Date   

[meta-mingw] [PATCH] flex: Add missing dependency on libgnurx

Khem Raj
 

Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
recipes-devtools/flex/flex_%.bbappend | 3 +++
1 file changed, 3 insertions(+)
create mode 100644 recipes-devtools/flex/flex_%.bbappend

diff --git a/recipes-devtools/flex/flex_%.bbappend b/recipes-devtools/flex/flex_%.bbappend
new file mode 100644
index 0000000..898c75a
--- /dev/null
+++ b/recipes-devtools/flex/flex_%.bbappend
@@ -0,0 +1,3 @@
+FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
+
+DEPENDS:append:class-nativesdk:mingw32 = " nativesdk-mingw-libgnurx"
--
2.33.1


[meta-security][honister][PATCH] recipes: Update SRC_URI branch and protocols

Armin Kuster
 

This patch updates SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls as generated by the conversion script
in OE-Core.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 7e27eb5fca7a22e82251f79103bb12d2b70307fb)
---
.../recipes-openscap/oe-scap/oe-scap_1.0.bb | 2 +-
.../recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb | 2 +-
.../recipes-openscap/openscap/openscap_1.3.3.bb | 2 +-
.../recipes-openscap/openscap/openscap_git.bb | 2 +-
.../scap-security-guide/scap-security-guide_0.1.44.bb | 2 +-
.../scap-security-guide/scap-security-guide_git.bb | 2 +-
meta-tpm/recipes-tpm/libtpm/libtpm_0.8.7.bb | 2 +-
.../recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb | 2 +-
meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb | 2 +-
meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb | 2 +-
meta-tpm/recipes-tpm/tpm-quote-tools/tpm-quote-tools_1.0.4.bb | 2 +-
meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb | 2 +-
meta-tpm/recipes-tpm/trousers/trousers_git.bb | 2 +-
meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb | 2 +-
meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.6.0.bb | 2 +-
meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb | 2 +-
meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb | 2 +-
meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb | 2 +-
recipes-ids/crowdsec/crowdsec_1.1.1.bb | 2 +-
recipes-ids/ossec/ossec-hids_3.6.0.bb | 2 +-
recipes-ids/tripwire/tripwire_2.4.3.7.bb | 2 +-
recipes-mac/smack/smack_1.3.1.bb | 2 +-
recipes-scanners/checksec/checksec_2.4.0.bb | 2 +-
recipes-scanners/clamav/clamav_0.104.0.bb | 2 +-
recipes-security/chipsec/chipsec_git.bb | 2 +-
recipes-security/fail2ban/python3-fail2ban_0.11.2.bb | 2 +-
recipes-security/fscrypt/fscrypt_1.0.0.bb | 2 +-
recipes-security/fscryptctl/fscryptctl_1.0.0.bb | 2 +-
.../google-authenticator-libpam_1.08.bb | 2 +-
recipes-security/libest/libest_3.2.0.bb | 2 +-
recipes-security/libmspack/libmspack_1.9.1.bb | 2 +-
recipes-security/ncrack/ncrack_0.7.bb | 2 +-
recipes-security/nikto/nikto_2.1.6.bb | 2 +-
33 files changed, 33 insertions(+), 33 deletions(-)

diff --git a/meta-security-compliance/recipes-openscap/oe-scap/oe-scap_1.0.bb b/meta-security-compliance/recipes-openscap/oe-scap/oe-scap_1.0.bb
index 0fef233..7e9f214 100644
--- a/meta-security-compliance/recipes-openscap/oe-scap/oe-scap_1.0.bb
+++ b/meta-security-compliance/recipes-openscap/oe-scap/oe-scap_1.0.bb
@@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://README.md;md5=46dec9f167b6e05986cb4023df6d92f4"
LICENSE = "MIT"

SRCREV = "7147871d7f37d408c0dd7720ef0fd3ec1b54ad98"
-SRC_URI = "git://github.com/akuster/oe-scap.git"
+SRC_URI = "git://github.com/akuster/oe-scap.git;branch=master;protocol=https"
SRC_URI += " \
file://run_cve.sh \
file://run_test.sh \
diff --git a/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb b/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb
index f109566..549a888 100644
--- a/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb
+++ b/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb
@@ -9,7 +9,7 @@ LICENSE = "LGPL-2.1"
DEPENDS = "python3-dbus"

SRCREV = "f25b16afb6ac761fea13132ff406fba4cdfd2b76"
-SRC_URI = "git://github.com/OpenSCAP/openscap-daemon.git \
+SRC_URI = "git://github.com/OpenSCAP/openscap-daemon.git;branch=master;protocol=https \
file://0001-Renamed-module-and-variables-to-get-rid-of-async.patch \
"

diff --git a/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.3.bb b/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.3.bb
index 51fa9ee..192b008 100644
--- a/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.3.bb
+++ b/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.3.bb
@@ -3,7 +3,7 @@ SUMARRY = "NIST Certified SCAP 1.2 toolkit"
require openscap.inc

SRCREV = "0cb55c55af6be9934d6fd0caf4563b206f289732"
-SRC_URI = "git://github.com/OpenSCAP/openscap.git;branch=maint-1.3 \
+SRC_URI = "git://github.com/OpenSCAP/openscap.git;branch=maint-1.3;protocol=https \
"

DEFAULT_PREFERENCE = "-1"
diff --git a/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb b/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb
index 73a4729..a18cbd1 100644
--- a/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb
+++ b/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb
@@ -6,7 +6,7 @@ SUMARRY = "NIST Certified SCAP 1.2 toolkit with OE changes"
include openscap.inc

SRCREV = "a85943eee400fdbe59234d1c4a02d8cf710c4625"
-SRC_URI = "git://github.com/akuster/openscap.git;branch=oe-1.3 \
+SRC_URI = "git://github.com/akuster/openscap.git;branch=oe-1.3;protocol=https \
"

PV = "1.3.3+git${SRCPV}"
diff --git a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_0.1.44.bb b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_0.1.44.bb
index d80ecd7..ecf136d 100644
--- a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_0.1.44.bb
+++ b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_0.1.44.bb
@@ -1,7 +1,7 @@
SUMARRY = "SCAP content for various platforms, upstream version"

SRCREV = "8cb2d0f351faff5440742258782281164953b0a6"
-SRC_URI = "git://github.com/ComplianceAsCode/content.git"
+SRC_URI = "git://github.com/ComplianceAsCode/content.git;branch=master;protocol=https"

DEFAULT_PREFERENCE = "-1"

diff --git a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb
index 0617c56..ddde5cc 100644
--- a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb
+++ b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb
@@ -1,7 +1,7 @@
SUMARRY = "SCAP content for various platforms, OE changes"

SRCREV = "5fdfdcb2e95afbd86ace555beca5d20cbf1043ed"
-SRC_URI = "git://github.com/akuster/scap-security-guide.git;branch=oe-0.1.44; \
+SRC_URI = "git://github.com/akuster/scap-security-guide.git;branch=oe-0.1.44;;protocol=https \
file://0001-Fix-XML-parsing-of-the-remediation-functions-file.patch \
file://0002-Fixed-the-broken-fix-when-greedy-regex-ate-the-whole.patch \
file://0001-fix-deprecated-instance-of-element.getchildren.patch \
diff --git a/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.7.bb b/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.7.bb
index 95ba5c5..8fe62cf 100644
--- a/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.7.bb
+++ b/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.7.bb
@@ -3,7 +3,7 @@ LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=e73f0786a936da3814896df06ad225a9"

SRCREV = "f6dd8f55eab4910131ec6a6a570dcd7951bd10e4"
-SRC_URI = "git://github.com/stefanberger/libtpms.git;branch=stable-0.8"
+SRC_URI = "git://github.com/stefanberger/libtpms.git;branch=stable-0.8;protocol=https"

PE = "1"

diff --git a/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb b/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb
index 9ad8967..687ddac 100644
--- a/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb
+++ b/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb
@@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=11f0ee3af475c85b907426e285c9bb52"
DEPENDS += "openssl trousers"

SRC_URI = "\
- git://github.com/mgerstner/openssl_tpm_engine.git \
+ git://github.com/mgerstner/openssl_tpm_engine.git;branch=master;protocol=https \
file://0001-create-tpm-key-support-well-known-key-option.patch \
file://0002-libtpm-support-env-TPM_SRK_PW.patch \
file://0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch \
diff --git a/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb b/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb
index f8347b7..77f65ae 100644
--- a/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb
+++ b/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb
@@ -9,7 +9,7 @@ DEPENDS = "libtspi"
PV = "0.1+git${SRCPV}"
SRCREV = "c02ad8f628b3d99f6d4c087b402fe31a40ee6316"

-SRC_URI = "git://github.com/flihp/pcr-extend.git \
+SRC_URI = "git://github.com/flihp/pcr-extend.git;branch=master;protocol=https \
file://fix_openssl11_build.patch "

inherit autotools
diff --git a/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb b/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb
index c7fc131..63734b9 100644
--- a/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb
+++ b/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb
@@ -7,7 +7,7 @@ SECTION = "apps"
DEPENDS = "libtasn1 coreutils-native expect-native socat-native glib-2.0 net-tools-native libtpm json-glib"

SRCREV = "98187d24fe14851653a7c46eb16e9c5f0b9beaa1"
-SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.6 \
+SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.6;protocol=https \
file://ioctl_h.patch \
file://oe_configure.patch \
"
diff --git a/meta-tpm/recipes-tpm/tpm-quote-tools/tpm-quote-tools_1.0.4.bb b/meta-tpm/recipes-tpm/tpm-quote-tools/tpm-quote-tools_1.0.4.bb
index 53cf8ff..4672bba 100644
--- a/meta-tpm/recipes-tpm/tpm-quote-tools/tpm-quote-tools_1.0.4.bb
+++ b/meta-tpm/recipes-tpm/tpm-quote-tools/tpm-quote-tools_1.0.4.bb
@@ -15,7 +15,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=8ec30b01163d242ecf07d9cd84e3611f"

DEPENDS = "libtspi tpm-tools"

-SRC_URI = "git://git.code.sf.net/p/tpmquotetools/tpm-quote-tools"
+SRC_URI = "git://git.code.sf.net/p/tpmquotetools/tpm-quote-tools;branch=master"
SRCREV = "4511874d5c9b4504bb96e94f8a14bd6c39a36295"

