[OE-core] [PATCH 2/3] iptables: Allow overriding rules file location
In some cases a distribution may want to install rules file into a location other than /etc/iptables/ so introduce custom recipe-level IPTABLES_RULES_DIR parameter which allows conveniently overriding the rules directory location. Signed-off-by: Niko Mauno --- .../iptables/iptables/iptables.service| 4 ++-- meta/recipes-extended/iptables/iptables_1.8.3.bb | 11 --- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/meta/recipes-extended/iptables/iptables/iptables.service b/meta/recipes-extended/iptables/iptables/iptables.service index 041316e457..5a8aa3f298 100644 --- a/meta/recipes-extended/iptables/iptables/iptables.service +++ b/meta/recipes-extended/iptables/iptables/iptables.service @@ -5,8 +5,8 @@ Wants=network-pre.target [Service] Type=oneshot -ExecStart=@SBINDIR@/iptables-restore /etc/iptables/iptables.rules -ExecReload=@SBINDIR@/iptables-restore /etc/iptables/iptables.rules +ExecStart=@SBINDIR@/iptables-restore @RULESDIR@/iptables.rules +ExecReload=@SBINDIR@/iptables-restore @RULESDIR@/iptables.rules RemainAfterExit=yes [Install] diff --git a/meta/recipes-extended/iptables/iptables_1.8.3.bb b/meta/recipes-extended/iptables/iptables_1.8.3.bb index 563c8ae354..73680207b4 100644 --- a/meta/recipes-extended/iptables/iptables_1.8.3.bb +++ b/meta/recipes-extended/iptables/iptables_1.8.3.bb @@ -38,14 +38,19 @@ do_configure_prepend() { rm -f libtool.m4 lt~obsolete.m4 ltoptions.m4 ltsugar.m4 ltversion.m4 } +IPTABLES_RULES_DIR ?= "${sysconfdir}/${BPN}" + do_install_append() { -install -d ${D}${sysconfdir}/iptables -install -m 0644 ${WORKDIR}/iptables.rules ${D}${sysconfdir}/iptables +install -d ${D}${IPTABLES_RULES_DIR} +install -m 0644 ${WORKDIR}/iptables.rules ${D}${IPTABLES_RULES_DIR} install -d ${D}${systemd_system_unitdir} install -m 0644 ${WORKDIR}/iptables.service ${D}${systemd_system_unitdir} -sed -i -e 's,@SBINDIR@,${sbindir},g' ${D}${systemd_system_unitdir}/iptables.service +sed -i \ +-e 's,@SBINDIR@,${sbindir},g' \ +-e 's,@RULESDIR@,${IPTABLES_RULES_DIR},g' \ +${D}${systemd_system_unitdir}/iptables.service } PACKAGES += "${PN}-modules" -- 2.20.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 3/3] iptables: Add systemd helper unit for IPv6 too
Commit bc66b2f45ade2c63cfd14d5388f6ca0905a23bb0 added systemd helper unit for automatic IPv4 rule loading. Complement the effort by adding systemd helper unit also for automatic IPv6 rule loading. Signed-off-by: Niko Mauno --- .../iptables/iptables/ip6tables.rules | 0 .../iptables/iptables/ip6tables.service | 13 .../iptables/iptables/iptables.service| 6 +++--- .../iptables/iptables_1.8.3.bb| 21 ++- 4 files changed, 36 insertions(+), 4 deletions(-) create mode 100644 meta/recipes-extended/iptables/iptables/ip6tables.rules create mode 100644 meta/recipes-extended/iptables/iptables/ip6tables.service diff --git a/meta/recipes-extended/iptables/iptables/ip6tables.rules b/meta/recipes-extended/iptables/iptables/ip6tables.rules new file mode 100644 index 00..e69de29bb2 diff --git a/meta/recipes-extended/iptables/iptables/ip6tables.service b/meta/recipes-extended/iptables/iptables/ip6tables.service new file mode 100644 index 00..6c059fca49 --- /dev/null +++ b/meta/recipes-extended/iptables/iptables/ip6tables.service @@ -0,0 +1,13 @@ +[Unit] +Description=IPv6 Packet Filtering Framework +Before=network-pre.target +Wants=network-pre.target + +[Service] +Type=oneshot +ExecStart=@SBINDIR@/ip6tables-restore -w -- @RULESDIR@/ip6tables.rules +ExecReload=@SBINDIR@/ip6tables-restore -w -- @RULESDIR@/ip6tables.rules +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target diff --git a/meta/recipes-extended/iptables/iptables/iptables.service b/meta/recipes-extended/iptables/iptables/iptables.service index 5a8aa3f298..0eb3c343de 100644 --- a/meta/recipes-extended/iptables/iptables/iptables.service +++ b/meta/recipes-extended/iptables/iptables/iptables.service @@ -1,12 +1,12 @@ [Unit] -Description=Packet Filtering Framework +Description=IPv4 Packet Filtering Framework Before=network-pre.target Wants=network-pre.target [Service] Type=oneshot -ExecStart=@SBINDIR@/iptables-restore @RULESDIR@/iptables.rules -ExecReload=@SBINDIR@/iptables-restore @RULESDIR@/iptables.rules +ExecStart=@SBINDIR@/iptables-restore -w -- @RULESDIR@/iptables.rules +ExecReload=@SBINDIR@/iptables-restore -w -- @RULESDIR@/iptables.rules RemainAfterExit=yes [Install] diff --git a/meta/recipes-extended/iptables/iptables_1.8.3.bb b/meta/recipes-extended/iptables/iptables_1.8.3.bb index 73680207b4..96d195d9d0 100644 --- a/meta/recipes-extended/iptables/iptables_1.8.3.bb +++ b/meta/recipes-extended/iptables/iptables_1.8.3.bb @@ -13,11 +13,16 @@ SRC_URI = "http://netfilter.org/projects/iptables/files/iptables-${PV}.tar.bz2 \ file://0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch \ file://iptables.service \ file://iptables.rules \ + file://ip6tables.service \ + file://ip6tables.rules \ " SRC_URI[md5sum] = "29de711d15c040c402cf3038c69ff513" SRC_URI[sha256sum] = "a23cac034181206b4545f4e7e730e76e08b5f3dd78771ba9645a6756de9cdd80" -SYSTEMD_SERVICE_${PN} = "iptables.service" +SYSTEMD_SERVICE_${PN} = "\ +iptables.service \ +${@bb.utils.contains('PACKAGECONFIG', 'ipv6', 'ip6tables.service', '', d)} \ +" inherit autotools pkgconfig systemd @@ -51,6 +56,16 @@ do_install_append() { -e 's,@SBINDIR@,${sbindir},g' \ -e 's,@RULESDIR@,${IPTABLES_RULES_DIR},g' \ ${D}${systemd_system_unitdir}/iptables.service + +if ${@bb.utils.contains('PACKAGECONFIG', 'ipv6', 'true', 'false', d)} ; then +install -m 0644 ${WORKDIR}/ip6tables.rules ${D}${IPTABLES_RULES_DIR} +install -m 0644 ${WORKDIR}/ip6tables.service ${D}${systemd_system_unitdir} + +sed -i \ +-e 's,@SBINDIR@,${sbindir},g' \ +-e 's,@RULESDIR@,${IPTABLES_RULES_DIR},g' \ +${D}${systemd_system_unitdir}/ip6tables.service +fi } PACKAGES += "${PN}-modules" @@ -75,6 +90,10 @@ RRECOMMENDS_${PN} = " \ kernel-module-nf-conntrack-ipv4 \ kernel-module-nf-nat \ kernel-module-ipt-masquerade \ +${@bb.utils.contains('PACKAGECONFIG', 'ipv6', '\ +kernel-module-ip6table-filter \ +kernel-module-ip6-tables \ +', '', d)} \ " FILES_${PN} += "${datadir}/xtables" -- 2.20.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 1/3] iptables: Cosmetic fixes to recipe
Introduce cosmetic changes to recipe content, most notably - Change indentation style to four spaces in task statements - Reorder several entries according to oe-stylize.py suggestions Signed-off-by: Niko Mauno --- .../iptables/iptables_1.8.3.bb| 60 +-- 1 file changed, 29 insertions(+), 31 deletions(-) diff --git a/meta/recipes-extended/iptables/iptables_1.8.3.bb b/meta/recipes-extended/iptables/iptables_1.8.3.bb index ff9fcb1b53..563c8ae354 100644 --- a/meta/recipes-extended/iptables/iptables_1.8.3.bb +++ b/meta/recipes-extended/iptables/iptables_1.8.3.bb @@ -4,8 +4,9 @@ filtering code in Linux." HOMEPAGE = "http://www.netfilter.org/"; BUGTRACKER = "http://bugzilla.netfilter.org/"; LICENSE = "GPLv2+" -LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263\ - file://iptables/iptables.c;beginline=13;endline=25;md5=c5cffd09974558cf27d0f763df2a12dc" +LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ + file://iptables/iptables.c;beginline=13;endline=25;md5=c5cffd09974558cf27d0f763df2a12dc \ +" SRC_URI = "http://netfilter.org/projects/iptables/files/iptables-${PV}.tar.bz2 \ file://0001-configure-Add-option-to-enable-disable-libnfnetlink.patch \ @@ -13,16 +14,16 @@ SRC_URI = "http://netfilter.org/projects/iptables/files/iptables-${PV}.tar.bz2 \ file://iptables.service \ file://iptables.rules \ " - SRC_URI[md5sum] = "29de711d15c040c402cf3038c69ff513" SRC_URI[sha256sum] = "a23cac034181206b4545f4e7e730e76e08b5f3dd78771ba9645a6756de9cdd80" +SYSTEMD_SERVICE_${PN} = "iptables.service" + inherit autotools pkgconfig systemd EXTRA_OECONF = "--with-kernel=${STAGING_INCDIR}" PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}" - PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," # libnfnetlink recipe is in meta-networking layer @@ -32,9 +33,19 @@ PACKAGECONFIG[libnfnetlink] = "--enable-libnfnetlink,--disable-libnfnetlink,libn PACKAGECONFIG[libnftnl] = "--enable-nftables,--disable-nftables,libnftnl" do_configure_prepend() { - # Remove some libtool m4 files - # Keep ax_check_linker_flags.m4 which belongs to autoconf-archive. - rm -f libtool.m4 lt~obsolete.m4 ltoptions.m4 ltsugar.m4 ltversion.m4 +# Remove some libtool m4 files +# Keep ax_check_linker_flags.m4 which belongs to autoconf-archive. +rm -f libtool.m4 lt~obsolete.m4 ltoptions.m4 ltsugar.m4 ltversion.m4 +} + +do_install_append() { +install -d ${D}${sysconfdir}/iptables +install -m 0644 ${WORKDIR}/iptables.rules ${D}${sysconfdir}/iptables + +install -d ${D}${systemd_system_unitdir} +install -m 0644 ${WORKDIR}/iptables.service ${D}${systemd_system_unitdir} + +sed -i -e 's,@SBINDIR@,${sbindir},g' ${D}${systemd_system_unitdir}/iptables.service } PACKAGES += "${PN}-modules" @@ -47,30 +58,6 @@ python populate_packages_prepend() { d.appendVar('RDEPENDS_' + metapkg, ' ' + ' '.join(modules)) } -FILES_${PN} += "${datadir}/xtables" - -# Include the symlinks as well in respective packages -FILES_${PN}-module-xt-conntrack += "${libdir}/xtables/libxt_state.so" -FILES_${PN}-module-xt-ct += "${libdir}/xtables/libxt_NOTRACK.so" - -INSANE_SKIP_${PN}-module-xt-conntrack = "dev-so" -INSANE_SKIP_${PN}-module-xt-ct = "dev-so" - -ALLOW_EMPTY_${PN}-modules = "1" - -do_install_append() { - -install -d ${D}${sysconfdir}/iptables -install -m 0644 ${WORKDIR}/iptables.rules ${D}${sysconfdir}/iptables - -install -d ${D}${systemd_system_unitdir} -install -m 0644 ${WORKDIR}/iptables.service ${D}${systemd_system_unitdir} - - sed -i -e 's,@SBINDIR@,${sbindir},g' ${D}${systemd_system_unitdir}/iptables.service -} - -SYSTEMD_SERVICE_${PN} = "iptables.service" - RDEPENDS_${PN} = "${PN}-module-xt-standard" RRECOMMENDS_${PN} = " \ ${PN}-modules \ @@ -84,3 +71,14 @@ RRECOMMENDS_${PN} = " \ kernel-module-nf-nat \ kernel-module-ipt-masquerade \ " + +FILES_${PN} += "${datadir}/xtables" + +# Include the symlinks as well in respective packages +FILES_${PN}-module-xt-conntrack += "${libdir}/xtables/libxt_state.so" +FILES_${PN}-module-xt-ct += "${libdir}/xtables/libxt_NOTRACK.so" + +ALLOW_EMPTY_${PN}-modules = "1" + +INSANE_SKIP_${PN}-module-xt-conntrack = "dev-so" +INSANE_SKIP_${PN}-module-xt-ct = "dev-so" -- 2.20.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH] Fix missing leading whitespace with ':append'
On 7/9/24 18:43, Richard Purdie wrote: On Tue, 2024-07-09 at 16:10 +0200, Alexandre Belloni via lists.openembedded.org wrote: Hello, Can you submit one patch per recipe? FWIW I tweaked the shortlog prefix in master-next to mesa/dnf: which resolves this case. Cheers, Richard Apologies, I failed to realize this before submitting a v2 of the commit as a series of two separate patches. Please ignore it. - Niko -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#201670): https://lists.openembedded.org/g/openembedded-core/message/201670 Mute This Topic: https://lists.openembedded.org/mt/107121031/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] libyaml: Amend CVE status as 'upstream-wontfix'
On 8/2/24 17:25, Guðni Már Gilbert wrote: I wonder if it would be good to backport this to Scarthgap. I'm getting the following warning for unpatched CVE on latest scarthgap: WARNING: libyaml-0.2.5-r0 do_cve_check: Found unpatched CVE (CVE-2024-35328), for more information check /home/builder/yocto/build/tmp/work/cortexa9t2hf-neon-tdx-linux-gnueabi/libyaml/0.2.5/temp/cve.log Would this patch silence it? Thanks, I've submitted https://lists.openembedded.org/g/openembedded-core/message/202933 which should fix the issue if it gets incorporated. -Niko -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#202934): https://lists.openembedded.org/g/openembedded-core/message/202934 Mute This Topic: https://lists.openembedded.org/mt/107662504/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] icu: Fix 'buildpaths' QA error
On 9/1/24 13:55, Richard Purdie wrote: On Sat, 2024-08-31 at 16:01 +0300, Niko Mauno via lists.openembedded.org wrote: Add stripping of STAGING_DIR_NATIVE during target/nativesdk specific do_install, which mitigates following BitBake failure: ERROR: icu-75-1-r0 do_package_qa: QA Issue: File /usr/lib/icu/75.1/pkgdata.inc in package icu-dev contains reference to TMPDIR [buildpaths] ERROR: icu-75-1-r0 do_package_qa: Fatal QA errors were found, failing task. While doing so, we also drop HOSTTOOLS_DIR stripping, as it's value does not appear in the content of either file that are manipulated here. Signed-off-by: Niko Mauno --- meta/recipes-support/icu/icu_75-1.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Why aren't we seeing this issue in automated test? I should have known better, in a new workspace I was unable to reproduce to issue. Apologies for the noise. -Niko -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#204051): https://lists.openembedded.org/g/openembedded-core/message/204051 Mute This Topic: https://lists.openembedded.org/mt/108194777/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [pyro][PATCH] package_manager.py: Explicit complementary fail
When running bitbake -c populate_sdk , it is expected that packages matching SDKIMAGE_INSTALL_COMPLEMENTARY name mask (unless declared in PACKAGE_EXCLUDE_COMPLEMENTARY) are installed to resulting SDK. Underlying mechanism issues a package manager install call for set of complementary packages. However the mechanism doesn't seem to inform the user all too obviously in case the package manager command behind install_complementary() method fails -- and since it is combined with attempt_only=True option, user might end up wondering why several *-dev, *-dbg packages are missing from resulting SDK. Improve associated install() method behaviour in affected OpkgPM and DpkgPM classes so that a problematic state of affairs becomes directly obvious for bitbake user, resulting in shell output like: WARNING: someimage-1.0-r0 do_populate_sdk: Unable to install packages. Command '...' returned 1: Collected errors: * Solver encountered 1 problem(s): * Problem 1/1: * - package somepkg-dev-1.0-r0.x86 requires somepkg = 1.0-r0, but none of the providers can be installed * * Solution 1: * - allow deinstallation of someotherpkg-1.1-r1.x86 * - do not ask to install a package providing somepkg-dev * Solution 2: * - do not ask to install a package providing somepkg-dev (From OE-Core rev: 2502bd591c37bf532d02dc6b37fc1e8b5224fb0a) Signed-off-by: Niko Mauno Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit 0d4459e7086fced5e9e0b4ad10378c9eddec56a8) --- meta/lib/oe/package_manager.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/lib/oe/package_manager.py b/meta/lib/oe/package_manager.py index a907d6c7b9..1a2914fedc 100644 --- a/meta/lib/oe/package_manager.py +++ b/meta/lib/oe/package_manager.py @@ -1078,7 +1078,7 @@ class OpkgPM(OpkgDpkgPM): output = subprocess.check_output(cmd.split(), stderr=subprocess.STDOUT).decode("utf-8") bb.note(output) except subprocess.CalledProcessError as e: -(bb.fatal, bb.note)[attempt_only]("Unable to install packages. " +(bb.fatal, bb.warn)[attempt_only]("Unable to install packages. " "Command '%s' returned %d:\n%s" % (cmd, e.returncode, e.output.decode("utf-8"))) @@ -1377,7 +1377,7 @@ class DpkgPM(OpkgDpkgPM): bb.note("Installing the following packages: %s" % ' '.join(pkgs)) subprocess.check_output(cmd.split(), stderr=subprocess.STDOUT) except subprocess.CalledProcessError as e: -(bb.fatal, bb.note)[attempt_only]("Unable to install packages. " +(bb.fatal, bb.warn)[attempt_only]("Unable to install packages. " "Command '%s' returned %d:\n%s" % (cmd, e.returncode, e.output.decode("utf-8"))) -- 2.16.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [rocko][PATCH] package_manager.py: Explicit complementary fail
When running bitbake -c populate_sdk , it is expected that packages matching SDKIMAGE_INSTALL_COMPLEMENTARY name mask (unless declared in PACKAGE_EXCLUDE_COMPLEMENTARY) are installed to resulting SDK. Underlying mechanism issues a package manager install call for set of complementary packages. However the mechanism doesn't seem to inform the user all too obviously in case the package manager command behind install_complementary() method fails -- and since it is combined with attempt_only=True option, user might end up wondering why several *-dev, *-dbg packages are missing from resulting SDK. Improve associated install() method behaviour in affected OpkgPM and DpkgPM classes so that a problematic state of affairs becomes directly obvious for bitbake user, resulting in shell output like: WARNING: someimage-1.0-r0 do_populate_sdk: Unable to install packages. Command '...' returned 1: Collected errors: * Solver encountered 1 problem(s): * Problem 1/1: * - package somepkg-dev-1.0-r0.x86 requires somepkg = 1.0-r0, but none of the providers can be installed * * Solution 1: * - allow deinstallation of someotherpkg-1.1-r1.x86 * - do not ask to install a package providing somepkg-dev * Solution 2: * - do not ask to install a package providing somepkg-dev (From OE-Core rev: 2502bd591c37bf532d02dc6b37fc1e8b5224fb0a) Signed-off-by: Niko Mauno Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit 0d4459e7086fced5e9e0b4ad10378c9eddec56a8) --- meta/lib/oe/package_manager.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/lib/oe/package_manager.py b/meta/lib/oe/package_manager.py index db8bf2f39c..ed8fec8509 100644 --- a/meta/lib/oe/package_manager.py +++ b/meta/lib/oe/package_manager.py @@ -1089,7 +1089,7 @@ class OpkgPM(OpkgDpkgPM): output = subprocess.check_output(cmd.split(), stderr=subprocess.STDOUT).decode("utf-8") bb.note(output) except subprocess.CalledProcessError as e: -(bb.fatal, bb.note)[attempt_only]("Unable to install packages. " +(bb.fatal, bb.warn)[attempt_only]("Unable to install packages. " "Command '%s' returned %d:\n%s" % (cmd, e.returncode, e.output.decode("utf-8"))) @@ -1388,7 +1388,7 @@ class DpkgPM(OpkgDpkgPM): bb.note("Installing the following packages: %s" % ' '.join(pkgs)) subprocess.check_output(cmd.split(), stderr=subprocess.STDOUT) except subprocess.CalledProcessError as e: -(bb.fatal, bb.note)[attempt_only]("Unable to install packages. " +(bb.fatal, bb.warn)[attempt_only]("Unable to install packages. " "Command '%s' returned %d:\n%s" % (cmd, e.returncode, e.output.decode("utf-8"))) -- 2.16.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] run-postinsts: Replace pi_dir variable test
Since commit 5159ddcb62682e1b7e63a20a9218ea96e3fe10a2 string length test performed against pi_dir has effectively never been able to succeed. Change this to rather test if pi_dir is not an existing directory. By doing we remove the chance of seeing the following console error message during first boot to a pristine rootfs: 'ls: /etc/ipk-postinsts: No such file or directory' Signed-off-by: Niko Mauno --- meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts | 2 +- meta/recipes-devtools/run-postinsts/run-postinsts_1.0.bb| 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts b/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts index 50c0a1afea..307feb7187 100755 --- a/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts +++ b/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts @@ -43,7 +43,7 @@ remove_rcsd_link () { fi } -if [ -z "$pi_dir" ]; then +if ! [ -d $pi_dir ]; then remove_rcsd_link exit 0 fi diff --git a/meta/recipes-devtools/run-postinsts/run-postinsts_1.0.bb b/meta/recipes-devtools/run-postinsts/run-postinsts_1.0.bb index 31c98ec99c..85b3fc867e 100644 --- a/meta/recipes-devtools/run-postinsts/run-postinsts_1.0.bb +++ b/meta/recipes-devtools/run-postinsts/run-postinsts_1.0.bb @@ -1,6 +1,6 @@ SUMMARY = "Runs postinstall scripts on first boot of the target device" SECTION = "devel" -PR = "r9" +PR = "r10" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" -- 2.16.3 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 2/3] e2fsprogs: Complement update-alternatives scope
Avoid collision of e2fsprogs provided tune2fs, mke2fs and mkfs.ext2 commands with corresponding BusyBox provided applets in case both packages are installed to same rootfs, by adding these commands to update-alternatives scope Signed-off-by: Niko Mauno --- meta/recipes-devtools/e2fsprogs/e2fsprogs_1.43.8.bb | 7 +++ 1 file changed, 7 insertions(+) diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.43.8.bb b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.43.8.bb index 56abb3b5d3..cda432460f 100644 --- a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.43.8.bb +++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.43.8.bb @@ -100,6 +100,13 @@ ALTERNATIVE_TARGET[chattr] = "${base_bindir}/chattr.e2fsprogs" ALTERNATIVE_${PN}-doc = "fsck.8" ALTERNATIVE_LINK_NAME[fsck.8] = "${mandir}/man8/fsck.8" +ALTERNATIVE_${PN}-tune2fs = "tune2fs" +ALTERNATIVE_LINK_NAME[tune2fs] = "${base_sbindir}/tune2fs" + +ALTERNATIVE_${PN}-mke2fs = "mke2fs mkfs.ext2" +ALTERNATIVE_LINK_NAME[mke2fs] = "${base_sbindir}/mke2fs" +ALTERNATIVE_LINK_NAME[mkfs.ext2] = "${base_sbindir}/mkfs.ext2" + RDEPENDS_${PN}-ptest += "${PN} ${PN}-tune2fs coreutils procps bash" do_compile_ptest() { -- 2.11.0 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 1/3] procps: Complement update-alternatives scope
Avoid collision of propcs provided w binary with BusyBox-provided applet in case both are installed to same rootfs, by adding w to update-alternatives scope via bindir_progs variable Signed-off-by: Niko Mauno --- meta/recipes-extended/procps/procps_3.3.12.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-extended/procps/procps_3.3.12.bb b/meta/recipes-extended/procps/procps_3.3.12.bb index 99e43c5349..ecf215fecf 100644 --- a/meta/recipes-extended/procps/procps_3.3.12.bb +++ b/meta/recipes-extended/procps/procps_3.3.12.bb @@ -42,7 +42,7 @@ do_install_append () { CONFFILES_${PN} = "${sysconfdir}/sysctl.conf" -bindir_progs = "free pkill pmap pgrep pwdx skill snice top uptime" +bindir_progs = "free pkill pmap pgrep pwdx skill snice top uptime w" base_bindir_progs += "kill pidof ps watch" base_sbindir_progs += "sysctl" -- 2.11.0 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 3/3] mtd-utils: Complement update-alternatives scope
Avoid collision of mtd-utils and mtd-utils-ubifs provided binaries with identically named BusyBox provided applets in case packages are installed to same rootfs, by adding relevant binaries to update-alternatives scope Signed-off-by: Niko Mauno --- meta/recipes-devtools/mtd/mtd-utils_git.bb | 23 --- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/meta/recipes-devtools/mtd/mtd-utils_git.bb b/meta/recipes-devtools/mtd/mtd-utils_git.bb index d09d633022..f50a42cf0e 100644 --- a/meta/recipes-devtools/mtd/mtd-utils_git.bb +++ b/meta/recipes-devtools/mtd/mtd-utils_git.bb @@ -28,10 +28,27 @@ CPPFLAGS_append_riscv64 = " -pthread -D_REENTRANT" EXTRA_OEMAKE = "'CC=${CC}' 'RANLIB=${RANLIB}' 'AR=${AR}' 'CFLAGS=${CFLAGS} ${@bb.utils.contains('PACKAGECONFIG', 'xattr', '', '-DWITHOUT_XATTR', d)} -I${S}/include' 'BUILDDIR=${S}'" -ALTERNATIVE_${PN} = "flash_eraseall" +# Use higher priority than corresponding BusyBox-provided applets +ALTERNATIVE_PRIORITY = "100" + +ALTERNATIVE_${PN} = "flashcp flash_eraseall flash_lock flash_unlock nanddump nandwrite" +ALTERNATIVE_${PN}-ubifs = "ubiattach ubidetach ubimkvol ubirename ubirmvol ubirsvol ubiupdatevol" + +ALTERNATIVE_LINK_NAME[flash_eraseall] = "${sbindir}/flash_eraseall" +ALTERNATIVE_LINK_NAME[nandwrite] = "${sbindir}/nandwrite" +ALTERNATIVE_LINK_NAME[nanddump] = "${sbindir}/nanddump" +ALTERNATIVE_LINK_NAME[ubiattach] = "${sbindir}/ubiattach" +ALTERNATIVE_LINK_NAME[ubiattach] = "${sbindir}/ubiattach" +ALTERNATIVE_LINK_NAME[ubidetach] = "${sbindir}/ubidetach" +ALTERNATIVE_LINK_NAME[ubimkvol] = "${sbindir}/ubimkvol" +ALTERNATIVE_LINK_NAME[ubirename] = "${sbindir}/ubirename" +ALTERNATIVE_LINK_NAME[ubirmvol] = "${sbindir}/ubirmvol" +ALTERNATIVE_LINK_NAME[ubirsvol] = "${sbindir}/ubirsvol" +ALTERNATIVE_LINK_NAME[ubiupdatevol] = "${sbindir}/ubiupdatevol" ALTERNATIVE_LINK_NAME[flash_eraseall] = "${sbindir}/flash_eraseall" -# Use higher priority than busybox's flash_eraseall (created when built with CONFIG_FLASH_ERASEALL) -ALTERNATIVE_PRIORITY[flash_eraseall] = "100" +ALTERNATIVE_LINK_NAME[flash_lock] = "${sbindir}/flash_lock" +ALTERNATIVE_LINK_NAME[flash_unlock] = "${sbindir}/flash_unlock" +ALTERNATIVE_LINK_NAME[flashcp] = "${sbindir}/flashcp" do_install () { oe_runmake install DESTDIR=${D} SBINDIR=${sbindir} MANDIR=${mandir} INCLUDEDIR=${includedir} -- 2.11.0 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH v2 2/3] e2fsprogs: Complement update-alternatives scope
Avoid collision of e2fsprogs provided tune2fs, mke2fs and mkfs.ext2 commands with corresponding BusyBox provided applets in case both packages are installed to same rootfs, by adding these commands to update-alternatives scope Signed-off-by: Niko Mauno --- meta/recipes-devtools/e2fsprogs/e2fsprogs_1.43.8.bb | 17 +++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.43.8.bb b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.43.8.bb index 56abb3b5d3..989d47394b 100644 --- a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.43.8.bb +++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.43.8.bb @@ -75,6 +75,12 @@ do_install_append_class-nativesdk() { e2fsprogs_conf_fixup } +do_install_append_class-target() { + mv ${D}${base_sbindir}/mke2fs ${D}${base_sbindir}/mke2fs.e2fsprogs + mv ${D}${base_sbindir}/mkfs.ext2 ${D}${base_sbindir}/mkfs.ext2.e2fsprogs + mv ${D}${base_sbindir}/tune2fs ${D}${base_sbindir}/tune2fs.e2fsprogs +} + RDEPENDS_e2fsprogs = "e2fsprogs-badblocks" RRECOMMENDS_e2fsprogs = "e2fsprogs-mke2fs e2fsprogs-e2fsck" @@ -83,8 +89,8 @@ PACKAGES =+ "libcomerr libss libe2p libext2fs" FILES_e2fsprogs-resize2fs = "${base_sbindir}/resize2fs*" FILES_e2fsprogs-e2fsck = "${base_sbindir}/e2fsck ${base_sbindir}/fsck.ext*" -FILES_e2fsprogs-mke2fs = "${base_sbindir}/mke2fs ${base_sbindir}/mkfs.ext* ${sysconfdir}/mke2fs.conf" -FILES_e2fsprogs-tune2fs = "${base_sbindir}/tune2fs ${base_sbindir}/e2label" +FILES_e2fsprogs-mke2fs = "${base_sbindir}/mke2fs.e2fsprogs ${base_sbindir}/mkfs.ext* ${sysconfdir}/mke2fs.conf" +FILES_e2fsprogs-tune2fs = "${base_sbindir}/tune2fs.e2fsprogs ${base_sbindir}/e2label" FILES_e2fsprogs-badblocks = "${base_sbindir}/badblocks" FILES_libcomerr = "${base_libdir}/libcom_err.so.*" FILES_libss = "${base_libdir}/libss.so.*" @@ -100,6 +106,13 @@ ALTERNATIVE_TARGET[chattr] = "${base_bindir}/chattr.e2fsprogs" ALTERNATIVE_${PN}-doc = "fsck.8" ALTERNATIVE_LINK_NAME[fsck.8] = "${mandir}/man8/fsck.8" +ALTERNATIVE_${PN}-mke2fs = "mke2fs mkfs.ext2" +ALTERNATIVE_LINK_NAME[mke2fs] = "${base_sbindir}/mke2fs" +ALTERNATIVE_LINK_NAME[mkfs.ext2] = "${base_sbindir}/mkfs.ext2" + +ALTERNATIVE_${PN}-tune2fs = "tune2fs" +ALTERNATIVE_LINK_NAME[tune2fs] = "${base_sbindir}/tune2fs" + RDEPENDS_${PN}-ptest += "${PN} ${PN}-tune2fs coreutils procps bash" do_compile_ptest() { -- 2.16.3 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 2/3] e2fsprogs: Complement update-alternatives scope
On 05/03/2018 03:56 PM, Burton, Ross wrote: > Breaks packaging: > > packages/corei7-64-poky-linux/e2fsprogs/e2fsprogs-mke2fs: FILELIST: removed > "/sbin/mkfs.ext2 /sbin/mke2fs", added "/sbin/mkfs.ext2.e2fsprogs" > packages/corei7-64-poky-linux/e2fsprogs/e2fsprogs-tune2fs: FILELIST: > removed "/sbin/tune2fs" > packages/corei7-64-poky-linux/e2fsprogs/e2fsprogs: PKGSIZE changed from > 419692 to 645500 (+54%) > packages/corei7-64-poky-linux/e2fsprogs/e2fsprogs: FILELIST: added > "/sbin/mke2fs.e2fsprogs /sbin/tune2fs.e2fsprogs" Thanks, submitted v2: http://lists.openembedded.org/pipermail/openembedded-core/2018-May/150468.html With v2 I got: $ buildhistory-diff packages/i586-poky-linux/e2fsprogs/e2fsprogs-mke2fs: FILELIST: removed "/sbin/mkfs.ext2 /sbin/mke2fs", added "/sbin/mkfs.ext2.e2fsprogs /sbin/mke2fs.e2fsprogs" * FILES: removed "/sbin/mke2fs", added "/sbin/mke2fs.e2fsprogs" packages/i586-poky-linux/e2fsprogs/e2fsprogs-mke2fs: RDEPENDS: added "update-alternatives-opkg" packages/i586-poky-linux/e2fsprogs/e2fsprogs-tune2fs: FILELIST: removed "/sbin/tune2fs", added "/sbin/tune2fs.e2fsprogs" * FILES: removed "/sbin/tune2fs", added "/sbin/tune2fs.e2fsprogs" packages/i586-poky-linux/e2fsprogs/e2fsprogs-tune2fs: RDEPENDS: added "update-alternatives-opkg" packages/i586-poky-linux/e2fsprogs/e2fsprogs-mke2fs: pkg_postinst added: @@ -0,0 +1 @@ +#!/bin/sh\nset -e\n\tupdate-alternatives --install /sbin/mke2fs mke2fs /sbin/mke2fs.e2fsprogs 100\n\tupdate-alternatives --install /sbin/mkfs.ext2 mkfs.ext2 /sbin/mkfs.ext2.e2fsprogs 100\n -- packages/i586-poky-linux/e2fsprogs/e2fsprogs-mke2fs: pkg_prerm added: @@ -0,0 +1 @@ +#!/bin/sh\nset -e\n\tupdate-alternatives --remove mke2fs /sbin/mke2fs.e2fsprogs\n\tupdate-alternatives --remove mkfs.ext2 /sbin/mkfs.ext2.e2fsprogs\n -- packages/i586-poky-linux/e2fsprogs/e2fsprogs-tune2fs: pkg_postinst added: @@ -0,0 +1 @@ +#!/bin/sh\nset -e\n\tupdate-alternatives --install /sbin/tune2fs tune2fs /sbin/tune2fs.e2fsprogs 100\n -- packages/i586-poky-linux/e2fsprogs/e2fsprogs-tune2fs: pkg_prerm added: @@ -0,0 +1 @@ +#!/bin/sh\nset -e\n\tupdate-alternatives --remove tune2fs /sbin/tune2fs.e2fsprogs\n -- -Niko -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH v3 2/3] e2fsprogs: Complement update-alternatives scope
Avoid collision of e2fsprogs provided tune2fs, mke2fs and mkfs.ext2 commands with corresponding BusyBox provided applets in case both packages are installed to same rootfs, by adding these commands to update-alternatives scope Signed-off-by: Niko Mauno --- meta/recipes-devtools/e2fsprogs/e2fsprogs_1.43.8.bb | 17 +++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.43.8.bb b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.43.8.bb index 56abb3b5d3..c4739b98c8 100644 --- a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.43.8.bb +++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.43.8.bb @@ -75,6 +75,12 @@ do_install_append_class-nativesdk() { e2fsprogs_conf_fixup } +do_install_append_class-target() { + mv ${D}${base_sbindir}/mke2fs ${D}${base_sbindir}/mke2fs.e2fsprogs + mv ${D}${base_sbindir}/mkfs.ext2 ${D}${base_sbindir}/mkfs.ext2.e2fsprogs + mv ${D}${base_sbindir}/tune2fs ${D}${base_sbindir}/tune2fs.e2fsprogs +} + RDEPENDS_e2fsprogs = "e2fsprogs-badblocks" RRECOMMENDS_e2fsprogs = "e2fsprogs-mke2fs e2fsprogs-e2fsck" @@ -83,8 +89,8 @@ PACKAGES =+ "libcomerr libss libe2p libext2fs" FILES_e2fsprogs-resize2fs = "${base_sbindir}/resize2fs*" FILES_e2fsprogs-e2fsck = "${base_sbindir}/e2fsck ${base_sbindir}/fsck.ext*" -FILES_e2fsprogs-mke2fs = "${base_sbindir}/mke2fs ${base_sbindir}/mkfs.ext* ${sysconfdir}/mke2fs.conf" -FILES_e2fsprogs-tune2fs = "${base_sbindir}/tune2fs ${base_sbindir}/e2label" +FILES_e2fsprogs-mke2fs = "${base_sbindir}/mke2fs.e2fsprogs ${base_sbindir}/mkfs.ext* ${sysconfdir}/mke2fs.conf" +FILES_e2fsprogs-tune2fs = "${base_sbindir}/tune2fs.e2fsprogs ${base_sbindir}/e2label" FILES_e2fsprogs-badblocks = "${base_sbindir}/badblocks" FILES_libcomerr = "${base_libdir}/libcom_err.so.*" FILES_libss = "${base_libdir}/libss.so.*" @@ -100,6 +106,13 @@ ALTERNATIVE_TARGET[chattr] = "${base_bindir}/chattr.e2fsprogs" ALTERNATIVE_${PN}-doc = "fsck.8" ALTERNATIVE_LINK_NAME[fsck.8] = "${mandir}/man8/fsck.8" +ALTERNATIVE_e2fsprogs-mke2fs = "mke2fs mkfs.ext2" +ALTERNATIVE_LINK_NAME[mke2fs] = "${base_sbindir}/mke2fs" +ALTERNATIVE_LINK_NAME[mkfs.ext2] = "${base_sbindir}/mkfs.ext2" + +ALTERNATIVE_e2fsprogs-tune2fs = "tune2fs" +ALTERNATIVE_LINK_NAME[tune2fs] = "${base_sbindir}/tune2fs" + RDEPENDS_${PN}-ptest += "${PN} ${PN}-tune2fs coreutils procps bash" do_compile_ptest() { -- 2.16.3 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 2/3] e2fsprogs: Complement update-alternatives scope
On 05/03/2018 03:56 PM, Burton, Ross wrote: > Breaks packaging: Submitted v3 still in which I changed the added 'ALTERNATIVE_${PN}-...' lines to 'ALTERNATIVE_e2fsprogs-...': http://lists.openembedded.org/pipermail/openembedded-core/2018-May/150471.html -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] cmake: Export SSH_AUTH_SOCK for cmake at configure
Update cmake_do_configure() to export a set SSH_AUTH_SOCK variable before calling cmake. Otherwise, if cmake call during cmake_do_configure() resorts to ExternalProject directive containing a GIT_REPOSITORY entry, and git authentication scheme is based on SSH agent forwarding, it fails followingly | Cloning into 'foo'... | Permission denied (publickey). | fatal: Could not read from remote repository. | | Please make sure you have the correct access rights | and the repository exists. | | ... | | CMake Error at .../tmp/foo-gitclone.cmake:66 (message): | Failed to clone repository: 'ssh://... Signed-off-by: Niko Mauno --- meta/classes/cmake.bbclass | 5 + 1 file changed, 5 insertions(+) diff --git a/meta/classes/cmake.bbclass b/meta/classes/cmake.bbclass index fcfd5dda4f..82d36be8ff 100644 --- a/meta/classes/cmake.bbclass +++ b/meta/classes/cmake.bbclass @@ -137,6 +137,11 @@ cmake_do_configure() { oecmake_sitefile= fi + # Allow cmake to perform eg. git clone in context where authentication relies on SSH agent forwarding + if [ "${SSH_AUTH_SOCK}" ] ; then + export SSH_AUTH_SOCK=${SSH_AUTH_SOCK} + fi + cmake \ ${OECMAKE_GENERATOR_ARGS} \ $oecmake_sitefile \ -- 2.11.0 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] recipes-kernel/linux-libc-headers/linux-libc-headers.inc question
https://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=eb24d4aeacaad9d41ddcbefd8d2ac96e95548183 apparently is needed for 4.15, but it breaks with 4.14 as we get ERROR: linux-libc-headers-4.14-r0 do_install: oe_multilib_header: Unable to find header asm/bpf_perf_event.h. I used following to work this around in our own linux-libc-headers_4.14.bb: do_install_armmultilib_prepend() { touch ${D}${includedir}/asm/bpf_perf_event.h } but curious if somebody could suggest a better mitigation -Niko -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] recipes-kernel/linux-libc-headers/linux-libc-headers.inc question
https://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=eb24d4aeacaad9d41ddcbefd8d2ac96e95548183 apparently is needed for 4.15, but it breaks with 4.14 as we get ERROR: linux-libc-headers-4.14-r0 do_install: oe_multilib_header: Unable to find header asm/bpf_perf_event.h. I used following to work this around in our own linux-libc-headers_4.14.bb: do_install_armmultilib_prepend() { touch ${D}${includedir}/asm/bpf_perf_event.h } but curious if somebody could suggest a better mitigation -Niko -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH] util-linux: make alternatives for rev and ionice work with busybox
On 11/9/18 2:24 AM, Burton, Ross wrote: On Thu, 8 Nov 2018 at 10:58, Pascal Bach wrote: Busybox can provide ionice and rev. They are both installed to /bin The corresponding util-linux variant is installed to /usr/bin This causes the following error during the do_rootfs task: update-alternatives: renaming ionice link from /bin/ionice to /usr/bin/ionice mv: cannot stat '/bin/ionice': No such file or directory Moving the util-linux binaries to /bin avoids this error. Isn't it simpler to just set ALTERNATIVE_LINK_NAME[ionice] = "${base_bindir}/ionice" (so the system knows to use the same symlink for this and busybox) instead of actually moving the binary too? Ross Case being that busybox has ionice and rev under /bin/ whereas util-linux under /usr/bin/, I wonder would the prudent course of action at this point rather be to revert the 'ionice' and 'rev' specific bits that were introduced (along 'cal') in http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/meta/recipes-core/util-linux/util-linux.inc?id=78db831a7b0c2361a266eb37c7cbf2e368d2280a -Niko -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] opkg-utils: Fix update-alternatives link relocation
Recently Debian-style support for link relocation was added to 'update-alternatives' script, but it fails under circumstances where host rootfs root directory differs from target rootfs root directory and two alternative packages provide a symbolic link with source located in different directories. An example of the case is busybox provided /bin/rev (symlinking to /bin/busybox.nosuid) and util-linux provided /usr/bin/rev (symlinking to /usr/bin/rev.util-linux) in which case following failure occurs during image recipe's do_rootfs() task: ERROR: core-image-minimal-1.0-r0 do_rootfs: Postinstall scriptlets of ['util-linux'] have failed. If the intention is to defer them to first boot, then please place them into pkg_postinst_ontarget_${PN} (). Deferring to first boot via 'exit 1' is no longer supported. Details of the failure are in .../tmp/work/qemux86-poky-linux/core-image-minimal/1.0-r0/temp/log.do_rootfs. ERROR: core-image-minimal-1.0-r0 do_rootfs: Function failed: do_rootfs Looking in log.do_rootfs file, following relevant lines can be observed: update-alternatives: renaming rev link from /bin/rev to /usr/bin/rev mv: cannot stat '/bin/rev': No such file or directory Mitigate issue by applying patch which adds target root filesystem root directory path prefix to failing 'mv' calls relevant variable references Signed-off-by: Niko Mauno --- ...rnatives-Fix-link-relocation-support.patch | 40 +++ .../opkg-utils/opkg-utils_0.3.6.bb| 1 + 2 files changed, 41 insertions(+) create mode 100644 meta/recipes-devtools/opkg-utils/opkg-utils/0001-update-alternatives-Fix-link-relocation-support.patch diff --git a/meta/recipes-devtools/opkg-utils/opkg-utils/0001-update-alternatives-Fix-link-relocation-support.patch b/meta/recipes-devtools/opkg-utils/opkg-utils/0001-update-alternatives-Fix-link-relocation-support.patch new file mode 100644 index 00..e1836dbb34 --- /dev/null +++ b/meta/recipes-devtools/opkg-utils/opkg-utils/0001-update-alternatives-Fix-link-relocation-support.patch @@ -0,0 +1,40 @@ +From 18562ccae6996431d37767653b061d4e9e1b9424 Mon Sep 17 00:00:00 2001 +From: Niko Mauno +Date: Sun, 11 Nov 2018 15:50:22 +0200 +Subject: [opkg-utils PATCH] update-alternatives: Fix link relocation support + +Commit fcb2633921eb9bb711aa264247aebcfdd4ae which added Debian-style +support for link relocation tries to relocate symbolic link on host OS, +resulting in following-like error when two alternative packages have +symbolic link source located in different directories (/bin/rev -> +/bin/busybox.nosuid and /usr/bin/rev -> /usr/bin/rev.util-linux): + + update-alternatives: renaming rev link from /bin/rev to /usr/bin/rev + mv: cannot stat '/bin/rev': No such file or directory + +Fix the issue by prefixing 'olink' and 'link' variable references with +path to targeted root filesystem's root directory. + +Upstream-Status: Pending + +Signed-off-by: Niko Mauno +--- + update-alternatives | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/update-alternatives b/update-alternatives +index 89a440b..d4fa7eb 100644 +--- a/update-alternatives b/update-alternatives +@@ -58,7 +58,7 @@ register_alt() { + local link_str=`echo $link | protect_slashes` + sed -e "1s/.*/$link_str/" $ad/$name > $ad/$name.new + mv $ad/$name.new $ad/$name +- mv $olink $link ++ mv $OPKG_OFFLINE_ROOT$olink $OPKG_OFFLINE_ROOT$link + fi + else + echo "$link" > "$ad/$name" +-- +2.19.1 + diff --git a/meta/recipes-devtools/opkg-utils/opkg-utils_0.3.6.bb b/meta/recipes-devtools/opkg-utils/opkg-utils_0.3.6.bb index cb3775d9c9..4c41774c39 100644 --- a/meta/recipes-devtools/opkg-utils/opkg-utils_0.3.6.bb +++ b/meta/recipes-devtools/opkg-utils/opkg-utils_0.3.6.bb @@ -13,6 +13,7 @@ SRC_URI = "http://git.yoctoproject.org/cgit/cgit.cgi/${BPN}/snapshot/${BPN}-${PV file://0002-opkg-build-Use-local-time-for-build_date-since-opkg-.patch \ file://threaded-xz.patch \ file://pigz.patch \ + file://0001-update-alternatives-Fix-link-relocation-support.patch \ " SRC_URI_append_class-native = " file://tar_ignore_error.patch" UPSTREAM_CHECK_URI = "http://git.yoctoproject.org/cgit/cgit.cgi/opkg-utils/refs/"; -- 2.19.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH] util-linux: make alternatives for rev and ionice work with busybox
On 11/9/18 7:36 PM, Niko Mauno wrote: > On 11/9/18 2:24 AM, Burton, Ross wrote: >> On Thu, 8 Nov 2018 at 10:58, Pascal Bach wrote: >>> Busybox can provide ionice and rev. They are both installed to /bin >>> The corresponding util-linux variant is installed to /usr/bin >>> >>> This causes the following error during the do_rootfs task: >>> >>>> update-alternatives: renaming ionice link from /bin/ionice to >>>> /usr/bin/ionice >>>> mv: cannot stat '/bin/ionice': No such file or directory >>> >>> Moving the util-linux binaries to /bin avoids this error. >> >> Isn't it simpler to just set ALTERNATIVE_LINK_NAME[ionice] = >> "${base_bindir}/ionice" (so the system knows to use the same symlink >> for this and busybox) instead of actually moving the binary too? >> >> Ross >> > > Case being that busybox has ionice and rev under /bin/ whereas > util-linux under /usr/bin/, I wonder would the prudent course of action > at this point rather be to revert the 'ionice' and 'rev' specific bits > that were introduced (along 'cal') in > http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/meta/recipes-core/util-linux/util-linux.inc?id=78db831a7b0c2361a266eb37c7cbf2e368d2280a > > > > -Niko I believe I've pinpointed this issue to https://git.yoctoproject.org/cgit/cgit.cgi/opkg-utils/commit/?id=fcb2633921eb9bb711aa264247aebcfdd4ae which added link relocation support to update-alternatives script (it used to error outright in case the new symlink source differed from old one, which deviated from Debian's update-alternatives behaviour). However in the added implementation, handling of case where target rootfs root directory did not match host rootfs root directory (such as in Yocto do_rootfs context) the 'mv' call tried to relocate the symlink on host rootfs rather than target rootfs resulting in 'cannot stat' error. I submitted a patch a moment ago to opkg-utils upstream, as well as oe-core patch to opkg-utils recipe (just in case the former takes time to propagate to Yocto): https://lists.yoctoproject.org/pipermail/yocto/2018-November/043249.html http://lists.openembedded.org/pipermail/openembedded-core/2018-November/275959.html -Niko -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH v2] opkg-utils: Fix update-alternatives link relocation
Recently Debian-style support for link relocation was added to 'update-alternatives' script, but it fails under circumstances where host rootfs root directory differs from target rootfs root directory and two alternative packages provide a symbolic link with source located in different directories. An example of the case is busybox provided /bin/rev (symlinking to /bin/busybox.nosuid) and util-linux provided /usr/bin/rev (symlinking to /usr/bin/rev.util-linux) in which case following failure occurs during image recipe's do_rootfs() task: ERROR: core-image-minimal-1.0-r0 do_rootfs: Postinstall scriptlets of ['util-linux'] have failed. If the intention is to defer them to first boot, then please place them into pkg_postinst_ontarget_${PN} (). Deferring to first boot via 'exit 1' is no longer supported. Details of the failure are in .../tmp/work/qemux86-poky-linux/core-image-minimal/1.0-r0/temp/log.do_rootfs. ERROR: core-image-minimal-1.0-r0 do_rootfs: Function failed: do_rootfs Looking in log.do_rootfs file, following relevant lines can be observed: update-alternatives: renaming rev link from /bin/rev to /usr/bin/rev mv: cannot stat '/bin/rev': No such file or directory Mitigate issue by applying patch which adds target root filesystem root directory path prefix to failing 'mv' calls relevant variable references Signed-off-by: Niko Mauno --- ...rnatives-Fix-link-relocation-support.patch | 40 +++ .../opkg-utils/opkg-utils_0.3.6.bb| 1 + 2 files changed, 41 insertions(+) create mode 100644 meta/recipes-devtools/opkg-utils/opkg-utils/0001-update-alternatives-Fix-link-relocation-support.patch diff --git a/meta/recipes-devtools/opkg-utils/opkg-utils/0001-update-alternatives-Fix-link-relocation-support.patch b/meta/recipes-devtools/opkg-utils/opkg-utils/0001-update-alternatives-Fix-link-relocation-support.patch new file mode 100644 index 00..9dc488b7aa --- /dev/null +++ b/meta/recipes-devtools/opkg-utils/opkg-utils/0001-update-alternatives-Fix-link-relocation-support.patch @@ -0,0 +1,40 @@ +From 18562ccae6996431d37767653b061d4e9e1b9424 Mon Sep 17 00:00:00 2001 +From: Niko Mauno +Date: Sun, 11 Nov 2018 15:50:22 +0200 +Subject: [opkg-utils PATCH] update-alternatives: Fix link relocation support + +Commit fcb2633921eb9bb711aa264247aebcfdd4ae which added Debian-style +support for link relocation tries to relocate symbolic link on host OS, +resulting in following-like error when two alternative packages have +symbolic link source located in different directories (/bin/rev -> +/bin/busybox.nosuid and /usr/bin/rev -> /usr/bin/rev.util-linux): + + update-alternatives: renaming rev link from /bin/rev to /usr/bin/rev + mv: cannot stat '/bin/rev': No such file or directory + +Fix the issue by prefixing 'olink' and 'link' variable references with +path to targeted root filesystem's root directory. + +Upstream-Status: Submitted [opkg-utils] + +Signed-off-by: Niko Mauno +--- + update-alternatives | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/update-alternatives b/update-alternatives +index 89a440b..d4fa7eb 100644 +--- a/update-alternatives b/update-alternatives +@@ -58,7 +58,7 @@ register_alt() { + local link_str=`echo $link | protect_slashes` + sed -e "1s/.*/$link_str/" $ad/$name > $ad/$name.new + mv $ad/$name.new $ad/$name +- mv $olink $link ++ mv $OPKG_OFFLINE_ROOT$olink $OPKG_OFFLINE_ROOT$link + fi + else + echo "$link" > "$ad/$name" +-- +2.19.1 + diff --git a/meta/recipes-devtools/opkg-utils/opkg-utils_0.3.6.bb b/meta/recipes-devtools/opkg-utils/opkg-utils_0.3.6.bb index cb3775d9c9..4c41774c39 100644 --- a/meta/recipes-devtools/opkg-utils/opkg-utils_0.3.6.bb +++ b/meta/recipes-devtools/opkg-utils/opkg-utils_0.3.6.bb @@ -13,6 +13,7 @@ SRC_URI = "http://git.yoctoproject.org/cgit/cgit.cgi/${BPN}/snapshot/${BPN}-${PV file://0002-opkg-build-Use-local-time-for-build_date-since-opkg-.patch \ file://threaded-xz.patch \ file://pigz.patch \ + file://0001-update-alternatives-Fix-link-relocation-support.patch \ " SRC_URI_append_class-native = " file://tar_ignore_error.patch" UPSTREAM_CHECK_URI = "http://git.yoctoproject.org/cgit/cgit.cgi/opkg-utils/refs/"; -- 2.19.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH] opkg-utils: Fix update-alternatives link relocation
On 11/12/18 12:55 PM, Burton, Ross wrote: > On Sun, 11 Nov 2018 at 15:44, Niko Mauno wrote: >> +Upstream-Status: Pending > > I saw you post this to yocto@, so this is definitely Submitted. Thanks, submitted v2 in which I corrected this to Upstream-Status: Submitted [opkg-utils] -Niko -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [zeus][PATCH 1/3] iptables: Cosmetic fixes to recipe
Introduce cosmetic changes to recipe content, most notably - Change indentation style to four spaces in task statements - Reorder several entries according to oe-stylize.py suggestions (From OE-Core rev: c1d162b6165f11b7b5ae5c6066e7683d5e1379fc) Signed-off-by: Niko Mauno Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- .../iptables/iptables_1.8.3.bb| 60 +-- 1 file changed, 29 insertions(+), 31 deletions(-) diff --git a/meta/recipes-extended/iptables/iptables_1.8.3.bb b/meta/recipes-extended/iptables/iptables_1.8.3.bb index ff9fcb1b53..563c8ae354 100644 --- a/meta/recipes-extended/iptables/iptables_1.8.3.bb +++ b/meta/recipes-extended/iptables/iptables_1.8.3.bb @@ -4,8 +4,9 @@ filtering code in Linux." HOMEPAGE = "http://www.netfilter.org/"; BUGTRACKER = "http://bugzilla.netfilter.org/"; LICENSE = "GPLv2+" -LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263\ - file://iptables/iptables.c;beginline=13;endline=25;md5=c5cffd09974558cf27d0f763df2a12dc" +LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ + file://iptables/iptables.c;beginline=13;endline=25;md5=c5cffd09974558cf27d0f763df2a12dc \ +" SRC_URI = "http://netfilter.org/projects/iptables/files/iptables-${PV}.tar.bz2 \ file://0001-configure-Add-option-to-enable-disable-libnfnetlink.patch \ @@ -13,16 +14,16 @@ SRC_URI = "http://netfilter.org/projects/iptables/files/iptables-${PV}.tar.bz2 \ file://iptables.service \ file://iptables.rules \ " - SRC_URI[md5sum] = "29de711d15c040c402cf3038c69ff513" SRC_URI[sha256sum] = "a23cac034181206b4545f4e7e730e76e08b5f3dd78771ba9645a6756de9cdd80" +SYSTEMD_SERVICE_${PN} = "iptables.service" + inherit autotools pkgconfig systemd EXTRA_OECONF = "--with-kernel=${STAGING_INCDIR}" PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}" - PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," # libnfnetlink recipe is in meta-networking layer @@ -32,9 +33,19 @@ PACKAGECONFIG[libnfnetlink] = "--enable-libnfnetlink,--disable-libnfnetlink,libn PACKAGECONFIG[libnftnl] = "--enable-nftables,--disable-nftables,libnftnl" do_configure_prepend() { - # Remove some libtool m4 files - # Keep ax_check_linker_flags.m4 which belongs to autoconf-archive. - rm -f libtool.m4 lt~obsolete.m4 ltoptions.m4 ltsugar.m4 ltversion.m4 +# Remove some libtool m4 files +# Keep ax_check_linker_flags.m4 which belongs to autoconf-archive. +rm -f libtool.m4 lt~obsolete.m4 ltoptions.m4 ltsugar.m4 ltversion.m4 +} + +do_install_append() { +install -d ${D}${sysconfdir}/iptables +install -m 0644 ${WORKDIR}/iptables.rules ${D}${sysconfdir}/iptables + +install -d ${D}${systemd_system_unitdir} +install -m 0644 ${WORKDIR}/iptables.service ${D}${systemd_system_unitdir} + +sed -i -e 's,@SBINDIR@,${sbindir},g' ${D}${systemd_system_unitdir}/iptables.service } PACKAGES += "${PN}-modules" @@ -47,30 +58,6 @@ python populate_packages_prepend() { d.appendVar('RDEPENDS_' + metapkg, ' ' + ' '.join(modules)) } -FILES_${PN} += "${datadir}/xtables" - -# Include the symlinks as well in respective packages -FILES_${PN}-module-xt-conntrack += "${libdir}/xtables/libxt_state.so" -FILES_${PN}-module-xt-ct += "${libdir}/xtables/libxt_NOTRACK.so" - -INSANE_SKIP_${PN}-module-xt-conntrack = "dev-so" -INSANE_SKIP_${PN}-module-xt-ct = "dev-so" - -ALLOW_EMPTY_${PN}-modules = "1" - -do_install_append() { - -install -d ${D}${sysconfdir}/iptables -install -m 0644 ${WORKDIR}/iptables.rules ${D}${sysconfdir}/iptables - -install -d ${D}${systemd_system_unitdir} -install -m 0644 ${WORKDIR}/iptables.service ${D}${systemd_system_unitdir} - - sed -i -e 's,@SBINDIR@,${sbindir},g' ${D}${systemd_system_unitdir}/iptables.service -} - -SYSTEMD_SERVICE_${PN} = "iptables.service" - RDEPENDS_${PN} = "${PN}-module-xt-standard" RRECOMMENDS_${PN} = " \ ${PN}-modules \ @@ -84,3 +71,14 @@ RRECOMMENDS_${PN} = " \ kernel-module-nf-nat \ kernel-module-ipt-masquerade \ " + +FILES_${PN} += "${datadir}/xtables" + +# Include the symlinks as well in respective packages +FILES_${PN}-module-xt-conntrack += "${libdir}/xtables/libxt_state.so" +FILES_${PN}-module-xt-ct += "${libdir}/xtables/libxt_NOTRACK.so" + +ALLOW_EMPTY_${PN}-modules = "1" + +INSANE_SKIP_${PN}-module-xt-conntrack = "dev-so" +INSANE_SKIP_${PN}-module-xt-ct = "dev-so" -- 2.20.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [zeus][PATCH 2/3] iptables: Allow overriding rules file location
In some cases a distribution may want to install rules file into a location other than /etc/iptables/ so introduce custom recipe-level IPTABLES_RULES_DIR parameter which allows conveniently overriding the rules directory location. (From OE-Core rev: 64eeedcdc586c221e3684861ba85e8e4bc9c5dd1) Signed-off-by: Niko Mauno Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- .../iptables/iptables/iptables.service| 4 ++-- meta/recipes-extended/iptables/iptables_1.8.3.bb | 11 --- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/meta/recipes-extended/iptables/iptables/iptables.service b/meta/recipes-extended/iptables/iptables/iptables.service index 041316e457..5a8aa3f298 100644 --- a/meta/recipes-extended/iptables/iptables/iptables.service +++ b/meta/recipes-extended/iptables/iptables/iptables.service @@ -5,8 +5,8 @@ Wants=network-pre.target [Service] Type=oneshot -ExecStart=@SBINDIR@/iptables-restore /etc/iptables/iptables.rules -ExecReload=@SBINDIR@/iptables-restore /etc/iptables/iptables.rules +ExecStart=@SBINDIR@/iptables-restore @RULESDIR@/iptables.rules +ExecReload=@SBINDIR@/iptables-restore @RULESDIR@/iptables.rules RemainAfterExit=yes [Install] diff --git a/meta/recipes-extended/iptables/iptables_1.8.3.bb b/meta/recipes-extended/iptables/iptables_1.8.3.bb index 563c8ae354..73680207b4 100644 --- a/meta/recipes-extended/iptables/iptables_1.8.3.bb +++ b/meta/recipes-extended/iptables/iptables_1.8.3.bb @@ -38,14 +38,19 @@ do_configure_prepend() { rm -f libtool.m4 lt~obsolete.m4 ltoptions.m4 ltsugar.m4 ltversion.m4 } +IPTABLES_RULES_DIR ?= "${sysconfdir}/${BPN}" + do_install_append() { -install -d ${D}${sysconfdir}/iptables -install -m 0644 ${WORKDIR}/iptables.rules ${D}${sysconfdir}/iptables +install -d ${D}${IPTABLES_RULES_DIR} +install -m 0644 ${WORKDIR}/iptables.rules ${D}${IPTABLES_RULES_DIR} install -d ${D}${systemd_system_unitdir} install -m 0644 ${WORKDIR}/iptables.service ${D}${systemd_system_unitdir} -sed -i -e 's,@SBINDIR@,${sbindir},g' ${D}${systemd_system_unitdir}/iptables.service +sed -i \ +-e 's,@SBINDIR@,${sbindir},g' \ +-e 's,@RULESDIR@,${IPTABLES_RULES_DIR},g' \ +${D}${systemd_system_unitdir}/iptables.service } PACKAGES += "${PN}-modules" -- 2.20.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [zeus][PATCH 3/3] iptables: Add systemd helper unit for IPv6 too
