I'm working with the rocko branch of the meta-security layer [1], with the latest poky rocko branch HEAD on an Ubuntu 17.10 machine (technically an "untested" distro but otherwise fine with Rocko the past).
>From my understanding, all that should be required to run the buck-security after an image build is adding INHERIT += "check_security" to local.conf. I see that check_security.bbclass [2] already takes care of appending itself to EXTRA_IMAGEDEPENDS. However, when building an image (e.g. core-image-minimal), check_security.bbclass is failing to find buck-security in ${STAGING_BINDIR_NATIVE}, as indicated by the following error message: ${TMPDIR}/work/raspberrypi0_wifi-poky-linux-gnueabi/core-image-minimal/1.0-r0/temp/run.check_security.24976: 112: ${TMPDIR}/work/raspberrypi0_wifi-poky-linux-gnueabi/core-image-minimal/1.0-r0/temp/run.check_security.24976: ${TMPDIR}/work/raspberrypi0_wifi-poky-linux-gnueabi/core-image-minimal/1.0-r0/recipe-sysroot-native/usr/bin/buck-security: not found The above makes it clear what ${STAGING_BINDIR_NATIVE} expands to; buck-security is indeed not present in this location. My logs indicate that when buck-security-native recipe's do_install() is executed [3], ${D} and ${bindir} are defined as follows: D: ${TMPDIR}/work/x86_64-linux/buck-security-native/0.7-r0/image bindir: ${TMPDIR}/work/x86_64-linux/buck-security-native/0.7-r0/recipe-sysroot-native/usr/bin buck-security also appears to be present in the following location: ${TMPDIR}/sysroots-components/x86_64/buck-security-native/usr/bin/buck-security After going through the manuals, I'm still a little unclear about when exactly buck-security-native's files should be copied or linked into the image's respective sysroot (presumably, during do_populate_sysroot?), and where the breakdown is happening here. If anyone else is able to reproduce this or provide some assistance in resolving or just debugging it, I'd greatly appreciate it. Thank you, Jon Szymaniak Links: [1] https://git.yoctoproject.org/cgit/cgit.cgi/meta-security/ [2] https://git.yoctoproject.org/cgit/cgit.cgi/meta-security/tree/classes/check_security.bbclass [3] https://git.yoctoproject.org/cgit/cgit.cgi/meta-security/tree/recipes-security/buck-security/buck-security_0.7.bb#n51 -- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto