[yocto] [meta-security][PATCH 2/2] scap-security-guide: fix typo
Fix typo: RDEPNEDS_${PN} -> RDEPENDS_${PN} Signed-off-by: Yi Zhao --- .../recipes-openscap/scap-security-guide/scap-security-guide.inc| 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide.inc b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide.inc index d123561..341721a 100644 --- a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide.inc +++ b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide.inc @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=97662e4486d9a1d09f358851d9f41a1a" LICENSE = "LGPL-2.1" DEPENDS = "openscap-native python3 python3-pyyaml-native python3-jinja2-native libxml2-native" -RDEPNEDS_${PN} = "openscap" +RDEPENDS_${PN} = "openscap" S = "${WORKDIR}/git" -- 2.7.4 -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-security][PATCH 1/2] openscap: cleanup DEPENDS
Remove autoconf-archive from DEPENDS because it is using CMake/Ninjia build now. Also remove unused dpkg-native dependency from DEPENDS_class-native. Signed-off-by: Yi Zhao --- meta-security-compliance/recipes-openscap/openscap/openscap.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta-security-compliance/recipes-openscap/openscap/openscap.inc b/meta-security-compliance/recipes-openscap/openscap/openscap.inc index f23ea99..53309e8 100644 --- a/meta-security-compliance/recipes-openscap/openscap/openscap.inc +++ b/meta-security-compliance/recipes-openscap/openscap/openscap.inc @@ -6,8 +6,8 @@ HOME_URL = "https://www.open-scap.org/tools/openscap-base/; LIC_FILES_CHKSUM = "file://COPYING;md5=fbc093901857fcd118f065f900982c24" LICENSE = "LGPL-2.1" -DEPENDS = "autoconf-archive dbus acl bzip2 pkgconfig gconf procps curl libxml2 libxslt libcap swig" -DEPENDS_class-native = "autoconf-archive-native pkgconfig-native swig-native curl-native libxml2-native libxslt-native libcap-native dpkg-native" +DEPENDS = "dbus acl bzip2 pkgconfig gconf procps curl libxml2 libxslt libcap swig" +DEPENDS_class-native = "pkgconfig-native swig-native curl-native libxml2-native libxslt-native libcap-native" S = "${WORKDIR}/git" -- 2.7.4 -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] [meta-security 2/3] kernel-modsign.bbclass: add support for kernel modules signing
Hellol, вс, 4 авг. 2019 г. в 23:53, akuster808 : > On 8/4/19 1:24 PM, Dmitry Eremin-Solenikov wrote: > > вс, 4 авг. 2019 г. в 18:30, akuster808 : > >> On 7/28/19 8:31 AM, Dmitry Eremin-Solenikov wrote: > >>> From: Dmitry Eremin-Solenikov > >>> > >>> Add bbclass responsible for handling signing of kernel modules. > >>> > >>> Signed-off-by: Dmitry Eremin-Solenikov > >>> > >>> --- > >>> meta-integrity/classes/kernel-modsign.bbclass | 29 +++ > >>> .../data/debug-keys/privkey_modsign.pem | 28 ++ > >>> .../data/debug-keys/x509_modsign.crt | 22 ++ > >>> 3 files changed, 79 insertions(+) > >>> create mode 100644 meta-integrity/classes/kernel-modsign.bbclass > >>> create mode 100644 meta-integrity/data/debug-keys/privkey_modsign.pem > >>> create mode 100644 meta-integrity/data/debug-keys/x509_modsign.crt > >>> > >>> diff --git a/meta-integrity/classes/kernel-modsign.bbclass > >>> b/meta-integrity/classes/kernel-modsign.bbclass > >>> new file mode 100644 > >>> index ..1e4d94b79091 > >>> --- /dev/null > >>> +++ b/meta-integrity/classes/kernel-modsign.bbclass > >>> @@ -0,0 +1,29 @@ > >>> +# No default! Either this or MODSIGN_PRIVKEY/MODSIGN_X509 have to be > >>> +# set explicitly in a local.conf before activating kernel-modsign. > >>> +# To use the insecure (because public) example keys, use > >>> +# MODSIGN_KEY_DIR = "${INTEGRITY_BASE}/data/debug-keys" > >>> +MODSIGN_KEY_DIR ?