| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
| |
drop ptest from base builds.
Enable ptest in test image only
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Improves error reporting among other things. Changes:
https://github.com/stefanberger/swtpm/releases/tag/v0.10.0
version 0.10.0:
swtpm:
Requires libtpms v0.10.0
Display tpmstate-opt-lock as a new capability
Add support for lock option parameter to tpmstate option
nvstore_linear: Add support for file-backend locking
Remove broken logic to check for neither dir nor file backend
Use ptm_cap_n to build PTM_GET_CAPABILITY response
Define a structure to return PTM_GET_CAPABILITY result
Implement --print-info to run TPMLIB_GetInfo with flags
Support --profile fd= to read profile from file descriptor
Support --profile file= to read profile from file
Ignore remove-disabled parameter on non-'custom' profile
Check for good entropy source in chroot environment
Implement a check for HMAC+sha1 for testing future restriction
Implement function to check whether a crypto algorithm is disabled
Print cmdarg-print-profiles as part of capabilities
Check whether SHA1 signature support is disabled in profile
Use TPMLIB_WasManufactured to check whether profile was applied
Determine whether OpenSSL needs to be configured (FIPs, SHA1 signature)
Add support for --print-profiles option
Print profile names as part of capabilities JSON
Display new capability to allow setting a profile
Add support for --profile option to set a profile on TPM 2
swtpm_setup:
Comment flags for storage primary key and deprecate --create-spk
Implement --print-profiles to display all profile
Add profile entries to swtpm_setup.conf written by swtpm_setup
Add support for --profile-name option
Accept profiles with name starting with 'custom:'
Support default profile from file in swtpm_setup.conf
Support --profile-file-fd to read profile from file descriptor
Support --profile-file to read profile from file
Always log the active profile
Implement --profile-remove-fips-disabled option
Read default profile from swtpm_setup.conf
Print profile names as part of capabilities JSON
Add support for --profile parameter
Get default rsa keysize from setup_setup.conf if not given
swtpm_ioctl:
Use ptm_cap_n for non-CUSE PTM_GET_CAPABILITY response
selinux:
Change write to append for appending to log
Add rule for logging to svirt_image_t labeled files from swtpm_t
tests:
Update IBMTSS2 test suite to v2.4.0
Test activation of PCR banks when not all are available
Enable SWTPM_TEST_PROFILE for running test_tpm2_ibmtss2 with profile
Add a check for OPENSSL_ENABLE_SHA1_SIGNATURES in log file
Consolidate custom profile test cases and check for StateFormatLevel
Convert test_samples_create_tpmca to run installed
Mention test_tpm2_libtpms_versions_profiles requiring env. variables
allow running ibmtss2 tests against installed version
Derive support for CUSE from SWTPM_EXE help screen
Set OPENSSL_ENABLE_SHA1_SIGNATURES=1 for IBMTSS2 test
Extend test case testing across libtpms versions
Add test case for testing profiles across libtpms versions
Test the --profile option of swtpm_setup and swtpm
teach them to run installed
add installed-runner.sh
install tests on the system
lookup system binaries if INSTALLED is set
build-sys:
enable 64-bit file API on 32-bit systems
Add -Wshadow to the CFLAGS
Require that libtpms v0.10 is available for TPMLIB_SetProfile
debian:
Add rule to allow usage of /var/tmp directory (QEMU)
Add rules for reading profiles from distro and local dirs
Allow non-owner file write access in /var/lib/libvirt/swtpm/
Add sys_admin capability to apparmor profile
https://github.com/stefanberger/swtpm/releases/tag/v0.9.0
version 0.9.0:
Note: The SElinux policy for swtpm was completely redone. For systems
with an SELinux policy the same policy (>= 40.17) as used in
Fedora >= 40 is required due to changes in labels related to libvirt
that made the re-development of the SELinux policy necessary.
swtpm:
Use umask() to create/truncated state file rather than fchmod()
Use fchmod to set mode bits provided by user
Replace mkstemp with g_mkstemp_full (Coverity)
fix typo in help message
cuse: Fix Coverity complaints regarding locks
Fix double free in error path
Close fd after main loop
Restore logging to stderr on log open failure
swtpm_setup:
Fail --pcr-banks without --tpm2
Fail --decryption or --allow-signing without --tpm2
Initialized argv in get_swtpm_capabilities()
Flush spk after persisting to create room for another key
Refactor duplicate code into swtpm_tpm2_write_cert_nvram
Move persisting of certificate into tpm2_persist_certificate
Pass key_type to function creating filename for key
Add scheme parameter before curveid to createprimary_ecc
Rename is_ek to preserve for future extension
Mask-out EK and plaform certificate flags and set cert_flags
Move common code into new function read_certificate_file()
Exit with '0' upon --version rather than '1'
Close file descriptors passed to swtpm process on parent side
Make stdout unbuffered
Use medium duration on TSC_PhysicalPresence to avoid timeouts
Add poll() after write() and before read() to detect errors
swtpm_localca:
Add support for up to 20 bytes serial numbers
Introduce --key as more generic alias for --ek
Add missing NULL option to end of array
Make stdout unbuffered
swtpm_cert:
Add support for serial numbers up to 20 bytes long
swtpm_ioctl:
Separate return code from flags
Repeatedly call PTM_GET_INFO for long responses
selinux:
Re-add rule for svirt_tcg_t and user_tmp_t:sock_file (virt-install)
New SELinux policy that requires Fedora 40 or later
tests:
Fixed occurrences of stray '' before '-'
Rearrange order of test cases to run some also as 'root'
Add tests for command line options and combinations of options
Add softhsm_setup to shellcheck'ed files and fix issues
Add missing 'exit 1' on unexpected file size on --reconfigure
Add test cases for swtpm_cert with max serial number
Fix spelling mistakes
reformat regexs for easier readability and extension
ibmtss2: Add patch to disable x509 test with older libtpms
Upgrade to ibmtss2 v2.0.1
Fixed several issues detected by shellcheck
build-sys:
Add support for --disable-tests to disable tests
Display GMP_LIBS and GMP_CFLAGS
Only display warning if pkg-config for gmp fails
Add gmp library and devel package as dependency
use PKG_CHECK_MODULES to check libtpms version
rpm:
Add gmp library and devel package as dependency
Split off SELinux files to build an selinux package
debian:
Sync AppArmor profile with what is used by Ubuntu
Add gmp library and devel package as dependency
Allow apparmor access to qemu session bus swtpm files
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Using vendor "libtpms_project" and product "libtpms"
as in https://nvd.nist.gov/vuln/detail/CVE-2021-3446
Matches CVEs better when analyzing with cve_check.bbclass.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
Upstream and other distros like Debian use package name
libtpms so use this name for recipe too to match CVEs etc.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Needed by newer swtpm. Improves error messages etc.
Changes:
https://github.com/stefanberger/libtpms/releases/tag/v0.10.0
version 0.10.0:
tpm2: Support for profiles: default-v1 & custom
tpm2: Add new API call TPMLIB_SetProfile to enable user to set a profile
tpm2: Extende TPMLIB_GetInfo to return profiles-related info
tpm2: Implemented crypto tests and restrictions on crypto related to
FIPS-140-3; can be enabled with profiles
tpm2: Enable Camellia-192 and AES-192
tpm2: Implement TPMLIB_WasManufactured API call
tpm2: Fixes for issues detected by static analyzers
tpm2: Use OpenSSL-based KDFe implementation if possible
tpm2: Update to TPM 2 spec rev 183 (many changes)
tpm2: Better support for OpenSSL 3.x
tpm2: Use Carmichael function for RSA priv. exponent D (>= 2048 bits)
tpm2: Fixes for CVE-2023-1017 and CVE-2023-1018
tpm2: Fix of SignedCompareB().
NOTE: This fix may result in backwards compatibility issues with
PCR policies used by TPM2_PolicyCounterTimer and TPM2_PolicyNV
when upgrading from v0.9 to v0.10.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
TEST_RUNQEMUPARAMS = "slirp" does not pass ping through
but UDP and TCP will work. Thus curl the http website
even if the response is DoS blocker and not the real
website.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes python 3.13 support though needed one more patch
which is also submitted upstream. oeqa runtime test
passes on qemuarm and qemuarm64. Did not fix ptest compilation.
Changes:
https://apparmor.net/news/release-4.0.2/
https://gitlab.com/apparmor/apparmor/-/releases/v4.0.3
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
Adding "systemd" to DISTRO_FEATURES does not work anymore
and build failes due to udev selection etc issues.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
ima and meta-integrity are not enabled without and the test fails.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
systemd service files already start a download at boot which locks
the files and thus the test fails. Instead of this test, with systemd
it is sufficient to check that all systemd services succeeded.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
ecryptfs-utils userspace daemon fails to start if kernel
module is not available on target.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Build ecryptfs as module. Needed by userspace counterparts in
ecryptfs-utils which are currently failing to start correctly
and thus downgrading systemd boot status from RUNNING to DEGRADED.
Fix is to build and install the kernel module.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
systemd-boot will then measure boot components to TPM device.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Enable "tpm2" support if "tpm2" is in DISTRO_FEATURES.
Also enable cryptsetup, openssl and repart features which
are needed to use TPM device to encrypt filesystems with
systemd configuration. See:
https://www.freedesktop.org/software/systemd/man/latest/systemd-repart.html#--tpm2-device=
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
"tpm2" is used elsewhere in distro and machine featues to
enable TPM device support.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Without this there is a floating dependency which can fall back
to build host and possibly fail if header file is found but
shared library not. Without this change do_configure log
shows:
checking for efivar... no
checking for efivar/efivar.h... no
../tpm2-tools-5.7/configure: line 15461: efivar: command not found
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Use the new root/pswd directives
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
V2]
use new primary definitions
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
LIC_FILES_CHKSUM changed due to yr update.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Fix the verity class when the IMAGE_BASENAME has changed. Prefer DM_VERITY_IMAGE
for staging env and wic fragment so it matchs what is used in the
dm-verity-image-initramfs and the base wks systemd-bootdisk-dmverity.wks.in.
Signed-off-by: Louis Rannou <louis.rannou@non.se.com>
Signed-off-by: Louis Rannou <louis.rannou@syslinbit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Useful to pass additional arguments to veritysetup, for example
'--no-superblock' to make system less vulnerable to certain types of
attacks and data maniputaion on the disk.
Signed-off-by: Grygorii Tertychnyi <grembeter@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Drop lvm2-udevrules as it has been removed in meta-openembedded
commit[1].
[1] https://git.openembedded.org/meta-openembedded/commit/?h=master&id=c37c867e1adddd6fa39cf3f3d4c6688ea6dc825a
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Measured Boot is the term used to describe the process of securely
recording and computing hashes of code and critical data at each stage
in the boot chain prior to their use.
These measurements can be employed by other system components to
establish a comprehensive attestation system. For example, they could be
employed to enforce local attestation policies (such as the release of
specific platform keys) or to securely transmit them to a remote
challenger, also known as a verifier, post-boot to verify the condition
of the code and critical data.
Measured launch does not authenticate the code or critical data; rather,
it records the code or critical data that was present on the system
during boot.
Initially, the TPM measures the BIOS/EFI layer in the fundamental flow.
This measurement involves the generation of a cryptographic hash of the
binary image and the verification of the binary instructions that this
layer will execute. The TPM stores the generated hash in one of the
numerous "slots" in the Platform Configuration Register (PCR). The TPM
or entities external to the TPM can read these portions of memory at a
later time; however, they are unalterable once they have been written.
These memory pieces are protected by integrity protection from the
instant they are first written. This guarantees that the value written
to a PCR by the TPM will remain constant for the duration of the system,
unless the system is powered off or rebooted.
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Javier Tia <javier.tia@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The project uses /usr/bin/python as the path to the python3 interpreter
in the shebang of the python3 script /usr/sbin/sss_obfuscate[1].
OpenEmbedded uses /usr/bin/python3, and thus, it causes bitbake to raise
the QA issue attached below.
This fixes the path to the python3 interpreter by sed'ing the shebang at
do_install if the python3 is set in the PACKAGECONFIG.
Fixes:
NOTE: Executing Tasks
ERROR: sssd-2.9.2-r0 do_package_qa: QA Issue: /usr/sbin/sss_obfuscate contained in package sssd-python requires /usr/bin/python, but no providers found in RDEPENDS:sssd-python? [file-rdeps]
ERROR: sssd-2.9.2-r0 do_package_qa: Fatal QA errors were found, failing task.
[1]: https://github.com/SSSD/sssd/blob/2.5.2/src/tools/sss_obfuscate#L1
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The project installs the python script sss_obfuscate to the /usr/sbin
directory and the modules to the /usr/lib/python3.X directory.
The recipe does not ship the python modules to the package sssd, and
thus, it raises the QA issue attached below.
This adds the python artifacts (sss_obfuscate script and module files)
to the dedicated package sssd-python.
Fixes:
NOTE: Executing Tasks
ERROR: sssd-2.9.2-r0 do_package: QA Issue: sssd: Files/directories were installed but not shipped in any package:
/usr/lib/python3.12/site-packages/pysss.so
/usr/lib/python3.12/site-packages/pyhbac.so
/usr/lib/python3.12/site-packages/pysss_murmur.so
/usr/lib/python3.12/site-packages/pysss_nss_idmap.so
/usr/lib/python3.12/site-packages/SSSDConfig
/usr/lib/python3.12/site-packages/SSSDConfig-2.9.2-py3.12.egg-info
/usr/lib/python3.12/site-packages/SSSDConfig/__init__.py
/usr/lib/python3.12/site-packages/SSSDConfig/ipachangeconf.py
/usr/lib/python3.12/site-packages/SSSDConfig/sssdoptions.py
/usr/lib/python3.12/site-packages/SSSDConfig/__pycache__
/usr/lib/python3.12/site-packages/SSSDConfig/__pycache__/__init__.cpython-312.pyc
/usr/lib/python3.12/site-packages/SSSDConfig/__pycache__/ipachangeconf.cpython-312.pyc
/usr/lib/python3.12/site-packages/SSSDConfig/__pycache__/sssdoptions.cpython-312.pyc
/usr/lib/python3.12/site-packages/SSSDConfig-2.9.2-py3.12.egg-info/dependency_links.txt
/usr/lib/python3.12/site-packages/SSSDConfig-2.9.2-py3.12.egg-info/top_level.txt
/usr/lib/python3.12/site-packages/SSSDConfig-2.9.2-py3.12.egg-info/SOURCES.txt
/usr/lib/python3.12/site-packages/SSSDConfig-2.9.2-py3.12.egg-info/PKG-INFO
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
sssd: 17 installed and not shipped files. [installed-vs-shipped]
ERROR: sssd-2.9.2-r0 do_package: Fatal QA errors were found, failing task.
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Makefile runs setup.py on the target all-local[1].
The file setup.py uses the deprecated module distutils[2]; sssd-2.10.0
has moved to setuptools[3].
This installs python3-setuptools-native to fix the do_compile issue
below:
Fixes:
| Traceback (most recent call last):
| File "/home/gportay/src/build/tmp/work/core2-64-poky-linux/sssd/2.9.2/build/src/config/setup.py", line 25, in <module>
| from distutils.core import setup
| ModuleNotFoundError: No module named 'distutils'
[1]: https://github.com/SSSD/sssd/blob/2.9.2/Makefile.am#L5462
[2]: https://github.com/SSSD/sssd/blob/2.9.2/src/config/setup.py.in#L25
[3]: https://github.com/SSSD/sssd/commit/9efd79b010dbb46d9968c3d3ab073b8e585cb2ad
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The configure script guesses the target system from the host if no
--with-os= is set[1]. It is untrue if cross-compiling.
The guessed host operating system is used then to do specific things
fort target build.
The commit[2] passes the downstream debian option --install-layout=deb
to setup.py[3] if the host system is debian based, and thus, it raises
the error attached below as that debian-specific option[4] is not part
of the openembedded[5] world.
This sets the Fedora operating system thanks to the existing configure
option --with-os=fedora, that is relatively sain operating system for
the needs of openembedded.
Fixes:
| (...)/build/tmp/work/aarch64-poky-linux/sssd/2.5.2-r0/build/src/config/setup.py:25: DeprecationWarning: The distutils package is deprecated and slated for removal in Python 3.12. Use setuptools or check PEP 632 for potential alternatives
| from distutils.core import setup
| usage: setup.py [global_opts] cmd1 [cmd1_opts] [cmd2 [cmd2_opts] ...]
| or: setup.py --help [cmd1 cmd2 ...]
| or: setup.py --help-commands
| or: setup.py cmd --help
|
| error: option --install-layout not recognized
| Traceback (most recent call last):
| File "/home/gportay/src/openembedded-tests/build/tmp/work/core2-64-poky-linux/sssd/2.9.2/build/src/config/setup.py", line 25, in <module>
| from distutils.core import setup
| ModuleNotFoundError: No module named 'distutils'
Note: Upstream has introduced the "unknown" operating systemd with the
upcoming version 2.10.0[6][7]. The change can be backported.
[1]: https://github.com/SSSD/sssd/blob/2.5.2/src/external/platform.m4#L1-L31
[2]: https://github.com/SSSD/sssd/commit/e6ae55d5423434d5dc6c236e8647b33610d30e2e
[3]: https://github.com/SSSD/sssd/blob/2.5.2/Makefile.am#L32-L35
[4]: https://sources.debian.org/patches/setuptools/68.1.2-2/install-layout.diff/#L7
[5]: https://git.openembedded.org/openembedded-core/tree/meta/recipes-devtools/python/python3-setuptools_59.5.0.bb?h=kirkstone
[6]: https://github.com/SSSD/sssd/commit/7b32dc0ab877a9061b52868b8efe6866c3144b63
[7]: https://github.com/SSSD/sssd/pull/7398
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The configure script checks for the utility python3.X-config to be in
$PATH; that script is shipped by the package python3-native.
The recipe does not depend on the package python3-native which causes
the task do_configure to fail.
The recipe inherits from the bbclass python3-dir that does not install
the required script to the sysroot. The bbclass python3native inherits
from (the already inherited bbclass) python3-dir and it adds the missing
dependency to python3-native.
This fixes the configure error by "upgrading" the inherit bbclass from
python3-dir to python3-native.
Fixes:
| checking for python3.12-config... no
| configure: error:
| The program python3.12-config was not found in search path.
| Please ensure that it is installed and its directory is included in the search
| path. If you want to build sssd without python3 bindings then specify
| --without-python3-bindings when running configure.
| NOTE: The following config.log files may provide further information.
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The variable HAVE_PYTHON3 expects a boolean value[1] and the configure
script raises an error if the option --with-python3-bindings is set and
if the value HAVE_PYTHON3 is not "yes"[2].
The recipe sets a non-boolean value to ac_cv_prog_HAVE_PYTHON3 and thus
causes the task do_configure to fail.
This fixes the value set to ac_cv_prog_HAVE_PYTHON3 by setting it to yes
instead of $(PYTHON_DIR).
Fixes:
| checking for python3... (cached) python3.12
| configure: error:
| The program python3 was not found in search path.
| Please ensure that it is installed and its directory is included in the search
| path. It is required for building python3 bindings. If you do not want to build
| them please use argument --without-python3-bindings when running configure.
| NOTE: The following config.log files may provide further information.
[1]: https://github.com/SSSD/sssd/blob/2.5.2/configure.ac#L323-L325
[2]: https://github.com/SSSD/sssd/blob/2.5.2/configure.ac#L353-L377
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SSSD has introduced the internal tool sss_analyze since 2.6.0[1].
Add log parsing tool which can be used to track requests across
responder and backend logs.
sss_analyze is a python3 script[2] with modules[3] that is run by the
sssctl command analyze[4][5][6].
The autotools installs the files to ${libexec} and ${python3dir}[7]. The
latter is set if the configure option --with-python3-bindings is set
only.
As a consequence, the Makefile installs the python3 files to /sssd
instead of /usr/lib/python3.12/site-packages/sssd if the option
--with-python3-bindings is unset:
gportay@archlinux ~/src $ find build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/modules
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/modules/__init__.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/modules/request.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/modules/error.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/__init__.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/source_files.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/source_journald.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/source_reader.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/parser.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/sss_analyze.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/util.py
The sss_analyze tool is unrelated to the python3 bindings; the sssctl
does not condition its code if the python3 bindings are unset.
Therefore, sss_analyze has to be installed even if the python3 bindings
are unset.
This ensures the variable python3dir is set to the expected location by
adding it to --without-python3-bindings if the python3 feature is
disabled.
gportay@archlinux ~/src $ find build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/modules
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/modules/__init__.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/modules/request.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/modules/error.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/__init__.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/source_files.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/source_journald.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/source_reader.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/parser.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/sss_analyze.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/util.py
[1]: https://github.com/SSSD/sssd/commit/82e051e1f15060554ecacc07107c82675369e0bb
[2]: https://github.com/SSSD/sssd/blob/2.9.2/src/tools/analyzer/sss_analyze#L1
[3]: https://github.com/SSSD/sssd/tree/2.9.2/src/tools/analyzer
[4]: https://github.com/SSSD/sssd/blob/2.9.2/src/tools/sssctl/sssctl_logs.c#L47
[5]: https://github.com/SSSD/sssd/blob/2.9.2/src/tools/sssctl/sssctl_logs.c#L605
[6]: https://github.com/SSSD/sssd/blob/2.9.2/src/tools/sssctl/sssctl.c#L337
[7]: https://github.com/SSSD/sssd/blob/2.9.2/src/tools/analyzer/Makefile.am#L7
[8]: https://github.com/SSSD/sssd/blob/2.9.2/configure.ac#L394
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The internal tool sss_analyze is a python script run by the sssctl
command analyze.
The script sss_analyze imports the python module logging[1].
However, the package sssd lacks installing this python module that is
required to run the script.
This adds the missing run-time dependency python3-logging to ensure this
module comes along the package sssd.
Fixes:
root@qemux86-64:~# sssctl analyze
Traceback (most recent call last):
File "/usr/libexec/sssd/sss_analyze", line 3, in <module>
from sssd import sss_analyze
File "/usr/lib/python3.12/site-packages/sssd/sss_analyze.py", line 3, in <module>
from sssd.modules import request
File "/usr/lib/python3.12/site-packages/sssd/modules/request.py", line 2, in <module>
import logging
ModuleNotFoundError: No module named 'logging'
[1]: https://github.com/SSSD/sssd/blob/2.9.2/src/tools/analyzer/source_files.py#L2
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The internal tool sss_analyze is a python script run by the sssctl
command analyze.
The script sss_analyze is shipped by the package sssd since 2.6.0.
However, the package sssd lacks installing the python interpreter that
is required to run the script.
This adds the missing run-time dependency python3-core to ensure the
interpreter python3 comes along the package sssd.
Fixes:
root@qemux86-64:~# sssctl analyze
env: can't execute 'python3': No such file or directory
Command '/usr/libexec/sssd/sss_analyze' failed with [127]
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
This adds a whitespace after the operator ?= for the sake of
consistency.
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
Upstream-Status: Backport from https://github.com/OISF/libhtp/commit/0d550de551b91d5e57ba23e2b1e2c6430fad6818
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
oe-core has switched to styhead only.
Add layer compatibility to meta-parsec
for styhead.
Signed-off-by: Anusmita Dutta Mazumder <anusmita.duttamazumder@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
few more layers to fixup
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
oe-core switched to styhead only in:
https://git.openembedded.org/openembedded-core/commit/?h=styhead&id=b4cf6d5236a3eacaf56ca2f805b006efac65b26c
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Otherwise Makefile isn't regenerated and do_compile fails with:
suricata/7.0.0/suricata-7.0.0/missing: line 81: aclocal-1.16: command not found
after automake upgrade from 1.16.5 to 1.17 from:
https://git.openembedded.org/openembedded-core/commit/?id=b98328a6ff07119e7ba4f1072090d789e69edef8
Fixes:
CDPATH="${ZSH_VERSION+.}:" && cd . && /bin/bash 'TOPDIR/BUILD/work/mach-distro-linux/suricata/7.0.0/suricata-7.0.0/missing' aclocal-1.16 -I m4
TOPDIR/BUILD/work/mach-distro-linux/suricata/7.0.0/suricata-7.0.0/missing: line 81: aclocal-1.16: command not found
WARNING: 'aclocal-1.16' is missing on your system.
You should only need it if you modified 'acinclude.m4' or
'configure.ac' or m4 files included by 'configure.ac'.
The 'aclocal' program is part of the GNU Automake package:
<https://www.gnu.org/software/automake>
It also requires GNU Autoconf, GNU m4 and Perl in order to run:
<https://www.gnu.org/software/autoconf>
<https://www.gnu.org/software/m4/>
<https://www.perl.org/>
make: *** [Makefile:465: aclocal.m4] Error 127
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The 0.8 orig.tar.gz is not in debian mirror any more. In fact, we
really should avoid using orig.tar.gz like this because distros
like debian will just delete those that they don't maintain any more.
Switch to use git source.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
ChangeLog:
https://github.com/ComplianceAsCode/content/releases/tag/v0.1.74
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
ChangeLog:
https://github.com/OpenSCAP/openscap/releases/tag/1.4.0
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
