[yocto] Yocto Bitbake Error - rmp-native task failure
I gave bitbake for imx6qsabreauto command used bitbake -v tizen-common-core-image-minimal-dev below is the error section from the log + patch -p0 patch: Can't create file /tmp/tmpT3pUSD/poMZnbmM : No such file or directory + bb_exit_handler + ret=2 + echo WARNING: exit code 2 from a shell command. WARNING: exit code 2 from a shell command. + exit 2 ERROR: Function failed: do_prep (log file is located at /home/sfm/yocto_temp/build/tmp/work/i686-linux/rpm-native/git- r0/temp/log.do_patch.32228) /usr/bin/install -c -m 644 ./Lib/test/test_bool.py /home/sfm/yocto_temp/build/tmp/sysroots/i686-linux/usr/lib/python2.7/test ERROR: Logfile of failure stored in: /home/sfm/yocto_temp/build/tmp/work/i686-linux/rpm-native/git- r0/temp/log.do_patch.32228 NOTE: recipe rpm-native-git-r0: task do_patch: Failed ERROR: Task 85 (virtual:native:/home/sfm/yocto_temp/meta-tizen/recipes- tizen/rpm/rpm_git.bb, do_patch) failed with exit code '1' Error log from patch file + chmod -Rf a+rX,u+w,g-w,o-w /home/sfm/yocto_temp/build/tmp/work/i686-linux/rpm-native/git-r0/git + cp /home/sfm/yocto_temp/build/tmp/work/i686-linux/rpm-native/git- r0/git/packaging/rpm.manifest . + rm -rf sqlite + tar xjf /home/sfm/yocto_temp/build/tmp/work/i686-linux/rpm-native/git- r0/git/packaging/db-4.8.30.tar.bz2 + ln -s db-4.8.30 db + chmod -R u+w db/LICENSE db/README db/btree db/build_brew db/build_s60 db/build_unix db/build_vxworks db/build_wince db/build_windows db/clib db/common db/crypto db/csharp db/cxx db/db db/db185 db/db_archive db/db_checkpoint db/db_deadlock db/db_dump db/db_dump185 db/db_hotbackup db/db_load db/db_printlog db/db_recover db/db_sql db/db_stat db/db_upgrade db/db_verify db/dbinc db/dbinc_auto db/dbm db/dbreg db/dist db/docs db/docs_src db/env db/examples_c db/examples_csharp db/examples_cxx db/examples_java db/examples_stl db/fileops db/hash db/hmac db/hsearch db/java db/libdb_csharp db/libdb_java db/lock db/log db/mod_db4 db/mp db/mutex db/os db/os_brew db/os_qnx db/os_s60 db/os_vxworks db/os_windows db/perl db/php_db4 db/qam db/rep db/repmgr db/sequence db/stl db/tcl db/test db/test_micro db/test_stl db/txn + rm -f rpmdb/db.h + patch -p0 patch: Can't create file /tmp/tmpT3pUSD/poMZnbmM : No such file or directory + bb_exit_handler + ret=2 + echo WARNING: exit code 2 from a shell command. WARNING: exit code 2 from a shell command. + exit 2 + cd /home/sfm/yocto_temp/build/tmp/work/i686-linux/rpm-native/git-r0/git + do_prep + cd /home/sfm/yocto_temp/build/tmp/work/i686-linux/rpm-native/git-r0/git + chmod -Rf a+rX,u+w,g-w,o-w /home/sfm/yocto_temp/build/tmp/work/i686- linux/rpm-native/git-r0/git + cp /home/sfm/yocto_temp/build/tmp/work/i686-linux/rpm-native/git- r0/git/packaging/rpm.manifest . + rm -rf sqlite + tar xjf /home/sfm/yocto_temp/build/tmp/work/i686-linux/rpm-native/git- r0/git/packaging/db-4.8.30.tar.bz2 + ln -s db-4.8.30 db + chmod -R u+w db/LICENSE db/README db/btree db/build_brew db/build_s60 db/build_unix db/build_vxworks db/build_wince db/build_windows db/clib db/common db/crypto db/csharp db/cxx db/db db/db185 db/db_archive db/db_checkpoint db/db_deadlock db/db_dump db/db_dump185 db/db_hotbackup db/db_load db/db_printlog db/db_recover db/db_sql db/db_stat db/db_upgrade db/db_verify db/dbinc db/dbinc_auto db/dbm db/dbreg db/dist db/docs db/docs_src db/env db/examples_c db/examples_csharp db/examples_cxx db/examples_java db/examples_stl db/fileops db/hash db/hmac db/hsearch db/java db/libdb_csharp db/libdb_java db/lock db/log db/mod_db4 db/mp db/mutex db/os db/os_brew db/os_qnx db/os_s60 db/os_vxworks db/os_windows db/perl db/php_db4 db/qam db/rep db/repmgr db/sequence db/stl db/tcl db/test db/test_micro db/test_stl db/txn + rm -f rpmdb/db.h + patch -p0 patch: Can't create file /tmp/tmpT3pUSD/poMZnbmM : No such file or directory + bb_exit_handler + ret=2 + echo WARNING: exit code 2 from a shell command. WARNING: exit code 2 from a shell command. + exit 2 DEBUG: Python function do_patch finished ERROR: Function failed: do_prep (log file is located at /home/sfm/yocto_temp/build/tmp/work/i686-linux/rpm-native/git- r0/temp/log.do_patch.32228) can any one help on how to resolve this error -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-selinux][PATCH] libcap-ng: CVE-2014-3215
From: Shan Hai shan@windriver.com seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which makes it easier for local users to gain privileges by leveraging a program that mistakenly expected that it could permanently drop privileges. Pick a patch from below link to address the CVE-2014-3215. https://bugzilla.redhat.com/attachment.cgi?id=829864 Signed-off-by: Shan Hai shan@windriver.com Signed-off-by: Jackie Huang jackie.hu...@windriver.com --- .../libcap-ng/libcap-ng/CVE-2014-3215.patch| 79 ++ recipes-security/libcap-ng/libcap-ng_0.7.3.bb | 4 +- 2 files changed, 82 insertions(+), 1 deletion(-) create mode 100644 recipes-security/libcap-ng/libcap-ng/CVE-2014-3215.patch diff --git a/recipes-security/libcap-ng/libcap-ng/CVE-2014-3215.patch b/recipes-security/libcap-ng/libcap-ng/CVE-2014-3215.patch new file mode 100644 index 000..d7a868d --- /dev/null +++ b/recipes-security/libcap-ng/libcap-ng/CVE-2014-3215.patch @@ -0,0 +1,79 @@ +Upstream-Status: Pending + +diff --git a/docs/capng_lock.3 b/docs/capng_lock.3 +index 7683119..a070c1e 100644 +--- a/docs/capng_lock.3 b/docs/capng_lock.3 +@@ -8,12 +8,13 @@ int capng_lock(void); + + .SH DESCRIPTION + +-capng_lock will take steps to prevent children of the current process to regain full privileges if the uid is 0. This should be called while possessing the CAP_SETPCAP capability in the kernel. This function will do the following if permitted by the kernel: Set the NOROOT option on for PR_SET_SECUREBITS, set the NOROOT_LOCKED option to on for PR_SET_SECUREBITS, set the PR_NO_SETUID_FIXUP option on for PR_SET_SECUREBITS, and set the PR_NO_SETUID_FIXUP_LOCKED option on for PR_SET_SECUREBITS. ++capng_lock will take steps to prevent children of the current process from gaining privileges by executing setuid programs. This should be called while possessing the CAP_SETPCAP capability in the kernel. + ++This function will do the following if permitted by the kernel: If the kernel supports PR_SET_NO_NEW_PRIVS, it will use it. Otherwise it will set the NOROOT option on for PR_SET_SECUREBITS, set the NOROOT_LOCKED option to on for PR_SET_SECUREBITS, set the PR_NO_SETUID_FIXUP option on for PR_SET_SECUREBITS, and set the PR_NO_SETUID_FIXUP_LOCKED option on for PR_SET_SECUREBITS. If both fail, it will return an error. + + .SH RETURN VALUE + +-This returns 0 on success and a negative number on failure. -1 means a failure setting any of the PR_SET_SECUREBITS options. ++This returns 0 on success and a negative number on failure. -1 means a failure to use PR_SET_NO_NEW_PRIVS and a failure setting any of the PR_SET_SECUREBITS options. + + .SH SEE ALSO + +diff --git a/src/cap-ng.c b/src/cap-ng.c +index bd105ba..422f2bc 100644 +--- a/src/cap-ng.c b/src/cap-ng.c +@@ -45,6 +45,7 @@ + * 2.6.24 kernel XATTR_NAME_CAPS + * 2.6.25 kernel PR_CAPBSET_DROP, CAPABILITY_VERSION_2 + * 2.6.26 kernel PR_SET_SECUREBITS, SECURE_*_LOCKED, VERSION_3 ++ * 3.5kernel PR_SET_NO_NEW_PRIVS + */ + + /* External syscall prototypes */ +@@ -122,6 +123,14 @@ extern int capget(cap_user_header_t header, const cap_user_data_t data); + #define SECURE_NO_SETUID_FIXUP_LOCKED 3 /* make bit-2 immutable */ + #endif + ++/* prctl values that we use */ ++#ifndef PR_SET_SECUREBITS ++#define PR_SET_SECUREBITS 28 ++#endif ++#ifndef PR_SET_NO_NEW_PRIVS ++#define PR_SET_NO_NEW_PRIVS 38 ++#endif ++ + // States: new, allocated, initted, updated, applied + typedef enum { CAPNG_NEW, CAPNG_ERROR, CAPNG_ALLOCATED, CAPNG_INIT, + CAPNG_UPDATED, CAPNG_APPLIED } capng_states_t; +@@ -663,15 +672,22 @@ int capng_change_id(int uid, int gid, capng_flags_t flag) + + int capng_lock(void) + { +-#ifdef PR_SET_SECUREBITS +- int rc = prctl(PR_SET_SECUREBITS, +- 1 SECURE_NOROOT | +- 1 SECURE_NOROOT_LOCKED | +- 1 SECURE_NO_SETUID_FIXUP | +- 1 SECURE_NO_SETUID_FIXUP_LOCKED, 0, 0, 0); ++ int rc; ++ ++ // On Linux 3.5 and up, we can directly prevent ourselves and ++ // our descendents from gaining privileges. ++ if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) == 0) ++ return 0; ++ ++ // This kernel is too old or otherwise doesn't support ++ // PR_SET_NO_NEW_PRIVS. Fall back to using securebits. ++ rc = prctl(PR_SET_SECUREBITS, ++ 1 SECURE_NOROOT | ++ 1 SECURE_NOROOT_LOCKED | ++ 1 SECURE_NO_SETUID_FIXUP | ++ 1 SECURE_NO_SETUID_FIXUP_LOCKED, 0, 0, 0); + if (rc) + return -1; +-#endif + + return 0; + } diff --git a/recipes-security/libcap-ng/libcap-ng_0.7.3.bb b/recipes-security/libcap-ng/libcap-ng_0.7.3.bb index
Re: [yocto] Yocto Bitbake Error - rmp-native task failure
Good day Anoop, Error is from do_patch task for rpm-native unit: patch: Can't create file /tmp/tmpT3pUSD/poMZnbmM : No such file or directory Please verify in your recipe all the SRC_URIs (patches) to be applied. Could be that your SRCREV and patches are in conflict. The odd thing is why the patch -p0 is not specifying a patch file. To sum it up, please check the rpm-native recipe. Thanks, Joseph On Wed, Jul 23, 2014 at 2:51 PM, Anoop babu.an...@gmail.com wrote: I gave bitbake for imx6qsabreauto command used bitbake -v tizen-common-core-image-minimal-dev below is the error section from the log + patch -p0 patch: Can't create file /tmp/tmpT3pUSD/poMZnbmM : No such file or directory + bb_exit_handler + ret=2 + echo WARNING: exit code 2 from a shell command. WARNING: exit code 2 from a shell command. + exit 2 ERROR: Function failed: do_prep (log file is located at /home/sfm/yocto_temp/build/tmp/work/i686-linux/rpm-native/git- r0/temp/log.do_patch.32228) /usr/bin/install -c -m 644 ./Lib/test/test_bool.py /home/sfm/yocto_temp/build/tmp/sysroots/i686-linux/usr/lib/python2.7/test ERROR: Logfile of failure stored in: /home/sfm/yocto_temp/build/tmp/work/i686-linux/rpm-native/git- r0/temp/log.do_patch.32228 NOTE: recipe rpm-native-git-r0: task do_patch: Failed ERROR: Task 85 (virtual:native:/home/sfm/yocto_temp/meta-tizen/recipes- tizen/rpm/rpm_git.bb, do_patch) failed with exit code '1' Error log from patch file + chmod -Rf a+rX,u+w,g-w,o-w /home/sfm/yocto_temp/build/tmp/work/i686-linux/rpm-native/git-r0/git + cp /home/sfm/yocto_temp/build/tmp/work/i686-linux/rpm-native/git- r0/git/packaging/rpm.manifest . + rm -rf sqlite + tar xjf /home/sfm/yocto_temp/build/tmp/work/i686-linux/rpm-native/git- r0/git/packaging/db-4.8.30.tar.bz2 + ln -s db-4.8.30 db + chmod -R u+w db/LICENSE db/README db/btree db/build_brew db/build_s60 db/build_unix db/build_vxworks db/build_wince db/build_windows db/clib db/common db/crypto db/csharp db/cxx db/db db/db185 db/db_archive db/db_checkpoint db/db_deadlock db/db_dump db/db_dump185 db/db_hotbackup db/db_load db/db_printlog db/db_recover db/db_sql db/db_stat db/db_upgrade db/db_verify db/dbinc db/dbinc_auto db/dbm db/dbreg db/dist db/docs db/docs_src db/env db/examples_c db/examples_csharp db/examples_cxx db/examples_java db/examples_stl db/fileops db/hash db/hmac db/hsearch db/java db/libdb_csharp db/libdb_java db/lock db/log db/mod_db4 db/mp db/mutex db/os db/os_brew db/os_qnx db/os_s60 db/os_vxworks db/os_windows db/perl db/php_db4 db/qam db/rep db/repmgr db/sequence db/stl db/tcl db/test db/test_micro db/test_stl db/txn + rm -f rpmdb/db.h + patch -p0 patch: Can't create file /tmp/tmpT3pUSD/poMZnbmM : No such file or directory + bb_exit_handler + ret=2 + echo WARNING: exit code 2 from a shell command. WARNING: exit code 2 from a shell command. + exit 2 + cd /home/sfm/yocto_temp/build/tmp/work/i686-linux/rpm-native/git-r0/git + do_prep + cd /home/sfm/yocto_temp/build/tmp/work/i686-linux/rpm-native/git-r0/git + chmod -Rf a+rX,u+w,g-w,o-w /home/sfm/yocto_temp/build/tmp/work/i686- linux/rpm-native/git-r0/git + cp /home/sfm/yocto_temp/build/tmp/work/i686-linux/rpm-native/git- r0/git/packaging/rpm.manifest . + rm -rf sqlite + tar xjf /home/sfm/yocto_temp/build/tmp/work/i686-linux/rpm-native/git- r0/git/packaging/db-4.8.30.tar.bz2 + ln -s db-4.8.30 db + chmod -R u+w db/LICENSE db/README db/btree db/build_brew db/build_s60 db/build_unix db/build_vxworks db/build_wince db/build_windows db/clib db/common db/crypto db/csharp db/cxx db/db db/db185 db/db_archive db/db_checkpoint db/db_deadlock db/db_dump db/db_dump185 db/db_hotbackup db/db_load db/db_printlog db/db_recover db/db_sql db/db_stat db/db_upgrade db/db_verify db/dbinc db/dbinc_auto db/dbm db/dbreg db/dist db/docs db/docs_src db/env db/examples_c db/examples_csharp db/examples_cxx db/examples_java db/examples_stl db/fileops db/hash db/hmac db/hsearch db/java db/libdb_csharp db/libdb_java db/lock db/log db/mod_db4 db/mp db/mutex db/os db/os_brew db/os_qnx db/os_s60 db/os_vxworks db/os_windows db/perl db/php_db4 db/qam db/rep db/repmgr db/sequence db/stl db/tcl db/test db/test_micro db/test_stl db/txn + rm -f rpmdb/db.h + patch -p0 patch: Can't create file /tmp/tmpT3pUSD/poMZnbmM : No such file or directory + bb_exit_handler + ret=2 + echo WARNING: exit code 2 from a shell command. WARNING: exit code 2 from a shell command. + exit 2 DEBUG: Python function do_patch finished ERROR: Function failed: do_prep (log file is located at /home/sfm/yocto_temp/build/tmp/work/i686-linux/rpm-native/git- r0/temp/log.do_patch.32228) can any one help on how to resolve this error -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto -- ___ yocto mailing list
Re: [yocto] Yocto Bitbake Error - rmp-native task failure
On 23 July 2014 07:51, Anoop babu.an...@gmail.com wrote: patch: Can't create file /tmp/tmpT3pUSD/poMZnbmM : No such file or directory This is a bug in the meta-tizen rpm package. Until they fix it you'll have to do bitbake rpm-native -cclean and then re-run bitbake tizen-common-core-image-minimal-dev. Ross -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] SDK not contianing archive libraries
Thanks for your reply Anooj. Apparently, based on my findings, the SDK contains libraries that are libtool archives, .la. For my part, I have used .a only which is not libtoolized. I'm finding a way how to make my unit generate a libtool archive. - Joseph On Wed, Jul 23, 2014 at 3:18 PM, Anooj Gopi anoojg...@gmail.com wrote: The package installed tmp/sysroot and your SDK sysroot are not same by default. You have to find in which package your .a files are. Adding it to TOOLCHAIN_HOST_TASK may help. I am not sure if this will help as I am currently through the similar issues. On Wed, Jul 23, 2014 at 5:20 AM, Joseph Andrew de la Peña jdelap...@lexmark.com wrote: Good day, I have bumped into a problem when compiling from my generated SDK (-c populate_sdk). I have archive libraries (.a) that were not reflected in my SDK's lib dir in sysroots. However, my shared objects (.so) are present. I needed both .a and .so to be present in my SDK. With the former being the problem, how can archive libraries be included in SDK? I've checked in my poky and all .a are installed successfully in tmp/sysroots. Thanks, Joseph -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] SDK not contianing archive libraries
On 23 July 2014 10:23, Joseph Andrew de la Peña jdelap...@lexmark.com wrote: Thanks for your reply Anooj. Apparently, based on my findings, the SDK contains libraries that are libtool archives, .la. For my part, I have used .a only which is not libtoolized. I'm finding a way how to make my unit generate a libtool archive. In general you don't need libtool archives. If you want .a files in the SDK for static linking then you want to add the recipe's -staticdev packages to the SDK. Ross -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] Yocto Bitbake Error - rmp-native task failure
Good day Joseph Andrew Thank you for the inputs. -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] Yocto Bitbake Error - rmp-native task failure