= "MODSIGN_KEY_DIR_NOT_SET" > >>> + > >>> +# Private key for modules signing. The default is okay when > >>> +# using the example key directory. > >>> +MODSIGN_PRIVKEY ?= "${MODSIGN_KEY_DIR}/privkey_modsign.pem" > >>> + > >>> +# Public part of certificates used for modules signing. > >>> +# The default is okay when using the example key directory. > >>> +MODSIGN_X509 ?= "${MODSIGN_KEY_DIR}/x509_modsign.crt" > >>> + > >>> +# If this class is enabled, disable stripping signatures from modules > >>> +INHIBIT_PACKAGE_STRIP = "1" > >>> + > >>> +do_configure_prepend() { > >> This is being pulled in with every configure task and causing parsing > >> issues. > >> > >> I changed it to "kernel_do_configure_prepend" and that fixed the issue I > >> was seeing. > > Interesting. I haven't seen this issue. Could you please share any details? > > > > Changed bbclass appears to work for me, so either of them is fine from my > > point of view. > with 'INHERIT += "kernel-modsign"' added to my local.conf I see this. I see. My intent is to use DISTRO_FEATURES_append += "modsign". A corresponding patch for oe-core/meta/classes/module.bbclass will be submitted after this one goes in. > bitbake integrity-image-minimal > WARNING: > /home/build/releases/master/poky/meta/recipes-multimedia/alsa/alsa-tools_1.1.7.bb: > Exception during build_dependencies for do_configure > WARNING: > /home/build/releases/master/poky/meta/recipes-multimedia/alsa/alsa-tools_1.1.7.bb: > Error during finalise of > /home/build/releases/master/poky/meta/recipes-multimedia/alsa/alsa-tools_1.1.7.bb > ERROR: Unable to parse > /home/build/releases/master/poky/meta/recipes-multimedia/alsa/alsa-tools_1.1.7.bb > Traceback (most recent call last): > File "/home/build/releases/master/poky/bitbake/lib/bb/siggen.py", line > 149, in > SignatureGeneratorOEBasicHash.finalise(fn='/home/build/releases/master/poky/meta/recipes-multimedia/alsa/alsa-tools_1.1.7.bb', > d=, variant=None): > try: > >taskdeps = self._build_data(fn, d) > except bb.parse.SkipRecipe: > File "/home/build/releases/master/poky/bitbake/lib/bb/siggen.py", line > 120, in > SignatureGeneratorOEBasicHash._build_data(fn='/home/build/releases/master/poky/meta/recipes-multimedia/alsa/alsa-tools_1.1.7.bb', > d=): > ignore_mismatch = ((d.getVar("BB_HASH_IGNORE_MISMATCH") or > '') == '1') > >tasklist, gendeps, lookupcache = > bb.data.generate_dependencies(d) > > File "/home/build/releases/master/poky/bitbake/lib/bb/data.py", line > 379, in generate_dependencies(d= 0x7f9905e4e7f0>): > for task in tasklist: > >deps[task], values[task] = build_dependencies(task, keys, > shelldeps, varflagsexcl, d) > newdeps = deps[task] > File "/home/build/releases/master/poky/bitbake/lib/bb/data.py", line > 312, in build_dependencies(key='do_configure', > keys={'OLDEST_KERNEL_riscv64', 'BBFILE_PATTERN_perl-layer', > 'patch_do_patch', 'PREFERRED_PROVIDER_nativesdk-linux-libc-headers', > 'RECIPE_MAINTAINER_pn-help2man-native', 'sstate_package', 'PKGDESTWORK', > 'EXCLUDE_FROM_WORLD_pn-prelink_libc-musl', 'LAYERVERSION_core', > 'IMAGE_FSTYPES', 'RECIPE_MAINTAINER_pn-opkg', > 'RECIPE_MAINTAINER_pn-libsdl2', 'DEFAULT_TEST_SUITES', > 'SYSVINIT_ENABLED_GETTYS', 'SDK_ARCH', 'PYTHON', > 'RECIPE_MAINTAINER_pn-initramfs-framework', 'SANITY_SITECONF_SAMPLE', > 'get_patches_cves', 'base_bindir_nativesdk', > 'RECIPE_MAINTAINER_pn-dbus-glib', 'RECIPE_MAINTAINER_pn-libpsl', > 'TARGET_CPPFLAGS',
Re: [yocto] [meta-security 2/3] kernel-modsign.bbclass: add support for kernel modules signing
On 8/4/19 1:24 PM, Dmitry Eremin-Solenikov wrote: > вс, 4 авг. 2019 г. в 18:30, akuster808 : >> On 7/28/19 8:31 AM, Dmitry Eremin-Solenikov wrote: >>> From: Dmitry Eremin-Solenikov >>> >>> Add bbclass responsible for handling signing of kernel modules. >>> >>> Signed-off-by: Dmitry Eremin-Solenikov >>> --- >>> meta-integrity/classes/kernel-modsign.bbclass | 29 +++ >>> .../data/debug-keys/privkey_modsign.pem | 28 ++ >>> .../data/debug-keys/x509_modsign.crt | 22 ++ >>> 3 files changed, 79 insertions(+) >>> create mode 100644 meta-integrity/classes/kernel-modsign.bbclass >>> create mode 100644 meta-integrity/data/debug-keys/privkey_modsign.pem >>> create mode 100644 meta-integrity/data/debug-keys/x509_modsign.crt >>> >>> diff --git a/meta-integrity/classes/kernel-modsign.bbclass >>> b/meta-integrity/classes/kernel-modsign.bbclass >>> new file mode 100644 >>> index ..1e4d94b79091 >>> --- /dev/null >>> +++ b/meta-integrity/classes/kernel-modsign.bbclass >>> @@ -0,0 +1,29 @@ >>> +# No default! Either this or MODSIGN_PRIVKEY/MODSIGN_X509 have to be >>> +# set explicitly in a local.conf before activating kernel-modsign. >>> +# To use the insecure (because public) example keys, use >>> +# MODSIGN_KEY_DIR = "${INTEGRITY_BASE}/data/debug-keys" >>> +MODSIGN_KEY_DIR ?= "MODSIGN_KEY_DIR_NOT_SET" >>> + >>> +# Private key for modules signing. The default is okay when >>> +# using the example key directory. >>> +MODSIGN_PRIVKEY ?= "${MODSIGN_KEY_DIR}/privkey_modsign.pem" >>> + >>> +# Public part of certificates used for modules signing. >>> +# The default is okay when using the example key directory. >>> +MODSIGN_X509 ?= "${MODSIGN_KEY_DIR}/x509_modsign.crt" >>> + >>> +# If this class is enabled, disable stripping signatures from modules >>> +INHIBIT_PACKAGE_STRIP = "1" >>> + >>> +do_configure_prepend() { >> This is being pulled in with every configure task and causing parsing >> issues. >> >> I changed it to "kernel_do_configure_prepend" and that fixed the issue I >> was seeing. > Interesting. I haven't seen this issue. Could you please share any details? > > Changed bbclass appears to work for me, so either of them is fine from my > point of view. with 'INHERIT += "kernel-modsign"' added to my local.conf I see this. bitbake integrity-image-minimal WARNING: /home/build/releases/master/poky/meta/recipes-multimedia/alsa/alsa-tools_1.1.7.bb: Exception during build_dependencies for do_configure WARNING: /home/build/releases/master/poky/meta/recipes-multimedia/alsa/alsa-tools_1.1.7.bb: Error during finalise of /home/build/releases/master/poky/meta/recipes-multimedia/alsa/alsa-tools_1.1.7.bb ERROR: Unable to parse /home/build/releases/master/poky/meta/recipes-multimedia/alsa/alsa-tools_1.1.7.bb Traceback (most recent call last): File "/home/build/releases/master/poky/bitbake/lib/bb/siggen.py", line 149, in SignatureGeneratorOEBasicHash.finalise(fn='/home/build/releases/master/poky/meta/recipes-multimedia/alsa/alsa-tools_1.1.7.bb', d=, variant=None): try: > taskdeps = self._build_data(fn, d) except bb.parse.SkipRecipe: File "/home/build/releases/master/poky/bitbake/lib/bb/siggen.py", line 120, in SignatureGeneratorOEBasicHash._build_data(fn='/home/build/releases/master/poky/meta/recipes-multimedia/alsa/alsa-tools_1.1.7.bb', d=): ignore_mismatch = ((d.getVar("BB_HASH_IGNORE_MISMATCH") or '') == '1') > tasklist, gendeps, lookupcache = bb.data.generate_dependencies(d) File "/home/build/releases/master/poky/bitbake/lib/bb/data.py", line 379, in generate_dependencies(d=): for task in tasklist: > deps[task], values[task] = build_dependencies(task, keys, shelldeps, varflagsexcl, d) newdeps = deps[task] File "/home/build/releases/master/poky/bitbake/lib/bb/data.py", line 312, in build_dependencies(key='do_configure', keys={'OLDEST_KERNEL_riscv64', 'BBFILE_PATTERN_perl-layer', 'patch_do_patch', 'PREFERRED_PROVIDER_nativesdk-linux-libc-headers', 'RECIPE_MAINTAINER_pn-help2man-native', 'sstate_package', 'PKGDESTWORK', 'EXCLUDE_FROM_WORLD_pn-prelink_libc-musl', 'LAYERVERSION_core', 'IMAGE_FSTYPES', 'RECIPE_MAINTAINER_pn-opkg', 'RECIPE_MAINTAINER_pn-libsdl2', 'DEFAULT_TEST_SUITES', 'SYSVINIT_ENABLED_GETTYS', 'SDK_ARCH', 'PYTHON', 'RECIPE_MAINTAINER_pn-initramfs-framework', 'SANITY_SITECONF_SAMPLE', 'get_patches_cves', 'base_bindir_nativesdk', 'RECIPE_MAINTAINER_pn-dbus-glib', 'RECIPE_MAINTAINER_pn-libpsl', 'TARGET_CPPFLAGS', 'LAYERSERIES_COMPAT_meta-python', 'INHIBIT_DEFAULT_DEPS', 'RECIPE_MAINTAINER_pn-pulseaudio', 'PATCHDEPENDENCY', 'TCLIBCAPPEND', 'P', 'BBFILE_PATTERN_yocto', 'BB_HASHCHECK_FUNCTION', 'RECIPE_MAINTAINER_pn-texinfo-dummy-native', 'RECIPE_MAINTAINER_pn-watchdog', 'STAGING_FIRMWARE_DIR', 'TARGET_FPU', 'SDK_NAME', 'RREPLACES', 'LINUXLIBCVERSION', 'USERADD_ERROR_DYNAMIC', 'RECIPE_MAINTAINER_pn-wic-tools', 'EXTENDPKGEVER',
Re: [yocto] [meta-security 2/3] kernel-modsign.bbclass: add support for kernel modules signing
вс, 4 авг. 2019 г. в 18:30, akuster808 : > On 7/28/19 8:31 AM, Dmitry Eremin-Solenikov wrote: > > From: Dmitry Eremin-Solenikov > > > > Add bbclass responsible for handling signing of kernel modules. > > > > Signed-off-by: Dmitry Eremin-Solenikov > > --- > > meta-integrity/classes/kernel-modsign.bbclass | 29 +++ > > .../data/debug-keys/privkey_modsign.pem | 28 ++ > > .../data/debug-keys/x509_modsign.crt | 22 ++ > > 3 files changed, 79 insertions(+) > > create mode 100644 meta-integrity/classes/kernel-modsign.bbclass > > create mode 100644 meta-integrity/data/debug-keys/privkey_modsign.pem > > create mode 100644 meta-integrity/data/debug-keys/x509_modsign.crt > > > > diff --git a/meta-integrity/classes/kernel-modsign.bbclass > > b/meta-integrity/classes/kernel-modsign.bbclass > > new file mode 100644 > > index ..1e4d94b79091 > > --- /dev/null > > +++ b/meta-integrity/classes/kernel-modsign.bbclass > > @@ -0,0 +1,29 @@ > > +# No default! Either this or MODSIGN_PRIVKEY/MODSIGN_X509 have to be > > +# set explicitly in a local.conf before activating kernel-modsign. > > +# To use the insecure (because public) example keys, use > > +# MODSIGN_KEY_DIR = "${INTEGRITY_BASE}/data/debug-keys" > > +MODSIGN_KEY_DIR ?= "MODSIGN_KEY_DIR_NOT_SET" > > + > > +# Private key for modules signing. The default is okay when > > +# using the example key directory. > > +MODSIGN_PRIVKEY ?= "${MODSIGN_KEY_DIR}/privkey_modsign.pem" > > + > > +# Public part of certificates used for modules signing. > > +# The default is okay when using the example key directory. > > +MODSIGN_X509 ?= "${MODSIGN_KEY_DIR}/x509_modsign.crt" > > + > > +# If this class is enabled, disable stripping signatures from modules > > +INHIBIT_PACKAGE_STRIP = "1" > > + > > +do_configure_prepend() { > > This is being pulled in with every configure task and causing parsing > issues. > > I changed it to "kernel_do_configure_prepend" and that fixed the issue I > was seeing. Interesting. I haven't seen this issue. Could you please share any details? Changed bbclass appears to work for me, so either of them is fine from my point of view. > things appear to be still working, Can you double check. -- With best wishes Dmitry -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] [meta-security 2/3] kernel-modsign.bbclass: add support for kernel modules signing
On 7/28/19 8:31 AM, Dmitry Eremin-Solenikov wrote: > From: Dmitry Eremin-Solenikov > > Add bbclass responsible for handling signing of kernel modules. > > Signed-off-by: Dmitry Eremin-Solenikov > --- > meta-integrity/classes/kernel-modsign.bbclass | 29 +++ > .../data/debug-keys/privkey_modsign.pem | 28 ++ > .../data/debug-keys/x509_modsign.crt | 22 ++ > 3 files changed, 79 insertions(+) > create mode 100644 meta-integrity/classes/kernel-modsign.bbclass > create mode 100644 meta-integrity/data/debug-keys/privkey_modsign.pem > create mode 100644 meta-integrity/data/debug-keys/x509_modsign.crt > > diff --git a/meta-integrity/classes/kernel-modsign.bbclass > b/meta-integrity/classes/kernel-modsign.bbclass > new file mode 100644 > index ..1e4d94b79091 > --- /dev/null > +++ b/meta-integrity/classes/kernel-modsign.bbclass > @@ -0,0 +1,29 @@ > +# No default! Either this or MODSIGN_PRIVKEY/MODSIGN_X509 have to be > +# set explicitly in a local.conf before activating kernel-modsign. > +# To use the insecure (because public) example keys, use > +# MODSIGN_KEY_DIR = "${INTEGRITY_BASE}/data/debug-keys" > +MODSIGN_KEY_DIR ?= "MODSIGN_KEY_DIR_NOT_SET" > + > +# Private key for modules signing. The default is okay when > +# using the example key directory. > +MODSIGN_PRIVKEY ?= "${MODSIGN_KEY_DIR}/privkey_modsign.pem" > + > +# Public part of certificates used for modules signing. > +# The default is okay when using the example key directory. > +MODSIGN_X509 ?= "${MODSIGN_KEY_DIR}/x509_modsign.crt" > + > +# If this class is enabled, disable stripping signatures from modules > +INHIBIT_PACKAGE_STRIP = "1" > + > +do_configure_prepend() { This is being pulled in with every configure task and causing parsing issues. I changed it to "kernel_do_configure_prepend" and that fixed the issue I was seeing. things appear to be still working, Can you double check. - armin > +if [ -f "${MODSIGN_PRIVKEY}" -a -f "${MODSIGN_X509}" ]; then > +cat "${MODSIGN_PRIVKEY}" "${MODSIGN_X509}" \ > +> "${B}/modsign_key.pem" > +else > +bberror "Either modsign key or certificate are invalid" > +fi > +} > + > +do_shared_workdir_append() { > +cp modsign_key.pem $kerneldir/ > +} > diff --git a/meta-integrity/data/debug-keys/privkey_modsign.pem > b/meta-integrity/data/debug-keys/privkey_modsign.pem > new file mode 100644 > index ..4cac00ae303a > --- /dev/null > +++ b/meta-integrity/data/debug-keys/privkey_modsign.pem > @@ -0,0 +1,28 @@ > +-BEGIN PRIVATE KEY- > +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDEWsJjB2pA5Ih6 > +EelXvVjwWY1ix1azMciNRNPPQN1AMXF0K/VUkfOYbaPajg1cQYEf9gk3q7OZ5Axk > +UY/e5piZORaPcsmj0lV0L+NSlRYydR5M/QxtEz26585FgqRGdAe6umStPmVKdqa2 > +d68O4PgQgJJtVuz6ndm+0uNEUDCVLwhkGQSwNB3qBbZAUX9escZ/a8eUiBfMYKaO > +k8JRyM+2br9dgpTFg4UfBYexgNSQo8g5TIBGc8KgQiKCuFj1fQEhV5z4RusHthjc > +NYXa3RHmdclxyrGeYr5ZRc47HqE1gd5NDR0WeHn4C4YKcfK1rZZz/2+6hfsIRfGx > +6cQKk23hAgMBAAECggEAJ0ULiWirPG04SkmYxF5vEiqm1zGMymvTc0VnoxSS60q4 > +KQa9mvtRn5OV6JjuXRwQqga30zV4xvdP7yRMxMSTkllThL7tSuE/C+yj5xlABjlc > +JQOa35mwh9fibg5xslF0Vkj+55MKCPlv4CBRl4Uwt4QvRMTUwk6dhMeCgmATR1J1 > +2/7AipjtfFYreDx7sLbRVvSzUhmZS0iCbNOhtTWPLNW+9YKHTOffKa04HzNtnAXq > +OjJ0IRZD/C6LfkBUsnHg2eEiA97QXh/Srsl9nc8DaUK1IXRywEdmYIoNMWMav2Hm > +RO8kkU30BqKW+/EO2ZbH2GmkxvwWd0ocBnLC3FRWEQKBgQDu4T8CB3YsOcVjqem4 > +iBlaSht/b46YQc7A1SOqZCimehmmXNSxQOkapIG3wlIr5edtXQA+xv09+WrproUB > +SjAnqaH6pYeCvbNlY5k344gtYs+Kco2rq5GYa+LumAeX2Sam8F7u4LxvEogCecX7 > +e4rnG3lt3AVuuRE7zpCQtaWcJQKBgQDSbUvea9pcYli9pssTl+ijQKkgG9DdaYbA > +I5w5bY1TPYZ/Ocysljefv/ssaHFh4DPxE1MQ5JHwZgZRo1EICxxYzGsLjyR/fmjz > +1c/NJlTtalCNtLvWaf7b02ag/abnP8neiSpLL5xqHvGo5ikWwgYQD+9HVKGvL3S1 > +kI7x/ziADQKBgQCqFbkuMa/jh3LTJp0iZc1fa1qu3vhx0pFq3Zeab9w9xLxUps5O > +MwCGltFBzNuDJBwm00wkZrzTjq6gGkHbjD5DT1XkyE13OqjsLQFgOOKyJiPN2Qik > +TfHJzC91YMwvQ09xF78QaPXiRBiRYrEkAXACY56PKVS45I6vvcFTN/Ll/QKBgA9m > +KDMyuVwhZlUaq6nXaBLqXHYZEwPhARd2g6xANCNvUTRmSnAm3hM2vW7WhdWfzq1J > +uL53u6ZYEQZQaVGpXn2xF/RUmVsrKQsPDpH4yCZHrXVxUH20bA4yPkRxy5EIvgEn > +EI1IAq5RbWXq0f70W/U49U3HB74GPwg6d/uFreDRAoGAN+v9gMQA6A1vM7LvbYR8 > +5CwwyqS/CfI9zKPLn53QstguXC/ObafIYQzVRqGb9lCQgtlmmKw4jMY0B/lDzpcH > +zS8rqoyvDj/m7i17NYkqXErJKLRQ0ptXKdLXHlG0u185e7Y5p4O3Z5dk8bACkpHi > +hp764y+BtU4qIcVaPsPK4uU= > +-END PRIVATE KEY- > diff --git a/meta-integrity/data/debug-keys/x509_modsign.crt > b/meta-integrity/data/debug-keys/x509_modsign.crt > new file mode 100644 > index ..5fa2a9062a89 > --- /dev/null > +++ b/meta-integrity/data/debug-keys/x509_modsign.crt > @@ -0,0 +1,22 @@ > +-BEGIN CERTIFICATE- > +MIIDnjCCAoagAwIBAgIUUqmBj5Q8edHMMTXsoGVGEEKdwV4wDQYJKoZIhvcNAQEL > +BQAwZzEqMCgGA1UEAxMhbWV0YS1zZWN1cml0eSBtb2R1bGVzIHNpZ25pbmcga2V5 > +MRQwEgYDVQQKEwtleGFtcGxlLmNvbTEjMCEGCSqGSIb3DQEJARYUam9obi5kb2VA > +ZXhhbXBsZS5jb20wIBcNMTkwNzI3MjIzOTA3WhgPMjExOTA3MjcyMjM5MTVaMGcx > +KjAoBgNVBAMTIW1ldGEtc2VjdXJpdHkgbW9kdWxlcyBzaWduaW5nIGtleTEUMBIG
[yocto] QA issue applibrary rdepends on app-dev [dev-deps], where is the do_package_qa?
Hi, I was running my Yocto build fine until I had a minor change to move libapplibrary.so to libapplibrry.so.${PN} and made libapplibrary.so to a symbolic link of libapplibrry.so.${PN}. Now it got an error of QA issue applibrary rdepends on app-dev [dev-deps], QA run found fatal errors, please consider fixing them. Even I reverse the changes back the, it still complained the same error. I don't have do_package_qa in my bb file, where is it from? What is that error about? How to fix it? Thank you. Kind regards, - jh -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto