This is only the test email,
please drop it.
//Hongxu
--
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
Bump up PR and remove PRINC.
Signed-off-by: Hongxu Jia
---
recipes-security/refpolicy/refpolicy-mcs_2.20130424.bb | 2 +-
recipes-security/refpolicy/refpolicy-mls_2.20130424.bb | 2 +-
recipes-security/refpolicy/refpolicy-standard_2.20130424.bb | 2 +-
recipes-security/refpolicy
-contrib/log/?h=hongxu/fix-princ
Hongxu Jia (8):
refpolicy: remove PRINC warning
checkpolicy: remove PRINC warning
libselinux: remove PRINC warning
libsemanage: remove PRINC warning
libsepol: remove PRINC warning
sepolgen: remove PRINC warning
libpcre_8.34.bbappend: remove PRINC warning
Bump up PR and remove PRINC.
Signed-off-by: Hongxu Jia
---
recipes-security/selinux/libsemanage.inc| 2 --
recipes-security/selinux/libsemanage_2.2.bb | 2 +-
recipes-security/selinux/libsemanage_git.bb | 2 +-
3 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/recipes-security
Bump up PR and remove PRINC.
Signed-off-by: Hongxu Jia
---
recipes-security/selinux/sepolgen.inc | 2 --
recipes-security/selinux/sepolgen_1.2.1.bb | 2 +-
recipes-security/selinux/sepolgen_git.bb | 2 +-
3 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/recipes-security
Bump up PR and remove PRINC.
Signed-off-by: Hongxu Jia
---
recipes-security/selinux/libsepol.inc| 2 --
recipes-security/selinux/libsepol_2.2.bb | 2 +-
recipes-security/selinux/libsepol_git.bb | 2 +-
3 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/recipes-security/selinux
Bump up PR and remove PRINC.
Signed-off-by: Hongxu Jia
---
recipes-security/selinux/policycoreutils.inc| 2 --
recipes-security/selinux/policycoreutils_git.bb | 2 +-
2 files changed, 1 insertion(+), 3 deletions(-)
diff --git a/recipes-security/selinux/policycoreutils.inc
b/recipes
Bump up PR and remove PRINC.
Signed-off-by: Hongxu Jia
---
recipes-security/selinux/libselinux.inc | 2 --
recipes-security/selinux/libselinux_2.2.2.bb | 2 +-
recipes-security/selinux/libselinux_git.bb | 2 +-
3 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/recipes
The libpcre has been upgrade to 8.34 in oe-core,
so remove PRINC.
Signed-off-by: Hongxu Jia
---
recipes-support/libpcre/libpcre_8.34.bbappend | 2 --
1 file changed, 2 deletions(-)
diff --git a/recipes-support/libpcre/libpcre_8.34.bbappend
b/recipes-support/libpcre/libpcre_8.34.bbappend
index
Bump up PR and remove PRINC.
Signed-off-by: Hongxu Jia
---
recipes-security/selinux/checkpolicy.inc| 2 --
recipes-security/selinux/checkpolicy_2.2.bb | 2 +-
recipes-security/selinux/checkpolicy_git.bb | 2 +-
3 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/recipes-security
On 2018年07月07日 05:52, Raymond Yeung wrote:
Is there any installer that I could download along with the .hddimg
(or .iso) image to the RAM, invoke the installer, so we could have a
bootable image installed on a SSD?
Sorry for replying late
There is a target installer meta-anaconda in yoct
It installs test case by default which contain host
paths and it breaks binary reproducibility.
Pick a fix from ubuntu to make the testing infrastructure
optional, and disable it by default
Signed-off-by: Hongxu Jia
---
...-Make-the-testing-infrastructure-optional.patch | 137
Since `9ec5a8a layer.conf: Drop sumo from LAYERSERIES_CORENAMES' and
`9867924 layer.conf: Add thud to LAYERSERIES_CORENAMES' applied in oe-core,
update LAYERSERIES_COMPAT `sumo' -> `thud'
Signed-off-by: Hongxu Jia
---
meta-cgl-common/conf/layer.conf | 2 +-
1 file cha
Since `9ec5a8a layer.conf: Drop sumo from LAYERSERIES_CORENAMES' and
`9867924 layer.conf: Add thud to LAYERSERIES_CORENAMES' applied in oe-core,
update LAYERSERIES_COMPAT `sumo' -> `thud'
Signed-off-by: Hongxu Jia
---
conf/layer.conf | 2 +-
1 file changed, 1 insertion(
rs are obsolete.
Signed-off-by: Hongxu Jia
---
.../recipes-cgl/cluster-resource-agents/resource-agents_4.0.1.bb | 8 +---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git
a/meta-cgl-common/recipes-cgl/cluster-resource-agents/resource-agents_4.0.1.bb
b/meta-cgl-common/recipes-cgl/c
g dirs to FILES_${PN}-dbg
Signed-off-by: Hongxu Jia
---
meta-cgl-common/recipes-cgl/cluster-glue/cluster-glue_1.0.12.bb | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/meta-cgl-common/recipes-cgl/cluster-glue/cluster-glue_1.0.12.bb
b/meta-cgl-common/recipes-cgl/cluster
eview, and apply for creating
a layer named `meta-tensorflow' on Yocto.
For test convenient, there is a fork on github:
https://github.com/hongxu-jia/meta-tensorflow
BTW, I have contributed other 11 fundamental recipes to meta-openembedded
and all of them have been merged to master branch.
Inherit the bbclass to use bazel to build tensorflow-native,
tensorflow, tensorboard and tensorflow-estimator.
Signed-off-by: Hongxu Jia
---
classes/bazel.bbclass | 80 +++
1 file changed, 80 insertions(+)
create mode 100644 classes/bazel.bbclass
The idea comes from upstream arm compiler which `Build from
source for the Raspberry Pi'
$ ls /third_party/toolchains/cpus/arm/
arm_compiler_configure.bzl BUILD CROSSTOOL.tpl
https://www.tensorflow.org/install/source_rpi
Signed-off-by: Hongxu Jia
---
recipes-framework/tensorflow/files/
It is required by tensorflow-estimator.
Signed-off-by: Hongxu Jia
---
.../tensorflow/tensorflow-native_1.13.0.bb | 60 ++
1 file changed, 60 insertions(+)
create mode 100644 recipes-framework/tensorflow/tensorflow-native_1.13.0.bb
diff --git a/recipes-framework
It is the build system of tensorflow.
The build steps refers:
https://docs.bazel.build/versions/master/install-compile-source.html
Signed-off-by: Hongxu Jia
---
recipes-devtools/bazel/bazel-native_0.21.0.bb | 33 +++
1 file changed, 33 insertions(+)
create mode 100644
Signed-off-by: Hongxu Jia
---
conf/layer.conf | 23 +++
1 file changed, 23 insertions(+)
create mode 100644 conf/layer.conf
diff --git a/conf/layer.conf b/conf/layer.conf
new file mode 100644
index 000..352c2bc
--- /dev/null
+++ b/conf/layer.conf
@@ -0,0 +1,23 @@
+# We
Signed-off-by: Hongxu Jia
---
.../tensorboard/0001-customize-for-Yocto.patch | 128 +
recipes-framework/tensorflow/tensorboard_1.12.2.bb | 62 ++
2 files changed, 190 insertions(+)
create mode 100644
recipes-framework/tensorflow/tensorboard/0001-customize-for
The build steps refers README of https://github.com/tensorflow/estimator
Signed-off-by: Hongxu Jia
---
.../tensorflow/tensorflow-estimator_1.13.bb| 50 ++
1 file changed, 50 insertions(+)
create mode 100644 recipes-framework/tensorflow/tensorflow-estimator_1.13.bb
Add tensorflow-native to tensorflow's DEPENDS, actually tensorflow
does not require tensorflow-native, but to avoid do_compile at
the same time. Bazel build system does not support parallel build
very well (very slowly).
Signed-off-by: Hongxu Jia
---
recipes-framework/tenso
SyntaxError around async keyword on Python 3.7
Signed-off-by: Hongxu Jia
---
...xError-around-async-keyword-on-Python-3.7.patch | 116 +
.../tensorflow/tensorflow-native_1.13.0.bb | 1 +
2 files changed, 117 insertions(+)
create mode 100644
recipes-framework
Signed-off-by: Hongxu Jia
---
...octo-toolchain-to-support-cross-compiling.patch | 108 +++
recipes-framework/tensorflow/tensorflow_1.13.0.bb | 154 +
2 files changed, 262 insertions(+)
create mode 100644
recipes-framework/tensorflow/files/0001-add-yocto
or directory
Signed-off-by: Hongxu Jia
---
.../tensorflow/files/0001-support-musl.patch | 49 ++
recipes-framework/tensorflow/tensorflow_1.13.0.bb | 1 +
2 files changed, 50 insertions(+)
create mode 100644 recipes-framework/tensorflow/files/0001-support-musl.patch
Signed-off-by: Hongxu Jia
---
...x-gcc-internal-compile-error-on-qemuarm64.patch | 64 ++
recipes-framework/tensorflow/tensorflow_1.13.0.bb | 1 +
2 files changed, 65 insertions(+)
create mode 100644
recipes-framework/tensorflow/files/0001-fix-gcc-internal-compile-error
Signed-off-by: Hongxu Jia
---
README | 170 +
1 file changed, 170 insertions(+)
create mode 100644 README
diff --git a/README b/README
new file mode 100644
index 000..3da4e76
--- /dev/null
+++ b/README
@@ -0,0 +1,170
On 2019/2/23 上午12:51, Stephen Lawrence wrote:
Good work.
You might be interested in the yocto layers for tensorflow, tensorflow-lite and
caffe2
on github here [1]. I'm not part of the team that developed that work but I
forwarded
your announcement to them. Perhaps there is the opportunity for
On 2019/2/23 上午4:49, Manjukumar Harthikote Matha wrote:
Hi Hongxu,
-Original Message-
From: yocto-boun...@yoctoproject.org [mailto:yocto-boun...@yoctoproject.org]
On Behalf Of Stephen Lawrence
Sent: Friday, February 22, 2019 8:52 AM
To: Hongxu Jia ; richard.pur...@linuxfoundation.org
On 2019/2/23 下午11:29, Richard Purdie wrote:
Please don't do the meta-openembedded part!
OK, I can't agree more, for tensorflow, if we move it to
meta-openembedded/meta-ai,
we have to move the depending layer `meta-java' to meta-openembedded
but it has
been already as a standalone layer ,
On 2019/2/24 上午1:04, Khem Raj wrote:
On Sat, Feb 23, 2019 at 7:29 AM Richard Purdie
wrote:
On Fri, 2019-02-22 at 20:49 +, Manjukumar Harthikote Matha wrote:
You might be interested in the yocto layers for tensorflow,
tensorflow-lite and
caffe2 on github here [1]. I'm not part of the team t
://cgit.openembedded.org/openembedded-core-contrib/log/?h=hongxu/fix-gplv2-mc
Hongxu Jia (3):
Revert "layer.conf: Remove mc from
packagegroup-core-full-cmdline-utils"
Revert "mc: Drop from meta-gplv2 as incompatible with newer ncurses
versions"
mc: unify curses i
This reverts commit 73a8f9df9f4b5e0d87605962c3bd8dcbaef28aea.
Signed-off-by: Hongxu Jia
---
conf/layer.conf | 2 --
1 file changed, 2 deletions(-)
diff --git a/conf/layer.conf b/conf/layer.conf
index 5c373a8..f5601bb 100644
--- a/conf/layer.conf
+++ b/conf/layer.conf
@@ -13,5 +13,3
This reverts commit ec80d2cac67a952b06ed27fbd4d71f17641e9a7c.
Signed-off-by: Hongxu Jia
---
recipes-extended/mc/mc/mc-CTRL.patch | 31
recipes-extended/mc/mc_4.7.5.2.bb| 47
2 files changed, 78 insertions(+)
create mode 100644
rm->Nttyb.c_cc[VINTR] = CTRL ('g'); /* ^g */
...
Backport a patch from upstream and rebase to 4.7.5.2 could fix the issue.
Signed-off-by: Hongxu Jia
---
...3697-tty_init-unify-curses-initialization.patch | 51 ++
recipes-extended/mc/mc_4.7.5.2.bb
This reverts commit 73a8f9df9f4b5e0d87605962c3bd8dcbaef28aea.
