Re: [OE-core][RFC] openssh: Start key generation in multi-user mode
On Mon, Sep 21, 2020 at 5:45 PM Joshua Watt wrote: > > The sshkeygen uses a lot of CPU time which delays booting (especially in > the case where no SSH connection is going to happen), but we also want > to be proactive about generating it early so that the first SSH login > doesn't have to wait a long time. > > Starting the key generation when the sockets are created (which is > pretty early in the boot process) slows down the boot due to high CPU > usage, so as a compromise start it no later than multi-user mode when > things have typically settled down. Note that if an SSH connection comes > in before multi-user.target is reached, key generation will be started > immediately. > > Signed-off-by: Joshua Watt > --- > meta/recipes-connectivity/openssh/openssh/sshd.socket| 1 - > meta/recipes-connectivity/openssh/openssh/sshd@.service | 1 + > .../recipes-connectivity/openssh/openssh/sshdgenkeys.service | 5 + > 3 files changed, 6 insertions(+), 1 deletion(-) > > diff --git a/meta/recipes-connectivity/openssh/openssh/sshd.socket > b/meta/recipes-connectivity/openssh/openssh/sshd.socket > index 8d76d62309..12c39b26b5 100644 > --- a/meta/recipes-connectivity/openssh/openssh/sshd.socket > +++ b/meta/recipes-connectivity/openssh/openssh/sshd.socket > @@ -1,6 +1,5 @@ > [Unit] > Conflicts=sshd.service > -Wants=sshdgenkeys.service > > [Socket] > ExecStartPre=@BASE_BINDIR@/mkdir -p /var/run/sshd > diff --git a/meta/recipes-connectivity/openssh/openssh/sshd@.service > b/meta/recipes-connectivity/openssh/openssh/sshd@.service > index 9d9965e624..40fd38730a 100644 > --- a/meta/recipes-connectivity/openssh/openssh/sshd@.service > +++ b/meta/recipes-connectivity/openssh/openssh/sshd@.service > @@ -1,5 +1,6 @@ > [Unit] > Description=OpenSSH Per-Connection Daemon > +Wants=sshdgenkeys.service > After=sshdgenkeys.service > > [Service] > diff --git a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service > b/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service > index fd81793d51..52617ec275 100644 > --- a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service > +++ b/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service > @@ -7,3 +7,8 @@ ExecStart=@LIBEXECDIR@/sshd_check_keys > Type=oneshot > RemainAfterExit=yes > Nice=10 > + > +[Install] > +# Start key generation no later than multi-user mode so that we can hopefully > +# have it generated before the first SSH connection > +WantedBy=multi-user.target This looks better than what we have. Please do something similar for dropbearkey.service as well. I also wonder if we need After anchor but I would not worry too much about it. > -- > 2.28.0 > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#142706): https://lists.openembedded.org/g/openembedded-core/message/142706 Mute This Topic: https://lists.openembedded.org/mt/77004223/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][poky][zeus][PATCH] qemu: CVE-2020-12829
Backport CVE patch from the upstream:
https://git.qemu.org/?p=qemu.git;a=commit;h=b15a22bbcbe6a78dc3d88fe3134985e4cdd87de4
Signed-off-by: Li Wang
---
meta/recipes-devtools/qemu/qemu.inc | 1 +
.../qemu/qemu/CVE-2020-12829.patch| 267 ++
2 files changed, 268 insertions(+)
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-12829.patch
diff --git a/meta/recipes-devtools/qemu/qemu.inc
b/meta/recipes-devtools/qemu/qemu.inc
index ec32c90ad5..cbade92ac9 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -43,6 +43,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
file://CVE-2020-10756.patch \
file://CVE-2020-15863.patch \
file://CVE-2020-14364.patch \
+ file://CVE-2020-12829.patch \
"
UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar"
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-12829.patch
b/meta/recipes-devtools/qemu/qemu/CVE-2020-12829.patch
new file mode 100644
index 00..46e494dec0
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2020-12829.patch
@@ -0,0 +1,267 @@
+From b15a22bbcbe6a78dc3d88fe3134985e4cdd87de4 Mon Sep 17 00:00:00 2001
+From: BALATON Zoltan
+Date: Thu, 21 May 2020 21:39:44 +0200
+Subject: [PATCH] sm501: Replace hand written implementation with pixman
+where possible
+
+Besides being faster this should also prevent malicious guests to
+abuse 2D engine to overwrite data or cause a crash.
+
+Signed-off-by: BALATON Zoltan
+Message-id:
+58666389b6cae256e4e972a32c05cf8aa51bffc0.1590089984.git.bala...@eik.bme.hu
+Signed-off-by: Gerd Hoffmann
+
+Upstream-Status: Backport
+CVE: CVE-2020-12829
+[https://git.qemu.org/?p=qemu.git;a=commit;h=b15a22bbcbe6a78dc3d88fe3134985e4cdd87de4]
+Signed-off-by: Li Wang
+---
+ hw/display/sm501.c | 205 ++---
+ 1 file changed, 118 insertions(+), 87 deletions(-)
+
+diff --git a/hw/display/sm501.c b/hw/display/sm501.c
+index 5918f59..b52c7e8 100644
+--- a/hw/display/sm501.c
b/hw/display/sm501.c
+@@ -702,12 +702,12 @@ static void sm501_2d_operation(SM501State *s)
+ /* obtain operation parameters */
+ int operation = (s->twoD_control >> 16) & 0x1f;
+ int rtl = s->twoD_control & 0x800;
+-int src_x = (s->twoD_source >> 16) & 0x01FFF;
+-int src_y = s->twoD_source & 0x;
+-int dst_x = (s->twoD_destination >> 16) & 0x01FFF;
+-int dst_y = s->twoD_destination & 0x;
+-int operation_width = (s->twoD_dimension >> 16) & 0x1FFF;
+-int operation_height = s->twoD_dimension & 0x;
++unsigned int src_x = (s->twoD_source >> 16) & 0x01FFF;
++unsigned int src_y = s->twoD_source & 0x;
++unsigned int dst_x = (s->twoD_destination >> 16) & 0x01FFF;
++unsigned int dst_y = s->twoD_destination & 0x;
++unsigned int operation_width = (s->twoD_dimension >> 16) & 0x1FFF;
++unsigned int operation_height = s->twoD_dimension & 0x;
+ uint32_t color = s->twoD_foreground;
+ int format_flags = (s->twoD_stretch >> 20) & 0x3;
+ int addressing = (s->twoD_stretch >> 16) & 0xF;
+@@ -719,10 +719,8 @@ static void sm501_2d_operation(SM501State *s)
+ uint32_t dst_base = s->twoD_destination_base & 0x03FF;
+
+ /* get frame buffer info */
+-uint8_t *src = s->local_mem + src_base;
+-uint8_t *dst = s->local_mem + dst_base;
+-int src_width = s->twoD_pitch & 0x1FFF;
+-int dst_width = (s->twoD_pitch >> 16) & 0x1FFF;
++unsigned int src_width = s->twoD_pitch & 0x1FFF;
++unsigned int dst_width = (s->twoD_pitch >> 16) & 0x1FFF;
+ int crt = (s->dc_crt_control & SM501_DC_CRT_CONTROL_SEL) ? 1 : 0;
+ int fb_len = get_width(s, crt) * get_height(s, crt) * get_bpp(s, crt);
+
+@@ -731,95 +729,128 @@ static void sm501_2d_operation(SM501State *s)
+ abort();
+ }
+
+-if (rop_mode == 0) {
+-if (rop != 0xcc) {
+-/* Anything other than plain copies are not supported */
+-qemu_log_mask(LOG_UNIMP, "sm501: rop3 mode with rop %x is not "
+- "supported.\n", rop);
+-}
+-} else {
+-if (rop2_source_is_pattern && rop != 0x5) {
+-/* For pattern source, we support only inverse dest */
+-qemu_log_mask(LOG_UNIMP, "sm501: rop2 source being the pattern
and "
+- "rop %x is not supported.\n", rop);
+-} else {
+-if (rop != 0x5 && rop != 0xc) {
+-/* Anything other than plain copies or inverse dest is not
+- * supported */
+-qemu_log_mask(LOG_UNIMP, "sm501: rop mode %x is not "
+- "supported.\n", rop);
+-}
+-}
+-}
+-
+ if ((s->twoD_source_base & 0x0800) ||
+ (s->twoD_destination_base & 0x0800)) {
+ printf("%s: only local memory is supported.\n", __func__);
+ abort();
+ }
+
+-
[OE-core][RFC] openssh: Start key generation in multi-user mode
The sshkeygen uses a lot of CPU time which delays booting (especially in the case where no SSH connection is going to happen), but we also want to be proactive about generating it early so that the first SSH login doesn't have to wait a long time. Starting the key generation when the sockets are created (which is pretty early in the boot process) slows down the boot due to high CPU usage, so as a compromise start it no later than multi-user mode when things have typically settled down. Note that if an SSH connection comes in before multi-user.target is reached, key generation will be started immediately. Signed-off-by: Joshua Watt --- meta/recipes-connectivity/openssh/openssh/sshd.socket| 1 - meta/recipes-connectivity/openssh/openssh/sshd@.service | 1 + .../recipes-connectivity/openssh/openssh/sshdgenkeys.service | 5 + 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/meta/recipes-connectivity/openssh/openssh/sshd.socket b/meta/recipes-connectivity/openssh/openssh/sshd.socket index 8d76d62309..12c39b26b5 100644 --- a/meta/recipes-connectivity/openssh/openssh/sshd.socket +++ b/meta/recipes-connectivity/openssh/openssh/sshd.socket @@ -1,6 +1,5 @@ [Unit] Conflicts=sshd.service -Wants=sshdgenkeys.service [Socket] ExecStartPre=@BASE_BINDIR@/mkdir -p /var/run/sshd diff --git a/meta/recipes-connectivity/openssh/openssh/sshd@.service b/meta/recipes-connectivity/openssh/openssh/sshd@.service index 9d9965e624..40fd38730a 100644 --- a/meta/recipes-connectivity/openssh/openssh/sshd@.service +++ b/meta/recipes-connectivity/openssh/openssh/sshd@.service @@ -1,5 +1,6 @@ [Unit] Description=OpenSSH Per-Connection Daemon +Wants=sshdgenkeys.service After=sshdgenkeys.service [Service] diff --git a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service b/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service index fd81793d51..52617ec275 100644 --- a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service +++ b/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service @@ -7,3 +7,8 @@ ExecStart=@LIBEXECDIR@/sshd_check_keys Type=oneshot RemainAfterExit=yes Nice=10 + +[Install] +# Start key generation no later than multi-user mode so that we can hopefully +# have it generated before the first SSH connection +WantedBy=multi-user.target -- 2.28.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#142704): https://lists.openembedded.org/g/openembedded-core/message/142704 Mute This Topic: https://lists.openembedded.org/mt/77004223/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 8/8] New systemtap.bb class, and systemtap-demo.bb to illustrate it.
On Mon, Sep 21, 2020 at 6:51 PM Richard Purdie wrote: > > On Mon, 2020-09-21 at 23:23 +0200, Yann Dirson wrote: > > > > > > Le lun. 21 sept. 2020 à 21:46, Richard Purdie < > > richard.pur...@linuxfoundation.org> a écrit : > > > On Mon, 2020-09-21 at 16:15 +0200, Yann Dirson wrote: > > > > From: Yann Dirson > > > > > > > > --- > > > > meta/classes/systemtap.bbclass| 74 > > > +++ > > > > .../systemtap/systemtap-demo_git.bb | 71 > > > ++ > > > > 2 files changed, 145 insertions(+) > > > > create mode 100644 meta/classes/systemtap.bbclass > > > > create mode 100644 meta/recipes-kernel/systemtap/systemtap- > > > demo_git.bb > > > > > > I'm afraid this patch is going to throw warnings all over the > > > autobuilder, e.g.: > > > > > > https://autobuilder.yoctoproject.org/typhoon/#/builders/40/builds/2488 > > > > > > (and there will be more). > > > > > > We are trying to ensure all warnings are solved so that any that do > > > show are real issues and this patch would significantly distract > > > from > > > that. > > > > OK, we could default to built just the handful of probes that should > > always build, and give instructions for those willing to use the > > current behaviour. > > I think that is going to be safer and we could grow into more examples > if/as/when we van build them. Also, as the person that usually picks up systemtap breakage first on our new kernel versions .. we need to make sure that the reworked recipe and class pass the oe-selftest for stap. It is doing on target compilation, so ideally, that test should be expanded to test bot the cross and on-target variants. Cheers, Bruce > > > > > > I'm also wary that we're now in feature freeze for release so > > > perhaps > > > these changes should wait until 3.3? > > > > OK, I can reroll a series with just the fixes. > > That would be great. > > > For the rest should I just wait for the gatesgarth branch to be > > created and resubmit then ? > > Once we start taking new work on master, yes. > > Also, for a new recipe like this we need a maintainers entry, else we > see: > > https://autobuilder.yoctoproject.org/typhoon/#/builders/80/builds/1377 > > Cheers, > > Richard > > > > > -- - Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end - "Use the force Harry" - Gandalf, Star Trek II -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#142703): https://lists.openembedded.org/g/openembedded-core/message/142703 Mute This Topic: https://lists.openembedded.org/mt/76990992/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 0/7] Pull request (cover letter only)
The following changes since commit b98e50f08b2bcf61fbc75ea1b0ad83a17c0a736a:
cve-check: avoid FileNotFoundError if no do_cve_check task has run
(2020-09-14 04:26:37 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-next
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-next
Christophe GUIBOUT (1):
initramfs-framework: support kernel cmdline with double quotes
Geoff Parker (1):
systemd-serialgetty: Replace sed quoting using ' with " to allow var
expansion
Khem Raj (1):
populate_sdk_ext: Do not assume local.conf will always exist
Michael Gloff (1):
sysvinit: Remove ${B} assignment
Pierre-Jean Texier (1):
libubootenv: upgrade 0.3 -> 0.3.1
Rahul Kumar (1):
systemd-serialgetty: Fix sed expression quoting
Steve Sakoman (1):
Revert "kernel.bbclass: run do_symlink_kernsrc before do_patch"
meta/classes/kernel.bbclass | 2 +-
meta/classes/populate_sdk_ext.bbclass | 5 +++--
.../{libubootenv_0.3.bb => libubootenv_0.3.1.bb}| 2 +-
.../initrdscripts/initramfs-framework/init | 13 +
meta/recipes-core/systemd/systemd-serialgetty.bb| 4 ++--
meta/recipes-core/sysvinit/sysvinit_2.96.bb | 1 -
6 files changed, 20 insertions(+), 7 deletions(-)
rename meta/recipes-bsp/u-boot/{libubootenv_0.3.bb => libubootenv_0.3.1.bb}
(94%)
--
2.17.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#142702):
https://lists.openembedded.org/g/openembedded-core/message/142702
Mute This Topic: https://lists.openembedded.org/mt/77003554/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 8/8] New systemtap.bb class, and systemtap-demo.bb to illustrate it.
On Mon, 2020-09-21 at 23:23 +0200, Yann Dirson wrote: > > > Le lun. 21 sept. 2020 à 21:46, Richard Purdie < > richard.pur...@linuxfoundation.org> a écrit : > > On Mon, 2020-09-21 at 16:15 +0200, Yann Dirson wrote: > > > From: Yann Dirson > > > > > > --- > > > meta/classes/systemtap.bbclass| 74 > > +++ > > > .../systemtap/systemtap-demo_git.bb | 71 > > ++ > > > 2 files changed, 145 insertions(+) > > > create mode 100644 meta/classes/systemtap.bbclass > > > create mode 100644 meta/recipes-kernel/systemtap/systemtap- > > demo_git.bb > > > > I'm afraid this patch is going to throw warnings all over the > > autobuilder, e.g.: > > > > https://autobuilder.yoctoproject.org/typhoon/#/builders/40/builds/2488 > > > > (and there will be more). > > > > We are trying to ensure all warnings are solved so that any that do > > show are real issues and this patch would significantly distract > > from > > that. > > OK, we could default to built just the handful of probes that should > always build, and give instructions for those willing to use the > current behaviour. I think that is going to be safer and we could grow into more examples if/as/when we van build them. > > > I'm also wary that we're now in feature freeze for release so > > perhaps > > these changes should wait until 3.3? > > OK, I can reroll a series with just the fixes. That would be great. > For the rest should I just wait for the gatesgarth branch to be > created and resubmit then ? Once we start taking new work on master, yes. Also, for a new recipe like this we need a maintainers entry, else we see: https://autobuilder.yoctoproject.org/typhoon/#/builders/80/builds/1377 Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#142701): https://lists.openembedded.org/g/openembedded-core/message/142701 Mute This Topic: https://lists.openembedded.org/mt/76990992/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 3/3] buildtools-tarball: Add python3-jinja2
On Mon, Sep 21, 2020 at 5:12 AM Richard Purdie < richard.pur...@linuxfoundation.org> wrote: > This is used by various pieces of the result handling code, particularly > the > performance testing and we're seeing autobuilder failures that are > easiest resolved using this. > > Signed-off-by: Richard Purdie > Acked-by: Tim Orling Signed-off-by: Tim Orling > --- > meta/recipes-core/meta/buildtools-tarball.bb | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/meta/recipes-core/meta/buildtools-tarball.bb > b/meta/recipes-core/meta/buildtools-tarball.bb > index 75b71f55327..ef56f76fa71 100644 > --- a/meta/recipes-core/meta/buildtools-tarball.bb > +++ b/meta/recipes-core/meta/buildtools-tarball.bb > @@ -11,6 +11,7 @@ TOOLCHAIN_HOST_TASK ?= "\ > nativesdk-python3-modules \ > nativesdk-python3-misc \ > nativesdk-python3-git \ > +nativesdk-python3-jinja2 \ > nativesdk-python3-testtools \ > nativesdk-python3-subunit \ > nativesdk-ncurses-terminfo-base \ > -- > 2.25.1 > > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#142700): https://lists.openembedded.org/g/openembedded-core/message/142700 Mute This Topic: https://lists.openembedded.org/mt/76988713/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 2/3] python3-jinja2: Import from meta-oe/meta-python
On Mon, Sep 21, 2020 at 5:12 AM Richard Purdie <
richard.pur...@linuxfoundation.org> wrote:
> This is used by some of the results handling code and needed as part of
> buildtools tarball on various autobuilder worker for testing.
>
> ptest is disabled for OE-Core, at least for now since it depends on
> python3-pytest which in turn has may other dependencies.
>
> Signed-off-by: Richard Purdie
>
Acked-by: Tim Orling
Signed-off-by: Tim Orling
> ---
> meta/conf/distro/include/maintainers.inc | 1 +
> .../python/python3-jinja2/run-ptest | 3 ++
> .../python/python3-jinja2_2.11.2.bb | 45 +++
> 3 files changed, 49 insertions(+)
> create mode 100644 meta/recipes-devtools/python/python3-jinja2/run-ptest
> create mode 100644 meta/recipes-devtools/python/python3-jinja2_2.11.2.bb
>
> diff --git a/meta/conf/distro/include/maintainers.inc
> b/meta/conf/distro/include/maintainers.inc
> index 84f473290ab..d349382cb9d 100644
> --- a/meta/conf/distro/include/maintainers.inc
> +++ b/meta/conf/distro/include/maintainers.inc
> @@ -589,6 +589,7 @@ RECIPE_MAINTAINER_pn-python3-extras = "Oleksandr
> Kravchuk RECIPE_MAINTAINER_pn-python3-git = "Oleksandr Kravchuk <
> open.sou...@oleksandr-kravchuk.com>"
> RECIPE_MAINTAINER_pn-python3-gitdb = "Oleksandr Kravchuk <
> open.sou...@oleksandr-kravchuk.com>"
> RECIPE_MAINTAINER_pn-python3-iniparse = "Oleksandr Kravchuk <
> open.sou...@oleksandr-kravchuk.com>"
> +RECIPE_MAINTAINER_pn-python3-jinja2 = "Richard Purdie <
> richard.pur...@linuxfoundation.org>"
> RECIPE_MAINTAINER_pn-python3-libarchive-c = "Joshua Watt <
> jpewhac...@gmail.com>"
> RECIPE_MAINTAINER_pn-python3-magic = "Joshua Watt "
> RECIPE_MAINTAINER_pn-python3-mako = "Oleksandr Kravchuk <
> open.sou...@oleksandr-kravchuk.com>"
> diff --git a/meta/recipes-devtools/python/python3-jinja2/run-ptest
> b/meta/recipes-devtools/python/python3-jinja2/run-ptest
> new file mode 100644
> index 000..5cec7116968
> --- /dev/null
> +++ b/meta/recipes-devtools/python/python3-jinja2/run-ptest
> @@ -0,0 +1,3 @@
> +#!/bin/sh
> +
> +pytest
> diff --git a/meta/recipes-devtools/python/python3-jinja2_2.11.2.bb
> b/meta/recipes-devtools/python/python3-jinja2_2.11.2.bb
> new file mode 100644
> index 000..89538d2f272
> --- /dev/null
> +++ b/meta/recipes-devtools/python/python3-jinja2_2.11.2.bb
> @@ -0,0 +1,45 @@
> +DESCRIPTION = "Python Jinja2: A small but fast and easy to use
> stand-alone template engine written in pure python."
> +
> +LICENSE = "BSD-3-Clause"
> +LIC_FILES_CHKSUM =
> "file://LICENSE.rst;md5=5dc88300786f1c214c1e9827a5229462"
> +
> +SRC_URI[sha256sum] =
> "89aab215427ef59c34ad58735269eb58b1a5808103067f7bb9d5836c651b3bb0"
> +
> +PYPI_PACKAGE = "Jinja2"
> +
> +CLEANBROKEN = "1"
> +
> +inherit pypi setuptools3
> +# ptest disabled in OE-Core for now due to missing dependencies
> +
> +
> +SRC_URI += " \
> + file://run-ptest \
> +"
> +
> +do_install_ptest() {
> +install -d ${D}${PTEST_PATH}/tests
> +cp -rf ${S}/tests/* ${D}${PTEST_PATH}/tests/
> +}
> +
> +RDEPENDS_${PN}-ptest += " \
> + ${PYTHON_PN}-pytest \
> + ${PYTHON_PN}-unixadmin \
> +"
> +
> +RDEPENDS_${PN} += " \
> +${PYTHON_PN}-asyncio \
> +${PYTHON_PN}-crypt \
> +${PYTHON_PN}-io \
> +${PYTHON_PN}-json \
> +${PYTHON_PN}-markupsafe \
> +${PYTHON_PN}-math \
> +${PYTHON_PN}-netclient \
> +${PYTHON_PN}-numbers\
> +${PYTHON_PN}-pickle \
> +${PYTHON_PN}-pprint \
> +${PYTHON_PN}-shell \
> +${PYTHON_PN}-threading \
> +"
> +
> +BBCLASSEXTEND = "native nativesdk"
> --
> 2.25.1
>
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#142699):
https://lists.openembedded.org/g/openembedded-core/message/142699
Mute This Topic: https://lists.openembedded.org/mt/76988712/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 1/3] python3-markupsafe: Import from meta-oe/meta-python
On Mon, Sep 21, 2020 at 5:12 AM Richard Purdie <
richard.pur...@linuxfoundation.org> wrote:
> Needed as a dependency of python3-jinja2. ptest is disabled for OE-Core, at
> least for now since it depends on python3-pytest which in turn has may
> other
> dependencies.
>
> Signed-off-by: Richard Purdie
>
Acked-by: Tim Orling
Signed-off-by: Tim Orling
> ---
> meta/conf/distro/include/maintainers.inc | 1 +
> .../python/python3-markupsafe/run-ptest | 3 ++
> .../python/python3-markupsafe_1.1.1.bb| 28 +++
> 3 files changed, 32 insertions(+)
> create mode 100644
> meta/recipes-devtools/python/python3-markupsafe/run-ptest
> create mode 100644 meta/recipes-devtools/python/
> python3-markupsafe_1.1.1.bb
>
> diff --git a/meta/conf/distro/include/maintainers.inc
> b/meta/conf/distro/include/maintainers.inc
> index a094b39b2af..84f473290ab 100644
> --- a/meta/conf/distro/include/maintainers.inc
> +++ b/meta/conf/distro/include/maintainers.inc
> @@ -592,6 +592,7 @@ RECIPE_MAINTAINER_pn-python3-iniparse = "Oleksandr
> Kravchuk RECIPE_MAINTAINER_pn-python3-libarchive-c = "Joshua Watt <
> jpewhac...@gmail.com>"
> RECIPE_MAINTAINER_pn-python3-magic = "Joshua Watt "
> RECIPE_MAINTAINER_pn-python3-mako = "Oleksandr Kravchuk <
> open.sou...@oleksandr-kravchuk.com>"
> +RECIPE_MAINTAINER_pn-python3-markupsafe = "Richard Purdie <
> richard.pur...@linuxfoundation.org>"
> RECIPE_MAINTAINER_pn-python3-nose = "Oleksandr Kravchuk <
> open.sou...@oleksandr-kravchuk.com>"
> RECIPE_MAINTAINER_pn-python3-numpy = "Oleksandr Kravchuk <
> open.sou...@oleksandr-kravchuk.com>"
> RECIPE_MAINTAINER_pn-python3-pbr = "Oleksandr Kravchuk <
> open.sou...@oleksandr-kravchuk.com>"
> diff --git a/meta/recipes-devtools/python/python3-markupsafe/run-ptest
> b/meta/recipes-devtools/python/python3-markupsafe/run-ptest
> new file mode 100644
> index 000..5cec7116968
> --- /dev/null
> +++ b/meta/recipes-devtools/python/python3-markupsafe/run-ptest
> @@ -0,0 +1,3 @@
> +#!/bin/sh
> +
> +pytest
> diff --git a/meta/recipes-devtools/python/python3-markupsafe_1.1.1.bb
> b/meta/recipes-devtools/python/python3-markupsafe_1.1.1.bb
> new file mode 100644
> index 000..403a98a43f8
> --- /dev/null
> +++ b/meta/recipes-devtools/python/python3-markupsafe_1.1.1.bb
> @@ -0,0 +1,28 @@
> +DESCRIPTION = "Implements a XML/HTML/XHTML Markup safe string for Python"
> +HOMEPAGE = "http://github.com/mitsuhiko/markupsafe;
> +LICENSE = "BSD-3-Clause"
> +LIC_FILES_CHKSUM =
> "file://LICENSE.rst;md5=ffeffa59c90c9c4a033c7574f8f3fb75"
> +
> +SRC_URI[md5sum] = "43fd756864fe42063068e092e220c57b"
> +SRC_URI[sha256sum] =
> "29872e92839765e546828bb7754a68c418d927cd064fd4708fab9fe9c8bb116b"
> +
> +PYPI_PACKAGE = "MarkupSafe"
> +inherit pypi setuptools3
> +# ptest disabled in OE-Core for now due to missing dependencies
> +
> +RDEPENDS_${PN} += "${PYTHON_PN}-stringold"
> +
> +BBCLASSEXTEND = "native nativesdk"
> +
> +SRC_URI += " \
> + file://run-ptest \
> +"
> +
> +RDEPENDS_${PN}-ptest += " \
> + ${PYTHON_PN}-pytest \
> +"
> +
> +do_install_ptest() {
> + install -d ${D}${PTEST_PATH}/tests
> + cp -f ${S}/tests/* ${D}${PTEST_PATH}/tests/
> +}
> --
> 2.25.1
>
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#142698):
https://lists.openembedded.org/g/openembedded-core/message/142698
Mute This Topic: https://lists.openembedded.org/mt/76988711/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 0/3] Import two python recipes from meta-oe/meta-python
On Mon, Sep 21, 2020 at 5:12 AM Richard Purdie < richard.pur...@linuxfoundation.org> wrote: > We have a slightly pressing situation where the performance test builds > are failing after we cleaned up the system installs on those machines > and tried to switch over to buildtools entirely. > > The issue is the need for jinja2, complicated by the recipe's ptest > dependencies. This series imports them with ptest not inherited, the > idea being meta-python can bbappend and add the inherit. > > The alternatives are either to try and solve this on the performace > test machines using horrible hacks and revert my earlier attempted fix > (which is correct but makes the situation worse), or import pytest > over too which we may ultimately end up doing but probably should > do right now? > > While bringing pytest into oe-core may ultimately make sense, the shear number of dependencies should not be brought in lightly. Given the urgency of the situation, I agree with the approach to only bring in what is necessary and disable ptest for these recipes. I will work on .bbappends for meta-python. Trevor G and I will fix any collateral damage in meta-python. Richard Purdie (3): > python3-markupsafe: Import from meta-oe/meta-python > python3-jinja2: Import from meta-oe/meta-python > buildtools-tarball: Add python3-jinja2 > > meta/conf/distro/include/maintainers.inc | 2 + > meta/recipes-core/meta/buildtools-tarball.bb | 1 + > .../python/python3-jinja2/run-ptest | 3 ++ > .../python/python3-jinja2_2.11.2.bb | 45 +++ > .../python/python3-markupsafe/run-ptest | 3 ++ > .../python/python3-markupsafe_1.1.1.bb| 28 > 6 files changed, 82 insertions(+) > create mode 100644 meta/recipes-devtools/python/python3-jinja2/run-ptest > create mode 100644 meta/recipes-devtools/python/python3-jinja2_2.11.2.bb > create mode 100644 > meta/recipes-devtools/python/python3-markupsafe/run-ptest > create mode 100644 meta/recipes-devtools/python/ > python3-markupsafe_1.1.1.bb > > -- > 2.25.1 > > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#142697): https://lists.openembedded.org/g/openembedded-core/message/142697 Mute This Topic: https://lists.openembedded.org/mt/76988710/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 8/8] New systemtap.bb class, and systemtap-demo.bb to illustrate it.
Le lun. 21 sept. 2020 à 21:46, Richard Purdie < richard.pur...@linuxfoundation.org> a écrit : > On Mon, 2020-09-21 at 16:15 +0200, Yann Dirson wrote: > > From: Yann Dirson > > > > --- > > meta/classes/systemtap.bbclass| 74 +++ > > .../systemtap/systemtap-demo_git.bb | 71 ++ > > 2 files changed, 145 insertions(+) > > create mode 100644 meta/classes/systemtap.bbclass > > create mode 100644 meta/recipes-kernel/systemtap/systemtap-demo_git.bb > > I'm afraid this patch is going to throw warnings all over the > autobuilder, e.g.: > > https://autobuilder.yoctoproject.org/typhoon/#/builders/40/builds/2488 > > (and there will be more). > > We are trying to ensure all warnings are solved so that any that do > show are real issues and this patch would significantly distract from > that. > OK, we could default to built just the handful of probes that should always build, and give instructions for those willing to use the current behaviour. I'm also wary that we're now in feature freeze for release so perhaps > these changes should wait until 3.3? > OK, I can reroll a series with just the fixes. For the rest should I just wait for the gatesgarth branch to be created and resubmit then ? -- Yann Dirson Blade / Shadow -- http://shadow.tech -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#142696): https://lists.openembedded.org/g/openembedded-core/message/142696 Mute This Topic: https://lists.openembedded.org/mt/76990992/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] gettext: no need to depend on bison-native
This was needed because of a backported patch, this patch was dropped
in oe-core c9f8b48 but the removal of the dependency was missed.
Signed-off-by: Ross Burton
---
meta/recipes-core/gettext/gettext_0.21.bb | 7 ++-
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/meta/recipes-core/gettext/gettext_0.21.bb
b/meta/recipes-core/gettext/gettext_0.21.bb
index 54305623dd..3af77bb4c8 100644
--- a/meta/recipes-core/gettext/gettext_0.21.bb
+++ b/meta/recipes-core/gettext/gettext_0.21.bb
@@ -8,11 +8,8 @@ SECTION = "libs"
LICENSE = "GPLv3+ & LGPL-2.1+"
LIC_FILES_CHKSUM = "file://COPYING;md5=c678957b0c8e964aa6c70fd77641a71e"
-# Because po-gram-gen.y has been modified by fix-CVE-2018-18751.patch,
-# it requires yacc which provided by bison-native
-# Please remove bison-native from DEPENDS* when next upgrade
-DEPENDS = "bison-native gettext-native virtual/libiconv"
-DEPENDS_class-native = "bison-native gettext-minimal-native"
+DEPENDS = "gettext-native virtual/libiconv"
+DEPENDS_class-native = "gettext-minimal-native"
PROVIDES = "virtual/libintl virtual/gettext"
PROVIDES_class-native = "virtual/gettext-native"
RCONFLICTS_${PN} = "proxy-libintl"
--
2.28.0
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#142695):
https://lists.openembedded.org/g/openembedded-core/message/142695
Mute This Topic: https://lists.openembedded.org/mt/76999110/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 8/8] New systemtap.bb class, and systemtap-demo.bb to illustrate it.
On Mon, 2020-09-21 at 16:15 +0200, Yann Dirson wrote: > From: Yann Dirson > > --- > meta/classes/systemtap.bbclass| 74 +++ > .../systemtap/systemtap-demo_git.bb | 71 ++ > 2 files changed, 145 insertions(+) > create mode 100644 meta/classes/systemtap.bbclass > create mode 100644 meta/recipes-kernel/systemtap/systemtap-demo_git.bb I'm afraid this patch is going to throw warnings all over the autobuilder, e.g.: https://autobuilder.yoctoproject.org/typhoon/#/builders/40/builds/2488 (and there will be more). We are trying to ensure all warnings are solved so that any that do show are real issues and this patch would significantly distract from that. I'm also wary that we're now in feature freeze for release so perhaps these changes should wait until 3.3? Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#142694): https://lists.openembedded.org/g/openembedded-core/message/142694 Mute This Topic: https://lists.openembedded.org/mt/76990992/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] curl: Change SRC_URI from http to https
The official links on:
https://curl.haxx.se/download.html
use https now and we're seeing this warning:
WARNING: curl-native-7.72.0-r0 do_fetch: Failed to fetch URL
http://curl.haxx.se/download/curl-7.72.0.tar.bz2, attempting MIRRORS if
available
Signed-off-by: Randy MacLeod
---
meta/recipes-support/curl/curl_7.72.0.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-support/curl/curl_7.72.0.bb
b/meta/recipes-support/curl/curl_7.72.0.bb
index a2ae0b6901..7d0268253d 100644
--- a/meta/recipes-support/curl/curl_7.72.0.bb
+++ b/meta/recipes-support/curl/curl_7.72.0.bb
@@ -5,7 +5,7 @@ SECTION = "console/network"
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://COPYING;md5=2e9fb35867314fe31c6a4977ef7dd531"
-SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \
+SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \
file://0001-replace-krb5-config-with-pkg-config.patch \
"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#142693):
https://lists.openembedded.org/g/openembedded-core/message/142693
Mute This Topic: https://lists.openembedded.org/mt/76996512/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] mesa: update 20.1.6 -> 20.1.8
Signed-off-by: Aníbal Limón
---
.../mesa/{mesa-gl_20.1.6.bb => mesa-gl_20.1.8.bb} | 0
meta/recipes-graphics/mesa/mesa.inc | 2 +-
meta/recipes-graphics/mesa/{mesa_20.1.6.bb => mesa_20.1.8.bb} | 0
3 files changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-graphics/mesa/{mesa-gl_20.1.6.bb => mesa-gl_20.1.8.bb}
(100%)
rename meta/recipes-graphics/mesa/{mesa_20.1.6.bb => mesa_20.1.8.bb} (100%)
diff --git a/meta/recipes-graphics/mesa/mesa-gl_20.1.6.bb
b/meta/recipes-graphics/mesa/mesa-gl_20.1.8.bb
similarity index 100%
rename from meta/recipes-graphics/mesa/mesa-gl_20.1.6.bb
rename to meta/recipes-graphics/mesa/mesa-gl_20.1.8.bb
diff --git a/meta/recipes-graphics/mesa/mesa.inc
b/meta/recipes-graphics/mesa/mesa.inc
index af2a5c0f9b..dd4619a06b 100644
--- a/meta/recipes-graphics/mesa/mesa.inc
+++ b/meta/recipes-graphics/mesa/mesa.inc
@@ -23,7 +23,7 @@ SRC_URI =
"https://mesa.freedesktop.org/archive/mesa-${PV}.tar.xz \
file://0001-meson-misdetects-64bit-atomics-on-mips-clang.patch \
"
-SRC_URI[sha256sum] =
"23bed40114b03ad640c95bfe72cc879ed2f941d0d481b77b5204a1fc567fa93c"
+SRC_URI[sha256sum] =
"df21351494f7caaec5a3ccc16f14f15512e98d2ecde178bba1d134edc899b961"
UPSTREAM_CHECK_GITTAGREGEX = "mesa-(?P\d+(\.\d+)+)"
diff --git a/meta/recipes-graphics/mesa/mesa_20.1.6.bb
b/meta/recipes-graphics/mesa/mesa_20.1.8.bb
similarity index 100%
rename from meta/recipes-graphics/mesa/mesa_20.1.6.bb
rename to meta/recipes-graphics/mesa/mesa_20.1.8.bb
--
2.28.0
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#142692):
https://lists.openembedded.org/g/openembedded-core/message/142692
Mute This Topic: https://lists.openembedded.org/mt/76993790/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] testexport: rename create_tarball method
as otherwise when using it in combination with archiver.bbclass we would
have 2 methods of the same name but with different signatures
leading to various hard to understand exceptions
Signed-off-by: Konrad Weihmann
---
meta/classes/testexport.bbclass | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/meta/classes/testexport.bbclass b/meta/classes/testexport.bbclass
index 59cbaefbf9..1b0fb44a4a 100644
--- a/meta/classes/testexport.bbclass
+++ b/meta/classes/testexport.bbclass
@@ -137,7 +137,7 @@ def copy_needed_files(d, tc):
shutil.rmtree(os.path.join(subdir, dir))
# Create tar file for common parts of testexport
-create_tarball(d, "testexport.tar.gz", d.getVar("TEST_EXPORT_DIR"))
+testexport_create_tarball(d, "testexport.tar.gz",
d.getVar("TEST_EXPORT_DIR"))
# Copy packages needed for runtime testing
package_extraction(d, tc.suites)
@@ -146,7 +146,7 @@ def copy_needed_files(d, tc):
export_pkg_dir = os.path.join(d.getVar("TEST_EXPORT_DIR"), "packages")
oe.path.copytree(test_pkg_dir, export_pkg_dir)
# Create tar file for packages needed by the DUT
-create_tarball(d, "testexport_packages_%s.tar.gz" %
d.getVar("MACHINE"), export_pkg_dir)
+testexport_create_tarball(d, "testexport_packages_%s.tar.gz" %
d.getVar("MACHINE"), export_pkg_dir)
# Copy SDK
if d.getVar("TEST_EXPORT_SDK_ENABLED") == "1":
@@ -159,11 +159,11 @@ def copy_needed_files(d, tc):
shutil.copy2(tarball_path, export_sdk_dir)
# Create tar file for the sdk
-create_tarball(d, "testexport_sdk_%s.tar.gz" % d.getVar("SDK_ARCH"),
export_sdk_dir)
+testexport_create_tarball(d, "testexport_sdk_%s.tar.gz" %
d.getVar("SDK_ARCH"), export_sdk_dir)
bb.plain("Exported tests to: %s" % export_path)
-def create_tarball(d, tar_name, src_dir):
+def testexport_create_tarball(d, tar_name, src_dir):
import tarfile
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#142691):
https://lists.openembedded.org/g/openembedded-core/message/142691
Mute This Topic: https://lists.openembedded.org/mt/76991268/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 7/8] kernel: consider vmlinux a build artifact, so systemtap can use it
From: Yann Dirson
Cross-building a systemtap module requires access to debug information.
---
meta/classes/kernel.bbclass | 4
1 file changed, 4 insertions(+)
diff --git a/meta/classes/kernel.bbclass b/meta/classes/kernel.bbclass
index 48135b3d41..fd2355bb68 100644
--- a/meta/classes/kernel.bbclass
+++ b/meta/classes/kernel.bbclass
@@ -495,6 +495,10 @@ do_shared_workdir () {
cp signing_key.* $kerneldir/
fi
+# Copy vmlinux, needed by recipes depending on kernel debuginfo,
+# like systemtap modules
+cp vmlinux $kerneldir/
+
# We can also copy over all the generated files and avoid special cases
# like version.h, but we've opted to keep this small until file creep
starts
# to happen
--
2.28.0
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#142689):
https://lists.openembedded.org/g/openembedded-core/message/142689
Mute This Topic: https://lists.openembedded.org/mt/76990991/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 0/8] systemtap improvements
From: Yann Dirson The goal of this series is to allow for packages to provide systemtap probes and get them cross-compiled on the host, shipping only the minimal runtime in the filesystem. People willing to build the probes on target can continue to do so with no changes for some many users, but usage of python probes now requires systemtap-python. This series also includes unrelated fixes to the systemtap packaging, on which I stumbled while on the main subject. Of note is the "fix finding proper System.map" patch, for which I wonder if the real fix would not be to keep an unversionned System.map file in kernel_build_tree, so stay compatible with upstream kernel. Yann Dirson (8): systemtap: split examples and python scripts out of main package systemtap: remove extra dependencies systemtap: clarify the relation between exporter and python3-probes feature systemtap: fix install when python3-probes is disabled in PACKAGECONFIG systemtap: split runtime material in its own package systemtap-native: fix finding proper System.map kernel: consider vmlinux a build artifact, so systemtap can use it New systemtap.bb class, and systemtap-demo.bb to illustrate it. meta/classes/kernel.bbclass | 4 + meta/classes/systemtap.bbclass| 74 +++ .../systemtap/systemtap-demo_git.bb | 71 ++ .../systemtap/systemtap-native_git.bb | 6 ++ .../systemtap/system-map-location.patch | 26 +++ .../recipes-kernel/systemtap/systemtap_git.bb | 38 -- 6 files changed, 213 insertions(+), 6 deletions(-) create mode 100644 meta/classes/systemtap.bbclass create mode 100644 meta/recipes-kernel/systemtap/systemtap-demo_git.bb create mode 100644 meta/recipes-kernel/systemtap/systemtap/system-map-location.patch -- 2.28.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#142682): https://lists.openembedded.org/g/openembedded-core/message/142682 Mute This Topic: https://lists.openembedded.org/mt/76990982/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 3/8] systemtap: clarify the relation between exporter and python3-probes feature
From: Yann Dirson
---
meta/recipes-kernel/systemtap/systemtap_git.bb | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/meta/recipes-kernel/systemtap/systemtap_git.bb
b/meta/recipes-kernel/systemtap/systemtap_git.bb
index 375e570454..89f550c859 100644
--- a/meta/recipes-kernel/systemtap/systemtap_git.bb
+++ b/meta/recipes-kernel/systemtap/systemtap_git.bb
@@ -27,15 +27,13 @@ PACKAGECONFIG[python3-probes] =
"--with-python3-probes,--without-python3-probes,
inherit autotools gettext pkgconfig distutils3-base systemd
+# exporter comes with python3-probes
PACKAGES =+ "${PN}-exporter"
-
FILES_${PN}-exporter = "${sysconfdir}/stap-exporter/* \
${sysconfdir}/sysconfig/stap-exporter \
${systemd_unitdir}/system/stap-exporter.service \
${sbindir}/stap-exporter"
-
RDEPENDS_${PN}-exporter = "${PN} python3-core python3-netclient"
-
SYSTEMD_SERVICE_${PN}-exporter = "stap-exporter.service"
PACKAGES =+ "${PN}-examples"
--
2.28.0
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#142685):
https://lists.openembedded.org/g/openembedded-core/message/142685
Mute This Topic: https://lists.openembedded.org/mt/76990985/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 5/8] systemtap: split runtime material in its own package
From: Yann Dirson
Note the _class-target qualifier, here to prevent a funky dependency of
systemtap-native on systemtap-native-runtime-native. This possibly hints
to something deeper ?
---
meta/recipes-kernel/systemtap/systemtap_git.bb | 9 +
1 file changed, 9 insertions(+)
diff --git a/meta/recipes-kernel/systemtap/systemtap_git.bb
b/meta/recipes-kernel/systemtap/systemtap_git.bb
index 74bf7cb35c..8dad5b15f0 100644
--- a/meta/recipes-kernel/systemtap/systemtap_git.bb
+++ b/meta/recipes-kernel/systemtap/systemtap_git.bb
@@ -36,6 +36,15 @@ FILES_${PN}-exporter = "${sysconfdir}/stap-exporter/* \
RDEPENDS_${PN}-exporter = "${PN} python3-core python3-netclient"
SYSTEMD_SERVICE_${PN}-exporter = "stap-exporter.service"
+PACKAGES =+ "${PN}-runtime"
+FILES_${PN}-runtime = "\
+ ${bindir}/staprun \
+ ${bindir}/stap-merge \
+ ${bindir}/stapsh \
+ ${libexecdir}/${BPN}/stapio \
+"
+RDEPENDS_${PN}_class-target += "${PN}-runtime"
+
PACKAGES =+ "${PN}-examples"
FILES_${PN}-examples = "${datadir}/${BPN}/examples/"
RDEPENDS_${PN}-examples += "${PN}"
--
2.28.0
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#142687):
https://lists.openembedded.org/g/openembedded-core/message/142687
Mute This Topic: https://lists.openembedded.org/mt/76990988/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 8/8] New systemtap.bb class, and systemtap-demo.bb to illustrate it.
From: Yann Dirson
---
meta/classes/systemtap.bbclass| 74 +++
.../systemtap/systemtap-demo_git.bb | 71 ++
2 files changed, 145 insertions(+)
create mode 100644 meta/classes/systemtap.bbclass
create mode 100644 meta/recipes-kernel/systemtap/systemtap-demo_git.bb
diff --git a/meta/classes/systemtap.bbclass b/meta/classes/systemtap.bbclass
new file mode 100644
index 00..928202c1ff
--- /dev/null
+++ b/meta/classes/systemtap.bbclass
@@ -0,0 +1,74 @@
+# A bbclass to cross-build systemtap (.stp) scripts and install them
+# suitably for on-target usage with staprun. All compiled .ko files
+# are installed directly in /lib/modules/${KERNEL_VERSION}/systemtap/
+# so their names must be unique.
+
+# FIXME:
+# - cannot handle building a probe several times with different args
+
+# verbosity flags easy to override and amend
+STAP_FLAGS = "-v"
+#STAP_FLAGS += "-B V=1"
+
+# set to "1" to avoid failing on first error
+STAP_WARNONLY = "0"
+
+# Should be absolute (use ${S}, ${WORKDIR}, etc)
+# .stp scripts to be compiled and installed.
+STAP_SCRIPTS ??= ""
+# subset of STAP_SCRIPTS not to compile (exclusion from glob pattern)
+STAP_EXCLUDE_SCRIPTS ??= ""
+
+STAP_OUT ??= "${B}/systemtap"
+
+inherit module-base
+
+DEPENDS += "systemtap-native"
+
+STAPCMD = "stap -p4 ${STAP_FLAGS}"
+STAPCMD += "-a '${ARCH}' -B CROSS_COMPILE='${CROSS_COMPILE}'"
+STAPCMD += "-r '${STAGING_KERNEL_BUILDDIR}'"
+
+# FIXME: most of those should be in the scope of systemtap-native
+STAPCMD += "--sysroot='${RECIPE_SYSROOT}'"
+STAPCMD += "-R '${RECIPE_SYSROOT_NATIVE}${datadir}/systemtap/runtime'"
+STAPCMD += "-I '${RECIPE_SYSROOT_NATIVE}${datadir}/systemtap/tapset'"
+
+## FIXME workaround LDFLAGS not being made for ld
+TARGET_LDFLAGS="-O1 --hash-style=gnu --as-needed"
+
+do_compile_append() {
+rm -rf ${STAP_OUT}
+mkdir -p ${STAP_OUT}
+# expand glob patterns
+stap_scripts=$(echo ${STAP_SCRIPTS})
+stap_exclude_scripts=$(echo ${STAP_EXCLUDE_SCRIPTS})
+for s in ${stap_scripts}; do
+m=$(basename ${s%.stp})
+m=$(printf $m | tr -c '[:alnum:]' _)
+case " ${stap_exclude_scripts} " in
+ *\ $s\ *) continue ;;
+esac
+eval extraflags=\${STAP_EXTRAFLAGS_$m}
+(
+cd ${STAP_OUT}
+[ ! -e "$m.ko" ] || bbwarn "compiling $s: $m.ko already exists"
+if ! ${STAPCMD} ${extraflags} -m "$m" "$s"; then
+if [ "${STAP_WARNONLY}" = 1 ]; then
+bbwarn "build failure for $s"
+else
+bbfatal "build failure for $s"
+fi
+fi
+)
+done
+}
+
+do_install_append() {
+DST=${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/systemtap
+install -d -m755 ${DST}
+install -m644 ${STAP_OUT}/*.ko ${DST}/
+}
+
+FILES_${PN} += "${nonarch_base_libdir}/modules"
+RRECOMMENDS_${PN} += "systemtap-runtime"
diff --git a/meta/recipes-kernel/systemtap/systemtap-demo_git.bb
b/meta/recipes-kernel/systemtap/systemtap-demo_git.bb
new file mode 100644
index 00..f6b6c40cc1
--- /dev/null
+++ b/meta/recipes-kernel/systemtap/systemtap-demo_git.bb
@@ -0,0 +1,71 @@
+require systemtap_git.inc
+
+# FIXME just to avoid looking for patches we don't care about
+SRC_URI = "git://sourceware.org/git/systemtap.git"
+
+inherit systemtap
+
+STAP_SCRIPTS = "\
+ ${S}/testsuite/systemtap.examples/*/*.stp \
+"
+
+# Many scripts have specific needs, so we don't really care if they don't
build,
+# and there are too many of them to exclude them manually, so we just tell the
build
+# to issue warnings on build failures:
+# - specific kernel symbols, depending on specific kernel config options
+# - files on disk for userspace instrumentation
+# - FIXME but also plain oversights of this packaging (kernel.trace ?)
+STAP_WARNONLY = "1"
+
+export STAP_EXTRAFLAGS_badname = "-g"
+export STAP_EXTRAFLAGS_keyhack = "-g"
+export STAP_EXTRAFLAGS_eatmydata = "-g"
+export STAP_EXTRAFLAGS_ttyspy = "-g"
+
+# those require parameters
+STAP_EXCLUDE_SCRIPTS = "\
+ ${S}/testsuite/systemtap.examples/general/callgraph.stp \
+ ${S}/testsuite/systemtap.examples/general/eventcount.stp \
+ ${S}/testsuite/systemtap.examples/general/func_time_stats.stp \
+ ${S}/testsuite/systemtap.examples/general/para-callgraph-verbose.stp \
+ ${S}/testsuite/systemtap.examples/general/para-callgraph.stp \
+ ${S}/testsuite/systemtap.examples/general/py2example.stp \
+ ${S}/testsuite/systemtap.examples/general/py3example.stp \
+ ${S}/testsuite/systemtap.examples/general/regex.stp \
+ ${S}/testsuite/systemtap.examples/general/sizeof.stp \
+ ${S}/testsuite/systemtap.examples/general/sizeof_interactive.stp \
+ ${S}/testsuite/systemtap.examples/general/varwatch.stp \
+ ${S}/testsuite/systemtap.examples/general/watchdog.stp \
+ ${S}/testsuite/systemtap.examples/general/whythefail.stp \
+ ${S}/testsuite/systemtap.examples/io/deviceseeks.stp \
+
[OE-core] [PATCH 4/8] systemtap: fix install when python3-probes is disabled in PACKAGECONFIG
From: Yann Dirson
---
meta/recipes-kernel/systemtap/systemtap_git.bb | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-kernel/systemtap/systemtap_git.bb
b/meta/recipes-kernel/systemtap/systemtap_git.bb
index 89f550c859..74bf7cb35c 100644
--- a/meta/recipes-kernel/systemtap/systemtap_git.bb
+++ b/meta/recipes-kernel/systemtap/systemtap_git.bb
@@ -66,7 +66,7 @@ do_install_append () {
rm ${D}${libexecdir}/${PN}/stap-env
fi
- if [ ${D}${prefix}/lib != `dirname ${D}${systemd_unitdir}` ]; then
+ if [ -d ${D}${prefix}/lib/systemd -a ${D}${prefix}/lib != `dirname
${D}${systemd_unitdir}` ]; then
# Fix makefile hardcoded path assumptions for systemd (assumes $prefix)
# without usrmerge distro feature enabled
install -d `dirname ${D}${systemd_unitdir}`
@@ -75,7 +75,9 @@ do_install_append () {
fi
# Ensure correct ownership for files copied in
- chown root:root ${D}${sysconfdir}/stap-exporter/* -R
+ if [ -d ${D}${sysconfdir}/stap-exporter ]; then
+ chown root:root ${D}${sysconfdir}/stap-exporter/* -R
+ fi
}
BBCLASSEXTEND = "nativesdk"
--
2.28.0
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#142686):
https://lists.openembedded.org/g/openembedded-core/message/142686
Mute This Topic: https://lists.openembedded.org/mt/76990987/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 6/8] systemtap-native: fix finding proper System.map
From: Yann Dirson
Upstream looks for unversionned System.map file in kernel_build_tree,
and if this fails goes for versionned filename in $sysroot/boot/.
OTOH we have a versionned filename in kernel_build_tree.
---
.../systemtap/systemtap-native_git.bb | 6 +
.../systemtap/system-map-location.patch | 26 +++
2 files changed, 32 insertions(+)
create mode 100644
meta/recipes-kernel/systemtap/systemtap/system-map-location.patch
diff --git a/meta/recipes-kernel/systemtap/systemtap-native_git.bb
b/meta/recipes-kernel/systemtap/systemtap-native_git.bb
index 19cc1cf0f0..e24abcc2d6 100644
--- a/meta/recipes-kernel/systemtap/systemtap-native_git.bb
+++ b/meta/recipes-kernel/systemtap/systemtap-native_git.bb
@@ -3,4 +3,10 @@ require systemtap_git.bb
inherit native
+# don't look in /boot, and use kernel version to find proper
+# System.map-xxx in kernel build tree
+SRC_URI += "\
+ file://system-map-location.patch \
+"
+
addtask addto_recipe_sysroot after do_populate_sysroot before do_build
diff --git a/meta/recipes-kernel/systemtap/systemtap/system-map-location.patch
b/meta/recipes-kernel/systemtap/systemtap/system-map-location.patch
new file mode 100644
index 00..61e477bf69
--- /dev/null
+++ b/meta/recipes-kernel/systemtap/systemtap/system-map-location.patch
@@ -0,0 +1,26 @@
+Index: git/session.cxx
+===
+--- git.orig/session.cxx
git/session.cxx
+@@ -2021,20 +2021,12 @@ systemtap_session::parse_kernel_exports
+ int
+ systemtap_session::parse_kernel_functions ()
+ {
+- string system_map_path = kernel_build_tree + "/System.map";
++ string system_map_path = kernel_build_tree + "/System.map-" +
kernel_release;
+ ifstream system_map;
+
+ system_map.open(system_map_path.c_str(), ifstream::in);
+ if (! system_map.is_open())
+ {
+- if (verbose > 1)
+- clog << _F("Kernel symbol table %s unavailable, (%s)",
+- system_map_path.c_str(), strerror(errno)) << endl;
+-
+- system_map_path = sysroot + "/boot/System.map-" + kernel_release;
+- system_map.clear();
+- system_map.open(system_map_path.c_str(), ifstream::in);
+- if (! system_map.is_open())
+ {
+ if (verbose > 1)
+ clog << _F("Kernel symbol table %s unavailable, (%s)",
--
2.28.0
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#142688):
https://lists.openembedded.org/g/openembedded-core/message/142688
Mute This Topic: https://lists.openembedded.org/mt/76990989/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 1/8] systemtap: split examples and python scripts out of main package
From: Yann Dirson
---
meta/recipes-kernel/systemtap/systemtap_git.bb | 17 +
1 file changed, 17 insertions(+)
diff --git a/meta/recipes-kernel/systemtap/systemtap_git.bb
b/meta/recipes-kernel/systemtap/systemtap_git.bb
index 1c9f2aed16..e98aff1851 100644
--- a/meta/recipes-kernel/systemtap/systemtap_git.bb
+++ b/meta/recipes-kernel/systemtap/systemtap_git.bb
@@ -38,6 +38,23 @@ RDEPENDS_${PN}-exporter = "${PN} python3-core
python3-netclient"
SYSTEMD_SERVICE_${PN}-exporter = "stap-exporter.service"
+PACKAGES =+ "${PN}-examples"
+FILES_${PN}-examples = "${datadir}/${BPN}/examples/"
+RDEPENDS_${PN}-examples += "${PN}"
+
+# don't complain that some examples involve bash, perl, php...
+INSANE_SKIP_${PN}-examples += "file-rdeps"
+
+PACKAGES =+ "${PN}-python"
+FILES_${PN}-python += "\
+ ${bindir}/dtrace \
+ ${libdir}/python*/ \
+ ${libexecdir}/${BPN}/python/ \
+"
+# python material requires sdt headers
+RDEPENDS_${PN}-python += "${PN}-dev python3-core"
+INSANE_SKIP_${PN}-python += "dev-deps"
+
do_configure_prepend () {
# Improve reproducibility for c++ object files
reltivepath="${@os.path.relpath(d.getVar('STAGING_INCDIR'),
d.getVar('S'))}"
--
2.28.0
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#142683):
https://lists.openembedded.org/g/openembedded-core/message/142683
Mute This Topic: https://lists.openembedded.org/mt/76990983/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 2/8] systemtap: remove extra dependencies
From: Yann Dirson
Most of the RDEPENDS part of PACKAGECONFIG[translator] appears to be related to
examples only.
---
meta/recipes-kernel/systemtap/systemtap_git.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-kernel/systemtap/systemtap_git.bb
b/meta/recipes-kernel/systemtap/systemtap_git.bb
index e98aff1851..375e570454 100644
--- a/meta/recipes-kernel/systemtap/systemtap_git.bb
+++ b/meta/recipes-kernel/systemtap/systemtap_git.bb
@@ -19,7 +19,7 @@ STAP_DOCS ?= "--disable-docs --disable-publican
--disable-refdocs"
EXTRA_OECONF += "${STAP_DOCS} "
PACKAGECONFIG ??= "translator sqlite monitor python3-probes"
-PACKAGECONFIG[translator] =
"--enable-translator,--disable-translator,boost,python3-core bash perl"
+PACKAGECONFIG[translator] =
"--enable-translator,--disable-translator,boost,bash"
PACKAGECONFIG[libvirt] = "--enable-libvirt,--disable-libvirt,libvirt"
PACKAGECONFIG[sqlite] = "--enable-sqlite,--disable-sqlite,sqlite3"
PACKAGECONFIG[monitor] = "--enable-monitor,--disable-monitor,ncurses json-c"
--
2.28.0
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#142684):
https://lists.openembedded.org/g/openembedded-core/message/142684
Mute This Topic: https://lists.openembedded.org/mt/76990984/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] kernel-fitimage: generate openssl RSA keys for signing fitimage
On 21/09/2020 14:03, Richard Purdie wrote:
On Tue, 2020-09-08 at 13:28 +0100, Usama Arif wrote:
The keys are only generated if they dont exist. The key
generation can be turned off by setting FIT_GENERATE_KEYS to "0".
The default key length for private keys is 2048 and the default
format for public key certificate is x.509.
Signed-off-by: Usama Arif
---
meta/classes/kernel-fitimage.bbclass | 44
1 file changed, 44 insertions(+)
I'm worried about this as keys are generally something the user needs
to handle carefully. Making it all "magic" means that a missing key
might not throw an error when it should and also, someone might not
save the keys when they might need to.
To make sure the keys exists, we could check in step 7 of
fitimage_assemble that ${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key
and ${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt exist if
UBOOT_SIGN_ENABLE is set to 1?
Perhaps this code should need to be explicitly enabled?
By explicitly enable do you mean change the ?= to = in the below line?
FIT_GENERATE_KEYS ?= "${@bb.utils.contains('UBOOT_SIGN_ENABLE', '1',
'1', '0', d)}"
I actually think that keeping ?= is a good idea as users might want to
use some other key not generated by oe-core, so they can choose to
disable FIT_GENERATE_KEYS.
Thanks for the review!
Usama
Cheers,
Richard
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#142681):
https://lists.openembedded.org/g/openembedded-core/message/142681
Mute This Topic: https://lists.openembedded.org/mt/76707315/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] kernel-fitimage: generate openssl RSA keys for signing fitimage
On Tue, 2020-09-08 at 13:28 +0100, Usama Arif wrote: > The keys are only generated if they dont exist. The key > generation can be turned off by setting FIT_GENERATE_KEYS to "0". > The default key length for private keys is 2048 and the default > format for public key certificate is x.509. > > Signed-off-by: Usama Arif > --- > meta/classes/kernel-fitimage.bbclass | 44 > 1 file changed, 44 insertions(+) I'm worried about this as keys are generally something the user needs to handle carefully. Making it all "magic" means that a missing key might not throw an error when it should and also, someone might not save the keys when they might need to. Perhaps this code should need to be explicitly enabled? Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#142680): https://lists.openembedded.org/g/openembedded-core/message/142680 Mute This Topic: https://lists.openembedded.org/mt/76707315/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 2/3] python3-jinja2: Import from meta-oe/meta-python
This is used by some of the results handling code and needed as part of buildtools tarball on various autobuilder worker for testing. ptest is disabled for OE-Core, at least for now since it depends on python3-pytest which in turn has may other dependencies. Signed-off-by: Richard Purdie --- meta/conf/distro/include/maintainers.inc | 1 + .../python/python3-jinja2/run-ptest | 3 ++ .../python/python3-jinja2_2.11.2.bb | 45 +++ 3 files changed, 49 insertions(+) create mode 100644 meta/recipes-devtools/python/python3-jinja2/run-ptest create mode 100644 meta/recipes-devtools/python/python3-jinja2_2.11.2.bb diff --git a/meta/conf/distro/include/maintainers.inc b/meta/conf/distro/include/maintainers.inc index 84f473290ab..d349382cb9d 100644 --- a/meta/conf/distro/include/maintainers.inc +++ b/meta/conf/distro/include/maintainers.inc @@ -589,6 +589,7 @@ RECIPE_MAINTAINER_pn-python3-extras = "Oleksandr Kravchuk -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#142678): https://lists.openembedded.org/g/openembedded-core/message/142678 Mute This Topic: https://lists.openembedded.org/mt/76988712/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 1/3] python3-markupsafe: Import from meta-oe/meta-python
Needed as a dependency of python3-jinja2. ptest is disabled for OE-Core, at
least for now since it depends on python3-pytest which in turn has may other
dependencies.
Signed-off-by: Richard Purdie
---
meta/conf/distro/include/maintainers.inc | 1 +
.../python/python3-markupsafe/run-ptest | 3 ++
.../python/python3-markupsafe_1.1.1.bb| 28 +++
3 files changed, 32 insertions(+)
create mode 100644 meta/recipes-devtools/python/python3-markupsafe/run-ptest
create mode 100644 meta/recipes-devtools/python/python3-markupsafe_1.1.1.bb
diff --git a/meta/conf/distro/include/maintainers.inc
b/meta/conf/distro/include/maintainers.inc
index a094b39b2af..84f473290ab 100644
--- a/meta/conf/distro/include/maintainers.inc
+++ b/meta/conf/distro/include/maintainers.inc
@@ -592,6 +592,7 @@ RECIPE_MAINTAINER_pn-python3-iniparse = "Oleksandr Kravchuk
http://github.com/mitsuhiko/markupsafe;
+LICENSE = "BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE.rst;md5=ffeffa59c90c9c4a033c7574f8f3fb75"
+
+SRC_URI[md5sum] = "43fd756864fe42063068e092e220c57b"
+SRC_URI[sha256sum] =
"29872e92839765e546828bb7754a68c418d927cd064fd4708fab9fe9c8bb116b"
+
+PYPI_PACKAGE = "MarkupSafe"
+inherit pypi setuptools3
+# ptest disabled in OE-Core for now due to missing dependencies
+
+RDEPENDS_${PN} += "${PYTHON_PN}-stringold"
+
+BBCLASSEXTEND = "native nativesdk"
+
+SRC_URI += " \
+ file://run-ptest \
+"
+
+RDEPENDS_${PN}-ptest += " \
+ ${PYTHON_PN}-pytest \
+"
+
+do_install_ptest() {
+ install -d ${D}${PTEST_PATH}/tests
+ cp -f ${S}/tests/* ${D}${PTEST_PATH}/tests/
+}
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#142677):
https://lists.openembedded.org/g/openembedded-core/message/142677
Mute This Topic: https://lists.openembedded.org/mt/76988711/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 0/3] Import two python recipes from meta-oe/meta-python
We have a slightly pressing situation where the performance test builds are failing after we cleaned up the system installs on those machines and tried to switch over to buildtools entirely. The issue is the need for jinja2, complicated by the recipe's ptest dependencies. This series imports them with ptest not inherited, the idea being meta-python can bbappend and add the inherit. The alternatives are either to try and solve this on the performace test machines using horrible hacks and revert my earlier attempted fix (which is correct but makes the situation worse), or import pytest over too which we may ultimately end up doing but probably should do right now? Richard Purdie (3): python3-markupsafe: Import from meta-oe/meta-python python3-jinja2: Import from meta-oe/meta-python buildtools-tarball: Add python3-jinja2 meta/conf/distro/include/maintainers.inc | 2 + meta/recipes-core/meta/buildtools-tarball.bb | 1 + .../python/python3-jinja2/run-ptest | 3 ++ .../python/python3-jinja2_2.11.2.bb | 45 +++ .../python/python3-markupsafe/run-ptest | 3 ++ .../python/python3-markupsafe_1.1.1.bb| 28 6 files changed, 82 insertions(+) create mode 100644 meta/recipes-devtools/python/python3-jinja2/run-ptest create mode 100644 meta/recipes-devtools/python/python3-jinja2_2.11.2.bb create mode 100644 meta/recipes-devtools/python/python3-markupsafe/run-ptest create mode 100644 meta/recipes-devtools/python/python3-markupsafe_1.1.1.bb -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#142676): https://lists.openembedded.org/g/openembedded-core/message/142676 Mute This Topic: https://lists.openembedded.org/mt/76988710/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 3/3] buildtools-tarball: Add python3-jinja2
This is used by various pieces of the result handling code, particularly the performance testing and we're seeing autobuilder failures that are easiest resolved using this. Signed-off-by: Richard Purdie --- meta/recipes-core/meta/buildtools-tarball.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/recipes-core/meta/buildtools-tarball.bb b/meta/recipes-core/meta/buildtools-tarball.bb index 75b71f55327..ef56f76fa71 100644 --- a/meta/recipes-core/meta/buildtools-tarball.bb +++ b/meta/recipes-core/meta/buildtools-tarball.bb @@ -11,6 +11,7 @@ TOOLCHAIN_HOST_TASK ?= "\ nativesdk-python3-modules \ nativesdk-python3-misc \ nativesdk-python3-git \ +nativesdk-python3-jinja2 \ nativesdk-python3-testtools \ nativesdk-python3-subunit \ nativesdk-ncurses-terminfo-base \ -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#142679): https://lists.openembedded.org/g/openembedded-core/message/142679 Mute This Topic: https://lists.openembedded.org/mt/76988713/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] kernel-fitimage: generate openssl RSA keys for signing fitimage
Hi,
Just wanted to check if there were any review comments for this patch?
Thanks,
Usama
On 08/09/2020 13:43, Usama Arif via lists.openembedded.org wrote:
On 08/09/2020 13:28, Usama Arif wrote:
The keys are only generated if they dont exist. The key
generation can be turned off by setting FIT_GENERATE_KEYS to "0".
The default key length for private keys is 2048 and the default
format for public key certificate is x.509.
Signed-off-by: Usama Arif
---
meta/classes/kernel-fitimage.bbclass | 44
1 file changed, 44 insertions(+)
diff --git a/meta/classes/kernel-fitimage.bbclass
b/meta/classes/kernel-fitimage.bbclass
index fa4ea6feef..1fa8c8f05c 100644
--- a/meta/classes/kernel-fitimage.bbclass
+++ b/meta/classes/kernel-fitimage.bbclass
@@ -56,6 +56,22 @@ FIT_HASH_ALG ?= "sha256"
# fitImage Signature Algo
FIT_SIGN_ALG ?= "rsa2048"
+# Generate keys for signing fitImage
+FIT_GENERATE_KEYS ?= "${@bb.utils.contains('UBOOT_SIGN_ENABLE', '1',
'1', '0', d)}"
+
+# Size of private key in number of bits
+FIT_SIGN_NUMBITS ?= "2048"
+
+# args to openssl genrsa (Default is just the public exponent)
+FIT_KEY_GENRSA_ARGS ?= "-F4"
+
+# args to openssl req (Default is -batch for non interactive mode and
+# -new for new certificate)
+FIT_KEY_REQ_ARGS ?= "-batch -new"
+
+# Standard format for public key certificate
+FIT_KEY_SIGN_PKCS ?= "-x509"
+
#
# Emit the fitImage ITS header
#
@@ -522,6 +538,34 @@ do_assemble_fitimage_initramfs() {
addtask assemble_fitimage_initramfs before do_deploy after
do_bundle_initramfs
+do_generate_rsa_keys() {
+ if [ "${UBOOT_SIGN_ENABLE}" = "0" ] && [ "${FIT_GENERATE_KEYS}" =
"1" ]; then
+ bbwarn "FIT_GENERATE_KEYS is set to 1 eventhough
UBOOT_SIGN_ENABLE is set to 0. The keys will not be generated as they
won't be used."
+ fi
+
+ if [ "${UBOOT_SIGN_ENABLE}" = "1" ] && [ "${FIT_GENERATE_KEYS}" =
"1" ]; then
+
+ # Generate keys only if they don't already exist
+ if [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key ]
|| \
+ [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt];
then
+
+ # make directory if it does not already exist
+ mkdir -p "${UBOOT_SIGN_KEYDIR}"
+
+ echo "Generating RSA private key for signing fitImage"
+ openssl genrsa ${FIT_KEY_GENRSA_ARGS} -out \
+ "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \
+ "${FIT_SIGN_NUMBITS}"
+
+ echo "Generating certificate for signing fitImage"
+ openssl req ${FIT_KEY_REQ_ARGS} "${FIT_KEY_SIGN_PKCS}" \
+ -key "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \
+ -out "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt
+ fi
+ fi
+}
+
+addtask generate_rsa_keys before do_assemble_fitimage after do_compile
kernel_do_deploy[vardepsexclude] = "DATETIME"
kernel_do_deploy_append() {
The relevant yocto-docs changes for this patch are in
https://lists.yoctoproject.org/g/docs/message/340
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#142675):
https://lists.openembedded.org/g/openembedded-core/message/142675
Mute This Topic: https://lists.openembedded.org/mt/76707315/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH][dunfell 2/2] libx11: fix CVE-2020-14363
From: Chee Yang Lee Signed-off-by: Chee Yang Lee --- .../xorg-lib/libx11/CVE-2020-14363.patch | 36 +++ .../recipes-graphics/xorg-lib/libx11_1.6.9.bb | 1 + 2 files changed, 37 insertions(+) create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2020-14363.patch diff --git a/meta/recipes-graphics/xorg-lib/libx11/CVE-2020-14363.patch b/meta/recipes-graphics/xorg-lib/libx11/CVE-2020-14363.patch new file mode 100644 index 00..60045e2890 --- /dev/null +++ b/meta/recipes-graphics/xorg-lib/libx11/CVE-2020-14363.patch @@ -0,0 +1,36 @@ +From acdaaadcb3d85c61fd43669fc5dddf0f8c3f911d Mon Sep 17 00:00:00 2001 +From: Matthieu Herrb +Date: Thu, 13 Aug 2020 18:02:58 +0200 +Subject: [PATCH] Fix an integer overflow in init_om() + +CVE-2020-14363 + +This can lead to a double free later, as reported by Jayden Rivers. + +Signed-off-by: Matthieu Herrb + +Upstream-Status: Backport +[https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/acdaaadcb3d85c61fd43669fc5dddf0f8c3f911d] +CVE: CVE-2020-14363 +Signed-off-by: Chee Yang Lee +--- + modules/om/generic/omGeneric.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/modules/om/generic/omGeneric.c b/modules/om/generic/omGeneric.c +index c44acb88..406cec93 100644 +--- a/modules/om/generic/omGeneric.c b/modules/om/generic/omGeneric.c +@@ -1908,7 +1908,8 @@ init_om( + char **required_list; + XOrientation *orientation; + char **value, buf[BUFSIZ], *bufptr; +-int count = 0, num = 0, length = 0; ++int count = 0, num = 0; ++unsigned int length = 0; + + _XlcGetResource(lcd, "XLC_FONTSET", "on_demand_loading", , ); + if (count > 0 && _XlcCompareISOLatin1(*value, "True") == 0) +-- +GitLab + diff --git a/meta/recipes-graphics/xorg-lib/libx11_1.6.9.bb b/meta/recipes-graphics/xorg-lib/libx11_1.6.9.bb index 84e0e4457e..ebd2640743 100644 --- a/meta/recipes-graphics/xorg-lib/libx11_1.6.9.bb +++ b/meta/recipes-graphics/xorg-lib/libx11_1.6.9.bb @@ -14,6 +14,7 @@ SRC_URI += "file://Fix-hanging-issue-in-_XReply.patch \ file://disable_tests.patch \ file://libx11-whitespace.patch \ file://CVE-2020-14344.patch \ +file://CVE-2020-14363.patch \ " SRC_URI[md5sum] = "55adbfb6d4370ecac5e70598c4e7eed2" -- 2.17.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#142674): https://lists.openembedded.org/g/openembedded-core/message/142674 Mute This Topic: https://lists.openembedded.org/mt/76986964/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH][dunfell 1/2] xserver-xorg: fix CVE-2020-14346/14361/14362
From: Chee Yang Lee
fix :
CVE-2020-14346
https://gitlab.freedesktop.org/xorg/xserver/-/commit/c940cc8b6c0a2983c1ec974f1b3f019795dd4cff
CVE-2020-14361
https://gitlab.freedesktop.org/xorg/xserver/-/commit/144849ea27230962227e62a943b399e2ab304787
CVE-2020-14362
https://gitlab.freedesktop.org/xorg/xserver/-/commit/2902b78535ecc6821cc027351818b28a5c7fdbdc
Signed-off-by: Chee Yang Lee
---
.../xserver-xorg/CVE-2020-14346.patch | 36 ++
.../xserver-xorg/CVE-2020-14361.patch | 36 ++
.../xserver-xorg/CVE-2020-14362.patch | 70 +++
.../xorg-xserver/xserver-xorg_1.20.8.bb | 3 +
4 files changed, 145 insertions(+)
create mode 100644
meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14346.patch
create mode 100644
meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14361.patch
create mode 100644
meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14362.patch
diff --git
a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14346.patch
b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14346.patch
new file mode 100644
index 00..4994a21d33
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14346.patch
@@ -0,0 +1,36 @@
+From c940cc8b6c0a2983c1ec974f1b3f019795dd4cff Mon Sep 17 00:00:00 2001
+From: Matthieu Herrb
+Date: Tue, 18 Aug 2020 14:49:04 +0200
+Subject: [PATCH] Fix XIChangeHierarchy() integer underflow
+
+CVE-2020-14346 / ZDI-CAN-11429
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Matthieu Herrb
+
+Upstream-Status: Backport
+[https://gitlab.freedesktop.org/xorg/xserver/-/commit/c940cc8b6c0a2983c1ec974f1b3f019795dd4cff]
+CVE: CVE-2020-14346
+Signed-off-by: Chee Yang Lee
+---
+ Xi/xichangehierarchy.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Xi/xichangehierarchy.c b/Xi/xichangehierarchy.c
+index cbdd91258..504defe56 100644
+--- a/Xi/xichangehierarchy.c
b/Xi/xichangehierarchy.c
+@@ -423,7 +423,7 @@ ProcXIChangeHierarchy(ClientPtr client)
+ if (!stuff->num_changes)
+ return rc;
+
+-len = ((size_t)stuff->length << 2) - sizeof(xXIChangeHierarchyReq);
++len = ((size_t)client->req_len << 2) - sizeof(xXIChangeHierarchyReq);
+
+ any = (xXIAnyHierarchyChangeInfo *) [1];
+ while (stuff->num_changes--) {
+--
+2.17.1
+
diff --git
a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14361.patch
b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14361.patch
new file mode 100644
index 00..710cc3873c
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14361.patch
@@ -0,0 +1,36 @@
+From 144849ea27230962227e62a943b399e2ab304787 Mon Sep 17 00:00:00 2001
+From: Matthieu Herrb
+Date: Tue, 18 Aug 2020 14:52:29 +0200
+Subject: [PATCH] Fix XkbSelectEvents() integer underflow
+
+CVE-2020-14361 ZDI-CAN 11573
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Matthieu Herrb
+
+Upstream-Status: Backport
+[https://gitlab.freedesktop.org/xorg/xserver/-/commit/144849ea27230962227e62a943b399e2ab304787]
+CVE: CVE-2020-14361
+Signed-off-by: Chee Yang Lee
+---
+ xkb/xkbSwap.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/xkb/xkbSwap.c b/xkb/xkbSwap.c
+index 1c1ed5ff4..50cabb90e 100644
+--- a/xkb/xkbSwap.c
b/xkb/xkbSwap.c
+@@ -76,7 +76,7 @@ SProcXkbSelectEvents(ClientPtr client)
+ register unsigned bit, ndx, maskLeft, dataLeft, size;
+
+ from.c8 = (CARD8 *) [1];
+-dataLeft = (stuff->length * 4) - SIZEOF(xkbSelectEventsReq);
++dataLeft = (client->req_len * 4) - SIZEOF(xkbSelectEventsReq);
+ maskLeft = (stuff->affectWhich & (~XkbMapNotifyMask));
+ for (ndx = 0, bit = 1; (maskLeft != 0); ndx++, bit <<= 1) {
+ if (((bit & maskLeft) == 0) || (ndx == XkbMapNotify))
+--
+2.17.1
+
diff --git
a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14362.patch
b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14362.patch
new file mode 100644
index 00..2103e9c198
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14362.patch
@@ -0,0 +1,70 @@
+From 2902b78535ecc6821cc027351818b28a5c7fdbdc Mon Sep 17 00:00:00 2001
+From: Matthieu Herrb
+Date: Tue, 18 Aug 2020 14:55:01 +0200
+Subject: [PATCH] Fix XRecordRegisterClients() Integer underflow
+
+CVE-2020-14362 ZDI-CAN-11574
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Matthieu Herrb
+
+Upstream-Status: Backport
+[https://gitlab.freedesktop.org/xorg/xserver/-/commit/2902b78535ecc6821cc027351818b28a5c7fdbdc]
+CVE: CVE-2020-14362
+Signed-off-by: Chee Yang Lee
+---
+ record/record.c | 10 +-
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/record/record.c b/record/record.c
+index
Re: [OE-core][dunfell 23/25] kernel.bbclass: run do_symlink_kernsrc before do_patch
On 16/09/2020 17.18, Steve Sakoman wrote:
> Since there is an upcoming dunfell release and we don't have a fix for
> this issue I am going to revert this patch.
>
> When it is fixed in master I will reconsider taking this patch and the
> fix for dunfell.
Sorry for not seeing this sooner, and for the bug in the first place.
However, looking into externalsrc.bbclass, isn't the bug there,
considering the "if we delete do_patch, do_unpack doesn't run" fixup
done - kernel-yocto.bbclass has a similar fixup for do_kernel_configme.
Why doesn't that class just set [noexec]=1 instead of deleting the tasks
outright, killing all those random fixups?
But if that's too invasive, I suppose just ordering the symlink task
before both patch and configure should work, i.e.
--- a/meta/classes/kernel.bbclass
+++ b/meta/classes/kernel.bbclass
@@ -172,7 +172,7 @@ python do_symlink_kernsrc () {
shutil.move(s, kernsrc)
os.symlink(kernsrc, s)
}
-addtask symlink_kernsrc before do_patch after do_unpack
+addtask symlink_kernsrc before do_patch do_configure after do_unpack
inherit kernel-arch deploy
Rasmus
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#142672):
https://lists.openembedded.org/g/openembedded-core/message/142672
Mute This Topic: https://lists.openembedded.org/mt/76518932/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH v2] bind: remove -r option for rndc-confgen
From: Mingli Yu
The named service fail to start as below:
# systemctl status named.service
named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor preset:
enabled)
Active: failed (Result: exit-code) since Wed 2020-09-16 06:07:49 UTC; 9s
ago
Process: 134206 ExecStartPre=/usr/sbin/generate-rndc-key.sh (code=exited,
status=1/FAILURE)
Sep 16 06:07:49 intel-x86-64 systemd[1]: Starting Berkeley Internet Name Domain
(DNS)...
Sep 16 06:07:49 intel-x86-64 generate-rndc-key.sh[134206]: Generating
/etc/bind/rndc.key:
Sep 16 06:07:49 intel-x86-64 generate-rndc-key.sh[134207]: rndc-confgen: The -r
option has been deprecated.
Sep 16 06:07:49 intel-x86-64 generate-rndc-key.sh[134208]: chown: cannot access
'/etc/bind/rndc.key': No such file or directory
Sep 16 06:07:49 intel-x86-64 generate-rndc-key.sh[134209]: chmod: cannot access
'/etc/bind/rndc.key': No such file or directory
Sep 16 06:07:49 intel-x86-64 systemd[1]: named.service: Control process exited,
code=exited, status=1/FAILURE
Sep 16 06:07:49 intel-x86-64 systemd[1]: named.service: Failed with result
'exit-code'.
Sep 16 06:07:49 intel-x86-64 systemd[1]: Failed to start Berkeley Internet Name
Domain (DNS).
It is because fail to execute "/usr/sbin/generate-rndc-key.sh" as
-r is deprecated since bind 9.13.x and the random function changes
in [1], so remove -r option to fix the above issue.
DNSSEC validation is now active by default after bind upgrade to 9.16.x,
but it is not in 9.11.x. So disable DNSSEC validation explicitly to
silence below message.
Sep 18 03:21:37 intel-x86-64 named[23272]: managed-keys-zone: Unable to fetch
DNSKEY set '.': timed out
[1]:
https://gitlab.isc.org/isc-projects/bind9/-/commit/3a4f820d625c214cfb21f5e6d18ce9160d2a193b
Signed-off-by: Mingli Yu
---
meta/recipes-connectivity/bind/bind-9.16.5/generate-rndc-key.sh | 2 +-
meta/recipes-connectivity/bind/bind_9.16.5.bb | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-connectivity/bind/bind-9.16.5/generate-rndc-key.sh
b/meta/recipes-connectivity/bind/bind-9.16.5/generate-rndc-key.sh
index ef915c0ae5..633e29c0e6 100644
--- a/meta/recipes-connectivity/bind/bind-9.16.5/generate-rndc-key.sh
+++ b/meta/recipes-connectivity/bind/bind-9.16.5/generate-rndc-key.sh
@@ -2,7 +2,7 @@
if [ ! -s /etc/bind/rndc.key ]; then
echo -n "Generating /etc/bind/rndc.key:"
-/usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom
+/usr/sbin/rndc-confgen -a -b 512
chown root:bind /etc/bind/rndc.key
chmod 0640 /etc/bind/rndc.key
fi
diff --git a/meta/recipes-connectivity/bind/bind_9.16.5.bb
b/meta/recipes-connectivity/bind/bind_9.16.5.bb
index 103192490a..eb263c2eda 100644
--- a/meta/recipes-connectivity/bind/bind_9.16.5.bb
+++ b/meta/recipes-connectivity/bind/bind_9.16.5.bb
@@ -34,7 +34,7 @@ PACKAGECONFIG[readline] =
"--with-readline=-lreadline,,readline"
PACKAGECONFIG[libedit] = "--with-readline=-ledit,,libedit"
PACKAGECONFIG[python3] = "--with-python=yes
--with-python-install-dir=${PYTHON_SITEPACKAGES_DIR} , --without-python,
python3-ply-native,"
-EXTRA_OECONF = " --with-libtool --disable-devpoll --enable-epoll \
+EXTRA_OECONF = " --with-libtool --disable-devpoll --disable-auto-validation
--enable-epoll \
--with-gssapi=no --with-lmdb=no --with-zlib \
--sysconfdir=${sysconfdir}/bind \
--with-openssl=${STAGING_DIR_HOST}${prefix} \
--
2.17.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#142671):
https://lists.openembedded.org/g/openembedded-core/message/142671
Mute This Topic: https://lists.openembedded.org/mt/76985510/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
