**** BEGIN LOGGING AT Thu Jun 07 03:00:04 2018 Jun 07 18:23:40 poppler_0.63.0.bb:do_compile is failing for me on sumo. This seems to be the error that starts the subsequent avalanche: Jun 07 18:23:46 work/core2-32-oe-linux/poppler/0.63.0-r0/recipe-sysroot-native/usr/lib/i686-oe-linux/gcc/i686-oe-linux/7.3.0/include/stddef.h:444: syntax error, unexpected identifier in ' __float128 __max_align_f128 __attribute__((__aligned__(__alignof(__float128))));' at '__float128' Jun 07 18:24:34 cherry picking these from master fixes it: Jun 07 18:24:38 457b0fec67d2fc979f7aefe0af62a41e099f2244 poppler-data: Upgrade to 0.4.9 Jun 07 18:24:42 327292a30089783236bfe482ec43834f9d118327 poppler: Update to 0.64 Jun 07 18:24:46 e4536bd278b07dc65a4312143d13009f52efbd81 poppler: Fix build on musl Jun 07 18:25:39 Any thoughts on whether cherry-picking those into sumo is an option or should I try to find a patch for 0.63? Jun 07 18:28:37 the upgrade will only be considered in exceptional circumstances, so have a look at the git repo and find the commit that fixed it Jun 07 18:29:03 rburton: okay. will do Jun 07 19:05:56 khem: I'm working on a poppler patch for sumo that uses your poppler/0001-glib-CMakeLists.txt-Add-libpoppler-to-link-along-wit.patch since it fixes the linking issue I'm running into. In the commit where you add this you also add glib-2.0 to DEPENDS and two lines to EXTRA_OECMAKE. Jun 07 19:06:24 It seems to build with and without those extra lines added. Do you recall if those should be included if I add /0001-glib-CMakeLists.txt-Add-libpoppler-to-link-along-wit.patch? Jun 07 20:34:32 khem, hi Jun 07 20:34:45 after today's pull I see Jun 07 20:35:07 | g++: internal compiler error: Killed (program cc1plus) Jun 07 20:35:30 x86_64-linux/cmake-native/3.10.3-r0/build' Jun 07 21:05:28 ant_home: this seems odd how many patches have you picked Jun 07 21:08:17 khem, I have reverted cmake: fix build issue with boost 1.67.0 Jun 07 21:08:33 still building 96% Jun 07 21:08:58 only 2 commits to bisect :) Jun 07 21:09:12 since testerday Jun 07 21:10:17 yes, that is the culprit Jun 07 21:10:58 georgem: ok. those are needed for 0.64 so you might skip them for 0.63 Jun 07 21:11:13 commit 04f367e27e66 Jun 07 21:11:23 master Jun 07 21:11:24 ant_home: ok. then report is to ml and let armin know Jun 07 21:11:33 yes, is oe-core issue Jun 07 21:11:36 khem: okay thanks. I'll send a patch to the ML that just adds your patch for 0.63. Jun 07 21:12:16 since that fixes the linking issue I'm seeing Jun 07 21:29:13 khem, could be a race Jun 07 21:33:54 georgem: have you used your meta-ima layers anytime recently? Jun 07 21:36:14 moto-timo: I'm actually still using https://github.com/intel/meta-intel-iot-security/tree/master/meta-integrity even though it hasn't been touched in two years. still works even with sumo. Jun 07 21:36:28 meta-integrity does IMA also Jun 07 21:37:23 so not using any of the other stuff Jun 07 21:37:56 georgem: do you have any success or horror stories about IMA? Jun 07 21:38:07 I've heard mixed things Jun 07 21:39:44 well... writing a policy that is useful can be a bit tricky. one thing that's tricky is say enforcing IMA signatures on python modules. Theres really no way to do that without selinux getting involved. Jun 07 21:39:56 kind of depends on your needs Jun 07 21:40:11 ok. thanks. that's a good example Jun 07 21:40:34 enforcing signatures for normal executables and scripts that are called directly is pretty trivial Jun 07 21:40:59 you can also enforce signatures on kernel modules and firmware Jun 07 21:41:48 I believe there are some patches for path based enforcement Jun 07 21:42:26 Great. That is exactly the kind of insight I was hoping for. thank you Jun 07 21:43:14 moto-timo: one big thing to watchout for is if you require hardware based signing (HSM). The cheap USB based keys aren't fast enough to sign an entire file system. It would take days. Jun 07 21:43:30 ouch Jun 07 21:44:09 so either need to use a hardware key to sign a key and use that key to do the signing in software or spend $$$$$ buying a bank grade HSM. Jun 07 21:44:22 right **** ENDING LOGGING AT Fri Jun 08 03:00:18 2018