**** BEGIN LOGGING AT Mon Jan 25 02:59:57 2021 Jan 25 07:31:04 yo dudX Jan 25 07:36:06 styleguide for my upcoming ISO audit... Jan 25 07:36:32 I  found a styleguide of OpenEmbedded (http://www.openembedded.org/wiki/Styleguide) Jan 25 07:36:45 Is there something the same for Yocto itself? Jan 25 07:37:29 The one of OpenEmbedded is fine for me.  I'm just don't want to explain the ISO-guys that OE is kind of Yocto. Jan 25 07:42:08 vermaete: i have never heard of a "yocto equivalent" (TBH i didn't even have an idea that one exists) Jan 25 07:51:00 LetoThe2nd: There is something and it looks fine.  It will do the job :-) Jan 25 07:53:13 vermaete: have fun! Jan 25 08:58:36 Hello. I have a question about AGL; I'm looking for a way to install 32-bit app-support (libraries etc.) on Raspberry Pi 4 (64-Bit). Does anyone can help me out? Jan 25 09:00:35 nacknick: You're best off asking in #automotive if it's about AGL Jan 25 09:00:52 paulbarker: Thank you Jan 25 09:13:47 nacknick: you'll have to look into multilib (lib32- packages), but better ask AGL folks yes :) Jan 25 10:22:04 @vermaete: when you look here some time later, have a look at this as well: https://github.com/priv-kweihmann/oelint-adv Jan 25 10:52:27 * RP is curious if anyone has ever played with linuxcnc Jan 25 10:53:29 @RP: Yep - the Yocto power printer at the ELC Duesseldorf (if I remember well) was running it, kind of. Jan 25 10:54:47 @RP to be precise - we used machinekit Jan 25 10:55:13 https://www.machinekit.io/ Jan 25 10:56:36 it seems to be bit rotten now Jan 25 10:57:42 RobertBerger: I have recipes nearly working for linuxcnc but its been a little bit of a struggling with the weird tcl dependencies Jan 25 10:58:37 @RP I can imagine. machinekit was a mess - different languages mixed together somehow in a weird way Jan 25 10:59:35 * RP is wondering what to do with these recipes Jan 25 11:01:45 @RP: I remember Koen Kooi playing with these kind of things as well, but I don't know where he is hiding at the moment Jan 25 11:22:48 RobertBerger I am Koen Kooi Jan 25 11:23:27 @abc283923: Hi Koen Jan 25 11:24:01 Hi Robert, indeed I played a lot with those kind of things. Jan 25 11:24:06 Good 'ol times Jan 25 11:24:26 @abc283923: You see I remember ;) Jan 25 11:24:37 abc283923: hope you're doing ok, we've been missing you! Jan 25 11:24:40 :') (y) Jan 25 11:25:03 I've missed you as well! Jan 25 11:27:53 @abc283923: Did you play at all with linucnc? Maybe you already have some idea about what RP is fighting against. Jan 25 11:30:31 * LetoThe2nd metalizes abc283923 Jan 25 11:31:10 RobertBerger A little bit Jan 25 11:31:20 Lets see Jan 25 12:11:58 It occurred to me last night, I was wondering about Yocto's security updates. Yocto is providing recipes for many packages one may want. Is Yocto also updating them when security issues are found? Like the wiki here (https://wiki.yoctoproject.org/wiki/Security) says that there is no security team, but later it says that one should contact the security team if a vulnerability is found 🙈. Jan 25 12:11:59 I have seen this "cve-check" tool, that seems super nice. Does it mean that it is the responsibility of the Yocto user to care about the security of their image? Or in practice is it a best-effort based on community contributions? Jan 25 12:12:54 jonesv[m]: It's always "best effort" unless you're paying a vendor to make guarantees Jan 25 12:14:36 CVEs are tracked though, weekly status emails are sent to the list, e.g. https://lists.openembedded.org/g/openembedded-core/message/147135 Jan 25 12:15:20 Right. And in practice, would you say that many packages quickly get important updates? To put it in context, I have heard of people who were basing their system on Ubuntu, mainly because they can count on Ubuntu's packages and security updates. Yocto seems much more versatile, but I wonder if Yocto users should have a security team or not necessarily (because small projects may not have that choice, right?) Jan 