[yocto] [meta-openssl102-fips][PATCH 1/3] fix typo: openssl-fips -> openssl-fips-dev

The working fips package is openssl-fips-dev rather than openssl-fips. Signed-off-by: Hongxu Jia --- README.build | 2 +- templates/feature/openssl-fips/image.inc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.build b/README.build index

[yocto] [meta-openssl102-fips][PATCH 2/3] openssh_fips.inc: remove rng-tools from sshd RRECOMMENDS

While kernel enable fips, the rng-tools takes a high cpu performance which Operation not permitted ... Oct 12 06:08:23 qemux86-64 rngd[122]: RNDADDENTROPY failed: Operation not permitted ... Signed-off-by: Hongxu Jia --- recipes-connectivity/openssh/openssh_fips.inc | 2 ++ 1 file changed, 2 in

[yocto] [meta-openssl102-fips][PATCH 3/3] nss: conditionally enable fips

Add export NSS_FORCE_FIPS=1 to force enable fips, and add the same macro limitaition to fips enable test, currently we are not ready to support nss fips ... $ certutil -N -d sql:. --empty-password |certutil: function failed: SEC_ERROR_PKCS11_DEVICE_ERROR: A PKCS #11 module returned CKR_DEVICE_ERRO

[yocto] Pyro, imx-gpu-viv and libGL.so

Hi all. I'm working with and kivy and SDL2. My problem is that the recipe imx-gpu-viv installs libGL.so.1.2. in /usr/lib, while SDL2 is compiled against libGLESv2. So when I starts the SDL application from a strange behaviour the libGL is loaded, which needs libXdamage. But the bsp is with

Re: [yocto] [meta-openssl102-fips][PATCH 3/3] nss: conditionally enable fips

The original goal of this work was to enable a FIPS-140-2 OpenSSL module. Why is NSS part of this? Is something inside of the OpenSSL patches requesting NSS support, or is this a different -- but related request? --Mark On 10/12/19 3:17 AM, Hongxu Jia wrote: > Add export NSS_FORCE_FIPS=1 to for

[yocto] [layerindex-web] [PATCH 0/3] Some misc changes/fixes..

A few misc changes/fixes. The first two are well tested. However, I suspect the 3/3 may be incorrect and I've labeled it an RFC due to this. 1/3 - '.' wasn't allowed in branch names w/o an error. This turned out to be a fairly simple fix. 2/3 - For people who want to use 'poky' repository and

[yocto] [layerindex-web] [PATCH 1/3] layerindex/urls.py: Allow branches with a '.' in the name

Without this change the system will fail parsing various URL components Signed-off-by: Mark Hatle --- layerindex/urls.py | 12 ++-- 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/layerindex/urls.py b/layerindex/urls.py index 7f4e545..89e70a2 100644 --- a/layerindex/urls.py

[yocto] [layerindex-web] [PATCH 2/3] update.py: Allow bitbake to live in a subdirectory of a repository

Add a new BITBAKE_PATH to the settings file to specify the path within the BITBAKE_REPO_URL where bitbake lives. This is useful when using a combined repository, such as poky, that contains bitbake, openembedded-core and other layers. This change also changes the default path, in the fetch direct

[yocto] [layerindex-web] [PATCH 3/3] RFC: editlayer: Be more specific on the searches

Just because git.yoctoproject.org is in the URL, doesn't mean we can or should force the vcs_web_url to be a specific value. If it starts with git://git.yoctoproject.org then we can do this. git.openembedded.org already did this. This also changes github, gitlab and bitbucket references. Signed

Re: [yocto] [meta-openssl102-fips][PATCH 3/3] nss: conditionally enable fips

On 10/13/19 5:22 AM, Mark Hatle wrote: The original goal of this work was to enable a FIPS-140-2 OpenSSL module. Why is NSS part of this? Is something inside of the OpenSSL patches requesting NSS support, or is this a different -- but related request? No, there is no relation between openssl