2 files changed, 60 insertions, 2 deletions
diff --git a/meta-networking/recipes-support/chrony/chrony/arm_eabi.patch b/meta-networking/recipes-support/chrony/chrony/arm_eabi.patch
new file mode 100644
index 0000000000..d1586bba46
--- /dev/null
+++ b/meta-networking/recipes-support/chrony/chrony/arm_eabi.patch
@@ -0,0 +1,57 @@
+    chrony: fix build failure for arma9
+    
+    Eliminate references to syscalls not available
+    for ARM_EABI.  Also add a dependency on libseccomp
+    which is needed for scfilter to work.
+    
+    Set PACKAGECONFIG to not enable scfilter, since
+    kernel CONFIG_SECCOMP is unlikely to be set.  This
+    aligns the usage of libseccomp with that of other packages.
+    Upstream-Status: Pending
+    
+    Signed-off-by: Joe Slater <jslater@windriver.com>
+--- a/sys_linux.c
+++ b/sys_linux.c
+@@ -453,13 +453,12 @@ SYS_Linux_EnableSystemCallFilter(int lev
+   const int syscalls[] = {
+     /* Clock */
+     SCMP_SYS(adjtimex), SCMP_SYS(gettimeofday), SCMP_SYS(settimeofday),
+-    SCMP_SYS(time),
+     /* Process */
+-    SCMP_SYS(clone), SCMP_SYS(exit), SCMP_SYS(exit_group), SCMP_SYS(getrlimit),
+    SCMP_SYS(clone), SCMP_SYS(exit), SCMP_SYS(exit_group),
+     SCMP_SYS(rt_sigaction), SCMP_SYS(rt_sigreturn), SCMP_SYS(rt_sigprocmask),
+     SCMP_SYS(set_tid_address), SCMP_SYS(sigreturn), SCMP_SYS(wait4),
+     /* Memory */
+-    SCMP_SYS(brk), SCMP_SYS(madvise), SCMP_SYS(mmap), SCMP_SYS(mmap2),
+    SCMP_SYS(brk), SCMP_SYS(madvise), SCMP_SYS(mmap2),
+     SCMP_SYS(mprotect), SCMP_SYS(mremap), SCMP_SYS(munmap), SCMP_SYS(shmdt),
+     /* Filesystem */
+     SCMP_SYS(access), SCMP_SYS(chmod), SCMP_SYS(chown), SCMP_SYS(chown32),
+@@ -470,14 +469,21 @@ SYS_Linux_EnableSystemCallFilter(int lev
+     SCMP_SYS(bind), SCMP_SYS(connect), SCMP_SYS(getsockname),
+     SCMP_SYS(recvfrom), SCMP_SYS(recvmsg), SCMP_SYS(sendmmsg),
+     SCMP_SYS(sendmsg), SCMP_SYS(sendto),
+-    /* TODO: check socketcall arguments */
+-    SCMP_SYS(socketcall),
+     /* General I/O */
+     SCMP_SYS(_newselect), SCMP_SYS(close), SCMP_SYS(open), SCMP_SYS(pipe),
+-    SCMP_SYS(poll), SCMP_SYS(read), SCMP_SYS(futex), SCMP_SYS(select),
+    SCMP_SYS(poll), SCMP_SYS(read), SCMP_SYS(futex),
+     SCMP_SYS(set_robust_list), SCMP_SYS(write),
+     /* Miscellaneous */
+     SCMP_SYS(uname),
+    /* not always available */
+#if ! defined(__ARM_EABI__)
+    SCMP_SYS(time),
+    SCMP_SYS(getrlimit),
+    SCMP_SYS(select),
+    SCMP_SYS(mmap),
+    /* TODO: check socketcall arguments */
+    SCMP_SYS(socketcall),
+#endif
+   };
+ 
+   const int socket_domains[] = {
diff --git a/meta-networking/recipes-support/chrony/chrony_2.4.bb b/meta-networking/recipes-support/chrony/chrony_2.4.bb
index ad81701990..71431f4b7b 100644
--- a/meta-networking/recipes-support/chrony/chrony_2.4.bb
+++ b/meta-networking/recipes-support/chrony/chrony_2.4.bb
@@ -33,6 +33,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe"
 SRC_URI = "https://download.tuxfamily.org/chrony/chrony-${PV}.tar.gz \
    file://chrony.conf \
    file://chronyd \
+    file://arm_eabi.patch \
 "
 SRC_URI[md5sum] = "d0598aa8a9be8faccef9386f6fc0d5f2"
 SRC_URI[sha256sum] = "8d04e7cda2333289c2104b731d39c3c1db94816e43bae35d7ee4e7ae8af6391f"
@@ -58,14 +59,14 @@ inherit update-rc.d systemd
 #     chrony.conf and init script.
 #   - 'scfilter' enables support for system call filtering, but requires the
 #     kernel to have CONFIG_SECCOMP enabled.
-PACKAGECONFIG ??= "editline scfilter \
+PACKAGECONFIG ??= "editline \
    ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \
 "
 PACKAGECONFIG[readline] = "--without-editline,--without-readline,readline"
 PACKAGECONFIG[editline] = ",--without-editline,libedit"
 PACKAGECONFIG[sechash] = "--without-tomcrypt,--disable-sechash,nss"
 PACKAGECONFIG[privdrop] = ",--disable-privdrop,libcap"
-PACKAGECONFIG[scfilter] = "--enable-scfilter,--without-seccomp"
+PACKAGECONFIG[scfilter] = "--enable-scfilter,--without-seccomp,libseccomp"
 PACKAGECONFIG[ipv6] = ",--disable-ipv6,"
 PACKAGECONFIG[nss] = "--with-nss,--without-nss,nss"
 PACKAGECONFIG[libcap] = "--with-libcap,--without-libcap,libcap"

diff --git a/meta-networking/recipes-support/chrony/chrony/arm_eabi.patch b/meta-networking/recipes-support/chrony/chrony/arm_eabi.patch new file mode 100644 index 0000000000..d1586bba46 --- /dev/null +++ b/meta-networking/recipes-support/chrony/chrony/arm_eabi.patch
@@ -0,0 +1,57 @@
		1	chrony: fix build failure for arma9
		2
		3	Eliminate references to syscalls not available
		4	for ARM_EABI. Also add a dependency on libseccomp
		5	which is needed for scfilter to work.
		6
		7	Set PACKAGECONFIG to not enable scfilter, since
		8	kernel CONFIG_SECCOMP is unlikely to be set. This
		9	aligns the usage of libseccomp with that of other packages.
		10
		11	Upstream-Status: Pending
		12
		13	Signed-off-by: Joe Slater <jslater@windriver.com>
		14
		15	--- a/sys_linux.c
		16	+++ b/sys_linux.c
		17	@@ -453,13 +453,12 @@ SYS_Linux_EnableSystemCallFilter(int lev
		18	const int syscalls[] = {
		19	/* Clock */
		20	SCMP_SYS(adjtimex), SCMP_SYS(gettimeofday), SCMP_SYS(settimeofday),
		21	- SCMP_SYS(time),
		22	/* Process */
		23	- SCMP_SYS(clone), SCMP_SYS(exit), SCMP_SYS(exit_group), SCMP_SYS(getrlimit),
		24	+ SCMP_SYS(clone), SCMP_SYS(exit), SCMP_SYS(exit_group),
		25	SCMP_SYS(rt_sigaction), SCMP_SYS(rt_sigreturn), SCMP_SYS(rt_sigprocmask),
		26	SCMP_SYS(set_tid_address), SCMP_SYS(sigreturn), SCMP_SYS(wait4),
		27	/* Memory */
		28	- SCMP_SYS(brk), SCMP_SYS(madvise), SCMP_SYS(mmap), SCMP_SYS(mmap2),
		29	+ SCMP_SYS(brk), SCMP_SYS(madvise), SCMP_SYS(mmap2),
		30	SCMP_SYS(mprotect), SCMP_SYS(mremap), SCMP_SYS(munmap), SCMP_SYS(shmdt),
		31	/* Filesystem */
		32	SCMP_SYS(access), SCMP_SYS(chmod), SCMP_SYS(chown), SCMP_SYS(chown32),
		33	@@ -470,14 +469,21 @@ SYS_Linux_EnableSystemCallFilter(int lev
		34	SCMP_SYS(bind), SCMP_SYS(connect), SCMP_SYS(getsockname),
		35	SCMP_SYS(recvfrom), SCMP_SYS(recvmsg), SCMP_SYS(sendmmsg),
		36	SCMP_SYS(sendmsg), SCMP_SYS(sendto),
		37	- /* TODO: check socketcall arguments */
		38	- SCMP_SYS(socketcall),
		39	/* General I/O */
		40	SCMP_SYS(_newselect), SCMP_SYS(close), SCMP_SYS(open), SCMP_SYS(pipe),
		41	- SCMP_SYS(poll), SCMP_SYS(read), SCMP_SYS(futex), SCMP_SYS(select),
		42	+ SCMP_SYS(poll), SCMP_SYS(read), SCMP_SYS(futex),
		43	SCMP_SYS(set_robust_list), SCMP_SYS(write),
		44	/* Miscellaneous */
		45	SCMP_SYS(uname),
		46	+ /* not always available */
		47	+#if ! defined(__ARM_EABI__)
		48	+ SCMP_SYS(time),
		49	+ SCMP_SYS(getrlimit),
		50	+ SCMP_SYS(select),
		51	+ SCMP_SYS(mmap),
		52	+ /* TODO: check socketcall arguments */
		53	+ SCMP_SYS(socketcall),
		54	+#endif
		55	};
		56
		57	const int socket_domains[] = {


diff --git a/meta-networking/recipes-support/chrony/chrony_2.4.bb b/meta-networking/recipes-support/chrony/chrony_2.4.bb index ad81701990..71431f4b7b 100644 --- a/meta-networking/recipes-support/chrony/chrony_2.4.bb +++ b/meta-networking/recipes-support/chrony/chrony_2.4.bb
@@ -33,6 +33,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe"
33	SRC_URI = "https://download.tuxfamily.org/chrony/chrony-${PV}.tar.gz \	33	SRC_URI = "https://download.tuxfamily.org/chrony/chrony-${PV}.tar.gz \
34	file://chrony.conf \	34	file://chrony.conf \
35	file://chronyd \	35	file://chronyd \
		36	file://arm_eabi.patch \
36	"	37	"
37	SRC_URI[md5sum] = "d0598aa8a9be8faccef9386f6fc0d5f2"	38	SRC_URI[md5sum] = "d0598aa8a9be8faccef9386f6fc0d5f2"
38	SRC_URI[sha256sum] = "8d04e7cda2333289c2104b731d39c3c1db94816e43bae35d7ee4e7ae8af6391f"	39	SRC_URI[sha256sum] = "8d04e7cda2333289c2104b731d39c3c1db94816e43bae35d7ee4e7ae8af6391f"
@@ -58,14 +59,14 @@ inherit update-rc.d systemd
58	# chrony.conf and init script.	59	# chrony.conf and init script.
59	# - 'scfilter' enables support for system call filtering, but requires the	60	# - 'scfilter' enables support for system call filtering, but requires the
60	# kernel to have CONFIG_SECCOMP enabled.	61	# kernel to have CONFIG_SECCOMP enabled.
61	PACKAGECONFIG ??= "editline scfilter \	62	PACKAGECONFIG ??= "editline \
62	${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \	63	${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \
63	"	64	"
64	PACKAGECONFIG[readline] = "--without-editline,--without-readline,readline"	65	PACKAGECONFIG[readline] = "--without-editline,--without-readline,readline"
65	PACKAGECONFIG[editline] = ",--without-editline,libedit"	66	PACKAGECONFIG[editline] = ",--without-editline,libedit"
66	PACKAGECONFIG[sechash] = "--without-tomcrypt,--disable-sechash,nss"	67	PACKAGECONFIG[sechash] = "--without-tomcrypt,--disable-sechash,nss"
67	PACKAGECONFIG[privdrop] = ",--disable-privdrop,libcap"	68	PACKAGECONFIG[privdrop] = ",--disable-privdrop,libcap"
68	PACKAGECONFIG[scfilter] = "--enable-scfilter,--without-seccomp"	69	PACKAGECONFIG[scfilter] = "--enable-scfilter,--without-seccomp,libseccomp"
69	PACKAGECONFIG[ipv6] = ",--disable-ipv6,"	70	PACKAGECONFIG[ipv6] = ",--disable-ipv6,"
70	PACKAGECONFIG[nss] = "--with-nss,--without-nss,nss"	71	PACKAGECONFIG[nss] = "--with-nss,--without-nss,nss"
71	PACKAGECONFIG[libcap] = "--with-libcap,--without-libcap,libcap"	72	PACKAGECONFIG[libcap] = "--with-libcap,--without-libcap,libcap"