[yocto] Help to add uboot/standalone binary program for yocto projects
Hello I follow my last email, I solved the reboot things. Works fine.. but I found a cool/interesting thing, what I would like to integrate. >> I read about standalone binaries (from C, or with Rust generated too?) could use at uboot. http://www.denx.de/wiki/view/DULG/UBootCmdGroupExec#Section_5.9.4.1 Hello World example: http://www.denx.de/wiki/view/DULG/UBootStandalone I understand but really not, how possible use with Yocto. I just create a similar hello_world.c program like at example and solved? Drop to the same folder? .. (I use rpi3.) Somebody did similar thing in the past? Or good example? On Stackoverflow: https://stackoverflow.com/questions/49814470/u-boot-how-to-run-a-standalone-binary-program "You can use the Yocto toolchain but you cannot link against the C library (which is done by default) so you have to put some extra options to GCC to let it know that, also, you cannot use the go instruction from U-Boot to jump to an ELF binary that you just loaded in memory, the ELF binary has to be converted to a 'raw' binary (list of ARM instructions in your case) with the tool objdump. An ELF binary it's a specific format that encapsulate your code/your data and some extra information, and the first part of the ELF is the description of the binary, so right now, when you do a go at the first address, you are trying to tell the CPU to execute something which is not an ARM instruction. You basically want to execute what we call the '.text' section of the ELF binary." Many thanks, Szabolcs -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] Missing init symbolic link in rootfs
Hi, I built the rootfs image but it missed a symbolic link init at the / directory, although I added following init link manually, I should fix it in Yocto build. What should I fix the image build cofiguration to include init link at the /? $ ls / bin dev home libmnt root sbin tmp var boot etc init media proc run sys usr $ ls -l /init init -> /sbin/init Thank you. Kind regards, - jupiter -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-security-compliance][PATCH 1/4] openscap_git: update to 1.3.0
removed unneeded patch
convert over to cmake
refactor files
Signed-off-by: Armin Kuster
---
.../openscap/files/crypto_pkgconfig.patch | 36
.../recipes-openscap/openscap/openscap.inc| 75 +
.../recipes-openscap/openscap/openscap_git.bb | 83 +--
3 files changed, 78 insertions(+), 116 deletions(-)
delete mode 100644
meta-security-compliance/recipes-openscap/openscap/files/crypto_pkgconfig.patch
diff --git
a/meta-security-compliance/recipes-openscap/openscap/files/crypto_pkgconfig.patch
b/meta-security-compliance/recipes-openscap/openscap/files/crypto_pkgconfig.patch
deleted file mode 100644
index 2d70855..000
---
a/meta-security-compliance/recipes-openscap/openscap/files/crypto_pkgconfig.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Index: git/configure.ac
-===
git.orig/configure.ac
-+++ git/configure.ac
-@@ -360,25 +360,13 @@ case "${with_crypto}" in
- AC_DEFINE([HAVE_NSS3], [1], [Define to 1 if you have 'NSS' library.])
- ;;
- gcrypt)
-- SAVE_LIBS=$LIBS
--AC_CHECK_LIB([gcrypt], [gcry_check_version],
-- [crapi_CFLAGS=`libgcrypt-config --cflags`;
-- crapi_LIBS=`libgcrypt-config --libs`;
-- crapi_libname="GCrypt";],
-- [AC_MSG_ERROR([library 'gcrypt' is required for
GCrypt.])],
-- [])
--AC_DEFINE([HAVE_GCRYPT], [1], [Define to 1 if you have 'gcrypt'
library.])
-- AC_CACHE_CHECK([for GCRYCTL_SET_ENFORCED_FIPS_FLAG],
--[ac_cv_gcryctl_set_enforced_fips_flag],
--[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include],
--[return
GCRYCTL_SET_ENFORCED_FIPS_FLAG;])],
--
[ac_cv_gcryctl_set_enforced_fips_flag=yes],
--
[ac_cv_gcryctl_set_enforced_fips_flag=no])])
-+ PKG_CHECK_MODULES([libgcrypt], [libgcrypt >= 1.7.9],[],
-+AC_MSG_FAILURE([libgcrypt devel support is missing]))
-
-- if test "${ac_cv_gcryctl_set_enforced_fips_flag}" == "yes"; then
-- AC_DEFINE([HAVE_GCRYCTL_SET_ENFORCED_FIPS_FLAG], [1], [Define to 1
if you have 'gcrypt' library with GCRYCTL_SET_ENFORCED_FIPS_FLAG.])
-- fi
-- LIBS=$SAVE_LIBS
-+ crapi_libname="libgcrypt"
-+ crapi_CFLAGS=$libgcrypt_CFLAGS
-+ crapi_LIBS=$libgcrypt_LIBS
-+AC_DEFINE([HAVE_GCRYPT], [1], [Define to 1 if you have 'libgcrypt'
library.])
- ;;
- *)
- AC_MSG_ERROR([unknown crypto backend])
diff --git a/meta-security-compliance/recipes-openscap/openscap/openscap.inc
b/meta-security-compliance/recipes-openscap/openscap/openscap.inc
index e9589b6..4c1f206 100644
--- a/meta-security-compliance/recipes-openscap/openscap/openscap.inc
+++ b/meta-security-compliance/recipes-openscap/openscap/openscap.inc
@@ -1,2 +1,77 @@
+# Copyright (C) 2017 Armin Kuster
+# Released under the MIT license (see COPYING.MIT for the terms)
+
+SUMARRY = "NIST Certified SCAP 1.2 toolkit"
+HOME_URL = "https://www.open-scap.org/tools/openscap-base/";
+LIC_FILES_CHKSUM = "file://COPYING;md5=fbc093901857fcd118f065f900982c24"
+LICENSE = "LGPL-2.1"
+
+DEPENDS = "autoconf-archive dbus acl bzip2 pkgconfig gconf procps curl libxml2
libxslt libcap swig libgcrypt chrpath-replacement-native "
+
+DEPENDS_class-native = "autoconf-archive-native pkgconfig-native swig-native
curl-native libxml2-native libxslt-native dpkg-native libgcrypt-native
nss-native"
+
+inherit cmake pkgconfig python3native perlnative ptest
+
+S = "${WORKDIR}/git"
+
+PACKAGECONFIG ?= "python3 rpm perl"
+PACKAGECONFIG[python3] = "-DENABLE_PYTHON3=True, , python3, python3"
+PACKAGECONFIG[perl] = "-DENABLE_PERL=True,, perl, perl"
+PACKAGECONFIG[rpm] = "-DENABLE_OSCAP_UTIL_AS_RPM=True, ,rpm, rpm"
+
+EXTRA_OECONF += "-DENABLE_PROBES_INDEPENDENT=yes -DENABLE_PROBES_LINUX=yes
-DWITH_CRYPTO=gcrypt\
+ -DENABLE_PROBES_SOLARIS=yes -DENABLE_PROBES_UNIX=yes
-DENABLE_TESTS=no \
+ -DENABLE_OSCAP_UTIL_SSH=yes -DENABLE_OSCAP_UTIL=yes
-DENABLE_SCE=yes \
+-DENABLE_OSCAP_UTIL_DOCKER=no \
+"
+
+EXTRA_OECONF_class-native += "-DENABLE_PROBES=True"
+
STAGING_OSCAP_DIR = "${TMPDIR}/work-shared/${MACHINE}/oscap-source"
STAGING_OSCAP_BUILDDIR = "${TMPDIR}/work-shared/openscap/oscap-build-artifacts"
+
+EXTRANATIVEPATH += "chrpath-native"
+
+do_configure_append_class-native () {
+ sed -i 's:OSCAP_DEFAULT_CPE_PATH.*$:OSCAP_DEFAULT_CPE_PATH
"${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/cpe":' ${S}/config.h
+ sed -i 's:OSCAP_DEFAULT_SCHEMA_PATH.*$:OSCAP_DEFAULT_SCHEMA_PATH
"${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/schemas":' ${S}/config.h
+ sed -i 's:OSCAP_DEFAULT_XSLT_PATH.*$:OSCAP_DEFAULT_XSLT_PATH
"${STAGING_OSCAP_BUILDDIR}${datadir_native}/
[yocto] [meta-security-compliance][PATCH 2/4] openscap: add 1.3.1 recipes for upstream source
Signed-off-by: Armin Kuster
---
.../recipes-openscap/openscap/openscap.inc| 11 +--
.../recipes-openscap/openscap/openscap_1.3.1.bb | 10 ++
.../recipes-openscap/openscap/openscap_git.bb | 4 ++--
3 files changed, 17 insertions(+), 8 deletions(-)
create mode 100644
meta-security-compliance/recipes-openscap/openscap/openscap_1.3.1.bb
diff --git a/meta-security-compliance/recipes-openscap/openscap/openscap.inc
b/meta-security-compliance/recipes-openscap/openscap/openscap.inc
index 4c1f206..e5daaf8 100644
--- a/meta-security-compliance/recipes-openscap/openscap/openscap.inc
+++ b/meta-security-compliance/recipes-openscap/openscap/openscap.inc
@@ -10,10 +10,10 @@ DEPENDS = "autoconf-archive dbus acl bzip2 pkgconfig gconf
procps curl libxml2 l
DEPENDS_class-native = "autoconf-archive-native pkgconfig-native swig-native
curl-native libxml2-native libxslt-native dpkg-native libgcrypt-native
nss-native"
-inherit cmake pkgconfig python3native perlnative ptest
-
S = "${WORKDIR}/git"
+inherit cmake pkgconfig python3native perlnative ptest
+
PACKAGECONFIG ?= "python3 rpm perl"
PACKAGECONFIG[python3] = "-DENABLE_PYTHON3=True, , python3, python3"
PACKAGECONFIG[perl] = "-DENABLE_PERL=True,, perl, perl"
@@ -25,7 +25,6 @@ EXTRA_OECONF += "-DENABLE_PROBES_INDEPENDENT=yes
-DENABLE_PROBES_LINUX=yes -DWIT
-DENABLE_OSCAP_UTIL_DOCKER=no \
"
-EXTRA_OECONF_class-native += "-DENABLE_PROBES=True"
STAGING_OSCAP_DIR = "${TMPDIR}/work-shared/${MACHINE}/oscap-source"
STAGING_OSCAP_BUILDDIR = "${TMPDIR}/work-shared/openscap/oscap-build-artifacts"
@@ -33,9 +32,9 @@ STAGING_OSCAP_BUILDDIR =
"${TMPDIR}/work-shared/openscap/oscap-build-artifacts"
EXTRANATIVEPATH += "chrpath-native"
do_configure_append_class-native () {
- sed -i 's:OSCAP_DEFAULT_CPE_PATH.*$:OSCAP_DEFAULT_CPE_PATH
"${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/cpe":' ${S}/config.h
- sed -i 's:OSCAP_DEFAULT_SCHEMA_PATH.*$:OSCAP_DEFAULT_SCHEMA_PATH
"${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/schemas":' ${S}/config.h
- sed -i 's:OSCAP_DEFAULT_XSLT_PATH.*$:OSCAP_DEFAULT_XSLT_PATH
"${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/xsl":' ${S}/config.h
+ sed -i 's:OSCAP_DEFAULT_CPE_PATH.*$:OSCAP_DEFAULT_CPE_PATH
"${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/cpe":' ${B}/config.h
+ sed -i 's:OSCAP_DEFAULT_SCHEMA_PATH.*$:OSCAP_DEFAULT_SCHEMA_PATH
"${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/schemas":' ${B}/config.h
+ sed -i 's:OSCAP_DEFAULT_XSLT_PATH.*$:OSCAP_DEFAULT_XSLT_PATH
"${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/xsl":' ${B}/config.h
}
do_clean[cleandirs] += " ${STAGING_OSCAP_BUILDDIR}"
diff --git
a/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.1.bb
b/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.1.bb
new file mode 100644
index 000..c29fd42
--- /dev/null
+++ b/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.1.bb
@@ -0,0 +1,10 @@
+SUMARRY = "NIST Certified SCAP 1.2 toolkit"
+
+require openscap.inc
+
+SRCREV = "3a4c635691380fa990a226acc8558db35d7ebabc"
+SRC_URI = "git://github.com/OpenSCAP/openscap.git;branch=maint-1.3 \
+ file://run-ptest \
+"
+
+DEFAULT_PREFERENCE = "-1"
diff --git a/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb
b/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb
index 3dfa99e..aded920 100644
--- a/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb
+++ b/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb
@@ -3,9 +3,9 @@
SUMARRY = "NIST Certified SCAP 1.2 toolkit with OE changes"
+include openscap.inc
+
SRCREV = "4bbdb46ff651f809d5b38ca08d769790c4bfff90"
SRC_URI = "git://github.com/akuster/openscap.git;branch=oe-1.3 \
file://run-ptest \
"
-
-include openscap.inc
--
2.17.1
--
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-security-compliance][PATCH 4/4] meta-security-compliance: add meta-python
with some for the recipe updates, more pyton support is needed Signed-off-by: Armin Kuster --- meta-security-compliance/conf/layer.conf | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/meta-security-compliance/conf/layer.conf b/meta-security-compliance/conf/layer.conf index b245a16..9ccadab 100644 --- a/meta-security-compliance/conf/layer.conf +++ b/meta-security-compliance/conf/layer.conf @@ -10,6 +10,4 @@ BBFILE_PRIORITY_scanners-layer = "10" LAYERSERIES_COMPAT_scanners-layer = "warrior" -LAYERDEPENDS_scanners-layer = " \ -core \ -" +LAYERDEPENDS_scanners-layer = "core openembedded-layer meta-python" -- 2.17.1 -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-security-compliance][PATCH 3/4] scap-security-guide: update to 0.1.44
create a PV version to track upstream
git version includes OE changes
Signed-off-by: Armin Kuster
---
.../scap-security-guide.inc | 47 ++
.../scap-security-guide_0.1.44.bb | 8 +++
.../scap-security-guide_git.bb| 63 +++
3 files changed, 63 insertions(+), 55 deletions(-)
create mode 100644
meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide.inc
create mode 100644
meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_0.1.44.bb
diff --git
a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide.inc
b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide.inc
new file mode 100644
index 000..ed70c18
--- /dev/null
+++
b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide.inc
@@ -0,0 +1,47 @@
+# Copyright (C) 2017 Armin Kuster
+# Released under the MIT license (see COPYING.MIT for the terms)
+
+SUMARRY = "SCAP content for various platforms"
+HOME_URL = "https://www.open-scap.org/security-policies/scap-security-guide/";
+LIC_FILES_CHKSUM = "file://LICENSE;md5=97662e4486d9a1d09f358851d9f41a1a"
+LICENSE = "LGPL-2.1"
+
+DEPENDS = "openscap-native python3 python3-pyyaml-native python3-jinja2-native
libxml2-native"
+
+S = "${WORKDIR}/git"
+
+inherit cmake pkgconfig python3native
+
+#PARALLEL_MAKE = ""
+
+STAGING_OSCAP_BUILDDIR = "${TMPDIR}/work-shared/openscap/oscap-build-artifacts"
+
+OECMAKE_GENERATOR = "Unix Makefiles"
+
+EXTRA_OECMAKE += "-DENABLE_PYTHON_COVERAGE=OFF"
+
+do_configure_prepend () {
+ sed -i -e 's:NAMES\ sed:NAMES\ ${HOSTTOOLS_DIR}/sed:g'
${S}/CMakeLists.txt
+sed -i
's:/usr/share/openscap/:${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/:g'
${S}/cmake/SSGCommon.cmake
+}
+
+do_compile () {
+ cd ${S}/build
+ cmake ../
+ # oddly rhel7 needs to build first
+ make rhel7
+}
+
+do_install () {
+ cd ${S}/build
+ make DESTDIR=${D} install
+}
+
+localdatadir = "${prefix}/local/share"
+localmandir = "${localdatadir}/man"
+localdocdir = "${localdatadir}/doc"
+localxmldir = "${localdatadir}/xml"
+
+FILES_${PN} += "${localdatadir} ${localxmldir}"
+FILES_${PN}-doc += "${localmandir} ${localdocdir}"
+RDEPNEDS_${PN} = "openscap"
diff --git
a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_0.1.44.bb
b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_0.1.44.bb
new file mode 100644
index 000..d80ecd7
--- /dev/null
+++
b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_0.1.44.bb
@@ -0,0 +1,8 @@
+SUMARRY = "SCAP content for various platforms, upstream version"
+
+SRCREV = "8cb2d0f351faff5440742258782281164953b0a6"
+SRC_URI = "git://github.com/ComplianceAsCode/content.git"
+
+DEFAULT_PREFERENCE = "-1"
+
+require scap-security-guide.inc
diff --git
a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb
b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb
index 3f76038..cb21fed 100644
---
a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb
+++
b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb
@@ -1,60 +1,13 @@
-# Copyright (C) 2017 Armin Kuster
-# Released under the MIT license (see COPYING.MIT for the terms)
+SUMARRY = "SCAP content for various platforms, OE changes"
-SUMARRY = "SCAP content for various platforms"
-HOME_URL = "https://www.open-scap.org/security-policies/scap-security-guide/";
-LIC_FILES_CHKSUM = "file://LICENSE;md5=236e81befc8154d18c93c848185d7e52"
-LICENSE = "LGPL-2.1"
+SRCREV = "5fdfdcb2e95afbd86ace555beca5d20cbf1043ed"
+SRC_URI = "git://github.com/akuster/scap-security-guide.git;branch=oe-0.1.44;"
+PV = "v0.1.44+git${SRCPV}"
-DEPENDS = "openscap-native"
+require scap-security-guide.inc
-SRCREV = "423d9f40021a03abd018bef7818a3a9fe91a083c"
-SRC_URI = "git://github.com/akuster/scap-security-guide.git;branch=oe;"
-PV = "v0.1.33+git${SRCPV}"
-
-inherit cmake
-
-PARALLEL_MAKE = ""
-
-S = "${WORKDIR}/git"
-
-STAGING_OSCAP_BUILDDIR = "${TMPDIR}/work-shared/openscap/oscap-build-artifacts"
-
-OECMAKE_GENERATOR = "Unix Makefiles"
-
-EXTRA_OECMAKE += "-DSSG_PRODUCT_CHROMIUM:BOOL=OFF"
-EXTRA_OECMAKE += "-DSSG_PRODUCT_DEBIAN8:BOOL=OFF"
-EXTRA_OECMAKE += "-DSSG_PRODUCT_FEDORA:BOOL=OFF"
-EXTRA_OECMAKE += "-DSSG_PRODUCT_FIREFOX:BOOL=OFF"
-EXTRA_OECMAKE += "-DSSG_PRODUCT_JBOSS_EAP5:BOOL=OFF"
-EXTRA_OECMAKE += "-DSSG_PRODUCT_JBOSS_FUSE6:BOOL=OFF"
-EXTRA_OECMAKE += "-DSSG_PRODUCT_JRE:BOOL=OFF"
-EXTRA_OECMAKE += "-DSSG_PRODUCT_OPENSUSE:BOOL=OFF"
-EXTRA_OECMAKE += "-DSSG_PRODUCT_OSP7:BOOL=OFF"
-EXTRA_OECMAKE += "-DSSG_PRODUCT_RHEL5:BOOL=OFF"
-EXTRA_OECMAKE += "-DSSG_PRODUCT_RHEL6:BOOL=OFF"
-EXTRA_OECMAKE += "-DSSG_PRODUCT_RHEL7:BOOL=OFF"
-EXTRA_OECMAKE += "-DSSG_PROD
[yocto] How to add udev in Yocto build?
Hi, I need to add a udev file to make kernel device name symbolic link, any example I can make the Yocto configure to achieve it? Thank you. Kind regards, - jupiter -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
