openembedded-devel@lists.openembedded.org

Home Messages Hashtags Subgroups

Expanded

Between

and

Re: Honister customer defconfig replacement doesn't work Bruce Ashfield #96818 On Wed, Apr 27, 2022 at 6:09 PM JH <jupiter.hce@...> wrote: Hello, My apology, I am not sure which group is working on defconfig syntax for version 3.4 Honister branch. I posted the question to Yocto list without response, let me rephrase it again: oe-core/yocto are the right place to ask. I can follow up there. Bruce According to the Yocto document 3.4, out tree customer defconfig can be used to replace the build/.config, I used a working kernel defconfig to disable configures, I tried many tricks found from the mailing lists, but none of works for 3.4 and branch Honister in a kernel build bbappend file to add KCONFIG_MODE = "allnoconfig" or KCONFIG_MODE = "alldefconfig": FILESEXTRAPATHS:prepend := "${THISDIR}/files:" SRC_URI:append = " file://defconfig" KCONFIG_MODE = "allnoconfig" do_configure:prepend () { cp ${WORKDIR}/defconfig ${B}/.config } It still generated build/.config in do_configure # # configuration written to .config # I changed to: do_compile:prepend () { cp ${WORKDIR}/defconfig ${B}/.config } It still restarted config to generate build/.config * * Restart config... * * * Kernel Features * I added unset KBUILD_DEFCONFIG, Is it possible to disable KBUILD_DEFCONFIG and to use customer defconfig? Thank you very much. Kind regards, - jupiter -- - Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end - "Use the force Harry" - Gandalf, Star Trek II
More All Messages By This Member
Re: [meta-python][PATCH] python3-pyfanotify: new package Khem Raj #96817 fails on musl [1] due to missing FNM_EXTMATCH define. There are patches to define it to 0 in oe-core in musl case. Perhaps that can fix it [1] https://errors.yoctoproject.org/Errors/Details/655765/ toggle quoted message Show quoted text On Wed, Apr 27, 2022 at 2:49 AM Bartosz Golaszewski <brgl@...> wrote: This adds a recipe for pyfanotify - a python wrapper around linux' fanotify interface. Signed-off-by: Bartosz Golaszewski <brgl@...> --- .../packagegroups/packagegroup-meta-python.bb \| 1 + .../python/python3-pyfanotify_0.1.3.bb \| 17 +++++++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 meta-python/recipes-devtools/python/python3-pyfanotify_0.1.3.bb diff --git a/meta-python/recipes-core/packagegroups/packagegroup-meta-python.bb b/meta-python/recipes-core/packagegroups/packagegroup-meta-python.bb index f7bf36519..d2d9dcd18 100644 --- a/meta-python/recipes-core/packagegroups/packagegroup-meta-python.bb +++ b/meta-python/recipes-core/packagegroups/packagegroup-meta-python.bb @@ -300,6 +300,7 @@ RDEPENDS:packagegroup-meta-python3 = "\ python3-pydicti \ python3-pyephem \ python3-pyexpect \ + python3-pyfanotify \ python3-pyfirmata \ python3-pyflakes \ python3-pyhamcrest \ diff --git a/meta-python/recipes-devtools/python/python3-pyfanotify_0.1.3.bb b/meta-python/recipes-devtools/python/python3-pyfanotify_0.1.3.bb new file mode 100644 index 000000000..7458fec43 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-pyfanotify_0.1.3.bb @@ -0,0 +1,17 @@ +SUMMARY = "Python wrapper for Linux fanotify." +HOMEPAGE = "https://github.com/baskiton/pyfanotify" +AUTHOR = "Alexander Baskikh" +SECTION = "devel/python" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://LICENSE;md5=636a36c9df04efcfacf839b8866d9a37" + +SRC_URI[sha256sum] = "0efa73922fd705b4e8f8f0b51cb88198ceef66cc309e1de21674ef44c879029d" + +inherit pypi setuptools3 + +RDEPENDS:${PN} += " \ + python3-crypt \ + python3-datetime \ + python3-logging \ + python3-multiprocessing \ +" -- 2.32.0
More All Messages By This Member
Re: [meta-oe][PATCH] layer.conf: Post release codename changes Khem Raj #96816 On 4/27/22 4:04 PM, Martin Jansa wrote: Isn't it a bit premature to claim langdale compatibility when we don't know what changes langdale will need? This is kind of promise than reality at this point. True, although I wonder if there will be a case where we wont be compatible with langdale in master I think it makes more sense to add this at the end of cycle, not at the beginning. Logically yes. Regards, On Thu, Apr 28, 2022 at 12:07 AM Armin Kuster <akuster808@... <mailto:akuster808@...>> wrote: Post release add langdale to match core Signed-off-by: Armin Kuster <akuster808@... <mailto:akuster808@...>> --- meta-filesystems/conf/layer.conf \| 2 +- meta-gnome/conf/layer.conf \| 2 +- meta-initramfs/conf/layer.conf \| 2 +- meta-multimedia/conf/layer.conf \| 2 +- meta-networking/conf/layer.conf \| 2 +- meta-oe/conf/layer.conf \| 2 +- meta-perl/conf/layer.conf \| 2 +- meta-python/conf/layer.conf \| 2 +- meta-webserver/conf/layer.conf \| 2 +- meta-xfce/conf/layer.conf \| 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) diff --git a/meta-filesystems/conf/layer.conf b/meta-filesystems/conf/layer.conf index 75a27d665..205768e63 100644 --- a/meta-filesystems/conf/layer.conf +++ b/meta-filesystems/conf/layer.conf @@ -15,4 +15,4 @@ LAYERVERSION_filesystems-layer = "1" LAYERDEPENDS_filesystems-layer = "core openembedded-layer" -LAYERSERIES_COMPAT_filesystems-layer = "kirkstone" +LAYERSERIES_COMPAT_filesystems-layer = "kirkstone langdale" diff --git a/meta-gnome/conf/layer.conf b/meta-gnome/conf/layer.conf index 2fb348515..bf4834aa2 100644 --- a/meta-gnome/conf/layer.conf +++ b/meta-gnome/conf/layer.conf @@ -17,7 +17,7 @@ LAYERVERSION_gnome-layer = "1" LAYERDEPENDS_gnome-layer = "core openembedded-layer networking-layer" -LAYERSERIES_COMPAT_gnome-layer = "kirkstone" +LAYERSERIES_COMPAT_gnome-layer = "kirkstone langdale" SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += "\ faenza-icon-theme->gdk-pixbuf \ diff --git a/meta-initramfs/conf/layer.conf b/meta-initramfs/conf/layer.conf index c63383faf..6aa64f1e1 100644 --- a/meta-initramfs/conf/layer.conf +++ b/meta-initramfs/conf/layer.conf @@ -16,7 +16,7 @@ BBFILE_PATTERN_meta-initramfs := "^${LAYERDIR}/" BBFILE_PRIORITY_meta-initramfs = "5" LAYERDEPENDS_meta-initramfs = "core" -LAYERSERIES_COMPAT_meta-initramfs = "kirkstone" +LAYERSERIES_COMPAT_meta-initramfs = "kirkstone langdale" SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \ dracut->virtual/kernel \ diff --git a/meta-multimedia/conf/layer.conf b/meta-multimedia/conf/layer.conf index b5120bb53..ee6694cdf 100644 --- a/meta-multimedia/conf/layer.conf +++ b/meta-multimedia/conf/layer.conf @@ -31,4 +31,4 @@ LAYERVERSION_multimedia-layer = "1" LAYERDEPENDS_multimedia-layer = "core openembedded-layer meta-python" -LAYERSERIES_COMPAT_multimedia-layer = "kirkstone" +LAYERSERIES_COMPAT_multimedia-layer = "kirkstone langdale" diff --git a/meta-networking/conf/layer.conf b/meta-networking/conf/layer.conf index 3f9699ad1..a4f622a8c 100644 --- a/meta-networking/conf/layer.conf +++ b/meta-networking/conf/layer.conf @@ -17,7 +17,7 @@ LAYERDEPENDS_networking-layer = "core" LAYERDEPENDS_networking-layer += "openembedded-layer" LAYERDEPENDS_networking-layer += "meta-python" -LAYERSERIES_COMPAT_networking-layer = "kirkstone" +LAYERSERIES_COMPAT_networking-layer = "kirkstone langdale" LICENSE_PATH += "${LAYERDIR}/licenses" diff --git a/meta-oe/conf/layer.conf b/meta-oe/conf/layer.conf index 88715d5e8..34aa29561 100644 --- a/meta-oe/conf/layer.conf +++ b/meta-oe/conf/layer.conf @@ -42,7 +42,7 @@ LAYERVERSION_openembedded-layer = "1" LAYERDEPENDS_openembedded-layer = "core" -LAYERSERIES_COMPAT_openembedded-layer = "kirkstone" +LAYERSERIES_COMPAT_openembedded-layer = "kirkstone langdale" LICENSE_PATH += "${LAYERDIR}/licenses" diff --git a/meta-perl/conf/layer.conf b/meta-perl/conf/layer.conf index 3cb9571d4..007ae2fbd 100644 --- a/meta-perl/conf/layer.conf +++ b/meta-perl/conf/layer.conf @@ -15,4 +15,4 @@ LAYERVERSION_perl-layer = "1" LAYERDEPENDS_perl-layer = "core openembedded-layer" -LAYERSERIES_COMPAT_perl-layer = "kirkstone" +LAYERSERIES_COMPAT_perl-layer = "kirkstone langdale" diff --git a/meta-python/conf/layer.conf b/meta-python/conf/layer.conf index e444498ff..481e4ea2c 100644 --- a/meta-python/conf/layer.conf +++ b/meta-python/conf/layer.conf @@ -14,6 +14,6 @@ LAYERVERSION_meta-python = "1" LAYERDEPENDS_meta-python = "core (>= 12) openembedded-layer" -LAYERSERIES_COMPAT_meta-python = "kirkstone" +LAYERSERIES_COMPAT_meta-python = "kirkstone langdale" LICENSE_PATH += "${LAYERDIR}/licenses" diff --git a/meta-webserver/conf/layer.conf b/meta-webserver/conf/layer.conf index 5ae5e796a..bfcd9681c 100644 --- a/meta-webserver/conf/layer.conf +++ b/meta-webserver/conf/layer.conf @@ -17,7 +17,7 @@ LAYERVERSION_webserver = "1" LAYERDEPENDS_webserver = "core openembedded-layer" -LAYERSERIES_COMPAT_webserver = "kirkstone" +LAYERSERIES_COMPAT_webserver = "kirkstone langdale" LICENSE_PATH += "${LAYERDIR}/licenses" diff --git a/meta-xfce/conf/layer.conf b/meta-xfce/conf/layer.conf index 28dfc5b34..5785421aa 100644 --- a/meta-xfce/conf/layer.conf +++ b/meta-xfce/conf/layer.conf @@ -19,7 +19,7 @@ LAYERDEPENDS_xfce-layer += "multimedia-layer" LAYERDEPENDS_xfce-layer += "meta-python" LAYERDEPENDS_xfce-layer += "networking-layer" -LAYERSERIES_COMPAT_xfce-layer = "kirkstone" +LAYERSERIES_COMPAT_xfce-layer = "kirkstone langdale" SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += "\ openzone->gdk-pixbuf \ -- 2.25.1
More All Messages By This Member
Re: [meta-oe][PATCH] layer.conf: Post release codename changes Martin Jansa #96815 Isn't it a bit premature to claim langdale compatibility when we don't know what changes langdale will need? I think it makes more sense to add this at the end of cycle, not at the beginning. Regards, toggle quoted message Show quoted text On Thu, Apr 28, 2022 at 12:07 AM Armin Kuster <akuster808@...> wrote: Post release add langdale to match core Signed-off-by: Armin Kuster <akuster808@...> --- meta-filesystems/conf/layer.conf \| 2 +- meta-gnome/conf/layer.conf \| 2 +- meta-initramfs/conf/layer.conf \| 2 +- meta-multimedia/conf/layer.conf \| 2 +- meta-networking/conf/layer.conf \| 2 +- meta-oe/conf/layer.conf \| 2 +- meta-perl/conf/layer.conf \| 2 +- meta-python/conf/layer.conf \| 2 +- meta-webserver/conf/layer.conf \| 2 +- meta-xfce/conf/layer.conf \| 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) diff --git a/meta-filesystems/conf/layer.conf b/meta-filesystems/conf/layer.conf index 75a27d665..205768e63 100644 --- a/meta-filesystems/conf/layer.conf +++ b/meta-filesystems/conf/layer.conf @@ -15,4 +15,4 @@ LAYERVERSION_filesystems-layer = "1" LAYERDEPENDS_filesystems-layer = "core openembedded-layer" -LAYERSERIES_COMPAT_filesystems-layer = "kirkstone" +LAYERSERIES_COMPAT_filesystems-layer = "kirkstone langdale" diff --git a/meta-gnome/conf/layer.conf b/meta-gnome/conf/layer.conf index 2fb348515..bf4834aa2 100644 --- a/meta-gnome/conf/layer.conf +++ b/meta-gnome/conf/layer.conf @@ -17,7 +17,7 @@ LAYERVERSION_gnome-layer = "1" LAYERDEPENDS_gnome-layer = "core openembedded-layer networking-layer" -LAYERSERIES_COMPAT_gnome-layer = "kirkstone" +LAYERSERIES_COMPAT_gnome-layer = "kirkstone langdale" SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += "\ faenza-icon-theme->gdk-pixbuf \ diff --git a/meta-initramfs/conf/layer.conf b/meta-initramfs/conf/layer.conf index c63383faf..6aa64f1e1 100644 --- a/meta-initramfs/conf/layer.conf +++ b/meta-initramfs/conf/layer.conf @@ -16,7 +16,7 @@ BBFILE_PATTERN_meta-initramfs := "^${LAYERDIR}/" BBFILE_PRIORITY_meta-initramfs = "5" LAYERDEPENDS_meta-initramfs = "core" -LAYERSERIES_COMPAT_meta-initramfs = "kirkstone" +LAYERSERIES_COMPAT_meta-initramfs = "kirkstone langdale" SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \ dracut->virtual/kernel \ diff --git a/meta-multimedia/conf/layer.conf b/meta-multimedia/conf/layer.conf index b5120bb53..ee6694cdf 100644 --- a/meta-multimedia/conf/layer.conf +++ b/meta-multimedia/conf/layer.conf @@ -31,4 +31,4 @@ LAYERVERSION_multimedia-layer = "1" LAYERDEPENDS_multimedia-layer = "core openembedded-layer meta-python" -LAYERSERIES_COMPAT_multimedia-layer = "kirkstone" +LAYERSERIES_COMPAT_multimedia-layer = "kirkstone langdale" diff --git a/meta-networking/conf/layer.conf b/meta-networking/conf/layer.conf index 3f9699ad1..a4f622a8c 100644 --- a/meta-networking/conf/layer.conf +++ b/meta-networking/conf/layer.conf @@ -17,7 +17,7 @@ LAYERDEPENDS_networking-layer = "core" LAYERDEPENDS_networking-layer += "openembedded-layer" LAYERDEPENDS_networking-layer += "meta-python" -LAYERSERIES_COMPAT_networking-layer = "kirkstone" +LAYERSERIES_COMPAT_networking-layer = "kirkstone langdale" LICENSE_PATH += "${LAYERDIR}/licenses" diff --git a/meta-oe/conf/layer.conf b/meta-oe/conf/layer.conf index 88715d5e8..34aa29561 100644 --- a/meta-oe/conf/layer.conf +++ b/meta-oe/conf/layer.conf @@ -42,7 +42,7 @@ LAYERVERSION_openembedded-layer = "1" LAYERDEPENDS_openembedded-layer = "core" -LAYERSERIES_COMPAT_openembedded-layer = "kirkstone" +LAYERSERIES_COMPAT_openembedded-layer = "kirkstone langdale" LICENSE_PATH += "${LAYERDIR}/licenses" diff --git a/meta-perl/conf/layer.conf b/meta-perl/conf/layer.conf index 3cb9571d4..007ae2fbd 100644 --- a/meta-perl/conf/layer.conf +++ b/meta-perl/conf/layer.conf @@ -15,4 +15,4 @@ LAYERVERSION_perl-layer = "1" LAYERDEPENDS_perl-layer = "core openembedded-layer" -LAYERSERIES_COMPAT_perl-layer = "kirkstone" +LAYERSERIES_COMPAT_perl-layer = "kirkstone langdale" diff --git a/meta-python/conf/layer.conf b/meta-python/conf/layer.conf index e444498ff..481e4ea2c 100644 --- a/meta-python/conf/layer.conf +++ b/meta-python/conf/layer.conf @@ -14,6 +14,6 @@ LAYERVERSION_meta-python = "1" LAYERDEPENDS_meta-python = "core (>= 12) openembedded-layer" -LAYERSERIES_COMPAT_meta-python = "kirkstone" +LAYERSERIES_COMPAT_meta-python = "kirkstone langdale" LICENSE_PATH += "${LAYERDIR}/licenses" diff --git a/meta-webserver/conf/layer.conf b/meta-webserver/conf/layer.conf index 5ae5e796a..bfcd9681c 100644 --- a/meta-webserver/conf/layer.conf +++ b/meta-webserver/conf/layer.conf @@ -17,7 +17,7 @@ LAYERVERSION_webserver = "1" LAYERDEPENDS_webserver = "core openembedded-layer" -LAYERSERIES_COMPAT_webserver = "kirkstone" +LAYERSERIES_COMPAT_webserver = "kirkstone langdale" LICENSE_PATH += "${LAYERDIR}/licenses" diff --git a/meta-xfce/conf/layer.conf b/meta-xfce/conf/layer.conf index 28dfc5b34..5785421aa 100644 --- a/meta-xfce/conf/layer.conf +++ b/meta-xfce/conf/layer.conf @@ -19,7 +19,7 @@ LAYERDEPENDS_xfce-layer += "multimedia-layer" LAYERDEPENDS_xfce-layer += "meta-python" LAYERDEPENDS_xfce-layer += "networking-layer" -LAYERSERIES_COMPAT_xfce-layer = "kirkstone" +LAYERSERIES_COMPAT_xfce-layer = "kirkstone langdale" SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += "\ openzone->gdk-pixbuf \ -- 2.25.1
More All Messages By This Member
Honister customer defconfig replacement doesn't work JH <jupiter.hce@...> #96814 Hello, My apology, I am not sure which group is working on defconfig syntax for version 3.4 Honister branch. I posted the question to Yocto list without response, let me rephrase it again: According to the Yocto document 3.4, out tree customer defconfig can be used to replace the build/.config, I used a working kernel defconfig to disable configures, I tried many tricks found from the mailing lists, but none of works for 3.4 and branch Honister in a kernel build bbappend file to add KCONFIG_MODE = "allnoconfig" or KCONFIG_MODE = "alldefconfig": FILESEXTRAPATHS:prepend := "${THISDIR}/files:" SRC_URI:append = " file://defconfig" KCONFIG_MODE = "allnoconfig" do_configure:prepend () { cp ${WORKDIR}/defconfig ${B}/.config } It still generated build/.config in do_configure # # configuration written to .config # I changed to: do_compile:prepend () { cp ${WORKDIR}/defconfig ${B}/.config } It still restarted config to generate build/.config * * Restart config... * * * Kernel Features * I added unset KBUILD_DEFCONFIG, Is it possible to disable KBUILD_DEFCONFIG and to use customer defconfig? Thank you very much. Kind regards, - jupiter
More All Messages By This Member
[meta-oe][PATCH] layer.conf: Post release codename changes Armin Kuster #96813 Post release add langdale to match core Signed-off-by: Armin Kuster <akuster808@...> --- meta-filesystems/conf/layer.conf \| 2 +- meta-gnome/conf/layer.conf \| 2 +- meta-initramfs/conf/layer.conf \| 2 +- meta-multimedia/conf/layer.conf \| 2 +- meta-networking/conf/layer.conf \| 2 +- meta-oe/conf/layer.conf \| 2 +- meta-perl/conf/layer.conf \| 2 +- meta-python/conf/layer.conf \| 2 +- meta-webserver/conf/layer.conf \| 2 +- meta-xfce/conf/layer.conf \| 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) diff --git a/meta-filesystems/conf/layer.conf b/meta-filesystems/conf/layer.conf index 75a27d665..205768e63 100644 --- a/meta-filesystems/conf/layer.conf +++ b/meta-filesystems/conf/layer.conf @@ -15,4 +15,4 @@ LAYERVERSION_filesystems-layer = "1" LAYERDEPENDS_filesystems-layer = "core openembedded-layer" -LAYERSERIES_COMPAT_filesystems-layer = "kirkstone" +LAYERSERIES_COMPAT_filesystems-layer = "kirkstone langdale" diff --git a/meta-gnome/conf/layer.conf b/meta-gnome/conf/layer.conf index 2fb348515..bf4834aa2 100644 --- a/meta-gnome/conf/layer.conf +++ b/meta-gnome/conf/layer.conf @@ -17,7 +17,7 @@ LAYERVERSION_gnome-layer = "1" LAYERDEPENDS_gnome-layer = "core openembedded-layer networking-layer" -LAYERSERIES_COMPAT_gnome-layer = "kirkstone" +LAYERSERIES_COMPAT_gnome-layer = "kirkstone langdale" SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += "\ faenza-icon-theme->gdk-pixbuf \ diff --git a/meta-initramfs/conf/layer.conf b/meta-initramfs/conf/layer.conf index c63383faf..6aa64f1e1 100644 --- a/meta-initramfs/conf/layer.conf +++ b/meta-initramfs/conf/layer.conf @@ -16,7 +16,7 @@ BBFILE_PATTERN_meta-initramfs := "^${LAYERDIR}/" BBFILE_PRIORITY_meta-initramfs = "5" LAYERDEPENDS_meta-initramfs = "core" -LAYERSERIES_COMPAT_meta-initramfs = "kirkstone" +LAYERSERIES_COMPAT_meta-initramfs = "kirkstone langdale" SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \ dracut->virtual/kernel \ diff --git a/meta-multimedia/conf/layer.conf b/meta-multimedia/conf/layer.conf index b5120bb53..ee6694cdf 100644 --- a/meta-multimedia/conf/layer.conf +++ b/meta-multimedia/conf/layer.conf @@ -31,4 +31,4 @@ LAYERVERSION_multimedia-layer = "1" LAYERDEPENDS_multimedia-layer = "core openembedded-layer meta-python" -LAYERSERIES_COMPAT_multimedia-layer = "kirkstone" +LAYERSERIES_COMPAT_multimedia-layer = "kirkstone langdale" diff --git a/meta-networking/conf/layer.conf b/meta-networking/conf/layer.conf index 3f9699ad1..a4f622a8c 100644 --- a/meta-networking/conf/layer.conf +++ b/meta-networking/conf/layer.conf @@ -17,7 +17,7 @@ LAYERDEPENDS_networking-layer = "core" LAYERDEPENDS_networking-layer += "openembedded-layer" LAYERDEPENDS_networking-layer += "meta-python" -LAYERSERIES_COMPAT_networking-layer = "kirkstone" +LAYERSERIES_COMPAT_networking-layer = "kirkstone langdale" LICENSE_PATH += "${LAYERDIR}/licenses" diff --git a/meta-oe/conf/layer.conf b/meta-oe/conf/layer.conf index 88715d5e8..34aa29561 100644 --- a/meta-oe/conf/layer.conf +++ b/meta-oe/conf/layer.conf @@ -42,7 +42,7 @@ LAYERVERSION_openembedded-layer = "1" LAYERDEPENDS_openembedded-layer = "core" -LAYERSERIES_COMPAT_openembedded-layer = "kirkstone" +LAYERSERIES_COMPAT_openembedded-layer = "kirkstone langdale" LICENSE_PATH += "${LAYERDIR}/licenses" diff --git a/meta-perl/conf/layer.conf b/meta-perl/conf/layer.conf index 3cb9571d4..007ae2fbd 100644 --- a/meta-perl/conf/layer.conf +++ b/meta-perl/conf/layer.conf @@ -15,4 +15,4 @@ LAYERVERSION_perl-layer = "1" LAYERDEPENDS_perl-layer = "core openembedded-layer" -LAYERSERIES_COMPAT_perl-layer = "kirkstone" +LAYERSERIES_COMPAT_perl-layer = "kirkstone langdale" diff --git a/meta-python/conf/layer.conf b/meta-python/conf/layer.conf index e444498ff..481e4ea2c 100644 --- a/meta-python/conf/layer.conf +++ b/meta-python/conf/layer.conf @@ -14,6 +14,6 @@ LAYERVERSION_meta-python = "1" LAYERDEPENDS_meta-python = "core (>= 12) openembedded-layer" -LAYERSERIES_COMPAT_meta-python = "kirkstone" +LAYERSERIES_COMPAT_meta-python = "kirkstone langdale" LICENSE_PATH += "${LAYERDIR}/licenses" diff --git a/meta-webserver/conf/layer.conf b/meta-webserver/conf/layer.conf index 5ae5e796a..bfcd9681c 100644 --- a/meta-webserver/conf/layer.conf +++ b/meta-webserver/conf/layer.conf @@ -17,7 +17,7 @@ LAYERVERSION_webserver = "1" LAYERDEPENDS_webserver = "core openembedded-layer" -LAYERSERIES_COMPAT_webserver = "kirkstone" +LAYERSERIES_COMPAT_webserver = "kirkstone langdale" LICENSE_PATH += "${LAYERDIR}/licenses" diff --git a/meta-xfce/conf/layer.conf b/meta-xfce/conf/layer.conf index 28dfc5b34..5785421aa 100644 --- a/meta-xfce/conf/layer.conf +++ b/meta-xfce/conf/layer.conf @@ -19,7 +19,7 @@ LAYERDEPENDS_xfce-layer += "multimedia-layer" LAYERDEPENDS_xfce-layer += "meta-python" LAYERDEPENDS_xfce-layer += "networking-layer" -LAYERSERIES_COMPAT_xfce-layer = "kirkstone" +LAYERSERIES_COMPAT_xfce-layer = "kirkstone langdale" SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += "\ openzone->gdk-pixbuf \ -- 2.25.1
More All Messages By This Member
[meta-oe][PATCH] boinc-client: Make script install not depend on host install paths Khem Raj #96812 The install target is checking for install paths on build host assuming thats where it will run too, which breaks cross builds. Add a patch to aide the install from recipe. Signed-off-by: Khem Raj <raj.khem@...> --- ...Do-not-check-for-files-on-build-host.patch \| 52 +++++++++++++++++++ .../boinc/boinc-client_7.18.1.bb \| 18 +++---- 2 files changed, 60 insertions(+), 10 deletions(-) create mode 100644 meta-oe/recipes-extended/boinc/boinc-client/0001-scripts-Do-not-check-for-files-on-build-host.patch diff --git a/meta-oe/recipes-extended/boinc/boinc-client/0001-scripts-Do-not-check-for-files-on-build-host.patch b/meta-oe/recipes-extended/boinc/boinc-client/0001-scripts-Do-not-check-for-files-on-build-host.patch new file mode 100644 index 0000000000..6d9e94cb8a --- /dev/null +++ b/meta-oe/recipes-extended/boinc/boinc-client/0001-scripts-Do-not-check-for-files-on-build-host.patch @@ -0,0 +1,52 @@ +From 8a8305c78143438e2bd497d55188a0da3442db08 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@...> +Date: Wed, 27 Apr 2022 09:11:38 -0700 +Subject: [PATCH] scripts: Do not check for files on build host + +This will result in varied behaviour depending upon what kind of host is +used to build it. We dont want that. Instead check for these files and +dirs in staging area and create these markers in recipe via a +do_install_prepend to aide install piece a bit here ( systemd vs +sysvinit ) etc. + +Upstream-Status: Inappropriate [OE-Specific] + +Signed-off-by: Khem Raj <raj.khem@...> +--- + client/scripts/Makefile.am \| 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/client/scripts/Makefile.am b/client/scripts/Makefile.am +index 2a53203d84..62a0defa93 100644 +--- a/client/scripts/Makefile.am ++++ b/client/scripts/Makefile.am +@@ -2,21 +2,21 @@ + + install-exec-hook: + chmod +x boinc-client +- if [ -d /etc/init.d ] ; then \ ++ if [ -d $(DESTDIR)/etc/init.d ] ; then \ + $(INSTALL) -d $(DESTDIR)$(sysconfdir)/init.d ; \ + $(INSTALL) -b boinc-client $(DESTDIR)$(sysconfdir)/init.d/boinc-client ; \ + fi +- if [ -d /usr/lib/systemd/system ] ; then \ ++ if [ -d $(DESTDIR)/usr/lib/systemd/system ] ; then \ + $(INSTALL) -d $(DESTDIR)/usr/lib/systemd/system/ ; \ + $(INSTALL_DATA) boinc-client.service $(DESTDIR)/usr/lib/systemd/system/boinc-client.service ; \ +- elif [ -d /lib/systemd/system ] ; then \ ++ elif [ -d $(DESTDIR)/lib/systemd/system ] ; then \ + $(INSTALL) -d $(DESTDIR)/lib/systemd/system/ ; \ + $(INSTALL_DATA) boinc-client.service $(DESTDIR)/lib/systemd/system/boinc-client.service ; \ + fi +- if [ -d /etc/sysconfig ] ; then \ ++ if [ -d $(DESTDIR)/etc/sysconfig ] ; then \ + $(INSTALL) -d $(DESTDIR)$(sysconfdir)/sysconfig ; \ + $(INSTALL_DATA) $(srcdir)/boinc-client.conf $(DESTDIR)$(sysconfdir)/sysconfig/boinc-client ; \ +- elif [ -d /etc/default ] ; then \ ++ elif [ -d $(DESTDIR)/etc/default ] ; then \ + $(INSTALL) -d $(DESTDIR)$(sysconfdir)/default ; \ + $(INSTALL_DATA) $(srcdir)/boinc-client.conf $(DESTDIR)$(sysconfdir)/default/boinc-client ; \ + else \ +-- +2.36.0 + diff --git a/meta-oe/recipes-extended/boinc/boinc-client_7.18.1.bb b/meta-oe/recipes-extended/boinc/boinc-client_7.18.1.bb index abcb304d30..8f85a508e7 100644 --- a/meta-oe/recipes-extended/boinc/boinc-client_7.18.1.bb +++ b/meta-oe/recipes-extended/boinc/boinc-client_7.18.1.bb @@ -35,6 +35,7 @@ SRC_URI = "git://github.com/BOINC/boinc;protocol=https;branch=${BRANCH} \ file://boinc-AM_CONDITIONAL.patch \ file://gtk-configure.patch \ file://4563.patch \ + file://0001-scripts-Do-not-check-for-files-on-build-host.patch \ " inherit gettext autotools pkgconfig features_check systemd @@ -75,17 +76,14 @@ do_compile:prepend () { sed -i -e 's\|^runpath_var=LD_RUN_PATH\|runpath_var=DIE_RPATH_DIE\|g' ${B}/libtool } -do_install:append() { - if ! ${@bb.utils.contains('DISTRO_FEATURES','usrmerge','true','false',d)} -a \ - -e ${D}${nonarch_libdir}/systemd/system/boinc-client.service; then - install -d ${D}${systemd_system_unitdir} - mv \ - ${D}${nonarch_libdir}/systemd/system/boinc-client.service \ - ${D}${systemd_system_unitdir}/boinc-client.service - rmdir --ignore-fail-on-non-empty ${D}${nonarch_libdir}/systemd/system \ - ${D}${nonarch_libdir}/systemd \ - ${D}${nonarch_libdir} +do_install:prepend() { + # help script install a bit to do right thing for OE + if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then + mkdir -p ${D}${systemd_system_unitdir} + else + mkdir -p ${D}${sysconfdir}/init.d fi + mkdir -p ${D}${sysconfdir}/default } SYSTEMD_SERVICE:${PN} = "boinc-client.service" -- 2.36.0
More All Messages By This Member
[meta-python][PATCH] python3-pyfanotify: new package Bartosz Golaszewski #96811 This adds a recipe for pyfanotify - a python wrapper around linux' fanotify interface. Signed-off-by: Bartosz Golaszewski <brgl@...> --- .../packagegroups/packagegroup-meta-python.bb \| 1 + .../python/python3-pyfanotify_0.1.3.bb \| 17 +++++++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 meta-python/recipes-devtools/python/python3-pyfanotify_0.1.3.bb diff --git a/meta-python/recipes-core/packagegroups/packagegroup-meta-python.bb b/meta-python/recipes-core/packagegroups/packagegroup-meta-python.bb index f7bf36519..d2d9dcd18 100644 --- a/meta-python/recipes-core/packagegroups/packagegroup-meta-python.bb +++ b/meta-python/recipes-core/packagegroups/packagegroup-meta-python.bb @@ -300,6 +300,7 @@ RDEPENDS:packagegroup-meta-python3 = "\ python3-pydicti \ python3-pyephem \ python3-pyexpect \ + python3-pyfanotify \ python3-pyfirmata \ python3-pyflakes \ python3-pyhamcrest \ diff --git a/meta-python/recipes-devtools/python/python3-pyfanotify_0.1.3.bb b/meta-python/recipes-devtools/python/python3-pyfanotify_0.1.3.bb new file mode 100644 index 000000000..7458fec43 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-pyfanotify_0.1.3.bb @@ -0,0 +1,17 @@ +SUMMARY = "Python wrapper for Linux fanotify." +HOMEPAGE = "https://github.com/baskiton/pyfanotify" +AUTHOR = "Alexander Baskikh" +SECTION = "devel/python" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://LICENSE;md5=636a36c9df04efcfacf839b8866d9a37" + +SRC_URI[sha256sum] = "0efa73922fd705b4e8f8f0b51cb88198ceef66cc309e1de21674ef44c879029d" + +inherit pypi setuptools3 + +RDEPENDS:${PN} += " \ + python3-crypt \ + python3-datetime \ + python3-logging \ + python3-multiprocessing \ +" -- 2.32.0
More All Messages By This Member
Re: CVE-check failing on world with meta-openembedded: diff.gz file Marta Rybczynska #96810 On Tue, Apr 26, 2022 at 6:09 PM Khem Raj <raj.khem@...> wrote: Hi Marta On 4/26/22 5:20 AM, Marta Rybczynska wrote: > > > On Fri, Apr 22, 2022 at 11:07 AM Marta Rybczynska <rybczynska@... > <mailto:rybczynska@...>> wrote: > > Dear all, > We're running cve-check on a world build containing oe-core, meta-oe > and more. We have an issue with the lockdev recipe > (meta-openembedded/meta-oe/recipes-support/lockdev/lockdev_1.0.3.bb > <http://lockdev_1.0.3.bb>), which causes a fail like below: > > $ bitbake world --runonly=do_cve_check > ERROR: lockdev-1_1.0.3-r0 do_cve_check: File Not found: > <path>lockdev/1_1.0.3-r0/lockdev_1.0.3-1.6.diff > ERROR: lockdev-1_1.0.3-r0 do_cve_check: Failure in searching patches > ERROR: Logfile of failure stored in: > <path>/lockdev/1_1.0.3-r0/temp/log.do_cve_check.8709 > ERROR: Task > (<path>/meta-openembedded/meta-oe/recipes-support/lockdev/lockdev_1.0.3.bb:do_cve_check) > failed with exit code '1' > > The issue is caused by the fact that lockdev_1.0.3-1.6.diff is > missing. When we look into the recipe, it is downloading > lockdev_1.0.3-1.6.diff.gz file Please note the additional extension. > > Stripping the extension comes from oe-core/meta/oe/patch.py, from > the patch_path function, which is figuring out if a file is a patch, > and returning the local path if it is so. However, at the moment > when we do_cve_check, the .gz file is not uncompressed. > > I'm wondering how to solve it. > 1. Add a dependency to make sure eventual patch files are > decompressed first? I think this option looks best or perhaps we should drop applying debian diff entirely since debian seems to have dropped this package I think regardless of what we do with this package it seems to be a limitation of cve-check process which perhaps should either be fixed or documented. > 2. Do not consider this as a patch file in the scope of cve-check ? > (this is more a part of the source then an actual patch that might > be fixing a CVE) > > This is the only case like that we have in the build. Please note > that removing ".diff" from the extension list in patch_path() is > solving the issue. > > Any comments or suggestions? > > Adding Ross, Richard and Steve. I'm wondering if it makes sense to consider .diff.gz (or .patch.gz) files as patches for cve-check. They basically come directly from 3rd parties and it is quite unlikely to expect them to keep the CVE: tag. All the pieces of documentation I can find mention also only .patch files for CVEs, and not .patch.gz. This is tempting to remove the .gz handling here (for the cve-check) in my opinion. Also, since the commit f5f97d33a1703d75b9fd9760f2c7767081538e00, cve-check depends only on do_fetch. Any further opinions? Regards, Marta
More All Messages By This Member
Re: [meta-oe][PATCH v2] nodejs: add option to use openssl legacy providers again Martin Jansa #96809 We have such bbclass already: https://github.com/webosose/meta-webosose/blob/master/meta-webos/classes/webos_npm_env.bbclass but I didn't want to enable legacy providers globally, so I was adding it only to recipes which needed it in over-optimistic hope that it will nudge component owners to update webpack (or whatever else needed legacy) before they get too comfortable with legacy being enabled by default. :) toggle quoted message Show quoted text On Wed, Apr 27, 2022 at 8:11 AM Valek, Andrej <andrej.valek@...> wrote: Maybe you can try to add it into global npm class with some enabling variable. Cheers, Andrej On Tue, 2022-04-26 at 14:59 +0200, Martin Jansa wrote: export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" export NODE_OPTIONS="--openssl-legacy-provider" is what I'm doing in recipes which need it now. > you should have a legacy libraries in library loading path already here it tries to load it from openssl-native WORKDIR which is already removed, maybe that works on target (there I was assuming you were initially testing this), but in native case I need to explicitly set OPENSSL_MODULES. On Tue, Apr 26, 2022 at 2:45 PM Valek, Andrej <andrej.valek@...> wrote: Hi, of course, that i working. But if you're going to use --openssl-legacy-provider, you should have a legacy libraries in library loading path already. Other option is manually set variables in npm-class like: export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" export NODE_OPTIONS="--openssl-legacy-provider" Regards, Andrej On Tue, 2022-04-26 at 14:37 +0200, Martin Jansa wrote: Hi, does this work correctly for you with nodejs-native? Here it fails to load legacy module: recipe-sysroot-native/usr/bin/node -p 'crypto.createHash("md4")' --openssl-legacy-provider Unable to load legacy provider. node:internal/crypto/hash:67 this[kHandle] = new _Hash(algorithm, xofLen); ^ Error: error:12800067:DSO support routines::could not load the shared library at new Hash (node:internal/crypto/hash:67:19) at Object.createHash (node:crypto:130:10) at [eval]:1:8 at Script.runInThisContext (node:vm:129:12) at Object.runInThisContext (node:vm:305:38) at node:internal/process/execution:76:19 at [eval]-wrapper:6:22 at evalScript (node:internal/process/execution:75:60) at node:internal/main/eval_string:27:3 { opensslErrorStack: [ 'error:03000086:digital envelope routines::initialization error', 'error:0308010C:digital envelope routines::unsupported', 'error:078C0105:common libcrypto routines::init fail', 'error:12800067:DSO support routines::could not load the shared library' ], library: 'DSO support routines', reason: 'could not load the shared library', code: 'ERR_OSSL_DSO_COULD_NOT_LOAD_THE_SHARED_LIBRARY' } with LD_DEBUG I've found that it is trying to load legacy.so from openssl-native WORKDIR (work/x86_64-linux/openssl-native/3.0.2-r0/recipe-sysroot-native/usr/lib/ossl-modules/legacy.so) which is already removed by rm_work and as work around I need to set OPENSSL_MODULES=$(pwd)/recipe-sysroot-native/usr/lib/ossl-modules/ and then it works: OPENSSL_MODULES=$(pwd)/recipe-sysroot-native/usr/lib/ossl-modules/ recipe-sysroot-native/usr/bin/node -p 'crypto.createHash("md4")' --openssl-legacy-provider Hash { _options: undefined, [Symbol(kHandle)]: Hash {}, [Symbol(kState)]: { [Symbol(kFinalized)]: false } } On Sat, Mar 5, 2022 at 2:17 PM Andrej Valek <andrej.valek@...> wrote: Current nodejs version v16 does not fully support new OpenSSL, so add option to use legacy provider. \| opensslErrorStack: [ 'error:03000086:digital envelope routines::initialization error' ], \| library: 'digital envelope routines', \| reason: 'unsupported', \| code: 'ERR_OSSL_EVP_UNSUPPORTED' It was blindly removed by upgrade to 16.14.0 version Signed-off-by: Andrej Valek <andrej.valek@...> --- ...5-add-openssl-legacy-provider-option.patch \| 151 ++++++++++++++++++ .../recipes-devtools/nodejs/nodejs_16.14.0.bb \| 1 + 2 files changed, 152 insertions(+) create mode 100644 meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch b/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch new file mode 100644 index 000000000..5af6c6114 --- /dev/null +++ b/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch @@ -0,0 +1,151 @@ +From 86d1c0cc6a5dcf57e413a1cc1c29203e87cf9a14 Mon Sep 17 00:00:00 2001 +From: Daniel Bevenius <daniel.bevenius@...> +Date: Sat, 16 Oct 2021 08:50:16 +0200 +Subject: [PATCH] src: add --openssl-legacy-provider option + +This commit adds an option to Node.js named --openssl-legacy-provider +and if specified will load OpenSSL 3.0 Legacy provider. + +$ ./node --help +... +--openssl-legacy-provider enable OpenSSL 3.0 legacy provider + +Example usage: + +$ ./node --openssl-legacy-provider -p 'crypto.createHash("md4")' +Hash { + _options: undefined, + [Symbol(kHandle)]: Hash {}, + [Symbol(kState)]: { [Symbol(kFinalized)]: false } +} + +Co-authored-by: Richard Lau <rlau@...> + +Refs: https://github.com/nodejs/node/issues/40455 +--- + doc/api/cli.md \| 10 ++++++++++ + src/crypto/crypto_util.cc \| 10 ++++++++++ + src/node_options.cc \| 10 ++++++++++ + src/node_options.h \| 7 +++++++ + .../test-process-env-allowed-flags-are-documented.js \| 5 +++++ + 5 files changed, 42 insertions(+) + +diff --git a/doc/api/cli.md b/doc/api/cli.md +index 74057706bf8d..608b9cdeddf1 100644 +--- a/doc/api/cli.md ++++ b/doc/api/cli.md +@@ -687,6 +687,14 @@ Load an OpenSSL configuration file on startup. Among other uses, this can be + used to enable FIPS-compliant crypto if Node.js is built + against FIPS-enabled OpenSSL. + ++### `--openssl-legacy-provider` ++<!-- YAML ++added: REPLACEME ++--> ++ ++Enable OpenSSL 3.0 legacy provider. For more information please see ++[providers readme][]. ++ + ### `--pending-deprecation` + + <!-- YAML +@@ -1544,6 +1552,7 @@ Node.js options that are allowed are: + * `--no-warnings` + * `--node-memory-debug` + * `--openssl-config` ++* `--openssl-legacy-provider` + * `--pending-deprecation` + * `--policy-integrity` + * `--preserve-symlinks-main` +@@ -1933,6 +1942,7 @@ $ node --max-old-space-size=1536 index.js + [emit_warning]: process.md#processemitwarningwarning-options + [jitless]: https://v8.dev/blog/jitless + [libuv threadpool documentation]: https://docs.libuv.org/en/latest/threadpool.html ++[providers readme]: https://github.com/openssl/openssl/blob/openssl-3.0.0/README-PROVIDERS.md + [remote code execution]: https://www.owasp.org/index.php/Code_Injection + [security warning]: #warning-binding-inspector-to-a-public-ipport-combination-is-insecure + [timezone IDs]: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones +diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc +index 7e0c8ba3eb60..796ea3025e41 100644 +--- a/src/crypto/crypto_util.cc ++++ b/src/crypto/crypto_util.cc +@@ -148,6 +148,16 @@ void InitCryptoOnce() { + } + #endif + ++#if OPENSSL_VERSION_MAJOR >= 3 ++ // --openssl-legacy-provider ++ if (per_process::cli_options->openssl_legacy_provider) { ++ OSSL_PROVIDER* legacy_provider = OSSL_PROVIDER_load(nullptr, "legacy"); ++ if (legacy_provider == nullptr) { ++ fprintf(stderr, "Unable to load legacy provider.\n"); ++ } ++ } ++#endif ++ + OPENSSL_init_ssl(0, settings); + OPENSSL_INIT_free(settings); + settings = nullptr; +diff --git a/src/node_options.cc b/src/node_options.cc +index 00bdc6688a4c..3363860919a9 100644 +--- a/src/node_options.cc ++++ b/src/node_options.cc +@@ -4,6 +4,9 @@ + #include "env-inl.h" + #include "node_binding.h" + #include "node_internals.h" ++#if HAVE_OPENSSL ++#include "openssl/opensslv.h" ++#endif + + #include <errno.h> + #include <sstream> +diff --git a/src/node_options.h b/src/node_options.h +index fd772478d04d..1c0e018ab16f 100644 +--- a/src/node_options.h ++++ b/src/node_options.h +@@ -11,6 +11,10 @@ + #include "node_mutex.h" + #include "util.h" + ++#if HAVE_OPENSSL ++#include "openssl/opensslv.h" ++#endif ++ + namespace node { + + class HostPort { +@@ -251,6 +255,9 @@ class PerProcessOptions : public Options { + bool enable_fips_crypto = false; + bool force_fips_crypto = false; + #endif ++#if OPENSSL_VERSION_MAJOR >= 3 ++ bool openssl_legacy_provider = false; ++#endif + + // Per-process because reports can be triggered outside a known V8 context. + bool report_on_fatalerror = false; +diff --git a/test/parallel/test-process-env-allowed-flags-are-documented.js b/test/parallel/test-process-env-allowed-flags-are-documented.js +index 64626b71f019..8a4e35997907 100644 +--- a/test/parallel/test-process-env-allowed-flags-are-documented.js ++++ b/test/parallel/test-process-env-allowed-flags-are-documented.js +@@ -43,6 +43,10 @@ for (const line of [...nodeOptionsLines, ...v8OptionsLines]) { + } + } + ++if (!common.hasOpenSSL3) { ++ documented.delete('--openssl-legacy-provider'); ++} ++ + // Filter out options that are conditionally present. + const conditionalOpts = [ + { +@@ -50,6 +54,7 @@ const conditionalOpts = [ + filter: (opt) => { + return [ + '--openssl-config', ++ common.hasOpenSSL3 ? '--openssl-legacy-provider' : '', + '--tls-cipher-list', + '--use-bundled-ca', + '--use-openssl-ca', + diff --git a/meta-oe/recipes-devtools/nodejs/nodejs_16.14.0.bb b/meta-oe/recipes-devtools/nodejs/nodejs_16.14.0.bb index 9514ec499..7b9644ec8 100644 --- a/meta-oe/recipes-devtools/nodejs/nodejs_16.14.0.bb +++ b/meta-oe/recipes-devtools/nodejs/nodejs_16.14.0.bb @@ -20,6 +20,7 @@ SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \ file://0001-Disable-running-gyp-files-for-bundled-deps.patch \ file://0002-Install-both-binaries-and-use-libdir.patch \ file://0004-v8-don-t-override-ARM-CFLAGS.patch \ + file://0005-add-openssl-legacy-provider-option.patch \ file://big-endian.patch \ file://mips-less-memory.patch \ file://system-c-ares.patch \
More All Messages By This Member
Re: [meta-oe][PATCH v2] nodejs: add option to use openssl legacy providers again Andrej Valek #96808 Maybe you can try to add it into global npm class with some enabling variable. Cheers, Andrej On Tue, 2022-04-26 at 14:59 +0200, Martin Jansa wrote: toggle quoted message Show quoted text export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" export NODE_OPTIONS="--openssl-legacy-provider" is what I'm doing in recipes which need it now. > you should have a legacy libraries in library loading path already here it tries to load it from openssl-native WORKDIR which is already removed, maybe that works on target (there I was assuming you were initially testing this), but in native case I need to explicitly set OPENSSL_MODULES. On Tue, Apr 26, 2022 at 2:45 PM Valek, Andrej <andrej.valek@...> wrote: Hi, of course, that i working. But if you're going to use --openssl-legacy-provider, you should have a legacy libraries in library loading path already. Other option is manually set variables in npm-class like: export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" export NODE_OPTIONS="--openssl-legacy-provider" Regards, Andrej On Tue, 2022-04-26 at 14:37 +0200, Martin Jansa wrote: Hi, does this work correctly for you with nodejs-native? Here it fails to load legacy module: recipe-sysroot-native/usr/bin/node -p 'crypto.createHash("md4")' --openssl-legacy-provider Unable to load legacy provider. node:internal/crypto/hash:67 this[kHandle] = new _Hash(algorithm, xofLen); ^ Error: error:12800067:DSO support routines::could not load the shared library at new Hash (node:internal/crypto/hash:67:19) at Object.createHash (node:crypto:130:10) at [eval]:1:8 at Script.runInThisContext (node:vm:129:12) at Object.runInThisContext (node:vm:305:38) at node:internal/process/execution:76:19 at [eval]-wrapper:6:22 at evalScript (node:internal/process/execution:75:60) at node:internal/main/eval_string:27:3 { opensslErrorStack: [ 'error:03000086:digital envelope routines::initialization error', 'error:0308010C:digital envelope routines::unsupported', 'error:078C0105:common libcrypto routines::init fail', 'error:12800067:DSO support routines::could not load the shared library' ], library: 'DSO support routines', reason: 'could not load the shared library', code: 'ERR_OSSL_DSO_COULD_NOT_LOAD_THE_SHARED_LIBRARY' } with LD_DEBUG I've found that it is trying to load legacy.so from openssl-native WORKDIR (work/x86_64-linux/openssl-native/3.0.2-r0/recipe-sysroot-native/usr/lib/ossl-modules/legacy.so) which is already removed by rm_work and as work around I need to set OPENSSL_MODULES=$(pwd)/recipe-sysroot-native/usr/lib/ossl-modules/ and then it works: OPENSSL_MODULES=$(pwd)/recipe-sysroot-native/usr/lib/ossl-modules/ recipe-sysroot-native/usr/bin/node -p 'crypto.createHash("md4")' --openssl-legacy-provider Hash { _options: undefined, [Symbol(kHandle)]: Hash {}, [Symbol(kState)]: { [Symbol(kFinalized)]: false } } On Sat, Mar 5, 2022 at 2:17 PM Andrej Valek <andrej.valek@...> wrote: Current nodejs version v16 does not fully support new OpenSSL, so add option to use legacy provider. \| opensslErrorStack: [ 'error:03000086:digital envelope routines::initialization error' ], \| library: 'digital envelope routines', \| reason: 'unsupported', \| code: 'ERR_OSSL_EVP_UNSUPPORTED' It was blindly removed by upgrade to 16.14.0 version Signed-off-by: Andrej Valek <andrej.valek@...> --- ...5-add-openssl-legacy-provider-option.patch \| 151 ++++++++++++++++++ .../recipes-devtools/nodejs/nodejs_16.14.0.bb \| 1 + 2 files changed, 152 insertions(+) create mode 100644 meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch b/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch new file mode 100644 index 000000000..5af6c6114 --- /dev/null +++ b/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch @@ -0,0 +1,151 @@ +From 86d1c0cc6a5dcf57e413a1cc1c29203e87cf9a14 Mon Sep 17 00:00:00 2001 +From: Daniel Bevenius <daniel.bevenius@...> +Date: Sat, 16 Oct 2021 08:50:16 +0200 +Subject: [PATCH] src: add --openssl-legacy-provider option + +This commit adds an option to Node.js named --openssl-legacy-provider +and if specified will load OpenSSL 3.0 Legacy provider. + +$ ./node --help +... +--openssl-legacy-provider enable OpenSSL 3.0 legacy provider + +Example usage: + +$ ./node --openssl-legacy-provider -p 'crypto.createHash("md4")' +Hash { + _options: undefined, + [Symbol(kHandle)]: Hash {}, + [Symbol(kState)]: { [Symbol(kFinalized)]: false } +} + +Co-authored-by: Richard Lau <rlau@...> + +Refs: https://github.com/nodejs/node/issues/40455 +--- + doc/api/cli.md \| 10 ++++++++++ + src/crypto/crypto_util.cc \| 10 ++++++++++ + src/node_options.cc \| 10 ++++++++++ + src/node_options.h \| 7 +++++++ + .../test-process-env-allowed-flags-are-documented.js \| 5 +++++ + 5 files changed, 42 insertions(+) + +diff --git a/doc/api/cli.md b/doc/api/cli.md +index 74057706bf8d..608b9cdeddf1 100644 +--- a/doc/api/cli.md ++++ b/doc/api/cli.md +@@ -687,6 +687,14 @@ Load an OpenSSL configuration file on startup. Among other uses, this can be + used to enable FIPS-compliant crypto if Node.js is built + against FIPS-enabled OpenSSL. + ++### `--openssl-legacy-provider` ++<!-- YAML ++added: REPLACEME ++--> ++ ++Enable OpenSSL 3.0 legacy provider. For more information please see ++[providers readme][]. ++ + ### `--pending-deprecation` + + <!-- YAML +@@ -1544,6 +1552,7 @@ Node.js options that are allowed are: + * `--no-warnings` + * `--node-memory-debug` + * `--openssl-config` ++* `--openssl-legacy-provider` + * `--pending-deprecation` + * `--policy-integrity` + * `--preserve-symlinks-main` +@@ -1933,6 +1942,7 @@ $ node --max-old-space-size=1536 index.js + [emit_warning]: process.md#processemitwarningwarning-options + [jitless]: https://v8.dev/blog/jitless + [libuv threadpool documentation]: https://docs.libuv.org/en/latest/threadpool.html ++[providers readme]: https://github.com/openssl/openssl/blob/openssl-3.0.0/README-PROVIDERS.md + [remote code execution]: https://www.owasp.org/index.php/Code_Injection + [security warning]: #warning-binding-inspector-to-a-public-ipport-combination-is-insecure + [timezone IDs]: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones +diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc +index 7e0c8ba3eb60..796ea3025e41 100644 +--- a/src/crypto/crypto_util.cc ++++ b/src/crypto/crypto_util.cc +@@ -148,6 +148,16 @@ void InitCryptoOnce() { + } + #endif + ++#if OPENSSL_VERSION_MAJOR >= 3 ++ // --openssl-legacy-provider ++ if (per_process::cli_options->openssl_legacy_provider) { ++ OSSL_PROVIDER* legacy_provider = OSSL_PROVIDER_load(nullptr, "legacy"); ++ if (legacy_provider == nullptr) { ++ fprintf(stderr, "Unable to load legacy provider.\n"); ++ } ++ } ++#endif ++ + OPENSSL_init_ssl(0, settings); + OPENSSL_INIT_free(settings); + settings = nullptr; +diff --git a/src/node_options.cc b/src/node_options.cc +index 00bdc6688a4c..3363860919a9 100644 +--- a/src/node_options.cc ++++ b/src/node_options.cc +@@ -4,6 +4,9 @@ + #include "env-inl.h" + #include "node_binding.h" + #include "node_internals.h" ++#if HAVE_OPENSSL ++#include "openssl/opensslv.h" ++#endif + + #include <errno.h> + #include <sstream> +diff --git a/src/node_options.h b/src/node_options.h +index fd772478d04d..1c0e018ab16f 100644 +--- a/src/node_options.h ++++ b/src/node_options.h +@@ -11,6 +11,10 @@ + #include "node_mutex.h" + #include "util.h" + ++#if HAVE_OPENSSL ++#include "openssl/opensslv.h" ++#endif ++ + namespace node { + + class HostPort { +@@ -251,6 +255,9 @@ class PerProcessOptions : public Options { + bool enable_fips_crypto = false; + bool force_fips_crypto = false; + #endif ++#if OPENSSL_VERSION_MAJOR >= 3 ++ bool openssl_legacy_provider = false; ++#endif + + // Per-process because reports can be triggered outside a known V8 context. + bool report_on_fatalerror = false; +diff --git a/test/parallel/test-process-env-allowed-flags-are-documented.js b/test/parallel/test-process-env-allowed-flags-are-documented.js +index 64626b71f019..8a4e35997907 100644 +--- a/test/parallel/test-process-env-allowed-flags-are-documented.js ++++ b/test/parallel/test-process-env-allowed-flags-are-documented.js +@@ -43,6 +43,10 @@ for (const line of [...nodeOptionsLines, ...v8OptionsLines]) { + } + } + ++if (!common.hasOpenSSL3) { ++ documented.delete('--openssl-legacy-provider'); ++} ++ + // Filter out options that are conditionally present. + const conditionalOpts = [ + { +@@ -50,6 +54,7 @@ const conditionalOpts = [ + filter: (opt) => { + return [ + '--openssl-config', ++ common.hasOpenSSL3 ? '--openssl-legacy-provider' : '', + '--tls-cipher-list', + '--use-bundled-ca', + '--use-openssl-ca', + diff --git a/meta-oe/recipes-devtools/nodejs/nodejs_16.14.0.bb b/meta-oe/recipes-devtools/nodejs/nodejs_16.14.0.bb index 9514ec499..7b9644ec8 100644 --- a/meta-oe/recipes-devtools/nodejs/nodejs_16.14.0.bb +++ b/meta-oe/recipes-devtools/nodejs/nodejs_16.14.0.bb @@ -20,6 +20,7 @@ SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \ file://0001-Disable-running-gyp-files-for-bundled-deps.patch \ file://0002-Install-both-binaries-and-use-libdir.patch \ file://0004-v8-don-t-override-ARM-CFLAGS.patch \ + file://0005-add-openssl-legacy-provider-option.patch \ file://big-endian.patch \ file://mips-less-memory.patch \ file://system-c-ares.patch \
More All Messages By This Member
[meta-oe][PATCH] lockdev: Drop cumulative debian patch Khem Raj #96807 This patch is essentially defines MAXPATHLEN which no longer is problem with latest glibc or musl define MAJOR/MINOR for non-glibc case Signed-off-by: Khem Raj <raj.khem@...> Cc: Marta Rybczynska <marta.rybczynska@...> --- ...efine-MAJOR-MINOR-for-non-glibc-case.patch \| 28 +++++++++++++++++++ .../recipes-support/lockdev/lockdev_1.0.3.bb \| 12 ++++---- 2 files changed, 33 insertions(+), 7 deletions(-) create mode 100644 meta-oe/recipes-support/lockdev/lockdev/0001-lockdev-Define-MAJOR-MINOR-for-non-glibc-case.patch diff --git a/meta-oe/recipes-support/lockdev/lockdev/0001-lockdev-Define-MAJOR-MINOR-for-non-glibc-case.patch b/meta-oe/recipes-support/lockdev/lockdev/0001-lockdev-Define-MAJOR-MINOR-for-non-glibc-case.patch new file mode 100644 index 0000000000..abcf1bc20f --- /dev/null +++ b/meta-oe/recipes-support/lockdev/lockdev/0001-lockdev-Define-MAJOR-MINOR-for-non-glibc-case.patch @@ -0,0 +1,28 @@ +From 11c78232aa589d5ed43eea3683e6e3de0362ffdc Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@...> +Date: Tue, 26 Apr 2022 10:00:32 -0700 +Subject: [PATCH] lockdev: Define MAJOR/MINOR for non-glibc case + +gnu_dev_major and gnu_dev_minor are glibc extensions but we do have +major/minor macros on musl too, so use them to define MINOR/MAJOR here + +Upstream-Status: Inappropriate [No active upstream] + +Signed-off-by: Khem Raj <raj.khem@...> +--- + src/lockdev.c \| 3 +++ + 1 file changed, 3 insertions(+) + +--- a/src/lockdev.c ++++ b/src/lockdev.c +@@ -125,8 +125,8 @@ + #include <sys/file.h> + #if defined (__GNU_LIBRARY__) + # include <sys/sysmacros.h> +-# define MAJOR(dev) gnu_dev_major (dev) +-# define MINOR(dev) gnu_dev_minor (dev) ++# define MAJOR(dev) major (dev) ++# define MINOR(dev) minor (dev) + #else + # error "put here a define for MAJOR and MINOR" + #endif diff --git a/meta-oe/recipes-support/lockdev/lockdev_1.0.3.bb b/meta-oe/recipes-support/lockdev/lockdev_1.0.3.bb index d84041ce63..a52ca25da4 100644 --- a/meta-oe/recipes-support/lockdev/lockdev_1.0.3.bb +++ b/meta-oe/recipes-support/lockdev/lockdev_1.0.3.bb @@ -5,22 +5,20 @@ LIC_FILES_CHKSUM="file://LICENSE;md5=d8045f3b8f929c1cb29a1e3fd737b499" PE = "1" SRC_URI = "http://snapshot.debian.org/archive/debian/20141023T043132Z/pool/main/l/lockdev/lockdev_${PV}.orig.tar.gz \ - http://snapshot.debian.org/archive/debian/20141023T043132Z/pool/main/l/lockdev/lockdev_${PV}-1.6.diff.gz;name=debianpatch \ file://cross_compile.patch \ file://build.patch \ + file://0001-lockdev-Define-MAJOR-MINOR-for-non-glibc-case.patch \ " -SRC_URI[md5sum] = "64b9c1b87b125fc348e892e24625524a" SRC_URI[sha256sum] = "ccae635d7ac3fdd50897eceb250872b3d9a191d298f213e7f0c836910d869f82" -SRC_URI[debianpatch.md5sum] = "5ef6267c42fca9145e0af006ccb6aff7" -SRC_URI[debianpatch.sha256sum] = "a5405c6ee5e97e45eeb1c81330a7e9f444a58bda5e6771fa30007516c115007e" inherit lib_package perlnative -CFLAGS += " -D__GNU_LIBRARY__" - TARGET_CC_ARCH += "${LDFLAGS}" -EXTRA_OEMAKE = "basedir=${D}${prefix} baselib=${baselib} LD='${CC}' LD='${CC}'" +CFLAGS:append:libc-musl = " -D__GNU_LIBRARY__" + +EXTRA_OEMAKE = "basedir=${D}${prefix} baselib=${baselib} LD='${CC}'" + do_compile() { oe_runmake shared static } -- 2.36.0
More All Messages By This Member
Re: CVE-check failing on world with meta-openembedded: diff.gz file Khem Raj #96806 Hi Marta On 4/26/22 5:20 AM, Marta Rybczynska wrote: On Fri, Apr 22, 2022 at 11:07 AM Marta Rybczynska <rybczynska@... <mailto:rybczynska@...>> wrote: Dear all, We're running cve-check on a world build containing oe-core, meta-oe and more. We have an issue with the lockdev recipe (meta-openembedded/meta-oe/recipes-support/lockdev/lockdev_1.0.3.bb <http://lockdev_1.0.3.bb>), which causes a fail like below: $ bitbake world --runonly=do_cve_check ERROR: lockdev-1_1.0.3-r0 do_cve_check: File Not found: <path>lockdev/1_1.0.3-r0/lockdev_1.0.3-1.6.diff ERROR: lockdev-1_1.0.3-r0 do_cve_check: Failure in searching patches ERROR: Logfile of failure stored in: <path>/lockdev/1_1.0.3-r0/temp/log.do_cve_check.8709 ERROR: Task (<path>/meta-openembedded/meta-oe/recipes-support/lockdev/lockdev_1.0.3.bb:do_cve_check) failed with exit code '1' The issue is caused by the fact that lockdev_1.0.3-1.6.diff is missing. When we look into the recipe, it is downloading lockdev_1.0.3-1.6.diff.gz file Please note the additional extension. Stripping the extension comes from oe-core/meta/oe/patch.py, from the patch_path function, which is figuring out if a file is a patch, and returning the local path if it is so. However, at the moment when we do_cve_check, the .gz file is not uncompressed. I'm wondering how to solve it. 1. Add a dependency to make sure eventual patch files are decompressed first? I think this option looks best or perhaps we should drop applying debian diff entirely since debian seems to have dropped this package I think regardless of what we do with this package it seems to be a limitation of cve-check process which perhaps should either be fixed or documented. 2. Do not consider this as a patch file in the scope of cve-check ? (this is more a part of the source then an actual patch that might be fixing a CVE) This is the only case like that we have in the build. Please note that removing ".diff" from the extension list in patch_path() is solving the issue. Any comments or suggestions? Khem, Any feedback about this? From the history it looks like it was you who changed the recipe to use the .diff.gz file. Thanks in advance, Marta
More All Messages By This Member
Re: [meta-oe][PATCH 1/2] atkmm: Allow build with wayland Andreas Müller #96805 On Tue, Apr 26, 2022 at 5:12 PM Khem Raj <raj.khem@...> wrote: Thanks. Just a minor nit: Could you change commit message to 'atkmm: Allow build with wayland only' because it builds fine with wayland & x11 Andreas Signed-off-by: Khem Raj <raj.khem@...> Cc: Andreas Müller <schnitzeltony@...> --- meta-oe/recipes-gnome/atk/atkmm-2.36_2.36.1.bb \| 2 +- meta-oe/recipes-gnome/atk/atkmm_2.28.2.bb \| 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/meta-oe/recipes-gnome/atk/atkmm-2.36_2.36.1.bb b/meta-oe/recipes-gnome/atk/atkmm-2.36_2.36.1.bb index 9a5b1a1b83..0342b8a9f8 100644 --- a/meta-oe/recipes-gnome/atk/atkmm-2.36_2.36.1.bb +++ b/meta-oe/recipes-gnome/atk/atkmm-2.36_2.36.1.bb @@ -12,7 +12,7 @@ GNOMEBN = "atkmm" inherit gnomebase features_check -REQUIRED_DISTRO_FEATURES = "x11" +ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}" SRC_URI[archive.sha256sum] = "e11324bfed1b6e330a02db25cecc145dca03fb0dff47f0710c85e317687da458" diff --git a/meta-oe/recipes-gnome/atk/atkmm_2.28.2.bb b/meta-oe/recipes-gnome/atk/atkmm_2.28.2.bb index 1f9c28e530..f6cb0a1e15 100644 --- a/meta-oe/recipes-gnome/atk/atkmm_2.28.2.bb +++ b/meta-oe/recipes-gnome/atk/atkmm_2.28.2.bb @@ -11,7 +11,7 @@ GNOMEBASEBUILDCLASS = "meson" inherit gnomebase features_check -REQUIRED_DISTRO_FEATURES = "x11" +ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}" SRC_URI[archive.sha256sum] = "a0bb49765ceccc293ab2c6735ba100431807d384ffa14c2ebd30e07993fd2fa4" -- 2.36.0
More All Messages By This Member
[meta-oe][PATCH 2/2] pangomm: Allow building with wayland Khem Raj #96804 Signed-off-by: Khem Raj <raj.khem@...> Cc: Andreas Müller <schnitzeltony@...> --- meta-oe/recipes-graphics/pango/pangomm_2.46.2.bb \| 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/meta-oe/recipes-graphics/pango/pangomm_2.46.2.bb b/meta-oe/recipes-graphics/pango/pangomm_2.46.2.bb index 9959bdf0f0..42074c14a1 100644 --- a/meta-oe/recipes-graphics/pango/pangomm_2.46.2.bb +++ b/meta-oe/recipes-graphics/pango/pangomm_2.46.2.bb @@ -10,8 +10,9 @@ GNOMEBASEBUILDCLASS = "meson" inherit gnomebase features_check +ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}" + SRC_URI[archive.sha256sum] = "57442ab4dc043877bfe3839915731ab2d693fc6634a71614422fb530c9eaa6f4" -REQUIRED_DISTRO_FEATURES = "x11" FILES:${PN} = "${libdir}/lib.so." FILES:${PN}-dev += "${libdir}//include/ ${libdir}/pangomm-/" -- 2.36.0
More All Messages By This Member
[meta-oe][PATCH 1/2] atkmm: Allow build with wayland Khem Raj #96803 Signed-off-by: Khem Raj <raj.khem@...> Cc: Andreas Müller <schnitzeltony@...> --- meta-oe/recipes-gnome/atk/atkmm-2.36_2.36.1.bb \| 2 +- meta-oe/recipes-gnome/atk/atkmm_2.28.2.bb \| 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/meta-oe/recipes-gnome/atk/atkmm-2.36_2.36.1.bb b/meta-oe/recipes-gnome/atk/atkmm-2.36_2.36.1.bb index 9a5b1a1b83..0342b8a9f8 100644 --- a/meta-oe/recipes-gnome/atk/atkmm-2.36_2.36.1.bb +++ b/meta-oe/recipes-gnome/atk/atkmm-2.36_2.36.1.bb @@ -12,7 +12,7 @@ GNOMEBN = "atkmm" inherit gnomebase features_check -REQUIRED_DISTRO_FEATURES = "x11" +ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}" SRC_URI[archive.sha256sum] = "e11324bfed1b6e330a02db25cecc145dca03fb0dff47f0710c85e317687da458" diff --git a/meta-oe/recipes-gnome/atk/atkmm_2.28.2.bb b/meta-oe/recipes-gnome/atk/atkmm_2.28.2.bb index 1f9c28e530..f6cb0a1e15 100644 --- a/meta-oe/recipes-gnome/atk/atkmm_2.28.2.bb +++ b/meta-oe/recipes-gnome/atk/atkmm_2.28.2.bb @@ -11,7 +11,7 @@ GNOMEBASEBUILDCLASS = "meson" inherit gnomebase features_check -REQUIRED_DISTRO_FEATURES = "x11" +ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}" SRC_URI[archive.sha256sum] = "a0bb49765ceccc293ab2c6735ba100431807d384ffa14c2ebd30e07993fd2fa4" -- 2.36.0
More All Messages By This Member
Re: [meta-networking][PATCH] frr: add PACKAGECONFIG for fpm Yi Zhao #96802 On 4/26/22 14:18, Khem Raj wrote: I am seeing https://autobuilder.yoctoproject.org/typhoon/#/builders/88/builds/1681 This could be an intermittent failure due to build time race or related to this change perhaps, I have seen this before too. Can you look into it ? OK. I will look into it. Thanks. //Yi On Sun, Apr 24, 2022 at 11:30 PM Yi Zhao <yi.zhao@...> wrote: The Forwarding Plane Manager support is optional, make it as PACKAGECONFIG. Signed-off-by: Yi Zhao <yi.zhao@...> --- meta-networking/recipes-protocols/frr/frr/frr.pam \| 2 +- meta-networking/recipes-protocols/frr/frr_8.2.2.bb \| 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/meta-networking/recipes-protocols/frr/frr/frr.pam b/meta-networking/recipes-protocols/frr/frr/frr.pam index 3541a975a..83c403c2b 100644 --- a/meta-networking/recipes-protocols/frr/frr/frr.pam +++ b/meta-networking/recipes-protocols/frr/frr/frr.pam @@ -1,5 +1,5 @@ # -# The PAM configuration file for the quagga `vtysh' service +# The PAM configuration file for the frr `vtysh' service # # This allows root to change user infomation without being diff --git a/meta-networking/recipes-protocols/frr/frr_8.2.2.bb b/meta-networking/recipes-protocols/frr/frr_8.2.2.bb index 91e306f08..b6e180e2c 100644 --- a/meta-networking/recipes-protocols/frr/frr_8.2.2.bb +++ b/meta-networking/recipes-protocols/frr/frr_8.2.2.bb @@ -36,6 +36,7 @@ RDEPENDS:${PN}:class-target = "iproute2 python3-core bash" PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" PACKAGECONFIG:class-native = "" +PACKAGECONFIG[fpm] = "--enable-fpm,--disable-fpm" PACKAGECONFIG[pam] = "--with-libpam,--without-libpam,libpam" PACKAGECONFIG[grpc] = "--enable-grpc,--disable-grpc,grpc-native grpc" PACKAGECONFIG[snmp] = "--enable-snmp,--disable-snmp,net-snmp" @@ -52,7 +53,6 @@ EXTRA_OECONF:class-target = "--sbindir=${libdir}/frr \ --sysconfdir=${sysconfdir}/frr \ --localstatedir=${localstatedir}/run/frr \ --enable-vtysh \ - --enable-fpm \ --enable-multipath=64 \ --enable-user=frr \ --enable-group=frr \ -- 2.25.1
More All Messages By This Member
Re: [meta-oe][PATCH v2] nodejs: add option to use openssl legacy providers again Martin Jansa #96801 export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" export NODE_OPTIONS="--openssl-legacy-provider" is what I'm doing in recipes which need it now. > you should have a legacy libraries in library loading path already here it tries to load it from openssl-native WORKDIR which is already removed, maybe that works on target (there I was assuming you were initially testing this), but in native case I need to explicitly set OPENSSL_MODULES. toggle quoted message Show quoted text On Tue, Apr 26, 2022 at 2:45 PM Valek, Andrej <andrej.valek@...> wrote: Hi, of course, that i working. But if you're going to use --openssl-legacy-provider, you should have a legacy libraries in library loading path already. Other option is manually set variables in npm-class like: export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" export NODE_OPTIONS="--openssl-legacy-provider" Regards, Andrej On Tue, 2022-04-26 at 14:37 +0200, Martin Jansa wrote: Hi, does this work correctly for you with nodejs-native? Here it fails to load legacy module: recipe-sysroot-native/usr/bin/node -p 'crypto.createHash("md4")' --openssl-legacy-provider Unable to load legacy provider. node:internal/crypto/hash:67 this[kHandle] = new _Hash(algorithm, xofLen); ^ Error: error:12800067:DSO support routines::could not load the shared library at new Hash (node:internal/crypto/hash:67:19) at Object.createHash (node:crypto:130:10) at [eval]:1:8 at Script.runInThisContext (node:vm:129:12) at Object.runInThisContext (node:vm:305:38) at node:internal/process/execution:76:19 at [eval]-wrapper:6:22 at evalScript (node:internal/process/execution:75:60) at node:internal/main/eval_string:27:3 { opensslErrorStack: [ 'error:03000086:digital envelope routines::initialization error', 'error:0308010C:digital envelope routines::unsupported', 'error:078C0105:common libcrypto routines::init fail', 'error:12800067:DSO support routines::could not load the shared library' ], library: 'DSO support routines', reason: 'could not load the shared library', code: 'ERR_OSSL_DSO_COULD_NOT_LOAD_THE_SHARED_LIBRARY' } with LD_DEBUG I've found that it is trying to load legacy.so from openssl-native WORKDIR (work/x86_64-linux/openssl-native/3.0.2-r0/recipe-sysroot-native/usr/lib/ossl-modules/legacy.so) which is already removed by rm_work and as work around I need to set OPENSSL_MODULES=$(pwd)/recipe-sysroot-native/usr/lib/ossl-modules/ and then it works: OPENSSL_MODULES=$(pwd)/recipe-sysroot-native/usr/lib/ossl-modules/ recipe-sysroot-native/usr/bin/node -p 'crypto.createHash("md4")' --openssl-legacy-provider Hash { _options: undefined, [Symbol(kHandle)]: Hash {}, [Symbol(kState)]: { [Symbol(kFinalized)]: false } } On Sat, Mar 5, 2022 at 2:17 PM Andrej Valek <andrej.valek@...> wrote: Current nodejs version v16 does not fully support new OpenSSL, so add option to use legacy provider. \| opensslErrorStack: [ 'error:03000086:digital envelope routines::initialization error' ], \| library: 'digital envelope routines', \| reason: 'unsupported', \| code: 'ERR_OSSL_EVP_UNSUPPORTED' It was blindly removed by upgrade to 16.14.0 version Signed-off-by: Andrej Valek <andrej.valek@...> --- ...5-add-openssl-legacy-provider-option.patch \| 151 ++++++++++++++++++ .../recipes-devtools/nodejs/nodejs_16.14.0.bb \| 1 + 2 files changed, 152 insertions(+) create mode 100644 meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch b/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch new file mode 100644 index 000000000..5af6c6114 --- /dev/null +++ b/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch @@ -0,0 +1,151 @@ +From 86d1c0cc6a5dcf57e413a1cc1c29203e87cf9a14 Mon Sep 17 00:00:00 2001 +From: Daniel Bevenius <daniel.bevenius@...> +Date: Sat, 16 Oct 2021 08:50:16 +0200 +Subject: [PATCH] src: add --openssl-legacy-provider option + +This commit adds an option to Node.js named --openssl-legacy-provider +and if specified will load OpenSSL 3.0 Legacy provider. + +$ ./node --help +... +--openssl-legacy-provider enable OpenSSL 3.0 legacy provider + +Example usage: + +$ ./node --openssl-legacy-provider -p 'crypto.createHash("md4")' +Hash { + _options: undefined, + [Symbol(kHandle)]: Hash {}, + [Symbol(kState)]: { [Symbol(kFinalized)]: false } +} + +Co-authored-by: Richard Lau <rlau@...> + +Refs: https://github.com/nodejs/node/issues/40455 +--- + doc/api/cli.md \| 10 ++++++++++ + src/crypto/crypto_util.cc \| 10 ++++++++++ + src/node_options.cc \| 10 ++++++++++ + src/node_options.h \| 7 +++++++ + .../test-process-env-allowed-flags-are-documented.js \| 5 +++++ + 5 files changed, 42 insertions(+) + +diff --git a/doc/api/cli.md b/doc/api/cli.md +index 74057706bf8d..608b9cdeddf1 100644 +--- a/doc/api/cli.md ++++ b/doc/api/cli.md +@@ -687,6 +687,14 @@ Load an OpenSSL configuration file on startup. Among other uses, this can be + used to enable FIPS-compliant crypto if Node.js is built + against FIPS-enabled OpenSSL. + ++### `--openssl-legacy-provider` ++<!-- YAML ++added: REPLACEME ++--> ++ ++Enable OpenSSL 3.0 legacy provider. For more information please see ++[providers readme][]. ++ + ### `--pending-deprecation` + + <!-- YAML +@@ -1544,6 +1552,7 @@ Node.js options that are allowed are: + * `--no-warnings` + * `--node-memory-debug` + * `--openssl-config` ++* `--openssl-legacy-provider` + * `--pending-deprecation` + * `--policy-integrity` + * `--preserve-symlinks-main` +@@ -1933,6 +1942,7 @@ $ node --max-old-space-size=1536 index.js + [emit_warning]: process.md#processemitwarningwarning-options + [jitless]: https://v8.dev/blog/jitless + [libuv threadpool documentation]: https://docs.libuv.org/en/latest/threadpool.html ++[providers readme]: https://github.com/openssl/openssl/blob/openssl-3.0.0/README-PROVIDERS.md + [remote code execution]: https://www.owasp.org/index.php/Code_Injection + [security warning]: #warning-binding-inspector-to-a-public-ipport-combination-is-insecure + [timezone IDs]: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones +diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc +index 7e0c8ba3eb60..796ea3025e41 100644 +--- a/src/crypto/crypto_util.cc ++++ b/src/crypto/crypto_util.cc +@@ -148,6 +148,16 @@ void InitCryptoOnce() { + } + #endif + ++#if OPENSSL_VERSION_MAJOR >= 3 ++ // --openssl-legacy-provider ++ if (per_process::cli_options->openssl_legacy_provider) { ++ OSSL_PROVIDER* legacy_provider = OSSL_PROVIDER_load(nullptr, "legacy"); ++ if (legacy_provider == nullptr) { ++ fprintf(stderr, "Unable to load legacy provider.\n"); ++ } ++ } ++#endif ++ + OPENSSL_init_ssl(0, settings); + OPENSSL_INIT_free(settings); + settings = nullptr; +diff --git a/src/node_options.cc b/src/node_options.cc +index 00bdc6688a4c..3363860919a9 100644 +--- a/src/node_options.cc ++++ b/src/node_options.cc +@@ -4,6 +4,9 @@ + #include "env-inl.h" + #include "node_binding.h" + #include "node_internals.h" ++#if HAVE_OPENSSL ++#include "openssl/opensslv.h" ++#endif + + #include <errno.h> + #include <sstream> +diff --git a/src/node_options.h b/src/node_options.h +index fd772478d04d..1c0e018ab16f 100644 +--- a/src/node_options.h ++++ b/src/node_options.h +@@ -11,6 +11,10 @@ + #include "node_mutex.h" + #include "util.h" + ++#if HAVE_OPENSSL ++#include "openssl/opensslv.h" ++#endif ++ + namespace node { + + class HostPort { +@@ -251,6 +255,9 @@ class PerProcessOptions : public Options { + bool enable_fips_crypto = false; + bool force_fips_crypto = false; + #endif ++#if OPENSSL_VERSION_MAJOR >= 3 ++ bool openssl_legacy_provider = false; ++#endif + + // Per-process because reports can be triggered outside a known V8 context. + bool report_on_fatalerror = false; +diff --git a/test/parallel/test-process-env-allowed-flags-are-documented.js b/test/parallel/test-process-env-allowed-flags-are-documented.js +index 64626b71f019..8a4e35997907 100644 +--- a/test/parallel/test-process-env-allowed-flags-are-documented.js ++++ b/test/parallel/test-process-env-allowed-flags-are-documented.js +@@ -43,6 +43,10 @@ for (const line of [...nodeOptionsLines, ...v8OptionsLines]) { + } + } + ++if (!common.hasOpenSSL3) { ++ documented.delete('--openssl-legacy-provider'); ++} ++ + // Filter out options that are conditionally present. + const conditionalOpts = [ + { +@@ -50,6 +54,7 @@ const conditionalOpts = [ + filter: (opt) => { + return [ + '--openssl-config', ++ common.hasOpenSSL3 ? '--openssl-legacy-provider' : '', + '--tls-cipher-list', + '--use-bundled-ca', + '--use-openssl-ca', + diff --git a/meta-oe/recipes-devtools/nodejs/nodejs_16.14.0.bb b/meta-oe/recipes-devtools/nodejs/nodejs_16.14.0.bb index 9514ec499..7b9644ec8 100644 --- a/meta-oe/recipes-devtools/nodejs/nodejs_16.14.0.bb +++ b/meta-oe/recipes-devtools/nodejs/nodejs_16.14.0.bb @@ -20,6 +20,7 @@ SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \ file://0001-Disable-running-gyp-files-for-bundled-deps.patch \ file://0002-Install-both-binaries-and-use-libdir.patch \ file://0004-v8-don-t-override-ARM-CFLAGS.patch \ + file://0005-add-openssl-legacy-provider-option.patch \ file://big-endian.patch \ file://mips-less-memory.patch \ file://system-c-ares.patch \
More All Messages By This Member
Re: [meta-oe][PATCH v2] nodejs: add option to use openssl legacy providers again Andrej Valek #96800 Hi, of course, that i working. But if you're going to use --openssl-legacy-provider, you should have a legacy libraries in library loading path already. Other option is manually set variables in npm-class like: export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" export NODE_OPTIONS="--openssl-legacy-provider" Regards, Andrej On Tue, 2022-04-26 at 14:37 +0200, Martin Jansa wrote: toggle quoted message Show quoted text Hi, does this work correctly for you with nodejs-native? Here it fails to load legacy module: recipe-sysroot-native/usr/bin/node -p 'crypto.createHash("md4")' --openssl-legacy-provider Unable to load legacy provider. node:internal/crypto/hash:67 this[kHandle] = new _Hash(algorithm, xofLen); ^ Error: error:12800067:DSO support routines::could not load the shared library at new Hash (node:internal/crypto/hash:67:19) at Object.createHash (node:crypto:130:10) at [eval]:1:8 at Script.runInThisContext (node:vm:129:12) at Object.runInThisContext (node:vm:305:38) at node:internal/process/execution:76:19 at [eval]-wrapper:6:22 at evalScript (node:internal/process/execution:75:60) at node:internal/main/eval_string:27:3 { opensslErrorStack: [ 'error:03000086:digital envelope routines::initialization error', 'error:0308010C:digital envelope routines::unsupported', 'error:078C0105:common libcrypto routines::init fail', 'error:12800067:DSO support routines::could not load the shared library' ], library: 'DSO support routines', reason: 'could not load the shared library', code: 'ERR_OSSL_DSO_COULD_NOT_LOAD_THE_SHARED_LIBRARY' } with LD_DEBUG I've found that it is trying to load legacy.so from openssl-native WORKDIR (work/x86_64-linux/openssl-native/3.0.2-r0/recipe-sysroot-native/usr/lib/ossl-modules/legacy.so) which is already removed by rm_work and as work around I need to set OPENSSL_MODULES=$(pwd)/recipe-sysroot-native/usr/lib/ossl-modules/ and then it works: OPENSSL_MODULES=$(pwd)/recipe-sysroot-native/usr/lib/ossl-modules/ recipe-sysroot-native/usr/bin/node -p 'crypto.createHash("md4")' --openssl-legacy-provider Hash { _options: undefined, [Symbol(kHandle)]: Hash {}, [Symbol(kState)]: { [Symbol(kFinalized)]: false } } On Sat, Mar 5, 2022 at 2:17 PM Andrej Valek <andrej.valek@...> wrote: Current nodejs version v16 does not fully support new OpenSSL, so add option to use legacy provider. \| opensslErrorStack: [ 'error:03000086:digital envelope routines::initialization error' ], \| library: 'digital envelope routines', \| reason: 'unsupported', \| code: 'ERR_OSSL_EVP_UNSUPPORTED' It was blindly removed by upgrade to 16.14.0 version Signed-off-by: Andrej Valek <andrej.valek@...> --- ...5-add-openssl-legacy-provider-option.patch \| 151 ++++++++++++++++++ .../recipes-devtools/nodejs/nodejs_16.14.0.bb \| 1 + 2 files changed, 152 insertions(+) create mode 100644 meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch b/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch new file mode 100644 index 000000000..5af6c6114 --- /dev/null +++ b/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch @@ -0,0 +1,151 @@ +From 86d1c0cc6a5dcf57e413a1cc1c29203e87cf9a14 Mon Sep 17 00:00:00 2001 +From: Daniel Bevenius <daniel.bevenius@...> +Date: Sat, 16 Oct 2021 08:50:16 +0200 +Subject: [PATCH] src: add --openssl-legacy-provider option + +This commit adds an option to Node.js named --openssl-legacy-provider +and if specified will load OpenSSL 3.0 Legacy provider. + +$ ./node --help +... +--openssl-legacy-provider enable OpenSSL 3.0 legacy provider + +Example usage: + +$ ./node --openssl-legacy-provider -p 'crypto.createHash("md4")' +Hash { + _options: undefined, + [Symbol(kHandle)]: Hash {}, + [Symbol(kState)]: { [Symbol(kFinalized)]: false } +} + +Co-authored-by: Richard Lau <rlau@...> + +Refs: https://github.com/nodejs/node/issues/40455 +--- + doc/api/cli.md \| 10 ++++++++++ + src/crypto/crypto_util.cc \| 10 ++++++++++ + src/node_options.cc \| 10 ++++++++++ + src/node_options.h \| 7 +++++++ + .../test-process-env-allowed-flags-are-documented.js \| 5 +++++ + 5 files changed, 42 insertions(+) + +diff --git a/doc/api/cli.md b/doc/api/cli.md +index 74057706bf8d..608b9cdeddf1 100644 +--- a/doc/api/cli.md ++++ b/doc/api/cli.md +@@ -687,6 +687,14 @@ Load an OpenSSL configuration file on startup. Among other uses, this can be + used to enable FIPS-compliant crypto if Node.js is built + against FIPS-enabled OpenSSL. + ++### `--openssl-legacy-provider` ++<!-- YAML ++added: REPLACEME ++--> ++ ++Enable OpenSSL 3.0 legacy provider. For more information please see ++[providers readme][]. ++ + ### `--pending-deprecation` + + <!-- YAML +@@ -1544,6 +1552,7 @@ Node.js options that are allowed are: + * `--no-warnings` + * `--node-memory-debug` + * `--openssl-config` ++* `--openssl-legacy-provider` + * `--pending-deprecation` + * `--policy-integrity` + * `--preserve-symlinks-main` +@@ -1933,6 +1942,7 @@ $ node --max-old-space-size=1536 index.js + [emit_warning]: process.md#processemitwarningwarning-options + [jitless]: https://v8.dev/blog/jitless + [libuv threadpool documentation]: https://docs.libuv.org/en/latest/threadpool.html ++[providers readme]: https://github.com/openssl/openssl/blob/openssl-3.0.0/README-PROVIDERS.md + [remote code execution]: https://www.owasp.org/index.php/Code_Injection + [security warning]: #warning-binding-inspector-to-a-public-ipport-combination-is-insecure + [timezone IDs]: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones +diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc +index 7e0c8ba3eb60..796ea3025e41 100644 +--- a/src/crypto/crypto_util.cc ++++ b/src/crypto/crypto_util.cc +@@ -148,6 +148,16 @@ void InitCryptoOnce() { + } + #endif + ++#if OPENSSL_VERSION_MAJOR >= 3 ++ // --openssl-legacy-provider ++ if (per_process::cli_options->openssl_legacy_provider) { ++ OSSL_PROVIDER* legacy_provider = OSSL_PROVIDER_load(nullptr, "legacy"); ++ if (legacy_provider == nullptr) { ++ fprintf(stderr, "Unable to load legacy provider.\n"); ++ } ++ } ++#endif ++ + OPENSSL_init_ssl(0, settings); + OPENSSL_INIT_free(settings); + settings = nullptr; +diff --git a/src/node_options.cc b/src/node_options.cc +index 00bdc6688a4c..3363860919a9 100644 +--- a/src/node_options.cc ++++ b/src/node_options.cc +@@ -4,6 +4,9 @@ + #include "env-inl.h" + #include "node_binding.h" + #include "node_internals.h" ++#if HAVE_OPENSSL ++#include "openssl/opensslv.h" ++#endif + + #include <errno.h> + #include <sstream> +diff --git a/src/node_options.h b/src/node_options.h +index fd772478d04d..1c0e018ab16f 100644 +--- a/src/node_options.h ++++ b/src/node_options.h +@@ -11,6 +11,10 @@ + #include "node_mutex.h" + #include "util.h" + ++#if HAVE_OPENSSL ++#include "openssl/opensslv.h" ++#endif ++ + namespace node { + + class HostPort { +@@ -251,6 +255,9 @@ class PerProcessOptions : public Options { + bool enable_fips_crypto = false; + bool force_fips_crypto = false; + #endif ++#if OPENSSL_VERSION_MAJOR >= 3 ++ bool openssl_legacy_provider = false; ++#endif + + // Per-process because reports can be triggered outside a known V8 context. + bool report_on_fatalerror = false; +diff --git a/test/parallel/test-process-env-allowed-flags-are-documented.js b/test/parallel/test-process-env-allowed-flags-are-documented.js +index 64626b71f019..8a4e35997907 100644 +--- a/test/parallel/test-process-env-allowed-flags-are-documented.js ++++ b/test/parallel/test-process-env-allowed-flags-are-documented.js +@@ -43,6 +43,10 @@ for (const line of [...nodeOptionsLines, ...v8OptionsLines]) { + } + } + ++if (!common.hasOpenSSL3) { ++ documented.delete('--openssl-legacy-provider'); ++} ++ + // Filter out options that are conditionally present. + const conditionalOpts = [ + { +@@ -50,6 +54,7 @@ const conditionalOpts = [ + filter: (opt) => { + return [ + '--openssl-config', ++ common.hasOpenSSL3 ? '--openssl-legacy-provider' : '', + '--tls-cipher-list', + '--use-bundled-ca', + '--use-openssl-ca', + diff --git a/meta-oe/recipes-devtools/nodejs/nodejs_16.14.0.bb b/meta-oe/recipes-devtools/nodejs/nodejs_16.14.0.bb index 9514ec499..7b9644ec8 100644 --- a/meta-oe/recipes-devtools/nodejs/nodejs_16.14.0.bb +++ b/meta-oe/recipes-devtools/nodejs/nodejs_16.14.0.bb @@ -20,6 +20,7 @@ SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \ file://0001-Disable-running-gyp-files-for-bundled-deps.patch \ file://0002-Install-both-binaries-and-use-libdir.patch \ file://0004-v8-don-t-override-ARM-CFLAGS.patch \ + file://0005-add-openssl-legacy-provider-option.patch \ file://big-endian.patch \ file://mips-less-memory.patch \ file://system-c-ares.patch \
More All Messages By This Member
Re: [meta-oe][PATCH v2] nodejs: add option to use openssl legacy providers again Martin Jansa #96799 Hi, does this work correctly for you with nodejs-native? Here it fails to load legacy module: recipe-sysroot-native/usr/bin/node -p 'crypto.createHash("md4")' --openssl-legacy-provider Unable to load legacy provider. node:internal/crypto/hash:67 this[kHandle] = new _Hash(algorithm, xofLen); ^ Error: error:12800067:DSO support routines::could not load the shared library at new Hash (node:internal/crypto/hash:67:19) at Object.createHash (node:crypto:130:10) at [eval]:1:8 at Script.runInThisContext (node:vm:129:12) at Object.runInThisContext (node:vm:305:38) at node:internal/process/execution:76:19 at [eval]-wrapper:6:22 at evalScript (node:internal/process/execution:75:60) at node:internal/main/eval_string:27:3 { opensslErrorStack: [ 'error:03000086:digital envelope routines::initialization error', 'error:0308010C:digital envelope routines::unsupported', 'error:078C0105:common libcrypto routines::init fail', 'error:12800067:DSO support routines::could not load the shared library' ], library: 'DSO support routines', reason: 'could not load the shared library', code: 'ERR_OSSL_DSO_COULD_NOT_LOAD_THE_SHARED_LIBRARY' } with LD_DEBUG I've found that it is trying to load legacy.so from openssl-native WORKDIR (work/x86_64-linux/openssl-native/3.0.2-r0/recipe-sysroot-native/usr/lib/ossl-modules/legacy.so) which is already removed by rm_work and as work around I need to set OPENSSL_MODULES=$(pwd)/recipe-sysroot-native/usr/lib/ossl-modules/ and then it works: OPENSSL_MODULES=$(pwd)/recipe-sysroot-native/usr/lib/ossl-modules/ recipe-sysroot-native/usr/bin/node -p 'crypto.createHash("md4")' --openssl-legacy-provider Hash { _options: undefined, [Symbol(kHandle)]: Hash {}, [Symbol(kState)]: { [Symbol(kFinalized)]: false } } toggle quoted message Show quoted text On Sat, Mar 5, 2022 at 2:17 PM Andrej Valek <andrej.valek@...> wrote: Current nodejs version v16 does not fully support new OpenSSL, so add option to use legacy provider. \| opensslErrorStack: [ 'error:03000086:digital envelope routines::initialization error' ], \| library: 'digital envelope routines', \| reason: 'unsupported', \| code: 'ERR_OSSL_EVP_UNSUPPORTED' It was blindly removed by upgrade to 16.14.0 version Signed-off-by: Andrej Valek <andrej.valek@...> --- ...5-add-openssl-legacy-provider-option.patch \| 151 ++++++++++++++++++ .../recipes-devtools/nodejs/nodejs_16.14.0.bb \| 1 + 2 files changed, 152 insertions(+) create mode 100644 meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch b/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch new file mode 100644 index 000000000..5af6c6114 --- /dev/null +++ b/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch @@ -0,0 +1,151 @@ +From 86d1c0cc6a5dcf57e413a1cc1c29203e87cf9a14 Mon Sep 17 00:00:00 2001 +From: Daniel Bevenius <daniel.bevenius@...> +Date: Sat, 16 Oct 2021 08:50:16 +0200 +Subject: [PATCH] src: add --openssl-legacy-provider option + +This commit adds an option to Node.js named --openssl-legacy-provider +and if specified will load OpenSSL 3.0 Legacy provider. + +$ ./node --help +... +--openssl-legacy-provider enable OpenSSL 3.0 legacy provider + +Example usage: + +$ ./node --openssl-legacy-provider -p 'crypto.createHash("md4")' +Hash { + _options: undefined, + [Symbol(kHandle)]: Hash {}, + [Symbol(kState)]: { [Symbol(kFinalized)]: false } +} + +Co-authored-by: Richard Lau <rlau@...> + +Refs: https://github.com/nodejs/node/issues/40455 +--- + doc/api/cli.md \| 10 ++++++++++ + src/crypto/crypto_util.cc \| 10 ++++++++++ + src/node_options.cc \| 10 ++++++++++ + src/node_options.h \| 7 +++++++ + .../test-process-env-allowed-flags-are-documented.js \| 5 +++++ + 5 files changed, 42 insertions(+) + +diff --git a/doc/api/cli.md b/doc/api/cli.md +index 74057706bf8d..608b9cdeddf1 100644 +--- a/doc/api/cli.md ++++ b/doc/api/cli.md +@@ -687,6 +687,14 @@ Load an OpenSSL configuration file on startup. Among other uses, this can be + used to enable FIPS-compliant crypto if Node.js is built + against FIPS-enabled OpenSSL. + ++### `--openssl-legacy-provider` ++<!-- YAML ++added: REPLACEME ++--> ++ ++Enable OpenSSL 3.0 legacy provider. For more information please see ++[providers readme][]. ++ + ### `--pending-deprecation` + + <!-- YAML +@@ -1544,6 +1552,7 @@ Node.js options that are allowed are: + * `--no-warnings` + * `--node-memory-debug` + * `--openssl-config` ++* `--openssl-legacy-provider` + * `--pending-deprecation` + * `--policy-integrity` + * `--preserve-symlinks-main` +@@ -1933,6 +1942,7 @@ $ node --max-old-space-size=1536 index.js + [emit_warning]: process.md#processemitwarningwarning-options + [jitless]: https://v8.dev/blog/jitless + [libuv threadpool documentation]: https://docs.libuv.org/en/latest/threadpool.html ++[providers readme]: https://github.com/openssl/openssl/blob/openssl-3.0.0/README-PROVIDERS.md + [remote code execution]: https://www.owasp.org/index.php/Code_Injection + [security warning]: #warning-binding-inspector-to-a-public-ipport-combination-is-insecure + [timezone IDs]: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones +diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc +index 7e0c8ba3eb60..796ea3025e41 100644 +--- a/src/crypto/crypto_util.cc ++++ b/src/crypto/crypto_util.cc +@@ -148,6 +148,16 @@ void InitCryptoOnce() { + } + #endif + ++#if OPENSSL_VERSION_MAJOR >= 3 ++ // --openssl-legacy-provider ++ if (per_process::cli_options->openssl_legacy_provider) { ++ OSSL_PROVIDER* legacy_provider = OSSL_PROVIDER_load(nullptr, "legacy"); ++ if (legacy_provider == nullptr) { ++ fprintf(stderr, "Unable to load legacy provider.\n"); ++ } ++ } ++#endif ++ + OPENSSL_init_ssl(0, settings); + OPENSSL_INIT_free(settings); + settings = nullptr; +diff --git a/src/node_options.cc b/src/node_options.cc +index 00bdc6688a4c..3363860919a9 100644 +--- a/src/node_options.cc ++++ b/src/node_options.cc +@@ -4,6 +4,9 @@ + #include "env-inl.h" + #include "node_binding.h" + #include "node_internals.h" ++#if HAVE_OPENSSL ++#include "openssl/opensslv.h" ++#endif + + #include <errno.h> + #include <sstream> +diff --git a/src/node_options.h b/src/node_options.h +index fd772478d04d..1c0e018ab16f 100644 +--- a/src/node_options.h ++++ b/src/node_options.h +@@ -11,6 +11,10 @@ + #include "node_mutex.h" + #include "util.h" + ++#if HAVE_OPENSSL ++#include "openssl/opensslv.h" ++#endif ++ + namespace node { + + class HostPort { +@@ -251,6 +255,9 @@ class PerProcessOptions : public Options { + bool enable_fips_crypto = false; + bool force_fips_crypto = false; + #endif ++#if OPENSSL_VERSION_MAJOR >= 3 ++ bool openssl_legacy_provider = false; ++#endif + + // Per-process because reports can be triggered outside a known V8 context. + bool report_on_fatalerror = false; +diff --git a/test/parallel/test-process-env-allowed-flags-are-documented.js b/test/parallel/test-process-env-allowed-flags-are-documented.js +index 64626b71f019..8a4e35997907 100644 +--- a/test/parallel/test-process-env-allowed-flags-are-documented.js ++++ b/test/parallel/test-process-env-allowed-flags-are-documented.js +@@ -43,6 +43,10 @@ for (const line of [...nodeOptionsLines, ...v8OptionsLines]) { + } + } + ++if (!common.hasOpenSSL3) { ++ documented.delete('--openssl-legacy-provider'); ++} ++ + // Filter out options that are conditionally present. + const conditionalOpts = [ + { +@@ -50,6 +54,7 @@ const conditionalOpts = [ + filter: (opt) => { + return [ + '--openssl-config', ++ common.hasOpenSSL3 ? '--openssl-legacy-provider' : '', + '--tls-cipher-list', + '--use-bundled-ca', + '--use-openssl-ca', + diff --git a/meta-oe/recipes-devtools/nodejs/nodejs_16.14.0.bb b/meta-oe/recipes-devtools/nodejs/nodejs_16.14.0.bb index 9514ec499..7b9644ec8 100644 --- a/meta-oe/recipes-devtools/nodejs/nodejs_16.14.0.bb +++ b/meta-oe/recipes-devtools/nodejs/nodejs_16.14.0.bb @@ -20,6 +20,7 @@ SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \ file://0001-Disable-running-gyp-files-for-bundled-deps.patch \ file://0002-Install-both-binaries-and-use-libdir.patch \ file://0004-v8-don-t-override-ARM-CFLAGS.patch \ + file://0005-add-openssl-legacy-provider-option.patch \ file://big-endian.patch \ file://mips-less-memory.patch \ file://system-c-ares.patch \ -- 2.34.1
More All Messages By This Member

6241 - 6260 of 103056

Home Hashtags Subgroups Terms