Re: [yocto] kirkstone meta-security branch
Hello Peter, On 6/5/23 4:31 AM, Peter Marko via lists.yoctoproject.org wrote: Hello maintainers, I'd be interested to know if meta-security repository for kirkstone is still maintained. Looking at commit history, there are only two commits since July 2022 (almost a year). Thanks for bringing this issue to my attention. I wouldn't say it rises to the level of Maintained but a best effort situation. Master tends to get all the attention. The mailing lists has several contributions meanwhile (list what I could find from 2023): - tpm2-tss: upgrade to 3.2.2 to fix CVE-2023-22745 <- this one from me I'd be interested to be picked - apparmor: fix ownership issues I have those now. Thanks for the reminder. - libmhash: add multilib header This is actually in Kirkstone. - dm-verity-img.bbclass: add squashfs images - Add EROFS support to dm-verity-img class I general, I do follow the OE or Yocto Project guidelines on style, patch format and stable process. So the dm changes sorta fall under new features but is more of a grey area as its an opt-in if one needs that support. I suspect while I was ponder that I got distracted by a shinny object and forgot to revisit the patches. Are we submitting these wrongly? The major of the issue will be landing on myself as I don' have my workflow sorted out correctly and I may miss things. I have found this message suggesting that this could be the case:https://lists.yoctoproject.org/g/yocto/message/59432 Maybe just adding [meta-security][kirkstone][PATCH] does not seem to be enough and we need to add sublayer like [meta-security][meta-tpm][kirkstone][PATCH]? Please advise as the README suggest that it's not needed... I would stick with what the README's have in them. BR, Armin Thanks, Peter -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#60208): https://lists.yoctoproject.org/g/yocto/message/60208 Mute This Topic: https://lists.yoctoproject.org/mt/99336201/21656 Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [yocto] kirkstone meta-security branch
Hi, On Mon, Jun 05, 2023 at 08:31:55AM +, Peter Marko via lists.yoctoproject.org wrote: > Hello maintainers, > > I'd be interested to know if meta-security repository for kirkstone is still > maintained. > Looking at commit history, there are only two commits since July 2022 (almost > a year). FWIW, meta-security master branch worked for me on kirkstone by adding "kirkstone" to LAYERSERIES_COMPAT in my own layer.conf (it is only possible to override other layers configuration in another layer config). This was the case for many other open source layers. The LTS branches are, as you noted as well, not really maintained. They are just old snapshots which work against the poky LTS branch. With some extra work like LAYERSERIES_COMPAT and a few patches here and there, I switched to using master branch with poky, meta-openembedded and meta-arm kirkstone branch, and eventually switched completely to poky master branch (currently mickledore). Yocto LTS branches are relatively new, and best practices around them have not yet formed, and there are very few maintainers for the less-used non-core meta layers. Thus I understand the release specific branches, but I would actually advice against using them, if they have not been touched in the past few months. That just shows that branch is really not maintained. As said, with some extra work, master branch of a meta layer can support multiple poky branches, master and LTS(es). I'm hope maintainers will at least accept patches which help supporting multiple releases from a single branch, even if they actively set LAYERSERIES_COMPAT in a way which breaks this and marks "using master branch on kirkstone" as "do it on your own risk". One of the major breaking issues has been bbappends to specific kernel or busybox versions when the applicaple version range is actually much broader. The compiler and other tooling version differences did not cause much issues, in my experience. Cheers, -Mikko -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#60178): https://lists.yoctoproject.org/g/yocto/message/60178 Mute This Topic: https://lists.yoctoproject.org/mt/99336201/21656 Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[yocto] kirkstone meta-security branch
Hello maintainers, I'd be interested to know if meta-security repository for kirkstone is still maintained. Looking at commit history, there are only two commits since July 2022 (almost a year). The mailing lists has several contributions meanwhile (list what I could find from 2023): - tpm2-tss: upgrade to 3.2.2 to fix CVE-2023-22745 <- this one from me I'd be interested to be picked - apparmor: fix ownership issues - libmhash: add multilib header - dm-verity-img.bbclass: add squashfs images - Add EROFS support to dm-verity-img class Are we submitting these wrongly? I have found this message suggesting that this could be the case: https://lists.yoctoproject.org/g/yocto/message/59432 Maybe just adding [meta-security][kirkstone][PATCH] does not seem to be enough and we need to add sublayer like [meta-security][meta-tpm][kirkstone][PATCH]? Please advise as the README suggest that it's not needed... Thanks, Peter -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#60177): https://lists.yoctoproject.org/g/yocto/message/60177 Mute This Topic: https://lists.yoctoproject.org/mt/99336201/21656 Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-