Re: [yocto] Cannot ssh into qemu guest

2024-03-12 Thread Jörg Sommer via lists . yoctoproject . org 
On 09.03.24 19:58, Xylopyrographer via lists.yoctoproject.org wrote:
> Thanks for the reply.
> 
> Still a bit green with all this but from the QEMU VM, *sshd* is running
> and port 22 is open.
> 
> Checked by running:
> *ps aux | grep sshd
> *and
> *netstat -plant | grep :22
> 
> *as well, I can telnet in to the VM itself by running (from within the VM):
> *
> telnet localhost 22*
> 
> which returns:
> *Connected to localhost*
> *SSH-2.0-OpenSSH_9.5*
> 
> So I think all is as it should be on the QEMU side of things?

If you pass the option `slirp` to runqemu, it forwards the ssh port to
 to the outside. Check with `ss -tlp`.

[1]:
https://docs.yoctoproject.org/dev/dev-manual/qemu.html#runqemu-command-line-options


Kind regards

Jörg Sommer
-- 
Navimatix GmbH
Tatzendpromenade 2
D-07745 Jena
Geschäftsführer: Steffen Späthe, Jan Rommeley
Registergericht: Amtsgericht Jena, HRB 501480


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#62741): https://lists.yoctoproject.org/g/yocto/message/62741
Mute This Topic: https://lists.yoctoproject.org/mt/104819558/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [yocto] Using SBOM/spdx with DependencyTrack/CyclonDX

2024-03-04 Thread Jörg Sommer via lists . yoctoproject . org 
Thanks for the hint about the timing. My script worked, but because of the 
required wait before VEX upload it showed bad and inconsistent results.

Here is the new version.

Regards, Jörg
--


Navimatix GmbH

Tatzendpromenade 2

07745 Jena

T: 03641 - 327 99 0

F: 03641 - 526 306

M: joerg.som...@navimatix.de

www.navimatix.de



Geschäftsführer: Steffen Späthe, Jan Rommeley

Registergericht: Amtsgericht Jena, HRB 501480


From: yocto@lists.yoctoproject.org  on behalf of 
Luiz Balloti via lists.yoctoproject.org 

Sent: Monday, 4 March 2024 15:08
To: yocto@lists.yoctoproject.org 
Subject: Re: [yocto] Using SBOM/spdx with DependencyTrack/CyclonDX

Jörg, fixed CVEs should be encoded in a "vulnerabilities" section in a 
CycloneDX SBOM, or in an ancillary VEX document which references SBOM 
components. Unfortunately, Dependency-Track currently ignores the 
vulnerabilities section of uploaded SBOMs, so the only way is to upload the 
SBOM, wait until it is processed by the Dependency-Track instance and then 
upload the VEX document.

Regards,

Luiz

Em seg., 4 de mar. de 2024 às 06:59, Ross Burton 
mailto:ross.bur...@arm.com>> escreveu:
On 3 Mar 2024, at 10:09, Jörg Sommer via 
lists.yoctoproject.org 
mailto:navimatix...@lists.yoctoproject.org>>
 wrote:
> does anyone use DependencyTrack https://dependencytrack.org/ to analyse CVE 
> vulnerabilities? I've created a script to convert the spdx.tar.zst to a 
> CycloneDX JSON and upload this to DependencyTrack. But I'm having the problem 
> that CVEs fixed in Yocto by patches are not reflected in the spdx. There is 
> the sourceInfo field that lists fixed CVEs, but I don't know how to encode 
> this in CycloneDX. How is this done with SDPX? Does anyone do CVE analysis 
> with SPDX?

This is something that’s being actively worked on.  In the mean time, if you’re 
transforming the SPDX into CycloneDX then I suggest that you also read the 
cve-checker JSON output too, that contains information about what CVEs have 
been resolved via patches.

Ross




deptrack-spdx-upload.sh
Description: deptrack-spdx-upload.sh

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#62675): https://lists.yoctoproject.org/g/yocto/message/62675
Mute This Topic: https://lists.yoctoproject.org/mt/104700370/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[yocto] Using SBOM/spdx with DependencyTrack/CyclonDX

2024-03-03 Thread Jörg Sommer via lists . yoctoproject . org 
Hi,

does anyone use DependencyTrack https://dependencytrack.org/ to analyse CVE 
vulnerabilities? I've created a script to convert the spdx.tar.zst to a 
CycloneDX JSON and upload this to DependencyTrack. But I'm having the problem 
that CVEs fixed in Yocto by patches are not reflected in the spdx. There is the 
sourceInfo field that lists fixed CVEs, but I don't know how to encode this in 
CycloneDX. How is this done with SDPX? Does anyone do CVE analysis with SPDX?

Regards Jörg



deptrack-spdx-upoad
Description: deptrack-spdx-upoad

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#62652): https://lists.yoctoproject.org/g/yocto/message/62652
Mute This Topic: https://lists.yoctoproject.org/mt/104700370/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [yocto] How to build two images with different settings of a recipe in Yocto

2024-01-28 Thread Jörg Sommer via lists . yoctoproject . org 
Thanks for your reply. It helps, but I see some issues with the 
ROOTFS_POSTPROCESS_COMMAND.

For the config file this is a possible solution. But what can I do if I need 
code changes? SSH announced they'll disable DSA support by default in a few 
months and for all other images except one I would stay with this default. I 
have to supply another setting to configure when building the recipe for one 
image. And I have more images they require reduced (or widened) settings of 
packages.

And editing the image has the drawback that it doesn't play well with package 
management. If I install/update the sshd ipk, it doesn't contain the change 
from ROOTFS_POSTPROCESS_COMMAND.

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#62313): https://lists.yoctoproject.org/g/yocto/message/62313
Mute This Topic: https://lists.yoctoproject.org/mt/103992605/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[yocto] How to build two images with different settings of a recipe in Yocto

2024-01-26 Thread Jörg Sommer via lists . yoctoproject . org 
[I posted this question on Stackoverflow: 
https://stackoverflow.com/q/77871008/8452187]

I have two images with the same distro and the same machine and each image 
should contain the same package, but build with different settings.

For example, the config file sshd_config is part of the opensshd package, but I 
need a different set of HostKeyAlgorithms depending on the image. (Yes, I could 
use Include, but that's not the point of this question.)

How can I build two different flavours of the same package? One way would be to 
have a different distro for each image, but this wouldn't scale. My other idea 
is to use local.conf to change the build behaviour of the recipe and control 
the image content (and the difference between both) with different local.conf. 
(BTW: I'm using KAS ( https://ghcr.io/siemens/kas ) which makes local.conf 
generation easy.) But what's best practice?

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#62308): https://lists.yoctoproject.org/g/yocto/message/62308
Mute This Topic: https://lists.yoctoproject.org/mt/103992605/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [meta-virtualization][kirkstone] packagegroup-container: require ipv6 for podman

2023-11-08 Thread Jörg Sommer via lists . yoctoproject . org 
On 08.11.23 14:57, Bruce Ashfield wrote:
> I'll do this as a cherry-pick, since when I apply this patch:

That's fine.

> remote: ##
> remote: Invalid author Jörg Sommer via lists.yoctoproject.org
> remote: ##
> To ssh://push.yoctoproject.org/meta-virtualization
>  ! [remote rejected] kirkstone -> kirkstone (pre-receive hook declined)
> error: failed to push some refs to
> 'ssh://push.yoctoproject.org/meta-virtualization'
> 
> Which is fixable via:
> 
> https://docs.yoctoproject.org/contributor-guide/submit-changes.html#fixing-your-from-identity

Thanks for this hint. I'll apply the setting for future commits. I
didn't know this.


Kind regards

Jörg Sommer
-- 
Navimatix GmbH
Tatzendpromenade 2
D-07745 Jena
Geschäftsführer: Steffen Späthe, Jan Rommeley
Registergericht: Amtsgericht Jena, HRB 501480


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#8452): 
https://lists.yoctoproject.org/g/meta-virtualization/message/8452
Mute This Topic: https://lists.yoctoproject.org/mt/102461172/21656
Group Owner: meta-virtualization+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[meta-virtualization][kirkstone] packagegroup-container: require ipv6 for podman

2023-11-08 Thread Jörg Sommer via lists . yoctoproject . org 
The recipe *podman* requires the distro feature *ipv6*. Using a distro
without it causes the build of *packagegroup-container* fails, even if
*packagegroup-podman* is not used:

ERROR: Nothing RPROVIDES 'podman' (but 
/build/../work/layers-3rdparty/meta-virtualization/recipes-core/packagegroups/packagegroup-container.bb
 RDEPENDS on or otherwise requires it)
podman was skipped: missing required distro feature 'ipv6' (not in 
DISTRO_FEATURES)
NOTE: Runtime target 'podman' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['podman']
NOTE: Runtime target 'packagegroup-docker' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['packagegroup-docker', 
'podman']

Signed-off-by: Jörg Sommer 
Cherry-pick-of: 002aaf7029b8002acc69c9d4beea89039410d7cd
---
 recipes-core/packagegroups/packagegroup-container.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-core/packagegroups/packagegroup-container.bb 
b/recipes-core/packagegroups/packagegroup-container.bb
index 8d418e95..8309a086 100644
--- a/recipes-core/packagegroups/packagegroup-container.bb
+++ b/recipes-core/packagegroups/packagegroup-container.bb
@@ -9,7 +9,7 @@ PACKAGES = "\
 packagegroup-lxc \
 packagegroup-docker \
 packagegroup-oci \
-${@bb.utils.contains('DISTRO_FEATURES', 'seccomp', \
+${@bb.utils.contains('DISTRO_FEATURES', 'seccomp ipv6', \
  'packagegroup-podman', '', d)} \
 packagegroup-containerd \
 "
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#8447): 
https://lists.yoctoproject.org/g/meta-virtualization/message/8447
Mute This Topic: https://lists.yoctoproject.org/mt/102461172/21656
Group Owner: meta-virtualization+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[yocto] Call bitbake while bitbake is running

2023-11-02 Thread Jörg Sommer via lists . yoctoproject . org 
Hi,

is it possible to run bitbake while bitbake is running? I'm starting
`bitbake -c menuconfig virtual/kernel` and would like to call
`diffconfig` while I'm doing configuration. The best would be from the
other window of tmux. Is this possible?

Kind regards

Jörg Sommer
-- 
Navimatix GmbH
Tatzendpromenade 2
D-07745 Jena
Geschäftsführer: Steffen Späthe, Jan Rommeley
Registergericht: Amtsgericht Jena, HRB 501480

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#61577): https://lists.yoctoproject.org/g/yocto/message/61577
Mute This Topic: https://lists.yoctoproject.org/mt/102342075/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[meta-virtualization][PATCH v2] packagegroup-container: require ipv6 for podman

2023-10-12 Thread Jörg Sommer via lists . yoctoproject . org 
The recipe *podman* requires the distro feature *ipv6*. Using a distro
without it causes the build of *packagegroup-container* fails, even if
*packagegroup-podman* is not used:

ERROR: Nothing RPROVIDES 'podman' (but 
/build/../work/layers-3rdparty/meta-virtualization/recipes-core/packagegroups/packagegroup-container.bb
 RDEPENDS on or otherwise requires it)
podman was skipped: missing required distro feature 'ipv6' (not in 
DISTRO_FEATURES)
NOTE: Runtime target 'podman' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['podman']
NOTE: Runtime target 'packagegroup-docker' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['packagegroup-docker', 
'podman']

Signed-off-by: Jörg Sommer 
---
 recipes-core/packagegroups/packagegroup-container.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-core/packagegroups/packagegroup-container.bb 
b/recipes-core/packagegroups/packagegroup-container.bb
index 8d418e9..8309a08 100644
--- a/recipes-core/packagegroups/packagegroup-container.bb
+++ b/recipes-core/packagegroups/packagegroup-container.bb
@@ -9,7 +9,7 @@ PACKAGES = "\
 packagegroup-lxc \
 packagegroup-docker \
 packagegroup-oci \
-${@bb.utils.contains('DISTRO_FEATURES', 'seccomp', \
+${@bb.utils.contains('DISTRO_FEATURES', 'seccomp ipv6', \
  'packagegroup-podman', '', d)} \
 packagegroup-containerd \
 "
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#8351): 
https://lists.yoctoproject.org/g/meta-virtualization/message/8351
Mute This Topic: https://lists.yoctoproject.org/mt/101916200/21656
Group Owner: meta-virtualization+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[meta-virtualization][PATCH] packagegroup-container: require ipv6 for podman

2023-10-11 Thread Jörg Sommer via lists . yoctoproject . org 
The recipe *podman* requires *ipv6* in *DISTRO_FEATURES*, which causes the
build of the whole recipe fail, even if packagegroup-podman is not used.

Signed-off-by: Jörg Sommer 
---
 recipes-core/packagegroups/packagegroup-container.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-core/packagegroups/packagegroup-container.bb 
b/recipes-core/packagegroups/packagegroup-container.bb
index 8d418e9..8309a08 100644
--- a/recipes-core/packagegroups/packagegroup-container.bb
+++ b/recipes-core/packagegroups/packagegroup-container.bb
@@ -9,7 +9,7 @@ PACKAGES = "\
 packagegroup-lxc \
 packagegroup-docker \
 packagegroup-oci \
-${@bb.utils.contains('DISTRO_FEATURES', 'seccomp', \
+${@bb.utils.contains('DISTRO_FEATURES', 'seccomp ipv6', \
  'packagegroup-podman', '', d)} \
 packagegroup-containerd \
 "
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#8347): 
https://lists.yoctoproject.org/g/meta-virtualization/message/8347
Mute This Topic: https://lists.yoctoproject.org/mt/101893004/21656
Group Owner: meta-virtualization+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-