**** BEGIN LOGGING AT Thu Jan 03 02:59:59 2013 Jan 03 05:11:33 oh Jan 03 05:11:35 here Jan 03 05:11:37 ^^ Jan 03 05:12:07 is there a patch yet removing passwordless rootlogins from 0.0.0.0/0 ? Jan 03 05:30:22 vutral what has passwords todo with a netmask? Jan 03 05:30:29 have even Jan 03 05:34:41 woglinde: well i had a discussion recently about that allowing login as root by telnet without any password is not correct Jan 03 05:35:14 and it seems it should be fixed somewhere in the upstream of many distros for routers Jan 03 05:35:20 so i am back here now ^^ Jan 03 05:35:45 well you could allow passwordless logins from private ipv4 ranges if you wanted Jan 03 05:35:51 or disallow it completly as default Jan 03 05:36:12 the question is if its a sane default to allow pwless telnet as root from anywhere Jan 03 05:36:53 telnet? Jan 03 05:37:02 nobody uses telnet Jan 03 05:37:05 i mean sure there are many hosts outside which dont need any password and just open a rootshell on the telnet port... Jan 03 05:37:12 otherwise for testing ports Jan 03 05:37:23 or for deploying botnets you mean Jan 03 05:37:29 ^^ Jan 03 05:37:32 lol Jan 03 05:38:09 there is a vulnerability report from like 2002 or so addressing that problem yet ^^ well thought its about "weak and no passwords" Jan 03 05:39:00 you know its about routers Jan 03 05:39:25 some allow telnet from the global routed ip ;) Jan 03 05:39:27 and? Jan 03 05:39:30 lets say many Jan 03 05:39:31 ^^ Jan 03 05:39:42 what has this todo with oe? Jan 03 05:40:02 well the problem has todo with busybox Jan 03 05:40:10 o.O Jan 03 05:40:20 disable busybox telent support Jan 03 05:40:30 i cant do that everywhere Jan 03 05:40:46 most people deploying these routers plug it in and that was it Jan 03 05:41:00 they dont even know how it works Jan 03 05:41:10 so better secure them Jan 03 05:41:13 yeah Jan 03 05:41:15 thats what i suggest Jan 03 05:41:18 without telnet Jan 03 05:41:43 so more sane defaults could find their way in firmware distributions too Jan 03 05:43:06 the most home users i think dont care about security Jan 03 05:43:17 and as far as I know we dont have telnet enabled by default Jan 03 05:43:20 they just deploy more bandwidth for their internet connection when their router is a ddos drone Jan 03 05:43:24 ^^ Jan 03 05:43:45 well still in the sourcecode of busybox is something if i remember right Jan 03 05:43:47 if pam isnt enabled Jan 03 05:43:53 it allows passwordless root logins Jan 03 05:43:57 which is probably unintentionally Jan 03 05:44:07 i wonder if thats still in the openembedded codebase Jan 03 05:44:29 or if something got merged now 2 month later after addressing it on busybox Jan 03 05:44:32 oe is base Jan 03 05:45:01 for your distro/device you should choose it carefully Jan 03 05:45:24 well i wouldnt allow telnet ^^ but that i know whats secure doesnt solve the problem Jan 03 05:45:33 o.O Jan 03 05:46:01 again by default we have ssh/console rootless passwd login in oe-core Jan 03 05:46:22 hm yeah and some dont remove that Jan 03 05:46:28 and its possible from any ip Jan 03 05:46:28 no Jan 03 05:46:34 again Jan 03 05:46:37 oe is base Jan 03 05:46:46 yes Jan 03 05:46:55 so you say it isnt your responsibility ? Jan 03 05:46:59 ^^ Jan 03 05:47:03 vendor/distribution maker should care about it Jan 03 05:47:20 should Jan 03 05:47:33 vendor != user Jan 03 05:48:02 but I had said go to openwrt and troll there a bit Jan 03 05:48:10 they have telnet on per default Jan 03 05:48:18 well i dont want to troll Jan 03 05:49:22 i am just annoying by the amount of lightaidra drones out there ^^ Jan 03 05:49:25 sorry if you get that wrong Jan 03 05:49:38 sure Jan 03 05:49:44 but how fault is it Jan 03 05:49:51 ups who Jan 03 05:49:55 well i get your point too Jan 03 05:51:05 well if its addressed at a single point from which changes get distributed to somewhere else changes go much quicker Jan 03 05:51:26 anyway i can try to find out if i get a list of all distros using open embedded and busybox Jan 03 05:51:35 and see if they care ^^ Jan 03 05:52:31 * Vutral wonders if busys telnetd supports libwrap Jan 03 05:56:07 again we dont have enabled telnet by default Jan 03 05:56:17 dropbear we have Jan 03 05:57:46 yes thats fine Jan 03 07:26:15 gm Jan 03 07:26:40 hi effem Jan 03 08:58:59 is it possible to have the same file in two different packages of the same recipe ? Jan 03 09:00:32 i think i'll have to use pkg_postinst_ :/ Jan 03 09:03:12 #? Jan 03 09:03:27 what is your problem you want to solve? Jan 03 09:05:28 i have a recipe for net-snmp, with 2 packages defined : net-snmp-snmpd and net-snmp-snmptrapd, both have configuration files in /var/etc/snmp/{snmpd.conf, snmptrapd.conf} and then there is a link from /etc/snmp to /var/etc/snmp Jan 03 09:05:49 the thing is that both packages need this link Jan 03 09:06:56 yes postinst Jan 03 09:07:02 :) Jan 03 09:07:59 pkg_postinst_${PN}-snmpd () { ln -sf $D/var/etc/snmp $D/etc/snmp } Jan 03 09:09:11 uhm Jan 03 09:09:13 btw is it possible to explicitly ignore that file so i don't get "WARNING:... the following files/directories were installed but not shipped in any package: /etc/snmp" Jan 03 09:09:13 no Jan 03 09:09:31 no? Jan 03 09:09:35 dont use ${D} there Jan 03 09:09:44 i use $D nor ${D} :) Jan 03 09:09:46 but ok Jan 03 09:09:56 ln -sf $D/var/etc/snmp $D/etc/snmp Jan 03 09:09:59 s/nor/not/ Jan 03 09:10:00 you posted Jan 03 09:10:21 yes but i discovered that $D does not behave like ${D} Jan 03 09:10:23 and what is $D set to? Jan 03 09:10:32 nothing Jan 03 09:10:36 the same than ${D} but it does not expand the same Jan 03 09:10:50 image root when running postinst in do_rootfs Jan 03 09:11:13 jama hm okay Jan 03 09:11:13 and that's different then ${D} in do_install Jan 03 09:11:34 but first $D doesn't make much sense Jan 03 09:11:42 ln -sf /var/etc/snmp $D/etc/snmp Jan 03 09:11:55 when postinst is executed for staging it expands to $D's value, but when shipped in the package, it expands to nothing Jan 03 09:12:11 JaMa: you re right Jan 03 09:14:31 afournier either you delete /etc/snmp in post_install and create it again in pkg_post_inst Jan 03 09:14:39 yes Jan 03 09:14:44 or you add it to the FILES_ Jan 03 09:14:48 i was gonna do this Jan 03 09:15:05 i did not wake up completly i think Jan 03 10:01:11 morning all Jan 03 11:22:59 i'm stuck with OE classic, but need glib 2.3, would there be any associated risks in trying to take wat is in oe-core back the way? if it is even possible Jan 03 11:24:38 It is possible put another "polkit_0.104.bbappend" in my layer, it could override the previous one? Because it seams doesnt works, some issue? Jan 03 11:42:38 Someone know about issue on angstrom do_postinstall? Seams sometime it doesnt works Jan 03 13:03:44 I take it trying to update glib not such a good idea? Jan 03 13:21:35 wayne1, I suspect most people in that position would try to move to oe-core Jan 03 13:21:48 oh wait glib Jan 03 13:21:51 try moving the recipe Jan 03 13:24:33 hi, are there recipes for using musl as libc? Jan 03 13:39:06 Crofton|work, Function SRC_DISTRIBUTECOMMAND failed, thats a new one Jan 03 13:39:37 fails on configure also when checking for libffi, even though my libffi is greater than required Jan 03 13:40:39 check for updates there, I seem to remeber some trobule with it Jan 03 13:49:45 so about package management and repositories... ipkg ? opkg ? dpkg ? which one to choose ? best practise ? where to rtfm ? Jan 03 13:53:30 with OE ? opkg Jan 03 13:53:39 and check the wiki Jan 03 13:53:40 yep Jan 03 13:53:44 ok Jan 03 13:58:06 http://www.openembedded.org/wiki/Oedem/2009 => * Why is opkg so bad? Jan 03 13:58:16 i hope it's not that bad in 2013 :) Jan 03 15:42:28 how can i install the package-index inside the image so opkg is not completly lost and knows what is already installed ? Jan 03 15:58:03 add package-management to IMAGE_FEATURES Jan 03 15:58:24 and sanity check the contents of ROOTFS_POSTPROCESS_COMMAND Jan 03 15:58:42 alternatively, don't use core-image-minimal :) Jan 03 16:05:57 really ? Jan 03 17:19:30 I need to enable NEON builds for fftw Jan 03 17:19:58 but I think it will not detect the instruction set, so what is the best way to put that in a recipe? Jan 03 17:20:07 if anyone isn't in the yocto channel, could use comments/input/criticism on https://github.com/kergoth/bb - with the caveat that it's a work in progress, very early Jan 03 17:21:09 at a guess, you'd select a neon tune, e.g. armv7a-neon Jan 03 17:21:22 but i've never tried affecting tuning on a recipe by recipe basis rather than global.. Jan 03 17:21:25 heh Jan 03 17:23:13 yeah, that is th eproblem Jan 03 17:23:49 nromally, I just override it for armv7 and hope no one on a NEON less machine tris to use it :) Jan 03 17:39:07 kergoth: why is bb a separate tool ? can this functionality be implemented in bitbake itself Jan 03 17:43:18 khem: it ha sa completely different interface than the bitbake command does. subcommand based, not option based. it belongs as a separate command. that command could eentually go into the bitbake project/repo, sure, and thats' what I'd like to see happen eventually, if there's interest Jan 03 17:45:09 kergoth: yes subcommands will be an improvement for bitbake I think Jan 03 17:45:34 should be much less confusing imo. e.g. the fact that -g is required to use -u depexp, etc Jan 03 17:46:29 okay, let me know if you have any ideas for what should be added or anything. it's quite usable now, if limited Jan 03 17:58:41 https://github.com/kergoth/bb#readme - check out the new whatdepends -r command. course right now it halts at libglade since it doesn't traverse runtime dependencies yet Jan 03 17:58:51 https://github.com/kergoth/bb#readme - check out the new whatdepends -r command. course right now it halts at libglade since it doesn't traverse runtime dependencies yet Jan 03 17:58:59 er, wrong button, ignore that duplication Jan 03 17:59:55 * kergoth ponders Jan 03 18:32:38 Hi Jan 03 18:33:13 I am having trouble building firefox with openembedded(yocto) on 64 bit Centos Jan 03 18:33:48 cross compiling it for a x86 target Jan 03 18:34:16 as per the documentation with Yocto project, they support Centos Jan 03 18:35:01 but do not mention anything specific to 64 bit host support Jan 03 18:35:19 anyone knows about any such issues, please let me know Jan 03 18:41:18 can anyone guide me to the correct way to approach build issues, I am new to building OE/Yocto Jan 03 18:44:16 vicky24, you could start by pastebining the error Jan 03 20:10:41 this is weird Jan 03 20:10:55 I move the fftw recipe to cagnge the version, and the checksom does not fail Jan 03 20:10:56 wtf Jan 03 20:12:10 vicky24: i build on 64 bit centos 5.x every day, but not firefox usually Jan 03 20:18:27 something is not right here Jan 03 20:19:57 kergoth, any ideas why a checksum test that should fail does not? Jan 03 20:20:56 not offhand, no. i'd dig downa nd check things manually. go md5 the file yourself, or whatever Jan 03 20:22:38 I did Jan 03 20:22:56 I copied the recipe to the new name to change the version Jan 03 20:23:02 and left the checksums alone Jan 03 20:23:13 expecting the fail message and the info to update Jan 03 20:25:38 is this still valid for a recipe with one entry in the SRC_URI? Jan 03 20:25:39 SRC_URI[md5sum] = "616e5c91218cc778b5aa735fefb61ae" Jan 03 20:25:47 yep Jan 03 20:26:40 Maybe if I comment them out Jan 03 20:27:05 bitbake-env -r recipe -f SRC_URI Jan 03 20:27:13 verify the flags aren't being overridden somewhere Jan 03 20:27:16 heh Jan 03 20:27:34 hmm, it seems like it is not re-running fetch after I -c cleansstate also Jan 03 20:28:17 heh, you've got something strange going on :) Jan 03 20:28:27 are you using an sstate mirror? Jan 03 20:28:39 no Jan 03 20:28:40 cleansstate removes the local sstate archive, but when using a mirror it'll re-fetch and use it again Jan 03 20:28:47 ah **** ENDING LOGGING AT Fri Jan 04 02:59:58 2013