Burton, Ross ross.burton@... writes: On 23 July 2014 07:51, Anoop babu.anoop@... wrote: patch: Can't create file /tmp/tmpT3pUSD/poMZnbmM : No such file or directory This is a bug in the meta-tizen rpm package. Until they fix it you'll have to do bitbake rpm-native -cclean and then re-run bitbake tizen-common-core-image-minimal-dev. Ross Good day Ross Thank you for the inputs. So until I over come this error I need to do bitbake rpm-native -cclean and then re-run bitbake tizen-common-core-image-minimal-dev. ? I'm asking this since i'm continuously getting task error on meta-tizen rpm receipt. Best regards Anoop -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] Yocto Bitbake Error - rmp-native task failure
On 23 July 2014 11:00, Anoop babu.an...@gmail.com wrote: Thank you for the inputs. So until I over come this error I need to do bitbake rpm-native -cclean and then re-run bitbake tizen-common-core-image-minimal-dev. ? I'm asking this since i'm continuously getting task error on meta-tizen rpm receipt. That was how I fixed it when I hit this problem. I suggest contacting the maintainers of meta-tizen directly, they're probably not on this mailing list. Ross -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] Fwd: How to find the bb file from package name
On 22/07/2014 18:08, Anooj Gopi anoojg...@gmail.com wrote: Hello Bharath, This is already known to me. The confusion mainly here was because of the name of the rpm package. From the recipe expected name was nativesdk-qtbase-tools-dev-5.2.1-r1.i686_nativesdk.rpm but generated package name is nativesdk-libqt5core-dev-5.2.1-r1.i686_nativesdk.rpm which confused me. As Mr. Burton mentioned in his last mail, this was done by debian.bbclass, which makes our life more difficult. So I feel a tool to track this relations is really necessary, and I guess yocto has done this in Yocto 1.6 with toaster https://www.yoctoproject.org/documentation/toaster-manual (I still have to use it and see). Yes, Toaster tells you about the name change. Regards, Anooj On Tue, Jul 22, 2014 at 6:37 PM, Bharath Chandra ellurubharat...@gmail.com wrote: Hi, you can find it under .inc file here https://github.com/meta-qt5/meta-qt5/blob/daisy/recipes-qt/qt5/nativesdk-q tbase.inc PACKAGES = ${PN}-tools-dbg ${PN}-tools-dev ${PN}-tools-staticdev ${PN}-tools Thanks, Bharath On Tue, Jul 22, 2014 at 11:19 AM, Anooj Gopi anoojg...@gmail.com wrote: Oh sorry the link I sent was wrong. The correct one is https://github.com/meta-qt5/meta-qt5/blob/daisy/recipes-qt/qt5/nativesdk-q tbase_5.2.1.bb https://github.com/meta-qt5/meta-qt5/blob/daisy/recipes-qt/qt5/nativesdk- qtbase_5.2.1.bb Manually searching the bb/inc file did not help until this point. Now I enabled the build history (INHERIT += buildhistory BUILDHISTORY_FEATURES = image package sdk) and built the packages once again. Then searched for the package name as shown below cd build/buildhistory/packages grep -nri nativesdk-libqt5core-dev . ./i686-nativesdk-oesdk-linux/nativesdk-qtbase/nativesdk-qtbase-tools-dev/l atest:3:PKG = nativesdk-libqt5core-dev which shows that the yocto package is nativesdk-qtbase-tools-dev, which is provided by nativesdk-qtbase_5.2.1.bb http://nativesdk-qtbase_5.2.1.bb. But I'm still not able to find out where in yocto PKG variable is configured (which changes this rpm file name from the default one). On Tue, Jul 22, 2014 at 5:50 PM, Bharath Chandra ellurubharat...@gmail.com wrote: Hi Anooj, I guess you are looking at a wrong version of the recipe file, you have to look into version number 5.2.1 and revision r1 as your package name is suggesting but the link which you have mentioned is for 5.3.1 . Kindly, have a look into correct version number of recipe file and if you do not find any package name in the recipe file then you can search in .inc files which are included in that recipe file. for eg : require qt5-${PV}.inc You have to check in qt5-5.2.1.inc file and see if any package is included with the name which you are searching for. Thanks Regards, Bharath Chandra Elluru On Tue, Jul 22, 2014 at 6:52 AM, Anooj Gopi anoojg...@gmail.com wrote: Yes I am trying to track down the recipe from the rpm file. In my project yocto builds the rpm package nativesdk-libqt5core-dev-5.2.1-r1.i686_nativesdk.rpm (by https://github.com/meta-qt5/meta-qt5) but it is not included in my sdk sysroot image. So I would like to see how I could include this into my sdk. For that I am tracing back the recipe which generated the rpm. I tried as you said: From the source package name I can see it is from Source RPM : nativesdk-qtbase-5.2.1-r1.src.rpm, which means bb file is https://github.com/meta-qt5/meta-qt5/blob/master/recipes-qt/qt5/nativesdk- qtbase_5.3.1.bb https://github.com/meta-qt5/meta-qt5/blob/master/recipes-qt/qt5/nativesdk -qtbase_5.3.1.bb Now this from the bb file content I can see this file provides multiple packages, (for eg. nativesdk-qtbase-tools-dbg nativesdk-qtbase-tools-dev nativesdk-qtbase-tools-staticdev nativesdk-qtbase-tool) but I still could not find where it is configured to generate the package nativesdk-libqt5core-dev-5.2.1-r1.i686_nativesdk.rpm. As Belen in his last mail, the tools like Toaster could confirm this (by listing the packages generated from a bb file), but is there any way I can do it in Yocto Project 1.5? Regards, Anooj On Tue, Jul 22, 2014 at 11:15 AM, Burton, Ross ross.bur...@intel.com wrote: On 21 July 2014 16:39, Anooj Gopi anoojg...@gmail.com wrote: Could some one help me to understand how we could find the bb file which generated particular package (rpm package for eg.)? (In some cases the name of the package and recipe name differ drastically) Also is there any way to list packages (rpm) generated by particular recipe (yocto package) easily. (without looking into the PACKAGES variable). It's probably best if you explain exactly what you want to do. If you want to work backwards from a RPM to the recipe, then binary RPMs have a Source RPM metadata field and the srpm is named after the recipe: $ rpm -qpi connman-tests-1.24-r0.15.corei7_64.rpm | grep Source Source RPM : connman-1.24-r0.15.src.rpm Ross -- ___
Re: [yocto] SELinux doesn't work on t4240qds
I tried dora(poky + meta-selinux + meta-fsl-ppc), following error message appears during kernel boot up, please help. RAMDISK: gzip image found at block 0 VFS: Mounted root (ext2 filesystem) on device 1:0. devtmpfs: mounted Freeing unused kernel memory: 340k freed Mount failed for selinuxfs on /sys/fs/selinux: No such file or directory Unable to load SELinux Policy. Machine is in enforcing mode. Halting now. Kernel panic - not syncing: Attempted to kill init! exitcode=0x0100 Call Trace: [c002f9143ae0] [c0008b2c] .show_stack+0x7c/0x1f0 (unreliable) [c002f9143bb0] [c0816e48] .panic+0xec/0x24c [c002f9143c40] [c003d094] .do_exit+0x964/0xa40 [c002f9143d30] [c003e354] .do_group_exit+0x54/0xf0 [c002f9143dc0] [c003e404] .SyS_exit_group+0x14/0x20 [c002f9143e30] [c598] syscall_exit+0x0/0x88 Rebooting in 180 seconds.. Best Regards, Zhenhua -Original Message- From: yocto-boun...@yoctoproject.org [mailto:yocto- boun...@yoctoproject.org] On Behalf Of zhenhua@freescale.com Sent: Wednesday, July 23, 2014 10:29 AM To: Mark Hatle; yocto@yoctoproject.org Subject: Re: [yocto] SELinux doesn't work on t4240qds Hi Mark, Thanks for your comments. -Original Message- From: yocto-boun...@yoctoproject.org [mailto:yocto- boun...@yoctoproject.org] On Behalf Of Mark Hatle On 7/22/14, 10:11 AM, zhenhua@freescale.com wrote: Hi all, Which release are you using. [Luo Zhenhua-B19537] I tried poky daisy + meta-fsl-ppc master + meta- selinux master The last version I used w/ meta-selinux was the 1.5 release. We're planning on updating it to master in the 'near' future [patches welcome!], and I've been told by a few others of success w/ 1.7. [Luo Zhenhua-B19537] I will try master and dora. Did you enable the 'selinux' distribution flag? If so, it should have enabled all of the components necessary for this stuff to be enabled. [Luo Zhenhua-B19537] Yes, selinux is in DISTRO_FEATURES. Best Regards, Zhenhua --Mark I use the meta-selinux layer to build a core-image-selinux rootfs image, and build kernel with following options enabled. CONFIG_AUDIT=y CONFIG_NETWORK_SECMARK=y CONFIG_EXT2_FS_SECURITY=y CONFIG_EXT3_FS_SECURITY=y CONFIG_EXT4_FS_SECURITY=y CONFIG_JFS_SECURITY=y CONFIG_REISERFS_FS_SECURITY=y CONFIG_JFFS2_FS_SECURITY=y CONFIG_SECURITY_NETWORK=y CONFIG_SECURITY_SELINUX=y CONFIG_SECURITY_SELINUX_BOOTPARAM=y CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1 CONFIG_SECURITY_SELINUX_DISABLE=y CONFIG_SECURITY_SELINUX_DEVELOP=y CONFIG_SECURITY_SELINUX_AVC_STATS=y CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1 I use the generated images to boot up FSL PPC t4240qds board(tried both NFS boot and RAM boot with ext2.gz.u-boot rootfs), the SELinux is not turned on after kernel boot up. following is some information in rootfs. root@t4240qds:~# sestatus SELinux status: disabled root@t4240qds:~# root@t4240qds:~# cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=enforcing # SELINUXTYPE= can take one of these two values: # standard - Standard Security protection. # mls - Multi Level Security protection. SELINUXTYPE=mls root@t4240qds:~# cat /proc/cmdline root=/dev/ram rw console=ttyS0,115200 selinux=1 root@t4240qds:~# setenforce 1 setenforce: SELinux is disabled root@t4240qds:~# getenforce Disabled root@t4240qds:~# Can somebody shed some light on the issue? Best Regards, Zhenhua -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] SELinux doesn't work on t4240qds
On 7/22/14, 9:28 PM, zhenhua@freescale.com wrote: Hi Mark, Thanks for your comments. -Original Message- From: yocto-boun...@yoctoproject.org [mailto:yocto- boun...@yoctoproject.org] On Behalf Of Mark Hatle On 7/22/14, 10:11 AM, zhenhua@freescale.com wrote: Hi all, Which release are you using. [Luo Zhenhua-B19537] I tried poky daisy + meta-fsl-ppc master + meta-selinux master This makes me suspect a kernel issues. The last time I looked at meta-fsl-ppc, it had a custom kernel (didn't use the linux-yocto kernel). It appears (based on your original message) that all of the needed values were enabled: http://git.yoctoproject.org/cgit/cgit.cgi/meta-selinux/tree/recipes-kernel/linux/linux-yocto/selinux.cfg So I'm at a loss to explain the issue. The only other suggestion would be to pass 'selinux=1' or is it 'enforce=1' on the command line and see if that starts the system up in enforcing mode. The last version I used w/ meta-selinux was the 1.5 release. We're planning on updating it to master in the 'near' future [patches welcome!], and I've been told by a few others of success w/ 1.7. (I meant 1.6 above BTW, since there is no 1.7 yet.) [Luo Zhenhua-B19537] I will try master and dora. Try dora, it's possible there is something minor that isn't right. Did you enable the 'selinux' distribution flag? If so, it should have enabled all of the components necessary for this stuff to be enabled. [Luo Zhenhua-B19537] Yes, selinux is in DISTRO_FEATURES. That should be was was needed. The first boot should provision the system and reboot. After that things should be enabled and functional. --Mark Best Regards, Zhenhua --Mark I use the meta-selinux layer to build a core-image-selinux rootfs image, and build kernel with following options enabled. CONFIG_AUDIT=y CONFIG_NETWORK_SECMARK=y CONFIG_EXT2_FS_SECURITY=y CONFIG_EXT3_FS_SECURITY=y CONFIG_EXT4_FS_SECURITY=y CONFIG_JFS_SECURITY=y CONFIG_REISERFS_FS_SECURITY=y CONFIG_JFFS2_FS_SECURITY=y CONFIG_SECURITY_NETWORK=y CONFIG_SECURITY_SELINUX=y CONFIG_SECURITY_SELINUX_BOOTPARAM=y CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1 CONFIG_SECURITY_SELINUX_DISABLE=y CONFIG_SECURITY_SELINUX_DEVELOP=y CONFIG_SECURITY_SELINUX_AVC_STATS=y CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1 I use the generated images to boot up FSL PPC t4240qds board(tried both NFS boot and RAM boot with ext2.gz.u-boot rootfs), the SELinux is not turned on after kernel boot up. following is some information in rootfs. root@t4240qds:~# sestatus SELinux status: disabled root@t4240qds:~# root@t4240qds:~# cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=enforcing # SELINUXTYPE= can take one of these two values: # standard - Standard Security protection. # mls - Multi Level Security protection. SELINUXTYPE=mls root@t4240qds:~# cat /proc/cmdline root=/dev/ram rw console=ttyS0,115200 selinux=1 root@t4240qds:~# setenforce 1 setenforce: SELinux is disabled root@t4240qds:~# getenforce Disabled root@t4240qds:~# Can somebody shed some light on the issue? Best Regards, Zhenhua -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] SELinux doesn't work on t4240qds
On 7/23/14, 7:15 AM, zhenhua@freescale.com wrote: I tried dora(poky + meta-selinux + meta-fsl-ppc), following error message appears during kernel boot up, please help. RAMDISK: gzip image found at block 0 VFS: Mounted root (ext2 filesystem) on device 1:0. devtmpfs: mounted Freeing unused kernel memory: 340k freed Mount failed for selinuxfs on /sys/fs/selinux: No such file or directory Sounds like the selinuxfs was not enabled -- or the /sys/fs/selinux mount mount was not created by default. I'd start with suspecting the kernel configuration, and then look to see if the early init scripts for selinux are incorrect and need to add that mount mount. --Mark Unable to load SELinux Policy. Machine is in enforcing mode. Halting now. Kernel panic - not syncing: Attempted to kill init! exitcode=0x0100 Call Trace: [c002f9143ae0] [c0008b2c] .show_stack+0x7c/0x1f0 (unreliable) [c002f9143bb0] [c0816e48] .panic+0xec/0x24c [c002f9143c40] [c003d094] .do_exit+0x964/0xa40 [c002f9143d30] [c003e354] .do_group_exit+0x54/0xf0 [c002f9143dc0] [c003e404] .SyS_exit_group+0x14/0x20 [c002f9143e30] [c598] syscall_exit+0x0/0x88 Rebooting in 180 seconds.. Best Regards, Zhenhua -Original Message- From: yocto-boun...@yoctoproject.org [mailto:yocto- boun...@yoctoproject.org] On Behalf Of zhenhua@freescale.com Sent: Wednesday, July 23, 2014 10:29 AM To: Mark Hatle; yocto@yoctoproject.org Subject: Re: [yocto] SELinux doesn't work on t4240qds Hi Mark, Thanks for your comments. -Original Message- From: yocto-boun...@yoctoproject.org [mailto:yocto- boun...@yoctoproject.org] On Behalf Of Mark Hatle On 7/22/14, 10:11 AM, zhenhua@freescale.com wrote: Hi all, Which release are you using. [Luo Zhenhua-B19537] I tried poky daisy + meta-fsl-ppc master + meta- selinux master The last version I used w/ meta-selinux was the 1.5 release. We're planning on updating it to master in the 'near' future [patches welcome!], and I've been told by a few others of success w/ 1.7. [Luo Zhenhua-B19537] I will try master and dora. Did you enable the 'selinux' distribution flag? If so, it should have enabled all of the components necessary for this stuff to be enabled. [Luo Zhenhua-B19537] Yes, selinux is in DISTRO_FEATURES. Best Regards, Zhenhua --Mark I use the meta-selinux layer to build a core-image-selinux rootfs image, and build kernel with following options enabled. CONFIG_AUDIT=y CONFIG_NETWORK_SECMARK=y CONFIG_EXT2_FS_SECURITY=y CONFIG_EXT3_FS_SECURITY=y CONFIG_EXT4_FS_SECURITY=y CONFIG_JFS_SECURITY=y CONFIG_REISERFS_FS_SECURITY=y CONFIG_JFFS2_FS_SECURITY=y CONFIG_SECURITY_NETWORK=y CONFIG_SECURITY_SELINUX=y CONFIG_SECURITY_SELINUX_BOOTPARAM=y CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1 CONFIG_SECURITY_SELINUX_DISABLE=y CONFIG_SECURITY_SELINUX_DEVELOP=y CONFIG_SECURITY_SELINUX_AVC_STATS=y CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1 I use the generated images to boot up FSL PPC t4240qds board(tried both NFS boot and RAM boot with ext2.gz.u-boot rootfs), the SELinux is not turned on after kernel boot up. following is some information in rootfs. root@t4240qds:~# sestatus SELinux status: disabled root@t4240qds:~# root@t4240qds:~# cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=enforcing # SELINUXTYPE= can take one of these two values: # standard - Standard Security protection. # mls - Multi Level Security protection. SELINUXTYPE=mls root@t4240qds:~# cat /proc/cmdline root=/dev/ram rw console=ttyS0,115200 selinux=1 root@t4240qds:~# setenforce 1 setenforce: SELinux is disabled root@t4240qds:~# getenforce Disabled root@t4240qds:~# Can somebody shed some light on the issue? Best Regards, Zhenhua -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] cross - prelinker - new version available
A new version of the cross-prelinker has been pushed to the git repository (cross_prelink branch). I will work to get OE-Core/Poky updated in the next few days. Changes since the last version: commit faa069deec99bf61418d0bab831c83d7c1b797ca Author: Maciej W. Rozycki ma...@codesourcery.com Always create a conflict for R_ARM_TLS_DESC relocs commit 8291921c30800f397880547e107d890551acce26 Author: Mark Hatle mark.ha...@windriver.com Merge to upstream r209 commit a66330b87662f3a4db31c3978252b3f990108b6d Author: jakub jakub@94c539fb-cf18-0410-b60f-edeeb537fa16 * src/arch-s390.c (s390_prelink_conflict_rela): For R_390_IRELATIVE, always use that relocation type in the conflict section. commit 7895d947a47b8c42479870f039305583e5ac098e Author: jakub jakub@94c539fb-cf18-0410-b60f-edeeb537fa16 * testsuite/ifunc.h (IFUNC_ASM): Add s390x and s390 version. commit b8dbaadf503718a2a74e8dba144ed54ce62ba320 Author: jakub jakub@94c539fb-cf18-0410-b60f-edeeb537fa16 * src/arch-s390.c (s390_prelink_conflict_rela): Fix handling of R_390_IRELATIVE. * src/arch-s390x.c (s390x_prelink_conflict_rela): Likewise. -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] cross - prelinker - new version available
A new version of the cross-prelinker has been pushed to the git repository (cross_prelink branch). I will work to get OE-Core/Poky updated in the next few days. Changes since the last version: commit faa069deec99bf61418d0bab831c83d7c1b797ca Author: Maciej W. Rozycki ma...@codesourcery.com Always create a conflict for R_ARM_TLS_DESC relocs commit 8291921c30800f397880547e107d890551acce26 Author: Mark Hatle mark.ha...@windriver.com Merge to upstream r209 commit a66330b87662f3a4db31c3978252b3f990108b6d Author: jakub jakub@94c539fb-cf18-0410-b60f-edeeb537fa16 * src/arch-s390.c (s390_prelink_conflict_rela): For R_390_IRELATIVE, always use that relocation type in the conflict section. commit 7895d947a47b8c42479870f039305583e5ac098e Author: jakub jakub@94c539fb-cf18-0410-b60f-edeeb537fa16 * testsuite/ifunc.h (IFUNC_ASM): Add s390x and s390 version. commit b8dbaadf503718a2a74e8dba144ed54ce62ba320 Author: jakub jakub@94c539fb-cf18-0410-b60f-edeeb537fa16 * src/arch-s390.c (s390_prelink_conflict_rela): Fix handling of R_390_IRELATIVE. * src/arch-s390x.c (s390x_prelink_conflict_rela): Likewise. -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] [oe] [Yocto 1.6] PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
On Tue, Jul 22, 2014 at 4:07 PM, Kevyn-Alexandre Paré kap...@rogue-research.com wrote: Hi, Just trying to found what's missing for PAM to work so ssh will stop exiting with Broken pipe? Quick fix to solve ssh broken pipe is to change in /etc/ssh/sshd_config UsePAM yes to UsePAM no. But this does not remove my PAM error? Try the tweaks we did in angstrom for openssh and pam here https://github.com/Angstrom-distribution/meta-angstrom/tree/master/recipes-tweaks -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] cross - prelinker - new version available
A new version of the cross-prelinker has been pushed to the git repository (cross_prelink branch). I will work to get OE-Core/Poky updated in the next few days. Changes since the last version: commit faa069deec99bf61418d0bab831c83d7c1b797ca Author: Maciej W. Rozycki ma...@codesourcery.com Always create a conflict for R_ARM_TLS_DESC relocs commit 8291921c30800f397880547e107d890551acce26 Author: Mark Hatle mark.ha...@windriver.com Merge to upstream r209 commit a66330b87662f3a4db31c3978252b3f990108b6d Author: jakub jakub@94c539fb-cf18-0410-b60f-edeeb537fa16 * src/arch-s390.c (s390_prelink_conflict_rela): For R_390_IRELATIVE, always use that relocation type in the conflict section. commit 7895d947a47b8c42479870f039305583e5ac098e Author: jakub jakub@94c539fb-cf18-0410-b60f-edeeb537fa16 * testsuite/ifunc.h (IFUNC_ASM): Add s390x and s390 version. commit b8dbaadf503718a2a74e8dba144ed54ce62ba320 Author: jakub jakub@94c539fb-cf18-0410-b60f-edeeb537fa16 * src/arch-s390.c (s390_prelink_conflict_rela): Fix handling of R_390_IRELATIVE. * src/arch-s390x.c (s390x_prelink_conflict_rela): Likewise. -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] Yocto Bitbake Error - rmp-native task failure
On 23 July 2014 07:51, Anoop babu.an...@gmail.com wrote: patch: Can't create file /tmp/tmpT3pUSD/poMZnbmM : No such file or directory I just re-read this mail and remembered that this was a different problem with rpm-native, and I fixed it in oe-core/poky. Their fork of poky has been updated to incorporate the fix but if you can't upgrade then cherry-pick this commit: http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=442efc3959a65fc9da73f79b3afda95d1cffadf3 Sorry for the wrong reply at first, there are several ways that the meta-tizen rpm can fail... :/ Ross -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] interfaces file on a per-image basis
I have two separate images, call them server and client. The client will have one /network/interfaces file and the server will have another. I can successfully override the init-ifupdown in my own bbappend in my layer and use one of my interface files, but I can't figure out how to pick between two interface files depending on the image I'm building. Is there a variable I should be able to examine to determine which interfaces file I should use in my .bbappend? The only other option I've found is to use two separate machines, which is not a great option for me because the hardware and almost all of the packages are identical between my client and server, so I'd like to just be able to build two separate images instead of changing machine types as well. Thanks! -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] interfaces file on a per-image basis
On Thu, Jul 24, 2014 at 12:25 AM, Allan Matthew amatt...@3drobotics.com wrote: I have two separate images, call them server and client. The client will have one /network/interfaces file and the server will have another. I can successfully override the init-ifupdown in my own bbappend in my layer and use one of my interface files, but I can't figure out how to pick between two interface files depending on the image I'm building. Is there a variable I should be able to examine to determine which interfaces file I should use in my .bbappend? nope you can't really do that. each recipe (.bb file) is built independently. it's true for 'normal' recipe (component, libs, ..) but also images which are .bb files too. so when you build init-ifupdown, bitbake doesn't know if the package will be installed in image-server or image-client. The only other option I've found is to use two separate machines, which is not a great option for me because the hardware and almost all of the packages are identical between my client and server, so I'd like to just be able to build two separate images instead of changing machine types as well. well, machine conf are used to identify h/w settings. so in your case, it would be wrong as you guessed. if the underlying h/w is the same, you should use the same machine. i can see a couple of options: - create multiple init-ifupdown packages (duplicate them) and pick one or the other in the image recipe. or maybe you can split the network interface config from init-ifdown (e.g. remove the file from this package), and create 2 new packages that provide this file and pick the one you need in your image. - you can use ROOTFS_POSTPROCESS_COMMAND to run a custom script that will modify the image accordingly there are certainly other options ... -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] interfaces file on a per-image basis
Thanks Nicolas! Option 3 worked perfectly. I just added two interfaces files (interfaces-client, interfaces-server) to my init-ifupdown bbappend, and using a ROOTFS_POSTPROCESS_COMMAND in my image recipe I replace the /etc/network/interfaces file with one of the two depending on the image. *Allan Matthew* Embedded Software Engineer, 3DRx *3D Robotics* (858) 225-1414 website http://www.3dr.com/ | facebook http://www.facebook.com/3drobotics | instagram http://www.instagram.com/3drobotics On Wed, Jul 23, 2014 at 3:38 PM, Nicolas Dechesne nicolas.deche...@linaro.org wrote: On Thu, Jul 24, 2014 at 12:25 AM, Allan Matthew amatt...@3drobotics.com wrote: I have two separate images, call them server and client. The client will have one /network/interfaces file and the server will have another. I can successfully override the init-ifupdown in my own bbappend in my layer and use one of my interface files, but I can't figure out how to pick between two interface files depending on the image I'm building. Is there a variable I should be able to examine to determine which interfaces file I should use in my .bbappend? nope you can't really do that. each recipe (.bb file) is built independently. it's true for 'normal' recipe (component, libs, ..) but also images which are .bb files too. so when you build init-ifupdown, bitbake doesn't know if the package will be installed in image-server or image-client. The only other option I've found is to use two separate machines, which is not a great option for me because the hardware and almost all of the packages are identical between my client and server, so I'd like to just be able to build two separate images instead of changing machine types as well. well, machine conf are used to identify h/w settings. so in your case, it would be wrong as you guessed. if the underlying h/w is the same, you should use the same machine. i can see a couple of options: - create multiple init-ifupdown packages (duplicate them) and pick one or the other in the image recipe. or maybe you can split the network interface config from init-ifdown (e.g. remove the file from this package), and create 2 new packages that provide this file and pick the one you need in your image. - you can use ROOTFS_POSTPROCESS_COMMAND to run a custom script that will modify the image accordingly there are certainly other options ... -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto