Re: [OE-core] [PATCH 12/21] libpam: update 1.5.2 -> 1.5.3
fails on musl/arm64
https://errors.yoctoproject.org/Errors/Details/711268/
On Sun, Jun 25, 2023 at 2:23 PM Alexander Kanavin
wrote:
>
> Signed-off-by: Alexander Kanavin
> ---
> ...rely-on-all-filesystems-providing-a-.patch | 108 -
> ...-xtests.sh-check-whether-files-exist.patch | 65 --
> .../pam/libpam/CVE-2022-28321-0002.patch | 205 --
> .../pam/{libpam_1.5.2.bb => libpam_1.5.3.bb} | 5 +-
> 4 files changed, 1 insertion(+), 382 deletions(-)
> delete mode 100644
> meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch
> delete mode 100644
> meta/recipes-extended/pam/libpam/0001-run-xtests.sh-check-whether-files-exist.patch
> delete mode 100644 meta/recipes-extended/pam/libpam/CVE-2022-28321-0002.patch
> rename meta/recipes-extended/pam/{libpam_1.5.2.bb => libpam_1.5.3.bb} (95%)
>
> diff --git
> a/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch
>
> b/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch
> deleted file mode 100644
> index 94dcb04f0aa..000
> ---
> a/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch
> +++ /dev/null
> @@ -1,108 +0,0 @@
> -From 42404548721c653317c911c83d885e2fc7fbca70 Mon Sep 17 00:00:00 2001
> -From: Per Jessen
> -Date: Fri, 22 Apr 2022 18:15:36 +0200
> -Subject: [PATCH] pam_motd: do not rely on all filesystems providing a
> filetype
> -
> -When using scandir() to look for MOTD files to display, we wrongly
> -relied on all filesystems providing a filetype. This is a fix to divert
> -to lstat() when we have no filetype. To maintain MT safety, it isn't
> -possible to use lstat() in the scandir() filter function, so all of the
> -filtering has been moved to an additional loop after scanning all the
> -motd dirs.
> -Also, remove superfluous alphasort from scandir(), we are doing
> -a qsort() later.
> -
> -Resolves: https://github.com/linux-pam/linux-pam/issues/455
> -
> -Upstream-Status: Backport
> [https://github.com/linux-pam/linux-pam/commit/42404548721c653317c911c83d885e2fc7fbca70]
> -
> -Signed-off-by: Per Jessen
> -Signed-off-by: Zhixiong Chi
>
> - modules/pam_motd/pam_motd.c | 49 ++---
> - 1 file changed, 40 insertions(+), 9 deletions(-)
> -
> -diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c
> -index 6ac8cba2..5ca486e4 100644
> a/modules/pam_motd/pam_motd.c
> -+++ b/modules/pam_motd/pam_motd.c
> -@@ -166,11 +166,6 @@ static int compare_strings(const void *a, const void *b)
> - }
> - }
> -
> --static int filter_dirents(const struct dirent *d)
> --{
> --return (d->d_type == DT_REG || d->d_type == DT_LNK);
> --}
> --
> - static void try_to_display_directories_with_overrides(pam_handle_t *pamh,
> - char **motd_dir_path_split, unsigned int num_motd_dirs, int
> report_missing)
> - {
> -@@ -199,8 +194,7 @@ static void
> try_to_display_directories_with_overrides(pam_handle_t *pamh,
> -
> - for (i = 0; i < num_motd_dirs; i++) {
> - int rv;
> -- rv = scandir(motd_dir_path_split[i], &(dirscans[i]),
> -- filter_dirents, alphasort);
> -+ rv = scandir(motd_dir_path_split[i], &(dirscans[i]), NULL, NULL);
> - if (rv < 0) {
> - if (errno != ENOENT || report_missing) {
> - pam_syslog(pamh, LOG_ERR, "error scanning directory %s: %m",
> -@@ -215,6 +209,41 @@ static void
> try_to_display_directories_with_overrides(pam_handle_t *pamh,
> - if (dirscans_size_total == 0)
> - goto out;
> -
> -+/* filter out unwanted names, directories, and complement data with
> lstat() */
> -+for (i = 0; i < num_motd_dirs; i++) {
> -+ struct dirent **d = dirscans[i];
> -+ for (unsigned int j = 0; j < dirscans_sizes[i]; j++) {
> -+ int rc;
> -+ char *fullpath;
> -+ struct stat s;
> -+
> -+ switch(d[j]->d_type) {/* the filetype determines how to
> proceed */
> -+ case DT_REG: /* regular files and */
> -+ case DT_LNK: /* symlinks */
> -+ continue; /* are good. */
> -+ case DT_UNKNOWN: /* for file systems that do not provide */
> -+ /* a filetype, we use lstat() */
> -+ if (join_dir_strings(, motd_dir_path_split[i],
> -+ d[j]->d_name) <= 0)
> -+ break;
> -+ rc = lstat(fullpath, );
> -+ _pam_drop(fullpath); /* free the memory alloc'ed by
> join_dir_strings */
> -+ if (rc != 0) /* if the lstat() somehow failed */
> -+ break;
> -+
> -+ if (S_ISREG(s.st_mode) || /* regular files and */
> -+ S_ISLNK(s.st_mode)) continue; /* symlinks are good */
> -+
Re: [OE-core] [PATCH] kernel-module-split add systemd modulesloaddir and modprobedir config
Hi,
Forgot the colon in "kernel-module-split:"
is it necessary to send a v2 for this?
Jose
Jose Quaresma escreveu no dia sexta, 30/06/2023
à(s) 16:49:
> Signed-off-by: Jose Quaresma
> ---
> meta/classes-recipe/kernel-module-split.bbclass | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/meta/classes-recipe/kernel-module-split.bbclass
> b/meta/classes-recipe/kernel-module-split.bbclass
> index 0e4f9a6ec3..c1208d55e0 100644
> --- a/meta/classes-recipe/kernel-module-split.bbclass
> +++ b/meta/classes-recipe/kernel-module-split.bbclass
> @@ -30,8 +30,8 @@ fi
>
> PACKAGE_WRITE_DEPS += "kmod-native depmodwrapper-cross"
>
> -modulesloaddir ??= "${sysconfdir}/modules-load.d"
> -modprobedir ??= "${sysconfdir}/modprobe.d"
> +modulesloaddir ??= "${@bb.utils.contains('DISTRO_FEATURES', 'systemd',
> '${nonarch_libdir}', '${sysconfdir}', d)}/modules-load.d"
> +modprobedir ??= "${@bb.utils.contains('DISTRO_FEATURES', 'systemd',
> '${nonarch_base_libdir}', '${sysconfdir}', d)}/modprobe.d"
>
> KERNEL_SPLIT_MODULES ?= "1"
> PACKAGESPLITFUNCS =+ "split_kernel_module_packages"
> --
> 2.34.1
>
>
--
Best regards,
José Quaresma
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#183705):
https://lists.openembedded.org/g/openembedded-core/message/183705
Mute This Topic: https://lists.openembedded.org/mt/99875687/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] kernel-module-split add systemd modulesloaddir and modprobedir config
Signed-off-by: Jose Quaresma
---
meta/classes-recipe/kernel-module-split.bbclass | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/classes-recipe/kernel-module-split.bbclass
b/meta/classes-recipe/kernel-module-split.bbclass
index 0e4f9a6ec3..c1208d55e0 100644
--- a/meta/classes-recipe/kernel-module-split.bbclass
+++ b/meta/classes-recipe/kernel-module-split.bbclass
@@ -30,8 +30,8 @@ fi
PACKAGE_WRITE_DEPS += "kmod-native depmodwrapper-cross"
-modulesloaddir ??= "${sysconfdir}/modules-load.d"
-modprobedir ??= "${sysconfdir}/modprobe.d"
+modulesloaddir ??= "${@bb.utils.contains('DISTRO_FEATURES', 'systemd',
'${nonarch_libdir}', '${sysconfdir}', d)}/modules-load.d"
+modprobedir ??= "${@bb.utils.contains('DISTRO_FEATURES', 'systemd',
'${nonarch_base_libdir}', '${sysconfdir}', d)}/modprobe.d"
KERNEL_SPLIT_MODULES ?= "1"
PACKAGESPLITFUNCS =+ "split_kernel_module_packages"
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#183704):
https://lists.openembedded.org/g/openembedded-core/message/183704
Mute This Topic: https://lists.openembedded.org/mt/99875687/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] libssh2: disable rpath to fix curl-native build
When curl is built with PACKAGECONFIG:append = " libssh2", the build fails
with the error:
gcc: error: unrecognized command-line option '-R'
It was trying to set the rpath for libssh2.
Signed-off-by: Sudip Mukherjee
---
meta/recipes-support/libssh2/libssh2_1.11.0.bb | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/recipes-support/libssh2/libssh2_1.11.0.bb
b/meta/recipes-support/libssh2/libssh2_1.11.0.bb
index 711bf937f5..edc25db1b1 100644
--- a/meta/recipes-support/libssh2/libssh2_1.11.0.bb
+++ b/meta/recipes-support/libssh2/libssh2_1.11.0.bb
@@ -18,6 +18,7 @@ inherit autotools pkgconfig ptest
EXTRA_OECONF += "\
--with-libz \
--with-libz-prefix=${STAGING_LIBDIR} \
+ --disable-rpath \
"
DISABLE_STATIC = ""
--
2.30.2
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#183703):
https://lists.openembedded.org/g/openembedded-core/message/183703
Mute This Topic: https://lists.openembedded.org/mt/99875373/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [mickledore][PATCH 2/2] rootfs-postcommands.bbclass: add post func remove_unused_dnf_log_lock
On Fri, Jun 30, 2023 at 4:57 AM Richard Purdie wrote: > > On Fri, 2023-06-30 at 04:21 -1000, Steve Sakoman wrote: > > Is this also a problem in master, or is it mickledore specific? > > The same patches have been proposed for master with an "instant" > backport requested. I really don't like this model of development as I > have my doubts about how extensively they've been tested in one or the > other. I typically don't do "instant" backports. If a patch is proposed for both master and a stable branch I wait till it is accepted into master. Then I give it a week or two before backporting to see if any issues develop in master -- if I remember in the midst of all the other patch wrangling for multiple stable branches! I much prefer that people submit to master first, then when it is accepted send a backport patch for the appropriate stable branches. Sending all the branches at once just increases the risk that the backports get forgotten! Steve > I'm also not convinced the patches explain the issue properly or why > things should be fixed as proposed. I think at the very least the > commit messages need to better explain the issues. > > Cheers, > > Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#183702): https://lists.openembedded.org/g/openembedded-core/message/183702 Mute This Topic: https://lists.openembedded.org/mt/99869175/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [master][PATCH 2/2] rootfs-postcommands.bbclass: add post func remove_unused_dnf_log_lock
On Fri, 30 Jun 2023 at 11:14, Changqing Li wrote: > Remove log_lock.pid which maybe created during do_rootfs. In commit > [dnf: only write the log lock to root for native dnf], > native dnf changed to write log lock to root, and target dnf still > use /var/log, so log_lock.pid need to be removed post do_rootfs. This is not making clear why the file needs to be removed. What problems occur if it is left in place? Is it supposed to be added, then removed by dnf during do_rootfs, and if this doesn't happen, is that a problem with dnf that needs to be fixed, rather than removing the file manually after the fact? Alex -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#183701): https://lists.openembedded.org/g/openembedded-core/message/183701 Mute This Topic: https://lists.openembedded.org/mt/99869451/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH v2] kernel.bbclass: hoist up "unset S" bbfatal from kernel-yocto.bbclass to kernel.bbclass
Hello,
This caused the following failures on the AB:
stdio: ERROR: linux-yocto-6.1.35+gitAUTOINC+b358c237cf_915f4d2237-r0
do_symlink_kernsrc: S is not set to the linux source directory. Check the
recipe and set S to the proper extracted subdirectory.
stdio: ERROR: Logfile of failure stored in:
/home/pokybuild/yocto-worker/qemuarm/build/build/tmp/work/qemuarm-poky-linux-gnueabi/linux-yocto/6.1.35+gitAUTOINC+b358c237cf_915f4d2237-r0/temp/log.do_symlink_kernsrc.3914759
stdio: ERROR: Task
(/home/pokybuild/yocto-worker/qemuarm/build/meta/recipes-kernel/linux/linux-yocto_6.1.bb:do_symlink_kernsrc)
failed with exit code '1'
stdio: ERROR: Command . ./oe-init-build-env; bitbake core-image-sato
core-image-sato-sdk core-image-minimal core-image-minimal-dev
core-image-sato:do_populate_sdk -k failed with exit code 1, see errors above.
(1687981572.9: 11986.3)
On 26/06/2023 15:50:24+0200, Luca Ceresoli via lists.openembedded.org wrote:
> From: Luca Ceresoli
>
> Writing a simple recipe that inherits kernel.bbclass and downloads a kernel
> tarball (e.g. a mainline release from kernel.org) via http or ftp fails
> with either:
>
> ERROR: linux-acme-6.3.3-r0 do_configure: oe_runmake failed
> ...
> | make: *** No rule to make target 'oldnoconfig'. Stop.
>
> or (seen on a different setup, based on kirkstone):
>
> ... do_populate_lic: QA Issue: ... LIC_FILES_CHKSUM points to an invalid
> file: .../work-shared/.../kernel-source/COPYING [license-checksum]
>
> This happens when not setting S in the recipe. In this case, kernel.bbclass
> sets it to ${STAGING_KERNEL_DIR}
> (${TMPDIR}/work-shared/${MACHINE}/kernel-source). This means that in
> do_symlink_kernsrc(), the 'if s != kernsrc' never triggers and thus the
> kernel tree will not be moved into work-shared, which results in an empty
> work-shared/.../kernel-source directory.
>
> Setting S in recipes is usually not required when downloading a tarball, so
> it is not obvious here and the error message does not point to the problem
> or its solution.
>
> There is such a check in kernel-yocto.bbclass though. Move it to
> kernel.bbclass so that even kernel recipes not based on kernel-yocto can
> benefit from it.
>
> The check is moved:
>
> - from the beginning of do_kernel_checkout() in kernel-yocto
> - to the end of do_symlink_kernsrc() in kernel.bbclass
>
> and since do_kernel_checkout is executed 'after do_symlink_kernsrc', the
> code flow does not change in a relevant way when using linux-yocto.
>
> As an additional benefit, the check is now taking place both when
> downloading a tarball and when downloading from git, so even when using git
> the recipe writer will be presented the explanatory error message.
>
> Signed-off-by: Luca Ceresoli
>
> ---
>
> Changed in v2:
> - don't check for WORKDIR/git dir existence (Suggested by Richard)
> ---
> meta/classes-recipe/kernel-yocto.bbclass | 8
> meta/classes-recipe/kernel.bbclass | 6 ++
> 2 files changed, 6 insertions(+), 8 deletions(-)
>
> diff --git a/meta/classes-recipe/kernel-yocto.bbclass
> b/meta/classes-recipe/kernel-yocto.bbclass
> index 4ac977b12207..3f2ce17aeb88 100644
> --- a/meta/classes-recipe/kernel-yocto.bbclass
> +++ b/meta/classes-recipe/kernel-yocto.bbclass
> @@ -394,16 +394,8 @@ do_kernel_checkout() {
> # case: we have no git repository at all.
> # To support low bandwidth options for building the kernel,
> we'll just
> # convert the tree to a git repo and let the rest of the
> process work unchanged
> -
> - # if ${S} hasn't been set to the proper subdirectory a default
> of "linux" is
> - # used, but we can't initialize that empty directory. So check
> it and throw a
> - # clear error
>
> cd ${S}
> - if [ ! -f "Makefile" ]; then
> - bberror "S is not set to the linux source directory.
> Check "
> - bbfatal "the recipe and set S to the proper extracted
> subdirectory"
> - fi
> rm -f .gitignore
> git init
> check_git_config
> diff --git a/meta/classes-recipe/kernel.bbclass
> b/meta/classes-recipe/kernel.bbclass
> index e82b696d1a14..75f43cb1134e 100644
> --- a/meta/classes-recipe/kernel.bbclass
> +++ b/meta/classes-recipe/kernel.bbclass
> @@ -195,6 +195,12 @@ python do_symlink_kernsrc () {
> import shutil
> shutil.move(s, kernsrc)
> os.symlink(kernsrc, s)
> +
> +# Setting S is required with this class when fetching a tarball because
> +# we cannot figure out automatically the extracted directory name. The
> +# check is beneficial even when using git so don't check for git here.
> +if not os.path.exists(os.path.join(s, "Makefile")):
> +bb.fatal("S is not set to the linux source directory. Check the
> recipe and set S to the proper extracted subdirectory.")
> }
> #
Re: [OE-core] [mickledore][PATCH 2/2] rootfs-postcommands.bbclass: add post func remove_unused_dnf_log_lock
On Fri, 2023-06-30 at 04:21 -1000, Steve Sakoman wrote: > Is this also a problem in master, or is it mickledore specific? The same patches have been proposed for master with an "instant" backport requested. I really don't like this model of development as I have my doubts about how extensively they've been tested in one or the other. I'm also not convinced the patches explain the issue properly or why things should be fixed as proposed. I think at the very least the commit messages need to better explain the issues. Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#183699): https://lists.openembedded.org/g/openembedded-core/message/183699 Mute This Topic: https://lists.openembedded.org/mt/99869175/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe-core][mickledore][PATCH 1/1] perl: Fix CVE-2023-31484 & CVE-2023-31486
CPAN.pm before 2.35 does not verify TLS certificates when downloading
distributions over HTTPS.
HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and
available standalone on CPAN, has an insecure default TLS
configuration where users must opt in to verify certificates.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-31484
https://nvd.nist.gov/vuln/detail/CVE-2023-31486
Upstream patches:
https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0
https://github.com/chansen/p5-http-tiny/commit/77f557ef84698efeb6eed04e4a9704eaf85b741d
https://github.com/chansen/p5-http-tiny/commit/a22785783b17cbaa28afaee4a024d81a1903701d
Signed-off-by: Soumya
---
.../perl/files/CVE-2023-31484.patch | 29 +++
.../perl/files/CVE-2023-31486-0001.patch | 217 ++
.../perl/files/CVE-2023-31486-0002.patch | 30 +++
meta/recipes-devtools/perl/perl_5.36.0.bb | 3 +
4 files changed, 279 insertions(+)
create mode 100644 meta/recipes-devtools/perl/files/CVE-2023-31484.patch
create mode 100644 meta/recipes-devtools/perl/files/CVE-2023-31486-0001.patch
create mode 100644 meta/recipes-devtools/perl/files/CVE-2023-31486-0002.patch
diff --git a/meta/recipes-devtools/perl/files/CVE-2023-31484.patch
b/meta/recipes-devtools/perl/files/CVE-2023-31484.patch
new file mode 100644
index 00..1f7cbd0da1
--- /dev/null
+++ b/meta/recipes-devtools/perl/files/CVE-2023-31484.patch
@@ -0,0 +1,29 @@
+From a625ec2cc3a0b6116c1f8b831d3480deb621c245 Mon Sep 17 00:00:00 2001
+From: Stig Palmquist
+Date: Tue, 28 Feb 2023 11:54:06 +0100
+Subject: [PATCH] Add verify_SSL=>1 to HTTP::Tiny to verify https server
+ identity
+
+Upstream-Status: Backport
[https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0]
+
+CVE: CVE-2023-31484
+
+Signed-off-by: Soumya
+---
+ cpan/CPAN/lib/CPAN/HTTP/Client.pm | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/cpan/CPAN/lib/CPAN/HTTP/Client.pm
b/cpan/CPAN/lib/CPAN/HTTP/Client.pm
+index 4fc792c..a616fee 100644
+--- a/cpan/CPAN/lib/CPAN/HTTP/Client.pm
b/cpan/CPAN/lib/CPAN/HTTP/Client.pm
+@@ -32,6 +32,7 @@ sub mirror {
+
+ my $want_proxy = $self->_want_proxy($uri);
+ my $http = HTTP::Tiny->new(
++verify_SSL => 1,
+ $want_proxy ? (proxy => $self->{proxy}) : ()
+ );
+
+--
+2.40.0
diff --git a/meta/recipes-devtools/perl/files/CVE-2023-31486-0001.patch
b/meta/recipes-devtools/perl/files/CVE-2023-31486-0001.patch
new file mode 100644
index 00..e2a2216a0d
--- /dev/null
+++ b/meta/recipes-devtools/perl/files/CVE-2023-31486-0001.patch
@@ -0,0 +1,217 @@
+From e1ca8defeff496000fc96600ebfca7250065c1f1 Mon Sep 17 00:00:00 2001
+From: Stig Palmquist
+Date: Thu, 29 Jun 2023 14:36:05 +
+Subject: [PATCH] Change verify_SSL default to 1, add ENV var to enable
+ insecure default
+
+- Changes the `verify_SSL` default parameter from `0` to `1`
+
+ Based on patch by Dominic Hargreaves:
+
https://salsa.debian.org/perl-team/interpreter/perl/-/commit/1490431e40e22052f75a0b3449f1f53cbd27ba92
+
+ Fixes CVE-2023-31486
+
+- Add check for `$ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT}` that
+ enables the previous insecure default behaviour if set to `1`.
+
+ This provides a workaround for users who encounter problems with the
+ new `verify_SSL` default.
+
+ Example to disable certificate checks:
+ ```
+$ PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=1 ./script.pl
+ ```
+
+- Updates to documentation:
+ - Describe changing the verify_SSL value
+ - Describe the escape-hatch environment variable
+ - Remove rationale for not enabling verify_SSL
+ - Add missing certificate search paths
+ - Replace "SSL" with "TLS/SSL" where appropriate
+ - Use "machine-in-the-middle" instead of "man-in-the-middle"
+
+Upstream-Status: Backport
[https://github.com/chansen/p5-http-tiny/commit/77f557ef84698efeb6eed04e4a9704eaf85b741d]
+
+Signed-off-by: Soumya
+---
+ cpan/HTTP-Tiny/lib/HTTP/Tiny.pm | 86 ++---
+ 1 file changed, 57 insertions(+), 29 deletions(-)
+
+diff --git a/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm b/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm
+index 83ca06d..5f6ced8 100644
+--- a/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm
b/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm
+@@ -40,10 +40,14 @@ sub _croak { require Carp; Carp::croak(@_) }
+ #pod * C ??? Request timeout in seconds (default is 60) If a socket
open,
+ #pod read or write takes longer than the timeout, the request response
status code
+ #pod will be 599.
+-#pod * C ??? A boolean that indicates whether to validate the SSL
+-#pod certificate of an C ??? connection (default is false)
++#pod * C ??? A boolean that indicates whether to validate the
TLS/SSL
++#pod certificate of an C ??? connection (default is true). Changed
from false
++#pod to true in version 0.083.
+ #pod * C ??? A hashref of C ??? options to pass through to
+ #pod L
++#pod * C<$ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT}> - Changes the default
++#pod certificate
Re: [OE-core] [mickledore][PATCH 2/2] rootfs-postcommands.bbclass: add post func remove_unused_dnf_log_lock
Is this also a problem in master, or is it mickledore specific?
Steve
On Thu, Jun 29, 2023 at 10:32 PM Changqing Li
wrote:
>
> From: Changqing Li
>
> Remove log_lock.pid which maybe created during do_rootfs. In commit
> [dnf: only write the log lock to root for native dnf],
> native dnf changed to write log lock to root, and target dnf still
> use /var/log, so log_lock.pid need to be removed post do_rootfs.
>
> Signed-off-by: Changqing Li
> ---
> meta/classes-recipe/rootfs-postcommands.bbclass | 7 +++
> 1 file changed, 7 insertions(+)
>
> diff --git a/meta/classes-recipe/rootfs-postcommands.bbclass
> b/meta/classes-recipe/rootfs-postcommands.bbclass
> index 690fa976aa..7538c8b0b5 100644
> --- a/meta/classes-recipe/rootfs-postcommands.bbclass
> +++ b/meta/classes-recipe/rootfs-postcommands.bbclass
> @@ -49,6 +49,8 @@ ROOTFS_POSTPROCESS_COMMAND += 'empty_var_volatile;'
>
> ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains("DISTRO_FEATURES",
> "overlayfs", "overlayfs_qa_check; overlayfs_postprocess;", "", d)}'
>
> +ROOTFS_POSTPROCESS_COMMAND += 'remove_unused_dnf_log_lock;'
> +
> inherit image-artifact-names
>
> # Sort the user and group entries in /etc by ID in order to make the content
> @@ -276,6 +278,11 @@ empty_var_volatile () {
> fi
> }
>
> +remove_unused_dnf_log_lock() {
> + if [ -e ${IMAGE_ROOTFS}/log_lock.pid ]; then
> + rm -rf ${IMAGE_ROOTFS}/log_lock.pid
> + fi
> +}
> # Turn any symbolic /sbin/init link into a file
> remove_init_link () {
> if [ -h ${IMAGE_ROOTFS}/sbin/init ]; then
> --
> 2.35.5
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#183697):
https://lists.openembedded.org/g/openembedded-core/message/183697
Mute This Topic: https://lists.openembedded.org/mt/99869175/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] mdadm: re-add mdadm-ptest to PTESTS_SLOW
From: Ovidiu Panait
The ptest problems reported in e21021dc00ec ("mdadm: drop from PTESTS_SLOW")
should now be fixed, so mdadm can be added back to PTESTS_SLOW (a qemux86-64
test run takes about ~12 minutes to execute with kvm).
root@qemux86-64:~# ptest-runner mdadm
START: ptest-runner
2023-06-30T08:25
BEGIN: /usr/lib/mdadm/ptest
PASS: /usr/lib/mdadm/ptest/tests/00linear
PASS: /usr/lib/mdadm/ptest/tests/00multipath
...
PASS: /usr/lib/mdadm/ptest/tests/19repair-does-not-destroy
PASS: /usr/lib/mdadm/ptest/tests/20raid5journal
PASS: /usr/lib/mdadm/ptest/tests/21raid5cache
DURATION: 723
END: /usr/lib/mdadm/ptest
2023-06-30T09:16
STOP: ptest-runner
TOTAL: 1 FAIL: 0
For the testcases to run correctly, there must be enough rootfs space to create
13 loop devices. Similar to strace and lttng-tools, add a new
IMAGE_ROOTFS_EXTRA_SPACE entry for mdadm-ptest.
Signed-off-by: Ovidiu Panait
---
meta/conf/distro/include/ptest-packagelists.inc | 3 +--
meta/recipes-core/images/core-image-ptest.bb| 1 +
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/conf/distro/include/ptest-packagelists.inc
b/meta/conf/distro/include/ptest-packagelists.inc
index da9153b998..6250cf081e 100644
--- a/meta/conf/distro/include/ptest-packagelists.inc
+++ b/meta/conf/distro/include/ptest-packagelists.inc
@@ -99,6 +99,7 @@ PTESTS_SLOW = "\
libgcrypt \
libmodule-build-perl \
lttng-tools \
+mdadm \
openssh \
openssl \
parted \
@@ -122,7 +123,6 @@ PTESTS_PROBLEMS:append:x86 = " valgrind"
#rt-tests \ # Needs to be checked whether it runs at all
#bash \ # Test outcomes are non-deterministic by design
#ifupdown \ # Tested separately in lib/oeqa/selftest/cases/imagefeatures.py
-#mdadm \ # Tests rely on non-deterministic sleep() amounts
#libinput \ # Tests need an unloaded system to be reliable
#libpam \ # Needs pam DISTRO_FEATURE
#numactl \ # qemu not (yet) configured for numa; all tests are skipped
@@ -134,7 +134,6 @@ PTESTS_PROBLEMS = "\
rt-tests \
bash \
ifupdown \
-mdadm \
libinput \
libpam \
libseccomp \
diff --git a/meta/recipes-core/images/core-image-ptest.bb
b/meta/recipes-core/images/core-image-ptest.bb
index 90c26641ba..ddc56c8f9f 100644
--- a/meta/recipes-core/images/core-image-ptest.bb
+++ b/meta/recipes-core/images/core-image-ptest.bb
@@ -19,6 +19,7 @@ BBCLASSEXTEND = "${@' '.join(['mcextend:'+x for x in
d.getVar('PTESTS').split()]
# strace-ptest in particular needs more than 500MB
IMAGE_OVERHEAD_FACTOR = "1.0"
IMAGE_ROOTFS_EXTRA_SPACE = "324288"
+IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-mdadm = "1524288"
IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-strace = "1024288"
IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-lttng-tools = "1524288"
--
2.39.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#183696):
https://lists.openembedded.org/g/openembedded-core/message/183696
Mute This Topic: https://lists.openembedded.org/mt/99873178/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 2/3] libxcrypt: Limit to enabling strong hash algos only
Hello Khem,
This causes python ptest failures:
{'python3': ['test_crypt', 'test_methods', 'test_sha2_rounds']}
We should probably disable those
On 23/06/2023 22:32:21-0700, Khem Raj wrote:
> This ensures that weak algorithms are not included, which should improve
> the defauls to be more secure
>
> Signed-off-by: Khem Raj
> ---
> meta/recipes-core/libxcrypt/libxcrypt.inc | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/meta/recipes-core/libxcrypt/libxcrypt.inc
> b/meta/recipes-core/libxcrypt/libxcrypt.inc
> index 997e83fb004..db43a34b11d 100644
> --- a/meta/recipes-core/libxcrypt/libxcrypt.inc
> +++ b/meta/recipes-core/libxcrypt/libxcrypt.inc
> @@ -29,7 +29,7 @@ BUILD_CPPFLAGS = "-I${STAGING_INCDIR_NATIVE}"
> TARGET_CPPFLAGS = "-I${STAGING_DIR_TARGET}${includedir} -Wno-error"
> CPPFLAGS:append:class-nativesdk = " -Wno-error"
>
> -API = "--disable-obsolete-api"
> +API = "--disable-obsolete-api --enable-hashes=strong"
> EXTRA_OECONF += "${API}"
>
> BBCLASSEXTEND = "native nativesdk"
> --
> 2.41.0
>
>
>
>
--
Alexandre Belloni, co-owner and COO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#183695):
https://lists.openembedded.org/g/openembedded-core/message/183695
Mute This Topic: https://lists.openembedded.org/mt/99749300/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [meta-oe][PATCH v2] uninative-tarball.xz - reproducibility fix
added --clamp-mtime --mtime to the tar command
see:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=15148
Signed-off-by: Robert Berger
---
meta/classes-recipe/populate_sdk_base.bbclass | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/classes-recipe/populate_sdk_base.bbclass
b/meta/classes-recipe/populate_sdk_base.bbclass
index b23ea26d40..24db703534 100644
--- a/meta/classes-recipe/populate_sdk_base.bbclass
+++ b/meta/classes-recipe/populate_sdk_base.bbclass
@@ -285,7 +285,7 @@ python check_sdk_sysroots() {
dir_walk(SCAN_ROOT)
}
-SDKTAROPTS = "--owner=root --group=root"
+SDKTAROPTS = "--owner=root --group=root --clamp-mtime
--mtime=@${SOURCE_DATE_EPOCH}"
fakeroot archive_sdk() {
# Package it up
--
2.17.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#183694):
https://lists.openembedded.org/g/openembedded-core/message/183694
Mute This Topic: https://lists.openembedded.org/mt/99872409/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [qa-build-notification] QA notification for completed autobuilder build (yocto-4.0.11.rc1)
Hi All, QA for yocto-4.0.11.rc1 is completed. This is the full report for this release: https://git.yoctoproject.org/cgit/cgit.cgi/yocto-testresults-contrib/tree/?h=intel-yocto-testresults === Summary No high milestone defects. No new issue found. Thanks, Jing Hui > -Original Message- > From: qa-build-notificat...@lists.yoctoproject.org notificat...@lists.yoctoproject.org> On Behalf Of Pokybuild User > Sent: Saturday, June 24, 2023 3:08 AM > To: yo...@lists.yoctoproject.org > Cc: qa-build-notificat...@lists.yoctoproject.org > Subject: [qa-build-notification] QA notification for completed autobuilder > build (yocto-4.0.11.rc1) > > > A build flagged for QA (yocto-4.0.11.rc1) was completed on the autobuilder > and is available at: > > > https://autobuilder.yocto.io/pub/releases/yocto-4.0.11.rc1 > > > Build hash information: > > bitbake: 0c6f86b60cfba67c20733516957c0a654eb2b44c > meta-agl: 1b0cad77090b75fc040f9de5db06374203fe34c5 > meta-arm: 96aad3b29aa7a5ee4df5cf617a6336e5218fa9bd > meta-aws: 7c498bc8f0d51b9c2546b8f7e3347cc6e61d74ec > meta-gplv2: d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a > meta-intel: 7fab6b8f1a3030bc6d2f1cf48789599af3dc3e78 > meta-mingw: a90614a6498c3345704e9611f2842eb933dc51c1 > meta-openembedded: a82d92c8a6525da01524bf8f4a60bf6b35dcbb3d > meta-virtualization: b3b3dbc67504e8cd498d6db202ddcf5a9dd26a9d > oecore: 7949e786cf8e50f716ff1f1c4797136637205e0c > poky: fc697fe87412b9b179ae3a68d266ace85bb1fcc6 > > > > This is an automated message from the Yocto Project Autobuilder > Git: git://git.yoctoproject.org/yocto-autobuilder2 > Email: richard.pur...@linuxfoundation.org > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#183693): https://lists.openembedded.org/g/openembedded-core/message/183693 Mute This Topic: https://lists.openembedded.org/mt/99780177/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] Backport of libxcrypt fix to kirkstone branch
Hello, can you please cherry-pick / backport following commit to the kirkstone branch: "libxcrypt: fix hard-coded ".so" extension" ( 2639746ba7f8a651fffaa9819ef9d9df776108e3 in poky and 7ed6bfa2428b4f1ba7f09d6e9e67c462ff355153 in openembedded-core). It is needed to be able to build meta-darwin's kirkstone branch with the latest kirkstone branch of meta-clang. Thanks! -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#183692): https://lists.openembedded.org/g/openembedded-core/message/183692 Mute This Topic: https://lists.openembedded.org/mt/99870169/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 4/4] mdadm: skip running known broken ptests
On Fri, 30 Jun 2023 at 11:17, Ovidiu Panait wrote: > > Thanks for working on reenabling this. mdadm is currently taken out of > > ptest lists because > > #mdadm \ # Tests rely on non-deterministic sleep() amounts > > > > Is this resolved, and can we re-add mdadm to SLOW or FAST lists? > I did multiple test runs with a qemu-x86-64 image and kvm and the > results seem consistent - always ~12 min per run, no failures: > # ptest-runner mdadm > ... > PASS: /usr/lib/mdadm/ptest/tests/21raid5cache > DURATION: 724 > END: /usr/lib/mdadm/ptest > 2023-06-30T08:37 > STOP: ptest-runner > TOTAL: 1 FAIL: 0 > > I think mdadm-ptest can be added back to PTESTS_SLOW. Cool, can you make a patch for this please? Alex -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#183691): https://lists.openembedded.org/g/openembedded-core/message/183691 Mute This Topic: https://lists.openembedded.org/mt/99851485/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 4/4] mdadm: skip running known broken ptests
Hi Alex,
On 6/29/23 17:54, Alexander Kanavin wrote:
CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know
the content is safe.
Thanks for working on reenabling this. mdadm is currently taken out of
ptest lists because
#mdadm \ # Tests rely on non-deterministic sleep() amounts
Is this resolved, and can we re-add mdadm to SLOW or FAST lists?
I did multiple test runs with a qemu-x86-64 image and kvm and the
results seem consistent - always ~12 min per run, no failures:
# ptest-runner mdadm
...
PASS: /usr/lib/mdadm/ptest/tests/21raid5cache
DURATION: 724
END: /usr/lib/mdadm/ptest
2023-06-30T08:37
STOP: ptest-runner
TOTAL: 1 FAIL: 0
I think mdadm-ptest can be added back to PTESTS_SLOW.
Ovidiu
Alex
On Thu, 29 Jun 2023 at 16:19, Ovidiu Panait via lists.openembedded.org
wrote:
From: Ovidiu Panait
Upstream marked some testcases as "KNOWN BROKEN" and introduced the
"--skip-broken" flag to ignore them when running the testsuite (commits [1]
and [2]). Backport these two commits to get rid of the last remaining ptest
failures.
Also, add the "--skip-broken" option to the run-ptest script.
[1] https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=28520bf114b3
[2] https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=daa86d663476
Signed-off-by: Ovidiu Panait
---
...Mark-and-ignore-broken-test-failures.patch | 128 +
...dd-broken-files-for-all-broken-tests.patch | 454 ++
meta/recipes-extended/mdadm/files/run-ptest | 2 +-
meta/recipes-extended/mdadm/mdadm_4.2.bb | 2 +
4 files changed, 585 insertions(+), 1 deletion(-)
create mode 100644
meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch
create mode 100644
meta/recipes-extended/mdadm/files/0006-tests-Add-broken-files-for-all-broken-tests.patch
diff --git
a/meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch
b/meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch
new file mode 100644
index 00..c55bfb125b
--- /dev/null
+++
b/meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch
@@ -0,0 +1,128 @@
+From feab1f72fcf032a4d21d0a69eb61b23a5ddb3352 Mon Sep 17 00:00:00 2001
+From: Logan Gunthorpe
+Date: Wed, 22 Jun 2022 14:25:18 -0600
+Subject: [PATCH 5/6] mdadm/test: Mark and ignore broken test failures
+
+Add functionality to continue if a test marked as broken fails.
+
+To mark a test as broken, a file with the same name but with the suffix
+'.broken' should exist. The first line in the file will be printed with
+a KNOWN BROKEN message; the rest of the file can describe the how the
+test is broken.
+
+Also adds --skip-broken and --skip-always-broken to skip all the tests
+that have a .broken file or to skip all tests whose .broken file's first
+line contains the keyword always.
+
+Signed-off-by: Logan Gunthorpe
+Signed-off-by: Jes Sorensen
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=28520bf114b3
+
+[OP: adjusted context for mdadm-4.2]
+Signed-off-by: Ovidiu Panait
+---
+ test | 37 +++--
+ 1 file changed, 35 insertions(+), 2 deletions(-)
+
+diff --git a/test b/test
+index 8f189d9..ee8fba1 100755
+--- a/test
b/test
+@@ -10,6 +10,8 @@ devlist=
+
+ savelogs=0
+ exitonerror=1
++ctrl_c_error=0
++skipbroken=0
+ prefix='[0-9][0-9]'
+
+ # use loop devices by default if doesn't specify --dev
+@@ -35,6 +37,7 @@ die() {
+
+ ctrl_c() {
+ exitonerror=1
++ ctrl_c_error=1
+ }
+
+ # mdadm always adds --quiet, and we want to see any unexpected messages
+@@ -79,8 +82,21 @@ mdadm() {
+ do_test() {
+ _script=$1
+ _basename=`basename $_script`
++ _broken=0
++
+ if [ -f "$_script" ]
+ then
++ if [ -f "${_script}.broken" ]; then
++ _broken=1
++ _broken_msg=$(head -n1 "${_script}.broken" | tr -d '\n')
++ if [ "$skipbroken" == "all" ]; then
++ return
++ elif [ "$skipbroken" == "always" ] &&
++ [[ "$_broken_msg" == *always* ]]; then
++ return
++ fi
++ fi
++
+ rm -f $targetdir/stderr
+ # this might have been reset: restore the default.
+ echo 2000 > /proc/sys/dev/raid/speed_limit_max
+@@ -97,10 +113,15 @@ do_test() {
+ else
+ save_log fail
+ _fail=1
++ if [ "$_broken" == "1" ]; then
++ echo " (KNOWN BROKEN TEST: $_broken_msg)"
++ fi
+ fi
+ [ "$savelogs" == "1" ] &&
+ mv -f
[OE-core] [master][PATCH 1/2] dnf: only write the log lock to root for native dnf
From: Changqing Li >From commit 742a1b7124, log_lock.pid is writen to root, but following file is not changed, which will make it never deleted, and an unexpected file exist in root dir after boot target. $ tail -n 1 etc/tmpfiles.d/dnf.conf r /var/log/log_lock.pid Besides, root dir may be read-only, so it is better still keep the log_lock.pid under /var/log, only write the log lock to root for native dnf for fixing issue mentioned in 742a1b7124 Signed-off-by: Changqing Li --- meta/recipes-devtools/dnf/dnf_4.16.1.bb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/meta/recipes-devtools/dnf/dnf_4.16.1.bb b/meta/recipes-devtools/dnf/dnf_4.16.1.bb index ff79701dc7..9134411fa9 100644 --- a/meta/recipes-devtools/dnf/dnf_4.16.1.bb +++ b/meta/recipes-devtools/dnf/dnf_4.16.1.bb @@ -15,9 +15,10 @@ SRC_URI = "git://github.com/rpm-software-management/dnf.git;branch=master;protoc file://0029-Do-not-set-PYTHON_INSTALL_DIR-by-running-python.patch \ file://0030-Run-python-scripts-using-env.patch \ file://0001-set-python-path-for-completion_helper.patch \ - file://0001-dnf-write-the-log-lock-to-root.patch \ " +SRC_URI:append:class-native = "file://0001-dnf-write-the-log-lock-to-root.patch" + SRCREV = "94b7cc7956580405b219329541d6b40db6499cf1" UPSTREAM_CHECK_GITTAGREGEX = "(?P\d+(\.\d+)+)" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#183689): https://lists.openembedded.org/g/openembedded-core/message/183689 Mute This Topic: https://lists.openembedded.org/mt/99869452/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [master][PATCH 2/2] rootfs-postcommands.bbclass: add post func remove_unused_dnf_log_lock
From: Changqing Li
Remove log_lock.pid which maybe created during do_rootfs. In commit
[dnf: only write the log lock to root for native dnf],
native dnf changed to write log lock to root, and target dnf still
use /var/log, so log_lock.pid need to be removed post do_rootfs.
Signed-off-by: Changqing Li
---
meta/classes-recipe/rootfs-postcommands.bbclass | 7 +++
1 file changed, 7 insertions(+)
diff --git a/meta/classes-recipe/rootfs-postcommands.bbclass
b/meta/classes-recipe/rootfs-postcommands.bbclass
index 4492c9c0aa..53b241413e 100644
--- a/meta/classes-recipe/rootfs-postcommands.bbclass
+++ b/meta/classes-recipe/rootfs-postcommands.bbclass
@@ -49,6 +49,8 @@ ROOTFS_POSTPROCESS_COMMAND += 'empty_var_volatile;'
ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains("DISTRO_FEATURES",
"overlayfs", "overlayfs_qa_check; overlayfs_postprocess;", "", d)}'
+ROOTFS_POSTPROCESS_COMMAND += 'remove_unused_dnf_log_lock;'
+
inherit image-artifact-names
# Sort the user and group entries in /etc by ID in order to make the content
@@ -361,6 +363,11 @@ empty_var_volatile () {
fi
}
+remove_unused_dnf_log_lock() {
+ if [ -e ${IMAGE_ROOTFS}/log_lock.pid ]; then
+ rm -rf ${IMAGE_ROOTFS}/log_lock.pid
+ fi
+}
# Turn any symbolic /sbin/init link into a file
remove_init_link () {
if [ -h ${IMAGE_ROOTFS}/sbin/init ]; then
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#183688):
https://lists.openembedded.org/g/openembedded-core/message/183688
Mute This Topic: https://lists.openembedded.org/mt/99869451/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] util-linux: fix the pylibmount installation path
On 29/06/2023 16:04, Richard Purdie wrote:
On Thu, 2023-06-29 at 15:50 +0200, Louis Rannou wrote:
On 29/06/2023 14:59, Richard Purdie wrote:
On Thu, 2023-06-29 at 12:37 +, Louis Rannou wrote:
Append the install task to move the python library from ${base_libdir}
to ${PYTHON_SITEPACKAGES_DIR}.
Signed-off-by: Louis Rannou
---
As we install libraries of util-linux in ${base_libdir} (/lib), the
python library pylibmount is also installed there. An issue was raised
when pylibmount was added to PACKAGECONFIG.
---
meta/recipes-core/util-linux/util-linux_2.38.1.bb | 11 ++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/meta/recipes-core/util-linux/util-linux_2.38.1.bb
b/meta/recipes-core/util-linux/util-linux_2.38.1.bb
index 9ea7a04e8a..f9a9fdcfaf 100644
--- a/meta/recipes-core/util-linux/util-linux_2.38.1.bb
+++ b/meta/recipes-core/util-linux/util-linux_2.38.1.bb
@@ -1,7 +1,7 @@
require util-linux.inc
#gtk-doc is not enabled as it requires xmlto which requires util-linux
-inherit autotools gettext manpages pkgconfig systemd update-alternatives
python3-dir bash-completion ptest
+inherit autotools gettext manpages pkgconfig systemd update-alternatives
python3-dir python3targetconfig bash-completion ptest
DEPENDS = "libcap-ng ncurses virtual/crypt zlib util-linux-libuuid"
PACKAGES =+ "${PN}-swaponoff"
@@ -320,3 +320,12 @@ do_install_ptest() {
rm -rf ${D}${PTEST_PATH}/tests/ts/chfn
fi
}
+
+do_install:append() {
+if [ -d ${D}${base_libdir}/${PYTHON_DIR}/site-packages/libmount ]
+then
+install -d ${D}${PYTHON_SITEPACKAGES_DIR}
+mv ${D}${base_libdir}/${PYTHON_DIR}/site-packages/libmount
${D}${PYTHON_SITEPACKAGES_DIR}/
+rm -rf ${D}${base_libdir}/${PYTHON_DIR}
+fi
+}
When it is being installed, can we not pass the right path into the
build system so it ends up in the right place?
I would love that. But the build system installs the libraries and the
python package using the same prefix which we specify to ${base_libdir}.
I have asked a quick question on IRC. I'll send a mail to the util-linux
mailing list if I get no answer.
Perhaps we should just let util-linux install to libdir instead of
base_libdir. The reasons for using base_libdir are effectively
historical now anyway...
I can do that, but if /lib and /usr/lib are distincts we probably
require util-linux to be in /lib, don't we ? For example, if /usr is a
separate partition.
Thanks,
Louis
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#183687):
https://lists.openembedded.org/g/openembedded-core/message/183687
Mute This Topic: https://lists.openembedded.org/mt/99849709/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [mickledore][PATCH 2/2] rootfs-postcommands.bbclass: add post func remove_unused_dnf_log_lock
From: Changqing Li
Remove log_lock.pid which maybe created during do_rootfs. In commit
[dnf: only write the log lock to root for native dnf],
native dnf changed to write log lock to root, and target dnf still
use /var/log, so log_lock.pid need to be removed post do_rootfs.
Signed-off-by: Changqing Li
---
meta/classes-recipe/rootfs-postcommands.bbclass | 7 +++
1 file changed, 7 insertions(+)
diff --git a/meta/classes-recipe/rootfs-postcommands.bbclass
b/meta/classes-recipe/rootfs-postcommands.bbclass
index 690fa976aa..7538c8b0b5 100644
--- a/meta/classes-recipe/rootfs-postcommands.bbclass
+++ b/meta/classes-recipe/rootfs-postcommands.bbclass
@@ -49,6 +49,8 @@ ROOTFS_POSTPROCESS_COMMAND += 'empty_var_volatile;'
ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains("DISTRO_FEATURES",
"overlayfs", "overlayfs_qa_check; overlayfs_postprocess;", "", d)}'
+ROOTFS_POSTPROCESS_COMMAND += 'remove_unused_dnf_log_lock;'
+
inherit image-artifact-names
# Sort the user and group entries in /etc by ID in order to make the content
@@ -276,6 +278,11 @@ empty_var_volatile () {
fi
}
+remove_unused_dnf_log_lock() {
+ if [ -e ${IMAGE_ROOTFS}/log_lock.pid ]; then
+ rm -rf ${IMAGE_ROOTFS}/log_lock.pid
+ fi
+}
# Turn any symbolic /sbin/init link into a file
remove_init_link () {
if [ -h ${IMAGE_ROOTFS}/sbin/init ]; then
--
2.35.5
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#183686):
https://lists.openembedded.org/g/openembedded-core/message/183686
Mute This Topic: https://lists.openembedded.org/mt/99869175/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [mickledore][PATCH 1/2] dnf: only write the log lock to root for native dnf
From: Changqing Li >From commit 742a1b7124, log_lock.pid is writen to root, but following file is not changed, which will make it never deleted, and an unexpected file exist in root dir after boot target. $ tail -n 1 etc/tmpfiles.d/dnf.conf r /var/log/log_lock.pid Besides, root dir may be read-only, so it is better still keep the log_lock.pid under /var/log, only write the log lock to root for native dnf for fixing issue mentioned in 742a1b7124 Signed-off-by: Changqing Li --- meta/recipes-devtools/dnf/dnf_4.14.0.bb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/meta/recipes-devtools/dnf/dnf_4.14.0.bb b/meta/recipes-devtools/dnf/dnf_4.14.0.bb index 62df8c4ace..95007c9c4b 100644 --- a/meta/recipes-devtools/dnf/dnf_4.14.0.bb +++ b/meta/recipes-devtools/dnf/dnf_4.14.0.bb @@ -15,9 +15,10 @@ SRC_URI = "git://github.com/rpm-software-management/dnf.git;branch=master;protoc file://0029-Do-not-set-PYTHON_INSTALL_DIR-by-running-python.patch \ file://0030-Run-python-scripts-using-env.patch \ file://0001-set-python-path-for-completion_helper.patch \ - file://0001-dnf-write-the-log-lock-to-root.patch \ " +SRC_URI:append:class-native = "file://0001-dnf-write-the-log-lock-to-root.patch" + SRCREV = "e50875b3f5790f70720bdb670e1dd2bf4d828744" UPSTREAM_CHECK_GITTAGREGEX = "(?P\d+(\.\d+)+)" -- 2.35.5 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#183685): https://lists.openembedded.org/g/openembedded-core/message/183685 Mute This Topic: https://lists.openembedded.org/mt/99869174/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [meta-oe][PATCH] uninative-tarball.xz - reproducibility fix
On Fri, 2023-06-30 at 09:03 +0200, Robert Berger wrote:
> Hi,
>
> My comments are inline
>
> On 29/06/2023 16:07, Richard Purdie wrote:
> > > +SDKTAROPTS_ADDON ?= "--clamp-mtime --mtime=@${SOURCE_DATE_EPOCH}"
> > >
> >
> > Thanks, looks good. I did wonder if we could just put this in
> > SDKTAROPTS though? Do we really need to add a new variable?
> >
>
> Functionality-wise it's fine to add it to SDKTAROPTS. The default value
> I added would give people the chance to experiment with different
> options as well.
>
> If you want me to "hard code" it I'll create a v2.
>
> Just let me know.
Lets just add to the existing variable, I don't think we need another
one for this.
Cheers,
Richard
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#183684):
https://lists.openembedded.org/g/openembedded-core/message/183684
Mute This Topic: https://lists.openembedded.org/mt/99851149/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [meta-oe][PATCH] uninative-tarball.xz - reproducibility fix
Hi,
Not sure my previous reply made it to the list.
So I try it again here.
On 29/06/2023 16:07, Richard Purdie wrote:
On Thu, 2023-06-29 at 16:02 +0200, Robert Berger wrote:
added --clamp-mtime --mtime to the tar command
see:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=15148
Signed-off-by: Robert Berger
---
meta/classes-recipe/populate_sdk_base.bbclass | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/meta/classes-recipe/populate_sdk_base.bbclass
b/meta/classes-recipe/populate_sdk_base.bbclass
index b23ea26d40..c804e7520a 100644
--- a/meta/classes-recipe/populate_sdk_base.bbclass
+++ b/meta/classes-recipe/populate_sdk_base.bbclass
@@ -86,7 +86,7 @@ python () {
d.setVar('SDK_ARCHIVE_CMD', 'cd ${SDK_OUTPUT}/${SDKPATH}; zip -r
${SDK_ZIP_OPTIONS} ${SDKDEPLOYDIR}/${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE}
.')
else:
d.setVar('SDK_ARCHIVE_DEPENDS', 'xz-native')
- d.setVar('SDK_ARCHIVE_CMD', 'cd ${SDK_OUTPUT}/${SDKPATH}; tar
${SDKTAROPTS} -cf - . | xz ${SDK_XZ_OPTIONS} >
${SDKDEPLOYDIR}/${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE}')
+ d.setVar('SDK_ARCHIVE_CMD', 'cd ${SDK_OUTPUT}/${SDKPATH}; tar
${SDKTAROPTS} ${SDKTAROPTS_ADDON} -cf - . | xz ${SDK_XZ_OPTIONS} >
${SDKDEPLOYDIR}/${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE}')
}
SDK_RDEPENDS = "${TOOLCHAIN_TARGET_TASK} ${TOOLCHAIN_HOST_TASK}"
@@ -286,6 +286,7 @@ python check_sdk_sysroots() {
}
SDKTAROPTS = "--owner=root --group=root"
+SDKTAROPTS_ADDON ?= "--clamp-mtime --mtime=@${SOURCE_DATE_EPOCH}"
Thanks, looks good. I did wonder if we could just put this in
SDKTAROPTS though? Do we really need to add a new variable?
Functionality-wise it's fine to add it to SDKTAROPTS. The default value
I added would give people the chance to experiment with different
options as well.
If you want me to "hard code" it I'll create a v2.
Just let me know.
Cheers,
Richard
Regards,
Robert
--
Robert Berger
Embedded Software Evangelist
Reliable Embedded Systems
Consulting Training Engineering
URL: https://www.reliableembeddedsystems.com
Schedule a web meeting:
https://calendly.com/reliableembeddedsystems/
~~~
--
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#183683):
https://lists.openembedded.org/g/openembedded-core/message/183683
Mute This Topic: https://lists.openembedded.org/mt/99851149/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