Signed-off-by: Hongxu Jia
---
conf/layer.conf | 2 --
1 file changed, 2 deletions(-)
diff --git a/conf/layer.conf b/conf/layer.conf
index 5c373a8..f5601bb 100644
--- a/conf/layer.conf
+++ b/conf/layer.conf
@@ -13,5 +13,3
-full-cmdline-utils (2017-08-17
17:37:57 +0100)
are available in the git repository at:
git://git.openembedded.org/openembedded-core-contrib hongxu/fix-gplv2-mc
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=hongxu/fix-gplv2-mc
Hongxu Jia (3):
Revert "layer.conf: Remo
This reverts commit ec80d2cac67a952b06ed27fbd4d71f17641e9a7c.
Signed-off-by: Hongxu Jia
---
recipes-extended/mc/mc/mc-CTRL.patch | 31
recipes-extended/mc/mc_4.7.5.2.bb| 47
2 files changed, 78 insertions(+)
create mode 100644
rm->Nttyb.c_cc[VINTR] = CTRL ('g'); /* ^g */
...
We could not backport fix from the latest master which introduce
gplv3 contamination, but we could revert to disable Ctrl-g key
and Ctrl-\ key
Signed-off-by: Hongxu Jia
---
.../mc/0001-disable-Ctrl-g-key-and-Ctrl-key.patch | 86 +++
Add Mark to the loop
//Hongxu
On 2017年08月18日 17:29, Hongxu Jia wrote:
Changed in V2:
We could not backport fix from the latest master which introduce
gplv3 contamination, but we could revert to disable Ctrl-g key
and Ctrl-\ key
//Hongxu
The following changes since commit
On 2017年11月22日 06:28, Paul Eggleton wrote:
On Wednesday, 22 November 2017 10:24:59 AM NZDT Burton, Ross wrote:
On 21 November 2017 at 08:55, Hongxu Jia wrote:
If yocto is interested in this layer and will accept it,
I could send pull request or some one directly fetch
from above github master
On 2017年11月22日 11:20, Paul Eggleton wrote:
Hi Hongxu,
On Wednesday, 22 November 2017 3:56:31 PM NZDT Hongxu Jia wrote:
On 2017年11月22日 06:28, Paul Eggleton wrote:
On Wednesday, 22 November 2017 10:24:59 AM NZDT Burton, Ross wrote:
On 21 November 2017 at 08:55, Hongxu Jia
wrote:
If yocto is
On 2017年11月22日 23:41, Khem Raj wrote:
If yocto is interested in this layer and will accept it,
I could send pull request or some one directly fetch
from above github master branch.
This is a very good work. Thanks for contributing it. We should definitely
put it under meta-openembedded framewor
for review or directly push the repo contents to it once it's created.
If the latter one, should I send my ssh pub key to you privately?
//Hongxu
Ross
On 23 November 2017 at 12:09, Hongxu Jia mailto:hongxu@windriver.com>> wrote:
The meta-installer laye
On 2017年11月24日 09:55, Hongxu Jia wrote:
On 2017年11月24日 08:35, Khem Raj wrote:
On Thu, Nov 23, 2017 at 4:15 AM Burton, Ross <mailto:ross.bur...@intel.com>> wrote:
I honestly don't see why this has to belong in meta-openembedded
and can't live in a standalone reposi
On 2017年11月25日 03:34, akuster808 wrote:
These are sitting in the meta-openembedded patch queue. Did I miss the
reject request?
- armin
I marked them as `rejected' in OE's patch work, I have applied to submit
meta-anaconda to yocto as a standalone repository.
//Hongxu
--
On 2017年11月28日 01:20, Mark Hatle wrote:
On 11/21/17 3:24 PM, Burton, Ross wrote:
On 21 November 2017 at 08:55, Hongxu Jia mailto:hongxu@windriver.com>> wrote:
If yocto is interested in this layer and will accept it,
I could send pull request or some one directly fetch
Since commit [21f84fc insane: add sanity checks to SRC_URI] applied
in oe-core, do not use unstable github archive tarballs
Signed-off-by: Hongxu Jia
---
meta-cgl-common/recipes-cgl/crmsh/crmsh_3.0.3.bb | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/meta-cgl-common
Since commit [21f84fc insane: add sanity checks to SRC_URI] applied
in oe-core, do not use unstable github archive tarballs
Signed-off-by: Hongxu Jia
---
recipes-security/setools/setools_4.1.1.bb | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/recipes-security/setools
Since commit [21f84fc insane: add sanity checks to SRC_URI] applied
in oe-core, do not use unstable github archive tarballs
Signed-off-by: Hongxu Jia
---
meta-cgl-common/recipes-cgl/pacemaker/pacemaker_1.1.19.bb | 7 +++
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/meta-cgl
6:: ${TEST:=/buildarea1/hjia/
wrlinux-1019/build_master-wr_qemux86-64_2019053109/build/tmp-glibc/hosttools/test}
Set grep/test path rather than using hosttools which refers
commit in oe-core [f6e7a3b libtool: Don't hardcode grep paths]
Signed-off-by: Hongxu Jia
---
.../recipes-cgl/cluster-
Since comit [a78c420 libva: check for "opengl" feature] applied in oe-core,
and intel-mediasdk depends on libva, it should check for "opengl"
feature too.
Signed-off-by: Hongxu Jia
---
recipes-multimedia/mediasdk/intel-mediasdk_19.2.0.bb | 3 +++
1 file changed, 3 inserti
Since intel-graphics-compiler depends on clang, skip it if clang is not ready
Signed-off-by: Hongxu Jia
---
recipes-opencl/igc/intel-graphics-compiler_1.0.6.bb | 8
1 file changed, 8 insertions(+)
diff --git a/recipes-opencl/igc/intel-graphics-compiler_1.0.6.bb
b/recipes-opencl/igc
Since comit [a78c420 libva: check for "opengl" feature] applied in oe-core,
and intel-media-driver depends on libva, it should check for "opengl"
feature too.
Signed-off-by: Hongxu Jia
---
recipes-multimedia/libva/intel-media-driver_19.2.0.bb | 3 +++
1 file changed, 3 inser
Since intel-graphics-compiler depends on clang, skip it if clang is not ready
Issue: LIN1019-1846
(LOCAL REV: NOT UPSTREAM) -- Sent to Yocto on 20190724
Signed-off-by: Hongxu Jia
---
recipes-opencl/igc/intel-graphics-compiler_1.0.6.bb | 8
1 file changed, 8 insertions(+)
diff --git a
On 7/29/19 9:12 AM, Mittal, Anuj wrote:
Hi Hongxu
I have merged these changes but could you send these to meta-intel list
in future please?
OK, I got it
//Hongxu
On Wed, 2019-07-24 at 18:11 +0800, Hongxu Jia wrote:
Since comit [a78c420 libva: check for "opengl" feature] applied
Since the layer is now published via the Yocto Project and
git.yoctoproject.org, we should update steps in README.build
Signed-off-by: Hongxu Jia
---
README.build | 21 -
1 file changed, 16 insertions(+), 5 deletions(-)
diff --git a/README.build b/README.build
index df3f4e4
Signed-off-by: Hongxu Jia
---
README.build | 36
1 file changed, 36 insertions(+)
diff --git a/README.build b/README.build
index 9735028..bc8fcf3 100644
--- a/README.build
+++ b/README.build
@@ -245,3 +245,39 @@ Note this sample command is functionally
The openssl fips only works with old openssl(<=1.0.2),
update steps to clarify it for Yocto and Wind River Linux
Signed-off-by: Hongxu Jia
---
README.build | 8 +---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/README.build b/README.build
index bc8fcf3..3da03da 100644
--
Port it from fedora:
https://src.fedoraproject.org/rpms/fipscheck
It is required by openssh fips.
Signed-off-by: Hongxu Jia
---
.../0001-compat-fip-with-openssl-1.0.2.patch | 34 ++
recipes-connectivity/openssh/fipscheck_1.5.0.bb| 30 +++
templates
Signed-off-by: Hongxu Jia
---
.../openssh/openssh/0001-openssh-8.0p1-fips.patch | 528 +
recipes-connectivity/openssh/openssh_8.%.bbappend | 4 +
recipes-connectivity/openssh/openssh_fips.inc | 8 +
3 files changed, 540 insertions(+)
create mode 100644
recipes
Hi Mark,
I apply a kernel patch to workaround alg self-tests failure, which
the test is too early and Jitter RNG is not ready at that time.
