Re: [yocto] [meta-browser] firefox build failed

Hi, > If you're inteersted in firefox than upgrading it to some recent firefox > release > should be the first step. OK, I get it. Thank you for your reply. Best regards Lei > -Original Message- > From: Martin Jansa > Sent: Wednesday, July 31, 2024 4:42 PM > To: yocto@lists.yoctoproj

[yocto] running ptest without internet?

Hi, I was wondering if there is a convention or agreement on what to do with tests under ptests that do need internet but are running without? An example could be a unittest of a package about networking that does a ping to an URL. For now, Yocto assumes there is always a network/internet? Or we

[yocto] Using sshd with a non-bash shell

Hello I was wondering whether anybody has any experience of running sshd successfully on a system with a 'non-bash' shell? We're using kirkstone 4.0.12 which has openssh 8.9p1 and systemd 250.5. Both ssh and scp work as expected with '/bin/sh -> bash.bash' on the target, but with '/bin/sh -> busy

[yocto] [scarthgap]: Binary copied in RFS but with wrong permission

Hi All , I am creating an core-image-minimal for am3505 custom yocto BSP. I have added few packages like example curl ,sudo ,tcpdump The compilation went fine , but i see different error with binary a) /etc/sudo.conf is owned by uid 5001, should be 0 root:~# sudo -v sudo: /etc/sudo.conf is owned

Re: [yocto] CVEs and OSS info for nested dependencies

On Wed, Jul 31, 2024 at 1:28 PM Peter Marko via lists.yoctoproject.org wrote: > > > -Original Message- > > From: Steven Dorigotti > > Sent: Wednesday, July 31, 2024 13:20 > > To: Marko, Peter (ADV D EU SK BFS1) > > Cc: yocto@lists.yoctoproject.org > > Subject: Re: [yocto] CVEs and OSS i

Re: [yocto] Diff / Delta file between two rootfs images.

Hi Patryk, First of all, I'd like to start by saying that I work for Foundries.io. Foundries.io provides a platform havely based on OSTree to do the OTA. You can take a look on: https://foundries.io https://docs.foundries.io/latest https://github.com/foundriesio You can also take a look on the

Re: [yocto] CVEs and OSS info for nested dependencies

> -Original Message- > From: Steven Dorigotti > Sent: Wednesday, July 31, 2024 13:20 > To: Marko, Peter (ADV D EU SK BFS1) > Cc: yocto@lists.yoctoproject.org > Subject: Re: [yocto] CVEs and OSS info for nested dependencies > > > > On 31 Jul 2024, at 10:21, Marko, Peter wrote: > > Hel

Re: [yocto] CVEs and OSS info for nested dependencies

> On 31 Jul 2024, at 10:21, Marko, Peter wrote: Hello Peter, > This topic comes up from time to time. It’s nice to get confirmation, I was unable to find any traces of the issue. > There was already a patch proposed for this: > https://lists.openembedded.org/g/openembedded-core/topic/10199126

Re: [yocto] CVEs and OSS info for nested dependencies

> On 31 Jul 2024, at 10:56, Marta Rybczynska wrote: > If nghttp2 is a normal dependency (dependency to a different recipe), this > will work just fine. The CVE entry for this vuln has nghttp2 well marked. > However, if the nghttp2 code is just copied in, without a trace in the OE > build system

Re: [yocto] Diff / Delta file between two rootfs images #toolchain #yocto

Hi Patryk, The Mender dude here :-) As already pointed out by Logan, yeah, the most straightforward thing is to use the delta updates feature which we offer, as it already packages the workflow in a known good way. And for larger fleets, the delta generation can also be moved to the hosted backen

Re: [yocto] CVEs and OSS info for nested dependencies

On Wed, Jul 31, 2024 at 10:03 AM Steven Dorigotti via lists.yoctoproject.org wrote: > Hello, > > I think I have come across some limitations in CVE and OSS handling for > internal dependencies. > > As a practical example to make this clear, let’s take this CVE: > https://nvd.nist.gov/vuln/detail/

Re: [yocto] [meta-browser] firefox build failed

Hi, please see: https://github.com/OSSystems/meta-browser/pull/822 https://github.com/webdino/meta-browser/issues/2 firefox wasn't updated in https://github.com/OSSystems/meta-browser for many years as you can see in: https://github.com/OSSystems/meta-browser/commits/master/meta-firefox and it's

[yocto] [meta-browser] firefox build failed

Hi, Hi, all I tried to build firefox with meta-browser, but I met build error like the following. I wonder if there is any patch? 1:47.31 error: proc-macro derive panicked 1:47.31--> /usr/src/debug/firefox/68.9.0esr-r0/firefox-68.9.0/third_party/rust/cssparser/src/color.rs:227:31 1:47

Re: [yocto] CVEs and OSS info for nested dependencies

This topic comes up from time to time. There was already a patch proposed for this: https://lists.openembedded.org/g/openembedded-core/topic/101991269#msg189260 https://lists.openembedded.org/g/openembedded-core/topic/102076964#msg189501 Maybe it wouldn't be that difficult to finish it, but it's p

Re: [yocto] Diff / Delta file between two rootfs images.

Hello Leon, Thanks for the suggestion, Mender was the first program of this kind that I was recommended, admittedly I did not look for alternatives. I will checkout OSTree. Best regards, Patryk Seregiet -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Onlin

[yocto] CVEs and OSS info for nested dependencies

Hello, I think I have come across some limitations in CVE and OSS handling for internal dependencies. As a practical example to make this clear, let’s take this CVE: https://nvd.nist.gov/vuln/detail/CVE-2023-35945 which doesn’t show up in the cve-check report, and the nghttp2 dependency is not