Fix error when run ptest on target:
cp: cannot stat '/usr/bin/true': No such file or directory
make: *** [Makefile:1120: squid-conf-tests] Error 1
The correct path should be /bin/true on target.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The default sysconfdir is /etc and logdir is /var/logs. Set sysconfdir
and logdir when configure, replace them with /etc/squid and
/var/log/squid.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* Allow sysinfo() in the seccomp sandbox otherwise
comes below OOPS: priv_sock_get_cmd as the syscall
sysinfo() not allowed
tnftp 192.168.1.1
Connected to 192.168.1.1.
220 (vsFTPd 3.0.3)
Name (192.168.1.1:root): anonymous
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> prompt
Interactive mode off.
ftp> mget small*
OOPS: priv_sock_get_cmd
* use "strace -ff /usr/sbin/vsftpd" to track in both
seccomp sandbox on and seccomp sandbox off (add
seccomp_sandbox=NO in /etc/vsftpd.conf) scenarios when
type the commands at ftp client as above, the ftp
connection at server side ends up each time with SIGSYS when
call sysinfo() syscall in seccomp sandbox on case,
so we need to add sysinfo() in the seccomp sandbox if
still use seccomp sandbox for vsftpd
* The issue still exists in other distribution, Please
check https://bugzilla.redhat.com/show_bug.cgi?id=845980 for details
And check ftp://195.220.108.108/linux/fedora/linux/updates/\
24/SRPMS/p/proftpd-1.3.5b-2.fc24.src.rpm for fedora, there
is even a patch vsftpd-3.0.2-seccomp.patch as below to turn off
seccomp sandbox for vsftpd by default which also means fedora
doesn't limit the syscall any more by default.
From dd86a1c28f11fa67b1263d5dc79fa9953629d30d Mon Sep 17 00:00:00 2001
From: Martin Sehnoutka <msehnout@redhat.com>
Date: Fri, 8 Apr 2016 15:03:16 +0200
Subject: [PATCH 1/7] vsftpd-3.0.2-seccomp
---
tunables.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tunables.c b/tunables.c
index 93f85b1..b024be4 100644
--- a/tunables.c
+++ b/tunables.c
@@ -232,7 +232,7 @@ tunables_load_defaults()
tunable_isolate_network = 1;
tunable_ftp_enable = 1;
tunable_http_enable = 0;
- tunable_seccomp_sandbox = 1;
+ tunable_seccomp_sandbox = 0;
tunable_allow_writeable_chroot = 0;
tunable_accept_timeout = 60;
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* Remove the ftpmail script to avoid confusion
about it fails to run because it lacks a dependency
on Mail/Sendmail.pm which is not shipped by default.
Also it has not been maintained for more than 10 years as
http://search.cpan.org/~mivkovic/Mail-Sendmail/Sendmail.pm.
* And it's bad to add the dependency perl module
Mail/Sendmail.pm as it's too old and also send email to
Proftp-devel@lists.sourceforge.net to ask guidance about
ftpmail as below:
Q: In my environment, the ftpmail fails to run as
it lacks the dependency on Mail/Sendmail.pm which
is not shipped by default and also not maintained more
than 10 years as
http://search.cpan.org/~mivkovic/Mail-Sendmail/Sendmail.pm.
A: Patches for updates to the ftpmail script are highly
encouraged! If the Mail-Sendmail package is not to
your preference, what would you suggest/prefer using
instead?
We don't plan to do more improvements about the perl module
Mail-Sendmail now since it's not something we, or other distros
apparently need as other distribution also not include the
ftpmail script.
* The ftpmail is initially added as a perl script to send an email
notification when upload proftpd log as below commit in
https://github.com/proftpd/proftpd.git:
commit 8d602d4bf01ef0c6464c7a16dbbe570a0322dc17
Author: castaglia <castaglia>
Date: Thu Mar 6 03:06:14 2008 +0000
Added ftpmail, a Perl script which reads a TransferLog FIFO and sends
automatic email notifications for uploads.
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* squid-conf-tests is a test to run "squid -k parse -f"
to perse the config files, which should not be run
at build time since we are cross compiling, so remove
it when compiling test-suite
* Fix the directories of the conf files for squid-conf-tests
so that it can run on the target and add it for ptest
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
when disable sysvinit and specify "systemd" in DISTRO_FEATURES,
the recipe "inhert systemd" will delete "/etc/init.d/opensafd",but
"/etc/init.d/opensafd" is needed to start opensafd.service.
Signed-off-by: Dai Caiyun <daicy.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
When pam is enabled,
1, Customize the proftpd.conf to use pam to authenticate
2, Add proftpd pam configuration file /etc/pam.d/proftpd
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
When configuring squid with --enable-esi option,
the following error was observed:
[snip]
checking libxml/parser.h usability... no
checking libxml/parser.h presence... no
checking for libxml/parser.h... no
configure: Failed to find libxml2 header file libxml/parser.h
[snip]
ERROR: This autoconf log indicates errors, it looked at host include
and/or library paths while determining system capabilities.
[snip]
It tried to search libxml header file in host path. Set the SYSROOT
to avoid this host contamination.
Signed-off-by: Yue Tao <yue.tao@windriver.com>
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Commit f8dd8cde90 removed the StandardError
option from the proftpd service file, re-introduce it.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
When using '??=' to set a variable, '+=' will cause
the '??=' value to be discarded. We change how PACKAGECONFIG
is defined. We also do not make sia support a default
since it is not likely to be available.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* Remove the blacklist since the issue is gone with new version
* Remove two CVE patches which have been fixed:
- CVE-2016-3947 and CVE-2016-4553
* Rebased the patch for ptest.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The recipe for atftp inherits useradd.bbclass and
re-creates the user nobody as a "system" user. This
is not correct and is in vain because this new definition
will not be created on the target.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
1) error: file /usr/share/man/man1/mailq.1 from install of postfix-doc
conflicts with file from package esmtp-doc
2) error: file /usr/share/man/man1/newaliases.1 from install of postfix-doc
conflicts with file from package esmtp-doc
3) error: file /usr/share/man/man1/sendmail.1 from install of postfix-doc
conflicts with file from package esmtp-doc
Signed-off-by: Dai Caiyun <daicy.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
base_contains() is a compatibility wrapper and may warn in the future, so
replace all instances with bb.utils.contains().
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
This new release has following changes since version 0.9.0:
lldpd (0.9.2)
Change:
- Ability to add/remove/replace custom TLV from lldpcli.
- LLDP-MED capabilities are displayed differently in lldpcli.
- Limit the maximum depth (5) when trying to apply a VLAN.
- Change JSON output format when using json-c to match Jansson
output.
- Integration tests for the major parts of lldpd, including use of
address and leak sanitizer.
Fix:
- LLDP-MED POE TLV are now displayed in lldpcli.
- Ignore lower link when it is in another namespace.
- Fix various problems with interfaces being enslaved.
- Fix a memory leak when modifying port-related settings.
lldpd (0.9.1)
Change:
- Rework packaging for OS X to make it work with El Capitan. To
simplify a bit, it is not possible anymore to build fat
binaries. Latest version of OS X supporting 32bit was 10.6.
Fix:
- By default, when using port alias as description, use port name
as port ID.
- Miscellaneous fixes with netlink cache.
- Ensure large netlink messages can be received.
Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br>
Acked-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The mail group is provided by base-passwd so would always be present. Therefore
drop the uneeded group addition from this recipe.
This works around the recent user cleanup code improvements which meant
this started causing failures for people.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Acked-by: Otavio Salvador <otavio@ossystems.com.br>
Tested-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
ccdv is an internal tool to reduce the deluge Make output
to make finding actual problems easier and it is intended
to be invoked from Makefiles only, it doesn't work for the
cross compiling, so compile it with $BUILD_CC and
corresponding CFLAGS.
And I think we don't need to enable it by default to
reduce our Make output, so add a PACKAGECONFIG for it
but disable it by default.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
There is a build failure while rebuilding postfix
...
| NOTE: make -e MAKEFLAGS= OPT= DEBUG= OPTS= clean
| make -f Makefile.in MAKELEVEL= Makefiles
| (echo "# Do not edit -- this file documents how Postfix was built for your
machine.";/bin/sh makedefs) >makedefs.tmp
| No <db.h> include file found.
| Install the appropriate db*-devel package first.
| Makefile.in:31: recipe for target 'Makefiles' failed
| make: *** [Makefiles] Error 1
| Makefile:21: recipe for target 'Makefiles' failed
| make: *** [Makefiles] Error 2
| ERROR: oe_runmake failed
| ERROR: Function failed: do_configure (log file is located at tmp/work/
core2-64-wrs-linux/postfix/3.0.2-r0/temp/do_configure/log.do_configure.12848)
...
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
This recipe currently relies on EXTRA_OEMAKE having been to set to
"-e MAKEFLAGS=" in bitbake.conf to operate. It is necessary to make
this explicit so that the default in bitbake.conf can be changed.
Signed-off-by: Mike Crowe <mac@mcrowe.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
1) Upgrade opensaf from 4.6.0 to 4.7.0.
2) Delete two patches,since they are not needed any more.
Revert_imma_client_node_replyPending_to_unsigned_char.patch
Fix_GCC_5.1.0_compiler_warning.patch
Signed-off-by: Dai Caiyun <daicy.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
While hostname is numeric, start postfix failed
...
root@qemux86-64:~# hostname 1.2.3.4
root@qemux86-64:~# systemctl restart postfix
|Job for postfix.service failed because the control process exited
with error code. See "systemctl status postfix.service" and
"journalctl -xe" for details.
root@qemux86-64:~# systemctl status postfix -l
Dec 02 08:05:40 1.2.3.4 aliasesdb[535]: /usr/sbin/postconf: fatal: unable to use my own hostname
Dec 02 08:05:41 1.2.3.4 aliasesdb[535]: newaliases: warning: valid_hostname: numeric hostname: 1.2.3.4
Dec 02 08:05:41 1.2.3.4 postfix/sendmail[537]: warning: valid_hostname: numeric hostname: 1.2.3.4
Dec 02 08:05:41 1.2.3.4 aliasesdb[535]: newaliases: fatal: unable to use my own hostname
Dec 02 08:05:42 1.2.3.4 postfix[540]: warning: valid_hostname: numeric hostname: 1.2.3.4
Dec 02 08:05:42 1.2.3.4 postfix[540]: fatal: unable to use my own hostname
...
Refer meta/recipes-core/initscripts/initscripts-1.0/hostname.sh in oe-core,
add check_hostname.sh and invoke it before postfix start, if the hostname
is invalid, set "localhost" to main.cf.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
configure the systemd unit file dir, otherwise it will be auto-checked
by 'pkg-config --variable=systemdsystemunitdir systemd', but if systemd
is not built firstly, and the the unit file will not be installed, and
lead to below error:
ERROR: Function failed: SYSTEMD_SERVICE_lldpd value lldpd.service does not exist
and disable sysusersdir, since sysuser is not used currently.
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Yi Zhao
Qi.Chen@windriver.com
Ming Liu
Mingli Yu
Jackie Huang
Martin Jansa
Kai Kang
Dai Caiyun
Yue Tao
Joe MacDonald
Joe Slater
Armin Kuster
Catalin Enache
Ross Burton
Fabio Berton
Richard Purdie
Randy MacLeod
Hongxu Jia
George McCollister
Mike Crowe
Roy Li
Li Xin