Update ibmswtpm2 from 1628 to 1637. Build 1637 Includes:
* Increase NV memory size to match PC Client RSA 3072 requirements
* Add and fix ACT support
* Update Visual Studio files to 2019.
Signed-off-by: Jens Rehsack <sno@netbsd.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Since dm-verity-image.bbclass effectively injects
<DM_VERITY_IMAGE>:do_image_<DM_VERITY_IMAGE_TYPE>
dependency for do_image_wic task, we can change verity rootfs artifact
reference here from DEPLOY_DIR_IMAGE to IMGDEPLOYDIR in order to
mitigate following breakage which was observed when bitbaking
<DM_VERITY_IMAGE> target from scratch (using sstate-cache provided
artifacts):
| wic.filemap.Error: cannot open image file '.../build/tmp/deploy/images/beaglebone-yocto/core-image-minimal-beaglebone-yocto.ext4.verity': [Errno 2] No such file or directory: '.../build/tmp/deploy/images/beaglebone-yocto/core-image-minimal-beaglebone-yocto.ext4.verity'
| WARNING: exit code 1 from a shell command.
|
ERROR: Task (.../meta/recipes-core/images/core-image-minimal.bb:do_image_wic) failed with exit code '1'
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Since IMAGE_LINGUAS defaults to 'en-us en-gb' and since localization is
not needed on this type of purpose-specific initramfs image, reset the
variable which helps by shaving off almost 700kB from resulting bundled
zImage-initramfs artifact.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This removes following boot-time complaints from udevd regarding
missing group declarations:
[ 6.624454] udevd[163]: specified group 'tty' unknown
[ 6.625340] udevd[163]: specified group 'dialout' unknown
[ 6.625692] udevd[163]: specified group 'kmem' unknown
[ 6.626022] udevd[163]: specified group 'input' unknown
[ 6.626541] udevd[163]: specified group 'video' unknown
[ 6.626977] udevd[163]: specified group 'audio' unknown
[ 6.627532] udevd[163]: specified group 'lp' unknown
[ 6.628187] udevd[163]: specified group 'disk' unknown
[ 6.628558] udevd[163]: specified group 'cdrom' unknown
Size impact of this change on resulting bundled zImage-initramfs
artifact is less than +1kB which is neglible.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
- revise declaration ordering as suggested by oe-stylize.py
- sort PACKAGE_INSTALL entries in alphabetic order
- split long command line in deploy_verity_hash()
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Add 'initramfs-module-dmverity' as an extension to poky upstream
provided initramfs-framework suite via matchingly named bbappend file.
Together with pre-existing 'initramfs-module-udev' this module can be
used to facilitate dm-verity rootfs mounting from initramfs context
that is bundled with Linux kernel.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Introduce new STAGING_VERITY_DIR variable specific to this bbclass which
defines the directory where the verity.env file is stored during
<DM_VERITY_IMAGE>:do_image_<DM_VERITY_IMAGE_TYPE> task and can
consequtively be picked up into associated initramfs rootfs (which
facilitates executing 'veritysetup' and related actions).
By doing this we mitigate failures that were thus far associated to this
facility, such as
install: cannot stat '.../build/tmp/deploy/images/qemux86-64/core-image-minimal-qemux86-64.ext4.verity.env': No such file or directory
and
install: cannot stat '.../build/tmp/deploy/images/beaglebone-yocto/core-image-minimal-beaglebone-yocto.ext4.verity.env': No such file or directory
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Add checks that include dm-verity specific kernel config fragment
when dm-verity-img.bbclass is used.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Bind custom actions in this image recipe in do_image() rather than
do_rootfs(), which can help shaving even dozens of seconds from duration
of 'bitbake <DM_VERITY_IMAGE>' command re-execution.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
In order to ensure that the bundled initramfs always contains the most
recently generated DM_VERITY_IMAGE specific root filesystems' root hash,
we disable the timestamp for do_rootfs() task here, meaning that the
task will be re-executed whenever some task that depends on it executes.
Without this change, executing e.g. the following sequence
$ bitbake <DM_VERITY_IMAGE>
$ bitbake -c clean <DM_VERITY_IMAGE>
$ bitbake <DM_VERITY_IMAGE>
results in an unbootable <DM_VERITY_IMAGE> rootfs, which fails like
Mounting /dev/vda over dm-verity as the root filesystem
[ 8.729974] device-mapper: verity: sha256 using implementation sha256-generic
[ 8.810784] device-mapper: verity: 253:0: metadata block 3017 is corrupted
[ 8.813018] device-mapper: verity: 253:0: metadata block 3017 is corrupted
[ 8.813912] Buffer I/O error on dev dm-0, logical block 2992, async page read
Verity device detected corruption after activation.
[ 8.889548] device-mapper: verity: 253:0: metadata block 3017 is corrupted
[ 8.891060] device-mapper: verity: 253:0: metadata block 3017 is corrupted
[ 8.891456] Buffer I/O error on dev dm-0, logical block 2992, async page read
...
[ 9.135707] EXT4-fs (dm-0): unable to read superblock
[ 9.142897] EXT4-fs (dm-0): unable to read superblock
[ 9.145393] EXT4-fs (dm-0): unable to read superblock
[ 9.147905] FAT-fs (dm-0): unable to read boot sector
mount: /new_root: can't read superblock on /dev/mapper/rootfs.
BusyBox v1.32.0 () multi-call binary.
Usage: switch_root [-c CONSOLE_DEV] NEW_ROOT NEW_INIT [ARGS]
[ 9.243274] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000100
[ 9.243701] CPU: 0 PID: 1 Comm: switch_root Not tainted 5.8.3-yocto-standard #1
[ 9.243853] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-48-gd9c812dda519-prebuilt.qemu.org 04/01/2014
...
[ 9.248548] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000100 ]---
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Relocate checking if DM_VERITY_IMAGE and DM_VERITY_IMAGE_TYPE are
defined as non-empty strings before DM_VERITY_IMAGE vs. PN
comparison is performed. By doing so we start seeing following kind
of bitbake parse-time console warnings in case either DM_VERITY_IMAGE
or DM_VERITY_IMAGE_TYPE is not set, when 'dm-verity-img' is defined
in IMAGE_CLASSES:
WARNING: .../meta/recipes-core/images/core-image-minimal.bb: dm-verity-img class inherited but not used
WARNING: .../meta-openembedded/meta-oe/recipes-core/images/meta-oe-ptest-image.bb: dm-verity-img class inherited but not used
whereas before this change this warning was printed only once, when
image pointed by <DM_VERITY_IMAGE> was parsed (and recipe with that
name could be found in BBFILES mask scipe), and DM_VERITY_IMAGE_TYPE
was not set.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Resort to printf in order to avoid usage of non-POSIX compliant echo
flags. This mitigates following errors visible in console during
boot-up with image that has been built on a host that symlinks
'/bin/sh' to 'dash':
/init: /usr/share/dm-verity.env: line 1: -NE_UUID: not found
/init: /usr/share/dm-verity.env: line 2: -ne: not found
/init: /usr/share/dm-verity.env: line 3: 642864e8-6a17-46b9-ba1e-9386a3909c8d: not found
/init: /usr/share/dm-verity.env: line 4: -NE_HASH_TYPE: not found
/init: /usr/share/dm-verity.env: line 5: -ne: not found
/init: /usr/share/dm-verity.env: line 6: 1: not found
/init: /usr/share/dm-verity.env: line 7: -NE_DATA_BLOCKS: not found
/init: /usr/share/dm-verity.env: line 8: -ne: not found
/init: /usr/share/dm-verity.env: line 9: 12064: not found
/init: /usr/share/dm-verity.env: line 10: -NE_DATA_BLOCK_SIZE: not found
/init: /usr/share/dm-verity.env: line 11: -ne: not found
/init: /usr/share/dm-verity.env: line 12: 1024: not found
/init: /usr/share/dm-verity.env: line 13: -NE_HASH_BLOCK_SIZE: not found
/init: /usr/share/dm-verity.env: line 14: -ne: not found
/init: /usr/share/dm-verity.env: line 15: 4096: not found
/init: /usr/share/dm-verity.env: line 16: -NE_HASH_ALGORITHM: not found
/init: /usr/share/dm-verity.env: line 17: -ne: not found
/init: /usr/share/dm-verity.env: line 18: sha256: not found
/init: /usr/share/dm-verity.env: line 19: -NE_SALT: not found
/init: /usr/share/dm-verity.env: line 20: -ne: not found
/init: /usr/share/dm-verity.env: line 21: 19d98185b42a897a37db6c56c7470ab2d455f0de46daa0df735eee6263816439: not found
/init: /usr/share/dm-verity.env: line 22: -NE_ROOT_HASH: not found
/init: /usr/share/dm-verity.env: line 23: -ne: not found
/init: /usr/share/dm-verity.env: line 24: 298d75fc2ea27fe594b6a37158a6ae7538e77d918bab98c475934f625de0e4ab: not found
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Currently sssd's do_patch task fails. Update the patch to fix this problem.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The following error will occur when multilib is enabled:
ERROR: trousers-0.3.14+gitAUTOINC+e74dd1d967-r0 do_package: QA Issue: trousers: Files/directories were installed but not shipped in any package:
/lib
/lib/systemd
/lib/systemd/system
/lib/systemd/system/tcsd.service
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Some XML related fixes are needed to make the sssd manpages buildable
Signed-off-by: Jonatan Pålsson <jonatan.p@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Many for compile issue now being seen.
rpc/tcstp/.libs/libtspi_la-rpc_cmk.o:/usr/src/debug/trousers/0.3.14+gitAUTOINC+4b9a70d578-r0/build/src/tspi/../../../git/src/include/tcsd.h:169: multiple definition of `tcsd_sa_int'; .libs/libtspi_la-tspi_context.o:/usr/src/debug/trousers/0.3.14+gitAUTOINC+4b9a70d578-r0/build/src/tspi/../../../git/src/include/tcsd.h:169: first defined here
| collect2: error: ld returned 1 exit status
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Backport patch to fix cross compile error for mips:
| syscalls.h:44:6: error: expected identifier or '(' before numeric constant
| 44 | int mips;
| | ^~~~
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Recipe provides INSTALL_CLAMAV_CVD flag to bypass clamav
cvd db creation. During do_install this flag should be
used to conditionally skip install of cvd db if needed.
Signed-off-by: Charlie Davies <charles.davies@whitetree.xyz>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
