"Dan McGregor" writes:
> Add support for the nfsv4 user ID mapping daemon, configured with
> a sensible default, and add a packageconfig for Kerberos support.
>
> This is reasonably tested in production in our environment, but only
> systemd support. There'll be some more work to do to get
From: Enrico Scholz
Calling 'useradd' through pseudo on (at least) Ubuntu 20 creates
filesystem objects (.bashrc, .profile) with invalid attributes. It
manifests as
| tar: ./home/.../.bashrc: Unknown file type; file ignored
or
| Copying files into the device: __populate_fs: ignoring entry
Enrico Scholz writes:
> 4.14.2/shadow-4.14.2/lib/copydir.c
>
> | 443 if (fstatat(dst->dirfd, dst->name, , AT_SYMLINK_NOFOLLOW) !=
> -1) {
> | return 0;
> | }
Bug in shadow-utils; when fstatat() fails, content of 'sb' will still be
used.
Enrico Scholz writes:
> Seen on scarthgap bc793fa9d1fe24c102d91e97b7002b6e637cbfa5 and it seems
> to be very reproducible (both the failure on ubuntu-20.04 and the success
> on fedora-39).
Can be reproduced manually by setting the PSEUDO environment and
invoking
| pseudo useradd -R
Hello,
with ubuntu-20.04 based builders I get problems like
| DEBUG: Executing shell function do_image_tar
| tar: ./home/.../.bashrc: Unknown file type; file ignored
| tar: Exiting with failure status due to previous errors
| WARNING: exit code 1 from a shell command.
| NOTE: recipe
Richard Purdie writes:
> Some further related warnings:
>
> https://autobuilder.yoctoproject.org/typhoon/#/builders/23/builds/9031/steps/11/logs/warnins
| stdio: WARNING: Nothing RPROVIDES 'nativesdk-openssh-config' ...
ok
I will reduce dependency from
|-RRECOMMENDS:${PN} += "openssh-config"
Richard Purdie writes:
> Thanks for sending this. I suspect something like this might be
> desirable however unfortunately the timing is a little tricky as we're
> just past the feature freeze point for 5.0.
ok; my fault. I delayed it too much.
Would it be possible to communicate such
Alexander Kanavin writes:
> Why is the patch inappropriate for upstream submission? To me it looks
> like it should be at least proposed.
>
> ++Include /etc/ssh/sshd_config.d/*.conf
Underlying feature exists for 4 years and nearly every major linux
distribution (including OE) has such a line.
From: Enrico Scholz
Instead of shipping the whole configuration files for openssh, add
small patch includes configuration snippets from subdirectories.
This allows us to keep the original upstream configuration which is
mainly useful for documentation purposes. It makes it more easy to
From: Enrico Scholz
Instead of shipping the whole configuration files for openssh, add
small patch includes configuration snippets from subdirectories.
This allows us to keep the original upstream configuration which is
mainly useful for documentation purposes. It makes it more easy to
patcht...@automation.yoctoproject.org writes:
> FAIL: test lic files chksum modified not mentioned: LIC_FILES_CHKSUM changed
> without "License-Update:" tag and description in commit message
> (test_metadata.TestMetadata.test_lic_files_chksum_modified_not_mentioned)
This failure seems to be
To deal with system setups, sshd was configured in the following way:
- sshd_config is shipped completely by OE and DISTRO_FEATURES (pam,
x11) are patched in during do_install
--> this is difficulty to maintain; e.g. sshd_config must be
synchronized between OpenSSH releases and OE
From: Enrico Scholz
This patch replaces the duplicate 'sshd_config_readonly' configuration
file and logic behind by an extra packages which is installed when
corresponding IMAGE_FEATURES are set.
**NOTE**: this causes a regression when host keys are added manually
to the image. Users have to
From: Enrico Scholz
Add an OPENSSH_FEATURE_CONFIGURATION variable which will hold openssh
configuration packages.
Signed-off-by: Enrico Scholz
---
meta/classes-recipe/core-image.bbclass | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git
From: Enrico Scholz
Instead of shipping the whole configuration files for openssh, add
small patch includes configuration snippets from subdirectories.
This allows us to keep the original upstream configuration which is
mainly useful for documentation purposes. It makes it more easy to
From: Enrico Scholz
Install 'openssh-config-allow-root-login' when corresponding
IMAGE_FEATURES are active.
Signed-off-by: Enrico Scholz
---
meta/classes-recipe/core-image.bbclass | 1 +
meta/classes-recipe/rootfs-postcommands.bbclass | 6 --
From: Enrico Scholz
Install 'openssh-config-allow-empty-password' when corresponding
IMAGE_FEATURES are active.
Signed-off-by: Enrico Scholz
---
meta/classes-recipe/core-image.bbclass | 1 +
meta/classes-recipe/rootfs-postcommands.bbclass | 6 --
From: Enrico Scholz
Place OE specific openssh setup (which was removed in a previous
patch) in a configuration snippet.
Signed-off-by: Enrico Scholz
---
.../openssh/openssh-config.bb | 30 +++
.../openssh/openssh-config/80-oe.conf | 5
From: Enrico Scholz
Instead of applying DISTRO_FEATURE based setup directly to
sshd_config, add it to our configuration snippet.
Signed-off-by: Enrico Scholz
---
meta/recipes-connectivity/openssh/openssh-config.bb | 10 ++
meta/recipes-connectivity/openssh/openssh_9.6p1.bb | 8
From: Enrico Scholz
The only libnsl2 function which is used by tcp-wrappers is
'yp_get_default_domain()'. When USE_GETDOMAIN is set, this is
implemented as a simple wrapper around getdomainname() so that libnsl2
is not used at all.
We added a patch which does '#include ' to avoid
implicit
Alexander Kanavin writes:
> Any changes would have to fulfil this:
>
> 1. Rust's installation procedure should run under pseudo, e.g. in
> do_install.
The current recipe does *not* run installation under pseudo
| rust_do_install:class-target() {
| export PSEUDO_UNLOAD=1
| rust_runx
Hello,
rust recipe does
| do_compile () {
| }
|
| rust_do_install() {
| rust_runx install
| }
|
| rust_do_install:class-nativesdk() {
| export PSEUDO_UNLOAD=1
| rust_runx install
| rust_runx install clippy
| rust_runx install rustfmt
What is the reason to run the
Alexander Kanavin writes:
>> Else, there are sometimes not many ways to work without them.
>> E.g. SSTATE_MIRRORS has contain the secret token because it is
>> used directly by bitbake; perhaps I could use a wget wrapper and
>> write a custom curl python class...
>
> Yes, the secret needs to be
Alexander Kanavin writes:
> Please no. These things can leak out in a million other ways
no; that is very unlikely. The parts which are dealing with secrets
usually take care about not leaking them.
All major CI systems have the same problem (need secret variables) and
at least gitlab solves
From: Enrico Scholz
Some integrations require that passwords or secret tokens are
assigned to bitbake variables. E.g. the meta-dependencytrack
layer has a 'DEPENDENCYTRACK_API_KEY' or my sstate-server requires
a 'SSTATE_SERVER_SESSION' token.
These secrets will appear in testdata.json which
From: Enrico Scholz
Recipe references 'login.defs' in LIC_FILES_CHKSUM. This causes some
problems:
- file does not contain a single word which is related with its license
- changing this file (here: increasing SYS_UID_MIN) invalidates
LIC_FILES_CHKSUM
Add 'SPDX-License-Identifier' to the
From: Enrico Scholz
Recipe references 'login.defs' in LIC_FILES_CHKSUM. This causes some
problems:
- file does not contain a single word which is related with its license
- changing this file (here: increasing SYS_UID_MIN) invalidates
LIC_FILES_CHKSUM
Add 'SPDX-License-Identifier' to the
Hi,
currently, it is difficult to reuse recipes from other layers because
their path is required but not known. E.g. when one tries to add a
backported imx-gpu-viv recipe [1] to a local layer by
| require recipes-graphics/imx-gpu-viv/imx-gpu-viv-6.inc
do_fetch() will fail because some SRC_URI
From: Enrico Scholz
Transition to ThreadPoolExecutor (eb6a6820928472ef194b963b606454e731f9486f)
broke the
| Checking sstate mirror object availability: ...
progress bar because the removed 'thread_worker' was still referenced
in an asynchronous function. As the result of the future is never
Jose Quaresma writes:
>> Transition to ThreadPoolExecutor (eb6a6820928472ef194b963b606454e731f9486f)
>> broke he
>>
>> | Checking sstate mirror object availability: ...
>>
>> progress bar because the removed 'thread_worker' was still referenced
>> in an asynchronous function. As the result of
From: Enrico Scholz
Transition to ThreadPoolExecutor (eb6a6820928472ef194b963b606454e731f9486f)
broke the
| Checking sstate mirror object availability: ...
progress bar because the removed 'thread_worker' was still referenced
in an asynchronous function. As the result of the future is never
Luca Ceresoli writes:
> As you can see above, your sender address is getting mangled. This is
> not your fault, it is done by DMARC for anti-phishing, but it makes
> applying your patches annoying.
>
> Can you please try to work around that by setting the sendemail.from
> parameter in your git
Use the same code as the 'nodejs_16.4.bb recipe' for mapping the OE
arch to the NPM arch.
A noticeable change (and fix for exiting problems) is the move from
'arm' to 'arm64' for 'aarch64'.
Signed-off-by: Enrico Scholz
---
meta/classes-recipe/npm.bbclass | 24 +++-
1 file
Configuration option is named 'fund', not 'funds'.
Signed-off-by: Enrico Scholz
---
meta/classes-recipe/npm.bbclass | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/classes-recipe/npm.bbclass b/meta/classes-recipe/npm.bbclass
index deea53c9ec65..8e73400678db 100644
---
"Michael Opdenacker via lists.openembedded.org"
writes:
> I'm testing the Yocto Project Documentation for creating NPM packages
npm is broken since kirkstone; see
https://patchwork.yoctoproject.org/project/oe-core/list/?series=4303 for
patches.
Enrico
-=-=-=-=-=-=-=-=-=-=-=-
Links: You
'audit' can cause extra network traffic; 'fund' is not needed.
Signed-off-by: Enrico Scholz
---
meta/classes/npm.bbclass | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/classes/npm.bbclass b/meta/classes/npm.bbclass
index 11c80a738e..b613c8e8f5 100644
--- a/meta/classes/npm.bbclass
"Enrico Scholz via lists.openembedded.org"
writes:
> This patchset requires an additional one in the oe-meta layer.
for reference: https://lists.openembedded.org/g/openembedded-devel/message/97186
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View
'npm pack' is a maintainer tool which tries to execute 'prepare'
and similar scripts. This fails usually in OE because it requires
completely installed 'node_modules'.
Earlier nodejs versions supported an undocumented 'ignore-scripts'
option. This has been removed in nodejs 16.
We could patch
With nodejs 16, the simple 'npm cache add' approach does not work
anymore because its fetcher implementation downloads also meta
information from the registry.
We have to generate these information and add them to the cache.
There is no direct support in 'npm' for task so we have to implement
it
nodejs 16 changed internal caching significantly which breaks the
existing npm.bblcass.
Simulate parts of the npm registry and cache data in the way as
expected.
This patchset requires an additional one in the oe-meta layer.
Enrico Scholz (6):
npm: replace 'npm pack' call by 'tar czf'
npm:
Helper module to:
- generate meta information from package.json content. This data has
a format as provided by https://registry.npmjs.org
- put this meta information and the corresponding tarball in the
nodejs cache. This uses an external, nodejs version specific helper
script
We know the content of 'package.json' from earlier patches; there is
no need to parse the tarball name to extract the version.
Signed-off-by: Enrico Scholz
---
meta/classes/npm.bbclass | 7 +--
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/meta/classes/npm.bbclass
We have to read 'package.json' to calculate the name of the tarball.
This content is interesting for later patches.
Signed-off-by: Enrico Scholz
---
meta/classes/npm.bbclass | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/meta/classes/npm.bbclass
'audit' can cause extra network traffic; 'fund' is not needed.
Signed-off-by: Enrico Scholz
---
meta/classes/npm.bbclass | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/classes/npm.bbclass b/meta/classes/npm.bbclass
index 11c80a738e..1e41072116 100644
--- a/meta/classes/npm.bbclass
richard.pur...@linuxfoundation.org writes:
>>Is there any solution or other ways to use npm in kirkstone?
>
> We're lacking people working on the npm/node support. If people send
> patches to fix it and add test cases we can look to improve it but this
> kind of thing doesn't happen without
Hello,
with nodejs 16, 'npm.bbclass' stops to work and fails (at least) because
of:
1. 'ignore-scripts' has no effect with 'npm pack' anymore. This command
will now execute 'prepare' scripts which usually fail.
Patching out 'scripts/prepare' from package.json should solve it (can
be
Richard Purdie writes:
>> > > > This script searches for a list of variable that have been renamed
>> > > > and converts them to their more descriptive names.
>>
>> s/descriptive/politically correct/
>
> We did try and make some of the names better describe what the variables
> do and make the
Richard Purdie writes:
>> > This script searches for a list of variable that have been renamed
>> > and converts them to their more descriptive names.
s/descriptive/politically correct/
>> again: most of these renamings make identifiers much less descriptive
>> because they now sound like
"Saul Wold" writes:
> From: Saul Wold
>
> This script searches for a list of variable that have been renamed
> and converts them to their more descriptive names.
again: most of these renamings make identifiers much less descriptive
because they now sound like boolean flags instead of lists
>
"Alexander Kanavin" writes:
> --- a/meta/classes/qemuboot.bbclass
> +++ b/meta/classes/qemuboot.bbclass
> @@ -109,7 +109,7 @@ def qemuboot_vars(d):
> build_vars = ['MACHINE', 'TUNE_ARCH', 'DEPLOY_DIR_IMAGE',
> 'KERNEL_IMAGETYPE', 'IMAGE_NAME', 'IMAGE_LINK_NAME',
>
Alexander Kanavin writes:
>> > Would CANCEL be clearer to you than HALT?
>>
>> mmmh for me as a developer (and non-native english speaker), "cancel"
>> means some ordered ending of an operation.
>>
>> But the condition above causes an emergency abort.
>>
>
> Cancel is the same as abort: a
Richard Purdie writes:
>> | lto1: internal compiler error: original not compressed with zstd
>>
>> DEPENDS =+ "mpfr gmp libmpc zlib flex-native"
>> -NATIVEDEPS = "mpfr-native gmp-native libmpc-native zlib-native flex-native"
>> +NATIVEDEPS = "mpfr-native gmp-native libmpc-native zlib-native
Bryan Evenson writes:
>> >> > For BB_DISKMON_DIRS, the actions "ABORT, STOPTASKS and WARN"
>> >> > would become "HALT, NO_NEW_TASKS and "WARN".
>> >>
>> >> I am not an native english speaker, but for "HALT" I will have to
>> >> think twice whether it will pause the operation or abort it. I
Alexander Kanavin writes:
>> > For BB_DISKMON_DIRS, the actions "ABORT, STOPTASKS and WARN" would
>> > become "HALT, NO_NEW_TASKS and "WARN".
>>
>> I am not an native english speaker, but for "HALT" I will have to
>> think twice whether it will pause the operation or abort it. I would
>> stay
"Jon Mason" writes:
> For BB_DISKMON_DIRS, the actions "ABORT, STOPTASKS and WARN" would
> become "HALT, NO_NEW_TASKS and "WARN".
I am not an native english speaker, but for "HALT" I will have to think
twice whether it will pause the operation or abort it. I would stay at
"ABORT" because it
Khem Raj writes:
>> gcc-10+ supports zstd compression of LTO bytecode. Install the
>> corresponding package to enable this feature in a deterministic way.
>>
>> NOTE: previously built LTO object files (without this compression)
>> must be regenerated; gcc will fail else with
>>
>> | lto1:
gcc-10+ supports zstd compression of LTO bytecode. Install the
corresponding package to enable this feature in a deterministic way.
NOTE: previously built LTO object files (without this compression)
must be regenerated; gcc will fail else with
| lto1: internal compiler error: original not
57 matches
Mail list logo
