Date   

[meson][PATCH] meson: Allow for llvm-native tools to be used

Fred Baksik
 

I created a bbappend to build the LLVM recipe so that all the libraries were available for use on the host.
These libraries are then used by a host/sdk tool to prepare binary files for use by an application on the target.
When building our tool using meson it wasn't able to find the Yocto built LLLVM libraries.
This fixes the issue so meson uses the correct llvm-config tool.

Author: Fred Baksik <fred.baksik@...>
Date:   Tue Dec 24 20:38:47 2019 -0500

    meson: Allow for llvm-native tools to be used
   
    Signed-off-by: Fred Baksik <fred.baksik@...>

diff --git a/meta/classes/meson.bbclass b/meta/classes/meson.bbclass
index e1a13bbbf7..b5cd2ee8c4 100644
--- a/meta/classes/meson.bbclass
+++ b/meta/classes/meson.bbclass
@@ -33,6 +33,7 @@ EXTRA_OEMESON_append = " ${PACKAGECONFIG_CONFARGS}"
 MESON_CROSS_FILE = ""
 MESON_CROSS_FILE_class-target = "--cross-file ${WORKDIR}/meson.cross"
 MESON_CROSS_FILE_class-nativesdk = "--cross-file ${WORKDIR}/meson.cross"
+MESON_CROSS_FILE_class-native = "--native-file ${WORKDIR}/meson.native"
 
 def meson_array(var, d):
     items = d.getVar(var).split()
@@ -110,6 +111,14 @@ endian = '${@meson_endian('TARGET', d)}'
 EOF
 }
 
+do_write_config_class-native() {
+    # This needs to be Py to split the args into single-element lists
+    cat >${WORKDIR}/meson.native <<EOF
+[binaries]
+llvm-config = 'llvm-config${LLVMVERSION}'
+EOF
+}
+
 CONFIGURE_FILES = "meson.build"
 
 meson_do_configure() {


Re: [meta-selinux][PATCH 4/6] selinux-initsh.inc: install selinux-init.sh and selinux-labeldev.sh when using systemd

Yi Zhao
 

On 12/24/19 10:22 PM, Joe MacDonald wrote:
Hi Yi,

I've merged the others in this series, can you elaborate a bit on how
this ensures we don't have a problem coming back that 5fd3c5b71 was
intended to address?

There are 3 recipes require selinux-initsh.inc: selinux-init_0.1.bb, selinux-labeldev_0.1.bb and selinux-autorelabel_0.1.bb. The ${SELINUX_SCRIPT_SRC}.sh will expand to different script name  in each of recipes: selinux-init.sh, selinux-labeldev.sh and selinux-autorelabel.sh. These scripts will be invoked by systemd services. The commit 5fd3c5b71edb99659aeb5cb5903088d84517382e move all installation codes to selinux-autorelabel_0.1.bb which make the selinux-init.sh and selinux-labeldev.sh will be not installed. This patch keeps the touching .autorelabel code in the selinux-autorelabel recipe and move the rest codes back to selinux-initsh.inc.


//Yi



Thanks,
-J.

[[meta-selinux][PATCH 4/6] selinux-initsh.inc: install selinux-init.sh and selinux-labeldev.sh when using systemd] On 19.12.23 (Mon 16:21) Yi Zhao wrote:

The commit 5fd3c5b71edb99659aeb5cb5903088d84517382e introduced an issue
that selinux-init.sh and selinux-labeldev.sh are not installed when
using systemd which will cause the selinux-ini.service and
selinux-labeldev.service fail to startup. Move the do_install codes from
selinux-autorelabel to selinux-initsh.inc to make sure install these
scripts when using systemd.

Signed-off-by: Yi Zhao <yi.zhao@...>
---
recipes-security/selinux/selinux-autorelabel_0.1.bb | 3 ---
recipes-security/selinux/selinux-initsh.inc | 9 +++++++--
2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/recipes-security/selinux/selinux-autorelabel_0.1.bb b/recipes-security/selinux/selinux-autorelabel_0.1.bb
index 7e7d08c..b898c3b 100644
--- a/recipes-security/selinux/selinux-autorelabel_0.1.bb
+++ b/recipes-security/selinux/selinux-autorelabel_0.1.bb
@@ -21,9 +21,6 @@ require selinux-initsh.inc
do_install_append() {
if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
- install -d ${D}${bindir}
- install -m 0755 ${WORKDIR}/${SELINUX_SCRIPT_SRC}.sh ${D}${bindir}
- sed -i -e '/.*HERE$/d' ${D}${bindir}/${SELINUX_SCRIPT_SRC}.sh
echo "# first boot relabelling" > ${D}/.autorelabel
fi
}
diff --git a/recipes-security/selinux/selinux-initsh.inc b/recipes-security/selinux/selinux-initsh.inc
index 6084762..0a6cf4b 100644
--- a/recipes-security/selinux/selinux-initsh.inc
+++ b/recipes-security/selinux/selinux-initsh.inc
@@ -27,8 +27,13 @@ do_install () {
-e '/.*HERE$/d' -e '/.*Contents.*sysvinit/d' \
${D}${sysconfdir}/init.d/${SELINUX_SCRIPT_DST}
- install -d ${D}${systemd_unitdir}/system
- install -m 0644 ${WORKDIR}/${SELINUX_SCRIPT_SRC}.service ${D}${systemd_unitdir}/system
+ if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+ install -d ${D}${systemd_unitdir}/system
+ install -m 0644 ${WORKDIR}/${SELINUX_SCRIPT_SRC}.service ${D}${systemd_unitdir}/system
+ install -d ${D}${bindir}
+ install -m 0755 ${WORKDIR}/${SELINUX_SCRIPT_SRC}.sh ${D}${bindir}
+ sed -i -e '/.*HERE$/d' ${D}${bindir}/${SELINUX_SCRIPT_SRC}.sh
+ fi
}
sysroot_stage_all_append () {
--
2.17.1


[meta-selinux][PATCH 1/2] libselinux-python: add DEPENDS on libpcre and libsepol

Yi Zhao
 

We encountered a libselinux-python compile error when bitbake world
without selinux DISTRO_FEATURES:
In file included from label_file.h:16,
from label_file.c:24:
regex.h:10:10: fatal error: pcre.h: No such file or directory
10 | #include <pcre.h>
| ^~~~~~~~
compilation terminated.

Add missing DEPENDS on libpcre and libsepol.

Signed-off-by: Yi Zhao <yi.zhao@...>
---
recipes-security/selinux/libselinux-python.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-security/selinux/libselinux-python.inc b/recipes-security/selinux/libselinux-python.inc
index 24407e8..9f10e15 100644
--- a/recipes-security/selinux/libselinux-python.inc
+++ b/recipes-security/selinux/libselinux-python.inc
@@ -9,7 +9,7 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/libselinux:"

inherit python3-dir

-DEPENDS += "python3 swig-native"
+DEPENDS += "python3 swig-native libpcre libsepol"
RDEPENDS_${PN} += "libselinux python3-core python3-shell"

def get_policyconfigarch(d):
--
2.17.1


[meta-selinux][PATCH 2/2] setools: add DEPENDS on libselinux

Yi Zhao
 

We encountered a setools compile error when bitbake world without
selinux DISTRO_FEATURES:

setools/policyrep.c:666:10: fatal error: selinux/selinux.h: No such file or directory
666 | #include <selinux/selinux.h>
| ^~~~~~~~~~~~~~~~~~~
compilation terminated.

Add missing DEPENDS on libselinux.

Signed-off-by: Yi Zhao <yi.zhao@...>
---
recipes-security/setools/setools_4.2.2.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-security/setools/setools_4.2.2.bb b/recipes-security/setools/setools_4.2.2.bb
index 6e5a950..3d89700 100644
--- a/recipes-security/setools/setools_4.2.2.bb
+++ b/recipes-security/setools/setools_4.2.2.bb
@@ -19,7 +19,7 @@ LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=83a5eb6974c11f30785e90d0eeccf40c \
file://${S}/COPYING.GPL;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
file://${S}/COPYING.LGPL;md5=4fbd65380cdd255951079008b364516c"

-DEPENDS += "bison-native flex-native swig-native python3 python3-cython-native libsepol"
+DEPENDS += "bison-native flex-native swig-native python3 python3-cython-native libsepol libselinux"

RDEPENDS_${PN} += "python3-networkx python3-decorator python3-setuptools \
python3-logging python3-json libselinux-python"
--
2.17.1


Re: building vlc

Khem Raj
 



On Tue, Dec 24, 2019 at 4:31 AM Sheraz Ali <sheraz.ali@...> wrote:

Hi,

    I am trying to build vlc,

I have added vlc to rootfs by adding following line in conf/local.conf

IMAGE_INSTALL_append = " vlc "

CORE_IMAGE_EXTRA_INSTALL +="vlc"

In both the cases i was getting the following error when i was try to start the vlc player

root@iWave-G15:~# vlc -vvv
VLC media player 2.2.2 Weatherwax (revision 2.2.2-0-g6259d80)
[001450d0] core libvlc debug: VLC media player - 2.2.2 Weatherwax
[001450d0] core libvlc debug: Copyright �© 1996-2016 the VideoLAN team
[001450d0] core libvlc debug: revision 2.2.2-0-g6259d80
[001450d0] core libvlc debug: configured with ../vlc-2.2.2/configure '--build=x86_64-linux' '--host=arm-poky-linux-gnueabi' '--target=arm-poky-linux-gnueabi' '--prefix=/usr' '
[001450d0] core libvlc debug: searching plug-in modules
[001450d0] core libvlc debug: loading plugins cache file /usr/lib/vlc/plugins/plugins.dat
[001450d0] core libvlc warning: cannot read /usr/lib/vlc/plugins/plugins.dat: No such file or directory
[001450d0] core libvlc debug: recursively browsing `/usr/lib/vlc/plugins'
Segmentation fault


Perhaps you should connect gdb to it and see if you can get stacktrace at this segfault

Am i missing any steps?

-- 
Thanks and Regards
Sheraz Ali Shah
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
You automatically follow any topics you start or reply to.

View/Reply Online (#47815): https://lists.yoctoproject.org/g/yocto/message/47815
Mute This Topic: https://lists.yoctoproject.org/mt/69248290/1997914
Group Owner: yocto+owner@...
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub  [raj.khem@...]
-=-=-=-=-=-=-=-=-=-=-=-


Re: [meta-selinux][PATCH 4/6] selinux-initsh.inc: install selinux-init.sh and selinux-labeldev.sh when using systemd

Joe MacDonald
 

Hi Yi,

I've merged the others in this series, can you elaborate a bit on how
this ensures we don't have a problem coming back that 5fd3c5b71 was
intended to address?

Thanks,
-J.

[[meta-selinux][PATCH 4/6] selinux-initsh.inc: install selinux-init.sh and selinux-labeldev.sh when using systemd] On 19.12.23 (Mon 16:21) Yi Zhao wrote:

The commit 5fd3c5b71edb99659aeb5cb5903088d84517382e introduced an issue
that selinux-init.sh and selinux-labeldev.sh are not installed when
using systemd which will cause the selinux-ini.service and
selinux-labeldev.service fail to startup. Move the do_install codes from
selinux-autorelabel to selinux-initsh.inc to make sure install these
scripts when using systemd.

Signed-off-by: Yi Zhao <yi.zhao@...>
---
recipes-security/selinux/selinux-autorelabel_0.1.bb | 3 ---
recipes-security/selinux/selinux-initsh.inc | 9 +++++++--
2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/recipes-security/selinux/selinux-autorelabel_0.1.bb b/recipes-security/selinux/selinux-autorelabel_0.1.bb
index 7e7d08c..b898c3b 100644
--- a/recipes-security/selinux/selinux-autorelabel_0.1.bb
+++ b/recipes-security/selinux/selinux-autorelabel_0.1.bb
@@ -21,9 +21,6 @@ require selinux-initsh.inc

do_install_append() {
if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
- install -d ${D}${bindir}
- install -m 0755 ${WORKDIR}/${SELINUX_SCRIPT_SRC}.sh ${D}${bindir}
- sed -i -e '/.*HERE$/d' ${D}${bindir}/${SELINUX_SCRIPT_SRC}.sh
echo "# first boot relabelling" > ${D}/.autorelabel
fi
}
diff --git a/recipes-security/selinux/selinux-initsh.inc b/recipes-security/selinux/selinux-initsh.inc
index 6084762..0a6cf4b 100644
--- a/recipes-security/selinux/selinux-initsh.inc
+++ b/recipes-security/selinux/selinux-initsh.inc
@@ -27,8 +27,13 @@ do_install () {
-e '/.*HERE$/d' -e '/.*Contents.*sysvinit/d' \
${D}${sysconfdir}/init.d/${SELINUX_SCRIPT_DST}

- install -d ${D}${systemd_unitdir}/system
- install -m 0644 ${WORKDIR}/${SELINUX_SCRIPT_SRC}.service ${D}${systemd_unitdir}/system
+ if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+ install -d ${D}${systemd_unitdir}/system
+ install -m 0644 ${WORKDIR}/${SELINUX_SCRIPT_SRC}.service ${D}${systemd_unitdir}/system
+ install -d ${D}${bindir}
+ install -m 0755 ${WORKDIR}/${SELINUX_SCRIPT_SRC}.sh ${D}${bindir}
+ sed -i -e '/.*HERE$/d' ${D}${bindir}/${SELINUX_SCRIPT_SRC}.sh
+ fi
}

sysroot_stage_all_append () {
--
2.17.1
--
-Joe MacDonald.
:wq


building vlc

Sheraz Ali <sheraz.ali@...>
 

Hi,

    I am trying to build vlc,

I have added vlc to rootfs by adding following line in conf/local.conf

IMAGE_INSTALL_append = " vlc "

CORE_IMAGE_EXTRA_INSTALL +="vlc"

In both the cases i was getting the following error when i was try to start the vlc player

root@iWave-G15:~# vlc -vvv
VLC media player 2.2.2 Weatherwax (revision 2.2.2-0-g6259d80)
[001450d0] core libvlc debug: VLC media player - 2.2.2 Weatherwax
[001450d0] core libvlc debug: Copyright �© 1996-2016 the VideoLAN team
[001450d0] core libvlc debug: revision 2.2.2-0-g6259d80
[001450d0] core libvlc debug: configured with ../vlc-2.2.2/configure '--build=x86_64-linux' '--host=arm-poky-linux-gnueabi' '--target=arm-poky-linux-gnueabi' '--prefix=/usr' '
[001450d0] core libvlc debug: searching plug-in modules
[001450d0] core libvlc debug: loading plugins cache file /usr/lib/vlc/plugins/plugins.dat
[001450d0] core libvlc warning: cannot read /usr/lib/vlc/plugins/plugins.dat: No such file or directory
[001450d0] core libvlc debug: recursively browsing `/usr/lib/vlc/plugins'
Segmentation fault

Am i missing any steps?

-- 
Thanks and Regards
Sheraz Ali Shah


Re: Raspberry pi 4 recipe and layer issues.

Josef Holzmayr <holzmayr@...>
 

Howdy.

On Mon, Dec 23, 2019 at 09:11:07PM +0000, Ed Vidal wrote:
The Makefile executes several lines, which set variables ARACHNE_VER, GIT_REV, and VER_HASH.   These are used in the rule which creates a file src/version_$(VER_HASH).cc.The line below appears to be the one that causes the error.VER_HASH = $(shell echo "$(ARACHNE_VER) $(GIT_REV)" | sum | cut -d ' ' -f -1)
src/version_$(VER_HASH).cc: echo "const char *version_str = \"arachne-pnr $(ARACHNE_VER) (git sha1 $(GIT_REV), $(notdir $(CXX)) `$(CXX) --version | tr ' ()' '\n' | grep '^[0-9]' | head -n1` $(filter -f% -m% -O% -DNDEBUG,$(CXXFLAGS)))\";" > src/version_$(VER_HASH).cc
bin/arachne-pnr$(EXE): src/arachne-pnr.o src/netlist.o src/blif.o src/pack.o src/place.o src/util.o src/io.o src/route.o src/chipdb.o src/location.o src/configuration.o src/line_parser.o src/pcf.o src/global.o src/constant.o src/designstate.o src/version_$(VER_HASH).o $(CXX) $(CXXFLAGS) $(LDFLAGS) -o $@ $^ $(LIBS)
These variables are based on git revision.   So I can not hard code them.This is the error that I get.
/bin/sh: 1: sum: not found
If a Makefile does such _stupid_ things, then better patch it. An
example of patching something like this is

https://git.yoctoproject.org/cgit/cgit.cgi/poky/tree/meta/recipes-core/util-linux/util-linux/configure-sbindir.patch

which targets configure.ac, but hey, little difference to a Makefile.

Greetz
--
———————————————
Josef Holzmayr
Software Developer Embedded Systems

Tel: +49 8444 9204-48
Fax: +49 8444 9204-50

R-S-I Elektrotechnik GmbH & Co. KG
Woelkestrasse 11
D-85301 Schweitenkirchen
www.rsi-elektrotechnik.de
———————————————
Amtsgericht Ingolstadt – GmbH: HRB 191328 – KG: HRA 170393
Geschäftsführer: Dr.-Ing. Michael Sorg, Dipl.-Ing. Franz Sorg
Ust-IdNr: DE 128592548

_____________________________________________________________
Amtsgericht Ingolstadt - GmbH: HRB 191328 - KG: HRA 170363
Geschäftsführer: Dr.-Ing. Michael Sorg, Dipl.-Ing. Franz Sorg
USt-IdNr.: DE 128592548


Re: Raspberry pi 4 recipe and layer issues.

Ed Vidal
 

Hi 


The Makefile executes several lines, which set variables ARACHNE_VER, GIT_REV, and VER_HASH.   These are used in the rule which creates a file src/version_$(VER_HASH).cc.
The line below appears to be the one that causes the error.
VER_HASH = $(shell echo "$(ARACHNE_VER) $(GIT_REV)" | sum | cut -d ' ' -f -1)

src/version_$(VER_HASH).cc:
echo "const char *version_str = \"arachne-pnr $(ARACHNE_VER) (git sha1 $(GIT_REV), $(notdir $(CXX)) `$(CXX) --version | tr ' ()' '\n' | grep '^[0-9]' | head -n1` $(filter -f% -m% -O% -DNDEBUG,$(CXXFLAGS)))\";" > src/version_$(VER_HASH).cc

bin/arachne-pnr$(EXE): src/arachne-pnr.o src/netlist.o src/blif.o src/pack.o src/place.o src/util.o src/io.o src/route.o src/chipdb.o src/location.o src/configuration.o src/line_parser.o src/pcf.o src/global.o src/constant.o src/designstate.o src/version_$(VER_HASH).o
$(CXX) $(CXXFLAGS) $(LDFLAGS) -o $@ $^ $(LIBS)

These variables are based on git revision.   So I can not hard code them.
This is the error that I get.

/bin/sh: 1: sum: not found

I have tried adding busybox & coreutils to DEPENDS 
Thanks 
Best Regards,

Edward Vidal Jr. e-mail develone@... 915-595-1613


Yocto Project Newcomer & Unassigned Bugs - Help Needed

Stephen Jolley
 

All,

 

The triage team is starting to try and collect up and classify bugs which a newcomer to the project would be able to work on in a way which means people can find them. They're being listed on the triage page under the appropriate heading:

 

https://wiki.yoctoproject.org/wiki/Bug_Triage#Newcomer_Bugs

 

The idea is these bugs should be straight forward for a person to help work on who doesn't have deep experience with the project.  If anyone can help, please take ownership of the bug and send patches!  If anyone needs help/advice there are people on irc who can likely do so, or some of the more experienced contributors will likely be happy to help too.

 

Also, the triage team meets weekly and does its best to handle the bugs reported into the Bugzilla. The number of people attending that meeting has fallen, as have the number of people available to help fix bugs. One of the things we hear users report is they don't know how to help. We (the triage team) are therefore going to start reporting out the currently 301 unassigned or newcomer bugs.

 

We're hoping people may be able to spare some time now and again to help out with these.  Bugs are split into two types, "true bugs" where things don't work as they should and "enhancements" which are features we'd want to add to the system.  There are also roughly four different "priority" classes right now, “3.1”, “3.2, "3.99" and "Future", the more pressing/urgent issues being in "3.1" and then “3.2”.

 

Please review this link and if a bug is something you would be able to help with either take ownership of the bug, or send me (sjolley.yp.pm@...) an e-mail with the bug number you would like and I will assign it to you (please make sure you have a Bugzilla account).  The list is at: https://wiki.yoctoproject.org/wiki/Bug_Triage#Unassigned_or_Newcomer_Bugs

 

Thanks,

 

Stephen K. Jolley

Yocto Project Project Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 


Re: [meta-security][PATCH] meta-integrity/../systemd: fix pollution issue

Armin Kuster
 



On 12/23/19 10:18 AM, Anders Montonen wrote:
Hi,

These look like typos:

thanks.

will fix and send v2

- armin

On 23 Dec 2019, at 19:18, Armpit <akuster808@...> wrote:
only include changes of systemd is enabled.
of -> if

Signed-off-by: Armin Kuster <akuster808@...>
---
meta-integrity/recipes-core/systemd/systemd_%.bbappend | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/meta-integrity/recipes-core/systemd/systemd_%.bbappend b/meta-integrity/recipes-core/systemd/systemd_%.bbappend
index 3b45541..f33e563 100644
--- a/meta-integrity/recipes-core/systemd/systemd_%.bbappend
+++ b/meta-integrity/recipes-core/systemd/systemd_%.bbappend
@@ -1,11 +1,11 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+FILESEXTRAPATHS_prepend_ima := "${THISDIR}/files:"

-SRC_URI += " \
+SRC_URI_iam += “ \
iam -> ima

    file://machine-id-commit-sync.conf \
    file://random-seed-sync.conf \
"

-do_install_append () {
+do_install_append_iam () {
iam -> ima

    for i in machine-id-commit random-seed; do
        install -d ${D}/${systemd_system_unitdir}/systemd-$i.service.d
        install -m 0644 ${WORKDIR}/$i-sync.conf ${D}/${systemd_system_unitdir}/systemd-$i.service.d
-- 
2.17.1
Regards,
Anders

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#47810): https://lists.yoctoproject.org/g/yocto/message/47810
Mute This Topic: https://lists.yoctoproject.org/mt/69235591/1024635
Group Owner: yocto+owner@...
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub  [akuster@...]
-=-=-=-=-=-=-=-=-=-=-=-


Re: [meta-security][PATCH] meta-integrity/../systemd: fix pollution issue

Anders Montonen
 

Hi,

These look like typos:

On 23 Dec 2019, at 19:18, Armpit <akuster808@...> wrote:

only include changes of systemd is enabled.
of -> if


Signed-off-by: Armin Kuster <akuster808@...>
---
meta-integrity/recipes-core/systemd/systemd_%.bbappend | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/meta-integrity/recipes-core/systemd/systemd_%.bbappend b/meta-integrity/recipes-core/systemd/systemd_%.bbappend
index 3b45541..f33e563 100644
--- a/meta-integrity/recipes-core/systemd/systemd_%.bbappend
+++ b/meta-integrity/recipes-core/systemd/systemd_%.bbappend
@@ -1,11 +1,11 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+FILESEXTRAPATHS_prepend_ima := "${THISDIR}/files:"

-SRC_URI += " \
+SRC_URI_iam += “ \
iam -> ima

file://machine-id-commit-sync.conf \
file://random-seed-sync.conf \
"

-do_install_append () {
+do_install_append_iam () {
iam -> ima

for i in machine-id-commit random-seed; do
install -d ${D}/${systemd_system_unitdir}/systemd-$i.service.d
install -m 0644 ${WORKDIR}/$i-sync.conf ${D}/${systemd_system_unitdir}/systemd-$i.service.d
--
2.17.1
Regards,
Anders


[meta-security][PATCH] meta-integrity/../systemd: fix pollution issue

Armin Kuster
 

only include changes of systemd is enabled.

Signed-off-by: Armin Kuster <akuster808@...>
---
meta-integrity/recipes-core/systemd/systemd_%.bbappend | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/meta-integrity/recipes-core/systemd/systemd_%.bbappend b/meta-integrity/recipes-core/systemd/systemd_%.bbappend
index 3b45541..f33e563 100644
--- a/meta-integrity/recipes-core/systemd/systemd_%.bbappend
+++ b/meta-integrity/recipes-core/systemd/systemd_%.bbappend
@@ -1,11 +1,11 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+FILESEXTRAPATHS_prepend_ima := "${THISDIR}/files:"

-SRC_URI += " \
+SRC_URI_iam += " \
file://machine-id-commit-sync.conf \
file://random-seed-sync.conf \
"

-do_install_append () {
+do_install_append_iam () {
for i in machine-id-commit random-seed; do
install -d ${D}/${systemd_system_unitdir}/systemd-$i.service.d
install -m 0644 ${WORKDIR}/$i-sync.conf ${D}/${systemd_system_unitdir}/systemd-$i.service.d
--
2.17.1


Re: installing and rolling back packages in yocto at runtime

Ross Burton <ross.burton@...>
 

On 23/12/2019 14:38, learning yocto wrote:
Is it possible to ftp the image to the board and then do something
like dpkg -i, this would help in deinstall as well?
Yes. By default rpm/smart is used, but you can use apt/dpkg or opkg if you prefer.

You can either copy packages onto the target and use the tool to install directly (dpkg -i for example), or use a HTTP daemon to share your tmp/deploy/deb folder and set PACKAGE_FEED_URIS to configure the feed in your images.

Ross


installing and rolling back packages in yocto at runtime

learning yocto
 

Hi List,

This must be a trivial thing, since am a newbie and couldnt find
googling the same in the archive, please pardon my ignorance.

I have created a thin rootfs using yocto which works well on my board.
Suppose now I have to add a package, I can add using
IMAGE_INSTALL_append but that would create a new image.
I dont want to upload a complete image, it seems like an overkill.

Is it possible to ftp the image to the board and then do something
like dpkg -i, this would help in deinstall as well?

thanks


Setting DEBUG_BUILD in local.conf

Fred Baksik
 

Why does setting something like 'PREFERRED_VERSION_u-boot-imx = "2013-04"' in local.conf work to pick the correct version of a recipe,
but setting 'DEBUG_BUILD_kmscube' doesn't enable DEBUG_BUILD in the kmscube recipe? I can't find any examples other than creating a bbappend for the recipe itself.


[meta-selinux][PATCH 4/6] selinux-initsh.inc: install selinux-init.sh and selinux-labeldev.sh when using systemd

Yi Zhao
 

The commit 5fd3c5b71edb99659aeb5cb5903088d84517382e introduced an issue
that selinux-init.sh and selinux-labeldev.sh are not installed when
using systemd which will cause the selinux-ini.service and
selinux-labeldev.service fail to startup. Move the do_install codes from
selinux-autorelabel to selinux-initsh.inc to make sure install these
scripts when using systemd.

Signed-off-by: Yi Zhao <yi.zhao@...>
---
recipes-security/selinux/selinux-autorelabel_0.1.bb | 3 ---
recipes-security/selinux/selinux-initsh.inc | 9 +++++++--
2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/recipes-security/selinux/selinux-autorelabel_0.1.bb b/recipes-security/selinux/selinux-autorelabel_0.1.bb
index 7e7d08c..b898c3b 100644
--- a/recipes-security/selinux/selinux-autorelabel_0.1.bb
+++ b/recipes-security/selinux/selinux-autorelabel_0.1.bb
@@ -21,9 +21,6 @@ require selinux-initsh.inc

do_install_append() {
if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
- install -d ${D}${bindir}
- install -m 0755 ${WORKDIR}/${SELINUX_SCRIPT_SRC}.sh ${D}${bindir}
- sed -i -e '/.*HERE$/d' ${D}${bindir}/${SELINUX_SCRIPT_SRC}.sh
echo "# first boot relabelling" > ${D}/.autorelabel
fi
}
diff --git a/recipes-security/selinux/selinux-initsh.inc b/recipes-security/selinux/selinux-initsh.inc
index 6084762..0a6cf4b 100644
--- a/recipes-security/selinux/selinux-initsh.inc
+++ b/recipes-security/selinux/selinux-initsh.inc
@@ -27,8 +27,13 @@ do_install () {
-e '/.*HERE$/d' -e '/.*Contents.*sysvinit/d' \
${D}${sysconfdir}/init.d/${SELINUX_SCRIPT_DST}

- install -d ${D}${systemd_unitdir}/system
- install -m 0644 ${WORKDIR}/${SELINUX_SCRIPT_SRC}.service ${D}${systemd_unitdir}/system
+ if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+ install -d ${D}${systemd_unitdir}/system
+ install -m 0644 ${WORKDIR}/${SELINUX_SCRIPT_SRC}.service ${D}${systemd_unitdir}/system
+ install -d ${D}${bindir}
+ install -m 0755 ${WORKDIR}/${SELINUX_SCRIPT_SRC}.sh ${D}${bindir}
+ sed -i -e '/.*HERE$/d' ${D}${bindir}/${SELINUX_SCRIPT_SRC}.sh
+ fi
}

sysroot_stage_all_append () {
--
2.17.1


[meta-selinux][PATCH 3/6] libsemanage: fix race issue in parallel build

Yi Zhao
 

The install-pywarp target doesn't depend on swigify target because the
semanage.py is not generated by swigify target but pywrap target.
Here is the dependency chain:
install-pywrap -> pywrap -> $(SWIGSO) -> $(SWIGLOBJ) -> $(SWIGCOUT)
-> semanage.py

But in the recipe, the swigify target is added explicitly in do_install:
do_install_append() {
oe_runmake install-pywrap swigify \
[snip]
}

This target will regenerate the semanage.py when do_install. So there
will be a potential race issue in parallel build. The install-pywrap
target is trying to install semanage.py when swigify target is
generating the file. Then an empty semanage.py will be installed. Remove
the target swigify to fix this issue.

Signed-off-by: Yi Zhao <yi.zhao@...>
---
recipes-security/selinux/libsemanage.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-security/selinux/libsemanage.inc b/recipes-security/selinux/libsemanage.inc
index 9dc1095..81a3eda 100644
--- a/recipes-security/selinux/libsemanage.inc
+++ b/recipes-security/selinux/libsemanage.inc
@@ -32,7 +32,7 @@ do_compile_append() {
}

do_install_append() {
- oe_runmake install-pywrap swigify \
+ oe_runmake install-pywrap \
PYCEXT='.so' \
PYLIBVER='python${PYTHON_BASEVERSION}${PYTHON_ABI}' \
PYTHONLIBDIR='${D}${libdir}/python${PYTHON_BASEVERSION}/site-packages'
--
2.17.1


[meta-selinux][PATCH 6/6] refpolicy: switch to python3

Yi Zhao
 

* Switch to python3
* Update policy-version to 31 to match selinux 2.9

Signed-off-by: Yi Zhao <yi.zhao@...>
---
recipes-security/refpolicy/refpolicy_common.inc | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc
index 2d9ace5..2083a37 100644
--- a/recipes-security/refpolicy/refpolicy_common.inc
+++ b/recipes-security/refpolicy/refpolicy_common.inc
@@ -72,12 +72,12 @@ EXTRANATIVEPATH += "bzip2-native"
DEPENDS += "bzip2-replacement-native checkpolicy-native policycoreutils-native semodule-utils-native m4-native"

RDEPENDS_${PN}-dev =+ " \
- python \
+ python3-core \
"

PACKAGE_ARCH = "${MACHINE_ARCH}"

-inherit pythonnative
+inherit python3native

PARALLEL_MAKE = ""

@@ -181,7 +181,7 @@ path = ${STAGING_DIR_NATIVE}${sbindir_native}/sefcontext_compile
args = \$@
[end]

-policy-version = 30
+policy-version = 31
EOF

# Create policy store and build the policy
--
2.17.1


[meta-selinux][PATCH 5/6] refpolicy: add UPSTREAM_CHECK_GITTAGREGEX

Yi Zhao
 

Add UPSTREAM_CHECK_GITTAGREGEX to make devtool check-upgrade-status
works.

Signed-off-by: Yi Zhao <yi.zhao@...>
---
recipes-security/refpolicy/refpolicy_2.20190201.inc | 2 ++
recipes-security/refpolicy/refpolicy_git.inc | 2 ++
2 files changed, 4 insertions(+)

diff --git a/recipes-security/refpolicy/refpolicy_2.20190201.inc b/recipes-security/refpolicy/refpolicy_2.20190201.inc
index 78c6e74..4030b36 100644
--- a/recipes-security/refpolicy/refpolicy_2.20190201.inc
+++ b/recipes-security/refpolicy/refpolicy_2.20190201.inc
@@ -2,6 +2,8 @@ SRC_URI = "https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE
SRC_URI[md5sum] = "babb0d5ca2ae333631d25392b2b3ce8d"
SRC_URI[sha256sum] = "ed620dc91c4e09eee6271b373f7c61a364a82ea57bd2dc86ca1f7075304e2843"

+UPSTREAM_CHECK_GITTAGREGEX = "RELEASE_(?P<pver>\d+_\d+)"
+
FILESEXTRAPATHS_prepend := "${THISDIR}/refpolicy-2.20190201:"

include refpolicy_common.inc
diff --git a/recipes-security/refpolicy/refpolicy_git.inc b/recipes-security/refpolicy/refpolicy_git.inc
index 8aeaf27..8de07c0 100644
--- a/recipes-security/refpolicy/refpolicy_git.inc
+++ b/recipes-security/refpolicy/refpolicy_git.inc
@@ -4,6 +4,8 @@ SRC_URI = "git://github.com/SELinuxProject/refpolicy.git;protocol=git;branch=mas

SRCREV_refpolicy ?= "df696a325404b84c2c931c85356510005e5e6916"

+UPSTREAM_CHECK_GITTAGREGEX = "RELEASE_(?P<pver>\d+_\d+)"
+
FILESEXTRAPATHS_prepend := "${THISDIR}/refpolicy-git:"

include refpolicy_common.inc
--
2.17.1

9921 - 9940 of 57740