**** BEGIN LOGGING AT Thu Jan 05 03:00:01 2017 Jan 05 05:15:21 khem - thanks for the answer - this is for standalone development. I have had yocto create an SDK and I have configured eclipse to use this along with the yocto and cdt plugins for C/C++ development. Jan 05 05:19:15 khem: the code was originally built with the ARM DS-5 environment on windows and I am moving things to linux-based development. For the most part everything seems correct - the correct compiler is used /sysroots/x86_64-pokysdk-linux/usr/bin/arm-poky-linux-gnueabi/arm-poky-linux-gnueabi-g++ but it seems to pull AR out of nowhere Jan 05 05:19:23 it is using sysroots/cortexa9hf-neon-poky-linux-gnueabi/usr/bin/ar which does not even exist Jan 05 05:20:55 I usually stay away from eclipse but need to use it in this instance and cannot figure out where this gets set. I have tried setting CMAKE_AR in CMakeLists.txt as well but that does not seem to do anything Jan 05 06:58:21 yeah in yout SDK install there must be a environment file Jan 05 06:58:26 define AR there Jan 05 10:22:35 i would like to "dump" the content of do_compile task for a given recipes (recipe doesn't define by itself the task but inherit it) Jan 05 10:22:43 is there a way to do this using bitbake ? Jan 05 10:24:27 bitbake -e $ recipe Jan 05 10:24:36 then grep through for that stage Jan 05 10:27:16 CTtpollard: thanks :) Jan 05 10:49:18 hello, I would like to ask about common practices related to permissions on embedded systems... how many of you run the GUI and custom daemons as root on your devices? Jan 05 10:50:20 should I really bother setting up users with limited permissions for application-specific processes? Jan 05 10:51:07 is there any kind of guide/best practices I can follow when it comes to permissions on embedded systems? Jan 05 10:59:55 oh my god don't run anything as root unless you want to be in one of those "look i exploited this device by sending a malformed packet and the daemon runs as root, what an idiot" presentations at CCC Jan 05 11:00:39 like that car that 1) listens to all incoming packets over 3G 2) has a dbus service 3) has a method on the dbus service to invoke an arbitrary command 4) runs that service as root Jan 05 11:14:31 haha Jan 05 11:18:02 there's a section of the dev manual which includes high-level ideas and links to articles discussing common problems http://www.yoctoproject.org/docs/2.2/dev-manual/dev-manual.html#making-images-more-secure Jan 05 11:22:07 hahaha Jan 05 11:24:42 the paper discussing the hacks ross mentioned is online somewhere and a great set of examples of what not to do Jan 05 11:26:01 it was a horror story for nerds Jan 05 11:26:18 this one http://illmatics.com/Remote%20Car%20Hacking.pdf Jan 05 11:26:27 DON'T GO INTO THE SPOOKY WOODS ALONE AT NIGHT Jan 05 11:33:46 joshuagl, good to see that some information is included in the yocto manual... I somehow missed that, so thank you Jan 05 11:34:37 eduardas_m: np. It's not something we have expertise in on the project so can't offer more than high level guidance Jan 05 11:38:54 well, I honestly don't know another channel on freenode to discuss embedded linux problems... other embedded linux related channels have low participation rates.. so I usually end up asking here Jan 05 11:41:10 perhaps security considerations should be like those of general linux systems, but what I see in application examples provided by hardware vendors is that you are shown to run everything as root Jan 05 11:43:20 eduardas_m: if i was building a networked embedded device i'd not only run as a non-root user but use something else to constrain, selinux or containers or cgroups or anything Jan 05 11:45:26 defence in depth Jan 05 11:46:26 rburton, while reading about the intel Joule, I discovered Ostro Linux, it has an application framework for sandboxing applications... pretty much what you described if I understand correctly Jan 05 11:47:03 I wonder whether any of you are involved with Ostro or have any experience with it Jan 05 11:47:18 how does it compare to usual Yocto development? Jan 05 11:47:28 it is yocto :) Jan 05 11:47:52 the sandbox stuff in ostro is Smack, you can use that without using ostro if you want Jan 05 11:48:54 SMACK is a MAC solution, like SELinux and AppArmor. Layer is https://github.com/01org/meta-intel-iot-security/tree/master/meta-security-smack Jan 05 11:48:54 rburton, I am aware it uses yocto tools, but as far as I understand it has its own layers that are not in the OE index or the usual Yocto release Jan 05 11:50:10 so I guess stuff is not really guaranteed to build when mixing and matching Ostro stuff and Yocto release recipes, right? please correct me if I'm wrong Jan 05 12:51:34 Hello, is it possible to make kernel config selections as part of a machine.conf Jan 05 14:16:23 eduardas_m: the Ostro app framework has some documentation here: https://ostroproject.org/documentation/architecture/application-framework.html Jan 05 14:17:13 eduardas_m: the sandboxing is done in a configurable way... it can use containers or just DAC-based access control Jan 05 14:21:54 hi, i just realized that /var/log gets linked to /var/volatiles/log and so the logs are gone after each reboot Jan 05 14:22:33 where can i change this in a proper way? at least /var/log/journal should be persistent Jan 05 14:32:59 ipuustin, do you actually work with Ostro? if so, is it just for Intel chips or are builds for ARM platforms such as imx6 also supported in some way? Jan 05 14:34:46 ipuustin, I get the impression that the only supported ARM platform is the Beaglebone because there is an image for it Jan 05 14:35:37 not sure how much effort it would take to put this on an NXP or other vendor's chip Jan 05 14:58:02 has anyone tried pulling openembedded-core and/or bitbake recently? Jan 05 15:02:57 tlwoerner: looks like the same issue that hit meta-openembedded has now hit the others... no master refs! :| Jan 05 15:03:30 :O Jan 05 15:03:39 halstead: ^^ ? :-o Jan 05 15:03:42 oops how does that happen Jan 05 15:04:31 jku: not sure but JaMa suspected the patchwork git hooks, https://bugzilla.yoctoproject.org/show_bug.cgi?id=10762 Jan 05 15:04:33 Bug 10762: enhancement, Medium+, 2.3 M2, jose.a.lamego, REOPENED , patchwork: Enable automatic status update when patches are merged for all projects Jan 05 15:06:47 nrossi: joshuagl tlwoerner I have a permanent solution in the works. Jan 05 15:07:12 halstead: yay :) Jan 05 15:07:45 nrossi: The temporary fix should have just kicked in. Jan 05 15:08:17 nrossi: jku It's a umask issue causing permissions problems. Jan 05 15:08:41 halstead: thanks for the update! Jan 05 15:11:33 tlwoerner: Is it working as expected now? Jan 05 15:11:41 joshuagl: Thanks for the ping. Jan 05 15:12:18 halstead, thanks for taking care of this Jan 05 15:14:49 Crofton|work: No problem. Sorry about these issues. I might need to downgrade gitolite for a bit while I do more testing. Jan 05 15:15:52 halstead: +1 thanks Jan 05 15:26:40 halstead: yes, all looks now, thanks :-) Jan 05 15:34:53 eduardas_m: I think the Ostro focus has been on the Intel dev platforms (Galileo 2, Edison, Minnowboard, ...) Jan 05 16:17:58 Hi everybody, currently I'm facing problems with the transition from zImage to fitImage. Basically it seems everything is working fine (including booting), but my INITRAMFS isn't loaded. I'm using "CONFIG_INITRAMFS_SOURCE="./initramfs/config.cfg"" in the kernel configuration as initramfs source. Does anybody of you have any clue what the problem could be? Thanks in advance! Jan 05 16:18:48 If you any kind of additional info would be helpful, just mention it. Thanks. Jan 05 16:28:01 g0hl1n: CONFIG_INITRAMFS_SOURCE is supposed to be a single cpio archive or a list of directories; your file looks like a config fragment? Jan 05 16:32:49 ntl: yes, it is a config and it's working with the zImage. Basically I'm using the "IMAGE BUILDING method" like described in Documentation/early-userspace/README. Jan 05 16:34:07 ntl: aww, better documentation is in Documentation/filesystems/ramfs-rootfs-initramfs.txt ("Populating initramfs" section) Jan 05 19:22:07 How can I add a package only to a debugfs (ie: with IMAGE_GEN_DEBUGFS = "1") image? Is there a way to pull in packages there at the same time the `*-dbg` packages are pulled in? Jan 05 19:25:40 Or does anyone know the mecahnism that adds the `*-dbg` packages to debugfs images? I'm looking around image.bbclass & image_types.bbclass but nothing is jumping out at me Jan 05 19:26:27 jmesmon: meta/lib/oe/rootfs.py line 105, _setup_dbg_rootfs Jan 05 19:26:47 it explicitly does self.pm.install_complementary('*-dbg') Jan 05 19:26:51 not metadata driven Jan 05 19:27:04 so i don't believe you could modify the behavior without overriding the python module and modifying the method Jan 05 19:27:12 or monkeypatching, possibly Jan 05 19:28:04 hm. at that point it might make sense just to have another foo-image-debugfs.bb which includes the base image and adds a few packages. Jan 05 19:29:29 probably, yes Jan 05 19:47:13 hi all, was wondering if there is a way to append to an existing bbclass? just like we do for a bb file using bbappend Jan 05 19:48:16 manju, pretty sure there isn't Jan 05 19:48:21 although the idea comes up Jan 05 19:50:05 nope, the best you can do is append the recipes, override the class in a higher priority layer, or something terribly hacky with a global class and anonymous python or an event handlerl that checks to see if the recipe inherits that class Jan 05 19:52:41 ok thanks... Jan 05 19:58:28 just tripped over: ERROR: ExpansionError during parsing /buildarea/rmacleod/src/distro/yocto/oe-core.git/meta/recipes-support/icu/icu_57.1.bb -- known problem? Jan 05 19:58:54 I'm ignoring it by using bitbake's 1.32 branch. :) Jan 05 19:59:32 (this was with bitbake /master XXXTBDXX and oe-core/morty) Jan 05 19:59:53 you can't use bitbake master with oe-core morty Jan 05 19:59:56 as you've discovered Jan 05 20:00:37 it's not "ignoring it", it's using the correct bitbake versionf or the correct metadata version. branches/versions always have to match up between your layers, and between bitbake and the layers Jan 05 20:05:34 kergoth: thx, that's what I expected but it's via magic associations it seems or (shudder) documentation? Oh look: https://wiki.yoctoproject.org/wiki/Releases needs to be updated. Jan 05 20:06:01 * vmeson remembers what wiki's are and tries to update iti. Jan 05 20:08:12 vmeson: the wiki should be maintained with the mapping, and ideally the oe-core readme would mention it, as it's a dependency, but the most accurate place is likely the sanity check at this time, as oe-core will abort if the bitabke version isn't correct. See https://github.com/openembedded/openembedded-core/blob/morty/meta/conf/sanity.conf#L6 Jan 05 20:12:25 I'm looking for the place I can add a machine name as part of FILESPATH, so I can switch kernel fragments based on machine conf Jan 05 20:14:11 it'll handle that automatically Jan 05 20:14:14 wiki username needed and requested. kergoth: yeah, the erorr message was not a good experience: http://pastebin.com/UrZYPpT8 Jan 05 20:14:19 usually, anyway Jan 05 20:14:49 vmeson: yeah, sadly if it fails before we even get to the sanity check it's not ideal :\ Jan 05 20:14:52 we hsould work on that Jan 05 20:16:54 Is it ok to put a FILESOVERRIDES in machine.conf? Jan 05 20:17:36 that'd be pretty pointless Jan 05 20:17:53 just create a machine subdir in a usual file:// search directory and it'll automatically pull from it when machine is set to that Jan 05 20:18:01 kergoth: I'll fix the wiki once I get perms and likley add a line to the README for morty. I could open a bug for bitbake if you want. Jan 05 20:18:19 the normal file:// behavior is to check for files in a subdir for any override in OVERRIDES Jan 05 20:18:27 or even send a patch since I should know more about bitbake than I do now... Jan 05 20:18:32 kergoth: ok great I didn't realize it did that Jan 05 20:18:44 back laterish. Jan 05 20:18:56 well, filesoverrides, not overrides. but that includes machine by default. Jan 05 20:19:07 see base_set_filespath() in utils.bbclass and FILESOVERRIDES in conf/bitbake.conf Jan 05 20:19:16 MACHINEOVERRIDES includes MACHINE as a matter of course Jan 05 20:20:06 kergoth: Ok thanks for the info. I'm swimming in a see of yocto, I'll get better at it eventually lol Jan 05 20:20:22 there's a lot to learn, and a steep learning curve. downside to the high flexibility and power Jan 05 20:20:30 worth the effort, though Jan 05 20:20:55 Yea, thats what I'm driving for. I've seen many improvements over the years and I'm very encouraged Jan 05 20:21:29 My last effort was on a horribly botched denzil and I'm noticing there is plenty of new improvments Jan 05 22:55:06 anyone know how to set a shell environment variable for my target image via the image recipe or something similar? Jan 05 23:09:47 esennesh: for a user or systemwide in /etc/profile? (I don't know either way but at least you'll have a more precise question). Jan 05 23:11:07 esennesh: not sure if this will help since it's from 2012 but: https://lists.yoctoproject.org/pipermail/yocto/2012-January/004483.html Jan 05 23:11:34 vmeson: systemwide Jan 05 23:13:55 thanks for the link Jan 05 23:22:55 Hi people, has anyone here tried building poky for wandboard before? I've got stuck and I'd really appreciate some help Jan 05 23:24:47 On krogoth and before, I used to be able to set IMAGE_FSTYPES in my local.conf to generate archives like tar.gz or tar.bz2, but setting that variable on master doesn't seem to have any effect Jan 05 23:25:06 And only wic.gz archives are created. Any thoughts? **** ENDING LOGGING AT Fri Jan 06 03:00:01 2017