Date   

[meta-security][PATCH 1/3] sssd: Create /var/log/sssd in runtime

Armin Kuster
 

/var/log is normally a link to /var/volatile/log and /var/volatile is a
tmpfs mount. So anything created in /var/log will not be available when
the tmpfs is mounted.

[Thanks to Peter Kjellerstedt for example]

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
recipes-security/sssd/sssd_2.5.2.bb | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/recipes-security/sssd/sssd_2.5.2.bb b/recipes-security/sssd/sssd_2.5.2.bb
index ed8af5e..8bc8787 100644
--- a/recipes-security/sssd/sssd_2.5.2.bb
+++ b/recipes-security/sssd/sssd_2.5.2.bb
@@ -86,13 +86,23 @@ do_install () {
rmdir --ignore-fail-on-non-empty "${D}/${bindir}"
install -d ${D}/${sysconfdir}/${BPN}
install -m 600 ${WORKDIR}/${BPN}.conf ${D}/${sysconfdir}/${BPN}
- install -D -m 644 ${WORKDIR}/volatiles.99_sssd ${D}/${sysconfdir}/default/volatiles/99_sssd
+
+ # /var/log/sssd needs to be created in runtime. Use rmdir to catch if
+ # upstream stops creating /var/log/sssd, or adds something else in
+ # /var/log.
+ rmdir ${D}${localstatedir}/log/${BPN} ${D}${localstatedir}/log
+ rmdir --ignore-fail-on-non-empty ${D}${localstatedir}

if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
install -d ${D}${sysconfdir}/tmpfiles.d
echo "d /var/log/sssd 0750 - - - -" > ${D}${sysconfdir}/tmpfiles.d/sss.conf
fi

+ if [ "${@bb.utils.filter('DISTRO_FEATURES', 'sysvinit', d)}" ]; then
+ install -d ${D}${sysconfdir}/default/volatiles
+ echo "d ${SSSD_UID}:${SSSD_GID} 0755 ${localstatedir}/log/${BPN} none" > ${D}${sysconfdir}/default/volatiles/99_${BPN}
+ fi
+
# Remove /run as it is created on startup
rm -rf ${D}/run

@@ -106,6 +116,8 @@ fi
chown ${SSSD_UID}:${SSSD_GID} ${sysconfdir}/${BPN}/${BPN}.conf
}

+FILES:${PN} += "${nonarch_libdir}/tmpfiles.d"
+
CONFFILES:${PN} = "${sysconfdir}/${BPN}/${BPN}.conf"

INITSCRIPT_NAME = "sssd"
--
2.25.1


QA notification for completed autobuilder build (yocto-3.3.4.rc1)

Richard Purdie
 

A build flagged for QA (yocto-3.3.4.rc1) was completed on the autobuilder and is
available at:


https://autobuilder.yocto.io/pub/releases/yocto-3.3.4.rc1


Build hash information:

bitbake: 0fe1a9e2d2e33f80d807cefc7a23df4a5f760c74
meta-agl: d997986f27e239400cf01e0cdef942cee278ea66
meta-arm: 71686ac05c34e53950268bfe0d52c3624e78c190
meta-aws: cad1c714434fe0adc566006e1e1626b4657bcf40
meta-gplv2: 9e119f333cc8f53bd3cf64326f826dbc6ce3db0f
meta-intel: 76495b60dd915846d2f84d03b9c9cfbb548e9dc0
meta-mingw: 422b96cb2b6116442be1f40dfb5bd77447d1219e
meta-openembedded: d378e4293d18e374f5d1494a88bfc3caee4d02df
oecore: 0ca080a23c2770a15138f702d4c879bbd90ca360
poky: c40ac16d79026169639f47be76a3f7b9d8b5178e



This is an automated message from the Yocto Project Autobuilder
Git: git://git.yoctoproject.org/yocto-autobuilder2
Email: richard.purdie@linuxfoundation.org


[meta-cgl][PATCH] recipes: update SRC_URI branch and protocols

Yi Zhao
 

Update SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
meta-cgl-common/recipes-cgl/cluster-glue/cluster-glue_1.0.12.bb | 2 +-
.../cluster-resource-agents/resource-agents_4.5.0.bb | 2 +-
meta-cgl-common/recipes-cgl/crmsh/crmsh_4.3.1.bb | 2 +-
meta-cgl-common/recipes-cgl/ocfs2-tools/ocfs2-tools_1.8.6.bb | 2 +-
meta-cgl-common/recipes-cgl/pacemaker/pacemaker_2.0.5.bb | 2 +-
meta-cgl-common/recipes-cgl/racoon2/racoon2_202003018.bb | 2 +-
6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/meta-cgl-common/recipes-cgl/cluster-glue/cluster-glue_1.0.12.bb b/meta-cgl-common/recipes-cgl/cluster-glue/cluster-glue_1.0.12.bb
index 9221f06..acd3149 100644
--- a/meta-cgl-common/recipes-cgl/cluster-glue/cluster-glue_1.0.12.bb
+++ b/meta-cgl-common/recipes-cgl/cluster-glue/cluster-glue_1.0.12.bb
@@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b70d30a00a451e19d7449d7465d02601 \
DEPENDS = "libxml2 libtool glib-2.0 bzip2 util-linux net-snmp openhpi"

SRC_URI = " \
- git://github.com/ClusterLabs/${BPN}.git \
+ git://github.com/ClusterLabs/${BPN}.git;branch=master;protocol=https \
file://0001-don-t-compile-doc-and-Error-Fix.patch \
file://0001-ribcl.py.in-Warning-Fix.patch \
file://0001-Update-for-python3.patch \
diff --git a/meta-cgl-common/recipes-cgl/cluster-resource-agents/resource-agents_4.5.0.bb b/meta-cgl-common/recipes-cgl/cluster-resource-agents/resource-agents_4.5.0.bb
index bd906b2..261681c 100644
--- a/meta-cgl-common/recipes-cgl/cluster-resource-agents/resource-agents_4.5.0.bb
+++ b/meta-cgl-common/recipes-cgl/cluster-resource-agents/resource-agents_4.5.0.bb
@@ -14,7 +14,7 @@ LICENSE:${PN}-extra = "GPLv3"
LICENSE:${PN}-extra-dbg = "GPLv3"
LICENSE:ldirectord = "GPLv2+"

-SRC_URI = "git://github.com/ClusterLabs/resource-agents \
+SRC_URI = "git://github.com/ClusterLabs/resource-agents;branch=master;protocol=https \
file://01-disable-doc-build.patch \
file://02-set-OCF_ROOT_DIR-to-libdir-ocf.patch \
file://03-fix-header-defs-lookup.patch \
diff --git a/meta-cgl-common/recipes-cgl/crmsh/crmsh_4.3.1.bb b/meta-cgl-common/recipes-cgl/crmsh/crmsh_4.3.1.bb
index 531a053..43393d8 100644
--- a/meta-cgl-common/recipes-cgl/crmsh/crmsh_4.3.1.bb
+++ b/meta-cgl-common/recipes-cgl/crmsh/crmsh_4.3.1.bb
@@ -13,7 +13,7 @@ DEPENDS = "asciidoc-native \
RDEPENDS:${PN} = "pacemaker python3-lxml python3-parallax gawk bash python3-doctest"

S = "${WORKDIR}/git"
-SRC_URI = "git://github.com/ClusterLabs/${BPN}.git \
+SRC_URI = "git://github.com/ClusterLabs/${BPN}.git;branch=master;protocol=https \
file://tweaks_for_build.patch \
file://0001-orderedset.py-fix-deprecation-on-collections.Mutable.patch \
"
diff --git a/meta-cgl-common/recipes-cgl/ocfs2-tools/ocfs2-tools_1.8.6.bb b/meta-cgl-common/recipes-cgl/ocfs2-tools/ocfs2-tools_1.8.6.bb
index fa38006..7c32c54 100644
--- a/meta-cgl-common/recipes-cgl/ocfs2-tools/ocfs2-tools_1.8.6.bb
+++ b/meta-cgl-common/recipes-cgl/ocfs2-tools/ocfs2-tools_1.8.6.bb
@@ -12,7 +12,7 @@ SECTION = "System Environment/Base"
LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=8ef380476f642c20ebf40fecb0add2ec"

-SRC_URI = "git://github.com/markfasheh/ocfs2-tools \
+SRC_URI = "git://github.com/markfasheh/ocfs2-tools;branch=master;protocol=https \
file://0003-vendor-common-o2cb.ocf-add-new-conf-file.patch \
file://ocfs2-tools-1.8.5-format-fortify.patch \
file://no-redhat.patch \
diff --git a/meta-cgl-common/recipes-cgl/pacemaker/pacemaker_2.0.5.bb b/meta-cgl-common/recipes-cgl/pacemaker/pacemaker_2.0.5.bb
index c86c282..006ed9b 100644
--- a/meta-cgl-common/recipes-cgl/pacemaker/pacemaker_2.0.5.bb
+++ b/meta-cgl-common/recipes-cgl/pacemaker/pacemaker_2.0.5.bb
@@ -13,7 +13,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=000212f361a81b100d9d0f0435040663"

DEPENDS = "corosync libxslt libxml2 gnutls resource-agents libqb python3-native"

-SRC_URI = "git://github.com/ClusterLabs/${BPN}.git \
+SRC_URI = "git://github.com/ClusterLabs/${BPN}.git;branch=master;protocol=https \
file://0001-Fix-python3-usage.patch \
file://0001-pacemaker-set-OCF_ROOT_DIR-to-libdir-ocf.patch \
file://volatiles \
diff --git a/meta-cgl-common/recipes-cgl/racoon2/racoon2_202003018.bb b/meta-cgl-common/recipes-cgl/racoon2/racoon2_202003018.bb
index 4c7c080..0388afe 100644
--- a/meta-cgl-common/recipes-cgl/racoon2/racoon2_202003018.bb
+++ b/meta-cgl-common/recipes-cgl/racoon2/racoon2_202003018.bb
@@ -13,7 +13,7 @@ RDEPENDS:${PN} += "perl"
LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=99a60756441098855c538fe86f859afe"

-SRC_URI = "git://github.com/zoulasc/racoon2 \
+SRC_URI = "git://github.com/zoulasc/racoon2;branch=master;protocol=https \
file://0001-Add-DESTDIR-to-install-commands.patch \
file://0002-Enable-turning-of-kinkd-and-iked.patch \
file://0003-Replace-perl_bindir-with-usr-bin-env-perl.patch \
--
2.25.1


[meta-selinux][PATCH 2/2] bind: remove volatile file

Yi Zhao
 

This file is not needed anymore as bind daemon will create them by
itself.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
recipes-connectivity/bind/bind_selinux.inc | 7 -------
recipes-connectivity/bind/files/volatiles.04_bind | 4 ----
2 files changed, 11 deletions(-)
delete mode 100644 recipes-connectivity/bind/files/volatiles.04_bind

diff --git a/recipes-connectivity/bind/bind_selinux.inc b/recipes-connectivity/bind/bind_selinux.inc
index aa11005..948a377 100644
--- a/recipes-connectivity/bind/bind_selinux.inc
+++ b/recipes-connectivity/bind/bind_selinux.inc
@@ -1,11 +1,4 @@
-FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
-
-SRC_URI += "file://volatiles.04_bind"
-
do_install:append() {
- install -d ${D}${sysconfdir}/default/volatiles
- install -m 0644 ${WORKDIR}/volatiles.04_bind ${D}${sysconfdir}/default/volatiles/04_bind
-
sed -i '/^\s*\/usr\/sbin\/rndc-confgen/a\
[ -x /sbin/restorecon ] && /sbin/restorecon -F /etc/bind/rndc.key' ${D}${sysconfdir}/init.d/bind
}
diff --git a/recipes-connectivity/bind/files/volatiles.04_bind b/recipes-connectivity/bind/files/volatiles.04_bind
deleted file mode 100644
index c6a8151..0000000
--- a/recipes-connectivity/bind/files/volatiles.04_bind
+++ /dev/null
@@ -1,4 +0,0 @@
-# <type> <owner> <group> <mode> <path> <linksource>
-d root root 0755 /var/run/named none
-d root root 0755 /var/run/bind/run none
-d root root 0755 /var/cache/bind none
--
2.25.1


[meta-selinux][PATCH 1/2] recipes: update SRC_URI branch and protocols

Yi Zhao
 

Update SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
recipes-security/refpolicy/refpolicy_git.inc | 2 +-
recipes-security/selinux/selinux_common.inc | 2 +-
recipes-security/setools/setools_4.4.0.bb | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/recipes-security/refpolicy/refpolicy_git.inc b/recipes-security/refpolicy/refpolicy_git.inc
index ccf1bde..1d56403 100644
--- a/recipes-security/refpolicy/refpolicy_git.inc
+++ b/recipes-security/refpolicy/refpolicy_git.inc
@@ -1,6 +1,6 @@
PV = "2.20210203+git${SRCPV}"

-SRC_URI = "git://github.com/SELinuxProject/refpolicy.git;protocol=git;branch=master;name=refpolicy;destsuffix=refpolicy"
+SRC_URI = "git://github.com/SELinuxProject/refpolicy.git;protocol=https;branch=master;name=refpolicy;destsuffix=refpolicy"

SRCREV_refpolicy ?= "1167739da1882f9c89281095d2595da5ea2d9d6b"

diff --git a/recipes-security/selinux/selinux_common.inc b/recipes-security/selinux/selinux_common.inc
index f2e180f..dc4ccd5 100644
--- a/recipes-security/selinux/selinux_common.inc
+++ b/recipes-security/selinux/selinux_common.inc
@@ -1,6 +1,6 @@
HOMEPAGE = "https://github.com/SELinuxProject"

-SRC_URI = "git://github.com/SELinuxProject/selinux.git"
+SRC_URI = "git://github.com/SELinuxProject/selinux.git;branch=master;protocol=https"
SRCREV = "cf853c1a0c2328ad6c62fb2b2cc55d4926301d6b"

UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+)"
diff --git a/recipes-security/setools/setools_4.4.0.bb b/recipes-security/setools/setools_4.4.0.bb
index 2b10993..b78af36 100644
--- a/recipes-security/setools/setools_4.4.0.bb
+++ b/recipes-security/setools/setools_4.4.0.bb
@@ -9,7 +9,7 @@ SECTION = "base"
LICENSE = "GPLv2 & LGPLv2.1"

S = "${WORKDIR}/git"
-SRC_URI = "git://github.com/SELinuxProject/${BPN}.git;branch=4.4 \
+SRC_URI = "git://github.com/SELinuxProject/${BPN}.git;branch=4.4;protocol=https \
file://setools4-fixes-for-cross-compiling.patch \
"

--
2.25.1


Re: Bitbake build fails because of a python function

Alexander Kanavin
 

Just wondering, what it /srv/yocto? Can you build in your $HOME?

Otherwise, you can run bitbake under 'strace -ff -o strace-log ...' and try to check exactly what syscall causes cpio to fail.

Alex


On Thu, 4 Nov 2021 at 20:44, Maksym Iliev <maksym.iliev@...> wrote:

Dear Alexander,

Thanks a lot for responding. I've attached the log file.
The only valuable info I could find is the following piece at the end of the log file. Could that be a potential cause for failures?

Deprecated external dependency generator is used!

create archive failed: cpio: write

WARNING: exit code 1 from a shell command.

 

 

 

Thanks in advance,

Maksym

From: Alexander Kanavin
Sent: November 3, 2021 4:48 PM
To: Maksym Iliev
Cc: Yocto-mailing-list
Subject: Re: [yocto] Bitbake build fails because of a python function

 

You don't often get email from alex.kanavin@.... Learn why this is important

It's hard to say if we can't replicate the issue. Check /srv/yocto/build/tmp/work/corei7-64-poky-linux/perl/5.30.1-r0/temp/log.do_package_write_rpm, it might have useful debugging info.

 

Alex

 

 

On Wed, 3 Nov 2021 at 21:45, Maksym Iliev via lists.yoctoproject.org <maksym.iliev=litmus.io@...> wrote:

Hello guys. I am brand new to yocto and bitbake and I am looking for any help/advice/hints I can get. I have inherited someone else's code for building yocto project images, but the bitbake fails with the following error:

ERROR: perl-5.30.1-r0 do_package_write_rpm: Error executing a python function in exec_func_python() 
autogenerated:The stack trace of python calls that resulted in this exception/failure was: File: 'exec_func_python() autogenerated', lineno: 2, function: <module>
0001: *** 
0002:do_package_rpm(d)     
0003:
File: '/srv/yocto/poky/meta/classes/package_rpm.bbclass', lineno: 712, function: do_package_rpm     
0708:     
0709:    # Build the rpm package!     
0710:    d.setVar('BUILDSPEC', cmd + \"\\n\" + cleanupcmd + \"\\n\")     
0711:    d.setVarFlag('BUILDSPEC', 'func', '1')
0712:    bb.build.exec_func('BUILDSPEC', d)     
0713:     
0714:    if d.getVar('RPM_SIGN_PACKAGES') == '1':
0715:        bb.build.exec_func(\"sign_rpm\", d)     
0716:}
File: '/srv/yocto/poky/bitbake/lib/bb/build.py', lineno: 254, function: exec_func     
0250:    with bb.utils.fileslocked(lockfiles):     
0251:    if ispython:     
0252:            exec_func_python(func, d, runfile, cwd=adir)     
0253:    else: *** 
0254:            exec_func_shell(func, d, runfile, cwd=adir)     
0255:     
0256:    try:     
0257:        curcwd = os.getcwd()     
0258:    except:
File: '/srv/yocto/poky/bitbake/lib/bb/build.py', lineno: 455, function: exec_func_shell     
0451:    with open(fifopath, 'r+b', buffering=0) as fifo:     
0452:        try:     
0453:            bb.debug(2, \"Executing shell function %s\" % func)    
0454:            with open(os.devnull, 'r+') as stdin, logfile: *** 
0455:                bb.process.run(cmd, shell=False, stdin=stdin, log=logfile, extrafiles=[(fifo,readfifo)])     
0456:        finally:     
0457:            os.unlink(fifopath)    
0458:     
0459:    bb.debug(2, \"Shell function %s finished\" % func)
File: '/srv/yocto/poky/bitbake/lib/bb/process.py', lineno: 184, function: run     
0180:     
0181:    if pipe.returncode != 0:     
0182:        if log:     
0183:            # Don't duplicate the output in the exception if logging it *** 
0184:            raise ExecutionError(cmd, pipe.returncode, None, None)     
0185:        raise ExecutionError(cmd, pipe.returncode, stdout, stderr)     
0186:    return stdout, stderr Exception: bb.process.ExecutionError: Execution of '/srv/yocto/build/tmp/work/corei7-64-poky-linux/perl/5.30.1-r0/temp/run.BUILDSPEC.35372' failed with exit code 1

Would anyone be able to point me in the right direction as to what could be potentially causing this issue?

Thanks in advance,
Maksym

 


Re: Bitbake build fails because of a python function

Maksym Iliev
 

Dear Alexander,

Thanks a lot for responding. I've attached the log file.
The only valuable info I could find is the following piece at the end of the log file. Could that be a potential cause for failures?

Deprecated external dependency generator is used!

create archive failed: cpio: write

WARNING: exit code 1 from a shell command.

 

 

 

Thanks in advance,

Maksym

From: Alexander Kanavin
Sent: November 3, 2021 4:48 PM
To: Maksym Iliev
Cc: Yocto-mailing-list
Subject: Re: [yocto] Bitbake build fails because of a python function

 

You don't often get email from alex.kanavin@.... Learn why this is important

It's hard to say if we can't replicate the issue. Check /srv/yocto/build/tmp/work/corei7-64-poky-linux/perl/5.30.1-r0/temp/log.do_package_write_rpm, it might have useful debugging info.

 

Alex

 

 

On Wed, 3 Nov 2021 at 21:45, Maksym Iliev via lists.yoctoproject.org <maksym.iliev=litmus.io@...> wrote:

Hello guys. I am brand new to yocto and bitbake and I am looking for any help/advice/hints I can get. I have inherited someone else's code for building yocto project images, but the bitbake fails with the following error:

ERROR: perl-5.30.1-r0 do_package_write_rpm: Error executing a python function in exec_func_python() 
autogenerated:The stack trace of python calls that resulted in this exception/failure was: File: 'exec_func_python() autogenerated', lineno: 2, function: <module>
0001: *** 
0002:do_package_rpm(d)     
0003:
File: '/srv/yocto/poky/meta/classes/package_rpm.bbclass', lineno: 712, function: do_package_rpm     
0708:     
0709:    # Build the rpm package!     
0710:    d.setVar('BUILDSPEC', cmd + \"\\n\" + cleanupcmd + \"\\n\")     
0711:    d.setVarFlag('BUILDSPEC', 'func', '1')
0712:    bb.build.exec_func('BUILDSPEC', d)     
0713:     
0714:    if d.getVar('RPM_SIGN_PACKAGES') == '1':
0715:        bb.build.exec_func(\"sign_rpm\", d)     
0716:}
File: '/srv/yocto/poky/bitbake/lib/bb/build.py', lineno: 254, function: exec_func     
0250:    with bb.utils.fileslocked(lockfiles):     
0251:    if ispython:     
0252:            exec_func_python(func, d, runfile, cwd=adir)     
0253:    else: *** 
0254:            exec_func_shell(func, d, runfile, cwd=adir)     
0255:     
0256:    try:     
0257:        curcwd = os.getcwd()     
0258:    except:
File: '/srv/yocto/poky/bitbake/lib/bb/build.py', lineno: 455, function: exec_func_shell     
0451:    with open(fifopath, 'r+b', buffering=0) as fifo:     
0452:        try:     
0453:            bb.debug(2, \"Executing shell function %s\" % func)    
0454:            with open(os.devnull, 'r+') as stdin, logfile: *** 
0455:                bb.process.run(cmd, shell=False, stdin=stdin, log=logfile, extrafiles=[(fifo,readfifo)])     
0456:        finally:     
0457:            os.unlink(fifopath)    
0458:     
0459:    bb.debug(2, \"Shell function %s finished\" % func)
File: '/srv/yocto/poky/bitbake/lib/bb/process.py', lineno: 184, function: run     
0180:     
0181:    if pipe.returncode != 0:     
0182:        if log:     
0183:            # Don't duplicate the output in the exception if logging it *** 
0184:            raise ExecutionError(cmd, pipe.returncode, None, None)     
0185:        raise ExecutionError(cmd, pipe.returncode, stdout, stderr)     
0186:    return stdout, stderr Exception: bb.process.ExecutionError: Execution of '/srv/yocto/build/tmp/work/corei7-64-poky-linux/perl/5.30.1-r0/temp/run.BUILDSPEC.35372' failed with exit code 1

Would anyone be able to point me in the right direction as to what could be potentially causing this issue?

Thanks in advance,
Maksym

 


Minutes: Yocto Project Weekly Triage Meeting 11/4/2021

Trevor Gamblin
 

Wiki: https://wiki.yoctoproject.org/wiki/Bug_Triage

Attendees: Alexandre, Armin, Bruce, Jon, Joshua, Kiran, Michael, Randy, Richard, Stephen, Steve, Tim, Trevor

ARs:

N/A


Notes:

N/A

Medium+ 3.5 Unassigned Enhancements/Bugs: 79 (Last week 81)

Medium+ 3.99 Unassigned Enhancements/Bugs: 39 (No change)

AB Bugs: 62 (No change)


[meta-security][PATCH] tpm2-tss: fix fapi package config

Stefan Mueller-Klieser
 

When enabling fapi, the build breaks with:

| configure: error: Package requirements (libcurl) were not met:
| No package 'libcurl' found

This adds the missing dependency and bundles the additional config files
in the base package.

Signed-off-by: Stefan Müller-Klieser <s.mueller-klieser@phytec.de>
---
v1:
- tested on hardknott and master

meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.0.3.bb | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.0.3.bb b/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.0.3.bb
index 64708791f4a9..1a36a5b73b06 100644
--- a/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.0.3.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.0.3.bb
@@ -15,7 +15,7 @@ inherit autotools pkgconfig systemd extrausers

PACKAGECONFIG ??= ""
PACKAGECONFIG[oxygen] = ",--disable-doxygen-doc, "
-PACKAGECONFIG[fapi] = "--enable-fapi,--disable-fapi,json-c "
+PACKAGECONFIG[fapi] = "--enable-fapi,--disable-fapi,curl json-c "

EXTRA_OECONF += "--enable-static --with-udevrulesdir=${nonarch_base_libdir}/udev/rules.d/"
EXTRA_OECONF:remove = " --disable-static"
@@ -73,6 +73,11 @@ FILES:libtss2-dev = " \
${libdir}/libtss2*so"
FILES:libtss2-staticdev = "${libdir}/libtss*a"

-FILES:${PN} = "${libdir}/udev ${nonarch_base_libdir}/udev"
+FILES:${PN} = "\
+ ${libdir}/udev \
+ ${nonarch_base_libdir}/udev \
+ ${sysconfdir}/tmpfiles.d \
+ ${sysconfdir}/tpm2-tss \
+ ${sysconfdir}/sysusers.d"

RDEPENDS:libtss2 = "libgcrypt"
--
2.20.1


User configuration & host contamination

Jeffrey Simons
 

Hi all,

I'm having some difficulty with setting up users and the respective application user assignments. I have a generic recipe which inherits useradd and sets a user, this works great for my purpose without one exception. I can't assign the user in my other recipe where the application is build.

Snippet from my user add (based on the useradd-example):
USERADD_PARAM_${PN} = "--uid 1200 \
--home-dir /home/user1 \
--groups dialout \
--user-group \
--password '********' \
--shell /bin/bash user1"

Snippet from my application which wants to assign the user1:
do_install () {
chown -R user1 ${D}/usr/local/bin/test_app/
}
It fails with the message:
"WARNING: test_app-1.0-12-r0 do_package_qa: QA Issue: test_app: /usr/local/bin/test_app/some_script.py is owned by uid 1000, which is the same as the user running bitbake. This may be due to host contamination"

Any pointers/thoughts in how I can resolve this issue?

With kind regards,

Jeffrey Simons

Software Engineer
Royal Boon Edam International B.V.


Re: Dunfell - ERROR: ca-certificates-20211016-r0 do_fetch: Fetcher failure

Martin Jansa
 

Most likely expired Let's Encrypt certificate (which salsa.debian.org where ca-certificates are hoster is using) on your builder (host OS), see e.g. for ubuntu:

So to fix this update ca-certificates on your host distribution and then it should be fine.

On Thu, Nov 4, 2021 at 1:20 AM Darcy Watkins <dwatkins@...> wrote:

Hi,

 

After syncup of Yocto dunfell, I get the following error:

 

dwatkins@carmd-ed-n11377-docker-dwatkins_apollo17:64bit build $ bitbake ca-certificates -c fetch

Loading cache: 100% |#################################################################################################################################################################################################################################################| Time: 0:00:00

Loaded 4042 entries from dependency cache.

Parsing recipes: 100% |###############################################################################################################################################################################################################################################| Time: 0:00:00

Parsing of 2833 .bb files complete (2815 cached, 18 parsed). 4060 targets, 183 skipped, 0 masked, 0 errors.

WARNING: No recipes available for:

  /home/dwatkins/workspace/mgos/apollo17/meta-mg90-bsp/recipes-kernel/firmware/linux-firmware_git.bbappend

  /home/dwatkins/workspace/mgos/apollo17/meta-mg90-bsp/recipes-kernel/linux/linux-qoriq_4.19.bbappend

  /home/dwatkins/workspace/mgos/apollo17/meta-mgos-distro/meta-openssl-fips/recipes-support/openssl/openssl_1.0.2%.bbappend

  /home/dwatkins/workspace/mgos/apollo17/meta-mgos-core/recipes-support/cherrypy/cherrypy-python_%.bbappend

  /home/dwatkins/workspace/mgos/apollo17/meta-mgos-core/recipes-support/hostapd/hostapd_2.6.bbappend

  /home/dwatkins/workspace/mgos/apollo17/meta-mgos-core/recipes-support/hostapd/hostapd_2.8.bbappend

  /home/dwatkins/workspace/mgos/apollo17/meta-mgos-core/recipes-support/wpa-supplicant/wpa-supplicant_2.6.bbappend

  /home/dwatkins/workspace/mgos/apollo17/meta-mgos-core/recipes-support/wpa-supplicant/wpa-supplicant_2.7.bbappend

NOTE: Resolving any missing task queue dependencies

 

Build Configuration:

BB_VERSION           = "1.46.0"

BUILD_SYS            = "x86_64-linux"

NATIVELSBSTRING      = "universal"

TARGET_SYS           = "arm-poky-linux-gnueabi"

MACHINE              = "mg90"

DISTRO               = "mgos"

DISTRO_VERSION       = "3.1.11"

TUNE_FEATURES        = "arm vfp cortexa7 neon callconvention-hard"

TARGET_FPU           = "hard"

meta-mgos-core       = "main:96c5c6d35f19d16f65100ee29cb23e9a1470876c"

meta-mgos-release    = "main:0825ac63c95db495330848f80d6d68b6f47a77d4"

meta-mg90-bsp        = "main:47d0284b7a337df7587055c405213f9428c94884"

meta-mgos-airprime   = "main:5e8ffb01629c60d282b22e3313740e3b2cf325f4"

meta                 

meta-daisy-cf        

meta-openssl-fips    

meta-sigma           = "main:abf8a7a7408b690dfb0dff796ce8e94b6b661b0d"

meta                 

meta-poky            

meta-yocto-bsp       = "HEAD:0810ac6b926cd901f0619e95f367efc79d4c3159"

meta-oe              

meta-networking      

meta-python          

meta-perl            = "HEAD:814eec96c2a29172da57a425a3609f8b6fcc6afe"

meta-security        

meta-integrity       

meta-security-compliance 

meta-security-isafw  = "HEAD:b76698c788cb8ca632077a972031899ef15025d6"

meta-freescale       = "HEAD:727fd8df20c8ee58474ce15cd5e1459f14bee977"

meta-java            = "HEAD:6e84638d77ac921aac46649095bca5ddbde94d2a"

workspace            = "<unknown>:<unknown>"

 

Initialising tasks: 100% |############################################################################################################################################################################################################################################| Time: 0:00:00

Sstate summary: Wanted 0 Found 0 Missed 0 Current 0 (0% match, 0% complete)

NOTE: No setscene tasks

NOTE: Executing Tasks

WARNING: ca-certificates-20211016-r0 do_fetch: Failed to fetch URL git://salsa.debian.org/debian/ca-certificates.git;protocol=https, attempting MIRRORS if available

ERROR: ca-certificates-20211016-r0 do_fetch: Fetcher failure: Fetch command export PSEUDO_DISABLED=1; export PATH="/home/dwatkins/workspace/mgos/apollo17/build/tmp/sysroots-uninative/x86_64-linux/usr/bin:/home/dwatkins/workspace/mgos/apollo17/upstream/yocto/poky/scripts:/home/dwatkins/workspace/mgos/apollo17/build/tmp/work/all-poky-linux/ca-certificates/20211016-r0/recipe-sysroot-native/usr/bin/allarch-poky-linux:/home/dwatkins/workspace/mgos/apollo17/build/tmp/work/all-poky-linux/ca-certificates/20211016-r0/recipe-sysroot/usr/bin/crossscripts:/home/dwatkins/workspace/mgos/apollo17/build/tmp/work/all-poky-linux/ca-certificates/20211016-r0/recipe-sysroot-native/usr/sbin:/home/dwatkins/workspace/mgos/apollo17/build/tmp/work/all-poky-linux/ca-certificates/20211016-r0/recipe-sysroot-native/usr/bin:/home/dwatkins/workspace/mgos/apollo17/build/tmp/work/all-poky-linux/ca-certificates/20211016-r0/recipe-sysroot-native/sbin:/home/dwatkins/workspace/mgos/apollo17/build/tmp/work/all-poky-linux/ca-certificates/20211016-r0/recipe-sysroot-native/bin:/home/dwatkins/workspace/mgos/apollo17/upstream/yocto/poky/bitbake/bin:/home/dwatkins/workspace/mgos/apollo17/build/tmp/hosttools"; export HOME="/home/dwatkins"; LANG=C git -c core.fsyncobjectfiles=0 fetch -f --progress "https://salsa.debian.org/debian/ca-certificates.git" refs/*:refs/* failed with exit code 128, no output

ERROR: ca-certificates-20211016-r0 do_fetch: Bitbake Fetcher Error: FetchError('Unable to fetch URL from any source.', 'git://salsa.debian.org/debian/ca-certificates.git;protocol=https')

ERROR: Logfile of failure stored in: /home/dwatkins/workspace/mgos/apollo17/build/tmp/work/all-poky-linux/ca-certificates/20211016-r0/temp/log.do_fetch.11215

ERROR: Task (/home/dwatkins/workspace/mgos/apollo17/upstream/yocto/poky/meta/recipes-support/ca-certificates/ca-certificates_20211016.bb:do_fetch) failed with exit code '1'

NOTE: Tasks Summary: Attempted 1 tasks of which 0 didn't need to be rerun and 1 failed.

 

Summary: 1 task failed:

  /home/dwatkins/workspace/mgos/apollo17/upstream/yocto/poky/meta/recipes-support/ca-certificates/ca-certificates_20211016.bb:do_fetch

Summary: There were 2 WARNING messages shown.

Summary: There were 2 ERROR messages shown, returning a non-zero exit code.

dwatkins@carmd-ed-n11377-docker-dwatkins_apollo17:64bit build $

 

 

Looking in the git history, I find a recent commit…

 

commit 7158bf0775383eefcec148c47310b4681bfbed86

Author: Alexander Kanavin <alex.kanavin@...>

Date:   Tue Oct 19 17:33:29 2021 +0200

 

    ca-certificates: update 20210119 -> 20211016

    

    (From OE-Core rev: 43aa25b523b2c11ce483ea22435196dfca259b30)

    

    Signed-off-by: Alexander Kanavin <alex@...>

    Signed-off-by: Alexandre Belloni <alexandre.belloni@...>

    Signed-off-by: Richard Purdie <richard.purdie@...>

    (cherry picked from commit c479b8a810d966d7267af1b4dac38a46f55fc547)

    Signed-off-by: Steve Sakoman <steve@...>

    Signed-off-by: Richard Purdie <richard.purdie@...>

 

 

I don’t think this is necessarily the culprit as I likely fetched long ago and have been using cached content since.

 

Is this part of that unauthenticated GIT protocol issue?

 

 

 

Regards,

 

Darcy

 

Darcy Watkins ::  Senior Staff Engineer, Firmware

 

SIERRA WIRELESS

Direct  +1 604 233 7989   ::  Fax  +1 604 231 1109  ::  Main  +1 604 231 1100

13811 Wireless Way  :: Richmond, BC Canada V6V 3A4

[M4]

dwatkins@... :: www.sierrawireless.com





Dunfell - ERROR: ca-certificates-20211016-r0 do_fetch: Fetcher failure

Darcy Watkins
 

Hi,

 

After syncup of Yocto dunfell, I get the following error:

 

dwatkins@carmd-ed-n11377-docker-dwatkins_apollo17:64bit build $ bitbake ca-certificates -c fetch

Loading cache: 100% |#################################################################################################################################################################################################################################################| Time: 0:00:00

Loaded 4042 entries from dependency cache.

Parsing recipes: 100% |###############################################################################################################################################################################################################################################| Time: 0:00:00

Parsing of 2833 .bb files complete (2815 cached, 18 parsed). 4060 targets, 183 skipped, 0 masked, 0 errors.

WARNING: No recipes available for:

  /home/dwatkins/workspace/mgos/apollo17/meta-mg90-bsp/recipes-kernel/firmware/linux-firmware_git.bbappend

  /home/dwatkins/workspace/mgos/apollo17/meta-mg90-bsp/recipes-kernel/linux/linux-qoriq_4.19.bbappend

  /home/dwatkins/workspace/mgos/apollo17/meta-mgos-distro/meta-openssl-fips/recipes-support/openssl/openssl_1.0.2%.bbappend

  /home/dwatkins/workspace/mgos/apollo17/meta-mgos-core/recipes-support/cherrypy/cherrypy-python_%.bbappend

  /home/dwatkins/workspace/mgos/apollo17/meta-mgos-core/recipes-support/hostapd/hostapd_2.6.bbappend

  /home/dwatkins/workspace/mgos/apollo17/meta-mgos-core/recipes-support/hostapd/hostapd_2.8.bbappend

  /home/dwatkins/workspace/mgos/apollo17/meta-mgos-core/recipes-support/wpa-supplicant/wpa-supplicant_2.6.bbappend

  /home/dwatkins/workspace/mgos/apollo17/meta-mgos-core/recipes-support/wpa-supplicant/wpa-supplicant_2.7.bbappend

NOTE: Resolving any missing task queue dependencies

 

Build Configuration:

BB_VERSION           = "1.46.0"

BUILD_SYS            = "x86_64-linux"

NATIVELSBSTRING      = "universal"

TARGET_SYS           = "arm-poky-linux-gnueabi"

MACHINE              = "mg90"

DISTRO               = "mgos"

DISTRO_VERSION       = "3.1.11"

TUNE_FEATURES        = "arm vfp cortexa7 neon callconvention-hard"

TARGET_FPU           = "hard"

meta-mgos-core       = "main:96c5c6d35f19d16f65100ee29cb23e9a1470876c"

meta-mgos-release    = "main:0825ac63c95db495330848f80d6d68b6f47a77d4"

meta-mg90-bsp        = "main:47d0284b7a337df7587055c405213f9428c94884"

meta-mgos-airprime   = "main:5e8ffb01629c60d282b22e3313740e3b2cf325f4"

meta                 

meta-daisy-cf        

meta-openssl-fips    

meta-sigma           = "main:abf8a7a7408b690dfb0dff796ce8e94b6b661b0d"

meta                 

meta-poky            

meta-yocto-bsp       = "HEAD:0810ac6b926cd901f0619e95f367efc79d4c3159"

meta-oe              

meta-networking      

meta-python          

meta-perl            = "HEAD:814eec96c2a29172da57a425a3609f8b6fcc6afe"

meta-security        

meta-integrity       

meta-security-compliance 

meta-security-isafw  = "HEAD:b76698c788cb8ca632077a972031899ef15025d6"

meta-freescale       = "HEAD:727fd8df20c8ee58474ce15cd5e1459f14bee977"

meta-java            = "HEAD:6e84638d77ac921aac46649095bca5ddbde94d2a"

workspace            = "<unknown>:<unknown>"

 

Initialising tasks: 100% |############################################################################################################################################################################################################################################| Time: 0:00:00

Sstate summary: Wanted 0 Found 0 Missed 0 Current 0 (0% match, 0% complete)

NOTE: No setscene tasks

NOTE: Executing Tasks

WARNING: ca-certificates-20211016-r0 do_fetch: Failed to fetch URL git://salsa.debian.org/debian/ca-certificates.git;protocol=https, attempting MIRRORS if available

ERROR: ca-certificates-20211016-r0 do_fetch: Fetcher failure: Fetch command export PSEUDO_DISABLED=1; export PATH="/home/dwatkins/workspace/mgos/apollo17/build/tmp/sysroots-uninative/x86_64-linux/usr/bin:/home/dwatkins/workspace/mgos/apollo17/upstream/yocto/poky/scripts:/home/dwatkins/workspace/mgos/apollo17/build/tmp/work/all-poky-linux/ca-certificates/20211016-r0/recipe-sysroot-native/usr/bin/allarch-poky-linux:/home/dwatkins/workspace/mgos/apollo17/build/tmp/work/all-poky-linux/ca-certificates/20211016-r0/recipe-sysroot/usr/bin/crossscripts:/home/dwatkins/workspace/mgos/apollo17/build/tmp/work/all-poky-linux/ca-certificates/20211016-r0/recipe-sysroot-native/usr/sbin:/home/dwatkins/workspace/mgos/apollo17/build/tmp/work/all-poky-linux/ca-certificates/20211016-r0/recipe-sysroot-native/usr/bin:/home/dwatkins/workspace/mgos/apollo17/build/tmp/work/all-poky-linux/ca-certificates/20211016-r0/recipe-sysroot-native/sbin:/home/dwatkins/workspace/mgos/apollo17/build/tmp/work/all-poky-linux/ca-certificates/20211016-r0/recipe-sysroot-native/bin:/home/dwatkins/workspace/mgos/apollo17/upstream/yocto/poky/bitbake/bin:/home/dwatkins/workspace/mgos/apollo17/build/tmp/hosttools"; export HOME="/home/dwatkins"; LANG=C git -c core.fsyncobjectfiles=0 fetch -f --progress "https://salsa.debian.org/debian/ca-certificates.git" refs/*:refs/* failed with exit code 128, no output

ERROR: ca-certificates-20211016-r0 do_fetch: Bitbake Fetcher Error: FetchError('Unable to fetch URL from any source.', 'git://salsa.debian.org/debian/ca-certificates.git;protocol=https')

ERROR: Logfile of failure stored in: /home/dwatkins/workspace/mgos/apollo17/build/tmp/work/all-poky-linux/ca-certificates/20211016-r0/temp/log.do_fetch.11215

ERROR: Task (/home/dwatkins/workspace/mgos/apollo17/upstream/yocto/poky/meta/recipes-support/ca-certificates/ca-certificates_20211016.bb:do_fetch) failed with exit code '1'

NOTE: Tasks Summary: Attempted 1 tasks of which 0 didn't need to be rerun and 1 failed.

 

Summary: 1 task failed:

  /home/dwatkins/workspace/mgos/apollo17/upstream/yocto/poky/meta/recipes-support/ca-certificates/ca-certificates_20211016.bb:do_fetch

Summary: There were 2 WARNING messages shown.

Summary: There were 2 ERROR messages shown, returning a non-zero exit code.

dwatkins@carmd-ed-n11377-docker-dwatkins_apollo17:64bit build $

 

 

Looking in the git history, I find a recent commit…

 

commit 7158bf0775383eefcec148c47310b4681bfbed86

Author: Alexander Kanavin <alex.kanavin@...>

Date:   Tue Oct 19 17:33:29 2021 +0200

 

    ca-certificates: update 20210119 -> 20211016

    

    (From OE-Core rev: 43aa25b523b2c11ce483ea22435196dfca259b30)

    

    Signed-off-by: Alexander Kanavin <alex@...>

    Signed-off-by: Alexandre Belloni <alexandre.belloni@...>

    Signed-off-by: Richard Purdie <richard.purdie@...>

    (cherry picked from commit c479b8a810d966d7267af1b4dac38a46f55fc547)

    Signed-off-by: Steve Sakoman <steve@...>

    Signed-off-by: Richard Purdie <richard.purdie@...>

 

 

I don’t think this is necessarily the culprit as I likely fetched long ago and have been using cached content since.

 

Is this part of that unauthenticated GIT protocol issue?

 

 

 

Regards,

 

Darcy

 

Darcy Watkins ::  Senior Staff Engineer, Firmware

 

SIERRA WIRELESS

Direct  +1 604 233 7989   ::  Fax  +1 604 231 1109  ::  Main  +1 604 231 1100

13811 Wireless Way  :: Richmond, BC Canada V6V 3A4

[M4]

dwatkins@... :: www.sierrawireless.com


Re: Bitbake build fails because of a python function

Alexander Kanavin
 

It's hard to say if we can't replicate the issue. Check /srv/yocto/build/tmp/work/corei7-64-poky-linux/perl/5.30.1-r0/temp/log.do_package_write_rpm, it might have useful debugging info.

Alex


On Wed, 3 Nov 2021 at 21:45, Maksym Iliev via lists.yoctoproject.org <maksym.iliev=litmus.io@...> wrote:

Hello guys. I am brand new to yocto and bitbake and I am looking for any help/advice/hints I can get. I have inherited someone else's code for building yocto project images, but the bitbake fails with the following error:

ERROR: perl-5.30.1-r0 do_package_write_rpm: Error executing a python function in exec_func_python() 
autogenerated:The stack trace of python calls that resulted in this exception/failure was: File: 'exec_func_python() autogenerated', lineno: 2, function: <module>
0001: *** 
0002:do_package_rpm(d)     
0003:
File: '/srv/yocto/poky/meta/classes/package_rpm.bbclass', lineno: 712, function: do_package_rpm     
0708:     
0709:    # Build the rpm package!     
0710:    d.setVar('BUILDSPEC', cmd + \"\\n\" + cleanupcmd + \"\\n\")     
0711:    d.setVarFlag('BUILDSPEC', 'func', '1')
0712:    bb.build.exec_func('BUILDSPEC', d)     
0713:     
0714:    if d.getVar('RPM_SIGN_PACKAGES') == '1':
0715:        bb.build.exec_func(\"sign_rpm\", d)     
0716:}
File: '/srv/yocto/poky/bitbake/lib/bb/build.py', lineno: 254, function: exec_func     
0250:    with bb.utils.fileslocked(lockfiles):     
0251:    if ispython:     
0252:            exec_func_python(func, d, runfile, cwd=adir)     
0253:    else: *** 
0254:            exec_func_shell(func, d, runfile, cwd=adir)     
0255:     
0256:    try:     
0257:        curcwd = os.getcwd()     
0258:    except:
File: '/srv/yocto/poky/bitbake/lib/bb/build.py', lineno: 455, function: exec_func_shell     
0451:    with open(fifopath, 'r+b', buffering=0) as fifo:     
0452:        try:     
0453:            bb.debug(2, \"Executing shell function %s\" % func)    
0454:            with open(os.devnull, 'r+') as stdin, logfile: *** 
0455:                bb.process.run(cmd, shell=False, stdin=stdin, log=logfile, extrafiles=[(fifo,readfifo)])     
0456:        finally:     
0457:            os.unlink(fifopath)    
0458:     
0459:    bb.debug(2, \"Shell function %s finished\" % func)
File: '/srv/yocto/poky/bitbake/lib/bb/process.py', lineno: 184, function: run     
0180:     
0181:    if pipe.returncode != 0:     
0182:        if log:     
0183:            # Don't duplicate the output in the exception if logging it *** 
0184:            raise ExecutionError(cmd, pipe.returncode, None, None)     
0185:        raise ExecutionError(cmd, pipe.returncode, stdout, stderr)     
0186:    return stdout, stderr Exception: bb.process.ExecutionError: Execution of '/srv/yocto/build/tmp/work/corei7-64-poky-linux/perl/5.30.1-r0/temp/run.BUILDSPEC.35372' failed with exit code 1
Would anyone be able to point me in the right direction as to what could be potentially causing this issue?

Thanks in advance,
Maksym



Bitbake build fails because of a python function

Maksym Iliev
 

Hello guys. I am brand new to yocto and bitbake and I am looking for any help/advice/hints I can get. I have inherited someone else's code for building yocto project images, but the bitbake fails with the following error:

ERROR: perl-5.30.1-r0 do_package_write_rpm: Error executing a python function in exec_func_python() 
autogenerated:The stack trace of python calls that resulted in this exception/failure was: File: 'exec_func_python() autogenerated', lineno: 2, function: <module>
0001: *** 
0002:do_package_rpm(d)     
0003:
File: '/srv/yocto/poky/meta/classes/package_rpm.bbclass', lineno: 712, function: do_package_rpm     
0708:     
0709:    # Build the rpm package!     
0710:    d.setVar('BUILDSPEC', cmd + \"\\n\" + cleanupcmd + \"\\n\")     
0711:    d.setVarFlag('BUILDSPEC', 'func', '1')
0712:    bb.build.exec_func('BUILDSPEC', d)     
0713:     
0714:    if d.getVar('RPM_SIGN_PACKAGES') == '1':
0715:        bb.build.exec_func(\"sign_rpm\", d)     
0716:}
File: '/srv/yocto/poky/bitbake/lib/bb/build.py', lineno: 254, function: exec_func     
0250:    with bb.utils.fileslocked(lockfiles):     
0251:    if ispython:     
0252:            exec_func_python(func, d, runfile, cwd=adir)     
0253:    else: *** 
0254:            exec_func_shell(func, d, runfile, cwd=adir)     
0255:     
0256:    try:     
0257:        curcwd = os.getcwd()     
0258:    except:
File: '/srv/yocto/poky/bitbake/lib/bb/build.py', lineno: 455, function: exec_func_shell     
0451:    with open(fifopath, 'r+b', buffering=0) as fifo:     
0452:        try:     
0453:            bb.debug(2, \"Executing shell function %s\" % func)    
0454:            with open(os.devnull, 'r+') as stdin, logfile: *** 
0455:                bb.process.run(cmd, shell=False, stdin=stdin, log=logfile, extrafiles=[(fifo,readfifo)])     
0456:        finally:     
0457:            os.unlink(fifopath)    
0458:     
0459:    bb.debug(2, \"Shell function %s finished\" % func)
File: '/srv/yocto/poky/bitbake/lib/bb/process.py', lineno: 184, function: run     
0180:     
0181:    if pipe.returncode != 0:     
0182:        if log:     
0183:            # Don't duplicate the output in the exception if logging it *** 
0184:            raise ExecutionError(cmd, pipe.returncode, None, None)     
0185:        raise ExecutionError(cmd, pipe.returncode, stdout, stderr)     
0186:    return stdout, stderr Exception: bb.process.ExecutionError: Execution of '/srv/yocto/build/tmp/work/corei7-64-poky-linux/perl/5.30.1-r0/temp/run.BUILDSPEC.35372' failed with exit code 1
Would anyone be able to point me in the right direction as to what could be potentially causing this issue?

Thanks in advance,
Maksym


Re: how to handle third party licenses

Khem Raj
 



On Wed, Nov 3, 2021 at 10:57 AM Monsees, Steven C (US) via lists.yoctoproject.org <steven.monsees=baesystems.com@...> wrote:

 

Looking for the proper Yocto way to handle third party software ported to Yocto and built into kernel…

 

I’m not having issues when I recognize the license as a generic license. But the license provided to us by the vendor is not part of the generic licenses list that you (Yocto) recognize.

 

I was wondering if you could explain how to add a custom license to a recipe in yocto.

 

The vendor has provided us with a generic license.txt file and I was able to add that to the our recipe. I do get a warning though which says:

 

WARNING: aiox-defaultfs-1.0-r0 do_rootfs: The license listed DataDeviceCorporation was not in the licenses collected for recipe acexpci

 

Though the warning occurs, I can see the license.txt being saved inside the rootfs on our board and is saved under tmp/deploy/licenses/acexpci. I’ve been trying to get rid of this warning when the image builds, but I can’t seem to find anything in the manual or online. One solution says : Add LICENSE_PATH += "${LAYERDIR}/custom-licenses" under conf/layer.conf, which does not resolve this warning.


Whatever you are setting for LICENSE Variable inside recipe there should be a file with same name stored inside One of LICENSE_PATH directories. 

 

I am currently building with Yocto zeus…

 

Thanks,

Steve

 





Re: how to handle third party licenses

Jose Quaresma
 

Hi Steven,

Monsees, Steven C (US) via lists.yoctoproject.org <steven.monsees=baesystems.com@...> escreveu no dia quarta, 3/11/2021 à(s) 17:57:

 

Looking for the proper Yocto way to handle third party software ported to Yocto and built into kernel…

 

I’m not having issues when I recognize the license as a generic license. But the license provided to us by the vendor is not part of the generic licenses list that you (Yocto) recognize.

 

I was wondering if you could explain how to add a custom license to a recipe in yocto.

 

The vendor has provided us with a generic license.txt file and I was able to add that to the our recipe. I do get a warning though which says:

 

WARNING: aiox-defaultfs-1.0-r0 do_rootfs: The license listed DataDeviceCorporation was not in the licenses collected for recipe acexpci

 

Though the warning occurs, I can see the license.txt being saved inside the rootfs on our board and is saved under tmp/deploy/licenses/acexpci. I’ve been trying to get rid of this warning when the image builds, but I can’t seem to find anything in the manual or online. One solution says : Add LICENSE_PATH += "${LAYERDIR}/custom-licenses" under conf/layer.conf, which does not resolve this warning.


You can add the generic license.txt provided by the vendor to ${LAYERDIR}/custom-licenses/vendor-lic-ID

In conf/layer.conf add:
LICENSE_PATH += "${LAYERDIR}/custom-licenses"

And in the recipe:
SRC_URI += "file://license.txt"
LICENSE = "vendor-lic-ID"
LIC_FILES_CHKSUM = "file://license.txt;md5=xxxxxxxxxxxxxxxxxx"

 

I am currently building with Yocto zeus…

 

Thanks,

Steve

 






--
Best regards,

José Quaresma


how to handle third party licenses

Monsees, Steven C (US)
 

 

Looking for the proper Yocto way to handle third party software ported to Yocto and built into kernel…

 

I’m not having issues when I recognize the license as a generic license. But the license provided to us by the vendor is not part of the generic licenses list that you (Yocto) recognize.

 

I was wondering if you could explain how to add a custom license to a recipe in yocto.

 

The vendor has provided us with a generic license.txt file and I was able to add that to the our recipe. I do get a warning though which says:

 

WARNING: aiox-defaultfs-1.0-r0 do_rootfs: The license listed DataDeviceCorporation was not in the licenses collected for recipe acexpci

 

Though the warning occurs, I can see the license.txt being saved inside the rootfs on our board and is saved under tmp/deploy/licenses/acexpci. I’ve been trying to get rid of this warning when the image builds, but I can’t seem to find anything in the manual or online. One solution says : Add LICENSE_PATH += "${LAYERDIR}/custom-licenses" under conf/layer.conf, which does not resolve this warning.

 

I am currently building with Yocto zeus…

 

Thanks,

Steve

 


[meta-security][PATCH] recipes: Update SRC_URI branch and protocols

Armin Kuster
 

This patch updates SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls as generated by the conversion script
in OE-Core.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../recipes-openscap/oe-scap/oe-scap_1.0.bb | 2 +-
.../recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb | 2 +-
.../recipes-openscap/openscap/openscap_1.3.3.bb | 2 +-
.../recipes-openscap/openscap/openscap_git.bb | 2 +-
.../scap-security-guide/scap-security-guide_0.1.44.bb | 2 +-
.../scap-security-guide/scap-security-guide_git.bb | 2 +-
meta-tpm/recipes-tpm/libtpm/libtpm_0.8.7.bb | 2 +-
.../recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb | 2 +-
meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb | 2 +-
meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb | 2 +-
meta-tpm/recipes-tpm/tpm-quote-tools/tpm-quote-tools_1.0.4.bb | 2 +-
meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb | 2 +-
meta-tpm/recipes-tpm/trousers/trousers_git.bb | 2 +-
meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb | 2 +-
meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.7.0.bb | 2 +-
meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb | 2 +-
meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb | 2 +-
meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb | 2 +-
recipes-ids/crowdsec/crowdsec_1.1.1.bb | 2 +-
recipes-ids/ossec/ossec-hids_3.6.0.bb | 2 +-
recipes-ids/tripwire/tripwire_2.4.3.7.bb | 2 +-
recipes-mac/smack/smack_1.3.1.bb | 2 +-
recipes-scanners/checksec/checksec_2.4.0.bb | 2 +-
recipes-scanners/clamav/clamav_0.104.0.bb | 2 +-
recipes-security/chipsec/chipsec_git.bb | 2 +-
recipes-security/fail2ban/python3-fail2ban_0.11.2.bb | 2 +-
recipes-security/fscrypt/fscrypt_1.0.0.bb | 2 +-
recipes-security/fscryptctl/fscryptctl_1.0.0.bb | 2 +-
.../google-authenticator-libpam_1.08.bb | 2 +-
recipes-security/libest/libest_3.2.0.bb | 2 +-
recipes-security/libmspack/libmspack_1.9.1.bb | 2 +-
recipes-security/ncrack/ncrack_0.7.bb | 2 +-
recipes-security/nikto/nikto_2.1.6.bb | 2 +-
33 files changed, 33 insertions(+), 33 deletions(-)

diff --git a/meta-security-compliance/recipes-openscap/oe-scap/oe-scap_1.0.bb b/meta-security-compliance/recipes-openscap/oe-scap/oe-scap_1.0.bb
index 0fef233..7e9f214 100644
--- a/meta-security-compliance/recipes-openscap/oe-scap/oe-scap_1.0.bb
+++ b/meta-security-compliance/recipes-openscap/oe-scap/oe-scap_1.0.bb
@@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://README.md;md5=46dec9f167b6e05986cb4023df6d92f4"
LICENSE = "MIT"

SRCREV = "7147871d7f37d408c0dd7720ef0fd3ec1b54ad98"
-SRC_URI = "git://github.com/akuster/oe-scap.git"
+SRC_URI = "git://github.com/akuster/oe-scap.git;branch=master;protocol=https"
SRC_URI += " \
file://run_cve.sh \
file://run_test.sh \
diff --git a/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb b/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb
index f109566..549a888 100644
--- a/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb
+++ b/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb
@@ -9,7 +9,7 @@ LICENSE = "LGPL-2.1"
DEPENDS = "python3-dbus"

SRCREV = "f25b16afb6ac761fea13132ff406fba4cdfd2b76"
-SRC_URI = "git://github.com/OpenSCAP/openscap-daemon.git \
+SRC_URI = "git://github.com/OpenSCAP/openscap-daemon.git;branch=master;protocol=https \
file://0001-Renamed-module-and-variables-to-get-rid-of-async.patch \
"

diff --git a/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.3.bb b/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.3.bb
index 51fa9ee..192b008 100644
--- a/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.3.bb
+++ b/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.3.bb
@@ -3,7 +3,7 @@ SUMARRY = "NIST Certified SCAP 1.2 toolkit"
require openscap.inc

SRCREV = "0cb55c55af6be9934d6fd0caf4563b206f289732"
-SRC_URI = "git://github.com/OpenSCAP/openscap.git;branch=maint-1.3 \
+SRC_URI = "git://github.com/OpenSCAP/openscap.git;branch=maint-1.3;protocol=https \
"

DEFAULT_PREFERENCE = "-1"
diff --git a/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb b/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb
index 73a4729..a18cbd1 100644
--- a/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb
+++ b/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb
@@ -6,7 +6,7 @@ SUMARRY = "NIST Certified SCAP 1.2 toolkit with OE changes"
include openscap.inc

SRCREV = "a85943eee400fdbe59234d1c4a02d8cf710c4625"
-SRC_URI = "git://github.com/akuster/openscap.git;branch=oe-1.3 \
+SRC_URI = "git://github.com/akuster/openscap.git;branch=oe-1.3;protocol=https \
"

PV = "1.3.3+git${SRCPV}"
diff --git a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_0.1.44.bb b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_0.1.44.bb
index d80ecd7..ecf136d 100644
--- a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_0.1.44.bb
+++ b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_0.1.44.bb
@@ -1,7 +1,7 @@
SUMARRY = "SCAP content for various platforms, upstream version"

SRCREV = "8cb2d0f351faff5440742258782281164953b0a6"
-SRC_URI = "git://github.com/ComplianceAsCode/content.git"
+SRC_URI = "git://github.com/ComplianceAsCode/content.git;branch=master;protocol=https"

DEFAULT_PREFERENCE = "-1"

diff --git a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb
index 0617c56..ddde5cc 100644
--- a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb
+++ b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb
@@ -1,7 +1,7 @@
SUMARRY = "SCAP content for various platforms, OE changes"

SRCREV = "5fdfdcb2e95afbd86ace555beca5d20cbf1043ed"
-SRC_URI = "git://github.com/akuster/scap-security-guide.git;branch=oe-0.1.44; \
+SRC_URI = "git://github.com/akuster/scap-security-guide.git;branch=oe-0.1.44;;protocol=https \
file://0001-Fix-XML-parsing-of-the-remediation-functions-file.patch \
file://0002-Fixed-the-broken-fix-when-greedy-regex-ate-the-whole.patch \
file://0001-fix-deprecated-instance-of-element.getchildren.patch \
diff --git a/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.7.bb b/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.7.bb
index 95ba5c5..8fe62cf 100644
--- a/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.7.bb
+++ b/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.7.bb
@@ -3,7 +3,7 @@ LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=e73f0786a936da3814896df06ad225a9"

SRCREV = "f6dd8f55eab4910131ec6a6a570dcd7951bd10e4"
-SRC_URI = "git://github.com/stefanberger/libtpms.git;branch=stable-0.8"
+SRC_URI = "git://github.com/stefanberger/libtpms.git;branch=stable-0.8;protocol=https"

PE = "1"

diff --git a/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb b/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb
index dab1589..ef663eb 100644
--- a/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb
+++ b/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb
@@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=11f0ee3af475c85b907426e285c9bb52"
DEPENDS += "openssl trousers"

SRC_URI = "\
- git://github.com/mgerstner/openssl_tpm_engine.git \
+ git://github.com/mgerstner/openssl_tpm_engine.git;branch=master;protocol=https \
file://0001-create-tpm-key-support-well-known-key-option.patch \
file://0002-libtpm-support-env-TPM_SRK_PW.patch \
file://0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch \
diff --git a/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb b/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb
index f8347b7..77f65ae 100644
--- a/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb
+++ b/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb
@@ -9,7 +9,7 @@ DEPENDS = "libtspi"
PV = "0.1+git${SRCPV}"
SRCREV = "c02ad8f628b3d99f6d4c087b402fe31a40ee6316"

-SRC_URI = "git://github.com/flihp/pcr-extend.git \
+SRC_URI = "git://github.com/flihp/pcr-extend.git;branch=master;protocol=https \
file://fix_openssl11_build.patch "

inherit autotools
diff --git a/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb b/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb
index c7fc131..63734b9 100644
--- a/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb
+++ b/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb
@@ -7,7 +7,7 @@ SECTION = "apps"
DEPENDS = "libtasn1 coreutils-native expect-native socat-native glib-2.0 net-tools-native libtpm json-glib"

SRCREV = "98187d24fe14851653a7c46eb16e9c5f0b9beaa1"
-SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.6 \
+SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.6;protocol=https \
file://ioctl_h.patch \
file://oe_configure.patch \
"
diff --git a/meta-tpm/recipes-tpm/tpm-quote-tools/tpm-quote-tools_1.0.4.bb b/meta-tpm/recipes-tpm/tpm-quote-tools/tpm-quote-tools_1.0.4.bb
index 53cf8ff..4672bba 100644
--- a/meta-tpm/recipes-tpm/tpm-quote-tools/tpm-quote-tools_1.0.4.bb
+++ b/meta-tpm/recipes-tpm/tpm-quote-tools/tpm-quote-tools_1.0.4.bb
@@ -15,7 +15,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=8ec30b01163d242ecf07d9cd84e3611f"

DEPENDS = "libtspi tpm-tools"

-SRC_URI = "git://git.code.sf.net/p/tpmquotetools/tpm-quote-tools"
+SRC_URI = "git://git.code.sf.net/p/tpmquotetools/tpm-quote-tools;branch=master"
SRCREV = "4511874d5c9b4504bb96e94f8a14bd6c39a36295"

S = "${WORKDIR}/git"
diff --git a/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb b/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb
index dbe1647..3b3da4f 100644
--- a/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb
+++ b/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb
@@ -14,7 +14,7 @@ DEPENDS:class-native = "trousers-native"

SRCREV = "bf43837575c5f7d31865562dce7778eae970052e"
SRC_URI = " \
- git://git.code.sf.net/p/trousers/tpm-tools \
+ git://git.code.sf.net/p/trousers/tpm-tools;branch=master \
file://tpm-tools-extendpcr.patch \
file://04-fix-FTBFS-clang.patch \
file://openssl1.1_fix.patch \
diff --git a/meta-tpm/recipes-tpm/trousers/trousers_git.bb b/meta-tpm/recipes-tpm/trousers/trousers_git.bb
index 5e03b71..192c66c 100644
--- a/meta-tpm/recipes-tpm/trousers/trousers_git.bb
+++ b/meta-tpm/recipes-tpm/trousers/trousers_git.bb
@@ -10,7 +10,7 @@ SRCREV = "94144b0a1dcef6e31845d6c319e9bd7357208eb9"
PV = "0.3.15+git${SRCPV}"

SRC_URI = " \
- git://git.code.sf.net/p/trousers/trousers \
+ git://git.code.sf.net/p/trousers/trousers;branch=master \
file://trousers.init.sh \
file://trousers-udev.rules \
file://tcsd.service \
diff --git a/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb b/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb
index b80ef79..1818171 100644
--- a/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb
@@ -13,7 +13,7 @@ DEPENDS = "autoconf-archive dbus glib-2.0 tpm2-tss glib-2.0-native \
libtss2 libtss2-mu libtss2-tcti-device libtss2-tcti-mssim"

SRC_URI = "\
- git://github.com/tpm2-software/tpm2-abrmd.git \
+ git://github.com/tpm2-software/tpm2-abrmd.git;branch=master;protocol=https \
file://tpm2-abrmd-init.sh \
file://tpm2-abrmd.default \
"
diff --git a/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.7.0.bb b/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.7.0.bb
index 649338a..366e9da 100644
--- a/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.7.0.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.7.0.bb
@@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=0fc19f620a102768d6dbd1e7166e78ab"

DEPENDS = "autoconf-archive pkgconfig dstat sqlite3 openssl libtss2-dev tpm2-tools libyaml p11-kit python3-setuptools-native"

-SRC_URI = "git://github.com/tpm2-software/tpm2-pkcs11.git;branch=master \
+SRC_URI = "git://github.com/tpm2-software/tpm2-pkcs11.git;branch=master;protocol=https \
file://bootstrap_fixup.patch \
file://0001-remove-local-binary-checkes.patch \
"
diff --git a/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb b/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb
index 47113d2..2bf1eed 100644
--- a/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb
@@ -4,7 +4,7 @@ LICENSE = "BSD-2-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da"
DEPENDS = "libtss2-dev libtss2-mu-dev gnu-efi-native gnu-efi pkgconfig autoconf-archive-native"

-SRC_URI = "git://github.com/tpm2-software/tpm2-tcti-uefi.git \
+SRC_URI = "git://github.com/tpm2-software/tpm2-tcti-uefi.git;branch=master;protocol=https \
file://configure_oe_fixup.patch \
file://0001-configure.ac-stop-inserting-host-directories-into-co.patch \
file://fix_header_file.patch \
diff --git a/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb b/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb
index dfebc07..d324e33 100644
--- a/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb
@@ -10,7 +10,7 @@ DEPENDS = "autoconf-archive libtss2-dev qrencode"
PE = "1"

SRCREV = "96a1448753a48974149003bc90ea3990ae8e8d0b"
-SRC_URI = "git://github.com/tpm2-software/tpm2-totp.git"
+SRC_URI = "git://github.com/tpm2-software/tpm2-totp.git;branch=master;protocol=https"

inherit autotools-brokensep pkgconfig

diff --git a/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb b/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb
index 3069b1f..4d1f425 100644
--- a/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb
@@ -9,7 +9,7 @@ SECTION = "security/tpm"
DEPENDS = "autoconf-archive-native bash-completion libtss2 libgcrypt openssl"

SRCREV = "6f387a4efe2049f1b4833e8f621c77231bc1eef4"
-SRC_URI = "git://github.com/tpm2-software/tpm2-tss-engine.git;branch=v1.1.x"
+SRC_URI = "git://github.com/tpm2-software/tpm2-tss-engine.git;branch=v1.1.x;protocol=https"

inherit autotools-brokensep pkgconfig systemd

diff --git a/recipes-ids/crowdsec/crowdsec_1.1.1.bb b/recipes-ids/crowdsec/crowdsec_1.1.1.bb
index 887c75d..81f2b8f 100644
--- a/recipes-ids/crowdsec/crowdsec_1.1.1.bb
+++ b/recipes-ids/crowdsec/crowdsec_1.1.1.bb
@@ -3,7 +3,7 @@ SUMMARY = "CrowdSec is a free, modern & collaborative behavior detection engine,
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://src/import/LICENSE;md5=105e75b680b2ab82fa5718661b41f3bf"

-SRC_URI = "git://github.com/crowdsecurity/crowdsec.git;branch=master"
+SRC_URI = "git://github.com/crowdsecurity/crowdsec.git;branch=master;protocol=https"
SRCREV = "73e0bbaf93070f4a640eb5a22212b5dcf26699de"

DEPENDS = "jq-native"
diff --git a/recipes-ids/ossec/ossec-hids_3.6.0.bb b/recipes-ids/ossec/ossec-hids_3.6.0.bb
index 309ca52..853facf 100644
--- a/recipes-ids/ossec/ossec-hids_3.6.0.bb
+++ b/recipes-ids/ossec/ossec-hids_3.6.0.bb
@@ -4,7 +4,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=d625d1520b5e38faefb81cf9772badc9"


DEPENDS = "openssl libpcre2 zlib libevent"
-SRC_URI = "git://github.com/ossec/ossec-hids;branch=master \
+SRC_URI = "git://github.com/ossec/ossec-hids;branch=master;protocol=https \
file://0001-Makefile-drop-running-scrips-install.patch \
file://0002-Makefile-don-t-set-uid-gid.patch \
"
diff --git a/recipes-ids/tripwire/tripwire_2.4.3.7.bb b/recipes-ids/tripwire/tripwire_2.4.3.7.bb
index 3a9bc1d..93cb443 100644
--- a/recipes-ids/tripwire/tripwire_2.4.3.7.bb
+++ b/recipes-ids/tripwire/tripwire_2.4.3.7.bb
@@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=1c069be8dbbe48e89b580ab4ed86c127"
SRCREV = "6e64a9e5b70a909ec439bc5a099e3fcf38c614b0"

SRC_URI = "\
- git://github.com/Tripwire/tripwire-open-source.git \
+ git://github.com/Tripwire/tripwire-open-source.git;branch=master;protocol=https \
file://tripwire.cron \
file://tripwire.sh \
file://tripwire.txt \
diff --git a/recipes-mac/smack/smack_1.3.1.bb b/recipes-mac/smack/smack_1.3.1.bb
index 6c2f041..79a8f5a 100644
--- a/recipes-mac/smack/smack_1.3.1.bb
+++ b/recipes-mac/smack/smack_1.3.1.bb
@@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c"

SRCREV = "4a102c7584b39ce693995ffb65e0918a9df98dd8"
SRC_URI = " \
- git://github.com/smack-team/smack.git \
+ git://github.com/smack-team/smack.git;branch=master;protocol=https \
file://smack_generator_make_fixup.patch \
file://run-ptest"

diff --git a/recipes-scanners/checksec/checksec_2.4.0.bb b/recipes-scanners/checksec/checksec_2.4.0.bb
index 12c9bce..9a6e44a 100644
--- a/recipes-scanners/checksec/checksec_2.4.0.bb
+++ b/recipes-scanners/checksec/checksec_2.4.0.bb
@@ -7,7 +7,7 @@ HOMEPAGE="https://github.com/slimm609/checksec.sh"
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=8d90285f711cf1f378e2c024457066d8"

SRCREV = "c3754e45e04f9104db93b2048afd094427102d48"
-SRC_URI = "git://github.com/slimm609/checksec.sh"
+SRC_URI = "git://github.com/slimm609/checksec.sh;branch=master;protocol=https"

S = "${WORKDIR}/git"

diff --git a/recipes-scanners/clamav/clamav_0.104.0.bb b/recipes-scanners/clamav/clamav_0.104.0.bb
index 25123dc..e59f5ff 100644
--- a/recipes-scanners/clamav/clamav_0.104.0.bb
+++ b/recipes-scanners/clamav/clamav_0.104.0.bb
@@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING.txt;beginline=2;endline=3;md5=f7029fbbc5898b2
# July 27th
SRCREV = "c389dfa4c3af92b006ada4f7595bbc3e6df3f356"

-SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=rel/0.104 \
+SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=rel/0.104;protocol=https \
file://clamd.conf \
file://freshclam.conf \
file://volatiles.03_clamav \
diff --git a/recipes-security/chipsec/chipsec_git.bb b/recipes-security/chipsec/chipsec_git.bb
index 3339dc1..e265a08 100644
--- a/recipes-security/chipsec/chipsec_git.bb
+++ b/recipes-security/chipsec/chipsec_git.bb
@@ -7,7 +7,7 @@ DESCRIPTION = "CHIPSEC is a framework for analyzing the security \
LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=bc2d1f9b427be5fb63f6af9da56f7c5d"

-SRC_URI = "git://github.com/chipsec/chipsec.git;branch=master \
+SRC_URI = "git://github.com/chipsec/chipsec.git;branch=master;protocol=https \
"

SRCREV = "b2a61684826dc8b9f622a844a40efea579cd7e7d"
diff --git a/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb b/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
index 627496f..fcf044a 100644
--- a/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
+++ b/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
@@ -10,7 +10,7 @@ LICENSE = "GPL-2.0"
LIC_FILES_CHKSUM = "file://COPYING;md5=ecabc31e90311da843753ba772885d9f"

SRCREV ="d6b884f3b72b8a42b21da863836569ef6836c2ea"
-SRC_URI = " git://github.com/fail2ban/fail2ban.git;branch=0.11 \
+SRC_URI = " git://github.com/fail2ban/fail2ban.git;branch=0.11;protocol=https \
file://initd \
file://run-ptest \
"
diff --git a/recipes-security/fscrypt/fscrypt_1.0.0.bb b/recipes-security/fscrypt/fscrypt_1.0.0.bb
index a70d310..66bf429 100644
--- a/recipes-security/fscrypt/fscrypt_1.0.0.bb
+++ b/recipes-security/fscrypt/fscrypt_1.0.0.bb
@@ -14,7 +14,7 @@ BBCLASSEXTEND = "native nativesdk"
DEPENDS += "go-dep-native libpam"

SRCREV = "92b1e9a8670ccd3916a7d24a06cab1e4c9815bc4"
-SRC_URI = "git://github.com/google/fscrypt.git"
+SRC_URI = "git://github.com/google/fscrypt.git;branch=master;protocol=https"
GO_IMPORT = "import"

S = "${WORKDIR}/git"
diff --git a/recipes-security/fscryptctl/fscryptctl_1.0.0.bb b/recipes-security/fscryptctl/fscryptctl_1.0.0.bb
index 26f549b..d319e48 100644
--- a/recipes-security/fscryptctl/fscryptctl_1.0.0.bb
+++ b/recipes-security/fscryptctl/fscryptctl_1.0.0.bb
@@ -10,7 +10,7 @@ LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"

SRCREV = "56b898c896240328adef7407090215abbe9ee03d"
-SRC_URI = "git://github.com/google/fscryptctl.git"
+SRC_URI = "git://github.com/google/fscryptctl.git;branch=master;protocol=https"

S = "${WORKDIR}/git"

diff --git a/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.08.bb b/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.08.bb
index 4ab8374..e8ddf29 100644
--- a/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.08.bb
+++ b/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.08.bb
@@ -3,7 +3,7 @@ HOME_PAGE = "https://github.com/google/google-authenticator-libpam"
LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
LICENSE = "Apache-2.0"

-SRC_URI = "git://github.com/google/google-authenticator-libpam.git"
+SRC_URI = "git://github.com/google/google-authenticator-libpam.git;branch=master;protocol=https"
SRCREV = "2c7415d950fb0b4a7f779f045910666447b100ef"

DEPENDS = "libpam"
diff --git a/recipes-security/libest/libest_3.2.0.bb b/recipes-security/libest/libest_3.2.0.bb
index fda2df4..31fbe3c 100644
--- a/recipes-security/libest/libest_3.2.0.bb
+++ b/recipes-security/libest/libest_3.2.0.bb
@@ -6,7 +6,7 @@ LICENSE = "OpenSSL"
LIC_FILES_CHKSUM = "file://LICENSE;md5=ecb78acde8e3b795de8ef6b61aed5885"

SRCREV = "4ca02c6d7540f2b1bcea278a4fbe373daac7103b"
-SRC_URI = "git://github.com/cisco/libest;branch=main"
+SRC_URI = "git://github.com/cisco/libest;branch=main;protocol=https"

DEPENDS = "openssl"

diff --git a/recipes-security/libmspack/libmspack_1.9.1.bb b/recipes-security/libmspack/libmspack_1.9.1.bb
index 8c288be..65db10f 100644
--- a/recipes-security/libmspack/libmspack_1.9.1.bb
+++ b/recipes-security/libmspack/libmspack_1.9.1.bb
@@ -7,7 +7,7 @@ DEPENDS = ""
LIC_FILES_CHKSUM = "file://COPYING.LIB;beginline=1;endline=2;md5=5b1fd1f66ef926b3c8a5bb00a72a28dd"

SRCREV = "63d3faf90423a4a6c174539a7d32111a840adadc"
-SRC_URI = "git://github.com/kyz/libmspack.git"
+SRC_URI = "git://github.com/kyz/libmspack.git;branch=master;protocol=https"

inherit autotools

diff --git a/recipes-security/ncrack/ncrack_0.7.bb b/recipes-security/ncrack/ncrack_0.7.bb
index 8b221e5..f151e4e 100644
--- a/recipes-security/ncrack/ncrack_0.7.bb
+++ b/recipes-security/ncrack/ncrack_0.7.bb
@@ -7,7 +7,7 @@ LICENSE = "GPL-2.0"
LIC_FILES_CHKSUM = "file://COPYING;beginline=7;endline=12;md5=66938a7e5b4c118eda78271de14874c2"

SRCREV = "dc570e7e3cec1fb176c0168eaedc723084bd0426"
-SRC_URI = "git://github.com/nmap/ncrack.git"
+SRC_URI = "git://github.com/nmap/ncrack.git;branch=master;protocol=https"

DEPENDS = "openssl zlib"

diff --git a/recipes-security/nikto/nikto_2.1.6.bb b/recipes-security/nikto/nikto_2.1.6.bb
index 242f3ac..8542d69 100644
--- a/recipes-security/nikto/nikto_2.1.6.bb
+++ b/recipes-security/nikto/nikto_2.1.6.bb
@@ -7,7 +7,7 @@ LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6"

SRCREV = "f1bbd1a8756c076c8fd4f4dd0bc34a8ef215ae79"
-SRC_URI = "git://github.com/sullo/nikto.git \
+SRC_URI = "git://github.com/sullo/nikto.git;branch=master;protocol=https \
file://location.patch"

S = "${WORKDIR}/git/program"
--
2.25.1


Re: preempt-rt

Monsees, Steven C (US)
 

Thanks…

 

 

From: yocto@... <yocto@...> On Behalf Of codusnocturnus via lists.yoctoproject.org
Sent: Wednesday, November 3, 2021 9:25 AM
To: yocto@...
Subject: Re: [yocto] preempt-rt

 

External Email Alert

This email has been sent from an account outside of the BAE Systems network.

Please treat the email with caution, especially if you are requested to click on a link, decrypt/open an attachment, or enable macros.  For further information on how to spot phishing, access “Cybersecurity OneSpace Page” and report phishing by clicking the button “Report Phishing” on the Outlook toolbar.

 

 

 

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐

On Wednesday, November 3rd, 2021 at 5:43 AM, Monsees, Steven C (US) via lists.yoctoproject.org <steven.monsees=baesystems.com@...> wrote:

 

 

I have a platform based off a aarm64 Xilinx based kernel, which is not a compliant mainline kernel… so, I will need to go the preemp-rt patch route.

 

Can you supply an example Yocto recipe that applies the patch, doesn’t even have to be arm based… just looking for baseline I might use to carve out support for my platform.

 

There are a few details to sort out (like finding a patch compatible with the kernel recipe you want to use, or a compromise of the two), but basically a kernel .bbappend with the following will suffice to just patch the kernel.

FILES_EXTRAPATHS_prepend := "${THISDIR}/files:"

 

After that, you need a configuration fragment to enable PREEMPT-RT in the build.

CONFIG_PREEMPT_RT=y

 

 

Thanks,

Steve

Sent with ProtonMail Secure Email.

 

 

 


Re: preempt-rt

codusnocturnus
 


‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Wednesday, November 3rd, 2021 at 6:24 AM, codusnocturnus via lists.yoctoproject.org <codusnocturnus=protonmail.com@...> wrote:



‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Wednesday, November 3rd, 2021 at 5:43 AM, Monsees, Steven C (US) via lists.yoctoproject.org <steven.monsees=baesystems.com@...> wrote:

 

I have a platform based off a aarm64 Xilinx based kernel, which is not a compliant mainline kernel… so, I will need to go the preemp-rt patch route.

 

Can you supply an example Yocto recipe that applies the patch, doesn’t even have to be arm based… just looking for baseline I might use to carve out support for my platform.


There are a few details to sort out (like finding a patch compatible with the kernel recipe you want to use, or a compromise of the two), but basically a kernel .bbappend with the following will suffice to just patch the kernel.
FILES_EXTRAPATHS_prepend := "${THISDIR}/files:"

Oops, FILES_EXTRAPATHS_prepend isn't necessary in this case.  I usually download and store the patch in my layer once I find the right one...



After that, you need a configuration fragment to enable PREEMPT-RT in the build.
CONFIG_PREEMPT_RT=y

 

Thanks,

Steve

Sent with ProtonMail Secure Email.




1881 - 1900 of 57090