Date   

Re: CVE-check failing on world with meta-openembedded: diff.gz file

Marta Rybczynska
 



On Tue, Apr 26, 2022 at 6:09 PM Khem Raj <raj.khem@...> wrote:
Hi Marta

On 4/26/22 5:20 AM, Marta Rybczynska wrote:
>
>
> On Fri, Apr 22, 2022 at 11:07 AM Marta Rybczynska <rybczynska@...
> <mailto:rybczynska@...>> wrote:
>
>     Dear all,
>     We're running cve-check on a world build containing oe-core, meta-oe
>     and more. We have an issue with the lockdev recipe
>     (meta-openembedded/meta-oe/recipes-support/lockdev/lockdev_1.0.3.bb
>     <http://lockdev_1.0.3.bb>), which causes a fail like below:
>
>     $ bitbake world --runonly=do_cve_check
>     ERROR: lockdev-1_1.0.3-r0 do_cve_check: File Not found:
>     <path>lockdev/1_1.0.3-r0/lockdev_1.0.3-1.6.diff
>     ERROR: lockdev-1_1.0.3-r0 do_cve_check: Failure in searching patches
>     ERROR: Logfile of failure stored in:
>     <path>/lockdev/1_1.0.3-r0/temp/log.do_cve_check.8709
>     ERROR: Task
>     (<path>/meta-openembedded/meta-oe/recipes-support/lockdev/lockdev_1.0.3.bb:do_cve_check)
>     failed with exit code '1'
>
>     The issue is caused by the fact that lockdev_1.0.3-1.6.diff is
>     missing. When we look into the recipe, it is downloading
>     lockdev_1.0.3-1.6.diff.gz file Please note the additional extension.
>
>     Stripping the extension comes from oe-core/meta/oe/patch.py, from
>     the patch_path function, which is figuring out if a file is a patch,
>     and returning the local path if it is so. However, at the moment
>     when we do_cve_check, the .gz file is not uncompressed.
>
>     I'm wondering how to solve it.
>     1. Add a dependency to make sure eventual patch files are
>     decompressed first?


I think this option looks best or perhaps we should drop applying debian
diff entirely since debian seems to have dropped this package

I think regardless of what we do with this package it seems to be a
limitation of cve-check process which perhaps should either be fixed or
documented.

>     2. Do not consider this as a patch file in the scope of cve-check ?
>     (this is more a part of the source then an actual patch that might
>     be fixing a CVE)
>
>     This is the only case like that we have in the build. Please note
>     that removing ".diff" from the extension list in patch_path() is
>     solving the issue.
>
>     Any comments or suggestions?
>
>
Adding Ross, Richard and Steve.

I'm wondering if it makes sense to consider .diff.gz (or .patch.gz) files as patches for
cve-check. They basically come directly from 3rd parties and it is quite unlikely to expect
them to keep the CVE: tag. All the pieces of documentation I can find mention also only
.patch files for CVEs, and not .patch.gz.

This is tempting to remove the .gz handling here (for the cve-check) in my opinion.

Also, since the commit f5f97d33a1703d75b9fd9760f2c7767081538e00, cve-check
depends only on do_fetch.

Any further opinions?

Regards,
Marta


Re: [meta-oe][PATCH v2] nodejs: add option to use openssl legacy providers again

Martin Jansa
 

We have such bbclass already:
but I didn't want to enable legacy providers globally, so I was adding it only to recipes which needed it in over-optimistic hope that it will nudge component owners to update webpack (or whatever else needed legacy) before they get too comfortable with legacy being enabled by default.

:)

On Wed, Apr 27, 2022 at 8:11 AM Valek, Andrej <andrej.valek@...> wrote:
Maybe you can try to add it into global npm class with some enabling variable.

Cheers,
Andrej

On Tue, 2022-04-26 at 14:59 +0200, Martin Jansa wrote:
export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
export NODE_OPTIONS="--openssl-legacy-provider"

is what I'm doing in recipes which need it now.

> you should have a legacy libraries in library loading path already

here it tries to load it from openssl-native WORKDIR which is already removed, maybe that works on target (there I was assuming you were initially testing this), but in native case I need to explicitly set OPENSSL_MODULES.

On Tue, Apr 26, 2022 at 2:45 PM Valek, Andrej <andrej.valek@...> wrote:
Hi,

of course, that i working. But if you're going to use --openssl-legacy-provider, you should have a legacy libraries in library loading path already. Other option is manually set variables in npm-class like:

export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
export NODE_OPTIONS="--openssl-legacy-provider"

Regards,
Andrej

On Tue, 2022-04-26 at 14:37 +0200, Martin Jansa wrote:
Hi,

does this work correctly for you with nodejs-native?

Here it fails to load legacy module:
recipe-sysroot-native/usr/bin/node -p 'crypto.createHash("md4")' --openssl-legacy-provider
Unable to load legacy provider.
node:internal/crypto/hash:67
  this[kHandle] = new _Hash(algorithm, xofLen);
                  ^

Error: error:12800067:DSO support routines::could not load the shared library
    at new Hash (node:internal/crypto/hash:67:19)
    at Object.createHash (node:crypto:130:10)
    at [eval]:1:8
    at Script.runInThisContext (node:vm:129:12)
    at Object.runInThisContext (node:vm:305:38)
    at node:internal/process/execution:76:19
    at [eval]-wrapper:6:22
    at evalScript (node:internal/process/execution:75:60)
    at node:internal/main/eval_string:27:3 {
  opensslErrorStack: [
    'error:03000086:digital envelope routines::initialization error',
    'error:0308010C:digital envelope routines::unsupported',
    'error:078C0105:common libcrypto routines::init fail',
    'error:12800067:DSO support routines::could not load the shared library'
  ],
  library: 'DSO support routines',
  reason: 'could not load the shared library',
  code: 'ERR_OSSL_DSO_COULD_NOT_LOAD_THE_SHARED_LIBRARY'
}

with LD_DEBUG I've found that it is trying to load legacy.so from openssl-native WORKDIR (work/x86_64-linux/openssl-native/3.0.2-r0/recipe-sysroot-native/usr/lib/ossl-modules/legacy.so) which is already removed by rm_work and as work around I need to set OPENSSL_MODULES=$(pwd)/recipe-sysroot-native/usr/lib/ossl-modules/ and then it works:

OPENSSL_MODULES=$(pwd)/recipe-sysroot-native/usr/lib/ossl-modules/ recipe-sysroot-native/usr/bin/node -p 'crypto.createHash("md4")' --openssl-legacy-provider
Hash {
  _options: undefined,
  [Symbol(kHandle)]: Hash {},
  [Symbol(kState)]: { [Symbol(kFinalized)]: false }
}

On Sat, Mar 5, 2022 at 2:17 PM Andrej Valek <andrej.valek@...> wrote:
Current nodejs version v16 does not fully support new OpenSSL, so add option
to use legacy provider.

|   opensslErrorStack: [ 'error:03000086:digital envelope routines::initialization error' ],
|   library: 'digital envelope routines',
|   reason: 'unsupported',
|   code: 'ERR_OSSL_EVP_UNSUPPORTED'

It was blindly removed by upgrade to 16.14.0 version

Signed-off-by: Andrej Valek <andrej.valek@...>
---
 ...5-add-openssl-legacy-provider-option.patch | 151 ++++++++++++++++++
 .../recipes-devtools/nodejs/nodejs_16.14.0.bb |   1 +
 2 files changed, 152 insertions(+)
 create mode 100644 meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch

diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch b/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch
new file mode 100644
index 000000000..5af6c6114
--- /dev/null
+++ b/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch
@@ -0,0 +1,151 @@
+From 86d1c0cc6a5dcf57e413a1cc1c29203e87cf9a14 Mon Sep 17 00:00:00 2001
+From: Daniel Bevenius <daniel.bevenius@...>
+Date: Sat, 16 Oct 2021 08:50:16 +0200
+Subject: [PATCH] src: add --openssl-legacy-provider option
+
+This commit adds an option to Node.js named --openssl-legacy-provider
+and if specified will load OpenSSL 3.0 Legacy provider.
+
+$ ./node --help
+...
+--openssl-legacy-provider  enable OpenSSL 3.0 legacy provider
+
+Example usage:
+
+$ ./node --openssl-legacy-provider  -p 'crypto.createHash("md4")'
+Hash {
+  _options: undefined,
+  [Symbol(kHandle)]: Hash {},
+  [Symbol(kState)]: { [Symbol(kFinalized)]: false }
+}
+
+Co-authored-by: Richard Lau <rlau@...>
+
+Refs: https://github.com/nodejs/node/issues/40455
+---
+ doc/api/cli.md                                         | 10 ++++++++++
+ src/crypto/crypto_util.cc                              | 10 ++++++++++
+ src/node_options.cc                                    | 10 ++++++++++
+ src/node_options.h                                     |  7 +++++++
+ .../test-process-env-allowed-flags-are-documented.js   |  5 +++++
+ 5 files changed, 42 insertions(+)
+
+diff --git a/doc/api/cli.md b/doc/api/cli.md
+index 74057706bf8d..608b9cdeddf1 100644
+--- a/doc/api/cli.md
++++ b/doc/api/cli.md
+@@ -687,6 +687,14 @@ Load an OpenSSL configuration file on startup. Among other uses, this can be
+ used to enable FIPS-compliant crypto if Node.js is built
+ against FIPS-enabled OpenSSL.
+
++### `--openssl-legacy-provider`
++<!-- YAML
++added: REPLACEME
++-->
++
++Enable OpenSSL 3.0 legacy provider. For more information please see
++[providers readme][].
++
+ ### `--pending-deprecation`
+
+ <!-- YAML
+@@ -1544,6 +1552,7 @@ Node.js options that are allowed are:
+ * `--no-warnings`
+ * `--node-memory-debug`
+ * `--openssl-config`
++* `--openssl-legacy-provider`
+ * `--pending-deprecation`
+ * `--policy-integrity`
+ * `--preserve-symlinks-main`
+@@ -1933,6 +1942,7 @@ $ node --max-old-space-size=1536 index.js
+ [emit_warning]: process.md#processemitwarningwarning-options
+ [jitless]: https://v8.dev/blog/jitless
+ [libuv threadpool documentation]: https://docs.libuv.org/en/latest/threadpool.html
++[providers readme]: https://github.com/openssl/openssl/blob/openssl-3.0.0/README-PROVIDERS.md
+ [remote code execution]: https://www.owasp.org/index.php/Code_Injection
+ [security warning]: #warning-binding-inspector-to-a-public-ipport-combination-is-insecure
+ [timezone IDs]: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
+diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc
+index 7e0c8ba3eb60..796ea3025e41 100644
+--- a/src/crypto/crypto_util.cc
++++ b/src/crypto/crypto_util.cc
+@@ -148,6 +148,16 @@ void InitCryptoOnce() {
+   }
+ #endif
+
++#if OPENSSL_VERSION_MAJOR >= 3
++  // --openssl-legacy-provider
++  if (per_process::cli_options->openssl_legacy_provider) {
++    OSSL_PROVIDER* legacy_provider = OSSL_PROVIDER_load(nullptr, "legacy");
++    if (legacy_provider == nullptr) {
++      fprintf(stderr, "Unable to load legacy provider.\n");
++    }
++  }
++#endif
++
+   OPENSSL_init_ssl(0, settings);
+   OPENSSL_INIT_free(settings);
+   settings = nullptr;
+diff --git a/src/node_options.cc b/src/node_options.cc
+index 00bdc6688a4c..3363860919a9 100644
+--- a/src/node_options.cc
++++ b/src/node_options.cc
+@@ -4,6 +4,9 @@
+ #include "env-inl.h"
+ #include "node_binding.h"
+ #include "node_internals.h"
++#if HAVE_OPENSSL
++#include "openssl/opensslv.h"
++#endif
+
+ #include <errno.h>
+ #include <sstream>
+diff --git a/src/node_options.h b/src/node_options.h
+index fd772478d04d..1c0e018ab16f 100644
+--- a/src/node_options.h
++++ b/src/node_options.h
+@@ -11,6 +11,10 @@
+ #include "node_mutex.h"
+ #include "util.h"
+
++#if HAVE_OPENSSL
++#include "openssl/opensslv.h"
++#endif
++
+ namespace node {
+
+ class HostPort {
+@@ -251,6 +255,9 @@ class PerProcessOptions : public Options {
+   bool enable_fips_crypto = false;
+   bool force_fips_crypto = false;
+ #endif
++#if OPENSSL_VERSION_MAJOR >= 3
++  bool openssl_legacy_provider = false;
++#endif
+
+   // Per-process because reports can be triggered outside a known V8 context.
+   bool report_on_fatalerror = false;
+diff --git a/test/parallel/test-process-env-allowed-flags-are-documented.js b/test/parallel/test-process-env-allowed-flags-are-documented.js
+index 64626b71f019..8a4e35997907 100644
+--- a/test/parallel/test-process-env-allowed-flags-are-documented.js
++++ b/test/parallel/test-process-env-allowed-flags-are-documented.js
+@@ -43,6 +43,10 @@ for (const line of [...nodeOptionsLines, ...v8OptionsLines]) {
+   }
+ }
+
++if (!common.hasOpenSSL3) {
++  documented.delete('--openssl-legacy-provider');
++}
++
+ // Filter out options that are conditionally present.
+ const conditionalOpts = [
+   {
+@@ -50,6 +54,7 @@ const conditionalOpts = [
+     filter: (opt) => {
+       return [
+         '--openssl-config',
++        common.hasOpenSSL3 ? '--openssl-legacy-provider' : '',
+         '--tls-cipher-list',
+         '--use-bundled-ca',
+         '--use-openssl-ca',
+
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs_16.14.0.bb b/meta-oe/recipes-devtools/nodejs/nodejs_16.14.0.bb
index 9514ec499..7b9644ec8 100644
--- a/meta-oe/recipes-devtools/nodejs/nodejs_16.14.0.bb
+++ b/meta-oe/recipes-devtools/nodejs/nodejs_16.14.0.bb
@@ -20,6 +20,7 @@ SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \
            file://0001-Disable-running-gyp-files-for-bundled-deps.patch \
            file://0002-Install-both-binaries-and-use-libdir.patch \
            file://0004-v8-don-t-override-ARM-CFLAGS.patch \
+           file://0005-add-openssl-legacy-provider-option.patch \
            file://big-endian.patch \
            file://mips-less-memory.patch \
            file://system-c-ares.patch \



Re: [meta-oe][PATCH v2] nodejs: add option to use openssl legacy providers again

Andrej Valek
 

Maybe you can try to add it into global npm class with some enabling variable.

Cheers,
Andrej

On Tue, 2022-04-26 at 14:59 +0200, Martin Jansa wrote:

export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
export NODE_OPTIONS="--openssl-legacy-provider"

is what I'm doing in recipes which need it now.

> you should have a legacy libraries in library loading path already

here it tries to load it from openssl-native WORKDIR which is already removed, maybe that works on target (there I was assuming you were initially testing this), but in native case I need to explicitly set OPENSSL_MODULES.

On Tue, Apr 26, 2022 at 2:45 PM Valek, Andrej <andrej.valek@...> wrote:
Hi,

of course, that i working. But if you're going to use --openssl-legacy-provider, you should have a legacy libraries in library loading path already. Other option is manually set variables in npm-class like:

export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
export NODE_OPTIONS="--openssl-legacy-provider"

Regards,
Andrej

On Tue, 2022-04-26 at 14:37 +0200, Martin Jansa wrote:
Hi,

does this work correctly for you with nodejs-native?

Here it fails to load legacy module:
recipe-sysroot-native/usr/bin/node -p 'crypto.createHash("md4")' --openssl-legacy-provider
Unable to load legacy provider.
node:internal/crypto/hash:67
  this[kHandle] = new _Hash(algorithm, xofLen);
                  ^

Error: error:12800067:DSO support routines::could not load the shared library
    at new Hash (node:internal/crypto/hash:67:19)
    at Object.createHash (node:crypto:130:10)
    at [eval]:1:8
    at Script.runInThisContext (node:vm:129:12)
    at Object.runInThisContext (node:vm:305:38)
    at node:internal/process/execution:76:19
    at [eval]-wrapper:6:22
    at evalScript (node:internal/process/execution:75:60)
    at node:internal/main/eval_string:27:3 {
  opensslErrorStack: [
    'error:03000086:digital envelope routines::initialization error',
    'error:0308010C:digital envelope routines::unsupported',
    'error:078C0105:common libcrypto routines::init fail',
    'error:12800067:DSO support routines::could not load the shared library'
  ],
  library: 'DSO support routines',
  reason: 'could not load the shared library',
  code: 'ERR_OSSL_DSO_COULD_NOT_LOAD_THE_SHARED_LIBRARY'
}

with LD_DEBUG I've found that it is trying to load legacy.so from openssl-native WORKDIR (work/x86_64-linux/openssl-native/3.0.2-r0/recipe-sysroot-native/usr/lib/ossl-modules/legacy.so) which is already removed by rm_work and as work around I need to set OPENSSL_MODULES=$(pwd)/recipe-sysroot-native/usr/lib/ossl-modules/ and then it works:

OPENSSL_MODULES=$(pwd)/recipe-sysroot-native/usr/lib/ossl-modules/ recipe-sysroot-native/usr/bin/node -p 'crypto.createHash("md4")' --openssl-legacy-provider
Hash {
  _options: undefined,
  [Symbol(kHandle)]: Hash {},
  [Symbol(kState)]: { [Symbol(kFinalized)]: false }
}

On Sat, Mar 5, 2022 at 2:17 PM Andrej Valek <andrej.valek@...> wrote:
Current nodejs version v16 does not fully support new OpenSSL, so add option
to use legacy provider.

|   opensslErrorStack: [ 'error:03000086:digital envelope routines::initialization error' ],
|   library: 'digital envelope routines',
|   reason: 'unsupported',
|   code: 'ERR_OSSL_EVP_UNSUPPORTED'

It was blindly removed by upgrade to 16.14.0 version

Signed-off-by: Andrej Valek <andrej.valek@...>
---
 ...5-add-openssl-legacy-provider-option.patch | 151 ++++++++++++++++++
 .../recipes-devtools/nodejs/nodejs_16.14.0.bb |   1 +
 2 files changed, 152 insertions(+)
 create mode 100644 meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch

diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch b/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch
new file mode 100644
index 000000000..5af6c6114
--- /dev/null
+++ b/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch
@@ -0,0 +1,151 @@
+From 86d1c0cc6a5dcf57e413a1cc1c29203e87cf9a14 Mon Sep 17 00:00:00 2001
+From: Daniel Bevenius <daniel.bevenius@...>
+Date: Sat, 16 Oct 2021 08:50:16 +0200
+Subject: [PATCH] src: add --openssl-legacy-provider option
+
+This commit adds an option to Node.js named --openssl-legacy-provider
+and if specified will load OpenSSL 3.0 Legacy provider.
+
+$ ./node --help
+...
+--openssl-legacy-provider  enable OpenSSL 3.0 legacy provider
+
+Example usage:
+
+$ ./node --openssl-legacy-provider  -p 'crypto.createHash("md4")'
+Hash {
+  _options: undefined,
+  [Symbol(kHandle)]: Hash {},
+  [Symbol(kState)]: { [Symbol(kFinalized)]: false }
+}
+
+Co-authored-by: Richard Lau <rlau@...>
+
+Refs: https://github.com/nodejs/node/issues/40455
+---
+ doc/api/cli.md                                         | 10 ++++++++++
+ src/crypto/crypto_util.cc                              | 10 ++++++++++
+ src/node_options.cc                                    | 10 ++++++++++
+ src/node_options.h                                     |  7 +++++++
+ .../test-process-env-allowed-flags-are-documented.js   |  5 +++++
+ 5 files changed, 42 insertions(+)
+
+diff --git a/doc/api/cli.md b/doc/api/cli.md
+index 74057706bf8d..608b9cdeddf1 100644
+--- a/doc/api/cli.md
++++ b/doc/api/cli.md
+@@ -687,6 +687,14 @@ Load an OpenSSL configuration file on startup. Among other uses, this can be
+ used to enable FIPS-compliant crypto if Node.js is built
+ against FIPS-enabled OpenSSL.
+
++### `--openssl-legacy-provider`
++<!-- YAML
++added: REPLACEME
++-->
++
++Enable OpenSSL 3.0 legacy provider. For more information please see
++[providers readme][].
++
+ ### `--pending-deprecation`
+
+ <!-- YAML
+@@ -1544,6 +1552,7 @@ Node.js options that are allowed are:
+ * `--no-warnings`
+ * `--node-memory-debug`
+ * `--openssl-config`
++* `--openssl-legacy-provider`
+ * `--pending-deprecation`
+ * `--policy-integrity`
+ * `--preserve-symlinks-main`
+@@ -1933,6 +1942,7 @@ $ node --max-old-space-size=1536 index.js
+ [emit_warning]: process.md#processemitwarningwarning-options
+ [jitless]: https://v8.dev/blog/jitless
+ [libuv threadpool documentation]: https://docs.libuv.org/en/latest/threadpool.html
++[providers readme]: https://github.com/openssl/openssl/blob/openssl-3.0.0/README-PROVIDERS.md
+ [remote code execution]: https://www.owasp.org/index.php/Code_Injection
+ [security warning]: #warning-binding-inspector-to-a-public-ipport-combination-is-insecure
+ [timezone IDs]: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
+diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc
+index 7e0c8ba3eb60..796ea3025e41 100644
+--- a/src/crypto/crypto_util.cc
++++ b/src/crypto/crypto_util.cc
+@@ -148,6 +148,16 @@ void InitCryptoOnce() {
+   }
+ #endif
+
++#if OPENSSL_VERSION_MAJOR >= 3
++  // --openssl-legacy-provider
++  if (per_process::cli_options->openssl_legacy_provider) {
++    OSSL_PROVIDER* legacy_provider = OSSL_PROVIDER_load(nullptr, "legacy");
++    if (legacy_provider == nullptr) {
++      fprintf(stderr, "Unable to load legacy provider.\n");
++    }
++  }
++#endif
++
+   OPENSSL_init_ssl(0, settings);
+   OPENSSL_INIT_free(settings);
+   settings = nullptr;
+diff --git a/src/node_options.cc b/src/node_options.cc
+index 00bdc6688a4c..3363860919a9 100644
+--- a/src/node_options.cc
++++ b/src/node_options.cc
+@@ -4,6 +4,9 @@
+ #include "env-inl.h"
+ #include "node_binding.h"
+ #include "node_internals.h"
++#if HAVE_OPENSSL
++#include "openssl/opensslv.h"
++#endif
+
+ #include <errno.h>
+ #include <sstream>
+diff --git a/src/node_options.h b/src/node_options.h
+index fd772478d04d..1c0e018ab16f 100644
+--- a/src/node_options.h
++++ b/src/node_options.h
+@@ -11,6 +11,10 @@
+ #include "node_mutex.h"
+ #include "util.h"
+
++#if HAVE_OPENSSL
++#include "openssl/opensslv.h"
++#endif
++
+ namespace node {
+
+ class HostPort {
+@@ -251,6 +255,9 @@ class PerProcessOptions : public Options {
+   bool enable_fips_crypto = false;
+   bool force_fips_crypto = false;
+ #endif
++#if OPENSSL_VERSION_MAJOR >= 3
++  bool openssl_legacy_provider = false;
++#endif
+
+   // Per-process because reports can be triggered outside a known V8 context.
+   bool report_on_fatalerror = false;
+diff --git a/test/parallel/test-process-env-allowed-flags-are-documented.js b/test/parallel/test-process-env-allowed-flags-are-documented.js
+index 64626b71f019..8a4e35997907 100644
+--- a/test/parallel/test-process-env-allowed-flags-are-documented.js
++++ b/test/parallel/test-process-env-allowed-flags-are-documented.js
+@@ -43,6 +43,10 @@ for (const line of [...nodeOptionsLines, ...v8OptionsLines]) {
+   }
+ }
+
++if (!common.hasOpenSSL3) {
++  documented.delete('--openssl-legacy-provider');
++}
++
+ // Filter out options that are conditionally present.
+ const conditionalOpts = [
+   {
+@@ -50,6 +54,7 @@ const conditionalOpts = [
+     filter: (opt) => {
+       return [
+         '--openssl-config',
++        common.hasOpenSSL3 ? '--openssl-legacy-provider' : '',
+         '--tls-cipher-list',
+         '--use-bundled-ca',
+         '--use-openssl-ca',
+
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs_16.14.0.bb b/meta-oe/recipes-devtools/nodejs/nodejs_16.14.0.bb
index 9514ec499..7b9644ec8 100644
--- a/meta-oe/recipes-devtools/nodejs/nodejs_16.14.0.bb
+++ b/meta-oe/recipes-devtools/nodejs/nodejs_16.14.0.bb
@@ -20,6 +20,7 @@ SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \
            file://0001-Disable-running-gyp-files-for-bundled-deps.patch \
            file://0002-Install-both-binaries-and-use-libdir.patch \
            file://0004-v8-don-t-override-ARM-CFLAGS.patch \
+           file://0005-add-openssl-legacy-provider-option.patch \
            file://big-endian.patch \
            file://mips-less-memory.patch \
            file://system-c-ares.patch \



[meta-oe][PATCH] lockdev: Drop cumulative debian patch

Khem Raj
 

This patch is essentially defines MAXPATHLEN which no longer is problem
with latest glibc or musl

define MAJOR/MINOR for non-glibc case

Signed-off-by: Khem Raj <raj.khem@...>
Cc: Marta Rybczynska <marta.rybczynska@...>
---
...efine-MAJOR-MINOR-for-non-glibc-case.patch | 28 +++++++++++++++++++
.../recipes-support/lockdev/lockdev_1.0.3.bb | 12 ++++----
2 files changed, 33 insertions(+), 7 deletions(-)
create mode 100644 meta-oe/recipes-support/lockdev/lockdev/0001-lockdev-Define-MAJOR-MINOR-for-non-glibc-case.patch

diff --git a/meta-oe/recipes-support/lockdev/lockdev/0001-lockdev-Define-MAJOR-MINOR-for-non-glibc-case.patch b/meta-oe/recipes-support/lockdev/lockdev/0001-lockdev-Define-MAJOR-MINOR-for-non-glibc-case.patch
new file mode 100644
index 0000000000..abcf1bc20f
--- /dev/null
+++ b/meta-oe/recipes-support/lockdev/lockdev/0001-lockdev-Define-MAJOR-MINOR-for-non-glibc-case.patch
@@ -0,0 +1,28 @@
+From 11c78232aa589d5ed43eea3683e6e3de0362ffdc Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@...>
+Date: Tue, 26 Apr 2022 10:00:32 -0700
+Subject: [PATCH] lockdev: Define MAJOR/MINOR for non-glibc case
+
+gnu_dev_major and gnu_dev_minor are glibc extensions but we do have
+major/minor macros on musl too, so use them to define MINOR/MAJOR here
+
+Upstream-Status: Inappropriate [No active upstream]
+
+Signed-off-by: Khem Raj <raj.khem@...>
+---
+ src/lockdev.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/src/lockdev.c
++++ b/src/lockdev.c
+@@ -125,8 +125,8 @@
+ #include <sys/file.h>
+ #if defined (__GNU_LIBRARY__)
+ # include <sys/sysmacros.h>
+-# define MAJOR(dev) gnu_dev_major (dev)
+-# define MINOR(dev) gnu_dev_minor (dev)
++# define MAJOR(dev) major (dev)
++# define MINOR(dev) minor (dev)
+ #else
+ # error "put here a define for MAJOR and MINOR"
+ #endif
diff --git a/meta-oe/recipes-support/lockdev/lockdev_1.0.3.bb b/meta-oe/recipes-support/lockdev/lockdev_1.0.3.bb
index d84041ce63..a52ca25da4 100644
--- a/meta-oe/recipes-support/lockdev/lockdev_1.0.3.bb
+++ b/meta-oe/recipes-support/lockdev/lockdev_1.0.3.bb
@@ -5,22 +5,20 @@ LIC_FILES_CHKSUM="file://LICENSE;md5=d8045f3b8f929c1cb29a1e3fd737b499"

PE = "1"
SRC_URI = "http://snapshot.debian.org/archive/debian/20141023T043132Z/pool/main/l/lockdev/lockdev_${PV}.orig.tar.gz \
- http://snapshot.debian.org/archive/debian/20141023T043132Z/pool/main/l/lockdev/lockdev_${PV}-1.6.diff.gz;name=debianpatch \
file://cross_compile.patch \
file://build.patch \
+ file://0001-lockdev-Define-MAJOR-MINOR-for-non-glibc-case.patch \
"
-SRC_URI[md5sum] = "64b9c1b87b125fc348e892e24625524a"
SRC_URI[sha256sum] = "ccae635d7ac3fdd50897eceb250872b3d9a191d298f213e7f0c836910d869f82"
-SRC_URI[debianpatch.md5sum] = "5ef6267c42fca9145e0af006ccb6aff7"
-SRC_URI[debianpatch.sha256sum] = "a5405c6ee5e97e45eeb1c81330a7e9f444a58bda5e6771fa30007516c115007e"

inherit lib_package perlnative

-CFLAGS += " -D__GNU_LIBRARY__"
-
TARGET_CC_ARCH += "${LDFLAGS}"

-EXTRA_OEMAKE = "basedir=${D}${prefix} baselib=${baselib} LD='${CC}' LD='${CC}'"
+CFLAGS:append:libc-musl = " -D__GNU_LIBRARY__"
+
+EXTRA_OEMAKE = "basedir=${D}${prefix} baselib=${baselib} LD='${CC}'"
+
do_compile() {
oe_runmake shared static
}
--
2.36.0


Re: CVE-check failing on world with meta-openembedded: diff.gz file

Khem Raj
 

Hi Marta

On 4/26/22 5:20 AM, Marta Rybczynska wrote:
On Fri, Apr 22, 2022 at 11:07 AM Marta Rybczynska <rybczynska@... <mailto:rybczynska@...>> wrote:
Dear all,
We're running cve-check on a world build containing oe-core, meta-oe
and more. We have an issue with the lockdev recipe
(meta-openembedded/meta-oe/recipes-support/lockdev/lockdev_1.0.3.bb
<http://lockdev_1.0.3.bb>), which causes a fail like below:
$ bitbake world --runonly=do_cve_check
ERROR: lockdev-1_1.0.3-r0 do_cve_check: File Not found:
<path>lockdev/1_1.0.3-r0/lockdev_1.0.3-1.6.diff
ERROR: lockdev-1_1.0.3-r0 do_cve_check: Failure in searching patches
ERROR: Logfile of failure stored in:
<path>/lockdev/1_1.0.3-r0/temp/log.do_cve_check.8709
ERROR: Task
(<path>/meta-openembedded/meta-oe/recipes-support/lockdev/lockdev_1.0.3.bb:do_cve_check)
failed with exit code '1'
The issue is caused by the fact that lockdev_1.0.3-1.6.diff is
missing. When we look into the recipe, it is downloading
lockdev_1.0.3-1.6.diff.gz file Please note the additional extension.
Stripping the extension comes from oe-core/meta/oe/patch.py, from
the patch_path function, which is figuring out if a file is a patch,
and returning the local path if it is so. However, at the moment
when we do_cve_check, the .gz file is not uncompressed.
I'm wondering how to solve it.
1. Add a dependency to make sure eventual patch files are
decompressed first?

I think this option looks best or perhaps we should drop applying debian diff entirely since debian seems to have dropped this package

I think regardless of what we do with this package it seems to be a limitation of cve-check process which perhaps should either be fixed or documented.

2. Do not consider this as a patch file in the scope of cve-check ?
(this is more a part of the source then an actual patch that might
be fixing a CVE)
This is the only case like that we have in the build. Please note
that removing ".diff" from the extension list in patch_path() is
solving the issue.
Any comments or suggestions?
Khem,
Any feedback about this? From the history it looks like it was you who changed the recipe to use the .diff.gz file.
Thanks in advance,
Marta


Re: [meta-oe][PATCH 1/2] atkmm: Allow build with wayland

Andreas Müller
 

On Tue, Apr 26, 2022 at 5:12 PM Khem Raj <raj.khem@...> wrote:

Thanks. Just a minor nit: Could you change commit message to 'atkmm:
Allow build with wayland only' because it builds fine with wayland &
x11

Andreas

Signed-off-by: Khem Raj <raj.khem@...>
Cc: Andreas Müller <schnitzeltony@...>
---
meta-oe/recipes-gnome/atk/atkmm-2.36_2.36.1.bb | 2 +-
meta-oe/recipes-gnome/atk/atkmm_2.28.2.bb | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta-oe/recipes-gnome/atk/atkmm-2.36_2.36.1.bb b/meta-oe/recipes-gnome/atk/atkmm-2.36_2.36.1.bb
index 9a5b1a1b83..0342b8a9f8 100644
--- a/meta-oe/recipes-gnome/atk/atkmm-2.36_2.36.1.bb
+++ b/meta-oe/recipes-gnome/atk/atkmm-2.36_2.36.1.bb
@@ -12,7 +12,7 @@ GNOMEBN = "atkmm"

inherit gnomebase features_check

-REQUIRED_DISTRO_FEATURES = "x11"
+ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}"

SRC_URI[archive.sha256sum] = "e11324bfed1b6e330a02db25cecc145dca03fb0dff47f0710c85e317687da458"

diff --git a/meta-oe/recipes-gnome/atk/atkmm_2.28.2.bb b/meta-oe/recipes-gnome/atk/atkmm_2.28.2.bb
index 1f9c28e530..f6cb0a1e15 100644
--- a/meta-oe/recipes-gnome/atk/atkmm_2.28.2.bb
+++ b/meta-oe/recipes-gnome/atk/atkmm_2.28.2.bb
@@ -11,7 +11,7 @@ GNOMEBASEBUILDCLASS = "meson"

inherit gnomebase features_check

-REQUIRED_DISTRO_FEATURES = "x11"
+ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}"

SRC_URI[archive.sha256sum] = "a0bb49765ceccc293ab2c6735ba100431807d384ffa14c2ebd30e07993fd2fa4"

--
2.36.0


[meta-oe][PATCH 2/2] pangomm: Allow building with wayland

Khem Raj
 

Signed-off-by: Khem Raj <raj.khem@...>
Cc: Andreas Müller <schnitzeltony@...>
---
meta-oe/recipes-graphics/pango/pangomm_2.46.2.bb | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/meta-oe/recipes-graphics/pango/pangomm_2.46.2.bb b/meta-oe/recipes-graphics/pango/pangomm_2.46.2.bb
index 9959bdf0f0..42074c14a1 100644
--- a/meta-oe/recipes-graphics/pango/pangomm_2.46.2.bb
+++ b/meta-oe/recipes-graphics/pango/pangomm_2.46.2.bb
@@ -10,8 +10,9 @@ GNOMEBASEBUILDCLASS = "meson"

inherit gnomebase features_check

+ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}"
+
SRC_URI[archive.sha256sum] = "57442ab4dc043877bfe3839915731ab2d693fc6634a71614422fb530c9eaa6f4"
-REQUIRED_DISTRO_FEATURES = "x11"

FILES:${PN} = "${libdir}/lib*.so.*"
FILES:${PN}-dev += "${libdir}/*/include/ ${libdir}/pangomm-*/"
--
2.36.0


[meta-oe][PATCH 1/2] atkmm: Allow build with wayland

Khem Raj
 

Signed-off-by: Khem Raj <raj.khem@...>
Cc: Andreas Müller <schnitzeltony@...>
---
meta-oe/recipes-gnome/atk/atkmm-2.36_2.36.1.bb | 2 +-
meta-oe/recipes-gnome/atk/atkmm_2.28.2.bb | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta-oe/recipes-gnome/atk/atkmm-2.36_2.36.1.bb b/meta-oe/recipes-gnome/atk/atkmm-2.36_2.36.1.bb
index 9a5b1a1b83..0342b8a9f8 100644
--- a/meta-oe/recipes-gnome/atk/atkmm-2.36_2.36.1.bb
+++ b/meta-oe/recipes-gnome/atk/atkmm-2.36_2.36.1.bb
@@ -12,7 +12,7 @@ GNOMEBN = "atkmm"

inherit gnomebase features_check

-REQUIRED_DISTRO_FEATURES = "x11"
+ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}"

SRC_URI[archive.sha256sum] = "e11324bfed1b6e330a02db25cecc145dca03fb0dff47f0710c85e317687da458"

diff --git a/meta-oe/recipes-gnome/atk/atkmm_2.28.2.bb b/meta-oe/recipes-gnome/atk/atkmm_2.28.2.bb
index 1f9c28e530..f6cb0a1e15 100644
--- a/meta-oe/recipes-gnome/atk/atkmm_2.28.2.bb
+++ b/meta-oe/recipes-gnome/atk/atkmm_2.28.2.bb
@@ -11,7 +11,7 @@ GNOMEBASEBUILDCLASS = "meson"

inherit gnomebase features_check

-REQUIRED_DISTRO_FEATURES = "x11"
+ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}"

SRC_URI[archive.sha256sum] = "a0bb49765ceccc293ab2c6735ba100431807d384ffa14c2ebd30e07993fd2fa4"

--
2.36.0


Re: [meta-networking][PATCH] frr: add PACKAGECONFIG for fpm

Yi Zhao
 

On 4/26/22 14:18, Khem Raj wrote:
I am seeing

https://autobuilder.yoctoproject.org/typhoon/#/builders/88/builds/1681

This could be an intermittent failure due to build time race or
related to this change perhaps, I have seen this before too. Can you
look into it ?

OK. I will look into it. Thanks.


//Yi



On Sun, Apr 24, 2022 at 11:30 PM Yi Zhao <yi.zhao@...> wrote:
The Forwarding Plane Manager support is optional, make it as
PACKAGECONFIG.

Signed-off-by: Yi Zhao <yi.zhao@...>
---
meta-networking/recipes-protocols/frr/frr/frr.pam | 2 +-
meta-networking/recipes-protocols/frr/frr_8.2.2.bb | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta-networking/recipes-protocols/frr/frr/frr.pam b/meta-networking/recipes-protocols/frr/frr/frr.pam
index 3541a975a..83c403c2b 100644
--- a/meta-networking/recipes-protocols/frr/frr/frr.pam
+++ b/meta-networking/recipes-protocols/frr/frr/frr.pam
@@ -1,5 +1,5 @@
#
-# The PAM configuration file for the quagga `vtysh' service
+# The PAM configuration file for the frr `vtysh' service
#

# This allows root to change user infomation without being
diff --git a/meta-networking/recipes-protocols/frr/frr_8.2.2.bb b/meta-networking/recipes-protocols/frr/frr_8.2.2.bb
index 91e306f08..b6e180e2c 100644
--- a/meta-networking/recipes-protocols/frr/frr_8.2.2.bb
+++ b/meta-networking/recipes-protocols/frr/frr_8.2.2.bb
@@ -36,6 +36,7 @@ RDEPENDS:${PN}:class-target = "iproute2 python3-core bash"
PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}"
PACKAGECONFIG:class-native = ""

+PACKAGECONFIG[fpm] = "--enable-fpm,--disable-fpm"
PACKAGECONFIG[pam] = "--with-libpam,--without-libpam,libpam"
PACKAGECONFIG[grpc] = "--enable-grpc,--disable-grpc,grpc-native grpc"
PACKAGECONFIG[snmp] = "--enable-snmp,--disable-snmp,net-snmp"
@@ -52,7 +53,6 @@ EXTRA_OECONF:class-target = "--sbindir=${libdir}/frr \
--sysconfdir=${sysconfdir}/frr \
--localstatedir=${localstatedir}/run/frr \
--enable-vtysh \
- --enable-fpm \
--enable-multipath=64 \
--enable-user=frr \
--enable-group=frr \
--
2.25.1



Re: [meta-oe][PATCH v2] nodejs: add option to use openssl legacy providers again

Martin Jansa
 

export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
export NODE_OPTIONS="--openssl-legacy-provider"

is what I'm doing in recipes which need it now.

> you should have a legacy libraries in library loading path already

here it tries to load it from openssl-native WORKDIR which is already removed, maybe that works on target (there I was assuming you were initially testing this), but in native case I need to explicitly set OPENSSL_MODULES.

On Tue, Apr 26, 2022 at 2:45 PM Valek, Andrej <andrej.valek@...> wrote:
Hi,

of course, that i working. But if you're going to use --openssl-legacy-provider, you should have a legacy libraries in library loading path already. Other option is manually set variables in npm-class like:

export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
export NODE_OPTIONS="--openssl-legacy-provider"

Regards,
Andrej

On Tue, 2022-04-26 at 14:37 +0200, Martin Jansa wrote:
Hi,

does this work correctly for you with nodejs-native?

Here it fails to load legacy module:
recipe-sysroot-native/usr/bin/node -p 'crypto.createHash("md4")' --openssl-legacy-provider
Unable to load legacy provider.
node:internal/crypto/hash:67
  this[kHandle] = new _Hash(algorithm, xofLen);
                  ^

Error: error:12800067:DSO support routines::could not load the shared library
    at new Hash (node:internal/crypto/hash:67:19)
    at Object.createHash (node:crypto:130:10)
    at [eval]:1:8
    at Script.runInThisContext (node:vm:129:12)
    at Object.runInThisContext (node:vm:305:38)
    at node:internal/process/execution:76:19
    at [eval]-wrapper:6:22
    at evalScript (node:internal/process/execution:75:60)
    at node:internal/main/eval_string:27:3 {
  opensslErrorStack: [
    'error:03000086:digital envelope routines::initialization error',
    'error:0308010C:digital envelope routines::unsupported',
    'error:078C0105:common libcrypto routines::init fail',
    'error:12800067:DSO support routines::could not load the shared library'
  ],
  library: 'DSO support routines',
  reason: 'could not load the shared library',
  code: 'ERR_OSSL_DSO_COULD_NOT_LOAD_THE_SHARED_LIBRARY'
}

with LD_DEBUG I've found that it is trying to load legacy.so from openssl-native WORKDIR (work/x86_64-linux/openssl-native/3.0.2-r0/recipe-sysroot-native/usr/lib/ossl-modules/legacy.so) which is already removed by rm_work and as work around I need to set OPENSSL_MODULES=$(pwd)/recipe-sysroot-native/usr/lib/ossl-modules/ and then it works:

OPENSSL_MODULES=$(pwd)/recipe-sysroot-native/usr/lib/ossl-modules/ recipe-sysroot-native/usr/bin/node -p 'crypto.createHash("md4")' --openssl-legacy-provider
Hash {
  _options: undefined,
  [Symbol(kHandle)]: Hash {},
  [Symbol(kState)]: { [Symbol(kFinalized)]: false }
}

On Sat, Mar 5, 2022 at 2:17 PM Andrej Valek <andrej.valek@...> wrote:
Current nodejs version v16 does not fully support new OpenSSL, so add option
to use legacy provider.

|   opensslErrorStack: [ 'error:03000086:digital envelope routines::initialization error' ],
|   library: 'digital envelope routines',
|   reason: 'unsupported',
|   code: 'ERR_OSSL_EVP_UNSUPPORTED'

It was blindly removed by upgrade to 16.14.0 version

Signed-off-by: Andrej Valek <andrej.valek@...>
---
 ...5-add-openssl-legacy-provider-option.patch | 151 ++++++++++++++++++
 .../recipes-devtools/nodejs/nodejs_16.14.0.bb |   1 +
 2 files changed, 152 insertions(+)
 create mode 100644 meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch

diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch b/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch
new file mode 100644
index 000000000..5af6c6114
--- /dev/null
+++ b/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch
@@ -0,0 +1,151 @@
+From 86d1c0cc6a5dcf57e413a1cc1c29203e87cf9a14 Mon Sep 17 00:00:00 2001
+From: Daniel Bevenius <daniel.bevenius@...>
+Date: Sat, 16 Oct 2021 08:50:16 +0200
+Subject: [PATCH] src: add --openssl-legacy-provider option
+
+This commit adds an option to Node.js named --openssl-legacy-provider
+and if specified will load OpenSSL 3.0 Legacy provider.
+
+$ ./node --help
+...
+--openssl-legacy-provider  enable OpenSSL 3.0 legacy provider
+
+Example usage:
+
+$ ./node --openssl-legacy-provider  -p 'crypto.createHash("md4")'
+Hash {
+  _options: undefined,
+  [Symbol(kHandle)]: Hash {},
+  [Symbol(kState)]: { [Symbol(kFinalized)]: false }
+}
+
+Co-authored-by: Richard Lau <rlau@...>
+
+Refs: https://github.com/nodejs/node/issues/40455
+---
+ doc/api/cli.md                                         | 10 ++++++++++
+ src/crypto/crypto_util.cc                              | 10 ++++++++++
+ src/node_options.cc                                    | 10 ++++++++++
+ src/node_options.h                                     |  7 +++++++
+ .../test-process-env-allowed-flags-are-documented.js   |  5 +++++
+ 5 files changed, 42 insertions(+)
+
+diff --git a/doc/api/cli.md b/doc/api/cli.md
+index 74057706bf8d..608b9cdeddf1 100644
+--- a/doc/api/cli.md
++++ b/doc/api/cli.md
+@@ -687,6 +687,14 @@ Load an OpenSSL configuration file on startup. Among other uses, this can be
+ used to enable FIPS-compliant crypto if Node.js is built
+ against FIPS-enabled OpenSSL.
+
++### `--openssl-legacy-provider`
++<!-- YAML
++added: REPLACEME
++-->
++
++Enable OpenSSL 3.0 legacy provider. For more information please see
++[providers readme][].
++
+ ### `--pending-deprecation`
+
+ <!-- YAML
+@@ -1544,6 +1552,7 @@ Node.js options that are allowed are:
+ * `--no-warnings`
+ * `--node-memory-debug`
+ * `--openssl-config`
++* `--openssl-legacy-provider`
+ * `--pending-deprecation`
+ * `--policy-integrity`
+ * `--preserve-symlinks-main`
+@@ -1933,6 +1942,7 @@ $ node --max-old-space-size=1536 index.js
+ [emit_warning]: process.md#processemitwarningwarning-options
+ [jitless]: https://v8.dev/blog/jitless
+ [libuv threadpool documentation]: https://docs.libuv.org/en/latest/threadpool.html
++[providers readme]: https://github.com/openssl/openssl/blob/openssl-3.0.0/README-PROVIDERS.md
+ [remote code execution]: https://www.owasp.org/index.php/Code_Injection
+ [security warning]: #warning-binding-inspector-to-a-public-ipport-combination-is-insecure
+ [timezone IDs]: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
+diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc
+index 7e0c8ba3eb60..796ea3025e41 100644
+--- a/src/crypto/crypto_util.cc
++++ b/src/crypto/crypto_util.cc
+@@ -148,6 +148,16 @@ void InitCryptoOnce() {
+   }
+ #endif
+
++#if OPENSSL_VERSION_MAJOR >= 3
++  // --openssl-legacy-provider
++  if (per_process::cli_options->openssl_legacy_provider) {
++    OSSL_PROVIDER* legacy_provider = OSSL_PROVIDER_load(nullptr, "legacy");
++    if (legacy_provider == nullptr) {
++      fprintf(stderr, "Unable to load legacy provider.\n");
++    }
++  }
++#endif
++
+   OPENSSL_init_ssl(0, settings);
+   OPENSSL_INIT_free(settings);
+   settings = nullptr;
+diff --git a/src/node_options.cc b/src/node_options.cc
+index 00bdc6688a4c..3363860919a9 100644
+--- a/src/node_options.cc
++++ b/src/node_options.cc
+@@ -4,6 +4,9 @@
+ #include "env-inl.h"
+ #include "node_binding.h"
+ #include "node_internals.h"
++#if HAVE_OPENSSL
++#include "openssl/opensslv.h"
++#endif
+
+ #include <errno.h>
+ #include <sstream>
+diff --git a/src/node_options.h b/src/node_options.h
+index fd772478d04d..1c0e018ab16f 100644
+--- a/src/node_options.h
++++ b/src/node_options.h
+@@ -11,6 +11,10 @@
+ #include "node_mutex.h"
+ #include "util.h"
+
++#if HAVE_OPENSSL
++#include "openssl/opensslv.h"
++#endif
++
+ namespace node {
+
+ class HostPort {
+@@ -251,6 +255,9 @@ class PerProcessOptions : public Options {
+   bool enable_fips_crypto = false;
+   bool force_fips_crypto = false;
+ #endif
++#if OPENSSL_VERSION_MAJOR >= 3
++  bool openssl_legacy_provider = false;
++#endif
+
+   // Per-process because reports can be triggered outside a known V8 context.
+   bool report_on_fatalerror = false;
+diff --git a/test/parallel/test-process-env-allowed-flags-are-documented.js b/test/parallel/test-process-env-allowed-flags-are-documented.js
+index 64626b71f019..8a4e35997907 100644
+--- a/test/parallel/test-process-env-allowed-flags-are-documented.js
++++ b/test/parallel/test-process-env-allowed-flags-are-documented.js
+@@ -43,6 +43,10 @@ for (const line of [...nodeOptionsLines, ...v8OptionsLines]) {
+   }
+ }
+
++if (!common.hasOpenSSL3) {
++  documented.delete('--openssl-legacy-provider');
++}
++
+ // Filter out options that are conditionally present.
+ const conditionalOpts = [
+   {
+@@ -50,6 +54,7 @@ const conditionalOpts = [
+     filter: (opt) => {
+       return [
+         '--openssl-config',
++        common.hasOpenSSL3 ? '--openssl-legacy-provider' : '',
+         '--tls-cipher-list',
+         '--use-bundled-ca',
+         '--use-openssl-ca',
+
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs_16.14.0.bb b/meta-oe/recipes-devtools/nodejs/nodejs_16.14.0.bb
index 9514ec499..7b9644ec8 100644
--- a/meta-oe/recipes-devtools/nodejs/nodejs_16.14.0.bb
+++ b/meta-oe/recipes-devtools/nodejs/nodejs_16.14.0.bb
@@ -20,6 +20,7 @@ SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \
            file://0001-Disable-running-gyp-files-for-bundled-deps.patch \
            file://0002-Install-both-binaries-and-use-libdir.patch \
            file://0004-v8-don-t-override-ARM-CFLAGS.patch \
+           file://0005-add-openssl-legacy-provider-option.patch \
            file://big-endian.patch \
            file://mips-less-memory.patch \
            file://system-c-ares.patch \


Re: [meta-oe][PATCH v2] nodejs: add option to use openssl legacy providers again

Andrej Valek
 

Hi,

of course, that i working. But if you're going to use --openssl-legacy-provider, you should have a legacy libraries in library loading path already. Other option is manually set variables in npm-class like:

export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
export NODE_OPTIONS="--openssl-legacy-provider"

Regards,
Andrej

On Tue, 2022-04-26 at 14:37 +0200, Martin Jansa wrote:

Hi,

does this work correctly for you with nodejs-native?

Here it fails to load legacy module:
recipe-sysroot-native/usr/bin/node -p 'crypto.createHash("md4")' --openssl-legacy-provider
Unable to load legacy provider.
node:internal/crypto/hash:67
  this[kHandle] = new _Hash(algorithm, xofLen);
                  ^

Error: error:12800067:DSO support routines::could not load the shared library
    at new Hash (node:internal/crypto/hash:67:19)
    at Object.createHash (node:crypto:130:10)
    at [eval]:1:8
    at Script.runInThisContext (node:vm:129:12)
    at Object.runInThisContext (node:vm:305:38)
    at node:internal/process/execution:76:19
    at [eval]-wrapper:6:22
    at evalScript (node:internal/process/execution:75:60)
    at node:internal/main/eval_string:27:3 {
  opensslErrorStack: [
    'error:03000086:digital envelope routines::initialization error',
    'error:0308010C:digital envelope routines::unsupported',
    'error:078C0105:common libcrypto routines::init fail',
    'error:12800067:DSO support routines::could not load the shared library'
  ],
  library: 'DSO support routines',
  reason: 'could not load the shared library',
  code: 'ERR_OSSL_DSO_COULD_NOT_LOAD_THE_SHARED_LIBRARY'
}

with LD_DEBUG I've found that it is trying to load legacy.so from openssl-native WORKDIR (work/x86_64-linux/openssl-native/3.0.2-r0/recipe-sysroot-native/usr/lib/ossl-modules/legacy.so) which is already removed by rm_work and as work around I need to set OPENSSL_MODULES=$(pwd)/recipe-sysroot-native/usr/lib/ossl-modules/ and then it works:

OPENSSL_MODULES=$(pwd)/recipe-sysroot-native/usr/lib/ossl-modules/ recipe-sysroot-native/usr/bin/node -p 'crypto.createHash("md4")' --openssl-legacy-provider
Hash {
  _options: undefined,
  [Symbol(kHandle)]: Hash {},
  [Symbol(kState)]: { [Symbol(kFinalized)]: false }
}

On Sat, Mar 5, 2022 at 2:17 PM Andrej Valek <andrej.valek@...> wrote:
Current nodejs version v16 does not fully support new OpenSSL, so add option
to use legacy provider.

|   opensslErrorStack: [ 'error:03000086:digital envelope routines::initialization error' ],
|   library: 'digital envelope routines',
|   reason: 'unsupported',
|   code: 'ERR_OSSL_EVP_UNSUPPORTED'

It was blindly removed by upgrade to 16.14.0 version

Signed-off-by: Andrej Valek <andrej.valek@...>
---
 ...5-add-openssl-legacy-provider-option.patch | 151 ++++++++++++++++++
 .../recipes-devtools/nodejs/nodejs_16.14.0.bb |   1 +
 2 files changed, 152 insertions(+)
 create mode 100644 meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch

diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch b/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch
new file mode 100644
index 000000000..5af6c6114
--- /dev/null
+++ b/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch
@@ -0,0 +1,151 @@
+From 86d1c0cc6a5dcf57e413a1cc1c29203e87cf9a14 Mon Sep 17 00:00:00 2001
+From: Daniel Bevenius <daniel.bevenius@...>
+Date: Sat, 16 Oct 2021 08:50:16 +0200
+Subject: [PATCH] src: add --openssl-legacy-provider option
+
+This commit adds an option to Node.js named --openssl-legacy-provider
+and if specified will load OpenSSL 3.0 Legacy provider.
+
+$ ./node --help
+...
+--openssl-legacy-provider  enable OpenSSL 3.0 legacy provider
+
+Example usage:
+
+$ ./node --openssl-legacy-provider  -p 'crypto.createHash("md4")'
+Hash {
+  _options: undefined,
+  [Symbol(kHandle)]: Hash {},
+  [Symbol(kState)]: { [Symbol(kFinalized)]: false }
+}
+
+Co-authored-by: Richard Lau <rlau@...>
+
+Refs: https://github.com/nodejs/node/issues/40455
+---
+ doc/api/cli.md                                         | 10 ++++++++++
+ src/crypto/crypto_util.cc                              | 10 ++++++++++
+ src/node_options.cc                                    | 10 ++++++++++
+ src/node_options.h                                     |  7 +++++++
+ .../test-process-env-allowed-flags-are-documented.js   |  5 +++++
+ 5 files changed, 42 insertions(+)
+
+diff --git a/doc/api/cli.md b/doc/api/cli.md
+index 74057706bf8d..608b9cdeddf1 100644
+--- a/doc/api/cli.md
++++ b/doc/api/cli.md
+@@ -687,6 +687,14 @@ Load an OpenSSL configuration file on startup. Among other uses, this can be
+ used to enable FIPS-compliant crypto if Node.js is built
+ against FIPS-enabled OpenSSL.
+
++### `--openssl-legacy-provider`
++<!-- YAML
++added: REPLACEME
++-->
++
++Enable OpenSSL 3.0 legacy provider. For more information please see
++[providers readme][].
++
+ ### `--pending-deprecation`
+
+ <!-- YAML
+@@ -1544,6 +1552,7 @@ Node.js options that are allowed are:
+ * `--no-warnings`
+ * `--node-memory-debug`
+ * `--openssl-config`
++* `--openssl-legacy-provider`
+ * `--pending-deprecation`
+ * `--policy-integrity`
+ * `--preserve-symlinks-main`
+@@ -1933,6 +1942,7 @@ $ node --max-old-space-size=1536 index.js
+ [emit_warning]: process.md#processemitwarningwarning-options
+ [jitless]: https://v8.dev/blog/jitless
+ [libuv threadpool documentation]: https://docs.libuv.org/en/latest/threadpool.html
++[providers readme]: https://github.com/openssl/openssl/blob/openssl-3.0.0/README-PROVIDERS.md
+ [remote code execution]: https://www.owasp.org/index.php/Code_Injection
+ [security warning]: #warning-binding-inspector-to-a-public-ipport-combination-is-insecure
+ [timezone IDs]: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
+diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc
+index 7e0c8ba3eb60..796ea3025e41 100644
+--- a/src/crypto/crypto_util.cc
++++ b/src/crypto/crypto_util.cc
+@@ -148,6 +148,16 @@ void InitCryptoOnce() {
+   }
+ #endif
+
++#if OPENSSL_VERSION_MAJOR >= 3
++  // --openssl-legacy-provider
++  if (per_process::cli_options->openssl_legacy_provider) {
++    OSSL_PROVIDER* legacy_provider = OSSL_PROVIDER_load(nullptr, "legacy");
++    if (legacy_provider == nullptr) {
++      fprintf(stderr, "Unable to load legacy provider.\n");
++    }
++  }
++#endif
++
+   OPENSSL_init_ssl(0, settings);
+   OPENSSL_INIT_free(settings);
+   settings = nullptr;
+diff --git a/src/node_options.cc b/src/node_options.cc
+index 00bdc6688a4c..3363860919a9 100644
+--- a/src/node_options.cc
++++ b/src/node_options.cc
+@@ -4,6 +4,9 @@
+ #include "env-inl.h"
+ #include "node_binding.h"
+ #include "node_internals.h"
++#if HAVE_OPENSSL
++#include "openssl/opensslv.h"
++#endif
+
+ #include <errno.h>
+ #include <sstream>
+diff --git a/src/node_options.h b/src/node_options.h
+index fd772478d04d..1c0e018ab16f 100644
+--- a/src/node_options.h
++++ b/src/node_options.h
+@@ -11,6 +11,10 @@
+ #include "node_mutex.h"
+ #include "util.h"
+
++#if HAVE_OPENSSL
++#include "openssl/opensslv.h"
++#endif
++
+ namespace node {
+
+ class HostPort {
+@@ -251,6 +255,9 @@ class PerProcessOptions : public Options {
+   bool enable_fips_crypto = false;
+   bool force_fips_crypto = false;
+ #endif
++#if OPENSSL_VERSION_MAJOR >= 3
++  bool openssl_legacy_provider = false;
++#endif
+
+   // Per-process because reports can be triggered outside a known V8 context.
+   bool report_on_fatalerror = false;
+diff --git a/test/parallel/test-process-env-allowed-flags-are-documented.js b/test/parallel/test-process-env-allowed-flags-are-documented.js
+index 64626b71f019..8a4e35997907 100644
+--- a/test/parallel/test-process-env-allowed-flags-are-documented.js
++++ b/test/parallel/test-process-env-allowed-flags-are-documented.js
+@@ -43,6 +43,10 @@ for (const line of [...nodeOptionsLines, ...v8OptionsLines]) {
+   }
+ }
+
++if (!common.hasOpenSSL3) {
++  documented.delete('--openssl-legacy-provider');
++}
++
+ // Filter out options that are conditionally present.
+ const conditionalOpts = [
+   {
+@@ -50,6 +54,7 @@ const conditionalOpts = [
+     filter: (opt) => {
+       return [
+         '--openssl-config',
++        common.hasOpenSSL3 ? '--openssl-legacy-provider' : '',
+         '--tls-cipher-list',
+         '--use-bundled-ca',
+         '--use-openssl-ca',
+
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs_16.14.0.bb b/meta-oe/recipes-devtools/nodejs/nodejs_16.14.0.bb
index 9514ec499..7b9644ec8 100644
--- a/meta-oe/recipes-devtools/nodejs/nodejs_16.14.0.bb
+++ b/meta-oe/recipes-devtools/nodejs/nodejs_16.14.0.bb
@@ -20,6 +20,7 @@ SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \
            file://0001-Disable-running-gyp-files-for-bundled-deps.patch \
            file://0002-Install-both-binaries-and-use-libdir.patch \
            file://0004-v8-don-t-override-ARM-CFLAGS.patch \
+           file://0005-add-openssl-legacy-provider-option.patch \
            file://big-endian.patch \
            file://mips-less-memory.patch \
            file://system-c-ares.patch \


Re: [meta-oe][PATCH v2] nodejs: add option to use openssl legacy providers again

Martin Jansa
 

Hi,

does this work correctly for you with nodejs-native?

Here it fails to load legacy module:
recipe-sysroot-native/usr/bin/node -p 'crypto.createHash("md4")' --openssl-legacy-provider
Unable to load legacy provider.
node:internal/crypto/hash:67
  this[kHandle] = new _Hash(algorithm, xofLen);
                  ^

Error: error:12800067:DSO support routines::could not load the shared library
    at new Hash (node:internal/crypto/hash:67:19)
    at Object.createHash (node:crypto:130:10)
    at [eval]:1:8
    at Script.runInThisContext (node:vm:129:12)
    at Object.runInThisContext (node:vm:305:38)
    at node:internal/process/execution:76:19
    at [eval]-wrapper:6:22
    at evalScript (node:internal/process/execution:75:60)
    at node:internal/main/eval_string:27:3 {
  opensslErrorStack: [
    'error:03000086:digital envelope routines::initialization error',
    'error:0308010C:digital envelope routines::unsupported',
    'error:078C0105:common libcrypto routines::init fail',
    'error:12800067:DSO support routines::could not load the shared library'
  ],
  library: 'DSO support routines',
  reason: 'could not load the shared library',
  code: 'ERR_OSSL_DSO_COULD_NOT_LOAD_THE_SHARED_LIBRARY'
}

with LD_DEBUG I've found that it is trying to load legacy.so from openssl-native WORKDIR (work/x86_64-linux/openssl-native/3.0.2-r0/recipe-sysroot-native/usr/lib/ossl-modules/legacy.so) which is already removed by rm_work and as work around I need to set OPENSSL_MODULES=$(pwd)/recipe-sysroot-native/usr/lib/ossl-modules/ and then it works:

OPENSSL_MODULES=$(pwd)/recipe-sysroot-native/usr/lib/ossl-modules/ recipe-sysroot-native/usr/bin/node -p 'crypto.createHash("md4")' --openssl-legacy-provider
Hash {
  _options: undefined,
  [Symbol(kHandle)]: Hash {},
  [Symbol(kState)]: { [Symbol(kFinalized)]: false }
}


On Sat, Mar 5, 2022 at 2:17 PM Andrej Valek <andrej.valek@...> wrote:
Current nodejs version v16 does not fully support new OpenSSL, so add option
to use legacy provider.

|   opensslErrorStack: [ 'error:03000086:digital envelope routines::initialization error' ],
|   library: 'digital envelope routines',
|   reason: 'unsupported',
|   code: 'ERR_OSSL_EVP_UNSUPPORTED'

It was blindly removed by upgrade to 16.14.0 version

Signed-off-by: Andrej Valek <andrej.valek@...>
---
 ...5-add-openssl-legacy-provider-option.patch | 151 ++++++++++++++++++
 .../recipes-devtools/nodejs/nodejs_16.14.0.bb |   1 +
 2 files changed, 152 insertions(+)
 create mode 100644 meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch

diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch b/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch
new file mode 100644
index 000000000..5af6c6114
--- /dev/null
+++ b/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch
@@ -0,0 +1,151 @@
+From 86d1c0cc6a5dcf57e413a1cc1c29203e87cf9a14 Mon Sep 17 00:00:00 2001
+From: Daniel Bevenius <daniel.bevenius@...>
+Date: Sat, 16 Oct 2021 08:50:16 +0200
+Subject: [PATCH] src: add --openssl-legacy-provider option
+
+This commit adds an option to Node.js named --openssl-legacy-provider
+and if specified will load OpenSSL 3.0 Legacy provider.
+
+$ ./node --help
+...
+--openssl-legacy-provider  enable OpenSSL 3.0 legacy provider
+
+Example usage:
+
+$ ./node --openssl-legacy-provider  -p 'crypto.createHash("md4")'
+Hash {
+  _options: undefined,
+  [Symbol(kHandle)]: Hash {},
+  [Symbol(kState)]: { [Symbol(kFinalized)]: false }
+}
+
+Co-authored-by: Richard Lau <rlau@...>
+
+Refs: https://github.com/nodejs/node/issues/40455
+---
+ doc/api/cli.md                                         | 10 ++++++++++
+ src/crypto/crypto_util.cc                              | 10 ++++++++++
+ src/node_options.cc                                    | 10 ++++++++++
+ src/node_options.h                                     |  7 +++++++
+ .../test-process-env-allowed-flags-are-documented.js   |  5 +++++
+ 5 files changed, 42 insertions(+)
+
+diff --git a/doc/api/cli.md b/doc/api/cli.md
+index 74057706bf8d..608b9cdeddf1 100644
+--- a/doc/api/cli.md
++++ b/doc/api/cli.md
+@@ -687,6 +687,14 @@ Load an OpenSSL configuration file on startup. Among other uses, this can be
+ used to enable FIPS-compliant crypto if Node.js is built
+ against FIPS-enabled OpenSSL.
+
++### `--openssl-legacy-provider`
++<!-- YAML
++added: REPLACEME
++-->
++
++Enable OpenSSL 3.0 legacy provider. For more information please see
++[providers readme][].
++
+ ### `--pending-deprecation`
+
+ <!-- YAML
+@@ -1544,6 +1552,7 @@ Node.js options that are allowed are:
+ * `--no-warnings`
+ * `--node-memory-debug`
+ * `--openssl-config`
++* `--openssl-legacy-provider`
+ * `--pending-deprecation`
+ * `--policy-integrity`
+ * `--preserve-symlinks-main`
+@@ -1933,6 +1942,7 @@ $ node --max-old-space-size=1536 index.js
+ [emit_warning]: process.md#processemitwarningwarning-options
+ [jitless]: https://v8.dev/blog/jitless
+ [libuv threadpool documentation]: https://docs.libuv.org/en/latest/threadpool.html
++[providers readme]: https://github.com/openssl/openssl/blob/openssl-3.0.0/README-PROVIDERS.md
+ [remote code execution]: https://www.owasp.org/index.php/Code_Injection
+ [security warning]: #warning-binding-inspector-to-a-public-ipport-combination-is-insecure
+ [timezone IDs]: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
+diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc
+index 7e0c8ba3eb60..796ea3025e41 100644
+--- a/src/crypto/crypto_util.cc
++++ b/src/crypto/crypto_util.cc
+@@ -148,6 +148,16 @@ void InitCryptoOnce() {
+   }
+ #endif
+
++#if OPENSSL_VERSION_MAJOR >= 3
++  // --openssl-legacy-provider
++  if (per_process::cli_options->openssl_legacy_provider) {
++    OSSL_PROVIDER* legacy_provider = OSSL_PROVIDER_load(nullptr, "legacy");
++    if (legacy_provider == nullptr) {
++      fprintf(stderr, "Unable to load legacy provider.\n");
++    }
++  }
++#endif
++
+   OPENSSL_init_ssl(0, settings);
+   OPENSSL_INIT_free(settings);
+   settings = nullptr;
+diff --git a/src/node_options.cc b/src/node_options.cc
+index 00bdc6688a4c..3363860919a9 100644
+--- a/src/node_options.cc
++++ b/src/node_options.cc
+@@ -4,6 +4,9 @@
+ #include "env-inl.h"
+ #include "node_binding.h"
+ #include "node_internals.h"
++#if HAVE_OPENSSL
++#include "openssl/opensslv.h"
++#endif
+
+ #include <errno.h>
+ #include <sstream>
+diff --git a/src/node_options.h b/src/node_options.h
+index fd772478d04d..1c0e018ab16f 100644
+--- a/src/node_options.h
++++ b/src/node_options.h
+@@ -11,6 +11,10 @@
+ #include "node_mutex.h"
+ #include "util.h"
+
++#if HAVE_OPENSSL
++#include "openssl/opensslv.h"
++#endif
++
+ namespace node {
+
+ class HostPort {
+@@ -251,6 +255,9 @@ class PerProcessOptions : public Options {
+   bool enable_fips_crypto = false;
+   bool force_fips_crypto = false;
+ #endif
++#if OPENSSL_VERSION_MAJOR >= 3
++  bool openssl_legacy_provider = false;
++#endif
+
+   // Per-process because reports can be triggered outside a known V8 context.
+   bool report_on_fatalerror = false;
+diff --git a/test/parallel/test-process-env-allowed-flags-are-documented.js b/test/parallel/test-process-env-allowed-flags-are-documented.js
+index 64626b71f019..8a4e35997907 100644
+--- a/test/parallel/test-process-env-allowed-flags-are-documented.js
++++ b/test/parallel/test-process-env-allowed-flags-are-documented.js
+@@ -43,6 +43,10 @@ for (const line of [...nodeOptionsLines, ...v8OptionsLines]) {
+   }
+ }
+
++if (!common.hasOpenSSL3) {
++  documented.delete('--openssl-legacy-provider');
++}
++
+ // Filter out options that are conditionally present.
+ const conditionalOpts = [
+   {
+@@ -50,6 +54,7 @@ const conditionalOpts = [
+     filter: (opt) => {
+       return [
+         '--openssl-config',
++        common.hasOpenSSL3 ? '--openssl-legacy-provider' : '',
+         '--tls-cipher-list',
+         '--use-bundled-ca',
+         '--use-openssl-ca',
+
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs_16.14.0.bb b/meta-oe/recipes-devtools/nodejs/nodejs_16.14.0.bb
index 9514ec499..7b9644ec8 100644
--- a/meta-oe/recipes-devtools/nodejs/nodejs_16.14.0.bb
+++ b/meta-oe/recipes-devtools/nodejs/nodejs_16.14.0.bb
@@ -20,6 +20,7 @@ SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \
            file://0001-Disable-running-gyp-files-for-bundled-deps.patch \
            file://0002-Install-both-binaries-and-use-libdir.patch \
            file://0004-v8-don-t-override-ARM-CFLAGS.patch \
+           file://0005-add-openssl-legacy-provider-option.patch \
            file://big-endian.patch \
            file://mips-less-memory.patch \
            file://system-c-ares.patch \
--
2.34.1





Re: CVE-check failing on world with meta-openembedded: diff.gz file

Marta Rybczynska
 



On Fri, Apr 22, 2022 at 11:07 AM Marta Rybczynska <rybczynska@...> wrote:
Dear all,
We're running cve-check on a world build containing oe-core, meta-oe and more. We have an issue with the lockdev recipe (meta-openembedded/meta-oe/recipes-support/lockdev/lockdev_1.0.3.bb), which causes a fail like below:

$ bitbake world --runonly=do_cve_check
ERROR: lockdev-1_1.0.3-r0 do_cve_check: File Not found: <path>lockdev/1_1.0.3-r0/lockdev_1.0.3-1.6.diff
ERROR: lockdev-1_1.0.3-r0 do_cve_check: Failure in searching patches
ERROR: Logfile of failure stored in: <path>/lockdev/1_1.0.3-r0/temp/log.do_cve_check.8709
ERROR: Task (<path>/meta-openembedded/meta-oe/recipes-support/lockdev/lockdev_1.0.3.bb:do_cve_check) failed with exit code '1'

The issue is caused by the fact that lockdev_1.0.3-1.6.diff is missing. When we look into the recipe, it is downloading lockdev_1.0.3-1.6.diff.gz file Please note the additional extension.

Stripping the extension comes from oe-core/meta/oe/patch.py, from the patch_path function, which is figuring out if a file is a patch, and returning the local path if it is so. However, at the moment when we do_cve_check, the .gz file is not uncompressed.

I'm wondering how to solve it.
1. Add a dependency to make sure eventual patch files are decompressed first?
2. Do not consider this as a patch file in the scope of cve-check ? (this is more a part of the source then an actual patch that might be fixing a CVE)

This is the only case like that we have in the build. Please note that removing ".diff" from the extension list in patch_path() is solving the issue.

Any comments or suggestions?


Khem,
Any feedback about this? From the history it looks like it was you who changed the recipe to use the .diff.gz file.

Thanks in advance,
Marta


[meta-multimedia][PATCH] pipewire: Upgrade to version 0.3.50

Carlos Rafael Giani
 

This is a bugfix release. Notably, this makes pw-dot work again - it
required workarounds via pw-dump to output a non-empty dot graph in 0.3.4=
9.

Full changelog:

https://gitlab.freedesktop.org/pipewire/pipewire/-/releases/0.3.50

0001-meson-Add-option-to-enable-disable-legacy-RTKit-modu.patch
is no no longer needed since it has been merged and is part of 0.3.50.

Signed-off-by: Carlos Rafael Giani <crg7475@...>
---
...-to-enable-disable-legacy-RTKit-modu.patch | 44 -------------------
...{pipewire_0.3.49.bb =3D> pipewire_0.3.50.bb} | 6 +--
2 files changed, 2 insertions(+), 48 deletions(-)
delete mode 100644 meta-multimedia/recipes-multimedia/pipewire/files/000=
1-meson-Add-option-to-enable-disable-legacy-RTKit-modu.patch
rename meta-multimedia/recipes-multimedia/pipewire/{pipewire_0.3.49.bb =3D=
pipewire_0.3.50.bb} (98%)
diff --git a/meta-multimedia/recipes-multimedia/pipewire/files/0001-meson=
-Add-option-to-enable-disable-legacy-RTKit-modu.patch b/meta-multimedia/r=
ecipes-multimedia/pipewire/files/0001-meson-Add-option-to-enable-disable-=
legacy-RTKit-modu.patch
deleted file mode 100644
index 61bcdb3dd..000000000
--- a/meta-multimedia/recipes-multimedia/pipewire/files/0001-meson-Add-op=
tion-to-enable-disable-legacy-RTKit-modu.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From b311f9e75f13205fd0738f7e89fd2062b9e7b237 Mon Sep 17 00:00:00 2001
-From: Carlos Rafael Giani <crg7475@...>
-Date: Wed, 30 Mar 2022 19:44:38 +0200
-Subject: [PATCH] meson: Add option to enable/disable legacy RTKit module
-
-The RTKit module is being replaced by the RT module. Currently, it is
-always built if D-Bus is present. For packagers, it can be beneficial to
-be able to disable the legacy module. Add a Meson option to allow for
-exactly that. Make it enabled by default to not change default behavior.
-
-Upstream-Status: Submitted [https://gitlab.freedesktop.org/pipewire/pipe=
wire/-/merge_requests/1204]
----
- meson_options.txt | 4 ++++
- src/modules/meson.build | 2 +-
- 2 files changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/meson_options.txt b/meson_options.txt
-index 49d5b2203..2687bfe7e 100644
---- a/meson_options.txt
-+++ b/meson_options.txt
-@@ -237,3 +237,7 @@ option('libcanberra',
- description: 'Enable code that depends on libcanberra',
- type: 'feature',
- value: 'auto')
-+option('legacy-rtkit',
-+ description: 'Build legacy rtkit module',
-+ type: 'boolean',
-+ value: 'true')
-diff --git a/src/modules/meson.build b/src/modules/meson.build
-index ee724bf52..2d26cc459 100644
---- a/src/modules/meson.build
-+++ b/src/modules/meson.build
-@@ -139,7 +139,7 @@ pipewire_module_rt =3D shared_library('pipewire-modu=
le-rt', [ 'module-rt.c' ],
- dependencies : [dbus_dep, mathlib, dl_lib, pipewire_dep],
- )
-=20
--build_module_rtkit =3D dbus_dep.found()
-+build_module_rtkit =3D dbus_dep.found() and (get_option('legacy-rtkit')=
=3D=3D true)
- if build_module_rtkit
- # TODO: This serves as a temporary alias to prevent breaking existing s=
etups
- # while `module-rtkit` is being migrated to `module-rt`
---=20
-2.32.0
-
diff --git a/meta-multimedia/recipes-multimedia/pipewire/pipewire_0.3.49.=
bb b/meta-multimedia/recipes-multimedia/pipewire/pipewire_0.3.50.bb
similarity index 98%
rename from meta-multimedia/recipes-multimedia/pipewire/pipewire_0.3.49.b=
b
rename to meta-multimedia/recipes-multimedia/pipewire/pipewire_0.3.50.bb
index b821f4400..0d725b9ee 100644
--- a/meta-multimedia/recipes-multimedia/pipewire/pipewire_0.3.49.bb
+++ b/meta-multimedia/recipes-multimedia/pipewire/pipewire_0.3.50.bb
@@ -13,10 +13,8 @@ LIC_FILES_CHKSUM =3D " \
=20
DEPENDS =3D "dbus ncurses"
=20
-SRCREV =3D "075e7b266876802eab0077afd13ea8e1cee5e1fd"
-SRC_URI =3D "git://gitlab.freedesktop.org/pipewire/pipewire.git;branch=3D=
master;protocol=3Dhttps \
- file://0001-meson-Add-option-to-enable-disable-legacy-RTKit-m=
odu.patch \
- "
+SRCREV =3D "64cf5e80e6240284e6b757907b900507fe56f1b5"
+SRC_URI =3D "git://gitlab.freedesktop.org/pipewire/pipewire.git;branch=3D=
master;protocol=3Dhttps"
=20
S =3D "${WORKDIR}/git"
=20
--=20
2.32.0


Re: [meta-oe][PATCH V2] cdrkit: add new option -eltorito-platform for genimageiso

hongxu
 

Thanks for pointing out the license issue, this patch ports from 4 source files of cdrtools,
and both of them are `either GPL version 2, or (at your option) any later version.'

https://github.com/jobermayr/cdrtools/blob/master/mkisofs/mkisofs.c#L16
https://github.com/jobermayr/cdrtools/blob/master/mkisofs/mkisofs.h#L10
https://github.com/jobermayr/cdrtools/blob/master/mkisofs/iso9660.h#L11
https://github.com/jobermayr/cdrtools/blob/master/mkisofs/eltorito.c#L17

Both of cdrtools(2013)[1] and cdrkit(2010)[2] are not alive, I do not plan to send it to upstream cdrkit



//Hongxu

From: openembedded-devel@... <openembedded-devel@...> on behalf of Ross Burton <ross.burton@...>
Sent: Tuesday, April 26, 2022 4:27 PM
To: Jia, Hongxu <Hongxu.Jia@...>; raj.khem@... <raj.khem@...>
Cc: openembedded-devel@... <openembedded-devel@...>
Subject: Re: [oe] [meta-oe][PATCH V2] cdrkit: add new option -eltorito-platform for genimageiso
 

[Please note: This e-mail is from an EXTERNAL e-mail address]

Have you carefully examined the license of the files that you’re copying from mkisofs: the cdrkit fork exists specifically because cdrtools relicensed to CDDL[1] which is GPL-incompatible.

 

Also, are we going to be carrying this forever, or is upstream cdrkit going to merge the same code?

 

Ross

[1] https://lwn.net/Articles/195167/

 

From: openembedded-devel@... <openembedded-devel@...> on behalf of hongxu via lists.openembedded.org <hongxu.jia=windriver.com@...>
Date: Tuesday, 26 April 2022 at 08:42
To: raj.khem@... <raj.khem@...>
Cc: openembedded-devel@... <openembedded-devel@...>
Subject: [oe] [meta-oe][PATCH V2] cdrkit: add new option -eltorito-platform for genimageiso

Mkisofs/genimageiso now correctly supports El Torito multi boot entries by
introducing a Boot Dection Header before a list of alternate boot entries.

New option -eltorito-platform allows to set the El Torito platform id
for a boot entry or for a list of boot entries. Supported values for
the parameter are:
-   x86 the standard value vor x86 based PCs
-   PPC the Power PC platform
-   Mac The Apple Mac platform
-   efi EFI based boot for PCs
-   #   an arbitrary numerical value

Port implement from cdrtools:
https://github.com/jobermayr/cdrtools/commit/a50804fd61d75eb689a515dbfca6968ca2296fd7

Signed-off-by: Hongxu Jia <hongxu.jia@...>
---
 .../cdrkit/cdrkit_1.1.11.bb                   |   1 +
 ...001-add-new-option-eltorito-platform.patch | 335 ++++++++++++++++++
 2 files changed, 336 insertions(+)
 create mode 100644 meta-oe/recipes-multimedia/cdrkit/files/0001-add-new-option-eltorito-platform.patch

diff --git a/meta-oe/recipes-multimedia/cdrkit/cdrkit_1.1.11.bb b/meta-oe/recipes-multimedia/cdrkit/cdrkit_1.1.11.bb
index dd0405c95..757f99d1f 100644
--- a/meta-oe/recipes-multimedia/cdrkit/cdrkit_1.1.11.bb
+++ b/meta-oe/recipes-multimedia/cdrkit/cdrkit_1.1.11.bb
@@ -11,6 +11,7 @@ SRC_URI = "${DEBIAN_MIRROR}/main/c/${BPN}/${BPN}_${PV}.orig.tar.gz \
            file://0001-define-__THROW-to-avoid-build-issue-with-musl.patch \
            file://0002-Do-not-use-rcmd-on-build-with-musl.patch \
            file://0001-genisoimage-Add-missing-extern-definition.patch \
+           file://0001-add-new-option-eltorito-platform.patch \
            "
 SRC_URI:append:class-nativesdk = " \
            file://0001-install-netscsid-to-bin-for-nativesdk.patch \
diff --git a/meta-oe/recipes-multimedia/cdrkit/files/0001-add-new-option-eltorito-platform.patch b/meta-oe/recipes-multimedia/cdrkit/files/0001-add-new-option-eltorito-platform.patch
new file mode 100644
index 000000000..dac3328a4
--- /dev/null
+++ b/meta-oe/recipes-multimedia/cdrkit/files/0001-add-new-option-eltorito-platform.patch
@@ -0,0 +1,335 @@
+From 5a2d571f3687910260c45841725f2deb84c8f12e Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@...>
+Date: Mon, 25 Apr 2022 18:18:00 +0800
+Subject: [PATCH] add new option -eltorito-platform
+
+Mkisofs now correctly supports El Torito multi boot entries by introducing
+a Boot Dection Header before a list of alternate boot entries.
+
+New option -eltorito-platform allows to set the El Torito platform id
+for a boot entry or for a list of boot entries. Supported values for
+the parameter are:
+-   x86 the standard value vor x86 based PCs
+-   PPC the Power PC platform
+-   Mac The Apple Mac platform
+-   efi EFI based boot for PCs
+-   #   an arbitrary numerical value
+
+Upstream-Status: Inappropriate [port from cdrtools]
+https://github.com/jobermayr/cdrtools/commit/a50804fd61d75eb689a515dbfca6968ca2296fd7
+
+Signed-off-by: Hongxu Jia <hongxu.jia@...>
+---
+ genisoimage/eltorito.c    | 73 +++++++++++++++++++++++++++++++++++++--
+ genisoimage/genisoimage.c | 47 +++++++++++++++++++++++++
+ genisoimage/genisoimage.h |  8 +++++
+ genisoimage/iso9660.h     | 33 ++++++++++++++++--
+ 4 files changed, 157 insertions(+), 4 deletions(-)
+
+diff --git a/genisoimage/eltorito.c b/genisoimage/eltorito.c
+index d52e17e..a804988 100644
+--- a/genisoimage/eltorito.c
++++ b/genisoimage/eltorito.c
+@@ -56,6 +56,7 @@ static unsigned int bcat_de_flags;
+ void  init_boot_catalog(const char *path);
+ void  insert_boot_cat(void);
+ static        void    get_torito_desc(struct eltorito_boot_descriptor *boot_desc);
++static        void    fill_boot_shdr(struct eltorito_sectionheader_entry *boot_shdr_entry, int arch);
+ static        void    fill_boot_desc(struct eltorito_defaultboot_entry *boot_desc_entry,
+                                                                                struct eltorito_boot_entry_info *boot_entry);
+ void  get_boot_entry(void);
+@@ -282,7 +283,14 @@ get_torito_desc(struct eltorito_boot_descriptor *boot_desc)
+        struct directory_entry  *de2;   /* Boot catalog */
+        int                     i;
+        int                     offset;
++      int                     arch = 0;
++      int                     nentries = 0;
+        struct eltorito_defaultboot_entry boot_desc_record;
++      struct eltorito_sectionheader_entry boot_shdr_record;
++#ifdef __needed__
++      struct eltorito_section_entry boot_section_record;
++#endif
++      struct eltorito_sectionheader_entry *last_section_header = 0;
+
+        memset(boot_desc, 0, sizeof (*boot_desc));
+        boot_desc->type[0] = 0;
+@@ -311,13 +319,22 @@ get_torito_desc(struct eltorito_boot_descriptor *boot_desc)
+        set_731(boot_desc->bootcat_ptr,
+                (unsigned int) get_733(de2->isorec.extent));
+
++      /*
++       * If the platform id for the first (default) boot entry has not been
++       * explicitly set, we default to EL_TORITO_ARCH_x86
++       */
++      if ((first_boot_entry->type & ELTORITO_BOOT_ID) == 0) {
++              first_boot_entry->boot_platform = EL_TORITO_ARCH_x86;
++      }
++      arch = first_boot_entry->boot_platform;
++
+        /*
+         * we have the boot image, so write boot catalog information
+         * Next we write out the primary descriptor for the disc
+         */
+        memset(&valid_desc, 0, sizeof (valid_desc));
+        valid_desc.headerid[0] = 1;
+-      valid_desc.arch[0] = EL_TORITO_ARCH_x86;
++      valid_desc.arch[0] = arch;  /* Platform id for the default boot */
+
+        /*
+         * we'll shove start of publisher id into id field,
+@@ -351,8 +368,17 @@ get_torito_desc(struct eltorito_boot_descriptor *boot_desc)
+                current_boot_entry != NULL;
+                current_boot_entry = current_boot_entry->next,
+                offset += sizeof (boot_desc_record)) {
++              int newarch = arch;
+
+-              if (offset >= SECTOR_SIZE) {
++              if (current_boot_entry->type & ELTORITO_BOOT_ID)
++                      newarch = current_boot_entry->boot_platform;
++              else
++                      current_boot_entry->boot_platform = arch;
++
++              /*
++               * El Torito has no such limitation but we currently have...
++               */
++              if (offset >= (SECTOR_SIZE - sizeof (boot_desc_record))) {
+ #ifdef        USE_LIBSCHILY
+                        comerrno(EX_BAD,
+                        "Too many El Torito boot entries\n");
+@@ -362,12 +388,53 @@ get_torito_desc(struct eltorito_boot_descriptor *boot_desc)
+                        exit(1);
+ #endif
+                }
++
++              if (current_boot_entry == first_boot_entry) {
++                      ;
++                      /* EMPTY */
++              } else if ((current_boot_entry == first_boot_entry->next) ||
++                          (arch != newarch) ||
++                          (current_boot_entry->type & ELTORITO_SECTION_HEADER)) {
++                      if (last_section_header)
++                              set_721(&last_section_header->entry_count, nentries);
++                      nentries = 1;
++                      last_section_header = (struct eltorito_sectionheader_entry *)
++                                                      (de2->table + offset);
++                      fill_boot_shdr(&boot_shdr_record, newarch);
++                      memcpy(de2->table + offset, &boot_shdr_record,
++                                              sizeof (boot_shdr_record));
++                      offset += sizeof (boot_desc_record);
++              } else {
++                      nentries++; /* Add entry to this section header */
++              }
++              /*
++               * This works because a section entry has the same essential
++               * layout as a default entry (and we do not populate the
++               * selection criteria fields).
++               */
++
+                fill_boot_desc(&boot_desc_record, current_boot_entry);
+                memcpy(de2->table + offset, &boot_desc_record,
+                                        sizeof (boot_desc_record));
+        }
++
++      if (last_section_header) {
++              set_721(&last_section_header->entry_count, nentries);
++              last_section_header->header_id[0] = EL_TORITO_SHDR_ID_LAST_SHDR;
++      }
++
+ }/* get_torito_desc(... */
+
++static void
++fill_boot_shdr(boot_shdr_entry, arch)
++      struct eltorito_sectionheader_entry *boot_shdr_entry;
++      int                 arch;
++{
++      memset(boot_shdr_entry, 0, sizeof(struct eltorito_sectionheader_entry));
++      boot_shdr_entry->header_id[0] = EL_TORITO_SHDR_ID_SHDR;
++      boot_shdr_entry->platform_id[0] = arch;
++}
++
+ static void
+ fill_boot_desc(struct eltorito_defaultboot_entry *boot_desc_entry,
+                                        struct eltorito_boot_entry_info *boot_entry)
+@@ -678,7 +745,9 @@ get_boot_entry()
+        if (!first_boot_entry) {
+                first_boot_entry = current_boot_entry;
+                last_boot_entry = current_boot_entry;
++              current_boot_entry->boot_platform = EL_TORITO_ARCH_x86;
+        } else {
++              current_boot_entry->boot_platform = last_boot_entry->boot_platform;
+                last_boot_entry->next = current_boot_entry;
+                last_boot_entry = current_boot_entry;
+        }
+diff --git a/genisoimage/genisoimage.c b/genisoimage/genisoimage.c
+index 9089081..84ac3c2 100644
+--- a/genisoimage/genisoimage.c
++++ b/genisoimage/genisoimage.c
+@@ -271,6 +271,8 @@ struct rcopts {
+        char            **variable;
+ };
+
++static int get_boot_platid(char *opt_arg);
++
+ struct rcopts rcopt[] = {
+        {"PREP", &preparer},
+        {"PUBL", &publisher},
+@@ -404,6 +406,7 @@ struct ld_option {
+
+ #define       OPTION_ALLOW_LEADING_DOTS       1070
+ #define       OPTION_PUBLISHER                1071
++#define       OPTION_PLATFORM                 1072
+
+ #ifdef                JIGDO_TEMPLATE
+ #define       OPTION_JTT_OUTPUT               1101
+@@ -528,6 +531,8 @@ static const struct ld_option ld_options[] =
+        'b', "FILE", "Set El Torito boot image name", ONE_DASH},
+        {{"eltorito-alt-boot", no_argument, NULL, OPTION_ALT_BOOT},
+        '\0', NULL, "Start specifying alternative El Torito boot parameters", ONE_DASH},
++      {{"eltorito-platform", required_argument, NULL, OPTION_PLATFORM},
++      '\0', "ID", "Set El Torito platform id for the next boot entry", ONE_DASH},
+        {{"sparc-boot", required_argument, NULL, 'B'},
+        'B', "FILES", "Set sparc boot image names", ONE_DASH},
+        {{"sunx86-boot", required_argument, NULL, OPTION_SUNX86BOOT},
+@@ -1558,6 +1563,9 @@ int main(int argc, char *argv[])
+                         */
+                        new_boot_entry();
+                        break;
++              case OPTION_PLATFORM:
++                      get_boot_platid(optarg);
++                      break;
+                case OPTION_BOOTALPHA:
+                        use_alphaboot++;
+                        /* list of pathnames of boot images */
+@@ -3829,3 +3837,42 @@ e_malloc(size_t size)
+      memset(pt, 0, size);
+        return (pt);
+ }
++
++static int
++get_boot_platid(char *opt_arg)
++{
++      long    val;
++      char    *ptr;
++
++      use_eltorito++;
++      if (streql(opt_arg, "x86")) {
++              val = EL_TORITO_ARCH_x86;
++      } else if (streql(opt_arg, "PPC")) {
++              val = EL_TORITO_ARCH_PPC;
++      } else if (streql(opt_arg, "Mac")) {
++              val = EL_TORITO_ARCH_PPC;
++      } else if (streql(opt_arg, "efi")) {
++              val = EL_TORITO_ARCH_EFI;
++      } else {
++              val = strtol(opt_arg, &ptr, 0);
++              if (*ptr || val < 0 || val >= 0x100) {
++                      comerrno(EX_BAD, "Bad boot system ID.\n");
++              }
++      }
++
++      /*
++       * If there is already a boot entry and the boot file name has been set
++       * for this boot entry and the new platform id differs from the
++       * previous value, we start a new boot section.
++       */
++      if (current_boot_entry &&
++          current_boot_entry->boot_image != NULL &&
++          current_boot_entry->boot_platform != val) {
++          new_boot_entry();
++      }
++      get_boot_entry();
++      current_boot_entry->type |= ELTORITO_BOOT_ID;
++      current_boot_entry->boot_platform = val;
++      return (1);
++}
++
+diff --git a/genisoimage/genisoimage.h b/genisoimage/genisoimage.h
+index 82c859b..1170d89 100644
+--- a/genisoimage/genisoimage.h
++++ b/genisoimage/genisoimage.h
+@@ -299,6 +299,14 @@ struct eltorito_boot_entry_info {
+        int             boot_info_table;
+        int             load_size;
+        int             load_addr;
++
++#define       ELTORITO_BOOT_ID    1
++#define       ELTORITO_SECTION_HEADER 2
++      int     type;
++      /*
++       * Valid if (type & ELTORITO_BOOT_ID) != 0
++       */
++      int     boot_platform;
+ };
+
+ extern int    goof;
+diff --git a/genisoimage/iso9660.h b/genisoimage/iso9660.h
+index c74c2a9..61b6fc0 100644
+--- a/genisoimage/iso9660.h
++++ b/genisoimage/iso9660.h
+@@ -62,6 +62,7 @@ struct iso_volume_descriptor {
+ #define       EL_TORITO_ARCH_x86      0
+ #define       EL_TORITO_ARCH_PPC      1
+ #define       EL_TORITO_ARCH_MAC      2
++#define       EL_TORITO_ARCH_EFI      0xEF
+
+ #define       EL_TORITO_BOOTABLE      0x88
+ #define       EL_TORITO_NOT_BOOTABLE  0
+@@ -159,10 +160,15 @@ struct eltorito_boot_descriptor {
+ };
+
+ /* Validation entry for El Torito */
++/*
++ * headerid must be 1
++ * id is the manufacturer ID
++ * cksum to make the sum of all shorts in this record 0
++ */
+ struct eltorito_validation_entry {
+        char headerid                   [ISODCL(1,    1)]; /* 711 */
+        char arch                       [ISODCL(2,    2)];
+-      char pad1                       [ISODCL(3,    4)]; /* 711 */
++      char pad1                       [ISODCL(3,    4)]; /* 721 */
+        char id                         [ISODCL(5,   28)]; /* CD devel/man*/
+        char cksum                      [ISODCL(29,  30)];
+        char key1                       [ISODCL(31,  31)];
+@@ -173,7 +179,7 @@ struct eltorito_validation_entry {
+ struct eltorito_defaultboot_entry {
+        char boot_id                    [ISODCL(1,    1)]; /* 711 */
+        char boot_media                 [ISODCL(2,    2)];
+-      char loadseg                    [ISODCL(3,    4)]; /* 711 */
++      char loadseg                    [ISODCL(3,    4)]; /* 721 */
+        char sys_type                   [ISODCL(5,    5)];
+        char pad1                       [ISODCL(6,    6)];
+        char nsect                      [ISODCL(7,    8)];
+@@ -181,6 +187,29 @@ struct eltorito_defaultboot_entry {
+        char pad2                       [ISODCL(13,  32)];
+ };
+
++/* El Torito section header entry in boot catalog */
++struct eltorito_sectionheader_entry {
++#define    EL_TORITO_SHDR_ID_SHDR      0x90
++#define    EL_TORITO_SHDR_ID_LAST_SHDR 0x91
++      char header_id          [ISODCL(1,    1)]; /* 711 */
++      char platform_id        [ISODCL(2,    2)];
++      char entry_count        [ISODCL(3,    4)]; /* 721 */
++      char id             [ISODCL(5,   32)];
++};
++
++/* El Torito section entry in boot catalog */
++struct eltorito_section_entry {
++      char boot_id            [ISODCL(1,    1)]; /* 711 */
++      char boot_media         [ISODCL(2,    2)];
++      char loadseg            [ISODCL(3,    4)]; /* 721 */
++      char sys_type           [ISODCL(5,    5)];
++      char pad1           [ISODCL(6,    6)];
++      char nsect          [ISODCL(7,    8)];
++      char bootoff            [ISODCL(9,   12)];
++      char sel_criteria       [ISODCL(13,  13)];
++      char vendor_sel_criteria    [ISODCL(14,  32)];
++};
++
+ /*
+  * XXX JS: The next two structures have odd lengths!
+  * Some compilers (e.g. on Sun3/mc68020) padd the structures to even length.
+--
+2.27.0
+
--
2.27.0

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.


Re: [meta-oe][PATCH V2] cdrkit: add new option -eltorito-platform for genimageiso

Ross Burton
 

Have you carefully examined the license of the files that you’re copying from mkisofs: the cdrkit fork exists specifically because cdrtools relicensed to CDDL[1] which is GPL-incompatible.

 

Also, are we going to be carrying this forever, or is upstream cdrkit going to merge the same code?

 

Ross

[1] https://lwn.net/Articles/195167/

 

From: openembedded-devel@... <openembedded-devel@...> on behalf of hongxu via lists.openembedded.org <hongxu.jia=windriver.com@...>
Date: Tuesday, 26 April 2022 at 08:42
To: raj.khem@... <raj.khem@...>
Cc: openembedded-devel@... <openembedded-devel@...>
Subject: [oe] [meta-oe][PATCH V2] cdrkit: add new option -eltorito-platform for genimageiso

Mkisofs/genimageiso now correctly supports El Torito multi boot entries by
introducing a Boot Dection Header before a list of alternate boot entries.

New option -eltorito-platform allows to set the El Torito platform id
for a boot entry or for a list of boot entries. Supported values for
the parameter are:
-   x86 the standard value vor x86 based PCs
-   PPC the Power PC platform
-   Mac The Apple Mac platform
-   efi EFI based boot for PCs
-   #   an arbitrary numerical value

Port implement from cdrtools:
https://github.com/jobermayr/cdrtools/commit/a50804fd61d75eb689a515dbfca6968ca2296fd7

Signed-off-by: Hongxu Jia <hongxu.jia@...>
---
 .../cdrkit/cdrkit_1.1.11.bb                   |   1 +
 ...001-add-new-option-eltorito-platform.patch | 335 ++++++++++++++++++
 2 files changed, 336 insertions(+)
 create mode 100644 meta-oe/recipes-multimedia/cdrkit/files/0001-add-new-option-eltorito-platform.patch

diff --git a/meta-oe/recipes-multimedia/cdrkit/cdrkit_1.1.11.bb b/meta-oe/recipes-multimedia/cdrkit/cdrkit_1.1.11.bb
index dd0405c95..757f99d1f 100644
--- a/meta-oe/recipes-multimedia/cdrkit/cdrkit_1.1.11.bb
+++ b/meta-oe/recipes-multimedia/cdrkit/cdrkit_1.1.11.bb
@@ -11,6 +11,7 @@ SRC_URI = "${DEBIAN_MIRROR}/main/c/${BPN}/${BPN}_${PV}.orig.tar.gz \
            file://0001-define-__THROW-to-avoid-build-issue-with-musl.patch \
            file://0002-Do-not-use-rcmd-on-build-with-musl.patch \
            file://0001-genisoimage-Add-missing-extern-definition.patch \
+           file://0001-add-new-option-eltorito-platform.patch \
            "
 SRC_URI:append:class-nativesdk = " \
            file://0001-install-netscsid-to-bin-for-nativesdk.patch \
diff --git a/meta-oe/recipes-multimedia/cdrkit/files/0001-add-new-option-eltorito-platform.patch b/meta-oe/recipes-multimedia/cdrkit/files/0001-add-new-option-eltorito-platform.patch
new file mode 100644
index 000000000..dac3328a4
--- /dev/null
+++ b/meta-oe/recipes-multimedia/cdrkit/files/0001-add-new-option-eltorito-platform.patch
@@ -0,0 +1,335 @@
+From 5a2d571f3687910260c45841725f2deb84c8f12e Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@...>
+Date: Mon, 25 Apr 2022 18:18:00 +0800
+Subject: [PATCH] add new option -eltorito-platform
+
+Mkisofs now correctly supports El Torito multi boot entries by introducing
+a Boot Dection Header before a list of alternate boot entries.
+
+New option -eltorito-platform allows to set the El Torito platform id
+for a boot entry or for a list of boot entries. Supported values for
+the parameter are:
+-   x86 the standard value vor x86 based PCs
+-   PPC the Power PC platform
+-   Mac The Apple Mac platform
+-   efi EFI based boot for PCs
+-   #   an arbitrary numerical value
+
+Upstream-Status: Inappropriate [port from cdrtools]
+https://github.com/jobermayr/cdrtools/commit/a50804fd61d75eb689a515dbfca6968ca2296fd7
+
+Signed-off-by: Hongxu Jia <hongxu.jia@...>
+---
+ genisoimage/eltorito.c    | 73 +++++++++++++++++++++++++++++++++++++--
+ genisoimage/genisoimage.c | 47 +++++++++++++++++++++++++
+ genisoimage/genisoimage.h |  8 +++++
+ genisoimage/iso9660.h     | 33 ++++++++++++++++--
+ 4 files changed, 157 insertions(+), 4 deletions(-)
+
+diff --git a/genisoimage/eltorito.c b/genisoimage/eltorito.c
+index d52e17e..a804988 100644
+--- a/genisoimage/eltorito.c
++++ b/genisoimage/eltorito.c
+@@ -56,6 +56,7 @@ static unsigned int bcat_de_flags;
+ void  init_boot_catalog(const char *path);
+ void  insert_boot_cat(void);
+ static        void    get_torito_desc(struct eltorito_boot_descriptor *boot_desc);
++static        void    fill_boot_shdr(struct eltorito_sectionheader_entry *boot_shdr_entry, int arch);
+ static        void    fill_boot_desc(struct eltorito_defaultboot_entry *boot_desc_entry,
+                                                                                struct eltorito_boot_entry_info *boot_entry);
+ void  get_boot_entry(void);
+@@ -282,7 +283,14 @@ get_torito_desc(struct eltorito_boot_descriptor *boot_desc)
+        struct directory_entry  *de2;   /* Boot catalog */
+        int                     i;
+        int                     offset;
++      int                     arch = 0;
++      int                     nentries = 0;
+        struct eltorito_defaultboot_entry boot_desc_record;
++      struct eltorito_sectionheader_entry boot_shdr_record;
++#ifdef __needed__
++      struct eltorito_section_entry boot_section_record;
++#endif
++      struct eltorito_sectionheader_entry *last_section_header = 0;
+
+        memset(boot_desc, 0, sizeof (*boot_desc));
+        boot_desc->type[0] = 0;
+@@ -311,13 +319,22 @@ get_torito_desc(struct eltorito_boot_descriptor *boot_desc)
+        set_731(boot_desc->bootcat_ptr,
+                (unsigned int) get_733(de2->isorec.extent));
+
++      /*
++       * If the platform id for the first (default) boot entry has not been
++       * explicitly set, we default to EL_TORITO_ARCH_x86
++       */
++      if ((first_boot_entry->type & ELTORITO_BOOT_ID) == 0) {
++              first_boot_entry->boot_platform = EL_TORITO_ARCH_x86;
++      }
++      arch = first_boot_entry->boot_platform;
++
+        /*
+         * we have the boot image, so write boot catalog information
+         * Next we write out the primary descriptor for the disc
+         */
+        memset(&valid_desc, 0, sizeof (valid_desc));
+        valid_desc.headerid[0] = 1;
+-      valid_desc.arch[0] = EL_TORITO_ARCH_x86;
++      valid_desc.arch[0] = arch;  /* Platform id for the default boot */
+
+        /*
+         * we'll shove start of publisher id into id field,
+@@ -351,8 +368,17 @@ get_torito_desc(struct eltorito_boot_descriptor *boot_desc)
+                current_boot_entry != NULL;
+                current_boot_entry = current_boot_entry->next,
+                offset += sizeof (boot_desc_record)) {
++              int newarch = arch;
+
+-              if (offset >= SECTOR_SIZE) {
++              if (current_boot_entry->type & ELTORITO_BOOT_ID)
++                      newarch = current_boot_entry->boot_platform;
++              else
++                      current_boot_entry->boot_platform = arch;
++
++              /*
++               * El Torito has no such limitation but we currently have...
++               */
++              if (offset >= (SECTOR_SIZE - sizeof (boot_desc_record))) {
+ #ifdef        USE_LIBSCHILY
+                        comerrno(EX_BAD,
+                        "Too many El Torito boot entries\n");
+@@ -362,12 +388,53 @@ get_torito_desc(struct eltorito_boot_descriptor *boot_desc)
+                        exit(1);
+ #endif
+                }
++
++              if (current_boot_entry == first_boot_entry) {
++                      ;
++                      /* EMPTY */
++              } else if ((current_boot_entry == first_boot_entry->next) ||
++                          (arch != newarch) ||
++                          (current_boot_entry->type & ELTORITO_SECTION_HEADER)) {
++                      if (last_section_header)
++                              set_721(&last_section_header->entry_count, nentries);
++                      nentries = 1;
++                      last_section_header = (struct eltorito_sectionheader_entry *)
++                                                      (de2->table + offset);
++                      fill_boot_shdr(&boot_shdr_record, newarch);
++                      memcpy(de2->table + offset, &boot_shdr_record,
++                                              sizeof (boot_shdr_record));
++                      offset += sizeof (boot_desc_record);
++              } else {
++                      nentries++; /* Add entry to this section header */
++              }
++              /*
++               * This works because a section entry has the same essential
++               * layout as a default entry (and we do not populate the
++               * selection criteria fields).
++               */
++
+                fill_boot_desc(&boot_desc_record, current_boot_entry);
+                memcpy(de2->table + offset, &boot_desc_record,
+                                        sizeof (boot_desc_record));
+        }
++
++      if (last_section_header) {
++              set_721(&last_section_header->entry_count, nentries);
++              last_section_header->header_id[0] = EL_TORITO_SHDR_ID_LAST_SHDR;
++      }
++
+ }/* get_torito_desc(... */
+
++static void
++fill_boot_shdr(boot_shdr_entry, arch)
++      struct eltorito_sectionheader_entry *boot_shdr_entry;
++      int                 arch;
++{
++      memset(boot_shdr_entry, 0, sizeof(struct eltorito_sectionheader_entry));
++      boot_shdr_entry->header_id[0] = EL_TORITO_SHDR_ID_SHDR;
++      boot_shdr_entry->platform_id[0] = arch;
++}
++
+ static void
+ fill_boot_desc(struct eltorito_defaultboot_entry *boot_desc_entry,
+                                        struct eltorito_boot_entry_info *boot_entry)
+@@ -678,7 +745,9 @@ get_boot_entry()
+        if (!first_boot_entry) {
+                first_boot_entry = current_boot_entry;
+                last_boot_entry = current_boot_entry;
++              current_boot_entry->boot_platform = EL_TORITO_ARCH_x86;
+        } else {
++              current_boot_entry->boot_platform = last_boot_entry->boot_platform;
+                last_boot_entry->next = current_boot_entry;
+                last_boot_entry = current_boot_entry;
+        }
+diff --git a/genisoimage/genisoimage.c b/genisoimage/genisoimage.c
+index 9089081..84ac3c2 100644
+--- a/genisoimage/genisoimage.c
++++ b/genisoimage/genisoimage.c
+@@ -271,6 +271,8 @@ struct rcopts {
+        char            **variable;
+ };
+
++static int get_boot_platid(char *opt_arg);
++
+ struct rcopts rcopt[] = {
+        {"PREP", &preparer},
+        {"PUBL", &publisher},
+@@ -404,6 +406,7 @@ struct ld_option {
+
+ #define       OPTION_ALLOW_LEADING_DOTS       1070
+ #define       OPTION_PUBLISHER                1071
++#define       OPTION_PLATFORM                 1072
+
+ #ifdef                JIGDO_TEMPLATE
+ #define       OPTION_JTT_OUTPUT               1101
+@@ -528,6 +531,8 @@ static const struct ld_option ld_options[] =
+        'b', "FILE", "Set El Torito boot image name", ONE_DASH},
+        {{"eltorito-alt-boot", no_argument, NULL, OPTION_ALT_BOOT},
+        '\0', NULL, "Start specifying alternative El Torito boot parameters", ONE_DASH},
++      {{"eltorito-platform", required_argument, NULL, OPTION_PLATFORM},
++      '\0', "ID", "Set El Torito platform id for the next boot entry", ONE_DASH},
+        {{"sparc-boot", required_argument, NULL, 'B'},
+        'B', "FILES", "Set sparc boot image names", ONE_DASH},
+        {{"sunx86-boot", required_argument, NULL, OPTION_SUNX86BOOT},
+@@ -1558,6 +1563,9 @@ int main(int argc, char *argv[])
+                         */
+                        new_boot_entry();
+                        break;
++              case OPTION_PLATFORM:
++                      get_boot_platid(optarg);
++                      break;
+                case OPTION_BOOTALPHA:
+                        use_alphaboot++;
+                        /* list of pathnames of boot images */
+@@ -3829,3 +3837,42 @@ e_malloc(size_t size)
+      memset(pt, 0, size);
+        return (pt);
+ }
++
++static int
++get_boot_platid(char *opt_arg)
++{
++      long    val;
++      char    *ptr;
++
++      use_eltorito++;
++      if (streql(opt_arg, "x86")) {
++              val = EL_TORITO_ARCH_x86;
++      } else if (streql(opt_arg, "PPC")) {
++              val = EL_TORITO_ARCH_PPC;
++      } else if (streql(opt_arg, "Mac")) {
++              val = EL_TORITO_ARCH_PPC;
++      } else if (streql(opt_arg, "efi")) {
++              val = EL_TORITO_ARCH_EFI;
++      } else {
++              val = strtol(opt_arg, &ptr, 0);
++              if (*ptr || val < 0 || val >= 0x100) {
++                      comerrno(EX_BAD, "Bad boot system ID.\n");
++              }
++      }
++
++      /*
++       * If there is already a boot entry and the boot file name has been set
++       * for this boot entry and the new platform id differs from the
++       * previous value, we start a new boot section.
++       */
++      if (current_boot_entry &&
++          current_boot_entry->boot_image != NULL &&
++          current_boot_entry->boot_platform != val) {
++          new_boot_entry();
++      }
++      get_boot_entry();
++      current_boot_entry->type |= ELTORITO_BOOT_ID;
++      current_boot_entry->boot_platform = val;
++      return (1);
++}
++
+diff --git a/genisoimage/genisoimage.h b/genisoimage/genisoimage.h
+index 82c859b..1170d89 100644
+--- a/genisoimage/genisoimage.h
++++ b/genisoimage/genisoimage.h
+@@ -299,6 +299,14 @@ struct eltorito_boot_entry_info {
+        int             boot_info_table;
+        int             load_size;
+        int             load_addr;
++
++#define       ELTORITO_BOOT_ID    1
++#define       ELTORITO_SECTION_HEADER 2
++      int     type;
++      /*
++       * Valid if (type & ELTORITO_BOOT_ID) != 0
++       */
++      int     boot_platform;
+ };
+
+ extern int    goof;
+diff --git a/genisoimage/iso9660.h b/genisoimage/iso9660.h
+index c74c2a9..61b6fc0 100644
+--- a/genisoimage/iso9660.h
++++ b/genisoimage/iso9660.h
+@@ -62,6 +62,7 @@ struct iso_volume_descriptor {
+ #define       EL_TORITO_ARCH_x86      0
+ #define       EL_TORITO_ARCH_PPC      1
+ #define       EL_TORITO_ARCH_MAC      2
++#define       EL_TORITO_ARCH_EFI      0xEF
+
+ #define       EL_TORITO_BOOTABLE      0x88
+ #define       EL_TORITO_NOT_BOOTABLE  0
+@@ -159,10 +160,15 @@ struct eltorito_boot_descriptor {
+ };
+
+ /* Validation entry for El Torito */
++/*
++ * headerid must be 1
++ * id is the manufacturer ID
++ * cksum to make the sum of all shorts in this record 0
++ */
+ struct eltorito_validation_entry {
+        char headerid                   [ISODCL(1,    1)]; /* 711 */
+        char arch                       [ISODCL(2,    2)];
+-      char pad1                       [ISODCL(3,    4)]; /* 711 */
++      char pad1                       [ISODCL(3,    4)]; /* 721 */
+        char id                         [ISODCL(5,   28)]; /* CD devel/man*/
+        char cksum                      [ISODCL(29,  30)];
+        char key1                       [ISODCL(31,  31)];
+@@ -173,7 +179,7 @@ struct eltorito_validation_entry {
+ struct eltorito_defaultboot_entry {
+        char boot_id                    [ISODCL(1,    1)]; /* 711 */
+        char boot_media                 [ISODCL(2,    2)];
+-      char loadseg                    [ISODCL(3,    4)]; /* 711 */
++      char loadseg                    [ISODCL(3,    4)]; /* 721 */
+        char sys_type                   [ISODCL(5,    5)];
+        char pad1                       [ISODCL(6,    6)];
+        char nsect                      [ISODCL(7,    8)];
+@@ -181,6 +187,29 @@ struct eltorito_defaultboot_entry {
+        char pad2                       [ISODCL(13,  32)];
+ };
+
++/* El Torito section header entry in boot catalog */
++struct eltorito_sectionheader_entry {
++#define    EL_TORITO_SHDR_ID_SHDR      0x90
++#define    EL_TORITO_SHDR_ID_LAST_SHDR 0x91
++      char header_id          [ISODCL(1,    1)]; /* 711 */
++      char platform_id        [ISODCL(2,    2)];
++      char entry_count        [ISODCL(3,    4)]; /* 721 */
++      char id             [ISODCL(5,   32)];
++};
++
++/* El Torito section entry in boot catalog */
++struct eltorito_section_entry {
++      char boot_id            [ISODCL(1,    1)]; /* 711 */
++      char boot_media         [ISODCL(2,    2)];
++      char loadseg            [ISODCL(3,    4)]; /* 721 */
++      char sys_type           [ISODCL(5,    5)];
++      char pad1           [ISODCL(6,    6)];
++      char nsect          [ISODCL(7,    8)];
++      char bootoff            [ISODCL(9,   12)];
++      char sel_criteria       [ISODCL(13,  13)];
++      char vendor_sel_criteria    [ISODCL(14,  32)];
++};
++
+ /*
+  * XXX JS: The next two structures have odd lengths!
+  * Some compilers (e.g. on Sun3/mc68020) padd the structures to even length.
+--
+2.27.0
+
--
2.27.0

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.


[meta-oe][PATCH V2] cdrkit: add new option -eltorito-platform for genimageiso

hongxu
 

Mkisofs/genimageiso now correctly supports El Torito multi boot entries by
introducing a Boot Dection Header before a list of alternate boot entries.

New option -eltorito-platform allows to set the El Torito platform id
for a boot entry or for a list of boot entries. Supported values for
the parameter are:
- x86 the standard value vor x86 based PCs
- PPC the Power PC platform
- Mac The Apple Mac platform
- efi EFI based boot for PCs
- # an arbitrary numerical value

Port implement from cdrtools:
https://github.com/jobermayr/cdrtools/commit/a50804fd61d75eb689a515dbfca6968ca2296fd7

Signed-off-by: Hongxu Jia <hongxu.jia@...>
---
.../cdrkit/cdrkit_1.1.11.bb | 1 +
...001-add-new-option-eltorito-platform.patch | 335 ++++++++++++++++++
2 files changed, 336 insertions(+)
create mode 100644 meta-oe/recipes-multimedia/cdrkit/files/0001-add-new-option-eltorito-platform.patch

diff --git a/meta-oe/recipes-multimedia/cdrkit/cdrkit_1.1.11.bb b/meta-oe/recipes-multimedia/cdrkit/cdrkit_1.1.11.bb
index dd0405c95..757f99d1f 100644
--- a/meta-oe/recipes-multimedia/cdrkit/cdrkit_1.1.11.bb
+++ b/meta-oe/recipes-multimedia/cdrkit/cdrkit_1.1.11.bb
@@ -11,6 +11,7 @@ SRC_URI = "${DEBIAN_MIRROR}/main/c/${BPN}/${BPN}_${PV}.orig.tar.gz \
file://0001-define-__THROW-to-avoid-build-issue-with-musl.patch \
file://0002-Do-not-use-rcmd-on-build-with-musl.patch \
file://0001-genisoimage-Add-missing-extern-definition.patch \
+ file://0001-add-new-option-eltorito-platform.patch \
"
SRC_URI:append:class-nativesdk = " \
file://0001-install-netscsid-to-bin-for-nativesdk.patch \
diff --git a/meta-oe/recipes-multimedia/cdrkit/files/0001-add-new-option-eltorito-platform.patch b/meta-oe/recipes-multimedia/cdrkit/files/0001-add-new-option-eltorito-platform.patch
new file mode 100644
index 000000000..dac3328a4
--- /dev/null
+++ b/meta-oe/recipes-multimedia/cdrkit/files/0001-add-new-option-eltorito-platform.patch
@@ -0,0 +1,335 @@
+From 5a2d571f3687910260c45841725f2deb84c8f12e Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@...>
+Date: Mon, 25 Apr 2022 18:18:00 +0800
+Subject: [PATCH] add new option -eltorito-platform
+
+Mkisofs now correctly supports El Torito multi boot entries by introducing
+a Boot Dection Header before a list of alternate boot entries.
+
+New option -eltorito-platform allows to set the El Torito platform id
+for a boot entry or for a list of boot entries. Supported values for
+the parameter are:
+- x86 the standard value vor x86 based PCs
+- PPC the Power PC platform
+- Mac The Apple Mac platform
+- efi EFI based boot for PCs
+- # an arbitrary numerical value
+
+Upstream-Status: Inappropriate [port from cdrtools]
+https://github.com/jobermayr/cdrtools/commit/a50804fd61d75eb689a515dbfca6968ca2296fd7
+
+Signed-off-by: Hongxu Jia <hongxu.jia@...>
+---
+ genisoimage/eltorito.c | 73 +++++++++++++++++++++++++++++++++++++--
+ genisoimage/genisoimage.c | 47 +++++++++++++++++++++++++
+ genisoimage/genisoimage.h | 8 +++++
+ genisoimage/iso9660.h | 33 ++++++++++++++++--
+ 4 files changed, 157 insertions(+), 4 deletions(-)
+
+diff --git a/genisoimage/eltorito.c b/genisoimage/eltorito.c
+index d52e17e..a804988 100644
+--- a/genisoimage/eltorito.c
++++ b/genisoimage/eltorito.c
+@@ -56,6 +56,7 @@ static unsigned int bcat_de_flags;
+ void init_boot_catalog(const char *path);
+ void insert_boot_cat(void);
+ static void get_torito_desc(struct eltorito_boot_descriptor *boot_desc);
++static void fill_boot_shdr(struct eltorito_sectionheader_entry *boot_shdr_entry, int arch);
+ static void fill_boot_desc(struct eltorito_defaultboot_entry *boot_desc_entry,
+ struct eltorito_boot_entry_info *boot_entry);
+ void get_boot_entry(void);
+@@ -282,7 +283,14 @@ get_torito_desc(struct eltorito_boot_descriptor *boot_desc)
+ struct directory_entry *de2; /* Boot catalog */
+ int i;
+ int offset;
++ int arch = 0;
++ int nentries = 0;
+ struct eltorito_defaultboot_entry boot_desc_record;
++ struct eltorito_sectionheader_entry boot_shdr_record;
++#ifdef __needed__
++ struct eltorito_section_entry boot_section_record;
++#endif
++ struct eltorito_sectionheader_entry *last_section_header = 0;
+
+ memset(boot_desc, 0, sizeof (*boot_desc));
+ boot_desc->type[0] = 0;
+@@ -311,13 +319,22 @@ get_torito_desc(struct eltorito_boot_descriptor *boot_desc)
+ set_731(boot_desc->bootcat_ptr,
+ (unsigned int) get_733(de2->isorec.extent));
+
++ /*
++ * If the platform id for the first (default) boot entry has not been
++ * explicitly set, we default to EL_TORITO_ARCH_x86
++ */
++ if ((first_boot_entry->type & ELTORITO_BOOT_ID) == 0) {
++ first_boot_entry->boot_platform = EL_TORITO_ARCH_x86;
++ }
++ arch = first_boot_entry->boot_platform;
++
+ /*
+ * we have the boot image, so write boot catalog information
+ * Next we write out the primary descriptor for the disc
+ */
+ memset(&valid_desc, 0, sizeof (valid_desc));
+ valid_desc.headerid[0] = 1;
+- valid_desc.arch[0] = EL_TORITO_ARCH_x86;
++ valid_desc.arch[0] = arch; /* Platform id for the default boot */
+
+ /*
+ * we'll shove start of publisher id into id field,
+@@ -351,8 +368,17 @@ get_torito_desc(struct eltorito_boot_descriptor *boot_desc)
+ current_boot_entry != NULL;
+ current_boot_entry = current_boot_entry->next,
+ offset += sizeof (boot_desc_record)) {
++ int newarch = arch;
+
+- if (offset >= SECTOR_SIZE) {
++ if (current_boot_entry->type & ELTORITO_BOOT_ID)
++ newarch = current_boot_entry->boot_platform;
++ else
++ current_boot_entry->boot_platform = arch;
++
++ /*
++ * El Torito has no such limitation but we currently have...
++ */
++ if (offset >= (SECTOR_SIZE - sizeof (boot_desc_record))) {
+ #ifdef USE_LIBSCHILY
+ comerrno(EX_BAD,
+ "Too many El Torito boot entries\n");
+@@ -362,12 +388,53 @@ get_torito_desc(struct eltorito_boot_descriptor *boot_desc)
+ exit(1);
+ #endif
+ }
++
++ if (current_boot_entry == first_boot_entry) {
++ ;
++ /* EMPTY */
++ } else if ((current_boot_entry == first_boot_entry->next) ||
++ (arch != newarch) ||
++ (current_boot_entry->type & ELTORITO_SECTION_HEADER)) {
++ if (last_section_header)
++ set_721(&last_section_header->entry_count, nentries);
++ nentries = 1;
++ last_section_header = (struct eltorito_sectionheader_entry *)
++ (de2->table + offset);
++ fill_boot_shdr(&boot_shdr_record, newarch);
++ memcpy(de2->table + offset, &boot_shdr_record,
++ sizeof (boot_shdr_record));
++ offset += sizeof (boot_desc_record);
++ } else {
++ nentries++; /* Add entry to this section header */
++ }
++ /*
++ * This works because a section entry has the same essential
++ * layout as a default entry (and we do not populate the
++ * selection criteria fields).
++ */
++
+ fill_boot_desc(&boot_desc_record, current_boot_entry);
+ memcpy(de2->table + offset, &boot_desc_record,
+ sizeof (boot_desc_record));
+ }
++
++ if (last_section_header) {
++ set_721(&last_section_header->entry_count, nentries);
++ last_section_header->header_id[0] = EL_TORITO_SHDR_ID_LAST_SHDR;
++ }
++
+ }/* get_torito_desc(... */
+
++static void
++fill_boot_shdr(boot_shdr_entry, arch)
++ struct eltorito_sectionheader_entry *boot_shdr_entry;
++ int arch;
++{
++ memset(boot_shdr_entry, 0, sizeof(struct eltorito_sectionheader_entry));
++ boot_shdr_entry->header_id[0] = EL_TORITO_SHDR_ID_SHDR;
++ boot_shdr_entry->platform_id[0] = arch;
++}
++
+ static void
+ fill_boot_desc(struct eltorito_defaultboot_entry *boot_desc_entry,
+ struct eltorito_boot_entry_info *boot_entry)
+@@ -678,7 +745,9 @@ get_boot_entry()
+ if (!first_boot_entry) {
+ first_boot_entry = current_boot_entry;
+ last_boot_entry = current_boot_entry;
++ current_boot_entry->boot_platform = EL_TORITO_ARCH_x86;
+ } else {
++ current_boot_entry->boot_platform = last_boot_entry->boot_platform;
+ last_boot_entry->next = current_boot_entry;
+ last_boot_entry = current_boot_entry;
+ }
+diff --git a/genisoimage/genisoimage.c b/genisoimage/genisoimage.c
+index 9089081..84ac3c2 100644
+--- a/genisoimage/genisoimage.c
++++ b/genisoimage/genisoimage.c
+@@ -271,6 +271,8 @@ struct rcopts {
+ char **variable;
+ };
+
++static int get_boot_platid(char *opt_arg);
++
+ struct rcopts rcopt[] = {
+ {"PREP", &preparer},
+ {"PUBL", &publisher},
+@@ -404,6 +406,7 @@ struct ld_option {
+
+ #define OPTION_ALLOW_LEADING_DOTS 1070
+ #define OPTION_PUBLISHER 1071
++#define OPTION_PLATFORM 1072
+
+ #ifdef JIGDO_TEMPLATE
+ #define OPTION_JTT_OUTPUT 1101
+@@ -528,6 +531,8 @@ static const struct ld_option ld_options[] =
+ 'b', "FILE", "Set El Torito boot image name", ONE_DASH},
+ {{"eltorito-alt-boot", no_argument, NULL, OPTION_ALT_BOOT},
+ '\0', NULL, "Start specifying alternative El Torito boot parameters", ONE_DASH},
++ {{"eltorito-platform", required_argument, NULL, OPTION_PLATFORM},
++ '\0', "ID", "Set El Torito platform id for the next boot entry", ONE_DASH},
+ {{"sparc-boot", required_argument, NULL, 'B'},
+ 'B', "FILES", "Set sparc boot image names", ONE_DASH},
+ {{"sunx86-boot", required_argument, NULL, OPTION_SUNX86BOOT},
+@@ -1558,6 +1563,9 @@ int main(int argc, char *argv[])
+ */
+ new_boot_entry();
+ break;
++ case OPTION_PLATFORM:
++ get_boot_platid(optarg);
++ break;
+ case OPTION_BOOTALPHA:
+ use_alphaboot++;
+ /* list of pathnames of boot images */
+@@ -3829,3 +3837,42 @@ e_malloc(size_t size)
+ memset(pt, 0, size);
+ return (pt);
+ }
++
++static int
++get_boot_platid(char *opt_arg)
++{
++ long val;
++ char *ptr;
++
++ use_eltorito++;
++ if (streql(opt_arg, "x86")) {
++ val = EL_TORITO_ARCH_x86;
++ } else if (streql(opt_arg, "PPC")) {
++ val = EL_TORITO_ARCH_PPC;
++ } else if (streql(opt_arg, "Mac")) {
++ val = EL_TORITO_ARCH_PPC;
++ } else if (streql(opt_arg, "efi")) {
++ val = EL_TORITO_ARCH_EFI;
++ } else {
++ val = strtol(opt_arg, &ptr, 0);
++ if (*ptr || val < 0 || val >= 0x100) {
++ comerrno(EX_BAD, "Bad boot system ID.\n");
++ }
++ }
++
++ /*
++ * If there is already a boot entry and the boot file name has been set
++ * for this boot entry and the new platform id differs from the
++ * previous value, we start a new boot section.
++ */
++ if (current_boot_entry &&
++ current_boot_entry->boot_image != NULL &&
++ current_boot_entry->boot_platform != val) {
++ new_boot_entry();
++ }
++ get_boot_entry();
++ current_boot_entry->type |= ELTORITO_BOOT_ID;
++ current_boot_entry->boot_platform = val;
++ return (1);
++}
++
+diff --git a/genisoimage/genisoimage.h b/genisoimage/genisoimage.h
+index 82c859b..1170d89 100644
+--- a/genisoimage/genisoimage.h
++++ b/genisoimage/genisoimage.h
+@@ -299,6 +299,14 @@ struct eltorito_boot_entry_info {
+ int boot_info_table;
+ int load_size;
+ int load_addr;
++
++#define ELTORITO_BOOT_ID 1
++#define ELTORITO_SECTION_HEADER 2
++ int type;
++ /*
++ * Valid if (type & ELTORITO_BOOT_ID) != 0
++ */
++ int boot_platform;
+ };
+
+ extern int goof;
+diff --git a/genisoimage/iso9660.h b/genisoimage/iso9660.h
+index c74c2a9..61b6fc0 100644
+--- a/genisoimage/iso9660.h
++++ b/genisoimage/iso9660.h
+@@ -62,6 +62,7 @@ struct iso_volume_descriptor {
+ #define EL_TORITO_ARCH_x86 0
+ #define EL_TORITO_ARCH_PPC 1
+ #define EL_TORITO_ARCH_MAC 2
++#define EL_TORITO_ARCH_EFI 0xEF
+
+ #define EL_TORITO_BOOTABLE 0x88
+ #define EL_TORITO_NOT_BOOTABLE 0
+@@ -159,10 +160,15 @@ struct eltorito_boot_descriptor {
+ };
+
+ /* Validation entry for El Torito */
++/*
++ * headerid must be 1
++ * id is the manufacturer ID
++ * cksum to make the sum of all shorts in this record 0
++ */
+ struct eltorito_validation_entry {
+ char headerid [ISODCL(1, 1)]; /* 711 */
+ char arch [ISODCL(2, 2)];
+- char pad1 [ISODCL(3, 4)]; /* 711 */
++ char pad1 [ISODCL(3, 4)]; /* 721 */
+ char id [ISODCL(5, 28)]; /* CD devel/man*/
+ char cksum [ISODCL(29, 30)];
+ char key1 [ISODCL(31, 31)];
+@@ -173,7 +179,7 @@ struct eltorito_validation_entry {
+ struct eltorito_defaultboot_entry {
+ char boot_id [ISODCL(1, 1)]; /* 711 */
+ char boot_media [ISODCL(2, 2)];
+- char loadseg [ISODCL(3, 4)]; /* 711 */
++ char loadseg [ISODCL(3, 4)]; /* 721 */
+ char sys_type [ISODCL(5, 5)];
+ char pad1 [ISODCL(6, 6)];
+ char nsect [ISODCL(7, 8)];
+@@ -181,6 +187,29 @@ struct eltorito_defaultboot_entry {
+ char pad2 [ISODCL(13, 32)];
+ };
+
++/* El Torito section header entry in boot catalog */
++struct eltorito_sectionheader_entry {
++#define EL_TORITO_SHDR_ID_SHDR 0x90
++#define EL_TORITO_SHDR_ID_LAST_SHDR 0x91
++ char header_id [ISODCL(1, 1)]; /* 711 */
++ char platform_id [ISODCL(2, 2)];
++ char entry_count [ISODCL(3, 4)]; /* 721 */
++ char id [ISODCL(5, 32)];
++};
++
++/* El Torito section entry in boot catalog */
++struct eltorito_section_entry {
++ char boot_id [ISODCL(1, 1)]; /* 711 */
++ char boot_media [ISODCL(2, 2)];
++ char loadseg [ISODCL(3, 4)]; /* 721 */
++ char sys_type [ISODCL(5, 5)];
++ char pad1 [ISODCL(6, 6)];
++ char nsect [ISODCL(7, 8)];
++ char bootoff [ISODCL(9, 12)];
++ char sel_criteria [ISODCL(13, 13)];
++ char vendor_sel_criteria [ISODCL(14, 32)];
++};
++
+ /*
+ * XXX JS: The next two structures have odd lengths!
+ * Some compilers (e.g. on Sun3/mc68020) padd the structures to even length.
+--
+2.27.0
+
--
2.27.0


Re: [meta-oe][PATCH] cdrkit: add new option -eltorito-platform for genimageiso

hongxu
 


Got it, I will fix it, v2 incoming


//Hongxu



From: Khem Raj <raj.khem@...>
Sent: Tuesday, April 26, 2022 1:47 PM
To: Jia, Hongxu <Hongxu.Jia@...>
Cc: openembeded-devel <openembedded-devel@...>
Subject: Re: [meta-oe][PATCH] cdrkit: add new option -eltorito-platform for genimageiso
 
[Please note: This e-mail is from an EXTERNAL e-mail address]

fails to build on clang/mips

https://errors.yoctoproject.org/Errors/Details/655476/

On Mon, Apr 25, 2022 at 8:17 PM Hongxu Jia <hongxu.jia@...> wrote:
>
> Mkisofs/genimageiso now correctly supports El Torito multi boot entries by
> introducing a Boot Dection Header before a list of alternate boot entries.
>
> New option -eltorito-platform allows to set the El Torito platform id
> for a boot entry or for a list of boot entries. Supported values for
> the parameter are:
> -   x86 the standard value vor x86 based PCs
> -   PPC the Power PC platform
> -   Mac The Apple Mac platform
> -   efi EFI based boot for PCs
> -   #   an arbitrary numerical value
>
> Port implement from cdrtools:
> https://github.com/jobermayr/cdrtools/commit/a50804fd61d75eb689a515dbfca6968ca2296fd7
>
> Signed-off-by: Hongxu Jia <hongxu.jia@...>
> ---
>  .../cdrkit/cdrkit_1.1.11.bb                   |   1 +
>  ...001-add-new-option-eltorito-platform.patch | 336 ++++++++++++++++++
>  2 files changed, 337 insertions(+)
>  create mode 100644 meta-oe/recipes-multimedia/cdrkit/files/0001-add-new-option-eltorito-platform.patch
>
> diff --git a/meta-oe/recipes-multimedia/cdrkit/cdrkit_1.1.11.bb b/meta-oe/recipes-multimedia/cdrkit/cdrkit_1.1.11.bb
> index dd0405c95..757f99d1f 100644
> --- a/meta-oe/recipes-multimedia/cdrkit/cdrkit_1.1.11.bb
> +++ b/meta-oe/recipes-multimedia/cdrkit/cdrkit_1.1.11.bb
> @@ -11,6 +11,7 @@ SRC_URI = "${DEBIAN_MIRROR}/main/c/${BPN}/${BPN}_${PV}.orig.tar.gz \
>             file://0001-define-__THROW-to-avoid-build-issue-with-musl.patch \
>             file://0002-Do-not-use-rcmd-on-build-with-musl.patch \
>             file://0001-genisoimage-Add-missing-extern-definition.patch \
> +           file://0001-add-new-option-eltorito-platform.patch \
>             "
>  SRC_URI:append:class-nativesdk = " \
>             file://0001-install-netscsid-to-bin-for-nativesdk.patch \
> diff --git a/meta-oe/recipes-multimedia/cdrkit/files/0001-add-new-option-eltorito-platform.patch b/meta-oe/recipes-multimedia/cdrkit/files/0001-add-new-option-eltorito-platform.patch
> new file mode 100644
> index 000000000..c0b0364bb
> --- /dev/null
> +++ b/meta-oe/recipes-multimedia/cdrkit/files/0001-add-new-option-eltorito-platform.patch
> @@ -0,0 +1,336 @@
> +From 34de1b83f8000d95a10afcfdb7ec814cd75b12b2 Mon Sep 17 00:00:00 2001
> +From: Hongxu Jia <hongxu.jia@...>
> +Date: Mon, 25 Apr 2022 18:18:00 +0800
> +Subject: [PATCH] add new option -eltorito-platform
> +
> +Mkisofs now correctly supports El Torito multi boot entries by introducing
> +a Boot Dection Header before a list of alternate boot entries.
> +
> +New option -eltorito-platform allows to set the El Torito platform id
> +for a boot entry or for a list of boot entries. Supported values for
> +the parameter are:
> +-   x86 the standard value vor x86 based PCs
> +-   PPC the Power PC platform
> +-   Mac The Apple Mac platform
> +-   efi EFI based boot for PCs
> +-   #   an arbitrary numerical value
> +
> +Upstream-Status: Inappropriate [port from cdrtools]
> +https://github.com/jobermayr/cdrtools/commit/a50804fd61d75eb689a515dbfca6968ca2296fd7
> +
> +Signed-off-by: Hongxu Jia <hongxu.jia@...>
> +---
> + genisoimage/eltorito.c    | 73 +++++++++++++++++++++++++++++++++++++--
> + genisoimage/genisoimage.c | 48 +++++++++++++++++++++++++
> + genisoimage/genisoimage.h |  8 +++++
> + genisoimage/iso9660.h     | 33 ++++++++++++++++--
> + 4 files changed, 158 insertions(+), 4 deletions(-)
> +
> +diff --git a/genisoimage/eltorito.c b/genisoimage/eltorito.c
> +index d52e17e..a804988 100644
> +--- a/genisoimage/eltorito.c
> ++++ b/genisoimage/eltorito.c
> +@@ -56,6 +56,7 @@ static unsigned int bcat_de_flags;
> + void  init_boot_catalog(const char *path);
> + void  insert_boot_cat(void);
> + static        void    get_torito_desc(struct eltorito_boot_descriptor *boot_desc);
> ++static        void    fill_boot_shdr(struct eltorito_sectionheader_entry *boot_shdr_entry, int arch);
> + static        void    fill_boot_desc(struct eltorito_defaultboot_entry *boot_desc_entry,
> +                                                                               struct eltorito_boot_entry_info *boot_entry);
> + void  get_boot_entry(void);
> +@@ -282,7 +283,14 @@ get_torito_desc(struct eltorito_boot_descriptor *boot_desc)
> +       struct directory_entry  *de2;   /* Boot catalog */
> +       int                     i;
> +       int                     offset;
> ++      int                     arch = 0;
> ++      int                     nentries = 0;
> +       struct eltorito_defaultboot_entry boot_desc_record;
> ++      struct eltorito_sectionheader_entry boot_shdr_record;
> ++#ifdef __needed__
> ++      struct eltorito_section_entry boot_section_record;
> ++#endif
> ++      struct eltorito_sectionheader_entry *last_section_header = 0;
> +
> +       memset(boot_desc, 0, sizeof (*boot_desc));
> +       boot_desc->type[0] = 0;
> +@@ -311,13 +319,22 @@ get_torito_desc(struct eltorito_boot_descriptor *boot_desc)
> +       set_731(boot_desc->bootcat_ptr,
> +               (unsigned int) get_733(de2->isorec.extent));
> +
> ++      /*
> ++       * If the platform id for the first (default) boot entry has not been
> ++       * explicitly set, we default to EL_TORITO_ARCH_x86
> ++       */
> ++      if ((first_boot_entry->type & ELTORITO_BOOT_ID) == 0) {
> ++              first_boot_entry->boot_platform = EL_TORITO_ARCH_x86;
> ++      }
> ++      arch = first_boot_entry->boot_platform;
> ++
> +       /*
> +        * we have the boot image, so write boot catalog information
> +        * Next we write out the primary descriptor for the disc
> +        */
> +       memset(&valid_desc, 0, sizeof (valid_desc));
> +       valid_desc.headerid[0] = 1;
> +-      valid_desc.arch[0] = EL_TORITO_ARCH_x86;
> ++      valid_desc.arch[0] = arch;  /* Platform id for the default boot */
> +
> +       /*
> +        * we'll shove start of publisher id into id field,
> +@@ -351,8 +368,17 @@ get_torito_desc(struct eltorito_boot_descriptor *boot_desc)
> +               current_boot_entry != NULL;
> +               current_boot_entry = current_boot_entry->next,
> +               offset += sizeof (boot_desc_record)) {
> ++              int newarch = arch;
> +
> +-              if (offset >= SECTOR_SIZE) {
> ++              if (current_boot_entry->type & ELTORITO_BOOT_ID)
> ++                      newarch = current_boot_entry->boot_platform;
> ++              else
> ++                      current_boot_entry->boot_platform = arch;
> ++
> ++              /*
> ++               * El Torito has no such limitation but we currently have...
> ++               */
> ++              if (offset >= (SECTOR_SIZE - sizeof (boot_desc_record))) {
> + #ifdef        USE_LIBSCHILY
> +                       comerrno(EX_BAD,
> +                       "Too many El Torito boot entries\n");
> +@@ -362,12 +388,53 @@ get_torito_desc(struct eltorito_boot_descriptor *boot_desc)
> +                       exit(1);
> + #endif
> +               }
> ++
> ++              if (current_boot_entry == first_boot_entry) {
> ++                      ;
> ++                      /* EMPTY */
> ++              } else if ((current_boot_entry == first_boot_entry->next) ||
> ++                          (arch != newarch) ||
> ++                          (current_boot_entry->type & ELTORITO_SECTION_HEADER)) {
> ++                      if (last_section_header)
> ++                              set_721(&last_section_header->entry_count, nentries);
> ++                      nentries = 1;
> ++                      last_section_header = (struct eltorito_sectionheader_entry *)
> ++                                                      (de2->table + offset);
> ++                      fill_boot_shdr(&boot_shdr_record, newarch);
> ++                      memcpy(de2->table + offset, &boot_shdr_record,
> ++                                              sizeof (boot_shdr_record));
> ++                      offset += sizeof (boot_desc_record);
> ++              } else {
> ++                      nentries++; /* Add entry to this section header */
> ++              }
> ++              /*
> ++               * This works because a section entry has the same essential
> ++               * layout as a default entry (and we do not populate the
> ++               * selection criteria fields).
> ++               */
> ++
> +               fill_boot_desc(&boot_desc_record, current_boot_entry);
> +               memcpy(de2->table + offset, &boot_desc_record,
> +                                       sizeof (boot_desc_record));
> +       }
> ++
> ++      if (last_section_header) {
> ++              set_721(&last_section_header->entry_count, nentries);
> ++              last_section_header->header_id[0] = EL_TORITO_SHDR_ID_LAST_SHDR;
> ++      }
> ++
> + }/* get_torito_desc(... */
> +
> ++static void
> ++fill_boot_shdr(boot_shdr_entry, arch)
> ++      struct eltorito_sectionheader_entry *boot_shdr_entry;
> ++      int                 arch;
> ++{
> ++      memset(boot_shdr_entry, 0, sizeof(struct eltorito_sectionheader_entry));
> ++      boot_shdr_entry->header_id[0] = EL_TORITO_SHDR_ID_SHDR;
> ++      boot_shdr_entry->platform_id[0] = arch;
> ++}
> ++
> + static void
> + fill_boot_desc(struct eltorito_defaultboot_entry *boot_desc_entry,
> +                                       struct eltorito_boot_entry_info *boot_entry)
> +@@ -678,7 +745,9 @@ get_boot_entry()
> +       if (!first_boot_entry) {
> +               first_boot_entry = current_boot_entry;
> +               last_boot_entry = current_boot_entry;
> ++              current_boot_entry->boot_platform = EL_TORITO_ARCH_x86;
> +       } else {
> ++              current_boot_entry->boot_platform = last_boot_entry->boot_platform;
> +               last_boot_entry->next = current_boot_entry;
> +               last_boot_entry = current_boot_entry;
> +       }
> +diff --git a/genisoimage/genisoimage.c b/genisoimage/genisoimage.c
> +index 46f0cb7..bfa920e 100644
> +--- a/genisoimage/genisoimage.c
> ++++ b/genisoimage/genisoimage.c
> +@@ -271,6 +271,8 @@ struct rcopts {
> +       char            **variable;
> + };
> +
> ++static int get_boot_platid(opt_arg);
> ++
> + struct rcopts rcopt[] = {
> +       {"PREP", &preparer},
> +       {"PUBL", &publisher},
> +@@ -404,6 +406,7 @@ struct ld_option {
> +
> + #define       OPTION_ALLOW_LEADING_DOTS       1070
> + #define       OPTION_PUBLISHER                1071
> ++#define       OPTION_PLATFORM                 1072
> +
> + #ifdef                JIGDO_TEMPLATE
> + #define       OPTION_JTT_OUTPUT               1101
> +@@ -528,6 +531,8 @@ static const struct ld_option ld_options[] =
> +       'b', "FILE", "Set El Torito boot image name", ONE_DASH},
> +       {{"eltorito-alt-boot", no_argument, NULL, OPTION_ALT_BOOT},
> +       '\0', NULL, "Start specifying alternative El Torito boot parameters", ONE_DASH},
> ++      {{"eltorito-platform", required_argument, NULL, OPTION_PLATFORM},
> ++      '\0', "ID", "Set El Torito platform id for the next boot entry", ONE_DASH},
> +       {{"sparc-boot", required_argument, NULL, 'B'},
> +       'B', "FILES", "Set sparc boot image names", ONE_DASH},
> +       {{"sunx86-boot", required_argument, NULL, OPTION_SUNX86BOOT},
> +@@ -1558,6 +1563,9 @@ int main(int argc, char *argv[])
> +                        */
> +                       new_boot_entry();
> +                       break;
> ++              case OPTION_PLATFORM:
> ++                      get_boot_platid(optarg);
> ++                      break;
> +               case OPTION_BOOTALPHA:
> +                       use_alphaboot++;
> +                       /* list of pathnames of boot images */
> +@@ -3829,3 +3837,43 @@ e_malloc(size_t size)
> +      memset(pt, 0, size);
> +       return (pt);
> + }
> ++
> ++static int
> ++get_boot_platid(opt_arg)
> ++      char    *opt_arg;
> ++{
> ++      long    val;
> ++      char    *ptr;
> ++
> ++      use_eltorito++;
> ++      if (streql(opt_arg, "x86")) {
> ++              val = EL_TORITO_ARCH_x86;
> ++      } else if (streql(opt_arg, "PPC")) {
> ++              val = EL_TORITO_ARCH_PPC;
> ++      } else if (streql(opt_arg, "Mac")) {
> ++              val = EL_TORITO_ARCH_PPC;
> ++      } else if (streql(opt_arg, "efi")) {
> ++              val = EL_TORITO_ARCH_EFI;
> ++      } else {
> ++              val = strtol(opt_arg, &ptr, 0);
> ++              if (*ptr || val < 0 || val >= 0x100) {
> ++                      comerrno(EX_BAD, "Bad boot system ID.\n");
> ++              }
> ++      }
> ++
> ++      /*
> ++       * If there is already a boot entry and the boot file name has been set
> ++       * for this boot entry and the new platform id differs from the
> ++       * previous value, we start a new boot section.
> ++       */
> ++      if (current_boot_entry &&
> ++          current_boot_entry->boot_image != NULL &&
> ++          current_boot_entry->boot_platform != val) {
> ++          new_boot_entry();
> ++      }
> ++      get_boot_entry();
> ++      current_boot_entry->type |= ELTORITO_BOOT_ID;
> ++      current_boot_entry->boot_platform = val;
> ++      return (1);
> ++}
> ++
> +diff --git a/genisoimage/genisoimage.h b/genisoimage/genisoimage.h
> +index bbedfb0..4dae1e8 100644
> +--- a/genisoimage/genisoimage.h
> ++++ b/genisoimage/genisoimage.h
> +@@ -299,6 +299,14 @@ struct eltorito_boot_entry_info {
> +       int             boot_info_table;
> +       int             load_size;
> +       int             load_addr;
> ++
> ++#define       ELTORITO_BOOT_ID    1
> ++#define       ELTORITO_SECTION_HEADER 2
> ++      int     type;
> ++      /*
> ++       * Valid if (type & ELTORITO_BOOT_ID) != 0
> ++       */
> ++      int     boot_platform;
> + };
> +
> + extern int    goof;
> +diff --git a/genisoimage/iso9660.h b/genisoimage/iso9660.h
> +index c74c2a9..61b6fc0 100644
> +--- a/genisoimage/iso9660.h
> ++++ b/genisoimage/iso9660.h
> +@@ -62,6 +62,7 @@ struct iso_volume_descriptor {
> + #define       EL_TORITO_ARCH_x86      0
> + #define       EL_TORITO_ARCH_PPC      1
> + #define       EL_TORITO_ARCH_MAC      2
> ++#define       EL_TORITO_ARCH_EFI      0xEF
> +
> + #define       EL_TORITO_BOOTABLE      0x88
> + #define       EL_TORITO_NOT_BOOTABLE  0
> +@@ -159,10 +160,15 @@ struct eltorito_boot_descriptor {
> + };
> +
> + /* Validation entry for El Torito */
> ++/*
> ++ * headerid must be 1
> ++ * id is the manufacturer ID
> ++ * cksum to make the sum of all shorts in this record 0
> ++ */
> + struct eltorito_validation_entry {
> +       char headerid                   [ISODCL(1,    1)]; /* 711 */
> +       char arch                       [ISODCL(2,    2)];
> +-      char pad1                       [ISODCL(3,    4)]; /* 711 */
> ++      char pad1                       [ISODCL(3,    4)]; /* 721 */
> +       char id                         [ISODCL(5,   28)]; /* CD devel/man*/
> +       char cksum                      [ISODCL(29,  30)];
> +       char key1                       [ISODCL(31,  31)];
> +@@ -173,7 +179,7 @@ struct eltorito_validation_entry {
> + struct eltorito_defaultboot_entry {
> +       char boot_id                    [ISODCL(1,    1)]; /* 711 */
> +       char boot_media                 [ISODCL(2,    2)];
> +-      char loadseg                    [ISODCL(3,    4)]; /* 711 */
> ++      char loadseg                    [ISODCL(3,    4)]; /* 721 */
> +       char sys_type                   [ISODCL(5,    5)];
> +       char pad1                       [ISODCL(6,    6)];
> +       char nsect                      [ISODCL(7,    8)];
> +@@ -181,6 +187,29 @@ struct eltorito_defaultboot_entry {
> +       char pad2                       [ISODCL(13,  32)];
> + };
> +
> ++/* El Torito section header entry in boot catalog */
> ++struct eltorito_sectionheader_entry {
> ++#define    EL_TORITO_SHDR_ID_SHDR      0x90
> ++#define    EL_TORITO_SHDR_ID_LAST_SHDR 0x91
> ++      char header_id          [ISODCL(1,    1)]; /* 711 */
> ++      char platform_id        [ISODCL(2,    2)];
> ++      char entry_count        [ISODCL(3,    4)]; /* 721 */
> ++      char id             [ISODCL(5,   32)];
> ++};
> ++
> ++/* El Torito section entry in boot catalog */
> ++struct eltorito_section_entry {
> ++      char boot_id            [ISODCL(1,    1)]; /* 711 */
> ++      char boot_media         [ISODCL(2,    2)];
> ++      char loadseg            [ISODCL(3,    4)]; /* 721 */
> ++      char sys_type           [ISODCL(5,    5)];
> ++      char pad1           [ISODCL(6,    6)];
> ++      char nsect          [ISODCL(7,    8)];
> ++      char bootoff            [ISODCL(9,   12)];
> ++      char sel_criteria       [ISODCL(13,  13)];
> ++      char vendor_sel_criteria    [ISODCL(14,  32)];
> ++};
> ++
> + /*
> +  * XXX JS: The next two structures have odd lengths!
> +  * Some compilers (e.g. on Sun3/mc68020) padd the structures to even length.
> +--
> +2.27.0
> +
> --
> 2.27.0
>


Re: [meta-networking][PATCH] frr: add PACKAGECONFIG for fpm

Khem Raj
 

I am seeing

https://autobuilder.yoctoproject.org/typhoon/#/builders/88/builds/1681

This could be an intermittent failure due to build time race or
related to this change perhaps, I have seen this before too. Can you
look into it ?

On Sun, Apr 24, 2022 at 11:30 PM Yi Zhao <yi.zhao@...> wrote:

The Forwarding Plane Manager support is optional, make it as
PACKAGECONFIG.

Signed-off-by: Yi Zhao <yi.zhao@...>
---
meta-networking/recipes-protocols/frr/frr/frr.pam | 2 +-
meta-networking/recipes-protocols/frr/frr_8.2.2.bb | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta-networking/recipes-protocols/frr/frr/frr.pam b/meta-networking/recipes-protocols/frr/frr/frr.pam
index 3541a975a..83c403c2b 100644
--- a/meta-networking/recipes-protocols/frr/frr/frr.pam
+++ b/meta-networking/recipes-protocols/frr/frr/frr.pam
@@ -1,5 +1,5 @@
#
-# The PAM configuration file for the quagga `vtysh' service
+# The PAM configuration file for the frr `vtysh' service
#

# This allows root to change user infomation without being
diff --git a/meta-networking/recipes-protocols/frr/frr_8.2.2.bb b/meta-networking/recipes-protocols/frr/frr_8.2.2.bb
index 91e306f08..b6e180e2c 100644
--- a/meta-networking/recipes-protocols/frr/frr_8.2.2.bb
+++ b/meta-networking/recipes-protocols/frr/frr_8.2.2.bb
@@ -36,6 +36,7 @@ RDEPENDS:${PN}:class-target = "iproute2 python3-core bash"
PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}"
PACKAGECONFIG:class-native = ""

+PACKAGECONFIG[fpm] = "--enable-fpm,--disable-fpm"
PACKAGECONFIG[pam] = "--with-libpam,--without-libpam,libpam"
PACKAGECONFIG[grpc] = "--enable-grpc,--disable-grpc,grpc-native grpc"
PACKAGECONFIG[snmp] = "--enable-snmp,--disable-snmp,net-snmp"
@@ -52,7 +53,6 @@ EXTRA_OECONF:class-target = "--sbindir=${libdir}/frr \
--sysconfdir=${sysconfdir}/frr \
--localstatedir=${localstatedir}/run/frr \
--enable-vtysh \
- --enable-fpm \
--enable-multipath=64 \
--enable-user=frr \
--enable-group=frr \
--
2.25.1




Re: [meta-oe][PATCH] cdrkit: add new option -eltorito-platform for genimageiso

Khem Raj
 

On Mon, Apr 25, 2022 at 8:17 PM Hongxu Jia <hongxu.jia@...> wrote:

Mkisofs/genimageiso now correctly supports El Torito multi boot entries by
introducing a Boot Dection Header before a list of alternate boot entries.

New option -eltorito-platform allows to set the El Torito platform id
for a boot entry or for a list of boot entries. Supported values for
the parameter are:
- x86 the standard value vor x86 based PCs
- PPC the Power PC platform
- Mac The Apple Mac platform
- efi EFI based boot for PCs
- # an arbitrary numerical value

Port implement from cdrtools:
https://github.com/jobermayr/cdrtools/commit/a50804fd61d75eb689a515dbfca6968ca2296fd7

Signed-off-by: Hongxu Jia <hongxu.jia@...>
---
.../cdrkit/cdrkit_1.1.11.bb | 1 +
...001-add-new-option-eltorito-platform.patch | 336 ++++++++++++++++++
2 files changed, 337 insertions(+)
create mode 100644 meta-oe/recipes-multimedia/cdrkit/files/0001-add-new-option-eltorito-platform.patch

diff --git a/meta-oe/recipes-multimedia/cdrkit/cdrkit_1.1.11.bb b/meta-oe/recipes-multimedia/cdrkit/cdrkit_1.1.11.bb
index dd0405c95..757f99d1f 100644
--- a/meta-oe/recipes-multimedia/cdrkit/cdrkit_1.1.11.bb
+++ b/meta-oe/recipes-multimedia/cdrkit/cdrkit_1.1.11.bb
@@ -11,6 +11,7 @@ SRC_URI = "${DEBIAN_MIRROR}/main/c/${BPN}/${BPN}_${PV}.orig.tar.gz \
file://0001-define-__THROW-to-avoid-build-issue-with-musl.patch \
file://0002-Do-not-use-rcmd-on-build-with-musl.patch \
file://0001-genisoimage-Add-missing-extern-definition.patch \
+ file://0001-add-new-option-eltorito-platform.patch \
"
SRC_URI:append:class-nativesdk = " \
file://0001-install-netscsid-to-bin-for-nativesdk.patch \
diff --git a/meta-oe/recipes-multimedia/cdrkit/files/0001-add-new-option-eltorito-platform.patch b/meta-oe/recipes-multimedia/cdrkit/files/0001-add-new-option-eltorito-platform.patch
new file mode 100644
index 000000000..c0b0364bb
--- /dev/null
+++ b/meta-oe/recipes-multimedia/cdrkit/files/0001-add-new-option-eltorito-platform.patch
@@ -0,0 +1,336 @@
+From 34de1b83f8000d95a10afcfdb7ec814cd75b12b2 Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@...>
+Date: Mon, 25 Apr 2022 18:18:00 +0800
+Subject: [PATCH] add new option -eltorito-platform
+
+Mkisofs now correctly supports El Torito multi boot entries by introducing
+a Boot Dection Header before a list of alternate boot entries.
+
+New option -eltorito-platform allows to set the El Torito platform id
+for a boot entry or for a list of boot entries. Supported values for
+the parameter are:
+- x86 the standard value vor x86 based PCs
+- PPC the Power PC platform
+- Mac The Apple Mac platform
+- efi EFI based boot for PCs
+- # an arbitrary numerical value
+
+Upstream-Status: Inappropriate [port from cdrtools]
+https://github.com/jobermayr/cdrtools/commit/a50804fd61d75eb689a515dbfca6968ca2296fd7
+
+Signed-off-by: Hongxu Jia <hongxu.jia@...>
+---
+ genisoimage/eltorito.c | 73 +++++++++++++++++++++++++++++++++++++--
+ genisoimage/genisoimage.c | 48 +++++++++++++++++++++++++
+ genisoimage/genisoimage.h | 8 +++++
+ genisoimage/iso9660.h | 33 ++++++++++++++++--
+ 4 files changed, 158 insertions(+), 4 deletions(-)
+
+diff --git a/genisoimage/eltorito.c b/genisoimage/eltorito.c
+index d52e17e..a804988 100644
+--- a/genisoimage/eltorito.c
++++ b/genisoimage/eltorito.c
+@@ -56,6 +56,7 @@ static unsigned int bcat_de_flags;
+ void init_boot_catalog(const char *path);
+ void insert_boot_cat(void);
+ static void get_torito_desc(struct eltorito_boot_descriptor *boot_desc);
++static void fill_boot_shdr(struct eltorito_sectionheader_entry *boot_shdr_entry, int arch);
+ static void fill_boot_desc(struct eltorito_defaultboot_entry *boot_desc_entry,
+ struct eltorito_boot_entry_info *boot_entry);
+ void get_boot_entry(void);
+@@ -282,7 +283,14 @@ get_torito_desc(struct eltorito_boot_descriptor *boot_desc)
+ struct directory_entry *de2; /* Boot catalog */
+ int i;
+ int offset;
++ int arch = 0;
++ int nentries = 0;
+ struct eltorito_defaultboot_entry boot_desc_record;
++ struct eltorito_sectionheader_entry boot_shdr_record;
++#ifdef __needed__
++ struct eltorito_section_entry boot_section_record;
++#endif
++ struct eltorito_sectionheader_entry *last_section_header = 0;
+
+ memset(boot_desc, 0, sizeof (*boot_desc));
+ boot_desc->type[0] = 0;
+@@ -311,13 +319,22 @@ get_torito_desc(struct eltorito_boot_descriptor *boot_desc)
+ set_731(boot_desc->bootcat_ptr,
+ (unsigned int) get_733(de2->isorec.extent));
+
++ /*
++ * If the platform id for the first (default) boot entry has not been
++ * explicitly set, we default to EL_TORITO_ARCH_x86
++ */
++ if ((first_boot_entry->type & ELTORITO_BOOT_ID) == 0) {
++ first_boot_entry->boot_platform = EL_TORITO_ARCH_x86;
++ }
++ arch = first_boot_entry->boot_platform;
++
+ /*
+ * we have the boot image, so write boot catalog information
+ * Next we write out the primary descriptor for the disc
+ */
+ memset(&valid_desc, 0, sizeof (valid_desc));
+ valid_desc.headerid[0] = 1;
+- valid_desc.arch[0] = EL_TORITO_ARCH_x86;
++ valid_desc.arch[0] = arch; /* Platform id for the default boot */
+
+ /*
+ * we'll shove start of publisher id into id field,
+@@ -351,8 +368,17 @@ get_torito_desc(struct eltorito_boot_descriptor *boot_desc)
+ current_boot_entry != NULL;
+ current_boot_entry = current_boot_entry->next,
+ offset += sizeof (boot_desc_record)) {
++ int newarch = arch;
+
+- if (offset >= SECTOR_SIZE) {
++ if (current_boot_entry->type & ELTORITO_BOOT_ID)
++ newarch = current_boot_entry->boot_platform;
++ else
++ current_boot_entry->boot_platform = arch;
++
++ /*
++ * El Torito has no such limitation but we currently have...
++ */
++ if (offset >= (SECTOR_SIZE - sizeof (boot_desc_record))) {
+ #ifdef USE_LIBSCHILY
+ comerrno(EX_BAD,
+ "Too many El Torito boot entries\n");
+@@ -362,12 +388,53 @@ get_torito_desc(struct eltorito_boot_descriptor *boot_desc)
+ exit(1);
+ #endif
+ }
++
++ if (current_boot_entry == first_boot_entry) {
++ ;
++ /* EMPTY */
++ } else if ((current_boot_entry == first_boot_entry->next) ||
++ (arch != newarch) ||
++ (current_boot_entry->type & ELTORITO_SECTION_HEADER)) {
++ if (last_section_header)
++ set_721(&last_section_header->entry_count, nentries);
++ nentries = 1;
++ last_section_header = (struct eltorito_sectionheader_entry *)
++ (de2->table + offset);
++ fill_boot_shdr(&boot_shdr_record, newarch);
++ memcpy(de2->table + offset, &boot_shdr_record,
++ sizeof (boot_shdr_record));
++ offset += sizeof (boot_desc_record);
++ } else {
++ nentries++; /* Add entry to this section header */
++ }
++ /*
++ * This works because a section entry has the same essential
++ * layout as a default entry (and we do not populate the
++ * selection criteria fields).
++ */
++
+ fill_boot_desc(&boot_desc_record, current_boot_entry);
+ memcpy(de2->table + offset, &boot_desc_record,
+ sizeof (boot_desc_record));
+ }
++
++ if (last_section_header) {
++ set_721(&last_section_header->entry_count, nentries);
++ last_section_header->header_id[0] = EL_TORITO_SHDR_ID_LAST_SHDR;
++ }
++
+ }/* get_torito_desc(... */
+
++static void
++fill_boot_shdr(boot_shdr_entry, arch)
++ struct eltorito_sectionheader_entry *boot_shdr_entry;
++ int arch;
++{
++ memset(boot_shdr_entry, 0, sizeof(struct eltorito_sectionheader_entry));
++ boot_shdr_entry->header_id[0] = EL_TORITO_SHDR_ID_SHDR;
++ boot_shdr_entry->platform_id[0] = arch;
++}
++
+ static void
+ fill_boot_desc(struct eltorito_defaultboot_entry *boot_desc_entry,
+ struct eltorito_boot_entry_info *boot_entry)
+@@ -678,7 +745,9 @@ get_boot_entry()
+ if (!first_boot_entry) {
+ first_boot_entry = current_boot_entry;
+ last_boot_entry = current_boot_entry;
++ current_boot_entry->boot_platform = EL_TORITO_ARCH_x86;
+ } else {
++ current_boot_entry->boot_platform = last_boot_entry->boot_platform;
+ last_boot_entry->next = current_boot_entry;
+ last_boot_entry = current_boot_entry;
+ }
+diff --git a/genisoimage/genisoimage.c b/genisoimage/genisoimage.c
+index 46f0cb7..bfa920e 100644
+--- a/genisoimage/genisoimage.c
++++ b/genisoimage/genisoimage.c
+@@ -271,6 +271,8 @@ struct rcopts {
+ char **variable;
+ };
+
++static int get_boot_platid(opt_arg);
++
+ struct rcopts rcopt[] = {
+ {"PREP", &preparer},
+ {"PUBL", &publisher},
+@@ -404,6 +406,7 @@ struct ld_option {
+
+ #define OPTION_ALLOW_LEADING_DOTS 1070
+ #define OPTION_PUBLISHER 1071
++#define OPTION_PLATFORM 1072
+
+ #ifdef JIGDO_TEMPLATE
+ #define OPTION_JTT_OUTPUT 1101
+@@ -528,6 +531,8 @@ static const struct ld_option ld_options[] =
+ 'b', "FILE", "Set El Torito boot image name", ONE_DASH},
+ {{"eltorito-alt-boot", no_argument, NULL, OPTION_ALT_BOOT},
+ '\0', NULL, "Start specifying alternative El Torito boot parameters", ONE_DASH},
++ {{"eltorito-platform", required_argument, NULL, OPTION_PLATFORM},
++ '\0', "ID", "Set El Torito platform id for the next boot entry", ONE_DASH},
+ {{"sparc-boot", required_argument, NULL, 'B'},
+ 'B', "FILES", "Set sparc boot image names", ONE_DASH},
+ {{"sunx86-boot", required_argument, NULL, OPTION_SUNX86BOOT},
+@@ -1558,6 +1563,9 @@ int main(int argc, char *argv[])
+ */
+ new_boot_entry();
+ break;
++ case OPTION_PLATFORM:
++ get_boot_platid(optarg);
++ break;
+ case OPTION_BOOTALPHA:
+ use_alphaboot++;
+ /* list of pathnames of boot images */
+@@ -3829,3 +3837,43 @@ e_malloc(size_t size)
+ memset(pt, 0, size);
+ return (pt);
+ }
++
++static int
++get_boot_platid(opt_arg)
++ char *opt_arg;
++{
++ long val;
++ char *ptr;
++
++ use_eltorito++;
++ if (streql(opt_arg, "x86")) {
++ val = EL_TORITO_ARCH_x86;
++ } else if (streql(opt_arg, "PPC")) {
++ val = EL_TORITO_ARCH_PPC;
++ } else if (streql(opt_arg, "Mac")) {
++ val = EL_TORITO_ARCH_PPC;
++ } else if (streql(opt_arg, "efi")) {
++ val = EL_TORITO_ARCH_EFI;
++ } else {
++ val = strtol(opt_arg, &ptr, 0);
++ if (*ptr || val < 0 || val >= 0x100) {
++ comerrno(EX_BAD, "Bad boot system ID.\n");
++ }
++ }
++
++ /*
++ * If there is already a boot entry and the boot file name has been set
++ * for this boot entry and the new platform id differs from the
++ * previous value, we start a new boot section.
++ */
++ if (current_boot_entry &&
++ current_boot_entry->boot_image != NULL &&
++ current_boot_entry->boot_platform != val) {
++ new_boot_entry();
++ }
++ get_boot_entry();
++ current_boot_entry->type |= ELTORITO_BOOT_ID;
++ current_boot_entry->boot_platform = val;
++ return (1);
++}
++
+diff --git a/genisoimage/genisoimage.h b/genisoimage/genisoimage.h
+index bbedfb0..4dae1e8 100644
+--- a/genisoimage/genisoimage.h
++++ b/genisoimage/genisoimage.h
+@@ -299,6 +299,14 @@ struct eltorito_boot_entry_info {
+ int boot_info_table;
+ int load_size;
+ int load_addr;
++
++#define ELTORITO_BOOT_ID 1
++#define ELTORITO_SECTION_HEADER 2
++ int type;
++ /*
++ * Valid if (type & ELTORITO_BOOT_ID) != 0
++ */
++ int boot_platform;
+ };
+
+ extern int goof;
+diff --git a/genisoimage/iso9660.h b/genisoimage/iso9660.h
+index c74c2a9..61b6fc0 100644
+--- a/genisoimage/iso9660.h
++++ b/genisoimage/iso9660.h
+@@ -62,6 +62,7 @@ struct iso_volume_descriptor {
+ #define EL_TORITO_ARCH_x86 0
+ #define EL_TORITO_ARCH_PPC 1
+ #define EL_TORITO_ARCH_MAC 2
++#define EL_TORITO_ARCH_EFI 0xEF
+
+ #define EL_TORITO_BOOTABLE 0x88
+ #define EL_TORITO_NOT_BOOTABLE 0
+@@ -159,10 +160,15 @@ struct eltorito_boot_descriptor {
+ };
+
+ /* Validation entry for El Torito */
++/*
++ * headerid must be 1
++ * id is the manufacturer ID
++ * cksum to make the sum of all shorts in this record 0
++ */
+ struct eltorito_validation_entry {
+ char headerid [ISODCL(1, 1)]; /* 711 */
+ char arch [ISODCL(2, 2)];
+- char pad1 [ISODCL(3, 4)]; /* 711 */
++ char pad1 [ISODCL(3, 4)]; /* 721 */
+ char id [ISODCL(5, 28)]; /* CD devel/man*/
+ char cksum [ISODCL(29, 30)];
+ char key1 [ISODCL(31, 31)];
+@@ -173,7 +179,7 @@ struct eltorito_validation_entry {
+ struct eltorito_defaultboot_entry {
+ char boot_id [ISODCL(1, 1)]; /* 711 */
+ char boot_media [ISODCL(2, 2)];
+- char loadseg [ISODCL(3, 4)]; /* 711 */
++ char loadseg [ISODCL(3, 4)]; /* 721 */
+ char sys_type [ISODCL(5, 5)];
+ char pad1 [ISODCL(6, 6)];
+ char nsect [ISODCL(7, 8)];
+@@ -181,6 +187,29 @@ struct eltorito_defaultboot_entry {
+ char pad2 [ISODCL(13, 32)];
+ };
+
++/* El Torito section header entry in boot catalog */
++struct eltorito_sectionheader_entry {
++#define EL_TORITO_SHDR_ID_SHDR 0x90
++#define EL_TORITO_SHDR_ID_LAST_SHDR 0x91
++ char header_id [ISODCL(1, 1)]; /* 711 */
++ char platform_id [ISODCL(2, 2)];
++ char entry_count [ISODCL(3, 4)]; /* 721 */
++ char id [ISODCL(5, 32)];
++};
++
++/* El Torito section entry in boot catalog */
++struct eltorito_section_entry {
++ char boot_id [ISODCL(1, 1)]; /* 711 */
++ char boot_media [ISODCL(2, 2)];
++ char loadseg [ISODCL(3, 4)]; /* 721 */
++ char sys_type [ISODCL(5, 5)];
++ char pad1 [ISODCL(6, 6)];
++ char nsect [ISODCL(7, 8)];
++ char bootoff [ISODCL(9, 12)];
++ char sel_criteria [ISODCL(13, 13)];
++ char vendor_sel_criteria [ISODCL(14, 32)];
++};
++
+ /*
+ * XXX JS: The next two structures have odd lengths!
+ * Some compilers (e.g. on Sun3/mc68020) padd the structures to even length.
+--
+2.27.0
+
--
2.27.0

3101 - 3120 of 99908