| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
Operations like XXX:append += "YYY" are almost always wrong and this
is a common mistake made in the metadata. Improve them to use the
standard format.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
| |
|
|
|
|
|
| |
Update SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Use ASN1_ITEM_rptr() instead of taking the address of IDC_PEID_it.
Openssl-3.0 changed the type of TYPE_it from `const ASN1_ITEM TYPE_it`
to `const ASN1_ITEM *TYPE_it(void)`. This was previously hidden behind
OPENSSL_EXPORT_VAR_AS_FUNCTION but in 3.0 only the function version is
available. This change should have been transparent to the application,
but only if the `ASN1_ITEM_rptr()` macro is used.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
| |
|
|
|
|
|
| |
Disable '-Werror' to prevent openssl 3.0 deprecation warnings turning
into errors until upstream addresses openssl 3.0 compatibility issue.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
| |
|
|
| |
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
| |
|
|
|
|
|
|
| |
When LDFLAGS expands, The -fmacro-prefix-map and -fdebug-prefix-map will
be prefixed with -Wl, which will cause compilation error:
ld: -f may not be used without -shared
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes:
| selsign.c: In function 'show_banner':
| selsign.c:57:62: error: macro "__DATE__" might prevent reproducible builds [-Werror=date-time]
| 57 | info_cont("Build Time: " __DATE__ " " __TIME__ "\n\n");
| | ^
| selsign.c:57:34: error: macro "__TIME__" might prevent reproducible builds [-Werror=date-time]
| 57 | info_cont("Build Time: " __DATE__ " " __TIME__ "\n\n");
| | ^~~~~~~~
| cc1: all warnings being treated as errors
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
| |
|
|
|
|
|
|
| |
Add back the append override, as the '+=' operator will make the
default value of BB_HASHBASE_WHITELIST in oe-core not have any
effect.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
|
| |
|
|
|
|
| |
Drop other releases since they are not compatible anymore.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
| |
|
|
|
|
| |
Converting the metadata to use ":" as the override character instead of "_".
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
| |
|
|
|
|
| |
The current latest version is 0.9.4 rather than 0.9.2.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes the following errors when set DEBUG_BUILD = "1":
fileio.c: In function ‘__fileio_read_file’:
fileio.c:179:12: error: ‘len’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
179 | *out_len = len;
| ~~~~~~~~~^~~~~
fileio.c:178:12: error: ‘buf’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
178 | *out_buf = buf;
| ~~~~~~~~~^~~~~
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Remove unnecessary inherit native
This is a target recipe, the "inherit native" is not needed, the
sbsigntool-native is extended by BBCLASSEXTEND which is already present.
Fixed when multilib is enabled:
$ bitbake lib32-sbsigntool
ERROR: Nothing PROVIDES 'lib32-sbsigntool'.
* Add util-linux-libuuid to DEPENDS since it is required by target build
* Add read_write_all.c to common_SOURCES to fix build errors.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
| |
|
|
|
|
|
|
|
|
| |
grub-mkpasswd-pbkdf2 on RHEL/CentOS/Fedora
On RHEL/CentOS/Fedora, there is no grub-mkpasswd-pbkdf2 command but
grub2-mkpasswd-pbkdf2. Update the script to locate the appropriate
command.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
| |
|
|
|
|
| |
Remove other releases since they are not compatible anymore.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
This reverts commit fc8969af8a34ff93ede7d44a492750446154d950.
In parallel build this will led sign error because the gpg-agent
in using maybe killed in another task.
Signed-off-by: Liwei Song <liwei.song@windriver.com>
|
| |
|
|
|
|
|
|
| |
If efi-secure-boot distro flag has not been set, then do not require the
sbsigntool, libsign and efitools.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes the following error when set DEBUG_BUILD = "1":
fileio.c: In function ‘__fileio_read_file’:
fileio.c:179:12: error: ‘len’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
179 | *out_len = len;
| ~~~~~~~~~^~~~~
fileio.c:178:12: error: ‘buf’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
178 | *out_buf = buf;
| ~~~~~~~~~^~~~~
cc1: all warnings being treated as errors
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
There is a build error if the /tmp directory is mounted with noexec
option:
lib/ccan.git/tools/create-ccan-tree: line 130: /tmp/tmp.MSe2mg2hM5/ccan_depends: Permission denied
Specify a local TMPDIR to fix it.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
commit fa5550d97de6("sbsigntool: Update to latest and change repos")
tried to fix compilation for arm architectures.
Due to the changes in the upstream package though host gnu-efi was
required to compile the package. Also that commit removed a useful
commit (-x support on sbsigntool), which I mistakenly remembered it was
already upstreamed.
So fix the gnu-efi error and fixup the useful patch to keep the
existring functionality. The old package was also depending on
binutils-dev being installed on the host. Fix that and depend on
binutils-native.
While at it purge the unused patches.
Fixes: commit fa5550d97de6("sbsigntool: Update to latest and change repos")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
| |
|
|
|
|
|
|
| |
The current sbsigntool repo is ancient and doesn't support native arm
binaries. Let's switch to the current upstream and adjust the recipe
accordingly, allowing the package to be used in native arm machines
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
fix below error caused by: openssl->libsign-native->openssl
DEBUG: Dependency loop #1 found:
Dependency loop #1 found:
...
oe-core commits "bitbake.conf/python: Drop setting RDEPENDS/RPROVIDES default"
and "native: Stop clearing PACKAGES" refactor usage of RDEPENDS
Signed-off-by: Changqing Li <changqing.li@windriver.com>
|
| | |
|
| |
|
|
| |
Signed-off-by: Bartłomiej Burdukiewicz <bartlomiej.burdukiewicz@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Adapt to recent psuedo changes.
Fixes:
ERROR: grub-efi-2.04-r0 do_sign: Failed to import gpg key
gpg: key 9E3086F96EEECC34/9E3086F96EEECC34: error sending to agent: End of file
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
| |
|
|
|
|
| |
allow openssl x509 '--days' parameter to be specified via command line argument
Signed-off-by: Corey Cothrum <contact@coreycothrum.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If GPG_PATH is already created by signing-keys do_get_public_keys task,
subsequent executions of do_package_write_rpm will not create the
gpg-agent.conf file anymore.
Therefore, the spawned gpg-agent will miss important features such as
auto-expand-secmem, leading to the following intermittent build errors:
....
Subprocess output:
gpg: signing failed: Cannot allocate memory
gpg: signing failed: Cannot allocate memory
error: gpg exec failed (2)
gpg: signing failed: Cannot allocate memory
gpg: signing failed: Cannot allocate memory
error: gpg exec failed (2)
...
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
|
| |
|
|
|
|
|
|
| |
Replace weak des3 encryption with more secure algorithm aes256 to
generate ima key in script create-user-key-store.sh.
Signed-off-by: David Dunlap <david.dunlap@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
It shows qa issue when multilib is enabled:
| ERROR: lib32-key-store-0.1-r0 do_package: QA Issue:
lib32-key-store package lib32-key-store-rpm-pubkey - suspicious values 'rpm' in RDEPENDS [multilib]
Prepend MLPREFIX to runtime dependency 'rpm' to fix the issue.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
|
| |
|
|
|
|
|
|
|
| |
The gpg-agent daemon will be triggered to run in function boot_sign,
This daemon will not exit even after building project.
So kill the gpg-agent daemon after gpg signing process
at the end of function boot_sign.
Signed-off-by: De Huo <De.Huo@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
"--pinentry-mode=loopback"
The option --pinentry-mode is not supported in gpg 2.0.22 code.
so when the host gpg version is 2.0.22 the option will be removed.
Start gpg-agent daemon when gpg-connect-agent reload agent failed.
Otherwise there will be below failure message reported.
gpg: can't connect to the agent - trying fall back
gpg: can't connect to the agent: IPC connect call failed
gpg: problem with the agent: No agent running
Signed-off-by: De Huo <De.Huo@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If GPG_PATH is already created by signing-keys do_get_public_keys task,
subsequent executions of do_package_write_rpm will fail with "Filename too
long" errors (this only affects builds using GPG paths larger than 80
characters).
Fix this race condition by making sure that the redirection files are always
present in the gpg homedir even if the directory already exists when the first
package_write_rpm task executes.
Also, make sure this new approach does not affect GPG_PATHs smaller than 80
chars.
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
|
| |
|
|
| |
Signed-off-by: Drew Moseley <drew.moseley@northern.tech>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, an error will be thrown when trying to use a GPG homedir whose path
length exceeds 80 characters. This limitation can be worked around by providing
libassuan socket redirection files for "S.gpg-agent.yocto-native",
"S.gpg-agent.ssh", "S.gpg-agent.browser" and "S.gpg-agent.extra"
sockets. The redirection files will point to the real sockets in /tmp
directory. The sockets will be automatically cleaned up by gpg agent.
References:
[1] https://dev.gnupg.org/T1752
[2] https://gnupg.org/documentation/manuals/assuan.pdf
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
|
| |
|
|
|
|
|
|
|
|
| |
If efi-secure-boot distro feature is enabled, let the possibility to
enable only the UEFI SecureBoot (through UEFI_SB Bitbake variable)
without MOK_SB variable.
Allow explicitly overriding the MOK_SB Bitbake variable.
Signed-off-by: Sandra Tobajas <sandra.tobajas@savoirfairelinux.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On some host configuration such as ubuntu 16.04 the gnupg in /usr/bin
is the 1.x version. This can cause problems between the import and
signing process if the gpg version is different. The commands in the
user-key-store class assume gnupg is at least version 2.2 or newer.
To avoid the signing phase failing for the efitools and the kernel,
the user-key-store class should depend on the gnupg-native binaries.
It avoids this specific error:
ERROR: efitools-1.9.2+gitAUTOINC+392836a46c-r0 do_sign: Failed to sign: /opt/tmp-glibc/work/corei7-64-wrs-linux/efitools/1.9.2+gitAUTOINC+392836a46c-r0/image/boot/efi/EFI/BOOT/LockDown.efi
ERROR: Logfile of failure stored in: /opt/tmp-glibc/work/corei7-64-wrs-linux/efitools/1.9.2+gitAUTOINC+392836a46c-r0/temp/log.do_sign.22969
NOTE: recipe efitools-1.9.2+gitAUTOINC+392836a46c-r0: task do_sign: Failed
[ Issue: LIN1019-3757 ]
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Issue: LIN1018-450
Under extremely rare circumstances, access can be denied to /tmp,
so we specify a local TMPDIR.
This is a cherry-pick of 886c44b from WRL 10.17.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Sample keys are required in order for the signing to succeed when
using grub boot verification. The keys are only used when
GRUB_SIGN_VERIFY = "1", and it is intended that and user would
generate new keys with the create-user-key-store.sh.
[ Issue: LINUXEXEC-2450 ]
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit makes the SELoader entire optional and allows it to be
removed, with the intended replacement being to use grub's built in
gpg key verification.
It will be possible in a template or local.conf:
UEFI_SELOADER = "0"
GRUB_SIGN_VERIFY = "1"
[ Issue: LINUXEXEC-2450 ]
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The create-user-key-store.sh was changed in a number ways to improve
the usability with other layers that will consume the key services
provided by meta-secure-core.
New features:
* A safety check was added that keys can only be written to a fresh
empty directory.
* The script can be run non-iteractively or interactively for the ease of use.
* gpg 1.x support and gpg 2.x support work with the passphrases
* A keys.conf is generated to allow a single line to be written into the
local.conf with all the keys.
An interactive session looks like:
==================================
./create-user-key-store.sh -d /tmp/test
KEYS_DIR: /tmp/test
Enter RPM/OSTree GPG keyname (use dashes instead of spaces) [default: PKG-SecureCore]: PKG-Sample-Man
Enter RPM/OSTree GPG e-mail address [default: SecureCore@foo.com]: sample.man@sample.com
Enter RPM/OSTREE GPG comment [default: Signing Key]: Sample Signing Key
Using boot loader gpg name: BOOT-Sample-Man
Using boot loader gpg email: sample.man@sample.com
Using boot loader gpg comment: Sample Signing Key
Press control-c now if and use -bn -bm -bc arguments if you want
different values other than listed above
Enter RPM/OSTREE passphrase: abc1234
Enter IMA passphrase: 1234pass
Enter boot loader GPG passphrase: bootup
Enter boot loader locked configuration password(e.g. grub pw): root
MASTER_KEYS_DIR = "/tmp/test"
IMA_KEYS_DIR = "${MASTER_KEYS_DIR}/ima_keys"
IMA_EVM_KEY_DIR = "${MASTER_KEYS_DIR}/ima_keys"
RPM_KEYS_DIR = "${MASTER_KEYS_DIR}/rpm_keys"
BOOT_KEYS_DIR = "${MASTER_KEYS_DIR}/boot_keys"
MOK_SB_KEYS_DIR = "${MASTER_KEYS_DIR}/mok_sb_keys"
SYSTEM_TRUSTED_KEYS_DIR = "${MASTER_KEYS_DIR}/system_trusted_keys"
UEFI_SB_KEYS_DIR = "${MASTER_KEYS_DIR}/uefi_sb_keys"
GRUB_PUB_KEY = "${MASTER_KEYS_DIR}/boot_keys/boot_pub_key"
GRUB_PW_FILE = "${MASTER_KEYS_DIR}/boot_keys/boot_cfg_pw"
OSTREE_GPGDIR = "${MASTER_KEYS_DIR}/rpm_keys"
RPM_GPG_NAME = "PKG-Sample-Man"
RPM_GPG_PASSPHRASE = "abc1234"
RPM_FSK_PASSWORD = "1234pass"
BOOT_GPG_NAME = "BOOT-Sample-Man"
BOOT_GPG_PASSPHRASE = "bootup"
OSTREE_GPGID = "PKG-Sample-Man"
OSTREE_GPG_PASSPHRASE = "abc1234"
OSTREE_GRUB_PW_FILE = "${GRUB_PW_FILE}"
[ Issue: LINUXEXEC-2450 ]
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow SELoader to be an optional component for secure boot
verification. The GPG_SIGN_VERIFY variable was added to control the
ability to have grub perform all of the verification of the loaded
files using a public key which gets built into grub at the time that
mkimage is run.
It is not intended that GPG_SIGN_VERIFY and UEFI_SELOADER would both
be set to "1". While this configuration could work, it makes very
little sense to use the system that way.
Also enabled is the tftp feature for grub as a builtin. This allows
grub to start from the network when the UEFI is configured to boot off
the network with tftp.
[ Issue: LINUXEXEC-2450 ]
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This changes the rpm signing setup to use a generic routine
check_gpg_key(), in order that the boot loader gpg signing can use the
same infrastructure.
For now the boot loader gpg signing will only support grub and
introduces the variable:
GRUB_SIGN_VERIFY = "1"
This variable is a control point to activate the code in grub-efi to
perform file verification of any file it loads against a gpg key which
is linked into the boot loader with grub-mkimage. It will also cause
all the other files such as the kernel, initramfs and LockDown.efi to
be signed such that grub will verify the files.
[ Issue: LINUXEXEC-2450 ]
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
|
| |
|
| |
Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
|
| |
|
|
|
|
|
| |
Having a private key package might allow one to pull it into rootfs
which is really, really bad. So drop all private key packages.
Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
|
| |\
| |
| | |
meta-signing-key/conf/layer.conf: use weak assignment for RPM_GPG_NAM…
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
RPM_GPG_PASSPHRASE
Use weak assignment for RPM_GPG_NAME and RPM_GPG_PASSPHRASE so these
values could be overridden in other conf files.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
| |/ |
|
| |
|
|
|
|
|
| |
The bb.build.FuncFailed had been removed in bitbake with commit
cfeffb602dd5319f071cd6bcf84139ec77f2d170. Use bb.fatal instead of it.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