The latter alg: self-tests for jitterentropy_rng is passed, so
I think the `Continuing without Jitter RNG' workaround is OK
== Testing ==
* Commands
Refer Fedora/RedHat's way
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/6.5_technical_notes/dracut
Signed-off-by: Hongxu Jia
---
recipes-connectivity/openssh/fipscheck_1.5.0.bb | 4
1 file changed, 4 insertions(+)
diff --git a/recipes-connectivity/op
Refer
https://src.fedoraproject.org/rpms/openssh/c/d93958db19129e0f4615865eab22fb36e1f4fb8a
Signed-off-by: Hongxu Jia
---
recipes-connectivity/openssh/openssh_fips.inc | 26 ++
1 file changed, 26 insertions(+)
diff --git a/recipes-connectivity/openssh/openssh_fips.inc
Refer https://pagure.io/fipscheck/c/489bc3ab3f73707e12b6c2644d80af5ff6fbbf70
Signed-off-by: Hongxu Jia
---
recipes-connectivity/openssh/fipscheck_1.5.0.bb | 18 ++
1 file changed, 18 insertions(+)
diff --git a/recipes-connectivity/openssh/fipscheck_1.5.0.bb
b/recipes
RNG for fips to workaround alg self-tests failure,
after applying the fix:
...
[0.306633] DRBG: Continuing without Jitter RNG
[0.310550] alg: self-tests for ecdh-generic (ecdh) passed
...
Refer: https://lore.kernel.org/patchwork/patch/568693/
Signed-off-by: Hongxu Jia
---
.../0001-fips
Enable fips mode according to the existence of "/etc/system-fips"
Signed-off-by: Hongxu Jia
---
.../0001-conditional-enable-fips-mode.patch| 63 ++
recipes-connectivity/openssh/openssh_fips.inc | 1 +
2 files changed, 64 insertions(+)
create m
/lkddb/web-lkddb/CRYPTO_FIPS.html
[3] https://mta.openssl.org/pipermail/openssl-users/2017-May/005840.html
Signed-off-by: Hongxu Jia
---
classes/fips_kernel.bbclass| 4
conf/layer.conf| 4
recipes-kernel/linux/files/crypto_fips.cfg | 3
ystem-fips"), don't generate ED25519
host
keys in FIPS mode
Refers Fedora:
https://src.fedoraproject.org/rpms/openssh/c/00c7b7543973f237b79ee87ca697c08b71954d35
https://src.fedoraproject.org/rpms/openssh/c/3b7c8620a1df976c1c09553c1c7b99ce492d290b
Signed-off-by: Hongxu Jia
---
recip
Signed-off-by: Hongxu Jia
---
recipes-support/rng-tools/rng-tools/default | 1 +
recipes-support/rng-tools/rng-tools_6.%.bbappend | 4
recipes-support/rng-tools/rng-tools_fips.inc | 2 ++
3 files changed, 7 insertions(+)
create mode 100644 recipes-support/rng-tools/rng-tools
Signed-off-by: Hongxu Jia
---
.../openssh/openssh/sshd_check_keys| 78 ++
1 file changed, 78 insertions(+)
create mode 100644 recipes-connectivity/openssh/openssh/sshd_check_keys
diff --git a/recipes-connectivity/openssh/openssh/sshd_check_keys
b/recipes
led-fips-test.html
Signed-off-by: Hongxu Jia
---
recipes-support/rng-tools/rng-tools/default | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/recipes-support/rng-tools/rng-tools/default
b/recipes-support/rng-tools/rng-tools/default
index b9f8e03..1ae6b33 100644
--- a/recipes-sup
onibm/com.ibm.linux.z.lgdd/lgdd_r_fipsparm.html
https://support.oracle.com/knowledge/Oracle%20Linux%20and%20Virtualization/2323738_1.html
Signed-off-by: Hongxu Jia
---
README.enable_fips | 56 ++
1 file changed, 56 insertions(+)
create mode 1
Signed-off-by: Hongxu Jia
---
README.openssh_cavstest | 28
1 file changed, 28 insertions(+)
create mode 100644 README.openssh_cavstest
diff --git a/README.openssh_cavstest b/README.openssh_cavstest
new file mode 100644
index 000..5d69ee5
--- /dev/null
+++ b
-off-by: Hongxu Jia
---
.../openssh/openssh-6.6p1-ctr-cavstest.patch | 289 +
.../openssh/openssh/openssh-6.7p1-kdf-cavs.patch | 654 +
recipes-connectivity/openssh/openssh_fips.inc | 9 +
3 files changed, 952 insertions(+)
create mode 100644
recipes
Merged
//Hongxu
On 9/23/19 2:41 PM, Ovidiu Panait wrote:
This fixes a race conditition which leaves devices mounted, causing the
following anaconda installation failure:
File "/usr/lib64/python3.5/site-packages/gi/overrides/BlockDev.py", line 963,
in wrapped
raise transform[1](msg)
File "/us
Refer https://pagure.io/fipscheck/c/489bc3ab3f73707e12b6c2644d80af5ff6fbbf70
(* fipscheck.spec.in: Add generation of the checksums in __spec_install_post.)
Signed-off-by: Hongxu Jia
---
recipes-support/fipscheck/fipscheck_1.5.0.bb | 22 ++
1 file changed, 22 insertions
as a post image generation activity.
Signed-off-by: Hongxu Jia
---
classes/image-enable-fips.bbclass | 5 +
conf/layer.conf | 2 ++
2 files changed, 7 insertions(+)
create mode 100644 classes/image-enable-fips.bbclass
diff --git a/classes/image-enable-fips.bbclass
b/class
FIPS mode support
So I do not add additional cavs test to the ptest, just add a note
to README.enable_fips
//Hongxu
== Comments (indicate scope for each "y" above) ==
* Git logs
[meta-openssl102-fips]
commit 38849c1c52ae04eb2a3931624cd2d1446ab389d6
Author: Hongxu Jia
Date: Wed
Port it from fedora:
https://src.fedoraproject.org/rpms/fipscheck
(as of commit 7e44bec705fb2b3263734f30a05c2245738cf01a)
It is required by openssh fips.
Signed-off-by: Hongxu Jia
---
.../0001-compat-fip-with-openssl-1.0.2.patch | 34 ++
recipes-support/fipscheck
Port openssh-7.7p1-fips.patch from Fedora
https://src.fedoraproject.org/rpms/openssh.git
(as of commit 0ca1614ae221578b6b57c61d18fda6cc970a19ce)
Signed-off-by: Hongxu Jia
---
.../openssh/openssh/0001-openssh-8.0p1-fips.patch | 529 +
recipes-connectivity/openssh/openssh_8
/lkddb/web-lkddb/CRYPTO_FIPS.html
[3] https://mta.openssl.org/pipermail/openssl-users/2017-May/005840.html
Signed-off-by: Hongxu Jia
---
classes/fips_kernel.bbclass| 4
conf/layer.conf| 4
recipes-kernel/linux/files/crypto_fips.cfg | 3
RNG for fips to workaround alg self-tests failure,
after applying the fix:
...
[0.306633] DRBG: Continuing without Jitter RNG
[0.310550] alg: self-tests for ecdh-generic (ecdh) passed
...
Refer: https://lore.kernel.org/patchwork/patch/568693/
Signed-off-by: Hongxu Jia
---
.../0001-fips
Refer
https://src.fedoraproject.org/rpms/openssh/c/13fa787ecc35d6c9eea9e64c1f42f49e2ee978ce
(See __spec_install_post in openssh.spec for detail)
Signed-off-by: Hongxu Jia
---
recipes-connectivity/openssh/openssh_fips.inc | 34 +++
1 file changed, 34 insertions(+)
diff
Port it at the following commit in oe-core
http://cgit.openembedded.org/openembedded-core/commit/?id=2303d795ae96f1a60caf145a0ddf100e89c4b5b0
Signed-off-by: Hongxu Jia
---
.../openssh/openssh/sshd_check_keys| 78 ++
1 file changed, 78 insertions(+)
create
ystem-fips"), don't generate ED25519
host
keys in FIPS mode
Refers Fedora:
https://src.fedoraproject.org/rpms/openssh/c/00c7b7543973f237b79ee87ca697c08b71954d35
https://src.fedoraproject.org/rpms/openssh/c/3b7c8620a1df976c1c09553c1c7b99ce492d290b
Signed-off-by: Hongxu Jia
---
recip
Enable fips mode according to the existence of "/etc/system-fips"
Signed-off-by: Hongxu Jia
---
.../0001-conditional-enable-fips-mode.patch| 63 ++
recipes-connectivity/openssh/openssh_fips.inc | 1 +
2 files changed, 64 insertions(+)
create m
commit 0ca1614ae221578b6b57c61d18fda6cc970a19ce)
Signed-off-by: Hongxu Jia
---
.../openssh/openssh-6.6p1-ctr-cavstest.patch | 289 +
.../openssh/openssh/openssh-6.7p1-kdf-cavs.patch | 654 +
recipes-connectivity/openssh/openssh_fips.inc | 9 +
3 files
onibm/com.ibm.linux.z.lgdd/lgdd_r_fipsparm.html
https://support.oracle.com/knowledge/Oracle%20Linux%20and%20Virtualization/2323738_1.html
Signed-off-by: Hongxu Jia
---
README.enable_fips | 56 ++
1 file changed, 56 insertions(+)
create mode 1
Port it at the following commit in oe-core
http://cgit.openembedded.org/openembedded-core/commit/?id=16ced1a253c74c01ca414db2f1a010c083213b91
Signed-off-by: Hongxu Jia
---
recipes-support/rng-tools/rng-tools/default | 1 +
recipes-support/rng-tools/rng-tools_6.%.bbappend | 4
recipes
led-fips-test.html
Signed-off-by: Hongxu Jia
---
recipes-support/rng-tools/rng-tools/default | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/recipes-support/rng-tools/rng-tools/default
b/recipes-support/rng-tools/rng-tools/default
index b9f8e03..1ae6b33 100644
--- a/recipes-sup
Signed-off-by: Hongxu Jia
---
README.enable_fips | 3 +++
1 file changed, 3 insertions(+)
diff --git a/README.enable_fips b/README.enable_fips
index 8016346..676698b 100644
--- a/README.enable_fips
+++ b/README.enable_fips
@@ -54,3 +54,6 @@ FIPS mode initialized
- ssh-keygen
# ssh-keygen -A
Signed-off-by: Hongxu Jia
---
README.openssh_cavstest | 28
1 file changed, 28 insertions(+)
create mode 100644 README.openssh_cavstest
diff --git a/README.openssh_cavstest b/README.openssh_cavstest
new file mode 100644
index 000..5d69ee5
--- /dev/null
+++ b
On 9/25/19 10:33 PM, Mark Hatle wrote:
On 9/25/19 2:23 AM, Hongxu Jia wrote:
Changed in V1:
- Follow Mark H's suggestions
Hi Mark,
Once openssh enables FIPS mode, openssh ptest will fail (mess of failure).
It seems the test case of upstream openssh does not consider FIPS mode suppo
as a post image generation activity.
Signed-off-by: Hongxu Jia
---
classes/image-enable-fips.bbclass | 5 +
conf/layer.conf | 2 ++
2 files changed, 7 insertions(+)
create mode 100644 classes/image-enable-fips.bbclass
diff --git a/classes/image-enable-fips.bbclass
b/class
For Yocto and WRLinux, openssl fips works only if installing
package openssl-fips
Signed-off-by: Hongxu Jia
---
README.build | 1 +
templates/feature/openssl-fips/image.inc | 1 +
2 files changed, 2 insertions(+)
create mode 100644 templates/feature/openssl-fips
The working fips package is openssl-fips-dev rather than openssl-fips.
Signed-off-by: Hongxu Jia
---
README.build | 2 +-
templates/feature/openssl-fips/image.inc | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/README.build b/README.build
index
1 - 100 of 112 matches
Mail list logo