Re: [yocto] Fix 'PACKAGES' in net-snmp recipe
> > > From: Kosta Zertsekel [mailto:kzertse...@advaoptical.com] > Sent: Monday, March 19, 2018 14:17 > To: Huang, Jie (Jackie); Khem Raj > Cc: yocto@yoctoproject.org; Enache, Catalin; Zhou, Li > Subject: Re: [yocto] Fix 'PACKAGES' in net-snmp recipe > > > are there specific issue you are seeing besides the packages being empty ? > > I would suggest to apply _remove operation to remove the empty packages > > if needed from PACKAGES variable > > No any other specific issues are seen. > > > I agree, I don't think it's an issue that the packages > > being empty, and actually they're handled properly with: > > > > ALLOW_EMPTY_${PN} = "1" > > ALLOW_EMPTY_${PN}-server = "1" > > > > RDEPENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'perl', > > 'net-snmp-perl-modules', '', d)}" > > RDEPENDS_${PN} += "net-snmp-client" > > RDEPENDS_${PN}-server += "net-snmp-server-snmpd net-snmp-server-snmptrapd" > > > > So you can assume that "net-snmp" = "net-snmp-client" ( plus > > 'net-snmp-perl-modules' > > if 'perl' packgeconfig is enabled ), and "net-snmp-server" = " > > net-snmp-server-snmpd" > > +"net-snmp-server-snmptrapd " > > So, you mean that 'PACKAGEs = ...' was changed to 'PACKAGES += ...' in order > to create the default packages (${PN}, ${PN}-doc, ${PN}-locale, etc.) that are It was changed for two reasons referred to the commit 5eec0615e: """ - Change to use append for PACKAGES so that: * ptest package is added from ptest bbcalss * the PN is back, allow empty and add rdepends on net-snmp-client in case the user try to add net-snmp to the image """ 1) The 'PACKAGEs = ...' will override the definition from bbclass like ptest.bbclass 2) We had customers assume that the ${PN} package for each recipe always exist so when they wanted to use net-snmp clients, they tried to install net-snmp but failed. If you don't like the solution, you can use _remove operation to remove PN from PACKAGES. Other default packages like ${PN}-doc and ${PN}-locale, them are also empty for many other recipes, I don't think it's an issue, so no need to re-define the PACKAGES or remove them with _remove operation. Thanks, Jackie > empty? Is there a chance it was done to satisfy a default dependencies in > bitbake.conf? I just fail to see the original meaning... > --- Kosta Z. > > From: Huang, Jie (Jackie) > Sent: Monday, March 19, 2018 3:56:28 AM > To: Khem Raj; Kosta Zertsekel > Cc: yocto@yoctoproject.org; Enache, Catalin; Zhou, Li > Subject: RE: [yocto] Fix 'PACKAGES' in net-snmp recipe > > > > > -Original Message- > > From: Huang, Jie (Jackie) > > Sent: Monday, March 19, 2018 09:51 > > To: 'Khem Raj'; Kosta Zertsekel > > Cc: yocto@yoctoproject.org; Enache, Catalin; Zhou, Li > > Subject: RE: [yocto] Fix 'PACKAGES' in net-snmp recipe > > > > > > > > > -Original Message- > > > From: Khem Raj [mailto:raj.k...@gmail.com] > > > Sent: Monday, March 19, 2018 05:54 > > > To: Kosta Zertsekel > > > Cc: yocto@yoctoproject.org; Huang, Jie (Jackie); Enache, Catalin; Zhou, Li > > > Subject: Re: [yocto] Fix 'PACKAGES' in net-snmp recipe > > > > > > On Sat, Mar 17, 2018 at 11:46 PM, Kosta Zertsekel > > > wrote: > > > > Hi guys, > > > > > > > > > > > > As for now (master branch) 'PACKAGES' variable in net-snmp equals to: > > > > > > > > ``` > > > > > > > > $ bitbake -e net-snmp | grep "^PACKAGES=" > > > > > > > > PACKAGES="net-snmp-dbg net-snmp-staticdev net-snmp-dev net-snmp-doc > > > > net-snmp-locale net-snmp net-snmp-libs net-snmp-mibs net-snmp-server > > > > net-snmp-client net-snmp-server-snmpd net-snmp-server-snmptrapd " > > > > ``` > > > > > > > > This seems to be wrong as many built packages from 'packages-split' > > > > directory of net-snmp are empty: > > > > > > > > ``` > > > > $ du -a --max-depth=1 . | sort -n > > > > 4./net-snmp > > > > 4./net-snmp-client.shlibdeps > > > > 4./net-snmp-doc > > > > 4./net-snmp-libs.shlibdeps > > > > 4./net-snmp-locale > >
Re: [yocto] Fix 'PACKAGES' in net-snmp recipe
> -Original Message- > From: Huang, Jie (Jackie) > Sent: Monday, March 19, 2018 09:51 > To: 'Khem Raj'; Kosta Zertsekel > Cc: yocto@yoctoproject.org; Enache, Catalin; Zhou, Li > Subject: RE: [yocto] Fix 'PACKAGES' in net-snmp recipe > > > > > -Original Message- > > From: Khem Raj [mailto:raj.k...@gmail.com] > > Sent: Monday, March 19, 2018 05:54 > > To: Kosta Zertsekel > > Cc: yocto@yoctoproject.org; Huang, Jie (Jackie); Enache, Catalin; Zhou, Li > > Subject: Re: [yocto] Fix 'PACKAGES' in net-snmp recipe > > > > On Sat, Mar 17, 2018 at 11:46 PM, Kosta Zertsekel > > wrote: > > > Hi guys, > > > > > > > > > As for now (master branch) 'PACKAGES' variable in net-snmp equals to: > > > > > > ``` > > > > > > $ bitbake -e net-snmp | grep "^PACKAGES=" > > > > > > PACKAGES="net-snmp-dbg net-snmp-staticdev net-snmp-dev net-snmp-doc > > > net-snmp-locale net-snmp net-snmp-libs net-snmp-mibs net-snmp-server > > > net-snmp-client net-snmp-server-snmpd net-snmp-server-snmptrapd " > > > ``` > > > > > > This seems to be wrong as many built packages from 'packages-split' > > > directory of net-snmp are empty: > > > > > > ``` > > > $ du -a --max-depth=1 . | sort -n > > > 4./net-snmp > > > 4./net-snmp-client.shlibdeps > > > 4./net-snmp-doc > > > 4./net-snmp-libs.shlibdeps > > > 4./net-snmp-locale > > > 4./net-snmp-server > > > 4./net-snmp-server-snmpd.shlibdeps > > > 4./net-snmp-server-snmptrapd.shlibdeps > > > 4./net-snmp-staticdev > > > 48./net-snmp-server-snmptrapd > > > 72./net-snmp-server-snmpd > > > 1208./net-snmp-dev > > > 1480./net-snmp-client > > > 1812./net-snmp-mibs > > > 2872./net-snmp-libs > > > 15308./net-snmp-dbg > > > ``` > > > > > > Well, the culprit commit is 5eec0615e548f58ecdfadfc45af5805eeb58f69c where > > > the below change has happened: > > > ``` > > > -PACKAGES = "${PN}-dbg ${PN}-doc ${PN}-dev ${PN}-staticdev ${PN}-static > > > ${PN}-libs \ > > > -${PN}-mibs ${PN}-server ${PN}-client ${PN}-server-snmpd > > > ${PN}-server-snmptrapd" > > > +PACKAGES += "${PN}-libs ${PN}-mibs ${PN}-server ${PN}-client > > > ${PN}-server-snmpd ${PN}-server-snmptrapd" > > > ``` > > > > > > This new 'PACKAGES' variable is wrong IMHO, because it contains > > > the 'net-snmp' package and other empty packages. > > > > > > > > > Please review (and apply if ok) the attached commit that fixes it. > > > > > > > are there specific issue you are seeing besides the packages being empty ? > > I would suggest to apply _remove operation to remove the empty packages > > if needed from PACKAGES variable > > I agree, I don't think it's an issue that the packages being empty, and > actually they're handled properly with: > > ALLOW_EMPTY_${PN} = "1" > ALLOW_EMPTY_${PN}-server = "1" > > RDEPENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'perl', > 'net-snmp-perl-modules', '', d)}" > RDEPENDS_${PN} += "net-snmp-client" > RDEPENDS_${PN}-server += "net-snmp-server-snmpd net-snmp-server-snmptrapd" > > So you can assume that "net-snmp" = "net-snmp-client" ( plus > 'net-snmp-perl-modules' if 'perl' packgeconfig > is enabled ), and "net-snmp-server" = " net-snmp-server-snmpd" + > "net-snmp-server-snmptrapd " And if you really want to remove them with _remove operations, you may also need to remove the RDEPENDS. Thanks, Jackie > > Thanks, > Jackie > > > > > > > > > Thanks, > > > > > > --- Kosta Z. > > > > > > > > > -- > > > ___ > > > yocto mailing list > > > yocto@yoctoproject.org > > > https://lists.yoctoproject.org/listinfo/yocto > > > -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] Fix 'PACKAGES' in net-snmp recipe
> -Original Message- > From: Khem Raj [mailto:raj.k...@gmail.com] > Sent: Monday, March 19, 2018 05:54 > To: Kosta Zertsekel > Cc: yocto@yoctoproject.org; Huang, Jie (Jackie); Enache, Catalin; Zhou, Li > Subject: Re: [yocto] Fix 'PACKAGES' in net-snmp recipe > > On Sat, Mar 17, 2018 at 11:46 PM, Kosta Zertsekel > wrote: > > Hi guys, > > > > > > As for now (master branch) 'PACKAGES' variable in net-snmp equals to: > > > > ``` > > > > $ bitbake -e net-snmp | grep "^PACKAGES=" > > > > PACKAGES="net-snmp-dbg net-snmp-staticdev net-snmp-dev net-snmp-doc > > net-snmp-locale net-snmp net-snmp-libs net-snmp-mibs net-snmp-server > > net-snmp-client net-snmp-server-snmpd net-snmp-server-snmptrapd " > > ``` > > > > This seems to be wrong as many built packages from 'packages-split' > > directory of net-snmp are empty: > > > > ``` > > $ du -a --max-depth=1 . | sort -n > > 4./net-snmp > > 4./net-snmp-client.shlibdeps > > 4./net-snmp-doc > > 4./net-snmp-libs.shlibdeps > > 4./net-snmp-locale > > 4./net-snmp-server > > 4./net-snmp-server-snmpd.shlibdeps > > 4./net-snmp-server-snmptrapd.shlibdeps > > 4./net-snmp-staticdev > > 48./net-snmp-server-snmptrapd > > 72./net-snmp-server-snmpd > > 1208./net-snmp-dev > > 1480./net-snmp-client > > 1812./net-snmp-mibs > > 2872./net-snmp-libs > > 15308./net-snmp-dbg > > ``` > > > > Well, the culprit commit is 5eec0615e548f58ecdfadfc45af5805eeb58f69c where > > the below change has happened: > > ``` > > -PACKAGES = "${PN}-dbg ${PN}-doc ${PN}-dev ${PN}-staticdev ${PN}-static > > ${PN}-libs \ > > -${PN}-mibs ${PN}-server ${PN}-client ${PN}-server-snmpd > > ${PN}-server-snmptrapd" > > +PACKAGES += "${PN}-libs ${PN}-mibs ${PN}-server ${PN}-client > > ${PN}-server-snmpd ${PN}-server-snmptrapd" > > ``` > > > > This new 'PACKAGES' variable is wrong IMHO, because it contains > > the 'net-snmp' package and other empty packages. > > > > > > Please review (and apply if ok) the attached commit that fixes it. > > > > are there specific issue you are seeing besides the packages being empty ? > I would suggest to apply _remove operation to remove the empty packages > if needed from PACKAGES variable I agree, I don't think it's an issue that the packages being empty, and actually they're handled properly with: ALLOW_EMPTY_${PN} = "1" ALLOW_EMPTY_${PN}-server = "1" RDEPENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'net-snmp-perl-modules', '', d)}" RDEPENDS_${PN} += "net-snmp-client" RDEPENDS_${PN}-server += "net-snmp-server-snmpd net-snmp-server-snmptrapd" So you can assume that "net-snmp" = "net-snmp-client" ( plus 'net-snmp-perl-modules' if 'perl' packgeconfig is enabled ), and "net-snmp-server" = " net-snmp-server-snmpd" + "net-snmp-server-snmptrapd " Thanks, Jackie > > > > > Thanks, > > > > --- Kosta Z. > > > > > > -- > > ___ > > yocto mailing list > > yocto@yoctoproject.org > > https://lists.yoctoproject.org/listinfo/yocto > > -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] [opkg-utils PATCH] update-alternatives: fix the sed pattern in remove_alt
Sorry I forgot adding opkg-devel, so I just re-sent with opkg-devel added in. Thanks, Jackie > -Original Message- > From: yocto-boun...@yoctoproject.org [mailto:yocto- > boun...@yoctoproject.org] On Behalf Of jackie.hu...@windriver.com > Sent: Friday, January 19, 2018 10:54 > To: yocto@yoctoproject.org > Subject: [yocto] [opkg-utils PATCH] update-alternatives: fix the sed pattern > in > remove_alt > > From: Jackie Huang > > '\>' is to matches the end of a word, but the executable is > not always a 'word', e.g. /usr/lib64/busybox/usr/bin/[ > > then such alternatives can not be removed. > > So change to use '\s' in the pattern since the following > character of the $path is whitespace. > > Signed-off-by: Jackie Huang > --- > update-alternatives | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/update-alternatives b/update-alternatives > index ffad853..ce7d66c 100644 > --- a/update-alternatives > +++ b/update-alternatives > @@ -80,7 +80,7 @@ remove_alt() { > [ ! -f $ad/$name ] && return 0 > > path=`echo $path | protect_slashes | protect_special_character` > - sed -ne "/^$path\>.*/!p" $ad/$name > $ad/$name.new > + sed -ne "/^$path\s.*/!p" $ad/$name > $ad/$name.new > mv $ad/$name.new $ad/$name > } > > -- > 2.7.4 > > -- > ___ > yocto mailing list > yocto@yoctoproject.org > https://lists.yoctoproject.org/listinfo/yocto -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] [meta-cgl][PATCH 2/2] cgl-common.inc: append SRC_URI for poky-cgl only
> -Original Message- > From: Andre McCurdy [mailto:armccu...@gmail.com] > Sent: Thursday, October 12, 2017 06:51 > To: Huang, Jie (Jackie) > Cc: Yocto discussion list > Subject: Re: [yocto] [meta-cgl][PATCH 2/2] cgl-common.inc: append SRC_URI > for poky-cgl only > > On Mon, Oct 9, 2017 at 8:30 PM, wrote: > > From: Jackie Huang > > > > Someone may want to add meta-cgl-common layer into their > > distro and only use some of the packages, but these kernel > > features will be also added by the bbappend and may cause > > unexpected issue, so change to append the SRC_URI for poky-cgl > > distro only. > > > > Signed-off-by: Jackie Huang > > --- > > meta-cgl-common/recipes-kernel/linux/cgl-common.inc | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/meta-cgl-common/recipes-kernel/linux/cgl-common.inc b/meta- > cgl-common/recipes-kernel/linux/cgl-common.inc > > index 52cf773..362a7c4 100644 > > --- a/meta-cgl-common/recipes-kernel/linux/cgl-common.inc > > +++ b/meta-cgl-common/recipes-kernel/linux/cgl-common.inc > > @@ -1,6 +1,6 @@ > > FILESEXTRAPATHS_prepend := "${THISDIR}/files:" > > > > -SRC_URI += "file://cfg/1-systemtap.cfg \ > > +SRC_URI_append_poky-cgl = "file://cfg/1-systemtap.cfg \ > > Needs a leading space. Fixed and sent v2. Thanks, Jackie > > > file://cfg/2-oprofile.cfg \ > > file://cfg/3-lttng.cfg \ > > file://cfg/4-kgdb.cfg \ > > -- > > 2.11.0 > > > > -- > > ___ > > yocto mailing list > > yocto@yoctoproject.org > > https://lists.yoctoproject.org/listinfo/yocto -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] [meta-security][PATCH] keynote: update the SRC_URI
> -Original Message- > From: yocto-boun...@yoctoproject.org [mailto:yocto- > boun...@yoctoproject.org] On Behalf Of Randy MacLeod > Sent: Saturday, September 30, 2017 11:10 > To: Du, Dengke; yocto@yoctoproject.org > Subject: Re: [yocto] [meta-security][PATCH] keynote: update the SRC_URI > > On 2017-09-29 09:55 PM, Dengke Du wrote: > > The old URL can't be available, give the new URL to keynote. > > The project already moved to: > > > > https://sourceforge.net/projects/keynote-2-3/ > > > > Signed-off-by: Dengke Du > > --- > > recipes-security/keynote/keynote_2.3.bb | 9 ++--- > > 1 file changed, 6 insertions(+), 3 deletions(-) > > > > diff --git a/recipes-security/keynote/keynote_2.3.bb b/recipes- > security/keynote/keynote_2.3.bb > > index b1df880..23e75e4 100644 > > --- a/recipes-security/keynote/keynote_2.3.bb > > +++ b/recipes-security/keynote/keynote_2.3.bb > > @@ -9,16 +9,19 @@ SECTION = "security" > > LICENSE = "ISC" > > LIC_FILES_CHKSUM = > "file://LICENSE;md5=3a265095c549c1808686a676f2699c98" > > > > -SRC_URI = "http://www.cs.columbia.edu/~angelos/Code/${BPN}.tar.gz \ > > +MAIN_ID = "${@d.getVar('PV').split('.')[0]}" > > +MINOR_ID = "${@d.getVar('PV').split('.')[1]}" > > +SRC_URI = "${SOURCEFORGE_MIRROR}/project/${PN}-${MAIN_ID}- > ${MINOR_ID}/${PN}_${PV}.tar.gz \ s/PN/BPN/ > > file://configure-remove-hardcode-path.patch \ > > file://makefile-add-ldflags.patch \ > > file://run-ptest \ > > " > > +S = "${WORKDIR}/${PN}-${PV}+dfsg.orig" s/PN/BPN/ Dengke, please fix and re-send. Thanks, Jackie > > > > inherit autotools-brokensep ptest > > > > -SRC_URI[md5sum] = "ba58a0297c421dc6aa671e6b753ef695" > > -SRC_URI[sha256sum] = > "62f7a9d57ceb6bcdd47b604b637a7ac8ed337cef0ab02f1fa28b7e61c9b15821" > > +SRC_URI[md5sum] = "a14553e6ad921b5c85026ce5bec3afe7" > > +SRC_URI[sha256sum] = > "38d2acfa1c3630a07adcb5c8fe92d2aef7f0e6d242b8998b2bbb1c6e4c408d46" > > Denke tells me that the source is identical but docs were added > so the checksums have changed. > > ../Randy > > > > > DEPENDS = "flex openssl" > > > > > > > -- > # Randy MacLeod. WR Linux > # Wind River an Intel Company > -- > ___ > yocto mailing list > yocto@yoctoproject.org > https://lists.yoctoproject.org/listinfo/yocto -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] [meta-cloud-services][PATCH] packagegroups: fix invalid license file
> -Original Message- > From: Bruce Ashfield [mailto:bruce.ashfi...@windriver.com] > Sent: Saturday, September 16, 2017 03:19 > To: Huang, Jie (Jackie); yocto@yoctoproject.org > Subject: Re: [yocto] [meta-cloud-services][PATCH] packagegroups: fix invalid > license file > > wrong mailing list, but merged anyway. > > use the meta-virtualization mailing list for these. Thanks, I will send there next time. Thanks, Jackie > > Bruce > > On 2017-09-15 5:27 AM, jackie.hu...@windriver.com wrote: > > From: Jackie Huang > > > > Use '${COMMON_LICENSE_DIR}/MIT' for MIT License to fix the warning: > > > > | WARNING: packagegroup-cloud-compute do_populate_lic: > >${COREBASE}/LICENSE is not a valid license file, please use > >'${COMMON_LICENSE_DIR}/MIT' for a MIT License file in > LIC_FILES_CHKSUM. > >This will become an error in the future > > > > Signed-off-by: Jackie Huang > > --- > > .../recipes-extended/packagegroups/packagegroup-cloud-benchmarking.bb > | 2 +- > > .../recipes-extended/packagegroups/packagegroup-cloud-compute.bb| > 2 +- > > .../recipes-extended/packagegroups/packagegroup-cloud-controller.bb | > > 2 > +- > > .../recipes-extended/packagegroups/packagegroup-cloud-debug.bb | > > 2 > +- > > .../recipes-extended/packagegroups/packagegroup-cloud-extras.bb | > > 2 > +- > > .../recipes-extended/packagegroups/packagegroup-cloud-network.bb| > > 2 > +- > > 6 files changed, 6 insertions(+), 6 deletions(-) > > > > diff --git a/meta-openstack/recipes-extended/packagegroups/packagegroup- > cloud-benchmarking.bb b/meta-openstack/recipes- > extended/packagegroups/packagegroup-cloud-benchmarking.bb > > index 6310b8f..e659c31 100644 > > --- a/meta-openstack/recipes-extended/packagegroups/packagegroup-cloud- > benchmarking.bb > > +++ b/meta-openstack/recipes-extended/packagegroups/packagegroup- > cloud-benchmarking.bb > > @@ -1,7 +1,7 @@ > > SUMMARY = "Add benchmarking capabilities to cloud images" > > PR = "r0" > > LICENSE = "MIT" > > -LIC_FILES_CHKSUM = > "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \ > > +LIC_FILES_CHKSUM = > "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f > 302 \ > > > file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de2 > 0420" > > > > inherit packagegroup > > diff --git a/meta-openstack/recipes-extended/packagegroups/packagegroup- > cloud-compute.bb b/meta-openstack/recipes- > extended/packagegroups/packagegroup-cloud-compute.bb > > index 21f8f10..2e9446d 100644 > > --- a/meta-openstack/recipes-extended/packagegroups/packagegroup-cloud- > compute.bb > > +++ b/meta-openstack/recipes-extended/packagegroups/packagegroup- > cloud-compute.bb > > @@ -1,7 +1,7 @@ > > SUMMARY = "Configuration for OpenStack Compute node" > > PR = "r0" > > LICENSE = "MIT" > > -LIC_FILES_CHKSUM = > "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \ > > +LIC_FILES_CHKSUM = > "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f > 302 \ > > > file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de2 > 0420" > > > > inherit packagegroup > > diff --git a/meta-openstack/recipes-extended/packagegroups/packagegroup- > cloud-controller.bb b/meta-openstack/recipes- > extended/packagegroups/packagegroup-cloud-controller.bb > > index f172839..1f0a8de 100644 > > --- a/meta-openstack/recipes-extended/packagegroups/packagegroup-cloud- > controller.bb > > +++ b/meta-openstack/recipes-extended/packagegroups/packagegroup- > cloud-controller.bb > > @@ -1,7 +1,7 @@ > > SUMMARY = "Configuration for OpenStack Controller node" > > PR = "r0" > > LICENSE = "MIT" > > -LIC_FILES_CHKSUM = > "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \ > > +LIC_FILES_CHKSUM = > "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f > 302 \ > > > file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de2 > 0420" > > > > inherit packagegroup > > diff --git a/meta-openstack/recipes-extended/packagegroups/packagegroup- > cloud-debug.bb b/meta-openstack/recipes- > extended/packagegroups/packagegroup-cloud-debug.bb > > index e5517d2..fecbdc6 100644 > > --- a/meta-openstack/recipes-extended/packagegroups/packagegroup-cloud- > debug.bb > >
Re: [yocto] [meta-cgl][PATCH] pacemaker: update to 1.1.16
> -Original Message- > From: Adrian Dudau [mailto:adrian.du...@enea.com] > Sent: Monday, June 19, 2017 16:28 > To: Huang, Jie (Jackie); yocto@yoctoproject.org > Subject: Re: [yocto] [meta-cgl][PATCH] pacemaker: update to 1.1.16 > > On fre, 2017-06-09 at 10:59 +0800, jackie.hu...@windriver.com wrote: > > From: Jackie Huang > > > > * update the licenses and checksum > > * fix PN -> BPN for multilib builds > > * add PACKAGECONFIG for systemd and libsmtp > > * add fix for libgnutls > > > > Signed-off-by: Jackie Huang > > --- > > ...006-pacemaker-do-not-use-libgnutls-config.patch | 29 > > ++ > > .../{pacemaker_1.1.15.bb => pacemaker_1.1.16.bb} | 22 +--- > > > > 2 files changed, 42 insertions(+), 9 deletions(-) > > create mode 100755 meta-cgl-common/recipes- > > cgl/pacemaker/pacemaker/0006-pacemaker-do-not-use-libgnutls- > > config.patch > > rename meta-cgl-common/recipes-cgl/pacemaker/{pacemaker_1.1.15.bb => > > pacemaker_1.1.16.bb} (84%) > > > > diff --git a/meta-cgl-common/recipes-cgl/pacemaker/pacemaker/0006- > > pacemaker-do-not-use-libgnutls-config.patch b/meta-cgl- > > common/recipes-cgl/pacemaker/pacemaker/0006-pacemaker-do-not-use- > > libgnutls-config.patch > > new file mode 100755 > > index 000..46e45df > > --- /dev/null > > +++ b/meta-cgl-common/recipes-cgl/pacemaker/pacemaker/0006- > pacemaker- > > do-not-use-libgnutls-config.patch > > @@ -0,0 +1,29 @@ > > +commit bb26b7c290473af988aa9d4132ef55ca907091e6 > > +Author: Joe Slater > > +Date: Mon Mar 11 15:47:54 2013 -0700 > > + > > +pacemaker: do not use libgnutls-config > > + > > +Do not try to use libgnutls-config when configuring. > > +It has been deprecated and we do not supply it. If a > > +host version is found, bad things can happen. > > This code patch needs an Upstream-Status tag. Upstream-Status is added and v2 is sent. Thanks, Jackie > > > + > > +Signed-off-by: Joe Slater > > +Signed-off-by: Jackie Huang > > + > > + > > +--- a/configure.ac > > b/configure.ac > > +@@ -1427,9 +1427,9 @@ dnl > > + AC_CHECK_HEADERS(gnutls/gnutls.h) > > + AC_CHECK_HEADERS(security/pam_appl.h pam/pam_appl.h) > > + > > > > > > > # Don't package some files > > find ${D} -name "*.pyo" -exec rm {} \; > > -- > > 2.11.0 > > > > Otherwise the patch looks good, so please send a v2 and I'll merge it. > > Best regards, > --Adrian -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] [meta-cgl][PATCH 0/4] resource-agents: update to 4.0.1 and several fixes
> -Original Message- > From: Adrian Dudau [mailto:adrian.du...@enea.com] > Sent: Thursday, June 08, 2017 22:32 > To: Huang, Jie (Jackie); yocto@yoctoproject.org > Subject: Re: [yocto] [meta-cgl][PATCH 0/4] resource-agents: update to 4.0.1 > and several fixes > > On fre, 2017-06-02 at 16:21 +0800, jackie.hu...@windriver.com wrote: > > From: Jackie Huang > > > > -- > > The following changes since commit > > c0afa706e9cdb650c0e8bb79f503743632350b00: > > > > core-image-cgl: Remove ROOTFS_PKGMANAGE_BOOTSTRAP (2017-05-24 > > 14:19:13 +0200) > > > > are available in the git repository at: > > > > https://github.com/jackiehjm/meta-cgl.git jhuang0/up_resource- > > agents_170602_0 > > https://github.com//tree/jhuang0/up_resource-agents_170602_0 > > > > Jackie Huang (4): > > resource-agents: fix dependencies > > resource-agents: fix install-sh not found > > resource-agents: fix builds error when S != B > > resource-agents: update to version 4.0.1 > > > > .../resource-agents/fix-install-sh-not-found.patch | 60 > > ++ > > ...uilds-when-srcdir-and-builddir-are-sepera.patch | 39 > > ++ > > ...ce-agents_3.9.7.bb => resource-agents_4.0.1.bb} | 20 ++-- > > 3 files changed, 115 insertions(+), 4 deletions(-) > > create mode 100644 meta-cgl-common/recipes-cgl/cluster-resource- > > agents/resource-agents/fix-install-sh-not-found.patch > > create mode 100644 meta-cgl-common/recipes-cgl/cluster-resource- > > agents/resource-agents/fs.sh-fix-builds-when-srcdir-and-builddir-are- > > sepera.patch > > rename meta-cgl-common/recipes-cgl/cluster-resource- > > agents/{resource-agents_3.9.7.bb => resource-agents_4.0.1.bb} (82%) > > > > -- > > 2.11.0 > > > > Same here, patchset is ok but you need to rebase on top of master > latest. Rebased and re-sent as v2. Thanks, Jackie > > Best regards, > --Adrian -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] [meta-cgl][PATCH] poky-cgl: avoid installing multiple syslogs
> -Original Message- > From: Adrian Dudau [mailto:adrian.du...@enea.com] > Sent: Thursday, June 08, 2017 20:01 > To: Huang, Jie (Jackie); yocto@yoctoproject.org > Subject: Re: [yocto] [meta-cgl][PATCH] poky-cgl: avoid installing multiple > syslogs > > On fre, 2017-06-02 at 15:59 +0800, jackie.hu...@windriver.com wrote: > > From: Jackie Huang > > > > do_rootfs fails if multiple syslogs are installed: > > > > > > Error: package syslog-ng-3.8.1-r0.i586 conflicts with sysklogd > > > provided > > by sysklogd-1.5.1-r0.i586 > > > > core-image-cgl requires packagegroup-core-full-cmdline which depends > > on VIRTUAL-RUNTIME_syslog (default to sysklogd), so set the > > VIRTUAL-RUNTIME_syslog in distro conf and no need to depends > > on any syslog in packagegroup-cgl-applications, then we ensure > > that only one syslog is installed to avoid conflicts. > > > > Signed-off-by: Jackie Huang > > --- > > meta-cgl-common/conf/distro/poky-cgl.conf | 4 > > > > meta-cgl-common/packagegroups/packagegroup-cgl-applications.bb | 2 > > -- > > 2 files changed, 4 insertions(+), 2 deletions(-) > > > > diff --git a/meta-cgl-common/conf/distro/poky-cgl.conf b/meta-cgl- > > common/conf/distro/poky-cgl.conf > > index 90cc82b..69f6200 100644 > > --- a/meta-cgl-common/conf/distro/poky-cgl.conf > > +++ b/meta-cgl-common/conf/distro/poky-cgl.conf > > @@ -5,3 +5,7 @@ DISTRO = "poky-cgl" > > > > IMAGE_CLASSES += "image_types_uboot" > > PREFERRED_PROVIDER_virtual/refpolicy="refpolicy-targeted" > > + > > +# we want to use rsyslog as the default syslog, but it's GPLv3, so > > need this > > +# check to switch to syslog-ng if GLPv3 is blacklisted. > > +VIRTUAL-RUNTIME_syslog ?= "${@bb.utils.contains('INCOMPATIBLE_LICENS > > E', 'GPLv3', 'syslog-ng', 'rsyslog', d)}" > > diff --git a/meta-cgl-common/packagegroups/packagegroup-cgl- > > applications.bb b/meta-cgl-common/packagegroups/packagegroup-cgl- > > applications.bb > > index b566e2d..be36075 100644 > > --- a/meta-cgl-common/packagegroups/packagegroup-cgl-applications.bb > > +++ b/meta-cgl-common/packagegroups/packagegroup-cgl-applications.bb > > @@ -40,7 +40,6 @@ RDEPENDS_${PN} = " \ > > quota \ > > smartmontools \ > > monit \ > > -syslog-ng \ > > ocfs2-tools \ > > logcheck \ > > samhain-client \ > > @@ -48,7 +47,6 @@ RDEPENDS_${PN} = " \ > > audit \ > > pam-passwdqc \ > > libpam \ > > -rsyslog \ > > makedumpfile \ > > " > > > > -- > > 2.11.0 > > > > Patch good but doesn't apply. Please rebase on origin/master and send > again. Rebased and re-sent as v2. Thanks, Jackie > > best regards > --Adrian -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] [meta-security][PATCH 2/2 v3] ecryptfs-utils: add new recipe
Adding the v3 in the subject. > -Original Message- > From: yocto-boun...@yoctoproject.org [mailto:yocto- > boun...@yoctoproject.org] On Behalf Of jackie.hu...@windriver.com > Sent: Wednesday, May 24, 2017 10:23 > To: yocto@yoctoproject.org > Subject: [yocto] [meta-security][PATCH 2/2] ecryptfs-utils: add new recipe > > From: Jackie Huang > > eCryptfs is a stacked cryptographic filesystem that ships > in Linux kernel versions 2.6.19 and above. This package > provides the mount helper and supporting libraries to > perform key management and mount functions. > > Signed-off-by: Jackie Huang > --- > .../ecryptfs-utils/ecryptfs-utils_111.bb | 63 + > .../files/ecryptfs-utils-CVE-2016-6224.patch | 65 > ++ > .../ecryptfs-utils/files/ecryptfs.service | 9 +++ > 3 files changed, 137 insertions(+) > create mode 100644 recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb > create mode 100644 recipes-security/ecryptfs-utils/files/ecryptfs-utils-CVE- > 2016-6224.patch > create mode 100644 recipes-security/ecryptfs-utils/files/ecryptfs.service > > diff --git a/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb b/recipes- > security/ecryptfs-utils/ecryptfs-utils_111.bb > new file mode 100644 > index 000..f55b0c3 > --- /dev/null > +++ b/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb > @@ -0,0 +1,63 @@ > +SUMMARY = "The eCryptfs mount helper and support libraries" > +DESCRIPTION = "eCryptfs is a stacked cryptographic filesystem \ > +that ships in Linux kernel versions 2.6.19 and above. This \ > +package provides the mount helper and supporting libraries \ > +to perform key management and mount functions." > +HOMEPAGE = "https://launchpad.net/ecryptfs"; > +SECTION = "base" > + > +LICENSE = "GPL-2.0" > +LIC_FILES_CHKSUM = > "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b" > + > +DEPENDS = "keyutils libgcrypt intltool-native glib-2.0-native" > + > +SRC_URI = "\ > + > https://launchpad.net/ecryptfs/trunk/${PV}/+download/${BPN}_${PV}.orig.tar. > gz \ > +file://ecryptfs-utils-CVE-2016-6224.patch \ > +file://ecryptfs.service \ > +" > + > +SRC_URI[md5sum] = "83513228984f671930752c3518cac6fd" > +SRC_URI[sha256sum] = > "112cb3e37e81a1ecd8e39516725dec0ce55c5f3df6284e0f4cc0f118750a987f" > + > +inherit autotools pkgconfig systemd > + > +SYSTEMD_PACKAGES = "${PN}" > +SYSTEMD_SERVICE_${PN} = "ecryptfs.service" > + > +EXTRA_OECONF = "\ > +--libdir=${base_libdir} \ > +--disable-pywrap \ > +--disable-nls \ > +" > + > +PACKAGECONFIG ??= "nss \ > +${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \ > +" > +PACKAGECONFIG[nss] = "--enable-nss,--disable-nss,nss," > +PACKAGECONFIG[openssl] = "--enable-openssl,--disable-openssl,openssl," > +PACKAGECONFIG[pam] = "--enable-pam,--disable-pam,libpam," > + > +do_configure_prepend() { > +export NSS_CFLAGS="-I${STAGING_INCDIR}/nspr4 - > I${STAGING_INCDIR}/nss3" > +export NSS_LIBS="-L${STAGING_BASELIBDIR} -lssl3 -lsmime3 -lnss3 - > lsoftokn3 -lnssutil3" > +export KEYUTILS_CFLAGS="-I${STAGING_INCDIR}" > +export KEYUTILS_LIBS="-L${STAGING_LIBDIR} -lkeyutils" > +} > + > +do_install_append() { > +chmod 4755 ${D}${base_sbindir}/mount.ecryptfs_private > +mkdir -p ${D}/${libdir} > +mv ${D}/${base_libdir}/pkgconfig ${D}/${libdir} > +sed -i -e 's:-I${STAGING_INCDIR}::' \ > + -e 's:-L${STAGING_LIBDIR}::' > ${D}/${libdir}/pkgconfig/libecryptfs.pc > +sed -i -e "s: ${base_sbindir}/cryptsetup: ${sbindir}/cryptsetup:" > ${D}${bindir}/ecryptfs-setup-swap > +if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; > then > +install -D -m 0644 ${WORKDIR}/ecryptfs.service > ${D}${systemd_system_unitdir}/ecryptfs.service > +fi > +} > + > +FILES_${PN} += "${base_libdir}/security/* ${base_libdir}/ecryptfs/*" > + > +RDEPENDS_${PN} += "cryptsetup" > +RRECOMMENDS_${PN} = "gettext-runtime" > diff --git a/recipes-security/ecryptfs-utils/files/ecryptfs-utils-CVE-2016- > 6224.patch b/recipes-security/ecryptfs-utils/files/ecryptfs-utils-CVE-2016- > 6224.patch > new file mode 100644 > index 000..4252f97 > --- /dev/null > +++ b/recipes-security/ecryptfs-utils/files/ecryptfs-utils-CVE-2016-6224.patch > @@ -0,0 +1,65 @@ > +From 558a513ba3100ea5190de1a24cf1fed663367765 Mon Sep 17 00:00:00 > 2001 > +From: Li Zhou > +Date: Mon, 5 Sep 2016 10:28:08 +0800 > +Subject: [PATCH] ecryptfs-utils: CVE-2016-6224 > + > +src/utils/ecryptfs-setup-swap: Prevent unencrypted swap partitions from > +being automatically enabled by systemd. This bug affected GPT partitioned > +NVMe/MMC drives and resulted in the swap partition being used without > +encryption. It also resulted in a usability issue in that users were > +erroneously prompted to enter a pass-phrase to unlock their swap partition > +at boot. (LP: #1597154) > + > +the patch comes from: > +https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6224 > +https://baza
Re: [yocto] [meta-security][PATCH 2/2 v2] ecryptfs-utils: add new recipe
> -Original Message- > From: Khem Raj [mailto:raj.k...@gmail.com] > Sent: Tuesday, May 23, 2017 22:53 > To: Huang, Jie (Jackie) > Cc: yocto@yoctoproject.org > Subject: Re: [yocto] [meta-security][PATCH 2/2 v2] ecryptfs-utils: add new > recipe > > On Mon, May 22, 2017 at 10:30 PM, wrote: > > +install -d ${D}${systemd_system_unitdir} > > +install -m 0644 ${WORKDIR}/ecryptfs.service > ${D}${systemd_system_unitdir} > > you could squash above into install -D -m 0644 > ${WORKDIR}/ecryptfs.service > ${D}${systemd_system_unitdir}/ecryptfs.service Ok, I will change and send v3 for this, thanks! Thanks, Jackie -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] [meta-security][PATCH 2/2] ecryptfs-utils: add new recipe
Hi Martin, Thanks for the reference, but the one in meta-ivi is an older version and also has the same pam issue, I will fix it with PACKAGECONFIG and DISTRO_FEATURES check for PAM, and also add the systemd support. Thanks, Jackie From: Martin Jansa [mailto:martin.ja...@gmail.com] Sent: Friday, May 19, 2017 23:27 To: Huang, Jie (Jackie) Cc: akuster808; yocto@yoctoproject.org Subject: Re: [yocto] [meta-security][PATCH 2/2] ecryptfs-utils: add new recipe How does this one relate to: http://git.yoctoproject.org/cgit/cgit.cgi/meta-ivi/tree/meta-ivi/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils_106.bb?h=master the later has also support for systemd, not sure if it has the issue with pam or not. On Fri, May 19, 2017 at 4:56 PM, Huang, Jie (Jackie) mailto:jackie.hu...@windriver.com>> wrote: > -Original Message- > From: akuster808 [mailto:akuster...@gmail.com<mailto:akuster...@gmail.com>] > Sent: Friday, May 19, 2017 22:50 > To: Huang, Jie (Jackie); yocto@yoctoproject.org<mailto:yocto@yoctoproject.org> > Subject: Re: [yocto] [meta-security][PATCH 2/2] ecryptfs-utils: add new recipe > > > > On 05/17/2017 12:56 AM, > jackie.hu...@windriver.com<mailto:jackie.hu...@windriver.com> wrote: > > From: Jackie Huang > > mailto:jackie.hu...@windriver.com>> > > > > eCryptfs is a stacked cryptographic filesystem that ships > > in Linux kernel versions 2.6.19 and above. This package > > provides the mount helper and supporting libraries to > > perform key management and mount functions. > > > > Signed-off-by: Jackie Huang > > mailto:jackie.hu...@windriver.com>> > > This has the following warning: > WARNING: libpam-1.3.0-r5 do_pam_sanity: Building libpam but 'pam' isn't > in DISTRO_FEATURES, PAM won't work correctly > > I noticed this package has the ability to disable-pam so maybe > PACKAGECONFIG with the DISTRO_FEATURES check for PAM would be > applicable > in this case? > > please investigate. I will investigate and fix the warning. Thanks, Jackie > > everything else looks fine for inclusion to meta-security. > > regards, > Armin > > > --- > > .../ecryptfs-utils/ecryptfs-utils_111.bb<http://ecryptfs-utils_111.bb> > >| 52 + > > .../files/ecryptfs-utils-CVE-2016-6224.patch | 65 > ++ > > 2 files changed, 117 insertions(+) > > create mode 100644 > > recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb<http://ecryptfs-utils_111.bb> > > create mode 100644 > > recipes-security/ecryptfs-utils/files/ecryptfs-utils-CVE- > 2016-6224.patch > > > > diff --git > > a/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb<http://ecryptfs-utils_111.bb> > > b/recipes- > security/ecryptfs-utils/ecryptfs-utils_111.bb<http://ecryptfs-utils_111.bb> > > new file mode 100644 > > index 000..49c2605 > > --- /dev/null > > +++ > > b/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb<http://ecryptfs-utils_111.bb> > > @@ -0,0 +1,52 @@ > > +SUMMARY = "The eCryptfs mount helper and support libraries" > > +DESCRIPTION = "eCryptfs is a stacked cryptographic filesystem \ > > +that ships in Linux kernel versions 2.6.19 and above. This \ > > +package provides the mount helper and supporting libraries \ > > +to perform key management and mount functions." > > +HOMEPAGE = "https://launchpad.net/ecryptfs"; > > +SECTION = "base" > > + > > +LICENSE = "GPL-2.0" > > +LIC_FILES_CHKSUM = > "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b" > > + > > +DEPENDS = "keyutils libgcrypt libpam nss intltool-native glib-2.0-native" > > + > > +inherit autotools pkgconfig > > + > > +SRC_URI = "\ > > + > https://launchpad.net/ecryptfs/trunk/${PV}/+download/${BPN}_${PV}.orig.tar<https://launchpad.net/ecryptfs/trunk/$%7bPV%7d/+download/$%7bBPN%7d_$%7bPV%7d.orig.tar>. > gz \ > > + > > file://ecryptfs-utils-CVE-2016-6224.patch > > \ > > +" > > + > > +SRC_URI[md5sum] = "83513228984f671930752c3518cac6fd" > > +SRC_URI[sha256sum] = > "112cb3e37e81a1ecd8e39516725dec0ce55c5f3df6284e0f4cc0f118750a987f" > > + > > +PARALLEL_MAKEINST="" > > + > > +EXTRA_OECONF = "\ > > +--libdir=${base_libdir} \ > > +--disable-pywrap \ > > +--disable-nls \ > > +--enable-openssl=no \ > > +" > > + > > +do_configure_prepend() { > > +export NSS_CFLAGS="-I
Re: [yocto] [meta-security][PATCH 2/2] ecryptfs-utils: add new recipe
> -Original Message- > From: akuster808 [mailto:akuster...@gmail.com] > Sent: Friday, May 19, 2017 22:50 > To: Huang, Jie (Jackie); yocto@yoctoproject.org > Subject: Re: [yocto] [meta-security][PATCH 2/2] ecryptfs-utils: add new recipe > > > > On 05/17/2017 12:56 AM, jackie.hu...@windriver.com wrote: > > From: Jackie Huang > > > > eCryptfs is a stacked cryptographic filesystem that ships > > in Linux kernel versions 2.6.19 and above. This package > > provides the mount helper and supporting libraries to > > perform key management and mount functions. > > > > Signed-off-by: Jackie Huang > > This has the following warning: > WARNING: libpam-1.3.0-r5 do_pam_sanity: Building libpam but 'pam' isn't > in DISTRO_FEATURES, PAM won't work correctly > > I noticed this package has the ability to disable-pam so maybe > PACKAGECONFIG with the DISTRO_FEATURES check for PAM would be > applicable > in this case? > > please investigate. I will investigate and fix the warning. Thanks, Jackie > > everything else looks fine for inclusion to meta-security. > > regards, > Armin > > > --- > > .../ecryptfs-utils/ecryptfs-utils_111.bb | 52 + > > .../files/ecryptfs-utils-CVE-2016-6224.patch | 65 > ++ > > 2 files changed, 117 insertions(+) > > create mode 100644 recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb > > create mode 100644 > > recipes-security/ecryptfs-utils/files/ecryptfs-utils-CVE- > 2016-6224.patch > > > > diff --git a/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb > > b/recipes- > security/ecryptfs-utils/ecryptfs-utils_111.bb > > new file mode 100644 > > index 000..49c2605 > > --- /dev/null > > +++ b/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb > > @@ -0,0 +1,52 @@ > > +SUMMARY = "The eCryptfs mount helper and support libraries" > > +DESCRIPTION = "eCryptfs is a stacked cryptographic filesystem \ > > +that ships in Linux kernel versions 2.6.19 and above. This \ > > +package provides the mount helper and supporting libraries \ > > +to perform key management and mount functions." > > +HOMEPAGE = "https://launchpad.net/ecryptfs"; > > +SECTION = "base" > > + > > +LICENSE = "GPL-2.0" > > +LIC_FILES_CHKSUM = > "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b" > > + > > +DEPENDS = "keyutils libgcrypt libpam nss intltool-native glib-2.0-native" > > + > > +inherit autotools pkgconfig > > + > > +SRC_URI = "\ > > + > https://launchpad.net/ecryptfs/trunk/${PV}/+download/${BPN}_${PV}.orig.tar. > gz \ > > +file://ecryptfs-utils-CVE-2016-6224.patch \ > > +" > > + > > +SRC_URI[md5sum] = "83513228984f671930752c3518cac6fd" > > +SRC_URI[sha256sum] = > "112cb3e37e81a1ecd8e39516725dec0ce55c5f3df6284e0f4cc0f118750a987f" > > + > > +PARALLEL_MAKEINST="" > > + > > +EXTRA_OECONF = "\ > > +--libdir=${base_libdir} \ > > +--disable-pywrap \ > > +--disable-nls \ > > +--enable-openssl=no \ > > +" > > + > > +do_configure_prepend() { > > +export NSS_CFLAGS="-I${STAGING_INCDIR}/nspr4 - > I${STAGING_INCDIR}/nss3" > > +export NSS_LIBS="-L${STAGING_BASELIBDIR} -lssl3 -lsmime3 -lnss3 - > lsoftokn3 -lnssutil3" > > +export KEYUTILS_CFLAGS="-I${STAGING_INCDIR}" > > +export KEYUTILS_LIBS="-L${STAGING_LIBDIR} -lkeyutils" > > +} > > + > > +do_install_append() { > > +chmod 4755 ${D}${base_sbindir}/mount.ecryptfs_private > > +mkdir -p ${D}/${libdir} > > +mv ${D}/${base_libdir}/pkgconfig ${D}/${libdir} > > +sed -i -e 's:-I${STAGING_INCDIR}::' \ > > + -e 's:-L${STAGING_LIBDIR}::' > > ${D}/${libdir}/pkgconfig/libecryptfs.pc > > +sed -i -e "s: ${base_sbindir}/cryptsetup: ${sbindir}/cryptsetup:" > ${D}${bindir}/ecryptfs-setup-swap > > +} > > + > > +FILES_${PN} += "${base_libdir}/security/* ${base_libdir}/ecryptfs/*" > > + > > +RDEPENDS_${PN} += "cryptsetup" > > +RRECOMMENDS_${PN} = "gettext-runtime" > > diff --git a/recipes-security/ecryptfs-utils/files/ecryptfs-utils-CVE-2016- > 6224.patch b/recipes-security/ecryptfs-utils/files/ecryptfs-utils-CVE-2016- > 6224.patch > > new file mode 100644 > > index 000..4252f97 > > --- /dev/nul
Re: [yocto] [meta-selinux][PATCH] systemd: no need to inherit enable-selinux
> -Original Message- > From: Joe MacDonald [mailto:joe_macdon...@mentor.com] > Sent: Tuesday, May 16, 2017 19:55 > To: Huang, Jie (Jackie) > Cc: yocto@yoctoproject.org > Subject: Re: [yocto] [meta-selinux][PATCH] systemd: no need to inherit enable- > selinux > > [RE: [yocto] [meta-selinux][PATCH] systemd: no need to inherit enable-selinux] > On 17.05.08 (Mon 01:40) Huang, Jie (Jackie) wrote: > > > > > > > > -Original Message- > > > From: Joe MacDonald [mailto:joe_macdon...@mentor.com] > > > Sent: Tuesday, May 02, 2017 21:14 > > > To: Huang, Jie (Jackie) > > > Cc: yocto@yoctoproject.org > > > Subject: Re: [yocto] [meta-selinux][PATCH] systemd: no need to inherit > enable- > > > selinux > > > > > > [[yocto] [meta-selinux][PATCH] systemd: no need to inherit enable-selinux] > On > > > 17.02.22 (Wed 14:44) jackie.hu...@windriver.com wrote: > > > > > > > From: Jackie Huang > > > > > > > > The selinux PACKAGECONFIG is properly handled in > > > > the recipe in oe-core, no need to inherit the > > > > enable-selinux bbclass. > > > > > > That might be true, but other than belt-and-suspenders, what's the > > > harm in this being in the recipe? I don't necessarily think it's an > > > invalid change but my quick count shows ~44 instances of 'inherit > > > enable-selinux' and 'inherit with-selinux' in meta-selinux, why's this > > > one significant? > > > > That's because I have a patch to change the PACKAGECONFIG for selinux > > in oe-core to fix a dependency issue: > > > > -PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux" > > +PACKAGECONFIG[selinux] = "--enable-selinux,--disable- > selinux,libselinux,initscripts-sushell" > > > > But it would be overrode by the one in enable-selinux.bbclass: > > $ grep PACKAGECONFIG enable-selinux.bbclass > > PACKAGECONFIG_append = " ${@target_selinux(d)}" > > PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux," > > > > So I need to remove the inherit here in meta-selinux. > > Sorry, this fell between the cracks. > > So, let me make sure I understand what you're saying. This oe-core > commit: > > commit 1881c5e0c426a193630e5eed5b629b69ff3741d5 > Author: Kai Kang > Date: Wed Jul 8 14:26:01 2015 +0800 > > systemd: add PACKAGECONFIG selinux > > Add PACKAGECONFIG 'selinux' for systemd. debug-shell.service starts > different shell according whether selinux is enabled. > > (From OE-Core rev: 3d1aa27191fe4c21428eaf4ae036acb1496b7df7) > > Signed-off-by: Kai Kang > Signed-off-by: Richard Purdie > > conflicts with the --enable/--disable settings in meta-selinux and you > want to remove the setting in meta-selinux? Again, I don't specifically > object to this, but I'd like to understand the why of it. Is there a > valid scenario to include meta-selinux in your project but have selinux > disabled? If so, I would think the settings in meta-selinux should The conflicts is not the --enable/--disable settings, it's the dependency: oe-core: PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux,initscripts-sushell" meta-selinux: PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux," There is an extra runtime dependency on initscripts-sushell (which is reauired by debug-shell.service), so if inheriting the enable-selinux in meta-selinux, the selinux will still be enabled, but the dependency on initscripts-sushell will be lost. > still take precedence. Otherwise, I'm confused why the other 40-ish Others don't have the extra dependency, the setting in oe-core and meta-selinux are the same(at least for now), so others aren't covered. Thanks, Jackie > cases aren't also covered. I haven't investigated, but are all the > others in non-oe-core layers, maybe? > > Thanks, > -J. > > > > > Thanks, > > Jackie > > > > > > > > -J. > > > > > > > > > > > Signed-off-by: Jackie Huang > > > > --- > > > > recipes-core/systemd/systemd_%.bbappend | 1 - > > > > 1 file changed, 1 deletion(-) > > > > > > > > diff --git a/recipes-core/systemd/systemd_%.bbappend b/recipes- > > > core/systemd/systemd_%.bbappend > > > > index 8d9029b..f1bdaf8 100644 > > > > --- a/recipes-core/systemd/systemd_%.bbappend > > > > +++ b/recipes-core/systemd/systemd_%.bbappend > > > > @@ -1,2 +1 @@ > > > > inherit enable-audit > > > > -inherit enable-selinux > > > > -- > > > > 2.8.3 > > > > > > > -- > > > -Joe MacDonald. > > > :wq > > -- > -Joe MacDonald. > :wq -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] [meta-selinux][PATCH] systemd: no need to inherit enable-selinux
> -Original Message- > From: Joe MacDonald [mailto:joe_macdon...@mentor.com] > Sent: Tuesday, May 02, 2017 21:14 > To: Huang, Jie (Jackie) > Cc: yocto@yoctoproject.org > Subject: Re: [yocto] [meta-selinux][PATCH] systemd: no need to inherit enable- > selinux > > [[yocto] [meta-selinux][PATCH] systemd: no need to inherit enable-selinux] On > 17.02.22 (Wed 14:44) jackie.hu...@windriver.com wrote: > > > From: Jackie Huang > > > > The selinux PACKAGECONFIG is properly handled in > > the recipe in oe-core, no need to inherit the > > enable-selinux bbclass. > > That might be true, but other than belt-and-suspenders, what's the > harm in this being in the recipe? I don't necessarily think it's an > invalid change but my quick count shows ~44 instances of 'inherit > enable-selinux' and 'inherit with-selinux' in meta-selinux, why's this > one significant? That's because I have a patch to change the PACKAGECONFIG for selinux in oe-core to fix a dependency issue: -PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux" +PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux,initscripts-sushell" But it would be overrode by the one in enable-selinux.bbclass: $ grep PACKAGECONFIG enable-selinux.bbclass PACKAGECONFIG_append = " ${@target_selinux(d)}" PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux," So I need to remove the inherit here in meta-selinux. Thanks, Jackie > > -J. > > > > > Signed-off-by: Jackie Huang > > --- > > recipes-core/systemd/systemd_%.bbappend | 1 - > > 1 file changed, 1 deletion(-) > > > > diff --git a/recipes-core/systemd/systemd_%.bbappend b/recipes- > core/systemd/systemd_%.bbappend > > index 8d9029b..f1bdaf8 100644 > > --- a/recipes-core/systemd/systemd_%.bbappend > > +++ b/recipes-core/systemd/systemd_%.bbappend > > @@ -1,2 +1 @@ > > inherit enable-audit > > -inherit enable-selinux > > -- > > 2.8.3 > > > -- > -Joe MacDonald. > :wq -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] [meta-selinux][PATCH] systemd: no need to inherit enable-selinux
Ping. > -Original Message- > From: yocto-boun...@yoctoproject.org [mailto:yocto- > boun...@yoctoproject.org] On Behalf Of jackie.hu...@windriver.com > Sent: Wednesday, February 22, 2017 14:45 > To: yocto@yoctoproject.org > Subject: [yocto] [meta-selinux][PATCH] systemd: no need to inherit enable- > selinux > > From: Jackie Huang > > The selinux PACKAGECONFIG is properly handled in > the recipe in oe-core, no need to inherit the > enable-selinux bbclass. > > Signed-off-by: Jackie Huang > --- > recipes-core/systemd/systemd_%.bbappend | 1 - > 1 file changed, 1 deletion(-) > > diff --git a/recipes-core/systemd/systemd_%.bbappend b/recipes- > core/systemd/systemd_%.bbappend > index 8d9029b..f1bdaf8 100644 > --- a/recipes-core/systemd/systemd_%.bbappend > +++ b/recipes-core/systemd/systemd_%.bbappend > @@ -1,2 +1 @@ > inherit enable-audit > -inherit enable-selinux > -- > 2.8.3 > > -- > ___ > yocto mailing list > yocto@yoctoproject.org > https://lists.yoctoproject.org/listinfo/yocto -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] [meta-selinux][PATCHv2 6/8] e2fsprogs: Copy xattr block from source file.
> -Original Message- > From: Philip Tricca [mailto:fl...@twobit.us] > Sent: Monday, August 24, 2015 6:25 AM > To: Huang, Jie (Jackie) > Cc: yocto@yoctoproject.org > Subject: Re: [yocto] [meta-selinux][PATCHv2 6/8] e2fsprogs: Copy xattr block > from source file. > > Hello Jackie, > > On 08/20/2015 11:25 PM, Huang, Jie (Jackie) wrote: > >> -Original Message- > >> From: yocto-boun...@yoctoproject.org > >> [mailto:yocto-boun...@yoctoproject.org] On Behalf Of Philip Tricca > >> Sent: Thursday, June 18, 2015 6:31 AM > >> To: yocto@yoctoproject.org > >> Subject: [yocto] [meta-selinux][PATCHv2 6/8] e2fsprogs: Copy xattr block > >> from source file. > >> > >> Signed-off-by: Philip Tricca > >> --- > >> .../e2fsprogs/misc-xattr-create-xattr-block.patch | 341 > >> + > >> .../e2fsprogs/e2fsprogs_1.42.9.bbappend| 1 + > >> 2 files changed, 342 insertions(+) > >> create mode 100644 > >> recipes-devtools/e2fsprogs/e2fsprogs/misc-xattr-create-xattr-block.pa > >> tch > >> > >> diff --git > >> a/recipes-devtools/e2fsprogs/e2fsprogs/misc-xattr-create-xattr-block. > >> patch b/recipes- > >> devtools/e2fsprogs/e2fsprogs/misc-xattr-create-xattr-block.patch > >> new file mode 100644 > >> index 000..5955b44 > >> --- /dev/null > >> +++ b/recipes-devtools/e2fsprogs/e2fsprogs/misc-xattr-create-xattr-bl > >> +++ ock > >> +++ .patch > >> @@ -0,0 +1,341 @@ > >> +To build the xattr disk block we process the output from listxattr > >> +and lgetxattr from the source file system object. This data is > >> +formated in a disk block according to the format specified in the kernel > >> ext2 file system driver. > >> +See the comment block at the beginning of fs/ext2/xattr.c for details. > >> + > >> +Currently we only process attributes with the 'security.' prefix as > >> +our use case is SELinux labels and IMA. Additional prefixes can > >> +likely be supported with minimal effort but none have been tested. > >> + > >> +Once the xattr block has been created it is written to disk. The > >> +xattr block is associated with the appropriate file system object > >> +through the i_file_acl inode member and the inode is updated on disk. > >> + > >> +Signed-off-by: Philip Tricca > >> + > >> +Index: e2fsprogs-1.42.9/misc/xattr.c > >> +=== > >> +--- e2fsprogs-1.42.9.orig/misc/xattr.c > >> e2fsprogs-1.42.9/misc/xattr.c > >> +@@ -1,6 +1,23 @@ > >> + #include "xattr.h" > >> + > >> ++#include > >> ++#include > >> ++#include > >> ++#include > >> ++#include > >> ++#include > >> + #include > >> ++#include > >> ++#include > >> ++#include > >> ++#include > >> ++#include > >> ++ > >> ++#define MIN(X, Y) (((X) < (Y)) ? (X) : (Y)) #define HEADER(ptr) > >> ++((struct ext2_ext_attr_header *)(ptr)) #define ENTRY(ptr) ((struct > >> ++ext2_ext_attr_entry *)(ptr)) #define FIRST_ENTRY(ptr) > >> ++ENTRY(HEADER(ptr) + 1) #define VALUE(hdr, ent) (((char*)hdr) + > >> ++(ent->e_value_offs)) > >> + > >> + #ifdef XATTR_DEBUG > >> + #define XATTR_STDERR(fmt, args...) fprintf (stderr, fmt, ##args) @@ > >> +-8,6 +25,28 @@ #define XATTR_STDERR(fmt, args...) do {} while (0) > >> +#endif > >> + > >> ++/* structure for mapping xattr name prefix data */ typedef struct > >> ++xattr_prefix { > >> ++ int index; > >> ++ char *name; > >> ++ size_t length; > >> ++} xattr_prefix_t; > >> ++ > >> ++xattr_prefix_t xattr_prefixes [] = { > >> ++/* Only interested in security prefix. Can support others though. > >> ++ { > >> ++ .index = EXT2_XATTR_INDEX_USER, > >> ++ .name = XATTR_USER_PREFIX, > >> ++ .length = XATTR_USER_PREFIX_LEN, > >> ++ }, > >> ++*/ > >> ++ { > >> ++ .index = EXT2_XATTR_INDEX_SECURITY, > >> ++ .name = XATTR_SECURITY_PREFIX, > >> ++ .length = XATTR_SECURITY_PREFIX_LEN, > > > > Hi Philip, > > > > This cause build errors on some host OS when building e2fsprogs-native: > > > > | > > /build/yp/y_x64_150821/tmp/work/x86_64-linux/e2fsprogs-native/1.4
Re: [yocto] [meta-selinux][PATCHv2 6/8] e2fsprogs: Copy xattr block from source file.
> -Original Message- > From: yocto-boun...@yoctoproject.org [mailto:yocto-boun...@yoctoproject.org] > On Behalf Of Philip > Tricca > Sent: Thursday, June 18, 2015 6:31 AM > To: yocto@yoctoproject.org > Subject: [yocto] [meta-selinux][PATCHv2 6/8] e2fsprogs: Copy xattr block from > source file. > > Signed-off-by: Philip Tricca > --- > .../e2fsprogs/misc-xattr-create-xattr-block.patch | 341 > + > .../e2fsprogs/e2fsprogs_1.42.9.bbappend| 1 + > 2 files changed, 342 insertions(+) > create mode 100644 > recipes-devtools/e2fsprogs/e2fsprogs/misc-xattr-create-xattr-block.patch > > diff --git > a/recipes-devtools/e2fsprogs/e2fsprogs/misc-xattr-create-xattr-block.patch > b/recipes- > devtools/e2fsprogs/e2fsprogs/misc-xattr-create-xattr-block.patch > new file mode 100644 > index 000..5955b44 > --- /dev/null > +++ b/recipes-devtools/e2fsprogs/e2fsprogs/misc-xattr-create-xattr-block > +++ .patch > @@ -0,0 +1,341 @@ > +To build the xattr disk block we process the output from listxattr and > +lgetxattr from the source file system object. This data is formated in > +a disk block according to the format specified in the kernel ext2 file > system driver. > +See the comment block at the beginning of fs/ext2/xattr.c for details. > + > +Currently we only process attributes with the 'security.' prefix as our > +use case is SELinux labels and IMA. Additional prefixes can likely be > +supported with minimal effort but none have been tested. > + > +Once the xattr block has been created it is written to disk. The xattr > +block is associated with the appropriate file system object through the > +i_file_acl inode member and the inode is updated on disk. > + > +Signed-off-by: Philip Tricca > + > +Index: e2fsprogs-1.42.9/misc/xattr.c > +=== > +--- e2fsprogs-1.42.9.orig/misc/xattr.c > e2fsprogs-1.42.9/misc/xattr.c > +@@ -1,6 +1,23 @@ > + #include "xattr.h" > + > ++#include > ++#include > ++#include > ++#include > ++#include > ++#include > + #include > ++#include > ++#include > ++#include > ++#include > ++#include > ++ > ++#define MIN(X, Y) (((X) < (Y)) ? (X) : (Y)) #define HEADER(ptr) > ++((struct ext2_ext_attr_header *)(ptr)) #define ENTRY(ptr) ((struct > ++ext2_ext_attr_entry *)(ptr)) #define FIRST_ENTRY(ptr) > ++ENTRY(HEADER(ptr) + 1) #define VALUE(hdr, ent) (((char*)hdr) + > ++(ent->e_value_offs)) > + > + #ifdef XATTR_DEBUG > + #define XATTR_STDERR(fmt, args...) fprintf (stderr, fmt, ##args) @@ > +-8,6 +25,28 @@ #define XATTR_STDERR(fmt, args...) do {} while (0) > +#endif > + > ++/* structure for mapping xattr name prefix data */ typedef struct > ++xattr_prefix { > ++int index; > ++char *name; > ++size_t length; > ++} xattr_prefix_t; > ++ > ++xattr_prefix_t xattr_prefixes [] = { > ++/* Only interested in security prefix. Can support others though. > ++{ > ++.index = EXT2_XATTR_INDEX_USER, > ++.name = XATTR_USER_PREFIX, > ++.length = XATTR_USER_PREFIX_LEN, > ++}, > ++*/ > ++{ > ++.index = EXT2_XATTR_INDEX_SECURITY, > ++.name = XATTR_SECURITY_PREFIX, > ++.length = XATTR_SECURITY_PREFIX_LEN, Hi Philip, This cause build errors on some host OS when building e2fsprogs-native: | /build/yp/y_x64_150821/tmp/work/x86_64-linux/e2fsprogs-native/1.42.9-r0/e2fsprogs-1.42.9/debugfs/../misc/xattr.c:62:11: error: 'XATTR_SECURITY_PREFIX' undeclared here (not in a function) |.name = XATTR_SECURITY_PREFIX, |^ | /build/yp/y_x64_150821/tmp/work/x86_64-linux/e2fsprogs-native/1.42.9-r0/e2fsprogs-1.42.9/debugfs/../misc/xattr.c:63:13: error: 'XATTR_SECURITY_PREFIX_LEN' undeclared here (not in a function) |.length = XATTR_SECURITY_PREFIX_LEN, | ^ I did some investigate and found that your patch needs the header linux/xattr.h, which is provided by linux-libc-headers, but for -native package, there is no linux-libc-headers-native, so it search the one from host OS, but the problem is, there is no XATTR_SECURITY_PREFIX definition in the linux/xattr.h on some host OS like: SUSE 11.x, centos 6, etc. I'm not sure if your patch is really needed by the e2fsprogs-native, if not, I think we can make this patch only apply for target package. If yes, you may need to make it avoid the dependency on host's header or you may have a better idea about this. Thanks, Jackie > ++}, > ++{ 0 }, > ++}; > + > + /* Free remaining resources after all files have been processed. */ > +void @@ -16,6 +55,211 @@ xattr_cleanup () > + XATTR_STDERR ("Cleaning up resources from xattrs.\n"); } > + > ++/* Get value for named xattr from file at path. > ++ * Returns pointer to allocated block for value and length in length param. > ++ * If no value, return NULL pointer and length of 0. > ++ * On error return NULL pointer and length set to -1. > ++ */ > ++static char* > ++xattr_get_value (const char
Re: [yocto] [meta-realtime][PATCH] meta-realtime: Add LAYERVERSION and LAYERDEPENDS
> -Original Message- > From: Bruce Ashfield [mailto:bruce.ashfi...@windriver.com] > Sent: Wednesday, December 03, 2014 12:17 PM > To: Huang, Jie (Jackie); yocto@yoctoproject.org > Subject: Re: [yocto] [meta-realtime][PATCH] meta-realtime: Add LAYERVERSION > and LAYERDEPENDS > > On 2014-12-02, 9:18 PM, jackie.hu...@windriver.com wrote: > > From: Jackie Huang > > I happened to notice this and have grabbed the change. But make sure > your workflow adds maintainers to the cc on patches, otherwise you > can't blame anyone if they are missed/dropped. Sorry, I will add maintainers next time. Thanks, Jackie > > Bruce > > > > > According to README, it depends on oe-core layer > > > > Signed-off-by: Jackie Huang > > --- > > conf/layer.conf |6 ++ > > 1 files changed, 6 insertions(+), 0 deletions(-) > > > > diff --git a/conf/layer.conf b/conf/layer.conf > > index 5a5c460..473158e 100644 > > --- a/conf/layer.conf > > +++ b/conf/layer.conf > > @@ -11,3 +11,9 @@ BBFILE_PRIORITY_realtime = "5" > > > > # Additional license directories. > > # LICENSE_PATH += "${LAYERDIR}/custom-licenses" > > + > > +# This should only be incremented on significant changes that will > > +# cause compatibility issues with other layers > > +LAYERVERSION_realtime = "1" > > + > > +LAYERDEPENDS_realtime = "core" > > -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto