Re: [yocto] [meta-security][PATCH 04/17] swtpm: add new package

[Andre McCurdy]

On Mon, Oct 17, 2016 at 5:02 PM, Armin Kuster  wrote:
> Signed-off-by: Armin Kuster 
> ---
>  recipes-tpm/swtpm/files/fix_lib_search_path.patch | 41 
> +++
>  recipes-tpm/swtpm/swtpm_1.0.bb| 38 +
>  2 files changed, 79 insertions(+)
>  create mode 100644 recipes-tpm/swtpm/files/fix_lib_search_path.patch
>  create mode 100644 recipes-tpm/swtpm/swtpm_1.0.bb
>
> diff --git a/recipes-tpm/swtpm/files/fix_lib_search_path.patch 
> b/recipes-tpm/swtpm/files/fix_lib_search_path.patch
> new file mode 100644
> index 000..015f418
> --- /dev/null
> +++ b/recipes-tpm/swtpm/files/fix_lib_search_path.patch
> @@ -0,0 +1,41 @@
> +
> +Upstream-Status: Inappropriate [OE config]
> +
> +Signed-off-by: Armin Kuster 
> +
> +Index: configure.ac
> +===
> +--- a/configure.ac
>  b/configure.ac
> +@@ -349,21 +349,17 @@ CFLAGS="$CFLAGS -Wformat -Wformat-securi
> + dnl We have to make sure libtpms is using the same crypto library
> + dnl to avoid problems
> + AC_MSG_CHECKING([the crypto library libtpms is using])
> +-dirs=$($CC $CFLAGS -Xlinker --verbose 2>/dev/null | \
> +-   sed -n '/SEARCH_DIR/p' | \
> +-   sed 's/SEARCH_DIR("=\?\(@<:@^"@:>@\+\)"); */\1\n/g')
> +-for dir in $dirs; do
> +-  if test -r $dir/libtpms.so; then
> +-if test -n "`ldd $dir/libtpms.so | grep libcrypto.so`"; then
> +-  libtpms_cryptolib="openssl"
> +-  break
> +-fi
> +-if test -n "`ldd $dir/libtpms.so | grep libnss3.so`"; then
> +-  libtpms_cryptolib="freebl"
> +-  break
> +-fi
> ++dir="$SEARCH_DIR"
> ++if test -r $dir/libtpms.so; then
> ++  if test -n "`ldd $dir/libtpms.so | grep libcrypto.so`"; then
> ++libtpms_cryptolib="openssl"
> ++break
> +   fi
> +-done
> ++  if test -n "`ldd $dir/libtpms.so | grep libnss3.so`"; then
> ++libtpms_cryptolib="freebl"
> ++break
> ++  fi
> ++fi
> +
> + if test -z "$libtpms_cryptolib"; then
> +   AC_MSG_ERROR([Could not determine libtpms crypto library.])
> diff --git a/recipes-tpm/swtpm/swtpm_1.0.bb b/recipes-tpm/swtpm/swtpm_1.0.bb
> new file mode 100644
> index 000..ae16e51
> --- /dev/null
> +++ b/recipes-tpm/swtpm/swtpm_1.0.bb
> @@ -0,0 +1,38 @@
> +SUMMARY = "SWTPM - Software TPM Emulator"
> +LICENSE = "BSD-3-Clause"
> +LIC_FILES_CHKSUM = "file://LICENSE;md5=fe8092c832b71ef20dfe4c6d3decb3a8"
> +SECTION = "tpm"
> +
> +DEPENDS = "libtasn1 fuse expect socat glib-2.0 libtpm-native"
> +
> +SRCREV = "2cd10cee2f74c84bda22081514b6b2cb566fa42d"
> +SRC_URI = "git://github.com/stefanberger/swtpm.git \
> +  file://fix_lib_search_path.patch"
> +
> +S = "${WORKDIR}/git"
> +
> +inherit autotools-brokensep pkgconfig
> +PARALLEL_MAKE = ""
> +
> +TSS_USER="tss"
> +TSS_GROUP="tss"
> +
> +PACKAGECONFIG ?= "openssl"
> +PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 
> 'selinux', '', d)}"
> +PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl"
> +PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls"
> +PACKAGECONFIG[selinux] = "--with-selinux, --without-selinux, linselinux"

linselinux -> libselinux

> +
> +CACHED_CONFIGUREVARS = "ac_cv_path_EXPECT=${STAGING_LIBDIR} \
> +ac_cv_path_SOCAT=${STAGING_LIBDIR} "
> +
> +EXTRA_OECONF += "--with-tss-user=${TSS_USER} --with-tss-group=${TSS_GROUP}"
> +
> +export SEARCH_DIR = "${STAGING_LIBDIR_NATIVE}"
> +
> +USERADD_PACKAGES = "${PN}"
> +GROUPADD_PARAM_${PN} = "--system ${TSS_USER}"
> +USERADD_PARAM_${PN} = "--system -g ${TSS_GROUP} --home-dir  \
> +--no-create-home  --shell /bin/false ${BPN}"
> +
> +RDEPENDS_${PN} = "libtpm expect socat bash"
> --
> 2.7.4
>
> --
> ___
> yocto mailing list
> yocto@yoctoproject.org
> https://lists.yoctoproject.org/listinfo/yocto
-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] [meta-security][PATCH 04/17] swtpm: add new package

[akuster808]

On 10/17/2016 05:17 PM, Khem Raj wrote:

On Oct 17, 2016, at 5:02 PM, Armin Kuster  wrote:

Signed-off-by: Armin Kuster 
---
recipes-tpm/swtpm/files/fix_lib_search_path.patch | 41 +++
recipes-tpm/swtpm/swtpm_1.0.bb| 38 +
2 files changed, 79 insertions(+)
create mode 100644 recipes-tpm/swtpm/files/fix_lib_search_path.patch
create mode 100644 recipes-tpm/swtpm/swtpm_1.0.bb

diff --git a/recipes-tpm/swtpm/files/fix_lib_search_path.patch 
b/recipes-tpm/swtpm/files/fix_lib_search_path.patch
new file mode 100644
index 000..015f418
--- /dev/null
+++ b/recipes-tpm/swtpm/files/fix_lib_search_path.patch
@@ -0,0 +1,41 @@
+
+Upstream-Status: Inappropriate [OE config]
+
+Signed-off-by: Armin Kuster 
+
+Index: configure.ac
+===
+--- a/configure.ac
 b/configure.ac
+@@ -349,21 +349,17 @@ CFLAGS="$CFLAGS -Wformat -Wformat-securi
+ dnl We have to make sure libtpms is using the same crypto library
+ dnl to avoid problems
+ AC_MSG_CHECKING([the crypto library libtpms is using])
+-dirs=$($CC $CFLAGS -Xlinker --verbose 2>/dev/null | \
+-   sed -n '/SEARCH_DIR/p' | \
+-   sed 's/SEARCH_DIR("=\?\(@<:@^"@:>@\+\)"); */\1\n/g')
+-for dir in $dirs; do
+-  if test -r $dir/libtpms.so; then
+-if test -n "`ldd $dir/libtpms.so | grep libcrypto.so`"; then
+-  libtpms_cryptolib="openssl"
+-  break
+-fi
+-if test -n "`ldd $dir/libtpms.so | grep libnss3.so`"; then
+-  libtpms_cryptolib="freebl"
+-  break
+-fi
++dir="$SEARCH_DIR"
++if test -r $dir/libtpms.so; then
++  if test -n "`ldd $dir/libtpms.so | grep libcrypto.so`"; then
++libtpms_cryptolib="openssl"
++break
+   fi
+-done
++  if test -n "`ldd $dir/libtpms.so | grep libnss3.so`"; then
++libtpms_cryptolib="freebl"
++break
++  fi
++fi
+
+ if test -z "$libtpms_cryptolib"; then
+   AC_MSG_ERROR([Could not determine libtpms crypto library.])
diff --git a/recipes-tpm/swtpm/swtpm_1.0.bb b/recipes-tpm/swtpm/swtpm_1.0.bb
new file mode 100644
index 000..ae16e51
--- /dev/null
+++ b/recipes-tpm/swtpm/swtpm_1.0.bb
@@ -0,0 +1,38 @@
+SUMMARY = "SWTPM - Software TPM Emulator"
+LICENSE = "BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=fe8092c832b71ef20dfe4c6d3decb3a8"
+SECTION = “tpm"

this should be ‘apps’ perhaps.


+
+DEPENDS = "libtasn1 fuse expect socat glib-2.0 libtpm-native"
+
+SRCREV = "2cd10cee2f74c84bda22081514b6b2cb566fa42d"
+SRC_URI = "git://github.com/stefanberger/swtpm.git \
+  file://fix_lib_search_path.patch"
+
+S = "${WORKDIR}/git"
+
+inherit autotools-brokensep pkgconfig
+PARALLEL_MAKE = ""
+
+TSS_USER="tss"
+TSS_GROUP="tss"
+
+PACKAGECONFIG ?= "openssl"
+PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', 
d)}"
+PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl"
+PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls"
+PACKAGECONFIG[selinux] = "--with-selinux, --without-selinux, linselinux"
+
+CACHED_CONFIGUREVARS = "ac_cv_path_EXPECT=${STAGING_LIBDIR} \
+ac_cv_path_SOCAT=${STAGING_LIBDIR} “

STAGING_LIBDIR seems dubious here. Can you check if it needs it during build 
then it should
point to native versions.if it needs during runtime then it should be ${libdir}

K. Found a cleaner solution.

thanks for the feedback.
-Armin



+
+EXTRA_OECONF += "--with-tss-user=${TSS_USER} --with-tss-group=${TSS_GROUP}"
+
+export SEARCH_DIR = "${STAGING_LIBDIR_NATIVE}"
+
+USERADD_PACKAGES = "${PN}"
+GROUPADD_PARAM_${PN} = "--system ${TSS_USER}"
+USERADD_PARAM_${PN} = "--system -g ${TSS_GROUP} --home-dir  \
+--no-create-home  --shell /bin/false ${BPN}"
+
+RDEPENDS_${PN} = "libtpm expect socat bash”

This probably should be +=


--
2.7.4

--
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto


--
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] Release Candidate Build for yocto-2.2.rc4.rc4 now available.

[Poky Build User]

A release candidate build for yocto-2.2.rc4 is now available at:


http://autobuilder.yoctoproject.org/pub/releases/yocto-2.2.rc4


Please begin QA on this build as soon as possible.


Build hash information: 
meta-qt4 : fc9b050569e94b5176bed28b69ef28514e4e4553 
meta-intel : 9052773016727a9398d1e6b6830dc94f3203f754 
meta-minnow : 9c965ef5252e383843d796cd8b50c61b3034b6ae 
meta-qt3 : f33b73a9563f2dfdfd0ee37b61d65d90197a456f 
poky : 4b94b498e21aeba945fe7e72a6b7c4bb0314fb83 

\nThis is an automated message from\nThe Yocto Project Autobuilder\nGit: 
git://git.yoctoproject.org/yocto-autobuilder\nEmail: pi...@toganlabs.com 
-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] [meta-security][PATCH 02/17] tpm-tools: add native support

[Khem Raj]

> On Oct 17, 2016, at 6:29 PM, akuster808  wrote:
> 
> 
> 
> On 10/17/2016 05:10 PM, Khem Raj wrote:
>>> On Oct 17, 2016, at 5:02 PM, Armin Kuster  
>>>  wrote:
>>> 
>>> Signed-off-by: Armin Kuster  
>>> 
>>> ---
>>> recipes-tpm/tpm-tools/tpm-tools_1.3.8.bb |  3 +++
>>> recipes-tpm/tpm2.0-tools/tpm2.0-tools_git.bb | 23 +++
>>> 2 files changed, 26 insertions(+)
>>> create mode 100644 recipes-tpm/tpm2.0-tools/tpm2.0-tools_git.bb
>>> 
>>> diff --git a/recipes-tpm/tpm-tools/tpm-tools_1.3.8.bb 
>>> b/recipes-tpm/tpm-tools/tpm-tools_1.3.8.bb
>>> index 5645976..99ea8ee 100644
>>> --- a/recipes-tpm/tpm-tools/tpm-tools_1.3.8.bb
>>> +++ b/recipes-tpm/tpm-tools/tpm-tools_1.3.8.bb
>>> @@ -9,6 +9,7 @@ SECTION = "tpm"
>>> LICENSE = "CPL-1.0"
>>> LIC_FILES_CHKSUM = "file://LICENSE;md5=059e8cd6165cb4c31e351f2b69388fd9" 
>>> 
>>> DEPENDS = "libtspi openssl"
>>> +DEPENDS_class-native = "trousers-native"
>>> 
>>> SRC_URI += " \
>>> http://downloads.sourceforge.net/project/trousers/$ 
>>> {BPN}/${PV}/${BP}.tar.gz
>>>  \
>>> @@ -20,3 +21,5 @@ SRC_URI[md5sum] = "85a978c4e03fefd4b73cbeadde7c4d0b"
>>> SRC_URI[sha256sum] = 
>>> "66eb4ff095542403db6b4bd4b574e8a5c08084fe4e9e5aa9a829ee84e20bea83"
>>> 
>>> inherit autotools gettext
>>> +
>>> +BBCLASSEXTEND = "native"
>>> diff --git a/recipes-tpm/tpm2.0-tools/tpm2.0-tools_git.bb 
>>> b/recipes-tpm/tpm2.0-tools/tpm2.0-tools_git.bb
>>> new file mode 100644
>>> index 000..be49dd9
>>> --- /dev/null
>>> +++ b/recipes-tpm/tpm2.0-tools/tpm2.0-tools_git.bb
>>> @@ -0,0 +1,23 @@
>>> +SUMMARY = "Tools for TPM2."
>>> +DESCRIPTION = "tpm2.0-tools"
>>> +LICENSE = "BSD"
>>> +LIC_FILES_CHKSUM = "file://LICENSE;md5=91b7c548d73ea16537799e8060cea819" 
>>> 
>>> +SECTION = "tpm"
>>> +
>>> +DEPENDS = "tpm2.0-tss openssl curl"
>>> +
>>> +SRCREV = "c924cc8ca752e5af6a829f893c6be4b185d56e99"
>>> +
>>> +SRC_URI = 
>>> "git://github.com/01org/tpm2.0-tools.git;protocol=git;branch=master;name=tpm2.0-tools;destsuffix=tpm2.0-tools"
>>> +
>>> +S = "${WORKDIR}/tpm2.0-tools"
>>> +
>>> +PV = "1.0+git${SRCPV}”
>> it seems to be 2.0 isn’t it ?
> tpm2.0 refers to the TPM standard version 2, not the sources version. There 
> are no versions on the git sources that I could decode. I will drop it all 
> together and use SRCPV.
> 


I see ok thanks

> thanks,
> Armin
>> 
>>> +
>>> +inherit autotools-brokensep pkgconfig
>>> +
>>> +do_configure () {
>>> +   cd ${S}
>>> +   ./bootstrap  --force
>>> +   ./configure ${CONFIGUREOPTS} ${EXTRA_OECONF}
>>> +}
>>> --
>>> 2.7.4
>>> 
>>> --
>>> ___
>>> yocto mailing list
>>> yocto@yoctoproject.org 
>>> https://lists.yoctoproject.org/listinfo/yocto 
>>> 
>> 
>> 
> 



signature.asc
Description: Message signed with OpenPGP using GPGMail
-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] [meta-security][PATCH 05/17] tpm2simulator: add package

[Khem Raj]

> On Oct 17, 2016, at 6:21 PM, akuster808  wrote:
> 
> 
> 
> On 10/17/2016 05:13 PM, Khem Raj wrote:
>>> On Oct 17, 2016, at 5:02 PM, Armin Kuster  
>>>  wrote:
>>> 
>>> Signed-off-by: Armin Kuster  
>>> 
>>> ---
>>> .../tpm2simulator/tpm2simulator-native_116.bb  | 25 
>>> ++
>>> 1 file changed, 25 insertions(+)
>>> create mode 100644 recipes-tpm/tpm2simulator/tpm2simulator-native_116.bb
>>> 
>>> diff --git a/recipes-tpm/tpm2simulator/tpm2simulator-native_116.bb 
>>> b/recipes-tpm/tpm2simulator/tpm2simulator-native_116.bb
>>> new file mode 100644
>>> index 000..33eaf99
>>> --- /dev/null
>>> +++ b/recipes-tpm/tpm2simulator/tpm2simulator-native_116.bb
>>> @@ -0,0 +1,25 @@
>>> +SUMMARY = "TPM 2.0 Simulator Extraction Script"
>>> +LICENSE = "BSD-2-Clause"
>>> +LIC_FILES_CHKSUM = 
>>> "file://../LICENSE;md5=1415f7be284540b81d9d28c67c1a6b8b" 
>>> 
>>> +
>>> +DEPENDS += "python"
>>> +
>>> +SRCREV = "93dc4412432013ed7bcabd42007754c68f6e362e"
>>> +SRC_URI = "git://github.com/stwagnr/tpm2simulator.git"
>>> +
>>> +S = "${WORKDIR}/git/cmake"
>>> +
>>> +PV = "116+git${SRCPV}"
>>> +
>>> +inherit native lib_package cmake
>>> +
>>> +EXTRA_OECMAKE = " \
>>> +   -DCMAKE_BUILD_TYPE=Debug \
>>> +   -DSPEC_VERSION=116 \
>>> +"
>>> +
>>> +do_configure_prepend () {
>>> +   sed -i 's/^SET = False/SET = True/' ${WORKDIR}/git/scripts/settings.py
>> use S instead of WORKDIR
> S = "${WORKDIR}/git/cmake"
> 
> that file does not reside there.

I think it will break devtool and externalsrc builds.

> 
> the build process does a relative ref outside the "cmake" dir to run the 
> scripts.
> 
> unless you mean I should do " ${S}/../scripts/settings.py" ?
>> 
>>> +}
>>> +
>>> +BBCLASSEXTEND = “native"
>> it is not needed.
> k
> 
> thanks for the review.
> 
> - armin
>> 
>>> --
>>> 2.7.4
>>> 
>>> --
>>> ___
>>> yocto mailing list
>>> yocto@yoctoproject.org 
>>> https://lists.yoctoproject.org/listinfo/yocto 
>>> 
>> 
>> 
> 



signature.asc
Description: Message signed with OpenPGP using GPGMail
-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] [meta-security][PATCH 02/17] tpm-tools: add native support

[akuster808]

On 10/17/2016 05:10 PM, Khem Raj wrote:

On Oct 17, 2016, at 5:02 PM, Armin Kuster  wrote:

Signed-off-by: Armin Kuster 
---
recipes-tpm/tpm-tools/tpm-tools_1.3.8.bb |  3 +++
recipes-tpm/tpm2.0-tools/tpm2.0-tools_git.bb | 23 +++
2 files changed, 26 insertions(+)
create mode 100644 recipes-tpm/tpm2.0-tools/tpm2.0-tools_git.bb

diff --git a/recipes-tpm/tpm-tools/tpm-tools_1.3.8.bb 
b/recipes-tpm/tpm-tools/tpm-tools_1.3.8.bb
index 5645976..99ea8ee 100644
--- a/recipes-tpm/tpm-tools/tpm-tools_1.3.8.bb
+++ b/recipes-tpm/tpm-tools/tpm-tools_1.3.8.bb
@@ -9,6 +9,7 @@ SECTION = "tpm"
LICENSE = "CPL-1.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=059e8cd6165cb4c31e351f2b69388fd9"
DEPENDS = "libtspi openssl"
+DEPENDS_class-native = "trousers-native"

SRC_URI += " \
 
http://downloads.sourceforge.net/project/trousers/${BPN}/${PV}/${BP}.tar.gz \
@@ -20,3 +21,5 @@ SRC_URI[md5sum] = "85a978c4e03fefd4b73cbeadde7c4d0b"
SRC_URI[sha256sum] = 
"66eb4ff095542403db6b4bd4b574e8a5c08084fe4e9e5aa9a829ee84e20bea83"

inherit autotools gettext
+
+BBCLASSEXTEND = "native"
diff --git a/recipes-tpm/tpm2.0-tools/tpm2.0-tools_git.bb 
b/recipes-tpm/tpm2.0-tools/tpm2.0-tools_git.bb
new file mode 100644
index 000..be49dd9
--- /dev/null
+++ b/recipes-tpm/tpm2.0-tools/tpm2.0-tools_git.bb
@@ -0,0 +1,23 @@
+SUMMARY = "Tools for TPM2."
+DESCRIPTION = "tpm2.0-tools"
+LICENSE = "BSD"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=91b7c548d73ea16537799e8060cea819"
+SECTION = "tpm"
+
+DEPENDS = "tpm2.0-tss openssl curl"
+
+SRCREV = "c924cc8ca752e5af6a829f893c6be4b185d56e99"
+
+SRC_URI = 
"git://github.com/01org/tpm2.0-tools.git;protocol=git;branch=master;name=tpm2.0-tools;destsuffix=tpm2.0-tools"
+
+S = "${WORKDIR}/tpm2.0-tools"
+
+PV = "1.0+git${SRCPV}”

it seems to be 2.0 isn’t it ?
tpm2.0 refers to the TPM standard version 2, not the sources version. 
There are no versions on the git sources that I could decode. I will 
drop it all together and use SRCPV.


thanks,
Armin



+
+inherit autotools-brokensep pkgconfig
+
+do_configure () {
+   cd ${S}
+   ./bootstrap  --force
+   ./configure ${CONFIGUREOPTS} ${EXTRA_OECONF}
+}
--
2.7.4

--
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto





-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] [meta-security][PATCH 03/17] libtpm: add new package

[akuster808]

On 10/17/2016 05:14 PM, Khem Raj wrote:

On Oct 17, 2016, at 5:02 PM, Armin Kuster  wrote:

Signed-off-by: Armin Kuster 
---
recipes-tpm/libtpm/libtpm_1.0.bb | 13 +
1 file changed, 13 insertions(+)
create mode 100644 recipes-tpm/libtpm/libtpm_1.0.bb

diff --git a/recipes-tpm/libtpm/libtpm_1.0.bb b/recipes-tpm/libtpm/libtpm_1.0.bb
new file mode 100644
index 000..61c1d7c
--- /dev/null
+++ b/recipes-tpm/libtpm/libtpm_1.0.bb
@@ -0,0 +1,13 @@
+SUMMARY = "LIBPM - Software TPM Library"
+LICENSE = "BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=97e5eea8d700d76b3ddfd35c4c96485f"
+SRCREV = "e5dc628043e981c9f8d7711ddfe5812c8f4e38cc"
+SRC_URI = "git://github.com/stefanberger/libtpms.git"
+
+S = "${WORKDIR}/git”


how about PV expressed in form of SRCPV

can do.

-armin



+inherit autotools-brokensep pkgconfig
+
+PACKAGECONFIG ?= "openssl"
+PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl"
+
+BBCLASSEXTEND = "native"
--
2.7.4

--
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto





-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] [meta-security][PATCH 05/17] tpm2simulator: add package

[akuster808]

On 10/17/2016 05:13 PM, Khem Raj wrote:

On Oct 17, 2016, at 5:02 PM, Armin Kuster  wrote:

Signed-off-by: Armin Kuster 
---
.../tpm2simulator/tpm2simulator-native_116.bb  | 25 ++
1 file changed, 25 insertions(+)
create mode 100644 recipes-tpm/tpm2simulator/tpm2simulator-native_116.bb

diff --git a/recipes-tpm/tpm2simulator/tpm2simulator-native_116.bb 
b/recipes-tpm/tpm2simulator/tpm2simulator-native_116.bb
new file mode 100644
index 000..33eaf99
--- /dev/null
+++ b/recipes-tpm/tpm2simulator/tpm2simulator-native_116.bb
@@ -0,0 +1,25 @@
+SUMMARY = "TPM 2.0 Simulator Extraction Script"
+LICENSE = "BSD-2-Clause"
+LIC_FILES_CHKSUM = "file://../LICENSE;md5=1415f7be284540b81d9d28c67c1a6b8b"
+
+DEPENDS += "python"
+
+SRCREV = "93dc4412432013ed7bcabd42007754c68f6e362e"
+SRC_URI = "git://github.com/stwagnr/tpm2simulator.git"
+
+S = "${WORKDIR}/git/cmake"
+
+PV = "116+git${SRCPV}"
+
+inherit native lib_package cmake
+
+EXTRA_OECMAKE = " \
+   -DCMAKE_BUILD_TYPE=Debug \
+   -DSPEC_VERSION=116 \
+"
+
+do_configure_prepend () {
+   sed -i 's/^SET = False/SET = True/' ${WORKDIR}/git/scripts/settings.py

use S instead of WORKDIR

S = "${WORKDIR}/git/cmake"

that file does not reside there.

the build process does a relative ref outside the "cmake" dir to run the 
scripts.


unless you mean I should do " ${S}/../scripts/settings.py" ?



+}
+
+BBCLASSEXTEND = “native"

it is not needed.

k

thanks for the review.

- armin



--
2.7.4

--
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto





-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] Error during configuration.

[Khem Raj]

> On Oct 17, 2016, at 5:57 PM, Vijayakumar Badiger  
> wrote:
> 
> Hello All,
> 
> I am getting an error while doing configuration. I see many people have got 
> this error, but I don't see any full threads mentioning how the issue got 
> fixed.
> Please someone help to me fix this issue.
> 
> I am attaching the logs for your reference.
> 
> configure:12619: aarch64-poky-linux-g++  
> --sysroot=/local/mnt/workspace/LV-kerneltest/poky/build/tmp-glibc/sysroots/msm8996
>  -qversion >&5
> aarch64-poky-linux-g++: error: unrecognized command line option '-qversion'
> aarch64-poky-linux-g++: fatal error: no input files
> compilation terminated.

This is not your error actually. The real error is

configure:16457: error: bad value 
'/local/mnt/workspace/LV-kerneltest/poky/build/tmp-glibc/work-shared/msm8996/kernel-build-artifacts'
 for --with-kernel; cannot find 
'/local/mnt/workspace/LV-kerneltest/poky/build/tmp-glibc/work-shared/msm8996/kernel-build-artifacts/Makefile'


so it seems your recipe has dependency on kernel but its missing in DEPENDS 
section of recipe.

> 
> Cheers,
> Vijay
> 
> --
> ___
> yocto mailing list
> yocto@yoctoproject.org
> https://lists.yoctoproject.org/listinfo/yocto



signature.asc
Description: Message signed with OpenPGP using GPGMail
-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] [meta-security][PATCH 03/17] libtpm: add new package

[Khem Raj]

> On Oct 17, 2016, at 5:02 PM, Armin Kuster  wrote:
> 
> Signed-off-by: Armin Kuster 
> ---
> recipes-tpm/libtpm/libtpm_1.0.bb | 13 +
> 1 file changed, 13 insertions(+)
> create mode 100644 recipes-tpm/libtpm/libtpm_1.0.bb
> 
> diff --git a/recipes-tpm/libtpm/libtpm_1.0.bb 
> b/recipes-tpm/libtpm/libtpm_1.0.bb
> new file mode 100644
> index 000..61c1d7c
> --- /dev/null
> +++ b/recipes-tpm/libtpm/libtpm_1.0.bb
> @@ -0,0 +1,13 @@
> +SUMMARY = "LIBPM - Software TPM Library"
> +LICENSE = "BSD-3-Clause"
> +LIC_FILES_CHKSUM = "file://LICENSE;md5=97e5eea8d700d76b3ddfd35c4c96485f"
> +SRCREV = "e5dc628043e981c9f8d7711ddfe5812c8f4e38cc"
> +SRC_URI = "git://github.com/stefanberger/libtpms.git"
> +
> +S = "${WORKDIR}/git”


how about PV expressed in form of SRCPV

> +inherit autotools-brokensep pkgconfig
> +
> +PACKAGECONFIG ?= "openssl"
> +PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl"
> +
> +BBCLASSEXTEND = "native"
> --
> 2.7.4
> 
> --
> ___
> yocto mailing list
> yocto@yoctoproject.org
> https://lists.yoctoproject.org/listinfo/yocto



signature.asc
Description: Message signed with OpenPGP using GPGMail
-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] [meta-security][PATCH 04/17] swtpm: add new package

[Khem Raj]

> On Oct 17, 2016, at 5:02 PM, Armin Kuster  wrote:
> 
> Signed-off-by: Armin Kuster 
> ---
> recipes-tpm/swtpm/files/fix_lib_search_path.patch | 41 +++
> recipes-tpm/swtpm/swtpm_1.0.bb| 38 +
> 2 files changed, 79 insertions(+)
> create mode 100644 recipes-tpm/swtpm/files/fix_lib_search_path.patch
> create mode 100644 recipes-tpm/swtpm/swtpm_1.0.bb
> 
> diff --git a/recipes-tpm/swtpm/files/fix_lib_search_path.patch 
> b/recipes-tpm/swtpm/files/fix_lib_search_path.patch
> new file mode 100644
> index 000..015f418
> --- /dev/null
> +++ b/recipes-tpm/swtpm/files/fix_lib_search_path.patch
> @@ -0,0 +1,41 @@
> +
> +Upstream-Status: Inappropriate [OE config]
> +
> +Signed-off-by: Armin Kuster 
> +
> +Index: configure.ac
> +===
> +--- a/configure.ac
>  b/configure.ac
> +@@ -349,21 +349,17 @@ CFLAGS="$CFLAGS -Wformat -Wformat-securi
> + dnl We have to make sure libtpms is using the same crypto library
> + dnl to avoid problems
> + AC_MSG_CHECKING([the crypto library libtpms is using])
> +-dirs=$($CC $CFLAGS -Xlinker --verbose 2>/dev/null | \
> +-   sed -n '/SEARCH_DIR/p' | \
> +-   sed 's/SEARCH_DIR("=\?\(@<:@^"@:>@\+\)"); */\1\n/g')
> +-for dir in $dirs; do
> +-  if test -r $dir/libtpms.so; then
> +-if test -n "`ldd $dir/libtpms.so | grep libcrypto.so`"; then
> +-  libtpms_cryptolib="openssl"
> +-  break
> +-fi
> +-if test -n "`ldd $dir/libtpms.so | grep libnss3.so`"; then
> +-  libtpms_cryptolib="freebl"
> +-  break
> +-fi
> ++dir="$SEARCH_DIR"
> ++if test -r $dir/libtpms.so; then
> ++  if test -n "`ldd $dir/libtpms.so | grep libcrypto.so`"; then
> ++libtpms_cryptolib="openssl"
> ++break
> +   fi
> +-done
> ++  if test -n "`ldd $dir/libtpms.so | grep libnss3.so`"; then
> ++libtpms_cryptolib="freebl"
> ++break
> ++  fi
> ++fi
> +
> + if test -z "$libtpms_cryptolib"; then
> +   AC_MSG_ERROR([Could not determine libtpms crypto library.])
> diff --git a/recipes-tpm/swtpm/swtpm_1.0.bb b/recipes-tpm/swtpm/swtpm_1.0.bb
> new file mode 100644
> index 000..ae16e51
> --- /dev/null
> +++ b/recipes-tpm/swtpm/swtpm_1.0.bb
> @@ -0,0 +1,38 @@
> +SUMMARY = "SWTPM - Software TPM Emulator"
> +LICENSE = "BSD-3-Clause"
> +LIC_FILES_CHKSUM = "file://LICENSE;md5=fe8092c832b71ef20dfe4c6d3decb3a8"
> +SECTION = “tpm"

this should be ‘apps’ perhaps.

> +
> +DEPENDS = "libtasn1 fuse expect socat glib-2.0 libtpm-native"
> +
> +SRCREV = "2cd10cee2f74c84bda22081514b6b2cb566fa42d"
> +SRC_URI = "git://github.com/stefanberger/swtpm.git \
> +file://fix_lib_search_path.patch"
> +
> +S = "${WORKDIR}/git"
> +
> +inherit autotools-brokensep pkgconfig
> +PARALLEL_MAKE = ""
> +
> +TSS_USER="tss"
> +TSS_GROUP="tss"
> +
> +PACKAGECONFIG ?= "openssl"
> +PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 
> 'selinux', '', d)}"
> +PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl"
> +PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls"
> +PACKAGECONFIG[selinux] = "--with-selinux, --without-selinux, linselinux"
> +
> +CACHED_CONFIGUREVARS = "ac_cv_path_EXPECT=${STAGING_LIBDIR} \
> +ac_cv_path_SOCAT=${STAGING_LIBDIR} “

STAGING_LIBDIR seems dubious here. Can you check if it needs it during build 
then it should
point to native versions.if it needs during runtime then it should be ${libdir}

> +
> +EXTRA_OECONF += "--with-tss-user=${TSS_USER} --with-tss-group=${TSS_GROUP}"
> +
> +export SEARCH_DIR = "${STAGING_LIBDIR_NATIVE}"
> +
> +USERADD_PACKAGES = "${PN}"
> +GROUPADD_PARAM_${PN} = "--system ${TSS_USER}"
> +USERADD_PARAM_${PN} = "--system -g ${TSS_GROUP} --home-dir  \
> +--no-create-home  --shell /bin/false ${BPN}"
> +
> +RDEPENDS_${PN} = "libtpm expect socat bash”

This probably should be +=

> --
> 2.7.4
> 
> --
> ___
> yocto mailing list
> yocto@yoctoproject.org
> https://lists.yoctoproject.org/listinfo/yocto



signature.asc
Description: Message signed with OpenPGP using GPGMail
-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] [meta-security][PATCH 05/17] tpm2simulator: add package

[Khem Raj]

> On Oct 17, 2016, at 5:02 PM, Armin Kuster  wrote:
> 
> Signed-off-by: Armin Kuster 
> ---
> .../tpm2simulator/tpm2simulator-native_116.bb  | 25 ++
> 1 file changed, 25 insertions(+)
> create mode 100644 recipes-tpm/tpm2simulator/tpm2simulator-native_116.bb
> 
> diff --git a/recipes-tpm/tpm2simulator/tpm2simulator-native_116.bb 
> b/recipes-tpm/tpm2simulator/tpm2simulator-native_116.bb
> new file mode 100644
> index 000..33eaf99
> --- /dev/null
> +++ b/recipes-tpm/tpm2simulator/tpm2simulator-native_116.bb
> @@ -0,0 +1,25 @@
> +SUMMARY = "TPM 2.0 Simulator Extraction Script"
> +LICENSE = "BSD-2-Clause"
> +LIC_FILES_CHKSUM = "file://../LICENSE;md5=1415f7be284540b81d9d28c67c1a6b8b"
> +
> +DEPENDS += "python"
> +
> +SRCREV = "93dc4412432013ed7bcabd42007754c68f6e362e"
> +SRC_URI = "git://github.com/stwagnr/tpm2simulator.git"
> +
> +S = "${WORKDIR}/git/cmake"
> +
> +PV = "116+git${SRCPV}"
> +
> +inherit native lib_package cmake
> +
> +EXTRA_OECMAKE = " \
> + -DCMAKE_BUILD_TYPE=Debug \
> + -DSPEC_VERSION=116 \
> +"
> +
> +do_configure_prepend () {
> + sed -i 's/^SET = False/SET = True/' ${WORKDIR}/git/scripts/settings.py

use S instead of WORKDIR

> +}
> +
> +BBCLASSEXTEND = “native"

it is not needed.

> --
> 2.7.4
> 
> --
> ___
> yocto mailing list
> yocto@yoctoproject.org
> https://lists.yoctoproject.org/listinfo/yocto



signature.asc
Description: Message signed with OpenPGP using GPGMail
-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] [meta-security][PATCH 02/17] tpm-tools: add native support

[Khem Raj]

> On Oct 17, 2016, at 5:02 PM, Armin Kuster  wrote:
> 
> Signed-off-by: Armin Kuster 
> ---
> recipes-tpm/tpm-tools/tpm-tools_1.3.8.bb |  3 +++
> recipes-tpm/tpm2.0-tools/tpm2.0-tools_git.bb | 23 +++
> 2 files changed, 26 insertions(+)
> create mode 100644 recipes-tpm/tpm2.0-tools/tpm2.0-tools_git.bb
> 
> diff --git a/recipes-tpm/tpm-tools/tpm-tools_1.3.8.bb 
> b/recipes-tpm/tpm-tools/tpm-tools_1.3.8.bb
> index 5645976..99ea8ee 100644
> --- a/recipes-tpm/tpm-tools/tpm-tools_1.3.8.bb
> +++ b/recipes-tpm/tpm-tools/tpm-tools_1.3.8.bb
> @@ -9,6 +9,7 @@ SECTION = "tpm"
> LICENSE = "CPL-1.0"
> LIC_FILES_CHKSUM = "file://LICENSE;md5=059e8cd6165cb4c31e351f2b69388fd9"
> DEPENDS = "libtspi openssl"
> +DEPENDS_class-native = "trousers-native"
> 
> SRC_URI += " \
> 
> http://downloads.sourceforge.net/project/trousers/${BPN}/${PV}/${BP}.tar.gz \
> @@ -20,3 +21,5 @@ SRC_URI[md5sum] = "85a978c4e03fefd4b73cbeadde7c4d0b"
> SRC_URI[sha256sum] = 
> "66eb4ff095542403db6b4bd4b574e8a5c08084fe4e9e5aa9a829ee84e20bea83"
> 
> inherit autotools gettext
> +
> +BBCLASSEXTEND = "native"
> diff --git a/recipes-tpm/tpm2.0-tools/tpm2.0-tools_git.bb 
> b/recipes-tpm/tpm2.0-tools/tpm2.0-tools_git.bb
> new file mode 100644
> index 000..be49dd9
> --- /dev/null
> +++ b/recipes-tpm/tpm2.0-tools/tpm2.0-tools_git.bb
> @@ -0,0 +1,23 @@
> +SUMMARY = "Tools for TPM2."
> +DESCRIPTION = "tpm2.0-tools"
> +LICENSE = "BSD"
> +LIC_FILES_CHKSUM = "file://LICENSE;md5=91b7c548d73ea16537799e8060cea819"
> +SECTION = "tpm"
> +
> +DEPENDS = "tpm2.0-tss openssl curl"
> +
> +SRCREV = "c924cc8ca752e5af6a829f893c6be4b185d56e99"
> +
> +SRC_URI = 
> "git://github.com/01org/tpm2.0-tools.git;protocol=git;branch=master;name=tpm2.0-tools;destsuffix=tpm2.0-tools"
> +
> +S = "${WORKDIR}/tpm2.0-tools"
> +
> +PV = "1.0+git${SRCPV}”

it seems to be 2.0 isn’t it ?

> +
> +inherit autotools-brokensep pkgconfig
> +
> +do_configure () {
> + cd ${S}
> + ./bootstrap  --force
> + ./configure ${CONFIGUREOPTS} ${EXTRA_OECONF}
> +}
> --
> 2.7.4
> 
> --
> ___
> yocto mailing list
> yocto@yoctoproject.org
> https://lists.yoctoproject.org/listinfo/yocto



signature.asc
Description: Message signed with OpenPGP using GPGMail
-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-security][PATCH 15/17] samhain: recipe cleanup

[Armin Kuster]

add a few distro feature checks.

Signed-off-by: Armin Kuster 
---
 recipes-security/samhain/samhain-client_4.1.5.bb |  7 
 recipes-security/samhain/samhain-server_4.1.5.bb | 16 
 recipes-security/samhain/samhain.inc | 52 ++--
 3 files changed, 38 insertions(+), 37 deletions(-)

diff --git a/recipes-security/samhain/samhain-client_4.1.5.bb 
b/recipes-security/samhain/samhain-client_4.1.5.bb
index bb47449..4b04326 100644
--- a/recipes-security/samhain/samhain-client_4.1.5.bb
+++ b/recipes-security/samhain/samhain-client_4.1.5.bb
@@ -12,11 +12,4 @@ EXTRA_OECONF += " \
 --with-pid-file=/var/samhain/samhain.pid \
 "
 
-
-INSANE_SKIP_${PN} = "already-stripped"
-
-FILES_${PN} += "\
-/run \
-"
-
 RDEPENDS_${PN} = "acl zlib attr bash"
diff --git a/recipes-security/samhain/samhain-server_4.1.5.bb 
b/recipes-security/samhain/samhain-server_4.1.5.bb
index 0d76b9a..35f8775 100644
--- a/recipes-security/samhain/samhain-server_4.1.5.bb
+++ b/recipes-security/samhain/samhain-server_4.1.5.bb
@@ -3,13 +3,17 @@ INITSCRIPT_PARAMS = "defaults 14 86"
 
 require samhain.inc
 
-DEPENDS = "gmp"
+DEPENDS = "gmp samhain-server-native"
 
 EXTRA_OECONF += "--enable-network=${SAMHAIN_MODE} "
 
 # supports mysql|postgresql|oracle|odbc but postgresql is the only one 
available
 
-PACKAGECONFG ??= "postgresql"
+PACKAGECONFIG ??= "postgresql"
+PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6', '', 
d)}"
+PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 
'selinux', '', d)}"
+PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'acl', 'acl', '', 
d)}"
+
 PACKAGECONFIG[postgres]  = "--with-database=postgresql --enable-xml-log, "", 
postgresql"
 PACKAGECONFIG[suidcheck]  = "--enable-suidcheck","" , "
 PACKAGECONFIG[logwatch]  = "--enable-login-watch,"" , "
@@ -38,17 +42,13 @@ do_install_append() {
 init/samhain.startLSB ${D}/var/lib/samhain
 }
 
-INSANE_SKIP_${PN} = "already-stripped"
-
 PACKAGES = "${PN} ${PN}-doc ${PN}-dbg"
 
-FILES_${PN} += " \
-${sbindir}/* \
-/run \
-"
+FILES_${PN} += "${sbindir}/*"
 
 FILES_${PN}-dbg += " \
 ${sbindir}/.debug/* \
 "
 
 RDEPENDS_${PN} += "gmp bash perl"
+BBCLASSEXTEND = "native"
diff --git a/recipes-security/samhain/samhain.inc 
b/recipes-security/samhain/samhain.inc
index 5bf2ee7..7987886 100644
--- a/recipes-security/samhain/samhain.inc
+++ b/recipes-security/samhain/samhain.inc
@@ -46,37 +46,39 @@ do_configure_prepend_aarch64() {
 # use the prefix --oldincludedir=/usr/include which is not
 # recognized by Samhain's configure script and would invariably
 # throw back the error "unrecognized option: --oldincludedir=/usr/include"
-do_configure () {
-cat << EOF > ./config-site.${BP}
+do_configure_prepend () {
+cat << EOF > ${S}/config-site.${BP}
 ssp_cv_lib=no
 sh_cv_va_copy=yes
 EOF
+export CONFIG_SITE=${S}/config-site.${BP}
+}
 
-export CONFIG_SITE=./config-site.${BP}
+do_configure () {
./configure \
-   --build=${BUILD_SYS} \
-   --host=${HOST_SYS} \
-   --target=${TARGET_SYS} \
-   --prefix=${prefix} \
-   --exec_prefix=${exec_prefix} \
-   --bindir=${bindir} \
-   --sbindir=${sbindir} \
-   --libexecdir=${libexecdir} \
-   --datadir=${datadir} \
-   --sysconfdir=${sysconfdir} \
-   --sharedstatedir=${sharedstatedir} \
-   --localstatedir=${localstatedir} \
-   --libdir=${libdir} \
-   --includedir=${includedir} \
-   --infodir=${infodir} \
-   --mandir=${mandir} \
-   ${EXTRA_OECONF}
+   --build=${BUILD_SYS} \
+   --host=${HOST_SYS} \
+   --target=${TARGET_SYS} \
+   --prefix=${prefix} \
+   --exec_prefix=${exec_prefix} \
+   --bindir=${bindir} \
+   --sbindir=${sbindir} \
+   --libexecdir=${libexecdir} \
+   --datadir=${datadir} \
+   --sysconfdir=${sysconfdir} \
+   --sharedstatedir=${sharedstatedir} \
+   --localstatedir=${localstatedir} \
+   --libdir=${libdir} \
+   --includedir=${includedir} \
+   --infodir=${infodir} \
+   --mandir=${mandir} \
+   ${EXTRA_OECONF}
 }
 
 # Install the init script, it's default file, and the extraneous
 # documentation.
 do_install_append () {
-cd ${S}
+   cd ${S}
oe_runmake install DESTDIR='${D}' INSTALL=install-boot
install -d ${D}${sysconfdir}/init.d
install -m 755 ${WORKDIR}/${INITSCRIPT_NAME}.init \
@@ -89,5 +91,11 @@ do_install_append () {
install -d ${D}${docdir}/${PN}
cp -r docs/* ${D}${docdir}/${PN}
cp -r scripts ${D}${docdir}/${PN}
-install -d -m 755 ${D}/var/samhain
+   install -d -m 755 ${D}/var/samhain
 }
+
+FILES_${PN} += "\
+/run \
+"
+
+INSANE_SKIP_${PN} = "already-stripped"
-- 
2.7.4

-- 
___
yocto mailing list
yocto@yoctoproject.org

[yocto] [meta-security][PATCH 16/17] libnetaddr-ip-perl: remove package. not used by anyone in this layer

[Armin Kuster]

latest version does not build either

Signed-off-by: Armin Kuster 
---
 recipes-perl/perl/libnetaddr-ip-perl_4.069.bb | 26 --
 1 file changed, 26 deletions(-)
 delete mode 100644 recipes-perl/perl/libnetaddr-ip-perl_4.069.bb

diff --git a/recipes-perl/perl/libnetaddr-ip-perl_4.069.bb 
b/recipes-perl/perl/libnetaddr-ip-perl_4.069.bb
deleted file mode 100644
index 69c2d83..000
--- a/recipes-perl/perl/libnetaddr-ip-perl_4.069.bb
+++ /dev/null
@@ -1,26 +0,0 @@
-DESCRIPTION = "This package contains the IP.pm module with friends."
-
-SECTION = "libs"
-LICENSE = "Artistic-1.0 | GPL-1.0+"
-
-LIC_FILES_CHKSUM = "file://Copying;md5=cde580764a0fbc0f02fafde4c65d6227"
-
-DEPENDS += "perl"
-
-SRC_URI = 
"http://search.cpan.org/CPAN/authors/id/M/MI/MIKER/NetAddr-IP-${PV}.tar.gz;
-
-SRC_URI[md5sum] = "7721135fcea390327f75421a6b701144"
-SRC_URI[sha256sum] = 
"96739afc484eca1597c4f4b520864b342169c8fdeef486778511e5a1527ba4e7"
-
-S = "${WORKDIR}/NetAddr-IP-${PV}"
-
-EXTRA_CPANFLAGS = "EXPATLIBPATH=${STAGING_LIBDIR} 
EXPATINCPATH=${STAGING_INCDIR}"
-
-inherit cpan
-
-do_compile() {
-   cpan_do_compile
-}
-BBCLASSEXTEND = "native"
-
-PNBLACKLIST[libnetaddr-ip-perl] = "BROKEN: doesn't build | make[2]: *** No 
rule to make target `config.h', needed by `Util.c'.  Stop."
-- 
2.7.4

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-security][PATCH 17/17] python-pycrypto: simplify to use pypi class

[Armin Kuster]

Signed-off-by: Armin Kuster 
---
 recipes-devtools/python/python-pycrypto_2.6.1.bb | 22 ++
 1 file changed, 6 insertions(+), 16 deletions(-)

diff --git a/recipes-devtools/python/python-pycrypto_2.6.1.bb 
b/recipes-devtools/python/python-pycrypto_2.6.1.bb
index 8036158..51f9272 100644
--- a/recipes-devtools/python/python-pycrypto_2.6.1.bb
+++ b/recipes-devtools/python/python-pycrypto_2.6.1.bb
@@ -1,29 +1,18 @@
 DESCRIPTION = "Cryptographic modules for Python."
 HOMEPAGE = "http://www.pycrypto.org/;
-SECTION = "devel/python"
 LICENSE = "PSFv2"
 LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=35f354d199e8cb7667b059a23578e63d"
 
-SRCNAME = "pycrypto"
+DEPENDS += " gmp"
 
-SRC_URI = 
"https://pypi.python.org/packages/source/p/${SRCNAME}/${SRCNAME}-${PV}.tar.gz \
-   file://cross-compiling.patch"
+SRC_URI = "file://cross-compiling.patch"
 
 SRC_URI[md5sum] = "55a61a054aa66812daf5161a0d5d7eda"
 SRC_URI[sha256sum] = 
"f2ce1e989b272cfcb677616763e0a2e7ec659effa67a88aa92b3a65528f60a3c"
 
-S = "${WORKDIR}/${SRCNAME}-${PV}"
-
-inherit setuptools
-
-export STAGING_INCDIR
-export STAGING_LIBDIR
-export BUILD_SYS
-export HOST_SYS
+PYPI_PACKAGE = "pycrypto"
 
-inherit autotools autotools-brokensep distutils
-
-DEPENDS += " gmp"
+inherit pypi autotools-brokensep distutils
 
 do_compile[noexec] = "1"
 
@@ -31,5 +20,6 @@ do_compile[noexec] = "1"
 # *don't* want the autotools install to run, since this package doesn't
 # provide a "make install" target.
 do_install() {
-   distutils_do_install
+   distutils_do_install
 }
+
-- 
2.7.4

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-security][PATCH 14/17] suricata: update package to 3.1.2

[Armin Kuster]

Signed-off-by: Armin Kuster 
---
 recipes-security/suricata/suricata.inc| 8 
 .../suricata/{suricata_3.0.2.bb => suricata_3.1.2.bb} | 0
 2 files changed, 4 insertions(+), 4 deletions(-)
 rename recipes-security/suricata/{suricata_3.0.2.bb => suricata_3.1.2.bb} 
(100%)

diff --git a/recipes-security/suricata/suricata.inc 
b/recipes-security/suricata/suricata.inc
index 9ddb405..6e14c6d 100644
--- a/recipes-security/suricata/suricata.inc
+++ b/recipes-security/suricata/suricata.inc
@@ -2,8 +2,8 @@ HOMEPAGE = "http://suricata-ids.org/;
 SECTION = "security Monitor/Admin"
 LICENSE = "GPLv2"
 
-VER = "3.0.2"
-SRC_URI = 
"http://www.openinfosecfoundation.org/download/suricata-${VER}.tar.gz;
+VER = "3.1.2"
 
-SRC_URI[md5sum] = "ff231c3d7af32cb1c767fded2a13c391"
-SRC_URI[sha256sum] = 
"264cbdc380717590a9c33d3b3dc92fc488f376873e869bf71601b1d4a9a8e601"
+SRC_URI = 
"http://www.openinfosecfoundation.org/download/suricata-${VER}.tar.gz;
+SRC_URI[md5sum] = "c58e8ef56918c83ecf292d73f4b0c051"
+SRC_URI[sha256sum] = 
"f9e7742580849f202254e75d9fc245ba53f4d7490f47a6d30f02a7b10aacc512"
diff --git a/recipes-security/suricata/suricata_3.0.2.bb 
b/recipes-security/suricata/suricata_3.1.2.bb
similarity index 100%
rename from recipes-security/suricata/suricata_3.0.2.bb
rename to recipes-security/suricata/suricata_3.1.2.bb
-- 
2.7.4

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-security][PATCH 13/17] package-group: fix tpm package list

[Armin Kuster]

Signed-off-by: Armin Kuster 
---
 recipes-security/packagegroup/packagegroup-core-security.bb | 7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/recipes-security/packagegroup/packagegroup-core-security.bb 
b/recipes-security/packagegroup/packagegroup-core-security.bb
index 8639acd..ae856c7 100644
--- a/recipes-security/packagegroup/packagegroup-core-security.bb
+++ b/recipes-security/packagegroup/packagegroup-core-security.bb
@@ -63,8 +63,11 @@ RDEPENDS_packagegroup-security-tpm = " \
 tpm-tools \
 trousers \
 tpm2.0-tools \
-tpm2.0-tss \
+libtss2 \
+resourcemgr \
+libtctidevice \
+libtctisocket \
+resourcemgr \
 libtpm \
 swtpm \
-tpm2simulator-native \
 "
-- 
2.7.4

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-security][PATCH 12/17] images: add a client and server image

[Armin Kuster]

Signed-off-by: Armin Kuster 
---
 recipes-security/images/security-client-image.bb | 17 +
 recipes-security/images/security-server-image.bb | 20 
 2 files changed, 37 insertions(+)
 create mode 100644 recipes-security/images/security-client-image.bb
 create mode 100644 recipes-security/images/security-server-image.bb

diff --git a/recipes-security/images/security-client-image.bb 
b/recipes-security/images/security-client-image.bb
new file mode 100644
index 000..1a92479
--- /dev/null
+++ b/recipes-security/images/security-client-image.bb
@@ -0,0 +1,17 @@
+DESCRIPTION = "A Client side Security example"
+
+IMAGE_INSTALL = "\
+packagegroup-base \
+packagegroup-core-boot \
+os-release \
+samhain-client \
+${@bb.utils.contains("DISTRO_FEATURES", "x11", "packagegroup-xfce-base", 
"", d)} \
+${ROOTFS_PKGMANAGE_BOOTSTRAP} ${CORE_IMAGE_EXTRA_INSTALL}"
+
+IMAGE_LINGUAS ?= " "
+
+LICENSE = "MIT"
+
+inherit core-image
+
+export IMAGE_BASENAME = "security-client-image"
diff --git a/recipes-security/images/security-server-image.bb 
b/recipes-security/images/security-server-image.bb
new file mode 100644
index 000..502b5c1
--- /dev/null
+++ b/recipes-security/images/security-server-image.bb
@@ -0,0 +1,20 @@
+DESCRIPTION = "A Serve side image for Security example "
+
+IMAGE_FEATURES += "ssh-server-openssh"
+
+IMAGE_INSTALL = "\
+packagegroup-base \
+packagegroup-core-boot \
+samhain-server \
+os-release \
+${ROOTFS_PKGMANAGE_BOOTSTRAP} ${CORE_IMAGE_EXTRA_INSTALL}"
+
+IMAGE_LINGUAS ?= " "
+
+LICENSE = "MIT"
+
+inherit core-image
+
+export IMAGE_BASENAME = "security-server-image"
+
+IMAGE_ROOTFS_EXTRA_SPACE = "5242880"
-- 
2.7.4

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-security][PATCH 09/17] package-group: Add tpm packages

[Armin Kuster]

Signed-off-by: Armin Kuster 
---
 recipes-security/packagegroup/packagegroup-core-security.bb | 13 +
 1 file changed, 13 insertions(+)

diff --git a/recipes-security/packagegroup/packagegroup-core-security.bb 
b/recipes-security/packagegroup/packagegroup-core-security.bb
index 2dae3aa..8639acd 100644
--- a/recipes-security/packagegroup/packagegroup-core-security.bb
+++ b/recipes-security/packagegroup/packagegroup-core-security.bb
@@ -11,6 +11,7 @@ PACKAGES = "\
 packagegroup-security-scanners \
 packagegroup-security-ids  \
 packagegroup-security-mac  \
+${@bb.utils.contains("DISTRO_FEATURES", "tpm", 
"packagegroup-security-tpm", "",d)} \
 "
 
 RDEPENDS_packagegroup-core-security = "\
@@ -18,6 +19,7 @@ RDEPENDS_packagegroup-core-security = "\
 packagegroup-security-scanners \
 packagegroup-security-ids  \
 packagegroup-security-mac  \
+${@bb.utils.contains("DISTRO_FEATURES", "tpm", 
"packagegroup-security-tpm", "",d)} \
 "
 
 SUMMARY_packagegroup-security-utils = "Security utilities"
@@ -55,3 +57,14 @@ SUMMARY_packagegroup-security-mac = "Security Mandatory 
Access Control systems"
 RDEPENDS_packagegroup-security-mac = " \
 ${@bb.utils.contains("DISTRO_FEATURES", "tomoyo", "ccs-tools", "",d)} \
 "
+
+SUMMARY_packagegroup-security-tpm = "Security TPM support"
+RDEPENDS_packagegroup-security-tpm = " \
+tpm-tools \
+trousers \
+tpm2.0-tools \
+tpm2.0-tss \
+libtpm \
+swtpm \
+tpm2simulator-native \
+"
-- 
2.7.4

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-security][PATCH 10/17] tpm-tools: Fix gcc6 compile issue

[Armin Kuster]

.8/src/tpm_mgmt/tpm_present.c
| ../../../tpm-tools-1.3.8/src/tpm_mgmt/tpm_present.c: In function 'main':
| ../../../tpm-tools-1.3.8/src/tpm_mgmt/tpm_present.c:358:5: error: this 'if' 
clause does not guard... [-Werror=misleading-indentation]
|  if (szTpmPasswd && !isWellKnown)
|  ^~
| ../../../tpm-tools-1.3.8/src/tpm_mgmt/tpm_present.c:360:2: note: ...this 
statement, but the latter is misleadingly indented as if it is guarded by the 
'if'
|   return iRc;
|   ^~

Signed-off-by: Armin Kuster 
---
 .../gcc6_missleading_indent_fix.patch  | 24 ++
 recipes-tpm/tpm-tools/tpm-tools_1.3.8.bb   |  1 +
 2 files changed, 25 insertions(+)
 create mode 100644 
recipes-tpm/tpm-tools/tpm-tools-1.3.8/gcc6_missleading_indent_fix.patch

diff --git 
a/recipes-tpm/tpm-tools/tpm-tools-1.3.8/gcc6_missleading_indent_fix.patch 
b/recipes-tpm/tpm-tools/tpm-tools-1.3.8/gcc6_missleading_indent_fix.patch
new file mode 100644
index 000..aec5e7a
--- /dev/null
+++ b/recipes-tpm/tpm-tools/tpm-tools-1.3.8/gcc6_missleading_indent_fix.patch
@@ -0,0 +1,24 @@
+Index: tpm-tools-1.3.8/src/tpm_mgmt/tpm_present.c
+===
+--- tpm-tools-1.3.8.orig/src/tpm_mgmt/tpm_present.c
 tpm-tools-1.3.8/src/tpm_mgmt/tpm_present.c
+@@ -349,13 +349,13 @@ int main(int argc, char **argv)
+   }
+   } while (flags[++i].name);
+ 
+-  out_success:
++out_success:
+   logSuccess(argv[0]);
+   iRc = 0;
+-  out_close:
++out_close:
+   contextClose(hContext);
+-  out:
+-if (szTpmPasswd && !isWellKnown)
+-  shredPasswd( szTpmPasswd );
+-  return iRc;
++out:
++  if (szTpmPasswd && !isWellKnown)
++  shredPasswd( szTpmPasswd );
++return iRc;
+ }
diff --git a/recipes-tpm/tpm-tools/tpm-tools_1.3.8.bb 
b/recipes-tpm/tpm-tools/tpm-tools_1.3.8.bb
index 99ea8ee..790894a 100644
--- a/recipes-tpm/tpm-tools/tpm-tools_1.3.8.bb
+++ b/recipes-tpm/tpm-tools/tpm-tools_1.3.8.bb
@@ -15,6 +15,7 @@ SRC_URI += " \
 
http://downloads.sourceforge.net/project/trousers/${BPN}/${PV}/${BP}.tar.gz \
 file://tpm-tools-extendpcr.patch \
 file://03-fix-bool-error-parseStringWithValues.patch \
+file://gcc6_missleading_indent_fix.patch \
 "
 
 SRC_URI[md5sum] = "85a978c4e03fefd4b73cbeadde7c4d0b"
-- 
2.7.4

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-security][PATCH 11/17] linux-yocto-4.8: add tpm fragments

[Armin Kuster]

Signed-off-by: Armin Kuster 
---
 recipes-kernel/linux/linux-yocto-4.8/tpm.cfg  | 9 +
 recipes-kernel/linux/linux-yocto-4.8/tpm.scc  | 4 
 recipes-kernel/linux/linux-yocto_4.8.bbappend | 7 +++
 3 files changed, 20 insertions(+)
 create mode 100644 recipes-kernel/linux/linux-yocto-4.8/tpm.cfg
 create mode 100644 recipes-kernel/linux/linux-yocto-4.8/tpm.scc
 create mode 100644 recipes-kernel/linux/linux-yocto_4.8.bbappend

diff --git a/recipes-kernel/linux/linux-yocto-4.8/tpm.cfg 
b/recipes-kernel/linux/linux-yocto-4.8/tpm.cfg
new file mode 100644
index 000..fe1bb3f
--- /dev/null
+++ b/recipes-kernel/linux/linux-yocto-4.8/tpm.cfg
@@ -0,0 +1,9 @@
+CONFIG_HW_RANDOM_TPM=y
+CONFIG_TCG_TPM=y
+CONFIG_TCG_TIS_CORE=y
+CONFIG_TCG_TIS=y
+CONFIG_TCG_CRB=y
+CONFIG_TCG_VTPM_PROXY=y
+CONFIG_DEVPORT=y
+CONFIG_FUSE_FS=y
+CONFIG_CUSE=y
diff --git a/recipes-kernel/linux/linux-yocto-4.8/tpm.scc 
b/recipes-kernel/linux/linux-yocto-4.8/tpm.scc
new file mode 100644
index 000..7c7ec2d
--- /dev/null
+++ b/recipes-kernel/linux/linux-yocto-4.8/tpm.scc
@@ -0,0 +1,4 @@
+define KFEATURE_DESCRIPTION "TPM Kernel Support"
+define KFEATURE_COMPATIBILITY arch
+
+kconf non-hardware tpm.cfg
diff --git a/recipes-kernel/linux/linux-yocto_4.8.bbappend 
b/recipes-kernel/linux/linux-yocto_4.8.bbappend
new file mode 100644
index 000..0e6960e
--- /dev/null
+++ b/recipes-kernel/linux/linux-yocto_4.8.bbappend
@@ -0,0 +1,7 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}-4.8:"
+
+# TPM kernel support
+SRC_URI += "\
+${@bb.utils.contains('DISTRO_FEATURES', 'tpm', ' file://tpm.cfg', '', 
d)} \
+${@bb.utils.contains('DISTRO_FEATURES', 'tpm', ' file://tpm.scc', '', 
d)} \
+"
-- 
2.7.4

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-security][PATCH 07/17] image: at image to help test builds

[Armin Kuster]

Signed-off-by: Armin Kuster 
---
 recipes-security/images/security-build-image.bb | 21 +
 1 file changed, 21 insertions(+)
 create mode 100644 recipes-security/images/security-build-image.bb

diff --git a/recipes-security/images/security-build-image.bb 
b/recipes-security/images/security-build-image.bb
new file mode 100644
index 000..6745338
--- /dev/null
+++ b/recipes-security/images/security-build-image.bb
@@ -0,0 +1,21 @@
+DESCRIPTION = "A small image for building meta-security packages"
+
+IMAGE_FEATURES += "ssh-server-openssh"
+
+IMAGE_INSTALL = "\
+packagegroup-base \
+packagegroup-core-boot \
+packagegroup-core-security \
+os-release \
+${@bb.utils.contains("DISTRO_FEATURES", "x11", "packagegroup-xfce-base", 
"", d)} \
+${ROOTFS_PKGMANAGE_BOOTSTRAP} ${CORE_IMAGE_EXTRA_INSTALL}"
+
+IMAGE_LINGUAS ?= " "
+
+LICENSE = "MIT"
+
+inherit core-image
+
+export IMAGE_BASENAME = "security-build-image"
+
+IMAGE_ROOTFS_EXTRA_SPACE = "5242880"
-- 
2.7.4

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-security][PATCH 08/17] layer.conf: Add filesystem depends

[Armin Kuster]

Signed-off-by: Armin Kuster 
---
 conf/layer.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/conf/layer.conf b/conf/layer.conf
index 650e6ed..3502f0b 100644
--- a/conf/layer.conf
+++ b/conf/layer.conf
@@ -9,4 +9,4 @@ BBFILE_COLLECTIONS += "security"
 BBFILE_PATTERN_security = "^${LAYERDIR}/"
 BBFILE_PRIORITY_security = "6"
 
-LAYERDEPENDS_security = "openembedded-layer perl-layer networking-layer"
+LAYERDEPENDS_security = "openembedded-layer perl-layer networking-layer 
filesystems-layer"
-- 
2.7.4

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-security][PATCH 06/17] qemu: Add tpm flag

[Armin Kuster]

Signed-off-by: Armin Kuster 
---
 recipes-devtools/qemu/qemu_2.7.0.bbappend | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 recipes-devtools/qemu/qemu_2.7.0.bbappend

diff --git a/recipes-devtools/qemu/qemu_2.7.0.bbappend 
b/recipes-devtools/qemu/qemu_2.7.0.bbappend
new file mode 100644
index 000..d4cecb9
--- /dev/null
+++ b/recipes-devtools/qemu/qemu_2.7.0.bbappend
@@ -0,0 +1 @@
+EXTRA_OECONF += "${@bb.utils.contains('DISTRO_FEATURES', 'tpm', 
'--enable-tpm', '', d)}"
-- 
2.7.4

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-security][PATCH 04/17] swtpm: add new package

[Armin Kuster]

Signed-off-by: Armin Kuster 
---
 recipes-tpm/swtpm/files/fix_lib_search_path.patch | 41 +++
 recipes-tpm/swtpm/swtpm_1.0.bb| 38 +
 2 files changed, 79 insertions(+)
 create mode 100644 recipes-tpm/swtpm/files/fix_lib_search_path.patch
 create mode 100644 recipes-tpm/swtpm/swtpm_1.0.bb

diff --git a/recipes-tpm/swtpm/files/fix_lib_search_path.patch 
b/recipes-tpm/swtpm/files/fix_lib_search_path.patch
new file mode 100644
index 000..015f418
--- /dev/null
+++ b/recipes-tpm/swtpm/files/fix_lib_search_path.patch
@@ -0,0 +1,41 @@
+
+Upstream-Status: Inappropriate [OE config]
+
+Signed-off-by: Armin Kuster 
+
+Index: configure.ac
+===
+--- a/configure.ac
 b/configure.ac
+@@ -349,21 +349,17 @@ CFLAGS="$CFLAGS -Wformat -Wformat-securi
+ dnl We have to make sure libtpms is using the same crypto library
+ dnl to avoid problems
+ AC_MSG_CHECKING([the crypto library libtpms is using])
+-dirs=$($CC $CFLAGS -Xlinker --verbose 2>/dev/null | \
+-   sed -n '/SEARCH_DIR/p' | \
+-   sed 's/SEARCH_DIR("=\?\(@<:@^"@:>@\+\)"); */\1\n/g')
+-for dir in $dirs; do
+-  if test -r $dir/libtpms.so; then
+-if test -n "`ldd $dir/libtpms.so | grep libcrypto.so`"; then
+-  libtpms_cryptolib="openssl"
+-  break
+-fi
+-if test -n "`ldd $dir/libtpms.so | grep libnss3.so`"; then
+-  libtpms_cryptolib="freebl"
+-  break
+-fi
++dir="$SEARCH_DIR"
++if test -r $dir/libtpms.so; then
++  if test -n "`ldd $dir/libtpms.so | grep libcrypto.so`"; then
++libtpms_cryptolib="openssl"
++break
+   fi
+-done
++  if test -n "`ldd $dir/libtpms.so | grep libnss3.so`"; then
++libtpms_cryptolib="freebl"
++break
++  fi
++fi
+ 
+ if test -z "$libtpms_cryptolib"; then
+   AC_MSG_ERROR([Could not determine libtpms crypto library.])
diff --git a/recipes-tpm/swtpm/swtpm_1.0.bb b/recipes-tpm/swtpm/swtpm_1.0.bb
new file mode 100644
index 000..ae16e51
--- /dev/null
+++ b/recipes-tpm/swtpm/swtpm_1.0.bb
@@ -0,0 +1,38 @@
+SUMMARY = "SWTPM - Software TPM Emulator"
+LICENSE = "BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=fe8092c832b71ef20dfe4c6d3decb3a8"
+SECTION = "tpm"
+
+DEPENDS = "libtasn1 fuse expect socat glib-2.0 libtpm-native"
+
+SRCREV = "2cd10cee2f74c84bda22081514b6b2cb566fa42d"
+SRC_URI = "git://github.com/stefanberger/swtpm.git \
+  file://fix_lib_search_path.patch"
+
+S = "${WORKDIR}/git"
+
+inherit autotools-brokensep pkgconfig
+PARALLEL_MAKE = ""
+
+TSS_USER="tss"
+TSS_GROUP="tss"
+
+PACKAGECONFIG ?= "openssl"
+PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 
'selinux', '', d)}"
+PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl"
+PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls"
+PACKAGECONFIG[selinux] = "--with-selinux, --without-selinux, linselinux"
+
+CACHED_CONFIGUREVARS = "ac_cv_path_EXPECT=${STAGING_LIBDIR} \ 
+ac_cv_path_SOCAT=${STAGING_LIBDIR} "
+
+EXTRA_OECONF += "--with-tss-user=${TSS_USER} --with-tss-group=${TSS_GROUP}"
+
+export SEARCH_DIR = "${STAGING_LIBDIR_NATIVE}"
+
+USERADD_PACKAGES = "${PN}"
+GROUPADD_PARAM_${PN} = "--system ${TSS_USER}"
+USERADD_PARAM_${PN} = "--system -g ${TSS_GROUP} --home-dir  \
+--no-create-home  --shell /bin/false ${BPN}"
+
+RDEPENDS_${PN} = "libtpm expect socat bash"
-- 
2.7.4

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-security][PATCH 03/17] libtpm: add new package

[Armin Kuster]

Signed-off-by: Armin Kuster 
---
 recipes-tpm/libtpm/libtpm_1.0.bb | 13 +
 1 file changed, 13 insertions(+)
 create mode 100644 recipes-tpm/libtpm/libtpm_1.0.bb

diff --git a/recipes-tpm/libtpm/libtpm_1.0.bb b/recipes-tpm/libtpm/libtpm_1.0.bb
new file mode 100644
index 000..61c1d7c
--- /dev/null
+++ b/recipes-tpm/libtpm/libtpm_1.0.bb
@@ -0,0 +1,13 @@
+SUMMARY = "LIBPM - Software TPM Library"
+LICENSE = "BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=97e5eea8d700d76b3ddfd35c4c96485f"
+SRCREV = "e5dc628043e981c9f8d7711ddfe5812c8f4e38cc"
+SRC_URI = "git://github.com/stefanberger/libtpms.git"
+
+S = "${WORKDIR}/git"
+inherit autotools-brokensep pkgconfig
+
+PACKAGECONFIG ?= "openssl"
+PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl"
+
+BBCLASSEXTEND = "native"
-- 
2.7.4

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-security][PATCH 05/17] tpm2simulator: add package

[Armin Kuster]

Signed-off-by: Armin Kuster 
---
 .../tpm2simulator/tpm2simulator-native_116.bb  | 25 ++
 1 file changed, 25 insertions(+)
 create mode 100644 recipes-tpm/tpm2simulator/tpm2simulator-native_116.bb

diff --git a/recipes-tpm/tpm2simulator/tpm2simulator-native_116.bb 
b/recipes-tpm/tpm2simulator/tpm2simulator-native_116.bb
new file mode 100644
index 000..33eaf99
--- /dev/null
+++ b/recipes-tpm/tpm2simulator/tpm2simulator-native_116.bb
@@ -0,0 +1,25 @@
+SUMMARY = "TPM 2.0 Simulator Extraction Script"
+LICENSE = "BSD-2-Clause"
+LIC_FILES_CHKSUM = "file://../LICENSE;md5=1415f7be284540b81d9d28c67c1a6b8b"
+
+DEPENDS += "python"
+
+SRCREV = "93dc4412432013ed7bcabd42007754c68f6e362e"
+SRC_URI = "git://github.com/stwagnr/tpm2simulator.git"
+
+S = "${WORKDIR}/git/cmake"
+
+PV = "116+git${SRCPV}"
+
+inherit native lib_package cmake
+
+EXTRA_OECMAKE = " \
+   -DCMAKE_BUILD_TYPE=Debug \
+   -DSPEC_VERSION=116 \
+"
+
+do_configure_prepend () {
+   sed -i 's/^SET = False/SET = True/' ${WORKDIR}/git/scripts/settings.py 
+}
+
+BBCLASSEXTEND = "native"
-- 
2.7.4

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-security][PATCH 01/17] tpm2.0-tss: Add new package

[Armin Kuster]

Signed-off-by: Armin Kuster 
---
 recipes-tpm/tpm2.0-tss/tpm2.0-tss/ax_pthread.m4 | 332 
 recipes-tpm/tpm2.0-tss/tpm2.0-tss_git.bb|  66 +
 2 files changed, 398 insertions(+)
 create mode 100644 recipes-tpm/tpm2.0-tss/tpm2.0-tss/ax_pthread.m4
 create mode 100644 recipes-tpm/tpm2.0-tss/tpm2.0-tss_git.bb

diff --git a/recipes-tpm/tpm2.0-tss/tpm2.0-tss/ax_pthread.m4 
b/recipes-tpm/tpm2.0-tss/tpm2.0-tss/ax_pthread.m4
new file mode 100644
index 000..d383ad5
--- /dev/null
+++ b/recipes-tpm/tpm2.0-tss/tpm2.0-tss/ax_pthread.m4
@@ -0,0 +1,332 @@
+# ===
+#http://www.gnu.org/software/autoconf-archive/ax_pthread.html
+# ===
+#
+# SYNOPSIS
+#
+#   AX_PTHREAD([ACTION-IF-FOUND[, ACTION-IF-NOT-FOUND]])
+#
+# DESCRIPTION
+#
+#   This macro figures out how to build C programs using POSIX threads. It
+#   sets the PTHREAD_LIBS output variable to the threads library and linker
+#   flags, and the PTHREAD_CFLAGS output variable to any special C compiler
+#   flags that are needed. (The user can also force certain compiler
+#   flags/libs to be tested by setting these environment variables.)
+#
+#   Also sets PTHREAD_CC to any special C compiler that is needed for
+#   multi-threaded programs (defaults to the value of CC otherwise). (This
+#   is necessary on AIX to use the special cc_r compiler alias.)
+#
+#   NOTE: You are assumed to not only compile your program with these flags,
+#   but also link it with them as well. e.g. you should link with
+#   $PTHREAD_CC $CFLAGS $PTHREAD_CFLAGS $LDFLAGS ... $PTHREAD_LIBS $LIBS
+#
+#   If you are only building threads programs, you may wish to use these
+#   variables in your default LIBS, CFLAGS, and CC:
+#
+# LIBS="$PTHREAD_LIBS $LIBS"
+# CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
+# CC="$PTHREAD_CC"
+#
+#   In addition, if the PTHREAD_CREATE_JOINABLE thread-attribute constant
+#   has a nonstandard name, defines PTHREAD_CREATE_JOINABLE to that name
+#   (e.g. PTHREAD_CREATE_UNDETACHED on AIX).
+#
+#   Also HAVE_PTHREAD_PRIO_INHERIT is defined if pthread is found and the
+#   PTHREAD_PRIO_INHERIT symbol is defined when compiling with
+#   PTHREAD_CFLAGS.
+#
+#   ACTION-IF-FOUND is a list of shell commands to run if a threads library
+#   is found, and ACTION-IF-NOT-FOUND is a list of commands to run it if it
+#   is not found. If ACTION-IF-FOUND is not specified, the default action
+#   will define HAVE_PTHREAD.
+#
+#   Please let the authors know if this macro fails on any platform, or if
+#   you have any other suggestions or comments. This macro was based on work
+#   by SGJ on autoconf scripts for FFTW (http://www.fftw.org/) (with help
+#   from M. Frigo), as well as ac_pthread and hb_pthread macros posted by
+#   Alejandro Forero Cuervo to the autoconf macro repository. We are also
+#   grateful for the helpful feedback of numerous users.
+#
+#   Updated for Autoconf 2.68 by Daniel Richard G.
+#
+# LICENSE
+#
+#   Copyright (c) 2008 Steven G. Johnson 
+#   Copyright (c) 2011 Daniel Richard G. 
+#
+#   This program is free software: you can redistribute it and/or modify it
+#   under the terms of the GNU General Public License as published by the
+#   Free Software Foundation, either version 3 of the License, or (at your
+#   option) any later version.
+#
+#   This program is distributed in the hope that it will be useful, but
+#   WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
+#   Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License along
+#   with this program. If not, see .
+#
+#   As a special exception, the respective Autoconf Macro's copyright owner
+#   gives unlimited permission to copy, distribute and modify the configure
+#   scripts that are the output of Autoconf when processing the Macro. You
+#   need not follow the terms of the GNU General Public License when using
+#   or distributing such scripts, even though portions of the text of the
+#   Macro appear in them. The GNU General Public License (GPL) does govern
+#   all other use of the material that constitutes the Autoconf Macro.
+#
+#   This special exception to the GPL applies to versions of the Autoconf
+#   Macro released by the Autoconf Archive. When you make and distribute a
+#   modified version of the Autoconf Macro, you may extend this special
+#   exception to the GPL to apply to your modified version as well.
+
+#serial 21
+
+AU_ALIAS([ACX_PTHREAD], [AX_PTHREAD])
+AC_DEFUN([AX_PTHREAD], [
+AC_REQUIRE([AC_CANONICAL_HOST])
+AC_LANG_PUSH([C])
+ax_pthread_ok=no
+
+# We used to check for pthread.h first, but this fails if pthread.h
+# requires special compiler flags (e.g. on True64 

[yocto] [meta-security][PATCH 02/17] tpm-tools: add native support

[Armin Kuster]

Signed-off-by: Armin Kuster 
---
 recipes-tpm/tpm-tools/tpm-tools_1.3.8.bb |  3 +++
 recipes-tpm/tpm2.0-tools/tpm2.0-tools_git.bb | 23 +++
 2 files changed, 26 insertions(+)
 create mode 100644 recipes-tpm/tpm2.0-tools/tpm2.0-tools_git.bb

diff --git a/recipes-tpm/tpm-tools/tpm-tools_1.3.8.bb 
b/recipes-tpm/tpm-tools/tpm-tools_1.3.8.bb
index 5645976..99ea8ee 100644
--- a/recipes-tpm/tpm-tools/tpm-tools_1.3.8.bb
+++ b/recipes-tpm/tpm-tools/tpm-tools_1.3.8.bb
@@ -9,6 +9,7 @@ SECTION = "tpm"
 LICENSE = "CPL-1.0"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=059e8cd6165cb4c31e351f2b69388fd9"
 DEPENDS = "libtspi openssl"
+DEPENDS_class-native = "trousers-native"
 
 SRC_URI += " \
 
http://downloads.sourceforge.net/project/trousers/${BPN}/${PV}/${BP}.tar.gz \
@@ -20,3 +21,5 @@ SRC_URI[md5sum] = "85a978c4e03fefd4b73cbeadde7c4d0b"
 SRC_URI[sha256sum] = 
"66eb4ff095542403db6b4bd4b574e8a5c08084fe4e9e5aa9a829ee84e20bea83"
 
 inherit autotools gettext
+
+BBCLASSEXTEND = "native"
diff --git a/recipes-tpm/tpm2.0-tools/tpm2.0-tools_git.bb 
b/recipes-tpm/tpm2.0-tools/tpm2.0-tools_git.bb
new file mode 100644
index 000..be49dd9
--- /dev/null
+++ b/recipes-tpm/tpm2.0-tools/tpm2.0-tools_git.bb
@@ -0,0 +1,23 @@
+SUMMARY = "Tools for TPM2."
+DESCRIPTION = "tpm2.0-tools"
+LICENSE = "BSD"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=91b7c548d73ea16537799e8060cea819"
+SECTION = "tpm"
+
+DEPENDS = "tpm2.0-tss openssl curl"
+
+SRCREV = "c924cc8ca752e5af6a829f893c6be4b185d56e99"
+
+SRC_URI = 
"git://github.com/01org/tpm2.0-tools.git;protocol=git;branch=master;name=tpm2.0-tools;destsuffix=tpm2.0-tools"
+
+S = "${WORKDIR}/tpm2.0-tools"
+
+PV = "1.0+git${SRCPV}"
+
+inherit autotools-brokensep pkgconfig
+
+do_configure () {
+   cd ${S}
+   ./bootstrap  --force
+   ./configure ${CONFIGUREOPTS} ${EXTRA_OECONF}
+}
-- 
2.7.4

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] General policies for CVE fixes

[Khem Raj]

On Mon, Oct 17, 2016 at 12:11 PM, Sona Sarmadi  wrote:
> Hi all,
>
> From https://wiki.yoctoproject.org/wiki/Stable_branch_maintenance:
>
> General policies:
>
> Fixes must go into master first unless they are applicable only to the
> stable branch; if back-porting to an older stable branch, the fix should
> first be applied to the newer stable branches before being back-ported to
> the older branch
>
> Does anyone know the reason for the policy above i.e. why fixes have to go
> to master first?
>
> 1)  It makes more sense at least for users  to get CVE fixes as soon as
> possible in the maintenance branches.

this is to ensure, that we do not regress next time when we release next version
from master. So its important to ensure that the fix has been applied to master
sometimes you can assert that the fix has gone into new version of a package
that is due to be uprevved in master and will be done soonish. Such information
is helpful when making security patches for release branches.

Actually there was a suggestion at OEDEM on informing CVE ml that we have
as the CVE fixes get applied to metadata. Thats a good suggestion to have
implemented.

>
> 2)  Normally the versions are different in master and maintenance
> branches so different patches are required.
>
> Thanks
>
> //Sona
>
>
> --
> ___
> yocto mailing list
> yocto@yoctoproject.org
> https://lists.yoctoproject.org/listinfo/yocto
>
-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] General policies for CVE fixes

[Paul Eggleton]

On Mon, 17 Oct 2016 15:41:04 akuster808 wrote:
> On 10/17/2016 02:34 PM, Paul Eggleton wrote:
> > On Mon, 17 Oct 2016 15:23:55 Bruce Ashfield wrote:
> >> On 2016-10-17 03:11 PM, Sona Sarmadi wrote:
> >>>  From https://wiki.yoctoproject.org/wiki/Stable_branch_maintenance:
> >>> /General policies: /
> >>> 
> >>>* /Fixes must go into master first unless they are applicable only to
> >>>
> >>>  the stable branch; if back-porting to an older stable branch, the
> >>>  fix should first be applied to the newer stable branches before
> >>>  being back-ported to the older branch/
> >>> 
> >>> Does anyone know the reason for the policy above i.e. why fixes have to
> >>> go to master first?
> >> 
> >> The kernel has the same policy for -stable kernels. Speaking at a very
> >> high level, it simply ensures that the development of maintenance/stable
> >> branches does not move ahead of master in terms of fixes.
> >> 
> >> That keeps development focused on the tip, where it belongs (versus
> >> companies/people working in silos for an extended period of time), since
> >> once in master many branches can benefit from it.
> > 
> > Another way to think about this is what would happen if we didn't fix it
> > in master first, then forgot to go back and do that? master (and the
> > stable release that eventually follows from it) would potentially be left
> > without the fix, so when you upgraded the vulnerability would come back.
> 
> That applies for any fix , security or not.

Absolutely.

Cheers,
Paul

-- 

Paul Eggleton
Intel Open Source Technology Centre
-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] General policies for CVE fixes

[akuster808]

On 10/17/2016 02:34 PM, Paul Eggleton wrote:

On Mon, 17 Oct 2016 15:23:55 Bruce Ashfield wrote:

On 2016-10-17 03:11 PM, Sona Sarmadi wrote:

 From https://wiki.yoctoproject.org/wiki/Stable_branch_maintenance:

/General policies: /

   * /Fixes must go into master first unless they are applicable only to
   
 the stable branch; if back-porting to an older stable branch, the

 fix should first be applied to the newer stable branches before
 being back-ported to the older branch/

Does anyone know the reason for the policy above i.e. why fixes have to
go to master first?

The kernel has the same policy for -stable kernels. Speaking at a very
high level, it simply ensures that the development of maintenance/stable
branches does not move ahead of master in terms of fixes.

That keeps development focused on the tip, where it belongs (versus
companies/people working in silos for an extended period of time), since
once in master many branches can benefit from it.

Another way to think about this is what would happen if we didn't fix it in
master first, then forgot to go back and do that? master (and the stable
release that eventually follows from it) would potentially be left without the
fix, so when you upgraded the vulnerability would come back.

That applies for any fix , security or not.

-armin



Cheers,
Paul



--
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] Using debian packages management

[Michel D'HOOGE]

> > So my question is:
> > Is using debian packages management definitely broken in Yocto? Or
> > has someone managed to use it with some tweaking?
> 
> dpkg is a supported platform in OE/Yocto


Yes, according to the manuals, it is supported... But my config wasn't fancy at 
all and I was unable to produce core-image-sato.

To be sure, I'll try again with the plain config described in the quick start. 
And I'll give you an update :-D

Michel
-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] General policies for CVE fixes

[Paul Eggleton]

On Mon, 17 Oct 2016 15:23:55 Bruce Ashfield wrote:
> On 2016-10-17 03:11 PM, Sona Sarmadi wrote:
> > From https://wiki.yoctoproject.org/wiki/Stable_branch_maintenance:
> > 
> > /General policies: /
> > 
> >   * /Fixes must go into master first unless they are applicable only to
> >   
> > the stable branch; if back-porting to an older stable branch, the
> > fix should first be applied to the newer stable branches before
> > being back-ported to the older branch/
> > 
> > Does anyone know the reason for the policy above i.e. why fixes have to
> > go to master first?
> 
> The kernel has the same policy for -stable kernels. Speaking at a very
> high level, it simply ensures that the development of maintenance/stable
> branches does not move ahead of master in terms of fixes.
> 
> That keeps development focused on the tip, where it belongs (versus
> companies/people working in silos for an extended period of time), since
> once in master many branches can benefit from it.

Another way to think about this is what would happen if we didn't fix it in 
master first, then forgot to go back and do that? master (and the stable 
release that eventually follows from it) would potentially be left without the 
fix, so when you upgraded the vulnerability would come back.

Cheers,
Paul

-- 

Paul Eggleton
Intel Open Source Technology Centre
-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] Question about meta-intel

[Khem Raj]

On Mon, Oct 17, 2016 at 8:07 AM, Clark, Mark A  wrote:

> Yocto gurus.  See below.  I have built the corei7 and core2-32 images for
> core-image-rt-sdk.  These build and run fine.  The i586 is listed
> (intel-quark) in the linux-yocto-rt_4.1.bbappend but fails to build.
>


​its building 4.4 and not 4.1 so may be you need to forward port the 4.1
bbappend changes ?​



>
>
> Is this a bug or is the i586 not a valid target?
>
>
>
>
>
> *NOTE*: Resolving any missing task queue dependencies
>
>
>
> Build Configuration:
>
> BB_VERSION= "1.30.0"
>
> BUILD_SYS = "x86_64-linux"
>
> NATIVELSBSTRING   = "universal"
>
> TARGET_SYS= "i586-poky-linux"
>
> MACHINE   = "intel-quark"
>
> DISTRO= "poky"
>
> DISTRO_VERSION= "2.1.1"
>
> TUNE_FEATURES = "m32 i586-nlp"
>
> TARGET_FPU= ""
>
> meta
>
> meta-poky
>
> meta-yocto-bsp= "krogoth:204b2bae4a5958735fdd19c63a69f4ed3780bba7"
>
> meta-intel= "krogoth:b8c199201ffe026485a14e1fcfc398e2b3551512"
>
>
>
> *NOTE*: Preparing RunQueue
>
> *NOTE*: Executing SetScene Tasks
>
> *NOTE*: Executing RunQueue Tasks
>
> WARNING: lttng-modules-2.7.1+gitAUTOINC+45e0ebd91f-r0 do_package:
> lttng-modules: no modules were created; this may be due to
> CONFIG_TRACEPOINTS not being enabled in your kernel.
>
> WARNING: quilt-0.64-r0 do_package_qa: QA Issue:
> /usr/lib/quilt/ptest/quilt/scripts/remove-trailing-ws contained in
> package quilt-ptest requires /bin/perl, but no providers found in
> RDEPENDS_quilt-ptest? [file-rdeps]
>
> ERROR: linux-yocto-rt-4.4.14+gitAUTOINC+870134f4bf_3f35359cf6-r0
> do_package_qa: QA Issue: Architecture did not match (3 to 62) on
> work/i586-nlp-32-intel-common-poky-linux/linux-yocto-rt/4.4.
> 14+gitAUTOINC+870134f4bf_3f35359cf6-r0/packages-split/
> kernel-vmlinux/boot/vmlinux-4.4.13-rt3-yocto-preempt-rt [arch]
>
> ERROR: linux-yocto-rt-4.4.14+gitAUTOINC+870134f4bf_3f35359cf6-r0
> do_package_qa: QA run found fatal errors. Please consider fixing them.
>
> ERROR: linux-yocto-rt-4.4.14+gitAUTOINC+870134f4bf_3f35359cf6-r0
> do_package_qa: Function failed: do_package_qa
>
> ERROR: Logfile of failure stored in: /opt/novapps/yocto/poky/build/
> tmp/work/i586-nlp-32-intel-common-poky-linux/linux-yocto-
> rt/4.4.14+gitAUTOINC+870134f4bf_3f35359cf6-r0/temp/log.do_package_qa.9741
>
> ERROR: Task 61 (/opt/novapps/yocto/poky/meta/recipes-kernel/linux/linux-
> yocto-rt_4.4.bb, do_package_qa) failed with exit code '1'
>
> *NOTE*: Tasks Summary: Attempted 4628 tasks of which 3921 didn't need to
> be rerun and 1 failed.
>
> Waiting for 0 running tasks to finish:
>
>
>
> Summary: 1 task failed:
>
>   /opt/novapps/yocto/poky/meta/recipes-kernel/linux/linux-yocto-rt_4.4.bb,
> do_package_qa
>
> Summary: There were 3 WARNING messages shown.
>
> Summary: There were 3 ERROR messages shown, returning a non-zero exit code.
>
>
>
>
>
>
>
> *Mark Clark*
>
> Embedded Software Engineer
>
> Embedded Software, Cedar Park, TX
>
> [image: Description: Description: Description: Description: National
> Oilwell Varco Logo Color CMYK.jpg]
>
>  Wellbore Technologies – Dynamic Drilling Solutions
>
> Global Software Engineering
>
> Office: (512) 340-5435
>
> Mobile: (512) 736-9396
>
> *“One Team – Infinite Solutions”*
>
>
>
> --
> ___
> yocto mailing list
> yocto@yoctoproject.org
> https://lists.yoctoproject.org/listinfo/yocto
>
>
-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] Using debian packages management

[Khem Raj]

On Mon, Oct 17, 2016 at 7:11 AM, Michel D'HOOGE  wrote:
> Hi,
>
> From time to time I try to use the debian packages management instead of RPM 
> because I feel more "at home"... And every time, there is a problem -- but 
> this time, I felt like I'll try to understand and solve it!
>
> I tried first with core-image-minimal, and it worked.
> But then I switched to core-image-sato and had the following error:
>
> ERROR : core-image-sato-1.0-r0 do_rootfs: Unable to install packages. Command 
> '/mnt/Yocto/Fabric-x64/build/tmp/sysroots/x86_64-linux/usr/bin/apt-get 
> install --force-yes --allow-unauthenticated apt packagegroup-base-extended 
> packagegroup-core-ssh-dropbear dpkg packagegroup-core-x11-base 
> packagegroup-core-boot packagegroup-core-x11-sato-games psplash 
> packagegroup-core-x11-sato' returned 100:
> Reading package lists...
> Building dependency tree...
> Reading state information...
> Some packages could not be installed. This may mean that you have requested 
> an impossible situation or if you are using the unstable distribution that 
> some required packages have not yet been created or been moved out of 
> Incoming.
> The following information may help to resolve the situation:
>
> The following packages have unmet dependencies:
> packagegroup-core-x11-base : Depends: packagegroup-core-x11-utils but it is 
> not going to be installed
> E: Unable to correct problems, you have held broken packages.
>
>
> I checked: The package exists in 
> /tmp/deploy/deb/all/packagegroup-core-x11-utils_1.0-r40_all.deb, but it is 
> *empty*. It looks as if it is just there to create some RDEPENDS in the 
> recipe.
>
>
> So... I played the game to explicitly add packages one by one to the image:
> IMAGE_INSTALL_append_pn-core-image-sato = " packagegroup-core-x11-utils 
> xserver-nodm-init x11-common xserver-common"
>
>
> But now I have the following error:
> The following packages have unmet dependencies:
>  xserver-common : Conflicts: x11-common but 0.1-r47 is to be installed
>
>
>
> So my question is:
> Is using debian packages management definitely broken in Yocto? Or has 
> someone managed to use it with some tweaking?

dpkg is a supported platform in OE/Yocto

>
>
> Many thanks for your feedbacks
> Michel
> --
> ___
> yocto mailing list
> yocto@yoctoproject.org
> https://lists.yoctoproject.org/listinfo/yocto
-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] Adding a file into the kernel source

[Khem Raj]

On Mon, Oct 17, 2016 at 5:22 AM,   wrote:
> I want to add a new file (a device tree source) into my kernel build. Is
> there a way to get the recipe to specifically copy an existing file in , or
> does it have to be created using a patch?

usual way would be to write it as a patch unless you have own SCM repo
for kernel

>
>
>
>
> --
> ___
> yocto mailing list
> yocto@yoctoproject.org
> https://lists.yoctoproject.org/listinfo/yocto
>
-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] General policies for CVE fixes

[Bruce Ashfield]

On 2016-10-17 03:11 PM, Sona Sarmadi wrote:

Hi all,

From https://wiki.yoctoproject.org/wiki/Stable_branch_maintenance:

/General policies: /

  * /Fixes must go into master first unless they are applicable only to
the stable branch; if back-porting to an older stable branch, the
fix should first be applied to the newer stable branches before
being back-ported to the older branch/

Does anyone know the reason for the policy above i.e. why fixes have to
go to master first?


The kernel has the same policy for -stable kernels. Speaking at a very
high level, it simply ensures that the development of maintenance/stable
branches does not move ahead of master in terms of fixes.

That keeps development focused on the tip, where it belongs (versus
companies/people working in silos for an extended period of time), since
once in master many branches can benefit from it.



1)  It makes more sense at least for users  to get CVE fixes as soon
as possible in the maintenance branches.


There's no implied slow down from the process, stable branches can get 
them within hours of changes going into master .. depending on how they

various branches are maintained.



2)  Normally the versions are different in master and maintenance
branches so different patches are required.


That's covered in the statement:"unless they are applicable only to the 
stable branch".

Version skew could mean that a fix isn't appropriate to master, but only
to a -stable branch.

But if someone is submitting a CVE fix to -stable, and only to -stable,
they should indicate that the version in master already contains the
fix (or something similar).

Cheers,

Bruce



Thanks

//Sona





--
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] General policies for CVE fixes

[Sona Sarmadi]

Hi all,
>From https://wiki.yoctoproject.org/wiki/Stable_branch_maintenance:
General policies:

  *   Fixes must go into master first unless they are applicable only to the 
stable branch; if back-porting to an older stable branch, the fix should first 
be applied to the newer stable branches before being back-ported to the older 
branch
Does anyone know the reason for the policy above i.e. why fixes have to go to 
master first?

1)  It makes more sense at least for users  to get CVE fixes as soon as 
possible in the maintenance branches.

2)  Normally the versions are different in master and maintenance branches 
so different patches are required.
Thanks
//Sona
-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] Question about meta-intel

[Clark, Mark A]

Yocto gurus.  See below.  I have built the corei7 and core2-32 images for 
core-image-rt-sdk.  These build and run fine.  The i586 is listed (intel-quark) 
in the linux-yocto-rt_4.1.bbappend but fails to build.

Is this a bug or is the i586 not a valid target?


NOTE: Resolving any missing task queue dependencies

Build Configuration:
BB_VERSION= "1.30.0"
BUILD_SYS = "x86_64-linux"
NATIVELSBSTRING   = "universal"
TARGET_SYS= "i586-poky-linux"
MACHINE   = "intel-quark"
DISTRO= "poky"
DISTRO_VERSION= "2.1.1"
TUNE_FEATURES = "m32 i586-nlp"
TARGET_FPU= ""
meta
meta-poky
meta-yocto-bsp= "krogoth:204b2bae4a5958735fdd19c63a69f4ed3780bba7"
meta-intel= "krogoth:b8c199201ffe026485a14e1fcfc398e2b3551512"

NOTE: Preparing RunQueue
NOTE: Executing SetScene Tasks
NOTE: Executing RunQueue Tasks
WARNING: lttng-modules-2.7.1+gitAUTOINC+45e0ebd91f-r0 do_package: 
lttng-modules: no modules were created; this may be due to CONFIG_TRACEPOINTS 
not being enabled in your kernel.
WARNING: quilt-0.64-r0 do_package_qa: QA Issue: 
/usr/lib/quilt/ptest/quilt/scripts/remove-trailing-ws contained in package 
quilt-ptest requires /bin/perl, but no providers found in RDEPENDS_quilt-ptest? 
[file-rdeps]
ERROR: linux-yocto-rt-4.4.14+gitAUTOINC+870134f4bf_3f35359cf6-r0 do_package_qa: 
QA Issue: Architecture did not match (3 to 62) on 
work/i586-nlp-32-intel-common-poky-linux/linux-yocto-rt/4.4.14+gitAUTOINC+870134f4bf_3f35359cf6-r0/packages-split/kernel-vmlinux/boot/vmlinux-4.4.13-rt3-yocto-preempt-rt
 [arch]
ERROR: linux-yocto-rt-4.4.14+gitAUTOINC+870134f4bf_3f35359cf6-r0 do_package_qa: 
QA run found fatal errors. Please consider fixing them.
ERROR: linux-yocto-rt-4.4.14+gitAUTOINC+870134f4bf_3f35359cf6-r0 do_package_qa: 
Function failed: do_package_qa
ERROR: Logfile of failure stored in: 
/opt/novapps/yocto/poky/build/tmp/work/i586-nlp-32-intel-common-poky-linux/linux-yocto-rt/4.4.14+gitAUTOINC+870134f4bf_3f35359cf6-r0/temp/log.do_package_qa.9741
ERROR: Task 61 
(/opt/novapps/yocto/poky/meta/recipes-kernel/linux/linux-yocto-rt_4.4.bb, 
do_package_qa) failed with exit code '1'
NOTE: Tasks Summary: Attempted 4628 tasks of which 3921 didn't need to be rerun 
and 1 failed.
Waiting for 0 running tasks to finish:

Summary: 1 task failed:
  /opt/novapps/yocto/poky/meta/recipes-kernel/linux/linux-yocto-rt_4.4.bb, 
do_package_qa
Summary: There were 3 WARNING messages shown.
Summary: There were 3 ERROR messages shown, returning a non-zero exit code.



Mark Clark
Embedded Software Engineer
Embedded Software, Cedar Park, TX
[Description: Description: Description: Description: National Oilwell Varco 
Logo Color CMYK.jpg]
 Wellbore Technologies - Dynamic Drilling Solutions
Global Software Engineering
Office: (512) 340-5435
Mobile: (512) 736-9396
"One Team - Infinite Solutions"

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] building uclibc based image for arm

[Harshal Govind (hgovind)]

Thanks Raj!

I was pulling yocto 1.7.2 and did not add any custom recipe or target. I just 
build core-image-minimal image with enabling uclibc in 
"meta/conf/distro/defaultsetup.conf" (#TCLIBC ?= "uclibc")

But if I do same thing with yocto 2.0 or 2.1, it goes successful and builds 
uclibc based images.

-Original Message-
From: Khem Raj [mailto:raj.k...@gmail.com] 
Sent: Saturday, October 15, 2016 8:24 PM
To: Harshal Govind (hgovind) 
Cc: yocto@yoctoproject.org
Subject: Re: [yocto] building uclibc based image for arm

On Wed, Oct 12, 2016 at 6:08 PM, Harshal Govind (hgovind)  
wrote:
> Hi,
>
>
>
>
>
> I am trying build uclibc based image. But getting following error.
>
> Note:
>
> -  I am using yocto-1.7.2
>
> -  Set TCLIBC ?= "uclibc" in distro/defaultsetup.conf
>
> -  Building for arm
>
>
>
> # bitbake core-image-minimal
>
>
>
> NOTE: Preparing runqueue
>
> NOTE: Executing SetScene Tasks
>
> NOTE: Executing RunQueue Tasks
>
> ERROR: Function failed: do_install (log file is located at
> /home/hgovind/projects/temp/test-sdk/ap-sdk/yp_ap/tmp/work/armv7a-vfp-
> neon-poky-linux-uclibceabi/glibc-locale/2.20-r0/temp/log.do_install.29
> 445)
>
> ERROR: Logfile of failure stored in:
> /home/hgovind/projects/temp/test-sdk/ap-sdk/yp_ap/tmp/work/armv7a-vfp-
> neon-poky-linux-uclibceabi/glibc-locale/2.20-r0/temp/log.do_install.29
> 445
>
> Log data follows:
>
> | DEBUG: Executing shell function do_install
>
> | ls: cannot access
> /home/hgovind/projects/temp/test-sdk/ap-sdk/yp_ap/tmp/sysroots/ap3k-lxc/usr/include/glibc-locale-internal-armv7a-vfp-neon-poky-linux-uclibceabi//usr/bin:
> No such file or directory
>
> | ls: cannot access
> /home/hgovind/projects/temp/test-sdk/ap-sdk/yp_ap/tmp/sysroots/ap3k-lxc/usr/include/glibc-locale-internal-armv7a-vfp-neon-poky-linux-uclibceabi//usr/lib/locale:
> No such file or directory
>
> | cp: cannot stat
> '/home/hgovind/projects/temp/test-sdk/ap-sdk/yp_ap/tmp/sysroots/ap3k-lxc/usr/include/glibc-locale-internal-armv7a-vfp-neon-poky-linux-uclibceabi/SUPPORTED':
> No such file or directory
>
> | WARNING: exit code 1 from a shell command.
>
> | ERROR: Function failed: do_install (log file is located at
> /home/hgovind/projects/temp/test-sdk/ap-sdk/yp_ap/tmp/work/armv7a-vfp-
> neon-poky-linux-uclibceabi/glibc-locale/2.20-r0/temp/log.do_install.29
> 445)
>
> ERROR: Task 1094
> (/home/hgovind/projects/temp/test-sdk/ap-sdk/sys/yocto-1.7/poky-dizzy-
> 12.0.2/meta/recipes-core/glibc/glibc-locale_2.20.bb,
> do_install) failed with exit code '1'
>
> NOTE: Tasks Summary: Attempted 780 tasks of which 703 didn't need to 
> be rerun and 1 failed.
>
> Waiting for 0 running tasks to finish:
>
>
>
> Summary: 1 task failed:
>
>
> /home/hgovind/projects/temp/test-sdk/ap-sdk/sys/yocto-1.7/poky-dizzy-1
> 2.0.2/meta/recipes-core/glibc/glibc-locale_2.20.bb,
> do_install
>
> Summary: There was 1 ERROR message shown, returning a non-zero exit code.
>
>
>
>
>
> Could you please let me know if I am following correct steps to create 
> uclibc based image?
>

when using uclibc, it should not pull any glibc components for targets. but its 
happening for your case so figure out how this is getting into dependencies. 
May be you are including it explicitly or its coming via indirect deps. you can 
use bitbake -g to generate dep info and inspect it
-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] Using debian packages management

[Michel D'HOOGE]

Hi, 

>From time to time I try to use the debian packages management instead of RPM 
>because I feel more "at home"... And every time, there is a problem -- but 
>this time, I felt like I'll try to understand and solve it! 

I tried first with core-image-minimal, and it worked.
But then I switched to core-image-sato and had the following error:

ERROR : core-image-sato-1.0-r0 do_rootfs: Unable to install packages. Command 
'/mnt/Yocto/Fabric-x64/build/tmp/sysroots/x86_64-linux/usr/bin/apt-get install 
--force-yes --allow-unauthenticated apt packagegroup-base-extended 
packagegroup-core-ssh-dropbear dpkg packagegroup-core-x11-base 
packagegroup-core-boot packagegroup-core-x11-sato-games psplash 
packagegroup-core-x11-sato' returned 100: 
Reading package lists... 
Building dependency tree... 
Reading state information... 
Some packages could not be installed. This may mean that you have requested an 
impossible situation or if you are using the unstable distribution that some 
required packages have not yet been created or been moved out of Incoming. 
The following information may help to resolve the situation: 

The following packages have unmet dependencies: 
packagegroup-core-x11-base : Depends: packagegroup-core-x11-utils but it is not 
going to be installed 
E: Unable to correct problems, you have held broken packages.


I checked: The package exists in 
/tmp/deploy/deb/all/packagegroup-core-x11-utils_1.0-r40_all.deb, but it is 
*empty*. It looks as if it is just there to create some RDEPENDS in the recipe.


So... I played the game to explicitly add packages one by one to the image:
IMAGE_INSTALL_append_pn-core-image-sato = " packagegroup-core-x11-utils 
xserver-nodm-init x11-common xserver-common"


But now I have the following error:
The following packages have unmet dependencies:
 xserver-common : Conflicts: x11-common but 0.1-r47 is to be installed



So my question is:
Is using debian packages management definitely broken in Yocto? Or has someone 
managed to use it with some tweaking?


Many thanks for your feedbacks
Michel
-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [PATCH 4/4] README.hardware: minor update to edgerouter section

[Maxin B. John]

Trivial fix

Signed-off-by: Maxin B. John 
---
 README.hardware | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.hardware b/README.hardware
index d7e24d2..562f196 100644
--- a/README.hardware
+++ b/README.hardware
@@ -317,7 +317,7 @@ Steps:
 
  2. Flash the image.
 
-# dd core-image-minimal-edgerouter.wic of=/dev/sdb
+# dd if=core-image-minimal-edgerouter.wic of=/dev/sdb
 
  3. Insert USB disk into the edgerouter and boot it.
 
-- 
2.4.0

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [PATCH 1/4] poky-tiny.conf: remove core-image-directfb reference

[Maxin B. John]

core-image-directfb was removed from oe-core with this commit:

remove core-image-directfb.bb as part of moving directfb
from oe-core
(From OE-Core rev: 8871fe1189776d78e5848b08edb9c990b9aebf2d)

Signed-off-by: Maxin B. John 
---
 meta-poky/conf/distro/poky-tiny.conf | 1 -
 1 file changed, 1 deletion(-)

diff --git a/meta-poky/conf/distro/poky-tiny.conf 
b/meta-poky/conf/distro/poky-tiny.conf
index 08bd497..6aee35c 100644
--- a/meta-poky/conf/distro/poky-tiny.conf
+++ b/meta-poky/conf/distro/poky-tiny.conf
@@ -115,7 +115,6 @@ RDEPENDS_${PN}-mtrace_pn-eglibc = ""
 PNBLACKLIST[build-appliance-image] = "not buildable with poky-tiny"
 PNBLACKLIST[core-image-base] = "not buildable with poky-tiny"
 PNBLACKLIST[core-image-clutter] = "not buildable with poky-tiny"
-PNBLACKLIST[core-image-directfb] = "not buildable with poky-tiny"
 PNBLACKLIST[core-image-full-cmdline] = "not buildable with poky-tiny"
 PNBLACKLIST[core-image-lsb] = "not buildable with poky-tiny"
 PNBLACKLIST[core-image-lsb-dev] = "not buildable with poky-tiny"
-- 
2.4.0

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [PATCH 2/4] maintainers.inc: remove core-image-directfb reference

[Maxin B. John]

core-image-directfb was removed from oe-core with this commit:

remove core-image-directfb.bb as part of moving directfb
from oe-core
(From OE-Core rev: 8871fe1189776d78e5848b08edb9c990b9aebf2d)

Signed-off-by: Maxin B. John 
---
 meta-poky/conf/distro/include/maintainers.inc | 1 -
 1 file changed, 1 deletion(-)

diff --git a/meta-poky/conf/distro/include/maintainers.inc 
b/meta-poky/conf/distro/include/maintainers.inc
index db95111..260b3d8 100644
--- a/meta-poky/conf/distro/include/maintainers.inc
+++ b/meta-poky/conf/distro/include/maintainers.inc
@@ -108,7 +108,6 @@ RECIPE_MAINTAINER_pn-console-tools = "Chen Qi 
"
 RECIPE_MAINTAINER_pn-consolekit = "Chen Qi "
 RECIPE_MAINTAINER_pn-core-image-base = "Ross Burton "
 RECIPE_MAINTAINER_pn-core-image-clutter = "Ross Burton "
-RECIPE_MAINTAINER_pn-core-image-directfb = "Ross Burton 
"
 RECIPE_MAINTAINER_pn-core-image-full-cmdline = "Ross Burton 
"
 RECIPE_MAINTAINER_pn-core-image-kernel-dev = "Ross Burton 
"
 RECIPE_MAINTAINER_pn-core-image-lsb = "Ross Burton "
-- 
2.4.0

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [PATCH 3/4] ref-images.xml: remove core-image-directfb reference

[Maxin B. John]

core-image-directfb was removed from oe-core with this commit:

remove core-image-directfb.bb as part of moving directfb
from oe-core
(From OE-Core rev: 8871fe1189776d78e5848b08edb9c990b9aebf2d)

Signed-off-by: Maxin B. John 
---
 documentation/ref-manual/ref-images.xml | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/documentation/ref-manual/ref-images.xml 
b/documentation/ref-manual/ref-images.xml
index 69b58f6..f220968 100644
--- a/documentation/ref-manual/ref-images.xml
+++ b/documentation/ref-manual/ref-images.xml
@@ -54,9 +54,6 @@
 core-image-clutter:
 An image with support for the Open GL-based toolkit Clutter, 
which enables development of
 rich and animated graphical user interfaces.
-core-image-directfb:
-An image that uses directfb instead of 
X11.
-
 core-image-full-cmdline:
 A console-only image with more full-featured Linux system
 functionality installed.
-- 
2.4.0

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] Adding a file into the kernel source

[colin.helliwell]

I want to add a new file (a device tree source) into my kernel build. Is
there a way to get the recipe to specifically copy an existing file in , or
does it have to be created using a patch?

 

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [yocto/meta-qt5] broken qt5 sdk

[idealsim]

Hi, since one week now i have a problem with my generated sdk. When i
deploy sdk and configure qtCreator i have this error when i try do deploy
an app :

/usr/bin/ld: skipping incompatible
/opt/poky/secoA62/sysroots/cortexa9hf-neon-poky-linux-gnueabi/usr/lib/libQt5Charts.so
when searching for -lQt5Charts
/usr/bin/ld: skipping incompatible
/home/mls/yocto-seco/secoA62q/tmp/sysroots/secosbca62/usr/lib/libQt5Charts.so
when searching for -lQt5Charts
/usr/bin/ld: cannot find -lQt5Charts
/usr/bin/ld: skipping incompatible
/opt/poky/secoA62/sysroots/cortexa9hf-neon-poky-linux-gnueabi/usr/lib/libQt5Widgets.so
when searching for -lQt5Widgets
/usr/bin/ld: skipping incompatible
/home/mls/yocto-seco/secoA62q/tmp/sysroots/secosbca62/usr/lib/libQt5Widgets.so
when searching for -lQt5Widgets
/usr/bin/ld: cannot find -lQt5Widgets
/usr/bin/ld: skipping incompatible
/opt/poky/secoA62/sysroots/cortexa9hf-neon-poky-linux-gnueabi/usr/lib/libQt5Gui.so
when searching for -lQt5Gui
/usr/bin/ld: skipping incompatible
/home/mls/yocto-seco/secoA62q/tmp/sysroots/secosbca62/usr/lib/libQt5Gui.so
when searching for -lQt5Gui
/usr/bin/ld: cannot find -lQt5Gui
/usr/bin/ld: skipping incompatible
/opt/poky/secoA62/sysroots/cortexa9hf-neon-poky-linux-gnueabi/usr/lib/libQt5Core.so
when searching for -lQt5Core
/usr/bin/ld: skipping incompatible
/home/mls/yocto-seco/secoA62q/tmp/sysroots/secosbca62/usr/lib/libQt5Core.so
when searching for -lQt5Core
/usr/bin/ld: cannot find -lQt5Core
/usr/bin/ld: skipping incompatible
/opt/poky/secoA62/sysroots/cortexa9hf-neon-poky-linux-gnueabi/usr/lib/libGLESv2.so
when searching for -lGLESv2
/usr/bin/ld: skipping incompatible
/home/mls/yocto-seco/secoA62q/tmp/sysroots/secosbca62/usr/lib/libGLESv2.so
when searching for -lGLESv2
/usr/bin/ld: cannot find -lGLESv2
/usr/bin/ld: skipping incompatible
/opt/poky/secoA62/sysroots/cortexa9hf-neon-poky-linux-gnueabi/usr/lib/libpthread.so
when searching for -lpthread
/usr/bin/ld: skipping incompatible
/home/mls/yocto-seco/secoA62q/tmp/sysroots/secosbca62/usr/lib/libpthread.so
when searching for -lpthread
/usr/bin/ld: skipping incompatible
/home/mls/yocto-seco/secoA62q/tmp/sysroots/secosbca62/usr/lib/libpthread.a
when searching for -lpthread
collect2: error: ld returned 1 exit status
make: *** [barchart] Error 1
09:57:17: Le processus "/usr/bin/make" s'est terminé avec le code 2.

For information we are on krogoth branch for oe/poky ... and master in
meta-qt5 (for qt5.7). We have no warning or error during the build.

I also see that qmake -query (the qmake give by the sdk in
/x86_64-pokysdk-linux/usr/bin/qt5/bin) give this :

QT_EXTERNAL_HOST_BINS:
QMAKE_SPEC:linux-g++
QMAKE_XSPEC:linux-g++
QMAKE_VERSION:3.0
QT_VERSION:5.7.0

and before for a working sdk, i have this for qmake -query :

QT_EXTERNAL_HOST_BINS:
QMAKE_SPEC:/home/mls/yoctoUdoo/neoBuild/tmp/sysroots/x86_64-linux/usr/lib/qt5/mkspecs/linux-oe-g++
QMAKE_XSPEC:linux-oe-g++
QMAKE_VERSION:3.0
QT_VERSION:5.6.1

I think a problem with QMAKE_SPEC, but i don't know how to resolve this !

If someone can help please !

Mickaël


--
Utilisant le logiciel de courrier d'Opera : http://www.opera.com/mail/
--
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] Re: add dejavu-fonts to image

[idealsim]

Hi Michel, your solution work fine thanks a lot for that !

Le Fri, 14 Oct 2016 10:08:37 +0200, idealsim  a  
écrit:



Ok, i will test this week end and let you know !

Otherwise, if you build qt5.7 perhaps you can have the same issue like  
me with sdk, see here for more details :


https://github.com/graugans/meta-udoo/issues/20

regards


Le 13/10/2016 à 18:12, Michel D'HOOGE a écrit :
After solving all the QA issues, this bbappend creates RPM packages  
with fonts in the expected folder. I didn't try to generate an image  
but I'm quite confident about the result.

Michel


do_install() {
 install -d ${D}${libdir}/fonts/
 find ./ -name '*.tt[cf]' -exec install -m 0644 {}  
${D}${libdir}/fonts/ \;

 install -d ${D}${sysconfdir}/fonts/conf.d/
 install -m 0644 ${WORKDIR}/30-dejavu-aliases.conf  
${D}${sysconfdir}/fonts/conf.d/

}

FILES_${PN}-sans= "${libdir}/fonts/DejaVuSans.ttf  
${libdir}/fonts/DejaVuSans-*.ttf"

FILES_${PN}-sans-mono   = "${libdir}/fonts/DejaVuSansMono*.ttf"
FILES_${PN}-sans-condensed  = "${libdir}/fonts/DejaVuSansCondensed*.ttf"
FILES_${PN}-serif   = "${libdir}/fonts/DejaVuSerif.ttf  
${libdir}/fonts/DejaVuSerif-*.ttf"
FILES_${PN}-serif-condensed =  
"${libdir}/fonts/DejaVuSerifCondensed*.ttf"

FILES_${PN}-mathtexgyre = "${libdir}/fonts/DejaVuMathTeXGyre.ttf"





--
Utilisant le logiciel de courrier d'Opera : http://www.opera.com/mail/
--
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] Why didn't deploy source archive by license from yocto-1.6

[Lei, Maohui]

Hi,

I found that before yocto-1.6, source archives were deployed by license. 

The following commit changed the directory for deploying source archives:
cbcf5b219858b58c4429ee87444eaacc5a7cfa3e

But from commit log, there is no explaining about this change.

Are there someone who can tell me why.

Best regards
Lei


-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto