Date   

Re: Additional hardening options

Richard Purdie
 

On Wed, 2022-01-26 at 14:39 +1300, Paul Eggleton wrote:
Hi folks

I've been looking into a couple of compiler flags for hardening that I think we
might want to consider enabling by default in security-flags.inc:


1) -fstack-clash-protection

This option was introduced to gcc 8.x and provides protection against the
stack clash vulnerability:

https://securingsoftware.blogspot.com/2017/12/stack-clash-vulnerability.html

It has been enabled in some Linux distributions already (e.g. Ubuntu, Fedora).


2) -z noexecstack (or alternative mitigations)

gcc will enable an executable stack under a few different circumstances - see
here for details

https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart

I've written a check that we could add to insane.bbclass that warns/errors on
binaries with an executable stack. Does this seem reasonable to have?
The other possibility is we add -Wl,-z,noexecstack to LDFLAGS and then see
what breaks, but unfortunately issues are likely only going to show up when
the program crashes at runtime, and also it will stop the aforementioned check
from working.


Any opinions?
These seem like reasonable things to do, are there any downsides to them?

I'd be happy to test some patches, see if they do cause issues...

Cheers,

Richard


M+ & H bugs with Milestone Movements WW05

Stephen Jolley
 

All,

YP M+ or high bugs which moved to a new milestone in WW05 are listed below:

Priority

Bug ID

Short Description

Changer

Owner

Was

Became

Medium+

12368

persistent bitbake server does not re-parse if previous build was ctrl+C'd

richard.purdie@...

richard.purdie@...

3.5 M2

3.5 M3

 

12723

mysql requires unicode and char length filtering

david.reyna@...

david.reyna@...

3.5 M2

3.5 M3

 

13103

[Bug][QA 2.7 M1 rc1][Toaster] "Recipes" tableá and á"machines" table are not getting populated after clickingáon imported layer as well as after clicking Machines Tab on project page

david.reyna@...

david.reyna@...

3.5 M2

3.5 M3

 

13123

package.PackageTests.test_gdb_hardlink_debug failed

randy.macleod@...

randy.macleod@...

3.5 M2

3.5 M3

 

13278

If git protocol doesn't work, you get a tar.gz clone from PREMIRROR which has git protocol origin

richard.purdie@...

richard.purdie@...

3.5 M2

3.5 M3

 

13424

devupstream doesn't work with mutilib

richard.purdie@...

richard.purdie@...

3.5 M2

3.5 M3

 

13599

Enhancement: Detect variables that shouldn't be defined in image scope, but in global (distro) scope

richard.purdie@...

richard.purdie@...

3.5 M2

3.5 M3

 

13888

Toaster is not starting for Django-3

david.reyna@...

david.reyna@...

3.5 M2

3.5 M3

 

13908

segfault in mb-wm on qemux86-64 intermittently

randy.macleod@...

ross@...

3.5 M2

3.5 M3

 

14085

Toaster UI should know when bitbake crashed

david.reyna@...

david.reyna@...

3.5 M2

3.5 M3

 

14156

fetch/gitsm: submodules are fetched as mirrored and not working as expected

richard.purdie@...

richard.purdie@...

3.5 M2

3.5 M3

 

14163

AB-INT PTEST ARM: libevent arm ptest intermittent failure

randy.macleod@...

ross@...

3.5 M2

3.5 M3

 

14165

AB-INT PTEST: strace ptest intermittent failure in qual_fault-syscall.test

randy.macleod@...

randy.macleod@...

3.5 M2

3.5 M3

 

14311

AB-INT PTEST: valgrind drd/tests ptest intermittent failure

randy.macleod@...

yf3yu@...

3.5 M2

3.5 M3

 

14381

AB-INT PTEST ARM: openssl ptest intermittent failure

randy.macleod@...

ross@...

3.5 M2

3.5 M3

 

14385

mode of sstate files created under pseudo

richard.purdie@...

richard.purdie@...

3.5 M2

3.5 M3

 

14388

AB-INT PTEST: valgrind failed  helgrind/tests/hg05_race2

randy.macleod@...

randy.macleod@...

3.5 M2

3.5 M3

 

14486

qemu rootfs copy is taking too much time

randy.macleod@...

randy.macleod@...

3.5 M2

3.5 M3

 

14522

qemuppc doesn't shutdown within timeout (serial console issues)

randy.macleod@...

sakib.sajal@...

3.5 M2

3.5 M3

 

14560

AB-INT PTEST ARM: tcl timer.test failure

randy.macleod@...

ross@...

3.5 M2

3.5 M4

 

14556

Running dates tests in systemd images causes loss of networking

randy.macleod@...

ross@...

3.5 M2

3.5 M4

 

14564

parselogs.ParseLogsTest.test_parselogs udev failure

randy.macleod@...

trevor.gamblin@...

3.5 M2

3.5 M3

 

14596

AB-INT PTEST ARM: strace ptest intermittent failure in strace-T.test

randy.macleod@...

ross@...

3.5 M2

3.5 M3

 

14611

qemuarm64 testimage Target didn't reach login banner

randy.macleod@...

randy.macleod@...

3.5 M2

3.5 M4

 

14620

QA error not seen when reusing SSTATE

richard.purdie@...

richard.purdie@...

3.5 M2

3.5 M3

 

14655

AB-INT: SDK preparation failure: SState: cannot test file://[...]

randy.macleod@...

mhalstead@...

3.5 M2

3.5 M3

 

14656

a wine server seems to be running, but I cannot connect to itcore-image-mingw-sdktest do_testsdk failure:

randy.macleod@...

JPEWhacker@...

3.5 M2

3.5 M4

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 


Enhancements/Bugs closed WW05!

Stephen Jolley
 

All,

 

The below were the owners of enhancements or bugs closed during the last week!

Who

Count

mhalstead@...

1

trevor.gamblin@...

1

randy.macleod@...

1

richard.purdie@...

1

Grand Total

4

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 


Current high bug count owners for Yocto Project 3.5

Stephen Jolley
 

All,

 

Below is the list as of top 44 bug owners as of the end of WW05 of who have open medium or higher bugs and enhancements against YP 3.5.   There are 62 possible work days left until the final release candidates for YP 3.5 needs to be released.

Who

Count

ross@...

38

michael.opdenacker@...

35

randy.macleod@...

25

david.reyna@...

22

bruce.ashfield@...

17

sakib.sajal@...

13

tim.orling@...

13

trevor.gamblin@...

12

richard.purdie@...

10

mhalstead@...

9

kai.kang@...

7

bluelightning@...

6

saul.wold@...

6

JPEWhacker@...

4

hongxu.jia@...

4

chee.yang.lee@...

4

Qi.Chen@...

3

jon.mason@...

3

alejandro@...

3

kiran.surendran@...

2

alexandre.belloni@...

2

pokylinux@...

2

raj.khem@...

2

mshah@...

2

pgowda.cve@...

2

shachar@...

1

yf3yu@...

1

open.source@...

1

mark.hatle@...

1

nicolas.dechesne@...

1

yoctoproject@...

1

john.kaldas.enpj@...

1

jay.shen.teoh@...

1

kexin.hao@...

1

akuster808@...

1

thomas.perrot@...

1

Martin.Jansa@...

1

liezhi.yang@...

1

aehs29@...

1

TicoTimo@...

1

matthewzmd@...

1

mingli.yu@...

1

yi.zhao@...

1

mostthingsweb@...

1

Grand Total

265

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 


Yocto Project Newcomer & Unassigned Bugs - Help Needed

Stephen Jolley
 

All,

 

The triage team is starting to try and collect up and classify bugs which a newcomer to the project would be able to work on in a way which means people can find them. They're being listed on the triage page under the appropriate heading:

https://wiki.yoctoproject.org/wiki/Bug_Triage#Newcomer_Bugs  Also please review: https://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded and how to create a bugzilla account at: https://bugzilla.yoctoproject.org/createaccount.cgi

The idea is these bugs should be straight forward for a person to help work on who doesn't have deep experience with the project.  If anyone can help, please take ownership of the bug and send patches!  If anyone needs help/advice there are people on irc who can likely do so, or some of the more experienced contributors will likely be happy to help too.

 

Also, the triage team meets weekly and does its best to handle the bugs reported into the Bugzilla. The number of people attending that meeting has fallen, as have the number of people available to help fix bugs. One of the things we hear users report is they don't know how to help. We (the triage team) are therefore going to start reporting out the currently 398 unassigned or newcomer bugs.

 

We're hoping people may be able to spare some time now and again to help out with these.  Bugs are split into two types, "true bugs" where things don't work as they should and "enhancements" which are features we'd want to add to the system.  There are also roughly four different "priority" classes right now,  “3.5, “3.6”, "3.99" and "Future", the more pressing/urgent issues being in "3.4" and then “3.5”.

 

Please review this link and if a bug is something you would be able to help with either take ownership of the bug, or send me (sjolley.yp.pm@...) an e-mail with the bug number you would like and I will assign it to you (please make sure you have a Bugzilla account).  The list is at: https://wiki.yoctoproject.org/wiki/Bug_Triage_Archive#Unassigned_or_Newcomer_Bugs

 

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 


Yocto Project Status WW05`22

Stephen Jolley
 

Current Dev Position: YP 3.5 M3

Next Deadline: 21th Feb. 2022 YP 3.5 M3 build

 

Next Team Meetings:

 

Key Status/Updates:

  • YP 3.5 M2 has passed QA with one bug highlighted (14708). Due to vacations in Asia the release, if approved, will be made next week.
  • YP 3.1.14 is ready for QA but the release will also be delayed until next week.
  • Upstream glibc are now planning to remove prelink support in 2.36. I think we will still want to remove prelink from OE-Core before our next release though, particularly as it is an LTS.
  • An email proposing inclusive language changes for bitbake and OE-Core has been sent to the community for review. The aim is to implement this before M3.
  • We are seeing networking issues during image testing on the centos8/stream8 workers, possibly due to recent changes in the distro. Help with debugging this welcome.
  • We have also realized there is an issue with hash equivalence where the current mechanism will not account for different headers inside the sysroot added through indirect dependencies (e.g. linux-libc-headers via glibc). This means something like rtcwake in util-linux which uses rtc.h can have differing debug symbols due to differing line numbers yet otherwise be identical. There is a potential fix with downsides in master-next.
  • CVE metrics are still under control for master with pending patches accounted for (thanks Ross!) but work still remains on the various stable branches which have high counts.
  • Intermittent issues continue to be at record high levels and help is very much welcome in trying to resolve them. You can see the list of failures we’re continuing to see by searching for the “AB-INT” tag in bugzilla: https://bugzilla.yoctoproject.org/buglist.cgi?quicksearch=AB-INT

In particular, we’re struggling to understand the intermittent network issue with external hosts we’re seeing very occasionally.

 

Ways to contribute:

 

YP 3.5 Milestone Dates:

  • YP 3.5 M2 is out of QA
  • YP 3.5 M3 build date 2022/02/21
  • YP 3.5 M3 Release date 2022/03/04
  • YP 3.5 M4 build date 2022/04/04
  • YP 3.5 M4 Release date 2022/04/29

 

Upcoming dot releases:

  • YP 3.1.14 is built
  • YP 3.1.14 Release date 2022/02/04
  • YP 3.4.2 build date 2022/02/07
  • YP 3.4.2 Release date 2022/02/18
  • YP 3.3.5 build date 2022/02/14
  • YP 3.3.5 Release date 2022/02/25
  • YP 3.1.15 build date 2022/03/14
  • YP 3.1.15 Release date 2022/03/25
  • YP 3.4.3 build date 2022/03/21
  • YP 3.4.3 Release date 2022/04/01
  • YP 3.3.6 build date 2022/03/28
  • YP 3.3.6 Release date 2022/04/08
  • YP 3.1.16 build date 2022/04/25
  • YP 3.1.16 Release date 2022/05/06

 

Tracking Metrics:

 

The Yocto Project’s technical governance is through its Technical Steering Committee, more information is available at:

https://wiki.yoctoproject.org/wiki/TSC

 

The Status reports are now stored on the wiki at: https://wiki.yoctoproject.org/wiki/Weekly_Status

 

[If anyone has suggestions for other information you’d like to see on this weekly status update, let us know!]

 

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 


Reminder: Yocto Project Technical Team Meeting @ Monthly from 8am on the first Tuesday (PDT)

Stephen Jolley
 

All,

 

Just a reminder we will hold the monthly Yocto Project Technical Meeting at 8am PST tomorrow. (2/1) 

 

Yocto Project Technical Team Meeting: We encourage people attending the meeting to logon and announce themselves on the Yocto Project IRC chancel during the meeting (optional):

Yocto IRC: https://web.libera.chat/#yocto 

Wiki: https://www.yoctoproject.org/public-virtual-meetings/

 

When            Monthly from 8am to 9am on the first Tuesday Pacific Time

Where           Zoom Meeting: https://zoom.us/j/990892712?pwd=cHU1MjhoM2x6ck81bkcrYjRrcmJsUT09

 

We are tracking the minutes at: https://docs.google.com/document/d/1ly8nyhO14kDNnFcW2QskANXW3ZT7QwKC5wWVDg9dDH4/edit?pli=1 Please request access if you want to assist in editing them.  The world should have view access.

 

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 


QA notification for completed autobuilder build (yocto-3.1.14.rc1)

Richard Purdie
 

A build flagged for QA (yocto-3.1.14.rc1) was completed on the autobuilder and
is available at:


https://autobuilder.yocto.io/pub/releases/yocto-3.1.14.rc1


Build hash information:

bitbake: be6ecc160ac4a8d9715257b9b955363cecc081ea
meta-agl: 7a644d636237459c54128a71d083cb6f9e1b8e60
meta-arm: ce535dfb96de4d2529f091d7d85a7172c626001c
meta-aws: 9979cfa676105cb68cfadfdaeabf044d7c919319
meta-gplv2: 60b251c25ba87e946a0ca4cdc8d17b1cb09292ac
meta-intel: 87984115eb6ed1a4c17204629dcb100f6b76fe82
meta-mingw: 524de686205b5d6736661d4532f5f98fee8589b7
meta-openembedded: ab9fca485e13f6f2f9761e1d2810f87c2e4f060a
oecore: f3be01483b01c88f8c4ba24ca73ccf1bcc33665c
poky: bba323389749ec3e306509f8fb12649f031be152



This is an automated message from the Yocto Project Autobuilder
Git: git://git.yoctoproject.org/yocto-autobuilder2
Email: richard.purdie@linuxfoundation.org


Re: How to prevent auto start of matchbox-terminal at boot?

Dave Beal
 

Thanks, Alex!  That was it.  The script that started the matchbox-terminal is /usr/bin/mini-x-session.  I just edited this file and commented out the terminal line and another line that was setting my display to an incorrect resolution.


Where setup KCONF_AUDIT_LEVEL value

Mauro Ziliani
 

Hi all.

The KCONF_AUDIT_LEVEL variable must be setup in a .conf file or I can change it in a recipe?


I try to understand why my file defconfig is not used my kernel configurator


MZ


Re: boot script for barebox in build/deploy/images/$IMAGE_NAME/ directory

Gary Huband
 

In Zeus I have a recipe that installs the file (a u-boot boot.scr for me):

install -m 0644 boot.scr ${DEPLOYDIR}

Make sure the recipe is included in your image.  Then in my machine conf:

IMAGE_BOOT_FILES = "zImage oftree imx7d-phyboard-zeta-004.dtb imx7d-phyboard-zeta-004-m4.dtb boot.scr"

Gary


From: yocto@... <yocto@...> on behalf of Ivan Riabtsov via lists.yoctoproject.org <ivriabtsov=gmail.com@...>
Sent: Saturday, January 29, 2022 10:47 PM
To: Yocto-mailing-list <yocto@...>
Subject: [yocto] boot script for barebox in build/deploy/images/$IMAGE_NAME/ directory
 
Hello everyone, I need to put the boot.sh file in the
build/deploy/images/$IMAGE_NAME/ directory during the build, how can I
do this using the yocto build system?

Gary Huband
Sr. Software and Systems Engineer

Office: 434.284.8071 x720
Direct: 434.260.4995
Gary@...

Follow Us!
LinkedIn  |  Blog  |  Website

: : : : : : : : : : : : : : : : : : : : : : : : : : :

MSi

This email and any files transmitted with it are confidential and proprietary and intended solely for the use of the individual or entity to whom they are addressed. Any dissemination, distribution or copying of this communication is strictly prohibited without our prior permission. If you received this in error, please contact the sender and delete the material from any computer.


Re: Fetch private gitlab repo using ssh with Yocto recipe #bitbake

Sourabh Hegde
 

Hello @Nicolas @Erik @Khem,

Update from my side:

After following some discussion from other posts, I added "config" file.

~/.ssh/config:

Host git.example.com
HostName git.example.com
User git
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_ed25519.pub
# LogLevel DEBUG3

Then I did "eval `ssh-agent -s`"

Then doing "ssh-add ~/.ssh/id_ed25519.pub" results in:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/root/.ssh/id_ed25519.pub' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.

Whereas the permissions are set as:

ls -l -a ~/.ssh

-rw-r--r-- 1 root root  157 Jan 31 10:48 config
-rw------- 1 root root  464 Jan 20 15:26 id_ed25519
-rw-r--r-- 1 root root  109 Jan 20 15:26 id_ed25519.pub
-rw-r--r-- 1 root root  888 Jan 26 08:43 known_hosts

"ssh-agent" is running

ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-lcft54A4nriC/agent.2833; export SSH_AUTH_SOCK;
SSH_AGENT_PID=2834; export SSH_AGENT_PID;
echo Agent pid 2834;

After doing these changes, when I try to "ssh -v git.example.com" to test the connection before running bitbake, I get

OpenSSH_8.2p1 Ubuntu-4ubuntu0.4, OpenSSL 1.1.1f  31 Mar 2020
debug1: Reading configuration data /root/.ssh/config
debug1: /root/.ssh/config line 1: Applying options for git.example.com
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to git.example.com [116.203.241.xxx] port 22.
debug1: connect to address 116.203.241.xxx port 22: Connection refused
ssh: connect to host git.example.com port 22: Connection refused

I don't understand what is the issue here.

@Nicolas Can you please let me know where and how to run below commands? Do I need to run them every time before fetching from gitlab?
  -v $SSH_AUTH_SOCK:/ssh.socket \
  -e SSH_AUTH_SOCK=/ssh.socket \

And also I already have "known_hosts" file with matching entries for key/agent pair.

Can you please let me know how to make this working?

Your help will be much appreciated.

Thanks in advance.


Re: How to prevent auto start of matchbox-terminal at boot?

Alexander Kanavin
 

The logs reveal that 'packagegroup-core-x11 packagegroup-core-x11-base packagegroup-core-x11-xserver' are all installed. x11-base pulls in recipes-graphics/mini-x-session/mini-x-session_0.1.bb which starts a minimal session with a terminal. You should either drop x11-base, or tweak mini-x-session script to do what you want.

Alex


On Mon, 31 Jan 2022 at 01:22, Dave Beal via lists.yoctoproject.org <dbeal=cardinalpeak.com@...> wrote:
Thanks, Alex.  The log file is attached.
 
By the way, I'd be happy with a solution that involves changing a file on the target system after the Yocto build is complete.  The fix doesn't need to be in the Yocto build.
 
= Dave
 




Re: [qa-build-notification] QA notification for completed autobuilder build (yocto-3.5_M2.rc6)

Teoh, Jay Shen
 

Hi all,

This is the full report for yocto-3.5_M2.rc6:
https://git.yoctoproject.org/cgit/cgit.cgi/yocto-testresults-contrib/tree/?h=intel-yocto-testresults

======= Summary ========
No high milestone defects.

new issue found

Bug 14708 - [3.5 M2] Failed to boot up on NFS with systemd

======= Bugs ========
https://bugzilla.yoctoproject.org/show_bug.cgi?id=14708

Thanks,
Jay

-----Original Message-----
From: qa-build-notification@lists.yoctoproject.org <qa-build-
notification@lists.yoctoproject.org> On Behalf Of Richard Purdie
Sent: Tuesday, 25 January, 2022 4:49 PM
To: <yocto@lists.yoctoproject.org> <yocto@lists.yoctoproject.org>
Cc: qa-build-notification <qa-build-notification@lists.yoctoproject.org>
Subject: [qa-build-notification] QA notification for completed autobuilder
build (yocto-3.5_M2.rc6)

A build flagged for QA (yocto-3.5_M2.rc6) was completed on the autobuilder
and is available at:


https://autobuilder.yocto.io/pub/releases/yocto-3.5_M2.rc6


Build hash information:

bitbake: 1f06f326fa8b47e2a4dce756d57a9369a2225201
meta-agl: 7a644d636237459c54128a71d083cb6f9e1b8e60
meta-arm: 254482284d4588532bd7b9d980193e3e41adaa99
meta-aws: 8893e0cd4c0981eeda941eaa9ad2eb9359670502
meta-gplv2: f04e4369bf9dd3385165281b9fa2ed1043b0e400
meta-intel: 4ff5b19ba63ea69c47198e641acbc12e33634cac
meta-mingw: ddbf14b224215f47a5f80fc8154ade8d3bc318e8
meta-openembedded: a558d51fecda3e66ace21d02b57ab61bf122fdc1
oecore: a179485351a0563d12a2fef3e49971122255ed80
poky: 27ff420543f0195dab024698d804aca33f2ae139



This is an automated message from the Yocto Project Autobuilder
Git: git://git.yoctoproject.org/yocto-autobuilder2
Email: richard.purdie@linuxfoundation.org







Re: How to prevent auto start of matchbox-terminal at boot?

Dave Beal
 

Thanks, Alex.  The log file is attached.
 
By the way, I'd be happy with a solution that involves changing a file on the target system after the Yocto build is complete.  The fix doesn't need to be in the Yocto build.
 
= Dave
 


Re: How to prevent auto start of matchbox-terminal at boot?

Alexander Kanavin
 

Please share the log.do_rootfs for your image, otherwise it's difficult to say why the terminal ends up being there and gets autostarted.

Alex


On Sun, 30 Jan 2022 at 22:01, Dave Beal via lists.yoctoproject.org <dbeal=cardinalpeak.com@...> wrote:
Hello Yocto Community -

I am using Yocto to build a core-image-minimal image for Intel hardware.  When the system boots, it automatically starts a matchbox-terminal as root.  This is a huge security hole for this embedded system product, because anyone who plugs in a keyboard and monitor has access to this terminal.  I've spent about two days trying to figure out how to start X without this terminal appearing.  I assume there's a config file somewhere indicating that this terminal should start automatically, but I haven't been able to find it.  Any suggestions?  Thanks!

= Dave Beal
   Cardinal Peak, LLC
   Colorado, USA




How to prevent auto start of matchbox-terminal at boot?

Dave Beal
 

Hello Yocto Community -

I am using Yocto to build a core-image-minimal image for Intel hardware.  When the system boots, it automatically starts a matchbox-terminal as root.  This is a huge security hole for this embedded system product, because anyone who plugs in a keyboard and monitor has access to this terminal.  I've spent about two days trying to figure out how to start X without this terminal appearing.  I assume there's a config file somewhere indicating that this terminal should start automatically, but I haven't been able to find it.  Any suggestions?  Thanks!

= Dave Beal
   Cardinal Peak, LLC
   Colorado, USA


[meta-security][PATCH] lkrg-module: update to 0.9.2

Armin Kuster
 

see https://github.com/lkrg-org/lkrg
Support new stable and mainline kernels 5.14 to at least 5.16-rc*
Support new longterm kernels 5.4.118+, 4.19.191+, 4.14.233+

update SRC_URI as location changed.
refresh patch.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
recipes-kernel/lkrg/files/makefile_cleanup.patch | 8 ++++----
.../lkrg/{lkrg-module_0.9.1.bb => lkrg-module_0.9.2.bb} | 4 ++--
2 files changed, 6 insertions(+), 6 deletions(-)
rename recipes-kernel/lkrg/{lkrg-module_0.9.1.bb => lkrg-module_0.9.2.bb} (84%)

diff --git a/recipes-kernel/lkrg/files/makefile_cleanup.patch b/recipes-kernel/lkrg/files/makefile_cleanup.patch
index 106dc3f..a4db2d9 100644
--- a/recipes-kernel/lkrg/files/makefile_cleanup.patch
+++ b/recipes-kernel/lkrg/files/makefile_cleanup.patch
@@ -4,10 +4,10 @@ This needs more work. Its my starting point.

Signed-off-by: Armin Kuster <akuster808@gmail.com>

-Index: lkrg-0.9.0/Makefile
+Index: lkrg-0.9.2/Makefile
===================================================================
---- lkrg-0.9.0.orig/Makefile
-+++ lkrg-0.9.0/Makefile
+--- lkrg-0.9.2.orig/Makefile
++++ lkrg-0.9.2/Makefile
@@ -4,28 +4,10 @@
# Author:
# - Adam 'pi3' Zabrocki (http://pi3.com.pl)
@@ -39,7 +39,7 @@ Index: lkrg-0.9.0/Makefile
src/modules/hashing/p_lkrg_fast_hash.o \
src/modules/comm_channel/p_comm_channel.o \
src/modules/integrity_timer/p_integrity_timer.o \
-@@ -91,23 +73,14 @@ $(TARGET)-objs += src/modules/ksyms/p_re
+@@ -92,23 +74,14 @@ $(TARGET)-objs += src/modules/ksyms/p_re
src/p_lkrg_main.o


diff --git a/recipes-kernel/lkrg/lkrg-module_0.9.1.bb b/recipes-kernel/lkrg/lkrg-module_0.9.2.bb
similarity index 84%
rename from recipes-kernel/lkrg/lkrg-module_0.9.1.bb
rename to recipes-kernel/lkrg/lkrg-module_0.9.2.bb
index 782c6e3..e055fbe 100644
--- a/recipes-kernel/lkrg/lkrg-module_0.9.1.bb
+++ b/recipes-kernel/lkrg/lkrg-module_0.9.2.bb
@@ -9,10 +9,10 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5105ead24b08a32954f34cbaa7112432"

DEPENDS = "virtual/kernel elfutils"

-SRC_URI = "https://www.openwall.com/lkrg/lkrg-${PV}.tar.gz \
+SRC_URI = "https://download.openwall.net/pub/projects/lkrg/lkrg-${PV}.tar.gz \
file://makefile_cleanup.patch "

-SRC_URI[sha256sum] = "cabbee1addbf3ae23a584203831e4bd1b730d22bfd1b3e44883214f220b3babd"
+SRC_URI[sha256sum] = "c2b501c47089cce3ec3114cef6520b73aa3a098836183186b9bb5e097c99ac27"

S = "${WORKDIR}/lkrg-${PV}"

--
2.25.1


boot script for barebox in build/deploy/images/$IMAGE_NAME/ directory

Ivan Riabtsov <ivriabtsov@...>
 

Hello everyone, I need to put the boot.sh file in the
build/deploy/images/$IMAGE_NAME/ directory during the build, how can I
do this using the yocto build system?


[meta-security][PATCH 2/2] tpm2-pkcs11_1.7.0: Drop dstat from DPENDS

Armin Kuster
 

dstat was removed from meta-oe.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.7.0.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.7.0.bb b/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.7.0.bb
index 3a0917a..d70dbfa 100644
--- a/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.7.0.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.7.0.bb
@@ -4,7 +4,7 @@ SECTION = "security/tpm"
LICENSE = "BSD-2-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=0fc19f620a102768d6dbd1e7166e78ab"

-DEPENDS = "autoconf-archive pkgconfig dstat sqlite3 openssl libtss2-dev tpm2-tools libyaml p11-kit python3-setuptools-native"
+DEPENDS = "autoconf-archive pkgconfig sqlite3 openssl libtss2-dev tpm2-tools libyaml p11-kit python3-setuptools-native"

SRC_URI = "git://github.com/tpm2-software/tpm2-pkcs11.git;branch=master;protocol=https \
file://bootstrap_fixup.patch \
--
2.25.1

1081 - 1100 of 57074