[yocto] [meta-gplv2][PATCH] gnupg: specify tar path explicitly

2017-09-18 Thread Yi Zhao 
From: Wenlin Kang 

The gpg-zip script contains wrong tar binary path:
"TAR=/buildarea/poky/build/tmp/hosttools/tar"

Specify the correct tar path when configure.
Also remove the code for ustar format detection in configure because it
is not applicable for cross-compile environment.

Signed-off-by: Wenlin Kang 
Signed-off-by: Yi Zhao 
---
 .../gnupg/gnupg-1.4.7/fix-ustar-check-issue.patch  | 38 ++
 recipes-support/gnupg/gnupg_1.4.7.bb   | 10 +++---
 2 files changed, 44 insertions(+), 4 deletions(-)
 create mode 100644 
recipes-support/gnupg/gnupg-1.4.7/fix-ustar-check-issue.patch

diff --git a/recipes-support/gnupg/gnupg-1.4.7/fix-ustar-check-issue.patch 
b/recipes-support/gnupg/gnupg-1.4.7/fix-ustar-check-issue.patch
new file mode 100644
index 000..eb4cc9f
--- /dev/null
+++ b/recipes-support/gnupg/gnupg-1.4.7/fix-ustar-check-issue.patch
@@ -0,0 +1,38 @@
+Remove the code for ustar format detection because it is not applicable
+for cross-complie platform.
+
+Upstream Status: Inappropriate [embedded specific]
+
+Signed-off-by: Wenlin Kang 
+Signed-off-by: Yi Zhao 
+---
+ m4/tar-ustar.m4 | 13 +
+ 1 file changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/m4/tar-ustar.m4 b/m4/tar-ustar.m4
+index 4ae9e63..f6e57c2 100644
+--- a/m4/tar-ustar.m4
 b/m4/tar-ustar.m4
+@@ -26,10 +26,15 @@ AC_DEFUN([GNUPG_CHECK_USTAR],
+ 
+  if test x$_mytar != x ; then
+ AC_MSG_CHECKING([whether $_mytar speaks USTAR])
+-echo hithere > conftest.txt
+-$_mytar -cf - conftest.txt | (dd skip=257 bs=1 count=5 2>/dev/null || 
cat) | grep ustar > /dev/null
+-_tar_bad=$?
+-rm conftest.txt
++
++# Here, we ignore the check code, because it isn't indeed applicable 
for
++# cross-compile platform.
++# Now our tar support ustar, so we say directly yes, but once the tar 
is changed,
++# you should check whether it suppport ustar, and please reference 
the follow command:
++# echo hithere > conftest.txt
++# tar -cf - conftest.txt | (dd skip=257 bs=1 count=5 2>/dev/null || 
cat) | grep ustar > /dev/null
++
++_tar_bad=0
+ 
+   if test x$_tar_bad = x0 ; then
+  AC_MSG_RESULT([yes])
+-- 
+1.9.1
+
diff --git a/recipes-support/gnupg/gnupg_1.4.7.bb 
b/recipes-support/gnupg/gnupg_1.4.7.bb
index 6ccffd5..85636ab 100644
--- a/recipes-support/gnupg/gnupg_1.4.7.bb
+++ b/recipes-support/gnupg/gnupg_1.4.7.bb
@@ -18,6 +18,7 @@ SRC_URI = "${GNUPG_MIRROR}/gnupg/gnupg-${PV}.tar.bz2 \
file://CVE-2013-4351.patch \
file://CVE-2013-4576.patch \
file://CVE-2013-4242.patch \
+   file://fix-ustar-check-issue.patch \
  "
 
 SRC_URI[md5sum] = "b06a141cca5cd1a55bbdd25ab833303c"
@@ -74,12 +75,13 @@ inherit autotools gettext texinfo
 #   --disable-regex do not handle regular expressions in trust sigs
 
 EXTRA_OECONF = "--disable-ldap \
-   --with-zlib=${STAGING_LIBDIR}/.. \
-   --with-bzip2=${STAGING_LIBDIR}/.. \
-   --disable-selinux-support \
+--with-zlib=${STAGING_LIBDIR}/.. \
+--with-bzip2=${STAGING_LIBDIR}/.. \
+--disable-selinux-support \
 --with-readline=${STAGING_LIBDIR}/.. \
 ac_cv_sys_symbol_underscore=no \
-   "
+ac_cv_path_TAR=${base_bindir}/tar \
+   "
 
 # Force gcc's traditional handling of inline to avoid issues with gcc 5
 CFLAGS += "-fgnu89-inline"
-- 
2.7.4

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] [meta-selinux] Update announcement

2017-09-18 Thread Chanho Park 
Hi,

On Tue, 19 Sep 2017 at 12:15 PM Mark Hatle  wrote:

> On 9/18/17 9:34 PM, Chanho Park wrote:
> > Hi Mark,
> >
> > Thanks for the update.
> > When I ran the semanage tool, I got below errors.
> >
> >> ImportError: No module named lib2to3.pgen2.parse
> >
> > Does the setools use python3 instead of the python2?
>
> Are you running this on the target or as part of the build?  Part of the
> system
> requires meta-python components to operate properly.  If this piece
> requires
> additional components that are not set as requirements, it's a bug.


Yes. I already added the meta-openembedded/meta-python. The morty
branch(20151208) does not have the problem.
I'll look at what I missed.


>
> Patches welcome.  (I did not experience this when I did a build.)


Sure. If I find the problem, I'll make the patch.

Best Regards,
Chanho Park
-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] [meta-selinux] Update announcement

2017-09-18 Thread Mark Hatle 
On 9/18/17 9:34 PM, Chanho Park wrote:
> Hi Mark,
> 
> Thanks for the update.
> When I ran the semanage tool, I got below errors.
> 
>> ImportError: No module named lib2to3.pgen2.parse
> 
> Does the setools use python3 instead of the python2?

Are you running this on the target or as part of the build?  Part of the system
requires meta-python components to operate properly.  If this piece requires
additional components that are not set as requirements, it's a bug.

Patches welcome.  (I did not experience this when I did a build.)

--Mark

> Best Regards,
> Chanho Park
> 
> On Fri, 15 Sep 2017 at 6:27 AM Mark Hatle  > wrote:
> 
> I have pushed an update to meta-selinux to work with master.  A few key 
> changes:
> 
> The oe-selinux and poky-selinux distro configurations HAVE BEEN REMOVED!  
> It is
> now up to the user to enable the components using the appropriate
> DISTRO_FEATURES as documented in the README file.  (acl xattr pam selinux)
> 
> The layer now requires meta-selinux as part of the 'setools' upgrade.  
> The tool
> is now a python based tool.
> 
> SELinux componetns have been updated to version 2.7.
> 
> Refpolicy is at 2.20170204, git at master as of yesterday.
> 
> The README for the layer has been updated to include some additional 
> information
> about running the included images.
> 
> Changelog:
> 
> f1f0860 openssh: set ChallengeResponseAuthentication to no
> 24cce7b refpolicy: fix a typo in RDEPENDS
> 827b305 initscripts: use the 'i' option for restorecon command
> eeb2c2f audit: fix the wrong packaging for auditd.service
> 2aadc0d audit 2.7.1 -> 2.7.6
> beaaa37 attr: fix ptest failures when selinux enabled
> 232bfeb systemd: Remove inherit enable-selinux, obsolete
> 40a581d selinux: uprev include file to 20170804
> 3aafa96 libsepol: uprev to 2.7 (20170804)
> 375dfa6 libselinux: uprev to 2.7 (20170804)
> b00974f libsemanage: uprev to 2.7 (20170804)
> 43adb0c checkpolicy: uprev to 2.7 (20170804)
> f838032 secilc: uprev to 2.7 (20170804)
> c9186be policycoreutils: uprev to 2.7 (20170804)
> 9b70823 sepolgen: remove package
> d8d6ac6 mcstrans: add package 2.7 (20170804)
> 9a07ac8 restorecond: add package 2.7 (20170804)
> a5b5f5b selinux-sandbox: add package 2.7 (20170804)
> 1d3df56 selinux-python: add package 2.7 (20170804)
> 17cda5a semodule-utils: add package 2.7 (20170804)
> 28b961c selinux-dbus: add package 2.7 (20170804)
> a1f9832 selinux-gui: add package 2.7 (20170804)
> 493b567 policycoreutils: fixes for 2.7 uprev
> fe8bc07 refpolicy_common: depends on semodule-utils-native
> fdf7612 setools: uprev to 4.1.1
> 96b54b4 packagegroup-*: sync package names
> 2c7c0e9 selinux-python: add setools to RDEPENDS
> 8bd72df refpolicy-git: Update to lastest git version
> 694b8d1 README: Update and remove references to distros, replace w/
> DISTRO_FEATURES
> 4fefe83 Refactor to conform to YP Compat requirements
> 6733785 README: Add information about running the system
> dddf265 packagegroups: Fix LIC_FILES_CHKSUM
> bca5c61 refpolicy: Add '/bin/bash.bash', an update-alternative to the 
> policy
> 907e373 policycoreutils: Update fixfile
> --
> ___
> yocto mailing list
> yocto@yoctoproject.org 
> https://lists.yoctoproject.org/listinfo/yocto
> 
> -- 
> Best Regards,
> Chanho Park

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] [meta-selinux] Update announcement

2017-09-18 Thread Chanho Park 
Hi Mark,

Thanks for the update.
When I ran the semanage tool, I got below errors.

> ImportError: No module named lib2to3.pgen2.parse

Does the setools use python3 instead of the python2?

Best Regards,
Chanho Park

On Fri, 15 Sep 2017 at 6:27 AM Mark Hatle  wrote:

> I have pushed an update to meta-selinux to work with master.  A few key
> changes:
>
> The oe-selinux and poky-selinux distro configurations HAVE BEEN REMOVED!
> It is
> now up to the user to enable the components using the appropriate
> DISTRO_FEATURES as documented in the README file.  (acl xattr pam selinux)
>
> The layer now requires meta-selinux as part of the 'setools' upgrade.  The
> tool
> is now a python based tool.
>
> SELinux componetns have been updated to version 2.7.
>
> Refpolicy is at 2.20170204, git at master as of yesterday.
>
> The README for the layer has been updated to include some additional
> information
> about running the included images.
>
> Changelog:
>
> f1f0860 openssh: set ChallengeResponseAuthentication to no
> 24cce7b refpolicy: fix a typo in RDEPENDS
> 827b305 initscripts: use the 'i' option for restorecon command
> eeb2c2f audit: fix the wrong packaging for auditd.service
> 2aadc0d audit 2.7.1 -> 2.7.6
> beaaa37 attr: fix ptest failures when selinux enabled
> 232bfeb systemd: Remove inherit enable-selinux, obsolete
> 40a581d selinux: uprev include file to 20170804
> 3aafa96 libsepol: uprev to 2.7 (20170804)
> 375dfa6 libselinux: uprev to 2.7 (20170804)
> b00974f libsemanage: uprev to 2.7 (20170804)
> 43adb0c checkpolicy: uprev to 2.7 (20170804)
> f838032 secilc: uprev to 2.7 (20170804)
> c9186be policycoreutils: uprev to 2.7 (20170804)
> 9b70823 sepolgen: remove package
> d8d6ac6 mcstrans: add package 2.7 (20170804)
> 9a07ac8 restorecond: add package 2.7 (20170804)
> a5b5f5b selinux-sandbox: add package 2.7 (20170804)
> 1d3df56 selinux-python: add package 2.7 (20170804)
> 17cda5a semodule-utils: add package 2.7 (20170804)
> 28b961c selinux-dbus: add package 2.7 (20170804)
> a1f9832 selinux-gui: add package 2.7 (20170804)
> 493b567 policycoreutils: fixes for 2.7 uprev
> fe8bc07 refpolicy_common: depends on semodule-utils-native
> fdf7612 setools: uprev to 4.1.1
> 96b54b4 packagegroup-*: sync package names
> 2c7c0e9 selinux-python: add setools to RDEPENDS
> 8bd72df refpolicy-git: Update to lastest git version
> 694b8d1 README: Update and remove references to distros, replace w/
> DISTRO_FEATURES
> 4fefe83 Refactor to conform to YP Compat requirements
> 6733785 README: Add information about running the system
> dddf265 packagegroups: Fix LIC_FILES_CHKSUM
> bca5c61 refpolicy: Add '/bin/bash.bash', an update-alternative to the
> policy
> 907e373 policycoreutils: Update fixfile
> --
> ___
> yocto mailing list
> yocto@yoctoproject.org
> https://lists.yoctoproject.org/listinfo/yocto
>
-- 
Best Regards,
Chanho Park
-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] [meta-raspberrypi][PATCH 1/3] linux-raspberrypi_4.9.bb: Upgrade to 4.9.50

2017-09-18 Thread Martin Jansa 
With these 3 changes included I see following failure with raspberrypi3-64,
it might be something caused by last oe-core upgrade, but I haven't noticed
anything suspicious there.

Looks familiar?

|   VDSOL   arch/arm64/kernel/vdso/vdso.so.dbg
|
/OE/build/owpb/webos-ports/tmp-glibc/work/raspberrypi3_64-webos-linux/linux-raspberrypi/1_4.9.50+gitAUTOINC+46e2d4d1bd-r0/recipe-sysroot-native/usr/bin/aarch64-webos-linux/../../libexec/aarch64-webos-linux/gcc/aarch64-webos-linux/7.2.0/ld:
fatal error: -shared and -static are incompatible
| collect2: error: ld returned 1 exit status
| make[3]: ***
[/OE/build/owpb/webos-ports/tmp-glibc/work-shared/raspberrypi3-64/kernel-source/arch/arm64/kernel/vdso/Makefile:34:
arch/arm64/kernel/vdso/vdso.so.dbg] Error 1
| make[2]: *** [arch/arm64/Makefile:144: vdso_prepare] Error 2
| make[1]: *** [Makefile:150: sub-make] Error 2
| make: *** [Makefile:24: __sub-make] Error 2
| ERROR: oe_runmake failed
| WARNING:
/OE/build/owpb/webos-ports/tmp-glibc/work/raspberrypi3_64-webos-linux/linux-raspberrypi/1_4.9.50+gitAUTOINC+46e2d4d1bd-r0/temp/run.do_compile.29341:1
exit 1 from 'exit 1'


On Mon, Sep 18, 2017 at 7:41 AM, Khem Raj  wrote:

> Signed-off-by: Khem Raj 
> ---
>  recipes-kernel/linux/linux-raspberrypi_4.9.bb | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/recipes-kernel/linux/linux-raspberrypi_4.9.bb
> b/recipes-kernel/linux/linux-raspberrypi_4.9.bb
> index ba17020..068965f 100644
> --- a/recipes-kernel/linux/linux-raspberrypi_4.9.bb
> +++ b/recipes-kernel/linux/linux-raspberrypi_4.9.bb
> @@ -1,8 +1,8 @@
>  FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}-${PV}:"
>
> -LINUX_VERSION ?= "4.9.41"
> +LINUX_VERSION ?= "4.9.50"
>
> -SRCREV = "4153f509b449f1c1c816cf124c314975c3daa824"
> +SRCREV = "46e2d4d1bd2c17e2f84dd90768321ee0bbaa6b8a"
>  SRC_URI = "git://github.com/raspberrypi/linux.git;branch=rpi-4.9.y"
>
>  require linux-raspberrypi.inc
> --
> 2.14.1
>
> --
> ___
> yocto mailing list
> yocto@yoctoproject.org
> https://lists.yoctoproject.org/listinfo/yocto
>
-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] Error messages building WIC image

2017-09-18 Thread Khem Raj 
On Mon, Sep 18, 2017 at 03:52:18PM +, Eswaran Vinothkumar (BEG/PJ-IOT-EL) 
wrote:
> Hi,
> 
> When I tried building a WIC image , I am seeing the following error messages.
> 
> WARNING: 
> /home/evk1206/Projects/prj_compulab/sources/meta-alen/recipes-kernel/linux/linux-iot_4.9.39.bb.do_compile
>  is tainted from a forced run  | 
> ETA:  0:00:05
> Initialising tasks: 100% 
> |###|
>  Time: 0:00:09
> NOTE: Executing SetScene Tasks
> NOTE: Executing RunQueue Tasks
> ERROR: When reparsing 
> /home/evk1206/Projects/prj_compulab/sources/meta-alen/recipes-core/images/iot-eval-image.bb.do_image_wic,
>  the basehash value changed from f06fa95389abbf5cea813cfcd6ca3806 to 
> b2ae7ed9b5aa329328f6fb57d934d17e. The metadata is not deterministic and this 
> needs to be fixed.
> WARNING: iot-eval-image-1.0-r0 do_rootfs: The license listed 
> Firmware-ti-connectivity was not in the licenses collected for recipe 
> wl18xx-bluetooth
> ERROR: When reparsing 
> /home/evk1206/Projects/prj_compulab/sources/meta-alen/recipes-core/images/iot-eval-image.bb.do_image_wic,
>  the basehash value changed from f06fa95389abbf5cea813cfcd6ca3806 to 
> b2ae7ed9b5aa329328f6fb57d934d17e. The metadata is not deterministic and this 
> needs to be fixed.
> ERROR: When reparsing 
> /home/evk1206/Projects/prj_compulab/sources/meta-alen/recipes-core/images/iot-eval-image.bb.do_image_wic,
>  the basehash value changed from f06fa95389abbf5cea813cfcd6ca3806 to 
> b2ae7ed9b5aa329328f6fb57d934d17e. The metadata is not deterministic and this 
> needs to be fixed.
> ERROR: When reparsing 
> /home/evk1206/Projects/prj_compulab/sources/meta-alen/recipes-core/images/iot-eval-image.bb.do_image_wic,
>  the basehash value changed from f06fa95389abbf5cea813cfcd6ca3806 to 
> b2ae7ed9b5aa329328f6fb57d934d17e. The metadata is not deterministic and this 
> needs to be fixed.
> ERROR: When reparsing 
> /home/evk1206/Projects/prj_compulab/sources/meta-alen/recipes-core/images/iot-eval-image.bb.do_image_wic,
>  the basehash value changed from f06fa95389abbf5cea813cfcd6ca3806 to 
> b2ae7ed9b5aa329328f6fb57d934d17e. The metadata is not deterministic and this 
> needs to be fixed.
> ERROR: When reparsing 
> /home/evk1206/Projects/prj_compulab/sources/meta-alen/recipes-core/images/iot-eval-image.bb.do_image_wic,
>  the basehash value changed from f06fa95389abbf5cea813cfcd6ca3806 to 
> b2ae7ed9b5aa329328f6fb57d934d17e. The metadata is not deterministic and this 
> needs to be fixed.
> ERROR: When reparsing 
> /home/evk1206/Projects/prj_compulab/sources/meta-alen/recipes-core/images/iot-eval-image.bb.do_image_wic,
>  the basehash value changed from f06fa95389abbf5cea813cfcd6ca3806 to 
> b2ae7ed9b5aa329328f6fb57d934d17e. The metadata is not deterministic and this 
> needs to be fixed.
> ERROR: When reparsing 
> /home/evk1206/Projects/prj_compulab/sources/meta-alen/recipes-core/images/iot-eval-image.bb.do_image_wic,
>  the basehash value changed from f06fa95389abbf5cea813cfcd6ca3806 to 
> b2ae7ed9b5aa329328f6fb57d934d17e. The metadata is not deterministic and this 
> needs to be fixed.
> ERROR: iot-eval-image-1.0-r0 do_image_wic: Taskhash mismatch 
> d04ed8e44344c09b715faf7f046a2943 versus 8b6b18a1996ba1c6af0fc8b285e5e4b7 for 
> /home/evk1206/Projects/prj_compulab/sources/meta-alen/recipes-core/images/iot-eval-image.bb.do_image_wic
> ERROR: Taskhash mismatch d04ed8e44344c09b715faf7f046a2943 versus 
> 8b6b18a1996ba1c6af0fc8b285e5e4b7 for 
> /home/evk1206/Projects/prj_compulab/sources/meta-alen/recipes-core/images/iot-eval-image.bb.do_image_wic
> ERROR: When reparsing 
> /home/evk1206/Projects/prj_compulab/sources/meta-alen/recipes-core/images/iot-eval-image.bb.do_image_wic,
>  the basehash value changed from f06fa95389abbf5cea813cfcd6ca3806 to 
> b2ae7ed9b5aa329328f6fb57d934d17e. The metadata is not deterministic and this 
> needs to be fixed.
> ERROR: When reparsing 
> /home/evk1206/Projects/prj_compulab/sources/meta-alen/recipes-core/images/iot-eval-image.bb.do_image_wic,
>  the basehash value changed from f06fa95389abbf5cea813cfcd6ca3806 to 
> b2ae7ed9b5aa329328f6fb57d934d17e. The metadata is not deterministic and this 
> needs to be fixed.
> NOTE: Tasks Summary: Attempted 3759 tasks of which 3718 didn't need to be 
> rerun and all succeeded.
> 
> I could also see the WIC image being successfully created. May I know how to 
> solve this issue, as printing these messages during build results in wrong 
> interpretation.

usually this means that DATE, TIME or DATETIME are being inserted into task 
checksums. You might have to include them
in vardepexclude list for particular tasks. You might use bitbake-dumpsig to 
first find out which variables/tasks are
including these variables first.

> 
> Mit freundlichen Grüßen / Best regards
> 
> Vinothkumar Eswaran
> BEG-PT/PJ-IOT1
>

[yocto] Error messages building WIC image

2017-09-18 Thread Eswaran Vinothkumar (BEG/PJ-IOT-EL) 
Hi,

When I tried building a WIC image , I am seeing the following error messages.

WARNING: 
/home/evk1206/Projects/prj_compulab/sources/meta-alen/recipes-kernel/linux/linux-iot_4.9.39.bb.do_compile
 is tainted from a forced run  | 
ETA:  0:00:05
Initialising tasks: 100% 
|###|
 Time: 0:00:09
NOTE: Executing SetScene Tasks
NOTE: Executing RunQueue Tasks
ERROR: When reparsing 
/home/evk1206/Projects/prj_compulab/sources/meta-alen/recipes-core/images/iot-eval-image.bb.do_image_wic,
 the basehash value changed from f06fa95389abbf5cea813cfcd6ca3806 to 
b2ae7ed9b5aa329328f6fb57d934d17e. The metadata is not deterministic and this 
needs to be fixed.
WARNING: iot-eval-image-1.0-r0 do_rootfs: The license listed 
Firmware-ti-connectivity was not in the licenses collected for recipe 
wl18xx-bluetooth
ERROR: When reparsing 
/home/evk1206/Projects/prj_compulab/sources/meta-alen/recipes-core/images/iot-eval-image.bb.do_image_wic,
 the basehash value changed from f06fa95389abbf5cea813cfcd6ca3806 to 
b2ae7ed9b5aa329328f6fb57d934d17e. The metadata is not deterministic and this 
needs to be fixed.
ERROR: When reparsing 
/home/evk1206/Projects/prj_compulab/sources/meta-alen/recipes-core/images/iot-eval-image.bb.do_image_wic,
 the basehash value changed from f06fa95389abbf5cea813cfcd6ca3806 to 
b2ae7ed9b5aa329328f6fb57d934d17e. The metadata is not deterministic and this 
needs to be fixed.
ERROR: When reparsing 
/home/evk1206/Projects/prj_compulab/sources/meta-alen/recipes-core/images/iot-eval-image.bb.do_image_wic,
 the basehash value changed from f06fa95389abbf5cea813cfcd6ca3806 to 
b2ae7ed9b5aa329328f6fb57d934d17e. The metadata is not deterministic and this 
needs to be fixed.
ERROR: When reparsing 
/home/evk1206/Projects/prj_compulab/sources/meta-alen/recipes-core/images/iot-eval-image.bb.do_image_wic,
 the basehash value changed from f06fa95389abbf5cea813cfcd6ca3806 to 
b2ae7ed9b5aa329328f6fb57d934d17e. The metadata is not deterministic and this 
needs to be fixed.
ERROR: When reparsing 
/home/evk1206/Projects/prj_compulab/sources/meta-alen/recipes-core/images/iot-eval-image.bb.do_image_wic,
 the basehash value changed from f06fa95389abbf5cea813cfcd6ca3806 to 
b2ae7ed9b5aa329328f6fb57d934d17e. The metadata is not deterministic and this 
needs to be fixed.
ERROR: When reparsing 
/home/evk1206/Projects/prj_compulab/sources/meta-alen/recipes-core/images/iot-eval-image.bb.do_image_wic,
 the basehash value changed from f06fa95389abbf5cea813cfcd6ca3806 to 
b2ae7ed9b5aa329328f6fb57d934d17e. The metadata is not deterministic and this 
needs to be fixed.
ERROR: When reparsing 
/home/evk1206/Projects/prj_compulab/sources/meta-alen/recipes-core/images/iot-eval-image.bb.do_image_wic,
 the basehash value changed from f06fa95389abbf5cea813cfcd6ca3806 to 
b2ae7ed9b5aa329328f6fb57d934d17e. The metadata is not deterministic and this 
needs to be fixed.
ERROR: iot-eval-image-1.0-r0 do_image_wic: Taskhash mismatch 
d04ed8e44344c09b715faf7f046a2943 versus 8b6b18a1996ba1c6af0fc8b285e5e4b7 for 
/home/evk1206/Projects/prj_compulab/sources/meta-alen/recipes-core/images/iot-eval-image.bb.do_image_wic
ERROR: Taskhash mismatch d04ed8e44344c09b715faf7f046a2943 versus 
8b6b18a1996ba1c6af0fc8b285e5e4b7 for 
/home/evk1206/Projects/prj_compulab/sources/meta-alen/recipes-core/images/iot-eval-image.bb.do_image_wic
ERROR: When reparsing 
/home/evk1206/Projects/prj_compulab/sources/meta-alen/recipes-core/images/iot-eval-image.bb.do_image_wic,
 the basehash value changed from f06fa95389abbf5cea813cfcd6ca3806 to 
b2ae7ed9b5aa329328f6fb57d934d17e. The metadata is not deterministic and this 
needs to be fixed.
ERROR: When reparsing 
/home/evk1206/Projects/prj_compulab/sources/meta-alen/recipes-core/images/iot-eval-image.bb.do_image_wic,
 the basehash value changed from f06fa95389abbf5cea813cfcd6ca3806 to 
b2ae7ed9b5aa329328f6fb57d934d17e. The metadata is not deterministic and this 
needs to be fixed.
NOTE: Tasks Summary: Attempted 3759 tasks of which 3718 didn't need to be rerun 
and all succeeded.

I could also see the WIC image being successfully created. May I know how to 
solve this issue, as printing these messages during build results in wrong 
interpretation.

Mit freundlichen Grüßen / Best regards

Vinothkumar Eswaran
BEG-PT/PJ-IOT1



-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] Perforce fetcher ignores module and label

2017-09-18 Thread Katu Txakur 
Hello again,

Just to say that I applied your patch with

git apply --ignore-space-change --ignore-whitespace
0001-Revert-w-modifications-bitbake-fetch2-perforce-Rewor.patch

and the old Perforce fetcher seems to be working as it used to. I haven't
tested it much yet but I will report if I see any problems.

Thanks for your help in this issue.

Regards,
Katu

2017-09-18 11:32 GMT+01:00 Katu Txakur :

> Hi Andrew,
>
> I'm getting an error when I apply your patch. Do you now how can I work
> around this?
>
> user@pc:~/yocto/pyro/poky$ git fetch
> user@pc:~/yocto/pyro/poky$ git reset
> user@pc:~/yocto/pyro/poky$ git clean -fd
> user@pc:~/yocto/pyro/poky$ git reset --hard
> HEAD is now at b51b4f5 gawk: Enable native building
> user@pc:~/yocto/pyro/poky$ git branch
> * pyro
> user@pc:~/yocto/pyro/poky$ git apply ../0001-Revert-w-
> modifications-bitbake-fetch2-perforce-Rewor.patch
> ../0001-Revert-w-modifications-bitbake-fetch2-perforce-Rewor.patch:28:
> trailing whitespace.
>   'DBUS_SESSION_BUS_ADDRESS']
> ../0001-Revert-w-modifications-bitbake-fetch2-perforce-Rewor.patch:41:
> trailing whitespace.
> BitBake 'Fetch' implementations
> ../0001-Revert-w-modifications-bitbake-fetch2-perforce-Rewor.patch:42:
> trailing whitespace.
>
> ../0001-Revert-w-modifications-bitbake-fetch2-perforce-Rewor.patch:43:
> trailing whitespace.
> Classes for obtaining upstream sources for the
> ../0001-Revert-w-modifications-bitbake-fetch2-perforce-Rewor.patch:44:
> trailing whitespace.
> BitBake build tools.
> error: patch failed: bitbake/lib/bb/fetch2/__init__.py:817
> error: bitbake/lib/bb/fetch2/__init__.py: patch does not apply
> error: patch failed: bitbake/lib/bb/fetch2/perforce.py:1
> error: bitbake/lib/bb/fetch2/perforce.py: patch does not apply
>
> Cheers,
> Katu
>
> 2017-09-14 17:17 GMT+01:00 Andrew Bradford :
>
>> Hi Katu,
>>
>> Sorry for my delay in responding.
>>
>> On 09/14 11:13, Katu Txakur wrote:
>> > Have you had time to look at this? I tried to go back to the old
>> perforce
>> > fetcher but I got a license error and I couldn't work around it.
>>
>> On the pyro branch of poky, if you revert these two commits, in this
>> order:
>>
>> 35081f55185a8a9804c21b16cd4600ba70646a10 "bitbake: bitbake-user-manual:
>> Addeds support for the Perforce Fetcher"
>> 40f3099e8ec5c6f3a8b7f3d0e90f1c65c388ee77 "base.bbclass: p4 fetcher
>> supports srcrev"
>>
>> And then apply the patch attached, this should bring the pyro branch of
>> poky back to how the old perforce fetcher worked.  I have tested having
>> two different depot paths in a recipe SRC_URI and they both are fetched
>> how I believe you want them to be, next to each other in WORKDIR.
>>
>> Just be aware, I believe this loses the ability to use
>> SRC_REV="${AUTOREV}" to automatically find the newest changelist which
>> my previous changes introduced.
>>
>> The format for SRC_URI that I tested was like:
>>
>> SRC_URI = "p4://username:password:server.hostname.example.com:1666@
>> depot/path/to/directory/...;cset=178374"
>>
>> You should also be able to specify P4PORT to set the host and port
>> number but you may then lose the ability to have the username and
>> password (although I haven't tested this and don't remember how it used
>> to work).  You should also be able to specify the P4DATE variable in
>> your recipe to apply to all p4 fetches instead of using the "cset="
>> parameter, and instead of using the "cset=" param you should also be
>> able to specify a "revision=" for a single file or a "label=" for a
>> label.  I've only tested using the "cset=" way as the others don't
>> easily apply to how my team internally uses perforce, sorry.
>>
>> I think I understand how I could make the current perforce fetcher
>> (without the above reverts or attached patch) do the multi-directory
>> fetching that you want, but I don't personally want to do that in my
>> workflow so I'm not going to spend a bunch of time implementing it now.
>> But if you do implement it, I'd be happy to test patches for you.
>>
>> Thanks,
>> Andrew
>>
>> > 2017-08-31 18:54 GMT+01:00 Andrew Bradford > >:
>> >
>> > > Hi Katu,
>> > >
>> > > On 08/28 17:43, Katu Txakur wrote:
>> > > > Thanks for looking at this. See my recipe below. I've left the bits
>> > > related
>> > > > to systemd service but I don't think they matter for this. I'm
>> using an
>> > > old
>> > > > implementation of Perforce (2010) in case this matters. I've tried
>> going
>> > > > back to the old perforce.py fetcher but I get a license error... do
>> you
>> > > > know if it would be easy to revert to the old version in my bitbake
>> > > folder
>> > > > until we make this work?
>> > >
>> > > Sorry, I've been swamped this week and haven't been able to look into
>> > > this yet.  This coming weekend is a holiday weekend in the USA, too.
>> > > But I plan to look at this early next week, hope that's OK.
>> > >
>> > > We should be able to

[yocto] Yocto Project Status WW38’17

2017-09-18 Thread Jolley, Stephen K 
Current Dev Position: YP 2.4 M4

Next Deadline: YP 2.4 Final Cut off is Sept. 18, 2017


SWAT team rotation: Alejandro -> Stephano on Sept. 15, 2017.

SWAT team rotation: Stephano -> Maxin on Sept. 22, 2017

https://wiki.yoctoproject.org/wiki/Yocto_Build_Failure_Swat_Team


Key Status/Updates:

·YP 2.3.2 (pyro) is in progress and in QA about 57% complete.  See: 
https://wiki.yoctoproject.org/wiki/2.3_QA_Status

·YP 2.2.2 (morty) has been through QA but there were a number of issues 
raised. See: 
https://wiki.yoctoproject.org/wiki/WW37_-_2017-09-13_-_Full_Point_Release_Test_Cycle_2.2.2_rc2

·For 2.2.2, we are currently working on understanding the impact of one 
remaining issue in order to decide if it can be released, the issue concerns 
the presence of ptest packages in test images. There were a number of other 
issues raised or open, many of the open issues were resolved in 2.2.2 and have 
been closed, some other issues were due to confusion of testing morty compared 
with master (which has a different eSDK configuration).

·The rocko branches for 2.4 and the bitbake 1.36 branches have been 
created in preparation for the 2.4 release rc builds which are due soon.

·The branch name for the ‘2.5’ release is “sumo” 
(https://wiki.yoctoproject.org/wiki/Releases has been updated).

·For 2.4 we continue to have a number of concerning issues, 
particularly in pseudo but on other areas too. Patches are being worked upon, 
the patch backlog should be mostly under control at this point. Technically we 
are due the first 2.4 rc build today, reality is we need to fix several more 
issues before we do that. We have had some image size issues we’re struggling 
to pin down to a specific patch and that is holding up a number of patches 
whilst we bisect where the issues are.


Planned upcoming dot releases:

YP 2.2.2 Cut off June 5, 2017 - Pending release soon.

YP 2.2.2 Release by June, 16 2017

YP 2.3.2 Cut off Sept. 1, 2017 - In QA now.

YP 2.3.2 Release by Sept. 15, 2017


Key YP 2.4 Dates are:

YP 2.4 M4 (Final) Cut off is Sept. 18, 2017

YP 2.4 M4 (Final) Release by Oct. 20, 2017


Tracking Metrics:

WDD 2456 (last week 2540)

(https://wiki.yoctoproject.org/charts/combo.html)


Key Status Links for YP:

https://wiki.yoctoproject.org/wiki/Yocto_Project_v2.4_Status

https://wiki.yoctoproject.org/wiki/Yocto_2.4_Schedule

https://wiki.yoctoproject.org/wiki/Yocto_2.4_Features


[If anyone has suggestions for other information you’d like to see on this 
weekly status update, let us know!]


Thanks,

Stephen K. Jolley
Yocto Project Program Manager
INTEL, MS JF1-255, 2111 N.E. 25th Avenue, Hillsboro, OR 97124
•   Work Telephone:(503) 712-0534
•Cell:   (208) 244-4460
• Email:  stephen.k.jol...@intel.com

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] [meta-selinux][PATCH 04/21] libsemanage: uprev to 2.7 (20170804)

2017-09-18 Thread Mark Hatle 
On 9/18/17 2:48 AM, wenzong fan wrote:
> 
> 
> On 09/14/2017 09:33 PM, Mark Hatle wrote:
>> On 9/14/17 5:31 AM, wenzong fan wrote:
>>>
>>>
>>> On 09/14/2017 08:07 AM, Mark Hatle wrote:
 On 9/12/17 9:19 PM, Mark Hatle wrote:
> On 9/12/17 9:06 PM, wenzong fan wrote:
>> On 09/12/2017 06:59 PM, Chanho Park wrote:
>>> Hi,
>>>
>>> I can't apply this patch on top of the master branch. Which revision did
>>> you make the patches?
>>
>> Oops, that's my fault. I did a "sed -i -e 's/Subject: [/Subject:
>> [meta-selinux][/g' 00*" to add prefix for mail subjects, that also
>> changed the removed patch files in libsemanage.
>>
>> I'll send v2.
>>
>> Thanks
>> Wenzong
>
> I don't see the original set of patches in my archives.  When you rebase, 
> please
> rebase on top of mgh/master-next.

 My mailer finally loaded the original set.  I saw the same problems, but 
 was
 able to get them merged.

 I have updated 'mgh/master-next'.  Please verify the contents include all 
 of
 your changes.
>>>
>>> All my changes are there now.
>>>

 I tried to build a system and boot it, but it didn't work.  I'm guessing I
 forgot something simple, but I can't make master-next into master without
 knowing I can boot..  Any clue would be useful.  Thanks!


 My configuration is:

 bblayers.conf:

 oe-core (master) & meta-selinux (mgh/master-next)


 local.conf:

 IMAGE_FEATURES_append = " debug-tweaks ssh-server-openssh"

 DISTRO_FEATURES_append = " opengl x11 wayland acl xattr pam selinux"

 PREFERRED_PROVIDER_virtual/refpolicy = "refpolicy-mls"
 PREFERRED_VERSION_refpolicy-mls = "2.20170204"
>>>
>>> Above configs are OK, you can simply use:
>>>
>>> DISTRO = "poky-selinux"
>>> PREFERRED_VERSION_refpolicy-mls ?= "2.20170204"
>>
>> The DISTRO settings in meta-selinux are being removed (they are no longer in 
>> the
>> master-next branch).  Instead the user will be required to set the
>> DISTRO_FEATURE 'selinux' to enable the components.  (It is expected they will
>> also enable acl/xattr and pam.)
>>


 I ran QEMU using:


 runqemu qemux86 core-image-selinux ext4 nographic


>>>
>>> Please run QEMU with:
>>>
>>> $ runqemu qemux86 core-image-selinux ext4 nographic
>>> bootparams="selinux=1 enforcing=0"
>>
>>
>>

 Trying to login I get:

 qemux86 login: root
 [   23.960609] kauditd_printk_skb: 13 callbacks suppressed
 Cannot execute /bin/sh: Permission denied
 [   23.973922] audit: type=1400 audit(1505347190.805:29): avc:  denied  {
 execute } for  pid=671 comm="login" name="bash.bash" dev="vda" ino=8163
 scontext=system_u:system_r:local_login_t:s0-s15:c0.c1023
 tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=0
 [   23.975463] audit: type=1400 audit(1505347190.813:30): avc:  denied  {
 execute } for  pid=671 comm="login" name="bash.bash" dev="vda" ino=8163
 scontext=system_u:system_r:local_login_t:s0-s15:c0.c1023
 tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=0


>>>
>>> This should be blocked by refpolicy-mls, please boot with "selinux=1
>>> enforcing=0" to verify if SELinux tools work. For example:
>>
>> I would like to update the README file for the layer on how the user can
>> actually make a bootable system.  If this involves adding a user, that is 
>> fine.
>> But at present there is no way to login w/o turning off enforcing.  That 
>> seems
>> to defeat the purpose of enabling selinux in a design.
> 
> This is really an issue, I'll fix it.

The root login issue was fixed in a commit.  The above was due to 'bash.bash'
not having appropriate context specified in the refpolicies.

I also added to the README file.  If you have any additional suggestions or
changes, please let me know.

--Mark

> Thanks
> Wenzong
> 
>>
>> So any help you can give me for the documentation would be appreciated.
>>
>>> $ sestatus
>>
>> root@qemux86:~# sestatus
>> SELinux status: enabled
>> SELinuxfs mount:/sys/fs/selinux
>> SELinux root directory: /etc/selinux
>> Loaded policy name: mls
>> Current mode:   permissive
>> Mode from config file:  enforcing
>> Policy MLS status:  enabled
>> Policy deny_unknown status: allowed
>> Memory protection checking: requested (insecure)
>> Max kernel policy version:  30
>>
>>> OR:
>>> $ semanage login -l
>>
>> root@qemux86:~# semanage login -l
>>
>> Login Name   SELinux User MLS/MCS RangeService
>>
>> __default__  user_u   s0-s0*
>> root root s0-s15:c0.c1023  *
>>
>> (I followed the information below and enabled the python components.)
>>
>>> Actually this doesn't work since runtime dependencies, I commented off
>>> this

Re: [yocto] Perforce fetcher ignores module and label

2017-09-18 Thread Katu Txakur 
Hi Andrew,

I'm getting an error when I apply your patch. Do you now how can I work
around this?

user@pc:~/yocto/pyro/poky$ git fetch
user@pc:~/yocto/pyro/poky$ git reset
user@pc:~/yocto/pyro/poky$ git clean -fd
user@pc:~/yocto/pyro/poky$ git reset --hard
HEAD is now at b51b4f5 gawk: Enable native building
user@pc:~/yocto/pyro/poky$ git branch
* pyro
user@pc:~/yocto/pyro/poky$ git apply
../0001-Revert-w-modifications-bitbake-fetch2-perforce-Rewor.patch
../0001-Revert-w-modifications-bitbake-fetch2-perforce-Rewor.patch:28:
trailing whitespace.
  'DBUS_SESSION_BUS_ADDRESS']
../0001-Revert-w-modifications-bitbake-fetch2-perforce-Rewor.patch:41:
trailing whitespace.
BitBake 'Fetch' implementations
../0001-Revert-w-modifications-bitbake-fetch2-perforce-Rewor.patch:42:
trailing whitespace.

../0001-Revert-w-modifications-bitbake-fetch2-perforce-Rewor.patch:43:
trailing whitespace.
Classes for obtaining upstream sources for the
../0001-Revert-w-modifications-bitbake-fetch2-perforce-Rewor.patch:44:
trailing whitespace.
BitBake build tools.
error: patch failed: bitbake/lib/bb/fetch2/__init__.py:817
error: bitbake/lib/bb/fetch2/__init__.py: patch does not apply
error: patch failed: bitbake/lib/bb/fetch2/perforce.py:1
error: bitbake/lib/bb/fetch2/perforce.py: patch does not apply

Cheers,
Katu

2017-09-14 17:17 GMT+01:00 Andrew Bradford :

> Hi Katu,
>
> Sorry for my delay in responding.
>
> On 09/14 11:13, Katu Txakur wrote:
> > Have you had time to look at this? I tried to go back to the old perforce
> > fetcher but I got a license error and I couldn't work around it.
>
> On the pyro branch of poky, if you revert these two commits, in this
> order:
>
> 35081f55185a8a9804c21b16cd4600ba70646a10 "bitbake: bitbake-user-manual:
> Addeds support for the Perforce Fetcher"
> 40f3099e8ec5c6f3a8b7f3d0e90f1c65c388ee77 "base.bbclass: p4 fetcher
> supports srcrev"
>
> And then apply the patch attached, this should bring the pyro branch of
> poky back to how the old perforce fetcher worked.  I have tested having
> two different depot paths in a recipe SRC_URI and they both are fetched
> how I believe you want them to be, next to each other in WORKDIR.
>
> Just be aware, I believe this loses the ability to use
> SRC_REV="${AUTOREV}" to automatically find the newest changelist which
> my previous changes introduced.
>
> The format for SRC_URI that I tested was like:
>
> SRC_URI = "p4://username:password:server.hostname.example.com:1666@depot
> /path/to/directory/...;cset=178374"
>
> You should also be able to specify P4PORT to set the host and port
> number but you may then lose the ability to have the username and
> password (although I haven't tested this and don't remember how it used
> to work).  You should also be able to specify the P4DATE variable in
> your recipe to apply to all p4 fetches instead of using the "cset="
> parameter, and instead of using the "cset=" param you should also be
> able to specify a "revision=" for a single file or a "label=" for a
> label.  I've only tested using the "cset=" way as the others don't
> easily apply to how my team internally uses perforce, sorry.
>
> I think I understand how I could make the current perforce fetcher
> (without the above reverts or attached patch) do the multi-directory
> fetching that you want, but I don't personally want to do that in my
> workflow so I'm not going to spend a bunch of time implementing it now.
> But if you do implement it, I'd be happy to test patches for you.
>
> Thanks,
> Andrew
>
> > 2017-08-31 18:54 GMT+01:00 Andrew Bradford  >:
> >
> > > Hi Katu,
> > >
> > > On 08/28 17:43, Katu Txakur wrote:
> > > > Thanks for looking at this. See my recipe below. I've left the bits
> > > related
> > > > to systemd service but I don't think they matter for this. I'm using
> an
> > > old
> > > > implementation of Perforce (2010) in case this matters. I've tried
> going
> > > > back to the old perforce.py fetcher but I get a license error... do
> you
> > > > know if it would be easy to revert to the old version in my bitbake
> > > folder
> > > > until we make this work?
> > >
> > > Sorry, I've been swamped this week and haven't been able to look into
> > > this yet.  This coming weekend is a holiday weekend in the USA, too.
> > > But I plan to look at this early next week, hope that's OK.
> > >
> > > We should be able to create a patch series to revert my changes so you
> > > can go back to the old perforce fetcher.  It might also be worth
> > > investigating how to take the current perforce fetcher and enable some
> > > of the use cases that you have (but we can do this after we
> successfully
> > > revert).
> > >
> > > I'll try to send a patch to you next week for the reverting.
> > > Thanks,
> > > Andrew
> > >
> > > > DESCRIPTION = "Dummy recipe to fetch from Perforce"
> > > > SECTION = "PerforceRecipes"
> > > > LICENSE = "CLOSED"
> > > > PR = "r0"
> > > >
> > > > inherit cmake
> > >

Re: [yocto] Can't find Python oe package

2017-09-18 Thread Burton, Ross 
Aah. There was a very weird bug where py3 was dropping .pyc files around
that was upsetting py2.  The solution is not pretty and it only impacts
people who downgrade in a git repo.

A fresh clone should solve it, or do git clean -Xn to list files that git
is ignoring and can be deleted (just -X will delete) them.  I suspect
they'll be a load of .pyc files in meta/lib/oe/ and Py2 can't import them
(because this is another instance of where the py2/py3 migration was a
disaster).

Ross

On 18 September 2017 at 02:16, Paul D. DeRocco 
wrote:

> I thought this was a morty->pyro upgrade issue, but trying morty again, on
> a freshly installed Ubuntu system, didn't change anything. In
> meta/classes/patch.bbclass, patch_do_patch() is barfing when it tries to
> import oe.patch. I carefully reinstalled poky, meta-intel, and
> meta-openembedded from git, and I get this error, and a bunch more related
> to the oe package. The package is there, in poky/meta/lib/oe, so why isn't
> it being found? Am I supposed to have a non-empty PYTHONPATH somehow? What
> kind of misconfiguration could cause this? This worked on morty before I
> had to do a fresh Ubuntu install, so I doubt it's anything in my own
> simple layers.
>
> --
>
> Ciao,   Paul D. DeRocco
> Paulmailto:pdero...@ix.netcom.com
>
> --
> ___
> yocto mailing list
> yocto@yoctoproject.org
> https://lists.yoctoproject.org/listinfo/yocto
>
-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] [meta-selinux][PATCH 04/21] libsemanage: uprev to 2.7 (20170804)

2017-09-18 Thread wenzong fan 



On 09/14/2017 09:33 PM, Mark Hatle wrote:

On 9/14/17 5:31 AM, wenzong fan wrote:



On 09/14/2017 08:07 AM, Mark Hatle wrote:

On 9/12/17 9:19 PM, Mark Hatle wrote:

On 9/12/17 9:06 PM, wenzong fan wrote:

On 09/12/2017 06:59 PM, Chanho Park wrote:

Hi,

I can't apply this patch on top of the master branch. Which revision did
you make the patches?


Oops, that's my fault. I did a "sed -i -e 's/Subject: [/Subject:
[meta-selinux][/g' 00*" to add prefix for mail subjects, that also
changed the removed patch files in libsemanage.

I'll send v2.

Thanks
Wenzong


I don't see the original set of patches in my archives.  When you rebase, please
rebase on top of mgh/master-next.


My mailer finally loaded the original set.  I saw the same problems, but was
able to get them merged.

I have updated 'mgh/master-next'.  Please verify the contents include all of
your changes.


All my changes are there now.



I tried to build a system and boot it, but it didn't work.  I'm guessing I
forgot something simple, but I can't make master-next into master without
knowing I can boot..  Any clue would be useful.  Thanks!


My configuration is:

bblayers.conf:

oe-core (master) & meta-selinux (mgh/master-next)


local.conf:

IMAGE_FEATURES_append = " debug-tweaks ssh-server-openssh"

DISTRO_FEATURES_append = " opengl x11 wayland acl xattr pam selinux"

PREFERRED_PROVIDER_virtual/refpolicy = "refpolicy-mls"
PREFERRED_VERSION_refpolicy-mls = "2.20170204"


Above configs are OK, you can simply use:

DISTRO = "poky-selinux"
PREFERRED_VERSION_refpolicy-mls ?= "2.20170204"


The DISTRO settings in meta-selinux are being removed (they are no longer in the
master-next branch).  Instead the user will be required to set the
DISTRO_FEATURE 'selinux' to enable the components.  (It is expected they will
also enable acl/xattr and pam.)




I ran QEMU using:


runqemu qemux86 core-image-selinux ext4 nographic




Please run QEMU with:

$ runqemu qemux86 core-image-selinux ext4 nographic
bootparams="selinux=1 enforcing=0"






Trying to login I get:

qemux86 login: root
[   23.960609] kauditd_printk_skb: 13 callbacks suppressed
Cannot execute /bin/sh: Permission denied
[   23.973922] audit: type=1400 audit(1505347190.805:29): avc:  denied  {
execute } for  pid=671 comm="login" name="bash.bash" dev="vda" ino=8163
scontext=system_u:system_r:local_login_t:s0-s15:c0.c1023
tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=0
[   23.975463] audit: type=1400 audit(1505347190.813:30): avc:  denied  {
execute } for  pid=671 comm="login" name="bash.bash" dev="vda" ino=8163
scontext=system_u:system_r:local_login_t:s0-s15:c0.c1023
tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=0




This should be blocked by refpolicy-mls, please boot with "selinux=1
enforcing=0" to verify if SELinux tools work. For example:


I would like to update the README file for the layer on how the user can
actually make a bootable system.  If this involves adding a user, that is fine.
But at present there is no way to login w/o turning off enforcing.  That seems
to defeat the purpose of enabling selinux in a design.


This is really an issue, I'll fix it.

Thanks
Wenzong



So any help you can give me for the documentation would be appreciated.


$ sestatus


root@qemux86:~# sestatus
SELinux status: enabled
SELinuxfs mount:/sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: mls
Current mode:   permissive
Mode from config file:  enforcing
Policy MLS status:  enabled
Policy deny_unknown status: allowed
Memory protection checking: requested (insecure)
Max kernel policy version:  30


OR:
$ semanage login -l


root@qemux86:~# semanage login -l

Login Name   SELinux User MLS/MCS RangeService

__default__  user_u   s0-s0*
root root s0-s15:c0.c1023  *

(I followed the information below and enabled the python components.)


Actually this doesn't work since runtime dependencies, I commented off
this from setools_4.1.1.bb:

# TODO: depends on meta-python, disable the RDEPENDS for now:
# RDEPENDS_${PN} += "python-networkx python-enum34 python-decorator
python-setuptools"

For community, we need to discuss if we can get meta-selinux depend on
meta-python by default? Or just get users to do that?


Yes, we can add a requirement for meta-python.  I just need to clearly document
in the commit message why it is there.

I will work to update the mgh/master-next with the meta-python items and some of
the information above...

--Mark


Thanks
Wenzong




--Mark








--
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-cgl][PATCH] libwww-perl: Add HOMEPAGE info into recipe file.

2017-09-18 Thread Huang Qiyu 
Signed-off-by: Huang Qiyu 
---
 meta-cgl-common/recipes-perl/perl/libwww-perl_6.05.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta-cgl-common/recipes-perl/perl/libwww-perl_6.05.bb 
b/meta-cgl-common/recipes-perl/perl/libwww-perl_6.05.bb
index b365948..4d17b3a 100644
--- a/meta-cgl-common/recipes-perl/perl/libwww-perl_6.05.bb
+++ b/meta-cgl-common/recipes-perl/perl/libwww-perl_6.05.bb
@@ -1,4 +1,5 @@
 DESCRIPTION = "libwww-perl provides a simple and consistent API to the World 
Wide Web"
+HOMEPAGE = "http://search.cpan.org/dist/libwww-perl/;
 SECTION = "libs"
 LICENSE = "GPLv2"
 LIC_FILES_CHKSUM = 
"file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690"
-- 
2.7.4



-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-cgl][PATCH] libhtml-tagset-perl: Add HOMEPAGE info into recipe file.

2017-09-18 Thread Huang Qiyu 
Signed-off-by: Huang Qiyu 
---
 meta-cgl-common/recipes-perl/perl/libhtml-tagset-perl_3.20.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta-cgl-common/recipes-perl/perl/libhtml-tagset-perl_3.20.bb 
b/meta-cgl-common/recipes-perl/perl/libhtml-tagset-perl_3.20.bb
index 1964c52..2924553 100644
--- a/meta-cgl-common/recipes-perl/perl/libhtml-tagset-perl_3.20.bb
+++ b/meta-cgl-common/recipes-perl/perl/libhtml-tagset-perl_3.20.bb
@@ -1,4 +1,5 @@
 DESCRIPTION = "HTML Tagset bits."
+HOMEPAGE = "http://search.cpan.org/dist/HTML-Tagset/;
 SECTION = "libs"
 LICENSE = "GPLv2"
 LIC_FILES_CHKSUM = 
"file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690"
-- 
2.7.4



-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-cgl][PATCH] libsocket6-perl: Add HOMEPAGE info into recipe file.

2017-09-18 Thread Huang Qiyu 
Signed-off-by: Huang Qiyu 
---
 meta-cgl-common/recipes-perl/perl/libsocket6-perl_0.23.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta-cgl-common/recipes-perl/perl/libsocket6-perl_0.23.bb 
b/meta-cgl-common/recipes-perl/perl/libsocket6-perl_0.23.bb
index 5adfd9c..98f8c48 100644
--- a/meta-cgl-common/recipes-perl/perl/libsocket6-perl_0.23.bb
+++ b/meta-cgl-common/recipes-perl/perl/libsocket6-perl_0.23.bb
@@ -1,4 +1,5 @@
 DESCRIPTION = "Perl extensions for IPv6"
+HOMEPAGE = "https://metacpan.org/release/Socket6;
 SECTION = "libs"
 LICENSE = "GPLv2"
 LIC_FILES_CHKSUM = 
"file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690"
-- 
2.7.4



-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-cgl][PATCH] libmailtools: Add HOMEPAGE info into recipe file.

2017-09-18 Thread Huang Qiyu 
Signed-off-by: Huang Qiyu 
---
 meta-cgl-common/recipes-perl/perl/libmailtools-perl_2.18.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta-cgl-common/recipes-perl/perl/libmailtools-perl_2.18.bb 
b/meta-cgl-common/recipes-perl/perl/libmailtools-perl_2.18.bb
index 7afcb05..5a9ef84 100644
--- a/meta-cgl-common/recipes-perl/perl/libmailtools-perl_2.18.bb
+++ b/meta-cgl-common/recipes-perl/perl/libmailtools-perl_2.18.bb
@@ -1,4 +1,5 @@
 DESCRIPTION = "MailTools is a set of Perl modules related to mail applications"
+HOMEPAGE = "http://search.cpan.org/dist/MailTools/;
 SECTION = "libs"
 LICENSE = "GPLv2"
 LIC_FILES_CHKSUM = 
"file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690"
-- 
2.7.4



-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto