Re: [Yocto-bsp] PHP in Yocto using Apache2

[GN Keshava]

Sorry, I don't know why, but the mail I had sent on 31st Jan is being
activated now! Anyways, thanks for reply, I had solved this successfully.
If anyone faces this problem in future can mail me, I can assist.

On Thu, 2 Aug 2018 at 04:28 Kosta Zertsekel  wrote:

> >> There is some accidental bug in Krogoth PHP git code - in php.inc.
> >> Tried using master git code changes from this. Not working.
> >> Please suggest any other changes I need to do.
> I suggest to do the whole thing first (adding Apache **and** PHP) using
> Yocto 2.5 (Sumo).
> When it works in Yocto 2.5 you have a reference!
> Then you can find the fixes and port them back to Yocto Krogoth...
>
> --- Kosta Z.
>
-- 
___
yocto-bsp mailing list
yocto-bsp@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto-bsp

[yocto] Cannot use any TEST_TARGET besides simpleremote or qemu

[Paulo Neves]

Hello

I am trying to create my own test controller. After copy pasting and
adapting the skeleton from BeagleBoneTarget to
$MYLAYER/lib/oeqa/controllers I set the appropriate TEST_TARGET.

When I run the testimage task I always have errors like in [1]. The
actual keyword that is unexpected changes from invocation to
invocation. There was a similar error previously reported in this
mailing list but the presented solution was to actually stop using the
TEST_TARGET variable, which is not applicable.

I have tried setting TEST_TARGET to any of the proposed options in the
manual [2] and the same unhelping error shows. I know that some of
that these controller targets, are not appropriate for my target
(odroid [cortex-arm15]), but the errors seems to not be related to any
functionality or these boards.

I have analyzed and cannot really understand also how all the example
targets classes have a constructor which takes the d variable, while
the context.py call has some more variables including a dictionary,
kwargs, which does not actually have the d variable.

I am not interested in anything qemu in this case.


[1] Exception: TypeError: __init__() got an unexpected keyword
argument 'boottime'
[2] 
https://www.yoctoproject.org/docs/2.1/mega-manual/mega-manual.html#var-TEST_TARGET

Paulo Neves
-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [Yocto-bsp] PHP in Yocto using Apache2

[Kosta Zertsekel]

>> There is some accidental bug in Krogoth PHP git code - in php.inc.
>> Tried using master git code changes from this. Not working.
>> Please suggest any other changes I need to do.
I suggest to do the whole thing first (adding Apache **and** PHP) using
Yocto 2.5 (Sumo).
When it works in Yocto 2.5 you have a reference!
Then you can find the fixes and port them back to Yocto Krogoth...

--- Kosta Z.
-- 
___
yocto-bsp mailing list
yocto-bsp@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto-bsp

Re: [yocto] Error Report Tool Purge

[Michael Halstead]

Currently the database is 26GB. I'm going to start purging un-visited
reports older than 180 days today. I see some good suggestions in this
thread. Khem, would you open an enhancement request describing the counts
you are interested in preserving?

On Thu, Jul 19, 2018 at 11:08 PM Martin Jansa 
wrote:

> OK, so it's only visited links, not linked from ML or wiki or whatever,
> right?
>
> How huge the database is? I've checked our internal instance and on
> relatively slow VM we have:
> 47 472 724 Post_buildstatstask
> 2 715 091 Post_build
> 559 655 Post_buildfailure
>
> we use postgresql, the db currently has 20GB, which is quite big for VM
> with 10GB RAM and 12 E5-2699 cores so it's slow as well, but not terribly
> slow, individual builds or build-failures are really fast, there are some
> bad queries in django which are terrible, but we're not using those usually.
>
> Cheers,
>
>
> On Thu, Jul 19, 2018 at 9:01 PM Brindle, Amanda R <
> amanda.r.brin...@intel.com> wrote:
>
>> Every time a specific report is visited (with the end of the URL being
>> /Errors/Details/), we are tracking if the referrer is another website,
>> the reporting tool itself, or unknown. If the referrer is another website
>> or unknown, then we won’t delete it.
>>
>>
>>
>> The purge script does not look at links to whole builds, so as it is
>> right now, those would get deleted. If it’s common to link to whole builds,
>> though, I can add something to the script to save reports from a visited or
>> linked build.
>>
>>
>>
>> -Amanda Brindle
>>
>>
>>
>> *From:* Martin Jansa [mailto:martin.ja...@gmail.com]
>> *Sent:* Thursday, July 19, 2018 11:38 AM
>> *To:* Brindle, Amanda R 
>> *Cc:* Yocto Project 
>> *Subject:* Re: [yocto] Error Report Tool Purge
>>
>>
>>
>> I'm just curious, how are you tracking which reports were viewed or
>> linked to (and linked from where)? I often use a link to
>> http://errors.yoctoproject.org in the mailing list or the recipes/commit
>> message instead of copy pasting whole build error, because it already
>> shortens the build paths and shows useful additional information about the
>> error.
>>
>>
>>
>> The links to whole builds on http://errors.yoctoproject.org were also
>> often linked from "bitbake world status" e-mails and wiki like:
>>
>> https://www.openembedded.org/wiki/Bitbake_World_Status_Rocko
>>
>> and on many of them nobody clicked yet - should I expect that these will
>> mostly get broken?
>>
>>
>>
>> Regards
>>
>>
>>
>>
>>
>>
>>
>> On Thu, Jul 19, 2018 at 8:30 PM Brindle, Amanda R <
>> amanda.r.brin...@intel.com> wrote:
>>
>> Hello,
>>
>>
>>
>> The Error Reporting Tool’s database (
>> http://errors.yoctoproject.org/Errors/Latest/Autobuilder/)  has grown to
>> a huge size, and this is affecting the performance of the application. We
>> are planning to run a purge to get rid of reports that we don’t need. We
>> will keep reports from the last thirty days, as well as reports that have
>> been viewed or linked to. If you have a specific report that you don’t want
>> purged, please let me know by the end of the month.
>>
>>
>>
>> Amanda Brindle, Software Engineer
>>
>> 503-264-3970
>>
>> amanda.r.brin...@intel.com
>>
>>
>>
>> --
>> ___
>> yocto mailing list
>> yocto@yoctoproject.org
>> https://lists.yoctoproject.org/listinfo/yocto
>>
>> --
> ___
> yocto mailing list
> yocto@yoctoproject.org
> https://lists.yoctoproject.org/listinfo/yocto
>
-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] Using FreeRADIUS on Yocto?

[Nicolas Dechesne]

hi,

assuming you are referring to freeradius.org, it looks like this project is
already integrated into meta-openembedded recipes layer, it was added about
one year ago. While this layer is not part of the default Yocto Project
releases (Poky), it is generally straight forward to add new layers into
the build configuration and benefits from additional recipes/features.

See:
http://layers.openembedded.org/layerindex/recipe/67407/
http://cgit.openembedded.org/meta-openembedded/tree/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.17.bb

cheers
nicolas


On Wed, Aug 1, 2018 at 5:20 PM Anandpura, Shuchi [US] (AS) <
shuchi.anandp...@ngc.com> wrote:

> Hi everyone!
>
>
>
> I couldn’t find this too easily on the internet, but I was wondering if
> Yocto supports freeRADIUS. I know that Xilinx does not, but I have never
> used Yocto (or even heard of it pretty recently), so I’m not fully aware of
> its capabilities and limitations.
>
>
>
> If anybody has any insight on this, could you please let me know? I
> apologize if this is the wrong mailing list for this.
>
>
>
> Thank you so much!
>
>
>
> *Shuchi Anandpura*
>
> shuchi.anandp...@ngc.com
>
>
> --
> ___
> yocto mailing list
> yocto@yoctoproject.org
> https://lists.yoctoproject.org/listinfo/yocto
>
-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[Yocto-bsp] PHP in Yocto using Apache2

[GN Keshava]

I'm working on Yocto Krogoth for iMX6.

I have successfully added Apache2 and able to access HTML page.

But I want to get and process user input from HTML. From what I understand
I need PHP for this.

But in my Yocto, I'm not able to add PHP. Below is what I tried:

Added these to local.conf:

 PACKAGECONFIG_append_pn-php = " apache2"

 IMAGE_INSTALL_append = " apache2 php php-cli php-modphp"
Tried modifying php.inc according to few answers on net.

There is some accidental bug in Krogoth PHP git code - in php.inc. Tried
using master git code changes from this. Not working. Please suggest any
other changes I need to do.

Tried removing IfDefine PHP5 from php.inc. This makes Apache2 to fail to
load. Seems like there's some dependency. Please suggest.
-- 
___
yocto-bsp mailing list
yocto-bsp@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto-bsp

[yocto] Using FreeRADIUS on Yocto?

[Anandpura, Shuchi [US] (AS)]

Hi everyone!

I couldn't find this too easily on the internet, but I was wondering if Yocto 
supports freeRADIUS. I know that Xilinx does not, but I have never used Yocto 
(or even heard of it pretty recently), so I'm not fully aware of its 
capabilities and limitations.

If anybody has any insight on this, could you please let me know? I apologize 
if this is the wrong mailing list for this.

Thank you so much!

Shuchi Anandpura
shuchi.anandp...@ngc.com

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] SDK and out of tree modules

[RUSSELL PETERSON]

I have started looking at this more closely and I have a few questions. Hope 
someone knows or has seen these issues before.

1. When running create_filtered task list I see failures. This is mainly due to 
the fact that the sdkbasepath getting renamed to tmp-renamed-sdk fails. I have 
bypassed this to get around it but it seems like it should work. Renaming 
<...>/sdk-ext/image/opt/poky/2.4.1 to <...>sdk-ext/image/tmp-renamed-sdk 
doesn't seem to work.

2. Understanding the sstate-cache took some time but I think I understand the 
basic idea now. The problem I was seeing relates to the fact that my build 
directory and my temp directory are on different disks. Hence, when I delete 
the build directory, the cache gets deleted. I would think that making 
core-image-full again would regenerate the sstate-cache but it does not. The 
only way I see the sstate-cache regenerated is by deleting the tmp directory 
completely and starting over. Without the cache, building the sdk-ext fails 
with about 5000 "should have been setscened" errors. As the ext sdk clearly has 
a dependency there... why isn't the state cache re-created?? Probably just 
don't quite understand state yet, I guess.

3. Finally, I have the ext sdk built... tried to install it... failed with an 
error telling me TMPDIR has changed and I need to rebuild or change it back. I 
assume this is related to me setting TMPDIR in the original local.conf? Anyone 
else see this? Seems like unless TMPDIR is set to the default (TOPDIR/tmp) the 
SDK won't work??

Regards,

Russell

> On July 25, 2018 at 9:01 AM RUSSELL PETERSON  wrote:
>
>
> So, this seems broken to me. I managed to get around this issue 
> (sstate-control/manifest-allarch-kernel-devsrc.populate_sysroot not found?) 
> by appending PACKAGE_EXTRA_ARCHS with the MACHINE_ARCH for my bsp. While 
> PACKAGE_ARCHS now has a duplicate in it (it already includes MACHINE_ARCH as 
> well as PACKAGE_EXTRA_ARCH), the python code in staging_populate_sysroot 
> seems to require this or it looks for the wrong manifest file.
>
> Also, when building the eSDK, dnf seems very confused about what packages are 
> compatible. It's looking for my SoC arch packages... but then won't accept 
> aarch64 as being compatible. I needed to set:
>
> ALL_MULTILIB_PACKAGE_ARCHS =+ " ${PACKAGE_EXTRA_ARCHS_tune-${DEFAULTTUNE}}"
>
> to get /etc/dnf/vars/arch to update correctly. This is a bit tedious. I'm now 
> having a similar issue because dnf doesn't seem to like an arch of 
> x86_64-nativesdk. Do I update ALL_MULTILIB_PACKAGE_ARCHS again?? Ug.
>
> --Russ
>
>
> > On July 24, 2018 at 8:36 AM RUSSELL PETERSON  wrote:
> >
> >
> > I am running Poky Rocko at the HEAD (just updated yesterday) and see the 
> > following when I attempt to build the eSDK:
> >
> > sstate-control/manifest-allarch-kernel-devsrc.populate_sysroot not found?
> >
> > I see this has been an issue with others as well. It looks like Paul had a 
> > fix around April but then the trail went silent so I'm not sure if there 
> > was a fix or if that fix went into Rocko. Anyone?
> >
> > --Russ
> >
> > > On July 21, 2018 at 4:42 PM Russell Peterson  
> > > wrote:
> > >
> > >
> > > No, just the standard SDK. I was having issues building the eSDK back 
> > > when we used pyro and never fully figured it out… but we have since 
> > > upgraded to rocko. I should revisit the eSDK and see if it works for me 
> > > now or find the root cause since it sounds useful.
> > >
> > > Thanks, Khem.
> > >
> > > —Russ
> > >
> > >
> > > > On Jul 21, 2018, at 1:34 PM, Khem Raj  wrote:
> > > >
> > > > On Sat, Jul 21, 2018 at 6:20 AM Russell Peterson 
> > > >  wrote:
> > > >>
> > > >> Hello,
> > > >>
> > > >> I have been building some modules using the SDK for a while now. This 
> > > >> is mostly for development flow purposes but we have had a few 
> > > >> customers doing this as well. To get this to work we always need to 
> > > >> run “make silentoldconfig scripts” inside the RFS of the SDK on the 
> > > >> build host. Many folks forget to do this this and thus many, many 
> > > >> questions come my way about the SDK being broken and they can’t build 
> > > >> their modules (not all users are kernel experts or even intermediates… 
> > > >> they just want to apply a patch and quickly move on to their app). Is 
> > > >> there a way to do this auto-magically during the installation of the 
> > > >> SDK by adding some type of scripts etc… to the recipe? I assume it 
> > > >> needs to be done at install time since while the build host is x86… 
> > > >> the exact linux distro is not known until then (or does that matter?).
> > > >>
> > > >
> > > > are you using extensible SDK ? in that case I think do_make_scripts
> > > > from module-base.bbclass should be helpful
> > > >
> > > >> —Russ
> > > >>
> > > >> --
> > > >> ___
> > > >> yocto mailing list
> > > >> yocto@yoctoproject.org
> > > >> https://lists.yoctoproject.org/listinfo/yocto
> > >
> > > --

Re: [yocto] Is there any way to remove some package frome IMAGE_INSTALL conditionally in local.conf?

[ChenQi]

IMAGE_INSTALL_remove = "${@'package1 package2' if TCLIBC == 'glibc' else 
''}"

This only removes packages from IMAGE_INSTALL variable.
So if packages are not removed, you may want to use PACKAGE_EXCLUDE to 
replace IMAGE_INSTALL_remove above.


Best Regards,
Chen Qi

On 08/01/2018 06:11 PM, tugouxp wrote:

hi folks:

   i meet an problem that need keep TCLIBC both work in "musl" and 
"glibc" environment , but a user-defined package cant work with 
"glibc", so i need to remote them in the "IMAGE_INSTALL" variable,
but i don`t want to offer a seperate "image*.bb" files for this reason 
because it may be cause the customer misunderstand, so i have a 
thought to judge the "TCLIBC" and do the remove operation during 
bitbake runtime in local.conf

like this in local.conf

  if TCLIBC == glibc
  IMAGE_INSTALL_remove="package1 package2"
 else
 do nothing
  endif

so, how the above pseudo code be implemented in bitbake config files?
thanks for your support.







-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] Is there any way to remove some package frome IMAGE_INSTALL conditionally in local.conf?

[tugouxp]

hi folks:


   i meet an problem that need keep TCLIBC both work in "musl" and "glibc" 
environment , but a user-defined package cant work with "glibc", so i need to 
remote them in the "IMAGE_INSTALL" variable,
but i don`t want to offer a seperate "image*.bb" files for this reason because 
it may be cause the customer misunderstand, so i have a thought to judge the 
"TCLIBC" and do the remove operation during bitbake runtime in local.conf
like this in local.conf


  if TCLIBC == glibc
  IMAGE_INSTALL_remove="package1 package2"

 else
 do nothing
  endif


so, how the above pseudo code be implemented in bitbake config files?
thanks for your support.-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-security][PATCH 08/10] suricata: install and package rules

[Koen Kooi]

This fixes the following warning during startup:

  suricata[22707]: 31/7/2018 -- 13:34:40 -  - [ERRCODE: 
SC_ERR_NO_RULES_LOADED(43)] - 47 rule files specified, but no rule was loaded 
at all!

Signed-off-by: Koen Kooi 
---
 recipes-security/suricata/suricata_4.0.0.bb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/recipes-security/suricata/suricata_4.0.0.bb 
b/recipes-security/suricata/suricata_4.0.0.bb
index 928cb07..df5621b 100644
--- a/recipes-security/suricata/suricata_4.0.0.bb
+++ b/recipes-security/suricata/suricata_4.0.0.bb
@@ -40,6 +40,9 @@ PACKAGECONFIG[python] = "--enable-python, --disable-python, 
python, python"
 export logdir = "${localstatedir}/log"
 
 do_install_append () {
+
+oe_runmake install-rules DESTDIR=${D}
+
 install -d ${D}${sysconfdir}/suricata
 install -d ${D}${sysconfdir}/suricata ${D}${sysconfdir}/default/volatiles
 install -m 644 classification.config ${D}${sysconfdir}/suricata
-- 
2.9.5

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-security][PATCH 10/10] suricata: rename ${PN}-python to ${PN}-socketcontrol

[Koen Kooi]

This describes the content a lot better. RDEPENDS are still missing, so it's 
still as non-working as before :/

Signed-off-by: Koen Kooi 
---
 recipes-security/suricata/suricata_4.0.0.bb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/recipes-security/suricata/suricata_4.0.0.bb 
b/recipes-security/suricata/suricata_4.0.0.bb
index 8ea1486..6efa351 100644
--- a/recipes-security/suricata/suricata_4.0.0.bb
+++ b/recipes-security/suricata/suricata_4.0.0.bb
@@ -73,9 +73,9 @@ fi
 
 SYSTEMD_PACKAGES = "${PN}"
 
-PACKAGES =+ "${PN}-python"
+PACKAGES =+ "${PN}-socketcontrol"
 FILES_${PN} += "${logdir}/suricata ${systemd_unitdir}"
-FILES_${PN}-python = "${bindir}/suricatasc ${PYTHON_SITEPACKAGES_DIR}"
+FILES_${PN}-socketcontrol = "${bindir}/suricatasc ${PYTHON_SITEPACKAGES_DIR}"
 
 CONFFILES_${PN} = "${sysconfdir}/suricata/suricata.yaml"
 
-- 
2.9.5

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-security][PATCH 09/10] suricata: install and package threshold.config

[Koen Kooi]

This fixes the following warning during startup:

  suricata[24522]: 31/7/2018 -- 13:47:15 -  - [ERRCODE: 
SC_ERR_FOPEN(44)] - Error opening file: "/etc/suricata//threshold.config": No 
such file or directory

Signed-off-by: Koen Kooi 
---
 recipes-security/suricata/suricata_4.0.0.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/recipes-security/suricata/suricata_4.0.0.bb 
b/recipes-security/suricata/suricata_4.0.0.bb
index df5621b..8ea1486 100644
--- a/recipes-security/suricata/suricata_4.0.0.bb
+++ b/recipes-security/suricata/suricata_4.0.0.bb
@@ -50,6 +50,8 @@ do_install_append () {
 install -m 644 ${WORKDIR}/suricata.yaml ${D}${sysconfdir}/suricata
 install -m 0644 ${WORKDIR}/volatiles.03_suricata  
${D}${sysconfdir}/default/volatiles/volatiles.03_suricata
 
+install -m 0644 ${S}/threshold.config ${D}${sysconfdir}/suricata
+
 install -d ${D}${logdir}/suricata
 
 install -d ${D}${systemd_unitdir}/system
-- 
2.9.5

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-security][PATCH 07/10] suricata: enable syslog output

[Koen Kooi]

This fixes the following error preventing startup in daemon mode:

  suricata[20485]: 31/7/2018 -- 13:19:48 -  - [ERRCODE: 
SC_ERR_MISSING_CONFIG_PARAM(118)] - NO logging compatible with daemon mode 
selected, suricata won't be able to log. Please update  'logging.outputs'

Signed-off-by: Koen Kooi 
---
 recipes-security/suricata/files/suricata.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-security/suricata/files/suricata.yaml 
b/recipes-security/suricata/files/suricata.yaml
index 90417b0..8d06a27 100644
--- a/recipes-security/suricata/files/suricata.yaml
+++ b/recipes-security/suricata/files/suricata.yaml
@@ -787,7 +787,7 @@ logging:
   enabled: no
   filename: /var/log/suricata.log
   - syslog:
-  enabled: no
+  enabled: yes
   facility: local5
   format: "[%i] <%d> -- "
 
-- 
2.9.5

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-security][PATCH 06/10] suricate: create and package logdir

[Koen Kooi]

This fixes the following error preventing startup:

  suricata[18771]: 31/7/2018 -- 13:08:21 -  - [ERRCODE: 
SC_ERR_LOGDIR_CONFIG(116)] - The logging directory "/var/log/suricata/" 
supplied by /etc/suricata/suricata.yaml (default-log-dir) doesn't exist. Shut>

Signed-off-by: Koen Kooi 
---
 recipes-security/suricata/suricata_4.0.0.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/recipes-security/suricata/suricata_4.0.0.bb 
b/recipes-security/suricata/suricata_4.0.0.bb
index 91136bf..928cb07 100644
--- a/recipes-security/suricata/suricata_4.0.0.bb
+++ b/recipes-security/suricata/suricata_4.0.0.bb
@@ -47,6 +47,8 @@ do_install_append () {
 install -m 644 ${WORKDIR}/suricata.yaml ${D}${sysconfdir}/suricata
 install -m 0644 ${WORKDIR}/volatiles.03_suricata  
${D}${sysconfdir}/default/volatiles/volatiles.03_suricata
 
+install -d ${D}${logdir}/suricata
+
 install -d ${D}${systemd_unitdir}/system
 sed  -e s:/etc:${sysconfdir}:g \
  -e s:/var/run:/run:g \
-- 
2.9.5

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-security][PATCH 05/10] suricata: add systemd unit

[Koen Kooi]

Based on the debian systemd unit.

Signed-off-by: Koen Kooi 
---
 recipes-security/suricata/files/suricata.service | 20 
 recipes-security/suricata/suricata_4.0.0.bb  | 17 +++--
 2 files changed, 35 insertions(+), 2 deletions(-)
 create mode 100644 recipes-security/suricata/files/suricata.service

diff --git a/recipes-security/suricata/files/suricata.service 
b/recipes-security/suricata/files/suricata.service
new file mode 100644
index 000..a99a76e
--- /dev/null
+++ b/recipes-security/suricata/files/suricata.service
@@ -0,0 +1,20 @@
+[Unit]
+Description=Suricata IDS/IDP daemon
+After=network.target
+Requires=network.target
+Documentation=man:suricata(8) man:suricatasc(8)
+Documentation=https://redmine.openinfosecfoundation.org/projects/suricata/wiki
+
+[Service]
+Type=simple
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
+RestrictAddressFamilies=
+ExecStart=/usr/bin/suricata -c /etc/suricata/suricata.yaml eth0
+ExecReload=/bin/kill -HUP $MAINPID
+PrivateTmp=yes
+ProtectHome=yes
+ProtectSystem=yes
+
+[Install]
+WantedBy=multi-user.target
+
diff --git a/recipes-security/suricata/suricata_4.0.0.bb 
b/recipes-security/suricata/suricata_4.0.0.bb
index 7ab3077..91136bf 100644
--- a/recipes-security/suricata/suricata_4.0.0.bb
+++ b/recipes-security/suricata/suricata_4.0.0.bb
@@ -7,9 +7,10 @@ LIC_FILES_CHKSUM = 
"file://LICENSE;beginline=1;endline=2;md5=c70d8d3310941dcdfcd
 SRC_URI += " \
file://volatiles.03_suricata \
file://suricata.yaml \
+   file://suricata.service \
"
 
-inherit autotools-brokensep pkgconfig python-dir 
+inherit autotools-brokensep pkgconfig python-dir systemd 
 
 CFLAGS += "-D_DEFAULT_SOURCE"
 
@@ -45,6 +46,16 @@ do_install_append () {
 install -m 644 reference.config ${D}${sysconfdir}/suricata
 install -m 644 ${WORKDIR}/suricata.yaml ${D}${sysconfdir}/suricata
 install -m 0644 ${WORKDIR}/volatiles.03_suricata  
${D}${sysconfdir}/default/volatiles/volatiles.03_suricata
+
+install -d ${D}${systemd_unitdir}/system
+sed  -e s:/etc:${sysconfdir}:g \
+ -e s:/var/run:/run:g \
+ -e s:/var:${localstatedir}:g \
+ -e s:/usr/bin:${bindir}:g \
+ -e s:/bin/kill:${base_bindir}/kill:g \
+ -e s:/usr/lib:${libdir}:g \
+ ${WORKDIR}/suricata.service > 
${D}${systemd_unitdir}/system/suricata.service
+
 }
 
 pkg_postinst_ontarget_${PN} () {
@@ -53,8 +64,10 @@ if [ -e /etc/init.d/populate-volatile.sh ] ; then
 fi
 }
 
+SYSTEMD_PACKAGES = "${PN}"
+
 PACKAGES =+ "${PN}-python"
-FILES_${PN} += "${logdir}/suricata"
+FILES_${PN} += "${logdir}/suricata ${systemd_unitdir}"
 FILES_${PN}-python = "${bindir}/suricatasc ${PYTHON_SITEPACKAGES_DIR}"
 
 CONFFILES_${PN} = "${sysconfdir}/suricata/suricata.yaml"
-- 
2.9.5

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-security][PATCH 03/10] suricata: mark config file as CONFFILE

[Koen Kooi]

This preserves user edits during package upgrades.

Signed-off-by: Koen Kooi 
---
 recipes-security/suricata/suricata_4.0.0.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/recipes-security/suricata/suricata_4.0.0.bb 
b/recipes-security/suricata/suricata_4.0.0.bb
index 4a39325..73f4af6 100644
--- a/recipes-security/suricata/suricata_4.0.0.bb
+++ b/recipes-security/suricata/suricata_4.0.0.bb
@@ -56,4 +56,6 @@ PACKAGES =+ "${PN}-python"
 FILES_${PN} += "${logdir}/suricata"
 FILES_${PN}-python = "${bindir}/suricatasc ${PYTHON_SITEPACKAGES_DIR}"
 
+CONFFILES_${PN} = "${sysconfdir}/suricata/suricata.yaml"
+
 RDEPENDS_${PN}-python = "python"
-- 
2.9.5

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto