see https://github.com/lkrg-org/lkrg
Support new stable and mainline kernels 5.14 to at least 5.16-rc*
Support new longterm kernels 5.4.118+, 4.19.191+, 4.14.233+

update SRC_URI as location changed.
refresh patch.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
recipes-kernel/lkrg/files/makefile_cleanup.patch | 8 ++++----
.../lkrg/{lkrg-module_0.9.1.bb => lkrg-module_0.9.2.bb} | 4 ++--
2 files changed, 6 insertions(+), 6 deletions(-)
rename recipes-kernel/lkrg/{lkrg-module_0.9.1.bb => lkrg-module_0.9.2.bb} (84%)

diff --git a/recipes-kernel/lkrg/files/makefile_cleanup.patch b/recipes-kernel/lkrg/files/makefile_cleanup.patch
index 106dc3f..a4db2d9 100644
--- a/recipes-kernel/lkrg/files/makefile_cleanup.patch
+++ b/recipes-kernel/lkrg/files/makefile_cleanup.patch
@@ -4,10 +4,10 @@ This needs more work. Its my starting point.

Signed-off-by: Armin Kuster <akuster808@gmail.com>

-Index: lkrg-0.9.0/Makefile
+Index: lkrg-0.9.2/Makefile
===================================================================
---- lkrg-0.9.0.orig/Makefile
-+++ lkrg-0.9.0/Makefile
+--- lkrg-0.9.2.orig/Makefile
++++ lkrg-0.9.2/Makefile
@@ -4,28 +4,10 @@
# Author:
# - Adam 'pi3' Zabrocki (http://pi3.com.pl)
@@ -39,7 +39,7 @@ Index: lkrg-0.9.0/Makefile
src/modules/hashing/p_lkrg_fast_hash.o \
src/modules/comm_channel/p_comm_channel.o \
src/modules/integrity_timer/p_integrity_timer.o \
-@@ -91,23 +73,14 @@ $(TARGET)-objs += src/modules/ksyms/p_re
+@@ -92,23 +74,14 @@ $(TARGET)-objs += src/modules/ksyms/p_re
src/p_lkrg_main.o


diff --git a/recipes-kernel/lkrg/lkrg-module_0.9.1.bb b/recipes-kernel/lkrg/lkrg-module_0.9.2.bb
similarity index 84%
rename from recipes-kernel/lkrg/lkrg-module_0.9.1.bb
rename to recipes-kernel/lkrg/lkrg-module_0.9.2.bb
index 782c6e3..e055fbe 100644
--- a/recipes-kernel/lkrg/lkrg-module_0.9.1.bb
+++ b/recipes-kernel/lkrg/lkrg-module_0.9.2.bb
@@ -9,10 +9,10 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5105ead24b08a32954f34cbaa7112432"

DEPENDS = "virtual/kernel elfutils"

-SRC_URI = "https://www.openwall.com/lkrg/lkrg-${PV}.tar.gz \
+SRC_URI = "https://download.openwall.net/pub/projects/lkrg/lkrg-${PV}.tar.gz \
file://makefile_cleanup.patch "

-SRC_URI[sha256sum] = "cabbee1addbf3ae23a584203831e4bd1b730d22bfd1b3e44883214f220b3babd"
+SRC_URI[sha256sum] = "c2b501c47089cce3ec3114cef6520b73aa3a098836183186b9bb5e097c99ac27"

S = "${WORKDIR}/lkrg-${PV}"

--
2.25.1

Hello everyone, I need to put the boot.sh file in the
build/deploy/images/$IMAGE_NAME/ directory during the build, how can I
do this using the yocto build system?

dstat was removed from meta-oe.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.7.0.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.7.0.bb b/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.7.0.bb
index 3a0917a..d70dbfa 100644
--- a/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.7.0.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.7.0.bb
@@ -4,7 +4,7 @@ SECTION = "security/tpm"
LICENSE = "BSD-2-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=0fc19f620a102768d6dbd1e7166e78ab"

-DEPENDS = "autoconf-archive pkgconfig dstat sqlite3 openssl libtss2-dev tpm2-tools libyaml p11-kit python3-setuptools-native"
+DEPENDS = "autoconf-archive pkgconfig sqlite3 openssl libtss2-dev tpm2-tools libyaml p11-kit python3-setuptools-native"

SRC_URI = "git://github.com/tpm2-software/tpm2-pkcs11.git;branch=master;protocol=https \
file://bootstrap_fixup.patch \
--
2.25.1

fixes:
packagegroup-security-tpm2-1.0-r0 do_package_write_rpm: An allarch packagegroup shouldn't depend on packages which are dynamically renamed (libtss2-tcti-device to libtss2-tcti-device0)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../recipes-core/packagegroup/packagegroup-security-tpm2.bb | 3 ---
1 file changed, 3 deletions(-)

diff --git a/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb b/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb
index b8324e5..fb36fab 100644
--- a/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb
+++ b/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb
@@ -13,9 +13,6 @@ RDEPENDS:packagegroup-security-tpm2 = " \
trousers \
tpm2-tss \
libtss2 \
- libtss2-mu \
- libtss2-tcti-device \
- libtss2-tcti-mssim \
tpm2-abrmd \
tpm2-pkcs11 \
"
--
2.25.1

Hi list.

I solved my problem working with distutils parameteres inside myapp.bb recipe


Mauro

On 2022-01-04 10:00, staticd wrote:

One final update for anyone who might run into this problem.
With all of my fiddling/twiddling I failed to get libquadmath to build under the `zeus` branch.  Unfortunately, my other layer dependencies only support `zeus` so it seems I will have to wait until they support a branch that can build `libquadmath`.
I am fairly certain there is just a simple mistake somewhere but, alas, I have been unable to find where that is.

Hi,

If you can come up with a reasonably simple reproducer and
it fails on a supported branch:
https://wiki.yoctoproject.org/wiki/Releases

then we'd appreciate if if you could report the bug in the YP Bugzilla:

https://wiki.yoctoproject.org/wiki/Bugzilla_Configuration_and_Bug_Tracking

Don't worry too much about getting every field right if you aren't familiar
with the overall project.


There's no guarantee that we'll get someone to work on it but
at least it's tracked and we might get to it at some point.

../Randy

On Mon, Jan 3, 2022 at 4:55 PM staticd <staticd@gmail.com <mailto:staticd@gmail.com>> wrote:
I made some progress...
It turns out that libquadmath is failing to build.
When I goto the
`build/tmp/work/...../gcc-runtime/9.2.0-r0/gcc-9.2.0/build.arm-oe-linux-gnueabi.arm-oe-linux-gnueabi/arm-oe-linux-gnueabi/libquadmath`
directory, the only files that are there are:
```
libquadmath  ] ls -l
total 476
-rw-r--r--. 1 2017 oe-builder   4433 Jan  3 16:17 config.h
-rw-r--r--. 1 2017 oe-builder  69297 Jan  3 16:17 config.log
-rwxr-xr-x. 1 2017 oe-builder  77122 Jan  3 16:17 config.status
-rwxr-xr-x. 1 2017 oe-builder 267083 Jan  3 16:17 libtool
-rw-r--r--. 1 2017 oe-builder  57241 Jan  3 16:17 Makefile
-rw-r--r--. 1 2017 oe-builder     23 Jan  3 16:17 stamp-h1
```
In the config.log, there are errors, some of which are expected, but
still:
```
libquadmath  ] grep -i error config.log
arm-oe-linux-gnueabi-gcc: error: unrecognized command line option '-V'
arm-oe-linux-gnueabi-gcc: fatal error: no input files
arm-oe-linux-gnueabi-gcc: error: unrecognized command line option
'-qversion'; did you mean '--version'?
arm-oe-linux-gnueabi-gcc: fatal error: no input files
conftest.c:11:10: fatal error: ac_nonexistent.h: No such file or
directory
arm-oe-linux-gnueabi-gcc: error: unrecognized command line option '-V'
arm-oe-linux-gnueabi-gcc: fatal error: no input files
arm-oe-linux-gnueabi-gcc: error: unrecognized command line option
'-qversion'; did you mean '--version'?
arm-oe-linux-gnueabi-gcc: fatal error: no input files
conftest.c:28:10: fatal error: ac_nonexistent.h: No such file or
directory
configure:12551: arm-oe-linux-gnueabi-gcc  -mthumb -mfpu=neon
-mfloat-abi=hard -mcpu=cortex-a9
--sysroot=/home/oe-builder/build/tmp-glibc/work/cortexa9t2hf-neon-oe-linux-gnueabi/gcc-runtime/9.2.0-r0/recipe-sysroot
-c  -O2 -pipe -g -feliminate-unused-debug-types -fdebug-prefix-map=/home/oe-builder/build/tmp-glibc/work/cortexa9t2hf-neon-oe-linux-gnueabi/gcc-runtime/9.2.0-r0/recipe-sysroot=
 -fdebug-prefix-map=/home/oe-builder/build/tmp-glibc/work/cortexa9t2hf-neon-oe-linux-gnueabi/gcc-runtime/9.2.0-r0/recipe-sysroot-native=    -fdebug-prefix-map=/home/oe-builder/build/tmp-glibc/work-shared/gcc-9.2.0-r0/gcc-9.2.0=/usr/src/debug/gcc-runtime/9.2.0-r0    -fdebug-prefix-map=/home/oe-builder/build/tmp-glibc/work-shared/gcc-9.2.0-r0/gcc-9.2.0/include=/usr/src/debug/gcc-runtime/9.2.0-r0/libstdc++-v3/../include    -fdebug-prefix-map=/home/oe-builder/build/tmp-glibc/work-shared/gcc-9.2.0-r0/gcc-9.2.0/libiberty=/usr/src/debug/gcc-runtime/9.2.0-r0/libstdc++-v3/../libiberty    -fdebug-prefix-map=/home/oe-builder/build/tmp-glibc/work/cortexa9t2hf-neon-oe-linux-gnueabi/gcc-runtime/9.2.0-r0/gcc-9.2.0/build.arm-oe-linux-gnueabi.arm-oe-linux-gnueabi=/usr/src/debug/gcc-runtime/9.2.0-r0     -Werror  conftest.c >&5
glibcxx_cv_system_error10=yes
glibcxx_cv_system_error11=yes
glibcxx_cv_system_error12=yes
glibcxx_cv_system_error13=yes
glibcxx_cv_system_error14=yes
glibcxx_cv_system_error15=yes
glibcxx_cv_system_error16=yes
glibcxx_cv_system_error17=yes
glibcxx_cv_system_error18=yes
glibcxx_cv_system_error19=yes
glibcxx_cv_system_error1=yes
glibcxx_cv_system_error2=yes
glibcxx_cv_system_error3=yes
glibcxx_cv_system_error4=yes
glibcxx_cv_system_error5=yes
glibcxx_cv_system_error6=yes
glibcxx_cv_system_error7=yes
glibcxx_cv_system_error8=yes
glibcxx_cv_system_error9=yes
```
If I check out another library that I expect to get, like, `libitm`,
I see:
```
libquadmath  ] ls -trl ../libitm/
total 2872
-rwxr-xr-x. 1 2017 oe-builder  97435 Jan  3 16:17 config.status
-rw-r--r--. 1 2017 oe-builder  47665 Jan  3 16:17 Makefile
drwxr-xr-x. 2 2017 oe-builder     22 Jan  3 16:17 testsuite
-rw-r--r--. 1 2017 oe-builder    162 Jan  3 16:17 libitm.spec
-rw-r--r--. 1 2017 oe-builder   5251 Jan  3 16:17 config.h
-rw-r--r--. 1 2017 oe-builder     23 Jan  3 16:17 stamp-h1
-rwxr-xr-x. 1 2017 oe-builder 274850 Jan  3 16:17 libtool
-rw-r--r--. 1 2017 oe-builder    868 Jan  3 16:17 gstdint.h
-rw-r--r--. 1 2017 oe-builder 119521 Jan  3 16:17 config.log
-rw-r--r--. 1 2017 oe-builder  50080 Jan  3 16:18 alloc_c.o
...
-rw-r--r--. 1 2017 oe-builder    931 Jan  3 16:18 libitm.la
<http://libitm.la>
```
Have you seen something like this before?  I am not sure how to fix
this...
Any help is greatly appreciated.
On Sun, Jan 2, 2022 at 5:13 PM staticd via lists.yoctoproject.org
<http://lists.yoctoproject.org>
<staticd=gmail.com@lists.yoctoproject.org
<mailto:gmail.com@lists.yoctoproject.org>> wrote:
So, I built the latest poky and created the example recipe with
the `DEPENDS` from my recipe and indeed, I see `libquadmath.so
<http://libquadmath.so>`
in `sysroots-components/`.
I am really scratching my head now.  I must be missing something
silly somewhere...
My build environment is running `zeus`  and the latest `poky` I
grabbed is `honister`  Perhaps something changed that I am just
overlooking somehow.
On Sun, Jan 2, 2022 at 2:18 PM staticd via
lists.yoctoproject.org
<http://lists.yoctoproject.org>
<staticd=gmail.com@lists.yoctoproject.org
<mailto:gmail.com@lists.yoctoproject.org>> wrote:
Thank you, Konrad.
I have tried both of the approaches (local.conf and
gcc-runtime_%.bbappend/gcc_%.bbappend), still
`libquadmath.so
<http://libquadmath.so>`
is not being built.
I will keep fiddling but I think we are onto something.
The interesting thing I found is that `libquadmath.so
<http://libquadmath.so>`
IS being built for the nativesdk but NOT when I add `DEPENDS
= "virtual/${TARGET_PREFIX}compillerlibs"` to my recipe.
Perhaps, because `FORTRAN = ""` is in the gcc_%.bb, maybe
that should be something less strict?
I might be screwing up my bbappend too...
My append is in
`meta-mylayer/recipes-devtools/gcc/gcc-runtime_%.bbappend`
Which is mapped correctly to $BBFILES n my layers `layer.conf`
On Sun, Jan 2, 2022 at 2:07 PM Konrad Weihmann
<kweihmann@outlook.com <mailto:kweihmann@outlook.com>> wrote:
The following I just found in local.conf.sample.extended
# Enabling FORTRAN
# Note this is not officially supported and is just
illustrated here to
# show an example of how it can be done
# You'll also need your fortran recipe to depend on
libgfortran
FORTRAN:forcevariable = ",fortran"
guess that will solve your issue without the need for a
bbappend.
Just inject that line via distro or local.conf
On 02.01.22 18:31, staticd wrote:
> I think to clarify...what I need are these files:
>
> --- snipped from gcc-runtime.inc ---
> ```
> FILES_libquadmath = "${libdir}/libquadmath*.so.*"
> SUMMARY_libquadmath = "GNU quad-precision math library"
> FILES_libquadmath-dev = "\
>      ${libdir}/${TARGET_SYS}/${BINV}/include/quadmath* \
>      ${libdir}/libquadmath*.so \
>      ${libdir}/libquadmath.la
<http://libquadmath.la>
<http://libquadmath.la
<http://libquadmath.la>>
\
> "
> ```
> ---
> to be in my $STAGING_LIBDIR
>
> So far, I have been unable to figure out how to do
that, unfortunately.
>
> On Sun, Jan 2, 2022 at 12:23 PM staticd
<staticd@gmail.com <mailto:staticd@gmail.com>
> <mailto:staticd@gmail.com
<mailto:staticd@gmail.com>>> wrote:
>
>     Thank you, Michael.
>
>     I have `DEPENDS =
"virtual/arm-oe-linux-gnueabi-compilerlibs"`
>
>     and `do_compile[depends] +=
>     "virtual/arm-oe-linux-gnueabi-compilerlibs:do_check"`
>
>     However, libquadmath.so
<http://libquadmath.so>
is still not present in `recipe-sysroot/lib`
>
>     I used the `do_check` task from gcc_runtime but
that still isn't
>     providing `libquadmath.so
<http://libquadmath.so>`
in my $STAGING_LIBDIR, which is where I
>     need it.
>
>     Many thanks.
>
>     On Sun, Jan 2, 2022 at 12:17 PM Michael Ho
<michael.ho@ieee.org <mailto:michael.ho@ieee.org>
>     <mailto:michael.ho@ieee.org
<mailto:michael.ho@ieee.org>>> wrote:
>
>         Not familiar with Fortran but maybe it helps
to know that this
>         is normally handled with the DEPENDS
mechanism. When you add
>         other recipes as dependencies to your recipe,
the task
>         do_prepare_recipe_sysroot (run before
do_compile) will make hard
>         links to the files from those dependency
recipes into that
>         recipe-sysroot directory.
>
>         See:
>
https://docs.yoctoproject.org/singleindex.html#do-prepare-recipe-sysroot
<https://docs.yoctoproject.org/singleindex.html#do-prepare-recipe-sysroot>
>
 <https://docs.yoctoproject.org/singleindex.html#do-prepare-recipe-sysroot <https://docs.yoctoproject.org/singleindex.html#do-prepare-recipe-sysroot>>
>
>         Kind regards,
>         Michael
>
>         On Sun, 2 Jan 2022, 6:06 pm staticd,
<staticd@gmail.com <mailto:staticd@gmail.com>
>         <mailto:staticd@gmail.com
<mailto:staticd@gmail.com>>> wrote:
>
>             okay...I think I have a more interesting
question now...
>
>             In the package I am building I have some
Fortran code that
>             requires `libquadmath`
>
>             I see that `gcc-runtime` provides the
library but I need the
>             library present in `recipe-sysroot/lib`
when my `do_compile`
>             runs
>
>             Is there a way for me to do that?
>
>             My current approach is to build my image,
copy the
>             libraries/includes to my recipe and
`install` them in
>             `recipe-sysroot` before `do_compile`
>
>             This doesn't seem like the correct
approach but I am not
>             sure how else to do it at this point
>
>             Any help would be greatly appreciated.
>
>
>
>
>
>
>

--
# Randy MacLeod
# Wind River Linux

On 2022-01-26 11:17, Paul van Berlo wrote:

Hello,

so I'm a bit at a loss. I admit, I've not yet been using Yocto for a long time. I'm trying to use base-utils as provided by packagegroup-core-base-utils to have a more full featured set of base utils instead of busybox. It all builds just fine, however, whatever I do (using dunfell), it ends up with a kernel panic during boot.

I added the following to local.conf on a clean clone of poky:

INIT_MANAGER="systemd"

IMAGE_FSTYPES="live"

PREFERRED_PROVIDER_base-utils = "packagegroup-core-base-utils"
VIRTUAL-RUNTIME_base-utils = "packagegroup-core-base-utils"
VIRTUAL-RUNTIME_base-utils-hwclock = "util-linux-hwclock"
VIRTUAL-RUNTIME_base-utils-syslog = ""

Hi Paul,

Try adding:

VIRTUAL-RUNTIME_base-utils-syslog = "syslog"

as shown on:

https://git.yoctoproject.org/poky/tree/meta-poky/conf/local.conf.sample.extended#n371

I would expect that since you have systemd, you'd have the systemd journal as well so
you wouldn't need syslog but it would be good to do a sanity check.


If that doesn't help, show us what the kernel panic is saying.
Is this with a custom BSP and if so can you reproduce with qemux86-64?

Try the same things using poky on the master branch if you can.

../Randy

Does anyone have any idea how to get this to work?

Regards,

Paul van Berlo

--
# Randy MacLeod
# Wind River Linux

On Fri, Jan 28, 2022 at 2:27 AM VIVAVIS AG <embedded@vivavis.com> wrote:

Hi,

Von: yocto@lists.yoctoproject.org <yocto@lists.yoctoproject.org> Im Auftrag von Sourabh Hegde
Gesendet: Freitag, 28. Januar 2022 10:47

Can you please let me know how to "forward SSH_AGENT into it to be able
to fetch from internal projects without the need to mount the key into the container."? I never did that before.

I use the following options within the Docker run command:
-v $SSH_AUTH_SOCK:/ssh.socket \
-e SSH_AUTH_SOCK=/ssh.socket \

Furthermore, I had to mount the .ssh folder into the container to make it working (be aware of security risk).
Additionally, you should check that uid, gid of the user in the container is the same on the host.

yeah something like that works, we use it for yoe which always uses
container to build
see

https://github.com/YoeDistro/yoe-distro/blob/master/envsetup.sh#L528-L541

Regards,

Carsten

On 2022-01-24 13:04, Praveen wrote:

I am looking for Custom SDK with filtered Header files/libraries based on some rules/approvals. It means not all files from YoctoSDK will be packaged in the CustomSDK.

 

What is the mechanism or approach where we can pull only those approved header files & libraries from YoctoSDK and package as Customized SDK tar?

 

Is there a way we can fetch those approved header files from YOCTO SDK and filter it?

I am thinking like creating subset versioned module recipe and specify those approved header files and package only those files. Is there any better mechanism on packaging or filtering the SDK based on some rules to filter some header files?

Like for example in YoctoSDK, we have 2 modules
moduleA (A1.h, A2.h,A3.h and libA.so),
moduleB (B1.h, B2.h, B3.h and libB.so)
Lets say A3.h & B3.h are not approved in my Custom SDK, then in final Customer SDK we will only package
moduleA (A1.h, A2.h and libA.so), moduleB (B1.h, B2.h, and libB.so)

I want to keep YoctoSDK without any filters, so that A3.h/B3.h can be used for internal purposes without any issue.

Hi Praveen,

I'm not aware of anyone else doing that.

For libraries/recipes, you could just omit certain packages from the eSDK but you don't seem to want to do that.

What is your goal in filtering headers and libraries rather than say generating two SDKs:
one that is unrestricted and the other with limited APIs ?

That is, can you not package each moduleA as moduleA and moduleA-private using Yocto's packaging

mechanism with the *3.h files being in the private packages?

I don't work with the SDK very much so I could be out in left field but
if I am, hopefully someone will reply and straighten us both out!

../Randy

../Randy

-- 
# Randy MacLeod
# Wind River Linux

-- 
# Randy MacLeod
# Wind River Linux

I am looking for Custom SDK with filtered Header files/libraries based on some rules/approvals. It means not all files from YoctoSDK will be packaged in the CustomSDK.

 

What is the mechanism or approach where we can pull only those approved header files & libraries from YoctoSDK and package as Customized SDK tar?

 

Is there a way we can fetch those approved header files from YOCTO SDK and filter it?

I am thinking like creating subset versioned module recipe and specify those approved header files and package only those files. Is there any better mechanism on packaging or filtering the SDK based on some rules to filter some header files?

Like for example in YoctoSDK, we have 2 modules moduleA (A1.h, A2.h,A3.h and libA.so), moduleB (B1.h, B2.h, B3.h and libB.so)
Lets say A3.h & B3.h are not approved in my Custom SDK, then in final Customer SDK we will only package
moduleA (A1.h, A2.h and libA.so), moduleB (B1.h, B2.h, and libB.so)

I want to keep YoctoSDK without any filters, so that A3.h/B3.h can be used for internal purposes without any issue.

Hi Praveen,

I'm not aware of anyone else doing that.

For libraries/recipes, you could just omit certain packages from the eSDK but you don't seem to want to do that.

What is your goal in filtering headers and libraries rather than say generating two SDKs:
one that is unrestricted and the other with limited APIs ?

../Randy

-- 
# Randy MacLeod
# Wind River Linux

On Fri, Jan 28, 2022 at 11:50 AM Nicolas Jeker <n.jeker@delisys.ch> wrote:

On Fri, 2022-01-28 at 10:27 +0000, VIVAVIS AG wrote:

Hi,

Von: yocto@lists.yoctoproject.org <yocto@lists.yoctoproject.org> Im
Auftrag von Sourabh Hegde
Gesendet: Freitag, 28. Januar 2022 10:47

Can you please let me know how to "forward SSH_AGENT into it to be
able
to fetch from internal projects without the need to mount the key
into the container."? I never did that before.

I use the following options within the Docker run command:
-v $SSH_AUTH_SOCK:/ssh.socket \
-e SSH_AUTH_SOCK=/ssh.socket \

That's pretty much what I use.

Furthermore, I had to mount the .ssh folder into the container to
make it working (be aware of security risk).
Additionally, you should check that uid, gid of the user in the
container is the same on the host.

I do something similar, my "problem" was that ssh needs the
.ssh/known_hosts file with a matching entry in addition to your
key/agent, but mounting the .ssh folder was not possible for me because
of permissions. Currently, I just created a little script that wraps
"oe-init-build-env" and populates the known_hosts file accordingly.

mkdir -p ~/.ssh

cat <<EOF >> ~/.ssh/known_hosts
git.example.com ssh-ed25519 <base64key>
EOF

I use my own Dockerfile based on crops/poky where I do the following,
which might be helpful if you also use this. It sets up the config
changes in /etc/skel/ since it creates users "on the fly" with
matching uid.

# Remove strict host key checking for ssh
# This is needed since the build will pull source over git-ssh
RUN mkdir -p /etc/skel/.ssh/
COPY ci-scripts/docker-stuff/config /etc/skel/.ssh/
RUN echo 'export GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null
-o StrictHostKeyChecking=no"' >> /etc/skel/.bashrc


The ci-scripts/docker-stuff/config file contains:
Host *
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null

Now it was ages ago I set this up, and right now I can't really
understand why I basically do the same thing twice. So you'd have to
check which of the two things that actually solves the issue :-)

Cheers,
Erik

Regards,

Carsten

On Fri, 2022-01-28 at 10:27 +0000, VIVAVIS AG wrote:

Hi,
 

Von: yocto@lists.yoctoproject.org <yocto@lists.yoctoproject.org> Im
Auftrag von Sourabh Hegde
Gesendet: Freitag, 28. Januar 2022 10:47

Can you please let me know how to "forward SSH_AGENT into it to be
able
to fetch from internal projects without the need to mount the key
into the container."? I never did that before.

I use the following options within the Docker run command:
  -v $SSH_AUTH_SOCK:/ssh.socket \
  -e SSH_AUTH_SOCK=/ssh.socket \

That's pretty much what I use.

Furthermore, I had to mount the .ssh folder into the container to
make it working (be aware of security risk).
Additionally, you should check that uid, gid of the user in the
container is the same on the host.

I do something similar, my "problem" was that ssh needs the
.ssh/known_hosts file with a matching entry in addition to your
key/agent, but mounting the .ssh folder was not possible for me because
of permissions. Currently, I just created a little script that wraps
"oe-init-build-env" and populates the known_hosts file accordingly.

mkdir -p ~/.ssh

cat <<EOF >> ~/.ssh/known_hosts
git.example.com ssh-ed25519 <base64key>
EOF

Regards,

Carsten

Hi,

Von: yocto@lists.yoctoproject.org <yocto@lists.yoctoproject.org> Im Auftrag von Sourabh Hegde
Gesendet: Freitag, 28. Januar 2022 10:47

Can you please let me know how to "forward SSH_AGENT into it to be able
to fetch from internal projects without the need to mount the key into the container."? I never did that before.

I use the following options within the Docker run command:
-v $SSH_AUTH_SOCK:/ssh.socket \
-e SSH_AUTH_SOCK=/ssh.socket \

Furthermore, I had to mount the .ssh folder into the container to make it working (be aware of security risk).
Additionally, you should check that uid, gid of the user in the container is the same on the host.

Regards,

Carsten

On Tue, 2022-01-25 at 23:16 -0800, hrsourabh011@gmail.com wrote:

I am trying to fetch a private gitlab repo within Yocto image recipe
using SSH protocol. In my image recipe I have passed SRC_URI as:

SRC_URI = " \
        gitsm://git@git.example.com:2224/blah/blah/blah/blah;protocol
=ssh;branch=master \
"

I use almost the same, just without submodules.

SRC_URI =
"git://git@git.example.com:1234/group/project.git;protocol=ssh"

It should "just work" if ssh is able to find your key. I often build in
a docker container, so I have to forward SSH_AGENT into it to be able
to fetch from internal projects without the need to mount the key into
the container. I don't really have any insight for builds outside
docker, if git clone works, the bitbake fetcher should too.

But this results in the error:

<snip>

But I am able to clone the repo using git clone.
SSH key is already added to the Gitlab. There is no config file in my
~/.ssh. Do I need to create a config file? What should be the content
of the config file?

You should not need a ssh config file.

Can anyone please let me know how to resolve this?
Thanks in advance.