S = "${WORKDIR}/git"
diff --git a/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb b/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb
index dbe1647..3b3da4f 100644
--- a/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb
+++ b/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb
@@ -14,7 +14,7 @@ DEPENDS:class-native = "trousers-native"

SRCREV = "bf43837575c5f7d31865562dce7778eae970052e"
SRC_URI = " \
- git://git.code.sf.net/p/trousers/tpm-tools \
+ git://git.code.sf.net/p/trousers/tpm-tools;branch=master \
file://tpm-tools-extendpcr.patch \
file://04-fix-FTBFS-clang.patch \
file://openssl1.1_fix.patch \
diff --git a/meta-tpm/recipes-tpm/trousers/trousers_git.bb b/meta-tpm/recipes-tpm/trousers/trousers_git.bb
index 5e03b71..192c66c 100644
--- a/meta-tpm/recipes-tpm/trousers/trousers_git.bb
+++ b/meta-tpm/recipes-tpm/trousers/trousers_git.bb
@@ -10,7 +10,7 @@ SRCREV = "94144b0a1dcef6e31845d6c319e9bd7357208eb9"
PV = "0.3.15+git${SRCPV}"

SRC_URI = " \
- git://git.code.sf.net/p/trousers/trousers \
+ git://git.code.sf.net/p/trousers/trousers;branch=master \
file://trousers.init.sh \
file://trousers-udev.rules \
file://tcsd.service \
diff --git a/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb b/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb
index b80ef79..1818171 100644
--- a/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb
@@ -13,7 +13,7 @@ DEPENDS = "autoconf-archive dbus glib-2.0 tpm2-tss glib-2.0-native \
libtss2 libtss2-mu libtss2-tcti-device libtss2-tcti-mssim"

SRC_URI = "\
- git://github.com/tpm2-software/tpm2-abrmd.git \
+ git://github.com/tpm2-software/tpm2-abrmd.git;branch=master;protocol=https \
file://tpm2-abrmd-init.sh \
file://tpm2-abrmd.default \
"
diff --git a/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.6.0.bb b/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.6.0.bb
index fdeda26..ef0c642 100644
--- a/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.6.0.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.6.0.bb
@@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=0fc19f620a102768d6dbd1e7166e78ab"

DEPENDS = "autoconf-archive pkgconfig dstat sqlite3 openssl libtss2-dev tpm2-tools libyaml p11-kit python3-setuptools-native"

-SRC_URI = "git://github.com/tpm2-software/tpm2-pkcs11.git;branch=master \
+SRC_URI = "git://github.com/tpm2-software/tpm2-pkcs11.git;branch=master;protocol=https \
file://bootstrap_fixup.patch \
file://0001-remove-local-binary-checkes.patch \
file://677.patch \
diff --git a/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb b/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb
index 47113d2..2bf1eed 100644
--- a/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb
@@ -4,7 +4,7 @@ LICENSE = "BSD-2-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da"
DEPENDS = "libtss2-dev libtss2-mu-dev gnu-efi-native gnu-efi pkgconfig autoconf-archive-native"

-SRC_URI = "git://github.com/tpm2-software/tpm2-tcti-uefi.git \
+SRC_URI = "git://github.com/tpm2-software/tpm2-tcti-uefi.git;branch=master;protocol=https \
file://configure_oe_fixup.patch \
file://0001-configure.ac-stop-inserting-host-directories-into-co.patch \
file://fix_header_file.patch \
diff --git a/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb b/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb
index dfebc07..d324e33 100644
--- a/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb
@@ -10,7 +10,7 @@ DEPENDS = "autoconf-archive libtss2-dev qrencode"
PE = "1"

SRCREV = "96a1448753a48974149003bc90ea3990ae8e8d0b"
-SRC_URI = "git://github.com/tpm2-software/tpm2-totp.git"
+SRC_URI = "git://github.com/tpm2-software/tpm2-totp.git;branch=master;protocol=https"

inherit autotools-brokensep pkgconfig

diff --git a/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb b/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb
index 3069b1f..4d1f425 100644
--- a/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb
@@ -9,7 +9,7 @@ SECTION = "security/tpm"
DEPENDS = "autoconf-archive-native bash-completion libtss2 libgcrypt openssl"

SRCREV = "6f387a4efe2049f1b4833e8f621c77231bc1eef4"
-SRC_URI = "git://github.com/tpm2-software/tpm2-tss-engine.git;branch=v1.1.x"
+SRC_URI = "git://github.com/tpm2-software/tpm2-tss-engine.git;branch=v1.1.x;protocol=https"

inherit autotools-brokensep pkgconfig systemd

diff --git a/recipes-ids/crowdsec/crowdsec_1.1.1.bb b/recipes-ids/crowdsec/crowdsec_1.1.1.bb
index 887c75d..81f2b8f 100644
--- a/recipes-ids/crowdsec/crowdsec_1.1.1.bb
+++ b/recipes-ids/crowdsec/crowdsec_1.1.1.bb
@@ -3,7 +3,7 @@ SUMMARY = "CrowdSec is a free, modern & collaborative behavior detection engine,
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://src/import/LICENSE;md5=105e75b680b2ab82fa5718661b41f3bf"

-SRC_URI = "git://github.com/crowdsecurity/crowdsec.git;branch=master"
+SRC_URI = "git://github.com/crowdsecurity/crowdsec.git;branch=master;protocol=https"
SRCREV = "73e0bbaf93070f4a640eb5a22212b5dcf26699de"

DEPENDS = "jq-native"
diff --git a/recipes-ids/ossec/ossec-hids_3.6.0.bb b/recipes-ids/ossec/ossec-hids_3.6.0.bb
index 309ca52..853facf 100644
--- a/recipes-ids/ossec/ossec-hids_3.6.0.bb
+++ b/recipes-ids/ossec/ossec-hids_3.6.0.bb
@@ -4,7 +4,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=d625d1520b5e38faefb81cf9772badc9"


DEPENDS = "openssl libpcre2 zlib libevent"
-SRC_URI = "git://github.com/ossec/ossec-hids;branch=master \
+SRC_URI = "git://github.com/ossec/ossec-hids;branch=master;protocol=https \
file://0001-Makefile-drop-running-scrips-install.patch \
file://0002-Makefile-don-t-set-uid-gid.patch \
"
diff --git a/recipes-ids/tripwire/tripwire_2.4.3.7.bb b/recipes-ids/tripwire/tripwire_2.4.3.7.bb
index 3a9bc1d..93cb443 100644
--- a/recipes-ids/tripwire/tripwire_2.4.3.7.bb
+++ b/recipes-ids/tripwire/tripwire_2.4.3.7.bb
@@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=1c069be8dbbe48e89b580ab4ed86c127"
SRCREV = "6e64a9e5b70a909ec439bc5a099e3fcf38c614b0"

SRC_URI = "\
- git://github.com/Tripwire/tripwire-open-source.git \
+ git://github.com/Tripwire/tripwire-open-source.git;branch=master;protocol=https \
file://tripwire.cron \
file://tripwire.sh \
file://tripwire.txt \
diff --git a/recipes-mac/smack/smack_1.3.1.bb b/recipes-mac/smack/smack_1.3.1.bb
index 6c2f041..79a8f5a 100644
--- a/recipes-mac/smack/smack_1.3.1.bb
+++ b/recipes-mac/smack/smack_1.3.1.bb
@@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c"

SRCREV = "4a102c7584b39ce693995ffb65e0918a9df98dd8"
SRC_URI = " \
- git://github.com/smack-team/smack.git \
+ git://github.com/smack-team/smack.git;branch=master;protocol=https \
file://smack_generator_make_fixup.patch \
file://run-ptest"

diff --git a/recipes-scanners/checksec/checksec_2.4.0.bb b/recipes-scanners/checksec/checksec_2.4.0.bb
index 12c9bce..9a6e44a 100644
--- a/recipes-scanners/checksec/checksec_2.4.0.bb
+++ b/recipes-scanners/checksec/checksec_2.4.0.bb
@@ -7,7 +7,7 @@ HOMEPAGE="https://github.com/slimm609/checksec.sh"
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=8d90285f711cf1f378e2c024457066d8"

SRCREV = "c3754e45e04f9104db93b2048afd094427102d48"
-SRC_URI = "git://github.com/slimm609/checksec.sh"
+SRC_URI = "git://github.com/slimm609/checksec.sh;branch=master;protocol=https"

S = "${WORKDIR}/git"

diff --git a/recipes-scanners/clamav/clamav_0.104.0.bb b/recipes-scanners/clamav/clamav_0.104.0.bb
index 25123dc..e59f5ff 100644
--- a/recipes-scanners/clamav/clamav_0.104.0.bb
+++ b/recipes-scanners/clamav/clamav_0.104.0.bb
@@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING.txt;beginline=2;endline=3;md5=f7029fbbc5898b2
# July 27th
SRCREV = "c389dfa4c3af92b006ada4f7595bbc3e6df3f356"

-SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=rel/0.104 \
+SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=rel/0.104;protocol=https \
file://clamd.conf \
file://freshclam.conf \
file://volatiles.03_clamav \
diff --git a/recipes-security/chipsec/chipsec_git.bb b/recipes-security/chipsec/chipsec_git.bb
index 3339dc1..e265a08 100644
--- a/recipes-security/chipsec/chipsec_git.bb
+++ b/recipes-security/chipsec/chipsec_git.bb
@@ -7,7 +7,7 @@ DESCRIPTION = "CHIPSEC is a framework for analyzing the security \
LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=bc2d1f9b427be5fb63f6af9da56f7c5d"

-SRC_URI = "git://github.com/chipsec/chipsec.git;branch=master \
+SRC_URI = "git://github.com/chipsec/chipsec.git;branch=master;protocol=https \
"

SRCREV = "b2a61684826dc8b9f622a844a40efea579cd7e7d"
diff --git a/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb b/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
index 627496f..fcf044a 100644
--- a/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
+++ b/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
@@ -10,7 +10,7 @@ LICENSE = "GPL-2.0"
LIC_FILES_CHKSUM = "file://COPYING;md5=ecabc31e90311da843753ba772885d9f"

SRCREV ="d6b884f3b72b8a42b21da863836569ef6836c2ea"
-SRC_URI = " git://github.com/fail2ban/fail2ban.git;branch=0.11 \
+SRC_URI = " git://github.com/fail2ban/fail2ban.git;branch=0.11;protocol=https \
file://initd \
file://run-ptest \
"
diff --git a/recipes-security/fscrypt/fscrypt_1.0.0.bb b/recipes-security/fscrypt/fscrypt_1.0.0.bb
index a70d310..66bf429 100644
--- a/recipes-security/fscrypt/fscrypt_1.0.0.bb
+++ b/recipes-security/fscrypt/fscrypt_1.0.0.bb
@@ -14,7 +14,7 @@ BBCLASSEXTEND = "native nativesdk"
DEPENDS += "go-dep-native libpam"

SRCREV = "92b1e9a8670ccd3916a7d24a06cab1e4c9815bc4"
-SRC_URI = "git://github.com/google/fscrypt.git"
+SRC_URI = "git://github.com/google/fscrypt.git;branch=master;protocol=https"
GO_IMPORT = "import"

S = "${WORKDIR}/git"
diff --git a/recipes-security/fscryptctl/fscryptctl_1.0.0.bb b/recipes-security/fscryptctl/fscryptctl_1.0.0.bb
index 26f549b..d319e48 100644
--- a/recipes-security/fscryptctl/fscryptctl_1.0.0.bb
+++ b/recipes-security/fscryptctl/fscryptctl_1.0.0.bb
@@ -10,7 +10,7 @@ LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"

SRCREV = "56b898c896240328adef7407090215abbe9ee03d"
-SRC_URI = "git://github.com/google/fscryptctl.git"
+SRC_URI = "git://github.com/google/fscryptctl.git;branch=master;protocol=https"

S = "${WORKDIR}/git"

diff --git a/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.08.bb b/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.08.bb
index 4ab8374..e8ddf29 100644
--- a/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.08.bb
+++ b/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.08.bb
@@ -3,7 +3,7 @@ HOME_PAGE = "https://github.com/google/google-authenticator-libpam"
LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
LICENSE = "Apache-2.0"

-SRC_URI = "git://github.com/google/google-authenticator-libpam.git"
+SRC_URI = "git://github.com/google/google-authenticator-libpam.git;branch=master;protocol=https"
SRCREV = "2c7415d950fb0b4a7f779f045910666447b100ef"

DEPENDS = "libpam"
diff --git a/recipes-security/libest/libest_3.2.0.bb b/recipes-security/libest/libest_3.2.0.bb
index fda2df4..31fbe3c 100644
--- a/recipes-security/libest/libest_3.2.0.bb
+++ b/recipes-security/libest/libest_3.2.0.bb
@@ -6,7 +6,7 @@ LICENSE = "OpenSSL"
LIC_FILES_CHKSUM = "file://LICENSE;md5=ecb78acde8e3b795de8ef6b61aed5885"

SRCREV = "4ca02c6d7540f2b1bcea278a4fbe373daac7103b"
-SRC_URI = "git://github.com/cisco/libest;branch=main"
+SRC_URI = "git://github.com/cisco/libest;branch=main;protocol=https"

DEPENDS = "openssl"

diff --git a/recipes-security/libmspack/libmspack_1.9.1.bb b/recipes-security/libmspack/libmspack_1.9.1.bb
index 8c288be..65db10f 100644
--- a/recipes-security/libmspack/libmspack_1.9.1.bb
+++ b/recipes-security/libmspack/libmspack_1.9.1.bb
@@ -7,7 +7,7 @@ DEPENDS = ""
LIC_FILES_CHKSUM = "file://COPYING.LIB;beginline=1;endline=2;md5=5b1fd1f66ef926b3c8a5bb00a72a28dd"

SRCREV = "63d3faf90423a4a6c174539a7d32111a840adadc"
-SRC_URI = "git://github.com/kyz/libmspack.git"
+SRC_URI = "git://github.com/kyz/libmspack.git;branch=master;protocol=https"

inherit autotools

diff --git a/recipes-security/ncrack/ncrack_0.7.bb b/recipes-security/ncrack/ncrack_0.7.bb
index 8b221e5..f151e4e 100644
--- a/recipes-security/ncrack/ncrack_0.7.bb
+++ b/recipes-security/ncrack/ncrack_0.7.bb
@@ -7,7 +7,7 @@ LICENSE = "GPL-2.0"
LIC_FILES_CHKSUM = "file://COPYING;beginline=7;endline=12;md5=66938a7e5b4c118eda78271de14874c2"

SRCREV = "dc570e7e3cec1fb176c0168eaedc723084bd0426"
-SRC_URI = "git://github.com/nmap/ncrack.git"
+SRC_URI = "git://github.com/nmap/ncrack.git;branch=master;protocol=https"

DEPENDS = "openssl zlib"

diff --git a/recipes-security/nikto/nikto_2.1.6.bb b/recipes-security/nikto/nikto_2.1.6.bb
index 242f3ac..8542d69 100644
--- a/recipes-security/nikto/nikto_2.1.6.bb
+++ b/recipes-security/nikto/nikto_2.1.6.bb
@@ -7,7 +7,7 @@ LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6"

SRCREV = "f1bbd1a8756c076c8fd4f4dd0bc34a8ef215ae79"
-SRC_URI = "git://github.com/sullo/nikto.git \
+SRC_URI = "git://github.com/sullo/nikto.git;branch=master;protocol=https \
file://location.patch"

S = "${WORKDIR}/git/program"
--
2.25.1


Re: building the kernel's usbipd daemon

chuck kamas
 

Well it turns out that following the Perf recipe was not only a good idea, but absolutely necessary. The perf recipe copies the code out of the work-shared kernel directory into the perf build directory. This avoids the error when bitbake thinks that the kernel code is not needed anymore and removes it.


Please see my version of the USBIP recipe below.


Question, how does one get this into the recipe database?


Again thanks for the help!

Chuck

SUMMARY = "USBip part of Linux kernel built in tools"
DESCRIPTION = " USB/IP protocol allows to pass USB device from server to \
client over the network. Server is a machine which provides (shares) a \
USB device. Client is a machine which uses USB device provided by server \
over the network. The USB device may be either physical device connected \
to a server or software entity created on a server using USB gadget subsystem."

LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
DEPENDS = "virtual/kernel libtool udev"
PROVIDES = "virtual/usbip-tools"

inherit linux-kernel-base kernel-arch kernelsrc manpages


do_populate_lic[depends] += "virtual/kernel:do_patch"
do_configure[depends] += "virtual/kernel:do_shared_workdir"

EXTRA_OEMAKE = "\
    -C ${S}/tools/usb/usbip \
    O=${B} \
    CROSS_COMPILE=${TARGET_PREFIX} \
    CROSS=${TARGET_PREFIX} \
    CC="${CC}" \
    CCLD="${CC}" \
    LD="${LD}" \
    AR="${AR}" \
    ARCH="${ARCH}" \
    TMPDIR="${B}" \
"

EXTRA_OEMAKE += "\
    'DESTDIR=${D}' \
    KERNEL_SRC=${STAGING_KERNEL_DIR} \
"

do_configure[depends] += "virtual/kernel:do_shared_workdir"

inherit autotools gettext

# stolen from autotools.bbclass

CONFIGUREOPTS = " --build=${BUILD_SYS} \
          --host=${HOST_SYS} \
          --target=${TARGET_SYS} \
          --prefix=${prefix} \
          --exec_prefix=${exec_prefix} \
          --bindir=${bindir} \
          --sbindir=${sbindir} \
          --libexecdir=${libexecdir} \
          --datadir=${datadir} \
          --sysconfdir=${sysconfdir} \
          --sharedstatedir=${sharedstatedir} \
          --localstatedir=${localstatedir} \
          --libdir=${libdir} \
          --includedir=${includedir} \
          --oldincludedir=${oldincludedir} \
          --infodir=${infodir} \
          --mandir=${mandir} \
          --disable-silent-rules \
          ${CONFIGUREOPT_DEPTRACK} \
          ${@append_libtool_sysroot(d)} \
"

do_configure_prepend () {
    cd ${S}/tools/usb/usbip
    ./cleanup.sh
    ./autogen.sh
    ./configure ${CONFIGUREOPTS} ${EXTRA_OECONF}
}

do_compile() {
    oe_runmake
}

do_install() {
    oe_runmake DESTDIR=${D} install
}

PACKAGE_ARCH = "${MACHINE_ARCH}"

python do_package_prepend() {
    d.setVar('PKGV', d.getVar("KERNEL_VERSION", True).split("-")[0])
}

B = "${WORKDIR}/${BPN}-${PV}"


Re: #golang Build tools required during go generate #golang

Bruce Ashfield
 

On Fri, Nov 5, 2021 at 3:18 PM Sebastian Rühl <sebastian@mapped.com> wrote:

Yep might be… For me that’s desirable as these a built-utils, it’s golang and I see no benefit in having them dynamically linked anyay. Any tips how to statically link these? As far as I understand the golang classes do dynamic linking by default. Btw. I’m using the backported 1.16 versions from hardknot but I don’t think that matters as our “main” application works just perfectly fine on the target hardware.



I tried:

GO_LINKSHARED = ""

export CGO_ENABLED = "0"
It varies based on the application, the ones I've dealt with, tend to
have a -static flag.

Of course, the flag may not be exposed, and in those scenarios, I
patch the Makefile/build.

If you have public repos, or a pointer to the source of the
applications, I could have a look to see if there's anything I can
specifically recommend.

Bruce




But it didn’t help ☹



Sebastian



Von: Bruce Ashfield <bruce.ashfield@gmail.com>
Datum: Freitag, 5. November 2021 um 20:07
An: Sebastian Rühl <sebastian@mapped.com>
Cc: Khem Raj <raj.khem@gmail.com>, yocto@lists.yoctoproject.org <yocto@lists.yoctoproject.org>
Betreff: Re: [yocto] #golang Build tools required during go generate

I'd bet it is a variant of this:

https://bugzilla.yoctoproject.org/show_bug.cgi?id=14386

Bruce

On Fri, Nov 5, 2021 at 2:58 PM Sebastian Rühl <sebastian@mapped.com> wrote:

Here some outputs:



Bitbake -c devshell target-recipe

sh-4.4# easyjson

Segmentation fault

sh-4.4# strace easyjson

execve("/workdir/build/tmp/work/aarch64-fslc-linux/datadog-agent/7.31.1-r0/recipe-sysroot-native/usr/bin/easyjson", ["easyjson"], 0x7ffc7e88d530 /* 138 vars */) = 0

brk(NULL) = 0x556083886000

arch_prctl(0x3001 /* ARCH_??? */, 0x7fffd54fcc80) = -1 EINVAL (Invalid argument)

--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x556083a1d000} ---

+++ killed by SIGSEGV +++

Segmentation fault

sh-4.4# file $(which easyjson)

/workdir/build/tmp/work/aarch64-fslc-linux/datadog-agent/7.31.1-r0/recipe-sysroot-native/usr/bin/easyjson: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/ld-linux-x86-64.so.2, stripped

sh-4.4# gdb $(which easyjson)

GNU gdb (Ubuntu 8.1.1-0ubuntu1) 8.1.1

Copyright (C) 2018 Free Software Foundation, Inc.

License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law. Type "show copying"

and "show warranty" for details.

This GDB was configured as "x86_64-linux-gnu".

Type "show configuration" for configuration details.

For bug reporting instructions, please see:

<http://www.gnu.org/software/gdb/bugs/>.

Find the GDB manual and other documentation resources online at:

<http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".

Type "apropos word" to search for commands related to "word"...

Reading symbols from /workdir/build/tmp/work/aarch64-fslc-linux/datadog-agent/7.31.1-r0/recipe-sysroot-native/usr/bin/easyjson...(no debugging symbols found)...done.

(gdb) run

Starting program: /workdir/build/tmp/work/aarch64-fslc-linux/datadog-agent/7.31.1-r0/recipe-sysroot-native/usr/bin/easyjson

warning: Error disabling address space randomization: Operation not permitted

BFD: warning: /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/ld-linux-x86-64.so.2: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010001

BFD: warning: /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/ld-linux-x86-64.so.2: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010002

BFD: warning: /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/.debug/ld-2.33.so: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010001

BFD: warning: /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/.debug/ld-2.33.so: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010002



Program received signal SIGSEGV, Segmentation fault.

0x00007fcfd962c2fa in strcmp () from /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/ld-linux-x86-64.so.2

(gdb)



Hope that helps….



Small background: Yocto on dunfell, build with poky docker image



Von: Khem Raj <raj.khem@gmail.com>
Datum: Freitag, 5. November 2021 um 18:29
An: Sebastian Rühl <sebastian@mapped.com>, yocto@lists.yoctoproject.org <yocto@lists.yoctoproject.org>
Betreff: Re: [yocto] #golang Build tools required during go generate



On 11/5/21 7:32 AM, sebastian@mapped.com wrote:
Hi yoto-devs/users,

in order to get a golang application to run which relies on `go
generate` calls I wrote special recipes for this tools and include them
in my original recipe. However I always get a segmentation fault.
In the tools (which happens to be based on golang too) I use [1] in the
recipes and in the recipe I want to use them I include them via [2].
However if for example enter the dev-shell or during build I get a
segmentation fault although the binary seems to be compiled for the
right architecture (host-amd64).
Is there something wrong I try to use that?
do you have stack trace ? that might give some more info on whats going on


Sebastian

[1]
inherit go-mod
BBCLASSEXTEND = "native"
[2]
DEPENDS += "random-go-tool-needed-by-recipe-native"






--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


Re: #golang Build tools required during go generate #golang

Sebastian Rühl
 

Yep might be… For me that’s desirable as these a built-utils, it’s golang and I see no benefit in having them dynamically linked anyay. Any tips how to statically link these? As far as I understand the golang classes do dynamic linking by default. Btw. I’m using the backported 1.16 versions from hardknot but I don’t think that matters as our “main” application works just perfectly fine on the target hardware.

 

I tried:

GO_LINKSHARED = ""

export CGO_ENABLED = "0"

 

But it didn’t help

 

Sebastian

 

Von: Bruce Ashfield <bruce.ashfield@...>
Datum: Freitag, 5. November 2021 um 20:07
An: Sebastian Rühl <sebastian@...>
Cc: Khem Raj <raj.khem@...>, yocto@... <yocto@...>
Betreff: Re: [yocto] #golang Build tools required during go generate

I'd bet it is a variant of this:

https://bugzilla.yoctoproject.org/show_bug.cgi?id=14386

Bruce

On Fri, Nov 5, 2021 at 2:58 PM Sebastian Rühl <sebastian@...> wrote:
>
> Here some outputs:
>
>
>
> Bitbake -c devshell target-recipe
>
> sh-4.4# easyjson
>
> Segmentation fault
>
> sh-4.4# strace easyjson
>
> execve("/workdir/build/tmp/work/aarch64-fslc-linux/datadog-agent/7.31.1-r0/recipe-sysroot-native/usr/bin/easyjson", ["easyjson"], 0x7ffc7e88d530 /* 138 vars */) = 0
>
> brk(NULL)                               = 0x556083886000
>
> arch_prctl(0x3001 /* ARCH_??? */, 0x7fffd54fcc80) = -1 EINVAL (Invalid argument)
>
> --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x556083a1d000} ---
>
> +++ killed by SIGSEGV +++
>
> Segmentation fault
>
> sh-4.4# file $(which easyjson)
>
> /workdir/build/tmp/work/aarch64-fslc-linux/datadog-agent/7.31.1-r0/recipe-sysroot-native/usr/bin/easyjson: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/ld-linux-x86-64.so.2, stripped
>
> sh-4.4# gdb $(which easyjson)
>
> GNU gdb (Ubuntu 8.1.1-0ubuntu1) 8.1.1
>
> Copyright (C) 2018 Free Software Foundation, Inc.
>
> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
>
> This is free software: you are free to change and redistribute it.
>
> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
>
> and "show warranty" for details.
>
> This GDB was configured as "x86_64-linux-gnu".
>
> Type "show configuration" for configuration details.
>
> For bug reporting instructions, please see:
>
> <http://www.gnu.org/software/gdb/bugs/>.
>
> Find the GDB manual and other documentation resources online at:
>
> <http://www.gnu.org/software/gdb/documentation/>.
>
> For help, type "help".
>
> Type "apropos word" to search for commands related to "word"...
>
> Reading symbols from /workdir/build/tmp/work/aarch64-fslc-linux/datadog-agent/7.31.1-r0/recipe-sysroot-native/usr/bin/easyjson...(no debugging symbols found)...done.
>
> (gdb) run
>
> Starting program: /workdir/build/tmp/work/aarch64-fslc-linux/datadog-agent/7.31.1-r0/recipe-sysroot-native/usr/bin/easyjson
>
> warning: Error disabling address space randomization: Operation not permitted
>
> BFD: warning: /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/ld-linux-x86-64.so.2: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010001
>
> BFD: warning: /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/ld-linux-x86-64.so.2: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010002
>
> BFD: warning: /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/.debug/ld-2.33.so: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010001
>
> BFD: warning: /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/.debug/ld-2.33.so: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010002
>
>
>
> Program received signal SIGSEGV, Segmentation fault.
>
> 0x00007fcfd962c2fa in strcmp () from /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/ld-linux-x86-64.so.2
>
> (gdb)
>
>
>
> Hope that helps….
>
>
>
> Small background: Yocto on dunfell, build with poky docker image
>
>
>
> Von: Khem Raj <raj.khem@...>
> Datum: Freitag, 5. November 2021 um 18:29
> An: Sebastian Rühl <sebastian@...>, yocto@... <yocto@...>
> Betreff: Re: [yocto] #golang Build tools required during go generate
>
>
>
> On 11/5/21 7:32 AM, sebastian@... wrote:
> > Hi yoto-devs/users,
> >
> > in order to get a golang application to run which relies on `go
> > generate` calls I wrote special recipes for this tools and include them
> > in my original recipe. However I always get a segmentation fault.
> > In the tools (which happens to be based on golang too) I use [1] in the
> > recipes and in the recipe I want to use them I include them via [2].
> > However if for example enter the dev-shell or during build I get a
> > segmentation fault although the binary seems to be compiled for the
> > right architecture (host-amd64).
> > Is there something wrong I try to use that?
>
> do you have stack trace ? that might give some more info on whats going on
>
> >
> > Sebastian
> >
> > [1]
> > inherit go-mod
> > BBCLASSEXTEND = "native"
> > [2]
> > DEPENDS += "random-go-tool-needed-by-recipe-native"
> >
> >
> >
> >
>
>
>
>


--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


Re: #golang Build tools required during go generate #golang

Bruce Ashfield
 

I'd bet it is a variant of this:

https://bugzilla.yoctoproject.org/show_bug.cgi?id=14386

Bruce

On Fri, Nov 5, 2021 at 2:58 PM Sebastian Rühl <sebastian@mapped.com> wrote:

Here some outputs:



Bitbake -c devshell target-recipe

sh-4.4# easyjson

Segmentation fault

sh-4.4# strace easyjson

execve("/workdir/build/tmp/work/aarch64-fslc-linux/datadog-agent/7.31.1-r0/recipe-sysroot-native/usr/bin/easyjson", ["easyjson"], 0x7ffc7e88d530 /* 138 vars */) = 0

brk(NULL) = 0x556083886000

arch_prctl(0x3001 /* ARCH_??? */, 0x7fffd54fcc80) = -1 EINVAL (Invalid argument)

--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x556083a1d000} ---

+++ killed by SIGSEGV +++

Segmentation fault

sh-4.4# file $(which easyjson)

/workdir/build/tmp/work/aarch64-fslc-linux/datadog-agent/7.31.1-r0/recipe-sysroot-native/usr/bin/easyjson: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/ld-linux-x86-64.so.2, stripped

sh-4.4# gdb $(which easyjson)

GNU gdb (Ubuntu 8.1.1-0ubuntu1) 8.1.1

Copyright (C) 2018 Free Software Foundation, Inc.

License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law. Type "show copying"

and "show warranty" for details.

This GDB was configured as "x86_64-linux-gnu".

Type "show configuration" for configuration details.

For bug reporting instructions, please see:

<http://www.gnu.org/software/gdb/bugs/>.

Find the GDB manual and other documentation resources online at:

<http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".

Type "apropos word" to search for commands related to "word"...

Reading symbols from /workdir/build/tmp/work/aarch64-fslc-linux/datadog-agent/7.31.1-r0/recipe-sysroot-native/usr/bin/easyjson...(no debugging symbols found)...done.

(gdb) run

Starting program: /workdir/build/tmp/work/aarch64-fslc-linux/datadog-agent/7.31.1-r0/recipe-sysroot-native/usr/bin/easyjson

warning: Error disabling address space randomization: Operation not permitted

BFD: warning: /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/ld-linux-x86-64.so.2: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010001

BFD: warning: /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/ld-linux-x86-64.so.2: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010002

BFD: warning: /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/.debug/ld-2.33.so: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010001

BFD: warning: /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/.debug/ld-2.33.so: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010002



Program received signal SIGSEGV, Segmentation fault.

0x00007fcfd962c2fa in strcmp () from /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/ld-linux-x86-64.so.2

(gdb)



Hope that helps….



Small background: Yocto on dunfell, build with poky docker image



Von: Khem Raj <raj.khem@gmail.com>
Datum: Freitag, 5. November 2021 um 18:29
An: Sebastian Rühl <sebastian@mapped.com>, yocto@lists.yoctoproject.org <yocto@lists.yoctoproject.org>
Betreff: Re: [yocto] #golang Build tools required during go generate



On 11/5/21 7:32 AM, sebastian@mapped.com wrote:
Hi yoto-devs/users,

in order to get a golang application to run which relies on `go
generate` calls I wrote special recipes for this tools and include them
in my original recipe. However I always get a segmentation fault.
In the tools (which happens to be based on golang too) I use [1] in the
recipes and in the recipe I want to use them I include them via [2].
However if for example enter the dev-shell or during build I get a
segmentation fault although the binary seems to be compiled for the
right architecture (host-amd64).
Is there something wrong I try to use that?
do you have stack trace ? that might give some more info on whats going on


Sebastian

[1]
inherit go-mod
BBCLASSEXTEND = "native"
[2]
DEPENDS += "random-go-tool-needed-by-recipe-native"





--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


Re: #golang Build tools required during go generate #golang

Sebastian Rühl
 

Here some outputs:

 

Bitbake -c devshell target-recipe

sh-4.4# easyjson

Segmentation fault

sh-4.4# strace easyjson

execve("/workdir/build/tmp/work/aarch64-fslc-linux/datadog-agent/7.31.1-r0/recipe-sysroot-native/usr/bin/easyjson", ["easyjson"], 0x7ffc7e88d530 /* 138 vars */) = 0

brk(NULL)                               = 0x556083886000

arch_prctl(0x3001 /* ARCH_??? */, 0x7fffd54fcc80) = -1 EINVAL (Invalid argument)

--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x556083a1d000} ---

+++ killed by SIGSEGV +++

Segmentation fault

sh-4.4# file $(which easyjson)

/workdir/build/tmp/work/aarch64-fslc-linux/datadog-agent/7.31.1-r0/recipe-sysroot-native/usr/bin/easyjson: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/ld-linux-x86-64.so.2, stripped

sh-4.4# gdb $(which easyjson)

GNU gdb (Ubuntu 8.1.1-0ubuntu1) 8.1.1

Copyright (C) 2018 Free Software Foundation, Inc.

License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.  Type "show copying"

and "show warranty" for details.

This GDB was configured as "x86_64-linux-gnu".

Type "show configuration" for configuration details.

For bug reporting instructions, please see:

<http://www.gnu.org/software/gdb/bugs/>.

Find the GDB manual and other documentation resources online at:

<http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".

Type "apropos word" to search for commands related to "word"...

Reading symbols from /workdir/build/tmp/work/aarch64-fslc-linux/datadog-agent/7.31.1-r0/recipe-sysroot-native/usr/bin/easyjson...(no debugging symbols found)...done.

(gdb) run

Starting program: /workdir/build/tmp/work/aarch64-fslc-linux/datadog-agent/7.31.1-r0/recipe-sysroot-native/usr/bin/easyjson

warning: Error disabling address space randomization: Operation not permitted

BFD: warning: /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/ld-linux-x86-64.so.2: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010001

BFD: warning: /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/ld-linux-x86-64.so.2: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010002

BFD: warning: /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/.debug/ld-2.33.so: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010001

BFD: warning: /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/.debug/ld-2.33.so: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010002

 

Program received signal SIGSEGV, Segmentation fault.

0x00007fcfd962c2fa in strcmp () from /workdir/build/tmp/sysroots-uninative/x86_64-linux/lib/ld-linux-x86-64.so.2

(gdb)

 

Hope that helps….

 

Small background: Yocto on dunfell, build with poky docker image

 

Von: Khem Raj <raj.khem@...>
Datum: Freitag, 5. November 2021 um 18:29
An: Sebastian Rühl <sebastian@...>, yocto@... <yocto@...>
Betreff: Re: [yocto] #golang Build tools required during go generate



On 11/5/21 7:32 AM, sebastian@... wrote:
> Hi yoto-devs/users,
>
> in order to get a golang application to run which relies on `go
> generate` calls I wrote special recipes for this tools and include them
> in my original recipe. However I always get a segmentation fault.
> In the tools (which happens to be based on golang too) I use [1] in the
> recipes and in the recipe I want to use them I include them via [2].
> However if for example enter the dev-shell or during build I get a
> segmentation fault although the binary seems to be compiled for the
> right architecture (host-amd64).
> Is there something wrong I try to use that?

do you have stack trace ? that might give some more info on whats going on

>
> Sebastian
>
> [1]
> inherit go-mod
> BBCLASSEXTEND = "native"
> [2]
> DEPENDS += "random-go-tool-needed-by-recipe-native"
>
>
>
>


WG: [yocto] #golang Build tools required during go generate #golang

Sebastian Rühl
 

There is literaly no stacktrace just a segmentation fault pretty early in the execution (like 3rd instruction or something). I will send more outputs as soon as my dual-core has finished compiling stuff again :/

 

Von: Khem Raj <raj.khem@...>
Datum: Freitag, 5. November 2021 um 18:29
An: Sebastian Rühl <sebastian@...>, yocto@... <yocto@...>
Betreff: Re: [yocto] #golang Build tools required during go generate



On 11/5/21 7:32 AM, sebastian@... wrote:
> Hi yoto-devs/users,
>
> in order to get a golang application to run which relies on `go
> generate` calls I wrote special recipes for this tools and include them
> in my original recipe. However I always get a segmentation fault.
> In the tools (which happens to be based on golang too) I use [1] in the
> recipes and in the recipe I want to use them I include them via [2].
> However if for example enter the dev-shell or during build I get a
> segmentation fault although the binary seems to be compiled for the
> right architecture (host-amd64).
> Is there something wrong I try to use that?

do you have stack trace ? that might give some more info on whats going on

>
> Sebastian
>
> [1]
> inherit go-mod
> BBCLASSEXTEND = "native"
> [2]
> DEPENDS += "random-go-tool-needed-by-recipe-native"
>
>
>
>


Re: [meta-cgl][PATCH] recipes: update SRC_URI branch and protocols

Jeremy Puhlman
 

Merged.

On 11/5/2021 2:06 AM, Yi Zhao wrote:
Update SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
meta-cgl-common/recipes-cgl/cluster-glue/cluster-glue_1.0.12.bb | 2 +-
.../cluster-resource-agents/resource-agents_4.5.0.bb | 2 +-
meta-cgl-common/recipes-cgl/crmsh/crmsh_4.3.1.bb | 2 +-
meta-cgl-common/recipes-cgl/ocfs2-tools/ocfs2-tools_1.8.6.bb | 2 +-
meta-cgl-common/recipes-cgl/pacemaker/pacemaker_2.0.5.bb | 2 +-
meta-cgl-common/recipes-cgl/racoon2/racoon2_202003018.bb | 2 +-
6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/meta-cgl-common/recipes-cgl/cluster-glue/cluster-glue_1.0.12.bb b/meta-cgl-common/recipes-cgl/cluster-glue/cluster-glue_1.0.12.bb
index 9221f06..acd3149 100644
--- a/meta-cgl-common/recipes-cgl/cluster-glue/cluster-glue_1.0.12.bb
+++ b/meta-cgl-common/recipes-cgl/cluster-glue/cluster-glue_1.0.12.bb
@@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b70d30a00a451e19d7449d7465d02601 \
DEPENDS = "libxml2 libtool glib-2.0 bzip2 util-linux net-snmp openhpi"
SRC_URI = " \
- git://github.com/ClusterLabs/${BPN}.git \
+ git://github.com/ClusterLabs/${BPN}.git;branch=master;protocol=https \
file://0001-don-t-compile-doc-and-Error-Fix.patch \
file://0001-ribcl.py.in-Warning-Fix.patch \
file://0001-Update-for-python3.patch \
diff --git a/meta-cgl-common/recipes-cgl/cluster-resource-agents/resource-agents_4.5.0.bb b/meta-cgl-common/recipes-cgl/cluster-resource-agents/resource-agents_4.5.0.bb
index bd906b2..261681c 100644
--- a/meta-cgl-common/recipes-cgl/cluster-resource-agents/resource-agents_4.5.0.bb
+++ b/meta-cgl-common/recipes-cgl/cluster-resource-agents/resource-agents_4.5.0.bb
@@ -14,7 +14,7 @@ LICENSE:${PN}-extra = "GPLv3"
LICENSE:${PN}-extra-dbg = "GPLv3"
LICENSE:ldirectord = "GPLv2+"
-SRC_URI = "git://github.com/ClusterLabs/resource-agents \
+SRC_URI = "git://github.com/ClusterLabs/resource-agents;branch=master;protocol=https \
file://01-disable-doc-build.patch \
file://02-set-OCF_ROOT_DIR-to-libdir-ocf.patch \
file://03-fix-header-defs-lookup.patch \
diff --git a/meta-cgl-common/recipes-cgl/crmsh/crmsh_4.3.1.bb b/meta-cgl-common/recipes-cgl/crmsh/crmsh_4.3.1.bb
index 531a053..43393d8 100644
--- a/meta-cgl-common/recipes-cgl/crmsh/crmsh_4.3.1.bb
+++ b/meta-cgl-common/recipes-cgl/crmsh/crmsh_4.3.1.bb
@@ -13,7 +13,7 @@ DEPENDS = "asciidoc-native \
RDEPENDS:${PN} = "pacemaker python3-lxml python3-parallax gawk bash python3-doctest"
S = "${WORKDIR}/git"
-SRC_URI = "git://github.com/ClusterLabs/${BPN}.git \
+SRC_URI = "git://github.com/ClusterLabs/${BPN}.git;branch=master;protocol=https \
file://tweaks_for_build.patch \
file://0001-orderedset.py-fix-deprecation-on-collections.Mutable.patch \
"
diff --git a/meta-cgl-common/recipes-cgl/ocfs2-tools/ocfs2-tools_1.8.6.bb b/meta-cgl-common/recipes-cgl/ocfs2-tools/ocfs2-tools_1.8.6.bb
index fa38006..7c32c54 100644
--- a/meta-cgl-common/recipes-cgl/ocfs2-tools/ocfs2-tools_1.8.6.bb
+++ b/meta-cgl-common/recipes-cgl/ocfs2-tools/ocfs2-tools_1.8.6.bb
@@ -12,7 +12,7 @@ SECTION = "System Environment/Base"
LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=8ef380476f642c20ebf40fecb0add2ec"
-SRC_URI = "git://github.com/markfasheh/ocfs2-tools \
+SRC_URI = "git://github.com/markfasheh/ocfs2-tools;branch=master;protocol=https \
file://0003-vendor-common-o2cb.ocf-add-new-conf-file.patch \
file://ocfs2-tools-1.8.5-format-fortify.patch \
file://no-redhat.patch \
diff --git a/meta-cgl-common/recipes-cgl/pacemaker/pacemaker_2.0.5.bb b/meta-cgl-common/recipes-cgl/pacemaker/pacemaker_2.0.5.bb
index c86c282..006ed9b 100644
--- a/meta-cgl-common/recipes-cgl/pacemaker/pacemaker_2.0.5.bb
+++ b/meta-cgl-common/recipes-cgl/pacemaker/pacemaker_2.0.5.bb
@@ -13,7 +13,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=000212f361a81b100d9d0f0435040663"
DEPENDS = "corosync libxslt libxml2 gnutls resource-agents libqb python3-native"
-SRC_URI = "git://github.com/ClusterLabs/${BPN}.git \
+SRC_URI = "git://github.com/ClusterLabs/${BPN}.git;branch=master;protocol=https \
file://0001-Fix-python3-usage.patch \
file://0001-pacemaker-set-OCF_ROOT_DIR-to-libdir-ocf.patch \
file://volatiles \
diff --git a/meta-cgl-common/recipes-cgl/racoon2/racoon2_202003018.bb b/meta-cgl-common/recipes-cgl/racoon2/racoon2_202003018.bb
index 4c7c080..0388afe 100644
--- a/meta-cgl-common/recipes-cgl/racoon2/racoon2_202003018.bb
+++ b/meta-cgl-common/recipes-cgl/racoon2/racoon2_202003018.bb
@@ -13,7 +13,7 @@ RDEPENDS:${PN} += "perl"
LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=99a60756441098855c538fe86f859afe"
-SRC_URI = "git://github.com/zoulasc/racoon2 \
+SRC_URI = "git://github.com/zoulasc/racoon2;branch=master;protocol=https \
file://0001-Add-DESTDIR-to-install-commands.patch \
file://0002-Enable-turning-of-kinkd-and-iked.patch \
file://0003-Replace-perl_bindir-with-usr-bin-env-perl.patch \


Re: #golang Build tools required during go generate #golang

Khem Raj
 

On 11/5/21 7:32 AM, sebastian@mapped.com wrote:
Hi yoto-devs/users,
in order to get a golang application to run which relies on `go generate` calls I wrote special recipes for this tools and include them in my original recipe. However I always get a segmentation fault.
In the tools (which happens to be based on golang too) I use [1] in the recipes and in the recipe I want to use them I include them via [2].
However if for example enter the dev-shell or during build I get a segmentation fault although the binary seems to be compiled for the right architecture (host-amd64).
Is there something wrong I try to use that?
do you have stack trace ? that might give some more info on whats going on

Sebastian
[1]
inherit go-mod
BBCLASSEXTEND = "native"
[2]
DEPENDS += "random-go-tool-needed-by-recipe-native"


[meta-selinux][PATCH] libselinux: mount selinuxfs with noexec

Maximilian Blenk
 

Ensure that selinuxfs is mounted using the noxec and nosuid flags.
The current master branch of meta-selinux already contains this commit.

Change-Id: I38cba8ad0da17286f8b722c24717da5990ac1ee8
Upstream-Status: Backport [https://github.com/SELinuxProject/selinux/commit/7eaea214a0a5d9e3fb517152ac6162449ed3ef40]
---
...ux-mount-selinuxfs-noexec-and-nosuid.patch | 36 +++++++++++++++++++
recipes-security/selinux/libselinux_3.0.bb | 1 +
2 files changed, 37 insertions(+)
create mode 100644 recipes-security/selinux/libselinux/0001-libselinux-mount-selinuxfs-noexec-and-nosuid.patch

Hi there,

this commit backports a patch of libselinux that ensures that the
selinuxfs is mounted using the noexec and nosuid flag. Thought you guys
might also be interested in backporting this one.

BR Max


diff --git a/recipes-security/selinux/libselinux/0001-libselinux-mount-selinuxfs-noexec-and-nosuid.patch b/recipes-security/selinux/libselinux/0001-libselinux-mount-selinuxfs-noexec-and-nosuid.patch
new file mode 100644
index 0000000..2de9573
--- /dev/null
+++ b/recipes-security/selinux/libselinux/0001-libselinux-mount-selinuxfs-noexec-and-nosuid.patch
@@ -0,0 +1,36 @@
+From a94f3791ddd3155dde94ed48ffd1566fbe8bf4e2 Mon Sep 17 00:00:00 2001
+From: Topi Miettinen <toiwoton@gmail.com>
+Date: Tue, 28 Apr 2020 14:11:42 +0300
+Subject: [PATCH] libselinux: mount selinuxfs noexec and nosuid
+
+Mount selinuxfs with mount flags noexec and nosuid. It's not likely
+that this has any effect, but it's visually more pleasing.
+
+Option nodev can't be used because of /sys/fs/selinux/null device,
+which is used by Android.
+
+Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
+Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
+---
+ libselinux/src/load_policy.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+Upstream-Status: Backport [git https://github.com/SELinuxProject/selinux/commit/7eaea214a0a5d9e3fb517152ac6162449ed3ef40]
+
+diff --git a/src/load_policy.c b/src/load_policy.c
+index 9e75292d..ccf73c95 100644
+--- a/src/load_policy.c
++++ b/src/load_policy.c
+@@ -281,7 +281,8 @@ int selinux_init_load_policy(int *enforce)
+ const char *mntpoint = NULL;
+ /* First make sure /sys is mounted */
+ if (mount("sysfs", "/sys", "sysfs", 0, 0) == 0 || errno == EBUSY) {
+- if (mount(SELINUXFS, SELINUXMNT, SELINUXFS, 0, 0) == 0 || errno == EBUSY) {
++ /* MS_NODEV can't be set because of /sys/fs/selinux/null device, used by Android */
++ if (mount(SELINUXFS, SELINUXMNT, SELINUXFS, MS_NOEXEC | MS_NOSUID, 0) == 0 || errno == EBUSY) {
+ mntpoint = SELINUXMNT;
+ } else {
+ /* check old mountpoint */
+--
+2.33.0
+
diff --git a/recipes-security/selinux/libselinux_3.0.bb b/recipes-security/selinux/libselinux_3.0.bb
index 4a60962..40defcd 100644
--- a/recipes-security/selinux/libselinux_3.0.bb
+++ b/recipes-security/selinux/libselinux_3.0.bb
@@ -13,4 +13,5 @@ SRC_URI += "\
file://libselinux-define-FD_CLOEXEC-as-necessary.patch \
file://0001-Fix-building-against-musl-and-uClibc-libc-libraries.patch \
file://0001-Fix-NULL-pointer-use-in-selinux_restorecon_set_sehandle.patch \
+ file://0001-libselinux-mount-selinuxfs-noexec-and-nosuid.patch \
"
--
2.33.0


#golang Build tools required during go generate #golang

Sebastian Rühl
 

Hi yoto-devs/users,

in order to get a golang application to run which relies on `go generate` calls I wrote special recipes for this tools and include them in my original recipe. However I always get a segmentation fault.
In the tools (which happens to be based on golang too) I use [1] in the recipes and in the recipe I want to use them I include them via [2].
However if for example enter the dev-shell or during build I get a segmentation fault although the binary seems to be compiled for the right architecture (host-amd64).
Is there something wrong I try to use that?

Sebastian

[1]
inherit go-mod
BBCLASSEXTEND = "native"
[2]
DEPENDS += "random-go-tool-needed-by-recipe-native"


[meta-security][PATCH 3/3] python3-fail2ban: remove /run

Armin Kuster
 

Fixes:

ERROR: python3-fail2ban-0.11.2-r0 do_package_qa: QA Issue: python3-fail2ban installs files in /run, but it is expected to be empty [empty-dirs]

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
recipes-security/fail2ban/python3-fail2ban_0.11.2.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb b/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
index fcf044a..4e344c8 100644
--- a/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
+++ b/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
@@ -30,6 +30,7 @@ do_install:append () {
install -d ${D}/${sysconfdir}/init.d
install -m 0755 ${WORKDIR}/initd ${D}${sysconfdir}/init.d/fail2ban-server
chown -R root:root ${D}/${bindir}
+ rm -rf ${D}/run
}

do_install_ptest:append () {
@@ -40,7 +41,6 @@ do_install_ptest:append () {
rm -f ${D}${PTEST_PATH}/bin/fail2ban-python
}

-FILES:${PN} += "/run"

INITSCRIPT_PACKAGES = "${PN}"
INITSCRIPT_NAME = "fail2ban-server"
--
2.25.1


[meta-security][PATCH 2/3] bastille: Create /var/log/Bastille in runtime

Armin Kuster
 

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
recipes-security/bastille/bastille_3.2.1.bb | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/recipes-security/bastille/bastille_3.2.1.bb b/recipes-security/bastille/bastille_3.2.1.bb
index 72281c5..2d82983 100644
--- a/recipes-security/bastille/bastille_3.2.1.bb
+++ b/recipes-security/bastille/bastille_3.2.1.bb
@@ -48,7 +48,6 @@ do_install () {
install -d ${D}${datadir}/Bastille/OSMap/Modules
install -d ${D}${datadir}/Bastille/Questions
install -d ${D}${datadir}/Bastille/FKL/configs/
- install -d ${D}${localstatedir}/log/Bastille
install -d ${D}${sysconfdir}/Bastille
install -m 0755 AutomatedBastille ${D}${sbindir}
install -m 0755 BastilleBackEnd ${D}${sbindir}
@@ -148,6 +147,20 @@ do_install () {
${THISDIR}/files/set_required_questions.py ${D}${sysconfdir}/Bastille/config ${D}${datadir}/Bastille/Questions

ln -s RevertBastille ${D}${sbindir}/UndoBastille
+
+ # Create /var/log/Bastille in runtime.
+ if [ "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" ]; then
+ install -d ${D}${nonarch_libdir}/tmpfiles.d
+ echo "d ${localstatedir}/log/Bastille - - - -" > ${D}${nonarch_libdir}/tmpfiles.d/Bastille.conf
+ fi
+ if [ "${@bb.utils.filter('DISTRO_FEATURES', 'sysvinit', d)}" ]; then
+ install -d ${D}${sysconfdir}/default/volatiles
+ echo "d root root 0755 ${localstatedir}/log/Bastille none" > ${D}${sysconfdir}/default/volatiles/99_Bastille
+ fi
}

-FILES:${PN} += "${datadir}/Bastille ${libdir}/Bastille ${libdir}/perl* ${sysconfdir}/*"
+FILES:${PN} += "${datadir}/Bastille \
+ ${libdir}/Bastille \
+ ${libdir}/perl* \
+ ${sysconfdir}/* \
+ ${nonarch_libdir}/tmpfiles.d"
--
2.25.1


[meta-security][PATCH 1/3] sssd: Create /var/log/sssd in runtime

Armin Kuster
 

/var/log is normally a link to /var/volatile/log and /var/volatile is a
tmpfs mount. So anything created in /var/log will not be available when
the tmpfs is mounted.

[Thanks to Peter Kjellerstedt for example]

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
recipes-security/sssd/sssd_2.5.2.bb | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/recipes-security/sssd/sssd_2.5.2.bb b/recipes-security/sssd/sssd_2.5.2.bb
index ed8af5e..8bc8787 100644
--- a/recipes-security/sssd/sssd_2.5.2.bb
+++ b/recipes-security/sssd/sssd_2.5.2.bb
@@ -86,13 +86,23 @@ do_install () {
rmdir --ignore-fail-on-non-empty "${D}/${bindir}"
install -d ${D}/${sysconfdir}/${BPN}
install -m 600 ${WORKDIR}/${BPN}.conf ${D}/${sysconfdir}/${BPN}
- install -D -m 644 ${WORKDIR}/volatiles.99_sssd ${D}/${sysconfdir}/default/volatiles/99_sssd
+
+ # /var/log/sssd needs to be created in runtime. Use rmdir to catch if
+ # upstream stops creating /var/log/sssd, or adds something else in
+ # /var/log.
+ rmdir ${D}${localstatedir}/log/${BPN} ${D}${localstatedir}/log
+ rmdir --ignore-fail-on-non-empty ${D}${localstatedir}

if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
install -d ${D}${sysconfdir}/tmpfiles.d
echo "d /var/log/sssd 0750 - - - -" > ${D}${sysconfdir}/tmpfiles.d/sss.conf
fi

+ if [ "${@bb.utils.filter('DISTRO_FEATURES', 'sysvinit', d)}" ]; then
+ install -d ${D}${sysconfdir}/default/volatiles
+ echo "d ${SSSD_UID}:${SSSD_GID} 0755 ${localstatedir}/log/${BPN} none" > ${D}${sysconfdir}/default/volatiles/99_${BPN}
+ fi
+
# Remove /run as it is created on startup
rm -rf ${D}/run

@@ -106,6 +116,8 @@ fi
chown ${SSSD_UID}:${SSSD_GID} ${sysconfdir}/${BPN}/${BPN}.conf
}

+FILES:${PN} += "${nonarch_libdir}/tmpfiles.d"
+
CONFFILES:${PN} = "${sysconfdir}/${BPN}/${BPN}.conf"

INITSCRIPT_NAME = "sssd"
--
2.25.1


QA notification for completed autobuilder build (yocto-3.3.4.rc1)

Richard Purdie
 

A build flagged for QA (yocto-3.3.4.rc1) was completed on the autobuilder and is
available at:


https://autobuilder.yocto.io/pub/releases/yocto-3.3.4.rc1


Build hash information:

bitbake: 0fe1a9e2d2e33f80d807cefc7a23df4a5f760c74
meta-agl: d997986f27e239400cf01e0cdef942cee278ea66
meta-arm: 71686ac05c34e53950268bfe0d52c3624e78c190
meta-aws: cad1c714434fe0adc566006e1e1626b4657bcf40
meta-gplv2: 9e119f333cc8f53bd3cf64326f826dbc6ce3db0f
meta-intel: 76495b60dd915846d2f84d03b9c9cfbb548e9dc0
meta-mingw: 422b96cb2b6116442be1f40dfb5bd77447d1219e
meta-openembedded: d378e4293d18e374f5d1494a88bfc3caee4d02df
oecore: 0ca080a23c2770a15138f702d4c879bbd90ca360
poky: c40ac16d79026169639f47be76a3f7b9d8b5178e



This is an automated message from the Yocto Project Autobuilder
Git: git://git.yoctoproject.org/yocto-autobuilder2
Email: richard.purdie@linuxfoundation.org


[meta-cgl][PATCH] recipes: update SRC_URI branch and protocols

Yi Zhao
 

Update SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
meta-cgl-common/recipes-cgl/cluster-glue/cluster-glue_1.0.12.bb | 2 +-
.../cluster-resource-agents/resource-agents_4.5.0.bb | 2 +-
meta-cgl-common/recipes-cgl/crmsh/crmsh_4.3.1.bb | 2 +-
meta-cgl-common/recipes-cgl/ocfs2-tools/ocfs2-tools_1.8.6.bb | 2 +-
meta-cgl-common/recipes-cgl/pacemaker/pacemaker_2.0.5.bb | 2 +-
meta-cgl-common/recipes-cgl/racoon2/racoon2_202003018.bb | 2 +-
6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/meta-cgl-common/recipes-cgl/cluster-glue/cluster-glue_1.0.12.bb b/meta-cgl-common/recipes-cgl/cluster-glue/cluster-glue_1.0.12.bb
index 9221f06..acd3149 100644
--- a/meta-cgl-common/recipes-cgl/cluster-glue/cluster-glue_1.0.12.bb
+++ b/meta-cgl-common/recipes-cgl/cluster-glue/cluster-glue_1.0.12.bb
@@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b70d30a00a451e19d7449d7465d02601 \
DEPENDS = "libxml2 libtool glib-2.0 bzip2 util-linux net-snmp openhpi"

SRC_URI = " \
- git://github.com/ClusterLabs/${BPN}.git \
+ git://github.com/ClusterLabs/${BPN}.git;branch=master;protocol=https \
file://0001-don-t-compile-doc-and-Error-Fix.patch \
file://0001-ribcl.py.in-Warning-Fix.patch \
file://0001-Update-for-python3.patch \
diff --git a/meta-cgl-common/recipes-cgl/cluster-resource-agents/resource-agents_4.5.0.bb b/meta-cgl-common/recipes-cgl/cluster-resource-agents/resource-agents_4.5.0.bb
index bd906b2..261681c 100644
--- a/meta-cgl-common/recipes-cgl/cluster-resource-agents/resource-agents_4.5.0.bb
+++ b/meta-cgl-common/recipes-cgl/cluster-resource-agents/resource-agents_4.5.0.bb
@@ -14,7 +14,7 @@ LICENSE:${PN}-extra = "GPLv3"
LICENSE:${PN}-extra-dbg = "GPLv3"
LICENSE:ldirectord = "GPLv2+"

-SRC_URI = "git://github.com/ClusterLabs/resource-agents \
+SRC_URI = "git://github.com/ClusterLabs/resource-agents;branch=master;protocol=https \
file://01-disable-doc-build.patch \
file://02-set-OCF_ROOT_DIR-to-libdir-ocf.patch \
file://03-fix-header-defs-lookup.patch \
diff --git a/meta-cgl-common/recipes-cgl/crmsh/crmsh_4.3.1.bb b/meta-cgl-common/recipes-cgl/crmsh/crmsh_4.3.1.bb
index 531a053..43393d8 100644
--- a/meta-cgl-common/recipes-cgl/crmsh/crmsh_4.3.1.bb
+++ b/meta-cgl-common/recipes-cgl/crmsh/crmsh_4.3.1.bb
@@ -13,7 +13,7 @@ DEPENDS = "asciidoc-native \
RDEPENDS:${PN} = "pacemaker python3-lxml python3-parallax gawk bash python3-doctest"

S = "${WORKDIR}/git"
-SRC_URI = "git://github.com/ClusterLabs/${BPN}.git \
+SRC_URI = "git://github.com/ClusterLabs/${BPN}.git;branch=master;protocol=https \
file://tweaks_for_build.patch \
file://0001-orderedset.py-fix-deprecation-on-collections.Mutable.patch \
"
diff --git a/meta-cgl-common/recipes-cgl/ocfs2-tools/ocfs2-tools_1.8.6.bb b/meta-cgl-common/recipes-cgl/ocfs2-tools/ocfs2-tools_1.8.6.bb
index fa38006..7c32c54 100644
--- a/meta-cgl-common/recipes-cgl/ocfs2-tools/ocfs2-tools_1.8.6.bb
+++ b/meta-cgl-common/recipes-cgl/ocfs2-tools/ocfs2-tools_1.8.6.bb
@@ -12,7 +12,7 @@ SECTION = "System Environment/Base"
LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=8ef380476f642c20ebf40fecb0add2ec"

-SRC_URI = "git://github.com/markfasheh/ocfs2-tools \
+SRC_URI = "git://github.com/markfasheh/ocfs2-tools;branch=master;protocol=https \
file://0003-vendor-common-o2cb.ocf-add-new-conf-file.patch \
file://ocfs2-tools-1.8.5-format-fortify.patch \
file://no-redhat.patch \
diff --git a/meta-cgl-common/recipes-cgl/pacemaker/pacemaker_2.0.5.bb b/meta-cgl-common/recipes-cgl/pacemaker/pacemaker_2.0.5.bb
index c86c282..006ed9b 100644
--- a/meta-cgl-common/recipes-cgl/pacemaker/pacemaker_2.0.5.bb
+++ b/meta-cgl-common/recipes-cgl/pacemaker/pacemaker_2.0.5.bb
@@ -13,7 +13,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=000212f361a81b100d9d0f0435040663"

DEPENDS = "corosync libxslt libxml2 gnutls resource-agents libqb python3-native"

-SRC_URI = "git://github.com/ClusterLabs/${BPN}.git \
+SRC_URI = "git://github.com/ClusterLabs/${BPN}.git;branch=master;protocol=https \
file://0001-Fix-python3-usage.patch \
file://0001-pacemaker-set-OCF_ROOT_DIR-to-libdir-ocf.patch \
file://volatiles \
diff --git a/meta-cgl-common/recipes-cgl/racoon2/racoon2_202003018.bb b/meta-cgl-common/recipes-cgl/racoon2/racoon2_202003018.bb
index 4c7c080..0388afe 100644
--- a/meta-cgl-common/recipes-cgl/racoon2/racoon2_202003018.bb
+++ b/meta-cgl-common/recipes-cgl/racoon2/racoon2_202003018.bb
@@ -13,7 +13,7 @@ RDEPENDS:${PN} += "perl"
LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=99a60756441098855c538fe86f859afe"

-SRC_URI = "git://github.com/zoulasc/racoon2 \
+SRC_URI = "git://github.com/zoulasc/racoon2;branch=master;protocol=https \
file://0001-Add-DESTDIR-to-install-commands.patch \
file://0002-Enable-turning-of-kinkd-and-iked.patch \
file://0003-Replace-perl_bindir-with-usr-bin-env-perl.patch \
--
2.25.1


[meta-selinux][PATCH 2/2] bind: remove volatile file

Yi Zhao
 

This file is not needed anymore as bind daemon will create them by
itself.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
recipes-connectivity/bind/bind_selinux.inc | 7 -------
recipes-connectivity/bind/files/volatiles.04_bind | 4 ----
2 files changed, 11 deletions(-)
delete mode 100644 recipes-connectivity/bind/files/volatiles.04_bind

diff --git a/recipes-connectivity/bind/bind_selinux.inc b/recipes-connectivity/bind/bind_selinux.inc
index aa11005..948a377 100644
--- a/recipes-connectivity/bind/bind_selinux.inc
+++ b/recipes-connectivity/bind/bind_selinux.inc
@@ -1,11 +1,4 @@
-FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
-
-SRC_URI += "file://volatiles.04_bind"
-
do_install:append() {
- install -d ${D}${sysconfdir}/default/volatiles
- install -m 0644 ${WORKDIR}/volatiles.04_bind ${D}${sysconfdir}/default/volatiles/04_bind
-
sed -i '/^\s*\/usr\/sbin\/rndc-confgen/a\
[ -x /sbin/restorecon ] && /sbin/restorecon -F /etc/bind/rndc.key' ${D}${sysconfdir}/init.d/bind
}
diff --git a/recipes-connectivity/bind/files/volatiles.04_bind b/recipes-connectivity/bind/files/volatiles.04_bind
deleted file mode 100644
index c6a8151..0000000
--- a/recipes-connectivity/bind/files/volatiles.04_bind
+++ /dev/null
@@ -1,4 +0,0 @@
-# <type> <owner> <group> <mode> <path> <linksource>
-d root root 0755 /var/run/named none
-d root root 0755 /var/run/bind/run none
-d root root 0755 /var/cache/bind none
--
2.25.1


[meta-selinux][PATCH 1/2] recipes: update SRC_URI branch and protocols

Yi Zhao
 

Update SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
recipes-security/refpolicy/refpolicy_git.inc | 2 +-
recipes-security/selinux/selinux_common.inc | 2 +-
recipes-security/setools/setools_4.4.0.bb | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/recipes-security/refpolicy/refpolicy_git.inc b/recipes-security/refpolicy/refpolicy_git.inc
index ccf1bde..1d56403 100644
--- a/recipes-security/refpolicy/refpolicy_git.inc
+++ b/recipes-security/refpolicy/refpolicy_git.inc
@@ -1,6 +1,6 @@
PV = "2.20210203+git${SRCPV}"

-SRC_URI = "git://github.com/SELinuxProject/refpolicy.git;protocol=git;branch=master;name=refpolicy;destsuffix=refpolicy"
+SRC_URI = "git://github.com/SELinuxProject/refpolicy.git;protocol=https;branch=master;name=refpolicy;destsuffix=refpolicy"

SRCREV_refpolicy ?= "1167739da1882f9c89281095d2595da5ea2d9d6b"

diff --git a/recipes-security/selinux/selinux_common.inc b/recipes-security/selinux/selinux_common.inc
index f2e180f..dc4ccd5 100644
--- a/recipes-security/selinux/selinux_common.inc
+++ b/recipes-security/selinux/selinux_common.inc
@@ -1,6 +1,6 @@
HOMEPAGE = "https://github.com/SELinuxProject"

-SRC_URI = "git://github.com/SELinuxProject/selinux.git"
+SRC_URI = "git://github.com/SELinuxProject/selinux.git;branch=master;protocol=https"
SRCREV = "cf853c1a0c2328ad6c62fb2b2cc55d4926301d6b"

UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+)"
diff --git a/recipes-security/setools/setools_4.4.0.bb b/recipes-security/setools/setools_4.4.0.bb
index 2b10993..b78af36 100644
--- a/recipes-security/setools/setools_4.4.0.bb
+++ b/recipes-security/setools/setools_4.4.0.bb
@@ -9,7 +9,7 @@ SECTION = "base"
LICENSE = "GPLv2 & LGPLv2.1"

S = "${WORKDIR}/git"
-SRC_URI = "git://github.com/SELinuxProject/${BPN}.git;branch=4.4 \
+SRC_URI = "git://github.com/SELinuxProject/${BPN}.git;branch=4.4;protocol=https \
file://setools4-fixes-for-cross-compiling.patch \
"

--
2.25.1


Re: Bitbake build fails because of a python function

Alexander Kanavin
 

Just wondering, what it /srv/yocto? Can you build in your $HOME?

Otherwise, you can run bitbake under 'strace -ff -o strace-log ...' and try to check exactly what syscall causes cpio to fail.

Alex


On Thu, 4 Nov 2021 at 20:44, Maksym Iliev <maksym.iliev@...> wrote:

Dear Alexander,

Thanks a lot for responding. I've attached the log file.
The only valuable info I could find is the following piece at the end of the log file. Could that be a potential cause for failures?

Deprecated external dependency generator is used!

create archive failed: cpio: write

WARNING: exit code 1 from a shell command.

 

 

 

Thanks in advance,

Maksym

From: Alexander Kanavin
Sent: November 3, 2021 4:48 PM
To: Maksym Iliev
Cc: Yocto-mailing-list
Subject: Re: [yocto] Bitbake build fails because of a python function

 

You don't often get email from alex.kanavin@.... Learn why this is important

It's hard to say if we can't replicate the issue. Check /srv/yocto/build/tmp/work/corei7-64-poky-linux/perl/5.30.1-r0/temp/log.do_package_write_rpm, it might have useful debugging info.

 

Alex

 

 

On Wed, 3 Nov 2021 at 21:45, Maksym Iliev via lists.yoctoproject.org <maksym.iliev=litmus.io@...> wrote:

Hello guys. I am brand new to yocto and bitbake and I am looking for any help/advice/hints I can get. I have inherited someone else's code for building yocto project images, but the bitbake fails with the following error:

ERROR: perl-5.30.1-r0 do_package_write_rpm: Error executing a python function in exec_func_python() 
autogenerated:The stack trace of python calls that resulted in this exception/failure was: File: 'exec_func_python() autogenerated', lineno: 2, function: <module>
0001: *** 
0002:do_package_rpm(d)     
0003:
File: '/srv/yocto/poky/meta/classes/package_rpm.bbclass', lineno: 712, function: do_package_rpm     
0708:     
0709:    # Build the rpm package!     
0710:    d.setVar('BUILDSPEC', cmd + \"\\n\" + cleanupcmd + \"\\n\")     
0711:    d.setVarFlag('BUILDSPEC', 'func', '1')
0712:    bb.build.exec_func('BUILDSPEC', d)     
0713:     
0714:    if d.getVar('RPM_SIGN_PACKAGES') == '1':
0715:        bb.build.exec_func(\"sign_rpm\", d)     
0716:}
File: '/srv/yocto/poky/bitbake/lib/bb/build.py', lineno: 254, function: exec_func     
0250:    with bb.utils.fileslocked(lockfiles):     
0251:    if ispython:     
0252:            exec_func_python(func, d, runfile, cwd=adir)     
0253:    else: *** 
0254:            exec_func_shell(func, d, runfile, cwd=adir)     
0255:     
0256:    try:     
0257:        curcwd = os.getcwd()     
0258:    except:
File: '/srv/yocto/poky/bitbake/lib/bb/build.py', lineno: 455, function: exec_func_shell     
0451:    with open(fifopath, 'r+b', buffering=0) as fifo:     
0452:        try:     
0453:            bb.debug(2, \"Executing shell function %s\" % func)    
0454:            with open(os.devnull, 'r+') as stdin, logfile: *** 
0455:                bb.process.run(cmd, shell=False, stdin=stdin, log=logfile, extrafiles=[(fifo,readfifo)])     
0456:        finally:     
0457:            os.unlink(fifopath)    
0458:     
0459:    bb.debug(2, \"Shell function %s finished\" % func)
File: '/srv/yocto/poky/bitbake/lib/bb/process.py', lineno: 184, function: run     
0180:     
0181:    if pipe.returncode != 0:     
0182:        if log:     
0183:            # Don't duplicate the output in the exception if logging it *** 
0184:            raise ExecutionError(cmd, pipe.returncode, None, None)     
0185:        raise ExecutionError(cmd, pipe.returncode, stdout, stderr)     
0186:    return stdout, stderr Exception: bb.process.ExecutionError: Execution of '/srv/yocto/build/tmp/work/corei7-64-poky-linux/perl/5.30.1-r0/temp/run.BUILDSPEC.35372' failed with exit code 1

Would anyone be able to point me in the right direction as to what could be potentially causing this issue?

Thanks in advance,
Maksym

 

1841 - 1860 of 57064