Commit bc66b2f45ade2c63cfd14d5388f6ca0905a23bb0 added systemd helper unit for automatic IPv4 rule loading. Complement the effort by adding systemd helper unit also for automatic IPv6 rule loading. (From OE-Core rev: 3b8df6b6aba3632de7c3c01c8468fbcedb032493) Signed-off-by: Niko Mauno Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- .../iptables/iptables/ip6tables.rules | 0 .../iptables/iptables/ip6tables.service | 13 .../iptables/iptables/iptables.service| 6 +++--- .../iptables/iptables_1.8.3.bb| 21 ++- 4 files changed, 36 insertions(+), 4 deletions(-) create mode 100644 meta/recipes-extended/iptables/iptables/ip6tables.rules create mode 100644 meta/recipes-extended/iptables/iptables/ip6tables.service diff --git a/meta/recipes-extended/iptables/iptables/ip6tables.rules b/meta/recipes-extended/iptables/iptables/ip6tables.rules new file mode 100644 index 00..e69de29bb2 diff --git a/meta/recipes-extended/iptables/iptables/ip6tables.service b/meta/recipes-extended/iptables/iptables/ip6tables.service new file mode 100644 index 00..6c059fca49 --- /dev/null +++ b/meta/recipes-extended/iptables/iptables/ip6tables.service @@ -0,0 +1,13 @@ +[Unit] +Description=IPv6 Packet Filtering Framework +Before=network-pre.target +Wants=network-pre.target + +[Service] +Type=oneshot +ExecStart=@SBINDIR@/ip6tables-restore -w -- @RULESDIR@/ip6tables.rules +ExecReload=@SBINDIR@/ip6tables-restore -w -- @RULESDIR@/ip6tables.rules +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target diff --git a/meta/recipes-extended/iptables/iptables/iptables.service b/meta/recipes-extended/iptables/iptables/iptables.service index 5a8aa3f298..0eb3c343de 100644 --- a/meta/recipes-extended/iptables/iptables/iptables.service +++ b/meta/recipes-extended/iptables/iptables/iptables.service @@ -1,12 +1,12 @@ [Unit] -Description=Packet Filtering Framework +Description=IPv4 Packet Filtering Framework Before=network-pre.target Wants=network-pre.target [Service] Type=oneshot -ExecStart=@SBINDIR@/iptables-restore @RULESDIR@/iptables.rules -ExecReload=@SBINDIR@/iptables-restore @RULESDIR@/iptables.rules +ExecStart=@SBINDIR@/iptables-restore -w -- @RULESDIR@/iptables.rules +ExecReload=@SBINDIR@/iptables-restore -w -- @RULESDIR@/iptables.rules RemainAfterExit=yes [Install] diff --git a/meta/recipes-extended/iptables/iptables_1.8.3.bb b/meta/recipes-extended/iptables/iptables_1.8.3.bb index 73680207b4..96d195d9d0 100644 --- a/meta/recipes-extended/iptables/iptables_1.8.3.bb +++ b/meta/recipes-extended/iptables/iptables_1.8.3.bb @@ -13,11 +13,16 @@ SRC_URI = "http://netfilter.org/projects/iptables/files/iptables-${PV}.tar.bz2 \ file://0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch \ file://iptables.service \ file://iptables.rules \ + file://ip6tables.service \ + file://ip6tables.rules \ " SRC_URI[md5sum] = "29de711d15c040c402cf3038c69ff513" SRC_URI[sha256sum] = "a23cac034181206b4545f4e7e730e76e08b5f3dd78771ba9645a6756de9cdd80" -SYSTEMD_SERVICE_${PN} = "iptables.service" +SYSTEMD_SERVICE_${PN} = "\ +iptables.service \ +${@bb.utils.contains('PACKAGECONFIG', 'ipv6', 'ip6tables.service', '', d)} \ +" inherit autotools pkgconfig systemd @@ -51,6 +56,16 @@ do_install_append() { -e 's,@SBINDIR@,${sbindir},g' \ -e 's,@RULESDIR@,${IPTABLES_RULES_DIR},g' \ ${D}${systemd_system_unitdir}/iptables.service + +if ${@bb.utils.contains('PACKAGECONFIG', 'ipv6', 'true', 'false', d)} ; then +install -m 0644 ${WORKDIR}/ip6tables.rules ${D}${IPTABLES_RULES_DIR} +install -m 0644 ${WORKDIR}/ip6tables.service ${D}${systemd_system_unitdir} + +sed -i \ +-e 's,@SBINDIR@,${sbindir},g' \ +-e 's,@RULESDIR@,${IPTABLES_RULES_DIR},g' \ +${D}${systemd_system_unitdir}/ip6tables.service +fi } PACKAGES += "${PN}-modules" @@ -75,6 +90,10 @@ RRECOMMENDS_${PN} = " \ kernel-module-nf-conntrack-ipv4 \ kernel-module-nf-nat \ kernel-module-ipt-masquerade \ +${@bb.utils.contains('PACKAGECONFIG', 'ipv6', '\ +kernel-module-ip6table-filter \ +kernel-module-ip6-tables \ +', '', d)} \ " FILES_${PN} += "${datadir}/xtables" -- 2.20.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] cve-check: Switch to NVD CVE JSON feed version 1.1
Switch to recently released version 1.1 of NVD CVE JSON feed, as in https://nvd.nist.gov/General/News/JSON-1-1-Vulnerability-Feed-Release it is mentioned that Due to changes required to support CVSS v3.1 scoring, the JSON vulnerability feeds must be modified. This will require the consumers of this data to update their internal processes. We will be providing the JSON 1.1 schema on the data feeds page and the information below to prepare for this transition. ... The JSON 1.1 data feeds will be available on September 9th, 2019. At that time the current JSON 1.0 data feeds will no longer available. This change was tested briefly by issuing 'bitbake core-image-minimal' with 'cve-check.bbclass' inherited via local.conf, and then comparing the content between the resulting two 'DEPLOY_DIR_IMAGE/core-image-minimal-qemux86.cve' files, which did not seem to contain any other change, except total of 167 entries like CVSS v3 BASE SCORE: 0.0 were replaced with similar 'CVSS v3 BASE SCORE:' entries which had scores that were greater than '0.0' (up to '9.8'). Signed-off-by: Niko Mauno --- meta/classes/cve-check.bbclass | 2 +- meta/recipes-core/meta/cve-update-db-native.bb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 19ed5548b3..01b3637469 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -26,7 +26,7 @@ CVE_PRODUCT ??= "${BPN}" CVE_VERSION ??= "${PV}" CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK" -CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.0.db" +CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.1.db" CVE_CHECK_LOG ?= "${T}/cve.log" CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check" diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index db1d69a28e..575254af40 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb @@ -27,7 +27,7 @@ python do_populate_cve_db() { bb.utils.export_proxies(d) -BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-"; +BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-"; YEAR_START = 2002 db_file = d.getVar("CVE_CHECK_DB_FILE") -- 2.20.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [thud-next][PATCH 01/11] cve-check: backport rewrite from master
From: Ross Burton As detailed at [1] the XML feeds provided by NIST are being discontinued on October 9th 2019. As cve-check-tool uses these feeds, cve-check.bbclass will be inoperable after this date. To ensure that cve-check continues working, backport the following commits from master to move away from the unmaintained cve-check-tool to our own Python code that fetches the JSON: 546d14135c5 cve-update-db: New recipe to update CVE database bc144b028f6 cve-check: Remove dependency to cve-check-tool-native 7f62a20b32a cve-check: Manage CVE_PRODUCT with more than one name 3bf63bc6084 cve-check: Consider CVE that affects versions with less than operator c0eabd30d7b cve-update-db: Use std library instead of urllib3 27eb839ee65 cve-check: be idiomatic 09be21f4d17 cve-update-db: Manage proxy if needed. 975793e3825 cve-update-db: do_populate_cve_db depends on do_fetch 0325dd72714 cve-update-db: Catch request.urlopen errors. 4078da92b49 cve-check: Depends on cve-update-db-native f7676e9a38d cve-update-db: Use NVD CPE data to populate PRODUCTS table bc0195be1b1 cve-check: Update unpatched CVE matching c807c2a6409 cve-update-db-native: Skip recipe when cve-check class is not loaded. 07bb8b25e17 cve-check: remove redundant readline CVE whitelisting 5388ed6d137 cve-check-tool: remove 270ac00cb43 cve-check.bbclass: initialize to_append e6bf9000987 cve-check: allow comparison of Vendor as well as Product 91770338f76 cve-update-db-native: use SQL placeholders instead of format strings 7069302a4cc cve-check: Replace CVE_CHECK_CVE_WHITELIST by CVE_CHECK_WHITELIST 78de2cb39d7 cve-update-db-native: Remove hash column from database. 4b301030cf9 cve-update-db-native: use os.path.join instead of + f0d822fad2a cve-update-db: actually inherit native b309840b6aa cve-update-db-native: use executemany() to optimise CPE insertion bb4e53af33d cve-update-db-native: improve metadata parsing 94227459792 cve-update-db-native: clean up JSON fetching 95438d52b73 cve-update-db-native: fix https proxy issues 1f9a963b9ff glibc: exclude child recipes from CVE scanning [1] https://nvd.nist.gov/General/News/XML-Vulnerability-Feed-Retirement (From OE-Core rev: 8c87e78547c598cada1bce92e7b25d85b994e2eb) Signed-off-by: Ross Burton Signed-off-by: Armin Kuster Signed-off-by: Richard Purdie --- meta/classes/cve-check.bbclass| 142 +++- meta/conf/distro/include/maintainers.inc | 1 + meta/recipes-core/glibc/glibc-locale.inc | 3 + meta/recipes-core/glibc/glibc-mtrace.inc | 3 + meta/recipes-core/glibc/glibc-scripts.inc | 3 + .../recipes-core/meta/cve-update-db-native.bb | 195 .../cve-check-tool/cve-check-tool_5.6.4.bb| 62 - ...x-freeing-memory-allocated-by-sqlite.patch | 50 ...erriding-default-CA-certificate-file.patch | 215 -- ...s-in-percent-when-downloading-CVE-db.patch | 135 --- ...omputed-vs-expected-sha256-digit-str.patch | 52 - ...heck-for-malloc_trim-before-using-it.patch | 51 - 12 files changed, 292 insertions(+), 620 deletions(-) create mode 100644 meta/recipes-core/meta/cve-update-db-native.bb delete mode 100644 meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb delete mode 100644 meta/recipes-devtools/cve-check-tool/files/0001-Fix-freeing-memory-allocated-by-sqlite.patch delete mode 100644 meta/recipes-devtools/cve-check-tool/files/0001-curl-allow-overriding-default-CA-certificate-file.patch delete mode 100644 meta/recipes-devtools/cve-check-tool/files/0001-print-progress-in-percent-when-downloading-CVE-db.patch delete mode 100644 meta/recipes-devtools/cve-check-tool/files/0001-update-Compare-computed-vs-expected-sha256-digit-str.patch delete mode 100644 meta/recipes-devtools/cve-check-tool/files/check-for-malloc_trim-before-using-it.patch diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 743bc08a4f..c00d2910be 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -26,7 +26,7 @@ CVE_PRODUCT ??= "${BPN}" CVE_VERSION ??= "${PV}" CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK" -CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvd.db" +CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.0.db" CVE_CHECK_LOG ?= "${T}/cve.log" CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check" @@ -37,32 +37,33 @@ CVE_CHECK_COPY_FILES ??= "1" CVE_CHECK_CREATE_MANIFEST ??= "1" # Whitelist for packages (PN) -CVE_CHECK_PN_WHITELIST = "\ -glibc-locale \ -" +CVE_CHECK_PN_WHITELIST ?= "" -# Whitelist for CVE and version of package -CVE_CHECK_CVE_WHITELIST = "{\ -'CVE-2014-2524': ('6.3','5.2',), \ -}" +# Whitelist for CVE. If a CVE is found, then it is considered patched. +# The value is a string containing space separated CVE values: +# +# CVE_CHECK_WHITELIST = 'CVE-2014-2524 CVE-2018-1234' +# +CVE_CHECK_WHITELIST ?= "" python do_cve_check () { """ Check recipe for patched and unpatched CVEs """ -if os.path.exists(d.getVar("
[OE-core] [thud-next][PATCH 02/11] cve-check: ensure all known CVEs are in the report
From: Ross Burton CVEs that are whitelisted or were not vulnerable when there are version comparisons were not included in the report, so alter the logic to ensure that all relevant CVEs are in the report for completeness. (From OE-Core rev: 98256ff05fcfe9d5ccad360582c36eafb577c264) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- meta/classes/cve-check.bbclass | 9 +++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index c00d2910be..f87bcc9dc6 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -208,12 +208,14 @@ def check_cves(d, patched_cves): if cve in cve_whitelist: bb.note("%s-%s has been whitelisted for %s" % (product, pv, cve)) +# TODO: this should be in the report as 'whitelisted' +patched_cves.add(cve) elif cve in patched_cves: bb.note("%s has been patched" % (cve)) else: to_append = False if (operator_start == '=' and pv == version_start): -cves_unpatched.append(cve) +to_append = True else: if operator_start: try: @@ -243,8 +245,11 @@ def check_cves(d, patched_cves): to_append = to_append_start or to_append_end if to_append: +bb.note("%s-%s is vulnerable to %s" % (product, pv, cve)) cves_unpatched.append(cve) -bb.debug(2, "%s-%s is not patched for %s" % (product, pv, cve)) +else: +bb.note("%s-%s is not vulnerable to %s" % (product, pv, cve)) +patched_cves.add(cve) conn.close() return (list(patched_cves), cves_unpatched) -- 2.20.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [thud-next][PATCH 03/11] cve-check: failure to parse versions should be more visible
From: Ross Burton Signed-off-by: Richard Purdie --- meta/classes/cve-check.bbclass | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index f87bcc9dc6..1c8b2223a2 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -222,7 +222,7 @@ def check_cves(d, patched_cves): to_append_start = (operator_start == '>=' and LooseVersion(pv) >= LooseVersion(version_start)) to_append_start |= (operator_start == '>' and LooseVersion(pv) > LooseVersion(version_start)) except: -bb.note("%s: Failed to compare %s %s %s for %s" % +bb.warn("%s: Failed to compare %s %s %s for %s" % (product, pv, operator_start, version_start, cve)) to_append_start = False else: @@ -233,7 +233,7 @@ def check_cves(d, patched_cves): to_append_end = (operator_end == '<=' and LooseVersion(pv) <= LooseVersion(version_end)) to_append_end |= (operator_end == '<' and LooseVersion(pv) < LooseVersion(version_end)) except: -bb.note("%s: Failed to compare %s %s %s for %s" % +bb.warn("%s: Failed to compare %s %s %s for %s" % (product, pv, operator_end, version_end, cve)) to_append_end = False else: -- 2.20.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [thud-next][PATCH 05/11] cve-update-db-native: don't refresh more than once an hour
From: Ross Burton We already fetch the yearly CVE metadata and check that for updates before downloading the full data, but we can speed up CVE checking further by only checking the CVE metadata once an hour. (From OE-Core rev: 50d898fd360c58fe85460517d965f62b7654771a) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- meta/recipes-core/meta/cve-update-db-native.bb | 10 +- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index 2c427a5884..19875a49b1 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb @@ -31,8 +31,16 @@ python do_populate_cve_db() { db_dir = os.path.join(d.getVar("DL_DIR"), 'CVE_CHECK') db_file = os.path.join(db_dir, 'nvdcve_1.0.db') json_tmpfile = os.path.join(db_dir, 'nvd.json.gz') -proxy = d.getVar("https_proxy") +# Don't refresh the database more than once an hour +try: +import time +if time.time() - os.path.getmtime(db_file) < (60*60): +return +except OSError: +pass + +proxy = d.getVar("https_proxy") if proxy: # instantiate an opener but do not install it as the global # opener unless if we're really sure it's applicable for all -- 2.20.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [thud-next][PATCH 04/11] cve-check: we don't actually need to unpack to check
From: Ross Burton The patch scanner works with patch files in the layer, not in the workdir, so it doesn't need to unpack. (From OE-Core rev: 2cba6ada970deb5156e1ba0182f4f372851e3c17) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- meta/classes/cve-check.bbclass | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 1c8b2223a2..3326944d79 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -62,7 +62,7 @@ python do_cve_check () { } -addtask cve_check after do_unpack before do_build +addtask cve_check before do_build do_cve_check[depends] = "cve-update-db-native:do_populate_cve_db" do_cve_check[nostamp] = "1" @@ -70,7 +70,6 @@ python cve_check_cleanup () { """ Delete the file used to gather all the CVE information. """ - bb.utils.remove(e.data.getVar("CVE_CHECK_TMP_FILE")) } -- 2.20.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [thud-next][PATCH 06/11] cve-update-db-native: don't hardcode the database name
From: Ross Burton Don't hardcode the database filename, there's a variable for this in cve-check.bbclass. (From OE-Core rev: 0d188a9dc4ae64c64cd661e9d9c3841e86f226ab) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- meta/recipes-core/meta/cve-update-db-native.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index 19875a49b1..c15534de08 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb @@ -28,8 +28,8 @@ python do_populate_cve_db() { BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-"; YEAR_START = 2002 -db_dir = os.path.join(d.getVar("DL_DIR"), 'CVE_CHECK') -db_file = os.path.join(db_dir, 'nvdcve_1.0.db') +db_file = d.getVar("CVE_CHECK_DB_FILE") +db_dir = os.path.dirname(db_file) json_tmpfile = os.path.join(db_dir, 'nvd.json.gz') # Don't refresh the database more than once an hour -- 2.20.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [thud-next][PATCH 09/11] cve-check: rewrite look to fix false negatives
From: Ross Burton A previous optimisation was premature and resulted in false-negatives in the report. Rewrite the checking algorithm to first get the list of potential CVEs by vendor:product, then iterate through every matching CPE for that CVE to determine if the bounds match or not. By doing this in two stages we can know if we've checked every CPE, instead of accidentally breaking out of the scan too early. (From OE-Core rev: d61aff9e22704ad69df1f7ab0f8784f4e7cc0c69) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- meta/classes/cve-check.bbclass | 63 ++ 1 file changed, 34 insertions(+), 29 deletions(-) diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 3326944d79..c1cbdbde7b 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -165,7 +165,6 @@ def check_cves(d, patched_cves): """ Connect to the NVD database and find unpatched cves. """ -import ast, csv, tempfile, subprocess, io from distutils.version import LooseVersion cves_unpatched = [] @@ -187,68 +186,74 @@ def check_cves(d, patched_cves): cve_whitelist = d.getVar("CVE_CHECK_WHITELIST").split() import sqlite3 -db_file = d.getVar("CVE_CHECK_DB_FILE") -conn = sqlite3.connect(db_file) +db_file = d.expand("file:${CVE_CHECK_DB_FILE}?mode=ro") +conn = sqlite3.connect(db_file, uri=True) +# For each of the known product names (e.g. curl has CPEs using curl and libcurl)... for product in products: -c = conn.cursor() if ":" in product: vendor, product = product.split(":", 1) -c.execute("SELECT * FROM PRODUCTS WHERE PRODUCT IS ? AND VENDOR IS ?", (product, vendor)) else: -c.execute("SELECT * FROM PRODUCTS WHERE PRODUCT IS ?", (product,)) +vendor = "%" -for row in c: -cve = row[0] -version_start = row[3] -operator_start = row[4] -version_end = row[5] -operator_end = row[6] +# Find all relevant CVE IDs. +for cverow in conn.execute("SELECT DISTINCT ID FROM PRODUCTS WHERE PRODUCT IS ? AND VENDOR LIKE ?", (product, vendor)): +cve = cverow[0] if cve in cve_whitelist: bb.note("%s-%s has been whitelisted for %s" % (product, pv, cve)) # TODO: this should be in the report as 'whitelisted' patched_cves.add(cve) +continue elif cve in patched_cves: bb.note("%s has been patched" % (cve)) -else: -to_append = False +continue + +vulnerable = False +for row in conn.execute("SELECT * FROM PRODUCTS WHERE ID IS ? AND PRODUCT IS ? AND VENDOR LIKE ?", (cve, product, vendor)): +(_, _, _, version_start, operator_start, version_end, operator_end) = row +#bb.debug(2, "Evaluating row " + str(row)) + if (operator_start == '=' and pv == version_start): -to_append = True +vulnerable = True else: if operator_start: try: -to_append_start = (operator_start == '>=' and LooseVersion(pv) >= LooseVersion(version_start)) -to_append_start |= (operator_start == '>' and LooseVersion(pv) > LooseVersion(version_start)) +vulnerable_start = (operator_start == '>=' and LooseVersion(pv) >= LooseVersion(version_start)) +vulnerable_start |= (operator_start == '>' and LooseVersion(pv) > LooseVersion(version_start)) except: bb.warn("%s: Failed to compare %s %s %s for %s" % (product, pv, operator_start, version_start, cve)) -to_append_start = False +vulnerable_start = False else: -to_append_start = False +vulnerable_start = False if operator_end: try: -to_append_end = (operator_end == '<=' and LooseVersion(pv) <= LooseVersion(version_end)) -to_append_end |= (operator_end == '<' and LooseVersion(pv) < LooseVersion(version_end)) +vulnerable_end = (operator_end == '<=' and LooseVersion(pv) <= LooseVersion(version_end)) +vulnerable_end |= (operator_end == '<' and LooseVersion(pv) < LooseVersion(version_end)) except: bb.warn("%s: Failed to compare %s %s %s for %s" % (product, pv, operator_end, version_end, cve)) -to_appe
[OE-core] [thud-next][PATCH 07/11] cve-update-db-native: add an index on the CVE ID column
From: Ross Burton Create an index on the PRODUCTS table which contains a row for each CPE, drastically increasing the performance of lookups for a specific CVE. (From OE-Core rev: b4048b05b3a00d85c40d09961f846eadcebd812e) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- meta/recipes-core/meta/cve-update-db-native.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index c15534de08..08b18f064f 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb @@ -120,11 +120,14 @@ python do_populate_cve_db() { def initialize_db(c): c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)") + c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \ SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT)") + c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \ VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \ VERSION_END TEXT, OPERATOR_END TEXT)") +c.execute("CREATE INDEX IF NOT EXISTS PRODUCT_ID_IDX on PRODUCTS(ID);") def parse_node_and_insert(c, node, cveId): # Parse children node if needed -- 2.20.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [thud-next][PATCH 08/11] cve-update-db-native: clean up proxy handling
From: Ross Burton urllib handles adding proxy handlers if the proxies are set in the environment, so call bb.utils.export_proxies() to do that and remove the manual setup. (From OE-Core rev: 6b73004668b3b71c9c38814b79fbb58c893ed434) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- .../recipes-core/meta/cve-update-db-native.bb | 31 +++ 1 file changed, 5 insertions(+), 26 deletions(-) diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index 08b18f064f..db1d69a28e 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb @@ -21,10 +21,12 @@ python do_populate_cve_db() { """ Update NVD database with json data feed """ - +import bb.utils import sqlite3, urllib, urllib.parse, shutil, gzip from datetime import date +bb.utils.export_proxies(d) + BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-"; YEAR_START = 2002 @@ -40,16 +42,6 @@ python do_populate_cve_db() { except OSError: pass -proxy = d.getVar("https_proxy") -if proxy: -# instantiate an opener but do not install it as the global -# opener unless if we're really sure it's applicable for all -# urllib requests -proxy_handler = urllib.request.ProxyHandler({'https': proxy}) -proxy_opener = urllib.request.build_opener(proxy_handler) -else: -proxy_opener = None - cve_f = open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a') if not os.path.isdir(db_dir): @@ -67,15 +59,7 @@ python do_populate_cve_db() { json_url = year_url + ".json.gz" # Retrieve meta last modified date - -response = None - -if proxy_opener: -response = proxy_opener.open(meta_url) -else: -req = urllib.request.Request(meta_url) -response = urllib.request.urlopen(req) - +response = urllib.request.urlopen(meta_url) if response: for l in response.read().decode("utf-8").splitlines(): key, value = l.split(":", 1) @@ -95,12 +79,7 @@ python do_populate_cve_db() { # Update db with current year json file try: -if proxy_opener: -response = proxy_opener.open(json_url) -else: -req = urllib.request.Request(json_url) -response = urllib.request.urlopen(req) - +response = urllib.request.urlopen(json_url) if response: update_db(c, gzip.decompress(response.read()).decode('utf-8')) c.execute("insert or replace into META values (?, ?)", [year, last_modified]) -- 2.20.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [thud-next][PATCH 10/11] cve-check: neaten get_cve_info
From: Ross Burton Remove obsolete Python 2 code, and use convenience methods for neatness. (From OE-Core rev: f19253cc9e70c974a8e21a142086c13d7cde04ff) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- meta/classes/cve-check.bbclass | 18 +- 1 file changed, 5 insertions(+), 13 deletions(-) diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index c1cbdbde7b..e95716d9de 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -261,23 +261,15 @@ def check_cves(d, patched_cves): def get_cve_info(d, cves): """ Get CVE information from the database. - -Unfortunately the only way to get CVE info is set the output to -html (hard to parse) or query directly the database. """ -try: -import sqlite3 -except ImportError: -from pysqlite2 import dbapi2 as sqlite3 +import sqlite3 cve_data = {} -db_file = d.getVar("CVE_CHECK_DB_FILE") -placeholder = ",".join("?" * len(cves)) -query = "SELECT * FROM NVD WHERE id IN (%s)" % placeholder -conn = sqlite3.connect(db_file) -cur = conn.cursor() -for row in cur.execute(query, tuple(cves)): +conn = sqlite3.connect(d.getVar("CVE_CHECK_DB_FILE")) +placeholders = ",".join("?" * len(cves)) +query = "SELECT * FROM NVD WHERE id IN (%s)" % placeholders +for row in conn.execute(query, tuple(cves)): cve_data[row[0]] = {} cve_data[row[0]]["summary"] = row[1] cve_data[row[0]]["scorev2"] = row[2] -- 2.20.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [thud-next][PATCH 11/11] cve-check: fetch CVE data once at a time instead of in a single call
From: Ross Burton This code used to construct a single SQL statement that fetched the NVD data for every CVE requested. For recipes such as the kernel where there are over 2000 CVEs to report this can hit the variable count limit and the query fails with "sqlite3.OperationalError: too many SQL variables". The default limit is 999 variables, but some distributions such as Debian set the default to 25. As the NVD table has an index on the ID column, whilst requesting the data CVE-by-CVE is five times slower when working with 2000 CVEs the absolute time different is insignificant: 0.05s verses 0.01s on my machine. (From OE-Core rev: 53d0cc1e9b7190fa66d7ff1c59518f91b0128d99) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- meta/classes/cve-check.bbclass | 20 ++-- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index e95716d9de..19ed5548b3 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -267,17 +267,17 @@ def get_cve_info(d, cves): cve_data = {} conn = sqlite3.connect(d.getVar("CVE_CHECK_DB_FILE")) -placeholders = ",".join("?" * len(cves)) -query = "SELECT * FROM NVD WHERE id IN (%s)" % placeholders -for row in conn.execute(query, tuple(cves)): -cve_data[row[0]] = {} -cve_data[row[0]]["summary"] = row[1] -cve_data[row[0]]["scorev2"] = row[2] -cve_data[row[0]]["scorev3"] = row[3] -cve_data[row[0]]["modified"] = row[4] -cve_data[row[0]]["vector"] = row[5] -conn.close() +for cve in cves: +for row in conn.execute("SELECT * FROM NVD WHERE ID IS ?", (cve,)): +cve_data[row[0]] = {} +cve_data[row[0]]["summary"] = row[1] +cve_data[row[0]]["scorev2"] = row[2] +cve_data[row[0]]["scorev3"] = row[3] +cve_data[row[0]]["modified"] = row[4] +cve_data[row[0]]["vector"] = row[5] + +conn.close() return cve_data def cve_write_data(d, patched, unpatched, cve_data): -- 2.20.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [zeus][PATCH 1/3] iptables: Cosmetic fixes to recipe
On 12/6/19 12:45 AM, Peter Kjellerstedt wrote: >> -Original Message- >> From: openembedded-core-boun...@lists.openembedded.org > boun...@lists.openembedded.org> On Behalf Of Niko Mauno >> Sent: den 5 december 2019 21:05 >> To: openembedded-core@lists.openembedded.org >> Subject: [OE-core] [zeus][PATCH 1/3] iptables: Cosmetic fixes to recipe >> >> Introduce cosmetic changes to recipe content, most notably >> - Change indentation style to four spaces in task statements > > Unless I'm wrong, the standard for shell code in recipes in > OE-Core is still to indent using tabs. (OpenEmbedded on the > other hand uses four spaces for indentation also for shell > code.) > > //Peter > Thanks Peter, indeed looking at https://www.openembedded.org/wiki/Styleguide#Format_Guidelines mentions that "Shell functions in OE-Core usually use tabs for indentation, but other layers usually use consistent indentation with 4 spaces (in shell functions, python functions and for indentation of multi-line variables)", thus this commits indentation changes in particular could be questioned. I'll try to keep this in mind. Out of curiousity, I now also looked at current master branch's .bb/.inc files (under poky/meta/recipes-*), and it would seem there's about 150 files which resort to 4-space indentation in shell funcs (excluding here cases of 8-space and even 2-space indentation used in some files). Considering the excerpt, are you aware if there has been any discussion wrt. OE-Core also switching to 4-space indentation prevalent in other layers? Just feels it would make sense as currently e.g. a discontinuity in indentation style is implied when bbappending OE-core shell functions from other layers. -Niko >> - Reorder several entries according to oe-stylize.py suggestions >> >> (From OE-Core rev: c1d162b6165f11b7b5ae5c6066e7683d5e1379fc) >> >> Signed-off-by: Niko Mauno >> Signed-off-by: Ross Burton >> Signed-off-by: Richard Purdie >> --- >> .../iptables/iptables_1.8.3.bb| 60 +-- >> 1 file changed, 29 insertions(+), 31 deletions(-) >> >> diff --git a/meta/recipes-extended/iptables/iptables_1.8.3.bb >> b/meta/recipes-extended/iptables/iptables_1.8.3.bb >> index ff9fcb1b53..563c8ae354 100644 >> --- a/meta/recipes-extended/iptables/iptables_1.8.3.bb >> +++ b/meta/recipes-extended/iptables/iptables_1.8.3.bb >> @@ -4,8 +4,9 @@ filtering code in Linux." >> HOMEPAGE = "http://www.netfilter.org/"; >> BUGTRACKER = "http://bugzilla.netfilter.org/"; >> LICENSE = "GPLv2+" >> -LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263\ >> - >> file://iptables/iptables.c;beginline=13;endline=25;md5=c5cffd09974558cf27d >> 0f763df2a12dc" >> +LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ >> + >> file://iptables/iptables.c;beginline=13;endline=25;md5=c5cffd09974558cf27d >> 0f763df2a12dc \ >> +" >> >> SRC_URI = "http://netfilter.org/projects/iptables/files/iptables- >> ${PV}.tar.bz2 \ >> file://0001-configure-Add-option-to-enable-disable- >> libnfnetlink.patch \ >> @@ -13,16 +14,16 @@ SRC_URI = >> "http://netfilter.org/projects/iptables/files/iptables-${PV}.tar.bz2 \ >> file://iptables.service \ >> file://iptables.rules \ >> " >> - >> SRC_URI[md5sum] = "29de711d15c040c402cf3038c69ff513" >> SRC_URI[sha256sum] = >> "a23cac034181206b4545f4e7e730e76e08b5f3dd78771ba9645a6756de9cdd80" >> >> +SYSTEMD_SERVICE_${PN} = "iptables.service" >> + >> inherit autotools pkgconfig systemd >> >> EXTRA_OECONF = "--with-kernel=${STAGING_INCDIR}" >> >> PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}" >> - >> PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," >> >> # libnfnetlink recipe is in meta-networking layer >> @@ -32,9 +33,19 @@ PACKAGECONFIG[libnfnetlink] = "--enable-libnfnetlink,-- >> disable-libnfnetlink,libn >> PACKAGECONFIG[libnftnl] = "--enable-nftables,--disable-nftables,libnftnl" >> >> do_configure_prepend() { >> -# Remove some libtool m4 files >> -# Keep ax_check_linker_flags.m4 which belongs to autoconf- >> archive. >> -rm -f libtool.m4 lt~obsolete.m4 ltoptions.m4 ltsugar.m4 >> ltversion.m4 >> +# Remove some libtool m4 files >> +# Keep ax_check_linker_flags.m4 which be
Re: [OE-core] [zeus][PATCH 1/3] iptables: Cosmetic fixes to recipe
On 12/6/19 1:32 AM, akuster808 wrote: > > > On 12/5/19 12:05 PM, Niko Mauno wrote: >> Introduce cosmetic changes to recipe content, most notably >> - Change indentation style to four spaces in task statements >> - Reorder several entries according to oe-stylize.py suggestions >> >> (From OE-Core rev: c1d162b6165f11b7b5ae5c6066e7683d5e1379fc) >> >> Signed-off-by: Niko Mauno >> Signed-off-by: Ross Burton >> Signed-off-by: Richard Purdie > > These changes do not pass the 'stable' bar for backporting. Unless a > more compelling reason is give, this series is being "NACKed" at this time. > > - armin Thanks for checking Armin. For the record, proposed mainly for complementing the existing systemd-specific automatic ipv4 rules loading functionality with ipv6, particularly since both 'ipv4' and 'ipv6' are enabled in DISTRO_FEATURES by default. -Niko >> --- >> .../iptables/iptables_1.8.3.bb| 60 +-- >> 1 file changed, 29 insertions(+), 31 deletions(-) >> >> diff --git a/meta/recipes-extended/iptables/iptables_1.8.3.bb >> b/meta/recipes-extended/iptables/iptables_1.8.3.bb >> index ff9fcb1b53..563c8ae354 100644 >> --- a/meta/recipes-extended/iptables/iptables_1.8.3.bb >> +++ b/meta/recipes-extended/iptables/iptables_1.8.3.bb >> @@ -4,8 +4,9 @@ filtering code in Linux." >> HOMEPAGE = "http://www.netfilter.org/"; >> BUGTRACKER = "http://bugzilla.netfilter.org/"; >> LICENSE = "GPLv2+" >> -LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263\ >> - >> file://iptables/iptables.c;beginline=13;endline=25;md5=c5cffd09974558cf27d0f763df2a12dc" >> +LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ >> + >> file://iptables/iptables.c;beginline=13;endline=25;md5=c5cffd09974558cf27d0f763df2a12dc >> \ >> +" >> >> SRC_URI = >> "http://netfilter.org/projects/iptables/files/iptables-${PV}.tar.bz2 \ >> >> file://0001-configure-Add-option-to-enable-disable-libnfnetlink.patch \ >> @@ -13,16 +14,16 @@ SRC_URI = >> "http://netfilter.org/projects/iptables/files/iptables-${PV}.tar.bz2 \ >> file://iptables.service \ >> file://iptables.rules \ >> " >> - >> SRC_URI[md5sum] = "29de711d15c040c402cf3038c69ff513" >> SRC_URI[sha256sum] = >> "a23cac034181206b4545f4e7e730e76e08b5f3dd78771ba9645a6756de9cdd80" >> >> +SYSTEMD_SERVICE_${PN} = "iptables.service" >> + >> inherit autotools pkgconfig systemd >> >> EXTRA_OECONF = "--with-kernel=${STAGING_INCDIR}" >> >> PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}" >> - >> PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," >> >> # libnfnetlink recipe is in meta-networking layer >> @@ -32,9 +33,19 @@ PACKAGECONFIG[libnfnetlink] = >> "--enable-libnfnetlink,--disable-libnfnetlink,libn >> PACKAGECONFIG[libnftnl] = "--enable-nftables,--disable-nftables,libnftnl" >> >> do_configure_prepend() { >> -# Remove some libtool m4 files >> -# Keep ax_check_linker_flags.m4 which belongs to autoconf-archive. >> -rm -f libtool.m4 lt~obsolete.m4 ltoptions.m4 ltsugar.m4 ltversion.m4 >> +# Remove some libtool m4 files >> +# Keep ax_check_linker_flags.m4 which belongs to autoconf-archive. >> +rm -f libtool.m4 lt~obsolete.m4 ltoptions.m4 ltsugar.m4 ltversion.m4 >> +} >> + >> +do_install_append() { >> +install -d ${D}${sysconfdir}/iptables >> +install -m 0644 ${WORKDIR}/iptables.rules ${D}${sysconfdir}/iptables >> + >> +install -d ${D}${systemd_system_unitdir} >> +install -m 0644 ${WORKDIR}/iptables.service >> ${D}${systemd_system_unitdir} >> + >> +sed -i -e 's,@SBINDIR@,${sbindir},g' >> ${D}${systemd_system_unitdir}/iptables.service >> } >> >> PACKAGES += "${PN}-modules" >> @@ -47,30 +58,6 @@ python populate_packages_prepend() { >> d.appendVar('RDEPENDS_' + metapkg, ' ' + ' '.join(modules)) >> } >> >> -FILES_${PN} += "${datadir}/xtables" >> - >> -# Include the symlinks as well in respective packages >> -FILES_${PN}-module-xt-conntrack += "${libdir}/xtables/libxt_state.so" >> -FILES_${
[OE-core] [zeus][PATCH] cve-check: Switch to NVD CVE JSON feed version 1.1
Switch to recently released version 1.1 of NVD CVE JSON feed, as in https://nvd.nist.gov/General/News/JSON-1-1-Vulnerability-Feed-Release it is mentioned that Due to changes required to support CVSS v3.1 scoring, the JSON vulnerability feeds must be modified. This will require the consumers of this data to update their internal processes. We will be providing the JSON 1.1 schema on the data feeds page and the information below to prepare for this transition. ... The JSON 1.1 data feeds will be available on September 9th, 2019. At that time the current JSON 1.0 data feeds will no longer available. This change was tested briefly by issuing 'bitbake core-image-minimal' with 'cve-check.bbclass' inherited via local.conf, and then comparing the content between the resulting two 'DEPLOY_DIR_IMAGE/core-image-minimal-qemux86.cve' files, which did not seem to contain any other change, except total of 167 entries like CVSS v3 BASE SCORE: 0.0 were replaced with similar 'CVSS v3 BASE SCORE:' entries which had scores that were greater than '0.0' (up to '9.8'). (From OE-Core rev: cc20e4d8ff2f3aa52a2658404af9a0ff358cc323) Signed-off-by: Niko Mauno Signed-off-by: Richard Purdie --- meta/classes/cve-check.bbclass | 2 +- meta/recipes-core/meta/cve-update-db-native.bb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 19ed5548b3..01b3637469 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -26,7 +26,7 @@ CVE_PRODUCT ??= "${BPN}" CVE_VERSION ??= "${PV}" CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK" -CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.0.db" +CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.1.db" CVE_CHECK_LOG ?= "${T}/cve.log" CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check" diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index db1d69a28e..575254af40 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb @@ -27,7 +27,7 @@ python do_populate_cve_db() { bb.utils.export_proxies(d) -BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-"; +BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-"; YEAR_START = 2002 db_file = d.getVar("CVE_CHECK_DB_FILE") -- 2.20.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [thud][PATCH] cve-check: Switch to NVD CVE JSON feed version 1.1
Switch to recently released version 1.1 of NVD CVE JSON feed, as in https://nvd.nist.gov/General/News/JSON-1-1-Vulnerability-Feed-Release it is mentioned that Due to changes required to support CVSS v3.1 scoring, the JSON vulnerability feeds must be modified. This will require the consumers of this data to update their internal processes. We will be providing the JSON 1.1 schema on the data feeds page and the information below to prepare for this transition. ... The JSON 1.1 data feeds will be available on September 9th, 2019. At that time the current JSON 1.0 data feeds will no longer available. This change was tested briefly by issuing 'bitbake core-image-minimal' with 'cve-check.bbclass' inherited via local.conf, and then comparing the content between the resulting two 'DEPLOY_DIR_IMAGE/core-image-minimal-qemux86.cve' files, which did not seem to contain any other change, except total of 167 entries like CVSS v3 BASE SCORE: 0.0 were replaced with similar 'CVSS v3 BASE SCORE:' entries which had scores that were greater than '0.0' (up to '9.8'). (From OE-Core rev: cc20e4d8ff2f3aa52a2658404af9a0ff358cc323) Signed-off-by: Niko Mauno Signed-off-by: Richard Purdie --- meta/classes/cve-check.bbclass | 2 +- meta/recipes-core/meta/cve-update-db-native.bb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 19ed5548b3..01b3637469 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -26,7 +26,7 @@ CVE_PRODUCT ??= "${BPN}" CVE_VERSION ??= "${PV}" CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK" -CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.0.db" +CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.1.db" CVE_CHECK_LOG ?= "${T}/cve.log" CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check" diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index db1d69a28e..575254af40 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb @@ -27,7 +27,7 @@ python do_populate_cve_db() { bb.utils.export_proxies(d) -BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-"; +BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-"; YEAR_START = 2002 db_file = d.getVar("CVE_CHECK_DB_FILE") -- 2.20.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [meta-oe][PATCH] u-boot: Add coreutils-native to DEPENDS
Coreutils provides 'comm' command which is called during do_compile() from scripts/check-config.sh. This fixes following issues which are otherwise quietly ignored: .../scripts/check-config.sh: line 33: comm: command not found .../scripts/check-config.sh: line 38: comm: command not found Signed-off-by: Niko Mauno --- meta/recipes-bsp/u-boot/u-boot_2017.01.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-bsp/u-boot/u-boot_2017.01.bb b/meta/recipes-bsp/u-boot/u-boot_2017.01.bb index 37c21dcaa3..8b00a8d294 100644 --- a/meta/recipes-bsp/u-boot/u-boot_2017.01.bb +++ b/meta/recipes-bsp/u-boot/u-boot_2017.01.bb @@ -1,4 +1,4 @@ require u-boot-common_${PV}.inc require u-boot.inc -DEPENDS += "bc-native dtc-native" +DEPENDS += "bc-native coreutils-native dtc-native" -- 2.11.0 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] bitbake.conf: Add comm to HOSTTOOLS
This mitigates following issues during u-boot do_compile() step -- otherwise, if comm is not available, they are quietly ignored: .../scripts/check-config.sh: line 33: comm: command not found .../scripts/check-config.sh: line 39: comm: command not found Since 'comm' is provided by coreutils package, adding it to HOSTTOOLS was considered a lower impact fix compared to adding coreutils-native buildtime dependency to u-boot recipe. Signed-off-by: Niko Mauno --- meta/conf/bitbake.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf index 93afb13166..e1d2f3c3e2 100644 --- a/meta/conf/bitbake.conf +++ b/meta/conf/bitbake.conf @@ -473,7 +473,7 @@ HOSTTOOLS_DIR = "${TMPDIR}/hosttools" # Tools needed to run builds with OE-Core HOSTTOOLS += " \ -[ ar as awk basename bash bzip2 cat chgrp chmod chown chrpath cmp cp cpio \ +[ ar as awk basename bash bzip2 cat chgrp chmod chown chrpath cmp comm cp cpio \ cpp cut date dd diff diffstat dirname du echo egrep env expand expr false \ fgrep file find flock g++ gawk gcc getconf getopt git grep gunzip gzip \ head hostname id install ld ldd ln ls make makeinfo md5sum mkdir mknod \ -- 2.11.0 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] bitbake.conf: Add xattr to DISTRO_FEATURES_NATIVE
Commit db1f1adace58763c35774e3fdfeaac5c3ca646fd disabled 'xattr' from DISTRO_FEATURES when native packages are built, whereas for target packages it was retained. This changed eg. mtd-utils-native to build without extended attributes (capabilities) support from there on. Thus even setcap was called succesfully for a binary during pkg_postinst on build host, the capabilities did not exist on target rootfs due to now xattr-less host-side mkfs utility. Adding xattr to DISTRO_FEATURES_NATIVE restores previous behaviour, fixing the discontinuity in capability propagation to target device rootfs. Signed-off-by: Niko Mauno --- meta/conf/bitbake.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf index 93afb13166..411d7cf6f5 100644 --- a/meta/conf/bitbake.conf +++ b/meta/conf/bitbake.conf @@ -808,7 +808,7 @@ IMAGE_FEATURES += "${EXTRA_IMAGE_FEATURES}" # Native distro features (will always be used for -native, even if they # are not enabled for target) -DISTRO_FEATURES_NATIVE ?= "x11 ipv6" +DISTRO_FEATURES_NATIVE ?= "x11 ipv6 xattr" DISTRO_FEATURES_NATIVESDK ?= "x11 libc-charsets libc-locales libc-locale-code" # Normally target distro features will not be applied to native builds: -- 2.11.0 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] package_manager.py: Explicit complementary fail
When running bitbake -c populate_sdk , it is expected that packages matching SDKIMAGE_INSTALL_COMPLEMENTARY name mask (unless declared in PACKAGE_EXCLUDE_COMPLEMENTARY) are installed to resulting SDK. Underlying mechanism issues a package manager install call for set of complementary packages. However the mechanism doesn't seem to inform the user all too obviously in case the package manager command behind install_complementary() method fails -- and since it is combined with attempt_only=True option, user might end up wondering why several *-dev, *-dbg packages are missing from resulting SDK. Improve associated install() method behaviour in affected OpkgPM and DpkgPM classes so that a problematic state of affairs becomes directly obvious for bitbake user, resulting in shell output like: WARNING: someimage-1.0-r0 do_populate_sdk: Unable to install packages. Command '...' returned 1: Collected errors: * Solver encountered 1 problem(s): * Problem 1/1: * - package somepkg-dev-1.0-r0.x86 requires somepkg = 1.0-r0, but none of the providers can be installed * * Solution 1: * - allow deinstallation of someotherpkg-1.1-r1.x86 * - do not ask to install a package providing somepkg-dev * Solution 2: * - do not ask to install a package providing somepkg-dev Signed-off-by: Niko Mauno --- meta/lib/oe/package_manager.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/lib/oe/package_manager.py b/meta/lib/oe/package_manager.py index f7e013437c..4d15d71736 100644 --- a/meta/lib/oe/package_manager.py +++ b/meta/lib/oe/package_manager.py @@ -1069,7 +1069,7 @@ class OpkgPM(OpkgDpkgPM): output = subprocess.check_output(cmd.split(), stderr=subprocess.STDOUT).decode("utf-8") bb.note(output) except subprocess.CalledProcessError as e: -(bb.fatal, bb.note)[attempt_only]("Unable to install packages. " +(bb.fatal, bb.warn)[attempt_only]("Unable to install packages. " "Command '%s' returned %d:\n%s" % (cmd, e.returncode, e.output.decode("utf-8"))) @@ -1368,7 +1368,7 @@ class DpkgPM(OpkgDpkgPM): bb.note("Installing the following packages: %s" % ' '.join(pkgs)) subprocess.check_output(cmd.split(), stderr=subprocess.STDOUT) except subprocess.CalledProcessError as e: -(bb.fatal, bb.note)[attempt_only]("Unable to install packages. " +(bb.fatal, bb.warn)[attempt_only]("Unable to install packages. " "Command '%s' returned %d:\n%s" % (cmd, e.returncode, e.output.decode("utf-8"))) -- 2.11.0 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [RFC PATCH 1/3] Try to ensure 64 bit time on 32 bit glibcful hosts
On related note, in this RFC series I was basing on reference set in https://github.com/lmajewski/meta-y2038/blob/master/conf/distro/y2038.inc#L8 where the author has opted to use TARGET_CPPFLAGS. -Niko On 11/8/22 12:51, Ola x Nilsson wrote: I'm working on the same thing, but I put GLIBC_64BIT_TIME_CPPFLAGS in TARGET_CC_ARCH instead to make sure they applied everywhere. I'd be interested to hear what others think is the best place to put these flags. I'm also looking at QA tests to make sure that no application or shared object is still using 32bit time or file functions from glibc. /Ola On Tue, Nov 08 2022, Niko Mauno via lists.openembedded.org wrote: Add default C Preprocessor flags that ensure Y2038 compatible 64 bit time on 32 bit host applications when glibc is used. Prerequisites are glibc version 2.34 or newer and Linux kernel version 5.1 or newer. Example of impact on 32 bit 'qemuarm' machine running core-image-minimal. Before this change: root@qemuarm:~# /bin/busybox date Sun Nov 6 06:09:39 UTC 2022 root@qemuarm:~# /sbin/hwclock.util-linux -w root@qemuarm:~# /sbin/hwclock.util-linux 2022-11-06 06:09:49.994249+00:00 root@qemuarm:~# /bin/busybox date -s 2040-01-01 date: invalid date '2040-01-01' root@qemuarm:~# /bin/date.coreutils -s 2040-01-01 Sun Jan 1 00:00:00 UTC 2040 root@qemuarm:~# /sbin/hwclock.util-linux -w root@qemuarm:~# /sbin/hwclock.util-linux 1931-03-04 06:26:23.00+00:00 root@qemuarm:~# After this change: root@qemuarm:~# /bin/busybox date Sun Nov 6 06:02:20 UTC 2022 root@qemuarm:~# /sbin/hwclock.util-linux -w root@qemuarm:~# /sbin/hwclock.util-linux 2022-11-06 06:02:27.989730+00:00 root@qemuarm:~# /bin/busybox date -s 2040-01-01 Sun Jan 1 00:00:00 UTC 2040 root@qemuarm:~# /sbin/hwclock.util-linux -w root@qemuarm:~# /sbin/hwclock.util-linux 2040-01-01 00:00:20.992954+00:00 root@qemuarm:~# From here on, the adding of new flags can be disabled on recipe or global level by resetting the value of associated variable containing the CPPFLAGS specific for 64 bit time GLIBC_64BIT_TIME_CPPFLAGS = "" which can be useful e.g. when working around failure to compile a component due to lack of 64 bit time support on 32 bit build in the component's source code. Signed-off-by: Niko Mauno --- meta/conf/distro/include/tclibc-glibc.inc| 3 +++ meta/recipes-devtools/gcc/gcc-sanitizers_12.2.bb | 2 ++ meta/recipes-devtools/pseudo/pseudo_git.bb | 2 ++ 3 files changed, 7 insertions(+) diff --git a/meta/conf/distro/include/tclibc-glibc.inc b/meta/conf/distro/include/tclibc-glibc.inc index f48d16939e..95770298e9 100644 --- a/meta/conf/distro/include/tclibc-glibc.inc +++ b/meta/conf/distro/include/tclibc-glibc.inc @@ -17,6 +17,9 @@ PREFERRED_PROVIDER_virtual/crypt ?= "libxcrypt" CXXFLAGS += "-fvisibility-inlines-hidden" +GLIBC_64BIT_TIME_CPPFLAGS = "-D_TIME_BITS=64 -D_FILE_OFFSET_BITS=64" +TARGET_CPPFLAGS += "${GLIBC_64BIT_TIME_CPPFLAGS}" + LIBC_DEPENDENCIES = "\ glibc \ glibc-dbg \ diff --git a/meta/recipes-devtools/gcc/gcc-sanitizers_12.2.bb b/meta/recipes-devtools/gcc/gcc-sanitizers_12.2.bb index 8bda2ccad6..b3fafa0ea4 100644 --- a/meta/recipes-devtools/gcc/gcc-sanitizers_12.2.bb +++ b/meta/recipes-devtools/gcc/gcc-sanitizers_12.2.bb @@ -5,3 +5,5 @@ require gcc-sanitizers.inc # sanitizer_linux.s:5749: Error: lo register required -- `ldr ip,[sp],#8' ARM_INSTRUCTION_SET:armv4 = "arm" ARM_INSTRUCTION_SET:armv5 = "arm" + +GLIBC_64BIT_TIME_CPPFLAGS = "" diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb index c34580b4ff..7734d0fbb0 100644 --- a/meta/recipes-devtools/pseudo/pseudo_git.bb +++ b/meta/recipes-devtools/pseudo/pseudo_git.bb @@ -19,3 +19,5 @@ PV = "1.9.0+git${SRCPV}" # error: use of undeclared identifier '_STAT_VER' COMPATIBLE_HOST:libc-musl = 'null' + +GLIBC_64BIT_TIME_CPPFLAGS = "" -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#173011): https://lists.openembedded.org/g/openembedded-core/message/173011 Mute This Topic: https://lists.openembedded.org/mt/94880624/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 1/2] systemd: Mitigate /var/tmp type mismatch issue
From: Niko Mauno The base-files recipe provides /var/tmp -> /var/volatile/tmp symlink which is in conflict with systemd upstream tmpfiles.d/tmp.conf which defines it as a directory (or subvolume on btrfs). This generates following error in journal: Jul 03 15:37:21 qemux86-64 systemd-tmpfiles[158]: "/var/tmp" already exists and is not a directory. Mitigate the issue by defining /var/tmp as symlink corresponding to the one created by base-files. Signed-off-by: Niko Mauno --- meta/recipes-core/systemd/systemd/00-create-volatile.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/recipes-core/systemd/systemd/00-create-volatile.conf b/meta/recipes-core/systemd/systemd/00-create-volatile.conf index c4277221a2..043b2ef1d8 100644 --- a/meta/recipes-core/systemd/systemd/00-create-volatile.conf +++ b/meta/recipes-core/systemd/systemd/00-create-volatile.conf @@ -6,3 +6,4 @@ d /run/lock 1777- - - d /var/volatile/log - - - - d /var/volatile/tmp 1777- - +L /var/tmp- - - - /var/volatile/tmp -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#201520): https://lists.openembedded.org/g/openembedded-core/message/201520 Mute This Topic: https://lists.openembedded.org/mt/107033957/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 2/2] systemd: Mitigate /var/log type mismatch issue
From: Niko Mauno When VOLATILE_LOG_DIR evaluates as True, the base-files recipe provides /var/log -> /var/volatile/log symlink which is in conflict with systemd upstream tmpfiles.d/var.conf.in which defines it as a directory. This generates following error in journal: Jul 03 14:28:00 qemux86-64 systemd-tmpfiles[165]: "/var/log" already exists and is not a directory. Mitigate the issue by defining /var/log as symlink corresponding to the one created by base-files, when appropriate. Signed-off-by: Niko Mauno --- meta/recipes-core/systemd/systemd_255.6.bb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/meta/recipes-core/systemd/systemd_255.6.bb b/meta/recipes-core/systemd/systemd_255.6.bb index 0376412f61..db37776fd6 100644 --- a/meta/recipes-core/systemd/systemd_255.6.bb +++ b/meta/recipes-core/systemd/systemd_255.6.bb @@ -313,9 +313,10 @@ do_install() { fi if "${@'true' if oe.types.boolean(d.getVar('VOLATILE_LOG_DIR')) else 'false'}"; then - # /var/log is typically a symbolic link to inside /var/volatile, - # which is expected to be empty. + # base-files recipe provides /var/log which is a symlink to /var/volatile/log rm -rf ${D}${localstatedir}/log + printf 'L\t\t%s/log\t\t-\t-\t-\t-\t%s/volatile/log\n' "${localstatedir}" \ + "${localstatedir}" >>${D}${nonarch_libdir}/tmpfiles.d/00-create-volatile.conf elif [ -e ${D}${localstatedir}/log/journal ]; then chown root:systemd-journal ${D}${localstatedir}/log/journal -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#201521): https://lists.openembedded.org/g/openembedded-core/message/201521 Mute This Topic: https://lists.openembedded.org/mt/107033958/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] Fix missing leading whitespace with ':append'
From: Niko Mauno Mitigate occurrences where ':append' operator is used and leading whitespace character is obviously missing, risking inadvertent string concatenation. Signed-off-by: Niko Mauno --- meta/recipes-devtools/dnf/dnf_4.20.0.bb | 2 +- meta/recipes-graphics/mesa/mesa.inc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-devtools/dnf/dnf_4.20.0.bb b/meta/recipes-devtools/dnf/dnf_4.20.0.bb index 4757346cbf..98edab0614 100644 --- a/meta/recipes-devtools/dnf/dnf_4.20.0.bb +++ b/meta/recipes-devtools/dnf/dnf_4.20.0.bb @@ -18,7 +18,7 @@ SRC_URI = "git://github.com/rpm-software-management/dnf.git;branch=master;protoc file://0001-lock.py-fix-Exception-handling.patch \ " -SRC_URI:append:class-native = "file://0001-dnf-write-the-log-lock-to-root.patch" +SRC_URI:append:class-native = " file://0001-dnf-write-the-log-lock-to-root.patch" SRCREV = "e3cb438c0fd08c79676c0f3276aa7d75cd8557c6" UPSTREAM_CHECK_GITTAGREGEX = "(?P\d+(\.\d+)+)" diff --git a/meta/recipes-graphics/mesa/mesa.inc b/meta/recipes-graphics/mesa/mesa.inc index 272d57c749..d56def2916 100644 --- a/meta/recipes-graphics/mesa/mesa.inc +++ b/meta/recipes-graphics/mesa/mesa.inc @@ -91,7 +91,7 @@ PACKAGECONFIG = " \ ${@bb.utils.contains('DISTRO_FEATURES', 'vulkan', 'zink', '', d)} \ " -PACKAGECONFIG:append:class-native = "gallium-llvm r600" +PACKAGECONFIG:append:class-native = " gallium-llvm r600" # "gbm" requires "opengl" PACKAGECONFIG[gbm] = "-Dgbm=enabled,-Dgbm=disabled" -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#201655): https://lists.openembedded.org/g/openembedded-core/message/201655 Mute This Topic: https://lists.openembedded.org/mt/107121031/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH v2] systemd: Mitigate /var/log type mismatch issue
From: Niko Mauno When VOLATILE_LOG_DIR evaluates as True, the base-files recipe provides /var/log -> /var/volatile/log symlink which is in conflict with systemd upstream tmpfiles.d/var.conf.in which defines it as a directory. This generates following error in journal: Jul 03 14:28:00 qemux86-64 systemd-tmpfiles[165]: "/var/log" already exists and is not a directory. Mitigate the issue by defining /var/log as symlink corresponding to the one created by base-files, when appropriate. Signed-off-by: Niko Mauno --- meta/recipes-core/systemd/systemd_255.6.bb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/meta/recipes-core/systemd/systemd_255.6.bb b/meta/recipes-core/systemd/systemd_255.6.bb index 0376412f61..db37776fd6 100644 --- a/meta/recipes-core/systemd/systemd_255.6.bb +++ b/meta/recipes-core/systemd/systemd_255.6.bb @@ -313,9 +313,10 @@ do_install() { fi if "${@'true' if oe.types.boolean(d.getVar('VOLATILE_LOG_DIR')) else 'false'}"; then - # /var/log is typically a symbolic link to inside /var/volatile, - # which is expected to be empty. + # base-files recipe provides /var/log which is a symlink to /var/volatile/log rm -rf ${D}${localstatedir}/log + printf 'L\t\t%s/log\t\t-\t-\t-\t-\t%s/volatile/log\n' "${localstatedir}" \ + "${localstatedir}" >>${D}${nonarch_libdir}/tmpfiles.d/00-create-volatile.conf elif [ -e ${D}${localstatedir}/log/journal ]; then chown root:systemd-journal ${D}${localstatedir}/log/journal -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#201656): https://lists.openembedded.org/g/openembedded-core/message/201656 Mute This Topic: https://lists.openembedded.org/mt/107121266/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 1/2] systemd: Mitigate /var/tmp type mismatch issue
On 7/4/24 10:49, ChenQi wrote: There's a pending patch from Changqing, which also handles /var/tmp. The title is: [OE-core] [PATCH] VOLATILE_TMP_DIR: Extend to specify the persistence of /var/tmp I think we'd better handle that patch first because you may need to change to the way you used in your second patch to handle this /var/tmp link. Regards, Qi Thanks for pointing this out. While waiting to see what will be the outcome of the aforementioned /var/tmp change, I have resubmitted my /var/log specific patch as v2, as these two patches are independent of each other. -Niko -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#201657): https://lists.openembedded.org/g/openembedded-core/message/201657 Mute This Topic: https://lists.openembedded.org/mt/107033957/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH v2 1/2] mesa: Fix missing leading whitespace with ':append'
From: Niko Mauno By adding a leading space character in the value field of appended BitBake variable, we avoid the risk of inadvertent string concatenation. Signed-off-by: Niko Mauno --- meta/recipes-graphics/mesa/mesa.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-graphics/mesa/mesa.inc b/meta/recipes-graphics/mesa/mesa.inc index 272d57c749..d56def2916 100644 --- a/meta/recipes-graphics/mesa/mesa.inc +++ b/meta/recipes-graphics/mesa/mesa.inc @@ -91,7 +91,7 @@ PACKAGECONFIG = " \ ${@bb.utils.contains('DISTRO_FEATURES', 'vulkan', 'zink', '', d)} \ " -PACKAGECONFIG:append:class-native = "gallium-llvm r600" +PACKAGECONFIG:append:class-native = " gallium-llvm r600" # "gbm" requires "opengl" PACKAGECONFIG[gbm] = "-Dgbm=enabled,-Dgbm=disabled" -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#201668): https://lists.openembedded.org/g/openembedded-core/message/201668 Mute This Topic: https://lists.openembedded.org/mt/107126512/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH v2 2/2] dnf: Fix missing leading whitespace with ':append'
From: Niko Mauno By adding a leading space character in the value field of appended BitBake variable, we avoid the risk of inadvertent string concatenation. Signed-off-by: Niko Mauno --- meta/recipes-devtools/dnf/dnf_4.20.0.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-devtools/dnf/dnf_4.20.0.bb b/meta/recipes-devtools/dnf/dnf_4.20.0.bb index 4757346cbf..98edab0614 100644 --- a/meta/recipes-devtools/dnf/dnf_4.20.0.bb +++ b/meta/recipes-devtools/dnf/dnf_4.20.0.bb @@ -18,7 +18,7 @@ SRC_URI = "git://github.com/rpm-software-management/dnf.git;branch=master;protoc file://0001-lock.py-fix-Exception-handling.patch \ " -SRC_URI:append:class-native = "file://0001-dnf-write-the-log-lock-to-root.patch" +SRC_URI:append:class-native = " file://0001-dnf-write-the-log-lock-to-root.patch" SRCREV = "e3cb438c0fd08c79676c0f3276aa7d75cd8557c6" UPSTREAM_CHECK_GITTAGREGEX = "(?P\d+(\.\d+)+)" -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#201669): https://lists.openembedded.org/g/openembedded-core/message/201669 Mute This Topic: https://lists.openembedded.org/mt/107126515/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [scarthgap][PATCH] dnf/mesa: Fix missing leading whitespace with ':append'
From: Niko Mauno Mitigate occurrences where ':append' operator is used and leading whitespace character is obviously missing, risking inadvertent string concatenation. (From OE-Core rev: 314041fd126a4800a5a5d9fcd84c525319479256) Signed-off-by: Niko Mauno Signed-off-by: Richard Purdie (cherry picked from commit 0b6ca9beeff927bbb6158c71596ac475550559d8) --- meta/recipes-devtools/dnf/dnf_4.19.0.bb | 2 +- meta/recipes-graphics/mesa/mesa.inc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-devtools/dnf/dnf_4.19.0.bb b/meta/recipes-devtools/dnf/dnf_4.19.0.bb index 184dbea963..37a2cc7de2 100644 --- a/meta/recipes-devtools/dnf/dnf_4.19.0.bb +++ b/meta/recipes-devtools/dnf/dnf_4.19.0.bb @@ -18,7 +18,7 @@ SRC_URI = "git://github.com/rpm-software-management/dnf.git;branch=master;protoc file://0001-lock.py-fix-Exception-handling.patch \ " -SRC_URI:append:class-native = "file://0001-dnf-write-the-log-lock-to-root.patch" +SRC_URI:append:class-native = " file://0001-dnf-write-the-log-lock-to-root.patch" SRCREV = "566a61f9d8a2830ac6dcc3a94c59224cef1c3d03" UPSTREAM_CHECK_GITTAGREGEX = "(?P\d+(\.\d+)+)" diff --git a/meta/recipes-graphics/mesa/mesa.inc b/meta/recipes-graphics/mesa/mesa.inc index 77e9c80fcb..a43fd2c701 100644 --- a/meta/recipes-graphics/mesa/mesa.inc +++ b/meta/recipes-graphics/mesa/mesa.inc @@ -91,7 +91,7 @@ PACKAGECONFIG = " \ ${@bb.utils.contains('DISTRO_FEATURES', 'vulkan', 'zink', '', d)} \ " -PACKAGECONFIG:append:class-native = "gallium-llvm r600" +PACKAGECONFIG:append:class-native = " gallium-llvm r600" # "gbm" requires "opengl" PACKAGECONFIG[gbm] = "-Dgbm=enabled,-Dgbm=disabled" -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#201747): https://lists.openembedded.org/g/openembedded-core/message/201747 Mute This Topic: https://lists.openembedded.org/mt/107151006/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] libyaml: Amend CVE status as 'upstream-wontfix'
From: Niko Mauno Use an existing defined CVE_CHECK_STATUSMAP key in meta/lib/oe/cve_check.py in order to avoid following complaint from BitBake: WARNING: libyaml-native-0.2.5-r0 do_create_spdx: Invalid detail "wontfix" for CVE_STATUS[CVE-2024-35328] = "wontfix: Upstream thinks there is no working code that is exploitable - https://github.com/yaml/libyaml/issues/302";, fallback to Unpatched Signed-off-by: Niko Mauno --- meta/recipes-support/libyaml/libyaml_0.2.5.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-support/libyaml/libyaml_0.2.5.bb b/meta/recipes-support/libyaml/libyaml_0.2.5.bb index 2154910d0c..1c6a5fcb45 100644 --- a/meta/recipes-support/libyaml/libyaml_0.2.5.bb +++ b/meta/recipes-support/libyaml/libyaml_0.2.5.bb @@ -18,6 +18,6 @@ inherit autotools DISABLE_STATIC:class-nativesdk = "" DISABLE_STATIC:class-native = "" -CVE_STATUS[CVE-2024-35328] = "wontfix: Upstream thinks there is no working code that is exploitable - https://github.com/yaml/libyaml/issues/302"; +CVE_STATUS[CVE-2024-35328] = "upstream-wontfix: Upstream thinks there is no working code that is exploitable - https://github.com/yaml/libyaml/issues/302"; BBCLASSEXTEND = "native nativesdk" -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#202729): https://lists.openembedded.org/g/openembedded-core/message/202729 Mute This Topic: https://lists.openembedded.org/mt/107662504/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [scarthgap][PATCH] libyaml: Fix warning regarding unpatched CVE
This commit incorporates changes in following master branch commits: f3479f74c9 libyaml: Amend CVE status as 'upstream-wontfix' 3ebb2ca832 libyaml: Change CVE status to wontfix 56b6b35626 libyaml: Update status of CVE-2024-35328 which mitigate the following warning with cve-check.bbclass: WARNING: libyaml-native-0.2.5-r0 do_cve_check: Found unpatched CVE (CVE-2024-35328), for more information check .../tmp/work/x86_64-linux/libyaml-native/0.2.5/temp/cve.log Signed-off-by: Niko Mauno --- meta/recipes-support/libyaml/libyaml_0.2.5.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-support/libyaml/libyaml_0.2.5.bb b/meta/recipes-support/libyaml/libyaml_0.2.5.bb index 4cb5717ece..1c6a5fcb45 100644 --- a/meta/recipes-support/libyaml/libyaml_0.2.5.bb +++ b/meta/recipes-support/libyaml/libyaml_0.2.5.bb @@ -18,4 +18,6 @@ inherit autotools DISABLE_STATIC:class-nativesdk = "" DISABLE_STATIC:class-native = "" +CVE_STATUS[CVE-2024-35328] = "upstream-wontfix: Upstream thinks there is no working code that is exploitable - https://github.com/yaml/libyaml/issues/302"; + BBCLASSEXTEND = "native nativesdk" -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#202933): https://lists.openembedded.org/g/openembedded-core/message/202933 Mute This Topic: https://lists.openembedded.org/mt/107699684/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [scarthgap][PATCH 1/2] systemd: Mitigate /var/log type mismatch issue
When VOLATILE_LOG_DIR evaluates as True, the base-files recipe provides /var/log -> /var/volatile/log symlink which is in conflict with systemd upstream tmpfiles.d/var.conf.in which defines it as a directory. This generates following error in journal: Jul 03 14:28:00 qemux86-64 systemd-tmpfiles[165]: "/var/log" already exists and is not a directory. Mitigate the issue by defining /var/log as symlink corresponding to the one created by base-files, when appropriate. (From OE-Core rev: 711ee36e88c8968e3c45ea787b3adcf64352adf9) Signed-off-by: Niko Mauno Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie --- meta/recipes-core/systemd/systemd_255.4.bb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/meta/recipes-core/systemd/systemd_255.4.bb b/meta/recipes-core/systemd/systemd_255.4.bb index f58a1bc2b6..0ccca8a567 100644 --- a/meta/recipes-core/systemd/systemd_255.4.bb +++ b/meta/recipes-core/systemd/systemd_255.4.bb @@ -307,9 +307,10 @@ do_install() { fi if "${@'true' if oe.types.boolean(d.getVar('VOLATILE_LOG_DIR')) else 'false'}"; then - # /var/log is typically a symbolic link to inside /var/volatile, - # which is expected to be empty. + # base-files recipe provides /var/log which is a symlink to /var/volatile/log rm -rf ${D}${localstatedir}/log + printf 'L\t\t%s/log\t\t-\t-\t-\t-\t%s/volatile/log\n' "${localstatedir}" \ + "${localstatedir}" >>${D}${nonarch_libdir}/tmpfiles.d/00-create-volatile.conf elif [ -e ${D}${localstatedir}/log/journal ]; then chown root:systemd-journal ${D}${localstatedir}/log/journal -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#203176): https://lists.openembedded.org/g/openembedded-core/message/203176 Mute This Topic: https://lists.openembedded.org/mt/107809461/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [scarthgap][PATCH 2/2] systemd: Mitigate /var/tmp type mismatch issue
The base-files recipe provides /var/tmp -> /var/volatile/tmp symlink which is in conflict with systemd upstream tmpfiles.d/tmp.conf which defines it as a directory (or subvolume on btrfs). This generates following error in journal: Jul 03 15:37:21 qemux86-64 systemd-tmpfiles[158]: "/var/tmp" already exists and is not a directory. Mitigate the issue by defining /var/tmp as symlink corresponding to the one created by base-files. (From OE-Core rev: 1f1f6f45e3cfe24dfee8a09d01a5d32f3080e381) Signed-off-by: Niko Mauno Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie --- meta/recipes-core/systemd/systemd/00-create-volatile.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/recipes-core/systemd/systemd/00-create-volatile.conf b/meta/recipes-core/systemd/systemd/00-create-volatile.conf index c4277221a2..043b2ef1d8 100644 --- a/meta/recipes-core/systemd/systemd/00-create-volatile.conf +++ b/meta/recipes-core/systemd/systemd/00-create-volatile.conf @@ -6,3 +6,4 @@ d /run/lock 1777- - - d /var/volatile/log - - - - d /var/volatile/tmp 1777- - +L /var/tmp- - - - /var/volatile/tmp -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#203177): https://lists.openembedded.org/g/openembedded-core/message/203177 Mute This Topic: https://lists.openembedded.org/mt/107809464/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] image_types.bbclass: Use --force also with lz4,lzop
Several conversion commands already make use of 'force' option in the compression, which enables overwriting existing files without prompting. Since occasionally an existing residual destination file from a previously aborted or failed task can prevent the re-execution of the conversion command task, by enabling the 'force' option also for lz4 and lzop compression commands we can avoid following kind of BitBake failures with these compressors: | DEBUG: Executing shell function do_image_cpio | 117685 blocks | 2 blocks | example-image.cpio.lz4 already exists; do you want to overwrite (y/N) ? not overwritten | Error 20 : example-image.cpio : open file error | WARNING: exit code 20 from a shell command. ERROR: Task (.../recipes-core/images/example-image.bb:do_image_cpio) failed with exit code '1' Signed-off-by: Niko Mauno --- meta/classes-recipe/image_types.bbclass | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/classes-recipe/image_types.bbclass b/meta/classes-recipe/image_types.bbclass index 506b9934cb..b230add314 100644 --- a/meta/classes-recipe/image_types.bbclass +++ b/meta/classes-recipe/image_types.bbclass @@ -337,8 +337,8 @@ CONVERSION_CMD:lzma = "lzma -k -f -7 ${IMAGE_NAME}.${type}" CONVERSION_CMD:gz = "gzip -f -9 -n -c --rsyncable ${IMAGE_NAME}.${type} > ${IMAGE_NAME}.${type}.gz" CONVERSION_CMD:bz2 = "pbzip2 -f -k ${IMAGE_NAME}.${type}" CONVERSION_CMD:xz = "xz -f -k -c ${XZ_COMPRESSION_LEVEL} ${XZ_DEFAULTS} --check=${XZ_INTEGRITY_CHECK} ${IMAGE_NAME}.${type} > ${IMAGE_NAME}.${type}.xz" -CONVERSION_CMD:lz4 = "lz4 -9 -z -l ${IMAGE_NAME}.${type} ${IMAGE_NAME}.${type}.lz4" -CONVERSION_CMD:lzo = "lzop -9 ${IMAGE_NAME}.${type}" +CONVERSION_CMD:lz4 = "lz4 -f -9 -z -l ${IMAGE_NAME}.${type} ${IMAGE_NAME}.${type}.lz4" +CONVERSION_CMD:lzo = "lzop -f -9 ${IMAGE_NAME}.${type}" CONVERSION_CMD:zip = "zip ${ZIP_COMPRESSION_LEVEL} ${IMAGE_NAME}.${type}.zip ${IMAGE_NAME}.${type}" CONVERSION_CMD:7zip = "7za a -mx=${7ZIP_COMPRESSION_LEVEL} -mm=${7ZIP_COMPRESSION_METHOD} ${IMAGE_NAME}.${type}.${7ZIP_EXTENSION} ${IMAGE_NAME}.${type}" CONVERSION_CMD:zst = "zstd -f -k -c ${ZSTD_DEFAULTS} ${IMAGE_NAME}.${type} > ${IMAGE_NAME}.${type}.zst" -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#203226): https://lists.openembedded.org/g/openembedded-core/message/203226 Mute This Topic: https://lists.openembedded.org/mt/107857522/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [scarthgap][PATCH] image_types.bbclass: Use --force also with lz4,lzop
Several conversion commands already make use of 'force' option in the compression, which enables overwriting existing files without prompting. Since occasionally an existing residual destination file from a previously aborted or failed task can prevent the re-execution of the conversion command task, by enabling the 'force' option also for lz4 and lzop compression commands we can avoid following kind of BitBake failures with these compressors: | DEBUG: Executing shell function do_image_cpio | 117685 blocks | 2 blocks | example-image.cpio.lz4 already exists; do you want to overwrite (y/N) ? not overwritten | Error 20 : example-image.cpio : open file error | WARNING: exit code 20 from a shell command. ERROR: Task (.../recipes-core/images/example-image.bb:do_image_cpio) failed with exit code '1' (From OE-Core rev: 623ab22434909f10aaf613cd3032cc2a2c6e3ff9) Signed-off-by: Niko Mauno Signed-off-by: Richard Purdie --- meta/classes-recipe/image_types.bbclass | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/classes-recipe/image_types.bbclass b/meta/classes-recipe/image_types.bbclass index 2f948ecbf8..28afff4571 100644 --- a/meta/classes-recipe/image_types.bbclass +++ b/meta/classes-recipe/image_types.bbclass @@ -335,8 +335,8 @@ CONVERSION_CMD:lzma = "lzma -k -f -7 ${IMAGE_NAME}.${type}" CONVERSION_CMD:gz = "gzip -f -9 -n -c --rsyncable ${IMAGE_NAME}.${type} > ${IMAGE_NAME}.${type}.gz" CONVERSION_CMD:bz2 = "pbzip2 -f -k ${IMAGE_NAME}.${type}" CONVERSION_CMD:xz = "xz -f -k -c ${XZ_COMPRESSION_LEVEL} ${XZ_DEFAULTS} --check=${XZ_INTEGRITY_CHECK} ${IMAGE_NAME}.${type} > ${IMAGE_NAME}.${type}.xz" -CONVERSION_CMD:lz4 = "lz4 -9 -z -l ${IMAGE_NAME}.${type} ${IMAGE_NAME}.${type}.lz4" -CONVERSION_CMD:lzo = "lzop -9 ${IMAGE_NAME}.${type}" +CONVERSION_CMD:lz4 = "lz4 -f -9 -z -l ${IMAGE_NAME}.${type} ${IMAGE_NAME}.${type}.lz4" +CONVERSION_CMD:lzo = "lzop -f -9 ${IMAGE_NAME}.${type}" CONVERSION_CMD:zip = "zip ${ZIP_COMPRESSION_LEVEL} ${IMAGE_NAME}.${type}.zip ${IMAGE_NAME}.${type}" CONVERSION_CMD:7zip = "7za a -mx=${7ZIP_COMPRESSION_LEVEL} -mm=${7ZIP_COMPRESSION_METHOD} ${IMAGE_NAME}.${type}.${7ZIP_EXTENSION} ${IMAGE_NAME}.${type}" CONVERSION_CMD:zst = "zstd -f -k -c ${ZSTD_DEFAULTS} ${IMAGE_NAME}.${type} > ${IMAGE_NAME}.${type}.zst" -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#203260): https://lists.openembedded.org/g/openembedded-core/message/203260 Mute This Topic: https://lists.openembedded.org/mt/107873199/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] util-linux: Add 'no-libmount-mountfd' PACKAGECONFIG option
The 2.39 version of util-linux took new file descriptors based mount kernel API into use. In relation to this change, the upstream release notes in https://github.com/util-linux/util-linux/blob/v2.39/Documentation/releases/v2.39-ReleaseNotes#L14-L21 mention that This change is very aggressive to libmount code, but hopefully, it does not introduce regressions in traditional mount(8) behavior. While testing with a board using a 6.1 version kernel, an initramfs rootfs based boot flow contains the error [FAILED] Failed to start Remount Root and Kernel File Systems. See 'systemctl status systemd-remount-fs.service' for details. on closer inspection: demoboard ~ # systemctl status -l systemd-remount-fs.service x systemd-remount-fs.service - Remount Root and Kernel File Systems Loaded: loaded (/usr/lib/systemd/system/systemd-remount-fs.service; enabled-runtime; preset: disabled) Active: failed (Result: exit-code) since Wed 2024-08-14 14:53:48 UTC; 1min 22s ago Docs: man:systemd-remount-fs.service(8) https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems Process: 76 ExecStart=/usr/lib/systemd/systemd-remount-fs (code=exited, status=1/FAILURE) Main PID: 76 (code=exited, status=1/FAILURE) Aug 14 14:53:48 demoboard systemd-remount-fs[76]: /usr/bin/mount for / exited with exit status 32. Aug 14 14:53:48 demoboard systemd-remount-fs[81]: mount: /: mount point not mounted or bad option. Aug 14 14:53:48 demoboard systemd-remount-fs[81]:dmesg(1) may have more information after failed mount system call. Aug 14 14:53:48 demoboard systemd[1]: systemd-remount-fs.service: Main process exited, code=exited, status=1/FAILURE Aug 14 14:53:48 demoboard systemd[1]: systemd-remount-fs.service: Failed with result 'exit-code'. Aug 14 14:53:48 demoboard systemd[1]: Failed to start Remount Root and Kernel File Systems. also consequentially, 'systemctl status' reported: State: degraded When issuing 'strace -ff mount -o remount /' the failure occurs at mount_setattr(3, "", AT_EMPTY_PATH, {attr_set=MOUNT_ATTR_RDONLY|MOUNT_ATTR_NOATIME|MOUNT_ATTR_NODIRATIME, attr_clr=MOUNT_ATTR_NOSUID|MOUNT_ATTR_NODEV|MOUNT_ATTR_NOEXEC|MOUNT_ATTR_NOATIME|MOUNT_ATTR_STRICTATIME|MOUNT_ATTR_NOSYMFOLLOW|0x40, propagation=0 /* MS_??? */, userns_fd=0}, 32) = -1 EINVAL (Invalid argument) however the failure didn't occur when using qemuarm64 with 6.6 version kernel to boot a corresponding initramfs image, in that case the exact same call under strace returned 0. Taking the above findings into consideration, add a new PACKAGECONFIG option which allows to conveniently opt-out from prematurely using a feature which can cause issues with a bit older kernels. Signed-off-by: Niko Mauno --- meta/recipes-core/util-linux/util-linux_2.40.1.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/recipes-core/util-linux/util-linux_2.40.1.bb b/meta/recipes-core/util-linux/util-linux_2.40.1.bb index a1aab94055..3ecc55f61e 100644 --- a/meta/recipes-core/util-linux/util-linux_2.40.1.bb +++ b/meta/recipes-core/util-linux/util-linux_2.40.1.bb @@ -107,6 +107,7 @@ PACKAGECONFIG[cryptsetup] = "--with-cryptsetup,--without-cryptsetup,cryptsetup" PACKAGECONFIG[chfn-chsh] = "--enable-chfn-chsh,--disable-chfn-chsh," PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux" PACKAGECONFIG[lastlog2] = "--enable-liblastlog2,--disable-liblastlog2,sqlite3" +PACKAGECONFIG[no-libmount-mountfd] = "--disable-libmount-mountfd-support" EXTRA_OEMAKE = "ARCH=${TARGET_ARCH} CPU= CPUOPT= 'OPT=${CFLAGS}'" -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#203466): https://lists.openembedded.org/g/openembedded-core/message/203466 Mute This Topic: https://lists.openembedded.org/mt/107932364/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [kirkstone][PATCH] image_types.bbclass: Use --force also with lz4,lzop
Several conversion commands already make use of 'force' option in the compression, which enables overwriting existing files without prompting. Since occasionally an existing residual destination file from a previously aborted or failed task can prevent the re-execution of the conversion command task, by enabling the 'force' option also for lz4 and lzop compression commands we can avoid following kind of BitBake failures with these compressors: | DEBUG: Executing shell function do_image_cpio | 117685 blocks | 2 blocks | example-image.cpio.lz4 already exists; do you want to overwrite (y/N) ? not overwritten | Error 20 : example-image.cpio : open file error | WARNING: exit code 20 from a shell command. ERROR: Task (.../recipes-core/images/example-image.bb:do_image_cpio) failed with exit code '1' (From OE-Core rev: 623ab22434909f10aaf613cd3032cc2a2c6e3ff9) Signed-off-by: Niko Mauno Signed-off-by: Richard Purdie --- meta/classes/image_types.bbclass | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/classes/image_types.bbclass b/meta/classes/image_types.bbclass index 9d5f8c68a4..72245019f4 100644 --- a/meta/classes/image_types.bbclass +++ b/meta/classes/image_types.bbclass @@ -292,8 +292,8 @@ CONVERSION_CMD:lzma = "lzma -k -f -7 ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}" CONVERSION_CMD:gz = "gzip -f -9 -n -c --rsyncable ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} > ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.gz" CONVERSION_CMD:bz2 = "pbzip2 -f -k ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}" CONVERSION_CMD:xz = "xz -f -k -c ${XZ_COMPRESSION_LEVEL} ${XZ_DEFAULTS} --check=${XZ_INTEGRITY_CHECK} ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} > ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.xz" -CONVERSION_CMD:lz4 = "lz4 -9 -z -l ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.lz4" -CONVERSION_CMD:lzo = "lzop -9 ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}" +CONVERSION_CMD:lz4 = "lz4 -f -9 -z -l ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.lz4" +CONVERSION_CMD:lzo = "lzop -f -9 ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}" CONVERSION_CMD:zip = "zip ${ZIP_COMPRESSION_LEVEL} ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.zip ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}" CONVERSION_CMD:zst = "zstd -f -k -T0 -c ${ZSTD_COMPRESSION_LEVEL} ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} > ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.zst" CONVERSION_CMD:sum = "sumtool -i ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} -o ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.sum ${JFFS2_SUM_EXTRA_ARGS}" -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#203468): https://lists.openembedded.org/g/openembedded-core/message/203468 Mute This Topic: https://lists.openembedded.org/mt/107932951/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH v2] util-linux: Add PACKAGECONFIG option to mitigate rootfs remount error
The 2.39 version of util-linux took new file descriptors based mount kernel API into use. In relation to this change, the upstream release notes in https://github.com/util-linux/util-linux/blob/v2.39/Documentation/releases/v2.39-ReleaseNotes#L14-L21 mention that This change is very aggressive to libmount code, but hopefully, it does not introduce regressions in traditional mount(8) behavior. After observing following failure when booting a board using a bit older 6.1 series kernel together with initramfs rootfs based boot flow [FAILED] Failed to start Remount Root and Kernel File Systems. See 'systemctl status systemd-remount-fs.service' for details. closer inspection revealed: demoboard ~ # systemctl status -l systemd-remount-fs.service x systemd-remount-fs.service - Remount Root and Kernel File Systems Loaded: loaded (/usr/lib/systemd/system/systemd-remount-fs.service; enabled-runtime; preset: disabled) Active: failed (Result: exit-code) since Wed 2024-08-14 14:53:48 UTC; 1min 22s ago Docs: man:systemd-remount-fs.service(8) https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems Process: 76 ExecStart=/usr/lib/systemd/systemd-remount-fs (code=exited, status=1/FAILURE) Main PID: 76 (code=exited, status=1/FAILURE) Aug 14 14:53:48 demoboard systemd-remount-fs[76]: /usr/bin/mount for / exited with exit status 32. Aug 14 14:53:48 demoboard systemd-remount-fs[81]: mount: /: mount point not mounted or bad option. Aug 14 14:53:48 demoboard systemd-remount-fs[81]:dmesg(1) may have more information after failed mount system call. Aug 14 14:53:48 demoboard systemd[1]: systemd-remount-fs.service: Main process exited, code=exited, status=1/FAILURE Aug 14 14:53:48 demoboard systemd[1]: systemd-remount-fs.service: Failed with result 'exit-code'. Aug 14 14:53:48 demoboard systemd[1]: Failed to start Remount Root and Kernel File Systems. also consequentially, 'systemctl status' reported: State: degraded When issuing 'strace -ff mount -o remount /' the failure occurred at mount_setattr(3, "", AT_EMPTY_PATH, {attr_set=MOUNT_ATTR_RDONLY|MOUNT_ATTR_NOATIME|MOUNT_ATTR_NODIRATIME, attr_clr=MOUNT_ATTR_NOSUID|MOUNT_ATTR_NODEV|MOUNT_ATTR_NOEXEC|MOUNT_ATTR_NOATIME|MOUNT_ATTR_STRICTATIME|MOUNT_ATTR_NOSYMFOLLOW|0x40, propagation=0 /* MS_??? */, userns_fd=0}, 32) = -1 EINVAL (Invalid argument) After further investigation, The issue was pinpointed to lack of Linux kernel commit https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=95de4ad173ca0e61034f3145d66917970961c210 ("fs: relax mount_setattr() permission checks") in the kernel version that was being used. Above mitigation was discussed in email related to then-rejected CVE-2024-26821: https://lore.kernel.org/linux-cve-announce/2024051606-imaging-entrench-b327@gregkh/T/ After testing with qemuarm64 machine different linux-yocto versions, it was observed that the issue impacts following versions of currently supported LTS kernels: - 6.6.17 (fixed since 6.6.18 i.e. mount_setattr() returns 0) - 6.1.78 (fixed since 6.1.79 i.e. mount_setattr() returns 0) - 5.15.164 which is currently the newest of 5.15.y series (i.e. no known working version) Taking the above findings into consideration, add a new PACKAGECONFIG option which by default opts users out from using the feature which can cause issues with some older kernels. Versions 5.10.223, 5.4.279 and 4.10.317 were also tested but the issue was not reproduced with those versions - using strace showed that the mount_setattr call associated with the new mount API problem was not issued with these LTS kernel versions, which seemed to be confirmed also by following libmount debug message in these cases: 415: libmount: HOOK: [0x7fa115e818]: failed to init new API Note: In addition to the aforementioned, this change was tested also briefly using the current latest kernel versions 6.1.104, 6.6.45 and 6.10.3 that using the old mount API with newest kernels did not introduce any observable regression to the boot flow. Signed-off-by: Niko Mauno --- meta/recipes-core/util-linux/util-linux_2.40.1.bb | 7 +++ 1 file changed, 7 insertions(+) diff --git a/meta/recipes-core/util-linux/util-linux_2.40.1.bb b/meta/recipes-core/util-linux/util-linux_2.40.1.bb index a1aab94055..2d89eb6745 100644 --- a/meta/recipes-core/util-linux/util-linux_2.40.1.bb +++ b/meta/recipes-core/util-linux/util-linux_2.40.1.bb @@ -107,6 +107,13 @@ PACKAGECONFIG[cryptsetup] = "--with-cryptsetup,--without-cryptsetup,cryptsetup" PACKAGECONFIG[chfn-chsh] = "--enable-chfn-chsh,--disable-chfn-chsh," PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux" PACKAGECONFIG[lastlog2] = "--enable-liblastlog2,--disable-liblastlog2,sqlite3" +# Using the new file descriptors based mount kernel API can cause root
Re: [OE-core] [PATCH] util-linux: Add 'no-libmount-mountfd' PACKAGECONFIG option
On 16.8.2024 17.24, Alexander Kanavin wrote: On Fri, 16 Aug 2024 at 16:04, Niko Mauno via lists.openembedded.org wrote: Taking the above findings into consideration, add a new PACKAGECONFIG option which allows to conveniently opt-out from prematurely using a feature which can cause issues with a bit older kernels. +PACKAGECONFIG[no-libmount-mountfd] = "--disable-libmount-mountfd-support" The option's definition should include both enabling and disabling options so that the resulting component configuration is deterministic (e.g. not left to autodetection by upstream) both when it's enabled and when it is not. It also helps to add a comment just above explaining that only the newer kernels have the required API, and ideally also mention which is the minimum required kernel version. Thanks, submitted v2 which addresses aforementioned aspects, and also now defaults to disabling the new mount API by default. -Niko -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#203487): https://lists.openembedded.org/g/openembedded-core/message/203487 Mute This Topic: https://lists.openembedded.org/mt/107932364/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH v3] util-linux: Add PACKAGECONFIG option to mitigate rootfs remount error
The 2.39 version of util-linux took new file descriptors based mount kernel API into use. In relation to this change, the upstream release notes in https://github.com/util-linux/util-linux/blob/v2.39/Documentation/releases/v2.39-ReleaseNotes#L14-L21 mention that This change is very aggressive to libmount code, but hopefully, it does not introduce regressions in traditional mount(8) behavior. After observing following failure when booting a board using a bit older 6.1 series kernel together with initramfs rootfs based boot flow [FAILED] Failed to start Remount Root and Kernel File Systems. See 'systemctl status systemd-remount-fs.service' for details. closer inspection revealed: demoboard ~ # systemctl status -l systemd-remount-fs.service x systemd-remount-fs.service - Remount Root and Kernel File Systems Loaded: loaded (/usr/lib/systemd/system/systemd-remount-fs.service; enabled-runtime; preset: disabled) Active: failed (Result: exit-code) since Wed 2024-08-14 14:53:48 UTC; 1min 22s ago Docs: man:systemd-remount-fs.service(8) https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems Process: 76 ExecStart=/usr/lib/systemd/systemd-remount-fs (code=exited, status=1/FAILURE) Main PID: 76 (code=exited, status=1/FAILURE) Aug 14 14:53:48 demoboard systemd-remount-fs[76]: /usr/bin/mount for / exited with exit status 32. Aug 14 14:53:48 demoboard systemd-remount-fs[81]: mount: /: mount point not mounted or bad option. Aug 14 14:53:48 demoboard systemd-remount-fs[81]:dmesg(1) may have more information after failed mount system call. Aug 14 14:53:48 demoboard systemd[1]: systemd-remount-fs.service: Main process exited, code=exited, status=1/FAILURE Aug 14 14:53:48 demoboard systemd[1]: systemd-remount-fs.service: Failed with result 'exit-code'. Aug 14 14:53:48 demoboard systemd[1]: Failed to start Remount Root and Kernel File Systems. also consequentially, 'systemctl status' reported: State: degraded When issuing 'strace -ff mount -o remount /' the failure occurred at mount_setattr(3, "", AT_EMPTY_PATH, {attr_set=MOUNT_ATTR_RDONLY|MOUNT_ATTR_NOATIME|MOUNT_ATTR_NODIRATIME, attr_clr=MOUNT_ATTR_NOSUID|MOUNT_ATTR_NODEV|MOUNT_ATTR_NOEXEC|MOUNT_ATTR_NOATIME|MOUNT_ATTR_STRICTATIME|MOUNT_ATTR_NOSYMFOLLOW|0x40, propagation=0 /* MS_??? */, userns_fd=0}, 32) = -1 EINVAL (Invalid argument) After further investigation, The issue was pinpointed to lack of Linux kernel commit https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=95de4ad173ca0e61034f3145d66917970961c210 ("fs: relax mount_setattr() permission checks") in the kernel version that was being used. Above mitigation was discussed in email related to then-rejected CVE-2024-26821: https://lore.kernel.org/linux-cve-announce/2024051606-imaging-entrench-b327@gregkh/T/ After testing with qemuarm64 machine different linux-yocto versions, it was observed that the issue impacts following versions of currently supported LTS kernels: - 6.6.17 (fixed since 6.6.18 i.e. mount_setattr() returns 0) - 6.1.78 (fixed since 6.1.79 i.e. mount_setattr() returns 0) - 5.15.164 which is currently the newest of 5.15.y series (i.e. no known working version) Taking the above findings into consideration, add a new PACKAGECONFIG option which allows to conveniently opt-out from prematurely using a feature which can cause issues with a bit older kernels. Versions 5.10.223, 5.4.279 and 4.10.317 were also tested but the issue was not reproduced with those versions - using strace showed that the mount_setattr call associated with the new mount API problem was not issued with these LTS kernel versions, which seemed to be confirmed also by following libmount debug message in these cases: 415: libmount: HOOK: [0x7fa115e818]: failed to init new API Note: In addition to the aforementioned, this change was tested also briefly using the current latest kernel versions 6.1.104, 6.6.45 and 6.10.3 that using the old mount API with newest kernels did not introduce any observable regression to the boot flow. Signed-off-by: Niko Mauno --- meta/recipes-core/util-linux/util-linux_2.40.1.bb | 7 +++ 1 file changed, 7 insertions(+) diff --git a/meta/recipes-core/util-linux/util-linux_2.40.1.bb b/meta/recipes-core/util-linux/util-linux_2.40.1.bb index a1aab94055..e87657cc70 100644 --- a/meta/recipes-core/util-linux/util-linux_2.40.1.bb +++ b/meta/recipes-core/util-linux/util-linux_2.40.1.bb @@ -107,6 +107,13 @@ PACKAGECONFIG[cryptsetup] = "--with-cryptsetup,--without-cryptsetup,cryptsetup" PACKAGECONFIG[chfn-chsh] = "--enable-chfn-chsh,--disable-chfn-chsh," PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux" PACKAGECONFIG[lastlog2] = "--enable-liblastlog2,--disable-liblastlog2,sqlite3" +# Using the new file descriptors based mount kernel API
Re: [OE-core] [PATCH v2] util-linux: Add PACKAGECONFIG option to mitigate rootfs remount error
On 19.8.2024 11.27, Alexander Kanavin wrote: I don’t think this should be disabled by default actually. If the default upstream behavior is to enable, and all current linux-yocto kernels have the needed support, then we should follow that. Thanks, addressed in v3 which I just submitted. -Niko -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#203496): https://lists.openembedded.org/g/openembedded-core/message/203496 Mute This Topic: https://lists.openembedded.org/mt/107977031/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH v3] util-linux: Add PACKAGECONFIG option to mitigate rootfs remount error
Sorry, the comments added in this v3 still adhere to v2 content. I will still submit v4 soon which amends to added comment lines. -Niko On 19.8.2024 12.29, Alexander Kanavin wrote: Thanks, this version lgtm. Alex On Mon, 19 Aug 2024 at 11:27, Niko Mauno via lists.openembedded.org wrote: The 2.39 version of util-linux took new file descriptors based mount kernel API into use. In relation to this change, the upstream release notes in https://github.com/util-linux/util-linux/blob/v2.39/Documentation/releases/v2.39-ReleaseNotes#L14-L21 mention that This change is very aggressive to libmount code, but hopefully, it does not introduce regressions in traditional mount(8) behavior. After observing following failure when booting a board using a bit older 6.1 series kernel together with initramfs rootfs based boot flow [FAILED] Failed to start Remount Root and Kernel File Systems. See 'systemctl status systemd-remount-fs.service' for details. closer inspection revealed: demoboard ~ # systemctl status -l systemd-remount-fs.service x systemd-remount-fs.service - Remount Root and Kernel File Systems Loaded: loaded (/usr/lib/systemd/system/systemd-remount-fs.service; enabled-runtime; preset: disabled) Active: failed (Result: exit-code) since Wed 2024-08-14 14:53:48 UTC; 1min 22s ago Docs: man:systemd-remount-fs.service(8) https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems Process: 76 ExecStart=/usr/lib/systemd/systemd-remount-fs (code=exited, status=1/FAILURE) Main PID: 76 (code=exited, status=1/FAILURE) Aug 14 14:53:48 demoboard systemd-remount-fs[76]: /usr/bin/mount for / exited with exit status 32. Aug 14 14:53:48 demoboard systemd-remount-fs[81]: mount: /: mount point not mounted or bad option. Aug 14 14:53:48 demoboard systemd-remount-fs[81]:dmesg(1) may have more information after failed mount system call. Aug 14 14:53:48 demoboard systemd[1]: systemd-remount-fs.service: Main process exited, code=exited, status=1/FAILURE Aug 14 14:53:48 demoboard systemd[1]: systemd-remount-fs.service: Failed with result 'exit-code'. Aug 14 14:53:48 demoboard systemd[1]: Failed to start Remount Root and Kernel File Systems. also consequentially, 'systemctl status' reported: State: degraded When issuing 'strace -ff mount -o remount /' the failure occurred at mount_setattr(3, "", AT_EMPTY_PATH, {attr_set=MOUNT_ATTR_RDONLY|MOUNT_ATTR_NOATIME|MOUNT_ATTR_NODIRATIME, attr_clr=MOUNT_ATTR_NOSUID|MOUNT_ATTR_NODEV|MOUNT_ATTR_NOEXEC|MOUNT_ATTR_NOATIME|MOUNT_ATTR_STRICTATIME|MOUNT_ATTR_NOSYMFOLLOW|0x40, propagation=0 /* MS_??? */, userns_fd=0}, 32) = -1 EINVAL (Invalid argument) After further investigation, The issue was pinpointed to lack of Linux kernel commit https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=95de4ad173ca0e61034f3145d66917970961c210 ("fs: relax mount_setattr() permission checks") in the kernel version that was being used. Above mitigation was discussed in email related to then-rejected CVE-2024-26821: https://lore.kernel.org/linux-cve-announce/2024051606-imaging-entrench-b327@gregkh/T/ After testing with qemuarm64 machine different linux-yocto versions, it was observed that the issue impacts following versions of currently supported LTS kernels: - 6.6.17 (fixed since 6.6.18 i.e. mount_setattr() returns 0) - 6.1.78 (fixed since 6.1.79 i.e. mount_setattr() returns 0) - 5.15.164 which is currently the newest of 5.15.y series (i.e. no known working version) Taking the above findings into consideration, add a new PACKAGECONFIG option which allows to conveniently opt-out from prematurely using a feature which can cause issues with a bit older kernels. Versions 5.10.223, 5.4.279 and 4.10.317 were also tested but the issue was not reproduced with those versions - using strace showed that the mount_setattr call associated with the new mount API problem was not issued with these LTS kernel versions, which seemed to be confirmed also by following libmount debug message in these cases: 415: libmount: HOOK: [0x7fa115e818]: failed to init new API Note: In addition to the aforementioned, this change was tested also briefly using the current latest kernel versions 6.1.104, 6.6.45 and 6.10.3 that using the old mount API with newest kernels did not introduce any observable regression to the boot flow. Signed-off-by: Niko Mauno --- meta/recipes-core/util-linux/util-linux_2.40.1.bb | 7 +++ 1 file changed, 7 insertions(+) diff --git a/meta/recipes-core/util-linux/util-linux_2.40.1.bb b/meta/recipes-core/util-linux/util-linux_2.40.1.bb index a1aab94055..e87657cc70 100644 --- a/meta/recipes-core/util-linux/util-linux_2.40.1.bb +++ b/meta/recipes-core/util-linux/util-linux_2.40.1.bb @@ -107,6 +107,13 @@ PACKAGECONFIG[cryptsetup] = "--with-cryptsetup,--without-cryptsetup,crypt
[OE-core] [PATCH v4] util-linux: Add PACKAGECONFIG option to mitigate rootfs remount error
The 2.39 version of util-linux took new file descriptors based mount kernel API into use. In relation to this change, the upstream release notes in https://github.com/util-linux/util-linux/blob/v2.39/Documentation/releases/v2.39-ReleaseNotes#L14-L21 mention that This change is very aggressive to libmount code, but hopefully, it does not introduce regressions in traditional mount(8) behavior. After observing following failure when booting a board using a bit older 6.1 series kernel together with initramfs rootfs based boot flow [FAILED] Failed to start Remount Root and Kernel File Systems. See 'systemctl status systemd-remount-fs.service' for details. closer inspection revealed: demoboard ~ # systemctl status -l systemd-remount-fs.service x systemd-remount-fs.service - Remount Root and Kernel File Systems Loaded: loaded (/usr/lib/systemd/system/systemd-remount-fs.service; enabled-runtime; preset: disabled) Active: failed (Result: exit-code) since Wed 2024-08-14 14:53:48 UTC; 1min 22s ago Docs: man:systemd-remount-fs.service(8) https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems Process: 76 ExecStart=/usr/lib/systemd/systemd-remount-fs (code=exited, status=1/FAILURE) Main PID: 76 (code=exited, status=1/FAILURE) Aug 14 14:53:48 demoboard systemd-remount-fs[76]: /usr/bin/mount for / exited with exit status 32. Aug 14 14:53:48 demoboard systemd-remount-fs[81]: mount: /: mount point not mounted or bad option. Aug 14 14:53:48 demoboard systemd-remount-fs[81]:dmesg(1) may have more information after failed mount system call. Aug 14 14:53:48 demoboard systemd[1]: systemd-remount-fs.service: Main process exited, code=exited, status=1/FAILURE Aug 14 14:53:48 demoboard systemd[1]: systemd-remount-fs.service: Failed with result 'exit-code'. Aug 14 14:53:48 demoboard systemd[1]: Failed to start Remount Root and Kernel File Systems. also consequentially, 'systemctl status' reported: State: degraded When issuing 'strace -ff mount -o remount /' the failure occurred at mount_setattr(3, "", AT_EMPTY_PATH, {attr_set=MOUNT_ATTR_RDONLY|MOUNT_ATTR_NOATIME|MOUNT_ATTR_NODIRATIME, attr_clr=MOUNT_ATTR_NOSUID|MOUNT_ATTR_NODEV|MOUNT_ATTR_NOEXEC|MOUNT_ATTR_NOATIME|MOUNT_ATTR_STRICTATIME|MOUNT_ATTR_NOSYMFOLLOW|0x40, propagation=0 /* MS_??? */, userns_fd=0}, 32) = -1 EINVAL (Invalid argument) After further investigation, The issue was pinpointed to lack of Linux kernel commit https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=95de4ad173ca0e61034f3145d66917970961c210 ("fs: relax mount_setattr() permission checks") in the kernel version that was being used. Above mitigation was discussed in email related to then-rejected CVE-2024-26821: https://lore.kernel.org/linux-cve-announce/2024051606-imaging-entrench-b327@gregkh/T/ After testing with qemuarm64 machine different linux-yocto versions, it was observed that the issue impacts following versions of currently supported LTS kernels: - 6.6.17 (fixed since 6.6.18 i.e. mount_setattr() returns 0) - 6.1.78 (fixed since 6.1.79 i.e. mount_setattr() returns 0) - 5.15.164 which is currently the newest of 5.15.y series (i.e. no known working version) Taking the above findings into consideration, add a new PACKAGECONFIG option which allows to conveniently opt-out from prematurely using a feature which can cause issues with a bit older kernels. Versions 5.10.223, 5.4.279 and 4.10.317 were also tested but the issue was not reproduced with those versions - using strace showed that the mount_setattr call associated with the new mount API problem was not issued with these LTS kernel versions, which seemed to be confirmed also by following libmount debug message in these cases: 415: libmount: HOOK: [0x7fa115e818]: failed to init new API Note: In addition to the aforementioned, this change was tested also briefly using the current latest kernel versions 6.1.104, 6.6.45 and 6.10.3 that using the old mount API with newest kernels did not introduce any observable regression to the boot flow. Signed-off-by: Niko Mauno --- meta/recipes-core/util-linux/util-linux_2.40.1.bb | 7 +++ 1 file changed, 7 insertions(+) diff --git a/meta/recipes-core/util-linux/util-linux_2.40.1.bb b/meta/recipes-core/util-linux/util-linux_2.40.1.bb index a1aab94055..0b36df8e1b 100644 --- a/meta/recipes-core/util-linux/util-linux_2.40.1.bb +++ b/meta/recipes-core/util-linux/util-linux_2.40.1.bb @@ -107,6 +107,13 @@ PACKAGECONFIG[cryptsetup] = "--with-cryptsetup,--without-cryptsetup,cryptsetup" PACKAGECONFIG[chfn-chsh] = "--enable-chfn-chsh,--disable-chfn-chsh," PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux" PACKAGECONFIG[lastlog2] = "--enable-liblastlog2,--disable-liblastlog2,sqlite3" +# Using the new file descriptors based mount kernel API c
[OE-core] [PATCH v5] util-linux: Add PACKAGECONFIG option to mitigate rootfs remount error
The 2.39 version of util-linux took new file descriptors based mount kernel API into use. In relation to this change, the upstream release notes in https://github.com/util-linux/util-linux/blob/v2.39/Documentation/releases/v2.39-ReleaseNotes#L14-L21 mention that This change is very aggressive to libmount code, but hopefully, it does not introduce regressions in traditional mount(8) behavior. After observing following failure when booting a board using a bit older 6.1 series kernel together with initramfs rootfs based boot flow [FAILED] Failed to start Remount Root and Kernel File Systems. See 'systemctl status systemd-remount-fs.service' for details. closer inspection revealed: demoboard ~ # systemctl status -l systemd-remount-fs.service x systemd-remount-fs.service - Remount Root and Kernel File Systems Loaded: loaded (/usr/lib/systemd/system/systemd-remount-fs.service; enabled-runtime; preset: disabled) Active: failed (Result: exit-code) since Wed 2024-08-14 14:53:48 UTC; 1min 22s ago Docs: man:systemd-remount-fs.service(8) https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems Process: 76 ExecStart=/usr/lib/systemd/systemd-remount-fs (code=exited, status=1/FAILURE) Main PID: 76 (code=exited, status=1/FAILURE) Aug 14 14:53:48 demoboard systemd-remount-fs[76]: /usr/bin/mount for / exited with exit status 32. Aug 14 14:53:48 demoboard systemd-remount-fs[81]: mount: /: mount point not mounted or bad option. Aug 14 14:53:48 demoboard systemd-remount-fs[81]:dmesg(1) may have more information after failed mount system call. Aug 14 14:53:48 demoboard systemd[1]: systemd-remount-fs.service: Main process exited, code=exited, status=1/FAILURE Aug 14 14:53:48 demoboard systemd[1]: systemd-remount-fs.service: Failed with result 'exit-code'. Aug 14 14:53:48 demoboard systemd[1]: Failed to start Remount Root and Kernel File Systems. also consequentially, 'systemctl status' reported: State: degraded When issuing 'strace -ff mount -o remount /' the failure occurred at mount_setattr(3, "", AT_EMPTY_PATH, {attr_set=MOUNT_ATTR_RDONLY|MOUNT_ATTR_NOATIME|MOUNT_ATTR_NODIRATIME, attr_clr=MOUNT_ATTR_NOSUID|MOUNT_ATTR_NODEV|MOUNT_ATTR_NOEXEC|MOUNT_ATTR_NOATIME|MOUNT_ATTR_STRICTATIME|MOUNT_ATTR_NOSYMFOLLOW|0x40, propagation=0 /* MS_??? */, userns_fd=0}, 32) = -1 EINVAL (Invalid argument) After further investigation, The issue was pinpointed to lack of Linux kernel commit https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=95de4ad173ca0e61034f3145d66917970961c210 ("fs: relax mount_setattr() permission checks") in the kernel version that was being used. Above mitigation was discussed in email related to then-rejected CVE-2024-26821: https://lore.kernel.org/linux-cve-announce/2024051606-imaging-entrench-b327@gregkh/T/ After testing with qemuarm64 machine different linux-yocto versions, it was observed that the issue impacts following versions of currently supported LTS kernels: - 6.6.17 (fixed since 6.6.18 i.e. mount_setattr() returns 0) - 6.1.78 (fixed since 6.1.79 i.e. mount_setattr() returns 0) - 5.15.164 which is currently the newest of 5.15.y series (i.e. no known working version) Taking the above findings into consideration, add a new PACKAGECONFIG option removing which enables users to opt-out from using the feature which can cause issues with a bit older kernels. Versions 5.10.223, 5.4.279 and 4.10.317 were also tested but the issue was not reproduced with those versions - using strace showed that the mount_setattr call associated with the new mount API problem was not issued with these LTS kernel versions, which seemed to be confirmed also by following libmount debug message in these cases: 415: libmount: HOOK: [0x7fa115e818]: failed to init new API Note: In addition to the aforementioned, this change was tested also briefly using the current latest kernel versions 6.1.104, 6.6.45 and 6.10.3 that using the old mount API with newest kernels did not introduce any observable regression to the boot flow. Signed-off-by: Niko Mauno --- .../util-linux/util-linux_2.40.1.bb | 17 +++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/meta/recipes-core/util-linux/util-linux_2.40.1.bb b/meta/recipes-core/util-linux/util-linux_2.40.1.bb index a1aab94055..ef2384fe52 100644 --- a/meta/recipes-core/util-linux/util-linux_2.40.1.bb +++ b/meta/recipes-core/util-linux/util-linux_2.40.1.bb @@ -89,8 +89,14 @@ EXTRA_OECONF:append = " --disable-hwclock-gplv3" # this helps to keep same expectations when using the SDK or # build host versions during development # -PACKAGECONFIG ?= "pcre2" -PACKAGECONFIG:class-target ?= "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'chfn-chsh pam lastlog2', '', d)}" +P
Re: [OE-core] [PATCH v4] util-linux: Add PACKAGECONFIG option to mitigate rootfs remount error
On 8/19/24 18:23, Peter Kjellerstedt wrote: Please avoid negative PACKAGECONFIGs. Instead use: PACKAGECONFIG[new-mount-api] = "--enable-libmount-mountfd-support,--disable-libmount-mountfd-support" and add "new-mount-api" to the default for PACKAGECONFIG. Also, how long will the "new" in "new-mount-api" be valid, i.e., what happens when the next mount API comes along? It might be better to match the feature name to the configuration option, e.g.: PACKAGECONFIG[libmount-mountfd-support] = "--enable-libmount-mountfd-support,--disable-libmount-mountfd-support" Thanks, updated accordingly to latter in v5.-Niko -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#203519): https://lists.openembedded.org/g/openembedded-core/message/203519 Mute This Topic: https://lists.openembedded.org/mt/107977721/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH v5] util-linux: Add PACKAGECONFIG option to mitigate rootfs remount error
On 20.8.2024 22.19, Alexandre Belloni wrote: Hello, arm64 fails to build with this patch: https://autobuilder.yoctoproject.org/typhoon/#/builders/42/builds/9356/steps/13/logs/stdio https://autobuilder.yoctoproject.org/typhoon/#/builders/131/builds/4727/steps/13/logs/stdio Thanks, indeed it seems that on the older Debian build host, the mountfd_api requirement fails for util-linux-native recipe: | configure: error: libmount_mountfd_support selected, but required mount FDs based API not available Ref. https://github.com/util-linux/util-linux/blob/v2.40.1/configure.ac#L1315 I.e. failure stems from the added explicit --enable-libmount-mountfd-support option that extends also to -native scope I wonder if there are any proposals? -Niko -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#203585): https://lists.openembedded.org/g/openembedded-core/message/203585 Mute This Topic: https://lists.openembedded.org/mt/107986659/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH v6] util-linux: Add PACKAGECONFIG option to mitigate rootfs remount error
The 2.39 version of util-linux took new file descriptors based mount kernel API into use. In relation to this change, the upstream release notes in https://github.com/util-linux/util-linux/blob/v2.39/Documentation/releases/v2.39-ReleaseNotes#L14-L21 mention that This change is very aggressive to libmount code, but hopefully, it does not introduce regressions in traditional mount(8) behavior. After observing following failure when booting a board using a bit older 6.1 series kernel together with initramfs rootfs based boot flow [FAILED] Failed to start Remount Root and Kernel File Systems. See 'systemctl status systemd-remount-fs.service' for details. closer inspection revealed: demoboard ~ # systemctl status -l systemd-remount-fs.service x systemd-remount-fs.service - Remount Root and Kernel File Systems Loaded: loaded (/usr/lib/systemd/system/systemd-remount-fs.service; enabled-runtime; preset: disabled) Active: failed (Result: exit-code) since Wed 2024-08-14 14:53:48 UTC; 1min 22s ago Docs: man:systemd-remount-fs.service(8) https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems Process: 76 ExecStart=/usr/lib/systemd/systemd-remount-fs (code=exited, status=1/FAILURE) Main PID: 76 (code=exited, status=1/FAILURE) Aug 14 14:53:48 demoboard systemd-remount-fs[76]: /usr/bin/mount for / exited with exit status 32. Aug 14 14:53:48 demoboard systemd-remount-fs[81]: mount: /: mount point not mounted or bad option. Aug 14 14:53:48 demoboard systemd-remount-fs[81]:dmesg(1) may have more information after failed mount system call. Aug 14 14:53:48 demoboard systemd[1]: systemd-remount-fs.service: Main process exited, code=exited, status=1/FAILURE Aug 14 14:53:48 demoboard systemd[1]: systemd-remount-fs.service: Failed with result 'exit-code'. Aug 14 14:53:48 demoboard systemd[1]: Failed to start Remount Root and Kernel File Systems. also consequentially, 'systemctl status' reported: State: degraded When issuing 'strace -ff mount -o remount /' the failure occurred at mount_setattr(3, "", AT_EMPTY_PATH, {attr_set=MOUNT_ATTR_RDONLY|MOUNT_ATTR_NOATIME|MOUNT_ATTR_NODIRATIME, attr_clr=MOUNT_ATTR_NOSUID|MOUNT_ATTR_NODEV|MOUNT_ATTR_NOEXEC|MOUNT_ATTR_NOATIME|MOUNT_ATTR_STRICTATIME|MOUNT_ATTR_NOSYMFOLLOW|0x40, propagation=0 /* MS_??? */, userns_fd=0}, 32) = -1 EINVAL (Invalid argument) After further investigation, The issue was pinpointed to lack of Linux kernel commit https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=95de4ad173ca0e61034f3145d66917970961c210 ("fs: relax mount_setattr() permission checks") in the kernel version that was being used. Above mitigation was discussed in email related to then-rejected CVE-2024-26821: https://lore.kernel.org/linux-cve-announce/2024051606-imaging-entrench-b327@gregkh/T/ After testing with qemuarm64 machine different linux-yocto versions, it was observed that the issue impacts following versions of currently supported LTS kernels: - 6.6.17 (fixed since 6.6.18 i.e. mount_setattr() returns 0) - 6.1.78 (fixed since 6.1.79 i.e. mount_setattr() returns 0) - 5.15.164 which is currently the newest of 5.15.y series (i.e. no known working version) Taking the above findings into consideration, add a new PACKAGECONFIG option removing which enables users to opt-out from using the feature which can cause issues with a bit older kernels. The option is enabled only for class-target here, since it otherwise causes following error during util-linux-native's do_configure task on Debian 11 build host (mountfd_api requirement fails): | configure: error: libmount_mountfd_support selected, but required mount FDs based API not available Versions 5.10.223, 5.4.279 and 4.10.317 were also tested with qemuarm64 but the issue was not reproduced with those versions - using strace showed that the mount_setattr call associated with the new mount API problem was not issued with these LTS kernel versions, which seemed to be confirmed also by following libmount debug message in these cases: 415: libmount: HOOK: [0x7fa115e818]: failed to init new API Note: In addition to the aforementioned, this change was tested also briefly using the current latest kernel versions 6.1.104, 6.6.45 and 6.10.3 that using the old mount API with newest kernels did not introduce any observable regression to the boot flow. Signed-off-by: Niko Mauno --- meta/recipes-core/util-linux/util-linux_2.40.1.bb | 12 +++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/meta/recipes-core/util-linux/util-linux_2.40.1.bb b/meta/recipes-core/util-linux/util-linux_2.40.1.bb index a1aab94055..a8e346539a 100644 --- a/meta/recipes-core/util-linux/util-linux_2.40.1.bb +++ b/meta/recipes-core/util-linux/util-linux_2.40.1.bb @@ -90,7 +90,10 @@ EXTRA_OECONF:append = " --disable-hwclock-gplv3&
Re: [OE-core] [PATCH v5] util-linux: Add PACKAGECONFIG option to mitigate rootfs remount error
Thanks, submitted v6 which adds the new PACKAGECONFIG option for class-target only. -Niko On 21.8.2024 15.17, Alexander Kanavin wrote: I guess this new API should not be enabled for -native variants? Alex On Wed, 21 Aug 2024 at 14:01, Niko Mauno via lists.openembedded.org wrote: On 20.8.2024 22.19, Alexandre Belloni wrote: Hello, arm64 fails to build with this patch: https://autobuilder.yoctoproject.org/typhoon/#/builders/42/builds/9356/steps/13/logs/stdio https://autobuilder.yoctoproject.org/typhoon/#/builders/131/builds/4727/steps/13/logs/stdio Thanks, indeed it seems that on the older Debian build host, the mountfd_api requirement fails for util-linux-native recipe: | configure: error: libmount_mountfd_support selected, but required mount FDs based API not available Ref. https://github.com/util-linux/util-linux/blob/v2.40.1/configure.ac#L1315 I.e. failure stems from the added explicit --enable-libmount-mountfd-support option that extends also to -native scope I wonder if there are any proposals? -Niko -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#203608): https://lists.openembedded.org/g/openembedded-core/message/203608 Mute This Topic: https://lists.openembedded.org/mt/107986659/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [scarthgap][PATCH] util-linux: Add PACKAGECONFIG option to mitigate rootfs remount error
The 2.39 version of util-linux took new file descriptors based mount kernel API into use. In relation to this change, the upstream release notes in https://github.com/util-linux/util-linux/blob/v2.39/Documentation/releases/v2.39-ReleaseNotes#L14-L21 mention that This change is very aggressive to libmount code, but hopefully, it does not introduce regressions in traditional mount(8) behavior. After observing following failure when booting a board using a bit older 6.1 series kernel together with initramfs rootfs based boot flow [FAILED] Failed to start Remount Root and Kernel File Systems. See 'systemctl status systemd-remount-fs.service' for details. closer inspection revealed: demoboard ~ # systemctl status -l systemd-remount-fs.service x systemd-remount-fs.service - Remount Root and Kernel File Systems Loaded: loaded (/usr/lib/systemd/system/systemd-remount-fs.service; enabled-runtime; preset: disabled) Active: failed (Result: exit-code) since Wed 2024-08-14 14:53:48 UTC; 1min 22s ago Docs: man:systemd-remount-fs.service(8) https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems Process: 76 ExecStart=/usr/lib/systemd/systemd-remount-fs (code=exited, status=1/FAILURE) Main PID: 76 (code=exited, status=1/FAILURE) Aug 14 14:53:48 demoboard systemd-remount-fs[76]: /usr/bin/mount for / exited with exit status 32. Aug 14 14:53:48 demoboard systemd-remount-fs[81]: mount: /: mount point not mounted or bad option. Aug 14 14:53:48 demoboard systemd-remount-fs[81]:dmesg(1) may have more information after failed mount system call. Aug 14 14:53:48 demoboard systemd[1]: systemd-remount-fs.service: Main process exited, code=exited, status=1/FAILURE Aug 14 14:53:48 demoboard systemd[1]: systemd-remount-fs.service: Failed with result 'exit-code'. Aug 14 14:53:48 demoboard systemd[1]: Failed to start Remount Root and Kernel File Systems. also consequentially, 'systemctl status' reported: State: degraded When issuing 'strace -ff mount -o remount /' the failure occurred at mount_setattr(3, "", AT_EMPTY_PATH, {attr_set=MOUNT_ATTR_RDONLY|MOUNT_ATTR_NOATIME|MOUNT_ATTR_NODIRATIME, attr_clr=MOUNT_ATTR_NOSUID|MOUNT_ATTR_NODEV|MOUNT_ATTR_NOEXEC|MOUNT_ATTR_NOATIME|MOUNT_ATTR_STRICTATIME|MOUNT_ATTR_NOSYMFOLLOW|0x40, propagation=0 /* MS_??? */, userns_fd=0}, 32) = -1 EINVAL (Invalid argument) After further investigation, The issue was pinpointed to lack of Linux kernel commit https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=95de4ad173ca0e61034f3145d66917970961c210 ("fs: relax mount_setattr() permission checks") in the kernel version that was being used. Above mitigation was discussed in email related to then-rejected CVE-2024-26821: https://lore.kernel.org/linux-cve-announce/2024051606-imaging-entrench-b327@gregkh/T/ After testing with qemuarm64 machine different linux-yocto versions, it was observed that the issue impacts following versions of currently supported LTS kernels: - 6.6.17 (fixed since 6.6.18 i.e. mount_setattr() returns 0) - 6.1.78 (fixed since 6.1.79 i.e. mount_setattr() returns 0) - 5.15.164 which is currently the newest of 5.15.y series (i.e. no known working version) Taking the above findings into consideration, add a new PACKAGECONFIG option removing which enables users to opt-out from using the feature which can cause issues with a bit older kernels. The option is enabled only for class-target here, since it otherwise causes following error during util-linux-native's do_configure task on Debian 11 build host (mountfd_api requirement fails): | configure: error: libmount_mountfd_support selected, but required mount FDs based API not available Versions 5.10.223, 5.4.279 and 4.10.317 were also tested with qemuarm64 but the issue was not reproduced with those versions - using strace showed that the mount_setattr call associated with the new mount API problem was not issued with these LTS kernel versions, which seemed to be confirmed also by following libmount debug message in these cases: 415: libmount: HOOK: [0x7fa115e818]: failed to init new API Note: In addition to the aforementioned, this change was tested also briefly using the current latest kernel versions 6.1.104, 6.6.45 and 6.10.3 that using the old mount API with newest kernels did not introduce any observable regression to the boot flow. (From OE-Core rev: dc086d9a8613143607af3583c72ed892e20b4d66) Signed-off-by: Niko Mauno Signed-off-by: Richard Purdie --- meta/recipes-core/util-linux/util-linux_2.39.3.bb | 12 +++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/meta/recipes-core/util-linux/util-linux_2.39.3.bb b/meta/recipes-core/util-linux/util-linux_2.39.3.bb index 83b3f4e05b..79ddf2d115 100644 --- a/meta/recipes-core/util-linux/util-linux_2.39.3.bb +++ b/meta/recipes-core/util-linux/util-linux_2.39.
[OE-core] [PATCH] icu: Fix 'buildpaths' QA error
Add stripping of STAGING_DIR_NATIVE during target/nativesdk specific do_install, which mitigates following BitBake failure: ERROR: icu-75-1-r0 do_package_qa: QA Issue: File /usr/lib/icu/75.1/pkgdata.inc in package icu-dev contains reference to TMPDIR [buildpaths] ERROR: icu-75-1-r0 do_package_qa: Fatal QA errors were found, failing task. While doing so, we also drop HOSTTOOLS_DIR stripping, as it's value does not appear in the content of either file that are manipulated here. Signed-off-by: Niko Mauno --- meta/recipes-support/icu/icu_75-1.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-support/icu/icu_75-1.bb b/meta/recipes-support/icu/icu_75-1.bb index 8f7f5e6cc7..9922469672 100644 --- a/meta/recipes-support/icu/icu_75-1.bb +++ b/meta/recipes-support/icu/icu_75-1.bb @@ -60,7 +60,7 @@ remove_build_host_references() { sed -i \ -e 's,--sysroot=${STAGING_DIR_TARGET},,g' \ -e 's|${DEBUG_PREFIX_MAP}||g' \ - -e 's:${HOSTTOOLS_DIR}/::g' \ + -e 's:${STAGING_DIR_NATIVE}::g' \ ${D}/${libdir}/${BPN}/${@icu_install_folder(d)}/Makefile.inc \ ${D}/${libdir}/${BPN}/${@icu_install_folder(d)}/pkgdata.inc } -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#203976): https://lists.openembedded.org/g/openembedded-core/message/203976 Mute This Topic: https://lists.openembedded.org/mt/108194777/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] iw: Fix LICENSE
The contents of the COPYING file included in the source code match those of ISC license: https://git.kernel.org/pub/scm/linux/kernel/git/jberg/iw.git/tree/COPYING?h=v6.9 which seems to have been in effect since 2008 commit https://git.kernel.org/pub/scm/linux/kernel/git/jberg/iw.git/commit?id=622c36ae94a880fb53f7f051f1b26616f5b553c1 ("license under ISC"). Signed-off-by: Niko Mauno --- meta/recipes-connectivity/iw/iw_6.9.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-connectivity/iw/iw_6.9.bb b/meta/recipes-connectivity/iw/iw_6.9.bb index dc570d1124..e34400e18b 100644 --- a/meta/recipes-connectivity/iw/iw_6.9.bb +++ b/meta/recipes-connectivity/iw/iw_6.9.bb @@ -4,7 +4,7 @@ wireless devices. It supports almost all new drivers that have been added \ to the kernel recently. " HOMEPAGE = "https://wireless.wiki.kernel.org/en/users/documentation/iw"; SECTION = "base" -LICENSE = "BSD-2-Clause" +LICENSE = "ISC" LIC_FILES_CHKSUM = "file://COPYING;md5=878618a5c4af25e9b93ef0be1a93f774" DEPENDS = "libnl" -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#203981): https://lists.openembedded.org/g/openembedded-core/message/203981 Mute This Topic: https://lists.openembedded.org/mt/108206266/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] dejagnu: Fix LICENSE
The contents of the COPYING file included in the current source code package match those of GPL-3.0-only license, which seems to have been the case since 2008 commit http://git.savannah.gnu.org/gitweb/?p=dejagnu.git;a=commitdiff;h=9bebe7b9bfb9b02e5e4d86ad74e8ce3eb32a36b9;hp=50fbdd118dba066e201c73a8b0155381cd65a32d ("* COPYING: Update to GPL version 3.") Signed-off-by: Niko Mauno --- meta/recipes-devtools/dejagnu/dejagnu_1.6.3.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-devtools/dejagnu/dejagnu_1.6.3.bb b/meta/recipes-devtools/dejagnu/dejagnu_1.6.3.bb index 895f6d3b36..c6002d5e45 100644 --- a/meta/recipes-devtools/dejagnu/dejagnu_1.6.3.bb +++ b/meta/recipes-devtools/dejagnu/dejagnu_1.6.3.bb @@ -2,7 +2,7 @@ SUMMARY = "GNU unit testing framework, written in Expect and Tcl" DESCRIPTION = "DejaGnu is a framework for testing other programs. Its purpose \ is to provide a single front end for all tests." HOMEPAGE = "https://www.gnu.org/software/dejagnu/"; -LICENSE = "GPL-2.0-only" +LICENSE = "GPL-3.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" SECTION = "devel" -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#204094): https://lists.openembedded.org/g/openembedded-core/message/204094 Mute This Topic: https://lists.openembedded.org/mt/108224636/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] rust-llvm: Allow overriding LLVM target archs
From: Niko Mauno Move the default value into a variable which can be overridden to match more accurately the use case specific scenario. Signed-off-by: Niko Mauno --- meta/recipes-devtools/rust/rust-llvm_1.70.0.bb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/meta/recipes-devtools/rust/rust-llvm_1.70.0.bb b/meta/recipes-devtools/rust/rust-llvm_1.70.0.bb index 57bbe79cdf..5bfc1faea8 100644 --- a/meta/recipes-devtools/rust/rust-llvm_1.70.0.bb +++ b/meta/recipes-devtools/rust/rust-llvm_1.70.0.bb @@ -30,9 +30,11 @@ CXXFLAGS:remove = "-g" LLVM_DIR = "llvm${LLVM_RELEASE}" +RUST_LLVM_TARGETS ?= "ARM;AArch64;Mips;PowerPC;RISCV;X86" + EXTRA_OECMAKE = " \ -DCMAKE_BUILD_TYPE=Release \ --DLLVM_TARGETS_TO_BUILD='ARM;AArch64;Mips;PowerPC;RISCV;X86' \ +-DLLVM_TARGETS_TO_BUILD='${RUST_LLVM_TARGETS}' \ -DLLVM_BUILD_DOCS=OFF \ -DLLVM_ENABLE_TERMINFO=OFF \ -DLLVM_ENABLE_ZLIB=OFF \ -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#191455): https://lists.openembedded.org/g/openembedded-core/message/191455 Mute This Topic: https://lists.openembedded.org/mt/102873673/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [kirkstone][PATCH] rust-llvm: Allow overriding LLVM target archs
From: Niko Mauno Move the default value into a variable which can be overridden to match more accurately the use case specific scenario. (From OE-Core rev: 645370e85d8742d0614cd52ca7507b5df2d38ad8) Signed-off-by: Niko Mauno Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie --- meta/recipes-devtools/rust/rust-llvm.inc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/meta/recipes-devtools/rust/rust-llvm.inc b/meta/recipes-devtools/rust/rust-llvm.inc index e645e7a7ac..416a07cd40 100644 --- a/meta/recipes-devtools/rust/rust-llvm.inc +++ b/meta/recipes-devtools/rust/rust-llvm.inc @@ -25,9 +25,11 @@ CXXFLAGS:remove = "-g" LLVM_DIR = "llvm${LLVM_RELEASE}" +RUST_LLVM_TARGETS ?= "ARM;AArch64;Mips;PowerPC;RISCV;X86" + EXTRA_OECMAKE = " \ -DCMAKE_BUILD_TYPE=Release \ --DLLVM_TARGETS_TO_BUILD='ARM;AArch64;Mips;PowerPC;RISCV;X86' \ +-DLLVM_TARGETS_TO_BUILD='${RUST_LLVM_TARGETS}' \ -DLLVM_BUILD_DOCS=OFF \ -DLLVM_ENABLE_TERMINFO=OFF \ -DLLVM_ENABLE_ZLIB=OFF \ -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#191738): https://lists.openembedded.org/g/openembedded-core/message/191738 Mute This Topic: https://lists.openembedded.org/mt/102970153/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [kirkstone][PATCH] openssl: Move microblaze to linux-latomic config
From: Mark Hatle When building with the previous a number of atomic functions come back as undefined. Switching to linux-latomic fixes this. (From OE-Core rev: 88d5bf78ffb1d120df48139b1ed3c2e3fa8310d0) Signed-off-by: Mark Hatle Signed-off-by: Mark Hatle Signed-off-by: Luca Ceresoli Signed-off-by: Richard Purdie --- meta/recipes-connectivity/openssl/openssl_3.0.8.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.8.bb b/meta/recipes-connectivity/openssl/openssl_3.0.8.bb index e1f30d7a47..82f3e18dd7 100644 --- a/meta/recipes-connectivity/openssl/openssl_3.0.8.bb +++ b/meta/recipes-connectivity/openssl/openssl_3.0.8.bb @@ -80,7 +80,7 @@ do_configure () { esac target="$os-${HOST_ARCH}" case $target in - linux-arc) + linux-arc | linux-microblaze*) target=linux-latomic ;; linux-arm*) @@ -108,7 +108,7 @@ do_configure () { linux-*-mips64 | linux-mips64 | linux-*-mips64el | linux-mips64el) target=linux64-mips64 ;; - linux-microblaze* | linux-nios2* | linux-sh3 | linux-sh4 | linux-arc*) + linux-nios2* | linux-sh3 | linux-sh4 | linux-arc*) target=linux-generic32 ;; linux-powerpc) -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#179943): https://lists.openembedded.org/g/openembedded-core/message/179943 Mute This Topic: https://lists.openembedded.org/mt/98215250/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [kirkstone][PATCH] gcc-runtime: Use static dummy libstdc++
From: Khem Raj some standalone targets e.g. riscv64-elf disable shared linking for baremetal ELF ABI in ld, therefore lets make it a static library (From OE-Core rev: 3c6219dfcbcbde314648ba8cc54a90b32ea1c952) Signed-off-by: Khem Raj Signed-off-by: Richard Purdie --- meta/recipes-devtools/gcc/gcc-runtime.inc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/meta/recipes-devtools/gcc/gcc-runtime.inc b/meta/recipes-devtools/gcc/gcc-runtime.inc index 8074bf1025..d019b0790b 100644 --- a/meta/recipes-devtools/gcc/gcc-runtime.inc +++ b/meta/recipes-devtools/gcc/gcc-runtime.inc @@ -68,7 +68,8 @@ do_configure () { # libstdc++ isn't built yet so CXX would error not able to find it which breaks stdc++'s configure # tests. Create a dummy empty lib for the purposes of configure. mkdir -p ${WORKDIR}/dummylib - ${CC} -x c /dev/null -nostartfiles -shared -o ${WORKDIR}/dummylib/libstdc++.so + ${CC} -x c /dev/null -c -o ${WORKDIR}/dummylib/dummylib.o + ${AR} rcs ${WORKDIR}/dummylib/libstdc++.a ${WORKDIR}/dummylib/dummylib.o for d in libgcc ${RUNTIMETARGET}; do echo "Configuring $d" rm -rf ${B}/${TARGET_SYS}/$d/ -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#181484): https://lists.openembedded.org/g/openembedded-core/message/181484 Mute This Topic: https://lists.openembedded.org/mt/98944818/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [kirkstone][PATCH] gcc-runtime: Use static dummy libstdc++
Hi Steve, I must admit this is surprising to me as I am unable to reproduce the failure You describe by issuing $ git checkout poky/kirkstone Note: switching to 'poky/kirkstone'. HEAD is now at f53ab3a2ff build-appliance-image: Update to kirkstone head revision $ git cherry-pick 591f14c698f43ca4ae6431c8cd96225d1ed5dbf5 Auto-merging meta/recipes-devtools/gcc/gcc-runtime.inc [detached HEAD 935862b25f] gcc-runtime: Use static dummy libstdc++ Author: Khem Raj Date: Sun Jul 24 08:10:21 2022 -0700 1 file changed, 2 insertions(+), 1 deletion(-) Could you provide any further pointers/hints regarding what could be wrong..? -Niko On 5/17/23 18:21, Steve Sakoman wrote: This patch does not apply to current kirkstone HEAD: Applying: gcc-runtime: Use static dummy libstdc++ Using index info to reconstruct a base tree... M meta/recipes-devtools/gcc/gcc-runtime.inc Falling back to patching base and 3-way merge... Auto-merging meta/recipes-devtools/gcc/gcc-runtime.inc CONFLICT (content): Merge conflict in meta/recipes-devtools/gcc/gcc-runtime.inc error: Failed to merge in the changes. Patch failed at 0001 gcc-runtime: Use static dummy libstdc++ Steve On Wed, May 17, 2023 at 12:06 AM Niko Mauno via lists.openembedded.org wrote: From: Khem Raj some standalone targets e.g. riscv64-elf disable shared linking for baremetal ELF ABI in ld, therefore lets make it a static library (From OE-Core rev: 3c6219dfcbcbde314648ba8cc54a90b32ea1c952) Signed-off-by: Khem Raj Signed-off-by: Richard Purdie --- meta/recipes-devtools/gcc/gcc-runtime.inc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/meta/recipes-devtools/gcc/gcc-runtime.inc b/meta/recipes-devtools/gcc/gcc-runtime.inc index 8074bf1025..d019b0790b 100644 --- a/meta/recipes-devtools/gcc/gcc-runtime.inc +++ b/meta/recipes-devtools/gcc/gcc-runtime.inc @@ -68,7 +68,8 @@ do_configure () { # libstdc++ isn't built yet so CXX would error not able to find it which breaks stdc++'s configure # tests. Create a dummy empty lib for the purposes of configure. mkdir -p ${WORKDIR}/dummylib - ${CC} -x c /dev/null -nostartfiles -shared -o ${WORKDIR}/dummylib/libstdc++.so + ${CC} -x c /dev/null -c -o ${WORKDIR}/dummylib/dummylib.o + ${AR} rcs ${WORKDIR}/dummylib/libstdc++.a ${WORKDIR}/dummylib/dummylib.o for d in libgcc ${RUNTIMETARGET}; do echo "Configuring $d" rm -rf ${B}/${TARGET_SYS}/$d/ -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#181498): https://lists.openembedded.org/g/openembedded-core/message/181498 Mute This Topic: https://lists.openembedded.org/mt/98944818/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] ref-manual: Fix invalid feature name
Replace the invalid feature name with correct one which helps to avoid following bitbake error ERROR: Nothing PROVIDES 'core-image-minimal' core-image-minimal was skipped: 'empty-root-passwd' in IMAGE_FEATURES (added via EXTRA_IMAGE_FEATURES) is not a valid image feature. Signed-off-by: Niko Mauno --- documentation/ref-manual/features.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/documentation/ref-manual/features.rst b/documentation/ref-manual/features.rst index 794a6fd15b..051bf9320a 100644 --- a/documentation/ref-manual/features.rst +++ b/documentation/ref-manual/features.rst @@ -294,11 +294,11 @@ Here are the image features available for all images: forced in ``/etc/passwd`` and ``/etc/shadow`` if such files exist. .. note:: - ``empty-root-passwd`` doesn't set an empty root password by itself. + ``empty-root-password`` doesn't set an empty root password by itself. You get an initial empty root password thanks to the :oe_git:`base-passwd ` and :oe_git:`shadow ` - recipes, and the presence of ``empty-root-passwd`` or ``debug-tweaks`` + recipes, and the presence of ``empty-root-password`` or ``debug-tweaks`` just disables the mechanism which forces an non-empty password for the root user. -- 2.39.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#177332): https://lists.openembedded.org/g/openembedded-core/message/177332 Mute This Topic: https://lists.openembedded.org/mt/97066768/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] ref-manual: Fix invalid feature name
On 20.2.2023 19.45, Michael Opdenacker wrote: Thanks for the patch! You also have an issue with the way your e-mails are received here. Here is a workaround: https://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded#Fixing_your_From_identity I fixed the commit manually, but doing this will help for next time. Thanks for pointing the issue Michael, I've now applied the mitigation. BR, Niko -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#177491): https://lists.openembedded.org/g/openembedded-core/message/177491 Mute This Topic: https://lists.openembedded.org/mt/97066768/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 1/4] package_rpm.bbclass: Fix some pycodestyle issues
From: Niko Mauno Fix following subset of observations reported by version 2.10.0 of pycodestyle utility: meta/classes-global/package_rpm.bbclass:65:46: E231 missing whitespace after ',' meta/classes-global/package_rpm.bbclass:66:46: E231 missing whitespace after ',' meta/classes-global/package_rpm.bbclass:107:19: E231 missing whitespace after ',' meta/classes-global/package_rpm.bbclass:109:69: E202 whitespace before ')' meta/classes-global/package_rpm.bbclass:122:103: W291 trailing whitespace meta/classes-global/package_rpm.bbclass:194:74: W291 trailing whitespace meta/classes-global/package_rpm.bbclass:448:16: E713 test for membership should be 'not in' meta/classes-global/package_rpm.bbclass:450:16: E713 test for membership should be 'not in' meta/classes-global/package_rpm.bbclass:520:1: W293 blank line contains whitespace meta/classes-global/package_rpm.bbclass:521:15: E231 missing whitespace after ',' meta/classes-global/package_rpm.bbclass:542:12: E713 test for membership should be 'not in' meta/classes-global/package_rpm.bbclass:544:12: E713 test for membership should be 'not in' meta/classes-global/package_rpm.bbclass:647:67: W291 trailing whitespace Signed-off-by: Niko Mauno --- meta/classes-global/package_rpm.bbclass | 26 - 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/meta/classes-global/package_rpm.bbclass b/meta/classes-global/package_rpm.bbclass index 85d0bd7fce..992446a033 100644 --- a/meta/classes-global/package_rpm.bbclass +++ b/meta/classes-global/package_rpm.bbclass @@ -62,8 +62,8 @@ def write_rpm_perfiledata(srcname, d): for dep in depends_dict: ver = depends_dict[dep] if dep and ver: -ver = ver.replace("(","") -ver = ver.replace(")","") +ver = ver.replace("(", "") +ver = ver.replace(")", "") outfile.write(dep + " " + ver + " ") else: outfile.write(dep + " ") @@ -104,9 +104,9 @@ python write_specfile () { import oe.packagedata # append information for logs and patches to %prep -def add_prep(d,spec_files_bottom): +def add_prep(d, spec_files_bottom): if d.getVarFlag('ARCHIVER_MODE', 'srpm') == '1' and bb.data.inherits_class('archiver', d): -spec_files_bottom.append('%%prep -n %s' % d.getVar('PN') ) +spec_files_bottom.append('%%prep -n %s' % d.getVar('PN')) spec_files_bottom.append('%s' % "echo \"include logs and patches, Please check them in SOURCES\"") spec_files_bottom.append('') @@ -119,7 +119,7 @@ python write_specfile () { source_list = os.listdir(ar_outdir) source_number = 0 for source in source_list: -# do_deploy_archives may have already run (from sstate) meaning a .src.rpm may already +# do_deploy_archives may have already run (from sstate) meaning a .src.rpm may already # exist in ARCHIVER_OUTDIR so skip if present. if source.endswith(".src.rpm"): continue @@ -191,7 +191,7 @@ python write_specfile () { def walk_files(walkpath, target, conffiles, dirfiles): # We can race against the ipk/deb backends which create CONTROL or DEBIAN directories -# when packaging. We just ignore these files which are created in +# when packaging. We just ignore these files which are created in # packages-split/ and not package/ # We have the odd situation where the CONTROL/DEBIAN directory can be removed in the middle of # of the walk, the isdir() test would then fail and the walk code would assume its a file @@ -445,9 +445,9 @@ python write_specfile () { rprovides = bb.utils.explode_dep_versions2(splitrprovides) rreplaces = bb.utils.explode_dep_versions2(splitrreplaces) for dep in rreplaces: -if not dep in robsoletes: +if dep not in robsoletes: robsoletes[dep] = rreplaces[dep] -if not dep in rprovides: +if dep not in rprovides: rprovides[dep] = rreplaces[dep] splitrobsoletes = bb.utils.join_deps(robsoletes, commasep=False) splitrprovides = bb.utils.join_deps(rprovides, commasep=False) @@ -517,8 +517,8 @@ python write_specfile () { spec_files_bottom.append('') del localdata - -add_prep(d,spec_files_bottom) + +add_prep(d, spe
[OE-core] [PATCH 2/4] package_rpm.bbclass: Minor cosmetic and style fixes
From: Niko Mauno Add the missing conventional space characters around bitbake variable assignment operators. Also fix a typo on a comment line. Signed-off-by: Niko Mauno --- meta/classes-global/package_rpm.bbclass | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/meta/classes-global/package_rpm.bbclass b/meta/classes-global/package_rpm.bbclass index 992446a033..402fa5c4e8 100644 --- a/meta/classes-global/package_rpm.bbclass +++ b/meta/classes-global/package_rpm.bbclass @@ -8,12 +8,12 @@ inherit package IMAGE_PKGTYPE ?= "rpm" -RPM="rpm" -RPMBUILD="rpmbuild" +RPM = "rpm" +RPMBUILD = "rpmbuild" PKGWRITEDIRRPM = "${WORKDIR}/deploy-rpms" -# Maintaining the perfile dependencies has singificant overhead when writing the +# Maintaining the perfile dependencies has significant overhead when writing the # packages. When set, this value merges them for efficiency. MERGEPERFILEDEPS = "1" -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#189521): https://lists.openembedded.org/g/openembedded-core/message/189521 Mute This Topic: https://lists.openembedded.org/mt/102080104/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 3/4] package_rpm.bbclass: Remove unused definitions
From: Niko Mauno Some local variables defined in do_package_rpm() are not referenced, so remove such dead code lines. Signed-off-by: Niko Mauno --- meta/classes-global/package_rpm.bbclass | 4 1 file changed, 4 deletions(-) diff --git a/meta/classes-global/package_rpm.bbclass b/meta/classes-global/package_rpm.bbclass index 402fa5c4e8..246106ea4f 100644 --- a/meta/classes-global/package_rpm.bbclass +++ b/meta/classes-global/package_rpm.bbclass @@ -633,7 +633,6 @@ python do_package_rpm () { workdir = d.getVar('WORKDIR') tmpdir = d.getVar('TMPDIR') pkgd = d.getVar('PKGD') -pkgdest = d.getVar('PKGDEST') if not workdir or not pkgd or not tmpdir: bb.error("Variables incorrectly set, unable to package") return @@ -660,8 +659,6 @@ python do_package_rpm () { # Setup the rpmbuild arguments... rpmbuild = d.getVar('RPMBUILD') -targetsys = d.getVar('TARGET_SYS') -targetvendor = d.getVar('HOST_VENDOR') # Too many places in dnf stack assume that arch-independent packages are "noarch". # Let's not fight against this. @@ -669,7 +666,6 @@ python do_package_rpm () { if package_arch == "all": package_arch = "noarch" -sdkpkgsuffix = (d.getVar('SDKPKGSUFFIX') or "nativesdk").replace("-", "_") d.setVar('PACKAGE_ARCH_EXTEND', package_arch) pkgwritedir = d.expand('${PKGWRITEDIRRPM}/${PACKAGE_ARCH_EXTEND}') d.setVar('RPM_PKGWRITEDIR', pkgwritedir) -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#189522): https://lists.openembedded.org/g/openembedded-core/message/189522 Mute This Topic: https://lists.openembedded.org/mt/102080112/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 4/4] package_rpm.bbclass: Support compression override
From: Niko Mauno Commit 4a4d5f78a6962dda5f63e9891825c80a8a87bf66 ("package_rpm: use zstd instead of xz") changed the rpm package compressor from 'xz' to 'zstd' which results in decompression failure with BusyBox-provided 'rpm2cpio' applet and 'rpm' applet when given the '-i' (Install package) option: rpm2cpio: no gzip/bzip2/xz magic In order to maintain compatibility with BusyBox introduce new variable which can be overridden like: RPM_COMPRESSION = "xz" to enable rpm decompression without including the full rpm package in the resulting root filesystem. Signed-off-by: Niko Mauno --- meta/classes-global/package_rpm.bbclass | 16 ++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/meta/classes-global/package_rpm.bbclass b/meta/classes-global/package_rpm.bbclass index 246106ea4f..da25b7682c 100644 --- a/meta/classes-global/package_rpm.bbclass +++ b/meta/classes-global/package_rpm.bbclass @@ -13,6 +13,9 @@ RPMBUILD = "rpmbuild" PKGWRITEDIRRPM = "${WORKDIR}/deploy-rpms" +# Override variable to use alternative 'xz' or 'none' compression +RPM_COMPRESSION ?= "zstd" + # Maintaining the perfile dependencies has significant overhead when writing the # packages. When set, this value merges them for efficiency. MERGEPERFILEDEPS = "1" @@ -659,6 +662,7 @@ python do_package_rpm () { # Setup the rpmbuild arguments... rpmbuild = d.getVar('RPMBUILD') +rpmcomp = d.getVar('RPM_COMPRESSION') # Too many places in dnf stack assume that arch-independent packages are "noarch". # Let's not fight against this. @@ -682,8 +686,16 @@ python do_package_rpm () { cmd = cmd + " --define '_use_internal_dependency_generator 0'" cmd = cmd + " --define '_binaries_in_noarch_packages_terminate_build 0'" cmd = cmd + " --define '_build_id_links none'" -cmd = cmd + " --define '_binary_payload w19T%d.zstdio'" % int(d.getVar("ZSTD_THREADS")) -cmd = cmd + " --define '_source_payload w19T%d.zstdio'" % int(d.getVar("ZSTD_THREADS")) +if rpmcomp == "zstd": +cmd = cmd + " --define '_binary_payload w19T%d.zstdio'" % int(d.getVar("ZSTD_THREADS")) +cmd = cmd + " --define '_source_payload w19T%d.zstdio'" % int(d.getVar("ZSTD_THREADS")) +elif rpmcomp == 'xz': +cmd = cmd + " --define '_binary_payload w6T%d.xzdio'" % int(d.getVar("XZ_THREADS")) +cmd = cmd + " --define '_source_payload w6T%d.xzdio'" % int(d.getVar("XZ_THREADS")) +elif rpmcomp == 'none': +pass +else: +bb.fatal('unsupported rpm compression method: "%s"' % rpmcomp) cmd = cmd + " --define 'clamp_mtime_to_source_date_epoch 1'" cmd = cmd + " --define 'use_source_date_epoch_as_buildtime 1'" cmd = cmd + " --define '_buildhost reproducible'" -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#189523): https://lists.openembedded.org/g/openembedded-core/message/189523 Mute This Topic: https://lists.openembedded.org/mt/102080114/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 4/4] package_rpm.bbclass: Support compression override
On 20.10.2023 16.00, Richard Purdie wrote: Is it common for people to need to manipulate rpms on target without rpm being present using busybox? Do you know if busybox plans to add zstd support? As far as I could tell when we looked at this, the rpm world was moving over to zstd so adding in conditional xz support for a limited use case probably just creates a maintenance headache going forward as it isn't something we test or plan to test? Are you using this on an LTS release or master? Hi Richard, After moving to Yocto Kirkstone (LTS) which we currently use, we started getting developer reports of 'no gzip/bzip2/xz magic' error from BusyBox applet. For example developer uploads an rpm file to target device and then unpacks it in runtime using 'rpm2cpio | cpio -idmv' command. We don't include rpm package on target filesystems as that would increase rootfs footprint approximately 5 MB. Including only rpm2cpio from rpm package needs still accompanying libraries, increasing the size by 2.5 MB approximately which also feels too big. I checked the discussions from BusyBox mailing list and found that in 2021 the maintainer seemed reluctant to accept the proposed zstd support because it was not optimized for embedded systems. http://lists.busybox.net/pipermail/busybox/2021-September/089179.html BR, Niko -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#189532): https://lists.openembedded.org/g/openembedded-core/message/189532 Mute This Topic: https://lists.openembedded.org/mt/102080114/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCHv2 1/4] package_rpm.bbclass: Fix some pycodestyle issues
From: Niko Mauno Fix following subset of observations reported by version 2.10.0 of pycodestyle utility: meta/classes-global/package_rpm.bbclass:65:46: E231 missing whitespace after ',' meta/classes-global/package_rpm.bbclass:66:46: E231 missing whitespace after ',' meta/classes-global/package_rpm.bbclass:107:19: E231 missing whitespace after ',' meta/classes-global/package_rpm.bbclass:109:69: E202 whitespace before ')' meta/classes-global/package_rpm.bbclass:122:103: W291 trailing whitespace meta/classes-global/package_rpm.bbclass:194:74: W291 trailing whitespace meta/classes-global/package_rpm.bbclass:448:16: E713 test for membership should be 'not in' meta/classes-global/package_rpm.bbclass:450:16: E713 test for membership should be 'not in' meta/classes-global/package_rpm.bbclass:520:1: W293 blank line contains whitespace meta/classes-global/package_rpm.bbclass:521:15: E231 missing whitespace after ',' meta/classes-global/package_rpm.bbclass:542:12: E713 test for membership should be 'not in' meta/classes-global/package_rpm.bbclass:544:12: E713 test for membership should be 'not in' meta/classes-global/package_rpm.bbclass:647:67: W291 trailing whitespace Signed-off-by: Niko Mauno --- meta/classes-global/package_rpm.bbclass | 26 - 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/meta/classes-global/package_rpm.bbclass b/meta/classes-global/package_rpm.bbclass index 85d0bd7fce..992446a033 100644 --- a/meta/classes-global/package_rpm.bbclass +++ b/meta/classes-global/package_rpm.bbclass @@ -62,8 +62,8 @@ def write_rpm_perfiledata(srcname, d): for dep in depends_dict: ver = depends_dict[dep] if dep and ver: -ver = ver.replace("(","") -ver = ver.replace(")","") +ver = ver.replace("(", "") +ver = ver.replace(")", "") outfile.write(dep + " " + ver + " ") else: outfile.write(dep + " ") @@ -104,9 +104,9 @@ python write_specfile () { import oe.packagedata # append information for logs and patches to %prep -def add_prep(d,spec_files_bottom): +def add_prep(d, spec_files_bottom): if d.getVarFlag('ARCHIVER_MODE', 'srpm') == '1' and bb.data.inherits_class('archiver', d): -spec_files_bottom.append('%%prep -n %s' % d.getVar('PN') ) +spec_files_bottom.append('%%prep -n %s' % d.getVar('PN')) spec_files_bottom.append('%s' % "echo \"include logs and patches, Please check them in SOURCES\"") spec_files_bottom.append('') @@ -119,7 +119,7 @@ python write_specfile () { source_list = os.listdir(ar_outdir) source_number = 0 for source in source_list: -# do_deploy_archives may have already run (from sstate) meaning a .src.rpm may already +# do_deploy_archives may have already run (from sstate) meaning a .src.rpm may already # exist in ARCHIVER_OUTDIR so skip if present. if source.endswith(".src.rpm"): continue @@ -191,7 +191,7 @@ python write_specfile () { def walk_files(walkpath, target, conffiles, dirfiles): # We can race against the ipk/deb backends which create CONTROL or DEBIAN directories -# when packaging. We just ignore these files which are created in +# when packaging. We just ignore these files which are created in # packages-split/ and not package/ # We have the odd situation where the CONTROL/DEBIAN directory can be removed in the middle of # of the walk, the isdir() test would then fail and the walk code would assume its a file @@ -445,9 +445,9 @@ python write_specfile () { rprovides = bb.utils.explode_dep_versions2(splitrprovides) rreplaces = bb.utils.explode_dep_versions2(splitrreplaces) for dep in rreplaces: -if not dep in robsoletes: +if dep not in robsoletes: robsoletes[dep] = rreplaces[dep] -if not dep in rprovides: +if dep not in rprovides: rprovides[dep] = rreplaces[dep] splitrobsoletes = bb.utils.join_deps(robsoletes, commasep=False) splitrprovides = bb.utils.join_deps(rprovides, commasep=False) @@ -517,8 +517,8 @@ python write_specfile () { spec_files_bottom.append('') del localdata - -add_prep(d,spec_files_bottom) + +add_prep(d, spe
[OE-core] [PATCHv2 2/4] package_rpm.bbclass: Minor cosmetic and style fixes
From: Niko Mauno Add the missing conventional space characters around bitbake variable assignment operators. Also fix a typo on a comment line. Signed-off-by: Niko Mauno --- meta/classes-global/package_rpm.bbclass | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/meta/classes-global/package_rpm.bbclass b/meta/classes-global/package_rpm.bbclass index 992446a033..402fa5c4e8 100644 --- a/meta/classes-global/package_rpm.bbclass +++ b/meta/classes-global/package_rpm.bbclass @@ -8,12 +8,12 @@ inherit package IMAGE_PKGTYPE ?= "rpm" -RPM="rpm" -RPMBUILD="rpmbuild" +RPM = "rpm" +RPMBUILD = "rpmbuild" PKGWRITEDIRRPM = "${WORKDIR}/deploy-rpms" -# Maintaining the perfile dependencies has singificant overhead when writing the +# Maintaining the perfile dependencies has significant overhead when writing the # packages. When set, this value merges them for efficiency. MERGEPERFILEDEPS = "1" -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#189595): https://lists.openembedded.org/g/openembedded-core/message/189595 Mute This Topic: https://lists.openembedded.org/mt/102102138/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCHv2 3/4] package_rpm.bbclass: Remove unused definitions
From: Niko Mauno Some local variables defined in do_package_rpm() are not referenced, so remove such dead code lines. Signed-off-by: Niko Mauno --- meta/classes-global/package_rpm.bbclass | 4 1 file changed, 4 deletions(-) diff --git a/meta/classes-global/package_rpm.bbclass b/meta/classes-global/package_rpm.bbclass index 402fa5c4e8..246106ea4f 100644 --- a/meta/classes-global/package_rpm.bbclass +++ b/meta/classes-global/package_rpm.bbclass @@ -633,7 +633,6 @@ python do_package_rpm () { workdir = d.getVar('WORKDIR') tmpdir = d.getVar('TMPDIR') pkgd = d.getVar('PKGD') -pkgdest = d.getVar('PKGDEST') if not workdir or not pkgd or not tmpdir: bb.error("Variables incorrectly set, unable to package") return @@ -660,8 +659,6 @@ python do_package_rpm () { # Setup the rpmbuild arguments... rpmbuild = d.getVar('RPMBUILD') -targetsys = d.getVar('TARGET_SYS') -targetvendor = d.getVar('HOST_VENDOR') # Too many places in dnf stack assume that arch-independent packages are "noarch". # Let's not fight against this. @@ -669,7 +666,6 @@ python do_package_rpm () { if package_arch == "all": package_arch = "noarch" -sdkpkgsuffix = (d.getVar('SDKPKGSUFFIX') or "nativesdk").replace("-", "_") d.setVar('PACKAGE_ARCH_EXTEND', package_arch) pkgwritedir = d.expand('${PKGWRITEDIRRPM}/${PACKAGE_ARCH_EXTEND}') d.setVar('RPM_PKGWRITEDIR', pkgwritedir) -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#189596): https://lists.openembedded.org/g/openembedded-core/message/189596 Mute This Topic: https://lists.openembedded.org/mt/102102139/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCHv2 4/4] package_rpm.bbclass: Allow compression mode override
From: Niko Mauno Commit 4a4d5f78a6962dda5f63e9891825c80a8a87bf66 ("package_rpm: use zstd instead of xz") changed the rpm package compressor from 'xz' to 'zstd' which results in decompression failure with BusyBox-provided 'rpm2cpio' applet and 'rpm' applet when given the '-i' (Install package) option: rpm2cpio: no gzip/bzip2/xz magic Introduce a variable which makes it possible to use a different compression mode, making it possible to override the default value for example like RPMBUILD_COMPMODE = "${@'w6T%d.xzdio' % int(d.getVar('XZ_THREADS'))}" to enable rpm decompression without including the full rpm package in the resulting root filesystem. Signed-off-by: Niko Mauno --- meta/classes-global/package_rpm.bbclass | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/meta/classes-global/package_rpm.bbclass b/meta/classes-global/package_rpm.bbclass index 246106ea4f..5d35962aff 100644 --- a/meta/classes-global/package_rpm.bbclass +++ b/meta/classes-global/package_rpm.bbclass @@ -10,6 +10,7 @@ IMAGE_PKGTYPE ?= "rpm" RPM = "rpm" RPMBUILD = "rpmbuild" +RPMBUILD_COMPMODE ?= "${@'w19T%d.zstdio' % int(d.getVar('ZSTD_THREADS'))}" PKGWRITEDIRRPM = "${WORKDIR}/deploy-rpms" @@ -659,6 +660,7 @@ python do_package_rpm () { # Setup the rpmbuild arguments... rpmbuild = d.getVar('RPMBUILD') +rpmbuild_compmode = d.getVar('RPMBUILD_COMPMODE') # Too many places in dnf stack assume that arch-independent packages are "noarch". # Let's not fight against this. @@ -682,8 +684,8 @@ python do_package_rpm () { cmd = cmd + " --define '_use_internal_dependency_generator 0'" cmd = cmd + " --define '_binaries_in_noarch_packages_terminate_build 0'" cmd = cmd + " --define '_build_id_links none'" -cmd = cmd + " --define '_binary_payload w19T%d.zstdio'" % int(d.getVar("ZSTD_THREADS")) -cmd = cmd + " --define '_source_payload w19T%d.zstdio'" % int(d.getVar("ZSTD_THREADS")) +cmd = cmd + " --define '_source_payload %s'" % rpmbuild_compmode +cmd = cmd + " --define '_binary_payload %s'" % rpmbuild_compmode cmd = cmd + " --define 'clamp_mtime_to_source_date_epoch 1'" cmd = cmd + " --define 'use_source_date_epoch_as_buildtime 1'" cmd = cmd + " --define '_buildhost reproducible'" -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#189597): https://lists.openembedded.org/g/openembedded-core/message/189597 Mute This Topic: https://lists.openembedded.org/mt/102102142/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 4/4] package_rpm.bbclass: Support compression override
On 10/20/23 16:00, Richard Purdie wrote: As far as I could tell when we looked at this, the rpm world was moving over to zstd so adding in conditional xz support for a limited use case probably just creates a maintenance headache going forward as it isn't something we test or plan to test? I now submitted a v2 for your consideration, but assuming it still introduces a maintenance challenge for YP, we will look into other means to work around the issue. -Niko -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#189598): https://lists.openembedded.org/g/openembedded-core/message/189598 Mute This Topic: https://lists.openembedded.org/mt/102080114/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 4/4] package_rpm.bbclass: Support compression override
On 20.10.2023 19.34, Khem Raj wrote: > it seems you are quite sensitive to size, I wonder if opkg backend is > better suited for your usecase than rpm. Hi Khem, thanks for the idea. We used opkg a few years ago, however certain technical reasons were in favor of rpm which we have used since. Perhaps we have a bit different view, smaller image means for us spending less time building, booting and flashing firmware (i.e. not just disk space consumption alone). -Niko -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#189644): https://lists.openembedded.org/g/openembedded-core/message/189644 Mute This Topic: https://lists.openembedded.org/mt/102080114/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [kirkstone][PATCH] package_rpm: Allow compression mode override
From: Niko Mauno Commit 4a4d5f78a6962dda5f63e9891825c80a8a87bf66 ("package_rpm: use zstd instead of xz") changed the rpm package compressor from 'xz' to 'zstd' which results in decompression failure with BusyBox-provided 'rpm2cpio' applet and 'rpm' applet when given the '-i' (Install package) option: rpm2cpio: no gzip/bzip2/xz magic Introduce a variable which makes it possible to use a different compression mode, making it possible to override the default value for example like RPMBUILD_COMPMODE = "${@'w6T%d.xzdio' % int(d.getVar('XZ_THREADS'))}" to enable rpm decompression without including the full rpm package in the resulting root filesystem. (From OE-Core rev: a40d9258148e28cbee2168c93179cd4c1232fb62) Signed-off-by: Niko Mauno Signed-off-by: Richard Purdie --- meta/classes/package_rpm.bbclass | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/meta/classes/package_rpm.bbclass b/meta/classes/package_rpm.bbclass index bbbef3793f..f403af5343 100644 --- a/meta/classes/package_rpm.bbclass +++ b/meta/classes/package_rpm.bbclass @@ -4,6 +4,7 @@ IMAGE_PKGTYPE ?= "rpm" RPM="rpm" RPMBUILD="rpmbuild" +RPMBUILD_COMPMODE ?= "${@'w19T%d.zstdio' % int(d.getVar('ZSTD_THREADS'))}" PKGWRITEDIRRPM = "${WORKDIR}/deploy-rpms" @@ -652,6 +653,7 @@ python do_package_rpm () { # Setup the rpmbuild arguments... rpmbuild = d.getVar('RPMBUILD') +rpmbuild_compmode = d.getVar('RPMBUILD_COMPMODE') targetsys = d.getVar('TARGET_SYS') targetvendor = d.getVar('HOST_VENDOR') @@ -678,8 +680,8 @@ python do_package_rpm () { cmd = cmd + " --define '_use_internal_dependency_generator 0'" cmd = cmd + " --define '_binaries_in_noarch_packages_terminate_build 0'" cmd = cmd + " --define '_build_id_links none'" -cmd = cmd + " --define '_binary_payload w19T%d.zstdio'" % int(d.getVar("ZSTD_THREADS")) -cmd = cmd + " --define '_source_payload w19T%d.zstdio'" % int(d.getVar("ZSTD_THREADS")) +cmd = cmd + " --define '_source_payload %s'" % rpmbuild_compmode +cmd = cmd + " --define '_binary_payload %s'" % rpmbuild_compmode cmd = cmd + " --define 'clamp_mtime_to_source_date_epoch 1'" cmd = cmd + " --define 'use_source_date_epoch_as_buildtime 1'" cmd = cmd + " --define '_buildhost reproducible'" -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#189734): https://lists.openembedded.org/g/openembedded-core/message/189734 Mute This Topic: https://lists.openembedded.org/mt/102203010/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] image_types.bbclass: Use xz default compression preset level
From: Niko Mauno Commit ef0654f1453ff0afe98d7e921626b2a96cf2f6f6 ("Set XZ_COMPRESSION_LEVEL to -9") changed the xz compression preset level from previous value of -3 to -9. The commit message explains that the change was made in order to be consistent with other compressors that also use their best compression. However looking at xz man page, under the compression preset level selection chapter there is mentioned that The differences between the presets are more significant than with gzip(1) and bzip2(1). The selected compression settings determine the memory requirements of the decompressor, thus using a too high preset level might make it painful to decompress the file on an old system with little RAM. Specifically, it's not a good idea to blindly use -9 for everything like it often is with gzip(1) and bzip2(1). which is then followed by a table, which mentions that the decompressor memory requirement for preset -9 is 65 MiB, whereas for xz default preset -6 it is just 9 MiB. Given that the use case where a device running a Yocto generated Linux OS decompresses an ext4 root filesystem image to non-volatile memory as part of firmware upgrade process is not far-fetched, and considering that a range of these devices can run low on available RAM when there are other applications running at the same time, the lower decompressor memory requirement of the default preset level makes sense in order to prevent an OOM situation from occurring. This change was tested on a 32 CPU core build host with 128 GB RAM by issuing $ bitbake -c cleansstate core-image-minimal core-image-sato $ time bitbake core-image-minimal $ time bitbake core-image-sato With MACHINE="qemux86-64" and IMAGE_FSTYPES="ext4 ext4.xz" using XZ_COMPRESSION_LEVEL values "-6" and "-9". In both cases the resulting 'ext4' image size remained same, 38141952 bytes for core-image-minimal, and 565043200 bytes for core-image-sato. The observation was that with this change there is a small increase in the resulting 'ext4.xz' file size, and a build speed improvement that was significant for larger rootfs image. core-image XZ real timetime deltaext4.xz size size delta --- minimal -9 0m44.992s 15932508 minimal -6 0m42.445s-5.66%16243484 +1.95% sato-9 2m40.828s 85080416 sato-6 1m38.891s -38.51%87447456 +2.78% Regarding decompression speed, issuing following command in qemux86-64 target OS $ time xz -dkc --memlimit=MEMLIMIT core-image-sato-qemux86-64.rootfs.ext4.xz > /dev/null using the lowest accepted value for MEMLIMIT for each case (providing a lower value caused xz to exit with 'Memory usage limit reached' error) showed that decompression time saw a minuscule improvement with the -6 compression preset level: XZ MEMLIMIT real time - -965M0m43.83s -6 9M0m43.28s (In the above tables, XZ refers to XZ_COMPRESSION_LEVEL value used when images were generated with Yocto). Signed-off-by: Niko Mauno --- meta/classes-recipe/image_types.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/classes-recipe/image_types.bbclass b/meta/classes-recipe/image_types.bbclass index 4aed64e27f..d615b41ed1 100644 --- a/meta/classes-recipe/image_types.bbclass +++ b/meta/classes-recipe/image_types.bbclass @@ -54,7 +54,7 @@ def imagetypes_getdepends(d): # Sort the set so that ordering is consistant return " ".join(sorted(deps)) -XZ_COMPRESSION_LEVEL ?= "-9" +XZ_COMPRESSION_LEVEL ?= "-6" XZ_INTEGRITY_CHECK ?= "crc32" ZIP_COMPRESSION_LEVEL ?= "-9" -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#189794): https://lists.openembedded.org/g/openembedded-core/message/189794 Mute This Topic: https://lists.openembedded.org/mt/102274378/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] ccache.conf: Remove obsolete configuration option
From: Niko Mauno Since ccache version 4.0, according to https://github.com/ccache/ccache/blob/master/doc/NEWS.adoc#ccache-40 * An appropriate cache directory level structure is now chosen automatically. The cache_dir_levels (CCACHE_NLEVELS) configuration option has therefore been removed. Therefore remove the option which has not been supported by ccache recipe version since Yocto Hardknott. Signed-off-by: Niko Mauno --- meta/conf/ccache.conf | 1 - 1 file changed, 1 deletion(-) diff --git a/meta/conf/ccache.conf b/meta/conf/ccache.conf index 931012dec9..4406ae561b 100644 --- a/meta/conf/ccache.conf +++ b/meta/conf/ccache.conf @@ -1,2 +1 @@ max_size = 0 -cache_dir_levels = 1 -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#189844): https://lists.openembedded.org/g/openembedded-core/message/189844 Mute This Topic: https://lists.openembedded.org/mt/102297730/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-