Date   

Re: [RFC][WIP]{honister] kernel-lab manual

Michael Opdenacker
 

Hi Tim

Many thanks for these instructions, and sorry for the late reply.
However, I wouldn't have forgotten to review it if you had copied the
docs@ mailing list ;-)

On 5/12/22 20:10, Tim Orling wrote:
I have the restructured text conversion far enough along for the
'kernel-lab' to share it now. Because I was last working on this for
Yocto Project Summit 2021.11, the current qemux86 base is on
'honister' (although I am upgrading it to honister-3.4.4 tag).

Please realize there is a lot of history to this material and some of
it was done by folks that have left this mortal coil and some respect
for that posterity is included in this work. We can change and morph
in the future, once it has been captured close to what it is here.

I also have a separate workflow going for the Yocto Project Summit
2022.05 which is in Google Slides and is qemuarm64 based
('kirkstone'). Eventually I will find the time to update the
kernel-lab manual to follow suit, but our collective discussion may
impact that.

You can take a look at YP Summit 2021.11 to see a preview of what is
coming for YP Summit 2022.05 (once I figure out the pesky
printk/pr_info issue):
https://elinux.org/images/b/be/Yps2021.11-handson-kernel.pdf

Current working branch of kernel-lab manual:
https://github.com/moto-timo/yocto-docs/tree/timo/honister/kernel-lab

And the accompanying metadata training materials:
https://github.com/moto-timo/kernel-lab-layers/tree/wip-honister

The intent is that for a given release of the docs, we would have
exercises for  LTS, Stable and Mainline (really this means
current-stable, not -dev). Currently, LTS would be 5.10, Stable would
be 5.15 and Mainline would be 5.17.

The whole instructions look very good and ready for inclusion when the
mentioned repository for the lab layers exists.

I'm starting to run them.

How should we proceed? I'd suggest to:

* Publish the repository for the lab layers at the specified location
* Submit the sources to the docs@ mailing list for public review. I
have a few minor issues to report, and this could happen then.

What do you think?

So far, there's just one thing that bothers me a bit: the .bb or .conf
files that we are supposed to open could be useful to show directly in
the documentation. It looks a bit strange to talk about the contents of
a file without showing it at the same time. I know, there's a risk to
see them getting out of sync with the actual sources.

Maybe we can find a way to include the contents of files from branches
in cloned repositories. This would be handy in many places...

Thanks again,
Cheers
Michael.

--
Michael Opdenacker, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com


Re: CVE metrics tracking from the autobuilder

Richard Purdie
 

Hi Anuj,

On Wed, 2022-05-25 at 14:38 +0000, Mittal, Anuj wrote:
On Wed, 2022-05-25 at 14:30 +0100, Richard Purdie wrote:


This is working for dunfell/kirkstone/master. It is enabled for
honister but doesn't work since the json CVE output for honister
isn't
there.

Not sure if we want to add the json CVE output to honister to enable
that for the short time that release has left?
Yeah, there is only a week left and I wasn't planning to take those
patches in my final pull request.
I will just disable it then, thanks for the info.

Cheers,

Richard


Re: CVE metrics tracking from the autobuilder

Anuj Mittal
 

Hi Richard,

On Wed, 2022-05-25 at 14:30 +0100, Richard Purdie wrote:
I'm happy to say that automatic CVE metric tracking is now on the
autobuilder and automatically feeding to:

https://autobuilder.yocto.io/pub/non-release/patchmetrics/

and the git repository that backs it:

https://git.yoctoproject.org/yocto-metrics/log/
This is very nice.


This is working for dunfell/kirkstone/master. It is enabled for
honister but doesn't work since the json CVE output for honister
isn't
there.

Not sure if we want to add the json CVE output to honister to enable
that for the short time that release has left?
Yeah, there is only a week left and I wasn't planning to take those
patches in my final pull request.

Thanks,

Anuj



I plan to run the autobuilder job powering this nightly.

Currently it adds a json file for each run into the yocto-metrics
repository. These are 6MB each though so we're going to get into
silly
amounts of data rather quickly so I may have to adjust it to just
write
the latest. It would also help the size to use tabs instead of spaces
for indentation.

The autobuilder job currently throws warnings but I think Ross said
he'd send a patch to allow that to be configurable.

Also, this doesn't send the CVE emails Steve currently sends. It
would
be possible to add, I'm hoping someone might like to send some
patches!

Cheers,

Richard





Need help in namespace journal implementation

Prashant Badsheshi <prashantsbemail@...>
 

Hi,

I am working on a yocto based project, I am trying to add namespace journal logging.

Can anyone share the steps to create a namespace journal logging in the yocto based project.

Also it would be helpful if we have any examples implemented for namespace journals.

 

Thanks,

Prashant


CVE metrics tracking from the autobuilder

Richard Purdie
 

I'm happy to say that automatic CVE metric tracking is now on the
autobuilder and automatically feeding to:

https://autobuilder.yocto.io/pub/non-release/patchmetrics/

and the git repository that backs it:

https://git.yoctoproject.org/yocto-metrics/log/

This is working for dunfell/kirkstone/master. It is enabled for
honister but doesn't work since the json CVE output for honister isn't
there.

Not sure if we want to add the json CVE output to honister to enable
that for the short time that release has left?

I plan to run the autobuilder job powering this nightly.

Currently it adds a json file for each run into the yocto-metrics
repository. These are 6MB each though so we're going to get into silly
amounts of data rather quickly so I may have to adjust it to just write
the latest. It would also help the size to use tabs instead of spaces
for indentation.

The autobuilder job currently throws warnings but I think Ross said
he'd send a patch to allow that to be configurable.

Also, this doesn't send the CVE emails Steve currently sends. It would
be possible to add, I'm hoping someone might like to send some patches!

Cheers,

Richard


Re: [meta-security][PATCH] meta-parsec: Update Parsec runtime tests

Armin Kuster
 

Very nice. This is much better than what I did.

may thanks,
Armin

On 5/24/22 11:05, Anton Antonov wrote:
Signed-off-by: Anton Antonov <Anton.Antonov@...>
---
meta-parsec/README.md | 65 +++++++++
meta-parsec/lib/oeqa/runtime/cases/parsec.py | 135 ++++++++++++++++--
.../images/security-parsec-image.bb | 5 +-
.../packagegroup-security-parsec.bb | 1 -
meta-tpm/classes/sanity-meta-tpm.bbclass | 4 +-
5 files changed, 191 insertions(+), 19 deletions(-)

diff --git a/meta-parsec/README.md b/meta-parsec/README.md
index 97026ea..f720cd2 100644
--- a/meta-parsec/README.md
+++ b/meta-parsec/README.md
@@ -88,6 +88,71 @@ https://github.com/meta-rust/cargo-bitbake
2. Run cargo-bitbake inside the repository. It will produce a BB file.
3. Create a new include file with SRC_URI and LIC_FILES_CHKSUM from the BB file.
+Automated Parsec testing with runqemu
+=====================================
+
+ The Yocto build system has the ability to run a series of automated tests for qemu images.
+All the tests are actually commands run on the target system over ssh.
+
+ Meta-parsec includes automated unittests which run end to end Parsec tests.
+The tests are run against:
+- all providers pre-configured in the Parsec config file included in the image.
+- PKCS11 and TPM providers with software backends if softhsm and
+ swtpm packages included in the image.
+
+Meta-parsec also contains a recipe for `security-parsec-image` image with Parsec,
+softhsm and swtpm included.
+
+ Please notice that the account you use to run bitbake should have access to `/dev/kvm`.
+You might need to change permissions or add the account into `kvm` unix group.
+
+1. Testing Parsec with your own image where `parsec-service` and `parsec-tool` are already included.
+
+- Add into your `local.conf`:
+```
+INHERIT += "testimage"
+TEST_SUITES = "ping ssh parsec"
+```
+- Build your image
+```bash
+bitbake <your-image>
+```
+- Run tests
+```bash
+bitbake <your-image> -c testimage
+```
+
+2. Testing Parsec with pre-defined `security-parsec-image` image.
+
+- Add into your `local.conf`:
+```
+DISTRO_FEATURES += " tpm2"
+INHERIT += "testimage"
+TEST_SUITES = "ping ssh parsec"
+```
+- Build security-parsec-image image
+```bash
+bitbake security-parsec-image
+```
+- Run tests
+```bash
+bitbake security-parsec-image -c testimage
+```
+
+Output of a successfull tests run should look similar to:
+```
+RESULTS:
+RESULTS - ping.PingTest.test_ping: PASSED (0.05s)
+RESULTS - ssh.SSHTest.test_ssh: PASSED (0.25s)
+RESULTS - parsec.ParsecTest.test_all_providers: PASSED (1.84s)
+RESULTS - parsec.ParsecTest.test_pkcs11_provider: PASSED (2.91s)
+RESULTS - parsec.ParsecTest.test_tpm_provider: PASSED (3.33s)
+SUMMARY:
+security-parsec-image () - Ran 5 tests in 8.386s
+security-parsec-image - OK - All required tests passed (successes=5, skipped=0, failures=0, errors=0)
+```
+
+
Manual testing with runqemu
===========================
diff --git a/meta-parsec/lib/oeqa/runtime/cases/parsec.py b/meta-parsec/lib/oeqa/runtime/cases/parsec.py
index 547f74c..d3d3f2e 100644
--- a/meta-parsec/lib/oeqa/runtime/cases/parsec.py
+++ b/meta-parsec/lib/oeqa/runtime/cases/parsec.py
@@ -1,33 +1,138 @@
# Copyright (C) 2022 Armin Kuster <akuster808@...>
+# Copyright (C) 2022 Anton Antonov <Anton.Antonov@...>
#
import re
+from tempfile import mkstemp
from oeqa.runtime.case import OERuntimeTestCase
from oeqa.core.decorator.depends import OETestDepends
from oeqa.runtime.decorator.package import OEHasPackage
+from oeqa.core.decorator.data import skipIfNotFeature
class ParsecTest(OERuntimeTestCase):
+ @classmethod
+ def setUpClass(cls):
+ cls.toml_file = '/etc/parsec/config.toml'
+
+ def setUp(self):
+ super(ParsecTest, self).setUp()
+ if 'systemd' in self.tc.td['DISTRO_FEATURES']:
+ self.parsec_status='systemctl status -l parsec'
+ self.parsec_reload='systemctl restart parsec'
+ else:
+ self.parsec_status='pgrep -l parsec'
+ self.parsec_reload='/etc/init.d/parsec reload'
+
+ def copy_subconfig(self, cfg, provider):
+ """ Copy a provider configuration to target and append it to Parsec config """
+
+ tmp_fd, tmp_path = mkstemp()
+ with os.fdopen(tmp_fd, 'w') as f:
+ f.write('\n'.join(cfg))
+
+ (status, output) = self.target.copyTo(tmp_path, "%s-%s" % (self.toml_file, provider))
+ self.assertEqual(status, 0, msg='File could not be copied.\n%s' % output)
+ status, output = self.target.run('cat %s-%s >>%s' % (self.toml_file, provider, self.toml_file))
+ os.remove(tmp_path)
+
+ def check_parsec_providers(self, provider=None, prov_id=None):
+ """ Get Parsec providers list and check for one if defined """
+
+ status, output = self.target.run(self.parsec_status)
+ self.assertEqual(status, 0, msg='Parsec service is not running.\n%s' % output)
+
+ status, output = self.target.run('parsec-tool list-providers')
+ self.assertEqual(status, 0, msg='Cannot get a list of Parsec providers.\n%s' % output)
+ if provider and prov_id:
+ self.assertIn("ID: 0x0%d (%s provider)" % (prov_id, provider),
+ output, msg='%s provider is not configured.' % provider)
+
+ def run_cli_tests(self, prov_id=None):
+ """ Run Parsec CLI end-to-end tests against one or all providers """
+
+ status, output = self.target.run('parsec-cli-tests.sh %s' % ("-%d" % prov_id if prov_id else ""))
+ self.assertEqual(status, 0, msg='Parsec CLI tests failed.\n %s' % output)
+
@OEHasPackage(['parsec-service'])
@OETestDepends(['ssh.SSHTest.test_ssh'])
- def test_parsec_service(self):
- toml_file = '/etc/parsec/config.tom'
- status, output = self.target.run('echo library_path = "/usr/lib/softhsm/libsofthsm2.so" >> %s' %(toml_file))
- status, output = self.target.run('echo slot_number = 0 >> %s' %(toml_file))
- status, output = self.target.run('echo user_pin = "123456" >> %s' %(toml_file))
+ def test_all_providers(self):
+ """ Test Parsec service with all pre-defined providers """
+
+ self.check_parsec_providers()
+ self.run_cli_tests()
+
+ def configure_tpm_provider(self):
+ """ Create Parsec TPM provider configuration """
+
+ cfg = [
+ '',
+ '[[provider]]',
+ 'name = "tpm-provider"',
+ 'provider_type = "Tpm"',
+ 'key_info_manager = "sqlite-manager"',
+ 'tcti = "swtpm:port=2321"',
+ 'owner_hierarchy_auth = ""',
+ ]
+ self.copy_subconfig(cfg, "TPM")
+
cmds = [
- '/etc/init.d/parsec stop',
- 'sleep 5',
- 'softhsm2-util --init-token --slot 0 --label "Parsec Service" --pin 123456 --so-pin 123456',
- 'for d in /var/lib/softhsm/tokens/*; do chown -R parsec $d; done',
'mkdir /tmp/myvtpm',
- 'swtpm socket --tpmstate dir=/tmp/myvtpm --tpm2 --ctrl type=tcp,port=2322 --server type=tcp,port=2321 --flags not-need-init &',
- 'export TPM2TOOLS_TCTI="swtpm:port=2321"',
- 'tpm2_startup -c',
- 'sleep 2',
- '/etc/init.d/parsec start',
- 'parsec-cli-tests.sh'
+ 'swtpm socket -d --tpmstate dir=/tmp/myvtpm --tpm2 --ctrl type=tcp,port=2322 --server type=tcp,port=2321 --flags not-need-init',
+ 'tpm2_startup -c -T "swtpm:port=2321"',
+ self.parsec_reload,
]
for cmd in cmds:
status, output = self.target.run(cmd)
self.assertEqual(status, 0, msg='\n'.join([cmd, output]))
+
+ @OEHasPackage(['parsec-service'])
+ @OEHasPackage(['swtpm'])
+ @skipIfNotFeature('tpm2','Test parsec_tpm_provider requires tpm2 to be in DISTRO_FEATURES')
+ @OETestDepends(['ssh.SSHTest.test_ssh', 'parsec.ParsecTest.test_all_providers'])
+ def test_tpm_provider(self):
+ """ Configure and test Parsec TPM provider with swtpm as a backend """
+
+ prov_id = 3
+ self.configure_tpm_provider()
+ self.check_parsec_providers("TPM", prov_id)
+ self.run_cli_tests(prov_id)
+
+ def configure_pkcs11_provider(self):
+ """ Create Parsec PKCS11 provider configuration """
+
+ status, output = self.target.run('softhsm2-util --init-token --free --label "Parsec Service" --pin 123456 --so-pin 123456')
+ self.assertEqual(status, 0, msg='Failed to init PKCS11 token.\n%s' % output)
+
+ slot = re.search('The token has been initialized and is reassigned to slot (\d*)', output)
+ if slot is None:
+ self.fail('Failed to get PKCS11 slot serial number.\n%s' % output)
+ self.assertNotEqual(slot.group(1), None, msg='Failed to get PKCS11 slot serial number.\n%s' % output)
+
+ cfg = [
+ '',
+ '[[provider]]',
+ 'name = "pkcs11-provider"',
+ 'provider_type = "Pkcs11"',
+ 'key_info_manager = "sqlite-manager"',
+ 'library_path = "/usr/lib/softhsm/libsofthsm2.so"',
+ 'slot_number = %s' % slot.group(1),
+ 'user_pin = "123456"',
+ 'allow_export = true',
+ ]
+ self.copy_subconfig(cfg, "PKCS11")
+
+ status, output = self.target.run('for d in /var/lib/softhsm/tokens/*; do chown -R parsec $d; done')
+ status, output = self.target.run(self.parsec_reload)
+ self.assertEqual(status, 0, msg='Failed to reload Parsec.\n%s' % output)
+
+ @OEHasPackage(['parsec-service'])
+ @OEHasPackage(['softhsm'])
+ @OETestDepends(['ssh.SSHTest.test_ssh', 'parsec.ParsecTest.test_all_providers'])
+ def test_pkcs11_provider(self):
+ """ Configure and test Parsec PKCS11 provider with softhsm as a backend """
+
+ prov_id = 2
+ self.configure_pkcs11_provider()
+ self.check_parsec_providers("PKCS #11", prov_id)
+ self.run_cli_tests(prov_id)
diff --git a/meta-parsec/recipes-core/images/security-parsec-image.bb b/meta-parsec/recipes-core/images/security-parsec-image.bb
index 2ddc543..7add74b 100644
--- a/meta-parsec/recipes-core/images/security-parsec-image.bb
+++ b/meta-parsec/recipes-core/images/security-parsec-image.bb
@@ -1,4 +1,4 @@
-DESCRIPTION = "A small image for building meta-parsec packages"
+DESCRIPTION = "A small image for testing Parsec service with MbedCrypto, TPM and PKCS11 providers"
inherit core-image
@@ -10,7 +10,8 @@ IMAGE_INSTALL = "\
packagegroup-security-tpm2 \
packagegroup-security-parsec \
swtpm \
- os-release"
+ softhsm \
+ os-release"
export IMAGE_BASENAME = "security-parsec-image"
diff --git a/meta-parsec/recipes-core/packagegroups/packagegroup-security-parsec.bb b/meta-parsec/recipes-core/packagegroups/packagegroup-security-parsec.bb
index b6c4f59..0af9c3d 100644
--- a/meta-parsec/recipes-core/packagegroups/packagegroup-security-parsec.bb
+++ b/meta-parsec/recipes-core/packagegroups/packagegroup-security-parsec.bb
@@ -11,7 +11,6 @@ PACKAGES = "\
SUMMARY:packagegroup-security-parsec = "Security Parsec"
RDEPENDS:packagegroup-security-parsec = "\
- softhsm \
parsec-tool \
parsec-service \
"
diff --git a/meta-tpm/classes/sanity-meta-tpm.bbclass b/meta-tpm/classes/sanity-meta-tpm.bbclass
index 2f8b52d..1ab03c8 100644
--- a/meta-tpm/classes/sanity-meta-tpm.bbclass
+++ b/meta-tpm/classes/sanity-meta-tpm.bbclass
@@ -2,7 +2,9 @@ addhandler tpm_machinecheck
tpm_machinecheck[eventmask] = "bb.event.SanityCheck"
python tpm_machinecheck() {
skip_check = e.data.getVar('SKIP_META_TPM_SANITY_CHECK') == "1"
- if 'tpm' not in e.data.getVar('DISTRO_FEATURES').split() and not skip_check:
+ if 'tpm' not in e.data.getVar('DISTRO_FEATURES').split() and \
+ 'tpm2' not in e.data.getVar('DISTRO_FEATURES').split() and \
+ not skip_check:
bb.warn("You have included the meta-tpm layer, but \
'tpm or tpm2' has not been enabled in your DISTRO_FEATURES. Some bbappend files \
and preferred version setting may not take effect. See the meta-tpm README \


[meta-security][PATCH] meta-parsec: Update Parsec runtime tests

Anton Antonov
 

Signed-off-by: Anton Antonov <Anton.Antonov@...>
---
meta-parsec/README.md | 65 +++++++++
meta-parsec/lib/oeqa/runtime/cases/parsec.py | 135 ++++++++++++++++--
.../images/security-parsec-image.bb | 5 +-
.../packagegroup-security-parsec.bb | 1 -
meta-tpm/classes/sanity-meta-tpm.bbclass | 4 +-
5 files changed, 191 insertions(+), 19 deletions(-)

diff --git a/meta-parsec/README.md b/meta-parsec/README.md
index 97026ea..f720cd2 100644
--- a/meta-parsec/README.md
+++ b/meta-parsec/README.md
@@ -88,6 +88,71 @@ https://github.com/meta-rust/cargo-bitbake
2. Run cargo-bitbake inside the repository. It will produce a BB file.
3. Create a new include file with SRC_URI and LIC_FILES_CHKSUM from the BB file.

+Automated Parsec testing with runqemu
+=====================================
+
+ The Yocto build system has the ability to run a series of automated tests for qemu images.
+All the tests are actually commands run on the target system over ssh.
+
+ Meta-parsec includes automated unittests which run end to end Parsec tests.
+The tests are run against:
+- all providers pre-configured in the Parsec config file included in the image.
+- PKCS11 and TPM providers with software backends if softhsm and
+ swtpm packages included in the image.
+
+Meta-parsec also contains a recipe for `security-parsec-image` image with Parsec,
+softhsm and swtpm included.
+
+ Please notice that the account you use to run bitbake should have access to `/dev/kvm`.
+You might need to change permissions or add the account into `kvm` unix group.
+
+1. Testing Parsec with your own image where `parsec-service` and `parsec-tool` are already included.
+
+- Add into your `local.conf`:
+```
+INHERIT += "testimage"
+TEST_SUITES = "ping ssh parsec"
+```
+- Build your image
+```bash
+bitbake <your-image>
+```
+- Run tests
+```bash
+bitbake <your-image> -c testimage
+```
+
+2. Testing Parsec with pre-defined `security-parsec-image` image.
+
+- Add into your `local.conf`:
+```
+DISTRO_FEATURES += " tpm2"
+INHERIT += "testimage"
+TEST_SUITES = "ping ssh parsec"
+```
+- Build security-parsec-image image
+```bash
+bitbake security-parsec-image
+```
+- Run tests
+```bash
+bitbake security-parsec-image -c testimage
+```
+
+Output of a successfull tests run should look similar to:
+```
+RESULTS:
+RESULTS - ping.PingTest.test_ping: PASSED (0.05s)
+RESULTS - ssh.SSHTest.test_ssh: PASSED (0.25s)
+RESULTS - parsec.ParsecTest.test_all_providers: PASSED (1.84s)
+RESULTS - parsec.ParsecTest.test_pkcs11_provider: PASSED (2.91s)
+RESULTS - parsec.ParsecTest.test_tpm_provider: PASSED (3.33s)
+SUMMARY:
+security-parsec-image () - Ran 5 tests in 8.386s
+security-parsec-image - OK - All required tests passed (successes=5, skipped=0, failures=0, errors=0)
+```
+
+
Manual testing with runqemu
===========================

diff --git a/meta-parsec/lib/oeqa/runtime/cases/parsec.py b/meta-parsec/lib/oeqa/runtime/cases/parsec.py
index 547f74c..d3d3f2e 100644
--- a/meta-parsec/lib/oeqa/runtime/cases/parsec.py
+++ b/meta-parsec/lib/oeqa/runtime/cases/parsec.py
@@ -1,33 +1,138 @@
# Copyright (C) 2022 Armin Kuster <akuster808@...>
+# Copyright (C) 2022 Anton Antonov <Anton.Antonov@...>
#
import re
+from tempfile import mkstemp

from oeqa.runtime.case import OERuntimeTestCase
from oeqa.core.decorator.depends import OETestDepends
from oeqa.runtime.decorator.package import OEHasPackage
+from oeqa.core.decorator.data import skipIfNotFeature

class ParsecTest(OERuntimeTestCase):
+ @classmethod
+ def setUpClass(cls):
+ cls.toml_file = '/etc/parsec/config.toml'
+
+ def setUp(self):
+ super(ParsecTest, self).setUp()
+ if 'systemd' in self.tc.td['DISTRO_FEATURES']:
+ self.parsec_status='systemctl status -l parsec'
+ self.parsec_reload='systemctl restart parsec'
+ else:
+ self.parsec_status='pgrep -l parsec'
+ self.parsec_reload='/etc/init.d/parsec reload'
+
+ def copy_subconfig(self, cfg, provider):
+ """ Copy a provider configuration to target and append it to Parsec config """
+
+ tmp_fd, tmp_path = mkstemp()
+ with os.fdopen(tmp_fd, 'w') as f:
+ f.write('\n'.join(cfg))
+
+ (status, output) = self.target.copyTo(tmp_path, "%s-%s" % (self.toml_file, provider))
+ self.assertEqual(status, 0, msg='File could not be copied.\n%s' % output)
+ status, output = self.target.run('cat %s-%s >>%s' % (self.toml_file, provider, self.toml_file))
+ os.remove(tmp_path)
+
+ def check_parsec_providers(self, provider=None, prov_id=None):
+ """ Get Parsec providers list and check for one if defined """
+
+ status, output = self.target.run(self.parsec_status)
+ self.assertEqual(status, 0, msg='Parsec service is not running.\n%s' % output)
+
+ status, output = self.target.run('parsec-tool list-providers')
+ self.assertEqual(status, 0, msg='Cannot get a list of Parsec providers.\n%s' % output)
+ if provider and prov_id:
+ self.assertIn("ID: 0x0%d (%s provider)" % (prov_id, provider),
+ output, msg='%s provider is not configured.' % provider)
+
+ def run_cli_tests(self, prov_id=None):
+ """ Run Parsec CLI end-to-end tests against one or all providers """
+
+ status, output = self.target.run('parsec-cli-tests.sh %s' % ("-%d" % prov_id if prov_id else ""))
+ self.assertEqual(status, 0, msg='Parsec CLI tests failed.\n %s' % output)
+
@OEHasPackage(['parsec-service'])
@OETestDepends(['ssh.SSHTest.test_ssh'])
- def test_parsec_service(self):
- toml_file = '/etc/parsec/config.tom'
- status, output = self.target.run('echo library_path = "/usr/lib/softhsm/libsofthsm2.so" >> %s' %(toml_file))
- status, output = self.target.run('echo slot_number = 0 >> %s' %(toml_file))
- status, output = self.target.run('echo user_pin = "123456" >> %s' %(toml_file))
+ def test_all_providers(self):
+ """ Test Parsec service with all pre-defined providers """
+
+ self.check_parsec_providers()
+ self.run_cli_tests()
+
+ def configure_tpm_provider(self):
+ """ Create Parsec TPM provider configuration """
+
+ cfg = [
+ '',
+ '[[provider]]',
+ 'name = "tpm-provider"',
+ 'provider_type = "Tpm"',
+ 'key_info_manager = "sqlite-manager"',
+ 'tcti = "swtpm:port=2321"',
+ 'owner_hierarchy_auth = ""',
+ ]
+ self.copy_subconfig(cfg, "TPM")
+
cmds = [
- '/etc/init.d/parsec stop',
- 'sleep 5',
- 'softhsm2-util --init-token --slot 0 --label "Parsec Service" --pin 123456 --so-pin 123456',
- 'for d in /var/lib/softhsm/tokens/*; do chown -R parsec $d; done',
'mkdir /tmp/myvtpm',
- 'swtpm socket --tpmstate dir=/tmp/myvtpm --tpm2 --ctrl type=tcp,port=2322 --server type=tcp,port=2321 --flags not-need-init &',
- 'export TPM2TOOLS_TCTI="swtpm:port=2321"',
- 'tpm2_startup -c',
- 'sleep 2',
- '/etc/init.d/parsec start',
- 'parsec-cli-tests.sh'
+ 'swtpm socket -d --tpmstate dir=/tmp/myvtpm --tpm2 --ctrl type=tcp,port=2322 --server type=tcp,port=2321 --flags not-need-init',
+ 'tpm2_startup -c -T "swtpm:port=2321"',
+ self.parsec_reload,
]

for cmd in cmds:
status, output = self.target.run(cmd)
self.assertEqual(status, 0, msg='\n'.join([cmd, output]))
+
+ @OEHasPackage(['parsec-service'])
+ @OEHasPackage(['swtpm'])
+ @skipIfNotFeature('tpm2','Test parsec_tpm_provider requires tpm2 to be in DISTRO_FEATURES')
+ @OETestDepends(['ssh.SSHTest.test_ssh', 'parsec.ParsecTest.test_all_providers'])
+ def test_tpm_provider(self):
+ """ Configure and test Parsec TPM provider with swtpm as a backend """
+
+ prov_id = 3
+ self.configure_tpm_provider()
+ self.check_parsec_providers("TPM", prov_id)
+ self.run_cli_tests(prov_id)
+
+ def configure_pkcs11_provider(self):
+ """ Create Parsec PKCS11 provider configuration """
+
+ status, output = self.target.run('softhsm2-util --init-token --free --label "Parsec Service" --pin 123456 --so-pin 123456')
+ self.assertEqual(status, 0, msg='Failed to init PKCS11 token.\n%s' % output)
+
+ slot = re.search('The token has been initialized and is reassigned to slot (\d*)', output)
+ if slot is None:
+ self.fail('Failed to get PKCS11 slot serial number.\n%s' % output)
+ self.assertNotEqual(slot.group(1), None, msg='Failed to get PKCS11 slot serial number.\n%s' % output)
+
+ cfg = [
+ '',
+ '[[provider]]',
+ 'name = "pkcs11-provider"',
+ 'provider_type = "Pkcs11"',
+ 'key_info_manager = "sqlite-manager"',
+ 'library_path = "/usr/lib/softhsm/libsofthsm2.so"',
+ 'slot_number = %s' % slot.group(1),
+ 'user_pin = "123456"',
+ 'allow_export = true',
+ ]
+ self.copy_subconfig(cfg, "PKCS11")
+
+ status, output = self.target.run('for d in /var/lib/softhsm/tokens/*; do chown -R parsec $d; done')
+ status, output = self.target.run(self.parsec_reload)
+ self.assertEqual(status, 0, msg='Failed to reload Parsec.\n%s' % output)
+
+ @OEHasPackage(['parsec-service'])
+ @OEHasPackage(['softhsm'])
+ @OETestDepends(['ssh.SSHTest.test_ssh', 'parsec.ParsecTest.test_all_providers'])
+ def test_pkcs11_provider(self):
+ """ Configure and test Parsec PKCS11 provider with softhsm as a backend """
+
+ prov_id = 2
+ self.configure_pkcs11_provider()
+ self.check_parsec_providers("PKCS #11", prov_id)
+ self.run_cli_tests(prov_id)
diff --git a/meta-parsec/recipes-core/images/security-parsec-image.bb b/meta-parsec/recipes-core/images/security-parsec-image.bb
index 2ddc543..7add74b 100644
--- a/meta-parsec/recipes-core/images/security-parsec-image.bb
+++ b/meta-parsec/recipes-core/images/security-parsec-image.bb
@@ -1,4 +1,4 @@
-DESCRIPTION = "A small image for building meta-parsec packages"
+DESCRIPTION = "A small image for testing Parsec service with MbedCrypto, TPM and PKCS11 providers"

inherit core-image

@@ -10,7 +10,8 @@ IMAGE_INSTALL = "\
packagegroup-security-tpm2 \
packagegroup-security-parsec \
swtpm \
- os-release"
+ softhsm \
+ os-release"

export IMAGE_BASENAME = "security-parsec-image"

diff --git a/meta-parsec/recipes-core/packagegroups/packagegroup-security-parsec.bb b/meta-parsec/recipes-core/packagegroups/packagegroup-security-parsec.bb
index b6c4f59..0af9c3d 100644
--- a/meta-parsec/recipes-core/packagegroups/packagegroup-security-parsec.bb
+++ b/meta-parsec/recipes-core/packagegroups/packagegroup-security-parsec.bb
@@ -11,7 +11,6 @@ PACKAGES = "\

SUMMARY:packagegroup-security-parsec = "Security Parsec"
RDEPENDS:packagegroup-security-parsec = "\
- softhsm \
parsec-tool \
parsec-service \
"
diff --git a/meta-tpm/classes/sanity-meta-tpm.bbclass b/meta-tpm/classes/sanity-meta-tpm.bbclass
index 2f8b52d..1ab03c8 100644
--- a/meta-tpm/classes/sanity-meta-tpm.bbclass
+++ b/meta-tpm/classes/sanity-meta-tpm.bbclass
@@ -2,7 +2,9 @@ addhandler tpm_machinecheck
tpm_machinecheck[eventmask] = "bb.event.SanityCheck"
python tpm_machinecheck() {
skip_check = e.data.getVar('SKIP_META_TPM_SANITY_CHECK') == "1"
- if 'tpm' not in e.data.getVar('DISTRO_FEATURES').split() and not skip_check:
+ if 'tpm' not in e.data.getVar('DISTRO_FEATURES').split() and \
+ 'tpm2' not in e.data.getVar('DISTRO_FEATURES').split() and \
+ not skip_check:
bb.warn("You have included the meta-tpm layer, but \
'tpm or tpm2' has not been enabled in your DISTRO_FEATURES. Some bbappend files \
and preferred version setting may not take effect. See the meta-tpm README \
--
2.25.1


OpenEmbedded Happy Hour May 25 5pm/1700 UTC

Tim Orling
 

All,

You are cordially invited to the next OpenEmbedded Happy Hour on May 25
for Europe/Americas time zones @ 1700/5pm UTC (1pm ET / 10am PT).


Regards,
Tim "moto-timo" Orling


[meta-selinux][master][kirkstone][PATCH 2/2] refpolicy: add file context for findfs alternative

Yi Zhao
 

Add file context for findfs alternative which is provided by util-linux.

Signed-off-by: Yi Zhao <yi.zhao@...>
---
...s-apply-policy-to-findfs-alternative.patch | 29 +++++++++++++++++++
.../refpolicy/refpolicy_common.inc | 1 +
2 files changed, 30 insertions(+)
create mode 100644 recipes-security/refpolicy/refpolicy/0069-fc-fstools-apply-policy-to-findfs-alternative.patch

diff --git a/recipes-security/refpolicy/refpolicy/0069-fc-fstools-apply-policy-to-findfs-alternative.patch b/recipes-security/refpolicy/refpolicy/0069-fc-fstools-apply-policy-to-findfs-alternative.patch
new file mode 100644
index 0000000..6535a4b
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy/0069-fc-fstools-apply-policy-to-findfs-alternative.patch
@@ -0,0 +1,29 @@
+From 3e3ec39659ae068d20efbb5f13054d90960c3c3f Mon Sep 17 00:00:00 2001
+From: Yi Zhao <yi.zhao@...>
+Date: Thu, 19 May 2022 16:51:49 +0800
+Subject: [PATCH] fc/fstools: apply policy to findfs alternative
+
+Add file context for findfs alternative which is provided by util-linux.
+
+Upstream-Status: Inappropriate [embedded specific]
+
+Signed-off-by: Yi Zhao <yi.zhao@...>
+---
+ policy/modules/system/fstools.fc | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/policy/modules/system/fstools.fc b/policy/modules/system/fstools.fc
+index bef711850..91be0ef3d 100644
+--- a/policy/modules/system/fstools.fc
++++ b/policy/modules/system/fstools.fc
+@@ -77,6 +77,7 @@
+ /usr/sbin/fdisk -- gen_context(system_u:object_r:fsadm_exec_t,s0)
+ /usr/sbin/fdisk\.util-linux -- gen_context(system_u:object_r:fsadm_exec_t,s0)
+ /usr/sbin/findfs -- gen_context(system_u:object_r:fsadm_exec_t,s0)
++/usr/sbin/findfs\.util-linux -- gen_context(system_u:object_r:fsadm_exec_t,s0)
+ /usr/sbin/fsck.* -- gen_context(system_u:object_r:fsadm_exec_t,s0)
+ /usr/sbin/gdisk -- gen_context(system_u:object_r:fsadm_exec_t,s0)
+ /usr/sbin/hdparm -- gen_context(system_u:object_r:fsadm_exec_t,s0)
+--
+2.25.1
+
diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc
index 1d5a5c0..bb0c0dd 100644
--- a/recipes-security/refpolicy/refpolicy_common.inc
+++ b/recipes-security/refpolicy/refpolicy_common.inc
@@ -84,6 +84,7 @@ SRC_URI += " \
file://0066-systemd-add-missing-file-context-for-run-systemd-net.patch \
file://0067-systemd-add-file-contexts-for-systemd-network-genera.patch \
file://0068-systemd-udev-allow-udev-to-read-systemd-networkd-run.patch \
+ file://0069-fc-fstools-apply-policy-to-findfs-alternative.patch \
"

S = "${WORKDIR}/refpolicy"
--
2.25.1


[meta-selinux][master][kirkstone][PATCH 1/2] refpolicy: backport patches to fix policy issues for systemd 250

Yi Zhao
 

Backport the following patches to fix systemd-resolved and
systemd-netowrkd policy issues:
systemd-systemd-resolved-is-linked-to-libselinux.patch
sysnetwork-systemd-allow-DNS-resolution-over-io.syst.patch
term-init-allow-systemd-to-watch-and-watch-reads-on-.patch
systemd-add-file-transition-for-systemd-networkd-run.patch
systemd-add-missing-file-context-for-run-systemd-net.patch
systemd-add-file-contexts-for-systemd-network-genera.patch
systemd-udev-allow-udev-to-read-systemd-networkd-run.patch

Signed-off-by: Yi Zhao <yi.zhao@...>
---
...emd-resolved-is-linked-to-libselinux.patch | 33 +++++++
...md-allow-DNS-resolution-over-io.syst.patch | 63 +++++++++++++
...systemd-to-watch-and-watch-reads-on-.patch | 94 +++++++++++++++++++
...-transition-for-systemd-networkd-run.patch | 32 +++++++
...ing-file-context-for-run-systemd-net.patch | 29 ++++++
...-contexts-for-systemd-network-genera.patch | 38 ++++++++
...ow-udev-to-read-systemd-networkd-run.patch | 34 +++++++
.../refpolicy/refpolicy_common.inc | 7 ++
8 files changed, 330 insertions(+)
create mode 100644 recipes-security/refpolicy/refpolicy/0062-systemd-systemd-resolved-is-linked-to-libselinux.patch
create mode 100644 recipes-security/refpolicy/refpolicy/0063-sysnetwork-systemd-allow-DNS-resolution-over-io.syst.patch
create mode 100644 recipes-security/refpolicy/refpolicy/0064-term-init-allow-systemd-to-watch-and-watch-reads-on-.patch
create mode 100644 recipes-security/refpolicy/refpolicy/0065-systemd-add-file-transition-for-systemd-networkd-run.patch
create mode 100644 recipes-security/refpolicy/refpolicy/0066-systemd-add-missing-file-context-for-run-systemd-net.patch
create mode 100644 recipes-security/refpolicy/refpolicy/0067-systemd-add-file-contexts-for-systemd-network-genera.patch
create mode 100644 recipes-security/refpolicy/refpolicy/0068-systemd-udev-allow-udev-to-read-systemd-networkd-run.patch

diff --git a/recipes-security/refpolicy/refpolicy/0062-systemd-systemd-resolved-is-linked-to-libselinux.patch b/recipes-security/refpolicy/refpolicy/0062-systemd-systemd-resolved-is-linked-to-libselinux.patch
new file mode 100644
index 0000000..e0db7d3
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy/0062-systemd-systemd-resolved-is-linked-to-libselinux.patch
@@ -0,0 +1,33 @@
+From 52a4222397f5d3b28ca15a45bb2ace209a4afc3e Mon Sep 17 00:00:00 2001
+From: Kenton Groombridge <me@...>
+Date: Thu, 31 Mar 2022 13:09:10 -0400
+Subject: [PATCH] systemd: systemd-resolved is linked to libselinux
+
+systemd-resolved as of systemd 250 fails to start with this error:
+
+Failed to initialize SELinux labeling handle: No such file or directory
+
+Upstream-Status: Backport
+[https://github.com/SELinuxProject/refpolicy/commit/3a22db2410de479e5baa88f3f668a7a4ac198950]
+
+Signed-off-by: Kenton Groombridge <me@...>
+Signed-off-by: Yi Zhao <yi.zhao@...>
+---
+ policy/modules/system/systemd.te | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
+index 8cea6baa1..beb301cc6 100644
+--- a/policy/modules/system/systemd.te
++++ b/policy/modules/system/systemd.te
+@@ -1261,6 +1261,7 @@ fs_getattr_cgroup(systemd_resolved_t)
+
+ init_dgram_send(systemd_resolved_t)
+
++seutil_libselinux_linked(systemd_resolved_t)
+ seutil_read_file_contexts(systemd_resolved_t)
+
+ systemd_log_parse_environment(systemd_resolved_t)
+--
+2.25.1
+
diff --git a/recipes-security/refpolicy/refpolicy/0063-sysnetwork-systemd-allow-DNS-resolution-over-io.syst.patch b/recipes-security/refpolicy/refpolicy/0063-sysnetwork-systemd-allow-DNS-resolution-over-io.syst.patch
new file mode 100644
index 0000000..63da7cd
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy/0063-sysnetwork-systemd-allow-DNS-resolution-over-io.syst.patch
@@ -0,0 +1,63 @@
+From 1ba0911e157c64ea15636c5707f38f1bdc9a46c8 Mon Sep 17 00:00:00 2001
+From: Kenton Groombridge <me@...>
+Date: Wed, 27 Apr 2022 01:09:52 -0400
+Subject: [PATCH] sysnetwork, systemd: allow DNS resolution over
+ io.systemd.Resolve
+
+Upstream-Status: Backport
+[https://github.com/SELinuxProject/refpolicy/commit/1a0acc9c0d8c7c49ad4ca2cabd44bc66450f45e0]
+
+Signed-off-by: Kenton Groombridge <me@...>
+Signed-off-by: Yi Zhao <yi.zhao@...>
+---
+ policy/modules/system/sysnetwork.if | 1 +
+ policy/modules/system/systemd.if | 21 +++++++++++++++++++++
+ 2 files changed, 22 insertions(+)
+
+diff --git a/policy/modules/system/sysnetwork.if b/policy/modules/system/sysnetwork.if
+index 8664a67c8..140d48508 100644
+--- a/policy/modules/system/sysnetwork.if
++++ b/policy/modules/system/sysnetwork.if
+@@ -844,6 +844,7 @@ interface(`sysnet_dns_name_resolve',`
+ ifdef(`init_systemd',`
+ optional_policy(`
+ systemd_dbus_chat_resolved($1)
++ systemd_stream_connect_resolved($1)
+ ')
+ # This seems needed when the mymachines NSS module is used
+ optional_policy(`
+diff --git a/policy/modules/system/systemd.if b/policy/modules/system/systemd.if
+index 5f2038f22..9143fb4c0 100644
+--- a/policy/modules/system/systemd.if
++++ b/policy/modules/system/systemd.if
+@@ -1835,6 +1835,27 @@ interface(`systemd_tmpfilesd_managed',`
+ ')
+ ')
+
++#######################################
++## <summary>
++## Connect to systemd resolved over
++## /run/systemd/resolve/io.systemd.Resolve .
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`systemd_stream_connect_resolved',`
++ gen_require(`
++ type systemd_resolved_t;
++ type systemd_resolved_runtime_t;
++ ')
++
++ files_search_runtime($1)
++ stream_connect_pattern($1, systemd_resolved_runtime_t, systemd_resolved_runtime_t, systemd_resolved_t)
++')
++
+ ########################################
+ ## <summary>
+ ## Send and receive messages from
+--
+2.25.1
+
diff --git a/recipes-security/refpolicy/refpolicy/0064-term-init-allow-systemd-to-watch-and-watch-reads-on-.patch b/recipes-security/refpolicy/refpolicy/0064-term-init-allow-systemd-to-watch-and-watch-reads-on-.patch
new file mode 100644
index 0000000..88f070d
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy/0064-term-init-allow-systemd-to-watch-and-watch-reads-on-.patch
@@ -0,0 +1,94 @@
+From 50670946f04257cc2110facbc61884e2cf0d8327 Mon Sep 17 00:00:00 2001
+From: Kenton Groombridge <me@...>
+Date: Fri, 6 May 2022 21:16:29 -0400
+Subject: [PATCH] term, init: allow systemd to watch and watch reads on
+ unallocated ttys
+
+As of systemd 250, systemd needs to be able to add a watch on and watch
+reads on unallocated ttys in order to start getty.
+
+systemd[55548]: getty@...: Failed to set up standard input: Permission denied
+systemd[55548]: getty@...: Failed at step STDIN spawning /sbin/agetty: Permission denied
+
+time->Fri May 6 21:17:58 2022
+type=PROCTITLE msg=audit(1651886278.452:1770): proctitle="(agetty)"
+type=PATH msg=audit(1651886278.452:1770): item=0 name="/dev/tty1" inode=18 dev=00:05 mode=020620 ouid=0 ogid=5 rdev=04:01 obj=system_u:object_r:tty_device_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
+type=CWD msg=audit(1651886278.452:1770): cwd="/"
+type=SYSCALL msg=audit(1651886278.452:1770): arch=c000003e syscall=254 success=no exit=-13 a0=3 a1=60ba5c21e020 a2=18 a3=23 items=1 ppid=1 pid=55551 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="(agetty)" exe="/lib/systemd/systemd" subj=system_u:system_r:init_t:s0 key=(null)
+type=AVC msg=audit(1651886278.452:1770): avc: denied { watch watch_reads } for pid=55551 comm="(agetty)" path="/dev/tty1" dev="devtmpfs" ino=18 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:tty_device_t:s0 tclass=chr_file permissive=0
+
+Upstream-Status: Backport
+[https://github.com/SELinuxProject/refpolicy/commit/308ab9f69a4623f5dace8da151e70c6316f055a8]
+
+Signed-off-by: Kenton Groombridge <me@...>
+Signed-off-by: Yi Zhao <yi.zhao@...>
+---
+ policy/modules/kernel/terminal.if | 38 +++++++++++++++++++++++++++++++
+ policy/modules/system/init.te | 2 ++
+ 2 files changed, 40 insertions(+)
+
+diff --git a/policy/modules/kernel/terminal.if b/policy/modules/kernel/terminal.if
+index e8c0735eb..6e9f654ac 100644
+--- a/policy/modules/kernel/terminal.if
++++ b/policy/modules/kernel/terminal.if
+@@ -1287,6 +1287,44 @@ interface(`term_dontaudit_use_unallocated_ttys',`
+ dontaudit $1 tty_device_t:chr_file rw_chr_file_perms;
+ ')
+
++########################################
++## <summary>
++## Watch unallocated ttys.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`term_watch_unallocated_ttys',`
++ gen_require(`
++ type tty_device_t;
++ ')
++
++ dev_list_all_dev_nodes($1)
++ allow $1 tty_device_t:chr_file watch;
++')
++
++########################################
++## <summary>
++## Watch reads on unallocated ttys.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`term_watch_reads_unallocated_ttys',`
++ gen_require(`
++ type tty_device_t;
++ ')
++
++ dev_list_all_dev_nodes($1)
++ allow $1 tty_device_t:chr_file watch_reads;
++')
++
+ ########################################
+ ## <summary>
+ ## Get the attributes of all tty device nodes.
+diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
+index 5a19f0e43..24cef0924 100644
+--- a/policy/modules/system/init.te
++++ b/policy/modules/system/init.te
+@@ -518,6 +518,8 @@ ifdef(`init_systemd',`
+ term_create_devpts_dirs(init_t)
+ term_create_ptmx(init_t)
+ term_create_controlling_term(init_t)
++ term_watch_unallocated_ttys(init_t)
++ term_watch_reads_unallocated_ttys(init_t)
+
+ # udevd is a "systemd kobject uevent socket activated daemon"
+ udev_create_kobject_uevent_sockets(init_t)
+--
+2.25.1
+
diff --git a/recipes-security/refpolicy/refpolicy/0065-systemd-add-file-transition-for-systemd-networkd-run.patch b/recipes-security/refpolicy/refpolicy/0065-systemd-add-file-transition-for-systemd-networkd-run.patch
new file mode 100644
index 0000000..1029490
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy/0065-systemd-add-file-transition-for-systemd-networkd-run.patch
@@ -0,0 +1,32 @@
+From 6f8a8ecd8bafd6e8a3515b53db2a2982a02ff254 Mon Sep 17 00:00:00 2001
+From: Kenton Groombridge <me@...>
+Date: Thu, 31 Mar 2022 13:22:37 -0400
+Subject: [PATCH] systemd: add file transition for systemd-networkd runtime
+
+systemd-networkd creates the /run/systemd/network directory which should
+be labeled appropriately.
+
+Upstream-Status: Backport
+[https://github.com/SELinuxProject/refpolicy/commit/663b62f27cb12c22f056eba9326cf3f7f78d8a9e]
+
+Signed-off-by: Kenton Groombridge <me@...>
+Signed-off-by: Yi Zhao <yi.zhao@...>
+---
+ policy/modules/system/systemd.te | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
+index beb301cc6..654c6a42a 100644
+--- a/policy/modules/system/systemd.te
++++ b/policy/modules/system/systemd.te
+@@ -917,6 +917,7 @@ auth_use_nsswitch(systemd_networkd_t)
+
+ init_dgram_send(systemd_networkd_t)
+ init_read_state(systemd_networkd_t)
++init_runtime_filetrans(systemd_networkd_t, systemd_networkd_runtime_t, dir)
+
+ logging_send_syslog_msg(systemd_networkd_t)
+
+--
+2.25.1
+
diff --git a/recipes-security/refpolicy/refpolicy/0066-systemd-add-missing-file-context-for-run-systemd-net.patch b/recipes-security/refpolicy/refpolicy/0066-systemd-add-missing-file-context-for-run-systemd-net.patch
new file mode 100644
index 0000000..f84eb4a
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy/0066-systemd-add-missing-file-context-for-run-systemd-net.patch
@@ -0,0 +1,29 @@
+From 2e3f371b59bee343c42e4c69495df0f3719b6e24 Mon Sep 17 00:00:00 2001
+From: Kenton Groombridge <me@...>
+Date: Sat, 2 Apr 2022 15:44:01 -0400
+Subject: [PATCH] systemd: add missing file context for /run/systemd/network
+
+Upstream-Status: Backport
+[https://github.com/SELinuxProject/refpolicy/commit/f2fe1ae15485da7b6269b7d0d7dbed9a834f1876]
+
+Signed-off-by: Kenton Groombridge <me@...>
+Signed-off-by: Yi Zhao <yi.zhao@...>
+---
+ policy/modules/system/systemd.fc | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/policy/modules/system/systemd.fc b/policy/modules/system/systemd.fc
+index 34db8c034..d21914227 100644
+--- a/policy/modules/system/systemd.fc
++++ b/policy/modules/system/systemd.fc
+@@ -85,6 +85,7 @@ HOME_DIR/\.local/share/systemd(/.*)? gen_context(system_u:object_r:systemd_data
+
+ /run/systemd/ask-password(/.*)? gen_context(system_u:object_r:systemd_passwd_runtime_t,s0)
+ /run/systemd/ask-password-block(/.*)? gen_context(system_u:object_r:systemd_passwd_runtime_t,s0)
++/run/systemd/network(/.*)? gen_context(system_u:object_r:systemd_networkd_runtime_t,s0)
+ /run/systemd/resolve(/.*)? gen_context(system_u:object_r:systemd_resolved_runtime_t,s0)
+ /run/systemd/seats(/.*)? gen_context(system_u:object_r:systemd_sessions_runtime_t,s0)
+ /run/systemd/sessions(/.*)? gen_context(system_u:object_r:systemd_sessions_runtime_t,s0)
+--
+2.25.1
+
diff --git a/recipes-security/refpolicy/refpolicy/0067-systemd-add-file-contexts-for-systemd-network-genera.patch b/recipes-security/refpolicy/refpolicy/0067-systemd-add-file-contexts-for-systemd-network-genera.patch
new file mode 100644
index 0000000..0aaf096
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy/0067-systemd-add-file-contexts-for-systemd-network-genera.patch
@@ -0,0 +1,38 @@
+From 143d339b2e6611c56cd0210279757ebee9632731 Mon Sep 17 00:00:00 2001
+From: Kenton Groombridge <me@...>
+Date: Thu, 19 May 2022 11:42:51 -0400
+Subject: [PATCH] systemd: add file contexts for systemd-network-generator
+
+Upstream-Status: Backport
+[https://github.com/SELinuxProject/refpolicy/commit/73adba0a39b7409bc4bbfa0e962108c2b1e5f2a5]
+
+Thanks-To: Zhao Yi
+Signed-off-by: Kenton Groombridge <me@...>
+Signed-off-by: Yi Zhao <yi.zhao@...>
+---
+ policy/modules/system/systemd.fc | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/policy/modules/system/systemd.fc b/policy/modules/system/systemd.fc
+index d21914227..1a35bd65c 100644
+--- a/policy/modules/system/systemd.fc
++++ b/policy/modules/system/systemd.fc
+@@ -35,6 +35,7 @@
+ /usr/lib/systemd/systemd-machined -- gen_context(system_u:object_r:systemd_machined_exec_t,s0)
+ /usr/lib/systemd/systemd-modules-load -- gen_context(system_u:object_r:systemd_modules_load_exec_t,s0)
+ /usr/lib/systemd/systemd-networkd -- gen_context(system_u:object_r:systemd_networkd_exec_t,s0)
++/usr/lib/systemd/systemd-network-generator -- gen_context(system_u:object_r:systemd_networkd_exec_t,s0)
+ /usr/lib/systemd/systemd-pstore -- gen_context(system_u:object_r:systemd_pstore_exec_t,s0)
+ /usr/lib/systemd/systemd-resolved -- gen_context(system_u:object_r:systemd_resolved_exec_t,s0)
+ /usr/lib/systemd/systemd-rfkill -- gen_context(system_u:object_r:systemd_rfkill_exec_t,s0)
+@@ -60,6 +61,7 @@ HOME_DIR/\.local/share/systemd(/.*)? gen_context(system_u:object_r:systemd_data
+ /usr/lib/systemd/system/systemd-backlight.* -- gen_context(system_u:object_r:systemd_backlight_unit_t,s0)
+ /usr/lib/systemd/system/systemd-binfmt.* -- gen_context(system_u:object_r:systemd_binfmt_unit_t,s0)
+ /usr/lib/systemd/system/systemd-networkd.* gen_context(system_u:object_r:systemd_networkd_unit_t,s0)
++/usr/lib/systemd/system/systemd-network-generator.* gen_context(system_u:object_r:systemd_networkd_unit_t,s0)
+ /usr/lib/systemd/system/systemd-rfkill.* -- gen_context(system_u:object_r:systemd_rfkill_unit_t,s0)
+ /usr/lib/systemd/system/systemd-socket-proxyd\.service -- gen_context(system_u:object_r:systemd_socket_proxyd_unit_file_t,s0)
+
+--
+2.25.1
+
diff --git a/recipes-security/refpolicy/refpolicy/0068-systemd-udev-allow-udev-to-read-systemd-networkd-run.patch b/recipes-security/refpolicy/refpolicy/0068-systemd-udev-allow-udev-to-read-systemd-networkd-run.patch
new file mode 100644
index 0000000..259863c
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy/0068-systemd-udev-allow-udev-to-read-systemd-networkd-run.patch
@@ -0,0 +1,34 @@
+From 6508bc8a3440525384fcfcd8ad55a4cd5c79b912 Mon Sep 17 00:00:00 2001
+From: Kenton Groombridge <me@...>
+Date: Thu, 19 May 2022 11:43:44 -0400
+Subject: [PATCH] systemd, udev: allow udev to read systemd-networkd runtime
+
+udev searches for .link files and applies custom udev rules to devices
+as they come up.
+
+Upstream-Status: Backport
+[https://github.com/SELinuxProject/refpolicy/commit/998ef975f38c70d57e7220b88ae5e62c88ebb770]
+
+Thanks-To: Zhao Yi
+Signed-off-by: Kenton Groombridge <me@...>
+Signed-off-by: Yi Zhao <yi.zhao@...>
+---
+ policy/modules/system/udev.te | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
+index 4c5a690fb..8e243c0f2 100644
+--- a/policy/modules/system/udev.te
++++ b/policy/modules/system/udev.te
+@@ -270,6 +270,8 @@ ifdef(`init_systemd',`
+ systemd_read_hwdb(udev_t)
+ systemd_read_logind_sessions_files(udev_t)
+ systemd_read_logind_runtime_files(udev_t)
++ # udev searches for .link files and applies custom udev rules
++ systemd_read_networkd_runtime(udev_t)
+
+ optional_policy(`
+ init_dbus_chat(udev_t)
+--
+2.25.1
+
diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc
index 96d0da1..1d5a5c0 100644
--- a/recipes-security/refpolicy/refpolicy_common.inc
+++ b/recipes-security/refpolicy/refpolicy_common.inc
@@ -77,6 +77,13 @@ SRC_URI += " \
file://0059-policy-modules-system-setrans-allow-setrans_t-use-fd.patch \
file://0060-policy-modules-system-systemd-make-_systemd_t-MLS-tr.patch \
file://0061-policy-modules-system-logging-make-syslogd_runtime_t.patch \
+ file://0062-systemd-systemd-resolved-is-linked-to-libselinux.patch \
+ file://0063-sysnetwork-systemd-allow-DNS-resolution-over-io.syst.patch \
+ file://0064-term-init-allow-systemd-to-watch-and-watch-reads-on-.patch \
+ file://0065-systemd-add-file-transition-for-systemd-networkd-run.patch \
+ file://0066-systemd-add-missing-file-context-for-run-systemd-net.patch \
+ file://0067-systemd-add-file-contexts-for-systemd-network-genera.patch \
+ file://0068-systemd-udev-allow-udev-to-read-systemd-networkd-run.patch \
"

S = "${WORKDIR}/refpolicy"
--
2.25.1


Re: [ANNOUNCEMENT] Yocto Project 4.0.1 is Released

Lee Chee Yang
 

Now that we also have release notes in the documentation (see
https://docs.yoctoproject.org/migration-guides/release-notes-3.4.2.html
for example, and the source code on
https://git.yoctoproject.org/yocto-docs/tree/documentation/migration-
guides/release-notes-3.4.2.rst),
what about modifying the scripts to generate such notes directly in Sphinx
syntax, and right before a new release is made, add them to the
documentation directory?
This is in my to do list.

Chee Yang


Enhancements/Bugs closed WW21

Stephen Jolley
 

All,

The below were the owners of enhancements or bugs closed during the last week!

Who

Count

michael.opdenacker@...

2

mhalstead@...

1

Grand Total

3

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 


Current high bug count owners for Yocto Project 4.1

Stephen Jolley
 

All,

Below is the list as of top 36 bug owners as of the end of WW21 of who have open medium or higher bugs and enhancements against YP 4.1.   There are 110 possible work days left until the final release candidates for YP 4.1 needs to be released.

Who

Count

michael.opdenacker@...

38

ross.burton@...

23

david.reyna@...

21

bruce.ashfield@...

20

randy.macleod@...

17

sakib.sajal@...

12

richard.purdie@...

12

JPEWhacker@...

9

tim.orling@...

8

saul.wold@...

7

kai.kang@...

4

jon.mason@...

4

pavel@...

4

mhalstead@...

3

akuster808@...

3

Qi.Chen@...

2

abongwabonalais@...

2

tvgamblin@...

2

hongxu.jia@...

2

pgowda.cve@...

2

Aryaman.Gupta@...

2

liezhi.yang@...

1

raj.khem@...

1

martin.beeger@...

1

shachar@...

1

Martin.Jansa@...

1

alexandre.belloni@...

1

aehs29@...

1

nicolas.dechesne@...

1

sundeep.kokkonda@...

1

thomas.perrot@...

1

mostthingsweb@...

1

jay.shen.teoh@...

1

kexin.hao@...

1

open.source@...

1

alejandro@...

1

Grand Total

212

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 


Yocto Project Newcomer & Unassigned Bugs - Help Needed

Stephen Jolley
 

All,

 

The triage team is starting to try and collect up and classify bugs which a newcomer to the project would be able to work on in a way which means people can find them. They're being listed on the triage page under the appropriate heading:

https://wiki.yoctoproject.org/wiki/Bug_Triage#Newcomer_Bugs  Also please review: https://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded and how to create a bugzilla account at: https://bugzilla.yoctoproject.org/createaccount.cgi

The idea is these bugs should be straight forward for a person to help work on who doesn't have deep experience with the project.  If anyone can help, please take ownership of the bug and send patches!  If anyone needs help/advice there are people on irc who can likely do so, or some of the more experienced contributors will likely be happy to help too.

 

Also, the triage team meets weekly and does its best to handle the bugs reported into the Bugzilla. The number of people attending that meeting has fallen, as have the number of people available to help fix bugs. One of the things we hear users report is they don't know how to help. We (the triage team) are therefore going to start reporting out the currently 427 unassigned or newcomer bugs.

 

We're hoping people may be able to spare some time now and again to help out with these.  Bugs are split into two types, "true bugs" where things don't work as they should and "enhancements" which are features we'd want to add to the system.  There are also roughly four different "priority" classes right now,  “4.1”, “4.2”, "4.99" and "Future", the more pressing/urgent issues being in "4.1" and then “4.2”.

 

Please review this link and if a bug is something you would be able to help with either take ownership of the bug, or send me (sjolley.yp.pm@...) an e-mail with the bug number you would like and I will assign it to you (please make sure you have a Bugzilla account).  The list is at: https://wiki.yoctoproject.org/wiki/Bug_Triage_Archive#Unassigned_or_Newcomer_Bugs

 

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 


Yocto Project Status WW21`22

Stephen Jolley
 

Current Dev Position: YP 4.1 M1

Next Deadline: 30th May 2022 YP 4.1 M1 Build

 

Next Team Meetings:

 

Key Status/Updates:

  • YP 4.0.1 was released
  • YP 4.1 M1 is due to build next week.
  • The Yocto Project Virtual Summit and OpenEmbedded Virtual Developer Meeting both seemed to go well, many good presentations, demos and good discussion. Thanks to everyone who helped organize it or attended.
  • There are some prototype scripts updating patchwork patch status for OpenEmbedded-Core and BitBake which is covering about 75% of the patches to the merged state along with revision information: https://patchwork.yoctoproject.org/project/oe-core/list/
  • We have added a new “metrics” target on the autobuilder. This currently has some simple patch status tracking information and can generate a history graph but the hope is to extend this to CVE metrics and likely other things. If anyone has interest in helping here, please let Richard know.

https://autobuilder.yocto.io/pub/non-release/patchmetrics/

  • There are some known cve-check issues on kirkstone and dunfell, patches addressing those issues are in testing.
  • Help is very much welcome in trying to resolve our autobuilder intermittent issues. You can see the list of failures we’re continuing to see by searching for the “AB-INT” tag in bugzilla: https://bugzilla.yoctoproject.org/buglist.cgi?quicksearch=AB-INT

 

Ways to contribute:

 

YP 4.1 Milestone Dates:

  • YP 4.1 M1 build date 2022/05/30
  • YP 4.1 M1 Release date 2022/06/10
  • YP 4.1 M2 build date 2022/07/11
  • YP 4.1 M2 Release date 2022/07/22
  • YP 4.1 M3 build date 2022/08/22
  • YP 4.1 M3 Release date 2022/09/02
  • YP 4.1 M4 build date 2022/10/03
  • YP 4.1 M4 Release date 2022/10/28

 

Upcoming dot releases:

  • YP 4.0.1 is released.
  • YP 3.1.17 build date 2022/06/06
  • YP 3.1.17 Release date 2022/06/17
  • YP 4.0.2 build date 2022/06/27
  • YP 4.0.2 Release date 2022/07/08
  • YP 3.1.18 build date 2022/07/18
  • YP 3.1.18 Release date 2022/07/29
  • YP 4.0.3 build date 2022/08/08
  • YP 4.0.3 Release date 2022/08/19
  • YP 3.1.19 build date 2022/08/29
  • YP 3.1.19 Release date 2022/09/09
  • YP 4.0.4 build date 2022/09/19
  • YP 4.0.4 Release date 2022/09/30
  • YP 3.1.20 build date 2022/10/10
  • YP 3.1.20 Release date 2022/10/21
  • YP 4.0.5 build date 2022/10/31
  • YP 4.0.5 Release date 2022/11/11

 

Tracking Metrics:

 

The Yocto Project’s technical governance is through its Technical Steering Committee, more information is available at:

https://wiki.yoctoproject.org/wiki/TSC

 

The Status reports are now stored on the wiki at: https://wiki.yoctoproject.org/wiki/Weekly_Status

 

[If anyone has suggestions for other information you’d like to see on this weekly status update, let us know!]

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 


Yocto-generated image does not pass the systemd-boot bootloader

lucas@...
 

Good morning,

I generated a Linux Image by following the intel document "Yocto Project*-based Board Support Package for Intel Atom® x6000E Series, and Intel® Pentium® and Celeron® N and J Series Pro"[1].

I built option C (mc:x86-2021-minimal:core-image-full-cmdline) using bitbake. And used bmaptool to prepare a bootable image (differently from the document, in my case the `.wic.bmap` file was not generated, only the .wic, so I had to pass the --nobmap option to bmaptool).

The Elkhart Lake CRB recognizes the bootable image, and boots into systemd-boot.

After selecting the only option in the systemd-boot bootloader, the following message is displayed: "EFI stub: Loaded initrd from command line option", and the boot process does not go any further, being stuck on a screen with this message.

I have tried, however, this same image on my desktop (a Xeon E5-2650 V3) and I can boot til the login screen and log into root. I can also test the image on qemu. But the boot process fails on the CRB.

What could be possibly hapenning?

[1]: https://cdrdv2.intel.com/v1/dl/getContent/619566?explicitVersion=true&wapkw=619566


Re: [ANNOUNCEMENT] Yocto Project 4.0.1 is Released

Michael Opdenacker
 

Hi Lee and others

On 5/24/22 05:01, Lee Chee Yang wrote:

Hi

We are pleased to announce the Yocto Project 4.0.1 Release is now
available for download.


http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.1/poky-8c489602f218bcf21de0d3c9f8cf620ea5f06430.tar.bz2

http://mirrors.kernel.org/yocto/yocto/yocto-4.0.1/poky-8c489602f218bcf21de0d3c9f8cf620ea5f06430.tar.bz2

A gpg signed version of these release notes is available at:

 

http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.1/RELEASENOTES
Many thanks for the new release!

Now that we also have release notes in the documentation (see
https://docs.yoctoproject.org/migration-guides/release-notes-3.4.2.html
for example, and the source code on
https://git.yoctoproject.org/yocto-docs/tree/documentation/migration-guides/release-notes-3.4.2.rst),
what about modifying the scripts to generate such notes directly in
Sphinx syntax, and right before a new release is made, add them to the
documentation directory?

This way I wouldn't have to convert the text release notes by hand, and
users would directly enjoy the HTML format, with links that are easy to
follow (currently for CVE details, but possibly, if generated by a
script, with links to individual).


What do you think?

Thanks again
Michael.

--
Michael Opdenacker, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com


Re: Building rust package fails with "can't find crate for `std`" #bitbake #toolchain #rust #kirkstone

martin.stolpe@...
 

Forgot to mention that the build machine is x86_64 and I want to build for target aarch64.

This is the generated bitbake recipe:

# Auto-Generated by cargo-bitbake 0.3.15
#
inherit cargo pkgconfig

# If this is git based prefer versioned ones if they exist
# DEFAULT_PREFERENCE = "-1"

SRC_URI:append = " file://root/basestation/"
S = "${WORKDIR}/root/basestation"

DEPENDS:append = " \
    libtss2 \
    udev \
    dbus \
    "

