Re: [yocto] Reducing the perl footprint on my image

On Tue, 2021-03-02 at 20:42 +, Diego Santa Cruz via lists.yoctoproject.org wrote: > > -Original Message- > > From: yocto@lists.yoctoproject.org On > > Behalf Of Steve Sakoman via lists.yoctoproject.org > > Sent: 02 March 2021 21:06 > > To: Steve Sakoman > > Cc:

[yocto] [meta-rockchip][PATCH] tinker board: refactor machine config

Create a common conf/machine/include/tinker.inc and re-spin - conf/machine/tinker-board.conf - conf/machine-tinker-board-s.conf to just contain the differences. Signed-off-by: Trevor Woerner --- conf/machine/include/tinker.inc | 15 +++ conf/machine/tinker-board-s.conf | 16

[yocto] [meta-rockchip][PATCH] COMPATIBLE_MACHINE cleanup

The COMPATIBLE_MACHINE strings were getting unwieldy, so switch to the MACHINEOVERRIDE notation so they're neater. Signed-off-by: Trevor Woerner --- recipes-kernel/linux/linux-stable-bleeding_5.11.bb | 2 +- recipes-kernel/linux/linux-yocto-dev.bbappend | 9 -

Re: [yocto] Reducing the perl footprint on my image

> -Original Message- > From: yocto@lists.yoctoproject.org On > Behalf Of Steve Sakoman via lists.yoctoproject.org > Sent: 02 March 2021 21:06 > To: Steve Sakoman > Cc: rustyhow...@gmail.com; Yocto (yocto@lists.yoctoproject.org) > > Subject: Re: [yocto] Reducing the perl footprint on my

[yocto] #yocto #sdk

I still appear to be having an issue with the SXT SDK install... Building for zeus/x86_64 Intel based platform... I build my kernel image clean, fully functional... Standard SDK builds clean and appears functional... Ext SDK builds clean, but on install I am still seeing Error below... (1)

Re: [yocto] Reducing the perl footprint on my image

On Tue, Mar 2, 2021 at 10:01 AM Steve Sakoman via lists.yoctoproject.org wrote: > > On Tue, Mar 2, 2021 at 6:26 AM wrote: > > > > I have an image that is using debian package management (PACKAGE_CLASSES = > > "package_deb"). Because apt and dpkg require perl, perl is being installed > > in

Re: [yocto] Reducing the perl footprint on my image

On Tue, Mar 2, 2021 at 6:26 AM wrote: > > I have an image that is using debian package management (PACKAGE_CLASSES = > "package_deb"). Because apt and dpkg require perl, perl is being installed > in the image. No problem. Except that the entire perl stack is 669 > packages. I just took a

[yocto] [meta-security][dunfell][PATCH 4/9] initramfs-framework-ima: RDEPENDS on ima-evm-keys

From: Ming Liu Signed-off-by: Ming Liu Signed-off-by: Armin Kuster --- .../recipes-core/initrdscripts/initramfs-framework-ima.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb

[yocto] [meta-security][dunfell][PATCH 2/9] initramfs-framework-ima: fix a wrong path

From: Ming Liu /etc/ima-policy > /etc/ima/ima-policy. Signed-off-by: Ming Liu Signed-off-by: Armin Kuster --- .../recipes-core/initrdscripts/initramfs-framework-ima/ima | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git

[yocto] [meta-security][dunfell][PATCH 0/9] Some IMA/EVM fixes to dunfell branch

From: Ming Liu Cherry pick some IMA/EVM fixes to LTS dunfell branch, with these patches applied, I could run a ima enabled image with sysvinit/systemd on qemuarm/qemuarm64 and some NXP machines. Ming Liu (9): ima-evm-utils: set native REQUIRED_DISTRO_FEATURES to empty

[yocto] [meta-security][dunfell][PATCH 3/9] ima-evm-keys: add recipe

From: Ming Liu Create a recipe to package IMA/EMV public keys. Signed-off-by: Ming Liu Signed-off-by: Armin Kuster --- .../ima-evm-keys/ima-evm-keys_1.0.bb | 16 1 file changed, 16 insertions(+) create mode 100644

[yocto] [meta-security][dunfell][PATCH 8/9] ima-evm-rootfs.bbclass: avoid generating /etc/fstab for wic

From: Ming Liu Or else wic will fail without "--no-fstab-update" option. Signed-off-by: Ming Liu Signed-off-by: Armin Kuster --- meta-integrity/classes/ima-evm-rootfs.bbclass | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta-integrity/classes/ima-evm-rootfs.bbclass

[yocto] [meta-security][dunfell][PATCH 5/9] meta: refactor IMA/EVM sign rootfs

From: Ming Liu The current logic in ima-evm-rootfs.bbclass does not guarantee ima_evm_sign_rootfs is the last function in IMAGE_PREPROCESS_COMMAND by appending to it, for instance, if there are other "_append" being used as it's the case in openembedded-core/meta/classes/image.bbclass: |

[yocto] Reducing the perl footprint on my image

I have an image that is using debian package management  (PACKAGE_CLASSES = "package_deb").  Because apt and dpkg require perl, perl is being installed in the image.   No problem.  Except that the entire perl stack is 669 packages. Most of the packages are super tiny and are probably not needed

[yocto] Yocto Project Status WW09`21

Current Dev Position: YP 3.3 Feature Freeze Next Deadline: 1st March 2021 YP 3.3 M3 build Next Team Meetings: * Bug Triage meeting Thursday Mar. 4th at 7:30am PDT (

[yocto] [meta-security][dunfell][PATCH 7/9] initramfs-framework-ima: let ima_enabled return 0

From: Ming Liu Otherwise, ima script would not run as intended. Signed-off-by: Ming Liu Signed-off-by: Armin Kuster --- .../recipes-core/initrdscripts/initramfs-framework-ima/ima | 1 + 1 file changed, 1 insertion(+) diff --git

[yocto] [meta-security][dunfell][PATCH 9/9] ima-policy-hashed: add CGROUP2_SUPER_MAGIC fsmagic

From: Ming Liu This fixes following systemd boot issues: [7.455580] systemd[1]: Failed to create /init.scope control group: Permission denied [7.457677] systemd[1]: Failed to allocate manager object: Permission denied [!!] Failed to allocate manager object. [7.459270]

[yocto] [meta-selinux][PATCH 4/7] audit: upgrade 3.0 -> 3.0.1

Drop backported patch: 0001-lib-arm_table.h-update-arm-syscall-table.patch Signed-off-by: Yi Zhao --- ...arm_table.h-update-arm-syscall-table.patch | 49 --- .../audit/{audit_3.0.bb => audit_3.0.1.bb}| 3 +- 2 files changed, 1 insertion(+), 51 deletions(-) delete mode

[yocto] [meta-selinux][PATCH 6/7] initscripts: restore security contexts after running populate-volatile.sh

Some directories are created by populate-volatile.sh. We need to restore their security contexts. Before the patch: $ ls -dZ /tmp /var/tmp /var/lock /var/run system_u:object_r:root_t /tmp system_u:object_r:var_t /var/lock system_u:object_r:var_t /var/run system_u:object_r:var_t /var/tmp After

[yocto] [meta-selinux][PATCH 5/7] packagegroup-core-selinux: add auditd

Install auditd which will help the users debug and eliminate the audit logs on screen. Signed-off-by: Yi Zhao --- recipes-security/packagegroups/packagegroup-core-selinux.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/recipes-security/packagegroups/packagegroup-core-selinux.bb

[yocto] [meta-selinux][PATCH 3/7] audit: move audisp-* to audispd-plugins package

The audisp-* files should be in audispd-plugins package rather than auditd package. Signed-off-by: Yi Zhao --- recipes-security/audit/audit_3.0.bb | 14 ++ 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/recipes-security/audit/audit_3.0.bb

[yocto] [meta-selinux][PATCH 2/7] parted: remove bbappend

Remove bbappend since parted 3.4 has removed the enable_selinux configure option[1]. Fixes: QA Issue: parted: configure was passed unrecognised options: --enable-selinux [unknown-configure-option] [1]

[yocto] [meta-selinux][PATCH 1/7] selinux-python: depend on libselinux

Fix build error when selinux feature is not enabled: sepolgen-ifgen-attr-helper.c:29:10: fatal error: selinux/selinux.h: No such file or directory 29 | #include | ^~~ Signed-off-by: Yi Zhao --- recipes-security/selinux/selinux-python.inc | 2 +- 1 file

[yocto] [meta-selinux][PATCH 0/7] selinux: upgrade refpolicy

Upgrade refpolicy from 20200229+git to 20210203+git Yi Zhao (7): selinux-python: depend on libselinux parted: remove bbappend audit: move audisp-* to audispd-plugins package audit: upgrade 3.0 -> 3.0.1 packagegroup-core-selinux: add auditd initscripts: restore security contexts after