perl modules when gets installed can produce a perllocal.pod
file for documenting a list of locally installed perl modules.
This can conflict if multiple packages generate the file.
Hits the conflict with apparmor & rrdtool packages.
Error: Transaction check error:
file /usr/lib/perl5/5.30.0/x86_64-linux/perllocal.pod conflicts between attempted installs of rrdtool-1.7.2-r0.corei7_64 and apparmor-2.13.3-r0.corei7_64
perllocal.pod files are for documentation purpose, so
disabling does not harm. Generating perllocal.pod for perl
module is disabled by passing NO_PERLLOCAL=1
with ExtUtils::MakeMaker utility.
https://perldoc.perl.org/5.30.0/ExtUtils/MakeMaker.html#Using-Attributes-and-Parameters
[YOCTO #13491]
Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
LIC_FILES_CHKSUM changed do to the date bumped to 2018 to 2019.
The license is the same as nmap and the nmap recipe in meta-openembedded
has that beginline/endline grab stuff.
Went for consistency as ncrack is an nmap project.
Signed-off-by: Scott Ellis <scott@jumpnowtek.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
ERROR: oe-scap-1.0-r0 do_package_qa: QA Issue: /usr/share/oe-scap/run_tests.sh contained in package oe-scap requires /bin/bash, but no providers found in RDEPENDS_oe-scap? [file-rdeps]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
ERROR: cryptsetup-tpm-incubator-0.9.9-r0 do_package_qa: QA Issue: /usr/lib/libcryptsetup.so.12.3.0 contained in package cryptsetup-tpm-incubator requires libdevmapper.so.1.02(DM_1_02_97)(64bit), but no providers found in RDEPENDS_cryptsetup-tpm-incubator? [file-rdeps]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This ensures openscap-native does install the needed patches
security guilde needs to build
Minor recipe cleanup too
Signed-off-by: Armin Kuster <akuster808@gmail.com>
add cleandir depends to do_install task
This nostamp is causing issues with the yocto-check-layer when checking
hash changes.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Always build static library. This is required e.g. for runc from
meta-virtualization in its default configuration.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The rootsbindir is a self-defined directory. The install-rootsbinPROGRAMS
is actually treated as part of install-data instead of install-exec.
Do making install-exec-am depend on it actually results in the following
Makefile contents.
install-data-am: install-rootsbinPROGRAMS
install-exec-am: install-binPROGRAMS install-binSCRIPTS
@$(NORMAL_INSTALL)
$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
install-exec-hook: install-rootsbinPROGRAMS
And this results in race condition as two install commands of the same
file running at the same time. Error message is like below.
TOPDIR/tmp-glibc/hosttools/install: cannot create regular file 'TOPDIR/tmp-glibc/work/aarch64-wrs-linux/ecryptfs-utils/111-r0/image/sbin/mount.ecryptfs': File exists
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
ecryptfs-utils does not build with openssl1.1.
Previously this openssl PACKAGECONFIG is disabled by default, so
we are not getting build failures by default. But if we enable it,
we get do_compile failure.
This package is from ubuntu source, and the one ubuntu ships does not
depend on openssl. The development of this package has stopped for about
3 years. I don't see it will fix the build offically.
So remove this PACKAGECONFIG and use '--disable-openssl' directly.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
apparmor-2.13.2-r0 do_package_qa: QA Issue: /usr/bin/aa-easyprof contained in package apparmor requires /usr/bin/python3, but no providers found in RDEPENDS_apparmor? [file-rdeps]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Fixes:
ERROR: QA Issue: /usr/bin/oscap-ssh contained in package openscap requires /bin/bash, but no providers found in RDEPENDS_openscap? [file-rdeps]
ERROR: QA Issue: /usr/bin/scap-as-rpm contained in package openscap requires /usr/bin/python3, but no providers found in RDEPENDS_openscap? [file-rdeps]
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* fixes:
ERROR: QA Issue: /usr/share/smack/smack_rules_gen contained in package smack requires /usr/bin/python3, but no providers found in RDEPENDS_smack? [file-rdeps]
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
It would fail to build scap-security-guide when use openscap-native
sstate cache.
Steps to reproduce:
Create a new build project:
$ bitbake openscap-native
$ bitbake openscap-native -c clean
$ bitbake scap-security-guide
Error message:
OpenSCAP Error: Schema file 'xccdf/1.1/xccdf-schema.xsd' not found in path
'/buildarea/build/tmp/work-shared/openscap/oscap-build-artifacts/usr/share/openscap/schemas'
when trying to validate
'/buildarea/build/tmp/work/core2-64-poky-linux/scap-security-guide/0.1.44+gitAUTOINC+5fdfdcb2e9-r0/git/build/chromium/xccdf-unlinked-resolved.xml'
[/buildarea/build/tmp/work/x86_64-linux/openscap-native/1.3.1+gitAUTOINC+4bbdb46ff6-r0/git/src/source/validate.c:104]
Invalid XCCDF Checklist (1.1) content in
/buildarea/build/tmp/work/core2-64-poky-linux/scap-security-guide/0.1.44+gitAUTOINC+5fdfdcb2e9-r0/git/build/chromium/xccdf-unlinked-resolved.xml.
[/buildarea/build/tmp/work/x86_64-linux/openscap-native/1.3.1+gitAUTOINC+4bbdb46ff6-r0/git/src/source/oscap_source.c:346]
chromium/CMakeFiles/generate-internal-chromium-xccdf-unlinked-resolved.xml.dir/build.make:63: recipe for target 'chromium/xccdf-unlinked-resolved.xml' failed
When using sstate cache, the openscap-native doesn't install the
artifacts to work-shared/openscap/oscap-build-artifacts when prepare
recipe sysroot for scap-security-guide.
Set do_install[nostamp] to 1 to ensure the openscap-native artifacts
are installed to work-shared/openscap/oscap-build-artifacts even if
using sstate cache.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
As pointer by Martin Jansa, keyutils package is now a part of meta-oe,
so switch to using keyutils from that layer.
Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Remove autoconf-archive from DEPENDS because it is using CMake/Ninjia
build now. Also remove unused dpkg-native dependency from
DEPENDS_class-native.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Add bbclass responsible for handling signing of kernel modules.
Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
fixup class to avoid including in every configure task
Signed-off-by: Armin Kuster <akuster808@gmail.com>
data/debug-keys will be reused for demo modsign keys, so rename
IMA_EVM_BASE to more generic INTEGRITY_BASE.
Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
Armin Kuster
Naveen Saini
Scott Ellis
Stefan Agner
Yuan Chao
Adrian Bunk
Qi.Chen@windriver.com
Yi Zhao
Martin Jansa
Dmitry Eremin-Solenikov