# please note if you have entries that do not begin with crate://
# you must change them to how that package can be fetched
SRC_URI += " \
    crate://crates.io/CoreFoundation-sys/0.1.4 \
    crate://crates.io/IOKit-sys/0.1.5 \
    crate://crates.io/ab_glyph_rasterizer/0.1.5 \
    crate://crates.io/adler/1.0.2 \
    crate://crates.io/adler32/1.2.0 \
    crate://crates.io/aes/0.7.5 \
    crate://crates.io/ahash/0.4.7 \
    crate://crates.io/aho-corasick/0.6.10 \
    crate://crates.io/aho-corasick/0.7.18 \
    crate://crates.io/andrew/0.3.1 \
    crate://crates.io/ansi_term/0.12.1 \
    crate://crates.io/anyhow/1.0.52 \
    crate://crates.io/arc-swap/0.4.8 \
    crate://crates.io/async-channel/1.6.1 \
    crate://crates.io/async-executor/1.4.1 \
    crate://crates.io/async-global-executor/2.0.2 \
    crate://crates.io/async-io/1.6.0 \
    crate://crates.io/async-lock/2.4.0 \
    crate://crates.io/async-mutex/1.4.0 \
    crate://crates.io/async-std/1.10.0 \
    crate://crates.io/async-task/4.0.3 \
    crate://crates.io/async-trait/0.1.52 \
    crate://crates.io/async_once/0.2.6 \
    crate://crates.io/atk-sys/0.10.0 \
    crate://crates.io/atk/0.9.0 \
    crate://crates.io/atomic-waker/1.0.0 \
    crate://crates.io/atty/0.2.14 \
    crate://crates.io/autocfg/0.1.7 \
    crate://crates.io/autocfg/1.0.1 \
    crate://crates.io/base64/0.13.0 \
    crate://crates.io/battery/0.7.8 \
    crate://crates.io/bindgen/0.57.0 \
    crate://crates.io/bindgen/0.59.2 \
    crate://crates.io/bitflags/0.9.1 \
    crate://crates.io/bitflags/1.3.2 \
    crate://crates.io/block-buffer/0.9.0 \
    crate://crates.io/block-modes/0.8.1 \
    crate://crates.io/block-padding/0.2.1 \
    crate://crates.io/block/0.1.6 \
    crate://crates.io/blocking/1.1.0 \
    crate://crates.io/btleplug/0.7.3 \
    crate://crates.io/buf_redux/0.8.4 \
    crate://crates.io/bumpalo/3.9.1 \
    crate://crates.io/bytemuck/1.7.3 \
    crate://crates.io/byteorder/1.4.3 \
    crate://crates.io/bytes/0.5.6 \
    crate://crates.io/bytes/1.1.0 \
    crate://crates.io/cache-padded/1.2.0 \
    crate://crates.io/cairo-rs/0.9.1 \
    crate://crates.io/cairo-sys-rs/0.10.0 \
    crate://crates.io/calloop/0.6.5 \
    crate://crates.io/cc/1.0.72 \
    crate://crates.io/cexpr/0.4.0 \
    crate://crates.io/cexpr/0.6.0 \
    crate://crates.io/cfg-if/0.1.10 \
    crate://crates.io/cfg-if/1.0.0 \
    crate://crates.io/chrono/0.4.19 \
    crate://crates.io/cipher/0.3.0 \
    crate://crates.io/clang-sys/1.3.0 \
    crate://crates.io/clap/2.34.0 \
    crate://crates.io/clap/3.0.10 \
    crate://crates.io/clap_derive/3.1.4 \
    crate://crates.io/cloudabi/0.0.3 \
    crate://crates.io/cocoa-foundation/0.1.0 \
    crate://crates.io/cocoa/0.24.0 \
    crate://crates.io/color_quant/1.1.0 \
    crate://crates.io/colored/1.9.3 \
    crate://crates.io/com/0.2.0 \
    crate://crates.io/com_macros/0.2.0 \
    crate://crates.io/com_macros_support/0.2.0 \
    crate://crates.io/concurrent-queue/1.2.2 \
    crate://crates.io/const-sha1/0.2.0 \
    crate://crates.io/core-foundation-sys/0.7.0 \
    crate://crates.io/core-foundation-sys/0.8.3 \
    crate://crates.io/core-foundation/0.7.0 \
    crate://crates.io/core-foundation/0.9.2 \
    crate://crates.io/core-graphics-types/0.1.1 \
    crate://crates.io/core-graphics/0.19.2 \
    crate://crates.io/core-graphics/0.22.3 \
    crate://crates.io/core-video-sys/0.1.4 \
    crate://crates.io/cpufeatures/0.2.1 \
    crate://crates.io/crc32fast/1.3.0 \
    crate://crates.io/crossbeam-channel/0.5.2 \
    crate://crates.io/crossbeam-deque/0.8.1 \
    crate://crates.io/crossbeam-epoch/0.9.6 \
    crate://crates.io/crossbeam-queue/0.3.3 \
    crate://crates.io/crossbeam-utils/0.8.6 \
    crate://crates.io/crossbeam/0.8.1 \
    crate://crates.io/crypto-mac/0.10.1 \
    crate://crates.io/ctor/0.1.21 \
    crate://crates.io/ctr/0.7.0 \
    crate://crates.io/ctr/0.8.0 \
    crate://crates.io/cty/0.2.2 \
    crate://crates.io/custom_error/1.9.2 \
    crate://crates.io/darling/0.10.2 \
    crate://crates.io/darling_core/0.10.2 \
    crate://crates.io/darling_macro/0.10.2 \
    crate://crates.io/dashmap/4.0.2 \
    crate://crates.io/dbus-codegen/0.9.1 \
    crate://crates.io/dbus/0.9.5 \
    crate://crates.io/deflate/0.8.6 \
    crate://crates.io/derivative/2.2.0 \
    crate://crates.io/diff/0.1.12 \
    crate://crates.io/digest/0.9.0 \
    crate://crates.io/dirs-sys/0.3.6 \
    crate://crates.io/dirs/3.0.2 \
    crate://crates.io/dispatch/0.2.0 \
    crate://crates.io/displaydoc/0.2.3 \
    crate://crates.io/dlib/0.4.2 \
    crate://crates.io/dlib/0.5.0 \
    crate://crates.io/docopt/1.1.1 \
    crate://crates.io/downcast-rs/1.2.0 \
    crate://crates.io/dyn-clone/1.0.4 \
    crate://crates.io/either/1.6.1 \
    crate://crates.io/env_logger/0.4.3 \
    crate://crates.io/env_logger/0.8.4 \
    crate://crates.io/env_logger/0.9.0 \
    crate://crates.io/event-listener/2.5.1 \
    crate://crates.io/extprim/1.7.1 \
    crate://crates.io/fallible-iterator/0.2.0 \
    crate://crates.io/fallible-streaming-iterator/0.1.9 \
    crate://crates.io/fastrand/1.6.0 \
    crate://crates.io/fnv/1.0.7 \
    crate://crates.io/foreign-types-shared/0.1.1 \
    crate://crates.io/foreign-types/0.3.2 \
    crate://crates.io/form_urlencoded/1.0.1 \
    crate://crates.io/fuchsia-cprng/0.1.1 \
    crate://crates.io/futures-channel/0.3.19 \
    crate://crates.io/futures-core/0.3.19 \
    crate://crates.io/futures-executor/0.3.19 \
    crate://crates.io/futures-io/0.3.19 \
    crate://crates.io/futures-lite/1.12.0 \
    crate://crates.io/futures-macro/0.3.19 \
    crate://crates.io/futures-sink/0.3.19 \
    crate://crates.io/futures-task/0.3.19 \
    crate://crates.io/futures-util/0.3.19 \
    crate://crates.io/futures/0.3.19 \
    crate://crates.io/gdk-pixbuf-sys/0.10.0 \
    crate://crates.io/gdk-pixbuf/0.9.0 \
    crate://crates.io/gdk-sys/0.10.0 \
    crate://crates.io/gdk/0.13.2 \
    crate://crates.io/generic-array/0.14.5 \
    crate://crates.io/getopts/0.2.21 \
    crate://crates.io/getrandom/0.2.4 \
    crate://crates.io/gif/0.11.3 \
    crate://crates.io/gio-sys/0.10.1 \
    crate://crates.io/gio/0.9.1 \
    crate://crates.io/glib-macros/0.10.1 \
    crate://crates.io/glib-sys/0.10.1 \
    crate://crates.io/glib/0.10.3 \
    crate://crates.io/glob/0.3.0 \
    crate://crates.io/gloo-timers/0.2.2 \
    crate://crates.io/gobject-sys/0.10.0 \
    crate://crates.io/gtk-sys/0.10.0 \
    crate://crates.io/gtk/0.9.2 \
    crate://crates.io/h2/0.3.10 \
    crate://crates.io/hashbrown/0.11.2 \
    crate://crates.io/hashbrown/0.9.1 \
    crate://crates.io/hashlink/0.6.0 \
    crate://crates.io/headers-core/0.2.0 \
    crate://crates.io/headers/0.3.5 \
    crate://crates.io/heck/0.3.3 \
    crate://crates.io/heck/0.4.0 \
    crate://crates.io/hermit-abi/0.1.19 \
    crate://crates.io/hex-literal/0.3.4 \
    crate://crates.io/hex/0.4.3 \
    crate://crates.io/hmac/0.10.1 \
    crate://crates.io/http-body/0.4.4 \
    crate://crates.io/http/0.2.6 \
    crate://crates.io/httparse/1.5.1 \
    crate://crates.io/httpdate/1.0.2 \
    crate://crates.io/humantime/2.1.0 \
    crate://crates.io/hyper/0.14.16 \
    crate://crates.io/ident_case/1.0.1 \
    crate://crates.io/idna/0.2.3 \
    crate://crates.io/image/0.23.14 \
    crate://crates.io/indexmap/1.8.0 \
    crate://crates.io/infer/0.3.7 \
    crate://crates.io/instant/0.1.12 \
    crate://crates.io/itertools/0.10.3 \
    crate://crates.io/itertools/0.9.0 \
    crate://crates.io/itoa/0.4.8 \
    crate://crates.io/itoa/1.0.1 \
    crate://crates.io/javascriptcore-rs-sys/0.2.0 \
    crate://crates.io/javascriptcore-rs/0.10.0 \
    crate://crates.io/jni-sys/0.3.0 \
    crate://crates.io/jpeg-decoder/0.1.22 \
    crate://crates.io/js-sys/0.3.55 \
    crate://crates.io/kernel32-sys/0.2.2 \
    crate://crates.io/kv-log-macro/1.0.7 \
    crate://crates.io/lazy_static/1.4.0 \
    crate://crates.io/lazycell/1.3.0 \
    crate://crates.io/libc/0.2.112 \
    crate://crates.io/libdbus-sys/0.2.2 \
    crate://crates.io/libloading/0.6.7 \
    crate://crates.io/libloading/0.7.3 \
    crate://crates.io/libsqlite3-sys/0.20.1 \
    crate://crates.io/libudev-sys/0.1.4 \
    crate://crates.io/libudev/0.2.0 \
    crate://crates.io/linked-hash-map/0.5.4 \
    crate://crates.io/lock_api/0.4.5 \
    crate://crates.io/log-mdc/0.1.0 \
    crate://crates.io/log/0.3.9 \
    crate://crates.io/log/0.4.14 \
    crate://crates.io/log4rs/1.0.0 \
    crate://crates.io/mach/0.1.2 \
    crate://crates.io/mach/0.2.3 \
    crate://crates.io/mach/0.3.2 \
    crate://crates.io/malloc_buf/0.0.6 \
    crate://crates.io/matches/0.1.9 \
    crate://crates.io/memchr/2.4.1 \
    crate://crates.io/memmap2/0.1.0 \
    crate://crates.io/memoffset/0.6.5 \
    crate://crates.io/mime/0.3.16 \
    crate://crates.io/mime_guess/2.0.3 \
    crate://crates.io/minimal-lexical/0.2.1 \
    crate://crates.io/miniz_oxide/0.3.7 \
    crate://crates.io/miniz_oxide/0.4.4 \
    crate://crates.io/mio-misc/1.2.2 \
    crate://crates.io/mio/0.7.14 \
    crate://crates.io/miow/0.3.7 \
    crate://crates.io/mqtt-protocol/0.10.0 \
    crate://crates.io/multimap/0.8.3 \
    crate://crates.io/multipart/0.18.0 \
    crate://crates.io/native-tls/0.2.8 \
    crate://crates.io/ndk-glue/0.3.0 \
    crate://crates.io/ndk-macro/0.2.0 \
    crate://crates.io/ndk-sys/0.2.2 \
    crate://crates.io/ndk/0.3.0 \
    crate://crates.io/nix/0.14.1 \
    crate://crates.io/nix/0.18.0 \
    crate://crates.io/nix/0.19.1 \
    crate://crates.io/nix/0.20.0 \
    crate://crates.io/nom/5.1.2 \
    crate://crates.io/nom/7.1.0 \
    crate://crates.io/ntapi/0.3.6 \
    crate://crates.io/num-integer/0.1.44 \
    crate://crates.io/num-iter/0.1.42 \
    crate://crates.io/num-rational/0.3.2 \
    crate://crates.io/num-traits/0.2.14 \
    crate://crates.io/num_cpus/1.13.1 \
    crate://crates.io/num_enum/0.5.6 \
    crate://crates.io/num_enum_derive/0.5.6 \
    crate://crates.io/objc/0.2.7 \
    crate://crates.io/objc_id/0.1.1 \
    crate://crates.io/once_cell/1.9.0 \
    crate://crates.io/opaque-debug/0.3.0 \
    crate://crates.io/openssl-probe/0.1.5 \
    crate://crates.io/openssl-src/111.17.0+1.1.1m \
    crate://crates.io/openssl-sys/0.9.72 \
    crate://crates.io/openssl/0.10.38 \
    crate://crates.io/ordered-float/2.10.0 \
    crate://crates.io/os_str_bytes/6.0.0 \
    crate://crates.io/owned_ttf_parser/0.6.0 \
    crate://crates.io/pango-sys/0.10.0 \
    crate://crates.io/pango/0.9.1 \
    crate://crates.io/parking/2.0.0 \
    crate://crates.io/parking_lot/0.11.2 \
    crate://crates.io/parking_lot_core/0.8.5 \
    crate://crates.io/peeking_take_while/0.1.2 \
    crate://crates.io/percent-encoding/2.1.0 \
    crate://crates.io/pin-project-internal/1.0.10 \
    crate://crates.io/pin-project-lite/0.2.8 \
    crate://crates.io/pin-project/1.0.10 \
    crate://crates.io/pin-utils/0.1.0 \
    crate://crates.io/pkg-config/0.3.24 \
    crate://crates.io/png/0.16.8 \
    crate://crates.io/polling/2.2.0 \
    crate://crates.io/ppv-lite86/0.2.16 \
    crate://crates.io/proc-macro-crate/0.1.5 \
    crate://crates.io/proc-macro-crate/1.1.0 \
    crate://crates.io/proc-macro-error-attr/1.0.4 \
    crate://crates.io/proc-macro-error/1.0.4 \
    crate://crates.io/proc-macro2/1.0.36 \
    crate://crates.io/quick-error/1.2.3 \
    crate://crates.io/quote/1.0.14 \
    crate://crates.io/r2d2/0.8.9 \
    crate://crates.io/r2d2_sqlite/0.17.0 \
    crate://crates.io/rand/0.6.5 \
    crate://crates.io/rand/0.8.4 \
    crate://crates.io/rand_chacha/0.1.1 \
    crate://crates.io/rand_chacha/0.3.1 \
    crate://crates.io/rand_core/0.3.1 \
    crate://crates.io/rand_core/0.4.2 \
    crate://crates.io/rand_core/0.6.3 \
    crate://crates.io/rand_hc/0.1.0 \
    crate://crates.io/rand_hc/0.3.1 \
    crate://crates.io/rand_isaac/0.1.1 \
    crate://crates.io/rand_jitter/0.1.4 \
    crate://crates.io/rand_os/0.1.3 \
    crate://crates.io/rand_pcg/0.1.2 \
    crate://crates.io/rand_xorshift/0.1.1 \
    crate://crates.io/raw-window-handle/0.3.4 \
    crate://crates.io/raw-window-handle/0.4.2 \
    crate://crates.io/rayon-core/1.9.1 \
    crate://crates.io/rayon/1.5.1 \
    crate://crates.io/rdrand/0.4.0 \
    crate://crates.io/redox_syscall/0.1.57 \
    crate://crates.io/redox_syscall/0.2.10 \
    crate://crates.io/redox_users/0.4.0 \
    crate://crates.io/regex-syntax/0.5.6 \
    crate://crates.io/regex-syntax/0.6.25 \
    crate://crates.io/regex/0.2.11 \
    crate://crates.io/regex/1.5.4 \
    crate://crates.io/remove_dir_all/0.5.3 \
    crate://crates.io/rppal/0.12.0 \
    crate://crates.io/rusqlite/0.24.2 \
    crate://crates.io/rustc-hash/1.1.0 \
    crate://crates.io/rustc_version/0.2.3 \
    crate://crates.io/rustfmt/0.10.0 \
    crate://crates.io/rusttype/0.9.2 \
    crate://crates.io/ryu/1.0.9 \
    crate://crates.io/safemem/0.3.3 \
    crate://crates.io/same-file/1.0.6 \
    crate://crates.io/schannel/0.1.19 \
    crate://crates.io/scheduled-thread-pool/0.2.5 \
    crate://crates.io/scoped-tls/1.0.0 \
    crate://crates.io/scoped_threadpool/0.1.9 \
    crate://crates.io/scopeguard/1.1.0 \
    crate://crates.io/security-framework-sys/2.5.0 \
    crate://crates.io/security-framework/2.5.0 \
    crate://crates.io/semver-parser/0.7.0 \
    crate://crates.io/semver/0.9.0 \
    crate://crates.io/serde-value/0.7.0 \
    crate://crates.io/serde/1.0.133 \
    crate://crates.io/serde_bytes/0.11.5 \
    crate://crates.io/serde_derive/1.0.133 \
    crate://crates.io/serde_json/1.0.75 \
    crate://crates.io/serde_urlencoded/0.7.1 \
    crate://crates.io/serde_yaml/0.8.23 \
    crate://crates.io/serial_test/0.5.1 \
    crate://crates.io/serial_test_derive/0.5.1 \
    crate://crates.io/serialport/3.3.0 \
    crate://crates.io/sha-1/0.9.8 \
    crate://crates.io/sha2/0.9.9 \
    crate://crates.io/shlex/0.1.1 \
    crate://crates.io/shlex/1.1.0 \
    crate://crates.io/signal-hook-registry/1.4.0 \
    crate://crates.io/single_value_channel/1.2.2 \
    crate://crates.io/slab/0.4.5 \
    crate://crates.io/smallvec/1.8.0 \
    crate://crates.io/smithay-client-toolkit/0.12.3 \
    crate://crates.io/socket2/0.4.2 \
    crate://crates.io/soup-sys/0.10.0 \
    crate://crates.io/squote/0.1.2 \
    crate://crates.io/static_assertions/1.1.0 \
    crate://crates.io/strings/0.1.1 \
    crate://crates.io/strsim/0.10.0 \
    crate://crates.io/strsim/0.8.0 \
    crate://crates.io/strsim/0.9.3 \
    crate://crates.io/strum/0.18.0 \
    crate://crates.io/strum_macros/0.18.0 \
    crate://crates.io/subtle/2.4.1 \
    crate://crates.io/syn/1.0.85 \
    crate://crates.io/syntex_errors/0.59.1 \
    crate://crates.io/syntex_pos/0.59.1 \
    crate://crates.io/syntex_syntax/0.59.1 \
    crate://crates.io/system-deps/1.3.2 \
    crate://crates.io/tauri-winit/0.24.1 \
    crate://crates.io/tempfile/3.3.0 \
    crate://crates.io/term/0.4.6 \
    crate://crates.io/termcolor/1.1.2 \
    crate://crates.io/textwrap/0.11.0 \
    crate://crates.io/textwrap/0.14.2 \
    crate://crates.io/thiserror-impl/1.0.30 \
    crate://crates.io/thiserror/1.0.30 \
    crate://crates.io/thread-id/3.3.0 \
    crate://crates.io/thread_local/0.3.6 \
    crate://crates.io/tiff/0.6.1 \
    crate://crates.io/time/0.1.44 \
    crate://crates.io/tinyvec/1.5.1 \
    crate://crates.io/tinyvec_macros/0.1.0 \
    crate://crates.io/tokio-macros/1.7.0 \
    crate://crates.io/tokio-native-tls/0.3.0 \
    crate://crates.io/tokio-stream/0.1.8 \
    crate://crates.io/tokio-test/0.3.0 \
    crate://crates.io/tokio-tungstenite/0.15.0 \
    crate://crates.io/tokio-util/0.6.9 \
    crate://crates.io/tokio/0.3.7 \
    crate://crates.io/tokio/1.15.0 \
    crate://crates.io/toml/0.4.10 \
    crate://crates.io/toml/0.5.8 \
    crate://crates.io/tower-service/0.3.1 \
    crate://crates.io/tracing-core/0.1.21 \
    crate://crates.io/tracing/0.1.29 \
    crate://crates.io/traitobject/0.1.0 \
    crate://crates.io/try-lock/0.2.3 \
    crate://crates.io/ttf-parser/0.6.2 \
    crate://crates.io/tungstenite/0.14.0 \
    crate://crates.io/twoway/0.1.8 \
    crate://crates.io/typemap/0.3.3 \
    crate://crates.io/typenum/1.15.0 \
    crate://crates.io/ucd-util/0.1.8 \
    crate://crates.io/unicase/2.6.0 \
    crate://crates.io/unicode-bidi/0.3.7 \
    crate://crates.io/unicode-normalization/0.1.19 \
    crate://crates.io/unicode-segmentation/1.8.0 \
    crate://crates.io/unicode-width/0.1.9 \
    crate://crates.io/unicode-xid/0.1.0 \
    crate://crates.io/unicode-xid/0.2.2 \
    crate://crates.io/unsafe-any/0.4.2 \
    crate://crates.io/uom/0.30.0 \
    crate://crates.io/url/2.2.2 \
    crate://crates.io/utf-8/0.7.6 \
    crate://crates.io/utf8-ranges/1.0.4 \
    crate://crates.io/uuid/0.8.2 \
    crate://crates.io/value-bag/1.0.0-alpha.8 \
    crate://crates.io/vcpkg/0.2.15 \
    crate://crates.io/vec_map/0.8.2 \
    crate://crates.io/version-compare/0.0.10 \
    crate://crates.io/version_check/0.9.4 \
    crate://crates.io/void/1.0.2 \
    crate://crates.io/wait-timeout/0.2.0 \
    crate://crates.io/waker-fn/1.1.0 \
    crate://crates.io/walkdir/2.3.2 \
    crate://crates.io/want/0.3.0 \
    crate://crates.io/warp/0.3.2 \
    crate://crates.io/wasi/0.10.0+wasi-snapshot-preview1 \
    crate://crates.io/wasm-bindgen-backend/0.2.78 \
    crate://crates.io/wasm-bindgen-futures/0.4.28 \
    crate://crates.io/wasm-bindgen-macro-support/0.2.78 \
    crate://crates.io/wasm-bindgen-macro/0.2.78 \
    crate://crates.io/wasm-bindgen-shared/0.2.78 \
    crate://crates.io/wasm-bindgen/0.2.78 \
    crate://crates.io/wayland-client/0.28.6 \
    crate://crates.io/wayland-commons/0.28.6 \
    crate://crates.io/wayland-cursor/0.28.6 \
    crate://crates.io/wayland-protocols/0.28.6 \
    crate://crates.io/wayland-scanner/0.28.6 \
    crate://crates.io/wayland-sys/0.28.6 \
    crate://crates.io/web-sys/0.3.55 \
    crate://crates.io/webkit2gtk-sys/0.13.0 \
    crate://crates.io/webkit2gtk/0.11.0 \
    crate://crates.io/webview2-sys/0.1.1 \
    crate://crates.io/webview2/0.1.4 \
    crate://crates.io/weezl/0.1.5 \
    crate://crates.io/wepoll-ffi/0.1.2 \
    crate://crates.io/which/3.1.1 \
    crate://crates.io/which/4.2.2 \
    crate://crates.io/widestring/0.5.1 \
    crate://crates.io/winapi-build/0.1.1 \
    crate://crates.io/winapi-i686-pc-windows-gnu/0.4.0 \
    crate://crates.io/winapi-util/0.1.5 \
    crate://crates.io/winapi-x86_64-pc-windows-gnu/0.4.0 \
    crate://crates.io/winapi/0.2.8 \
    crate://crates.io/winapi/0.3.9 \
    crate://crates.io/windows/0.3.1 \
    crate://crates.io/windows_gen/0.3.1 \
    crate://crates.io/windows_gen_macros/0.3.1 \
    crate://crates.io/windows_macros/0.3.1 \
    crate://crates.io/windows_winmd/0.3.1 \
    crate://crates.io/windows_winmd_macros/0.3.1 \
    crate://crates.io/wry/0.6.2 \
    crate://crates.io/x11-dl/2.19.1 \
    crate://crates.io/xcursor/0.3.4 \
    crate://crates.io/xdg/2.4.0 \
    crate://crates.io/xml-rs/0.8.4 \
    crate://crates.io/yaml-rust/0.4.5 \
"



# FIXME: update generateme with the real MD5 of the license file
LIC_FILES_CHKSUM = " \
    "

SUMMARY = "Base Station"
HOMEPAGE = ""
LICENSE = "CLOSED"

# includes this file if it exists but does not fail
# this is useful for anything you may want to override from
# what cargo-bitbake generates.
include basestation-${PV}.inc
include basestation.inc

What I also don't understand is what the recipe libstd-rs, which is provided as a recipe in poky/meta/recipes-devtools/rust, is used for or how it is used. Considering the name of the package it looks like I would need it? Adding this to DEPENDS doesn't change anything though.

Martin


Re: Building rust package fails with "can't find crate for `std`" #bitbake #toolchain #rust #kirkstone

Alexander Kanavin
 

It helps if you can share the recipe that you're trying to build.

Alex

On Tue, 24 May 2022 at 10:08, <martin.stolpe@...> wrote:

Hello,

I'm trying to build a rust package which pulls openssl-sys as a dependency. I've used cargo bitbake to create the build script.

When I try to build the package using bitbake I get the following error message:
error: failed to run custom build command for `openssl-sys v0.9.72`

Caused by:
process didn't exit successfully: `/home/martin/yocto/build/tmp/work/cortexa72-poky-linux/basestation/0.1.0-r0/build/target/release/build/openssl-sys-0c915fe76d324495/build-script-main` (exit status: 101)
--- stdout
cargo:rustc-cfg=const_fn
cargo:rerun-if-env-changed=AARCH64_POKY_LINUX_OPENSSL_NO_VENDOR
AARCH64_POKY_LINUX_OPENSSL_NO_VENDOR unset
cargo:rerun-if-env-changed=OPENSSL_NO_VENDOR
OPENSSL_NO_VENDOR unset

--- stderr
warning: target json file contains unused fields: has-elf-tls

warning: target json file contains unused fields: has-elf-tls

error[E0463]: can't find crate for `std`
|
= note: the `aarch64-poky-linux` target may not be installed
= help: consider downloading the target with `rustup target add aarch64-poky-linux`

Does anyone know if it is possible to build the std (and core) crate for the rust cross compile toolchain? I'm a beginner regarding Yocto/OpenEmbedded and am really struggling to understand how the rust cross compile toolchain is build. Any help would be appreciated.

Best regards
Martin


Building rust package fails with "can't find crate for `std`" #bitbake #toolchain #rust #kirkstone

martin.stolpe@...
 

Hello,

I'm trying to build a rust package which pulls openssl-sys as a dependency. I've used cargo bitbake to create the build script.

When I try to build the package using bitbake I get the following error message:
error: failed to run custom build command for `openssl-sys v0.9.72`

Caused by:
  process didn't exit successfully: `/home/martin/yocto/build/tmp/work/cortexa72-poky-linux/basestation/0.1.0-r0/build/target/release/build/openssl-sys-0c915fe76d324495/build-script-main` (exit status: 101)
  --- stdout
  cargo:rustc-cfg=const_fn
  cargo:rerun-if-env-changed=AARCH64_POKY_LINUX_OPENSSL_NO_VENDOR
  AARCH64_POKY_LINUX_OPENSSL_NO_VENDOR unset
  cargo:rerun-if-env-changed=OPENSSL_NO_VENDOR
  OPENSSL_NO_VENDOR unset

  --- stderr
  warning: target json file contains unused fields: has-elf-tls

  warning: target json file contains unused fields: has-elf-tls

  error[E0463]: can't find crate for `std`
    |
    = note: the `aarch64-poky-linux` target may not be installed
    = help: consider downloading the target with `rustup target add aarch64-poky-linux`

Does anyone know if it is possible to build the std (and core) crate for the rust cross compile toolchain? I'm a beginner regarding Yocto/OpenEmbedded and am really struggling to understand how the rust cross compile toolchain is build. Any help would be appreciated.

Best regards
Martin