25 12:15:31 Some of that list is likely noise, database issues, etc Jan 25 12:16:02 jonesv[m]: Ubuntu only provides security updates for a subset of packages Jan 25 12:16:41 aha, I did not know that. I thought that "official" packages would get updates Jan 25 12:17:05 jonesv[m]: See the 2nd question in https://wiki.ubuntu.com/SecurityTeam/FAQ Jan 25 12:17:42 jonesv[m]: we operate on a best efforts basis - we keep master up to date and also try and look after our LTS release and stable releases Jan 25 12:18:08 jonesv[m]: if people make us aware of issues and/or send patches we tend to try and get them in Jan 25 12:18:54 hello Jan 25 12:19:04 I have a simple cmake based software that build fine outside yocto but it has many dependencies, amongst them the cmake attempts to use cslangValidator and that's when bitbake falls over. cslang is added to the IMAGE_INSTALL_append and in the DEPENDS and RDEPENDS_${PN} of the bb file but all it does is adding the -dev variant of the rpm built by Jan 25 12:19:04 the cslang recipe. I need the content of the rpm which contains cslangValidator on the recipe-sysroot directory and all i get is the content of the -dev which is just header files and libraries. rpm -qlp on the rpm generated by the cslang recip conforms that cslangValidator is there but this rpm is not installed to recipe-sysrootfs of the build Jan 25 12:19:05 directory of my software. Jan 25 12:20:45 paulbarkerRP : right, so that does not seem much more work (as a user) than getting updates from Ubuntu (once you get used to doing it in Yocto) :) Jan 25 12:23:02 jonesv[m]: For recipes in oe-core, correct, and if you follow the weekly CVE status emails you should at least know what is unpatched Jan 25 12:24:20 jonesv[m]: For recipes in other layers you need to look at the policies for those layers, it's likely you'll need to do a bit of CVE tracking of your own if you use a layer which doesn't do this Jan 25 12:25:42 I have never been in contact with people using Yocto, but instead I have been in contact with people who said "Yocto is too complicated, so I made my own Ubuntu-based system". And my feeling is that maybe it's faster to start, but then they end up reinventing the tools that Yocto already provides. Jan 25 12:25:42 Of course, if you want to make an Alpine-based distro (Adelie Linux, PostmarketOS), I get that you probably want to use your own tooling. But if you just want a "linux distribution" for your embedded system, it does not seem better to use Ubuntu than Yocto. Jan 25 12:25:42 I guess I'm just trying to get some insights from the Yocto side 😊 Jan 25 12:26:34 intera9139: what's the path to cslangValidator in your rpm? Jan 25 12:27:11 one sec checking Jan 25 12:27:12 jonesv[m]: I'd love to see how someone distributing a physical product containing copyleft software from Ubuntu does license compliance, I don't think it's possible Jan 25 12:27:18 jonesv[m]: I think that sums it up. YP is different to Ubuntu, it depends how different you want/need to be from a one size fits all desktop distro Jan 25 12:28:03 When you start managing multiple product images, different configuration, etc, Yocto becomes exceptionally useful Jan 25 12:29:26 qschulz: it is in /usr/bin Jan 25 12:29:54 ~/workspace/poky/build-toaster-2/tmp/work/corei7-64-poky-linux/glslang/8.13.3743+gitAUTOINC+e05cc20ec2-r0/deploy-rpms/corei7_64$ is where the rpm is built Jan 25 12:30:11 Would you mind elaborating on that? I've read that Yocto is useful for licensing, but I don't really get what that means. Say I have a GPLv2 library on my system, will Yocto check that it is not linked by any non-GPL program? Is that it? Jan 25 12:31:18 jonesv[m]: I don't think we can check that explicitly Jan 25 12:32:03 jonesv[m]: If that GPLv2 library was installed via `apt` in Ubuntu though, how would you ensure you're distributing the corresponding source code to anyone who gets those binaries? Jan 25 12:32:18 Would you go to the effort of mirroring the `apt-src` repository? Jan 25 12:33:02 And how would you provide the build & install scripts? Jan 25 12:33:20 With Yocto we have well documented answers to these questions and several presentations, tutorials, etc Jan 25 12:33:57 jonesv[m]: Some self-promotion: https://www.youtube.com/watch?v=9wRn-9KhiEI Jan 25 12:34:04 That's very interesting, thanks! With those keywords, I should be able to find those presentations :) Jan 25 12:34:17 Amazing! Thanks! Jan 25 12:35:03 intera9139: cslangValidator needs to be run at build time right? Jan 25 12:35:24 yes Jan 25 12:35:49 jonesv[m]: Also https://www.youtube.com/watch?v=HILbAIeCTR8 Jan 25 12:36:00 intera9139: then you need the -native version of the package Jan 25 12:36:08 jonesv[m]: And https://fosdem.org/2021/schedule/event/embedded_linux_license_compliance/ early next month Jan 25 12:36:26 intera9139: so, glslang-native in your DEPENDS Jan 25 12:36:34 oh ok so if I add the -native as a DEPENDS Jan 25 12:36:41 thank  you so much Jan 25 12:36:55 ;-)  you're a star ... Jan 25 12:37:18 intera9139: oh stop it you Jan 25 12:37:20 :) Jan 25 12:37:38 paulbarker: well, the GPLv2 doesn't say you have to dstribute Jan 25 12:37:52 toaster is now building the modified recipe ... Jan 25 12:37:55 you silply have to provide a written offer Jan 25 12:38:00 simply Jan 25 12:41:26 abelloni: And when someone comes knocking you need to actually be able to fulfil that written offer Jan 25 12:41:37 exactly Jan 25 12:41:47 So you need to track the info and archive sources regardless Jan 25 12:42:19 And not just depend on your upstream still being there up to a few years later Jan 25 12:45:45 To those who buy your product, right? I can't ask for the sources of a device I did not buy, can I? (I guess that's obvious, sorry for the dumb question) Jan 25 12:46:40 jonesv[m]: "Accompany it with a written offer, valid for at least three years, to give any third party, ..." Jan 25 12:46:50 Get a lawyer to interpret "any third party" Jan 25 12:46:59 Also GPLv2 means that if I buy, say, an Android phone, and I ask the manufacturer for their downstream kernel, they have to give me the sources. But it does not mean that they need to give me install scripts or a way to flash my own version of their kernel on their phone, right? Jan 25 12:48:10 That last bit is outside my area of expertise Jan 25 12:49:21 qschulz: Build successful;-) Jan 25 12:56:58 intera9139: great. Remember, anything that needs to run at build time will run on the host (building) machine Jan 25 12:57:20 so it needs to be compiled for the host architecture. This is specified by using -native suffix for recipes Jan 25 12:57:35 and binaries will make it to recipe-sysroot-native ;) Jan 25 14:34:29 RobertBerger: I did get linuxcnc to "run" which was nice :) Jan 25 14:34:58 @RP: Great! Jan 25 14:35:05 @RP on which device? Jan 25 14:35:15 RobertBerger: qemuarm64 Jan 25 14:37:23 @RP: so we need some hardware to play with it ;) Jan 25 14:37:54 RobertBerger: right, I don't have a CNC machine, much as I'd like one :) Jan 25 14:38:08 RobertBerger: OIDA! Jan 25 14:38:12 (just sayin) Jan 25 14:38:52 @RP: My thing is some beagle bone black based 3d printer Jan 25 14:39:09 @LetoThe2nd: Jo genau. OIDA! Jan 25 14:40:19 RobertBerger: wasn't there some crazy austrian who did a lot of bbb/pruss cnc stuff? mauerer? haberer? Jan 25 14:40:53 @LetoThe2nd: Yep Jan 25 14:43:19 @LetThe2nd: But it was machinekit and not linuxcnc: https://github.com/machinekit Michael Haberler and Alexander Roessler (doing qt stuff) Jan 25 14:50:52 Hello everyone! I want to enable the linux kernel option CONFIG_PKCS8_PRIVATE_KEY_PARSER got get iwd (= replacement for wpa_supplicant) working, but it seems my kernel doesn't support it. That is, the menuconfig search doesn't find it. I'm no kernel hacker, is there a quick way to prove this assumption? Jan 25 14:51:31 I'm using Linux 4.9 for NVidia Jetson TX2, and this suggests it was added at Linux 4.20: https://cateee.net/lkddb/web-lkddb/PKCS8_PRIVATE_KEY_PARSER.html Jan 25 14:51:37 Do I read this right? Jan 25 14:53:52 manuel1985: did you search WITHOUT CONFIG_ in front? Jan 25 14:55:03 well a blame on the crypto/asymmetric/Kconfig says the option has been created 2years ago, so there's no way it could be in 4.9 without massive backporting. Jan 25 14:55:28 I think so. (If I remember the search dialogue prompt correctly, it said I can enter with or without the CONFIG_ at front.) Jan 25 14:55:31 qschulz Jan 25 14:55:32 LetoThe2nd: was about to do it, thanks :) Jan 25 14:59:52 LetoThe2nd qschulz: Thanks Jan 25 15:17:03 a thousand apologies if that question has been asked before but my yocto layer/recipe build a library in a subfolder and that library does not get included in  the rpm and I get a QA error: QA Issue: /bin/program contained in package myprogram requires library.so()(64bit), but no providers found in RDEPENDS_program? [file-rdeps] Jan 25 15:17:35 how do I add that library so that it is found at runtime as RDEPENDS can list another package but not a library built as part of the recipe Jan 25 15:18:44 intera9139: are you building the library or is a prebuilt one? Jan 25 15:18:56 intera9139: its its built alongside the program, you want to look up package splitting. Jan 25 15:19:03 livecoding #4, IIRC Jan 25 15:19:21 qschulz: am building it Jan 25 15:19:35 intera9139: then version your library Jan 25 15:19:38 and it'll just work Jan 25 15:19:48 (i.e. library.so.1.0) Jan 25 15:20:04 ok I will look that up in the manual, no idea how to do that Jan 25 15:20:19 (*.so files are put into -dev package by default) Jan 25 15:20:42 indeed and that one is not I have verified the dev rpm Jan 25 15:20:44 intera9139: nothing to do with Yocto actually, just to the build system you're using (cmake, autotools, meson, etc...) Jan 25 15:20:52 cmake Jan 25 15:21:16 so cmake documentation is the one you should probably read :) Jan 25 15:21:44 indeed thanks ;-) Jan 25 15:21:54 intera9139: oe-pkgdata-util find-path '/path/to/lib' with /path/to/lib being the path where you'll find your lib on the target system (rootfs) Jan 25 15:21:59 that'll tell you where it is Jan 25 15:22:19 maybe you just forgot to `install` it in your do_install task or in your cmake (better) Jan 25 15:31:33 investigating ... Jan 25 15:32:04 I didn't write the program nor  the cmakes just have to make it fit in a yocto installation Jan 25 16:12:37 RP, JPEW: I'm looking at pr service & hash equivalence service today Jan 25 16:13:01 Am I right thinking the aspiration is for hashserv to also fulfil the job of the pr server but that's not implemented yet? Jan 25 16:13:47 Also am I right thinking that the read-only hashserv feature added is just a client-side check, the server process itself doesn't yet have any read-only mode which would deny modification requests? Jan 25 16:24:43 paulbarker: we need PR serv but the idea is to move it to the modern tech used in the hashequiv serve Jan 25 16:25:59 RP: Ah ok, so not actually add it to hashserv but instead update the prserv implementation Jan 25 16:26:00 PR service, hash equivalency and sstate-cache go together. So IMHO there are concerns if you are using mirrors, etc. Jan 25 16:26:03 That makes sense Jan 25 16:27:00 paulbarker: Yes. And RP is right; I'd like to see a server that leverages other technologies to make it more scalable (e.g. uses and ORM, is stateless, etc.) Jan 25 16:29:04 paulbarker: Ideally, I could run an auto-scaled hashequiv server on my kubernetes cluster... I think that make a good story Jan 25 16:30:21 JPEW: Ok, what about read-only? Is that just a client side thing right now or am I missing something in the code? Jan 25 16:31:23 beside R/O, multiple servers is something I'm interested it.. i.e. official sstate-mirror, plus my local one.. (I have no answer for this though) Jan 25 16:31:43 paulbarker: Well, what I would *like* to see is hashequiv over websockets... then readonly is a simple flag you set on the server. You can run multiple servers at different paths for read-only vs. read-write Jan 25 16:31:52 When the PR service was originally concieved, I always thought of it like a DNS type behavior.. you would have a root server and individual servers that would be queried.. Jan 25 16:32:15 fray: hashequiv supports upstream servers now (I added it recently) Jan 25 16:32:36 Ahh nice.. I may need to investigate it some more then Jan 25 16:32:46 fray: I was more referring to horizontal scaling where you can run more than one (stateless) server to handle increased load Jan 25 16:33:28 JPEW: That's good input Jan 25 16:34:07 We need something for AGL CI, it'll likely involve some upstream work to setup a read-only PR service and maybe read-only hash equivalence service as well Jan 25 16:34:12 paulbarker: You could also do read-only with a flag and a separate TCP port, as long as multiple servers can share a DB backend (which is much easier with an ORM) Jan 25 16:34:17 Still planning out how to attack this Jan 25 16:36:01 But, I think there is a huge opertunity to make deployment super simple if we can make it more "K8s friendly" (e.g. websockets, stateless), which would hopefully drive adoption Jan 25 17:07:02 if I need a image recipe to simply trigger the build of another image, should I DEPENDS += "dep.bb", or something else? Jan 25 17:07:44 do_rootfs[depends] += dep:do_rootfs" maybe? Jan 25 17:08:05 (these are all independent images, I don't want to share a sysroot) Jan 25 17:31:33 vdl: the latter, usually, I think. Though I suspect you want to depend upon do_image_complete so you can get the bits from DEPLOYDIR vs trying to get at the rootfs task WORKDIR Jan 25 17:33:54 smurray: do_image_complete seems like the correct final task to depends on, let me try Jan 25 17:34:46 DEPENDS did work, but I think it's pulling all sysroot with it, which I do not want, my images are all independent, but all required to build my final wic image. Jan 25 17:47:05 smurray: when I do do_image_complete[depends] += "dep:do_image_complete", do stuffs like IMAGE_BOOT_FILES += "dep.img" in dep.bb are supposed to work? Jan 25 17:53:51 vdl: I don't know right off, tbh. You'll likely have to dig around a bit in the image bbclass code to get an idea Jan 25 17:55:32 smurray: IMAGES_BOOT_FILES += from within dep.bb has no effect when I build the main image. Jan 25 18:01:11 vdl: IMAGE_BOOT_FILES is a wic configuration parameter, if the "dep" image is just ext4 or the like, it won't have any effect Jan 25 18:03:37 ha, true. Jan 25 18:04:22 smurray: but why does it work from the machine conf then? Jan 25 18:06:52 vdl: no good idea there. I'd perhaps suggest looking at the "bitbake -e" output for the target(s) involved to see where the variable is getting changed Jan 25 18:07:46 smurray: will do. it would be the same for UBOOT_EXTLINUX_* variables I guess, which don't seem to have an effect from within image recipes as well. Jan 25 18:10:52 vdl: I think that's different in this instance, since those drive a specific class that's pulled in by the u-boot recipe AFAICT. IMAGE_BOOT_FILES is AFAICT only used in the wic bootimg-partition plugin, which is a kind of different wrt context Jan 25 20:38:27 Is there any reason why passing -D to bitbake isnt propagating to the fetcher logger? Jan 25 20:41:15 I guess I need to use -l? Jan 25 21:04:38 alejandrohs: -D should propagate but the logging is all a bit odd and needs overhauling really Jan 25 23:14:27 for simple images, would you rather inherit image or core-image? Jan 25 23:20:07 vdl: depends if you need the bits core-image is adding? Jan 25 23:49:47 RP: but core-image.bbclass doesn't add much, most image specifics like IMAGE_FEATURES, IMAGE_INSTALL etc. come from image.bbclass Jan 25 23:50:11 it looks like core-image just adds CORE_IMAGE_INSTALL and a few preselected packages **** ENDING LOGGING AT Tue Jan 26 02:59:57 2021