| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
| |
for now skip apparmor ptest
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
skip ptest for now, on todo list for fix.
Runtime test pass
remove patch now included in update: 0001-regression-tests-Don-t-build-syscall_sysctl-if-missi.patch
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
minor spacing cleanup
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
Add checks that include dm-verity specific kernel config fragment
when dm-verity-img.bbclass is used.
Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Based on systemd-bootdisk-microcode.wks.in, this adds
the dm-verity image similar to the beaglebone wks
already in meta-security.
Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Detection of USB devices by the kernel is slow enough. We need to
keep trying for a while (default: 5s seconds, controlled by roottimeout=<seconds>)
and sleep between each attempt (default: one second, rootdelay=<seconds>).
Fix is based on https://git.yoctoproject.org/cgit.cgi/poky/commit/meta/recipes-core/initrdscripts/initramfs-framework/rootfs?id=ee6a6c3461694ce09789bf4d852cea2e22fc95e4
Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Fixes:
BusyBox v1.32.0 () multi-call binary.
Usage: dd [if=FILE] [of=FILE] [bs=N] [count=N] [skip=N]
Don't use Busybox dd, not compatable. Use coreutils
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
After running testimage there are some python left overs at
lib/oeqa/runtime/cases/__pycache__/
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
apparmor does not build with ptest enabled. skipping it for now
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
Add recipe for companion of IBM Software TPM 2.0 - IBM's TPM 2.0 TSS.
It's a user space TSS for TPM 2.0.
Signed-off-by: Jens Rehsack <sno@netbsd.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Charlie Davies <charles.davies@whitetree.xyz>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
gitlab-ci: add qemux86-64-dm-verify build image
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
allow root to login
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Update ibmswtpm2 from 1628 to 1637. Build 1637 Includes:
* Increase NV memory size to match PC Client RSA 3072 requirements
* Add and fix ACT support
* Update Visual Studio files to 2019.
Signed-off-by: Jens Rehsack <sno@netbsd.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since dm-verity-image.bbclass effectively injects
<DM_VERITY_IMAGE>:do_image_<DM_VERITY_IMAGE_TYPE>
dependency for do_image_wic task, we can change verity rootfs artifact
reference here from DEPLOY_DIR_IMAGE to IMGDEPLOYDIR in order to
mitigate following breakage which was observed when bitbaking
<DM_VERITY_IMAGE> target from scratch (using sstate-cache provided
artifacts):
| wic.filemap.Error: cannot open image file '.../build/tmp/deploy/images/beaglebone-yocto/core-image-minimal-beaglebone-yocto.ext4.verity': [Errno 2] No such file or directory: '.../build/tmp/deploy/images/beaglebone-yocto/core-image-minimal-beaglebone-yocto.ext4.verity'
| WARNING: exit code 1 from a shell command.
|
ERROR: Task (.../meta/recipes-core/images/core-image-minimal.bb:do_image_wic) failed with exit code '1'
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Since IMAGE_LINGUAS defaults to 'en-us en-gb' and since localization is
not needed on this type of purpose-specific initramfs image, reset the
variable which helps by shaving off almost 700kB from resulting bundled
zImage-initramfs artifact.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This removes following boot-time complaints from udevd regarding
missing group declarations:
[ 6.624454] udevd[163]: specified group 'tty' unknown
[ 6.625340] udevd[163]: specified group 'dialout' unknown
[ 6.625692] udevd[163]: specified group 'kmem' unknown
[ 6.626022] udevd[163]: specified group 'input' unknown
[ 6.626541] udevd[163]: specified group 'video' unknown
[ 6.626977] udevd[163]: specified group 'audio' unknown
[ 6.627532] udevd[163]: specified group 'lp' unknown
[ 6.628187] udevd[163]: specified group 'disk' unknown
[ 6.628558] udevd[163]: specified group 'cdrom' unknown
Size impact of this change on resulting bundled zImage-initramfs
artifact is less than +1kB which is neglible.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
- revise declaration ordering as suggested by oe-stylize.py
- sort PACKAGE_INSTALL entries in alphabetic order
- split long command line in deploy_verity_hash()
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Switch from this layer's initramfs-dm-verity recipe to poky-provided
initramfs-framework suite to manage veritysetup et al.
This commit also removes initramfs-dm-verity recipe which is not
referred from elsewhere in this meta layer.
Also update the install path of dm-verity.env from /usr/share to
/usr/share/misc in order to better comply with FHS3.0, see
https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch04s11.html#usrsharemiscMiscellaneousArchitecture
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add 'initramfs-module-dmverity' as an extension to poky upstream
provided initramfs-framework suite via matchingly named bbappend file.
Together with pre-existing 'initramfs-module-udev' this module can be
used to facilitate dm-verity rootfs mounting from initramfs context
that is bundled with Linux kernel.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Introduce new STAGING_VERITY_DIR variable specific to this bbclass which
defines the directory where the verity.env file is stored during
<DM_VERITY_IMAGE>:do_image_<DM_VERITY_IMAGE_TYPE> task and can
consequtively be picked up into associated initramfs rootfs (which
facilitates executing 'veritysetup' and related actions).
By doing this we mitigate failures that were thus far associated to this
facility, such as
install: cannot stat '.../build/tmp/deploy/images/qemux86-64/core-image-minimal-qemux86-64.ext4.verity.env': No such file or directory
and
install: cannot stat '.../build/tmp/deploy/images/beaglebone-yocto/core-image-minimal-beaglebone-yocto.ext4.verity.env': No such file or directory
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
Add checks that include dm-verity specific kernel config fragment
when dm-verity-img.bbclass is used.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Bind custom actions in this image recipe in do_image() rather than
do_rootfs(), which can help shaving even dozens of seconds from duration
of 'bitbake <DM_VERITY_IMAGE>' command re-execution.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to ensure that the bundled initramfs always contains the most
recently generated DM_VERITY_IMAGE specific root filesystems' root hash,
we disable the timestamp for do_rootfs() task here, meaning that the
task will be re-executed whenever some task that depends on it executes.
Without this change, executing e.g. the following sequence
$ bitbake <DM_VERITY_IMAGE>
$ bitbake -c clean <DM_VERITY_IMAGE>
$ bitbake <DM_VERITY_IMAGE>
results in an unbootable <DM_VERITY_IMAGE> rootfs, which fails like
Mounting /dev/vda over dm-verity as the root filesystem
[ 8.729974] device-mapper: verity: sha256 using implementation sha256-generic
[ 8.810784] device-mapper: verity: 253:0: metadata block 3017 is corrupted
[ 8.813018] device-mapper: verity: 253:0: metadata block 3017 is corrupted
[ 8.813912] Buffer I/O error on dev dm-0, logical block 2992, async page read
Verity device detected corruption after activation.
[ 8.889548] device-mapper: verity: 253:0: metadata block 3017 is corrupted
[ 8.891060] device-mapper: verity: 253:0: metadata block 3017 is corrupted
[ 8.891456] Buffer I/O error on dev dm-0, logical block 2992, async page read
...
[ 9.135707] EXT4-fs (dm-0): unable to read superblock
[ 9.142897] EXT4-fs (dm-0): unable to read superblock
[ 9.145393] EXT4-fs (dm-0): unable to read superblock
[ 9.147905] FAT-fs (dm-0): unable to read boot sector
mount: /new_root: can't read superblock on /dev/mapper/rootfs.
BusyBox v1.32.0 () multi-call binary.
Usage: switch_root [-c CONSOLE_DEV] NEW_ROOT NEW_INIT [ARGS]
[ 9.243274] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000100
[ 9.243701] CPU: 0 PID: 1 Comm: switch_root Not tainted 5.8.3-yocto-standard #1
[ 9.243853] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-48-gd9c812dda519-prebuilt.qemu.org 04/01/2014
...
[ 9.248548] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000100 ]---
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Relocate checking if DM_VERITY_IMAGE and DM_VERITY_IMAGE_TYPE are
defined as non-empty strings before DM_VERITY_IMAGE vs. PN
comparison is performed. By doing so we start seeing following kind
of bitbake parse-time console warnings in case either DM_VERITY_IMAGE
or DM_VERITY_IMAGE_TYPE is not set, when 'dm-verity-img' is defined
in IMAGE_CLASSES:
WARNING: .../meta/recipes-core/images/core-image-minimal.bb: dm-verity-img class inherited but not used
WARNING: .../meta-openembedded/meta-oe/recipes-core/images/meta-oe-ptest-image.bb: dm-verity-img class inherited but not used
whereas before this change this warning was printed only once, when
image pointed by <DM_VERITY_IMAGE> was parsed (and recipe with that
name could be found in BBFILES mask scipe), and DM_VERITY_IMAGE_TYPE
was not set.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Resort to printf in order to avoid usage of non-POSIX compliant echo
flags. This mitigates following errors visible in console during
boot-up with image that has been built on a host that symlinks
'/bin/sh' to 'dash':
/init: /usr/share/dm-verity.env: line 1: -NE_UUID: not found
/init: /usr/share/dm-verity.env: line 2: -ne: not found
/init: /usr/share/dm-verity.env: line 3: 642864e8-6a17-46b9-ba1e-9386a3909c8d: not found
/init: /usr/share/dm-verity.env: line 4: -NE_HASH_TYPE: not found
/init: /usr/share/dm-verity.env: line 5: -ne: not found
/init: /usr/share/dm-verity.env: line 6: 1: not found
/init: /usr/share/dm-verity.env: line 7: -NE_DATA_BLOCKS: not found
/init: /usr/share/dm-verity.env: line 8: -ne: not found
/init: /usr/share/dm-verity.env: line 9: 12064: not found
/init: /usr/share/dm-verity.env: line 10: -NE_DATA_BLOCK_SIZE: not found
/init: /usr/share/dm-verity.env: line 11: -ne: not found
/init: /usr/share/dm-verity.env: line 12: 1024: not found
/init: /usr/share/dm-verity.env: line 13: -NE_HASH_BLOCK_SIZE: not found
/init: /usr/share/dm-verity.env: line 14: -ne: not found
/init: /usr/share/dm-verity.env: line 15: 4096: not found
/init: /usr/share/dm-verity.env: line 16: -NE_HASH_ALGORITHM: not found
/init: /usr/share/dm-verity.env: line 17: -ne: not found
/init: /usr/share/dm-verity.env: line 18: sha256: not found
/init: /usr/share/dm-verity.env: line 19: -NE_SALT: not found
/init: /usr/share/dm-verity.env: line 20: -ne: not found
/init: /usr/share/dm-verity.env: line 21: 19d98185b42a897a37db6c56c7470ab2d455f0de46daa0df735eee6263816439: not found
/init: /usr/share/dm-verity.env: line 22: -NE_ROOT_HASH: not found
/init: /usr/share/dm-verity.env: line 23: -ne: not found
/init: /usr/share/dm-verity.env: line 24: 298d75fc2ea27fe594b6a37158a6ae7538e77d918bab98c475934f625de0e4ab: not found
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
Currently sssd's do_patch task fails. Update the patch to fix this problem.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The following error will occur when multilib is enabled:
ERROR: trousers-0.3.14+gitAUTOINC+e74dd1d967-r0 do_package: QA Issue: trousers: Files/directories were installed but not shipped in any package:
/lib
/lib/systemd
/lib/systemd/system
/lib/systemd/system/tcsd.service
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
