On Wed, 25 Sep 2019 at 09:16, Damien LEFEVRE wrote:
> > On 24/09/2019 10:36, Damien LEFEVRE wrote:
> > > Hi,
> > >
> > > Migrating from poky:pyro to poky:warrior.
> > >
> > > It looks like the python3-dev package is generated from
> > > python3-manifest.json:
> > >
> > > ? ? "dev": {
> > > ? ?
Kiitos Jussi!
That solved it.
I had DEPENDS += "python3-dev" and RDEPENDS += "libpython3"
now
I have DEPENDS += "python3" and RDEPENDS += "libpython3"
I'll check if libpython3 is implicit when the image builds.
Cheers,
-Damien
On Wed, Sep 25, 2019 at 10:00 AM Jussi Kukkonen wrote:
>
>
> On
Refer https://pagure.io/fipscheck/c/489bc3ab3f73707e12b6c2644d80af5ff6fbbf70
(* fipscheck.spec.in: Add generation of the checksums in __spec_install_post.)
Signed-off-by: Hongxu Jia
---
recipes-support/fipscheck/fipscheck_1.5.0.bb | 22 ++
1 file changed, 22 insertions(+)
di
Refer Fedora/RedHat's way
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/6.5_technical_notes/dracut
To enable user space fips mode in the image recipe as part of an
'IMAGE_CLASSES'. Basically if FIPS-140-2 is enabled, then we can
touch the file as a post image genera
Changed in V1:
- Follow Mark H's suggestions
Hi Mark,
Once openssh enables FIPS mode, openssh ptest will fail (mess of failure).
It seems the test case of upstream openssh does not consider FIPS mode support.
I search fedora, there is nothing about openssh `regress'(test suits) in
FIPS mode suppo
Port it from fedora:
https://src.fedoraproject.org/rpms/fipscheck
(as of commit 7e44bec705fb2b3263734f30a05c2245738cf01a)
It is required by openssh fips.
Signed-off-by: Hongxu Jia
---
.../0001-compat-fip-with-openssl-1.0.2.patch | 34 ++
recipes-support/fipscheck/fipsc
Port openssh-7.7p1-fips.patch from Fedora
https://src.fedoraproject.org/rpms/openssh.git
(as of commit 0ca1614ae221578b6b57c61d18fda6cc970a19ce)
Signed-off-by: Hongxu Jia
---
.../openssh/openssh/0001-openssh-8.0p1-fips.patch | 529 +
recipes-connectivity/openssh/openssh_8.%.
A kernel compiled with CONFIG_CRYPTO_FIPS=y can be booted in fips mode
by specifying fips=1 as kernel parameter. [1][2]
/proc/sys/crypto/fips_enabled, that is presumably used by the Red Hat
modified version of OpenSSL.[3]
[1] https://www.linux.org/docs/man8/fipscheck.html
[2] https://cateee.net/l
While kernel enable fips mode, it start alg self-test, and there is
a kernel panic at ecdh-generic
...
[0.311313] alg: ecdh: test failed on vector 2, err=-14
[0.311898] Kernel panic - not syncing: alg: self-tests for ecdh-generic
(ecdh) failed in fips mode!
...
Continue without Jitter RNG
Refer
https://src.fedoraproject.org/rpms/openssh/c/13fa787ecc35d6c9eea9e64c1f42f49e2ee978ce
(See __spec_install_post in openssh.spec for detail)
Signed-off-by: Hongxu Jia
---
recipes-connectivity/openssh/openssh_fips.inc | 34 +++
1 file changed, 34 insertions(+)
diff -
Port it at the following commit in oe-core
http://cgit.openembedded.org/openembedded-core/commit/?id=2303d795ae96f1a60caf145a0ddf100e89c4b5b0
Signed-off-by: Hongxu Jia
---
.../openssh/openssh/sshd_check_keys| 78 ++
1 file changed, 78 insertions(+)
create mod
Run sshd_check_keys failed:
...
2019-09-22T09:59:10.878738+00:00 qemux86-64 sshd_check_keys[419]: generating
ssh ED25519 host key...
2019-09-22T09:59:10.897617+00:00 qemux86-64 sshd_check_keys[419]: ED25519 keys
are not allowed in FIPS mode
...
If fips mode enabled (existence of "/etc/system-f
Enable fips mode according to the existence of "/etc/system-fips"
Signed-off-by: Hongxu Jia
---
.../0001-conditional-enable-fips-mode.patch| 63 ++
recipes-connectivity/openssh/openssh_fips.inc | 1 +
2 files changed, 64 insertions(+)
create mode 100644
recipe
Refer the latest Fedora to add cavs test binary for the aes-ctr [1]
and SSH KDF CAVS test driver [2]
[1]
http://pkgs.fedoraproject.org/cgit/rpms/openssh.git/plain/openssh-6.6p1-ctr-cavstest.patch
[2]
http://pkgs.fedoraproject.org/cgit/rpms/openssh.git/plain/openssh-6.7p1-kdf-cavs.patch
(as of co
Refer RedHat/Fedora/SUSE/Oracle/IBM ways
1. Add `fips=1' to kernel option to enable FIPS mode in kernel
2. File /etc/system-fips to determine if a FIPS mode is enabled in user space,
currently openssh only
Refer:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/secur
Port it at the following commit in oe-core
http://cgit.openembedded.org/openembedded-core/commit/?id=16ced1a253c74c01ca414db2f1a010c083213b91
Signed-off-by: Hongxu Jia
---
recipes-support/rng-tools/rng-tools/default | 1 +
recipes-support/rng-tools/rng-tools_6.%.bbappend | 4
recipes-s
The FIPS test is something done on government or more secure organizations
for extra security check.
...
root@qemux86-64:~# systemctl status rngd
Unit rngd-tools.service could not be found.
root@qemux86-64:~# systemctl status rngd
rngd.service - Hardware RNG Entropy Gatherer Daemon
Loaded: loade
Signed-off-by: Hongxu Jia
---
README.enable_fips | 3 +++
1 file changed, 3 insertions(+)
diff --git a/README.enable_fips b/README.enable_fips
index 8016346..676698b 100644
--- a/README.enable_fips
+++ b/README.enable_fips
@@ -54,3 +54,6 @@ FIPS mode initialized
- ssh-keygen
# ssh-keygen -A
s
Signed-off-by: Hongxu Jia
---
README.openssh_cavstest | 28
1 file changed, 28 insertions(+)
create mode 100644 README.openssh_cavstest
diff --git a/README.openssh_cavstest b/README.openssh_cavstest
new file mode 100644
index 000..5d69ee5
--- /dev/null
+++ b/REA
Hi Thomas,
Le mar. 24 sept. 2019 à 14:36, Thomas Goodwin a
écrit :
> Hi Yann,
>
> Thanks for sharing! We're working through something similar using a tweak
> to the CROPS docker containers and GitLab-CI (we started with autobuilder
> 2, so we've actually merged quite a bit of that experience wit
On 9/25/19 2:23 AM, Hongxu Jia wrote:
> Changed in V1:
> - Follow Mark H's suggestions
>
> Hi Mark,
>
> Once openssh enables FIPS mode, openssh ptest will fail (mess of failure).
> It seems the test case of upstream openssh does not consider FIPS mode
> support.
> I search fedora, there is not
On 9/25/19 10:33 PM, Mark Hatle wrote:
On 9/25/19 2:23 AM, Hongxu Jia wrote:
Changed in V1:
- Follow Mark H's suggestions
Hi Mark,
Once openssh enables FIPS mode, openssh ptest will fail (mess of failure).
It seems the test case of upstream openssh does not consider FIPS mode support.
I searc
Refer Fedora/RedHat's way
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/6.5_technical_notes/dracut
To enable user space fips mode in the image recipe as part of an
'IMAGE_CLASSES'. Basically if FIPS-140-2 is enabled, then we can
touch the file as a post image genera
You are correct. I had found that earlier today.
Anyway, the code has been verified as functional, and has been pushed.
Thanks!
--Mark
On 9/25/19 9:35 PM, Hongxu Jia wrote:
> Refer Fedora/RedHat's way
> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/6.5_technical_
Minutes: Yocto Project Technical Team Meeting
When: Tuesday, September 24, 2019 8:00 AM-9:00 AM 1.
Attending: Richard, Armin, David, TrevorG, Joshua, Tim, Vineela, Stephen,
Denys, Bruce, Randy
* Stephen/Richard: General notes
- Project status sent
(http://lists.openembedded.org/pipermail/ope
Hello
On Tue, 2019-09-24 at 10:40 +0800, zhe...@windriver.com wrote:
> From: He Zhe
>
> openvswith used not to be able to work with dpdk v18. That's one of
> the reasons
> why we keep v17. Now that openvswitch in meta-virtulization has been
> upgraded to
> v2.11, officially claimed support of dp
Hello All,
This is the full QA report for 2.8 M3 RC1:
https://git.yoctoproject.org/cgit/cgit.cgi/yocto-testresults-contrib/tree/?h=intel-yocto-testresults
=== Summary
No high milestone defects.
Two new defects are found in this cycle, mpc8315e-rdb System randomly hang when
running
27 matches
Mail list logo
