')
@OETestDepends(['ssh.SSHTest.test_ssh'])
- def test_tpm2_swtpm_socket(self):
+ def test_tpm2_startup(self):
cmds = [
- 'mkdir /tmp/myvtpm',
- 'swtpm socket --tpmstate dir=/tmp/myvtpm --tpm2 --ctrl type=tcp,port=2322 --server type=tcp,port=2321 --flags not-need-init &',
- 'export TPM2TOOLS_TCTI="swtpm:port=2321"',
- 'tpm2_startup -c'
+ 'swtpm socket -d --tpmstate dir=/tmp/myvtpm2 --tpm2 --ctrl type=tcp,port=2322 --server type=tcp,port=2321 --flags not-need-init',
+ 'tpm2_startup -c -T "swtpm:port=2321"',
]

for cmd in cmds:
status, output = self.target.run(cmd)
self.assertEqual(status, 0, msg='\n'.join([cmd, output]))

- @OETestDepends(['tpm2.Tpm2Test.test_tpm2_swtpm_socket'])
+ @OETestDepends(['tpm2.Tpm2Test.test_tpm2_startup'])
def test_tpm2_pcrread(self):
(status, output) = self.target.run('tpm2_pcrread')
expected_endlines = []
@@ -49,7 +56,7 @@ class Tpm2Test(OERuntimeTestCase):

@OEHasPackage(['p11-kit'])
@OEHasPackage(['tpm2-pkcs11'])
- @OETestDepends(['tpm2.Tpm2Test.test_tpm2_swtpm_socket'])
+ @OETestDepends(['tpm2.Tpm2Test.test_tpm2_pcrread'])
def test_tpm2_pkcs11(self):
(status, output) = self.target.run('p11-kit list-modules -v')
self.assertEqual(status, 0, msg="Modules missing: %s" % output)
--
2.37.3


Re: error when try to use sudo command in recipe

SIMON BABY
 

Hello Adrian,

Thank you for your help. I did not see the tar file created for the specific container under delploy. Do I have to add anything in the .bblayers or local.conf in addition to the default recipe under meta-virtualization?

Regards
Simon


Re: [meta-oe][dunfell]nativesdk-postgresql - causing chown: invalid user: 'postgres:postgres'

Richard Purdie
 

On Thu, 2023-02-09 at 23:16 -0800, alexander.rodatos@... wrote:
I integrated the changes of the commit you posted, however i still
have the same error message coming up. Do i need to make changes in
the recipe to make the  intercept work?
No, it should have changed PATH in the recipe and used these intercept
scripts. The intercept scripts should have changed the user/group to
"root", which would work under pseudo in the SDK context.

You'll probably have to debug it a little bit, I'd check to see if the
intercept scripts are being called, if so, then check the
substitutions. If not, work out what PATH looks like and why they're
not being called.

That patch is how we fixed the issue on master though so it should be
close, I'm surprised it doesn't work.

Cheers,

Richard